From 90ec8bce9f0269deea62c1041e21ed3fe492c6b9 Mon Sep 17 00:00:00 2001 From: Andrea Mazzotti Date: Tue, 11 Jul 2023 16:28:11 +0200 Subject: [PATCH 1/9] Improve registration updates - Store emulated TPM seed for future registrations - Exit with error code in case of failures (systemd will manage restarts) - Remove support for multiple configuration files --- cmd/register/main.go | 180 +++++++++++++-------------------------- pkg/register/register.go | 70 +++++++++++---- pkg/register/state.go | 96 +++++++++++++++++++++ pkg/tpm/register.go | 65 +++++++++----- 4 files changed, 252 insertions(+), 159 deletions(-) create mode 100644 pkg/register/state.go diff --git a/cmd/register/main.go b/cmd/register/main.go index 66b0a928d..9ab410b67 100644 --- a/cmd/register/main.go +++ b/cmd/register/main.go @@ -21,7 +21,6 @@ import ( "fmt" "os" "path/filepath" - "time" "github.com/mudler/yip/pkg/schema" agent "github.com/rancher/system-agent/pkg/config" @@ -42,13 +41,17 @@ import ( ) const ( - stateInstallFile = "/run/initramfs/cos-state/state.yaml" - stateRegistrationFile = "/oem/registration/state.yaml" - agentStateDir = "/var/lib/elemental/agent" - agentConfDir = "/etc/rancher/elemental/agent" - afterInstallHook = "/oem/install-hook.yaml" - regConfDir = "/oem/registration" - liveRegConfDir = "/run/initramfs/live" + stateInstallFile = "/run/initramfs/cos-state/state.yaml" + agentStateDir = "/var/lib/elemental/agent" + agentConfDir = "/etc/rancher/elemental/agent" + afterInstallHook = "/oem/install-hook.yaml" + + // Registration config directories, depending if system is live or not + regConfExt = "yaml" + regConfDir = "/oem/registration" + regConfName = "config" + liveRegConfDir = "/run/initramfs/live" + liveRegConfName = "livecd-cloud-config" // This file stores the registration URL and certificate used for the registration // this file will be stored into the install system by an after-install hook @@ -74,35 +77,25 @@ func main() { log.Infof("Register version %s, commit %s, commit date %s", version.Version, version.Commit, version.CommitDate) + // Locate config directory and file + var configDir string + var configName string if len(args) == 0 { - args = append(args, getRegistrationConfigDir()) - } - - for _, arg := range args { - _, err := os.Stat(arg) - if err != nil { - log.Warningf("cannot access config path %s: %s", arg, err.Error()) - continue + if !isSystemInstalled() { + configDir = liveRegConfDir + configName = liveRegConfName + } else { + configDir = regConfDir + configName = regConfName } + } else { + configDir = args[0] //Take the first argument only, ignore the rest + configName = regConfName + } - log.Debugf("scanning config path %s", arg) - - files, err := os.ReadDir(arg) - if err != nil { - log.Warningf("cannot read config path contents %s: %s", arg, err.Error()) - continue - } - viper.AddConfigPath(arg) - for _, f := range files { - if filepath.Ext(f.Name()) == ".yaml" { - viper.SetConfigType("yaml") - viper.SetConfigName(f.Name()) - if err := viper.MergeInConfig(); err != nil { - log.Fatalf("failed to read config %s: %s", f.Name(), err) - } - log.Infof("reading config file %s", f.Name()) - } - } + // Merge configuration from file + if err := mergeConfigFromFile(configDir, configName); err != nil { + log.Fatalf("Could not read configuration in directory '%s': %s", configDir, err) } if err := viper.Unmarshal(&cfg); err != nil { @@ -111,7 +104,7 @@ func main() { log.Debugf("input config:\n%s", litter.Sdump(cfg)) - run(cfg) + run(configDir, cfg) }, } @@ -131,90 +124,59 @@ func main() { } } -func run(config elementalv1.Config) { +func mergeConfigFromFile(path string, name string) error { + log.Debugf("Using configuration in directory: %s\n", path) + viper.AddConfigPath(path) + viper.SetConfigName(name) + viper.SetConfigType(regConfExt) + return viper.MergeInConfig() +} + +func run(configDir string, config elementalv1.Config) { + // Validate Registration config registration := config.Elemental.Registration if registration.URL == "" { log.Fatal("Registration URL is empty") } - var ( - err error - data, caCert []byte - ) - - /* Here we can have a file path or the cert data itself */ - _, err = os.Stat(registration.CACert) - if err == nil { - log.Info("CACert passed as a file") - caCert, err = os.ReadFile(registration.CACert) - if err != nil { - log.Error(err) - } - } else { - if registration.CACert == "" { - log.Warning("CACert is empty") - } - caCert = []byte(registration.CACert) - } - - isRegistrationUpdate := isRegistrationUpdate() - if isRegistrationUpdate { - if isUsingRandomEmulatedTPM(registration) { - log.Error("TPM emulation is active and using a randomized seed, registration update is not supported") - return - } - log.Debugln("Attempting to update registration...") - } else { - log.Debugln("Attempting to perform first time registration...") + caCert, err := getRegistrationCA(registration) + if err != nil { + log.Fatalf("Could not load registration CA certificate: %s", err) } - for { - data, err = register.Register(registration, caCert, isRegistrationUpdate) - if err != nil { - log.Errorf("failed to register machine inventory: %w", err) - if isRegistrationUpdate { - log.Debugln("Registration update failed, will not retry again") - break - } - time.Sleep(time.Second * 5) - continue - } + client := register.NewClient(configDir) - log.Debugf("Fetched configuration from manager cluster:\n%s\n\n", string(data)) + data, err := client.Register(registration, caCert) + if err != nil { + log.Fatalf("failed to register machine inventory: %w", err) + } - if err := yaml.Unmarshal(data, &config); err != nil { - log.Errorf("failed to parse registration configuration: %w", err) - if isRegistrationUpdate { - break - } - time.Sleep(time.Second * 5) - continue - } + log.Debugf("Fetched configuration from manager cluster:\n%s\n\n", string(data)) - break + if err := yaml.Unmarshal(data, &config); err != nil { + log.Errorf("failed to parse registration configuration: %w", err) } if !isSystemInstalled() { if err := installElemental(config); err != nil { - log.Fatal("elemental installation failed: ", err) + log.Fatalf("elemental installation failed: %w", err) } log.Info("elemental installation completed, please reboot") } - - if err := updateRegistrationState(); err != nil { - log.Errorf("failed to update registration state file %s: %w", stateRegistrationFile, err) - } } -func getRegistrationConfigDir() string { - if isSystemInstalled() { - log.Debugf("System is not running live, using configuration in directory: %s\n", regConfDir) - return regConfDir +func getRegistrationCA(registration elementalv1.Registration) ([]byte, error) { + /* Here we can have a file path or the cert data itself */ + if _, err := os.Stat(registration.CACert); err == nil { + log.Info("CACert passed as a file") + return os.ReadFile(registration.CACert) + } + if registration.CACert == "" { + log.Warning("CACert is empty") } - log.Debugf("Using live configuration in directory: %s\n", liveRegConfDir) - return liveRegConfDir + return []byte(registration.CACert), nil } func installElemental(config elementalv1.Config) error { @@ -406,27 +368,3 @@ func writeSystemAgentConfig(config elementalv1.Elemental) (string, error) { return f.Name(), err } - -func isUsingRandomEmulatedTPM(config elementalv1.Registration) bool { - return config.EmulateTPM && config.EmulatedTPMSeed == elementalv1.TPMRandomSeedValue -} - -func isRegistrationUpdate() bool { - _, err := os.Stat(stateRegistrationFile) - return err == nil -} - -func updateRegistrationState() error { - if _, err := os.Stat(regConfDir); os.IsNotExist(err) { - log.Debugf("Registration config dir '%s' does not exist. Creating now.", regConfDir) - if err := os.MkdirAll(regConfDir, 0700); err != nil { - return fmt.Errorf("creating registration config directory: %w", err) - } - } - file, err := os.Create(stateRegistrationFile) - if err != nil { - return fmt.Errorf("creating registration state file: %w", err) - } - defer file.Close() - return nil -} diff --git a/pkg/register/register.go b/pkg/register/register.go index 7589c3525..68d4b95c0 100644 --- a/pkg/register/register.go +++ b/pkg/register/register.go @@ -38,6 +38,10 @@ import ( "github.com/rancher/elemental-operator/pkg/tpm" ) +type Client interface { + Register(reg elementalv1.Registration, caCert []byte) ([]byte, error) +} + type authClient interface { Init(reg elementalv1.Registration) error GetName() string @@ -46,25 +50,30 @@ type authClient interface { Authenticate(conn *websocket.Conn) error } +var _ Client = (*client)(nil) + +type client struct { + stateHandler StateHandler +} + +func NewClient(configDir string) Client { + return &client{ + stateHandler: NewFileStateHandler(configDir), + } +} + // Register attempts to register the machine with the elemental-operator. // If the machine is already installed and registered, a registration can still be attempted turning the `isUpdate` flag on. // Registration updates will fetch and apply new labels, and update Machine annotations such as the IP address. -func Register(reg elementalv1.Registration, caCert []byte, isUpdate bool) ([]byte, error) { - var auth authClient - - switch reg.Auth { - case "tpm": - auth = &tpm.AuthClient{} - case "mac": - auth = &plainauth.AuthClient{} - case "sys-uuid": - auth = &plainauth.AuthClient{} - default: - return nil, fmt.Errorf("unsupported authentication: %s", reg.Auth) +func (r *client) Register(reg elementalv1.Registration, caCert []byte) ([]byte, error) { + state, err := r.stateHandler.Load() + if err != nil { + return nil, fmt.Errorf("loading registration state: %w", err) } - if err := auth.Init(reg); err != nil { - return nil, fmt.Errorf("init %s authentication: %w", auth.GetName(), err) + auth, err := getAuthenticator(reg, &state) + if err != nil { + return nil, fmt.Errorf("initializing authenticator: %w", err) } log.Infof("Connect to %s", reg.URL) @@ -87,7 +96,7 @@ func Register(reg elementalv1.Registration, caCert []byte, isUpdate bool) ([]byt } log.Infof("Negotiated protocol version: %d", protoVersion) - if isUpdate { + if state.IsUpdatable() { if protoVersion < MsgUpdate { return nil, errors.New("elemental-operator protocol version does not support update") } @@ -95,6 +104,9 @@ func Register(reg elementalv1.Registration, caCert []byte, isUpdate bool) ([]byt if err := sendUpdateData(conn); err != nil { return nil, fmt.Errorf("failed to send update data: %w", err) } + state.lastUpdate = time.Now() + } else { + state.initialRegistration = time.Now() } if !reg.NoSMBIOS { @@ -118,6 +130,9 @@ func Register(reg elementalv1.Registration, caCert []byte, isUpdate bool) ([]byt } } + log.Info("Saving registration state") + r.stateHandler.Save(state) + log.Info("Get elemental configuration") if err := WriteMessage(conn, MsgGet, []byte{}); err != nil { return nil, fmt.Errorf("request elemental configuration: %w", err) @@ -128,11 +143,32 @@ func Register(reg elementalv1.Registration, caCert []byte, isUpdate bool) ([]byt } // Support old Elemental Operator (<= v1.1.0) - _, r, err := conn.NextReader() + _, reader, err := conn.NextReader() if err != nil { return nil, fmt.Errorf("read elemental configuration: %w", err) } - return io.ReadAll(r) + return io.ReadAll(reader) +} + +func getAuthenticator(reg elementalv1.Registration, state *State) (authClient, error) { + var auth authClient + switch reg.Auth { + case "tpm": + state.emulatedTPMSeed = tpm.GetTPMSeed(reg, state.emulatedTPM, state.emulatedTPMSeed) + state.emulatedTPM = reg.EmulateTPM + auth = tpm.NewAuthClient(state.emulatedTPMSeed) + case "mac": + auth = &plainauth.AuthClient{} + case "sys-uuid": + auth = &plainauth.AuthClient{} + default: + return nil, fmt.Errorf("unsupported authentication: %s", reg.Auth) + } + + if err := auth.Init(reg); err != nil { + return nil, fmt.Errorf("init %s authentication: %w", auth.GetName(), err) + } + return auth, nil } func initWebsocketConn(url string, caCert []byte, auth authClient) (*websocket.Conn, error) { diff --git a/pkg/register/state.go b/pkg/register/state.go new file mode 100644 index 000000000..8e82f27e8 --- /dev/null +++ b/pkg/register/state.go @@ -0,0 +1,96 @@ +/* +Copyright © 2022 - 2023 SUSE LLC + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package register + +import ( + "fmt" + "os" + "time" + + "github.com/rancher/elemental-operator/pkg/log" + "gopkg.in/yaml.v3" +) + +type State struct { + initialRegistration time.Time `yaml:"initialRegistration,omitempty"` + lastUpdate time.Time `yaml:"lastUpdate,omitempty"` + emulatedTPM bool `yaml:"emulatedTPM,omitempty"` + emulatedTPMSeed int64 `yaml:"emulatedTPMSeed,omitempty"` +} + +func (s *State) IsUpdatable() bool { + return !s.initialRegistration.IsZero() +} + +type StateHandler interface { + Load() (State, error) + Save(State) error +} + +var _ StateHandler = (*filesystemStateHandler)(nil) + +func NewFileStateHandler(directory string) StateHandler { + return &filesystemStateHandler{directory: directory} +} + +type filesystemStateHandler struct { + directory string +} + +func (h *filesystemStateHandler) getStateFullPath() string { + const stateFile = "state.yaml" + return fmt.Sprintf("%s/%s", h.directory, stateFile) +} + +func (h *filesystemStateHandler) Load() (State, error) { + stateFile := h.getStateFullPath() + file, err := os.Open(stateFile) + defer file.Close() + if os.IsNotExist(err) { + return State{}, nil + } + if err != nil { + return State{}, fmt.Errorf("loading registration state file '%s': %w", stateFile, err) + } + dec := yaml.NewDecoder(file) + var state State + if err := dec.Decode(&state); err != nil { + return State{}, fmt.Errorf("decoding registration to file '%s': %w", stateFile, err) + } + return state, nil +} + +func (h *filesystemStateHandler) Save(state State) error { + if _, err := os.Stat(h.directory); os.IsNotExist(err) { + log.Debug("Registration config dir '%s' does not exist. Creating now.", h.directory) + if err := os.MkdirAll(h.directory, 0700); err != nil { + return fmt.Errorf("creating registration config directory: %w", err) + } + } + stateFile := h.getStateFullPath() + file, err := os.Create(stateFile) + if err != nil { + return fmt.Errorf("creating registration state file: %w", err) + } + defer file.Close() + enc := yaml.NewEncoder(file) + defer enc.Close() + if err := enc.Encode(state); err != nil { + return fmt.Errorf("writing RegistrationState to file '%s': %w", stateFile, err) + } + return nil +} diff --git a/pkg/tpm/register.go b/pkg/tpm/register.go index e7109cbc3..0e931633f 100644 --- a/pkg/tpm/register.go +++ b/pkg/tpm/register.go @@ -57,34 +57,57 @@ type AuthClient struct { ak []byte } +func NewAuthClient(seed int64) *AuthClient { + return &AuthClient{ + seed: seed, + } +} + func (auth *AuthClient) Init(reg elementalv1.Registration) error { if reg.EmulateTPM { - emulatedSeed := reg.EmulatedTPMSeed - log.Infof("Enable TPM emulation") - if emulatedSeed == -1 { - data, err := ghw.Product(ghw.WithDisableWarnings()) - if err != nil { - emulatedSeed = rand.Int63() - log.Debugf("TPM emulation using random seed: %d", emulatedSeed) - } else { - uuid := strings.Replace(data.UUID, "-", "", -1) - var i big.Int - _, converted := i.SetString(uuid, 16) - if !converted { - emulatedSeed = rand.Int63() - log.Debugf("TPM emulation using random seed: %d", emulatedSeed) - } else { - emulatedSeed = i.Int64() - log.Debugf("TPM emulation using system UUID %s, resulting in seed: %d", uuid, emulatedSeed) - } - } - } + log.Info("Enable TPM emulation") auth.emulateTPM = true - auth.seed = emulatedSeed } return nil } +func GetTPMSeed(reg elementalv1.Registration, usePreviousSeed bool, previousSeed int64) int64 { + // Config says to generate a random seed, but we have none in state, generate a new one. + if reg.EmulateTPM && reg.EmulatedTPMSeed == -1 && !usePreviousSeed { + return randomTPMSeed() + } + // Config says to use a static seed, but we already registered with a different one from state, use that instead. + if reg.EmulateTPM && reg.EmulatedTPMSeed != -1 && usePreviousSeed { + return previousSeed + } + // Config says to use a static seed, and we have none in state, use it then. + if reg.EmulateTPM && reg.EmulatedTPMSeed != -1 && !usePreviousSeed { + return reg.EmulatedTPMSeed + } + return previousSeed +} + +func randomTPMSeed() int64 { + var emulatedSeed int64 + data, err := ghw.Product(ghw.WithDisableWarnings()) + if err != nil { + emulatedSeed = rand.Int63() + log.Debugf("TPM emulation using random seed: %d", emulatedSeed) + } else { + uuid := strings.Replace(data.UUID, "-", "", -1) + var i big.Int + _, converted := i.SetString(uuid, 16) + if !converted { + emulatedSeed = rand.Int63() + log.Debugf("TPM emulation using random seed: %d", emulatedSeed) + } else { + emulatedSeed = i.Int64() + log.Debugf("TPM emulation using system UUID %s, resulting in seed: %d", uuid, emulatedSeed) + } + } + return emulatedSeed +} + func (auth *AuthClient) Authenticate(conn *websocket.Conn) error { var opts []gotpm.Option if auth.emulateTPM { From 4d1e6e4ccb1afaac8073f77d5d06eb7fddfbc8d2 Mon Sep 17 00:00:00 2001 From: Andrea Mazzotti Date: Tue, 11 Jul 2023 16:37:33 +0200 Subject: [PATCH 2/9] Fix linter issues --- pkg/register/register.go | 4 +++- pkg/register/state.go | 11 ++++++++--- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/pkg/register/register.go b/pkg/register/register.go index 68d4b95c0..96dcacc6c 100644 --- a/pkg/register/register.go +++ b/pkg/register/register.go @@ -131,7 +131,9 @@ func (r *client) Register(reg elementalv1.Registration, caCert []byte) ([]byte, } log.Info("Saving registration state") - r.stateHandler.Save(state) + if err := r.stateHandler.Save(state); err != nil { + return nil, fmt.Errorf("saving registration state: %w", err) + } log.Info("Get elemental configuration") if err := WriteMessage(conn, MsgGet, []byte{}); err != nil { diff --git a/pkg/register/state.go b/pkg/register/state.go index 8e82f27e8..66211ed74 100644 --- a/pkg/register/state.go +++ b/pkg/register/state.go @@ -61,6 +61,7 @@ func (h *filesystemStateHandler) Load() (State, error) { file, err := os.Open(stateFile) defer file.Close() if os.IsNotExist(err) { + log.Debugf("Could not find state file in '%s'. Assuming initial registration needs to happen.", stateFile) return State{}, nil } if err != nil { @@ -76,7 +77,7 @@ func (h *filesystemStateHandler) Load() (State, error) { func (h *filesystemStateHandler) Save(state State) error { if _, err := os.Stat(h.directory); os.IsNotExist(err) { - log.Debug("Registration config dir '%s' does not exist. Creating now.", h.directory) + log.Debugf("Registration config dir '%s' does not exist. Creating now.", h.directory) if err := os.MkdirAll(h.directory, 0700); err != nil { return fmt.Errorf("creating registration config directory: %w", err) } @@ -86,11 +87,15 @@ func (h *filesystemStateHandler) Save(state State) error { if err != nil { return fmt.Errorf("creating registration state file: %w", err) } - defer file.Close() enc := yaml.NewEncoder(file) - defer enc.Close() if err := enc.Encode(state); err != nil { return fmt.Errorf("writing RegistrationState to file '%s': %w", stateFile, err) } + if err := enc.Close(); err != nil { + return fmt.Errorf("closing encoder: %w", err) + } + if err := file.Close(); err != nil { + return fmt.Errorf("closing file '%s': %w", stateFile, err) + } return nil } From b956159827f482466e84c37132d738aa43e1b435 Mon Sep 17 00:00:00 2001 From: Andrea Mazzotti Date: Tue, 11 Jul 2023 16:40:24 +0200 Subject: [PATCH 3/9] Fix linter issue --- pkg/register/state.go | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/pkg/register/state.go b/pkg/register/state.go index 66211ed74..326ef640e 100644 --- a/pkg/register/state.go +++ b/pkg/register/state.go @@ -59,7 +59,6 @@ func (h *filesystemStateHandler) getStateFullPath() string { func (h *filesystemStateHandler) Load() (State, error) { stateFile := h.getStateFullPath() file, err := os.Open(stateFile) - defer file.Close() if os.IsNotExist(err) { log.Debugf("Could not find state file in '%s'. Assuming initial registration needs to happen.", stateFile) return State{}, nil @@ -72,6 +71,9 @@ func (h *filesystemStateHandler) Load() (State, error) { if err := dec.Decode(&state); err != nil { return State{}, fmt.Errorf("decoding registration to file '%s': %w", stateFile, err) } + if err := file.Close(); err != nil { + return State{}, fmt.Errorf("closing file '%s': %w", stateFile, err) + } return state, nil } From 44973e06602ebe9282936697b5826d4052b880eb Mon Sep 17 00:00:00 2001 From: Andrea Mazzotti Date: Tue, 11 Jul 2023 17:20:27 +0200 Subject: [PATCH 4/9] Use correct registration directory in case of live system --- cmd/register/main.go | 28 +++++++++++++++------------- 1 file changed, 15 insertions(+), 13 deletions(-) diff --git a/cmd/register/main.go b/cmd/register/main.go index 9ab410b67..565bd41e1 100644 --- a/cmd/register/main.go +++ b/cmd/register/main.go @@ -79,23 +79,16 @@ func main() { // Locate config directory and file var configDir string - var configName string if len(args) == 0 { - if !isSystemInstalled() { - configDir = liveRegConfDir - configName = liveRegConfName - } else { - configDir = regConfDir - configName = regConfName + if err := loadDefaultConfig(); err != nil { + log.Fatalf("Cloud not read default configuration: %s", err) } + configDir = regConfDir } else { configDir = args[0] //Take the first argument only, ignore the rest - configName = regConfName - } - - // Merge configuration from file - if err := mergeConfigFromFile(configDir, configName); err != nil { - log.Fatalf("Could not read configuration in directory '%s': %s", configDir, err) + if err := mergeConfigFromFile(configDir, regConfName); err != nil { + log.Fatalf("Could not read configuration in directory '%s': %s", configDir, err) + } } if err := viper.Unmarshal(&cfg); err != nil { @@ -124,6 +117,15 @@ func main() { } } +func loadDefaultConfig() error { + if !isSystemInstalled() { + log.Debugf("System is live. Loading registration config from %s/%s.%s", liveRegConfDir, liveRegConfName, regConfExt) + return mergeConfigFromFile(liveRegConfDir, liveRegConfName) + } + log.Debugf("System is installed. Loading registration config from %s/%s.%s", regConfDir, regConfName, regConfExt) + return mergeConfigFromFile(regConfDir, regConfName) +} + func mergeConfigFromFile(path string, name string) error { log.Debugf("Using configuration in directory: %s\n", path) viper.AddConfigPath(path) From d036ca1927c6a79d74a48a43e2c6e68cc7fae208 Mon Sep 17 00:00:00 2001 From: Andrea Mazzotti Date: Thu, 13 Jul 2023 17:21:53 +0200 Subject: [PATCH 5/9] Refactor registration - Use explicit registration config and state file paths - Skip registration update on (hardcoded) timer - Use virtual filesystem where possible --- Makefile | 2 +- cmd/register/main.go | 385 +- go.mod | 24 +- go.sum | 44 +- pkg/install/install.go | 251 + pkg/register/register.go | 14 +- pkg/register/state.go | 52 +- pkg/register/state_test.go | 145 + vendor/github.com/go-logr/logr/.golangci.yaml | 3 - vendor/github.com/go-logr/logr/discard.go | 32 +- vendor/github.com/go-logr/logr/funcr/funcr.go | 804 +++ vendor/github.com/go-logr/logr/logr.go | 166 +- .../go-task/slim-sprig/.editorconfig | 14 + .../go-task/slim-sprig/.gitattributes | 1 + .../github.com/go-task/slim-sprig/.gitignore | 2 + .../go-task/slim-sprig/CHANGELOG.md | 364 ++ .../github.com/go-task/slim-sprig/LICENSE.txt | 19 + .../github.com/go-task/slim-sprig/README.md | 73 + .../go-task/slim-sprig/Taskfile.yml | 12 + .../github.com/go-task/slim-sprig/crypto.go | 24 + vendor/github.com/go-task/slim-sprig/date.go | 152 + .../github.com/go-task/slim-sprig/defaults.go | 163 + vendor/github.com/go-task/slim-sprig/dict.go | 118 + vendor/github.com/go-task/slim-sprig/doc.go | 19 + .../go-task/slim-sprig/functions.go | 317 + vendor/github.com/go-task/slim-sprig/list.go | 464 ++ .../github.com/go-task/slim-sprig/network.go | 12 + .../github.com/go-task/slim-sprig/numeric.go | 228 + .../github.com/go-task/slim-sprig/reflect.go | 28 + vendor/github.com/go-task/slim-sprig/regex.go | 83 + .../github.com/go-task/slim-sprig/strings.go | 189 + vendor/github.com/go-task/slim-sprig/url.go | 66 + .../golang/protobuf/jsonpb/decode.go | 8 +- .../go-tpm-tools/.github/workflows/ci.yml | 100 - .../github.com/google/go-tpm-tools/.gitignore | 12 - .../google/go-tpm-tools/CONTRIBUTING.md | 28 - .../github.com/google/go-tpm-tools/README.md | 142 - .../go-tpm-tools/cel/canonical_eventlog.go | 413 -- .../cel/canonical_eventlog_test.go | 173 - .../google/go-tpm-tools/cel/cos_tlv.go | 120 - .../google/go-tpm-tools/cel/cos_tlv_test.go | 124 - .../google/go-tpm-tools/client/attest.go | 66 - .../google/go-tpm-tools/client/close.go | 29 - .../google/go-tpm-tools/client/eventlog.go | 19 - .../go-tpm-tools/client/eventlog_linux.go | 9 - .../go-tpm-tools/client/eventlog_other.go | 10 - .../go-tpm-tools/client/example_test.go | 274 - .../google/go-tpm-tools/client/handles.go | 72 - .../go-tpm-tools/client/handles_test.go | 41 - .../google/go-tpm-tools/client/import.go | 83 - .../google/go-tpm-tools/client/keys.go | 481 -- .../google/go-tpm-tools/client/keys_test.go | 186 - .../google/go-tpm-tools/client/pcr.go | 166 - .../google/go-tpm-tools/client/pcr_test.go | 127 - .../google/go-tpm-tools/client/quote_test.go | 154 - .../google/go-tpm-tools/client/seal_test.go | 460 -- .../google/go-tpm-tools/client/session.go | 89 - .../google/go-tpm-tools/client/signer.go | 146 - .../google/go-tpm-tools/client/signer_test.go | 317 - .../google/go-tpm-tools/client/template.go | 143 - .../google/go-tpm-tools/cmd/flags.go | 208 - .../google/go-tpm-tools/cmd/flush.go | 87 - .../google/go-tpm-tools/cmd/flush_test.go | 48 - .../google/go-tpm-tools/cmd/gotpm/main.go | 13 - .../google/go-tpm-tools/cmd/open.go | 32 - .../google/go-tpm-tools/cmd/open_other.go | 30 - .../google/go-tpm-tools/cmd/open_windows.go | 12 - .../google/go-tpm-tools/cmd/pubkey.go | 100 - .../google/go-tpm-tools/cmd/read.go | 108 - .../google/go-tpm-tools/cmd/root.go | 62 - .../google/go-tpm-tools/cmd/seal.go | 146 - .../google/go-tpm-tools/cmd/seal_test.go | 148 - .../google/go-tpm-tools/files/PKGBUILD | 35 - .../google/go-tpm-tools/files/boot-unseal.sh | 39 - .../google/go-tpm-tools/files/initcpio.hooks | 7 - .../go-tpm-tools/files/initcpio.install | 23 - vendor/github.com/google/go-tpm-tools/go.mod | 13 - vendor/github.com/google/go-tpm-tools/go.sum | 1280 ---- .../google/go-tpm-tools/internal/pcrs.go | 130 - .../google/go-tpm-tools/internal/pcrs_test.go | 33 - .../google/go-tpm-tools/internal/public.go | 35 - .../google/go-tpm-tools/internal/quote.go | 110 - .../test/attestations/gce-cos-85-no-nonce.pb | Bin 29596 -> 0 bytes .../test/attestations/gce-cos-85-nonce9009.pb | Bin 29602 -> 0 bytes .../test/eventlogs/arch-linux-workstation.bin | Bin 15579 -> 0 bytes .../internal/test/eventlogs/debian-10.bin | Bin 22220 -> 0 bytes .../internal/test/eventlogs/glinux-alex.bin | Bin 15881 -> 0 bytes .../internal/test/eventlogs/rhel8-uefi.bin | Bin 34034 -> 0 bytes .../test/eventlogs/ubuntu-1804-amd-sev.bin | Bin 26013 -> 0 bytes .../test/eventlogs/ubuntu-2104-no-dbx.bin | Bin 33824 -> 0 bytes .../eventlogs/ubuntu-2104-no-secure-boot.bin | Bin 38268 -> 0 bytes .../internal/test/load_random_external_key.go | 47 - .../go-tpm-tools/internal/test/test_data.go | 29 - .../go-tpm-tools/internal/test/test_other.go | 23 - .../go-tpm-tools/internal/test/test_tpm.go | 139 - .../internal/test/test_windows.go | 18 - .../google/go-tpm-tools/proto/attest.proto | 194 - .../go-tpm-tools/proto/attest/attest.pb.go | 1613 ----- .../google/go-tpm-tools/proto/doc.go | 22 - .../google/go-tpm-tools/proto/tpm.proto | 54 - .../google/go-tpm-tools/proto/tpm/tpm.pb.go | 595 -- .../server/ca-certs/tpm_ek_intermediate_2.crt | Bin 1560 -> 0 bytes .../server/ca-certs/tpm_ek_root_1.cer | Bin 1667 -> 0 bytes .../google/go-tpm-tools/server/ecc_utils.go | 47 - .../google/go-tpm-tools/server/eventlog.go | 307 - .../go-tpm-tools/server/eventlog_test.go | 510 -- .../go-tpm-tools/server/example_test.go | 47 - .../go-tpm-tools/server/grouped_error.go | 48 - .../go-tpm-tools/server/grouped_error_test.go | 42 - .../google/go-tpm-tools/server/import.go | 246 - .../google/go-tpm-tools/server/import_test.go | 249 - .../go-tpm-tools/server/instance_info.go | 19 - .../go-tpm-tools/server/key_conversion.go | 108 - .../server/key_conversion_test.go | 103 - .../google/go-tpm-tools/server/policy.go | 61 - .../go-tpm-tools/server/policy_constants.go | 167 - .../server/policy_constants_test.go | 56 - .../google/go-tpm-tools/server/policy_test.go | 153 - .../go-tpm-tools/server/secure-boot/GcePk.crt | Bin 762 -> 0 bytes .../MicCorKEKCA2011_2011-06-24.crt | Bin 1516 -> 0 bytes .../MicCorUEFCA2011_2011-06-27.crt | Bin 1556 -> 0 bytes .../MicWinProPCA2011_2011-10-19.crt | Bin 1499 -> 0 bytes .../server/secure-boot/canonical-boothole.crt | Bin 1060 -> 0 bytes .../server/secure-boot/cisco-boothole.crt | Bin 1164 -> 0 bytes .../secure-boot/dbxupdate-2014-08-11.bin | Bin 4011 -> 0 bytes .../secure-boot/dbxupdate_x64-2020-10-12.bin | Bin 15281 -> 0 bytes .../secure-boot/dbxupdate_x64-2021-04-29.bin | Bin 13501 -> 0 bytes .../server/secure-boot/debian-boothole.crt | Bin 768 -> 0 bytes .../google/go-tpm-tools/server/verify.go | 214 - .../google/go-tpm-tools/server/verify_test.go | 553 -- .../simulator/ms-tpm-20-ref/CONTRIBUTING.md | 42 - .../simulator/ms-tpm-20-ref/LICENSE | 17 - .../simulator/ms-tpm-20-ref/README.md | 49 - .../ms-tpm-20-ref/Samples/Google/Clock.c | 174 - .../ms-tpm-20-ref/Samples/Google/Entropy.c | 11 - .../ms-tpm-20-ref/Samples/Google/NVMem.c | 81 - .../ms-tpm-20-ref/Samples/Google/Platform.h | 71 - .../Samples/Google/PlatformData.h | 86 - .../Samples/Google/Platform_fp.h | 197 - .../ms-tpm-20-ref/Samples/Google/Run.c | 78 - .../ms-tpm-20-ref/TPMCmd/Makefile.am | 62 - .../ms-tpm-20-ref/TPMCmd/configure.ac | 89 - .../simulator/ms-tpm-20-ref/TPMCmd/flags.m4 | 84 - .../TPMCmd/tpm/include/BaseTypes.h | 60 - .../TPMCmd/tpm/include/BnValues.h | 320 - .../TPMCmd/tpm/include/Capabilities.h | 49 - .../TPMCmd/tpm/include/CommandAttributeData.h | 916 --- .../TPMCmd/tpm/include/CommandAttributes.h | 66 - .../TPMCmd/tpm/include/CommandDispatchData.h | 5167 --------------- .../TPMCmd/tpm/include/CommandDispatcher.h | 2051 ------ .../TPMCmd/tpm/include/Commands.h | 451 -- .../TPMCmd/tpm/include/CompilerDependencies.h | 132 - .../TPMCmd/tpm/include/CryptEcc.h | 71 - .../TPMCmd/tpm/include/CryptHash.h | 303 - .../TPMCmd/tpm/include/CryptRand.h | 199 - .../TPMCmd/tpm/include/CryptRsa.h | 69 - .../TPMCmd/tpm/include/CryptSym.h | 143 - .../TPMCmd/tpm/include/CryptTest.h | 70 - .../TPMCmd/tpm/include/EccTestData.h | 158 - .../ms-tpm-20-ref/TPMCmd/tpm/include/Global.h | 1439 ---- .../TPMCmd/tpm/include/GpMacros.h | 332 - .../TPMCmd/tpm/include/HandleProcess.h | 1008 --- .../TPMCmd/tpm/include/HashTestData.h | 104 - .../TPMCmd/tpm/include/InternalRoutines.h | 127 - .../TPMCmd/tpm/include/KdfTestData.h | 83 - .../TPMCmd/tpm/include/LibSupport.h | 69 - .../TPMCmd/tpm/include/Ltc/LtcSettings.h | 84 - .../TPMCmd/tpm/include/Ltc/TpmToLtcHash.h | 172 - .../TPMCmd/tpm/include/Ltc/TpmToLtcMath.h | 89 - .../TPMCmd/tpm/include/Ltc/TpmToLtcSym.h | 110 - .../ms-tpm-20-ref/TPMCmd/tpm/include/MinMax.h | 46 - .../ms-tpm-20-ref/TPMCmd/tpm/include/NV.h | 165 - .../ms-tpm-20-ref/TPMCmd/tpm/include/OIDs.h | 275 - .../TPMCmd/tpm/include/Ossl/TpmToOsslHash.h | 180 - .../TPMCmd/tpm/include/Ossl/TpmToOsslMath.h | 127 - .../TPMCmd/tpm/include/Ossl/TpmToOsslSym.h | 120 - .../TPMCmd/tpm/include/PRNG_TestVectors.h | 140 - .../TPMCmd/tpm/include/RsaTestData.h | 423 -- .../TPMCmd/tpm/include/SelfTest.h | 105 - .../SupportLibraryFunctionPrototypes_fp.h | 137 - .../TPMCmd/tpm/include/SymmetricTest.h | 76 - .../TPMCmd/tpm/include/SymmetricTestData.h | 178 - .../ms-tpm-20-ref/TPMCmd/tpm/include/TPMB.h | 73 - .../ms-tpm-20-ref/TPMCmd/tpm/include/Tpm.h | 55 - .../TPMCmd/tpm/include/TpmASN1.h | 127 - .../TPMCmd/tpm/include/TpmAlgorithmDefines.h | 423 -- .../TPMCmd/tpm/include/TpmBuildSwitches.h | 341 - .../TPMCmd/tpm/include/TpmError.h | 56 - .../TPMCmd/tpm/include/TpmProfile.h | 789 --- .../TPMCmd/tpm/include/TpmTypes.h | 2374 ------- .../TPMCmd/tpm/include/VendorString.h | 88 - .../TPMCmd/tpm/include/Wolf/TpmToWolfHash.h | 191 - .../TPMCmd/tpm/include/Wolf/TpmToWolfMath.h | 91 - .../TPMCmd/tpm/include/Wolf/TpmToWolfSym.h | 115 - .../TPMCmd/tpm/include/Wolf/user_settings.h | 106 - .../ms-tpm-20-ref/TPMCmd/tpm/include/X509.h | 134 - .../include/prototypes/AC_GetCapability_fp.h | 71 - .../tpm/include/prototypes/AC_Send_fp.h | 72 - .../TPMCmd/tpm/include/prototypes/AC_spt_fp.h | 80 - .../prototypes/ActivateCredential_fp.h | 72 - .../tpm/include/prototypes/AlgorithmCap_fp.h | 64 - .../include/prototypes/AlgorithmTests_fp.h | 72 - .../tpm/include/prototypes/Attest_spt_fp.h | 88 - .../TPMCmd/tpm/include/prototypes/Bits_fp.h | 73 - .../tpm/include/prototypes/BnConvert_fp.h | 130 - .../TPMCmd/tpm/include/prototypes/BnMath_fp.h | 238 - .../tpm/include/prototypes/BnMemory_fp.h | 110 - .../include/prototypes/CertifyCreation_fp.h | 77 - .../tpm/include/prototypes/CertifyX509_fp.h | 76 - .../tpm/include/prototypes/Certify_fp.h | 73 - .../tpm/include/prototypes/ChangeEPS_fp.h | 60 - .../tpm/include/prototypes/ChangePPS_fp.h | 60 - .../tpm/include/prototypes/ClearControl_fp.h | 62 - .../TPMCmd/tpm/include/prototypes/Clear_fp.h | 60 - .../include/prototypes/ClockRateAdjust_fp.h | 62 - .../tpm/include/prototypes/ClockSet_fp.h | 62 - .../tpm/include/prototypes/CommandAudit_fp.h | 131 - .../prototypes/CommandCodeAttributes_fp.h | 182 - .../include/prototypes/CommandDispatcher_fp.h | 58 - .../TPMCmd/tpm/include/prototypes/Commit_fp.h | 75 - .../tpm/include/prototypes/ContextLoad_fp.h | 66 - .../tpm/include/prototypes/ContextSave_fp.h | 66 - .../tpm/include/prototypes/Context_spt_fp.h | 96 - .../tpm/include/prototypes/CreateLoaded_fp.h | 73 - .../tpm/include/prototypes/CreatePrimary_fp.h | 79 - .../TPMCmd/tpm/include/prototypes/Create_fp.h | 78 - .../tpm/include/prototypes/CryptCmac_fp.h | 84 - .../tpm/include/prototypes/CryptDes_fp.h | 76 - .../prototypes/CryptEccKeyExchange_fp.h | 88 - .../tpm/include/prototypes/CryptEccMain_fp.h | 374 -- .../include/prototypes/CryptEccSignature_fp.h | 139 - .../tpm/include/prototypes/CryptHash_fp.h | 408 -- .../include/prototypes/CryptPrimeSieve_fp.h | 158 - .../tpm/include/prototypes/CryptPrime_fp.h | 137 - .../tpm/include/prototypes/CryptRand_fp.h | 204 - .../tpm/include/prototypes/CryptRsa_fp.h | 210 - .../tpm/include/prototypes/CryptSelfTest_fp.h | 108 - .../tpm/include/prototypes/CryptSmac_fp.h | 84 - .../tpm/include/prototypes/CryptSym_fp.h | 126 - .../tpm/include/prototypes/CryptUtil_fp.h | 488 -- .../TPMCmd/tpm/include/prototypes/DA_fp.h | 88 - .../prototypes/DictionaryAttackLockReset_fp.h | 60 - .../DictionaryAttackParameters_fp.h | 66 - .../tpm/include/prototypes/Duplicate_fp.h | 74 - .../include/prototypes/ECC_Parameters_fp.h | 66 - .../tpm/include/prototypes/ECDH_KeyGen_fp.h | 67 - .../tpm/include/prototypes/ECDH_ZGen_fp.h | 68 - .../tpm/include/prototypes/EC_Ephemeral_fp.h | 67 - .../include/prototypes/EncryptDecrypt2_fp.h | 75 - .../include/prototypes/EncryptDecrypt_fp.h | 75 - .../prototypes/EncryptDecrypt_spt_fp.h | 64 - .../TPMCmd/tpm/include/prototypes/Entity_fp.h | 108 - .../prototypes/EventSequenceComplete_fp.h | 70 - .../tpm/include/prototypes/EvictControl_fp.h | 64 - .../tpm/include/prototypes/ExecCommand_fp.h | 88 - .../include/prototypes/FieldUpgradeData_fp.h | 67 - .../include/prototypes/FieldUpgradeStart_fp.h | 66 - .../tpm/include/prototypes/FirmwareRead_fp.h | 66 - .../tpm/include/prototypes/FlushContext_fp.h | 60 - .../tpm/include/prototypes/GetCapability_fp.h | 71 - .../prototypes/GetCommandAuditDigest_fp.h | 73 - .../tpm/include/prototypes/GetRandom_fp.h | 66 - .../prototypes/GetSessionAuditDigest_fp.h | 75 - .../tpm/include/prototypes/GetTestResult_fp.h | 59 - .../tpm/include/prototypes/GetTime_fp.h | 73 - .../tpm/include/prototypes/HMAC_Start_fp.h | 70 - .../TPMCmd/tpm/include/prototypes/HMAC_fp.h | 70 - .../TPMCmd/tpm/include/prototypes/Handle_fp.h | 87 - .../include/prototypes/HashSequenceStart_fp.h | 68 - .../TPMCmd/tpm/include/prototypes/Hash_fp.h | 71 - .../prototypes/HierarchyChangeAuth_fp.h | 62 - .../include/prototypes/HierarchyControl_fp.h | 64 - .../tpm/include/prototypes/Hierarchy_fp.h | 87 - .../TPMCmd/tpm/include/prototypes/Import_fp.h | 76 - .../prototypes/IncrementalSelfTest_fp.h | 66 - .../tpm/include/prototypes/IoBuffers_fp.h | 87 - .../tpm/include/prototypes/LoadExternal_fp.h | 71 - .../TPMCmd/tpm/include/prototypes/Load_fp.h | 71 - .../tpm/include/prototypes/Locality_fp.h | 53 - .../tpm/include/prototypes/MAC_Start_fp.h | 70 - .../TPMCmd/tpm/include/prototypes/MAC_fp.h | 70 - .../include/prototypes/MakeCredential_fp.h | 71 - .../tpm/include/prototypes/Manufacture_fp.h | 79 - .../tpm/include/prototypes/Marshal_fp.h | 2408 ------- .../include/prototypes/MathOnByteBuffers_fp.h | 147 - .../TPMCmd/tpm/include/prototypes/Memory_fp.h | 179 - .../tpm/include/prototypes/NV_Certify_fp.h | 79 - .../tpm/include/prototypes/NV_ChangeAuth_fp.h | 62 - .../include/prototypes/NV_DefineSpace_fp.h | 64 - .../tpm/include/prototypes/NV_Extend_fp.h | 64 - .../prototypes/NV_GlobalWriteLock_fp.h | 60 - .../tpm/include/prototypes/NV_Increment_fp.h | 62 - .../tpm/include/prototypes/NV_ReadLock_fp.h | 62 - .../tpm/include/prototypes/NV_ReadPublic_fp.h | 67 - .../tpm/include/prototypes/NV_Read_fp.h | 72 - .../tpm/include/prototypes/NV_SetBits_fp.h | 64 - .../prototypes/NV_UndefineSpaceSpecial_fp.h | 62 - .../include/prototypes/NV_UndefineSpace_fp.h | 62 - .../tpm/include/prototypes/NV_WriteLock_fp.h | 62 - .../tpm/include/prototypes/NV_Write_fp.h | 66 - .../TPMCmd/tpm/include/prototypes/NV_spt_fp.h | 93 - .../tpm/include/prototypes/NvDynamic_fp.h | 474 -- .../tpm/include/prototypes/NvReserved_fp.h | 130 - .../include/prototypes/ObjectChangeAuth_fp.h | 70 - .../TPMCmd/tpm/include/prototypes/Object_fp.h | 355 - .../tpm/include/prototypes/Object_spt_fp.h | 393 -- .../tpm/include/prototypes/PCR_Allocate_fp.h | 71 - .../tpm/include/prototypes/PCR_Event_fp.h | 68 - .../tpm/include/prototypes/PCR_Extend_fp.h | 62 - .../tpm/include/prototypes/PCR_Read_fp.h | 68 - .../tpm/include/prototypes/PCR_Reset_fp.h | 60 - .../include/prototypes/PCR_SetAuthPolicy_fp.h | 66 - .../include/prototypes/PCR_SetAuthValue_fp.h | 62 - .../TPMCmd/tpm/include/prototypes/PCR_fp.h | 318 - .../tpm/include/prototypes/PP_Commands_fp.h | 64 - .../TPMCmd/tpm/include/prototypes/PP_fp.h | 98 - .../include/prototypes/PolicyAuthValue_fp.h | 60 - .../include/prototypes/PolicyAuthorizeNV_fp.h | 64 - .../include/prototypes/PolicyAuthorize_fp.h | 68 - .../include/prototypes/PolicyCommandCode_fp.h | 62 - .../prototypes/PolicyCounterTimer_fp.h | 66 - .../tpm/include/prototypes/PolicyCpHash_fp.h | 62 - .../prototypes/PolicyDuplicationSelect_fp.h | 66 - .../include/prototypes/PolicyGetDigest_fp.h | 66 - .../include/prototypes/PolicyLocality_fp.h | 62 - .../tpm/include/prototypes/PolicyNV_fp.h | 70 - .../include/prototypes/PolicyNameHash_fp.h | 62 - .../include/prototypes/PolicyNvWritten_fp.h | 62 - .../tpm/include/prototypes/PolicyOR_fp.h | 62 - .../tpm/include/prototypes/PolicyPCR_fp.h | 64 - .../include/prototypes/PolicyPassword_fp.h | 60 - .../prototypes/PolicyPhysicalPresence_fp.h | 60 - .../tpm/include/prototypes/PolicyRestart_fp.h | 60 - .../tpm/include/prototypes/PolicySecret_fp.h | 77 - .../tpm/include/prototypes/PolicySigned_fp.h | 79 - .../include/prototypes/PolicyTemplate_fp.h | 62 - .../tpm/include/prototypes/PolicyTicket_fp.h | 70 - .../prototypes/Policy_AC_SendSelect_fp.h | 68 - .../tpm/include/prototypes/Policy_spt_fp.h | 102 - .../TPMCmd/tpm/include/prototypes/Power_fp.h | 69 - .../tpm/include/prototypes/PropertyCap_fp.h | 59 - .../TPMCmd/tpm/include/prototypes/Quote_fp.h | 73 - .../tpm/include/prototypes/RSA_Decrypt_fp.h | 72 - .../tpm/include/prototypes/RSA_Encrypt_fp.h | 72 - .../tpm/include/prototypes/ReadClock_fp.h | 58 - .../tpm/include/prototypes/ReadPublic_fp.h | 68 - .../prototypes/ResponseCodeProcessing_fp.h | 52 - .../tpm/include/prototypes/Response_fp.h | 53 - .../TPMCmd/tpm/include/prototypes/Rewrap_fp.h | 75 - .../tpm/include/prototypes/RsaKeyCache_fp.h | 65 - .../tpm/include/prototypes/SelfTest_fp.h | 60 - .../include/prototypes/SequenceComplete_fp.h | 71 - .../include/prototypes/SequenceUpdate_fp.h | 62 - .../include/prototypes/SessionProcess_fp.h | 123 - .../tpm/include/prototypes/Session_fp.h | 287 - .../include/prototypes/SetAlgorithmSet_fp.h | 62 - .../prototypes/SetCommandCodeAuditStatus_fp.h | 66 - .../include/prototypes/SetPrimaryPolicy_fp.h | 64 - .../tpm/include/prototypes/Shutdown_fp.h | 60 - .../TPMCmd/tpm/include/prototypes/Sign_fp.h | 72 - .../include/prototypes/StartAuthSession_fp.h | 79 - .../tpm/include/prototypes/Startup_fp.h | 60 - .../tpm/include/prototypes/StirRandom_fp.h | 60 - .../tpm/include/prototypes/TestParms_fp.h | 60 - .../TPMCmd/tpm/include/prototypes/Ticket_fp.h | 101 - .../TPMCmd/tpm/include/prototypes/Time_fp.h | 139 - .../tpm/include/prototypes/TpmASN1_fp.h | 234 - .../tpm/include/prototypes/TpmFail_fp.h | 98 - .../tpm/include/prototypes/TpmSizeChecks_fp.h | 56 - .../prototypes/TpmToLtcDesSupport_fp.h | 58 - .../tpm/include/prototypes/TpmToLtcMath_fp.h | 150 - .../include/prototypes/TpmToLtcSupport_fp.h | 73 - .../prototypes/TpmToOsslDesSupport_fp.h | 78 - .../tpm/include/prototypes/TpmToOsslMath_fp.h | 223 - .../include/prototypes/TpmToOsslSupport_fp.h | 84 - .../prototypes/TpmToWolfDesSupport_fp.h | 90 - .../tpm/include/prototypes/TpmToWolfMath_fp.h | 209 - .../include/prototypes/TpmToWolfSupport_fp.h | 56 - .../TPMCmd/tpm/include/prototypes/Unseal_fp.h | 66 - .../include/prototypes/Vendor_TCG_Test_fp.h | 66 - .../include/prototypes/VerifySignature_fp.h | 70 - .../tpm/include/prototypes/X509_ECC_fp.h | 79 - .../tpm/include/prototypes/X509_RSA_fp.h | 71 - .../tpm/include/prototypes/X509_spt_fp.h | 118 - .../tpm/include/prototypes/ZGen_2Phase_fp.h | 75 - .../include/prototypes/_TPM_Hash_Data_fp.h | 50 - .../tpm/include/prototypes/_TPM_Hash_End_fp.h | 49 - .../include/prototypes/_TPM_Hash_Start_fp.h | 49 - .../tpm/include/prototypes/_TPM_Init_fp.h | 49 - .../ms-tpm-20-ref/TPMCmd/tpm/include/swap.h | 106 - .../TPMCmd/tpm/src/X509/TpmASN1.c | 514 -- .../TPMCmd/tpm/src/X509/X509_ECC.c | 146 - .../TPMCmd/tpm/src/X509/X509_RSA.c | 234 - .../TPMCmd/tpm/src/X509/X509_spt.c | 295 - .../src/command/Asymmetric/ECC_Parameters.c | 61 - .../tpm/src/command/Asymmetric/ECDH_KeyGen.c | 92 - .../tpm/src/command/Asymmetric/ECDH_ZGen.c | 86 - .../tpm/src/command/Asymmetric/EC_Ephemeral.c | 73 - .../tpm/src/command/Asymmetric/RSA_Decrypt.c | 106 - .../tpm/src/command/Asymmetric/RSA_Encrypt.c | 90 - .../tpm/src/command/Asymmetric/ZGen_2Phase.c | 121 - .../AttachedComponent/AC_GetCapability.c | 56 - .../src/command/AttachedComponent/AC_Send.c | 102 - .../src/command/AttachedComponent/AC_spt.c | 149 - .../AttachedComponent/Policy_AC_SendSelect.c | 115 - .../tpm/src/command/Attestation/Attest_spt.c | 198 - .../tpm/src/command/Attestation/Certify.c | 94 - .../src/command/Attestation/CertifyCreation.c | 98 - .../tpm/src/command/Attestation/CertifyX509.c | 276 - .../Attestation/GetCommandAuditDigest.c | 99 - .../Attestation/GetSessionAuditDigest.c | 95 - .../tpm/src/command/Attestation/GetTime.c | 88 - .../tpm/src/command/Attestation/Quote.c | 98 - .../src/command/Capability/GetCapability.c | 180 - .../tpm/src/command/Capability/TestParms.c | 56 - .../src/command/ClockTimer/ClockRateAdjust.c | 55 - .../tpm/src/command/ClockTimer/ClockSet.c | 66 - .../tpm/src/command/ClockTimer/ReadClock.c | 56 - .../CommandAudit/SetCommandCodeAuditStatus.c | 103 - .../tpm/src/command/Context/ContextLoad.c | 193 - .../tpm/src/command/Context/ContextSave.c | 232 - .../tpm/src/command/Context/Context_spt.c | 244 - .../tpm/src/command/Context/EvictControl.c | 131 - .../tpm/src/command/Context/FlushContext.c | 86 - .../command/DA/DictionaryAttackLockReset.c | 67 - .../command/DA/DictionaryAttackParameters.c | 76 - .../tpm/src/command/Duplication/Duplicate.c | 160 - .../tpm/src/command/Duplication/Import.c | 209 - .../tpm/src/command/Duplication/Rewrap.c | 160 - .../tpm/src/command/EA/PolicyAuthValue.c | 81 - .../tpm/src/command/EA/PolicyAuthorize.c | 125 - .../tpm/src/command/EA/PolicyAuthorizeNV.c | 117 - .../tpm/src/command/EA/PolicyCommandCode.c | 90 - .../tpm/src/command/EA/PolicyCounterTimer.c | 129 - .../TPMCmd/tpm/src/command/EA/PolicyCpHash.c | 103 - .../src/command/EA/PolicyDuplicationSelect.c | 113 - .../tpm/src/command/EA/PolicyGetDigest.c | 61 - .../tpm/src/command/EA/PolicyLocality.c | 138 - .../TPMCmd/tpm/src/command/EA/PolicyNV.c | 143 - .../tpm/src/command/EA/PolicyNameHash.c | 99 - .../tpm/src/command/EA/PolicyNvWritten.c | 95 - .../TPMCmd/tpm/src/command/EA/PolicyOR.c | 99 - .../TPMCmd/tpm/src/command/EA/PolicyPCR.c | 125 - .../tpm/src/command/EA/PolicyPassword.c | 81 - .../src/command/EA/PolicyPhysicalPresence.c | 78 - .../TPMCmd/tpm/src/command/EA/PolicySecret.c | 128 - .../TPMCmd/tpm/src/command/EA/PolicySigned.c | 180 - .../tpm/src/command/EA/PolicyTemplate.c | 103 - .../TPMCmd/tpm/src/command/EA/PolicyTicket.c | 128 - .../TPMCmd/tpm/src/command/EA/Policy_spt.c | 290 - .../TPMCmd/tpm/src/command/Ecdaa/Commit.c | 169 - .../command/FieldUpgrade/FieldUpgradeData.c | 53 - .../command/FieldUpgrade/FieldUpgradeStart.c | 51 - .../src/command/FieldUpgrade/FirmwareRead.c | 55 - .../command/HashHMAC/EventSequenceComplete.c | 109 - .../tpm/src/command/HashHMAC/HMAC_Start.c | 105 - .../src/command/HashHMAC/HashSequenceStart.c | 63 - .../tpm/src/command/HashHMAC/MAC_Start.c | 92 - .../src/command/HashHMAC/SequenceComplete.c | 131 - .../tpm/src/command/HashHMAC/SequenceUpdate.c | 106 - .../tpm/src/command/Hierarchy/ChangeEPS.c | 95 - .../tpm/src/command/Hierarchy/ChangePPS.c | 96 - .../TPMCmd/tpm/src/command/Hierarchy/Clear.c | 125 - .../tpm/src/command/Hierarchy/ClearControl.c | 72 - .../tpm/src/command/Hierarchy/CreatePrimary.c | 143 - .../command/Hierarchy/HierarchyChangeAuth.c | 91 - .../src/command/Hierarchy/HierarchyControl.c | 144 - .../src/command/Hierarchy/SetPrimaryPolicy.c | 102 - .../TPMCmd/tpm/src/command/Misc/PP_Commands.c | 80 - .../tpm/src/command/Misc/SetAlgorithmSet.c | 62 - .../tpm/src/command/NVStorage/NV_Certify.c | 141 - .../tpm/src/command/NVStorage/NV_ChangeAuth.c | 68 - .../src/command/NVStorage/NV_DefineSpace.c | 226 - .../tpm/src/command/NVStorage/NV_Extend.c | 109 - .../command/NVStorage/NV_GlobalWriteLock.c | 57 - .../tpm/src/command/NVStorage/NV_Increment.c | 102 - .../tpm/src/command/NVStorage/NV_Read.c | 97 - .../tpm/src/command/NVStorage/NV_ReadLock.c | 93 - .../tpm/src/command/NVStorage/NV_ReadPublic.c | 62 - .../tpm/src/command/NVStorage/NV_SetBits.c | 91 - .../src/command/NVStorage/NV_UndefineSpace.c | 76 - .../NVStorage/NV_UndefineSpaceSpecial.c | 71 - .../tpm/src/command/NVStorage/NV_Write.c | 109 - .../tpm/src/command/NVStorage/NV_WriteLock.c | 91 - .../TPMCmd/tpm/src/command/NVStorage/NV_spt.c | 163 - .../src/command/Object/ActivateCredential.c | 107 - .../TPMCmd/tpm/src/command/Object/Create.c | 155 - .../tpm/src/command/Object/CreateLoaded.c | 221 - .../TPMCmd/tpm/src/command/Object/Load.c | 121 - .../tpm/src/command/Object/LoadExternal.c | 132 - .../tpm/src/command/Object/MakeCredential.c | 96 - .../tpm/src/command/Object/ObjectChangeAuth.c | 93 - .../tpm/src/command/Object/Object_spt.c | 1584 ----- .../tpm/src/command/Object/ReadPublic.c | 67 - .../TPMCmd/tpm/src/command/Object/Unseal.c | 70 - .../TPMCmd/tpm/src/command/PCR/PCR_Allocate.c | 83 - .../TPMCmd/tpm/src/command/PCR/PCR_Event.c | 92 - .../TPMCmd/tpm/src/command/PCR/PCR_Extend.c | 89 - .../TPMCmd/tpm/src/command/PCR/PCR_Read.c | 60 - .../TPMCmd/tpm/src/command/PCR/PCR_Reset.c | 74 - .../tpm/src/command/PCR/PCR_SetAuthPolicy.c | 82 - .../tpm/src/command/PCR/PCR_SetAuthValue.c | 73 - .../TPMCmd/tpm/src/command/Random/GetRandom.c | 63 - .../tpm/src/command/Random/StirRandom.c | 54 - .../tpm/src/command/Session/PolicyRestart.c | 54 - .../src/command/Session/StartAuthSession.c | 165 - .../TPMCmd/tpm/src/command/Signature/Sign.c | 112 - .../src/command/Signature/VerifySignature.c | 93 - .../TPMCmd/tpm/src/command/Startup/Shutdown.c | 101 - .../TPMCmd/tpm/src/command/Startup/Startup.c | 244 - .../src/command/Symmetric/EncryptDecrypt.c | 163 - .../src/command/Symmetric/EncryptDecrypt2.c | 83 - .../command/Symmetric/EncryptDecrypt_spt.c | 163 - .../TPMCmd/tpm/src/command/Symmetric/HMAC.c | 108 - .../TPMCmd/tpm/src/command/Symmetric/Hash.c | 88 - .../TPMCmd/tpm/src/command/Symmetric/MAC.c | 94 - .../tpm/src/command/Testing/GetTestResult.c | 61 - .../src/command/Testing/IncrementalSelfTest.c | 65 - .../TPMCmd/tpm/src/command/Testing/SelfTest.c | 58 - .../tpm/src/command/Vendor/Vendor_TCG_Test.c | 50 - .../TPMCmd/tpm/src/crypt/AlgorithmTests.c | 963 --- .../TPMCmd/tpm/src/crypt/BnConvert.c | 295 - .../TPMCmd/tpm/src/crypt/BnMath.c | 597 -- .../TPMCmd/tpm/src/crypt/BnMemory.c | 187 - .../TPMCmd/tpm/src/crypt/CryptCmac.c | 176 - .../TPMCmd/tpm/src/crypt/CryptDes.c | 188 - .../TPMCmd/tpm/src/crypt/CryptEccData.c | 657 -- .../tpm/src/crypt/CryptEccKeyExchange.c | 383 -- .../TPMCmd/tpm/src/crypt/CryptEccMain.c | 820 --- .../TPMCmd/tpm/src/crypt/CryptEccSignature.c | 931 --- .../TPMCmd/tpm/src/crypt/CryptHash.c | 938 --- .../TPMCmd/tpm/src/crypt/CryptPrime.c | 385 -- .../TPMCmd/tpm/src/crypt/CryptPrimeSieve.c | 571 -- .../TPMCmd/tpm/src/crypt/CryptRand.c | 950 --- .../TPMCmd/tpm/src/crypt/CryptRsa.c | 1489 ----- .../TPMCmd/tpm/src/crypt/CryptSelfTest.c | 222 - .../TPMCmd/tpm/src/crypt/CryptSmac.c | 132 - .../TPMCmd/tpm/src/crypt/CryptSym.c | 478 -- .../TPMCmd/tpm/src/crypt/CryptUtil.c | 1901 ------ .../TPMCmd/tpm/src/crypt/PrimeData.c | 422 -- .../TPMCmd/tpm/src/crypt/RsaKeyCache.c | 255 - .../TPMCmd/tpm/src/crypt/Ticket.c | 277 - .../tpm/src/crypt/ltc/TpmToLtcDesSupport.c | 75 - .../TPMCmd/tpm/src/crypt/ltc/TpmToLtcMath.c | 286 - .../tpm/src/crypt/ltc/TpmToLtcSupport.c | 96 - .../tpm/src/crypt/ossl/TpmToOsslDesSupport.c | 100 - .../TPMCmd/tpm/src/crypt/ossl/TpmToOsslMath.c | 638 -- .../tpm/src/crypt/ossl/TpmToOsslSupport.c | 112 - .../tpm/src/crypt/wolf/TpmToWolfDesSupport.c | 117 - .../TPMCmd/tpm/src/crypt/wolf/TpmToWolfMath.c | 521 -- .../tpm/src/crypt/wolf/TpmToWolfSupport.c | 60 - .../TPMCmd/tpm/src/crypt/wolf/wolfssl.vcxproj | 194 - .../TPMCmd/tpm/src/events/_TPM_Hash_Data.c | 70 - .../TPMCmd/tpm/src/events/_TPM_Hash_End.c | 102 - .../TPMCmd/tpm/src/events/_TPM_Hash_Start.c | 92 - .../TPMCmd/tpm/src/events/_TPM_Init.c | 90 - .../TPMCmd/tpm/src/main/CommandDispatcher.c | 430 -- .../TPMCmd/tpm/src/main/ExecCommand.c | 317 - .../TPMCmd/tpm/src/main/SessionProcess.c | 2242 ------- .../TPMCmd/tpm/src/subsystem/CommandAudit.c | 268 - .../TPMCmd/tpm/src/subsystem/DA.c | 235 - .../TPMCmd/tpm/src/subsystem/Hierarchy.c | 237 - .../TPMCmd/tpm/src/subsystem/NvDynamic.c | 1932 ------ .../TPMCmd/tpm/src/subsystem/NvReserved.c | 263 - .../TPMCmd/tpm/src/subsystem/Object.c | 989 --- .../TPMCmd/tpm/src/subsystem/PCR.c | 1314 ---- .../TPMCmd/tpm/src/subsystem/PP.c | 179 - .../TPMCmd/tpm/src/subsystem/Session.c | 1068 --- .../TPMCmd/tpm/src/subsystem/Time.c | 276 - .../TPMCmd/tpm/src/support/AlgorithmCap.c | 234 - .../TPMCmd/tpm/src/support/Bits.c | 92 - .../tpm/src/support/CommandCodeAttributes.c | 553 -- .../TPMCmd/tpm/src/support/Entity.c | 478 -- .../TPMCmd/tpm/src/support/Global.c | 59 - .../TPMCmd/tpm/src/support/Handle.c | 195 - .../TPMCmd/tpm/src/support/IoBuffers.c | 125 - .../TPMCmd/tpm/src/support/Locality.c | 75 - .../TPMCmd/tpm/src/support/Manufacture.c | 177 - .../TPMCmd/tpm/src/support/Marshal.c | 5811 ----------------- .../tpm/src/support/MathOnByteBuffers.c | 265 - .../TPMCmd/tpm/src/support/Memory.c | 269 - .../TPMCmd/tpm/src/support/Power.c | 82 - .../TPMCmd/tpm/src/support/PropertyCap.c | 597 -- .../TPMCmd/tpm/src/support/Response.c | 81 - .../tpm/src/support/ResponseCodeProcessing.c | 57 - .../TPMCmd/tpm/src/support/TpmFail.c | 454 -- .../TPMCmd/tpm/src/support/TpmSizeChecks.c | 171 - .../go-tpm-tools/simulator/simulator_test.go | 119 - vendor/github.com/google/pprof/AUTHORS | 7 + vendor/github.com/google/pprof/CONTRIBUTORS | 16 + vendor/github.com/google/pprof/LICENSE | 202 + .../github.com/google/pprof/profile/encode.go | 567 ++ .../github.com/google/pprof/profile/filter.go | 270 + .../github.com/google/pprof/profile/index.go | 64 + .../pprof/profile/legacy_java_profile.go | 315 + .../google/pprof/profile/legacy_profile.go | 1225 ++++ .../github.com/google/pprof/profile/merge.go | 481 ++ .../google/pprof/profile/profile.go | 805 +++ .../github.com/google/pprof/profile/proto.go | 370 ++ .../github.com/google/pprof/profile/prune.go | 178 + vendor/github.com/onsi/ginkgo/v2/.gitignore | 2 +- vendor/github.com/onsi/ginkgo/v2/CHANGELOG.md | 321 +- vendor/github.com/onsi/ginkgo/v2/README.md | 58 +- vendor/github.com/onsi/ginkgo/v2/RELEASING.md | 2 +- vendor/github.com/onsi/ginkgo/v2/core_dsl.go | 111 +- .../onsi/ginkgo/v2/decorator_dsl.go | 26 +- .../onsi/ginkgo/v2/formatter/formatter.go | 61 +- .../onsi/ginkgo/v2/ginkgo/command/abort.go | 61 + .../onsi/ginkgo/v2/ginkgo/command/command.go | 50 + .../onsi/ginkgo/v2/ginkgo/command/program.go | 182 + .../ginkgo/generators/boostrap_templates.go | 48 + .../v2/ginkgo/generators/bootstrap_command.go | 133 + .../v2/ginkgo/generators/generate_command.go | 264 + .../ginkgo/generators/generate_templates.go | 43 + .../v2/ginkgo/generators/generators_common.go | 76 + .../onsi/ginkgo/v2/ginkgo/internal/compile.go | 161 + .../ginkgo/internal/profiles_and_reports.go | 237 + .../onsi/ginkgo/v2/ginkgo/internal/run.go | 355 + .../ginkgo/v2/ginkgo/internal/test_suite.go | 283 + .../onsi/ginkgo/v2/ginkgo/internal/utils.go | 86 + .../v2/ginkgo/internal/verify_version.go | 54 + .../ginkgo/v2/ginkgo/labels/labels_command.go | 123 + .../github.com/onsi/ginkgo/v2/ginkgo/main.go | 58 + .../onsi/ginkgo/v2/ginkgo/outline/ginkgo.go | 302 + .../onsi/ginkgo/v2/ginkgo/outline/import.go | 65 + .../onsi/ginkgo/v2/ginkgo/outline/outline.go | 110 + .../v2/ginkgo/outline/outline_command.go | 98 + .../onsi/ginkgo/v2/ginkgo/run/run_command.go | 232 + .../v2/ginkgo/unfocus/unfocus_command.go | 186 + .../onsi/ginkgo/v2/ginkgo/watch/delta.go | 22 + .../ginkgo/v2/ginkgo/watch/delta_tracker.go | 75 + .../ginkgo/v2/ginkgo/watch/dependencies.go | 92 + .../ginkgo/v2/ginkgo/watch/package_hash.go | 108 + .../ginkgo/v2/ginkgo/watch/package_hashes.go | 85 + .../onsi/ginkgo/v2/ginkgo/watch/suite.go | 87 + .../ginkgo/v2/ginkgo/watch/watch_command.go | 192 + .../onsi/ginkgo/v2/ginkgo_cli_dependencies.go | 8 + .../github.com/onsi/ginkgo/v2/ginkgo_t_dsl.go | 63 +- .../onsi/ginkgo/v2/internal/focus.go | 71 +- .../onsi/ginkgo/v2/internal/group.go | 76 +- .../interrupt_handler/interrupt_handler.go | 47 +- .../onsi/ginkgo/v2/internal/node.go | 116 +- .../onsi/ginkgo/v2/internal/ordering.go | 84 +- .../v2/internal/output_interceptor_unix.go | 11 + .../parallel_support/client_server.go | 2 + .../internal/parallel_support/http_client.go | 13 + .../internal/parallel_support/http_server.go | 29 +- .../internal/parallel_support/rpc_client.go | 13 + .../parallel_support/server_handler.go | 55 +- .../ginkgo/v2/internal/progress_report.go | 26 +- .../v2/internal/progress_reporter_manager.go | 79 + .../onsi/ginkgo/v2/internal/report_entry.go | 21 +- .../onsi/ginkgo/v2/internal/spec.go | 11 + .../onsi/ginkgo/v2/internal/spec_context.go | 53 +- .../onsi/ginkgo/v2/internal/suite.go | 305 +- .../internal/testingtproxy/testing_t_proxy.go | 114 +- .../onsi/ginkgo/v2/internal/writer.go | 51 +- .../ginkgo/v2/reporters/default_reporter.go | 611 +- .../v2/reporters/deprecated_reporter.go | 2 +- .../onsi/ginkgo/v2/reporters/json_report.go | 13 +- .../onsi/ginkgo/v2/reporters/junit_report.go | 120 +- .../onsi/ginkgo/v2/reporters/reporter.go | 18 +- .../ginkgo/v2/reporters/teamcity_report.go | 4 + .../onsi/ginkgo/v2/reporting_dsl.go | 28 +- vendor/github.com/onsi/ginkgo/v2/table_dsl.go | 33 +- .../onsi/ginkgo/v2/types/code_location.go | 78 +- .../github.com/onsi/ginkgo/v2/types/config.go | 53 +- .../ginkgo/v2/types/deprecation_support.go | 9 +- .../github.com/onsi/ginkgo/v2/types/errors.go | 28 +- .../onsi/ginkgo/v2/types/label_filter.go | 11 + .../onsi/ginkgo/v2/types/report_entry.go | 14 +- .../github.com/onsi/ginkgo/v2/types/types.go | 336 +- .../onsi/ginkgo/v2/types/version.go | 2 +- vendor/github.com/onsi/gomega/.gitignore | 2 + vendor/github.com/onsi/gomega/CHANGELOG.md | 174 + vendor/github.com/onsi/gomega/RELEASING.md | 2 +- .../github.com/onsi/gomega/format/format.go | 86 +- vendor/github.com/onsi/gomega/gomega_dsl.go | 151 +- .../onsi/gomega/internal/assertion.go | 8 +- .../onsi/gomega/internal/async_assertion.go | 425 +- .../onsi/gomega/internal/duration_bundle.go | 16 +- .../github.com/onsi/gomega/internal/gomega.go | 68 +- .../gomega/internal/polling_signal_error.go | 106 + vendor/github.com/onsi/gomega/matchers.go | 28 +- .../onsi/gomega/matchers/consist_of.go | 29 +- .../gomega/matchers/have_exact_elements.go | 88 + .../gomega/matchers/have_occurred_matcher.go | 2 +- .../gomega/matchers/match_error_matcher.go | 12 +- .../onsi/gomega/matchers/succeed_matcher.go | 11 +- vendor/github.com/onsi/gomega/tools | 8 - vendor/github.com/onsi/gomega/types/types.go | 9 +- .../github.com/twpayne/go-vfs/v4/.gitignore | 1 + .../twpayne/go-vfs/v4/.golangci.yml | 117 + vendor/github.com/twpayne/go-vfs/v4/LICENSE | 21 + vendor/github.com/twpayne/go-vfs/v4/Makefile | 35 + vendor/github.com/twpayne/go-vfs/v4/README.md | 159 + .../github.com/twpayne/go-vfs/v4/contains.go | 69 + .../github.com/twpayne/go-vfs/v4/emptyfs.go | 36 + .../github.com/twpayne/go-vfs/v4/mkdirall.go | 57 + vendor/github.com/twpayne/go-vfs/v4/osfs.go | 128 + vendor/github.com/twpayne/go-vfs/v4/pathfs.go | 278 + vendor/github.com/twpayne/go-vfs/v4/posix.go | 28 + .../twpayne/go-vfs/v4/readonlyfs.go | 148 + vendor/github.com/twpayne/go-vfs/v4/vfs.go | 37 + .../github.com/twpayne/go-vfs/v4/vfst/test.go | 40 + .../twpayne/go-vfs/v4/vfst/test_windows.go | 22 + .../twpayne/go-vfs/v4/vfst/testfs.go | 59 + .../github.com/twpayne/go-vfs/v4/vfst/vfst.go | 458 ++ vendor/github.com/twpayne/go-vfs/v4/walk.go | 74 + .../github.com/twpayne/go-vfs/v4/windows.go | 43 + vendor/golang.org/x/net/html/doc.go | 22 +- vendor/golang.org/x/net/http2/pipe.go | 6 +- vendor/golang.org/x/net/http2/server.go | 7 +- vendor/golang.org/x/net/http2/transport.go | 41 +- vendor/golang.org/x/sys/unix/ioctl_signed.go | 70 + .../sys/unix/{ioctl.go => ioctl_unsigned.go} | 4 +- vendor/golang.org/x/sys/unix/ioctl_zos.go | 12 +- vendor/golang.org/x/sys/unix/mkall.sh | 2 +- vendor/golang.org/x/sys/unix/mkerrors.sh | 11 +- vendor/golang.org/x/sys/unix/syscall_aix.go | 4 +- .../golang.org/x/sys/unix/syscall_aix_ppc.go | 1 - .../x/sys/unix/syscall_aix_ppc64.go | 1 - .../golang.org/x/sys/unix/syscall_darwin.go | 3 +- .../x/sys/unix/syscall_dragonfly.go | 1 - .../golang.org/x/sys/unix/syscall_freebsd.go | 1 - vendor/golang.org/x/sys/unix/syscall_linux.go | 40 +- .../x/sys/unix/syscall_linux_386.go | 27 - .../x/sys/unix/syscall_linux_amd64.go | 1 - .../x/sys/unix/syscall_linux_arm.go | 27 - .../x/sys/unix/syscall_linux_arm64.go | 10 - .../x/sys/unix/syscall_linux_loong64.go | 5 - .../x/sys/unix/syscall_linux_mips64x.go | 1 - .../x/sys/unix/syscall_linux_mipsx.go | 27 - .../x/sys/unix/syscall_linux_ppc.go | 27 - .../x/sys/unix/syscall_linux_ppc64x.go | 1 - .../x/sys/unix/syscall_linux_riscv64.go | 1 - .../x/sys/unix/syscall_linux_s390x.go | 1 - .../x/sys/unix/syscall_linux_sparc64.go | 1 - .../golang.org/x/sys/unix/syscall_netbsd.go | 2 - .../golang.org/x/sys/unix/syscall_openbsd.go | 18 +- .../golang.org/x/sys/unix/syscall_solaris.go | 21 +- vendor/golang.org/x/sys/unix/syscall_unix.go | 7 + .../x/sys/unix/syscall_zos_s390x.go | 4 +- .../x/sys/unix/zerrors_darwin_amd64.go | 19 + .../x/sys/unix/zerrors_darwin_arm64.go | 19 + vendor/golang.org/x/sys/unix/zerrors_linux.go | 14 + .../x/sys/unix/zerrors_linux_sparc64.go | 48 + .../golang.org/x/sys/unix/zsyscall_aix_ppc.go | 15 +- .../x/sys/unix/zsyscall_aix_ppc64.go | 18 +- .../x/sys/unix/zsyscall_aix_ppc64_gc.go | 10 - .../x/sys/unix/zsyscall_aix_ppc64_gccgo.go | 10 +- .../x/sys/unix/zsyscall_darwin_amd64.go | 39 +- .../x/sys/unix/zsyscall_darwin_amd64.s | 11 +- .../x/sys/unix/zsyscall_darwin_arm64.go | 39 +- .../x/sys/unix/zsyscall_darwin_arm64.s | 11 +- .../x/sys/unix/zsyscall_dragonfly_amd64.go | 10 - .../x/sys/unix/zsyscall_freebsd_386.go | 10 - .../x/sys/unix/zsyscall_freebsd_amd64.go | 10 - .../x/sys/unix/zsyscall_freebsd_arm.go | 10 - .../x/sys/unix/zsyscall_freebsd_arm64.go | 10 - .../x/sys/unix/zsyscall_freebsd_riscv64.go | 10 - .../golang.org/x/sys/unix/zsyscall_linux.go | 24 +- .../x/sys/unix/zsyscall_linux_386.go | 10 - .../x/sys/unix/zsyscall_linux_amd64.go | 10 - .../x/sys/unix/zsyscall_linux_arm.go | 10 - .../x/sys/unix/zsyscall_linux_arm64.go | 10 - .../x/sys/unix/zsyscall_linux_mips.go | 10 - .../x/sys/unix/zsyscall_linux_mips64.go | 10 - .../x/sys/unix/zsyscall_linux_mips64le.go | 10 - .../x/sys/unix/zsyscall_linux_mipsle.go | 10 - .../x/sys/unix/zsyscall_linux_ppc.go | 10 - .../x/sys/unix/zsyscall_linux_ppc64.go | 10 - .../x/sys/unix/zsyscall_linux_ppc64le.go | 10 - .../x/sys/unix/zsyscall_linux_riscv64.go | 10 - .../x/sys/unix/zsyscall_linux_s390x.go | 10 - .../x/sys/unix/zsyscall_linux_sparc64.go | 10 - .../x/sys/unix/zsyscall_netbsd_386.go | 10 - .../x/sys/unix/zsyscall_netbsd_amd64.go | 10 - .../x/sys/unix/zsyscall_netbsd_arm.go | 10 - .../x/sys/unix/zsyscall_netbsd_arm64.go | 10 - .../x/sys/unix/zsyscall_openbsd_386.go | 36 +- .../x/sys/unix/zsyscall_openbsd_386.s | 15 +- .../x/sys/unix/zsyscall_openbsd_amd64.go | 46 +- .../x/sys/unix/zsyscall_openbsd_amd64.s | 15 +- .../x/sys/unix/zsyscall_openbsd_arm.go | 36 +- .../x/sys/unix/zsyscall_openbsd_arm.s | 15 +- .../x/sys/unix/zsyscall_openbsd_arm64.go | 36 +- .../x/sys/unix/zsyscall_openbsd_arm64.s | 15 +- .../x/sys/unix/zsyscall_openbsd_mips64.go | 36 +- .../x/sys/unix/zsyscall_openbsd_mips64.s | 15 +- .../x/sys/unix/zsyscall_openbsd_ppc64.go | 36 +- .../x/sys/unix/zsyscall_openbsd_ppc64.s | 18 +- .../x/sys/unix/zsyscall_openbsd_riscv64.go | 36 +- .../x/sys/unix/zsyscall_openbsd_riscv64.s | 15 +- .../x/sys/unix/zsyscall_solaris_amd64.go | 17 +- .../x/sys/unix/zsyscall_zos_s390x.go | 4 +- .../x/sys/unix/ztypes_darwin_amd64.go | 11 + .../x/sys/unix/ztypes_darwin_arm64.go | 11 + vendor/golang.org/x/sys/unix/ztypes_linux.go | 46 + .../golang.org/x/sys/windows/env_windows.go | 6 +- .../golang.org/x/sys/windows/exec_windows.go | 7 +- vendor/golang.org/x/sys/windows/service.go | 7 + .../x/sys/windows/syscall_windows.go | 13 +- .../golang.org/x/sys/windows/types_windows.go | 10 +- .../x/sys/windows/zsyscall_windows.go | 17 +- vendor/modules.txt | 43 +- 806 files changed, 18089 insertions(+), 108576 deletions(-) create mode 100644 pkg/install/install.go create mode 100644 pkg/register/state_test.go create mode 100644 vendor/github.com/go-logr/logr/funcr/funcr.go create mode 100644 vendor/github.com/go-task/slim-sprig/.editorconfig create mode 100644 vendor/github.com/go-task/slim-sprig/.gitattributes create mode 100644 vendor/github.com/go-task/slim-sprig/.gitignore create mode 100644 vendor/github.com/go-task/slim-sprig/CHANGELOG.md create mode 100644 vendor/github.com/go-task/slim-sprig/LICENSE.txt create mode 100644 vendor/github.com/go-task/slim-sprig/README.md create mode 100644 vendor/github.com/go-task/slim-sprig/Taskfile.yml create mode 100644 vendor/github.com/go-task/slim-sprig/crypto.go create mode 100644 vendor/github.com/go-task/slim-sprig/date.go create mode 100644 vendor/github.com/go-task/slim-sprig/defaults.go create mode 100644 vendor/github.com/go-task/slim-sprig/dict.go create mode 100644 vendor/github.com/go-task/slim-sprig/doc.go create mode 100644 vendor/github.com/go-task/slim-sprig/functions.go create mode 100644 vendor/github.com/go-task/slim-sprig/list.go create mode 100644 vendor/github.com/go-task/slim-sprig/network.go create mode 100644 vendor/github.com/go-task/slim-sprig/numeric.go create mode 100644 vendor/github.com/go-task/slim-sprig/reflect.go create mode 100644 vendor/github.com/go-task/slim-sprig/regex.go create mode 100644 vendor/github.com/go-task/slim-sprig/strings.go create mode 100644 vendor/github.com/go-task/slim-sprig/url.go delete mode 100644 vendor/github.com/google/go-tpm-tools/.github/workflows/ci.yml delete mode 100644 vendor/github.com/google/go-tpm-tools/.gitignore delete mode 100644 vendor/github.com/google/go-tpm-tools/CONTRIBUTING.md delete mode 100644 vendor/github.com/google/go-tpm-tools/README.md delete mode 100644 vendor/github.com/google/go-tpm-tools/cel/canonical_eventlog.go delete mode 100644 vendor/github.com/google/go-tpm-tools/cel/canonical_eventlog_test.go delete mode 100644 vendor/github.com/google/go-tpm-tools/cel/cos_tlv.go delete mode 100644 vendor/github.com/google/go-tpm-tools/cel/cos_tlv_test.go delete mode 100644 vendor/github.com/google/go-tpm-tools/client/attest.go delete mode 100644 vendor/github.com/google/go-tpm-tools/client/close.go delete mode 100644 vendor/github.com/google/go-tpm-tools/client/eventlog.go delete mode 100644 vendor/github.com/google/go-tpm-tools/client/eventlog_linux.go delete mode 100644 vendor/github.com/google/go-tpm-tools/client/eventlog_other.go delete mode 100644 vendor/github.com/google/go-tpm-tools/client/example_test.go delete mode 100644 vendor/github.com/google/go-tpm-tools/client/handles.go delete mode 100644 vendor/github.com/google/go-tpm-tools/client/handles_test.go delete mode 100644 vendor/github.com/google/go-tpm-tools/client/import.go delete mode 100644 vendor/github.com/google/go-tpm-tools/client/keys.go delete mode 100644 vendor/github.com/google/go-tpm-tools/client/keys_test.go delete mode 100644 vendor/github.com/google/go-tpm-tools/client/pcr.go delete mode 100644 vendor/github.com/google/go-tpm-tools/client/pcr_test.go delete mode 100644 vendor/github.com/google/go-tpm-tools/client/quote_test.go delete mode 100644 vendor/github.com/google/go-tpm-tools/client/seal_test.go delete mode 100644 vendor/github.com/google/go-tpm-tools/client/session.go delete mode 100644 vendor/github.com/google/go-tpm-tools/client/signer.go delete mode 100644 vendor/github.com/google/go-tpm-tools/client/signer_test.go delete mode 100644 vendor/github.com/google/go-tpm-tools/client/template.go delete mode 100644 vendor/github.com/google/go-tpm-tools/cmd/flags.go delete mode 100644 vendor/github.com/google/go-tpm-tools/cmd/flush.go delete mode 100644 vendor/github.com/google/go-tpm-tools/cmd/flush_test.go delete mode 100644 vendor/github.com/google/go-tpm-tools/cmd/gotpm/main.go delete mode 100644 vendor/github.com/google/go-tpm-tools/cmd/open.go delete mode 100644 vendor/github.com/google/go-tpm-tools/cmd/open_other.go delete mode 100644 vendor/github.com/google/go-tpm-tools/cmd/open_windows.go delete mode 100644 vendor/github.com/google/go-tpm-tools/cmd/pubkey.go delete mode 100644 vendor/github.com/google/go-tpm-tools/cmd/read.go delete mode 100644 vendor/github.com/google/go-tpm-tools/cmd/root.go delete mode 100644 vendor/github.com/google/go-tpm-tools/cmd/seal.go delete mode 100644 vendor/github.com/google/go-tpm-tools/cmd/seal_test.go delete mode 100644 vendor/github.com/google/go-tpm-tools/files/PKGBUILD delete mode 100755 vendor/github.com/google/go-tpm-tools/files/boot-unseal.sh delete mode 100644 vendor/github.com/google/go-tpm-tools/files/initcpio.hooks delete mode 100644 vendor/github.com/google/go-tpm-tools/files/initcpio.install delete mode 100644 vendor/github.com/google/go-tpm-tools/go.mod delete mode 100644 vendor/github.com/google/go-tpm-tools/go.sum delete mode 100644 vendor/github.com/google/go-tpm-tools/internal/pcrs.go delete mode 100644 vendor/github.com/google/go-tpm-tools/internal/pcrs_test.go delete mode 100644 vendor/github.com/google/go-tpm-tools/internal/public.go delete mode 100644 vendor/github.com/google/go-tpm-tools/internal/quote.go delete mode 100644 vendor/github.com/google/go-tpm-tools/internal/test/attestations/gce-cos-85-no-nonce.pb delete mode 100644 vendor/github.com/google/go-tpm-tools/internal/test/attestations/gce-cos-85-nonce9009.pb delete mode 100644 vendor/github.com/google/go-tpm-tools/internal/test/eventlogs/arch-linux-workstation.bin delete mode 100644 vendor/github.com/google/go-tpm-tools/internal/test/eventlogs/debian-10.bin delete mode 100644 vendor/github.com/google/go-tpm-tools/internal/test/eventlogs/glinux-alex.bin delete mode 100644 vendor/github.com/google/go-tpm-tools/internal/test/eventlogs/rhel8-uefi.bin delete mode 100644 vendor/github.com/google/go-tpm-tools/internal/test/eventlogs/ubuntu-1804-amd-sev.bin delete mode 100644 vendor/github.com/google/go-tpm-tools/internal/test/eventlogs/ubuntu-2104-no-dbx.bin delete mode 100644 vendor/github.com/google/go-tpm-tools/internal/test/eventlogs/ubuntu-2104-no-secure-boot.bin delete mode 100644 vendor/github.com/google/go-tpm-tools/internal/test/load_random_external_key.go delete mode 100644 vendor/github.com/google/go-tpm-tools/internal/test/test_data.go delete mode 100644 vendor/github.com/google/go-tpm-tools/internal/test/test_other.go delete mode 100644 vendor/github.com/google/go-tpm-tools/internal/test/test_tpm.go delete mode 100644 vendor/github.com/google/go-tpm-tools/internal/test/test_windows.go delete mode 100644 vendor/github.com/google/go-tpm-tools/proto/attest.proto delete mode 100644 vendor/github.com/google/go-tpm-tools/proto/attest/attest.pb.go delete mode 100644 vendor/github.com/google/go-tpm-tools/proto/doc.go delete mode 100644 vendor/github.com/google/go-tpm-tools/proto/tpm.proto delete mode 100644 vendor/github.com/google/go-tpm-tools/proto/tpm/tpm.pb.go delete mode 100644 vendor/github.com/google/go-tpm-tools/server/ca-certs/tpm_ek_intermediate_2.crt delete mode 100644 vendor/github.com/google/go-tpm-tools/server/ca-certs/tpm_ek_root_1.cer delete mode 100644 vendor/github.com/google/go-tpm-tools/server/ecc_utils.go delete mode 100644 vendor/github.com/google/go-tpm-tools/server/eventlog.go delete mode 100644 vendor/github.com/google/go-tpm-tools/server/eventlog_test.go delete mode 100644 vendor/github.com/google/go-tpm-tools/server/example_test.go delete mode 100644 vendor/github.com/google/go-tpm-tools/server/grouped_error.go delete mode 100644 vendor/github.com/google/go-tpm-tools/server/grouped_error_test.go delete mode 100644 vendor/github.com/google/go-tpm-tools/server/import.go delete mode 100644 vendor/github.com/google/go-tpm-tools/server/import_test.go delete mode 100644 vendor/github.com/google/go-tpm-tools/server/instance_info.go delete mode 100644 vendor/github.com/google/go-tpm-tools/server/key_conversion.go delete mode 100644 vendor/github.com/google/go-tpm-tools/server/key_conversion_test.go delete mode 100644 vendor/github.com/google/go-tpm-tools/server/policy.go delete mode 100644 vendor/github.com/google/go-tpm-tools/server/policy_constants.go delete mode 100644 vendor/github.com/google/go-tpm-tools/server/policy_constants_test.go delete mode 100644 vendor/github.com/google/go-tpm-tools/server/policy_test.go delete mode 100644 vendor/github.com/google/go-tpm-tools/server/secure-boot/GcePk.crt delete mode 100644 vendor/github.com/google/go-tpm-tools/server/secure-boot/MicCorKEKCA2011_2011-06-24.crt delete mode 100644 vendor/github.com/google/go-tpm-tools/server/secure-boot/MicCorUEFCA2011_2011-06-27.crt delete mode 100644 vendor/github.com/google/go-tpm-tools/server/secure-boot/MicWinProPCA2011_2011-10-19.crt delete mode 100644 vendor/github.com/google/go-tpm-tools/server/secure-boot/canonical-boothole.crt delete mode 100644 vendor/github.com/google/go-tpm-tools/server/secure-boot/cisco-boothole.crt delete mode 100644 vendor/github.com/google/go-tpm-tools/server/secure-boot/dbxupdate-2014-08-11.bin delete mode 100644 vendor/github.com/google/go-tpm-tools/server/secure-boot/dbxupdate_x64-2020-10-12.bin delete mode 100644 vendor/github.com/google/go-tpm-tools/server/secure-boot/dbxupdate_x64-2021-04-29.bin delete mode 100644 vendor/github.com/google/go-tpm-tools/server/secure-boot/debian-boothole.crt delete mode 100644 vendor/github.com/google/go-tpm-tools/server/verify.go delete mode 100644 vendor/github.com/google/go-tpm-tools/server/verify_test.go delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/CONTRIBUTING.md delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/LICENSE delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/README.md delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/Samples/Google/Clock.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/Samples/Google/Entropy.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/Samples/Google/NVMem.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/Samples/Google/Platform.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/Samples/Google/PlatformData.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/Samples/Google/Platform_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/Samples/Google/Run.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/Makefile.am delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/configure.ac delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/flags.m4 delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/BaseTypes.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/BnValues.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Capabilities.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CommandAttributeData.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CommandAttributes.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CommandDispatchData.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CommandDispatcher.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Commands.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CompilerDependencies.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CryptEcc.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CryptHash.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CryptRand.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CryptRsa.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CryptSym.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CryptTest.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/EccTestData.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Global.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/GpMacros.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/HandleProcess.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/HashTestData.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/InternalRoutines.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/KdfTestData.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/LibSupport.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ltc/LtcSettings.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ltc/TpmToLtcHash.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ltc/TpmToLtcMath.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ltc/TpmToLtcSym.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/MinMax.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/NV.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/OIDs.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ossl/TpmToOsslHash.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ossl/TpmToOsslMath.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ossl/TpmToOsslSym.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/PRNG_TestVectors.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/RsaTestData.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/SelfTest.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/SupportLibraryFunctionPrototypes_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/SymmetricTest.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/SymmetricTestData.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/TPMB.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Tpm.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/TpmASN1.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/TpmAlgorithmDefines.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/TpmBuildSwitches.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/TpmError.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/TpmProfile.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/TpmTypes.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/VendorString.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Wolf/TpmToWolfHash.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Wolf/TpmToWolfMath.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Wolf/TpmToWolfSym.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Wolf/user_settings.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/X509.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/AC_GetCapability_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/AC_Send_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/AC_spt_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ActivateCredential_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/AlgorithmCap_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/AlgorithmTests_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Attest_spt_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Bits_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/BnConvert_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/BnMath_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/BnMemory_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CertifyCreation_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CertifyX509_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Certify_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ChangeEPS_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ChangePPS_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ClearControl_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Clear_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ClockRateAdjust_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ClockSet_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CommandAudit_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CommandCodeAttributes_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CommandDispatcher_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Commit_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ContextLoad_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ContextSave_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Context_spt_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CreateLoaded_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CreatePrimary_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Create_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptCmac_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptDes_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptEccKeyExchange_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptEccMain_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptEccSignature_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptHash_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptPrimeSieve_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptPrime_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptRand_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptRsa_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptSelfTest_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptSmac_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptSym_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptUtil_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/DA_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/DictionaryAttackLockReset_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/DictionaryAttackParameters_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Duplicate_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ECC_Parameters_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ECDH_KeyGen_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ECDH_ZGen_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/EC_Ephemeral_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/EncryptDecrypt2_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/EncryptDecrypt_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/EncryptDecrypt_spt_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Entity_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/EventSequenceComplete_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/EvictControl_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ExecCommand_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/FieldUpgradeData_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/FieldUpgradeStart_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/FirmwareRead_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/FlushContext_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/GetCapability_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/GetCommandAuditDigest_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/GetRandom_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/GetSessionAuditDigest_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/GetTestResult_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/GetTime_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/HMAC_Start_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/HMAC_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Handle_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/HashSequenceStart_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Hash_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/HierarchyChangeAuth_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/HierarchyControl_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Hierarchy_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Import_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/IncrementalSelfTest_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/IoBuffers_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/LoadExternal_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Load_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Locality_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/MAC_Start_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/MAC_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/MakeCredential_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Manufacture_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Marshal_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/MathOnByteBuffers_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Memory_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_Certify_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_ChangeAuth_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_DefineSpace_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_Extend_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_GlobalWriteLock_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_Increment_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_ReadLock_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_ReadPublic_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_Read_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_SetBits_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_UndefineSpaceSpecial_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_UndefineSpace_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_WriteLock_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_Write_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_spt_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NvDynamic_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NvReserved_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ObjectChangeAuth_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Object_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Object_spt_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_Allocate_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_Event_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_Extend_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_Read_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_Reset_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_SetAuthPolicy_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_SetAuthValue_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PP_Commands_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PP_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyAuthValue_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyAuthorizeNV_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyAuthorize_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyCommandCode_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyCounterTimer_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyCpHash_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyDuplicationSelect_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyGetDigest_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyLocality_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyNV_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyNameHash_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyNvWritten_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyOR_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyPCR_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyPassword_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyPhysicalPresence_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyRestart_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicySecret_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicySigned_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyTemplate_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyTicket_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Policy_AC_SendSelect_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Policy_spt_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Power_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PropertyCap_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Quote_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/RSA_Decrypt_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/RSA_Encrypt_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ReadClock_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ReadPublic_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ResponseCodeProcessing_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Response_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Rewrap_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/RsaKeyCache_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/SelfTest_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/SequenceComplete_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/SequenceUpdate_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/SessionProcess_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Session_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/SetAlgorithmSet_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/SetCommandCodeAuditStatus_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/SetPrimaryPolicy_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Shutdown_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Sign_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/StartAuthSession_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Startup_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/StirRandom_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TestParms_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Ticket_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Time_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmASN1_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmFail_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmSizeChecks_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToLtcDesSupport_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToLtcMath_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToLtcSupport_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToOsslDesSupport_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToOsslMath_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToOsslSupport_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToWolfDesSupport_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToWolfMath_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToWolfSupport_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Unseal_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Vendor_TCG_Test_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/VerifySignature_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/X509_ECC_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/X509_RSA_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/X509_spt_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ZGen_2Phase_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/_TPM_Hash_Data_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/_TPM_Hash_End_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/_TPM_Hash_Start_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/_TPM_Init_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/swap.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/X509/TpmASN1.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/X509/X509_ECC.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/X509/X509_RSA.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/X509/X509_spt.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Asymmetric/ECC_Parameters.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Asymmetric/ECDH_KeyGen.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Asymmetric/ECDH_ZGen.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Asymmetric/EC_Ephemeral.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Asymmetric/RSA_Decrypt.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Asymmetric/RSA_Encrypt.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Asymmetric/ZGen_2Phase.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/AttachedComponent/AC_GetCapability.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/AttachedComponent/AC_Send.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/AttachedComponent/AC_spt.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/AttachedComponent/Policy_AC_SendSelect.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/Attest_spt.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/Certify.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/CertifyCreation.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/CertifyX509.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/GetCommandAuditDigest.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/GetSessionAuditDigest.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/GetTime.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/Quote.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Capability/GetCapability.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Capability/TestParms.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/ClockTimer/ClockRateAdjust.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/ClockTimer/ClockSet.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/ClockTimer/ReadClock.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/CommandAudit/SetCommandCodeAuditStatus.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Context/ContextLoad.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Context/ContextSave.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Context/Context_spt.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Context/EvictControl.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Context/FlushContext.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/DA/DictionaryAttackLockReset.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/DA/DictionaryAttackParameters.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Duplication/Duplicate.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Duplication/Import.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Duplication/Rewrap.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyAuthValue.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyAuthorize.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyAuthorizeNV.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyCommandCode.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyCounterTimer.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyCpHash.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyDuplicationSelect.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyGetDigest.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyLocality.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyNV.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyNameHash.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyNvWritten.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyOR.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyPCR.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyPassword.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyPhysicalPresence.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicySecret.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicySigned.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyTemplate.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyTicket.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/Policy_spt.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Ecdaa/Commit.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/FieldUpgrade/FieldUpgradeData.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/FieldUpgrade/FieldUpgradeStart.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/FieldUpgrade/FirmwareRead.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/HashHMAC/EventSequenceComplete.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/HashHMAC/HMAC_Start.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/HashHMAC/HashSequenceStart.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/HashHMAC/MAC_Start.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/HashHMAC/SequenceComplete.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/HashHMAC/SequenceUpdate.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/ChangeEPS.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/ChangePPS.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/Clear.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/ClearControl.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/CreatePrimary.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/HierarchyChangeAuth.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/HierarchyControl.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/SetPrimaryPolicy.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Misc/PP_Commands.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Misc/SetAlgorithmSet.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_Certify.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_ChangeAuth.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_DefineSpace.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_Extend.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_GlobalWriteLock.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_Increment.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_Read.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_ReadLock.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_ReadPublic.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_SetBits.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_UndefineSpace.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_UndefineSpaceSpecial.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_Write.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_WriteLock.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_spt.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/ActivateCredential.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/Create.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/CreateLoaded.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/Load.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/LoadExternal.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/MakeCredential.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/ObjectChangeAuth.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/Object_spt.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/ReadPublic.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/Unseal.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/PCR/PCR_Allocate.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/PCR/PCR_Event.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/PCR/PCR_Extend.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/PCR/PCR_Read.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/PCR/PCR_Reset.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/PCR/PCR_SetAuthPolicy.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/PCR/PCR_SetAuthValue.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Random/GetRandom.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Random/StirRandom.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Session/PolicyRestart.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Session/StartAuthSession.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Signature/Sign.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Signature/VerifySignature.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Startup/Shutdown.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Startup/Startup.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Symmetric/EncryptDecrypt.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Symmetric/EncryptDecrypt2.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Symmetric/EncryptDecrypt_spt.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Symmetric/HMAC.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Symmetric/Hash.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Symmetric/MAC.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Testing/GetTestResult.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Testing/IncrementalSelfTest.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Testing/SelfTest.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Vendor/Vendor_TCG_Test.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/AlgorithmTests.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/BnConvert.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/BnMath.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/BnMemory.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptCmac.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptDes.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptEccData.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptEccKeyExchange.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptEccMain.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptEccSignature.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptHash.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptPrime.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptPrimeSieve.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptRand.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptRsa.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptSelfTest.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptSmac.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptSym.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptUtil.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/PrimeData.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/RsaKeyCache.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/Ticket.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/ltc/TpmToLtcDesSupport.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/ltc/TpmToLtcMath.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/ltc/TpmToLtcSupport.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/ossl/TpmToOsslDesSupport.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/ossl/TpmToOsslMath.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/ossl/TpmToOsslSupport.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/wolf/TpmToWolfDesSupport.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/wolf/TpmToWolfMath.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/wolf/TpmToWolfSupport.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/wolf/wolfssl.vcxproj delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/events/_TPM_Hash_Data.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/events/_TPM_Hash_End.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/events/_TPM_Hash_Start.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/events/_TPM_Init.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/main/CommandDispatcher.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/main/ExecCommand.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/main/SessionProcess.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/CommandAudit.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/DA.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/Hierarchy.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/NvDynamic.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/NvReserved.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/Object.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/PCR.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/PP.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/Session.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/Time.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/AlgorithmCap.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Bits.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/CommandCodeAttributes.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Entity.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Global.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Handle.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/IoBuffers.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Locality.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Manufacture.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Marshal.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/MathOnByteBuffers.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Memory.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Power.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/PropertyCap.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Response.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/ResponseCodeProcessing.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/TpmFail.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/TpmSizeChecks.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/simulator_test.go create mode 100644 vendor/github.com/google/pprof/AUTHORS create mode 100644 vendor/github.com/google/pprof/CONTRIBUTORS create mode 100644 vendor/github.com/google/pprof/LICENSE create mode 100644 vendor/github.com/google/pprof/profile/encode.go create mode 100644 vendor/github.com/google/pprof/profile/filter.go create mode 100644 vendor/github.com/google/pprof/profile/index.go create mode 100644 vendor/github.com/google/pprof/profile/legacy_java_profile.go create mode 100644 vendor/github.com/google/pprof/profile/legacy_profile.go create mode 100644 vendor/github.com/google/pprof/profile/merge.go create mode 100644 vendor/github.com/google/pprof/profile/profile.go create mode 100644 vendor/github.com/google/pprof/profile/proto.go create mode 100644 vendor/github.com/google/pprof/profile/prune.go create mode 100644 vendor/github.com/onsi/ginkgo/v2/ginkgo/command/abort.go create mode 100644 vendor/github.com/onsi/ginkgo/v2/ginkgo/command/command.go create mode 100644 vendor/github.com/onsi/ginkgo/v2/ginkgo/command/program.go create mode 100644 vendor/github.com/onsi/ginkgo/v2/ginkgo/generators/boostrap_templates.go create mode 100644 vendor/github.com/onsi/ginkgo/v2/ginkgo/generators/bootstrap_command.go create mode 100644 vendor/github.com/onsi/ginkgo/v2/ginkgo/generators/generate_command.go create mode 100644 vendor/github.com/onsi/ginkgo/v2/ginkgo/generators/generate_templates.go create mode 100644 vendor/github.com/onsi/ginkgo/v2/ginkgo/generators/generators_common.go create mode 100644 vendor/github.com/onsi/ginkgo/v2/ginkgo/internal/compile.go create mode 100644 vendor/github.com/onsi/ginkgo/v2/ginkgo/internal/profiles_and_reports.go create mode 100644 vendor/github.com/onsi/ginkgo/v2/ginkgo/internal/run.go create mode 100644 vendor/github.com/onsi/ginkgo/v2/ginkgo/internal/test_suite.go create mode 100644 vendor/github.com/onsi/ginkgo/v2/ginkgo/internal/utils.go create mode 100644 vendor/github.com/onsi/ginkgo/v2/ginkgo/internal/verify_version.go create mode 100644 vendor/github.com/onsi/ginkgo/v2/ginkgo/labels/labels_command.go create mode 100644 vendor/github.com/onsi/ginkgo/v2/ginkgo/main.go create mode 100644 vendor/github.com/onsi/ginkgo/v2/ginkgo/outline/ginkgo.go create mode 100644 vendor/github.com/onsi/ginkgo/v2/ginkgo/outline/import.go create mode 100644 vendor/github.com/onsi/ginkgo/v2/ginkgo/outline/outline.go create mode 100644 vendor/github.com/onsi/ginkgo/v2/ginkgo/outline/outline_command.go create mode 100644 vendor/github.com/onsi/ginkgo/v2/ginkgo/run/run_command.go create mode 100644 vendor/github.com/onsi/ginkgo/v2/ginkgo/unfocus/unfocus_command.go create mode 100644 vendor/github.com/onsi/ginkgo/v2/ginkgo/watch/delta.go create mode 100644 vendor/github.com/onsi/ginkgo/v2/ginkgo/watch/delta_tracker.go create mode 100644 vendor/github.com/onsi/ginkgo/v2/ginkgo/watch/dependencies.go create mode 100644 vendor/github.com/onsi/ginkgo/v2/ginkgo/watch/package_hash.go create mode 100644 vendor/github.com/onsi/ginkgo/v2/ginkgo/watch/package_hashes.go create mode 100644 vendor/github.com/onsi/ginkgo/v2/ginkgo/watch/suite.go create mode 100644 vendor/github.com/onsi/ginkgo/v2/ginkgo/watch/watch_command.go create mode 100644 vendor/github.com/onsi/ginkgo/v2/ginkgo_cli_dependencies.go create mode 100644 vendor/github.com/onsi/ginkgo/v2/internal/progress_reporter_manager.go create mode 100644 vendor/github.com/onsi/gomega/internal/polling_signal_error.go create mode 100644 vendor/github.com/onsi/gomega/matchers/have_exact_elements.go delete mode 100644 vendor/github.com/onsi/gomega/tools create mode 100644 vendor/github.com/twpayne/go-vfs/v4/.gitignore create mode 100644 vendor/github.com/twpayne/go-vfs/v4/.golangci.yml create mode 100644 vendor/github.com/twpayne/go-vfs/v4/LICENSE create mode 100644 vendor/github.com/twpayne/go-vfs/v4/Makefile create mode 100644 vendor/github.com/twpayne/go-vfs/v4/README.md create mode 100644 vendor/github.com/twpayne/go-vfs/v4/contains.go create mode 100644 vendor/github.com/twpayne/go-vfs/v4/emptyfs.go create mode 100644 vendor/github.com/twpayne/go-vfs/v4/mkdirall.go create mode 100644 vendor/github.com/twpayne/go-vfs/v4/osfs.go create mode 100644 vendor/github.com/twpayne/go-vfs/v4/pathfs.go create mode 100644 vendor/github.com/twpayne/go-vfs/v4/posix.go create mode 100644 vendor/github.com/twpayne/go-vfs/v4/readonlyfs.go create mode 100644 vendor/github.com/twpayne/go-vfs/v4/vfs.go create mode 100644 vendor/github.com/twpayne/go-vfs/v4/vfst/test.go create mode 100644 vendor/github.com/twpayne/go-vfs/v4/vfst/test_windows.go create mode 100644 vendor/github.com/twpayne/go-vfs/v4/vfst/testfs.go create mode 100644 vendor/github.com/twpayne/go-vfs/v4/vfst/vfst.go create mode 100644 vendor/github.com/twpayne/go-vfs/v4/walk.go create mode 100644 vendor/github.com/twpayne/go-vfs/v4/windows.go create mode 100644 vendor/golang.org/x/sys/unix/ioctl_signed.go rename vendor/golang.org/x/sys/unix/{ioctl.go => ioctl_unsigned.go} (92%) diff --git a/Makefile b/Makefile index ee37fce0b..b13145063 100644 --- a/Makefile +++ b/Makefile @@ -40,7 +40,7 @@ CONTROLLER_GEN_VER := v0.9.2 CONTROLLER_GEN := $(ABS_TOOLS_DIR)/controller-gen-$(CONTROLLER_GEN_VER) CONTROLLER_GEN_PKG := sigs.k8s.io/controller-tools/cmd/controller-gen -GINKGO_VER := v2.3.1 +GINKGO_VER := v2.11.0 GINKGO := $(ABS_TOOLS_DIR)/ginkgo-$(GINKGO_VER) GINKGO_PKG := github.com/onsi/ginkgo/v2/ginkgo diff --git a/cmd/register/main.go b/cmd/register/main.go index 565bd41e1..1858ae07a 100644 --- a/cmd/register/main.go +++ b/cmd/register/main.go @@ -17,91 +17,96 @@ limitations under the License. package main import ( - "encoding/json" + "errors" "fmt" - "os" - "path/filepath" + "time" - "github.com/mudler/yip/pkg/schema" - agent "github.com/rancher/system-agent/pkg/config" - "github.com/sanity-io/litter" "github.com/spf13/cobra" "github.com/spf13/viper" - "gopkg.in/yaml.v2" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/client-go/tools/clientcmd" - "k8s.io/client-go/tools/clientcmd/api" + "github.com/twpayne/go-vfs/v4" + "gopkg.in/yaml.v3" elementalv1 "github.com/rancher/elemental-operator/api/v1beta1" - "github.com/rancher/elemental-operator/pkg/elementalcli" + "github.com/rancher/elemental-operator/pkg/install" "github.com/rancher/elemental-operator/pkg/log" "github.com/rancher/elemental-operator/pkg/register" - "github.com/rancher/elemental-operator/pkg/util" "github.com/rancher/elemental-operator/pkg/version" ) const ( - stateInstallFile = "/run/initramfs/cos-state/state.yaml" - agentStateDir = "/var/lib/elemental/agent" - agentConfDir = "/etc/rancher/elemental/agent" - afterInstallHook = "/oem/install-hook.yaml" + defaultStatePath = "/oem/registration/state.yaml" + defaultConfigPath = "/oem/registration/config.yaml" + defaultLiveConfigPath = "/run/initramfs/live/livecd-cloud-config.yaml" + registrationUpdateSuppressTimer = 24 * time.Hour +) - // Registration config directories, depending if system is live or not - regConfExt = "yaml" - regConfDir = "/oem/registration" - regConfName = "config" - liveRegConfDir = "/run/initramfs/live" - liveRegConfName = "livecd-cloud-config" +var ( + cfg elementalv1.Config + debug bool + configPath string + statePath string +) - // This file stores the registration URL and certificate used for the registration - // this file will be stored into the install system by an after-install hook - registrationConf = "/run/cos/oem/registration/config.yaml" +var ( + errEmptyRegistrationURL = errors.New("registration URL is empty") ) func main() { - var cfg elementalv1.Config - var debug bool + cmd := newCommand(vfs.OSFS) + if err := cmd.Execute(); err != nil { + log.Fatalf("FATAL: %s", err) + } +} +func newCommand(fs vfs.FS) *cobra.Command { + installer := install.NewInstaller(fs) cmd := &cobra.Command{ Use: "elemental-register", Short: "Elemental register command", Long: "elemental-register registers a node with the elemental-operator via a config file or flags", - Run: func(_ *cobra.Command, args []string) { - if debug { - log.EnableDebugLogging() + RunE: func(_ *cobra.Command, args []string) error { + // Initialize Config + initConfig() + if err := viper.Unmarshal(&cfg); err != nil { + return fmt.Errorf("decoding configuration: %w", err) } + // Version subcommand if viper.GetBool("version") { - log.Infof("Support version %s, commit %s, commit date %s", version.Version, version.Commit, version.CommitDate) - return + log.Infof("Register version %s, commit %s, commit date %s", version.Version, version.Commit, version.CommitDate) + return nil } - - log.Infof("Register version %s, commit %s, commit date %s", version.Version, version.Commit, version.CommitDate) - - // Locate config directory and file - var configDir string - if len(args) == 0 { - if err := loadDefaultConfig(); err != nil { - log.Fatalf("Cloud not read default configuration: %s", err) - } - configDir = regConfDir - } else { - configDir = args[0] //Take the first argument only, ignore the rest - if err := mergeConfigFromFile(configDir, regConfName); err != nil { - log.Fatalf("Could not read configuration in directory '%s': %s", configDir, err) - } + // Determine if registration should execute or skip a cycle + stateHandler := register.NewFileStateHandler(fs, statePath) + if skip, err := shouldSkipRegistration(stateHandler, installer); err != nil { + return fmt.Errorf("determining if registration should run: %w", err) + } else if skip { + log.Info("Nothing to do") + return nil } - - if err := viper.Unmarshal(&cfg); err != nil { - log.Fatalf("failed to parse configuration: ", err) + // Validate CA + caCert, err := getRegistrationCA(fs, cfg) + if err != nil { + return fmt.Errorf("validating CA: %w", err) } - - log.Debugf("input config:\n%s", litter.Sdump(cfg)) - - run(configDir, cfg) + // Register + client := register.NewClient(stateHandler) + data, err := client.Register(cfg.Elemental.Registration, caCert) + if err != nil { + return fmt.Errorf("registering machine: %w", err) + } + // Validate remote config + log.Debugf("Fetched configuration from manager cluster:\n%s\n\n", string(data)) + if err := yaml.Unmarshal(data, &cfg); err != nil { + return fmt.Errorf("parsing returned configuration: %w", err) + } + // Install + if !installer.IsSystemInstalled() { + log.Info("Installing Elemental") + return installer.InstallElemental(cfg) + } + return nil }, } - - // Registration cmd.Flags().StringVar(&cfg.Elemental.Registration.URL, "registration-url", "", "Registration url to get the machine config from") cmd.Flags().StringVar(&cfg.Elemental.Registration.CACert, "registration-ca-cert", "", "File with the custom CA certificate to use against he registration url") cmd.Flags().BoolVar(&cfg.Elemental.Registration.EmulateTPM, "emulate-tpm", false, "Emulate /dev/tpm") @@ -109,264 +114,54 @@ func main() { cmd.Flags().BoolVar(&cfg.Elemental.Registration.NoSMBIOS, "no-smbios", false, "Disable the use of dmidecode to get SMBIOS") cmd.Flags().StringVar(&cfg.Elemental.Registration.Auth, "auth", "tpm", "Registration authentication method") cmd.Flags().BoolVarP(&debug, "debug", "d", false, "Enable debug logging") + cmd.Flags().StringVar(&configPath, "config-path", "", "The full path of the elemental-register config") + cmd.Flags().StringVar(&statePath, "state-path", "", "The full path of the elemental-register config") cmd.PersistentFlags().BoolP("version", "v", false, "print version and exit") _ = viper.BindPFlag("version", cmd.PersistentFlags().Lookup("version")) - - if err := cmd.Execute(); err != nil { - log.Fatalln(err) - } + //Set Defaults + viper.SetDefault("state-path", defaultStatePath) + if installer.IsSystemInstalled() { + viper.SetDefault("config-path", defaultConfigPath) + } else { + viper.SetDefault("config-path", defaultLiveConfigPath) + } + return cmd } -func loadDefaultConfig() error { - if !isSystemInstalled() { - log.Debugf("System is live. Loading registration config from %s/%s.%s", liveRegConfDir, liveRegConfName, regConfExt) - return mergeConfigFromFile(liveRegConfDir, liveRegConfName) +func initConfig() { + if debug { + log.EnableDebugLogging() } - log.Debugf("System is installed. Loading registration config from %s/%s.%s", regConfDir, regConfName, regConfExt) - return mergeConfigFromFile(regConfDir, regConfName) -} - -func mergeConfigFromFile(path string, name string) error { - log.Debugf("Using configuration in directory: %s\n", path) - viper.AddConfigPath(path) - viper.SetConfigName(name) - viper.SetConfigType(regConfExt) - return viper.MergeInConfig() -} -func run(configDir string, config elementalv1.Config) { - // Validate Registration config - registration := config.Elemental.Registration + log.Infof("Register version %s, commit %s, commit date %s", version.Version, version.Commit, version.CommitDate) - if registration.URL == "" { - log.Fatal("Registration URL is empty") - } + viper.SetConfigFile(configPath) +} - caCert, err := getRegistrationCA(registration) - if err != nil { - log.Fatalf("Could not load registration CA certificate: %s", err) +func shouldSkipRegistration(stateHandler register.StateHandler, installer install.Installer) (bool, error) { + if !installer.IsSystemInstalled() { + return false, nil } - - client := register.NewClient(configDir) - - data, err := client.Register(registration, caCert) + state, err := stateHandler.Load() if err != nil { - log.Fatalf("failed to register machine inventory: %w", err) - } - - log.Debugf("Fetched configuration from manager cluster:\n%s\n\n", string(data)) - - if err := yaml.Unmarshal(data, &config); err != nil { - log.Errorf("failed to parse registration configuration: %w", err) + return false, fmt.Errorf("loading registration state") } + return state.HasLastUpdateElapsed(registrationUpdateSuppressTimer), nil +} - if !isSystemInstalled() { - if err := installElemental(config); err != nil { - log.Fatalf("elemental installation failed: %w", err) - } +func getRegistrationCA(fs vfs.FS, config elementalv1.Config) ([]byte, error) { + registration := config.Elemental.Registration - log.Info("elemental installation completed, please reboot") + if registration.URL == "" { + return nil, errEmptyRegistrationURL } -} - -func getRegistrationCA(registration elementalv1.Registration) ([]byte, error) { /* Here we can have a file path or the cert data itself */ - if _, err := os.Stat(registration.CACert); err == nil { + if _, err := fs.Stat(registration.CACert); err == nil { log.Info("CACert passed as a file") - return os.ReadFile(registration.CACert) + return fs.ReadFile(registration.CACert) } if registration.CACert == "" { log.Warning("CACert is empty") } return []byte(registration.CACert), nil } - -func installElemental(config elementalv1.Config) error { - cloudInitURLs := config.Elemental.Install.ConfigURLs - if cloudInitURLs == nil { - cloudInitURLs = []string{} - } - - agentConfPath, err := writeSystemAgentConfig(config.Elemental) - if err != nil { - return fmt.Errorf("failed to write system agent configuration: %w", err) - } - cloudInitURLs = append(cloudInitURLs, agentConfPath) - - if len(config.CloudConfig) > 0 { - cloudInitPath, err := writeCloudInit(config.CloudConfig) - if err != nil { - return fmt.Errorf("failed to write custom cloud-init file: %w", err) - } - cloudInitURLs = append(cloudInitURLs, cloudInitPath) - } - - config.Elemental.Install.ConfigURLs = cloudInitURLs - - if err := installRegistrationYAML(config.Elemental.Registration); err != nil { - return fmt.Errorf("failed to prepare after-install hook: %w", err) - } - - installDataMap, err := structToMap(config.Elemental.Install) - if err != nil { - return fmt.Errorf("failed to decode elemental-cli install data: %w", err) - } - - if err := elementalcli.Run(installDataMap); err != nil { - return fmt.Errorf("failed to install elemental: %w", err) - } - - return nil -} - -func structToMap(str interface{}) (map[string]interface{}, error) { - var mapStruct map[string]interface{} - - data, err := json.Marshal(str) - if err == nil { - if err := json.Unmarshal(data, &mapStruct); err == nil { - return mapStruct, nil - } - } - - return nil, err -} - -// isSystemInstalled checks if the host is currently installed -// TODO: make the function dependent on tmp.Register returned data -func isSystemInstalled() bool { - _, err := os.Stat(stateInstallFile) - return err == nil -} - -func installRegistrationYAML(reg elementalv1.Registration) error { - registrationInBytes, err := yaml.Marshal(elementalv1.Config{ - Elemental: elementalv1.Elemental{ - Registration: reg, - }, - }) - if err != nil { - return err - } - f, err := os.Create(afterInstallHook) - if err != nil { - return err - } - defer f.Close() - - err = yaml.NewEncoder(f).Encode(schema.YipConfig{ - Name: "Include registration config into installed system", - Stages: map[string][]schema.Stage{ - "after-install": { - schema.Stage{ - Directories: []schema.Directory{ - { - Path: filepath.Dir(registrationConf), - Permissions: 0700, - }, - }, Files: []schema.File{ - { - Path: registrationConf, - Content: string(registrationInBytes), - Permissions: 0600, - }, - }, - }, - }, - }, - }) - - return err -} - -func writeCloudInit(cloudConfig map[string]runtime.RawExtension) (string, error) { - f, err := os.CreateTemp(os.TempDir(), "*.yaml") - if err != nil { - return "", err - } - defer f.Close() - - bytes, err := util.MarshalCloudConfig(cloudConfig) - if err != nil { - return "", err - } - - log.Debugf("Decoded CloudConfig:\n%s\n", string(bytes)) - _, err = f.Write(bytes) - return f.Name(), err -} - -func writeSystemAgentConfig(config elementalv1.Elemental) (string, error) { - kubeConfig := api.Config{ - Kind: "Config", - APIVersion: "v1", - Clusters: map[string]*api.Cluster{ - "cluster": { - Server: config.SystemAgent.URL, - CertificateAuthorityData: []byte(config.Registration.CACert), - }}, - AuthInfos: map[string]*api.AuthInfo{ - "user": { - Token: config.SystemAgent.Token, - }}, - Contexts: map[string]*api.Context{ - "context": { - Cluster: "cluster", - AuthInfo: "user", - }}, - CurrentContext: "context", - } - - kubeconfigBytes, _ := clientcmd.Write(kubeConfig) - - connectionInfo := agent.ConnectionInfo{ - KubeConfig: string(kubeconfigBytes), - Namespace: config.SystemAgent.SecretNamespace, - SecretName: config.SystemAgent.SecretName, - } - - agentConfig := agent.AgentConfig{ - WorkDir: filepath.Join(agentStateDir, "work"), - AppliedPlanDir: filepath.Join(agentStateDir, "applied"), - LocalPlanDir: filepath.Join(agentStateDir, "plans"), - RemoteEnabled: true, - LocalEnabled: true, - ConnectionInfoFile: filepath.Join(agentStateDir, "elemental_connection.json"), - PreserveWorkDir: false, - } - - connectionInfoBytes, _ := json.Marshal(connectionInfo) - agentConfigBytes, _ := json.Marshal(agentConfig) - - var stages []schema.Stage - - stages = append(stages, schema.Stage{ - Files: []schema.File{ - { - Path: filepath.Join(agentStateDir, "elemental_connection.json"), - Content: string(connectionInfoBytes), - Permissions: 0600, - }, - { - Path: filepath.Join(agentConfDir, "config.yaml"), - Content: string(agentConfigBytes), - Permissions: 0600, - }, - }, - }) - - f, err := os.CreateTemp(os.TempDir(), "*.yaml") - if err != nil { - return "", err - } - defer f.Close() - - err = yaml.NewEncoder(f).Encode(schema.YipConfig{ - Name: "Elemental System Agent Configuration", - Stages: map[string][]schema.Stage{ - "initramfs": stages, - }, - }) - - return f.Name(), err -} diff --git a/go.mod b/go.mod index 93a98dc5c..11f865dbd 100644 --- a/go.mod +++ b/go.mod @@ -37,8 +37,8 @@ require ( github.com/google/go-attestation v0.4.3 github.com/gorilla/websocket v1.5.0 github.com/mudler/yip v0.0.0-20220704150701-30d215fa4ab0 - github.com/onsi/ginkgo/v2 v2.3.1 - github.com/onsi/gomega v1.22.0 + github.com/onsi/ginkgo/v2 v2.11.0 + github.com/onsi/gomega v1.27.8 github.com/pkg/errors v0.9.1 github.com/rancher-sandbox/ele-testhelpers v0.0.0-20221213084338-a8ffdd2b87e3 github.com/rancher-sandbox/go-tpm v0.0.0-20220823075603-d273b298fcda @@ -52,7 +52,8 @@ require ( github.com/sirupsen/logrus v1.9.0 // indirect github.com/spf13/cobra v1.6.0 github.com/spf13/viper v1.9.0 - golang.org/x/sync v0.1.0 // indirect + github.com/twpayne/go-vfs/v4 v4.2.0 + golang.org/x/sync v0.2.0 // indirect gopkg.in/yaml.v2 v2.4.0 gotest.tools v2.2.0+incompatible k8s.io/api v0.26.0 @@ -77,10 +78,10 @@ require ( github.com/felixge/httpsnoop v1.0.1 // indirect github.com/fsnotify/fsnotify v1.5.1 // indirect github.com/ghodss/yaml v1.0.0 // indirect - github.com/go-logr/logr v1.2.3 // indirect + github.com/go-logr/logr v1.2.4 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect - github.com/golang/protobuf v1.5.2 // indirect + github.com/golang/protobuf v1.5.3 // indirect github.com/google/go-cmp v0.5.9 github.com/google/go-containerregistry v0.12.1 // indirect github.com/google/go-tpm v0.3.3 // indirect @@ -126,7 +127,6 @@ require ( github.com/spf13/jwalterweatherman v1.1.0 // indirect github.com/spf13/pflag v1.0.5 // indirect github.com/subosito/gotenv v1.2.0 // indirect - github.com/twpayne/go-vfs v1.7.2 // indirect github.com/urfave/cli v1.22.10 // indirect go.opentelemetry.io/contrib v1.6.0 // indirect go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.20.0 // indirect @@ -142,11 +142,11 @@ require ( go.uber.org/multierr v1.9.0 // indirect go.uber.org/zap v1.21.0 // indirect golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d // indirect - golang.org/x/net v0.8.0 // indirect + golang.org/x/net v0.10.0 // indirect golang.org/x/oauth2 v0.4.0 // indirect - golang.org/x/sys v0.6.0 // indirect - golang.org/x/term v0.6.0 // indirect - golang.org/x/text v0.8.0 // indirect + golang.org/x/sys v0.9.0 // indirect + golang.org/x/term v0.8.0 // indirect + golang.org/x/text v0.9.0 // indirect golang.org/x/time v0.3.0 // indirect gomodules.xyz/jsonpatch/v2 v2.2.0 // indirect google.golang.org/appengine v1.6.7 // indirect @@ -184,8 +184,12 @@ require ( github.com/StackExchange/wmi v1.2.1 // indirect github.com/go-logr/zapr v1.2.0 // indirect github.com/go-ole/go-ole v1.2.6 // indirect + github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect + github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 // indirect github.com/jaypipes/pcidb v1.0.0 // indirect github.com/mitchellh/go-homedir v1.1.0 // indirect + github.com/twpayne/go-vfs v1.7.2 // indirect github.com/vbatts/tar-split v0.11.2 // indirect + golang.org/x/tools v0.9.3 // indirect howett.net/plist v1.0.0 // indirect ) diff --git a/go.sum b/go.sum index 596fba813..abe0b370d 100644 --- a/go.sum +++ b/go.sum @@ -606,8 +606,8 @@ github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7 github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU= github.com/go-logr/logr v0.4.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU= github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/logr v1.2.3 h1:2DntVwHkVopvECVRSlL5PSo9eG+cAkDCuckLubN+rq0= -github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= +github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ= +github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/zapr v0.1.0/go.mod h1:tabnROwaDl0UNxkVeFRbY8bwB37GwRv0P8lg6aAiEnk= github.com/go-logr/zapr v0.4.0/go.mod h1:tabnROwaDl0UNxkVeFRbY8bwB37GwRv0P8lg6aAiEnk= github.com/go-logr/zapr v1.2.0 h1:n4JnPI1T3Qq1SFEi/F8rwLrZERp2bso19PJZDB9dayk= @@ -670,6 +670,8 @@ github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LB github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE= +github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI= +github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls= github.com/gobuffalo/flect v0.2.2/go.mod h1:vmkQwuZYhN5Pc4ljYQZzP+1sq+NEkK+lh20jmEmX3jc= github.com/gobuffalo/flect v0.2.4 h1:BSYA8+T60cdyq+vynaSUjqSVI9mDEg9ZfQUXKmfjo4I= github.com/gobuffalo/flect v0.2.4/go.mod h1:1ZyCLIbg0YD7sDkzvFdPoOydPtD8y9JQnrOROolUcM8= @@ -727,8 +729,9 @@ github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= github.com/golang/protobuf v1.5.1/go.mod h1:DopwsBzvsk0Fs44TXzsVbJyPhcCPeIwnvohx4u74HPM= -github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw= github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= +github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg= +github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= @@ -812,6 +815,7 @@ github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLe github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210609004039-a478d1d731e9/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= +github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 h1:K6RDEckDVWvDI9JAJYCmNdQXq6neHJOYx3V6jnqNEec= github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/rpmpack v0.0.0-20191226140753-aa36bfddb3a0/go.mod h1:RaTPr0KUf2K7fnZYLNDrr8rxAamWs3iNywJLtQ2AzBg= @@ -1202,8 +1206,8 @@ github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vv github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= github.com/onsi/ginkgo/v2 v2.0.0/go.mod h1:vw5CSIxN1JObi/U8gcbwft7ZxR2dgaR70JSE3/PpL4c= github.com/onsi/ginkgo/v2 v2.1.0/go.mod h1:vw5CSIxN1JObi/U8gcbwft7ZxR2dgaR70JSE3/PpL4c= -github.com/onsi/ginkgo/v2 v2.3.1 h1:8SbseP7qM32WcvE6VaN6vfXxv698izmsJ1UQX9ve7T8= -github.com/onsi/ginkgo/v2 v2.3.1/go.mod h1:Sv4yQXwG5VmF7tm3Q5Z+RWUpPo24LF1mpnz2crUb8Ys= +github.com/onsi/ginkgo/v2 v2.11.0 h1:WgqUCUt/lT6yXoQ8Wef0fsNn5cAuMK7+KT9UFRz2tcU= +github.com/onsi/ginkgo/v2 v2.11.0/go.mod h1:ZhrRA5XmEE3x3rhlzamx/JJvujdZoJ2uvgI7kR0iZvM= github.com/onsi/gomega v0.0.0-20151007035656-2152b45fa28a/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v1.3.0/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= @@ -1221,8 +1225,8 @@ github.com/onsi/gomega v1.15.0/go.mod h1:cIuvLEne0aoVhAgh/O6ac0Op8WWw9H6eYCriF+t github.com/onsi/gomega v1.16.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY= github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY= github.com/onsi/gomega v1.18.0/go.mod h1:0q+aL8jAiMXy9hbwj2mr5GziHiwhAIQpFmmtT5hitRs= -github.com/onsi/gomega v1.22.0 h1:AIg2/OntwkBiCg5Tt1ayyiF1ArFrWFoCSMtMi/wdApk= -github.com/onsi/gomega v1.22.0/go.mod h1:iYAIXgPSaDHak0LCMA+AWBpIKBr8WZicMxnE8luStNc= +github.com/onsi/gomega v1.27.8 h1:gegWiwZjBsf2DgiSbf5hpokZ98JVDMcWkUiigk6/KXc= +github.com/onsi/gomega v1.27.8/go.mod h1:2J8vzI/s+2shY9XHRApDkdgPo1TKT7P2u6fXeJKFnNQ= github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWErDVzsI23lYNej1Htcns9BCg93Dk0bBINWk= github.com/opencontainers/go-digest v0.0.0-20170106003457-a6d0ee40d420/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= github.com/opencontainers/go-digest v0.0.0-20180430190053-c9281466c8b2/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= @@ -1571,6 +1575,8 @@ github.com/transparency-dev/merkle v0.0.1/go.mod h1:B8FIw5LTq6DaULoHsVFRzYIUDkl8 github.com/tredoe/osutil/v2 v2.0.0-rc.16/go.mod h1:uLRVx/3pb7Y4RQhG8cQFbPE9ha5r81e6MXpBsxbTAYc= github.com/twpayne/go-vfs v1.7.2 h1:ZNYMAXcu2Av8c109USrSGYm8dIIIV0xPlG19I2088Kw= github.com/twpayne/go-vfs v1.7.2/go.mod h1:1eni2ntkiiAHZG27xfLOO4CYvMR4Kw8V7rYiLeeolsQ= +github.com/twpayne/go-vfs/v4 v4.2.0 h1:cIjUwaKSCq0y6dT+ev6uLSmKjGTbHCR4xaocROqHFsE= +github.com/twpayne/go-vfs/v4 v4.2.0/go.mod h1:zEoSYKpoOQmqu2Rrjclu2TlDEK+I5ydlh58sGdPKNYI= github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc= github.com/ugorji/go v1.1.7/go.mod h1:kZn38zHttfInRq0xu/PH0az30d+z6vm202qpg1oXVMw= github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0= @@ -1827,6 +1833,7 @@ golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3/go.mod h1:3p9vT2HGsQu2K1YbXdKPJLVgG5VJdoTa1poYQBtP1AY= +golang.org/x/mod v0.10.0 h1:lFO9qtOdlre5W1jxS3r/4szv2/6iXxScdzjoBMXNhYk= golang.org/x/net v0.0.0-20180112015858-5ccada7d0a7b/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180218175443-cbe0f9307d01/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -1905,8 +1912,8 @@ golang.org/x/net v0.0.0-20220412020605-290c469a71a5/go.mod h1:CfG3xpIq0wQ8r1q4Su golang.org/x/net v0.0.0-20220421235706-1d1ef9303861/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220630215102-69896b714898/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= -golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ= -golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= +golang.org/x/net v0.10.0 h1:X2//UzNDwYmtCLn7To6G58Wr6f5ahEAQgKNzv9Y951M= +golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20181106182150-f42d05182288/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -1947,8 +1954,8 @@ golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o= -golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.2.0 h1:PUR+T4wwASmuSTYdKjYHI5TD22Wy5ogLU5qZCOLxBrI= +golang.org/x/sync v0.2.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20180117170059-2c42eef0765b/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -2096,14 +2103,15 @@ golang.org/x/sys v0.0.0-20220422013727-9388b58f7150/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220704084225-05e143d24a9e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ= -golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.9.0 h1:KS/R3tvhPqvJvwcKfnBHJwwthS11LRhmM5D59eEXa0s= +golang.org/x/sys v0.9.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.6.0 h1:clScbb1cHjoCkyRbWwBEUZ5H/tIFu5TAXIqaZD0Gcjw= -golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= +golang.org/x/term v0.8.0 h1:n5xxQn2i3PC0yLAbjTpNT85q/Kgzcr2gIoX9OrJUols= +golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20171227012246-e19ae1496984/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -2114,8 +2122,8 @@ golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -golang.org/x/text v0.8.0 h1:57P1ETyNKtuIjB4SRd15iJxuhj8Gc416Y78H3qgMh68= -golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= +golang.org/x/text v0.9.0 h1:2sjJmO8cDvYveuX97RDLsxlyUxLl+GHoLxBiRdHllBE= +golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -2215,6 +2223,8 @@ golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.10/go.mod h1:Uh6Zz+xoGYZom868N8YTex3t7RhtHDBrE8Gzo9bV56E= +golang.org/x/tools v0.9.3 h1:Gn1I8+64MsuTb/HpH+LmQtNas23LhUVr3rYZ0eKuaMM= +golang.org/x/tools v0.9.3/go.mod h1:owI94Op576fPu3cIGQeHs3joujW/2Oc6MtlxbF5dfNc= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= diff --git a/pkg/install/install.go b/pkg/install/install.go new file mode 100644 index 000000000..8b1702278 --- /dev/null +++ b/pkg/install/install.go @@ -0,0 +1,251 @@ +/* +Copyright © 2022 - 2023 SUSE LLC + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package install + +import ( + "encoding/json" + "fmt" + "path/filepath" + + "github.com/mudler/yip/pkg/schema" + elementalv1 "github.com/rancher/elemental-operator/api/v1beta1" + "github.com/rancher/elemental-operator/pkg/elementalcli" + "github.com/rancher/elemental-operator/pkg/log" + "github.com/rancher/elemental-operator/pkg/util" + agent "github.com/rancher/system-agent/pkg/config" + "github.com/twpayne/go-vfs/v4" + "gopkg.in/yaml.v2" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/client-go/tools/clientcmd" + "k8s.io/client-go/tools/clientcmd/api" +) + +const ( + stateInstallFile = "/run/initramfs/cos-state/state.yaml" + agentStateDir = "/var/lib/elemental/agent" + agentConfDir = "/etc/rancher/elemental/agent" + afterInstallHook = "/oem/install-hook.yaml" + registrationConf = "/run/cos/oem/registration/config.yaml" +) + +type Installer interface { + IsSystemInstalled() bool + InstallElemental(config elementalv1.Config) error +} + +func NewInstaller(fs vfs.FS) Installer { + return &installer{ + fs: fs, + } +} + +var _ Installer = (*installer)(nil) + +type installer struct { + fs vfs.FS +} + +// IsSystemInstalled checks if the host is currently installed +// TODO: make the function dependent on tmp.Register returned data +func (i *installer) IsSystemInstalled() bool { + _, err := i.fs.Stat(stateInstallFile) + return err == nil +} + +func (i *installer) InstallElemental(config elementalv1.Config) error { + cloudInitURLs := config.Elemental.Install.ConfigURLs + if cloudInitURLs == nil { + cloudInitURLs = []string{} + } + + agentConfPath, err := i.writeSystemAgentConfig(config.Elemental) + if err != nil { + return fmt.Errorf("failed to write system agent configuration: %w", err) + } + cloudInitURLs = append(cloudInitURLs, agentConfPath) + + if len(config.CloudConfig) > 0 { + cloudInitPath, err := i.writeCloudInit(config.CloudConfig) + if err != nil { + return fmt.Errorf("failed to write custom cloud-init file: %w", err) + } + cloudInitURLs = append(cloudInitURLs, cloudInitPath) + } + + config.Elemental.Install.ConfigURLs = cloudInitURLs + + if err := i.installRegistrationYAML(config.Elemental.Registration); err != nil { + return fmt.Errorf("failed to prepare after-install hook: %w", err) + } + + installDataMap, err := structToMap(config.Elemental.Install) + if err != nil { + return fmt.Errorf("failed to decode elemental-cli install data: %w", err) + } + + if err := elementalcli.Run(installDataMap); err != nil { + return fmt.Errorf("failed to install elemental: %w", err) + } + + log.Info("Elemental installation completed, please reboot") + return nil +} + +func structToMap(str interface{}) (map[string]interface{}, error) { + var mapStruct map[string]interface{} + + data, err := json.Marshal(str) + if err == nil { + if err := json.Unmarshal(data, &mapStruct); err == nil { + return mapStruct, nil + } + } + + return nil, err +} + +func (i *installer) installRegistrationYAML(reg elementalv1.Registration) error { + registrationInBytes, err := yaml.Marshal(elementalv1.Config{ + Elemental: elementalv1.Elemental{ + Registration: reg, + }, + }) + if err != nil { + return err + } + f, err := i.fs.Create(afterInstallHook) + if err != nil { + return err + } + defer f.Close() + + err = yaml.NewEncoder(f).Encode(schema.YipConfig{ + Name: "Include registration config into installed system", + Stages: map[string][]schema.Stage{ + "after-install": { + schema.Stage{ + Directories: []schema.Directory{ + { + Path: filepath.Dir(registrationConf), + Permissions: 0700, + }, + }, Files: []schema.File{ + { + Path: registrationConf, + Content: string(registrationInBytes), + Permissions: 0600, + }, + }, + }, + }, + }, + }) + + return err +} + +func (i *installer) writeCloudInit(cloudConfig map[string]runtime.RawExtension) (string, error) { + f, err := i.fs.Create("/tmp/elemental-cloud-init.yaml") + if err != nil { + return "", fmt.Errorf("creating temporary cloud init file: %w", err) + } + defer f.Close() + + bytes, err := util.MarshalCloudConfig(cloudConfig) + if err != nil { + return "", fmt.Errorf("mashalling cloud config: %w", err) + } + + log.Debugf("Decoded CloudConfig:\n%s\n", string(bytes)) + _, err = f.Write(bytes) + return f.Name(), err +} + +func (i *installer) writeSystemAgentConfig(config elementalv1.Elemental) (string, error) { + kubeConfig := api.Config{ + Kind: "Config", + APIVersion: "v1", + Clusters: map[string]*api.Cluster{ + "cluster": { + Server: config.SystemAgent.URL, + CertificateAuthorityData: []byte(config.Registration.CACert), + }}, + AuthInfos: map[string]*api.AuthInfo{ + "user": { + Token: config.SystemAgent.Token, + }}, + Contexts: map[string]*api.Context{ + "context": { + Cluster: "cluster", + AuthInfo: "user", + }}, + CurrentContext: "context", + } + + kubeconfigBytes, _ := clientcmd.Write(kubeConfig) + + connectionInfo := agent.ConnectionInfo{ + KubeConfig: string(kubeconfigBytes), + Namespace: config.SystemAgent.SecretNamespace, + SecretName: config.SystemAgent.SecretName, + } + + agentConfig := agent.AgentConfig{ + WorkDir: filepath.Join(agentStateDir, "work"), + AppliedPlanDir: filepath.Join(agentStateDir, "applied"), + LocalPlanDir: filepath.Join(agentStateDir, "plans"), + RemoteEnabled: true, + LocalEnabled: true, + ConnectionInfoFile: filepath.Join(agentStateDir, "elemental_connection.json"), + PreserveWorkDir: false, + } + + connectionInfoBytes, _ := json.Marshal(connectionInfo) + agentConfigBytes, _ := json.Marshal(agentConfig) + + var stages []schema.Stage + + stages = append(stages, schema.Stage{ + Files: []schema.File{ + { + Path: filepath.Join(agentStateDir, "elemental_connection.json"), + Content: string(connectionInfoBytes), + Permissions: 0600, + }, + { + Path: filepath.Join(agentConfDir, "config.yaml"), + Content: string(agentConfigBytes), + Permissions: 0600, + }, + }, + }) + + f, err := i.fs.Create("/tmp/elemental-system-agent.yaml") + if err != nil { + return "", fmt.Errorf("creating temporary elemental-system-agent file: %w", err) + } + defer f.Close() + + err = yaml.NewEncoder(f).Encode(schema.YipConfig{ + Name: "Elemental System Agent Configuration", + Stages: map[string][]schema.Stage{ + "initramfs": stages, + }, + }) + + return f.Name(), err +} diff --git a/pkg/register/register.go b/pkg/register/register.go index 96dcacc6c..d67642af2 100644 --- a/pkg/register/register.go +++ b/pkg/register/register.go @@ -56,9 +56,9 @@ type client struct { stateHandler StateHandler } -func NewClient(configDir string) Client { +func NewClient(stateHandler StateHandler) Client { return &client{ - stateHandler: NewFileStateHandler(configDir), + stateHandler: stateHandler, } } @@ -104,9 +104,9 @@ func (r *client) Register(reg elementalv1.Registration, caCert []byte) ([]byte, if err := sendUpdateData(conn); err != nil { return nil, fmt.Errorf("failed to send update data: %w", err) } - state.lastUpdate = time.Now() + state.LastUpdate = time.Now() } else { - state.initialRegistration = time.Now() + state.InitialRegistration = time.Now() } if !reg.NoSMBIOS { @@ -156,9 +156,9 @@ func getAuthenticator(reg elementalv1.Registration, state *State) (authClient, e var auth authClient switch reg.Auth { case "tpm": - state.emulatedTPMSeed = tpm.GetTPMSeed(reg, state.emulatedTPM, state.emulatedTPMSeed) - state.emulatedTPM = reg.EmulateTPM - auth = tpm.NewAuthClient(state.emulatedTPMSeed) + state.EmulatedTPMSeed = tpm.GetTPMSeed(reg, state.EmulatedTPM, state.EmulatedTPMSeed) + state.EmulatedTPM = reg.EmulateTPM + auth = tpm.NewAuthClient(state.EmulatedTPMSeed) case "mac": auth = &plainauth.AuthClient{} case "sys-uuid": diff --git a/pkg/register/state.go b/pkg/register/state.go index 326ef640e..235fba614 100644 --- a/pkg/register/state.go +++ b/pkg/register/state.go @@ -19,21 +19,29 @@ package register import ( "fmt" "os" + "path/filepath" + "time" + "github.com/pkg/errors" "github.com/rancher/elemental-operator/pkg/log" + "github.com/twpayne/go-vfs/v4" "gopkg.in/yaml.v3" ) type State struct { - initialRegistration time.Time `yaml:"initialRegistration,omitempty"` - lastUpdate time.Time `yaml:"lastUpdate,omitempty"` - emulatedTPM bool `yaml:"emulatedTPM,omitempty"` - emulatedTPMSeed int64 `yaml:"emulatedTPMSeed,omitempty"` + InitialRegistration time.Time `yaml:"initialRegistration,omitempty"` + LastUpdate time.Time `yaml:"lastUpdate,omitempty"` + EmulatedTPM bool `yaml:"emulatedTPM,omitempty"` + EmulatedTPMSeed int64 `yaml:"emulatedTPMSeed,omitempty"` } func (s *State) IsUpdatable() bool { - return !s.initialRegistration.IsZero() + return !s.InitialRegistration.IsZero() +} + +func (s *State) HasLastUpdateElapsed(suppress time.Duration) bool { + return time.Now().After(s.LastUpdate.Add(suppress)) } type StateHandler interface { @@ -41,24 +49,25 @@ type StateHandler interface { Save(State) error } +var errDecodingState = errors.New("decoding state") + var _ StateHandler = (*filesystemStateHandler)(nil) -func NewFileStateHandler(directory string) StateHandler { - return &filesystemStateHandler{directory: directory} +func NewFileStateHandler(fs vfs.FS, stateFilePath string) StateHandler { + return &filesystemStateHandler{ + fs: fs, + stateFilePath: stateFilePath, + } } type filesystemStateHandler struct { - directory string -} - -func (h *filesystemStateHandler) getStateFullPath() string { - const stateFile = "state.yaml" - return fmt.Sprintf("%s/%s", h.directory, stateFile) + fs vfs.FS + stateFilePath string } func (h *filesystemStateHandler) Load() (State, error) { - stateFile := h.getStateFullPath() - file, err := os.Open(stateFile) + stateFile := h.stateFilePath + file, err := h.fs.Open(stateFile) if os.IsNotExist(err) { log.Debugf("Could not find state file in '%s'. Assuming initial registration needs to happen.", stateFile) return State{}, nil @@ -69,7 +78,7 @@ func (h *filesystemStateHandler) Load() (State, error) { dec := yaml.NewDecoder(file) var state State if err := dec.Decode(&state); err != nil { - return State{}, fmt.Errorf("decoding registration to file '%s': %w", stateFile, err) + return State{}, fmt.Errorf("%w from file '%s': %w", errDecodingState, stateFile, err) } if err := file.Close(); err != nil { return State{}, fmt.Errorf("closing file '%s': %w", stateFile, err) @@ -78,14 +87,15 @@ func (h *filesystemStateHandler) Load() (State, error) { } func (h *filesystemStateHandler) Save(state State) error { - if _, err := os.Stat(h.directory); os.IsNotExist(err) { - log.Debugf("Registration config dir '%s' does not exist. Creating now.", h.directory) - if err := os.MkdirAll(h.directory, 0700); err != nil { + directory := filepath.Dir(h.stateFilePath) + if _, err := h.fs.Stat(directory); os.IsNotExist(err) { + log.Debugf("Registration config dir '%s' does not exist. Creating now.", directory) + if err := vfs.MkdirAll(h.fs, directory, 0700); err != nil { return fmt.Errorf("creating registration config directory: %w", err) } } - stateFile := h.getStateFullPath() - file, err := os.Create(stateFile) + stateFile := h.stateFilePath + file, err := h.fs.Create(stateFile) if err != nil { return fmt.Errorf("creating registration state file: %w", err) } diff --git a/pkg/register/state_test.go b/pkg/register/state_test.go new file mode 100644 index 000000000..4df849bb9 --- /dev/null +++ b/pkg/register/state_test.go @@ -0,0 +1,145 @@ +/* +Copyright © 2022 - 2023 SUSE LLC + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package register + +import ( + "fmt" + "os" + "testing" + "time" + + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" + "github.com/twpayne/go-vfs/v4" + "github.com/twpayne/go-vfs/v4/vfst" + "gopkg.in/yaml.v3" +) + +func TestRegister(t *testing.T) { + RegisterFailHandler(Fail) + RunSpecs(t, "Register State Suite") +} + +var ( + testStateDir = "/test/register/state" + testStatePath = fmt.Sprintf("%s/%s", testStateDir, "state.yaml") + loc, _ = time.LoadLocation("Europe/Berlin") + stateFixture = State{ + InitialRegistration: time.Now().UTC(), + LastUpdate: time.Now().UTC(), + EmulatedTPM: true, + EmulatedTPMSeed: 123456789, + } +) + +var _ = Describe("is state updatable", Label("registration", "state"), func() { + It("returns false if the state is new", func() { + state := State{} + Expect(state.IsUpdatable()).To(BeFalse()) + }) + It("returns true if the initial registration already happened", func() { + state := State{ + InitialRegistration: time.Now(), + } + Expect(state.IsUpdatable()).To(BeTrue()) + }) +}) + +var _ = Describe("has state update elapsed", Label("registration", "state"), func() { + It("returns false if the state is new", func() { + state := State{} + Expect(state.HasLastUpdateElapsed(-1 * time.Hour)).To(BeTrue()) + }) + It("returns true last update time is more than suppress timer ago", func() { + state := State{ + LastUpdate: time.Now().Add(-10 * time.Hour), + } + Expect(state.HasLastUpdateElapsed(1 * time.Hour)).To(BeTrue()) + }) +}) + +var _ = Describe("load state from filesystem", Label("registration", "state"), func() { + var fs vfs.FS + var handler StateHandler + var err error + var fsCleanup func() + BeforeEach(func() { + fs, fsCleanup, err = vfst.NewEmptyTestFS() + Expect(err).To(BeNil()) + handler = NewFileStateHandler(fs, testStatePath) + DeferCleanup(fsCleanup) + }) + When("directory exists", func() { + BeforeEach(func() { + Expect(vfs.MkdirAll(fs, testStateDir, os.ModePerm)).To(BeNil()) + }) + It("should return state if state is deserializable", func() { + bytes, err := yaml.Marshal(stateFixture) + Expect(err).To(BeNil()) + Expect(fs.WriteFile(testStatePath, bytes, 0700)).To(BeNil()) + Expect(handler.Load()).To(Equal(stateFixture)) + }) + It("should return error if state is not deserializable", func() { + bytes := []byte("I am definitely not yaml") + Expect(fs.WriteFile(testStatePath, bytes, 0700)).To(BeNil()) + state, err := handler.Load() + Expect(state).To(Equal(State{})) + Expect(err).To(MatchError(errDecodingState)) + }) + }) + When("directory does not exist", func() { + It("should return empty state", func() { + Expect(handler.Load()).To(Equal(State{})) + }) + }) +}) + +var _ = Describe("save state to filesystem", Label("registration", "state"), func() { + var fs vfs.FS + var handler StateHandler + var err error + var fsCleanup func() + BeforeEach(func() { + fs, fsCleanup, err = vfst.NewEmptyTestFS() + Expect(err).To(BeNil()) + handler = NewFileStateHandler(fs, testStatePath) + DeferCleanup(fsCleanup) + }) + When("directory exists", func() { + BeforeEach(func() { + Expect(vfs.MkdirAll(fs, testStateDir, os.ModePerm)).To(BeNil()) + }) + It("should return no error if state file is new", func() { + Expect(handler.Save(stateFixture)) + Expect(handler.Load()).To(Equal(stateFixture)) + }) + It("should return no error if file already exists", func() { + bytes := []byte("I am going to be overwritten") + Expect(fs.WriteFile(testStatePath, bytes, 0700)).To(BeNil()) + Expect(handler.Save(stateFixture)) + Expect(handler.Load()).To(Equal(stateFixture)) + }) + }) + When("directory does not exist", func() { + It("should return no error and create directory", func() { + Expect(handler.Save(stateFixture)).To(BeNil()) + _, err := fs.Stat(testStateDir) + Expect(err).To(BeNil()) + Expect(handler.Load()).To(Equal(stateFixture)) + }) + }) +}) diff --git a/vendor/github.com/go-logr/logr/.golangci.yaml b/vendor/github.com/go-logr/logr/.golangci.yaml index 94ff801df..0cffafa7b 100644 --- a/vendor/github.com/go-logr/logr/.golangci.yaml +++ b/vendor/github.com/go-logr/logr/.golangci.yaml @@ -6,7 +6,6 @@ linters: disable-all: true enable: - asciicheck - - deadcode - errcheck - forcetypeassert - gocritic @@ -18,10 +17,8 @@ linters: - misspell - revive - staticcheck - - structcheck - typecheck - unused - - varcheck issues: exclude-use-default: false diff --git a/vendor/github.com/go-logr/logr/discard.go b/vendor/github.com/go-logr/logr/discard.go index 9d92a38f1..99fe8be93 100644 --- a/vendor/github.com/go-logr/logr/discard.go +++ b/vendor/github.com/go-logr/logr/discard.go @@ -20,35 +20,5 @@ package logr // used whenever the caller is not interested in the logs. Logger instances // produced by this function always compare as equal. func Discard() Logger { - return Logger{ - level: 0, - sink: discardLogSink{}, - } -} - -// discardLogSink is a LogSink that discards all messages. -type discardLogSink struct{} - -// Verify that it actually implements the interface -var _ LogSink = discardLogSink{} - -func (l discardLogSink) Init(RuntimeInfo) { -} - -func (l discardLogSink) Enabled(int) bool { - return false -} - -func (l discardLogSink) Info(int, string, ...interface{}) { -} - -func (l discardLogSink) Error(error, string, ...interface{}) { -} - -func (l discardLogSink) WithValues(...interface{}) LogSink { - return l -} - -func (l discardLogSink) WithName(string) LogSink { - return l + return New(nil) } diff --git a/vendor/github.com/go-logr/logr/funcr/funcr.go b/vendor/github.com/go-logr/logr/funcr/funcr.go new file mode 100644 index 000000000..e52f0cd01 --- /dev/null +++ b/vendor/github.com/go-logr/logr/funcr/funcr.go @@ -0,0 +1,804 @@ +/* +Copyright 2021 The logr Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Package funcr implements formatting of structured log messages and +// optionally captures the call site and timestamp. +// +// The simplest way to use it is via its implementation of a +// github.com/go-logr/logr.LogSink with output through an arbitrary +// "write" function. See New and NewJSON for details. +// +// # Custom LogSinks +// +// For users who need more control, a funcr.Formatter can be embedded inside +// your own custom LogSink implementation. This is useful when the LogSink +// needs to implement additional methods, for example. +// +// # Formatting +// +// This will respect logr.Marshaler, fmt.Stringer, and error interfaces for +// values which are being logged. When rendering a struct, funcr will use Go's +// standard JSON tags (all except "string"). +package funcr + +import ( + "bytes" + "encoding" + "encoding/json" + "fmt" + "path/filepath" + "reflect" + "runtime" + "strconv" + "strings" + "time" + + "github.com/go-logr/logr" +) + +// New returns a logr.Logger which is implemented by an arbitrary function. +func New(fn func(prefix, args string), opts Options) logr.Logger { + return logr.New(newSink(fn, NewFormatter(opts))) +} + +// NewJSON returns a logr.Logger which is implemented by an arbitrary function +// and produces JSON output. +func NewJSON(fn func(obj string), opts Options) logr.Logger { + fnWrapper := func(_, obj string) { + fn(obj) + } + return logr.New(newSink(fnWrapper, NewFormatterJSON(opts))) +} + +// Underlier exposes access to the underlying logging function. Since +// callers only have a logr.Logger, they have to know which +// implementation is in use, so this interface is less of an +// abstraction and more of a way to test type conversion. +type Underlier interface { + GetUnderlying() func(prefix, args string) +} + +func newSink(fn func(prefix, args string), formatter Formatter) logr.LogSink { + l := &fnlogger{ + Formatter: formatter, + write: fn, + } + // For skipping fnlogger.Info and fnlogger.Error. + l.Formatter.AddCallDepth(1) + return l +} + +// Options carries parameters which influence the way logs are generated. +type Options struct { + // LogCaller tells funcr to add a "caller" key to some or all log lines. + // This has some overhead, so some users might not want it. + LogCaller MessageClass + + // LogCallerFunc tells funcr to also log the calling function name. This + // has no effect if caller logging is not enabled (see Options.LogCaller). + LogCallerFunc bool + + // LogTimestamp tells funcr to add a "ts" key to log lines. This has some + // overhead, so some users might not want it. + LogTimestamp bool + + // TimestampFormat tells funcr how to render timestamps when LogTimestamp + // is enabled. If not specified, a default format will be used. For more + // details, see docs for Go's time.Layout. + TimestampFormat string + + // Verbosity tells funcr which V logs to produce. Higher values enable + // more logs. Info logs at or below this level will be written, while logs + // above this level will be discarded. + Verbosity int + + // RenderBuiltinsHook allows users to mutate the list of key-value pairs + // while a log line is being rendered. The kvList argument follows logr + // conventions - each pair of slice elements is comprised of a string key + // and an arbitrary value (verified and sanitized before calling this + // hook). The value returned must follow the same conventions. This hook + // can be used to audit or modify logged data. For example, you might want + // to prefix all of funcr's built-in keys with some string. This hook is + // only called for built-in (provided by funcr itself) key-value pairs. + // Equivalent hooks are offered for key-value pairs saved via + // logr.Logger.WithValues or Formatter.AddValues (see RenderValuesHook) and + // for user-provided pairs (see RenderArgsHook). + RenderBuiltinsHook func(kvList []interface{}) []interface{} + + // RenderValuesHook is the same as RenderBuiltinsHook, except that it is + // only called for key-value pairs saved via logr.Logger.WithValues. See + // RenderBuiltinsHook for more details. + RenderValuesHook func(kvList []interface{}) []interface{} + + // RenderArgsHook is the same as RenderBuiltinsHook, except that it is only + // called for key-value pairs passed directly to Info and Error. See + // RenderBuiltinsHook for more details. + RenderArgsHook func(kvList []interface{}) []interface{} + + // MaxLogDepth tells funcr how many levels of nested fields (e.g. a struct + // that contains a struct, etc.) it may log. Every time it finds a struct, + // slice, array, or map the depth is increased by one. When the maximum is + // reached, the value will be converted to a string indicating that the max + // depth has been exceeded. If this field is not specified, a default + // value will be used. + MaxLogDepth int +} + +// MessageClass indicates which category or categories of messages to consider. +type MessageClass int + +const ( + // None ignores all message classes. + None MessageClass = iota + // All considers all message classes. + All + // Info only considers info messages. + Info + // Error only considers error messages. + Error +) + +// fnlogger inherits some of its LogSink implementation from Formatter +// and just needs to add some glue code. +type fnlogger struct { + Formatter + write func(prefix, args string) +} + +func (l fnlogger) WithName(name string) logr.LogSink { + l.Formatter.AddName(name) + return &l +} + +func (l fnlogger) WithValues(kvList ...interface{}) logr.LogSink { + l.Formatter.AddValues(kvList) + return &l +} + +func (l fnlogger) WithCallDepth(depth int) logr.LogSink { + l.Formatter.AddCallDepth(depth) + return &l +} + +func (l fnlogger) Info(level int, msg string, kvList ...interface{}) { + prefix, args := l.FormatInfo(level, msg, kvList) + l.write(prefix, args) +} + +func (l fnlogger) Error(err error, msg string, kvList ...interface{}) { + prefix, args := l.FormatError(err, msg, kvList) + l.write(prefix, args) +} + +func (l fnlogger) GetUnderlying() func(prefix, args string) { + return l.write +} + +// Assert conformance to the interfaces. +var _ logr.LogSink = &fnlogger{} +var _ logr.CallDepthLogSink = &fnlogger{} +var _ Underlier = &fnlogger{} + +// NewFormatter constructs a Formatter which emits a JSON-like key=value format. +func NewFormatter(opts Options) Formatter { + return newFormatter(opts, outputKeyValue) +} + +// NewFormatterJSON constructs a Formatter which emits strict JSON. +func NewFormatterJSON(opts Options) Formatter { + return newFormatter(opts, outputJSON) +} + +// Defaults for Options. +const defaultTimestampFormat = "2006-01-02 15:04:05.000000" +const defaultMaxLogDepth = 16 + +func newFormatter(opts Options, outfmt outputFormat) Formatter { + if opts.TimestampFormat == "" { + opts.TimestampFormat = defaultTimestampFormat + } + if opts.MaxLogDepth == 0 { + opts.MaxLogDepth = defaultMaxLogDepth + } + f := Formatter{ + outputFormat: outfmt, + prefix: "", + values: nil, + depth: 0, + opts: &opts, + } + return f +} + +// Formatter is an opaque struct which can be embedded in a LogSink +// implementation. It should be constructed with NewFormatter. Some of +// its methods directly implement logr.LogSink. +type Formatter struct { + outputFormat outputFormat + prefix string + values []interface{} + valuesStr string + depth int + opts *Options +} + +// outputFormat indicates which outputFormat to use. +type outputFormat int + +const ( + // outputKeyValue emits a JSON-like key=value format, but not strict JSON. + outputKeyValue outputFormat = iota + // outputJSON emits strict JSON. + outputJSON +) + +// PseudoStruct is a list of key-value pairs that gets logged as a struct. +type PseudoStruct []interface{} + +// render produces a log line, ready to use. +func (f Formatter) render(builtins, args []interface{}) string { + // Empirically bytes.Buffer is faster than strings.Builder for this. + buf := bytes.NewBuffer(make([]byte, 0, 1024)) + if f.outputFormat == outputJSON { + buf.WriteByte('{') + } + vals := builtins + if hook := f.opts.RenderBuiltinsHook; hook != nil { + vals = hook(f.sanitize(vals)) + } + f.flatten(buf, vals, false, false) // keys are ours, no need to escape + continuing := len(builtins) > 0 + if len(f.valuesStr) > 0 { + if continuing { + if f.outputFormat == outputJSON { + buf.WriteByte(',') + } else { + buf.WriteByte(' ') + } + } + continuing = true + buf.WriteString(f.valuesStr) + } + vals = args + if hook := f.opts.RenderArgsHook; hook != nil { + vals = hook(f.sanitize(vals)) + } + f.flatten(buf, vals, continuing, true) // escape user-provided keys + if f.outputFormat == outputJSON { + buf.WriteByte('}') + } + return buf.String() +} + +// flatten renders a list of key-value pairs into a buffer. If continuing is +// true, it assumes that the buffer has previous values and will emit a +// separator (which depends on the output format) before the first pair it +// writes. If escapeKeys is true, the keys are assumed to have +// non-JSON-compatible characters in them and must be evaluated for escapes. +// +// This function returns a potentially modified version of kvList, which +// ensures that there is a value for every key (adding a value if needed) and +// that each key is a string (substituting a key if needed). +func (f Formatter) flatten(buf *bytes.Buffer, kvList []interface{}, continuing bool, escapeKeys bool) []interface{} { + // This logic overlaps with sanitize() but saves one type-cast per key, + // which can be measurable. + if len(kvList)%2 != 0 { + kvList = append(kvList, noValue) + } + for i := 0; i < len(kvList); i += 2 { + k, ok := kvList[i].(string) + if !ok { + k = f.nonStringKey(kvList[i]) + kvList[i] = k + } + v := kvList[i+1] + + if i > 0 || continuing { + if f.outputFormat == outputJSON { + buf.WriteByte(',') + } else { + // In theory the format could be something we don't understand. In + // practice, we control it, so it won't be. + buf.WriteByte(' ') + } + } + + if escapeKeys { + buf.WriteString(prettyString(k)) + } else { + // this is faster + buf.WriteByte('"') + buf.WriteString(k) + buf.WriteByte('"') + } + if f.outputFormat == outputJSON { + buf.WriteByte(':') + } else { + buf.WriteByte('=') + } + buf.WriteString(f.pretty(v)) + } + return kvList +} + +func (f Formatter) pretty(value interface{}) string { + return f.prettyWithFlags(value, 0, 0) +} + +const ( + flagRawStruct = 0x1 // do not print braces on structs +) + +// TODO: This is not fast. Most of the overhead goes here. +func (f Formatter) prettyWithFlags(value interface{}, flags uint32, depth int) string { + if depth > f.opts.MaxLogDepth { + return `""` + } + + // Handle types that take full control of logging. + if v, ok := value.(logr.Marshaler); ok { + // Replace the value with what the type wants to get logged. + // That then gets handled below via reflection. + value = invokeMarshaler(v) + } + + // Handle types that want to format themselves. + switch v := value.(type) { + case fmt.Stringer: + value = invokeStringer(v) + case error: + value = invokeError(v) + } + + // Handling the most common types without reflect is a small perf win. + switch v := value.(type) { + case bool: + return strconv.FormatBool(v) + case string: + return prettyString(v) + case int: + return strconv.FormatInt(int64(v), 10) + case int8: + return strconv.FormatInt(int64(v), 10) + case int16: + return strconv.FormatInt(int64(v), 10) + case int32: + return strconv.FormatInt(int64(v), 10) + case int64: + return strconv.FormatInt(int64(v), 10) + case uint: + return strconv.FormatUint(uint64(v), 10) + case uint8: + return strconv.FormatUint(uint64(v), 10) + case uint16: + return strconv.FormatUint(uint64(v), 10) + case uint32: + return strconv.FormatUint(uint64(v), 10) + case uint64: + return strconv.FormatUint(v, 10) + case uintptr: + return strconv.FormatUint(uint64(v), 10) + case float32: + return strconv.FormatFloat(float64(v), 'f', -1, 32) + case float64: + return strconv.FormatFloat(v, 'f', -1, 64) + case complex64: + return `"` + strconv.FormatComplex(complex128(v), 'f', -1, 64) + `"` + case complex128: + return `"` + strconv.FormatComplex(v, 'f', -1, 128) + `"` + case PseudoStruct: + buf := bytes.NewBuffer(make([]byte, 0, 1024)) + v = f.sanitize(v) + if flags&flagRawStruct == 0 { + buf.WriteByte('{') + } + for i := 0; i < len(v); i += 2 { + if i > 0 { + buf.WriteByte(',') + } + k, _ := v[i].(string) // sanitize() above means no need to check success + // arbitrary keys might need escaping + buf.WriteString(prettyString(k)) + buf.WriteByte(':') + buf.WriteString(f.prettyWithFlags(v[i+1], 0, depth+1)) + } + if flags&flagRawStruct == 0 { + buf.WriteByte('}') + } + return buf.String() + } + + buf := bytes.NewBuffer(make([]byte, 0, 256)) + t := reflect.TypeOf(value) + if t == nil { + return "null" + } + v := reflect.ValueOf(value) + switch t.Kind() { + case reflect.Bool: + return strconv.FormatBool(v.Bool()) + case reflect.String: + return prettyString(v.String()) + case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64: + return strconv.FormatInt(int64(v.Int()), 10) + case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr: + return strconv.FormatUint(uint64(v.Uint()), 10) + case reflect.Float32: + return strconv.FormatFloat(float64(v.Float()), 'f', -1, 32) + case reflect.Float64: + return strconv.FormatFloat(v.Float(), 'f', -1, 64) + case reflect.Complex64: + return `"` + strconv.FormatComplex(complex128(v.Complex()), 'f', -1, 64) + `"` + case reflect.Complex128: + return `"` + strconv.FormatComplex(v.Complex(), 'f', -1, 128) + `"` + case reflect.Struct: + if flags&flagRawStruct == 0 { + buf.WriteByte('{') + } + printComma := false // testing i>0 is not enough because of JSON omitted fields + for i := 0; i < t.NumField(); i++ { + fld := t.Field(i) + if fld.PkgPath != "" { + // reflect says this field is only defined for non-exported fields. + continue + } + if !v.Field(i).CanInterface() { + // reflect isn't clear exactly what this means, but we can't use it. + continue + } + name := "" + omitempty := false + if tag, found := fld.Tag.Lookup("json"); found { + if tag == "-" { + continue + } + if comma := strings.Index(tag, ","); comma != -1 { + if n := tag[:comma]; n != "" { + name = n + } + rest := tag[comma:] + if strings.Contains(rest, ",omitempty,") || strings.HasSuffix(rest, ",omitempty") { + omitempty = true + } + } else { + name = tag + } + } + if omitempty && isEmpty(v.Field(i)) { + continue + } + if printComma { + buf.WriteByte(',') + } + printComma = true // if we got here, we are rendering a field + if fld.Anonymous && fld.Type.Kind() == reflect.Struct && name == "" { + buf.WriteString(f.prettyWithFlags(v.Field(i).Interface(), flags|flagRawStruct, depth+1)) + continue + } + if name == "" { + name = fld.Name + } + // field names can't contain characters which need escaping + buf.WriteByte('"') + buf.WriteString(name) + buf.WriteByte('"') + buf.WriteByte(':') + buf.WriteString(f.prettyWithFlags(v.Field(i).Interface(), 0, depth+1)) + } + if flags&flagRawStruct == 0 { + buf.WriteByte('}') + } + return buf.String() + case reflect.Slice, reflect.Array: + // If this is outputing as JSON make sure this isn't really a json.RawMessage. + // If so just emit "as-is" and don't pretty it as that will just print + // it as [X,Y,Z,...] which isn't terribly useful vs the string form you really want. + if f.outputFormat == outputJSON { + if rm, ok := value.(json.RawMessage); ok { + // If it's empty make sure we emit an empty value as the array style would below. + if len(rm) > 0 { + buf.Write(rm) + } else { + buf.WriteString("null") + } + return buf.String() + } + } + buf.WriteByte('[') + for i := 0; i < v.Len(); i++ { + if i > 0 { + buf.WriteByte(',') + } + e := v.Index(i) + buf.WriteString(f.prettyWithFlags(e.Interface(), 0, depth+1)) + } + buf.WriteByte(']') + return buf.String() + case reflect.Map: + buf.WriteByte('{') + // This does not sort the map keys, for best perf. + it := v.MapRange() + i := 0 + for it.Next() { + if i > 0 { + buf.WriteByte(',') + } + // If a map key supports TextMarshaler, use it. + keystr := "" + if m, ok := it.Key().Interface().(encoding.TextMarshaler); ok { + txt, err := m.MarshalText() + if err != nil { + keystr = fmt.Sprintf("", err.Error()) + } else { + keystr = string(txt) + } + keystr = prettyString(keystr) + } else { + // prettyWithFlags will produce already-escaped values + keystr = f.prettyWithFlags(it.Key().Interface(), 0, depth+1) + if t.Key().Kind() != reflect.String { + // JSON only does string keys. Unlike Go's standard JSON, we'll + // convert just about anything to a string. + keystr = prettyString(keystr) + } + } + buf.WriteString(keystr) + buf.WriteByte(':') + buf.WriteString(f.prettyWithFlags(it.Value().Interface(), 0, depth+1)) + i++ + } + buf.WriteByte('}') + return buf.String() + case reflect.Ptr, reflect.Interface: + if v.IsNil() { + return "null" + } + return f.prettyWithFlags(v.Elem().Interface(), 0, depth) + } + return fmt.Sprintf(`""`, t.Kind().String()) +} + +func prettyString(s string) string { + // Avoid escaping (which does allocations) if we can. + if needsEscape(s) { + return strconv.Quote(s) + } + b := bytes.NewBuffer(make([]byte, 0, 1024)) + b.WriteByte('"') + b.WriteString(s) + b.WriteByte('"') + return b.String() +} + +// needsEscape determines whether the input string needs to be escaped or not, +// without doing any allocations. +func needsEscape(s string) bool { + for _, r := range s { + if !strconv.IsPrint(r) || r == '\\' || r == '"' { + return true + } + } + return false +} + +func isEmpty(v reflect.Value) bool { + switch v.Kind() { + case reflect.Array, reflect.Map, reflect.Slice, reflect.String: + return v.Len() == 0 + case reflect.Bool: + return !v.Bool() + case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64: + return v.Int() == 0 + case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr: + return v.Uint() == 0 + case reflect.Float32, reflect.Float64: + return v.Float() == 0 + case reflect.Complex64, reflect.Complex128: + return v.Complex() == 0 + case reflect.Interface, reflect.Ptr: + return v.IsNil() + } + return false +} + +func invokeMarshaler(m logr.Marshaler) (ret interface{}) { + defer func() { + if r := recover(); r != nil { + ret = fmt.Sprintf("", r) + } + }() + return m.MarshalLog() +} + +func invokeStringer(s fmt.Stringer) (ret string) { + defer func() { + if r := recover(); r != nil { + ret = fmt.Sprintf("", r) + } + }() + return s.String() +} + +func invokeError(e error) (ret string) { + defer func() { + if r := recover(); r != nil { + ret = fmt.Sprintf("", r) + } + }() + return e.Error() +} + +// Caller represents the original call site for a log line, after considering +// logr.Logger.WithCallDepth and logr.Logger.WithCallStackHelper. The File and +// Line fields will always be provided, while the Func field is optional. +// Users can set the render hook fields in Options to examine logged key-value +// pairs, one of which will be {"caller", Caller} if the Options.LogCaller +// field is enabled for the given MessageClass. +type Caller struct { + // File is the basename of the file for this call site. + File string `json:"file"` + // Line is the line number in the file for this call site. + Line int `json:"line"` + // Func is the function name for this call site, or empty if + // Options.LogCallerFunc is not enabled. + Func string `json:"function,omitempty"` +} + +func (f Formatter) caller() Caller { + // +1 for this frame, +1 for Info/Error. + pc, file, line, ok := runtime.Caller(f.depth + 2) + if !ok { + return Caller{"", 0, ""} + } + fn := "" + if f.opts.LogCallerFunc { + if fp := runtime.FuncForPC(pc); fp != nil { + fn = fp.Name() + } + } + + return Caller{filepath.Base(file), line, fn} +} + +const noValue = "" + +func (f Formatter) nonStringKey(v interface{}) string { + return fmt.Sprintf("", f.snippet(v)) +} + +// snippet produces a short snippet string of an arbitrary value. +func (f Formatter) snippet(v interface{}) string { + const snipLen = 16 + + snip := f.pretty(v) + if len(snip) > snipLen { + snip = snip[:snipLen] + } + return snip +} + +// sanitize ensures that a list of key-value pairs has a value for every key +// (adding a value if needed) and that each key is a string (substituting a key +// if needed). +func (f Formatter) sanitize(kvList []interface{}) []interface{} { + if len(kvList)%2 != 0 { + kvList = append(kvList, noValue) + } + for i := 0; i < len(kvList); i += 2 { + _, ok := kvList[i].(string) + if !ok { + kvList[i] = f.nonStringKey(kvList[i]) + } + } + return kvList +} + +// Init configures this Formatter from runtime info, such as the call depth +// imposed by logr itself. +// Note that this receiver is a pointer, so depth can be saved. +func (f *Formatter) Init(info logr.RuntimeInfo) { + f.depth += info.CallDepth +} + +// Enabled checks whether an info message at the given level should be logged. +func (f Formatter) Enabled(level int) bool { + return level <= f.opts.Verbosity +} + +// GetDepth returns the current depth of this Formatter. This is useful for +// implementations which do their own caller attribution. +func (f Formatter) GetDepth() int { + return f.depth +} + +// FormatInfo renders an Info log message into strings. The prefix will be +// empty when no names were set (via AddNames), or when the output is +// configured for JSON. +func (f Formatter) FormatInfo(level int, msg string, kvList []interface{}) (prefix, argsStr string) { + args := make([]interface{}, 0, 64) // using a constant here impacts perf + prefix = f.prefix + if f.outputFormat == outputJSON { + args = append(args, "logger", prefix) + prefix = "" + } + if f.opts.LogTimestamp { + args = append(args, "ts", time.Now().Format(f.opts.TimestampFormat)) + } + if policy := f.opts.LogCaller; policy == All || policy == Info { + args = append(args, "caller", f.caller()) + } + args = append(args, "level", level, "msg", msg) + return prefix, f.render(args, kvList) +} + +// FormatError renders an Error log message into strings. The prefix will be +// empty when no names were set (via AddNames), or when the output is +// configured for JSON. +func (f Formatter) FormatError(err error, msg string, kvList []interface{}) (prefix, argsStr string) { + args := make([]interface{}, 0, 64) // using a constant here impacts perf + prefix = f.prefix + if f.outputFormat == outputJSON { + args = append(args, "logger", prefix) + prefix = "" + } + if f.opts.LogTimestamp { + args = append(args, "ts", time.Now().Format(f.opts.TimestampFormat)) + } + if policy := f.opts.LogCaller; policy == All || policy == Error { + args = append(args, "caller", f.caller()) + } + args = append(args, "msg", msg) + var loggableErr interface{} + if err != nil { + loggableErr = err.Error() + } + args = append(args, "error", loggableErr) + return f.prefix, f.render(args, kvList) +} + +// AddName appends the specified name. funcr uses '/' characters to separate +// name elements. Callers should not pass '/' in the provided name string, but +// this library does not actually enforce that. +func (f *Formatter) AddName(name string) { + if len(f.prefix) > 0 { + f.prefix += "/" + } + f.prefix += name +} + +// AddValues adds key-value pairs to the set of saved values to be logged with +// each log line. +func (f *Formatter) AddValues(kvList []interface{}) { + // Three slice args forces a copy. + n := len(f.values) + f.values = append(f.values[:n:n], kvList...) + + vals := f.values + if hook := f.opts.RenderValuesHook; hook != nil { + vals = hook(f.sanitize(vals)) + } + + // Pre-render values, so we don't have to do it on each Info/Error call. + buf := bytes.NewBuffer(make([]byte, 0, 1024)) + f.flatten(buf, vals, false, true) // escape user-provided keys + f.valuesStr = buf.String() +} + +// AddCallDepth increases the number of stack-frames to skip when attributing +// the log line to a file and line. +func (f *Formatter) AddCallDepth(depth int) { + f.depth += depth +} diff --git a/vendor/github.com/go-logr/logr/logr.go b/vendor/github.com/go-logr/logr/logr.go index c3b56b3d2..e027aea3f 100644 --- a/vendor/github.com/go-logr/logr/logr.go +++ b/vendor/github.com/go-logr/logr/logr.go @@ -21,7 +21,7 @@ limitations under the License. // to back that API. Packages in the Go ecosystem can depend on this package, // while callers can implement logging with whatever backend is appropriate. // -// Usage +// # Usage // // Logging is done using a Logger instance. Logger is a concrete type with // methods, which defers the actual logging to a LogSink interface. The main @@ -30,16 +30,20 @@ limitations under the License. // "structured logging". // // With Go's standard log package, we might write: -// log.Printf("setting target value %s", targetValue) +// +// log.Printf("setting target value %s", targetValue) // // With logr's structured logging, we'd write: -// logger.Info("setting target", "value", targetValue) +// +// logger.Info("setting target", "value", targetValue) // // Errors are much the same. Instead of: -// log.Printf("failed to open the pod bay door for user %s: %v", user, err) +// +// log.Printf("failed to open the pod bay door for user %s: %v", user, err) // // We'd write: -// logger.Error(err, "failed to open the pod bay door", "user", user) +// +// logger.Error(err, "failed to open the pod bay door", "user", user) // // Info() and Error() are very similar, but they are separate methods so that // LogSink implementations can choose to do things like attach additional @@ -47,7 +51,7 @@ limitations under the License. // always logged, regardless of the current verbosity. If there is no error // instance available, passing nil is valid. // -// Verbosity +// # Verbosity // // Often we want to log information only when the application in "verbose // mode". To write log lines that are more verbose, Logger has a V() method. @@ -58,20 +62,22 @@ limitations under the License. // Error messages do not have a verbosity level and are always logged. // // Where we might have written: -// if flVerbose >= 2 { -// log.Printf("an unusual thing happened") -// } +// +// if flVerbose >= 2 { +// log.Printf("an unusual thing happened") +// } // // We can write: -// logger.V(2).Info("an unusual thing happened") // -// Logger Names +// logger.V(2).Info("an unusual thing happened") +// +// # Logger Names // // Logger instances can have name strings so that all messages logged through // that instance have additional context. For example, you might want to add // a subsystem name: // -// logger.WithName("compactor").Info("started", "time", time.Now()) +// logger.WithName("compactor").Info("started", "time", time.Now()) // // The WithName() method returns a new Logger, which can be passed to // constructors or other functions for further use. Repeated use of WithName() @@ -82,25 +88,27 @@ limitations under the License. // joining operation (e.g. whitespace, commas, periods, slashes, brackets, // quotes, etc). // -// Saved Values +// # Saved Values // // Logger instances can store any number of key/value pairs, which will be // logged alongside all messages logged through that instance. For example, // you might want to create a Logger instance per managed object: // // With the standard log package, we might write: -// log.Printf("decided to set field foo to value %q for object %s/%s", -// targetValue, object.Namespace, object.Name) +// +// log.Printf("decided to set field foo to value %q for object %s/%s", +// targetValue, object.Namespace, object.Name) // // With logr we'd write: -// // Elsewhere: set up the logger to log the object name. -// obj.logger = mainLogger.WithValues( -// "name", obj.name, "namespace", obj.namespace) // -// // later on... -// obj.logger.Info("setting foo", "value", targetValue) +// // Elsewhere: set up the logger to log the object name. +// obj.logger = mainLogger.WithValues( +// "name", obj.name, "namespace", obj.namespace) +// +// // later on... +// obj.logger.Info("setting foo", "value", targetValue) // -// Best Practices +// # Best Practices // // Logger has very few hard rules, with the goal that LogSink implementations // might have a lot of freedom to differentiate. There are, however, some @@ -124,15 +132,15 @@ limitations under the License. // around. For cases where passing a logger is optional, a pointer to Logger // should be used. // -// Key Naming Conventions +// # Key Naming Conventions // // Keys are not strictly required to conform to any specification or regex, but // it is recommended that they: -// * be human-readable and meaningful (not auto-generated or simple ordinals) -// * be constant (not dependent on input data) -// * contain only printable characters -// * not contain whitespace or punctuation -// * use lower case for simple keys and lowerCamelCase for more complex ones +// - be human-readable and meaningful (not auto-generated or simple ordinals) +// - be constant (not dependent on input data) +// - contain only printable characters +// - not contain whitespace or punctuation +// - use lower case for simple keys and lowerCamelCase for more complex ones // // These guidelines help ensure that log data is processed properly regardless // of the log implementation. For example, log implementations will try to @@ -141,51 +149,54 @@ limitations under the License. // While users are generally free to use key names of their choice, it's // generally best to avoid using the following keys, as they're frequently used // by implementations: -// * "caller": the calling information (file/line) of a particular log line -// * "error": the underlying error value in the `Error` method -// * "level": the log level -// * "logger": the name of the associated logger -// * "msg": the log message -// * "stacktrace": the stack trace associated with a particular log line or -// error (often from the `Error` message) -// * "ts": the timestamp for a log line +// - "caller": the calling information (file/line) of a particular log line +// - "error": the underlying error value in the `Error` method +// - "level": the log level +// - "logger": the name of the associated logger +// - "msg": the log message +// - "stacktrace": the stack trace associated with a particular log line or +// error (often from the `Error` message) +// - "ts": the timestamp for a log line // // Implementations are encouraged to make use of these keys to represent the // above concepts, when necessary (for example, in a pure-JSON output form, it // would be necessary to represent at least message and timestamp as ordinary // named values). // -// Break Glass +// # Break Glass // // Implementations may choose to give callers access to the underlying // logging implementation. The recommended pattern for this is: -// // Underlier exposes access to the underlying logging implementation. -// // Since callers only have a logr.Logger, they have to know which -// // implementation is in use, so this interface is less of an abstraction -// // and more of way to test type conversion. -// type Underlier interface { -// GetUnderlying() -// } +// +// // Underlier exposes access to the underlying logging implementation. +// // Since callers only have a logr.Logger, they have to know which +// // implementation is in use, so this interface is less of an abstraction +// // and more of way to test type conversion. +// type Underlier interface { +// GetUnderlying() +// } // // Logger grants access to the sink to enable type assertions like this: -// func DoSomethingWithImpl(log logr.Logger) { -// if underlier, ok := log.GetSink()(impl.Underlier) { -// implLogger := underlier.GetUnderlying() -// ... -// } -// } +// +// func DoSomethingWithImpl(log logr.Logger) { +// if underlier, ok := log.GetSink().(impl.Underlier); ok { +// implLogger := underlier.GetUnderlying() +// ... +// } +// } // // Custom `With*` functions can be implemented by copying the complete // Logger struct and replacing the sink in the copy: -// // WithFooBar changes the foobar parameter in the log sink and returns a -// // new logger with that modified sink. It does nothing for loggers where -// // the sink doesn't support that parameter. -// func WithFoobar(log logr.Logger, foobar int) logr.Logger { -// if foobarLogSink, ok := log.GetSink()(FoobarSink); ok { -// log = log.WithSink(foobarLogSink.WithFooBar(foobar)) -// } -// return log -// } +// +// // WithFooBar changes the foobar parameter in the log sink and returns a +// // new logger with that modified sink. It does nothing for loggers where +// // the sink doesn't support that parameter. +// func WithFoobar(log logr.Logger, foobar int) logr.Logger { +// if foobarLogSink, ok := log.GetSink().(FoobarSink); ok { +// log = log.WithSink(foobarLogSink.WithFooBar(foobar)) +// } +// return log +// } // // Don't use New to construct a new Logger with a LogSink retrieved from an // existing Logger. Source code attribution might not work correctly and @@ -201,11 +212,14 @@ import ( ) // New returns a new Logger instance. This is primarily used by libraries -// implementing LogSink, rather than end users. +// implementing LogSink, rather than end users. Passing a nil sink will create +// a Logger which discards all log lines. func New(sink LogSink) Logger { logger := Logger{} logger.setSink(sink) - sink.Init(runtimeInfo) + if sink != nil { + sink.Init(runtimeInfo) + } return logger } @@ -244,7 +258,7 @@ type Logger struct { // Enabled tests whether this Logger is enabled. For example, commandline // flags might be used to set the logging verbosity and disable some info logs. func (l Logger) Enabled() bool { - return l.sink.Enabled(l.level) + return l.sink != nil && l.sink.Enabled(l.level) } // Info logs a non-error message with the given key/value pairs as context. @@ -254,6 +268,9 @@ func (l Logger) Enabled() bool { // information. The key/value pairs must alternate string keys and arbitrary // values. func (l Logger) Info(msg string, keysAndValues ...interface{}) { + if l.sink == nil { + return + } if l.Enabled() { if withHelper, ok := l.sink.(CallStackHelperLogSink); ok { withHelper.GetCallStackHelper()() @@ -273,6 +290,9 @@ func (l Logger) Info(msg string, keysAndValues ...interface{}) { // triggered this log line, if present. The err parameter is optional // and nil may be passed instead of an error instance. func (l Logger) Error(err error, msg string, keysAndValues ...interface{}) { + if l.sink == nil { + return + } if withHelper, ok := l.sink.(CallStackHelperLogSink); ok { withHelper.GetCallStackHelper()() } @@ -284,6 +304,9 @@ func (l Logger) Error(err error, msg string, keysAndValues ...interface{}) { // level means a log message is less important. Negative V-levels are treated // as 0. func (l Logger) V(level int) Logger { + if l.sink == nil { + return l + } if level < 0 { level = 0 } @@ -294,6 +317,9 @@ func (l Logger) V(level int) Logger { // WithValues returns a new Logger instance with additional key/value pairs. // See Info for documentation on how key/value pairs work. func (l Logger) WithValues(keysAndValues ...interface{}) Logger { + if l.sink == nil { + return l + } l.setSink(l.sink.WithValues(keysAndValues...)) return l } @@ -304,6 +330,9 @@ func (l Logger) WithValues(keysAndValues ...interface{}) Logger { // contain only letters, digits, and hyphens (see the package documentation for // more information). func (l Logger) WithName(name string) Logger { + if l.sink == nil { + return l + } l.setSink(l.sink.WithName(name)) return l } @@ -324,6 +353,9 @@ func (l Logger) WithName(name string) Logger { // WithCallDepth(1) because it works with implementions that support the // CallDepthLogSink and/or CallStackHelperLogSink interfaces. func (l Logger) WithCallDepth(depth int) Logger { + if l.sink == nil { + return l + } if withCallDepth, ok := l.sink.(CallDepthLogSink); ok { l.setSink(withCallDepth.WithCallDepth(depth)) } @@ -345,6 +377,9 @@ func (l Logger) WithCallDepth(depth int) Logger { // implementation does not support either of these, the original Logger will be // returned. func (l Logger) WithCallStackHelper() (func(), Logger) { + if l.sink == nil { + return func() {}, l + } var helper func() if withCallDepth, ok := l.sink.(CallDepthLogSink); ok { l.setSink(withCallDepth.WithCallDepth(1)) @@ -357,6 +392,11 @@ func (l Logger) WithCallStackHelper() (func(), Logger) { return helper, l } +// IsZero returns true if this logger is an uninitialized zero value +func (l Logger) IsZero() bool { + return l.sink == nil +} + // contextKey is how we find Loggers in a context.Context. type contextKey struct{} @@ -442,7 +482,7 @@ type LogSink interface { WithName(name string) LogSink } -// CallDepthLogSink represents a Logger that knows how to climb the call stack +// CallDepthLogSink represents a LogSink that knows how to climb the call stack // to identify the original call site and can offset the depth by a specified // number of frames. This is useful for users who have helper functions // between the "real" call site and the actual calls to Logger methods. @@ -467,7 +507,7 @@ type CallDepthLogSink interface { WithCallDepth(depth int) LogSink } -// CallStackHelperLogSink represents a Logger that knows how to climb +// CallStackHelperLogSink represents a LogSink that knows how to climb // the call stack to identify the original call site and can skip // intermediate helper functions if they mark themselves as // helper. Go's testing package uses that approach. diff --git a/vendor/github.com/go-task/slim-sprig/.editorconfig b/vendor/github.com/go-task/slim-sprig/.editorconfig new file mode 100644 index 000000000..b0c95367e --- /dev/null +++ b/vendor/github.com/go-task/slim-sprig/.editorconfig @@ -0,0 +1,14 @@ +# editorconfig.org + +root = true + +[*] +insert_final_newline = true +charset = utf-8 +trim_trailing_whitespace = true +indent_style = tab +indent_size = 8 + +[*.{md,yml,yaml,json}] +indent_style = space +indent_size = 2 diff --git a/vendor/github.com/go-task/slim-sprig/.gitattributes b/vendor/github.com/go-task/slim-sprig/.gitattributes new file mode 100644 index 000000000..176a458f9 --- /dev/null +++ b/vendor/github.com/go-task/slim-sprig/.gitattributes @@ -0,0 +1 @@ +* text=auto diff --git a/vendor/github.com/go-task/slim-sprig/.gitignore b/vendor/github.com/go-task/slim-sprig/.gitignore new file mode 100644 index 000000000..5e3002f88 --- /dev/null +++ b/vendor/github.com/go-task/slim-sprig/.gitignore @@ -0,0 +1,2 @@ +vendor/ +/.glide diff --git a/vendor/github.com/go-task/slim-sprig/CHANGELOG.md b/vendor/github.com/go-task/slim-sprig/CHANGELOG.md new file mode 100644 index 000000000..61d8ebffc --- /dev/null +++ b/vendor/github.com/go-task/slim-sprig/CHANGELOG.md @@ -0,0 +1,364 @@ +# Changelog + +## Release 3.2.0 (2020-12-14) + +### Added + +- #211: Added randInt function (thanks @kochurovro) +- #223: Added fromJson and mustFromJson functions (thanks @mholt) +- #242: Added a bcrypt function (thanks @robbiet480) +- #253: Added randBytes function (thanks @MikaelSmith) +- #254: Added dig function for dicts (thanks @nyarly) +- #257: Added regexQuoteMeta for quoting regex metadata (thanks @rheaton) +- #261: Added filepath functions osBase, osDir, osExt, osClean, osIsAbs (thanks @zugl) +- #268: Added and and all functions for testing conditions (thanks @phuslu) +- #181: Added float64 arithmetic addf, add1f, subf, divf, mulf, maxf, and minf + (thanks @andrewmostello) +- #265: Added chunk function to split array into smaller arrays (thanks @karelbilek) +- #270: Extend certificate functions to handle non-RSA keys + add support for + ed25519 keys (thanks @misberner) + +### Changed + +- Removed testing and support for Go 1.12. ed25519 support requires Go 1.13 or newer +- Using semver 3.1.1 and mergo 0.3.11 + +### Fixed + +- #249: Fix htmlDateInZone example (thanks @spawnia) + +NOTE: The dependency github.com/imdario/mergo reverted the breaking change in +0.3.9 via 0.3.10 release. + +## Release 3.1.0 (2020-04-16) + +NOTE: The dependency github.com/imdario/mergo made a behavior change in 0.3.9 +that impacts sprig functionality. Do not use sprig with a version newer than 0.3.8. + +### Added + +- #225: Added support for generating htpasswd hash (thanks @rustycl0ck) +- #224: Added duration filter (thanks @frebib) +- #205: Added `seq` function (thanks @thadc23) + +### Changed + +- #203: Unlambda functions with correct signature (thanks @muesli) +- #236: Updated the license formatting for GitHub display purposes +- #238: Updated package dependency versions. Note, mergo not updated to 0.3.9 + as it causes a breaking change for sprig. That issue is tracked at + https://github.com/imdario/mergo/issues/139 + +### Fixed + +- #229: Fix `seq` example in docs (thanks @kalmant) + +## Release 3.0.2 (2019-12-13) + +### Fixed + +- #220: Updating to semver v3.0.3 to fix issue with <= ranges +- #218: fix typo elyptical->elliptic in ecdsa key description (thanks @laverya) + +## Release 3.0.1 (2019-12-08) + +### Fixed + +- #212: Updated semver fixing broken constraint checking with ^0.0 + +## Release 3.0.0 (2019-10-02) + +### Added + +- #187: Added durationRound function (thanks @yjp20) +- #189: Added numerous template functions that return errors rather than panic (thanks @nrvnrvn) +- #193: Added toRawJson support (thanks @Dean-Coakley) +- #197: Added get support to dicts (thanks @Dean-Coakley) + +### Changed + +- #186: Moving dependency management to Go modules +- #186: Updated semver to v3. This has changes in the way ^ is handled +- #194: Updated documentation on merging and how it copies. Added example using deepCopy +- #196: trunc now supports negative values (thanks @Dean-Coakley) + +## Release 2.22.0 (2019-10-02) + +### Added + +- #173: Added getHostByName function to resolve dns names to ips (thanks @fcgravalos) +- #195: Added deepCopy function for use with dicts + +### Changed + +- Updated merge and mergeOverwrite documentation to explain copying and how to + use deepCopy with it + +## Release 2.21.0 (2019-09-18) + +### Added + +- #122: Added encryptAES/decryptAES functions (thanks @n0madic) +- #128: Added toDecimal support (thanks @Dean-Coakley) +- #169: Added list contcat (thanks @astorath) +- #174: Added deepEqual function (thanks @bonifaido) +- #170: Added url parse and join functions (thanks @astorath) + +### Changed + +- #171: Updated glide config for Google UUID to v1 and to add ranges to semver and testify + +### Fixed + +- #172: Fix semver wildcard example (thanks @piepmatz) +- #175: Fix dateInZone doc example (thanks @s3than) + +## Release 2.20.0 (2019-06-18) + +### Added + +- #164: Adding function to get unix epoch for a time (@mattfarina) +- #166: Adding tests for date_in_zone (@mattfarina) + +### Changed + +- #144: Fix function comments based on best practices from Effective Go (@CodeLingoTeam) +- #150: Handles pointer type for time.Time in "htmlDate" (@mapreal19) +- #161, #157, #160, #153, #158, #156, #155, #159, #152 documentation updates (@badeadan) + +### Fixed + +## Release 2.19.0 (2019-03-02) + +IMPORTANT: This release reverts a change from 2.18.0 + +In the previous release (2.18), we prematurely merged a partial change to the crypto functions that led to creating two sets of crypto functions (I blame @technosophos -- since that's me). This release rolls back that change, and does what was originally intended: It alters the existing crypto functions to use secure random. + +We debated whether this classifies as a change worthy of major revision, but given the proximity to the last release, we have decided that treating 2.18 as a faulty release is the correct course of action. We apologize for any inconvenience. + +### Changed + +- Fix substr panic 35fb796 (Alexey igrychev) +- Remove extra period 1eb7729 (Matthew Lorimor) +- Make random string functions use crypto by default 6ceff26 (Matthew Lorimor) +- README edits/fixes/suggestions 08fe136 (Lauri Apple) + + +## Release 2.18.0 (2019-02-12) + +### Added + +- Added mergeOverwrite function +- cryptographic functions that use secure random (see fe1de12) + +### Changed + +- Improve documentation of regexMatch function, resolves #139 90b89ce (Jan Tagscherer) +- Handle has for nil list 9c10885 (Daniel Cohen) +- Document behaviour of mergeOverwrite fe0dbe9 (Lukas Rieder) +- doc: adds missing documentation. 4b871e6 (Fernandez Ludovic) +- Replace outdated goutils imports 01893d2 (Matthew Lorimor) +- Surface crypto secure random strings from goutils fe1de12 (Matthew Lorimor) +- Handle untyped nil values as paramters to string functions 2b2ec8f (Morten Torkildsen) + +### Fixed + +- Fix dict merge issue and provide mergeOverwrite .dst .src1 to overwrite from src -> dst 4c59c12 (Lukas Rieder) +- Fix substr var names and comments d581f80 (Dean Coakley) +- Fix substr documentation 2737203 (Dean Coakley) + +## Release 2.17.1 (2019-01-03) + +### Fixed + +The 2.17.0 release did not have a version pinned for xstrings, which caused compilation failures when xstrings < 1.2 was used. This adds the correct version string to glide.yaml. + +## Release 2.17.0 (2019-01-03) + +### Added + +- adds alder32sum function and test 6908fc2 (marshallford) +- Added kebabcase function ca331a1 (Ilyes512) + +### Changed + +- Update goutils to 1.1.0 4e1125d (Matt Butcher) + +### Fixed + +- Fix 'has' documentation e3f2a85 (dean-coakley) +- docs(dict): fix typo in pick example dc424f9 (Dustin Specker) +- fixes spelling errors... not sure how that happened 4cf188a (marshallford) + +## Release 2.16.0 (2018-08-13) + +### Added + +- add splitn function fccb0b0 (Helgi Þorbjörnsson) +- Add slice func df28ca7 (gongdo) +- Generate serial number a3bdffd (Cody Coons) +- Extract values of dict with values function df39312 (Lawrence Jones) + +### Changed + +- Modify panic message for list.slice ae38335 (gongdo) +- Minor improvement in code quality - Removed an unreachable piece of code at defaults.go#L26:6 - Resolve formatting issues. 5834241 (Abhishek Kashyap) +- Remove duplicated documentation 1d97af1 (Matthew Fisher) +- Test on go 1.11 49df809 (Helgi Þormar Þorbjörnsson) + +### Fixed + +- Fix file permissions c5f40b5 (gongdo) +- Fix example for buildCustomCert 7779e0d (Tin Lam) + +## Release 2.15.0 (2018-04-02) + +### Added + +- #68 and #69: Add json helpers to docs (thanks @arunvelsriram) +- #66: Add ternary function (thanks @binoculars) +- #67: Allow keys function to take multiple dicts (thanks @binoculars) +- #89: Added sha1sum to crypto function (thanks @benkeil) +- #81: Allow customizing Root CA that used by genSignedCert (thanks @chenzhiwei) +- #92: Add travis testing for go 1.10 +- #93: Adding appveyor config for windows testing + +### Changed + +- #90: Updating to more recent dependencies +- #73: replace satori/go.uuid with google/uuid (thanks @petterw) + +### Fixed + +- #76: Fixed documentation typos (thanks @Thiht) +- Fixed rounding issue on the `ago` function. Note, the removes support for Go 1.8 and older + +## Release 2.14.1 (2017-12-01) + +### Fixed + +- #60: Fix typo in function name documentation (thanks @neil-ca-moore) +- #61: Removing line with {{ due to blocking github pages genertion +- #64: Update the list functions to handle int, string, and other slices for compatibility + +## Release 2.14.0 (2017-10-06) + +This new version of Sprig adds a set of functions for generating and working with SSL certificates. + +- `genCA` generates an SSL Certificate Authority +- `genSelfSignedCert` generates an SSL self-signed certificate +- `genSignedCert` generates an SSL certificate and key based on a given CA + +## Release 2.13.0 (2017-09-18) + +This release adds new functions, including: + +- `regexMatch`, `regexFindAll`, `regexFind`, `regexReplaceAll`, `regexReplaceAllLiteral`, and `regexSplit` to work with regular expressions +- `floor`, `ceil`, and `round` math functions +- `toDate` converts a string to a date +- `nindent` is just like `indent` but also prepends a new line +- `ago` returns the time from `time.Now` + +### Added + +- #40: Added basic regex functionality (thanks @alanquillin) +- #41: Added ceil floor and round functions (thanks @alanquillin) +- #48: Added toDate function (thanks @andreynering) +- #50: Added nindent function (thanks @binoculars) +- #46: Added ago function (thanks @slayer) + +### Changed + +- #51: Updated godocs to include new string functions (thanks @curtisallen) +- #49: Added ability to merge multiple dicts (thanks @binoculars) + +## Release 2.12.0 (2017-05-17) + +- `snakecase`, `camelcase`, and `shuffle` are three new string functions +- `fail` allows you to bail out of a template render when conditions are not met + +## Release 2.11.0 (2017-05-02) + +- Added `toJson` and `toPrettyJson` +- Added `merge` +- Refactored documentation + +## Release 2.10.0 (2017-03-15) + +- Added `semver` and `semverCompare` for Semantic Versions +- `list` replaces `tuple` +- Fixed issue with `join` +- Added `first`, `last`, `intial`, `rest`, `prepend`, `append`, `toString`, `toStrings`, `sortAlpha`, `reverse`, `coalesce`, `pluck`, `pick`, `compact`, `keys`, `omit`, `uniq`, `has`, `without` + +## Release 2.9.0 (2017-02-23) + +- Added `splitList` to split a list +- Added crypto functions of `genPrivateKey` and `derivePassword` + +## Release 2.8.0 (2016-12-21) + +- Added access to several path functions (`base`, `dir`, `clean`, `ext`, and `abs`) +- Added functions for _mutating_ dictionaries (`set`, `unset`, `hasKey`) + +## Release 2.7.0 (2016-12-01) + +- Added `sha256sum` to generate a hash of an input +- Added functions to convert a numeric or string to `int`, `int64`, `float64` + +## Release 2.6.0 (2016-10-03) + +- Added a `uuidv4` template function for generating UUIDs inside of a template. + +## Release 2.5.0 (2016-08-19) + +- New `trimSuffix`, `trimPrefix`, `hasSuffix`, and `hasPrefix` functions +- New aliases have been added for a few functions that didn't follow the naming conventions (`trimAll` and `abbrevBoth`) +- `trimall` and `abbrevboth` (notice the case) are deprecated and will be removed in 3.0.0 + +## Release 2.4.0 (2016-08-16) + +- Adds two functions: `until` and `untilStep` + +## Release 2.3.0 (2016-06-21) + +- cat: Concatenate strings with whitespace separators. +- replace: Replace parts of a string: `replace " " "-" "Me First"` renders "Me-First" +- plural: Format plurals: `len "foo" | plural "one foo" "many foos"` renders "many foos" +- indent: Indent blocks of text in a way that is sensitive to "\n" characters. + +## Release 2.2.0 (2016-04-21) + +- Added a `genPrivateKey` function (Thanks @bacongobbler) + +## Release 2.1.0 (2016-03-30) + +- `default` now prints the default value when it does not receive a value down the pipeline. It is much safer now to do `{{.Foo | default "bar"}}`. +- Added accessors for "hermetic" functions. These return only functions that, when given the same input, produce the same output. + +## Release 2.0.0 (2016-03-29) + +Because we switched from `int` to `int64` as the return value for all integer math functions, the library's major version number has been incremented. + +- `min` complements `max` (formerly `biggest`) +- `empty` indicates that a value is the empty value for its type +- `tuple` creates a tuple inside of a template: `{{$t := tuple "a", "b" "c"}}` +- `dict` creates a dictionary inside of a template `{{$d := dict "key1" "val1" "key2" "val2"}}` +- Date formatters have been added for HTML dates (as used in `date` input fields) +- Integer math functions can convert from a number of types, including `string` (via `strconv.ParseInt`). + +## Release 1.2.0 (2016-02-01) + +- Added quote and squote +- Added b32enc and b32dec +- add now takes varargs +- biggest now takes varargs + +## Release 1.1.0 (2015-12-29) + +- Added #4: Added contains function. strings.Contains, but with the arguments + switched to simplify common pipelines. (thanks krancour) +- Added Travis-CI testing support + +## Release 1.0.0 (2015-12-23) + +- Initial release diff --git a/vendor/github.com/go-task/slim-sprig/LICENSE.txt b/vendor/github.com/go-task/slim-sprig/LICENSE.txt new file mode 100644 index 000000000..f311b1eaa --- /dev/null +++ b/vendor/github.com/go-task/slim-sprig/LICENSE.txt @@ -0,0 +1,19 @@ +Copyright (C) 2013-2020 Masterminds + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. diff --git a/vendor/github.com/go-task/slim-sprig/README.md b/vendor/github.com/go-task/slim-sprig/README.md new file mode 100644 index 000000000..72579471f --- /dev/null +++ b/vendor/github.com/go-task/slim-sprig/README.md @@ -0,0 +1,73 @@ +# Slim-Sprig: Template functions for Go templates [![GoDoc](https://godoc.org/github.com/go-task/slim-sprig?status.svg)](https://godoc.org/github.com/go-task/slim-sprig) [![Go Report Card](https://goreportcard.com/badge/github.com/go-task/slim-sprig)](https://goreportcard.com/report/github.com/go-task/slim-sprig) + +Slim-Sprig is a fork of [Sprig](https://github.com/Masterminds/sprig), but with +all functions that depend on external (non standard library) or crypto packages +removed. +The reason for this is to make this library more lightweight. Most of these +functions (specially crypto ones) are not needed on most apps, but costs a lot +in terms of binary size and compilation time. + +## Usage + +**Template developers**: Please use Slim-Sprig's [function documentation](https://go-task.github.io/slim-sprig/) for +detailed instructions and code snippets for the >100 template functions available. + +**Go developers**: If you'd like to include Slim-Sprig as a library in your program, +our API documentation is available [at GoDoc.org](http://godoc.org/github.com/go-task/slim-sprig). + +For standard usage, read on. + +### Load the Slim-Sprig library + +To load the Slim-Sprig `FuncMap`: + +```go + +import ( + "html/template" + + "github.com/go-task/slim-sprig" +) + +// This example illustrates that the FuncMap *must* be set before the +// templates themselves are loaded. +tpl := template.Must( + template.New("base").Funcs(sprig.FuncMap()).ParseGlob("*.html") +) +``` + +### Calling the functions inside of templates + +By convention, all functions are lowercase. This seems to follow the Go +idiom for template functions (as opposed to template methods, which are +TitleCase). For example, this: + +``` +{{ "hello!" | upper | repeat 5 }} +``` + +produces this: + +``` +HELLO!HELLO!HELLO!HELLO!HELLO! +``` + +## Principles Driving Our Function Selection + +We followed these principles to decide which functions to add and how to implement them: + +- Use template functions to build layout. The following + types of operations are within the domain of template functions: + - Formatting + - Layout + - Simple type conversions + - Utilities that assist in handling common formatting and layout needs (e.g. arithmetic) +- Template functions should not return errors unless there is no way to print + a sensible value. For example, converting a string to an integer should not + produce an error if conversion fails. Instead, it should display a default + value. +- Simple math is necessary for grid layouts, pagers, and so on. Complex math + (anything other than arithmetic) should be done outside of templates. +- Template functions only deal with the data passed into them. They never retrieve + data from a source. +- Finally, do not override core Go template functions. diff --git a/vendor/github.com/go-task/slim-sprig/Taskfile.yml b/vendor/github.com/go-task/slim-sprig/Taskfile.yml new file mode 100644 index 000000000..cdcfd223b --- /dev/null +++ b/vendor/github.com/go-task/slim-sprig/Taskfile.yml @@ -0,0 +1,12 @@ +# https://taskfile.dev + +version: '2' + +tasks: + default: + cmds: + - task: test + + test: + cmds: + - go test -v . diff --git a/vendor/github.com/go-task/slim-sprig/crypto.go b/vendor/github.com/go-task/slim-sprig/crypto.go new file mode 100644 index 000000000..d06e516d4 --- /dev/null +++ b/vendor/github.com/go-task/slim-sprig/crypto.go @@ -0,0 +1,24 @@ +package sprig + +import ( + "crypto/sha1" + "crypto/sha256" + "encoding/hex" + "fmt" + "hash/adler32" +) + +func sha256sum(input string) string { + hash := sha256.Sum256([]byte(input)) + return hex.EncodeToString(hash[:]) +} + +func sha1sum(input string) string { + hash := sha1.Sum([]byte(input)) + return hex.EncodeToString(hash[:]) +} + +func adler32sum(input string) string { + hash := adler32.Checksum([]byte(input)) + return fmt.Sprintf("%d", hash) +} diff --git a/vendor/github.com/go-task/slim-sprig/date.go b/vendor/github.com/go-task/slim-sprig/date.go new file mode 100644 index 000000000..ed022ddac --- /dev/null +++ b/vendor/github.com/go-task/slim-sprig/date.go @@ -0,0 +1,152 @@ +package sprig + +import ( + "strconv" + "time" +) + +// Given a format and a date, format the date string. +// +// Date can be a `time.Time` or an `int, int32, int64`. +// In the later case, it is treated as seconds since UNIX +// epoch. +func date(fmt string, date interface{}) string { + return dateInZone(fmt, date, "Local") +} + +func htmlDate(date interface{}) string { + return dateInZone("2006-01-02", date, "Local") +} + +func htmlDateInZone(date interface{}, zone string) string { + return dateInZone("2006-01-02", date, zone) +} + +func dateInZone(fmt string, date interface{}, zone string) string { + var t time.Time + switch date := date.(type) { + default: + t = time.Now() + case time.Time: + t = date + case *time.Time: + t = *date + case int64: + t = time.Unix(date, 0) + case int: + t = time.Unix(int64(date), 0) + case int32: + t = time.Unix(int64(date), 0) + } + + loc, err := time.LoadLocation(zone) + if err != nil { + loc, _ = time.LoadLocation("UTC") + } + + return t.In(loc).Format(fmt) +} + +func dateModify(fmt string, date time.Time) time.Time { + d, err := time.ParseDuration(fmt) + if err != nil { + return date + } + return date.Add(d) +} + +func mustDateModify(fmt string, date time.Time) (time.Time, error) { + d, err := time.ParseDuration(fmt) + if err != nil { + return time.Time{}, err + } + return date.Add(d), nil +} + +func dateAgo(date interface{}) string { + var t time.Time + + switch date := date.(type) { + default: + t = time.Now() + case time.Time: + t = date + case int64: + t = time.Unix(date, 0) + case int: + t = time.Unix(int64(date), 0) + } + // Drop resolution to seconds + duration := time.Since(t).Round(time.Second) + return duration.String() +} + +func duration(sec interface{}) string { + var n int64 + switch value := sec.(type) { + default: + n = 0 + case string: + n, _ = strconv.ParseInt(value, 10, 64) + case int64: + n = value + } + return (time.Duration(n) * time.Second).String() +} + +func durationRound(duration interface{}) string { + var d time.Duration + switch duration := duration.(type) { + default: + d = 0 + case string: + d, _ = time.ParseDuration(duration) + case int64: + d = time.Duration(duration) + case time.Time: + d = time.Since(duration) + } + + u := uint64(d) + neg := d < 0 + if neg { + u = -u + } + + var ( + year = uint64(time.Hour) * 24 * 365 + month = uint64(time.Hour) * 24 * 30 + day = uint64(time.Hour) * 24 + hour = uint64(time.Hour) + minute = uint64(time.Minute) + second = uint64(time.Second) + ) + switch { + case u > year: + return strconv.FormatUint(u/year, 10) + "y" + case u > month: + return strconv.FormatUint(u/month, 10) + "mo" + case u > day: + return strconv.FormatUint(u/day, 10) + "d" + case u > hour: + return strconv.FormatUint(u/hour, 10) + "h" + case u > minute: + return strconv.FormatUint(u/minute, 10) + "m" + case u > second: + return strconv.FormatUint(u/second, 10) + "s" + } + return "0s" +} + +func toDate(fmt, str string) time.Time { + t, _ := time.ParseInLocation(fmt, str, time.Local) + return t +} + +func mustToDate(fmt, str string) (time.Time, error) { + return time.ParseInLocation(fmt, str, time.Local) +} + +func unixEpoch(date time.Time) string { + return strconv.FormatInt(date.Unix(), 10) +} diff --git a/vendor/github.com/go-task/slim-sprig/defaults.go b/vendor/github.com/go-task/slim-sprig/defaults.go new file mode 100644 index 000000000..b9f979666 --- /dev/null +++ b/vendor/github.com/go-task/slim-sprig/defaults.go @@ -0,0 +1,163 @@ +package sprig + +import ( + "bytes" + "encoding/json" + "math/rand" + "reflect" + "strings" + "time" +) + +func init() { + rand.Seed(time.Now().UnixNano()) +} + +// dfault checks whether `given` is set, and returns default if not set. +// +// This returns `d` if `given` appears not to be set, and `given` otherwise. +// +// For numeric types 0 is unset. +// For strings, maps, arrays, and slices, len() = 0 is considered unset. +// For bool, false is unset. +// Structs are never considered unset. +// +// For everything else, including pointers, a nil value is unset. +func dfault(d interface{}, given ...interface{}) interface{} { + + if empty(given) || empty(given[0]) { + return d + } + return given[0] +} + +// empty returns true if the given value has the zero value for its type. +func empty(given interface{}) bool { + g := reflect.ValueOf(given) + if !g.IsValid() { + return true + } + + // Basically adapted from text/template.isTrue + switch g.Kind() { + default: + return g.IsNil() + case reflect.Array, reflect.Slice, reflect.Map, reflect.String: + return g.Len() == 0 + case reflect.Bool: + return !g.Bool() + case reflect.Complex64, reflect.Complex128: + return g.Complex() == 0 + case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64: + return g.Int() == 0 + case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr: + return g.Uint() == 0 + case reflect.Float32, reflect.Float64: + return g.Float() == 0 + case reflect.Struct: + return false + } +} + +// coalesce returns the first non-empty value. +func coalesce(v ...interface{}) interface{} { + for _, val := range v { + if !empty(val) { + return val + } + } + return nil +} + +// all returns true if empty(x) is false for all values x in the list. +// If the list is empty, return true. +func all(v ...interface{}) bool { + for _, val := range v { + if empty(val) { + return false + } + } + return true +} + +// any returns true if empty(x) is false for any x in the list. +// If the list is empty, return false. +func any(v ...interface{}) bool { + for _, val := range v { + if !empty(val) { + return true + } + } + return false +} + +// fromJson decodes JSON into a structured value, ignoring errors. +func fromJson(v string) interface{} { + output, _ := mustFromJson(v) + return output +} + +// mustFromJson decodes JSON into a structured value, returning errors. +func mustFromJson(v string) (interface{}, error) { + var output interface{} + err := json.Unmarshal([]byte(v), &output) + return output, err +} + +// toJson encodes an item into a JSON string +func toJson(v interface{}) string { + output, _ := json.Marshal(v) + return string(output) +} + +func mustToJson(v interface{}) (string, error) { + output, err := json.Marshal(v) + if err != nil { + return "", err + } + return string(output), nil +} + +// toPrettyJson encodes an item into a pretty (indented) JSON string +func toPrettyJson(v interface{}) string { + output, _ := json.MarshalIndent(v, "", " ") + return string(output) +} + +func mustToPrettyJson(v interface{}) (string, error) { + output, err := json.MarshalIndent(v, "", " ") + if err != nil { + return "", err + } + return string(output), nil +} + +// toRawJson encodes an item into a JSON string with no escaping of HTML characters. +func toRawJson(v interface{}) string { + output, err := mustToRawJson(v) + if err != nil { + panic(err) + } + return string(output) +} + +// mustToRawJson encodes an item into a JSON string with no escaping of HTML characters. +func mustToRawJson(v interface{}) (string, error) { + buf := new(bytes.Buffer) + enc := json.NewEncoder(buf) + enc.SetEscapeHTML(false) + err := enc.Encode(&v) + if err != nil { + return "", err + } + return strings.TrimSuffix(buf.String(), "\n"), nil +} + +// ternary returns the first value if the last value is true, otherwise returns the second value. +func ternary(vt interface{}, vf interface{}, v bool) interface{} { + if v { + return vt + } + + return vf +} diff --git a/vendor/github.com/go-task/slim-sprig/dict.go b/vendor/github.com/go-task/slim-sprig/dict.go new file mode 100644 index 000000000..77ebc61b1 --- /dev/null +++ b/vendor/github.com/go-task/slim-sprig/dict.go @@ -0,0 +1,118 @@ +package sprig + +func get(d map[string]interface{}, key string) interface{} { + if val, ok := d[key]; ok { + return val + } + return "" +} + +func set(d map[string]interface{}, key string, value interface{}) map[string]interface{} { + d[key] = value + return d +} + +func unset(d map[string]interface{}, key string) map[string]interface{} { + delete(d, key) + return d +} + +func hasKey(d map[string]interface{}, key string) bool { + _, ok := d[key] + return ok +} + +func pluck(key string, d ...map[string]interface{}) []interface{} { + res := []interface{}{} + for _, dict := range d { + if val, ok := dict[key]; ok { + res = append(res, val) + } + } + return res +} + +func keys(dicts ...map[string]interface{}) []string { + k := []string{} + for _, dict := range dicts { + for key := range dict { + k = append(k, key) + } + } + return k +} + +func pick(dict map[string]interface{}, keys ...string) map[string]interface{} { + res := map[string]interface{}{} + for _, k := range keys { + if v, ok := dict[k]; ok { + res[k] = v + } + } + return res +} + +func omit(dict map[string]interface{}, keys ...string) map[string]interface{} { + res := map[string]interface{}{} + + omit := make(map[string]bool, len(keys)) + for _, k := range keys { + omit[k] = true + } + + for k, v := range dict { + if _, ok := omit[k]; !ok { + res[k] = v + } + } + return res +} + +func dict(v ...interface{}) map[string]interface{} { + dict := map[string]interface{}{} + lenv := len(v) + for i := 0; i < lenv; i += 2 { + key := strval(v[i]) + if i+1 >= lenv { + dict[key] = "" + continue + } + dict[key] = v[i+1] + } + return dict +} + +func values(dict map[string]interface{}) []interface{} { + values := []interface{}{} + for _, value := range dict { + values = append(values, value) + } + + return values +} + +func dig(ps ...interface{}) (interface{}, error) { + if len(ps) < 3 { + panic("dig needs at least three arguments") + } + dict := ps[len(ps)-1].(map[string]interface{}) + def := ps[len(ps)-2] + ks := make([]string, len(ps)-2) + for i := 0; i < len(ks); i++ { + ks[i] = ps[i].(string) + } + + return digFromDict(dict, def, ks) +} + +func digFromDict(dict map[string]interface{}, d interface{}, ks []string) (interface{}, error) { + k, ns := ks[0], ks[1:len(ks)] + step, has := dict[k] + if !has { + return d, nil + } + if len(ns) == 0 { + return step, nil + } + return digFromDict(step.(map[string]interface{}), d, ns) +} diff --git a/vendor/github.com/go-task/slim-sprig/doc.go b/vendor/github.com/go-task/slim-sprig/doc.go new file mode 100644 index 000000000..aabb9d448 --- /dev/null +++ b/vendor/github.com/go-task/slim-sprig/doc.go @@ -0,0 +1,19 @@ +/* +Package sprig provides template functions for Go. + +This package contains a number of utility functions for working with data +inside of Go `html/template` and `text/template` files. + +To add these functions, use the `template.Funcs()` method: + + t := templates.New("foo").Funcs(sprig.FuncMap()) + +Note that you should add the function map before you parse any template files. + + In several cases, Sprig reverses the order of arguments from the way they + appear in the standard library. This is to make it easier to pipe + arguments into functions. + +See http://masterminds.github.io/sprig/ for more detailed documentation on each of the available functions. +*/ +package sprig diff --git a/vendor/github.com/go-task/slim-sprig/functions.go b/vendor/github.com/go-task/slim-sprig/functions.go new file mode 100644 index 000000000..5ea74f899 --- /dev/null +++ b/vendor/github.com/go-task/slim-sprig/functions.go @@ -0,0 +1,317 @@ +package sprig + +import ( + "errors" + "html/template" + "math/rand" + "os" + "path" + "path/filepath" + "reflect" + "strconv" + "strings" + ttemplate "text/template" + "time" +) + +// FuncMap produces the function map. +// +// Use this to pass the functions into the template engine: +// +// tpl := template.New("foo").Funcs(sprig.FuncMap())) +// +func FuncMap() template.FuncMap { + return HtmlFuncMap() +} + +// HermeticTxtFuncMap returns a 'text/template'.FuncMap with only repeatable functions. +func HermeticTxtFuncMap() ttemplate.FuncMap { + r := TxtFuncMap() + for _, name := range nonhermeticFunctions { + delete(r, name) + } + return r +} + +// HermeticHtmlFuncMap returns an 'html/template'.Funcmap with only repeatable functions. +func HermeticHtmlFuncMap() template.FuncMap { + r := HtmlFuncMap() + for _, name := range nonhermeticFunctions { + delete(r, name) + } + return r +} + +// TxtFuncMap returns a 'text/template'.FuncMap +func TxtFuncMap() ttemplate.FuncMap { + return ttemplate.FuncMap(GenericFuncMap()) +} + +// HtmlFuncMap returns an 'html/template'.Funcmap +func HtmlFuncMap() template.FuncMap { + return template.FuncMap(GenericFuncMap()) +} + +// GenericFuncMap returns a copy of the basic function map as a map[string]interface{}. +func GenericFuncMap() map[string]interface{} { + gfm := make(map[string]interface{}, len(genericMap)) + for k, v := range genericMap { + gfm[k] = v + } + return gfm +} + +// These functions are not guaranteed to evaluate to the same result for given input, because they +// refer to the environment or global state. +var nonhermeticFunctions = []string{ + // Date functions + "date", + "date_in_zone", + "date_modify", + "now", + "htmlDate", + "htmlDateInZone", + "dateInZone", + "dateModify", + + // Strings + "randAlphaNum", + "randAlpha", + "randAscii", + "randNumeric", + "randBytes", + "uuidv4", + + // OS + "env", + "expandenv", + + // Network + "getHostByName", +} + +var genericMap = map[string]interface{}{ + "hello": func() string { return "Hello!" }, + + // Date functions + "ago": dateAgo, + "date": date, + "date_in_zone": dateInZone, + "date_modify": dateModify, + "dateInZone": dateInZone, + "dateModify": dateModify, + "duration": duration, + "durationRound": durationRound, + "htmlDate": htmlDate, + "htmlDateInZone": htmlDateInZone, + "must_date_modify": mustDateModify, + "mustDateModify": mustDateModify, + "mustToDate": mustToDate, + "now": time.Now, + "toDate": toDate, + "unixEpoch": unixEpoch, + + // Strings + "trunc": trunc, + "trim": strings.TrimSpace, + "upper": strings.ToUpper, + "lower": strings.ToLower, + "title": strings.Title, + "substr": substring, + // Switch order so that "foo" | repeat 5 + "repeat": func(count int, str string) string { return strings.Repeat(str, count) }, + // Deprecated: Use trimAll. + "trimall": func(a, b string) string { return strings.Trim(b, a) }, + // Switch order so that "$foo" | trimall "$" + "trimAll": func(a, b string) string { return strings.Trim(b, a) }, + "trimSuffix": func(a, b string) string { return strings.TrimSuffix(b, a) }, + "trimPrefix": func(a, b string) string { return strings.TrimPrefix(b, a) }, + // Switch order so that "foobar" | contains "foo" + "contains": func(substr string, str string) bool { return strings.Contains(str, substr) }, + "hasPrefix": func(substr string, str string) bool { return strings.HasPrefix(str, substr) }, + "hasSuffix": func(substr string, str string) bool { return strings.HasSuffix(str, substr) }, + "quote": quote, + "squote": squote, + "cat": cat, + "indent": indent, + "nindent": nindent, + "replace": replace, + "plural": plural, + "sha1sum": sha1sum, + "sha256sum": sha256sum, + "adler32sum": adler32sum, + "toString": strval, + + // Wrap Atoi to stop errors. + "atoi": func(a string) int { i, _ := strconv.Atoi(a); return i }, + "int64": toInt64, + "int": toInt, + "float64": toFloat64, + "seq": seq, + "toDecimal": toDecimal, + + //"gt": func(a, b int) bool {return a > b}, + //"gte": func(a, b int) bool {return a >= b}, + //"lt": func(a, b int) bool {return a < b}, + //"lte": func(a, b int) bool {return a <= b}, + + // split "/" foo/bar returns map[int]string{0: foo, 1: bar} + "split": split, + "splitList": func(sep, orig string) []string { return strings.Split(orig, sep) }, + // splitn "/" foo/bar/fuu returns map[int]string{0: foo, 1: bar/fuu} + "splitn": splitn, + "toStrings": strslice, + + "until": until, + "untilStep": untilStep, + + // VERY basic arithmetic. + "add1": func(i interface{}) int64 { return toInt64(i) + 1 }, + "add": func(i ...interface{}) int64 { + var a int64 = 0 + for _, b := range i { + a += toInt64(b) + } + return a + }, + "sub": func(a, b interface{}) int64 { return toInt64(a) - toInt64(b) }, + "div": func(a, b interface{}) int64 { return toInt64(a) / toInt64(b) }, + "mod": func(a, b interface{}) int64 { return toInt64(a) % toInt64(b) }, + "mul": func(a interface{}, v ...interface{}) int64 { + val := toInt64(a) + for _, b := range v { + val = val * toInt64(b) + } + return val + }, + "randInt": func(min, max int) int { return rand.Intn(max-min) + min }, + "biggest": max, + "max": max, + "min": min, + "maxf": maxf, + "minf": minf, + "ceil": ceil, + "floor": floor, + "round": round, + + // string slices. Note that we reverse the order b/c that's better + // for template processing. + "join": join, + "sortAlpha": sortAlpha, + + // Defaults + "default": dfault, + "empty": empty, + "coalesce": coalesce, + "all": all, + "any": any, + "compact": compact, + "mustCompact": mustCompact, + "fromJson": fromJson, + "toJson": toJson, + "toPrettyJson": toPrettyJson, + "toRawJson": toRawJson, + "mustFromJson": mustFromJson, + "mustToJson": mustToJson, + "mustToPrettyJson": mustToPrettyJson, + "mustToRawJson": mustToRawJson, + "ternary": ternary, + + // Reflection + "typeOf": typeOf, + "typeIs": typeIs, + "typeIsLike": typeIsLike, + "kindOf": kindOf, + "kindIs": kindIs, + "deepEqual": reflect.DeepEqual, + + // OS: + "env": os.Getenv, + "expandenv": os.ExpandEnv, + + // Network: + "getHostByName": getHostByName, + + // Paths: + "base": path.Base, + "dir": path.Dir, + "clean": path.Clean, + "ext": path.Ext, + "isAbs": path.IsAbs, + + // Filepaths: + "osBase": filepath.Base, + "osClean": filepath.Clean, + "osDir": filepath.Dir, + "osExt": filepath.Ext, + "osIsAbs": filepath.IsAbs, + + // Encoding: + "b64enc": base64encode, + "b64dec": base64decode, + "b32enc": base32encode, + "b32dec": base32decode, + + // Data Structures: + "tuple": list, // FIXME: with the addition of append/prepend these are no longer immutable. + "list": list, + "dict": dict, + "get": get, + "set": set, + "unset": unset, + "hasKey": hasKey, + "pluck": pluck, + "keys": keys, + "pick": pick, + "omit": omit, + "values": values, + + "append": push, "push": push, + "mustAppend": mustPush, "mustPush": mustPush, + "prepend": prepend, + "mustPrepend": mustPrepend, + "first": first, + "mustFirst": mustFirst, + "rest": rest, + "mustRest": mustRest, + "last": last, + "mustLast": mustLast, + "initial": initial, + "mustInitial": mustInitial, + "reverse": reverse, + "mustReverse": mustReverse, + "uniq": uniq, + "mustUniq": mustUniq, + "without": without, + "mustWithout": mustWithout, + "has": has, + "mustHas": mustHas, + "slice": slice, + "mustSlice": mustSlice, + "concat": concat, + "dig": dig, + "chunk": chunk, + "mustChunk": mustChunk, + + // Flow Control: + "fail": func(msg string) (string, error) { return "", errors.New(msg) }, + + // Regex + "regexMatch": regexMatch, + "mustRegexMatch": mustRegexMatch, + "regexFindAll": regexFindAll, + "mustRegexFindAll": mustRegexFindAll, + "regexFind": regexFind, + "mustRegexFind": mustRegexFind, + "regexReplaceAll": regexReplaceAll, + "mustRegexReplaceAll": mustRegexReplaceAll, + "regexReplaceAllLiteral": regexReplaceAllLiteral, + "mustRegexReplaceAllLiteral": mustRegexReplaceAllLiteral, + "regexSplit": regexSplit, + "mustRegexSplit": mustRegexSplit, + "regexQuoteMeta": regexQuoteMeta, + + // URLs: + "urlParse": urlParse, + "urlJoin": urlJoin, +} diff --git a/vendor/github.com/go-task/slim-sprig/list.go b/vendor/github.com/go-task/slim-sprig/list.go new file mode 100644 index 000000000..ca0fbb789 --- /dev/null +++ b/vendor/github.com/go-task/slim-sprig/list.go @@ -0,0 +1,464 @@ +package sprig + +import ( + "fmt" + "math" + "reflect" + "sort" +) + +// Reflection is used in these functions so that slices and arrays of strings, +// ints, and other types not implementing []interface{} can be worked with. +// For example, this is useful if you need to work on the output of regexs. + +func list(v ...interface{}) []interface{} { + return v +} + +func push(list interface{}, v interface{}) []interface{} { + l, err := mustPush(list, v) + if err != nil { + panic(err) + } + + return l +} + +func mustPush(list interface{}, v interface{}) ([]interface{}, error) { + tp := reflect.TypeOf(list).Kind() + switch tp { + case reflect.Slice, reflect.Array: + l2 := reflect.ValueOf(list) + + l := l2.Len() + nl := make([]interface{}, l) + for i := 0; i < l; i++ { + nl[i] = l2.Index(i).Interface() + } + + return append(nl, v), nil + + default: + return nil, fmt.Errorf("Cannot push on type %s", tp) + } +} + +func prepend(list interface{}, v interface{}) []interface{} { + l, err := mustPrepend(list, v) + if err != nil { + panic(err) + } + + return l +} + +func mustPrepend(list interface{}, v interface{}) ([]interface{}, error) { + //return append([]interface{}{v}, list...) + + tp := reflect.TypeOf(list).Kind() + switch tp { + case reflect.Slice, reflect.Array: + l2 := reflect.ValueOf(list) + + l := l2.Len() + nl := make([]interface{}, l) + for i := 0; i < l; i++ { + nl[i] = l2.Index(i).Interface() + } + + return append([]interface{}{v}, nl...), nil + + default: + return nil, fmt.Errorf("Cannot prepend on type %s", tp) + } +} + +func chunk(size int, list interface{}) [][]interface{} { + l, err := mustChunk(size, list) + if err != nil { + panic(err) + } + + return l +} + +func mustChunk(size int, list interface{}) ([][]interface{}, error) { + tp := reflect.TypeOf(list).Kind() + switch tp { + case reflect.Slice, reflect.Array: + l2 := reflect.ValueOf(list) + + l := l2.Len() + + cs := int(math.Floor(float64(l-1)/float64(size)) + 1) + nl := make([][]interface{}, cs) + + for i := 0; i < cs; i++ { + clen := size + if i == cs-1 { + clen = int(math.Floor(math.Mod(float64(l), float64(size)))) + if clen == 0 { + clen = size + } + } + + nl[i] = make([]interface{}, clen) + + for j := 0; j < clen; j++ { + ix := i*size + j + nl[i][j] = l2.Index(ix).Interface() + } + } + + return nl, nil + + default: + return nil, fmt.Errorf("Cannot chunk type %s", tp) + } +} + +func last(list interface{}) interface{} { + l, err := mustLast(list) + if err != nil { + panic(err) + } + + return l +} + +func mustLast(list interface{}) (interface{}, error) { + tp := reflect.TypeOf(list).Kind() + switch tp { + case reflect.Slice, reflect.Array: + l2 := reflect.ValueOf(list) + + l := l2.Len() + if l == 0 { + return nil, nil + } + + return l2.Index(l - 1).Interface(), nil + default: + return nil, fmt.Errorf("Cannot find last on type %s", tp) + } +} + +func first(list interface{}) interface{} { + l, err := mustFirst(list) + if err != nil { + panic(err) + } + + return l +} + +func mustFirst(list interface{}) (interface{}, error) { + tp := reflect.TypeOf(list).Kind() + switch tp { + case reflect.Slice, reflect.Array: + l2 := reflect.ValueOf(list) + + l := l2.Len() + if l == 0 { + return nil, nil + } + + return l2.Index(0).Interface(), nil + default: + return nil, fmt.Errorf("Cannot find first on type %s", tp) + } +} + +func rest(list interface{}) []interface{} { + l, err := mustRest(list) + if err != nil { + panic(err) + } + + return l +} + +func mustRest(list interface{}) ([]interface{}, error) { + tp := reflect.TypeOf(list).Kind() + switch tp { + case reflect.Slice, reflect.Array: + l2 := reflect.ValueOf(list) + + l := l2.Len() + if l == 0 { + return nil, nil + } + + nl := make([]interface{}, l-1) + for i := 1; i < l; i++ { + nl[i-1] = l2.Index(i).Interface() + } + + return nl, nil + default: + return nil, fmt.Errorf("Cannot find rest on type %s", tp) + } +} + +func initial(list interface{}) []interface{} { + l, err := mustInitial(list) + if err != nil { + panic(err) + } + + return l +} + +func mustInitial(list interface{}) ([]interface{}, error) { + tp := reflect.TypeOf(list).Kind() + switch tp { + case reflect.Slice, reflect.Array: + l2 := reflect.ValueOf(list) + + l := l2.Len() + if l == 0 { + return nil, nil + } + + nl := make([]interface{}, l-1) + for i := 0; i < l-1; i++ { + nl[i] = l2.Index(i).Interface() + } + + return nl, nil + default: + return nil, fmt.Errorf("Cannot find initial on type %s", tp) + } +} + +func sortAlpha(list interface{}) []string { + k := reflect.Indirect(reflect.ValueOf(list)).Kind() + switch k { + case reflect.Slice, reflect.Array: + a := strslice(list) + s := sort.StringSlice(a) + s.Sort() + return s + } + return []string{strval(list)} +} + +func reverse(v interface{}) []interface{} { + l, err := mustReverse(v) + if err != nil { + panic(err) + } + + return l +} + +func mustReverse(v interface{}) ([]interface{}, error) { + tp := reflect.TypeOf(v).Kind() + switch tp { + case reflect.Slice, reflect.Array: + l2 := reflect.ValueOf(v) + + l := l2.Len() + // We do not sort in place because the incoming array should not be altered. + nl := make([]interface{}, l) + for i := 0; i < l; i++ { + nl[l-i-1] = l2.Index(i).Interface() + } + + return nl, nil + default: + return nil, fmt.Errorf("Cannot find reverse on type %s", tp) + } +} + +func compact(list interface{}) []interface{} { + l, err := mustCompact(list) + if err != nil { + panic(err) + } + + return l +} + +func mustCompact(list interface{}) ([]interface{}, error) { + tp := reflect.TypeOf(list).Kind() + switch tp { + case reflect.Slice, reflect.Array: + l2 := reflect.ValueOf(list) + + l := l2.Len() + nl := []interface{}{} + var item interface{} + for i := 0; i < l; i++ { + item = l2.Index(i).Interface() + if !empty(item) { + nl = append(nl, item) + } + } + + return nl, nil + default: + return nil, fmt.Errorf("Cannot compact on type %s", tp) + } +} + +func uniq(list interface{}) []interface{} { + l, err := mustUniq(list) + if err != nil { + panic(err) + } + + return l +} + +func mustUniq(list interface{}) ([]interface{}, error) { + tp := reflect.TypeOf(list).Kind() + switch tp { + case reflect.Slice, reflect.Array: + l2 := reflect.ValueOf(list) + + l := l2.Len() + dest := []interface{}{} + var item interface{} + for i := 0; i < l; i++ { + item = l2.Index(i).Interface() + if !inList(dest, item) { + dest = append(dest, item) + } + } + + return dest, nil + default: + return nil, fmt.Errorf("Cannot find uniq on type %s", tp) + } +} + +func inList(haystack []interface{}, needle interface{}) bool { + for _, h := range haystack { + if reflect.DeepEqual(needle, h) { + return true + } + } + return false +} + +func without(list interface{}, omit ...interface{}) []interface{} { + l, err := mustWithout(list, omit...) + if err != nil { + panic(err) + } + + return l +} + +func mustWithout(list interface{}, omit ...interface{}) ([]interface{}, error) { + tp := reflect.TypeOf(list).Kind() + switch tp { + case reflect.Slice, reflect.Array: + l2 := reflect.ValueOf(list) + + l := l2.Len() + res := []interface{}{} + var item interface{} + for i := 0; i < l; i++ { + item = l2.Index(i).Interface() + if !inList(omit, item) { + res = append(res, item) + } + } + + return res, nil + default: + return nil, fmt.Errorf("Cannot find without on type %s", tp) + } +} + +func has(needle interface{}, haystack interface{}) bool { + l, err := mustHas(needle, haystack) + if err != nil { + panic(err) + } + + return l +} + +func mustHas(needle interface{}, haystack interface{}) (bool, error) { + if haystack == nil { + return false, nil + } + tp := reflect.TypeOf(haystack).Kind() + switch tp { + case reflect.Slice, reflect.Array: + l2 := reflect.ValueOf(haystack) + var item interface{} + l := l2.Len() + for i := 0; i < l; i++ { + item = l2.Index(i).Interface() + if reflect.DeepEqual(needle, item) { + return true, nil + } + } + + return false, nil + default: + return false, fmt.Errorf("Cannot find has on type %s", tp) + } +} + +// $list := [1, 2, 3, 4, 5] +// slice $list -> list[0:5] = list[:] +// slice $list 0 3 -> list[0:3] = list[:3] +// slice $list 3 5 -> list[3:5] +// slice $list 3 -> list[3:5] = list[3:] +func slice(list interface{}, indices ...interface{}) interface{} { + l, err := mustSlice(list, indices...) + if err != nil { + panic(err) + } + + return l +} + +func mustSlice(list interface{}, indices ...interface{}) (interface{}, error) { + tp := reflect.TypeOf(list).Kind() + switch tp { + case reflect.Slice, reflect.Array: + l2 := reflect.ValueOf(list) + + l := l2.Len() + if l == 0 { + return nil, nil + } + + var start, end int + if len(indices) > 0 { + start = toInt(indices[0]) + } + if len(indices) < 2 { + end = l + } else { + end = toInt(indices[1]) + } + + return l2.Slice(start, end).Interface(), nil + default: + return nil, fmt.Errorf("list should be type of slice or array but %s", tp) + } +} + +func concat(lists ...interface{}) interface{} { + var res []interface{} + for _, list := range lists { + tp := reflect.TypeOf(list).Kind() + switch tp { + case reflect.Slice, reflect.Array: + l2 := reflect.ValueOf(list) + for i := 0; i < l2.Len(); i++ { + res = append(res, l2.Index(i).Interface()) + } + default: + panic(fmt.Sprintf("Cannot concat type %s as list", tp)) + } + } + return res +} diff --git a/vendor/github.com/go-task/slim-sprig/network.go b/vendor/github.com/go-task/slim-sprig/network.go new file mode 100644 index 000000000..108d78a94 --- /dev/null +++ b/vendor/github.com/go-task/slim-sprig/network.go @@ -0,0 +1,12 @@ +package sprig + +import ( + "math/rand" + "net" +) + +func getHostByName(name string) string { + addrs, _ := net.LookupHost(name) + //TODO: add error handing when release v3 comes out + return addrs[rand.Intn(len(addrs))] +} diff --git a/vendor/github.com/go-task/slim-sprig/numeric.go b/vendor/github.com/go-task/slim-sprig/numeric.go new file mode 100644 index 000000000..98cbb37a1 --- /dev/null +++ b/vendor/github.com/go-task/slim-sprig/numeric.go @@ -0,0 +1,228 @@ +package sprig + +import ( + "fmt" + "math" + "reflect" + "strconv" + "strings" +) + +// toFloat64 converts 64-bit floats +func toFloat64(v interface{}) float64 { + if str, ok := v.(string); ok { + iv, err := strconv.ParseFloat(str, 64) + if err != nil { + return 0 + } + return iv + } + + val := reflect.Indirect(reflect.ValueOf(v)) + switch val.Kind() { + case reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64, reflect.Int: + return float64(val.Int()) + case reflect.Uint8, reflect.Uint16, reflect.Uint32: + return float64(val.Uint()) + case reflect.Uint, reflect.Uint64: + return float64(val.Uint()) + case reflect.Float32, reflect.Float64: + return val.Float() + case reflect.Bool: + if val.Bool() { + return 1 + } + return 0 + default: + return 0 + } +} + +func toInt(v interface{}) int { + //It's not optimal. Bud I don't want duplicate toInt64 code. + return int(toInt64(v)) +} + +// toInt64 converts integer types to 64-bit integers +func toInt64(v interface{}) int64 { + if str, ok := v.(string); ok { + iv, err := strconv.ParseInt(str, 10, 64) + if err != nil { + return 0 + } + return iv + } + + val := reflect.Indirect(reflect.ValueOf(v)) + switch val.Kind() { + case reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64, reflect.Int: + return val.Int() + case reflect.Uint8, reflect.Uint16, reflect.Uint32: + return int64(val.Uint()) + case reflect.Uint, reflect.Uint64: + tv := val.Uint() + if tv <= math.MaxInt64 { + return int64(tv) + } + // TODO: What is the sensible thing to do here? + return math.MaxInt64 + case reflect.Float32, reflect.Float64: + return int64(val.Float()) + case reflect.Bool: + if val.Bool() { + return 1 + } + return 0 + default: + return 0 + } +} + +func max(a interface{}, i ...interface{}) int64 { + aa := toInt64(a) + for _, b := range i { + bb := toInt64(b) + if bb > aa { + aa = bb + } + } + return aa +} + +func maxf(a interface{}, i ...interface{}) float64 { + aa := toFloat64(a) + for _, b := range i { + bb := toFloat64(b) + aa = math.Max(aa, bb) + } + return aa +} + +func min(a interface{}, i ...interface{}) int64 { + aa := toInt64(a) + for _, b := range i { + bb := toInt64(b) + if bb < aa { + aa = bb + } + } + return aa +} + +func minf(a interface{}, i ...interface{}) float64 { + aa := toFloat64(a) + for _, b := range i { + bb := toFloat64(b) + aa = math.Min(aa, bb) + } + return aa +} + +func until(count int) []int { + step := 1 + if count < 0 { + step = -1 + } + return untilStep(0, count, step) +} + +func untilStep(start, stop, step int) []int { + v := []int{} + + if stop < start { + if step >= 0 { + return v + } + for i := start; i > stop; i += step { + v = append(v, i) + } + return v + } + + if step <= 0 { + return v + } + for i := start; i < stop; i += step { + v = append(v, i) + } + return v +} + +func floor(a interface{}) float64 { + aa := toFloat64(a) + return math.Floor(aa) +} + +func ceil(a interface{}) float64 { + aa := toFloat64(a) + return math.Ceil(aa) +} + +func round(a interface{}, p int, rOpt ...float64) float64 { + roundOn := .5 + if len(rOpt) > 0 { + roundOn = rOpt[0] + } + val := toFloat64(a) + places := toFloat64(p) + + var round float64 + pow := math.Pow(10, places) + digit := pow * val + _, div := math.Modf(digit) + if div >= roundOn { + round = math.Ceil(digit) + } else { + round = math.Floor(digit) + } + return round / pow +} + +// converts unix octal to decimal +func toDecimal(v interface{}) int64 { + result, err := strconv.ParseInt(fmt.Sprint(v), 8, 64) + if err != nil { + return 0 + } + return result +} + +func seq(params ...int) string { + increment := 1 + switch len(params) { + case 0: + return "" + case 1: + start := 1 + end := params[0] + if end < start { + increment = -1 + } + return intArrayToString(untilStep(start, end+increment, increment), " ") + case 3: + start := params[0] + end := params[2] + step := params[1] + if end < start { + increment = -1 + if step > 0 { + return "" + } + } + return intArrayToString(untilStep(start, end+increment, step), " ") + case 2: + start := params[0] + end := params[1] + step := 1 + if end < start { + step = -1 + } + return intArrayToString(untilStep(start, end+step, step), " ") + default: + return "" + } +} + +func intArrayToString(slice []int, delimeter string) string { + return strings.Trim(strings.Join(strings.Fields(fmt.Sprint(slice)), delimeter), "[]") +} diff --git a/vendor/github.com/go-task/slim-sprig/reflect.go b/vendor/github.com/go-task/slim-sprig/reflect.go new file mode 100644 index 000000000..8a65c132f --- /dev/null +++ b/vendor/github.com/go-task/slim-sprig/reflect.go @@ -0,0 +1,28 @@ +package sprig + +import ( + "fmt" + "reflect" +) + +// typeIs returns true if the src is the type named in target. +func typeIs(target string, src interface{}) bool { + return target == typeOf(src) +} + +func typeIsLike(target string, src interface{}) bool { + t := typeOf(src) + return target == t || "*"+target == t +} + +func typeOf(src interface{}) string { + return fmt.Sprintf("%T", src) +} + +func kindIs(target string, src interface{}) bool { + return target == kindOf(src) +} + +func kindOf(src interface{}) string { + return reflect.ValueOf(src).Kind().String() +} diff --git a/vendor/github.com/go-task/slim-sprig/regex.go b/vendor/github.com/go-task/slim-sprig/regex.go new file mode 100644 index 000000000..fab551018 --- /dev/null +++ b/vendor/github.com/go-task/slim-sprig/regex.go @@ -0,0 +1,83 @@ +package sprig + +import ( + "regexp" +) + +func regexMatch(regex string, s string) bool { + match, _ := regexp.MatchString(regex, s) + return match +} + +func mustRegexMatch(regex string, s string) (bool, error) { + return regexp.MatchString(regex, s) +} + +func regexFindAll(regex string, s string, n int) []string { + r := regexp.MustCompile(regex) + return r.FindAllString(s, n) +} + +func mustRegexFindAll(regex string, s string, n int) ([]string, error) { + r, err := regexp.Compile(regex) + if err != nil { + return []string{}, err + } + return r.FindAllString(s, n), nil +} + +func regexFind(regex string, s string) string { + r := regexp.MustCompile(regex) + return r.FindString(s) +} + +func mustRegexFind(regex string, s string) (string, error) { + r, err := regexp.Compile(regex) + if err != nil { + return "", err + } + return r.FindString(s), nil +} + +func regexReplaceAll(regex string, s string, repl string) string { + r := regexp.MustCompile(regex) + return r.ReplaceAllString(s, repl) +} + +func mustRegexReplaceAll(regex string, s string, repl string) (string, error) { + r, err := regexp.Compile(regex) + if err != nil { + return "", err + } + return r.ReplaceAllString(s, repl), nil +} + +func regexReplaceAllLiteral(regex string, s string, repl string) string { + r := regexp.MustCompile(regex) + return r.ReplaceAllLiteralString(s, repl) +} + +func mustRegexReplaceAllLiteral(regex string, s string, repl string) (string, error) { + r, err := regexp.Compile(regex) + if err != nil { + return "", err + } + return r.ReplaceAllLiteralString(s, repl), nil +} + +func regexSplit(regex string, s string, n int) []string { + r := regexp.MustCompile(regex) + return r.Split(s, n) +} + +func mustRegexSplit(regex string, s string, n int) ([]string, error) { + r, err := regexp.Compile(regex) + if err != nil { + return []string{}, err + } + return r.Split(s, n), nil +} + +func regexQuoteMeta(s string) string { + return regexp.QuoteMeta(s) +} diff --git a/vendor/github.com/go-task/slim-sprig/strings.go b/vendor/github.com/go-task/slim-sprig/strings.go new file mode 100644 index 000000000..3c62d6b6f --- /dev/null +++ b/vendor/github.com/go-task/slim-sprig/strings.go @@ -0,0 +1,189 @@ +package sprig + +import ( + "encoding/base32" + "encoding/base64" + "fmt" + "reflect" + "strconv" + "strings" +) + +func base64encode(v string) string { + return base64.StdEncoding.EncodeToString([]byte(v)) +} + +func base64decode(v string) string { + data, err := base64.StdEncoding.DecodeString(v) + if err != nil { + return err.Error() + } + return string(data) +} + +func base32encode(v string) string { + return base32.StdEncoding.EncodeToString([]byte(v)) +} + +func base32decode(v string) string { + data, err := base32.StdEncoding.DecodeString(v) + if err != nil { + return err.Error() + } + return string(data) +} + +func quote(str ...interface{}) string { + out := make([]string, 0, len(str)) + for _, s := range str { + if s != nil { + out = append(out, fmt.Sprintf("%q", strval(s))) + } + } + return strings.Join(out, " ") +} + +func squote(str ...interface{}) string { + out := make([]string, 0, len(str)) + for _, s := range str { + if s != nil { + out = append(out, fmt.Sprintf("'%v'", s)) + } + } + return strings.Join(out, " ") +} + +func cat(v ...interface{}) string { + v = removeNilElements(v) + r := strings.TrimSpace(strings.Repeat("%v ", len(v))) + return fmt.Sprintf(r, v...) +} + +func indent(spaces int, v string) string { + pad := strings.Repeat(" ", spaces) + return pad + strings.Replace(v, "\n", "\n"+pad, -1) +} + +func nindent(spaces int, v string) string { + return "\n" + indent(spaces, v) +} + +func replace(old, new, src string) string { + return strings.Replace(src, old, new, -1) +} + +func plural(one, many string, count int) string { + if count == 1 { + return one + } + return many +} + +func strslice(v interface{}) []string { + switch v := v.(type) { + case []string: + return v + case []interface{}: + b := make([]string, 0, len(v)) + for _, s := range v { + if s != nil { + b = append(b, strval(s)) + } + } + return b + default: + val := reflect.ValueOf(v) + switch val.Kind() { + case reflect.Array, reflect.Slice: + l := val.Len() + b := make([]string, 0, l) + for i := 0; i < l; i++ { + value := val.Index(i).Interface() + if value != nil { + b = append(b, strval(value)) + } + } + return b + default: + if v == nil { + return []string{} + } + + return []string{strval(v)} + } + } +} + +func removeNilElements(v []interface{}) []interface{} { + newSlice := make([]interface{}, 0, len(v)) + for _, i := range v { + if i != nil { + newSlice = append(newSlice, i) + } + } + return newSlice +} + +func strval(v interface{}) string { + switch v := v.(type) { + case string: + return v + case []byte: + return string(v) + case error: + return v.Error() + case fmt.Stringer: + return v.String() + default: + return fmt.Sprintf("%v", v) + } +} + +func trunc(c int, s string) string { + if c < 0 && len(s)+c > 0 { + return s[len(s)+c:] + } + if c >= 0 && len(s) > c { + return s[:c] + } + return s +} + +func join(sep string, v interface{}) string { + return strings.Join(strslice(v), sep) +} + +func split(sep, orig string) map[string]string { + parts := strings.Split(orig, sep) + res := make(map[string]string, len(parts)) + for i, v := range parts { + res["_"+strconv.Itoa(i)] = v + } + return res +} + +func splitn(sep string, n int, orig string) map[string]string { + parts := strings.SplitN(orig, sep, n) + res := make(map[string]string, len(parts)) + for i, v := range parts { + res["_"+strconv.Itoa(i)] = v + } + return res +} + +// substring creates a substring of the given string. +// +// If start is < 0, this calls string[:end]. +// +// If start is >= 0 and end < 0 or end bigger than s length, this calls string[start:] +// +// Otherwise, this calls string[start, end]. +func substring(start, end int, s string) string { + if start < 0 { + return s[:end] + } + if end < 0 || end > len(s) { + return s[start:] + } + return s[start:end] +} diff --git a/vendor/github.com/go-task/slim-sprig/url.go b/vendor/github.com/go-task/slim-sprig/url.go new file mode 100644 index 000000000..b8e120e19 --- /dev/null +++ b/vendor/github.com/go-task/slim-sprig/url.go @@ -0,0 +1,66 @@ +package sprig + +import ( + "fmt" + "net/url" + "reflect" +) + +func dictGetOrEmpty(dict map[string]interface{}, key string) string { + value, ok := dict[key] + if !ok { + return "" + } + tp := reflect.TypeOf(value).Kind() + if tp != reflect.String { + panic(fmt.Sprintf("unable to parse %s key, must be of type string, but %s found", key, tp.String())) + } + return reflect.ValueOf(value).String() +} + +// parses given URL to return dict object +func urlParse(v string) map[string]interface{} { + dict := map[string]interface{}{} + parsedURL, err := url.Parse(v) + if err != nil { + panic(fmt.Sprintf("unable to parse url: %s", err)) + } + dict["scheme"] = parsedURL.Scheme + dict["host"] = parsedURL.Host + dict["hostname"] = parsedURL.Hostname() + dict["path"] = parsedURL.Path + dict["query"] = parsedURL.RawQuery + dict["opaque"] = parsedURL.Opaque + dict["fragment"] = parsedURL.Fragment + if parsedURL.User != nil { + dict["userinfo"] = parsedURL.User.String() + } else { + dict["userinfo"] = "" + } + + return dict +} + +// join given dict to URL string +func urlJoin(d map[string]interface{}) string { + resURL := url.URL{ + Scheme: dictGetOrEmpty(d, "scheme"), + Host: dictGetOrEmpty(d, "host"), + Path: dictGetOrEmpty(d, "path"), + RawQuery: dictGetOrEmpty(d, "query"), + Opaque: dictGetOrEmpty(d, "opaque"), + Fragment: dictGetOrEmpty(d, "fragment"), + } + userinfo := dictGetOrEmpty(d, "userinfo") + var user *url.Userinfo + if userinfo != "" { + tempURL, err := url.Parse(fmt.Sprintf("proto://%s@host", userinfo)) + if err != nil { + panic(fmt.Sprintf("unable to parse userinfo in dict: %s", err)) + } + user = tempURL.User + } + + resURL.User = user + return resURL.String() +} diff --git a/vendor/github.com/golang/protobuf/jsonpb/decode.go b/vendor/github.com/golang/protobuf/jsonpb/decode.go index 60e82caa9..6c16c255f 100644 --- a/vendor/github.com/golang/protobuf/jsonpb/decode.go +++ b/vendor/github.com/golang/protobuf/jsonpb/decode.go @@ -386,8 +386,14 @@ func (u *Unmarshaler) unmarshalMessage(m protoreflect.Message, in []byte) error } func isSingularWellKnownValue(fd protoreflect.FieldDescriptor) bool { + if fd.Cardinality() == protoreflect.Repeated { + return false + } if md := fd.Message(); md != nil { - return md.FullName() == "google.protobuf.Value" && fd.Cardinality() != protoreflect.Repeated + return md.FullName() == "google.protobuf.Value" + } + if ed := fd.Enum(); ed != nil { + return ed.FullName() == "google.protobuf.NullValue" } return false } diff --git a/vendor/github.com/google/go-tpm-tools/.github/workflows/ci.yml b/vendor/github.com/google/go-tpm-tools/.github/workflows/ci.yml deleted file mode 100644 index 984b50aaa..000000000 --- a/vendor/github.com/google/go-tpm-tools/.github/workflows/ci.yml +++ /dev/null @@ -1,100 +0,0 @@ -# -# Copyright 2020 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may not -# use this file except in compliance with the License. You may obtain a copy of -# the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations under -# the License. -# - -name: CI -on: - push: - tags: - - v* - branches: - - master - - main - pull_request: - -jobs: - test: - strategy: - matrix: - go-version: [1.17.x] - # TODO: Get this working on windows-latest - os: [macos-latest, ubuntu-latest] - include: - - go-version: 1.16.x - os: ubuntu-latest - name: Build and Test (${{matrix.os}}, Go ${{ matrix.go-version }}) - runs-on: ${{ matrix.os }} - steps: - - name: Install Go - uses: actions/setup-go@v2 - with: - go-version: ${{ matrix.go-version }} - - name: Checkout code - uses: actions/checkout@v2 - - name: Install Protoc - uses: arduino/setup-protoc@v1 - with: - repo-token: ${{ secrets.GITHUB_TOKEN }} - version: '3.19.1' - - name: Install protoc-gen-go - run: go install google.golang.org/protobuf/cmd/protoc-gen-go@v1.27.1 - - name: Check Protobuf Generation - run: go generate ./... && git diff -G'^[^/]' --exit-code - - name: Install Linux packages - run: sudo apt-get -y install libssl-dev libtspi-dev - if: runner.os == 'Linux' - - name: Install Mac packages - run: brew install openssl - if: runner.os == 'macOS' - - name: Install Windows packages - run: choco install openssl - if: runner.os == 'Windows' - - name: Build - run: go build -v ./... - - name: Test - run: go test -v ./... - - lint: - name: Lint - runs-on: ubuntu-latest - steps: - - name: Install Go - uses: actions/setup-go@v2 - with: - go-version: 1.17.x - - name: Checkout code - uses: actions/checkout@v2 - - name: Install Linux packages - run: sudo apt-get -y install libssl-dev libtspi-dev - - name: Check for CGO Warnings (gcc) - run: CGO_CFLAGS=-Werror CC=gcc go build ./... - - name: Check for CGO Warnings (clang) - run: CGO_CFLAGS=-Werror CC=clang go build ./... - - name: Lint - uses: golangci/golangci-lint-action@v2 - with: - version: v1.42 - skip-go-installation: true - args: > - -D errcheck - -E stylecheck - -E goimports - -E misspell - -E revive - -E gofmt - -E goimports - --exclude-use-default=false - --max-same-issues=0 - --max-issues-per-linter=0 diff --git a/vendor/github.com/google/go-tpm-tools/.gitignore b/vendor/github.com/google/go-tpm-tools/.gitignore deleted file mode 100644 index 3a3a1b839..000000000 --- a/vendor/github.com/google/go-tpm-tools/.gitignore +++ /dev/null @@ -1,12 +0,0 @@ -*.test -*.test.exe -gotpm -!gotpm/ -gotpm.exe -files/pkg -files/src -files/go-tpm-tools -*.pkg.tar.xz -.vscode* -*.code-workspace - diff --git a/vendor/github.com/google/go-tpm-tools/CONTRIBUTING.md b/vendor/github.com/google/go-tpm-tools/CONTRIBUTING.md deleted file mode 100644 index 939e5341e..000000000 --- a/vendor/github.com/google/go-tpm-tools/CONTRIBUTING.md +++ /dev/null @@ -1,28 +0,0 @@ -# How to Contribute - -We'd love to accept your patches and contributions to this project. There are -just a few small guidelines you need to follow. - -## Contributor License Agreement - -Contributions to this project must be accompanied by a Contributor License -Agreement. You (or your employer) retain the copyright to your contribution; -this simply gives us permission to use and redistribute your contributions as -part of the project. Head over to to see -your current agreements on file or to sign a new one. - -You generally only need to submit a CLA once, so if you've already submitted one -(even if it was for a different project), you probably don't need to do it -again. - -## Code reviews - -All submissions, including submissions by project members, require review. We -use GitHub pull requests for this purpose. Consult -[GitHub Help](https://help.github.com/articles/about-pull-requests/) for more -information on using pull requests. - -## Community Guidelines - -This project follows [Google's Open Source Community -Guidelines](https://opensource.google.com/conduct/). diff --git a/vendor/github.com/google/go-tpm-tools/README.md b/vendor/github.com/google/go-tpm-tools/README.md deleted file mode 100644 index ea3451deb..000000000 --- a/vendor/github.com/google/go-tpm-tools/README.md +++ /dev/null @@ -1,142 +0,0 @@ -# Go-TPM tools [![GitHub release (latest SemVer)](https://img.shields.io/github/v/release/google/go-tpm-tools)](https://github.com/google/go-tpm-tools/releases) - -[![Build Status](https://github.com/google/go-tpm-tools/workflows/CI/badge.svg)](https://github.com/google/go-tpm-tools/actions?query=workflow%3ACI) -[![Go Reference](https://pkg.go.dev/badge/github.com/google/go-tpm-tools.svg)](https://pkg.go.dev/github.com/google/go-tpm-tools) -![GitHub go.mod Go version](https://img.shields.io/github/go-mod/go-version/google/go-tpm-tools) -[![Go Report Card](https://goreportcard.com/badge/github.com/google/go-tpm-tools)](https://goreportcard.com/report/github.com/google/go-tpm-tools) -[![License](https://img.shields.io/badge/LICENSE-Apache2.0-ff69b4.svg)](http://www.apache.org/licenses/LICENSE-2.0.html) - -The `go-tpm-tools` module is a [TPM 2.0](https://trustedcomputinggroup.org/resource/trusted-platform-module-2-0-a-brief-introduction/) support library designed to complement [Go-TPM](https://github.com/google/go-tpm). - -It contains the following public packages: - - [`client`](https://pkg.go.dev/github.com/google/go-tpm-tools/client): - A Go package providing simplified abstractions and utility functions for interacting with a TPM 2.0, including: - - Signing - - Attestation - - Reading PCRs - - Sealing/Unsealing data - - Importing Data and Keys - - Reading NVData - - Getting the TCG Event Log - - [`server`](https://pkg.go.dev/github.com/google/go-tpm-tools/server): - A Go package providing functionality for a remote server to send, receive, and interpret TPM 2.0 data. None of the commands in this package issue TPM commands, but instead handle: - - TCG Event Log parsing - - Attestation verification - - Creating data for Importing into a TPM - - [`proto`](https://pkg.go.dev/github.com/google/go-tpm-tools/proto): - Common [Protocol Buffer](https://developers.google.com/protocol-buffers) messages that are exchanged between the `client` and `server` libraries. This package also contains helper methods for validating these messages. - - [`simulator`](https://pkg.go.dev/github.com/google/go-tpm-tools/simulator): - Go bindings to the Microsoft's [TPM 2.0 simulator](https://github.com/Microsoft/ms-tpm-20-ref/). - -This repository also contains `gotpm`, a command line tool for using the TPM. -Run `gotpm --help` and `gotpm --help` for more documentation. - -### Building and Installing `gotpm` - -`gotpm` can be directly installed from this repo by running: -```bash -go install github.com/google/go-tpm-tools/cmd/gotpm@latest -# gotpm will be installed to $GOBIN -gotpm --help -``` -Alternatively, to build `gotpm` from a cloned version of this repo, run: -```bash -cd /my/path/to/cloned/go-tpm-tools -go build ./cmd/gotpm -# gotpm will be in the root of the repo -./gotpm --help -``` - -## Minimum Required Go Version - -This project currently requires Go 1.16 or newer. Any update to the minimum required Go version will be released as a **minor** version update. - -## `trousers` errors when building `server` - -When building the `server` library (or tests) you may get an error that looks like: -``` -fatal error: trousers/tss.h: No such file or directory - 17 | // #include - | ^~~~~~~~~~~~~~~~ -compilation terminated. -``` -This is because the `server` library (indirectly) depends on the [Trousers `libtspi` library](http://trousers.sourceforge.net/). This is a _temporary_ dependency ([tracking issue](https://github.com/google/go-tpm-tools/issues/109)). To fix this error, install `libtspi` by running: -```bash -sudo apt install libtspi-dev -``` - -## `openssl` errors when building `simulator` - -Similarly, when building the `simulator` library (or tests), you may get an error that looks like: -``` -fatal error: openssl/aes.h: No such file or directory - 47 | // #include - | ^~~~~~~~~~~~~~~~ -compilation terminated. -``` -This is because the `simulator` library depends on having the [OpenSSL](https://www.openssl.org/) headers installed. To fix this error, install the appropriate header package: - -### Linux - -```bash -# Ubuntu/Debian based systems -sudo apt install libssl-dev -# Redhat/Centos based systems -sudo yum install openssl-devel -# Arch Linux (headers/library in the same package) -sudo pacman -S openssl -``` - -### macOS - -First, install [Homebrew](https://brew.sh/). Then run: -```bash -brew install openssl -``` - -### Windows - -First, install [Chocolatey](https://chocolatey.org/). Then run: -```bash -choco install openssl -``` - -### Custom install location - -If you want to use a different installation of OpenSSL, or you are getting -linker errors like `ld: library not found for -lcrypto`, you can directly -point Go your installation. We will assume your installation is located at -`$OPENSSL_PATH` (with `lib` and `include` subdirectories). - -#### Add OpenSSL to the include and library path at the command line -This solution does not require modifying go-tpm-tools code and is useful when -working on other projects that depend on go-tpm-tools/simulator. -``` -C_INCLUDE_PATH="$OPENSSL_PATH/include" LIBRARY_PATH="$OPENSSL_PATH/lib" go test ... -``` - -#### Add OpenSSL to the include and library path in the code -This solution modifies your local copy of the go-tpm-tools simulator source -and removes the need to provide the paths on the command line. - -Modify the `CFLAGS`/`LDFLAGS` options beginning with `#cgo darwin` or -`#cgo windows` in `simulator/internal/internal.go` to point at your -installation. This could look something like: -```diff -// #cgo darwin CFLAGS: -I $OPENSSL_PATH/include -// #cgo darwin LDFLAGS: -L $OPENSSL_PATH/lib -``` -Remember to revert your modifications to `simulator/internal/internal.go` -before committing your changes. - -## No TPM 1.2 support - -Unlike [Go-TPM](https://github.com/google/go-tpm) (which supports TPM 1.2 and TPM 2.0), this module explicitly only supports TPM 2.0. Users should avoid use of TPM 1.2 due to the inherent reliance on SHA1 (which is [quite broken](https://sha-mbles.github.io/)). - -## Legal - -Copyright 2018 Google Inc. under the -[Apache 2.0 License](https://www.apache.org/licenses/LICENSE-2.0). Microsoft's TPM simulator -code is licensed under a [3-clause BSD license](https://opensource.org/licenses/BSD-3-Clause) and the [TCG software license](https://trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-1-Architecture-01.38.pdf). See the `LICENSE` file for more information. - -This is not an official Google product. diff --git a/vendor/github.com/google/go-tpm-tools/cel/canonical_eventlog.go b/vendor/github.com/google/go-tpm-tools/cel/canonical_eventlog.go deleted file mode 100644 index 59fcb0201..000000000 --- a/vendor/github.com/google/go-tpm-tools/cel/canonical_eventlog.go +++ /dev/null @@ -1,413 +0,0 @@ -// Package cel contains some basic operations of Canonical Eventlog. -// Based on Canonical EventLog Spec (Draft) Version: TCG_IWG_CEL_v1_r0p37. -package cel - -import ( - "bytes" - "crypto" - "encoding/binary" - "fmt" - "io" - - pb "github.com/google/go-tpm-tools/proto/tpm" - "github.com/google/go-tpm/tpm2" - "github.com/google/go-tpm/tpmutil" -) - -const ( - // CEL spec 5.1 - recnumTypeValue uint8 = 0 - pcrTypeValue uint8 = 1 - _ uint8 = 2 // nvindex field is not supported yet - digestsTypeValue uint8 = 3 - - tlvTypeFieldLength int = 1 - tlvLengthFieldLength int = 4 - - recnumValueLength uint32 = 8 // support up to 2^64 records - pcrValueLength uint32 = 1 // support up to 256 PCRs -) - -// TLV definition according to CEL spec TCG_IWG_CEL_v1_r0p37, page 16. -// Length is implicitly defined by len(Value), using uint32 big-endian -// when encoding. -type TLV struct { - Type uint8 - Value []byte -} - -// MarshalBinary marshals a TLV to a byte slice. -func (t TLV) MarshalBinary() (data []byte, err error) { - buf := make([]byte, len(t.Value)+tlvTypeFieldLength+tlvLengthFieldLength) - - buf[0] = t.Type - binary.BigEndian.PutUint32(buf[tlvTypeFieldLength:], uint32(len(t.Value))) - copy(buf[tlvTypeFieldLength+tlvLengthFieldLength:], t.Value) - - return buf, nil -} - -// UnmarshalBinary unmarshal a byte slice to a TLV. -func (t *TLV) UnmarshalBinary(data []byte) error { - valueLength := binary.BigEndian.Uint32(data[tlvTypeFieldLength : tlvTypeFieldLength+tlvLengthFieldLength]) - - if valueLength != uint32(len(data[tlvTypeFieldLength+tlvLengthFieldLength:])) { - return fmt.Errorf("TLV Length doesn't match the size of its Value") - } - t.Type = data[0] - t.Value = data[tlvTypeFieldLength+tlvLengthFieldLength:] - - return nil -} - -// UnmarshalFirstTLV reads and parse the first TLV from the bytes buffer. The function will -// return io.EOF if the buf ends unexpectedly or cannot fill the TLV. -func UnmarshalFirstTLV(buf *bytes.Buffer) (tlv TLV, err error) { - typeByte, err := buf.ReadByte() - if err != nil { - return tlv, err - } - var data []byte - data = append(data, typeByte) - - // get the length - lengthBytes := make([]byte, tlvLengthFieldLength) - bytesRead, err := buf.Read(lengthBytes) - if err != nil { - return TLV{}, err - } - if bytesRead != tlvLengthFieldLength { - return TLV{}, io.EOF - } - valueLength := binary.BigEndian.Uint32(lengthBytes) - data = append(data, lengthBytes...) - - valueBytes := make([]byte, valueLength) - bytesRead, err = buf.Read(valueBytes) - if err != nil { - return TLV{}, err - } - if uint32(bytesRead) != valueLength { - return TLV{}, io.EOF - } - data = append(data, valueBytes...) - - if err = (&tlv).UnmarshalBinary(data); err != nil { - return TLV{}, err - } - return tlv, nil -} - -// Record represents a Canonical Eventlog Record. -type Record struct { - RecNum uint64 - PCR uint8 - Digests map[crypto.Hash][]byte - Content TLV -} - -// Content is a interface for the content in CELR. -type Content interface { - GenerateDigest(crypto.Hash) ([]byte, error) - GetTLV() (TLV, error) -} - -// CEL represents a Canonical Eventlog, which contains a list of Records. -type CEL struct { - Records []Record -} - -// AppendEvent appends a new record to the CEL. -func (c *CEL) AppendEvent(tpm io.ReadWriteCloser, pcr int, hashAlgos []crypto.Hash, event Content) error { - if len(hashAlgos) == 0 { - return fmt.Errorf("need to specify at least one hash algorithm") - } - digestsMap := make(map[crypto.Hash][]byte) - - for _, hashAlgo := range hashAlgos { - digest, err := event.GenerateDigest(hashAlgo) - if err != nil { - return err - } - digestsMap[hashAlgo] = digest - - tpm2Alg, err := tpm2.HashToAlgorithm(hashAlgo) - if err != nil { - return err - } - if err := tpm2.PCRExtend(tpm, tpmutil.Handle(pcr), tpm2Alg, digest, ""); err != nil { - return fmt.Errorf("failed to extend event to PCR%d: %v", pcr, err) - } - } - - eventTlv, err := event.GetTLV() - if err != nil { - return err - } - - celr := Record{ - RecNum: uint64(len(c.Records)), - PCR: uint8(pcr), - Digests: digestsMap, - Content: eventTlv, - } - - c.Records = append(c.Records, celr) - return nil -} - -func createRecNumField(recNum uint64) TLV { - value := make([]byte, recnumValueLength) - binary.BigEndian.PutUint64(value, recNum) - return TLV{recnumTypeValue, value} -} - -// UnmarshalRecNum takes in a TLV with its type equals to the recnum type value (0), and -// return its record number. -func unmarshalRecNum(tlv TLV) (uint64, error) { - if tlv.Type != recnumTypeValue { - return 0, fmt.Errorf("type of the TLV [%d] indicates it is not a recnum field [%d]", - tlv.Type, recnumTypeValue) - } - if uint32(len(tlv.Value)) != recnumValueLength { - return 0, fmt.Errorf( - "length of the value of the TLV [%d] doesn't match the defined length [%d] of value for recnum", - len(tlv.Value), recnumValueLength) - } - return binary.BigEndian.Uint64(tlv.Value), nil -} - -func createPCRField(pcrNum uint8) TLV { - return TLV{pcrTypeValue, []byte{pcrNum}} -} - -// UnmarshalPCR takes in a TLV with its type equals to the PCR type value (1), and -// return its PCR number. -func unmarshalPCR(tlv TLV) (pcrNum uint8, err error) { - if tlv.Type != pcrTypeValue { - return 0, fmt.Errorf("type of the TLV [%d] indicates it is not a PCR field [%d]", - tlv.Type, pcrTypeValue) - } - if uint32(len(tlv.Value)) != pcrValueLength { - return 0, fmt.Errorf( - "length of the value of the TLV [%d] doesn't match the defined length [%d] of value for a PCR field", - len(tlv.Value), pcrValueLength) - } - - return tlv.Value[0], nil -} - -func createDigestField(digestMap map[crypto.Hash][]byte) (TLV, error) { - var buf bytes.Buffer - for hashAlgo, hash := range digestMap { - if len(hash) != hashAlgo.Size() { - return TLV{}, fmt.Errorf("digest length [%d] doesn't match the expected length [%d] for the hash algorithm", - len(hash), hashAlgo.Size()) - } - tpmHashAlg, err := tpm2.HashToAlgorithm(hashAlgo) - if err != nil { - return TLV{}, err - } - singleDigestTLV := TLV{uint8(tpmHashAlg), hash} - d, err := singleDigestTLV.MarshalBinary() - if err != nil { - return TLV{}, err - } - _, err = buf.Write(d) - if err != nil { - return TLV{}, err - } - } - return TLV{digestsTypeValue, buf.Bytes()}, nil -} - -// UnmarshalDigests takes in a TLV with its type equals to the digests type value (3), and -// return its digests content in a map, the key is its TPM hash algorithm. -func unmarshalDigests(tlv TLV) (digestsMap map[crypto.Hash][]byte, err error) { - if tlv.Type != digestsTypeValue { - return nil, fmt.Errorf("type of the TLV indicates it doesn't contain digests") - } - - buf := bytes.NewBuffer(tlv.Value) - digestsMap = make(map[crypto.Hash][]byte) - - for buf.Len() > 0 { - digestTLV, err := UnmarshalFirstTLV(buf) - if err == io.EOF { - return nil, fmt.Errorf("buffer ends unexpectedly") - } else if err != nil { - return nil, err - } - hashAlg, err := tpm2.Algorithm(digestTLV.Type).Hash() - if err != nil { - return nil, err - } - digestsMap[hashAlg] = digestTLV.Value - } - return digestsMap, nil -} - -// EncodeCELR encodes the CELR to bytes according to the CEL spec and write them -// to the bytes byffer. -func (r *Record) EncodeCELR(buf *bytes.Buffer) error { - recnumField, err := createRecNumField(r.RecNum).MarshalBinary() - if err != nil { - return err - } - pcrField, err := createPCRField(r.PCR).MarshalBinary() - if err != nil { - return err - } - digests, err := createDigestField(r.Digests) - if err != nil { - return err - } - digestsField, err := digests.MarshalBinary() - if err != nil { - return err - } - eventField, err := r.Content.MarshalBinary() - if err != nil { - return err - } - _, err = buf.Write(recnumField) - if err != nil { - return err - } - _, err = buf.Write(pcrField) - if err != nil { - return err - } - _, err = buf.Write(digestsField) - if err != nil { - return err - } - _, err = buf.Write(eventField) - if err != nil { - return err - } - return nil -} - -// EncodeCEL encodes the CEL to bytes according to the CEL spec and write them -// to the bytes buffer. -func (c *CEL) EncodeCEL(buf *bytes.Buffer) error { - for _, record := range c.Records { - if err := record.EncodeCELR(buf); err != nil { - return err - } - } - return nil -} - -// DecodeToCEL will read the buf for CEL, will return err if the buffer -// is not complete. -func DecodeToCEL(buf *bytes.Buffer) (CEL, error) { - var cel CEL - for buf.Len() > 0 { - celr, err := DecodeToCELR(buf) - if err == io.EOF { - return CEL{}, fmt.Errorf("buffer ends unexpectedly") - } - if err != nil { - return CEL{}, err - } - cel.Records = append(cel.Records, celr) - } - return cel, nil -} - -// DecodeToCELR will read the buf for the next CELR, will return err if -// failed to unmarshal a correct CELR TLV from the buffer. -func DecodeToCELR(buf *bytes.Buffer) (r Record, err error) { - recnum, err := UnmarshalFirstTLV(buf) - if err != nil { - return Record{}, err - } - r.RecNum, err = unmarshalRecNum(recnum) - if err != nil { - return Record{}, err - } - - pcr, err := UnmarshalFirstTLV(buf) - if err != nil { - return Record{}, err - } - r.PCR, err = unmarshalPCR(pcr) - if err != nil { - return Record{}, err - } - - digests, err := UnmarshalFirstTLV(buf) - if err != nil { - return Record{}, err - } - r.Digests, err = unmarshalDigests(digests) - if err != nil { - return Record{}, err - } - - r.Content, err = UnmarshalFirstTLV(buf) - if err != nil { - return Record{}, err - } - return r, nil -} - -// Replay takes the digests from a Canonical Event Log and carries out the -// extend sequence for each PCR in the log. It then compares the final digests -// against a bank of PCR values to see if they match. -func (c *CEL) Replay(bank *pb.PCRs) error { - tpm2Alg := tpm2.Algorithm(bank.GetHash()) - cryptoHash, err := tpm2Alg.Hash() - if err != nil { - return err - } - replayed := make(map[uint8][]byte) - for _, record := range c.Records { - if _, ok := replayed[record.PCR]; !ok { - replayed[record.PCR] = make([]byte, cryptoHash.Size()) - } - hasher := cryptoHash.New() - digestsMap := record.Digests - digest, ok := digestsMap[cryptoHash] - if !ok { - return fmt.Errorf("the CEL record did not contain a %v digest", cryptoHash) - } - hasher.Write(replayed[record.PCR]) - hasher.Write(digest) - replayed[record.PCR] = hasher.Sum(nil) - } - - var failedReplayPcrs []uint8 - for replayPcr, replayDigest := range replayed { - bankDigest, ok := bank.Pcrs[uint32(replayPcr)] - if !ok { - return fmt.Errorf("the CEL contained record(s) for PCR%d without a matching PCR in the bank to verify", replayPcr) - } - if !bytes.Equal(bankDigest, replayDigest) { - failedReplayPcrs = append(failedReplayPcrs, replayPcr) - } - } - - if len(failedReplayPcrs) == 0 { - return nil - } - - return fmt.Errorf("CEL replay failed for these PCRs in bank %v: %v", cryptoHash, failedReplayPcrs) -} - -// VerifyDigests checks the digest generated by the given record's content to make sure they are equal to -// the digests in the digestMap. -func VerifyDigests(c Content, digestMap map[crypto.Hash][]byte) error { - for hash, digest := range digestMap { - generatedDigest, err := c.GenerateDigest(hash) - if err != nil { - return err - } - if !bytes.Equal(generatedDigest, digest) { - return fmt.Errorf("CEL record content digest verification failed for %s", hash) - } - } - return nil -} diff --git a/vendor/github.com/google/go-tpm-tools/cel/canonical_eventlog_test.go b/vendor/github.com/google/go-tpm-tools/cel/canonical_eventlog_test.go deleted file mode 100644 index b8ed4b831..000000000 --- a/vendor/github.com/google/go-tpm-tools/cel/canonical_eventlog_test.go +++ /dev/null @@ -1,173 +0,0 @@ -package cel - -import ( - "bytes" - "crypto" - "crypto/rand" - "io" - "reflect" - "testing" - - "github.com/google/go-tpm-tools/client" - "github.com/google/go-tpm-tools/internal/test" - pb "github.com/google/go-tpm-tools/proto/tpm" - "github.com/google/go-tpm/tpm2" -) - -func TestCELEncodingDecoding(t *testing.T) { - tpm := test.GetTPM(t) - defer client.CheckedClose(t, tpm) - - hashAlgoList := []crypto.Hash{crypto.SHA256, crypto.SHA1, crypto.SHA512} - cel := &CEL{} - - cosEvent := CosTlv{ImageDigestType, []byte("sha256:781d8dfdd92118436bd914442c8339e653b83f6bf3c1a7a98efcfb7c4fed7483")} - appendOrFatal(t, cel, tpm, test.DebugPCR, hashAlgoList, cosEvent) - - cosEvent2 := CosTlv{ImageRefType, []byte("docker.io/bazel/experimental/test:latest")} - appendOrFatal(t, cel, tpm, test.ApplicationPCR, hashAlgoList, cosEvent2) - - var buf bytes.Buffer - if err := cel.EncodeCEL(&buf); err != nil { - t.Fatal(err) - } - decodedcel, err := DecodeToCEL(&buf) - if err != nil { - t.Fatal(err) - } - if len(decodedcel.Records) != 2 { - t.Errorf("should have two records") - } - if decodedcel.Records[0].RecNum != 0 { - t.Errorf("recnum mismatch") - } - if decodedcel.Records[1].RecNum != 1 { - t.Errorf("recnum mismatch") - } - if decodedcel.Records[0].PCR != uint8(test.DebugPCR) { - t.Errorf("pcr value mismatch") - } - if decodedcel.Records[1].PCR != uint8(test.ApplicationPCR) { - t.Errorf("pcr value mismatch") - } - - if !reflect.DeepEqual(decodedcel.Records, cel.Records) { - t.Errorf("decoded CEL doesn't equal to the original one") - } -} - -func TestCELMeasureAndReplay(t *testing.T) { - tpm := test.GetTPM(t) - defer client.CheckedClose(t, tpm) - - cel := &CEL{} - measuredHashes := []crypto.Hash{crypto.SHA256, crypto.SHA1, crypto.SHA512} - - cosEvent := CosTlv{ImageRefType, []byte("docker.io/bazel/experimental/test:latest")} - someEvent2 := make([]byte, 10) - rand.Read(someEvent2) - cosEvent2 := CosTlv{ImageDigestType, someEvent2} - appendOrFatal(t, cel, tpm, test.DebugPCR, measuredHashes, cosEvent) - appendOrFatal(t, cel, tpm, test.DebugPCR, measuredHashes, cosEvent2) - - appendOrFatal(t, cel, tpm, test.ApplicationPCR, measuredHashes, cosEvent2) - appendOrFatal(t, cel, tpm, test.ApplicationPCR, measuredHashes, cosEvent) - appendOrFatal(t, cel, tpm, test.ApplicationPCR, measuredHashes, cosEvent) - - replay(t, cel, tpm, measuredHashes, - []int{test.DebugPCR, test.ApplicationPCR}, - /*shouldSucceed=*/ true) - // Supersets should pass. - replay(t, cel, tpm, measuredHashes, - []int{0, 13, 14, test.DebugPCR, 22, test.ApplicationPCR}, - /*shouldSucceed=*/ true) -} - -func TestCELReplayFailTamperedDigest(t *testing.T) { - tpm := test.GetTPM(t) - defer client.CheckedClose(t, tpm) - - cel := &CEL{} - measuredHashes := []crypto.Hash{crypto.SHA256, crypto.SHA1, crypto.SHA512} - - cosEvent := CosTlv{ImageRefType, []byte("docker.io/bazel/experimental/test:latest")} - someEvent2 := make([]byte, 10) - - rand.Read(someEvent2) - cosEvent2 := CosTlv{ImageDigestType, someEvent2} - appendOrFatal(t, cel, tpm, test.DebugPCR, measuredHashes, cosEvent) - appendOrFatal(t, cel, tpm, test.DebugPCR, measuredHashes, cosEvent2) - - appendOrFatal(t, cel, tpm, test.ApplicationPCR, measuredHashes, cosEvent2) - appendOrFatal(t, cel, tpm, test.ApplicationPCR, measuredHashes, cosEvent) - appendOrFatal(t, cel, tpm, test.ApplicationPCR, measuredHashes, cosEvent) - - modifiedRecord := cel.Records[3] - for hash := range modifiedRecord.Digests { - newDigest := make([]byte, hash.Size()) - rand.Read(newDigest) - modifiedRecord.Digests[hash] = newDigest - } - replay(t, cel, tpm, measuredHashes, - []int{test.DebugPCR, test.ApplicationPCR}, - /*shouldSucceed=*/ false) -} - -func TestCELReplayEmpty(t *testing.T) { - tpm := test.GetTPM(t) - defer client.CheckedClose(t, tpm) - - cel := &CEL{} - replay(t, cel, tpm, []crypto.Hash{crypto.SHA256, crypto.SHA1, crypto.SHA512}, - []int{test.DebugPCR, test.ApplicationPCR}, - /*shouldSucceed=*/ true) -} - -func TestCELReplayFailMissingPCRsInBank(t *testing.T) { - tpm := test.GetTPM(t) - defer client.CheckedClose(t, tpm) - - cel := &CEL{} - measuredHashes := []crypto.Hash{crypto.SHA256, crypto.SHA1, crypto.SHA512} - - someEvent := make([]byte, 10) - someEvent2 := make([]byte, 10) - rand.Read(someEvent2) - appendOrFatal(t, cel, tpm, test.DebugPCR, measuredHashes, CosTlv{ImageRefType, someEvent}) - appendOrFatal(t, cel, tpm, test.ApplicationPCR, measuredHashes, CosTlv{ImageDigestType, someEvent2}) - replay(t, cel, tpm, measuredHashes, - []int{test.DebugPCR}, - /*shouldSucceed=*/ false) - replay(t, cel, tpm, measuredHashes, - []int{test.ApplicationPCR}, - /*shouldSucceed=*/ false) -} - -func replay(t *testing.T, cel *CEL, tpm io.ReadWriteCloser, measuredHashes []crypto.Hash, pcrs []int, shouldSucceed bool) { - for _, hash := range measuredHashes { - tpm2Hash, err := tpm2.HashToAlgorithm(hash) - if err != nil { - t.Fatal(err) - } - pcrMap, err := tpm2.ReadPCRs(tpm, tpm2.PCRSelection{Hash: tpm2Hash, PCRs: pcrs}) - if err != nil { - t.Fatal(err) - } - pbPcr := &pb.PCRs{Hash: pb.HashAlgo(tpm2Hash), - Pcrs: map[uint32][]byte{}, - } - for index, val := range pcrMap { - pbPcr.Pcrs[uint32(index)] = val - } - if err := cel.Replay(pbPcr); shouldSucceed && err != nil { - t.Errorf("failed to replay CEL on %v bank: %v", - pb.HashAlgo_name[int32(pbPcr.Hash)], err) - } - } -} - -func appendOrFatal(t *testing.T, cel *CEL, tpm io.ReadWriteCloser, pcr int, hashAlgos []crypto.Hash, event Content) { - if err := cel.AppendEvent(tpm, pcr, hashAlgos, event); err != nil { - t.Fatalf("failed to append event: %v", err) - } -} diff --git a/vendor/github.com/google/go-tpm-tools/cel/cos_tlv.go b/vendor/github.com/google/go-tpm-tools/cel/cos_tlv.go deleted file mode 100644 index 170026026..000000000 --- a/vendor/github.com/google/go-tpm-tools/cel/cos_tlv.go +++ /dev/null @@ -1,120 +0,0 @@ -package cel - -import ( - "crypto" - "fmt" - "regexp" - "strings" - "unicode/utf8" -) - -const ( - // CosEventType indicate the CELR event is a COS content - // TODO: the value needs to be reserved in the CEL spec - CosEventType uint8 = 80 -) - -// CosType represent a COS content type in a CEL record content. -type CosType uint8 - -// Type for COS nested events -const ( - ImageRefType CosType = iota - ImageDigestType - RestartPolicyType - ImageIDType - ArgType - EnvVarType -) - -// CosTlv is a specific event type created for the COS (Google Container-Optimized OS), -// used as a CEL content. -type CosTlv struct { - EventType CosType - EventContent []byte -} - -// GetTLV returns the TLV representation of the COS TLV. -func (c CosTlv) GetTLV() (TLV, error) { - data, err := TLV{uint8(c.EventType), c.EventContent}.MarshalBinary() - if err != nil { - return TLV{}, err - } - - return TLV{ - Type: CosEventType, - Value: data, - }, nil -} - -// GenerateDigest generates the digest for the given COS TLV. The whole TLV struct will -// be marshaled to bytes and feed into the hash algo. -func (c CosTlv) GenerateDigest(hashAlgo crypto.Hash) ([]byte, error) { - contentTLV, err := c.GetTLV() - if err != nil { - return nil, err - } - - b, err := contentTLV.MarshalBinary() - if err != nil { - return nil, err - } - - hash := hashAlgo.New() - if _, err = hash.Write(b); err != nil { - return nil, err - } - return hash.Sum(nil), nil -} - -// ParseToCosTlv constructs a CosTlv from a TLV. It will check for the correct COS event -// type, and unmarshal the nested event. -func (t TLV) ParseToCosTlv() (CosTlv, error) { - if !t.IsCosTlv() { - return CosTlv{}, fmt.Errorf("TLV type %v is not a COS event", t.Type) - } - nestedEvent := TLV{} - err := nestedEvent.UnmarshalBinary(t.Value) - if err != nil { - return CosTlv{}, err - } - return CosTlv{CosType(nestedEvent.Type), nestedEvent.Value}, nil -} - -// IsCosTlv check whether a TLV is a COS TLV by its Type value. -func (t TLV) IsCosTlv() bool { - return t.Type == CosEventType -} - -// FormatEnvVar takes in an environment variable name and its value, run some checks. Concats -// the name and value by '=' and returns it if valid; returns an error if the name or value -// is invalid. -func FormatEnvVar(name string, value string) (string, error) { - if !utf8.ValidString(name) { - return "", fmt.Errorf("malformed env name, contains non-utf8 character: [%s]", name) - } - if !utf8.ValidString(value) { - return "", fmt.Errorf("malformed env value, contains non-utf8 character: [%s]", value) - } - var envVarNameRegexp = regexp.MustCompile("^[a-zA-Z_][a-zA-Z0-9_]*$") - if !envVarNameRegexp.MatchString(name) { - return "", fmt.Errorf("malformed env name [%s], env name must start with an alpha character or '_', followed by a string of alphanumeric characters or '_' (%s)", name, envVarNameRegexp) - } - return name + "=" + value, nil -} - -// ParseEnvVar takes in environment variable as a string (foo=bar), parses it and returns its name -// and value, or an error if it fails the validation check. -func ParseEnvVar(envvar string) (string, string, error) { - // switch to strings.Cut when upgrading to go 1.18 - e := strings.SplitN(string(envvar), "=", 2) - if len(e) < 2 { - return "", "", fmt.Errorf("malformed env var, doesn't contain '=': [%s]", envvar) - } - - if _, err := FormatEnvVar(e[0], e[1]); err != nil { - return "", "", err - } - - return e[0], e[1], nil -} diff --git a/vendor/github.com/google/go-tpm-tools/cel/cos_tlv_test.go b/vendor/github.com/google/go-tpm-tools/cel/cos_tlv_test.go deleted file mode 100644 index ea612b665..000000000 --- a/vendor/github.com/google/go-tpm-tools/cel/cos_tlv_test.go +++ /dev/null @@ -1,124 +0,0 @@ -package cel - -import ( - "bytes" - "crypto" - "strings" - "testing" - - "github.com/google/go-cmp/cmp" - "github.com/google/go-tpm-tools/client" - "github.com/google/go-tpm-tools/internal/test" - pb "github.com/google/go-tpm-tools/proto/attest" -) - -func TestCosEventlog(t *testing.T) { - tpm := test.GetTPM(t) - defer client.CheckedClose(t, tpm) - - hashAlgoList := []crypto.Hash{crypto.SHA256, crypto.SHA1, crypto.SHA512} - cel := &CEL{} - - testEvents := []struct { - cosNestedEventType CosType - pcr int - eventPayload []byte - }{ - {ImageRefType, test.DebugPCR, []byte("docker.io/bazel/experimental/test:latest")}, - {ImageDigestType, test.DebugPCR, []byte("sha256:781d8dfdd92118436bd914442c8339e653b83f6bf3c1a7a98efcfb7c4fed7483")}, - {RestartPolicyType, test.DebugPCR, []byte(pb.RestartPolicy_Never.String())}, - {ImageIDType, test.DebugPCR, []byte("sha256:5DF4A1AC347DCF8CF5E9D0ABC04B04DB847D1B88D3B1CC1006F0ACB68E5A1F4B")}, - {EnvVarType, test.DebugPCR, []byte("foo=bar")}, - {EnvVarType, test.DebugPCR, []byte("bar=baz")}, - {EnvVarType, test.DebugPCR, []byte("baz=foo=bar")}, - {EnvVarType, test.DebugPCR, []byte("empty=")}, - {ArgType, test.DebugPCR, []byte("--x")}, - {ArgType, test.DebugPCR, []byte("--y")}, - } - - for _, testEvent := range testEvents { - cos := CosTlv{testEvent.cosNestedEventType, testEvent.eventPayload} - if err := cel.AppendEvent(tpm, testEvent.pcr, hashAlgoList, cos); err != nil { - t.Fatal(err.Error()) - } - } - - var buf bytes.Buffer - if err := cel.EncodeCEL(&buf); err != nil { - t.Fatal(err) - } - decodedcel, err := DecodeToCEL(&buf) - if err != nil { - t.Fatal(err) - } - - if len(decodedcel.Records) != 10 { - t.Errorf("should have ten records") - } - - for i, testEvent := range testEvents { - extractedCos, err := decodedcel.Records[i].Content.ParseToCosTlv() - if err != nil { - t.Fatal(err) - } - - want := CosTlv{testEvent.cosNestedEventType, testEvent.eventPayload} - if !cmp.Equal(extractedCos, want) { - t.Errorf("decoded COS TLV got %+v, want %+v", extractedCos, want) - } - } -} - -func TestParseEnvVar(t *testing.T) { - tests := []struct { - testName string - envVar string - envName string - envValue string - expectedErrSubstring string - }{ - {"normal case 1", "foo=bar", "foo", "bar", ""}, - {"normal case 2", "FOO=1", "FOO", "1", ""}, - {"normal case 3", "SESSION_MANAGER=\"`\\local/:@?%/tmp/.u/1,unix/.com:/tmp/.u/5\"", "SESSION_MANAGER", "\"`\\local/:@?%/tmp/.u/1,unix/.com:/tmp/.u/5\"", ""}, - {"no =", "foo", "", "", "malformed env var, doesn't contain '='"}, - {"empty", "", "", "", "malformed env var, doesn't contain '='"}, - {"empty value", "foo=", "foo", "", ""}, - {"multiple =", "foo=bar=baz=", "foo", "bar=baz=", ""}, - {"bad name", "3foo=bar=baz=", "", "", "env name must start with an alpha character or '_'"}, - {"bad name quote", "foo\"=bar=baz=", "", "", "env name must start with an alpha character or '_'"}, - {"empty name", "=bar=baz=", "", "", "env name must start with an alpha character or '_'"}, - {"non utf-8 value", string([]byte{'f', '=', 0xC0, 2, 2, '='}), "", "", "malformed env value, contains non-utf8 character"}, - {"non utf-8 name", string([]byte{'a', 0xC0, 2, 2, '='}), "", "", "malformed env name, contains non-utf8 character"}, - } - - for _, test := range tests { - t.Run(test.testName, func(t *testing.T) { - n, v, err := ParseEnvVar(test.envVar) - - if n != test.envName { - t.Errorf("envName mismatch, want [%s], got [%s]", test.envName, n) - } - if v != test.envValue { - t.Errorf("envValue mismatch, want [%s], got [%s]", test.envValue, v) - } - if test.expectedErrSubstring == "" { - if err != nil { - t.Errorf("expected no error, but got [%s]", err) - } else { - formattedEnvVar, err := FormatEnvVar(test.envName, test.envValue) - if err != nil { - t.Errorf("expected no error, but got [%s]", err) - } else if formattedEnvVar != test.envVar { - t.Errorf("formattedEnvVar mismatch, want [%s], got [%s]", test.envVar, formattedEnvVar) - } - } - } else { - if err == nil { - t.Errorf("expected error substring [%s], but got no error", test.expectedErrSubstring) - } else if !strings.Contains(err.Error(), test.expectedErrSubstring) { - t.Errorf("expected error substring [%s], but got [%v]", test.expectedErrSubstring, err) - } - } - }) - } -} diff --git a/vendor/github.com/google/go-tpm-tools/client/attest.go b/vendor/github.com/google/go-tpm-tools/client/attest.go deleted file mode 100644 index 46a86c958..000000000 --- a/vendor/github.com/google/go-tpm-tools/client/attest.go +++ /dev/null @@ -1,66 +0,0 @@ -package client - -import ( - "fmt" - - pb "github.com/google/go-tpm-tools/proto/attest" -) - -// AttestOpts allows for customizing the functionality of Attest. -type AttestOpts struct { - // A unique, application-specific nonce used to guarantee freshness of the - // attestation. This must not be empty, and should generally be long enough - // to make brute force attacks infeasible. - // - // For security reasons, applications should not allow for attesting with - // arbitrary, externally-provided nonces. The nonce should be prefixed or - // otherwise bound (i.e. via a KDF) to application-specific data. For more - // information on why this is an issue, see this paper on robust remote - // attestation protocols: - // https://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.70.4562&rep=rep1&type=pdf - Nonce []byte - // TCG Canonical Event Log to add to the attestation. - // Currently, we only support PCR replay for PCRs orthogonal to those in the - // firmware event log, where PCRs 0-9 and 14 are often measured. If the two - // logs overlap, server-side verification using this library may fail. - CanonicalEventLog []byte -} - -// Attest generates an Attestation containing the TCG Event Log and a Quote over -// all PCR banks. The provided nonce can be used to guarantee freshness of the -// attestation. This function will return an error if the key is not a -// restricted signing key. -// -// AttestOpts is used for additional configuration of the Attestation process. -// This is primarily used to pass the attestation's nonce: -// -// attestation, err := key.Attest(client.AttestOpts{Nonce: my_nonce}) -func (k *Key) Attest(opts AttestOpts) (*pb.Attestation, error) { - if len(opts.Nonce) == 0 { - return nil, fmt.Errorf("provided nonce must not be empty") - } - sels, err := implementedPCRs(k.rw) - if err != nil { - return nil, err - } - - attestation := pb.Attestation{} - if attestation.AkPub, err = k.PublicArea().Encode(); err != nil { - return nil, fmt.Errorf("failed to encode public area: %w", err) - } - attestation.AkCert = k.CertDERBytes() - for _, sel := range sels { - quote, err := k.Quote(sel, opts.Nonce) - if err != nil { - return nil, err - } - attestation.Quotes = append(attestation.Quotes, quote) - } - if attestation.EventLog, err = GetEventLog(k.rw); err != nil { - return nil, fmt.Errorf("failed to retrieve TCG Event Log: %w", err) - } - if len(opts.CanonicalEventLog) != 0 { - attestation.CanonicalEventLog = opts.CanonicalEventLog - } - return &attestation, nil -} diff --git a/vendor/github.com/google/go-tpm-tools/client/close.go b/vendor/github.com/google/go-tpm-tools/client/close.go deleted file mode 100644 index 31700c33c..000000000 --- a/vendor/github.com/google/go-tpm-tools/client/close.go +++ /dev/null @@ -1,29 +0,0 @@ -package client - -import ( - "io" - "testing" - - "github.com/google/go-tpm/tpm2" -) - -// CheckedClose closes the simulator and asserts that there were no leaked handles. -func CheckedClose(tb testing.TB, rwc io.ReadWriteCloser) { - for _, t := range []tpm2.HandleType{ - tpm2.HandleTypeLoadedSession, - tpm2.HandleTypeSavedSession, - tpm2.HandleTypeTransient, - } { - handles, err := Handles(rwc, t) - if err != nil { - tb.Errorf("failed to fetch handles of type %v: %v", t, err) - } - if len(handles) != 0 { - tb.Errorf("tests leaked handles: %v", handles) - } - } - - if err := rwc.Close(); err != nil { - tb.Errorf("when closing simulator: %v", err) - } -} diff --git a/vendor/github.com/google/go-tpm-tools/client/eventlog.go b/vendor/github.com/google/go-tpm-tools/client/eventlog.go deleted file mode 100644 index 9c74e0bba..000000000 --- a/vendor/github.com/google/go-tpm-tools/client/eventlog.go +++ /dev/null @@ -1,19 +0,0 @@ -package client - -import "io" - -// GetEventLog grabs the crypto-agile TCG event log for the system. The TPM can -// override this implementation by implementing EventLogGetter. -func GetEventLog(rw io.ReadWriter) ([]byte, error) { - if elg, ok := rw.(EventLogGetter); ok { - return elg.EventLog() - } - return getRealEventLog() -} - -// EventLogGetter allows a TPM (io.ReadWriter) to specify a particular -// implementation for GetEventLog(). This is useful for testing and necessary -// for Windows Event Log support (which requires a handle to the TPM). -type EventLogGetter interface { - EventLog() ([]byte, error) -} diff --git a/vendor/github.com/google/go-tpm-tools/client/eventlog_linux.go b/vendor/github.com/google/go-tpm-tools/client/eventlog_linux.go deleted file mode 100644 index 357ca08f0..000000000 --- a/vendor/github.com/google/go-tpm-tools/client/eventlog_linux.go +++ /dev/null @@ -1,9 +0,0 @@ -package client - -import ( - "io/ioutil" -) - -func getRealEventLog() ([]byte, error) { - return ioutil.ReadFile("/sys/kernel/security/tpm0/binary_bios_measurements") -} diff --git a/vendor/github.com/google/go-tpm-tools/client/eventlog_other.go b/vendor/github.com/google/go-tpm-tools/client/eventlog_other.go deleted file mode 100644 index c6e7960c1..000000000 --- a/vendor/github.com/google/go-tpm-tools/client/eventlog_other.go +++ /dev/null @@ -1,10 +0,0 @@ -//go:build !linux -// +build !linux - -package client - -import "errors" - -func getRealEventLog() ([]byte, error) { - return nil, errors.New("failed to get event log: only Linux supported") -} diff --git a/vendor/github.com/google/go-tpm-tools/client/example_test.go b/vendor/github.com/google/go-tpm-tools/client/example_test.go deleted file mode 100644 index 30ad1ee15..000000000 --- a/vendor/github.com/google/go-tpm-tools/client/example_test.go +++ /dev/null @@ -1,274 +0,0 @@ -package client_test - -import ( - "crypto" - "crypto/ecdsa" - "crypto/rand" - "fmt" - "io" - "log" - - "github.com/google/go-tpm-tools/client" - "github.com/google/go-tpm-tools/internal" - "github.com/google/go-tpm-tools/server" - "github.com/google/go-tpm-tools/simulator" - "github.com/google/go-tpm/tpm2" -) - -var tpmHashAlg = tpm2.AlgSHA256 -var hashAlg = crypto.SHA256 - -func ExampleKey_Quote() { - // On verifier, make the nonce. - nonce := make([]byte, 8) - - if _, err := io.ReadFull(rand.Reader, nonce); err != nil { - log.Fatalf("failed to create nonce: %v", err) - } - - // On client machine, generate the TPM quote. - // TODO: use real TPM. - simulator, err := simulator.Get() - if err != nil { - log.Fatalf("failed to initialize simulator: %v", err) - } - defer simulator.Close() - - ak, err := client.AttestationKeyECC(simulator) - if err != nil { - log.Fatalf("failed to create attestation key: %v", err) - } - defer ak.Close() - - pcr7 := tpm2.PCRSelection{ - Hash: tpm2.AlgSHA256, - PCRs: []int{7}, - } - - quote, err := ak.Quote(pcr7, nonce) - if err != nil { - log.Fatalf("failed to create quote: %v", err) - } - - // On verifier, verify the quote against a stored public key/AK - // certificate's public part and the nonce passed. - if err := internal.VerifyQuote(quote, ak.PublicKey(), nonce); err != nil { - // TODO: handle verify error. - log.Fatalf("failed to verify quote: %v", err) - } - // Output: -} -func ExampleKey_Import_eK() { - // On client machine, EK should already exist. - // TODO: use real TPM. - simulator, err := simulator.Get() - if err != nil { - log.Fatalf("failed to initialize simulator: %v", err) - } - defer simulator.Close() - - ek, err := client.EndorsementKeyECC(simulator) - if err != nil { - log.Fatalf("failed to create endorsement key: %v", err) - } - - // Pass EK pub to remote server, typically via an EK cert. - // The server can then associate the EK public to the corresponding client. - - // Data to seal to EK public. - secret := []byte("secret data") - - // ek.PublicKey already verified using the manufacturer-signed EK cert. - importBlob, err := server.CreateImportBlob(ek.PublicKey(), secret, nil) - if err != nil { - log.Fatalf("failed to create import blob: %v", err) - } - - // On client, import the EK. - output, err := ek.Import(importBlob) - if err != nil { - // TODO: handle import failure. - log.Fatalf("failed to import blob: %v", err) - } - - fmt.Println(string(output)) - // TODO: use output of ek.Import. - // Output: secret data -} - -func ExampleKey_Attest() { - // On verifier, make the nonce. - nonce := make([]byte, 8) - - if _, err := io.ReadFull(rand.Reader, nonce); err != nil { - log.Fatalf("failed to create nonce: %v", err) - } - - // On client machine, generate the TPM quote. - // TODO: use real TPM. - simulator, err := simulator.Get() - if err != nil { - log.Fatalf("failed to initialize simulator: %v", err) - } - defer simulator.Close() - - ak, err := client.AttestationKeyECC(simulator) - if err != nil { - log.Fatalf("failed to create attestation key: %v", err) - } - defer ak.Close() - - attestation, err := ak.Attest(client.AttestOpts{Nonce: nonce}) - if err != nil { - log.Fatalf("failed to attest: %v", err) - } - - // TODO: establish trust in the AK (typically via an AK certificate signed - // by the manufacturer). - // On verifier, verify the Attestation message. This: - // - checks the quote(s) against a stored public key/AK - // certificate's public part and the expected nonce. - // - replays the event log against the quoted PCRs - // - extracts events into a MachineState message. - // TODO: decide which hash algorithm to use in the quotes. SHA1 is - // typically undesirable but is the only event log option on some distros. - _, err = server.VerifyAttestation(attestation, server.VerifyOpts{Nonce: nonce, TrustedAKs: []crypto.PublicKey{ak.PublicKey()}}) - if err != nil { - // TODO: handle parsing or replay error. - log.Fatalf("failed to read PCRs: %v", err) - } - fmt.Println(attestation) - // TODO: use events output of ParseMachineState. -} - -func Example_sealAndUnseal() { - // TODO: use real TPM. - simulator, err := simulator.Get() - if err != nil { - log.Fatalf("failed to initialize simulator: %v", err) - } - defer simulator.Close() - - srk, err := client.StorageRootKeyECC(simulator) - if err != nil { - log.Fatalf("failed to create storage root key: %v", err) - } - - sealedSecret := []byte("secret password") - - sel := tpm2.PCRSelection{Hash: tpm2.AlgSHA256, PCRs: []int{7}} - // Seal the data to the current value of PCR7. - sealedBlob, err := srk.Seal([]byte(sealedSecret), client.SealOpts{Current: sel}) - if err != nil { - log.Fatalf("failed to seal to SRK: %v", err) - } - - // Validate by unsealing the sealed blob. Because it is possible that a TPM can seal a secret - // properly but fail to certify it (thus we shouldn't unseal it because the creation status - // cannot be verify). This ensures we can unseal the sealed blob, and that its contents are - // equal to what we sealed. - output, err := srk.Unseal(sealedBlob, client.UnsealOpts{CertifyCurrent: sel}) - if err != nil { - // TODO: handle unseal error. - log.Fatalf("failed to unseal blob: %v", err) - } - // TODO: use unseal output. - fmt.Println(string(output)) - // Output: secret password -} - -func ExampleKey_GetSigner() { - // TODO: use real TPM. - simulator, err := simulator.Get() - if err != nil { - log.Fatalf("failed to initialize simulator: %v", err) - } - defer simulator.Close() - - exampleECCSignerTemplate := tpm2.Public{ - Type: tpm2.AlgECC, - NameAlg: tpm2.AlgSHA256, - Attributes: tpm2.FlagSign | tpm2.FlagFixedTPM | - tpm2.FlagFixedParent | tpm2.FlagSensitiveDataOrigin | tpm2.FlagUserWithAuth, - ECCParameters: &tpm2.ECCParams{ - CurveID: tpm2.CurveNISTP256, - Sign: &tpm2.SigScheme{ - Alg: tpm2.AlgECDSA, - Hash: tpmHashAlg, - }, - }, - } - key, err := client.NewKey(simulator, tpm2.HandleOwner, exampleECCSignerTemplate) - if err != nil { - log.Fatalf("failed to create signing key: %v", err) - } - defer key.Close() - - toSign := []byte("message to sign") - hash := hashAlg.New() - hash.Write(toSign) - digest := hash.Sum(nil) - - cryptoSigner, err := key.GetSigner() - if err != nil { - log.Fatalf("failed to create crypto signer: %v", err) - } - sig, err := cryptoSigner.Sign(nil, digest, hashAlg) - if err != nil { - log.Fatalf("failed to sign: %v", err) - } - - // Verifier needs to establish trust in signer.Public() (via a certificate, - // TPM2_ActivateCredential, TPM2_Certify). - if !ecdsa.VerifyASN1(cryptoSigner.Public().(*ecdsa.PublicKey), digest, sig) { - // TODO: handle signature verification failure. - log.Fatal("failed to verify digest") - } - // Output: -} - -func ExampleKey_SignData() { - // TODO: use real TPM. - simulator, err := simulator.Get() - if err != nil { - log.Fatalf("failed to initialize simulator: %v", err) - } - defer simulator.Close() - - exampleECCSignerTemplate := tpm2.Public{ - Type: tpm2.AlgECC, - NameAlg: tpm2.AlgSHA256, - Attributes: tpm2.FlagSign | tpm2.FlagFixedTPM | - tpm2.FlagFixedParent | tpm2.FlagSensitiveDataOrigin | tpm2.FlagUserWithAuth, - ECCParameters: &tpm2.ECCParams{ - CurveID: tpm2.CurveNISTP256, - Sign: &tpm2.SigScheme{ - Alg: tpm2.AlgECDSA, - Hash: tpmHashAlg, - }, - }, - } - key, err := client.NewKey(simulator, tpm2.HandleOwner, exampleECCSignerTemplate) - if err != nil { - log.Fatalf("failed to create signing key: %v", err) - } - defer key.Close() - - toSign := []byte("message to sign") - hash := hashAlg.New() - hash.Write(toSign) - digest := hash.Sum(nil) - - sig, err := key.SignData(toSign) - if err != nil { - log.Fatalf("failed to sign data: %v", err) - } - - // Verifier needs to establish trust in signer.Public() (via a certificate, - // TPM2_ActivateCredential, TPM2_Certify). - if !ecdsa.VerifyASN1(key.PublicKey().(*ecdsa.PublicKey), digest, sig) { - // TODO: handle signature verification failure. - log.Fatal("failed to verify digest") - } - // Output: -} diff --git a/vendor/github.com/google/go-tpm-tools/client/handles.go b/vendor/github.com/google/go-tpm-tools/client/handles.go deleted file mode 100644 index b2bb3ea25..000000000 --- a/vendor/github.com/google/go-tpm-tools/client/handles.go +++ /dev/null @@ -1,72 +0,0 @@ -package client - -import ( - "fmt" - "io" - "math" - - "github.com/google/go-tpm/tpm2" - "github.com/google/go-tpm/tpmutil" -) - -// Reserved Handles from "TCG TPM v2.0 Provisioning Guidance" - v1r1 - Table 2 -const ( - EKReservedHandle = tpmutil.Handle(0x81010001) - EKECCReservedHandle = tpmutil.Handle(0x81010002) - SRKReservedHandle = tpmutil.Handle(0x81000001) - SRKECCReservedHandle = tpmutil.Handle(0x81000002) -) - -// From "TCG EK Credential Profile", v2.3r2 Section 2.2.1.4 -const ( - // RSA 2048 EK Cert. - EKCertNVIndexRSA uint32 = 0x01c00002 - // ECC P256 EK Cert. - EKCertNVIndexECC uint32 = 0x01c0000a -) - -// Picked available handles from TPM 2.0 Handles and Localities 2.3.1 - Table 11 -// go-tpm-tools will use handles in the range from 0x81008F00 to 0x81008FFF -const ( - DefaultAKECCHandle = tpmutil.Handle(0x81008F00) - DefaultAKRSAHandle = tpmutil.Handle(0x81008F01) -) - -// GCE Attestation Key NV Indices -const ( - // RSA 2048 AK. - GceAKCertNVIndexRSA uint32 = 0x01c10000 - GceAKTemplateNVIndexRSA uint32 = 0x01c10001 - // ECC P256 AK. - GceAKCertNVIndexECC uint32 = 0x01c10002 - GceAKTemplateNVIndexECC uint32 = 0x01c10003 -) - -func isHierarchy(h tpmutil.Handle) bool { - return h == tpm2.HandleOwner || h == tpm2.HandleEndorsement || - h == tpm2.HandlePlatform || h == tpm2.HandleNull -} - -// Handles returns a slice of tpmutil.Handle objects of all handles within -// the TPM rw of type handleType. -func Handles(rw io.ReadWriter, handleType tpm2.HandleType) ([]tpmutil.Handle, error) { - // Handle type is determined by the most-significant octet (MSO) of the property. - property := uint32(handleType) << 24 - - vals, moreData, err := tpm2.GetCapability(rw, tpm2.CapabilityHandles, math.MaxUint32, property) - if err != nil { - return nil, err - } - if moreData { - return nil, fmt.Errorf("tpm2.GetCapability() should never return moreData==true for tpm2.CapabilityHandles") - } - handles := make([]tpmutil.Handle, len(vals)) - for i, v := range vals { - handle, ok := v.(tpmutil.Handle) - if !ok { - return nil, fmt.Errorf("unable to assert type tpmutil.Handle of value %#v", v) - } - handles[i] = handle - } - return handles, nil -} diff --git a/vendor/github.com/google/go-tpm-tools/client/handles_test.go b/vendor/github.com/google/go-tpm-tools/client/handles_test.go deleted file mode 100644 index 904e0a78a..000000000 --- a/vendor/github.com/google/go-tpm-tools/client/handles_test.go +++ /dev/null @@ -1,41 +0,0 @@ -package client_test - -import ( - "reflect" - "testing" - - "github.com/google/go-tpm-tools/client" - "github.com/google/go-tpm-tools/internal/test" - "github.com/google/go-tpm/tpm2" - "github.com/google/go-tpm/tpmutil" -) - -const ( - // Maximum number of handles to keys tests can create within a simulator. - maxHandles = 3 -) - -func TestHandles(t *testing.T) { - rwc := test.GetTPM(t) - defer client.CheckedClose(t, rwc) - - expected := make([]tpmutil.Handle, 0) - for i := 0; i < maxHandles; i++ { - expected = append(expected, test.LoadRandomExternalKey(t, rwc)) - - handles, err := client.Handles(rwc, tpm2.HandleTypeTransient) - if err != nil { - t.Fatal(err) - } - if !reflect.DeepEqual(handles, expected) { - t.Errorf("Handles mismatch got: %v; want: %v", handles, expected) - } - } - - // Don't leak our handles - for _, handle := range expected { - if err := tpm2.FlushContext(rwc, handle); err != nil { - t.Error(err) - } - } -} diff --git a/vendor/github.com/google/go-tpm-tools/client/import.go b/vendor/github.com/google/go-tpm-tools/client/import.go deleted file mode 100644 index 72f796c36..000000000 --- a/vendor/github.com/google/go-tpm-tools/client/import.go +++ /dev/null @@ -1,83 +0,0 @@ -package client - -import ( - "fmt" - - "github.com/google/go-tpm-tools/internal" - pb "github.com/google/go-tpm-tools/proto/tpm" - "github.com/google/go-tpm/tpm2" - "github.com/google/go-tpm/tpmutil" -) - -func loadHandle(k *Key, blob *pb.ImportBlob) (tpmutil.Handle, error) { - auth, err := k.session.Auth() - if err != nil { - return tpm2.HandleNull, err - } - private, err := tpm2.Import(k.rw, k.Handle(), auth, blob.PublicArea, blob.Duplicate, blob.EncryptedSeed, nil, nil) - if err != nil { - return tpm2.HandleNull, fmt.Errorf("import failed: %w", err) - } - - auth, err = k.session.Auth() - if err != nil { - return tpm2.HandleNull, err - } - handle, _, err := tpm2.LoadUsingAuth(k.rw, k.Handle(), auth, blob.PublicArea, private) - if err != nil { - return tpm2.HandleNull, fmt.Errorf("load failed: %w", err) - } - return handle, nil -} - -// Import decrypts the secret contained in an encoded import request. -// The key used must be an encryption key (signing keys cannot be used). -// The req parameter should come from server.CreateImportBlob. -func (k *Key) Import(blob *pb.ImportBlob) ([]byte, error) { - handle, err := loadHandle(k, blob) - if err != nil { - return nil, err - } - defer tpm2.FlushContext(k.rw, handle) - - unsealSession, err := newPCRSession(k.rw, internal.PCRSelection(blob.Pcrs)) - if err != nil { - return nil, err - } - defer unsealSession.Close() - - auth, err := unsealSession.Auth() - if err != nil { - return nil, err - } - out, err := tpm2.UnsealWithSession(k.rw, auth.Session, handle, "") - if err != nil { - return nil, fmt.Errorf("unseal failed: %w", err) - } - return out, nil -} - -// ImportSigningKey returns the signing key contained in an encoded import request. -// The parent key must be an encryption key (signing keys cannot be used). -// The req parameter should come from server.CreateSigningKeyImportBlob. -func (k *Key) ImportSigningKey(blob *pb.ImportBlob) (key *Key, err error) { - handle, err := loadHandle(k, blob) - if err != nil { - return nil, err - } - key = &Key{rw: k.rw, handle: handle} - - defer func() { - if err != nil { - key.Close() - } - }() - - if key.pubArea, _, _, err = tpm2.ReadPublic(k.rw, handle); err != nil { - return - } - if key.session, err = newPCRSession(k.rw, internal.PCRSelection(blob.Pcrs)); err != nil { - return - } - return key, key.finish() -} diff --git a/vendor/github.com/google/go-tpm-tools/client/keys.go b/vendor/github.com/google/go-tpm-tools/client/keys.go deleted file mode 100644 index 1da8b7119..000000000 --- a/vendor/github.com/google/go-tpm-tools/client/keys.go +++ /dev/null @@ -1,481 +0,0 @@ -// Package client contains some high-level TPM 2.0 functions. -package client - -import ( - "bytes" - "crypto" - "crypto/subtle" - "crypto/x509" - "fmt" - "io" - - "github.com/google/go-tpm-tools/internal" - pb "github.com/google/go-tpm-tools/proto/tpm" - "github.com/google/go-tpm/tpm2" - "github.com/google/go-tpm/tpmutil" -) - -// Key wraps an active asymmetric TPM2 key. This can either be a signing key or -// an encryption key. Users of Key should be sure to call Close() when the Key -// is no longer needed, so that the underlying TPM handle can be freed. -type Key struct { - rw io.ReadWriter - handle tpmutil.Handle - pubArea tpm2.Public - pubKey crypto.PublicKey - name tpm2.Name - session session - cert *x509.Certificate -} - -// EndorsementKeyRSA generates and loads a key from DefaultEKTemplateRSA. -func EndorsementKeyRSA(rw io.ReadWriter) (*Key, error) { - ekRsa, err := NewCachedKey(rw, tpm2.HandleEndorsement, DefaultEKTemplateRSA(), EKReservedHandle) - if err != nil { - return nil, err - } - // Error ignored, because not all TPMs will have an EK. - ekRsa.cert, _ = getCertificateFromNvram(rw, EKCertNVIndexRSA) - return ekRsa, nil -} - -// EndorsementKeyECC generates and loads a key from DefaultEKTemplateECC. -func EndorsementKeyECC(rw io.ReadWriter) (*Key, error) { - ekEcc, err := NewCachedKey(rw, tpm2.HandleEndorsement, DefaultEKTemplateECC(), EKECCReservedHandle) - if err != nil { - return nil, err - } - // Error ignored, because not all TPMs will have an EK. - ekEcc.cert, _ = getCertificateFromNvram(rw, EKCertNVIndexECC) - return ekEcc, nil -} - -// StorageRootKeyRSA generates and loads a key from SRKTemplateRSA. -func StorageRootKeyRSA(rw io.ReadWriter) (*Key, error) { - return NewCachedKey(rw, tpm2.HandleOwner, SRKTemplateRSA(), SRKReservedHandle) -} - -// StorageRootKeyECC generates and loads a key from SRKTemplateECC. -func StorageRootKeyECC(rw io.ReadWriter) (*Key, error) { - return NewCachedKey(rw, tpm2.HandleOwner, SRKTemplateECC(), SRKECCReservedHandle) -} - -// AttestationKeyRSA generates and loads a key from AKTemplateRSA in the Owner hierarchy. -func AttestationKeyRSA(rw io.ReadWriter) (*Key, error) { - return NewCachedKey(rw, tpm2.HandleOwner, AKTemplateRSA(), DefaultAKRSAHandle) -} - -// AttestationKeyECC generates and loads a key from AKTemplateECC in the Owner hierarchy. -func AttestationKeyECC(rw io.ReadWriter) (*Key, error) { - return NewCachedKey(rw, tpm2.HandleOwner, AKTemplateECC(), DefaultAKECCHandle) -} - -// EndorsementKeyFromNvIndex generates and loads an endorsement key using the -// template stored at the provided nvdata index. This is useful for TPMs which -// have a preinstalled AK template. -func EndorsementKeyFromNvIndex(rw io.ReadWriter, idx uint32) (*Key, error) { - return KeyFromNvIndex(rw, tpm2.HandleEndorsement, idx) -} - -// GceAttestationKeyRSA generates and loads the GCE RSA AK. Note that this -// function will only work on a GCE VM. Unlike AttestationKeyRSA, this key uses -// the Endorsement Hierarchy and its template loaded from GceAKTemplateNVIndexRSA. -func GceAttestationKeyRSA(rw io.ReadWriter) (*Key, error) { - akRsa, err := EndorsementKeyFromNvIndex(rw, GceAKTemplateNVIndexRSA) - if err != nil { - return nil, err - } - // Error ignored, because not all GCE instances will have an AK cert. - akRsa.cert, _ = getCertificateFromNvram(rw, GceAKCertNVIndexRSA) - return akRsa, nil -} - -// GceAttestationKeyECC generates and loads the GCE ECC AK. Note that this -// function will only work on a GCE VM. Unlike AttestationKeyECC, this key uses -// the Endorsement Hierarchy and its template loaded from GceAKTemplateNVIndexECC. -func GceAttestationKeyECC(rw io.ReadWriter) (*Key, error) { - akEcc, err := EndorsementKeyFromNvIndex(rw, GceAKTemplateNVIndexECC) - if err != nil { - return nil, err - } - // Error ignored, because not all GCE instances will have an AK cert. - akEcc.cert, _ = getCertificateFromNvram(rw, GceAKCertNVIndexECC) - return akEcc, nil -} - -// KeyFromNvIndex generates and loads a key under the provided parent -// (possibly a hierarchy root tpm2.Handle{Owner|Endorsement|Platform|Null}) -// using the template stored at the provided nvdata index. -func KeyFromNvIndex(rw io.ReadWriter, parent tpmutil.Handle, idx uint32) (*Key, error) { - data, err := tpm2.NVReadEx(rw, tpmutil.Handle(idx), tpm2.HandleOwner, "", 0) - if err != nil { - return nil, fmt.Errorf("read error at index %d: %w", idx, err) - } - template, err := tpm2.DecodePublic(data) - if err != nil { - return nil, fmt.Errorf("index %d data was not a TPM key template: %w", idx, err) - } - return NewKey(rw, parent, template) -} - -// NewCachedKey is almost identical to NewKey, except that it initially tries to -// see if the a key matching the provided template is at cachedHandle. If so, -// that key is returned. If not, the key is created as in NewKey, and that key -// is persisted to the cachedHandle, overwriting any existing key there. -func NewCachedKey(rw io.ReadWriter, parent tpmutil.Handle, template tpm2.Public, cachedHandle tpmutil.Handle) (k *Key, err error) { - owner := tpm2.HandleOwner - if parent == tpm2.HandlePlatform { - owner = tpm2.HandlePlatform - } else if parent == tpm2.HandleNull { - return nil, fmt.Errorf("cannot cache objects in the null hierarchy") - } - - cachedPub, _, _, err := tpm2.ReadPublic(rw, cachedHandle) - if err == nil { - if cachedPub.MatchesTemplate(template) { - k = &Key{rw: rw, handle: cachedHandle, pubArea: cachedPub} - return k, k.finish() - } - // Kick out old cached key if it does not match - if err = tpm2.EvictControl(rw, "", owner, cachedHandle, cachedHandle); err != nil { - return nil, err - } - } - - k, err = NewKey(rw, parent, template) - if err != nil { - return nil, err - } - defer tpm2.FlushContext(rw, k.handle) - - if err = tpm2.EvictControl(rw, "", owner, k.handle, cachedHandle); err != nil { - return nil, err - } - k.handle = cachedHandle - return k, nil -} - -// NewKey generates a key from the template and loads that key into the TPM -// under the specified parent. NewKey can call many different TPM commands: -// - If parent is tpm2.Handle{Owner|Endorsement|Platform|Null} a primary key -// is created in the specified hierarchy (using CreatePrimary). -// - If parent is a valid key handle, a normal key object is created under -// that parent (using Create and Load). NOTE: Not yet supported. -// This function also assumes that the desired key: -// - Does not have its usage locked to specific PCR values -// - Usable with empty authorization sessions (i.e. doesn't need a password) -func NewKey(rw io.ReadWriter, parent tpmutil.Handle, template tpm2.Public) (k *Key, err error) { - if !isHierarchy(parent) { - // TODO add support for normal objects with Create() and Load() - return nil, fmt.Errorf("unsupported parent handle: %x", parent) - } - - handle, pubArea, _, _, _, _, err := - tpm2.CreatePrimaryEx(rw, parent, tpm2.PCRSelection{}, "", "", template) - if err != nil { - return nil, err - } - defer func() { - if err != nil { - tpm2.FlushContext(rw, handle) - } - }() - - k = &Key{rw: rw, handle: handle} - if k.pubArea, err = tpm2.DecodePublic(pubArea); err != nil { - return - } - return k, k.finish() -} - -func (k *Key) finish() error { - var err error - if k.pubKey, err = k.pubArea.Key(); err != nil { - return err - } - if k.name, err = k.pubArea.Name(); err != nil { - return err - } - // We determine the right type of session based on the auth policy - if k.session == nil { - if bytes.Equal(k.pubArea.AuthPolicy, defaultEKAuthPolicy()) { - if k.session, err = newEKSession(k.rw); err != nil { - return err - } - } else if len(k.pubArea.AuthPolicy) == 0 { - k.session = nullSession{} - } else { - return fmt.Errorf("unknown auth policy when creating key") - } - } - return nil -} - -// Handle allows this key to be used directly with other go-tpm commands. -func (k *Key) Handle() tpmutil.Handle { - return k.handle -} - -// Name is hash of this key's public area. Only the Digest field will ever be -// populated. It is useful for various TPM commands related to authorization. -// This is equivalent to k.PublicArea.Name(), except that is cannot fail. -func (k *Key) Name() tpm2.Name { - return k.name -} - -// PublicArea exposes the key's entire public area. This is useful for -// determining additional properties of the underlying TPM key. -func (k *Key) PublicArea() tpm2.Public { - return k.pubArea -} - -// PublicKey provides a go interface to the loaded key's public area. -func (k *Key) PublicKey() crypto.PublicKey { - return k.pubKey -} - -// Close should be called when the key is no longer needed. This is important to -// do as most TPMs can only have a small number of key simultaneously loaded. -func (k *Key) Close() { - if k.session != nil { - k.session.Close() - } - tpm2.FlushContext(k.rw, k.handle) -} - -// Seal seals the sensitive byte buffer to a key. This key must be an SRK (we -// currently do not support sealing to EKs). Optionally, the SealOpts struct can -// be modified to provide sealed-to PCRs. In this case, the sensitive data can -// only be unsealed if the seal-time PCRs are in the SealOpts-specified state. -// There must not be overlap in PCRs between SealOpts' Current and Target. -// During the sealing process, certification data will be created allowing -// Unseal() to validate the state of the TPM during the sealing process. -func (k *Key) Seal(sensitive []byte, opts SealOpts) (*pb.SealedBytes, error) { - var pcrs *pb.PCRs - var err error - var auth []byte - - pcrs, err = mergePCRSelAndProto(k.rw, opts.Current, opts.Target) - if err != nil { - return nil, fmt.Errorf("invalid SealOpts: %v", err) - } - if len(pcrs.GetPcrs()) > 0 { - auth = internal.PCRSessionAuth(pcrs, SessionHashAlg) - } - certifySel := FullPcrSel(CertifyHashAlgTpm) - sb, err := sealHelper(k.rw, k.Handle(), auth, sensitive, certifySel) - if err != nil { - return nil, err - } - - for pcrNum := range pcrs.GetPcrs() { - sb.Pcrs = append(sb.Pcrs, pcrNum) - } - sb.Hash = pcrs.GetHash() - sb.Srk = pb.ObjectType(k.pubArea.Type) - return sb, nil -} - -func sealHelper(rw io.ReadWriter, parentHandle tpmutil.Handle, auth []byte, sensitive []byte, certifyPCRsSel tpm2.PCRSelection) (*pb.SealedBytes, error) { - inPublic := tpm2.Public{ - Type: tpm2.AlgKeyedHash, - NameAlg: SessionHashAlgTpm, - Attributes: tpm2.FlagFixedTPM | tpm2.FlagFixedParent, - AuthPolicy: auth, - } - if auth == nil { - inPublic.Attributes |= tpm2.FlagUserWithAuth - } else { - inPublic.Attributes |= tpm2.FlagAdminWithPolicy - } - - priv, pub, creationData, _, ticket, err := tpm2.CreateKeyWithSensitive(rw, parentHandle, certifyPCRsSel, "", "", inPublic, sensitive) - if err != nil { - return nil, fmt.Errorf("failed to create key: %w", err) - } - certifiedPcr, err := ReadPCRs(rw, certifyPCRsSel) - if err != nil { - return nil, fmt.Errorf("failed to read PCRs: %w", err) - } - computedDigest := internal.PCRDigest(certifiedPcr, SessionHashAlg) - - decodedCreationData, err := tpm2.DecodeCreationData(creationData) - if err != nil { - return nil, fmt.Errorf("failed to decode creation data: %w", err) - } - - // make sure PCRs haven't being altered after sealing - if subtle.ConstantTimeCompare(computedDigest, decodedCreationData.PCRDigest) == 0 { - return nil, fmt.Errorf("PCRs have been modified after sealing") - } - - sb := &pb.SealedBytes{} - sb.CertifiedPcrs = certifiedPcr - sb.Priv = priv - sb.Pub = pub - sb.CreationData = creationData - if sb.Ticket, err = tpmutil.Pack(ticket); err != nil { - return nil, err - } - return sb, nil -} - -// Unseal attempts to reverse the process of Seal(), using the PCRs, public, and -// private data in proto.SealedBytes. Optionally, the UnsealOpts parameter can -// be used to verify the state of the TPM when the data was sealed. The -// zero-value UnsealOpts can be passed to skip certification. -func (k *Key) Unseal(in *pb.SealedBytes, opts UnsealOpts) ([]byte, error) { - if in.Srk != pb.ObjectType(k.pubArea.Type) { - return nil, fmt.Errorf("expected key of type %v, got %v", in.Srk, k.pubArea.Type) - } - sealed, _, err := tpm2.Load( - k.rw, - k.Handle(), - /*parentPassword=*/ "", - in.GetPub(), - in.GetPriv()) - if err != nil { - return nil, fmt.Errorf("failed to load sealed object: %w", err) - } - defer tpm2.FlushContext(k.rw, sealed) - - pcrs, err := mergePCRSelAndProto(k.rw, opts.CertifyCurrent, opts.CertifyExpected) - if err != nil { - return nil, fmt.Errorf("invalid UnsealOpts: %v", err) - } - if len(pcrs.GetPcrs()) > 0 { - if err := internal.CheckSubset(pcrs, in.GetCertifiedPcrs()); err != nil { - return nil, fmt.Errorf("failed to certify PCRs: %w", err) - } - - var ticket tpm2.Ticket - if _, err = tpmutil.Unpack(in.GetTicket(), &ticket); err != nil { - return nil, fmt.Errorf("ticket unpack failed: %w", err) - } - creationHash := SessionHashAlg.New() - creationHash.Write(in.GetCreationData()) - - _, _, certErr := tpm2.CertifyCreation(k.rw, "", sealed, tpm2.HandleNull, nil, creationHash.Sum(nil), tpm2.SigScheme{}, ticket) - // There is a bug in some older TPMs, where they are unable to - // CertifyCreation when using a Null signing handle (despite this - // being allowed by all versions of the TPM spec). To work around - // this bug, we use a temporary signing key and ignore the signed - // result. To reduce the cost of this workaround, we use a cached - // ECC signing key. - // We can detect this bug, as it triggers a RCInsufficient - // Unmarshaling error. - if paramErr, ok := certErr.(tpm2.ParameterError); ok && paramErr.Code == tpm2.RCInsufficient { - signer, err := AttestationKeyECC(k.rw) - if err != nil { - return nil, fmt.Errorf("failed to create fallback signing key: %w", err) - } - defer signer.Close() - _, _, certErr = tpm2.CertifyCreation(k.rw, "", sealed, signer.Handle(), nil, creationHash.Sum(nil), tpm2.SigScheme{}, ticket) - } - if certErr != nil { - return nil, fmt.Errorf("failed to certify creation: %w", certErr) - } - - // verify certify PCRs haven't been modified - decodedCreationData, err := tpm2.DecodeCreationData(in.GetCreationData()) - if err != nil { - return nil, fmt.Errorf("failed to decode creation data: %w", err) - } - if !internal.SamePCRSelection(in.GetCertifiedPcrs(), decodedCreationData.PCRSelection) { - return nil, fmt.Errorf("certify PCRs does not match the PCR selection in the creation data") - } - expectedDigest := internal.PCRDigest(in.GetCertifiedPcrs(), SessionHashAlg) - if subtle.ConstantTimeCompare(decodedCreationData.PCRDigest, expectedDigest) == 0 { - return nil, fmt.Errorf("certify PCRs digest does not match the digest in the creation data") - } - } - - sel := tpm2.PCRSelection{Hash: tpm2.Algorithm(in.GetHash())} - for _, pcr := range in.GetPcrs() { - sel.PCRs = append(sel.PCRs, int(pcr)) - } - - session, err := newPCRSession(k.rw, sel) - if err != nil { - return nil, fmt.Errorf("failed to create session: %w", err) - } - defer session.Close() - - auth, err := session.Auth() - if err != nil { - return nil, err - } - return tpm2.UnsealWithSession(k.rw, auth.Session, sealed, "") -} - -// Quote will tell TPM to compute a hash of a set of given PCR selection, together with -// some extra data (typically a nonce), sign it with the given signing key, and return -// the signature and the attestation data. This function will return an error if -// the key is not a restricted signing key. -func (k *Key) Quote(selpcr tpm2.PCRSelection, extraData []byte) (*pb.Quote, error) { - // Make sure that we have a valid signing key before trying quote - var err error - if _, err = internal.GetSigningHashAlg(k.pubArea); err != nil { - return nil, err - } - if !k.hasAttribute(tpm2.FlagRestricted) { - return nil, fmt.Errorf("unrestricted keys are insecure to use with Quote") - } - - quote := &pb.Quote{} - quote.Quote, quote.RawSig, err = tpm2.QuoteRaw(k.rw, k.Handle(), "", "", extraData, selpcr, tpm2.AlgNull) - if err != nil { - return nil, fmt.Errorf("failed to quote: %w", err) - } - quote.Pcrs, err = ReadPCRs(k.rw, selpcr) - if err != nil { - return nil, fmt.Errorf("failed to read PCRs: %w", err) - } - // Verify the quote client-side to make sure we didn't mess things up. - // NOTE: the quote still must be verified server-side as well. - if err := internal.VerifyQuote(quote, k.PublicKey(), extraData); err != nil { - return nil, fmt.Errorf("failed to verify quote: %w", err) - } - return quote, nil -} - -// Reseal is a shortcut to call Unseal() followed by Seal(). -// CertifyOpt(nillable) will be used in Unseal(), and SealOpt(nillable) -// will be used in Seal() -func (k *Key) Reseal(in *pb.SealedBytes, uOpts UnsealOpts, sOpts SealOpts) (*pb.SealedBytes, error) { - sensitive, err := k.Unseal(in, uOpts) - if err != nil { - return nil, fmt.Errorf("failed to unseal: %w", err) - } - return k.Seal(sensitive, sOpts) -} - -func (k *Key) hasAttribute(attr tpm2.KeyProp) bool { - return k.pubArea.Attributes&attr != 0 -} - -// Cert returns the parsed certificate (or nil) for the given key. -func (k *Key) Cert() *x509.Certificate { - return k.cert -} - -// CertDERBytes provides the ASN.1 DER content of the key's certificate. If the -// key does not have a certficate, returns nil. -func (k *Key) CertDERBytes() []byte { - if k.cert == nil { - return nil - } - return k.cert.Raw -} - -func getCertificateFromNvram(rw io.ReadWriter, index uint32) (*x509.Certificate, error) { - certASN1, err := tpm2.NVReadEx(rw, tpmutil.Handle(index), tpm2.HandleOwner, "", 0) - if err != nil { - return nil, fmt.Errorf("failed to read certificate from NV index %d: %w", index, err) - } - x509Cert, err := x509.ParseCertificate(certASN1) - if err != nil { - return nil, fmt.Errorf("failed to parse certificate from NV memory: %w", err) - } - return x509Cert, nil -} diff --git a/vendor/github.com/google/go-tpm-tools/client/keys_test.go b/vendor/github.com/google/go-tpm-tools/client/keys_test.go deleted file mode 100644 index b97295ca9..000000000 --- a/vendor/github.com/google/go-tpm-tools/client/keys_test.go +++ /dev/null @@ -1,186 +0,0 @@ -package client_test - -import ( - "io" - "reflect" - "testing" - - "github.com/google/go-tpm/tpm2" - "github.com/google/go-tpm/tpmutil" - - "github.com/google/go-tpm-tools/client" - "github.com/google/go-tpm-tools/internal/test" -) - -func TestNameMatchesPublicArea(t *testing.T) { - rwc := test.GetTPM(t) - defer client.CheckedClose(t, rwc) - ek, err := client.EndorsementKeyRSA(rwc) - if err != nil { - t.Fatal(err) - } - defer ek.Close() - - matches, err := ek.Name().MatchesPublic(ek.PublicArea()) - if err != nil { - t.Fatal(err) - } - if !matches { - t.Fatal("Returned name and computed name do not match") - } -} - -func TestCreateSigningKeysInHierarchies(t *testing.T) { - rwc := test.GetTPM(t) - defer client.CheckedClose(t, rwc) - template := client.AKTemplateRSA() - - // We are not authorized to create keys in the Platform Hierarchy - for _, hierarchy := range []tpmutil.Handle{tpm2.HandleOwner, tpm2.HandleEndorsement, tpm2.HandleNull} { - key, err := client.NewKey(rwc, hierarchy, template) - if err != nil { - t.Errorf("Hierarchy %+v: %s", hierarchy, err) - } else { - key.Close() - } - } -} - -func TestCachedRSAKeys(t *testing.T) { - rwc := test.GetTPM(t) - defer client.CheckedClose(t, rwc) - keys := []struct { - name string - getKey func(io.ReadWriter) (*client.Key, error) - }{ - {"SRK", client.StorageRootKeyRSA}, - {"EK", client.EndorsementKeyRSA}, - } - - for _, k := range keys { - t.Run(k.name, func(t *testing.T) { - // Get the key the first time and persist - srk, err := k.getKey(rwc) - if err != nil { - t.Fatal(err) - } - defer srk.Close() - - pub := srk.PublicKey() - if tpm2.FlushContext(rwc, srk.Handle()) == nil { - t.Error("Trying to flush persistent keys should fail.") - } - - // Get the cached key (should be the same) - srk, err = k.getKey(rwc) - if err != nil { - t.Fatal(err) - } - defer srk.Close() - - if !reflect.DeepEqual(srk.PublicKey(), pub) { - t.Errorf("Expected pub key: %v got: %v", pub, srk.PublicKey()) - } - - // We should still get the same key if we evict the handle - if err := tpm2.EvictControl(rwc, "", tpm2.HandleOwner, srk.Handle(), srk.Handle()); err != nil { - t.Errorf("Evicting control failed: %v", err) - } - srk, err = k.getKey(rwc) - if err != nil { - t.Fatal(err) - } - defer srk.Close() - - if !reflect.DeepEqual(srk.PublicKey(), pub) { - t.Errorf("Expected pub key: %v got: %v", pub, srk.PublicKey()) - } - }) - } -} - -func TestKeyCreation(t *testing.T) { - rwc := test.GetTPM(t) - defer client.CheckedClose(t, rwc) - - keys := []struct { - name string - getKey func(io.ReadWriter) (*client.Key, error) - }{ - {"SRK-ECC", client.StorageRootKeyECC}, - {"EK-ECC", client.EndorsementKeyECC}, - {"AK-ECC", client.AttestationKeyECC}, - {"SRK-RSA", client.StorageRootKeyRSA}, - {"EK-RSA", client.EndorsementKeyRSA}, - {"AK-RSA", client.AttestationKeyRSA}, - } - - for _, k := range keys { - t.Run(k.name, func(t *testing.T) { - key, err := k.getKey(rwc) - if err != nil { - t.Fatal(err) - } - key.Close() - }) - } -} - -func BenchmarkKeyCreation(b *testing.B) { - rwc := test.GetTPM(b) - defer client.CheckedClose(b, rwc) - - benchmarks := []struct { - name string - getKey func(io.ReadWriter) (*client.Key, error) - }{ - {"SRK-ECC-Cached", client.StorageRootKeyECC}, - {"EK-ECC-Cached", client.EndorsementKeyECC}, - {"AK-ECC-Cached", client.AttestationKeyECC}, - - {"SRK-ECC", func(rw io.ReadWriter) (*client.Key, error) { - return client.NewKey(rw, tpm2.HandleOwner, client.SRKTemplateECC()) - }}, - {"EK-ECC", func(rw io.ReadWriter) (*client.Key, error) { - return client.NewKey(rw, tpm2.HandleEndorsement, client.DefaultEKTemplateECC()) - }}, - {"AK-ECC", func(rw io.ReadWriter) (*client.Key, error) { - return client.NewKey(rw, tpm2.HandleOwner, client.AKTemplateECC()) - }}, - - {"SRK-RSA-Cached", client.StorageRootKeyRSA}, - {"EK-RSA-Cached", client.EndorsementKeyRSA}, - {"AK-RSA-Cached", client.AttestationKeyRSA}, - - {"SRK-RSA", func(rw io.ReadWriter) (*client.Key, error) { - return client.NewKey(rw, tpm2.HandleEndorsement, client.SRKTemplateRSA()) - }}, - {"EK-RSA", func(rw io.ReadWriter) (*client.Key, error) { - return client.NewKey(rw, tpm2.HandleOwner, client.DefaultEKTemplateRSA()) - }}, - {"AK-RSA", func(rw io.ReadWriter) (*client.Key, error) { - return client.NewKey(rw, tpm2.HandleOwner, client.AKTemplateRSA()) - }}, - } - - for _, bm := range benchmarks { - b.Run(bm.name, func(b *testing.B) { - // Don't count time to populate the cache - b.StopTimer() - key, err := bm.getKey(rwc) - if err != nil { - b.Fatal(err) - } - key.Close() - b.StartTimer() - - for i := 0; i < b.N; i++ { - key, err := bm.getKey(rwc) - if err != nil { - b.Fatal(err) - } - key.Close() - } - }) - } -} diff --git a/vendor/github.com/google/go-tpm-tools/client/pcr.go b/vendor/github.com/google/go-tpm-tools/client/pcr.go deleted file mode 100644 index 1e0b3b00f..000000000 --- a/vendor/github.com/google/go-tpm-tools/client/pcr.go +++ /dev/null @@ -1,166 +0,0 @@ -package client - -import ( - "crypto" - "fmt" - "io" - "math" - - pb "github.com/google/go-tpm-tools/proto/tpm" - "github.com/google/go-tpm/tpm2" -) - -// NumPCRs is set to the spec minimum of 24, as that's all go-tpm supports. -const NumPCRs = 24 - -// We hard-code SHA256 as the policy session hash algorithms. Note that this -// differs from the PCR hash algorithm (which selects the bank of PCRs to use) -// and the Public area Name algorithm. We also chose this for compatibility with -// github.com/google/go-tpm/tpm2, as it hardcodes the nameAlg as SHA256 in -// several places. Two constants are used to avoid repeated conversions. -const ( - SessionHashAlg = crypto.SHA256 - SessionHashAlgTpm = tpm2.AlgSHA256 -) - -// CertifyHashAlgTpm is the hard-coded algorithm used in certify PCRs. -const CertifyHashAlgTpm = tpm2.AlgSHA256 - -func min(a, b int) int { - if a < b { - return a - } - return b -} - -// Get a list of selections corresponding to the TPM's implemented PCRs -func implementedPCRs(rw io.ReadWriter) ([]tpm2.PCRSelection, error) { - caps, moreData, err := tpm2.GetCapability(rw, tpm2.CapabilityPCRs, math.MaxUint32, 0) - if err != nil { - return nil, fmt.Errorf("listing implemented PCR banks: %w", err) - } - if moreData { - return nil, fmt.Errorf("extra data from GetCapability") - } - sels := make([]tpm2.PCRSelection, len(caps)) - for i, cap := range caps { - sel, ok := cap.(tpm2.PCRSelection) - if !ok { - return nil, fmt.Errorf("unexpected data from GetCapability") - } - sels[i] = sel - } - return sels, nil -} - -// ReadPCRs fetches all the PCR values specified in sel, making multiple calls -// to the TPM if necessary. -func ReadPCRs(rw io.ReadWriter, sel tpm2.PCRSelection) (*pb.PCRs, error) { - pl := pb.PCRs{ - Hash: pb.HashAlgo(sel.Hash), - Pcrs: map[uint32][]byte{}, - } - - for i := 0; i < len(sel.PCRs); i += 8 { - end := min(i+8, len(sel.PCRs)) - pcrSel := tpm2.PCRSelection{ - Hash: sel.Hash, - PCRs: sel.PCRs[i:end], - } - - pcrMap, err := tpm2.ReadPCRs(rw, pcrSel) - if err != nil { - return nil, err - } - - for pcr, val := range pcrMap { - pl.Pcrs[uint32(pcr)] = val - } - } - - return &pl, nil -} - -// ReadAllPCRs fetches all the PCR values from all implemented PCR banks. -func ReadAllPCRs(rw io.ReadWriter) ([]*pb.PCRs, error) { - sels, err := implementedPCRs(rw) - if err != nil { - return nil, err - } - - allPcrs := make([]*pb.PCRs, len(sels)) - for i, sel := range sels { - allPcrs[i], err = ReadPCRs(rw, sel) - if err != nil { - return nil, fmt.Errorf("reading bank %x PCRs: %w", sel.Hash, err) - } - } - return allPcrs, nil -} - -// SealOpts specifies the PCR values that should be used for Seal(). -type SealOpts struct { - // Current seals data to the current specified PCR selection. - Current tpm2.PCRSelection - // Target predictively seals data to the given specified PCR values. - Target *pb.PCRs -} - -// UnsealOpts specifies the options that should be used for Unseal(). -// Currently, it specifies the PCRs that need to pass certification in order to -// successfully unseal. -// CertifyHashAlgTpm is the hard-coded algorithm that must be used with -// UnsealOpts. -type UnsealOpts struct { - // CertifyCurrent certifies that a selection of current PCRs have the same - // value when sealing. - CertifyCurrent tpm2.PCRSelection - // CertifyExpected certifies that the TPM had a specific set of PCR values when sealing. - CertifyExpected *pb.PCRs -} - -// FullPcrSel will return a full PCR selection based on the total PCR number -// of the TPM with the given hash algo. -func FullPcrSel(hash tpm2.Algorithm) tpm2.PCRSelection { - sel := tpm2.PCRSelection{Hash: hash} - for i := 0; i < NumPCRs; i++ { - sel.PCRs = append(sel.PCRs, int(i)) - } - return sel -} - -func mergePCRSelAndProto(rw io.ReadWriter, sel tpm2.PCRSelection, proto *pb.PCRs) (*pb.PCRs, error) { - if proto == nil || len(proto.GetPcrs()) == 0 { - return ReadPCRs(rw, sel) - } - if len(sel.PCRs) == 0 { - return proto, nil - } - if sel.Hash != tpm2.Algorithm(proto.Hash) { - return nil, fmt.Errorf("current hash (%v) differs from target hash (%v)", - sel.Hash, tpm2.Algorithm(proto.Hash)) - } - - // At this point, both sel and proto are non-empty. - // Verify no overlap in sel and proto PCR indexes. - overlap := make([]int, 0) - targetMap := proto.GetPcrs() - for _, pcrVal := range sel.PCRs { - if _, found := targetMap[uint32(pcrVal)]; found { - overlap = append(overlap, pcrVal) - } - } - if len(overlap) != 0 { - return nil, fmt.Errorf("found PCR overlap: %v", overlap) - } - - currentPcrs, err := ReadPCRs(rw, sel) - if err != nil { - return nil, err - } - - for pcr, val := range proto.GetPcrs() { - currentPcrs.Pcrs[pcr] = val - } - return currentPcrs, nil -} diff --git a/vendor/github.com/google/go-tpm-tools/client/pcr_test.go b/vendor/github.com/google/go-tpm-tools/client/pcr_test.go deleted file mode 100644 index cdbc3922e..000000000 --- a/vendor/github.com/google/go-tpm-tools/client/pcr_test.go +++ /dev/null @@ -1,127 +0,0 @@ -package client_test - -import ( - "bytes" - "crypto/sha1" - "crypto/sha256" - "crypto/sha512" - "fmt" - "testing" - - "github.com/google/go-tpm-tools/client" - "github.com/google/go-tpm-tools/internal" - "github.com/google/go-tpm-tools/internal/test" - "github.com/google/go-tpm/tpm2" - "github.com/google/go-tpm/tpmutil" -) - -var extends = map[tpm2.Algorithm][]struct { - digest []byte -}{ - tpm2.AlgSHA1: { - {bytes.Repeat([]byte{0x00}, sha1.Size)}, - {bytes.Repeat([]byte{0x01}, sha1.Size)}, - {bytes.Repeat([]byte{0x02}, sha1.Size)}}, - tpm2.AlgSHA256: { - {bytes.Repeat([]byte{0x00}, sha256.Size)}, - {bytes.Repeat([]byte{0x01}, sha256.Size)}, - {bytes.Repeat([]byte{0x02}, sha256.Size)}}, - tpm2.AlgSHA384: { - {bytes.Repeat([]byte{0x00}, sha512.Size384)}, - {bytes.Repeat([]byte{0x01}, sha512.Size384)}, - {bytes.Repeat([]byte{0x02}, sha512.Size384)}}, -} - -func pcrExtend(alg tpm2.Algorithm, old, new []byte) ([]byte, error) { - hCon, err := alg.Hash() - if err != nil { - return nil, fmt.Errorf("not a valid hash type: %v", alg) - } - h := hCon.New() - h.Write(old) - h.Write(new) - return h.Sum(nil), nil -} - -func TestReadPCRs(t *testing.T) { - rwc := test.GetTPM(t) - defer client.CheckedClose(t, rwc) - - cases := []struct { - name string - hashalg tpm2.Algorithm - }{ - {"SHA1", tpm2.AlgSHA1}, - {"SHA256", tpm2.AlgSHA256}, - {"SHA384", tpm2.AlgSHA512}, - } - - for _, c := range cases { - t.Run(c.name, func(t *testing.T) { - test.SkipOnUnsupportedAlg(t, rwc, c.hashalg) - - pcrbank, err := tpm2.ReadPCR(rwc, test.DebugPCR, c.hashalg) - if err != nil { - t.Fatal(err) - } - - for _, d := range extends[c.hashalg] { - if err := tpm2.PCRExtend(rwc, tpmutil.Handle(test.DebugPCR), c.hashalg, d.digest, ""); err != nil { - t.Fatalf("failed to extend pcr for test %v", err) - } - pcrVal, err := pcrExtend(c.hashalg, pcrbank, d.digest) - if err != nil { - t.Fatalf("could not extend pcr: %v", err) - } - pcrbank = pcrVal - sel := tpm2.PCRSelection{Hash: c.hashalg, PCRs: []int{test.DebugPCR}} - proto, err := client.ReadPCRs(rwc, sel) - if err != nil { - t.Fatalf("failed to read pcrs %v", err) - } - if !bytes.Equal(proto.Pcrs[uint32(test.DebugPCR)], pcrbank) { - t.Errorf("%v not equal to expected %v", proto.Pcrs[uint32(test.DebugPCR)], pcrbank) - } - } - }) - } -} - -func TestCheckContainedPCRs(t *testing.T) { - rwc := test.GetTPM(t) - defer client.CheckedClose(t, rwc) - - sel := client.FullPcrSel(tpm2.AlgSHA256) - baseline, err := client.ReadPCRs(rwc, sel) - if err != nil { - t.Fatalf("Failed to Read PCRs: %v", err) - } - - toBeCertified, err := client.ReadPCRs(rwc, tpm2.PCRSelection{Hash: tpm2.AlgSHA256, PCRs: []int{1, 2, 3}}) - if err != nil { - t.Fatalf("failed to read pcrs %v", err) - } - if err := internal.CheckSubset(toBeCertified, baseline); err != nil { - t.Fatalf("Validation should pass: %v", err) - } - - if err := tpm2.PCRExtend(rwc, tpmutil.Handle(test.DebugPCR), tpm2.AlgSHA256, bytes.Repeat([]byte{0x00}, sha256.Size), ""); err != nil { - t.Fatalf("failed to extend pcr for test %v", err) - } - - toBeCertified, err = client.ReadPCRs(rwc, tpm2.PCRSelection{Hash: tpm2.AlgSHA256, PCRs: []int{1, 3, test.DebugPCR}}) - if err != nil { - t.Fatalf("failed to read pcrs %v", err) - } - if err := internal.CheckSubset(toBeCertified, baseline); err == nil { - t.Fatalf("validation should fail due to PCR %d changed", test.DebugPCR) - } - - toBeCertified, err = client.ReadPCRs(rwc, tpm2.PCRSelection{Hash: tpm2.AlgSHA256, PCRs: []int{}}) - if err != nil { - t.Fatalf("failed to read pcrs %v", err) - } - if err := internal.CheckSubset(toBeCertified, baseline); err != nil { - t.Fatalf("empty pcrs is always validate") - } -} diff --git a/vendor/github.com/google/go-tpm-tools/client/quote_test.go b/vendor/github.com/google/go-tpm-tools/client/quote_test.go deleted file mode 100644 index 55b59018b..000000000 --- a/vendor/github.com/google/go-tpm-tools/client/quote_test.go +++ /dev/null @@ -1,154 +0,0 @@ -package client_test - -import ( - "bytes" - "crypto/ecdsa" - "crypto/rsa" - "fmt" - "io" - "testing" - - "github.com/google/go-attestation/attest" - "github.com/google/go-tpm-tools/client" - "github.com/google/go-tpm-tools/internal/test" - "github.com/google/go-tpm/tpm2" -) - -func TestQuote(t *testing.T) { - rwc := test.GetTPM(t) - defer client.CheckedClose(t, rwc) - - keys := []struct { - name string - getKey func(io.ReadWriter) (*client.Key, error) - }{ - {"AK-ECC", client.AttestationKeyECC}, - {"AK-RSA", client.AttestationKeyRSA}, - } - - pcrSels := []tpm2.PCRSelection{ - { - Hash: tpm2.AlgSHA256, - PCRs: []int{7}, - }, - client.FullPcrSel(tpm2.AlgSHA256), - } - - for _, key := range keys { - for _, sel := range pcrSels { - name := fmt.Sprintf("%s-%d", key.name, len(sel.PCRs)) - t.Run(name, func(t *testing.T) { - ak, err := key.getKey(rwc) - if err != nil { - t.Errorf("failed to generate AK: %v", err) - } - defer ak.Close() - - quoted, err := ak.Quote(sel, []byte("test")) - if err != nil { - t.Errorf("failed to quote: %v", err) - } - sig, err := tpm2.DecodeSignature(bytes.NewBuffer(quoted.GetRawSig())) - if err != nil { - t.Errorf("signature decoding failed: %v", err) - } - - switch pub := ak.PublicKey().(type) { - case *ecdsa.PublicKey: - hash, err := sig.ECC.HashAlg.Hash() - if err != nil { - t.Fatalf("not a valid hash type: %v", sig.ECC.HashAlg) - } - - hashCon := hash.New() - hashCon.Write(quoted.GetQuote()) - if !ecdsa.Verify(pub, hashCon.Sum(nil)[:], sig.ECC.R, sig.ECC.S) { - t.Errorf("ECC signature verification failed") - } - case *rsa.PublicKey: - hash, err := sig.RSA.HashAlg.Hash() - if err != nil { - t.Fatalf("not a valid hash type: %v", sig.RSA.HashAlg) - } - - hashCon := hash.New() - hashCon.Write(quoted.GetQuote()) - if err = rsa.VerifyPKCS1v15(pub, hash, hashCon.Sum(nil), []byte(sig.RSA.Signature)); err != nil { - t.Errorf("RSA signature verification failed: %v", err) - } - } - }) - } - } - -} - -func TestQuoteShouldFailWithNonSigningKey(t *testing.T) { - rwc := test.GetTPM(t) - defer client.CheckedClose(t, rwc) - - srk, err := client.StorageRootKeyRSA(rwc) - if err != nil { - t.Errorf("failed to generate SRK: %v", err) - } - defer srk.Close() - - selpcr := tpm2.PCRSelection{ - Hash: tpm2.AlgSHA1, - PCRs: []int{7}, - } - _, err = srk.Quote(selpcr, []byte("test")) - if err == nil { - t.Errorf("Quote with a non-signing key should fail") - } - t.Log(err) -} - -// Basic tests of Key.Attest, more advanced methods are in server package -func TestAttest(t *testing.T) { - rwc := test.GetTPM(t) - defer client.CheckedClose(t, rwc) - - keys := []struct { - name string - getKey func(io.ReadWriter) (*client.Key, error) - shouldSucceed bool - }{ - {"AK-ECC", client.AttestationKeyECC, true}, - {"AK-RSA", client.AttestationKeyRSA, true}, - {"EK-ECC", client.EndorsementKeyECC, false}, - {"EK-RSA", client.EndorsementKeyRSA, false}, - } - for _, key := range keys { - t.Run(key.name, func(t *testing.T) { - ak, err := key.getKey(rwc) - if err != nil { - t.Fatalf("failed to generate AK: %v", err) - } - defer ak.Close() - - attestation, err := ak.Attest(client.AttestOpts{Nonce: []byte("some nonce")}) - if !key.shouldSucceed { - if err == nil { - t.Error("expected failure when calling Attest") - } - return - } - if err != nil { - t.Fatalf("failed to attest: %v", err) - } - - // Basic check, make sure we got multiple banks, and fields parse - if _, err = tpm2.DecodePublic(attestation.AkPub); err != nil { - t.Errorf("failed to decode AkPub: %v", err) - } - if len(attestation.Quotes) <= 1 { - t.Error("expected multiple quotes") - } - if _, err = attest.ParseEventLog(attestation.EventLog); err != nil { - t.Errorf("failed to parse event log: %v", err) - } - }) - - } -} diff --git a/vendor/github.com/google/go-tpm-tools/client/seal_test.go b/vendor/github.com/google/go-tpm-tools/client/seal_test.go deleted file mode 100644 index 1f9e8d761..000000000 --- a/vendor/github.com/google/go-tpm-tools/client/seal_test.go +++ /dev/null @@ -1,460 +0,0 @@ -package client_test - -import ( - "bytes" - "crypto/sha256" - "io" - "reflect" - "testing" - - "github.com/google/go-tpm/tpm2" - "github.com/google/go-tpm/tpmutil" - - "github.com/google/go-tpm-tools/client" - "github.com/google/go-tpm-tools/internal/test" - pb "github.com/google/go-tpm-tools/proto/tpm" -) - -func TestSeal(t *testing.T) { - rwc := test.GetTPM(t) - defer client.CheckedClose(t, rwc) - - keys := []struct { - name string - getSRK func(io.ReadWriter) (*client.Key, error) - }{ - {"RSA", client.StorageRootKeyRSA}, - {"ECC", client.StorageRootKeyECC}, - } - for _, key := range keys { - t.Run(key.name, func(t *testing.T) { - srk, err := key.getSRK(rwc) - if err != nil { - t.Fatalf("can't create %s srk from template: %v", key.name, err) - } - defer srk.Close() - - secret := []byte("test") - pcrToChange := test.DebugPCR - sel := tpm2.PCRSelection{Hash: tpm2.AlgSHA256, PCRs: []int{7, pcrToChange}} - sealed, err := srk.Seal(secret, client.SealOpts{Current: sel}) - if err != nil { - t.Fatalf("failed to seal: %v", err) - } - - opts := client.UnsealOpts{ - CertifyCurrent: tpm2.PCRSelection{ - Hash: tpm2.AlgSHA256, - PCRs: []int{7}, - }, - } - unseal, err := srk.Unseal(sealed, opts) - if err != nil { - t.Fatalf("failed to unseal: %v", err) - } - if !bytes.Equal(secret, unseal) { - t.Fatalf("unsealed (%v) not equal to secret (%v)", unseal, secret) - } - - extension := bytes.Repeat([]byte{0xAA}, sha256.Size) - if err = tpm2.PCRExtend(rwc, tpmutil.Handle(pcrToChange), tpm2.AlgSHA256, extension, ""); err != nil { - t.Fatalf("failed to extend pcr: %v", err) - } - - // unseal should not succeed. - if _, err = srk.Unseal(sealed, opts); err == nil { - t.Fatalf("unseal should have caused an error: %v", err) - } - }) - } -} - -func TestSelfReseal(t *testing.T) { - rwc := test.GetTPM(t) - defer client.CheckedClose(t, rwc) - - key, err := client.StorageRootKeyRSA(rwc) - if err != nil { - t.Fatalf("can't create srk from template: %v", err) - } - defer key.Close() - - secret := []byte("test") - pcrList := []int{0, 4, 7} - sOpts := client.SealOpts{ - Current: tpm2.PCRSelection{ - Hash: tpm2.AlgSHA256, - PCRs: pcrList, - }, - } - - sealed, err := key.Seal(secret, sOpts) - if err != nil { - t.Fatalf("failed to seal: %v", err) - } - - uOpts := client.UnsealOpts{ - CertifyCurrent: tpm2.PCRSelection{ - Hash: tpm2.AlgSHA256, - PCRs: []int{7}, - }, - } - unseal, err := key.Unseal(sealed, uOpts) - if err != nil { - t.Fatalf("failed to unseal: %v", err) - } - if !bytes.Equal(secret, unseal) { - t.Errorf("unsealed (%v) not equal to secret (%v)", unseal, secret) - } - - sealed, err = key.Reseal(sealed, uOpts, sOpts) - if err != nil { - t.Fatalf("failed to reseal: %v", err) - } - - unseal, err = key.Unseal(sealed, uOpts) - if err != nil { - t.Fatalf("failed to unseal after resealing: %v", err) - } - if !bytes.Equal(secret, unseal) { - t.Errorf("unsealed (%v) not equal to secret (%v)", unseal, secret) - } -} - -func computePCRValue(base []byte, extensions [][]byte) []byte { - for _, extension := range extensions { - sum := sha256.Sum256(append(base, extension...)) - base = sum[:] - } - return base -} - -func TestComputePCRValue(t *testing.T) { - rwc := test.GetTPM(t) - defer client.CheckedClose(t, rwc) - - pcrNum := test.DebugPCR - extensions := [][]byte{ - bytes.Repeat([]byte{0xAA}, sha256.Size), - bytes.Repeat([]byte{0xAB}, sha256.Size), - bytes.Repeat([]byte{0xAC}, sha256.Size), - bytes.Repeat([]byte{0xAD}, sha256.Size), - } - - pcrBase, err := tpm2.ReadPCR(rwc, pcrNum, tpm2.AlgSHA256) - if err != nil { - t.Fatalf("failed to read pcr %v", err) - } - - for _, extension := range extensions { - err := tpm2.PCRExtend(rwc, tpmutil.Handle(pcrNum), tpm2.AlgSHA256, extension, "") - if err != nil { - t.Fatalf("failed to extend pcr: %v", err) - } - } - - pcrVal, err := tpm2.ReadPCR(rwc, pcrNum, tpm2.AlgSHA256) - if err != nil { - t.Fatalf("failed to read pcr %v", err) - } - - computedValue := computePCRValue(pcrBase, extensions) - if !bytes.Equal(pcrVal, computedValue) { - t.Fatalf("pcrVal (%v) not equal to computedValue (%v)", pcrVal, computedValue) - } -} - -func TestReseal(t *testing.T) { - rwc := test.GetTPM(t) - defer client.CheckedClose(t, rwc) - - key, err := client.StorageRootKeyRSA(rwc) - if err != nil { - t.Fatalf("can't create srk from template: %v", err) - } - defer key.Close() - - secret := []byte("test") - pcrToChange := test.DebugPCR - sel := tpm2.PCRSelection{Hash: tpm2.AlgSHA256, PCRs: []int{7, pcrToChange}} - sealed, err := key.Seal(secret, client.SealOpts{Current: sel}) - if err != nil { - t.Fatalf("failed to seal: %v", err) - } - - uOpts := client.UnsealOpts{ - CertifyCurrent: sel, - } - unseal, err := key.Unseal(sealed, uOpts) - if err != nil { - t.Fatalf("failed to unseal: %v", err) - } - if !bytes.Equal(secret, unseal) { - t.Fatalf("unsealed (%v) not equal to secret (%v)", unseal, secret) - } - - // create a new set of PCRs value for modification - predictedPcrsValue, err := client.ReadPCRs(rwc, sel) - if err != nil { - t.Fatalf("failed to read PCRs value: %v", err) - } - // change pcr value to the predicted future value for resealing - extensions := [][]byte{bytes.Repeat([]byte{0xAA}, sha256.Size)} - predictedPcrsValue.GetPcrs()[uint32(pcrToChange)] = computePCRValue(predictedPcrsValue.GetPcrs()[uint32(pcrToChange)], extensions) - - sOpts := client.SealOpts{Target: predictedPcrsValue} - resealed, err := key.Reseal(sealed, uOpts, sOpts) - if err != nil { - t.Fatalf("failed to reseal: %v", err) - } - - // unseal should not succeed since pcr has not been extended. - if _, err = key.Unseal(resealed, client.UnsealOpts{}); err == nil { - t.Fatalf("unseal should have failed: %v", err) - } - - // save the current PCR value for certification before extend the PCRs - oldPcrsValue, err := client.ReadPCRs(rwc, sel) - if err != nil { - t.Fatalf("failed to read PCRs value: %v", err) - } - for _, extension := range extensions { - err = tpm2.PCRExtend(rwc, tpmutil.Handle(pcrToChange), tpm2.AlgSHA256, extension, "") - if err != nil { - t.Fatalf("failed to extend pcr: %v", err) - } - } - - // unseal should fail when certifying current PCR values, as one PCR has changed - _, err = key.Unseal(resealed, client.UnsealOpts{CertifyCurrent: sel}) - if err == nil { - t.Fatalf("unseal should fail since the certify PCRs have changed.") - } - - // certify original PCR values (PCR values at seal-time) will work - unseal, err = key.Unseal(resealed, client.UnsealOpts{CertifyExpected: oldPcrsValue}) - if err != nil { - t.Fatalf("failed to unseal: %v", err) - } - if !bytes.Equal(secret, unseal) { - t.Errorf("unsealed (%v) not equal to secret (%v)", unseal, secret) - } -} - -func TestSealResealWithEmptyPCRs(t *testing.T) { - rwc := test.GetTPM(t) - defer client.CheckedClose(t, rwc) - - key, err := client.StorageRootKeyRSA(rwc) - if err != nil { - t.Fatalf("can't create srk from template: %v", err) - } - defer key.Close() - - secret := []byte("test") - pcrToChange := test.DebugPCR - sealed, err := key.Seal(secret, client.SealOpts{}) - if err != nil { - t.Fatalf("failed to seal: %v", err) - } - opts := client.UnsealOpts{ - CertifyCurrent: tpm2.PCRSelection{ - Hash: tpm2.AlgSHA256, - PCRs: []int{pcrToChange}, - }, - } - unseal, err := key.Unseal(sealed, opts) - if err != nil { - t.Fatalf("failed to unseal: %v", err) - } - if !bytes.Equal(secret, unseal) { - t.Fatalf("unsealed (%v) not equal to secret (%v)", unseal, secret) - } - - extension := bytes.Repeat([]byte{0xAA}, sha256.Size) - if err = tpm2.PCRExtend(rwc, tpmutil.Handle(pcrToChange), tpm2.AlgSHA256, extension, ""); err != nil { - t.Fatalf("failed to extend pcr: %v", err) - } - - // unseal should fail as the PCR has changed (not as same as when sealing) - _, err = key.Unseal(sealed, opts) - if err == nil { - t.Fatalf("unseal should fail as PCR 7 changed") - } - - // reseal should succeed as UnsealOpts is empty - sealed, err = key.Reseal(sealed, client.UnsealOpts{}, client.SealOpts{}) - if err != nil { - t.Fatalf("failed to reseal: %v", err) - } - - // unseal should success as the above Reseal() "refreshes" the certify PCRs. - unseal, err = key.Unseal(sealed, opts) - if err != nil { - t.Errorf("failed to unseal: %v", err) - } - if !bytes.Equal(secret, unseal) { - t.Fatalf("unsealed (%v) not equal to secret (%v)", unseal, secret) - } -} - -func BenchmarkSeal(b *testing.B) { - rwc := test.GetTPM(b) - defer client.CheckedClose(b, rwc) - - pcrSel7 := tpm2.PCRSelection{Hash: tpm2.AlgSHA256, PCRs: []int{7}} - sOptsPCR7 := client.SealOpts{Current: pcrSel7} - uOptsPCR7 := client.UnsealOpts{CertifyCurrent: pcrSel7} - benchmarks := []struct { - name string - sOpts client.SealOpts - uOpts client.UnsealOpts - getKey func(io.ReadWriter) (*client.Key, error) - }{ - {"SRK-ECC-SealPCR7-UnsealPCR7", sOptsPCR7, uOptsPCR7, client.StorageRootKeyECC}, - {"SRK-ECC-SealEmpty-UnsealPCR7", client.SealOpts{}, uOptsPCR7, client.StorageRootKeyECC}, - {"SRK-ECC-SealPCR7-UnsealEmpty", sOptsPCR7, client.UnsealOpts{}, client.StorageRootKeyECC}, - {"SRK-ECC-SealEmpty-UnsealEmpty", client.SealOpts{}, client.UnsealOpts{}, client.StorageRootKeyECC}, - {"SRK-RSA-SealPCR7-UnsealPCR7", sOptsPCR7, uOptsPCR7, client.StorageRootKeyRSA}, - {"SRK-RSA-SealEmpty-UnsealPCR7", client.SealOpts{}, uOptsPCR7, client.StorageRootKeyRSA}, - {"SRK-RSA-SealPCR7-UnsealEmpty", sOptsPCR7, client.UnsealOpts{}, client.StorageRootKeyRSA}, - {"SRK-RSA-SealEmpty-UnsealEmpty", client.SealOpts{}, client.UnsealOpts{}, client.StorageRootKeyRSA}, - } - - for _, bm := range benchmarks { - key, err := bm.getKey(rwc) - if err != nil { - b.Fatal(err) - } - b.Run(bm.name, func(b *testing.B) { - for i := 0; i < b.N; i++ { - blob, err := key.Seal([]byte("test123"), bm.sOpts) - if err != nil { - b.Fatal(err) - } - if _, err = key.Unseal(blob, bm.uOpts); err != nil { - b.Fatal(err) - } - } - }) - } -} -func TestSealOpts(t *testing.T) { - rwc := test.GetTPM(t) - defer client.CheckedClose(t, rwc) - - emptySet := map[uint32]struct{}{} - srk, err := client.StorageRootKeyECC(rwc) - if err != nil { - t.Fatalf("failed to create SRK: %v", err) - } - - opts := []struct { - name string - current tpm2.PCRSelection - target *pb.PCRs - expectedPcrs map[uint32]struct{} - }{ - {"CurrentEmpty-TargetNil", tpm2.PCRSelection{}, nil, emptySet}, - {"CurrentEmpty7-TargetNil", tpm2.PCRSelection{}, nil, emptySet}, - {"CurrentEmpty-TargetEmpty", tpm2.PCRSelection{}, &pb.PCRs{}, emptySet}, - {"CurrentSHA1Empty-TargetSHA256Empty", - tpm2.PCRSelection{Hash: tpm2.AlgSHA1}, - &pb.PCRs{Hash: pb.HashAlgo_SHA256}, - emptySet}, - {"CurrentSHA256Empty-TargetSHA1Empty", - tpm2.PCRSelection{Hash: tpm2.AlgSHA256}, - &pb.PCRs{Hash: pb.HashAlgo_SHA1}, - emptySet}, - {"CurrentSHA2567-TargetSHA1Empty", - tpm2.PCRSelection{Hash: tpm2.AlgSHA256, PCRs: []int{7}}, - &pb.PCRs{Hash: pb.HashAlgo_SHA1}, - map[uint32]struct{}{7: {}}}, - {"Current7-TargetPCR0,4", - tpm2.PCRSelection{Hash: tpm2.AlgSHA256, PCRs: []int{0, 7}}, - &pb.PCRs{Hash: pb.HashAlgo_SHA256, - Pcrs: map[uint32][]byte{4: {0x00}}}, - map[uint32]struct{}{ - 0: {}, - 4: {}, - 7: {}, - }}, - } - - sliceToSet := func(a []uint32) map[uint32]struct{} { - ret := make(map[uint32]struct{}) - for _, val := range a { - ret[val] = struct{}{} - } - return ret - } - for _, testcase := range opts { - t.Run(testcase.name, func(t *testing.T) { - sOpts := client.SealOpts{Current: testcase.current, Target: testcase.target} - sealed, err := srk.Seal([]byte("secretzz"), sOpts) - if err != nil { - t.Errorf("error calling Seal with SealOpts: %v", err) - } - outPcrsMap := sliceToSet(sealed.Pcrs) - if !reflect.DeepEqual(outPcrsMap, testcase.expectedPcrs) { - t.Errorf("received PCRs (%v) do not match expected PCRs (%v)", - outPcrsMap, testcase.expectedPcrs) - } - }) - } - - // Run empty SealOpts. - _, err = srk.Seal([]byte("secretzz"), client.SealOpts{}) - if err != nil { - t.Errorf("error calling Seal with SealOpts: %v", err) - } -} -func TestSealAndUnsealOptsFail(t *testing.T) { - rwc := test.GetTPM(t) - defer client.CheckedClose(t, rwc) - - srk, err := client.StorageRootKeyECC(rwc) - if err != nil { - t.Fatalf("failed to create SRK: %v", err) - } - - pcrSel7 := tpm2.PCRSelection{Hash: tpm2.AlgSHA256, PCRs: []int{7}} - pcrMap7 := map[uint32][]byte{7: {0x01, 0x02}} - pbPcr7 := &pb.PCRs{Hash: pb.HashAlgo_SHA256, Pcrs: pcrMap7} - opts := []struct { - name string - current tpm2.PCRSelection - target *pb.PCRs - }{ - {"CurrentSHA256-TargetSHA1", pcrSel7, &pb.PCRs{Hash: pb.HashAlgo_SHA1, Pcrs: pcrMap7}}, - {"Current-TargetPCROverlap", pcrSel7, pbPcr7}, - {"Current-TargetPCROverlapMultiple", tpm2.PCRSelection{Hash: tpm2.AlgSHA256, PCRs: []int{0, 4, 7, 8}}, - &pb.PCRs{Hash: pb.HashAlgo_SHA256, Pcrs: map[uint32][]byte{0: {}, 4: {0x00}, 9: {0x01, 0x02}}}}, - } - - for _, testcase := range opts { - t.Run("Seal"+testcase.name, func(t *testing.T) { - sOpts := client.SealOpts{Current: testcase.current, - Target: testcase.target} - _, err := srk.Seal([]byte("secretzz"), sOpts) - if err == nil { - t.Errorf("expected failure calling SealOpts") - } - }) - } - - sealed, err := srk.Seal([]byte("secretzz"), client.SealOpts{}) - if err != nil { - t.Fatalf("failed to seal: %v", err) - } - for _, testcase := range opts { - t.Run("Unseal"+testcase.name, func(t *testing.T) { - uOpts := client.UnsealOpts{CertifyCurrent: testcase.current, - CertifyExpected: testcase.target} - _, err := srk.Unseal(sealed, uOpts) - if err == nil { - t.Errorf("expected failure calling SealOpts") - } - }) - } -} diff --git a/vendor/github.com/google/go-tpm-tools/client/session.go b/vendor/github.com/google/go-tpm-tools/client/session.go deleted file mode 100644 index 1803ef316..000000000 --- a/vendor/github.com/google/go-tpm-tools/client/session.go +++ /dev/null @@ -1,89 +0,0 @@ -package client - -import ( - "io" - - "github.com/google/go-tpm/tpm2" - "github.com/google/go-tpm/tpmutil" -) - -type session interface { - io.Closer - Auth() (tpm2.AuthCommand, error) -} - -func startAuthSession(rw io.ReadWriter) (session tpmutil.Handle, err error) { - // This session assumes the bus is trusted, so we: - // - use nil for tpmKey, encrypted salt, and symmetric - // - use and all-zeros caller nonce, and ignore the returned nonce - // As we are creating a plain TPM session, we: - // - setup a policy session - // - don't bind the session to any particular key - session, _, err = tpm2.StartAuthSession( - rw, - /*tpmKey=*/ tpm2.HandleNull, - /*bindKey=*/ tpm2.HandleNull, - /*nonceCaller=*/ make([]byte, SessionHashAlg.Size()), - /*encryptedSalt=*/ nil, - /*sessionType=*/ tpm2.SessionPolicy, - /*symmetric=*/ tpm2.AlgNull, - /*authHash=*/ SessionHashAlgTpm) - return -} - -type pcrSession struct { - rw io.ReadWriter - session tpmutil.Handle - sel tpm2.PCRSelection -} - -func newPCRSession(rw io.ReadWriter, sel tpm2.PCRSelection) (session, error) { - if len(sel.PCRs) == 0 { - return nullSession{}, nil - } - session, err := startAuthSession(rw) - return pcrSession{rw, session, sel}, err -} - -func (p pcrSession) Auth() (auth tpm2.AuthCommand, err error) { - if err = tpm2.PolicyPCR(p.rw, p.session, nil, p.sel); err != nil { - return - } - return tpm2.AuthCommand{Session: p.session, Attributes: tpm2.AttrContinueSession}, nil -} - -func (p pcrSession) Close() error { - return tpm2.FlushContext(p.rw, p.session) -} - -type ekSession struct { - rw io.ReadWriter - session tpmutil.Handle -} - -func newEKSession(rw io.ReadWriter) (session, error) { - session, err := startAuthSession(rw) - return ekSession{rw, session}, err -} - -func (e ekSession) Auth() (auth tpm2.AuthCommand, err error) { - nullAuth := tpm2.AuthCommand{Session: tpm2.HandlePasswordSession, Attributes: tpm2.AttrContinueSession} - if _, err = tpm2.PolicySecret(e.rw, tpm2.HandleEndorsement, nullAuth, e.session, nil, nil, nil, 0); err != nil { - return - } - return tpm2.AuthCommand{Session: e.session, Attributes: tpm2.AttrContinueSession}, nil -} - -func (e ekSession) Close() error { - return tpm2.FlushContext(e.rw, e.session) -} - -type nullSession struct{} - -func (n nullSession) Auth() (auth tpm2.AuthCommand, err error) { - return tpm2.AuthCommand{Session: tpm2.HandlePasswordSession, Attributes: tpm2.AttrContinueSession}, nil -} - -func (n nullSession) Close() error { - return nil -} diff --git a/vendor/github.com/google/go-tpm-tools/client/signer.go b/vendor/github.com/google/go-tpm-tools/client/signer.go deleted file mode 100644 index a2de5201d..000000000 --- a/vendor/github.com/google/go-tpm-tools/client/signer.go +++ /dev/null @@ -1,146 +0,0 @@ -package client - -import ( - "crypto" - "crypto/rsa" - "encoding/asn1" - "fmt" - "io" - "math/big" - "sync" - - "github.com/google/go-tpm-tools/internal" - "github.com/google/go-tpm/tpm2" -) - -// Global mutex to protect against concurrent TPM access. -var signerMutex sync.Mutex - -type tpmSigner struct { - Key *Key - Hash crypto.Hash -} - -// Public returns the tpmSigners public key. -func (signer *tpmSigner) Public() crypto.PublicKey { - return signer.Key.PublicKey() -} - -// Sign uses the TPM key to sign the digest. -// The digest must be hashed from the same hash algorithm as the keys scheme. -// The opts hash function must also match the keys scheme (or be nil). -// Concurrent use of Sign is thread safe, but it is not safe to access the TPM -// from other sources while Sign is executing. -// For RSAPSS signatures, you cannot specify custom salt lengths. The salt -// length will be (keyBits/8) - digestSize - 2, unless that is less than the -// digestSize in which case, saltLen will be digestSize. The only normal case -// where saltLen is not digestSize is when using 1024 keyBits with SHA512. -func (signer *tpmSigner) Sign(_ io.Reader, digest []byte, opts crypto.SignerOpts) (signature []byte, err error) { - if pssOpts, ok := opts.(*rsa.PSSOptions); ok { - if signer.Key.pubArea.RSAParameters == nil { - return nil, fmt.Errorf("invalid options: PSSOptions can only be used with RSA keys") - } - if signer.Key.pubArea.RSAParameters.Sign.Alg != tpm2.AlgRSAPSS { - return nil, fmt.Errorf("invalid options: PSSOptions cannot be used with signing alg: %v", signer.Key.pubArea.RSAParameters.Sign.Alg) - } - if pssOpts.SaltLength != rsa.PSSSaltLengthAuto { - return nil, fmt.Errorf("salt length must be rsa.PSSSaltLengthAuto") - } - } - if opts != nil && opts.HashFunc() != signer.Hash { - return nil, fmt.Errorf("hash algorithm: got %v, want %v", opts.HashFunc(), signer.Hash) - } - if len(digest) != signer.Hash.Size() { - return nil, fmt.Errorf("digest length: got %d, want %d", digest, signer.Hash.Size()) - } - - signerMutex.Lock() - defer signerMutex.Unlock() - - auth, err := signer.Key.session.Auth() - if err != nil { - return nil, err - } - - sig, err := tpm2.SignWithSession(signer.Key.rw, auth.Session, signer.Key.handle, "", digest, nil, nil) - if err != nil { - return nil, err - } - return getSignature(sig) -} - -// GetSigner returns a crypto.Signer wrapping the loaded TPM Key. -// Concurrent use of one or more Signers is thread safe, but it is not safe to -// access the TPM from other sources while using a Signer. -// The returned Signer lasts the lifetime of the Key, and will no longer work -// once the Key has been closed. -func (k *Key) GetSigner() (crypto.Signer, error) { - if k.hasAttribute(tpm2.FlagRestricted) { - return nil, fmt.Errorf("restricted keys are not supported") - } - hashAlg, err := internal.GetSigningHashAlg(k.pubArea) - if err != nil { - return nil, err - } - // For crypto.Signer, Go does the hashing. Make sure the hash is supported. - hash, err := hashAlg.Hash() - if err != nil { - return nil, err - } - return &tpmSigner{k, hash}, nil -} - -// SignData signs a data buffer with a TPM loaded key. Unlike GetSigner, this -// method works with restricted and unrestricted keys. If this method is called -// on a restriced key, the TPM itself will hash the provided data, failing the -// signing operation if the data begins with TPM_GENERATED_VALUE. -func (k *Key) SignData(data []byte) ([]byte, error) { - hashAlg, err := internal.GetSigningHashAlg(k.pubArea) - if err != nil { - return nil, err - } - - var digest []byte - var ticket *tpm2.Ticket - if k.hasAttribute(tpm2.FlagRestricted) { - // Restricted keys can only sign data hashed by the TPM. We use the - // owner hierarchy for the Ticket, but any non-Null hierarchy would do. - digest, ticket, err = tpm2.Hash(k.rw, hashAlg, data, tpm2.HandleOwner) - if err != nil { - return nil, err - } - } else { - // Unrestricted keys can sign any digest, no need for TPM hashing. - hash, err := hashAlg.Hash() - if err != nil { - return nil, err - } - hasher := hash.New() - hasher.Write(data) - digest = hasher.Sum(nil) - } - - auth, err := k.session.Auth() - if err != nil { - return nil, err - } - sig, err := tpm2.SignWithSession(k.rw, auth.Session, k.handle, "", digest, ticket, nil) - if err != nil { - return nil, err - } - return getSignature(sig) -} - -func getSignature(sig *tpm2.Signature) ([]byte, error) { - switch sig.Alg { - case tpm2.AlgRSASSA: - return sig.RSA.Signature, nil - case tpm2.AlgRSAPSS: - return sig.RSA.Signature, nil - case tpm2.AlgECDSA: - sigStruct := struct{ R, S *big.Int }{sig.ECC.R, sig.ECC.S} - return asn1.Marshal(sigStruct) - default: - return nil, fmt.Errorf("unsupported signing algorithm: %v", sig.Alg) - } -} diff --git a/vendor/github.com/google/go-tpm-tools/client/signer_test.go b/vendor/github.com/google/go-tpm-tools/client/signer_test.go deleted file mode 100644 index d264e9e9d..000000000 --- a/vendor/github.com/google/go-tpm-tools/client/signer_test.go +++ /dev/null @@ -1,317 +0,0 @@ -package client_test - -import ( - "crypto" - "crypto/ecdsa" - "crypto/rsa" - "crypto/sha1" - "crypto/sha256" - "encoding/asn1" - "math/big" - "testing" - - "github.com/google/go-tpm-tools/client" - "github.com/google/go-tpm-tools/internal/test" - "github.com/google/go-tpm/tpm2" -) - -func templateSSA(hash tpm2.Algorithm) tpm2.Public { - template := client.AKTemplateRSA() - // Can't sign arbitrary data if restricted. - template.Attributes &= ^tpm2.FlagRestricted - template.RSAParameters.Sign.Hash = hash - return template -} - -func templatePSS(hash tpm2.Algorithm) tpm2.Public { - template := templateSSA(hash) - template.RSAParameters.Sign.Alg = tpm2.AlgRSAPSS - return template -} - -func templateECC(hash tpm2.Algorithm) tpm2.Public { - template := client.AKTemplateECC() - template.Attributes &= ^tpm2.FlagRestricted - template.ECCParameters.Sign.Hash = hash - return template -} - -// Templates that require some sort of (default) authorization -func templateAuthSSA() tpm2.Public { - template := templateSSA(tpm2.AlgSHA256) - template.AuthPolicy = client.DefaultEKTemplateRSA().AuthPolicy - template.Attributes |= tpm2.FlagAdminWithPolicy - template.Attributes &= ^tpm2.FlagUserWithAuth - return template -} - -func templateAuthECC() tpm2.Public { - template := templateECC(tpm2.AlgSHA256) - template.AuthPolicy = client.DefaultEKTemplateECC().AuthPolicy - template.Attributes |= tpm2.FlagAdminWithPolicy - template.Attributes &= ^tpm2.FlagUserWithAuth - return template -} - -func verifyRSA(pubKey crypto.PublicKey, hash crypto.Hash, digest, sig []byte) bool { - return rsa.VerifyPKCS1v15(pubKey.(*rsa.PublicKey), hash, digest, sig) == nil -} - -func verifyECC(pubKey crypto.PublicKey, _ crypto.Hash, digest, sig []byte) bool { - var sigStruct struct{ R, S *big.Int } - asn1.Unmarshal(sig, &sigStruct) - return ecdsa.Verify(pubKey.(*ecdsa.PublicKey), digest, sigStruct.R, sigStruct.S) -} - -func TestSign(t *testing.T) { - rwc := test.GetTPM(t) - defer client.CheckedClose(t, rwc) - - keys := []struct { - name string - hash crypto.Hash - template tpm2.Public - verify func(crypto.PublicKey, crypto.Hash, []byte, []byte) bool - }{ - {"RSA-SHA1", crypto.SHA1, templateSSA(tpm2.AlgSHA1), verifyRSA}, - {"RSA-SHA256", crypto.SHA256, templateSSA(tpm2.AlgSHA256), verifyRSA}, - {"RSA-SHA384", crypto.SHA384, templateSSA(tpm2.AlgSHA384), verifyRSA}, - {"RSA-SHA512", crypto.SHA512, templateSSA(tpm2.AlgSHA512), verifyRSA}, - {"ECC-SHA1", crypto.SHA1, templateECC(tpm2.AlgSHA1), verifyECC}, - {"ECC-SHA256", crypto.SHA256, templateECC(tpm2.AlgSHA256), verifyECC}, - {"ECC-SHA384", crypto.SHA384, templateECC(tpm2.AlgSHA384), verifyECC}, - {"ECC-SHA512", crypto.SHA512, templateECC(tpm2.AlgSHA512), verifyECC}, - {"Auth-RSA", crypto.SHA256, templateAuthSSA(), verifyRSA}, - {"Auth-ECC", crypto.SHA256, templateAuthECC(), verifyECC}, - } - - message := []byte("authenticated message") - // Data beginning with TPM_GENERATED_VALUE (looks like a TPM-test message) - generatedMsg := append([]byte("\xffTCG"), message...) - for _, k := range keys { - hash := k.hash.New() - hash.Write(message) - digest := hash.Sum(nil) - alg, err := tpm2.HashToAlgorithm(k.hash) - if err != nil { - t.Fatal(err) - } - - t.Run(k.name, func(t *testing.T) { - test.SkipOnUnsupportedAlg(t, rwc, alg) - - key, err := client.NewKey(rwc, tpm2.HandleEndorsement, k.template) - if err != nil { - t.Fatal(err) - } - defer key.Close() - - signer, err := key.GetSigner() - if err != nil { - t.Fatal(err) - } - sig, err := signer.Sign(nil, digest, k.hash) - if err != nil { - t.Fatal(err) - } - if !k.verify(signer.Public(), k.hash, digest, sig) { - t.Error(err) - } - }) - t.Run(k.name+"-SignData", func(t *testing.T) { - test.SkipOnUnsupportedAlg(t, rwc, alg) - - key, err := client.NewKey(rwc, tpm2.HandleEndorsement, k.template) - if err != nil { - t.Fatal(err) - } - defer key.Close() - - sig, err := key.SignData(message) - if err != nil { - t.Fatal(err) - } - if !k.verify(key.PublicKey(), k.hash, digest, sig) { - t.Error(err) - } - - // Unrestricted keys can sign data beginning with TPM_GENERATED_VALUE - if _, err = key.SignData(generatedMsg); err != nil { - t.Error(err) - } - }) - t.Run(k.name+"-SignDataRestricted", func(t *testing.T) { - test.SkipOnUnsupportedAlg(t, rwc, alg) - - restrictedTemplate := k.template - restrictedTemplate.Attributes |= tpm2.FlagRestricted - key, err := client.NewKey(rwc, tpm2.HandleEndorsement, restrictedTemplate) - if err != nil { - t.Fatal(err) - } - defer key.Close() - - sig, err := key.SignData(message) - if err != nil { - t.Fatal(err) - } - if !k.verify(key.PublicKey(), k.hash, digest, sig) { - t.Error(err) - } - - // Restricted keys cannot sign data beginning with TPM_GENERATED_VALUE - if _, err = key.SignData(generatedMsg); err == nil { - t.Error("Signing TPM_GENERATED_VALUE data should fail") - } - }) - } -} - -func TestSignIncorrectHash(t *testing.T) { - rwc := test.GetTPM(t) - defer client.CheckedClose(t, rwc) - - key, err := client.NewKey(rwc, tpm2.HandleEndorsement, templateSSA(tpm2.AlgSHA256)) - if err != nil { - t.Fatal(err) - } - defer key.Close() - - signer, err := key.GetSigner() - if err != nil { - t.Fatal(err) - } - - digestSHA1 := sha1.Sum([]byte("authenticated message")) - digestSHA256 := sha256.Sum256([]byte("authenticated message")) - - if _, err := signer.Sign(nil, digestSHA1[:], crypto.SHA1); err == nil { - t.Error("expected failure for digest and hash not matching keys sigScheme.") - } - - if _, err := signer.Sign(nil, digestSHA1[:], crypto.SHA256); err == nil { - t.Error("expected failure for correct hash, but incorrect digest.") - } - - if _, err := signer.Sign(nil, digestSHA256[:], crypto.SHA1); err == nil { - t.Error("expected failure for correct digest, but incorrect hash.") - } -} - -func TestSignPSS(t *testing.T) { - rwc := test.GetTPM(t) - defer client.CheckedClose(t, rwc) - keys := []struct { - name string - opts crypto.SignerOpts - template tpm2.Public - keyBits uint16 - saltLen int - }{ - // saltLen should be (keyBits/8) - digestSize - 2, unless that is less than - // digestSize in which case, saltLen will be digestSize. - // The only normal case where saltLen is not digestSize is when using - // 1024 keyBits with SHA512. - {"RSA-SHA1", crypto.SHA1, templatePSS(tpm2.AlgSHA1), 1024, 20}, - {"RSA-SHA256", crypto.SHA256, templatePSS(tpm2.AlgSHA256), 1024, 32}, - {"RSA-SHA384", crypto.SHA384, templatePSS(tpm2.AlgSHA384), 1024, 48}, - {"RSA-SHA512", crypto.SHA512, templatePSS(tpm2.AlgSHA512), 1024, 62}, - {"RSA-SHA512", crypto.SHA512, templatePSS(tpm2.AlgSHA512), 2048, 64}, - {"RSA-SHA1", &rsa.PSSOptions{SaltLength: rsa.PSSSaltLengthAuto, Hash: crypto.SHA1}, templatePSS(tpm2.AlgSHA1), 1024, 20}, - {"RSA-SHA256", &rsa.PSSOptions{SaltLength: rsa.PSSSaltLengthAuto, Hash: crypto.SHA256}, templatePSS(tpm2.AlgSHA256), 1024, 32}, - {"RSA-SHA384", &rsa.PSSOptions{SaltLength: rsa.PSSSaltLengthAuto, Hash: crypto.SHA384}, templatePSS(tpm2.AlgSHA384), 1024, 48}, - {"RSA-SHA512", &rsa.PSSOptions{SaltLength: rsa.PSSSaltLengthAuto, Hash: crypto.SHA512}, templatePSS(tpm2.AlgSHA512), 1024, 62}, - {"RSA-SHA512", &rsa.PSSOptions{SaltLength: rsa.PSSSaltLengthAuto, Hash: crypto.SHA512}, templatePSS(tpm2.AlgSHA512), 2048, 64}, - } - - for _, k := range keys { - t.Run(k.name, func(t *testing.T) { - alg, err := tpm2.HashToAlgorithm(k.opts.HashFunc()) - if err != nil { - t.Fatal(err) - } - test.SkipOnUnsupportedAlg(t, rwc, alg) - - k.template.RSAParameters.KeyBits = k.keyBits - - key, err := client.NewKey(rwc, tpm2.HandleEndorsement, k.template) - if err != nil { - t.Fatal(err) - } - defer key.Close() - - hash := k.opts.HashFunc().New() - hash.Write([]byte("authenticated message")) - digest := hash.Sum(nil) - - signer, err := key.GetSigner() - if err != nil { - t.Fatal(err) - } - sig, err := signer.Sign(nil, digest[:], k.opts) - if err != nil { - t.Fatal(err) - } - // Different implementations may specify different salt length. Some have "keyBytes - digestSize - 2", some have - // just "digestSize". Therefore here we just verify with default salt length. - err = rsa.VerifyPSS(signer.Public().(*rsa.PublicKey), k.opts.HashFunc(), digest[:], sig, nil) - if err != nil { - t.Error(err) - } - }) - } -} - -/// Make sure signing fails when using PSS params with a non-PSS key -func TestFailSignPSS(t *testing.T) { - rwc := test.GetTPM(t) - defer client.CheckedClose(t, rwc) - keys := []struct { - name string - template tpm2.Public - }{ - {"SSA", templateSSA(tpm2.AlgSHA256)}, - {"ECC", templateECC(tpm2.AlgSHA256)}, - } - - pssOpts := rsa.PSSOptions{SaltLength: rsa.PSSSaltLengthAuto, Hash: crypto.SHA256} - - for _, k := range keys { - t.Run(k.name, func(t *testing.T) { - key, err := client.NewKey(rwc, tpm2.HandleEndorsement, k.template) - if err != nil { - t.Fatal(err) - } - defer key.Close() - - signer, err := key.GetSigner() - if err != nil { - t.Fatal(err) - } - - // Fake SHA-256 digest - digest := make([]byte, 32) - if _, err = signer.Sign(nil, digest, &pssOpts); err == nil { - t.Error("expected failure when using PSS options") - } - }) - } -} - -// Signing keys without a signature scheme are incompatible with GetSigner -func TestFailGetSignerNullScheme(t *testing.T) { - template := templateSSA(tpm2.AlgSHA256) - template.RSAParameters.Sign = nil - - rwc := test.GetTPM(t) - defer client.CheckedClose(t, rwc) - key, err := client.NewKey(rwc, tpm2.HandleEndorsement, template) - if err != nil { - t.Fatal(err) - } - defer key.Close() - - if _, err = key.GetSigner(); err == nil { - t.Error("expected failure when calling GetSigner") - } -} diff --git a/vendor/github.com/google/go-tpm-tools/client/template.go b/vendor/github.com/google/go-tpm-tools/client/template.go deleted file mode 100644 index a82632883..000000000 --- a/vendor/github.com/google/go-tpm-tools/client/template.go +++ /dev/null @@ -1,143 +0,0 @@ -package client - -import ( - "crypto/sha256" - - "github.com/google/go-tpm/tpm2" - "github.com/google/go-tpm/tpmutil" -) - -// Calculations from Credential_Profile_EK_V2.0, section 2.1.5.3 - authPolicy -func defaultEKAuthPolicy() []byte { - buf, err := tpmutil.Pack(tpm2.CmdPolicySecret, tpm2.HandleEndorsement) - if err != nil { - panic(err) - } - digest1 := sha256.Sum256(append(make([]byte, 32), buf...)) - // We would normally append the policy buffer to digest1, but the - // policy buffer is empty for the default Auth Policy. - digest2 := sha256.Sum256(digest1[:]) - return digest2[:] -} - -func defaultEKAttributes() tpm2.KeyProp { - // The EK is a storage key that must use session-based authorization. - return (tpm2.FlagStorageDefault | tpm2.FlagAdminWithPolicy) & ^tpm2.FlagUserWithAuth -} - -func defaultSRKAttributes() tpm2.KeyProp { - // FlagNoDA doesn't do anything (as the AuthPolicy is nil). However, this is - // what Windows does, and we don't want to conflict. - return tpm2.FlagStorageDefault | tpm2.FlagNoDA -} - -func defaultSymScheme() *tpm2.SymScheme { - return &tpm2.SymScheme{ - Alg: tpm2.AlgAES, - KeyBits: 128, - Mode: tpm2.AlgCFB, - } -} - -func defaultRSAParams() *tpm2.RSAParams { - return &tpm2.RSAParams{ - Symmetric: defaultSymScheme(), - KeyBits: 2048, - ModulusRaw: make([]byte, 256), // public.unique must be all zeros - } -} - -func defaultECCParams() *tpm2.ECCParams { - return &tpm2.ECCParams{ - Symmetric: defaultSymScheme(), - CurveID: tpm2.CurveNISTP256, - Point: tpm2.ECPoint{ - XRaw: make([]byte, 32), - YRaw: make([]byte, 32), - }, - } -} - -// DefaultEKTemplateRSA returns the default Endorsement Key (EK) template as -// specified in Credential_Profile_EK_V2.0, section 2.1.5.1 - authPolicy. -// https://trustedcomputinggroup.org/wp-content/uploads/Credential_Profile_EK_V2.0_R14_published.pdf -func DefaultEKTemplateRSA() tpm2.Public { - return tpm2.Public{ - Type: tpm2.AlgRSA, - NameAlg: tpm2.AlgSHA256, - Attributes: defaultEKAttributes(), - AuthPolicy: defaultEKAuthPolicy(), - RSAParameters: defaultRSAParams(), - } -} - -// DefaultEKTemplateECC returns the default Endorsement Key (EK) template as -// specified in Credential_Profile_EK_V2.0, section 2.1.5.2 - authPolicy. -// https://trustedcomputinggroup.org/wp-content/uploads/Credential_Profile_EK_V2.0_R14_published.pdf -func DefaultEKTemplateECC() tpm2.Public { - return tpm2.Public{ - Type: tpm2.AlgECC, - NameAlg: tpm2.AlgSHA256, - Attributes: defaultEKAttributes(), - AuthPolicy: defaultEKAuthPolicy(), - ECCParameters: defaultECCParams(), - } -} - -// AKTemplateRSA returns a potential Attestation Key (AK) template. -// This is very similar to DefaultEKTemplateRSA, except that this will be a -// signing key instead of an encrypting key. -func AKTemplateRSA() tpm2.Public { - return tpm2.Public{ - Type: tpm2.AlgRSA, - NameAlg: tpm2.AlgSHA256, - Attributes: tpm2.FlagSignerDefault, - RSAParameters: &tpm2.RSAParams{ - Sign: &tpm2.SigScheme{ - Alg: tpm2.AlgRSASSA, - Hash: tpm2.AlgSHA256, - }, - KeyBits: 2048, - }, - } -} - -// AKTemplateECC returns a potential Attestation Key (AK) template. -// This is very similar to DefaultEKTemplateECC, except that this will be a -// signing key instead of an encrypting key. -func AKTemplateECC() tpm2.Public { - params := defaultECCParams() - params.Symmetric = nil - params.Sign = &tpm2.SigScheme{ - Alg: tpm2.AlgECDSA, - Hash: tpm2.AlgSHA256, - } - return tpm2.Public{ - Type: tpm2.AlgECC, - NameAlg: tpm2.AlgSHA256, - Attributes: tpm2.FlagSignerDefault, - ECCParameters: params, - } -} - -// SRKTemplateRSA returns a standard Storage Root Key (SRK) template. -// This is based upon the advice in the TCG's TPM v2.0 Provisioning Guidance. -func SRKTemplateRSA() tpm2.Public { - return tpm2.Public{ - Type: tpm2.AlgRSA, - NameAlg: tpm2.AlgSHA256, - Attributes: defaultSRKAttributes(), - RSAParameters: defaultRSAParams(), - } -} - -// SRKTemplateECC returns a standard Storage Root Key (SRK) template. -// This is based upon the advice in the TCG's TPM v2.0 Provisioning Guidance. -func SRKTemplateECC() tpm2.Public { - return tpm2.Public{ - Type: tpm2.AlgECC, - NameAlg: tpm2.AlgSHA256, - Attributes: defaultSRKAttributes(), - ECCParameters: defaultECCParams(), - } -} diff --git a/vendor/github.com/google/go-tpm-tools/cmd/flags.go b/vendor/github.com/google/go-tpm-tools/cmd/flags.go deleted file mode 100644 index 002ce2d92..000000000 --- a/vendor/github.com/google/go-tpm-tools/cmd/flags.go +++ /dev/null @@ -1,208 +0,0 @@ -package cmd - -import ( - "errors" - "fmt" - "io" - "os" - "strconv" - "strings" - - "github.com/google/go-tpm-tools/client" - "github.com/google/go-tpm/tpm2" - "github.com/spf13/cobra" -) - -var ( - output string - input string - nvIndex uint32 - keyAlgo = tpm2.AlgRSA - pcrs []int -) - -type pcrsFlag struct { - value *[]int -} - -func (f *pcrsFlag) Set(val string) error { - for _, d := range strings.Split(val, ",") { - pcr, err := strconv.Atoi(d) - if err != nil { - return err - } - if pcr < 0 || pcr >= client.NumPCRs { - return errors.New("pcr out of range") - } - *f.value = append(*f.value, pcr) - } - return nil -} - -func (f *pcrsFlag) Type() string { - return "pcrs" -} - -func (f *pcrsFlag) String() string { - if len(*f.value) == 0 { - return "" - } - var b strings.Builder - fmt.Fprintf(&b, "%d", (*f.value)[0]) - for _, pcr := range (*f.value)[1:] { - fmt.Fprintf(&b, ",%d", pcr) - } - return b.String() -} - -var algos = map[tpm2.Algorithm]string{ - tpm2.AlgUnknown: "", - tpm2.AlgRSA: "rsa", - tpm2.AlgECC: "ecc", - tpm2.AlgSHA1: "sha1", - tpm2.AlgSHA256: "sha256", - tpm2.AlgSHA384: "sha384", - tpm2.AlgSHA512: "sha512", -} - -type algoFlag struct { - value *tpm2.Algorithm - allowed []tpm2.Algorithm -} - -func (f *algoFlag) Set(val string) error { - present := false - for _, algo := range f.allowed { - if algos[algo] == val { - *f.value = algo - present = true - } - } - if !present { - return errors.New("unknown algorithm") - } - return nil -} - -func (f *algoFlag) Type() string { - return "algo" -} - -func (f *algoFlag) String() string { - return algos[*f.value] -} - -// Allowed gives a string list of the permitted algorithm values for this flag. -func (f *algoFlag) Allowed() string { - out := make([]string, len(f.allowed)) - for i, a := range f.allowed { - out[i] = algos[a] - } - return strings.Join(out, ", ") -} - -// Disable the "help" subcommand (and just use the -h/--help flags). -// This should be called on all commands with subcommands. -// See https://github.com/spf13/cobra/issues/587 for why this is needed. -func hideHelp(cmd *cobra.Command) { - cmd.SetHelpCommand(&cobra.Command{Hidden: true}) -} - -// Lets this command specify an output file, for use with dataOutput(). -func addOutputFlag(cmd *cobra.Command) { - cmd.PersistentFlags().StringVar(&output, "output", "", - "output file (defaults to stdout)") -} - -// Lets this command specify an input file, for use with dataInput(). -func addInputFlag(cmd *cobra.Command) { - cmd.PersistentFlags().StringVar(&input, "input", "", - "input file (defaults to stdin)") -} - -// Lets this command specify an NVDATA index, for use with nvIndex. -func addIndexFlag(cmd *cobra.Command) { - cmd.PersistentFlags().Uint32Var(&nvIndex, "index", 0, - "NVDATA index, cannot be 0") -} - -// Lets this command specify some number of PCR arguments, check if in range. -func addPCRsFlag(cmd *cobra.Command) { - cmd.PersistentFlags().Var(&pcrsFlag{&pcrs}, "pcrs", "comma separated list of PCR numbers") -} - -// Lets this command specify the public key algorithm. -func addPublicKeyAlgoFlag(cmd *cobra.Command) { - f := algoFlag{&keyAlgo, []tpm2.Algorithm{tpm2.AlgRSA, tpm2.AlgECC}} - cmd.PersistentFlags().Var(&f, "algo", "public key algorithm: "+f.Allowed()) -} - -func addHashAlgoFlag(cmd *cobra.Command, hashAlgo *tpm2.Algorithm) { - f := algoFlag{hashAlgo, []tpm2.Algorithm{tpm2.AlgSHA1, tpm2.AlgSHA256, tpm2.AlgSHA384, tpm2.AlgSHA512}} - cmd.PersistentFlags().Var(&f, "hash-algo", "hash algorithm: "+f.Allowed()) -} - -// alwaysError implements io.ReadWriter by always returning an error -type alwaysError struct { - error -} - -func (ae alwaysError) Write([]byte) (int, error) { - return 0, ae.error -} - -func (ae alwaysError) Read(p []byte) (n int, err error) { - return 0, ae.error -} - -// Handle to output data file. If there is an issue opening the file, the Writer -// returned will return the error upon any call to Write() -func dataOutput() io.Writer { - if output == "" { - return os.Stdout - } - - file, err := os.Create(output) - if err != nil { - return alwaysError{err} - } - return file -} - -// Handle to input data file. If there is an issue opening the file, the Reader -// returned will return the error upon any call to Read() -func dataInput() io.Reader { - if input == "" { - return os.Stdin - } - - file, err := os.Open(input) - if err != nil { - return alwaysError{err} - } - return file -} - -// Load SRK based on tpm2.Algorithm set in the global flag vars. -func getSRK(rwc io.ReadWriter) (*client.Key, error) { - switch keyAlgo { - case tpm2.AlgRSA: - return client.StorageRootKeyRSA(rwc) - case tpm2.AlgECC: - return client.StorageRootKeyECC(rwc) - default: - panic("unexpected keyAlgo") - } -} - -// Load EK based on tpm2.Algorithm set in the global flag vars. -func getEK(rwc io.ReadWriter) (*client.Key, error) { - switch keyAlgo { - case tpm2.AlgRSA: - return client.EndorsementKeyRSA(rwc) - case tpm2.AlgECC: - return client.EndorsementKeyECC(rwc) - default: - panic("unexpected keyAlgo") - } -} diff --git a/vendor/github.com/google/go-tpm-tools/cmd/flush.go b/vendor/github.com/google/go-tpm-tools/cmd/flush.go deleted file mode 100644 index d7fafc54c..000000000 --- a/vendor/github.com/google/go-tpm-tools/cmd/flush.go +++ /dev/null @@ -1,87 +0,0 @@ -package cmd - -import ( - "fmt" - - "github.com/google/go-tpm-tools/client" - "github.com/google/go-tpm/tpm2" - "github.com/spf13/cobra" -) - -var handleNames = map[string][]tpm2.HandleType{ - "all": {tpm2.HandleTypeLoadedSession, tpm2.HandleTypeSavedSession, tpm2.HandleTypeTransient}, - "loaded": {tpm2.HandleTypeLoadedSession}, - "saved": {tpm2.HandleTypeSavedSession}, - "transient": {tpm2.HandleTypeTransient}, - "persistent": {tpm2.HandleTypePersistent}, -} - -var flushCmd = &cobra.Command{ - Use: "flush ", - Short: "Close active handles on the TPM", - Long: `Close some or all currently active handles on the TPM - -Most TPM operations require an active handle, representing some object within -the TPM. However, most TPMs also limit the number of simultaneous active handles -(usually a max of 3). This command allows for "leaked" handles (handles that -have not been properly closed) to be flushed, freeing up memory for new handles -to be used with future TPM operations. - -The TPM can also take an active handle and "persist" it to NVRAM. This frees up -memory for more transient handles. It can also allow for caching the creation of -slow keys (such as the RSA-based EK or SRK). These handles can be evicted from -NVRAM using the "persistent" argument, but are not flushed with "all", as this -can result in data loss (if the persisted key cannot be regenerated). - -Which handles are flushed depends on the argument passed: - loaded - only flush the loaded session handles - saved - only flush the saved session handles - transient - only flush the transient handles - all - flush all loaded, saved, and transient handles - persistent - only evict the persistent handles`, - ValidArgs: func() []string { - // The keys from the handleNames map are our valid arguments - keys := make([]string, len(handleNames)) - for k := range handleNames { - keys = append(keys, k) - } - return keys - }(), - Args: cobra.ExactValidArgs(1), - RunE: func(cmd *cobra.Command, args []string) error { - rwc, err := openTpm() - if err != nil { - return err - } - defer rwc.Close() - - totalHandles := 0 - for _, handleType := range handleNames[args[0]] { - handles, err := client.Handles(rwc, handleType) - if err != nil { - return fmt.Errorf("getting handles: %w", err) - } - for _, handle := range handles { - if handleType == tpm2.HandleTypePersistent { - if err = tpm2.EvictControl(rwc, "", tpm2.HandleOwner, handle, handle); err != nil { - return fmt.Errorf("evicting handle 0x%x: %w", handle, err) - } - fmt.Fprintf(debugOutput(), "Handle 0x%x evicted\n", handle) - } else { - if err = tpm2.FlushContext(rwc, handle); err != nil { - return fmt.Errorf("flushing handle 0x%x: %w", handle, err) - } - fmt.Fprintf(debugOutput(), "Handle 0x%x flushed\n", handle) - } - totalHandles++ - } - } - - fmt.Fprintf(messageOutput(), "%d handles flushed\n", totalHandles) - return nil - }, -} - -func init() { - RootCmd.AddCommand(flushCmd) -} diff --git a/vendor/github.com/google/go-tpm-tools/cmd/flush_test.go b/vendor/github.com/google/go-tpm-tools/cmd/flush_test.go deleted file mode 100644 index 5928b083d..000000000 --- a/vendor/github.com/google/go-tpm-tools/cmd/flush_test.go +++ /dev/null @@ -1,48 +0,0 @@ -package cmd - -import ( - "testing" - - "github.com/google/go-tpm-tools/client" - "github.com/google/go-tpm-tools/internal/test" - "github.com/google/go-tpm/tpm2" -) - -func TestFlushNothing(t *testing.T) { - rwc := test.GetTPM(t) - defer client.CheckedClose(t, rwc) - ExternalTPM = rwc - - RootCmd.SetArgs([]string{"flush", "all", "--quiet"}) - if err := RootCmd.Execute(); err != nil { - t.Error(err) - } -} - -func TestFlush(t *testing.T) { - rwc := test.GetTPM(t) - defer client.CheckedClose(t, rwc) - ExternalTPM = rwc - - RootCmd.SetArgs([]string{"flush", "transient", "--quiet"}) - - // Loads then flushes 1, 2, 3 transient handles. - for numHandles := 1; numHandles <= 3; numHandles++ { - for i := 0; i < numHandles; i++ { - test.LoadRandomExternalKey(t, rwc) - } - - if err := RootCmd.Execute(); err != nil { - t.Error(err) - } - - // Ensure there are no active handles after that. - h, err := client.Handles(rwc, tpm2.HandleTypeTransient) - if err != nil { - t.Fatal(err) - } - if len(h) != 0 { - t.Errorf("TPM should be empty of transient handles; got: %d; want: 0", len(h)) - } - } -} diff --git a/vendor/github.com/google/go-tpm-tools/cmd/gotpm/main.go b/vendor/github.com/google/go-tpm-tools/cmd/gotpm/main.go deleted file mode 100644 index c01681594..000000000 --- a/vendor/github.com/google/go-tpm-tools/cmd/gotpm/main.go +++ /dev/null @@ -1,13 +0,0 @@ -package main - -import ( - "os" - - "github.com/google/go-tpm-tools/cmd" -) - -func main() { - if cmd.RootCmd.Execute() != nil { - os.Exit(1) - } -} diff --git a/vendor/github.com/google/go-tpm-tools/cmd/open.go b/vendor/github.com/google/go-tpm-tools/cmd/open.go deleted file mode 100644 index 423974523..000000000 --- a/vendor/github.com/google/go-tpm-tools/cmd/open.go +++ /dev/null @@ -1,32 +0,0 @@ -package cmd - -import ( - "fmt" - "io" -) - -// ExternalTPM can be set to run tests against an TPM initialized by an -// external package (like the simulator). Setting this value will make all -// gotpm commands run against it, and will prevent the cmd package from -// closing the TPM. Setting this value and closing the TPM must be managed -// by the external package. -var ExternalTPM io.ReadWriter - -type ignoreClose struct { - io.ReadWriter -} - -func (ic ignoreClose) Close() error { - return nil -} - -func openTpm() (io.ReadWriteCloser, error) { - if ExternalTPM != nil { - return ignoreClose{ExternalTPM}, nil - } - rwc, err := openImpl() - if err != nil { - return nil, fmt.Errorf("connecting to TPM: %w", err) - } - return rwc, nil -} diff --git a/vendor/github.com/google/go-tpm-tools/cmd/open_other.go b/vendor/github.com/google/go-tpm-tools/cmd/open_other.go deleted file mode 100644 index d0cf8874b..000000000 --- a/vendor/github.com/google/go-tpm-tools/cmd/open_other.go +++ /dev/null @@ -1,30 +0,0 @@ -//go:build !windows -// +build !windows - -package cmd - -import ( - "io" - "os" - - "github.com/google/go-tpm/tpm2" -) - -var tpmPath string - -func init() { - RootCmd.PersistentFlags().StringVar(&tpmPath, "tpm-path", "", - "path to TPM device (defaults to /dev/tpmrm0 then /dev/tpm0)") -} - -// On Linux, we have to pass in the TPM path though a flag -func openImpl() (io.ReadWriteCloser, error) { - if tpmPath == "" { - tpm, err := tpm2.OpenTPM("/dev/tpmrm0") - if os.IsNotExist(err) { - tpm, err = tpm2.OpenTPM("/dev/tpm0") - } - return tpm, err - } - return tpm2.OpenTPM(tpmPath) -} diff --git a/vendor/github.com/google/go-tpm-tools/cmd/open_windows.go b/vendor/github.com/google/go-tpm-tools/cmd/open_windows.go deleted file mode 100644 index f38c0c43d..000000000 --- a/vendor/github.com/google/go-tpm-tools/cmd/open_windows.go +++ /dev/null @@ -1,12 +0,0 @@ -package cmd - -import ( - "io" - - "github.com/google/go-tpm/tpm2" -) - -// There is no need for flags on Windows, as there is no concept of a TPM path. -func openImpl() (io.ReadWriteCloser, error) { - return tpm2.OpenTPM() -} diff --git a/vendor/github.com/google/go-tpm-tools/cmd/pubkey.go b/vendor/github.com/google/go-tpm-tools/cmd/pubkey.go deleted file mode 100644 index 4a8b35d88..000000000 --- a/vendor/github.com/google/go-tpm-tools/cmd/pubkey.go +++ /dev/null @@ -1,100 +0,0 @@ -package cmd - -import ( - "crypto" - "crypto/x509" - "encoding/pem" - "fmt" - "io" - - "github.com/google/go-tpm-tools/client" - "github.com/google/go-tpm/tpmutil" - - "github.com/google/go-tpm/tpm2" - "github.com/spf13/cobra" -) - -var hierarchyNames = map[string]tpmutil.Handle{ - "endorsement": tpm2.HandleEndorsement, - "owner": tpm2.HandleOwner, - "platform": tpm2.HandlePlatform, - "null": tpm2.HandleNull, -} - -var pubkeyCmd = &cobra.Command{ - Use: "pubkey ", - Short: "Retrieve a public key from the TPM", - Long: `Get the PEM-formatted public component of a TPM's primary key - -A TPM can create a primary asymmetric key in one of 4 hierarchies: - endorsement - used for remote attestation, privacy sensitive - owner - used for local signing/encryption, reset on TPM2_Clear - platform - rarely used - null - all keys are ephemeral, reset on every boot - -Furthermore, this key is based on a template containing parameters like -algorithms and key sizes. By default, this command uses a standard template -defined in the TPM2 spec. If --index is provided, the template is read from -NVDATA instead (and --algo is ignored).`, - ValidArgs: func() []string { - // The keys from the hierarchyNames map are our valid arguments - keys := make([]string, len(hierarchyNames)) - for k := range hierarchyNames { - keys = append(keys, k) - } - return keys - }(), - Args: cobra.ExactValidArgs(1), - RunE: func(cmd *cobra.Command, args []string) error { - rwc, err := openTpm() - if err != nil { - return err - } - defer rwc.Close() - - key, err := getKey(rwc, hierarchyNames[args[0]], keyAlgo) - if err != nil { - return err - } - defer key.Close() - - return writeKey(key.PublicKey()) - }, -} - -func init() { - RootCmd.AddCommand(pubkeyCmd) - addIndexFlag(pubkeyCmd) - addOutputFlag(pubkeyCmd) - addPublicKeyAlgoFlag(pubkeyCmd) -} - -func getKey(rw io.ReadWriter, hierarchy tpmutil.Handle, algo tpm2.Algorithm) (*client.Key, error) { - fmt.Fprintf(debugOutput(), "Using hierarchy 0x%x\n", hierarchy) - if nvIndex != 0 { - fmt.Fprintf(debugOutput(), "Reading from NVDATA index %d\n", nvIndex) - return client.KeyFromNvIndex(rw, hierarchy, nvIndex) - } - - switch hierarchy { - case tpm2.HandleEndorsement: - return getEK(rw) - case tpm2.HandleOwner: - return getSRK(rw) - default: - return nil, fmt.Errorf("there is no default key for the given hierarchy: 0x%x", hierarchy) - } -} - -func writeKey(pubKey crypto.PublicKey) error { - fmt.Fprintf(debugOutput(), "Got key: %+v\n", pubKey) - asn1Bytes, err := x509.MarshalPKIXPublicKey(pubKey) - if err != nil { - return err - } - - return pem.Encode(dataOutput(), &pem.Block{ - Type: "PUBLIC KEY", - Bytes: asn1Bytes, - }) -} diff --git a/vendor/github.com/google/go-tpm-tools/cmd/read.go b/vendor/github.com/google/go-tpm-tools/cmd/read.go deleted file mode 100644 index 924659926..000000000 --- a/vendor/github.com/google/go-tpm-tools/cmd/read.go +++ /dev/null @@ -1,108 +0,0 @@ -package cmd - -import ( - "errors" - "fmt" - - "github.com/google/go-tpm-tools/client" - "github.com/google/go-tpm-tools/internal" - "github.com/google/go-tpm/tpm2" - "github.com/google/go-tpm/tpmutil" - "github.com/spf13/cobra" -) - -var readCmd = &cobra.Command{ - Use: "read ", - Short: "Read from the TPM", - Long: `Read from the TPM`, - Args: cobra.NoArgs, -} - -var pcrHashAlgo = tpm2.AlgUnknown - -var pcrCmd = &cobra.Command{ - Use: "pcr", - Short: "Read PCRs from the TPM", - Long: `Read PCRs from the TPM - -Based on --hash-algo and --pcrs flags, read the contents of the TPM's PCRs. - -If --hash-algo is not provided, all banks of PCRs will be read. -If --pcrs is not provided, all PCRs are read for that hash algorithm.`, - Args: cobra.NoArgs, - RunE: func(cmd *cobra.Command, args []string) error { - rwc, err := openTpm() - if err != nil { - return err - } - defer rwc.Close() - - if pcrHashAlgo != tpm2.AlgUnknown { - sel := tpm2.PCRSelection{Hash: pcrHashAlgo, PCRs: pcrs} - if len(sel.PCRs) == 0 { - sel = client.FullPcrSel(sel.Hash) - } - - fmt.Fprintf(debugOutput(), "Reading %v PCRs (%v)\n", sel.Hash, sel.PCRs) - pcrs, err := client.ReadPCRs(rwc, sel) - if err != nil { - return err - } - return internal.FormatPCRs(dataOutput(), pcrs) - } - if len(pcrs) != 0 { - return errors.New("--hash-algo must be used with --pcrs") - } - - fmt.Fprintln(debugOutput(), "Reading all PCRs") - banks, err := client.ReadAllPCRs(rwc) - if err != nil { - return err - } - - for _, bank := range banks { - if err = internal.FormatPCRs(dataOutput(), bank); err != nil { - return err - } - } - return nil - }, -} - -var nvReadCmd = &cobra.Command{ - Use: "nvdata", - Short: "Read TPM NVData", - Long: `Read NVData at a particular NVIndex - -Based on the --index flag, this reads all of the NVData present at that NVIndex. -The read is authenticated with the owner hierarchy and an empty password.`, - Args: cobra.NoArgs, - RunE: func(cmd *cobra.Command, args []string) error { - rwc, err := openTpm() - if err != nil { - return err - } - defer rwc.Close() - - data, err := tpm2.NVReadEx(rwc, tpmutil.Handle(nvIndex), tpm2.HandleOwner, "", 0) - if err != nil { - return err - } - if _, err := dataOutput().Write(data); err != nil { - return fmt.Errorf("cannot output NVData: %w", err) - } - return nil - }, -} - -func init() { - RootCmd.AddCommand(readCmd) - readCmd.AddCommand(pcrCmd) - readCmd.AddCommand(nvReadCmd) - addOutputFlag(pcrCmd) - addPCRsFlag(pcrCmd) - addHashAlgoFlag(pcrCmd, &pcrHashAlgo) - addIndexFlag(nvReadCmd) - nvReadCmd.MarkPersistentFlagRequired("index") - addOutputFlag(nvReadCmd) -} diff --git a/vendor/github.com/google/go-tpm-tools/cmd/root.go b/vendor/github.com/google/go-tpm-tools/cmd/root.go deleted file mode 100644 index cfdd93cab..000000000 --- a/vendor/github.com/google/go-tpm-tools/cmd/root.go +++ /dev/null @@ -1,62 +0,0 @@ -// Package cmd contains a CLI to interact with TPM. -package cmd - -import ( - "fmt" - "io" - "io/ioutil" - "os" - - "github.com/spf13/cobra" - "google.golang.org/protobuf/encoding/prototext" -) - -// RootCmd is the entrypoint for gotpm. -var RootCmd = &cobra.Command{ - Use: "gotpm", - Long: `Command line tool for the go-tpm TSS - -This tool allows performing TPM2 operations from the command line. -See the per-command documentation for more information.`, - PersistentPreRunE: func(cmd *cobra.Command, args []string) error { - if quiet && verbose { - return fmt.Errorf("cannot specify both --quiet and --verbose") - } - cmd.SilenceUsage = true - return nil - }, -} - -var ( - quiet bool - verbose bool -) - -func init() { - RootCmd.PersistentFlags().BoolVar(&quiet, "quiet", false, - "print nothing if command is successful") - RootCmd.PersistentFlags().BoolVar(&verbose, "verbose", false, - "print additional info to stdout") - hideHelp(RootCmd) -} - -func messageOutput() io.Writer { - if quiet { - return ioutil.Discard - } - return os.Stdout -} - -func debugOutput() io.Writer { - if verbose { - return os.Stdout - } - return ioutil.Discard -} - -// Default Text Marshalling options -var marshalOptions = prototext.MarshalOptions{ - Multiline: true, - EmitASCII: true, -} -var unmarshalOptions = prototext.UnmarshalOptions{} diff --git a/vendor/github.com/google/go-tpm-tools/cmd/seal.go b/vendor/github.com/google/go-tpm-tools/cmd/seal.go deleted file mode 100644 index 24b3cf944..000000000 --- a/vendor/github.com/google/go-tpm-tools/cmd/seal.go +++ /dev/null @@ -1,146 +0,0 @@ -package cmd - -import ( - "fmt" - "io/ioutil" - - "github.com/spf13/cobra" - - "github.com/google/go-tpm-tools/client" - pb "github.com/google/go-tpm-tools/proto/tpm" - "github.com/google/go-tpm/tpm2" -) - -var sealHashAlgo = tpm2.AlgSHA256 - -var sealCmd = &cobra.Command{ - Use: "seal", - Short: "Seal some data to the TPM", - Long: `Encrypt the input data using the TPM - -TPMs support a "sealing" operation that allows some secret data to be encrypted -by a particular TPM. This data can only be decrypted by the same TPM that did -the encryption. - -Optionally (using the --pcrs flag), this decryption can be furthur restricted to -only work if certain Platform Control Registers (PCRs) are in the correct state. -This allows a key (i.e. a disk encryption key) to be bound to specific machine -state (like Secure Boot).`, - Args: cobra.NoArgs, - RunE: func(cmd *cobra.Command, args []string) error { - rwc, err := openTpm() - if err != nil { - return err - } - defer rwc.Close() - - fmt.Fprintln(debugOutput(), "Loading SRK") - srk, err := getSRK(rwc) - if err != nil { - return err - } - defer srk.Close() - - fmt.Fprintln(debugOutput(), "Reading sealed data") - secret, err := ioutil.ReadAll(dataInput()) - if err != nil { - return err - } - - fmt.Fprintf(debugOutput(), "Sealing to PCRs: %v\n", pcrs) - opts := client.SealOpts{Current: tpm2.PCRSelection{ - Hash: sealHashAlgo, - PCRs: pcrs}} - sealed, err := srk.Seal(secret, opts) - if err != nil { - return fmt.Errorf("sealing data: %w", err) - } - - fmt.Fprintln(debugOutput(), "Writing sealed data") - var output []byte - if output, err = marshalOptions.Marshal(sealed); err != nil { - return err - } - if _, err = dataOutput().Write(output); err != nil { - return err - } - fmt.Fprintf(debugOutput(), "Sealed data to PCRs: %v\n", pcrs) - return nil - }, -} - -var unsealCmd = &cobra.Command{ - Use: "unseal", - Short: "Unseal some data previously sealed to the TPM", - Long: `Decrypt the input data using the TPM - -The opposite of "gotpm seal". This takes in some sealed input and decrypts it -using the TPM. This operation will fail if used on a different TPM, or if the -Platform Control Registers (PCRs) are in the incorrect state. - -All the necessary data to decrypt the sealed input is present in the input blob. -We do not need to specify the PCRs used for unsealing. - -We do support an optional "certification" process. A list of PCRs may be -provided with --pcrs, and the unwrapping will fail if the PCR values when -sealing differ from the current PCR values. This allows for verification of the -machine state when sealing took place. -`, - Args: cobra.NoArgs, - RunE: func(cmd *cobra.Command, args []string) error { - rwc, err := openTpm() - if err != nil { - return err - } - defer rwc.Close() - - fmt.Fprintln(debugOutput(), "Reading sealed data") - data, err := ioutil.ReadAll(dataInput()) - if err != nil { - return err - } - var sealed pb.SealedBytes - if err := unmarshalOptions.Unmarshal(data, &sealed); err != nil { - return err - } - - fmt.Fprintln(debugOutput(), "Loading SRK") - keyAlgo = tpm2.Algorithm(sealed.GetSrk()) - srk, err := getSRK(rwc) - if err != nil { - return err - } - defer srk.Close() - - fmt.Fprintln(debugOutput(), "Unsealing data") - - opts := client.UnsealOpts{CertifyCurrent: tpm2.PCRSelection{ - Hash: client.CertifyHashAlgTpm, - PCRs: pcrs}} - secret, err := srk.Unseal(&sealed, opts) - if err != nil { - return fmt.Errorf("unsealing data: %w", err) - } - - fmt.Fprintln(debugOutput(), "Writing secret data") - if _, err := dataOutput().Write(secret); err != nil { - return fmt.Errorf("writing secret data: %w", err) - } - fmt.Fprintln(debugOutput(), "Unsealed data using TPM") - return nil - }, -} - -func init() { - RootCmd.AddCommand(sealCmd) - RootCmd.AddCommand(unsealCmd) - addInputFlag(sealCmd) - addInputFlag(unsealCmd) - addOutputFlag(sealCmd) - addOutputFlag(unsealCmd) - // PCRs and hash algorithm only used for sealing - addPCRsFlag(sealCmd) - addHashAlgoFlag(sealCmd, &sealHashAlgo) - addPCRsFlag(unsealCmd) - addPublicKeyAlgoFlag(sealCmd) -} diff --git a/vendor/github.com/google/go-tpm-tools/cmd/seal_test.go b/vendor/github.com/google/go-tpm-tools/cmd/seal_test.go deleted file mode 100644 index 89b08c9f3..000000000 --- a/vendor/github.com/google/go-tpm-tools/cmd/seal_test.go +++ /dev/null @@ -1,148 +0,0 @@ -package cmd - -import ( - "bytes" - "crypto/sha256" - "io/ioutil" - "os" - "strconv" - "testing" - - "github.com/google/go-tpm-tools/client" - "github.com/google/go-tpm-tools/internal/test" - "github.com/google/go-tpm/tpm2" - "github.com/google/go-tpm/tpmutil" -) - -func makeTempFile(tb testing.TB, content []byte) string { - tb.Helper() - file, err := ioutil.TempFile("", "gotpm_test_*.txt") - if err != nil { - tb.Fatal(err) - } - defer file.Close() - if content != nil { - if _, err := file.Write(content); err != nil { - tb.Fatal(err) - } - } - return file.Name() -} - -func TestSealPlain(t *testing.T) { - rwc := test.GetTPM(t) - defer client.CheckedClose(t, rwc) - ExternalTPM = rwc - - operations := []struct { - name string - algo string - sealPCRs string - certifyPCRs string - }{ - {"RSASeal", "rsa", "", ""}, - {"ECCSeal", "ecc", "", ""}, - {"RSASealWithPCR", "rsa", "7", ""}, - {"ECCSealWithPCR", "ecc", "7", ""}, - {"RSACertifyWithPCR", "rsa", "", "7"}, - {"ECCCertifyWithPCR", "ecc", "", "7"}, - {"RSASealAndCertifyWithPCR", "rsa", "7,8", "1"}, - {"ECCSealAndCertifyWithPCR", "ecc", "7", "7,23"}, - } - for _, op := range operations { - t.Run(op.name, func(t *testing.T) { - secretIn := []byte("Hello") - secretFile1 := makeTempFile(t, secretIn) - defer os.Remove(secretFile1) - sealedFile := makeTempFile(t, nil) - defer os.Remove(sealedFile) - secretFile2 := makeTempFile(t, nil) - defer os.Remove(secretFile2) - - sealArgs := []string{"seal", "--quiet", "--input", secretFile1, "--output", sealedFile} - if op.sealPCRs != "" { - sealArgs = append(sealArgs, "--pcrs", op.sealPCRs) - } - if op.algo != "" { - sealArgs = append(sealArgs, "--algo", op.algo) - } - RootCmd.SetArgs(sealArgs) - if err := RootCmd.Execute(); err != nil { - t.Error(err) - } - pcrs = []int{} // "flush" pcrs value in last Execute() cmd - - unsealArgs := []string{"unseal", "--quiet", "--input", sealedFile, "--output", secretFile2} - if op.certifyPCRs != "" { - unsealArgs = append(unsealArgs, "--pcrs", op.certifyPCRs) - } - RootCmd.SetArgs(unsealArgs) - if err := RootCmd.Execute(); err != nil { - t.Error(err) - } - secretOut, err := ioutil.ReadFile(secretFile2) - if err != nil { - t.Fatal(err) - } - if !bytes.Equal(secretIn, secretOut) { - t.Errorf("Expected %s, got %s", secretIn, secretOut) - } - }) - } -} - -func TestUnsealFail(t *testing.T) { - rwc := test.GetTPM(t) - defer client.CheckedClose(t, rwc) - ExternalTPM = rwc - extension := bytes.Repeat([]byte{0xAA}, sha256.Size) - - sealPCR := test.DebugPCR - certPCR := test.ApplicationPCR - operations := []struct { - name string - sealPCRs string - certifyPCRs string - pcrToExtend []int - }{ - // TODO(joerichey): Add test that TPM2_Reset make unsealing fail - {"ExtendPCRAndUnseal", strconv.Itoa(sealPCR), "", []int{sealPCR}}, - {"ExtendPCRAndCertify", strconv.Itoa(sealPCR), strconv.Itoa(certPCR), []int{certPCR}}, - {"ExtendPCRAndCertify2", "", strconv.Itoa(certPCR), []int{certPCR}}, - } - for _, op := range operations { - t.Run(op.name, func(t *testing.T) { - secretIn := []byte("Hello") - secretFile := makeTempFile(t, secretIn) - defer os.Remove(secretFile) - sealedFile := makeTempFile(t, nil) - defer os.Remove(sealedFile) - - sealArgs := []string{"seal", "--quiet", "--input", secretFile, "--output", sealedFile} - if op.sealPCRs != "" { - sealArgs = append(sealArgs, "--pcrs", op.sealPCRs) - } - RootCmd.SetArgs(sealArgs) - if err := RootCmd.Execute(); err != nil { - t.Error(err) - } - pcrs = []int{} // "flush" pcrs value in last Execute() cmd - - for _, pcr := range op.pcrToExtend { - pcrHandle := tpmutil.Handle(pcr) - if err := tpm2.PCRExtend(rwc, pcrHandle, tpm2.AlgSHA256, extension, ""); err != nil { - t.Fatal(err) - } - } - - unsealArgs := []string{"unseal", "--quiet", "--input", sealedFile, "--output", secretFile} - if op.certifyPCRs != "" { - unsealArgs = append(unsealArgs, "--pcrs", op.certifyPCRs) - } - RootCmd.SetArgs(unsealArgs) - if RootCmd.Execute() == nil { - t.Error("Unsealing should have failed") - } - }) - } -} diff --git a/vendor/github.com/google/go-tpm-tools/files/PKGBUILD b/vendor/github.com/google/go-tpm-tools/files/PKGBUILD deleted file mode 100644 index 56ac2fd58..000000000 --- a/vendor/github.com/google/go-tpm-tools/files/PKGBUILD +++ /dev/null @@ -1,35 +0,0 @@ -# Maintainer: Joe Richey -pkgname=gotpm -pkgver=0.1.2 -pkgrel=1 -pkgdesc='TPM2 command-line utility' -arch=('x86_64') -_reponame=go-tpm-tools -url="https://github.com/google/${_reponame}" -license=('APACHE') -depends=('glibc') # go-pie requires CGO, so we have to link against libc -makedepends=('go-pie') -source=("git+${url}.git#tag=v${pkgver}?signed") -validpgpkeys=('19CE40CEB581BCD81E1FB2371DD6D05AA306C53F') -sha256sums=('SKIP') - -build() { - cd ${_reponame} - go build \ - -trimpath \ - -ldflags "-extldflags $LDFLAGS" \ - ./cmd/${pkgname} -} - -package() { - cd ${_reponame} - - install -Dm755 $pkgname "${pkgdir}/usr/bin/${pkgname}" - install -Dm755 files/boot-unseal.sh "${pkgdir}/etc/${pkgname}/boot-unseal.sh" - - initcpio_name='encrypt-gotpm' - install -Dm644 files/initcpio.hooks "${pkgdir}/usr/lib/initcpio/hooks/${initcpio_name}" - install -Dm644 files/initcpio.install "${pkgdir}/usr/lib/initcpio/install/${initcpio_name}" - - install -Dm644 LICENSE "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE" -} diff --git a/vendor/github.com/google/go-tpm-tools/files/boot-unseal.sh b/vendor/github.com/google/go-tpm-tools/files/boot-unseal.sh deleted file mode 100755 index c40c2d0e1..000000000 --- a/vendor/github.com/google/go-tpm-tools/files/boot-unseal.sh +++ /dev/null @@ -1,39 +0,0 @@ -#!/usr/bin/ash - -key_found=0 -# Loop through all devices to find the ESP -for device in $(blkid -o device); do - part_type=$(blkid -p $device -s PART_ENTRY_TYPE -o value) - if [ "$part_type" != "c12a7328-f81f-11d2-ba4b-00a0c93ec93b" ]; then - continue - fi - - # Temporarily mount the ESP to read disk unlock keys - mkdir -p /mnt/esp - mount -t vfat -o ro $device /mnt/esp - - # Attempt to unseal each sealed keyfile on the ESP. Note that just becasue - # the key is unsealed by the TPM, does not mean it will unlock the disk. We - # write the unsealed key to the in-memory rootfs, it is not written to disk. - for f in /mnt/esp/*/disk_unlock_keys/*.sealed; do - if [ -f "$f" ]; then - if gotpm unseal --input "$f" --output "/crypto_keyfile.bin" ; then - echo "Unsealed ${f#/mnt/esp}" - key_found=1 - break - else - echo "Failed to unseal ${f#/mnt/esp}" - fi - fi - done - umount $device - - if [ $key_found -ne 0 ]; then - exit 0 - fi -done - -echo "Unable to unseal any TPM disk unlock key" -exit 1 - -# vim: set ft=sh ts=4 sw=4 et: diff --git a/vendor/github.com/google/go-tpm-tools/files/initcpio.hooks b/vendor/github.com/google/go-tpm-tools/files/initcpio.hooks deleted file mode 100644 index 274837958..000000000 --- a/vendor/github.com/google/go-tpm-tools/files/initcpio.hooks +++ /dev/null @@ -1,7 +0,0 @@ -#!/usr/bin/ash - -run_hook() { - /etc/gotpm/boot-unseal.sh -} - -# vim: set ft=sh ts=4 sw=4 et: diff --git a/vendor/github.com/google/go-tpm-tools/files/initcpio.install b/vendor/github.com/google/go-tpm-tools/files/initcpio.install deleted file mode 100644 index 0dc6da863..000000000 --- a/vendor/github.com/google/go-tpm-tools/files/initcpio.install +++ /dev/null @@ -1,23 +0,0 @@ -#!/bin/bash - -build() { - # Allows us to mount the ESP - add_module vfat - # Allows us to use the TPM (through either hardware interface). - add_module tpm_crb - add_module tpm_tis - - add_binary gotpm - add_file /etc/gotpm/boot-unseal.sh - - add_runscript -} - -help() { - cat < max { - max = idx - } - } - return max -} - -// FormatPCRs writes a multiline representation of the PCR values to w. -func FormatPCRs(w io.Writer, p *pb.PCRs) error { - if _, err := fmt.Fprintf(w, "%v:\n", p.Hash); err != nil { - return err - } - for idx := minPCRIndex; idx <= maxPCRIndex(p); idx++ { - if val, ok := p.GetPcrs()[idx]; ok { - if _, err := fmt.Fprintf(w, " %2d: 0x%X\n", idx, val); err != nil { - return err - } - } - } - return nil -} - -// CheckSubset verifies if the pcrs PCRs are a valid "subset" of the provided -// "superset" of PCRs. The PCR values must match (if present), and all PCRs must -// be present in the superset. This function will return an error containing the -// first missing or mismatched PCR number. -func CheckSubset(subset, superset *pb.PCRs) error { - if subset.GetHash() != superset.GetHash() { - return fmt.Errorf("PCR hash algo not matching: %v, %v", subset.GetHash(), superset.GetHash()) - } - for pcrNum, pcrVal := range subset.GetPcrs() { - if expectedVal, ok := superset.GetPcrs()[pcrNum]; ok { - if !bytes.Equal(expectedVal, pcrVal) { - return fmt.Errorf("PCR %d mismatch: expected %v, got %v", pcrNum, expectedVal, pcrVal) - } - } else { - return fmt.Errorf("PCR %d mismatch: value missing from the superset PCRs", pcrNum) - } - } - return nil -} - -// PCRSelection returns the corresponding tpm2.PCRSelection for the PCR data. -func PCRSelection(p *pb.PCRs) tpm2.PCRSelection { - sel := tpm2.PCRSelection{Hash: tpm2.Algorithm(p.GetHash())} - - for pcrNum := range p.GetPcrs() { - sel.PCRs = append(sel.PCRs, int(pcrNum)) - } - return sel -} - -// SamePCRSelection checks if the Pcrs has the same PCRSelection as the -// provided given tpm2.PCRSelection (including the hash algorithm). -func SamePCRSelection(p *pb.PCRs, sel tpm2.PCRSelection) bool { - if tpm2.Algorithm(p.GetHash()) != sel.Hash { - return false - } - if len(p.GetPcrs()) != len(sel.PCRs) { - return false - } - for _, pcr := range sel.PCRs { - if _, ok := p.Pcrs[uint32(pcr)]; !ok { - return false - } - } - return true -} - -// PCRSessionAuth calculates the authorization value for the given PCRs. -func PCRSessionAuth(p *pb.PCRs, hashAlg crypto.Hash) []byte { - // Start with all zeros, we only use a single policy command on our session. - oldDigest := make([]byte, hashAlg.Size()) - ccPolicyPCR, _ := tpmutil.Pack(tpm2.CmdPolicyPCR) - - // Extend the policy digest, see TPM2_PolicyPCR in Part 3 of the spec. - hash := hashAlg.New() - hash.Write(oldDigest) - hash.Write(ccPolicyPCR) - hash.Write(encodePCRSelection(PCRSelection(p))) - hash.Write(PCRDigest(p, hashAlg)) - newDigest := hash.Sum(nil) - return newDigest[:] -} - -// PCRDigest computes the digest of the Pcrs. Note that the digest hash -// algorithm may differ from the PCRs' hash (which denotes the PCR bank). -func PCRDigest(p *pb.PCRs, hashAlg crypto.Hash) []byte { - hash := hashAlg.New() - for i := uint32(0); i < 24; i++ { - if pcrValue, exists := p.GetPcrs()[i]; exists { - hash.Write(pcrValue) - } - } - return hash.Sum(nil) -} - -// Encode a tpm2.PCRSelection as if it were a TPML_PCR_SELECTION -func encodePCRSelection(sel tpm2.PCRSelection) []byte { - // Encode count, pcrSelections.hash and pcrSelections.sizeofSelect fields - buf, _ := tpmutil.Pack(uint32(1), sel.Hash, byte(3)) - // Encode pcrSelect bitmask - pcrBits := make([]byte, 3) - for _, pcr := range sel.PCRs { - byteNum := pcr / 8 - bytePos := 1 << uint(pcr%8) - pcrBits[byteNum] |= byte(bytePos) - } - - return append(buf, pcrBits...) -} diff --git a/vendor/github.com/google/go-tpm-tools/internal/pcrs_test.go b/vendor/github.com/google/go-tpm-tools/internal/pcrs_test.go deleted file mode 100644 index bfbe8ac06..000000000 --- a/vendor/github.com/google/go-tpm-tools/internal/pcrs_test.go +++ /dev/null @@ -1,33 +0,0 @@ -package internal - -import ( - "testing" - - pb "github.com/google/go-tpm-tools/proto/tpm" - "github.com/google/go-tpm/tpm2" -) - -func TestHasSamePCRSelection(t *testing.T) { - var subtests = []struct { - pcrs *pb.PCRs - pcrSel tpm2.PCRSelection - expectedRes bool - }{ - {&pb.PCRs{}, tpm2.PCRSelection{}, true}, - {&pb.PCRs{Hash: pb.HashAlgo(tpm2.AlgSHA256), Pcrs: map[uint32][]byte{1: {}}}, - tpm2.PCRSelection{Hash: tpm2.AlgSHA256, PCRs: []int{1}}, true}, - {&pb.PCRs{Hash: pb.HashAlgo(tpm2.AlgSHA256), Pcrs: map[uint32][]byte{}}, - tpm2.PCRSelection{Hash: tpm2.AlgSHA256, PCRs: []int{}}, true}, - {&pb.PCRs{Hash: pb.HashAlgo(tpm2.AlgSHA256), Pcrs: map[uint32][]byte{1: {}}}, - tpm2.PCRSelection{Hash: tpm2.AlgSHA256, PCRs: []int{4}}, false}, - {&pb.PCRs{Hash: pb.HashAlgo(tpm2.AlgSHA256), Pcrs: map[uint32][]byte{1: {}, 4: {}}}, - tpm2.PCRSelection{Hash: tpm2.AlgSHA256, PCRs: []int{4}}, false}, - {&pb.PCRs{Hash: pb.HashAlgo(tpm2.AlgSHA256), Pcrs: map[uint32][]byte{1: {}, 2: {}}}, - tpm2.PCRSelection{Hash: tpm2.AlgSHA1, PCRs: []int{1, 2}}, false}, - } - for _, subtest := range subtests { - if SamePCRSelection(subtest.pcrs, subtest.pcrSel) != subtest.expectedRes { - t.Errorf("HasSamePCRSelection result is not expected") - } - } -} diff --git a/vendor/github.com/google/go-tpm-tools/internal/public.go b/vendor/github.com/google/go-tpm-tools/internal/public.go deleted file mode 100644 index 729981d15..000000000 --- a/vendor/github.com/google/go-tpm-tools/internal/public.go +++ /dev/null @@ -1,35 +0,0 @@ -package internal - -import ( - "fmt" - - "github.com/google/go-tpm/tpm2" -) - -// GetSigningHashAlg returns the hash algorithm used for a signing key. Returns -// an error if an algorithm isn't supported, or the key is not a signing key. -func GetSigningHashAlg(pubArea tpm2.Public) (tpm2.Algorithm, error) { - if pubArea.Attributes&tpm2.FlagSign == 0 { - return tpm2.AlgNull, fmt.Errorf("non-signing key used with signing operation") - } - - var sigScheme *tpm2.SigScheme - switch pubArea.Type { - case tpm2.AlgRSA: - sigScheme = pubArea.RSAParameters.Sign - case tpm2.AlgECC: - sigScheme = pubArea.ECCParameters.Sign - default: - return tpm2.AlgNull, fmt.Errorf("unsupported key type: %v", pubArea.Type) - } - - if sigScheme == nil { - return tpm2.AlgNull, fmt.Errorf("unsupported null signing scheme") - } - switch sigScheme.Alg { - case tpm2.AlgRSAPSS, tpm2.AlgRSASSA, tpm2.AlgECDSA: - return sigScheme.Hash, nil - default: - return tpm2.AlgNull, fmt.Errorf("unsupported signing algorithm: %v", sigScheme.Alg) - } -} diff --git a/vendor/github.com/google/go-tpm-tools/internal/quote.go b/vendor/github.com/google/go-tpm-tools/internal/quote.go deleted file mode 100644 index 3b1b4f07c..000000000 --- a/vendor/github.com/google/go-tpm-tools/internal/quote.go +++ /dev/null @@ -1,110 +0,0 @@ -package internal - -import ( - "bytes" - "crypto" - "crypto/ecdsa" - "crypto/rsa" - "crypto/subtle" - "fmt" - - pb "github.com/google/go-tpm-tools/proto/tpm" - "github.com/google/go-tpm/tpm2" -) - -// VerifyQuote performs the following checks to validate a Quote: -// - the provided signature is generated by the trusted AK public key -// - the signature signs the provided quote data -// - the quote data starts with TPM_GENERATED_VALUE -// - the quote data is a valid TPMS_QUOTE_INFO -// - the quote data was taken over the provided PCRs -// - the provided PCR values match the quote data internal digest -// - the provided extraData matches that in the quote data -// Note that the caller must have already established trust in the provided -// public key before validating the Quote. -// -// VerifyQuote supports ECDSA and RSASSA signature verification. -func VerifyQuote(q *pb.Quote, trustedPub crypto.PublicKey, extraData []byte) error { - sig, err := tpm2.DecodeSignature(bytes.NewBuffer(q.GetRawSig())) - if err != nil { - return fmt.Errorf("signature decoding failed: %v", err) - } - - var hash crypto.Hash - switch pub := trustedPub.(type) { - case *ecdsa.PublicKey: - hash, err = sig.ECC.HashAlg.Hash() - if err != nil { - return err - } - if err = verifyECDSAQuoteSignature(pub, hash, q.GetQuote(), sig); err != nil { - return err - } - case *rsa.PublicKey: - hash, err = sig.RSA.HashAlg.Hash() - if err != nil { - return err - } - if err = verifyRSASSAQuoteSignature(pub, hash, q.GetQuote(), sig); err != nil { - return err - } - default: - return fmt.Errorf("only RSA and ECC public keys are currently supported, received type: %T", pub) - - } - - // Decode and check for magic TPMS_GENERATED_VALUE. - attestationData, err := tpm2.DecodeAttestationData(q.GetQuote()) - if err != nil { - return fmt.Errorf("decoding attestation data failed: %v", err) - } - if attestationData.Type != tpm2.TagAttestQuote { - return fmt.Errorf("expected quote tag, got: %v", attestationData.Type) - } - attestedQuoteInfo := attestationData.AttestedQuoteInfo - if attestedQuoteInfo == nil { - return fmt.Errorf("attestation data does not contain quote info") - } - if subtle.ConstantTimeCompare(attestationData.ExtraData, extraData) == 0 { - return fmt.Errorf("quote extraData %v did not match expected extraData %v", - attestationData.ExtraData, extraData) - } - return validatePCRDigest(attestedQuoteInfo, q.GetPcrs(), hash) -} - -func verifyECDSAQuoteSignature(ecdsaPub *ecdsa.PublicKey, hash crypto.Hash, quoted []byte, sig *tpm2.Signature) error { - if sig.Alg != tpm2.AlgECDSA { - return fmt.Errorf("signature scheme 0x%x is not supported, only ECDSA is supported", sig.Alg) - } - - hashConstructor := hash.New() - hashConstructor.Write(quoted) - if !ecdsa.Verify(ecdsaPub, hashConstructor.Sum(nil), sig.ECC.R, sig.ECC.S) { - return fmt.Errorf("ECC signature verification failed") - } - return nil -} - -func verifyRSASSAQuoteSignature(rsaPub *rsa.PublicKey, hash crypto.Hash, quoted []byte, sig *tpm2.Signature) error { - if sig.Alg != tpm2.AlgRSASSA { - return fmt.Errorf("signature scheme 0x%x is not supported, only RSASSA (PKCS#1 v1.5) is supported", sig.Alg) - } - - hashConstructor := hash.New() - hashConstructor.Write(quoted) - if err := rsa.VerifyPKCS1v15(rsaPub, hash, hashConstructor.Sum(nil), sig.RSA.Signature); err != nil { - return fmt.Errorf("RSASSA signature verification failed: %v", err) - } - return nil -} - -func validatePCRDigest(quoteInfo *tpm2.QuoteInfo, pcrs *pb.PCRs, hash crypto.Hash) error { - if !SamePCRSelection(pcrs, quoteInfo.PCRSelection) { - return fmt.Errorf("given PCRs and Quote do not have the same PCR selection") - } - pcrDigest := PCRDigest(pcrs, hash) - if subtle.ConstantTimeCompare(quoteInfo.PCRDigest, pcrDigest) == 0 { - return fmt.Errorf("given PCRs digest not matching") - } - return nil -} diff --git a/vendor/github.com/google/go-tpm-tools/internal/test/attestations/gce-cos-85-no-nonce.pb b/vendor/github.com/google/go-tpm-tools/internal/test/attestations/gce-cos-85-no-nonce.pb deleted file mode 100644 index fb69dfc6aa03b20c38491a118722ee26ef2c52db..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 29596 zcmeHw2|QI>`~Sub>{?}5dM~(9US#-{!Mr?+SnU2M0d+I7dWa8{ioE|fskcJuC4QVnm z@**6><`{?g2d=;?7DTE<%!q{9810fe1DV7b>Gh+|Bg`uvb-afOrv)h3xJxQuvk}_j zR-0L$IpnU=DQ=#A1&@o>=#r3`q(9~0LU(`VJxhFWp-U0tNDL}E;Z1I(%ZD2llin6y z@?(V^DZM_K;@Ww3#QiVNyn3UCQ6#iEwB$+G>32wjGLGi%J>xT7i>0?Y^~A1Nd^8OJ z%+V8+R|Y8J0u>3W}zY^`-5>R8&cmyNk$j7kJYRENbbb6OL^H)KTBiAUOtZL%-( zP@U8}{6fK*ZjqG2d(%`+D~uW70-)mrpLGw6i^K;{=ETKhPIL!UsRSTL`lPWT9jmSB zL=@YlHv7U*4}9A45x{p5(*nErw~G@(w7Iznz&DEd?l;(21b&v~9%I$YP&S{;te(_jtN!Li|S{08-jr4KH)*0*6P_2`LYp^XE^p;M_aBuK0Ysi*QC?rS-1q zxn}a9>m|2?RMg6*v^w_eo!}viccrfcIAdC3r^|WbIJ+;jY((Gn^=KZ8&nna^quBd8 zq+s&7(v{Dy6-7j&df6ohRwYeq^7MJ+(k*j_oz(Mt66v1FX1CmIRumNgRX3tx4mP!QL;;sq?cIt@mP;ZMzStJ$RKpgWTbQqsxPqIN>mZ`w5Q)U?J7XpIw4LL;S*4F87(@8O7z#Ru7iN*H z10i);D_+{AH^w*K$T{?6f$uQ=Py*T?N$mXS0)!#xFjy;?HRuD)bIEzjS;L z8_0*4jzKy5Jw(B!zCMv+?7#956N54<(@bVGJ1^ zgHJ#_w74U6Z11aMkuKewwVbf&!(eI*Ka_yxhp7Q{46UN=wYwWVGpe;z8R<53^){w6 z-qEE}{HZpd{{1!&-EQ-cSgG!crMNXqD;Rm^%e~~ml&2@`dJ7@t!q3)Sg_+6z(dI*Z z9zQziazk&znyno8Xfi%y6?`^Y?n05+l99qevsiT-y|zs%6UXS?bDsp!Oo-gKPD>v~ z7x>#QCClxu>#XV%R)3!qCzTd0ODZqQ$Iv%9*K2pa!r<+>wpT-a=@%gb_u@M|X`Ub5 zdx~NCbx)J2mEiu~+m|;z;98AMlE*~h)#0hC^x=G>4HusW4Gn&XtBBIi(X=KcKjC6T zs~c}kImnDlq+6Un978+(x!fe*q%y;Asn)?uTS^y@YJ9mzx`3@X!s5m7a=TLz3`P|I zKW4|FCCSM8Xz=m|Fk~yJ<=o79F{8k0PIRfgn|(O{Nm^2@(uD)TnYPn{C!rQ~Pik4y zNWoUk1GX#pH;wuaUXY584*rKG{!IW#MMMWz&`9`f)V@%wSsN zbnprGgf%jMajshnQ@vL-((46>`(5Lk?HOwIgwrqUlA}Q?+Fz2M{+Fl-=-?h#sjXZ; zeyUH^({_7)8gg+^_onO-d5zxUs|RzvOdd*u9Es`Rj0q2P4eZn@S@q86mL~TJGWx$t z5@EiyUm-t3Q;EM{AEW~4;M5Xr4EBkqZkN7@dnu7~ApUv5Y~EZd>HIWb$9T!K%sr3_ z`b*`-@JrG&{t^|04*oEu`JzDiHQC+X3H2-~Pf7c6M@i?*uhjIveL(y65hN9qi{zKS zHYpuk3^V*uknrG%ee|s!kj)#VbH=gn)fyMeJVQ5@I7YNifobjfCAlbnsU&EAiHh)- zq^JI+v?%D{=;~7&yc^<=$>$w7-{~w8BQ+jasEW{z_4(?`0ksc(!92o#A+1!(KZS`; zzK@BpZA^6AORYTwF$&nVeC|Bm(KUa8usVhJk=;I;h|6KcrLJ@Tz(nhg;&8G)bxGK< z7?MFmr`V0I=73QoU;p9cCT?dD`0h^Yn+xj-R{Q6i{rA0$pvexTXHF{YI$xyXtUhzET_b=6_C9rTA!g&wUUTx3HIM!1L(I}Ut`q5(HE3bQ!n@X1^)~VB>@oL3ui`-O z%%&*5IqAR;Chr&udFxc84+gu1A{4WnIZzUZyD`hcDVF5jt{hR}6g{E2?s40j_BuQdLN$F75q3(@)bM*0EC1T&NuA2sAwHHkHi0{lwiWMp)R z565IHrhJS1l5bjAcAX7SwTs2TQxAwoFvfa4y_%m#OY))5l?OA=kD2wqb0NHQ8hi^% zhxh|@{v-f=i}Fvs#q_7%qWM#A(b6Hlf%>0%!F&&%f0l$>avQYOaET(e^~6|CuWuFQy*Xpb{3E6=pmn=JMozeu0U3-Y4> zQ>8)lr@j}24iPGAd&N8TO2##P=xMetN>absIg0mJy|izhRbEL9pDE}%6y1^3bm^KC zFw_&Am6GybW!cK!2ju@*HF;9-pD2UxZb3^(z@py4{| za1DQq2M!^&O-Tq4;@^SbZEOGzz<@9Ch#&OWj!^Q7AG@>!IGNQdOH%F9I!FVfr-1_f zpB7m~%hy**CeI}d>kUdACw*xsXLV%5GAQrbk3~(p793f1mns_fwe6=j@R=3V_ z&dm-PB`GFkZa8XBd>zBnxc8+A41J{$C`{}Pax|W?7N7=bfMOg1u;BO$4)6m|fE(!7 z-155v0ifRpz+$GSgaSvpc<8muVdiF~ za=px$`qc+M)E;Rzcd(6`r}^0#X>P#)TIXl`r5X0-m4u~<_uOmdJJBvU9>Xuz$dc>6 z+MIPpXZaBNh5Y2M>`(o4hQ!p6{cyabY8r5TPY-QRU!0DIlP5Sl^tB@eysj|3}o zcbaMW-Tt-&wy`xSDBv(~%WUkO@$TA36FCN)xMXe)wkj|8(P4ia|GDsIrys(AV3_yG z{Ws080y)ULtQ+QjDSd=~zAS2Wg#wMP^n$aEyr*(YP_sRyH1+r1n$A}*yF>mcF5#DQ z)B)r0&JfTA3N2dCO`k41aI*FSqqX2$pPe`%kY?~>_+U(8iB@KsRfSd~TPz|1!h(n( zA}AmtBp@WDvF9XQq5ZtJfU-S+9WgVuMNpEE3q)&2zo#T1fD!|U@KhueK~6$s1|gv* zG&4ccBWUp+GI|O%lpEH`)5imgLheE^-~&nNDfK-4Ja8zi2mBBg6M$qu(BZ===%HGk zp3ZI<_`!o}!bncUZhR<|ewUi(7BR*LZs3K(x?_Vej&K7LBnN^WPe4S^Xr`g512=R- z;Xp?2a9vCg+#iWRa4=DdA`sFDNu-Rpw79q>6Qvm5EB?j%Unz400oU(~mVg)_iXfl{ z5D^3vgb@S;z&RbtAR(=l_W`lT`f{GX(u`DMZFsN!#{O(Z;!}=KOr&zW&lL=hxG@t} zwCQy;itVZ*m*Gvt4X(`eOblUFP{I73lDVAn&Fpb<@A$L_KRIq*sAaoaX11BF$Ypci~|Z1cXEc070=U0*jyqzx{4{0)kBlF@gxZA@<<|s32Src$fHE<;9Mfg#+0k zqv$jf-CIj#9!BR@N*CVa*9qxx0;Es%VC4t zHJb|@4`MP9ug9n!2Ub$>zL9mM3vyt{@W`W-XB2w%CYbHv-0eZ@M>$U3n|*K-Fw_> zMI&#L3@0zNh-R(?`kz!WW}Pf}xAu%BESlHkA(ss(I1#IiC`SSM3pmmrJiz=1nRY-x^vMN~e^+DJFaU&;$12me!AlP6l45 zMvaC(cTb&y&?3dqJ#BOR?l+2xpI;@QTa)GvN-W2@Hq^RuoVHJE`5NZDnvGjR43m$4 zR!mdna_`;TZ9=&S1!DEw1KeX>)1F|WsZPzAdCd{#CaWZ`L|%CtSY>A9Xb1ytp!TYs zixl$Lb-~i1-uI~}$0 z7nsup`@KH`-A=6J_koTJ1UiasprZvYngwC`o>%T;GQ3*6cwemI_sww&>C*rGNXLbM zZzCPc7SiDXP9qTQg7R?2d>`#35MQAk=tYG8m&*M!#A|Tm3Y0Z>8djKS2e>WEPpaQ^ zwf-b95R{%(Tke7(=$%@7U`;C6Qluh}88#Y;E)Bc1!Iy0ci22IaB%RISvw3Y}q!591 z#uau4Cp}}g?>^2`mhf;$rLbMeS`j12wA)g_d2r>rIqMRrNEhe)AHraPrFPZMWt962{zhm-R zp4p*O7eC=bQ}gmSP>a;+)5?an2F8BSms3)0EjGb5WQ8w~zL)Eqrk6BaiB~W_&Q~hx z6OaT+d!Mlo@ur9zh&`Eltv8}SyGy37q>V>2{%S)W=9dt!f7-%UtBsIrwgS#V%;roS zF|Dg)&S`9yO|m599eeD+SBUph;_o0{lD=!)0z|rc^V9hV$q)4+?qm{&&Rn%x&8Tw+ zl;tI3H0+PXHSy7FHC9?g>x9Q>yZMzCFVqQb-bIvtveOK@f><-0g9knQ0O^z{Dp7JP zh2$&^&khbZh?WeE$JW>(@;!a^TO-jiilX}98_#ERv-Q#S$R{ly7E?xiVUFsvMcL5rR?$@s#*4B8X8sE`t z^3qedGH~Y80nh@7c6yKJ+-G*8|s z*v|e~f(EjpX%KBRU|;Co!zFWJa`Z{&*NAudhJNiDD}x4yQi=NVCn~gTX#Y(p06nD7 z-tPyFbIZ9|(Rq(prMhUmD3Fr%8o{mus;;e$FhKSWT@F})WkDRWq) z27aFgNULz%ZCdLvneHlns_KFI()=N(rb-luSKT!%!?Fq)8pTbc{Z!5v&mF~1;S1t9 z0uFyr>~`Yzd>`*95fOwdUlcpd0k%dC?nm~|9QK8asuDQ-0q)}e{cy*O*tHFJ)LU?; zuKELzllU6sBtVe+uafp>(AM9R`g)qG_By@ktOkSgDK1-yx81F;pM_~f3sRC~HF!&C zVTN_yWhJH$$apQSpGehFdbB=&@q{`&{+2?7shDGHPt>SfSE~H#?IRgY`Bhv~tJ6@< z@P;?9pP)vv*WYXE-n?NtULsQ7_J)h|vHpJQJicON-VhT6f+VVq;g)3^^{k24B|^AL z!Q1gfJ44+oN0y)BMofi@bbkrjboFbz505-KV0F!Y#W|E&i|nS|=m)(>iV%w~T@p(^ zp0A+or^Mfbwtxo#7V#h64Vx8xwvdUF?iG|#2zI|>_vvzcPur(%k``H^vf^VNcaub! zUsb8*?Niz~+brd8{QhM}pu+{oqCAB);ZVsQq1s4oV}WG1=87tfJB(LPSF0 zNa6GL6Enk;7kNWuZys8z?YV-uwa~F~;p`!|(LKle-UT2=(l$=l*D7|G_BW@qOB$1l ztxkPFB$fz1Lx%o?CS>B(j~! zG!K_9`Cwm|b8$jRKK;Ra&h;DStJetyD|X+$dqz#KFm}H2^8MDQpXsVv3ACRRnsg7T z7fHT0)^qRS5WTX}^fj~%ImLO`K=bXct4a}2=v{3e9uHuK0x~U|25JDQb|H0LW^s0u z7ID%^wfQB-1EOOCe7rBF2w^~~flpqZR}bP8b@)Cx!*TS(nc|PE1C!!bGa2yS9Cu3| z5}&v=rP&+z>COf+)1JP53LJ0v7TR`{Id}Y61nBV47WfBn%lZO*$G#74E}$}JxD9UP zKt+B{b#5}e{99BD{g;E<7aJBz4^?yV@pQ-fx#LY#CIsU)l2LtwWT0(|ltzkz<|q<0 zN0A_qiQ>HyU%ZI_xPU*yu1em}~9MAZ~L(@h2_{nB|A_=Ye#9Ns&bW(Q& z=tkY-c9qLHBLzfcYG%wn(fbEoJuH}Y(CY9fuEfrHTY>rZYGLEXp#Z-k5$)E`Cml z?Kk|eo^?zd=R{#}HNciKejB^OUm(JtZH-famgg=A!-KIi&W>W5G1c!xY2sI>Pg_dA zRYZhe*)})BFCfCp!@f&X7#>v;9{wNy>Jh(dF)+N)^gG7&cW{%>bxdks*ggq1%}>sR zFkq6NzQv{R*nbl+?LlyE0~7NPEy}MU3U5&U4x;b|<$sZ^KSQfFDpa%4 z$783%C8ZnhdSM>$h*{i@pWb+#Sz=AP;Pw)PmmqD9{i)?l=qcvalBQYy)KVMl_{9Wr zSuM9+RCjKkQGQ0-ao;XsF$ml6oNpt*&ii)$(=r=J4boY{x00U02KO|kW)=oxW7k#E zpElmSLd*P-o%Zn?CKA}?MY%USnC0TBPxG<-h4b_w>aI_gjN^XAX^K+njuyVzK&OCNYthHq9MUCM?v|A7f-gA9adK1HShIP5y^6}9xXtjt4 zfBieOf>c;KR-TCH$!u78#(=Z2>XuWz_L903txWX8|M^hM{ToRt}-&6rW;QB|C z`YCW(-VQiZxf>8~Uy%2&KS>mrNzT52e1BMftis>t99=O7LXlK@lSSsPpsgryb9!%l z8>w*aL@O$i>i&n4x>OP2HOL8-fTO(db)Q7IPE$%m(`D|#n%uf-kv;1*=RAA3H=gY6 z<+o4!7PyGM0M|=U|N7%J0MQU=EjI1|*H~utz>WLfi{Ap*5A+q-_lEyrKN$XpeKq{Q zqfo)Vt5CtdRjA;2g$f}qDut9lNQy~WGE<9+f&pSk#Fu~{b*}$D5q}0!wO4jg^Lq+X zSo6PhW0(c*?M4{ZmH4f*o`q-+v@k}IjoC5Zr;sR1ald*bxlkX&Je*~8%)TQoU&;>H z@4YezQPudE1I^=fS&=w>cloIHoA|2EFt>#}^?@1vaKX#B4+d2_lkKs;fBi+;l~0#7 zbEcmQP@hyt(J&aO^bof=nnpLqbRZS2RQ*=|{4ueX^YK!?DLz`u`|cPUk%vE>-!rvJ zZ0^{Rtbi-rP3-sv%3zWd94DOGp@tT!T?u|7=B}(5Fy9lDFTmc)IIQn|(o2viex2H6 zpBaKIQm)@&)BcrDE9KE_a!8I^;+s)XH7!f3L%2L(5!z!4hh$x5Fp$;R1}Q^?{_h~l zqyZU2vMe}KRuNVa+LiMR5I^F%)pdcx_uw!=7{hl7ehLBMHPW2#3oKXUI$Hg{m zPgvJ&LP6F1ixILNIvY>ihhmS^2;_w@t-hiYYG#>kq-|V_;`7{df(-pQ!9$Rz&hzuBXNmbpPGK_W4M|Hzh173Q-@jA5!Svt_{g~PG#QXQunLHlT$m+BG)6dmq zT8>xeD@RM17Be90&01pE+Xpc@9c8OtkeWwP+O(ZvK$4+>W3}8JmhQzS5rF68yQ@vn zOJ|?#x^DdZzO27jhZK}4Y)dt0F`T~+0(!9ImNRrY+2C6wdUm^7nF}N05J=FxA(!pwcRH@=x1KHJ9 z>-(BzwjZ18F5+_gPi5nnRkKZALLC(@D_kD;y;;4m*r@eAV5rx}UV3~=zTF~U=|NBj z;qC-xtA($C;kyJs1%~6q4ELU1FPTF6lQ`(qoC0PB24A~r`>3eepAR|sMvU1!;EbWH zzc=E!lVYtFf%q9^7hfIokME8UB%ec*6^oP+6b&B8UW(Ef(Z`AO&WvdC_db5YxcVqz zu$(c*SLM9C&GDYSHRJk5uSnQG7C>GFX|UBxJK(BxYqH&t>{BuAiIewI54~RV$Zpgb z-`})*k0FiMo{*OwfY7E`Cn$j^t$iXnY+mUQ% zg@*yS-op`G@qypf1kOZ**WcvjDp`GfW_7G!w*>!qoi466;uEtV6hLOSa3H7)?J1d~ z+Dn=bq!gMG->B8RC+xOLZkHe_0LsfVCisT>qm2 zc!57KXQT{3SM&8_uhzs3D&`cYFJX2SLP!{ZJr(;k8T^SfB0b{jmYukfp_`Cz@+omM z=%`a4Ct|}k--z6>xA}b6sgqDZ@MVd`GxFPwfidfc`DIRiW`_<8-E84=?V9yJ^};$) z2L=?Gh~2Jgo5)6ppGpX&jg^xZyt^6_)2>?lAbR!v$EnUjp5VL@Yz!HNyY6)6{q?#O zP|6?W(;ke&yRY+!+>(?R%%=vp)=39|10LWCCwK6B*@0_y@N1qN0UPMdF`cYmK$gy{ zwD6fUKzOAdK7YS-2nr}T`&?bqzwehmEU^Ee-3H@Iqt9)_&?!%Ws;SQ0Lt+guAfRBh z1}Uh|VP38mZMo-p&Fe(x;5`Haqv5#}Sy^F$L&M6e;;x@58qQ1Kg{z%O^u}-X0@u;F zVLhDT_@yo?US4ikGzy3H^ng2oqm6J?Pfy&|;uueS<=CpV|G5^7FQfkqcl_Mge~$Zh zp8r#M$LIS$mv`d-D0i^+{s;4p?=vTW9Zaxh9$ky_iM8&fFYr}oVby$?p#d)Xd;dYP zuJN?<=Vz5i5(&l=Y1||fn5OK66-nojR;-<2dNAM&rHM9knt4M{C_jhC@H>pn$B302 zi~{-QaE^>wO@KN%u`;Wi#R3PKae|N5d`UwC{Mg@4py2C2-r?tc@eV(M@<)pv^7s5N ze(dvKwG8pcv(-P->;Inr{e{JRKb_M3{bIhK5`SkNBkBM6{4XB5K>+=t(uA$VIvUgF zZ@h0HddhZp5*JcN83F~yBgd0+b3LU$SR8=_bZg02S2MR;8|L}CC)5fhdrUxJfSR~z zs4%Z7X?rP3IuOdDQz~%$)x7d_u;KXi*A=}IWA^!12F_PCXbKmVye+NPdhZCb+*-A( zVr+_6rL93J)M)dP@vwzgtMP7gQ)%mwYugKqfAP;2qzJq?q9>9qeV?m0(pz!|_QF6q z{GZkfxmFl>$Gb}koz#(0K3YjZ3fK{?WPJ ziwR%~s>-IIBKg;xjezWDQG+s-YkM#Dh@L1WKO0MBLM*ABp0?Q-WkRu{04~hla+~*l z&u5bWzmU-w&TpJV6 zul|Mqb~)@YFa`|3pXp!b|84&Dg(kzjkg6TcPk<>hr88Kdf1Bf`!OmCT_WzcD)g6)k z)cxE1zvTbCG8?LX_8gRZ?+G!r5uhKkmG0)f?Q+;*@>~A@8vk$eKSRUgS7oD_Tk(S5 z(3F{dN?CcESe-`@bN|M(Lx{;E^(qY&24t5%DYx@?rz z&1PE?e7EorskUQSKoKk+YAK_tyv1*QxOCBZW;Ri;MH*__@BOi%U>`5Oap=L zf#kxAS}XPuEHY}!+ez-+cNqMu_-mtF_UJf*8z}TK7)KCrb6Qc;5hdzw)vGlT{i4@s zzpw|Cb{@V6U<{apCbapEIDh)i?<;VVb8V2eK^G|KQtXlo&Wqx@m8yd{@iLIXGL^I! z=qK7rd-L9QJKVm4eZ!UkF9hPS#TFL-+1h|l59IKrcf0ZWrp+mf&lKgg>yAbP?-h;I zJBOgaSoy>JbsqJMi*YsSBs$%{x(dUTq%dF^;;&4I1q6!w;ox5(-9b4fPex zbe$h1p79n+KX$eI>Z6($Zs$FaPi{tsT_UWOm5pN~8$EKj0OZR2wz3JIwKWPl{Ounu z?90>72OuB>0^m+E(0wVRou2XAG9)B~KoDRLx?N`0;GoDhcK`Nt7?1?S0pTwc+d~^) zmrOL7cBK+siqYbfF)oGnUg+^Psn?*{(lDZQ@-z|MwBugH`BEO?7~|abV4dT~^^dWW z5<5Lm1&2@=?sVob^;IvsP6?(Z8@uRxhbr?&XqN7-Yyd7xCd9};nVvoA(BmBQNDtaQ z^!_e>2i;HIAUK@$kPNu=wPkgO=2Ho67W0rbS;L+anBAq4HlwRh;Dse)YvJg%g%0%y z6Y8nqLyvmG&7N)AMfR=8xepk>RfYjd(|Zq@bYm_izK!NJumMq%jzokyU;M904VTWB#%^~EI}p0lnk!1 zyK1(bd}ZCMrjIR(coA43~pbIwQ!<*~ibp4(;wJ3wOjgq5Rx%Dhi^&*WwfpW|9>K_X*wY zwO1YJ8QC?#3{!^!N@ef$;G(r$TET;v;kUJ;1p3ZAo9yk@v#Kq#s5=OAh5<{%EGj+n zGw21JBN1;Q-QxMImVD>U3r`D|#{3gAVh)#EON29@G`CVg`$6J5ZpVFB990FeZ^UVO z!V!Dw&dWJbi$Hggo}*5@3;S}QKn7~$lIVtzJL&Bk_6)Iaaj(RLcRzpRYg|Wv%eu7p zZUqcz_sY<@YI#TYos;#!qJ#7#O{}|>5pxB&|YtxMpRxvft$Bk z8S4@shX+gcH~De4LRwaH9`hZ?-Iea2=U1<}qyz(Mdd{i!C|c9>SKUtKPzd1x}1sumj;AAl<{=|_=+vr@|cXE$u4hD`^OouXkRc=;rqy${Z4F^ZS zZN3pGcb_XCoNV&5qtSs<1!iwz=a|VTD4?_P@uE!<523UG>NrI~YoBH9jF@TK#;C7N zaNvEJ8;dYtGGU4{}qR%DE-}^3og7ow-M2CL63Exz?}S=m5sKjG=f*hDJB85hyTJc52zX?#9e;XXb`LKiHBQ^DL_Ji+{XvoQGbuze z>GiD6C&7E8iz6;7r-rh&as5#uaEmg=(+{VB_@;~`dYBKUIL#bu5lxU^vuaw>ef`D> z3cQM>cPBdgR7J(ZJ0DWk=`b-7ib=jYwi;70G}*bX_zVU(*d-l&7s9q*YrRGLPJjSm zoQVGNsd~}9aT7^$Y&RmPB$rRC+7n`2B5GwxQ{2?!_x=j>*tOEAAAE)ULZqoGq*p+O+g9_!Kdis2uFK* z_^v|yVGooS)(#h_fP{bHFYM=m zb;4pC?aG>d25Fn7)OwanA5UL9j1v~V?eGPsULOuGbv_jMR29sCX0NH&H@$V5h5I&}x>!fBb~2&fy+G^n2_~ih7%;Km zXnHs7!wS3LgE&PQq*2Ug%Dx$0K?rFLEJ$`5-lx(kP&wf6Gxy$9i^qD#igXh zP!4EOClpc?C5Zva!0rs?hUbHEkdkt8kU_|Zp&gu@BqULiPBLh4)v`ER+(}A8LR=at z<%j^8A;lb|&{9&47;za1F-J)UX(uN%Qj+Trtv7+~4ORz<6>tRZ9F~>;1b&z`*~vRgB-7=zo3d{gn>s zJFWMZU;F>P^~xBvF_@xC$CW?Tq97)ZHm_!JUIte?PTij?jM_DDLfTdQvSQvnZOz78 ziE%wVkLtCb>hLiez<}PMiA0ChLfgkNx0_;X!^TtU%}rWv=Nfelc0W~oQf%vrNxkdM zcH=SHtyCyGC1CSM%AATD4pewiI1Jp(M0I;X*>5HSKWHZJ7uzR-SNwOZguhj~e}PK( z&szaMGAsVj9b__vr}a4ySbTa*DN;I5rad_tS^x!@~zm?mp0`e0qEK<*Z7xW9q1?3;A5PFuFWsv%b7?@c;Wb+Kw{!jqy?xV?icp<1O#y8t}y4tKLov$xa0Y zx}+6(V^@L>h3~QU*W?u$@LJb6DYIg^mqRB;V^@-uEev>e1~X-lXkif6*pOh+T`C{P z!OWuetRj-~Gu5ln@?rff7}Gw#)njpah?XUd%Ak4HuXN47E#Ch{i}zpC8~wT#`L`1J zSCvQrzs~))!D^}H#X5us#>rx&JNUIK*O65;eHIj$q4!-Xc6U-p-grE1m?%Qy=C%=W zGTpD6P~L-MhQ7fZ21FfvMr6cW+xAj*$n2wBJItiIqa-9aGm8Z3XArkiY`lEv#)+dE z1v4bU%G&po4nD;He}(UiI)TIGzn`p4?X^7LK26FU5(n;&I#92En&?0ZILLWqUB0Rx z@{$iu0Yj1^o8zwb%CHHg_dRv)PvS_j4S@lh$%|vjU5SK`)X&2X)5x(23^l~cmAoS? zAUWrg&XDTBtHh0=R}Rbf|H_mke99MqPy7BoCHa?6ZT#_a$*<09l=%B_ zpT7_H`TKC6zk0Y22&mv1$gk%BWlo4pg%>h1UJNl2GqiD=g0H?k0R<959647BcOTMP zD+wQ?_q<~8z>vq6xLGUU3UAHiX zK{g-qYpOh%K0Z*melGlNwDwcjaxgond2J7(<0mCS%?l&@_gusO&RoO4RrBHk2k`z@ zz5c4|#RdLvwBPR~QC<`9}|mW3GKX0P0>N5CzwxCn_b9uGCc>IVpSX z4R;aR_|{{C3d`4{_iV4S!GJxw&^Po!e)hED+5tGF#{wo14V^EE93JxYyjwL@KE|e7 z`F`ZXKAWM@<~Nuc|A2|zAXkk*aKdhD&zK3u#~+Kv_`-EO{K4r#{Eo7(#nLj&CQ*Q%n?k)9Sdo;Ek#)?FN>&`j=d^?0TjXn zcWmZfGM__KCb+}PmB|}g++t&S^U^63mX$kaGqJXg_su$(4q*28hplo$as1yG%NT?6 z1E=8};Q?5j3*5vH4a({(+C+hfAeIK#U%|IGrPC8wGp7MJ6nboD9(oaIFxb3R3HZbI z^!mSWw9c2~tSRUzemkKWNrk{~Ck79wCRTIv^m9ZWMjXQXiC_jeFLyhPtDQg64vmko za{-Sx7XoJoJup5(2q95~C_)Gc-bGE3;<5-)S%kC@LP{2afa}U4_rpbHwN>@KRK!dT zRUGtW5whSZ7T|VvQ6xfI3@IvxL?R^chg%>dzyMKkFhCLv0JnJlY_rM#^?$p!y@@=6 zU;!+t*{v_PeR?z@Sa$fckaiA~pzrl=I9x+vRLoC>sn5u3+)YV)3jDBSf+PgQ#H0iS zkOK&9gyxPPK^QITg2Q?F%8H11xnhN#!2`@iwm&-71BY?O&#Z`isSfx6A9su+793== z6BS1L;1Ifa#+(p!gepS0K(RpnFC^xMpu#6cjXx0^LPSU!hM>Xw_d>`Kq$I@7;lyMF z2rhgGIfMj?f3-11*=f3 zqpY};xF-0MLQ;cGY%81)2JtsF)ccK)Xp2x3fv=ljg$*X5080--@GyvwfDz(`I0B>e z^A$qlS0$j_kU}UzVm3=HYb=Z%UwUpBVYH{aY=9ri4I|`?_7cK@b1vYmCD8^q(@RxJ=%Qq;nwM@;@d_eQa^Uq8hGw5vD zA?^KMg(L*Wi_rPU$qOB5_*z~bFx@PRcewQms~P&BbbcjIqyM9MVf@$(iSwFNn9-yG zq%BWU)>4Md$Eib*R1!;dI+--=_QNK}{m(uHerFD3jJZhubsRPMI9S-u7_}y s02c4vxG1WU*N0}w;=U;qFB diff --git a/vendor/github.com/google/go-tpm-tools/internal/test/attestations/gce-cos-85-nonce9009.pb b/vendor/github.com/google/go-tpm-tools/internal/test/attestations/gce-cos-85-nonce9009.pb deleted file mode 100644 index c8b4be221cbfdbbd19e8898d663fee8e7b3cd781..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 29602 zcmeHw2|Sct`~Pi>bp{zkh)J@B8T-Dk$-ZSb#$XuxSSx$kWvP(J7E&ZdSzBn4B~ejI zk;R0dcyubH-|DWG;=Hov1S+DDy`<(B&uCt-dh5%#$44?q~0RY$n zFat1Z@C5)pJ1TvsPvWC_HMsXsAI`OG#2>e}(6j#R#84%SP8q*WG+;xBXjyPvm8GVp zDI!Ac4{%9-ymoXFnV6u}E+se2l3!4Uv7;-!mkZ6gHfj7@zf`Be+T}7(LJ}iw|#GxOR-3 z7J#JDkm_yxwdZBfrd_W@qsV5`9TI{+nLTU!H=tHt~e8tkn@KFjYMWY;;aYCPtT z&7XgC<|IP#uG}lHB*b9|=`)Z4gyi@3+@F~wG_@p(b}JC+rjKT0Kh<^LQ4tV4W;vTu zy`uFbf@_4ZwJ}LI5`n$jY9{A##WlvWi$}%V6CFPBCaZ~W#Y=S#x5)MKo>Ae*M=t9z z2kY3zz2d45PxPJAkjRNtRvI|GTt0ZwkG49?-EjqT5bYP#Td+*0+*)E5cwWjgAbKC) z^cnYKD`w>yS>a732VZWjh<-H8bEPPDF#42B$e}I)9hQlN>vYVC0^yZv*&Xv5B3ce@ zX~$<4M0O3x8hLD?wU0nj3JYrJw!jubqkZBI>>g%1ua{D8-eFK;&Bdp^(`_UZ*z<`i z)NU6X=Au{ebaC+5yTqzB{pN;v_V-X~D1wce7Qy`5B8L5bcwP3quWsqpq171$=gw>} z1cqQHRqeM13}HergO&XU1BS5tFoY7pTvM(5tL-Ak;8G`xc`0(SQbB}EWavS>!{lcuyAKbwKhCqIp8{&r? zZ2e&f6v2#fZ|{yT$0Z=&-xEti^xbOwbU7EK10a~MiMQ5nZ}d4{t)tF@Sk*UJ9X@4{VQyP~7(#(yR?S(Ytu0~Y z9_wVReXr0SIm5q`RHNiStR03Q=0=TR_76^i6}P1i?wULh?z7d z{f}NRLjE|myXVtn+?3)2?_J4p7nL!ae@9_3KXyaRM7h*}CXtqc zcS@oA0-n#0*JD53qo&ss?%P%5gCm3r^$B;mAAf9Re-ikZp03Ea_GZ=tVS~H&XAGq8 zO9duz-}R^RJ+pgO+Pyc-W*A}qaWS}6YC>iAn<9$?idzFYa^)sH&j^e4ItYJ&B)$^f z`;;449M(O0uvb9S6W|wmj_>35F!(%Hv5V2fxLU1#kjX8-Ut^#`KX(^FtUjJaA-H`A z!lIy6z@9+`_G@175BY7s{?-k~qCp^Ea3(KN2TAhWoF3`AsCBGfxWC6Uso9CS)w z1$`PU7>fmg`~wtx;{nFn@=FxS5J>M!47Q%1R_fCYbP2DHLeKT;Uzhh#)aoj}v^US! z?2#;(7dZl{q?P>HqLX}rTT_L_xn(M4o-=TGMS{3Q!jwxx#R!B|Yc#24!?@dY4| z3{p3kol-Jym%dJXBbB=+=~cma{zN*})F^-3P|2v=J&+>emnhQz5=CkRGCvo`Smp6R zqhj>-)tn=1%U%4OaYkI9>K|py3Ql?x*g%TRzeI8CFU5lVQmw*&iF+sl`6#XVoKX2? z`R#tm_1n^(Q}qz{Q%zW1tm%38kn!DPXgbI}1p>*E{7~P>QIn3{;7nfWk#1p@pvhD* zw)4A{P94`)5$G`lW6}K*MTTFBMT~+1O298xFzhj&|V-e1{z;r^Xld z>1)Ex>rl#6+lF+6I+pD*Fv}4Al;neL<$9)j&1#C{O13|uaHF^VXj?F$V7_p$$~`vQ z6W_?zYA7lG!Qw3p8?slhdDj6YBAYKG8?ENaNrehxzB^P9+lgFUXuV zsHfPTX_CyJ?SL%NT4 z@Go2z6!W0LLdbJjqHn|NKAf+#*e_7rUevfFca3huEY;3x<|uU(Qr?}%ggt|n8jg?z z*xs_+<(IXm<$f~lV6b~o_ zQ;{Q3CJ8&MKU(yp6a=?>oITA`Kh!;hxtY^l+Qyb}ucf5Qz}PhJ_-6z5)$?@@5y!6X zYy(r#BT(NW?$6v{sx5yi6$Jv76ts3!o^e#YgJ-)jRb}UY{^E+e} z?8gwEY^avQ-X~h-U+QW$S?@Y{jwz21OvUi0YJ(bq`glOTVkDp_@W^#*oA#5z>W&FG zWcnV-XqE)u=a)|9Gg5x+_TGQkU#a6 z;eV=JTmMuY(jZW~8ZEL8XckP$uAcYVE7sOkq=;-vs5~Qg$}}wnRwgMXaHB!_nEZth z=YWr}7h{?Sz;eO<6o+(wDiz{Sm5b?5rDFb5saXE`RP05KWF$l){{busg8pW{I4n|6 z6R8!1^CqGsHex~m2q_Jeq-O(201kWsI?~j~Mu3WM(%|{`fU8BVsxL3LZ9)^yq_Va|zyU9^3(=y~>M8d!Bp1pOZ+7U- zR1uWT$tRG7Ru&=Vj6@hg(^c zDs-{o>K7jRGk9m%-@!L(9~Iza*>V#OFuJ|mEz7(sza%n4vh!Xu|Djglp?Cp_#%+0C z3(eUl^yVzFuN8;4=B)G}j42qPyOAVLHMEe1KHj=M0Yp7-S08Ya=xaj-Izhk4jXHd= zdVkhHRZY)e@<@AHo0�|3PXP(7B?2Q6Ropt0{5fNrQ#3^T8a+_<%nmK=w7eNkk3q9a8LU z9U123cYAIma||xYzyRm_H!TJ~m~O9q{36$gn|Nd=7e|$^*OUGrqQL2>mq#DLfiSpV z-0tgEmw;UKUG`P0z_e~iV8Awwx6ZF?@64yF=e(eQWEZl| zBmn4vVI*S==mUk;*G`WfE!z`UdzQsc_?`b|mC z6-`c7Kn@{;K(;t>L*^MjFHK_{_TUFBOdU{klr%zzbq_Dnk&(eD08~^u8it~wB)5Q4 zGC?fN&`c;sl7pIwRs%!8yZZQh<1y&1C}xr;6%(C-PoOsugZD;S;&H)fW)y>yNv6(Yb;RC;J?~2RX*;rS1h{!7;=ysLw}y(J}t}n8~f`%SX3U=xZ&JY`B>mOwd3m;Y2EiJQy<7H#X4K) z-J6ZHZz50h$lwGGYkR~#LrqBA9=CjNTutQ~j$?)|3D%+I^rFOC-OGtMr@u_`! z%(mUV5APx)Uywn_$pErqPZS=-0Dk-JOk`whPzn?|XrTm29`sNiD6(C0sq$Rg*z}&9 z@F&M!QxH(iJ1Mus4(Iet=`-^_4l+gwlcMf~@}hVme;)bkmJWUnGC)DuwdiIu#T5m7 zSgUq(fy-Xpan##E`llh4w0tx2o`_Iq=HuS^bc!q@lQUr)k0x&S+C9#FCjEqn|G<7y z7cX;74!X!Jc-q}3mGzVE@Uv_8A{1CWCc;#pEAz^l`)cS}`Yt1#-c^=WmrSSWzV+%P z)QZPkr|ds6-6Ebf9}*O&X39QX@L}oYw#dWuk1~|Cu9r|$Rpz_GJd|MQ6VRg}5uXEh zrqz+nc5za<;&lo6E0zyA`&+JkvWyG4 z!hm@a@yaWG1j>k(z;@o45b(NMRQ&1^8DdFxXJ|?}(X*k}lk2EcM$6YQ=i6-B5^j9t z;AiCwbsn#-we4nfvoIjRz$@4*!879-?l67kgoW<}B=3mYk@=X5??S39Ok9lNz*WpH z_0usTLHh1^guctfe*8>N%r-&8d}Z@WO%dj7JO1jBR@aYPG|wIP;C^WpeLmznFt<5S zn|^^geQ@0SBhYPzN`D{dctD_|-2gg9;G9J$p8r*)Agl4E;@Jlh6~FI}>qvL(-;Z=W zDC7pxZCgh=62NJNVBIm^Zn*EGofPUTv;&=}sQ*&Fe};GsE<7RfR<8X@FIs_}Hsx`e z*FEi4gzkqP%dRbV$B}i7EIqWN5^gC{Q^fU~3>+?vJip4HV-83J$k(Kv%;mR#Yj2_y zjdvp!c7&zABP%{i4U+*gMOB0?PD>+&cU-R2xOjEMAlwtE9tfvBy5=4*PlYU3Ya3arCqe zU(UC%%sjV3j7ZNvwThW#&>U4Yb}%vxguNM&xzS=DRzqF*8Xa(<&UN&?mM6tL&fo1~ zMSU`wEOpn*ZRC7uVtW$e(l2*K_vEz8)s@`f)lRz9kdON%#OoQgcF?&2;Tf+$ZlmCE zqlg~WSFz$YbArQ@}n4kR}5GwC!|S|8Sniq|CsmKIOfiLBj4m998yhh9W28BZWXAAN-0k}4`u zA(TRM-}jIA_BV)^^bIA{I34kO(Hwju!uwz@?$EJUmXt4zpBcAL-o7@tU&vEY>bah` zksghsUct!DGtcB`$JNc-##y8#c zjzN>JfzrkM*Dvj}dThE1eRptqKZ3H0)llv=jvC0 ztizqA`VT-(>T8gb0zvM-irb$-TTf^D+fn-3D@^9&TFh>lJPuOtIJLTAYIp6oohtl;_9xqRwJEVzBx~UXxF5z;mGxmu>d%EJnZI9zkr>b~H z7Di#*Q4KS1pJ4`amKU}4uU|DEDiJHcF~h_C)UZ$A;~6jW>>+cZWyZa2wnzFHiY6=^NJg?HhQu$M&+*yjujD4)t}%Cm#)BXv3}B z^(k%mdB1|TpGN*3v;{v5wodx^q2HqDv$b5JY?rW{Qkd68$CV37oi|oGC|l%3%8Czo z-%S-~o2*jL7gSk2*(?)ey7;Co#Q7|AR*}{Y(pR!Wq&7y^ROkqyxuQzz4$GxX>#@h0 zWce#0wEpi_*qEQa&hMk1d1Rxp<09(jbld9Lla_=hI}Ub#2u2NLtRAheRqiP5X+Fj& zZAv4tFtRdfbEv=g5Q1}Nn(}#9dg8NmvX8Wd3C>Rg1UacV3)#=_|4_5*3Vh|2Z98)c z$B8VfDA|&aPKCMWUZ^M@d$`EGeAQ~<3PiYK`|Z0YGz(;mLxQ%DKY&~I7vMYaeQGn`o<@oWVoIHkceCfK~r*Pvyr}87B0_ z7}&BMr) z#SId#Q!HgpC3KflsJ8glXF|n`tJQ_~!+C0Fo6KO-eTR%nwxnm&O z7Erl0*=js0IyQe8>1Qua`8t5?_-wK5p^<}_!#MMkXEk>|v0A>v7jl>c8Mp-uH0{ zoKYk9+r*`**UveZAKEs2i%U@n|0ZDCf#Ti(Cbl1HlwU&>Num55M3EHA{~}(0hE_M| zG0i5Q4jhe=mTkQ2i+ji`VSPJkboFgki5=B6;SC5cp}JhV)5}@0BWw#LP2&RTrS|xt zbICOFI)ttCcdnmMeaYDNz%h9?6yNZQe>K?A@Aj$ZW%e#wRO66$(mr8E_q0aFrh5|- zmer0uZ@hkyk?j*FdO8A9Yg&8c9n-%YiBu5XmM+=N%%I(fBp_c=q$2hb5SB2k( zhWqh!uvAvfZt?LHxbBR2{(64rJEIRLET81q$30E6URab%N#SG6@Pd|!inRB{o7gkO zUZS{R76UV^Jjpqs?Wj7Q?Ksev;94{4uGKt^#h@iBXDO{veb5`oC33KX;uGH%am*0y}%p~jHjOKR7b99us zHCFHAbtJRDnf`cURaB=_vEh??&9;HhRVRimUVIp2u0f3(AhQcbCM(Pw8t7!kROvEr z1yHUk#9cmbJ@VSl3Le2tJ~cS`fSOOpMN#yMe+p8sDJ{C`!p`2Byt-oY}^E{!K~{0S0DJzehXYbkXPW}oBoIYVEP~a z)%5?SKn4GZdPtyAUp#&^xc>WC{255qUfjwc z;3G_HC-8>AJPzF3jxw$*30!7B3Dv#d!V*h8=*aefR;nz`>ypQjLPH!|f40d1r?$jX zGLFD*zxiIMy4I&$SU$J=ywuUVbNh8?lB#Y+5~lCehaB%g3SYRrH?-1?dWX}4E3Y#y zu3XU09epLl5T}%;WpuyNThe-e24awPPdZkm`kmsL0}?G~l4JtX{B`C8@0gmen>oi9~voA0k$?I)^lrhTi zcMxUPfR3k}6CNn5h^&Zc&wU9@#N*(Zl*&gZ)IV zyF=uT$oAV1Vf9nzqUGE4R-bwGC3w^b<%hE_Od>>@w~aP3HZH~T`|LPGjeVMIrpjcC z5zSbe6nj=$>$|s6%ys`(XO&uZI)77*GV15FSwtC4DUagkd~z(D_iLh-xK&tS9Cd_2 zpXug2B8{zy-ff-Y@{=)aPDY$$XRfK6nQwo69ruC4Fs0+tVvzN>5U}kF1gw4^0>(iI zxW5Sj<=g%8<<4QrzlDGw$pioL4z?+~z<(^e{2UGbo4EZMFy!vIe-BM*ZFYX=&K!x? z_0=s$V$_c7y*iVAl7gQy6L*}+n5yK7h~`y>2X~5BSs%_Y4O)!8SX^Yt;`JUySD)+| zeWfYaaR~DKVrF!`MN2$qYcDRht!%*;TJtzom+@94kZNq?Qmt@jTgPmZ7{L4K z!=2vsrI|cOt$)YCJQgO*Pz_*XZ4@ zt8Y`(EPd_nZok@=Zjae%{u-JW-n_lUBUR-QGyQ}?fQV+e1X2g9nQn$nYhyRvuTpWj zf%?)ly9e534xgIq&Jpu^GINM*>N#d_U@l4*lr9VfT(6#eQH=6lbtl#HN*D4q3cGJ&!Cy>AJ+{%Yz@XTtZ+NU&K2 zpD>mW@4OK^k<(b}VzDx^qTW3@?_;$F42fc0V*}a(T~D8} zEIdx`EoX@jP&=b&f3R~`&5)tVBqisk0_bF@7Dv6TGqFm)CWnCL9EopD8NQcp`F6=W zr%`WcchmMA#ypbQ;(O+*r`ivDzTvX59?2|Me40Yu(>c+8Ha?!jCW$)oa;_>#2WOQ za!Oqf-S67Xjaqd$WkO@z)qJKsGY$p_zbUbPNprg~Bz}3HfLz>XPT2jv>n;4A?c+h2 zukBLw;6Ra?#OnQL?l3XDj4m7o48;tk=H>awezf+026yPl*;TW(+8O5ucqP}09Pxeu zg##Lr<`JTN=2Wev7}*fmHoa1zgOgLLqhZEFSKd~1New!kx_JLgRfD!@QOUc~YMn(F zkmUNVT{Tm4k|=Ela-qSPe}n{EB(a)g*49+kUwJm1z|a@>ctM)bYYzjl9N7mvT`_*r zo3IxN#v}ddyjHjd2W^r$uXKwcCe~jkHB<>dpmT8azFXgcXjLQDBOTX#`?=0W0zI+o z@iy~bcYqHwz#J5n%|Su(uNiwG`Oo4;Wonmqo$C}oR7`U+f!>TlTK8DST4Ssk?Yt7W zF?-#t-TOVAH8RphMpM8L6j#-LAMj7VLq@JBhATYNNmPt@U#Pe;HPW3rb7-egRiQT5 zW2M9!tU!3WlMyORz;DMeEifcxjUwy;< zTlv*DS^87m0x4i>rdI=mj9X!wz9@SQ=+8g#kt*%I+SXv8`*B! zn?!yq|6im3ZU55>^DdM9tOv^`i+{8r72N|EZ+!Q)dtZNlBe4A&Y%=o~Y^6Y2QQiD% zjTo5=CK(+Z4kclC3oWU1T_S^v;7KqWId#>I%s1@~7XYe?I3QqM(GLQjE}P!}wEZo8 zgHtCO$n^IdDLkh$?-adFPD6Dg%T0Tez`u&VF2;R_o(p(@!VrgZ0RcDn8fG-QM3Ydx zP!ruFewpzLc|c|JjlH)MRM?aHAIaJ$ z7d&w=HdMCIcYB<2!cXMbflD2i9@o4kobg6KyM8$GJfvD)K9Pg^iO1ankSg1|$|h3L zmS_mMfa%iGTkE7 zy2U>>fOYgO-X)!&`>E*#r?VbW1LwcitnO@CDPhcJ>$9V7*l`HAy;R!%$pQ>`ZNqY{ z@X6)rHqB@=hLL{D$DL6YFV`Gny5|+V?wh_-g##+1yDZH*aOYCq9p*E#ZJ)loPvq7i zC3NYP@ecX=oaES;7ch#OdmN(lgvme9O%Tcyz?%7yX2tlWeUdaQ@QBpkn$+K#)ZaU4 z!DBJ&$D;nPYf|gDcAhj9PY3>y#x*E#o;`Niq1b+2c)6 zZ&(J9Pq$T}=7HbZ$NiCwPl@q39%t8MEFd*E|3GI)te1;C(go*=2_z8Jl*ECr*(vVL zqAm>U7P;Hyq<+71VCxGuxF!rxDO)r^ir4b!g!N`c-PVm2>OS#uxU0j!wzkZ=ZZF&o z4!rN*rq-!AhMgw5kn%`Kxksy?Zof0 zqpl?J4LeQGxDqn&yqOTU4)GG}-0#XaEtm@fj$;PSi?51!QQf}k#GLSsI4L2z{ng_D z(>kV`cBNf+E8sw@?{U3LHh1JdxZ3SaO%f_C;eV=Dp-XfA@<)s4mxoVR)sY=>5Q}Ui~ay?nU7Wkfsy);+8<&oJ$x<*1`QZS~_znQN1f96ecoj3JwcuRZZuABt# zZeoF?>h$#y6}b6S;V{5wVCdZS7)tJom1zqX}Y%x>8NW87m75ze{%EmB)@Eu*x#X}yI4u|s`J}5lhvNz;O#b^ZUSM_F# zL`xw>2t*_bY5xsFd4it&Nb2FwE+%_QmDv0!+~S90VSwK1r*rnHybxI-%t6|MYuz@r zV-n^Wt4{*#!$Ka&U7dvks~=_C8JEy*O&2EY1TH$K#u{$_TyXZy>DB1Avj*&fLU+#6 z_r7uW^0`LFN9)YRn8fxKLjgGAW>fz|OE=OiDJwHo#s;%Y9Pdk#W^N?#48VZCvdlTZ zx~pUTG4rnl(R(X(un!UrmvLc8DZg=vb(i3$FC7Kax zUJr}hUdo`3P+iHs^(<`H;o|6Xs_7BzH+cTY5qLxy=MzX&LVZ(5Qk`sj(_F_6w1_7w zF4;D{*MB?X3Iir%n7qhOK37xo_B#bFyXE}iMFj51rNM>xioW4n%gQg|fU{%j-Vfm% zyLFaZbngTUK@!Cb=Q8WXcO||^Rp8)_zaomFwi>3kdYWfiD5U7+;Vec$hl~M^KUh zeMmX_yCAVX-T^)YoDz{3YKB4v;IM(DZm5Lu^~Lym`S>G)@c!VkmZLY0DC&*z#XAy1 zl+eg8^hE=`@veBBizC*}-zU)5(H)QT$M|F2LzP@HgaF(>q7iUz7;LEHmsFdvLCQpb z9|8gA|0Oy$z)RExAAoTt;9Ni=1RsoxFWy@e7lI`Oy5N*NasJ*of{2%oOCWe8eZvY6 zA;kiVz8=+)=#O`E1COO|1d0aW-5hb?Ee8Hr9GD*xFNc;A1%q&4GX>pPf1dzHoGTu= zVMrCHWDL%JSyQgXar7DaW%UM%zXnynPww<>*G$q=?bdNv`?uFP5 zywCiJ-t7lz7m{Ad)XQE_mZeLkD^{ z3Mq+_k&%*?MQ-qe^u>g(gY7?skw|w;fIHD2hx_NCbv;=C5#vu(+T;R5a8n9!$B0Ww zgZ%jr9o=yuE_gRw08vRsPD)lr9EU@JP%Vc=qg-6ESVnIDJe-=w2TW1B!-r7mch!%xZot^q$FIVon>8Jv1nKH>*csz_ly0*#il6<05NIIkUQ-{ZhGTt>61vF>;S{2ILJZ^}+#se&M9XXGBT; zHD~S7mb7PfMoDu@O-90o*~y-z zk{6Wo@9Anc-b_jCGIz%)~0vaoM|1U+8Le*o{!p7uX&Vw zPZ~JM>9MR>)dPLQkEDg8snE@dm%8LQM2>Yock4;zN_7Z_18YZS2amL;KptzJf$!U* zz#-Jvkf2cV0a8GD+W#1Hy7Nx8#>}`OSL!bAQ|$SbB}wE+0Dv3~_)uK~&(5*vvsWMMfMZYE)DPZ&WiygLK~ zlEYoN7a-d$b(Tt^2AO;=8a*`T4WMY&3BJgey9Y}F-d^T75YKMlZqva_m(aE??d=Tt zEj&u!>t%fP0}xMM^23zttvy*sS?96lGu2})iYljx*HNl@~_$^X69@V~Rx z@Nbp8c)$s~zeTUVDthsN{~_)7XUR0>J@-dnK5uCxDyR7PVR8KBPkTVwYXGX`x&Kh5 zRO-dLDvvn%%QHKRu%vbJYVJ`jv|V9|i6Eo;1(kYJ!4aYzL`og@6lo>u1KyaQ;DfEG_`4=N$wt50Xxl zea)7Rh1Rq7kp8PZ(w{oRMYAJx*-p{HfLfzK^^O7ma`wEuiI`mB6ykyKW`|OYo$8#J zX6fK$0UV$eCA(uk@rLa*sxsLNS*}Xc&_YN^;LATomprF>Ydj0@;PSwtjdc%hcTeQP zP8d<(`)rxwh=JfToC`7-Pjp9`1!6&71H_wXQPC8#;QlM*#-Vg3GCQ^m;Hpxm!`LHV zGA(BNcWS|ZIG$er7p~U%a-B6T6YXy|RHNxpq~pZk1=SQ91fM_`^gfg&$xRM7BKmqc z;yfLL(2iJAh@(4ry}1auI_Qn_7eR@Lqr_1nXwVinM@!11#N|=4A}ASo6bh*?kKTrx+v{UHwtoC-knJF4UiWT^Yz4wx`7v%i*0;#yf+c&Mp{`B`_ddp z9{yf97d$x0<|rnlP8*IdAZ zuMlbnvzNOJsj)r*>)r)O6c-5rfI`v@;6>mAC?-8hNRQK`$2TajzD>=>>b|ze ztIw>fW7r(|KHc5Eg_L9mi?F8-(iA#x;ct1f$9%0U$@%6aUOVDp>C}9_R?jD^!lc15 zO1CAMNRweB=#6}7c^f%uf7do)Drr3Z(IZrmw;wgR?0&iO(DZThwIt=3(%0@t-N*E; z)2C1uOSHucCLc7#OdsMrkY@QrpnK0-npS1psef9tV03dT` z@q+T4!4LsNMDPh2AO^4i$XOmb7@cLdbFP*#h63HxBnQ5dZ88h@%XuJJz&j5t2@L5_ zqFN-qn`8$_7~+m!Vx9#ui#}y_DOr8-RTm$uPjlp`gH5d~QBbC~-9%O^45N(j2VF;X zH-a|AxD|x7hiTikn#Mdum+oQ#eaBO%ZV7DN)^!FwgAe`dahVBI{ImU=nh|^v4U>{7 zU~~cC@#*&n;QJn-fp?JZ%`<*EAp|Vqx>OY^l5%J|DDNP4R*>ET(2-yHW-TigAGHyGX2Ym}iaran}ZH04u;7 z@Bm{ez!m)S0)B2A?R5fiG3#A^H-bv!_gvv4kNx~NumGcI{mxqDT<7#X!7+&M=;aUH zO$h>$iqZMJ&kOBr$t%pk8G~;d))!c~@?$nN0A(Q8u=(L^>LaD7>JpNxtQ#KZWe^aP zbP!8%EZCrSo6CP<`6YG^G!zLN8j7%;gM^5Hh=>6^@{i}vH4H6);-F%%L@Gq?;UFMj zp#abeT;xzvR3u$wBy2n-R~v|ygO$CFAB0&$`7#tjhQlQY72@WBa`ABS@f(rjadUwg zf;`Y48UMC+C<6Uo8$&<=kU|mg0FWt6#83nTpia|FI*KIXi4NQ5r|Hse4-=*rFSZ!@ za)M5$pZUchj7=ws1}&U!m`xYKOG3}d~^fd z-C}wPLQ?*)#&gVwSe23a0b?)Up?_;I_eLQ;v|+Ymw4$AD%AiH_p>j3O(=2=pIj%rP zq9iYDA8EsEG-}Q@?^-si=NGF2=+n$Tl3HIxL_z=%^0lFwP-<}esd14>k%?>D4pcUF zM^%{}Ke{#4jC{L=g%5$!!ip~-LeaLDp z52Zg}XDdPMPC!Lw*zq83U)n=@F2z!%i8p18Ru?Unv7U2!pz#bGMwRYsYNVB09121$ z9FlCzh6iby_p3SYemN}?^;gULpu{Rmz2!-B;i(EnvV}~m9kUMo!mWXBoS2{WRBJ2N zkbzg|>harsl;Ur1*;bHDE@J^us$lavXT#|x)lh)@=xy6E9ctFL9)S*3N7m>06zz!s zj9>Nie6iI7%V0qnko}FOiv57m|6WsZL8aI|*VLEjxQ+72$<%PO2&LqrfRdeQD*j(J zRaq8JRk^u@epXdj#=o!rzv*hpmAt5{o5Pk5^E92%19uxC@2ZUJOb%Gyo!a=%kc~MZ zvds)u=-jJrATT}2u)MhA5ZHpG;`Opf1J%Ys)kurrE4p+wQmn<~mbG`^*RLp# z$ITVV8hXONLSjlkCfsi@j=>a$5Z<8L$dVXe&hnEsOOpC(w^WUiN}b2OJxP-#%o^}b z#w=xB>ET0}M>O7Ta(>T%uG?J4*B=RSi1a?s3NKmY8E1%8JndGn^wH@HQ1dNXI#QVI z@D*qdT_4Ntu-JNeG-O%qqx|X6#nMk&-F-zAU4~(3pSIv_EADakl}B%VOFtu8wRc#{ zV&@iRD#x-f-}z|mBAgJ~|M>CmboB_0=HTvrI+G(>qdMfW4E;CHZ+JiH>Td!6iLMq5 zTa4G}JPN|r=j7~z?8m1kwGHud#;a)gmCtGk3a-#;+Aaw`{+h;*apd;oNm3M2|7*Hy za+Zl&ORLdHhObdhTU-kV%1=eVH6HU&_%(;^9C%3fx4penR6kr{*)pmn&Ti>@izW~A z2*GvWiBT<1V?Ba)!z6oHfTS2ssegX_3%R46ceZ>&4D_uSR9vqUzPzt-Evcbb7wXmD z&3)%g>m1L^n-GvVvZRKyt-)6;mq>}M(&400pw2hZu(tXH`<2~lp755V=$yQsVTuy{ za(#6Ki6$o7v#`AT$8U10)~qGSNt5*PEGCtQSCgSt&u>(4tY`}63kLOF!JUzk$%VIb z?psnja(;iF<%z^0dU?h0;2}$C@f?~k* z2bBm>SDT9nN&ris6JhFGc-lL-*m=3SaN$F7VVP(|Xj(Sb&aN)jTr^NBSPmu;iK>H@ zhpVTntrtYv)x*uz!@|n}tRVswf|Vl?asRd)qGRviVGYr+@bL13s9Jb9+IYD+Sy+K~ z*45PuN&^~LE+{`YFE^Bzi(ANu42PTlEXfB;LPKu;S9oTDGN18G_j{hf6$K(K3E_r< z%>8dGL;GTNOjDUYV~}ac8g| z36iATezh|l{v@+!#d~11!2YDGEfyI69AdKkBDFX(l{dKw1di9r+W$r8n z#YebsHAv6@C)oeo?_QT1AWZ z{m~o}NX}MQ(=$h418VGvMpN6tMqwdqtGKjrG0J2G-ak`fn)m%}_=rUiCZlDkyV5 zUp5(p?lkYz*88I6vz}y4@al!Hgm#rnGPvDyTsld_8%?L3TS%p?V!@7AK4rd)@4q)1 z@NnRI9m*TORlLOHd#xu^u0c+C{_k33Kk#a%3*pU~>Wz`3q;I1YNE z9eJ@Js=M&mAn2Wg9Z6D9$YwCn98PS^m8kILncha}xia?fl-t)>jRIs2wTeUDuv5L5 z)|vtc_A^CW%qu_fROd$z*ic|zSSSrBXbFu{6MVvn(?J~NdK}NuAXKw3-!?tl!xX-r zDz$z&Hc?JeB!tp#>_FPkrW>c>7)Vy%_7-{c_|i8GNeRDcc6H2aOxInsR?{8)EAaNB zQ2J$C%e09@Xpf-C#RB{m@0A=VdB^NmM-cm*Qn82noap_^o@_KA<;j^pZbxgS3;lY$ zx#-7j-ZWPFke*n%t7S}iIZ#}muWDZ1`&p$q61{eLk{|U*mLx4nq>fwFM;t!9fJ$DE z`a9+#8-B}qRa7QWftLj@UV1oMT{N|c% z_*^wbdEtIX;R>7#|I6KyjMUG2Ep8qzI0p{Q__wwHw^cev-h3P*BqKKF ziw>g+4;Ho6b31l{LAUhnz;xTEAt3}Rg=UZKn+r6BzgX6EY=~b+4M5s6FVW1bo*Ir1 zb0ZMkQ+o8dsqrdCfu1cTpYY?u+n8#&z0|>{Yac8!<0#h`_qDgoOH6qjZ&7CJ_BDi2 z`ztQqdUO|WPXBIGh(>^nM|}8;B3va>Pl-`+#hG!r$&QGOFM&d#)t|ZB2t$K>DZArS zZ+G%t3S*CYXvpJPppd6`(zJZN_#1{A)5*#}ak*Dfl&< zeVPvm#BO|}drOG^-bK_W8HGK9sWhXq?v8D;nZOdC0LcQ+$p%tyz%dDA(<*F9Td}|P zvM{y}Nl{!FAta$d|DDyu8h2RCfoAnV1AW7Zufob0efIKRN%e%h#76m!_!AmQ*>+Q z39<#z=otUCdF0fz_{rJZbG$AsDIW1blE*t%72=P-G#$Lo+v2)%8&&&LXXTxl2RnEq z3k-qu6ecZg=y$4ylT^3Zh8KP3m3#=9$XEEE!0Qg$5C3iX_x{@`=)X0c`)_F1^}g#M zI=u3PME_TOA#N!2%on=+r!NHa%^=dCopP{su(I&7fk=9L*}Hl;fG!-&44%1dTu?3{ zEM6nQlQ#PE}hvp%KRc*)1>@EyFE>&2Oi64g`IUYBHDZbb3-dk zbx~9&b)6S6T#MwAT3phvNDg)9i<=-`Q(bYOWnjL_e|juUf|)u^@vLvEmGE<`G1D58 zFErMe1;dg4mbN)5TeCg2cKwRt)_se(2zv}q8I!;~9o7$idnA2)CQekWS9=@oU5s^g zsb(DKCu&n4VJffV7LiP5`}DfUXR%mEZSN`;a+J+8Y4W0~X=e(b6{Aas3P|U!n>6UU ziT_*I?eS$qq1&YGcYJ#i4<4vzehSd7(Eev!x8YsA?u5m>tCscyqN$0-qrI8r?NGfl z*G(O&3RTWg%#n|j{adaZD88WZf--yNv_bjVxp}@jZARx#8tAmCK~ z?AI+zKj=7VKn)6)15Q#OsomaQ35fL6Z`GpnQ!q9<9cQvHeHW;)cTx4zU<%O|>4da6lg zOJtkP<+4-}BzeZrF>myK^b|4^E4gaEGKGX+G=#CVy_+6U6Ra6+D^C%hS4k)u!eWo& z^CC&b(!Zt!?REW)C|)F7Wy>2GOI_c3l>|E33-kl1PDCeb@r({f+MgmuAPRqZI_@&- zKqv4qWMJ2u0>y49Mc?!?rO=x-_D?;tvYy8MgS|IONGU?)4Ejy)hdi~baN^r+m=nMB znJ*918+DglFXNpr+W-pXa(^_!{bKyDC{y)8;G0I&tc!H*2fj|94aiXWS(6Bn-WH5+ zvezG^-j`S|$L^>4cJJVx&G zDX^q641zZU5`LEamR_Nt3dqDrEJ^0J335c$&oZ^4HkAH~nr1Dx8!XTY*|>{0L^{-P$of!I z&}8SRe!>@V;&cU*GJQC#mV#)hrrBS@{}U}UQ|IBjo+;IQP-;-~hD?>8(A@hf%UIPW zLATHLmxw!g3eW|H4IE5|0#;j)wb2*UDp{he&@Ei8NDRMJvHFc-TiC@IADfm%1=mN~ zsk<8x(j(K;_r|X4xC6Z!d1W8eWL{9{`V?&DFumq9Q7nTH5_ zSHIul_&nH0TWO0yfLbk=(H{@ucJnXWeWJ1^X^h5Dw|jBJ>Rc|v^mk(@-~BT-n*q{p}i^gL>ARASvE& z{HSEH2@r|qrNKi{2nW!bUU*GS(j?p*UM1h=Bqnv_{Ae3j zd2#M__}J=~7M{>DJ!NwCul8wZJ$)M<8|5!PL`K|Yqf_Bw-M~}Yu#c)v*5&rjy%u`y zNNrt(T$#ez$}C>KCxFe&w^cMzK>R5~873$jyF|ck4hZl8Ib5H?+$rYae=7 zhqzEaoq_WWP~4iq zD-JLE+lwGrFt;r8^AoWH|&e|z#Fbp$b zByDd|(MXmkeJpvvpCZky^4%f;02GWh6($+YC_X7=QXK7vy?AQMps6W5;@L-PR@6aMBzzIq*((uwK9HG@*yL0!3qP7whJNwf)l$ilz z@nX8aLreXkV-13P=MGME)XU+-hb{Lw0^Yt{7OO=|TPMi9XSDKnXoZ=_+A1*7Vg#gF za6GXnNHL@cem2W@btw0+zZqilLG|y@!p%bT_%J|ahG7&q*-wB&Cnr=V7_%qo&-f(; zF*CeP^zYDO>Pl7(5c06UoS8uO(xjTs$CERhf@e}~popx5SwnawbV zrpxF&FN4uF-}kS@b=?gLasTMBregiK=25|Kk>yE>=M6d*6>Xa1;$icm9P3%?`FA$W zwXYad!hpZSm!cRY=1U&E*Zk(c3r<_i4=9l2Re z*WvLOR>EtQoopTwLLR?#4@uX8(&1Q+3|&#kxaWA;h!qnR9zWk@za%MVnYkhE(7Ny9 zxNdm>eH!4}@W%If{6QQN?;Je7?Qy0YPJwlfew%@FSntkuIr?*aA-~mI++OS(tJ>JM z@OXox)C=ord4|$YkIWeGbEd>+RSY^!F>8^dE_>UT+;NA;YbUkk9TCtW78cV?GL-v# z$~JMu=)qX4(#W81>M>0I0*@bIBnhIv<{sN}sU$ux;DrquTaK{5BSTDB-| zzTawvc{iwD`>Qp3Q{XAjt9+IZk=f=%C!`!~++VxroZ<18UoC4ryCR$$%Qm*^Qe+;m ze&z5}{Rx4M_tnjL;&3Gyczoi~0-LJ;wxcK;eGB!M(oQL=F zDT?K4_8lZK0)@%7Irf(viq1Ot)qNvxtOo~v;h#05k5P&v`GnuBNx2P&3EkQi zr!q&Jj)@2k8A9;%S)14%)qWkPWm?m!Ibt#CSFAN+&CbRc9Dg9o|?3e$Z1RPsNJgdUvYCh zzF1W>RL81W@e3Ym%Y3Ng1J!4)SCR`{=oh@9v*R#yJ-gS`d*#+(JV^>XeSY-S`kgX7 z$pYeBpBqh_6{dDbymqE-8Kw?=p%1W&2jTI8l7n>o@g!lRS1}Ri>CA;xozyVx%xiYh z>X0lOB8(B?@#4K%*;8U0_jR-?4@_r6TAyz?dkK5`x$E9`Bf8cr<_V9NzVp5->_M;< zT0k{+@|1J~J7-nVPB!DW8@S5v#=S|C;qmfs(Jh!hqh>}<3p=i}y~E${FmiUB;HR^1 zqhy<5F`9zMYesXOc!pLJ_luFdqN9(EsnPLk#BR#(XzAaMzX!G8gU1^!DSnC8T~3)5 zns{aWoL*dk7c$ zJ>EX!{AIm$iq?^jA2$4)qFKw>>{Q#d&YD`rC&(A&F_5y)G0;T-Pv4c8`P9900(ZEA zmczfPyTm%6)#k%aRZ33{;|`{&+QeNnR!kjd%IUnB$~-a#kN0J&$lzx?+;9&pn|;zWEgdu9-eUBjRpGhuepi8V zRR=siq^Qp3MfgyZW9sF{Iw5bmkf6M4j#4cGEbO{?CCuP9E%x@KWlI&vf0B|$F5n#_Z)!%(&k9v{2S`|JVmc8>%xuO|`R zrW;{JL^S6L-%Aa%DgR-s9Xfb?{O!D3eG8aWXeFLD-OOv6t3y{dHJlftkIF`Hn{Fyl z!Q(UT4q3G)y(De)s>iQWO-=$x2|QgV3#IdItsC&TjHKZ450o6pxGd~BbdMKLcFdQf zS7=WrE06(N+vcu4w5sR4@c6=N5?X%Up}Yzlc_u?Y$Jqi1u1?ycF$ZrI1%(JN^hfac zM_Zg4@oJSPWtr$f2WkWLm@6jpd+V+ng{&zrr%Yty;qhhmjGt1S8Hc`X*lgs8ggD<)=fbm8%}8@}UVc}nd(bXF|8BEPciCqIfy&6Q)LT`C~0Gl}7eZvDmnz9MTW zda}k6Ld9HNM5z)s+8Jw%&BRP?frz#|pWK=r49`y|9*-?q?ZQFW9UY?1J72Lpml=b{ za0Z0oLF*+=@dg`1{ZYQd%R3Ui@c6OrgheN6&);0$k3FQ zoIF&edJ#$Yw+`X)OKkMZB6?CIS7}AGmrVRc4v zKnca_Bdh9qc)ZUC3cP%r=u=Y>gbSGSG?o~?*hE;`rrlBV8__XXj-2rLH&>nr(U)cH zn0v{2e-L<^I$35!+g&KnxyDQ2J}$Hv4v!Z>jM5gvZtGvUP;{|-|1G?VUr-&pZ-so3n`uz0n?8*N*qJ+8%A?Z#HC`E5hTg^^L~~eKR?T z%k*}6X|*aG_puLT0AEAzr42Q9>rq*FyzJ{Y<=&WmFBHBBXa!mmey~<8A4|H@6LYCk zHNwGe>NafWiws_8AKxcBbonmGVlr!bN>hqyb+l?_%z9!0Q{onPksotTNa$0rw~LM{ zeDR5y)M`+STSU3kOk7Jq0jm!SXEe?~Y;!i&D2`wc}zH3!v894|bH<`U{j+jG%vnN%9Z`A|_KD1d&}uA1Sc?|nU| zt^zm!F5pLzz90`;fF#I^%z4q@iYr84;e~~J$lvx8br_QmoE_5bLaSeYBwhZ9M@8U) zqZ?p;*6#V(o)iCT`?er2PT&Z5{vV75Oy|M*`5`NOSy?pi>o&uw6W(#LM=+yh3iv$3 z0&H8nb{huSz6cAvkRP|b|4?#6AvSBNq>G1JxQ$$J<4MVw|_1zIbazqoVO1J-_yhXVC{MVe;vhh1O!k8EWo+7 z0PKG7iHyK&l4PON9Y_*$VW%N#7o9)xD-Tv+0S~1ToT|YHX_jK{7`8M8!-%UJ|D{a5|1g>@DTKlhg#fXQjxe<%kC$i%>c_vefpZvo}J`3^x- zC!iZPSHFx7l;C??@)1tWHG~t=6)KWEq|=xA|4I3P*$QwC{h_z*m*{-( zeu{1Jor~bZ0)}bsLz+L`96SCvv@kqvtW>+`&k3E+(BsZk6H4L67pVkkkV_DL_eqBR zU^DP%Nc{2mi%&v^M2HDW$tif$@t1!8U(k!6`#oXq`Al|H@>sSlSIksyELQT;?M^Jf zU!(8VO{eu!i%fdka)D2K3)?MHgzr;jKLlwayCil+r-FSWZ+5GOb+MT=?nh70RNU)F z>YwU23#bj(LEGf?!(Q9~*#CI;{r>C)uG?oi4_jVv!0XI+3LYw1VL7>Nj~Kgf?;EkO zUT4y62P}Y}T@NXWFttD`Y6|;`RSV<}hq2%tH))c(d;1dC+KFnM!D)n9CI@hJgRQip zVEeE%%tAVW?RkSoMP0wIz#L${Gq}bTn^Plytz?S>~H?R%Z%6=WB zX9dQh;3}f~-7boP2V!}_HI5J90q;WK%E}Jjg}`TP@QD}T2JvTk7GMtV_fjtK3AQE) zf~7WKYzfxo1%yH5d0QSoj=Dm?oU=o(q5$U)4md%+EkKUkz`7n_?(b{){OJ4H*qDKQ iyMpzc!7&mApIp9|{+R>o9|RmjE-<$Jj<5w|;C}!kVk%4k diff --git a/vendor/github.com/google/go-tpm-tools/internal/test/eventlogs/debian-10.bin b/vendor/github.com/google/go-tpm-tools/internal/test/eventlogs/debian-10.bin deleted file mode 100644 index e461a2930fd2a8b9d885c715847b10232e4f6a88..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 22220 zcmeHv1z1$w`tQ))seqJ7!wiiyNOyO44qYPM-5`iGf;57(bV(^7p$JGQ4blq8ok2a{ zcZTo$zjL4a|3A-t?mcV7nYGt%zw6z5ul3em?*ae-0944Ih;z(`>H~n4W`igXHnFq< zE+zpk5OQ1^AOVmBPyw_6wg6XvJHP{A3UGkbrLOCa053@06<`TD;t2pj@X&$>`Fk3D zD((`uFPf}LN#8}{%4=Kk!=DOrTv|esN(t;F19o$lb+Q6Oj{I{$fmGoDfWWECw_g=S z#bgz?5{43c)g>nAAE9zX+DsQ$V_v6B;629zEM+1v$D;o_9dgcfQHSti4&f5YlQ;kj z`M3k%eiPMePsJ}k6y|!CEp$6&Qss;I?Dni2!cC&^zlhy~v_XpsKpv2<+gZGt`b;jO zp`6HodEfPS8#)9t@jYlFGOkEEBU%5sbSqgDFc|&>7!0?NhX4-;503_TCr7w$9b&i% z#6m`63YQ5##e##wKmq`9LD)b{WCTq_1WY6+OD|`8;2jby5Fe0_1H=L127$QsuB-eU zz+ctBI3pO2=Feo|kN^n5a5w-+_vrA!aBzT;=69%mXO8yfnQ=6OYTy5zh^#5K>q)$GM3VTJ zEj3QcqxT-U9Uu}am9D)&+VfWeS}W)?(wjNJ>M6rA1oNnZ3;s{(`4K%r2>0qH3mmow zGiJu#lWx|f3BEu?K^cRO9)Evd6*p3Zu0~#X(W?KO+53-FVafK!g@-~e!i>OfT>1>{asU?UPE5@xD|B8VTd zf5-@?XUK2|Ng0_8_W>!P&9sQ5K;po^2H-#e1aNRyh)6&L$k(55JLG9XZaW+xI{%Iu zo(ReFFYPsV%VR1zYGf}Tat#XvdYTBu&%d^}?bc6SZz6aS%QDke@hDigrva~*t-yh} zcsr9~9|1(mb2bbNvA%zwlG%)!#Dt~gnC%;b(`zed9fol01lv#t0KE>~6BRi9y2Ad-*}Ec-Ov*{YdAq)3 zS>qnL>k8$gsu4CioON?>ZHVx=d~{5i@)VNi)|}aNPedxniXIDPs()Am)! zeO{uBh;IhaTc{sQ@fLtIBe#ms^;Q3kQhE{<=f&U{s zGXWWX@=X2LJj+YUQ%Q(XaR5Oeh#dK^(h4B?qRb(( zN|wbl)que;9Y-OIVJ#OdA#F+*m}R zxLvjO(_IT5#T;h0?3 zzJ(A7UeTek+jvS{wJ5)uuXJJ3d47&P;Ulz~Z7DFq$dr5Gs#~yCmArStO%T`*zrAWa zlH)nLXP(?u?IRlM6A`eYR=S?^5XClu=%;)MhEs;zDS03+G8!{793osWFA*FfMEV2% zBz4R#Bu4Xui-xW7C-mnuD;|!#j5Y?|`o{@`@Q9dq&;jZYAgR%#NT{B`g;rj?%3YN86+pp_tR;9ZI4IaLUfak15o_d=;jm^Avst<83PCi*2z+1mMEhY1A zZyAf!vA~?x9=ug(j5PhB|BdaKj66rKOGk6fzh z{5WeyTC=1`=|?Cf;xF>NE>UkCxM+>!hSL^B43}K$_)pnd6D9cv9Rv`pVZ}rXMucvy zjI~RwRkDVr#M?3J`91iq_B?2imArLHZ4rQXmL=3>QuB$kp)m5TOw?zIRTL z?UUJKi``gAPKA_l_L{H?Fw=Y3Nr>xV&y`2k@Yv+gpr%h-iD!Z%wBzY-?Se*BfQ$Hq zKIpu_G|&X+1r5o-kgGi=05Dv4Yv#UCx@2M7`#0Fumf+uZoHV2jS}Y(l3)YSk{iS*C zLcVX>amct3-E#I@x1dh;UeiH@8Jz!D>lR*!G0DLNH6^cg3#7^ktpbCB{zr5RGm!D8 zZlU>W-J&TeCHrqHmts^0g#k%4J9*5a&WHeH4@?O-4T~k>0F<5NM;LW(9hm6-a+0Qb zeZ;KklgG??=Zdn~Vu6W*%^H`V+ur8%7Li5=h(#OdhS+el#!3(Ey0lR%XGQy6JrIdY z;HbMNQ{~aHJEU+&?w0>*a2AEPmm+3O`w7k@@nqX~=3-So!{hUo58m(}uC~$1(%*$N z-6Gg{+4)fP;U`K4`l0W8T1Mob{Zsur_aD^x@UOkEGmBB|;B#KKxl1_2S%k{_PRG`0 z(r>2=Q62S*QVmmtIjSkxoJe=Gj@f4h)6_az|I(;3BA_MQTG>Shp9YbJW-Mk;!v!#= z!mZ<(hPrE4TLAa&w{r1>C>K{C{y%gDM7bbcw*hJYI0g?jZO^*w8w0%5 zJ;b4M4*Zi2BB<<;Kx+?neiHjm8RYbiCNr9B>OVT@Uue0%)Ir>+;#a_tu~SdXN?aQq zZbm5%PkO&Sd@*`)GP&oDL3}d01e%8%I$R~h7{SjCD}&z$hKM02)KeTFG#}nJB>Sq8 z`0a&es5k>TReN2PDq&w|MMfGmdEy703$LeXZb^}^+uPNekyNl2wV&ph?qIDs(#?tD zkcbYB70PuhR%hW;plT$v541Hi3&}E5a$ML^+bU-d`ipa2@F0`KBv6TVzR05UpdTGV zC_FKI`-Mltw^^lO68|kqN2~kd{GEircRQpgI*M zO;a#SqPgu(5i2B({h(yECYy`9_WMiqQkJ0YA|#i=oTip_vIkbH(i+(DS^+O|i8JfM z-`EHz(l)RgC8&hO^~VJpi{&4&VJ$tLaPU}tY1=>@{vGA*$+F_x_mwPO>UZckcn2KR zT+_m9zH*z|-8!xl2vX51;b8qy5cN$woSsxOKlrs?_8Bl!gRn$8osNC*-l|yYZ3B3b zwe*!ReL-Q7R%v2a&1E{8+PQ~c5RjP)Pwym3^#HJ@Z$+(ObJLq4xDb`>y`j&`)8#ce z<4bK?@^(IJQ3#JnJz1)Pm)y1Nep%>mOYDJ?oPAuLIt3ObF>5r|y_DyCW`lI8w z{y_26y4D}4H}ps3|A;K+00Mu?V#YsYG1Tv%l7QG?wpO<0rtX$hVjk``U{_m+djd7_ ze!3(eAc!Bt#|7fzxKu3IQ2L(O*t z)VclECb#LEBglU=57DB5OQn*!oYDowCWi|}4B_n*w{0ou7z}u>E+vT2Q}jIZO^8`KZ79@Rwq*}ya}A|a0}R9n%X$gY(z+$bTVC6GcfZRZ z{MH;25X~X-U%Dk_jPU&N#Jw5bqlw?1DrbH2)2vqi?@fXG5&rial7B(_FVz6yg`bORu}`;C-5$Sio1hww6SD{|f!mK#n>R8gT#C`@NcVO@ zQi-NM(^q_KlJ-ZPYYa{ADH5VTpv~MKP(bIgvWwj&n?X!0B_%1!ZeAAU;PLG3((CV7 zMeN)po~-Dx*)yy7sNtXj)G68W`;q!gDgJ2NFWgPLTaDU{OYg8ST5AyTJqp^+Sbb}eg=>I%)7C5Vr4=ENWlhl9LB%L>QLa#FZFaZ#o5WCK4T`I%%@zvj zL~xCpl31>2uJKwvQypHCTQoJp{@8*Wzp-$+fywqF0&eLf+Q!jIdf3YV)krJpTX6+7 z_(DNUHb`ErNeX5UUv{AkwD?AFAz;g!`99uweK97-JH%R~?MMDYXub(Y@B4J`3-~bj z`AKYdAG`cG3rvGMQ%(tBQR5_{7uMAd z+y`xIB6pX$3(!4~Pe`>MPkFPvMIzgJ6A72|9QP~IVv9eEc_VT*Ep_iVZ--?a5@a6c zBz%OCqPYXsmT##!qC2FLU&o>i?1jq_CY?!{(CwCtrQg0YN9Q=Gp5dWna@JcD*F|-a z*KY9-3EHO?JR9W}{3>&}FRjSXY&y>zm8#tX*Xxncp=5JzM((h7 zAegfZaonrOj9l0Mw<}_FdOIS}Dpa)!8GkXm*zerv$y$9s+f7&Gcc3c|(grP1SH$~< zGopg{vy}_--JbQ`OBaDdvE78>=u3jPJTMrM3ZhIbP7tNwK&9Yr!3N?2a$JjK zOy+-XfY5Psw{-n$C33AluA^BX5GOy7528P=gIl0qRbarM)W^T%@?Y}w>!L6)G1M*1 zJzOoR#3AYo^xNmaq=Dh|ParCFTWcpsln){g|LcI(ka4zI0!EERaK)>kWwRCeiQGHU z?@Vtq8}c1Bjx}dBNi<1hc$F&$U^+`-Tm(4wJ8lLV!A&$;-HBMha(p9}QCeJ$X|8}k6_({({T-H-A`xt(TVwN#(=LmJnujA;gWYK7OW6h0*+ z0eau8KO1;U3gJ4|km%mS>(gEdPzr82VNn|7RlEu#3YA{k5%3FWtKNV^dWH$^*@!C~ zdsVVBD%haI^0XU)+=Pag|4IzLi?PU3^@@}0xj50cH17-6iz3aOSDyQ4*e6)OFm!9X7V!exmO@~jns(14I_E-Evq__y9uX+Zk7kaMN~nDph`>BkrK`JhQX1H(tc9q6m8>-D;i1nOf8$r`8%n}tKcvDAPbeputQ z>6bit^4Ibt5+YBWf65ayEOLH>XUV=Q-7xnRDE2!jjzNH;0d}x;gh-KJudUDtkR)u~ z%)uZEAlbF3ARyGTb#?cENRVqc|EH}f2Bf-vjl~7z1o3k5a&qaB;&1@@`GL>_JRp8f zpdL`{!}_@S1n^C&G)3DQ zX-Dn5wp+4mpjS;asgm;8M z=cxI9y)`)$k*(tPdgR^dq`|!?v!X-ktz(ID@+VIL&Z7C;Uq`(+`)YsNgF%ox_2~K~ z2L%rFRTeb5jC`#re$I1LATs1IG;raD?~i}iWvjp!l`~yfP|jSJ>A&;AOej=gU#KX|7rd& zkqta=8F-I}x`7TRdariJ9DPRys0JAg6jX@vKv|&lFENBh1jh^j@&kE)_XH0|%>4Jf zIzxuFxvixeJ5T~jlM+!7cpu1@$CJku&hhtWLnG&ZTqh(p{>O_(f<-nFjjcoJ`KqxF z>dE0cZasx8nE7=rw@j0|;td5NJP{*FBj!O3K};Hl6BrZZVa@TxE}{O7FJDa=7=tl{ zhIikQ;%$c?J5L{D(5K?aPk7k242zF9+9GRAlm3VeuBf2dHC>2b$S}F3w5+^_lRIjX zJBZeELTPXpZE!pQ&b@Y)RI98?%obsxL$8+eEU;UwOfIQe&cv2x9`KI2 z8gt!!%`=EIcVc;{rT;qQ^+nJTw)ENes43=?Ns?I2I}?{~?5R;66*EM~JBfsCMEdVz zEims5ygX{i&1#x~m0K*o%q3jN_f0zp{sJH)7(F(0v?3mN1vrN4(r*;J2xU^Qr z?$a0u(~UUNu$gA0RcEs)>b&&#hVQ{{{$8g~zwoHw6((VY+jd3`khWKqeP`2qt6$DFHX{3lw@U_CpT)!17?_{ z8`XjIe)CqDXyCX0#{ojZQw4UBy727mLWBJb3*tZK)P(MKUx;Snop^S{wp#v_I*|DY zdDr?6(*O=CbP#c`%}xqBM5r$L!-#D;~amXbV zv6ad4Sg<$@kwYuHN4>kDW%x;W&SQ8aphIzWJxa(QPdq}j=iQQv&pg24lZ)9vX7?~X z27B(v_V<{&LyV_~2R%c%ALvpNi$+`F*5Z$5G)wC}#6Xuyh6tp2-4%TcQeWoD$MN6g ztV`#l#Bz*2c;`L<%+fB_dgDKigjaub$oTC;w)#Xnd!?PnJxPm}7KZeQ_{M!7?eD(W zf^vMxZ3k%wUl`t;&Su^=;(yv;8Q6aK9$!So)0#2&Ee86XhztYQ4~KB>avxDzJU8qv zKGJ-Uf}g2I@7p12!(lG_5Z4g^t}JNmQw_*f*XO2?ht6 zpFRV0wGQlD39O&91$AJ-UnZ5@x%F0=qDbwtW1VPhsfnT(WwK>1IxPN}J*4palk@3h z99M?BA65}0xhC|(Q103bq&=!|A{+CC#rMt4=7%p2vZ7T#X95SXxkX?JTb!~eq3&7x z*oETYw8P?WZ-+L?J6IOuQr<{F7;O}7w@&3TO~4&E6qdaE5AEq5wGX$OoEROxg~h)y-)1=RZ&Ckh!P@cYinG6v>0@}V3BeCyHWrSr z!)uPPc*g!MwR*w(`7tcBJ5Hr0etUx7Kehb8v-B`H_)Hio_W%~3c>V?3cA8T(PM8GK zhT}us1lkfk9sS}evA=HN?DFW;oP9z&%stkTUR>S%&c1d z2o^6gmYusOyq}|?R`bnhHK@CB-_iZPn~#fTyfcB_n6MixUU~%8lztgGD}3p`{T|B{ z?pdFnqx}aSYMUN1mK7$wMOeJcK_Ym9M%G`WP|B?QZpOtRE|nL~F@ep-%3R0rrMU+z zKKO&cSp5mA#8^&7&)bO6Y+bQYp>gTB#cBa-9 z)4q{T2~sH*B(Btbx{}SX__+9jsPQl8{1u*d2i~=ReNNC|ItFRYBou5H2Ut4VwkPBz8s zZG^=;{rG{Q4<{Y-FjWC}vb3ULq=+gqav3Q%8hKdf?o3M!EItQNr7-0yHV`r|b12^F z+1&-^A~>2@RCycpTA-ma?8bbYo%;OoWR=yuq?l*Z>=K`3l@Wu`;Hd#mS|OSEUc+$_ zEd2woYUS+tr0DhBLW8asN?e%=h*cSu94vx0vf7F~DmU~gR=0x3*6ls5=CAjg7fhD7 z^LteRT+4~AFC0$LHL_`M=<5)jpo3y@z86OiqrOW?Hl~G zEFQ1!|9FPyOkR3Uv)ao?y>f>d^O%)F+5Mx+*Ejrau>AL`m4}+RE$WTYjg%yrw=rohwTfeVF~`m)!P0*? zG^}Ahh66|0fNIp#;`O#-BBWPDPTNGVi{OA|tIr1(zYgFxe1(mu9kdQm^{#I@F3{e0 zB1)nz@zXW7Tc$(4gvFEB&%Ztx#2Oa&teUy+l1dsw{9t`x_>D{`wr;i!)(o4fd_L|Gk@ z_1y!kj|OD33i2di@yqfcJxyX48KIa&w->CR$P_VV%!c_IPc@*NDQmsv?rjKgT zJN_CMAcH2eeJm{giwz|ah9ICt-E9ti5 zF6p86C4i-Gpo4VFE^LE0O46BR>f4qLL$jaQaCXV$JmmYU!*D(qEmpBZvivvBh3i-oSs0F2f1C6^rF|mi^2> zVjHaMAWNWfo)FU#Si;_#BoB*6_t?asaNaDMJaoV7*q}U6FC3t2$IXe>++(ji=izDu zi^o)*Nd)(%;K_O#mWBt5+q3+5YFBjNs=iqdz$4^Xc?OHeDJ;l(qY9k)p?@@?YiT~Z zLlGgG{(OWK*EWTTO;$Av7EkB}tY^pjAuF;0|B~)b#watGYtrsG1^AT$zKA^)3*`nr z;ZuT(Uhep(q6cF*R{>$+PwQzou{z~J3OJ00j?bRL;>i+|h)Sp2)(99%y=mLc$Ukc? zR%v`^{_c9&$rz3|-2{uLh|%e~Y*`@BclLAYh9y7EqC;Y29evRGp)vcz*vxP^f zSi$;{{8uDa^h#IKuz1FiA`PWN;51RvK&Y(&;S+mA08Pb1{ixv?2EbcX(Hs6dGfn1Z zfjwklpl0+2+rygGGlN6|V$53Zsw1IUOu_b`0>&1ZZ%_pE#KeWKP`}KU`Ra%sQOp@yuFe)j-U$#p!1933}|M z)h;0Yvkw_SkA#dOTEa;C(@BA(5a; z78EJzNIQqc1Cr0RElC(xVe`HbRoO#8KOJuJ{j#r<0zgMk(tl8Q0-4mHt0N|7Q0v3N?+5J^@6>~~R zWiZhMXUVt_QoxIWWrFpLS9{``-*<1=Z}-1ANWOO7AjKro&7>4JW1UcK%Rm3z4A;lj zMeJ6?eM9~Ttbf_!isSA|PPjE-8)_Z-m{{!X$vB#-LO#50in5z7EI-2h_x79e_1@)+ zS+`pFh6)NvP_G!aJ(yn~E~ilX;B>NeJ-maSmGm9)d%zoGzY zABL`REMOkrhRb?j54ZP1wT&*v3l=XKVXruAI;DRaWiTFSbE4s)g}&py<>pJ23h(IPrP#|_+}{l*aNVOVZ`!+wyyA~UZQeR+Yn<3m6I z`mFk1pN*Xa$FS;%NT~a~kE0frAMMXc_rH&*(X@MxR)fxVBBL}c=+xc!(0qeuje z*q`QgZjY0h`NuU8}iNSIYHh|_boofC*p?u^q+U+3~!0{eHm4(h&=X!Lpb;f zOW($A;)I;BU2Q{S_e$66d5E>d?fKsX?6maW~|fW9#OGaBMi{S$%-}`9(36 z;>vPNBmqGy#hsCPY3URtSo)5eZ#lFVdq(<;UN{rCBzYKbENxSYsQ^>i^xCBN{UTxU z&iRt)2bKJqww35VYUjG>IFvTfxB0tuBH_5EqF7bSVezir;9$S4`_c+2k zNRwORFAWpL>a2#SUIoMAy-6%^sUu74Yu%k-cP_-5s5KdksDu1Lp@1jLtkI0&^K!4it`zS(}4Iog_=fy*{eF8}@Kq$~30! zEnQ1O&$W3e`AE8sQD=-HEhmN2W?seeE| zLh8qF@$d#-Bfl(1bGVkPKw~Pkz#amoFzUf z=q=|W-RZe6S&T(TUDyy|SGdUni!Yk|X^)F!YP16lu!X8S7V8i)6T$$CX+{zeW#ICW@6Oz6!zoj~V z2#aqPL4K^85JUAHtD=kL;)0US#z(}->nWm-k)t1tI?j#v7p-vb5jb1TpZJppI@V}W z3`MIGAF%J?CZ5M(tU6Z7-tb4-Jig&xao`vu^ZYJi8{2sM20yP(tpwIK6+32aobEc`K>#ZtoCl0rm-Jcfq>iEWKDZ&@ zx}`F7yHfoLk6s$PmL0#ShODY~eQ48)mBeSzAx>f!4a-lDivHm?ZZSp0D#?I-%v&`6 zJj=I-N*+yx$VMyV{nPNhmz<;mR6s%E{x;IDOmdb zITpoD{HtX7*5YdZBuI9oV}kVH2`8?^+hhZ8R%mX-SBJR(c-322?!Cp4FPvJ6#L|gT z*C)OQ&X;!axeluM+=yR|#BVz_Q?qnL`Ra}NN59(sgpzyPaSz=)EoqoY`s;ouEI;D} z1rlAOY=W^{{?51v5o5#WAxLzs-`+H0`cxjSi!s3BXS49$I>^LLowsRF$fJBev&OPQ zOO;7jlc(%Ba8?q(VGqn%MK{ogp<0J`aW$;Ae>lCX79?QnMw8XdlwYh!MRp8J|2?CMLdev?Rd^!81Zs+H#lc`Y>RI(O3H$F-H{v0S@XzZ*BFa8Z^{X+UK6zRGDShzh zMf$*MYfst&fvwjGEd9l#im)=}QOxro&33<6-zx~4`gYwiey|MchDttV%fDg&EU7j| zZnx|d1EmJA?M{#q(r8!^O|_ePyPCVl`;Dd6VCkQS*O*`RZ!DCk7E<*j>;Y((emN%u@M*|%lu=GENfe8Y9 z9qc!+)VB|mI-W))k)H8sdGBTO zS@wZXBA}JAAaMzvh`351nwBBnpY4Wz*_~P1JJ`{D z%H*@lL;2XOTHwy(B+v>*<0WL}U=_NnH7q}0>rYe#ur%as;s`3cllDsca>X%==j((q z^pL;%W1$Mc;t%p2xf?WW#Uh?ziN3aB)IB;hU|HI1y0kd0U}`?@mV?C~QcjunZKUCf ziVXQt6wH378Zpv%D%nPorL_vi?9PuK(!% zn4s#Txf|~z29ZnzmGk(#oWu{z`w{DN(nAqwJ|(kiA(z#(Hgx;|!_ucDMu{B*Qxp-V^;ZC`tTkwj-ub(0_yR_p6ld%WuQYiTKT zw-x{-(KfJ9MBjM2_Vvf3qRL%dU%?>?R>BD$NE_^qEohKq(DM8I-@CLZL-uU3fb81h z3TcCE*#Y?_lDpLQf4Pe8!T1m9yZV-{PXJ{d%r-IEnk1o zAOu+envh*=xl8}9LWC2u= zU3Q>5)mTGz)`9M%qjG&0+#tNVL3XdP1UNzde{fy1hqOZO3mhikjTpl9);Dl)ko+?Q z1bEbInowSqDo}&)a&;BMu$OPEvFO%8?=$2%29Dx+1NiP3Sa{2#*8=U+nx%~g{K91Ub-B6{`T6sgIkfPru50mP zm^4w8GKrCkLR{yv0;+?dCGgkZnVzuauO;_@YN39dkWg3Ycpo9#S?NcsR0#^=w^O7| zqA4zSr#meMe`-qr;5Th3o&U}vV`@V!YXNq0SF*IUfLyS?LIP`JvxMo(ZdA5cp82uY z+Z94OyrTT??DY>?3~o$alxGuoE%Jc8A>knb=JR7`E(39g#M-mdNLuwr*CrUW|Eu43 z?2mK*JAOfJ5eVf#>3cjrA0mZ(=PKJ$rt{Cw(2U_YGa+rHOY`l}ewx?`pgSkR!i;=>T{DTmZIT2mk8pS&XpS;#p?E9gfWXOTZS1qUzeUw7>$I7@b6< zI6ujrW+Rj*eFNcGrQFa&Y6&1w{!(Zb_hSq#v}0%~`1L&00X7h0*%7h@BEnP1PK@C{ z6GiXc?U(J~1eDLOmyBKR@~fc7zjb9$ zDbArjS}|=wL$DfLRJzB5L4;#Y$y{CD%TSc&}9jw{5&_Fa@0pvYy134KAivt zjRVDgCvia%(71t|K+x|xBms>MnwI4T+04ws&6LgJI>Uzz>}t(^oq}e`Y6i&)W;Hkc zryMeeu`z!I2P{fc*~5?Yiz5cDVo&pdgnvp)`IQa_I0X_wv%u&OF@fm6yF@^M$(j3$ z9oha!`})hS{(0}u>r@u6bYbbCF|_fRs4?B0d)W6dnk&ng+w->~ec-P^3qOwSQ1(m- z@SN{-JW;Z8_+*Bk0jF&#{ZX#}^k|{(iHp0=5iZ9-p+-2oZ zzU6>tbWnJZZ)}DGtg8GfV`cG(=K&Tnmk?WZd`=G}(lX1twCigeEMOfEi0&;~bxp)V;ClYi3wgo0SW*HupF16m>d@#(?5R0ek6ZEk%DFVzBb;zex7HMb~bL# zzJbSr;ea=e86%#q9;T)4P8xry7O%Tq?8-v&bQT6+JmZqi8vn}NE7{n34C5z&49%q(9?kh9sozMXgb*V_<1|nv*`0F=ox4p3G;g`kc=?d zxII5Zzpja%ej7>E<`ahNFhKJu-5`61KaUmi{K->ci8WrEx7;cu{MFFQjQ3qhmmqOK)zLR?sl0F3k-PW4U@xDh#;?p7==;q zLhxi=KgB(|#3lWZ$K%1$lQlyU@Oh?vR|5h@L%D)dt<5It+S8~`!uS_oTiwg^5-Ru0 z6Mp;6JpN**yPM}7H5g#)UQA~(`ox5J(U%>bffvn0w^WC0hC4CKVq+^93`?N+0s#5p zQ3ezpWvG4!`Gy^juyLFdXNLG=upn4=;f51WbU`0kXKq{W25`H`jd9pDFegZUW% z3I6#4z>k$b=-YnvnxA>`0b{;r7}I&FrE|%6Fo1j}R%XZbdKQ~u$0-46_V^;?_Hr{U zj8mwqK6M-0drKKqeDumujX@>0Zmhx zL(fPdD_NSXRp9P2JOXna9)U5I3&F&|#3V_@)ah_>aJsLQ%#fcc8$k~z#Kz-}R*l{v z#K3@I0dP`5Vz3Be2!)VipHzQd#b6n|IyJuNOrTSWMiKRvfGbq)h_372hof4SN3*w*`;^RPb z7bBlDtn;2K!q)`8y>(m7RQ1#1ZXt8YwEW7{M4DBgMjV&!0Cz`=?8eHM-bB{M_*tLI zFEqWIfz$T6^3z&l6D1EZAs7HgzA{`9eg^DoMhvJVTq2CbX0L6S#5$ULg}l>m|HSBt zJLJFU+lap!La?VXfTR%80QG46A$w$)I)VHOJGZlWkj2EscanmGh?dCk36(xAplkhg z`oM{+*$2aR))H!0oy-5Pi8@fY(v_|q(fd-$*rQj}w~6oSxfwC38J zyB44UkHDITM?eOS?GfJwe=zol6XcHugR;c%>w+*i9?BH4$uSM}1wmy%5xC^|#x_1q z&K{1wNDo00I1#E4ha5-G!QLI|VK2x8XF!$UlT&Is+j%2>kmr3_6p-GYNN*coXYdJ7 z(@^&z8gYtAnqnn~j|Viyji`d*liP;i3p(1YB4UApyDq zgy=CTf+FGJVgHEC+;FaAnOT1=vxbrei-J500xl>Bx|o0OdfMizKh5nM zUsS}j#33A0pYi3Mtsq`>Usw#Sn=-RQ1d~#06HUSHiBqOr?bv!BRhgN^JGb@t`Y_&y z$!E}_5;((z>ISw>ru{wL(9X-+*I1(a4g@~r97a4_`q~&1k0aSj^EZYiK`(0J&cSK_^#BDXlz<5z z42FJyEua9%!(pf=iJ>Sq(QslEL5_iO2*rX!zzoieDmVe9fm4N1D4o|+_z+@3+BB?{ zeZmk|@-&-E5!?a=V1^pP_2Ig?+PRw18cx2xo~H!_?7ZFh-M{NHza7$Dz|++kRVv`= zjkNc(^Ysw`)dJLUP<27Q1(g=m)pMXS!1=&`xClQ8g47I^StH zX0+nBiv0cke^rr#_kU1>FPiy6BEZgk6&1ThkxGNv%`LUhoy9gTy4kwogHUyT?4ScJKHXeNa6xlKjFxz%0AV{t4DxFte}hEL+-&Rn>0ZvL zmDDpUr{a^8X`+M9lo_wJwkq9ZRC_?}N2--Yvnhu%_}b5J?) zP7Kz7QcI~mML6?599k?UYBQ$pOfNj@v^0#_@0Ln1)bGX?SX#N-0LfFfzTbw^!Wyym zb$vb%Vcj%Za+i%lqq})jW8splu}Iadw%?-)YY3Zu+4Vri;VgM(%4h@6s^17jh=VJH zz3bDhC07F%@~Rjt^QdZL+CS27SEsWh#dD^v@5Ke)Y;`7joX^05mHxS#q6`>m+jvGn z;^!)yOJAK~yTvP!_z0 zO7@@yqR$B*ehXFUV6LnBj^iBd2lY(a{m+q49$JC%ClZ_&x*o?MVhEn9ZIZBGa*Xhe zm=k!KXqpT+{L!aV!zn>ah2jzrX(7FRomdoXype9s9yZ@6j`#%FXB|9{7m$Jsa5@wc zLO_08z+$MRtoF@O3m?T2VYnbd7@S-RBZN`YN{|$k_(uLy)&5m{XpoGo^{j|bQSam~ zr|zoEU{-P<=aeF_o51pnVr{x4q4@yReamH7q)cg>2E>PD@fryivm~PB)QwgRGw4z zh0cTwe!5XUZ?%iOT0YO+b`@flAkRxwC2F3~(2S#Yxr-wcOX!Vb$LL)Ty)XG&B$ZOJ zak~`?)&qEQH1YLi7VPKy07(*f*(z06bY~TdG3o2R{1P^=-GZs(_@D#V`a>kpxLz28 z__Q+4d+qRxD`rTmV)m_TKR9%a@aH-uOm~@k&h63A`yzVyoNTYc2~ZB5{Ja1Eah-8A zNyXAPAK`a?pS!0*Av=@K?I$Bo)7`3T?Z|-3d$wYrFItoFY)R&sP>rGS&6Y!inZrit|S zcJ{g8?B?e1FB1mWe#a(E2`5LvVB`c~aP@EnH&sxR$Rpbof{O{k1%(8K5TYpC1xbX+ zHxm9oBgJ2t@_3Vf0sW-mJ#Oo~rq}*~C0D~uBgG6V2J1ozD%)D zsD-_c!CW@=@X6-O5>sgtQ;xAGMdzxN?%%0+!YLf!OH(5^nxwU&sJ9=xZE_#x`PqDQ zCil)+^N9897YVvT7iBl$$~i+#{F%6h9eC^dA(vWj4%~3MG6%sQmn5q&;<(8-qn}QKlcxKAquvDY}nXG0fnL6laniA*}aVTpn;o)g0V?6;4zX}hJ z52N@M=8jXr`Tv=LjrfCl|D_WdqBC=9HwX4Jx5j6=z7Risp%;`U{(yzxbcudZ{dA-{ z>+1N}JrR-inbZk^%7Rh(q+OFSf9KD*S-c2#N)4B1)8>l6JMHAeqJh$D`7XZi;E`PH zBn(x-G`4T|Y=h137%1QQP~Y-6^Ih@cvbq<~Sqv_g;C`(g7P=r(Mb|og9Gv0#C-2MS z(`~8QheI+#X4XAiu!6+WI#`x{;&>arb~SLCv?$v=zUndR83TD700W92%6F@eyKTk^ z2Mh-$f0%D6Xn(bQEBgL$rhGHW6oFL36jsCFO&79Tiyw@gYN|xD$FGpJ1Zce&OAdxz za`f7iC0=K&-`AeFLv2SM2a4`R{$E~u ziXj9M2w{=$Yfq3ALXq(B@E={@-?U!lfuBNoKnOY8uh*V`nA80A;`1)9+u7$zcrF?Q z1x>)1_#CR+4^$l_BXZ z@fZK>8$Q=#yBizz>acVOCycXmZI%dU+}YpA5mU=`_T{U$XqIP^G2$9rYkb~N$0M!A z!;JXi!s@J@)fsX|_=_kub^J9Jxn~bE+5I?syCC`7mVbKI%2nXE^9dCvW}ZilE`4eiiYPVGpy69{x`ET%zv{hO_GCQz@=adWvqC(p z#OkX~G1bY22){cn5iU~s?4$)tr6bU?o>4i|+^E4DXKk;u(fKkaNUIPj7EV`W35!(j z)#w-ThA$Rid3D~dt)Hh?JU^{sKy=k8^kELw&8p}DCz+%Z)dE)6bS@`$Bu1Q*zq83t z_&(#Mo8NSeb2V%99?szQq~_pQDX+gi6FWlextpH%jp&Ls5gQlUtt!cI9iu`7-$CA$ z-80dgG=_H~y3Mja!*3c;6sn}L3v_Z!%cs&=V9L&ChVQ`&!6gG}Y5fljz zkNQVM<%jbgi^~4HsK(A7_DFvp7MU$`@=Kh;=xnE(;Z5@tkU#bA5m7nW*2#IKlBm z&zW~()xOGUT;?&>CwQCQsoZtk(dEqcUcf2rs$-JW7YUvjTI8&YVK}JkI)R5QQoi2o zktQWS)RQl3iRq%b=*-N{Wg&X_Re=&e^*!yQ{)rZ{$rf|YWzGP2yg4_XE87))YbxGn zPK^5Xi)tIUZ4xd!;rS?9Udl7z84ui{>=&_gW8ksqYq)hH9_dld@kW%qRePATtPUY5 zpUnH=d9VL`v4Pf(1q>SF@JNBCsOr5tt^cCg$vsub_sF3DMh@A3yKQ;@6sE*gsD~=&@u*snkZF+8Blh5tB_a1YC~_K5Efm&_OT*$=7F15M2^>BY=T~ywd^W>XJH~h| z?k(O3-Se~fqUT)_7U@TzNkuf&1zB~IatP52ZOvvKP1De4pQwgPTAfyGOU4b{bl@h1 z3&97e_q48VE(S;Y7`N!L`UsnCentj zwR=A$E$C1YKC@oZOI45~T~wLXa%LbY>YM@N;gwJIj4DaU3Lh=`9J!oxGk3VFNU!_E zv2v~U{pKTaPUeAy_2LACq-Y55(Rmp*l|F1`ZeV1@(fceTW3d&6xHF)w4D{`ByT$Fwu6*l*#3+kUiI zjzcNNR;TDCI+yuA^iC`Jm=C<{yZC^LHbU8C!0LARL&tJAk@bcd*^`qZdH8SP;5KPOjV;P^oec7#;LSQ;{ch@Qxg{E< zwZ1qDSD6QpAx|1^e3$pF?b&};u?#u6rrYLZIzY7Nu=!=%HM{k@3n+P$# zUN2;#9n@wl(3^Fyl1nJE)|6*XcF4g;$8QNl=I`CwA5JFr<~sRy8loip()=>cNmt1m zmr6Y7`!1s6+uw}diJt7_!z(Z5MuzhH#1P8Z@9=8jt~ds|L=h7=qT@w{q6RgY`C$Q+ zw)RnNrlrRDG%E^e9M-A>Chd2!nl7N@=@z4EHQXHTlCj)>>J^@*2WKU;9UhWW&A8=y z%8Ume8y!E}?etMz**0@k*16@ghwF;%F8pCIvY|8JapGXJUed33zVek$F{jXYC@hx_N)NpdG-r_Y*nS>e}0V@~-w zJxKRL$Ln8j&D$qs#VjmlddFVo{~^Z`iPwv_T&0u2*3@g7{0SXD%t0B#=;9UMeDXnJ zUhoqK9Nyg1L9XnV8haY8x2-k?(eVRzi(K0w_4;e}d`*`Qg*x)N$D?zs$q%Ubc@b+p zGw$g4QymL>kEBlDiRT?%@+h(nUXj}SP=7$`;AgQuOA)26h>lO%pCfV}7LrSpp(b!b zysdhP_nwoTbD~CC?d1*c!p*bjcpR%w*jQH#;&ZL54wgv9q*$IGWKs8Gx~9$-M%I$* ziT{M3?I<#_M^>(M1VRqDDycA-PdFYV&pzc5&B#8K7|2G)<4v5?(j~)P45)J_8wh9r zS_6qroXSCZCkN=6W;xvAK*z(LC?t=ST&&H47nC^o3DyPeJ%H}Q2+L=7YZj7n?R?Sk z1T-lU7x*?rA4m^i7uZdBnMw3lY$hvPSQELqjx=6LK*tjjKJ7-HTFgZX(OvSMj@2N; z3w@}1^E5X_?ue{52?g;__^yrpj5Jo&*6v7AgkPe}t1pQ#0H@Aea8~accdz*ubUX>N zz4gN<0A4*RnQ@2o?>XalDxmFv!v5DiK~abb_pHN?|I!Z zx^Txwm-!wI^8;c=&uZfi1poaLRYgN}Ji6sS;o;}G_6+>t#$5I4%9rK_#4j3bIS*aP z>9g`%yz(-UG6kK#DDG1IRw=Q30mU8vi%kOMR*n#1N2}HhD`%02Y=YvK=y-AYm#m_R zl#wGA_?WY-))Ja-TKJCEHQP9K5Zi{!=9uVs*}klt37OT~26`2{R@31vk5}D&Px}OV z8D8}ycj=SyLB}hkk99|8huYx;R}&;pC^Ya1R26OIaD2H)r19#FA5}6sUgZU@4d*0w zX7u~ht}DE+NItilxx2mM7z8#FH08H9 z4{Rphg4>9o?TF$kEGx_^y+#`^tzmxKd7nafqig`!}wNJN^cFv7XIk~D|EcqdJ^&_n_7rL zzOwCulj&bNNm%@ex5%A7PQ7XB`D*8fj`wzzsWE`Mz&AciXQlN)wmm-8*n?y;-L6z0&g}L?%d{F(WbKbB^fvD`x4Jx2d}sLtbe& z-%){iZLG10+rBxx{o?fGL^73hIXXUWSk-jxM)g)=d2uSt#m2E@_+qTbHRTk0YH!wd zQ>8j|eEg>Hqio>C4kcz@ZxXIU55}UTbgq=hQ=M}YL9gw$Skdu`SM#p)&*3xRJn(Vo z;ab*R8j@Pqai5RfFC8Xo3R7i3$7kFevTM8kl&aCUo}^AQ`8q&F>Vte&sE~i&zJXZK z>vRDNk-?37qt1S3RaGzh;@(5Y-`fz-Nz|%1D9ywT+0`1X$6vIZ-C04d7V@M#ov>6& zM8}spaePR1=NS65;bal}=F;WgBsF`ai6+a!pJQ1MN*S}D<&zNn{Y$)Kow;W||eXV=i^VN|eMCgU~hC5%f@Fb4xIEJC(nkCNxCH*RBSq9)sJcR z6H@Oe^D=)dpsKTs6N+v5DgJg)Hy2edbB8l!hvS2{@#y#-*URy8L%BCEm{3+HH|wga zS!;IC$M;F@JvAK;o-axKs!p}jCbQdeQdhRY!PIy}Wbf3LTpv1q zv}Yk*WXq99G(zEjmm$sLe$j)cI^Ki#Nm*=3r3Ngr^q2aD-$?N6l9d}pH zG^*61kjamVjTtAC;wSy-re?HJPYfYrNJ&i?I4~T_2;Uu~yYB%}!k5?MZ0RsZ=Wke- zMK~kfaG+{-|G8MdYz@_l^!2^!jN;%2v`hEws_W75{^PX7`Gm2DR+1QW__Iv5cmV|D zFnz0@nAz3XIGC#dI=)k?Qi82CW6RoC*>7CzMe4g!Gv=N`6@g`8Qm;1>^HJz{Nz531 z8G_bBu~tLJ+Z&s|Aq&Xlrzkbr7G~Bfcl}JTs|W;``h8s0;_|kDm`c zJeKh9YA1^8-^J^=-~XQeN9{KJU2>uL{9U}jz4X707izTsPPssS-}F^f4n_gQ>J$gz zJ8X3AwdQ5`v)+XPjEWy8;9w6{*gHv~^0wlkLgt0j4BH9K>;USh3YZRwkMqC# zo6Cp0nfdce(s~Ubw@ao=vLgMwTzH?hMnwltUqIAjN8tEK3UEj*{X^ACfHI&4uz)Yh z1_D0dNf8IY9i(&s8}R&yFW`LiK>{8>Jo77}T)KleGRj-!YM`|9sLG{jHf9$-;@8ZI zmGLFj580$S0Gi`^51B9i>hb@&488sl8RDSjPfp57!#kmtQyj7Y%W=Jj#K&X(Uss66 z0OfN){rIM zxL`5KE$L*7BV84H!fQVmKtx|&z`9eDOjJ3d#<^GrmHWcW_^{%UobMw4de=BBN#QSK z_@=tRg>SNamjMo-{sfQewLOx?7StGm?>86eebO5(BQ*D1+dfR@^x9r{^KbKgJ2z5;K_=)u{=KzlQ5Asc$JQc_ z>U{}Hbu95|0A(#EAjJYotpoOv@X?jWkuA9aTwn`Mfh9^H?Q}F=9^khxSfT))%<=&L zP^Yy}mWHBOKs@3IuLkCVfCRt?oCQ$l_P)ndltid#ip>mxu>%EVq!hdFQDuLUAO!S( za_6`Yp#i{(ialSKWUhP(t)}h({n^?7iPjuP{4?4Zpm4uiP5y{sAmX>A1j^qY7_L1O z9dSNo*q_&_tVU7gG~Nx4Bb%`fa%9E z6gnEijej$SqTooVf#ZSlhyVA-kPzh<{-Y#^jyf`wzZ~R$rn$c!h4VS$8+Nc^fg+SfR<~#G=@~7C^cUEj(O+54$3K+9V02}sagNzF4 zsPy9?ivlRu2?t$>!;z7BgC=GN4yz#;=4`=S5iGxOROSHUFrXB`oZnaHyE@#rII$r$rr@ay;M zn#&r=2xJ=up3vWX-Jl*B0rL2>HtB))Q0d1uiG6F60w}!z_%Q-M|7}Z96Buw}8isP# zP=Ki*9iJl|N3GaKRL*I-A%FOk6*Cw#B41y4`Iu+LN#*u!$~$g(_?<{MmnG`wSKo|P zKM$YIDF&aVc`s@OW&pr~;`Dop`*!)=fnk93(Q*Lucu@eMCOI-kfL%P{dY#9?KOZ>$ E7oXGm`Tzg` diff --git a/vendor/github.com/google/go-tpm-tools/internal/test/eventlogs/rhel8-uefi.bin b/vendor/github.com/google/go-tpm-tools/internal/test/eventlogs/rhel8-uefi.bin deleted file mode 100644 index fcca9f4388871f1a7595b6da3dada1b54016f676..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 34034 zcmeFa1z1(x)-S&4*qctJL8M`CI;6Y1ySrPF?rso78bKNfDe009DN&G6QX~yf?%u|E z-*@w#?|k?9|Ic&obMLosvzTlB_LyVMHRhjdkFV0Hdmc}nA&+yzwd#@&B=2RsVtswqAb+hI;IQ564tRSKoTGgWkUyG5AXnZ0lWd`04Hc$ z=11EZ;0tYg0IZ=$d;pN2i~{if!Re#ePZI74AH`C&sTg`lJoxOZz6SyU_q^T|EA2F9 zX;+d}Znuq8Ya|F8yxv#gD9YZbvHQm03IaS>l?xO<%W0#6g8KaA(J7Ra2+q79M?mys;_wfm-govNj zQHqsdg8-~=rUp+n=LXLnnh@@rR}R*ZLZrotcmvuv9WK#a!FC+y0JCol#NnTNIr zYp8gjy_&CX#=S_J!Fz%QSj$FYiO2lK6qK7EnCN;8P15Ggn3AXleR+# z(o*|QCaN!Jw)7p^=e3?ggz;l-gHM`Y1*sgqOYYrc#yl%bC^)f%-4{a=!6p4tW?7%vh8Fs z;84VKa45o?0whEPL_`e0O9jGh+c4u@FcvBXbEI74CoBX6APNAC3&941P?5Bekw7Re z*1m3zU`i4!2tSyg6T%7Mfk1c+el!I*!M~b+^Nmmh+CP&;Kmj0yBH#d^-D4t#A|L?9 zT3@0Ee0FxU+$BLAu{Z^$jeJku$O~YVo`^uu(2xtbki6Z6RT@)w{F-2hcRR>F<4L^h zR1uvkcdu&wBget7L}bs>dmbjbMWskg*wf&o-Cy?3?}Cs}tMwcP(_K6l(%HaVkloD# z*UlMNAX&x~T?)L-ER5>!@NwOZ-(JN zTM?j}@J&70oG&lv{$`6y#z&1@$ww=4cPPd?1oH8Vw`H+pp7E}vKFuhfP}q>6(^Eu5 zLI5BXYl79m6wr~Tz(yuUCd^g~N0K<U z_Zp^eKO=Y;&$`f2bw5QkD0D~U=Lp4H_9k*v@E?N-^wdl@C(qv_Z+?ThN$?t@`ZNJ6tzeX@U zTotes#4n2{8FIssOHFsf^HEt))a$-=g-g$Sif9;7Ltz-a2D|oAV&Ndx^k5F*8sSm5 zek7jWRuOmfhT_5M#ap8H%_>P<3qIT>%bE1f-&U#|SC6vO<7!w!=s-rq<)>%PR-}-= zu;t37e<)f-Rw5}iHaHL5C~L5{nwhSf4eERt6KMV-R-{J_ZPZ%r4WtL zu$C3JyqMqB;p{u_?FY4P7+7)!;E||eZvY?j6Qv~%o~?z~=j5`!KWj;u$9TKmja*&@ zCSR31K~>AKdaNEa9HE*-9Xaux<8A&`X!pU+_{6EEgM}bavUQ#Q+jo>NbNz&sc?~Dt1 z4;O*ied|jY!JR953=TUVnX5L{=PT9j%z95QuxI>*H*>9p#+aD%FFo{&_G(fO&v^)f z2NCx-O~>+l#t$u1dusi~!u_LyHZ;n&^X{S9ClUSBT%ic6(2-IEzY@2M5m1|BuMK}4mN^)oeEhS4ArUyss+lCigsRJ zZh{;fmL5**&c9`u-O|;W!_Cnic9g@-!_~^$(#w+rDi%-~hl(y#ZlOX8l~q%yFo4;h z|G+%#P$<|86&-q^C@5$M2*_Gs4Y1npHW)Ed>Q_g;zP^9gk+sKvqX#dz>5CK!9n87# z=rh7}Qp6X`cP^My$w3PR(?{DHHsv3Rn!N8O1D>#z_!#W^x3uy(sNci2I)7_*jA;A( zQ#qMmXWK-yo)u_bclbuJDa!n-!72L*IYrKvJ>wbhS@+qqHb1mtmhZW*xOKw!LtoU0 z)4M%%-1(l2vye%(^*)`dff+=i38o)yTNjD*`wXgNzc!}t{Hv^xN~!h@q`f{-G4U7H=Y;oOZ(C8iG_sVV(xHRYFITR&A=s} zBM1N(ZMd-@D4Z!>+_5}`ZENlN+xL`(o`Y>x&^Zh5dy4(CX}6&J>%J!{F4Ss${%y6; zXZwH9L536i|D&xIAJhTn*dXy(BmFQt&h~iOkq_=2G^#nV0asF@2}zs{x8-WQn?8&vQ7YUB z+zid3@bgs$)pefZ%o5Lbd}S$B=QlpPXnW;{`08pOlPvRP*s~i1JI&qq#O}SNVq_Tk zdZ=SU{w^>*u=}G_gTKJma)U*jau>hby4@|p5v~$+zL$FTCbIztJ;<8q?^WuUqb$+Q zT`h_9cNAlpp87bblN}gt_CNdmLMWd^HtL==msA3UA-Tp>_-YlXWAg?vljl z40U@L|56p=@{%??mTc~StlK}apMPuJc+e%Tz+)4id_dK>c6vNaGMqjP0f+eF3=(7t zPn<*e<@5=(Pj>XU%ZP!YPmHTWmxIH^QIi@ej*(hVZW@yvsU?4TsvR!DNKW0^P@_&b z&|Q_4K|`MW3g^=IQHEzq^o!0;jaC#jtX17d1?C4>Th8=LVmKsX!xO~{y~?#Y_!Q_` zNu5I-tt`UwEL5DA4m9?vxx;}H+?TwlByma9V%<-3=)D=nN05roji=x9YTa#BYnsKM zM(b+#T3w+`3VwM&ddfja?8x!PCcchtYbbp2V7G@Wv|2}zl8w zwpo|U%~SuiS+krqWWNN(eK_w~+cue$&8DmtcA`$u(|qFWhR7*9kz~3i4wEFch=jp} zP*d^3Q+BMi2QyCIo6Yu3G?8D?rq9=vryCKL9d4X82!*KW zlyS0sFN*mh5y?QRT^RbpAonvkTZ^zvHj|!X`1YoF`b{H5(XGsl2*W!fqV2N89@^{l zwDn8(-Xozh7k{Emmgxgv&EJUGz~*7FKyoK4JDg%DDA4CK`^=yIY|YQ@bDL6RRQmZ^ z4Wjf1>)z(#Kzm|uwA9?QvJU+)J$U0;%rWW`1vUByYhXy_{=kaH-0|7$>ApG1AZq6TO z<7blx)&z%y|65pP2ebZUmHrP_b?sfOTzx&M)qXm>&^V4-?Y|rFyau%wZL(u*ydU_K zY2N{$>9ptKI;=(>)e8QA8rD8Q9lrEwChmm4uCk<>Ex^Jb$krvBq|4&4dJjPDsEJhO@59#7uU7Bt$@e=f@ z&NI}satev3vc4S}_uYP?rSi!Lh#Y0zC`nr0u;zTjci-UFS2?8LmO~P1IYj@p8=05SQ)HX zAYULGDgD0{@Ib{ED!fpc{Tb?jdD%F*euO#(ze5{nsG|Z_0xSG(Lqi>r|6Zu`PiX(G z86dn2a91z&?{#T76cFjSqk-eXB8p4k`Mun3O0JAsIW`mJ_6LYevbq2K6+gSQ<7xL6 z(qyLX9atNQE?EvjB? zIjMp5%Ju@jr$1InJlzk7^wjOupz-83I4O?R8Ae`4!#MaHw=r=Vm{{}i92kp!Av!|g z5v2KS@44mLhA_msE@bPtYMi(vU%0$Jw^w2+Iowo>;womhjY2lrwa!yTJYOu|bgPiL z0WZZfmWJ`;#2ZfmQ;|v|v;9>h-11qBozwHoh~^;mXdBrZ2}O1I!XeCdD8B6}N*4E; zd(ej3?nZGVVJlkPeX#T5azcS`gsnt3fc(4g$}=2;uk-y+5hD-{qbVS1yU zlj=N}^JASxA={gZM#y`DdxWyu7RYMZf|^T5)BnZKX6oqUOM0Hz z0jc!SM68jcNF~y&8!0oU!Zu<*&mJAfC^5E}FR(y)S$s-I|}3KdKw-%2k0p>04q!t{?c< zAjjm>&8T3TaP=Bg{MFpjfD4m{Ta7?Kc(J2SN~>pr*gcE_3|h+8Dw8qwkm;|Rrl*2i zVj~^7Ab>;!JzItXqIiX0;?{sl+1kZL*U>p{-%4#m=NW zX|6>Qu+A#9>iNjJ#fIWcK4t7n^P4Qj{HHAwtvSympGju7rT=|ww*e;G-T!57gIxP|5{f6Dmu-ySY0_hT)Qd!JM$0E~C63s`RAQ}u#l`(Zg6KTYJfH{nEg(j<=b(7xtMK2RA6Yww>dOBG8~a5qSxtoWIt_E zNC7w`@5iH>pAP^K!GNF73+Q3b3w~>DBqUVKUpYEVBvhz#fMFIXhY zG&p~9^9cV0B_Yb>$iQecfzH#Kf~fTkt>e7B?MU(9f`y7v(-)*Lv5=Lhhj&EDvDEX^ ztue#pY&VNOmnnRFKR(`>zJW1g%tlOxLIfO@Y7{Y-pzUWiQW>BqUSHE_*gK75S>YEj zzKAZ=u{LE}qozLI;YVuK{Tz>~G1MtQvL@a%~Krkv1=Vdi}Jq5Hf3EWPD$w3v+XGyHWqX zP-A>CSrc_}t4O$OJPn{v0N(9=_Di2U{Cj;84b>-ZKlKR)7P)}YR0S7XO{d z2NIxZxjNZ9L$%1Shj^F-D3bP`maY&AFxd}PK|rWu@8RVQ)gV6-2tU18aWM6dhkD## zE(jkt9~ZX)DGn!CKmZIozzY%J0vmuu|3MP;i{!7T2S5;-xQmy$hqWh!4C?Q|o(_QU z|I&%3w}qtmzns<2lq08Tidb&sCu5fRWUQrDB#5M$A6o}bzl)|FM=y;dRn6o0 ztVn5>a;T)<`zgrw^oGpim~Rp|Z%ZZ=9hhvzhHdwgcGlipeq67X{y0;v+a3ojj`h^u z(4D>P?N8cO`x+`QXH)OTQY5P_cgM=I5%+~-nGk_DqYlz@f9_lBM3nm%va7RNPrnd2 zo$gVu;+hbe<6*tteF*p>Q=X=4i*lgxRo64sBiOetmej`7nE%NmP;7ddBJMI80HT=F zEVf|E%9(1^sK~gCh@XTP-XQ&$I8Wp5(T&-Ws9ZJA7h^9!%^KZ~u_!r_-8+-4B!Bn_ z;3ihcb2RR^J5c}I(+q)*)cqe1W+-rA5B6Xganv7{;^#a^2ctp{!;>eK2()@hR$kY`mJo@1!Dc*kMncMsskRcsMamL%eZB$~i#U52_p7eWs zXjK*M2lF?HZ?ep8sI04Q;pC5-LGFJ0shTK7HL-qU?0-uW6c!L5z@>8kc^xAwEtykq#cUly|Z)ieX zF^X;499S~vbIg4~a|d^(+}o?;KhheB(2qIOvYTgR)aJ4)>oo`ZA@*Uner+&hcyqt# zIf$^zb3dz&$mHN)tJGW6Z_RyzV(uGm*<)8D)REJvpaQ_K?}^XEt+74fEAl;4A<$vvmjxSxgv*XeMAlp;o(8XHxl2M zG=y*UUW#Soo%?jfw_E?zI?(wDeLnmT*8l;gbdYg>xSbUA$S_;-hZBMDr$=>Y!EpEW z$6V1RD=|}I+Bv@OXq5J9%qgE#)Lt&f`;FB}m;y${ZJG}|I>v8Bmb^#Dg1VG9w_}6@ z@g$z0;-nv^1W%rIU06Fr<_P@q8oB$u49QTdnzoJh|E*Wn}*h)NI&@ONE z7KeOOF-9US=&c%fBlCWRd=md<-nMLBT0G~t)Jv}+aE@-N&Q#ze3SQ&s3DcKXxtcSb z9Mulqx23Jx+88sV5?em{>wdk9eMf;mwc|MB_&wv)r^W1>CIXL|tb;pGmhnZ^d~BKW zr-7K1QCUVFuTBuW6kemX`Rq7czNUR8gSb$OIdDMKfx}YqDxoXLwYsQfKv_ZdX^&2F zGs$h@{vIW@RI#cG@h`k-l8jEYKVt^in_Td7CAe|P9@2${_${T3^2W3(MTy2c=LWI( zax-Ods#NQIOnCemM_BRKhZpmyI3A3*UTq>tbI%w?pxts5%D7+ULN;+19zU?OSQxoJ z%!X0>gxNKS-7^YH#Of2P3i_d~ze6|Yoo`Pn;i z4<0%)8L(iY!sGiYa%8YdtO|7d^qj*c&Q5F4TW|&Z4`MjI*ghU;f^6XNdKc+84>OAN zC7)iH(&HAaif$_DjhJ9QLyltdwyVr?hsSHC^c7v;(IA#RpB&CX3urs45Zmivt7fo+;c zR%~7Oueb(_nO{fdn-P2`W@qI*8r^b+$1@G?X*AvuER17aJa8#D3pl*<^=;dCJZo>G z<9CGN3R3X+a&5+)fkIr6#p8oFIiEacA z6C$4Qc-b*@bB1-)oX9mn$3xaR+|L6B&W^8mY3%yQST~prR^jpP$H}fUwDN&k#WEI^ zx3VsWajAWA&Is&wHkP_Zzgc?2<3nEwO*EdPOHSlv^-V{O=jw}(3vc6M>$$Ql>+tEC z+QQ>w=jHT|GMdg3YM-P79n5X3=I=(kB*~;%k$BJy=u5Z4;}a5#VkX~XlA~36T8}b* zP(PTxbFAjP9eq(fkKGk4M-Gp#*{gx5GvIq3WISQF#S=JyR7BW<1-WRmKl5Q!yfi3; z$M<7&R>^u-FTP5BLfh0rdJ&&qD8ov%Q$pNo9Lp8mdkK#pBWYtXjxRUACt zO4o1+-!F%quv+Jwn@XeB@iXX)6u?j4d*`DHo7I9eJYITexW*fEvR&?yPvgE7{%b4c zn#Ghm{VH?r9wIC*+@MAl@t*k&v}*( zD#}~LFY1wgcNt@4!+13oa985R7CzVg1g3uAHGPXaXF6J(S#v@pvVFc^qgT5v>%fRf zef!e=oaX+dd>aQmeZ@$-(mCsn*U0b<45*+kWr6av~#W+k+9bH-e~clDDhNe zn;9leB4@EBXv5>5ZlQAHbUErqW^tvV<=<*{EU`x0FiD}P<7H+Z-*JbM10J7&oR2NeH1^!B)N6P(Vhs!fNy5NfK9xHcab=ia?O-(>SDE9Kp_ z_=Zoi$pj=cdSt|#QA{Rr*mPC`Pyg7rRyB7eC3ZW%*r?~J3U{^=a!r;sC+nR$d0k~* zwQKeit5?Z;@8+RS>ycpV8?*KO!hUrC_j+>sQ>SxGtz5cm_Bu>2h)UfXiA_1 zp8tN0%5XE!Rf7rou`*@HyBJHT;Mkkidm3UJ{d+Ge#;)1-qezkAmQ&I6YQhU(oPxdl z-FWN$4rcAOb_r}>miUzvc>4E7Mzt&_a1f}P&`qAT`A%2Og!PLm=$hT>Avk8;8}Nt6 zZvzC3pJOBIhHL}W{TkcOigZ7^5T($R1?ZbPtka`@gU6FMuDm!N#-DuLn3hQ3{+%T= z1!ohD#&t=H(U#3A(32P*FEYU}`gC84e{74cm7)Km>57rQAfL^vY$X%PyQ1fXj_`Q9 z4>FuX&&h3uMPgp3?S8;dC(7xPZtNXmyFVnKQ&b=ck6%}W7-$o_%L&INdp>1*OQ!sG zkG+!S<~O#7ko+?f^eK4!`(B`6W5|9qG}~9o#22!tXmGPvHTt%rhTHr7#wYar@c6*0 z;0mH)rMcRD%NXP(m3q5!ZGZKWmjZR}U`A~g$9Q=Bdpjy32+b~~?I*>Ky77T6L^oEl z_yN;qV>h;o3c03Jc>K!PowwcCn|1ZbQL`QeUuDmFU3H7~pWkB$rX*CUYU_u`BkEqc z<1iC%#ys^(>-Ir@JYHeWv{?SlZl<}`QUDoZ438H~`S@jvF{tQ)()~0b>rIolO51OT z!3vuh)dTVU(s!=Oo4h8#AKNMSSRJdfH1Fxlz&w_Sg#{~Q?tSmJ;s|oDEqMANu|WE&)7!BR!NG4iP(iG16`%b6@uC7+V9xM{~<& zSE$DDOf~LavyZ_lJW7^!?FYicsjEicG^_LPly*Gyeq+6`rrtLvPwm$Fj$g-IU;pwBd)5h%VkSSAN zi4s|;JJbbc<+3^*u2;GZuJ+u>Pbh`QV=#Uci~B_Xj>2})oxl7;hejqFqwJ9jPZY5b zF}8Sf^)>vL*b1D88}V44pK~7vM(w-mJINEMT_nY|1($KOrzpbXF}-(z6mGjEvnO7+ zoSRgK8byNi9eB7fTKgPTm%Kep;PD{!g=E+MG(349r6O+_Mg6Y2YIY#1f8lEVOI*q_;`#2Kke3OQa@nu7V;WA2rf)VRb7)lyI1gogY7f z$CD+e5S7n)ZV@n+`_Xk;kiXMjt=UW*VgB)b`5_QvK1B$sb)o!k&Sk6T0JItSKpQbyoy-48Qk`0gNvtF?8 zHvAGNagPTtS%`*jyCl~&A`kOO|G**A&!LPP9?$P=Z?wuL?XyPqV(e`5k>9ddk?W^9nUrWBeeZ~k2`^GMep zb)`Z?`!rQgeRzIE1a5zPR%r0DP~5iN>TdWQVM&?|;|{5n?O{IgAU4Kp{-+q`ptF8U zU3$d^5TUFSLGX$Ktcw%&UY|pP;<@Q*TM|5d@rY0==SstJ?t6YkET%b_-fl09(jF_z z#`+6~we@GCT*FU)sQ2yWR3Uk7t$Px_#rXzwb`v2-$`Rr4sd@)}o-aIJI?7Rb(R|KO zFg+N}3-PXTqk&w*VTO(Ud(D54y&|)$7i+#mKJX_XfV@**He}}@!7;8mB@*tv7~rgj=STNlis08V4cbnh z@mk2|gXkD7D|$_@LyWtj3uigA8JX~Sz2vX7?leQr$p?=thXVzzxjqz}e=IB#rRtX^ z$Q|ssmd`P!%o%N0xR0o4r?HBt@3uZM?|M%A0pa1)LC~W3SoO8|+I*tF*tbg`vHN?? zh8uTR*2@kTRHAi3^3}F?8)p}HuKAyqROq^mq|&^s$%ENIMcn>o#&zN6x0-jH@MAYt z>RwjC^KaeoevEVpsSmP>r?Kk!0&9eGCZFViSIB@XII7__Zj1>+lH1MkO`tD?_*5s;3L;OX0W&YY7ob!zNreYn#1eG+CX`5-Igro|NvYkCOR zV8S*1=G?wJBN878`rH`gb#Ylrt-P@w7fnFWPC+@gA}gDw0#Dz0cbZdowQp>&aSjJZT@pJ--4uK8C%@?%diIEBdX)|01=Xg?d0 z`dHLr1fh~QAx$=OQv)!-^B-E(CijxgY4VeG&LyF~@`q%Wd35%pVoYGJS|sBn_qF*I zqwFWZo5YztmSV8&#eM=_D6)BQsxKRV%*x`}5P@(lA0Ce+zksfLbL$CB4}ql|9VZ%R z)}q~UvR;Zc)8PR1;Wd9aA#EOHe?#Az&}VB!M)56k#8-{r=CfOKg?*PJQ*x8n{HtWk zvx|YPyUlN$(xVB@sNZ_j`@F2wog2=_F~cVL&bAJJy(!iXC5Q4t{I?2PZga|QuFvb1 z4$CD(gPIKyJTW*gG_T>a$O*H$5)B8#1*-ZJEcc#$t^DSrJi5&xRN?z#c+vqLpYG=O zCBQs0GhT4#VUDq$O<-g+>-q4=%NW~|%=Wvdci{1vn`-H5v%$-K7FUT(+A;XCRODNF z5i?jZz4wYLrZBF_PgYpd2dUJZ?UX_7qtjrXjJ#^;JJ=S2AHUx_?k@F<*np>>ReBRc zO3DK3Bz|#FowX`C$NQV)-M5=FOiaN(=5!&~ag9|0cBZ*s7;owe{fvh zF3R?v~ZYs5i=a`tO?dfAQg+~V{G9x-sK1h%^q@~rx)h6^rno7}p?H@S9$&KL*V5lvsKxUV z{d226dv9s=1^({6YC;E|{U&g_)wO(S#jV*F^UD$~0=bz583nGS=k=AP&phj1o)mnb z@obE9f~Q|Cv=!4WtCID`u%U}fQ(msc@fniO>WW_d_XXRgLc>dV{ImI{_YwD`!>|zo z?rkjURPSXCF=5x)7zoP>D(Jb#Z6Ed)JcpxG^(*3~4<7c3#v#V1$@e zF);wo|8q&>PveYFm;(|TFGD9u;R#YoYIJd)%{Y$4cQh>XIOF zh=u2;PtEXTAGegEYLjHhF>V?|pul?iM8*4AF{;T1`C#rf|D>M{ZwNGL5`S`$^6i)+ zT8yST%&9DPm9^bJqX&2vJqJ&JFwd&=nZPDlp{;~QAPI^C>BJod*BKY?FTzmh+rLb;fc&dZw#6CY z@ryZl(@t^;a~B<26pCnHKigv2V5G|>Z7EW99lNPWT=NH(Y+{=jBG7Fkd$^l6J70ae zr4b@z?@61}%3N5gOigwMPk))m>>G%)NhxgZ_$o3PX$C#bzUp{56a91TV@b!aGS~7U ztB6k;!=ftQ&JAiXqCae|e49CZ`ZRNBv%N3l4S~JyIXwN+fmpog6fk*@CCP z;e6?yM?=`Vk+T~e{)kb!lGD{S=)DTIW^SO?A{Fm7{kf5yavIk$koN2#aw2rX#9@@&AxnCSUWsE(0;`1|ACk4fkmwl<%1N+2C(HD^v%HPEqn2($5>)7?3naVPmEaC zcAtH-`c%c-de*A|k3XTBGauN=z!ei637{xitQcK))4$Kzwwg5W=qqoUkPeSOO>|y# zPs|W9D^g{BUWS=L^QOl36}^PveZh%4>i3tfJ&zbhF}tH$!0+oKacnt=+?bacjzs%5 zl}!h=qOQHE>$@vFeJWzK_z6JXIs2)+6z zDmxy_P7u;)w!-7J&=Fp98~5~yoI;)&o_4>Bo4wKG+gkayV)AITFJCJO_WnHV6;jyi zSjd26`xk!ir7;=RJtfIRGzNM#9&CC70jr|s*~k?fuf%k3u=NWs$nE;Zu4r_~$8V$D z>Lz@KcLM|vkQ8qrWu0Ld7_1BY3;?Yzn)CKEu_WqRdsYW7)rceH>yb9Lx{n-Qn!T;g z$B+5=>!np#B_9BEaqzEdK77%O?ROd4AlOCcH0<$7vIk~wNPqxeT#3pX$-Gt{y$5v& zvK$hrS4%=O9hy+)?M=d~-+P>a0LS5}b5uoJlo3K5RTld>msov{vH4);i!OejvByIW zsY6mk7%h^5`|h`L(YBVe+4!No!k5RvfF6TwzgCg`qk@krw4RR@w4#p(j87=Pf8|(n zg5-;R|D^g6*VkzfY1N^er{@e1fTk(=bbY+GhA_WM8ix|~a&BAwl_;GB;>(_QPqE8E z+#rCcaUHllQRKGl=vrh6BC>sB%W6%n;77Uj z0@^n`$FNFLur253?jIaOU*m@UaQ@)b0-yoq-3mYrkb_ou@`CQA0WQ!z?0VdwAA5i& z^lxf_67(+@Xek9hC@o|J<{#e${O;h_%4{V*k3;b7LYe4!^xJ8Ecw&f%$jICPBPc}~ zfIM{X@uMfZAN?3X>DobQIzuV)0=NO}&~rA>HUJQGg$y@_v?b>sa?W2BQ1CFmX;$=V z3cVy{0RkXd&ndw;g=Sc!;e92Y3dx09C|yl5lk86C7^d;O%xNG1U3Ec_hWQZ(cR^>O zj1PvzeB(=>65^xpg@cNNI`uP&RiBXWzT2@KNSdjL`|8!3?E>xnpN*l&-;N;|fC0VT ztN?8&=i<=ua)XTy8X;h$^I5>&XKvLeyCR#l*2IO#sDuETC#*7rK1kAGF0sw0Hgu5d z*GX~kYP(;Y1@}vK6yU)e>b;F+zEdEeyw2JWk@f2N)oZ)>GimC8n@E}9N*n71=86RR zfa6!ZAi%={*89ES~~%U z;-iQE#dSLU?R7$a+!0FXb^g4U)X;iiu=-WD&>CSd=}?3I_JH0|n6$uT2PQ#MKU$8^ zv(Oog00K;jBmF3dg@6E^K}bl5=s#$}MnR9BDwa)$k#~_AU(q^KwWYW_EV4-|T|eIk)3?%(e>t7u1qD3GR&0 zUM0<)oS^GNs9`JL#ogSXZv_7+N<(eq;p+TjnF+P38>~tV6#5_5iT^o`4AXM|x!!+T zq5qUMf?fB2?%JX2mj8pj!|dLF?%H8q$Qt0cP5|M=>#U{vR*jnp7LR7$WKj&!Hv$4M zAyLFQRX5oAE~R#S$Eov9C}_#~7RwE`JLRpN5k41z0EV3RbJN2y$g^@-T@cPnJzgh1 zm-k^ZXS`opRrqcGK1KLr#zx5y4yqk!>>W11X17Pd?pO z0|FB5ayQI{I!m73Z3-m;f8v}lY*){Lvli*4wbBU!3~i{tacXHUznH-{O^<9q z@z*UlM7z7@H%(%y-_7I9wJ={6j(9sGr(E(A@BP})VJm2S0`q3o#5J^F(Ww!XixCnH z7MSINp8By}T?N6MIsom@Cg9Dlc60I`^PRU@;)(0}I|oeqD?dO`Oz^Ky5@#01?_-Rf z%so_}XYkq-0RBSP@8;O|)RO7@r8{MFa*cmn#8*RR;Y`A0kft2XQfjUZqjS7$E-S7rE74|3(e|F`Ts6B4R}M5x zKVd0-Rb=%kS{Ln?N6SiMnLP#q5@H2w)Lzc$@sAiGDO69~(~8f@U~fq^;dNQo4AAeZ z0|A0R(7SUf=yoO3CD3F_$!{Hljg+5aka9Y!}(}LzX>WJlRD1#B`3>`s!?Y zjyrX(l)Se&x*#HQ0|e-qg4B7*=p~insO$?zP%k~2qN3peKGdTmI2|Y-!XGuc^L$Kv ztkO$HTT(JVu>PGHlm*f{${(UJj79-%{jtH)Td?iFO3&CrCm^hH=HI1fet!E$kp3s9 zyblLENOD!kPp_Sfv4t~S*FIG)1qeuGqNFK9_);jbuCqF9sO}(Hzr#esUc0OLttqs|6EAdKGCzceix;}ql#3r)4i;MV`bYEM z&%nQ0raIBKD^5ZlQW%ZVRXA7iRg*pMQOBha<3q4U0q_)n!#f-%eqJ#`ByVl?vccz( zUJpCv?qnLjqwIWJ>cD5fd*4!B`&IG!{$xWo>K?BrNRh$KCHjXI(NZQFVspMkg~$;P z4^Ia3PjGPN!(}#YR&G1YFUGpaD!kZGk|gqaa2J&`evPYZ>$8ll@Gf?`P?zxQxbq-z zytEdu-=ba*8 z<>ss=0y5`XCsHAI1&qQNlE?2!&z#lkXK{zI=QlZTAS&K$m|0;ezMVmVfV!z+?}s`I zmXfOT_8rrz-gKd*y)wQ^Lj`@w7JMks0t%Tr`Hc1$BhK|JJVW%hoPF)W&dperK2`Txy*mQZjMDW46X^@eW_~0s`{$IsHg&`B?pU56e;O-4hO7~=K|Nkh-S2~M6I%J6HLqbQBIm2O(=DRmRv^HE6OH;aZ`QrbUe=U&nQ7^U zj_RSx+XQ@S-c@YwSPyjatI0fSH)r$I6>lfAJB-P~4E{fuHKe{aXwxoyRCG~c(lhg? zY}qy-VUDi|xj?`b^YhJQbNM&qkX3#u!~6FS9z9s9eaJHMBy&lAdS;&s1o(Q1h3r0* z>8pzwv-qVPxZ6r_;+sj)n)%$M9XMWZg`#hI(#O2V{IdR7sjSZA3P4rb%z2D5W=vP0Od zo%l_;*!}oh9`64Rb*mC9o2$*v; z=GVY{TBI(8!-rb<@r9(I)$R%l&IfJ3h3#*)W*#6wu{OB_!!wz2OI2rP+v)C4y8;Uu zrP=Y+8QS8Zwo6i)ywriKmD}%M#*9KZ@L7-9V1dd%?yB+~uD);O5m<<=*?r-MMjlapsa0Lms2DFW#uFJ{028;c*^B!^TX3OHU5a2Qkl z1v#v)2?Th?V*T{Hof(*z$mVEAxAA28F+v6I`Dywd6~_On?n(opY}@v2UuNu*-FV2B zeGAzVWyu~Q48{zDVVJRINm8jHOO_JKzJyAa$QlZXvM&jVLWL|P^4_DKKB?#VmS27T z%-lCW4##;N=XEaElEgrnapmDBsQ97s;sOsi!=ODKJ>Y0htS=s% zFt%YLygYGU9>`q)XQSUNl#9kSE>+A&o4zk7t6AFuGd_tdi9JJAUxJxUBo;=-+j`cM z{kCdeAABzPhBo}P`+FHE;G=3(UV-tx*L*Zhc!Q32O@Z3-GixM8w49jb0omwVhG|sO z1lE=L{@0f;9z1D#x`)`M`Z4r>0QB<3|F;PLFkjJc&#nm6v51&H6NpItn4mp#-<=Ku zJh!jYZ0fLc`gxorDqnFdmITf_%Yo_&^V&8c~|N zOsTj>|M68#l5&>dZt^A;S8-OKL+w$9AC>r?u#!-}&i;c5NjEwtqrx!U z47S3^wv)z_Zd|_r^7TYI!?BJ&ju@QUE|!?kMayQhmJHU2E+vDs(z4A@7i1wo@%x4F zqWYeLQRHvmfA!+O+DAt?GHIG$$)+Mh`DW1ojM-H1oih}N*hoj06zB-Uk%>n4pGeIZ zD|Z*trWtBIQ7VdHv>Yi$tUgx!=A3O37pwOOZypQv4P#hV3Tb*ZuE&Q^=Zccl) z5_I!MgTU*P^xaLvxn@|eJWRSEdeSK_n2zK@ZfuNxLm7?d{a}TMP{57L=|x<#ut84; z^^#}dnb7EodU+aZeFuD^;GHx5UphFcUU?^BGW9Q!n=j}yBoQc= zUuH@Q-UBT%0bglDf#Q-;^Fumw1zo@D_$(cea^snJLIKZ#%{p! z-3_BeRW#)uWqX8b$UA=@!?^;McoLdGRwxio_ini?Jun$>t-9{AF3RC3uj*u>!!@*c zx}NkTivI?sxm(7)ENMhOc8w<>2C~fX13Xg^9!-1c0mEIp`0oYt4^V` zF(bxyTMyG?4K4~fvdv`f!IJT&2nmtGgTqBqQfYKgR$E6iRc`hE1nE0X;IPNT!B~73 zO93j+?|o$)RX;D3)9vms!faq!Fa*XpuZ0|x%Vwz}u348~TeTOniriurF`ZoXj@LbF zqDB1?EZk06e*yM?ie+c&h9nvvpT-oL2O2Rw6A&DB|kn61d}0`-T@H0BHs2GFkqL~cC|avdontwGt1 z3P1p}$UT%E_829a8G2rXkkt^gWuB{*@W7m45$8&7Zge^nh{sLDtm2KSx=*C8KEmw3 zU7E?#Wp@5A&a&RB%jPRb99!Dd-+i>F=eOd0EW&DgMlW@z#c)VRAA~Cy(|CGGpgg>= z*g)_*3Mb*~i*_bPI!L@4kwWk*cvTW!!U^q#`$6a5FTrE;etG8v9)pNM;vGHI99+ED_bAT6yRi&U0#Ldos2(I2QRo@(XSEp4Pa zS?^UIYQ{~>9I_-Ug8&hBgFI{zv;;Y&?uYs3hbuJ}K!9iC&1O08!l-Nxk=WZ=mC%O= zCUe82C^u|_CMy;k(D$G~8f`v077CZF;4_U=UJ16}8sLeDy1sOS>{^TefpqQ&T+DIK zi;Kp?*zg0k`9n)ur~jAAB2xIbh;}MV=I@s~l=b7?ZJ55;0r+V}>4{Vx^`?wC4K2J_V9-O*rkr4)oW^Vq)(6% z$LX^QG8lK7>98rQAQ8s9s(0)B*~0hRcSyyQ@J5=!WAwm_NNFeX+P? z+IN6|l@>Pm-~xa1C0Od{6YZ^O9S$||$95Yk+&kGJreMUR3+{?`M#8<^f5~<>9LgF_ zu77@8>~uEIaO0IGjkqZp1Smps*b3{eHTtmZCEv=xB;t@44rVX(AWv5&h1#$zV8Q8H zcJf2G@s-tGx>^1qQ^Ae$?Iv1vm;CI$ISw*;Xbi))tK~JFdyUr(^ThmDYT16hZoAtmoJ@Lt- z(QwV3Sbx<1VCI3~k@*;6-@z9PPDEfFNIV!>0z4ZT;}1r4uv4@&DF5x>(uV9}xyzuh zjXLY2_ujMp)xn?Zlsa#S_d$S=Cb!6zrK^`NbDY@f;g}2H)6|tMOfArOK8&px-skZg z3M3oMoS0&Je1U`UCB_>aVbzR5j&Plo9oRD_ZapU&`FXf+o-bxOVYO`X^P$r$W$vzX{M}b z$FjOF5^_704zTNgSZoxs23>9-)3V}hd-&IrRLMWJ9Q*c)CITrDIb)cQX5;5ftcI zdRHOki4+PS3F&D!8H#bSXq0nryN+F-(skNX+k~>G%^mc)eDhV%$q)0lLJ-G)n#{h> z^WX}7`0psn9U(bK`?6Spq)x9jr=GU(aoqW22(TR6)@av7&rxD0U^k&BoO3?q7>5kW z(XBf%@5#okT8==0t9|e*4MT6*mU6Ink85aWxD3R^DEuV~E0VT59PP;$3dz*cPF~&n z6<=JkF2%PRxvO%Ghq<5vz!F&?(ROO?NF;Wb=@@i;OayNjeBovfYhq7QWE#6PE(igd zEXWc^Yvv89jA?cJHbtvh$g90qdZM`L&Iw*lyV|l01xjOz2p5k{QGS*&FD6N)y` zj+Q^jE5Fn~8V>9LlY(HnAL5=4SI=)K#D`!q#z{eIkg|R(I``C%C7=H{gdp zWkscku3E|uLwq0ful=q+DBJ~zi+cX6N!%E(Mc!tez&o$(o;GfhED&IHF9dA9iYdIu z+smFXO!DrgxooDP<-B#M7`ovE*=NwSa@R5&3JBInc_Tr9ptH1|_MKuO;=p$^!ZD{^4t|iR?(h?7nz{OeFMXftx237}TCVD4VBJ zJZ2p5BCjK4P0g3dSjE~|ll|zNx1-h#6xD3vhxf1*=7={o8~MX3o5cP@!?b!e_yJ&R zV~HRC`15mgu^o4S3Gy=RgXkW ze?IK*Ji8jHVhomH<_nVo+8Vz)%`{W!*Bev&nhd44&ob`2n)2)-|4X%|*=tdR^A69T zj}$4;?Lyb-Z}ozBw&$>K2@J8<4^oHxe?RB8{|8A5cXOx0C2`Lh`flyYguW(k~?SQ~@C*(5HR_*QiPg~{#Lju^1I^>3|f zNi@b~mxgj|Dh-Y1xzm=kS8>)8^;=HjX*J+xQtIB+V6&RRvct@Ji<1FpvdwY$L)Of& zC;cN&X_o;w6j+X$7rR+vHvE_Ib!A#N3b;F#e9V+?lJ$gcVJ6d^iX>{UFRvd6%wbjs z$M2mPR*C&pLweio1Aw?D7u;F$eQBPyiueOVVO*Y#5%z#zGr`>Duc zg_yF661Vdzl^+B$5oRr;#)UTThr8_WaX|ro1IP!KKwk$Yd0l_J#;BP2nd;UVGN*pQ zCm&ajYX)-}6t4|_7PadcuKj?#>*qgCT#Tm^fX08@QD%Bj{SiUArb)834lu&vi9bs9s^=&fR-nrMJd9OZFy!-U300d8z Z_HSUBf$=I>32=t_qw%gV^KW^;e*il-1lj-q diff --git a/vendor/github.com/google/go-tpm-tools/internal/test/eventlogs/ubuntu-1804-amd-sev.bin b/vendor/github.com/google/go-tpm-tools/internal/test/eventlogs/ubuntu-1804-amd-sev.bin deleted file mode 100644 index ebdb904f6bf93b483fea764f724193a938bbf244..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 26013 zcmeIbbwE_z+BdxEn4wbv83gGVQbLe!73uB)h8nu0JCzg#5d=g)2|-Xw1QkR=LfWE{ zMp97t_L#S$=REiM-t)ZY{PAub_pH6Iz1DAC>#B9FHCq4x037i1r-KW;sN;sPfvG9N zlzb4bUU1>BWY_>U`Wak+8h`*W01CjrUMB=kUvHdtOBk>C0NCl($cmBDs%Vl!smLKf z@2B;nLdE-Ag%dXuhtKqj1`*6@Ntrl)HujGzxk&dg1PZud-3{j_luvq*Dzbem{%NP$ zW_HUHiPIgfEVBmSOLyp zS@}!Z1@HyS9smNo;sXeN1qx97K*~ezyxeDVB+M!^xuK<^G_=dLTLuC+cCb;Y7DEm6 ziln;f5p~;x9%QbmX3vlf%ITbpG~`dA0EPV&uQ>II>xH4IB3&<1@`aPWTqg?h#_ z*dtKjMd4%{{+5UJg*6v_WEb~c$_T^$3rdYPE7xzjwh+CjxPL?ze^;gGmWFxx(0yT{ zB~h?dtGCk$&(r!TN=blsS8#X|iN8Vmj!*~WpAE=aG#}*w6!^yr0DgsQ+>}mvdqYO# zR<`ufv;nO-`H`g&2ml#xn98&>j6yu^x{_aBJFTAL*Rh^v(l56W;h`8w-v9+}+320R zjPDB_xH(I(`>tgbtNVkV@s7@(B(vjz!r}#P;?1I6vXSZ6|)udFVfguhaj=c>J z$9j{8gN=oaO#}?8Q_tH+m@U9b@QJviRik%Eu&^L_0GwQq6b{A5(Zj`o;<+Mx-JIaZ z=tu;`;o?GqLV}`#f}+M>iV{NbZ^b`65sr2IuhnAV0XX4UWB}MaF?Ki>7SL5UNEo>5 z;$*WxhuvYl2}$cXNS?|G}TWNATT-nq?!bTF-!)lk;`hf?}e#KS5JIq-^?W+gZ_ zarvJlCNAHIc`S{?UNw;Ky!0${xMz%hp(^84H7)@`4|e>EG0F4fv8PW|YRGiG{x~*% zelUeLi|GbIQ|#nA<-PT4Aoc!~{cKsH<13ESOs`&^b#9?;T79F>Jw|0@N#s9J5@?Y0 z`Fyg~$()d&>HDr3Yuecg*I%igV(M;`$fYcpS0Pb;AoeP?I-|HpeM*_tPy-tW3&1MS zfuDynft+R{#ihlizM>V0BflXqo*B-;ndv2{Y;M{46wZvk&5BD8rw#ox0U4Tr3JdEH z7Y~jDp8m>qa5O=-V*&9uj%ibzrYoIms${#JP$pEV_W6QHr&OqqrS!#D&z+F1Ch7AJ zsIDdQ4maKj3O9OOL-B+^-PD$o5V~AaVkj~Z`NV#P@l@DE0~^2pJF32CcLGO4 z#8oI1!j3ozYZ**=UM~uXdHr}&{gdYf4FaN=_6Q;|;{{}lY$TL7JybxtT)NZk365xM zos2tSRY6hPKtqkk%^9SP2g(y==LJ(hdAOlGth|um6H;&q^nDyEp+DY-={g`i zY++hf9$x;iGgcl>2roBhD;oq%8-?=vVn_txVnQN9a1lWv3DA%TiG3}KqKojb(Ek<8 z+;GmXm|6aeSwl$!rXU9sf(r_Q7V4i{t|#*~@y%rh?3L_~7v}a20u-^$2uQ}%XS}#) zE6J8z7MDWmri^Wb0x9UukxoHwiPNNAY}#``F(fKrjDbvBt)TZ^2Fx@ypJ!RP~WDQWQ|L5yI;t3 zW~qGU+8%A|a7*XQ`6mK1S6A2)aF&ujBrH5u-&dfZgap^9q&mNv#f@9s62@I5$KrOM z`4~ZU>hJ`SfP;_nVg0#>ugcuH4NLb)`~9V-vk_8VT->>zJdE-e%TrgkMX5sDu$QJS zx^jHFS8Y;TD*R<5{bNF=w2S9+E)XCu(R{UB;aKNDPHDi&@riiwv2d}%PtsuFf_??~ zi#@acq|luwQ`l)w*>5tccjrP^ZM+5i$d3o8v2mfthyfkY;aY>ijT{^Tju8_XF1ng% z_-|(IuZB>`PFrCj*pQ-m=VqjTQ9OlRYU0hqFFzD>(SPOdOv~!o`dXh5&g)e@aN@nC)}<%y+24M z8@|juGndX>#SKl;IOOCazpyhLc(c!^4)2-&GFfu!wbp~Ts9K>_!&q&x9Kf)tAy>7 zmYl5rJHB(ojvPL&+RK-b7b?hhV(@yETFZ2(!tj5%l3?d^A%R|^NoYSEL zFPxA2m)%`!#K~8-EO|oE$`Zc*`NO=wkY)48otww0HJ-POXeG~ zUwMoqyX>1#3u*6*6w$&ML6)}OFg(4 zV*g+5wN8Qou#gBk{Qcs!z@jj^2oDSUU-4QzaIUXj>-e9&mY$Nb+TV6tHwm3J+m(nM zHK2u$VnXn}p$b^Kw(n>|2$oZWAXT2tP~tXqC9Axrw0xHbws`XP&!}a~g(jb>)BQZ# z*q8I9kUl;{F5c8A!a=AZQKe(Wy^-ZyR(#;0;_0MILRIXl<=!WH4X)=|EtAZ+oEViQqmzBsQ=r~@rXq`yiBR`aQ+s0_ zkF**Ov(P6;7Ua3?XTkC!pTzL#5-!1HA5~|a@aE|5z$w@^>zfnP4XD$q8KCSVXm0R& z`|8-G(7|Q;O#y0JCxJJ1iIuD~?U5tP3oXLoW%?TQeCrMw1l=#zJl4t^UPnh=;bqYj z=2;_CUvr45N!1hbzTp_|c&gw8Md5PUFm8G0h^$dwWM77+b;|LhUQCJ7Dx``<)0NpG zqIdUdb&7ezmJ0FQpXEHLpJ!0Cn^w^!y{I2jolASAD!SJ}CYiNH!2FU{R8m_~xP{z} zO@5MhSNom4r)!ZlEYW)eecO{~`o_w5eRYnV5IWiJtnHBzUAZo5<#=SPN-9iCzetGh zAV2P-d^88W-i`3*#@V~@E4tK0Dwj_PJY%1hOFwFgeR}5dRFugnnbQp_v>tksCyw78 zy)cJ^&t0%{ELr(6Kr(bBZi-Zt!y3n(rf9X7BQMYBq~)%7`h$0VZoBoG(J|@U@5-^2 zRuHYV1;I#KZ-Uh9t)fPw2t!Q&LGaCgEdF`cGYtBV=I{Q4z(@a!{~-L$f5iT;*kU0# z{HrbI`e}>NGa8rz7~LW5kTzCc2$-C=mjlWJ2~K>_!Q+eo@UPBx5r}>Gd=AQ0cMm7R0 zO-Nzk)iT^p-Ov^Mh=!-I$kCntgbne^+l6I(f!6+bhg0gOaYbQnQ%~lc-d%en=KVfi z@O6^g%&U_%Udop_O=2urd7EFU+_c|0&vD&jk)Wuf?wFL0XyDAi5=UJO<3U{qD-o(# zIio*L!WedvdM5y7X1^r{?`f5Irtg4MxI)p zO0?3yG~ofo7ZhGlX1`8#;9`72!e6F3#^0wl;8f=jzI zDbW4=P5)Ncs#OV@##7p4t~{s7sXPyg9eP!ZM9#!t#$#U*R8F??A37B0S902XG{gB| zjOkMRIMMLYc1>b2JIBN&hGE>~VtTs5?7B%=Au*pPEyiul)3}coXb0{*c38E(^IF$g z3vO7n7+HqNrNC%UgH~-8PZ8sdf_VLBxMKuF%ex6vJ)6N7%h$Fc@r3)QJD5B| zbRH}|w0SorEr_TLoB433o3=1ly7+E(t9);Aq=hciVcbGJlS(qG((|lbu57Nw%nj}; ziWJXy7S6SvH=Ys}GPg}Fm)_!#7Y`7<-`u_&RU2|X)=uR}Qhp_+bQre-o^L~nruBu| z7J~NrfEW=RQVr{XtM8wG>QO)0!B=Py$aoH(SY-q4e3>?mx>h3Zk)X(Y?ZH(`C- z-be842ht48xfmp#t?*5BPb+zv^!E1z+@?Jeu58$Ao)cDWU*RnJp>gIk+oWhdu{ZuU zz5dmge!P8n42!+7SUIKS>v(VLgL!T4<7cz7Jo)J7JZVUWFUFHXiPKd$`hljA!JH2;DUd>VqS~)>uw$GPXRe zOHLz=RZ5F~e;0Q3;g!y(8HHxnLwPoYuqJPE-yrD?rMleA+)jf~lyC{|3*SO(Mx)?g zCpp(~Ya{NK&B?pHvW$4`?$~8hAPlalWFy4 z5!g8<$DqJ9fJ+8N5PYHb_BvxhNXS0lsmGBGoDkhJjcO5tq3{v`a+WeXwwrWTIN8m0 zVURi-Ix&({b?=uDF( z=jPlcKaJ3Pqe#JK670_@MaPcxontE0o^`2`O)R!NBgdSI$R)<4-x7!@*t@nrluG8o z$u>TXqa@OA5=Fq~B$W|#$CaTc0F(ad=*W%e$!B~-6{Xy$5Pr`X5*gba-m`?O_Wq8M zWMoa4^kTx1eP@{YA$~O0wvkVa$_xtVR~0U^TdMXNKE09M?1M>vbSd(IhBM+OC9LG3 zd)Q@dI17pO(7-9xtJj>kjCqLhG3jTYJG_@uw$55Rjcna@by~Il2(J!AH9qsZpY$;i zM`Q+*{&7i`GD)Frp21^7mx!LN&2qx~g+=vv8&e)C3>%8 z(i6S4ID4LwaLKREg|av7#OGR^=%lG!lt-$cwox|X8apOEq(LEd>`uUgYug!^f_{Bvft=CHukSxW>J0oJVH#!J4xo{ zrz8kKP-h}It9^;P+vF1_Jvr*m!i%NPXW>#_o1uB3S0;NydD2i9+r4^NHfWrbLd!>nJ7aJhb~j7+YO`i5^nvp|KpJ&uUI z`QxkRNYU`?(9(WPdU3ga7O^Cnh+$J=>{%8|i8Ib;iR~?Gw+ZTStQ(_DurcXR_hje3 zm08Qt)vo+#J{{J2f6c{9($n8v@1h%(V~>m{CcQ%D*z<_%AvOeoHPF_?edN-45bp3EyU_ArcFzXx0#Ib%SZ7FytR+p zqqY~DdMroAV~R=d#6%V9H!T-ml(cxE+8p09^@Ymy#l-1u%DG;Tu6qK%*<0sWU6rIk zqsg@M57-|$KWJX%NiP!>7me}gOWWn|drpB_KZ=_3(7j`vbg+V%|3Y);ZQH%;X z2;bP1&c57(v+ef27{AXg9>;x_?@10XYs+u+@0#fCUzp|S-=>LwEA_fDyjiGtq?9Sq zT)^c+I_J;`CcPg=#Z@uhy*2lsvgy0c?-b(u+*^!ax2oPZ*?nH9QS}s)KCHM7(GWQh zXW_%OX-xX?ajBkr+k^@|Ihl|9V!E@9`S zJY)JN4J_<2>EnzuqqgauGX=jq*K$Jz;=ZwdT-$B&QL(C>m}thTRIPxr$$P3nDhyoBKNKXT{|?``Q6Ech)%2}De1gZq7St! z-d-5A*Iu`qLXvw{PMu54_YqsvHN91q|KqKjF|LSuMF5cNqI=y z6Ev2`q`$6?q!YAq;Me;+f3Rh_7`w!L@TvkAV77bo ze21Xwz6d6LQ4I~VnBG8s1&IoWk-yV)A&gWv6 zgux%r_SF+Fna%F3qSlId(jLAwQ%b_5FLPj@NOxf$SlDndjU5e&dLwnFQ<`+LJggnh zvhS1u43oZmv0U&x2c_q7Mk&8Ng~YO8Nt8WYQuz3l-IGKmgT^;7=_@92i1&kd$EZH; z2}@#6owGk*u|!cxKHja!{8m#IyBd?e=G?JaF&pMG2fQRHqLVmBTk4>lboks7jL#h^ z#-~a2FzFwx`He>8t3MHDu}O;+rS4AS6|SJ4d+iph87{iXVIYP{Ul%|ahj$IfVtr7< zrACUP&d1JS^rIeIAa(-h$>BWBQB3;Am?DSyBX+9SY6w?C&quUeckE_+LFa!h&$@pq za*Xsh{y!mVx})MD_l2}|X7R$Yt-tx-HoBJLyDQvbjGQ&a z44M(c9SJ5-4o)U3Y=Xtv)Yi)(n0PwKgze}a%zcc=)TQdkT!(lrvWJY^fYwblHMiN{ z9#6oe?{tbvkR8ao;$uitliG4#UCr`b#Sr0g=CYX@3b=wjsIrf4s43g`SErPeEQJ!@e{>{qTX zSeSSYUQ`M7@n6+&Q8nXrxA%y@scjTlW?FR2oAx*}K^FCI^7EXI$x1ybn36FqJ+b#d zZ{TX!$G)Q_t~g4>a@riNZ6=uY>(ynG%t$vLs2Z2FpL}t;mUdM-Wv}LHY2fW6%eQQ5 z>M`kkUmqbWAc;LRm%=(qJbTQV$PY>d(J}9gnO%#Ghd2pf(my+OSK@ft)h$aeW$)J~ zyV75k88delsR*oyP`Hmu%tvCiBl?_}&qLjXs;AZh+K3xDDzm1WB}bP&LoT>kcv zWHH+{?>2p^Ovj6`w}s)C9c%E0kmiwPa~@kz;6r5UOXmEUV^LC#cdVDPK9M|jiqC~} z?>CG4blqxqOl?=BA-b<1x#Z54O)xWdg-;x86>}>b5gHD7e9IXB*sXUC+`DHB?%wl2 z;{@^kikO`fDL22Qe$IS@-WA?DT_xc zvzT~!lJxQCP=M;z&Kf>!L|5&TZz9Z4WVJQ-oaot}XPZ{ZPokrarwz-!GOCg;wfDGF z*LoXTaIU=wY#S3XdeMD}@6>UyxdV*$UwexPIB+363xpH$aA_=lu4N z*4GThM8{Gz+y1Od!g;{h_|4#DY;0Uy5x^AON~8>^foJrFitn|U0-k^axJT3l%w&iG zA^<cCz6Fm%J?SFrVe#2=Y&UH!iQ@+*Jf01-Hpynr5vTn=yp|A5>fpawdc z9t1A#ikvH5keRMP(B8nsrv_L`d6lVsaFilk<7+qVSOtIYr)Z1+1-l+*_-FIn^F&(R zO(h*^F%W=fuFzN!6)uvN z7(x*zb&BWtc5v)t`GUdd?VY{Jwi|2#*GG`Cgv2fy)0r>#Ym@&;KP~^*Pr)xE!VdQH z>sZ1-S?~eJ4gpwzJ5$j+d~E?fu=lp$)7V&0pjQs(%O+MVEKn10ap=guJpZlgFC%>R z4q+HYuF;t&(#fORyhc@MT?VblHy!RK8&?u6T9SLnp;M2`esXAL=Yu{3khb@@w|n-b zcg8R`ucpOknym(pcCC;}6nFV#TaLbPJrwZG8>=pYkr~e*fqC4z4-=2U|z`vHxt}K?L7yf^k{q z6$zBa40Fqy1LNwM78MsP}XS)z^0+6(kcP` zc?2tY*6p{S43C%NJm4I6EPKVI!OsCjC0!|)`7FLXABUQ?Rk#&n`tcok#R(Yu%&6ZKbb#&*7uil|t8} zXuUxnq2E4SV?M**v-uU$ZDbLV9x508rI8~lLDQu+6mVX$1+`Q^EUL>60{Vd8SIX~o zqwD#19;#LjENZqWSFf`Oge}-%3G2+w!GX()H~U2hYuv-}fN!C}A;-V7)t_~7dUCfg z@AgyFYXEs2G96Nw(Zl!X;?Vay$9_Kh@A&pjuD?ka%Urs+A?dT6ZLhZz>^j3iRJ;;m z5P-k1(~9g) zgZ}SFV83!FOEWOe*i80uvK7mrQQHA~fTqwp2oPbBPMTTYy3^twmd)Iyu{g)gc=pyX zn^x?qP`?hLNi`Ixyphc&VXU0IQsPgmD&3k=kZ8&J7FNpT5`{09-t#aybGv3V(K;pH)?*Zj6Z27Hl6adJN0_a$q1pIvU4$o4{8c-&XL#+i^$RU}?r&}zi{UCrY zthIf&9N2xN9T4B;f}J%OFCyZ!+j=T;Mut?g;>aQtP+mI-cuZssSE#1p`~;bg+f<+PirPigF2niX-4{?d|I2 zEnx5AZOw0EXa7ZUej?L%$|o0&T^}Y28m`1Gu04txo|uOK1<<2!^&w$qI5dhG??We^ z=-iWzp86zkbov^%toOYVaVStiQTPVeTbQ)8bCgNV+!#$Y_ATl%r3mX?(Nth?X%EQKi-_Fy*+Z$;MgNq>q5rTGhd?F$e z)_fvDVm5r%f}$dPC#?{IHa21+Vpc-7Fb^=;!2sVuHa^lQ!TC{IZdJ~wK+f#LVB{hM zu)m^o{|bdA&a0KQ_~4klzzabyd34lfl!Y4h!f(myGC+ZLE>4X#CuLLdX1lq znJL0~|2p)4fg|82E@mMn!Uy6N0C#b_Sh?ErJ9~Ozpj=BqmV9~bqOeG*;p1lIIXqgFC^XkW=2dxUx*TUIL5;T7e`4BSQQCR_0pKCfA4V;a zxSppil%75$*|T`*Lly*J@Ii@}sBs)*Uuc;pS`(A;y-3}LH4p49a2)0L9{8jH4t4L* z8ERa)qln6WN6VvFLsBVcy?n#X%)4VEiNzE&oksONbmbm!+tnH}iZzMvz2x~D0Bt<{ z-MmnL0BLuhy=_RNg=io>K7(@$dm%mT;wA)8-i>`KAXfjemd~;=318k(P`%8UY}Zl2 zx`gor<&C%3pg<@g+h@u%>!b^xo$AG&UVbdOU&Ap4I2pF&mi4^6fb*<8b@%$l^Ho;m z>Ly*&&m(X6{su@dgog{#)ynw`OtiE7sq>VP4`&=I_=QLvab8VfDbn-I4IYC4F=y~) zW(R#;BE3GnpHZ%PTYL9NU7LQc%E_{<;hYBaPeOm{yba3L4rykV)UT$~ zU|CWvn8l;@rp^u1QVU`%Z*uZZ2=JLAv*5{Z!hV z6~&jRNfL_j7SAv!px@9Ptx`18Jon5UB}U$JxOwNsy~j+e>Z6+>0nRH94H3-KUf6c< zhr_)(6Wk@<$M}C?q6v)8^B=Ph;pzi3!_e%i;D>rqmjpAjZH?s>Ys_8u#?O?4p@Y20 zv-7V%oUc6W5M5!abGoql^26KcEPcw!@He=vryqeE)@@J9__p0IJ;c+RuS3XS7bl$` zwk3_YDRq=w?qFDLY5Vos{LA?FVw*mTdZ|%nH<|t!|3F|Eru)>{Y>F#OEtVDA*t}$y zYpMipQzIb&sU+RICl}?1bI;KD%u^^n_5#%}$edADwiakM{VM(crK9H#ZDtM3Y9e4PVU)uaQUxBiSMEcAo-npX z2C_zIO}C10VqW{;mZFP)nyaEDjOp^-)LTv9=pE-j;Wi`S(QtKRHM7&3>E#yP!Zd9UiosjJ>2!fc;fbn3_gode5TSjpXtdZR5E4he*uCPBU^->mAA8( zG#mrbR;B&SHQLkmce5i<58uxh#@x8}8UiReh%w(cWDqRmvo)>}feX~_$d{F#y#IMZ zo5c({X|xXo$nWmhZ;)SODZ*sV_*EPx-yZ_b(p{yDY`46Gs;lbD8)30^y7S z9ah(Sb=qGLnZW$~VbbV-FgetuO*8`~LXdshYVG4rnCA#q2xWx;MC(Ck_BArst(9$f zS?=CpIniNC9eZ_U20yofK}1ZC3JOG9Wt={r7?)Tl8yLY{gs=O#;tFoR+11X+%zfH= zHA3~hijR};7fEqht@OQrc*hQh^%p!Y2v=|LtpFbW7D!tQ)RzpEG#?+*7K2&Vsz%x6 zBz|2@H=>pWda%Nm}To|Im%%MOA zUylT7$z;UJ1?kmV+fPX$>D(Dtni5=KC6Q8`ey;7UAx;(fiBMXsQ~R;w_iG$Z`~nW) z2mUV83-$+$81VjU#5}0gV+^~Jlyov9&Z^;R{?rlIR&{XAf^Gfz>^;uUz1b}q_-{{G zq~VjTndv{K^kt)sy1XN80R>D4G*_-oY8Fjn6_a)<>*6r%znFPi#dzeyXtF&jQfEF3 zxwLshr?v9L;f2CVNq%mYU-g{5H0Cfyl`WCGFpA`%V>xv3 z+Iq6H5a3|A1D=*lNvF=r!JK=;x8O=jH$#PU_wmNA_m16o)O}E(Fi7|KDm5M@@p0vw zCQoL!NoF@oamio7%*;dUb9w^qh2BZaWAF2(#IBl6D9A%W5FzTAe>jCjp>UE+h~-pmDFm}dYZ(}p+? z6euURdSY_w#ItJ)r-R;1+mc=MwT#{w61Z2_GH9iG;~{P{#T!Qn9Yy^MI*Bf8E(F(q zHRYh0l7B_9GObRin6iE_?R$Nn^qd zFSfI1-&`cI48bAuAF znJLK?=VB4^Td(37*Y)XsH4JFe>4kJbfa7N2>E-W?kaj@Y+9F&rG%rW+!7Qo#L7LU7 zQSw!n8jkRD$;Tl;_f}dFWohYRhKEAKv5Op|C`}L7r>x!LTsYxP>w8;gzzwZRJU8o# z$TcsHP<7#_-k-hZ^XQQAeeR=;IN2@Pdx!^4$1dqPL@gS3y4L0d ztO_nuC*48MB2@Yb+SnoB1TR^02IA{?z^R$Ck>kT83jaVIwBdQt zMYQ74Nled?&Sgp|(h|q(NN;_xt@m5wXAUJY&9)2YS~|?+)qEO#_skVHk$;BL0cr2x z41T<%zd#iD@}1A#!^$56t-Mf7AtXhkhB|Xx=p&(BX5apGN(iuauewzbC;Vdm9v-eb z@28p7jz06NhjndCo@y=dlX4YMAi(&MKdM;Z>|Sgwi$qiv)rjA$S}eZfRYM;vyBASU zH+|!Qf)|k)y!1uS2R5Q~I?<`DpF9OMl;uw<%EjB0+<%cytoS|kye>)h+Ek}l3Is5V zJ*(Y2kunm_;M-oTQ=G+z7pbD~?0s0wJ+Bd9y?qu6+9V_zQ%Lp$anH6xjpd;I zI*!3g4r%ViI{0{@4fG_;J1=#7_^Fyj#VsY7-jf(;`2Nw9$j_VV1J4HwG7+?o3%n1~vBpfrgzd-=kYaV8+Sio&UwkJLyBq z8}?q;pv#t~CaJ?35rP8gRBR$!YBNwk+f5;dFemd}o)l-bVR4`Ymz^ntbK2NW@qMPm z!JAy#_2EaMe2Rd$b>f(nJKsAdbV~fMLoN-2|HeOu%m9wjQ|6pvJ5SG8pLuy{<i&e4qGi1Fs_prb^%RKP?jBR-Y~hmRL#NH8U!50PrNKo#Z$ArrJ3k8-lr2Kq z34w6K;8V`Z+MeQBqv5=ZRu(6$W7+2pUVnrD$KT1FI979ZQOJ$Wz^GIvVc>p%ZBSio zZP?v~Pe{vBB`B~pBWC8BX`4Z-=_HoPug zqg9SoHo~if{lcejvC*&aFp#A+afO6#yfDS9$vXe^qUz**i%<>-phlE9vmTP)iwrGs zXK1jMKh|=b(6W?~x*#&6aImU+0SaJY)unze7;?Z*AGaQ1qdRw_L?vs9F^+oWS~-kf zo%Q*?MndL&v7+ULb#{MowdP|N!3Bz+Blsg+gXw+AXu|mTY@Dq;Jz-xHoIi^8uHJlK z;Q#f?kMAf?@GF>d1gX9d@p&R$+?)}7e=7xfftbhxVT1CpwX;Gx6BB)zv-u!x5h!9J za3s+K31j<}bHqeQS5NQ;%sv1KQX%bNV5H9WrBmPwKD_KeYmN@v{SdA&Gbxyt19<-S zfFJmP)c1mO0Ll$rv_t-=&<%W7hy|GD{c!=|=Oy%`1v`Y5m$wJP;(H?&Uo);2;2TW5 zzReT9Hb+bZ`<9Ib`QnP=vvWqdx%q?N?L7IuQfnA4vJHD`(=xfH+#|2#q;1lH+;YYuDLPU(u-p1`qvRGPEPF_h<+Qu2>ZHsiV z=R^0w&J(-^`yR?ldwKcmz|kB;dU@D>tMO}rAN|Cyl@bSG=z-h>HY#vxts(AooqJ*& zk(yCnNhk!!eh(=ta~BUCJn8R~L2?a}`@E!xM{XSI%c-5$aXa=R6!@rtlN@X9)Ls?H z=hXP1xI{=JUGhAx+AYP0=UTgCn{LJ^YW`0f*VH`gc^Veqh{-sWEz(7^~MOS}O)_<(6zpCrMMPI*H`BP!PU-_!B-y8WC zRQBJmv)`2VU#R%+X)Ri9iHHz34k#iHO)$lU-pcYPDT49y^K+n$#@FNDuHhIE&^nH^ za)xHE5pFDtUDzKJDX|g-XVRwZV*6tR6=TiUNB3o{Nq{f&J=eB~>e&yY;sMtPEU4csU;Rp2)Pla-wHi zlXly%f`@pdRPFMFQ?|3v-Kk4b_l|1*5`%+K1O5mV#%J~arx$eXj)=uE#{%*(+@rS} zhg7B3NWf*uW;60ayGJ{I^jC><$X-3$<5jY%Pfg*oXv|S>nK}x9Dd_^@3)B1AiwVcW z52>kp3xn@6h^ZW9=X}YjF%Ss_j zpWId75q4mU^lCeCvL`i{4lr##oJ2YTc0G=Zeqt`^Z53Zo5&fBa=KxQnkLyK=GywVPym}> z<>_?xMu*5|?59Vb^r{(JMQ3Wc^8)h}J6>PoCi{qg(v~4Grpb3oT*eLOdfpy-UHGRJ z@kB2kqL*2Jjv9s_U7ERWH?(vl5~dQuwv+OnYh7nT5d!$I-yV7BCEq&ZEv7D$(J3jV zbIP!yp%A;j>Gs=QGp=?h(0QMz?{q~F?Rtv$(Mj(Q+<+*K_;r3YV#^mh35%x&m5=io z9l;$u5~CV|)7>OD?f|D1|q!1-^>Ive#2C{$YBf2+H9A^-epjK8eqv1te}Or^6W zcCo636E8V6j59NP)U|m0SYnvkX+J-4DWBU?P=NYEQ#S!_UpfzqdtT;TWklpU{_}QJ zkip5BgULpI@i*h)3@PujS|aZ`-Fp>%uejn@J^L2CfP1MezRcG#m_$`}H0iBvV3_K< zXSQY7a6~L^O)dlwD8@ItK1C#cMs#-&PVeOF!amWUFSMJbJm{KsSC$i8C-@MMG_EHo zx)O?Qz~Nmk0byuYlxdh?h(0x(HR}XJbYs6y+^2)Yxl>+ojO`{kwoCVmEPYQI{2}+l z&uH)RI-7QF7}jlSH)0_4=7Mi61faQzm4M~@;+oo{I)93{_H!Rv(gv(#PCw~bypmtj zi|T>`f#x^vLW)vph)CIzC&+U6YPN4yF1iv9*mW(&cPjctdB`7U+_GUUOzW#IG2EjH z#1L*U7yv=JS^1;I=}$Q+ZMmAaH>3UI%rbUz_lPaz>oxQiAV7^-WJ6^h8J&4U+jH6w z`qz%v?qyTch&FdQpZ)k$irx+i?6fNyHIUHmmb0bM8^&A z2~m86G6`ZDd&t%4vk}%b^lMt)1cqi2n6~(G!d&2lCj>Mp^GHYZRx6(2+Jd`@+<1K# z0{Hvvhnuj|k4YY-TL0|H_Fl;MWYcA3%D#QzemV+cFnywa=rn~axU*XJom`v7S|Cf?xA3;JkXhY!%yq*{8e+MB? zR(teed8o`zTbsi>OuPsSa}52!9cVvtT^N`OC)&2~{O<)`mZRufU~!xM$l4(XzNE3+ zXMnMwkHm{#x$TgST)F4S>*NiqVvd70gJVXmD(O(*`J=TunYo2RbFuD%y^Y?RTc1*w z&ageMP#-l^MjBlbsl{ofsDjNn&G3vr&fht=|0||%Jo-NWz`#^-n&9@G>!$h-1c+{5 z5sJerZP;Fg01w0q`=g;@cwu<^casB{?{7m8MhryRQUFP|;7I>I49pG7-%KBk{d}{? zgqp3eFp+n&QtY*Fj{4-)3Z?r4Qji0J!V=`bqcM-xdYz9e3p+)B95-}o00Yl|ntU2cDHp6DY_$iS`x?V9Wdp*@z?YwJ% zp?Bz=qyKZR^6#W4Fc=)~?IHn9nB$w~8@!V6&?LiN1`fWZo|&xj-El3`+67M^-thY# zn^t(2J@$fLO(mp7htoK2mJ?BnUnTz66$8`RC($+JyMGc}+<+j2*y%4WdUe7*#6 zU(S-+vwfiCa;2JD1&WnE7#^&k@%oy1cgbAjFa~ZiVK$&;^Dnn=gyLvzV=3wFfTMc6f(KVSpWqZb3eC0 zPdAR%uiUzmVbs*Mbjy5RFY>vysUN#^^n%$D0)_oX)o@|$?2EbUMoM>!(VTWdc(@{* z(c6weP9r4$eVoSFh&1s^q&QyB1lYSWessUp>JEvo5cpplaJpM8wB~1V&!mM}5hrYi zsNr5d!fE*=#y&@@X5v1$9dP8N=upo+VuT}?az8Yj?u5|0Vx>z)S68|oRprF4BSs?y zwE~%LJu}DWSRZ?6ay=jYzf}ATN5AH(zxC;B;SY&x451kCE}d&z56y9?y2W9C$M~8k z^y4ECDp5MqX;Iz)(Li;VY!1=u%jM!T*GY$$FXf6Cwv~>pK!E|eUHj%RTKkk!I6ACH zwm+5Lz$FgPKpuJG_X5InDPYdSd@pi~sl2my(JxgB?=}tWhfw@uWau9d{rq8_qNLM> z@cR||=lCT~jSd#X-rrNd0s%&FrJXKBm5E-gt}SmCE1Sl0rn)*X#5vZk_P@wmBT@A-1lKZC%+w292_vk&j$v17l6Ah$DtLOg*Cv1fC diff --git a/vendor/github.com/google/go-tpm-tools/internal/test/eventlogs/ubuntu-2104-no-dbx.bin b/vendor/github.com/google/go-tpm-tools/internal/test/eventlogs/ubuntu-2104-no-dbx.bin deleted file mode 100644 index 90d277f2f8bd6533a9836f3d25989135b8616bb0..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 33824 zcmeIb2|QH$|37~0%Zy!?Y$N+VWUa`q5VBL2!C>q$wvaVDWeFu~NcI+FE3_a>mSk%o zlx>nedN`f?5e_@G~1 zQ-6OaS+9_xaH6`USUX1A_~o>QPKs1-L!b_DQjura1lSpnlz?1tgR>@m_Cb zwof(V3G99-@HFSmWBe6Y3!iyMeN-FoP0C=yZXcyu%h~i?rv{>@rIqxu`0FZp*VRl* zo>v|enHB@Dig-O1^(3L2qJRV#PQl@eCjJTvM6>nK0p({2N){tWdB7R`hX#P%aE9o?Ed{$OhS1f3 zg0$2-l7#OG?a6&hus+-{htXWk z_QJ*f3X>BfIq;zcr~z3<^|@n-*Hy#H3-_Jon|IwgMht$Y`(t2tcubB;a{Q?Rl^TW! zco6m~JP7MmCJr_hHZ~E^t4cj#6KpaGC&4G;4LugRMuLR}!2{sr!lZC0K8_wP4iwJ` z>FHt*XQm|)mV`@+2#W}d2@8uEZ*5A6z`t((Nt<3t$ob*lLF^`lH7>0#g|k~;uHR;O9j!+ zo!M;8qK%q2)9oLB+{bV?vEgd0OIVzI2a1&}!Eew#dAJPZcgs&7^IuLb?L}$Tmpg)?8v8shfb1*ALS@h zlWBYTVQ}bVZye1PrYwTG@HY#TcNT5~@s*=CZ;PYtUT_^{dhtxdp@F7u?v+08AeE6h zk$2AxUxS#>Codu-()|6#DxEIPYo{utzc_Y;sl8SzgYw#h3W@Sv@fY#8FXeZrjw-Vm zs$t_`0a({`;3wfsprn~dacOX=Q?x>GbPCfvjxd|}dMiBG=FlM)J_}Y_bN=cT z!4KR{Ppn-GxkGI(ph6q~E<=v1TGV*&UGADY>7G|DC3L)?#E^GNbc6E*3RNPFCV;7-Ei|!BOnTE3MLXaoiVT#|z~ zMU6@6lg+_Yj;lwD7;+R8+uD1YAxCoBVrf!3ksZK%)n${tX1M;8f|S zx^ODeiqKC$&^oBWg2=~#YF}RE0b^@}M*Z?2C{PbvXQ0i)lTDcMX6}gEr=KkSYIQK~ zKJk=6{Ox9Wc?tP)9);Yf*KFK5q6z0jyuxMhf9%6wyDmTn9>YA;KvMs)7w;V1!24M* z#+!f#;dE~IVqyewSNPVMaP~AjJTOie0w==sV|*%XJsn{xI0a^dkc!v<;bx0+vOzmL z36sM~F*^yU2(*z_j?PY2!pv|+%pPK@eJ44wxTvs*6i6f@;@g{I zm`!+Kz`q4EFPwWDGwaVWt0}3$6y#tcaA9GPq5hb;9!``;-Y+)bEaQAI`RPMQ!zJ}Ik6Ay*PFVC_^;Y`OYMom6Y{iHxa2{~7;67TThEpEir z%0b*IaxC66;~#>lj%;!e3E6rmZ&qvGdr^Fb*RbFdX}7oZSSs>x8xL>BhO1HbR7w2Y zsu)$kW9;cMv$iyk_BqS=hEi|Y5brSmQSJPRG#>)gg?-!16@;Y;N=gk*j!(pgkA;gB zB(V<*7qlzDZ}`k&L!muWCa2YgvisD4UXf2*MWh*={@WL*v2mfy#DETHa4kURMh*@E z+lYw_7jv3W_z$%9TOw4l)>arfXGn4Xxkfsh9^v6b2ki3Ur!ik=!PSFLBR2qsxMp&W=JZ_9)C=As1I?D|bt@n-HiLppJv83+gSXw4kn3^42o&bC zknk1iL^|vzyhlFq#xp|uGP@Qgw5{`Jv&-GjUIYpRay*PDy(_CE>`wZSTdj^*En?f; zTgzwgs;lk@H?)F2H)y86W`_5C=y4~i82kJ{z8UhO*fgcP?W zD)LBJ$kb>@ox*srKuAKY9iOqU;z#X*z-9r)nqlqN0LA(h=?3$%k%Q&e!n=_4#QWbB z`Q|hPg=t9M6e4*<9p?NwMzB_@;@#T^!(;7SA#;iHb39QOmE{fxGT8KgP%uKalGJ_% z;x(7u4`08*zM&;2>pd)>No>dE;iNs2gz_mRTMNVMRB9~Np$=sE1jj9q5JwEEq8LQ` zZD*ciKXpii_B?es;9Y!kz7{82+5E;sf=1S$h0lu<-XiAr`-^f9P^&#@=vSNaJ8B?y z>#e5yoicNr13D#f-b~L^bl%|MIuJ#TPEsSoos%1-g_$h7Nbcv&E2p^?-^Fh zlR2CvGe+Y+MtY|_K#^8nV}#))uRozK0s0;;)l-wZ+lyv0lwUSqI$ie2KtsG+B;!S?`dnf?3-lFe2B%P#mt#+`J)CTFi<9n)r$1o2ou+Q%GJ!QYzGocb_-e0QhjX%LmydUJ2+kGhUV^t+Y<|7(`q@ESN%ugqd zr^*FfJW{3m`E6}i+QS^WNPoG=(?-FzA~n$}Ewg88Sv9Xj`fe&7jkzFli}P5Cd--gO zI85jCfK2I$ZdGxWGbIBRz^ z8>@H6YYd;-e6zp@2R7@#38|?k;Uml26GAcjdi0c zzOO)37vyp^x>r-!srNuiB*U}+S-0P@pFg#3VubRW@V1UM4`?yDt)Uo?vWN$l?;NEZ zmpp@Nfn%WLF(WFyrT2!Sc{Grq0+ZsP!GK^n{0n!O7ICVU_M0#)XkGkpTQ5YOn-Nxb ztK=m0qxz!cORS6+hsZWO(=WNjg+HmQ)2_nPB6)3)o{5+t8F%CukR_v)ZSJ_H+IXV$ z3MCVv?uELh+A2Qj<9sY48+NQH&D7>|@}e8!__R?MV6yeMuW-0?wYT70TQ%u=C$4+8 zN~^qwvWwt;4f^#9<_iJ6Gjz*B)HL=&udJiX*v6Ye`e!B^4h9wLtI-K8*j^%Ne>(3v zUsCfj^n40GtNKB{c{0^`+pzL@JrVaTyCAzG*ElG0W{Uf8OIrJ7jWR>JE~#6@9oUa% zik4O(Rm>YJOBEHn`LRMLpFeOq2k%UC+TH3221V;J6YEc?gT?%wI?Nm*5={=;u9rf~7Q_&C z^eeXx2Wsi(i3ohjj`$!S%0;J_74*b7bse6fOP!~Z#39toIVP95|1|c|@ubo7r;f-R ztx=(I)qBHn;O2nOI~;u8YirCGl^*~k&*>vZNyWGKlj$9@oa=x^B% z!XNBM_`ijVMd0vlF6Q~p#h8c&rT}_(C~K4@0*!>pxub2JT~T1*gK-|WgB@YGu#~W* zsIaKWmf6_e6vJ%714I5TPzB-q+fX^aLp4A-Svh;U!L+s=UNDY>Y5i)z^AcKzptwS9=I9H6@sv9tiA6)YY7BaBb9knD`R+v*P;A`QHw>heM6ju!9GWzhH z{qWU#argI;!Y^Z7#$QO3qm`4mPlcJY@!x-;l54Yek}KVHiXgA0iutgPnD2PcG*?v^ z*&m3|F{k0Lw`J0)o<6>mhKN3IOXQ|#;+L(<_tJZ9-%~LY2S&cr9ko~4qMV(| zIS0h49%w%2Dyb4VEEmr|($wxbQJ|}_b{c{khPuIjg5n8-eDVcR90c=1$U#}&GVaQ*Fo zM-zSmu9kT`QzcaCF9kfH`hv;}>g;x?0~Z$%Ik*+-81IBOV5p-3SBIRq;yX%C<@P1tw)0q?=!wWAJkD8R<%Q5%ukFQYRL-wu_!-=)=93Pe+@RTJ=U&MBL+HgYo10W4QH`G(ANR zZ09VBUg|n%!431Ke7_`K*N9!7_6>D2Xw+tP6E$AC7OCHiJ4iq@vmQ0tv3xGJWPTMA zN%-k#3zMtA&fTedmcygc!pO3~@x`Kcnw$*j{F|wb@|_n$%ygMHBPOevR4zJ~xoOB{ z$Yz+0XYt;mh;xf%<(}_&VFa9n(hN;eQth5611-#eQ=lCrv@l)AYAAaz1cw3mq@9-LRQTSFa_p$YN=qI18_f@wmJZ;Tbi9>T|(? z^Q=df85v%j8Lb8Z&IfPc zKK0D8U^F_nJIHZUWN-O$p^28}AuMURQa#-5Fs&&B$Z)R+I=pGOfUT+l6F+nHrEbiT zTE2x>vFDaMXRtn~eSiXVZBAJ8k0&n|u&rkY$jc-a2M#zAPn`_V(yU+0f!;=>^`t(( zVcK9z96DoH_8};S6Eq)tgPfh@+?Hhl|6qa~udMua^7 zB6DiarG$OpOPqA)|@*%7F{Qt;;jAc_ALpB9%|- zF^ob1+9GOq%E)Dh^!#-KOAdvHiu>S>oeodZH)5YkQBgam^oT#l&?>LRcW$-I!lac(s=(^ckyMrn@rXS{-+K zG6D|*1l}pl(#(6Qoz=^2!$j|2*R4_KcQyJ$X>fxmE%~Lx0#HEbm3wy{8$=>=?Iq(- zG=%U@gXDu;nS%YgzOSr~unaO2W3!JbHfac0ysbwFH_qziftdDU-ofgzh4?#WI9SYs z0|&Q|T5Kht+ySSpsv6kFSiArk=JVWNzofOT7qV-4PIDY6`QVuS&a6|5{@B>KxT3&m zFoCNK90y-9X{?>IoCe$gTd*?c24|3{MFJ|fD-7i;uD(J9EWEL&Xn*asaiZlJS5eq`1 znRT(s9z+(;@AP`)&@6n(daU+X|7Le=(HidAx9@EpUFg0M^%32e;sjp(_v9n<^;UP< zbXz`ffCy|#en1aIE(f@P|3K*wPy;P>cYUYUMKud1WyVU8G+DU#)BtM%zcRH4j#98w zWW};IoA8hK$uu)G@lcMB{6k6@aQPX&&*-4UG6cvkLwaHJZ{FK{X&b$w1oPdGlLRlc zM)vXEh~e;E91@2DS2LY6o$JJnjvCYxCLQXRI)COw5;{pk(N%@})MJPOw-e*AV=ggM zVfYF`4V92u`qe+UPluo0r|?#bFoXBG-Ig%0+KQ?E*?<*ROhr{|OS|1bDY$_;g51&+ z#jP!S@F>_nv7kVw9L`ob5ep0SVsUV=3AfIPk%C4MVIW0@(TVee4MG8)g-l^9NiM2} z0s(YcuY7y@!mKWw<@cghdg67*Z(#M>!ILGVT*H=b6#ErV*(?nxE)|*NiK?}(qX>fk zKq@*vm5RvL9k70@IO~A5QH%_@!Jfkp_8orkl?S~49Z3KH9u^aZs{nnJD_Y0W4aE)T zKgbW~fhnTg?6(x30wmC_it1N7YbP6063&~JyT_$djms(Ve0*(D9|B0*xZYXUc;3c8niv?dt3ZlgGI7 znl6|f7+L&x>HfcWbxh;^_pZKeVE zR`bms{Tr<3Ncygl@jC5?00PXYoZ|athAjr4D@tC3PU4&;)1m>6xKkD9i*cN1vw#Aw zU5JC_Bo)%5F*oG9N@7Oe220%%Ts-8kuM?KU)pdchMLn&%fY*!_TNurMW1&P~4CG-9 z7ih_8>tfuj)1VBxLe6!W?ck$H~Rw&RP$b6NMBF^@vKF4WC zlszBjP9z1Q4RP$IH}Lv1-dh)0(y? zN5rCMB;%SMA9=gr*UX7SqY4G^4jN1%>CCVo(FH7x$fvy%P~WCN4$W%|8rY5CO~`$tBl?M_TJe1Ctz5Fd7@Tdm2LT*- znm!##4)v;z{u;qT~6?d#eKSEC+1L7v89S- zZk2;gimLed*!Az@aFUmwzkaet$eq{`a?x{vy8#o#d_`cm71<4cBc6R>CQ^69gd#T& z#cyP!%NDtF#^OSNc)^4#dPwg`(*>d7w5a3vFYS-@kH~Dho=YQ+l9s!60tzfByh)6) z+~`ph3}Lu!caDzm%zS<#QZ9+*eV3q1r>hs*oJgPZM70jH;L9+cM^loDAOx*K6LaNZ zK%uZgx}W@I6x&X0MF}3mJaoWV0s;D(>Y%sj0X`i7Hwy%sUzi^=<_dlg{3A)cTd_5h zaNm;05$Pp1;y35umX3to;0T2PW%=S?8b2=IxR*JSyO4OQ+3^KVQA!8#i0e!$vyP+t zB`8qSJ{aj3#&-TDA-00X-BK6ETs}&*CDC6uv8EsRfSAiK16xX#s0DT}h>D zhs?y*AiyfF64{YJQj#v8lj21)(Fp#DX~*cf>lT3RBw^6yDwlHBQ85;STkWXwwTJODFIPo3sC_{q?NURrLd(iLdr_a!b%(ga|Qj{J>Xl&hWcxzxIakC&B=LO zlQUWD4Vi)fHYrM#DHP^7FJ==W&xK|B`uIKL(>Xq_EK>6^=(?;f0~BcDVIz|6FAFBu zNq#KlaU_8b_>%N&)O#SHQ=w_S@LKaKNpYrMDsS}EfCr}}D;1J=4|p`p#T99d@{;~0 zYaSsB5Z;!Mf!$5-fA0LnjN5+u$P9w`iF+!<-{eGV)YeVHrNiia{|1hbm!!CvxTpY#R|p(0;)rmv5_AALYd6aIIOOTGO~M*w zuUQkQ_q|fFh_PUS03sXyCKL6!FCfh4Du|v4Uq5$SMNevE;H;9ui>#_!4hB%bZNyjR zn&YH_Gr1?XB_zQg4WM)v@5L!hQL1^kAl&)}@}foFwUD99Hc!t)m`hP(4D-)~_FI(J zZa)FI33LZiOGPhaYKtT$K0nkkbz$)e1Yq!Rmb`JC>r1Ln!vxX1xQu5k^<%6F;Nv9M zenI!14F#~NJNJ)MFVu*cK!)S>q^eY&(#`;dJ-cqaj#%cCMLv!X#wT+@JB-8)gLMZ%xh!t z z_}=w0Lx8Xo_%d&MJsm^P8`U!&?awqt39< za6P3q*feE1Hgm4A7pXM`NmdYC2Dw zsWw4|OWz?QkV6v>1uAr~U_(r|J;;s+l1BJoIph0@YG2o|5ALZq!Z{X_m@!h@Gf|b! z@u>Y;ZV!rRAdC6;Wcm%)ZXwE??wcfgA;>3m$x-eD5$UL#(A|R&;2fW5LiM!|V~_L2 zxdoW5%g^h_)1=KRK68FULNV0f76=9OYuZCq^2YDKYd+&FPTsM(T$FX^0n?o7z_R~Y zhgsX2V3sj7wl(}-U#HFp?+tfm!CgW;1ru=leeofkJYXh!diK-B=1YkREYKrb7Y6*J z?sQLILrH)!NYc@yj5-RdkYX0Qyo%eC@5l?(P2Ds6e8*$U^i9($pn!wZ)fqSYR2G4h z`C;NkKqT<&jrpngHu@)yG4J~91Q0^)or0|Gsr`10I1Fzk!b6z;NPZx&J=A?fBb6d$ zy1~436`P+dsr;5uAvFpDkRGBPei$p?mvLgB$Gf$#77DgYQ?Evw20TbIaJv2VHEE@K5AS55qoat3Nf)(q37C?Gm3G z5)HFOcp%L%jS7O2M!UKr_aIY}o^_bu>nF`m?I$!~FG&vBBx8U8>s1+^DN+|F0*+Zd zc@?*WD6cSwHUsB6Y;8* z_~s%0;dtD)O|ah+_(#;AmxKU8IawMCIco^I5=(9q;(6l*sYUaT<39W_x3i2)OOkw0 zpoARp@YE5G=BtxO{a%e(k;QtNhps&rx>MEAi#V2b5BEOBD?2G2MSUNgXvcX+g7lw& z5&i+p8R&gB-z#+lj5iqNa7B&*_nOK+L4b}x_F4wAT4;H@%E9Q&rrs4rNACnD#X~Tr zq?_^A>p;CeAjsh|F63Hsd1)@W)t%|tE3!kndcl(?tg-Y1Y>uL9xNsOcpPas39?3E7 z)p6n2NlaG%JGX+8*(()y**KUIU(GDM@J&Q%vP^s5@SHsaI7AU4d!N%C@LLj(u6TBO z(cM`jM#g<`^-3~RH$zvgAr!D*WfzJqd*Vv_cr^Ff<2*q_Lq%+>3FV}A8@SWrQ1mLt zB>}Sme5Qg|pXtb@RFY-sb^*b3Fe{`r!rcKa4d2sFD`ht0S80yg+)NF2zW072CoJpg zO9-H3E6!4B$RL~}U}an`3KyzclP@lisQf&l&1!;rWAq6Mkl$SI6fgNK(&33iF$u^! zQTs@jjC#Gq_bwR>OghZ36G0mmmc;*ll5pIB7OU;OD$OoLr(j;*pxS_c_DZNun`j(L zge2QoY3$;Sn&3L85Wofjh!*@#d{RqZuu!(-XT4d(%F%L~I{fnNIDSSAgQ&P36%+_X zTsnF(IwHDC);E|X4`26lX$o$)$>r7uEM3}qRVxi`rWKy|)G0-Ao< zI|$nkdssceRHT@$4~db95o&#@d4%BQxD&+lDu6mz$JeHGcgUQPU|>(C!i=H zle5d668qNMsB4)hbxcO@I~9C`=IoCCeQf_I&itnlgQ2(S`S^j&!}e0e&trye7|yMz zWJ3VNlU&V4wfx)fQr{kxFeY3=vukL)iX|}*z$d=;(aay57?fM}qa2Z7yP3J6y&aI! zwkRtrq|=_BmnMAoEvfvM1jL-t#mkQ6TtS)_4?uwSm4rOXf`X|_t_n5Gv0MYr>aI?Y z*xDs|aDwUaqP)ZTRt(Z?AgPZ!*5ms9%bZU6H+mylc;VLC^O5 zlyTep1yYAO1`EA9jY+?J`gyitD=jKiPi*f@W2 zXWFOo?re;8=E3q*nHf=F;Py4VZgaZ0LQ*3rkf2)Ha<%MwEA#phW9BkO;paqL^HD-; z0{nQxcdSXfUNTc9OWuBDiHH4`XJRFxuXHc73pl|r4%`pSel`?HYgm-D>A%EKrF#Yu z^-6%A4g#=?myWj5QR@~4_&MZq&IpUVpf&RHPw!b=I5vSg_TCE$sIPHOKRZzFxW@EE zNW%A4&aC6rtd%>mN$VTd1eJ&NJLfi}gn>u+Hx6>0-0#}DMu16ieU}mFn>+nzhfNtL zbt`aH8Fb{@+83~LKYZFC2i-|qW~HWTk9QC6J-VJY*%yMCqCI7Ubi!E-6K2+6)zAWAX>W#hMcLROU6EElnCK}AEr0rezDX~7K=#g6 z@27_x>=PgW)@Dxb;${FhMf6j)kQZR7o;|8Q0SNOc^)rfKHHc4_=}zRZm<}S922|zIpRHv zM`A#z8)0mG^^M8nMlDXRXo3BfHsAzj-@!|t&&Ne{(lj-;;Z)V@yQU~bj0L1Kb-YDB z=XnZ7vM68k_Sb%r_Ho&a_PxN#Ku^|J^=TuY*k zDZ(UIzBe>RxEK>@X6fwU>}uxZ?COYckoL4ip^-us-~=)IJt&{$(v&pRKKb%k7dCLA zmHki-vL6h=oawwXhNsIP)~MrOx<+)OC4?~%dRSS8y3tfoURgAf7Yb<1uD^JgM; z!}J8@P^=UuEp?!Z^!lPzwb#5LO90X7RO=v~>CI$*^+%yMPo%hr{t-%Bl#Q(e_(V%@ zK@{40FJR+}@ZN)VeiASCTw=p3TfrU&aoILO=ve2qGjb z#l#LuSnokCFA|mmiBl`5P975ZKxm!Z^(mba0?gmJ-6)I`6r24K4_B3cV|=cq%k=VQ z)ng{N;|*{Lxl$-_*0|o=IbTTQV|WFt)cIRf{a$a6hvVB_HuS);2B~$|Do*6&X_vpA;>2)QUPKiBe1b#2KV(qon>JDJFLJ;kR{(&)%sKmPHo(;+Y zh*5HPjo0Gk-Q>?efcnTNkCoc1qt15o-8fARy=w0}#+ua6ozTAT#X8fLeE}SdrMuxT zX>7AE`O`vnF*M;ZI)-P^wB+qFnUAkACq>J}L4j}!()RtKjyUV-&AfW{n88@zJCd!Z zBLZz{`#TAZy_gT~X>$9gH>xwni(4*H^Y##^S<4F4U(bU8*BpnvW6O#XpU*7Wpszw_ z%uk<+?^6pF7D}XI7hO3%4h6Jb6w(OOl7}-7bKf@1_m$$YKF#2eFu0aq$rRn2%cET# zv>z&<2uNB)4sS3Cz~b?Di0h;7 za`+4p9WfLbalWf)FCG1Y^dOxcZbiB@Fkt0)`piQ% ziiV+r%T_0EEW|-v);}^Ozs;FGbkBY{X1A}0AtG=fh`X1WjkTAVqq7xK+8&8?*(0a4 z+4+x(8b*DYu?RB`i*U|&UtWHI00)NUIGD>drbJxW4U7t8qIxRNTKQFlR|MXi+(4NZ zC_#ahad8u;WUE99asJ>p69E@|>F2VTG-;j{Srds+pM=cz>K+T{uX&k2Poo^JY=l<^ z+ts#TLy6t+_8@y|^&q&=eQNx4xqPYoT;_h2yA}Zuz`(DPRMdQgVMt{3g$}wV!p-4> z6x#De!`QQrT^3kI;OZ6CGAVHo7ABn&H@YZ+Fm7{6U<}bD2OzI+A_(3Hrmt_lpt(dO z@}*8ZUchlb)A~#}SYP_Cb>E^JnBG=t1STM0>40!^gKbwzzHQn#xeIK;|LvY{@15Pi zw_xo8{M6Qm1l&-LE)Gb6U#eyJ5EHo~EuCGhtPv;&Vxq0&j|a*M=}b%nwj`z@VeGpl zM@)orasv;*Y|f&byMJ+WVAJCgD_F97t#r4au|lT1z*2@!3+Gt;hhbK zv(7G5M*6Jl7`46GM@+kx~#ix3lGbPH2*k>=W|CvkndtThsWc6UXZ?OfSxyPjhP z&csH4jkUKi5EH?^)_Oo;IXMehJ2<e37bOaLy;J`0W6x#Od=LErKfo-z@(RLBa!x5u8X9dIrg@pw%^M2uy0ydT|+pW2C zsb8|O;8$R7;NUk5wFtVqAJ94 z+xPz!(e{QQ%F$*osP9ejCqhAdzxnT8;+A~=fdYWJAe>N^(gMO?bz;jA-|Fgqdl<0P z(F%4Fs#{c5{RXPEq4_esKywuW=;)8KS9_57AN*j&`K1}J;Jm|e^K#i@pwDo`?-&M!AHy3=|Wan%&X)XE@{9CEYik|En9tPLS+FP4#Ea;H#Z z-)|Yv&D{b+f-pHN4}_B?(h9bnhjN2~H1eGke@kwNub=#7dizeYT-z+mzpb?D7;^>N zqncb`KmXS#nEl&zzNgb*T;Di(&vgX;(rs|TK$_mg)4PcJ_nCS(RsStqy>rU%WWBRz zo2`FN*E^T~3w-?#CG4+^{TI;v8f9;BHqkcssDmXK47vVPMPY)17^2yh=pXVsi1AOj zY!89`0>Ojl+;Rv0ISl{pE_bAcxhWLF0p^Nuv;xOS@5t*fSc30u{3r7JV_Wb~lhtpG z!M3(-H~+Th=SNKRjlp2Qz?3j17N54RmS>HCJ4U!BEO36@8i=g)!Ff% zwh}%6Jb!Z=<5qs?Ka)}TJIQkkJjln}S)gxc{@sMk|Iy$456kLrWy=48zqutYfgP*y zKY#Oo{J1A&wB4Wn+41=QrO)rE{y)jz+`6Cte^BP%BfdXj(Y<+G6My90UMfM^K#G^w zJB@*6$n2?`5WsYZK-TmE$IJsNRuOXQYwfpRa2^wT$>%Yd7!pDw#a{>o2+?WniPNOd z*7ZWYb7$pf)1Rv3XkZRV&;Nyl{)Mv7Z@SEOit8(|?TtOvpKU_f+l^M&?~wPDBGE_1 zB5`9WK2E&$#GASTnsUli;&o(+J}F(zjqGskxjdvUTg7vttL!=^fwht!d&pm^HeiYkKcoWpbm8xD>z~%9e_j~*5#t}~4p^1>g_(KV*}fn8_fAUg ze+3GVd4E#x{uR-J78lda|FQiXY-7wA!$0rnM1LXCy-i!Yjo1G)AJl^X7gHtwR15d- z)ckKA>{f~Azik8lwIt8Cd-y*k&A+)6|1(6tI<)C~R_ou9x%~Ha$G=%&K)U=3wrQ^) z`iPQ<4>yoay+F=sts$vUBmV9%HUwbQ4^DY1sG7DC?q1WEwmED#t#l89J}GpAKKqN` zojf8az){~{`}z*lt%DnO*YK)h*thLGypLGrOX>OJsdbJqkRHiWe1VwGL%3(e(8O)D>VV3;dz50RuCv!?Cu6f>U2rt#1vm9|2J=I;L+bd# zXB^D~eS@j;=7K6NN|K@*jZu?oyGECO_msC*j#oyxI(mZR0bx2w zG-iO@*Rh%I;J85n>z!kugKg~z%Glk7cyD`i9X%b;AeeBPNuu%T=m?@#zAr5n0x(}g z!!JRDU0A2uus=joVnqv&CyZLlCyI}ViG?&xyMj|l`;)R+ZX#IqV+Lfp531XR?6Zc5 zUTSAxtM96!>&IROuK3=VtZwvj_u6QGTxaPL5=&6poHDb(&SfQa9UmuPR-2~UFuETA=Yn1%_8I$>Iu&&wXp@?{Gw0k*262`BoZQd2)dosp zBhmRIX2i@Pcc?5KD^a|v=56~KcHITo_+b74;pp~tklUWFmC|XwzS*f<-70w#pDy~I z|NG+W;L<_4=kU*QJ8fu8Mj+E<7Y<3b(Z-K)`OE~7%-E7P-(ly8Gg`iuGtP7`Cd*Up=+&d|znLvF!MV$E~5wYg+CNBw-~+IYY9H zBjEC^w{@PT9K=g~Us${l(0}M&`Rr^xp~CG&c8?m9vT7j(L?$Qkk}~o1?FROl8xV)< z*+0l=tKz*4N&25Y)vJfuY@huZM=!BkhzJ_R8Z&?7oAVGrA|#VFKjVVyxfIx@0%5&+m8e(0L>E@|bRsNl`? z%~Wi8d6k#!1HOb6gKt=!=cuHN3r>3GN6b59=~X@;U__7GOCNU3AE&)eZp?ePUVk6dzDKYBY12K8 zI(ih!%qw5(e)P#cITz+FYtB3d0s5$PR>Wg(HE`oyj1S~aP91Q{A7YLUJbu*6OY*Qs z;bAC1?NirIfZLVG$9g6+`CVCX$O8V8CTBkbiSaLQY6T@<4Fxg84PR*pxnqClMd+RU z(%t>+YrX`WlV`Ry@_&zzsEYT;yteWUJhtGLY981Z98Oc70WM>fk8hGbN+fwgY`qsw zXYc9AIZ~r9vVKLm*D2wqEH}8Q!Q$DNAw6NS*#K+ucRr=QJk(UvQJog3;M zVRC6L<0G+|e6^b1Bm^io38^W|B%?L0dHjUNpYEmI)jO%w`^4_IIcR)%bePT>3am9L z8r6`{te3FI(HVwa^?!2vZt2CeK&C`fqP3eS&pKp2J!K5!boeGutH)Ac-Sge^VNby@ zA_5(vtrwF$jTi33M8KPMd3m*)`ZE4GV(Q2VTyX6LYNn^1hiSzpoDpXZyjx=2oXGH< z|9IVPp>~FQZNA|nxUxW0^TZ>>qQ6o2y>!$dFR;ql)YBxka=Gv+*ZL7`9q4sil^3S_ z0RQ8pLUL!>Z!H^e?rJ=Y`{;oNhvkF6k6>*r?SU5Dc`LC8U$xfNYeD4mwntQa(;kwl zYa(Tsz(pz?l+n)~YtPzLMOxtZ=`yx1_P!vd8ywyL+$pFj@nLcZxbgw-yJUn8`{&d9 zq(5!k;*_GaIB(iL#Dn?}qCY=KTT#Fmnf>O=#oB!~JO-ipM|95Y_94G&JZ1vR9y|gQ zN-rjI885u7&QuQd01`w_xr2+r(1q&SE{@e@Kp$?t%sOZ$Yl8ne#(5$5w%ZCR;RH)O zIH&ot$$g8^7ilWV9!xnSk5}-#@AxLkQFKkRy1f0s)*=V~LRGs*5975i611T5<4sy} z+a$cZ!-lCnuVJxlH_}XPWAp z%cV+{J%=G*2y$+qdg=#V8>@9b%ucT5{j}XMdE7mCS{G_>$E@+wLr#=+pL_50Yg9(vPeO5&o-9Tj!!J1Wd_nm}X0vglA+Joq75Ed-7j3WYYI9rJG}2^@Vx4}z z@|>5fdy#ffsIs=nFswnHQl!h`(Gk2B>U=rvUV)6&SjHdpd@CujGfQX>s(+e&85nql zjryb+fxvsxxXN6bJAYPU9|TZ$Ix0#TT=t$;`bVumfu##e3K9qfWS=56Ezea`Cu_fd0|B~f`g+}- zi=QXnpZ@7-QMzFUL%ZlI?M?fpumkRsI1bX_Bz>y^vL54Q*aTH(iC@z%S*G*CqppnWqxlW%rJM@zcT7*k0`Gn&|ZI-e^6k- z;$6GsmsuH2+9e9`7qP|Wqc#PPWtAU7_Fv9=D3&8~EUGb9!t%1U%Gvo6-dkV@ewu*y zGvQ>-XwmYk88i17tNF*`2BIW<6qlI*#^{6&o6`^887}X`Yc3=>o%8JVQr0f?f1C>X z4^KJ!mMGk_e%7j9q{$Iqy}LqOaqQPzjpEkzkN86X$;VPom5`8`Jx$gS`^0!Q_$@jtF3wQ%&Z%Tb1_WF!K9;bt%u1KC z#oiJcQZg&&ZKV9SX3}^Xt-TRCd#`(_XQ~8EGdbDJmUljdBb> z%`QvLWO`JJ=&E(PgSO-5!>j?NlxTHKli4F(osbTgg*U+_Lmv9wa`Aty$#yU26^&AS zG?TH9Cgf=EO07sD0~P+eAuw90b#Qd)5Y1K_LlK26djsMbA3qtljN_r7o zin4cO&7IWp8Sia-;lTi6l@zxzNtwoe`Pg39kA(8+ZJ(aY-1igZ%er!If_vs*&!yeb z%6764Gbv+FOa0T80<1>C!P~hY70d>*jY>g?3kTPgwUXl?NPr_xtOh>V$oBYy%`MtjIKPfxYcWKWVX=40^4` zB%gZgAe5rr4F(}*KEiMd2#{$g^*Qy+y~D3OrC!_72WJ8?5^s!EHuJKq?qtKXn#rKR zMNW>+&&%eS{LsrXRpu>si+S7OmnYe9r;bh<(%j~h9*EFeQq50{#TK2gs#Jj%?+NmD zG8o^b1Ymwd0Q@zjuS=aP9xdfDRD zcfV8oW7|2w6#rv%86;rrsp&4?+V7gbKP_!CIF&C3?R&1yG!JoFc3DU?WmwrAGrxLbl)-Tpt5W|T4j diff --git a/vendor/github.com/google/go-tpm-tools/internal/test/eventlogs/ubuntu-2104-no-secure-boot.bin b/vendor/github.com/google/go-tpm-tools/internal/test/eventlogs/ubuntu-2104-no-secure-boot.bin deleted file mode 100644 index c783e736ee45f6c804ab213284bd3bb4b8aa5656..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 38268 zcmeEubzBwQ_V=Od&@Bxj4TlD$JEXhw&~WGwq`Mmgkw%aZ5s;KFDFviNX(gpYKzR?S z_j#VfbMNoIpU>}p?)%3(h{K-w&YHE?ti5W_YybcNK!E=K-NpnxsNoE@pq7`Smi7cY zxr4ZW!r%e$SJxl{2mlxWY5))b`gt4`y8C%T)H&wE^L>DoR-G6h7Ln|I93Vap2H@?* z-Yu@u^P{50;@ByrG2VwLUsUfI*nQXci7JaHejNY=IKsUMW=EBX8%^dpej42~D1VsU z(Jd&-Pt2JUWJVKHPcR>SQW8rrQW9(ij%q`*xVo_{KoTGgWkVZa3vdOv13Um`00(GW z=DO_&@Pf8o0buA6PXOmnMgh40;PgrKiG)ksu2`}b6+;KHE5B{U4}T1RuluLM`|GtC zTIFQrYfS@{>T$yQAGee_3Nn|gY`!xrX?Ybsv( zfe6pjY~foe81A8e3W8w!Pu2P{S%}_yF zXbGhwdjZFbKck#3bnL(l?`!FwXq?@pvil*q>C23MSaOOzz48%9I^E`=8h1efDjisM z;eWAt=Sp(WO%__3qQexgTp`qfN(gmKtN;!Ekpz$k`vg= z*&akmjL9hg65!(G;^gJz0}M63 zNA){(w71wGh959L#7G(Vk+_`W$0|J%2B)qr=XWl7rwy|>s(Sw;ejndjfNk2dSjgJ~ zItWjv%8MuVy=R1E4XGWEu;o>;%%CzrLrvj6Nm1kpp@@ zVN`}-5mj&@xR{PD>|HgSNKyJ~MUkP8 z-)29ky-y;_qR2;Sja=HptKEAENPe|!{kbyMZjM2eVs1j&p@XP(=aV+`EWVy8n$LKd zpHAF&wL~-ioPdWbubk3$)w3m^%*hE+47Uj8;uWsRV#+k|%_YA~D;-f-mZ8&Cghzk_ zz!hqM)IbzaNmF1U5+M>~s)iy+9B_Qd2xef+aOadUHXZB%QC*#;LnHwa1^zt%`wD;$ z2X~2x1VVuB{w#Lr(}ap04iKGBsg5g3{On6>_3iSQO0H`8@4h^P_X0glh2!Vm*xPm* zq^>pKKaORcYN>b_tk+eC+s$6!KvcYyNwJH-Nym3O2nw;jdzXsEoQBwxwdsic8>7=3 zD`#ECaO(uyPzL~mF8yOw0;F~422&@^Foox+jtSCaB?defca+G5f)<-^v->RIzw58? zn+Xt*#gz;qwdYpVS$2C;5)kpRYf0h4%~ufxEut?3jZc5WHbN{E$eJ3+AzURq=-iFK z+u11Mf?8A9TRDAO^r2}v2_*091G219kKDEU<-=+bHoDw3GjJ`4@HhhW%$bT5(&yIP z+4PS^E69o@rG|#b`!Spr|2l?uRmpwoQHCVe3E0>4-Df&IZQGYH0OogOr|}aEqAgJ$ zvawqQcbKF3I^YwQyrR{&(&^N$3kCw(0Z++@OOV7;wtXl^VhFV}gg+h6Cbgk&>LkDH zmyqC>sAG~Wj+v)pEaFM==kkseLB2VLe+^v#3H036rU*6aH%IaBvlmEzH;R$gK*0!a ze~w~wGxT?n*OU-o9y};0i4y~ab~TQX@!_>JIPpQaR}EBrbR9D{8(Sx9cZd@w4hZY& zAPPQ;I@rb zO&eQROKMd!S9c$3B{Nrhu)DK^nFW|y9RhK`HYA)NJ}w?E5DzDpAk>g>@%?P_UNu2M zf&USnnL&&{d8YY$o)x7PsU^j!xj>wpPz&|1Em!wiU36Qe&YkKzT^nD{bsk8;8=+v% zDy+IQf3C*fa@^bsXk6B};PS&IR>4}vcq%}c65o5Y5c(o3oAt}ltE5S^#ie${(h3my zyxak@YL?|wwSfLGl?3YWksln3xtGE1+v~$4hZ=U~cQGUzm*~I$K>9Y(O;C=zL>Cq3 z{HlmTX{&1W@flI)RL9`NS~th)qp!DP5Vqp>V>Y@J&Lwg2F#PLelO5(hBSvi=aU*Wx zz%je5eha}Dx}-nwi8=SeRj**PDtYIa7eBBU zerv^KD93Yn$0E7oxsO<=Pej17dg)q@FN$pf;ZMsI45tE>lp+WR8I1)Q4iPSxpAZfa z>Q?}NvS;QOlEZl-MT6FOV+J!?6~06D(Iz0$e_TKSj|ikh2WUVYt~oTg5eH#FpAiK% z;uV>2&<(TpXG17$r7pSXuZ!C@sr-aa3-#VzTDww^;nn3-h*}`1Rn1e$QwmqKad&sV z%fVsc>cH;!TbJ1_AdVc)_O@3?Ih5_u7sv8=(Q+T&`t?aE znRjc`NTjYMa8jqAw9o`;@;G5K-lk9ml{1Geu(hxA7t zwRA!3Rb%aG5~TD)loE-Td0yX9N%vi}hjPQ|iXsL}zU%r=*jf`N`3LO>;ICrFL<>cP zZZ40sO0HJ2g{H*YvFQ6rovA+y>SrTwUQnM0;GSj)cbHZ$a@Q3`z5|n@-}+MFSJV+4 zp)Bx%1G9%90`fhMy+yG8%jd3zm0^a^om7b(rkF$-@q0mJ*3;i4^}vIeE#CpjDu*8T zo|fIdP!$*RSzuE^w`1^hQr}Lu^?iSv@v!H~BddF4dSF=Hqod3>#ueK33((#({dR)8AeTb-eqU z4kC=&|3B@u_@MzX7tdArd+oKLP425EC@APZ;nOh3IA?caMXEom9~f7@*pqdMI0 zlSZ>s1QxYN1R#3=CE+wJ7l;B-wv!)X)VQ?)(R&r7&GLGP*wV+3Sn|%5*C6NMTz zzkhCdm(yKD5*;8OZKxMw!_^!sJMh(|g+?VS+V4_IG%kUw=8jyIN8Q(f`;-c#{wu** z6y9D+!0Ogx>~W&;mNS-OH36fe^QI5p@E(85F)|FC?Pwd5 zfA&xHZ{L-w@ey2|tuc>LY7=l?vbjw#z+HsO|6bSDc-(Kh15pF@i*hw{gaxV@#DY+7 zqlU$23TS2>ZSdW=G9sWU+*-v&7mpT^mUbj&N7Dr`qROl5nTGn+?nMFI``>QM6Y92H zL3sc0LQuDbbbSs)_s22#t8o0Z!~Ru(mxjUtJwJtV{vBUzYUjW|c{lvZHc7PBVCToN z?^QUR-qU7AlTG}8@Agmp=ihoaUQ~%o(9p<6 zMiyat7Amd_I~rS+?0$a9{F~`c0z^pxJBEQQ;1cA(_(sgq3_b}nXnwIZvD6|WueGM6Z`Cj709NFrSwhjD^xSX^&hu!(s7 zAv@;6qcI1Mm3rGcn(#A}cgIUg?`A7my)-E4x%m4W)LqlUtM_=#>`0Gl?ggo8mvFKD zD2Vzd5zauOl^^^@Kl>DvsYy^Gn@-Qse`iHJ^_C&L=xX|Mn1PUpXtOMltJV@d?TZ=T zF9^uYg(sAWGF<@7Nz$lgEM5k41Q)`Rowp2md3yY&rvj-B3*OGBP4~kiQjZs^;HAHU zJL?PmZHYWklCzIWTJ%D6Vf_cnFaNRm_gT*r)PJ=7_8%yo+SmRA^@jh5{EygTE)eLa zEoS<|7GGsF)RNHX&eqD-!pt2^E$-oN197#5CO%ieAl9F((*MD#j;)g=#LJCZ^=H5f&Eu$5|J{V=Be1z(g&l4AOV3HVZ3}>= z)s~xkrxI~cGw>^NNOKQ$=*-Dj%z;34c~K>spScgx<+6e(A}_V`a`zYeg~#oD9_!JZ zALE=?=lJW~Wzrc9B24L6+va48txwb#p15wJlngXd-qYaqTOHqGXpA8L(KtYd1}T+E z>TpUI5+5Hd6g7gkQ`)knqGvSZyZkOmh@QGYT01)5iMP~g!0?s98x&)}jAl<8rD00M z+HOOk(X=IhkYg4bW`pJ?W%RH>ljWn&3E?QOkpnr4;YiD4x)_L4-JKae{4SMAhN?!c zd*aEgi+#ghYtJ;5PYf{-BfzziB&9VAj-*~&`nS*I5Po|ONvP)#{g(+(856uVWvzxVW!V9sS>_4K&qJ2HgiK{BA>29g%-8)%hp1|JDr9>G+ZV5T0wm)<2u*i zI>t<7g8g6F7Kc})-3;E2jXWqPA`O<&eQTT(^wRpd1Mhyzs_5+{-U4(FXLxOf`gbv9&dKwc`up*^X z!q;C=KYE=x*ppUdWImZ^flA%#f#da1_&~ZbHzRjYClJD2hB)d~WKOQ<|JNkP_~ceZ zpjD_^6*As@cCp{N@#EE63_xh1y>?QgTb!6LS{@oLWn+c$kXq2YvlWxWyQ^XYE!jYT zL>N6=ngYCdnRonZk8;Vv-okvq!DBzlQj*BgvGE6r-jN5A-pv6_4Y7ij%>F3K0a2tN9@Y+KZk)s*!Ydp)5KGd`3E~8G zHxAVI-7VQUc|cs(#vaJ>*Aq}WZth^$zjsg9p6R**$H~bp2oivLrt5+n=dUIx;7^X} zpK|$6dHU5U3?POE*uujVOf3O*l$^h_86YhTr+)%bYuH*lK`WC`OZ%^ja04dU<_Q?p zmcbRT2bRp26~}TZqu-m|Vlfgpd^OUT)gaj*nc-Eg5&(3T!MF%;>~-7-G=>{{WknhB z3Dfbdct&aQbD)LFiC?GsP#$MlbCl5|N*RcjTcfA#)>Ov@&15gi7nN4pPb;McY#-8i zNHZoG6>09jX{PWgAr8?0X8qaFTUr>$v6@)#4sMUma)5Gh(=n@ZKflst7-6XF!uCDC zfR^X$a7a&qkgoN(!jab{%fmu-x~xw+5y(wx`2{b<;X9a$z-pJ=JkKNuzomI!upP}t zhxrBPob$8V7njcaX<-Di3sqYz4hzUdtq~w&1h;&jK(Qgi7MUUZn2JmG(0jU<$&PazYGtzrY@t68L<(OArWE>O4W*(NzisP8!Gou6fP~O*K8ifu*?Yv8l6YxYlBT# zRPJ0Nd*k43#u{-g_ewvf&(6Dy-;qTtT#w;TPPX;*=ed`RWUX9HzujVNl2AMOM(lEB ziIWZ(MqdTgg4dx_JtC=}Ir;dqHlK4`-_YoxNE`af%37`7!+W){g=BTq zg^ePikXRZ(mmqA|+wjYtJpOxo5(%{@&Ohx58Ya1*;nU;?s+}-$1&RMIB%5qEMoa|OF`l0oC0tJwh{-d}E_;bAT* z{y&cD2Bq+~GzBcAxryi{UYVSRw{+S!@#92N%=W?l?>pTgtJ|vZS8ueWQd$DLl(T>SltlxSoVSVA##qLt2^zK-xPIC-KVYHjpvd;KLXLrJe z>RGV7oYf0&mI7HVIU!4nTAVlbCHL?>7_|{z`|#XeBBb0pmz^KieEALE;c%0B9>Wj`#$&)YnbH&;You-UGaa{N*Fdl8Xc8+EBY|g6fYGTbia4_<08YiMda)@JR<2~j zT1CcLc)SGM&>HEdL^Bx zqvyr%NHYj3sfX7SGZffY6MI(`apY@H@pGJ`f{>wyuZr#dzXv%qRC5J6gT#Kfp`jYj zpF%Z@D-F0VeY;(mWN3==vj%=$n)dVnTiLo=n6X=cU7_aTSDhOK7f$_)0<>Ii;pxWy z2a&7#ImE)v`7h&tfvoRYQ{OBu>N+}va8{kt0)1N!qz=^v3Ti|}kUU8Cml;AMgku4K z1VQ}2?*tD=#PUD$>I_wD3tO-o2T1aYCKaL(=q^Ygk1vlWoa=wS`l{OhM?azU{6D5$ z@#on^H8&4r=c-29XvPO?c=hjR!HlnKyJeQt5pQ%a!V@u)Bw~)UE{Iw4U<_l7JghOE z$R*VORsHJ;LlX#w@Zi_?B)D7QN6wQ+7!0Y{ienzOO@k7nuWXSuCrN(923J(jel`0P z|0%G`AnE>zK;$Hd_B^0G#`aX%g)^$Bt^%RJdU>UX~NWoQfbtjypiY zL(FFRm?{UCf{*Oat5p&+W~-uYhN$nfa?0INTtO&?yg+s^00U+FI$12kLI++i2>?)pa)beoeFME%pIk^T*Z zt6&1E(f?B{G5#(j5qlO~z=5J~nznh;7w$(LJ_{}^!P_*rH`0GDn(wOkWL~ugfx8IE zVlpX?h*>|HCbu13Q#rW`$FFQUT%#a>_);n`^?9z7=7&-$p;wBaPc%Ugv_h*UJC^jx zEHf|Q#J12|m*&dYU0OpC`XNVJcC(DM=h^H^y7m6v@LgDqXEg>4pB@&x1`<@bZDmvw z8gFl}7JG<#FSv|wjD&1!aDpR?uL-oUarFoYqZQIz#I8ph>@Uu_B7su%? z%JTA!Q!WK$z!xJyvwcicIe_ zt?xgyH%$33b-j(C`+eU`>p>d5^n9`0n@h+*&1W59F=w+ccd+w zni$g~;$Q9h=$t*k5>gOIZrM-U|HAn8WIFSfvEY+BaA51fES{*Ur!`aVI}CKnhzvv5 z4+n7W3LjCLJlE|mKGJ@WfuDMg-m^{Eg3VI)A+9X|Qd#h-M@d2UWrucRJ@Fl)?vDGa z$zl~{;@|jEBpDrOf94EVZ*swomB88=Th2C2`0q(2l%(%eD2miSJJyKBmYOPwQze6Q z(P8mN93h2gkIyHQv0WK&e^^0~<{2{xL%D5#FYRH46WPcESbWdSbbk0!KO5TfXUvcQ zcDD#j5z7-+Wz-#OAG=U&>{eL(t*y`oMF(&(9(CDkm!NcY5DljJ^;)63`7x~1+fJpXemg>Ei%map!5)VDp9w-0q+s!h z=U=dFC%MJqM2LYlTpw!2&=wfz8RqMS<;T)oOAhbD;&C7q8>3s_l|lF14+HZ8Gnd{5 zvZO%b``kxp4v4~S9>d~^mG5F0NcNVXG>?m^An{NNj|!SwkEEW~VX@Pd%_ak3@hp!< z??|vG|KKxeQ|!WIKy`SssQ3VKDRs_ap9p9BNDvm!?wn*DUUK55M)j10svMibxlX5- zi@l7lrgXfKMeX@RSiI;+cJ92$ZjPpU^*7^{pw3sjj_!Bed|b5Ro$>8PMBHHUvO}n5 z3`@va;R|=|cUUKIPJ8qn?LY9**mRMxE;H-T!{S}`6Cq=?^8T8IGUnyCGcNjZsJ*a{ z@NL$YXW9n8TX?|YgFoCGsXa!O9LdS(dKWRAttUP#yoQ6N3t^en=GQT?hQ&uu%IWQ; z)g8q>f0l}2XJ%b7`5@9MK_7%9x) zQ8qs(ccurx;s>y~t%w`Gd<)6Y#2?7m!*JWY6EK|*Y+P<_>$NWb5Ce<1)G?UB^Uh)? zsMJ2@p;CWte+v921@PAMSl?Au-mJ_qH2--^-b!9JSL*sTlr1lu=qyi{meO3#BA?A z_vA?}G8f3zs_Gkl(*9Yajl<-#1 zHzCR#SiInePR95{MUymc)>mH3xCm=vA4&o(6iShg23`P=N#J4eTt}(Ef}Cl*f)44= z7g3g0jF&@x4Bw`NG>lzGc`jWNX==^P5s~+uw6ZR15iplFKWXwJ-RCXKG&M*VMa*D} z(}KmnTt()=ZnM`3&)`l$$-P}~Uj#;3Hcq0b=3{0aUU!y<#pjY(Z0itrrPi|VpfV<`KB0Ov)esv+5wCIsP|kORSJ1I*5Z623>%a;jOQi8Op~mKU2V{*_Zjbo zJ^Aqb36i6*fk1tj21ubLGT6Tba0+bfTg(`4(WM>cbbzG~K4{M)3xyvyZ**nPJTW$Y zMCm}{l%nFx!fyZhQ$Jt}7H@DnK1tXmOjx+M>SJ7%V$XvlmpeKF#OEf1Y~cla{WtXU zjt>}nS$uz#vNS{ngID|6bFZhE_Ho^z10V`AcZZWYSo+Nr?;JG%s1^`9I)taC5aG-8 z+|WqEb{$2$&Z&qW1ER2a-~tWc*w6peM0uMp0lv*SSpZ##?oHD708&ZJ)M_9pEIth} z7fYPKFR^;e(rAHJXlPFj`{AU`wH#?SaVpPRiTd!xtUKH;nCmZ9NdLL)Jw4z|Bh&nQI2`M)kc~JNER8uu9J_k^B zf8v37U&x%?fkeA!X9t7_|8Q(x^i7m@o(o zpBVC`6_QEp)EyPU(%<)bu97{M6up*PXxQ;mnJ4o;VpRs1i&dyvUPp;f^@cyi?7Z)> zd22_zaqn*9C)1^^{BAV>&r)LZONV20&1||G{yIcAXunv8%~`Lm-$Io{i!pg!+8lyw zGVlha;-qy==LSDb^G7SYKc3<`lb4>;u5=5~EK|||kJuQFSblHeR8M!{D8K`eNyg;{H% zSpv(8C3Y?emcH-6pr*wLHXKzQs&PY;*Sm_bkZw^09aEtW{C(EV9v@iz8bHwKH5Q^y z&>BF^ySC}5Kxfy9Fo~wbPtU||i5~eoES|h}?#+Hb-sscXlz4oXA1vuf*efVBkQq%z zYc>aeHzHWP$OyyW%PlE^p;fv@hVEUHIYYg>{8k?_?;A@#5IxSfhsE1`mEr1pO>WgM z67?}<<11b&VOE=TZD$|b!#??}f;>rB{E{N4z7~;-oN!E{+e@}ZGNr{$_HvqA-`O5> z<{lZNzJBP8O8?+S(t@af&@dr&S>fh>AiM(U4?)+t|_8GkZEZ)B&u#B+({>1Yw zizvhyE3*S-valmyBZP2I3~c%4fZY-XaBsF&_3 z?VgBFhs(^Erc1xujMYE45JcoOg2mrW+Wof57*O!&{=*au)?3Dl_tzHtK?*Brl|8ZD z(n2@%OOR7zm2UGmBq79X#%Ge>x;KC)V}&cxXw@tH_y9Q#;)=;@lPdRLKN zItDC0x9B~*=!D3dO9?=ef1IQSeGZGiv1=Wg(`6vTq$AD^eHeFbe|z|S;E4SR72SpQ zS66Wb;se#UBPE@7yd_;U5Ab2>8|osF+J&w2M@c&qPkh_7VQlmhAIvTppQ9SWHBoT))pfWqH>kk#q@W> zk+I#x8r684p)uSUgZ|DiPA1f-CQ7R2m*EVbA*GiCxjYtHwqx0GEJk`6(@UJ7S|J2d>ZQ();c07GkX!uKrj zs_mYwY&OiFetL+C8Eg#>zVs44FRMdJBHwhDsI8zId3ud7^t>qgI*4$G^Xa05{i7S(An$70T zT^_18@DDgwLn1jVSy5zUBkdgK_lZBhXiCDk44ZopQI&0+35(|kPuaE`e2bCr<;6|B zN5j8Xlnn{XLEqEcwhQ;RE8&5~3pm;u&a+8-E|9$$I$C++J*)Qokyd-dnI|&;J%CT@ zOIZ9}75CTAt5{M(DuW5fxJyQbkpf=!E#a?ayxx(}I{SJfe!Kg{LHdpJIth?aFOy2b zoNY|4CI9?$BU}%A2a#Jf?+yENZ|%z_PaJPYasp|eZK!qRBO>v4$D?R!_w(UxQ&ima zVEGXdytCVoum3(@+`8HFL8y?hB+ar>i`3j&KfibY8{>`mQw+V=QSViCYS}UdTuCe3 z-Af9P4tB^FJq`(q*CvNe39$6V!-Adr*E zfq(b)g;zV5GVw>S&OzuZ*C*i7Ex0Txd$^sKYAy6RUa)xS2z#Yzvk8N{sevf&@DGe? z_2p`wGKr(1){ApQN37rQ*D}^^^uVc(Jo`}hUi{$~^On&8x^9p*owr6152JGH8}Wne zC7HzwvHAN!S~ zS%b|A58)MU)aT*#oR>x>A;+{|;U2%;4wx1ns=Se3n~iiAdbR1nxBsYGcIIizc;DiL zOt^HHe7@=P^3l1_jrh}o3RS0;M4FE^u{RS#5vRMJaY^{~?fP{Gyy)e*>h~3}{DW)0 z43W$rbaBq(s?WQg` z^JQ46BJ#)!4q<-}mcEVK*fBX%tNOa;*GoOGXCc;-k1~R8nP1YdrUr5M#@(=Qj?Eim zBC+AX)7k*{^NV6?rRAlVNPPTe3d*55S=kh2So)3|@3?g4yM}s;UOE#sC3%>vFKkhX ztAbM5^;=|j{UTxU&iT^l`;~%Pww35VUd(jRb1AQ*ZwYqlM#Aw-M6s!r!{S{#A;Er| z$(b3M>14fC?r{W^NaLHM^+t)}HC6-EuY+On-o%zTG?AsXFWe?dkG4{$87*D3(E=Xv zKG3B!SLFA&QLpe02`TF1ZjKmhQ?nNC6G@&YEPtpr=c3I}N)Pb_-q^a#G0~ zlO&ots{$Bc`46sWl6z0*FnR*cx**U~`kKfxiORlLh>nr18qPS%b7Oo(DR~R>C2(a9 zCF!rZvmbz_3alO->dD6Lv$ELNgu&gYhsPqwPoe7ET75>-fo~y4$A!X`F>SM-sG9_4 z+UcR*xe*V?rAz{CN%g=4o~v^*ii^x)XX=6VN4F>PyDkRa%8lNLuM#be&U;oL)PHhF zjU+IoUUYro`Mz9dqCXeg6pQ!=+Y)SllfZUGJM#AgZs)za!zH(}G^tbEFBcaHtT%vj zL*qKvxPi|gC&*}vH|Px&tmuxj*lai}|L&%s8kQ=q3AUC<4E$SCb;!kwhrX*RM$npGxjl4a}e9hP^!xP@S}OvA&m z0!#l9BlYL4Sn=5^#p!anqhOnL$r9&r!{VjZVG+Oksd=t9@NB$UPm52Y#%vnz<2K6a z+mnBmG_T&Sl_DP^@e{Q4y@A)vFU!$ddl6Mm_C{PW={S#=l*&P@)E**oVDm8?zzK`b zey-v6RDZir6yZ(|5@J;-6{=Zww0;xKk6V%T3_xcedup-@cdxD2t#r|1LHj6bbv87%(E zxF~iD2}V2DY2xF8?s6WI?XJ7h#hCOog>?~jg&VA}_@Wu_SKY1on!N8(PaE~vJBusN z@iu%b3G8^c>OiTMH|nKjx5wX1&Pu!z%udfs%Y%>{zbG$maI1cQkoT3wtv1F1mVV{E z)u?t^<%~}THErA)@^Y{28xTC_=X78En6j?RH@JYsH%!)j3G!GiPiU7psi+|1}> z!m75?7nZ%NxT!XG0E=%FMSi505JP>2S<%6IaY03I<0I1i8r?c&(NnB%j#(d7g>d#=g3BgP+$YR`*snl-j0koNhZ)B0%mVoCgeB zm-JX|r;ea?OWm+hUKSA)!<+Y zr)QZdvKogeV-yyjHWWgp(J{q zwb>`F1LG)i0+xPnj%9I!;0js3wS>AqF_In0h!6v0%!w!Q7FplhW!f9{)j=Kr?(
uuKlV$H|keI@mo%fG^}k=5A;X;qhD_=qU7Fk+(GwF zOBy7U-P;X?3u8BU1^{2ZM}|R>CY!sgq5ib1J8rBTK!(1RS-1ve09tC!P>7E zD*c2#|3>_?p!OOMlt%!X<}>pmRBE zBQo>}qjWhJ1QPH?8A~JEUvrv@?}q(c&P+OtY3WI6*bW~F9T zv)}M9U#Av!_P4d3F#CMvqk3fi{2t|_B+g}wSKpy;4pyPNTEp_QS9`2>4^vaYCJw){ zGij%^CszVkJXa%vp^tp#kBKS_i{H<8E$kac0B;k)HY1#{z3 zrvfbgfNH|5XFUx^Omx7HqF}mgaLHNkAy?CU!lb>Iyh&UtEdDUwaoQz5?Vf3Y3hV0< z^fa1JRn{NqB@7h@+& zJmb&c#4{s8j|XYRJlyc^D}lv}#l#37l~+ru-;(F0hv)Pt$1{8Ji3VB8eqVNkfJUPc z7O#m4_mRh_qf6wF^QFOI`{$T((mJok^2M^zy}_=dWHNy?PxB5s+y6#`}vj zI-{DKB$PK!Bj6 z_$w0DF@~PrYX4IJaDLj1ubYV_UI*+}=|58?4wtJ-QrqYQi}+DNd;$kh+M#a=MM}%A zS=^dOZiishUFcn5m&ZYa9=qDE)@Qofey`x80$tC?61t*~>$Qa7pxpkI=g(&xFC@78 zt48Jq^*z~a-a!z(pkEv`4LvMD{rre@K!od?C^1jBR!Twsm-qI3o^Vz((`X%KKtMM0 z69x&yU|OzwYA2PYvzkS62W)4$c1h?Di|GRw+QN0urBPBypKXfg2c!o+NU|w`@&wEC zZ(cpGIsSuZ=!@LYAMR^T&94_o@BlbnulfXi#&FC4>?=IuuZvWFzKDlnw)0pS>%LT^ z;Hb+BdQ3xjctk`VfFX2&5gC9ybbqzX!fz^u05^aQbmb^V==TkL03HB4R6bVFHUJQC zi3lSf+M?sHS;rspD0mq^)hoK!1z(V`U;sEXUQ>dw^Gz{HLc5Au6%z9`k=p8HM%f*X z(M)3bm{WiNy2`u&b+bJVp1jt08Ba9x$=dgxMMQf)@_Q9~wO@?ISDYX|_`Gi2lQ32m zbLQTe=>)y|Ka-Ehude=nra$Ea0-!-3B`ZJ+%DFhe8Ttd24hjKaptZqo^OQ&B*@no< zb1+dpA~FGh<{7IDfhU4=h*Na^p%oqH&3;mBe^~1lXTkZF83A}Sf$Y0H%YTRgD6Iy2 z!?Rw#zWittdn8TmcMBmMRBi>HVlIoL_uK!#2LwFMgXBS4`Se6}+ELT*P78*)D5bln zD@(b`G8*(^NHRK+FE|#XQ$yu2!eA zhOPj1wc?lRwRXEfrQinD5%9I9NL{z=p=Y7v6AlP?D~@oz+!Y)g^eamQ1bEbInpaX# zu0RdK&DB#1!&ppRm=G(T5^`2J zO0zE`6C33EJFQjvS+jx_&qFgRnt*^nlKfA8<5Llq2@hDkiKX9o*FKy%F636L!eUsk zaKpVNWng_UBXv+=RKlY;cxsCh@-L*K@wZapy6yqZKUPH3fUezjB?Ct2$YF(!9aiX` z3EKbPk^lgZ;3%$a72xXCbPWqPTSgEoH!FyVTFTbV{#x;IuMH{Gp#Cyv!`L6BIZL+0 zUo&VlA>QGiTs_&>#sCOgyVjm6Pk5wFF|*z``A&G$?AoUqumoYQTI$Ww=7x6OD{r=j zlSP?Qr&K9ipJuh@Yn=518aU?Jpd9qf%s}t)DY0W7`yc2{Wdd)gC9~pOu12z?nS%rL z(--QikNU-(ouMx~U$3`AZRHAay#9iQTE+Ql0iG*a{CCa$fA8*B5AVNs_n!{-zvXDJ z`u*SQJM@$6|Ki=RJ`Dfw_8rQ>FPpFvsWtx1m&pm`S((LY6gptqy(bU@u!mK3?-l>1 zil(TK%gH(oQbH?1*N|p){Exmj%wI}u%z%JUK~VWdXb@({7Xe3Bd}b1Go{ZIMYrc>hHHrhP@{e{+*Fv!Ri24#Sz} z^$c~5%QXm!I5bplJp3KcT{8S{-t`Y!jBd;wRHtLOO^SfL0g-`wuwm5iFzeFmx5WOq z_J8BAUwZvZyJ+XdCYRY{Y4&Qw>{%4;i?8*^yZ^GK!A!o9?oon-tOafV7gkR8upOsdfcuTGTP(S-XEp$Wy?v`ye_;) zKR9dKW-;nh2u&P`}?+T z?ts5?uoT*+C#0QfFo@)5Z|Pj{L+3%qYYcz`Q{TDJlRzvAqSs?*k4ut%RJ4Gi^oDn; zb`|s$mhiiQ06p(EyP}XI^EQ%0C(3YR-h=u>Mp^DYDFtL?`1bWAgp9+<`8Ox1jHx4` ziC%k*9al-rFAj9CmmXdChv6ZNFcNHt;E2Awn|zV`M6AN&PCOz8AelWSOAG81ZM?^^ zkP{={mUb&XAS!R@X)zI>t+05Z5)iN_xs)1baWO8%9!mDo&YuL;Ww$gHES^ra{*K-G zt*f`YDVp{jr6vtZ_Ky)vJ(~hjP!?3njZ9@00FveP!qYe(W9WY8R(Q~JSDOYjmoS6I zn)jj6rYH2*0pMnC=FZB=dbK7fh#UH!0Qz4QTO}RwGfonkR%$15e-YyI#fUQca120o zDc_IIv%|92d5gt+sRsRya|jigBj}5++u4*Fjvi@1K=bfyv||Ka*b7v6N#%x5xB42{ znm+EubWCmBzUU*9W}>JY@=ZZ!8sI^itQvlW9HI;5jzo;^TCoH9Z(Vcy`#*tSfBdVw z$Qqg_US&#umls`0;SZ&xc%YDw^nNngF~E2f$1a@xp4WXl3;@p8LNtSbglvA2r&=^M zXx<1lz*PRHZShE<&-4pDq;CTOcMe7xNJOI`49pNtZzQ7^ijR9JE3?m1tcMSz5D{jL zD8Q6nXh9EiBpXPO$+OwtQbX^`Xk!UtwRU#r(xz@dJ|MazoF+SejG%vWwJDpvOe9S+%OmOzKQU?@0R%e zJ`*V=tso%aZ0olA7klD^+%FNH?*P6F1hr`Xk4F5yT`0z8do_xM*+&|D8l-SzwmN8} zN1^5HmV|P4#e#{2qvc&{H?Wzjg$=uvn~8^qttGXUnWY6cAGaBsl^K|qjmMmak4@0r zikFQW#BBxw@o@8Sg3PI1pFh79(VY)?-@td&tj<{!`xY7Rm&`k`0b*A*IOk7ih zxvweF{tSILZ1pZnDx(( z{!i?1cnk2E@bR!g`Q?DFX9)e;*OJ`$xS>(PiHf?shN^kt}g@F?$wuu+fk;11Xqsv?}YYeF0I`DhQUj~SP+3=>|UNa zS8D3y-I2|N{VWUsnI}Y`OrGIKwr|H8+Ag1nS3E&4+#29)gW(pt$M}UL^ijXPwMu{} zehXYZW@mZ}Zt`A|vb$HXk@0XuC_10yeft@0S55H-W~+K#a=uo9vk8`egFy>dA7^*S z-!N(Q>Q3*ZVh7rIYIGXo5&TAKN<6eIAafeo!@<||t)9)aB@S7_j#HshAN$l!(!7kE z9xs3XF*E^2z5N|eX%B1TyL}U1PkPtg^E!rQfW2-APFIzPY zzfXT+`!|?`uIS)s>tyC|&E}P}`eV%Fg}z?3dCty-Wrr}g3@1gx^5s1x1|UKSS>*G3 zFUL^#i>7VQ;RzKk9kx(S?t~o|0UrNw$A>^bd8|goknH7-R(Cy$tAXNd-=@XNwtwe) zu<9m8hQg{$-F*EE(#BrxTv`6gtf`#ltHsg(81ohoCo5ZPD_iK=6@RM%|1eO0)l7$s zJZ?U0@gzGnpZAStCl3e<&Q~x18;`UA=~|O52$m%&E_OO6GyJm!a}EUH@$hG)G(X;n z0s(8`4Z~JrkKYu`y{ygbfb?vUdVEgCe3<|E;Vf_4x92_Lc;8JZEXV3h?xEnnKBJDL z{AV)#2VZ{`qKM(t2KF2~3rCux_%}4HWjBrnZVZ4w3r|W@;kT9EQa(mDN~^js?PQ{y zuTm3`B~0889d1y=sogvrE?ctN_NCti!iO_*d03HO+eNXXFmo92z~QS+a|qRnJG>R> z_0(I9MdmUOO7_19(SVxG?VpPe?Bq#p1T(U0{9kK@C2(eBTk1m#1qb0wHSMRH5mq@B>jbIV@(m1s# zORSLMd$(}Je@w}59e>6O!OTAvLWSozrXj!pn{jziHM@lE~ysD8fs(Gm4u#ODTfr?xTk1e;tv zR47xz?yeqS7|x`HzdEe3Ok;re2Lh^(IOW*Cu`f1dy?1MSY9IH2o@T83X6I=D_ML zR%1VoC->UDi@*+Lp8NKMi#yBGnH zNQ^Iy;MY+CqT0g*FaW_t`O1<-CuSs77K}#dyZU>A`=)2BzO2-456CGF1XzH8Djc(J z10nkU#~Y##Kdo3|$9tKEpG!>lgodN*oOPbPEbQi+gBsjan}*$$=@);d4m}j zU>luZRx8T?Y46J8p=#g$ky6aiCS+@pwTvxUBV?z=7AdB|3=@W!vC9%=j}WqEmpvq; z@Kh2)vZpNBvu|a6&yYN(XX$z0-}`*}eBSpDoHNdx`?{~|zQ6aie9wIt(-@_<3n&6l zD{~ehz#BK#Ck(rvKnrRWj{C(`HqFYK+XrK1#b8W#bMK^-g5#Qnht0B&*Qz99dOWNe z&-CuYZZS=*8^dSNBo|zbPvJ^9NEzy1U(PG=Vf$?N=C-05A*;WMt)OOzwSt!lg2^2# z8RJXu@y-sDtOYB1rVv1Euea1Qc0AxbE#&v;-Q_8~g@C^#zJ2aq7}HyZh9^2uz;uq4 zHz4P=746I3q<1fqd31DSw;2t}->o&~!%lVh&9Q~T5p85l4?Zl@?GaT7lcL)q2w{R5 zq0mUY8BT(a$WF64#(hyVr;KwWZ&*AX8ce)(KdKV~$e9QoD%4@%PlOxk76|h37R}3K zJ`gTk?p8mnhv~Vv2nF`!eyJDAS{8U?OS*R$kik+rN@Vrgb&}a;s@ z_t5aJK5bf(njvMHEfQUV+1Z1`2K+^=p;C47J}5bA_tI=d!%^Qsj_apgk3azON#`?* zDq)ib@`l`pb2ARJRb8g`iWuu7i!EUg6w=xc1#TikPpSEN`xQw!-8hs?rn#IQzWuFU zMD=fn8q~E41d8ire+w*37Ux2aH4Ht?K$9NXB9A!=iwEBvVr7rO7$Gdy(zFtAIL3%b zSq6$1BeN*&YD({Wj`F@CaUYfL34;L26D7jX7;$^|ZO+@eRD<;envSWv?o=>cI^Sr{ zaMMj63WUPnh*G8X+!%9|7=L86!G&pg<^=RHhM-?cdUjYGa`MsOT^1AgDOhyA_@aTrxXMsE`ezKdpo z$Njl%zZ7QvYQUglukU%MZB^ViBTZ*~Rv{h&AYUh)t58YJ8;I;bC9Jy(e4^y+ z*$)AfS6s;`5*83HB~T#NrZ&Z*l}AM`Za3Qv?UX(8v^*&vJ_(aJ)VHZ9#yb0MJG5_) z?0^?aX7;@g z{WWBF3j3pM%2pYNV#}tzrDmn_QIAcTZ)=%&j_B45O;VYSGf)!JA)BM>cfv{V@$eJL zq*d1}FF7rk{wUwoHBYk4Fs)1tjKk{^jV)I2Oa~MO9Q@I7#|t7QM+Jelyo4QZuh0dh zQ(c4t!OGcHQ8_8q%wJCGGUqVzH9`vKV3~gBZmjJ1C$!&;I!xOM&@3(`#N~r-zAS=27=&^QG>7SwinD6u(eEz9h;I zydXg!Cry~;DvNCf zoIf7#Obrng*v}HJ!9ns`O;)`lPmHtCnciTA z^}$Dz#>aNFZ%SRv8g7hK96U6`kyNvHd~2{puoni4!C4uZp{%VDgyaMQ4OR^ekcOrR zoE65{7-fYr`eBJ4*?ZpQpli#p-9bPqKgzyN%*-?x0+6gGCJpyL4G&Xgzz>Sf$c(kM z&6YP`CT-N}I`@i+(;5l{kfGVlvJK2eUy)?ku|`r^*2D*2?bl&X%_+`Ed-)*p)!Drl za*o+5WiUImguPt3Dzrs$)&!575WD=n#6$y+QhS%Cx2|qfkKW6Q^XwdcaC$>y@C95> z?V-z_LEiN=l@&FlMP(PP!sWa_xyCTP=|?ql)q#;L#_3A!M`sb!pm;{pCP2;2)>*xo zEsJ9rNs673QPqC;un4c7??LNqa0{7mm)bvrkX+d`G(ow9B@$t1VP;{4z*<|?t=7d$UfB@0a;KU3ww z7y=cSm!z)Hmz9wh^f?Lz&W?R~|2&yS#)8ckjvz+2DQ{!c^Dn?gKSIZtf`Gd5U;EP}g`9KLF zLBZolAtVZpI)M^}3mTz?;i5=z(^(^M6Ma$C2|o1k`gaoM+P=|F0eBFf( zYgmlg2LUGX^D6jB-2>tmc5GMXUg{gKYS52ZEqcjhtyIn@ES(Jn9CXXUE_gjU zEb94if2&=;k{8+42py2TQ|I|&#?}W&sPhQrrb~X^IPIxXO}#~G(CP?IupqPJQo2mz4r+C0u&qqhNWBN&;h}K))sWk*d|WFqS=kQ- zlDeFh?q0Job%}f|V*PSeWz>1Gh@&ZoL*nR25no55AygQKkGs>+@E(lGwRRm4v*Hv-v-H8noBMsy2b~>7ANB~p}{Y4{#@<)S^YD+9i4R9 z_f`eA!@UfsYUyv9lYWVLbyUlgK*rjfNG7)CNSvX`pCmMhWj;=1a?`rB;@G~-s!-~q zjXPD)Qt+~rWC)O8-en(~WjPD2inS?oT zw4K!F6qU>poK{vk)tmB!b}W5XNXbgt>(gO2QO{vLw<|^w`9L?AePgaREpKn}HYmz)I&=2*A=M&Bk1C zc0|CERr}%tN#Djo2P5YquSagV!%LVe59FZ0Y@d)GHq0nwuMqc*okYS z%6IZC1km3zLxmT2Z{z!Hk{gqUt0n2I@xIn#Vq=coS%5L|04=CJL0xFfg0TpFa+jae zD9MWib$p;RFO*;8hqj3=C{p*E$8hGYf|X z*C0ZaYlp(Z^u%E}6Y%f1FW7-!5Z^d4bFi=^oT4$`Z%9C01XwTn{sGDkC-A)mGzy6W z_vJ-wG=f+!-5|i1g5kb})$7eski))}bwIsfE#PP~3rkCT@EC0kUn}y!;oxwUAXIT+ zKUMIdAV-;5qyEWle@68bu!aoyn{7{QqZ>^1lZZLN3hTVv}d zJQ#Ch;`TPR{5SnYZuV=_OK_9b(A0WJa@d{?!B|`9hjsP zsgTcR%G@2YU89Lpn#9T%z({1OKWLW1&2##n>X$T|8LMHgkxD!FuG`K-Y&jqVOxbRt zi#6VW05C9VBO4^v5ZoepJ;!4W1E=UF;QSsqkl(KSY3SGlFphNu<6a+Xs)VHgMl_%} zz9ZH@g*Vpk?QEv1U>x7^j;I~@Kk5bt41~Zf7`O!l{~QIk!r*@d2RClH34|M;tRvw@ zBmV#j|MOV*4GjOmjeiae*Wi$ReeSD*H3$N3{oy!*@$e8P`nody5;{Q{{{~Bl0OTjI z6TIiY2cF+Mu%Qrwyclp3Y%8R>5y=1DP{lt0*-i8PjcWcHX8%Ps{0?W=$H=MIOH3 z-zNF?xaw7p189g~Xf1Qq;9Z_Ww+v%j>!hpB`Y3uZbl*ExPTCFdZ;67zoG|*2(;J3( zYn+8Sfsyw^G9f|0eEOgaiMGDlZ$e<4K!r9(@Ql**G$v#HW`atP! zw`ruAKyL4C@qBt!Vo@FbP*fNk`QPaUZRJ(eNc+`k>=Lld~KqPLwG&<%WA!RakWS; z8J*u#m!ZrQkR6v^XKv9l((`jCU!_M zc7sn~=4sT0AKwu*ohPO+_^xL*)Xha) z!F-IU;{MdjD85fuoB0HKKuZyDtXa{P~~b9K4^$* zQlncI0@$#pw?4(mRP^D6lqEx}#l$sE>SUKBZhKpr{_%?*S0xmvE+lU_mF-M38HA_r z!A~6pPLPVk@F-DSshjs5IoTx70>5~0d(**NiY}zJrP815w~p)0ycLl+zgk82;+w|P zIadllYA!g&tBv2Xm%73Xk_cP&Ys?A-JS^wj5qQUqGc2+Vo7%zb=caVZ&Q3(!CS4o~ zP&<~^?%duGa_sQ6xUhko8y=HnuPZH_wT1gudY8G(Q=GJpyyDh!!;7W>d|Z+@l}sVa1y*|*-Ks6{!O`{+1UQgH;!9#% z7o}8IWWV>L@xWAha3fOk)bpy5@c4pyiyA24q<=pbl6>a?ITdSQ_wHzT!CX?#2zFN^ zx@N?uTGr0fN`{4T*6>JTa6?|2&cc2tqQMRNJfKjPNPEI?`lAH4x^%(Eq?`8MdZF{N z3ls>MVim1n2vDHsQIZq4n^wQ%YGSG{%gJd<@81G#RU>n%+~;wfE9DW8Eu5o`-pWo7MC8fi|#Y< z)PLK-h571nVWOS((E~=G_@0%(CkKqVv~Q-K)VQ{_B>%eziAWy!pxpbxB*xpF#c}dC zZGd2bOL&m)Nq1AzWa?9CEcE$m=l$adDLt}}{uYxr@~mg6b`2i71JV{E^qv{qd>^ea zG1jG&i1KjE{ZxG@jcI%l=o}Py+XdMZs8lvJ+MJ12SLeXHi6oN{+t3c=y?;-P6Umg= z{c?7PeZJFO>AelZhb{ZR9;uQBAE2tWX=F@jpv3XWzg(r=Bmd@LXW%q4m1E_lHuJ>_ zg%Bw4x@@9Ia$q=7U#K==VY)tPcInRNGpxU5E4S&$V=mqnd_-EY_aUs$wC`BQZ}Icz z7PrduO-CCcACXMir*@`i#9Y4cn3p^~T)=zBgOa&%2=G`W@$F5h+YYxKi@AXghYIH) zsEZ8bk>UVlB!BDMMHpB}l1U0_^IA?yzC_KMnCQnnlOxn=8?D?Eku6u)C=OZKnV5!Y zENi!_DAxEoHawsFhjt_6yNKlZ)sQ?bu242uINU{I6n9;GNjRdAJ-r74*kiI&1PgZ{ z&x#g~RPJ>i*D2${4bY=%heVZL@u9GEP{1WBk*>naMvkY!OG{x$kW5MqAO9}+DfjRT z$4Iiz8JFHQr1U1`vAfu2B(9v^%U`TbH17z{tNeXo<7aYiL<;_;m{=s5u)FT?n}Adu z>YU;AV(KvUAyB&wB`r7r ztbxSa?|SQPn+Ps0!y>p;>oA{ZzJN!P<0*;78yVzsBb-^5orq;M55jX}o9+!EB?kM` zLd#!d#E4XRI6AGKd0fED4I)Fq_63rvZ1DzUgSb=9!ah#FGtZcNe#LL5ttidD`$etw zq`|)FJiDjy5CJGKCu*;j#b~;cVVPupuC-~5{!v4qv(drJ%f-3_5~{{k9PVAizIA&3 z{E}R_{P;(~j$5Q(%S*!kH;OvnXoc%Fo$ui;5ktJG&v}`#m#4@_Af!nWt29fEsbGfy z3Vq>)MY1bi&C)b!o?omQhFhKKI5K^Pnrn^i4Hsugpg;p$H!e;&JmCn*lsPx}Hp+OG z@Y2{a;dE;UoPWYdOUL`ia2dI0wYwtA)78R#$hruN_Fs0A$QU(!c^w?-uJ|kNpL~oK z^mY}ZQ+9!iHjTASP&BQ4Dk_(kHICwJ^lce0O5SL-!Ri4&ONm$BAlo;)Wf>QljD4!` z7KPT=amYJ=^^GUJ?#fumExY9ct^winCdcLQeY!N5yPh_8#svw+FhyBmQD%fk%RpnG z#QsfVY^9?6VPs#7#vY*YIMp=!L?DD=KiNPB=!QQrGq-#r7_ZXKe!^pvw0>DH6TBQx!dYHQD zQqJ`gd%T#iNa(~RU}~cA%7;!hx9KG)aAJP<^7(tZ+KTE1=cR?l{7spb>Z=wNQqLBDOlf7-#ME6}tG$(8w#Li*8A{O)iI`t0^0Yj}?hRc^1q8!I-xmf+ zyi#d$Yyfq~9X7X9s+hUe`qh0wg*#a*;%SntQz0JqyygXcIR)6cRz+_^P`Avm0y!|R7s!LLNL zj6Hb1;;v&E+8rZ%HI0Fn`PeQm0|*eOBf1>9@>KkTt?0+A2XDjy{=z-F3aiQYjq>AR z=U?rH0)gyo^~*C?;<%v^l0{dl9%mk{<%<|TvVG*#untWgyF{C}*0geJNWeD1L8C$i zXeLqgvJskZY6&20fU&tTjI5ZcqkCcYg>yWjC)=75yb2eT!y!QHb_r8Q&&(46d5^NL z-V!SuKN4@K{^I?)2fAbJb^7@X;F_ue8Q*V@zp__Q(H3{={ZS3~;+F%Y2FeRTBjjmTsEIH&8S`pL-4QZu}=$sHqc;B%=w zB(L;_2k4UcGX2b9sZ!*{PtCl&*<(T}{br env_vars = 6; -} - -message SemanticVersion { - uint32 major = 1; - uint32 minor = 2; - uint32 patch = 3; -} - -message AttestedCosState { - ContainerState container = 1; - SemanticVersion cos_version = 2; - SemanticVersion launcher_version = 3; -} - -// The verified state of a booted machine, obtained from an Attestation -message MachineState { - PlatformState platform = 1; - - SecureBootState secure_boot = 2; - - // The complete parsed TCG Event Log, including those events used to - // create the PlatformState. - repeated Event raw_events = 3; - // The hash algorithm used when verifying the Attestation. This indicates: - // - which PCR bank was used for for quote validation and event log replay - // - the hash algorithm used to calculate event digests - tpm.HashAlgo hash = 4; - - // GrubState grub = 5; - - // LinuxKernelState linux_kernel = 6; - - AttestedCosState cos = 7; -} - -// A policy dictating which values of PlatformState to allow -message PlatformPolicy { - // If PlatformState.firmware contains a scrtm_version_id, it must appear - // in this list. For use with a GCE VM, minimum_gce_firmware_version is - // often a better alternative. - repeated bytes allowed_scrtm_version_ids = 1; - // If PlatformState.firmware contains a minimum_gce_firmware_version, it must - // be greater than or equal to this value. Currently, the max version is 1. - uint32 minimum_gce_firmware_version = 2; - // The PlatformState's technology must be at least as secure as - // the specified minimum_technology (i.e. AMD_SEV_ES > AMD_SEV > NONE). - GCEConfidentialTechnology minimum_technology = 3; -} - -// A policy dictating which type of MachineStates to allow -message Policy { - PlatformPolicy platform = 1; - - // SecureBootPolicy secure_boot = 2; -} diff --git a/vendor/github.com/google/go-tpm-tools/proto/attest/attest.pb.go b/vendor/github.com/google/go-tpm-tools/proto/attest/attest.pb.go deleted file mode 100644 index b22de661f..000000000 --- a/vendor/github.com/google/go-tpm-tools/proto/attest/attest.pb.go +++ /dev/null @@ -1,1613 +0,0 @@ -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.27.1 -// protoc v3.19.1 -// source: attest.proto - -package attest - -import ( - tpm "github.com/google/go-tpm-tools/proto/tpm" - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -// Type of hardware technology used to protect this instance -type GCEConfidentialTechnology int32 - -const ( - GCEConfidentialTechnology_NONE GCEConfidentialTechnology = 0 - GCEConfidentialTechnology_AMD_SEV GCEConfidentialTechnology = 1 - GCEConfidentialTechnology_AMD_SEV_ES GCEConfidentialTechnology = 2 -) - -// Enum value maps for GCEConfidentialTechnology. -var ( - GCEConfidentialTechnology_name = map[int32]string{ - 0: "NONE", - 1: "AMD_SEV", - 2: "AMD_SEV_ES", - } - GCEConfidentialTechnology_value = map[string]int32{ - "NONE": 0, - "AMD_SEV": 1, - "AMD_SEV_ES": 2, - } -) - -func (x GCEConfidentialTechnology) Enum() *GCEConfidentialTechnology { - p := new(GCEConfidentialTechnology) - *p = x - return p -} - -func (x GCEConfidentialTechnology) String() string { - return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) -} - -func (GCEConfidentialTechnology) Descriptor() protoreflect.EnumDescriptor { - return file_attest_proto_enumTypes[0].Descriptor() -} - -func (GCEConfidentialTechnology) Type() protoreflect.EnumType { - return &file_attest_proto_enumTypes[0] -} - -func (x GCEConfidentialTechnology) Number() protoreflect.EnumNumber { - return protoreflect.EnumNumber(x) -} - -// Deprecated: Use GCEConfidentialTechnology.Descriptor instead. -func (GCEConfidentialTechnology) EnumDescriptor() ([]byte, []int) { - return file_attest_proto_rawDescGZIP(), []int{0} -} - -// Common, publicly-listed certificates by different vendors. -type WellKnownCertificate int32 - -const ( - WellKnownCertificate_UNKNOWN WellKnownCertificate = 0 - // Microsoft certs: - // https://go.microsoft.com/fwlink/p/?linkid=321192 - WellKnownCertificate_MS_WINDOWS_PROD_PCA_2011 WellKnownCertificate = 1 - // https://go.microsoft.com/fwlink/p/?linkid=321194 - WellKnownCertificate_MS_THIRD_PARTY_UEFI_CA_2011 WellKnownCertificate = 2 -) - -// Enum value maps for WellKnownCertificate. -var ( - WellKnownCertificate_name = map[int32]string{ - 0: "UNKNOWN", - 1: "MS_WINDOWS_PROD_PCA_2011", - 2: "MS_THIRD_PARTY_UEFI_CA_2011", - } - WellKnownCertificate_value = map[string]int32{ - "UNKNOWN": 0, - "MS_WINDOWS_PROD_PCA_2011": 1, - "MS_THIRD_PARTY_UEFI_CA_2011": 2, - } -) - -func (x WellKnownCertificate) Enum() *WellKnownCertificate { - p := new(WellKnownCertificate) - *p = x - return p -} - -func (x WellKnownCertificate) String() string { - return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) -} - -func (WellKnownCertificate) Descriptor() protoreflect.EnumDescriptor { - return file_attest_proto_enumTypes[1].Descriptor() -} - -func (WellKnownCertificate) Type() protoreflect.EnumType { - return &file_attest_proto_enumTypes[1] -} - -func (x WellKnownCertificate) Number() protoreflect.EnumNumber { - return protoreflect.EnumNumber(x) -} - -// Deprecated: Use WellKnownCertificate.Descriptor instead. -func (WellKnownCertificate) EnumDescriptor() ([]byte, []int) { - return file_attest_proto_rawDescGZIP(), []int{1} -} - -// The container's restart policy. -// See the following Kubernetes documentation for more details: -// https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy -// Note that these enum variants do not conform to the standard Protocol Buffers -// Style Guide so that RestartPolicy_name, RestartPolicy_value, and -// RestartPolicy.String() match the values used by Kubernetes and others. -type RestartPolicy int32 - -const ( - RestartPolicy_Always RestartPolicy = 0 - RestartPolicy_OnFailure RestartPolicy = 1 - RestartPolicy_Never RestartPolicy = 2 -) - -// Enum value maps for RestartPolicy. -var ( - RestartPolicy_name = map[int32]string{ - 0: "Always", - 1: "OnFailure", - 2: "Never", - } - RestartPolicy_value = map[string]int32{ - "Always": 0, - "OnFailure": 1, - "Never": 2, - } -) - -func (x RestartPolicy) Enum() *RestartPolicy { - p := new(RestartPolicy) - *p = x - return p -} - -func (x RestartPolicy) String() string { - return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) -} - -func (RestartPolicy) Descriptor() protoreflect.EnumDescriptor { - return file_attest_proto_enumTypes[2].Descriptor() -} - -func (RestartPolicy) Type() protoreflect.EnumType { - return &file_attest_proto_enumTypes[2] -} - -func (x RestartPolicy) Number() protoreflect.EnumNumber { - return protoreflect.EnumNumber(x) -} - -// Deprecated: Use RestartPolicy.Descriptor instead. -func (RestartPolicy) EnumDescriptor() ([]byte, []int) { - return file_attest_proto_rawDescGZIP(), []int{2} -} - -// Information uniquely identifying a GCE instance. Can be used to create an -// instance URL, which can then be used with GCE APIs. Formatted like: -// https://www.googleapis.com/compute/v1/projects/{project_id}/zones/{zone}/instances/{instance_name} -type GCEInstanceInfo struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Zone string `protobuf:"bytes,1,opt,name=zone,proto3" json:"zone,omitempty"` - ProjectId string `protobuf:"bytes,2,opt,name=project_id,json=projectId,proto3" json:"project_id,omitempty"` - ProjectNumber uint64 `protobuf:"varint,3,opt,name=project_number,json=projectNumber,proto3" json:"project_number,omitempty"` - InstanceName string `protobuf:"bytes,4,opt,name=instance_name,json=instanceName,proto3" json:"instance_name,omitempty"` - InstanceId uint64 `protobuf:"varint,5,opt,name=instance_id,json=instanceId,proto3" json:"instance_id,omitempty"` -} - -func (x *GCEInstanceInfo) Reset() { - *x = GCEInstanceInfo{} - if protoimpl.UnsafeEnabled { - mi := &file_attest_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *GCEInstanceInfo) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*GCEInstanceInfo) ProtoMessage() {} - -func (x *GCEInstanceInfo) ProtoReflect() protoreflect.Message { - mi := &file_attest_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use GCEInstanceInfo.ProtoReflect.Descriptor instead. -func (*GCEInstanceInfo) Descriptor() ([]byte, []int) { - return file_attest_proto_rawDescGZIP(), []int{0} -} - -func (x *GCEInstanceInfo) GetZone() string { - if x != nil { - return x.Zone - } - return "" -} - -func (x *GCEInstanceInfo) GetProjectId() string { - if x != nil { - return x.ProjectId - } - return "" -} - -func (x *GCEInstanceInfo) GetProjectNumber() uint64 { - if x != nil { - return x.ProjectNumber - } - return 0 -} - -func (x *GCEInstanceInfo) GetInstanceName() string { - if x != nil { - return x.InstanceName - } - return "" -} - -func (x *GCEInstanceInfo) GetInstanceId() uint64 { - if x != nil { - return x.InstanceId - } - return 0 -} - -type Attestation struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Attestation Key (AK) Public Area, encoded as a TPMT_PUBLIC - AkPub []byte `protobuf:"bytes,1,opt,name=ak_pub,json=akPub,proto3" json:"ak_pub,omitempty"` - // Quotes over all supported PCR banks - Quotes []*tpm.Quote `protobuf:"bytes,2,rep,name=quotes,proto3" json:"quotes,omitempty"` - // TCG Event Log, encoded in the raw binary format. - // Can be SHA-1 or crypto-agile. - EventLog []byte `protobuf:"bytes,3,opt,name=event_log,json=eventLog,proto3" json:"event_log,omitempty"` - // Optional information about a GCE instance, unused outside of GCE - InstanceInfo *GCEInstanceInfo `protobuf:"bytes,4,opt,name=instance_info,json=instanceInfo,proto3" json:"instance_info,omitempty"` - // A TCG Canonical Event Log. - CanonicalEventLog []byte `protobuf:"bytes,5,opt,name=canonical_event_log,json=canonicalEventLog,proto3" json:"canonical_event_log,omitempty"` - // Attestation Key (AK) Certificate, encoded as ASN.1 DER. - // Optional. - AkCert []byte `protobuf:"bytes,6,opt,name=ak_cert,json=akCert,proto3" json:"ak_cert,omitempty"` -} - -func (x *Attestation) Reset() { - *x = Attestation{} - if protoimpl.UnsafeEnabled { - mi := &file_attest_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Attestation) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Attestation) ProtoMessage() {} - -func (x *Attestation) ProtoReflect() protoreflect.Message { - mi := &file_attest_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Attestation.ProtoReflect.Descriptor instead. -func (*Attestation) Descriptor() ([]byte, []int) { - return file_attest_proto_rawDescGZIP(), []int{1} -} - -func (x *Attestation) GetAkPub() []byte { - if x != nil { - return x.AkPub - } - return nil -} - -func (x *Attestation) GetQuotes() []*tpm.Quote { - if x != nil { - return x.Quotes - } - return nil -} - -func (x *Attestation) GetEventLog() []byte { - if x != nil { - return x.EventLog - } - return nil -} - -func (x *Attestation) GetInstanceInfo() *GCEInstanceInfo { - if x != nil { - return x.InstanceInfo - } - return nil -} - -func (x *Attestation) GetCanonicalEventLog() []byte { - if x != nil { - return x.CanonicalEventLog - } - return nil -} - -func (x *Attestation) GetAkCert() []byte { - if x != nil { - return x.AkCert - } - return nil -} - -// The platform/firmware state for this instance -type PlatformState struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Types that are assignable to Firmware: - // *PlatformState_ScrtmVersionId - // *PlatformState_GceVersion - Firmware isPlatformState_Firmware `protobuf_oneof:"firmware"` - // Set to NONE on non-GCE instances or non-Confidential Shielded GCE instances - Technology GCEConfidentialTechnology `protobuf:"varint,3,opt,name=technology,proto3,enum=attest.GCEConfidentialTechnology" json:"technology,omitempty"` - // Only set for GCE instances - InstanceInfo *GCEInstanceInfo `protobuf:"bytes,4,opt,name=instance_info,json=instanceInfo,proto3" json:"instance_info,omitempty"` -} - -func (x *PlatformState) Reset() { - *x = PlatformState{} - if protoimpl.UnsafeEnabled { - mi := &file_attest_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *PlatformState) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*PlatformState) ProtoMessage() {} - -func (x *PlatformState) ProtoReflect() protoreflect.Message { - mi := &file_attest_proto_msgTypes[2] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use PlatformState.ProtoReflect.Descriptor instead. -func (*PlatformState) Descriptor() ([]byte, []int) { - return file_attest_proto_rawDescGZIP(), []int{2} -} - -func (m *PlatformState) GetFirmware() isPlatformState_Firmware { - if m != nil { - return m.Firmware - } - return nil -} - -func (x *PlatformState) GetScrtmVersionId() []byte { - if x, ok := x.GetFirmware().(*PlatformState_ScrtmVersionId); ok { - return x.ScrtmVersionId - } - return nil -} - -func (x *PlatformState) GetGceVersion() uint32 { - if x, ok := x.GetFirmware().(*PlatformState_GceVersion); ok { - return x.GceVersion - } - return 0 -} - -func (x *PlatformState) GetTechnology() GCEConfidentialTechnology { - if x != nil { - return x.Technology - } - return GCEConfidentialTechnology_NONE -} - -func (x *PlatformState) GetInstanceInfo() *GCEInstanceInfo { - if x != nil { - return x.InstanceInfo - } - return nil -} - -type isPlatformState_Firmware interface { - isPlatformState_Firmware() -} - -type PlatformState_ScrtmVersionId struct { - // Raw S-CRTM version identifier (EV_S_CRTM_VERSION) - ScrtmVersionId []byte `protobuf:"bytes,1,opt,name=scrtm_version_id,json=scrtmVersionId,proto3,oneof"` -} - -type PlatformState_GceVersion struct { - // Virtual GCE firmware version (parsed from S-CRTM version id) - GceVersion uint32 `protobuf:"varint,2,opt,name=gce_version,json=gceVersion,proto3,oneof"` -} - -func (*PlatformState_ScrtmVersionId) isPlatformState_Firmware() {} - -func (*PlatformState_GceVersion) isPlatformState_Firmware() {} - -// A parsed event from the TCG event log -type Event struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // The Platform Control Register (PCR) this event was extended into. - PcrIndex uint32 `protobuf:"varint,1,opt,name=pcr_index,json=pcrIndex,proto3" json:"pcr_index,omitempty"` - // The type of this event. Note that this value is not verified, so it should - // only be used as a hint during event parsing. - UntrustedType uint32 `protobuf:"varint,2,opt,name=untrusted_type,json=untrustedType,proto3" json:"untrusted_type,omitempty"` - // The raw data associated to this event. The meaning of this data is - // specific to the type of the event. - Data []byte `protobuf:"bytes,3,opt,name=data,proto3" json:"data,omitempty"` - // The event digest actually extended into the TPM. This is often the hash of - // the data field, but in some cases it may have a type-specific calculation. - Digest []byte `protobuf:"bytes,4,opt,name=digest,proto3" json:"digest,omitempty"` - // This is true if hash(data) == digest. - DigestVerified bool `protobuf:"varint,5,opt,name=digest_verified,json=digestVerified,proto3" json:"digest_verified,omitempty"` -} - -func (x *Event) Reset() { - *x = Event{} - if protoimpl.UnsafeEnabled { - mi := &file_attest_proto_msgTypes[3] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Event) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Event) ProtoMessage() {} - -func (x *Event) ProtoReflect() protoreflect.Message { - mi := &file_attest_proto_msgTypes[3] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Event.ProtoReflect.Descriptor instead. -func (*Event) Descriptor() ([]byte, []int) { - return file_attest_proto_rawDescGZIP(), []int{3} -} - -func (x *Event) GetPcrIndex() uint32 { - if x != nil { - return x.PcrIndex - } - return 0 -} - -func (x *Event) GetUntrustedType() uint32 { - if x != nil { - return x.UntrustedType - } - return 0 -} - -func (x *Event) GetData() []byte { - if x != nil { - return x.Data - } - return nil -} - -func (x *Event) GetDigest() []byte { - if x != nil { - return x.Digest - } - return nil -} - -func (x *Event) GetDigestVerified() bool { - if x != nil { - return x.DigestVerified - } - return false -} - -type Certificate struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // The representation of the certificate. If the certificate matches a - // well-known certificate above, representation should contain the value in - // the enum. Otherwise, it will contain the raw DER. - // - // Types that are assignable to Representation: - // *Certificate_Der - // *Certificate_WellKnown - Representation isCertificate_Representation `protobuf_oneof:"representation"` -} - -func (x *Certificate) Reset() { - *x = Certificate{} - if protoimpl.UnsafeEnabled { - mi := &file_attest_proto_msgTypes[4] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Certificate) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Certificate) ProtoMessage() {} - -func (x *Certificate) ProtoReflect() protoreflect.Message { - mi := &file_attest_proto_msgTypes[4] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Certificate.ProtoReflect.Descriptor instead. -func (*Certificate) Descriptor() ([]byte, []int) { - return file_attest_proto_rawDescGZIP(), []int{4} -} - -func (m *Certificate) GetRepresentation() isCertificate_Representation { - if m != nil { - return m.Representation - } - return nil -} - -func (x *Certificate) GetDer() []byte { - if x, ok := x.GetRepresentation().(*Certificate_Der); ok { - return x.Der - } - return nil -} - -func (x *Certificate) GetWellKnown() WellKnownCertificate { - if x, ok := x.GetRepresentation().(*Certificate_WellKnown); ok { - return x.WellKnown - } - return WellKnownCertificate_UNKNOWN -} - -type isCertificate_Representation interface { - isCertificate_Representation() -} - -type Certificate_Der struct { - // DER representation of the certificate. - Der []byte `protobuf:"bytes,1,opt,name=der,proto3,oneof"` -} - -type Certificate_WellKnown struct { - WellKnown WellKnownCertificate `protobuf:"varint,2,opt,name=well_known,json=wellKnown,proto3,enum=attest.WellKnownCertificate,oneof"` -} - -func (*Certificate_Der) isCertificate_Representation() {} - -func (*Certificate_WellKnown) isCertificate_Representation() {} - -// A Secure Boot database containing lists of hashes and certificates, -// as defined by section 32.4.1 Signature Database in the UEFI spec. -type Database struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Certs []*Certificate `protobuf:"bytes,1,rep,name=certs,proto3" json:"certs,omitempty"` - Hashes [][]byte `protobuf:"bytes,2,rep,name=hashes,proto3" json:"hashes,omitempty"` -} - -func (x *Database) Reset() { - *x = Database{} - if protoimpl.UnsafeEnabled { - mi := &file_attest_proto_msgTypes[5] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Database) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Database) ProtoMessage() {} - -func (x *Database) ProtoReflect() protoreflect.Message { - mi := &file_attest_proto_msgTypes[5] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Database.ProtoReflect.Descriptor instead. -func (*Database) Descriptor() ([]byte, []int) { - return file_attest_proto_rawDescGZIP(), []int{5} -} - -func (x *Database) GetCerts() []*Certificate { - if x != nil { - return x.Certs - } - return nil -} - -func (x *Database) GetHashes() [][]byte { - if x != nil { - return x.Hashes - } - return nil -} - -// The Secure Boot state for this instance. -type SecureBootState struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Whether Secure Boot is enabled. - Enabled bool `protobuf:"varint,1,opt,name=enabled,proto3" json:"enabled,omitempty"` - // The Secure Boot signature (allowed) database. - Db *Database `protobuf:"bytes,2,opt,name=db,proto3" json:"db,omitempty"` - // The Secure Boot revoked signature (forbidden) database. - Dbx *Database `protobuf:"bytes,3,opt,name=dbx,proto3" json:"dbx,omitempty"` - // Authority events post-separator. Pre-separator authorities - // are currently not supported. - Authority *Database `protobuf:"bytes,4,opt,name=authority,proto3" json:"authority,omitempty"` -} - -func (x *SecureBootState) Reset() { - *x = SecureBootState{} - if protoimpl.UnsafeEnabled { - mi := &file_attest_proto_msgTypes[6] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *SecureBootState) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*SecureBootState) ProtoMessage() {} - -func (x *SecureBootState) ProtoReflect() protoreflect.Message { - mi := &file_attest_proto_msgTypes[6] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use SecureBootState.ProtoReflect.Descriptor instead. -func (*SecureBootState) Descriptor() ([]byte, []int) { - return file_attest_proto_rawDescGZIP(), []int{6} -} - -func (x *SecureBootState) GetEnabled() bool { - if x != nil { - return x.Enabled - } - return false -} - -func (x *SecureBootState) GetDb() *Database { - if x != nil { - return x.Db - } - return nil -} - -func (x *SecureBootState) GetDbx() *Database { - if x != nil { - return x.Dbx - } - return nil -} - -func (x *SecureBootState) GetAuthority() *Database { - if x != nil { - return x.Authority - } - return nil -} - -type ContainerState struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - ImageReference string `protobuf:"bytes,1,opt,name=image_reference,json=imageReference,proto3" json:"image_reference,omitempty"` - // Digest of the registry's image manifest, which contains a list of the - // layers comprising the image. - ImageDigest string `protobuf:"bytes,2,opt,name=image_digest,json=imageDigest,proto3" json:"image_digest,omitempty"` - RestartPolicy RestartPolicy `protobuf:"varint,3,opt,name=restart_policy,json=restartPolicy,proto3,enum=attest.RestartPolicy" json:"restart_policy,omitempty"` - // Digest of the local image configuration object, containing config items - // such as local layer digests. - ImageId string `protobuf:"bytes,4,opt,name=image_id,json=imageId,proto3" json:"image_id,omitempty"` - Args []string `protobuf:"bytes,5,rep,name=args,proto3" json:"args,omitempty"` - EnvVars map[string]string `protobuf:"bytes,6,rep,name=env_vars,json=envVars,proto3" json:"env_vars,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` -} - -func (x *ContainerState) Reset() { - *x = ContainerState{} - if protoimpl.UnsafeEnabled { - mi := &file_attest_proto_msgTypes[7] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *ContainerState) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*ContainerState) ProtoMessage() {} - -func (x *ContainerState) ProtoReflect() protoreflect.Message { - mi := &file_attest_proto_msgTypes[7] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use ContainerState.ProtoReflect.Descriptor instead. -func (*ContainerState) Descriptor() ([]byte, []int) { - return file_attest_proto_rawDescGZIP(), []int{7} -} - -func (x *ContainerState) GetImageReference() string { - if x != nil { - return x.ImageReference - } - return "" -} - -func (x *ContainerState) GetImageDigest() string { - if x != nil { - return x.ImageDigest - } - return "" -} - -func (x *ContainerState) GetRestartPolicy() RestartPolicy { - if x != nil { - return x.RestartPolicy - } - return RestartPolicy_Always -} - -func (x *ContainerState) GetImageId() string { - if x != nil { - return x.ImageId - } - return "" -} - -func (x *ContainerState) GetArgs() []string { - if x != nil { - return x.Args - } - return nil -} - -func (x *ContainerState) GetEnvVars() map[string]string { - if x != nil { - return x.EnvVars - } - return nil -} - -type SemanticVersion struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Major uint32 `protobuf:"varint,1,opt,name=major,proto3" json:"major,omitempty"` - Minor uint32 `protobuf:"varint,2,opt,name=minor,proto3" json:"minor,omitempty"` - Patch uint32 `protobuf:"varint,3,opt,name=patch,proto3" json:"patch,omitempty"` -} - -func (x *SemanticVersion) Reset() { - *x = SemanticVersion{} - if protoimpl.UnsafeEnabled { - mi := &file_attest_proto_msgTypes[8] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *SemanticVersion) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*SemanticVersion) ProtoMessage() {} - -func (x *SemanticVersion) ProtoReflect() protoreflect.Message { - mi := &file_attest_proto_msgTypes[8] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use SemanticVersion.ProtoReflect.Descriptor instead. -func (*SemanticVersion) Descriptor() ([]byte, []int) { - return file_attest_proto_rawDescGZIP(), []int{8} -} - -func (x *SemanticVersion) GetMajor() uint32 { - if x != nil { - return x.Major - } - return 0 -} - -func (x *SemanticVersion) GetMinor() uint32 { - if x != nil { - return x.Minor - } - return 0 -} - -func (x *SemanticVersion) GetPatch() uint32 { - if x != nil { - return x.Patch - } - return 0 -} - -type AttestedCosState struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Container *ContainerState `protobuf:"bytes,1,opt,name=container,proto3" json:"container,omitempty"` - CosVersion *SemanticVersion `protobuf:"bytes,2,opt,name=cos_version,json=cosVersion,proto3" json:"cos_version,omitempty"` - LauncherVersion *SemanticVersion `protobuf:"bytes,3,opt,name=launcher_version,json=launcherVersion,proto3" json:"launcher_version,omitempty"` -} - -func (x *AttestedCosState) Reset() { - *x = AttestedCosState{} - if protoimpl.UnsafeEnabled { - mi := &file_attest_proto_msgTypes[9] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *AttestedCosState) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*AttestedCosState) ProtoMessage() {} - -func (x *AttestedCosState) ProtoReflect() protoreflect.Message { - mi := &file_attest_proto_msgTypes[9] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use AttestedCosState.ProtoReflect.Descriptor instead. -func (*AttestedCosState) Descriptor() ([]byte, []int) { - return file_attest_proto_rawDescGZIP(), []int{9} -} - -func (x *AttestedCosState) GetContainer() *ContainerState { - if x != nil { - return x.Container - } - return nil -} - -func (x *AttestedCosState) GetCosVersion() *SemanticVersion { - if x != nil { - return x.CosVersion - } - return nil -} - -func (x *AttestedCosState) GetLauncherVersion() *SemanticVersion { - if x != nil { - return x.LauncherVersion - } - return nil -} - -// The verified state of a booted machine, obtained from an Attestation -type MachineState struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Platform *PlatformState `protobuf:"bytes,1,opt,name=platform,proto3" json:"platform,omitempty"` - SecureBoot *SecureBootState `protobuf:"bytes,2,opt,name=secure_boot,json=secureBoot,proto3" json:"secure_boot,omitempty"` - // The complete parsed TCG Event Log, including those events used to - // create the PlatformState. - RawEvents []*Event `protobuf:"bytes,3,rep,name=raw_events,json=rawEvents,proto3" json:"raw_events,omitempty"` - // The hash algorithm used when verifying the Attestation. This indicates: - // - which PCR bank was used for for quote validation and event log replay - // - the hash algorithm used to calculate event digests - Hash tpm.HashAlgo `protobuf:"varint,4,opt,name=hash,proto3,enum=tpm.HashAlgo" json:"hash,omitempty"` - Cos *AttestedCosState `protobuf:"bytes,7,opt,name=cos,proto3" json:"cos,omitempty"` -} - -func (x *MachineState) Reset() { - *x = MachineState{} - if protoimpl.UnsafeEnabled { - mi := &file_attest_proto_msgTypes[10] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *MachineState) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*MachineState) ProtoMessage() {} - -func (x *MachineState) ProtoReflect() protoreflect.Message { - mi := &file_attest_proto_msgTypes[10] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use MachineState.ProtoReflect.Descriptor instead. -func (*MachineState) Descriptor() ([]byte, []int) { - return file_attest_proto_rawDescGZIP(), []int{10} -} - -func (x *MachineState) GetPlatform() *PlatformState { - if x != nil { - return x.Platform - } - return nil -} - -func (x *MachineState) GetSecureBoot() *SecureBootState { - if x != nil { - return x.SecureBoot - } - return nil -} - -func (x *MachineState) GetRawEvents() []*Event { - if x != nil { - return x.RawEvents - } - return nil -} - -func (x *MachineState) GetHash() tpm.HashAlgo { - if x != nil { - return x.Hash - } - return tpm.HashAlgo(0) -} - -func (x *MachineState) GetCos() *AttestedCosState { - if x != nil { - return x.Cos - } - return nil -} - -// A policy dictating which values of PlatformState to allow -type PlatformPolicy struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // If PlatformState.firmware contains a scrtm_version_id, it must appear - // in this list. For use with a GCE VM, minimum_gce_firmware_version is - // often a better alternative. - AllowedScrtmVersionIds [][]byte `protobuf:"bytes,1,rep,name=allowed_scrtm_version_ids,json=allowedScrtmVersionIds,proto3" json:"allowed_scrtm_version_ids,omitempty"` - // If PlatformState.firmware contains a minimum_gce_firmware_version, it must - // be greater than or equal to this value. Currently, the max version is 1. - MinimumGceFirmwareVersion uint32 `protobuf:"varint,2,opt,name=minimum_gce_firmware_version,json=minimumGceFirmwareVersion,proto3" json:"minimum_gce_firmware_version,omitempty"` - // The PlatformState's technology must be at least as secure as - // the specified minimum_technology (i.e. AMD_SEV_ES > AMD_SEV > NONE). - MinimumTechnology GCEConfidentialTechnology `protobuf:"varint,3,opt,name=minimum_technology,json=minimumTechnology,proto3,enum=attest.GCEConfidentialTechnology" json:"minimum_technology,omitempty"` -} - -func (x *PlatformPolicy) Reset() { - *x = PlatformPolicy{} - if protoimpl.UnsafeEnabled { - mi := &file_attest_proto_msgTypes[11] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *PlatformPolicy) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*PlatformPolicy) ProtoMessage() {} - -func (x *PlatformPolicy) ProtoReflect() protoreflect.Message { - mi := &file_attest_proto_msgTypes[11] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use PlatformPolicy.ProtoReflect.Descriptor instead. -func (*PlatformPolicy) Descriptor() ([]byte, []int) { - return file_attest_proto_rawDescGZIP(), []int{11} -} - -func (x *PlatformPolicy) GetAllowedScrtmVersionIds() [][]byte { - if x != nil { - return x.AllowedScrtmVersionIds - } - return nil -} - -func (x *PlatformPolicy) GetMinimumGceFirmwareVersion() uint32 { - if x != nil { - return x.MinimumGceFirmwareVersion - } - return 0 -} - -func (x *PlatformPolicy) GetMinimumTechnology() GCEConfidentialTechnology { - if x != nil { - return x.MinimumTechnology - } - return GCEConfidentialTechnology_NONE -} - -// A policy dictating which type of MachineStates to allow -type Policy struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Platform *PlatformPolicy `protobuf:"bytes,1,opt,name=platform,proto3" json:"platform,omitempty"` -} - -func (x *Policy) Reset() { - *x = Policy{} - if protoimpl.UnsafeEnabled { - mi := &file_attest_proto_msgTypes[12] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Policy) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Policy) ProtoMessage() {} - -func (x *Policy) ProtoReflect() protoreflect.Message { - mi := &file_attest_proto_msgTypes[12] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Policy.ProtoReflect.Descriptor instead. -func (*Policy) Descriptor() ([]byte, []int) { - return file_attest_proto_rawDescGZIP(), []int{12} -} - -func (x *Policy) GetPlatform() *PlatformPolicy { - if x != nil { - return x.Platform - } - return nil -} - -var File_attest_proto protoreflect.FileDescriptor - -var file_attest_proto_rawDesc = []byte{ - 0x0a, 0x0c, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x06, - 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x1a, 0x09, 0x74, 0x70, 0x6d, 0x2e, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x22, 0xb1, 0x01, 0x0a, 0x0f, 0x47, 0x43, 0x45, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, - 0x65, 0x49, 0x6e, 0x66, 0x6f, 0x12, 0x12, 0x0a, 0x04, 0x7a, 0x6f, 0x6e, 0x65, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x04, 0x7a, 0x6f, 0x6e, 0x65, 0x12, 0x1d, 0x0a, 0x0a, 0x70, 0x72, 0x6f, - 0x6a, 0x65, 0x63, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x70, - 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x49, 0x64, 0x12, 0x25, 0x0a, 0x0e, 0x70, 0x72, 0x6f, 0x6a, - 0x65, 0x63, 0x74, 0x5f, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x04, - 0x52, 0x0d, 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x4e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x12, - 0x23, 0x0a, 0x0d, 0x69, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x5f, 0x6e, 0x61, 0x6d, 0x65, - 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x69, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, - 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x69, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, - 0x5f, 0x69, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0a, 0x69, 0x6e, 0x73, 0x74, 0x61, - 0x6e, 0x63, 0x65, 0x49, 0x64, 0x22, 0xec, 0x01, 0x0a, 0x0b, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x15, 0x0a, 0x06, 0x61, 0x6b, 0x5f, 0x70, 0x75, 0x62, 0x18, - 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x05, 0x61, 0x6b, 0x50, 0x75, 0x62, 0x12, 0x22, 0x0a, 0x06, - 0x71, 0x75, 0x6f, 0x74, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0a, 0x2e, 0x74, - 0x70, 0x6d, 0x2e, 0x51, 0x75, 0x6f, 0x74, 0x65, 0x52, 0x06, 0x71, 0x75, 0x6f, 0x74, 0x65, 0x73, - 0x12, 0x1b, 0x0a, 0x09, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x5f, 0x6c, 0x6f, 0x67, 0x18, 0x03, 0x20, - 0x01, 0x28, 0x0c, 0x52, 0x08, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x4c, 0x6f, 0x67, 0x12, 0x3c, 0x0a, - 0x0d, 0x69, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x18, 0x04, - 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x47, 0x43, - 0x45, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x49, 0x6e, 0x66, 0x6f, 0x52, 0x0c, 0x69, - 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x49, 0x6e, 0x66, 0x6f, 0x12, 0x2e, 0x0a, 0x13, 0x63, - 0x61, 0x6e, 0x6f, 0x6e, 0x69, 0x63, 0x61, 0x6c, 0x5f, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x5f, 0x6c, - 0x6f, 0x67, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x11, 0x63, 0x61, 0x6e, 0x6f, 0x6e, 0x69, - 0x63, 0x61, 0x6c, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x4c, 0x6f, 0x67, 0x12, 0x17, 0x0a, 0x07, 0x61, - 0x6b, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x06, 0x61, 0x6b, - 0x43, 0x65, 0x72, 0x74, 0x22, 0xeb, 0x01, 0x0a, 0x0d, 0x50, 0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72, - 0x6d, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x2a, 0x0a, 0x10, 0x73, 0x63, 0x72, 0x74, 0x6d, 0x5f, - 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, - 0x48, 0x00, 0x52, 0x0e, 0x73, 0x63, 0x72, 0x74, 0x6d, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, - 0x49, 0x64, 0x12, 0x21, 0x0a, 0x0b, 0x67, 0x63, 0x65, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, - 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x48, 0x00, 0x52, 0x0a, 0x67, 0x63, 0x65, 0x56, 0x65, - 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x41, 0x0a, 0x0a, 0x74, 0x65, 0x63, 0x68, 0x6e, 0x6f, 0x6c, - 0x6f, 0x67, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x21, 0x2e, 0x61, 0x74, 0x74, 0x65, - 0x73, 0x74, 0x2e, 0x47, 0x43, 0x45, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, - 0x61, 0x6c, 0x54, 0x65, 0x63, 0x68, 0x6e, 0x6f, 0x6c, 0x6f, 0x67, 0x79, 0x52, 0x0a, 0x74, 0x65, - 0x63, 0x68, 0x6e, 0x6f, 0x6c, 0x6f, 0x67, 0x79, 0x12, 0x3c, 0x0a, 0x0d, 0x69, 0x6e, 0x73, 0x74, - 0x61, 0x6e, 0x63, 0x65, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x17, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x47, 0x43, 0x45, 0x49, 0x6e, 0x73, 0x74, - 0x61, 0x6e, 0x63, 0x65, 0x49, 0x6e, 0x66, 0x6f, 0x52, 0x0c, 0x69, 0x6e, 0x73, 0x74, 0x61, 0x6e, - 0x63, 0x65, 0x49, 0x6e, 0x66, 0x6f, 0x42, 0x0a, 0x0a, 0x08, 0x66, 0x69, 0x72, 0x6d, 0x77, 0x61, - 0x72, 0x65, 0x22, 0xa0, 0x01, 0x0a, 0x05, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x12, 0x1b, 0x0a, 0x09, - 0x70, 0x63, 0x72, 0x5f, 0x69, 0x6e, 0x64, 0x65, 0x78, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, 0x52, - 0x08, 0x70, 0x63, 0x72, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x12, 0x25, 0x0a, 0x0e, 0x75, 0x6e, 0x74, - 0x72, 0x75, 0x73, 0x74, 0x65, 0x64, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, - 0x0d, 0x52, 0x0d, 0x75, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x65, 0x64, 0x54, 0x79, 0x70, 0x65, - 0x12, 0x12, 0x0a, 0x04, 0x64, 0x61, 0x74, 0x61, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x04, - 0x64, 0x61, 0x74, 0x61, 0x12, 0x16, 0x0a, 0x06, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x18, 0x04, - 0x20, 0x01, 0x28, 0x0c, 0x52, 0x06, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x12, 0x27, 0x0a, 0x0f, - 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x5f, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x65, 0x64, 0x18, - 0x05, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0e, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x56, 0x65, 0x72, - 0x69, 0x66, 0x69, 0x65, 0x64, 0x22, 0x72, 0x0a, 0x0b, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, - 0x63, 0x61, 0x74, 0x65, 0x12, 0x12, 0x0a, 0x03, 0x64, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x0c, 0x48, 0x00, 0x52, 0x03, 0x64, 0x65, 0x72, 0x12, 0x3d, 0x0a, 0x0a, 0x77, 0x65, 0x6c, 0x6c, - 0x5f, 0x6b, 0x6e, 0x6f, 0x77, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x1c, 0x2e, 0x61, - 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x57, 0x65, 0x6c, 0x6c, 0x4b, 0x6e, 0x6f, 0x77, 0x6e, 0x43, - 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x48, 0x00, 0x52, 0x09, 0x77, 0x65, - 0x6c, 0x6c, 0x4b, 0x6e, 0x6f, 0x77, 0x6e, 0x42, 0x10, 0x0a, 0x0e, 0x72, 0x65, 0x70, 0x72, 0x65, - 0x73, 0x65, 0x6e, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x4d, 0x0a, 0x08, 0x44, 0x61, 0x74, - 0x61, 0x62, 0x61, 0x73, 0x65, 0x12, 0x29, 0x0a, 0x05, 0x63, 0x65, 0x72, 0x74, 0x73, 0x18, 0x01, - 0x20, 0x03, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x43, 0x65, - 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x05, 0x63, 0x65, 0x72, 0x74, 0x73, - 0x12, 0x16, 0x0a, 0x06, 0x68, 0x61, 0x73, 0x68, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0c, - 0x52, 0x06, 0x68, 0x61, 0x73, 0x68, 0x65, 0x73, 0x22, 0xa1, 0x01, 0x0a, 0x0f, 0x53, 0x65, 0x63, - 0x75, 0x72, 0x65, 0x42, 0x6f, 0x6f, 0x74, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x18, 0x0a, 0x07, - 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x65, - 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x12, 0x20, 0x0a, 0x02, 0x64, 0x62, 0x18, 0x02, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x10, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x44, 0x61, 0x74, 0x61, - 0x62, 0x61, 0x73, 0x65, 0x52, 0x02, 0x64, 0x62, 0x12, 0x22, 0x0a, 0x03, 0x64, 0x62, 0x78, 0x18, - 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x10, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x44, - 0x61, 0x74, 0x61, 0x62, 0x61, 0x73, 0x65, 0x52, 0x03, 0x64, 0x62, 0x78, 0x12, 0x2e, 0x0a, 0x09, - 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x10, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x44, 0x61, 0x74, 0x61, 0x62, 0x61, 0x73, - 0x65, 0x52, 0x09, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x22, 0xc5, 0x02, 0x0a, - 0x0e, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, - 0x27, 0x0a, 0x0f, 0x69, 0x6d, 0x61, 0x67, 0x65, 0x5f, 0x72, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, - 0x63, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x69, 0x6d, 0x61, 0x67, 0x65, 0x52, - 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x12, 0x21, 0x0a, 0x0c, 0x69, 0x6d, 0x61, 0x67, - 0x65, 0x5f, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, - 0x69, 0x6d, 0x61, 0x67, 0x65, 0x44, 0x69, 0x67, 0x65, 0x73, 0x74, 0x12, 0x3c, 0x0a, 0x0e, 0x72, - 0x65, 0x73, 0x74, 0x61, 0x72, 0x74, 0x5f, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x18, 0x03, 0x20, - 0x01, 0x28, 0x0e, 0x32, 0x15, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x52, 0x65, 0x73, - 0x74, 0x61, 0x72, 0x74, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x0d, 0x72, 0x65, 0x73, 0x74, - 0x61, 0x72, 0x74, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x19, 0x0a, 0x08, 0x69, 0x6d, 0x61, - 0x67, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x69, 0x6d, 0x61, - 0x67, 0x65, 0x49, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x61, 0x72, 0x67, 0x73, 0x18, 0x05, 0x20, 0x03, - 0x28, 0x09, 0x52, 0x04, 0x61, 0x72, 0x67, 0x73, 0x12, 0x3e, 0x0a, 0x08, 0x65, 0x6e, 0x76, 0x5f, - 0x76, 0x61, 0x72, 0x73, 0x18, 0x06, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x23, 0x2e, 0x61, 0x74, 0x74, - 0x65, 0x73, 0x74, 0x2e, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x53, 0x74, 0x61, - 0x74, 0x65, 0x2e, 0x45, 0x6e, 0x76, 0x56, 0x61, 0x72, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, - 0x07, 0x65, 0x6e, 0x76, 0x56, 0x61, 0x72, 0x73, 0x1a, 0x3a, 0x0a, 0x0c, 0x45, 0x6e, 0x76, 0x56, - 0x61, 0x72, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, - 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, - 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, - 0x3a, 0x02, 0x38, 0x01, 0x22, 0x53, 0x0a, 0x0f, 0x53, 0x65, 0x6d, 0x61, 0x6e, 0x74, 0x69, 0x63, - 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x14, 0x0a, 0x05, 0x6d, 0x61, 0x6a, 0x6f, 0x72, - 0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x05, 0x6d, 0x61, 0x6a, 0x6f, 0x72, 0x12, 0x14, 0x0a, - 0x05, 0x6d, 0x69, 0x6e, 0x6f, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x05, 0x6d, 0x69, - 0x6e, 0x6f, 0x72, 0x12, 0x14, 0x0a, 0x05, 0x70, 0x61, 0x74, 0x63, 0x68, 0x18, 0x03, 0x20, 0x01, - 0x28, 0x0d, 0x52, 0x05, 0x70, 0x61, 0x74, 0x63, 0x68, 0x22, 0xc6, 0x01, 0x0a, 0x10, 0x41, 0x74, - 0x74, 0x65, 0x73, 0x74, 0x65, 0x64, 0x43, 0x6f, 0x73, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x34, - 0x0a, 0x09, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x16, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x43, 0x6f, 0x6e, 0x74, 0x61, - 0x69, 0x6e, 0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x09, 0x63, 0x6f, 0x6e, 0x74, 0x61, - 0x69, 0x6e, 0x65, 0x72, 0x12, 0x38, 0x0a, 0x0b, 0x63, 0x6f, 0x73, 0x5f, 0x76, 0x65, 0x72, 0x73, - 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x61, 0x74, 0x74, 0x65, - 0x73, 0x74, 0x2e, 0x53, 0x65, 0x6d, 0x61, 0x6e, 0x74, 0x69, 0x63, 0x56, 0x65, 0x72, 0x73, 0x69, - 0x6f, 0x6e, 0x52, 0x0a, 0x63, 0x6f, 0x73, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x42, - 0x0a, 0x10, 0x6c, 0x61, 0x75, 0x6e, 0x63, 0x68, 0x65, 0x72, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, - 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, - 0x74, 0x2e, 0x53, 0x65, 0x6d, 0x61, 0x6e, 0x74, 0x69, 0x63, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, - 0x6e, 0x52, 0x0f, 0x6c, 0x61, 0x75, 0x6e, 0x63, 0x68, 0x65, 0x72, 0x56, 0x65, 0x72, 0x73, 0x69, - 0x6f, 0x6e, 0x22, 0xf8, 0x01, 0x0a, 0x0c, 0x4d, 0x61, 0x63, 0x68, 0x69, 0x6e, 0x65, 0x53, 0x74, - 0x61, 0x74, 0x65, 0x12, 0x31, 0x0a, 0x08, 0x70, 0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x18, - 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x15, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x50, - 0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x08, 0x70, 0x6c, - 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x12, 0x38, 0x0a, 0x0b, 0x73, 0x65, 0x63, 0x75, 0x72, 0x65, - 0x5f, 0x62, 0x6f, 0x6f, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x61, 0x74, - 0x74, 0x65, 0x73, 0x74, 0x2e, 0x53, 0x65, 0x63, 0x75, 0x72, 0x65, 0x42, 0x6f, 0x6f, 0x74, 0x53, - 0x74, 0x61, 0x74, 0x65, 0x52, 0x0a, 0x73, 0x65, 0x63, 0x75, 0x72, 0x65, 0x42, 0x6f, 0x6f, 0x74, - 0x12, 0x2c, 0x0a, 0x0a, 0x72, 0x61, 0x77, 0x5f, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x73, 0x18, 0x03, - 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0d, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x45, 0x76, - 0x65, 0x6e, 0x74, 0x52, 0x09, 0x72, 0x61, 0x77, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x73, 0x12, 0x21, - 0x0a, 0x04, 0x68, 0x61, 0x73, 0x68, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x0d, 0x2e, 0x74, - 0x70, 0x6d, 0x2e, 0x48, 0x61, 0x73, 0x68, 0x41, 0x6c, 0x67, 0x6f, 0x52, 0x04, 0x68, 0x61, 0x73, - 0x68, 0x12, 0x2a, 0x0a, 0x03, 0x63, 0x6f, 0x73, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x18, - 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, 0x65, 0x64, - 0x43, 0x6f, 0x73, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x03, 0x63, 0x6f, 0x73, 0x22, 0xde, 0x01, - 0x0a, 0x0e, 0x50, 0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, - 0x12, 0x39, 0x0a, 0x19, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x65, 0x64, 0x5f, 0x73, 0x63, 0x72, 0x74, - 0x6d, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x5f, 0x69, 0x64, 0x73, 0x18, 0x01, 0x20, - 0x03, 0x28, 0x0c, 0x52, 0x16, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x65, 0x64, 0x53, 0x63, 0x72, 0x74, - 0x6d, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x49, 0x64, 0x73, 0x12, 0x3f, 0x0a, 0x1c, 0x6d, - 0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d, 0x5f, 0x67, 0x63, 0x65, 0x5f, 0x66, 0x69, 0x72, 0x6d, 0x77, - 0x61, 0x72, 0x65, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, - 0x0d, 0x52, 0x19, 0x6d, 0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d, 0x47, 0x63, 0x65, 0x46, 0x69, 0x72, - 0x6d, 0x77, 0x61, 0x72, 0x65, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x50, 0x0a, 0x12, - 0x6d, 0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d, 0x5f, 0x74, 0x65, 0x63, 0x68, 0x6e, 0x6f, 0x6c, 0x6f, - 0x67, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x21, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, - 0x74, 0x2e, 0x47, 0x43, 0x45, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, - 0x6c, 0x54, 0x65, 0x63, 0x68, 0x6e, 0x6f, 0x6c, 0x6f, 0x67, 0x79, 0x52, 0x11, 0x6d, 0x69, 0x6e, - 0x69, 0x6d, 0x75, 0x6d, 0x54, 0x65, 0x63, 0x68, 0x6e, 0x6f, 0x6c, 0x6f, 0x67, 0x79, 0x22, 0x3c, - 0x0a, 0x06, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x32, 0x0a, 0x08, 0x70, 0x6c, 0x61, 0x74, - 0x66, 0x6f, 0x72, 0x6d, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x61, 0x74, 0x74, - 0x65, 0x73, 0x74, 0x2e, 0x50, 0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x50, 0x6f, 0x6c, 0x69, - 0x63, 0x79, 0x52, 0x08, 0x70, 0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x2a, 0x42, 0x0a, 0x19, - 0x47, 0x43, 0x45, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x54, - 0x65, 0x63, 0x68, 0x6e, 0x6f, 0x6c, 0x6f, 0x67, 0x79, 0x12, 0x08, 0x0a, 0x04, 0x4e, 0x4f, 0x4e, - 0x45, 0x10, 0x00, 0x12, 0x0b, 0x0a, 0x07, 0x41, 0x4d, 0x44, 0x5f, 0x53, 0x45, 0x56, 0x10, 0x01, - 0x12, 0x0e, 0x0a, 0x0a, 0x41, 0x4d, 0x44, 0x5f, 0x53, 0x45, 0x56, 0x5f, 0x45, 0x53, 0x10, 0x02, - 0x2a, 0x62, 0x0a, 0x14, 0x57, 0x65, 0x6c, 0x6c, 0x4b, 0x6e, 0x6f, 0x77, 0x6e, 0x43, 0x65, 0x72, - 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x0b, 0x0a, 0x07, 0x55, 0x4e, 0x4b, 0x4e, - 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x1c, 0x0a, 0x18, 0x4d, 0x53, 0x5f, 0x57, 0x49, 0x4e, 0x44, - 0x4f, 0x57, 0x53, 0x5f, 0x50, 0x52, 0x4f, 0x44, 0x5f, 0x50, 0x43, 0x41, 0x5f, 0x32, 0x30, 0x31, - 0x31, 0x10, 0x01, 0x12, 0x1f, 0x0a, 0x1b, 0x4d, 0x53, 0x5f, 0x54, 0x48, 0x49, 0x52, 0x44, 0x5f, - 0x50, 0x41, 0x52, 0x54, 0x59, 0x5f, 0x55, 0x45, 0x46, 0x49, 0x5f, 0x43, 0x41, 0x5f, 0x32, 0x30, - 0x31, 0x31, 0x10, 0x02, 0x2a, 0x35, 0x0a, 0x0d, 0x52, 0x65, 0x73, 0x74, 0x61, 0x72, 0x74, 0x50, - 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x0a, 0x0a, 0x06, 0x41, 0x6c, 0x77, 0x61, 0x79, 0x73, 0x10, - 0x00, 0x12, 0x0d, 0x0a, 0x09, 0x4f, 0x6e, 0x46, 0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, 0x10, 0x01, - 0x12, 0x09, 0x0a, 0x05, 0x4e, 0x65, 0x76, 0x65, 0x72, 0x10, 0x02, 0x42, 0x2d, 0x5a, 0x2b, 0x67, - 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, - 0x2f, 0x67, 0x6f, 0x2d, 0x74, 0x70, 0x6d, 0x2d, 0x74, 0x6f, 0x6f, 0x6c, 0x73, 0x2f, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x2f, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x33, -} - -var ( - file_attest_proto_rawDescOnce sync.Once - file_attest_proto_rawDescData = file_attest_proto_rawDesc -) - -func file_attest_proto_rawDescGZIP() []byte { - file_attest_proto_rawDescOnce.Do(func() { - file_attest_proto_rawDescData = protoimpl.X.CompressGZIP(file_attest_proto_rawDescData) - }) - return file_attest_proto_rawDescData -} - -var file_attest_proto_enumTypes = make([]protoimpl.EnumInfo, 3) -var file_attest_proto_msgTypes = make([]protoimpl.MessageInfo, 14) -var file_attest_proto_goTypes = []interface{}{ - (GCEConfidentialTechnology)(0), // 0: attest.GCEConfidentialTechnology - (WellKnownCertificate)(0), // 1: attest.WellKnownCertificate - (RestartPolicy)(0), // 2: attest.RestartPolicy - (*GCEInstanceInfo)(nil), // 3: attest.GCEInstanceInfo - (*Attestation)(nil), // 4: attest.Attestation - (*PlatformState)(nil), // 5: attest.PlatformState - (*Event)(nil), // 6: attest.Event - (*Certificate)(nil), // 7: attest.Certificate - (*Database)(nil), // 8: attest.Database - (*SecureBootState)(nil), // 9: attest.SecureBootState - (*ContainerState)(nil), // 10: attest.ContainerState - (*SemanticVersion)(nil), // 11: attest.SemanticVersion - (*AttestedCosState)(nil), // 12: attest.AttestedCosState - (*MachineState)(nil), // 13: attest.MachineState - (*PlatformPolicy)(nil), // 14: attest.PlatformPolicy - (*Policy)(nil), // 15: attest.Policy - nil, // 16: attest.ContainerState.EnvVarsEntry - (*tpm.Quote)(nil), // 17: tpm.Quote - (tpm.HashAlgo)(0), // 18: tpm.HashAlgo -} -var file_attest_proto_depIdxs = []int32{ - 17, // 0: attest.Attestation.quotes:type_name -> tpm.Quote - 3, // 1: attest.Attestation.instance_info:type_name -> attest.GCEInstanceInfo - 0, // 2: attest.PlatformState.technology:type_name -> attest.GCEConfidentialTechnology - 3, // 3: attest.PlatformState.instance_info:type_name -> attest.GCEInstanceInfo - 1, // 4: attest.Certificate.well_known:type_name -> attest.WellKnownCertificate - 7, // 5: attest.Database.certs:type_name -> attest.Certificate - 8, // 6: attest.SecureBootState.db:type_name -> attest.Database - 8, // 7: attest.SecureBootState.dbx:type_name -> attest.Database - 8, // 8: attest.SecureBootState.authority:type_name -> attest.Database - 2, // 9: attest.ContainerState.restart_policy:type_name -> attest.RestartPolicy - 16, // 10: attest.ContainerState.env_vars:type_name -> attest.ContainerState.EnvVarsEntry - 10, // 11: attest.AttestedCosState.container:type_name -> attest.ContainerState - 11, // 12: attest.AttestedCosState.cos_version:type_name -> attest.SemanticVersion - 11, // 13: attest.AttestedCosState.launcher_version:type_name -> attest.SemanticVersion - 5, // 14: attest.MachineState.platform:type_name -> attest.PlatformState - 9, // 15: attest.MachineState.secure_boot:type_name -> attest.SecureBootState - 6, // 16: attest.MachineState.raw_events:type_name -> attest.Event - 18, // 17: attest.MachineState.hash:type_name -> tpm.HashAlgo - 12, // 18: attest.MachineState.cos:type_name -> attest.AttestedCosState - 0, // 19: attest.PlatformPolicy.minimum_technology:type_name -> attest.GCEConfidentialTechnology - 14, // 20: attest.Policy.platform:type_name -> attest.PlatformPolicy - 21, // [21:21] is the sub-list for method output_type - 21, // [21:21] is the sub-list for method input_type - 21, // [21:21] is the sub-list for extension type_name - 21, // [21:21] is the sub-list for extension extendee - 0, // [0:21] is the sub-list for field type_name -} - -func init() { file_attest_proto_init() } -func file_attest_proto_init() { - if File_attest_proto != nil { - return - } - if !protoimpl.UnsafeEnabled { - file_attest_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*GCEInstanceInfo); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_attest_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Attestation); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_attest_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*PlatformState); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_attest_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Event); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_attest_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Certificate); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_attest_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Database); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_attest_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*SecureBootState); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_attest_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ContainerState); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_attest_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*SemanticVersion); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_attest_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*AttestedCosState); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_attest_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*MachineState); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_attest_proto_msgTypes[11].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*PlatformPolicy); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_attest_proto_msgTypes[12].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Policy); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - file_attest_proto_msgTypes[2].OneofWrappers = []interface{}{ - (*PlatformState_ScrtmVersionId)(nil), - (*PlatformState_GceVersion)(nil), - } - file_attest_proto_msgTypes[4].OneofWrappers = []interface{}{ - (*Certificate_Der)(nil), - (*Certificate_WellKnown)(nil), - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_attest_proto_rawDesc, - NumEnums: 3, - NumMessages: 14, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_attest_proto_goTypes, - DependencyIndexes: file_attest_proto_depIdxs, - EnumInfos: file_attest_proto_enumTypes, - MessageInfos: file_attest_proto_msgTypes, - }.Build() - File_attest_proto = out.File - file_attest_proto_rawDesc = nil - file_attest_proto_goTypes = nil - file_attest_proto_depIdxs = nil -} diff --git a/vendor/github.com/google/go-tpm-tools/proto/doc.go b/vendor/github.com/google/go-tpm-tools/proto/doc.go deleted file mode 100644 index 836b3a494..000000000 --- a/vendor/github.com/google/go-tpm-tools/proto/doc.go +++ /dev/null @@ -1,22 +0,0 @@ -// Package proto contains protocol buffers that are exchanged between the client -// and server. -// -// Generating Protocol Buffer Code -// -// Anytime the Protocol Buffer definitions change, the generated Go code must be -// regenerated. This can be done with "go generate". Just run: -// go generate ./... -// -// Upstream documentation: -// https://developers.google.com/protocol-buffers/docs/reference/go-generated -// -// Code Generation Dependencies -// -// To generate the Go code, your system must have "protoc" installed. See: -// https://github.com/protocolbuffers/protobuf#protocol-compiler-installation -// -// The "protoc-gen-go" tool must also be installed. To install it, run: -// go install google.golang.org/protobuf/cmd/protoc-gen-go -package proto - -//go:generate protoc --go_out=. --go_opt=module=github.com/google/go-tpm-tools/proto tpm.proto attest.proto diff --git a/vendor/github.com/google/go-tpm-tools/proto/tpm.proto b/vendor/github.com/google/go-tpm-tools/proto/tpm.proto deleted file mode 100644 index 2692d6a10..000000000 --- a/vendor/github.com/google/go-tpm-tools/proto/tpm.proto +++ /dev/null @@ -1,54 +0,0 @@ -syntax = "proto3"; - -package tpm; -option go_package = "github.com/google/go-tpm-tools/proto/tpm"; - -// Enum values come from TCG Algorithm Registry - v1.27 - Table 3 -enum ObjectType { - OBJECT_INVALID = 0x0000; - RSA = 0x0001; - ECC = 0x0023; -} - -enum HashAlgo { - HASH_INVALID = 0x0000; - SHA1 = 0x0004; - SHA256 = 0x000B; - SHA384 = 0x000C; - SHA512 = 0x000D; -} - -// SealedBytes stores the result of a TPM2_Seal. The private portion (priv) has -// already been encrypted and is no longer sensitive. The hash algorithm is -// assumed to be SHA256. -message SealedBytes { - bytes priv = 1; - bytes pub = 2; - repeated uint32 pcrs = 3; - HashAlgo hash = 4; - ObjectType srk = 5; - PCRs certified_pcrs = 6; - bytes creation_data = 7; - bytes ticket = 8; -} - -message ImportBlob { - bytes duplicate = 1; - bytes encrypted_seed = 2; - bytes public_area = 3; - PCRs pcrs = 4; -} - -message Quote { - // TPM2 quote, encoded as a TPMS_ATTEST - bytes quote = 1; - // TPM2 signature, encoded as a TPMT_SIGNATURE - bytes raw_sig = 2; - // PCR values of the bank being quoted - PCRs pcrs = 3; -} - -message PCRs { - HashAlgo hash = 1; - map pcrs = 2; -} diff --git a/vendor/github.com/google/go-tpm-tools/proto/tpm/tpm.pb.go b/vendor/github.com/google/go-tpm-tools/proto/tpm/tpm.pb.go deleted file mode 100644 index 4bbf46f0a..000000000 --- a/vendor/github.com/google/go-tpm-tools/proto/tpm/tpm.pb.go +++ /dev/null @@ -1,595 +0,0 @@ -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.27.1 -// protoc v3.19.1 -// source: tpm.proto - -package tpm - -import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -// Enum values come from TCG Algorithm Registry - v1.27 - Table 3 -type ObjectType int32 - -const ( - ObjectType_OBJECT_INVALID ObjectType = 0 - ObjectType_RSA ObjectType = 1 - ObjectType_ECC ObjectType = 35 -) - -// Enum value maps for ObjectType. -var ( - ObjectType_name = map[int32]string{ - 0: "OBJECT_INVALID", - 1: "RSA", - 35: "ECC", - } - ObjectType_value = map[string]int32{ - "OBJECT_INVALID": 0, - "RSA": 1, - "ECC": 35, - } -) - -func (x ObjectType) Enum() *ObjectType { - p := new(ObjectType) - *p = x - return p -} - -func (x ObjectType) String() string { - return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) -} - -func (ObjectType) Descriptor() protoreflect.EnumDescriptor { - return file_tpm_proto_enumTypes[0].Descriptor() -} - -func (ObjectType) Type() protoreflect.EnumType { - return &file_tpm_proto_enumTypes[0] -} - -func (x ObjectType) Number() protoreflect.EnumNumber { - return protoreflect.EnumNumber(x) -} - -// Deprecated: Use ObjectType.Descriptor instead. -func (ObjectType) EnumDescriptor() ([]byte, []int) { - return file_tpm_proto_rawDescGZIP(), []int{0} -} - -type HashAlgo int32 - -const ( - HashAlgo_HASH_INVALID HashAlgo = 0 - HashAlgo_SHA1 HashAlgo = 4 - HashAlgo_SHA256 HashAlgo = 11 - HashAlgo_SHA384 HashAlgo = 12 - HashAlgo_SHA512 HashAlgo = 13 -) - -// Enum value maps for HashAlgo. -var ( - HashAlgo_name = map[int32]string{ - 0: "HASH_INVALID", - 4: "SHA1", - 11: "SHA256", - 12: "SHA384", - 13: "SHA512", - } - HashAlgo_value = map[string]int32{ - "HASH_INVALID": 0, - "SHA1": 4, - "SHA256": 11, - "SHA384": 12, - "SHA512": 13, - } -) - -func (x HashAlgo) Enum() *HashAlgo { - p := new(HashAlgo) - *p = x - return p -} - -func (x HashAlgo) String() string { - return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) -} - -func (HashAlgo) Descriptor() protoreflect.EnumDescriptor { - return file_tpm_proto_enumTypes[1].Descriptor() -} - -func (HashAlgo) Type() protoreflect.EnumType { - return &file_tpm_proto_enumTypes[1] -} - -func (x HashAlgo) Number() protoreflect.EnumNumber { - return protoreflect.EnumNumber(x) -} - -// Deprecated: Use HashAlgo.Descriptor instead. -func (HashAlgo) EnumDescriptor() ([]byte, []int) { - return file_tpm_proto_rawDescGZIP(), []int{1} -} - -// SealedBytes stores the result of a TPM2_Seal. The private portion (priv) has -// already been encrypted and is no longer sensitive. The hash algorithm is -// assumed to be SHA256. -type SealedBytes struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Priv []byte `protobuf:"bytes,1,opt,name=priv,proto3" json:"priv,omitempty"` - Pub []byte `protobuf:"bytes,2,opt,name=pub,proto3" json:"pub,omitempty"` - Pcrs []uint32 `protobuf:"varint,3,rep,packed,name=pcrs,proto3" json:"pcrs,omitempty"` - Hash HashAlgo `protobuf:"varint,4,opt,name=hash,proto3,enum=tpm.HashAlgo" json:"hash,omitempty"` - Srk ObjectType `protobuf:"varint,5,opt,name=srk,proto3,enum=tpm.ObjectType" json:"srk,omitempty"` - CertifiedPcrs *PCRs `protobuf:"bytes,6,opt,name=certified_pcrs,json=certifiedPcrs,proto3" json:"certified_pcrs,omitempty"` - CreationData []byte `protobuf:"bytes,7,opt,name=creation_data,json=creationData,proto3" json:"creation_data,omitempty"` - Ticket []byte `protobuf:"bytes,8,opt,name=ticket,proto3" json:"ticket,omitempty"` -} - -func (x *SealedBytes) Reset() { - *x = SealedBytes{} - if protoimpl.UnsafeEnabled { - mi := &file_tpm_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *SealedBytes) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*SealedBytes) ProtoMessage() {} - -func (x *SealedBytes) ProtoReflect() protoreflect.Message { - mi := &file_tpm_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use SealedBytes.ProtoReflect.Descriptor instead. -func (*SealedBytes) Descriptor() ([]byte, []int) { - return file_tpm_proto_rawDescGZIP(), []int{0} -} - -func (x *SealedBytes) GetPriv() []byte { - if x != nil { - return x.Priv - } - return nil -} - -func (x *SealedBytes) GetPub() []byte { - if x != nil { - return x.Pub - } - return nil -} - -func (x *SealedBytes) GetPcrs() []uint32 { - if x != nil { - return x.Pcrs - } - return nil -} - -func (x *SealedBytes) GetHash() HashAlgo { - if x != nil { - return x.Hash - } - return HashAlgo_HASH_INVALID -} - -func (x *SealedBytes) GetSrk() ObjectType { - if x != nil { - return x.Srk - } - return ObjectType_OBJECT_INVALID -} - -func (x *SealedBytes) GetCertifiedPcrs() *PCRs { - if x != nil { - return x.CertifiedPcrs - } - return nil -} - -func (x *SealedBytes) GetCreationData() []byte { - if x != nil { - return x.CreationData - } - return nil -} - -func (x *SealedBytes) GetTicket() []byte { - if x != nil { - return x.Ticket - } - return nil -} - -type ImportBlob struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Duplicate []byte `protobuf:"bytes,1,opt,name=duplicate,proto3" json:"duplicate,omitempty"` - EncryptedSeed []byte `protobuf:"bytes,2,opt,name=encrypted_seed,json=encryptedSeed,proto3" json:"encrypted_seed,omitempty"` - PublicArea []byte `protobuf:"bytes,3,opt,name=public_area,json=publicArea,proto3" json:"public_area,omitempty"` - Pcrs *PCRs `protobuf:"bytes,4,opt,name=pcrs,proto3" json:"pcrs,omitempty"` -} - -func (x *ImportBlob) Reset() { - *x = ImportBlob{} - if protoimpl.UnsafeEnabled { - mi := &file_tpm_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *ImportBlob) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*ImportBlob) ProtoMessage() {} - -func (x *ImportBlob) ProtoReflect() protoreflect.Message { - mi := &file_tpm_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use ImportBlob.ProtoReflect.Descriptor instead. -func (*ImportBlob) Descriptor() ([]byte, []int) { - return file_tpm_proto_rawDescGZIP(), []int{1} -} - -func (x *ImportBlob) GetDuplicate() []byte { - if x != nil { - return x.Duplicate - } - return nil -} - -func (x *ImportBlob) GetEncryptedSeed() []byte { - if x != nil { - return x.EncryptedSeed - } - return nil -} - -func (x *ImportBlob) GetPublicArea() []byte { - if x != nil { - return x.PublicArea - } - return nil -} - -func (x *ImportBlob) GetPcrs() *PCRs { - if x != nil { - return x.Pcrs - } - return nil -} - -type Quote struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // TPM2 quote, encoded as a TPMS_ATTEST - Quote []byte `protobuf:"bytes,1,opt,name=quote,proto3" json:"quote,omitempty"` - // TPM2 signature, encoded as a TPMT_SIGNATURE - RawSig []byte `protobuf:"bytes,2,opt,name=raw_sig,json=rawSig,proto3" json:"raw_sig,omitempty"` - // PCR values of the bank being quoted - Pcrs *PCRs `protobuf:"bytes,3,opt,name=pcrs,proto3" json:"pcrs,omitempty"` -} - -func (x *Quote) Reset() { - *x = Quote{} - if protoimpl.UnsafeEnabled { - mi := &file_tpm_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Quote) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Quote) ProtoMessage() {} - -func (x *Quote) ProtoReflect() protoreflect.Message { - mi := &file_tpm_proto_msgTypes[2] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Quote.ProtoReflect.Descriptor instead. -func (*Quote) Descriptor() ([]byte, []int) { - return file_tpm_proto_rawDescGZIP(), []int{2} -} - -func (x *Quote) GetQuote() []byte { - if x != nil { - return x.Quote - } - return nil -} - -func (x *Quote) GetRawSig() []byte { - if x != nil { - return x.RawSig - } - return nil -} - -func (x *Quote) GetPcrs() *PCRs { - if x != nil { - return x.Pcrs - } - return nil -} - -type PCRs struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Hash HashAlgo `protobuf:"varint,1,opt,name=hash,proto3,enum=tpm.HashAlgo" json:"hash,omitempty"` - Pcrs map[uint32][]byte `protobuf:"bytes,2,rep,name=pcrs,proto3" json:"pcrs,omitempty" protobuf_key:"varint,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` -} - -func (x *PCRs) Reset() { - *x = PCRs{} - if protoimpl.UnsafeEnabled { - mi := &file_tpm_proto_msgTypes[3] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *PCRs) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*PCRs) ProtoMessage() {} - -func (x *PCRs) ProtoReflect() protoreflect.Message { - mi := &file_tpm_proto_msgTypes[3] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use PCRs.ProtoReflect.Descriptor instead. -func (*PCRs) Descriptor() ([]byte, []int) { - return file_tpm_proto_rawDescGZIP(), []int{3} -} - -func (x *PCRs) GetHash() HashAlgo { - if x != nil { - return x.Hash - } - return HashAlgo_HASH_INVALID -} - -func (x *PCRs) GetPcrs() map[uint32][]byte { - if x != nil { - return x.Pcrs - } - return nil -} - -var File_tpm_proto protoreflect.FileDescriptor - -var file_tpm_proto_rawDesc = []byte{ - 0x0a, 0x09, 0x74, 0x70, 0x6d, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x03, 0x74, 0x70, 0x6d, - 0x22, 0xfc, 0x01, 0x0a, 0x0b, 0x53, 0x65, 0x61, 0x6c, 0x65, 0x64, 0x42, 0x79, 0x74, 0x65, 0x73, - 0x12, 0x12, 0x0a, 0x04, 0x70, 0x72, 0x69, 0x76, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x04, - 0x70, 0x72, 0x69, 0x76, 0x12, 0x10, 0x0a, 0x03, 0x70, 0x75, 0x62, 0x18, 0x02, 0x20, 0x01, 0x28, - 0x0c, 0x52, 0x03, 0x70, 0x75, 0x62, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x63, 0x72, 0x73, 0x18, 0x03, - 0x20, 0x03, 0x28, 0x0d, 0x52, 0x04, 0x70, 0x63, 0x72, 0x73, 0x12, 0x21, 0x0a, 0x04, 0x68, 0x61, - 0x73, 0x68, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x0d, 0x2e, 0x74, 0x70, 0x6d, 0x2e, 0x48, - 0x61, 0x73, 0x68, 0x41, 0x6c, 0x67, 0x6f, 0x52, 0x04, 0x68, 0x61, 0x73, 0x68, 0x12, 0x21, 0x0a, - 0x03, 0x73, 0x72, 0x6b, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x0f, 0x2e, 0x74, 0x70, 0x6d, - 0x2e, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x54, 0x79, 0x70, 0x65, 0x52, 0x03, 0x73, 0x72, 0x6b, - 0x12, 0x30, 0x0a, 0x0e, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x65, 0x64, 0x5f, 0x70, 0x63, - 0x72, 0x73, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x09, 0x2e, 0x74, 0x70, 0x6d, 0x2e, 0x50, - 0x43, 0x52, 0x73, 0x52, 0x0d, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x65, 0x64, 0x50, 0x63, - 0x72, 0x73, 0x12, 0x23, 0x0a, 0x0d, 0x63, 0x72, 0x65, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x64, - 0x61, 0x74, 0x61, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0c, 0x63, 0x72, 0x65, 0x61, 0x74, - 0x69, 0x6f, 0x6e, 0x44, 0x61, 0x74, 0x61, 0x12, 0x16, 0x0a, 0x06, 0x74, 0x69, 0x63, 0x6b, 0x65, - 0x74, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x06, 0x74, 0x69, 0x63, 0x6b, 0x65, 0x74, 0x22, - 0x91, 0x01, 0x0a, 0x0a, 0x49, 0x6d, 0x70, 0x6f, 0x72, 0x74, 0x42, 0x6c, 0x6f, 0x62, 0x12, 0x1c, - 0x0a, 0x09, 0x64, 0x75, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x0c, 0x52, 0x09, 0x64, 0x75, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x25, 0x0a, 0x0e, - 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x65, 0x64, 0x5f, 0x73, 0x65, 0x65, 0x64, 0x18, 0x02, - 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0d, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x65, 0x64, 0x53, - 0x65, 0x65, 0x64, 0x12, 0x1f, 0x0a, 0x0b, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x5f, 0x61, 0x72, - 0x65, 0x61, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0a, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, - 0x41, 0x72, 0x65, 0x61, 0x12, 0x1d, 0x0a, 0x04, 0x70, 0x63, 0x72, 0x73, 0x18, 0x04, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x09, 0x2e, 0x74, 0x70, 0x6d, 0x2e, 0x50, 0x43, 0x52, 0x73, 0x52, 0x04, 0x70, - 0x63, 0x72, 0x73, 0x22, 0x55, 0x0a, 0x05, 0x51, 0x75, 0x6f, 0x74, 0x65, 0x12, 0x14, 0x0a, 0x05, - 0x71, 0x75, 0x6f, 0x74, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x05, 0x71, 0x75, 0x6f, - 0x74, 0x65, 0x12, 0x17, 0x0a, 0x07, 0x72, 0x61, 0x77, 0x5f, 0x73, 0x69, 0x67, 0x18, 0x02, 0x20, - 0x01, 0x28, 0x0c, 0x52, 0x06, 0x72, 0x61, 0x77, 0x53, 0x69, 0x67, 0x12, 0x1d, 0x0a, 0x04, 0x70, - 0x63, 0x72, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x09, 0x2e, 0x74, 0x70, 0x6d, 0x2e, - 0x50, 0x43, 0x52, 0x73, 0x52, 0x04, 0x70, 0x63, 0x72, 0x73, 0x22, 0x8b, 0x01, 0x0a, 0x04, 0x50, - 0x43, 0x52, 0x73, 0x12, 0x21, 0x0a, 0x04, 0x68, 0x61, 0x73, 0x68, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x0e, 0x32, 0x0d, 0x2e, 0x74, 0x70, 0x6d, 0x2e, 0x48, 0x61, 0x73, 0x68, 0x41, 0x6c, 0x67, 0x6f, - 0x52, 0x04, 0x68, 0x61, 0x73, 0x68, 0x12, 0x27, 0x0a, 0x04, 0x70, 0x63, 0x72, 0x73, 0x18, 0x02, - 0x20, 0x03, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x74, 0x70, 0x6d, 0x2e, 0x50, 0x43, 0x52, 0x73, 0x2e, - 0x50, 0x63, 0x72, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x70, 0x63, 0x72, 0x73, 0x1a, - 0x37, 0x0a, 0x09, 0x50, 0x63, 0x72, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, - 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, - 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x05, 0x76, - 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x2a, 0x32, 0x0a, 0x0a, 0x4f, 0x62, 0x6a, 0x65, - 0x63, 0x74, 0x54, 0x79, 0x70, 0x65, 0x12, 0x12, 0x0a, 0x0e, 0x4f, 0x42, 0x4a, 0x45, 0x43, 0x54, - 0x5f, 0x49, 0x4e, 0x56, 0x41, 0x4c, 0x49, 0x44, 0x10, 0x00, 0x12, 0x07, 0x0a, 0x03, 0x52, 0x53, - 0x41, 0x10, 0x01, 0x12, 0x07, 0x0a, 0x03, 0x45, 0x43, 0x43, 0x10, 0x23, 0x2a, 0x4a, 0x0a, 0x08, - 0x48, 0x61, 0x73, 0x68, 0x41, 0x6c, 0x67, 0x6f, 0x12, 0x10, 0x0a, 0x0c, 0x48, 0x41, 0x53, 0x48, - 0x5f, 0x49, 0x4e, 0x56, 0x41, 0x4c, 0x49, 0x44, 0x10, 0x00, 0x12, 0x08, 0x0a, 0x04, 0x53, 0x48, - 0x41, 0x31, 0x10, 0x04, 0x12, 0x0a, 0x0a, 0x06, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36, 0x10, 0x0b, - 0x12, 0x0a, 0x0a, 0x06, 0x53, 0x48, 0x41, 0x33, 0x38, 0x34, 0x10, 0x0c, 0x12, 0x0a, 0x0a, 0x06, - 0x53, 0x48, 0x41, 0x35, 0x31, 0x32, 0x10, 0x0d, 0x42, 0x2a, 0x5a, 0x28, 0x67, 0x69, 0x74, 0x68, - 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x67, 0x6f, - 0x2d, 0x74, 0x70, 0x6d, 0x2d, 0x74, 0x6f, 0x6f, 0x6c, 0x73, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x2f, 0x74, 0x70, 0x6d, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, -} - -var ( - file_tpm_proto_rawDescOnce sync.Once - file_tpm_proto_rawDescData = file_tpm_proto_rawDesc -) - -func file_tpm_proto_rawDescGZIP() []byte { - file_tpm_proto_rawDescOnce.Do(func() { - file_tpm_proto_rawDescData = protoimpl.X.CompressGZIP(file_tpm_proto_rawDescData) - }) - return file_tpm_proto_rawDescData -} - -var file_tpm_proto_enumTypes = make([]protoimpl.EnumInfo, 2) -var file_tpm_proto_msgTypes = make([]protoimpl.MessageInfo, 5) -var file_tpm_proto_goTypes = []interface{}{ - (ObjectType)(0), // 0: tpm.ObjectType - (HashAlgo)(0), // 1: tpm.HashAlgo - (*SealedBytes)(nil), // 2: tpm.SealedBytes - (*ImportBlob)(nil), // 3: tpm.ImportBlob - (*Quote)(nil), // 4: tpm.Quote - (*PCRs)(nil), // 5: tpm.PCRs - nil, // 6: tpm.PCRs.PcrsEntry -} -var file_tpm_proto_depIdxs = []int32{ - 1, // 0: tpm.SealedBytes.hash:type_name -> tpm.HashAlgo - 0, // 1: tpm.SealedBytes.srk:type_name -> tpm.ObjectType - 5, // 2: tpm.SealedBytes.certified_pcrs:type_name -> tpm.PCRs - 5, // 3: tpm.ImportBlob.pcrs:type_name -> tpm.PCRs - 5, // 4: tpm.Quote.pcrs:type_name -> tpm.PCRs - 1, // 5: tpm.PCRs.hash:type_name -> tpm.HashAlgo - 6, // 6: tpm.PCRs.pcrs:type_name -> tpm.PCRs.PcrsEntry - 7, // [7:7] is the sub-list for method output_type - 7, // [7:7] is the sub-list for method input_type - 7, // [7:7] is the sub-list for extension type_name - 7, // [7:7] is the sub-list for extension extendee - 0, // [0:7] is the sub-list for field type_name -} - -func init() { file_tpm_proto_init() } -func file_tpm_proto_init() { - if File_tpm_proto != nil { - return - } - if !protoimpl.UnsafeEnabled { - file_tpm_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*SealedBytes); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_tpm_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ImportBlob); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_tpm_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Quote); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_tpm_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*PCRs); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_tpm_proto_rawDesc, - NumEnums: 2, - NumMessages: 5, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_tpm_proto_goTypes, - DependencyIndexes: file_tpm_proto_depIdxs, - EnumInfos: file_tpm_proto_enumTypes, - MessageInfos: file_tpm_proto_msgTypes, - }.Build() - File_tpm_proto = out.File - file_tpm_proto_rawDesc = nil - file_tpm_proto_goTypes = nil - file_tpm_proto_depIdxs = nil -} diff --git a/vendor/github.com/google/go-tpm-tools/server/ca-certs/tpm_ek_intermediate_2.crt b/vendor/github.com/google/go-tpm-tools/server/ca-certs/tpm_ek_intermediate_2.crt deleted file mode 100644 index ef9699dfe1ac4854b039a9fd03f5a42fedace712..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1560 zcmXqLViPfFV*ay$nTe5!NkAhpue`I)FKz$5<3B$#3$HQYW#iOp^Jx3d%gD&h%3#pA z&yd@IlZ`o)g-w_#G}utsKoG>?5ax1D%*jm4FUreIG!!!s0SU4T^ZMqO=9MI7<|%|_ zrk2ALa|v^~=jW&Aq$>FMI2-aA@PHI^3$r@s!x#u`L}_{=;ZB?Y`5C)FNF2T_XcS3ta;fT?4ZaLjx;Q3o9ctT?2C~0|NzbD?=Rx zL#u#t0|R4^Vz)?t6DtENLkj~1abBP%10y3NAYot;CBbiGh$3LnxRcgij4%j;c+nr5 z7mBO4;Ak8Y;F#nK@m&+65^{_&vNA9?G4eAQ zG%<29H8C!7J-luv)2FG&F5wA8rHNQPg87>@*BI~fd;Ms=ZJ5CQ%=J;8!TL>=pKH}0ykuZoes{~?Umt}# zuI>w|4qLyAIliKlpOcNt-kL(afXKV`^9y6_b2>pk#iO- zjEI}3V7O;@ga71P^)pLP)GgsDf4XvQqVBcn`3|9ii_{y;GYW;gxWCWO5YxW(`u2fd zQyaNu4f%2FqC_V-u4%s%dYg%vk%4h>6C*D$L^uujfUzLU&&c?ng$0=U*$f0gd{q`s z19mpn^hQ<=Mgt*`h%iV6hXEUqVq#=4kOhhHv52vV2%jz76|spcaIpqo>dtBNcFXb# zPBxGSNh`BR7>G59q<(qwY}L2FQI|UAtOySM&d|s4eW`&j8;3R6^SlxH{CC^Yomn z@j`|=1-DN6EmO(ZyiP@B?ty1>(`^1+Ran=0N?BEq?LgUvOBPp_3yA4YDr|Andbp%x zcl{;ljm(~pIX3Z~U}rX8CACbRW$~^<`jcf_`16bB)8T;M!(mu4#lkekvCiJ#fQ4;$?r?@CP?K73 z-=-h$etEvU7@Z|YBZyD$9l#(b*TK8N! u=}S*;wpdiktfsg;rZ?h2ula5VuABVo|p?In8jR-k~9F-WmbSyh0;<3WGyv1u7CKg;Q{5aU$4$%m}*OOpjVS_8y$1Dl^r z_#V%3JgCjBcM>GFZnC1;k2N+72OeI0>3=(~pSeD;8Od8DQW{=pPZuh=yN=KbGTD05 zRKgcElDNqLU;34g5ym~Td9Wuv+P0L`j7p~y?qzI~DH`o{{+g;(84v54X&OHp>{^R7 zx;0A$l$W)=&4`7vGS`ZHl;@O}hl=vl&@tN@>+XaMYe;BoiFBB^40hG$Txm*8yXRH$ z)+|$5zlC@44QuyL!)557HIk55;=x5^z5mTGdCn&^GQc|!#TIRDE2d< ziafF+GuCv!cqd`Oru1l2@VB=5LAo=#NdsYQA<1dC9-J1CRbDdp>FS6f`7ye=e$yI1 zZfAiAq=$VU-#6cq-&&ria7VQx_P=Fnls;pDqw~&ktu^gls*wDa{!tsUkS*r>|a7GnAe-YG5!oGBX5DJVi9;V}4B4u}TWjZ4#1gu~ZSsEzYa0ZJ0Bi;@9S7<5nq zS{e=%B?KpNpaF6t0Zj?OqEt~TjOE{_ZmfKz_oe+(;^wgmJ0rb%4QNTq+9-9Pdg{Lo z|NbW%iwTG6o~i3k(=fI7saaZY9m!Y}UCV`!mkB!CbGbuq=sYW%Eob}sC;Sp8LTit3 z6?<}jZP|LB>iM|kCa0i2MvG`y&}d*39a1_#=VcvuvFmg~MLcB?YN*RGI>_q`IQNv+ zhQXYNH{zekUT?EzfV}oLo}qIrXro> zYe>87=eq4Kx*i)2S=(RfzSy$l*j+fmAWB z9ru$S6tYJ0TvJ0cQ+lL>%M(KEd+IGg!+rtGP+;Yx8OqK*$M zYt$P*>nM;f;T 0 { - if err := hasAllowedVersion(state, allowedVersions); err != nil { - return err - } - } - - minGceVersion := policy.GetMinimumGceFirmwareVersion() - gceVersion := state.GetGceVersion() - if minGceVersion > gceVersion { - return fmt.Errorf("expected GCE Version %d or later, got %d", minGceVersion, gceVersion) - } - minTech := policy.GetMinimumTechnology() - tech := state.GetTechnology() - if minTech > tech { - return fmt.Errorf("expected a GCE Confidential Technology of %d or later, got %d", minTech, tech) - } - return nil -} - -func hasAllowedVersion(state *pb.PlatformState, allowedVersions [][]byte) error { - firmware := state.GetFirmware() - - // We want the version check to work even for a GCE VM. - var version []byte - if scrtm, ok := firmware.(*pb.PlatformState_ScrtmVersionId); ok { - version = scrtm.ScrtmVersionId - } else if gce, ok := firmware.(*pb.PlatformState_GceVersion); ok { - version = ConvertGCEFirmwareVersionToSCRTMVersion(gce.GceVersion) - } else { - return errors.New("missing SCRTM version in PlatformState") - } - for _, allowed := range allowedVersions { - if bytes.Equal(version, allowed) { - return nil - } - } - return fmt.Errorf("provided SCRTM version (%x) not allowed", version) -} diff --git a/vendor/github.com/google/go-tpm-tools/server/policy_constants.go b/vendor/github.com/google/go-tpm-tools/server/policy_constants.go deleted file mode 100644 index 39d58c200..000000000 --- a/vendor/github.com/google/go-tpm-tools/server/policy_constants.go +++ /dev/null @@ -1,167 +0,0 @@ -package server - -import ( - "bytes" - _ "embed" // Necessary to use go:embed - "errors" - "fmt" - "log" - "strconv" - - "github.com/google/certificate-transparency-go/x509" - pb "github.com/google/go-tpm-tools/proto/attest" -) - -// Expected Firmware/PCR0 Event Types. -// -// Taken from TCG PC Client Platform Firmware Profile Specification, -// Table 14 Events. -const ( - NoAction uint32 = 0x00000003 - Separator uint32 = 0x00000004 - SCRTMVersion uint32 = 0x00000008 - NonhostInfo uint32 = 0x00000011 -) - -var ( - // GCENonHostInfoSignature identifies the GCE Non-Host info event, which - // indicates if memory encryption is enabled. This event is 32-bytes consisting - // of the below signature (16 bytes), followed by a byte indicating whether - // it is confidential, followed by 15 reserved bytes. - GCENonHostInfoSignature = []byte("GCE NonHostInfo\x00") - // GceVirtualFirmwarePrefix is the little-endian UCS-2 encoded string - // "GCE Virtual Firmware v" without a null terminator. All GCE firmware - // versions are UCS-2 encoded, start with this prefix, contain the firmware - // version encoded as an integer, and end with a null terminator. - GceVirtualFirmwarePrefix = []byte{0x47, 0x00, 0x43, 0x00, - 0x45, 0x00, 0x20, 0x00, 0x56, 0x00, 0x69, 0x00, 0x72, 0x00, - 0x74, 0x00, 0x75, 0x00, 0x61, 0x00, 0x6c, 0x00, 0x20, 0x00, - 0x46, 0x00, 0x69, 0x00, 0x72, 0x00, 0x6d, 0x00, 0x77, 0x00, - 0x61, 0x00, 0x72, 0x00, 0x65, 0x00, 0x20, 0x00, 0x76, 0x00} -) - -// Standard Secure Boot certificates (DER encoded) -var ( - //go:embed secure-boot/GcePk.crt - GceDefaultPKCert []byte - //go:embed secure-boot/MicCorKEKCA2011_2011-06-24.crt - MicrosoftKEKCA2011Cert []byte - //go:embed secure-boot/MicWinProPCA2011_2011-10-19.crt - WindowsProductionPCA2011Cert []byte - //go:embed secure-boot/MicCorUEFCA2011_2011-06-27.crt - MicrosoftUEFICA2011Cert []byte -) - -// Revoked Signing certificates (DER encoded) -var ( - //go:embed secure-boot/canonical-boothole.crt - RevokedCanonicalBootholeCert []byte - //go:embed secure-boot/debian-boothole.crt - RevokedDebianBootholeCert []byte - //go:embed secure-boot/cisco-boothole.crt - RevokedCiscoCert []byte -) - -// Known Privacy CA certs. -var ( - //go:embed ca-certs/tpm_ek_root_1.cer - gceEKRootCA []byte - //go:embed ca-certs/tpm_ek_intermediate_2.crt - gceEKIntermediateCA2 []byte -) - -// CertPools corresponding to the known CA certs for GCE. -var ( - GceEKRoots *x509.CertPool - GceEKIntermediates *x509.CertPool -) - -func init() { - var err error - GceEKRoots, err = getPool([][]byte{gceEKRootCA}) - if err != nil { - log.Panicf("failed to create the root cert pool: %v", err) - } - GceEKIntermediates, err = getPool([][]byte{gceEKIntermediateCA2}) - if err != nil { - log.Panicf("failed to create the intermediate cert pool: %v", err) - } -} -func getPool(certs [][]byte) (*x509.CertPool, error) { - pool := x509.NewCertPool() - for _, certBytes := range certs { - cert, err := x509.ParseCertificate(certBytes) - if err != nil { - return nil, fmt.Errorf("failed to parse cert: %w", err) - } - pool.AddCert(cert) - } - return pool, nil -} - -// ConvertSCRTMVersionToGCEFirmwareVersion attempts to parse the Firmware -// Version of a GCE VM from the bytes of the version string of the SCRTM. This -// data should come from a valid and verified EV_S_CRTM_VERSION event. -func ConvertSCRTMVersionToGCEFirmwareVersion(version []byte) (uint32, error) { - prefixLen := len(GceVirtualFirmwarePrefix) - if (len(version) <= prefixLen) || (len(version)%2 != 0) { - return 0, fmt.Errorf("length of GCE version (%d) is invalid", len(version)) - } - if !bytes.Equal(version[:prefixLen], GceVirtualFirmwarePrefix) { - return 0, errors.New("prefix for GCE version is missing") - } - asciiVersion := []byte{} - for i, b := range version[prefixLen:] { - // Skip the UCS-2 null bytes and the null terminator - if b == '\x00' { - continue - } - // All odd bytes in our UCS-2 string should be Null - if i%2 != 0 { - return 0, errors.New("invalid UCS-2 in the version string") - } - asciiVersion = append(asciiVersion, b) - } - - versionNum, err := strconv.Atoi(string(asciiVersion)) - if err != nil { - return 0, fmt.Errorf("when parsing GCE firmware version: %w", err) - } - return uint32(versionNum), nil -} - -// ConvertGCEFirmwareVersionToSCRTMVersion creates the corresponding SCRTM -// version string from a numerical GCE firmware version. The returned string -// is UCS2 encoded with a null terminator. A version of 0 corresponds to an -// empty string (representing old GCE VMs that just used an empty string). -func ConvertGCEFirmwareVersionToSCRTMVersion(version uint32) []byte { - if version == 0 { - return []byte{} - } - versionString := GceVirtualFirmwarePrefix - for _, b := range []byte(strconv.Itoa(int(version))) { - // Convert ACSII to little-endian UCS-2 - versionString = append(versionString, b, 0) - } - // Add the null terminator - return append(versionString, 0, 0) -} - -// ParseGCENonHostInfo attempts to parse the Confidential VM -// technology used by a GCE VM from the GCE Non-Host info event. This data -// should come from a valid and verified EV_NONHOST_INFO event. -func ParseGCENonHostInfo(nonHostInfo []byte) (pb.GCEConfidentialTechnology, error) { - prefixLen := len(GCENonHostInfoSignature) - if len(nonHostInfo) < (prefixLen + 1) { - return pb.GCEConfidentialTechnology_NONE, fmt.Errorf("length of GCE Non-Host info (%d) is too short", len(nonHostInfo)) - } - - if !bytes.Equal(nonHostInfo[:prefixLen], GCENonHostInfoSignature) { - return pb.GCEConfidentialTechnology_NONE, errors.New("prefix for GCE Non-Host info is missing") - } - tech := nonHostInfo[prefixLen] - if tech > byte(pb.GCEConfidentialTechnology_AMD_SEV_ES) { - return pb.GCEConfidentialTechnology_NONE, fmt.Errorf("unknown GCE Confidential Technology: %d", tech) - } - return pb.GCEConfidentialTechnology(tech), nil -} diff --git a/vendor/github.com/google/go-tpm-tools/server/policy_constants_test.go b/vendor/github.com/google/go-tpm-tools/server/policy_constants_test.go deleted file mode 100644 index 37dca1883..000000000 --- a/vendor/github.com/google/go-tpm-tools/server/policy_constants_test.go +++ /dev/null @@ -1,56 +0,0 @@ -package server - -import ( - "testing" - - pb "github.com/google/go-tpm-tools/proto/attest" -) - -func getGceMemoryEncryptionNonhostEvent(memoryEncrypted bool) []byte { - event := make([]byte, 32) - copy(event[:], []byte(GCENonHostInfoSignature)) - // event[15] is a null byte. - if memoryEncrypted { - event[16] = 0x01 - } - // Last 15 bytes are reserved. - return event -} - -func TestParseGCENonHostInfo(t *testing.T) { - nonconfidentialEvent := getGceMemoryEncryptionNonhostEvent( /*memoryEncrypted=*/ false) - - // Empty events should return NONCONFIDENTIAL. - confTech, err := ParseGCENonHostInfo([]byte{}) - if err == nil { - t.Error("expected error on incorrect size!") - } - if confTech != pb.GCEConfidentialTechnology_NONE { - t.Errorf("expected ConfidentialTechnology %v, received %v", pb.GCEConfidentialTechnology_NONE, confTech) - } - - confTech, err = ParseGCENonHostInfo(nonconfidentialEvent) - if err != nil { - t.Errorf("failed to parse GCE confidential tech: %v", err) - } - if confTech != pb.GCEConfidentialTechnology_NONE { - t.Errorf("expected ConfidentialTechnology %v, received %v", pb.GCEConfidentialTechnology_NONE, confTech) - } - - sevEvent := getGceMemoryEncryptionNonhostEvent( /*memoryEncrypted=*/ true) - confTech, err = ParseGCENonHostInfo(sevEvent) - if err != nil { - t.Errorf("failed to parse GCE confidential tech: %v", err) - } - if confTech != pb.GCEConfidentialTechnology_AMD_SEV { - t.Errorf("expected ConfidentialTechnology %v, received %v", pb.GCEConfidentialTechnology_AMD_SEV, confTech) - } -} - -func TestParseGCENonHostInfoUnknownType(t *testing.T) { - nonconfidentialEvent := getGceMemoryEncryptionNonhostEvent( /*memoryEncrypted=*/ false) - nonconfidentialEvent[16] = 0x99 - if _, err := ParseGCENonHostInfo(nonconfidentialEvent); err == nil { - t.Errorf("expected error parsing GCE confidential nonhost event") - } -} diff --git a/vendor/github.com/google/go-tpm-tools/server/policy_test.go b/vendor/github.com/google/go-tpm-tools/server/policy_test.go deleted file mode 100644 index 1db85a405..000000000 --- a/vendor/github.com/google/go-tpm-tools/server/policy_test.go +++ /dev/null @@ -1,153 +0,0 @@ -package server - -import ( - "testing" - - pb "github.com/google/go-tpm-tools/proto/attest" -) - -var defaultGcePolicy = pb.Policy{ - Platform: &pb.PlatformPolicy{ - MinimumGceFirmwareVersion: 1, - MinimumTechnology: pb.GCEConfidentialTechnology_NONE, - }, -} - -func TestNilPolicyAlwaysPasses(t *testing.T) { - subtests := []struct { - name string - state *pb.MachineState - }{ - {"NilState", nil}, - {"PlatformState", &pb.MachineState{ - Platform: &pb.PlatformState{ - Firmware: &pb.PlatformState_GceVersion{GceVersion: 1}, - Technology: pb.GCEConfidentialTechnology_AMD_SEV, - }, - }}, - } - for _, subtest := range subtests { - t.Run(subtest.name, func(t *testing.T) { - if err := EvaluatePolicy(subtest.state, nil); err != nil { - t.Errorf("nil policy should always succeed: %v", err) - } - }) - } -} - -func TestGCEFirmwareVersionSimple(t *testing.T) { - zero := ConvertGCEFirmwareVersionToSCRTMVersion(0) - if len(zero) != 0 { - t.Errorf("expected empty SCRTM version, got %x", zero) - } - ver, err := ConvertSCRTMVersionToGCEFirmwareVersion( - ConvertGCEFirmwareVersionToSCRTMVersion(23), - ) - if ver != 23 { - t.Errorf("convert functions aren't inverses, got %d: %v", ver, err) - } -} - -func TestEvaluatePolicy(t *testing.T) { - tests := []struct { - name string - log eventLog - policy *pb.Policy - }{ - {"Debian10-SHA1", Debian10GCE, &defaultGcePolicy}, - {"RHEL8-CryptoAgile", Rhel8GCE, &defaultGcePolicy}, - {"Ubuntu1804AmdSev-CryptoAgile", UbuntuAmdSevGCE, &defaultGcePolicy}, - // TODO: add the tests below back once go-attestation has releases: - // https://github.com/google/go-attestation/pull/222/ - // {"Ubuntu2104NoDbx-CryptoAgile", Ubuntu2104NoDbxGCE, &defaultGcePolicy}, - // {"Ubuntu2104NoSecureBoot-CryptoAgile", Ubuntu2104NoSecureBootGCE, &defaultGcePolicy}, - } - - for _, test := range tests { - t.Run(test.name, func(t *testing.T) { - machineState, err := parsePCClientEventLog(test.log.RawLog, test.log.Banks[0]) - if err != nil { - t.Fatalf("failed to get machine state: %v", err) - } - if err := EvaluatePolicy(machineState, test.policy); err != nil { - t.Errorf("failed to apply policy: %v", err) - } - }) - } -} - -func TestEvaluatePolicySCRTM(t *testing.T) { - archLinuxWorkstationSCRTMPolicy := pb.Policy{ - Platform: &pb.PlatformPolicy{ - AllowedScrtmVersionIds: [][]byte{{0x1e, 0xfb, 0x6b, 0x54, 0x0c, 0x1d, 0x55, 0x40, 0xa4, 0xad, - 0x4e, 0xf4, 0xbf, 0x17, 0xb8, 0x3a}}, - }, - } - machineState, err := parsePCClientEventLog(ArchLinuxWorkstation.RawLog, ArchLinuxWorkstation.Banks[0]) - if err != nil { - gErr := err.(*GroupedError) - if !gErr.containsOnlySubstring(archLinuxBadSecureBoot) { - t.Fatalf("failed to get machine state: %v", err) - } - } - if err := EvaluatePolicy(machineState, &archLinuxWorkstationSCRTMPolicy); err != nil { - t.Errorf("failed to apply policy: %v", err) - } -} - -func TestEvaluatePolicyFailure(t *testing.T) { - badGcePolicyVersion := pb.Policy{ - Platform: &pb.PlatformPolicy{ - MinimumGceFirmwareVersion: 2, - MinimumTechnology: pb.GCEConfidentialTechnology_NONE, - }, - } - badGcePolicySEVES := pb.Policy{ - Platform: &pb.PlatformPolicy{ - MinimumGceFirmwareVersion: 0, - MinimumTechnology: pb.GCEConfidentialTechnology_AMD_SEV_ES, - }, - } - badGcePolicySEV := pb.Policy{ - Platform: &pb.PlatformPolicy{ - MinimumGceFirmwareVersion: 0, - MinimumTechnology: pb.GCEConfidentialTechnology_AMD_SEV_ES, - }, - } - badPhysicalPolicy := pb.Policy{ - Platform: &pb.PlatformPolicy{ - AllowedScrtmVersionIds: [][]byte{{0x00}}, - }, - } - tests := []struct { - name string - log eventLog - policy *pb.Policy - // This field handles known issues with event log parsing or bad event - // logs. - // An empty string will not attempt to pattern match the error result. - errorSubstr string - }{ - {"Debian10-SHA1", Debian10GCE, &badGcePolicyVersion, ""}, - {"Debian10-SHA1", Debian10GCE, &badGcePolicySEV, ""}, - {"Ubuntu1804AmdSev-CryptoAgile", UbuntuAmdSevGCE, &badGcePolicySEVES, - ""}, - {"ArchLinuxWorkstation-CryptoAgile", ArchLinuxWorkstation, - &badPhysicalPolicy, archLinuxBadSecureBoot}, - } - - for _, test := range tests { - t.Run(test.name, func(t *testing.T) { - machineState, err := parsePCClientEventLog(test.log.RawLog, test.log.Banks[0]) - if err != nil { - gErr := err.(*GroupedError) - if test.errorSubstr != "" && !gErr.containsOnlySubstring(test.errorSubstr) { - t.Fatalf("failed to get machine state: %v", err) - } - } - if err := EvaluatePolicy(machineState, test.policy); err == nil { - t.Errorf("expected policy failure; got success") - } - }) - } -} diff --git a/vendor/github.com/google/go-tpm-tools/server/secure-boot/GcePk.crt b/vendor/github.com/google/go-tpm-tools/server/secure-boot/GcePk.crt deleted file mode 100644 index a46640a555f2de3b5db50d32dae97e3460eff614..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 762 zcmXqLV)|y##CUH3GZP~d6DPw}FOe7N&9Scxc-c6$+C196^D;7WvoaV681fnLurY_S zF!QkHrIr_D8_0?C8d?}w7#SKFni?9KMuEAOMg~wW79CBDO321CvNA9?G4eA2t>NBUV>dC*bNIBo+kpISc*~fl~O7EC*a86%A`$VU6nTq_AYj2g#-)|_c5ODB)gYxfv z)?tsiuDidQYq0)G>`Lb3&P9JLA5L4?e%O{-ZPVpNId4u(zkcqP#H&qHZ8o#8v!7$? zI)BS5P@uzJb%VFvnY%x4-447uQEZm%LiW8Kk3I@*`M8;3()P#c&(`*2-BGufy>rDc z=b+f$_xHlIZV5*wa8_PkSrgv-H*i9t`P};2C)@L;eh8ZFJnxQ&jqKSymh*)czi{Vu z+hKNR(&niv&Urm{Q;zUvVrFDuTpVl=Xdnv=X<0rNF&2>-0WHiz^x5^VeKoXXBT6g}m|4&gaHI@kBCscnipyjAds-l80_rEg})eqc6K zHv4hfpgG;jN?tojQ9MCs*H^ut8hNME3L-Sx()%-8av0PjRObYUu)ZwVk&qYC>b0ID zx8GHIS+vO?HD4K<#)rFA^eP_+Up%p<=4QQxyP$KUWVUfY_~YVv%j(ZSUCajjoU+}I~iMpQxhX2!;u$TyY{aQSKFX=_|@~@;Z-h7vFyCJyq=b5 zJ=?(lCinH5`kjxXl8tHv#r^pnb1%0Lo!ocq>w}h!vu5i&|GItRHO_~R4zR3PV<2R91&S9_(-|4 zw_y7cS>HG7p3eCtcIf)S(^p;`(SJJgok}H`B=nQM3VkEpIuxws!gliCC zV&ReFVhCm^Wk_OhW^gp%2I=Hy0U6U~zz^aGGcx{XVKra|QU>xM0c92m1F;4X*R&w# zhjkHx`>*-UQx4^@wo=MkVGsjSAkPwN5Nr^*z<+^nn|DS@Nr9EVesWQcUM?&x>m}#s z>K9~Zf<*NTitQ<3X)E3>+FDvQfnk;IlCr2*mD_ikX9ZRZqL6?=D`>xf9< zxfXsxa&bKCwcE!oWS;ZzHroC=_L9NZ17COSs$gHN{crYdldzUIO{dm5sus-2e)(?# z|Mh9|PoGbb-=xLU>-}FtQ=t0$^_ry@%XYG!sC>&mVbYvK|L*74oX7zgh@9nG?To0`c7HO3KZNRe1+$`~ySEjVd zjf}U~n9k=+;kkT1N2zk{#t(a#7r7;@Ji>lRvFYRAPcJHs687I%vs6jM`_#c3-mh!z z!%a6m^Do`9A%R&bc-_QG*=w^Md87gG}>Bg0aT9G~N^oLSyHOAfTxvz78VGlrx*5UXc@ zJE@j?Q}KQtu47)Vi3^U3=}x=+ReQm2U(eZ&4HIm3hWvfD=i=NWOC-AL9lK&8n=_1d z_qd;YSGY&fe^yt`e;51Sexprl9_vcCzB}n7=OtP9q-mCHMY%7}hP~hTFNkO^jv05GgVcV&l|i zV`O1$G8biJVFk+>C?mv}Sj1RFejLo+USA&U^;y+i)^DL&HNQeZgMlnCMr8Rw(!y)^ zJ9F-BDwxxA)!#7hs?v-u=_>}3a5F@hSa{^P7=jr}8Il;B85|9`K|1+aSb!Oz&43@o z5oTok&%$cJ45SR?K?2Gw5(Z)oBCcsc&JXJ%1ovO_o2MMgVQr<9wZb3jRSyFfRa;I52$! z6E`qT#{<)hfi4gknCbzQ8YHlB0KUE;q>3&%(?GnJZl9qB1|>ijLOt&-U~UZJ4t)3%5Ajph!hU}{4&C1 znHYD|s@Sznw;Gxq+4{H0eq!GFSt?fgW59%;n?qZiG-MR^Zdw;8a`eEO=~ESDCfw%# zQ$BBM@x+c(d-n$IWDVfGA3kqE;#=OQxvDoE_{AMgoLlU5$anoLAz6-){=LWd?9{gP z)Rs5;lckvHKl?QI|H^}7P`p3e|O3K zJ97OESKmr}(H9ZR*1wn5vqAak@s=BJUmY}VS{vpqq5CmoD*M^8kH{0YRa-%tSY$V?b_=s>rUTrh+NQeajH+!L?x*b*&bVWK9^-r zHq16L-S}%;@Cu#AH%nLxPt4u1>xHyS+7tH>zP_;f&GW@(Y-+oZVK+f}tA1R6Kx^-@ z-lllRgN1MfA-&c}SF>PgInqRZZ2P+zbh(mdgZ#grWnDhht= h@@Z?I^6kMoCf9eVhqf)Q%M>eRpEUdHvOST_5de>mHUaBvrw&v?L?HD6^ze z!N|bSz(7u%*U-?=z|hjr!o<+TC`z2y$PB_Y1#t};TWI1`Jp&zxQ&ka84bRL=$uBQf z2q?-=DNP3XNFl)45#&rmgC<5L{yk8AUeRmzWhZyaSqGceJiYuzeP_GO zznv$QIrCSzO+1)4&BpQa>BaW3Oj*8fGUZh@V$A;kbr$8C@<4LS`TK{29vzBSf2Uqy z&>gMCnXS|roFJxiAVW5I*Bj5za}#@7GdPP~Vrv(LXy2{;E_&WHHb+J~=G>k+%H8>S zTh(rw2_N>qroL{ck+tI_orlNImcLjP;`cpmjt1Nyo%}2yW7-V(K^$R5#{Vp=2FyUpKprHZ z%pzeR)*y2ATiEIT7mH$&GA`OqnGk*b+$@PB24Nrt@+|%az6Rb4JQujPxn`7<6jrfX!Z2UKJb#l`{j zA}cF9BO{BSfscU~jBmiyW(T#Ryu2Kn6~N4Z&+HQ9ga*v5%uT=m6!}wA7`U|ZP~N8Z zmUeq=g81{a?FEF3|EFLizEK78Zu;`nWUQnsi*c*pB~ z$qyde8m4Y&eEMn4S+OPaZC7lZeaPv;gqHXa+5erdcFDR=$lp-x=Q!VCe*DvgTAKtX z7I!IXd^mTn*fQR3bxgvW`^*9>E_1&8@@-n{w)()1Ge@>ec3(c~3GG&F?i{ z{8lQ-ntpk5c$}uR<%xH?56?bvEsnl$>0H%nG07&khzoIZ8#kw~&oTY9=c&EQBhy7( zrEK3M!e(Bn(7DJe{rW-&EB)G3mq&^vrrU323H zMVl`&2aoQYFqyBzb#mLwjS4gO%{YB@>XO)`YYUP&6!w-1l-JsRcHKFD`ux-34f)0^ NSsC%f_kI=F#?@mywa1mBFB~#gN;8lZ`o)g-w{r-N{hI zKnTR);NkWx&Pi3sPgC$s%rg`)-~)-W^RT<*m!{_=78{Bih=N48c=((X^YZgDlM{0k zd`eRE3{4D-KoZP6+NcshbBaq+ixiwwi%K%nfa*(96&y=TGV+TuODYZI#CZ*k3``7- z3=NGf4J@L>c}+lEAOLd>>WOhBPB%e4#m&PVoSIx(l&avApI>6AZJ-HpsS=t?krXKe zXQt<6=A|1nF)ASk9V06Pa}y&!15licsfm%1;bi>mq<-!VDNSqkoqUw^*!$9axvr~; zQrfW=U$&pyIctaW4(I9RtNrVF3f#E=)aM?{ebo@hcxii@T>CxV+zXD=S1eu6lkES! z=1|a?1%@kkcgD_?bIT7c-dUFU=K8@uir0>@Klk6ObnnTEXx-aWO(dsZ)9_aGIkj81 za+!F2)X(&1F%_=10=XN+Bh>_thCi@BdcO7WW5lt!wJ{tbfVKx|}Ef z@XOxC=k_goeAZ@bgwDJ}%rXf|=9d2*nGR|$Ne%pOY_iHp^yk!yKe}IUb+y(s&HZhz zlf87s{hCnj20fb%$q&z3cyzuHVdHMv^Y;pShBUw3P0_nk1f`jn85tNCH!d(}oNK@X z3|3iTM#ldvOa=@F@*tini-ds~8;3Rq&kwTYoY)J2c*DpJQV$!y7n%N-9^2NBWaRKbCoYcz*Wm-YJhcFU9JLNwbP_ zpLW?|m*}K)L@UPcsO;iL4}vzm{?e^|$HFr9cgMo8)Oc-wwf}4t0z$8QVvQajb6u}G zd%^#{_wJmFUv`^Mnv_{qXJS2xHQjH6>f1eW@%>w_opSj90a&Pu=70 zNAD3aethh!#I~E??{40*(C~6pOl+;)ey%4^UTlf1wcgURSbD3%;+=La`8|pZhb;kr CZGF-J diff --git a/vendor/github.com/google/go-tpm-tools/server/secure-boot/cisco-boothole.crt b/vendor/github.com/google/go-tpm-tools/server/secure-boot/cisco-boothole.crt deleted file mode 100644 index 8524be328412c2b211ec99bdb33af1697864b790..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1164 zcmXqLV(BnwVlG&~%*4pV#K|jT8MAy+Rlp$wUN%mxHjlRNyo`+8tPBQ@h5`nBY|No7 z+`{Z3`8k=niFt;620S1UE@4*Z%;MyHLs1T>U=KHv2WlkDQXY24ypqJC)M7(v z14*zYJVGdz1eYcOt!QFYLUuSKD+6;ABR>OBoQtW6k&$7CZ`%dMMcR_{CvYt*pJ5my z6@K8gaIf9u#80Vp7oT+~o#j~CE#W^`|A)6+#>DqNfrq}=r+<-jTi*HCiT~k}bKY5+ z=?*8--}JwHaPQBDM{8X_Tv`#nyPJD)S8?d$@XLP=9qE4+@TI@-s62XJG-xKAV9MFkoecL3|DaHXy~s$Y4;%#-Yu|$jZvj$jDM;P+;Hy z;~OxwnPild6jIpY z9*}FG12=)OO#x~GP-${mF_Ix5z4^(-1qSjUHz~777>G59Jdi%VYS-~wf*dco@&`y0!j`)2+xA_FiO=V@ zJ^k*ggy5UDuLak>a;s0__r6q`x$Csk`R$o(A=f1S^)#(nqx3HEUf;dx36g$~{GamA zKbtWB1n1#z@-Zr$C(hS1mTbHs5wH&ELqD6P?QAe*BPjN^8r>eUBET@a;-V_^YV% z!|}m&7xQyP@g^##%uev%{FeGTEc#UQsXvWh_}qW|>b#=;?Xq}JsNAK$#rjh^OV?Z% a{rYx-$R5$?TRkZ}YR9*I**bsLj_Uv$xu*93 diff --git a/vendor/github.com/google/go-tpm-tools/server/secure-boot/dbxupdate-2014-08-11.bin b/vendor/github.com/google/go-tpm-tools/server/secure-boot/dbxupdate-2014-08-11.bin deleted file mode 100644 index e79929f7ed1fb13d39a4f87eeceeb0f9376e22ec..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 4011 zcmd6pc|4TcAIE2x8DlWEl1#QT8lG9~b)!K_B1^O}n2E8Corx@SMVnhB6^f7$vZPS5 zwh`e9ZC6Cr8WgUC-!t8NyIsF~fA^2y>%Lz1c|EUZ=6lZPe9w8#`JDH2o(sWIcyTGn zZx;>={)0`5UhKHOz1RKyw&QuU!#cZJR{@^L2N)De#sOHAFeBCs%7PTFJ{1DP#6qP1=C?>JRVh??H+6W(g{Y8;nyZm445H0ii`n- zQE)p13J#pYL9hakws#J2XZyGXa(u{QfT*BQ2rp#KVtR9YnB+CUYC#DaFJ-}Y z_2&d|4h9nF9DiSqzjGiPY(WIp3+mzcwSQVqFgGzL(2WQbfJ_F~$Y9A-GI&ua6e@+f z7Ywxk%GVHxPWnfNC<34bL&V_WMwWCk0BHO&;B~(b*q-gf`Y9z5zJX!f=Q^W zyR(lQOAr7&sN%Pi2`&em2gO0aax{zwg+iXpJ+&E0kv)BH)#O-R3B`TMoEbko+99l(5I>H_l)BR7{IA94>5Yn`dAYBOX+7!#Z(;ehQexTK=TG%T2o{=hw=}eVvMFrjw){n!B$YS5!Wd{ARJtI3y`4 z(=JrHnOh`&;mXAb%L}3LCfn?Cnx9>~qI|5)%A4sT%2`vv`Jc^nMgEO3YDa*t9y`iP|KC&!qlSaQC(aC1wlq7ge)K( zCF$~+-jeZMcC(vA$G&HF1!0eG9(Mw41Of%b4q!WAmSLJ<9J|FmFwj?DQ!^waM8o?x zuWPt+yfuA2*&N>hO;>*}P0%x-`$1FFjRcl<59~khzdk6$X1jEKdp-TuD0QuII;2sBU35D>i#ne+TPM}qGQY&3T z)4iHTCKHC%`?;PPJ)Ii=G&1VaiW$%je-U7T@4 zWh~J#sO2V$y{=o1iBeMqws^>OOTctCd07&+O7)Ry{bnJf%0pofA`DKwXF@wZYUK~` zBb?>idJ7ccCrw<$v;6C+GfDUe@zm7)A|-_CxiVkAfu7^@oJ-FqH|18=>?j+}Ukstj ze?UpprPmZX6)I%d^;RV7HvrLel6ziZ3B`3W9ZSn*IVM(D0>3=u_9 zOKZM1qwM5Js?YX23$ZKVJ(AI`l3zO&FHwFpK@H>9k*)-iaTp|H+b?89JEPl=egPtU z*<=CH3I7Of3;;cWTj6-h?|k_Nm;_sQwm*|#G8$j z7QSm@-F2>E3^y+Fjdkwu#V{fEDXHIRXbIBL91!~oK`AH#{8mH0A>p55Y30`jk}!nG z8Z^WP5(II9&>==3P{FN_LkQBu0=TanKmu?O2Y&#b$w6y+Uxb5rP1nv#N_Hy@^c6jF zf&GFO3J5#E2H2HhnPCxY{wt6`aQ!#%zR=FspTi7t{R$<}x}a}C(}G?VkPje%H=yzBOPvg3i6$Xcr6iSIA@#ahG)x^SPyTh-v2Uj8= za^K-jC#Kae_HrV;aABQwCa-9_lJ#(dj=Otgk;xy0a<-IZgeU+bDKUwETKP0Wb{o1-0BK~vA zraDG(AGJK|Xgg~qdeu-tcy=8xZl`XECib3W9A_b3FNWS(iL&{M&xG7>9)88a~I?g@cz!trgwVHrD_j8kE5v05EL#?D(kS8reuKWVy z!~WuX_B*vZC^0pc$UJBxxXo(8BQp?v{$D`HzdVV5dzSy^U=E%o5j-fwp}wy!BIfCi ztt!Fs1A!>jfuyI6{xZpz^L2s!?$9uG@fwfj_{Y^hUk=qM?c@ix9_Q1_pPG8k89Ivk z?V8n$qf13j3?(r($ayu_9ZPsHB^p00t5Nd#s-)66+UvDwfR(!e)0>c2Z*z&PZKegW%^e*d&qdtxd#&&x4#xcx}fs^~?lHS{yFPp*im9^vOYU6OnOX&Z zCfD`T!eqc>(**VOF3tW@Pl$|%cF)WEmq%IW5VxNpMYHy-MA#~ZjdiOgYU&p6glnAL zVmZep+9nFyHlbs$=?3pg+1vktsh;zb!IsP)m1aEbJ+r1c+dmVZ6b4^Zm2RxtVU=iD zkY_ZfeTKgNB<#y48v=ko)hVAs_P{9?)r|EYhfal>N8NbFCf8tL3kf-ER<>KpXIsDZ zE;T%v%djv~NMxm>m+PlBzt8%VHs6(q^Ixz0VgPPJ>)3ZhNZHfi?BN0*xzk6$wJ#UBBpLYhW$brR&FyW*5>t)%L2RQOosjo7_i? zOkGkYHnZ!0_VMJq%mHQLoI4LgZ^h4@gwqC>>l^Y?OtIO_4EqKL@9$fuKNhXHC8o!H zcZ?E9ns{d;a&WocVLoXU|7_+SdfB{_idaVP=7Aj!j~vkzh&Z(%_iN|;mg{X28Zzg_ z*TQo0*Su6I3h7Hfz!7c{eqU;JL9wP~PvYoueV3|KguI8}i8|$L@tNVbSwb5!^us(= z4p%o{^=kLWtZ!`8 zzkFgt&pV%7MmT@tr@pF1aaPd&skf3b+l`m&PtOmDvb(5;@!!daxKmz~b_l;-r?Rg1 O=B8~OXZ>?N?)VSM+ZQ_k diff --git a/vendor/github.com/google/go-tpm-tools/server/secure-boot/dbxupdate_x64-2020-10-12.bin b/vendor/github.com/google/go-tpm-tools/server/secure-boot/dbxupdate_x64-2020-10-12.bin deleted file mode 100644 index aa7b71627b0132d1fde03861cd54e87b9872d111..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 15281 zcmd6t1yodR*Y_E^yOc(eh8aQ{N$KteVQ3h-M7l#d1nCf@l?LgQQb0nH20=QP?~#Bm^cgq=cLNy&f)If5(6P)Ta1|cJp@WRc}-y{p+D(Q>P_;nNdYYTr}0>Xh?2o8eafU(d~bWqVrkae^m zBw(WJ1ttl$o`t)uowJPx%o#!m#=ky@L4u(PwQ_}EZt!4Fl!Hb zX_%V}%+12X4t@n2nC1FB3JJr1d7fTLR*7C(lAZ?)fq-c#@OZ#rUN9d-kPpl!Xb4|I z;7i`Wmf+xs{}mU(V6NXTGXLYEo}IH5%-fw_NA|t~y%N-yUe?Fb*238adc6RLfEfRL zeef>;B?Lr(1V4_A90CF%Euu_`GU-h)+`QlT4?tex4Jky&O8X zthcd1E8wzH!@ubS-oMv8xbyOY-RAZo*9X5_w==sPK7xj4-0aKC-K$kc3@(HZ-%Z^VD;zcSX=e$8kpH?NDjEqM508-0T?jiLzaX!G5SZ@T;w@B4FnJK^gA3`g zeDUHD8{$c$d7a9Kqm40UV6AI_4pkYf2$s*kpDz<3W$WSLBFxS0?d{Fw^mlY~S;CyS zT^#ISF7DixZjRh=f8g;B4`XS`>mW9}{)ZEMmy?H&3w|1Gj*ba`W;8Sm5C~NptOC%-((zIds$qsY^U>Bcw1 zF;B!8Lg3?V;n%^vM=2%IPQfYsIUDjFlg)!TPVkZLJ@k_kr?#s3Fq_$EYHcsKb*V;^ zNKFe_UF|DjHj%d<-ze5ieZ=3Y4;U#nqvdIONtH3SME`PhUzM=%%so?tu=>j8IP0x` zjd49D{-M8C;*2TU6AzA#;l=q@%p3+|=R3_QlY5-CscfI5;aa!_*TOfywGi6^`)$-O z2}A+BEO2nr|BAkdfQ7DO7lnl9pV<9FBI&hl?cA*B)h*mSeCbsz+#H}DE{+zKPmOTDM6l(ZuIL`#hQXUVSEQi%)WpjKwX-b;GT3PKvEvp1m zFUcRFt7lm~(+C_2S4*Ie82`z=l6Mu-wYNPseynBxKp025WtHjjC))SvKGF)J)mzc= zE=|QWD!bJiPk)g2%yy4VZ}o9+JlVe;i?SPk82haPpR=6{ILpO@d z&}Kdiys;aXSK?{fF_{FPbe%M}`d}2X|IGftryI5#^151*$>piT_RmCu*>t*%PpNb- z*l^>Ou2@(JAD+$nm%R0AK^yYjBS=hs+VgV>7T`$maJpOeBcDdP5W$A2?i?jr`Y}eS z)XRMDOUxUGuDYXn5x0sXM@ldC1E%e4$dUqr4+BXy@M2>`Bg1yq#$QQqRB?u-Jho>y z^q2Xe`8;@tle%qLa|wy)Tb5Y2dF={sLs8UQ=nd?fpDO)}yF(&X1?#x+`bi^Um+@Tf zLXDp`dzaV8n8OZIr4CqQ6Yook1XJ0}eU~#YGsqK;skl=Uj*Pxlbzj<1 z3h$ej_hIxfgnYd`-16ly@0_bFVI)<0-94wY^XQ%)|BFpE&-z+(6h^J;Bww1DY)Lw@ z2yK@ai+KD5{A;sy)$qjp$hfv&PxbC3PgrLzBm~q4-)3F#A{iW<`Tv1B{O*e>LIg9jS80YQ`NID<)a4f(mvo{s!wP z4i9;X?PYAEI*{vU*G}$A#c_mnkx|&q{9dDjq2^A)`yIJ^iL=P`Y}U=WmnANy9P{_* zQsPD?6Qj5%VtKwJtHiY46I_}X{Rxf5*!jRn0m>C93aG`8Xv_9OC2symBjKrq!eY`W zRPeU1=@#k!CG7D*r?HP8xGk<9>N>1Qb(kkI{o^cGBA@p(?(0h!9X?srVgSchu-Z@3 zl>jZ8PVTA&e)mVXbWGgIa@BUW!bJ^f3pWk7IW_y=yqdB`$w?KaUcI#0UR;mG#5h0EI{8l{w4trvx7* za0n_rJilZ9&hPLq{*TxBtFsCFBdyCxK}f;G*ZCL|7e~R}5lRoUhG*S>S{qyp8JMSy zqlG(!0!((zVdLUUTR6j6JaKxFCFBp6e4Rxa|La0&d6M1L{UE4c9L_YdG%# zrI+;du!XtVdHDXyzV2>*<#fnjOK{--jhFwePk%iW4la%s)Y8)pN-qVk z9w6*s*595o0zCZ#qSvysafbJI@NM%ycQwOi*$)zMYOO*lJBC*utSL?A(Z;;9xXErJ zc-%DJlGQBTES=$9p%#eiav$d+&}qQwbC4-$vdNk@auLtzjbuhyNe!;0+L?ck=4d{o zye-<~3GIEDj(dxj-R^An1;fk$#wWE`jEn1KMw}ng_-?12i=u}H#aEGX0Z!J(Yr1g|Tbx1(vDx54#Zh23{Kd`-K8-(@@7uLHSUo_rPx;7@- zpwE%pgFe<$Eqg_C3w#g7f5kOt^nY&ba`GLrK|^zYb0imuRi! z%9x;h^cE>PPDuOZG=?n|f%rVx$5bM!-+4SZ9~_(mD7t^O7EITz#oyIE3JN;*U%d`C z3ObnMceft#O$vmEN=HruZ(W?Vw3O-Ppw8Dl4Akn+nE9h1u#jgf48_BKQDyiQ$4&ix zBJaoXFaMU;tCF7J^sv>PP@u-$YJ?izdCX^M35fq+JwQTC0XiLP6Sm^J{>$JBrq5lE zRxj++^LPCA8Gp4(0C;NmOGS&tYwkWVMf7bxM*PZfvR!C zca%_x;DyMiqW7rrH1blR*kSTE>xJJ+6~BBM8+(f?&28t98!#KT~53`o5~Ks{;xOHZEu*Lo5K*AtiDdV+;V zEoA&G*-yO(@Ls`^e~&|ONHDZvj&@FP6~X@%8SrrknzWreycwkdQ~lb2B&51_ZXTX+ z1^G2mxGwGCV-GMryt)?z^T9_P0(=6ze1?<+JYXTAUkC0&gm}S*;CufviTjtyzh*Ev zxEPYo9u{s;cL){u#_wHD{BJkW@_Ycl#edq>%_QmW-}e^a8hO*&B4=s63tIlgiKS@fk8!AkMCl0B=9#E{Ky!uImw z#h2A8*)Nl2dTp^dMKSI=YkE@`J$(tE)qjL2$XnO>uoued$ctK8))T&VC>0^`WYI=xu*8$)Sr zW+M1J7dIv~MTzh|1`OFXXH7WeqV1)4M%3HyT2ZN zcQ$2wC;CD0k=)LSbOrU(TqGBX0{*XKKA-#R{;tl0;cx2EukjWQ!F4lzT~wq0$`rqw zYfLaY{P1C5&-)neF&-X`5Z+RU7zs3db*OCm+0oQYbzp7g=PpGw> zo23O8yx4`y!{0*zPz3#77T~C*mpj)#My{`gS-QLY+x}ms8hqY5_?`%J8yiOUUX#`m zdruy$36BOEdQ>Gae0uVi3}KOh*pa|OV1d8ygbX5Q|IfahVs7sgW1_hRRuh{q;+?ERwn( zn}|eup+-?gEm+Tm?O(C}0(Y5d+S52*2V#fRG7~4_$JFg(}ca+vq zN?>*9jz&;ixxpTGtMIVlj@5iC{8nr8O9qZ_lFPF)0^@FGe79fU9U_=Ng&ye|y$*eS z5qyj<_w7gYH2dikMVt=p5JO#k=57KMaN2KvCx!kPZhQUIwsSTZ;ZGm& z9$HjNykjIXK6HMsz)dN4NxdJ1w-}e*Y(^3luW=$xelO-l)yxJ+K-GNgg`yzpOPQe5 znmlLi4`pp6DCbwyL-^jap9=fLm0cWaieg_psMU~#d z^v7$`7A8;IGxar1RQ);jd@bcR>~_zEL?+RxS7%%s^tbB3_al7D{%eqbT^fL{MF*AeSJ??4 zm|o|Se~JjuAKgAi5a4_LwO910ip`Z-w+|mV7^i#~bXg-cNMrIhheK-PnD1O9f_1d<-_{jL-KJsi0cK;q(I{|z7 zhxpDwSXE(Dzlx&V%WmDoMv6P+ecj6H$r6?2lHc#9NV7OH{@yEK_y=&W1l7;mK|1k} zFOy1XZ@g8bDc0O{dLa>4X09ShmkiCr2J$D|p+!HQp3fu`xUt;+u#O_jH)#}(aoa&8 z?NOyO)wmy!@1LJ5h*%xs#HxAD1`FhJkHizVI^$5qJh1V#4|q;hBYfWLQ9D0 z%R5|y(>1{icn@Z#MCG46bzn7Q$3_S8z2#Z=@rteT^?LQ4LdQ>zt1+7hg?#s-c|173 z>}laz19|=P)SCxsg$B|u&&`+!^Ox?eE9(!NVmG5kvU=K9WVix(t)$+Q5Lu#|)A`1NoUdWC1kxuCd*>E8+|N+n^X6`N9t!m>#_vd1ZcT zdh`~^zp>n9ISpvl`fA15`RIywpor~bM4maxPjW5}p06VtPC%Y@U`MlFRJb6PV{Xs6 z%-sJ#^v6o;Pa>$N@!=+En4%1jPdxvGZ#Tm$5id@GYs>TD#U$1;GZXVtqnN^Enp^3y zGLR>PReqk>y;KE@cpL}i2W76l31UxyJs$KJXE-8{uzd>TDO81VjHCxjG1{gi)X?~7 z#U_Lv*o>!sYryBaRsKF17s#_enYbgxmHhLrS*KDj9y6w6?uwEh>`LaG+aVET_e2QD zbGanhM3kPnYtTKTq^lsHacR&S;NdF2^`dO5gwE z7bg#4cVAbX$1WuHUTzfAf_W7^D`HvL;ecbB@LRv3lf#F*47R;g9BXWbOF-WB zFcCJ%s1TrCbpJuc?Tm{dLV9n46B66)wfWAGOG{56AM!zDy#5qZdORni_if}@wt?iB z*cKtaK8*dnu7IAI4UmtSkvI67)^HME^E?&D-omDG#xKe_;eLu0g&RY^fouzqkAGYk zJ@E;f8l%D;I>NHAu{R}psP42CbzU`t-x(xN4dknLsv#Q8#O`}(&$(=fg!Uli;Wl7l zUdGIC0$Anm3=4pKAJ(f%InS!O56RCN8=5H3<5COmbI@%Uled_}@J97q0Qmum?y|al zwqRFr&B_9K*}gMu*B3cb2WHX!ha8eXMmJp95zVAit7R9ooeOV z-g!&oeXIWDGd{mB#yc6Y-Tv>Qv^hXt=tB?7<6|YWG+vG-?=>QnEr}1ML6(YT=qJN< zNa&QvK%VC$6}K>Fj<~Q}cJm_I%9`bB)Zb6)^#(ETqj=Un90a{3oHiRNO0Pa56W==B zt=6yElCx*QroVIHddl!u|uP&Se`QcrDRP;kR6ui}) zMQwgGW&ZL^bEAX_)C|se9U%X51D%hc(?KsHgEs{u?{=d@F%)CXG>NA6E*sm}wu=Ig z&!e>5)1&B3t>^lRZH-YUQ)*N|*Ql5CUFq?QFMVU?-9Y}ML5(h^4EkD}<@s_r0XTn* z*!w;kL$U!utx=D`CNYAZe5lDqa}qNWYz)@|E4D|41hgZ4!)+N{$rx+bXB>k#0_{VO zy7H;Qkf$EBxN&8knVLSKb)OpgtQCfjcz|q5_1g~6Dz6y7@wuo@0a9y zM^BLA+-!t1qVVewLVVuwg%Yeu9!}7fh2F>E*L_~&{S40`zAtPTOhe`2c-8>4-$wJ+ zNecfYT1uyHiM5knu4x-E_n=3_!VBL{KXr1dJfQ)bMFV-{O$Phd z2UZ{nx)Pn;j(Lf?l0)6Bz2r0tfogquuCGl%-udTG93zli?88)L!l|;#!qH;-sHj!6 zycqNm{oAvxwLm@xsakp3PjWDHLHy9Iq3NPMe_Z7&^9v9+^rA>`{&{ounAJx&*c zh9OIJN*$KuZP^DfBD3Mw7?o$Qw)7DEX zH~@Lu{rfzF9n{uC;?W;dKJOE!l4W(u*7po@J{nZWD$JJ#@~cV^LmhHgd9m0;_m`Y2 zR4OYwTonvAFFBt=@=i=K-vIefJvhSk!MjoLX6%^3Xw-StI@>ZGUyb5-Lba}779DnnI3WMYmW~X<@R`=;OsTzgtbYU9 zg@Y=t->lKZh4Z{zzTp_iFN}(=bm6bp)}cmDx#j7P@j#JTd>ZRUD{4I)>sOmLQH_XaMG9W8!Ul^Pm~{};BeeDT~Xdz z83HS=r&aaG^~s7N#G8T^k}tkv_Mrw|MM=)fcL6!<;j^<=sC>JgtwrI~9veXW!DTOo zJ#X&NRXqE!Xu54j)Af0u4bmG+np8$=qg&eK0^}cS9W0Q2(;VL@-DZWfOKp;iP7$0c zj6U0P)9fuaNXG&4dByLL?@f!pzLG*}4TzW4V#;9;Fm-Fda=r>;o^c{Xh=(b+t~bY* z!zWz1bhj>a_uV8FDUQ_NjFlnZ8|$Opun*rBh?aGsnEt+F%hKX6Ig(vE zwLmvYWTxqdkRO9o`IRkg+nCDq6(YH5D-Zzfqns+Trp82d zTzx<>#ldn!e z_>zrP2>kb$a)R(1ad__EvY!P+?!pWl6-d<26JlF~O1ayTlz=?8=Vu%mm(RshM;^DG z8q@~s#RCoO`FXKgdL7i}J>5)!Jg&xUBCIckNWsgbEFwh8f#YYceet22*5`U8B2u2U zXF#5ys4(k|26*5(`6wl!T?!kQf<_jQC-nx`a})hkxVMem$V8hl z#t!3~vOh@yf2Bb#=1#@KK;RQr5?l@QCRU1N#tE(h!y|I*8F}%#lpx9ktR_y+a)CTm zViH-|wEG4LOPSBDR}ZK+b(X5Nf3W{>yX<0(Aew0g@-(sf-IvYpV|hpSY0WZ(&-mu? zk0{penbhftvgb#YA?#l|ilm5xCDX%2P>5_ReswTkL)(uzl)lMdp5E>1rt9d-%mCWwoOm1` z>~ibv){5*+G25A4@O;O-a(i>&jgQ@$7 zG7*WTPHMCloNu;(`nkHv-D~*~^hadt(+*!ee|K`ijX}FGo2Vz`l5bBZur!nlknK{` z+zo*Khzs5M(p+Hpu0YbJ&B`xKR7{#-&7@ssVQWZ0GLVx6q5hP>9&j>fs!c6l!vU4P z0tsKyfb|GMKN)aK(R7#{wR z4dq`vW0l0hY?S1ViQGoW*Y|BYnQ&*j^BuxG21v&0maJj|_1$5edT&f%o+cGG2=#;9 z6_sV3MB@eOo-YXrWK-k45f?WFfl2i-nOM(xKTjRdAHB^a;UA-#jIX@LY9QbCqN25} zn6x|&u>3-1PqL=c(t*5w;txhwhC!#qyHs8bCRP~2>rFicwdosrvY-;&+0W7zRrwy?at_A ztHRVvt($8n=b{MprzIVxUOlDkU5>ogxxdC6=9$c+c;XS<4+BTO_y|GJH|ysl`FlM#1XZ3&nFuj&?kSqwkm&z3 zrcxPo;tfJM{0g*h>ppo(&H74nTYLY?!25Zqjr5a@;F}Mw7&uacc?aSV^v$X5GyE5> zBXGaf2YQ@el+dfJt;R-?khIazjxNZ_rKke!JAHo3qqo#MI#B%5g}gP%(`3F+8XVgIa~?`Gmr-NxP(>d}t^@l8i_YE%Guw;ouC|4wpd zMrJzIK($9aDJ|O6&P1b0qT~zfVfu~`An!wAMaU3UR$u2nU3RjYI>%z=s*4r)gx^n} z_JNXsC&IkKCp5Hpkhd*zvQxuGY*0LTiLBz0#)7LZbG5gvQ~WK2{>Z0(?{&q{JeD~9 zDn$@Sb^VvzTSY?3ilfevTSr=H5QO?FP+{~X7LN$EUmbPIuuk)!%$LF@V+fssDP^L$ zi#ifB(EpIiR{3|g94F48Sr?=RD*K7-Gniaoi?DIB)gxFY_z?D2w2F_=-2|S@(Imqy z53VEdY@zj&V*|OkLk@O_7vUg;d3YR(!YroV&5h>_-6WRsw|FpkGUjX#6ZMmztOxz{ z2MG0We98>2-3Wp5=kbHa;Zle*%9gF8& z3xUs|Ce7%4Y%~xiRM{7Axzqfk;?hfHWQ$v*-23&=gguZ?b@BP`Z;_rJC%pYM%S7Kg zAR>z6bZGcpv`uk(o8Pf0kWXJ%PgS1^df)rt>M^TMG;s_a^@e`7hOU1T2d+LG@s%IoufpV15EtL_G1JR1juLCsCmsg zoXnJEbiOi^$}UhrU5=IS-H-Q5!465d5=58}JY~uo0n?Zb3I)9Ld}6tL;Ba@HUhmQ! z)!E@qENPx6HPC*}_r@rRBG$UeCOjY7)v$&ri#TQJ&USlr+27zB|g_XK=5Nbp+b464{9El2grC zG2oulaan_xx6%hK7cF*sGS3Cs94Nr2d+on;}6gLElxt9+3$*HyE z*Q{3&<}I(@5Z&3H(<7Yv=~+YF?ZU?TCAj|d^0e>;i7|3U`FKCj{|;%BvoV(EZ2s}} z7s2jwM&270N6BXn{$4-s*~K;8MDVBM%vxmQvr6Zjt@CXcS`?Tv%6Z_JO=-XNUg|hj zpA3S&_1w=e=uQnFJ#I8}D?fQz6AN>8duZE+mn3N1DMeu)1N5g?-RNkSu!N>^onp`- z_AQoBKJ@L8s%LW%y6GDAKsG{s(#J_Oh&y2#cXXa~c}No_!B7?ISQ@j$(dL`hjdKz; z4YWUyV^z{Dv`$rEBc&NYfo4xRF3Jp>bmmLENj3OpjS*qKI>LuURI`KU(N_}n(z&%* zGMyZAYw}0XLRq(<+mO01!u)FV@vd_V14n1HpW%2wOvmmDM&3=Q18kqPq!BW?uV2D| z{!EY*N_UTOiN@^&xDcX5j*py&qA|67f768PTXnQ0$pYl(vWVU~%EwQiw`I7*2 zJ-_)SE>DAU==9-LL?X&0W{O?q;ZQo}x0+|t4nOWA%tMxtpVx;*maj|?XtH2FZLC;H zA3A=SKDgf2o3=<|=Y0yazm!xNUamHVdmgOw%D>}BC24d2zI(<`jv<3E*<7vyg!*S$ zqbX{)b*}_`e-PjP6fGf*kptC2ueq|Xw}y3-8s&{#vSYNqDa$?{?Cb>E-wcP5 z1o}SV99Anl=E>OQnVf$Hd$?&qI#3{fAu@I{1mr(o#fA4^wyGF81l>QG!K9Fz^=*Cc zZM&)PM(!$`&KjYA-w!RZRrsa3Ej<)lXu$RE*7Tl8vPh>P#9N|Id##?Yug$+f5L$F>BuqS#*uPP zxjy8&x@87u|z60xyjCl$5Qnl}~rnUEo#6~q>Giwx*04u^8%qzqauKwcXY^pVe`yI1@e b^3v$IYcqE0MuT@t#Y*|a*OA^l?S%gW_`RYA diff --git a/vendor/github.com/google/go-tpm-tools/server/secure-boot/dbxupdate_x64-2021-04-29.bin b/vendor/github.com/google/go-tpm-tools/server/secure-boot/dbxupdate_x64-2021-04-29.bin deleted file mode 100644 index 7c282d1c1ddb1b0010c2a2a453d196baf2e9fd0b..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 13501 zcmd6sbyOVBm-ZRlT@qY_!=MQoG`K^6;O-3W?h**@1h?P>cZc8>APEWX7BmE1^3(73 z?7sWQd-j~=a2Trl(@)>7zV+0tny*N3hzF#r4kVLbi^dxDugQ!Tq}c_b56#_jw3 zwOI)`2z?V41meH~V<4g!hDn3W;NW3F2rytYL=>hl>9AiIAS6(35b6~;2mu)!1otx+ z4i*Fpi^ugSM-yG?|8%ddh3IcLq4}fmk4r#kj|zbS9B5z^L^ut2L_AmxH4Z#5&YuP{ z9;&91v!#{2g$u-<0~?I_=O7XulB$`h9mL+0gB(oy=Ljkufr6EZ6T}%}?m{UJadLn- z8M#mkON#0!Tp(f%#B$NkEM&&1F*FtoO{6LK^c==CYT`5W&l z_DVd1mPks26v`SUS8W~hhYiP&DvMHKb7X-nhNh7ucW3{f%V#K~H)jhuH6cy!7==nq z9R|!pve-?=1ng96>Z7AVq#}ej@52;}y=J1&khd#|8eeKlHjFA6mn*m5jl(l-8_eDl zVH_O^UJrKAzVy$IOjkvJ5%!Vd`(x|0awwW%Sa^lVp zOx^V5EuSo6+vHJNTkNrt{z0apVC6rjao}aZQiYOWaSlc>{hxP)hDZ7DcckQC_V*-n zrc`z{b8>-Ds#=*qI0*lCLwE!{3{FlyK3)!HZeA`hm* za}4jS^pU4#qmf8bQFE{k(ouTtice0bB;Qg*PLrR^q;27H+kNXCkwM?LZJ4E4XgYrA zFMGQ;Uu8ye|Em|T$w))s1KFJ z-VdI4$r$PXSjx2T95YUpx@Z(0W_iO?LH>*K#g*sxc57eKb2{y=cM>Qj*$m#|rwg#! zyjgo#>T4{dZlMhcu``$r%pk(EbmWQf%wyOx^euKVGv`My+~aR*2u(+QWXMm z`QwR?&dAHj%?ak_;N<(`iM)Sr^89K3U$E`}$qoB=8lt)?HJ{Zy>)YGD(e#pl)kDJg zD!b{zv{i$3V7GtZ-?IM3gwqFyNC|Ttt>gtkV(j3>N=R)+Cd>9kQ~W&2>RLB^X$6>c zS^5l7Im5I>#eXgR0G}Yr@`zp3%9Te)i4uBid-VgP7Cky*}9+aU5JUzXquU+odh|$o&g0_K7*`l$7;zZUM?-xa`dILPWWvB$|MCF@Fx;aZ{3pYcG*=a0_0z)X znpb>Jqk$~IPiKWr{wpIsCN1 z0Ac>y;FQ&bv>a#CzTOP@qWhw`)dQ)3`9AX-_v?^@pphz3I)^Nq-TOGKg%pa-?Iemi zCiED&2L?uL?_Uc(MbmCA2*aL-SaAtiz4yxyKU*yCxgN>y+$t%2SeyE<7oQ-coFf&B zeav;gLwMl+6+VSMLE(xoYS}Rc@WUZ@F>LL8 zjoVv&D;wkVA;(E#$BfZ&uS5j`Nh}tBi))*WVzl4EBq*J`3Y3)5-YScVc&@N2p<2_s z*{dF=Sb0}t{R&5zlI*Qi!w;mm0mFZI&TI5l){2CC(eiK}cG5NpeRk58+Ox9uXFFW} zE5ovWq+Y6^le^O$Pfo+G#flJ#6a-=F z4s|~;c(8nGxSd*44F!IB?&sH$>g5wQhY#$MTsEZAL0;sn$6rTzruA82HWiRkBBWl8 z;8(#c^q+O(W4qdL=aMv}8=mRb3}`Cy&Txiwz2^u5^*;`??#Ch-9GLchz#aeF+WW87 z`(H}&$669T2n6FxG?EBMf`cpi@>+aI=u#E*wTSedHo z`%`cBx$`^JXN3Jd^2!M!6=kBoc@xDMD(L?I36*>$V&bQxr$OY7Y zvEt~$fW3<^CVx7uL{_M}WmhNiw$xBTlp?__2NlR)um=}hXWh&vU^y|+e%pYPiEV-&dCL3Zu|8SF=ycE_mYNyb8Gqo6qww zlGBCt=b;+9Igr=7Ng_T@&es6F2>i&b9iw|_%VY9=+RTtxa{0Y&=zKdy zI}9)N&!&O=l*s|ZrC+Psi79KB?*rFh0n_)e97DW&LN*r8lhI8(AkR3suUaq2pBK%t zcxYd0=yNQ1z1n(@W9F)Rx`iJiD*@!=ZniP4=D9>-go)5CIltA-psdi-(Jwa&$;>1> z6`#ukd2C3<-sHiZB3QuXJRmn9ZEY%mIS~>&}ho`O$R52aA!~W<`_` zxXFbk`HU?llCBys*=WkXCZGd(=Jd&DVr&WbyaruzeHiq}w(nQvydVz}H|#cXAggpf zAkXFyZxL4f%UOk@j`0JATKqBY(&3?m=U(ZZ*$BthkZ5h#?Iy&FO_8<3ClXun`I#H zcp3+pp_cJeFL-5KPMdl=j7{l|b%AHOyZ)tX^v=W;$OnBBn5e%*7N5vY?VAoC&(szj z7uvzb)PgX7ef?b1zyioe%}Z;aBsW~dRDVc9vo^A*nD>gXfA=cUl*ox{KwGi}$j8Ly zM^0{|k|LEmn~gFYsT|GdR*tje zelF^?tLG?XpWoyG`F@m+3Mtph#cv58s2iG|+`LW7d&NSrTS(ZV7sVCPdkf?TiF!(F zkC*~U85&ASae#?zDdNSa zS{TG9ut1*kA_+Y|dl5IkM{?^n($t*cVa&%%Y-AIc%QuFx9}UWHvF8j%3sS1i2!wYo z5301PcciQtP${3?I$l!wPRg{h1NG&?EQ{vM+P^=RgE6-cV(?0%Q&kh3w+=X^!tsVX zIVeCr@@)EYBeaiu93dMed42q@8^N(QBuzcUOJYewdTr?j$bUNEfk!;G*T{INhr?Lg z|Dn!ax)cOXW&L%AswvDKtY`*N-Qw;bmeP-*u1y z@;OgT4mFATlIqz`P|cBQC5mk}hf6K+z{p=q%>;dxMwX0tvOCYYlHMv;{#RBJ! z~b}zxOiRlmd1STVKvHjHm)Ndo3 zwo`*aHi6L4z?GCjgdS3ILLvydHRW)77sBs9y#(^;D^xI-K7LmQiif=KV7nX=UZ4un zjKtshKNZJFszHAW$;(r04bZoNGaZoKoEW##F>5rKxvP^j^^IJfova)Z^S zxQKVp_zst7gAom1_q{G}asi3hal=I+Q2*4uS}AiWK58eYK)2_kB6pfRd{wF$CyQW> zjHUvwGSqyE(JSw|Pkj8k<%GZGhvC{mUcU+q_gY-rN83wO^-LP5`8rrD@U%#i)j_*q z*hKk>21CNGq%j1?;L`|F#jlPXO{jQUmoGMc-k0Dwke1$1Z}h*QS|_JMzhEU(a`~=& zGR4;pjK5#CJjBp>`OO5~Sh0eQ7s?kza1^oGzN*N2|NcnX7}WfJ5+*#{bpA4_68{D* zTGmR&>#f;AJCnvrn;51$^V_9(puYE~QFW6EED%KlvVL=``*g)jaQ{nLO+&#Ryi=C_ z0Z$;m1H-4+i3zV6xC5i&QQvxzulduSAfBq&N87-9jSle+$dlGDjhqhSPL|Xs#^O2N zGpEF3Z6HxWzNj-;u-f`L69ReR3Hs5G2NEyFHfdVu`+piN>1y*oH~*FdzB)d*{C{fAJl)KdjaH^ z#spWpF*j;z;lpR0a<8Q>dLfzx+MV9?0p$3K6|Mb19#-?g5sQg%Bl4q5Vz(Q7$#|I& z<6`NZ2_HO%9+2mc|M`29!9PD;-Zv4Ag;;-8erI(UEW43hIqNzXRWQnnvOj+I%VrK;STKd>K5%U<2qksd1nLKt)_rm%-lr%p`SwG9*NUur?}&+` zFB(6-6yM@?agzg(k5xNfBDhkW*eu><O_sE7VRw1M=ytJQ*cL zzanQWTjX(Cq~F+(ZiyS$9M(&ajy>_=GxY}YIfb8LU(N}SJcz-x`o)N=(PcCH={q%` z*gpi&&)Z=`z28}I+|HLyF@XDW1#8!|z5R%c*r~FzD^;2O zE~L@=aqRPClcn3B&40+kZ7Z83jR_y9kK9Hbxw}iEK>6^Jz*xn)#xFIK#rAlu++lFJ z=V?w%5s*h=_$dtrLe3LV|S|~Ar_23^G_P(B)3!__(LmrD!&#vS>kSB?YCn%kB-o#@l^`Pl6Cf(9l zu2R2dzIM9nW(>obZwB&Y(ONxs&0nLr#*WAhQu%*zf5AK>T7Rimt0~Bw8&L{1ekq9J z!;Y8rPk(@dBwI170=dJ&K&==&4?<~XJ!(FOi9mgN^pLvjuoDy98tV@m`_0Q&KYWof zf^;JI9*E586(6L4JmXlQx?%x%o*;fG#7Y-G%LX2Xy24v0a&&6 zligpa5w*+aU9)kednR`!eRs**-9ypYpOy;LXPu0V33Q;D-dU9-7P6c_0DtNHBH!NZ z|MYv$7>KZf7|3%FGY#k{cV~h>jwQAvym${%iw0%k2P(pcu#B-LQ_vgP>}(iwWpm9+vH zt=d7l_o2Xec-dyjC~H^X5*Tnf${?tylRsdMBGtB%KOM8xwD!3wL-Af5o52wrl`KfF zq#~?smrsedYFp#c9zvJA!mBd%(}4VQvjwYeo!`-7-aI&Q0#wg;3Ns<0*{CPlht^>p z*2UaF{)L^D?lP;S+X~6Z*u}On zuHs1{1pkjiYj``UoyTGt*GEwG75}!aqun zl>Z3qZ0~c&@bo0SdpcwlViA!}C^~&PiJ~H(2Wyq60pYud5+DyGd z1ck(@*7e#YmUf1pi~6%NK-GsLsDpOeO*Khn>u8|j4iNtX8CVl5cw3uYjI7h(y!9PW zUoI}-$>V$Fp8oeH;S@Hh3`Vm*RL$P z=+GB>a&1Cf2JyygmrbMmwVWYcnp1iZSG{tJbD+M|1BpqkNaHR1p(h?5$Ck=h9X56% zEWN680-@fU0nS<=uelY^e?6v3-QhM~&2e=Y5vguUr{;2u;uW-TkujT`0_3&guBjcV zhV0@F-5+anUJ@slpMZmnP32tw6|CKSk;^-m;u zS>guM(B!cD8yVJwI%yksZE>U4mufy&0OL2S+a7!J1+I@{8Ao;5c?9DV=S&V!x=Y{y z1RP%Xode3>%s=4e9`-(cp^zn}$49?)D698WWMF$-p(5hK9RzoJ0@Sy3p1CAt>`>iR zKYGx1{}5~;o}L;=Z2UmQk`%}_7z5>Rc5Qnz!f(USuj>6>Zf=Vx71r0HBk=Ir$jHZ* zq@)rRf%iePe@#9~}r=<6RAQR}LsdmBC4DZ`!4P`a}SEhdfEt(@H)Kt4h@S z+AlqHoQk`s2YkI+5g_ilNLH0{An()*3G&%bNJ~viAsMW4iNPmFnBAXj)Qc0XGyg={ z83g1#h)l7mB1-FPo##p~4w4obOdVgN_^0!DX^|VtJ$HrLPw)s1E*#=&3!mvyu@D*( zPFN-=_f=VPd`(~FZfO@o1GRqfs6QMjAO3tulpP zs|GY)(9Y%c-F}*qo`kBe;!G}X1~$DKf7m8P;2Tn|I@P*;F4vqJ&cQOoB)Vr^13quO znRVf@jKB-p+@@!o(i>~@nnlCXF%jsEIv{5h&Kor-K9v+dwJTO2st-VM?3Vxgd~F*-%bW zo(=fgXZ#S$s1b=9MM1i$6*_|v+3THOHiZI}KdHeDM-mCUJMn`WC+7h?$=Q{Xf|$nq zKkvOyyNf(R*Ma(}MZ_o)62=&3Zx;tuSSsQ&T<^raRySrC83WvmXab?~A+>a%6=$B} zxJ}O*;j1D+s}yVh;JA#_Eis(lIu$qj22ekpfpY8Mt?1V(xy5qniy+Hg@nVNr-J-RQ zabX|%q+BN`UOlfYTVtm-vYcc@R4)E9m*^>ltw^a2MEK0|dl(D{kk71Ea$B&um@iH3 z>M#(?%u|40iI(m=ig8Os4SM(R0%|>;MVB)QCNmh~^ZV?YZnAQ0!@EJLdFKpoZ!;B* zpW{jj)X$z-YGT)SA*4UuUE!|{g)0ydyexw+^ep^_@Wqc>xeUm^pM8nd{sgU?^C~VY zzrURO$zdPAWDy1(RY60zb-^ABkT3k=(bV6Or_S>k`Km>mt+%N126xZ965pEVpaGm@ z3bj93Mmsw)|5dDsFEb@KIT!NevbMaa*}3NPS?&>)bA7ZeP`^@OGqPJsG4+Q|T^E;{ zjC7MtGo0Jr}LM&z~-Jp*P^98tphn6L>}(Of83&Y!2B?20;OL9%CCA~ zrE2#i`Qe{88aS0*e5{U!*gJV!wqeA-(Crcc2g^iN8A~ix8oz47M$fT4rhUOzuIuh?oQF4`!Pd zHS=wdmKba7uhs@Y>#}ShZO|4Ty?Prd1!{Ai!W4QDeMSQexEfh^5MBbUX z4p=JfdEqpy>qw5@c^+)cYWnH^D6&OZ4|l^x$G2a!s(}Jl&eRz#OnF5Llq45G{jWTRcj%lA z^1*Yb4`Fd|GsuZn6{o`~$XC@R;x^Z>p!O@4VL#LdhnKC+4XQFAXEm0urVO8dOc~l} z>r4KDXXSng)L)LT2rW|@N52Ww=q0L zUkzbeUn0Cqre=XR(roVUY3ZFDGiwJqoAX&}{f%tDLVyb2O zsV`FSLiy)^Y=_={iKwC z&Y60^IrF6i;=N^rKbR+cD=>aB4CMD7-iG!fw<_q^1iZSKM<$Y5@NE6+Zn-5hCH0U= zVGgw(KMF1~moY*qQL-M~z+Q%FW6Y0Rfh8cU5{RNdS!w98O5B@z-}_O$jeVYWciC_ zqiYV@zMQSg@8)gXWej4Hfc$x^-J)Y`vVdW}5=&<>YBJT2DvNJ)VmiM36M`zfU!eB? zhY<_~m2zLW+l!r=48qrEr-Z;!uO_g*Ml7poYv{U%0QD&dk={HLCqVg{WY2Dm8&mrPc!E)saEpx%GPbgwHuX>YR6PMbAEM zaBnGJEt@cTiS%< zDU$o;f(WlHAg{}G&)pH_wcjS5MMrjHEv5vs$y1?lN#2tx*?58($q(ey7b;X%*yRWV!YBI=%w!a7OUp~O?pwbC`C{Z!f0d43YRqy0*U5X!%OqDdqYY8Me0-ly zNO8AGq4sk+=8$bcIeITb)CRwByUu24nmM&TxEir=lDsN-qsCYZ)E`Zk6G4b;wC&Qk zHRsV7`8jto@yx|^N|J@fXhnZ@9BTh({wSs?Xx+B@MjqKMF`7V8MUE9lCWaDb6@AtQ8?0Sxn z_n`RW@Xp9WJTu=NC;T)GmftI9J-S+7l6PIcPNcTA!D;bJG@yM2G}k84>OT@&(c;97zv0b(%Pnt?NqYwC-@J{eRLeZj^Q=G&1e9>?eJSd^|+n1sq{6Az9!xXHu9d|`$g0)9K;uS^*U1!B4Qha{bm<`lV z*FIE4*pzO_p-Mz9)G*l#ZKIYa{$h84nbN&YaXTIev{sJ3QHCOQ?zVrTuMqNDk!xP zAC6q!v}iGH6a~r;bs|qb(DLL8J^4}xH|<}4Q+RcOWP9?vdHzfDGiqucsPF4x{N?SV@md!2= zQ`XPV3%R{Q-e$YE!9B&se9pybyRx*WU7M9y&U59h&4t3Db$jeGm{>C#gBiU)<~^v^ZF4K_5G;rHw( zC^xS#*<%ZSu*R|ZY2OFr@+)10k znSZhFYrU=Al|@+{kxcsfwkM8h+;jSOGssru&>x2xg5S#a_v}t(VrFDuTx@AzZXn3U znb79J*!IJTk&%UknTbWfKol6fvZ^e620UzB+H8z0j7{cT%!~%yAYp!x8ukX{zy-!D zFmM?e!ljoa_-MZTRGS?$`SzKd`4aY-9_fYorKiu-@ArN3 zqSLlc(5cvFZ^xWTOOrC}H9&a(<` z`SMxw=k3|Sm-gzf%_>!MP1&_eV_JLP_79cezpD6byeuZ|`84&@bBzn%Z_JR2vz)gz zwPEk)TSE2$W$BvpFLHCqwNH;Jy8W54#Op5muCkX|f9@*Xc4NA}p6lpa(LMayD{uGi Vug_n*X!}uLFZay{!zOGK2LKf_J{bT2 diff --git a/vendor/github.com/google/go-tpm-tools/server/verify.go b/vendor/github.com/google/go-tpm-tools/server/verify.go deleted file mode 100644 index 050638f6c..000000000 --- a/vendor/github.com/google/go-tpm-tools/server/verify.go +++ /dev/null @@ -1,214 +0,0 @@ -package server - -import ( - "crypto" - "errors" - "fmt" - - // Rather than crypto/x509 as ct allows disabling critical extension checks. - "github.com/google/certificate-transparency-go/x509" - "github.com/google/go-tpm-tools/internal" - pb "github.com/google/go-tpm-tools/proto/attest" - tpmpb "github.com/google/go-tpm-tools/proto/tpm" - "github.com/google/go-tpm/tpm2" - "google.golang.org/protobuf/proto" -) - -// The hash algorithms we support, in their preferred order of use. -var supportedHashAlgs = []tpm2.Algorithm{ - tpm2.AlgSHA512, tpm2.AlgSHA384, tpm2.AlgSHA256, tpm2.AlgSHA1, -} - -// VerifyOpts allows for customizing the functionality of VerifyAttestation. -type VerifyOpts struct { - // The nonce used when calling client.Attest - Nonce []byte - // Trusted public keys that can be used to directly verify the key used for - // attestation. This option should be used if you already know the AK, as - // it provides the highest level of assurance. - TrustedAKs []crypto.PublicKey - // Allow attestations to be verified using SHA-1. This defaults to false - // because SHA-1 is a weak hash algorithm with known collision attacks. - // However, setting this to true may be necessary if the client only - // supports the legacy event log format. This is the case on older Linux - // distributions (such as Debian 10). - AllowSHA1 bool - // A collection of trusted root CAs that are used to sign AK certificates. - // The TrustedAKs are used first, followed by TrustRootCerts and - // IntermediateCerts. - // Adding a specific TPM manufacturer's root and intermediate CAs means all - // TPMs signed by that CA will be trusted. - TrustedRootCerts *x509.CertPool - IntermediateCerts *x509.CertPool -} - -// VerifyAttestation performs the following checks on an Attestation: -// - the AK used to generate the attestation is trusted (based on VerifyOpts) -// - the provided signature is generated by the trusted AK public key -// - the signature signs the provided quote data -// - the quote data starts with TPM_GENERATED_VALUE -// - the quote data is a valid TPMS_QUOTE_INFO -// - the quote data was taken over the provided PCRs -// - the provided PCR values match the quote data internal digest -// - the provided opts.Nonce matches that in the quote data -// - the provided eventlog matches the provided PCR values -// -// After this, the eventlog is parsed and the corresponding MachineState is -// returned. This design prevents unverified MachineStates from being used. -func VerifyAttestation(attestation *pb.Attestation, opts VerifyOpts) (*pb.MachineState, error) { - // Verify the AK - akPubArea, err := tpm2.DecodePublic(attestation.GetAkPub()) - if err != nil { - return nil, fmt.Errorf("failed to decode AK public area: %w", err) - } - akPubKey, err := akPubArea.Key() - if err != nil { - return nil, fmt.Errorf("failed to get AK public key: %w", err) - } - if err := checkAKTrusted(akPubKey, attestation.GetAkCert(), opts); err != nil { - return nil, fmt.Errorf("failed to validate AK: %w", err) - } - - // Verify the signing hash algorithm - signHashAlg, err := internal.GetSigningHashAlg(akPubArea) - if err != nil { - return nil, fmt.Errorf("bad AK public area: %w", err) - } - if err = checkHashAlgSupported(signHashAlg, opts); err != nil { - return nil, fmt.Errorf("in AK public area: %w", err) - } - - // Attempt to replay the log against our PCRs in order of hash preference - var lastErr error - for _, quote := range supportedQuotes(attestation.GetQuotes()) { - // Verify the Quote - if err = internal.VerifyQuote(quote, akPubKey, opts.Nonce); err != nil { - lastErr = fmt.Errorf("failed to verify quote: %w", err) - continue - } - - // Parse event logs and replay the events against the provided PCRs - pcrs := quote.GetPcrs() - state, err := parsePCClientEventLog(attestation.GetEventLog(), pcrs) - if err != nil { - lastErr = fmt.Errorf("failed to validate the PCClient event log: %w", err) - continue - } - - celState, err := parseCanonicalEventLog(attestation.GetCanonicalEventLog(), pcrs) - if err != nil { - lastErr = fmt.Errorf("failed to validate the Canonical event log: %w", err) - continue - } - - proto.Merge(celState, state) - - // Verify the PCR hash algorithm. We have this check here (instead of at - // the start of the loop) so that the user gets a "SHA-1 not supported" - // error only if allowing SHA-1 support would actually allow the log - // to be verified. This makes debugging failed verifications easier. - pcrHashAlg := tpm2.Algorithm(pcrs.GetHash()) - if err = checkHashAlgSupported(pcrHashAlg, opts); err != nil { - lastErr = fmt.Errorf("when verifying PCRs: %w", err) - continue - } - - return celState, nil - } - - if lastErr != nil { - return nil, lastErr - } - return nil, fmt.Errorf("attestation does not contain a supported quote") -} - -func pubKeysEqual(k1 crypto.PublicKey, k2 crypto.PublicKey) bool { - // Common interface for all the standard public key types, see: - // https://pkg.go.dev/crypto@go1.18beta1#PublicKey - type publicKey interface { - Equal(crypto.PublicKey) bool - } - if key, ok := k1.(publicKey); ok { - return key.Equal(k2) - } - return false -} - -// Checks if the provided AK public key can be trusted -func checkAKTrusted(ak crypto.PublicKey, akCertBytes []byte, opts VerifyOpts) error { - checkPub := len(opts.TrustedAKs) > 0 - checkCert := opts.TrustedRootCerts != nil && len(opts.TrustedRootCerts.Subjects()) > 0 - if !checkPub && !checkCert { - return fmt.Errorf("no trust mechanism provided, either use TrustedAKs or TrustedRootCerts") - } - if checkPub && checkCert { - return fmt.Errorf("multiple trust mechanisms provided, only use one of TrustedAKs or TrustedRootCerts") - } - - // Check against known AKs - if checkPub { - for _, trusted := range opts.TrustedAKs { - if pubKeysEqual(ak, trusted) { - return nil - } - } - return fmt.Errorf("public key is not trusted") - } - - // Check if the AK Cert chains to a trusted root - if len(akCertBytes) == 0 { - return errors.New("no certificate provided in attestation") - } - akCert, err := x509.ParseCertificate(akCertBytes) - if err != nil { - return fmt.Errorf("failed to parse certificate: %w", err) - } - if !pubKeysEqual(ak, akCert.PublicKey) { - return fmt.Errorf("mismatch between public key and certificate") - } - - x509Opts := x509.VerifyOptions{ - Roots: opts.TrustedRootCerts, - Intermediates: opts.IntermediateCerts, - // x509 (both ct and crypto) marks the SAN extension unhandled if SAN - // does not parse any of DNSNames, EmailAddresses, IPAddresses, or URIs. - // https://cs.opensource.google/go/go/+/master:src/crypto/x509/parser.go;l=668-678 - DisableCriticalExtensionChecks: true, - // The default key usage (ExtKeyUsageServerAuth) is not appropriate for - // an Attestation Key: ExtKeyUsage of - // - https://oidref.com/2.23.133.8.1 - // - https://oidref.com/2.23.133.8.3 - // https://pkg.go.dev/crypto/x509#VerifyOptions - KeyUsages: []x509.ExtKeyUsage{x509.ExtKeyUsage(x509.ExtKeyUsageAny)}, - } - if _, err := akCert.Verify(x509Opts); err != nil { - return fmt.Errorf("failed to verify certificate against trusted roots: %v", err) - } - return nil -} - -func checkHashAlgSupported(hash tpm2.Algorithm, opts VerifyOpts) error { - if hash == tpm2.AlgSHA1 && !opts.AllowSHA1 { - return fmt.Errorf("SHA-1 is not allowed for verification (set VerifyOpts.AllowSHA1 to true to allow)") - } - for _, alg := range supportedHashAlgs { - if hash == alg { - return nil - } - } - return fmt.Errorf("unsupported hash algorithm: %v", hash) -} - -// Retrieve the supported quotes in order of hash preference -func supportedQuotes(quotes []*tpmpb.Quote) []*tpmpb.Quote { - out := make([]*tpmpb.Quote, 0, len(quotes)) - for _, alg := range supportedHashAlgs { - for _, quote := range quotes { - if tpm2.Algorithm(quote.GetPcrs().GetHash()) == alg { - out = append(out, quote) - break - } - } - } - return out -} diff --git a/vendor/github.com/google/go-tpm-tools/server/verify_test.go b/vendor/github.com/google/go-tpm-tools/server/verify_test.go deleted file mode 100644 index 6937a7169..000000000 --- a/vendor/github.com/google/go-tpm-tools/server/verify_test.go +++ /dev/null @@ -1,553 +0,0 @@ -package server - -import ( - "bytes" - "crypto" - "crypto/rand" - "crypto/rsa" - "crypto/sha256" - "fmt" - "io" - "strings" - "testing" - - "github.com/google/certificate-transparency-go/x509" - "github.com/google/go-cmp/cmp" - "github.com/google/go-tpm-tools/cel" - "github.com/google/go-tpm-tools/client" - "github.com/google/go-tpm-tools/internal" - "github.com/google/go-tpm-tools/internal/test" - attestpb "github.com/google/go-tpm-tools/proto/attest" - "github.com/google/go-tpm/tpm2" - "github.com/google/go-tpm/tpmutil" - "google.golang.org/protobuf/proto" - "google.golang.org/protobuf/testing/protocmp" -) - -func getDigestHash(input string) []byte { - inputDigestHash := sha256.New() - inputDigestHash.Write([]byte(input)) - return inputDigestHash.Sum(nil) -} - -func extendPCRsRandomly(rwc io.ReadWriteCloser, selpcr tpm2.PCRSelection) error { - var pcrExtendValue []byte - if selpcr.Hash == tpm2.AlgSHA256 { - pcrExtendValue = make([]byte, 32) - } else if selpcr.Hash == tpm2.AlgSHA1 { - pcrExtendValue = make([]byte, 20) - } - - for _, v := range selpcr.PCRs { - _, err := rand.Read(pcrExtendValue) - if err != nil { - return fmt.Errorf("random bytes read fail %v", err) - } - err = tpm2.PCRExtend(rwc, tpmutil.Handle(v), selpcr.Hash, pcrExtendValue, "") - if err != nil { - return fmt.Errorf("PCR extend fail %v", err) - } - } - return nil -} - -func TestVerifyHappyCases(t *testing.T) { - rwc := test.GetTPM(t) - defer client.CheckedClose(t, rwc) - - onePCR := []int{test.DebugPCR} - twoPCR := append(onePCR, test.ApplicationPCR) - dupePCR := append(twoPCR, twoPCR...) - - subtests := []struct { - name string - getKey func(io.ReadWriter) (*client.Key, error) - pcrHashAlgo tpm2.Algorithm - quotePCRList []int - extraData []byte - }{ - {"AK-RSA_SHA1_2PCRs_nonce", client.AttestationKeyRSA, tpm2.AlgSHA1, twoPCR, getDigestHash("test")}, - {"AK-RSA_SHA1_1PCR_nonce", client.AttestationKeyRSA, tpm2.AlgSHA1, onePCR, getDigestHash("t")}, - {"AK-RSA_SHA1_1PCR_no-nonce", client.AttestationKeyRSA, tpm2.AlgSHA1, onePCR, nil}, - {"AK-RSA_SHA256_2PCRs_nonce", client.AttestationKeyRSA, tpm2.AlgSHA256, twoPCR, getDigestHash("test")}, - {"AK-RSA_SHA256_2PCR_empty-nonce", client.AttestationKeyRSA, tpm2.AlgSHA256, twoPCR, []byte{}}, - {"AK-RSA_SHA256_dupePCrSel_nonce", client.AttestationKeyRSA, tpm2.AlgSHA256, dupePCR, getDigestHash("")}, - - {"AK-ECC_SHA1_2PCRs_nonce", client.AttestationKeyECC, tpm2.AlgSHA1, twoPCR, getDigestHash("test")}, - {"AK-ECC_SHA1_1PCR_nonce", client.AttestationKeyECC, tpm2.AlgSHA1, onePCR, getDigestHash("t")}, - {"AK-ECC_SHA1_1PCR_no-nonce", client.AttestationKeyECC, tpm2.AlgSHA1, onePCR, nil}, - {"AK-ECC_SHA256_2PCRs_nonce", client.AttestationKeyECC, tpm2.AlgSHA256, twoPCR, getDigestHash("test")}, - {"AK-ECC_SHA256_2PCR_empty-nonce", client.AttestationKeyECC, tpm2.AlgSHA256, twoPCR, []byte{}}, - {"AK-ECC_SHA256_dupePCrSel_nonce", client.AttestationKeyECC, tpm2.AlgSHA256, dupePCR, getDigestHash("")}, - } - for _, subtest := range subtests { - t.Run(subtest.name, func(t *testing.T) { - ak, err := subtest.getKey(rwc) - if err != nil { - t.Errorf("failed to generate AK: %v", err) - } - defer ak.Close() - - selpcr := tpm2.PCRSelection{ - Hash: subtest.pcrHashAlgo, - PCRs: subtest.quotePCRList, - } - err = extendPCRsRandomly(rwc, selpcr) - if err != nil { - t.Fatalf("failed to extend test PCRs: %v", err) - } - quote, err := ak.Quote(selpcr, subtest.extraData) - if err != nil { - t.Fatalf("failed to quote: %v", err) - } - err = internal.VerifyQuote(quote, ak.PublicKey(), subtest.extraData) - if err != nil { - t.Fatalf("failed to verify: %v", err) - } - }) - } -} - -func TestVerifyPCRChanged(t *testing.T) { - rwc := test.GetTPM(t) - defer client.CheckedClose(t, rwc) - - ak, err := client.AttestationKeyRSA(rwc) - if err != nil { - t.Errorf("failed to generate AK: %v", err) - } - defer ak.Close() - - selpcr := tpm2.PCRSelection{ - Hash: tpm2.AlgSHA256, - PCRs: []int{test.DebugPCR}, - } - err = extendPCRsRandomly(rwc, selpcr) - if err != nil { - t.Errorf("failed to extend test PCRs: %v", err) - } - nonce := getDigestHash("test") - quote, err := ak.Quote(selpcr, nonce) - if err != nil { - t.Error(err) - } - - // change the PCR value - err = extendPCRsRandomly(rwc, selpcr) - if err != nil { - t.Errorf("failed to extend test PCRs: %v", err) - } - - quote.Pcrs, err = client.ReadPCRs(rwc, selpcr) - if err != nil { - t.Errorf("failed to read PCRs: %v", err) - } - err = internal.VerifyQuote(quote, ak.PublicKey(), nonce) - if err == nil { - t.Errorf("Verify should fail as Verify read a modified PCR") - } -} - -func TestVerifyUsingDifferentPCR(t *testing.T) { - rwc := test.GetTPM(t) - defer client.CheckedClose(t, rwc) - - ak, err := client.AttestationKeyRSA(rwc) - if err != nil { - t.Errorf("failed to generate AK: %v", err) - } - defer ak.Close() - - err = extendPCRsRandomly(rwc, tpm2.PCRSelection{ - Hash: tpm2.AlgSHA256, - PCRs: []int{test.DebugPCR, test.ApplicationPCR}, - }) - if err != nil { - t.Errorf("failed to extend test PCRs: %v", err) - } - - nonce := getDigestHash("test") - quote, err := ak.Quote(tpm2.PCRSelection{ - Hash: tpm2.AlgSHA256, - PCRs: []int{test.DebugPCR}, - }, nonce) - if err != nil { - t.Error(err) - } - - quote.Pcrs, err = client.ReadPCRs(rwc, tpm2.PCRSelection{ - Hash: tpm2.AlgSHA256, - PCRs: []int{test.ApplicationPCR}, - }) - if err != nil { - t.Errorf("failed to read PCRs: %v", err) - } - err = internal.VerifyQuote(quote, ak.PublicKey(), nonce) - if err == nil { - t.Errorf("Verify should fail as Verify read a different PCR") - } -} - -func TestVerifyBasicAttestation(t *testing.T) { - rwc := test.GetTPM(t) - defer client.CheckedClose(t, rwc) - - ak, err := client.AttestationKeyRSA(rwc) - if err != nil { - t.Fatalf("failed to generate AK: %v", err) - } - defer ak.Close() - - nonce := []byte("super secret nonce") - attestation, err := ak.Attest(client.AttestOpts{Nonce: nonce}) - if err != nil { - t.Fatalf("failed to attest: %v", err) - } - - if _, err := VerifyAttestation(attestation, VerifyOpts{ - Nonce: nonce, - TrustedAKs: []crypto.PublicKey{ak.PublicKey()}, - }); err != nil { - t.Errorf("failed to verify: %v", err) - } - - if _, err := VerifyAttestation(attestation, VerifyOpts{ - Nonce: append(nonce, 0), - TrustedAKs: []crypto.PublicKey{ak.PublicKey()}, - }); err == nil { - t.Error("using the wrong nonce should make verification fail") - } - - if _, err := VerifyAttestation(attestation, VerifyOpts{ - Nonce: nonce, - }); err == nil { - t.Error("using no trusted AKs should make verification fail") - } - - priv, err := rsa.GenerateKey(rand.Reader, 2048) - if err != nil { - t.Fatal(err) - } - if _, err := VerifyAttestation(attestation, VerifyOpts{ - Nonce: nonce, - TrustedAKs: []crypto.PublicKey{priv.Public()}, - }); err == nil { - t.Error("using a random trusted AKs should make verification fail") - } -} - -func TestVerifySHA1Attestation(t *testing.T) { - rwc := test.GetTPM(t) - defer client.CheckedClose(t, rwc) - - ak, err := client.AttestationKeyRSA(rwc) - if err != nil { - t.Fatalf("failed to generate AK: %v", err) - } - defer ak.Close() - - nonce := []byte("super secret nonce") - attestation, err := ak.Attest(client.AttestOpts{Nonce: nonce}) - if err != nil { - t.Fatalf("failed to attest: %v", err) - } - - // We should get a SHA-256 state, even if we allow SHA-1 - opts := VerifyOpts{ - Nonce: nonce, - TrustedAKs: []crypto.PublicKey{ak.PublicKey()}, - AllowSHA1: true, - } - state, err := VerifyAttestation(attestation, opts) - if err != nil { - t.Errorf("failed to verify: %v", err) - } - h := tpm2.Algorithm(state.GetHash()) - if h != tpm2.AlgSHA256 { - t.Errorf("expected SHA-256 state, got: %v", h) - } - - // Now we mess up the SHA-256 state to force SHA-1 fallback - for _, quote := range attestation.GetQuotes() { - if tpm2.Algorithm(quote.GetPcrs().GetHash()) == tpm2.AlgSHA256 { - quote.Quote = nil - } - } - state, err = VerifyAttestation(attestation, opts) - if err != nil { - t.Errorf("failed to verify: %v", err) - } - h = tpm2.Algorithm(state.GetHash()) - if h != tpm2.AlgSHA1 { - t.Errorf("expected SHA-1 state, got: %v", h) - } - - // SHA-1 fallback can then be disabled - opts.AllowSHA1 = false - if _, err = VerifyAttestation(attestation, opts); err == nil { - t.Error("expected attestation to fail with only SHA-1") - } -} - -func TestVerifyAttestationWithCEL(t *testing.T) { - rwc := test.GetTPM(t) - defer client.CheckedClose(t, rwc) - - ak, err := client.AttestationKeyRSA(rwc) - if err != nil { - t.Fatalf("failed to generate AK: %v", err) - } - defer ak.Close() - - coscel := &cel.CEL{} - testEvents := []struct { - cosNestedEventType cel.CosType - pcr int - eventPayload []byte - }{ - {cel.ImageRefType, test.DebugPCR, []byte("docker.io/bazel/experimental/test:latest")}, - {cel.ImageDigestType, test.DebugPCR, []byte("sha256:781d8dfdd92118436bd914442c8339e653b83f6bf3c1a7a98efcfb7c4fed7483")}, - {cel.RestartPolicyType, test.DebugPCR, []byte(attestpb.RestartPolicy_Never.String())}, - {cel.ImageIDType, test.DebugPCR, []byte("sha256:5DF4A1AC347DCF8CF5E9D0ABC04B04DB847D1B88D3B1CC1006F0ACB68E5A1F4B")}, - {cel.EnvVarType, test.DebugPCR, []byte("foo=bar")}, - {cel.EnvVarType, test.DebugPCR, []byte("bar=baz")}, - {cel.EnvVarType, test.DebugPCR, []byte("baz=foo=bar")}, - {cel.EnvVarType, test.DebugPCR, []byte("empty=")}, - {cel.ArgType, test.DebugPCR, []byte("--x")}, - {cel.ArgType, test.DebugPCR, []byte("--y")}, - } - hashAlgoList := []crypto.Hash{crypto.SHA256, crypto.SHA1, crypto.SHA512} - for _, testEvent := range testEvents { - cos := cel.CosTlv{EventType: testEvent.cosNestedEventType, EventContent: testEvent.eventPayload} - if err := coscel.AppendEvent(rwc, testEvent.pcr, hashAlgoList, cos); err != nil { - t.Fatal(err) - } - } - - var buf bytes.Buffer - if err := coscel.EncodeCEL(&buf); err != nil { - t.Fatal(err) - } - - nonce := []byte("super secret nonce") - attestation, err := ak.Attest(client.AttestOpts{Nonce: nonce, CanonicalEventLog: buf.Bytes()}) - if err != nil { - t.Fatalf("failed to attest: %v", err) - } - - opts := VerifyOpts{ - Nonce: nonce, - TrustedAKs: []crypto.PublicKey{ak.PublicKey()}, - } - state, err := VerifyAttestation(attestation, opts) - if err != nil { - t.Fatalf("failed to verify: %v", err) - } - - expectedEnvVars := make(map[string]string) - expectedEnvVars["foo"] = "bar" - expectedEnvVars["bar"] = "baz" - expectedEnvVars["baz"] = "foo=bar" - expectedEnvVars["empty"] = "" - - want := attestpb.ContainerState{ - ImageReference: string(testEvents[0].eventPayload), - ImageDigest: string(testEvents[1].eventPayload), - RestartPolicy: attestpb.RestartPolicy_Never, - ImageId: string(testEvents[3].eventPayload), - EnvVars: expectedEnvVars, - Args: []string{string(testEvents[8].eventPayload), string(testEvents[9].eventPayload)}, - } - if diff := cmp.Diff(state.Cos.Container, &want, protocmp.Transform()); diff != "" { - t.Errorf("unexpected difference:\n%v", diff) - } -} - -func TestVerifyFailWithTamperedCELContent(t *testing.T) { - rwc := test.GetTPM(t) - defer client.CheckedClose(t, rwc) - - ak, err := client.AttestationKeyRSA(rwc) - if err != nil { - t.Fatalf("failed to generate AK: %v", err) - } - defer ak.Close() - - c := &cel.CEL{} - measuredHashes := []crypto.Hash{crypto.SHA256, crypto.SHA1, crypto.SHA512} - - cosEvent := cel.CosTlv{EventType: cel.ImageRefType, EventContent: []byte("docker.io/bazel/experimental/test:latest")} - cosEvent2 := cel.CosTlv{EventType: cel.ImageDigestType, EventContent: []byte("sha256:781d8dfdd92118436bd914442c8339e653b83f6bf3c1a7a98efcfb7c4fed7483")} - if err := c.AppendEvent(rwc, test.DebugPCR, measuredHashes, cosEvent); err != nil { - t.Fatalf("failed to append event: %v", err) - } - if err := c.AppendEvent(rwc, test.DebugPCR, measuredHashes, cosEvent2); err != nil { - t.Fatalf("failed to append event: %v", err) - } - - // modify the first record content, but not the record digest - modifiedRecord := cel.CosTlv{EventType: cel.ImageDigestType, EventContent: []byte("sha256:000000000000000000000000000000000000000000000000000000000000000")} - modifiedTLV, err := modifiedRecord.GetTLV() - if err != nil { - t.Fatal(err) - } - c.Records[0].Content = modifiedTLV - - var buf bytes.Buffer - if err := c.EncodeCEL(&buf); err != nil { - t.Fatal(err) - } - - nonce := []byte("super secret nonce") - attestation, err := ak.Attest(client.AttestOpts{Nonce: nonce, CanonicalEventLog: buf.Bytes()}) - if err != nil { - t.Fatalf("failed to attest: %v", err) - } - - opts := VerifyOpts{ - Nonce: nonce, - TrustedAKs: []crypto.PublicKey{ak.PublicKey()}, - } - if _, err := VerifyAttestation(attestation, opts); err == nil { - t.Fatalf("VerifyAttestation should fail due to modified content") - } else if !strings.Contains(err.Error(), "CEL record content digest verification failed") { - t.Fatalf("expect to get digest verification failed error, but got %v", err) - } -} - -func TestVerifyAttestationWithCerts(t *testing.T) { - tests := []struct { - name string - attestation []byte - nonce []byte - }{ - { - "no-nonce", - test.COS85NoNonce, - nil, - }, - { - "nonce-9009", - test.COS85Nonce9009, - []byte{0x90, 0x09}, - }, - } - for _, test := range tests { - t.Run(test.name, func(t *testing.T) { - attestBytes := test.attestation - att := &attestpb.Attestation{} - if err := proto.Unmarshal(attestBytes, att); err != nil { - t.Fatalf("failed to unmarshal attestation: %v", err) - } - - if _, err := VerifyAttestation(att, VerifyOpts{ - Nonce: test.nonce, - TrustedRootCerts: GceEKRoots, - IntermediateCerts: GceEKIntermediates, - }); err != nil { - t.Errorf("failed to VerifyAttestation with AKCert: %v", err) - } - }) - } -} - -func TestVerifyFailWithCertsAndPubkey(t *testing.T) { - att := &attestpb.Attestation{} - if err := proto.Unmarshal(test.COS85NoNonce, att); err != nil { - t.Fatalf("failed to unmarshal attestation: %v", err) - } - - priv, err := rsa.GenerateKey(rand.Reader, 2048) - if err != nil { - t.Fatal(err) - } - opts := VerifyOpts{ - Nonce: nil, - TrustedRootCerts: GceEKRoots, - IntermediateCerts: GceEKIntermediates, - TrustedAKs: []crypto.PublicKey{priv.Public()}, - } - if _, err := VerifyAttestation(att, opts); err == nil { - t.Error("Verified attestation even with multiple trust methods") - } -} - -func TestVerifyAttestationEmptyRootsIntermediates(t *testing.T) { - attestBytes := test.COS85NoNonce - att := &attestpb.Attestation{} - if err := proto.Unmarshal(attestBytes, att); err != nil { - t.Fatalf("failed to unmarshal attestation: %v", err) - } - - if _, err := VerifyAttestation(att, VerifyOpts{ - TrustedRootCerts: x509.NewCertPool(), - IntermediateCerts: x509.NewCertPool(), - }); err == nil { - t.Error("expected error when calling VerifyAttestation with empty roots and intermediates") - } - - if _, err := VerifyAttestation(att, VerifyOpts{}); err == nil { - t.Error("expected error when calling VerifyAttestation with empty VerifyOpts") - } -} - -func TestVerifyAttestationMissingRoots(t *testing.T) { - attestBytes := test.COS85NoNonce - att := &attestpb.Attestation{} - if err := proto.Unmarshal(attestBytes, att); err != nil { - t.Fatalf("failed to unmarshal attestation: %v", err) - } - - if _, err := VerifyAttestation(att, VerifyOpts{ - IntermediateCerts: GceEKIntermediates, - }); err == nil { - t.Error("expected error when calling VerifyAttestation with empty roots and intermediates") - } -} - -func TestVerifyAttestationMissingIntermediates(t *testing.T) { - attestBytes := test.COS85NoNonce - att := &attestpb.Attestation{} - if err := proto.Unmarshal(attestBytes, att); err != nil { - t.Fatalf("failed to unmarshal attestation: %v", err) - } - - if _, err := VerifyAttestation(att, VerifyOpts{ - TrustedRootCerts: GceEKRoots, - }); err == nil { - t.Error("expected error when calling VerifyAttestation with empty roots and intermediates") - } -} - -func TestVerifyMismatchedAKPubAndAKCert(t *testing.T) { - // Make sure that we fail verification if the AKPub and AKCert don't match - rwc := test.GetTPM(t) - defer client.CheckedClose(t, rwc) - - ak, err := client.AttestationKeyRSA(rwc) - if err != nil { - t.Fatalf("failed to generate AK: %v", err) - } - defer ak.Close() - - nonce := []byte{0x90, 0x09} - badAtt, err := ak.Attest(client.AttestOpts{Nonce: nonce}) - if err != nil { - t.Fatalf("failed to attest: %v", err) - } - // Copy "good" certificate into "bad" attestation - goodAtt := &attestpb.Attestation{} - if err := proto.Unmarshal(test.COS85Nonce9009, goodAtt); err != nil { - t.Fatalf("failed to unmarshal attestation: %v", err) - } - badAtt.AkCert = goodAtt.GetAkCert() - - opts := VerifyOpts{ - Nonce: nonce, - TrustedRootCerts: GceEKRoots, - IntermediateCerts: GceEKIntermediates, - } - if _, err := VerifyAttestation(badAtt, opts); err == nil { - t.Error("expected error when calling VerifyAttestation with mismatched public key and cert") - } -} diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/CONTRIBUTING.md b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/CONTRIBUTING.md deleted file mode 100644 index e7ae53660..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/CONTRIBUTING.md +++ /dev/null @@ -1,42 +0,0 @@ -# Guidelines for reporting bugs: -Non-security-critical bugs can be filed on the Issues tracker: - -https://github.com/Microsoft/ms-tpm-20-ref/issues - -Security sensitive bugs should be reported to secure@microsoft.com - -# Guideline for submitting changes: - -This repository tracks official TPM Library Specification releases and errata from -the Trusted Computing Group: - -https://trustedcomputinggroup.org/tpm-library-specification/ - -All changes to core TPM logic, particularly changes to files in -TPMCmd/tpm and its subdirectories, must be approved by TCG voting -members.  Github pull requests may be used to propose changes, but changes -will not be incorporated without TCG member approval. - -Other changes (e.g. new files or changes to TPMCmd/Platform or TPMCmd/Simulator), -particularly to support new platforms, scenarios, build environments or -crypto-libraries, will be considered if they are expected to be widely useful. - -Contributors that wish to be involved in -the future evolution of the TPM specification and reference implementation -should consider joining the Trusted Computing Group.  Information about -membership and liaison programs is available at https://trustedcomputinggroup.org/membership/ - -# Contributing - -This project welcomes contributions and suggestions. Most contributions require you to -agree to a Contributor License Agreement (CLA) declaring that you have the right to, -and actually do, grant us the rights to use your contribution. For details, visit -https://cla.microsoft.com. - -When you submit a pull request, a CLA-bot will automatically determine whether you need -to provide a CLA and decorate the PR appropriately (e.g., label, comment). Simply follow the -instructions provided by the bot. You will only need to do this once across all repositories using our CLA. - -This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/). -For more information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) -or contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments. diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/LICENSE b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/LICENSE deleted file mode 100644 index 3dea085cf..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/LICENSE +++ /dev/null @@ -1,17 +0,0 @@ -Microsoft Reference Implementation for TPM 2.0 - -The copyright in this software is being made available under the BSD License, included below. This software may be subject to other third party and contributor rights, including patent rights, and no such rights are granted under this license. - -Copyright (c) Microsoft Corporation - -All rights reserved. - -BSD License - -Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: - -Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. - -Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/README.md b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/README.md deleted file mode 100644 index bacd4bd88..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/README.md +++ /dev/null @@ -1,49 +0,0 @@ -# MS TPM 2.0 Reference Implementation # - -[![Build Status](https://travis-ci.org/Microsoft/ms-tpm-20-ref.svg?branch=master)](https://travis-ci.org/Microsoft/ms-tpm-20-ref) - -This is the official TCG reference implementation of the [TPM 2.0 Specification](https://trustedcomputinggroup.org/tpm-library-specification). The project contains complete source code of the reference implementation with a Microsoft Visual Studio solution and Linux autotools build scripts. - -See the definition of the `SPEC_VERSION`, `SPEC_YEAR` and `SPEC_DAY_OF_YEAR` values in the [TpmTypes.h](TPMCmd/tpm/include/TpmTypes.h) header for the exact revision/date of the TPM 2.0 specification, which the given source tree snapshot corresponds to. - -## Visual Studio build ## - -Before building the Visual Studio solution: - -1. Uncomment and update the definitions of the following macros in the [VendorString.h](TPMCmd/tpm/include/VendorString.h) header: - - MANUFACTURER - - VENDOR_STRING_1 - - FIRMWARE_V1 and FIRMWARE_V2 - -2. Setup the underlying cryptographic library: - -### OpenSSL library ### - -1. Create `TPMCmd/lib` folder and place a static OpenSSL library (`libeay32.lib` or `libcrypto.lib`) there. This may be either complete static library, or import library accompanying the corresponding DLL. In the latter case you'll need to copy the OpenSSL DLL into the standard Windows search path, so that it is available when you run the simulator executable (e.g. copy it into the same folder where simulator.exe is located). - - If you use `libcrypto.lib`, you'll need to either update `Linker|Input|Additional Dependencies` property of the Tpm project in the simulator solution or, alternatively, rename `libcrypto.lib` to `libeay32.lib`. - - Recommended version of OpenSSL is 1.0.2d or higher. - -2. Create `TPMCmd/OsslInclude/openssl` folder and copy there the contents of the `openssl/include/openssl` folder of the OpenSSL source tree used to build the static library used on the step 2). - -3. Build the solution with either Debug or Release as the active configuration. - -### Wolfcrypt library (wolfSSL) ### - -1. WolfSSL is included as a submodule. Initialize and update the submodule to fetch the project and checkout the appropriate commit. - - > git submodule init - > git submodule update - - The current commit will point the minimum recommended version of wolfSSL. Moving to a more recent tag or commit should also be supported but might not be tested. - -2. Build the solution with either WolfDebug or WolfRelease as the active configuration, either from inside the Visual Studio or with the following command line: - - > msbuild TPMCmd\simulator.sln /p:Configuration=WolfDebug - -## Linux build - -Follows the common `./bootstrap && ./configure && make` convention. - -Note that autotools scripts require the following prerequisite packages: `autoconf-archive`, `pkg-config`. Their absence is not automatically detected. The build also requires `libssl-dev` package to be installed. diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/Samples/Google/Clock.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/Samples/Google/Clock.c deleted file mode 100644 index bb8e4bba0..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/Samples/Google/Clock.c +++ /dev/null @@ -1,174 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD - * License, included below. This software may be subject to other third party - * and contributor rights, including patent rights, and no such rights are - * granted under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this - * list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS - * IS"" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, - * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR - * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, - * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, - * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; - * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, - * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR - * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF - * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Description -// -// This file contains the routines that are used by the simulator to mimic -// a hardware clock on a TPM. -// -// In this implementation, all the time values are measured in millisecond. -// However, the precision of the clock functions may be implementation -// dependent. - -#ifdef _WIN32 -#include -#include -#else -#include -#endif - -#include "PlatformData.h" -#include "Platform_fp.h" - -unsigned int s_adjustRate; -bool s_timerReset; - -clock64_t s_realTimePrevious; -clock64_t s_tpmTime; -clock64_t s_lastSystemTime; -clock64_t s_lastReportedTime; - -void _plat__TimerReset() { - s_lastSystemTime = 0; - s_tpmTime = 0; - s_adjustRate = CLOCK_NOMINAL; - s_timerReset = true; - return; -} - -static clock64_t _plat__RealTime() { -#ifdef _WIN32 // On Windows we might be using msvcrt, which only has _ftime. - struct _timeb sysTime; - _ftime_s(&sysTime); - return (clock64_t)(sysTime.time) * 1000 + sysTime.millitm; -#else - struct timespec systime; - clock_gettime(CLOCK_MONOTONIC, &systime); - return (clock64_t)systime.tv_sec * 1000 + (systime.tv_nsec / 1000000); -#endif -} - -uint64_t _plat__TimerRead() { - clock64_t timeDiff; - clock64_t adjustedTimeDiff; - clock64_t timeNow; - clock64_t readjustedTimeDiff; - - // This produces a timeNow that is basically locked to the system clock. - timeNow = _plat__RealTime(); - - // if this hasn't been initialized, initialize it - if (s_lastSystemTime == 0) { - s_lastSystemTime = timeNow; - s_lastReportedTime = 0; - s_realTimePrevious = 0; - } - // The system time can bounce around and that's OK as long as we don't allow - // time to go backwards. When the time does appear to go backwards, set - // lastSystemTime to be the new value and then update the reported time. - if (timeNow < s_lastReportedTime) s_lastSystemTime = timeNow; - s_lastReportedTime = s_lastReportedTime + timeNow - s_lastSystemTime; - s_lastSystemTime = timeNow; - timeNow = s_lastReportedTime; - - // The code above produces a timeNow that is similar to the value returned - // by Clock(). The difference is that timeNow does not max out, and it is - // at a ms. rate rather than at a CLOCKS_PER_SEC rate. The code below - // uses that value and does the rate adjustment on the time value. - // If there is no difference in time, then skip all the computations - if (s_realTimePrevious >= timeNow) return s_tpmTime; - // Compute the amount of time since the last update of the system clock - timeDiff = timeNow - s_realTimePrevious; - - // Do the time rate adjustment and conversion from CLOCKS_PER_SEC to mSec - adjustedTimeDiff = (timeDiff * CLOCK_NOMINAL) / ((uint64_t)s_adjustRate); - - // update the TPM time with the adjusted timeDiff - s_tpmTime += (clock64_t)adjustedTimeDiff; - - // Might have some rounding error that would loose CLOCKS. See what is not - // being used. As mentioned above, this could result in putting back more than - // is taken out. Here, we are trying to recreate timeDiff. - readjustedTimeDiff = - (adjustedTimeDiff * (uint64_t)s_adjustRate) / CLOCK_NOMINAL; - - // adjusted is now converted back to being the amount we should advance the - // previous sampled time. It should always be less than or equal to timeDiff. - // That is, we could not have use more time than we started with. - s_realTimePrevious = s_realTimePrevious + readjustedTimeDiff; - - return s_tpmTime; -} - -bool _plat__TimerWasReset() { - bool retVal = s_timerReset; - s_timerReset = false; - return retVal; -} - -void _plat__ClockAdjustRate(int adjust) { - // We expect the caller should only use a fixed set of constant values to - // adjust the rate - switch (adjust) { - case CLOCK_ADJUST_COARSE: - s_adjustRate += CLOCK_ADJUST_COARSE; - break; - case -CLOCK_ADJUST_COARSE: - s_adjustRate -= CLOCK_ADJUST_COARSE; - break; - case CLOCK_ADJUST_MEDIUM: - s_adjustRate += CLOCK_ADJUST_MEDIUM; - break; - case -CLOCK_ADJUST_MEDIUM: - s_adjustRate -= CLOCK_ADJUST_MEDIUM; - break; - case CLOCK_ADJUST_FINE: - s_adjustRate += CLOCK_ADJUST_FINE; - break; - case -CLOCK_ADJUST_FINE: - s_adjustRate -= CLOCK_ADJUST_FINE; - break; - default: - // ignore any other values; - break; - } - - if (s_adjustRate > (CLOCK_NOMINAL + CLOCK_ADJUST_LIMIT)) - s_adjustRate = CLOCK_NOMINAL + CLOCK_ADJUST_LIMIT; - if (s_adjustRate < (CLOCK_NOMINAL - CLOCK_ADJUST_LIMIT)) - s_adjustRate = CLOCK_NOMINAL - CLOCK_ADJUST_LIMIT; - - return; -} diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/Samples/Google/Entropy.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/Samples/Google/Entropy.c deleted file mode 100644 index ecaba7950..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/Samples/Google/Entropy.c +++ /dev/null @@ -1,11 +0,0 @@ -#include - -#include "Platform_fp.h" - -// We get entropy from OpenSSL which gets its entropy from the OS. -int32_t _plat__GetEntropy(uint8_t *entropy, uint32_t amount) { - if (RAND_bytes(entropy, amount) != 1) { - return -1; - } - return amount; -} diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/Samples/Google/NVMem.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/Samples/Google/NVMem.c deleted file mode 100644 index baac11b82..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/Samples/Google/NVMem.c +++ /dev/null @@ -1,81 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD - * License, included below. This software may be subject to other third party - * and contributor rights, including patent rights, and no such rights are - * granted under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this - * list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS - * IS"" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, - * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR - * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, - * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, - * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; - * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, - * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR - * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF - * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Description -// -// This file contains the NV read and write access methods. This -// implementation uses RAM/file and does not manage the RAM/file as NV -// blocks. The implementation may become more sophisticated over time. -// - -#include -#include - -#include "PlatformData.h" -#include "Platform_fp.h" - -unsigned char s_NV[NV_MEMORY_SIZE]; - -void _plat__NvMemoryRead(unsigned int start, unsigned int size, void *data) { - assert(start + size <= NV_MEMORY_SIZE); - memcpy(data, &s_NV[start], size); - return; -} - -int _plat__NvIsDifferent(unsigned int start, unsigned int size, void *data) { - return (memcmp(&s_NV[start], data, size) != 0); -} - -bool _plat__NvMemoryWrite(unsigned int start, unsigned int size, void *data) { - if (start + size <= NV_MEMORY_SIZE) { - memcpy(&s_NV[start], data, size); - return true; - } - return false; -} - -void _plat__NvMemoryClear(unsigned int start, unsigned int size) { - assert(start + size <= NV_MEMORY_SIZE); - // In this implementation, assume that the erase value for NV is all 1s - memset(&s_NV[start], 0xff, size); -} - -void _plat__NvMemoryMove(unsigned int sourceOffset, unsigned int destOffset, - unsigned int size) { - assert(sourceOffset + size <= NV_MEMORY_SIZE); - assert(destOffset + size <= NV_MEMORY_SIZE); - memmove(&s_NV[destOffset], &s_NV[sourceOffset], size); - return; -} diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/Samples/Google/Platform.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/Samples/Google/Platform.h deleted file mode 100644 index b71713a7a..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/Samples/Google/Platform.h +++ /dev/null @@ -1,71 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD - * License, included below. This software may be subject to other third party - * and contributor rights, including patent rights, and no such rights are - * granted under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this - * list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS - * IS"" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, - * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR - * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, - * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, - * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; - * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, - * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR - * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF - * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -// External interface to the vTPM - -#ifndef _PLATFORM_H_ -#define _PLATFORM_H_ - -#ifdef __cplusplus -extern "C" { -#endif - -#include -#include - -//***_plat__RunCommand() -// This version of RunCommand will set up a jum_buf and call ExecuteCommand(). -// If the command executes without failing, it will return and RunCommand will -// return. If there is a failure in the command, then _plat__Fail() is called -// and it will longjump back to RunCommand which will call ExecuteCommand again. -// However, this time, the TPM will be in failure mode so ExecuteCommand will -// simply build a failure response and return. -void _plat__RunCommand(uint32_t requestSize, // IN: command buffer size - unsigned char *request, // IN: command buffer - uint32_t *responseSize, // IN/OUT: response buffer size - unsigned char **response // IN/OUT: response buffer -); - -//*** _plat_Reset() -// Reset the TPM. This should always be called before _plat__RunCommand. The -// first time this function is called, the TPM will be manufactured. Pass true -// for forceManufacture to perfrom a manufacturer reset. -void _plat__Reset(bool forceManufacture); - -#ifdef __cplusplus -} -#endif - -#endif // _PLATFORM_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/Samples/Google/PlatformData.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/Samples/Google/PlatformData.h deleted file mode 100644 index 4d9a276d5..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/Samples/Google/PlatformData.h +++ /dev/null @@ -1,86 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD - * License, included below. This software may be subject to other third party - * and contributor rights, including patent rights, and no such rights are - * granted under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this - * list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS - * IS"" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, - * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR - * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, - * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, - * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; - * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, - * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR - * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF - * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -// This file contains the instance data for the Platform module. It is collected -// in this file so that the state of the module is easier to manage. - -#ifndef _PLATFORM_DATA_H_ -#define _PLATFORM_DATA_H_ - -#include -#include - -#include "TpmProfile.h" // For NV_MEMORY_SIZE - -typedef uint64_t clock64_t; -// This is the value returned the last time that the system clock was read. This -// is only relevant for a simulator or virtual TPM. -extern clock64_t s_realTimePrevious; - -// These values are used to try to synthesize a long lived version of clock(). -extern clock64_t s_lastSystemTime; -extern clock64_t s_lastReportedTime; - -// This is the rate adjusted value that is the equivalent of what would be read -// from a hardware register that produced rate adjusted time. -extern clock64_t s_tpmTime; - -// This value indicates that the timer was reset -extern bool s_timerReset; -// This variable records the timer adjustment factor. -extern unsigned int s_adjustRate; - -// CLOCK_NOMINAL is the number of hardware ticks per mS. A value of 300000 means -// that the nominal clock rate used to drive the hardware clock is 30 MHz. The -// adjustment rates are used to determine the conversion of the hardware ticks -// to internal hardware clock value. In practice, we would expect that there -// would be a hardware register with accumulated mS. It would be incremented by -// the output of a prescaler. The prescaler would divide the ticks from the -// clock by some value that would compensate for the difference between clock -// time and real time. The code in Clock does the emulation of this function. -#define CLOCK_NOMINAL 30000 -// A 1% change in rate is 300 counts -#define CLOCK_ADJUST_COARSE 300 -// A 0.1% change in rate is 30 counts -#define CLOCK_ADJUST_MEDIUM 30 -// A minimum change in rate is 1 count -#define CLOCK_ADJUST_FINE 1 -// The clock tolerance is +/-15% (4500 counts) -// Allow some guard band (16.7%) -#define CLOCK_ADJUST_LIMIT 5000 - -extern unsigned char s_NV[NV_MEMORY_SIZE]; - -#endif // _PLATFORM_DATA_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/Samples/Google/Platform_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/Samples/Google/Platform_fp.h deleted file mode 100644 index e8d63d242..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/Samples/Google/Platform_fp.h +++ /dev/null @@ -1,197 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD - * License, included below. This software may be subject to other third party - * and contributor rights, including patent rights, and no such rights are - * granted under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this - * list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS - * IS"" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, - * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR - * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, - * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, - * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; - * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, - * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR - * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF - * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -// Platform functions used by libtpm - -#ifndef _PLATFORM_FP_H_ -#define _PLATFORM_FP_H_ - -#include -#include - -//***_plat__IsCanceled() -// We opt to not support cancellation, so always return false. -// Return values: -// true(1) if cancel flag is set -// false(0) if cancel flag is not set -static inline int _plat__IsCanceled() { return false; } - -//***_plat__TimerReset() -// This function sets current system clock time as t0 for counting TPM time. -// This function is called at a power on event to reset the clock. When the -// clock is reset, the indication that the clock was stopped is also set. -void _plat__TimerReset(); - -//***_plat__TimerRead() -// This function provides access to the tick timer of the platform. The TPM code -// uses this value to drive the TPM Clock. -// -// The tick timer is supposed to run when power is applied to the device. This -// timer should not be reset by time events including _TPM_Init. It should only -// be reset when TPM power is re-applied. -// -// If the TPM is run in a protected environment, that environment may provide -// the tick time to the TPM as long as the time provided by the environment is -// not allowed to go backwards. If the time provided by the system can go -// backwards during a power discontinuity, then the _plat__Signal_PowerOn should -// call _plat__TimerReset(). -uint64_t _plat__TimerRead(); - -//*** _plat__TimerWasReset() -// This function is used to interrogate the flag indicating if the tick timer -// has been reset. -// -// If the resetFlag parameter is SET, then the flag will be CLEAR before the -// function returns. -bool _plat__TimerWasReset(); - -//*** _plat__TimerWasStopped() -// As we have CLOCK_STOPS=NO, we will only stop our timer on resets. -static inline bool _plat__TimerWasStopped() { return _plat__TimerWasReset(); } - -//***_plat__ClockAdjustRate() -// Adjust the clock rate -// IN: the adjust number. It could be positive or negative -void _plat__ClockAdjustRate(int adjust); - -//*** _plat__GetEntropy() -// This function is used to get available hardware entropy. In a hardware -// implementation of this function, there would be no call to the system -// to get entropy. -// Return values: -// < 0 hardware failure of the entropy generator, this is sticky -// >= 0 the returned amount of entropy (bytes) -int32_t _plat__GetEntropy(uint8_t *entropy, // output buffer - uint32_t amount // amount requested -); - -//***_plat__LocalityGet() -// We do not support non-zero localities, so just always return 0. -static inline uint8_t _plat__LocalityGet() { return 0; } - -//***_plat__NVEnable() -// As we just hold the NV data in memory, always return success. -// Return values: -// 0 if success -// > 0 if receive recoverable error -// < 0 if unrecoverable error -static inline int _plat__NVEnable(void *platParameter) { - (void)(platParameter); - return 0; -}; - -//***_plat__IsNvAvailable() -// Our NV Data is always available and has no write limits. -// Return values: -// 0 NV is available -// 1 NV is not available due to write failure -// 2 NV is not available due to rate limit -static inline int _plat__IsNvAvailable() { return 0; } - -//***_plat__NvMemoryRead() -// Function: Read a chunk of NV memory -void _plat__NvMemoryRead(unsigned int startOffset, // IN: read start - unsigned int size, // IN: size of bytes to read - void *data // OUT: data buffer -); - -//*** _plat__NvIsDifferent() -// This function checks to see if the NV is different from the test value. This -// is so that NV will not be written if it has not changed. -// Return Type: int -// TRUE(1) the NV location is different from the test value -// FALSE(0) the NV location is the same as the test value -int _plat__NvIsDifferent(unsigned int startOffset, // IN: read start - unsigned int size, // IN: size of bytes to read - void *data // IN: data buffer -); - -//***_plat__NvMemoryWrite() -// This function is used to update NV memory. The "write" is to a memory copy of -// NV. At the end of the current command, any changes are written to -// the actual NV memory. -// NOTE: A useful optimization would be for this code to compare the current -// contents of NV with the local copy and note the blocks that have changed. -// Then only write those blocks when _plat__NvCommit() is called. -bool _plat__NvMemoryWrite(unsigned int startOffset, // IN: write start - unsigned int size, // IN: size of bytes to write - void *data // OUT: data buffer -); - -//***_plat__NvMemoryClear() -// Function is used to set a range of NV memory bytes to an implementation- -// dependent value. The value represents the erase state of the memory. -void _plat__NvMemoryClear(unsigned int start, // IN: clear start - unsigned int size // IN: number of bytes to clear -); - -//***_plat__NvMemoryMove() -// Function: Move a chunk of NV memory from source to destination -// This function should ensure that if there overlap, the original data is -// copied before it is written -void _plat__NvMemoryMove(unsigned int sourceOffset, // IN: source offset - unsigned int destOffset, // IN: destination offset - unsigned int size // IN: size of data being moved -); - -//***_plat__NvCommit() -// Our NV Data is just in memory, so "committing" it is a no-op. -// Return values: -// 0 NV write success -// != 0 NV write fail -static inline int _plat__NvCommit() { return 0; } - -//*** _plat__WasPowerLost() -// Test whether power was lost before a _TPM_Init. As we use in-memory NV Data, -// there's no reason to to not do the power-loss activities on every _TPM_Init. -// Return values: -// true(1) power was lost -// false(0) power was not lost -static inline int _plat__WasPowerLost() { return true; } - -//** From PPPlat.c - -//***_plat__PhysicalPresenceAsserted() -// Our vTPM has no way to assert physical presence, so we always return true. -// Return values: -// true(1) if physical presence is signaled -// false(0) if physical presence is not signaled -static inline int _plat__PhysicalPresenceAsserted() { return true; } - -//***_plat__Fail() -// This is the platform depended failure exit for the TPM. -_Noreturn void _plat__Fail(); - -#endif // _PLATFORM_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/Samples/Google/Run.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/Samples/Google/Run.c deleted file mode 100644 index 044dc043d..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/Samples/Google/Run.c +++ /dev/null @@ -1,78 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD - * License, included below. This software may be subject to other third party - * and contributor rights, including patent rights, and no such rights are - * granted under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this - * list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS - * IS"" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, - * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR - * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, - * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, - * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; - * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, - * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR - * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF - * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//**Introduction -// This module provides the platform specific entry and fail processing. The -// _plat__RunCommand() function is used to call to ExecuteCommand() in the TPM -// code. This function does whatever processing is necessary to set up the -// platform in anticipation of the call to the TPM including settup for error -// processing. -// -// The _plat__Fail() function is called when there is a failure in the TPM. The -// TPM code will have set the flag to indicate that the TPM is in failure mode. -// This call will then recursively call ExecuteCommand in order to build the -// failure mode response. When ExecuteCommand() returns to _plat__Fail(), the -// platform will do some platform specif operation to return to the environment -// in which the TPM is executing. For a simulator, setjmp/longjmp is used. For -// an OS, a system exit to the OS would be appropriate. - -#include - -#include "CompilerDependencies.h" -#include "ExecCommand_fp.h" -#include "Manufacture_fp.h" -#include "Platform.h" -#include "Platform_fp.h" -#include "_TPM_Init_fp.h" - -jmp_buf s_jumpBuffer; - -void _plat__RunCommand(uint32_t requestSize, unsigned char *request, - uint32_t *responseSize, unsigned char **response) { - setjmp(s_jumpBuffer); - ExecuteCommand(requestSize, request, responseSize, response); -} - -_Noreturn void _plat__Fail(void) { longjmp(&s_jumpBuffer[0], 1); } - -void _plat__Reset(bool forceManufacture) { - // We ignore errors, as we don't care if the TPM has been Manufactured before. - if (forceManufacture) { - TPM_TearDown(); - } - TPM_Manufacture(0); - _plat__TimerReset(); - _TPM_Init(); -} diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/Makefile.am b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/Makefile.am deleted file mode 100644 index 1df7a5e2c..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/Makefile.am +++ /dev/null @@ -1,62 +0,0 @@ -## The copyright in this software is being made available under the BSD License, -## included below. This software may be subject to other third party and -## contributor rights, including patent rights, and no such rights are granted -## under this license. -## -## Copyright (c) Intel Corporation -## -## All rights reserved. -## -## BSD License -## -## Redistribution and use in source and binary forms, with or without modification, -## are permitted provided that the following conditions are met: -## -## Redistributions of source code must retain the above copyright notice, this list -## of conditions and the following disclaimer. -## -## Redistributions in binary form must reproduce the above copyright notice, this -## list of conditions and the following disclaimer in the documentation and/or -## other materials provided with the distribution. -## -## THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" -## AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -## IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -## DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR -## ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -## (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -## LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON -## ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -## (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -## SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - -include src.mk - -PLATFORM_INC = -I $(srcdir)/Platform/include \ - -I $(srcdir)/Platform/include/prototypes -SIMULATOR_INC = -I $(srcdir)/Simulator/include \ - -I $(srcdir)/Simulator/include/prototypes -TPM_INC = -I $(srcdir)/tpm/include \ - -I $(srcdir)/tpm/include/prototypes - -libplatform = Platform/src/libplatform.a -libtpm = tpm/src/libtpm.a -tpm2_simulator = Simulator/src/tpm2-simulator - -bin_PROGRAMS = $(tpm2_simulator) -noinst_LIBRARIES = $(libplatform) $(libtpm) - -Platform_src_libplatform_a_CFLAGS = $(EXTRA_CFLAGS) $(PLATFORM_INC) $(TPM_INC) -Platform_src_libplatform_a_SOURCES = $(PLATFORM_C) $(PLATFORM_H) - -Simulator_src_tpm2_simulator_CFLAGS = $(EXTRA_CFLAGS) $(PLATFORM_INC) \ - $(TPM_INC) $(SIMULATOR_INC) $(LIBCRYPTO_CFLAGS) $(PTHREAD_CFLAGS) -# the weird / duplicate static library is necessary for dealing with the -# circular dependency beetween libplatform and libtpm -Simulator_src_tpm2_simulator_LDADD = $(libplatform) $(libtpm) \ - $(libplatform) $(LIBCRYPTO_LIBS) $(PTHREAD_LIBS) @ADDITIONAL_LIBS@ -Simulator_src_tpm2_simulator_SOURCES = $(SIMULATOR_C) $(SIMULATOR_H) - -tpm_src_libtpm_a_CFLAGS = $(EXTRA_CFLAGS) $(PLATFORM_INC) $(TPM_INC) \ - $(LIBCRYPTO_CFLAGS) -tpm_src_libtpm_a_SOURCES = $(TPM_C) $(TPM_H) $(PLATFORM_H) diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/configure.ac b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/configure.ac deleted file mode 100644 index 58a74b416..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/configure.ac +++ /dev/null @@ -1,89 +0,0 @@ -dnl The copyright in this software is being made available under the BSD License, -dnl included below. This software may be subject to other third party and -dnl contributor rights, including patent rights, and no such rights are granted -dnl under this license. -dnl -dnl Copyright (c) Intel Corporation -dnl -dnl All rights reserved. -dnl -dnl BSD License -dnl -dnl Redistribution and use in source and binary forms, with or without modification, -dnl are permitted provided that the following conditions are met: -dnl -dnl Redistributions of source code must retain the above copyright notice, this list -dnl of conditions and the following disclaimer. -dnl -dnl Redistributions in binary form must reproduce the above copyright notice, this -dnl list of conditions and the following disclaimer in the documentation and/or -dnl other materials provided with the distribution. -dnl -dnl THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" -dnl AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -dnl IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -dnl DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR -dnl ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -dnl (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -dnl LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON -dnl ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -dnl (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -dnl SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - -AC_INIT([ms-tpm-20-ref], - [0.1], - [https://github.com/microsoft/ms-tpm-20-ref/issues], - [], - [https://github.com/microsoft/ms-tpm-20-ref]) -AC_CONFIG_MACRO_DIR([.]) -AC_PROG_CC -AC_PROG_LN_S -AC_PROG_RANLIB -AM_INIT_AUTOMAKE([foreign subdir-objects]) -AC_CONFIG_FILES([Makefile]) -AC_SUBST([DISTCHECK_CONFIGURE_FLAGS],[$ac_configure_args]) - -dnl By enabling this feature tpm simulator gets seeds derived from hardware parameters. -dnl It is enabled only for linux devices. -dnl Note that the seeds are not derived from secure hardware source. - -AC_ARG_ENABLE(usedeviceid, - AS_HELP_STRING([--enable-usedeviceid], - [tpm simulator get seeds derived from hardware parameters. Seeds are not derived from secure hardware source.])) - -PKG_CHECK_MODULES([LIBCRYPTO], [libcrypto]) -AS_IF([test "x$enable_usedeviceid" = "xyes"], [ - PKG_CHECK_MODULES([LIBUDEV], [libudev]) - [ADDITIONAL_LIBS="-ludev"] -]) -AX_PTHREAD([], [AC_MSG_ERROR([requires pthread])]) - -AC_DEFINE([HASH_LIB], [Ossl], [Crypto lib for hash algorithms]) -AC_DEFINE([SYM_LIB], [Ossl], [Crypto lib for symmetric encryption algorithms]) -AC_DEFINE([MATH_LIB], [Ossl], [Crypto lib for bignum operations]) - -ADD_COMPILER_FLAG([-std=gnu11]) -ADD_COMPILER_FLAG([-Werror]) -ADD_COMPILER_FLAG([-Wall]) -ADD_COMPILER_FLAG([-Wformat-security]) -ADD_COMPILER_FLAG([-fstack-protector-all]) -ADD_COMPILER_FLAG([-fPIC]) -ADD_COMPILER_FLAG([-Wno-error=empty-body]) -ADD_COMPILER_FLAG([-Wno-error=expansion-to-defined]) -ADD_COMPILER_FLAG([-Wno-error=parentheses]) -ADD_COMPILER_FLAG([-Wno-error=pointer-to-int-cast]) -ADD_COMPILER_FLAG([-Wno-error=missing-braces]) -ADD_COMPILER_FLAG([-Wno-error=unused-result]) - -AS_IF([test "x$enable_usedeviceid" = "xyes"], [ - ADD_COMPILER_FLAG([-DNDEBUG]) - ADD_COMPILER_FLAG([-g]) - ADD_COMPILER_FLAG([-DUSE_PLATFORM_EPS]) - AC_SUBST(ADDITIONAL_LIBS) -]) -ADD_LINK_FLAG([-Wl,--no-undefined]) -ADD_LINK_FLAG([-Wl,-z,noexecstack]) -ADD_LINK_FLAG([-Wl,-z,now]) -ADD_LINK_FLAG([-Wl,-z,relro]) - -AC_OUTPUT diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/flags.m4 b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/flags.m4 deleted file mode 100644 index 286c10bfa..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/flags.m4 +++ /dev/null @@ -1,84 +0,0 @@ -dnl The copyright in this software is being made available under the BSD License, -dnl included below. This software may be subject to other third party and -dnl contributor rights, including patent rights, and no such rights are granted -dnl under this license. -dnl -dnl Copyright (c) Intel Corporation -dnl -dnl All rights reserved. -dnl -dnl BSD License -dnl -dnl Redistribution and use in source and binary forms, with or without modification, -dnl are permitted provided that the following conditions are met: -dnl -dnl Redistributions of source code must retain the above copyright notice, this list -dnl of conditions and the following disclaimer. -dnl -dnl Redistributions in binary form must reproduce the above copyright notice, this -dnl list of conditions and the following disclaimer in the documentation and/or -dnl other materials provided with the distribution. -dnl -dnl THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" -dnl AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -dnl IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -dnl DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR -dnl ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -dnl (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -dnl LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON -dnl ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -dnl (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -dnl SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - -dnl ADD_COMPILER_FLAG: -dnl A macro to add a CFLAG to the EXTRA_CFLAGS variable. This macro will -dnl check to be sure the compiler supprts the flag. Flags can be made -dnl mandatory (configure will fail). -dnl $1: C compiler flag to add to EXTRA_CFLAGS. -dnl $2: Set to "required" to cause configure failure if flag not supported.. -AC_DEFUN([ADD_COMPILER_FLAG],[ - AX_CHECK_COMPILE_FLAG([$1],[ - EXTRA_CFLAGS="$EXTRA_CFLAGS $1" - AC_SUBST([EXTRA_CFLAGS])],[ - AS_IF([test x$2 != xrequired],[ - AC_MSG_WARN([Optional CFLAG "$1" not supported by your compiler, continuing.])],[ - AC_MSG_ERROR([Required CFLAG "$1" not supported by your compiler, aborting.])] - )],[ - -Wall -Werror] - )] -) -dnl ADD_PREPROC_FLAG: -dnl Add the provided preprocessor flag to the EXTRA_CFLAGS variable. This -dnl macro will check to be sure the preprocessor supports the flag. -dnl The flag can be made mandatory by provideing the string 'required' as -dnl the second parameter. -dnl $1: Preprocessor flag to add to EXTRA_CFLAGS. -dnl $2: Set to "required" t ocause configure failure if preprocesor flag -dnl is not supported. -AC_DEFUN([ADD_PREPROC_FLAG],[ - AX_CHECK_PREPROC_FLAG([$1],[ - EXTRA_CFLAGS="$EXTRA_CFLAGS $1" - AC_SUBST([EXTRA_CFLAGS])],[ - AS_IF([test x$2 != xrequired],[ - AC_MSG_WARN([Optional preprocessor flag "$1" not supported by your compiler, continuing.])],[ - AC_MSG_ERROR([Required preprocessor flag "$1" not supported by your compiler, aborting.])] - )],[ - -Wall -Werror] - )] -) -dnl ADD_LINK_FLAG: -dnl A macro to add a LDLAG to the EXTRA_LDFLAGS variable. This macro will -dnl check to be sure the linker supprts the flag. Flags can be made -dnl mandatory (configure will fail). -dnl $1: linker flag to add to EXTRA_LDFLAGS. -dnl $2: Set to "required" to cause configure failure if flag not supported. -AC_DEFUN([ADD_LINK_FLAG],[ - AX_CHECK_LINK_FLAG([$1],[ - EXTRA_LDFLAGS="$EXTRA_LDFLAGS $1" - AC_SUBST([EXTRA_LDFLAGS])],[ - AS_IF([test x$2 != xrequired],[ - AC_MSG_WARN([Optional LDFLAG "$1" not supported by your linker, continuing.])],[ - AC_MSG_ERROR([Required LDFLAG "$1" not supported by your linker, aborting.])] - )] - )] -) diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/BaseTypes.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/BaseTypes.h deleted file mode 100644 index afcfef974..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/BaseTypes.h +++ /dev/null @@ -1,60 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.2 Feb 22, 2019 - * Date: Mar 20, 2019 Time: 08:27:26PM - */ - -#ifndef _BASE_TYPES_H_ -#define _BASE_TYPES_H_ - -// NULL definition -#ifndef NULL -#define NULL (0) -#endif - -typedef uint8_t UINT8; -typedef uint8_t BYTE; -typedef int8_t INT8; -typedef int BOOL; -typedef uint16_t UINT16; -typedef int16_t INT16; -typedef uint32_t UINT32; -typedef int32_t INT32; -typedef uint64_t UINT64; -typedef int64_t INT64; - - -#endif // _BASE_TYPES_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/BnValues.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/BnValues.h deleted file mode 100644 index bb3fe3fa9..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/BnValues.h +++ /dev/null @@ -1,320 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Introduction - -// This file contains the definitions needed for defining the internal BIGNUM -// structure. - -// A BIGNUM is a pointer to a structure. The structure has three fields. The -// last field is and array (d) of crypt_uword_t. Each word is in machine format -// (big- or little-endian) with the words in ascending significance (i.e. words -// in little-endian order). This is the order that seems to be used in every -// big number library in the worlds, so... -// -// The first field in the structure (allocated) is the number of words in 'd'. -// This is the upper limit on the size of the number that can be held in the -// structure. This differs from libraries like OpenSSL as this is not intended -// to deal with numbers of arbitrary size; just numbers that are needed to deal -// with the algorithms that are defined in the TPM implementation. -// -// The second field in the structure (size) is the number of significant words -// in 'n'. When this number is zero, the number is zero. The word at used-1 should -// never be zero. All words between d[size] and d[allocated-1] should be zero. - -//** Defines - -#ifndef _BN_NUMBERS_H -#define _BN_NUMBERS_H - -#if RADIX_BITS == 64 -# define RADIX_LOG2 6 -#elif RADIX_BITS == 32 -#define RADIX_LOG2 5 -#else -# error "Unsupported radix" -#endif - -#define RADIX_MOD(x) ((x) & ((1 << RADIX_LOG2) - 1)) -#define RADIX_DIV(x) ((x) >> RADIX_LOG2) -#define RADIX_MASK ((((crypt_uword_t)1) << RADIX_LOG2) - 1) - -#define BITS_TO_CRYPT_WORDS(bits) RADIX_DIV((bits) + (RADIX_BITS - 1)) -#define BYTES_TO_CRYPT_WORDS(bytes) BITS_TO_CRYPT_WORDS(bytes * 8) -#define SIZE_IN_CRYPT_WORDS(thing) BYTES_TO_CRYPT_WORDS(sizeof(thing)) - -#if RADIX_BITS == 64 -#define SWAP_CRYPT_WORD(x) REVERSE_ENDIAN_64(x) - typedef uint64_t crypt_uword_t; - typedef int64_t crypt_word_t; -# define TO_CRYPT_WORD_64 BIG_ENDIAN_BYTES_TO_UINT64 -# define TO_CRYPT_WORD_32(a, b, c, d) TO_CRYPT_WORD_64(0, 0, 0, 0, a, b, c, d) -#elif RADIX_BITS == 32 -# define SWAP_CRYPT_WORD(x) REVERSE_ENDIAN_32((x)) - typedef uint32_t crypt_uword_t; - typedef int32_t crypt_word_t; -# define TO_CRYPT_WORD_64(a, b, c, d, e, f, g, h) \ - BIG_ENDIAN_BYTES_TO_UINT32(e, f, g, h), \ - BIG_ENDIAN_BYTES_TO_UINT32(a, b, c, d) -#endif - -#define MAX_CRYPT_UWORD (~((crypt_uword_t)0)) -#define MAX_CRYPT_WORD ((crypt_word_t)(MAX_CRYPT_UWORD >> 1)) -#define MIN_CRYPT_WORD (~MAX_CRYPT_WORD) - -#define LARGEST_NUMBER (MAX((ALG_RSA * MAX_RSA_KEY_BYTES), \ - MAX((ALG_ECC * MAX_ECC_KEY_BYTES), MAX_DIGEST_SIZE))) -#define LARGEST_NUMBER_BITS (LARGEST_NUMBER * 8) - -#define MAX_ECC_PARAMETER_BYTES (MAX_ECC_KEY_BYTES * ALG_ECC) - -// These are the basic big number formats. This is convertible to the library- -// specific format without to much difficulty. For the math performed using -// these numbers, the value is always positive. -#define BN_STRUCT_DEF(count) struct { \ - crypt_uword_t allocated; \ - crypt_uword_t size; \ - crypt_uword_t d[count]; \ - } - -typedef BN_STRUCT_DEF(1) bignum_t; -#ifndef bigNum -typedef bignum_t *bigNum; -typedef const bignum_t *bigConst; -#endif - -extern const bignum_t BnConstZero; - -// The Functions to access the properties of a big number. -// Get number of allocated words -#define BnGetAllocated(x) (unsigned)((x)->allocated) - -// Get number of words used -#define BnGetSize(x) ((x)->size) - -// Get a pointer to the data array -#define BnGetArray(x) ((crypt_uword_t *)&((x)->d[0])) - -// Get the nth word of a BIGNUM (zero-based) -#define BnGetWord(x, i) (crypt_uword_t)((x)->d[i]) - -// Some things that are done often. - -// Test to see if a bignum_t is equal to zero -#define BnEqualZero(bn) (BnGetSize(bn) == 0) - -// Test to see if a bignum_t is equal to a word type -#define BnEqualWord(bn, word) \ - ((BnGetSize(bn) == 1) && (BnGetWord(bn, 0) == (crypt_uword_t)word)) - -// Determine if a BIGNUM is even. A zero is even. Although the -// indication that a number is zero is that it's size is zero, -// all words of the number are 0 so this test works on zero. -#define BnIsEven(n) ((BnGetWord(n, 0) & 1) == 0) - -// The macros below are used to define BIGNUM values of the required -// size. The values are allocated on the stack so they can be -// treated like simple local values. - -// This will call the initialization function for a defined bignum_t. -// This sets the allocated and used fields and clears the words of 'n'. -#define BN_INIT(name) \ - (bigNum)BnInit((bigNum)&(name), \ - BYTES_TO_CRYPT_WORDS(sizeof(name.d))) - -// In some cases, a function will need the address of the structure -// associated with a variable. The structure for a BIGNUM variable -// of 'name' is 'name_'. Generally, when the structure is created, it -// is initialized and a parameter is created with a pointer to the -// structure. The pointer has the 'name' and the structure it points -// to is 'name_' -#define BN_ADDRESS(name) (bigNum)&name##_ - -#define BN_STRUCT_ALLOCATION(bits) (BITS_TO_CRYPT_WORDS(bits) + 1) - -// Create a structure of the correct size. -#define BN_STRUCT(bits) \ - BN_STRUCT_DEF(BN_STRUCT_ALLOCATION(bits)) - -// Define a BIGNUM type with a specific allocation -#define BN_TYPE(name, bits) \ - typedef BN_STRUCT(bits) bn_##name##_t - -// This creates a local BIGNUM variable of a specific size and -// initializes it from a TPM2B input parameter. -#define BN_INITIALIZED(name, bits, initializer) \ - BN_STRUCT(bits) name##_; \ - bigNum name = BnFrom2B(BN_INIT(name##_), \ - (const TPM2B *)initializer) - -// Create a local variable that can hold a number with 'bits' -#define BN_VAR(name, bits) \ - BN_STRUCT(bits) _##name; \ - bigNum name = BN_INIT(_##name) - -// Create a type that can hold the largest number defined by the -// implementation. -#define BN_MAX(name) BN_VAR(name, LARGEST_NUMBER_BITS) -#define BN_MAX_INITIALIZED(name, initializer) \ - BN_INITIALIZED(name, LARGEST_NUMBER_BITS, initializer) - -// A word size value is useful -#define BN_WORD(name) BN_VAR(name, RADIX_BITS) - -// This is used to created a word-size BIGNUM and initialize it with -// an input parameter to a function. -#define BN_WORD_INITIALIZED(name, initial) \ - BN_STRUCT(RADIX_BITS) name##_; \ - bigNum name = BnInitializeWord((bigNum)&name##_, \ - BN_STRUCT_ALLOCATION(RADIX_BITS), initial) - -// ECC-Specific Values - -// This is the format for a point. It is always in affine format. The Z value is -// carried as part of the point, primarily to simplify the interface to the support -// library. Rather than have the interface layer have to create space for the -// point each time it is used... -// The x, y, and z values are pointers to bigNum values and not in-line versions of -// the numbers. This is a relic of the days when there was no standard TPM format -// for the numbers -typedef struct _bn_point_t -{ - bigNum x; - bigNum y; - bigNum z; -} bn_point_t; - -typedef bn_point_t *bigPoint; -typedef const bn_point_t *pointConst; - -typedef struct constant_point_t -{ - bigConst x; - bigConst y; - bigConst z; -} constant_point_t; - -#define ECC_BITS (MAX_ECC_KEY_BYTES * 8) -BN_TYPE(ecc, ECC_BITS); -#define ECC_NUM(name) BN_VAR(name, ECC_BITS) -#define ECC_INITIALIZED(name, initializer) \ - BN_INITIALIZED(name, ECC_BITS, initializer) - -#define POINT_INSTANCE(name, bits) \ - BN_STRUCT (bits) name##_x = \ - {BITS_TO_CRYPT_WORDS ( bits ), 0,{0}}; \ - BN_STRUCT ( bits ) name##_y = \ - {BITS_TO_CRYPT_WORDS ( bits ), 0,{0}}; \ - BN_STRUCT ( bits ) name##_z = \ - {BITS_TO_CRYPT_WORDS ( bits ), 0,{0}}; \ - bn_point_t name##_ - -#define POINT_INITIALIZER(name) \ - BnInitializePoint(&name##_, (bigNum)&name##_x, \ - (bigNum)&name##_y, (bigNum)&name##_z) - -#define POINT_INITIALIZED(name, initValue) \ - POINT_INSTANCE(name, MAX_ECC_KEY_BITS); \ - bigPoint name = BnPointFrom2B( \ - POINT_INITIALIZER(name), \ - initValue) - -#define POINT_VAR(name, bits) \ - POINT_INSTANCE (name, bits); \ - bigPoint name = POINT_INITIALIZER(name) - -#define POINT(name) POINT_VAR(name, MAX_ECC_KEY_BITS) - -// Structure for the curve parameters. This is an analog to the -// TPMS_ALGORITHM_DETAIL_ECC -typedef struct -{ - bigConst prime; // a prime number - bigConst order; // the order of the curve - bigConst h; // cofactor - bigConst a; // linear coefficient - bigConst b; // constant term - constant_point_t base; // base point -} ECC_CURVE_DATA; - -// Access macros for the ECC_CURVE structure. The parameter 'C' is a pointer -// to an ECC_CURVE_DATA structure. In some libraries, the curve structure contains -// a pointer to an ECC_CURVE_DATA structure as well as some other bits. For those -// cases, the AccessCurveData macro is used in the code to first get the pointer -// to the ECC_CURVE_DATA for access. In some cases, the macro does noting. -#define CurveGetPrime(C) ((C)->prime) -#define CurveGetOrder(C) ((C)->order) -#define CurveGetCofactor(C) ((C)->h) -#define CurveGet_a(C) ((C)->a) -#define CurveGet_b(C) ((C)->b) -#define CurveGetG(C) ((pointConst)&((C)->base)) -#define CurveGetGx(C) ((C)->base.x) -#define CurveGetGy(C) ((C)->base.y) - - -// Convert bytes in initializers according to the endianess of the system. -// This is used for CryptEccData.c. -#define BIG_ENDIAN_BYTES_TO_UINT32(a, b, c, d) \ - ( ((UINT32)(a) << 24) \ - + ((UINT32)(b) << 16) \ - + ((UINT32)(c) << 8) \ - + ((UINT32)(d)) \ - ) - -#define BIG_ENDIAN_BYTES_TO_UINT64(a, b, c, d, e, f, g, h) \ - ( ((UINT64)(a) << 56) \ - + ((UINT64)(b) << 48) \ - + ((UINT64)(c) << 40) \ - + ((UINT64)(d) << 32) \ - + ((UINT64)(e) << 24) \ - + ((UINT64)(f) << 16) \ - + ((UINT64)(g) << 8) \ - + ((UINT64)(h)) \ - ) - -#ifndef RADIX_BYTES -# if RADIX_BITS == 32 -# define RADIX_BYTES 4 -# elif RADIX_BITS == 64 -# define RADIX_BYTES 8 -# else -# error "RADIX_BITS must either be 32 or 64" -# endif -#endif - -// Add implementation dependent definitions for other ECC Values and for linkages. -#include LIB_INCLUDE(MATH_LIB, Math) - - -#endif // _BN_NUMBERS_H \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Capabilities.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Capabilities.h deleted file mode 100644 index 54f620c20..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Capabilities.h +++ /dev/null @@ -1,49 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#ifndef _CAPABILITIES_H -#define _CAPABILITIES_H - -#define MAX_CAP_DATA (MAX_CAP_BUFFER - sizeof(TPM_CAP)-sizeof(UINT32)) -#define MAX_CAP_ALGS (MAX_CAP_DATA / sizeof(TPMS_ALG_PROPERTY)) -#define MAX_CAP_HANDLES (MAX_CAP_DATA / sizeof(TPM_HANDLE)) -#define MAX_CAP_CC (MAX_CAP_DATA / sizeof(TPM_CC)) -#define MAX_TPM_PROPERTIES (MAX_CAP_DATA / sizeof(TPMS_TAGGED_PROPERTY)) -#define MAX_PCR_PROPERTIES (MAX_CAP_DATA / sizeof(TPMS_TAGGED_PCR_SELECT)) -#define MAX_ECC_CURVES (MAX_CAP_DATA / sizeof(TPM_ECC_CURVE)) -#define MAX_TAGGED_POLICIES (MAX_CAP_DATA / sizeof(TPMS_TAGGED_POLICY)) - -#define MAX_AC_CAPABILITIES (MAX_CAP_DATA / sizeof(TPMS_AC_OUTPUT)) - -#endif diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CommandAttributeData.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CommandAttributeData.h deleted file mode 100644 index 8c3e5e433..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CommandAttributeData.h +++ /dev/null @@ -1,916 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 3.0 June 16, 2017 - * Date: Oct 9, 2018 Time: 07:25:18PM - */ -// This file should only be included by CommandCodeAttibutes.c -#ifdef _COMMAND_CODE_ATTRIBUTES_ - -#include "CommandAttributes.h" - -#if COMPRESSED_LISTS -# define PAD_LIST 0 -#else -# define PAD_LIST 1 -#endif - - -// This is the command code attribute array for GetCapability. -// Both this array and s_commandAttributes provides command code attributes, -// but tuned for different purpose -const TPMA_CC s_ccAttr [] = { -#if (PAD_LIST || CC_NV_UndefineSpaceSpecial) - TPMA_CC_INITIALIZER(0x011F, 0, 1, 0, 0, 2, 0, 0, 0), -#endif -#if (PAD_LIST || CC_EvictControl) - TPMA_CC_INITIALIZER(0x0120, 0, 1, 0, 0, 2, 0, 0, 0), -#endif -#if (PAD_LIST || CC_HierarchyControl) - TPMA_CC_INITIALIZER(0x0121, 0, 1, 1, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_NV_UndefineSpace) - TPMA_CC_INITIALIZER(0x0122, 0, 1, 0, 0, 2, 0, 0, 0), -#endif -#if (PAD_LIST ) - TPMA_CC_INITIALIZER(0x0123, 0, 0, 0, 0, 0, 0, 0, 0), -#endif -#if (PAD_LIST || CC_ChangeEPS) - TPMA_CC_INITIALIZER(0x0124, 0, 1, 1, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_ChangePPS) - TPMA_CC_INITIALIZER(0x0125, 0, 1, 1, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_Clear) - TPMA_CC_INITIALIZER(0x0126, 0, 1, 1, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_ClearControl) - TPMA_CC_INITIALIZER(0x0127, 0, 1, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_ClockSet) - TPMA_CC_INITIALIZER(0x0128, 0, 1, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_HierarchyChangeAuth) - TPMA_CC_INITIALIZER(0x0129, 0, 1, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_NV_DefineSpace) - TPMA_CC_INITIALIZER(0x012A, 0, 1, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_PCR_Allocate) - TPMA_CC_INITIALIZER(0x012B, 0, 1, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_PCR_SetAuthPolicy) - TPMA_CC_INITIALIZER(0x012C, 0, 1, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_PP_Commands) - TPMA_CC_INITIALIZER(0x012D, 0, 1, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_SetPrimaryPolicy) - TPMA_CC_INITIALIZER(0x012E, 0, 1, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_FieldUpgradeStart) - TPMA_CC_INITIALIZER(0x012F, 0, 0, 0, 0, 2, 0, 0, 0), -#endif -#if (PAD_LIST || CC_ClockRateAdjust) - TPMA_CC_INITIALIZER(0x0130, 0, 0, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_CreatePrimary) - TPMA_CC_INITIALIZER(0x0131, 0, 0, 0, 0, 1, 1, 0, 0), -#endif -#if (PAD_LIST || CC_NV_GlobalWriteLock) - TPMA_CC_INITIALIZER(0x0132, 0, 1, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_GetCommandAuditDigest) - TPMA_CC_INITIALIZER(0x0133, 0, 1, 0, 0, 2, 0, 0, 0), -#endif -#if (PAD_LIST || CC_NV_Increment) - TPMA_CC_INITIALIZER(0x0134, 0, 1, 0, 0, 2, 0, 0, 0), -#endif -#if (PAD_LIST || CC_NV_SetBits) - TPMA_CC_INITIALIZER(0x0135, 0, 1, 0, 0, 2, 0, 0, 0), -#endif -#if (PAD_LIST || CC_NV_Extend) - TPMA_CC_INITIALIZER(0x0136, 0, 1, 0, 0, 2, 0, 0, 0), -#endif -#if (PAD_LIST || CC_NV_Write) - TPMA_CC_INITIALIZER(0x0137, 0, 1, 0, 0, 2, 0, 0, 0), -#endif -#if (PAD_LIST || CC_NV_WriteLock) - TPMA_CC_INITIALIZER(0x0138, 0, 1, 0, 0, 2, 0, 0, 0), -#endif -#if (PAD_LIST || CC_DictionaryAttackLockReset) - TPMA_CC_INITIALIZER(0x0139, 0, 1, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_DictionaryAttackParameters) - TPMA_CC_INITIALIZER(0x013A, 0, 1, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_NV_ChangeAuth) - TPMA_CC_INITIALIZER(0x013B, 0, 1, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_PCR_Event) - TPMA_CC_INITIALIZER(0x013C, 0, 1, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_PCR_Reset) - TPMA_CC_INITIALIZER(0x013D, 0, 1, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_SequenceComplete) - TPMA_CC_INITIALIZER(0x013E, 0, 0, 0, 1, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_SetAlgorithmSet) - TPMA_CC_INITIALIZER(0x013F, 0, 1, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_SetCommandCodeAuditStatus) - TPMA_CC_INITIALIZER(0x0140, 0, 1, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_FieldUpgradeData) - TPMA_CC_INITIALIZER(0x0141, 0, 1, 0, 0, 0, 0, 0, 0), -#endif -#if (PAD_LIST || CC_IncrementalSelfTest) - TPMA_CC_INITIALIZER(0x0142, 0, 1, 0, 0, 0, 0, 0, 0), -#endif -#if (PAD_LIST || CC_SelfTest) - TPMA_CC_INITIALIZER(0x0143, 0, 1, 0, 0, 0, 0, 0, 0), -#endif -#if (PAD_LIST || CC_Startup) - TPMA_CC_INITIALIZER(0x0144, 0, 1, 0, 0, 0, 0, 0, 0), -#endif -#if (PAD_LIST || CC_Shutdown) - TPMA_CC_INITIALIZER(0x0145, 0, 1, 0, 0, 0, 0, 0, 0), -#endif -#if (PAD_LIST || CC_StirRandom) - TPMA_CC_INITIALIZER(0x0146, 0, 1, 0, 0, 0, 0, 0, 0), -#endif -#if (PAD_LIST || CC_ActivateCredential) - TPMA_CC_INITIALIZER(0x0147, 0, 0, 0, 0, 2, 0, 0, 0), -#endif -#if (PAD_LIST || CC_Certify) - TPMA_CC_INITIALIZER(0x0148, 0, 0, 0, 0, 2, 0, 0, 0), -#endif -#if (PAD_LIST || CC_PolicyNV) - TPMA_CC_INITIALIZER(0x0149, 0, 0, 0, 0, 3, 0, 0, 0), -#endif -#if (PAD_LIST || CC_CertifyCreation) - TPMA_CC_INITIALIZER(0x014A, 0, 0, 0, 0, 2, 0, 0, 0), -#endif -#if (PAD_LIST || CC_Duplicate) - TPMA_CC_INITIALIZER(0x014B, 0, 0, 0, 0, 2, 0, 0, 0), -#endif -#if (PAD_LIST || CC_GetTime) - TPMA_CC_INITIALIZER(0x014C, 0, 0, 0, 0, 2, 0, 0, 0), -#endif -#if (PAD_LIST || CC_GetSessionAuditDigest) - TPMA_CC_INITIALIZER(0x014D, 0, 0, 0, 0, 3, 0, 0, 0), -#endif -#if (PAD_LIST || CC_NV_Read) - TPMA_CC_INITIALIZER(0x014E, 0, 0, 0, 0, 2, 0, 0, 0), -#endif -#if (PAD_LIST || CC_NV_ReadLock) - TPMA_CC_INITIALIZER(0x014F, 0, 1, 0, 0, 2, 0, 0, 0), -#endif -#if (PAD_LIST || CC_ObjectChangeAuth) - TPMA_CC_INITIALIZER(0x0150, 0, 0, 0, 0, 2, 0, 0, 0), -#endif -#if (PAD_LIST || CC_PolicySecret) - TPMA_CC_INITIALIZER(0x0151, 0, 0, 0, 0, 2, 0, 0, 0), -#endif -#if (PAD_LIST || CC_Rewrap) - TPMA_CC_INITIALIZER(0x0152, 0, 0, 0, 0, 2, 0, 0, 0), -#endif -#if (PAD_LIST || CC_Create) - TPMA_CC_INITIALIZER(0x0153, 0, 0, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_ECDH_ZGen) - TPMA_CC_INITIALIZER(0x0154, 0, 0, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || (CC_HMAC || CC_MAC)) - TPMA_CC_INITIALIZER(0x0155, 0, 0, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_Import) - TPMA_CC_INITIALIZER(0x0156, 0, 0, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_Load) - TPMA_CC_INITIALIZER(0x0157, 0, 0, 0, 0, 1, 1, 0, 0), -#endif -#if (PAD_LIST || CC_Quote) - TPMA_CC_INITIALIZER(0x0158, 0, 0, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_RSA_Decrypt) - TPMA_CC_INITIALIZER(0x0159, 0, 0, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST ) - TPMA_CC_INITIALIZER(0x015A, 0, 0, 0, 0, 0, 0, 0, 0), -#endif -#if (PAD_LIST || (CC_HMAC_Start || CC_MAC_Start)) - TPMA_CC_INITIALIZER(0x015B, 0, 0, 0, 0, 1, 1, 0, 0), -#endif -#if (PAD_LIST || CC_SequenceUpdate) - TPMA_CC_INITIALIZER(0x015C, 0, 0, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_Sign) - TPMA_CC_INITIALIZER(0x015D, 0, 0, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_Unseal) - TPMA_CC_INITIALIZER(0x015E, 0, 0, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST ) - TPMA_CC_INITIALIZER(0x015F, 0, 0, 0, 0, 0, 0, 0, 0), -#endif -#if (PAD_LIST || CC_PolicySigned) - TPMA_CC_INITIALIZER(0x0160, 0, 0, 0, 0, 2, 0, 0, 0), -#endif -#if (PAD_LIST || CC_ContextLoad) - TPMA_CC_INITIALIZER(0x0161, 0, 0, 0, 0, 0, 1, 0, 0), -#endif -#if (PAD_LIST || CC_ContextSave) - TPMA_CC_INITIALIZER(0x0162, 0, 0, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_ECDH_KeyGen) - TPMA_CC_INITIALIZER(0x0163, 0, 0, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_EncryptDecrypt) - TPMA_CC_INITIALIZER(0x0164, 0, 0, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_FlushContext) - TPMA_CC_INITIALIZER(0x0165, 0, 0, 0, 0, 0, 0, 0, 0), -#endif -#if (PAD_LIST ) - TPMA_CC_INITIALIZER(0x0166, 0, 0, 0, 0, 0, 0, 0, 0), -#endif -#if (PAD_LIST || CC_LoadExternal) - TPMA_CC_INITIALIZER(0x0167, 0, 0, 0, 0, 0, 1, 0, 0), -#endif -#if (PAD_LIST || CC_MakeCredential) - TPMA_CC_INITIALIZER(0x0168, 0, 0, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_NV_ReadPublic) - TPMA_CC_INITIALIZER(0x0169, 0, 0, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_PolicyAuthorize) - TPMA_CC_INITIALIZER(0x016A, 0, 0, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_PolicyAuthValue) - TPMA_CC_INITIALIZER(0x016B, 0, 0, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_PolicyCommandCode) - TPMA_CC_INITIALIZER(0x016C, 0, 0, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_PolicyCounterTimer) - TPMA_CC_INITIALIZER(0x016D, 0, 0, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_PolicyCpHash) - TPMA_CC_INITIALIZER(0x016E, 0, 0, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_PolicyLocality) - TPMA_CC_INITIALIZER(0x016F, 0, 0, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_PolicyNameHash) - TPMA_CC_INITIALIZER(0x0170, 0, 0, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_PolicyOR) - TPMA_CC_INITIALIZER(0x0171, 0, 0, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_PolicyTicket) - TPMA_CC_INITIALIZER(0x0172, 0, 0, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_ReadPublic) - TPMA_CC_INITIALIZER(0x0173, 0, 0, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_RSA_Encrypt) - TPMA_CC_INITIALIZER(0x0174, 0, 0, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST ) - TPMA_CC_INITIALIZER(0x0175, 0, 0, 0, 0, 0, 0, 0, 0), -#endif -#if (PAD_LIST || CC_StartAuthSession) - TPMA_CC_INITIALIZER(0x0176, 0, 0, 0, 0, 2, 1, 0, 0), -#endif -#if (PAD_LIST || CC_VerifySignature) - TPMA_CC_INITIALIZER(0x0177, 0, 0, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_ECC_Parameters) - TPMA_CC_INITIALIZER(0x0178, 0, 0, 0, 0, 0, 0, 0, 0), -#endif -#if (PAD_LIST || CC_FirmwareRead) - TPMA_CC_INITIALIZER(0x0179, 0, 0, 0, 0, 0, 0, 0, 0), -#endif -#if (PAD_LIST || CC_GetCapability) - TPMA_CC_INITIALIZER(0x017A, 0, 0, 0, 0, 0, 0, 0, 0), -#endif -#if (PAD_LIST || CC_GetRandom) - TPMA_CC_INITIALIZER(0x017B, 0, 0, 0, 0, 0, 0, 0, 0), -#endif -#if (PAD_LIST || CC_GetTestResult) - TPMA_CC_INITIALIZER(0x017C, 0, 0, 0, 0, 0, 0, 0, 0), -#endif -#if (PAD_LIST || CC_Hash) - TPMA_CC_INITIALIZER(0x017D, 0, 0, 0, 0, 0, 0, 0, 0), -#endif -#if (PAD_LIST || CC_PCR_Read) - TPMA_CC_INITIALIZER(0x017E, 0, 0, 0, 0, 0, 0, 0, 0), -#endif -#if (PAD_LIST || CC_PolicyPCR) - TPMA_CC_INITIALIZER(0x017F, 0, 0, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_PolicyRestart) - TPMA_CC_INITIALIZER(0x0180, 0, 0, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_ReadClock) - TPMA_CC_INITIALIZER(0x0181, 0, 0, 0, 0, 0, 0, 0, 0), -#endif -#if (PAD_LIST || CC_PCR_Extend) - TPMA_CC_INITIALIZER(0x0182, 0, 1, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_PCR_SetAuthValue) - TPMA_CC_INITIALIZER(0x0183, 0, 0, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_NV_Certify) - TPMA_CC_INITIALIZER(0x0184, 0, 0, 0, 0, 3, 0, 0, 0), -#endif -#if (PAD_LIST || CC_EventSequenceComplete) - TPMA_CC_INITIALIZER(0x0185, 0, 1, 0, 1, 2, 0, 0, 0), -#endif -#if (PAD_LIST || CC_HashSequenceStart) - TPMA_CC_INITIALIZER(0x0186, 0, 0, 0, 0, 0, 1, 0, 0), -#endif -#if (PAD_LIST || CC_PolicyPhysicalPresence) - TPMA_CC_INITIALIZER(0x0187, 0, 0, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_PolicyDuplicationSelect) - TPMA_CC_INITIALIZER(0x0188, 0, 0, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_PolicyGetDigest) - TPMA_CC_INITIALIZER(0x0189, 0, 0, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_TestParms) - TPMA_CC_INITIALIZER(0x018A, 0, 0, 0, 0, 0, 0, 0, 0), -#endif -#if (PAD_LIST || CC_Commit) - TPMA_CC_INITIALIZER(0x018B, 0, 0, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_PolicyPassword) - TPMA_CC_INITIALIZER(0x018C, 0, 0, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_ZGen_2Phase) - TPMA_CC_INITIALIZER(0x018D, 0, 0, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_EC_Ephemeral) - TPMA_CC_INITIALIZER(0x018E, 0, 0, 0, 0, 0, 0, 0, 0), -#endif -#if (PAD_LIST || CC_PolicyNvWritten) - TPMA_CC_INITIALIZER(0x018F, 0, 0, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_PolicyTemplate) - TPMA_CC_INITIALIZER(0x0190, 0, 0, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_CreateLoaded) - TPMA_CC_INITIALIZER(0x0191, 0, 0, 0, 0, 1, 1, 0, 0), -#endif -#if (PAD_LIST || CC_PolicyAuthorizeNV) - TPMA_CC_INITIALIZER(0x0192, 0, 0, 0, 0, 3, 0, 0, 0), -#endif -#if (PAD_LIST || CC_EncryptDecrypt2) - TPMA_CC_INITIALIZER(0x0193, 0, 0, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_AC_GetCapability) - TPMA_CC_INITIALIZER(0x0194, 0, 0, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_AC_Send) - TPMA_CC_INITIALIZER(0x0195, 0, 0, 0, 0, 3, 0, 0, 0), -#endif -#if (PAD_LIST || CC_Policy_AC_SendSelect) - TPMA_CC_INITIALIZER(0x0196, 0, 0, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_CertifyX509) - TPMA_CC_INITIALIZER(0x0197, 0, 0, 0, 0, 2, 0, 0, 0), -#endif -#if (PAD_LIST || CC_Vendor_TCG_Test) - TPMA_CC_INITIALIZER(0x0000, 0, 0, 0, 0, 0, 0, 1, 0), -#endif - TPMA_ZERO_INITIALIZER() -}; - - - -// This is the command code attribute structure. -const COMMAND_ATTRIBUTES s_commandAttributes [] = { -#if (PAD_LIST || CC_NV_UndefineSpaceSpecial) - (COMMAND_ATTRIBUTES)(CC_NV_UndefineSpaceSpecial * // 0x011F - (IS_IMPLEMENTED+HANDLE_1_ADMIN+HANDLE_2_USER+PP_COMMAND)), -#endif -#if (PAD_LIST || CC_EvictControl) - (COMMAND_ATTRIBUTES)(CC_EvictControl * // 0x0120 - (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), -#endif -#if (PAD_LIST || CC_HierarchyControl) - (COMMAND_ATTRIBUTES)(CC_HierarchyControl * // 0x0121 - (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), -#endif -#if (PAD_LIST || CC_NV_UndefineSpace) - (COMMAND_ATTRIBUTES)(CC_NV_UndefineSpace * // 0x0122 - (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), -#endif -#if (PAD_LIST ) - (COMMAND_ATTRIBUTES)(0), // 0x0123 -#endif -#if (PAD_LIST || CC_ChangeEPS) - (COMMAND_ATTRIBUTES)(CC_ChangeEPS * // 0x0124 - (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), -#endif -#if (PAD_LIST || CC_ChangePPS) - (COMMAND_ATTRIBUTES)(CC_ChangePPS * // 0x0125 - (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), -#endif -#if (PAD_LIST || CC_Clear) - (COMMAND_ATTRIBUTES)(CC_Clear * // 0x0126 - (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), -#endif -#if (PAD_LIST || CC_ClearControl) - (COMMAND_ATTRIBUTES)(CC_ClearControl * // 0x0127 - (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), -#endif -#if (PAD_LIST || CC_ClockSet) - (COMMAND_ATTRIBUTES)(CC_ClockSet * // 0x0128 - (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), -#endif -#if (PAD_LIST || CC_HierarchyChangeAuth) - (COMMAND_ATTRIBUTES)(CC_HierarchyChangeAuth * // 0x0129 - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+PP_COMMAND)), -#endif -#if (PAD_LIST || CC_NV_DefineSpace) - (COMMAND_ATTRIBUTES)(CC_NV_DefineSpace * // 0x012A - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+PP_COMMAND)), -#endif -#if (PAD_LIST || CC_PCR_Allocate) - (COMMAND_ATTRIBUTES)(CC_PCR_Allocate * // 0x012B - (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), -#endif -#if (PAD_LIST || CC_PCR_SetAuthPolicy) - (COMMAND_ATTRIBUTES)(CC_PCR_SetAuthPolicy * // 0x012C - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+PP_COMMAND)), -#endif -#if (PAD_LIST || CC_PP_Commands) - (COMMAND_ATTRIBUTES)(CC_PP_Commands * // 0x012D - (IS_IMPLEMENTED+HANDLE_1_USER+PP_REQUIRED)), -#endif -#if (PAD_LIST || CC_SetPrimaryPolicy) - (COMMAND_ATTRIBUTES)(CC_SetPrimaryPolicy * // 0x012E - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+PP_COMMAND)), -#endif -#if (PAD_LIST || CC_FieldUpgradeStart) - (COMMAND_ATTRIBUTES)(CC_FieldUpgradeStart * // 0x012F - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_ADMIN+PP_COMMAND)), -#endif -#if (PAD_LIST || CC_ClockRateAdjust) - (COMMAND_ATTRIBUTES)(CC_ClockRateAdjust * // 0x0130 - (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), -#endif -#if (PAD_LIST || CC_CreatePrimary) - (COMMAND_ATTRIBUTES)(CC_CreatePrimary * // 0x0131 - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+PP_COMMAND+ENCRYPT_2+R_HANDLE)), -#endif -#if (PAD_LIST || CC_NV_GlobalWriteLock) - (COMMAND_ATTRIBUTES)(CC_NV_GlobalWriteLock * // 0x0132 - (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), -#endif -#if (PAD_LIST || CC_GetCommandAuditDigest) - (COMMAND_ATTRIBUTES)(CC_GetCommandAuditDigest * // 0x0133 - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+HANDLE_2_USER+ENCRYPT_2)), -#endif -#if (PAD_LIST || CC_NV_Increment) - (COMMAND_ATTRIBUTES)(CC_NV_Increment * // 0x0134 - (IS_IMPLEMENTED+HANDLE_1_USER)), -#endif -#if (PAD_LIST || CC_NV_SetBits) - (COMMAND_ATTRIBUTES)(CC_NV_SetBits * // 0x0135 - (IS_IMPLEMENTED+HANDLE_1_USER)), -#endif -#if (PAD_LIST || CC_NV_Extend) - (COMMAND_ATTRIBUTES)(CC_NV_Extend * // 0x0136 - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER)), -#endif -#if (PAD_LIST || CC_NV_Write) - (COMMAND_ATTRIBUTES)(CC_NV_Write * // 0x0137 - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER)), -#endif -#if (PAD_LIST || CC_NV_WriteLock) - (COMMAND_ATTRIBUTES)(CC_NV_WriteLock * // 0x0138 - (IS_IMPLEMENTED+HANDLE_1_USER)), -#endif -#if (PAD_LIST || CC_DictionaryAttackLockReset) - (COMMAND_ATTRIBUTES)(CC_DictionaryAttackLockReset * // 0x0139 - (IS_IMPLEMENTED+HANDLE_1_USER)), -#endif -#if (PAD_LIST || CC_DictionaryAttackParameters) - (COMMAND_ATTRIBUTES)(CC_DictionaryAttackParameters * // 0x013A - (IS_IMPLEMENTED+HANDLE_1_USER)), -#endif -#if (PAD_LIST || CC_NV_ChangeAuth) - (COMMAND_ATTRIBUTES)(CC_NV_ChangeAuth * // 0x013B - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_ADMIN)), -#endif -#if (PAD_LIST || CC_PCR_Event) - (COMMAND_ATTRIBUTES)(CC_PCR_Event * // 0x013C - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER)), -#endif -#if (PAD_LIST || CC_PCR_Reset) - (COMMAND_ATTRIBUTES)(CC_PCR_Reset * // 0x013D - (IS_IMPLEMENTED+HANDLE_1_USER)), -#endif -#if (PAD_LIST || CC_SequenceComplete) - (COMMAND_ATTRIBUTES)(CC_SequenceComplete * // 0x013E - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), -#endif -#if (PAD_LIST || CC_SetAlgorithmSet) - (COMMAND_ATTRIBUTES)(CC_SetAlgorithmSet * // 0x013F - (IS_IMPLEMENTED+HANDLE_1_USER)), -#endif -#if (PAD_LIST || CC_SetCommandCodeAuditStatus) - (COMMAND_ATTRIBUTES)(CC_SetCommandCodeAuditStatus * // 0x0140 - (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), -#endif -#if (PAD_LIST || CC_FieldUpgradeData) - (COMMAND_ATTRIBUTES)(CC_FieldUpgradeData * // 0x0141 - (IS_IMPLEMENTED+DECRYPT_2)), -#endif -#if (PAD_LIST || CC_IncrementalSelfTest) - (COMMAND_ATTRIBUTES)(CC_IncrementalSelfTest * // 0x0142 - (IS_IMPLEMENTED)), -#endif -#if (PAD_LIST || CC_SelfTest) - (COMMAND_ATTRIBUTES)(CC_SelfTest * // 0x0143 - (IS_IMPLEMENTED)), -#endif -#if (PAD_LIST || CC_Startup) - (COMMAND_ATTRIBUTES)(CC_Startup * // 0x0144 - (IS_IMPLEMENTED+NO_SESSIONS)), -#endif -#if (PAD_LIST || CC_Shutdown) - (COMMAND_ATTRIBUTES)(CC_Shutdown * // 0x0145 - (IS_IMPLEMENTED)), -#endif -#if (PAD_LIST || CC_StirRandom) - (COMMAND_ATTRIBUTES)(CC_StirRandom * // 0x0146 - (IS_IMPLEMENTED+DECRYPT_2)), -#endif -#if (PAD_LIST || CC_ActivateCredential) - (COMMAND_ATTRIBUTES)(CC_ActivateCredential * // 0x0147 - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_ADMIN+HANDLE_2_USER+ENCRYPT_2)), -#endif -#if (PAD_LIST || CC_Certify) - (COMMAND_ATTRIBUTES)(CC_Certify * // 0x0148 - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_ADMIN+HANDLE_2_USER+ENCRYPT_2)), -#endif -#if (PAD_LIST || CC_PolicyNV) - (COMMAND_ATTRIBUTES)(CC_PolicyNV * // 0x0149 - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ALLOW_TRIAL)), -#endif -#if (PAD_LIST || CC_CertifyCreation) - (COMMAND_ATTRIBUTES)(CC_CertifyCreation * // 0x014A - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), -#endif -#if (PAD_LIST || CC_Duplicate) - (COMMAND_ATTRIBUTES)(CC_Duplicate * // 0x014B - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_DUP+ENCRYPT_2)), -#endif -#if (PAD_LIST || CC_GetTime) - (COMMAND_ATTRIBUTES)(CC_GetTime * // 0x014C - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+HANDLE_2_USER+ENCRYPT_2)), -#endif -#if (PAD_LIST || CC_GetSessionAuditDigest) - (COMMAND_ATTRIBUTES)(CC_GetSessionAuditDigest * // 0x014D - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+HANDLE_2_USER+ENCRYPT_2)), -#endif -#if (PAD_LIST || CC_NV_Read) - (COMMAND_ATTRIBUTES)(CC_NV_Read * // 0x014E - (IS_IMPLEMENTED+HANDLE_1_USER+ENCRYPT_2)), -#endif -#if (PAD_LIST || CC_NV_ReadLock) - (COMMAND_ATTRIBUTES)(CC_NV_ReadLock * // 0x014F - (IS_IMPLEMENTED+HANDLE_1_USER)), -#endif -#if (PAD_LIST || CC_ObjectChangeAuth) - (COMMAND_ATTRIBUTES)(CC_ObjectChangeAuth * // 0x0150 - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_ADMIN+ENCRYPT_2)), -#endif -#if (PAD_LIST || CC_PolicySecret) - (COMMAND_ATTRIBUTES)(CC_PolicySecret * // 0x0151 - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ALLOW_TRIAL+ENCRYPT_2)), -#endif -#if (PAD_LIST || CC_Rewrap) - (COMMAND_ATTRIBUTES)(CC_Rewrap * // 0x0152 - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), -#endif -#if (PAD_LIST || CC_Create) - (COMMAND_ATTRIBUTES)(CC_Create * // 0x0153 - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), -#endif -#if (PAD_LIST || CC_ECDH_ZGen) - (COMMAND_ATTRIBUTES)(CC_ECDH_ZGen * // 0x0154 - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), -#endif -#if (PAD_LIST || (CC_HMAC || CC_MAC)) - (COMMAND_ATTRIBUTES)((CC_HMAC || CC_MAC) * // 0x0155 - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), -#endif -#if (PAD_LIST || CC_Import) - (COMMAND_ATTRIBUTES)(CC_Import * // 0x0156 - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), -#endif -#if (PAD_LIST || CC_Load) - (COMMAND_ATTRIBUTES)(CC_Load * // 0x0157 - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2+R_HANDLE)), -#endif -#if (PAD_LIST || CC_Quote) - (COMMAND_ATTRIBUTES)(CC_Quote * // 0x0158 - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), -#endif -#if (PAD_LIST || CC_RSA_Decrypt) - (COMMAND_ATTRIBUTES)(CC_RSA_Decrypt * // 0x0159 - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), -#endif -#if (PAD_LIST ) - (COMMAND_ATTRIBUTES)(0), // 0x015A -#endif -#if (PAD_LIST || (CC_HMAC_Start || CC_MAC_Start)) - (COMMAND_ATTRIBUTES)((CC_HMAC_Start || CC_MAC_Start) * // 0x015B - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+R_HANDLE)), -#endif -#if (PAD_LIST || CC_SequenceUpdate) - (COMMAND_ATTRIBUTES)(CC_SequenceUpdate * // 0x015C - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER)), -#endif -#if (PAD_LIST || CC_Sign) - (COMMAND_ATTRIBUTES)(CC_Sign * // 0x015D - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER)), -#endif -#if (PAD_LIST || CC_Unseal) - (COMMAND_ATTRIBUTES)(CC_Unseal * // 0x015E - (IS_IMPLEMENTED+HANDLE_1_USER+ENCRYPT_2)), -#endif -#if (PAD_LIST ) - (COMMAND_ATTRIBUTES)(0), // 0x015F -#endif -#if (PAD_LIST || CC_PolicySigned) - (COMMAND_ATTRIBUTES)(CC_PolicySigned * // 0x0160 - (IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL+ENCRYPT_2)), -#endif -#if (PAD_LIST || CC_ContextLoad) - (COMMAND_ATTRIBUTES)(CC_ContextLoad * // 0x0161 - (IS_IMPLEMENTED+NO_SESSIONS+R_HANDLE)), -#endif -#if (PAD_LIST || CC_ContextSave) - (COMMAND_ATTRIBUTES)(CC_ContextSave * // 0x0162 - (IS_IMPLEMENTED+NO_SESSIONS)), -#endif -#if (PAD_LIST || CC_ECDH_KeyGen) - (COMMAND_ATTRIBUTES)(CC_ECDH_KeyGen * // 0x0163 - (IS_IMPLEMENTED+ENCRYPT_2)), -#endif -#if (PAD_LIST || CC_EncryptDecrypt) - (COMMAND_ATTRIBUTES)(CC_EncryptDecrypt * // 0x0164 - (IS_IMPLEMENTED+HANDLE_1_USER+ENCRYPT_2)), -#endif -#if (PAD_LIST || CC_FlushContext) - (COMMAND_ATTRIBUTES)(CC_FlushContext * // 0x0165 - (IS_IMPLEMENTED+NO_SESSIONS)), -#endif -#if (PAD_LIST ) - (COMMAND_ATTRIBUTES)(0), // 0x0166 -#endif -#if (PAD_LIST || CC_LoadExternal) - (COMMAND_ATTRIBUTES)(CC_LoadExternal * // 0x0167 - (IS_IMPLEMENTED+DECRYPT_2+ENCRYPT_2+R_HANDLE)), -#endif -#if (PAD_LIST || CC_MakeCredential) - (COMMAND_ATTRIBUTES)(CC_MakeCredential * // 0x0168 - (IS_IMPLEMENTED+DECRYPT_2+ENCRYPT_2)), -#endif -#if (PAD_LIST || CC_NV_ReadPublic) - (COMMAND_ATTRIBUTES)(CC_NV_ReadPublic * // 0x0169 - (IS_IMPLEMENTED+ENCRYPT_2)), -#endif -#if (PAD_LIST || CC_PolicyAuthorize) - (COMMAND_ATTRIBUTES)(CC_PolicyAuthorize * // 0x016A - (IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL)), -#endif -#if (PAD_LIST || CC_PolicyAuthValue) - (COMMAND_ATTRIBUTES)(CC_PolicyAuthValue * // 0x016B - (IS_IMPLEMENTED+ALLOW_TRIAL)), -#endif -#if (PAD_LIST || CC_PolicyCommandCode) - (COMMAND_ATTRIBUTES)(CC_PolicyCommandCode * // 0x016C - (IS_IMPLEMENTED+ALLOW_TRIAL)), -#endif -#if (PAD_LIST || CC_PolicyCounterTimer) - (COMMAND_ATTRIBUTES)(CC_PolicyCounterTimer * // 0x016D - (IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL)), -#endif -#if (PAD_LIST || CC_PolicyCpHash) - (COMMAND_ATTRIBUTES)(CC_PolicyCpHash * // 0x016E - (IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL)), -#endif -#if (PAD_LIST || CC_PolicyLocality) - (COMMAND_ATTRIBUTES)(CC_PolicyLocality * // 0x016F - (IS_IMPLEMENTED+ALLOW_TRIAL)), -#endif -#if (PAD_LIST || CC_PolicyNameHash) - (COMMAND_ATTRIBUTES)(CC_PolicyNameHash * // 0x0170 - (IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL)), -#endif -#if (PAD_LIST || CC_PolicyOR) - (COMMAND_ATTRIBUTES)(CC_PolicyOR * // 0x0171 - (IS_IMPLEMENTED+ALLOW_TRIAL)), -#endif -#if (PAD_LIST || CC_PolicyTicket) - (COMMAND_ATTRIBUTES)(CC_PolicyTicket * // 0x0172 - (IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL)), -#endif -#if (PAD_LIST || CC_ReadPublic) - (COMMAND_ATTRIBUTES)(CC_ReadPublic * // 0x0173 - (IS_IMPLEMENTED+ENCRYPT_2)), -#endif -#if (PAD_LIST || CC_RSA_Encrypt) - (COMMAND_ATTRIBUTES)(CC_RSA_Encrypt * // 0x0174 - (IS_IMPLEMENTED+DECRYPT_2+ENCRYPT_2)), -#endif -#if (PAD_LIST ) - (COMMAND_ATTRIBUTES)(0), // 0x0175 -#endif -#if (PAD_LIST || CC_StartAuthSession) - (COMMAND_ATTRIBUTES)(CC_StartAuthSession * // 0x0176 - (IS_IMPLEMENTED+DECRYPT_2+ENCRYPT_2+R_HANDLE)), -#endif -#if (PAD_LIST || CC_VerifySignature) - (COMMAND_ATTRIBUTES)(CC_VerifySignature * // 0x0177 - (IS_IMPLEMENTED+DECRYPT_2)), -#endif -#if (PAD_LIST || CC_ECC_Parameters) - (COMMAND_ATTRIBUTES)(CC_ECC_Parameters * // 0x0178 - (IS_IMPLEMENTED)), -#endif -#if (PAD_LIST || CC_FirmwareRead) - (COMMAND_ATTRIBUTES)(CC_FirmwareRead * // 0x0179 - (IS_IMPLEMENTED+ENCRYPT_2)), -#endif -#if (PAD_LIST || CC_GetCapability) - (COMMAND_ATTRIBUTES)(CC_GetCapability * // 0x017A - (IS_IMPLEMENTED)), -#endif -#if (PAD_LIST || CC_GetRandom) - (COMMAND_ATTRIBUTES)(CC_GetRandom * // 0x017B - (IS_IMPLEMENTED+ENCRYPT_2)), -#endif -#if (PAD_LIST || CC_GetTestResult) - (COMMAND_ATTRIBUTES)(CC_GetTestResult * // 0x017C - (IS_IMPLEMENTED+ENCRYPT_2)), -#endif -#if (PAD_LIST || CC_Hash) - (COMMAND_ATTRIBUTES)(CC_Hash * // 0x017D - (IS_IMPLEMENTED+DECRYPT_2+ENCRYPT_2)), -#endif -#if (PAD_LIST || CC_PCR_Read) - (COMMAND_ATTRIBUTES)(CC_PCR_Read * // 0x017E - (IS_IMPLEMENTED)), -#endif -#if (PAD_LIST || CC_PolicyPCR) - (COMMAND_ATTRIBUTES)(CC_PolicyPCR * // 0x017F - (IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL)), -#endif -#if (PAD_LIST || CC_PolicyRestart) - (COMMAND_ATTRIBUTES)(CC_PolicyRestart * // 0x0180 - (IS_IMPLEMENTED+ALLOW_TRIAL)), -#endif -#if (PAD_LIST || CC_ReadClock) - (COMMAND_ATTRIBUTES)(CC_ReadClock * // 0x0181 - (IS_IMPLEMENTED)), -#endif -#if (PAD_LIST || CC_PCR_Extend) - (COMMAND_ATTRIBUTES)(CC_PCR_Extend * // 0x0182 - (IS_IMPLEMENTED+HANDLE_1_USER)), -#endif -#if (PAD_LIST || CC_PCR_SetAuthValue) - (COMMAND_ATTRIBUTES)(CC_PCR_SetAuthValue * // 0x0183 - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER)), -#endif -#if (PAD_LIST || CC_NV_Certify) - (COMMAND_ATTRIBUTES)(CC_NV_Certify * // 0x0184 - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+HANDLE_2_USER+ENCRYPT_2)), -#endif -#if (PAD_LIST || CC_EventSequenceComplete) - (COMMAND_ATTRIBUTES)(CC_EventSequenceComplete * // 0x0185 - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+HANDLE_2_USER)), -#endif -#if (PAD_LIST || CC_HashSequenceStart) - (COMMAND_ATTRIBUTES)(CC_HashSequenceStart * // 0x0186 - (IS_IMPLEMENTED+DECRYPT_2+R_HANDLE)), -#endif -#if (PAD_LIST || CC_PolicyPhysicalPresence) - (COMMAND_ATTRIBUTES)(CC_PolicyPhysicalPresence * // 0x0187 - (IS_IMPLEMENTED+ALLOW_TRIAL)), -#endif -#if (PAD_LIST || CC_PolicyDuplicationSelect) - (COMMAND_ATTRIBUTES)(CC_PolicyDuplicationSelect * // 0x0188 - (IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL)), -#endif -#if (PAD_LIST || CC_PolicyGetDigest) - (COMMAND_ATTRIBUTES)(CC_PolicyGetDigest * // 0x0189 - (IS_IMPLEMENTED+ALLOW_TRIAL+ENCRYPT_2)), -#endif -#if (PAD_LIST || CC_TestParms) - (COMMAND_ATTRIBUTES)(CC_TestParms * // 0x018A - (IS_IMPLEMENTED)), -#endif -#if (PAD_LIST || CC_Commit) - (COMMAND_ATTRIBUTES)(CC_Commit * // 0x018B - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), -#endif -#if (PAD_LIST || CC_PolicyPassword) - (COMMAND_ATTRIBUTES)(CC_PolicyPassword * // 0x018C - (IS_IMPLEMENTED+ALLOW_TRIAL)), -#endif -#if (PAD_LIST || CC_ZGen_2Phase) - (COMMAND_ATTRIBUTES)(CC_ZGen_2Phase * // 0x018D - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), -#endif -#if (PAD_LIST || CC_EC_Ephemeral) - (COMMAND_ATTRIBUTES)(CC_EC_Ephemeral * // 0x018E - (IS_IMPLEMENTED+ENCRYPT_2)), -#endif -#if (PAD_LIST || CC_PolicyNvWritten) - (COMMAND_ATTRIBUTES)(CC_PolicyNvWritten * // 0x018F - (IS_IMPLEMENTED+ALLOW_TRIAL)), -#endif -#if (PAD_LIST || CC_PolicyTemplate) - (COMMAND_ATTRIBUTES)(CC_PolicyTemplate * // 0x0190 - (IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL)), -#endif -#if (PAD_LIST || CC_CreateLoaded) - (COMMAND_ATTRIBUTES)(CC_CreateLoaded * // 0x0191 - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+PP_COMMAND+ENCRYPT_2+R_HANDLE)), -#endif -#if (PAD_LIST || CC_PolicyAuthorizeNV) - (COMMAND_ATTRIBUTES)(CC_PolicyAuthorizeNV * // 0x0192 - (IS_IMPLEMENTED+HANDLE_1_USER+ALLOW_TRIAL)), -#endif -#if (PAD_LIST || CC_EncryptDecrypt2) - (COMMAND_ATTRIBUTES)(CC_EncryptDecrypt2 * // 0x0193 - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), -#endif -#if (PAD_LIST || CC_AC_GetCapability) - (COMMAND_ATTRIBUTES)(CC_AC_GetCapability * // 0x0194 - (IS_IMPLEMENTED)), -#endif -#if (PAD_LIST || CC_AC_Send) - (COMMAND_ATTRIBUTES)(CC_AC_Send * // 0x0195 - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_DUP+HANDLE_2_USER)), -#endif -#if (PAD_LIST || CC_Policy_AC_SendSelect) - (COMMAND_ATTRIBUTES)(CC_Policy_AC_SendSelect * // 0x0196 - (IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL)), -#endif -#if (PAD_LIST || CC_CertifyX509) - (COMMAND_ATTRIBUTES)(CC_CertifyX509 * // 0x0197 - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_ADMIN+HANDLE_2_USER+ENCRYPT_2)), -#endif -#if (PAD_LIST || CC_Vendor_TCG_Test) - (COMMAND_ATTRIBUTES)(CC_Vendor_TCG_Test * // 0x0000 - (IS_IMPLEMENTED+DECRYPT_2+ENCRYPT_2)), -#endif - 0 -}; - - - -#endif // _COMMAND_CODE_ATTRIBUTES_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CommandAttributes.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CommandAttributes.h deleted file mode 100644 index eec0469fc..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CommandAttributes.h +++ /dev/null @@ -1,66 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 3.0 June 16, 2017 - * Date: Aug 14, 2017 Time: 02:53:08PM - */ -// The attributes defined in this file are produced by the parser that -// creates the structure definitions from Part 3. The attributes are defined -// in that parser and should track the attributes being tested in -// CommandCodeAttributes.c. Generally, when an attribute is added to this list, -// new code will be needed in CommandCodeAttributes.c to test it. - -#ifndef COMMAND_ATTRIBUTES_H -#define COMMAND_ATTRIBUTES_H - -typedef UINT16 COMMAND_ATTRIBUTES; -#define NOT_IMPLEMENTED (COMMAND_ATTRIBUTES)(0) -#define ENCRYPT_2 ((COMMAND_ATTRIBUTES)1 << 0) -#define ENCRYPT_4 ((COMMAND_ATTRIBUTES)1 << 1) -#define DECRYPT_2 ((COMMAND_ATTRIBUTES)1 << 2) -#define DECRYPT_4 ((COMMAND_ATTRIBUTES)1 << 3) -#define HANDLE_1_USER ((COMMAND_ATTRIBUTES)1 << 4) -#define HANDLE_1_ADMIN ((COMMAND_ATTRIBUTES)1 << 5) -#define HANDLE_1_DUP ((COMMAND_ATTRIBUTES)1 << 6) -#define HANDLE_2_USER ((COMMAND_ATTRIBUTES)1 << 7) -#define PP_COMMAND ((COMMAND_ATTRIBUTES)1 << 8) -#define IS_IMPLEMENTED ((COMMAND_ATTRIBUTES)1 << 9) -#define NO_SESSIONS ((COMMAND_ATTRIBUTES)1 << 10) -#define NV_COMMAND ((COMMAND_ATTRIBUTES)1 << 11) -#define PP_REQUIRED ((COMMAND_ATTRIBUTES)1 << 12) -#define R_HANDLE ((COMMAND_ATTRIBUTES)1 << 13) -#define ALLOW_TRIAL ((COMMAND_ATTRIBUTES)1 << 14) - -#endif // COMMAND_ATTRIBUTES_H diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CommandDispatchData.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CommandDispatchData.h deleted file mode 100644 index 2c2461544..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CommandDispatchData.h +++ /dev/null @@ -1,5167 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Apr 2, 2019 Time: 11:00:48AM - */ - -// This file should only be included by CommandCodeAttibutes.c -#ifdef _COMMAND_TABLE_DISPATCH_ - - -// Define the stop value -#define END_OF_LIST 0xff -#define ADD_FLAG 0x80 - -// These macros provide some variability in how the data is encoded. They also make -// the lines a little sorter. ;-) -# define UNMARSHAL_DISPATCH(name) (UNMARSHAL_t)name##_Unmarshal -# define MARSHAL_DISPATCH(name) (MARSHAL_t)name##_Marshal -# define _UNMARSHAL_T_ UNMARSHAL_t -# define _MARSHAL_T_ MARSHAL_t - - -// The UnmarshalArray contains the dispatch functions for the unmarshaling code. -// The defines in this array are used to make it easier to cross reference the -// unmarshaling values in the types array of each command - -const _UNMARSHAL_T_ UnmarshalArray[] = { -#define TPMI_DH_CONTEXT_H_UNMARSHAL 0 - UNMARSHAL_DISPATCH(TPMI_DH_CONTEXT), -#define TPMI_RH_AC_H_UNMARSHAL (TPMI_DH_CONTEXT_H_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMI_RH_AC), -#define TPMI_RH_CLEAR_H_UNMARSHAL (TPMI_RH_AC_H_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMI_RH_CLEAR), -#define TPMI_RH_HIERARCHY_AUTH_H_UNMARSHAL (TPMI_RH_CLEAR_H_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMI_RH_HIERARCHY_AUTH), -#define TPMI_RH_LOCKOUT_H_UNMARSHAL (TPMI_RH_HIERARCHY_AUTH_H_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMI_RH_LOCKOUT), -#define TPMI_RH_NV_AUTH_H_UNMARSHAL (TPMI_RH_LOCKOUT_H_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMI_RH_NV_AUTH), -#define TPMI_RH_NV_INDEX_H_UNMARSHAL (TPMI_RH_NV_AUTH_H_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMI_RH_NV_INDEX), -#define TPMI_RH_PLATFORM_H_UNMARSHAL (TPMI_RH_NV_INDEX_H_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMI_RH_PLATFORM), -#define TPMI_RH_PROVISION_H_UNMARSHAL (TPMI_RH_PLATFORM_H_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMI_RH_PROVISION), -#define TPMI_SH_HMAC_H_UNMARSHAL (TPMI_RH_PROVISION_H_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMI_SH_HMAC), -#define TPMI_SH_POLICY_H_UNMARSHAL (TPMI_SH_HMAC_H_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMI_SH_POLICY), -// HANDLE_FIRST_FLAG_TYPE is the first handle that needs a flag when called. -#define HANDLE_FIRST_FLAG_TYPE (TPMI_SH_POLICY_H_UNMARSHAL + 1) -#define TPMI_DH_ENTITY_H_UNMARSHAL (TPMI_SH_POLICY_H_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMI_DH_ENTITY), -#define TPMI_DH_OBJECT_H_UNMARSHAL (TPMI_DH_ENTITY_H_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMI_DH_OBJECT), -#define TPMI_DH_PARENT_H_UNMARSHAL (TPMI_DH_OBJECT_H_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMI_DH_PARENT), -#define TPMI_DH_PCR_H_UNMARSHAL (TPMI_DH_PARENT_H_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMI_DH_PCR), -#define TPMI_RH_ENDORSEMENT_H_UNMARSHAL (TPMI_DH_PCR_H_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMI_RH_ENDORSEMENT), -#define TPMI_RH_HIERARCHY_H_UNMARSHAL (TPMI_RH_ENDORSEMENT_H_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMI_RH_HIERARCHY), -// PARAMETER_FIRST_TYPE marks the end of the handle list. -#define PARAMETER_FIRST_TYPE (TPMI_RH_HIERARCHY_H_UNMARSHAL + 1) -#define TPM2B_DATA_P_UNMARSHAL (TPMI_RH_HIERARCHY_H_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPM2B_DATA), -#define TPM2B_DIGEST_P_UNMARSHAL (TPM2B_DATA_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPM2B_DIGEST), -#define TPM2B_ECC_PARAMETER_P_UNMARSHAL (TPM2B_DIGEST_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPM2B_ECC_PARAMETER), -#define TPM2B_ECC_POINT_P_UNMARSHAL (TPM2B_ECC_PARAMETER_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPM2B_ECC_POINT), -#define TPM2B_ENCRYPTED_SECRET_P_UNMARSHAL (TPM2B_ECC_POINT_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPM2B_ENCRYPTED_SECRET), -#define TPM2B_EVENT_P_UNMARSHAL (TPM2B_ENCRYPTED_SECRET_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPM2B_EVENT), -#define TPM2B_ID_OBJECT_P_UNMARSHAL (TPM2B_EVENT_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPM2B_ID_OBJECT), -#define TPM2B_IV_P_UNMARSHAL (TPM2B_ID_OBJECT_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPM2B_IV), -#define TPM2B_MAX_BUFFER_P_UNMARSHAL (TPM2B_IV_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPM2B_MAX_BUFFER), -#define TPM2B_MAX_NV_BUFFER_P_UNMARSHAL (TPM2B_MAX_BUFFER_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPM2B_MAX_NV_BUFFER), -#define TPM2B_NAME_P_UNMARSHAL (TPM2B_MAX_NV_BUFFER_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPM2B_NAME), -#define TPM2B_NV_PUBLIC_P_UNMARSHAL (TPM2B_NAME_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPM2B_NV_PUBLIC), -#define TPM2B_PRIVATE_P_UNMARSHAL (TPM2B_NV_PUBLIC_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPM2B_PRIVATE), -#define TPM2B_PUBLIC_KEY_RSA_P_UNMARSHAL (TPM2B_PRIVATE_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPM2B_PUBLIC_KEY_RSA), -#define TPM2B_SENSITIVE_P_UNMARSHAL (TPM2B_PUBLIC_KEY_RSA_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPM2B_SENSITIVE), -#define TPM2B_SENSITIVE_CREATE_P_UNMARSHAL (TPM2B_SENSITIVE_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPM2B_SENSITIVE_CREATE), -#define TPM2B_SENSITIVE_DATA_P_UNMARSHAL (TPM2B_SENSITIVE_CREATE_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPM2B_SENSITIVE_DATA), -#define TPM2B_TEMPLATE_P_UNMARSHAL (TPM2B_SENSITIVE_DATA_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPM2B_TEMPLATE), -#define TPM2B_TIMEOUT_P_UNMARSHAL (TPM2B_TEMPLATE_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPM2B_TIMEOUT), -#define TPMI_DH_CONTEXT_P_UNMARSHAL (TPM2B_TIMEOUT_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMI_DH_CONTEXT), -#define TPMI_DH_PERSISTENT_P_UNMARSHAL (TPMI_DH_CONTEXT_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMI_DH_PERSISTENT), -#define TPMI_ECC_CURVE_P_UNMARSHAL (TPMI_DH_PERSISTENT_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMI_ECC_CURVE), -#define TPMI_YES_NO_P_UNMARSHAL (TPMI_ECC_CURVE_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMI_YES_NO), -#define TPML_ALG_P_UNMARSHAL (TPMI_YES_NO_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPML_ALG), -#define TPML_CC_P_UNMARSHAL (TPML_ALG_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPML_CC), -#define TPML_DIGEST_P_UNMARSHAL (TPML_CC_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPML_DIGEST), -#define TPML_DIGEST_VALUES_P_UNMARSHAL (TPML_DIGEST_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPML_DIGEST_VALUES), -#define TPML_PCR_SELECTION_P_UNMARSHAL (TPML_DIGEST_VALUES_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPML_PCR_SELECTION), -#define TPMS_CONTEXT_P_UNMARSHAL (TPML_PCR_SELECTION_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMS_CONTEXT), -#define TPMT_PUBLIC_PARMS_P_UNMARSHAL (TPMS_CONTEXT_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMT_PUBLIC_PARMS), -#define TPMT_TK_AUTH_P_UNMARSHAL (TPMT_PUBLIC_PARMS_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMT_TK_AUTH), -#define TPMT_TK_CREATION_P_UNMARSHAL (TPMT_TK_AUTH_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMT_TK_CREATION), -#define TPMT_TK_HASHCHECK_P_UNMARSHAL (TPMT_TK_CREATION_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMT_TK_HASHCHECK), -#define TPMT_TK_VERIFIED_P_UNMARSHAL (TPMT_TK_HASHCHECK_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMT_TK_VERIFIED), -#define TPM_AT_P_UNMARSHAL (TPMT_TK_VERIFIED_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPM_AT), -#define TPM_CAP_P_UNMARSHAL (TPM_AT_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPM_CAP), -#define TPM_CLOCK_ADJUST_P_UNMARSHAL (TPM_CAP_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPM_CLOCK_ADJUST), -#define TPM_EO_P_UNMARSHAL (TPM_CLOCK_ADJUST_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPM_EO), -#define TPM_SE_P_UNMARSHAL (TPM_EO_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPM_SE), -#define TPM_SU_P_UNMARSHAL (TPM_SE_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPM_SU), -#define UINT16_P_UNMARSHAL (TPM_SU_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(UINT16), -#define UINT32_P_UNMARSHAL (UINT16_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(UINT32), -#define UINT64_P_UNMARSHAL (UINT32_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(UINT64), -#define UINT8_P_UNMARSHAL (UINT64_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(UINT8), -// PARAMETER_FIRST_FLAG_TYPE is the first parameter to need a flag. -#define PARAMETER_FIRST_FLAG_TYPE (UINT8_P_UNMARSHAL + 1) -#define TPM2B_PUBLIC_P_UNMARSHAL (UINT8_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPM2B_PUBLIC), -#define TPMI_ALG_CIPHER_MODE_P_UNMARSHAL (TPM2B_PUBLIC_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMI_ALG_CIPHER_MODE), -#define TPMI_ALG_HASH_P_UNMARSHAL (TPMI_ALG_CIPHER_MODE_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMI_ALG_HASH), -#define TPMI_ALG_MAC_SCHEME_P_UNMARSHAL (TPMI_ALG_HASH_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMI_ALG_MAC_SCHEME), -#define TPMI_DH_PCR_P_UNMARSHAL (TPMI_ALG_MAC_SCHEME_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMI_DH_PCR), -#define TPMI_ECC_KEY_EXCHANGE_P_UNMARSHAL (TPMI_DH_PCR_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMI_ECC_KEY_EXCHANGE), -#define TPMI_RH_ENABLES_P_UNMARSHAL (TPMI_ECC_KEY_EXCHANGE_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMI_RH_ENABLES), -#define TPMI_RH_HIERARCHY_P_UNMARSHAL (TPMI_RH_ENABLES_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMI_RH_HIERARCHY), -#define TPMT_RSA_DECRYPT_P_UNMARSHAL (TPMI_RH_HIERARCHY_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMT_RSA_DECRYPT), -#define TPMT_SIGNATURE_P_UNMARSHAL (TPMT_RSA_DECRYPT_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMT_SIGNATURE), -#define TPMT_SIG_SCHEME_P_UNMARSHAL (TPMT_SIGNATURE_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMT_SIG_SCHEME), -#define TPMT_SYM_DEF_P_UNMARSHAL (TPMT_SIG_SCHEME_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMT_SYM_DEF), -#define TPMT_SYM_DEF_OBJECT_P_UNMARSHAL (TPMT_SYM_DEF_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMT_SYM_DEF_OBJECT) -// PARAMETER_LAST_TYPE is the end of the command parameter list. -#define PARAMETER_LAST_TYPE (TPMT_SYM_DEF_OBJECT_P_UNMARSHAL) -}; - -// The MarshalArray contains the dispatch functions for the marshaling code. -// The defines in this array are used to make it easier to cross reference the -// marshaling values in the types array of each command -const _MARSHAL_T_ MarshalArray[] = { - -#define UINT32_H_MARSHAL 0 - MARSHAL_DISPATCH(UINT32), -// RESPONSE_PARAMETER_FIRST_TYPE marks the end of the response handles. -#define RESPONSE_PARAMETER_FIRST_TYPE (UINT32_H_MARSHAL + 1) -#define TPM2B_ATTEST_P_MARSHAL (UINT32_H_MARSHAL + 1) - MARSHAL_DISPATCH(TPM2B_ATTEST), -#define TPM2B_CREATION_DATA_P_MARSHAL (TPM2B_ATTEST_P_MARSHAL + 1) - MARSHAL_DISPATCH(TPM2B_CREATION_DATA), -#define TPM2B_DATA_P_MARSHAL (TPM2B_CREATION_DATA_P_MARSHAL + 1) - MARSHAL_DISPATCH(TPM2B_DATA), -#define TPM2B_DIGEST_P_MARSHAL (TPM2B_DATA_P_MARSHAL + 1) - MARSHAL_DISPATCH(TPM2B_DIGEST), -#define TPM2B_ECC_POINT_P_MARSHAL (TPM2B_DIGEST_P_MARSHAL + 1) - MARSHAL_DISPATCH(TPM2B_ECC_POINT), -#define TPM2B_ENCRYPTED_SECRET_P_MARSHAL (TPM2B_ECC_POINT_P_MARSHAL + 1) - MARSHAL_DISPATCH(TPM2B_ENCRYPTED_SECRET), -#define TPM2B_ID_OBJECT_P_MARSHAL (TPM2B_ENCRYPTED_SECRET_P_MARSHAL + 1) - MARSHAL_DISPATCH(TPM2B_ID_OBJECT), -#define TPM2B_IV_P_MARSHAL (TPM2B_ID_OBJECT_P_MARSHAL + 1) - MARSHAL_DISPATCH(TPM2B_IV), -#define TPM2B_MAX_BUFFER_P_MARSHAL (TPM2B_IV_P_MARSHAL + 1) - MARSHAL_DISPATCH(TPM2B_MAX_BUFFER), -#define TPM2B_MAX_NV_BUFFER_P_MARSHAL (TPM2B_MAX_BUFFER_P_MARSHAL + 1) - MARSHAL_DISPATCH(TPM2B_MAX_NV_BUFFER), -#define TPM2B_NAME_P_MARSHAL (TPM2B_MAX_NV_BUFFER_P_MARSHAL + 1) - MARSHAL_DISPATCH(TPM2B_NAME), -#define TPM2B_NV_PUBLIC_P_MARSHAL (TPM2B_NAME_P_MARSHAL + 1) - MARSHAL_DISPATCH(TPM2B_NV_PUBLIC), -#define TPM2B_PRIVATE_P_MARSHAL (TPM2B_NV_PUBLIC_P_MARSHAL + 1) - MARSHAL_DISPATCH(TPM2B_PRIVATE), -#define TPM2B_PUBLIC_P_MARSHAL (TPM2B_PRIVATE_P_MARSHAL + 1) - MARSHAL_DISPATCH(TPM2B_PUBLIC), -#define TPM2B_PUBLIC_KEY_RSA_P_MARSHAL (TPM2B_PUBLIC_P_MARSHAL + 1) - MARSHAL_DISPATCH(TPM2B_PUBLIC_KEY_RSA), -#define TPM2B_SENSITIVE_DATA_P_MARSHAL (TPM2B_PUBLIC_KEY_RSA_P_MARSHAL + 1) - MARSHAL_DISPATCH(TPM2B_SENSITIVE_DATA), -#define TPM2B_TIMEOUT_P_MARSHAL (TPM2B_SENSITIVE_DATA_P_MARSHAL + 1) - MARSHAL_DISPATCH(TPM2B_TIMEOUT), -#define UINT8_P_MARSHAL (TPM2B_TIMEOUT_P_MARSHAL + 1) - MARSHAL_DISPATCH(UINT8), -#define TPML_AC_CAPABILITIES_P_MARSHAL (UINT8_P_MARSHAL + 1) - MARSHAL_DISPATCH(TPML_AC_CAPABILITIES), -#define TPML_ALG_P_MARSHAL (TPML_AC_CAPABILITIES_P_MARSHAL + 1) - MARSHAL_DISPATCH(TPML_ALG), -#define TPML_DIGEST_P_MARSHAL (TPML_ALG_P_MARSHAL + 1) - MARSHAL_DISPATCH(TPML_DIGEST), -#define TPML_DIGEST_VALUES_P_MARSHAL (TPML_DIGEST_P_MARSHAL + 1) - MARSHAL_DISPATCH(TPML_DIGEST_VALUES), -#define TPML_PCR_SELECTION_P_MARSHAL (TPML_DIGEST_VALUES_P_MARSHAL + 1) - MARSHAL_DISPATCH(TPML_PCR_SELECTION), -#define TPMS_AC_OUTPUT_P_MARSHAL (TPML_PCR_SELECTION_P_MARSHAL + 1) - MARSHAL_DISPATCH(TPMS_AC_OUTPUT), -#define TPMS_ALGORITHM_DETAIL_ECC_P_MARSHAL (TPMS_AC_OUTPUT_P_MARSHAL + 1) - MARSHAL_DISPATCH(TPMS_ALGORITHM_DETAIL_ECC), -#define TPMS_CAPABILITY_DATA_P_MARSHAL \ - (TPMS_ALGORITHM_DETAIL_ECC_P_MARSHAL + 1) - MARSHAL_DISPATCH(TPMS_CAPABILITY_DATA), -#define TPMS_CONTEXT_P_MARSHAL (TPMS_CAPABILITY_DATA_P_MARSHAL + 1) - MARSHAL_DISPATCH(TPMS_CONTEXT), -#define TPMS_TIME_INFO_P_MARSHAL (TPMS_CONTEXT_P_MARSHAL + 1) - MARSHAL_DISPATCH(TPMS_TIME_INFO), -#define TPMT_HA_P_MARSHAL (TPMS_TIME_INFO_P_MARSHAL + 1) - MARSHAL_DISPATCH(TPMT_HA), -#define TPMT_SIGNATURE_P_MARSHAL (TPMT_HA_P_MARSHAL + 1) - MARSHAL_DISPATCH(TPMT_SIGNATURE), -#define TPMT_TK_AUTH_P_MARSHAL (TPMT_SIGNATURE_P_MARSHAL + 1) - MARSHAL_DISPATCH(TPMT_TK_AUTH), -#define TPMT_TK_CREATION_P_MARSHAL (TPMT_TK_AUTH_P_MARSHAL + 1) - MARSHAL_DISPATCH(TPMT_TK_CREATION), -#define TPMT_TK_HASHCHECK_P_MARSHAL (TPMT_TK_CREATION_P_MARSHAL + 1) - MARSHAL_DISPATCH(TPMT_TK_HASHCHECK), -#define TPMT_TK_VERIFIED_P_MARSHAL (TPMT_TK_HASHCHECK_P_MARSHAL + 1) - MARSHAL_DISPATCH(TPMT_TK_VERIFIED), -#define UINT32_P_MARSHAL (TPMT_TK_VERIFIED_P_MARSHAL + 1) - MARSHAL_DISPATCH(UINT32), -#define UINT16_P_MARSHAL (UINT32_P_MARSHAL + 1) - MARSHAL_DISPATCH(UINT16) -// RESPONSE_PARAMETER_LAST_TYPE is the end of the response parameter list. -#define RESPONSE_PARAMETER_LAST_TYPE (UINT16_P_MARSHAL) -}; - -// This list of aliases allows the types in the _COMMAND_DESCRIPTOR_T to match the -// types in the command/response templates of part 3. -#define INT32_P_UNMARSHAL UINT32_P_UNMARSHAL -#define TPM2B_AUTH_P_UNMARSHAL TPM2B_DIGEST_P_UNMARSHAL -#define TPM2B_NONCE_P_UNMARSHAL TPM2B_DIGEST_P_UNMARSHAL -#define TPM2B_OPERAND_P_UNMARSHAL TPM2B_DIGEST_P_UNMARSHAL -#define TPMA_LOCALITY_P_UNMARSHAL UINT8_P_UNMARSHAL -#define TPM_CC_P_UNMARSHAL UINT32_P_UNMARSHAL -#define TPMI_DH_CONTEXT_H_MARSHAL UINT32_H_MARSHAL -#define TPMI_DH_OBJECT_H_MARSHAL UINT32_H_MARSHAL -#define TPMI_SH_AUTH_SESSION_H_MARSHAL UINT32_H_MARSHAL -#define TPM_HANDLE_H_MARSHAL UINT32_H_MARSHAL -#define TPM2B_NONCE_P_MARSHAL TPM2B_DIGEST_P_MARSHAL -#define TPMI_YES_NO_P_MARSHAL UINT8_P_MARSHAL -#define TPM_RC_P_MARSHAL UINT32_P_MARSHAL - - -#if CC_Startup - -#include "Startup_fp.h" - -typedef TPM_RC (Startup_Entry)( - Startup_In *in -); - -typedef const struct { - Startup_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - BYTE types[3]; -} Startup_COMMAND_DESCRIPTOR_t; - -Startup_COMMAND_DESCRIPTOR_t _StartupData = { - /* entry */ &TPM2_Startup, - /* inSize */ (UINT16)(sizeof(Startup_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(Startup_COMMAND_DESCRIPTOR_t, types), - /* offsets */ // No parameter offsets; - /* types */ {TPM_SU_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _StartupDataAddress (&_StartupData) -#else -#define _StartupDataAddress 0 -#endif // CC_Startup - -#if CC_Shutdown - -#include "Shutdown_fp.h" - -typedef TPM_RC (Shutdown_Entry)( - Shutdown_In *in -); - -typedef const struct { - Shutdown_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - BYTE types[3]; -} Shutdown_COMMAND_DESCRIPTOR_t; - -Shutdown_COMMAND_DESCRIPTOR_t _ShutdownData = { - /* entry */ &TPM2_Shutdown, - /* inSize */ (UINT16)(sizeof(Shutdown_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(Shutdown_COMMAND_DESCRIPTOR_t, types), - /* offsets */ // No parameter offsets; - /* types */ {TPM_SU_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _ShutdownDataAddress (&_ShutdownData) -#else -#define _ShutdownDataAddress 0 -#endif // CC_Shutdown - -#if CC_SelfTest - -#include "SelfTest_fp.h" - -typedef TPM_RC (SelfTest_Entry)( - SelfTest_In *in -); - -typedef const struct { - SelfTest_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - BYTE types[3]; -} SelfTest_COMMAND_DESCRIPTOR_t; - -SelfTest_COMMAND_DESCRIPTOR_t _SelfTestData = { - /* entry */ &TPM2_SelfTest, - /* inSize */ (UINT16)(sizeof(SelfTest_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(SelfTest_COMMAND_DESCRIPTOR_t, types), - /* offsets */ // No parameter offsets; - /* types */ {TPMI_YES_NO_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _SelfTestDataAddress (&_SelfTestData) -#else -#define _SelfTestDataAddress 0 -#endif // CC_SelfTest - -#if CC_IncrementalSelfTest - -#include "IncrementalSelfTest_fp.h" - -typedef TPM_RC (IncrementalSelfTest_Entry)( - IncrementalSelfTest_In *in, - IncrementalSelfTest_Out *out -); - -typedef const struct { - IncrementalSelfTest_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - BYTE types[4]; -} IncrementalSelfTest_COMMAND_DESCRIPTOR_t; - -IncrementalSelfTest_COMMAND_DESCRIPTOR_t _IncrementalSelfTestData = { - /* entry */ &TPM2_IncrementalSelfTest, - /* inSize */ (UINT16)(sizeof(IncrementalSelfTest_In)), - /* outSize */ (UINT16)(sizeof(IncrementalSelfTest_Out)), - /* offsetOfTypes */ offsetof(IncrementalSelfTest_COMMAND_DESCRIPTOR_t, types), - /* offsets */ // No parameter offsets; - /* types */ {TPML_ALG_P_UNMARSHAL, - END_OF_LIST, - TPML_ALG_P_MARSHAL, - END_OF_LIST} -}; - -#define _IncrementalSelfTestDataAddress (&_IncrementalSelfTestData) -#else -#define _IncrementalSelfTestDataAddress 0 -#endif // CC_IncrementalSelfTest - -#if CC_GetTestResult - -#include "GetTestResult_fp.h" - -typedef TPM_RC (GetTestResult_Entry)( - GetTestResult_Out *out -); - -typedef const struct { - GetTestResult_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[1]; - BYTE types[4]; -} GetTestResult_COMMAND_DESCRIPTOR_t; - -GetTestResult_COMMAND_DESCRIPTOR_t _GetTestResultData = { - /* entry */ &TPM2_GetTestResult, - /* inSize */ 0, - /* outSize */ (UINT16)(sizeof(GetTestResult_Out)), - /* offsetOfTypes */ offsetof(GetTestResult_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(GetTestResult_Out, testResult))}, - /* types */ {END_OF_LIST, - TPM2B_MAX_BUFFER_P_MARSHAL, - TPM_RC_P_MARSHAL, - END_OF_LIST} -}; - -#define _GetTestResultDataAddress (&_GetTestResultData) -#else -#define _GetTestResultDataAddress 0 -#endif // CC_GetTestResult - -#if CC_StartAuthSession - -#include "StartAuthSession_fp.h" - -typedef TPM_RC (StartAuthSession_Entry)( - StartAuthSession_In *in, - StartAuthSession_Out *out -); - -typedef const struct { - StartAuthSession_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[7]; - BYTE types[11]; -} StartAuthSession_COMMAND_DESCRIPTOR_t; - -StartAuthSession_COMMAND_DESCRIPTOR_t _StartAuthSessionData = { - /* entry */ &TPM2_StartAuthSession, - /* inSize */ (UINT16)(sizeof(StartAuthSession_In)), - /* outSize */ (UINT16)(sizeof(StartAuthSession_Out)), - /* offsetOfTypes */ offsetof(StartAuthSession_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(StartAuthSession_In, bind)), - (UINT16)(offsetof(StartAuthSession_In, nonceCaller)), - (UINT16)(offsetof(StartAuthSession_In, encryptedSalt)), - (UINT16)(offsetof(StartAuthSession_In, sessionType)), - (UINT16)(offsetof(StartAuthSession_In, symmetric)), - (UINT16)(offsetof(StartAuthSession_In, authHash)), - (UINT16)(offsetof(StartAuthSession_Out, nonceTPM))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL + ADD_FLAG, - TPMI_DH_ENTITY_H_UNMARSHAL + ADD_FLAG, - TPM2B_NONCE_P_UNMARSHAL, - TPM2B_ENCRYPTED_SECRET_P_UNMARSHAL, - TPM_SE_P_UNMARSHAL, - TPMT_SYM_DEF_P_UNMARSHAL + ADD_FLAG, - TPMI_ALG_HASH_P_UNMARSHAL, - END_OF_LIST, - TPMI_SH_AUTH_SESSION_H_MARSHAL, - TPM2B_NONCE_P_MARSHAL, - END_OF_LIST} -}; - -#define _StartAuthSessionDataAddress (&_StartAuthSessionData) -#else -#define _StartAuthSessionDataAddress 0 -#endif // CC_StartAuthSession - -#if CC_PolicyRestart - -#include "PolicyRestart_fp.h" - -typedef TPM_RC (PolicyRestart_Entry)( - PolicyRestart_In *in -); - -typedef const struct { - PolicyRestart_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - BYTE types[3]; -} PolicyRestart_COMMAND_DESCRIPTOR_t; - -PolicyRestart_COMMAND_DESCRIPTOR_t _PolicyRestartData = { - /* entry */ &TPM2_PolicyRestart, - /* inSize */ (UINT16)(sizeof(PolicyRestart_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(PolicyRestart_COMMAND_DESCRIPTOR_t, types), - /* offsets */ // No parameter offsets; - /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _PolicyRestartDataAddress (&_PolicyRestartData) -#else -#define _PolicyRestartDataAddress 0 -#endif // CC_PolicyRestart - -#if CC_Create - -#include "Create_fp.h" - -typedef TPM_RC (Create_Entry)( - Create_In *in, - Create_Out *out -); - -typedef const struct { - Create_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[8]; - BYTE types[12]; -} Create_COMMAND_DESCRIPTOR_t; - -Create_COMMAND_DESCRIPTOR_t _CreateData = { - /* entry */ &TPM2_Create, - /* inSize */ (UINT16)(sizeof(Create_In)), - /* outSize */ (UINT16)(sizeof(Create_Out)), - /* offsetOfTypes */ offsetof(Create_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(Create_In, inSensitive)), - (UINT16)(offsetof(Create_In, inPublic)), - (UINT16)(offsetof(Create_In, outsideInfo)), - (UINT16)(offsetof(Create_In, creationPCR)), - (UINT16)(offsetof(Create_Out, outPublic)), - (UINT16)(offsetof(Create_Out, creationData)), - (UINT16)(offsetof(Create_Out, creationHash)), - (UINT16)(offsetof(Create_Out, creationTicket))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, - TPM2B_SENSITIVE_CREATE_P_UNMARSHAL, - TPM2B_PUBLIC_P_UNMARSHAL, - TPM2B_DATA_P_UNMARSHAL, - TPML_PCR_SELECTION_P_UNMARSHAL, - END_OF_LIST, - TPM2B_PRIVATE_P_MARSHAL, - TPM2B_PUBLIC_P_MARSHAL, - TPM2B_CREATION_DATA_P_MARSHAL, - TPM2B_DIGEST_P_MARSHAL, - TPMT_TK_CREATION_P_MARSHAL, - END_OF_LIST} -}; - -#define _CreateDataAddress (&_CreateData) -#else -#define _CreateDataAddress 0 -#endif // CC_Create - -#if CC_Load - -#include "Load_fp.h" - -typedef TPM_RC (Load_Entry)( - Load_In *in, - Load_Out *out -); - -typedef const struct { - Load_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[3]; - BYTE types[7]; -} Load_COMMAND_DESCRIPTOR_t; - -Load_COMMAND_DESCRIPTOR_t _LoadData = { - /* entry */ &TPM2_Load, - /* inSize */ (UINT16)(sizeof(Load_In)), - /* outSize */ (UINT16)(sizeof(Load_Out)), - /* offsetOfTypes */ offsetof(Load_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(Load_In, inPrivate)), - (UINT16)(offsetof(Load_In, inPublic)), - (UINT16)(offsetof(Load_Out, name))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, - TPM2B_PRIVATE_P_UNMARSHAL, - TPM2B_PUBLIC_P_UNMARSHAL, - END_OF_LIST, - TPM_HANDLE_H_MARSHAL, - TPM2B_NAME_P_MARSHAL, - END_OF_LIST} -}; - -#define _LoadDataAddress (&_LoadData) -#else -#define _LoadDataAddress 0 -#endif // CC_Load - -#if CC_LoadExternal - -#include "LoadExternal_fp.h" - -typedef TPM_RC (LoadExternal_Entry)( - LoadExternal_In *in, - LoadExternal_Out *out -); - -typedef const struct { - LoadExternal_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[3]; - BYTE types[7]; -} LoadExternal_COMMAND_DESCRIPTOR_t; - -LoadExternal_COMMAND_DESCRIPTOR_t _LoadExternalData = { - /* entry */ &TPM2_LoadExternal, - /* inSize */ (UINT16)(sizeof(LoadExternal_In)), - /* outSize */ (UINT16)(sizeof(LoadExternal_Out)), - /* offsetOfTypes */ offsetof(LoadExternal_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(LoadExternal_In, inPublic)), - (UINT16)(offsetof(LoadExternal_In, hierarchy)), - (UINT16)(offsetof(LoadExternal_Out, name))}, - /* types */ {TPM2B_SENSITIVE_P_UNMARSHAL, - TPM2B_PUBLIC_P_UNMARSHAL + ADD_FLAG, - TPMI_RH_HIERARCHY_P_UNMARSHAL + ADD_FLAG, - END_OF_LIST, - TPM_HANDLE_H_MARSHAL, - TPM2B_NAME_P_MARSHAL, - END_OF_LIST} -}; - -#define _LoadExternalDataAddress (&_LoadExternalData) -#else -#define _LoadExternalDataAddress 0 -#endif // CC_LoadExternal - -#if CC_ReadPublic - -#include "ReadPublic_fp.h" - -typedef TPM_RC (ReadPublic_Entry)( - ReadPublic_In *in, - ReadPublic_Out *out -); - -typedef const struct { - ReadPublic_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[2]; - BYTE types[6]; -} ReadPublic_COMMAND_DESCRIPTOR_t; - -ReadPublic_COMMAND_DESCRIPTOR_t _ReadPublicData = { - /* entry */ &TPM2_ReadPublic, - /* inSize */ (UINT16)(sizeof(ReadPublic_In)), - /* outSize */ (UINT16)(sizeof(ReadPublic_Out)), - /* offsetOfTypes */ offsetof(ReadPublic_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(ReadPublic_Out, name)), - (UINT16)(offsetof(ReadPublic_Out, qualifiedName))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, - END_OF_LIST, - TPM2B_PUBLIC_P_MARSHAL, - TPM2B_NAME_P_MARSHAL, - TPM2B_NAME_P_MARSHAL, - END_OF_LIST} -}; - -#define _ReadPublicDataAddress (&_ReadPublicData) -#else -#define _ReadPublicDataAddress 0 -#endif // CC_ReadPublic - -#if CC_ActivateCredential - -#include "ActivateCredential_fp.h" - -typedef TPM_RC (ActivateCredential_Entry)( - ActivateCredential_In *in, - ActivateCredential_Out *out -); - -typedef const struct { - ActivateCredential_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[3]; - BYTE types[7]; -} ActivateCredential_COMMAND_DESCRIPTOR_t; - -ActivateCredential_COMMAND_DESCRIPTOR_t _ActivateCredentialData = { - /* entry */ &TPM2_ActivateCredential, - /* inSize */ (UINT16)(sizeof(ActivateCredential_In)), - /* outSize */ (UINT16)(sizeof(ActivateCredential_Out)), - /* offsetOfTypes */ offsetof(ActivateCredential_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(ActivateCredential_In, keyHandle)), - (UINT16)(offsetof(ActivateCredential_In, credentialBlob)), - (UINT16)(offsetof(ActivateCredential_In, secret))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, - TPMI_DH_OBJECT_H_UNMARSHAL, - TPM2B_ID_OBJECT_P_UNMARSHAL, - TPM2B_ENCRYPTED_SECRET_P_UNMARSHAL, - END_OF_LIST, - TPM2B_DIGEST_P_MARSHAL, - END_OF_LIST} -}; - -#define _ActivateCredentialDataAddress (&_ActivateCredentialData) -#else -#define _ActivateCredentialDataAddress 0 -#endif // CC_ActivateCredential - -#if CC_MakeCredential - -#include "MakeCredential_fp.h" - -typedef TPM_RC (MakeCredential_Entry)( - MakeCredential_In *in, - MakeCredential_Out *out -); - -typedef const struct { - MakeCredential_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[3]; - BYTE types[7]; -} MakeCredential_COMMAND_DESCRIPTOR_t; - -MakeCredential_COMMAND_DESCRIPTOR_t _MakeCredentialData = { - /* entry */ &TPM2_MakeCredential, - /* inSize */ (UINT16)(sizeof(MakeCredential_In)), - /* outSize */ (UINT16)(sizeof(MakeCredential_Out)), - /* offsetOfTypes */ offsetof(MakeCredential_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(MakeCredential_In, credential)), - (UINT16)(offsetof(MakeCredential_In, objectName)), - (UINT16)(offsetof(MakeCredential_Out, secret))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, - TPM2B_DIGEST_P_UNMARSHAL, - TPM2B_NAME_P_UNMARSHAL, - END_OF_LIST, - TPM2B_ID_OBJECT_P_MARSHAL, - TPM2B_ENCRYPTED_SECRET_P_MARSHAL, - END_OF_LIST} -}; - -#define _MakeCredentialDataAddress (&_MakeCredentialData) -#else -#define _MakeCredentialDataAddress 0 -#endif // CC_MakeCredential - -#if CC_Unseal - -#include "Unseal_fp.h" - -typedef TPM_RC (Unseal_Entry)( - Unseal_In *in, - Unseal_Out *out -); - -typedef const struct { - Unseal_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - BYTE types[4]; -} Unseal_COMMAND_DESCRIPTOR_t; - -Unseal_COMMAND_DESCRIPTOR_t _UnsealData = { - /* entry */ &TPM2_Unseal, - /* inSize */ (UINT16)(sizeof(Unseal_In)), - /* outSize */ (UINT16)(sizeof(Unseal_Out)), - /* offsetOfTypes */ offsetof(Unseal_COMMAND_DESCRIPTOR_t, types), - /* offsets */ // No parameter offsets; - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, - END_OF_LIST, - TPM2B_SENSITIVE_DATA_P_MARSHAL, - END_OF_LIST} -}; - -#define _UnsealDataAddress (&_UnsealData) -#else -#define _UnsealDataAddress 0 -#endif // CC_Unseal - -#if CC_ObjectChangeAuth - -#include "ObjectChangeAuth_fp.h" - -typedef TPM_RC (ObjectChangeAuth_Entry)( - ObjectChangeAuth_In *in, - ObjectChangeAuth_Out *out -); - -typedef const struct { - ObjectChangeAuth_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[2]; - BYTE types[6]; -} ObjectChangeAuth_COMMAND_DESCRIPTOR_t; - -ObjectChangeAuth_COMMAND_DESCRIPTOR_t _ObjectChangeAuthData = { - /* entry */ &TPM2_ObjectChangeAuth, - /* inSize */ (UINT16)(sizeof(ObjectChangeAuth_In)), - /* outSize */ (UINT16)(sizeof(ObjectChangeAuth_Out)), - /* offsetOfTypes */ offsetof(ObjectChangeAuth_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(ObjectChangeAuth_In, parentHandle)), - (UINT16)(offsetof(ObjectChangeAuth_In, newAuth))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, - TPMI_DH_OBJECT_H_UNMARSHAL, - TPM2B_AUTH_P_UNMARSHAL, - END_OF_LIST, - TPM2B_PRIVATE_P_MARSHAL, - END_OF_LIST} -}; - -#define _ObjectChangeAuthDataAddress (&_ObjectChangeAuthData) -#else -#define _ObjectChangeAuthDataAddress 0 -#endif // CC_ObjectChangeAuth - -#if CC_CreateLoaded - -#include "CreateLoaded_fp.h" - -typedef TPM_RC (CreateLoaded_Entry)( - CreateLoaded_In *in, - CreateLoaded_Out *out -); - -typedef const struct { - CreateLoaded_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[5]; - BYTE types[9]; -} CreateLoaded_COMMAND_DESCRIPTOR_t; - -CreateLoaded_COMMAND_DESCRIPTOR_t _CreateLoadedData = { - /* entry */ &TPM2_CreateLoaded, - /* inSize */ (UINT16)(sizeof(CreateLoaded_In)), - /* outSize */ (UINT16)(sizeof(CreateLoaded_Out)), - /* offsetOfTypes */ offsetof(CreateLoaded_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(CreateLoaded_In, inSensitive)), - (UINT16)(offsetof(CreateLoaded_In, inPublic)), - (UINT16)(offsetof(CreateLoaded_Out, outPrivate)), - (UINT16)(offsetof(CreateLoaded_Out, outPublic)), - (UINT16)(offsetof(CreateLoaded_Out, name))}, - /* types */ {TPMI_DH_PARENT_H_UNMARSHAL + ADD_FLAG, - TPM2B_SENSITIVE_CREATE_P_UNMARSHAL, - TPM2B_TEMPLATE_P_UNMARSHAL, - END_OF_LIST, - TPM_HANDLE_H_MARSHAL, - TPM2B_PRIVATE_P_MARSHAL, - TPM2B_PUBLIC_P_MARSHAL, - TPM2B_NAME_P_MARSHAL, - END_OF_LIST} -}; - -#define _CreateLoadedDataAddress (&_CreateLoadedData) -#else -#define _CreateLoadedDataAddress 0 -#endif // CC_CreateLoaded - -#if CC_Duplicate - -#include "Duplicate_fp.h" - -typedef TPM_RC (Duplicate_Entry)( - Duplicate_In *in, - Duplicate_Out *out -); - -typedef const struct { - Duplicate_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[5]; - BYTE types[9]; -} Duplicate_COMMAND_DESCRIPTOR_t; - -Duplicate_COMMAND_DESCRIPTOR_t _DuplicateData = { - /* entry */ &TPM2_Duplicate, - /* inSize */ (UINT16)(sizeof(Duplicate_In)), - /* outSize */ (UINT16)(sizeof(Duplicate_Out)), - /* offsetOfTypes */ offsetof(Duplicate_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(Duplicate_In, newParentHandle)), - (UINT16)(offsetof(Duplicate_In, encryptionKeyIn)), - (UINT16)(offsetof(Duplicate_In, symmetricAlg)), - (UINT16)(offsetof(Duplicate_Out, duplicate)), - (UINT16)(offsetof(Duplicate_Out, outSymSeed))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, - TPMI_DH_OBJECT_H_UNMARSHAL + ADD_FLAG, - TPM2B_DATA_P_UNMARSHAL, - TPMT_SYM_DEF_OBJECT_P_UNMARSHAL + ADD_FLAG, - END_OF_LIST, - TPM2B_DATA_P_MARSHAL, - TPM2B_PRIVATE_P_MARSHAL, - TPM2B_ENCRYPTED_SECRET_P_MARSHAL, - END_OF_LIST} -}; - -#define _DuplicateDataAddress (&_DuplicateData) -#else -#define _DuplicateDataAddress 0 -#endif // CC_Duplicate - -#if CC_Rewrap - -#include "Rewrap_fp.h" - -typedef TPM_RC (Rewrap_Entry)( - Rewrap_In *in, - Rewrap_Out *out -); - -typedef const struct { - Rewrap_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[5]; - BYTE types[9]; -} Rewrap_COMMAND_DESCRIPTOR_t; - -Rewrap_COMMAND_DESCRIPTOR_t _RewrapData = { - /* entry */ &TPM2_Rewrap, - /* inSize */ (UINT16)(sizeof(Rewrap_In)), - /* outSize */ (UINT16)(sizeof(Rewrap_Out)), - /* offsetOfTypes */ offsetof(Rewrap_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(Rewrap_In, newParent)), - (UINT16)(offsetof(Rewrap_In, inDuplicate)), - (UINT16)(offsetof(Rewrap_In, name)), - (UINT16)(offsetof(Rewrap_In, inSymSeed)), - (UINT16)(offsetof(Rewrap_Out, outSymSeed))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL + ADD_FLAG, - TPMI_DH_OBJECT_H_UNMARSHAL + ADD_FLAG, - TPM2B_PRIVATE_P_UNMARSHAL, - TPM2B_NAME_P_UNMARSHAL, - TPM2B_ENCRYPTED_SECRET_P_UNMARSHAL, - END_OF_LIST, - TPM2B_PRIVATE_P_MARSHAL, - TPM2B_ENCRYPTED_SECRET_P_MARSHAL, - END_OF_LIST} -}; - -#define _RewrapDataAddress (&_RewrapData) -#else -#define _RewrapDataAddress 0 -#endif // CC_Rewrap - -#if CC_Import - -#include "Import_fp.h" - -typedef TPM_RC (Import_Entry)( - Import_In *in, - Import_Out *out -); - -typedef const struct { - Import_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[5]; - BYTE types[9]; -} Import_COMMAND_DESCRIPTOR_t; - -Import_COMMAND_DESCRIPTOR_t _ImportData = { - /* entry */ &TPM2_Import, - /* inSize */ (UINT16)(sizeof(Import_In)), - /* outSize */ (UINT16)(sizeof(Import_Out)), - /* offsetOfTypes */ offsetof(Import_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(Import_In, encryptionKey)), - (UINT16)(offsetof(Import_In, objectPublic)), - (UINT16)(offsetof(Import_In, duplicate)), - (UINT16)(offsetof(Import_In, inSymSeed)), - (UINT16)(offsetof(Import_In, symmetricAlg))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, - TPM2B_DATA_P_UNMARSHAL, - TPM2B_PUBLIC_P_UNMARSHAL, - TPM2B_PRIVATE_P_UNMARSHAL, - TPM2B_ENCRYPTED_SECRET_P_UNMARSHAL, - TPMT_SYM_DEF_OBJECT_P_UNMARSHAL + ADD_FLAG, - END_OF_LIST, - TPM2B_PRIVATE_P_MARSHAL, - END_OF_LIST} -}; - -#define _ImportDataAddress (&_ImportData) -#else -#define _ImportDataAddress 0 -#endif // CC_Import - -#if CC_RSA_Encrypt - -#include "RSA_Encrypt_fp.h" - -typedef TPM_RC (RSA_Encrypt_Entry)( - RSA_Encrypt_In *in, - RSA_Encrypt_Out *out -); - -typedef const struct { - RSA_Encrypt_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[3]; - BYTE types[7]; -} RSA_Encrypt_COMMAND_DESCRIPTOR_t; - -RSA_Encrypt_COMMAND_DESCRIPTOR_t _RSA_EncryptData = { - /* entry */ &TPM2_RSA_Encrypt, - /* inSize */ (UINT16)(sizeof(RSA_Encrypt_In)), - /* outSize */ (UINT16)(sizeof(RSA_Encrypt_Out)), - /* offsetOfTypes */ offsetof(RSA_Encrypt_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(RSA_Encrypt_In, message)), - (UINT16)(offsetof(RSA_Encrypt_In, inScheme)), - (UINT16)(offsetof(RSA_Encrypt_In, label))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, - TPM2B_PUBLIC_KEY_RSA_P_UNMARSHAL, - TPMT_RSA_DECRYPT_P_UNMARSHAL + ADD_FLAG, - TPM2B_DATA_P_UNMARSHAL, - END_OF_LIST, - TPM2B_PUBLIC_KEY_RSA_P_MARSHAL, - END_OF_LIST} -}; - -#define _RSA_EncryptDataAddress (&_RSA_EncryptData) -#else -#define _RSA_EncryptDataAddress 0 -#endif // CC_RSA_Encrypt - -#if CC_RSA_Decrypt - -#include "RSA_Decrypt_fp.h" - -typedef TPM_RC (RSA_Decrypt_Entry)( - RSA_Decrypt_In *in, - RSA_Decrypt_Out *out -); - -typedef const struct { - RSA_Decrypt_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[3]; - BYTE types[7]; -} RSA_Decrypt_COMMAND_DESCRIPTOR_t; - -RSA_Decrypt_COMMAND_DESCRIPTOR_t _RSA_DecryptData = { - /* entry */ &TPM2_RSA_Decrypt, - /* inSize */ (UINT16)(sizeof(RSA_Decrypt_In)), - /* outSize */ (UINT16)(sizeof(RSA_Decrypt_Out)), - /* offsetOfTypes */ offsetof(RSA_Decrypt_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(RSA_Decrypt_In, cipherText)), - (UINT16)(offsetof(RSA_Decrypt_In, inScheme)), - (UINT16)(offsetof(RSA_Decrypt_In, label))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, - TPM2B_PUBLIC_KEY_RSA_P_UNMARSHAL, - TPMT_RSA_DECRYPT_P_UNMARSHAL + ADD_FLAG, - TPM2B_DATA_P_UNMARSHAL, - END_OF_LIST, - TPM2B_PUBLIC_KEY_RSA_P_MARSHAL, - END_OF_LIST} -}; - -#define _RSA_DecryptDataAddress (&_RSA_DecryptData) -#else -#define _RSA_DecryptDataAddress 0 -#endif // CC_RSA_Decrypt - -#if CC_ECDH_KeyGen - -#include "ECDH_KeyGen_fp.h" - -typedef TPM_RC (ECDH_KeyGen_Entry)( - ECDH_KeyGen_In *in, - ECDH_KeyGen_Out *out -); - -typedef const struct { - ECDH_KeyGen_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[1]; - BYTE types[5]; -} ECDH_KeyGen_COMMAND_DESCRIPTOR_t; - -ECDH_KeyGen_COMMAND_DESCRIPTOR_t _ECDH_KeyGenData = { - /* entry */ &TPM2_ECDH_KeyGen, - /* inSize */ (UINT16)(sizeof(ECDH_KeyGen_In)), - /* outSize */ (UINT16)(sizeof(ECDH_KeyGen_Out)), - /* offsetOfTypes */ offsetof(ECDH_KeyGen_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(ECDH_KeyGen_Out, pubPoint))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, - END_OF_LIST, - TPM2B_ECC_POINT_P_MARSHAL, - TPM2B_ECC_POINT_P_MARSHAL, - END_OF_LIST} -}; - -#define _ECDH_KeyGenDataAddress (&_ECDH_KeyGenData) -#else -#define _ECDH_KeyGenDataAddress 0 -#endif // CC_ECDH_KeyGen - -#if CC_ECDH_ZGen - -#include "ECDH_ZGen_fp.h" - -typedef TPM_RC (ECDH_ZGen_Entry)( - ECDH_ZGen_In *in, - ECDH_ZGen_Out *out -); - -typedef const struct { - ECDH_ZGen_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[1]; - BYTE types[5]; -} ECDH_ZGen_COMMAND_DESCRIPTOR_t; - -ECDH_ZGen_COMMAND_DESCRIPTOR_t _ECDH_ZGenData = { - /* entry */ &TPM2_ECDH_ZGen, - /* inSize */ (UINT16)(sizeof(ECDH_ZGen_In)), - /* outSize */ (UINT16)(sizeof(ECDH_ZGen_Out)), - /* offsetOfTypes */ offsetof(ECDH_ZGen_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(ECDH_ZGen_In, inPoint))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, - TPM2B_ECC_POINT_P_UNMARSHAL, - END_OF_LIST, - TPM2B_ECC_POINT_P_MARSHAL, - END_OF_LIST} -}; - -#define _ECDH_ZGenDataAddress (&_ECDH_ZGenData) -#else -#define _ECDH_ZGenDataAddress 0 -#endif // CC_ECDH_ZGen - -#if CC_ECC_Parameters - -#include "ECC_Parameters_fp.h" - -typedef TPM_RC (ECC_Parameters_Entry)( - ECC_Parameters_In *in, - ECC_Parameters_Out *out -); - -typedef const struct { - ECC_Parameters_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - BYTE types[4]; -} ECC_Parameters_COMMAND_DESCRIPTOR_t; - -ECC_Parameters_COMMAND_DESCRIPTOR_t _ECC_ParametersData = { - /* entry */ &TPM2_ECC_Parameters, - /* inSize */ (UINT16)(sizeof(ECC_Parameters_In)), - /* outSize */ (UINT16)(sizeof(ECC_Parameters_Out)), - /* offsetOfTypes */ offsetof(ECC_Parameters_COMMAND_DESCRIPTOR_t, types), - /* offsets */ // No parameter offsets; - /* types */ {TPMI_ECC_CURVE_P_UNMARSHAL, - END_OF_LIST, - TPMS_ALGORITHM_DETAIL_ECC_P_MARSHAL, - END_OF_LIST} -}; - -#define _ECC_ParametersDataAddress (&_ECC_ParametersData) -#else -#define _ECC_ParametersDataAddress 0 -#endif // CC_ECC_Parameters - -#if CC_ZGen_2Phase - -#include "ZGen_2Phase_fp.h" - -typedef TPM_RC (ZGen_2Phase_Entry)( - ZGen_2Phase_In *in, - ZGen_2Phase_Out *out -); - -typedef const struct { - ZGen_2Phase_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[5]; - BYTE types[9]; -} ZGen_2Phase_COMMAND_DESCRIPTOR_t; - -ZGen_2Phase_COMMAND_DESCRIPTOR_t _ZGen_2PhaseData = { - /* entry */ &TPM2_ZGen_2Phase, - /* inSize */ (UINT16)(sizeof(ZGen_2Phase_In)), - /* outSize */ (UINT16)(sizeof(ZGen_2Phase_Out)), - /* offsetOfTypes */ offsetof(ZGen_2Phase_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(ZGen_2Phase_In, inQsB)), - (UINT16)(offsetof(ZGen_2Phase_In, inQeB)), - (UINT16)(offsetof(ZGen_2Phase_In, inScheme)), - (UINT16)(offsetof(ZGen_2Phase_In, counter)), - (UINT16)(offsetof(ZGen_2Phase_Out, outZ2))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, - TPM2B_ECC_POINT_P_UNMARSHAL, - TPM2B_ECC_POINT_P_UNMARSHAL, - TPMI_ECC_KEY_EXCHANGE_P_UNMARSHAL, - UINT16_P_UNMARSHAL, - END_OF_LIST, - TPM2B_ECC_POINT_P_MARSHAL, - TPM2B_ECC_POINT_P_MARSHAL, - END_OF_LIST} -}; - -#define _ZGen_2PhaseDataAddress (&_ZGen_2PhaseData) -#else -#define _ZGen_2PhaseDataAddress 0 -#endif // CC_ZGen_2Phase - -#if CC_EncryptDecrypt - -#include "EncryptDecrypt_fp.h" - -typedef TPM_RC (EncryptDecrypt_Entry)( - EncryptDecrypt_In *in, - EncryptDecrypt_Out *out -); - -typedef const struct { - EncryptDecrypt_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[5]; - BYTE types[9]; -} EncryptDecrypt_COMMAND_DESCRIPTOR_t; - -EncryptDecrypt_COMMAND_DESCRIPTOR_t _EncryptDecryptData = { - /* entry */ &TPM2_EncryptDecrypt, - /* inSize */ (UINT16)(sizeof(EncryptDecrypt_In)), - /* outSize */ (UINT16)(sizeof(EncryptDecrypt_Out)), - /* offsetOfTypes */ offsetof(EncryptDecrypt_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(EncryptDecrypt_In, decrypt)), - (UINT16)(offsetof(EncryptDecrypt_In, mode)), - (UINT16)(offsetof(EncryptDecrypt_In, ivIn)), - (UINT16)(offsetof(EncryptDecrypt_In, inData)), - (UINT16)(offsetof(EncryptDecrypt_Out, ivOut))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, - TPMI_YES_NO_P_UNMARSHAL, - TPMI_ALG_CIPHER_MODE_P_UNMARSHAL + ADD_FLAG, - TPM2B_IV_P_UNMARSHAL, - TPM2B_MAX_BUFFER_P_UNMARSHAL, - END_OF_LIST, - TPM2B_MAX_BUFFER_P_MARSHAL, - TPM2B_IV_P_MARSHAL, - END_OF_LIST} -}; - -#define _EncryptDecryptDataAddress (&_EncryptDecryptData) -#else -#define _EncryptDecryptDataAddress 0 -#endif // CC_EncryptDecrypt - -#if CC_EncryptDecrypt2 - -#include "EncryptDecrypt2_fp.h" - -typedef TPM_RC (EncryptDecrypt2_Entry)( - EncryptDecrypt2_In *in, - EncryptDecrypt2_Out *out -); - -typedef const struct { - EncryptDecrypt2_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[5]; - BYTE types[9]; -} EncryptDecrypt2_COMMAND_DESCRIPTOR_t; - -EncryptDecrypt2_COMMAND_DESCRIPTOR_t _EncryptDecrypt2Data = { - /* entry */ &TPM2_EncryptDecrypt2, - /* inSize */ (UINT16)(sizeof(EncryptDecrypt2_In)), - /* outSize */ (UINT16)(sizeof(EncryptDecrypt2_Out)), - /* offsetOfTypes */ offsetof(EncryptDecrypt2_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(EncryptDecrypt2_In, inData)), - (UINT16)(offsetof(EncryptDecrypt2_In, decrypt)), - (UINT16)(offsetof(EncryptDecrypt2_In, mode)), - (UINT16)(offsetof(EncryptDecrypt2_In, ivIn)), - (UINT16)(offsetof(EncryptDecrypt2_Out, ivOut))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, - TPM2B_MAX_BUFFER_P_UNMARSHAL, - TPMI_YES_NO_P_UNMARSHAL, - TPMI_ALG_CIPHER_MODE_P_UNMARSHAL + ADD_FLAG, - TPM2B_IV_P_UNMARSHAL, - END_OF_LIST, - TPM2B_MAX_BUFFER_P_MARSHAL, - TPM2B_IV_P_MARSHAL, - END_OF_LIST} -}; - -#define _EncryptDecrypt2DataAddress (&_EncryptDecrypt2Data) -#else -#define _EncryptDecrypt2DataAddress 0 -#endif // CC_EncryptDecrypt2 - -#if CC_Hash - -#include "Hash_fp.h" - -typedef TPM_RC (Hash_Entry)( - Hash_In *in, - Hash_Out *out -); - -typedef const struct { - Hash_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[3]; - BYTE types[7]; -} Hash_COMMAND_DESCRIPTOR_t; - -Hash_COMMAND_DESCRIPTOR_t _HashData = { - /* entry */ &TPM2_Hash, - /* inSize */ (UINT16)(sizeof(Hash_In)), - /* outSize */ (UINT16)(sizeof(Hash_Out)), - /* offsetOfTypes */ offsetof(Hash_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(Hash_In, hashAlg)), - (UINT16)(offsetof(Hash_In, hierarchy)), - (UINT16)(offsetof(Hash_Out, validation))}, - /* types */ {TPM2B_MAX_BUFFER_P_UNMARSHAL, - TPMI_ALG_HASH_P_UNMARSHAL, - TPMI_RH_HIERARCHY_P_UNMARSHAL + ADD_FLAG, - END_OF_LIST, - TPM2B_DIGEST_P_MARSHAL, - TPMT_TK_HASHCHECK_P_MARSHAL, - END_OF_LIST} -}; - -#define _HashDataAddress (&_HashData) -#else -#define _HashDataAddress 0 -#endif // CC_Hash - -#if CC_HMAC - -#include "HMAC_fp.h" - -typedef TPM_RC (HMAC_Entry)( - HMAC_In *in, - HMAC_Out *out -); - -typedef const struct { - HMAC_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[2]; - BYTE types[6]; -} HMAC_COMMAND_DESCRIPTOR_t; - -HMAC_COMMAND_DESCRIPTOR_t _HMACData = { - /* entry */ &TPM2_HMAC, - /* inSize */ (UINT16)(sizeof(HMAC_In)), - /* outSize */ (UINT16)(sizeof(HMAC_Out)), - /* offsetOfTypes */ offsetof(HMAC_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(HMAC_In, buffer)), - (UINT16)(offsetof(HMAC_In, hashAlg))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, - TPM2B_MAX_BUFFER_P_UNMARSHAL, - TPMI_ALG_HASH_P_UNMARSHAL + ADD_FLAG, - END_OF_LIST, - TPM2B_DIGEST_P_MARSHAL, - END_OF_LIST} -}; - -#define _HMACDataAddress (&_HMACData) -#else -#define _HMACDataAddress 0 -#endif // CC_HMAC - -#if CC_MAC - -#include "MAC_fp.h" - -typedef TPM_RC (MAC_Entry)( - MAC_In *in, - MAC_Out *out -); - -typedef const struct { - MAC_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[2]; - BYTE types[6]; -} MAC_COMMAND_DESCRIPTOR_t; - -MAC_COMMAND_DESCRIPTOR_t _MACData = { - /* entry */ &TPM2_MAC, - /* inSize */ (UINT16)(sizeof(MAC_In)), - /* outSize */ (UINT16)(sizeof(MAC_Out)), - /* offsetOfTypes */ offsetof(MAC_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(MAC_In, buffer)), - (UINT16)(offsetof(MAC_In, inScheme))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, - TPM2B_MAX_BUFFER_P_UNMARSHAL, - TPMI_ALG_MAC_SCHEME_P_UNMARSHAL + ADD_FLAG, - END_OF_LIST, - TPM2B_DIGEST_P_MARSHAL, - END_OF_LIST} -}; - -#define _MACDataAddress (&_MACData) -#else -#define _MACDataAddress 0 -#endif // CC_MAC - -#if CC_GetRandom - -#include "GetRandom_fp.h" - -typedef TPM_RC (GetRandom_Entry)( - GetRandom_In *in, - GetRandom_Out *out -); - -typedef const struct { - GetRandom_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - BYTE types[4]; -} GetRandom_COMMAND_DESCRIPTOR_t; - -GetRandom_COMMAND_DESCRIPTOR_t _GetRandomData = { - /* entry */ &TPM2_GetRandom, - /* inSize */ (UINT16)(sizeof(GetRandom_In)), - /* outSize */ (UINT16)(sizeof(GetRandom_Out)), - /* offsetOfTypes */ offsetof(GetRandom_COMMAND_DESCRIPTOR_t, types), - /* offsets */ // No parameter offsets; - /* types */ {UINT16_P_UNMARSHAL, - END_OF_LIST, - TPM2B_DIGEST_P_MARSHAL, - END_OF_LIST} -}; - -#define _GetRandomDataAddress (&_GetRandomData) -#else -#define _GetRandomDataAddress 0 -#endif // CC_GetRandom - -#if CC_StirRandom - -#include "StirRandom_fp.h" - -typedef TPM_RC (StirRandom_Entry)( - StirRandom_In *in -); - -typedef const struct { - StirRandom_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - BYTE types[3]; -} StirRandom_COMMAND_DESCRIPTOR_t; - -StirRandom_COMMAND_DESCRIPTOR_t _StirRandomData = { - /* entry */ &TPM2_StirRandom, - /* inSize */ (UINT16)(sizeof(StirRandom_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(StirRandom_COMMAND_DESCRIPTOR_t, types), - /* offsets */ // No parameter offsets; - /* types */ {TPM2B_SENSITIVE_DATA_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _StirRandomDataAddress (&_StirRandomData) -#else -#define _StirRandomDataAddress 0 -#endif // CC_StirRandom - -#if CC_HMAC_Start - -#include "HMAC_Start_fp.h" - -typedef TPM_RC (HMAC_Start_Entry)( - HMAC_Start_In *in, - HMAC_Start_Out *out -); - -typedef const struct { - HMAC_Start_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[2]; - BYTE types[6]; -} HMAC_Start_COMMAND_DESCRIPTOR_t; - -HMAC_Start_COMMAND_DESCRIPTOR_t _HMAC_StartData = { - /* entry */ &TPM2_HMAC_Start, - /* inSize */ (UINT16)(sizeof(HMAC_Start_In)), - /* outSize */ (UINT16)(sizeof(HMAC_Start_Out)), - /* offsetOfTypes */ offsetof(HMAC_Start_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(HMAC_Start_In, auth)), - (UINT16)(offsetof(HMAC_Start_In, hashAlg))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, - TPM2B_AUTH_P_UNMARSHAL, - TPMI_ALG_HASH_P_UNMARSHAL + ADD_FLAG, - END_OF_LIST, - TPMI_DH_OBJECT_H_MARSHAL, - END_OF_LIST} -}; - -#define _HMAC_StartDataAddress (&_HMAC_StartData) -#else -#define _HMAC_StartDataAddress 0 -#endif // CC_HMAC_Start - -#if CC_MAC_Start - -#include "MAC_Start_fp.h" - -typedef TPM_RC (MAC_Start_Entry)( - MAC_Start_In *in, - MAC_Start_Out *out -); - -typedef const struct { - MAC_Start_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[2]; - BYTE types[6]; -} MAC_Start_COMMAND_DESCRIPTOR_t; - -MAC_Start_COMMAND_DESCRIPTOR_t _MAC_StartData = { - /* entry */ &TPM2_MAC_Start, - /* inSize */ (UINT16)(sizeof(MAC_Start_In)), - /* outSize */ (UINT16)(sizeof(MAC_Start_Out)), - /* offsetOfTypes */ offsetof(MAC_Start_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(MAC_Start_In, auth)), - (UINT16)(offsetof(MAC_Start_In, inScheme))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, - TPM2B_AUTH_P_UNMARSHAL, - TPMI_ALG_MAC_SCHEME_P_UNMARSHAL + ADD_FLAG, - END_OF_LIST, - TPMI_DH_OBJECT_H_MARSHAL, - END_OF_LIST} -}; - -#define _MAC_StartDataAddress (&_MAC_StartData) -#else -#define _MAC_StartDataAddress 0 -#endif // CC_MAC_Start - -#if CC_HashSequenceStart - -#include "HashSequenceStart_fp.h" - -typedef TPM_RC (HashSequenceStart_Entry)( - HashSequenceStart_In *in, - HashSequenceStart_Out *out -); - -typedef const struct { - HashSequenceStart_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[1]; - BYTE types[5]; -} HashSequenceStart_COMMAND_DESCRIPTOR_t; - -HashSequenceStart_COMMAND_DESCRIPTOR_t _HashSequenceStartData = { - /* entry */ &TPM2_HashSequenceStart, - /* inSize */ (UINT16)(sizeof(HashSequenceStart_In)), - /* outSize */ (UINT16)(sizeof(HashSequenceStart_Out)), - /* offsetOfTypes */ offsetof(HashSequenceStart_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(HashSequenceStart_In, hashAlg))}, - /* types */ {TPM2B_AUTH_P_UNMARSHAL, - TPMI_ALG_HASH_P_UNMARSHAL + ADD_FLAG, - END_OF_LIST, - TPMI_DH_OBJECT_H_MARSHAL, - END_OF_LIST} -}; - -#define _HashSequenceStartDataAddress (&_HashSequenceStartData) -#else -#define _HashSequenceStartDataAddress 0 -#endif // CC_HashSequenceStart - -#if CC_SequenceUpdate - -#include "SequenceUpdate_fp.h" - -typedef TPM_RC (SequenceUpdate_Entry)( - SequenceUpdate_In *in -); - -typedef const struct { - SequenceUpdate_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[1]; - BYTE types[4]; -} SequenceUpdate_COMMAND_DESCRIPTOR_t; - -SequenceUpdate_COMMAND_DESCRIPTOR_t _SequenceUpdateData = { - /* entry */ &TPM2_SequenceUpdate, - /* inSize */ (UINT16)(sizeof(SequenceUpdate_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(SequenceUpdate_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(SequenceUpdate_In, buffer))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, - TPM2B_MAX_BUFFER_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _SequenceUpdateDataAddress (&_SequenceUpdateData) -#else -#define _SequenceUpdateDataAddress 0 -#endif // CC_SequenceUpdate - -#if CC_SequenceComplete - -#include "SequenceComplete_fp.h" - -typedef TPM_RC (SequenceComplete_Entry)( - SequenceComplete_In *in, - SequenceComplete_Out *out -); - -typedef const struct { - SequenceComplete_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[3]; - BYTE types[7]; -} SequenceComplete_COMMAND_DESCRIPTOR_t; - -SequenceComplete_COMMAND_DESCRIPTOR_t _SequenceCompleteData = { - /* entry */ &TPM2_SequenceComplete, - /* inSize */ (UINT16)(sizeof(SequenceComplete_In)), - /* outSize */ (UINT16)(sizeof(SequenceComplete_Out)), - /* offsetOfTypes */ offsetof(SequenceComplete_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(SequenceComplete_In, buffer)), - (UINT16)(offsetof(SequenceComplete_In, hierarchy)), - (UINT16)(offsetof(SequenceComplete_Out, validation))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, - TPM2B_MAX_BUFFER_P_UNMARSHAL, - TPMI_RH_HIERARCHY_P_UNMARSHAL + ADD_FLAG, - END_OF_LIST, - TPM2B_DIGEST_P_MARSHAL, - TPMT_TK_HASHCHECK_P_MARSHAL, - END_OF_LIST} -}; - -#define _SequenceCompleteDataAddress (&_SequenceCompleteData) -#else -#define _SequenceCompleteDataAddress 0 -#endif // CC_SequenceComplete - -#if CC_EventSequenceComplete - -#include "EventSequenceComplete_fp.h" - -typedef TPM_RC (EventSequenceComplete_Entry)( - EventSequenceComplete_In *in, - EventSequenceComplete_Out *out -); - -typedef const struct { - EventSequenceComplete_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[2]; - BYTE types[6]; -} EventSequenceComplete_COMMAND_DESCRIPTOR_t; - -EventSequenceComplete_COMMAND_DESCRIPTOR_t _EventSequenceCompleteData = { - /* entry */ &TPM2_EventSequenceComplete, - /* inSize */ (UINT16)(sizeof(EventSequenceComplete_In)), - /* outSize */ (UINT16)(sizeof(EventSequenceComplete_Out)), - /* offsetOfTypes */ offsetof(EventSequenceComplete_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(EventSequenceComplete_In, sequenceHandle)), - (UINT16)(offsetof(EventSequenceComplete_In, buffer))}, - /* types */ {TPMI_DH_PCR_H_UNMARSHAL + ADD_FLAG, - TPMI_DH_OBJECT_H_UNMARSHAL, - TPM2B_MAX_BUFFER_P_UNMARSHAL, - END_OF_LIST, - TPML_DIGEST_VALUES_P_MARSHAL, - END_OF_LIST} -}; - -#define _EventSequenceCompleteDataAddress (&_EventSequenceCompleteData) -#else -#define _EventSequenceCompleteDataAddress 0 -#endif // CC_EventSequenceComplete - -#if CC_Certify - -#include "Certify_fp.h" - -typedef TPM_RC (Certify_Entry)( - Certify_In *in, - Certify_Out *out -); - -typedef const struct { - Certify_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[4]; - BYTE types[8]; -} Certify_COMMAND_DESCRIPTOR_t; - -Certify_COMMAND_DESCRIPTOR_t _CertifyData = { - /* entry */ &TPM2_Certify, - /* inSize */ (UINT16)(sizeof(Certify_In)), - /* outSize */ (UINT16)(sizeof(Certify_Out)), - /* offsetOfTypes */ offsetof(Certify_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(Certify_In, signHandle)), - (UINT16)(offsetof(Certify_In, qualifyingData)), - (UINT16)(offsetof(Certify_In, inScheme)), - (UINT16)(offsetof(Certify_Out, signature))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, - TPMI_DH_OBJECT_H_UNMARSHAL + ADD_FLAG, - TPM2B_DATA_P_UNMARSHAL, - TPMT_SIG_SCHEME_P_UNMARSHAL + ADD_FLAG, - END_OF_LIST, - TPM2B_ATTEST_P_MARSHAL, - TPMT_SIGNATURE_P_MARSHAL, - END_OF_LIST} -}; - -#define _CertifyDataAddress (&_CertifyData) -#else -#define _CertifyDataAddress 0 -#endif // CC_Certify - -#if CC_CertifyCreation - -#include "CertifyCreation_fp.h" - -typedef TPM_RC (CertifyCreation_Entry)( - CertifyCreation_In *in, - CertifyCreation_Out *out -); - -typedef const struct { - CertifyCreation_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[6]; - BYTE types[10]; -} CertifyCreation_COMMAND_DESCRIPTOR_t; - -CertifyCreation_COMMAND_DESCRIPTOR_t _CertifyCreationData = { - /* entry */ &TPM2_CertifyCreation, - /* inSize */ (UINT16)(sizeof(CertifyCreation_In)), - /* outSize */ (UINT16)(sizeof(CertifyCreation_Out)), - /* offsetOfTypes */ offsetof(CertifyCreation_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(CertifyCreation_In, objectHandle)), - (UINT16)(offsetof(CertifyCreation_In, qualifyingData)), - (UINT16)(offsetof(CertifyCreation_In, creationHash)), - (UINT16)(offsetof(CertifyCreation_In, inScheme)), - (UINT16)(offsetof(CertifyCreation_In, creationTicket)), - (UINT16)(offsetof(CertifyCreation_Out, signature))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL + ADD_FLAG, - TPMI_DH_OBJECT_H_UNMARSHAL, - TPM2B_DATA_P_UNMARSHAL, - TPM2B_DIGEST_P_UNMARSHAL, - TPMT_SIG_SCHEME_P_UNMARSHAL + ADD_FLAG, - TPMT_TK_CREATION_P_UNMARSHAL, - END_OF_LIST, - TPM2B_ATTEST_P_MARSHAL, - TPMT_SIGNATURE_P_MARSHAL, - END_OF_LIST} -}; - -#define _CertifyCreationDataAddress (&_CertifyCreationData) -#else -#define _CertifyCreationDataAddress 0 -#endif // CC_CertifyCreation - -#if CC_Quote - -#include "Quote_fp.h" - -typedef TPM_RC (Quote_Entry)( - Quote_In *in, - Quote_Out *out -); - -typedef const struct { - Quote_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[4]; - BYTE types[8]; -} Quote_COMMAND_DESCRIPTOR_t; - -Quote_COMMAND_DESCRIPTOR_t _QuoteData = { - /* entry */ &TPM2_Quote, - /* inSize */ (UINT16)(sizeof(Quote_In)), - /* outSize */ (UINT16)(sizeof(Quote_Out)), - /* offsetOfTypes */ offsetof(Quote_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(Quote_In, qualifyingData)), - (UINT16)(offsetof(Quote_In, inScheme)), - (UINT16)(offsetof(Quote_In, PCRselect)), - (UINT16)(offsetof(Quote_Out, signature))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL + ADD_FLAG, - TPM2B_DATA_P_UNMARSHAL, - TPMT_SIG_SCHEME_P_UNMARSHAL + ADD_FLAG, - TPML_PCR_SELECTION_P_UNMARSHAL, - END_OF_LIST, - TPM2B_ATTEST_P_MARSHAL, - TPMT_SIGNATURE_P_MARSHAL, - END_OF_LIST} -}; - -#define _QuoteDataAddress (&_QuoteData) -#else -#define _QuoteDataAddress 0 -#endif // CC_Quote - -#if CC_GetSessionAuditDigest - -#include "GetSessionAuditDigest_fp.h" - -typedef TPM_RC (GetSessionAuditDigest_Entry)( - GetSessionAuditDigest_In *in, - GetSessionAuditDigest_Out *out -); - -typedef const struct { - GetSessionAuditDigest_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[5]; - BYTE types[9]; -} GetSessionAuditDigest_COMMAND_DESCRIPTOR_t; - -GetSessionAuditDigest_COMMAND_DESCRIPTOR_t _GetSessionAuditDigestData = { - /* entry */ &TPM2_GetSessionAuditDigest, - /* inSize */ (UINT16)(sizeof(GetSessionAuditDigest_In)), - /* outSize */ (UINT16)(sizeof(GetSessionAuditDigest_Out)), - /* offsetOfTypes */ offsetof(GetSessionAuditDigest_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(GetSessionAuditDigest_In, signHandle)), - (UINT16)(offsetof(GetSessionAuditDigest_In, sessionHandle)), - (UINT16)(offsetof(GetSessionAuditDigest_In, qualifyingData)), - (UINT16)(offsetof(GetSessionAuditDigest_In, inScheme)), - (UINT16)(offsetof(GetSessionAuditDigest_Out, signature))}, - /* types */ {TPMI_RH_ENDORSEMENT_H_UNMARSHAL, - TPMI_DH_OBJECT_H_UNMARSHAL + ADD_FLAG, - TPMI_SH_HMAC_H_UNMARSHAL, - TPM2B_DATA_P_UNMARSHAL, - TPMT_SIG_SCHEME_P_UNMARSHAL + ADD_FLAG, - END_OF_LIST, - TPM2B_ATTEST_P_MARSHAL, - TPMT_SIGNATURE_P_MARSHAL, - END_OF_LIST} -}; - -#define _GetSessionAuditDigestDataAddress (&_GetSessionAuditDigestData) -#else -#define _GetSessionAuditDigestDataAddress 0 -#endif // CC_GetSessionAuditDigest - -#if CC_GetCommandAuditDigest - -#include "GetCommandAuditDigest_fp.h" - -typedef TPM_RC (GetCommandAuditDigest_Entry)( - GetCommandAuditDigest_In *in, - GetCommandAuditDigest_Out *out -); - -typedef const struct { - GetCommandAuditDigest_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[4]; - BYTE types[8]; -} GetCommandAuditDigest_COMMAND_DESCRIPTOR_t; - -GetCommandAuditDigest_COMMAND_DESCRIPTOR_t _GetCommandAuditDigestData = { - /* entry */ &TPM2_GetCommandAuditDigest, - /* inSize */ (UINT16)(sizeof(GetCommandAuditDigest_In)), - /* outSize */ (UINT16)(sizeof(GetCommandAuditDigest_Out)), - /* offsetOfTypes */ offsetof(GetCommandAuditDigest_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(GetCommandAuditDigest_In, signHandle)), - (UINT16)(offsetof(GetCommandAuditDigest_In, qualifyingData)), - (UINT16)(offsetof(GetCommandAuditDigest_In, inScheme)), - (UINT16)(offsetof(GetCommandAuditDigest_Out, signature))}, - /* types */ {TPMI_RH_ENDORSEMENT_H_UNMARSHAL, - TPMI_DH_OBJECT_H_UNMARSHAL + ADD_FLAG, - TPM2B_DATA_P_UNMARSHAL, - TPMT_SIG_SCHEME_P_UNMARSHAL + ADD_FLAG, - END_OF_LIST, - TPM2B_ATTEST_P_MARSHAL, - TPMT_SIGNATURE_P_MARSHAL, - END_OF_LIST} -}; - -#define _GetCommandAuditDigestDataAddress (&_GetCommandAuditDigestData) -#else -#define _GetCommandAuditDigestDataAddress 0 -#endif // CC_GetCommandAuditDigest - -#if CC_GetTime - -#include "GetTime_fp.h" - -typedef TPM_RC (GetTime_Entry)( - GetTime_In *in, - GetTime_Out *out -); - -typedef const struct { - GetTime_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[4]; - BYTE types[8]; -} GetTime_COMMAND_DESCRIPTOR_t; - -GetTime_COMMAND_DESCRIPTOR_t _GetTimeData = { - /* entry */ &TPM2_GetTime, - /* inSize */ (UINT16)(sizeof(GetTime_In)), - /* outSize */ (UINT16)(sizeof(GetTime_Out)), - /* offsetOfTypes */ offsetof(GetTime_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(GetTime_In, signHandle)), - (UINT16)(offsetof(GetTime_In, qualifyingData)), - (UINT16)(offsetof(GetTime_In, inScheme)), - (UINT16)(offsetof(GetTime_Out, signature))}, - /* types */ {TPMI_RH_ENDORSEMENT_H_UNMARSHAL, - TPMI_DH_OBJECT_H_UNMARSHAL + ADD_FLAG, - TPM2B_DATA_P_UNMARSHAL, - TPMT_SIG_SCHEME_P_UNMARSHAL + ADD_FLAG, - END_OF_LIST, - TPM2B_ATTEST_P_MARSHAL, - TPMT_SIGNATURE_P_MARSHAL, - END_OF_LIST} -}; - -#define _GetTimeDataAddress (&_GetTimeData) -#else -#define _GetTimeDataAddress 0 -#endif // CC_GetTime - -#if CC_CertifyX509 - -#include "CertifyX509_fp.h" - -typedef TPM_RC (CertifyX509_Entry)( - CertifyX509_In *in, - CertifyX509_Out *out -); - -typedef const struct { - CertifyX509_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[6]; - BYTE types[10]; -} CertifyX509_COMMAND_DESCRIPTOR_t; - -CertifyX509_COMMAND_DESCRIPTOR_t _CertifyX509Data = { - /* entry */ &TPM2_CertifyX509, - /* inSize */ (UINT16)(sizeof(CertifyX509_In)), - /* outSize */ (UINT16)(sizeof(CertifyX509_Out)), - /* offsetOfTypes */ offsetof(CertifyX509_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(CertifyX509_In, signHandle)), - (UINT16)(offsetof(CertifyX509_In, qualifyingData)), - (UINT16)(offsetof(CertifyX509_In, inScheme)), - (UINT16)(offsetof(CertifyX509_In, partialCertificate)), - (UINT16)(offsetof(CertifyX509_Out, tbsDigest)), - (UINT16)(offsetof(CertifyX509_Out, signature))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, - TPMI_DH_OBJECT_H_UNMARSHAL + ADD_FLAG, - TPM2B_DATA_P_UNMARSHAL, - TPMT_SIG_SCHEME_P_UNMARSHAL + ADD_FLAG, - TPM2B_MAX_BUFFER_P_UNMARSHAL, - END_OF_LIST, - TPM2B_MAX_BUFFER_P_MARSHAL, - TPM2B_DIGEST_P_MARSHAL, - TPMT_SIGNATURE_P_MARSHAL, - END_OF_LIST} -}; - -#define _CertifyX509DataAddress (&_CertifyX509Data) -#else -#define _CertifyX509DataAddress 0 -#endif // CC_CertifyX509 - -#if CC_Commit - -#include "Commit_fp.h" - -typedef TPM_RC (Commit_Entry)( - Commit_In *in, - Commit_Out *out -); - -typedef const struct { - Commit_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[6]; - BYTE types[10]; -} Commit_COMMAND_DESCRIPTOR_t; - -Commit_COMMAND_DESCRIPTOR_t _CommitData = { - /* entry */ &TPM2_Commit, - /* inSize */ (UINT16)(sizeof(Commit_In)), - /* outSize */ (UINT16)(sizeof(Commit_Out)), - /* offsetOfTypes */ offsetof(Commit_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(Commit_In, P1)), - (UINT16)(offsetof(Commit_In, s2)), - (UINT16)(offsetof(Commit_In, y2)), - (UINT16)(offsetof(Commit_Out, L)), - (UINT16)(offsetof(Commit_Out, E)), - (UINT16)(offsetof(Commit_Out, counter))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, - TPM2B_ECC_POINT_P_UNMARSHAL, - TPM2B_SENSITIVE_DATA_P_UNMARSHAL, - TPM2B_ECC_PARAMETER_P_UNMARSHAL, - END_OF_LIST, - TPM2B_ECC_POINT_P_MARSHAL, - TPM2B_ECC_POINT_P_MARSHAL, - TPM2B_ECC_POINT_P_MARSHAL, - UINT16_P_MARSHAL, - END_OF_LIST} -}; - -#define _CommitDataAddress (&_CommitData) -#else -#define _CommitDataAddress 0 -#endif // CC_Commit - -#if CC_EC_Ephemeral - -#include "EC_Ephemeral_fp.h" - -typedef TPM_RC (EC_Ephemeral_Entry)( - EC_Ephemeral_In *in, - EC_Ephemeral_Out *out -); - -typedef const struct { - EC_Ephemeral_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[1]; - BYTE types[5]; -} EC_Ephemeral_COMMAND_DESCRIPTOR_t; - -EC_Ephemeral_COMMAND_DESCRIPTOR_t _EC_EphemeralData = { - /* entry */ &TPM2_EC_Ephemeral, - /* inSize */ (UINT16)(sizeof(EC_Ephemeral_In)), - /* outSize */ (UINT16)(sizeof(EC_Ephemeral_Out)), - /* offsetOfTypes */ offsetof(EC_Ephemeral_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(EC_Ephemeral_Out, counter))}, - /* types */ {TPMI_ECC_CURVE_P_UNMARSHAL, - END_OF_LIST, - TPM2B_ECC_POINT_P_MARSHAL, - UINT16_P_MARSHAL, - END_OF_LIST} -}; - -#define _EC_EphemeralDataAddress (&_EC_EphemeralData) -#else -#define _EC_EphemeralDataAddress 0 -#endif // CC_EC_Ephemeral - -#if CC_VerifySignature - -#include "VerifySignature_fp.h" - -typedef TPM_RC (VerifySignature_Entry)( - VerifySignature_In *in, - VerifySignature_Out *out -); - -typedef const struct { - VerifySignature_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[2]; - BYTE types[6]; -} VerifySignature_COMMAND_DESCRIPTOR_t; - -VerifySignature_COMMAND_DESCRIPTOR_t _VerifySignatureData = { - /* entry */ &TPM2_VerifySignature, - /* inSize */ (UINT16)(sizeof(VerifySignature_In)), - /* outSize */ (UINT16)(sizeof(VerifySignature_Out)), - /* offsetOfTypes */ offsetof(VerifySignature_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(VerifySignature_In, digest)), - (UINT16)(offsetof(VerifySignature_In, signature))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, - TPM2B_DIGEST_P_UNMARSHAL, - TPMT_SIGNATURE_P_UNMARSHAL, - END_OF_LIST, - TPMT_TK_VERIFIED_P_MARSHAL, - END_OF_LIST} -}; - -#define _VerifySignatureDataAddress (&_VerifySignatureData) -#else -#define _VerifySignatureDataAddress 0 -#endif // CC_VerifySignature - -#if CC_Sign - -#include "Sign_fp.h" - -typedef TPM_RC (Sign_Entry)( - Sign_In *in, - Sign_Out *out -); - -typedef const struct { - Sign_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[3]; - BYTE types[7]; -} Sign_COMMAND_DESCRIPTOR_t; - -Sign_COMMAND_DESCRIPTOR_t _SignData = { - /* entry */ &TPM2_Sign, - /* inSize */ (UINT16)(sizeof(Sign_In)), - /* outSize */ (UINT16)(sizeof(Sign_Out)), - /* offsetOfTypes */ offsetof(Sign_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(Sign_In, digest)), - (UINT16)(offsetof(Sign_In, inScheme)), - (UINT16)(offsetof(Sign_In, validation))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, - TPM2B_DIGEST_P_UNMARSHAL, - TPMT_SIG_SCHEME_P_UNMARSHAL + ADD_FLAG, - TPMT_TK_HASHCHECK_P_UNMARSHAL, - END_OF_LIST, - TPMT_SIGNATURE_P_MARSHAL, - END_OF_LIST} -}; - -#define _SignDataAddress (&_SignData) -#else -#define _SignDataAddress 0 -#endif // CC_Sign - -#if CC_SetCommandCodeAuditStatus - -#include "SetCommandCodeAuditStatus_fp.h" - -typedef TPM_RC (SetCommandCodeAuditStatus_Entry)( - SetCommandCodeAuditStatus_In *in -); - -typedef const struct { - SetCommandCodeAuditStatus_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[3]; - BYTE types[6]; -} SetCommandCodeAuditStatus_COMMAND_DESCRIPTOR_t; - -SetCommandCodeAuditStatus_COMMAND_DESCRIPTOR_t _SetCommandCodeAuditStatusData = { - /* entry */ &TPM2_SetCommandCodeAuditStatus, - /* inSize */ (UINT16)(sizeof(SetCommandCodeAuditStatus_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(SetCommandCodeAuditStatus_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(SetCommandCodeAuditStatus_In, auditAlg)), - (UINT16)(offsetof(SetCommandCodeAuditStatus_In, setList)), - (UINT16)(offsetof(SetCommandCodeAuditStatus_In, clearList))}, - /* types */ {TPMI_RH_PROVISION_H_UNMARSHAL, - TPMI_ALG_HASH_P_UNMARSHAL + ADD_FLAG, - TPML_CC_P_UNMARSHAL, - TPML_CC_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _SetCommandCodeAuditStatusDataAddress (&_SetCommandCodeAuditStatusData) -#else -#define _SetCommandCodeAuditStatusDataAddress 0 -#endif // CC_SetCommandCodeAuditStatus - -#if CC_PCR_Extend - -#include "PCR_Extend_fp.h" - -typedef TPM_RC (PCR_Extend_Entry)( - PCR_Extend_In *in -); - -typedef const struct { - PCR_Extend_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[1]; - BYTE types[4]; -} PCR_Extend_COMMAND_DESCRIPTOR_t; - -PCR_Extend_COMMAND_DESCRIPTOR_t _PCR_ExtendData = { - /* entry */ &TPM2_PCR_Extend, - /* inSize */ (UINT16)(sizeof(PCR_Extend_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(PCR_Extend_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(PCR_Extend_In, digests))}, - /* types */ {TPMI_DH_PCR_H_UNMARSHAL + ADD_FLAG, - TPML_DIGEST_VALUES_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _PCR_ExtendDataAddress (&_PCR_ExtendData) -#else -#define _PCR_ExtendDataAddress 0 -#endif // CC_PCR_Extend - -#if CC_PCR_Event - -#include "PCR_Event_fp.h" - -typedef TPM_RC (PCR_Event_Entry)( - PCR_Event_In *in, - PCR_Event_Out *out -); - -typedef const struct { - PCR_Event_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[1]; - BYTE types[5]; -} PCR_Event_COMMAND_DESCRIPTOR_t; - -PCR_Event_COMMAND_DESCRIPTOR_t _PCR_EventData = { - /* entry */ &TPM2_PCR_Event, - /* inSize */ (UINT16)(sizeof(PCR_Event_In)), - /* outSize */ (UINT16)(sizeof(PCR_Event_Out)), - /* offsetOfTypes */ offsetof(PCR_Event_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(PCR_Event_In, eventData))}, - /* types */ {TPMI_DH_PCR_H_UNMARSHAL + ADD_FLAG, - TPM2B_EVENT_P_UNMARSHAL, - END_OF_LIST, - TPML_DIGEST_VALUES_P_MARSHAL, - END_OF_LIST} -}; - -#define _PCR_EventDataAddress (&_PCR_EventData) -#else -#define _PCR_EventDataAddress 0 -#endif // CC_PCR_Event - -#if CC_PCR_Read - -#include "PCR_Read_fp.h" - -typedef TPM_RC (PCR_Read_Entry)( - PCR_Read_In *in, - PCR_Read_Out *out -); - -typedef const struct { - PCR_Read_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[2]; - BYTE types[6]; -} PCR_Read_COMMAND_DESCRIPTOR_t; - -PCR_Read_COMMAND_DESCRIPTOR_t _PCR_ReadData = { - /* entry */ &TPM2_PCR_Read, - /* inSize */ (UINT16)(sizeof(PCR_Read_In)), - /* outSize */ (UINT16)(sizeof(PCR_Read_Out)), - /* offsetOfTypes */ offsetof(PCR_Read_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(PCR_Read_Out, pcrSelectionOut)), - (UINT16)(offsetof(PCR_Read_Out, pcrValues))}, - /* types */ {TPML_PCR_SELECTION_P_UNMARSHAL, - END_OF_LIST, - UINT32_P_MARSHAL, - TPML_PCR_SELECTION_P_MARSHAL, - TPML_DIGEST_P_MARSHAL, - END_OF_LIST} -}; - -#define _PCR_ReadDataAddress (&_PCR_ReadData) -#else -#define _PCR_ReadDataAddress 0 -#endif // CC_PCR_Read - -#if CC_PCR_Allocate - -#include "PCR_Allocate_fp.h" - -typedef TPM_RC (PCR_Allocate_Entry)( - PCR_Allocate_In *in, - PCR_Allocate_Out *out -); - -typedef const struct { - PCR_Allocate_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[4]; - BYTE types[8]; -} PCR_Allocate_COMMAND_DESCRIPTOR_t; - -PCR_Allocate_COMMAND_DESCRIPTOR_t _PCR_AllocateData = { - /* entry */ &TPM2_PCR_Allocate, - /* inSize */ (UINT16)(sizeof(PCR_Allocate_In)), - /* outSize */ (UINT16)(sizeof(PCR_Allocate_Out)), - /* offsetOfTypes */ offsetof(PCR_Allocate_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(PCR_Allocate_In, pcrAllocation)), - (UINT16)(offsetof(PCR_Allocate_Out, maxPCR)), - (UINT16)(offsetof(PCR_Allocate_Out, sizeNeeded)), - (UINT16)(offsetof(PCR_Allocate_Out, sizeAvailable))}, - /* types */ {TPMI_RH_PLATFORM_H_UNMARSHAL, - TPML_PCR_SELECTION_P_UNMARSHAL, - END_OF_LIST, - TPMI_YES_NO_P_MARSHAL, - UINT32_P_MARSHAL, - UINT32_P_MARSHAL, - UINT32_P_MARSHAL, - END_OF_LIST} -}; - -#define _PCR_AllocateDataAddress (&_PCR_AllocateData) -#else -#define _PCR_AllocateDataAddress 0 -#endif // CC_PCR_Allocate - -#if CC_PCR_SetAuthPolicy - -#include "PCR_SetAuthPolicy_fp.h" - -typedef TPM_RC (PCR_SetAuthPolicy_Entry)( - PCR_SetAuthPolicy_In *in -); - -typedef const struct { - PCR_SetAuthPolicy_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[3]; - BYTE types[6]; -} PCR_SetAuthPolicy_COMMAND_DESCRIPTOR_t; - -PCR_SetAuthPolicy_COMMAND_DESCRIPTOR_t _PCR_SetAuthPolicyData = { - /* entry */ &TPM2_PCR_SetAuthPolicy, - /* inSize */ (UINT16)(sizeof(PCR_SetAuthPolicy_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(PCR_SetAuthPolicy_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(PCR_SetAuthPolicy_In, authPolicy)), - (UINT16)(offsetof(PCR_SetAuthPolicy_In, hashAlg)), - (UINT16)(offsetof(PCR_SetAuthPolicy_In, pcrNum))}, - /* types */ {TPMI_RH_PLATFORM_H_UNMARSHAL, - TPM2B_DIGEST_P_UNMARSHAL, - TPMI_ALG_HASH_P_UNMARSHAL + ADD_FLAG, - TPMI_DH_PCR_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _PCR_SetAuthPolicyDataAddress (&_PCR_SetAuthPolicyData) -#else -#define _PCR_SetAuthPolicyDataAddress 0 -#endif // CC_PCR_SetAuthPolicy - -#if CC_PCR_SetAuthValue - -#include "PCR_SetAuthValue_fp.h" - -typedef TPM_RC (PCR_SetAuthValue_Entry)( - PCR_SetAuthValue_In *in -); - -typedef const struct { - PCR_SetAuthValue_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[1]; - BYTE types[4]; -} PCR_SetAuthValue_COMMAND_DESCRIPTOR_t; - -PCR_SetAuthValue_COMMAND_DESCRIPTOR_t _PCR_SetAuthValueData = { - /* entry */ &TPM2_PCR_SetAuthValue, - /* inSize */ (UINT16)(sizeof(PCR_SetAuthValue_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(PCR_SetAuthValue_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(PCR_SetAuthValue_In, auth))}, - /* types */ {TPMI_DH_PCR_H_UNMARSHAL, - TPM2B_DIGEST_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _PCR_SetAuthValueDataAddress (&_PCR_SetAuthValueData) -#else -#define _PCR_SetAuthValueDataAddress 0 -#endif // CC_PCR_SetAuthValue - -#if CC_PCR_Reset - -#include "PCR_Reset_fp.h" - -typedef TPM_RC (PCR_Reset_Entry)( - PCR_Reset_In *in -); - -typedef const struct { - PCR_Reset_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - BYTE types[3]; -} PCR_Reset_COMMAND_DESCRIPTOR_t; - -PCR_Reset_COMMAND_DESCRIPTOR_t _PCR_ResetData = { - /* entry */ &TPM2_PCR_Reset, - /* inSize */ (UINT16)(sizeof(PCR_Reset_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(PCR_Reset_COMMAND_DESCRIPTOR_t, types), - /* offsets */ // No parameter offsets; - /* types */ {TPMI_DH_PCR_H_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _PCR_ResetDataAddress (&_PCR_ResetData) -#else -#define _PCR_ResetDataAddress 0 -#endif // CC_PCR_Reset - -#if CC_PolicySigned - -#include "PolicySigned_fp.h" - -typedef TPM_RC (PolicySigned_Entry)( - PolicySigned_In *in, - PolicySigned_Out *out -); - -typedef const struct { - PolicySigned_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[7]; - BYTE types[11]; -} PolicySigned_COMMAND_DESCRIPTOR_t; - -PolicySigned_COMMAND_DESCRIPTOR_t _PolicySignedData = { - /* entry */ &TPM2_PolicySigned, - /* inSize */ (UINT16)(sizeof(PolicySigned_In)), - /* outSize */ (UINT16)(sizeof(PolicySigned_Out)), - /* offsetOfTypes */ offsetof(PolicySigned_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(PolicySigned_In, policySession)), - (UINT16)(offsetof(PolicySigned_In, nonceTPM)), - (UINT16)(offsetof(PolicySigned_In, cpHashA)), - (UINT16)(offsetof(PolicySigned_In, policyRef)), - (UINT16)(offsetof(PolicySigned_In, expiration)), - (UINT16)(offsetof(PolicySigned_In, auth)), - (UINT16)(offsetof(PolicySigned_Out, policyTicket))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, - TPMI_SH_POLICY_H_UNMARSHAL, - TPM2B_NONCE_P_UNMARSHAL, - TPM2B_DIGEST_P_UNMARSHAL, - TPM2B_NONCE_P_UNMARSHAL, - INT32_P_UNMARSHAL, - TPMT_SIGNATURE_P_UNMARSHAL, - END_OF_LIST, - TPM2B_TIMEOUT_P_MARSHAL, - TPMT_TK_AUTH_P_MARSHAL, - END_OF_LIST} -}; - -#define _PolicySignedDataAddress (&_PolicySignedData) -#else -#define _PolicySignedDataAddress 0 -#endif // CC_PolicySigned - -#if CC_PolicySecret - -#include "PolicySecret_fp.h" - -typedef TPM_RC (PolicySecret_Entry)( - PolicySecret_In *in, - PolicySecret_Out *out -); - -typedef const struct { - PolicySecret_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[6]; - BYTE types[10]; -} PolicySecret_COMMAND_DESCRIPTOR_t; - -PolicySecret_COMMAND_DESCRIPTOR_t _PolicySecretData = { - /* entry */ &TPM2_PolicySecret, - /* inSize */ (UINT16)(sizeof(PolicySecret_In)), - /* outSize */ (UINT16)(sizeof(PolicySecret_Out)), - /* offsetOfTypes */ offsetof(PolicySecret_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(PolicySecret_In, policySession)), - (UINT16)(offsetof(PolicySecret_In, nonceTPM)), - (UINT16)(offsetof(PolicySecret_In, cpHashA)), - (UINT16)(offsetof(PolicySecret_In, policyRef)), - (UINT16)(offsetof(PolicySecret_In, expiration)), - (UINT16)(offsetof(PolicySecret_Out, policyTicket))}, - /* types */ {TPMI_DH_ENTITY_H_UNMARSHAL, - TPMI_SH_POLICY_H_UNMARSHAL, - TPM2B_NONCE_P_UNMARSHAL, - TPM2B_DIGEST_P_UNMARSHAL, - TPM2B_NONCE_P_UNMARSHAL, - INT32_P_UNMARSHAL, - END_OF_LIST, - TPM2B_TIMEOUT_P_MARSHAL, - TPMT_TK_AUTH_P_MARSHAL, - END_OF_LIST} -}; - -#define _PolicySecretDataAddress (&_PolicySecretData) -#else -#define _PolicySecretDataAddress 0 -#endif // CC_PolicySecret - -#if CC_PolicyTicket - -#include "PolicyTicket_fp.h" - -typedef TPM_RC (PolicyTicket_Entry)( - PolicyTicket_In *in -); - -typedef const struct { - PolicyTicket_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[5]; - BYTE types[8]; -} PolicyTicket_COMMAND_DESCRIPTOR_t; - -PolicyTicket_COMMAND_DESCRIPTOR_t _PolicyTicketData = { - /* entry */ &TPM2_PolicyTicket, - /* inSize */ (UINT16)(sizeof(PolicyTicket_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(PolicyTicket_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(PolicyTicket_In, timeout)), - (UINT16)(offsetof(PolicyTicket_In, cpHashA)), - (UINT16)(offsetof(PolicyTicket_In, policyRef)), - (UINT16)(offsetof(PolicyTicket_In, authName)), - (UINT16)(offsetof(PolicyTicket_In, ticket))}, - /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, - TPM2B_TIMEOUT_P_UNMARSHAL, - TPM2B_DIGEST_P_UNMARSHAL, - TPM2B_NONCE_P_UNMARSHAL, - TPM2B_NAME_P_UNMARSHAL, - TPMT_TK_AUTH_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _PolicyTicketDataAddress (&_PolicyTicketData) -#else -#define _PolicyTicketDataAddress 0 -#endif // CC_PolicyTicket - -#if CC_PolicyOR - -#include "PolicyOR_fp.h" - -typedef TPM_RC (PolicyOR_Entry)( - PolicyOR_In *in -); - -typedef const struct { - PolicyOR_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[1]; - BYTE types[4]; -} PolicyOR_COMMAND_DESCRIPTOR_t; - -PolicyOR_COMMAND_DESCRIPTOR_t _PolicyORData = { - /* entry */ &TPM2_PolicyOR, - /* inSize */ (UINT16)(sizeof(PolicyOR_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(PolicyOR_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(PolicyOR_In, pHashList))}, - /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, - TPML_DIGEST_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _PolicyORDataAddress (&_PolicyORData) -#else -#define _PolicyORDataAddress 0 -#endif // CC_PolicyOR - -#if CC_PolicyPCR - -#include "PolicyPCR_fp.h" - -typedef TPM_RC (PolicyPCR_Entry)( - PolicyPCR_In *in -); - -typedef const struct { - PolicyPCR_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[2]; - BYTE types[5]; -} PolicyPCR_COMMAND_DESCRIPTOR_t; - -PolicyPCR_COMMAND_DESCRIPTOR_t _PolicyPCRData = { - /* entry */ &TPM2_PolicyPCR, - /* inSize */ (UINT16)(sizeof(PolicyPCR_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(PolicyPCR_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(PolicyPCR_In, pcrDigest)), - (UINT16)(offsetof(PolicyPCR_In, pcrs))}, - /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, - TPM2B_DIGEST_P_UNMARSHAL, - TPML_PCR_SELECTION_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _PolicyPCRDataAddress (&_PolicyPCRData) -#else -#define _PolicyPCRDataAddress 0 -#endif // CC_PolicyPCR - -#if CC_PolicyLocality - -#include "PolicyLocality_fp.h" - -typedef TPM_RC (PolicyLocality_Entry)( - PolicyLocality_In *in -); - -typedef const struct { - PolicyLocality_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[1]; - BYTE types[4]; -} PolicyLocality_COMMAND_DESCRIPTOR_t; - -PolicyLocality_COMMAND_DESCRIPTOR_t _PolicyLocalityData = { - /* entry */ &TPM2_PolicyLocality, - /* inSize */ (UINT16)(sizeof(PolicyLocality_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(PolicyLocality_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(PolicyLocality_In, locality))}, - /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, - TPMA_LOCALITY_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _PolicyLocalityDataAddress (&_PolicyLocalityData) -#else -#define _PolicyLocalityDataAddress 0 -#endif // CC_PolicyLocality - -#if CC_PolicyNV - -#include "PolicyNV_fp.h" - -typedef TPM_RC (PolicyNV_Entry)( - PolicyNV_In *in -); - -typedef const struct { - PolicyNV_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[5]; - BYTE types[8]; -} PolicyNV_COMMAND_DESCRIPTOR_t; - -PolicyNV_COMMAND_DESCRIPTOR_t _PolicyNVData = { - /* entry */ &TPM2_PolicyNV, - /* inSize */ (UINT16)(sizeof(PolicyNV_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(PolicyNV_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(PolicyNV_In, nvIndex)), - (UINT16)(offsetof(PolicyNV_In, policySession)), - (UINT16)(offsetof(PolicyNV_In, operandB)), - (UINT16)(offsetof(PolicyNV_In, offset)), - (UINT16)(offsetof(PolicyNV_In, operation))}, - /* types */ {TPMI_RH_NV_AUTH_H_UNMARSHAL, - TPMI_RH_NV_INDEX_H_UNMARSHAL, - TPMI_SH_POLICY_H_UNMARSHAL, - TPM2B_OPERAND_P_UNMARSHAL, - UINT16_P_UNMARSHAL, - TPM_EO_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _PolicyNVDataAddress (&_PolicyNVData) -#else -#define _PolicyNVDataAddress 0 -#endif // CC_PolicyNV - -#if CC_PolicyCounterTimer - -#include "PolicyCounterTimer_fp.h" - -typedef TPM_RC (PolicyCounterTimer_Entry)( - PolicyCounterTimer_In *in -); - -typedef const struct { - PolicyCounterTimer_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[3]; - BYTE types[6]; -} PolicyCounterTimer_COMMAND_DESCRIPTOR_t; - -PolicyCounterTimer_COMMAND_DESCRIPTOR_t _PolicyCounterTimerData = { - /* entry */ &TPM2_PolicyCounterTimer, - /* inSize */ (UINT16)(sizeof(PolicyCounterTimer_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(PolicyCounterTimer_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(PolicyCounterTimer_In, operandB)), - (UINT16)(offsetof(PolicyCounterTimer_In, offset)), - (UINT16)(offsetof(PolicyCounterTimer_In, operation))}, - /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, - TPM2B_OPERAND_P_UNMARSHAL, - UINT16_P_UNMARSHAL, - TPM_EO_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _PolicyCounterTimerDataAddress (&_PolicyCounterTimerData) -#else -#define _PolicyCounterTimerDataAddress 0 -#endif // CC_PolicyCounterTimer - -#if CC_PolicyCommandCode - -#include "PolicyCommandCode_fp.h" - -typedef TPM_RC (PolicyCommandCode_Entry)( - PolicyCommandCode_In *in -); - -typedef const struct { - PolicyCommandCode_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[1]; - BYTE types[4]; -} PolicyCommandCode_COMMAND_DESCRIPTOR_t; - -PolicyCommandCode_COMMAND_DESCRIPTOR_t _PolicyCommandCodeData = { - /* entry */ &TPM2_PolicyCommandCode, - /* inSize */ (UINT16)(sizeof(PolicyCommandCode_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(PolicyCommandCode_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(PolicyCommandCode_In, code))}, - /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, - TPM_CC_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _PolicyCommandCodeDataAddress (&_PolicyCommandCodeData) -#else -#define _PolicyCommandCodeDataAddress 0 -#endif // CC_PolicyCommandCode - -#if CC_PolicyPhysicalPresence - -#include "PolicyPhysicalPresence_fp.h" - -typedef TPM_RC (PolicyPhysicalPresence_Entry)( - PolicyPhysicalPresence_In *in -); - -typedef const struct { - PolicyPhysicalPresence_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - BYTE types[3]; -} PolicyPhysicalPresence_COMMAND_DESCRIPTOR_t; - -PolicyPhysicalPresence_COMMAND_DESCRIPTOR_t _PolicyPhysicalPresenceData = { - /* entry */ &TPM2_PolicyPhysicalPresence, - /* inSize */ (UINT16)(sizeof(PolicyPhysicalPresence_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(PolicyPhysicalPresence_COMMAND_DESCRIPTOR_t, types), - /* offsets */ // No parameter offsets; - /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _PolicyPhysicalPresenceDataAddress (&_PolicyPhysicalPresenceData) -#else -#define _PolicyPhysicalPresenceDataAddress 0 -#endif // CC_PolicyPhysicalPresence - -#if CC_PolicyCpHash - -#include "PolicyCpHash_fp.h" - -typedef TPM_RC (PolicyCpHash_Entry)( - PolicyCpHash_In *in -); - -typedef const struct { - PolicyCpHash_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[1]; - BYTE types[4]; -} PolicyCpHash_COMMAND_DESCRIPTOR_t; - -PolicyCpHash_COMMAND_DESCRIPTOR_t _PolicyCpHashData = { - /* entry */ &TPM2_PolicyCpHash, - /* inSize */ (UINT16)(sizeof(PolicyCpHash_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(PolicyCpHash_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(PolicyCpHash_In, cpHashA))}, - /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, - TPM2B_DIGEST_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _PolicyCpHashDataAddress (&_PolicyCpHashData) -#else -#define _PolicyCpHashDataAddress 0 -#endif // CC_PolicyCpHash - -#if CC_PolicyNameHash - -#include "PolicyNameHash_fp.h" - -typedef TPM_RC (PolicyNameHash_Entry)( - PolicyNameHash_In *in -); - -typedef const struct { - PolicyNameHash_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[1]; - BYTE types[4]; -} PolicyNameHash_COMMAND_DESCRIPTOR_t; - -PolicyNameHash_COMMAND_DESCRIPTOR_t _PolicyNameHashData = { - /* entry */ &TPM2_PolicyNameHash, - /* inSize */ (UINT16)(sizeof(PolicyNameHash_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(PolicyNameHash_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(PolicyNameHash_In, nameHash))}, - /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, - TPM2B_DIGEST_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _PolicyNameHashDataAddress (&_PolicyNameHashData) -#else -#define _PolicyNameHashDataAddress 0 -#endif // CC_PolicyNameHash - -#if CC_PolicyDuplicationSelect - -#include "PolicyDuplicationSelect_fp.h" - -typedef TPM_RC (PolicyDuplicationSelect_Entry)( - PolicyDuplicationSelect_In *in -); - -typedef const struct { - PolicyDuplicationSelect_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[3]; - BYTE types[6]; -} PolicyDuplicationSelect_COMMAND_DESCRIPTOR_t; - -PolicyDuplicationSelect_COMMAND_DESCRIPTOR_t _PolicyDuplicationSelectData = { - /* entry */ &TPM2_PolicyDuplicationSelect, - /* inSize */ (UINT16)(sizeof(PolicyDuplicationSelect_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(PolicyDuplicationSelect_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(PolicyDuplicationSelect_In, objectName)), - (UINT16)(offsetof(PolicyDuplicationSelect_In, newParentName)), - (UINT16)(offsetof(PolicyDuplicationSelect_In, includeObject))}, - /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, - TPM2B_NAME_P_UNMARSHAL, - TPM2B_NAME_P_UNMARSHAL, - TPMI_YES_NO_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _PolicyDuplicationSelectDataAddress (&_PolicyDuplicationSelectData) -#else -#define _PolicyDuplicationSelectDataAddress 0 -#endif // CC_PolicyDuplicationSelect - -#if CC_PolicyAuthorize - -#include "PolicyAuthorize_fp.h" - -typedef TPM_RC (PolicyAuthorize_Entry)( - PolicyAuthorize_In *in -); - -typedef const struct { - PolicyAuthorize_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[4]; - BYTE types[7]; -} PolicyAuthorize_COMMAND_DESCRIPTOR_t; - -PolicyAuthorize_COMMAND_DESCRIPTOR_t _PolicyAuthorizeData = { - /* entry */ &TPM2_PolicyAuthorize, - /* inSize */ (UINT16)(sizeof(PolicyAuthorize_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(PolicyAuthorize_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(PolicyAuthorize_In, approvedPolicy)), - (UINT16)(offsetof(PolicyAuthorize_In, policyRef)), - (UINT16)(offsetof(PolicyAuthorize_In, keySign)), - (UINT16)(offsetof(PolicyAuthorize_In, checkTicket))}, - /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, - TPM2B_DIGEST_P_UNMARSHAL, - TPM2B_NONCE_P_UNMARSHAL, - TPM2B_NAME_P_UNMARSHAL, - TPMT_TK_VERIFIED_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _PolicyAuthorizeDataAddress (&_PolicyAuthorizeData) -#else -#define _PolicyAuthorizeDataAddress 0 -#endif // CC_PolicyAuthorize - -#if CC_PolicyAuthValue - -#include "PolicyAuthValue_fp.h" - -typedef TPM_RC (PolicyAuthValue_Entry)( - PolicyAuthValue_In *in -); - -typedef const struct { - PolicyAuthValue_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - BYTE types[3]; -} PolicyAuthValue_COMMAND_DESCRIPTOR_t; - -PolicyAuthValue_COMMAND_DESCRIPTOR_t _PolicyAuthValueData = { - /* entry */ &TPM2_PolicyAuthValue, - /* inSize */ (UINT16)(sizeof(PolicyAuthValue_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(PolicyAuthValue_COMMAND_DESCRIPTOR_t, types), - /* offsets */ // No parameter offsets; - /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _PolicyAuthValueDataAddress (&_PolicyAuthValueData) -#else -#define _PolicyAuthValueDataAddress 0 -#endif // CC_PolicyAuthValue - -#if CC_PolicyPassword - -#include "PolicyPassword_fp.h" - -typedef TPM_RC (PolicyPassword_Entry)( - PolicyPassword_In *in -); - -typedef const struct { - PolicyPassword_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - BYTE types[3]; -} PolicyPassword_COMMAND_DESCRIPTOR_t; - -PolicyPassword_COMMAND_DESCRIPTOR_t _PolicyPasswordData = { - /* entry */ &TPM2_PolicyPassword, - /* inSize */ (UINT16)(sizeof(PolicyPassword_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(PolicyPassword_COMMAND_DESCRIPTOR_t, types), - /* offsets */ // No parameter offsets; - /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _PolicyPasswordDataAddress (&_PolicyPasswordData) -#else -#define _PolicyPasswordDataAddress 0 -#endif // CC_PolicyPassword - -#if CC_PolicyGetDigest - -#include "PolicyGetDigest_fp.h" - -typedef TPM_RC (PolicyGetDigest_Entry)( - PolicyGetDigest_In *in, - PolicyGetDigest_Out *out -); - -typedef const struct { - PolicyGetDigest_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - BYTE types[4]; -} PolicyGetDigest_COMMAND_DESCRIPTOR_t; - -PolicyGetDigest_COMMAND_DESCRIPTOR_t _PolicyGetDigestData = { - /* entry */ &TPM2_PolicyGetDigest, - /* inSize */ (UINT16)(sizeof(PolicyGetDigest_In)), - /* outSize */ (UINT16)(sizeof(PolicyGetDigest_Out)), - /* offsetOfTypes */ offsetof(PolicyGetDigest_COMMAND_DESCRIPTOR_t, types), - /* offsets */ // No parameter offsets; - /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, - END_OF_LIST, - TPM2B_DIGEST_P_MARSHAL, - END_OF_LIST} -}; - -#define _PolicyGetDigestDataAddress (&_PolicyGetDigestData) -#else -#define _PolicyGetDigestDataAddress 0 -#endif // CC_PolicyGetDigest - -#if CC_PolicyNvWritten - -#include "PolicyNvWritten_fp.h" - -typedef TPM_RC (PolicyNvWritten_Entry)( - PolicyNvWritten_In *in -); - -typedef const struct { - PolicyNvWritten_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[1]; - BYTE types[4]; -} PolicyNvWritten_COMMAND_DESCRIPTOR_t; - -PolicyNvWritten_COMMAND_DESCRIPTOR_t _PolicyNvWrittenData = { - /* entry */ &TPM2_PolicyNvWritten, - /* inSize */ (UINT16)(sizeof(PolicyNvWritten_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(PolicyNvWritten_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(PolicyNvWritten_In, writtenSet))}, - /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, - TPMI_YES_NO_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _PolicyNvWrittenDataAddress (&_PolicyNvWrittenData) -#else -#define _PolicyNvWrittenDataAddress 0 -#endif // CC_PolicyNvWritten - -#if CC_PolicyTemplate - -#include "PolicyTemplate_fp.h" - -typedef TPM_RC (PolicyTemplate_Entry)( - PolicyTemplate_In *in -); - -typedef const struct { - PolicyTemplate_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[1]; - BYTE types[4]; -} PolicyTemplate_COMMAND_DESCRIPTOR_t; - -PolicyTemplate_COMMAND_DESCRIPTOR_t _PolicyTemplateData = { - /* entry */ &TPM2_PolicyTemplate, - /* inSize */ (UINT16)(sizeof(PolicyTemplate_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(PolicyTemplate_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(PolicyTemplate_In, templateHash))}, - /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, - TPM2B_DIGEST_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _PolicyTemplateDataAddress (&_PolicyTemplateData) -#else -#define _PolicyTemplateDataAddress 0 -#endif // CC_PolicyTemplate - -#if CC_PolicyAuthorizeNV - -#include "PolicyAuthorizeNV_fp.h" - -typedef TPM_RC (PolicyAuthorizeNV_Entry)( - PolicyAuthorizeNV_In *in -); - -typedef const struct { - PolicyAuthorizeNV_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[2]; - BYTE types[5]; -} PolicyAuthorizeNV_COMMAND_DESCRIPTOR_t; - -PolicyAuthorizeNV_COMMAND_DESCRIPTOR_t _PolicyAuthorizeNVData = { - /* entry */ &TPM2_PolicyAuthorizeNV, - /* inSize */ (UINT16)(sizeof(PolicyAuthorizeNV_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(PolicyAuthorizeNV_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(PolicyAuthorizeNV_In, nvIndex)), - (UINT16)(offsetof(PolicyAuthorizeNV_In, policySession))}, - /* types */ {TPMI_RH_NV_AUTH_H_UNMARSHAL, - TPMI_RH_NV_INDEX_H_UNMARSHAL, - TPMI_SH_POLICY_H_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _PolicyAuthorizeNVDataAddress (&_PolicyAuthorizeNVData) -#else -#define _PolicyAuthorizeNVDataAddress 0 -#endif // CC_PolicyAuthorizeNV - -#if CC_CreatePrimary - -#include "CreatePrimary_fp.h" - -typedef TPM_RC (CreatePrimary_Entry)( - CreatePrimary_In *in, - CreatePrimary_Out *out -); - -typedef const struct { - CreatePrimary_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[9]; - BYTE types[13]; -} CreatePrimary_COMMAND_DESCRIPTOR_t; - -CreatePrimary_COMMAND_DESCRIPTOR_t _CreatePrimaryData = { - /* entry */ &TPM2_CreatePrimary, - /* inSize */ (UINT16)(sizeof(CreatePrimary_In)), - /* outSize */ (UINT16)(sizeof(CreatePrimary_Out)), - /* offsetOfTypes */ offsetof(CreatePrimary_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(CreatePrimary_In, inSensitive)), - (UINT16)(offsetof(CreatePrimary_In, inPublic)), - (UINT16)(offsetof(CreatePrimary_In, outsideInfo)), - (UINT16)(offsetof(CreatePrimary_In, creationPCR)), - (UINT16)(offsetof(CreatePrimary_Out, outPublic)), - (UINT16)(offsetof(CreatePrimary_Out, creationData)), - (UINT16)(offsetof(CreatePrimary_Out, creationHash)), - (UINT16)(offsetof(CreatePrimary_Out, creationTicket)), - (UINT16)(offsetof(CreatePrimary_Out, name))}, - /* types */ {TPMI_RH_HIERARCHY_H_UNMARSHAL + ADD_FLAG, - TPM2B_SENSITIVE_CREATE_P_UNMARSHAL, - TPM2B_PUBLIC_P_UNMARSHAL, - TPM2B_DATA_P_UNMARSHAL, - TPML_PCR_SELECTION_P_UNMARSHAL, - END_OF_LIST, - TPM_HANDLE_H_MARSHAL, - TPM2B_PUBLIC_P_MARSHAL, - TPM2B_CREATION_DATA_P_MARSHAL, - TPM2B_DIGEST_P_MARSHAL, - TPMT_TK_CREATION_P_MARSHAL, - TPM2B_NAME_P_MARSHAL, - END_OF_LIST} -}; - -#define _CreatePrimaryDataAddress (&_CreatePrimaryData) -#else -#define _CreatePrimaryDataAddress 0 -#endif // CC_CreatePrimary - -#if CC_HierarchyControl - -#include "HierarchyControl_fp.h" - -typedef TPM_RC (HierarchyControl_Entry)( - HierarchyControl_In *in -); - -typedef const struct { - HierarchyControl_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[2]; - BYTE types[5]; -} HierarchyControl_COMMAND_DESCRIPTOR_t; - -HierarchyControl_COMMAND_DESCRIPTOR_t _HierarchyControlData = { - /* entry */ &TPM2_HierarchyControl, - /* inSize */ (UINT16)(sizeof(HierarchyControl_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(HierarchyControl_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(HierarchyControl_In, enable)), - (UINT16)(offsetof(HierarchyControl_In, state))}, - /* types */ {TPMI_RH_HIERARCHY_H_UNMARSHAL, - TPMI_RH_ENABLES_P_UNMARSHAL, - TPMI_YES_NO_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _HierarchyControlDataAddress (&_HierarchyControlData) -#else -#define _HierarchyControlDataAddress 0 -#endif // CC_HierarchyControl - -#if CC_SetPrimaryPolicy - -#include "SetPrimaryPolicy_fp.h" - -typedef TPM_RC (SetPrimaryPolicy_Entry)( - SetPrimaryPolicy_In *in -); - -typedef const struct { - SetPrimaryPolicy_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[2]; - BYTE types[5]; -} SetPrimaryPolicy_COMMAND_DESCRIPTOR_t; - -SetPrimaryPolicy_COMMAND_DESCRIPTOR_t _SetPrimaryPolicyData = { - /* entry */ &TPM2_SetPrimaryPolicy, - /* inSize */ (UINT16)(sizeof(SetPrimaryPolicy_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(SetPrimaryPolicy_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(SetPrimaryPolicy_In, authPolicy)), - (UINT16)(offsetof(SetPrimaryPolicy_In, hashAlg))}, - /* types */ {TPMI_RH_HIERARCHY_AUTH_H_UNMARSHAL, - TPM2B_DIGEST_P_UNMARSHAL, - TPMI_ALG_HASH_P_UNMARSHAL + ADD_FLAG, - END_OF_LIST, - END_OF_LIST} -}; - -#define _SetPrimaryPolicyDataAddress (&_SetPrimaryPolicyData) -#else -#define _SetPrimaryPolicyDataAddress 0 -#endif // CC_SetPrimaryPolicy - -#if CC_ChangePPS - -#include "ChangePPS_fp.h" - -typedef TPM_RC (ChangePPS_Entry)( - ChangePPS_In *in -); - -typedef const struct { - ChangePPS_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - BYTE types[3]; -} ChangePPS_COMMAND_DESCRIPTOR_t; - -ChangePPS_COMMAND_DESCRIPTOR_t _ChangePPSData = { - /* entry */ &TPM2_ChangePPS, - /* inSize */ (UINT16)(sizeof(ChangePPS_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(ChangePPS_COMMAND_DESCRIPTOR_t, types), - /* offsets */ // No parameter offsets; - /* types */ {TPMI_RH_PLATFORM_H_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _ChangePPSDataAddress (&_ChangePPSData) -#else -#define _ChangePPSDataAddress 0 -#endif // CC_ChangePPS - -#if CC_ChangeEPS - -#include "ChangeEPS_fp.h" - -typedef TPM_RC (ChangeEPS_Entry)( - ChangeEPS_In *in -); - -typedef const struct { - ChangeEPS_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - BYTE types[3]; -} ChangeEPS_COMMAND_DESCRIPTOR_t; - -ChangeEPS_COMMAND_DESCRIPTOR_t _ChangeEPSData = { - /* entry */ &TPM2_ChangeEPS, - /* inSize */ (UINT16)(sizeof(ChangeEPS_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(ChangeEPS_COMMAND_DESCRIPTOR_t, types), - /* offsets */ // No parameter offsets; - /* types */ {TPMI_RH_PLATFORM_H_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _ChangeEPSDataAddress (&_ChangeEPSData) -#else -#define _ChangeEPSDataAddress 0 -#endif // CC_ChangeEPS - -#if CC_Clear - -#include "Clear_fp.h" - -typedef TPM_RC (Clear_Entry)( - Clear_In *in -); - -typedef const struct { - Clear_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - BYTE types[3]; -} Clear_COMMAND_DESCRIPTOR_t; - -Clear_COMMAND_DESCRIPTOR_t _ClearData = { - /* entry */ &TPM2_Clear, - /* inSize */ (UINT16)(sizeof(Clear_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(Clear_COMMAND_DESCRIPTOR_t, types), - /* offsets */ // No parameter offsets; - /* types */ {TPMI_RH_CLEAR_H_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _ClearDataAddress (&_ClearData) -#else -#define _ClearDataAddress 0 -#endif // CC_Clear - -#if CC_ClearControl - -#include "ClearControl_fp.h" - -typedef TPM_RC (ClearControl_Entry)( - ClearControl_In *in -); - -typedef const struct { - ClearControl_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[1]; - BYTE types[4]; -} ClearControl_COMMAND_DESCRIPTOR_t; - -ClearControl_COMMAND_DESCRIPTOR_t _ClearControlData = { - /* entry */ &TPM2_ClearControl, - /* inSize */ (UINT16)(sizeof(ClearControl_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(ClearControl_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(ClearControl_In, disable))}, - /* types */ {TPMI_RH_CLEAR_H_UNMARSHAL, - TPMI_YES_NO_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _ClearControlDataAddress (&_ClearControlData) -#else -#define _ClearControlDataAddress 0 -#endif // CC_ClearControl - -#if CC_HierarchyChangeAuth - -#include "HierarchyChangeAuth_fp.h" - -typedef TPM_RC (HierarchyChangeAuth_Entry)( - HierarchyChangeAuth_In *in -); - -typedef const struct { - HierarchyChangeAuth_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[1]; - BYTE types[4]; -} HierarchyChangeAuth_COMMAND_DESCRIPTOR_t; - -HierarchyChangeAuth_COMMAND_DESCRIPTOR_t _HierarchyChangeAuthData = { - /* entry */ &TPM2_HierarchyChangeAuth, - /* inSize */ (UINT16)(sizeof(HierarchyChangeAuth_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(HierarchyChangeAuth_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(HierarchyChangeAuth_In, newAuth))}, - /* types */ {TPMI_RH_HIERARCHY_AUTH_H_UNMARSHAL, - TPM2B_AUTH_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _HierarchyChangeAuthDataAddress (&_HierarchyChangeAuthData) -#else -#define _HierarchyChangeAuthDataAddress 0 -#endif // CC_HierarchyChangeAuth - -#if CC_DictionaryAttackLockReset - -#include "DictionaryAttackLockReset_fp.h" - -typedef TPM_RC (DictionaryAttackLockReset_Entry)( - DictionaryAttackLockReset_In *in -); - -typedef const struct { - DictionaryAttackLockReset_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - BYTE types[3]; -} DictionaryAttackLockReset_COMMAND_DESCRIPTOR_t; - -DictionaryAttackLockReset_COMMAND_DESCRIPTOR_t _DictionaryAttackLockResetData = { - /* entry */ &TPM2_DictionaryAttackLockReset, - /* inSize */ (UINT16)(sizeof(DictionaryAttackLockReset_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(DictionaryAttackLockReset_COMMAND_DESCRIPTOR_t, types), - /* offsets */ // No parameter offsets; - /* types */ {TPMI_RH_LOCKOUT_H_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _DictionaryAttackLockResetDataAddress (&_DictionaryAttackLockResetData) -#else -#define _DictionaryAttackLockResetDataAddress 0 -#endif // CC_DictionaryAttackLockReset - -#if CC_DictionaryAttackParameters - -#include "DictionaryAttackParameters_fp.h" - -typedef TPM_RC (DictionaryAttackParameters_Entry)( - DictionaryAttackParameters_In *in -); - -typedef const struct { - DictionaryAttackParameters_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[3]; - BYTE types[6]; -} DictionaryAttackParameters_COMMAND_DESCRIPTOR_t; - -DictionaryAttackParameters_COMMAND_DESCRIPTOR_t _DictionaryAttackParametersData = { - /* entry */ &TPM2_DictionaryAttackParameters, - /* inSize */ (UINT16)(sizeof(DictionaryAttackParameters_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(DictionaryAttackParameters_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(DictionaryAttackParameters_In, newMaxTries)), - (UINT16)(offsetof(DictionaryAttackParameters_In, newRecoveryTime)), - (UINT16)(offsetof(DictionaryAttackParameters_In, lockoutRecovery))}, - /* types */ {TPMI_RH_LOCKOUT_H_UNMARSHAL, - UINT32_P_UNMARSHAL, - UINT32_P_UNMARSHAL, - UINT32_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _DictionaryAttackParametersDataAddress (&_DictionaryAttackParametersData) -#else -#define _DictionaryAttackParametersDataAddress 0 -#endif // CC_DictionaryAttackParameters - -#if CC_PP_Commands - -#include "PP_Commands_fp.h" - -typedef TPM_RC (PP_Commands_Entry)( - PP_Commands_In *in -); - -typedef const struct { - PP_Commands_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[2]; - BYTE types[5]; -} PP_Commands_COMMAND_DESCRIPTOR_t; - -PP_Commands_COMMAND_DESCRIPTOR_t _PP_CommandsData = { - /* entry */ &TPM2_PP_Commands, - /* inSize */ (UINT16)(sizeof(PP_Commands_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(PP_Commands_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(PP_Commands_In, setList)), - (UINT16)(offsetof(PP_Commands_In, clearList))}, - /* types */ {TPMI_RH_PLATFORM_H_UNMARSHAL, - TPML_CC_P_UNMARSHAL, - TPML_CC_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _PP_CommandsDataAddress (&_PP_CommandsData) -#else -#define _PP_CommandsDataAddress 0 -#endif // CC_PP_Commands - -#if CC_SetAlgorithmSet - -#include "SetAlgorithmSet_fp.h" - -typedef TPM_RC (SetAlgorithmSet_Entry)( - SetAlgorithmSet_In *in -); - -typedef const struct { - SetAlgorithmSet_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[1]; - BYTE types[4]; -} SetAlgorithmSet_COMMAND_DESCRIPTOR_t; - -SetAlgorithmSet_COMMAND_DESCRIPTOR_t _SetAlgorithmSetData = { - /* entry */ &TPM2_SetAlgorithmSet, - /* inSize */ (UINT16)(sizeof(SetAlgorithmSet_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(SetAlgorithmSet_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(SetAlgorithmSet_In, algorithmSet))}, - /* types */ {TPMI_RH_PLATFORM_H_UNMARSHAL, - UINT32_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _SetAlgorithmSetDataAddress (&_SetAlgorithmSetData) -#else -#define _SetAlgorithmSetDataAddress 0 -#endif // CC_SetAlgorithmSet - -#if CC_FieldUpgradeStart - -#include "FieldUpgradeStart_fp.h" - -typedef TPM_RC (FieldUpgradeStart_Entry)( - FieldUpgradeStart_In *in -); - -typedef const struct { - FieldUpgradeStart_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[3]; - BYTE types[6]; -} FieldUpgradeStart_COMMAND_DESCRIPTOR_t; - -FieldUpgradeStart_COMMAND_DESCRIPTOR_t _FieldUpgradeStartData = { - /* entry */ &TPM2_FieldUpgradeStart, - /* inSize */ (UINT16)(sizeof(FieldUpgradeStart_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(FieldUpgradeStart_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(FieldUpgradeStart_In, keyHandle)), - (UINT16)(offsetof(FieldUpgradeStart_In, fuDigest)), - (UINT16)(offsetof(FieldUpgradeStart_In, manifestSignature))}, - /* types */ {TPMI_RH_PLATFORM_H_UNMARSHAL, - TPMI_DH_OBJECT_H_UNMARSHAL, - TPM2B_DIGEST_P_UNMARSHAL, - TPMT_SIGNATURE_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _FieldUpgradeStartDataAddress (&_FieldUpgradeStartData) -#else -#define _FieldUpgradeStartDataAddress 0 -#endif // CC_FieldUpgradeStart - -#if CC_FieldUpgradeData - -#include "FieldUpgradeData_fp.h" - -typedef TPM_RC (FieldUpgradeData_Entry)( - FieldUpgradeData_In *in, - FieldUpgradeData_Out *out -); - -typedef const struct { - FieldUpgradeData_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[1]; - BYTE types[5]; -} FieldUpgradeData_COMMAND_DESCRIPTOR_t; - -FieldUpgradeData_COMMAND_DESCRIPTOR_t _FieldUpgradeDataData = { - /* entry */ &TPM2_FieldUpgradeData, - /* inSize */ (UINT16)(sizeof(FieldUpgradeData_In)), - /* outSize */ (UINT16)(sizeof(FieldUpgradeData_Out)), - /* offsetOfTypes */ offsetof(FieldUpgradeData_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(FieldUpgradeData_Out, firstDigest))}, - /* types */ {TPM2B_MAX_BUFFER_P_UNMARSHAL, - END_OF_LIST, - TPMT_HA_P_MARSHAL, - TPMT_HA_P_MARSHAL, - END_OF_LIST} -}; - -#define _FieldUpgradeDataDataAddress (&_FieldUpgradeDataData) -#else -#define _FieldUpgradeDataDataAddress 0 -#endif // CC_FieldUpgradeData - -#if CC_FirmwareRead - -#include "FirmwareRead_fp.h" - -typedef TPM_RC (FirmwareRead_Entry)( - FirmwareRead_In *in, - FirmwareRead_Out *out -); - -typedef const struct { - FirmwareRead_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - BYTE types[4]; -} FirmwareRead_COMMAND_DESCRIPTOR_t; - -FirmwareRead_COMMAND_DESCRIPTOR_t _FirmwareReadData = { - /* entry */ &TPM2_FirmwareRead, - /* inSize */ (UINT16)(sizeof(FirmwareRead_In)), - /* outSize */ (UINT16)(sizeof(FirmwareRead_Out)), - /* offsetOfTypes */ offsetof(FirmwareRead_COMMAND_DESCRIPTOR_t, types), - /* offsets */ // No parameter offsets; - /* types */ {UINT32_P_UNMARSHAL, - END_OF_LIST, - TPM2B_MAX_BUFFER_P_MARSHAL, - END_OF_LIST} -}; - -#define _FirmwareReadDataAddress (&_FirmwareReadData) -#else -#define _FirmwareReadDataAddress 0 -#endif // CC_FirmwareRead - -#if CC_ContextSave - -#include "ContextSave_fp.h" - -typedef TPM_RC (ContextSave_Entry)( - ContextSave_In *in, - ContextSave_Out *out -); - -typedef const struct { - ContextSave_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - BYTE types[4]; -} ContextSave_COMMAND_DESCRIPTOR_t; - -ContextSave_COMMAND_DESCRIPTOR_t _ContextSaveData = { - /* entry */ &TPM2_ContextSave, - /* inSize */ (UINT16)(sizeof(ContextSave_In)), - /* outSize */ (UINT16)(sizeof(ContextSave_Out)), - /* offsetOfTypes */ offsetof(ContextSave_COMMAND_DESCRIPTOR_t, types), - /* offsets */ // No parameter offsets; - /* types */ {TPMI_DH_CONTEXT_H_UNMARSHAL, - END_OF_LIST, - TPMS_CONTEXT_P_MARSHAL, - END_OF_LIST} -}; - -#define _ContextSaveDataAddress (&_ContextSaveData) -#else -#define _ContextSaveDataAddress 0 -#endif // CC_ContextSave - -#if CC_ContextLoad - -#include "ContextLoad_fp.h" - -typedef TPM_RC (ContextLoad_Entry)( - ContextLoad_In *in, - ContextLoad_Out *out -); - -typedef const struct { - ContextLoad_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - BYTE types[4]; -} ContextLoad_COMMAND_DESCRIPTOR_t; - -ContextLoad_COMMAND_DESCRIPTOR_t _ContextLoadData = { - /* entry */ &TPM2_ContextLoad, - /* inSize */ (UINT16)(sizeof(ContextLoad_In)), - /* outSize */ (UINT16)(sizeof(ContextLoad_Out)), - /* offsetOfTypes */ offsetof(ContextLoad_COMMAND_DESCRIPTOR_t, types), - /* offsets */ // No parameter offsets; - /* types */ {TPMS_CONTEXT_P_UNMARSHAL, - END_OF_LIST, - TPMI_DH_CONTEXT_H_MARSHAL, - END_OF_LIST} -}; - -#define _ContextLoadDataAddress (&_ContextLoadData) -#else -#define _ContextLoadDataAddress 0 -#endif // CC_ContextLoad - -#if CC_FlushContext - -#include "FlushContext_fp.h" - -typedef TPM_RC (FlushContext_Entry)( - FlushContext_In *in -); - -typedef const struct { - FlushContext_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - BYTE types[3]; -} FlushContext_COMMAND_DESCRIPTOR_t; - -FlushContext_COMMAND_DESCRIPTOR_t _FlushContextData = { - /* entry */ &TPM2_FlushContext, - /* inSize */ (UINT16)(sizeof(FlushContext_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(FlushContext_COMMAND_DESCRIPTOR_t, types), - /* offsets */ // No parameter offsets; - /* types */ {TPMI_DH_CONTEXT_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _FlushContextDataAddress (&_FlushContextData) -#else -#define _FlushContextDataAddress 0 -#endif // CC_FlushContext - -#if CC_EvictControl - -#include "EvictControl_fp.h" - -typedef TPM_RC (EvictControl_Entry)( - EvictControl_In *in -); - -typedef const struct { - EvictControl_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[2]; - BYTE types[5]; -} EvictControl_COMMAND_DESCRIPTOR_t; - -EvictControl_COMMAND_DESCRIPTOR_t _EvictControlData = { - /* entry */ &TPM2_EvictControl, - /* inSize */ (UINT16)(sizeof(EvictControl_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(EvictControl_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(EvictControl_In, objectHandle)), - (UINT16)(offsetof(EvictControl_In, persistentHandle))}, - /* types */ {TPMI_RH_PROVISION_H_UNMARSHAL, - TPMI_DH_OBJECT_H_UNMARSHAL, - TPMI_DH_PERSISTENT_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _EvictControlDataAddress (&_EvictControlData) -#else -#define _EvictControlDataAddress 0 -#endif // CC_EvictControl - -#if CC_ReadClock - -#include "ReadClock_fp.h" - -typedef TPM_RC (ReadClock_Entry)( - ReadClock_Out *out -); - -typedef const struct { - ReadClock_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - BYTE types[3]; -} ReadClock_COMMAND_DESCRIPTOR_t; - -ReadClock_COMMAND_DESCRIPTOR_t _ReadClockData = { - /* entry */ &TPM2_ReadClock, - /* inSize */ 0, - /* outSize */ (UINT16)(sizeof(ReadClock_Out)), - /* offsetOfTypes */ offsetof(ReadClock_COMMAND_DESCRIPTOR_t, types), - /* offsets */ // No parameter offsets; - /* types */ {END_OF_LIST, - TPMS_TIME_INFO_P_MARSHAL, - END_OF_LIST} -}; - -#define _ReadClockDataAddress (&_ReadClockData) -#else -#define _ReadClockDataAddress 0 -#endif // CC_ReadClock - -#if CC_ClockSet - -#include "ClockSet_fp.h" - -typedef TPM_RC (ClockSet_Entry)( - ClockSet_In *in -); - -typedef const struct { - ClockSet_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[1]; - BYTE types[4]; -} ClockSet_COMMAND_DESCRIPTOR_t; - -ClockSet_COMMAND_DESCRIPTOR_t _ClockSetData = { - /* entry */ &TPM2_ClockSet, - /* inSize */ (UINT16)(sizeof(ClockSet_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(ClockSet_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(ClockSet_In, newTime))}, - /* types */ {TPMI_RH_PROVISION_H_UNMARSHAL, - UINT64_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _ClockSetDataAddress (&_ClockSetData) -#else -#define _ClockSetDataAddress 0 -#endif // CC_ClockSet - -#if CC_ClockRateAdjust - -#include "ClockRateAdjust_fp.h" - -typedef TPM_RC (ClockRateAdjust_Entry)( - ClockRateAdjust_In *in -); - -typedef const struct { - ClockRateAdjust_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[1]; - BYTE types[4]; -} ClockRateAdjust_COMMAND_DESCRIPTOR_t; - -ClockRateAdjust_COMMAND_DESCRIPTOR_t _ClockRateAdjustData = { - /* entry */ &TPM2_ClockRateAdjust, - /* inSize */ (UINT16)(sizeof(ClockRateAdjust_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(ClockRateAdjust_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(ClockRateAdjust_In, rateAdjust))}, - /* types */ {TPMI_RH_PROVISION_H_UNMARSHAL, - TPM_CLOCK_ADJUST_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _ClockRateAdjustDataAddress (&_ClockRateAdjustData) -#else -#define _ClockRateAdjustDataAddress 0 -#endif // CC_ClockRateAdjust - -#if CC_GetCapability - -#include "GetCapability_fp.h" - -typedef TPM_RC (GetCapability_Entry)( - GetCapability_In *in, - GetCapability_Out *out -); - -typedef const struct { - GetCapability_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[3]; - BYTE types[7]; -} GetCapability_COMMAND_DESCRIPTOR_t; - -GetCapability_COMMAND_DESCRIPTOR_t _GetCapabilityData = { - /* entry */ &TPM2_GetCapability, - /* inSize */ (UINT16)(sizeof(GetCapability_In)), - /* outSize */ (UINT16)(sizeof(GetCapability_Out)), - /* offsetOfTypes */ offsetof(GetCapability_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(GetCapability_In, property)), - (UINT16)(offsetof(GetCapability_In, propertyCount)), - (UINT16)(offsetof(GetCapability_Out, capabilityData))}, - /* types */ {TPM_CAP_P_UNMARSHAL, - UINT32_P_UNMARSHAL, - UINT32_P_UNMARSHAL, - END_OF_LIST, - TPMI_YES_NO_P_MARSHAL, - TPMS_CAPABILITY_DATA_P_MARSHAL, - END_OF_LIST} -}; - -#define _GetCapabilityDataAddress (&_GetCapabilityData) -#else -#define _GetCapabilityDataAddress 0 -#endif // CC_GetCapability - -#if CC_TestParms - -#include "TestParms_fp.h" - -typedef TPM_RC (TestParms_Entry)( - TestParms_In *in -); - -typedef const struct { - TestParms_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - BYTE types[3]; -} TestParms_COMMAND_DESCRIPTOR_t; - -TestParms_COMMAND_DESCRIPTOR_t _TestParmsData = { - /* entry */ &TPM2_TestParms, - /* inSize */ (UINT16)(sizeof(TestParms_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(TestParms_COMMAND_DESCRIPTOR_t, types), - /* offsets */ // No parameter offsets; - /* types */ {TPMT_PUBLIC_PARMS_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _TestParmsDataAddress (&_TestParmsData) -#else -#define _TestParmsDataAddress 0 -#endif // CC_TestParms - -#if CC_NV_DefineSpace - -#include "NV_DefineSpace_fp.h" - -typedef TPM_RC (NV_DefineSpace_Entry)( - NV_DefineSpace_In *in -); - -typedef const struct { - NV_DefineSpace_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[2]; - BYTE types[5]; -} NV_DefineSpace_COMMAND_DESCRIPTOR_t; - -NV_DefineSpace_COMMAND_DESCRIPTOR_t _NV_DefineSpaceData = { - /* entry */ &TPM2_NV_DefineSpace, - /* inSize */ (UINT16)(sizeof(NV_DefineSpace_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(NV_DefineSpace_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(NV_DefineSpace_In, auth)), - (UINT16)(offsetof(NV_DefineSpace_In, publicInfo))}, - /* types */ {TPMI_RH_PROVISION_H_UNMARSHAL, - TPM2B_AUTH_P_UNMARSHAL, - TPM2B_NV_PUBLIC_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _NV_DefineSpaceDataAddress (&_NV_DefineSpaceData) -#else -#define _NV_DefineSpaceDataAddress 0 -#endif // CC_NV_DefineSpace - -#if CC_NV_UndefineSpace - -#include "NV_UndefineSpace_fp.h" - -typedef TPM_RC (NV_UndefineSpace_Entry)( - NV_UndefineSpace_In *in -); - -typedef const struct { - NV_UndefineSpace_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[1]; - BYTE types[4]; -} NV_UndefineSpace_COMMAND_DESCRIPTOR_t; - -NV_UndefineSpace_COMMAND_DESCRIPTOR_t _NV_UndefineSpaceData = { - /* entry */ &TPM2_NV_UndefineSpace, - /* inSize */ (UINT16)(sizeof(NV_UndefineSpace_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(NV_UndefineSpace_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(NV_UndefineSpace_In, nvIndex))}, - /* types */ {TPMI_RH_PROVISION_H_UNMARSHAL, - TPMI_RH_NV_INDEX_H_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _NV_UndefineSpaceDataAddress (&_NV_UndefineSpaceData) -#else -#define _NV_UndefineSpaceDataAddress 0 -#endif // CC_NV_UndefineSpace - -#if CC_NV_UndefineSpaceSpecial - -#include "NV_UndefineSpaceSpecial_fp.h" - -typedef TPM_RC (NV_UndefineSpaceSpecial_Entry)( - NV_UndefineSpaceSpecial_In *in -); - -typedef const struct { - NV_UndefineSpaceSpecial_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[1]; - BYTE types[4]; -} NV_UndefineSpaceSpecial_COMMAND_DESCRIPTOR_t; - -NV_UndefineSpaceSpecial_COMMAND_DESCRIPTOR_t _NV_UndefineSpaceSpecialData = { - /* entry */ &TPM2_NV_UndefineSpaceSpecial, - /* inSize */ (UINT16)(sizeof(NV_UndefineSpaceSpecial_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(NV_UndefineSpaceSpecial_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(NV_UndefineSpaceSpecial_In, platform))}, - /* types */ {TPMI_RH_NV_INDEX_H_UNMARSHAL, - TPMI_RH_PLATFORM_H_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _NV_UndefineSpaceSpecialDataAddress (&_NV_UndefineSpaceSpecialData) -#else -#define _NV_UndefineSpaceSpecialDataAddress 0 -#endif // CC_NV_UndefineSpaceSpecial - -#if CC_NV_ReadPublic - -#include "NV_ReadPublic_fp.h" - -typedef TPM_RC (NV_ReadPublic_Entry)( - NV_ReadPublic_In *in, - NV_ReadPublic_Out *out -); - -typedef const struct { - NV_ReadPublic_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[1]; - BYTE types[5]; -} NV_ReadPublic_COMMAND_DESCRIPTOR_t; - -NV_ReadPublic_COMMAND_DESCRIPTOR_t _NV_ReadPublicData = { - /* entry */ &TPM2_NV_ReadPublic, - /* inSize */ (UINT16)(sizeof(NV_ReadPublic_In)), - /* outSize */ (UINT16)(sizeof(NV_ReadPublic_Out)), - /* offsetOfTypes */ offsetof(NV_ReadPublic_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(NV_ReadPublic_Out, nvName))}, - /* types */ {TPMI_RH_NV_INDEX_H_UNMARSHAL, - END_OF_LIST, - TPM2B_NV_PUBLIC_P_MARSHAL, - TPM2B_NAME_P_MARSHAL, - END_OF_LIST} -}; - -#define _NV_ReadPublicDataAddress (&_NV_ReadPublicData) -#else -#define _NV_ReadPublicDataAddress 0 -#endif // CC_NV_ReadPublic - -#if CC_NV_Write - -#include "NV_Write_fp.h" - -typedef TPM_RC (NV_Write_Entry)( - NV_Write_In *in -); - -typedef const struct { - NV_Write_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[3]; - BYTE types[6]; -} NV_Write_COMMAND_DESCRIPTOR_t; - -NV_Write_COMMAND_DESCRIPTOR_t _NV_WriteData = { - /* entry */ &TPM2_NV_Write, - /* inSize */ (UINT16)(sizeof(NV_Write_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(NV_Write_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(NV_Write_In, nvIndex)), - (UINT16)(offsetof(NV_Write_In, data)), - (UINT16)(offsetof(NV_Write_In, offset))}, - /* types */ {TPMI_RH_NV_AUTH_H_UNMARSHAL, - TPMI_RH_NV_INDEX_H_UNMARSHAL, - TPM2B_MAX_NV_BUFFER_P_UNMARSHAL, - UINT16_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _NV_WriteDataAddress (&_NV_WriteData) -#else -#define _NV_WriteDataAddress 0 -#endif // CC_NV_Write - -#if CC_NV_Increment - -#include "NV_Increment_fp.h" - -typedef TPM_RC (NV_Increment_Entry)( - NV_Increment_In *in -); - -typedef const struct { - NV_Increment_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[1]; - BYTE types[4]; -} NV_Increment_COMMAND_DESCRIPTOR_t; - -NV_Increment_COMMAND_DESCRIPTOR_t _NV_IncrementData = { - /* entry */ &TPM2_NV_Increment, - /* inSize */ (UINT16)(sizeof(NV_Increment_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(NV_Increment_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(NV_Increment_In, nvIndex))}, - /* types */ {TPMI_RH_NV_AUTH_H_UNMARSHAL, - TPMI_RH_NV_INDEX_H_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _NV_IncrementDataAddress (&_NV_IncrementData) -#else -#define _NV_IncrementDataAddress 0 -#endif // CC_NV_Increment - -#if CC_NV_Extend - -#include "NV_Extend_fp.h" - -typedef TPM_RC (NV_Extend_Entry)( - NV_Extend_In *in -); - -typedef const struct { - NV_Extend_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[2]; - BYTE types[5]; -} NV_Extend_COMMAND_DESCRIPTOR_t; - -NV_Extend_COMMAND_DESCRIPTOR_t _NV_ExtendData = { - /* entry */ &TPM2_NV_Extend, - /* inSize */ (UINT16)(sizeof(NV_Extend_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(NV_Extend_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(NV_Extend_In, nvIndex)), - (UINT16)(offsetof(NV_Extend_In, data))}, - /* types */ {TPMI_RH_NV_AUTH_H_UNMARSHAL, - TPMI_RH_NV_INDEX_H_UNMARSHAL, - TPM2B_MAX_NV_BUFFER_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _NV_ExtendDataAddress (&_NV_ExtendData) -#else -#define _NV_ExtendDataAddress 0 -#endif // CC_NV_Extend - -#if CC_NV_SetBits - -#include "NV_SetBits_fp.h" - -typedef TPM_RC (NV_SetBits_Entry)( - NV_SetBits_In *in -); - -typedef const struct { - NV_SetBits_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[2]; - BYTE types[5]; -} NV_SetBits_COMMAND_DESCRIPTOR_t; - -NV_SetBits_COMMAND_DESCRIPTOR_t _NV_SetBitsData = { - /* entry */ &TPM2_NV_SetBits, - /* inSize */ (UINT16)(sizeof(NV_SetBits_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(NV_SetBits_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(NV_SetBits_In, nvIndex)), - (UINT16)(offsetof(NV_SetBits_In, bits))}, - /* types */ {TPMI_RH_NV_AUTH_H_UNMARSHAL, - TPMI_RH_NV_INDEX_H_UNMARSHAL, - UINT64_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _NV_SetBitsDataAddress (&_NV_SetBitsData) -#else -#define _NV_SetBitsDataAddress 0 -#endif // CC_NV_SetBits - -#if CC_NV_WriteLock - -#include "NV_WriteLock_fp.h" - -typedef TPM_RC (NV_WriteLock_Entry)( - NV_WriteLock_In *in -); - -typedef const struct { - NV_WriteLock_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[1]; - BYTE types[4]; -} NV_WriteLock_COMMAND_DESCRIPTOR_t; - -NV_WriteLock_COMMAND_DESCRIPTOR_t _NV_WriteLockData = { - /* entry */ &TPM2_NV_WriteLock, - /* inSize */ (UINT16)(sizeof(NV_WriteLock_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(NV_WriteLock_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(NV_WriteLock_In, nvIndex))}, - /* types */ {TPMI_RH_NV_AUTH_H_UNMARSHAL, - TPMI_RH_NV_INDEX_H_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _NV_WriteLockDataAddress (&_NV_WriteLockData) -#else -#define _NV_WriteLockDataAddress 0 -#endif // CC_NV_WriteLock - -#if CC_NV_GlobalWriteLock - -#include "NV_GlobalWriteLock_fp.h" - -typedef TPM_RC (NV_GlobalWriteLock_Entry)( - NV_GlobalWriteLock_In *in -); - -typedef const struct { - NV_GlobalWriteLock_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - BYTE types[3]; -} NV_GlobalWriteLock_COMMAND_DESCRIPTOR_t; - -NV_GlobalWriteLock_COMMAND_DESCRIPTOR_t _NV_GlobalWriteLockData = { - /* entry */ &TPM2_NV_GlobalWriteLock, - /* inSize */ (UINT16)(sizeof(NV_GlobalWriteLock_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(NV_GlobalWriteLock_COMMAND_DESCRIPTOR_t, types), - /* offsets */ // No parameter offsets; - /* types */ {TPMI_RH_PROVISION_H_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _NV_GlobalWriteLockDataAddress (&_NV_GlobalWriteLockData) -#else -#define _NV_GlobalWriteLockDataAddress 0 -#endif // CC_NV_GlobalWriteLock - -#if CC_NV_Read - -#include "NV_Read_fp.h" - -typedef TPM_RC (NV_Read_Entry)( - NV_Read_In *in, - NV_Read_Out *out -); - -typedef const struct { - NV_Read_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[3]; - BYTE types[7]; -} NV_Read_COMMAND_DESCRIPTOR_t; - -NV_Read_COMMAND_DESCRIPTOR_t _NV_ReadData = { - /* entry */ &TPM2_NV_Read, - /* inSize */ (UINT16)(sizeof(NV_Read_In)), - /* outSize */ (UINT16)(sizeof(NV_Read_Out)), - /* offsetOfTypes */ offsetof(NV_Read_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(NV_Read_In, nvIndex)), - (UINT16)(offsetof(NV_Read_In, size)), - (UINT16)(offsetof(NV_Read_In, offset))}, - /* types */ {TPMI_RH_NV_AUTH_H_UNMARSHAL, - TPMI_RH_NV_INDEX_H_UNMARSHAL, - UINT16_P_UNMARSHAL, - UINT16_P_UNMARSHAL, - END_OF_LIST, - TPM2B_MAX_NV_BUFFER_P_MARSHAL, - END_OF_LIST} -}; - -#define _NV_ReadDataAddress (&_NV_ReadData) -#else -#define _NV_ReadDataAddress 0 -#endif // CC_NV_Read - -#if CC_NV_ReadLock - -#include "NV_ReadLock_fp.h" - -typedef TPM_RC (NV_ReadLock_Entry)( - NV_ReadLock_In *in -); - -typedef const struct { - NV_ReadLock_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[1]; - BYTE types[4]; -} NV_ReadLock_COMMAND_DESCRIPTOR_t; - -NV_ReadLock_COMMAND_DESCRIPTOR_t _NV_ReadLockData = { - /* entry */ &TPM2_NV_ReadLock, - /* inSize */ (UINT16)(sizeof(NV_ReadLock_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(NV_ReadLock_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(NV_ReadLock_In, nvIndex))}, - /* types */ {TPMI_RH_NV_AUTH_H_UNMARSHAL, - TPMI_RH_NV_INDEX_H_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _NV_ReadLockDataAddress (&_NV_ReadLockData) -#else -#define _NV_ReadLockDataAddress 0 -#endif // CC_NV_ReadLock - -#if CC_NV_ChangeAuth - -#include "NV_ChangeAuth_fp.h" - -typedef TPM_RC (NV_ChangeAuth_Entry)( - NV_ChangeAuth_In *in -); - -typedef const struct { - NV_ChangeAuth_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[1]; - BYTE types[4]; -} NV_ChangeAuth_COMMAND_DESCRIPTOR_t; - -NV_ChangeAuth_COMMAND_DESCRIPTOR_t _NV_ChangeAuthData = { - /* entry */ &TPM2_NV_ChangeAuth, - /* inSize */ (UINT16)(sizeof(NV_ChangeAuth_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(NV_ChangeAuth_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(NV_ChangeAuth_In, newAuth))}, - /* types */ {TPMI_RH_NV_INDEX_H_UNMARSHAL, - TPM2B_AUTH_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _NV_ChangeAuthDataAddress (&_NV_ChangeAuthData) -#else -#define _NV_ChangeAuthDataAddress 0 -#endif // CC_NV_ChangeAuth - -#if CC_NV_Certify - -#include "NV_Certify_fp.h" - -typedef TPM_RC (NV_Certify_Entry)( - NV_Certify_In *in, - NV_Certify_Out *out -); - -typedef const struct { - NV_Certify_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[7]; - BYTE types[11]; -} NV_Certify_COMMAND_DESCRIPTOR_t; - -NV_Certify_COMMAND_DESCRIPTOR_t _NV_CertifyData = { - /* entry */ &TPM2_NV_Certify, - /* inSize */ (UINT16)(sizeof(NV_Certify_In)), - /* outSize */ (UINT16)(sizeof(NV_Certify_Out)), - /* offsetOfTypes */ offsetof(NV_Certify_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(NV_Certify_In, authHandle)), - (UINT16)(offsetof(NV_Certify_In, nvIndex)), - (UINT16)(offsetof(NV_Certify_In, qualifyingData)), - (UINT16)(offsetof(NV_Certify_In, inScheme)), - (UINT16)(offsetof(NV_Certify_In, size)), - (UINT16)(offsetof(NV_Certify_In, offset)), - (UINT16)(offsetof(NV_Certify_Out, signature))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL + ADD_FLAG, - TPMI_RH_NV_AUTH_H_UNMARSHAL, - TPMI_RH_NV_INDEX_H_UNMARSHAL, - TPM2B_DATA_P_UNMARSHAL, - TPMT_SIG_SCHEME_P_UNMARSHAL + ADD_FLAG, - UINT16_P_UNMARSHAL, - UINT16_P_UNMARSHAL, - END_OF_LIST, - TPM2B_ATTEST_P_MARSHAL, - TPMT_SIGNATURE_P_MARSHAL, - END_OF_LIST} -}; - -#define _NV_CertifyDataAddress (&_NV_CertifyData) -#else -#define _NV_CertifyDataAddress 0 -#endif // CC_NV_Certify - -#if CC_AC_GetCapability - -#include "AC_GetCapability_fp.h" - -typedef TPM_RC (AC_GetCapability_Entry)( - AC_GetCapability_In *in, - AC_GetCapability_Out *out -); - -typedef const struct { - AC_GetCapability_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[3]; - BYTE types[7]; -} AC_GetCapability_COMMAND_DESCRIPTOR_t; - -AC_GetCapability_COMMAND_DESCRIPTOR_t _AC_GetCapabilityData = { - /* entry */ &TPM2_AC_GetCapability, - /* inSize */ (UINT16)(sizeof(AC_GetCapability_In)), - /* outSize */ (UINT16)(sizeof(AC_GetCapability_Out)), - /* offsetOfTypes */ offsetof(AC_GetCapability_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(AC_GetCapability_In, capability)), - (UINT16)(offsetof(AC_GetCapability_In, count)), - (UINT16)(offsetof(AC_GetCapability_Out, capabilitiesData))}, - /* types */ {TPMI_RH_AC_H_UNMARSHAL, - TPM_AT_P_UNMARSHAL, - UINT32_P_UNMARSHAL, - END_OF_LIST, - TPMI_YES_NO_P_MARSHAL, - TPML_AC_CAPABILITIES_P_MARSHAL, - END_OF_LIST} -}; - -#define _AC_GetCapabilityDataAddress (&_AC_GetCapabilityData) -#else -#define _AC_GetCapabilityDataAddress 0 -#endif // CC_AC_GetCapability - -#if CC_AC_Send - -#include "AC_Send_fp.h" - -typedef TPM_RC (AC_Send_Entry)( - AC_Send_In *in, - AC_Send_Out *out -); - -typedef const struct { - AC_Send_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[3]; - BYTE types[7]; -} AC_Send_COMMAND_DESCRIPTOR_t; - -AC_Send_COMMAND_DESCRIPTOR_t _AC_SendData = { - /* entry */ &TPM2_AC_Send, - /* inSize */ (UINT16)(sizeof(AC_Send_In)), - /* outSize */ (UINT16)(sizeof(AC_Send_Out)), - /* offsetOfTypes */ offsetof(AC_Send_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(AC_Send_In, authHandle)), - (UINT16)(offsetof(AC_Send_In, ac)), - (UINT16)(offsetof(AC_Send_In, acDataIn))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, - TPMI_RH_NV_AUTH_H_UNMARSHAL, - TPMI_RH_AC_H_UNMARSHAL, - TPM2B_MAX_BUFFER_P_UNMARSHAL, - END_OF_LIST, - TPMS_AC_OUTPUT_P_MARSHAL, - END_OF_LIST} -}; - -#define _AC_SendDataAddress (&_AC_SendData) -#else -#define _AC_SendDataAddress 0 -#endif // CC_AC_Send - -#if CC_Policy_AC_SendSelect - -#include "Policy_AC_SendSelect_fp.h" - -typedef TPM_RC (Policy_AC_SendSelect_Entry)( - Policy_AC_SendSelect_In *in -); - -typedef const struct { - Policy_AC_SendSelect_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[4]; - BYTE types[7]; -} Policy_AC_SendSelect_COMMAND_DESCRIPTOR_t; - -Policy_AC_SendSelect_COMMAND_DESCRIPTOR_t _Policy_AC_SendSelectData = { - /* entry */ &TPM2_Policy_AC_SendSelect, - /* inSize */ (UINT16)(sizeof(Policy_AC_SendSelect_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(Policy_AC_SendSelect_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(Policy_AC_SendSelect_In, objectName)), - (UINT16)(offsetof(Policy_AC_SendSelect_In, authHandleName)), - (UINT16)(offsetof(Policy_AC_SendSelect_In, acName)), - (UINT16)(offsetof(Policy_AC_SendSelect_In, includeObject))}, - /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, - TPM2B_NAME_P_UNMARSHAL, - TPM2B_NAME_P_UNMARSHAL, - TPM2B_NAME_P_UNMARSHAL, - TPMI_YES_NO_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _Policy_AC_SendSelectDataAddress (&_Policy_AC_SendSelectData) -#else -#define _Policy_AC_SendSelectDataAddress 0 -#endif // CC_Policy_AC_SendSelect - -#if CC_Vendor_TCG_Test - -#include "Vendor_TCG_Test_fp.h" - -typedef TPM_RC (Vendor_TCG_Test_Entry)( - Vendor_TCG_Test_In *in, - Vendor_TCG_Test_Out *out -); - -typedef const struct { - Vendor_TCG_Test_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - BYTE types[4]; -} Vendor_TCG_Test_COMMAND_DESCRIPTOR_t; - -Vendor_TCG_Test_COMMAND_DESCRIPTOR_t _Vendor_TCG_TestData = { - /* entry */ &TPM2_Vendor_TCG_Test, - /* inSize */ (UINT16)(sizeof(Vendor_TCG_Test_In)), - /* outSize */ (UINT16)(sizeof(Vendor_TCG_Test_Out)), - /* offsetOfTypes */ offsetof(Vendor_TCG_Test_COMMAND_DESCRIPTOR_t, types), - /* offsets */ // No parameter offsets; - /* types */ {TPM2B_DATA_P_UNMARSHAL, - END_OF_LIST, - TPM2B_DATA_P_MARSHAL, - END_OF_LIST} -}; - -#define _Vendor_TCG_TestDataAddress (&_Vendor_TCG_TestData) -#else -#define _Vendor_TCG_TestDataAddress 0 -#endif // CC_Vendor_TCG_Test - -COMMAND_DESCRIPTOR_t *s_CommandDataArray[] = { -#if (PAD_LIST || CC_NV_UndefineSpaceSpecial) - (COMMAND_DESCRIPTOR_t *)_NV_UndefineSpaceSpecialDataAddress, -#endif // CC_NV_UndefineSpaceSpecial -#if (PAD_LIST || CC_EvictControl) - (COMMAND_DESCRIPTOR_t *)_EvictControlDataAddress, -#endif // CC_EvictControl -#if (PAD_LIST || CC_HierarchyControl) - (COMMAND_DESCRIPTOR_t *)_HierarchyControlDataAddress, -#endif // CC_HierarchyControl -#if (PAD_LIST || CC_NV_UndefineSpace) - (COMMAND_DESCRIPTOR_t *)_NV_UndefineSpaceDataAddress, -#endif // CC_NV_UndefineSpace -#if (PAD_LIST) - (COMMAND_DESCRIPTOR_t *)0, -#endif // -#if (PAD_LIST || CC_ChangeEPS) - (COMMAND_DESCRIPTOR_t *)_ChangeEPSDataAddress, -#endif // CC_ChangeEPS -#if (PAD_LIST || CC_ChangePPS) - (COMMAND_DESCRIPTOR_t *)_ChangePPSDataAddress, -#endif // CC_ChangePPS -#if (PAD_LIST || CC_Clear) - (COMMAND_DESCRIPTOR_t *)_ClearDataAddress, -#endif // CC_Clear -#if (PAD_LIST || CC_ClearControl) - (COMMAND_DESCRIPTOR_t *)_ClearControlDataAddress, -#endif // CC_ClearControl -#if (PAD_LIST || CC_ClockSet) - (COMMAND_DESCRIPTOR_t *)_ClockSetDataAddress, -#endif // CC_ClockSet -#if (PAD_LIST || CC_HierarchyChangeAuth) - (COMMAND_DESCRIPTOR_t *)_HierarchyChangeAuthDataAddress, -#endif // CC_HierarchyChangeAuth -#if (PAD_LIST || CC_NV_DefineSpace) - (COMMAND_DESCRIPTOR_t *)_NV_DefineSpaceDataAddress, -#endif // CC_NV_DefineSpace -#if (PAD_LIST || CC_PCR_Allocate) - (COMMAND_DESCRIPTOR_t *)_PCR_AllocateDataAddress, -#endif // CC_PCR_Allocate -#if (PAD_LIST || CC_PCR_SetAuthPolicy) - (COMMAND_DESCRIPTOR_t *)_PCR_SetAuthPolicyDataAddress, -#endif // CC_PCR_SetAuthPolicy -#if (PAD_LIST || CC_PP_Commands) - (COMMAND_DESCRIPTOR_t *)_PP_CommandsDataAddress, -#endif // CC_PP_Commands -#if (PAD_LIST || CC_SetPrimaryPolicy) - (COMMAND_DESCRIPTOR_t *)_SetPrimaryPolicyDataAddress, -#endif // CC_SetPrimaryPolicy -#if (PAD_LIST || CC_FieldUpgradeStart) - (COMMAND_DESCRIPTOR_t *)_FieldUpgradeStartDataAddress, -#endif // CC_FieldUpgradeStart -#if (PAD_LIST || CC_ClockRateAdjust) - (COMMAND_DESCRIPTOR_t *)_ClockRateAdjustDataAddress, -#endif // CC_ClockRateAdjust -#if (PAD_LIST || CC_CreatePrimary) - (COMMAND_DESCRIPTOR_t *)_CreatePrimaryDataAddress, -#endif // CC_CreatePrimary -#if (PAD_LIST || CC_NV_GlobalWriteLock) - (COMMAND_DESCRIPTOR_t *)_NV_GlobalWriteLockDataAddress, -#endif // CC_NV_GlobalWriteLock -#if (PAD_LIST || CC_GetCommandAuditDigest) - (COMMAND_DESCRIPTOR_t *)_GetCommandAuditDigestDataAddress, -#endif // CC_GetCommandAuditDigest -#if (PAD_LIST || CC_NV_Increment) - (COMMAND_DESCRIPTOR_t *)_NV_IncrementDataAddress, -#endif // CC_NV_Increment -#if (PAD_LIST || CC_NV_SetBits) - (COMMAND_DESCRIPTOR_t *)_NV_SetBitsDataAddress, -#endif // CC_NV_SetBits -#if (PAD_LIST || CC_NV_Extend) - (COMMAND_DESCRIPTOR_t *)_NV_ExtendDataAddress, -#endif // CC_NV_Extend -#if (PAD_LIST || CC_NV_Write) - (COMMAND_DESCRIPTOR_t *)_NV_WriteDataAddress, -#endif // CC_NV_Write -#if (PAD_LIST || CC_NV_WriteLock) - (COMMAND_DESCRIPTOR_t *)_NV_WriteLockDataAddress, -#endif // CC_NV_WriteLock -#if (PAD_LIST || CC_DictionaryAttackLockReset) - (COMMAND_DESCRIPTOR_t *)_DictionaryAttackLockResetDataAddress, -#endif // CC_DictionaryAttackLockReset -#if (PAD_LIST || CC_DictionaryAttackParameters) - (COMMAND_DESCRIPTOR_t *)_DictionaryAttackParametersDataAddress, -#endif // CC_DictionaryAttackParameters -#if (PAD_LIST || CC_NV_ChangeAuth) - (COMMAND_DESCRIPTOR_t *)_NV_ChangeAuthDataAddress, -#endif // CC_NV_ChangeAuth -#if (PAD_LIST || CC_PCR_Event) - (COMMAND_DESCRIPTOR_t *)_PCR_EventDataAddress, -#endif // CC_PCR_Event -#if (PAD_LIST || CC_PCR_Reset) - (COMMAND_DESCRIPTOR_t *)_PCR_ResetDataAddress, -#endif // CC_PCR_Reset -#if (PAD_LIST || CC_SequenceComplete) - (COMMAND_DESCRIPTOR_t *)_SequenceCompleteDataAddress, -#endif // CC_SequenceComplete -#if (PAD_LIST || CC_SetAlgorithmSet) - (COMMAND_DESCRIPTOR_t *)_SetAlgorithmSetDataAddress, -#endif // CC_SetAlgorithmSet -#if (PAD_LIST || CC_SetCommandCodeAuditStatus) - (COMMAND_DESCRIPTOR_t *)_SetCommandCodeAuditStatusDataAddress, -#endif // CC_SetCommandCodeAuditStatus -#if (PAD_LIST || CC_FieldUpgradeData) - (COMMAND_DESCRIPTOR_t *)_FieldUpgradeDataDataAddress, -#endif // CC_FieldUpgradeData -#if (PAD_LIST || CC_IncrementalSelfTest) - (COMMAND_DESCRIPTOR_t *)_IncrementalSelfTestDataAddress, -#endif // CC_IncrementalSelfTest -#if (PAD_LIST || CC_SelfTest) - (COMMAND_DESCRIPTOR_t *)_SelfTestDataAddress, -#endif // CC_SelfTest -#if (PAD_LIST || CC_Startup) - (COMMAND_DESCRIPTOR_t *)_StartupDataAddress, -#endif // CC_Startup -#if (PAD_LIST || CC_Shutdown) - (COMMAND_DESCRIPTOR_t *)_ShutdownDataAddress, -#endif // CC_Shutdown -#if (PAD_LIST || CC_StirRandom) - (COMMAND_DESCRIPTOR_t *)_StirRandomDataAddress, -#endif // CC_StirRandom -#if (PAD_LIST || CC_ActivateCredential) - (COMMAND_DESCRIPTOR_t *)_ActivateCredentialDataAddress, -#endif // CC_ActivateCredential -#if (PAD_LIST || CC_Certify) - (COMMAND_DESCRIPTOR_t *)_CertifyDataAddress, -#endif // CC_Certify -#if (PAD_LIST || CC_PolicyNV) - (COMMAND_DESCRIPTOR_t *)_PolicyNVDataAddress, -#endif // CC_PolicyNV -#if (PAD_LIST || CC_CertifyCreation) - (COMMAND_DESCRIPTOR_t *)_CertifyCreationDataAddress, -#endif // CC_CertifyCreation -#if (PAD_LIST || CC_Duplicate) - (COMMAND_DESCRIPTOR_t *)_DuplicateDataAddress, -#endif // CC_Duplicate -#if (PAD_LIST || CC_GetTime) - (COMMAND_DESCRIPTOR_t *)_GetTimeDataAddress, -#endif // CC_GetTime -#if (PAD_LIST || CC_GetSessionAuditDigest) - (COMMAND_DESCRIPTOR_t *)_GetSessionAuditDigestDataAddress, -#endif // CC_GetSessionAuditDigest -#if (PAD_LIST || CC_NV_Read) - (COMMAND_DESCRIPTOR_t *)_NV_ReadDataAddress, -#endif // CC_NV_Read -#if (PAD_LIST || CC_NV_ReadLock) - (COMMAND_DESCRIPTOR_t *)_NV_ReadLockDataAddress, -#endif // CC_NV_ReadLock -#if (PAD_LIST || CC_ObjectChangeAuth) - (COMMAND_DESCRIPTOR_t *)_ObjectChangeAuthDataAddress, -#endif // CC_ObjectChangeAuth -#if (PAD_LIST || CC_PolicySecret) - (COMMAND_DESCRIPTOR_t *)_PolicySecretDataAddress, -#endif // CC_PolicySecret -#if (PAD_LIST || CC_Rewrap) - (COMMAND_DESCRIPTOR_t *)_RewrapDataAddress, -#endif // CC_Rewrap -#if (PAD_LIST || CC_Create) - (COMMAND_DESCRIPTOR_t *)_CreateDataAddress, -#endif // CC_Create -#if (PAD_LIST || CC_ECDH_ZGen) - (COMMAND_DESCRIPTOR_t *)_ECDH_ZGenDataAddress, -#endif // CC_ECDH_ZGen -#if (PAD_LIST || (CC_HMAC || CC_MAC)) -# if CC_HMAC - (COMMAND_DESCRIPTOR_t *)_HMACDataAddress, -# endif -# if CC_MAC - (COMMAND_DESCRIPTOR_t *)_MACDataAddress, -# endif -# if (CC_HMAC || CC_MAC) > 1 -# error "More than one aliased command defined" -# endif -#endif // CC_HMAC CC_MAC -#if (PAD_LIST || CC_Import) - (COMMAND_DESCRIPTOR_t *)_ImportDataAddress, -#endif // CC_Import -#if (PAD_LIST || CC_Load) - (COMMAND_DESCRIPTOR_t *)_LoadDataAddress, -#endif // CC_Load -#if (PAD_LIST || CC_Quote) - (COMMAND_DESCRIPTOR_t *)_QuoteDataAddress, -#endif // CC_Quote -#if (PAD_LIST || CC_RSA_Decrypt) - (COMMAND_DESCRIPTOR_t *)_RSA_DecryptDataAddress, -#endif // CC_RSA_Decrypt -#if (PAD_LIST) - (COMMAND_DESCRIPTOR_t *)0, -#endif // -#if (PAD_LIST || (CC_HMAC_Start || CC_MAC_Start)) -# if CC_HMAC_Start - (COMMAND_DESCRIPTOR_t *)_HMAC_StartDataAddress, -# endif -# if CC_MAC_Start - (COMMAND_DESCRIPTOR_t *)_MAC_StartDataAddress, -# endif -# if (CC_HMAC_Start || CC_MAC_Start) > 1 -# error "More than one aliased command defined" -# endif -#endif // CC_HMAC_Start CC_MAC_Start -#if (PAD_LIST || CC_SequenceUpdate) - (COMMAND_DESCRIPTOR_t *)_SequenceUpdateDataAddress, -#endif // CC_SequenceUpdate -#if (PAD_LIST || CC_Sign) - (COMMAND_DESCRIPTOR_t *)_SignDataAddress, -#endif // CC_Sign -#if (PAD_LIST || CC_Unseal) - (COMMAND_DESCRIPTOR_t *)_UnsealDataAddress, -#endif // CC_Unseal -#if (PAD_LIST) - (COMMAND_DESCRIPTOR_t *)0, -#endif // -#if (PAD_LIST || CC_PolicySigned) - (COMMAND_DESCRIPTOR_t *)_PolicySignedDataAddress, -#endif // CC_PolicySigned -#if (PAD_LIST || CC_ContextLoad) - (COMMAND_DESCRIPTOR_t *)_ContextLoadDataAddress, -#endif // CC_ContextLoad -#if (PAD_LIST || CC_ContextSave) - (COMMAND_DESCRIPTOR_t *)_ContextSaveDataAddress, -#endif // CC_ContextSave -#if (PAD_LIST || CC_ECDH_KeyGen) - (COMMAND_DESCRIPTOR_t *)_ECDH_KeyGenDataAddress, -#endif // CC_ECDH_KeyGen -#if (PAD_LIST || CC_EncryptDecrypt) - (COMMAND_DESCRIPTOR_t *)_EncryptDecryptDataAddress, -#endif // CC_EncryptDecrypt -#if (PAD_LIST || CC_FlushContext) - (COMMAND_DESCRIPTOR_t *)_FlushContextDataAddress, -#endif // CC_FlushContext -#if (PAD_LIST) - (COMMAND_DESCRIPTOR_t *)0, -#endif // -#if (PAD_LIST || CC_LoadExternal) - (COMMAND_DESCRIPTOR_t *)_LoadExternalDataAddress, -#endif // CC_LoadExternal -#if (PAD_LIST || CC_MakeCredential) - (COMMAND_DESCRIPTOR_t *)_MakeCredentialDataAddress, -#endif // CC_MakeCredential -#if (PAD_LIST || CC_NV_ReadPublic) - (COMMAND_DESCRIPTOR_t *)_NV_ReadPublicDataAddress, -#endif // CC_NV_ReadPublic -#if (PAD_LIST || CC_PolicyAuthorize) - (COMMAND_DESCRIPTOR_t *)_PolicyAuthorizeDataAddress, -#endif // CC_PolicyAuthorize -#if (PAD_LIST || CC_PolicyAuthValue) - (COMMAND_DESCRIPTOR_t *)_PolicyAuthValueDataAddress, -#endif // CC_PolicyAuthValue -#if (PAD_LIST || CC_PolicyCommandCode) - (COMMAND_DESCRIPTOR_t *)_PolicyCommandCodeDataAddress, -#endif // CC_PolicyCommandCode -#if (PAD_LIST || CC_PolicyCounterTimer) - (COMMAND_DESCRIPTOR_t *)_PolicyCounterTimerDataAddress, -#endif // CC_PolicyCounterTimer -#if (PAD_LIST || CC_PolicyCpHash) - (COMMAND_DESCRIPTOR_t *)_PolicyCpHashDataAddress, -#endif // CC_PolicyCpHash -#if (PAD_LIST || CC_PolicyLocality) - (COMMAND_DESCRIPTOR_t *)_PolicyLocalityDataAddress, -#endif // CC_PolicyLocality -#if (PAD_LIST || CC_PolicyNameHash) - (COMMAND_DESCRIPTOR_t *)_PolicyNameHashDataAddress, -#endif // CC_PolicyNameHash -#if (PAD_LIST || CC_PolicyOR) - (COMMAND_DESCRIPTOR_t *)_PolicyORDataAddress, -#endif // CC_PolicyOR -#if (PAD_LIST || CC_PolicyTicket) - (COMMAND_DESCRIPTOR_t *)_PolicyTicketDataAddress, -#endif // CC_PolicyTicket -#if (PAD_LIST || CC_ReadPublic) - (COMMAND_DESCRIPTOR_t *)_ReadPublicDataAddress, -#endif // CC_ReadPublic -#if (PAD_LIST || CC_RSA_Encrypt) - (COMMAND_DESCRIPTOR_t *)_RSA_EncryptDataAddress, -#endif // CC_RSA_Encrypt -#if (PAD_LIST) - (COMMAND_DESCRIPTOR_t *)0, -#endif // -#if (PAD_LIST || CC_StartAuthSession) - (COMMAND_DESCRIPTOR_t *)_StartAuthSessionDataAddress, -#endif // CC_StartAuthSession -#if (PAD_LIST || CC_VerifySignature) - (COMMAND_DESCRIPTOR_t *)_VerifySignatureDataAddress, -#endif // CC_VerifySignature -#if (PAD_LIST || CC_ECC_Parameters) - (COMMAND_DESCRIPTOR_t *)_ECC_ParametersDataAddress, -#endif // CC_ECC_Parameters -#if (PAD_LIST || CC_FirmwareRead) - (COMMAND_DESCRIPTOR_t *)_FirmwareReadDataAddress, -#endif // CC_FirmwareRead -#if (PAD_LIST || CC_GetCapability) - (COMMAND_DESCRIPTOR_t *)_GetCapabilityDataAddress, -#endif // CC_GetCapability -#if (PAD_LIST || CC_GetRandom) - (COMMAND_DESCRIPTOR_t *)_GetRandomDataAddress, -#endif // CC_GetRandom -#if (PAD_LIST || CC_GetTestResult) - (COMMAND_DESCRIPTOR_t *)_GetTestResultDataAddress, -#endif // CC_GetTestResult -#if (PAD_LIST || CC_Hash) - (COMMAND_DESCRIPTOR_t *)_HashDataAddress, -#endif // CC_Hash -#if (PAD_LIST || CC_PCR_Read) - (COMMAND_DESCRIPTOR_t *)_PCR_ReadDataAddress, -#endif // CC_PCR_Read -#if (PAD_LIST || CC_PolicyPCR) - (COMMAND_DESCRIPTOR_t *)_PolicyPCRDataAddress, -#endif // CC_PolicyPCR -#if (PAD_LIST || CC_PolicyRestart) - (COMMAND_DESCRIPTOR_t *)_PolicyRestartDataAddress, -#endif // CC_PolicyRestart -#if (PAD_LIST || CC_ReadClock) - (COMMAND_DESCRIPTOR_t *)_ReadClockDataAddress, -#endif // CC_ReadClock -#if (PAD_LIST || CC_PCR_Extend) - (COMMAND_DESCRIPTOR_t *)_PCR_ExtendDataAddress, -#endif // CC_PCR_Extend -#if (PAD_LIST || CC_PCR_SetAuthValue) - (COMMAND_DESCRIPTOR_t *)_PCR_SetAuthValueDataAddress, -#endif // CC_PCR_SetAuthValue -#if (PAD_LIST || CC_NV_Certify) - (COMMAND_DESCRIPTOR_t *)_NV_CertifyDataAddress, -#endif // CC_NV_Certify -#if (PAD_LIST || CC_EventSequenceComplete) - (COMMAND_DESCRIPTOR_t *)_EventSequenceCompleteDataAddress, -#endif // CC_EventSequenceComplete -#if (PAD_LIST || CC_HashSequenceStart) - (COMMAND_DESCRIPTOR_t *)_HashSequenceStartDataAddress, -#endif // CC_HashSequenceStart -#if (PAD_LIST || CC_PolicyPhysicalPresence) - (COMMAND_DESCRIPTOR_t *)_PolicyPhysicalPresenceDataAddress, -#endif // CC_PolicyPhysicalPresence -#if (PAD_LIST || CC_PolicyDuplicationSelect) - (COMMAND_DESCRIPTOR_t *)_PolicyDuplicationSelectDataAddress, -#endif // CC_PolicyDuplicationSelect -#if (PAD_LIST || CC_PolicyGetDigest) - (COMMAND_DESCRIPTOR_t *)_PolicyGetDigestDataAddress, -#endif // CC_PolicyGetDigest -#if (PAD_LIST || CC_TestParms) - (COMMAND_DESCRIPTOR_t *)_TestParmsDataAddress, -#endif // CC_TestParms -#if (PAD_LIST || CC_Commit) - (COMMAND_DESCRIPTOR_t *)_CommitDataAddress, -#endif // CC_Commit -#if (PAD_LIST || CC_PolicyPassword) - (COMMAND_DESCRIPTOR_t *)_PolicyPasswordDataAddress, -#endif // CC_PolicyPassword -#if (PAD_LIST || CC_ZGen_2Phase) - (COMMAND_DESCRIPTOR_t *)_ZGen_2PhaseDataAddress, -#endif // CC_ZGen_2Phase -#if (PAD_LIST || CC_EC_Ephemeral) - (COMMAND_DESCRIPTOR_t *)_EC_EphemeralDataAddress, -#endif // CC_EC_Ephemeral -#if (PAD_LIST || CC_PolicyNvWritten) - (COMMAND_DESCRIPTOR_t *)_PolicyNvWrittenDataAddress, -#endif // CC_PolicyNvWritten -#if (PAD_LIST || CC_PolicyTemplate) - (COMMAND_DESCRIPTOR_t *)_PolicyTemplateDataAddress, -#endif // CC_PolicyTemplate -#if (PAD_LIST || CC_CreateLoaded) - (COMMAND_DESCRIPTOR_t *)_CreateLoadedDataAddress, -#endif // CC_CreateLoaded -#if (PAD_LIST || CC_PolicyAuthorizeNV) - (COMMAND_DESCRIPTOR_t *)_PolicyAuthorizeNVDataAddress, -#endif // CC_PolicyAuthorizeNV -#if (PAD_LIST || CC_EncryptDecrypt2) - (COMMAND_DESCRIPTOR_t *)_EncryptDecrypt2DataAddress, -#endif // CC_EncryptDecrypt2 -#if (PAD_LIST || CC_AC_GetCapability) - (COMMAND_DESCRIPTOR_t *)_AC_GetCapabilityDataAddress, -#endif // CC_AC_GetCapability -#if (PAD_LIST || CC_AC_Send) - (COMMAND_DESCRIPTOR_t *)_AC_SendDataAddress, -#endif // CC_AC_Send -#if (PAD_LIST || CC_Policy_AC_SendSelect) - (COMMAND_DESCRIPTOR_t *)_Policy_AC_SendSelectDataAddress, -#endif // CC_Policy_AC_SendSelect -#if (PAD_LIST || CC_CertifyX509) - (COMMAND_DESCRIPTOR_t *)_CertifyX509DataAddress, -#endif // CC_CertifyX509 -#if (PAD_LIST || CC_Vendor_TCG_Test) - (COMMAND_DESCRIPTOR_t *)_Vendor_TCG_TestDataAddress, -#endif // CC_Vendor_TCG_Test - 0 -}; - - -#endif // _COMMAND_TABLE_DISPATCH_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CommandDispatcher.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CommandDispatcher.h deleted file mode 100644 index 78c3f855a..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CommandDispatcher.h +++ /dev/null @@ -1,2051 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmDispatch; Version 4.0 July 8,2017 - * Date: Oct 27, 2018 Time: 06:49:39PM - */ - -// This macro is added just so that the code is only excessively long. -#define EXIT_IF_ERROR_PLUS(x) \ - if(TPM_RC_SUCCESS != result) { result += (x); goto Exit; } -#if CC_Startup -case TPM_CC_Startup: { - Startup_In *in = (Startup_In *) - MemoryGetInBuffer(sizeof(Startup_In)); - result = TPM_SU_Unmarshal(&in->startupType, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_Startup_startupType); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_Startup (in); -break; -} -#endif // CC_Startup -#if CC_Shutdown -case TPM_CC_Shutdown: { - Shutdown_In *in = (Shutdown_In *) - MemoryGetInBuffer(sizeof(Shutdown_In)); - result = TPM_SU_Unmarshal(&in->shutdownType, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_Shutdown_shutdownType); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_Shutdown (in); -break; -} -#endif // CC_Shutdown -#if CC_SelfTest -case TPM_CC_SelfTest: { - SelfTest_In *in = (SelfTest_In *) - MemoryGetInBuffer(sizeof(SelfTest_In)); - result = TPMI_YES_NO_Unmarshal(&in->fullTest, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_SelfTest_fullTest); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_SelfTest (in); -break; -} -#endif // CC_SelfTest -#if CC_IncrementalSelfTest -case TPM_CC_IncrementalSelfTest: { - IncrementalSelfTest_In *in = (IncrementalSelfTest_In *) - MemoryGetInBuffer(sizeof(IncrementalSelfTest_In)); - IncrementalSelfTest_Out *out = (IncrementalSelfTest_Out *) - MemoryGetOutBuffer(sizeof(IncrementalSelfTest_Out)); - result = TPML_ALG_Unmarshal(&in->toTest, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_IncrementalSelfTest_toTest); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_IncrementalSelfTest (in, out); - rSize = sizeof(IncrementalSelfTest_Out); - *respParmSize += TPML_ALG_Marshal(&out->toDoList, - responseBuffer, &rSize); -break; -} -#endif // CC_IncrementalSelfTest -#if CC_GetTestResult -case TPM_CC_GetTestResult: { - GetTestResult_Out *out = (GetTestResult_Out *) - MemoryGetOutBuffer(sizeof(GetTestResult_Out)); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_GetTestResult (out); - rSize = sizeof(GetTestResult_Out); - *respParmSize += TPM2B_MAX_BUFFER_Marshal(&out->outData, - responseBuffer, &rSize); - *respParmSize += TPM_RC_Marshal(&out->testResult, - responseBuffer, &rSize); -break; -} -#endif // CC_GetTestResult -#if CC_StartAuthSession -case TPM_CC_StartAuthSession: { - StartAuthSession_In *in = (StartAuthSession_In *) - MemoryGetInBuffer(sizeof(StartAuthSession_In)); - StartAuthSession_Out *out = (StartAuthSession_Out *) - MemoryGetOutBuffer(sizeof(StartAuthSession_Out)); - in->tpmKey = handles[0]; - in->bind = handles[1]; - result = TPM2B_NONCE_Unmarshal(&in->nonceCaller, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_StartAuthSession_nonceCaller); - result = TPM2B_ENCRYPTED_SECRET_Unmarshal(&in->encryptedSalt, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_StartAuthSession_encryptedSalt); - result = TPM_SE_Unmarshal(&in->sessionType, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_StartAuthSession_sessionType); - result = TPMT_SYM_DEF_Unmarshal(&in->symmetric, paramBuffer, paramBufferSize, TRUE); - ERROR_IF_EXIT_PLUS(RC_StartAuthSession_symmetric); - result = TPMI_ALG_HASH_Unmarshal(&in->authHash, paramBuffer, paramBufferSize, FALSE); - ERROR_IF_EXIT_PLUS(RC_StartAuthSession_authHash); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_StartAuthSession (in, out); - rSize = sizeof(StartAuthSession_Out); - if(TPM_RC_SUCCESS != result) goto Exit; -; command->handles[command->handleNum++] = out->sessionHandle; - *respParmSize += TPM2B_NONCE_Marshal(&out->nonceTPM, - responseBuffer, &rSize); -break; -} -#endif // CC_StartAuthSession -#if CC_PolicyRestart -case TPM_CC_PolicyRestart: { - PolicyRestart_In *in = (PolicyRestart_In *) - MemoryGetInBuffer(sizeof(PolicyRestart_In)); - in->sessionHandle = handles[0]; - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_PolicyRestart (in); -break; -} -#endif // CC_PolicyRestart -#if CC_Create -case TPM_CC_Create: { - Create_In *in = (Create_In *) - MemoryGetInBuffer(sizeof(Create_In)); - Create_Out *out = (Create_Out *) - MemoryGetOutBuffer(sizeof(Create_Out)); - in->parentHandle = handles[0]; - result = TPM2B_SENSITIVE_CREATE_Unmarshal(&in->inSensitive, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_Create_inSensitive); - result = TPM2B_PUBLIC_Unmarshal(&in->inPublic, paramBuffer, paramBufferSize, FALSE); - ERROR_IF_EXIT_PLUS(RC_Create_inPublic); - result = TPM2B_DATA_Unmarshal(&in->outsideInfo, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_Create_outsideInfo); - result = TPML_PCR_SELECTION_Unmarshal(&in->creationPCR, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_Create_creationPCR); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_Create (in, out); - rSize = sizeof(Create_Out); - *respParmSize += TPM2B_PRIVATE_Marshal(&out->outPrivate, - responseBuffer, &rSize); - *respParmSize += TPM2B_PUBLIC_Marshal(&out->outPublic, - responseBuffer, &rSize); - *respParmSize += TPM2B_CREATION_DATA_Marshal(&out->creationData, - responseBuffer, &rSize); - *respParmSize += TPM2B_DIGEST_Marshal(&out->creationHash, - responseBuffer, &rSize); - *respParmSize += TPMT_TK_CREATION_Marshal(&out->creationTicket, - responseBuffer, &rSize); -break; -} -#endif // CC_Create -#if CC_Load -case TPM_CC_Load: { - Load_In *in = (Load_In *) - MemoryGetInBuffer(sizeof(Load_In)); - Load_Out *out = (Load_Out *) - MemoryGetOutBuffer(sizeof(Load_Out)); - in->parentHandle = handles[0]; - result = TPM2B_PRIVATE_Unmarshal(&in->inPrivate, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_Load_inPrivate); - result = TPM2B_PUBLIC_Unmarshal(&in->inPublic, paramBuffer, paramBufferSize, FALSE); - ERROR_IF_EXIT_PLUS(RC_Load_inPublic); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_Load (in, out); - rSize = sizeof(Load_Out); - if(TPM_RC_SUCCESS != result) goto Exit; -; command->handles[command->handleNum++] = out->objectHandle; - *respParmSize += TPM2B_NAME_Marshal(&out->name, - responseBuffer, &rSize); -break; -} -#endif // CC_Load -#if CC_LoadExternal -case TPM_CC_LoadExternal: { - LoadExternal_In *in = (LoadExternal_In *) - MemoryGetInBuffer(sizeof(LoadExternal_In)); - LoadExternal_Out *out = (LoadExternal_Out *) - MemoryGetOutBuffer(sizeof(LoadExternal_Out)); - result = TPM2B_SENSITIVE_Unmarshal(&in->inPrivate, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_LoadExternal_inPrivate); - result = TPM2B_PUBLIC_Unmarshal(&in->inPublic, paramBuffer, paramBufferSize, TRUE); - ERROR_IF_EXIT_PLUS(RC_LoadExternal_inPublic); - result = TPMI_RH_HIERARCHY_Unmarshal(&in->hierarchy, paramBuffer, paramBufferSize, TRUE); - ERROR_IF_EXIT_PLUS(RC_LoadExternal_hierarchy); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_LoadExternal (in, out); - rSize = sizeof(LoadExternal_Out); - if(TPM_RC_SUCCESS != result) goto Exit; -; command->handles[command->handleNum++] = out->objectHandle; - *respParmSize += TPM2B_NAME_Marshal(&out->name, - responseBuffer, &rSize); -break; -} -#endif // CC_LoadExternal -#if CC_ReadPublic -case TPM_CC_ReadPublic: { - ReadPublic_In *in = (ReadPublic_In *) - MemoryGetInBuffer(sizeof(ReadPublic_In)); - ReadPublic_Out *out = (ReadPublic_Out *) - MemoryGetOutBuffer(sizeof(ReadPublic_Out)); - in->objectHandle = handles[0]; - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_ReadPublic (in, out); - rSize = sizeof(ReadPublic_Out); - *respParmSize += TPM2B_PUBLIC_Marshal(&out->outPublic, - responseBuffer, &rSize); - *respParmSize += TPM2B_NAME_Marshal(&out->name, - responseBuffer, &rSize); - *respParmSize += TPM2B_NAME_Marshal(&out->qualifiedName, - responseBuffer, &rSize); -break; -} -#endif // CC_ReadPublic -#if CC_ActivateCredential -case TPM_CC_ActivateCredential: { - ActivateCredential_In *in = (ActivateCredential_In *) - MemoryGetInBuffer(sizeof(ActivateCredential_In)); - ActivateCredential_Out *out = (ActivateCredential_Out *) - MemoryGetOutBuffer(sizeof(ActivateCredential_Out)); - in->activateHandle = handles[0]; - in->keyHandle = handles[1]; - result = TPM2B_ID_OBJECT_Unmarshal(&in->credentialBlob, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_ActivateCredential_credentialBlob); - result = TPM2B_ENCRYPTED_SECRET_Unmarshal(&in->secret, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_ActivateCredential_secret); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_ActivateCredential (in, out); - rSize = sizeof(ActivateCredential_Out); - *respParmSize += TPM2B_DIGEST_Marshal(&out->certInfo, - responseBuffer, &rSize); -break; -} -#endif // CC_ActivateCredential -#if CC_MakeCredential -case TPM_CC_MakeCredential: { - MakeCredential_In *in = (MakeCredential_In *) - MemoryGetInBuffer(sizeof(MakeCredential_In)); - MakeCredential_Out *out = (MakeCredential_Out *) - MemoryGetOutBuffer(sizeof(MakeCredential_Out)); - in->handle = handles[0]; - result = TPM2B_DIGEST_Unmarshal(&in->credential, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_MakeCredential_credential); - result = TPM2B_NAME_Unmarshal(&in->objectName, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_MakeCredential_objectName); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_MakeCredential (in, out); - rSize = sizeof(MakeCredential_Out); - *respParmSize += TPM2B_ID_OBJECT_Marshal(&out->credentialBlob, - responseBuffer, &rSize); - *respParmSize += TPM2B_ENCRYPTED_SECRET_Marshal(&out->secret, - responseBuffer, &rSize); -break; -} -#endif // CC_MakeCredential -#if CC_Unseal -case TPM_CC_Unseal: { - Unseal_In *in = (Unseal_In *) - MemoryGetInBuffer(sizeof(Unseal_In)); - Unseal_Out *out = (Unseal_Out *) - MemoryGetOutBuffer(sizeof(Unseal_Out)); - in->itemHandle = handles[0]; - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_Unseal (in, out); - rSize = sizeof(Unseal_Out); - *respParmSize += TPM2B_SENSITIVE_DATA_Marshal(&out->outData, - responseBuffer, &rSize); -break; -} -#endif // CC_Unseal -#if CC_ObjectChangeAuth -case TPM_CC_ObjectChangeAuth: { - ObjectChangeAuth_In *in = (ObjectChangeAuth_In *) - MemoryGetInBuffer(sizeof(ObjectChangeAuth_In)); - ObjectChangeAuth_Out *out = (ObjectChangeAuth_Out *) - MemoryGetOutBuffer(sizeof(ObjectChangeAuth_Out)); - in->objectHandle = handles[0]; - in->parentHandle = handles[1]; - result = TPM2B_AUTH_Unmarshal(&in->newAuth, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_ObjectChangeAuth_newAuth); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_ObjectChangeAuth (in, out); - rSize = sizeof(ObjectChangeAuth_Out); - *respParmSize += TPM2B_PRIVATE_Marshal(&out->outPrivate, - responseBuffer, &rSize); -break; -} -#endif // CC_ObjectChangeAuth -#if CC_CreateLoaded -case TPM_CC_CreateLoaded: { - CreateLoaded_In *in = (CreateLoaded_In *) - MemoryGetInBuffer(sizeof(CreateLoaded_In)); - CreateLoaded_Out *out = (CreateLoaded_Out *) - MemoryGetOutBuffer(sizeof(CreateLoaded_Out)); - in->parentHandle = handles[0]; - result = TPM2B_SENSITIVE_CREATE_Unmarshal(&in->inSensitive, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_CreateLoaded_inSensitive); - result = TPM2B_TEMPLATE_Unmarshal(&in->inPublic, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_CreateLoaded_inPublic); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_CreateLoaded (in, out); - rSize = sizeof(CreateLoaded_Out); - if(TPM_RC_SUCCESS != result) goto Exit; -; command->handles[command->handleNum++] = out->objectHandle; - *respParmSize += TPM2B_PRIVATE_Marshal(&out->outPrivate, - responseBuffer, &rSize); - *respParmSize += TPM2B_PUBLIC_Marshal(&out->outPublic, - responseBuffer, &rSize); - *respParmSize += TPM2B_NAME_Marshal(&out->name, - responseBuffer, &rSize); -break; -} -#endif // CC_CreateLoaded -#if CC_Duplicate -case TPM_CC_Duplicate: { - Duplicate_In *in = (Duplicate_In *) - MemoryGetInBuffer(sizeof(Duplicate_In)); - Duplicate_Out *out = (Duplicate_Out *) - MemoryGetOutBuffer(sizeof(Duplicate_Out)); - in->objectHandle = handles[0]; - in->newParentHandle = handles[1]; - result = TPM2B_DATA_Unmarshal(&in->encryptionKeyIn, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_Duplicate_encryptionKeyIn); - result = TPMT_SYM_DEF_OBJECT_Unmarshal(&in->symmetricAlg, paramBuffer, paramBufferSize, TRUE); - ERROR_IF_EXIT_PLUS(RC_Duplicate_symmetricAlg); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_Duplicate (in, out); - rSize = sizeof(Duplicate_Out); - *respParmSize += TPM2B_DATA_Marshal(&out->encryptionKeyOut, - responseBuffer, &rSize); - *respParmSize += TPM2B_PRIVATE_Marshal(&out->duplicate, - responseBuffer, &rSize); - *respParmSize += TPM2B_ENCRYPTED_SECRET_Marshal(&out->outSymSeed, - responseBuffer, &rSize); -break; -} -#endif // CC_Duplicate -#if CC_Rewrap -case TPM_CC_Rewrap: { - Rewrap_In *in = (Rewrap_In *) - MemoryGetInBuffer(sizeof(Rewrap_In)); - Rewrap_Out *out = (Rewrap_Out *) - MemoryGetOutBuffer(sizeof(Rewrap_Out)); - in->oldParent = handles[0]; - in->newParent = handles[1]; - result = TPM2B_PRIVATE_Unmarshal(&in->inDuplicate, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_Rewrap_inDuplicate); - result = TPM2B_NAME_Unmarshal(&in->name, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_Rewrap_name); - result = TPM2B_ENCRYPTED_SECRET_Unmarshal(&in->inSymSeed, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_Rewrap_inSymSeed); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_Rewrap (in, out); - rSize = sizeof(Rewrap_Out); - *respParmSize += TPM2B_PRIVATE_Marshal(&out->outDuplicate, - responseBuffer, &rSize); - *respParmSize += TPM2B_ENCRYPTED_SECRET_Marshal(&out->outSymSeed, - responseBuffer, &rSize); -break; -} -#endif // CC_Rewrap -#if CC_Import -case TPM_CC_Import: { - Import_In *in = (Import_In *) - MemoryGetInBuffer(sizeof(Import_In)); - Import_Out *out = (Import_Out *) - MemoryGetOutBuffer(sizeof(Import_Out)); - in->parentHandle = handles[0]; - result = TPM2B_DATA_Unmarshal(&in->encryptionKey, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_Import_encryptionKey); - result = TPM2B_PUBLIC_Unmarshal(&in->objectPublic, paramBuffer, paramBufferSize, FALSE); - ERROR_IF_EXIT_PLUS(RC_Import_objectPublic); - result = TPM2B_PRIVATE_Unmarshal(&in->duplicate, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_Import_duplicate); - result = TPM2B_ENCRYPTED_SECRET_Unmarshal(&in->inSymSeed, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_Import_inSymSeed); - result = TPMT_SYM_DEF_OBJECT_Unmarshal(&in->symmetricAlg, paramBuffer, paramBufferSize, TRUE); - ERROR_IF_EXIT_PLUS(RC_Import_symmetricAlg); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_Import (in, out); - rSize = sizeof(Import_Out); - *respParmSize += TPM2B_PRIVATE_Marshal(&out->outPrivate, - responseBuffer, &rSize); -break; -} -#endif // CC_Import -#if CC_RSA_Encrypt -case TPM_CC_RSA_Encrypt: { - RSA_Encrypt_In *in = (RSA_Encrypt_In *) - MemoryGetInBuffer(sizeof(RSA_Encrypt_In)); - RSA_Encrypt_Out *out = (RSA_Encrypt_Out *) - MemoryGetOutBuffer(sizeof(RSA_Encrypt_Out)); - in->keyHandle = handles[0]; - result = TPM2B_PUBLIC_KEY_RSA_Unmarshal(&in->message, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_RSA_Encrypt_message); - result = TPMT_RSA_DECRYPT_Unmarshal(&in->inScheme, paramBuffer, paramBufferSize, TRUE); - ERROR_IF_EXIT_PLUS(RC_RSA_Encrypt_inScheme); - result = TPM2B_DATA_Unmarshal(&in->label, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_RSA_Encrypt_label); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_RSA_Encrypt (in, out); - rSize = sizeof(RSA_Encrypt_Out); - *respParmSize += TPM2B_PUBLIC_KEY_RSA_Marshal(&out->outData, - responseBuffer, &rSize); -break; -} -#endif // CC_RSA_Encrypt -#if CC_RSA_Decrypt -case TPM_CC_RSA_Decrypt: { - RSA_Decrypt_In *in = (RSA_Decrypt_In *) - MemoryGetInBuffer(sizeof(RSA_Decrypt_In)); - RSA_Decrypt_Out *out = (RSA_Decrypt_Out *) - MemoryGetOutBuffer(sizeof(RSA_Decrypt_Out)); - in->keyHandle = handles[0]; - result = TPM2B_PUBLIC_KEY_RSA_Unmarshal(&in->cipherText, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_RSA_Decrypt_cipherText); - result = TPMT_RSA_DECRYPT_Unmarshal(&in->inScheme, paramBuffer, paramBufferSize, TRUE); - ERROR_IF_EXIT_PLUS(RC_RSA_Decrypt_inScheme); - result = TPM2B_DATA_Unmarshal(&in->label, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_RSA_Decrypt_label); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_RSA_Decrypt (in, out); - rSize = sizeof(RSA_Decrypt_Out); - *respParmSize += TPM2B_PUBLIC_KEY_RSA_Marshal(&out->message, - responseBuffer, &rSize); -break; -} -#endif // CC_RSA_Decrypt -#if CC_ECDH_KeyGen -case TPM_CC_ECDH_KeyGen: { - ECDH_KeyGen_In *in = (ECDH_KeyGen_In *) - MemoryGetInBuffer(sizeof(ECDH_KeyGen_In)); - ECDH_KeyGen_Out *out = (ECDH_KeyGen_Out *) - MemoryGetOutBuffer(sizeof(ECDH_KeyGen_Out)); - in->keyHandle = handles[0]; - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_ECDH_KeyGen (in, out); - rSize = sizeof(ECDH_KeyGen_Out); - *respParmSize += TPM2B_ECC_POINT_Marshal(&out->zPoint, - responseBuffer, &rSize); - *respParmSize += TPM2B_ECC_POINT_Marshal(&out->pubPoint, - responseBuffer, &rSize); -break; -} -#endif // CC_ECDH_KeyGen -#if CC_ECDH_ZGen -case TPM_CC_ECDH_ZGen: { - ECDH_ZGen_In *in = (ECDH_ZGen_In *) - MemoryGetInBuffer(sizeof(ECDH_ZGen_In)); - ECDH_ZGen_Out *out = (ECDH_ZGen_Out *) - MemoryGetOutBuffer(sizeof(ECDH_ZGen_Out)); - in->keyHandle = handles[0]; - result = TPM2B_ECC_POINT_Unmarshal(&in->inPoint, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_ECDH_ZGen_inPoint); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_ECDH_ZGen (in, out); - rSize = sizeof(ECDH_ZGen_Out); - *respParmSize += TPM2B_ECC_POINT_Marshal(&out->outPoint, - responseBuffer, &rSize); -break; -} -#endif // CC_ECDH_ZGen -#if CC_ECC_Parameters -case TPM_CC_ECC_Parameters: { - ECC_Parameters_In *in = (ECC_Parameters_In *) - MemoryGetInBuffer(sizeof(ECC_Parameters_In)); - ECC_Parameters_Out *out = (ECC_Parameters_Out *) - MemoryGetOutBuffer(sizeof(ECC_Parameters_Out)); - result = TPMI_ECC_CURVE_Unmarshal(&in->curveID, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_ECC_Parameters_curveID); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_ECC_Parameters (in, out); - rSize = sizeof(ECC_Parameters_Out); - *respParmSize += TPMS_ALGORITHM_DETAIL_ECC_Marshal(&out->parameters, - responseBuffer, &rSize); -break; -} -#endif // CC_ECC_Parameters -#if CC_ZGen_2Phase -case TPM_CC_ZGen_2Phase: { - ZGen_2Phase_In *in = (ZGen_2Phase_In *) - MemoryGetInBuffer(sizeof(ZGen_2Phase_In)); - ZGen_2Phase_Out *out = (ZGen_2Phase_Out *) - MemoryGetOutBuffer(sizeof(ZGen_2Phase_Out)); - in->keyA = handles[0]; - result = TPM2B_ECC_POINT_Unmarshal(&in->inQsB, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_ZGen_2Phase_inQsB); - result = TPM2B_ECC_POINT_Unmarshal(&in->inQeB, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_ZGen_2Phase_inQeB); - result = TPMI_ECC_KEY_EXCHANGE_Unmarshal(&in->inScheme, paramBuffer, paramBufferSize, FALSE); - ERROR_IF_EXIT_PLUS(RC_ZGen_2Phase_inScheme); - result = UINT16_Unmarshal(&in->counter, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_ZGen_2Phase_counter); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_ZGen_2Phase (in, out); - rSize = sizeof(ZGen_2Phase_Out); - *respParmSize += TPM2B_ECC_POINT_Marshal(&out->outZ1, - responseBuffer, &rSize); - *respParmSize += TPM2B_ECC_POINT_Marshal(&out->outZ2, - responseBuffer, &rSize); -break; -} -#endif // CC_ZGen_2Phase -#if CC_EncryptDecrypt -case TPM_CC_EncryptDecrypt: { - EncryptDecrypt_In *in = (EncryptDecrypt_In *) - MemoryGetInBuffer(sizeof(EncryptDecrypt_In)); - EncryptDecrypt_Out *out = (EncryptDecrypt_Out *) - MemoryGetOutBuffer(sizeof(EncryptDecrypt_Out)); - in->keyHandle = handles[0]; - result = TPMI_YES_NO_Unmarshal(&in->decrypt, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_EncryptDecrypt_decrypt); - result = TPMI_ALG_CIPHER_MODE_Unmarshal(&in->mode, paramBuffer, paramBufferSize, TRUE); - ERROR_IF_EXIT_PLUS(RC_EncryptDecrypt_mode); - result = TPM2B_IV_Unmarshal(&in->ivIn, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_EncryptDecrypt_ivIn); - result = TPM2B_MAX_BUFFER_Unmarshal(&in->inData, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_EncryptDecrypt_inData); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_EncryptDecrypt (in, out); - rSize = sizeof(EncryptDecrypt_Out); - *respParmSize += TPM2B_MAX_BUFFER_Marshal(&out->outData, - responseBuffer, &rSize); - *respParmSize += TPM2B_IV_Marshal(&out->ivOut, - responseBuffer, &rSize); -break; -} -#endif // CC_EncryptDecrypt -#if CC_EncryptDecrypt2 -case TPM_CC_EncryptDecrypt2: { - EncryptDecrypt2_In *in = (EncryptDecrypt2_In *) - MemoryGetInBuffer(sizeof(EncryptDecrypt2_In)); - EncryptDecrypt2_Out *out = (EncryptDecrypt2_Out *) - MemoryGetOutBuffer(sizeof(EncryptDecrypt2_Out)); - in->keyHandle = handles[0]; - result = TPM2B_MAX_BUFFER_Unmarshal(&in->inData, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_EncryptDecrypt2_inData); - result = TPMI_YES_NO_Unmarshal(&in->decrypt, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_EncryptDecrypt2_decrypt); - result = TPMI_ALG_CIPHER_MODE_Unmarshal(&in->mode, paramBuffer, paramBufferSize, TRUE); - ERROR_IF_EXIT_PLUS(RC_EncryptDecrypt2_mode); - result = TPM2B_IV_Unmarshal(&in->ivIn, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_EncryptDecrypt2_ivIn); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_EncryptDecrypt2 (in, out); - rSize = sizeof(EncryptDecrypt2_Out); - *respParmSize += TPM2B_MAX_BUFFER_Marshal(&out->outData, - responseBuffer, &rSize); - *respParmSize += TPM2B_IV_Marshal(&out->ivOut, - responseBuffer, &rSize); -break; -} -#endif // CC_EncryptDecrypt2 -#if CC_Hash -case TPM_CC_Hash: { - Hash_In *in = (Hash_In *) - MemoryGetInBuffer(sizeof(Hash_In)); - Hash_Out *out = (Hash_Out *) - MemoryGetOutBuffer(sizeof(Hash_Out)); - result = TPM2B_MAX_BUFFER_Unmarshal(&in->data, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_Hash_data); - result = TPMI_ALG_HASH_Unmarshal(&in->hashAlg, paramBuffer, paramBufferSize, FALSE); - ERROR_IF_EXIT_PLUS(RC_Hash_hashAlg); - result = TPMI_RH_HIERARCHY_Unmarshal(&in->hierarchy, paramBuffer, paramBufferSize, TRUE); - ERROR_IF_EXIT_PLUS(RC_Hash_hierarchy); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_Hash (in, out); - rSize = sizeof(Hash_Out); - *respParmSize += TPM2B_DIGEST_Marshal(&out->outHash, - responseBuffer, &rSize); - *respParmSize += TPMT_TK_HASHCHECK_Marshal(&out->validation, - responseBuffer, &rSize); -break; -} -#endif // CC_Hash -#if CC_HMAC -case TPM_CC_HMAC: { - HMAC_In *in = (HMAC_In *) - MemoryGetInBuffer(sizeof(HMAC_In)); - HMAC_Out *out = (HMAC_Out *) - MemoryGetOutBuffer(sizeof(HMAC_Out)); - in->handle = handles[0]; - result = TPM2B_MAX_BUFFER_Unmarshal(&in->buffer, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_HMAC_buffer); - result = TPMI_ALG_HASH_Unmarshal(&in->hashAlg, paramBuffer, paramBufferSize, TRUE); - ERROR_IF_EXIT_PLUS(RC_HMAC_hashAlg); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_HMAC (in, out); - rSize = sizeof(HMAC_Out); - *respParmSize += TPM2B_DIGEST_Marshal(&out->outHMAC, - responseBuffer, &rSize); -break; -} -#endif // CC_HMAC -#if CC_MAC -case TPM_CC_MAC: { - MAC_In *in = (MAC_In *) - MemoryGetInBuffer(sizeof(MAC_In)); - MAC_Out *out = (MAC_Out *) - MemoryGetOutBuffer(sizeof(MAC_Out)); - in->handle = handles[0]; - result = TPM2B_MAX_BUFFER_Unmarshal(&in->buffer, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_MAC_buffer); - result = TPMI_ALG_MAC_SCHEME_Unmarshal(&in->inScheme, paramBuffer, paramBufferSize, TRUE); - ERROR_IF_EXIT_PLUS(RC_MAC_inScheme); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_MAC (in, out); - rSize = sizeof(MAC_Out); - *respParmSize += TPM2B_DIGEST_Marshal(&out->outMAC, - responseBuffer, &rSize); -break; -} -#endif // CC_MAC -#if CC_GetRandom -case TPM_CC_GetRandom: { - GetRandom_In *in = (GetRandom_In *) - MemoryGetInBuffer(sizeof(GetRandom_In)); - GetRandom_Out *out = (GetRandom_Out *) - MemoryGetOutBuffer(sizeof(GetRandom_Out)); - result = UINT16_Unmarshal(&in->bytesRequested, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_GetRandom_bytesRequested); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_GetRandom (in, out); - rSize = sizeof(GetRandom_Out); - *respParmSize += TPM2B_DIGEST_Marshal(&out->randomBytes, - responseBuffer, &rSize); -break; -} -#endif // CC_GetRandom -#if CC_StirRandom -case TPM_CC_StirRandom: { - StirRandom_In *in = (StirRandom_In *) - MemoryGetInBuffer(sizeof(StirRandom_In)); - result = TPM2B_SENSITIVE_DATA_Unmarshal(&in->inData, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_StirRandom_inData); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_StirRandom (in); -break; -} -#endif // CC_StirRandom -#if CC_HMAC_Start -case TPM_CC_HMAC_Start: { - HMAC_Start_In *in = (HMAC_Start_In *) - MemoryGetInBuffer(sizeof(HMAC_Start_In)); - HMAC_Start_Out *out = (HMAC_Start_Out *) - MemoryGetOutBuffer(sizeof(HMAC_Start_Out)); - in->handle = handles[0]; - result = TPM2B_AUTH_Unmarshal(&in->auth, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_HMAC_Start_auth); - result = TPMI_ALG_HASH_Unmarshal(&in->hashAlg, paramBuffer, paramBufferSize, TRUE); - ERROR_IF_EXIT_PLUS(RC_HMAC_Start_hashAlg); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_HMAC_Start (in, out); - rSize = sizeof(HMAC_Start_Out); - if(TPM_RC_SUCCESS != result) goto Exit; -; command->handles[command->handleNum++] = out->sequenceHandle; -break; -} -#endif // CC_HMAC_Start -#if CC_MAC_Start -case TPM_CC_MAC_Start: { - MAC_Start_In *in = (MAC_Start_In *) - MemoryGetInBuffer(sizeof(MAC_Start_In)); - MAC_Start_Out *out = (MAC_Start_Out *) - MemoryGetOutBuffer(sizeof(MAC_Start_Out)); - in->handle = handles[0]; - result = TPM2B_AUTH_Unmarshal(&in->auth, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_MAC_Start_auth); - result = TPMI_ALG_MAC_SCHEME_Unmarshal(&in->inScheme, paramBuffer, paramBufferSize, TRUE); - ERROR_IF_EXIT_PLUS(RC_MAC_Start_inScheme); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_MAC_Start (in, out); - rSize = sizeof(MAC_Start_Out); - if(TPM_RC_SUCCESS != result) goto Exit; -; command->handles[command->handleNum++] = out->sequenceHandle; -break; -} -#endif // CC_MAC_Start -#if CC_HashSequenceStart -case TPM_CC_HashSequenceStart: { - HashSequenceStart_In *in = (HashSequenceStart_In *) - MemoryGetInBuffer(sizeof(HashSequenceStart_In)); - HashSequenceStart_Out *out = (HashSequenceStart_Out *) - MemoryGetOutBuffer(sizeof(HashSequenceStart_Out)); - result = TPM2B_AUTH_Unmarshal(&in->auth, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_HashSequenceStart_auth); - result = TPMI_ALG_HASH_Unmarshal(&in->hashAlg, paramBuffer, paramBufferSize, TRUE); - ERROR_IF_EXIT_PLUS(RC_HashSequenceStart_hashAlg); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_HashSequenceStart (in, out); - rSize = sizeof(HashSequenceStart_Out); - if(TPM_RC_SUCCESS != result) goto Exit; -; command->handles[command->handleNum++] = out->sequenceHandle; -break; -} -#endif // CC_HashSequenceStart -#if CC_SequenceUpdate -case TPM_CC_SequenceUpdate: { - SequenceUpdate_In *in = (SequenceUpdate_In *) - MemoryGetInBuffer(sizeof(SequenceUpdate_In)); - in->sequenceHandle = handles[0]; - result = TPM2B_MAX_BUFFER_Unmarshal(&in->buffer, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_SequenceUpdate_buffer); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_SequenceUpdate (in); -break; -} -#endif // CC_SequenceUpdate -#if CC_SequenceComplete -case TPM_CC_SequenceComplete: { - SequenceComplete_In *in = (SequenceComplete_In *) - MemoryGetInBuffer(sizeof(SequenceComplete_In)); - SequenceComplete_Out *out = (SequenceComplete_Out *) - MemoryGetOutBuffer(sizeof(SequenceComplete_Out)); - in->sequenceHandle = handles[0]; - result = TPM2B_MAX_BUFFER_Unmarshal(&in->buffer, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_SequenceComplete_buffer); - result = TPMI_RH_HIERARCHY_Unmarshal(&in->hierarchy, paramBuffer, paramBufferSize, TRUE); - ERROR_IF_EXIT_PLUS(RC_SequenceComplete_hierarchy); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_SequenceComplete (in, out); - rSize = sizeof(SequenceComplete_Out); - *respParmSize += TPM2B_DIGEST_Marshal(&out->result, - responseBuffer, &rSize); - *respParmSize += TPMT_TK_HASHCHECK_Marshal(&out->validation, - responseBuffer, &rSize); -break; -} -#endif // CC_SequenceComplete -#if CC_EventSequenceComplete -case TPM_CC_EventSequenceComplete: { - EventSequenceComplete_In *in = (EventSequenceComplete_In *) - MemoryGetInBuffer(sizeof(EventSequenceComplete_In)); - EventSequenceComplete_Out *out = (EventSequenceComplete_Out *) - MemoryGetOutBuffer(sizeof(EventSequenceComplete_Out)); - in->pcrHandle = handles[0]; - in->sequenceHandle = handles[1]; - result = TPM2B_MAX_BUFFER_Unmarshal(&in->buffer, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_EventSequenceComplete_buffer); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_EventSequenceComplete (in, out); - rSize = sizeof(EventSequenceComplete_Out); - *respParmSize += TPML_DIGEST_VALUES_Marshal(&out->results, - responseBuffer, &rSize); -break; -} -#endif // CC_EventSequenceComplete -#if CC_Certify -case TPM_CC_Certify: { - Certify_In *in = (Certify_In *) - MemoryGetInBuffer(sizeof(Certify_In)); - Certify_Out *out = (Certify_Out *) - MemoryGetOutBuffer(sizeof(Certify_Out)); - in->objectHandle = handles[0]; - in->signHandle = handles[1]; - result = TPM2B_DATA_Unmarshal(&in->qualifyingData, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_Certify_qualifyingData); - result = TPMT_SIG_SCHEME_Unmarshal(&in->inScheme, paramBuffer, paramBufferSize, TRUE); - ERROR_IF_EXIT_PLUS(RC_Certify_inScheme); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_Certify (in, out); - rSize = sizeof(Certify_Out); - *respParmSize += TPM2B_ATTEST_Marshal(&out->certifyInfo, - responseBuffer, &rSize); - *respParmSize += TPMT_SIGNATURE_Marshal(&out->signature, - responseBuffer, &rSize); -break; -} -#endif // CC_Certify -#if CC_CertifyCreation -case TPM_CC_CertifyCreation: { - CertifyCreation_In *in = (CertifyCreation_In *) - MemoryGetInBuffer(sizeof(CertifyCreation_In)); - CertifyCreation_Out *out = (CertifyCreation_Out *) - MemoryGetOutBuffer(sizeof(CertifyCreation_Out)); - in->signHandle = handles[0]; - in->objectHandle = handles[1]; - result = TPM2B_DATA_Unmarshal(&in->qualifyingData, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_CertifyCreation_qualifyingData); - result = TPM2B_DIGEST_Unmarshal(&in->creationHash, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_CertifyCreation_creationHash); - result = TPMT_SIG_SCHEME_Unmarshal(&in->inScheme, paramBuffer, paramBufferSize, TRUE); - ERROR_IF_EXIT_PLUS(RC_CertifyCreation_inScheme); - result = TPMT_TK_CREATION_Unmarshal(&in->creationTicket, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_CertifyCreation_creationTicket); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_CertifyCreation (in, out); - rSize = sizeof(CertifyCreation_Out); - *respParmSize += TPM2B_ATTEST_Marshal(&out->certifyInfo, - responseBuffer, &rSize); - *respParmSize += TPMT_SIGNATURE_Marshal(&out->signature, - responseBuffer, &rSize); -break; -} -#endif // CC_CertifyCreation -#if CC_Quote -case TPM_CC_Quote: { - Quote_In *in = (Quote_In *) - MemoryGetInBuffer(sizeof(Quote_In)); - Quote_Out *out = (Quote_Out *) - MemoryGetOutBuffer(sizeof(Quote_Out)); - in->signHandle = handles[0]; - result = TPM2B_DATA_Unmarshal(&in->qualifyingData, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_Quote_qualifyingData); - result = TPMT_SIG_SCHEME_Unmarshal(&in->inScheme, paramBuffer, paramBufferSize, TRUE); - ERROR_IF_EXIT_PLUS(RC_Quote_inScheme); - result = TPML_PCR_SELECTION_Unmarshal(&in->PCRselect, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_Quote_PCRselect); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_Quote (in, out); - rSize = sizeof(Quote_Out); - *respParmSize += TPM2B_ATTEST_Marshal(&out->quoted, - responseBuffer, &rSize); - *respParmSize += TPMT_SIGNATURE_Marshal(&out->signature, - responseBuffer, &rSize); -break; -} -#endif // CC_Quote -#if CC_GetSessionAuditDigest -case TPM_CC_GetSessionAuditDigest: { - GetSessionAuditDigest_In *in = (GetSessionAuditDigest_In *) - MemoryGetInBuffer(sizeof(GetSessionAuditDigest_In)); - GetSessionAuditDigest_Out *out = (GetSessionAuditDigest_Out *) - MemoryGetOutBuffer(sizeof(GetSessionAuditDigest_Out)); - in->privacyAdminHandle = handles[0]; - in->signHandle = handles[1]; - in->sessionHandle = handles[2]; - result = TPM2B_DATA_Unmarshal(&in->qualifyingData, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_GetSessionAuditDigest_qualifyingData); - result = TPMT_SIG_SCHEME_Unmarshal(&in->inScheme, paramBuffer, paramBufferSize, TRUE); - ERROR_IF_EXIT_PLUS(RC_GetSessionAuditDigest_inScheme); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_GetSessionAuditDigest (in, out); - rSize = sizeof(GetSessionAuditDigest_Out); - *respParmSize += TPM2B_ATTEST_Marshal(&out->auditInfo, - responseBuffer, &rSize); - *respParmSize += TPMT_SIGNATURE_Marshal(&out->signature, - responseBuffer, &rSize); -break; -} -#endif // CC_GetSessionAuditDigest -#if CC_GetCommandAuditDigest -case TPM_CC_GetCommandAuditDigest: { - GetCommandAuditDigest_In *in = (GetCommandAuditDigest_In *) - MemoryGetInBuffer(sizeof(GetCommandAuditDigest_In)); - GetCommandAuditDigest_Out *out = (GetCommandAuditDigest_Out *) - MemoryGetOutBuffer(sizeof(GetCommandAuditDigest_Out)); - in->privacyHandle = handles[0]; - in->signHandle = handles[1]; - result = TPM2B_DATA_Unmarshal(&in->qualifyingData, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_GetCommandAuditDigest_qualifyingData); - result = TPMT_SIG_SCHEME_Unmarshal(&in->inScheme, paramBuffer, paramBufferSize, TRUE); - ERROR_IF_EXIT_PLUS(RC_GetCommandAuditDigest_inScheme); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_GetCommandAuditDigest (in, out); - rSize = sizeof(GetCommandAuditDigest_Out); - *respParmSize += TPM2B_ATTEST_Marshal(&out->auditInfo, - responseBuffer, &rSize); - *respParmSize += TPMT_SIGNATURE_Marshal(&out->signature, - responseBuffer, &rSize); -break; -} -#endif // CC_GetCommandAuditDigest -#if CC_GetTime -case TPM_CC_GetTime: { - GetTime_In *in = (GetTime_In *) - MemoryGetInBuffer(sizeof(GetTime_In)); - GetTime_Out *out = (GetTime_Out *) - MemoryGetOutBuffer(sizeof(GetTime_Out)); - in->privacyAdminHandle = handles[0]; - in->signHandle = handles[1]; - result = TPM2B_DATA_Unmarshal(&in->qualifyingData, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_GetTime_qualifyingData); - result = TPMT_SIG_SCHEME_Unmarshal(&in->inScheme, paramBuffer, paramBufferSize, TRUE); - ERROR_IF_EXIT_PLUS(RC_GetTime_inScheme); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_GetTime (in, out); - rSize = sizeof(GetTime_Out); - *respParmSize += TPM2B_ATTEST_Marshal(&out->timeInfo, - responseBuffer, &rSize); - *respParmSize += TPMT_SIGNATURE_Marshal(&out->signature, - responseBuffer, &rSize); -break; -} -#endif // CC_GetTime -#if CC_CertifyX509 -case TPM_CC_CertifyX509: { - CertifyX509_In *in = (CertifyX509_In *) - MemoryGetInBuffer(sizeof(CertifyX509_In)); - CertifyX509_Out *out = (CertifyX509_Out *) - MemoryGetOutBuffer(sizeof(CertifyX509_Out)); - in->objectHandle = handles[0]; - in->signHandle = handles[1]; - result = TPM2B_DATA_Unmarshal(&in->qualifyingData, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_CertifyX509_qualifyingData); - result = TPMT_SIG_SCHEME_Unmarshal(&in->inScheme, paramBuffer, paramBufferSize, TRUE); - ERROR_IF_EXIT_PLUS(RC_CertifyX509_inScheme); - result = TPM2B_MAX_BUFFER_Unmarshal(&in->partialCertificate, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_CertifyX509_partialCertificate); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_CertifyX509 (in, out); - rSize = sizeof(CertifyX509_Out); - *respParmSize += TPM2B_MAX_BUFFER_Marshal(&out->addedToCertificate, - responseBuffer, &rSize); - *respParmSize += TPM2B_DIGEST_Marshal(&out->tbsDigest, - responseBuffer, &rSize); - *respParmSize += TPMT_SIGNATURE_Marshal(&out->signature, - responseBuffer, &rSize); -break; -} -#endif // CC_CertifyX509 -#if CC_Commit -case TPM_CC_Commit: { - Commit_In *in = (Commit_In *) - MemoryGetInBuffer(sizeof(Commit_In)); - Commit_Out *out = (Commit_Out *) - MemoryGetOutBuffer(sizeof(Commit_Out)); - in->signHandle = handles[0]; - result = TPM2B_ECC_POINT_Unmarshal(&in->P1, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_Commit_P1); - result = TPM2B_SENSITIVE_DATA_Unmarshal(&in->s2, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_Commit_s2); - result = TPM2B_ECC_PARAMETER_Unmarshal(&in->y2, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_Commit_y2); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_Commit (in, out); - rSize = sizeof(Commit_Out); - *respParmSize += TPM2B_ECC_POINT_Marshal(&out->K, - responseBuffer, &rSize); - *respParmSize += TPM2B_ECC_POINT_Marshal(&out->L, - responseBuffer, &rSize); - *respParmSize += TPM2B_ECC_POINT_Marshal(&out->E, - responseBuffer, &rSize); - *respParmSize += UINT16_Marshal(&out->counter, - responseBuffer, &rSize); -break; -} -#endif // CC_Commit -#if CC_EC_Ephemeral -case TPM_CC_EC_Ephemeral: { - EC_Ephemeral_In *in = (EC_Ephemeral_In *) - MemoryGetInBuffer(sizeof(EC_Ephemeral_In)); - EC_Ephemeral_Out *out = (EC_Ephemeral_Out *) - MemoryGetOutBuffer(sizeof(EC_Ephemeral_Out)); - result = TPMI_ECC_CURVE_Unmarshal(&in->curveID, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_EC_Ephemeral_curveID); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_EC_Ephemeral (in, out); - rSize = sizeof(EC_Ephemeral_Out); - *respParmSize += TPM2B_ECC_POINT_Marshal(&out->Q, - responseBuffer, &rSize); - *respParmSize += UINT16_Marshal(&out->counter, - responseBuffer, &rSize); -break; -} -#endif // CC_EC_Ephemeral -#if CC_VerifySignature -case TPM_CC_VerifySignature: { - VerifySignature_In *in = (VerifySignature_In *) - MemoryGetInBuffer(sizeof(VerifySignature_In)); - VerifySignature_Out *out = (VerifySignature_Out *) - MemoryGetOutBuffer(sizeof(VerifySignature_Out)); - in->keyHandle = handles[0]; - result = TPM2B_DIGEST_Unmarshal(&in->digest, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_VerifySignature_digest); - result = TPMT_SIGNATURE_Unmarshal(&in->signature, paramBuffer, paramBufferSize, FALSE); - ERROR_IF_EXIT_PLUS(RC_VerifySignature_signature); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_VerifySignature (in, out); - rSize = sizeof(VerifySignature_Out); - *respParmSize += TPMT_TK_VERIFIED_Marshal(&out->validation, - responseBuffer, &rSize); -break; -} -#endif // CC_VerifySignature -#if CC_Sign -case TPM_CC_Sign: { - Sign_In *in = (Sign_In *) - MemoryGetInBuffer(sizeof(Sign_In)); - Sign_Out *out = (Sign_Out *) - MemoryGetOutBuffer(sizeof(Sign_Out)); - in->keyHandle = handles[0]; - result = TPM2B_DIGEST_Unmarshal(&in->digest, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_Sign_digest); - result = TPMT_SIG_SCHEME_Unmarshal(&in->inScheme, paramBuffer, paramBufferSize, TRUE); - ERROR_IF_EXIT_PLUS(RC_Sign_inScheme); - result = TPMT_TK_HASHCHECK_Unmarshal(&in->validation, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_Sign_validation); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_Sign (in, out); - rSize = sizeof(Sign_Out); - *respParmSize += TPMT_SIGNATURE_Marshal(&out->signature, - responseBuffer, &rSize); -break; -} -#endif // CC_Sign -#if CC_SetCommandCodeAuditStatus -case TPM_CC_SetCommandCodeAuditStatus: { - SetCommandCodeAuditStatus_In *in = (SetCommandCodeAuditStatus_In *) - MemoryGetInBuffer(sizeof(SetCommandCodeAuditStatus_In)); - in->auth = handles[0]; - result = TPMI_ALG_HASH_Unmarshal(&in->auditAlg, paramBuffer, paramBufferSize, TRUE); - ERROR_IF_EXIT_PLUS(RC_SetCommandCodeAuditStatus_auditAlg); - result = TPML_CC_Unmarshal(&in->setList, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_SetCommandCodeAuditStatus_setList); - result = TPML_CC_Unmarshal(&in->clearList, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_SetCommandCodeAuditStatus_clearList); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_SetCommandCodeAuditStatus (in); -break; -} -#endif // CC_SetCommandCodeAuditStatus -#if CC_PCR_Extend -case TPM_CC_PCR_Extend: { - PCR_Extend_In *in = (PCR_Extend_In *) - MemoryGetInBuffer(sizeof(PCR_Extend_In)); - in->pcrHandle = handles[0]; - result = TPML_DIGEST_VALUES_Unmarshal(&in->digests, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_PCR_Extend_digests); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_PCR_Extend (in); -break; -} -#endif // CC_PCR_Extend -#if CC_PCR_Event -case TPM_CC_PCR_Event: { - PCR_Event_In *in = (PCR_Event_In *) - MemoryGetInBuffer(sizeof(PCR_Event_In)); - PCR_Event_Out *out = (PCR_Event_Out *) - MemoryGetOutBuffer(sizeof(PCR_Event_Out)); - in->pcrHandle = handles[0]; - result = TPM2B_EVENT_Unmarshal(&in->eventData, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_PCR_Event_eventData); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_PCR_Event (in, out); - rSize = sizeof(PCR_Event_Out); - *respParmSize += TPML_DIGEST_VALUES_Marshal(&out->digests, - responseBuffer, &rSize); -break; -} -#endif // CC_PCR_Event -#if CC_PCR_Read -case TPM_CC_PCR_Read: { - PCR_Read_In *in = (PCR_Read_In *) - MemoryGetInBuffer(sizeof(PCR_Read_In)); - PCR_Read_Out *out = (PCR_Read_Out *) - MemoryGetOutBuffer(sizeof(PCR_Read_Out)); - result = TPML_PCR_SELECTION_Unmarshal(&in->pcrSelectionIn, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_PCR_Read_pcrSelectionIn); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_PCR_Read (in, out); - rSize = sizeof(PCR_Read_Out); - *respParmSize += UINT32_Marshal(&out->pcrUpdateCounter, - responseBuffer, &rSize); - *respParmSize += TPML_PCR_SELECTION_Marshal(&out->pcrSelectionOut, - responseBuffer, &rSize); - *respParmSize += TPML_DIGEST_Marshal(&out->pcrValues, - responseBuffer, &rSize); -break; -} -#endif // CC_PCR_Read -#if CC_PCR_Allocate -case TPM_CC_PCR_Allocate: { - PCR_Allocate_In *in = (PCR_Allocate_In *) - MemoryGetInBuffer(sizeof(PCR_Allocate_In)); - PCR_Allocate_Out *out = (PCR_Allocate_Out *) - MemoryGetOutBuffer(sizeof(PCR_Allocate_Out)); - in->authHandle = handles[0]; - result = TPML_PCR_SELECTION_Unmarshal(&in->pcrAllocation, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_PCR_Allocate_pcrAllocation); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_PCR_Allocate (in, out); - rSize = sizeof(PCR_Allocate_Out); - *respParmSize += TPMI_YES_NO_Marshal(&out->allocationSuccess, - responseBuffer, &rSize); - *respParmSize += UINT32_Marshal(&out->maxPCR, - responseBuffer, &rSize); - *respParmSize += UINT32_Marshal(&out->sizeNeeded, - responseBuffer, &rSize); - *respParmSize += UINT32_Marshal(&out->sizeAvailable, - responseBuffer, &rSize); -break; -} -#endif // CC_PCR_Allocate -#if CC_PCR_SetAuthPolicy -case TPM_CC_PCR_SetAuthPolicy: { - PCR_SetAuthPolicy_In *in = (PCR_SetAuthPolicy_In *) - MemoryGetInBuffer(sizeof(PCR_SetAuthPolicy_In)); - in->authHandle = handles[0]; - result = TPM2B_DIGEST_Unmarshal(&in->authPolicy, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_PCR_SetAuthPolicy_authPolicy); - result = TPMI_ALG_HASH_Unmarshal(&in->hashAlg, paramBuffer, paramBufferSize, TRUE); - ERROR_IF_EXIT_PLUS(RC_PCR_SetAuthPolicy_hashAlg); - result = TPMI_DH_PCR_Unmarshal(&in->pcrNum, paramBuffer, paramBufferSize, FALSE); - ERROR_IF_EXIT_PLUS(RC_PCR_SetAuthPolicy_pcrNum); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_PCR_SetAuthPolicy (in); -break; -} -#endif // CC_PCR_SetAuthPolicy -#if CC_PCR_SetAuthValue -case TPM_CC_PCR_SetAuthValue: { - PCR_SetAuthValue_In *in = (PCR_SetAuthValue_In *) - MemoryGetInBuffer(sizeof(PCR_SetAuthValue_In)); - in->pcrHandle = handles[0]; - result = TPM2B_DIGEST_Unmarshal(&in->auth, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_PCR_SetAuthValue_auth); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_PCR_SetAuthValue (in); -break; -} -#endif // CC_PCR_SetAuthValue -#if CC_PCR_Reset -case TPM_CC_PCR_Reset: { - PCR_Reset_In *in = (PCR_Reset_In *) - MemoryGetInBuffer(sizeof(PCR_Reset_In)); - in->pcrHandle = handles[0]; - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_PCR_Reset (in); -break; -} -#endif // CC_PCR_Reset -#if CC_PolicySigned -case TPM_CC_PolicySigned: { - PolicySigned_In *in = (PolicySigned_In *) - MemoryGetInBuffer(sizeof(PolicySigned_In)); - PolicySigned_Out *out = (PolicySigned_Out *) - MemoryGetOutBuffer(sizeof(PolicySigned_Out)); - in->authObject = handles[0]; - in->policySession = handles[1]; - result = TPM2B_NONCE_Unmarshal(&in->nonceTPM, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_PolicySigned_nonceTPM); - result = TPM2B_DIGEST_Unmarshal(&in->cpHashA, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_PolicySigned_cpHashA); - result = TPM2B_NONCE_Unmarshal(&in->policyRef, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_PolicySigned_policyRef); - result = INT32_Unmarshal(&in->expiration, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_PolicySigned_expiration); - result = TPMT_SIGNATURE_Unmarshal(&in->auth, paramBuffer, paramBufferSize, FALSE); - ERROR_IF_EXIT_PLUS(RC_PolicySigned_auth); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_PolicySigned (in, out); - rSize = sizeof(PolicySigned_Out); - *respParmSize += TPM2B_TIMEOUT_Marshal(&out->timeout, - responseBuffer, &rSize); - *respParmSize += TPMT_TK_AUTH_Marshal(&out->policyTicket, - responseBuffer, &rSize); -break; -} -#endif // CC_PolicySigned -#if CC_PolicySecret -case TPM_CC_PolicySecret: { - PolicySecret_In *in = (PolicySecret_In *) - MemoryGetInBuffer(sizeof(PolicySecret_In)); - PolicySecret_Out *out = (PolicySecret_Out *) - MemoryGetOutBuffer(sizeof(PolicySecret_Out)); - in->authHandle = handles[0]; - in->policySession = handles[1]; - result = TPM2B_NONCE_Unmarshal(&in->nonceTPM, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_PolicySecret_nonceTPM); - result = TPM2B_DIGEST_Unmarshal(&in->cpHashA, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_PolicySecret_cpHashA); - result = TPM2B_NONCE_Unmarshal(&in->policyRef, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_PolicySecret_policyRef); - result = INT32_Unmarshal(&in->expiration, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_PolicySecret_expiration); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_PolicySecret (in, out); - rSize = sizeof(PolicySecret_Out); - *respParmSize += TPM2B_TIMEOUT_Marshal(&out->timeout, - responseBuffer, &rSize); - *respParmSize += TPMT_TK_AUTH_Marshal(&out->policyTicket, - responseBuffer, &rSize); -break; -} -#endif // CC_PolicySecret -#if CC_PolicyTicket -case TPM_CC_PolicyTicket: { - PolicyTicket_In *in = (PolicyTicket_In *) - MemoryGetInBuffer(sizeof(PolicyTicket_In)); - in->policySession = handles[0]; - result = TPM2B_TIMEOUT_Unmarshal(&in->timeout, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_PolicyTicket_timeout); - result = TPM2B_DIGEST_Unmarshal(&in->cpHashA, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_PolicyTicket_cpHashA); - result = TPM2B_NONCE_Unmarshal(&in->policyRef, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_PolicyTicket_policyRef); - result = TPM2B_NAME_Unmarshal(&in->authName, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_PolicyTicket_authName); - result = TPMT_TK_AUTH_Unmarshal(&in->ticket, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_PolicyTicket_ticket); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_PolicyTicket (in); -break; -} -#endif // CC_PolicyTicket -#if CC_PolicyOR -case TPM_CC_PolicyOR: { - PolicyOR_In *in = (PolicyOR_In *) - MemoryGetInBuffer(sizeof(PolicyOR_In)); - in->policySession = handles[0]; - result = TPML_DIGEST_Unmarshal(&in->pHashList, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_PolicyOR_pHashList); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_PolicyOR (in); -break; -} -#endif // CC_PolicyOR -#if CC_PolicyPCR -case TPM_CC_PolicyPCR: { - PolicyPCR_In *in = (PolicyPCR_In *) - MemoryGetInBuffer(sizeof(PolicyPCR_In)); - in->policySession = handles[0]; - result = TPM2B_DIGEST_Unmarshal(&in->pcrDigest, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_PolicyPCR_pcrDigest); - result = TPML_PCR_SELECTION_Unmarshal(&in->pcrs, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_PolicyPCR_pcrs); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_PolicyPCR (in); -break; -} -#endif // CC_PolicyPCR -#if CC_PolicyLocality -case TPM_CC_PolicyLocality: { - PolicyLocality_In *in = (PolicyLocality_In *) - MemoryGetInBuffer(sizeof(PolicyLocality_In)); - in->policySession = handles[0]; - result = TPMA_LOCALITY_Unmarshal(&in->locality, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_PolicyLocality_locality); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_PolicyLocality (in); -break; -} -#endif // CC_PolicyLocality -#if CC_PolicyNV -case TPM_CC_PolicyNV: { - PolicyNV_In *in = (PolicyNV_In *) - MemoryGetInBuffer(sizeof(PolicyNV_In)); - in->authHandle = handles[0]; - in->nvIndex = handles[1]; - in->policySession = handles[2]; - result = TPM2B_OPERAND_Unmarshal(&in->operandB, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_PolicyNV_operandB); - result = UINT16_Unmarshal(&in->offset, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_PolicyNV_offset); - result = TPM_EO_Unmarshal(&in->operation, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_PolicyNV_operation); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_PolicyNV (in); -break; -} -#endif // CC_PolicyNV -#if CC_PolicyCounterTimer -case TPM_CC_PolicyCounterTimer: { - PolicyCounterTimer_In *in = (PolicyCounterTimer_In *) - MemoryGetInBuffer(sizeof(PolicyCounterTimer_In)); - in->policySession = handles[0]; - result = TPM2B_OPERAND_Unmarshal(&in->operandB, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_PolicyCounterTimer_operandB); - result = UINT16_Unmarshal(&in->offset, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_PolicyCounterTimer_offset); - result = TPM_EO_Unmarshal(&in->operation, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_PolicyCounterTimer_operation); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_PolicyCounterTimer (in); -break; -} -#endif // CC_PolicyCounterTimer -#if CC_PolicyCommandCode -case TPM_CC_PolicyCommandCode: { - PolicyCommandCode_In *in = (PolicyCommandCode_In *) - MemoryGetInBuffer(sizeof(PolicyCommandCode_In)); - in->policySession = handles[0]; - result = TPM_CC_Unmarshal(&in->code, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_PolicyCommandCode_code); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_PolicyCommandCode (in); -break; -} -#endif // CC_PolicyCommandCode -#if CC_PolicyPhysicalPresence -case TPM_CC_PolicyPhysicalPresence: { - PolicyPhysicalPresence_In *in = (PolicyPhysicalPresence_In *) - MemoryGetInBuffer(sizeof(PolicyPhysicalPresence_In)); - in->policySession = handles[0]; - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_PolicyPhysicalPresence (in); -break; -} -#endif // CC_PolicyPhysicalPresence -#if CC_PolicyCpHash -case TPM_CC_PolicyCpHash: { - PolicyCpHash_In *in = (PolicyCpHash_In *) - MemoryGetInBuffer(sizeof(PolicyCpHash_In)); - in->policySession = handles[0]; - result = TPM2B_DIGEST_Unmarshal(&in->cpHashA, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_PolicyCpHash_cpHashA); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_PolicyCpHash (in); -break; -} -#endif // CC_PolicyCpHash -#if CC_PolicyNameHash -case TPM_CC_PolicyNameHash: { - PolicyNameHash_In *in = (PolicyNameHash_In *) - MemoryGetInBuffer(sizeof(PolicyNameHash_In)); - in->policySession = handles[0]; - result = TPM2B_DIGEST_Unmarshal(&in->nameHash, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_PolicyNameHash_nameHash); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_PolicyNameHash (in); -break; -} -#endif // CC_PolicyNameHash -#if CC_PolicyDuplicationSelect -case TPM_CC_PolicyDuplicationSelect: { - PolicyDuplicationSelect_In *in = (PolicyDuplicationSelect_In *) - MemoryGetInBuffer(sizeof(PolicyDuplicationSelect_In)); - in->policySession = handles[0]; - result = TPM2B_NAME_Unmarshal(&in->objectName, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_PolicyDuplicationSelect_objectName); - result = TPM2B_NAME_Unmarshal(&in->newParentName, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_PolicyDuplicationSelect_newParentName); - result = TPMI_YES_NO_Unmarshal(&in->includeObject, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_PolicyDuplicationSelect_includeObject); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_PolicyDuplicationSelect (in); -break; -} -#endif // CC_PolicyDuplicationSelect -#if CC_PolicyAuthorize -case TPM_CC_PolicyAuthorize: { - PolicyAuthorize_In *in = (PolicyAuthorize_In *) - MemoryGetInBuffer(sizeof(PolicyAuthorize_In)); - in->policySession = handles[0]; - result = TPM2B_DIGEST_Unmarshal(&in->approvedPolicy, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_PolicyAuthorize_approvedPolicy); - result = TPM2B_NONCE_Unmarshal(&in->policyRef, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_PolicyAuthorize_policyRef); - result = TPM2B_NAME_Unmarshal(&in->keySign, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_PolicyAuthorize_keySign); - result = TPMT_TK_VERIFIED_Unmarshal(&in->checkTicket, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_PolicyAuthorize_checkTicket); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_PolicyAuthorize (in); -break; -} -#endif // CC_PolicyAuthorize -#if CC_PolicyAuthValue -case TPM_CC_PolicyAuthValue: { - PolicyAuthValue_In *in = (PolicyAuthValue_In *) - MemoryGetInBuffer(sizeof(PolicyAuthValue_In)); - in->policySession = handles[0]; - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_PolicyAuthValue (in); -break; -} -#endif // CC_PolicyAuthValue -#if CC_PolicyPassword -case TPM_CC_PolicyPassword: { - PolicyPassword_In *in = (PolicyPassword_In *) - MemoryGetInBuffer(sizeof(PolicyPassword_In)); - in->policySession = handles[0]; - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_PolicyPassword (in); -break; -} -#endif // CC_PolicyPassword -#if CC_PolicyGetDigest -case TPM_CC_PolicyGetDigest: { - PolicyGetDigest_In *in = (PolicyGetDigest_In *) - MemoryGetInBuffer(sizeof(PolicyGetDigest_In)); - PolicyGetDigest_Out *out = (PolicyGetDigest_Out *) - MemoryGetOutBuffer(sizeof(PolicyGetDigest_Out)); - in->policySession = handles[0]; - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_PolicyGetDigest (in, out); - rSize = sizeof(PolicyGetDigest_Out); - *respParmSize += TPM2B_DIGEST_Marshal(&out->policyDigest, - responseBuffer, &rSize); -break; -} -#endif // CC_PolicyGetDigest -#if CC_PolicyNvWritten -case TPM_CC_PolicyNvWritten: { - PolicyNvWritten_In *in = (PolicyNvWritten_In *) - MemoryGetInBuffer(sizeof(PolicyNvWritten_In)); - in->policySession = handles[0]; - result = TPMI_YES_NO_Unmarshal(&in->writtenSet, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_PolicyNvWritten_writtenSet); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_PolicyNvWritten (in); -break; -} -#endif // CC_PolicyNvWritten -#if CC_PolicyTemplate -case TPM_CC_PolicyTemplate: { - PolicyTemplate_In *in = (PolicyTemplate_In *) - MemoryGetInBuffer(sizeof(PolicyTemplate_In)); - in->policySession = handles[0]; - result = TPM2B_DIGEST_Unmarshal(&in->templateHash, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_PolicyTemplate_templateHash); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_PolicyTemplate (in); -break; -} -#endif // CC_PolicyTemplate -#if CC_PolicyAuthorizeNV -case TPM_CC_PolicyAuthorizeNV: { - PolicyAuthorizeNV_In *in = (PolicyAuthorizeNV_In *) - MemoryGetInBuffer(sizeof(PolicyAuthorizeNV_In)); - in->authHandle = handles[0]; - in->nvIndex = handles[1]; - in->policySession = handles[2]; - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_PolicyAuthorizeNV (in); -break; -} -#endif // CC_PolicyAuthorizeNV -#if CC_CreatePrimary -case TPM_CC_CreatePrimary: { - CreatePrimary_In *in = (CreatePrimary_In *) - MemoryGetInBuffer(sizeof(CreatePrimary_In)); - CreatePrimary_Out *out = (CreatePrimary_Out *) - MemoryGetOutBuffer(sizeof(CreatePrimary_Out)); - in->primaryHandle = handles[0]; - result = TPM2B_SENSITIVE_CREATE_Unmarshal(&in->inSensitive, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_CreatePrimary_inSensitive); - result = TPM2B_PUBLIC_Unmarshal(&in->inPublic, paramBuffer, paramBufferSize, FALSE); - ERROR_IF_EXIT_PLUS(RC_CreatePrimary_inPublic); - result = TPM2B_DATA_Unmarshal(&in->outsideInfo, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_CreatePrimary_outsideInfo); - result = TPML_PCR_SELECTION_Unmarshal(&in->creationPCR, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_CreatePrimary_creationPCR); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_CreatePrimary (in, out); - rSize = sizeof(CreatePrimary_Out); - if(TPM_RC_SUCCESS != result) goto Exit; -; command->handles[command->handleNum++] = out->objectHandle; - *respParmSize += TPM2B_PUBLIC_Marshal(&out->outPublic, - responseBuffer, &rSize); - *respParmSize += TPM2B_CREATION_DATA_Marshal(&out->creationData, - responseBuffer, &rSize); - *respParmSize += TPM2B_DIGEST_Marshal(&out->creationHash, - responseBuffer, &rSize); - *respParmSize += TPMT_TK_CREATION_Marshal(&out->creationTicket, - responseBuffer, &rSize); - *respParmSize += TPM2B_NAME_Marshal(&out->name, - responseBuffer, &rSize); -break; -} -#endif // CC_CreatePrimary -#if CC_HierarchyControl -case TPM_CC_HierarchyControl: { - HierarchyControl_In *in = (HierarchyControl_In *) - MemoryGetInBuffer(sizeof(HierarchyControl_In)); - in->authHandle = handles[0]; - result = TPMI_RH_ENABLES_Unmarshal(&in->enable, paramBuffer, paramBufferSize, FALSE); - ERROR_IF_EXIT_PLUS(RC_HierarchyControl_enable); - result = TPMI_YES_NO_Unmarshal(&in->state, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_HierarchyControl_state); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_HierarchyControl (in); -break; -} -#endif // CC_HierarchyControl -#if CC_SetPrimaryPolicy -case TPM_CC_SetPrimaryPolicy: { - SetPrimaryPolicy_In *in = (SetPrimaryPolicy_In *) - MemoryGetInBuffer(sizeof(SetPrimaryPolicy_In)); - in->authHandle = handles[0]; - result = TPM2B_DIGEST_Unmarshal(&in->authPolicy, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_SetPrimaryPolicy_authPolicy); - result = TPMI_ALG_HASH_Unmarshal(&in->hashAlg, paramBuffer, paramBufferSize, TRUE); - ERROR_IF_EXIT_PLUS(RC_SetPrimaryPolicy_hashAlg); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_SetPrimaryPolicy (in); -break; -} -#endif // CC_SetPrimaryPolicy -#if CC_ChangePPS -case TPM_CC_ChangePPS: { - ChangePPS_In *in = (ChangePPS_In *) - MemoryGetInBuffer(sizeof(ChangePPS_In)); - in->authHandle = handles[0]; - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_ChangePPS (in); -break; -} -#endif // CC_ChangePPS -#if CC_ChangeEPS -case TPM_CC_ChangeEPS: { - ChangeEPS_In *in = (ChangeEPS_In *) - MemoryGetInBuffer(sizeof(ChangeEPS_In)); - in->authHandle = handles[0]; - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_ChangeEPS (in); -break; -} -#endif // CC_ChangeEPS -#if CC_Clear -case TPM_CC_Clear: { - Clear_In *in = (Clear_In *) - MemoryGetInBuffer(sizeof(Clear_In)); - in->authHandle = handles[0]; - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_Clear (in); -break; -} -#endif // CC_Clear -#if CC_ClearControl -case TPM_CC_ClearControl: { - ClearControl_In *in = (ClearControl_In *) - MemoryGetInBuffer(sizeof(ClearControl_In)); - in->auth = handles[0]; - result = TPMI_YES_NO_Unmarshal(&in->disable, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_ClearControl_disable); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_ClearControl (in); -break; -} -#endif // CC_ClearControl -#if CC_HierarchyChangeAuth -case TPM_CC_HierarchyChangeAuth: { - HierarchyChangeAuth_In *in = (HierarchyChangeAuth_In *) - MemoryGetInBuffer(sizeof(HierarchyChangeAuth_In)); - in->authHandle = handles[0]; - result = TPM2B_AUTH_Unmarshal(&in->newAuth, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_HierarchyChangeAuth_newAuth); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_HierarchyChangeAuth (in); -break; -} -#endif // CC_HierarchyChangeAuth -#if CC_DictionaryAttackLockReset -case TPM_CC_DictionaryAttackLockReset: { - DictionaryAttackLockReset_In *in = (DictionaryAttackLockReset_In *) - MemoryGetInBuffer(sizeof(DictionaryAttackLockReset_In)); - in->lockHandle = handles[0]; - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_DictionaryAttackLockReset (in); -break; -} -#endif // CC_DictionaryAttackLockReset -#if CC_DictionaryAttackParameters -case TPM_CC_DictionaryAttackParameters: { - DictionaryAttackParameters_In *in = (DictionaryAttackParameters_In *) - MemoryGetInBuffer(sizeof(DictionaryAttackParameters_In)); - in->lockHandle = handles[0]; - result = UINT32_Unmarshal(&in->newMaxTries, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_DictionaryAttackParameters_newMaxTries); - result = UINT32_Unmarshal(&in->newRecoveryTime, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_DictionaryAttackParameters_newRecoveryTime); - result = UINT32_Unmarshal(&in->lockoutRecovery, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_DictionaryAttackParameters_lockoutRecovery); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_DictionaryAttackParameters (in); -break; -} -#endif // CC_DictionaryAttackParameters -#if CC_PP_Commands -case TPM_CC_PP_Commands: { - PP_Commands_In *in = (PP_Commands_In *) - MemoryGetInBuffer(sizeof(PP_Commands_In)); - in->auth = handles[0]; - result = TPML_CC_Unmarshal(&in->setList, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_PP_Commands_setList); - result = TPML_CC_Unmarshal(&in->clearList, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_PP_Commands_clearList); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_PP_Commands (in); -break; -} -#endif // CC_PP_Commands -#if CC_SetAlgorithmSet -case TPM_CC_SetAlgorithmSet: { - SetAlgorithmSet_In *in = (SetAlgorithmSet_In *) - MemoryGetInBuffer(sizeof(SetAlgorithmSet_In)); - in->authHandle = handles[0]; - result = UINT32_Unmarshal(&in->algorithmSet, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_SetAlgorithmSet_algorithmSet); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_SetAlgorithmSet (in); -break; -} -#endif // CC_SetAlgorithmSet -#if CC_FieldUpgradeStart -case TPM_CC_FieldUpgradeStart: { - FieldUpgradeStart_In *in = (FieldUpgradeStart_In *) - MemoryGetInBuffer(sizeof(FieldUpgradeStart_In)); - in->authorization = handles[0]; - in->keyHandle = handles[1]; - result = TPM2B_DIGEST_Unmarshal(&in->fuDigest, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_FieldUpgradeStart_fuDigest); - result = TPMT_SIGNATURE_Unmarshal(&in->manifestSignature, paramBuffer, paramBufferSize, FALSE); - ERROR_IF_EXIT_PLUS(RC_FieldUpgradeStart_manifestSignature); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_FieldUpgradeStart (in); -break; -} -#endif // CC_FieldUpgradeStart -#if CC_FieldUpgradeData -case TPM_CC_FieldUpgradeData: { - FieldUpgradeData_In *in = (FieldUpgradeData_In *) - MemoryGetInBuffer(sizeof(FieldUpgradeData_In)); - FieldUpgradeData_Out *out = (FieldUpgradeData_Out *) - MemoryGetOutBuffer(sizeof(FieldUpgradeData_Out)); - result = TPM2B_MAX_BUFFER_Unmarshal(&in->fuData, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_FieldUpgradeData_fuData); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_FieldUpgradeData (in, out); - rSize = sizeof(FieldUpgradeData_Out); - *respParmSize += TPMT_HA_Marshal(&out->nextDigest, - responseBuffer, &rSize); - *respParmSize += TPMT_HA_Marshal(&out->firstDigest, - responseBuffer, &rSize); -break; -} -#endif // CC_FieldUpgradeData -#if CC_FirmwareRead -case TPM_CC_FirmwareRead: { - FirmwareRead_In *in = (FirmwareRead_In *) - MemoryGetInBuffer(sizeof(FirmwareRead_In)); - FirmwareRead_Out *out = (FirmwareRead_Out *) - MemoryGetOutBuffer(sizeof(FirmwareRead_Out)); - result = UINT32_Unmarshal(&in->sequenceNumber, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_FirmwareRead_sequenceNumber); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_FirmwareRead (in, out); - rSize = sizeof(FirmwareRead_Out); - *respParmSize += TPM2B_MAX_BUFFER_Marshal(&out->fuData, - responseBuffer, &rSize); -break; -} -#endif // CC_FirmwareRead -#if CC_ContextSave -case TPM_CC_ContextSave: { - ContextSave_In *in = (ContextSave_In *) - MemoryGetInBuffer(sizeof(ContextSave_In)); - ContextSave_Out *out = (ContextSave_Out *) - MemoryGetOutBuffer(sizeof(ContextSave_Out)); - in->saveHandle = handles[0]; - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_ContextSave (in, out); - rSize = sizeof(ContextSave_Out); - *respParmSize += TPMS_CONTEXT_Marshal(&out->context, - responseBuffer, &rSize); -break; -} -#endif // CC_ContextSave -#if CC_ContextLoad -case TPM_CC_ContextLoad: { - ContextLoad_In *in = (ContextLoad_In *) - MemoryGetInBuffer(sizeof(ContextLoad_In)); - ContextLoad_Out *out = (ContextLoad_Out *) - MemoryGetOutBuffer(sizeof(ContextLoad_Out)); - result = TPMS_CONTEXT_Unmarshal(&in->context, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_ContextLoad_context); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_ContextLoad (in, out); - rSize = sizeof(ContextLoad_Out); - if(TPM_RC_SUCCESS != result) goto Exit; -; command->handles[command->handleNum++] = out->loadedHandle; -break; -} -#endif // CC_ContextLoad -#if CC_FlushContext -case TPM_CC_FlushContext: { - FlushContext_In *in = (FlushContext_In *) - MemoryGetInBuffer(sizeof(FlushContext_In)); - result = TPMI_DH_CONTEXT_Unmarshal(&in->flushHandle, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_FlushContext_flushHandle); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_FlushContext (in); -break; -} -#endif // CC_FlushContext -#if CC_EvictControl -case TPM_CC_EvictControl: { - EvictControl_In *in = (EvictControl_In *) - MemoryGetInBuffer(sizeof(EvictControl_In)); - in->auth = handles[0]; - in->objectHandle = handles[1]; - result = TPMI_DH_PERSISTENT_Unmarshal(&in->persistentHandle, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_EvictControl_persistentHandle); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_EvictControl (in); -break; -} -#endif // CC_EvictControl -#if CC_ReadClock -case TPM_CC_ReadClock: { - ReadClock_Out *out = (ReadClock_Out *) - MemoryGetOutBuffer(sizeof(ReadClock_Out)); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_ReadClock (out); - rSize = sizeof(ReadClock_Out); - *respParmSize += TPMS_TIME_INFO_Marshal(&out->currentTime, - responseBuffer, &rSize); -break; -} -#endif // CC_ReadClock -#if CC_ClockSet -case TPM_CC_ClockSet: { - ClockSet_In *in = (ClockSet_In *) - MemoryGetInBuffer(sizeof(ClockSet_In)); - in->auth = handles[0]; - result = UINT64_Unmarshal(&in->newTime, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_ClockSet_newTime); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_ClockSet (in); -break; -} -#endif // CC_ClockSet -#if CC_ClockRateAdjust -case TPM_CC_ClockRateAdjust: { - ClockRateAdjust_In *in = (ClockRateAdjust_In *) - MemoryGetInBuffer(sizeof(ClockRateAdjust_In)); - in->auth = handles[0]; - result = TPM_CLOCK_ADJUST_Unmarshal(&in->rateAdjust, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_ClockRateAdjust_rateAdjust); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_ClockRateAdjust (in); -break; -} -#endif // CC_ClockRateAdjust -#if CC_GetCapability -case TPM_CC_GetCapability: { - GetCapability_In *in = (GetCapability_In *) - MemoryGetInBuffer(sizeof(GetCapability_In)); - GetCapability_Out *out = (GetCapability_Out *) - MemoryGetOutBuffer(sizeof(GetCapability_Out)); - result = TPM_CAP_Unmarshal(&in->capability, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_GetCapability_capability); - result = UINT32_Unmarshal(&in->property, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_GetCapability_property); - result = UINT32_Unmarshal(&in->propertyCount, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_GetCapability_propertyCount); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_GetCapability (in, out); - rSize = sizeof(GetCapability_Out); - *respParmSize += TPMI_YES_NO_Marshal(&out->moreData, - responseBuffer, &rSize); - *respParmSize += TPMS_CAPABILITY_DATA_Marshal(&out->capabilityData, - responseBuffer, &rSize); -break; -} -#endif // CC_GetCapability -#if CC_TestParms -case TPM_CC_TestParms: { - TestParms_In *in = (TestParms_In *) - MemoryGetInBuffer(sizeof(TestParms_In)); - result = TPMT_PUBLIC_PARMS_Unmarshal(&in->parameters, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_TestParms_parameters); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_TestParms (in); -break; -} -#endif // CC_TestParms -#if CC_NV_DefineSpace -case TPM_CC_NV_DefineSpace: { - NV_DefineSpace_In *in = (NV_DefineSpace_In *) - MemoryGetInBuffer(sizeof(NV_DefineSpace_In)); - in->authHandle = handles[0]; - result = TPM2B_AUTH_Unmarshal(&in->auth, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_NV_DefineSpace_auth); - result = TPM2B_NV_PUBLIC_Unmarshal(&in->publicInfo, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_NV_DefineSpace_publicInfo); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_NV_DefineSpace (in); -break; -} -#endif // CC_NV_DefineSpace -#if CC_NV_UndefineSpace -case TPM_CC_NV_UndefineSpace: { - NV_UndefineSpace_In *in = (NV_UndefineSpace_In *) - MemoryGetInBuffer(sizeof(NV_UndefineSpace_In)); - in->authHandle = handles[0]; - in->nvIndex = handles[1]; - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_NV_UndefineSpace (in); -break; -} -#endif // CC_NV_UndefineSpace -#if CC_NV_UndefineSpaceSpecial -case TPM_CC_NV_UndefineSpaceSpecial: { - NV_UndefineSpaceSpecial_In *in = (NV_UndefineSpaceSpecial_In *) - MemoryGetInBuffer(sizeof(NV_UndefineSpaceSpecial_In)); - in->nvIndex = handles[0]; - in->platform = handles[1]; - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_NV_UndefineSpaceSpecial (in); -break; -} -#endif // CC_NV_UndefineSpaceSpecial -#if CC_NV_ReadPublic -case TPM_CC_NV_ReadPublic: { - NV_ReadPublic_In *in = (NV_ReadPublic_In *) - MemoryGetInBuffer(sizeof(NV_ReadPublic_In)); - NV_ReadPublic_Out *out = (NV_ReadPublic_Out *) - MemoryGetOutBuffer(sizeof(NV_ReadPublic_Out)); - in->nvIndex = handles[0]; - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_NV_ReadPublic (in, out); - rSize = sizeof(NV_ReadPublic_Out); - *respParmSize += TPM2B_NV_PUBLIC_Marshal(&out->nvPublic, - responseBuffer, &rSize); - *respParmSize += TPM2B_NAME_Marshal(&out->nvName, - responseBuffer, &rSize); -break; -} -#endif // CC_NV_ReadPublic -#if CC_NV_Write -case TPM_CC_NV_Write: { - NV_Write_In *in = (NV_Write_In *) - MemoryGetInBuffer(sizeof(NV_Write_In)); - in->authHandle = handles[0]; - in->nvIndex = handles[1]; - result = TPM2B_MAX_NV_BUFFER_Unmarshal(&in->data, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_NV_Write_data); - result = UINT16_Unmarshal(&in->offset, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_NV_Write_offset); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_NV_Write (in); -break; -} -#endif // CC_NV_Write -#if CC_NV_Increment -case TPM_CC_NV_Increment: { - NV_Increment_In *in = (NV_Increment_In *) - MemoryGetInBuffer(sizeof(NV_Increment_In)); - in->authHandle = handles[0]; - in->nvIndex = handles[1]; - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_NV_Increment (in); -break; -} -#endif // CC_NV_Increment -#if CC_NV_Extend -case TPM_CC_NV_Extend: { - NV_Extend_In *in = (NV_Extend_In *) - MemoryGetInBuffer(sizeof(NV_Extend_In)); - in->authHandle = handles[0]; - in->nvIndex = handles[1]; - result = TPM2B_MAX_NV_BUFFER_Unmarshal(&in->data, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_NV_Extend_data); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_NV_Extend (in); -break; -} -#endif // CC_NV_Extend -#if CC_NV_SetBits -case TPM_CC_NV_SetBits: { - NV_SetBits_In *in = (NV_SetBits_In *) - MemoryGetInBuffer(sizeof(NV_SetBits_In)); - in->authHandle = handles[0]; - in->nvIndex = handles[1]; - result = UINT64_Unmarshal(&in->bits, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_NV_SetBits_bits); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_NV_SetBits (in); -break; -} -#endif // CC_NV_SetBits -#if CC_NV_WriteLock -case TPM_CC_NV_WriteLock: { - NV_WriteLock_In *in = (NV_WriteLock_In *) - MemoryGetInBuffer(sizeof(NV_WriteLock_In)); - in->authHandle = handles[0]; - in->nvIndex = handles[1]; - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_NV_WriteLock (in); -break; -} -#endif // CC_NV_WriteLock -#if CC_NV_GlobalWriteLock -case TPM_CC_NV_GlobalWriteLock: { - NV_GlobalWriteLock_In *in = (NV_GlobalWriteLock_In *) - MemoryGetInBuffer(sizeof(NV_GlobalWriteLock_In)); - in->authHandle = handles[0]; - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_NV_GlobalWriteLock (in); -break; -} -#endif // CC_NV_GlobalWriteLock -#if CC_NV_Read -case TPM_CC_NV_Read: { - NV_Read_In *in = (NV_Read_In *) - MemoryGetInBuffer(sizeof(NV_Read_In)); - NV_Read_Out *out = (NV_Read_Out *) - MemoryGetOutBuffer(sizeof(NV_Read_Out)); - in->authHandle = handles[0]; - in->nvIndex = handles[1]; - result = UINT16_Unmarshal(&in->size, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_NV_Read_size); - result = UINT16_Unmarshal(&in->offset, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_NV_Read_offset); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_NV_Read (in, out); - rSize = sizeof(NV_Read_Out); - *respParmSize += TPM2B_MAX_NV_BUFFER_Marshal(&out->data, - responseBuffer, &rSize); -break; -} -#endif // CC_NV_Read -#if CC_NV_ReadLock -case TPM_CC_NV_ReadLock: { - NV_ReadLock_In *in = (NV_ReadLock_In *) - MemoryGetInBuffer(sizeof(NV_ReadLock_In)); - in->authHandle = handles[0]; - in->nvIndex = handles[1]; - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_NV_ReadLock (in); -break; -} -#endif // CC_NV_ReadLock -#if CC_NV_ChangeAuth -case TPM_CC_NV_ChangeAuth: { - NV_ChangeAuth_In *in = (NV_ChangeAuth_In *) - MemoryGetInBuffer(sizeof(NV_ChangeAuth_In)); - in->nvIndex = handles[0]; - result = TPM2B_AUTH_Unmarshal(&in->newAuth, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_NV_ChangeAuth_newAuth); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_NV_ChangeAuth (in); -break; -} -#endif // CC_NV_ChangeAuth -#if CC_NV_Certify -case TPM_CC_NV_Certify: { - NV_Certify_In *in = (NV_Certify_In *) - MemoryGetInBuffer(sizeof(NV_Certify_In)); - NV_Certify_Out *out = (NV_Certify_Out *) - MemoryGetOutBuffer(sizeof(NV_Certify_Out)); - in->signHandle = handles[0]; - in->authHandle = handles[1]; - in->nvIndex = handles[2]; - result = TPM2B_DATA_Unmarshal(&in->qualifyingData, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_NV_Certify_qualifyingData); - result = TPMT_SIG_SCHEME_Unmarshal(&in->inScheme, paramBuffer, paramBufferSize, TRUE); - ERROR_IF_EXIT_PLUS(RC_NV_Certify_inScheme); - result = UINT16_Unmarshal(&in->size, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_NV_Certify_size); - result = UINT16_Unmarshal(&in->offset, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_NV_Certify_offset); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_NV_Certify (in, out); - rSize = sizeof(NV_Certify_Out); - *respParmSize += TPM2B_ATTEST_Marshal(&out->certifyInfo, - responseBuffer, &rSize); - *respParmSize += TPMT_SIGNATURE_Marshal(&out->signature, - responseBuffer, &rSize); -break; -} -#endif // CC_NV_Certify -#if CC_AC_GetCapability -case TPM_CC_AC_GetCapability: { - AC_GetCapability_In *in = (AC_GetCapability_In *) - MemoryGetInBuffer(sizeof(AC_GetCapability_In)); - AC_GetCapability_Out *out = (AC_GetCapability_Out *) - MemoryGetOutBuffer(sizeof(AC_GetCapability_Out)); - in->ac = handles[0]; - result = TPM_AT_Unmarshal(&in->capability, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_AC_GetCapability_capability); - result = UINT32_Unmarshal(&in->count, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_AC_GetCapability_count); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_AC_GetCapability (in, out); - rSize = sizeof(AC_GetCapability_Out); - *respParmSize += TPMI_YES_NO_Marshal(&out->moreData, - responseBuffer, &rSize); - *respParmSize += TPML_AC_CAPABILITIES_Marshal(&out->capabilitiesData, - responseBuffer, &rSize); -break; -} -#endif // CC_AC_GetCapability -#if CC_AC_Send -case TPM_CC_AC_Send: { - AC_Send_In *in = (AC_Send_In *) - MemoryGetInBuffer(sizeof(AC_Send_In)); - AC_Send_Out *out = (AC_Send_Out *) - MemoryGetOutBuffer(sizeof(AC_Send_Out)); - in->sendObject = handles[0]; - in->authHandle = handles[1]; - in->ac = handles[2]; - result = TPM2B_MAX_BUFFER_Unmarshal(&in->acDataIn, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_AC_Send_acDataIn); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_AC_Send (in, out); - rSize = sizeof(AC_Send_Out); - *respParmSize += TPMS_AC_OUTPUT_Marshal(&out->acDataOut, - responseBuffer, &rSize); -break; -} -#endif // CC_AC_Send -#if CC_Policy_AC_SendSelect -case TPM_CC_Policy_AC_SendSelect: { - Policy_AC_SendSelect_In *in = (Policy_AC_SendSelect_In *) - MemoryGetInBuffer(sizeof(Policy_AC_SendSelect_In)); - in->policySession = handles[0]; - result = TPM2B_NAME_Unmarshal(&in->objectName, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_Policy_AC_SendSelect_objectName); - result = TPM2B_NAME_Unmarshal(&in->authHandleName, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_Policy_AC_SendSelect_authHandleName); - result = TPM2B_NAME_Unmarshal(&in->acName, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_Policy_AC_SendSelect_acName); - result = TPMI_YES_NO_Unmarshal(&in->includeObject, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_Policy_AC_SendSelect_includeObject); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_Policy_AC_SendSelect (in); -break; -} -#endif // CC_Policy_AC_SendSelect -#if CC_Vendor_TCG_Test -case TPM_CC_Vendor_TCG_Test: { - Vendor_TCG_Test_In *in = (Vendor_TCG_Test_In *) - MemoryGetInBuffer(sizeof(Vendor_TCG_Test_In)); - Vendor_TCG_Test_Out *out = (Vendor_TCG_Test_Out *) - MemoryGetOutBuffer(sizeof(Vendor_TCG_Test_Out)); - result = TPM2B_DATA_Unmarshal(&in->inputData, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_Vendor_TCG_Test_inputData); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_Vendor_TCG_Test (in, out); - rSize = sizeof(Vendor_TCG_Test_Out); - *respParmSize += TPM2B_DATA_Marshal(&out->outputData, - responseBuffer, &rSize); -break; -} -#endif // CC_Vendor_TCG_Test diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Commands.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Commands.h deleted file mode 100644 index f72c71e1a..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Commands.h +++ /dev/null @@ -1,451 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.1 Dec 8, 2018 - * Date: Jan 28, 2019 Time: 01:24:09AM - */ - -#ifndef _COMMANDS_H_ -#define _COMMANDS_H_ - - -// Start-up -#ifdef TPM_CC_Startup -#include "Startup_fp.h" -#endif -#ifdef TPM_CC_Shutdown -#include "Shutdown_fp.h" -#endif - -// Testing -#ifdef TPM_CC_SelfTest -#include "SelfTest_fp.h" -#endif -#ifdef TPM_CC_IncrementalSelfTest -#include "IncrementalSelfTest_fp.h" -#endif -#ifdef TPM_CC_GetTestResult -#include "GetTestResult_fp.h" -#endif - -// Session Commands -#ifdef TPM_CC_StartAuthSession -#include "StartAuthSession_fp.h" -#endif -#ifdef TPM_CC_PolicyRestart -#include "PolicyRestart_fp.h" -#endif - -// Object Commands -#ifdef TPM_CC_Create -#include "Create_fp.h" -#endif -#ifdef TPM_CC_Load -#include "Load_fp.h" -#endif -#ifdef TPM_CC_LoadExternal -#include "LoadExternal_fp.h" -#endif -#ifdef TPM_CC_ReadPublic -#include "ReadPublic_fp.h" -#endif -#ifdef TPM_CC_ActivateCredential -#include "ActivateCredential_fp.h" -#endif -#ifdef TPM_CC_MakeCredential -#include "MakeCredential_fp.h" -#endif -#ifdef TPM_CC_Unseal -#include "Unseal_fp.h" -#endif -#ifdef TPM_CC_ObjectChangeAuth -#include "ObjectChangeAuth_fp.h" -#endif -#ifdef TPM_CC_CreateLoaded -#include "CreateLoaded_fp.h" -#endif - -// Duplication Commands -#ifdef TPM_CC_Duplicate -#include "Duplicate_fp.h" -#endif -#ifdef TPM_CC_Rewrap -#include "Rewrap_fp.h" -#endif -#ifdef TPM_CC_Import -#include "Import_fp.h" -#endif - -// Asymmetric Primitives -#ifdef TPM_CC_RSA_Encrypt -#include "RSA_Encrypt_fp.h" -#endif -#ifdef TPM_CC_RSA_Decrypt -#include "RSA_Decrypt_fp.h" -#endif -#ifdef TPM_CC_ECDH_KeyGen -#include "ECDH_KeyGen_fp.h" -#endif -#ifdef TPM_CC_ECDH_ZGen -#include "ECDH_ZGen_fp.h" -#endif -#ifdef TPM_CC_ECC_Parameters -#include "ECC_Parameters_fp.h" -#endif -#ifdef TPM_CC_ZGen_2Phase -#include "ZGen_2Phase_fp.h" -#endif - -// Symmetric Primitives -#ifdef TPM_CC_EncryptDecrypt -#include "EncryptDecrypt_fp.h" -#endif -#ifdef TPM_CC_EncryptDecrypt2 -#include "EncryptDecrypt2_fp.h" -#endif -#ifdef TPM_CC_Hash -#include "Hash_fp.h" -#endif -#ifdef TPM_CC_HMAC -#include "HMAC_fp.h" -#endif -#ifdef TPM_CC_MAC -#include "MAC_fp.h" -#endif - -// Random Number Generator -#ifdef TPM_CC_GetRandom -#include "GetRandom_fp.h" -#endif -#ifdef TPM_CC_StirRandom -#include "StirRandom_fp.h" -#endif - -// Hash/HMAC/Event Sequences -#ifdef TPM_CC_HMAC_Start -#include "HMAC_Start_fp.h" -#endif -#ifdef TPM_CC_MAC_Start -#include "MAC_Start_fp.h" -#endif -#ifdef TPM_CC_HashSequenceStart -#include "HashSequenceStart_fp.h" -#endif -#ifdef TPM_CC_SequenceUpdate -#include "SequenceUpdate_fp.h" -#endif -#ifdef TPM_CC_SequenceComplete -#include "SequenceComplete_fp.h" -#endif -#ifdef TPM_CC_EventSequenceComplete -#include "EventSequenceComplete_fp.h" -#endif - -// Attestation Commands -#ifdef TPM_CC_Certify -#include "Certify_fp.h" -#endif -#ifdef TPM_CC_CertifyCreation -#include "CertifyCreation_fp.h" -#endif -#ifdef TPM_CC_Quote -#include "Quote_fp.h" -#endif -#ifdef TPM_CC_GetSessionAuditDigest -#include "GetSessionAuditDigest_fp.h" -#endif -#ifdef TPM_CC_GetCommandAuditDigest -#include "GetCommandAuditDigest_fp.h" -#endif -#ifdef TPM_CC_GetTime -#include "GetTime_fp.h" -#endif -#ifdef TPM_CC_CertifyX509 -#include "CertifyX509_fp.h" -#endif - -// Ephemeral EC Keys -#ifdef TPM_CC_Commit -#include "Commit_fp.h" -#endif -#ifdef TPM_CC_EC_Ephemeral -#include "EC_Ephemeral_fp.h" -#endif - -// Signing and Signature Verification -#ifdef TPM_CC_VerifySignature -#include "VerifySignature_fp.h" -#endif -#ifdef TPM_CC_Sign -#include "Sign_fp.h" -#endif - -// Command Audit -#ifdef TPM_CC_SetCommandCodeAuditStatus -#include "SetCommandCodeAuditStatus_fp.h" -#endif - -// Integrity Collection (PCR) -#ifdef TPM_CC_PCR_Extend -#include "PCR_Extend_fp.h" -#endif -#ifdef TPM_CC_PCR_Event -#include "PCR_Event_fp.h" -#endif -#ifdef TPM_CC_PCR_Read -#include "PCR_Read_fp.h" -#endif -#ifdef TPM_CC_PCR_Allocate -#include "PCR_Allocate_fp.h" -#endif -#ifdef TPM_CC_PCR_SetAuthPolicy -#include "PCR_SetAuthPolicy_fp.h" -#endif -#ifdef TPM_CC_PCR_SetAuthValue -#include "PCR_SetAuthValue_fp.h" -#endif -#ifdef TPM_CC_PCR_Reset -#include "PCR_Reset_fp.h" -#endif - -// Enhanced Authorization (EA) Commands -#ifdef TPM_CC_PolicySigned -#include "PolicySigned_fp.h" -#endif -#ifdef TPM_CC_PolicySecret -#include "PolicySecret_fp.h" -#endif -#ifdef TPM_CC_PolicyTicket -#include "PolicyTicket_fp.h" -#endif -#ifdef TPM_CC_PolicyOR -#include "PolicyOR_fp.h" -#endif -#ifdef TPM_CC_PolicyPCR -#include "PolicyPCR_fp.h" -#endif -#ifdef TPM_CC_PolicyLocality -#include "PolicyLocality_fp.h" -#endif -#ifdef TPM_CC_PolicyNV -#include "PolicyNV_fp.h" -#endif -#ifdef TPM_CC_PolicyCounterTimer -#include "PolicyCounterTimer_fp.h" -#endif -#ifdef TPM_CC_PolicyCommandCode -#include "PolicyCommandCode_fp.h" -#endif -#ifdef TPM_CC_PolicyPhysicalPresence -#include "PolicyPhysicalPresence_fp.h" -#endif -#ifdef TPM_CC_PolicyCpHash -#include "PolicyCpHash_fp.h" -#endif -#ifdef TPM_CC_PolicyNameHash -#include "PolicyNameHash_fp.h" -#endif -#ifdef TPM_CC_PolicyDuplicationSelect -#include "PolicyDuplicationSelect_fp.h" -#endif -#ifdef TPM_CC_PolicyAuthorize -#include "PolicyAuthorize_fp.h" -#endif -#ifdef TPM_CC_PolicyAuthValue -#include "PolicyAuthValue_fp.h" -#endif -#ifdef TPM_CC_PolicyPassword -#include "PolicyPassword_fp.h" -#endif -#ifdef TPM_CC_PolicyGetDigest -#include "PolicyGetDigest_fp.h" -#endif -#ifdef TPM_CC_PolicyNvWritten -#include "PolicyNvWritten_fp.h" -#endif -#ifdef TPM_CC_PolicyTemplate -#include "PolicyTemplate_fp.h" -#endif -#ifdef TPM_CC_PolicyAuthorizeNV -#include "PolicyAuthorizeNV_fp.h" -#endif - -// Hierarchy Commands -#ifdef TPM_CC_CreatePrimary -#include "CreatePrimary_fp.h" -#endif -#ifdef TPM_CC_HierarchyControl -#include "HierarchyControl_fp.h" -#endif -#ifdef TPM_CC_SetPrimaryPolicy -#include "SetPrimaryPolicy_fp.h" -#endif -#ifdef TPM_CC_ChangePPS -#include "ChangePPS_fp.h" -#endif -#ifdef TPM_CC_ChangeEPS -#include "ChangeEPS_fp.h" -#endif -#ifdef TPM_CC_Clear -#include "Clear_fp.h" -#endif -#ifdef TPM_CC_ClearControl -#include "ClearControl_fp.h" -#endif -#ifdef TPM_CC_HierarchyChangeAuth -#include "HierarchyChangeAuth_fp.h" -#endif - -// Dictionary Attack Functions -#ifdef TPM_CC_DictionaryAttackLockReset -#include "DictionaryAttackLockReset_fp.h" -#endif -#ifdef TPM_CC_DictionaryAttackParameters -#include "DictionaryAttackParameters_fp.h" -#endif - -// Miscellaneous Management Functions -#ifdef TPM_CC_PP_Commands -#include "PP_Commands_fp.h" -#endif -#ifdef TPM_CC_SetAlgorithmSet -#include "SetAlgorithmSet_fp.h" -#endif - -// Field Upgrade -#ifdef TPM_CC_FieldUpgradeStart -#include "FieldUpgradeStart_fp.h" -#endif -#ifdef TPM_CC_FieldUpgradeData -#include "FieldUpgradeData_fp.h" -#endif -#ifdef TPM_CC_FirmwareRead -#include "FirmwareRead_fp.h" -#endif - -// Context Management -#ifdef TPM_CC_ContextSave -#include "ContextSave_fp.h" -#endif -#ifdef TPM_CC_ContextLoad -#include "ContextLoad_fp.h" -#endif -#ifdef TPM_CC_FlushContext -#include "FlushContext_fp.h" -#endif -#ifdef TPM_CC_EvictControl -#include "EvictControl_fp.h" -#endif - -// Clocks and Timers -#ifdef TPM_CC_ReadClock -#include "ReadClock_fp.h" -#endif -#ifdef TPM_CC_ClockSet -#include "ClockSet_fp.h" -#endif -#ifdef TPM_CC_ClockRateAdjust -#include "ClockRateAdjust_fp.h" -#endif - -// Capability Commands -#ifdef TPM_CC_GetCapability -#include "GetCapability_fp.h" -#endif -#ifdef TPM_CC_TestParms -#include "TestParms_fp.h" -#endif - -// Non-volatile Storage -#ifdef TPM_CC_NV_DefineSpace -#include "NV_DefineSpace_fp.h" -#endif -#ifdef TPM_CC_NV_UndefineSpace -#include "NV_UndefineSpace_fp.h" -#endif -#ifdef TPM_CC_NV_UndefineSpaceSpecial -#include "NV_UndefineSpaceSpecial_fp.h" -#endif -#ifdef TPM_CC_NV_ReadPublic -#include "NV_ReadPublic_fp.h" -#endif -#ifdef TPM_CC_NV_Write -#include "NV_Write_fp.h" -#endif -#ifdef TPM_CC_NV_Increment -#include "NV_Increment_fp.h" -#endif -#ifdef TPM_CC_NV_Extend -#include "NV_Extend_fp.h" -#endif -#ifdef TPM_CC_NV_SetBits -#include "NV_SetBits_fp.h" -#endif -#ifdef TPM_CC_NV_WriteLock -#include "NV_WriteLock_fp.h" -#endif -#ifdef TPM_CC_NV_GlobalWriteLock -#include "NV_GlobalWriteLock_fp.h" -#endif -#ifdef TPM_CC_NV_Read -#include "NV_Read_fp.h" -#endif -#ifdef TPM_CC_NV_ReadLock -#include "NV_ReadLock_fp.h" -#endif -#ifdef TPM_CC_NV_ChangeAuth -#include "NV_ChangeAuth_fp.h" -#endif -#ifdef TPM_CC_NV_Certify -#include "NV_Certify_fp.h" -#endif - -// Attached Components -#ifdef TPM_CC_AC_GetCapability -#include "AC_GetCapability_fp.h" -#endif -#ifdef TPM_CC_AC_Send -#include "AC_Send_fp.h" -#endif -#ifdef TPM_CC_Policy_AC_SendSelect -#include "Policy_AC_SendSelect_fp.h" -#endif - -// Vendor Specific -#ifdef TPM_CC_Vendor_TCG_Test -#include "Vendor_TCG_Test_fp.h" -#endif - -#endif diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CompilerDependencies.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CompilerDependencies.h deleted file mode 100644 index 2931952f0..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CompilerDependencies.h +++ /dev/null @@ -1,132 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -// This file contains the build switches. This contains switches for multiple -// versions of the crypto-library so some may not apply to your environment. -// - -#ifndef _COMPILER_DEPENDENCIES_H_ -#define _COMPILER_DEPENDENCIES_H_ - -#ifdef GCC -# undef _MSC_VER -# undef WIN32 -#endif - -#ifdef _MSC_VER -// These definitions are for the Microsoft compiler - -// Endian conversion for aligned structures -# define REVERSE_ENDIAN_16(_Number) _byteswap_ushort(_Number) -# define REVERSE_ENDIAN_32(_Number) _byteswap_ulong(_Number) -# define REVERSE_ENDIAN_64(_Number) _byteswap_uint64(_Number) - -// Avoid compiler warning for in line of stdio (or not) -//#define _NO_CRT_STDIO_INLINE - -// This macro is used to handle LIB_EXPORT of function and variable names in lieu -// of a .def file. Visual Studio requires that functions be explicitly exported and -// imported. -# define LIB_EXPORT __declspec(dllexport) // VS compatible version -# define LIB_IMPORT __declspec(dllimport) - -// This is defined to indicate a function that does not return. Microsoft compilers -// do not support the _Noretrun function parameter. -# define NORETURN __declspec(noreturn) -# if _MSC_VER >= 1400 // SAL processing when needed -# include -# endif - -# ifdef _WIN64 -# define _INTPTR 2 -# else -# define _INTPTR 1 -# endif - - -#define NOT_REFERENCED(x) (x) - -// Lower the compiler error warning for system include -// files. They tend not to be that clean and there is no -// reason to sort through all the spurious errors that they -// generate when the normal error level is set to /Wall -# define _REDUCE_WARNING_LEVEL_(n) \ -__pragma(warning(push, n)) -// Restore the compiler warning level -# define _NORMAL_WARNING_LEVEL_ \ -__pragma(warning(pop)) -# include -#endif - -#ifndef _MSC_VER -#ifndef WINAPI -# define WINAPI -#endif -# define __pragma(x) -# define REVERSE_ENDIAN_16(_Number) __builtin_bswap16(_Number) -# define REVERSE_ENDIAN_32(_Number) __builtin_bswap32(_Number) -# define REVERSE_ENDIAN_64(_Number) __builtin_bswap64(_Number) -#endif - -#if defined(__GNUC__) -# define NORETURN __attribute__((noreturn)) -# include -#endif - -// Things that are not defined should be defined as NULL -#ifndef NORETURN -# define NORETURN -#endif -#ifndef LIB_EXPORT -# define LIB_EXPORT -#endif -#ifndef LIB_IMPORT -# define LIB_IMPORT -#endif -#ifndef _REDUCE_WARNING_LEVEL_ -# define _REDUCE_WARNING_LEVEL_(n) -#endif -#ifndef _NORMAL_WARNING_LEVEL_ -# define _NORMAL_WARNING_LEVEL_ -#endif -#ifndef NOT_REFERENCED -# define NOT_REFERENCED(x) (x = x) -#endif - -#ifdef _POSIX_ -typedef int SOCKET; -#endif - - -#endif // _COMPILER_DEPENDENCIES_H_ \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CryptEcc.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CryptEcc.h deleted file mode 100644 index f05e781ad..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CryptEcc.h +++ /dev/null @@ -1,71 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Introduction -// This file contains structure definitions used for ECC. The -// structures in this file are only used internally. The ECC-related structures -// that cross the TPM interface are defined in TpmTypes.h -// - -#ifndef _CRYPT_ECC_H -#define _CRYPT_ECC_H - -//** Structures - -// This is used to define the macro that may or may not be in the data set for the -// curve (CryptEccData.c). If there is a mismatch, the compiler will warn that there -// is to much/not enough initialization data in the curve. The macro is used because -// not all versions of the CryptEccData.c need the curve name. -#ifdef NAMED_CURVES -#define CURVE_NAME(a) , a -#define CURVE_NAME_DEF const char *name; -#else -# define CURVE_NAME(a) -# define CURVE_NAME_DEF -#endif - -typedef struct ECC_CURVE -{ - const TPM_ECC_CURVE curveId; - const UINT16 keySizeBits; - const TPMT_KDF_SCHEME kdf; - const TPMT_ECC_SCHEME sign; - const ECC_CURVE_DATA *curveData; // the address of the curve data - const BYTE *OID; - CURVE_NAME_DEF -} ECC_CURVE; - -extern const ECC_CURVE eccCurves[ECC_CURVE_COUNT]; - -#endif diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CryptHash.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CryptHash.h deleted file mode 100644 index de6eb5148..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CryptHash.h +++ /dev/null @@ -1,303 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Introduction -// This header contains the hash structure definitions used in the TPM code -// to define the amount of space to be reserved for the hash state. This allows -// the TPM code to not have to import all of the symbols used by the hash -// computations. This lets the build environment of the TPM code not to have -// include the header files associated with the CryptoEngine code. - -#ifndef _CRYPT_HASH_H -#define _CRYPT_HASH_H - -//** Hash-related Structures - -union SMAC_STATES; - -// These definitions add the high-level methods for processing state that may be -// an SMAC -typedef void(* SMAC_DATA_METHOD)( - union SMAC_STATES *state, - UINT32 size, - const BYTE *buffer - ); - -typedef UINT16(* SMAC_END_METHOD)( - union SMAC_STATES *state, - UINT32 size, - BYTE *buffer - ); - -typedef struct sequenceMethods { - SMAC_DATA_METHOD data; - SMAC_END_METHOD end; -} SMAC_METHODS; - -#define SMAC_IMPLEMENTED (CC_MAC || CC_MAC_Start) - -// These definitions are here because the SMAC state is in the union of hash states. -typedef struct tpmCmacState { - TPM_ALG_ID symAlg; - UINT16 keySizeBits; - INT16 bcount; // current count of bytes accumulated in IV - TPM2B_IV iv; // IV buffer - TPM2B_SYM_KEY symKey; -} tpmCmacState_t; - -typedef union SMAC_STATES { -#if ALG_CMAC - tpmCmacState_t cmac; -#endif - UINT64 pad; -} SMAC_STATES; - -typedef struct SMAC_STATE { - SMAC_METHODS smacMethods; - SMAC_STATES state; -} SMAC_STATE; - - -typedef union -{ -#if ALG_SHA1 - tpmHashStateSHA1_t Sha1; -#endif -#if ALG_SHA256 - tpmHashStateSHA256_t Sha256; -#endif -#if ALG_SHA384 - tpmHashStateSHA384_t Sha384; -#endif -#if ALG_SHA512 - tpmHashStateSHA512_t Sha512; -#endif - -// Additions for symmetric block cipher MAC -#if SMAC_IMPLEMENTED - SMAC_STATE smac; -#endif - // to force structure alignment to be no worse than HASH_ALIGNMENT -#if HASH_ALIGNMENT == 4 - uint32_t align; -#else - uint64_t align; -#endif -} ANY_HASH_STATE; - -typedef ANY_HASH_STATE *PANY_HASH_STATE; -typedef const ANY_HASH_STATE *PCANY_HASH_STATE; - -#define ALIGNED_SIZE(x, b) ((((x) + (b) - 1) / (b)) * (b)) -// MAX_HASH_STATE_SIZE will change with each implementation. It is assumed that -// a hash state will not be larger than twice the block size plus some -// overhead (in this case, 16 bytes). The overall size needs to be as -// large as any of the hash contexts. The structure needs to start on an -// alignment boundary and be an even multiple of the alignment -#define MAX_HASH_STATE_SIZE ((2 * MAX_HASH_BLOCK_SIZE) + 16) -#define MAX_HASH_STATE_SIZE_ALIGNED \ - ALIGNED_SIZE(MAX_HASH_STATE_SIZE, HASH_ALIGNMENT) - -// This is an aligned byte array that will hold any of the hash contexts. -typedef ANY_HASH_STATE ALIGNED_HASH_STATE; - -// The header associated with the hash library is expected to define the methods -// which include the calling sequence. When not compiling CryptHash.c, the methods -// are not defined so we need placeholder functions for the structures - -#ifndef HASH_START_METHOD_DEF -# define HASH_START_METHOD_DEF void (HASH_START_METHOD)(void) -#endif -#ifndef HASH_DATA_METHOD_DEF -# define HASH_DATA_METHOD_DEF void (HASH_DATA_METHOD)(void) -#endif -#ifndef HASH_END_METHOD_DEF -# define HASH_END_METHOD_DEF void (HASH_END_METHOD)(void) -#endif -#ifndef HASH_STATE_COPY_METHOD_DEF -# define HASH_STATE_COPY_METHOD_DEF void (HASH_STATE_COPY_METHOD)(void) -#endif -#ifndef HASH_STATE_EXPORT_METHOD_DEF -# define HASH_STATE_EXPORT_METHOD_DEF void (HASH_STATE_EXPORT_METHOD)(void) -#endif -#ifndef HASH_STATE_IMPORT_METHOD_DEF -# define HASH_STATE_IMPORT_METHOD_DEF void (HASH_STATE_IMPORT_METHOD)(void) -#endif - -// Define the prototypical function call for each of the methods. This defines the -// order in which the parameters are passed to the underlying function. -typedef HASH_START_METHOD_DEF; -typedef HASH_DATA_METHOD_DEF; -typedef HASH_END_METHOD_DEF; -typedef HASH_STATE_COPY_METHOD_DEF; -typedef HASH_STATE_EXPORT_METHOD_DEF; -typedef HASH_STATE_IMPORT_METHOD_DEF; - - -typedef struct _HASH_METHODS -{ - HASH_START_METHOD *start; - HASH_DATA_METHOD *data; - HASH_END_METHOD *end; - HASH_STATE_COPY_METHOD *copy; // Copy a hash block - HASH_STATE_EXPORT_METHOD *copyOut; // Copy a hash block from a hash - // context - HASH_STATE_IMPORT_METHOD *copyIn; // Copy a hash block to a proper hash - // context -} HASH_METHODS, *PHASH_METHODS; - -#if ALG_SHA1 - TPM2B_TYPE(SHA1_DIGEST, SHA1_DIGEST_SIZE); -#endif -#if ALG_SHA256 - TPM2B_TYPE(SHA256_DIGEST, SHA256_DIGEST_SIZE); -#endif -#if ALG_SHA384 - TPM2B_TYPE(SHA384_DIGEST, SHA384_DIGEST_SIZE); -#endif -#if ALG_SHA512 - TPM2B_TYPE(SHA512_DIGEST, SHA512_DIGEST_SIZE); -#endif -#if ALG_SM3_256 - TPM2B_TYPE(SM3_256_DIGEST, SM3_256_DIGEST_SIZE); -#endif - -// When the TPM implements RSA, the hash-dependent OID pointers are part of the -// HASH_DEF. These macros conditionally add the OID reference to the HASH_DEF and the -// HASH_DEF_TEMPLATE. -#if ALG_RSA -#define PKCS1_HASH_REF const BYTE *PKCS1; -#define PKCS1_OID(NAME) , OID_PKCS1_##NAME -#else -#define PKCS1_HASH_REF -#define PKCS1_OID(NAME) -#endif - -// When the TPM implements ECC, the hash-dependent OID pointers are part of the -// HASH_DEF. These macros conditionally add the OID reference to the HASH_DEF and the -// HASH_DEF_TEMPLATE. -#if ALG_ECDSA -#define ECDSA_HASH_REF const BYTE *ECDSA; -#define ECDSA_OID(NAME) , OID_ECDSA_##NAME -#else -#define ECDSA_HASH_REF -#define ECDSA_OID(NAME) -#endif - -typedef const struct HASH_DEF -{ - HASH_METHODS method; - uint16_t blockSize; - uint16_t digestSize; - uint16_t contextSize; - uint16_t hashAlg; - const BYTE *OID; - PKCS1_HASH_REF // PKCS1 OID - ECDSA_HASH_REF // ECDSA OID -} HASH_DEF, *PHASH_DEF; - -// Macro to fill in the HASH_DEF for an algorithm. For SHA1, the instance would be: -// HASH_DEF_TEMPLATE(Sha1, SHA1) -// This handles the difference in capitalization for the various pieces. -#define HASH_DEF_TEMPLATE(HASH, Hash) \ - HASH_DEF Hash##_Def= { \ - {(HASH_START_METHOD *)&tpmHashStart_##HASH, \ - (HASH_DATA_METHOD *)&tpmHashData_##HASH, \ - (HASH_END_METHOD *)&tpmHashEnd_##HASH, \ - (HASH_STATE_COPY_METHOD *)&tpmHashStateCopy_##HASH, \ - (HASH_STATE_EXPORT_METHOD *)&tpmHashStateExport_##HASH, \ - (HASH_STATE_IMPORT_METHOD *)&tpmHashStateImport_##HASH, \ - }, \ - HASH##_BLOCK_SIZE, /*block size */ \ - HASH##_DIGEST_SIZE, /*data size */ \ - sizeof(tpmHashState##HASH##_t), \ - TPM_ALG_##HASH, OID_##HASH \ - PKCS1_OID(HASH) ECDSA_OID(HASH)}; - -// These definitions are for the types that can be in a hash state structure. -// These types are used in the cryptographic utilities. This is a define rather than -// an enum so that the size of this field can be explicit. -typedef BYTE HASH_STATE_TYPE; -#define HASH_STATE_EMPTY ((HASH_STATE_TYPE) 0) -#define HASH_STATE_HASH ((HASH_STATE_TYPE) 1) -#define HASH_STATE_HMAC ((HASH_STATE_TYPE) 2) -#if CC_MAC || CC_MAC_Start -#define HASH_STATE_SMAC ((HASH_STATE_TYPE) 3) -#endif - - -// This is the structure that is used for passing a context into the hashing -// functions. It should be the same size as the function context used within -// the hashing functions. This is checked when the hash function is initialized. -// This version uses a new layout for the contexts and a different definition. The -// state buffer is an array of HASH_UNIT values so that a decent compiler will put -// the structure on a HASH_UNIT boundary. If the structure is not properly aligned, -// the code that manipulates the structure will copy to a properly aligned -// structure before it is used and copy the result back. This just makes things -// slower. -// NOTE: This version of the state had the pointer to the update method in the -// state. This is to allow the SMAC functions to use the same structure without -// having to replicate the entire HASH_DEF structure. -typedef struct _HASH_STATE -{ - HASH_STATE_TYPE type; // type of the context - TPM_ALG_ID hashAlg; - PHASH_DEF def; - ANY_HASH_STATE state; -} HASH_STATE, *PHASH_STATE; -typedef const HASH_STATE *PCHASH_STATE; - - -//** HMAC State Structures - -// An HMAC_STATE structure contains an opaque HMAC stack state. A caller would -// use this structure when performing incremental HMAC operations. This structure -// contains a hash state and an HMAC key and allows slightly better stack -// optimization than adding an HMAC key to each hash state. -typedef struct hmacState -{ - HASH_STATE hashState; // the hash state - TPM2B_HASH_BLOCK hmacKey; // the HMAC key -} HMAC_STATE, *PHMAC_STATE; - -// This is for the external hash state. This implementation assumes that the size -// of the exported hash state is no larger than the internal hash state. -typedef struct -{ - BYTE buffer[sizeof(HASH_STATE)]; -} EXPORT_HASH_STATE, *PEXPORT_HASH_STATE; - -typedef const EXPORT_HASH_STATE *PCEXPORT_HASH_STATE; - -#endif // _CRYPT_HASH_H diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CryptRand.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CryptRand.h deleted file mode 100644 index 60a8a0435..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CryptRand.h +++ /dev/null @@ -1,199 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Introduction -// This file contains constant definition shared by CryptUtil and the parts -// of the Crypto Engine. -// - -#ifndef _CRYPT_RAND_H -#define _CRYPT_RAND_H - - -//** DRBG Structures and Defines - -// Values and structures for the random number generator. These values are defined -// in this header file so that the size of the RNG state can be known to TPM.lib. -// This allows the allocation of some space in NV memory for the state to -// be stored on an orderly shutdown. - -// The DRBG based on a symmetric block cipher is defined by three values, -// 1) the key size -// 2) the block size (the IV size) -// 3) the symmetric algorithm - -#define DRBG_KEY_SIZE_BITS AES_MAX_KEY_SIZE_BITS -#define DRBG_IV_SIZE_BITS (AES_MAX_BLOCK_SIZE * 8) -#define DRBG_ALGORITHM TPM_ALG_AES - - -typedef tpmKeyScheduleAES DRBG_KEY_SCHEDULE; -#define DRBG_ENCRYPT_SETUP(key, keySizeInBits, schedule) \ - TpmCryptSetEncryptKeyAES(key, keySizeInBits, schedule) -#define DRBG_ENCRYPT(keySchedule, in, out) \ - TpmCryptEncryptAES(SWIZZLE(keySchedule, in, out)) - -#if ((DRBG_KEY_SIZE_BITS % RADIX_BITS) != 0) \ - || ((DRBG_IV_SIZE_BITS % RADIX_BITS) != 0) -#error "Key size and IV for DRBG must be even multiples of the radix" -#endif -#if (DRBG_KEY_SIZE_BITS % DRBG_IV_SIZE_BITS) != 0 -#error "Key size for DRBG must be even multiple of the cypher block size" -#endif - -// Derived values -#define DRBG_MAX_REQUESTS_PER_RESEED (1 << 48) -#define DRBG_MAX_REQEST_SIZE (1 << 32) - -#define pDRBG_KEY(seed) ((DRBG_KEY *)&(((BYTE *)(seed))[0])) -#define pDRBG_IV(seed) ((DRBG_IV *)&(((BYTE *)(seed))[DRBG_KEY_SIZE_BYTES])) - -#define DRBG_KEY_SIZE_WORDS (BITS_TO_CRYPT_WORDS(DRBG_KEY_SIZE_BITS)) -#define DRBG_KEY_SIZE_BYTES (DRBG_KEY_SIZE_WORDS * RADIX_BYTES) - -#define DRBG_IV_SIZE_WORDS (BITS_TO_CRYPT_WORDS(DRBG_IV_SIZE_BITS)) -#define DRBG_IV_SIZE_BYTES (DRBG_IV_SIZE_WORDS * RADIX_BYTES) - -#define DRBG_SEED_SIZE_WORDS (DRBG_KEY_SIZE_WORDS + DRBG_IV_SIZE_WORDS) -#define DRBG_SEED_SIZE_BYTES (DRBG_KEY_SIZE_BYTES + DRBG_IV_SIZE_BYTES) - - -typedef union -{ - BYTE bytes[DRBG_KEY_SIZE_BYTES]; - crypt_uword_t words[DRBG_KEY_SIZE_WORDS]; -} DRBG_KEY; - -typedef union -{ - BYTE bytes[DRBG_IV_SIZE_BYTES]; - crypt_uword_t words[DRBG_IV_SIZE_WORDS]; -} DRBG_IV; - -typedef union -{ - BYTE bytes[DRBG_SEED_SIZE_BYTES]; - crypt_uword_t words[DRBG_SEED_SIZE_WORDS]; -} DRBG_SEED; - -#define CTR_DRBG_MAX_REQUESTS_PER_RESEED ((UINT64)1 << 20) -#define CTR_DRBG_MAX_BYTES_PER_REQUEST (1 << 16) - -# define CTR_DRBG_MIN_ENTROPY_INPUT_LENGTH DRBG_SEED_SIZE_BYTES -# define CTR_DRBG_MAX_ENTROPY_INPUT_LENGTH DRBG_SEED_SIZE_BYTES -# define CTR_DRBG_MAX_ADDITIONAL_INPUT_LENGTH DRBG_SEED_SIZE_BYTES - -#define TESTING (1 << 0) -#define ENTROPY (1 << 1) -#define TESTED (1 << 2) - -#define IsTestStateSet(BIT) ((g_cryptoSelfTestState.rng & BIT) != 0) -#define SetTestStateBit(BIT) (g_cryptoSelfTestState.rng |= BIT) -#define ClearTestStateBit(BIT) (g_cryptoSelfTestState.rng &= ~BIT) - -#define IsSelfTest() IsTestStateSet(TESTING) -#define SetSelfTest() SetTestStateBit(TESTING) -#define ClearSelfTest() ClearTestStateBit(TESTING) - -#define IsEntropyBad() IsTestStateSet(ENTROPY) -#define SetEntropyBad() SetTestStateBit(ENTROPY) -#define ClearEntropyBad() ClearTestStateBit(ENTROPY) - -#define IsDrbgTested() IsTestStateSet(TESTED) -#define SetDrbgTested() SetTestStateBit(TESTED) -#define ClearDrbgTested() ClearTestStateBit(TESTED) - -typedef struct -{ - UINT64 reseedCounter; - UINT32 magic; - DRBG_SEED seed; // contains the key and IV for the counter mode DRBG - UINT32 lastValue[4]; // used when the TPM does continuous self-test - // for FIPS compliance of DRBG -} DRBG_STATE, *pDRBG_STATE; -#define DRBG_MAGIC ((UINT32) 0x47425244) // "DRBG" backwards so that it displays - -typedef struct -{ - UINT64 counter; - UINT32 magic; - UINT32 limit; - TPM2B *seed; - const TPM2B *label; - TPM2B *context; - TPM_ALG_ID hash; - TPM_ALG_ID kdf; - UINT16 digestSize; - TPM2B_DIGEST residual; -} KDF_STATE, *pKDR_STATE; -#define KDF_MAGIC ((UINT32) 0x4048444a) // "KDF " backwards - -// Make sure that any other structures added to this union start with a 64-bit -// counter and a 32-bit magic number -typedef union -{ - DRBG_STATE drbg; - KDF_STATE kdf; -} RAND_STATE; - -// This is the state used when the library uses a random number generator. -// A special function is installed for the library to call. That function -// picks up the state from this location and uses it for the generation -// of the random number. -extern RAND_STATE *s_random; - -// When instrumenting RSA key sieve -#if RSA_INSTRUMENT -#define PRIME_INDEX(x) ((x) == 512 ? 0 : (x) == 1024 ? 1 : 2) -# define INSTRUMENT_SET(a, b) ((a) = (b)) -# define INSTRUMENT_ADD(a, b) (a) = (a) + (b) -# define INSTRUMENT_INC(a) (a) = (a) + 1 - -extern UINT32 PrimeIndex; -extern UINT32 failedAtIteration[10]; -extern UINT32 PrimeCounts[3]; -extern UINT32 MillerRabinTrials[3]; -extern UINT32 totalFieldsSieved[3]; -extern UINT32 bitsInFieldAfterSieve[3]; -extern UINT32 emptyFieldsSieved[3]; -extern UINT32 noPrimeFields[3]; -extern UINT32 primesChecked[3]; -extern UINT16 lastSievePrime; -#else -# define INSTRUMENT_SET(a, b) -# define INSTRUMENT_ADD(a, b) -# define INSTRUMENT_INC(a) -#endif - -#endif // _CRYPT_RAND_H diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CryptRsa.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CryptRsa.h deleted file mode 100644 index 5d0aebdae..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CryptRsa.h +++ /dev/null @@ -1,69 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -// This file contains the RSA-related structures and defines. - -#ifndef _CRYPT_RSA_H -#define _CRYPT_RSA_H - -// These values are used in the bigNum representation of various RSA values. -BN_TYPE(rsa, MAX_RSA_KEY_BITS); -#define BN_RSA(name) BN_VAR(name, MAX_RSA_KEY_BITS) -#define BN_RSA_INITIALIZED(name, initializer) \ - BN_INITIALIZED(name, MAX_RSA_KEY_BITS, initializer) - -#define BN_PRIME(name) BN_VAR(name, (MAX_RSA_KEY_BITS / 2)) -BN_TYPE(prime, (MAX_RSA_KEY_BITS / 2)); -#define BN_PRIME_INITIALIZED(name, initializer) \ - BN_INITIALIZED(name, MAX_RSA_KEY_BITS / 2, initializer) - -#if !CRT_FORMAT_RSA -# error This verson only works with CRT formatted data -#endif // !CRT_FORMAT_RSA - -typedef struct privateExponent -{ - bigNum P; - bigNum Q; - bigNum dP; - bigNum dQ; - bigNum qInv; - bn_prime_t entries[5]; -} privateExponent; - -#define NEW_PRIVATE_EXPONENT(X) \ - privateExponent _##X; \ - privateExponent *X = RsaInitializeExponent(&(_##X)) - -#endif // _CRYPT_RSA_H diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CryptSym.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CryptSym.h deleted file mode 100644 index efbd24195..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CryptSym.h +++ /dev/null @@ -1,143 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Introduction -// -// This file contains the implementation of the symmetric block cipher modes -// allowed for a TPM. These functions only use the single block encryption functions -// of the selected symmetric cryptographic library. - -//** Includes, Defines, and Typedefs -#ifndef CRYPT_SYM_H -#define CRYPT_SYM_H - -typedef union tpmCryptKeySchedule_t { -#if ALG_AES - tpmKeyScheduleAES AES; -#endif -#if ALG_SM4 - tpmKeyScheduleSM4 SM4; -#endif -#if ALG_CAMELLIA - tpmKeyScheduleCAMELLIA CAMELLIA; -#endif - -#if ALG_TDES - tpmKeyScheduleTDES TDES[3]; -#endif -#if SYMMETRIC_ALIGNMENT == 8 - uint64_t alignment; -#else - uint32_t alignment; -#endif -} tpmCryptKeySchedule_t; - - -// Each block cipher within a library is expected to conform to the same calling -// conventions with three parameters ('keySchedule', 'in', and 'out') in the same -// order. That means that all algorithms would use the same order of the same -// parameters. The code is written assuming the ('keySchedule', 'in', and 'out') -// order. However, if the library uses a different order, the order can be changed -// with a SWIZZLE macro that puts the parameters in the correct order. -// Note that all algorithms have to use the same order and number of parameters -// because the code to build the calling list is common for each call to encrypt -// or decrypt with the algorithm chosen by setting a function pointer to select -// the algorithm that is used. - -# define ENCRYPT(keySchedule, in, out) \ - encrypt(SWIZZLE(keySchedule, in, out)) - -# define DECRYPT(keySchedule, in, out) \ - decrypt(SWIZZLE(keySchedule, in, out)) - - -// Note that the macros rely on 'encrypt' as local values in the -// functions that use these macros. Those parameters are set by the macro that -// set the key schedule to be used for the call. - - -#define ENCRYPT_CASE(ALG) \ - case TPM_ALG_##ALG: \ - TpmCryptSetEncryptKey##ALG(key, keySizeInBits, &keySchedule.ALG); \ - encrypt = (TpmCryptSetSymKeyCall_t)TpmCryptEncrypt##ALG; \ - break; -#define DECRYPT_CASE(ALG) \ - case TPM_ALG_##ALG: \ - TpmCryptSetDecryptKey##ALG(key, keySizeInBits, &keySchedule.ALG); \ - decrypt = (TpmCryptSetSymKeyCall_t)TpmCryptDecrypt##ALG; \ - break; - -#if ALG_AES -#define ENCRYPT_CASE_AES ENCRYPT_CASE(AES) -#define DECRYPT_CASE_AES DECRYPT_CASE(AES) -#else -#define ENCRYPT_CASE_AES -#define DECRYPT_CASE_AES -#endif -#if ALG_SM4 -#define ENCRYPT_CASE_SM4 ENCRYPT_CASE(SM4) -#define DECRYPT_CASE_SM4 DECRYPT_CASE(SM4) -#else -#define ENCRYPT_CASE_SM4 -#define DECRYPT_CASE_SM4 -#endif -#if ALG_CAMELLIA -#define ENCRYPT_CASE_CAMELLIA ENCRYPT_CASE(CAMELLIA) -#define DECRYPT_CASE_CAMELLIA DECRYPT_CASE(CAMELLIA) -#else -#define ENCRYPT_CASE_CAMELLIA -#define DECRYPT_CASE_CAMELLIA -#endif -#if ALG_TDES -#define ENCRYPT_CASE_TDES ENCRYPT_CASE(TDES) -#define DECRYPT_CASE_TDES DECRYPT_CASE(TDES) -#else -#define ENCRYPT_CASE_TDES -#define DECRYPT_CASE_TDES -#endif - -// For each algorithm the case will either be defined or null. -#define SELECT(direction) \ - switch(algorithm) \ - { \ - direction##_CASE_AES \ - direction##_CASE_SM4 \ - direction##_CASE_CAMELLIA \ - direction##_CASE_TDES \ - default: \ - FAIL(FATAL_ERROR_INTERNAL); \ - } - - -#endif // CRYPT_SYM_H \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CryptTest.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CryptTest.h deleted file mode 100644 index 4b0d16074..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CryptTest.h +++ /dev/null @@ -1,70 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -// This file contains constant definitions used for self-test. - -#ifndef _CRYPT_TEST_H -#define _CRYPT_TEST_H - -// This is the definition of a bit array with one bit per algorithm. -// NOTE: Since bit numbering starts at zero, when ALG_LAST_VALUE is a multiple of 8, -// ALGORITHM_VECTOR will need to have byte for the single bit in the last byte. So, -// for example, when ALG_LAST_VECTOR is 8, ALGORITHM_VECTOR will need 2 bytes. -#define ALGORITHM_VECTOR_BYTES ((ALG_LAST_VALUE + 8) / 8) -typedef BYTE ALGORITHM_VECTOR[ALGORITHM_VECTOR_BYTES]; - -#ifdef TEST_SELF_TEST -LIB_EXPORT extern ALGORITHM_VECTOR LibToTest; -#endif - -// This structure is used to contain self-test tracking information for the -// cryptographic modules. Each of the major modules is given a 32-bit value in -// which it may maintain its own self test information. The convention for this -// state is that when all of the bits in this structure are 0, all functions need -// to be tested. -typedef struct -{ - UINT32 rng; - UINT32 hash; - UINT32 sym; -#if ALG_RSA - UINT32 rsa; -#endif -#if ALG_ECC - UINT32 ecc; -#endif -} CRYPTO_SELF_TEST_STATE; - - -#endif // _CRYPT_TEST_H diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/EccTestData.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/EccTestData.h deleted file mode 100644 index f5680a75c..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/EccTestData.h +++ /dev/null @@ -1,158 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -// This file contains the parameter data for ECC testing. - -#ifdef SELF_TEST_DATA - -TPM2B_TYPE(EC_TEST, 32); -const TPM_ECC_CURVE c_testCurve = 00003; - -// The "static" key - -const TPM2B_EC_TEST c_ecTestKey_ds = {{32, { - 0xdf,0x8d,0xa4,0xa3,0x88,0xf6,0x76,0x96,0x89,0xfc,0x2f,0x2d,0xa1,0xb4,0x39,0x7a, - 0x78,0xc4,0x7f,0x71,0x8c,0xa6,0x91,0x85,0xc0,0xbf,0xf3,0x54,0x20,0x91,0x2f,0x73}}}; - -const TPM2B_EC_TEST c_ecTestKey_QsX = {{32, { - 0x17,0xad,0x2f,0xcb,0x18,0xd4,0xdb,0x3f,0x2c,0x53,0x13,0x82,0x42,0x97,0xff,0x8d, - 0x99,0x50,0x16,0x02,0x35,0xa7,0x06,0xae,0x1f,0xda,0xe2,0x9c,0x12,0x77,0xc0,0xf9}}}; - -const TPM2B_EC_TEST c_ecTestKey_QsY = {{32, { - 0xa6,0xca,0xf2,0x18,0x45,0x96,0x6e,0x58,0xe6,0x72,0x34,0x12,0x89,0xcd,0xaa,0xad, - 0xcb,0x68,0xb2,0x51,0xdc,0x5e,0xd1,0x6d,0x38,0x20,0x35,0x57,0xb2,0xfd,0xc7,0x52}}}; - -// The "ephemeral" key - -const TPM2B_EC_TEST c_ecTestKey_de = {{32, { - 0xb6,0xb5,0x33,0x5c,0xd1,0xee,0x52,0x07,0x99,0xea,0x2e,0x8f,0x8b,0x19,0x18,0x07, - 0xc1,0xf8,0xdf,0xdd,0xb8,0x77,0x00,0xc7,0xd6,0x53,0x21,0xed,0x02,0x53,0xee,0xac}}}; - -const TPM2B_EC_TEST c_ecTestKey_QeX = {{32, { - 0xa5,0x1e,0x80,0xd1,0x76,0x3e,0x8b,0x96,0xce,0xcc,0x21,0x82,0xc9,0xa2,0xa2,0xed, - 0x47,0x21,0x89,0x53,0x44,0xe9,0xc7,0x92,0xe7,0x31,0x48,0x38,0xe6,0xea,0x93,0x47}}}; - -const TPM2B_EC_TEST c_ecTestKey_QeY = {{32, { - 0x30,0xe6,0x4f,0x97,0x03,0xa1,0xcb,0x3b,0x32,0x2a,0x70,0x39,0x94,0xeb,0x4e,0xea, - 0x55,0x88,0x81,0x3f,0xb5,0x00,0xb8,0x54,0x25,0xab,0xd4,0xda,0xfd,0x53,0x7a,0x18}}}; - -// ECDH test results -const TPM2B_EC_TEST c_ecTestEcdh_X = {{32, { - 0x64,0x02,0x68,0x92,0x78,0xdb,0x33,0x52,0xed,0x3b,0xfa,0x3b,0x74,0xa3,0x3d,0x2c, - 0x2f,0x9c,0x59,0x03,0x07,0xf8,0x22,0x90,0xed,0xe3,0x45,0xf8,0x2a,0x0a,0xd8,0x1d}}}; - -const TPM2B_EC_TEST c_ecTestEcdh_Y = {{32, { - 0x58,0x94,0x05,0x82,0xbe,0x5f,0x33,0x02,0x25,0x90,0x3a,0x33,0x90,0x89,0xe3,0xe5, - 0x10,0x4a,0xbc,0x78,0xa5,0xc5,0x07,0x64,0xaf,0x91,0xbc,0xe6,0xff,0x85,0x11,0x40}}}; - -TPM2B_TYPE(TEST_VALUE, 64); -const TPM2B_TEST_VALUE c_ecTestValue = {{64, { - 0x78,0xd5,0xd4,0x56,0x43,0x61,0xdb,0x97,0xa4,0x32,0xc4,0x0b,0x06,0xa9,0xa8,0xa0, - 0xf4,0x45,0x7f,0x13,0xd8,0x13,0x81,0x0b,0xe5,0x76,0xbe,0xaa,0xb6,0x3f,0x8d,0x4d, - 0x23,0x65,0xcc,0xa7,0xc9,0x19,0x10,0xce,0x69,0xcb,0x0c,0xc7,0x11,0x8d,0xc3,0xff, - 0x62,0x69,0xa2,0xbe,0x46,0x90,0xe7,0x7d,0x81,0x77,0x94,0x65,0x1c,0x3e,0xc1,0x3e}}}; - -#if ALG_SHA1_VALUE == DEFAULT_TEST_HASH - -const TPM2B_EC_TEST c_TestEcDsa_r = {{32, { - 0x57,0xf3,0x36,0xb7,0xec,0xc2,0xdd,0x76,0x0e,0xe2,0x81,0x21,0x49,0xc5,0x66,0x11, - 0x4b,0x8a,0x4f,0x17,0x62,0x82,0xcc,0x06,0xf6,0x64,0x78,0xef,0x6b,0x7c,0xf2,0x6c}}}; -const TPM2B_EC_TEST c_TestEcDsa_s = {{32, { - 0x1b,0xed,0x23,0x72,0x8f,0x17,0x5f,0x47,0x2e,0xa7,0x97,0x2c,0x51,0x57,0x20,0x70, - 0x6f,0x89,0x74,0x8a,0xa8,0xf4,0x26,0xf4,0x96,0xa1,0xb8,0x3e,0xe5,0x35,0xc5,0x94}}}; - -const TPM2B_EC_TEST c_TestEcSchnorr_r = {{32,{ - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x1b,0x08,0x9f,0xde, - 0xef,0x62,0xe3,0xf1,0x14,0xcb,0x54,0x28,0x13,0x76,0xfc,0x6d,0x69,0x22,0xb5,0x3e}}}; -const TPM2B_EC_TEST c_TestEcSchnorr_s = {{32,{ - 0xd9,0xd3,0x20,0xfb,0x4d,0x16,0xf2,0xe6,0xe2,0x45,0x07,0x45,0x1c,0x92,0x92,0x92, - 0xa9,0x6b,0x48,0xf8,0xd1,0x98,0x29,0x4d,0xd3,0x8f,0x56,0xf2,0xbb,0x2e,0x22,0x3b}}}; - -#endif // SHA1 - -#if ALG_SHA256_VALUE == DEFAULT_TEST_HASH - -const TPM2B_EC_TEST c_TestEcDsa_r = {{32, { - 0x04,0x7d,0x54,0xeb,0x04,0x6f,0x56,0xec,0xa2,0x6c,0x38,0x8c,0xeb,0x43,0x0b,0x71, - 0xf8,0xf2,0xf4,0xa5,0xe0,0x1d,0x3c,0xa2,0x39,0x31,0xe4,0xe7,0x36,0x3b,0xb5,0x5f}}}; -const TPM2B_EC_TEST c_TestEcDsa_s = {{32, { - 0x8f,0xd0,0x12,0xd9,0x24,0x75,0xf6,0xc4,0x3b,0xb5,0x46,0x75,0x3a,0x41,0x8d,0x80, - 0x23,0x99,0x38,0xd7,0xe2,0x40,0xca,0x9a,0x19,0x2a,0xfc,0x54,0x75,0xd3,0x4a,0x6e}}}; - -const TPM2B_EC_TEST c_TestEcSchnorr_r = {{32, { - 0xf7,0xb9,0x15,0x4c,0x34,0xf6,0x41,0x19,0xa3,0xd2,0xf1,0xbd,0xf4,0x13,0x6a,0x4f, - 0x63,0xb8,0x4d,0xb5,0xc8,0xcd,0xde,0x85,0x95,0xa5,0x39,0x0a,0x14,0x49,0x3d,0x2f}}}; -const TPM2B_EC_TEST c_TestEcSchnorr_s = {{32,{ - 0xfe,0xbe,0x17,0xaa,0x31,0x22,0x9f,0xd0,0xd2,0xf5,0x25,0x04,0x92,0xb0,0xaa,0x4e, - 0xcc,0x1c,0xb6,0x79,0xd6,0x42,0xb3,0x4e,0x3f,0xbb,0xfe,0x5f,0xd0,0xd0,0x8b,0xc3}}}; - -#endif // SHA256 - -#if ALG_SHA384_VALUE == DEFAULT_TEST_HASH - -const TPM2B_EC_TEST c_TestEcDsa_r = {{32, { - 0xf5,0x74,0x6d,0xd6,0xc6,0x56,0x86,0xbb,0xba,0x1c,0xba,0x75,0x65,0xee,0x64,0x31, - 0xce,0x04,0xe3,0x9f,0x24,0x3f,0xbd,0xfe,0x04,0xcd,0xab,0x7e,0xfe,0xad,0xcb,0x82}}}; -const TPM2B_EC_TEST c_TestEcDsa_s = {{32, { - 0xc2,0x4f,0x32,0xa1,0x06,0xc0,0x85,0x4f,0xc6,0xd8,0x31,0x66,0x91,0x9f,0x79,0xcd, - 0x5b,0xe5,0x7b,0x94,0xa1,0x91,0x38,0xac,0xd4,0x20,0xa2,0x10,0xf0,0xd5,0x9d,0xbf}}}; - -const TPM2B_EC_TEST c_TestEcSchnorr_r = {{32, { - 0x1e,0xb8,0xe1,0xbf,0xa1,0x9e,0x39,0x1e,0x58,0xa2,0xe6,0x59,0xd0,0x1a,0x6a,0x03, - 0x6a,0x1f,0x1c,0x4f,0x36,0x19,0xc1,0xec,0x30,0xa4,0x85,0x1b,0xe9,0x74,0x35,0x66}}}; -const TPM2B_EC_TEST c_TestEcSchnorr_s = {{32,{ - 0xb9,0xe6,0xe3,0x7e,0xcb,0xb9,0xea,0xf1,0xcc,0xf4,0x48,0x44,0x4a,0xda,0xc8,0xd7, - 0x87,0xb4,0xba,0x40,0xfe,0x5b,0x68,0x11,0x14,0xcf,0xa0,0x0e,0x85,0x46,0x99,0x01}}}; - -#endif // SHA384 - -#if ALG_SHA512_VALUE == DEFAULT_TEST_HASH - -const TPM2B_EC_TEST c_TestEcDsa_r = {{32, { - 0xc9,0x71,0xa6,0xb4,0xaf,0x46,0x26,0x8c,0x27,0x00,0x06,0x3b,0x00,0x0f,0xa3,0x17, - 0x72,0x48,0x40,0x49,0x4d,0x51,0x4f,0xa4,0xcb,0x7e,0x86,0xe9,0xe7,0xb4,0x79,0xb2}}}; -const TPM2B_EC_TEST c_TestEcDsa_s = {{32,{ - 0x87,0xbc,0xc0,0xed,0x74,0x60,0x9e,0xfa,0x4e,0xe8,0x16,0xf3,0xf9,0x6b,0x26,0x07, - 0x3c,0x74,0x31,0x7e,0xf0,0x62,0x46,0xdc,0xd6,0x45,0x22,0x47,0x3e,0x0c,0xa0,0x02}}}; - -const TPM2B_EC_TEST c_TestEcSchnorr_r = {{32,{ - 0xcc,0x07,0xad,0x65,0x91,0xdd,0xa0,0x10,0x23,0xae,0x53,0xec,0xdf,0xf1,0x50,0x90, - 0x16,0x96,0xf4,0x45,0x09,0x73,0x9c,0x84,0xb5,0x5c,0x5f,0x08,0x51,0xcb,0x60,0x01}}}; -const TPM2B_EC_TEST c_TestEcSchnorr_s = {{32,{ - 0x55,0x20,0x21,0x54,0xe2,0x49,0x07,0x47,0x71,0xf4,0x99,0x15,0x54,0xf3,0xab,0x14, - 0xdb,0x8e,0xda,0x79,0xb6,0x02,0x0e,0xe3,0x5e,0x6f,0x2c,0xb6,0x05,0xbd,0x14,0x10}}}; - -#endif // SHA512 - -#endif // SELF_TEST_DATA diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Global.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Global.h deleted file mode 100644 index 09bf6fc41..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Global.h +++ /dev/null @@ -1,1439 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -//** Description - -// This file contains internal global type definitions and data declarations that -// are need between subsystems. The instantiation of global data is in Global.c. -// The initialization of global data is in the subsystem that is the primary owner -// of the data. -// -// The first part of this file has the typedefs for structures and other defines -// used in many portions of the code. After the typedef section, is a section that -// defines global values that are only present in RAM. The next three sections -// define the structures for the NV data areas: persistent, orderly, and state -// save. Additional sections define the data that is used in specific modules. That -// data is private to the module but is collected here to simplify the management -// of the instance data. -// All the data is instanced in Global.c. -#if !defined _TPM_H_ -#error "Should only be instanced in TPM.h" -#endif - - -//** Includes - -#ifndef GLOBAL_H -#define GLOBAL_H - -#ifdef GLOBAL_C -#define EXTERN -#define INITIALIZER(_value_) = _value_ -#else -#define EXTERN extern -#define INITIALIZER(_value_) -#endif - -_REDUCE_WARNING_LEVEL_(2) -#include -#include -_NORMAL_WARNING_LEVEL_ - -#if SIMULATION -#undef CONTEXT_SLOT -# define CONTEXT_SLOT UINT8 -#endif -#include "Capabilities.h" -#include "TpmTypes.h" -#include "CommandAttributes.h" -#include "CryptTest.h" -#include "BnValues.h" -#include "CryptHash.h" -#include "CryptSym.h" -#include "CryptRand.h" -#include "CryptEcc.h" -#include "CryptRsa.h" -#include "CryptTest.h" -#include "TpmError.h" -#include "NV.h" - -//** Defines and Types - -//*** Size Types -// These types are used to differentiate the two different size values used. -// -// NUMBYTES is used when a size is a number of bytes (usually a TPM2B) -typedef UINT16 NUMBYTES; - -//*** Other Types -// An AUTH_VALUE is a BYTE array containing a digest (TPMU_HA) -typedef BYTE AUTH_VALUE[sizeof(TPMU_HA)]; - -// A TIME_INFO is a BYTE array that can contain a TPMS_TIME_INFO -typedef BYTE TIME_INFO[sizeof(TPMS_TIME_INFO)]; - -// A NAME is a BYTE array that can contain a TPMU_NAME -typedef BYTE NAME[sizeof(TPMU_NAME)]; - -// Definition for a PROOF value -TPM2B_TYPE(PROOF, PROOF_SIZE); - -// Definition for a Primary Seed value -TPM2B_TYPE(SEED, PRIMARY_SEED_SIZE); - - -// A CLOCK_NONCE is used to tag the time value in the authorization session and -// in the ticket computation so that the ticket expires when there is a time -// discontinuity. When the clock stops during normal operation, the nonce is -// 64-bit value kept in RAM but it is a 32-bit counter when the clock only stops -// during power events. -#if CLOCK_STOPS -typedef UINT64 CLOCK_NONCE; -#else -typedef UINT32 CLOCK_NONCE; -#endif - -//** Loaded Object Structures -//*** Description -// The structures in this section define the object layout as it exists in TPM -// memory. -// -// Two types of objects are defined: an ordinary object such as a key, and a -// sequence object that may be a hash, HMAC, or event. -// -//*** OBJECT_ATTRIBUTES -// An OBJECT_ATTRIBUTES structure contains the variable attributes of an object. -// These properties are not part of the public properties but are used by the -// TPM in managing the object. An OBJECT_ATTRIBUTES is used in the definition of -// the OBJECT data type. - -typedef struct -{ - unsigned publicOnly : 1; //0) SET if only the public portion of - // an object is loaded - unsigned epsHierarchy : 1; //1) SET if the object belongs to EPS - // Hierarchy - unsigned ppsHierarchy : 1; //2) SET if the object belongs to PPS - // Hierarchy - unsigned spsHierarchy : 1; //3) SET f the object belongs to SPS - // Hierarchy - unsigned evict : 1; //4) SET if the object is a platform or - // owner evict object. Platform- - // evict object belongs to PPS - // hierarchy, owner-evict object - // belongs to SPS or EPS hierarchy. - // This bit is also used to mark a - // completed sequence object so it - // will be flush when the - // SequenceComplete command succeeds. - unsigned primary : 1; //5) SET for a primary object - unsigned temporary : 1; //6) SET for a temporary object - unsigned stClear : 1; //7) SET for an stClear object - unsigned hmacSeq : 1; //8) SET for an HMAC or MAC sequence - // object - unsigned hashSeq : 1; //9) SET for a hash sequence object - unsigned eventSeq : 1; //10) SET for an event sequence object - unsigned ticketSafe : 1; //11) SET if a ticket is safe to create - // for hash sequence object - unsigned firstBlock : 1; //12) SET if the first block of hash - // data has been received. It - // works with ticketSafe bit - unsigned isParent : 1; //13) SET if the key has the proper - // attributes to be a parent key -// unsigned privateExp : 1; //14) SET when the private exponent -// // of an RSA key has been validated. - unsigned not_used_14 : 1; - unsigned occupied : 1; //15) SET when the slot is occupied. - unsigned derivation : 1; //16) SET when the key is a derivation - // parent - unsigned external : 1; //17) SET when the object is loaded with - // TPM2_LoadExternal(); -} OBJECT_ATTRIBUTES; - -#if ALG_RSA -// There is an overload of the sensitive.rsa.t.size field of a TPMT_SENSITIVE when an -// RSA key is loaded. When the sensitive->sensitive contains an RSA key with all of -// the CRT values, then the MSB of the size field will be set to indicate that the -// buffer contains all 5 of the CRT private key values. -#define RSA_prime_flag 0x8000 -#endif - - -//*** OBJECT Structure -// An OBJECT structure holds the object public, sensitive, and meta-data -// associated. This structure is implementation dependent. For this -// implementation, the structure is not optimized for space but rather -// for clarity of the reference implementation. Other implementations -// may choose to overlap portions of the structure that are not used -// simultaneously. These changes would necessitate changes to the source -// code but those changes would be compatible with the reference -// implementation. - -typedef struct OBJECT -{ - // The attributes field is required to be first followed by the publicArea. - // This allows the overlay of the object structure and a sequence structure - OBJECT_ATTRIBUTES attributes; // object attributes - TPMT_PUBLIC publicArea; // public area of an object - TPMT_SENSITIVE sensitive; // sensitive area of an object - TPM2B_NAME qualifiedName; // object qualified name - TPMI_DH_OBJECT evictHandle; // if the object is an evict object, - // the original handle is kept here. - // The 'working' handle will be the - // handle of an object slot. - TPM2B_NAME name; // Name of the object name. Kept here - // to avoid repeatedly computing it. -} OBJECT; - -//*** HASH_OBJECT Structure -// This structure holds a hash sequence object or an event sequence object. -// -// The first four components of this structure are manually set to be the same as -// the first four components of the object structure. This prevents the object -// from being inadvertently misused as sequence objects occupy the same memory as -// a regular object. A debug check is present to make sure that the offsets are -// what they are supposed to be. -// NOTE: In a future version, this will probably be renamed as SEQUENCE_OBJECT -typedef struct HASH_OBJECT -{ - OBJECT_ATTRIBUTES attributes; // The attributes of the HASH object - TPMI_ALG_PUBLIC type; // algorithm - TPMI_ALG_HASH nameAlg; // name algorithm - TPMA_OBJECT objectAttributes; // object attributes - - // The data below is unique to a sequence object - TPM2B_AUTH auth; // authorization for use of sequence - union - { - HASH_STATE hashState[HASH_COUNT]; - HMAC_STATE hmacState; - } state; -} HASH_OBJECT; - -typedef BYTE HASH_OBJECT_BUFFER[sizeof(HASH_OBJECT)]; - -//*** ANY_OBJECT -// This is the union for holding either a sequence object or a regular object. -// for ContextSave and ContextLoad -typedef union ANY_OBJECT -{ - OBJECT entity; - HASH_OBJECT hash; -} ANY_OBJECT; - -typedef BYTE ANY_OBJECT_BUFFER[sizeof(ANY_OBJECT)]; - -//**AUTH_DUP Types -// These values are used in the authorization processing. - -typedef UINT32 AUTH_ROLE; -#define AUTH_NONE ((AUTH_ROLE)(0)) -#define AUTH_USER ((AUTH_ROLE)(1)) -#define AUTH_ADMIN ((AUTH_ROLE)(2)) -#define AUTH_DUP ((AUTH_ROLE)(3)) - -//** Active Session Context -//*** Description -// The structures in this section define the internal structure of a session -// context. -// -//*** SESSION_ATTRIBUTES -// The attributes in the SESSION_ATTRIBUTES structure track the various properties -// of the session. It maintains most of the tracking state information for the -// policy session. It is used within the SESSION structure. - -typedef struct SESSION_ATTRIBUTES -{ - unsigned isPolicy : 1; //1) SET if the session may only be used - // for policy - unsigned isAudit : 1; //2) SET if the session is used for audit - unsigned isBound : 1; //3) SET if the session is bound to with an - // entity. This attribute will be CLEAR - // if either isPolicy or isAudit is SET. - unsigned isCpHashDefined : 1; //3) SET if the cpHash has been defined - // This attribute is not SET unless - // 'isPolicy' is SET. - unsigned isAuthValueNeeded : 1; //5) SET if the authValue is required for - // computing the session HMAC. This - // attribute is not SET unless 'isPolicy' - // is SET. - unsigned isPasswordNeeded : 1; //6) SET if a password authValue is required - // for authorization This attribute is not - // SET unless 'isPolicy' is SET. - unsigned isPPRequired : 1; //7) SET if physical presence is required to - // be asserted when the authorization is - // checked. This attribute is not SET - // unless 'isPolicy' is SET. - unsigned isTrialPolicy : 1; //8) SET if the policy session is created - // for trial of the policy's policyHash - // generation. This attribute is not SET - // unless 'isPolicy' is SET. - unsigned isDaBound : 1; //9) SET if the bind entity had noDA CLEAR. - // If this is SET, then an authorization - // failure using this session will count - // against lockout even if the object - // being authorized is exempt from DA. - unsigned isLockoutBound : 1; //10) SET if the session is bound to - // lockoutAuth. - unsigned includeAuth : 1; //11) This attribute is SET when the - // authValue of an object is to be - // included in the computation of the - // HMAC key for the command and response - // computations. (was 'requestWasBound') - unsigned checkNvWritten : 1; //12) SET if the TPMA_NV_WRITTEN attribute - // needs to be checked when the policy is - // used for authorization for NV access. - // If this is SET for any other type, the - // policy will fail. - unsigned nvWrittenState : 1; //13) SET if TPMA_NV_WRITTEN is required to - // be SET. Used when 'checkNvWritten' is - // SET - unsigned isTemplateSet : 1; //14) SET if the templateHash needs to be - // checked for Create, CreatePrimary, or - // CreateLoaded. -} SESSION_ATTRIBUTES; - -//*** SESSION Structure -// The SESSION structure contains all the context of a session except for the -// associated contextID. -// -// Note: The contextID of a session is only relevant when the session context -// is stored off the TPM. - -typedef struct SESSION -{ - SESSION_ATTRIBUTES attributes; // session attributes - UINT32 pcrCounter; // PCR counter value when PCR is - // included (policy session) - // If no PCR is included, this - // value is 0. - UINT64 startTime; // The value in g_time when the session - // was started (policy session) - UINT64 timeout; // The timeout relative to g_time - // There is no timeout if this value - // is 0. - CLOCK_NONCE epoch; // The g_clockEpoch value when the - // session was started. If g_clockEpoch - // does not match this value when the - // timeout is used, then - // then the command will fail. - TPM_CC commandCode; // command code (policy session) - TPM_ALG_ID authHashAlg; // session hash algorithm - TPMA_LOCALITY commandLocality; // command locality (policy session) - TPMT_SYM_DEF symmetric; // session symmetric algorithm (if any) - TPM2B_AUTH sessionKey; // session secret value used for - // this session - TPM2B_NONCE nonceTPM; // last TPM-generated nonce for - // generating HMAC and encryption keys - union - { - TPM2B_NAME boundEntity; // value used to track the entity to - // which the session is bound - - TPM2B_DIGEST cpHash; // the required cpHash value for the - // command being authorized - TPM2B_DIGEST nameHash; // the required nameHash - TPM2B_DIGEST templateHash; // the required template for creation - } u1; - - union - { - TPM2B_DIGEST auditDigest; // audit session digest - TPM2B_DIGEST policyDigest; // policyHash - } u2; // audit log and policyHash may - // share space to save memory -} SESSION; - -#define EXPIRES_ON_RESET INT32_MIN -#define TIMEOUT_ON_RESET UINT64_MAX -#define EXPIRES_ON_RESTART (INT32_MIN + 1) -#define TIMEOUT_ON_RESTART (UINT64_MAX - 1) - -typedef BYTE SESSION_BUF[sizeof(SESSION)]; - -//********************************************************************************* -//** PCR -//********************************************************************************* -//***PCR_SAVE Structure -// The PCR_SAVE structure type contains the PCR data that are saved across power -// cycles. Only the static PCR are required to be saved across power cycles. The -// DRTM and resettable PCR are not saved. The number of static and resettable PCR -// is determined by the platform-specific specification to which the TPM is built. - -typedef struct PCR_SAVE -{ -#if ALG_SHA1 - BYTE sha1[NUM_STATIC_PCR][SHA1_DIGEST_SIZE]; -#endif -#if ALG_SHA256 - BYTE sha256[NUM_STATIC_PCR][SHA256_DIGEST_SIZE]; -#endif -#if ALG_SHA384 - BYTE sha384[NUM_STATIC_PCR][SHA384_DIGEST_SIZE]; -#endif -#if ALG_SHA512 - BYTE sha512[NUM_STATIC_PCR][SHA512_DIGEST_SIZE]; -#endif -#if ALG_SM3_256 - BYTE sm3_256[NUM_STATIC_PCR][SM3_256_DIGEST_SIZE]; -#endif - - // This counter increments whenever the PCR are updated. - // NOTE: A platform-specific specification may designate - // certain PCR changes as not causing this counter - // to increment. - UINT32 pcrCounter; -} PCR_SAVE; - -//***PCR_POLICY -#if defined NUM_POLICY_PCR_GROUP && NUM_POLICY_PCR_GROUP > 0 -// This structure holds the PCR policies, one for each group of PCR controlled -// by policy. -typedef struct PCR_POLICY -{ - TPMI_ALG_HASH hashAlg[NUM_POLICY_PCR_GROUP]; - TPM2B_DIGEST a; - TPM2B_DIGEST policy[NUM_POLICY_PCR_GROUP]; -} PCR_POLICY; -#endif - -//***PCR_AUTHVALUE -// This structure holds the PCR policies, one for each group of PCR controlled -// by policy. -typedef struct PCR_AUTH_VALUE -{ - TPM2B_DIGEST auth[NUM_AUTHVALUE_PCR_GROUP]; -} PCR_AUTHVALUE; - - - -//**STARTUP_TYPE -// This enumeration is the possible startup types. The type is determined -// by the combination of TPM2_ShutDown and TPM2_Startup. -typedef enum -{ - SU_RESET, - SU_RESTART, - SU_RESUME -} STARTUP_TYPE; - -//**NV - -//***NV_INDEX -// The NV_INDEX structure defines the internal format for an NV index. -// The 'indexData' size varies according to the type of the index. -// In this implementation, all of the index is manipulated as a unit. -typedef struct NV_INDEX -{ - TPMS_NV_PUBLIC publicArea; - TPM2B_AUTH authValue; -} NV_INDEX; - -//*** NV_REF -// An NV_REF is an opaque value returned by the NV subsystem. It is used to -// reference and NV Index in a relatively efficient way. Rather than having to -// continually search for an Index, its reference value may be used. In this -// implementation, an NV_REF is a byte pointer that points to the copy of the -// NV memory that is kept in RAM. -typedef UINT32 NV_REF; - -typedef BYTE *NV_RAM_REF; -//***NV_PIN -// This structure deals with the possible endianess differences between the -// canonical form of the TPMS_NV_PIN_COUNTER_PARAMETERS structure and the internal -// value. The structures allow the data in a PIN index to be read as an 8-octet -// value using NvReadUINT64Data(). That function will byte swap all the values on a -// little endian system. This will put the bytes with the 4-octet values in the -// correct order but will swap the pinLimit and pinCount values. When written, the -// PIN index is simply handled as a normal index with the octets in canonical order. -#if BIG_ENDIAN_TPM -typedef struct -{ - UINT32 pinCount; - UINT32 pinLimit; -} PIN_DATA; -#else -typedef struct -{ - UINT32 pinLimit; - UINT32 pinCount; -} PIN_DATA; -#endif - -typedef union -{ - UINT64 intVal; - PIN_DATA pin; -} NV_PIN; - -//**COMMIT_INDEX_MASK -// This is the define for the mask value that is used when manipulating -// the bits in the commit bit array. The commit counter is a 64-bit -// value and the low order bits are used to index the commitArray. -// This mask value is applied to the commit counter to extract the -// bit number in the array. -#if ALG_ECC - -#define COMMIT_INDEX_MASK ((UINT16)((sizeof(gr.commitArray)*8)-1)) - -#endif - -//***************************************************************************** -//***************************************************************************** -//** RAM Global Values -//***************************************************************************** -//***************************************************************************** -//*** Description -// The values in this section are only extant in RAM or ROM as constant values. - -//*** Crypto Self-Test Values -EXTERN ALGORITHM_VECTOR g_implementedAlgorithms; -EXTERN ALGORITHM_VECTOR g_toTest; - -//*** g_rcIndex[] -// This array is used to contain the array of values that are added to a return -// code when it is a parameter-, handle-, or session-related error. -// This is an implementation choice and the same result can be achieved by using -// a macro. -#define g_rcIndexInitializer { TPM_RC_1, TPM_RC_2, TPM_RC_3, TPM_RC_4, \ - TPM_RC_5, TPM_RC_6, TPM_RC_7, TPM_RC_8, \ - TPM_RC_9, TPM_RC_A, TPM_RC_B, TPM_RC_C, \ - TPM_RC_D, TPM_RC_E, TPM_RC_F } -EXTERN const UINT16 g_rcIndex[15] INITIALIZER(g_rcIndexInitializer); - -//*** g_exclusiveAuditSession -// This location holds the session handle for the current exclusive audit -// session. If there is no exclusive audit session, the location is set to -// TPM_RH_UNASSIGNED. -EXTERN TPM_HANDLE g_exclusiveAuditSession; - -//*** g_time -// This is the value in which we keep the current command time. This is initialized -// at the start of each command. The time is the accumulated time since the last -// time that the TPM's timer was last powered up. Clock is the accumulated time -// since the last time that the TPM was cleared. g_time is in mS. -EXTERN UINT64 g_time; - -//*** g_timeEpoch -// This value contains the current clock Epoch. It changes when there is a clock -// discontinuity. It may be necessary to place this in NV should the timer be able -// to run across a power down of the TPM but not in all cases (e.g. dead battery). -// If the nonce is placed in NV, it should go in gp because it should be changing -// slowly. -#if CLOCK_STOPS -EXTERN CLOCK_NONCE g_timeEpoch; -#else -#define g_timeEpoch gp.timeEpoch -#endif - - -//*** g_phEnable -// This is the platform hierarchy control and determines if the platform hierarchy -// is available. This value is SET on each TPM2_Startup(). The default value is -// SET. -EXTERN BOOL g_phEnable; - -//*** g_pcrReConfig -// This value is SET if a TPM2_PCR_Allocate command successfully executed since -// the last TPM2_Startup(). If so, then the next shutdown is required to be -// Shutdown(CLEAR). -EXTERN BOOL g_pcrReConfig; - -//*** g_DRTMHandle -// This location indicates the sequence object handle that holds the DRTM -// sequence data. When not used, it is set to TPM_RH_UNASSIGNED. A sequence -// DRTM sequence is started on either _TPM_Init or _TPM_Hash_Start. -EXTERN TPMI_DH_OBJECT g_DRTMHandle; - -//*** g_DrtmPreStartup -// This value indicates that an H-CRTM occurred after _TPM_Init but before -// TPM2_Startup(). The define for PRE_STARTUP_FLAG is used to add the -// g_DrtmPreStartup value to gp_orderlyState at shutdown. This hack is to avoid -// adding another NV variable. -EXTERN BOOL g_DrtmPreStartup; - -//*** g_StartupLocality3 -// This value indicates that a TPM2_Startup() occurred at locality 3. Otherwise, it -// at locality 0. The define for STARTUP_LOCALITY_3 is to -// indicate that the startup was not at locality 0. This hack is to avoid -// adding another NV variable. -EXTERN BOOL g_StartupLocality3; - -//***TPM_SU_NONE -// Part 2 defines the two shutdown/startup types that may be used in -// TPM2_Shutdown() and TPM2_Starup(). This additional define is -// used by the TPM to indicate that no shutdown was received. -// NOTE: This is a reserved value. -#define SU_NONE_VALUE (0xFFFF) -#define TPM_SU_NONE (TPM_SU)(SU_NONE_VALUE) - -//*** TPM_SU_DA_USED -// As with TPM_SU_NONE, this value is added to allow indication that the shutdown -// was not orderly and that a DA=protected object was reference during the previous -// cycle. -#define SU_DA_USED_VALUE (SU_NONE_VALUE - 1) -#define TPM_SU_DA_USED (TPM_SU)(SU_DA_USED_VALUE) - - - -//*** Startup Flags -// These flags are included in gp.orderlyState. These are hacks and are being -// used to avoid having to change the layout of gp. The PRE_STARTUP_FLAG indicates -// that a _TPM_Hash_Start/_Data/_End sequence was received after _TPM_Init but -// before TPM2_StartUp(). STARTUP_LOCALITY_3 indicates that the last TPM2_Startup() -// was received at locality 3. These flags are only relevant if after a -// TPM2_Shutdown(STATE). -#define PRE_STARTUP_FLAG 0x8000 -#define STARTUP_LOCALITY_3 0x4000 - -#if USE_DA_USED -//*** g_daUsed -// This location indicates if a DA-protected value is accessed during a boot -// cycle. If none has, then there is no need to increment 'failedTries' on the -// next non-orderly startup. This bit is merged with gp.orderlyState when that -// gp.orderly is set to SU_NONE_VALUE -EXTERN BOOL g_daUsed; -#endif - -//*** g_updateNV -// This flag indicates if NV should be updated at the end of a command. -// This flag is set to UT_NONE at the beginning of each command in ExecuteCommand(). -// This flag is checked in ExecuteCommand() after the detailed actions of a command -// complete. If the command execution was successful and this flag is not UT_NONE, -// any pending NV writes will be committed to NV. -// UT_ORDERLY causes any RAM data to be written to the orderly space for staging -// the write to NV. -typedef BYTE UPDATE_TYPE; -#define UT_NONE (UPDATE_TYPE)0 -#define UT_NV (UPDATE_TYPE)1 -#define UT_ORDERLY (UPDATE_TYPE)(UT_NV + 2) -EXTERN UPDATE_TYPE g_updateNV; - -//*** g_powerWasLost -// This flag is used to indicate if the power was lost. It is SET in _TPM__Init. -// This flag is cleared by TPM2_Startup() after all power-lost activities are -// completed. -// Note: When power is applied, this value can come up as anything. However, -// _plat__WasPowerLost() will provide the proper indication in that case. So, when -// power is actually lost, we get the correct answer. When power was not lost, but -// the power-lost processing has not been completed before the next _TPM_Init(), -// then the TPM still does the correct thing. -EXTERN BOOL g_powerWasLost; - -//*** g_clearOrderly -// This flag indicates if the execution of a command should cause the orderly -// state to be cleared. This flag is set to FALSE at the beginning of each -// command in ExecuteCommand() and is checked in ExecuteCommand() after the -// detailed actions of a command complete but before the check of -// 'g_updateNV'. If this flag is TRUE, and the orderly state is not -// SU_NONE_VALUE, then the orderly state in NV memory will be changed to -// SU_NONE_VALUE or SU_DA_USED_VALUE. -EXTERN BOOL g_clearOrderly; - -//*** g_prevOrderlyState -// This location indicates how the TPM was shut down before the most recent -// TPM2_Startup(). This value, along with the startup type, determines if -// the TPM should do a TPM Reset, TPM Restart, or TPM Resume. -EXTERN TPM_SU g_prevOrderlyState; - -//*** g_nvOk -// This value indicates if the NV integrity check was successful or not. If not and -// the failure was severe, then the TPM would have been put into failure mode after -// it had been re-manufactured. If the NV failure was in the area where the state-save -// data is kept, then this variable will have a value of FALSE indicating that -// a TPM2_Startup(CLEAR) is required. -EXTERN BOOL g_nvOk; -// NV availability is sampled as the start of each command and stored here -// so that its value remains consistent during the command execution -EXTERN TPM_RC g_NvStatus; - -#ifdef VENDOR_PERMANENT -//*** g_platformUnique -// This location contains the unique value(s) used to identify the TPM. It is -// loaded on every _TPM2_Startup() -// The first value is used to seed the RNG. The second value is used as a vendor -// authValue. The value used by the RNG would be the value derived from the -// chip unique value (such as fused) with a dependency on the authorities of the -// code in the TPM boot path. The second would be derived from the chip unique value -// with a dependency on the details of the code in the boot path. That is, the -// first value depends on the various signers of the code and the second depends on -// what was signed. The TPM vendor should not be able to know the first value but -// they are expected to know the second. -EXTERN TPM2B_AUTH g_platformUniqueAuthorities; // Reserved for RNG - -EXTERN TPM2B_AUTH g_platformUniqueDetails; // referenced by VENDOR_PERMANENT -#endif - -//********************************************************************************* -//********************************************************************************* -//** Persistent Global Values -//********************************************************************************* -//********************************************************************************* -//*** Description -// The values in this section are global values that are persistent across power -// events. The lifetime of the values determines the structure in which the value -// is placed. - -//********************************************************************************* -//*** PERSISTENT_DATA -//********************************************************************************* -// This structure holds the persistent values that only change as a consequence -// of a specific Protected Capability and are not affected by TPM power events -// (TPM2_Startup() or TPM2_Shutdown(). -typedef struct -{ -//********************************************************************************* -// Hierarchy -//********************************************************************************* -// The values in this section are related to the hierarchies. - - BOOL disableClear; // TRUE if TPM2_Clear() using - // lockoutAuth is disabled - - // Hierarchy authPolicies - TPMI_ALG_HASH ownerAlg; - TPMI_ALG_HASH endorsementAlg; - TPMI_ALG_HASH lockoutAlg; - TPM2B_DIGEST ownerPolicy; - TPM2B_DIGEST endorsementPolicy; - TPM2B_DIGEST lockoutPolicy; - - // Hierarchy authValues - TPM2B_AUTH ownerAuth; - TPM2B_AUTH endorsementAuth; - TPM2B_AUTH lockoutAuth; - - // Primary Seeds - TPM2B_SEED EPSeed; - TPM2B_SEED SPSeed; - TPM2B_SEED PPSeed; - // Note there is a nullSeed in the state_reset memory. - - // Hierarchy proofs - TPM2B_PROOF phProof; - TPM2B_PROOF shProof; - TPM2B_PROOF ehProof; - // Note there is a nullProof in the state_reset memory. - -//********************************************************************************* -// Reset Events -//********************************************************************************* -// A count that increments at each TPM reset and never get reset during the life -// time of TPM. The value of this counter is initialized to 1 during TPM -// manufacture process. It is used to invalidate all saved contexts after a TPM -// Reset. - UINT64 totalResetCount; - -// This counter increments on each TPM Reset. The counter is reset by -// TPM2_Clear(). - UINT32 resetCount; - -//********************************************************************************* -// PCR -//********************************************************************************* -// This structure hold the policies for those PCR that have an update policy. -// This implementation only supports a single group of PCR controlled by -// policy. If more are required, then this structure would be changed to -// an array. -#if defined NUM_POLICY_PCR_GROUP && NUM_POLICY_PCR_GROUP > 0 - PCR_POLICY pcrPolicies; -#endif - -// This structure indicates the allocation of PCR. The structure contains a -// list of PCR allocations for each implemented algorithm. If no PCR are -// allocated for an algorithm, a list entry still exists but the bit map -// will contain no SET bits. - TPML_PCR_SELECTION pcrAllocated; - -//********************************************************************************* -// Physical Presence -//********************************************************************************* -// The PP_LIST type contains a bit map of the commands that require physical -// to be asserted when the authorization is evaluated. Physical presence will be -// checked if the corresponding bit in the array is SET and if the authorization -// handle is TPM_RH_PLATFORM. -// -// These bits may be changed with TPM2_PP_Commands(). - BYTE ppList[(COMMAND_COUNT + 7) / 8]; - -//********************************************************************************* -// Dictionary attack values -//********************************************************************************* -// These values are used for dictionary attack tracking and control. - UINT32 failedTries; // the current count of unexpired - // authorization failures - - UINT32 maxTries; // number of unexpired authorization - // failures before the TPM is in - // lockout - - UINT32 recoveryTime; // time between authorization failures - // before failedTries is decremented - - UINT32 lockoutRecovery; // time that must expire between - // authorization failures associated - // with lockoutAuth - - BOOL lockOutAuthEnabled; // TRUE if use of lockoutAuth is - // allowed - -//***************************************************************************** -// Orderly State -//***************************************************************************** -// The orderly state for current cycle - TPM_SU orderlyState; - -//***************************************************************************** -// Command audit values. -//***************************************************************************** - BYTE auditCommands[((COMMAND_COUNT + 1) + 7) / 8]; - TPMI_ALG_HASH auditHashAlg; - UINT64 auditCounter; - -//***************************************************************************** -// Algorithm selection -//***************************************************************************** -// -// The 'algorithmSet' value indicates the collection of algorithms that are -// currently in used on the TPM. The interpretation of value is vendor dependent. - UINT32 algorithmSet; - -//***************************************************************************** -// Firmware version -//***************************************************************************** -// The firmwareV1 and firmwareV2 values are instanced in TimeStamp.c. This is -// a scheme used in development to allow determination of the linker build time -// of the TPM. An actual implementation would implement these values in a way that -// is consistent with vendor needs. The values are maintained in RAM for simplified -// access with a master version in NV. These values are modified in a -// vendor-specific way. - -// g_firmwareV1 contains the more significant 32-bits of the vendor version number. -// In the reference implementation, if this value is printed as a hex -// value, it will have the format of YYYYMMDD - UINT32 firmwareV1; - -// g_firmwareV1 contains the less significant 32-bits of the vendor version number. -// In the reference implementation, if this value is printed as a hex -// value, it will have the format of 00 HH MM SS - UINT32 firmwareV2; -//***************************************************************************** -// Timer Epoch -//***************************************************************************** -// timeEpoch contains a nonce that has a vendor=specific size (should not be -// less than 8 bytes. This nonce changes when the clock epoch changes. The clock -// epoch changes when there is a discontinuity in the timing of the TPM. -#if !CLOCK_STOPS - CLOCK_NONCE timeEpoch; -#endif - -} PERSISTENT_DATA; - -EXTERN PERSISTENT_DATA gp; - -//********************************************************************************* -//********************************************************************************* -//*** ORDERLY_DATA -//********************************************************************************* -//********************************************************************************* -// The data in this structure is saved to NV on each TPM2_Shutdown(). -typedef struct orderly_data -{ -//***************************************************************************** -// TIME -//***************************************************************************** - -// Clock has two parts. One is the state save part and one is the NV part. The -// state save version is updated on each command. When the clock rolls over, the -// NV version is updated. When the TPM starts up, if the TPM was shutdown in and -// orderly way, then the sClock value is used to initialize the clock. If the -// TPM shutdown was not orderly, then the persistent value is used and the safe -// attribute is clear. - - UINT64 clock; // The orderly version of clock - TPMI_YES_NO clockSafe; // Indicates if the clock value is - // safe. - - // In many implementations, the quality of the entropy available is not that - // high. To compensate, the current value of the drbgState can be saved and - // restored on each power cycle. This prevents the internal state from reverting - // to the initial state on each power cycle and starting with a limited amount - // of entropy. By keeping the old state and adding entropy, the entropy will - // accumulate. - DRBG_STATE drbgState; - -// These values allow the accumulation of self-healing time across orderly shutdown -// of the TPM. -#if ACCUMULATE_SELF_HEAL_TIMER - UINT64 selfHealTimer; // current value of s_selfHealTimer - UINT64 lockoutTimer; // current value of s_lockoutTimer - UINT64 time; // current value of g_time at shutdown -#endif // ACCUMULATE_SELF_HEAL_TIMER - -} ORDERLY_DATA; - -#if ACCUMULATE_SELF_HEAL_TIMER -#define s_selfHealTimer go.selfHealTimer -#define s_lockoutTimer go.lockoutTimer -#endif // ACCUMULATE_SELF_HEAL_TIMER - -# define drbgDefault go.drbgState - -EXTERN ORDERLY_DATA go; - -//********************************************************************************* -//********************************************************************************* -//*** STATE_CLEAR_DATA -//********************************************************************************* -//********************************************************************************* -// This structure contains the data that is saved on Shutdown(STATE) -// and restored on Startup(STATE). The values are set to their default -// settings on any Startup(Clear). In other words, the data is only persistent -// across TPM Resume. -// -// If the comments associated with a parameter indicate a default reset value, the -// value is applied on each Startup(CLEAR). - -typedef struct state_clear_data -{ -//***************************************************************************** -// Hierarchy Control -//***************************************************************************** - BOOL shEnable; // default reset is SET - BOOL ehEnable; // default reset is SET - BOOL phEnableNV; // default reset is SET - TPMI_ALG_HASH platformAlg; // default reset is TPM_ALG_NULL - TPM2B_DIGEST platformPolicy; // default reset is an Empty Buffer - TPM2B_AUTH platformAuth; // default reset is an Empty Buffer - -//***************************************************************************** -// PCR -//***************************************************************************** -// The set of PCR to be saved on Shutdown(STATE) - PCR_SAVE pcrSave; // default reset is 0...0 - -// This structure hold the authorization values for those PCR that have an -// update authorization. -// This implementation only supports a single group of PCR controlled by -// authorization. If more are required, then this structure would be changed to -// an array. - PCR_AUTHVALUE pcrAuthValues; -} STATE_CLEAR_DATA; - -EXTERN STATE_CLEAR_DATA gc; - -//********************************************************************************* -//********************************************************************************* -//*** State Reset Data -//********************************************************************************* -//********************************************************************************* -// This structure contains data is that is saved on Shutdown(STATE) and restored on -// the subsequent Startup(ANY). That is, the data is preserved across TPM Resume -// and TPM Restart. -// -// If a default value is specified in the comments this value is applied on -// TPM Reset. - -typedef struct state_reset_data -{ -//***************************************************************************** -// Hierarchy Control -//***************************************************************************** - TPM2B_PROOF nullProof; // The proof value associated with - // the TPM_RH_NULL hierarchy. The - // default reset value is from the RNG. - - TPM2B_SEED nullSeed; // The seed value for the TPM_RN_NULL - // hierarchy. The default reset value - // is from the RNG. - -//***************************************************************************** -// Context -//***************************************************************************** -// The 'clearCount' counter is incremented each time the TPM successfully executes -// a TPM Resume. The counter is included in each saved context that has 'stClear' -// SET (including descendants of keys that have 'stClear' SET). This prevents these -// objects from being loaded after a TPM Resume. -// If 'clearCount' is at its maximum value when the TPM receives a Shutdown(STATE), -// the TPM will return TPM_RC_RANGE and the TPM will only accept Shutdown(CLEAR). - UINT32 clearCount; // The default reset value is 0. - - UINT64 objectContextID; // This is the context ID for a saved - // object context. The default reset - // value is 0. -#ifndef NDEBUG -#undef CONTEXT_SLOT -#define CONTEXT_SLOT BYTE -#endif - - CONTEXT_SLOT contextArray[MAX_ACTIVE_SESSIONS]; // This array contains - // contains the values used to track - // the version numbers of saved - // contexts (see - // Session.c in for details). The - // default reset value is {0}. - - CONTEXT_COUNTER contextCounter; // This is the value from which the - // 'contextID' is derived. The - // default reset value is {0}. - -//***************************************************************************** -// Command Audit -//***************************************************************************** -// When an audited command completes, ExecuteCommand() checks the return -// value. If it is TPM_RC_SUCCESS, and the command is an audited command, the -// TPM will extend the cpHash and rpHash for the command to this value. If this -// digest was the Zero Digest before the cpHash was extended, the audit counter -// is incremented. - - TPM2B_DIGEST commandAuditDigest; // This value is set to an Empty Digest - // by TPM2_GetCommandAuditDigest() or a - // TPM Reset. - -//***************************************************************************** -// Boot counter -//***************************************************************************** - - UINT32 restartCount; // This counter counts TPM Restarts. - // The default reset value is 0. - -//********************************************************************************* -// PCR -//********************************************************************************* -// This counter increments whenever the PCR are updated. This counter is preserved -// across TPM Resume even though the PCR are not preserved. This is because -// sessions remain active across TPM Restart and the count value in the session -// is compared to this counter so this counter must have values that are unique -// as long as the sessions are active. -// NOTE: A platform-specific specification may designate that certain PCR changes -// do not increment this counter to increment. - UINT32 pcrCounter; // The default reset value is 0. - -#if ALG_ECC - -//***************************************************************************** -// ECDAA -//***************************************************************************** - UINT64 commitCounter; // This counter increments each time - // TPM2_Commit() returns - // TPM_RC_SUCCESS. The default reset - // value is 0. - - TPM2B_NONCE commitNonce; // This random value is used to compute - // the commit values. The default reset - // value is from the RNG. - -// This implementation relies on the number of bits in g_commitArray being a -// power of 2 (8, 16, 32, 64, etc.) and no greater than 64K. - BYTE commitArray[16]; // The default reset value is {0}. - -#endif // ALG_ECC -} STATE_RESET_DATA; - -EXTERN STATE_RESET_DATA gr; - -//** NV Layout -// The NV data organization is -// 1) a PERSISTENT_DATA structure -// 2) a STATE_RESET_DATA structure -// 3) a STATE_CLEAR_DATA structure -// 4) an ORDERLY_DATA structure -// 5) the user defined NV index space -#define NV_PERSISTENT_DATA (0) -#define NV_STATE_RESET_DATA (NV_PERSISTENT_DATA + sizeof(PERSISTENT_DATA)) -#define NV_STATE_CLEAR_DATA (NV_STATE_RESET_DATA + sizeof(STATE_RESET_DATA)) -#define NV_ORDERLY_DATA (NV_STATE_CLEAR_DATA + sizeof(STATE_CLEAR_DATA)) -#define NV_INDEX_RAM_DATA (NV_ORDERLY_DATA + sizeof(ORDERLY_DATA)) -#define NV_USER_DYNAMIC (NV_INDEX_RAM_DATA + sizeof(s_indexOrderlyRam)) -#define NV_USER_DYNAMIC_END NV_MEMORY_SIZE - -//** Global Macro Definitions -// The NV_READ_PERSISTENT and NV_WRITE_PERSISTENT macros are used to access members -// of the PERSISTENT_DATA structure in NV. -#define NV_READ_PERSISTENT(to, from) \ - NvRead(&to, offsetof(PERSISTENT_DATA, from), sizeof(to)) - -#define NV_WRITE_PERSISTENT(to, from) \ - NvWrite(offsetof(PERSISTENT_DATA, to), sizeof(gp.to), &from) - -#define CLEAR_PERSISTENT(item) \ - NvClearPersistent(offsetof(PERSISTENT_DATA, item), sizeof(gp.item)) - -#define NV_SYNC_PERSISTENT(item) NV_WRITE_PERSISTENT(item, gp.item) - -// At the start of command processing, the index of the command is determined. This -// index value is used to access the various data tables that contain per-command -// information. There are multiple options for how the per-command tables can be -// implemented. This is resolved in GetClosestCommandIndex(). -typedef UINT16 COMMAND_INDEX; -#define UNIMPLEMENTED_COMMAND_INDEX ((COMMAND_INDEX)(~0)) - -typedef struct _COMMAND_FLAGS_ -{ - unsigned trialPolicy : 1; //1) If SET, one of the handles references a - // trial policy and authorization may be - // skipped. This is only allowed for a policy - // command. -} COMMAND_FLAGS; - -// This structure is used to avoid having to manage a large number of -// parameters being passed through various levels of the command input processing. -// -typedef struct _COMMAND_ -{ - TPM_ST tag; // the parsed command tag - TPM_CC code; // the parsed command code - COMMAND_INDEX index; // the computed command index - UINT32 handleNum; // the number of entity handles in the - // handle area of the command - TPM_HANDLE handles[MAX_HANDLE_NUM]; // the parsed handle values - UINT32 sessionNum; // the number of sessions found - INT32 parameterSize; // starts out with the parsed command size - // and is reduced and values are - // unmarshaled. Just before calling the - // command actions, this should be zero. - // After the command actions, this number - // should grow as values are marshaled - // in to the response buffer. - INT32 authSize; // this is initialized with the parsed size - // of authorizationSize field and should - // be zero when the authorizations are - // parsed. - BYTE *parameterBuffer; // input to ExecuteCommand - BYTE *responseBuffer; // input to ExecuteCommand -#if ALG_SHA1 - TPM2B_SHA1_DIGEST sha1CpHash; - TPM2B_SHA1_DIGEST sha1RpHash; -#endif -#if ALG_SHA256 - TPM2B_SHA256_DIGEST sha256CpHash; - TPM2B_SHA256_DIGEST sha256RpHash; -#endif -#if ALG_SHA384 - TPM2B_SHA384_DIGEST sha384CpHash; - TPM2B_SHA384_DIGEST sha384RpHash; -#endif -#if ALG_SHA512 - TPM2B_SHA512_DIGEST sha512CpHash; - TPM2B_SHA512_DIGEST sha512RpHash; -#endif -#if ALG_SM3_256 - TPM2B_SM3_256_DIGEST sm3_256CpHash; - TPM2B_SM3_256_DIGEST sm3_256RpHash; -#endif -} COMMAND; - -// Global sting constants for consistency in KDF function calls. -// These string constants are shared across functions to make sure that they -// are all using consistent sting values. - -#define STRING_INITIALIZER(value) {{sizeof(value), {value}}} -#define TPM2B_STRING(name, value) \ -typedef union name##_ { \ - struct { \ - UINT16 size; \ - BYTE buffer[sizeof(value)]; \ - } t; \ - TPM2B b; \ - } TPM2B_##name##_; \ -EXTERN const TPM2B_##name##_ name##_ INITIALIZER(STRING_INITIALIZER(value)); \ -EXTERN const TPM2B *name INITIALIZER(&name##_.b) - -TPM2B_STRING(PRIMARY_OBJECT_CREATION, "Primary Object Creation"); -TPM2B_STRING(CFB_KEY, "CFB"); -TPM2B_STRING(CONTEXT_KEY, "CONTEXT"); -TPM2B_STRING(INTEGRITY_KEY, "INTEGRITY"); -TPM2B_STRING(SECRET_KEY, "SECRET"); -TPM2B_STRING(SESSION_KEY, "ATH"); -TPM2B_STRING(STORAGE_KEY, "STORAGE"); -TPM2B_STRING(XOR_KEY, "XOR"); -TPM2B_STRING(COMMIT_STRING, "ECDAA Commit"); -TPM2B_STRING(DUPLICATE_STRING, "DUPLICATE"); -TPM2B_STRING(IDENTITY_STRING, "IDENTITY"); -TPM2B_STRING(OBFUSCATE_STRING, "OBFUSCATE"); -#if SELF_TEST -TPM2B_STRING(OAEP_TEST_STRING, "OAEP Test Value"); -#endif // SELF_TEST - -//***************************************************************************** -//** From CryptTest.c -//***************************************************************************** -// This structure contains the self-test state values for the cryptographic modules. -EXTERN CRYPTO_SELF_TEST_STATE g_cryptoSelfTestState; - -//***************************************************************************** -//** From Manufacture.c -//***************************************************************************** -EXTERN BOOL g_manufactured INITIALIZER(FALSE); - -// This value indicates if a TPM2_Startup commands has been -// receive since the power on event. This flag is maintained in power -// simulation module because this is the only place that may reliably set this -// flag to FALSE. -EXTERN BOOL g_initialized; - -//** Private data - -//***************************************************************************** -//*** From SessionProcess.c -//***************************************************************************** -#if defined SESSION_PROCESS_C || defined GLOBAL_C || defined MANUFACTURE_C -// The following arrays are used to save command sessions information so that the -// command handle/session buffer does not have to be preserved for the duration of -// the command. These arrays are indexed by the session index in accordance with -// the order of sessions in the session area of the command. -// -// Array of the authorization session handles -EXTERN TPM_HANDLE s_sessionHandles[MAX_SESSION_NUM]; - -// Array of authorization session attributes -EXTERN TPMA_SESSION s_attributes[MAX_SESSION_NUM]; - -// Array of handles authorized by the corresponding authorization sessions; -// and if none, then TPM_RH_UNASSIGNED value is used -EXTERN TPM_HANDLE s_associatedHandles[MAX_SESSION_NUM]; - -// Array of nonces provided by the caller for the corresponding sessions -EXTERN TPM2B_NONCE s_nonceCaller[MAX_SESSION_NUM]; - -// Array of authorization values (HMAC's or passwords) for the corresponding -// sessions -EXTERN TPM2B_AUTH s_inputAuthValues[MAX_SESSION_NUM]; - -// Array of pointers to the SESSION structures for the sessions in a command -EXTERN SESSION *s_usedSessions[MAX_SESSION_NUM]; - -// Special value to indicate an undefined session index -#define UNDEFINED_INDEX (0xFFFF) - -// Index of the session used for encryption of a response parameter -EXTERN UINT32 s_encryptSessionIndex; - -// Index of the session used for decryption of a command parameter -EXTERN UINT32 s_decryptSessionIndex; - -// Index of a session used for audit -EXTERN UINT32 s_auditSessionIndex; - -// The cpHash for command audit -#ifdef TPM_CC_GetCommandAuditDigest -EXTERN TPM2B_DIGEST s_cpHashForCommandAudit; -#endif - -// Flag indicating if NV update is pending for the lockOutAuthEnabled or -// failedTries DA parameter -EXTERN BOOL s_DAPendingOnNV; - -#endif // SESSION_PROCESS_C - -//***************************************************************************** -//*** From DA.c -//***************************************************************************** -#if defined DA_C || defined GLOBAL_C || defined MANUFACTURE_C -// This variable holds the accumulated time since the last time -// that 'failedTries' was decremented. This value is in millisecond. -#if !ACCUMULATE_SELF_HEAL_TIMER -EXTERN UINT64 s_selfHealTimer; - -// This variable holds the accumulated time that the lockoutAuth has been -// blocked. -EXTERN UINT64 s_lockoutTimer; -#endif // ACCUMULATE_SELF_HEAL_TIMER - -#endif // DA_C - -//***************************************************************************** -//*** From NV.c -//***************************************************************************** -#if defined NV_C || defined GLOBAL_C -// This marks the end of the NV area. This is a run-time variable as it might -// not be compile-time constant. -EXTERN NV_REF s_evictNvEnd; - -// This space is used to hold the index data for an orderly Index. It also contains -// the attributes for the index. -EXTERN BYTE s_indexOrderlyRam[RAM_INDEX_SPACE]; // The orderly NV Index data - -// This value contains the current max counter value. It is written to the end of -// allocatable NV space each time an index is deleted or added. This value is -// initialized on Startup. The indices are searched and the maximum of all the -// current counter indices and this value is the initial value for this. -EXTERN UINT64 s_maxCounter; - -// This is space used for the NV Index cache. As with a persistent object, the -// contents of a referenced index are copied into the cache so that the -// NV Index memory scanning and data copying can be reduced. -// Only code that operates on NV Index data should use this cache directly. When -// that action code runs, s_lastNvIndex will contain the index header information. -// It will have been loaded when the handles were verified. -// NOTE: An NV index handle can appear in many commands that do not operate on the -// NV data (e.g. TPM2_StartAuthSession). However, only one NV Index at a time is -// ever directly referenced by any command. If that changes, then the NV Index -// caching needs to be changed to accommodate that. Currently, the code will verify -// that only one NV Index is referenced by the handles of the command. -EXTERN NV_INDEX s_cachedNvIndex; -EXTERN NV_REF s_cachedNvRef; -EXTERN BYTE *s_cachedNvRamRef; - -// Initial NV Index/evict object iterator value -#define NV_REF_INIT (NV_REF)0xFFFFFFFF - -#endif - -//***************************************************************************** -//*** From Object.c -//***************************************************************************** -#if defined OBJECT_C || defined GLOBAL_C -// This type is the container for an object. - -EXTERN OBJECT s_objects[MAX_LOADED_OBJECTS]; - -#endif // OBJECT_C - -//***************************************************************************** -//*** From PCR.c -//***************************************************************************** -#if defined PCR_C || defined GLOBAL_C -typedef struct -{ -#if ALG_SHA1 - // SHA1 PCR - BYTE sha1Pcr[SHA1_DIGEST_SIZE]; -#endif -#if ALG_SHA256 - // SHA256 PCR - BYTE sha256Pcr[SHA256_DIGEST_SIZE]; -#endif -#if ALG_SHA384 - // SHA384 PCR - BYTE sha384Pcr[SHA384_DIGEST_SIZE]; -#endif -#if ALG_SHA512 - // SHA512 PCR - BYTE sha512Pcr[SHA512_DIGEST_SIZE]; -#endif -#if ALG_SM3_256 - // SHA256 PCR - BYTE sm3_256Pcr[SM3_256_DIGEST_SIZE]; -#endif -} PCR; - -typedef struct -{ - unsigned int stateSave : 1; // if the PCR value should be - // saved in state save - unsigned int resetLocality : 5; // The locality that the PCR - // can be reset - unsigned int extendLocality : 5; // The locality that the PCR - // can be extend -} PCR_Attributes; - -EXTERN PCR s_pcrs[IMPLEMENTATION_PCR]; - -#endif // PCR_C - -//***************************************************************************** -//*** From Session.c -//***************************************************************************** -#if defined SESSION_C || defined GLOBAL_C -// Container for HMAC or policy session tracking information -typedef struct -{ - BOOL occupied; - SESSION session; // session structure -} SESSION_SLOT; - -EXTERN SESSION_SLOT s_sessions[MAX_LOADED_SESSIONS]; - -// The index in contextArray that has the value of the oldest saved session -// context. When no context is saved, this will have a value that is greater -// than or equal to MAX_ACTIVE_SESSIONS. -EXTERN UINT32 s_oldestSavedSession; - -// The number of available session slot openings. When this is 1, -// a session can't be created or loaded if the GAP is maxed out. -// The exception is that the oldest saved session context can always -// be loaded (assuming that there is a space in memory to put it) -EXTERN int s_freeSessionSlots; - -#endif // SESSION_C - -//***************************************************************************** -//*** From IoBuffers.c -//***************************************************************************** -#if defined IO_BUFFER_C || defined GLOBAL_C -// Each command function is allowed a structure for the inputs to the function and -// a structure for the outputs. The command dispatch code unmarshals the input butter -// to the command action input structure starting at the first byte of -// s_actionIoBuffer. The value of s_actionIoAllocation is the number of UINT64 values -// allocated. It is used to set the pointer for the response structure. The command -// dispatch code will marshal the response values into the final output buffer. -EXTERN UINT64 s_actionIoBuffer[768]; // action I/O buffer -EXTERN UINT32 s_actionIoAllocation; // number of UIN64 allocated for the - // action input structure -#endif // IO_BUFFER_C - -//***************************************************************************** -//*** From TPMFail.c -//***************************************************************************** -// This value holds the address of the string containing the name of the function -// in which the failure occurred. This address value isn't useful for anything -// other than helping the vendor to know in which file the failure occurred. -EXTERN BOOL g_inFailureMode; // Indicates that the TPM is in failure mode -#if SIMULATION -EXTERN BOOL g_forceFailureMode; // flag to force failure mode during test -#endif - -typedef void(FailFunction)(const char *function, int line, int code); - -#if defined TPM_FAIL_C || defined GLOBAL_C -EXTERN UINT32 s_failFunction; -EXTERN UINT32 s_failLine; // the line in the file at which - // the error was signaled -EXTERN UINT32 s_failCode; // the error code used - -EXTERN FailFunction *LibFailCallback; - -#endif // TPM_FAIL_C - -//***************************************************************************** -//*** From CommandCodeAttributes.c -//***************************************************************************** -// This array is instanced in CommandCodeAttributes.c when it includes -// CommandCodeAttributes.h. Don't change the extern to EXTERN. -extern const TPMA_CC s_ccAttr[]; -extern const COMMAND_ATTRIBUTES s_commandAttributes[]; - -#endif // GLOBAL_H diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/GpMacros.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/GpMacros.h deleted file mode 100644 index 22f1b5a7e..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/GpMacros.h +++ /dev/null @@ -1,332 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Introduction -// This file is a collection of miscellaneous macros. - -#ifndef GP_MACROS_H -#define GP_MACROS_H - -#ifndef NULL -#define NULL 0 -#endif - -#include "swap.h" -#include "VendorString.h" - - -//** For Self-test -// These macros are used in CryptUtil to invoke the incremental self test. -#if SELF_TEST -# define TEST(alg) if(TEST_BIT(alg, g_toTest)) CryptTestAlgorithm(alg, NULL) - -// Use of TPM_ALG_NULL is reserved for RSAEP/RSADP testing. If someone is wanting -// to test a hash with that value, don't do it. -# define TEST_HASH(alg) \ - if(TEST_BIT(alg, g_toTest) \ - && (alg != ALG_NULL_VALUE)) \ - CryptTestAlgorithm(alg, NULL) -#else -# define TEST(alg) -# define TEST_HASH(alg) -#endif // SELF_TEST - -//** For Failures -#if defined _POSIX_ -# define FUNCTION_NAME 0 -#else -# define FUNCTION_NAME __FUNCTION__ -#endif - -#if !FAIL_TRACE -# define FAIL(errorCode) (TpmFail(errorCode)) -# define LOG_FAILURE(errorCode) (TpmLogFailure(errorCode)) -#else -# define FAIL(errorCode) TpmFail(FUNCTION_NAME, __LINE__, errorCode) -# define LOG_FAILURE(errorCode) TpmLogFailure(FUNCTION_NAME, __LINE__, errorCode) -#endif - -// If implementation is using longjmp, then the call to TpmFail() does not return -// and the compiler will complain about unreachable code that comes after. To allow -// for not having longjmp, TpmFail() will return and the subsequent code will be -// executed. This macro accounts for the difference. -#ifndef NO_LONGJMP -# define FAIL_RETURN(returnCode) -# define TPM_FAIL_RETURN NORETURN void -#else -# define FAIL_RETURN(returnCode) return (returnCode) -# define TPM_FAIL_RETURN void -#endif - -// This macro tests that a condition is TRUE and puts the TPM into failure mode -// if it is not. If longjmp is being used, then the FAIL(FATAL_ERROR_) macro makes -// a call from which there is no return. Otherwise, it returns and the function -// will exit with the appropriate return code. -#define REQUIRE(condition, errorCode, returnCode) \ - { \ - if(!!(condition)) \ - { \ - FAIL(FATAL_ERROR_errorCode); \ - FAIL_RETURN(returnCode); \ - } \ - } - -#define PARAMETER_CHECK(condition, returnCode) \ - REQUIRE((condition), PARAMETER, returnCode) - -#if (defined EMPTY_ASSERT) && (EMPTY_ASSERT != NO) -# define pAssert(a) ((void)0) -#else -# define pAssert(a) {if(!(a)) FAIL(FATAL_ERROR_PARAMETER);} -#endif - -//** Derived from Vendor-specific values -// Values derived from vendor specific settings in TpmProfile.h -#define PCR_SELECT_MIN ((PLATFORM_PCR+7)/8) -#define PCR_SELECT_MAX ((IMPLEMENTATION_PCR+7)/8) -#define MAX_ORDERLY_COUNT ((1 << ORDERLY_BITS) - 1) - -//** Compile-time Checks -// In some cases, the relationship between two values may be dependent -// on things that change based on various selections like the chosen cryptographic -// libraries. It is possible that these selections will result in incompatible -// settings. These are often detectable by the compiler but it isn't always -// possible to do the check in the preprocessor code. For example, when the -// check requires use of "sizeof" then the preprocessor can't do the comparison. -// For these cases, we include a special macro that, depending on the compiler -// will generate a warning to indicate if the check always passes or always fails -// because it involves fixed constants. To run these checks, define COMPILER_CHECKS -// in TpmBuildSwitches.h -#if COMPILER_CHECKS -# define cAssert pAssert -#else -# define cAssert(value) -#endif - -// This is used commonly in the "Crypt" code as a way to keep listings from -// getting too long. This is not to save paper but to allow one to see more -// useful stuff on the screen at any given time. -#define ERROR_RETURN(returnCode) \ - { \ - retVal = returnCode; \ - goto Exit; \ - } - -#ifndef MAX -# define MAX(a, b) ((a) > (b) ? (a) : (b)) -#endif -#ifndef MIN -# define MIN(a, b) ((a) < (b) ? (a) : (b)) -#endif -#ifndef IsOdd -# define IsOdd(a) (((a) & 1) != 0) -#endif - -#ifndef BITS_TO_BYTES -# define BITS_TO_BYTES(bits) (((bits) + 7) >> 3) -#endif - -// These are defined for use when the size of the vector being checked is known -// at compile time. -#define TEST_BIT(bit, vector) TestBit((bit), (BYTE *)&(vector), sizeof(vector)) -#define SET_BIT(bit, vector) SetBit((bit), (BYTE *)&(vector), sizeof(vector)) -#define CLEAR_BIT(bit, vector) ClearBit((bit), (BYTE *)&(vector), sizeof(vector)) - - -// The following definitions are used if they have not already been defined. The -// defaults for these settings are compatible with ISO/IEC 9899:2011 (E) -#ifndef LIB_EXPORT -# define LIB_EXPORT -# define LIB_IMPORT -#endif -#ifndef NORETURN -# define NORETURN _Noreturn -#endif -#ifndef NOT_REFERENCED -# define NOT_REFERENCED(x = x) ((void) (x)) -#endif - -#define STD_RESPONSE_HEADER (sizeof(TPM_ST) + sizeof(UINT32) + sizeof(TPM_RC)) - -#define JOIN(x, y) x##y -#define JOIN3(x, y, z) x##y##z -#define CONCAT(x, y) JOIN(x, y) -#define CONCAT3(x, y, z) JOIN3(x,y,z) - -// If CONTEXT_INTEGRITY_HASH_ALG is defined, then the vendor is using the old style -// table. Otherwise, pick the "strongest" implemented hash algorithm as the context -// hash. -#ifndef CONTEXT_HASH_ALGORITHM -# if defined ALG_SHA512 && ALG_SHA512 == YES -# define CONTEXT_HASH_ALGORITHM SHA512 -# elif defined ALG_SHA384 && ALG_SHA384 == YES -# define CONTEXT_HASH_ALGORITHM SHA384 -# elif defined ALG_SHA256 && ALG_SHA256 == YES -# define CONTEXT_HASH_ALGORITHM SHA256 -# elif defined ALG_SM3_256 && ALG_SM3_256 == YES -# define CONTEXT_HASH_ALGORITHM SM3_256 -# elif defined ALG_SHA1 && ALG_SHA1 == YES -# define CONTEXT_HASH_ALGORITHM SHA1 -# endif -# define CONTEXT_INTEGRITY_HASH_ALG CONCAT(TPM_ALG_, CONTEXT_HASH_ALGORITHM) -#endif - -#ifndef CONTEXT_INTEGRITY_HASH_SIZE -#define CONTEXT_INTEGRITY_HASH_SIZE CONCAT(CONTEXT_HASH_ALGORITHM, _DIGEST_SIZE) -#endif -#if ALG_RSA -#define RSA_SECURITY_STRENGTH (MAX_RSA_KEY_BITS >= 15360 ? 256 : \ - (MAX_RSA_KEY_BITS >= 7680 ? 192 : \ - (MAX_RSA_KEY_BITS >= 3072 ? 128 : \ - (MAX_RSA_KEY_BITS >= 2048 ? 112 : \ - (MAX_RSA_KEY_BITS >= 1024 ? 80 : 0))))) -#else -#define RSA_SECURITY_STRENGTH 0 -#endif // ALG_RSA - -#if ALG_ECC -#define ECC_SECURITY_STRENGTH (MAX_ECC_KEY_BITS >= 521 ? 256 : \ - (MAX_ECC_KEY_BITS >= 384 ? 192 : \ - (MAX_ECC_KEY_BITS >= 256 ? 128 : 0))) -#else -#define ECC_SECURITY_STRENGTH 0 -#endif // ALG_ECC - -#define MAX_ASYM_SECURITY_STRENGTH \ - MAX(RSA_SECURITY_STRENGTH, ECC_SECURITY_STRENGTH) - -#define MAX_HASH_SECURITY_STRENGTH ((CONTEXT_INTEGRITY_HASH_SIZE * 8) / 2) - -// Unless some algorithm is broken... -#define MAX_SYM_SECURITY_STRENGTH MAX_SYM_KEY_BITS - -#define MAX_SECURITY_STRENGTH_BITS \ - MAX(MAX_ASYM_SECURITY_STRENGTH, \ - MAX(MAX_SYM_SECURITY_STRENGTH, \ - MAX_HASH_SECURITY_STRENGTH)) - -// This is the size that was used before the 1.38 errata requiring that P1.14.4 be -// followed -#define PROOF_SIZE CONTEXT_INTEGRITY_HASH_SIZE - -// As required by P1.14.4 -#define COMPLIANT_PROOF_SIZE \ - (MAX(CONTEXT_INTEGRITY_HASH_SIZE, (2 * MAX_SYM_KEY_BYTES))) - -// As required by P1.14.3.1 -#define COMPLIANT_PRIMARY_SEED_SIZE \ - BITS_TO_BYTES(MAX_SECURITY_STRENGTH_BITS * 2) - -// This is the pre-errata version -#ifndef PRIMARY_SEED_SIZE -# define PRIMARY_SEED_SIZE PROOF_SIZE -#endif - -#if USE_SPEC_COMPLIANT_PROOFS -# undef PROOF_SIZE -# define PROOF_SIZE COMPLIANT_PROOF_SIZE -# undef PRIMARY_SEED_SIZE -# define PRIMARY_SEED_SIZE COMPLIANT_PRIMARY_SEED_SIZE -#endif // USE_SPEC_COMPLIANT_PROOFS - -#if !SKIP_PROOF_ERRORS -# if PROOF_SIZE < COMPLIANT_PROOF_SIZE -# error "PROOF_SIZE is not compliant with TPM specification" -# endif -# if PRIMARY_SEED_SIZE < COMPLIANT_PRIMARY_SEED_SIZE -# error Non-compliant PRIMARY_SEED_SIZE -# endif -#endif // !SKIP_PROOF_ERRORS - -// If CONTEXT_ENCRYPT_ALG is defined, then the vendor is using the old style table -#if defined CONTEXT_ENCRYPT_ALG -# undef CONTEXT_ENCRYPT_ALGORITHM -# if CONTEXT_ENCRYPT_ALG == ALG_AES_VALUE -# define CONTEXT_ENCRYPT_ALGORITHM AES -# elif CONTEXT_ENCRYPT_ALG == ALG_SM4_VALUE -# define CONTEXT_ENCRYPT_ALGORITHM SM4 -# elif CONTEXT_ENCRYPT_ALG == ALG_CAMELLIA_VALUE -# define CONTEXT_ENCRYPT_ALGORITHM CAMELLIA -# elif CONTEXT_ENCRYPT_ALG == ALG_TDES_VALUE -# error Are you kidding? -# else -# error Unknown value for CONTEXT_ENCRYPT_ALG -# endif // CONTEXT_ENCRYPT_ALG == ALG_AES_VALUE -#else -# define CONTEXT_ENCRYPT_ALG \ - CONCAT3(ALG_, CONTEXT_ENCRYPT_ALGORITHM, _VALUE) -#endif // CONTEXT_ENCRYPT_ALG -#define CONTEXT_ENCRYPT_KEY_BITS \ - CONCAT(CONTEXT_ENCRYPT_ALGORITHM, _MAX_KEY_SIZE_BITS) -#define CONTEXT_ENCRYPT_KEY_BYTES ((CONTEXT_ENCRYPT_KEY_BITS+7)/8) - -// This is updated to follow the requirement of P2 that the label not be larger -// than 32 bytes. -#ifndef LABEL_MAX_BUFFER -#define LABEL_MAX_BUFFER MIN(32, MAX(MAX_ECC_KEY_BYTES, MAX_DIGEST_SIZE)) -#endif - -// This bit is used to indicate that an authorization ticket expires on TPM Reset -// and TPM Restart. It is added to the timeout value returned by TPM2_PoliySigned() -// and TPM2_PolicySecret() and used by TPM2_PolicyTicket(). The timeout value is -// relative to Time (g_time). Time is reset whenever the TPM loses power and cannot -// be moved forward by the user (as can Clock). 'g_time' is a 64-bit value expressing -// time in ms. Stealing the MSb for a flag means that the TPM needs to be reset -// at least once every 292,471,208 years rather than once every 584,942,417 years. -#define EXPIRATION_BIT ((UINT64)1 << 63) - -// Check for consistency of the bit ordering of bit fields -#if BIG_ENDIAN_TPM && MOST_SIGNIFICANT_BIT_0 && USE_BIT_FIELD_STRUCTURES -# error "Settings not consistent" -#endif - -// These macros are used to handle the variation in handling of bit fields. If -#if USE_BIT_FIELD_STRUCTURES // The default, old version, with bit fields -# define IS_ATTRIBUTE(a, type, b) ((a.b) != 0) -# define SET_ATTRIBUTE(a, type, b) (a.b = SET) -# define CLEAR_ATTRIBUTE(a, type, b) (a.b = CLEAR) -# define GET_ATTRIBUTE(a, type, b) (a.b) -# define TPMA_ZERO_INITIALIZER() {0} -#else -# define IS_ATTRIBUTE(a, type, b) ((a & type##_##b) != 0) -# define SET_ATTRIBUTE(a, type, b) (a |= type##_##b) -# define CLEAR_ATTRIBUTE(a, type, b) (a &= ~type##_##b) -# define GET_ATTRIBUTE(a, type, b) \ - (type)((a & type##_##b) >> type##_##b##_SHIFT) -# define TPMA_ZERO_INITIALIZER() (0) -#endif - -#define VERIFY(_X) if(!(_X)) goto Error - -#endif // GP_MACROS_H \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/HandleProcess.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/HandleProcess.h deleted file mode 100644 index 51e740ff4..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/HandleProcess.h +++ /dev/null @@ -1,1008 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmDispatch; Version 4.0 July 8,2017 - * Date: Oct 9, 2018 Time: 07:25:19PM - */ -#if CC_Startup -case TPM_CC_Startup: - break; -#endif // CC_Startup -#if CC_Shutdown -case TPM_CC_Shutdown: - break; -#endif // CC_Shutdown -#if CC_SelfTest -case TPM_CC_SelfTest: - break; -#endif // CC_SelfTest -#if CC_IncrementalSelfTest -case TPM_CC_IncrementalSelfTest: - break; -#endif // CC_IncrementalSelfTest -#if CC_GetTestResult -case TPM_CC_GetTestResult: - break; -#endif // CC_GetTestResult -#if CC_StartAuthSession -case TPM_CC_StartAuthSession: - *handleCount = 2; - result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize, TRUE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - result = TPMI_DH_ENTITY_Unmarshal(&handles[1], handleBufferStart, - bufferRemainingSize, TRUE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; - break; -#endif // CC_StartAuthSession -#if CC_PolicyRestart -case TPM_CC_PolicyRestart: - *handleCount = 1; - result = TPMI_SH_POLICY_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_PolicyRestart -#if CC_Create -case TPM_CC_Create: - *handleCount = 1; - result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize, FALSE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_Create -#if CC_Load -case TPM_CC_Load: - *handleCount = 1; - result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize, FALSE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_Load -#if CC_LoadExternal -case TPM_CC_LoadExternal: - break; -#endif // CC_LoadExternal -#if CC_ReadPublic -case TPM_CC_ReadPublic: - *handleCount = 1; - result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize, FALSE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_ReadPublic -#if CC_ActivateCredential -case TPM_CC_ActivateCredential: - *handleCount = 2; - result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize, FALSE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - result = TPMI_DH_OBJECT_Unmarshal(&handles[1], handleBufferStart, - bufferRemainingSize, FALSE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; - break; -#endif // CC_ActivateCredential -#if CC_MakeCredential -case TPM_CC_MakeCredential: - *handleCount = 1; - result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize, FALSE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_MakeCredential -#if CC_Unseal -case TPM_CC_Unseal: - *handleCount = 1; - result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize, FALSE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_Unseal -#if CC_ObjectChangeAuth -case TPM_CC_ObjectChangeAuth: - *handleCount = 2; - result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize, FALSE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - result = TPMI_DH_OBJECT_Unmarshal(&handles[1], handleBufferStart, - bufferRemainingSize, FALSE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; - break; -#endif // CC_ObjectChangeAuth -#if CC_CreateLoaded -case TPM_CC_CreateLoaded: - *handleCount = 1; - result = TPMI_DH_PARENT_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize, TRUE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_CreateLoaded -#if CC_Duplicate -case TPM_CC_Duplicate: - *handleCount = 2; - result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize, FALSE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - result = TPMI_DH_OBJECT_Unmarshal(&handles[1], handleBufferStart, - bufferRemainingSize, TRUE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; - break; -#endif // CC_Duplicate -#if CC_Rewrap -case TPM_CC_Rewrap: - *handleCount = 2; - result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize, TRUE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - result = TPMI_DH_OBJECT_Unmarshal(&handles[1], handleBufferStart, - bufferRemainingSize, TRUE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; - break; -#endif // CC_Rewrap -#if CC_Import -case TPM_CC_Import: - *handleCount = 1; - result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize, FALSE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_Import -#if CC_RSA_Encrypt -case TPM_CC_RSA_Encrypt: - *handleCount = 1; - result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize, FALSE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_RSA_Encrypt -#if CC_RSA_Decrypt -case TPM_CC_RSA_Decrypt: - *handleCount = 1; - result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize, FALSE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_RSA_Decrypt -#if CC_ECDH_KeyGen -case TPM_CC_ECDH_KeyGen: - *handleCount = 1; - result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize, FALSE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_ECDH_KeyGen -#if CC_ECDH_ZGen -case TPM_CC_ECDH_ZGen: - *handleCount = 1; - result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize, FALSE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_ECDH_ZGen -#if CC_ECC_Parameters -case TPM_CC_ECC_Parameters: - break; -#endif // CC_ECC_Parameters -#if CC_ZGen_2Phase -case TPM_CC_ZGen_2Phase: - *handleCount = 1; - result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize, FALSE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_ZGen_2Phase -#if CC_EncryptDecrypt -case TPM_CC_EncryptDecrypt: - *handleCount = 1; - result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize, FALSE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_EncryptDecrypt -#if CC_EncryptDecrypt2 -case TPM_CC_EncryptDecrypt2: - *handleCount = 1; - result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize, FALSE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_EncryptDecrypt2 -#if CC_Hash -case TPM_CC_Hash: - break; -#endif // CC_Hash -#if CC_HMAC -case TPM_CC_HMAC: - *handleCount = 1; - result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize, FALSE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_HMAC -#if CC_MAC -case TPM_CC_MAC: - *handleCount = 1; - result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize, FALSE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_MAC -#if CC_GetRandom -case TPM_CC_GetRandom: - break; -#endif // CC_GetRandom -#if CC_StirRandom -case TPM_CC_StirRandom: - break; -#endif // CC_StirRandom -#if CC_HMAC_Start -case TPM_CC_HMAC_Start: - *handleCount = 1; - result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize, FALSE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_HMAC_Start -#if CC_MAC_Start -case TPM_CC_MAC_Start: - *handleCount = 1; - result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize, FALSE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_MAC_Start -#if CC_HashSequenceStart -case TPM_CC_HashSequenceStart: - break; -#endif // CC_HashSequenceStart -#if CC_SequenceUpdate -case TPM_CC_SequenceUpdate: - *handleCount = 1; - result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize, FALSE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_SequenceUpdate -#if CC_SequenceComplete -case TPM_CC_SequenceComplete: - *handleCount = 1; - result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize, FALSE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_SequenceComplete -#if CC_EventSequenceComplete -case TPM_CC_EventSequenceComplete: - *handleCount = 2; - result = TPMI_DH_PCR_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize, TRUE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - result = TPMI_DH_OBJECT_Unmarshal(&handles[1], handleBufferStart, - bufferRemainingSize, FALSE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; - break; -#endif // CC_EventSequenceComplete -#if CC_Certify -case TPM_CC_Certify: - *handleCount = 2; - result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize, FALSE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - result = TPMI_DH_OBJECT_Unmarshal(&handles[1], handleBufferStart, - bufferRemainingSize, TRUE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; - break; -#endif // CC_Certify -#if CC_CertifyCreation -case TPM_CC_CertifyCreation: - *handleCount = 2; - result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize, TRUE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - result = TPMI_DH_OBJECT_Unmarshal(&handles[1], handleBufferStart, - bufferRemainingSize, FALSE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; - break; -#endif // CC_CertifyCreation -#if CC_Quote -case TPM_CC_Quote: - *handleCount = 1; - result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize, TRUE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_Quote -#if CC_GetSessionAuditDigest -case TPM_CC_GetSessionAuditDigest: - *handleCount = 3; - result = TPMI_RH_ENDORSEMENT_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize, FALSE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - result = TPMI_DH_OBJECT_Unmarshal(&handles[1], handleBufferStart, - bufferRemainingSize, TRUE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; - result = TPMI_SH_HMAC_Unmarshal(&handles[2], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_3; - break; -#endif // CC_GetSessionAuditDigest -#if CC_GetCommandAuditDigest -case TPM_CC_GetCommandAuditDigest: - *handleCount = 2; - result = TPMI_RH_ENDORSEMENT_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize, FALSE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - result = TPMI_DH_OBJECT_Unmarshal(&handles[1], handleBufferStart, - bufferRemainingSize, TRUE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; - break; -#endif // CC_GetCommandAuditDigest -#if CC_GetTime -case TPM_CC_GetTime: - *handleCount = 2; - result = TPMI_RH_ENDORSEMENT_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize, FALSE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - result = TPMI_DH_OBJECT_Unmarshal(&handles[1], handleBufferStart, - bufferRemainingSize, TRUE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; - break; -#endif // CC_GetTime -#if CC_CertifyX509 -case TPM_CC_CertifyX509: - *handleCount = 2; - result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize, FALSE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - result = TPMI_DH_OBJECT_Unmarshal(&handles[1], handleBufferStart, - bufferRemainingSize, TRUE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; - break; -#endif // CC_CertifyX509 -#if CC_Commit -case TPM_CC_Commit: - *handleCount = 1; - result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize, FALSE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_Commit -#if CC_EC_Ephemeral -case TPM_CC_EC_Ephemeral: - break; -#endif // CC_EC_Ephemeral -#if CC_VerifySignature -case TPM_CC_VerifySignature: - *handleCount = 1; - result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize, FALSE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_VerifySignature -#if CC_Sign -case TPM_CC_Sign: - *handleCount = 1; - result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize, FALSE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_Sign -#if CC_SetCommandCodeAuditStatus -case TPM_CC_SetCommandCodeAuditStatus: - *handleCount = 1; - result = TPMI_RH_PROVISION_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_SetCommandCodeAuditStatus -#if CC_PCR_Extend -case TPM_CC_PCR_Extend: - *handleCount = 1; - result = TPMI_DH_PCR_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize, TRUE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_PCR_Extend -#if CC_PCR_Event -case TPM_CC_PCR_Event: - *handleCount = 1; - result = TPMI_DH_PCR_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize, TRUE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_PCR_Event -#if CC_PCR_Read -case TPM_CC_PCR_Read: - break; -#endif // CC_PCR_Read -#if CC_PCR_Allocate -case TPM_CC_PCR_Allocate: - *handleCount = 1; - result = TPMI_RH_PLATFORM_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_PCR_Allocate -#if CC_PCR_SetAuthPolicy -case TPM_CC_PCR_SetAuthPolicy: - *handleCount = 1; - result = TPMI_RH_PLATFORM_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_PCR_SetAuthPolicy -#if CC_PCR_SetAuthValue -case TPM_CC_PCR_SetAuthValue: - *handleCount = 1; - result = TPMI_DH_PCR_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize, FALSE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_PCR_SetAuthValue -#if CC_PCR_Reset -case TPM_CC_PCR_Reset: - *handleCount = 1; - result = TPMI_DH_PCR_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize, FALSE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_PCR_Reset -#if CC_PolicySigned -case TPM_CC_PolicySigned: - *handleCount = 2; - result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize, FALSE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - result = TPMI_SH_POLICY_Unmarshal(&handles[1], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; - break; -#endif // CC_PolicySigned -#if CC_PolicySecret -case TPM_CC_PolicySecret: - *handleCount = 2; - result = TPMI_DH_ENTITY_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize, FALSE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - result = TPMI_SH_POLICY_Unmarshal(&handles[1], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; - break; -#endif // CC_PolicySecret -#if CC_PolicyTicket -case TPM_CC_PolicyTicket: - *handleCount = 1; - result = TPMI_SH_POLICY_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_PolicyTicket -#if CC_PolicyOR -case TPM_CC_PolicyOR: - *handleCount = 1; - result = TPMI_SH_POLICY_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_PolicyOR -#if CC_PolicyPCR -case TPM_CC_PolicyPCR: - *handleCount = 1; - result = TPMI_SH_POLICY_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_PolicyPCR -#if CC_PolicyLocality -case TPM_CC_PolicyLocality: - *handleCount = 1; - result = TPMI_SH_POLICY_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_PolicyLocality -#if CC_PolicyNV -case TPM_CC_PolicyNV: - *handleCount = 3; - result = TPMI_RH_NV_AUTH_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - result = TPMI_RH_NV_INDEX_Unmarshal(&handles[1], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; - result = TPMI_SH_POLICY_Unmarshal(&handles[2], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_3; - break; -#endif // CC_PolicyNV -#if CC_PolicyCounterTimer -case TPM_CC_PolicyCounterTimer: - *handleCount = 1; - result = TPMI_SH_POLICY_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_PolicyCounterTimer -#if CC_PolicyCommandCode -case TPM_CC_PolicyCommandCode: - *handleCount = 1; - result = TPMI_SH_POLICY_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_PolicyCommandCode -#if CC_PolicyPhysicalPresence -case TPM_CC_PolicyPhysicalPresence: - *handleCount = 1; - result = TPMI_SH_POLICY_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_PolicyPhysicalPresence -#if CC_PolicyCpHash -case TPM_CC_PolicyCpHash: - *handleCount = 1; - result = TPMI_SH_POLICY_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_PolicyCpHash -#if CC_PolicyNameHash -case TPM_CC_PolicyNameHash: - *handleCount = 1; - result = TPMI_SH_POLICY_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_PolicyNameHash -#if CC_PolicyDuplicationSelect -case TPM_CC_PolicyDuplicationSelect: - *handleCount = 1; - result = TPMI_SH_POLICY_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_PolicyDuplicationSelect -#if CC_PolicyAuthorize -case TPM_CC_PolicyAuthorize: - *handleCount = 1; - result = TPMI_SH_POLICY_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_PolicyAuthorize -#if CC_PolicyAuthValue -case TPM_CC_PolicyAuthValue: - *handleCount = 1; - result = TPMI_SH_POLICY_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_PolicyAuthValue -#if CC_PolicyPassword -case TPM_CC_PolicyPassword: - *handleCount = 1; - result = TPMI_SH_POLICY_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_PolicyPassword -#if CC_PolicyGetDigest -case TPM_CC_PolicyGetDigest: - *handleCount = 1; - result = TPMI_SH_POLICY_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_PolicyGetDigest -#if CC_PolicyNvWritten -case TPM_CC_PolicyNvWritten: - *handleCount = 1; - result = TPMI_SH_POLICY_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_PolicyNvWritten -#if CC_PolicyTemplate -case TPM_CC_PolicyTemplate: - *handleCount = 1; - result = TPMI_SH_POLICY_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_PolicyTemplate -#if CC_PolicyAuthorizeNV -case TPM_CC_PolicyAuthorizeNV: - *handleCount = 3; - result = TPMI_RH_NV_AUTH_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - result = TPMI_RH_NV_INDEX_Unmarshal(&handles[1], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; - result = TPMI_SH_POLICY_Unmarshal(&handles[2], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_3; - break; -#endif // CC_PolicyAuthorizeNV -#if CC_CreatePrimary -case TPM_CC_CreatePrimary: - *handleCount = 1; - result = TPMI_RH_HIERARCHY_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize, TRUE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_CreatePrimary -#if CC_HierarchyControl -case TPM_CC_HierarchyControl: - *handleCount = 1; - result = TPMI_RH_HIERARCHY_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize, FALSE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_HierarchyControl -#if CC_SetPrimaryPolicy -case TPM_CC_SetPrimaryPolicy: - *handleCount = 1; - result = TPMI_RH_HIERARCHY_AUTH_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_SetPrimaryPolicy -#if CC_ChangePPS -case TPM_CC_ChangePPS: - *handleCount = 1; - result = TPMI_RH_PLATFORM_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_ChangePPS -#if CC_ChangeEPS -case TPM_CC_ChangeEPS: - *handleCount = 1; - result = TPMI_RH_PLATFORM_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_ChangeEPS -#if CC_Clear -case TPM_CC_Clear: - *handleCount = 1; - result = TPMI_RH_CLEAR_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_Clear -#if CC_ClearControl -case TPM_CC_ClearControl: - *handleCount = 1; - result = TPMI_RH_CLEAR_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_ClearControl -#if CC_HierarchyChangeAuth -case TPM_CC_HierarchyChangeAuth: - *handleCount = 1; - result = TPMI_RH_HIERARCHY_AUTH_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_HierarchyChangeAuth -#if CC_DictionaryAttackLockReset -case TPM_CC_DictionaryAttackLockReset: - *handleCount = 1; - result = TPMI_RH_LOCKOUT_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_DictionaryAttackLockReset -#if CC_DictionaryAttackParameters -case TPM_CC_DictionaryAttackParameters: - *handleCount = 1; - result = TPMI_RH_LOCKOUT_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_DictionaryAttackParameters -#if CC_PP_Commands -case TPM_CC_PP_Commands: - *handleCount = 1; - result = TPMI_RH_PLATFORM_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_PP_Commands -#if CC_SetAlgorithmSet -case TPM_CC_SetAlgorithmSet: - *handleCount = 1; - result = TPMI_RH_PLATFORM_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_SetAlgorithmSet -#if CC_FieldUpgradeStart -case TPM_CC_FieldUpgradeStart: - *handleCount = 2; - result = TPMI_RH_PLATFORM_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - result = TPMI_DH_OBJECT_Unmarshal(&handles[1], handleBufferStart, - bufferRemainingSize, FALSE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; - break; -#endif // CC_FieldUpgradeStart -#if CC_FieldUpgradeData -case TPM_CC_FieldUpgradeData: - break; -#endif // CC_FieldUpgradeData -#if CC_FirmwareRead -case TPM_CC_FirmwareRead: - break; -#endif // CC_FirmwareRead -#if CC_ContextSave -case TPM_CC_ContextSave: - *handleCount = 1; - result = TPMI_DH_CONTEXT_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_ContextSave -#if CC_ContextLoad -case TPM_CC_ContextLoad: - break; -#endif // CC_ContextLoad -#if CC_FlushContext -case TPM_CC_FlushContext: - break; -#endif // CC_FlushContext -#if CC_EvictControl -case TPM_CC_EvictControl: - *handleCount = 2; - result = TPMI_RH_PROVISION_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - result = TPMI_DH_OBJECT_Unmarshal(&handles[1], handleBufferStart, - bufferRemainingSize, FALSE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; - break; -#endif // CC_EvictControl -#if CC_ReadClock -case TPM_CC_ReadClock: - break; -#endif // CC_ReadClock -#if CC_ClockSet -case TPM_CC_ClockSet: - *handleCount = 1; - result = TPMI_RH_PROVISION_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_ClockSet -#if CC_ClockRateAdjust -case TPM_CC_ClockRateAdjust: - *handleCount = 1; - result = TPMI_RH_PROVISION_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_ClockRateAdjust -#if CC_GetCapability -case TPM_CC_GetCapability: - break; -#endif // CC_GetCapability -#if CC_TestParms -case TPM_CC_TestParms: - break; -#endif // CC_TestParms -#if CC_NV_DefineSpace -case TPM_CC_NV_DefineSpace: - *handleCount = 1; - result = TPMI_RH_PROVISION_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_NV_DefineSpace -#if CC_NV_UndefineSpace -case TPM_CC_NV_UndefineSpace: - *handleCount = 2; - result = TPMI_RH_PROVISION_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - result = TPMI_RH_NV_INDEX_Unmarshal(&handles[1], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; - break; -#endif // CC_NV_UndefineSpace -#if CC_NV_UndefineSpaceSpecial -case TPM_CC_NV_UndefineSpaceSpecial: - *handleCount = 2; - result = TPMI_RH_NV_INDEX_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - result = TPMI_RH_PLATFORM_Unmarshal(&handles[1], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; - break; -#endif // CC_NV_UndefineSpaceSpecial -#if CC_NV_ReadPublic -case TPM_CC_NV_ReadPublic: - *handleCount = 1; - result = TPMI_RH_NV_INDEX_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_NV_ReadPublic -#if CC_NV_Write -case TPM_CC_NV_Write: - *handleCount = 2; - result = TPMI_RH_NV_AUTH_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - result = TPMI_RH_NV_INDEX_Unmarshal(&handles[1], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; - break; -#endif // CC_NV_Write -#if CC_NV_Increment -case TPM_CC_NV_Increment: - *handleCount = 2; - result = TPMI_RH_NV_AUTH_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - result = TPMI_RH_NV_INDEX_Unmarshal(&handles[1], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; - break; -#endif // CC_NV_Increment -#if CC_NV_Extend -case TPM_CC_NV_Extend: - *handleCount = 2; - result = TPMI_RH_NV_AUTH_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - result = TPMI_RH_NV_INDEX_Unmarshal(&handles[1], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; - break; -#endif // CC_NV_Extend -#if CC_NV_SetBits -case TPM_CC_NV_SetBits: - *handleCount = 2; - result = TPMI_RH_NV_AUTH_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - result = TPMI_RH_NV_INDEX_Unmarshal(&handles[1], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; - break; -#endif // CC_NV_SetBits -#if CC_NV_WriteLock -case TPM_CC_NV_WriteLock: - *handleCount = 2; - result = TPMI_RH_NV_AUTH_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - result = TPMI_RH_NV_INDEX_Unmarshal(&handles[1], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; - break; -#endif // CC_NV_WriteLock -#if CC_NV_GlobalWriteLock -case TPM_CC_NV_GlobalWriteLock: - *handleCount = 1; - result = TPMI_RH_PROVISION_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_NV_GlobalWriteLock -#if CC_NV_Read -case TPM_CC_NV_Read: - *handleCount = 2; - result = TPMI_RH_NV_AUTH_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - result = TPMI_RH_NV_INDEX_Unmarshal(&handles[1], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; - break; -#endif // CC_NV_Read -#if CC_NV_ReadLock -case TPM_CC_NV_ReadLock: - *handleCount = 2; - result = TPMI_RH_NV_AUTH_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - result = TPMI_RH_NV_INDEX_Unmarshal(&handles[1], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; - break; -#endif // CC_NV_ReadLock -#if CC_NV_ChangeAuth -case TPM_CC_NV_ChangeAuth: - *handleCount = 1; - result = TPMI_RH_NV_INDEX_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_NV_ChangeAuth -#if CC_NV_Certify -case TPM_CC_NV_Certify: - *handleCount = 3; - result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize, TRUE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - result = TPMI_RH_NV_AUTH_Unmarshal(&handles[1], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; - result = TPMI_RH_NV_INDEX_Unmarshal(&handles[2], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_3; - break; -#endif // CC_NV_Certify -#if CC_AC_GetCapability -case TPM_CC_AC_GetCapability: - *handleCount = 1; - result = TPMI_RH_AC_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_AC_GetCapability -#if CC_AC_Send -case TPM_CC_AC_Send: - *handleCount = 3; - result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize, FALSE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - result = TPMI_RH_NV_AUTH_Unmarshal(&handles[1], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; - result = TPMI_RH_AC_Unmarshal(&handles[2], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_3; - break; -#endif // CC_AC_Send -#if CC_Policy_AC_SendSelect -case TPM_CC_Policy_AC_SendSelect: - *handleCount = 1; - result = TPMI_SH_POLICY_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_Policy_AC_SendSelect -#if CC_Vendor_TCG_Test -case TPM_CC_Vendor_TCG_Test: - break; -#endif // CC_Vendor_TCG_Test diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/HashTestData.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/HashTestData.h deleted file mode 100644 index 8bd471a3f..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/HashTestData.h +++ /dev/null @@ -1,104 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -// -// Hash Test Vectors -// - -TPM2B_TYPE(HASH_TEST_KEY, 128); // Twice the largest digest size -TPM2B_HASH_TEST_KEY c_hashTestKey = {{128, { - 0xa0,0xed,0x5c,0x9a,0xd2,0x4a,0x21,0x40,0x1a,0xd0,0x81,0x47,0x39,0x63,0xf9,0x50, - 0xdc,0x59,0x47,0x11,0x40,0x13,0x99,0x92,0xc0,0x72,0xa4,0x0f,0xe2,0x33,0xe4,0x63, - 0x9b,0xb6,0x76,0xc3,0x1e,0x6f,0x13,0xee,0xcc,0x99,0x71,0xa5,0xc0,0xcf,0x9a,0x40, - 0xcf,0xdb,0x66,0x70,0x05,0x63,0x54,0x12,0x25,0xf4,0xe0,0x1b,0x23,0x35,0xe3,0x70, - 0x7d,0x19,0x5f,0x00,0xe4,0xf1,0x61,0x73,0x05,0xd8,0x58,0x7f,0x60,0x61,0x84,0x36, - 0xec,0xbe,0x96,0x1b,0x69,0x00,0xf0,0x9a,0x6e,0xe3,0x26,0x73,0x0d,0x17,0x5b,0x33, - 0x41,0x44,0x9d,0x90,0xab,0xd9,0x6b,0x7d,0x48,0x99,0x25,0x93,0x29,0x14,0x2b,0xce, - 0x93,0x8d,0x8c,0xaf,0x31,0x0e,0x9c,0x57,0xd8,0x5b,0x57,0x20,0x1b,0x9f,0x2d,0xa5 - }}}; - -TPM2B_TYPE(HASH_TEST_DATA, 256); // Twice the largest block size -TPM2B_HASH_TEST_DATA c_hashTestData = {{256, { - 0x88,0xac,0xc3,0xe5,0x5f,0x66,0x9d,0x18,0x80,0xc9,0x7a,0x9c,0xa4,0x08,0x90,0x98, - 0x0f,0x3a,0x53,0x92,0x4c,0x67,0x4e,0xb7,0x37,0xec,0x67,0x87,0xb6,0xbe,0x10,0xca, - 0x11,0x5b,0x4a,0x0b,0x45,0xc3,0x32,0x68,0x48,0x69,0xce,0x25,0x1b,0xc8,0xaf,0x44, - 0x79,0x22,0x83,0xc8,0xfb,0xe2,0x63,0x94,0xa2,0x3c,0x59,0x3e,0x3e,0xc6,0x64,0x2c, - 0x1f,0x8c,0x11,0x93,0x24,0xa3,0x17,0xc5,0x2f,0x37,0xcf,0x95,0x97,0x8e,0x63,0x39, - 0x68,0xd5,0xca,0xba,0x18,0x37,0x69,0x6e,0x4f,0x19,0xfd,0x8a,0xc0,0x8d,0x87,0x3a, - 0xbc,0x31,0x42,0x04,0x05,0xef,0xb5,0x02,0xef,0x1e,0x92,0x4b,0xb7,0x73,0x2c,0x8c, - 0xeb,0x23,0x13,0x81,0x34,0xb9,0xb5,0xc1,0x17,0x37,0x39,0xf8,0x3e,0xe4,0x4c,0x06, - 0xa8,0x81,0x52,0x2f,0xef,0xc9,0x9c,0x69,0x89,0xbc,0x85,0x9c,0x30,0x16,0x02,0xca, - 0xe3,0x61,0xd4,0x0f,0xed,0x34,0x1b,0xca,0xc1,0x1b,0xd1,0xfa,0xc1,0xa2,0xe0,0xdf, - 0x52,0x2f,0x0b,0x4b,0x9f,0x0e,0x45,0x54,0xb9,0x17,0xb6,0xaf,0xd6,0xd5,0xca,0x90, - 0x29,0x57,0x7b,0x70,0x50,0x94,0x5c,0x8e,0xf6,0x4e,0x21,0x8b,0xc6,0x8b,0xa6,0xbc, - 0xb9,0x64,0xd4,0x4d,0xf3,0x68,0xd8,0xac,0xde,0xd8,0xd8,0xb5,0x6d,0xcd,0x93,0xeb, - 0x28,0xa4,0xe2,0x5c,0x44,0xef,0xf0,0xe1,0x6f,0x38,0x1a,0x3c,0xe6,0xef,0xa2,0x9d, - 0xb9,0xa8,0x05,0x2a,0x95,0xec,0x5f,0xdb,0xb0,0x25,0x67,0x9c,0x86,0x7a,0x8e,0xea, - 0x51,0xcc,0xc3,0xd3,0xff,0x6e,0xf0,0xed,0xa3,0xae,0xf9,0x5d,0x33,0x70,0xf2,0x11 - }}}; - -#if ALG_SHA1 == YES -TPM2B_TYPE(SHA1, 20); -TPM2B_SHA1 c_SHA1_digest = {{20, { - 0xee,0x2c,0xef,0x93,0x76,0xbd,0xf8,0x91,0xbc,0xe6,0xe5,0x57,0x53,0x77,0x01,0xb5, - 0x70,0x95,0xe5,0x40 - }}}; -#endif - -#if ALG_SHA256 == YES -TPM2B_TYPE(SHA256, 32); -TPM2B_SHA256 c_SHA256_digest = {{32, { - 0x64,0xe8,0xe0,0xc3,0xa9,0xa4,0x51,0x49,0x10,0x55,0x8d,0x31,0x71,0xe5,0x2f,0x69, - 0x3a,0xdc,0xc7,0x11,0x32,0x44,0x61,0xbd,0x34,0x39,0x57,0xb0,0xa8,0x75,0x86,0x1b - }}}; -#endif - -#if ALG_SHA384 == YES -TPM2B_TYPE(SHA384, 48); -TPM2B_SHA384 c_SHA384_digest = {{48, { - 0x37,0x75,0x29,0xb5,0x20,0x15,0x6e,0xa3,0x7e,0xa3,0x0d,0xcd,0x80,0xa8,0xa3,0x3d, - 0xeb,0xe8,0xad,0x4e,0x1c,0x77,0x94,0x5a,0xaf,0x6c,0xd0,0xc1,0xfa,0x43,0x3f,0xc7, - 0xb8,0xf1,0x01,0xc0,0x60,0xbf,0xf2,0x87,0xe8,0x71,0x9e,0x51,0x97,0xa0,0x09,0x8d - }}}; -#endif - -#if ALG_SHA512 == YES -TPM2B_TYPE(SHA512, 64); -TPM2B_SHA512 c_SHA512_digest = {{64, { - 0xe2,0x7b,0x10,0x3d,0x5e,0x48,0x58,0x44,0x67,0xac,0xa3,0x81,0x8c,0x1d,0xc5,0x71, - 0x66,0x92,0x8a,0x89,0xaa,0xd4,0x35,0x51,0x60,0x37,0x31,0xd7,0xba,0xe7,0x93,0x0b, - 0x16,0x4d,0xb3,0xc8,0x34,0x98,0x3c,0xd3,0x53,0xde,0x5e,0xe8,0x0c,0xbc,0xaf,0xc9, - 0x24,0x2c,0xcc,0xed,0xdb,0xde,0xba,0x1f,0x14,0x14,0x5a,0x95,0x80,0xde,0x66,0xbd - }}}; -#endif diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/InternalRoutines.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/InternalRoutines.h deleted file mode 100644 index 11bab88c0..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/InternalRoutines.h +++ /dev/null @@ -1,127 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#ifndef INTERNAL_ROUTINES_H -#define INTERNAL_ROUTINES_H - -#if !defined _LIB_SUPPORT_H_ && !defined _TPM_H_ -#error "Should not be called" -#endif - -// DRTM functions -#include "_TPM_Hash_Start_fp.h" -#include "_TPM_Hash_Data_fp.h" -#include "_TPM_Hash_End_fp.h" - -// Internal subsystem functions -#include "Object_fp.h" -#include "Context_spt_fp.h" -#include "Object_spt_fp.h" -#include "Entity_fp.h" -#include "Session_fp.h" -#include "Hierarchy_fp.h" -#include "NvReserved_fp.h" -#include "NvDynamic_fp.h" -#include "NV_spt_fp.h" -#include "PCR_fp.h" -#include "DA_fp.h" -#include "TpmFail_fp.h" -#include "SessionProcess_fp.h" - -// Internal support functions -#include "CommandCodeAttributes_fp.h" -#include "Marshal_fp.h" -#include "Time_fp.h" -#include "Locality_fp.h" -#include "PP_fp.h" -#include "CommandAudit_fp.h" -#include "Manufacture_fp.h" -#include "Handle_fp.h" -#include "Power_fp.h" -#include "Response_fp.h" -#include "CommandDispatcher_fp.h" - -#ifdef CC_AC_Send -# include "AC_spt_fp.h" -#endif // CC_AC_Send - -// Miscellaneous -#include "Bits_fp.h" -#include "AlgorithmCap_fp.h" -#include "PropertyCap_fp.h" -#include "IoBuffers_fp.h" -#include "Memory_fp.h" -#include "ResponseCodeProcessing_fp.h" - -// Internal cryptographic functions -#include "BnConvert_fp.h" -#include "BnMath_fp.h" -#include "BnMemory_fp.h" -#include "Ticket_fp.h" -#include "CryptUtil_fp.h" -#include "CryptHash_fp.h" -#include "CryptSym_fp.h" -#include "CryptDes_fp.h" -#include "CryptPrime_fp.h" -#include "CryptRand_fp.h" -#include "CryptSelfTest_fp.h" -#include "MathOnByteBuffers_fp.h" -#include "CryptSym_fp.h" -#include "AlgorithmTests_fp.h" - -#if ALG_RSA -#include "CryptRsa_fp.h" -#include "CryptPrimeSieve_fp.h" -#endif - -#if ALG_ECC -#include "CryptEccMain_fp.h" -#include "CryptEccSignature_fp.h" -#include "CryptEccKeyExchange_fp.h" -#endif - -#if CC_MAC || CC_MAC_Start -# include "CryptSmac_fp.h" -# if ALG_CMAC -# include "CryptCmac_fp.h" -# endif -#endif - -// Support library -#include "SupportLibraryFunctionPrototypes_fp.h" - -// Linkage to platform functions -#include "Platform_fp.h" - -#endif diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/KdfTestData.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/KdfTestData.h deleted file mode 100644 index bf27cfc84..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/KdfTestData.h +++ /dev/null @@ -1,83 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -// -// Hash Test Vectors -// - -#define TEST_KDF_KEY_SIZE 20 - -TPM2B_TYPE(KDF_TEST_KEY, TEST_KDF_KEY_SIZE); -TPM2B_KDF_TEST_KEY c_kdfTestKeyIn = {{TEST_KDF_KEY_SIZE, { - 0x27, 0x1F, 0xA0, 0x8B, 0xBD, 0xC5, 0x06, 0x0E, 0xC3, 0xDF, - 0xA9, 0x28, 0xFF, 0x9B, 0x73, 0x12, 0x3A, 0x12, 0xDA, 0x0C }}}; - -TPM2B_TYPE(KDF_TEST_LABEL, 17); -TPM2B_KDF_TEST_LABEL c_kdfTestLabel = {{17, { - 0x4B, 0x44, 0x46, 0x53, 0x45, 0x4C, 0x46, 0x54, - 0x45, 0x53, 0x54, 0x4C, 0x41, 0x42, 0x45, 0x4C, 0x00 }}}; - -TPM2B_TYPE(KDF_TEST_CONTEXT, 8); -TPM2B_KDF_TEST_CONTEXT c_kdfTestContextU = {{8, { - 0xCE, 0x24, 0x4F, 0x39, 0x5D, 0xCA, 0x73, 0x91 }}}; - -TPM2B_KDF_TEST_CONTEXT c_kdfTestContextV = {{8, { - 0xDA, 0x50, 0x40, 0x31, 0xDD, 0xF1, 0x2E, 0x83 }}}; - - -#if ALG_SHA512 == ALG_YES - TPM2B_KDF_TEST_KEY c_kdfTestKeyOut = {{20, { - 0x8b, 0xe2, 0xc1, 0xb8, 0x5b, 0x78, 0x56, 0x9b, 0x9f, 0xa7, - 0x59, 0xf5, 0x85, 0x7c, 0x56, 0xd6, 0x84, 0x81, 0x0f, 0xd3 }}}; - #define KDF_TEST_ALG TPM_ALG_SHA512 - -#elif ALG_SHA384 == ALG_YES - TPM2B_KDF_TEST_KEY c_kdfTestKeyOut = {{20, { - 0x1d, 0xce, 0x70, 0xc9, 0x11, 0x3e, 0xb2, 0xdb, 0xa4, 0x7b, - 0xd9, 0xcf, 0xc7, 0x2b, 0xf4, 0x6f, 0x45, 0xb0, 0x93, 0x12 }}}; - #define KDF_TEST_ALG TPM_ALG_SHA384 - -#elif ALG_SHA256 == ALG_YES - TPM2B_KDF_TEST_KEY c_kdfTestKeyOut = {{20, { - 0xbb, 0x02, 0x59, 0xe1, 0xc8, 0xba, 0x60, 0x7e, 0x6a, 0x2c, - 0xd7, 0x04, 0xb6, 0x9a, 0x90, 0x2e, 0x9a, 0xde, 0x84, 0xc4 }}}; - #define KDF_TEST_ALG TPM_ALG_SHA256 - -#elif ALG_SHA1 == ALG_YES - TPM2B_KDF_TEST_KEY c_kdfTestKeyOut = {{20, { - 0x55, 0xb5, 0xa7, 0x18, 0x4a, 0xa0, 0x74, 0x23, 0xc4, 0x7d, - 0xae, 0x76, 0x6c, 0x26, 0xa2, 0x37, 0x7d, 0x7c, 0xf8, 0x51 }}}; - #define KDF_TEST_ALG TPM_ALG_SHA1 -#endif diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/LibSupport.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/LibSupport.h deleted file mode 100644 index 96473928e..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/LibSupport.h +++ /dev/null @@ -1,69 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -// This header file is used to select the library code that gets included in the -// TPM build. - -#ifndef _LIB_SUPPORT_H_ -#define _LIB_SUPPORT_H_ - -//********************* -#ifndef RADIX_BITS -# if defined(__x86_64__) || defined(__x86_64) \ - || defined(__amd64__) || defined(__amd64) || defined(_WIN64) || defined(_M_X64) \ - || defined(_M_ARM64) || defined(__aarch64__) -# define RADIX_BITS 64 -# elif defined(__i386__) || defined(__i386) || defined(i386) \ - || defined(_WIN32) || defined(_M_IX86) \ - || defined(_M_ARM) || defined(__arm__) || defined(__thumb__) -# define RADIX_BITS 32 -# else -# error Unable to determine RADIX_BITS from compiler environment -# endif -#endif // RADIX_BITS - -// These macros use the selected libraries to the proper include files. -#define LIB_QUOTE(_STRING_) #_STRING_ -#define LIB_INCLUDE2(_LIB_, _TYPE_) LIB_QUOTE(_LIB_/TpmTo##_LIB_##_TYPE_.h) -#define LIB_INCLUDE(_LIB_, _TYPE_) LIB_INCLUDE2(_LIB_, _TYPE_) - -// Include the options for hashing and symmetric. Defer the load of the math package -// Until the bignum parameters are defined. -#include LIB_INCLUDE(SYM_LIB, Sym) -#include LIB_INCLUDE(HASH_LIB, Hash) - -#undef MIN -#undef MAX - -#endif // _LIB_SUPPORT_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ltc/LtcSettings.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ltc/LtcSettings.h deleted file mode 100644 index 0e31d344d..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ltc/LtcSettings.h +++ /dev/null @@ -1,84 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or other - * materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -//** Introduction -// -// This header file contains some defines that are necessary to get LTC to compile -// correctly -// -#ifndef _LTC_SETTINGS_H_ -#define _LTC_SETTINGS_H_ - -#if (defined HASH_LIB_LTC) || (defined SYM_LIB_LTC) || (defined MATH_LIB_LTC) - -#if ALG_AES -# define LTC_RIJNDAEL -#endif -#if ALG_TDES -# define LTC_DES -#endif - -#define _Bool int - -// LibTomCrypt types -typedef unsigned long long ulong64; - -/* default no functions m for LTC */ -#define LTC_MUTEX_GLOBAL(x) -#define LTC_MUTEX_PROTO(x) -#define LTC_MUTEX_TYPE(x) -#define LTC_MUTEX_INIT(x) -#define LTC_MUTEX_LOCK(x) -#define LTC_MUTEX_UNLOCK(x) - -#ifndef XMEM_NEQ -#define XMEM_NEQ -#endif - -#define LTC_SHA512 -#define LTC_SHA384 -#define LTC_SHA256 -#define LTC_SHA1 - -// Define these function calls as needed -#define CryptLibStartup() LtcLibStartup() - -_REDUCE_WARNING_LEVEL_(0) -#include "tomcrypt.h" -_NORMAL_WARNING_LEVEL_ - -#endif - -#endif // diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ltc/TpmToLtcHash.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ltc/TpmToLtcHash.h deleted file mode 100644 index 6f429852c..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ltc/TpmToLtcHash.h +++ /dev/null @@ -1,172 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or other - * materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -//** Introduction -// This header defines the interface between the hashing code and the LIbTomCrypt -// hash functions. - -#ifndef HASH_LIB_DEFINED -#define HASH_LIB_DEFINED - -#define HASH_LIB_LTC - -// Avoid pulling in the MPA math if not doing asymmetric with LTC -#if !(defined MATH_LIB_LTC) -# define LTC_NO_ASYMMETRIC -#endif - -#include "LtcSettings.h" - -//*************************************************************** -//******** Linking to the TomCrypt HASH code ******************** -//*************************************************************** -// These defines need to be known in all parts of the TPM so that the structure -// sizes can be properly computed when needed. -#define tpmHashStateSHA1_t struct sha1_state -#define tpmHashStateSHA256_t struct sha256_state -#define tpmHashStateSHA512_t struct sha512_state -#define tpmHashStateSHA384_t struct sha512_state - -// The following defines are only needed by CryptHash.c -#ifdef _CRYPT_HASH_C_ - -// Define the interface between CryptHash.c to the functions provided by the -// library. For each method, define the calling parameters of the method and then -// define how the method is invoked in CryptHash.c. -// -// All hashes are required to have the same calling sequence. If they don't, create -// a simple adaptation function that converts from the "standard" form of the call -// to the form used by the specific hash (and then send a nasty letter to the -// person who wrote the hash function for the library). -// -// The macro that calls the method also defines how the -// parameters get swizzled between the default form (in CryptHash.c)and the -// library form. -// -// Initialize the hash context -#define HASH_START_METHOD_DEF \ - void (HASH_START_METHOD)(PANY_HASH_STATE state) -#define HASH_START(hashState) \ - ((hashState)->def->method.start)(&(hashState)->state) - -// Add data to the hash -#define HASH_DATA_METHOD_DEF \ - void (HASH_DATA_METHOD)(PANY_HASH_STATE state, \ - const BYTE *buffer, \ - size_t size) -#define HASH_DATA(hashState, dInSize, dIn) \ - ((hashState)->def->method.data)(&(hashState)->state, dIn, dInSize) - -// Finalize the hash and get the digest -#define HASH_END_METHOD_DEF \ - void (HASH_END_METHOD)(PANY_HASH_STATE \ - state, \ - BYTE *buffer) -#define HASH_END(hashState, buffer) \ - ((hashState)->def->method.end)(&(hashState)->state, buffer) - -// Copy the hash context -// Note: For import, export, and copy, memcpy() is used since there is no -// reformatting necessary between the internal and external forms -#define HASH_STATE_COPY_METHOD_DEF \ - void (HASH_STATE_COPY_METHOD)(PANY_HASH_STATE to, \ - PCANY_HASH_STATE from, \ - size_t size) -#define HASH_STATE_COPY(hashStateOut, hashStateIn) \ - ((hashStateIn)->def->method.copy) \ - (&(hashStateOut)->state, \ - &(hashStateIn)->state, \ - (hashStateIn)->def->contextSize) - -// Copy (with reformatting when necessary) an internal hash structure to an -// external blob -#define HASH_STATE_EXPORT_METHOD_DEF \ - void (HASH_STATE_EXPORT_METHOD)(BYTE *to, \ - PANY_HASH_STATE from, \ - size_t size) -#define HASH_STATE_EXPORT(to, hashStateFrom) \ - ((hashStateFrom)->def->method.copyOut) \ - (&(((BYTE *)(to))[offsetof(HASH_STATE, state)]), \ - &(hashStateFrom)->state, \ - (hashStateFrom)->def->contextSize) - -// Copy from an external blob to an internal formate (with reformatting when -// necessary -#define HASH_STATE_IMPORT_METHOD_DEF \ - void (HASH_STATE_IMPORT_METHOD)(PANY_HASH_STATE to, \ - const BYTE *from, \ - size_t size) -#define HASH_STATE_IMPORT(hashStateTo, from) \ - ((hashStateTo)->def->method.copyIn) \ - (&(hashStateTo)->state, \ - &(((const BYTE *)(from))[offsetof(HASH_STATE, state)]),\ - (hashStateTo)->def->contextSize) - -// Internal External -// Designation Designation -#define tpmHashStart_SHA1 sha1_init -#define tpmHashData_SHA1 sha1_process -#define tpmHashEnd_SHA1 sha1_done -#define tpmHashStateCopy_SHA1 memcpy -#define tpmHashStateExport_SHA1 memcpy -#define tpmHashStateImport_SHA1 memcpy -#define tpmHashStart_SHA256 sha256_init -#define tpmHashData_SHA256 sha256_process -#define tpmHashEnd_SHA256 sha256_done -#define tpmHashStateCopy_SHA256 memcpy -#define tpmHashStateExport_SHA256 memcpy -#define tpmHashStateImport_SHA256 memcpy -#define tpmHashStart_SHA384 sha384_init -#define tpmHashData_SHA384 sha384_process -#define tpmHashEnd_SHA384 sha384_done -#define tpmHashStateCopy_SHA384 memcpy -#define tpmHashStateExport_SHA384 memcpy -#define tpmHashStateImport_SHA384 memcpy -#define tpmHashStart_SHA512 sha512_init -#define tpmHashData_SHA512 sha512_process -#define tpmHashEnd_SHA512 sha512_done -#define tpmHashStateCopy_SHA512 memcpy -#define tpmHashStateExport_SHA512 memcpy -#define tpmHashStateImport_SHA512 memcpy - -#endif // _CRYPT_HASH_C_ - -// No special processing to initialize the LTC hash library -#define LibHashInit() - -// No special processing at the end of the simulation (i.e., no statistics to print) -#define HashLibSimulationEnd() - -#endif // HASH_LIB_DEFINED diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ltc/TpmToLtcMath.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ltc/TpmToLtcMath.h deleted file mode 100644 index 93ede548d..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ltc/TpmToLtcMath.h +++ /dev/null @@ -1,89 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or other - * materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -//** Introduction -// This file contains the structure definitions used for linking from the TPM -// code to the MPA and LTC math libraries. - -#ifndef MATH_LIB_DEFINED -#define MATH_LIB_DEFINED - -#define MATH_LIB_LTC - -_REDUCE_WARNING_LEVEL_(2) -#include "LtcSettings.h" -#include "mpalib.h" -#include "mpa.h" -#include "tomcrypt_mpa.h" -_NORMAL_WARNING_LEVEL_ - - -#if RADIX_BITS != 32 -#error "The mpa library used with LibTomCrypt only works for 32-bit words" -#endif - -// These macros handle entering and leaving a scope -// from which an MPA or LibTomCrypt function may be called. -// Many of these functions require a scratch pool from which -// they will allocate scratch variables (rather than using their -// own stack). -extern mpa_scratch_mem external_mem_pool; - -#define MPA_ENTER(vars, bits) \ - mpa_word_t POOL_ [ \ - mpa_scratch_mem_size_in_U32(vars, bits)]; \ - mpa_scratch_mem pool_save = external_mem_pool; \ - mpa_scratch_mem POOL = LtcPoolInit(POOL_, vars, bits) - -#define MPA_LEAVE() init_mpa_tomcrypt(pool_save) - -typedef ECC_CURVE_DATA bnCurve_t; - -typedef bnCurve_t *bigCurve; - -#define AccessCurveData(E) (E) - -// Include the support functions for the routines that are used by LTC thunk. -#include "TpmToLtcSupport_fp.h" - -#define CURVE_INITIALIZED(name, initializer) \ - bnCurve_t *name = (ECC_CURVE_DATA *)GetCurveData(initializer) - -#define CURVE_FREE(E) - -// This definition would change if there were something to report -#define MathLibSimulationEnd() - -#endif // MATH_LIB_DEFINED diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ltc/TpmToLtcSym.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ltc/TpmToLtcSym.h deleted file mode 100644 index 68de231a8..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ltc/TpmToLtcSym.h +++ /dev/null @@ -1,110 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or other - * materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -//** Introduction -// -// This header file is used to "splice" the TPM to the LTC symmetric cipher code. - -#ifndef SYM_LIB_DEFINED -#define SYM_LIB_DEFINED - -#define SYM_LIB_LTC - -// Avoid pulling in the MPA math if not doing asymmetric with LTC -#if !(defined MATH_LIB_LTC) -# define LTC_NO_ASYMMETRIC -#endif - -#include "LtcSettings.h" - -//*************************************************************** -//******** Linking to the TomCrypt AES code ********************* -//*************************************************************** - -#if ALG_SM4 -#error "SM4 is not available" -#endif - -#if ALG_CAMELLIA -#error "Camellia is not available" -#endif - -// Define the order of parameters to the functions that do block encryption and -// decryption. -typedef void(*TpmCryptSetSymKeyCall_t)( - const void *in, - void *out, - void *keySchedule - ); - -// Macro to put the parameters in the order required by the library -#define SWIZZLE(keySchedule, in, out) \ - (const void *)(in), (void *)(out), (void *)(keySchedule) - -// Macros to set up the encryption/decryption key schedules -// -// AES: -# define TpmCryptSetEncryptKeyAES(key, keySizeInBits, schedule) \ - aes_setup((key), BITS_TO_BYTES(keySizeInBits), 0, (symmetric_key *)(schedule)) -# define TpmCryptSetDecryptKeyAES(key, keySizeInBits, schedule) \ - aes_setup((key), BITS_TO_BYTES(keySizeInBits), 0, (symmetric_key *)(schedule)) - -// TDES: -# define TpmCryptSetEncryptKeyTDES(key, keySizeInBits, schedule) \ - TDES_setup((key), (keySizeInBits), (symmetric_key *)(schedule)) -# define TpmCryptSetDecryptKeyTDES(key, keySizeInBits, schedule) \ - TDES_setup((key), (keySizeInBits), (symmetric_key *)(schedule)) - - -// Macros to alias encrypt and decrypt function calls to library-specific values -// sparingly. These should be used sparingly. Currently, they are only used by -// CryptRand.c in the AES version of the DRBG. -#define TpmCryptEncryptAES aes_ecb_encrypt -#define TpmCryptDecryptAES aes_ecb_decrypt -#define tpmKeyScheduleAES struct rijndael_key -// -#define TpmCryptEncryptTDES des3_ecb_encrypt -#define TpmCryptDecryptTDES des3_ecb_decrypt -#define tpmKeyScheduleTDES struct des3_key - -typedef union tpmCryptKeySchedule_t tpmCryptKeySchedule_t; - -#include "TpmToLtcDesSupport_fp.h" - -// This is used to trigger printing of simulation statistics - -#define SymLibSimulationEnd() - -#endif // SYM_LIB_DEFINED diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/MinMax.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/MinMax.h deleted file mode 100644 index 720065055..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/MinMax.h +++ /dev/null @@ -1,46 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#ifndef _MIN_MAX_H_ -#define _MIN_MAX_H_ - -#ifndef MAX -#define MAX(a, b) ((a) > (b) ? (a) : (b)) -#endif -#ifndef MIN -#define MIN(a, b) ((a) < (b) ? (a) : (b)) -#endif - -#endif // _MIN_MAX_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/NV.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/NV.h deleted file mode 100644 index 88564f73c..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/NV.h +++ /dev/null @@ -1,165 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Index Type Definitions - -// These definitions allow the same code to be used pre and post 1.21. The main -// action is to redefine the index type values from the bit values. -// Use TPM_NT_ORDINARY to indicate if the TPM_NT type is defined - -#ifndef _NV_H_ -#define _NV_H_ - - -#ifdef TPM_NT_ORDINARY -// If TPM_NT_ORDINARY is defined, then the TPM_NT field is present in a TPMA_NV -# define GET_TPM_NT(attributes) GET_ATTRIBUTE(attributes, TPMA_NV, TPM_NT) -#else -// If TPM_NT_ORDINARY is not defined, then need to synthesize it from the -// attributes -# define GetNv_TPM_NV(attributes) \ - ( IS_ATTRIBUTE(attributes, TPMA_NV, COUNTER) \ - + (IS_ATTRIBUTE(attributes, TPMA_NV, BITS) << 1) \ - + (IS_ATTRIBUTE(attributes, TPMA_NV, EXTEND) << 2) \ - ) -# define TPM_NT_ORDINARY (0) -# define TPM_NT_COUNTER (1) -# define TPM_NT_BITS (2) -# define TPM_NT_EXTEND (4) -#endif - - -//** Attribute Macros -// These macros are used to isolate the differences in the way that the index type -// changed in version 1.21 of the specification -# define IsNvOrdinaryIndex(attributes) \ - (GET_TPM_NT(attributes) == TPM_NT_ORDINARY) - -# define IsNvCounterIndex(attributes) \ - (GET_TPM_NT(attributes) == TPM_NT_COUNTER) - -# define IsNvBitsIndex(attributes) \ - (GET_TPM_NT(attributes) == TPM_NT_BITS) - -# define IsNvExtendIndex(attributes) \ - (GET_TPM_NT(attributes) == TPM_NT_EXTEND) - -#ifdef TPM_NT_PIN_PASS -# define IsNvPinPassIndex(attributes) \ - (GET_TPM_NT(attributes) == TPM_NT_PIN_PASS) -#endif - -#ifdef TPM_NT_PIN_FAIL -# define IsNvPinFailIndex(attributes) \ - (GET_TPM_NT(attributes) == TPM_NT_PIN_FAIL) -#endif - -typedef struct { - UINT32 size; - TPM_HANDLE handle; -} NV_ENTRY_HEADER; - -#define NV_EVICT_OBJECT_SIZE \ - (sizeof(UINT32) + sizeof(TPM_HANDLE) + sizeof(OBJECT)) - -#define NV_INDEX_COUNTER_SIZE \ - (sizeof(UINT32) + sizeof(NV_INDEX) + sizeof(UINT64)) - -#define NV_RAM_INDEX_COUNTER_SIZE \ - (sizeof(NV_RAM_HEADER) + sizeof(UINT64)) - -typedef struct { - UINT32 size; - TPM_HANDLE handle; - TPMA_NV attributes; -} NV_RAM_HEADER; - -// Defines the end-of-list marker for NV. The list terminator is -// a UINT32 of zero, followed by the current value of s_maxCounter which is a -// 64-bit value. The structure is defined as an array of 3 UINT32 values so that -// there is no padding between the UINT32 list end marker and the UINT64 maxCounter -// value. -typedef UINT32 NV_LIST_TERMINATOR[3]; - -//** Orderly RAM Values -// The following defines are for accessing orderly RAM values. - -// This is the initialize for the RAM reference iterator. -#define NV_RAM_REF_INIT 0 -// This is the starting address of the RAM space used for orderly data -#define RAM_ORDERLY_START \ - (&s_indexOrderlyRam[0]) -// This is the offset within NV that is used to save the orderly data on an -// orderly shutdown. -#define NV_ORDERLY_START \ - (NV_INDEX_RAM_DATA) -// This is the end of the orderly RAM space. It is actually the first byte after the -// last byte of orderly RAM data -#define RAM_ORDERLY_END \ - (RAM_ORDERLY_START + sizeof(s_indexOrderlyRam)) -// This is the end of the orderly space in NV memory. As with RAM_ORDERLY_END, it is -// actually the offset of the first byte after the end of the NV orderly data. -#define NV_ORDERLY_END \ - (NV_ORDERLY_START + sizeof(s_indexOrderlyRam)) - -// Macro to check that an orderly RAM address is with range. -#define ORDERLY_RAM_ADDRESS_OK(start, offset) \ - ((start >= RAM_ORDERLY_START) && ((start + offset - 1) < RAM_ORDERLY_END)) - - -#define RETURN_IF_NV_IS_NOT_AVAILABLE \ -{ \ - if(g_NvStatus != TPM_RC_SUCCESS) \ - return g_NvStatus; \ -} - -// Routinely have to clear the orderly flag and fail if the -// NV is not available so that it can be cleared. -#define RETURN_IF_ORDERLY \ -{ \ - if(NvClearOrderly() != TPM_RC_SUCCESS) \ - return g_NvStatus; \ -} - -#define NV_IS_AVAILABLE (g_NvStatus == TPM_RC_SUCCESS) - -#define IS_ORDERLY(value) (value < SU_DA_USED_VALUE) - -#define NV_IS_ORDERLY (IS_ORDERLY(gp.orderlyState)) - -// Macro to set the NV UPDATE_TYPE. This deals with the fact that the update is -// possibly a combination of UT_NV and UT_ORDERLY. -#define SET_NV_UPDATE(type) g_updateNV |= (type) - -#endif // _NV_H_ \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/OIDs.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/OIDs.h deleted file mode 100644 index 312ae69ff..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/OIDs.h +++ /dev/null @@ -1,275 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#ifndef _OIDS_H_ -#define _OIDS_H_ - -// All the OIDs in this file are defined as DER-encoded values with a leading tag -// 0x06 (ASN1_OBJECT_IDENTIFIER), followed by a single length byte. This allows the -// OID size to be determined by looking at octet[1] of the OID (total size is -// OID[1] + 2). - -#define MAKE_OID(NAME) \ - EXTERN const BYTE OID##NAME[] INITIALIZER({OID##NAME##_VALUE}) - - -// These macros allow OIDs to be defined (or not) depending on whether the associated -// hash algorithm is implemented. -// NOTE: When one of these macros is used, the NAME needs '_" on each side. The -// exception is when the macro is used for the hash OID when only a single '_' is -// used. -#if ALG_SHA1 -#define SHA1_OID(NAME) MAKE_OID(NAME##SHA1) -#else -#define SHA1_OID(NAME) -#endif -#if ALG_SHA256 -#define SHA256_OID(NAME) MAKE_OID(NAME##SHA256) -#else -#define SHA256_OID(NAME) -#endif -#if ALG_SHA384 -#define SHA384_OID(NAME) MAKE_OID(NAME##SHA384) -#else -#define SHA#84_OID(NAME) -#endif -#if ALG_SHA512 -#define SHA512_OID(NAME) MAKE_OID(NAME##SHA512) -#else -#define SHA512_OID(NAME) -#endif -#if ALG_SM3_256 -#define SM3_256_OID(NAME) MAKE_OID(NAME##SM2_256) -#else -#define SM3_256_OID(NAME) -#endif -#if ALG_SHA3_256 -#define SHA3_256_OID(NAME) MAKE_OID(NAME##SHA3_256) -#else -#define SHA3_256_OID(NAME) -#endif -#if ALG_SHA3_384 -#define SHA3_384_OID(NAME) MAKE_OID(NAME##SHA3_384) -#else -#define SHA3_384_OID(NAME) -#endif -#if ALG_SHA3_512 -#define SSHA3_512_OID(NAME) MAKE_OID(NAME##SHA3_512) -#else -#define SHA3_512_OID(NAME) -#endif - -// These are encoded to take one additional byte of algorithm selector -#define NIST_HASH 0x06, 0x09, 0x60, 0x86, 0x48, 1, 101, 3, 4, 2 -#define NIST_SIG 0x06, 0x09, 0x60, 0x86, 0x48, 1, 101, 3, 4, 3 - -// These hash OIDs used in a lot of places. -#define OID_SHA1_VALUE 0x06, 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A -SHA1_OID(_); // Expands to - // MAKE_OID(_SHA1) - // which expands to: - // extern BYTE OID_SHA1[] - // or - // const BYTE OID_SHA1[] = {OID_SHA1_VALUE} - // which is: - // const BYTE OID_SHA1[] = {0x06, 0x05, 0x2B, 0x0E, - // 0x03, 0x02, 0x1A} - - -#define OID_SHA256_VALUE NIST_HASH, 1 -SHA256_OID(_); - -#define OID_SHA384_VALUE NIST_HASH, 2 -SHA384_OID(_); - -#define OID_SHA512_VALUE NIST_HASH, 3 -SHA512_OID(_); - -#define OID_SM3_256_VALUE 0x06, 0x08, 0x2A, 0x81, 0x1C, 0xCF, 0x55, 0x01, \ - 0x83, 0x11 -SM3_256_OID(_); // (1.2.156.10197.1.401) - -#define OID_SHA3_256_VALUE NIST_HASH, 8 -SHA3_256_OID(_); - -#define OID_SHA3_384_VALUE NIST_HASH, 9 -SHA3_384_OID(_); - -#define OID_SHA3_512_VALUE NIST_HASH, 10 -SHA3_512_OID(_); - - -// These are used for RSA-PSS -#if ALG_RSA - -#define OID_MGF1_VALUE 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, \ - 0x01, 0x01, 0x08 -MAKE_OID(_MGF1); - -#define OID_RSAPSS_VALUE 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, \ - 0x01, 0x01, 0x0A -MAKE_OID(_RSAPSS); - -// This is the OID to designate the public part of an RSA key. -#define OID_PKCS1_PUB_VALUE 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, \ - 0x01, 0x01, 0x01 -MAKE_OID(_PKCS1_PUB); - -// These are used for RSA PKCS1 signature Algorithms -#define OID_PKCS1_SHA1_VALUE 0x06,0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, \ - 0x0D, 0x01, 0x01, 0x05 -SHA1_OID(_PKCS1_); // (1.2.840.113549.1.1.5) - -#define OID_PKCS1_SHA256_VALUE 0x06,0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, \ - 0x0D, 0x01, 0x01, 0x0B -SHA256_OID(_PKCS1_); // (1.2.840.113549.1.1.11) - -#define OID_PKCS1_SHA384_VALUE 0x06,0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, \ - 0x0D, 0x01, 0x01, 0x0C -SHA384_OID(_PKCS1_); // (1.2.840.113549.1.1.12) - -#define OID_PKCS1_SHA512_VALUE 0x06,0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, \ - 0x0D, 0x01, 0x01, 0x0D -SHA512_OID(_PKCS1_); //(1.2.840.113549.1.1.13) - -#define OID_PKCS1_SM3_256_VALUE 0x06, 0x08, 0x2A, 0x81, 0x1C, 0xCF, 0x55, \ - 0x01, 0x83, 0x78 -SM3_256_OID(_PKCS1_); // 1.2.156.10197.1.504 - -#define OID_PKCS1_SHA3_256_VALUE NIST_SIG, 14 -SHA3_256_OID(_PKCS1_); -#define OID_PKCS1_SHA3_384_VALUE NIST_SIG, 15 -SHA3_256_OID(_PKCS1_); -#define OID_PKCS1_SHA3_512_VALUE NIST_SIG, 16 -SHA3_512_OID(_PKCS1_); - - -#endif // ALG_RSA - -#if ALG_ECDSA - -#define OID_ECDSA_SHA1_VALUE 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, \ - 0x01 -SHA1_OID(_ECDSA_); // (1.2.840.10045.4.1) SHA1 digest signed by an ECDSA key. - -#define OID_ECDSA_SHA256_VALUE 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, \ - 0x03, 0x02 -SHA256_OID(_ECDSA_); // (1.2.840.10045.4.3.2) SHA256 digest signed by an ECDSA key. - -#define OID_ECDSA_SHA384_VALUE 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, \ - 0x03, 0x03 -SHA384_OID(_ECDSA_); // (1.2.840.10045.4.3.3) SHA384 digest signed by an ECDSA key. - -#define OID_ECDSA_SHA512_VALUE 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, \ - 0x03, 0x04 -SHA512_OID(_ECDSA_); // (1.2.840.10045.4.3.4) SHA512 digest signed by an ECDSA key. - -#define OID_ECDSA_SM3_256_VALUE 0x00 -SM3_256_OID(_ECDSA_); - -#define OID_ECDSA_SHA3_256_VALUE NIST_SIG, 10 -SHA3_256_OID(_ECDSA_); -#define OID_ECDSA_SHA3_384_VALUE NIST_SIG, 11 -SHA3_384_OID(_ECDSA_); -#define OID_ECDSA_SHA3_512_VALUE NIST_SIG, 12 -SHA3_512_OID(_ECDSA_); - - - -#endif // ALG_ECDSA - -#if ALG_ECC - -#define OID_ECC_PUBLIC_VALUE 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, \ - 0x01 -MAKE_OID(_ECC_PUBLIC); - - -#define OID_ECC_NIST_P192_VALUE 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, \ - 0x01, 0x01 -#if ECC_NIST_P192 -MAKE_OID(_ECC_NIST_P192); // (1.2.840.10045.3.1.1) 'nistP192' -#endif // ECC_NIST_P192 - -#define OID_ECC_NIST_P224_VALUE 0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x21 -#if ECC_NIST_P224 -MAKE_OID(_ECC_NIST_P224); // (1.3.132.0.33) 'nistP224' -#endif // ECC_NIST_P224 - -#define OID_ECC_NIST_P256_VALUE 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, \ - 0x01, 0x07 -#if ECC_NIST_P256 -MAKE_OID(_ECC_NIST_P256); // (1.2.840.10045.3.1.7) 'nistP256' -#endif // ECC_NIST_P256 - -#define OID_ECC_NIST_P384_VALUE 0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x22 -#if ECC_NIST_P384 -MAKE_OID(_ECC_NIST_P384); // (1.3.132.0.34) 'nistP384' -#endif // ECC_NIST_P384 - -#define OID_ECC_NIST_P521_VALUE 0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x23 -#if ECC_NIST_P521 -MAKE_OID(_ECC_NIST_P521); // (1.3.132.0.35) 'nistP521' -#endif // ECC_NIST_P521 - -// No OIDs defined for these anonymous curves -#define OID_ECC_BN_P256_VALUE 0x00 -#if ECC_BN_P256 -MAKE_OID(_ECC_BN_P256); -#endif // ECC_BN_P256 - -#define OID_ECC_BN_P638_VALUE 0x00 -#if ECC_BN_P638 -MAKE_OID(_ECC_BN_P638); -#endif // ECC_BN_P638 - -#define OID_ECC_SM2_P256_VALUE 0x06, 0x08, 0x2A, 0x81, 0x1C, 0xCF, 0x55, 0x01, \ - 0x82, 0x2D -#if ECC_SM2_P256 -MAKE_OID(_ECC_SM2_P256); // Don't know where I found this OID. It needs checking -#endif // ECC_SM2_P256 - -#if ECC_BN_P256 -#define OID_ECC_BN_P256 NULL -#endif // ECC_BN_P256 - -#endif // ALG_ECC - -#undef MAKE_OID - - -#define OID_SIZE(OID) (OID[1] + 2) - -#endif // !_OIDS_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ossl/TpmToOsslHash.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ossl/TpmToOsslHash.h deleted file mode 100644 index 56f414464..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ossl/TpmToOsslHash.h +++ /dev/null @@ -1,180 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Introduction -// -// This header file is used to 'splice' the OpenSSL hash code into the TPM code. -// -#ifndef HASH_LIB_DEFINED -#define HASH_LIB_DEFINED - -#define HASH_LIB_OSSL - -#include -#include -#include - - -//*************************************************************** -//** Links to the OpenSSL HASH code -//*************************************************************** - -// Redefine the internal name used for each of the hash state structures to the -// name used by the library. -// These defines need to be known in all parts of the TPM so that the structure -// sizes can be properly computed when needed. - -#define tpmHashStateSHA1_t SHA_CTX -#define tpmHashStateSHA256_t SHA256_CTX -#define tpmHashStateSHA384_t SHA512_CTX -#define tpmHashStateSHA512_t SHA512_CTX - -#if ALG_SM3_256 -# error "The version of OpenSSL used by this code does not support SM3" -#endif - -// The defines below are only needed when compiling CryptHash.c or CryptSmac.c. -// This isolation is primarily to avoid name space collision. However, if there -// is a real collision, it will likely show up when the linker tries to put things -// together. - -#ifdef _CRYPT_HASH_C_ - -typedef BYTE *PBYTE; -typedef const BYTE *PCBYTE; - -// Define the interface between CryptHash.c to the functions provided by the -// library. For each method, define the calling parameters of the method and then -// define how the method is invoked in CryptHash.c. -// -// All hashes are required to have the same calling sequence. If they don't, create -// a simple adaptation function that converts from the "standard" form of the call -// to the form used by the specific hash (and then send a nasty letter to the -// person who wrote the hash function for the library). -// -// The macro that calls the method also defines how the -// parameters get swizzled between the default form (in CryptHash.c)and the -// library form. -// -// Initialize the hash context -#define HASH_START_METHOD_DEF void (HASH_START_METHOD)(PANY_HASH_STATE state) -#define HASH_START(hashState) \ - ((hashState)->def->method.start)(&(hashState)->state); - -// Add data to the hash -#define HASH_DATA_METHOD_DEF \ - void (HASH_DATA_METHOD)(PANY_HASH_STATE state, \ - PCBYTE buffer, \ - size_t size) -#define HASH_DATA(hashState, dInSize, dIn) \ - ((hashState)->def->method.data)(&(hashState)->state, dIn, dInSize) - -// Finalize the hash and get the digest -#define HASH_END_METHOD_DEF \ - void (HASH_END_METHOD)(BYTE *buffer, PANY_HASH_STATE state) -#define HASH_END(hashState, buffer) \ - ((hashState)->def->method.end)(buffer, &(hashState)->state) - -// Copy the hash context -// Note: For import, export, and copy, memcpy() is used since there is no -// reformatting necessary between the internal and external forms. -#define HASH_STATE_COPY_METHOD_DEF \ - void (HASH_STATE_COPY_METHOD)(PANY_HASH_STATE to, \ - PCANY_HASH_STATE from, \ - size_t size) -#define HASH_STATE_COPY(hashStateOut, hashStateIn) \ - ((hashStateIn)->def->method.copy)(&(hashStateOut)->state, \ - &(hashStateIn)->state, \ - (hashStateIn)->def->contextSize) - -// Copy (with reformatting when necessary) an internal hash structure to an -// external blob -#define HASH_STATE_EXPORT_METHOD_DEF \ - void (HASH_STATE_EXPORT_METHOD)(BYTE *to, \ - PCANY_HASH_STATE from, \ - size_t size) -#define HASH_STATE_EXPORT(to, hashStateFrom) \ - ((hashStateFrom)->def->method.copyOut) \ - (&(((BYTE *)(to))[offsetof(HASH_STATE, state)]), \ - &(hashStateFrom)->state, \ - (hashStateFrom)->def->contextSize) - -// Copy from an external blob to an internal formate (with reformatting when -// necessary -#define HASH_STATE_IMPORT_METHOD_DEF \ - void (HASH_STATE_IMPORT_METHOD)(PANY_HASH_STATE to, \ - const BYTE *from, \ - size_t size) -#define HASH_STATE_IMPORT(hashStateTo, from) \ - ((hashStateTo)->def->method.copyIn) \ - (&(hashStateTo)->state, \ - &(((const BYTE *)(from))[offsetof(HASH_STATE, state)]),\ - (hashStateTo)->def->contextSize) - - -// Function aliases. The code in CryptHash.c uses the internal designation for the -// functions. These need to be translated to the function names of the library. -#define tpmHashStart_SHA1 SHA1_Init // external name of the - // initialization method -#define tpmHashData_SHA1 SHA1_Update -#define tpmHashEnd_SHA1 SHA1_Final -#define tpmHashStateCopy_SHA1 memcpy -#define tpmHashStateExport_SHA1 memcpy -#define tpmHashStateImport_SHA1 memcpy -#define tpmHashStart_SHA256 SHA256_Init -#define tpmHashData_SHA256 SHA256_Update -#define tpmHashEnd_SHA256 SHA256_Final -#define tpmHashStateCopy_SHA256 memcpy -#define tpmHashStateExport_SHA256 memcpy -#define tpmHashStateImport_SHA256 memcpy -#define tpmHashStart_SHA384 SHA384_Init -#define tpmHashData_SHA384 SHA384_Update -#define tpmHashEnd_SHA384 SHA384_Final -#define tpmHashStateCopy_SHA384 memcpy -#define tpmHashStateExport_SHA384 memcpy -#define tpmHashStateImport_SHA384 memcpy -#define tpmHashStart_SHA512 SHA512_Init -#define tpmHashData_SHA512 SHA512_Update -#define tpmHashEnd_SHA512 SHA512_Final -#define tpmHashStateCopy_SHA512 memcpy -#define tpmHashStateExport_SHA512 memcpy -#define tpmHashStateImport_SHA512 memcpy - -#endif // _CRYPT_HASH_C_ - -#define LibHashInit() -// This definition would change if there were something to report -#define HashLibSimulationEnd() - -#endif // HASH_LIB_DEFINED diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ossl/TpmToOsslMath.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ossl/TpmToOsslMath.h deleted file mode 100644 index 39cb472fd..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ossl/TpmToOsslMath.h +++ /dev/null @@ -1,127 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Introduction -// This file contains the structure definitions used for ECC in the LibTomCrypt -// version of the code. These definitions would change, based on the library. -// The ECC-related structures that cross the TPM interface are defined -// in TpmTypes.h -// - -#ifndef MATH_LIB_DEFINED -#define MATH_LIB_DEFINED - -#define MATH_LIB_OSSL - -#include -#include -#if 0 // OPENSSL_VERSION_NUMBER >= 0x10200000L - // Check the bignum_st definition in crypto/bn/bn_lcl.h and either update the - // version check or provide the new definition for this version. -# error Untested OpenSSL version -#elif OPENSSL_VERSION_NUMBER >= 0x10100000L - // from crypto/bn/bn_lcl.h - struct bignum_st { - BN_ULONG *d; /* Pointer to an array of 'BN_BITS2' bit - * chunks. */ - int top; /* Index of last used d +1. */ - /* The next are internal book keeping for bn_expand. */ - int dmax; /* Size of the d array. */ - int neg; /* one if the number is negative */ - int flags; - }; -#endif // OPENSSL_VERSION_NUMBER -#include - -//** Macros and Defines - -// Make sure that the library is using the correct size for a crypt word -#if defined THIRTY_TWO_BIT && (RADIX_BITS != 32) \ - || ((defined SIXTY_FOUR_BIT_LONG || defined SIXTY_FOUR_BIT) \ - && (RADIX_BITS != 64)) -# error Ossl library is using different radix -#endif - -// Allocate a local BIGNUM value. For the allocation, a bigNum structure is created -// as is a local BIGNUM. The bigNum is initialized and then the BIGNUM is -// set to reference the local value. -#define BIG_VAR(name, bits) \ - BN_VAR(name##Bn, (bits)); \ - BIGNUM _##name; \ - BIGNUM *name = BigInitialized(&_##name, \ - BnInit(name##Bn, \ - BYTES_TO_CRYPT_WORDS(sizeof(_##name##Bn.d)))) - -// Allocate a BIGNUM and initialize with the values in a bigNum initializer -#define BIG_INITIALIZED(name, initializer) \ - BIGNUM _##name; \ - BIGNUM *name = BigInitialized(&_##name, initializer) - - -typedef struct -{ - const ECC_CURVE_DATA *C; // the TPM curve values - EC_GROUP *G; // group parameters - BN_CTX *CTX; // the context for the math (this might not be - // the context in which the curve was created>; -} OSSL_CURVE_DATA; - -typedef OSSL_CURVE_DATA *bigCurve; - -#define AccessCurveData(E) ((E)->C) - - -#include "TpmToOsslSupport_fp.h" - -// Start and end a context within which the OpenSSL memory management works -#define OSSL_ENTER() BN_CTX *CTX = OsslContextEnter() -#define OSSL_LEAVE() OsslContextLeave(CTX) - -// Start and end a context that spans multiple ECC functions. This is used so that -// the group for the curve can persist across multiple frames. -#define CURVE_INITIALIZED(name, initializer) \ - OSSL_CURVE_DATA _##name; \ - bigCurve name = BnCurveInitialize(&_##name, initializer) -#define CURVE_FREE(name) BnCurveFree(name) - -// Start and end a local stack frame within the context of the curve frame -#define ECC_ENTER() BN_CTX *CTX = OsslPushContext(E->CTX) -#define ECC_LEAVE() OsslPopContext(CTX) - -#define BN_NEW() BnNewVariable(CTX) - -// This definition would change if there were something to report -#define MathLibSimulationEnd() - -#endif // MATH_LIB_DEFINED diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ossl/TpmToOsslSym.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ossl/TpmToOsslSym.h deleted file mode 100644 index e65365d7a..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ossl/TpmToOsslSym.h +++ /dev/null @@ -1,120 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Introduction -// -// This header file is used to 'splice' the OpenSSL library into the TPM code. -// -// The support required of a library are a hash module, a block cipher module and -// portions of a big number library. - -#ifndef SYM_LIB_DEFINED -#define SYM_LIB_DEFINED - -#define SYM_LIB_OSSL - -#include -#include -#include -#include - -//*************************************************************** -//** Links to the OpenSSL AES code -//*************************************************************** - -#if ALG_SM4 -#error "SM4 is not available" -#endif - -#if ALG_CAMELLIA -#error "Camellia is not available" -#endif - -// Define the order of parameters to the library functions that do block encryption -// and decryption. -typedef void(*TpmCryptSetSymKeyCall_t)( - const BYTE *in, - BYTE *out, - void *keySchedule - ); - -// The Crypt functions that call the block encryption function use the parameters -// in the order: -// 1) keySchedule -// 2) in buffer -// 3) out buffer -// Since open SSL uses the order in encryptoCall_t above, need to swizzle the -// values to the order required by the library. -#define SWIZZLE(keySchedule, in, out) \ - (const BYTE *)(in), (BYTE *)(out), (void *)(keySchedule) - -// Macros to set up the encryption/decryption key schedules -// -// AES: -#define TpmCryptSetEncryptKeyAES(key, keySizeInBits, schedule) \ - AES_set_encrypt_key((key), (keySizeInBits), (tpmKeyScheduleAES *)(schedule)) -#define TpmCryptSetDecryptKeyAES(key, keySizeInBits, schedule) \ - AES_set_decrypt_key((key), (keySizeInBits), (tpmKeyScheduleAES *)(schedule)) - -// TDES: -#define TpmCryptSetEncryptKeyTDES(key, keySizeInBits, schedule) \ - TDES_set_encrypt_key((key), (keySizeInBits), (tpmKeyScheduleTDES *)(schedule)) -#define TpmCryptSetDecryptKeyTDES(key, keySizeInBits, schedule) \ - TDES_set_encrypt_key((key), (keySizeInBits), (tpmKeyScheduleTDES *)(schedule)) - -// Macros to alias encryption calls to specific algorithms. This should be used -// sparingly. Currently, only used by CryptRand.c -// -// When using these calls, to call the AES block encryption code, the caller -// should use: -// TpmCryptEncryptAES(SWIZZLE(keySchedule, in, out)); -#define TpmCryptEncryptAES AES_encrypt -#define TpmCryptDecryptAES AES_decrypt -#define tpmKeyScheduleAES AES_KEY - - -#define TpmCryptEncryptTDES TDES_encrypt -#define TpmCryptDecryptTDES TDES_decrypt -#define tpmKeyScheduleTDES DES_key_schedule - -typedef union tpmCryptKeySchedule_t tpmCryptKeySchedule_t; - -#if ALG_TDES -#include "TpmToOsslDesSupport_fp.h" -#endif - -// This definition would change if there were something to report -#define SymLibSimulationEnd() - -#endif // SYM_LIB_DEFINED diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/PRNG_TestVectors.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/PRNG_TestVectors.h deleted file mode 100644 index 96c7f5b48..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/PRNG_TestVectors.h +++ /dev/null @@ -1,140 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#ifndef _MSBN_DRBG_TEST_VECTORS_H -#define _MSBN_DRBG_TEST_VECTORS_H - -//#if DRBG_ALGORITHM == TPM_ALG_AES && DRBG_KEY_BITS == 256 -#if DRBG_KEY_SIZE_BITS == 256 - -/*(NIST test vector) -[AES-256 no df] -[PredictionResistance = False] -[EntropyInputLen = 384] -[NonceLen = 128] -[PersonalizationStringLen = 0] -[AdditionalInputLen = 0] - -COUNT = 0 -EntropyInput = 0d15aa80 b16c3a10 906cfedb 795dae0b 5b81041c 5c5bfacb - 373d4440 d9120f7e 3d6cf909 86cf52d8 5d3e947d 8c061f91 -Nonce = 06caef5f b538e08e 1f3b0452 03f8f4b2 -PersonalizationString = -AdditionalInput = - INTERMEDIATE Key = be5df629 34cc1230 166a6773 345bbd6b - 4c8869cf 8aec1c3b 1aa98bca 37cacf61 - INTERMEDIATE V = 3182dd1e 7638ec70 014e93bd 813e524c - INTERMEDIATE ReturnedBits = 28e0ebb8 21016650 8c8f65f2 207bd0a3 -EntropyInputReseed = 6ee793a3 3955d72a d12fd80a 8a3fcf95 ed3b4dac 5795fe25 - cf869f7c 27573bbc 56f1acae 13a65042 b340093c 464a7a22 -AdditionalInputReseed = -AdditionalInput = -ReturnedBits = 946f5182 d54510b9 461248f5 71ca06c9 -*/ - - -// Entropy is the size of the state. The state is the size of the key -// plus the IV. The IV is a block. If Key = 256 and Block = 128 then State = 384 -# define DRBG_TEST_INITIATE_ENTROPY \ - 0x0d, 0x15, 0xaa, 0x80, 0xb1, 0x6c, 0x3a, 0x10, \ - 0x90, 0x6c, 0xfe, 0xdb, 0x79, 0x5d, 0xae, 0x0b, \ - 0x5b, 0x81, 0x04, 0x1c, 0x5c, 0x5b, 0xfa, 0xcb, \ - 0x37, 0x3d, 0x44, 0x40, 0xd9, 0x12, 0x0f, 0x7e, \ - 0x3d, 0x6c, 0xf9, 0x09, 0x86, 0xcf, 0x52, 0xd8, \ - 0x5d, 0x3e, 0x94, 0x7d, 0x8c, 0x06, 0x1f, 0x91 - -# define DRBG_TEST_RESEED_ENTROPY \ - 0x6e, 0xe7, 0x93, 0xa3, 0x39, 0x55, 0xd7, 0x2a, \ - 0xd1, 0x2f, 0xd8, 0x0a, 0x8a, 0x3f, 0xcf, 0x95, \ - 0xed, 0x3b, 0x4d, 0xac, 0x57, 0x95, 0xfe, 0x25, \ - 0xcf, 0x86, 0x9f, 0x7c, 0x27, 0x57, 0x3b, 0xbc, \ - 0x56, 0xf1, 0xac, 0xae, 0x13, 0xa6, 0x50, 0x42, \ - 0xb3, 0x40, 0x09, 0x3c, 0x46, 0x4a, 0x7a, 0x22 - -# define DRBG_TEST_GENERATED_INTERM \ - 0x28, 0xe0, 0xeb, 0xb8, 0x21, 0x01, 0x66, 0x50, \ - 0x8c, 0x8f, 0x65, 0xf2, 0x20, 0x7b, 0xd0, 0xa3 - - -# define DRBG_TEST_GENERATED \ - 0x94, 0x6f, 0x51, 0x82, 0xd5, 0x45, 0x10, 0xb9, \ - 0x46, 0x12, 0x48, 0xf5, 0x71, 0xca, 0x06, 0xc9 -#elif DRBG_KEY_SIZE_BITS == 128 -/*(NIST test vector) -[AES-128 no df] -[PredictionResistance = False] -[EntropyInputLen = 256] -[NonceLen = 64] -[PersonalizationStringLen = 0] -[AdditionalInputLen = 0] - -COUNT = 0 -EntropyInput = 8fc11bdb5aabb7e093b61428e0907303cb459f3b600dad870955f22da80a44f8 -Nonce = be1f73885ddd15aa -PersonalizationString = -AdditionalInput = - INTERMEDIATE Key = b134ecc836df6dbd624900af118dd7e6 - INTERMEDIATE V = 01bb09e86dabd75c9f26dbf6f9531368 - INTERMEDIATE ReturnedBits = dc3cf6bf5bd341135f2c6811a1071c87 -EntropyInputReseed = - 0cd53cd5eccd5a10d7ea266111259b05574fc6ddd8bed8bd72378cf82f1dba2a -AdditionalInputReseed = -AdditionalInput = -ReturnedBits = b61850decfd7106d44769a8e6e8c1ad4 -*/ - -# define DRBG_TEST_INITIATE_ENTROPY \ - 0x8f, 0xc1, 0x1b, 0xdb, 0x5a, 0xab, 0xb7, 0xe0, \ - 0x93, 0xb6, 0x14, 0x28, 0xe0, 0x90, 0x73, 0x03, \ - 0xcb, 0x45, 0x9f, 0x3b, 0x60, 0x0d, 0xad, 0x87, \ - 0x09, 0x55, 0xf2, 0x2d, 0xa8, 0x0a, 0x44, 0xf8 - -# define DRBG_TEST_RESEED_ENTROPY \ - 0x0c, 0xd5, 0x3c, 0xd5, 0xec, 0xcd, 0x5a, 0x10, \ - 0xd7, 0xea, 0x26, 0x61, 0x11, 0x25, 0x9b, 0x05, \ - 0x57, 0x4f, 0xc6, 0xdd, 0xd8, 0xbe, 0xd8, 0xbd, \ - 0x72, 0x37, 0x8c, 0xf8, 0x2f, 0x1d, 0xba, 0x2a - -#define DRBG_TEST_GENERATED_INTERM \ - 0xdc, 0x3c, 0xf6, 0xbf, 0x5b, 0xd3, 0x41, 0x13, \ - 0x5f, 0x2c, 0x68, 0x11, 0xa1, 0x07, 0x1c, 0x87 - -# define DRBG_TEST_GENERATED \ - 0xb6, 0x18, 0x50, 0xde, 0xcf, 0xd7, 0x10, 0x6d, \ - 0x44, 0x76, 0x9a, 0x8e, 0x6e, 0x8c, 0x1a, 0xd4 - -#endif - - -#endif // _MSBN_DRBG_TEST_VECTORS_H \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/RsaTestData.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/RsaTestData.h deleted file mode 100644 index 9721daa35..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/RsaTestData.h +++ /dev/null @@ -1,423 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -// -// RSA Test Vectors - -#define RSA_TEST_KEY_SIZE 256 - -typedef struct -{ - UINT16 size; - BYTE buffer[RSA_TEST_KEY_SIZE]; -} TPM2B_RSA_TEST_KEY; - -typedef TPM2B_RSA_TEST_KEY TPM2B_RSA_TEST_VALUE; - -typedef struct -{ - UINT16 size; - BYTE buffer[RSA_TEST_KEY_SIZE / 2]; -} TPM2B_RSA_TEST_PRIME; - -const TPM2B_RSA_TEST_KEY c_rsaPublicModulus = {256, { - 0x91,0x12,0xf5,0x07,0x9d,0x5f,0x6b,0x1c,0x90,0xf6,0xcc,0x87,0xde,0x3a,0x7a,0x15, - 0xdc,0x54,0x07,0x6c,0x26,0x8f,0x25,0xef,0x7e,0x66,0xc0,0xe3,0x82,0x12,0x2f,0xab, - 0x52,0x82,0x1e,0x85,0xbc,0x53,0xba,0x2b,0x01,0xad,0x01,0xc7,0x8d,0x46,0x4f,0x7d, - 0xdd,0x7e,0xdc,0xb0,0xad,0xf6,0x0c,0xa1,0x62,0x92,0x97,0x8a,0x3e,0x6f,0x7e,0x3e, - 0xf6,0x9a,0xcc,0xf9,0xa9,0x86,0x77,0xb6,0x85,0x43,0x42,0x04,0x13,0x65,0xe2,0xad, - 0x36,0xc9,0xbf,0xc1,0x97,0x84,0x6f,0xee,0x7c,0xda,0x58,0xd2,0xae,0x07,0x00,0xaf, - 0xc5,0x5f,0x4d,0x3a,0x98,0xb0,0xed,0x27,0x7c,0xc2,0xce,0x26,0x5d,0x87,0xe1,0xe3, - 0xa9,0x69,0x88,0x4f,0x8c,0x08,0x31,0x18,0xae,0x93,0x16,0xe3,0x74,0xde,0xd3,0xf6, - 0x16,0xaf,0xa3,0xac,0x37,0x91,0x8d,0x10,0xc6,0x6b,0x64,0x14,0x3a,0xd9,0xfc,0xe4, - 0xa0,0xf2,0xd1,0x01,0x37,0x4f,0x4a,0xeb,0xe5,0xec,0x98,0xc5,0xd9,0x4b,0x30,0xd2, - 0x80,0x2a,0x5a,0x18,0x5a,0x7d,0xd4,0x3d,0xb7,0x62,0x98,0xce,0x6d,0xa2,0x02,0x6e, - 0x45,0xaa,0x95,0x73,0xe0,0xaa,0x75,0x57,0xb1,0x3d,0x1b,0x05,0x75,0x23,0x6b,0x20, - 0x69,0x9e,0x14,0xb0,0x7f,0xac,0xae,0xd2,0xc7,0x48,0x3b,0xe4,0x56,0x11,0x34,0x1e, - 0x05,0x1a,0x30,0x20,0xef,0x68,0x93,0x6b,0x9d,0x7e,0xdd,0xba,0x96,0x50,0xcc,0x1c, - 0x81,0xb4,0x59,0xb9,0x74,0x36,0xd9,0x97,0xdc,0x8f,0x17,0x82,0x72,0xb3,0x59,0xf6, - 0x23,0xfa,0x84,0xf7,0x6d,0xf2,0x05,0xff,0xf1,0xb9,0xcc,0xe9,0xa2,0x82,0x01,0xfb}}; - -const TPM2B_RSA_TEST_PRIME c_rsaPrivatePrime = {RSA_TEST_KEY_SIZE / 2, { - 0xb7,0xa0,0x90,0xc7,0x92,0x09,0xde,0x71,0x03,0x37,0x4a,0xb5,0x2f,0xda,0x61,0xb8, - 0x09,0x1b,0xba,0x99,0x70,0x45,0xc1,0x0b,0x15,0x12,0x71,0x8a,0xb3,0x2a,0x4d,0x5a, - 0x41,0x9b,0x73,0x89,0x80,0x0a,0x8f,0x18,0x4c,0x8b,0xa2,0x5b,0xda,0xbd,0x43,0xbe, - 0xdc,0x76,0x4d,0x71,0x0f,0xb9,0xfc,0x7a,0x09,0xfe,0x4f,0xac,0x63,0xd9,0x2e,0x50, - 0x3a,0xa1,0x37,0xc6,0xf2,0xa1,0x89,0x12,0xe7,0x72,0x64,0x2b,0xba,0xc1,0x1f,0xca, - 0x9d,0xb7,0xaa,0x3a,0xa9,0xd3,0xa6,0x6f,0x73,0x02,0xbb,0x85,0x5d,0x9a,0xb9,0x5c, - 0x08,0x83,0x22,0x20,0x49,0x91,0x5f,0x4b,0x86,0xbc,0x3f,0x76,0x43,0x08,0x97,0xbf, - 0x82,0x55,0x36,0x2d,0x8b,0x6e,0x9e,0xfb,0xc1,0x67,0x6a,0x43,0xa2,0x46,0x81,0x71}}; - -const BYTE c_RsaTestValue[RSA_TEST_KEY_SIZE] = { - 0x2a,0x24,0x3a,0xbb,0x50,0x1d,0xd4,0x2a,0xf9,0x18,0x32,0x34,0xa2,0x0f,0xea,0x5c, - 0x91,0x77,0xe9,0xe1,0x09,0x83,0xdc,0x5f,0x71,0x64,0x5b,0xeb,0x57,0x79,0xa0,0x41, - 0xc9,0xe4,0x5a,0x0b,0xf4,0x9f,0xdb,0x84,0x04,0xa6,0x48,0x24,0xf6,0x3f,0x66,0x1f, - 0xa8,0x04,0x5c,0xf0,0x7a,0x6b,0x4a,0x9c,0x7e,0x21,0xb6,0xda,0x6b,0x65,0x9c,0x3a, - 0x68,0x50,0x13,0x1e,0xa4,0xb7,0xca,0xec,0xd3,0xcc,0xb2,0x9b,0x8c,0x87,0xa4,0x6a, - 0xba,0xc2,0x06,0x3f,0x40,0x48,0x7b,0xa8,0xb8,0x2c,0x03,0x14,0x33,0xf3,0x1d,0xe9, - 0xbd,0x6f,0x54,0x66,0xb4,0x69,0x5e,0xbc,0x80,0x7c,0xe9,0x6a,0x43,0x7f,0xb8,0x6a, - 0xa0,0x5f,0x5d,0x7a,0x20,0xfd,0x7a,0x39,0xe1,0xea,0x0e,0x94,0x91,0x28,0x63,0x7a, - 0xac,0xc9,0xa5,0x3a,0x6d,0x31,0x7b,0x7c,0x54,0x56,0x99,0x56,0xbb,0xb7,0xa1,0x2d, - 0xd2,0x5c,0x91,0x5f,0x1c,0xd3,0x06,0x7f,0x34,0x53,0x2f,0x4c,0xd1,0x8b,0xd2,0x9e, - 0xdc,0xc3,0x94,0x0a,0xe1,0x0f,0xa5,0x15,0x46,0x2a,0x8e,0x10,0xc2,0xfe,0xb7,0x5e, - 0x2d,0x0d,0xd1,0x25,0xfc,0xe4,0xf7,0x02,0x19,0xfe,0xb6,0xe4,0x95,0x9c,0x17,0x4a, - 0x9b,0xdb,0xab,0xc7,0x79,0xe3,0x5e,0x40,0xd0,0x56,0x6d,0x25,0x0a,0x72,0x65,0x80, - 0x92,0x9a,0xa8,0x07,0x70,0x32,0x14,0xfb,0xfe,0x08,0xeb,0x13,0xb4,0x07,0x68,0xb4, - 0x58,0x39,0xbe,0x8e,0x78,0x3a,0x59,0x3f,0x9c,0x4c,0xe9,0xa8,0x64,0x68,0xf7,0xb9, - 0x6e,0x20,0xf5,0xcb,0xca,0x47,0xf2,0x17,0xaa,0x8b,0xbc,0x13,0x14,0x84,0xf6,0xab}; - -const TPM2B_RSA_TEST_VALUE c_RsaepKvt = {RSA_TEST_KEY_SIZE, { - 0x73,0xbd,0x65,0x49,0xda,0x7b,0xb8,0x50,0x9e,0x87,0xf0,0x0a,0x8a,0x9a,0x07,0xb6, - 0x00,0x82,0x10,0x14,0x60,0xd8,0x01,0xfc,0xc5,0x18,0xea,0x49,0x5f,0x13,0xcf,0x65, - 0x66,0x30,0x6c,0x60,0x3f,0x24,0x3c,0xfb,0xe2,0x31,0x16,0x99,0x7e,0x31,0x98,0xab, - 0x93,0xb8,0x07,0x53,0xcc,0xdb,0x7f,0x44,0xd9,0xee,0x5d,0xe8,0x5f,0x97,0x5f,0xe8, - 0x1f,0x88,0x52,0x24,0x7b,0xac,0x62,0x95,0xb7,0x7d,0xf5,0xf8,0x9f,0x5a,0xa8,0x24, - 0x9a,0x76,0x71,0x2a,0x35,0x2a,0xa1,0x08,0xbb,0x95,0xe3,0x64,0xdc,0xdb,0xc2,0x33, - 0xa9,0x5f,0xbe,0x4c,0xc4,0xcc,0x28,0xc9,0x25,0xff,0xee,0x17,0x15,0x9a,0x50,0x90, - 0x0e,0x15,0xb4,0xea,0x6a,0x09,0xe6,0xff,0xa4,0xee,0xc7,0x7e,0xce,0xa9,0x73,0xe4, - 0xa0,0x56,0xbd,0x53,0x2a,0xe4,0xc0,0x2b,0xa8,0x9b,0x09,0x30,0x72,0x62,0x0f,0xf9, - 0xf6,0xa1,0x52,0xd2,0x8a,0x37,0xee,0xa5,0xc8,0x47,0xe1,0x99,0x21,0x47,0xeb,0xdd, - 0x37,0xaa,0xe4,0xbd,0x55,0x46,0x5a,0x5a,0x5d,0xfb,0x7b,0xfc,0xff,0xbf,0x26,0x71, - 0xf6,0x1e,0xad,0xbc,0xbf,0x33,0xca,0xe1,0x92,0x8f,0x2a,0x89,0x6c,0x45,0x24,0xd1, - 0xa6,0x52,0x56,0x24,0x5e,0x90,0x47,0xe5,0xcb,0x12,0xb0,0x32,0xf9,0xa6,0xbb,0xea, - 0x37,0xa9,0xbd,0xef,0x23,0xef,0x63,0x07,0x6c,0xc4,0x4e,0x64,0x3c,0xc6,0x11,0x84, - 0x7d,0x65,0xd6,0x5d,0x7a,0x17,0x58,0xa5,0xf7,0x74,0x3b,0x42,0xe3,0xd2,0xda,0x5f, - 0x6f,0xe0,0x1e,0x4b,0xcf,0x46,0xe2,0xdf,0x3e,0x41,0x8e,0x0e,0xb0,0x3f,0x8b,0x65}}; - -#define OAEP_TEST_LABEL "OAEP Test Value" - -#if ALG_SHA1_VALUE == DEFAULT_TEST_HASH - -const TPM2B_RSA_TEST_VALUE c_OaepKvt = {RSA_TEST_KEY_SIZE, { - 0x32,0x68,0x84,0x0b,0x9c,0xc9,0x25,0x26,0xd9,0xc0,0xd0,0xb1,0xde,0x60,0x55,0xae, - 0x33,0xe5,0xcf,0x6c,0x85,0xbe,0x0d,0x71,0x11,0xe1,0x45,0x60,0xbb,0x42,0x3d,0xf3, - 0xb1,0x18,0x84,0x7b,0xc6,0x5d,0xce,0x1d,0x5f,0x9a,0x97,0xcf,0xb1,0x97,0x9a,0x85, - 0x7c,0xa7,0xa1,0x63,0x23,0xb6,0x74,0x0f,0x1a,0xee,0x29,0x51,0xeb,0x50,0x8f,0x3c, - 0x8e,0x4e,0x31,0x38,0xdc,0x11,0xfc,0x9a,0x4e,0xaf,0x93,0xc9,0x7f,0x6e,0x35,0xf3, - 0xc9,0xe4,0x89,0x14,0x53,0xe2,0xc2,0x1a,0xf7,0x6b,0x9b,0xf0,0x7a,0xa4,0x69,0x52, - 0xe0,0x24,0x8f,0xea,0x31,0xa7,0x5c,0x43,0xb0,0x65,0xc9,0xfe,0xba,0xfe,0x80,0x9e, - 0xa5,0xc0,0xf5,0x8d,0xce,0x41,0xf9,0x83,0x0d,0x8e,0x0f,0xef,0x3d,0x1f,0x6a,0xcc, - 0x8a,0x3d,0x3b,0xdf,0x22,0x38,0xd7,0x34,0x58,0x7b,0x55,0xc9,0xf6,0xbc,0x7c,0x4c, - 0x3f,0xd7,0xde,0x4e,0x30,0xa9,0x69,0xf3,0x5f,0x56,0x8f,0xc2,0xe7,0x75,0x79,0xb8, - 0xa5,0xc8,0x0d,0xc0,0xcd,0xb6,0xc9,0x63,0xad,0x7c,0xe4,0x8f,0x39,0x60,0x4d,0x7d, - 0xdb,0x34,0x49,0x2a,0x47,0xde,0xc0,0x42,0x4a,0x19,0x94,0x2e,0x50,0x21,0x03,0x47, - 0xff,0x73,0xb3,0xb7,0x89,0xcc,0x7b,0x2c,0xeb,0x03,0xa7,0x9a,0x06,0xfd,0xed,0x19, - 0xbb,0x82,0xa0,0x13,0xe9,0xfa,0xac,0x06,0x5f,0xc5,0xa9,0x2b,0xda,0x88,0x23,0xa2, - 0x5d,0xc2,0x7f,0xda,0xc8,0x5a,0x94,0x31,0xc1,0x21,0xd7,0x1e,0x6b,0xd7,0x89,0xb1, - 0x93,0x80,0xab,0xd1,0x37,0xf2,0x6f,0x50,0xcd,0x2a,0xea,0xb1,0xc4,0xcd,0xcb,0xb5}}; - -const TPM2B_RSA_TEST_VALUE c_RsaesKvt = {RSA_TEST_KEY_SIZE, { - 0x29,0xa4,0x2f,0xbb,0x8a,0x14,0x05,0x1e,0x3c,0x72,0x76,0x77,0x38,0xe7,0x73,0xe3, - 0x6e,0x24,0x4b,0x38,0xd2,0x1a,0xcf,0x23,0x58,0x78,0x36,0x82,0x23,0x6e,0x6b,0xef, - 0x2c,0x3d,0xf2,0xe8,0xd6,0xc6,0x87,0x8e,0x78,0x9b,0x27,0x39,0xc0,0xd6,0xef,0x4d, - 0x0b,0xfc,0x51,0x27,0x18,0xf3,0x51,0x5e,0x4d,0x96,0x3a,0xe2,0x15,0xe2,0x7e,0x42, - 0xf4,0x16,0xd5,0xc6,0x52,0x5d,0x17,0x44,0x76,0x09,0x7a,0xcf,0xe3,0x30,0xe3,0x84, - 0xf6,0x6f,0x3a,0x33,0xfb,0x32,0x0d,0x1d,0xe7,0x7c,0x80,0x82,0x4f,0xed,0xda,0x87, - 0x11,0x9c,0xc3,0x7e,0x85,0xbd,0x18,0x58,0x08,0x2b,0x23,0x37,0xe7,0x9d,0xd0,0xd1, - 0x79,0xe2,0x05,0xbd,0xf5,0x4f,0x0e,0x0f,0xdb,0x4a,0x74,0xeb,0x09,0x01,0xb3,0xca, - 0xbd,0xa6,0x7b,0x09,0xb1,0x13,0x77,0x30,0x4d,0x87,0x41,0x06,0x57,0x2e,0x5f,0x36, - 0x6e,0xfc,0x35,0x69,0xfe,0x0a,0x24,0x6c,0x98,0x8c,0xda,0x97,0xf4,0xfb,0xc7,0x83, - 0x2d,0x3e,0x7d,0xc0,0x5c,0x34,0xfd,0x11,0x2a,0x12,0xa7,0xae,0x4a,0xde,0xc8,0x4e, - 0xcf,0xf4,0x85,0x63,0x77,0xc6,0x33,0x34,0xe0,0x27,0xe4,0x9e,0x91,0x0b,0x4b,0x85, - 0xf0,0xb0,0x79,0xaa,0x7c,0xc6,0xff,0x3b,0xbc,0x04,0x73,0xb8,0x95,0xd7,0x31,0x54, - 0x3b,0x56,0xec,0x52,0x15,0xd7,0x3e,0x62,0xf5,0x82,0x99,0x3e,0x2a,0xc0,0x4b,0x2e, - 0x06,0x57,0x6d,0x3f,0x3e,0x77,0x1f,0x2b,0x2d,0xc5,0xb9,0x3b,0x68,0x56,0x73,0x70, - 0x32,0x6b,0x6b,0x65,0x25,0x76,0x45,0x6c,0x45,0xf1,0x6c,0x59,0xfc,0x94,0xa7,0x15}}; - -const TPM2B_RSA_TEST_VALUE c_RsapssKvt = {RSA_TEST_KEY_SIZE, { - 0x01,0xfe,0xd5,0x83,0x0b,0x15,0xba,0x90,0x2c,0xdf,0xf7,0x26,0xb7,0x8f,0xb1,0xd7, - 0x0b,0xfd,0x83,0xf9,0x95,0xd5,0xd7,0xb5,0xc5,0xc5,0x4a,0xde,0xd5,0xe6,0x20,0x78, - 0xca,0x73,0x77,0x3d,0x61,0x36,0x48,0xae,0x3e,0x8f,0xee,0x43,0x29,0x96,0xdf,0x3f, - 0x1c,0x97,0x5a,0xbe,0xe5,0xa2,0x7e,0x5b,0xd0,0xc0,0x29,0x39,0x83,0x81,0x77,0x24, - 0x43,0xdb,0x3c,0x64,0x4d,0xf0,0x23,0xe4,0xae,0x0f,0x78,0x31,0x8c,0xda,0x0c,0xec, - 0xf1,0xdf,0x09,0xf2,0x14,0x6a,0x4d,0xaf,0x36,0x81,0x6e,0xbd,0xbe,0x36,0x79,0x88, - 0x98,0xb6,0x6f,0x5a,0xad,0xcf,0x7c,0xee,0xe0,0xdd,0x00,0xbe,0x59,0x97,0x88,0x00, - 0x34,0xc0,0x8b,0x48,0x42,0x05,0x04,0x5a,0xb7,0x85,0x38,0xa0,0x35,0xd7,0x3b,0x51, - 0xb8,0x7b,0x81,0x83,0xee,0xff,0x76,0x6f,0x50,0x39,0x4d,0xab,0x89,0x63,0x07,0x6d, - 0xf5,0xe5,0x01,0x10,0x56,0xfe,0x93,0x06,0x8f,0xd3,0xc9,0x41,0xab,0xc9,0xdf,0x6e, - 0x59,0xa8,0xc3,0x1d,0xbf,0x96,0x4a,0x59,0x80,0x3c,0x90,0x3a,0x59,0x56,0x4c,0x6d, - 0x44,0x6d,0xeb,0xdc,0x73,0xcd,0xc1,0xec,0xb8,0x41,0xbf,0x89,0x8c,0x03,0x69,0x4c, - 0xaf,0x3f,0xc1,0xc5,0xc7,0xe7,0x7d,0xa7,0x83,0x39,0x70,0xa2,0x6b,0x83,0xbc,0xbe, - 0xf5,0xbf,0x1c,0xee,0x6e,0xa3,0x22,0x1e,0x25,0x2f,0x16,0x68,0x69,0x5a,0x1d,0xfa, - 0x2c,0x3a,0x0f,0x67,0xe1,0x77,0x12,0xe8,0x3d,0xba,0xaa,0xef,0x96,0x9c,0x1f,0x64, - 0x32,0xf4,0xa7,0xb3,0x3f,0x7d,0x61,0xbb,0x9a,0x27,0xad,0xfb,0x2f,0x33,0xc4,0x70}}; - -const TPM2B_RSA_TEST_VALUE c_RsassaKvt = {RSA_TEST_KEY_SIZE, { - 0x67,0x4e,0xdd,0xc2,0xd2,0x6d,0xe0,0x03,0xc4,0xc2,0x41,0xd3,0xd4,0x61,0x30,0xd0, - 0xe1,0x68,0x31,0x4a,0xda,0xd9,0xc2,0x5d,0xaa,0xa2,0x7b,0xfb,0x44,0x02,0xf5,0xd6, - 0xd8,0x2e,0xcd,0x13,0x36,0xc9,0x4b,0xdb,0x1a,0x4b,0x66,0x1b,0x4f,0x9c,0xb7,0x17, - 0xac,0x53,0x37,0x4f,0x21,0xbd,0x0c,0x66,0xac,0x06,0x65,0x52,0x9f,0x04,0xf6,0xa5, - 0x22,0x5b,0xf7,0xe6,0x0d,0x3c,0x9f,0x41,0x19,0x09,0x88,0x7c,0x41,0x4c,0x2f,0x9c, - 0x8b,0x3c,0xdd,0x7c,0x28,0x78,0x24,0xd2,0x09,0xa6,0x5b,0xf7,0x3c,0x88,0x7e,0x73, - 0x5a,0x2d,0x36,0x02,0x4f,0x65,0xb0,0xcb,0xc8,0xdc,0xac,0xa2,0xda,0x8b,0x84,0x91, - 0x71,0xe4,0x30,0x8b,0xb6,0x12,0xf2,0xf0,0xd0,0xa0,0x38,0xcf,0x75,0xb7,0x20,0xcb, - 0x35,0x51,0x52,0x6b,0xc4,0xf4,0x21,0x95,0xc2,0xf7,0x9a,0x13,0xc1,0x1a,0x7b,0x8f, - 0x77,0xda,0x19,0x48,0xbb,0x6d,0x14,0x5d,0xba,0x65,0xb4,0x9e,0x43,0x42,0x58,0x98, - 0x0b,0x91,0x46,0xd8,0x4c,0xf3,0x4c,0xaf,0x2e,0x02,0xa6,0xb2,0x49,0x12,0x62,0x43, - 0x4e,0xa8,0xac,0xbf,0xfd,0xfa,0x37,0x24,0xea,0x69,0x1c,0xf5,0xae,0xfa,0x08,0x82, - 0x30,0xc3,0xc0,0xf8,0x9a,0x89,0x33,0xe1,0x40,0x6d,0x18,0x5c,0x7b,0x90,0x48,0xbf, - 0x37,0xdb,0xea,0xfb,0x0e,0xd4,0x2e,0x11,0xfa,0xa9,0x86,0xff,0x00,0x0b,0x7b,0xca, - 0x09,0x64,0x6a,0x8f,0x0c,0x0e,0x09,0x14,0x36,0x4a,0x74,0x31,0x18,0x5b,0x18,0xeb, - 0xea,0x83,0xc3,0x66,0x68,0xa6,0x7d,0x43,0x06,0x0f,0x99,0x60,0xce,0x65,0x08,0xf6}}; - -#endif // SHA1 - -#if ALG_SHA256_VALUE == DEFAULT_TEST_HASH - -const TPM2B_RSA_TEST_VALUE c_OaepKvt = {RSA_TEST_KEY_SIZE, { - 0x33,0x20,0x6e,0x21,0xc3,0xf6,0xcd,0xf8,0xd7,0x5d,0x9f,0xe9,0x05,0x14,0x8c,0x7c, - 0xbb,0x69,0x24,0x9e,0x52,0x8f,0xaf,0x84,0x73,0x21,0x2c,0x85,0xa5,0x30,0x4d,0xb6, - 0xb8,0xfa,0x15,0x9b,0xc7,0x8f,0xc9,0x7a,0x72,0x4b,0x85,0xa4,0x1c,0xc5,0xd8,0xe4, - 0x92,0xb3,0xec,0xd9,0xa8,0xca,0x5e,0x74,0x73,0x89,0x7f,0xb4,0xac,0x7e,0x68,0x12, - 0xb2,0x53,0x27,0x4b,0xbf,0xd0,0x71,0x69,0x46,0x9f,0xef,0xf4,0x70,0x60,0xf8,0xd7, - 0xae,0xc7,0x5a,0x27,0x38,0x25,0x2d,0x25,0xab,0x96,0x56,0x66,0x3a,0x23,0x40,0xa8, - 0xdb,0xbc,0x86,0xe8,0xf3,0xd2,0x58,0x0b,0x44,0xfc,0x94,0x1e,0xb7,0x5d,0xb4,0x57, - 0xb5,0xf3,0x56,0xee,0x9b,0xcf,0x97,0x91,0x29,0x36,0xe3,0x06,0x13,0xa2,0xea,0xd6, - 0xd6,0x0b,0x86,0x0b,0x1a,0x27,0xe6,0x22,0xc4,0x7b,0xff,0xde,0x0f,0xbf,0x79,0xc8, - 0x1b,0xed,0xf1,0x27,0x62,0xb5,0x8b,0xf9,0xd9,0x76,0x90,0xf6,0xcc,0x83,0x0f,0xce, - 0xce,0x2e,0x63,0x7a,0x9b,0xf4,0x48,0x5b,0xd7,0x81,0x2c,0x3a,0xdb,0x59,0x0d,0x4d, - 0x9e,0x46,0xe9,0x9e,0x92,0x22,0x27,0x1c,0xb0,0x67,0x8a,0xe6,0x8a,0x16,0x8a,0xdf, - 0x95,0x76,0x24,0x82,0xad,0xf1,0xbc,0x97,0xbf,0xd3,0x5e,0x6e,0x14,0x0c,0x5b,0x25, - 0xfe,0x58,0xfa,0x64,0xe5,0x14,0x46,0xb7,0x58,0xc6,0x3f,0x7f,0x42,0xd2,0x8e,0x45, - 0x13,0x41,0x85,0x12,0x2e,0x96,0x19,0xd0,0x5e,0x7d,0x34,0x06,0x32,0x2b,0xc8,0xd9, - 0x0d,0x6c,0x06,0x36,0xa0,0xff,0x47,0x57,0x2c,0x25,0xbc,0x8a,0xa5,0xe2,0xc7,0xe3}}; - -const TPM2B_RSA_TEST_VALUE c_RsaesKvt = {RSA_TEST_KEY_SIZE, { - 0x39,0xfc,0x10,0x5d,0xf4,0x45,0x3d,0x94,0x53,0x06,0x89,0x24,0xe7,0xe8,0xfd,0x03, - 0xac,0xfd,0xbd,0xb2,0x28,0xd3,0x4a,0x52,0xc5,0xd4,0xdb,0x17,0xd4,0x24,0x05,0xc4, - 0xeb,0x6a,0xce,0x1d,0xbb,0x37,0xcb,0x09,0xd8,0x6c,0x83,0x19,0x93,0xd4,0xe2,0x88, - 0x88,0x9b,0xaf,0x92,0x16,0xc4,0x15,0xbd,0x49,0x13,0x22,0xb7,0x84,0xcf,0x23,0xf2, - 0x6f,0x0c,0x3e,0x8f,0xde,0x04,0x09,0x31,0x2d,0x99,0xdf,0xe6,0x74,0x70,0x30,0xde, - 0x8c,0xad,0x32,0x86,0xe2,0x7c,0x12,0x90,0x21,0xf3,0x86,0xb7,0xe2,0x64,0xca,0x98, - 0xcc,0x64,0x4b,0xef,0x57,0x4f,0x5a,0x16,0x6e,0xd7,0x2f,0x5b,0xf6,0x07,0xad,0x33, - 0xb4,0x8f,0x3b,0x3a,0x8b,0xd9,0x06,0x2b,0xed,0x3c,0x3c,0x76,0xf6,0x21,0x31,0xe3, - 0xfb,0x2c,0x45,0x61,0x42,0xba,0xe0,0xc3,0x72,0x63,0xd0,0x6b,0x8f,0x36,0x26,0xfb, - 0x9e,0x89,0x0e,0x44,0x9a,0xc1,0x84,0x5e,0x84,0x8d,0xb6,0xea,0xf1,0x0d,0x66,0xc7, - 0xdb,0x44,0xbd,0x19,0x7c,0x05,0xbe,0xc4,0xab,0x88,0x32,0xbe,0xc7,0x63,0x31,0xe6, - 0x38,0xd4,0xe5,0xb8,0x4b,0xf5,0x0e,0x55,0x9a,0x3a,0xe6,0x0a,0xec,0xee,0xe2,0xa8, - 0x88,0x04,0xf2,0xb8,0xaa,0x5a,0xd8,0x97,0x5d,0xa0,0xa8,0x42,0xfb,0xd9,0xde,0x80, - 0xae,0x4c,0xb3,0xa1,0x90,0x47,0x57,0x03,0x10,0x78,0xa6,0x8f,0x11,0xba,0x4b,0xce, - 0x2d,0x56,0xa4,0xe1,0xbd,0xf8,0xa0,0xa4,0xd5,0x48,0x3c,0x63,0x20,0x00,0x38,0xa0, - 0xd1,0xe6,0x12,0xe9,0x1d,0xd8,0x49,0xe3,0xd5,0x24,0xb5,0xc5,0x3a,0x1f,0xb0,0xd4}}; - -const TPM2B_RSA_TEST_VALUE c_RsapssKvt = {RSA_TEST_KEY_SIZE, { - 0x74,0x89,0x29,0x3e,0x1b,0xac,0xc6,0x85,0xca,0xf0,0x63,0x43,0x30,0x7d,0x1c,0x9b, - 0x2f,0xbd,0x4d,0x69,0x39,0x5e,0x85,0xe2,0xef,0x86,0x0a,0xc6,0x6b,0xa6,0x08,0x19, - 0x6c,0x56,0x38,0x24,0x55,0x92,0x84,0x9b,0x1b,0x8b,0x04,0xcf,0x24,0x14,0x24,0x13, - 0x0e,0x8b,0x82,0x6f,0x96,0xc8,0x9a,0x68,0xfc,0x4c,0x02,0xf0,0xdc,0xcd,0x36,0x25, - 0x31,0xd5,0x82,0xcf,0xc9,0x69,0x72,0xf6,0x1d,0xab,0x68,0x20,0x2e,0x2d,0x19,0x49, - 0xf0,0x2e,0xad,0xd2,0xda,0xaf,0xff,0xb6,0x92,0x83,0x5b,0x8a,0x06,0x2d,0x0c,0x32, - 0x11,0x32,0x3b,0x77,0x17,0xf6,0x50,0xfb,0xf8,0x57,0xc9,0xc7,0x9b,0x9e,0xc6,0xd1, - 0xa9,0x55,0xf0,0x22,0x35,0xda,0xca,0x3c,0x8e,0xc6,0x9a,0xd8,0x25,0xc8,0x5e,0x93, - 0x0d,0xaa,0xa7,0x06,0xaf,0x11,0x29,0x99,0xe7,0x7c,0xee,0x49,0x82,0x30,0xba,0x2c, - 0xe2,0x40,0x8f,0x0a,0xa6,0x7b,0x24,0x75,0xc5,0xcd,0x03,0x12,0xf4,0xb2,0x4b,0x3a, - 0xd1,0x91,0x3c,0x20,0x0e,0x58,0x2b,0x31,0xf8,0x8b,0xee,0xbc,0x1f,0x95,0x35,0x58, - 0x6a,0x73,0xee,0x99,0xb0,0x01,0x42,0x4f,0x66,0xc0,0x66,0xbb,0x35,0x86,0xeb,0xd9, - 0x7b,0x55,0x77,0x2d,0x54,0x78,0x19,0x49,0xe8,0xcc,0xfd,0xb1,0xcb,0x49,0xc9,0xea, - 0x20,0xab,0xed,0xb5,0xed,0xfe,0xb2,0xb5,0xa8,0xcf,0x05,0x06,0xd5,0x7d,0x2b,0xbb, - 0x0b,0x65,0x6b,0x2b,0x6d,0x55,0x95,0x85,0x44,0x8b,0x12,0x05,0xf3,0x4b,0xd4,0x8e, - 0x3d,0x68,0x2d,0x29,0x9c,0x05,0x79,0xd6,0xfc,0x72,0x90,0x6a,0xab,0x46,0x38,0x81}}; - -const TPM2B_RSA_TEST_VALUE c_RsassaKvt = {RSA_TEST_KEY_SIZE, { - 0x8a,0xb1,0x0a,0xb5,0xe4,0x02,0xf7,0xdd,0x45,0x2a,0xcc,0x2b,0x6b,0x8c,0x0e,0x9a, - 0x92,0x4f,0x9b,0xc5,0xe4,0x8b,0x82,0xb9,0xb0,0xd9,0x87,0x8c,0xcb,0xf0,0xb0,0x59, - 0xa5,0x92,0x21,0xa0,0xa7,0x61,0x5c,0xed,0xa8,0x6e,0x22,0x29,0x46,0xc7,0x86,0x37, - 0x4b,0x1b,0x1e,0x94,0x93,0xc8,0x4c,0x17,0x7a,0xae,0x59,0x91,0xf8,0x83,0x84,0xc4, - 0x8c,0x38,0xc2,0x35,0x0e,0x7e,0x50,0x67,0x76,0xe7,0xd3,0xec,0x6f,0x0d,0xa0,0x5c, - 0x2f,0x0a,0x80,0x28,0xd3,0xc5,0x7d,0x2d,0x1a,0x0b,0x96,0xd6,0xe5,0x98,0x05,0x8c, - 0x4d,0xa0,0x1f,0x8c,0xb6,0xfb,0xb1,0xcf,0xe9,0xcb,0x38,0x27,0x60,0x64,0x17,0xca, - 0xf4,0x8b,0x61,0xb7,0x1d,0xb6,0x20,0x9d,0x40,0x2a,0x1c,0xfd,0x55,0x40,0x4b,0x95, - 0x39,0x52,0x18,0x3b,0xab,0x44,0xe8,0x83,0x4b,0x7c,0x47,0xfb,0xed,0x06,0x9c,0xcd, - 0x4f,0xba,0x81,0xd6,0xb7,0x31,0xcf,0x5c,0x23,0xf8,0x25,0xab,0x95,0x77,0x0a,0x8f, - 0x46,0xef,0xfb,0x59,0xb8,0x04,0xd7,0x1e,0xf5,0xaf,0x6a,0x1a,0x26,0x9b,0xae,0xf4, - 0xf5,0x7f,0x84,0x6f,0x3c,0xed,0xf8,0x24,0x0b,0x43,0xd1,0xba,0x74,0x89,0x4e,0x39, - 0xfe,0xab,0xa5,0x16,0xa5,0x28,0xee,0x96,0x84,0x3e,0x16,0x6d,0x5f,0x4e,0x0b,0x7d, - 0x94,0x16,0x1b,0x8c,0xf9,0xaa,0x9b,0xc0,0x49,0x02,0x4c,0x3e,0x62,0xff,0xfe,0xa2, - 0x20,0x33,0x5e,0xa6,0xdd,0xda,0x15,0x2d,0xb7,0xcd,0xda,0xff,0xb1,0x0b,0x45,0x7b, - 0xd3,0xa0,0x42,0x29,0xab,0xa9,0x73,0xe9,0xa4,0xd9,0x8d,0xac,0xa1,0x88,0x2c,0x2d}}; - -#endif // SHA256 - -#if ALG_SHA384_VALUE == DEFAULT_TEST_HASH - -const TPM2B_RSA_TEST_VALUE c_OaepKvt = {RSA_TEST_KEY_SIZE, { - 0x0f,0x3c,0x42,0x4d,0x8c,0x91,0x96,0x05,0x3c,0xfd,0x59,0x3b,0x7f,0x29,0xbc,0x03, - 0x67,0xc1,0xff,0x74,0xe7,0x09,0xf4,0x13,0x45,0xbe,0x13,0x1d,0xc9,0x86,0x94,0xfe, - 0xed,0xa6,0xe8,0x3a,0xcb,0x89,0x4d,0xec,0x86,0x63,0x4c,0xdb,0xf1,0x95,0xee,0xc1, - 0x46,0xc5,0x3b,0xd8,0xf8,0xa2,0x41,0x6a,0x60,0x8b,0x9e,0x5e,0x7f,0x20,0x16,0xe3, - 0x69,0xb6,0x2d,0x92,0xfc,0x60,0xa2,0x74,0x88,0xd5,0xc7,0xa6,0xd1,0xff,0xe3,0x45, - 0x02,0x51,0x39,0xd9,0xf3,0x56,0x0b,0x91,0x80,0xe0,0x6c,0xa8,0xc3,0x78,0xef,0x34, - 0x22,0x8c,0xf5,0xfb,0x47,0x98,0x5d,0x57,0x8e,0x3a,0xb9,0xff,0x92,0x04,0xc7,0xc2, - 0x6e,0xfa,0x14,0xc1,0xb9,0x68,0x15,0x5c,0x12,0xe8,0xa8,0xbe,0xea,0xe8,0x8d,0x9b, - 0x48,0x28,0x35,0xdb,0x4b,0x52,0xc1,0x2d,0x85,0x47,0x83,0xd0,0xe9,0xae,0x90,0x6e, - 0x65,0xd4,0x34,0x7f,0x81,0xce,0x69,0xf0,0x96,0x62,0xf7,0xec,0x41,0xd5,0xc2,0xe3, - 0x4b,0xba,0x9c,0x8a,0x02,0xce,0xf0,0x5d,0x14,0xf7,0x09,0x42,0x8e,0x4a,0x27,0xfe, - 0x3e,0x66,0x42,0x99,0x03,0xe1,0x69,0xbd,0xdb,0x7f,0x9b,0x70,0xeb,0x4e,0x9c,0xac, - 0x45,0x67,0x91,0x9f,0x75,0x10,0xc6,0xfc,0x14,0xe1,0x28,0xc1,0x0e,0xe0,0x7e,0xc0, - 0x5c,0x1d,0xee,0xe8,0xff,0x45,0x79,0x51,0x86,0x08,0xe6,0x39,0xac,0xb5,0xfd,0xb8, - 0xf1,0xdd,0x2e,0xf4,0xb2,0x1a,0x69,0x0d,0xd9,0x98,0x8e,0xdb,0x85,0x61,0x70,0x20, - 0x82,0x91,0x26,0x87,0x80,0xc4,0x6a,0xd8,0x3b,0x91,0x4d,0xd3,0x33,0x84,0xad,0xb7}}; - -const TPM2B_RSA_TEST_VALUE c_RsaesKvt = {RSA_TEST_KEY_SIZE, { - 0x44,0xd5,0x9f,0xbc,0x48,0x03,0x3d,0x9f,0x22,0x91,0x2a,0xab,0x3c,0x31,0x71,0xab, - 0x86,0x3f,0x0f,0x6f,0x59,0x5b,0x93,0x27,0xbc,0xbc,0xcd,0x29,0x38,0x43,0x2a,0x3b, - 0x3b,0xd2,0xb3,0x45,0x40,0xba,0x15,0xb4,0x45,0xe3,0x56,0xab,0xff,0xb3,0x20,0x26, - 0x39,0xcc,0x48,0xc5,0x5d,0x41,0x0d,0x2f,0x57,0x7f,0x9d,0x16,0x2e,0x26,0x57,0xc7, - 0x6b,0xf3,0x36,0x54,0xbd,0xb6,0x1d,0x46,0x4e,0x13,0x50,0xd7,0x61,0x9d,0x8d,0x7b, - 0xeb,0x21,0x9f,0x79,0xf3,0xfd,0xe0,0x1b,0xa8,0xed,0x6d,0x29,0x33,0x0d,0x65,0x94, - 0x24,0x1e,0x62,0x88,0x6b,0x2b,0x4e,0x39,0xf5,0x80,0x39,0xca,0x76,0x95,0xbc,0x7c, - 0x27,0x1d,0xdd,0x3a,0x11,0xf1,0x3e,0x54,0x03,0xb7,0x43,0x91,0x99,0x33,0xfe,0x9d, - 0x14,0x2c,0x87,0x9a,0x95,0x18,0x1f,0x02,0x04,0x6a,0xe2,0xb7,0x81,0x14,0x13,0x45, - 0x16,0xfb,0xe4,0xb7,0x8f,0xab,0x2b,0xd7,0x60,0x34,0x8a,0x55,0xbc,0x01,0x8c,0x49, - 0x02,0x29,0xf1,0x9c,0x94,0x98,0x44,0xd0,0x94,0xcb,0xd4,0x85,0x4c,0x3b,0x77,0x72, - 0x99,0xd5,0x4b,0xc6,0x3b,0xe4,0xd2,0xc8,0xe9,0x6a,0x23,0x18,0x3b,0x3b,0x5e,0x32, - 0xec,0x70,0x84,0x5d,0xbb,0x6a,0x8f,0x0c,0x5f,0x55,0xa5,0x30,0x34,0x48,0xbb,0xc2, - 0xdf,0x12,0xb9,0x81,0xad,0x36,0x3f,0xf0,0x24,0x16,0x48,0x04,0x4a,0x7f,0xfd,0x9f, - 0x4c,0xea,0xfe,0x1d,0x83,0xd0,0x81,0xad,0x25,0x6c,0x5f,0x45,0x36,0x91,0xf0,0xd5, - 0x8b,0x53,0x0a,0xdf,0xec,0x9f,0x04,0x58,0xc4,0x35,0xa0,0x78,0x1f,0x68,0xe0,0x22}}; - -const TPM2B_RSA_TEST_VALUE c_RsapssKvt = {RSA_TEST_KEY_SIZE, { - 0x3f,0x3a,0x82,0x6d,0x42,0xe3,0x8b,0x4f,0x45,0x9c,0xda,0x6c,0xbe,0xbe,0xcd,0x00, - 0x98,0xfb,0xbe,0x59,0x30,0xc6,0x3c,0xaa,0xb3,0x06,0x27,0xb5,0xda,0xfa,0xb2,0xc3, - 0x43,0xb7,0xbd,0xe9,0xd3,0x23,0xed,0x80,0xce,0x74,0xb3,0xb8,0x77,0x8d,0xe6,0x8d, - 0x3c,0xe5,0xf5,0xd7,0x80,0xcf,0x38,0x55,0x76,0xd7,0x87,0xa8,0xd6,0x3a,0xcf,0xfd, - 0xd8,0x91,0x65,0xab,0x43,0x66,0x50,0xb7,0x9a,0x13,0x6b,0x45,0x80,0x76,0x86,0x22, - 0x27,0x72,0xf7,0xbb,0x65,0x22,0x5c,0x55,0x60,0xd8,0x84,0x9f,0xf2,0x61,0x52,0xac, - 0xf2,0x4f,0x5b,0x7b,0x21,0xe1,0xf5,0x4b,0x8f,0x01,0xf2,0x4b,0xcf,0xd3,0xfb,0x74, - 0x5e,0x6e,0x96,0xb4,0xa8,0x0f,0x01,0x9b,0x26,0x54,0x0a,0x70,0x55,0x26,0xb7,0x0b, - 0xe8,0x01,0x68,0x66,0x0d,0x6f,0xb5,0xfc,0x66,0xbd,0x9e,0x44,0xed,0x6a,0x1e,0x3c, - 0x3b,0x61,0x5d,0xe8,0xdb,0x99,0x5b,0x67,0xbf,0x94,0xfb,0xe6,0x8c,0x4b,0x07,0xcb, - 0x43,0x3a,0x0d,0xb1,0x1b,0x10,0x66,0x81,0xe2,0x0d,0xe7,0xd1,0xca,0x85,0xa7,0x50, - 0x82,0x2d,0xbf,0xed,0xcf,0x43,0x6d,0xdb,0x2c,0x7b,0x73,0x20,0xfe,0x73,0x3f,0x19, - 0xc6,0xdb,0x69,0xb8,0xc3,0xd3,0xf4,0xe5,0x64,0xf8,0x36,0x8e,0xd5,0xd8,0x09,0x2a, - 0x5f,0x26,0x70,0xa1,0xd9,0x5b,0x14,0xf8,0x22,0xe9,0x9d,0x22,0x51,0xf4,0x52,0xc1, - 0x6f,0x53,0xf5,0xca,0x0d,0xda,0x39,0x8c,0x29,0x42,0xe8,0x58,0x89,0xbb,0xd1,0x2e, - 0xc5,0xdb,0x86,0x8d,0xaf,0xec,0x58,0x36,0x8d,0x8d,0x57,0x23,0xd5,0xdd,0xb9,0x24}}; - -const TPM2B_RSA_TEST_VALUE c_RsassaKvt = {RSA_TEST_KEY_SIZE, { - 0x39,0x10,0x58,0x7d,0x6d,0xa8,0xd5,0x90,0x07,0xd6,0x2b,0x13,0xe9,0xd8,0x93,0x7e, - 0xf3,0x5d,0x71,0xe0,0xf0,0x33,0x3a,0x4a,0x22,0xf3,0xe6,0x95,0xd3,0x8e,0x8c,0x41, - 0xe7,0xb3,0x13,0xde,0x4a,0x45,0xd3,0xd1,0xfb,0xb1,0x3f,0x9b,0x39,0xa5,0x50,0x58, - 0xef,0xb6,0x3a,0x43,0xdd,0x54,0xab,0xda,0x9d,0x32,0x49,0xe4,0x57,0x96,0xe5,0x1b, - 0x1d,0x8f,0x33,0x8e,0x07,0x67,0x56,0x14,0xc1,0x18,0x78,0xa2,0x52,0xe6,0x2e,0x07, - 0x81,0xbe,0xd8,0xca,0x76,0x63,0x68,0xc5,0x47,0xa2,0x92,0x5e,0x4c,0xfd,0x14,0xc7, - 0x46,0x14,0xbe,0xc7,0x85,0xef,0xe6,0xb8,0x46,0xcb,0x3a,0x67,0x66,0x89,0xc6,0xee, - 0x9d,0x64,0xf5,0x0d,0x09,0x80,0x9a,0x6f,0x0e,0xeb,0xe4,0xb9,0xe9,0xab,0x90,0x4f, - 0xe7,0x5a,0xc8,0xca,0xf6,0x16,0x0a,0x82,0xbd,0xb7,0x76,0x59,0x08,0x2d,0xd9,0x40, - 0x5d,0xaa,0xa5,0xef,0xfb,0xe3,0x81,0x2c,0x2c,0x5c,0xa8,0x16,0xbd,0x63,0x20,0xc2, - 0x4d,0x3b,0x51,0xaa,0x62,0x1f,0x06,0xe5,0xbb,0x78,0x44,0x04,0x0c,0x5c,0xe1,0x1b, - 0x6b,0x9d,0x21,0x10,0xaf,0x48,0x48,0x98,0x97,0x77,0xc2,0x73,0xb4,0x98,0x64,0xcc, - 0x94,0x2c,0x29,0x28,0x45,0x36,0xd1,0xc5,0xd0,0x2f,0x97,0x27,0x92,0x65,0x22,0xbb, - 0x63,0x79,0xea,0xf5,0xff,0x77,0x0f,0x4b,0x56,0x8a,0x9f,0xad,0x1a,0x97,0x67,0x39, - 0x69,0xb8,0x4c,0x6c,0xc2,0x56,0xc5,0x7a,0xa8,0x14,0x5a,0x24,0x7a,0xa4,0x6e,0x55, - 0xb2,0x86,0x1d,0xf4,0x62,0x5a,0x2d,0x87,0x6d,0xde,0x99,0x78,0x2d,0xef,0xd7,0xdc}}; - -#endif // SHA384 - -#if ALG_SHA512_VALUE == DEFAULT_TEST_HASH - -const TPM2B_RSA_TEST_VALUE c_OaepKvt = {RSA_TEST_KEY_SIZE, { - 0x48,0x45,0xa7,0x70,0xb2,0x41,0xb7,0x48,0x5e,0x79,0x8c,0xdf,0x1c,0xc6,0x7e,0xbb, - 0x11,0x80,0x82,0x52,0xbf,0x40,0x3d,0x90,0x03,0x6e,0x20,0x3a,0xb9,0x65,0xc8,0x51, - 0x4c,0xbd,0x9c,0xa9,0x43,0x89,0xd0,0x57,0x0c,0xa3,0x69,0x22,0x7e,0x82,0x2a,0x1c, - 0x1d,0x5a,0x80,0x84,0x81,0xbb,0x5e,0x5e,0xd0,0xc1,0x66,0x9a,0xac,0x00,0xba,0x14, - 0xa2,0xe9,0xd0,0x3a,0x89,0x5a,0x63,0xe2,0xec,0x92,0x05,0xf4,0x47,0x66,0x12,0x7f, - 0xdb,0xa7,0x3c,0x5b,0x67,0xe1,0x55,0xca,0x0a,0x27,0xbf,0x39,0x89,0x11,0x05,0xba, - 0x9b,0x5a,0x9b,0x65,0x44,0xad,0x78,0xcf,0x8f,0x94,0xf6,0x9a,0xb4,0x52,0x39,0x0e, - 0x00,0xba,0xbc,0xe0,0xbd,0x6f,0x81,0x2d,0x76,0x42,0x66,0x70,0x07,0x77,0xbf,0x09, - 0x88,0x2a,0x0c,0xb1,0x56,0x3e,0xee,0xfd,0xdc,0xb6,0x3c,0x0d,0xc5,0xa4,0x0d,0x10, - 0x32,0x80,0x3e,0x1e,0xfe,0x36,0x8f,0xb5,0x42,0xc1,0x21,0x7b,0xdf,0xdf,0x4a,0xd2, - 0x68,0x0c,0x01,0x9f,0x4a,0xfd,0xd4,0xec,0xf7,0x49,0x06,0xab,0xed,0xc6,0xd5,0x1b, - 0x63,0x76,0x38,0xc8,0x6c,0xc7,0x4f,0xcb,0x29,0x8a,0x0e,0x6f,0x33,0xaf,0x69,0x31, - 0x8e,0xa7,0xdd,0x9a,0x36,0xde,0x9b,0xf1,0x0b,0xfb,0x20,0xa0,0x6d,0x33,0x31,0xc9, - 0x9e,0xb4,0x2e,0xc5,0x40,0x0e,0x60,0x71,0x36,0x75,0x05,0xf9,0x37,0xe0,0xca,0x8e, - 0x8f,0x56,0xe0,0xea,0x9b,0xeb,0x17,0xf3,0xca,0x40,0xc3,0x48,0x01,0xba,0xdc,0xc6, - 0x4b,0x2b,0x5b,0x7b,0x5c,0x81,0xa6,0xbb,0xc7,0x43,0xc0,0xbe,0xc0,0x30,0x7b,0x55}}; - -const TPM2B_RSA_TEST_VALUE c_RsaesKvt = {RSA_TEST_KEY_SIZE, { - 0x74,0x83,0xfa,0x52,0x65,0x50,0x68,0xd0,0x82,0x05,0x72,0x70,0x78,0x1c,0xac,0x10, - 0x23,0xc5,0x07,0xf8,0x93,0xd2,0xeb,0x65,0x87,0xbb,0x47,0xc2,0xfb,0x30,0x9e,0x61, - 0x4c,0xac,0x04,0x57,0x5a,0x7c,0xeb,0x29,0x08,0x84,0x86,0x89,0x1e,0x8f,0x07,0x32, - 0xa3,0x8b,0x70,0xe7,0xa2,0x9f,0x9c,0x42,0x71,0x3d,0x23,0x59,0x82,0x5e,0x8a,0xde, - 0xd6,0xfb,0xd8,0xc5,0x8b,0xc0,0xdb,0x10,0x38,0x87,0xd3,0xbf,0x04,0xb0,0x66,0xb9, - 0x85,0x81,0x54,0x4c,0x69,0xdc,0xba,0x78,0xf3,0x4a,0xdb,0x25,0xa2,0xf2,0x34,0x55, - 0xdd,0xaa,0xa5,0xc4,0xed,0x55,0x06,0x0e,0x2a,0x30,0x77,0xab,0x82,0x79,0xf0,0xcd, - 0x9d,0x6f,0x09,0xa0,0xc8,0x82,0xc9,0xe0,0x61,0xda,0x40,0xcd,0x17,0x59,0xc0,0xef, - 0x95,0x6d,0xa3,0x6d,0x1c,0x2b,0xee,0x24,0xef,0xd8,0x4a,0x55,0x6c,0xd6,0x26,0x42, - 0x32,0x17,0xfd,0x6a,0xb3,0x4f,0xde,0x07,0x2f,0x10,0xd4,0xac,0x14,0xea,0x89,0x68, - 0xcc,0xd3,0x07,0xb7,0xcf,0xba,0x39,0x20,0x63,0x20,0x7b,0x44,0x8b,0x48,0x60,0x5d, - 0x3a,0x2a,0x0a,0xe9,0x68,0xab,0x15,0x46,0x27,0x64,0xb5,0x82,0x06,0x29,0xe7,0x25, - 0xca,0x46,0x48,0x6e,0x2a,0x34,0x57,0x4b,0x81,0x75,0xae,0xb6,0xfd,0x6f,0x51,0x5f, - 0x04,0x59,0xc7,0x15,0x1f,0xe0,0x68,0xf7,0x36,0x2d,0xdf,0xc8,0x9d,0x05,0x27,0x2d, - 0x3f,0x2b,0x59,0x5d,0xcb,0xf3,0xc4,0x92,0x6e,0x00,0xa8,0x8d,0xd0,0x69,0xe5,0x59, - 0xda,0xba,0x4f,0x38,0xf5,0xa0,0x8b,0xf1,0x73,0xe9,0x0d,0xee,0x64,0xe5,0xa2,0xd8}}; - -const TPM2B_RSA_TEST_VALUE c_RsapssKvt = {RSA_TEST_KEY_SIZE, { - 0x1b,0xca,0x8b,0x18,0x15,0x3b,0x95,0x5b,0x0a,0x89,0x10,0x03,0x7f,0x7c,0xa0,0xc9, - 0x66,0x57,0x86,0x6a,0xc9,0xeb,0x82,0x71,0xf3,0x8d,0x6f,0xa9,0xa4,0x2d,0xd0,0x22, - 0xdf,0xe9,0xc6,0x71,0x5b,0xf4,0x27,0x38,0x5b,0x2c,0x8a,0x54,0xcc,0x85,0x11,0x69, - 0x6d,0x6f,0x42,0xe7,0x22,0xcb,0xd6,0xad,0x1a,0xc5,0xab,0x6a,0xa5,0xfc,0xa5,0x70, - 0x72,0x4a,0x62,0x25,0xd0,0xa2,0x16,0x61,0xab,0xac,0x31,0xa0,0x46,0x24,0x4f,0xdd, - 0x9a,0x36,0x55,0xb6,0x00,0x9e,0x23,0x50,0x0d,0x53,0x01,0xb3,0x46,0x56,0xb2,0x1d, - 0x33,0x5b,0xca,0x41,0x7f,0x65,0x7e,0x00,0x5c,0x12,0xff,0x0a,0x70,0x5d,0x8c,0x69, - 0x4a,0x02,0xee,0x72,0x30,0xa7,0x5c,0xa4,0xbb,0xbe,0x03,0x0c,0xe4,0x5f,0x33,0xb6, - 0x78,0x91,0x9d,0xd8,0xec,0x34,0x03,0x2e,0x63,0x32,0xc7,0x2a,0x36,0x50,0xd5,0x8b, - 0x0e,0x7f,0x54,0x4e,0xf4,0x29,0x11,0x1b,0xcd,0x0f,0x37,0xa5,0xbc,0x61,0x83,0x50, - 0xfa,0x18,0x75,0xd9,0xfe,0xa7,0xe8,0x9b,0xc1,0x4f,0x96,0x37,0x81,0x71,0xdf,0x71, - 0x8b,0x89,0x81,0xf4,0x95,0xb5,0x29,0x66,0x41,0x0c,0x73,0xd7,0x0b,0x21,0xb4,0xfb, - 0xf9,0x63,0x2f,0xe9,0x7b,0x38,0xaa,0x20,0xc3,0x96,0xcc,0xb7,0xb2,0x24,0xa1,0xe0, - 0x59,0x9c,0x10,0x9e,0x5a,0xf7,0xe3,0x02,0xe6,0x23,0xe2,0x44,0x21,0x3f,0x6e,0x5e, - 0x79,0xb2,0x93,0x7d,0xce,0xed,0xe2,0xe1,0xab,0x98,0x07,0xa7,0xbd,0xbc,0xd8,0xf7, - 0x06,0xeb,0xc5,0xa6,0x37,0x18,0x11,0x88,0xf7,0x63,0x39,0xb9,0x57,0x29,0xdc,0x03}}; - -const TPM2B_RSA_TEST_VALUE c_RsassaKvt = {RSA_TEST_KEY_SIZE, { - 0x05,0x55,0x00,0x62,0x01,0xc6,0x04,0x31,0x55,0x73,0x3f,0x2a,0xf9,0xd4,0x0f,0xc1, - 0x2b,0xeb,0xd8,0xc8,0xdb,0xb2,0xab,0x6c,0x26,0xde,0x2d,0x89,0xc2,0x2d,0x36,0x62, - 0xc8,0x22,0x5d,0x58,0x03,0xb1,0x46,0x14,0xa5,0xd4,0xbc,0x25,0x6b,0x7f,0x8f,0x14, - 0x7e,0x03,0x2f,0x3d,0xb8,0x39,0xa5,0x79,0x13,0x7e,0x22,0x2a,0xb9,0x3e,0x8f,0xaa, - 0x01,0x7c,0x03,0x12,0x21,0x6c,0x2a,0xb4,0x39,0x98,0x6d,0xff,0x08,0x6c,0x59,0x2d, - 0xdc,0xc6,0xf1,0x77,0x62,0x10,0xa6,0xcc,0xe2,0x71,0x8e,0x97,0x00,0x87,0x5b,0x0e, - 0x20,0x00,0x3f,0x18,0x63,0x83,0xf0,0xe4,0x0a,0x64,0x8c,0xe9,0x8c,0x91,0xe7,0x89, - 0x04,0x64,0x2c,0x8b,0x41,0xc8,0xac,0xf6,0x5a,0x75,0xe6,0xa5,0x76,0x43,0xcb,0xa5, - 0x33,0x8b,0x07,0xc9,0x73,0x0f,0x45,0xa4,0xc3,0xac,0xc1,0xc3,0xe6,0xe7,0x21,0x66, - 0x1c,0xba,0xbf,0xea,0x3e,0x39,0xfa,0xb2,0xe2,0x8f,0xfe,0x9c,0xb4,0x85,0x89,0x33, - 0x2a,0x0c,0xc8,0x5d,0x58,0xe1,0x89,0x12,0xe9,0x4d,0x42,0xb3,0x1f,0x99,0x0c,0x3e, - 0xd8,0xb2,0xeb,0xf5,0x88,0xfb,0xe1,0x4b,0x8e,0xdc,0xd3,0xa8,0xda,0xbe,0x04,0x45, - 0xbf,0x56,0xc6,0x54,0x70,0x00,0xb8,0x66,0x46,0x3a,0xa3,0x1e,0xb6,0xeb,0x1a,0xa0, - 0x0b,0xd3,0x9a,0x9a,0x52,0xda,0x60,0x69,0xb7,0xef,0x93,0x47,0x38,0xab,0x1a,0xa0, - 0x22,0x6e,0x76,0x06,0xb6,0x74,0xaf,0x74,0x8f,0x51,0xc0,0x89,0x5a,0x4b,0xbe,0x6a, - 0x91,0x18,0x25,0x7d,0xa6,0x77,0xe6,0xfd,0xc2,0x62,0x36,0x07,0xc6,0xef,0x79,0xc9}}; - -#endif // SHA512 - diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/SelfTest.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/SelfTest.h deleted file mode 100644 index 4b9fc478f..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/SelfTest.h +++ /dev/null @@ -1,105 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Introduction -// This file contains the structure definitions for the self-test. It also contains -// macros for use when the self-test is implemented. -#ifndef _SELF_TEST_H_ -#define _SELF_TEST_H_ - -//** Defines - -// Was typing this a lot -#define SELF_TEST_FAILURE FAIL(FATAL_ERROR_SELF_TEST) - -// Use the definition of key sizes to set algorithm values for key size. -#define AES_ENTRIES (AES_128 + AES_192 + AES_256) -#define SM4_ENTRIES (SM4_128) -#define CAMELLIA_ENTRIES (CAMELLIA_128 + CAMELLIA_192 + CAMELLIA_256) -#define TDES_ENTRIES (TDES_128 + TDES_192) - -#define NUM_SYMS (AES_ENTRIES + SM4_ENTRIES + CAMELLIA_ENTRIES + TDES_ENTRIES) - -typedef UINT32 SYM_INDEX; - -// These two defines deal with the fact that the TPM_ALG_ID table does not delimit -// the symmetric mode values with a TPM_SYM_MODE_FIRST and TPM_SYM_MODE_LAST -#define TPM_SYM_MODE_FIRST ALG_CTR_VALUE -#define TPM_SYM_MODE_LAST ALG_ECB_VALUE - -#define NUM_SYM_MODES (TPM_SYM_MODE_LAST - TPM_SYM_MODE_FIRST + 1) - -// Define a type to hold a bit vector for the modes. -#if NUM_SYM_MODES <= 0 -#error "No symmetric modes implemented" -#elif NUM_SYM_MODES <= 8 -typedef BYTE SYM_MODES; -#elif NUM_SYM_MODES <= 16 -typedef UINT16 SYM_MODES; -#elif NUM_SYM_MODES <= 32 -typedef UINT32 SYM_MODES; -#else -#error "Too many symmetric modes" -#endif - -typedef struct SYMMETRIC_TEST_VECTOR { - const TPM_ALG_ID alg; // the algorithm - const UINT16 keyBits; // bits in the key - const BYTE *key; // The test key - const UINT32 ivSize; // block size of the algorithm - const UINT32 dataInOutSize; // size to encrypt/decrypt - const BYTE *dataIn; // data to encrypt - const BYTE *dataOut[NUM_SYM_MODES];// data to decrypt -} SYMMETRIC_TEST_VECTOR; - -#if ALG_SHA512 -# define DEFAULT_TEST_HASH ALG_SHA512_VALUE -# define DEFAULT_TEST_DIGEST_SIZE SHA512_DIGEST_SIZE -# define DEFAULT_TEST_HASH_BLOCK_SIZE SHA512_BLOCK_SIZE -#elif ALG_SHA384 -# define DEFAULT_TEST_HASH ALG_SHA384_VALUE -# define DEFAULT_TEST_DIGEST_SIZE SHA384_DIGEST_SIZE -# define DEFAULT_TEST_HASH_BLOCK_SIZE SHA384_BLOCK_SIZE -#elif ALG_SHA256 -# define DEFAULT_TEST_HASH ALG_SHA256_VALUE -# define DEFAULT_TEST_DIGEST_SIZE SHA256_DIGEST_SIZE -# define DEFAULT_TEST_HASH_BLOCK_SIZE SHA256_BLOCK_SIZE -#elif ALG_SHA1 -# define DEFAULT_TEST_HASH ALG_SHA1_VALUE -# define DEFAULT_TEST_DIGEST_SIZE SHA1_DIGEST_SIZE -# define DEFAULT_TEST_HASH_BLOCK_SIZE SHA1_BLOCK_SIZE -#endif - - -#endif // _SELF_TEST_H_ \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/SupportLibraryFunctionPrototypes_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/SupportLibraryFunctionPrototypes_fp.h deleted file mode 100644 index 3cdd2c816..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/SupportLibraryFunctionPrototypes_fp.h +++ /dev/null @@ -1,137 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Introduction -// This file contains the function prototypes for the functions that need to be -// present in the selected math library. For each function listed, there should -// be a small stub function. That stub provides the interface between the TPM -// code and the support library. In most cases, the stub function will only need -// to do a format conversion between the TPM big number and the support library -// big number. The TPM big number format was chosen to make this relatively -// simple and fast. -// -// Arithmetic operations return a BOOL to indicate if the operation completed -// successfully or not. - -#ifndef SUPPORT_LIBRARY_FUNCTION_PROTOTYPES_H -#define SUPPORT_LIBRARY_FUNCTION_PROTOTYPES_H - -//** SupportLibInit() -// This function is called by CryptInit() so that necessary initializations can be -// performed on the cryptographic library. -LIB_EXPORT -int SupportLibInit(void); - -//** MathLibraryCompatibililtyCheck() -// This function is only used during development to make sure that the library -// that is being referenced is using the same size of data structures as the TPM. -void -MathLibraryCompatibilityCheck( - void - ); - -//** BnModMult() -// Does 'op1' * 'op2' and divide by 'modulus' returning the remainder of the divide. -LIB_EXPORT BOOL -BnModMult(bigNum result, bigConst op1, bigConst op2, bigConst modulus); - -//** BnMult() -// Multiplies two numbers and returns the result -LIB_EXPORT BOOL -BnMult(bigNum result, bigConst multiplicand, bigConst multiplier); - -//** BnDiv() -// This function divides two bigNum values. The function returns FALSE if there is -// an error in the operation. -LIB_EXPORT BOOL -BnDiv(bigNum quotient, bigNum remainder, - bigConst dividend, bigConst divisor); -//** BnMod() -#define BnMod(a, b) BnDiv(NULL, (a), (a), (b)) - -//** BnGcd() -// Get the greatest common divisor of two numbers. This function is only needed -// when the TPM implements RSA. -LIB_EXPORT BOOL -BnGcd(bigNum gcd, bigConst number1, bigConst number2); - -//** BnModExp() -// Do modular exponentiation using bigNum values. This function is only needed -// when the TPM implements RSA. -LIB_EXPORT BOOL -BnModExp(bigNum result, bigConst number, - bigConst exponent, bigConst modulus); -//** BnModInverse() -// Modular multiplicative inverse. This function is only needed -// when the TPM implements RSA. -LIB_EXPORT BOOL BnModInverse(bigNum result, bigConst number, - bigConst modulus); - -//** BnEccModMult() -// This function does a point multiply of the form R = [d]S. A return of FALSE -// indicates that the result was the point at infinity. This function is only needed -// if the TPM supports ECC. -LIB_EXPORT BOOL -BnEccModMult(bigPoint R, pointConst S, bigConst d, bigCurve E); - -//** BnEccModMult2() -// This function does a point multiply of the form R = [d]S + [u]Q. A return of -// FALSE indicates that the result was the point at infinity. This function is only -// needed if the TPM supports ECC. -LIB_EXPORT BOOL -BnEccModMult2(bigPoint R, pointConst S, bigConst d, - pointConst Q, bigConst u, bigCurve E); - -//** BnEccAdd() -// This function does a point add R = S + Q. A return of FALSE -// indicates that the result was the point at infinity. This function is only needed -// if the TPM supports ECC. -LIB_EXPORT BOOL -BnEccAdd(bigPoint R, pointConst S, pointConst Q, bigCurve E); - -//** BnCurveInitialize() -// This function is used to initialize the pointers of a bnCurve_t structure. The -// structure is a set of pointers to bigNum values. The curve-dependent values are -// set by a different function. This function is only needed -// if the TPM supports ECC. -LIB_EXPORT bigCurve -BnCurveInitialize(bigCurve E, TPM_ECC_CURVE curveId); - -//*** BnCurveFree() -// This function will free the allocated components of the curve and end the -// frame in which the curve data exists -LIB_EXPORT void -BnCurveFree(bigCurve E); - -#endif \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/SymmetricTest.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/SymmetricTest.h deleted file mode 100644 index bf052152b..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/SymmetricTest.h +++ /dev/null @@ -1,76 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Introduction - -// This file contains the structures and data definitions for the symmetric tests. -// This file references the header file that contains the actual test vectors. This -// organization was chosen so that the program that is used to generate the test -// vector values does not have to also re-generate this data. -#ifndef SELF_TEST_DATA -#error "This file may only be included in AlgorithmTests.c" -#endif - -#ifndef _SYMMETRIC_TEST_H -#define _SYMMETRIC_TEST_H -#include "SymmetricTestData.h" - - -//** Symmetric Test Structures - -const SYMMETRIC_TEST_VECTOR c_symTestValues[NUM_SYMS + 1] = { -#if ALG_AES && AES_128 - {ALG_AES_VALUE, 128, key_AES128, 16, sizeof(dataIn_AES128), dataIn_AES128, - {dataOut_AES128_CTR, dataOut_AES128_OFB, dataOut_AES128_CBC, - dataOut_AES128_CFB, dataOut_AES128_ECB}}, -#endif -#if ALG_AES && AES_192 - {ALG_AES_VALUE, 192, key_AES192, 16, sizeof(dataIn_AES192), dataIn_AES192, - {dataOut_AES192_CTR, dataOut_AES192_OFB, dataOut_AES192_CBC, - dataOut_AES192_CFB, dataOut_AES192_ECB}}, -#endif -#if ALG_AES && AES_256 - {ALG_AES_VALUE, 256, key_AES256, 16, sizeof(dataIn_AES256), dataIn_AES256, - {dataOut_AES256_CTR, dataOut_AES256_OFB, dataOut_AES256_CBC, - dataOut_AES256_CFB, dataOut_AES256_ECB}}, -#endif -#if ALG_SM4 && SM4_128 - {ALG_SM4_VALUE, 128, key_SM4128, 16, sizeof(dataIn_SM4128), dataIn_SM4128, - {dataOut_SM4128_CTR, dataOut_SM4128_OFB, dataOut_SM4128_CBC, - dataOut_SM4128_CFB, dataOut_AES128_ECB}}, -#endif - {0} -}; - -#endif // _SYMMETRIC_TEST_H diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/SymmetricTestData.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/SymmetricTestData.h deleted file mode 100644 index e171c07ac..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/SymmetricTestData.h +++ /dev/null @@ -1,178 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -// This is a vector for testing either encrypt or decrypt. The premise for decrypt -// is that the IV for decryption is the same as the IV for encryption. However, -// the ivOut value may be different for encryption and decryption. We will encrypt -// at least two blocks. This means that the chaining value will be used for each -// of the schemes (if any) and that implicitly checks that the chaining value -// is handled properly. - - -#if AES_128 - -const BYTE key_AES128 [] = { - 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, - 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c}; - -const BYTE dataIn_AES128 [] = { - 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, - 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, - 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, - 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51}; - - -const BYTE dataOut_AES128_ECB [] = { - 0x3a, 0xd7, 0x7b, 0xb4, 0x0d, 0x7a, 0x36, 0x60, - 0xa8, 0x9e, 0xca, 0xf3, 0x24, 0x66, 0xef, 0x97, - 0xf5, 0xd3, 0xd5, 0x85, 0x03, 0xb9, 0x69, 0x9d, - 0xe7, 0x85, 0x89, 0x5a, 0x96, 0xfd, 0xba, 0xaf}; - -const BYTE dataOut_AES128_CBC [] = { - 0x76, 0x49, 0xab, 0xac, 0x81, 0x19, 0xb2, 0x46, - 0xce, 0xe9, 0x8e, 0x9b, 0x12, 0xe9, 0x19, 0x7d, - 0x50, 0x86, 0xcb, 0x9b, 0x50, 0x72, 0x19, 0xee, - 0x95, 0xdb, 0x11, 0x3a, 0x91, 0x76, 0x78, 0xb2}; - -const BYTE dataOut_AES128_CFB [] = { - 0x3b, 0x3f, 0xd9, 0x2e, 0xb7, 0x2d, 0xad, 0x20, - 0x33, 0x34, 0x49, 0xf8, 0xe8, 0x3c, 0xfb, 0x4a, - 0xc8, 0xa6, 0x45, 0x37, 0xa0, 0xb3, 0xa9, 0x3f, - 0xcd, 0xe3, 0xcd, 0xad, 0x9f, 0x1c, 0xe5, 0x8b}; - -const BYTE dataOut_AES128_OFB [] = { - 0x3b, 0x3f, 0xd9, 0x2e, 0xb7, 0x2d, 0xad, 0x20, - 0x33, 0x34, 0x49, 0xf8, 0xe8, 0x3c, 0xfb, 0x4a, - 0x77, 0x89, 0x50, 0x8d, 0x16, 0x91, 0x8f, 0x03, - 0xf5, 0x3c, 0x52, 0xda, 0xc5, 0x4e, 0xd8, 0x25}; - - -const BYTE dataOut_AES128_CTR [] = { - 0x87, 0x4d, 0x61, 0x91, 0xb6, 0x20, 0xe3, 0x26, - 0x1b, 0xef, 0x68, 0x64, 0x99, 0x0d, 0xb6, 0xce, - 0x98, 0x06, 0xf6, 0x6b, 0x79, 0x70, 0xfd, 0xff, - 0x86, 0x17, 0x18, 0x7b, 0xb9, 0xff, 0xfd, 0xff}; -#endif - -#if AES_192 - -const BYTE key_AES192 [] = { - 0x8e, 0x73, 0xb0, 0xf7, 0xda, 0x0e, 0x64, 0x52, - 0xc8, 0x10, 0xf3, 0x2b, 0x80, 0x90, 0x79, 0xe5, - 0x62, 0xf8, 0xea, 0xd2, 0x52, 0x2c, 0x6b, 0x7b}; - -const BYTE dataIn_AES192 [] = { - 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, - 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, - 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, - 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51}; - -const BYTE dataOut_AES192_ECB [] = { - 0xbd, 0x33, 0x4f, 0x1d, 0x6e, 0x45, 0xf2, 0x5f, - 0xf7, 0x12, 0xa2, 0x14, 0x57, 0x1f, 0xa5, 0xcc, - 0x97, 0x41, 0x04, 0x84, 0x6d, 0x0a, 0xd3, 0xad, - 0x77, 0x34, 0xec, 0xb3, 0xec, 0xee, 0x4e, 0xef}; - -const BYTE dataOut_AES192_CBC [] = { - 0x4f, 0x02, 0x1d, 0xb2, 0x43, 0xbc, 0x63, 0x3d, - 0x71, 0x78, 0x18, 0x3a, 0x9f, 0xa0, 0x71, 0xe8, - 0xb4, 0xd9, 0xad, 0xa9, 0xad, 0x7d, 0xed, 0xf4, - 0xe5, 0xe7, 0x38, 0x76, 0x3f, 0x69, 0x14, 0x5a}; - -const BYTE dataOut_AES192_CFB [] = { - 0xcd, 0xc8, 0x0d, 0x6f, 0xdd, 0xf1, 0x8c, 0xab, - 0x34, 0xc2, 0x59, 0x09, 0xc9, 0x9a, 0x41, 0x74, - 0x67, 0xce, 0x7f, 0x7f, 0x81, 0x17, 0x36, 0x21, - 0x96, 0x1a, 0x2b, 0x70, 0x17, 0x1d, 0x3d, 0x7a}; - -const BYTE dataOut_AES192_OFB [] = { - 0xcd, 0xc8, 0x0d, 0x6f, 0xdd, 0xf1, 0x8c, 0xab, - 0x34, 0xc2, 0x59, 0x09, 0xc9, 0x9a, 0x41, 0x74, - 0xfc, 0xc2, 0x8b, 0x8d, 0x4c, 0x63, 0x83, 0x7c, - 0x09, 0xe8, 0x17, 0x00, 0xc1, 0x10, 0x04, 0x01}; - -const BYTE dataOut_AES192_CTR [] = { - 0x1a, 0xbc, 0x93, 0x24, 0x17, 0x52, 0x1c, 0xa2, - 0x4f, 0x2b, 0x04, 0x59, 0xfe, 0x7e, 0x6e, 0x0b, - 0x09, 0x03, 0x39, 0xec, 0x0a, 0xa6, 0xfa, 0xef, - 0xd5, 0xcc, 0xc2, 0xc6, 0xf4, 0xce, 0x8e, 0x94}; -#endif - -#if AES_256 - -const BYTE key_AES256 [] = { - 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe, - 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81, - 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7, - 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4}; - -const BYTE dataIn_AES256 [] = { - 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, - 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, - 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, - 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51}; - -const BYTE dataOut_AES256_ECB [] = { - 0xf3, 0xee, 0xd1, 0xbd, 0xb5, 0xd2, 0xa0, 0x3c, - 0x06, 0x4b, 0x5a, 0x7e, 0x3d, 0xb1, 0x81, 0xf8, - 0x59, 0x1c, 0xcb, 0x10, 0xd4, 0x10, 0xed, 0x26, - 0xdc, 0x5b, 0xa7, 0x4a, 0x31, 0x36, 0x28, 0x70}; - -const BYTE dataOut_AES256_CBC [] = { - 0xf5, 0x8c, 0x4c, 0x04, 0xd6, 0xe5, 0xf1, 0xba, - 0x77, 0x9e, 0xab, 0xfb, 0x5f, 0x7b, 0xfb, 0xd6, - 0x9c, 0xfc, 0x4e, 0x96, 0x7e, 0xdb, 0x80, 0x8d, - 0x67, 0x9f, 0x77, 0x7b, 0xc6, 0x70, 0x2c, 0x7d}; - -const BYTE dataOut_AES256_CFB [] = { - 0xdc, 0x7e, 0x84, 0xbf, 0xda, 0x79, 0x16, 0x4b, - 0x7e, 0xcd, 0x84, 0x86, 0x98, 0x5d, 0x38, 0x60, - 0x39, 0xff, 0xed, 0x14, 0x3b, 0x28, 0xb1, 0xc8, - 0x32, 0x11, 0x3c, 0x63, 0x31, 0xe5, 0x40, 0x7b}; - -const BYTE dataOut_AES256_OFB [] = { - 0xdc, 0x7e, 0x84, 0xbf, 0xda, 0x79, 0x16, 0x4b, - 0x7e, 0xcd, 0x84, 0x86, 0x98, 0x5d, 0x38, 0x60, - 0x4f, 0xeb, 0xdc, 0x67, 0x40, 0xd2, 0x0b, 0x3a, - 0xc8, 0x8f, 0x6a, 0xd8, 0x2a, 0x4f, 0xb0, 0x8d}; - -const BYTE dataOut_AES256_CTR [] = { - 0x60, 0x1e, 0xc3, 0x13, 0x77, 0x57, 0x89, 0xa5, - 0xb7, 0xa7, 0xf5, 0x04, 0xbb, 0xf3, 0xd2, 0x28, - 0xf4, 0x43, 0xe3, 0xca, 0x4d, 0x62, 0xb5, 0x9a, - 0xca, 0x84, 0xe9, 0x90, 0xca, 0xca, 0xf5, 0xc5}; -#endif - - - diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/TPMB.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/TPMB.h deleted file mode 100644 index d815632ca..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/TPMB.h +++ /dev/null @@ -1,73 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -// -// This file contains extra TPM2B structures -// - -#ifndef _TPMB_H -#define _TPMB_H - -// TPM2B Types -typedef struct { - UINT16 size; - BYTE buffer[1]; -} TPM2B, *P2B; -typedef const TPM2B *PC2B; - -// This macro helps avoid having to type in the structure in order to create -// a new TPM2B type that is used in a function. -#define TPM2B_TYPE(name, bytes) \ - typedef union { \ - struct { \ - UINT16 size; \ - BYTE buffer[(bytes)]; \ - } t; \ - TPM2B b; \ - } TPM2B_##name - -// This macro defines a TPM2B with a constant character value. This macro -// sets the size of the string to the size minus the terminating zero byte. -// This lets the user of the label add their terminating 0. This method -// is chosen so that existing code that provides a label will continue -// to work correctly. - -// Macro to instance and initialize a TPM2B value -#define TPM2B_INIT(TYPE, name) \ - TPM2B_##TYPE name = {sizeof(name.t.buffer), {0}} - -#define TPM2B_BYTE_VALUE(bytes) TPM2B_TYPE(bytes##_BYTE_VALUE, bytes) - - -#endif diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Tpm.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Tpm.h deleted file mode 100644 index e1b45c2cc..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Tpm.h +++ /dev/null @@ -1,55 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -// Root header file for building any TPM.lib code - -#ifndef _TPM_H_ -#define _TPM_H_ - -#include "TpmBuildSwitches.h" -#include "BaseTypes.h" -#include "TPMB.h" -#include "MinMax.h" - -#include "TpmProfile.h" -#include "TpmAlgorithmDefines.h" -#include "LibSupport.h" // Types from the library. These need to come before - // Global.h because some of the structures in - // that file depend on the structures used by the - // cryptographic libraries. -#include "GpMacros.h" // Define additional macros -#include "Global.h" // Define other TPM types -#include "InternalRoutines.h" // Function prototypes - -#endif // _TPM_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/TpmASN1.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/TpmASN1.h deleted file mode 100644 index eafeed4a7..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/TpmASN1.h +++ /dev/null @@ -1,127 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Introduction -// This file contains the macro and structure definitions for the X509 commands and -// functions. - -#ifndef _TPMASN1_H_ -#define _TPMASN1_H_ - -//** Includes - -#include "Tpm.h" -#include "OIDs.h" - -//** Defined Constants -//*** ASN.1 Universal Types (Class 00b) -#define ASN1_EOC 0x00 -#define ASN1_BOOLEAN 0x01 -#define ASN1_INTEGER 0x02 -#define ASN1_BITSTRING 0x03 -#define ASN1_OCTET_STRING 0x04 -#define ASN1_NULL 0x05 -#define ASN1_OBJECT_IDENTIFIER 0x06 -#define ASN1_OBJECT_DESCRIPTOR 0x07 -#define ASN1_EXTERNAL 0x08 -#define ASN1_REAL 0x09 -#define ASN1_ENUMERATED 0x0A -#define ASN1_EMBEDDED 0x0B -#define ASN1_UTF8String 0x0C -#define ASN1_RELATIVE_OID 0x0D -#define ASN1_SEQUENCE 0x10 // Primitive + Constructed + 0x10 -#define ASN1_SET 0x11 // Primitive + Constructed + 0x11 -#define ASN1_NumericString 0x12 -#define ASN1_PrintableString 0x13 -#define ASN1_T61String 0x14 -#define ASN1_VideoString 0x15 -#define ASN1_IA5String 0x16 -#define ASN1_UTCTime 0x17 -#define ASN1_GeneralizeTime 0x18 -#define ASN1_VisibleString 0x1A -#define ASN1_GeneralString 0x1B -#define ASN1_UniversalString 0x1C -#define ASN1_CHARACTER STRING 0x1D -#define ASN1_BMPString 0x1E -#define ASN1_CONSTRUCTED 0x20 - -#define ASN1_APPLICAIION_SPECIFIC 0xA0 - -#define ASN1_CONSTRUCTED_SEQUENCE (ASN1_SEQUENCE + ASN1_CONSTRUCTED) - -#define MAX_DEPTH 10 // maximum push depth for marshaling context. - -//** Macros - -//*** Unmarshaling Macros -#ifndef VERIFY -#define VERIFY(_X_) {if(!(_X_)) goto Error; } -#endif -// Checks the validity of the size making sure that there is no wrap around -#define CHECK_SIZE(context, length) \ - VERIFY( (((length) + (context)->offset) >= (context)->offset) \ - && (((length) + (context)->offset) <= (context)->size)) -#define NEXT_OCTET(context) ((context)->buffer[(context)->offset++]) -#define PEEK_NEXT(context) ((context)->buffer[(context)->offset]) - -//*** Marshaling Macros - -// Marshaling works in reverse order. The offset is set to the top of the buffer and, -// as the buffer is filled, 'offset' counts down to zero. When the full thing is -// encoded it can be moved to the top of the buffer. This happens when the last -// context is closed. - -#define CHECK_SPACE(context, length) VERIFY(context->offset > length) - -//** Structures - -typedef struct ASN1UnmarshalContext { - BYTE *buffer; // pointer to the buffer - INT16 size; // size of the buffer (a negative number indicates - // a parsing failure). - INT16 offset; // current offset into the buffer (a negative number - // indicates a parsing failure). Not used - BYTE tag; // The last unmarshaled tag -} ASN1UnmarshalContext; - -typedef struct ASN1MarshalContext { - BYTE *buffer; // pointer to the start of the buffer - INT16 offset; // place on the top where the last entry was added - // items are added from the bottom up. - INT16 end; // the end offset of the current value - INT16 depth; // how many pushed end values. - INT16 ends[MAX_DEPTH]; -} ASN1MarshalContext; - -#endif // _TPMASN1_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/TpmAlgorithmDefines.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/TpmAlgorithmDefines.h deleted file mode 100644 index 5954a8447..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/TpmAlgorithmDefines.h +++ /dev/null @@ -1,423 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Apr 7, 2019 Time: 06:58:55PM - */ - -#ifndef _TPM_ALGORITHM_DEFINES_H_ -#define _TPM_ALGORITHM_DEFINES_H_ - -// Table 2:3 - Definition of Base Types -// Base Types are in BaseTypes.h - -#define ECC_CURVES \ - {TPM_ECC_BN_P256, TPM_ECC_BN_P638, TPM_ECC_NIST_P192, \ - TPM_ECC_NIST_P224, TPM_ECC_NIST_P256, TPM_ECC_NIST_P384, \ - TPM_ECC_NIST_P521, TPM_ECC_SM2_P256} -#define ECC_CURVE_COUNT \ - (ECC_BN_P256 + ECC_BN_P638 + ECC_NIST_P192 + ECC_NIST_P224 + \ - ECC_NIST_P256 + ECC_NIST_P384 + ECC_NIST_P521 + ECC_SM2_P256) -#define MAX_ECC_KEY_BITS \ - MAX(ECC_BN_P256 * 256, MAX(ECC_BN_P638 * 638, \ - MAX(ECC_NIST_P192 * 192, MAX(ECC_NIST_P224 * 224, \ - MAX(ECC_NIST_P256 * 256, MAX(ECC_NIST_P384 * 384, \ - MAX(ECC_NIST_P521 * 521, MAX(ECC_SM2_P256 * 256, \ - 0)))))))) -#define MAX_ECC_KEY_BYTES BITS_TO_BYTES(MAX_ECC_KEY_BITS) - - -// Table 0:6 - Defines for PLATFORM Values -#define PLATFORM_FAMILY TPM_SPEC_FAMILY -#define PLATFORM_LEVEL TPM_SPEC_LEVEL -#define PLATFORM_VERSION TPM_SPEC_VERSION -#define PLATFORM_YEAR TPM_SPEC_YEAR -#define PLATFORM_DAY_OF_YEAR TPM_SPEC_DAY_OF_YEAR - -// Table 1:12 - Defines for SHA1 Hash Values -#define SHA1_DIGEST_SIZE 20 -#define SHA1_BLOCK_SIZE 64 - - -// Table 1:13 - Defines for SHA256 Hash Values -#define SHA256_DIGEST_SIZE 32 -#define SHA256_BLOCK_SIZE 64 - - -// Table 1:14 - Defines for SHA384 Hash Values -#define SHA384_DIGEST_SIZE 48 -#define SHA384_BLOCK_SIZE 128 - - -// Table 1:15 - Defines for SHA512 Hash Values -#define SHA512_DIGEST_SIZE 64 -#define SHA512_BLOCK_SIZE 128 - - -// Table 1:16 - Defines for SM3_256 Hash Values -#define SM3_256_DIGEST_SIZE 32 -#define SM3_256_BLOCK_SIZE 64 - - -// Table 1:16 - Defines for SHA3_256 Hash Values -#define SHA3_256_DIGEST_SIZE 32 -#define SHA3_256_BLOCK_SIZE 136 - - -// Table 1:16 - Defines for SHA3_384 Hash Values -#define SHA3_384_DIGEST_SIZE 48 -#define SHA3_384_BLOCK_SIZE 104 - - -// Table 1:16 - Defines for SHA3_512 Hash Values -#define SHA3_512_DIGEST_SIZE 64 -#define SHA3_512_BLOCK_SIZE 72 - - -// Table 1:00 - Defines for RSA Asymmetric Cipher Algorithm Constants -#define RSA_KEY_SIZES_BITS \ - (1024 * RSA_1024), (2048 * RSA_2048), (3072 * RSA_3072), \ - (4096 * RSA_4096) -#if RSA_4096 -# define RSA_MAX_KEY_SIZE_BITS 4096 -#elif RSA_3072 -# define RSA_MAX_KEY_SIZE_BITS 3072 -#elif RSA_2048 -# define RSA_MAX_KEY_SIZE_BITS 2048 -#elif RSA_1024 -# define RSA_MAX_KEY_SIZE_BITS 1024 -#else -# define RSA_MAX_KEY_SIZE_BITS 0 -#endif -#define MAX_RSA_KEY_BITS RSA_MAX_KEY_SIZE_BITS -#define MAX_RSA_KEY_BYTES ((RSA_MAX_KEY_SIZE_BITS + 7) / 8) - - -// Table 1:17 - Defines for AES Symmetric Cipher Algorithm Constants -#define AES_KEY_SIZES_BITS \ - (128 * AES_128), (192 * AES_192), (256 * AES_256) -#if AES_256 -# define AES_MAX_KEY_SIZE_BITS 256 -#elif AES_192 -# define AES_MAX_KEY_SIZE_BITS 192 -#elif AES_128 -# define AES_MAX_KEY_SIZE_BITS 128 -#else -# define AES_MAX_KEY_SIZE_BITS 0 -#endif -#define MAX_AES_KEY_BITS AES_MAX_KEY_SIZE_BITS -#define MAX_AES_KEY_BYTES ((AES_MAX_KEY_SIZE_BITS + 7) / 8) -#define AES_128_BLOCK_SIZE_BYTES (AES_128 * 16) -#define AES_192_BLOCK_SIZE_BYTES (AES_192 * 16) -#define AES_256_BLOCK_SIZE_BYTES (AES_256 * 16) -#define AES_BLOCK_SIZES \ - AES_128_BLOCK_SIZE_BYTES, AES_192_BLOCK_SIZE_BYTES, \ - AES_256_BLOCK_SIZE_BYTES -#if ALG_AES -# define AES_MAX_BLOCK_SIZE 16 -#else -# define AES_MAX_BLOCK_SIZE 0 -#endif -#define MAX_AES_BLOCK_SIZE_BYTES AES_MAX_BLOCK_SIZE - - -// Table 1:18 - Defines for SM4 Symmetric Cipher Algorithm Constants -#define SM4_KEY_SIZES_BITS (128 * SM4_128) -#if SM4_128 -# define SM4_MAX_KEY_SIZE_BITS 128 -#else -# define SM4_MAX_KEY_SIZE_BITS 0 -#endif -#define MAX_SM4_KEY_BITS SM4_MAX_KEY_SIZE_BITS -#define MAX_SM4_KEY_BYTES ((SM4_MAX_KEY_SIZE_BITS + 7) / 8) -#define SM4_128_BLOCK_SIZE_BYTES (SM4_128 * 16) -#define SM4_BLOCK_SIZES SM4_128_BLOCK_SIZE_BYTES -#if ALG_SM4 -# define SM4_MAX_BLOCK_SIZE 16 -#else -# define SM4_MAX_BLOCK_SIZE 0 -#endif -#define MAX_SM4_BLOCK_SIZE_BYTES SM4_MAX_BLOCK_SIZE - - -// Table 1:19 - Defines for CAMELLIA Symmetric Cipher Algorithm Constants -#define CAMELLIA_KEY_SIZES_BITS \ - (128 * CAMELLIA_128), (192 * CAMELLIA_192), (256 * CAMELLIA_256) -#if CAMELLIA_256 -# define CAMELLIA_MAX_KEY_SIZE_BITS 256 -#elif CAMELLIA_192 -# define CAMELLIA_MAX_KEY_SIZE_BITS 192 -#elif CAMELLIA_128 -# define CAMELLIA_MAX_KEY_SIZE_BITS 128 -#else -# define CAMELLIA_MAX_KEY_SIZE_BITS 0 -#endif -#define MAX_CAMELLIA_KEY_BITS CAMELLIA_MAX_KEY_SIZE_BITS -#define MAX_CAMELLIA_KEY_BYTES ((CAMELLIA_MAX_KEY_SIZE_BITS + 7) / 8) -#define CAMELLIA_128_BLOCK_SIZE_BYTES (CAMELLIA_128 * 16) -#define CAMELLIA_192_BLOCK_SIZE_BYTES (CAMELLIA_192 * 16) -#define CAMELLIA_256_BLOCK_SIZE_BYTES (CAMELLIA_256 * 16) -#define CAMELLIA_BLOCK_SIZES \ - CAMELLIA_128_BLOCK_SIZE_BYTES, CAMELLIA_192_BLOCK_SIZE_BYTES, \ - CAMELLIA_256_BLOCK_SIZE_BYTES -#if ALG_CAMELLIA -# define CAMELLIA_MAX_BLOCK_SIZE 16 -#else -# define CAMELLIA_MAX_BLOCK_SIZE 0 -#endif -#define MAX_CAMELLIA_BLOCK_SIZE_BYTES CAMELLIA_MAX_BLOCK_SIZE - - -// Table 1:17 - Defines for TDES Symmetric Cipher Algorithm Constants -#define TDES_KEY_SIZES_BITS (128 * TDES_128), (192 * TDES_192) -#if TDES_192 -# define TDES_MAX_KEY_SIZE_BITS 192 -#elif TDES_128 -# define TDES_MAX_KEY_SIZE_BITS 128 -#else -# define TDES_MAX_KEY_SIZE_BITS 0 -#endif -#define MAX_TDES_KEY_BITS TDES_MAX_KEY_SIZE_BITS -#define MAX_TDES_KEY_BYTES ((TDES_MAX_KEY_SIZE_BITS + 7) / 8) -#define TDES_128_BLOCK_SIZE_BYTES (TDES_128 * 8) -#define TDES_192_BLOCK_SIZE_BYTES (TDES_192 * 8) -#define TDES_BLOCK_SIZES \ - TDES_128_BLOCK_SIZE_BYTES, TDES_192_BLOCK_SIZE_BYTES -#if ALG_TDES -# define TDES_MAX_BLOCK_SIZE 8 -#else -# define TDES_MAX_BLOCK_SIZE 0 -#endif -#define MAX_TDES_BLOCK_SIZE_BYTES TDES_MAX_BLOCK_SIZE - - -// Additional values for benefit of code -#define TPM_CC_FIRST 0x0000011F -#define TPM_CC_LAST 0x00000197 - - -#if COMPRESSED_LISTS -#define ADD_FILL 0 -#else -#define ADD_FILL 1 -#endif - -// Size the array of library commands based on whether or not -// the array is packed (only defined commands) or dense -// (having entries for unimplemented commands) -#define LIBRARY_COMMAND_ARRAY_SIZE (0 \ - + (ADD_FILL || CC_NV_UndefineSpaceSpecial) /* 0x0000011F */ \ - + (ADD_FILL || CC_EvictControl) /* 0x00000120 */ \ - + (ADD_FILL || CC_HierarchyControl) /* 0x00000121 */ \ - + (ADD_FILL || CC_NV_UndefineSpace) /* 0x00000122 */ \ - + ADD_FILL /* 0x00000123 */ \ - + (ADD_FILL || CC_ChangeEPS) /* 0x00000124 */ \ - + (ADD_FILL || CC_ChangePPS) /* 0x00000125 */ \ - + (ADD_FILL || CC_Clear) /* 0x00000126 */ \ - + (ADD_FILL || CC_ClearControl) /* 0x00000127 */ \ - + (ADD_FILL || CC_ClockSet) /* 0x00000128 */ \ - + (ADD_FILL || CC_HierarchyChangeAuth) /* 0x00000129 */ \ - + (ADD_FILL || CC_NV_DefineSpace) /* 0x0000012A */ \ - + (ADD_FILL || CC_PCR_Allocate) /* 0x0000012B */ \ - + (ADD_FILL || CC_PCR_SetAuthPolicy) /* 0x0000012C */ \ - + (ADD_FILL || CC_PP_Commands) /* 0x0000012D */ \ - + (ADD_FILL || CC_SetPrimaryPolicy) /* 0x0000012E */ \ - + (ADD_FILL || CC_FieldUpgradeStart) /* 0x0000012F */ \ - + (ADD_FILL || CC_ClockRateAdjust) /* 0x00000130 */ \ - + (ADD_FILL || CC_CreatePrimary) /* 0x00000131 */ \ - + (ADD_FILL || CC_NV_GlobalWriteLock) /* 0x00000132 */ \ - + (ADD_FILL || CC_GetCommandAuditDigest) /* 0x00000133 */ \ - + (ADD_FILL || CC_NV_Increment) /* 0x00000134 */ \ - + (ADD_FILL || CC_NV_SetBits) /* 0x00000135 */ \ - + (ADD_FILL || CC_NV_Extend) /* 0x00000136 */ \ - + (ADD_FILL || CC_NV_Write) /* 0x00000137 */ \ - + (ADD_FILL || CC_NV_WriteLock) /* 0x00000138 */ \ - + (ADD_FILL || CC_DictionaryAttackLockReset) /* 0x00000139 */ \ - + (ADD_FILL || CC_DictionaryAttackParameters) /* 0x0000013A */ \ - + (ADD_FILL || CC_NV_ChangeAuth) /* 0x0000013B */ \ - + (ADD_FILL || CC_PCR_Event) /* 0x0000013C */ \ - + (ADD_FILL || CC_PCR_Reset) /* 0x0000013D */ \ - + (ADD_FILL || CC_SequenceComplete) /* 0x0000013E */ \ - + (ADD_FILL || CC_SetAlgorithmSet) /* 0x0000013F */ \ - + (ADD_FILL || CC_SetCommandCodeAuditStatus) /* 0x00000140 */ \ - + (ADD_FILL || CC_FieldUpgradeData) /* 0x00000141 */ \ - + (ADD_FILL || CC_IncrementalSelfTest) /* 0x00000142 */ \ - + (ADD_FILL || CC_SelfTest) /* 0x00000143 */ \ - + (ADD_FILL || CC_Startup) /* 0x00000144 */ \ - + (ADD_FILL || CC_Shutdown) /* 0x00000145 */ \ - + (ADD_FILL || CC_StirRandom) /* 0x00000146 */ \ - + (ADD_FILL || CC_ActivateCredential) /* 0x00000147 */ \ - + (ADD_FILL || CC_Certify) /* 0x00000148 */ \ - + (ADD_FILL || CC_PolicyNV) /* 0x00000149 */ \ - + (ADD_FILL || CC_CertifyCreation) /* 0x0000014A */ \ - + (ADD_FILL || CC_Duplicate) /* 0x0000014B */ \ - + (ADD_FILL || CC_GetTime) /* 0x0000014C */ \ - + (ADD_FILL || CC_GetSessionAuditDigest) /* 0x0000014D */ \ - + (ADD_FILL || CC_NV_Read) /* 0x0000014E */ \ - + (ADD_FILL || CC_NV_ReadLock) /* 0x0000014F */ \ - + (ADD_FILL || CC_ObjectChangeAuth) /* 0x00000150 */ \ - + (ADD_FILL || CC_PolicySecret) /* 0x00000151 */ \ - + (ADD_FILL || CC_Rewrap) /* 0x00000152 */ \ - + (ADD_FILL || CC_Create) /* 0x00000153 */ \ - + (ADD_FILL || CC_ECDH_ZGen) /* 0x00000154 */ \ - + (ADD_FILL || CC_HMAC || CC_MAC) /* 0x00000155 */ \ - + (ADD_FILL || CC_Import) /* 0x00000156 */ \ - + (ADD_FILL || CC_Load) /* 0x00000157 */ \ - + (ADD_FILL || CC_Quote) /* 0x00000158 */ \ - + (ADD_FILL || CC_RSA_Decrypt) /* 0x00000159 */ \ - + ADD_FILL /* 0x0000015A */ \ - + (ADD_FILL || CC_HMAC_Start || CC_MAC_Start) /* 0x0000015B */ \ - + (ADD_FILL || CC_SequenceUpdate) /* 0x0000015C */ \ - + (ADD_FILL || CC_Sign) /* 0x0000015D */ \ - + (ADD_FILL || CC_Unseal) /* 0x0000015E */ \ - + ADD_FILL /* 0x0000015F */ \ - + (ADD_FILL || CC_PolicySigned) /* 0x00000160 */ \ - + (ADD_FILL || CC_ContextLoad) /* 0x00000161 */ \ - + (ADD_FILL || CC_ContextSave) /* 0x00000162 */ \ - + (ADD_FILL || CC_ECDH_KeyGen) /* 0x00000163 */ \ - + (ADD_FILL || CC_EncryptDecrypt) /* 0x00000164 */ \ - + (ADD_FILL || CC_FlushContext) /* 0x00000165 */ \ - + ADD_FILL /* 0x00000166 */ \ - + (ADD_FILL || CC_LoadExternal) /* 0x00000167 */ \ - + (ADD_FILL || CC_MakeCredential) /* 0x00000168 */ \ - + (ADD_FILL || CC_NV_ReadPublic) /* 0x00000169 */ \ - + (ADD_FILL || CC_PolicyAuthorize) /* 0x0000016A */ \ - + (ADD_FILL || CC_PolicyAuthValue) /* 0x0000016B */ \ - + (ADD_FILL || CC_PolicyCommandCode) /* 0x0000016C */ \ - + (ADD_FILL || CC_PolicyCounterTimer) /* 0x0000016D */ \ - + (ADD_FILL || CC_PolicyCpHash) /* 0x0000016E */ \ - + (ADD_FILL || CC_PolicyLocality) /* 0x0000016F */ \ - + (ADD_FILL || CC_PolicyNameHash) /* 0x00000170 */ \ - + (ADD_FILL || CC_PolicyOR) /* 0x00000171 */ \ - + (ADD_FILL || CC_PolicyTicket) /* 0x00000172 */ \ - + (ADD_FILL || CC_ReadPublic) /* 0x00000173 */ \ - + (ADD_FILL || CC_RSA_Encrypt) /* 0x00000174 */ \ - + ADD_FILL /* 0x00000175 */ \ - + (ADD_FILL || CC_StartAuthSession) /* 0x00000176 */ \ - + (ADD_FILL || CC_VerifySignature) /* 0x00000177 */ \ - + (ADD_FILL || CC_ECC_Parameters) /* 0x00000178 */ \ - + (ADD_FILL || CC_FirmwareRead) /* 0x00000179 */ \ - + (ADD_FILL || CC_GetCapability) /* 0x0000017A */ \ - + (ADD_FILL || CC_GetRandom) /* 0x0000017B */ \ - + (ADD_FILL || CC_GetTestResult) /* 0x0000017C */ \ - + (ADD_FILL || CC_Hash) /* 0x0000017D */ \ - + (ADD_FILL || CC_PCR_Read) /* 0x0000017E */ \ - + (ADD_FILL || CC_PolicyPCR) /* 0x0000017F */ \ - + (ADD_FILL || CC_PolicyRestart) /* 0x00000180 */ \ - + (ADD_FILL || CC_ReadClock) /* 0x00000181 */ \ - + (ADD_FILL || CC_PCR_Extend) /* 0x00000182 */ \ - + (ADD_FILL || CC_PCR_SetAuthValue) /* 0x00000183 */ \ - + (ADD_FILL || CC_NV_Certify) /* 0x00000184 */ \ - + (ADD_FILL || CC_EventSequenceComplete) /* 0x00000185 */ \ - + (ADD_FILL || CC_HashSequenceStart) /* 0x00000186 */ \ - + (ADD_FILL || CC_PolicyPhysicalPresence) /* 0x00000187 */ \ - + (ADD_FILL || CC_PolicyDuplicationSelect) /* 0x00000188 */ \ - + (ADD_FILL || CC_PolicyGetDigest) /* 0x00000189 */ \ - + (ADD_FILL || CC_TestParms) /* 0x0000018A */ \ - + (ADD_FILL || CC_Commit) /* 0x0000018B */ \ - + (ADD_FILL || CC_PolicyPassword) /* 0x0000018C */ \ - + (ADD_FILL || CC_ZGen_2Phase) /* 0x0000018D */ \ - + (ADD_FILL || CC_EC_Ephemeral) /* 0x0000018E */ \ - + (ADD_FILL || CC_PolicyNvWritten) /* 0x0000018F */ \ - + (ADD_FILL || CC_PolicyTemplate) /* 0x00000190 */ \ - + (ADD_FILL || CC_CreateLoaded) /* 0x00000191 */ \ - + (ADD_FILL || CC_PolicyAuthorizeNV) /* 0x00000192 */ \ - + (ADD_FILL || CC_EncryptDecrypt2) /* 0x00000193 */ \ - + (ADD_FILL || CC_AC_GetCapability) /* 0x00000194 */ \ - + (ADD_FILL || CC_AC_Send) /* 0x00000195 */ \ - + (ADD_FILL || CC_Policy_AC_SendSelect) /* 0x00000196 */ \ - + (ADD_FILL || CC_CertifyX509) /* 0x00000197 */ \ - ) - -#define VENDOR_COMMAND_ARRAY_SIZE (0 + CC_Vendor_TCG_Test) - -#define COMMAND_COUNT (LIBRARY_COMMAND_ARRAY_SIZE + VENDOR_COMMAND_ARRAY_SIZE) - -#define HASH_COUNT \ - (ALG_SHA1 + ALG_SHA256 + ALG_SHA384 + ALG_SHA3_256 + \ - ALG_SHA3_384 + ALG_SHA3_512 + ALG_SHA512 + ALG_SM3_256) - -#define MAX_HASH_BLOCK_SIZE \ - (MAX(ALG_SHA1 * SHA1_BLOCK_SIZE, \ - MAX(ALG_SHA256 * SHA256_BLOCK_SIZE, \ - MAX(ALG_SHA384 * SHA384_BLOCK_SIZE, \ - MAX(ALG_SHA3_256 * SHA3_256_BLOCK_SIZE, \ - MAX(ALG_SHA3_384 * SHA3_384_BLOCK_SIZE, \ - MAX(ALG_SHA3_512 * SHA3_512_BLOCK_SIZE, \ - MAX(ALG_SHA512 * SHA512_BLOCK_SIZE, \ - MAX(ALG_SM3_256 * SM3_256_BLOCK_SIZE, \ - 0))))))))) - -#define MAX_DIGEST_SIZE \ - (MAX(ALG_SHA1 * SHA1_DIGEST_SIZE, \ - MAX(ALG_SHA256 * SHA256_DIGEST_SIZE, \ - MAX(ALG_SHA384 * SHA384_DIGEST_SIZE, \ - MAX(ALG_SHA3_256 * SHA3_256_DIGEST_SIZE, \ - MAX(ALG_SHA3_384 * SHA3_384_DIGEST_SIZE, \ - MAX(ALG_SHA3_512 * SHA3_512_DIGEST_SIZE, \ - MAX(ALG_SHA512 * SHA512_DIGEST_SIZE, \ - MAX(ALG_SM3_256 * SM3_256_DIGEST_SIZE, \ - 0))))))))) - - -#if MAX_DIGEST_SIZE == 0 || MAX_HASH_BLOCK_SIZE == 0 -#error "Hash data not valid" -#endif - -// Define the 2B structure that would hold any hash block -TPM2B_TYPE(MAX_HASH_BLOCK, MAX_HASH_BLOCK_SIZE); - -// Following typedef is for some old code -typedef TPM2B_MAX_HASH_BLOCK TPM2B_HASH_BLOCK; - -/* Additional symmetric constants */ -#define MAX_SYM_KEY_BITS \ - (MAX(AES_MAX_KEY_SIZE_BITS, MAX(CAMELLIA_MAX_KEY_SIZE_BITS, \ - MAX(SM4_MAX_KEY_SIZE_BITS, MAX(TDES_MAX_KEY_SIZE_BITS, \ - 0))))) - -#define MAX_SYM_KEY_BYTES ((MAX_SYM_KEY_BITS + 7) / 8) - -#define MAX_SYM_BLOCK_SIZE \ - (MAX(AES_MAX_BLOCK_SIZE, MAX(CAMELLIA_MAX_BLOCK_SIZE, \ - MAX(SM4_MAX_BLOCK_SIZE, MAX(TDES_MAX_BLOCK_SIZE, \ - 0))))) - -#if MAX_SYM_KEY_BITS == 0 || MAX_SYM_BLOCK_SIZE == 0 -# error Bad size for MAX_SYM_KEY_BITS or MAX_SYM_BLOCK -#endif - - -#endif // _TPM_ALGORITHM_DEFINES_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/TpmBuildSwitches.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/TpmBuildSwitches.h deleted file mode 100644 index 7ab437684..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/TpmBuildSwitches.h +++ /dev/null @@ -1,341 +0,0 @@ - -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -// This file contains the build switches. This contains switches for multiple -// versions of the crypto-library so some may not apply to your environment. -// -// The switches are guarded so that they can either be set on the command line or -// set here. If the switch is listed on the command line (-DSOME_SWITCH) with NO -// setting, then the switch will be set to YES. If the switch setting is not on the -// command line or if the setting is other than YES or NO, then the switch will be set -// to the default value. The default can either be YES or NO as indicated on each line -// where the default is selected. -// -// A caution. Do not try to test these macros by inserting #defines in this file. For -// some curious reason, a variable set on the command line with no setting will have a -// value of 1. An #if SOME_VARIABLE will work if the variable is not defined or is -// defined on the command line with no initial setting. However, a -// "#define SOME_VARIABLE" is a null string and when used in "#if SOME_VARIABLE" will -// not be a proper expression If you want to test various switches, either use the -// command line or change the default. -// -#ifndef _TPM_BUILD_SWITCHES_H_ -#define _TPM_BUILD_SWITCHES_H_ - -#undef YES -#define YES 1 -#undef NO -#define NO 0 - -// Allow the command line to specify a "profile" file -#ifdef PROFILE -# define PROFILE_QUOTE(a) #a -# define PROFILE_INCLUDE(a) PROFILE_QUOTE(a) -# include PROFILE_INCLUDE(PROFILE) -#endif - -// Need an unambiguous definition for DEBUG. Don't change this -#ifndef DEBUG -# ifdef NDEBUG -# define DEBUG NO -# else -# define DEBUG YES -# endif -#elif (DEBUG != NO) && (DEBUG != YES) -# undef DEBUG -# define DEBUG YES // Default: Either YES or NO -#endif - -#include "CompilerDependencies.h" - -// This definition is required for the re-factored code -#if (!defined USE_BN_ECC_DATA) \ - || ((USE_BN_ECC_DATA != NO) && (USE_BN_ECC_DATA != YES)) -# undef USE_BN_ECC_DATA -# define USE_BN_ECC_DATA YES // Default: Either YES or NO -#endif - -// The SIMULATION switch allows certain other macros to be enabled. The things that -// can be enabled in a simulation include key caching, reproducible "random" -// sequences, instrumentation of the RSA key generation process, and certain other -// debug code. SIMULATION Needs to be defined as either YES or NO. This grouping of -// macros will make sure that it is set correctly. A simulated TPM would include a -// Virtual TPM. The interfaces for a Virtual TPM should be modified from the standard -// ones in the Simulator project. -// -// If SIMULATION is in the compile parameters without modifiers, -// make SIMULATION == YES -#if !(defined SIMULATION) || ((SIMULATION != NO) && (SIMULATION != YES)) -# undef SIMULATION -# define SIMULATION YES // Default: Either YES or NO -#endif - -// Define this to run the function that checks the compatibility between the -// chosen big number math library and the TPM code. Not all ports use this. -#if !(defined LIBRARY_COMPATABILITY_CHECK) \ - || ((LIBRARY_COMPATABILITY_CHECK != NO) \ - && (LIBRARY_COMPATABILITY_CHECK != YES)) -# undef LIBRARY_COMPATABILITY_CHECK -# define LIBRARY_COMPATABILITY_CHECK YES // Default: Either YES or NO -#endif - -#if !(defined FIPS_COMPLIANT) || ((FIPS_COMPLIANT != NO) && (FIPS_COMPLIANT != YES)) -# undef FIPS_COMPLIANT -# define FIPS_COMPLIANT YES // Default: Either YES or NO -#endif - -// Definition to allow alternate behavior for non-orderly startup. If there is a -// chance that the TPM could not update 'failedTries' -#if !(defined USE_DA_USED) || ((USE_DA_USED != NO) && (USE_DA_USED != YES)) -# undef USE_DA_USED -# define USE_DA_USED YES // Default: Either YES or NO -#endif - -// Define TABLE_DRIVEN_DISPATCH to use tables rather than case statements -// for command dispatch and handle unmarshaling -#if !(defined TABLE_DRIVEN_DISPATCH) \ - || ((TABLE_DRIVEN_DISPATCH != NO) && (TABLE_DRIVEN_DISPATCH != YES)) -# undef TABLE_DRIVEN_DISPATCH -# define TABLE_DRIVEN_DISPATCH YES // Default: Either YES or NO -#endif - -// This switch is used to enable the self-test capability in AlgorithmTests.c -#if !(defined SELF_TEST) || ((SELF_TEST != NO) && (SELF_TEST != YES)) -# undef SELF_TEST -# define SELF_TEST YES // Default: Either YES or NO -#endif - -// Enable the generation of RSA primes using a sieve. -#if !(defined RSA_KEY_SIEVE) || ((RSA_KEY_SIEVE != NO) && (RSA_KEY_SIEVE != YES)) -# undef RSA_KEY_SIEVE -# define RSA_KEY_SIEVE YES // Default: Either YES or NO -#endif - -// Enable the instrumentation of the sieve process. This is used to tune the sieve -// variables. -#if RSA_KEY_SIEVE && SIMULATION -# if !(defined RSA_INSTRUMENT) \ - || ((RSA_INSTRUMENT != NO) && (RSA_INSTRUMENT != YES)) -# undef RSA_INSTRUMENT -# define RSA_INSTRUMENT NO // Default: Either YES or NO -# endif -#endif - -// This switch enables the RNG state save and restore -#if !(defined _DRBG_STATE_SAVE) \ - || ((_DRBG_STATE_SAVE != NO) && (_DRBG_STATE_SAVE != YES)) -# undef _DRBG_STATE_SAVE -# define _DRBG_STATE_SAVE YES // Default: Either YES or NO -#endif - -// Switch added to support packed lists that leave out space associated with -// unimplemented commands. Comment this out to use linear lists. -// Note: if vendor specific commands are present, the associated list is always -// in compressed form. -#if !(defined COMPRESSED_LISTS) \ - || ((COMPRESSED_LISTS != NO) && (COMPRESSED_LISTS != YES)) -# undef COMPRESSED_LISTS -# define COMPRESSED_LISTS YES // Default: Either YES or NO -#endif - -// This switch indicates where clock epoch value should be stored. If this value -// defined, then it is assumed that the timer will change at any time so the -// nonce should be a random number kept in RAM. When it is not defined, then the -// timer only stops during power outages. -#if !(defined CLOCK_STOPS) || ((CLOCK_STOPS != NO) && (CLOCK_STOPS != YES)) -# undef CLOCK_STOPS -# define CLOCK_STOPS NO // Default: Either YES or NO -#endif - -// This switch allows use of #defines in place of pass-through marshaling or -// unmarshaling code. A pass-through function just calls another function to do -// the required function and does no parameter checking of its own. The -// table-driven dispatcher calls directly to the lowest level -// marshaling/unmarshaling code and by-passes any pass-through functions. -#if (defined USE_MARSHALING_DEFINES) && (USE_MARSHALING_DEFINES != NO) -# undef USE_MARSHALING_DEFINES -# define USE_MARSHALING_DEFINES YES -#else -# define USE_MARSHALING_DEFINES YES // Default: Either YES or NO -#endif - -//********************************** -// The switches in this group can only be enabled when doing debug during simulation -#if SIMULATION && DEBUG -// Enables use of the key cache. Default is YES -# if !(defined USE_RSA_KEY_CACHE) \ - || ((USE_RSA_KEY_CACHE != NO) && (USE_RSA_KEY_CACHE != YES)) -# undef USE_RSA_KEY_CACHE -# define USE_RSA_KEY_CACHE YES // Default: Either YES or NO -# endif - -// Enables use of a file to store the key cache values so that the TPM will start -// faster during debug. Default for this is YES -# if USE_RSA_KEY_CACHE -# if !(defined USE_KEY_CACHE_FILE) \ - || ((USE_KEY_CACHE_FILE != NO) && (USE_KEY_CACHE_FILE != YES)) -# undef USE_KEY_CACHE_FILE -# define USE_KEY_CACHE_FILE YES // Default: Either YES or NO -# endif -# else -# undef USE_KEY_CACHE_FILE -# define USE_KEY_CACHE_FILE NO -# endif // USE_RSA_KEY_CACHE - -// This provides fixed seeding of the RNG when doing debug on a simulator. This -// should allow consistent results on test runs as long as the input parameters -// to the functions remains the same. There is no default value. -# if !(defined USE_DEBUG_RNG) || ((USE_DEBUG_RNG != NO) && (USE_DEBUG_RNG != YES)) -# undef USE_DEBUG_RNG -# define USE_DEBUG_RNG YES // Default: Either YES or NO -# endif - -// Don't change these. They are the settings needed when not doing a simulation and -// not doing debug. Can't use the key cache except during debug. Otherwise, all of the -// key values end up being the same -#else -# define USE_RSA_KEY_CACHE NO -# define USE_RSA_KEY_CACHE_FILE NO -# define USE_DEBUG_RNG NO -#endif // DEBUG && SIMULATION - -#if DEBUG - -// In some cases, the relationship between two values may be dependent -// on things that change based on various selections like the chosen cryptographic -// libraries. It is possible that these selections will result in incompatible -// settings. These are often detectable by the compiler but it isn't always -// possible to do the check in the preprocessor code. For example, when the -// check requires use of 'sizeof()' then the preprocessor can't do the comparison. -// For these cases, we include a special macro that, depending on the compiler -// will generate a warning to indicate if the check always passes or always fails -// because it involves fixed constants. To run these checks, define COMPILER_CHECKS. -# if !(defined COMPILER_CHECKS) \ - || ((COMPILER_CHECKS != NO) && (COMPILER_CHECKS != YES)) -# undef COMPILER_CHECKS -# define COMPILER_CHECKS NO // Default: Either YES or NO -# endif - -// Some of the values (such as sizes) are the result of different options set in -// TpmProfile.h. The combination might not be consistent. A function is defined -// (TpmSizeChecks()) that is used to verify the sizes at run time. To enable the -// function, define this parameter. -# if !(defined RUNTIME_SIZE_CHECKS) \ - || ((RUNTIME_SIZE_CHECKS != NO) && (RUNTIME_SIZE_CHECKS != YES)) -# undef RUNTIME_SIZE_CHECKS -# define RUNTIME_SIZE_CHECKS NO // Default: Either YES or NO -# endif - -// If doing debug, can set the DRBG to print out the intermediate test values. -// Before enabling this, make sure that the dbgDumpMemBlock() function -// has been added someplace (preferably, somewhere in CryptRand.c) -# if !(defined DRBG_DEBUG_PRINT) \ - || ((DRBG_DEBUG_PRINT != NO) && (DRBG_DEBUG_PRINT != YES)) -# undef DRBG_DEBUG_PRINT -# define DRBG_DEBUG_PRINT NO // Default: Either YES or NO -# endif - -// If an assertion event it not going to produce any trace information (function and -// line number) then make FAIL_TRACE == NO -# if !(defined FAIL_TRACE) || ((FAIL_TRACE != NO) && (FAIL_TRACE != YES)) -# undef FAIL_TRACE -# define FAIL_TRACE YES // Default: Either YES or NO -# endif - -#endif // DEBUG - -// Indicate if the implementation is going to give lockout time credit for time up to -// the last orderly shutdown. -#if !(defined ACCUMULATE_SELF_HEAL_TIMER) \ - || ((ACCUMULATE_SELF_HEAL_TIMER != NO) && (ACCUMULATE_SELF_HEAL_TIMER != YES)) -# undef ACCUMULATE_SELF_HEAL_TIMER -# define ACCUMULATE_SELF_HEAL_TIMER YES // Default: Either YES or NO -#endif - -// Indicates if the implementation is to compute the sizes of the proof and primary -// seed size values based on the implemented algorithms. -#if !(defined USE_SPEC_COMPLIANT_PROOFS) \ - || ((USE_SPEC_COMPLIANT_PROOFS != NO) && (USE_SPEC_COMPLIANT_PROOFS != YES)) -# undef USE_SPEC_COMPLIANT_PROOFS -# define USE_SPEC_COMPLIANT_PROOFS YES // Default: Either YES or NO -#endif - -// Comment this out to allow compile to continue even though the chosen proof values -// do not match the compliant values. This is written so that someone would -// have to proactively ignore errors. -#if !(defined SKIP_PROOF_ERRORS) \ - || ((SKIP_PROOF_ERRORS != NO) && (SKIP_PROOF_ERRORS != YES)) -# undef SKIP_PROOF_ERRORS -# define SKIP_PROOF_ERRORS NO // Default: Either YES or NO -#endif - -// This define is used to eliminate the use of bit-fields. It can be enabled for big- -// or little-endian machines. For big-endian architectures that numbers bits in -// registers from left to right (MSb0) this must be enabled. Little-endian machines -// number from right to left with the least significant bit having assigned a bit -// number of 0. These are LSb0 machines (they are also little-endian so they are also -// least-significant byte 0 (LSB0) machines. Big-endian (MSB0) machines may number in -// either direction (MSb0 or LSb0). For an MSB0+MSb0 machine this value is required to -// be 'NO' -#if !(defined USE_BIT_FIELD_STRUCTURES) \ - || ((USE_BIT_FIELD_STRUCTURES != NO) && (USE_BIT_FIELD_STRUCTURES != YES)) -# undef USE_BIT_FIELD_STRUCTURES -# define USE_BIT_FIELD_STRUCTURES DEBUG // Default: Either YES or NO -#endif - -// This define is used to enable any runtime checks of the interface between the -// cryptographic library (e.g., OpenSSL) and the thunking layer. -#if !(defined LIBRARY_COMPATIBILITY_CHECK) \ - || ((LIBRARY_COMPATIBILITY_CHECK != NO) && (LIBRARY_COMPATIBILITY_CHECK != YES)) -# undef LIBRARY_COMPATIBILITY_CHECK -# define LIBRARY_COMPATIBILITY_CHECK NO // Default: Either YES or NO -#endif - -// This define is used to control the debug for the CertifyX509 command. -#if !(defined CERTIFYX509_DEBUG) \ - || ((CERTIFYX509_DEBUG != NO) && (CERTIFYX509_DEBUG != YES)) -# undef CERTIFYX509_DEBUG -# define CERTIFYX509_DEBUG YES // Default: Either YES or NO -#endif - -// Change these definitions to turn all algorithms or commands ON or OFF. That is, -// to turn all algorithms on, set ALG_NO to YES. This is mostly useful as a debug -// feature. -#define ALG_YES YES -#define ALG_NO NO -#define CC_YES YES -#define CC_NO NO - -#endif // _TPM_BUILD_SWITCHES_H_ \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/TpmError.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/TpmError.h deleted file mode 100644 index e90dbcae4..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/TpmError.h +++ /dev/null @@ -1,56 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#ifndef _TPM_ERROR_H -#define _TPM_ERROR_H - -#define FATAL_ERROR_ALLOCATION (1) -#define FATAL_ERROR_DIVIDE_ZERO (2) -#define FATAL_ERROR_INTERNAL (3) -#define FATAL_ERROR_PARAMETER (4) -#define FATAL_ERROR_ENTROPY (5) -#define FATAL_ERROR_SELF_TEST (6) -#define FATAL_ERROR_CRYPTO (7) -#define FATAL_ERROR_NV_UNRECOVERABLE (8) -#define FATAL_ERROR_REMANUFACTURED (9) // indicates that the TPM has - // been re-manufactured after an - // unrecoverable NV error -#define FATAL_ERROR_DRBG (10) -#define FATAL_ERROR_MOVE_SIZE (11) -#define FATAL_ERROR_COUNTER_OVERFLOW (12) -#define FATAL_ERROR_SUBTRACT (13) -#define FATAL_ERROR_MATHLIBRARY (14) -#define FATAL_ERROR_FORCED (666) - -#endif // _TPM_ERROR_H diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/TpmProfile.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/TpmProfile.h deleted file mode 100644 index 7329f79ba..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/TpmProfile.h +++ /dev/null @@ -1,789 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Apr 10, 2019 Time: 03:21:33PM - */ - -#ifndef _TPM_PROFILE_H_ -#define _TPM_PROFILE_H_ - -// Table 2:4 - Defines for Logic Values -#undef TRUE -#define TRUE 1 -#undef FALSE -#define FALSE 0 -#undef YES -#define YES 1 -#undef NO -#define NO 0 -#undef SET -#define SET 1 -#undef CLEAR -#define CLEAR 0 - -// Table 0:1 - Defines for Processor Values -#ifndef BIG_ENDIAN_TPM -#define BIG_ENDIAN_TPM NO -#endif -#ifndef LITTLE_ENDIAN_TPM -#define LITTLE_ENDIAN_TPM !BIG_ENDIAN_TPM -#endif -#ifndef MOST_SIGNIFICANT_BIT_0 -#define MOST_SIGNIFICANT_BIT_0 NO -#endif -#ifndef LEAST_SIGNIFICANT_BIT_0 -#define LEAST_SIGNIFICANT_BIT_0 !MOST_SIGNIFICANT_BIT_0 -#endif -#ifndef AUTO_ALIGN -#define AUTO_ALIGN NO -#endif - -// Table 0:4 - Defines for Implemented Curves -#ifndef ECC_NIST_P192 -#define ECC_NIST_P192 NO -#endif -#ifndef ECC_NIST_P224 -#define ECC_NIST_P224 NO -#endif -#ifndef ECC_NIST_P256 -#define ECC_NIST_P256 YES -#endif -#ifndef ECC_NIST_P384 -#define ECC_NIST_P384 YES -#endif -#ifndef ECC_NIST_P521 -#define ECC_NIST_P521 NO -#endif -#ifndef ECC_BN_P256 -#define ECC_BN_P256 YES -#endif -#ifndef ECC_BN_P638 -#define ECC_BN_P638 NO -#endif -#ifndef ECC_SM2_P256 -#define ECC_SM2_P256 NO -#endif - -// Table 0:7 - Defines for Implementation Values -#ifndef FIELD_UPGRADE_IMPLEMENTED -#define FIELD_UPGRADE_IMPLEMENTED NO -#endif -#ifndef HASH_ALIGNMENT -#define HASH_ALIGNMENT 4 -#endif -#ifndef SYMMETRIC_ALIGNMENT -#define SYMMETRIC_ALIGNMENT 4 -#endif -#ifndef HASH_LIB -#define HASH_LIB Ossl -#endif -#ifndef SYM_LIB -#define SYM_LIB Ossl -#endif -#ifndef MATH_LIB -#define MATH_LIB Ossl -#endif -#ifndef BSIZE -#define BSIZE UINT16 -#endif -#ifndef IMPLEMENTATION_PCR -#define IMPLEMENTATION_PCR 24 -#endif -#ifndef PCR_SELECT_MAX -#define PCR_SELECT_MAX ((IMPLEMENTATION_PCR+7)/8) -#endif -#ifndef PLATFORM_PCR -#define PLATFORM_PCR 24 -#endif -#ifndef PCR_SELECT_MIN -#define PCR_SELECT_MIN ((PLATFORM_PCR+7)/8) -#endif -#ifndef DRTM_PCR -#define DRTM_PCR 17 -#endif -#ifndef HCRTM_PCR -#define HCRTM_PCR 0 -#endif -#ifndef NUM_LOCALITIES -#define NUM_LOCALITIES 5 -#endif -#ifndef MAX_HANDLE_NUM -#define MAX_HANDLE_NUM 3 -#endif -#ifndef MAX_ACTIVE_SESSIONS -#define MAX_ACTIVE_SESSIONS 64 -#endif -#ifndef CONTEXT_SLOT -#define CONTEXT_SLOT UINT16 -#endif -#ifndef CONTEXT_COUNTER -#define CONTEXT_COUNTER UINT64 -#endif -#ifndef MAX_LOADED_SESSIONS -#define MAX_LOADED_SESSIONS 3 -#endif -#ifndef MAX_SESSION_NUM -#define MAX_SESSION_NUM 3 -#endif -#ifndef MAX_LOADED_OBJECTS -#define MAX_LOADED_OBJECTS 3 -#endif -#ifndef MIN_EVICT_OBJECTS -#define MIN_EVICT_OBJECTS 2 -#endif -#ifndef NUM_POLICY_PCR_GROUP -#define NUM_POLICY_PCR_GROUP 1 -#endif -#ifndef NUM_AUTHVALUE_PCR_GROUP -#define NUM_AUTHVALUE_PCR_GROUP 1 -#endif -#ifndef MAX_CONTEXT_SIZE -#define MAX_CONTEXT_SIZE 1264 -#endif -#ifndef MAX_DIGEST_BUFFER -#define MAX_DIGEST_BUFFER 1024 -#endif -#ifndef MAX_NV_INDEX_SIZE -#define MAX_NV_INDEX_SIZE 2048 -#endif -#ifndef MAX_NV_BUFFER_SIZE -#define MAX_NV_BUFFER_SIZE 1024 -#endif -#ifndef MAX_CAP_BUFFER -#define MAX_CAP_BUFFER 1024 -#endif -#ifndef NV_MEMORY_SIZE -#define NV_MEMORY_SIZE 16384 -#endif -#ifndef MIN_COUNTER_INDICES -#define MIN_COUNTER_INDICES 8 -#endif -#ifndef NUM_STATIC_PCR -#define NUM_STATIC_PCR 16 -#endif -#ifndef MAX_ALG_LIST_SIZE -#define MAX_ALG_LIST_SIZE 64 -#endif -#ifndef PRIMARY_SEED_SIZE -#define PRIMARY_SEED_SIZE 32 -#endif -#ifndef CONTEXT_ENCRYPT_ALGORITHM -#define CONTEXT_ENCRYPT_ALGORITHM AES -#endif -#ifndef NV_CLOCK_UPDATE_INTERVAL -#define NV_CLOCK_UPDATE_INTERVAL 12 -#endif -#ifndef NUM_POLICY_PCR -#define NUM_POLICY_PCR 1 -#endif -#ifndef MAX_COMMAND_SIZE -#define MAX_COMMAND_SIZE 4096 -#endif -#ifndef MAX_RESPONSE_SIZE -#define MAX_RESPONSE_SIZE 4096 -#endif -#ifndef ORDERLY_BITS -#define ORDERLY_BITS 8 -#endif -#ifndef MAX_SYM_DATA -#define MAX_SYM_DATA 128 -#endif -#ifndef MAX_RNG_ENTROPY_SIZE -#define MAX_RNG_ENTROPY_SIZE 64 -#endif -#ifndef RAM_INDEX_SPACE -#define RAM_INDEX_SPACE 512 -#endif -#ifndef RSA_DEFAULT_PUBLIC_EXPONENT -#define RSA_DEFAULT_PUBLIC_EXPONENT 0x00010001 -#endif -#ifndef ENABLE_PCR_NO_INCREMENT -#define ENABLE_PCR_NO_INCREMENT YES -#endif -#ifndef CRT_FORMAT_RSA -#define CRT_FORMAT_RSA YES -#endif -#ifndef VENDOR_COMMAND_COUNT -#define VENDOR_COMMAND_COUNT 0 -#endif -#ifndef MAX_VENDOR_BUFFER_SIZE -#define MAX_VENDOR_BUFFER_SIZE 1024 -#endif -#ifndef TPM_MAX_DERIVATION_BITS -#define TPM_MAX_DERIVATION_BITS 8192 -#endif -#ifndef RSA_MAX_PRIME -#define RSA_MAX_PRIME (MAX_RSA_KEY_BYTES/2) -#endif -#ifndef RSA_PRIVATE_SIZE -#define RSA_PRIVATE_SIZE (RSA_MAX_PRIME*5) -#endif -#ifndef SIZE_OF_X509_SERIAL_NUMBER -#define SIZE_OF_X509_SERIAL_NUMBER 20 -#endif -#ifndef PRIVATE_VENDOR_SPECIFIC_BYTES -#define PRIVATE_VENDOR_SPECIFIC_BYTES RSA_PRIVATE_SIZE -#endif - -// Table 0:2 - Defines for Implemented Algorithms -#ifndef ALG_AES -#define ALG_AES ALG_YES -#endif -#ifndef ALG_CAMELLIA -#define ALG_CAMELLIA ALG_NO /* Not specified by vendor */ -#endif -#ifndef ALG_CBC -#define ALG_CBC ALG_YES -#endif -#ifndef ALG_CFB -#define ALG_CFB ALG_YES -#endif -#ifndef ALG_CMAC -#define ALG_CMAC ALG_YES -#endif -#ifndef ALG_CTR -#define ALG_CTR ALG_YES -#endif -#ifndef ALG_ECB -#define ALG_ECB ALG_YES -#endif -#ifndef ALG_ECC -#define ALG_ECC ALG_YES -#endif -#ifndef ALG_ECDAA -#define ALG_ECDAA (ALG_YES && ALG_ECC) -#endif -#ifndef ALG_ECDH -#define ALG_ECDH (ALG_YES && ALG_ECC) -#endif -#ifndef ALG_ECDSA -#define ALG_ECDSA (ALG_YES && ALG_ECC) -#endif -#ifndef ALG_ECMQV -#define ALG_ECMQV (ALG_NO && ALG_ECC) -#endif -#ifndef ALG_ECSCHNORR -#define ALG_ECSCHNORR (ALG_YES && ALG_ECC) -#endif -#ifndef ALG_HMAC -#define ALG_HMAC ALG_YES -#endif -#ifndef ALG_KDF1_SP800_108 -#define ALG_KDF1_SP800_108 ALG_YES -#endif -#ifndef ALG_KDF1_SP800_56A -#define ALG_KDF1_SP800_56A (ALG_YES && ALG_ECC) -#endif -#ifndef ALG_KDF2 -#define ALG_KDF2 ALG_NO -#endif -#ifndef ALG_KEYEDHASH -#define ALG_KEYEDHASH ALG_YES -#endif -#ifndef ALG_MGF1 -#define ALG_MGF1 ALG_YES -#endif -#ifndef ALG_OAEP -#define ALG_OAEP (ALG_YES && ALG_RSA) -#endif -#ifndef ALG_OFB -#define ALG_OFB ALG_YES -#endif -#ifndef ALG_RSA -#define ALG_RSA ALG_YES -#endif -#ifndef ALG_RSAES -#define ALG_RSAES (ALG_YES && ALG_RSA) -#endif -#ifndef ALG_RSAPSS -#define ALG_RSAPSS (ALG_YES && ALG_RSA) -#endif -#ifndef ALG_RSASSA -#define ALG_RSASSA (ALG_YES && ALG_RSA) -#endif -#ifndef ALG_SHA -#define ALG_SHA ALG_NO /* Not specified by vendor */ -#endif -#ifndef ALG_SHA1 -#define ALG_SHA1 ALG_YES -#endif -#ifndef ALG_SHA256 -#define ALG_SHA256 ALG_YES -#endif -#ifndef ALG_SHA384 -#define ALG_SHA384 ALG_YES -#endif -#ifndef ALG_SHA3_256 -#define ALG_SHA3_256 ALG_NO /* Not specified by vendor */ -#endif -#ifndef ALG_SHA3_384 -#define ALG_SHA3_384 ALG_NO /* Not specified by vendor */ -#endif -#ifndef ALG_SHA3_512 -#define ALG_SHA3_512 ALG_NO /* Not specified by vendor */ -#endif -#ifndef ALG_SHA512 -#define ALG_SHA512 ALG_NO -#endif -#ifndef ALG_SM2 -#define ALG_SM2 (ALG_NO && ALG_ECC) -#endif -#ifndef ALG_SM3_256 -#define ALG_SM3_256 ALG_NO -#endif -#ifndef ALG_SM4 -#define ALG_SM4 ALG_NO -#endif -#ifndef ALG_SYMCIPHER -#define ALG_SYMCIPHER ALG_YES -#endif -#ifndef ALG_TDES -#define ALG_TDES ALG_NO -#endif -#ifndef ALG_XOR -#define ALG_XOR ALG_YES -#endif - -// Table 1:00 - Defines for RSA Asymmetric Cipher Algorithm Constants -#ifndef RSA_1024 -#define RSA_1024 (ALG_RSA & YES) -#endif -#ifndef RSA_2048 -#define RSA_2048 (ALG_RSA & YES) -#endif -#ifndef RSA_3072 -#define RSA_3072 (ALG_RSA & NO) -#endif -#ifndef RSA_4096 -#define RSA_4096 (ALG_RSA & NO) -#endif - -// Table 1:17 - Defines for AES Symmetric Cipher Algorithm Constants -#ifndef AES_128 -#define AES_128 (ALG_AES & YES) -#endif -#ifndef AES_192 -#define AES_192 (ALG_AES & NO) -#endif -#ifndef AES_256 -#define AES_256 (ALG_AES & YES) -#endif - -// Table 1:18 - Defines for SM4 Symmetric Cipher Algorithm Constants -#ifndef SM4_128 -#define SM4_128 (ALG_SM4 & YES) -#endif - -// Table 1:19 - Defines for CAMELLIA Symmetric Cipher Algorithm Constants -#ifndef CAMELLIA_128 -#define CAMELLIA_128 (ALG_CAMELLIA & YES) -#endif -#ifndef CAMELLIA_192 -#define CAMELLIA_192 (ALG_CAMELLIA & NO) -#endif -#ifndef CAMELLIA_256 -#define CAMELLIA_256 (ALG_CAMELLIA & NO) -#endif - -// Table 1:17 - Defines for TDES Symmetric Cipher Algorithm Constants -#ifndef TDES_128 -#define TDES_128 (ALG_TDES & YES) -#endif -#ifndef TDES_192 -#define TDES_192 (ALG_TDES & YES) -#endif - -// Table 0:5 - Defines for Implemented Commands -#ifndef CC_AC_GetCapability -#define CC_AC_GetCapability CC_YES -#endif -#ifndef CC_AC_Send -#define CC_AC_Send CC_YES -#endif -#ifndef CC_ActivateCredential -#define CC_ActivateCredential CC_YES -#endif -#ifndef CC_Certify -#define CC_Certify CC_YES -#endif -#ifndef CC_CertifyCreation -#define CC_CertifyCreation CC_YES -#endif -#ifndef CC_CertifyX509 -#define CC_CertifyX509 CC_YES -#endif -#ifndef CC_ChangeEPS -#define CC_ChangeEPS CC_YES -#endif -#ifndef CC_ChangePPS -#define CC_ChangePPS CC_YES -#endif -#ifndef CC_Clear -#define CC_Clear CC_YES -#endif -#ifndef CC_ClearControl -#define CC_ClearControl CC_YES -#endif -#ifndef CC_ClockRateAdjust -#define CC_ClockRateAdjust CC_YES -#endif -#ifndef CC_ClockSet -#define CC_ClockSet CC_YES -#endif -#ifndef CC_Commit -#define CC_Commit (CC_YES && ALG_ECC) -#endif -#ifndef CC_ContextLoad -#define CC_ContextLoad CC_YES -#endif -#ifndef CC_ContextSave -#define CC_ContextSave CC_YES -#endif -#ifndef CC_Create -#define CC_Create CC_YES -#endif -#ifndef CC_CreateLoaded -#define CC_CreateLoaded CC_YES -#endif -#ifndef CC_CreatePrimary -#define CC_CreatePrimary CC_YES -#endif -#ifndef CC_DictionaryAttackLockReset -#define CC_DictionaryAttackLockReset CC_YES -#endif -#ifndef CC_DictionaryAttackParameters -#define CC_DictionaryAttackParameters CC_YES -#endif -#ifndef CC_Duplicate -#define CC_Duplicate CC_YES -#endif -#ifndef CC_ECC_Parameters -#define CC_ECC_Parameters (CC_YES && ALG_ECC) -#endif -#ifndef CC_ECDH_KeyGen -#define CC_ECDH_KeyGen (CC_YES && ALG_ECC) -#endif -#ifndef CC_ECDH_ZGen -#define CC_ECDH_ZGen (CC_YES && ALG_ECC) -#endif -#ifndef CC_EC_Ephemeral -#define CC_EC_Ephemeral (CC_YES && ALG_ECC) -#endif -#ifndef CC_EncryptDecrypt -#define CC_EncryptDecrypt CC_YES -#endif -#ifndef CC_EncryptDecrypt2 -#define CC_EncryptDecrypt2 CC_YES -#endif -#ifndef CC_EventSequenceComplete -#define CC_EventSequenceComplete CC_YES -#endif -#ifndef CC_EvictControl -#define CC_EvictControl CC_YES -#endif -#ifndef CC_FieldUpgradeData -#define CC_FieldUpgradeData CC_NO -#endif -#ifndef CC_FieldUpgradeStart -#define CC_FieldUpgradeStart CC_NO -#endif -#ifndef CC_FirmwareRead -#define CC_FirmwareRead CC_NO -#endif -#ifndef CC_FlushContext -#define CC_FlushContext CC_YES -#endif -#ifndef CC_GetCapability -#define CC_GetCapability CC_YES -#endif -#ifndef CC_GetCommandAuditDigest -#define CC_GetCommandAuditDigest CC_YES -#endif -#ifndef CC_GetRandom -#define CC_GetRandom CC_YES -#endif -#ifndef CC_GetSessionAuditDigest -#define CC_GetSessionAuditDigest CC_YES -#endif -#ifndef CC_GetTestResult -#define CC_GetTestResult CC_YES -#endif -#ifndef CC_GetTime -#define CC_GetTime CC_YES -#endif -#ifndef CC_HMAC -#define CC_HMAC (CC_YES && !ALG_CMAC) -#endif -#ifndef CC_HMAC_Start -#define CC_HMAC_Start (CC_YES && !ALG_CMAC) -#endif -#ifndef CC_Hash -#define CC_Hash CC_YES -#endif -#ifndef CC_HashSequenceStart -#define CC_HashSequenceStart CC_YES -#endif -#ifndef CC_HierarchyChangeAuth -#define CC_HierarchyChangeAuth CC_YES -#endif -#ifndef CC_HierarchyControl -#define CC_HierarchyControl CC_YES -#endif -#ifndef CC_Import -#define CC_Import CC_YES -#endif -#ifndef CC_IncrementalSelfTest -#define CC_IncrementalSelfTest CC_YES -#endif -#ifndef CC_Load -#define CC_Load CC_YES -#endif -#ifndef CC_LoadExternal -#define CC_LoadExternal CC_YES -#endif -#ifndef CC_MAC -#define CC_MAC (CC_YES && ALG_CMAC) -#endif -#ifndef CC_MAC_Start -#define CC_MAC_Start (CC_YES && ALG_CMAC) -#endif -#ifndef CC_MakeCredential -#define CC_MakeCredential CC_YES -#endif -#ifndef CC_NV_Certify -#define CC_NV_Certify CC_YES -#endif -#ifndef CC_NV_ChangeAuth -#define CC_NV_ChangeAuth CC_YES -#endif -#ifndef CC_NV_DefineSpace -#define CC_NV_DefineSpace CC_YES -#endif -#ifndef CC_NV_Extend -#define CC_NV_Extend CC_YES -#endif -#ifndef CC_NV_GlobalWriteLock -#define CC_NV_GlobalWriteLock CC_YES -#endif -#ifndef CC_NV_Increment -#define CC_NV_Increment CC_YES -#endif -#ifndef CC_NV_Read -#define CC_NV_Read CC_YES -#endif -#ifndef CC_NV_ReadLock -#define CC_NV_ReadLock CC_YES -#endif -#ifndef CC_NV_ReadPublic -#define CC_NV_ReadPublic CC_YES -#endif -#ifndef CC_NV_SetBits -#define CC_NV_SetBits CC_YES -#endif -#ifndef CC_NV_UndefineSpace -#define CC_NV_UndefineSpace CC_YES -#endif -#ifndef CC_NV_UndefineSpaceSpecial -#define CC_NV_UndefineSpaceSpecial CC_YES -#endif -#ifndef CC_NV_Write -#define CC_NV_Write CC_YES -#endif -#ifndef CC_NV_WriteLock -#define CC_NV_WriteLock CC_YES -#endif -#ifndef CC_ObjectChangeAuth -#define CC_ObjectChangeAuth CC_YES -#endif -#ifndef CC_PCR_Allocate -#define CC_PCR_Allocate CC_YES -#endif -#ifndef CC_PCR_Event -#define CC_PCR_Event CC_YES -#endif -#ifndef CC_PCR_Extend -#define CC_PCR_Extend CC_YES -#endif -#ifndef CC_PCR_Read -#define CC_PCR_Read CC_YES -#endif -#ifndef CC_PCR_Reset -#define CC_PCR_Reset CC_YES -#endif -#ifndef CC_PCR_SetAuthPolicy -#define CC_PCR_SetAuthPolicy CC_YES -#endif -#ifndef CC_PCR_SetAuthValue -#define CC_PCR_SetAuthValue CC_YES -#endif -#ifndef CC_PP_Commands -#define CC_PP_Commands CC_YES -#endif -#ifndef CC_PolicyAuthValue -#define CC_PolicyAuthValue CC_YES -#endif -#ifndef CC_PolicyAuthorize -#define CC_PolicyAuthorize CC_YES -#endif -#ifndef CC_PolicyAuthorizeNV -#define CC_PolicyAuthorizeNV CC_YES -#endif -#ifndef CC_PolicyCommandCode -#define CC_PolicyCommandCode CC_YES -#endif -#ifndef CC_PolicyCounterTimer -#define CC_PolicyCounterTimer CC_YES -#endif -#ifndef CC_PolicyCpHash -#define CC_PolicyCpHash CC_YES -#endif -#ifndef CC_PolicyDuplicationSelect -#define CC_PolicyDuplicationSelect CC_YES -#endif -#ifndef CC_PolicyGetDigest -#define CC_PolicyGetDigest CC_YES -#endif -#ifndef CC_PolicyLocality -#define CC_PolicyLocality CC_YES -#endif -#ifndef CC_PolicyNV -#define CC_PolicyNV CC_YES -#endif -#ifndef CC_PolicyNameHash -#define CC_PolicyNameHash CC_YES -#endif -#ifndef CC_PolicyNvWritten -#define CC_PolicyNvWritten CC_YES -#endif -#ifndef CC_PolicyOR -#define CC_PolicyOR CC_YES -#endif -#ifndef CC_PolicyPCR -#define CC_PolicyPCR CC_YES -#endif -#ifndef CC_PolicyPassword -#define CC_PolicyPassword CC_YES -#endif -#ifndef CC_PolicyPhysicalPresence -#define CC_PolicyPhysicalPresence CC_YES -#endif -#ifndef CC_PolicyRestart -#define CC_PolicyRestart CC_YES -#endif -#ifndef CC_PolicySecret -#define CC_PolicySecret CC_YES -#endif -#ifndef CC_PolicySigned -#define CC_PolicySigned CC_YES -#endif -#ifndef CC_PolicyTemplate -#define CC_PolicyTemplate CC_YES -#endif -#ifndef CC_PolicyTicket -#define CC_PolicyTicket CC_YES -#endif -#ifndef CC_Policy_AC_SendSelect -#define CC_Policy_AC_SendSelect CC_YES -#endif -#ifndef CC_Quote -#define CC_Quote CC_YES -#endif -#ifndef CC_RSA_Decrypt -#define CC_RSA_Decrypt (CC_YES && ALG_RSA) -#endif -#ifndef CC_RSA_Encrypt -#define CC_RSA_Encrypt (CC_YES && ALG_RSA) -#endif -#ifndef CC_ReadClock -#define CC_ReadClock CC_YES -#endif -#ifndef CC_ReadPublic -#define CC_ReadPublic CC_YES -#endif -#ifndef CC_Rewrap -#define CC_Rewrap CC_YES -#endif -#ifndef CC_SelfTest -#define CC_SelfTest CC_YES -#endif -#ifndef CC_SequenceComplete -#define CC_SequenceComplete CC_YES -#endif -#ifndef CC_SequenceUpdate -#define CC_SequenceUpdate CC_YES -#endif -#ifndef CC_SetAlgorithmSet -#define CC_SetAlgorithmSet CC_YES -#endif -#ifndef CC_SetCommandCodeAuditStatus -#define CC_SetCommandCodeAuditStatus CC_YES -#endif -#ifndef CC_SetPrimaryPolicy -#define CC_SetPrimaryPolicy CC_YES -#endif -#ifndef CC_Shutdown -#define CC_Shutdown CC_YES -#endif -#ifndef CC_Sign -#define CC_Sign CC_YES -#endif -#ifndef CC_StartAuthSession -#define CC_StartAuthSession CC_YES -#endif -#ifndef CC_Startup -#define CC_Startup CC_YES -#endif -#ifndef CC_StirRandom -#define CC_StirRandom CC_YES -#endif -#ifndef CC_TestParms -#define CC_TestParms CC_YES -#endif -#ifndef CC_Unseal -#define CC_Unseal CC_YES -#endif -#ifndef CC_Vendor_TCG_Test -#define CC_Vendor_TCG_Test CC_YES -#endif -#ifndef CC_VerifySignature -#define CC_VerifySignature CC_YES -#endif -#ifndef CC_ZGen_2Phase -#define CC_ZGen_2Phase (CC_YES && ALG_ECC) -#endif - - -#endif // _TPM_PROFILE_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/TpmTypes.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/TpmTypes.h deleted file mode 100644 index aefcdf280..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/TpmTypes.h +++ /dev/null @@ -1,2374 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Apr 10, 2019 Time: 03:21:33PM - */ - -#ifndef _TPM_TYPES_H_ -#define _TPM_TYPES_H_ - -// Table 1:2 - Definition of TPM_ALG_ID Constants -typedef UINT16 TPM_ALG_ID; -#define TYPE_OF_TPM_ALG_ID UINT16 -#define ALG_ERROR_VALUE 0x0000 -#define TPM_ALG_ERROR (TPM_ALG_ID)(ALG_ERROR_VALUE) -#define ALG_RSA_VALUE 0x0001 -#define TPM_ALG_RSA (TPM_ALG_ID)(ALG_RSA_VALUE) -#define ALG_TDES_VALUE 0x0003 -#define TPM_ALG_TDES (TPM_ALG_ID)(ALG_TDES_VALUE) -#define ALG_SHA_VALUE 0x0004 -#define TPM_ALG_SHA (TPM_ALG_ID)(ALG_SHA_VALUE) -#define ALG_SHA1_VALUE 0x0004 -#define TPM_ALG_SHA1 (TPM_ALG_ID)(ALG_SHA1_VALUE) -#define ALG_HMAC_VALUE 0x0005 -#define TPM_ALG_HMAC (TPM_ALG_ID)(ALG_HMAC_VALUE) -#define ALG_AES_VALUE 0x0006 -#define TPM_ALG_AES (TPM_ALG_ID)(ALG_AES_VALUE) -#define ALG_MGF1_VALUE 0x0007 -#define TPM_ALG_MGF1 (TPM_ALG_ID)(ALG_MGF1_VALUE) -#define ALG_KEYEDHASH_VALUE 0x0008 -#define TPM_ALG_KEYEDHASH (TPM_ALG_ID)(ALG_KEYEDHASH_VALUE) -#define ALG_XOR_VALUE 0x000A -#define TPM_ALG_XOR (TPM_ALG_ID)(ALG_XOR_VALUE) -#define ALG_SHA256_VALUE 0x000B -#define TPM_ALG_SHA256 (TPM_ALG_ID)(ALG_SHA256_VALUE) -#define ALG_SHA384_VALUE 0x000C -#define TPM_ALG_SHA384 (TPM_ALG_ID)(ALG_SHA384_VALUE) -#define ALG_SHA512_VALUE 0x000D -#define TPM_ALG_SHA512 (TPM_ALG_ID)(ALG_SHA512_VALUE) -#define ALG_NULL_VALUE 0x0010 -#define TPM_ALG_NULL (TPM_ALG_ID)(ALG_NULL_VALUE) -#define ALG_SM3_256_VALUE 0x0012 -#define TPM_ALG_SM3_256 (TPM_ALG_ID)(ALG_SM3_256_VALUE) -#define ALG_SM4_VALUE 0x0013 -#define TPM_ALG_SM4 (TPM_ALG_ID)(ALG_SM4_VALUE) -#define ALG_RSASSA_VALUE 0x0014 -#define TPM_ALG_RSASSA (TPM_ALG_ID)(ALG_RSASSA_VALUE) -#define ALG_RSAES_VALUE 0x0015 -#define TPM_ALG_RSAES (TPM_ALG_ID)(ALG_RSAES_VALUE) -#define ALG_RSAPSS_VALUE 0x0016 -#define TPM_ALG_RSAPSS (TPM_ALG_ID)(ALG_RSAPSS_VALUE) -#define ALG_OAEP_VALUE 0x0017 -#define TPM_ALG_OAEP (TPM_ALG_ID)(ALG_OAEP_VALUE) -#define ALG_ECDSA_VALUE 0x0018 -#define TPM_ALG_ECDSA (TPM_ALG_ID)(ALG_ECDSA_VALUE) -#define ALG_ECDH_VALUE 0x0019 -#define TPM_ALG_ECDH (TPM_ALG_ID)(ALG_ECDH_VALUE) -#define ALG_ECDAA_VALUE 0x001A -#define TPM_ALG_ECDAA (TPM_ALG_ID)(ALG_ECDAA_VALUE) -#define ALG_SM2_VALUE 0x001B -#define TPM_ALG_SM2 (TPM_ALG_ID)(ALG_SM2_VALUE) -#define ALG_ECSCHNORR_VALUE 0x001C -#define TPM_ALG_ECSCHNORR (TPM_ALG_ID)(ALG_ECSCHNORR_VALUE) -#define ALG_ECMQV_VALUE 0x001D -#define TPM_ALG_ECMQV (TPM_ALG_ID)(ALG_ECMQV_VALUE) -#define ALG_KDF1_SP800_56A_VALUE 0x0020 -#define TPM_ALG_KDF1_SP800_56A (TPM_ALG_ID)(ALG_KDF1_SP800_56A_VALUE) -#define ALG_KDF2_VALUE 0x0021 -#define TPM_ALG_KDF2 (TPM_ALG_ID)(ALG_KDF2_VALUE) -#define ALG_KDF1_SP800_108_VALUE 0x0022 -#define TPM_ALG_KDF1_SP800_108 (TPM_ALG_ID)(ALG_KDF1_SP800_108_VALUE) -#define ALG_ECC_VALUE 0x0023 -#define TPM_ALG_ECC (TPM_ALG_ID)(ALG_ECC_VALUE) -#define ALG_SYMCIPHER_VALUE 0x0025 -#define TPM_ALG_SYMCIPHER (TPM_ALG_ID)(ALG_SYMCIPHER_VALUE) -#define ALG_CAMELLIA_VALUE 0x0026 -#define TPM_ALG_CAMELLIA (TPM_ALG_ID)(ALG_CAMELLIA_VALUE) -#define ALG_SHA3_256_VALUE 0x0027 -#define TPM_ALG_SHA3_256 (TPM_ALG_ID)(ALG_SHA3_256_VALUE) -#define ALG_SHA3_384_VALUE 0x0028 -#define TPM_ALG_SHA3_384 (TPM_ALG_ID)(ALG_SHA3_384_VALUE) -#define ALG_SHA3_512_VALUE 0x0029 -#define TPM_ALG_SHA3_512 (TPM_ALG_ID)(ALG_SHA3_512_VALUE) -#define ALG_CMAC_VALUE 0x003F -#define TPM_ALG_CMAC (TPM_ALG_ID)(ALG_CMAC_VALUE) -#define ALG_CTR_VALUE 0x0040 -#define TPM_ALG_CTR (TPM_ALG_ID)(ALG_CTR_VALUE) -#define ALG_OFB_VALUE 0x0041 -#define TPM_ALG_OFB (TPM_ALG_ID)(ALG_OFB_VALUE) -#define ALG_CBC_VALUE 0x0042 -#define TPM_ALG_CBC (TPM_ALG_ID)(ALG_CBC_VALUE) -#define ALG_CFB_VALUE 0x0043 -#define TPM_ALG_CFB (TPM_ALG_ID)(ALG_CFB_VALUE) -#define ALG_ECB_VALUE 0x0044 -#define TPM_ALG_ECB (TPM_ALG_ID)(ALG_ECB_VALUE) -// Values derived from Table 1:2 -#define ALG_FIRST_VALUE 0x0001 -#define TPM_ALG_FIRST (TPM_ALG_ID)(ALG_FIRST_VALUE) -#define ALG_LAST_VALUE 0x0044 -#define TPM_ALG_LAST (TPM_ALG_ID)(ALG_LAST_VALUE) - -// Table 1:3 - Definition of TPM_ECC_CURVE Constants -typedef UINT16 TPM_ECC_CURVE; -#define TYPE_OF_TPM_ECC_CURVE UINT16 -#define TPM_ECC_NONE (TPM_ECC_CURVE)(0x0000) -#define TPM_ECC_NIST_P192 (TPM_ECC_CURVE)(0x0001) -#define TPM_ECC_NIST_P224 (TPM_ECC_CURVE)(0x0002) -#define TPM_ECC_NIST_P256 (TPM_ECC_CURVE)(0x0003) -#define TPM_ECC_NIST_P384 (TPM_ECC_CURVE)(0x0004) -#define TPM_ECC_NIST_P521 (TPM_ECC_CURVE)(0x0005) -#define TPM_ECC_BN_P256 (TPM_ECC_CURVE)(0x0010) -#define TPM_ECC_BN_P638 (TPM_ECC_CURVE)(0x0011) -#define TPM_ECC_SM2_P256 (TPM_ECC_CURVE)(0x0020) - -// Table 2:12 - Definition of TPM_CC Constants -typedef UINT32 TPM_CC; -#define TYPE_OF_TPM_CC UINT32 -#define TPM_CC_NV_UndefineSpaceSpecial (TPM_CC)(0x0000011F) -#define TPM_CC_EvictControl (TPM_CC)(0x00000120) -#define TPM_CC_HierarchyControl (TPM_CC)(0x00000121) -#define TPM_CC_NV_UndefineSpace (TPM_CC)(0x00000122) -#define TPM_CC_ChangeEPS (TPM_CC)(0x00000124) -#define TPM_CC_ChangePPS (TPM_CC)(0x00000125) -#define TPM_CC_Clear (TPM_CC)(0x00000126) -#define TPM_CC_ClearControl (TPM_CC)(0x00000127) -#define TPM_CC_ClockSet (TPM_CC)(0x00000128) -#define TPM_CC_HierarchyChangeAuth (TPM_CC)(0x00000129) -#define TPM_CC_NV_DefineSpace (TPM_CC)(0x0000012A) -#define TPM_CC_PCR_Allocate (TPM_CC)(0x0000012B) -#define TPM_CC_PCR_SetAuthPolicy (TPM_CC)(0x0000012C) -#define TPM_CC_PP_Commands (TPM_CC)(0x0000012D) -#define TPM_CC_SetPrimaryPolicy (TPM_CC)(0x0000012E) -#define TPM_CC_FieldUpgradeStart (TPM_CC)(0x0000012F) -#define TPM_CC_ClockRateAdjust (TPM_CC)(0x00000130) -#define TPM_CC_CreatePrimary (TPM_CC)(0x00000131) -#define TPM_CC_NV_GlobalWriteLock (TPM_CC)(0x00000132) -#define TPM_CC_GetCommandAuditDigest (TPM_CC)(0x00000133) -#define TPM_CC_NV_Increment (TPM_CC)(0x00000134) -#define TPM_CC_NV_SetBits (TPM_CC)(0x00000135) -#define TPM_CC_NV_Extend (TPM_CC)(0x00000136) -#define TPM_CC_NV_Write (TPM_CC)(0x00000137) -#define TPM_CC_NV_WriteLock (TPM_CC)(0x00000138) -#define TPM_CC_DictionaryAttackLockReset (TPM_CC)(0x00000139) -#define TPM_CC_DictionaryAttackParameters (TPM_CC)(0x0000013A) -#define TPM_CC_NV_ChangeAuth (TPM_CC)(0x0000013B) -#define TPM_CC_PCR_Event (TPM_CC)(0x0000013C) -#define TPM_CC_PCR_Reset (TPM_CC)(0x0000013D) -#define TPM_CC_SequenceComplete (TPM_CC)(0x0000013E) -#define TPM_CC_SetAlgorithmSet (TPM_CC)(0x0000013F) -#define TPM_CC_SetCommandCodeAuditStatus (TPM_CC)(0x00000140) -#define TPM_CC_FieldUpgradeData (TPM_CC)(0x00000141) -#define TPM_CC_IncrementalSelfTest (TPM_CC)(0x00000142) -#define TPM_CC_SelfTest (TPM_CC)(0x00000143) -#define TPM_CC_Startup (TPM_CC)(0x00000144) -#define TPM_CC_Shutdown (TPM_CC)(0x00000145) -#define TPM_CC_StirRandom (TPM_CC)(0x00000146) -#define TPM_CC_ActivateCredential (TPM_CC)(0x00000147) -#define TPM_CC_Certify (TPM_CC)(0x00000148) -#define TPM_CC_PolicyNV (TPM_CC)(0x00000149) -#define TPM_CC_CertifyCreation (TPM_CC)(0x0000014A) -#define TPM_CC_Duplicate (TPM_CC)(0x0000014B) -#define TPM_CC_GetTime (TPM_CC)(0x0000014C) -#define TPM_CC_GetSessionAuditDigest (TPM_CC)(0x0000014D) -#define TPM_CC_NV_Read (TPM_CC)(0x0000014E) -#define TPM_CC_NV_ReadLock (TPM_CC)(0x0000014F) -#define TPM_CC_ObjectChangeAuth (TPM_CC)(0x00000150) -#define TPM_CC_PolicySecret (TPM_CC)(0x00000151) -#define TPM_CC_Rewrap (TPM_CC)(0x00000152) -#define TPM_CC_Create (TPM_CC)(0x00000153) -#define TPM_CC_ECDH_ZGen (TPM_CC)(0x00000154) -#define TPM_CC_HMAC (TPM_CC)(0x00000155) -#define TPM_CC_MAC (TPM_CC)(0x00000155) -#define TPM_CC_Import (TPM_CC)(0x00000156) -#define TPM_CC_Load (TPM_CC)(0x00000157) -#define TPM_CC_Quote (TPM_CC)(0x00000158) -#define TPM_CC_RSA_Decrypt (TPM_CC)(0x00000159) -#define TPM_CC_HMAC_Start (TPM_CC)(0x0000015B) -#define TPM_CC_MAC_Start (TPM_CC)(0x0000015B) -#define TPM_CC_SequenceUpdate (TPM_CC)(0x0000015C) -#define TPM_CC_Sign (TPM_CC)(0x0000015D) -#define TPM_CC_Unseal (TPM_CC)(0x0000015E) -#define TPM_CC_PolicySigned (TPM_CC)(0x00000160) -#define TPM_CC_ContextLoad (TPM_CC)(0x00000161) -#define TPM_CC_ContextSave (TPM_CC)(0x00000162) -#define TPM_CC_ECDH_KeyGen (TPM_CC)(0x00000163) -#define TPM_CC_EncryptDecrypt (TPM_CC)(0x00000164) -#define TPM_CC_FlushContext (TPM_CC)(0x00000165) -#define TPM_CC_LoadExternal (TPM_CC)(0x00000167) -#define TPM_CC_MakeCredential (TPM_CC)(0x00000168) -#define TPM_CC_NV_ReadPublic (TPM_CC)(0x00000169) -#define TPM_CC_PolicyAuthorize (TPM_CC)(0x0000016A) -#define TPM_CC_PolicyAuthValue (TPM_CC)(0x0000016B) -#define TPM_CC_PolicyCommandCode (TPM_CC)(0x0000016C) -#define TPM_CC_PolicyCounterTimer (TPM_CC)(0x0000016D) -#define TPM_CC_PolicyCpHash (TPM_CC)(0x0000016E) -#define TPM_CC_PolicyLocality (TPM_CC)(0x0000016F) -#define TPM_CC_PolicyNameHash (TPM_CC)(0x00000170) -#define TPM_CC_PolicyOR (TPM_CC)(0x00000171) -#define TPM_CC_PolicyTicket (TPM_CC)(0x00000172) -#define TPM_CC_ReadPublic (TPM_CC)(0x00000173) -#define TPM_CC_RSA_Encrypt (TPM_CC)(0x00000174) -#define TPM_CC_StartAuthSession (TPM_CC)(0x00000176) -#define TPM_CC_VerifySignature (TPM_CC)(0x00000177) -#define TPM_CC_ECC_Parameters (TPM_CC)(0x00000178) -#define TPM_CC_FirmwareRead (TPM_CC)(0x00000179) -#define TPM_CC_GetCapability (TPM_CC)(0x0000017A) -#define TPM_CC_GetRandom (TPM_CC)(0x0000017B) -#define TPM_CC_GetTestResult (TPM_CC)(0x0000017C) -#define TPM_CC_Hash (TPM_CC)(0x0000017D) -#define TPM_CC_PCR_Read (TPM_CC)(0x0000017E) -#define TPM_CC_PolicyPCR (TPM_CC)(0x0000017F) -#define TPM_CC_PolicyRestart (TPM_CC)(0x00000180) -#define TPM_CC_ReadClock (TPM_CC)(0x00000181) -#define TPM_CC_PCR_Extend (TPM_CC)(0x00000182) -#define TPM_CC_PCR_SetAuthValue (TPM_CC)(0x00000183) -#define TPM_CC_NV_Certify (TPM_CC)(0x00000184) -#define TPM_CC_EventSequenceComplete (TPM_CC)(0x00000185) -#define TPM_CC_HashSequenceStart (TPM_CC)(0x00000186) -#define TPM_CC_PolicyPhysicalPresence (TPM_CC)(0x00000187) -#define TPM_CC_PolicyDuplicationSelect (TPM_CC)(0x00000188) -#define TPM_CC_PolicyGetDigest (TPM_CC)(0x00000189) -#define TPM_CC_TestParms (TPM_CC)(0x0000018A) -#define TPM_CC_Commit (TPM_CC)(0x0000018B) -#define TPM_CC_PolicyPassword (TPM_CC)(0x0000018C) -#define TPM_CC_ZGen_2Phase (TPM_CC)(0x0000018D) -#define TPM_CC_EC_Ephemeral (TPM_CC)(0x0000018E) -#define TPM_CC_PolicyNvWritten (TPM_CC)(0x0000018F) -#define TPM_CC_PolicyTemplate (TPM_CC)(0x00000190) -#define TPM_CC_CreateLoaded (TPM_CC)(0x00000191) -#define TPM_CC_PolicyAuthorizeNV (TPM_CC)(0x00000192) -#define TPM_CC_EncryptDecrypt2 (TPM_CC)(0x00000193) -#define TPM_CC_AC_GetCapability (TPM_CC)(0x00000194) -#define TPM_CC_AC_Send (TPM_CC)(0x00000195) -#define TPM_CC_Policy_AC_SendSelect (TPM_CC)(0x00000196) -#define TPM_CC_CertifyX509 (TPM_CC)(0x00000197) -#define CC_VEND 0x20000000 -#define TPM_CC_Vendor_TCG_Test (TPM_CC)(0x20000000) - -// Table 2:5 - Definition of Types for Documentation Clarity -typedef UINT32 TPM_ALGORITHM_ID; -#define TYPE_OF_TPM_ALGORITHM_ID UINT32 -typedef UINT32 TPM_MODIFIER_INDICATOR; -#define TYPE_OF_TPM_MODIFIER_INDICATOR UINT32 -typedef UINT32 TPM_AUTHORIZATION_SIZE; -#define TYPE_OF_TPM_AUTHORIZATION_SIZE UINT32 -typedef UINT32 TPM_PARAMETER_SIZE; -#define TYPE_OF_TPM_PARAMETER_SIZE UINT32 -typedef UINT16 TPM_KEY_SIZE; -#define TYPE_OF_TPM_KEY_SIZE UINT16 -typedef UINT16 TPM_KEY_BITS; -#define TYPE_OF_TPM_KEY_BITS UINT16 - -// Table 2:6 - Definition of TPM_SPEC Constants -typedef UINT32 TPM_SPEC; -#define TYPE_OF_TPM_SPEC UINT32 -#define SPEC_FAMILY 0x322E3000 -#define TPM_SPEC_FAMILY (TPM_SPEC)(SPEC_FAMILY) -#define SPEC_LEVEL 00 -#define TPM_SPEC_LEVEL (TPM_SPEC)(SPEC_LEVEL) -#define SPEC_VERSION 154 -#define TPM_SPEC_VERSION (TPM_SPEC)(SPEC_VERSION) -#define SPEC_YEAR 2019 -#define TPM_SPEC_YEAR (TPM_SPEC)(SPEC_YEAR) -#define SPEC_DAY_OF_YEAR 81 -#define TPM_SPEC_DAY_OF_YEAR (TPM_SPEC)(SPEC_DAY_OF_YEAR) - -// Table 2:7 - Definition of TPM_GENERATED Constants -typedef UINT32 TPM_GENERATED; -#define TYPE_OF_TPM_GENERATED UINT32 -#define TPM_GENERATED_VALUE (TPM_GENERATED)(0xFF544347) - -// Table 2:16 - Definition of TPM_RC Constants -typedef UINT32 TPM_RC; -#define TYPE_OF_TPM_RC UINT32 -#define TPM_RC_SUCCESS (TPM_RC)(0x000) -#define TPM_RC_BAD_TAG (TPM_RC)(0x01E) -#define RC_VER1 (TPM_RC)(0x100) -#define TPM_RC_INITIALIZE (TPM_RC)(RC_VER1+0x000) -#define TPM_RC_FAILURE (TPM_RC)(RC_VER1+0x001) -#define TPM_RC_SEQUENCE (TPM_RC)(RC_VER1+0x003) -#define TPM_RC_PRIVATE (TPM_RC)(RC_VER1+0x00B) -#define TPM_RC_HMAC (TPM_RC)(RC_VER1+0x019) -#define TPM_RC_DISABLED (TPM_RC)(RC_VER1+0x020) -#define TPM_RC_EXCLUSIVE (TPM_RC)(RC_VER1+0x021) -#define TPM_RC_AUTH_TYPE (TPM_RC)(RC_VER1+0x024) -#define TPM_RC_AUTH_MISSING (TPM_RC)(RC_VER1+0x025) -#define TPM_RC_POLICY (TPM_RC)(RC_VER1+0x026) -#define TPM_RC_PCR (TPM_RC)(RC_VER1+0x027) -#define TPM_RC_PCR_CHANGED (TPM_RC)(RC_VER1+0x028) -#define TPM_RC_UPGRADE (TPM_RC)(RC_VER1+0x02D) -#define TPM_RC_TOO_MANY_CONTEXTS (TPM_RC)(RC_VER1+0x02E) -#define TPM_RC_AUTH_UNAVAILABLE (TPM_RC)(RC_VER1+0x02F) -#define TPM_RC_REBOOT (TPM_RC)(RC_VER1+0x030) -#define TPM_RC_UNBALANCED (TPM_RC)(RC_VER1+0x031) -#define TPM_RC_COMMAND_SIZE (TPM_RC)(RC_VER1+0x042) -#define TPM_RC_COMMAND_CODE (TPM_RC)(RC_VER1+0x043) -#define TPM_RC_AUTHSIZE (TPM_RC)(RC_VER1+0x044) -#define TPM_RC_AUTH_CONTEXT (TPM_RC)(RC_VER1+0x045) -#define TPM_RC_NV_RANGE (TPM_RC)(RC_VER1+0x046) -#define TPM_RC_NV_SIZE (TPM_RC)(RC_VER1+0x047) -#define TPM_RC_NV_LOCKED (TPM_RC)(RC_VER1+0x048) -#define TPM_RC_NV_AUTHORIZATION (TPM_RC)(RC_VER1+0x049) -#define TPM_RC_NV_UNINITIALIZED (TPM_RC)(RC_VER1+0x04A) -#define TPM_RC_NV_SPACE (TPM_RC)(RC_VER1+0x04B) -#define TPM_RC_NV_DEFINED (TPM_RC)(RC_VER1+0x04C) -#define TPM_RC_BAD_CONTEXT (TPM_RC)(RC_VER1+0x050) -#define TPM_RC_CPHASH (TPM_RC)(RC_VER1+0x051) -#define TPM_RC_PARENT (TPM_RC)(RC_VER1+0x052) -#define TPM_RC_NEEDS_TEST (TPM_RC)(RC_VER1+0x053) -#define TPM_RC_NO_RESULT (TPM_RC)(RC_VER1+0x054) -#define TPM_RC_SENSITIVE (TPM_RC)(RC_VER1+0x055) -#define RC_MAX_FM0 (TPM_RC)(RC_VER1+0x07F) -#define RC_FMT1 (TPM_RC)(0x080) -#define TPM_RC_ASYMMETRIC (TPM_RC)(RC_FMT1+0x001) -#define TPM_RCS_ASYMMETRIC (TPM_RC)(RC_FMT1+0x001) -#define TPM_RC_ATTRIBUTES (TPM_RC)(RC_FMT1+0x002) -#define TPM_RCS_ATTRIBUTES (TPM_RC)(RC_FMT1+0x002) -#define TPM_RC_HASH (TPM_RC)(RC_FMT1+0x003) -#define TPM_RCS_HASH (TPM_RC)(RC_FMT1+0x003) -#define TPM_RC_VALUE (TPM_RC)(RC_FMT1+0x004) -#define TPM_RCS_VALUE (TPM_RC)(RC_FMT1+0x004) -#define TPM_RC_HIERARCHY (TPM_RC)(RC_FMT1+0x005) -#define TPM_RCS_HIERARCHY (TPM_RC)(RC_FMT1+0x005) -#define TPM_RC_KEY_SIZE (TPM_RC)(RC_FMT1+0x007) -#define TPM_RCS_KEY_SIZE (TPM_RC)(RC_FMT1+0x007) -#define TPM_RC_MGF (TPM_RC)(RC_FMT1+0x008) -#define TPM_RCS_MGF (TPM_RC)(RC_FMT1+0x008) -#define TPM_RC_MODE (TPM_RC)(RC_FMT1+0x009) -#define TPM_RCS_MODE (TPM_RC)(RC_FMT1+0x009) -#define TPM_RC_TYPE (TPM_RC)(RC_FMT1+0x00A) -#define TPM_RCS_TYPE (TPM_RC)(RC_FMT1+0x00A) -#define TPM_RC_HANDLE (TPM_RC)(RC_FMT1+0x00B) -#define TPM_RCS_HANDLE (TPM_RC)(RC_FMT1+0x00B) -#define TPM_RC_KDF (TPM_RC)(RC_FMT1+0x00C) -#define TPM_RCS_KDF (TPM_RC)(RC_FMT1+0x00C) -#define TPM_RC_RANGE (TPM_RC)(RC_FMT1+0x00D) -#define TPM_RCS_RANGE (TPM_RC)(RC_FMT1+0x00D) -#define TPM_RC_AUTH_FAIL (TPM_RC)(RC_FMT1+0x00E) -#define TPM_RCS_AUTH_FAIL (TPM_RC)(RC_FMT1+0x00E) -#define TPM_RC_NONCE (TPM_RC)(RC_FMT1+0x00F) -#define TPM_RCS_NONCE (TPM_RC)(RC_FMT1+0x00F) -#define TPM_RC_PP (TPM_RC)(RC_FMT1+0x010) -#define TPM_RCS_PP (TPM_RC)(RC_FMT1+0x010) -#define TPM_RC_SCHEME (TPM_RC)(RC_FMT1+0x012) -#define TPM_RCS_SCHEME (TPM_RC)(RC_FMT1+0x012) -#define TPM_RC_SIZE (TPM_RC)(RC_FMT1+0x015) -#define TPM_RCS_SIZE (TPM_RC)(RC_FMT1+0x015) -#define TPM_RC_SYMMETRIC (TPM_RC)(RC_FMT1+0x016) -#define TPM_RCS_SYMMETRIC (TPM_RC)(RC_FMT1+0x016) -#define TPM_RC_TAG (TPM_RC)(RC_FMT1+0x017) -#define TPM_RCS_TAG (TPM_RC)(RC_FMT1+0x017) -#define TPM_RC_SELECTOR (TPM_RC)(RC_FMT1+0x018) -#define TPM_RCS_SELECTOR (TPM_RC)(RC_FMT1+0x018) -#define TPM_RC_INSUFFICIENT (TPM_RC)(RC_FMT1+0x01A) -#define TPM_RCS_INSUFFICIENT (TPM_RC)(RC_FMT1+0x01A) -#define TPM_RC_SIGNATURE (TPM_RC)(RC_FMT1+0x01B) -#define TPM_RCS_SIGNATURE (TPM_RC)(RC_FMT1+0x01B) -#define TPM_RC_KEY (TPM_RC)(RC_FMT1+0x01C) -#define TPM_RCS_KEY (TPM_RC)(RC_FMT1+0x01C) -#define TPM_RC_POLICY_FAIL (TPM_RC)(RC_FMT1+0x01D) -#define TPM_RCS_POLICY_FAIL (TPM_RC)(RC_FMT1+0x01D) -#define TPM_RC_INTEGRITY (TPM_RC)(RC_FMT1+0x01F) -#define TPM_RCS_INTEGRITY (TPM_RC)(RC_FMT1+0x01F) -#define TPM_RC_TICKET (TPM_RC)(RC_FMT1+0x020) -#define TPM_RCS_TICKET (TPM_RC)(RC_FMT1+0x020) -#define TPM_RC_RESERVED_BITS (TPM_RC)(RC_FMT1+0x021) -#define TPM_RCS_RESERVED_BITS (TPM_RC)(RC_FMT1+0x021) -#define TPM_RC_BAD_AUTH (TPM_RC)(RC_FMT1+0x022) -#define TPM_RCS_BAD_AUTH (TPM_RC)(RC_FMT1+0x022) -#define TPM_RC_EXPIRED (TPM_RC)(RC_FMT1+0x023) -#define TPM_RCS_EXPIRED (TPM_RC)(RC_FMT1+0x023) -#define TPM_RC_POLICY_CC (TPM_RC)(RC_FMT1+0x024) -#define TPM_RCS_POLICY_CC (TPM_RC)(RC_FMT1+0x024) -#define TPM_RC_BINDING (TPM_RC)(RC_FMT1+0x025) -#define TPM_RCS_BINDING (TPM_RC)(RC_FMT1+0x025) -#define TPM_RC_CURVE (TPM_RC)(RC_FMT1+0x026) -#define TPM_RCS_CURVE (TPM_RC)(RC_FMT1+0x026) -#define TPM_RC_ECC_POINT (TPM_RC)(RC_FMT1+0x027) -#define TPM_RCS_ECC_POINT (TPM_RC)(RC_FMT1+0x027) -#define RC_WARN (TPM_RC)(0x900) -#define TPM_RC_CONTEXT_GAP (TPM_RC)(RC_WARN+0x001) -#define TPM_RC_OBJECT_MEMORY (TPM_RC)(RC_WARN+0x002) -#define TPM_RC_SESSION_MEMORY (TPM_RC)(RC_WARN+0x003) -#define TPM_RC_MEMORY (TPM_RC)(RC_WARN+0x004) -#define TPM_RC_SESSION_HANDLES (TPM_RC)(RC_WARN+0x005) -#define TPM_RC_OBJECT_HANDLES (TPM_RC)(RC_WARN+0x006) -#define TPM_RC_LOCALITY (TPM_RC)(RC_WARN+0x007) -#define TPM_RC_YIELDED (TPM_RC)(RC_WARN+0x008) -#define TPM_RC_CANCELED (TPM_RC)(RC_WARN+0x009) -#define TPM_RC_TESTING (TPM_RC)(RC_WARN+0x00A) -#define TPM_RC_REFERENCE_H0 (TPM_RC)(RC_WARN+0x010) -#define TPM_RC_REFERENCE_H1 (TPM_RC)(RC_WARN+0x011) -#define TPM_RC_REFERENCE_H2 (TPM_RC)(RC_WARN+0x012) -#define TPM_RC_REFERENCE_H3 (TPM_RC)(RC_WARN+0x013) -#define TPM_RC_REFERENCE_H4 (TPM_RC)(RC_WARN+0x014) -#define TPM_RC_REFERENCE_H5 (TPM_RC)(RC_WARN+0x015) -#define TPM_RC_REFERENCE_H6 (TPM_RC)(RC_WARN+0x016) -#define TPM_RC_REFERENCE_S0 (TPM_RC)(RC_WARN+0x018) -#define TPM_RC_REFERENCE_S1 (TPM_RC)(RC_WARN+0x019) -#define TPM_RC_REFERENCE_S2 (TPM_RC)(RC_WARN+0x01A) -#define TPM_RC_REFERENCE_S3 (TPM_RC)(RC_WARN+0x01B) -#define TPM_RC_REFERENCE_S4 (TPM_RC)(RC_WARN+0x01C) -#define TPM_RC_REFERENCE_S5 (TPM_RC)(RC_WARN+0x01D) -#define TPM_RC_REFERENCE_S6 (TPM_RC)(RC_WARN+0x01E) -#define TPM_RC_NV_RATE (TPM_RC)(RC_WARN+0x020) -#define TPM_RC_LOCKOUT (TPM_RC)(RC_WARN+0x021) -#define TPM_RC_RETRY (TPM_RC)(RC_WARN+0x022) -#define TPM_RC_NV_UNAVAILABLE (TPM_RC)(RC_WARN+0x023) -#define TPM_RC_NOT_USED (TPM_RC)(RC_WARN+0x7F) -#define TPM_RC_H (TPM_RC)(0x000) -#define TPM_RC_P (TPM_RC)(0x040) -#define TPM_RC_S (TPM_RC)(0x800) -#define TPM_RC_1 (TPM_RC)(0x100) -#define TPM_RC_2 (TPM_RC)(0x200) -#define TPM_RC_3 (TPM_RC)(0x300) -#define TPM_RC_4 (TPM_RC)(0x400) -#define TPM_RC_5 (TPM_RC)(0x500) -#define TPM_RC_6 (TPM_RC)(0x600) -#define TPM_RC_7 (TPM_RC)(0x700) -#define TPM_RC_8 (TPM_RC)(0x800) -#define TPM_RC_9 (TPM_RC)(0x900) -#define TPM_RC_A (TPM_RC)(0xA00) -#define TPM_RC_B (TPM_RC)(0xB00) -#define TPM_RC_C (TPM_RC)(0xC00) -#define TPM_RC_D (TPM_RC)(0xD00) -#define TPM_RC_E (TPM_RC)(0xE00) -#define TPM_RC_F (TPM_RC)(0xF00) -#define TPM_RC_N_MASK (TPM_RC)(0xF00) - -// Table 2:17 - Definition of TPM_CLOCK_ADJUST Constants -typedef INT8 TPM_CLOCK_ADJUST; -#define TYPE_OF_TPM_CLOCK_ADJUST UINT8 -#define TPM_CLOCK_COARSE_SLOWER (TPM_CLOCK_ADJUST)(-3) -#define TPM_CLOCK_MEDIUM_SLOWER (TPM_CLOCK_ADJUST)(-2) -#define TPM_CLOCK_FINE_SLOWER (TPM_CLOCK_ADJUST)(-1) -#define TPM_CLOCK_NO_CHANGE (TPM_CLOCK_ADJUST)(0) -#define TPM_CLOCK_FINE_FASTER (TPM_CLOCK_ADJUST)(1) -#define TPM_CLOCK_MEDIUM_FASTER (TPM_CLOCK_ADJUST)(2) -#define TPM_CLOCK_COARSE_FASTER (TPM_CLOCK_ADJUST)(3) - -// Table 2:18 - Definition of TPM_EO Constants -typedef UINT16 TPM_EO; -#define TYPE_OF_TPM_EO UINT16 -#define TPM_EO_EQ (TPM_EO)(0x0000) -#define TPM_EO_NEQ (TPM_EO)(0x0001) -#define TPM_EO_SIGNED_GT (TPM_EO)(0x0002) -#define TPM_EO_UNSIGNED_GT (TPM_EO)(0x0003) -#define TPM_EO_SIGNED_LT (TPM_EO)(0x0004) -#define TPM_EO_UNSIGNED_LT (TPM_EO)(0x0005) -#define TPM_EO_SIGNED_GE (TPM_EO)(0x0006) -#define TPM_EO_UNSIGNED_GE (TPM_EO)(0x0007) -#define TPM_EO_SIGNED_LE (TPM_EO)(0x0008) -#define TPM_EO_UNSIGNED_LE (TPM_EO)(0x0009) -#define TPM_EO_BITSET (TPM_EO)(0x000A) -#define TPM_EO_BITCLEAR (TPM_EO)(0x000B) - -// Table 2:19 - Definition of TPM_ST Constants -typedef UINT16 TPM_ST; -#define TYPE_OF_TPM_ST UINT16 -#define TPM_ST_RSP_COMMAND (TPM_ST)(0x00C4) -#define TPM_ST_NULL (TPM_ST)(0x8000) -#define TPM_ST_NO_SESSIONS (TPM_ST)(0x8001) -#define TPM_ST_SESSIONS (TPM_ST)(0x8002) -#define TPM_ST_ATTEST_NV (TPM_ST)(0x8014) -#define TPM_ST_ATTEST_COMMAND_AUDIT (TPM_ST)(0x8015) -#define TPM_ST_ATTEST_SESSION_AUDIT (TPM_ST)(0x8016) -#define TPM_ST_ATTEST_CERTIFY (TPM_ST)(0x8017) -#define TPM_ST_ATTEST_QUOTE (TPM_ST)(0x8018) -#define TPM_ST_ATTEST_TIME (TPM_ST)(0x8019) -#define TPM_ST_ATTEST_CREATION (TPM_ST)(0x801A) -#define TPM_ST_ATTEST_NV_DIGEST (TPM_ST)(0x801C) -#define TPM_ST_CREATION (TPM_ST)(0x8021) -#define TPM_ST_VERIFIED (TPM_ST)(0x8022) -#define TPM_ST_AUTH_SECRET (TPM_ST)(0x8023) -#define TPM_ST_HASHCHECK (TPM_ST)(0x8024) -#define TPM_ST_AUTH_SIGNED (TPM_ST)(0x8025) -#define TPM_ST_FU_MANIFEST (TPM_ST)(0x8029) - -// Table 2:20 - Definition of TPM_SU Constants -typedef UINT16 TPM_SU; -#define TYPE_OF_TPM_SU UINT16 -#define TPM_SU_CLEAR (TPM_SU)(0x0000) -#define TPM_SU_STATE (TPM_SU)(0x0001) - -// Table 2:21 - Definition of TPM_SE Constants -typedef UINT8 TPM_SE; -#define TYPE_OF_TPM_SE UINT8 -#define TPM_SE_HMAC (TPM_SE)(0x00) -#define TPM_SE_POLICY (TPM_SE)(0x01) -#define TPM_SE_TRIAL (TPM_SE)(0x03) - -// Table 2:22 - Definition of TPM_CAP Constants -typedef UINT32 TPM_CAP; -#define TYPE_OF_TPM_CAP UINT32 -#define TPM_CAP_FIRST (TPM_CAP)(0x00000000) -#define TPM_CAP_ALGS (TPM_CAP)(0x00000000) -#define TPM_CAP_HANDLES (TPM_CAP)(0x00000001) -#define TPM_CAP_COMMANDS (TPM_CAP)(0x00000002) -#define TPM_CAP_PP_COMMANDS (TPM_CAP)(0x00000003) -#define TPM_CAP_AUDIT_COMMANDS (TPM_CAP)(0x00000004) -#define TPM_CAP_PCRS (TPM_CAP)(0x00000005) -#define TPM_CAP_TPM_PROPERTIES (TPM_CAP)(0x00000006) -#define TPM_CAP_PCR_PROPERTIES (TPM_CAP)(0x00000007) -#define TPM_CAP_ECC_CURVES (TPM_CAP)(0x00000008) -#define TPM_CAP_AUTH_POLICIES (TPM_CAP)(0x00000009) -#define TPM_CAP_LAST (TPM_CAP)(0x00000009) -#define TPM_CAP_VENDOR_PROPERTY (TPM_CAP)(0x00000100) - -// Table 2:23 - Definition of TPM_PT Constants -typedef UINT32 TPM_PT; -#define TYPE_OF_TPM_PT UINT32 -#define TPM_PT_NONE (TPM_PT)(0x00000000) -#define PT_GROUP (TPM_PT)(0x00000100) -#define PT_FIXED (TPM_PT)(PT_GROUP*1) -#define TPM_PT_FAMILY_INDICATOR (TPM_PT)(PT_FIXED+0) -#define TPM_PT_LEVEL (TPM_PT)(PT_FIXED+1) -#define TPM_PT_REVISION (TPM_PT)(PT_FIXED+2) -#define TPM_PT_DAY_OF_YEAR (TPM_PT)(PT_FIXED+3) -#define TPM_PT_YEAR (TPM_PT)(PT_FIXED+4) -#define TPM_PT_MANUFACTURER (TPM_PT)(PT_FIXED+5) -#define TPM_PT_VENDOR_STRING_1 (TPM_PT)(PT_FIXED+6) -#define TPM_PT_VENDOR_STRING_2 (TPM_PT)(PT_FIXED+7) -#define TPM_PT_VENDOR_STRING_3 (TPM_PT)(PT_FIXED+8) -#define TPM_PT_VENDOR_STRING_4 (TPM_PT)(PT_FIXED+9) -#define TPM_PT_VENDOR_TPM_TYPE (TPM_PT)(PT_FIXED+10) -#define TPM_PT_FIRMWARE_VERSION_1 (TPM_PT)(PT_FIXED+11) -#define TPM_PT_FIRMWARE_VERSION_2 (TPM_PT)(PT_FIXED+12) -#define TPM_PT_INPUT_BUFFER (TPM_PT)(PT_FIXED+13) -#define TPM_PT_HR_TRANSIENT_MIN (TPM_PT)(PT_FIXED+14) -#define TPM_PT_HR_PERSISTENT_MIN (TPM_PT)(PT_FIXED+15) -#define TPM_PT_HR_LOADED_MIN (TPM_PT)(PT_FIXED+16) -#define TPM_PT_ACTIVE_SESSIONS_MAX (TPM_PT)(PT_FIXED+17) -#define TPM_PT_PCR_COUNT (TPM_PT)(PT_FIXED+18) -#define TPM_PT_PCR_SELECT_MIN (TPM_PT)(PT_FIXED+19) -#define TPM_PT_CONTEXT_GAP_MAX (TPM_PT)(PT_FIXED+20) -#define TPM_PT_NV_COUNTERS_MAX (TPM_PT)(PT_FIXED+22) -#define TPM_PT_NV_INDEX_MAX (TPM_PT)(PT_FIXED+23) -#define TPM_PT_MEMORY (TPM_PT)(PT_FIXED+24) -#define TPM_PT_CLOCK_UPDATE (TPM_PT)(PT_FIXED+25) -#define TPM_PT_CONTEXT_HASH (TPM_PT)(PT_FIXED+26) -#define TPM_PT_CONTEXT_SYM (TPM_PT)(PT_FIXED+27) -#define TPM_PT_CONTEXT_SYM_SIZE (TPM_PT)(PT_FIXED+28) -#define TPM_PT_ORDERLY_COUNT (TPM_PT)(PT_FIXED+29) -#define TPM_PT_MAX_COMMAND_SIZE (TPM_PT)(PT_FIXED+30) -#define TPM_PT_MAX_RESPONSE_SIZE (TPM_PT)(PT_FIXED+31) -#define TPM_PT_MAX_DIGEST (TPM_PT)(PT_FIXED+32) -#define TPM_PT_MAX_OBJECT_CONTEXT (TPM_PT)(PT_FIXED+33) -#define TPM_PT_MAX_SESSION_CONTEXT (TPM_PT)(PT_FIXED+34) -#define TPM_PT_PS_FAMILY_INDICATOR (TPM_PT)(PT_FIXED+35) -#define TPM_PT_PS_LEVEL (TPM_PT)(PT_FIXED+36) -#define TPM_PT_PS_REVISION (TPM_PT)(PT_FIXED+37) -#define TPM_PT_PS_DAY_OF_YEAR (TPM_PT)(PT_FIXED+38) -#define TPM_PT_PS_YEAR (TPM_PT)(PT_FIXED+39) -#define TPM_PT_SPLIT_MAX (TPM_PT)(PT_FIXED+40) -#define TPM_PT_TOTAL_COMMANDS (TPM_PT)(PT_FIXED+41) -#define TPM_PT_LIBRARY_COMMANDS (TPM_PT)(PT_FIXED+42) -#define TPM_PT_VENDOR_COMMANDS (TPM_PT)(PT_FIXED+43) -#define TPM_PT_NV_BUFFER_MAX (TPM_PT)(PT_FIXED+44) -#define TPM_PT_MODES (TPM_PT)(PT_FIXED+45) -#define TPM_PT_MAX_CAP_BUFFER (TPM_PT)(PT_FIXED+46) -#define PT_VAR (TPM_PT)(PT_GROUP*2) -#define TPM_PT_PERMANENT (TPM_PT)(PT_VAR+0) -#define TPM_PT_STARTUP_CLEAR (TPM_PT)(PT_VAR+1) -#define TPM_PT_HR_NV_INDEX (TPM_PT)(PT_VAR+2) -#define TPM_PT_HR_LOADED (TPM_PT)(PT_VAR+3) -#define TPM_PT_HR_LOADED_AVAIL (TPM_PT)(PT_VAR+4) -#define TPM_PT_HR_ACTIVE (TPM_PT)(PT_VAR+5) -#define TPM_PT_HR_ACTIVE_AVAIL (TPM_PT)(PT_VAR+6) -#define TPM_PT_HR_TRANSIENT_AVAIL (TPM_PT)(PT_VAR+7) -#define TPM_PT_HR_PERSISTENT (TPM_PT)(PT_VAR+8) -#define TPM_PT_HR_PERSISTENT_AVAIL (TPM_PT)(PT_VAR+9) -#define TPM_PT_NV_COUNTERS (TPM_PT)(PT_VAR+10) -#define TPM_PT_NV_COUNTERS_AVAIL (TPM_PT)(PT_VAR+11) -#define TPM_PT_ALGORITHM_SET (TPM_PT)(PT_VAR+12) -#define TPM_PT_LOADED_CURVES (TPM_PT)(PT_VAR+13) -#define TPM_PT_LOCKOUT_COUNTER (TPM_PT)(PT_VAR+14) -#define TPM_PT_MAX_AUTH_FAIL (TPM_PT)(PT_VAR+15) -#define TPM_PT_LOCKOUT_INTERVAL (TPM_PT)(PT_VAR+16) -#define TPM_PT_LOCKOUT_RECOVERY (TPM_PT)(PT_VAR+17) -#define TPM_PT_NV_WRITE_RECOVERY (TPM_PT)(PT_VAR+18) -#define TPM_PT_AUDIT_COUNTER_0 (TPM_PT)(PT_VAR+19) -#define TPM_PT_AUDIT_COUNTER_1 (TPM_PT)(PT_VAR+20) - -// Table 2:24 - Definition of TPM_PT_PCR Constants -typedef UINT32 TPM_PT_PCR; -#define TYPE_OF_TPM_PT_PCR UINT32 -#define TPM_PT_PCR_FIRST (TPM_PT_PCR)(0x00000000) -#define TPM_PT_PCR_SAVE (TPM_PT_PCR)(0x00000000) -#define TPM_PT_PCR_EXTEND_L0 (TPM_PT_PCR)(0x00000001) -#define TPM_PT_PCR_RESET_L0 (TPM_PT_PCR)(0x00000002) -#define TPM_PT_PCR_EXTEND_L1 (TPM_PT_PCR)(0x00000003) -#define TPM_PT_PCR_RESET_L1 (TPM_PT_PCR)(0x00000004) -#define TPM_PT_PCR_EXTEND_L2 (TPM_PT_PCR)(0x00000005) -#define TPM_PT_PCR_RESET_L2 (TPM_PT_PCR)(0x00000006) -#define TPM_PT_PCR_EXTEND_L3 (TPM_PT_PCR)(0x00000007) -#define TPM_PT_PCR_RESET_L3 (TPM_PT_PCR)(0x00000008) -#define TPM_PT_PCR_EXTEND_L4 (TPM_PT_PCR)(0x00000009) -#define TPM_PT_PCR_RESET_L4 (TPM_PT_PCR)(0x0000000A) -#define TPM_PT_PCR_NO_INCREMENT (TPM_PT_PCR)(0x00000011) -#define TPM_PT_PCR_DRTM_RESET (TPM_PT_PCR)(0x00000012) -#define TPM_PT_PCR_POLICY (TPM_PT_PCR)(0x00000013) -#define TPM_PT_PCR_AUTH (TPM_PT_PCR)(0x00000014) -#define TPM_PT_PCR_LAST (TPM_PT_PCR)(0x00000014) - -// Table 2:25 - Definition of TPM_PS Constants -typedef UINT32 TPM_PS; -#define TYPE_OF_TPM_PS UINT32 -#define TPM_PS_MAIN (TPM_PS)(0x00000000) -#define TPM_PS_PC (TPM_PS)(0x00000001) -#define TPM_PS_PDA (TPM_PS)(0x00000002) -#define TPM_PS_CELL_PHONE (TPM_PS)(0x00000003) -#define TPM_PS_SERVER (TPM_PS)(0x00000004) -#define TPM_PS_PERIPHERAL (TPM_PS)(0x00000005) -#define TPM_PS_TSS (TPM_PS)(0x00000006) -#define TPM_PS_STORAGE (TPM_PS)(0x00000007) -#define TPM_PS_AUTHENTICATION (TPM_PS)(0x00000008) -#define TPM_PS_EMBEDDED (TPM_PS)(0x00000009) -#define TPM_PS_HARDCOPY (TPM_PS)(0x0000000A) -#define TPM_PS_INFRASTRUCTURE (TPM_PS)(0x0000000B) -#define TPM_PS_VIRTUALIZATION (TPM_PS)(0x0000000C) -#define TPM_PS_TNC (TPM_PS)(0x0000000D) -#define TPM_PS_MULTI_TENANT (TPM_PS)(0x0000000E) -#define TPM_PS_TC (TPM_PS)(0x0000000F) - -// Table 2:26 - Definition of Types for Handles -typedef UINT32 TPM_HANDLE; -#define TYPE_OF_TPM_HANDLE UINT32 - -// Table 2:27 - Definition of TPM_HT Constants -typedef UINT8 TPM_HT; -#define TYPE_OF_TPM_HT UINT8 -#define TPM_HT_PCR (TPM_HT)(0x00) -#define TPM_HT_NV_INDEX (TPM_HT)(0x01) -#define TPM_HT_HMAC_SESSION (TPM_HT)(0x02) -#define TPM_HT_LOADED_SESSION (TPM_HT)(0x02) -#define TPM_HT_POLICY_SESSION (TPM_HT)(0x03) -#define TPM_HT_SAVED_SESSION (TPM_HT)(0x03) -#define TPM_HT_PERMANENT (TPM_HT)(0x40) -#define TPM_HT_TRANSIENT (TPM_HT)(0x80) -#define TPM_HT_PERSISTENT (TPM_HT)(0x81) -#define TPM_HT_AC (TPM_HT)(0x90) - -// Table 2:28 - Definition of TPM_RH Constants -typedef TPM_HANDLE TPM_RH; -#define TPM_RH_FIRST (TPM_RH)(0x40000000) -#define TPM_RH_SRK (TPM_RH)(0x40000000) -#define TPM_RH_OWNER (TPM_RH)(0x40000001) -#define TPM_RH_REVOKE (TPM_RH)(0x40000002) -#define TPM_RH_TRANSPORT (TPM_RH)(0x40000003) -#define TPM_RH_OPERATOR (TPM_RH)(0x40000004) -#define TPM_RH_ADMIN (TPM_RH)(0x40000005) -#define TPM_RH_EK (TPM_RH)(0x40000006) -#define TPM_RH_NULL (TPM_RH)(0x40000007) -#define TPM_RH_UNASSIGNED (TPM_RH)(0x40000008) -#define TPM_RS_PW (TPM_RH)(0x40000009) -#define TPM_RH_LOCKOUT (TPM_RH)(0x4000000A) -#define TPM_RH_ENDORSEMENT (TPM_RH)(0x4000000B) -#define TPM_RH_PLATFORM (TPM_RH)(0x4000000C) -#define TPM_RH_PLATFORM_NV (TPM_RH)(0x4000000D) -#define TPM_RH_AUTH_00 (TPM_RH)(0x40000010) -#define TPM_RH_AUTH_FF (TPM_RH)(0x4000010F) -#define TPM_RH_LAST (TPM_RH)(0x4000010F) - -// Table 2:29 - Definition of TPM_HC Constants -typedef TPM_HANDLE TPM_HC; -#define HR_HANDLE_MASK (TPM_HC)(0x00FFFFFF) -#define HR_RANGE_MASK (TPM_HC)(0xFF000000) -#define HR_SHIFT (TPM_HC)(24) -#define HR_PCR (TPM_HC)((TPM_HT_PCR< -#include -#include - - -//*************************************************************** -//** Links to the wolfcrypt HASH code -//*************************************************************** - -// Redefine the internal name used for each of the hash state structures to the -// name used by the library. -// These defines need to be known in all parts of the TPM so that the structure -// sizes can be properly computed when needed. - -#define tpmHashStateSHA1_t wc_Sha -#define tpmHashStateSHA256_t wc_Sha256 -#define tpmHashStateSHA384_t wc_Sha512 -#define tpmHashStateSHA512_t wc_Sha512 - -#if ALG_SM3 -# error "The version of WolfCrypt used by this code does not support SM3" -#endif - -// The defines below are only needed when compiling CryptHash.c or CryptSmac.c. -// This isolation is primarily to avoid name space collision. However, if there -// is a real collision, it will likely show up when the linker tries to put things -// together. - -#ifdef _CRYPT_HASH_C_ - -typedef BYTE *PBYTE; -typedef const BYTE *PCBYTE; - -// Define the interface between CryptHash.c to the functions provided by the -// library. For each method, define the calling parameters of the method and then -// define how the method is invoked in CryptHash.c. -// -// All hashes are required to have the same calling sequence. If they don't, create -// a simple adaptation function that converts from the "standard" form of the call -// to the form used by the specific hash (and then send a nasty letter to the -// person who wrote the hash function for the library). -// -// The macro that calls the method also defines how the -// parameters get swizzled between the default form (in CryptHash.c)and the -// library form. -// -// Initialize the hash context -#define HASH_START_METHOD_DEF void (HASH_START_METHOD)(PANY_HASH_STATE state) -#define HASH_START(hashState) \ - ((hashState)->def->method.start)(&(hashState)->state); - -// Add data to the hash -#define HASH_DATA_METHOD_DEF \ - void (HASH_DATA_METHOD)(PANY_HASH_STATE state, \ - PCBYTE buffer, \ - size_t size) -#define HASH_DATA(hashState, dInSize, dIn) \ - ((hashState)->def->method.data)(&(hashState)->state, dIn, dInSize) - -// Finalize the hash and get the digest -#define HASH_END_METHOD_DEF \ - void (HASH_END_METHOD)(PANY_HASH_STATE state, BYTE *buffer) -#define HASH_END(hashState, buffer) \ - ((hashState)->def->method.end)(&(hashState)->state, buffer) - -// Copy the hash context -// Note: For import, export, and copy, memcpy() is used since there is no -// reformatting necessary between the internal and external forms. -#define HASH_STATE_COPY_METHOD_DEF \ - void (HASH_STATE_COPY_METHOD)(PANY_HASH_STATE to, \ - PCANY_HASH_STATE from, \ - size_t size) -#define HASH_STATE_COPY(hashStateOut, hashStateIn) \ - ((hashStateIn)->def->method.copy)(&(hashStateOut)->state, \ - &(hashStateIn)->state, \ - (hashStateIn)->def->contextSize) - -// Copy (with reformatting when necessary) an internal hash structure to an -// external blob -#define HASH_STATE_EXPORT_METHOD_DEF \ - void (HASH_STATE_EXPORT_METHOD)(BYTE *to, \ - PCANY_HASH_STATE from, \ - size_t size) -#define HASH_STATE_EXPORT(to, hashStateFrom) \ - ((hashStateFrom)->def->method.copyOut) \ - (&(((BYTE *)(to))[offsetof(HASH_STATE, state)]), \ - &(hashStateFrom)->state, \ - (hashStateFrom)->def->contextSize) - -// Copy from an external blob to an internal formate (with reformatting when -// necessary -#define HASH_STATE_IMPORT_METHOD_DEF \ - void (HASH_STATE_IMPORT_METHOD)(PANY_HASH_STATE to, \ - const BYTE *from, \ - size_t size) -#define HASH_STATE_IMPORT(hashStateTo, from) \ - ((hashStateTo)->def->method.copyIn) \ - (&(hashStateTo)->state, \ - &(((const BYTE *)(from))[offsetof(HASH_STATE, state)]),\ - (hashStateTo)->def->contextSize) - - -// Function aliases. The code in CryptHash.c uses the internal designation for the -// functions. These need to be translated to the function names of the library. -// Internal External -// Designation Designation -#define tpmHashStart_SHA1 wc_InitSha // external name of the - // initialization method -#define tpmHashData_SHA1 wc_ShaUpdate -#define tpmHashEnd_SHA1 wc_ShaFinal -#define tpmHashStateCopy_SHA1 memcpy -#define tpmHashStateExport_SHA1 memcpy -#define tpmHashStateImport_SHA1 memcpy -#define tpmHashStart_SHA256 wc_InitSha256 -#define tpmHashData_SHA256 wc_Sha256Update -#define tpmHashEnd_SHA256 wc_Sha256Final -#define tpmHashStateCopy_SHA256 memcpy -#define tpmHashStateExport_SHA256 memcpy -#define tpmHashStateImport_SHA256 memcpy -#define tpmHashStart_SHA384 wc_InitSha384 -#define tpmHashData_SHA384 wc_Sha384Update -#define tpmHashEnd_SHA384 wc_Sha384Final -#define tpmHashStateCopy_SHA384 memcpy -#define tpmHashStateExport_SHA384 memcpy -#define tpmHashStateImport_SHA384 memcpy -#define tpmHashStart_SHA512 wc_InitSha512 -#define tpmHashData_SHA512 wc_Sha512Update -#define tpmHashEnd_SHA512 wc_Sha512Final -#define tpmHashStateCopy_SHA512 memcpy -#define tpmHashStateExport_SHA512 memcpy -#define tpmHashStateImport_SHA512 memcpy - -#endif // _CRYPT_HASH_C_ - -#define LibHashInit() -// This definition would change if there were something to report -#define HashLibSimulationEnd() - -#endif // HASH_LIB_DEFINED diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Wolf/TpmToWolfMath.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Wolf/TpmToWolfMath.h deleted file mode 100644 index 18b48b931..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Wolf/TpmToWolfMath.h +++ /dev/null @@ -1,91 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or other - * materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -//** Introduction -// This file contains the structure definitions used for ECC in the LibTomCrypt -// version of the code. These definitions would change, based on the library. -// The ECC-related structures that cross the TPM interface are defined -// in TpmTypes.h -// - -#ifndef MATH_LIB_DEFINED -#define MATH_LIB_DEFINED - -#define MATH_LIB_WOLF - -#if ALG_ECC -#define HAVE_ECC -#endif - -#include -#include - -#define MP_VAR(name) \ - mp_int _##name; \ - mp_int *name = MpInitialize(&_##name); - -// Allocate a mp_int and initialize with the values in a mp_int* initializer -#define MP_INITIALIZED(name, initializer) \ - MP_VAR(name); \ - BnToWolf(name, initializer); - -#define POINT_CREATE(name, initializer) \ - ecc_point *name = EcPointInitialized(initializer); - -#define POINT_DELETE(name) \ - wc_ecc_del_point(name); \ - name = NULL; - -typedef ECC_CURVE_DATA bnCurve_t; - -typedef bnCurve_t *bigCurve; - -#define AccessCurveData(E) (E) - -#define CURVE_INITIALIZED(name, initializer) \ - bnCurve_t *name = (ECC_CURVE_DATA *)GetCurveData(initializer) - -#define CURVE_FREE(E) - -#include "TpmToWolfSupport_fp.h" - -#define WOLF_ENTER() - -#define WOLF_LEAVE() - -// This definition would change if there were something to report -#define MathLibSimulationEnd() - -#endif // MATH_LIB_DEFINED diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Wolf/TpmToWolfSym.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Wolf/TpmToWolfSym.h deleted file mode 100644 index 54e01e3ed..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Wolf/TpmToWolfSym.h +++ /dev/null @@ -1,115 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or other - * materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -//** Introduction -// -// This header file is used to 'splice' the wolfcrypt library into the TPM code. - -#ifndef SYM_LIB_DEFINED -#define SYM_LIB_DEFINED - -#define SYM_LIB_WOLF - -#include -#include - -//*************************************************************** -//** Links to the wolfCrypt AES code -//*************************************************************** - -#if ALG_SM4 -#error "SM4 is not available" -#endif - -#if ALG_CAMELLIA -#error "Camellia is not available" -#endif - -// Define the order of parameters to the library functions that do block encryption -// and decryption. -typedef void(*TpmCryptSetSymKeyCall_t)( - void *keySchedule, - BYTE *out, - const BYTE *in - ); - -// The Crypt functions that call the block encryption function use the parameters -// in the order: -// 1) keySchedule -// 2) in buffer -// 3) out buffer -// Since wolfcrypt uses the order in encryptoCall_t above, need to swizzle the -// values to the order required by the library. -#define SWIZZLE(keySchedule, in, out) \ - (void *)(keySchedule), (BYTE *)(out), (const BYTE *)(in) - -// Macros to set up the encryption/decryption key schedules -// -// AES: -#define TpmCryptSetEncryptKeyAES(key, keySizeInBits, schedule) \ - wc_AesSetKeyDirect((tpmKeyScheduleAES *)(schedule), key, BITS_TO_BYTES(keySizeInBits), 0, AES_ENCRYPTION) -#define TpmCryptSetDecryptKeyAES(key, keySizeInBits, schedule) \ - wc_AesSetKeyDirect((tpmKeyScheduleAES *)(schedule), key, BITS_TO_BYTES(keySizeInBits), 0, AES_DECRYPTION) - -// TDES: -#define TpmCryptSetEncryptKeyTDES(key, keySizeInBits, schedule) \ - TDES_setup_encrypt_key((key), (keySizeInBits), (tpmKeyScheduleTDES *)(schedule)) -#define TpmCryptSetDecryptKeyTDES(key, keySizeInBits, schedule) \ - TDES_setup_decrypt_key((key), (keySizeInBits), (tpmKeyScheduleTDES *)(schedule)) - -// Macros to alias encryption calls to specific algorithms. This should be used -// sparingly. Currently, only used by CryptRand.c -// -// When using these calls, to call the AES block encryption code, the caller -// should use: -// TpmCryptEncryptAES(SWIZZLE(keySchedule, in, out)); -#define TpmCryptEncryptAES wc_AesEncryptDirect -#define TpmCryptDecryptAES wc_AesDecryptDirect -#define tpmKeyScheduleAES Aes - -#define TpmCryptEncryptTDES TDES_encrypt -#define TpmCryptDecryptTDES TDES_decrypt -#define tpmKeyScheduleTDES Des3 - -typedef union tpmCryptKeySchedule_t tpmCryptKeySchedule_t; - -#if ALG_TDES -#include "TpmToWolfDesSupport_fp.h" -#endif - -// This definition would change if there were something to report -#define SymLibSimulationEnd() - -#endif // SYM_LIB_DEFINED diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Wolf/user_settings.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Wolf/user_settings.h deleted file mode 100644 index 168fcb38c..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Wolf/user_settings.h +++ /dev/null @@ -1,106 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or other - * materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - - -/* TPM specific preprocessor flags for wolfcrypt */ - - -#ifndef WOLF_CRYPT_USER_SETTINGS_H -#define WOLF_CRYPT_USER_SETTINGS_H - -/* Remove the automatic setting of the default I/O functions EmbedSend() - and EmbedReceive(). */ -#define WOLFSSL_USER_IO - -/* Avoid naming conflicts */ -#define NO_OLD_WC_NAMES - -/* Use stack based fast math for all big integer math */ -#define USE_FAST_MATH -#define TFM_TIMING_RESISTANT - -/* Expose direct encryption functions */ -#define WOLFSSL_AES_DIRECT - -/* Enable/Disable algorithm support based on TPM implementation header */ -#if ALG_SHA256 - #define WOLFSSL_SHA256 -#endif -#if ALG_SHA384 || ALG_SHA512 - #define WOLFSSL_SHA384 - #define WOLFSSL_SHA512 -#endif -#if ALG_TDES - #define WOLFSSL_DES_ECB -#endif -#if ALG_RSA - /* Turn on RSA key generation functionality */ - #define WOLFSSL_KEY_GEN -#endif -#if ALG_ECC || defined(WOLFSSL_LIB) - #define HAVE_ECC - - /* Expose additional ECC primitives */ - #define WOLFSSL_PUBLIC_ECC_ADD_DBL - #define ECC_TIMING_RESISTANT - - /* Enables Shamir calc method */ - #define ECC_SHAMIR - - /* The TPM only needs low level ECC crypto */ - #define NO_ECC_SIGN - #define NO_ECC_VERIFY - #define NO_ECC_SECP - - #undef ECC_BN_P256 - #undef ECC_SM2_P256 - #undef ECC_BN_P638 - #define ECC_BN_P256 NO - #define ECC_SM2_P256 NO - #define ECC_BN_P638 NO - -#endif - -/* Disable explicit RSA. The TPM support for RSA is dependent only on TFM */ -#define NO_RSA -#define NO_RC4 -#define NO_ASN - -/* Enable debug wolf library check */ -//#define LIBRARY_COMPATIBILITY_CHECK - -#define WOLFSSL_ - -#endif // WOLF_CRYPT_USER_SETTINGS_H diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/X509.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/X509.h deleted file mode 100644 index ef3332c2d..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/X509.h +++ /dev/null @@ -1,134 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Introduction -// This file contains the macro and structure definitions for the X509 commands and -// functions. - -#ifndef _X509_H_ -#define _X509_H_ - -//** Includes - -#include "Tpm.h" -#include "TpmASN1.h" - -//** Defined Constants - -//*** X509 Application-specific types -#define X509_SELECTION 0xA0 -#define X509_ISSUER_UNIQUE_ID 0xA1 -#define X509_SUBJECT_UNIQUE_ID 0xA2 -#define X509_EXTENSIONS 0xA3 - -// These defines give the order in which values appear in the TBScertificate -// of an x.509 certificate. These values are used to index into an array of -// -#define ENCODED_SIZE_REF 0 -#define VERSION_REF (ENCODED_SIZE_REF + 1) -#define SERIAL_NUMBER_REF (VERSION_REF + 1) -#define SIGNATURE_REF (SERIAL_NUMBER_REF + 1) -#define ISSUER_REF (SIGNATURE_REF + 1) -#define VALIDITY_REF (ISSUER_REF + 1) -#define SUBJECT_KEY_REF (VALIDITY_REF + 1) -#define SUBJECT_PUBLIC_KEY_REF (SUBJECT_KEY_REF + 1) -#define EXTENSIONS_REF (SUBJECT_PUBLIC_KEY_REF + 1) -#define REF_COUNT (EXTENSIONS_REF + 1) - -#undef MAKE_OID -#ifdef _X509_SPT_ -# define MAKE_OID(NAME) \ - const BYTE OID##NAME[] = {OID##NAME##_VALUE} -#else -# define MAKE_OID(NAME) \ - extern const BYTE OID##NAME[] -#endif - - -//** Structures - - -// Used to access the fields of a TBSsignature some of which are in the in_CertifyX509 -// structure and some of which are in the out_CertifyX509 structure. -typedef struct stringRef -{ - BYTE *buf; - INT16 len; -} stringRef; - - -typedef union x509KeyUsageUnion { - TPMA_X509_KEY_USAGE x509; - UINT32 integer; -} x509KeyUsageUnion; - - -//** Global X509 Constants -// These values are instanced by X509_spt.c and referenced by other X509-related -// files. - - -// This is the DER-encoded value for the Key Usage OID (2.5.29.15). This is the -// full OID, not just the numeric value -#define OID_KEY_USAGE_EXTENSTION_VALUE 0x06, 0x03, 0x55, 0x1D, 0x0F -MAKE_OID(_KEY_USAGE_EXTENSTION); - -// This is the DER-encoded value for the TCG-defined TPMA_OBJECT OID -// (2.23.133.10.1.1.1) -#define OID_TCG_TPMA_OBJECT_VALUE 0x06, 0x07, 0x67, 0x81, 0x05, 0x0a, 0x01, \ - 0x01, 0x01 -MAKE_OID(_TCG_TPMA_OBJECT); - -#ifdef _X509_SPT_ -const x509KeyUsageUnion keyUsageSign = { TPMA_X509_KEY_USAGE_INITIALIZER( - /* digitalsignature */ 1, /* nonrepudiation */ 0, - /* keyencipherment */ 0, /* dataencipherment */ 0, - /* keyagreement */ 0, /* keycertsign */ 1, - /* crlsign */ 1, /* encipheronly */ 0, - /* decipheronly */ 0, /* bits_at_9 */ 0) }; - -const x509KeyUsageUnion keyUsageDecrypt = { TPMA_X509_KEY_USAGE_INITIALIZER( - /* digitalsignature */ 0, /* nonrepudiation */ 0, - /* keyencipherment */ 1, /* dataencipherment */ 1, - /* keyagreement */ 1, /* keycertsign */ 0, - /* crlsign */ 0, /* encipheronly */ 1, - /* decipheronly */ 1, /* bits_at_9 */ 0) }; -#else -extern x509KeyUsageUnion keyUsageSign; -extern x509KeyUsageUnion keyUsageDecrypt; -#endif - -#undef MAKE_OID - -#endif // _X509_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/AC_GetCapability_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/AC_GetCapability_fp.h deleted file mode 100644 index c5998a7df..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/AC_GetCapability_fp.h +++ /dev/null @@ -1,71 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_AC_GetCapability // Command must be enabled - -#ifndef _AC_Get_Capability_FP_H_ -#define _AC_Get_Capability_FP_H_ - -// Input structure definition -typedef struct { - TPMI_RH_AC ac; - TPM_AT capability; - UINT32 count; -} AC_GetCapability_In; - -// Output structure definition -typedef struct { - TPMI_YES_NO moreData; - TPML_AC_CAPABILITIES capabilitiesData; -} AC_GetCapability_Out; - -// Response code modifiers -#define RC_AC_GetCapability_ac (TPM_RC_H + TPM_RC_1) -#define RC_AC_GetCapability_capability (TPM_RC_P + TPM_RC_1) -#define RC_AC_GetCapability_count (TPM_RC_P + TPM_RC_2) - -// Function prototype -TPM_RC -TPM2_AC_GetCapability( - AC_GetCapability_In *in, - AC_GetCapability_Out *out -); - -#endif // _AC_Get_Capability_FP_H_ -#endif // CC_AC_GetCapability diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/AC_Send_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/AC_Send_fp.h deleted file mode 100644 index 9b7d71caf..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/AC_Send_fp.h +++ /dev/null @@ -1,72 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_AC_Send // Command must be enabled - -#ifndef _AC_Send_FP_H_ -#define _AC_Send_FP_H_ - -// Input structure definition -typedef struct { - TPMI_DH_OBJECT sendObject; - TPMI_RH_NV_AUTH authHandle; - TPMI_RH_AC ac; - TPM2B_MAX_BUFFER acDataIn; -} AC_Send_In; - -// Output structure definition -typedef struct { - TPMS_AC_OUTPUT acDataOut; -} AC_Send_Out; - -// Response code modifiers -#define RC_AC_Send_sendObject (TPM_RC_H + TPM_RC_1) -#define RC_AC_Send_authHandle (TPM_RC_H + TPM_RC_2) -#define RC_AC_Send_ac (TPM_RC_H + TPM_RC_3) -#define RC_AC_Send_acDataIn (TPM_RC_P + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_AC_Send( - AC_Send_In *in, - AC_Send_Out *out -); - -#endif // _AC_Send_FP_H_ -#endif // CC_AC_Send diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/AC_spt_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/AC_spt_fp.h deleted file mode 100644 index 280eb8edd..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/AC_spt_fp.h +++ /dev/null @@ -1,80 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Mar 28, 2019 Time: 08:25:18PM - */ - -#ifndef _AC_SPT_FP_H_ -#define _AC_SPT_FP_H_ - -//*** AcToCapabilities() -// This function returns a pointer to a list of AC capabilities. -TPML_AC_CAPABILITIES * -AcToCapabilities( - TPMI_RH_AC component // IN: component -); - -//*** AcIsAccessible() -// Function to determine if an AC handle references an actual AC -// Return Type: BOOL -BOOL -AcIsAccessible( - TPM_HANDLE acHandle -); - -//*** AcCapabilitiesGet() -// This function returns a list of capabilities associated with an AC -// Return Type: TPMI_YES_NO -// YES if there are more handles available -// NO all the available handles has been returned -TPMI_YES_NO -AcCapabilitiesGet( - TPMI_RH_AC component, // IN: the component - TPM_AT type, // IN: start capability type - TPML_AC_CAPABILITIES *capabilityList // OUT: list of handle -); - -//*** AcSendObject() -// Stub to handle sending of an AC object -// Return Type: TPM_RC -TPM_RC -AcSendObject( - TPM_HANDLE acHandle, // IN: Handle of AC receiving object - OBJECT *object, // IN: object structure to send - TPMS_AC_OUTPUT *acDataOut // OUT: results of operation -); - -#endif // _AC_SPT_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ActivateCredential_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ActivateCredential_fp.h deleted file mode 100644 index 0779c7205..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ActivateCredential_fp.h +++ /dev/null @@ -1,72 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_ActivateCredential // Command must be enabled - -#ifndef _Activate_Credential_FP_H_ -#define _Activate_Credential_FP_H_ - -// Input structure definition -typedef struct { - TPMI_DH_OBJECT activateHandle; - TPMI_DH_OBJECT keyHandle; - TPM2B_ID_OBJECT credentialBlob; - TPM2B_ENCRYPTED_SECRET secret; -} ActivateCredential_In; - -// Output structure definition -typedef struct { - TPM2B_DIGEST certInfo; -} ActivateCredential_Out; - -// Response code modifiers -#define RC_ActivateCredential_activateHandle (TPM_RC_H + TPM_RC_1) -#define RC_ActivateCredential_keyHandle (TPM_RC_H + TPM_RC_2) -#define RC_ActivateCredential_credentialBlob (TPM_RC_P + TPM_RC_1) -#define RC_ActivateCredential_secret (TPM_RC_P + TPM_RC_2) - -// Function prototype -TPM_RC -TPM2_ActivateCredential( - ActivateCredential_In *in, - ActivateCredential_Out *out -); - -#endif // _Activate_Credential_FP_H_ -#endif // CC_ActivateCredential diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/AlgorithmCap_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/AlgorithmCap_fp.h deleted file mode 100644 index 32c99a1c6..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/AlgorithmCap_fp.h +++ /dev/null @@ -1,64 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Mar 28, 2019 Time: 08:25:19PM - */ - -#ifndef _ALGORITHM_CAP_FP_H_ -#define _ALGORITHM_CAP_FP_H_ - -//** AlgorithmCapGetImplemented() -// This function is used by TPM2_GetCapability() to return a list of the -// implemented algorithms. -// Return Type: TPMI_YES_NO -// YES more algorithms to report -// NO no more algorithms to report -TPMI_YES_NO -AlgorithmCapGetImplemented( - TPM_ALG_ID algID, // IN: the starting algorithm ID - UINT32 count, // IN: count of returned algorithms - TPML_ALG_PROPERTY *algList // OUT: algorithm list -); - -//** AlgorithmGetImplementedVector() -// This function returns the bit vector of the implemented algorithms. -LIB_EXPORT -void -AlgorithmGetImplementedVector( - ALGORITHM_VECTOR *implemented // OUT: the implemented bits are SET -); - -#endif // _ALGORITHM_CAP_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/AlgorithmTests_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/AlgorithmTests_fp.h deleted file mode 100644 index fbe539d6f..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/AlgorithmTests_fp.h +++ /dev/null @@ -1,72 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Mar 28, 2019 Time: 08:25:18PM - */ - -#ifndef _ALGORITHM_TESTS_FP_H_ -#define _ALGORITHM_TESTS_FP_H_ - -#if SELF_TEST - -//*** TestAlgorithm() -// Dispatches to the correct test function for the algorithm or gets a list of -// testable algorithms. -// -// If 'toTest' is not NULL, then the test decisions are based on the algorithm -// selections in 'toTest'. Otherwise, 'g_toTest' is used. When bits are clear in -// 'g_toTest' they will also be cleared 'toTest'. -// -// If there doesn't happen to be a test for the algorithm, its associated bit is -// quietly cleared. -// -// If 'alg' is zero (TPM_ALG_ERROR), then the toTest vector is cleared of any bits -// for which there is no test (i.e. no tests are actually run but the vector is -// cleared). -// -// Note: 'toTest' will only ever have bits set for implemented algorithms but 'alg' -// can be anything. -// Return Type: TPM_RC -// TPM_RC_CANCELED test was canceled -LIB_EXPORT -TPM_RC -TestAlgorithm( - TPM_ALG_ID alg, - ALGORITHM_VECTOR *toTest -); -#endif // SELF_TESTS - -#endif // _ALGORITHM_TESTS_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Attest_spt_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Attest_spt_fp.h deleted file mode 100644 index dbf634480..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Attest_spt_fp.h +++ /dev/null @@ -1,88 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Mar 28, 2019 Time: 08:25:18PM - */ - -#ifndef _ATTEST_SPT_FP_H_ -#define _ATTEST_SPT_FP_H_ - -//***FillInAttestInfo() -// Fill in common fields of TPMS_ATTEST structure. -void -FillInAttestInfo( - TPMI_DH_OBJECT signHandle, // IN: handle of signing object - TPMT_SIG_SCHEME *scheme, // IN/OUT: scheme to be used for signing - TPM2B_DATA *data, // IN: qualifying data - TPMS_ATTEST *attest // OUT: attest structure -); - -//***SignAttestInfo() -// Sign a TPMS_ATTEST structure. If signHandle is TPM_RH_NULL, a null signature -// is returned. -// -// Return Type: TPM_RC -// TPM_RC_ATTRIBUTES 'signHandle' references not a signing key -// TPM_RC_SCHEME 'scheme' is not compatible with 'signHandle' type -// TPM_RC_VALUE digest generated for the given 'scheme' is greater than -// the modulus of 'signHandle' (for an RSA key); -// invalid commit status or failed to generate "r" value -// (for an ECC key) -TPM_RC -SignAttestInfo( - OBJECT *signKey, // IN: sign object - TPMT_SIG_SCHEME *scheme, // IN: sign scheme - TPMS_ATTEST *certifyInfo, // IN: the data to be signed - TPM2B_DATA *qualifyingData, // IN: extra data for the signing - // process - TPM2B_ATTEST *attest, // OUT: marshaled attest blob to be - // signed - TPMT_SIGNATURE *signature // OUT: signature -); - -//*** IsSigningObject() -// Checks to see if the object is OK for signing. This is here rather than in -// Object_spt.c because all the attestation commands use this file but not -// Object_spt.c. -// Return Type: BOOL -// TRUE(1) object may sign -// FALSE(0) object may not sign -BOOL -IsSigningObject( - OBJECT *object // IN: -); - -#endif // _ATTEST_SPT_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Bits_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Bits_fp.h deleted file mode 100644 index 5baaa5d9e..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Bits_fp.h +++ /dev/null @@ -1,73 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Mar 28, 2019 Time: 08:25:19PM - */ - -#ifndef _BITS_FP_H_ -#define _BITS_FP_H_ - -//*** TestBit() -// This function is used to check the setting of a bit in an array of bits. -// Return Type: BOOL -// TRUE(1) bit is set -// FALSE(0) bit is not set -BOOL -TestBit( - unsigned int bitNum, // IN: number of the bit in 'bArray' - BYTE *bArray, // IN: array containing the bits - unsigned int bytesInArray // IN: size in bytes of 'bArray' -); - -//*** SetBit() -// This function will set the indicated bit in 'bArray'. -void -SetBit( - unsigned int bitNum, // IN: number of the bit in 'bArray' - BYTE *bArray, // IN: array containing the bits - unsigned int bytesInArray // IN: size in bytes of 'bArray' -); - -//*** ClearBit() -// This function will clear the indicated bit in 'bArray'. -void -ClearBit( - unsigned int bitNum, // IN: number of the bit in 'bArray'. - BYTE *bArray, // IN: array containing the bits - unsigned int bytesInArray // IN: size in bytes of 'bArray' -); - -#endif // _BITS_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/BnConvert_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/BnConvert_fp.h deleted file mode 100644 index 35733f48d..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/BnConvert_fp.h +++ /dev/null @@ -1,130 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Mar 28, 2019 Time: 08:25:18PM - */ - -#ifndef _BN_CONVERT_FP_H_ -#define _BN_CONVERT_FP_H_ - -//*** BnFromBytes() -// This function will convert a big-endian byte array to the internal number -// format. If bn is NULL, then the output is NULL. If bytes is null or the -// required size is 0, then the output is set to zero -LIB_EXPORT bigNum -BnFromBytes( - bigNum bn, - const BYTE *bytes, - NUMBYTES nBytes -); - -//*** BnFrom2B() -// Convert an TPM2B to a BIG_NUM. -// If the input value does not exist, or the output does not exist, or the input -// will not fit into the output the function returns NULL -LIB_EXPORT bigNum -BnFrom2B( - bigNum bn, // OUT: - const TPM2B *a2B // IN: number to convert -); - -//*** BnFromHex() -// Convert a hex string into a bigNum. This is primarily used in debugging. -LIB_EXPORT bigNum -BnFromHex( - bigNum bn, // OUT: - const char *hex // IN: -); - -//*** BnToBytes() -// This function converts a BIG_NUM to a byte array. It converts the bigNum to a -// big-endian byte string and sets 'size' to the normalized value. If 'size' is an -// input 0, then the receiving buffer is guaranteed to be large enough for the result -// and the size will be set to the size required for bigNum (leading zeros -// suppressed). -// -// The conversion for a little-endian machine simply requires that all significant -// bytes of the bigNum be reversed. For a big-endian machine, rather than -// unpack each word individually, the bigNum is converted to little-endian words, -// copied, and then converted back to big-endian. -LIB_EXPORT BOOL -BnToBytes( - bigConst bn, - BYTE *buffer, - NUMBYTES *size // This the number of bytes that are - // available in the buffer. The result - // should be this big. -); - -//*** BnTo2B() -// Function to convert a BIG_NUM to TPM2B. -// The TPM2B size is set to the requested 'size' which may require padding. -// If 'size' is non-zero and less than required by the value in 'bn' then an error -// is returned. If 'size' is zero, then the TPM2B is assumed to be large enough -// for the data and a2b->size will be adjusted accordingly. -LIB_EXPORT BOOL -BnTo2B( - bigConst bn, // IN: - TPM2B *a2B, // OUT: - NUMBYTES size // IN: the desired size -); -#if ALG_ECC - -//*** BnPointFrom2B() -// Function to create a BIG_POINT structure from a 2B point. -// A point is going to be two ECC values in the same buffer. The values are going -// to be the size of the modulus. They are in modular form. -LIB_EXPORT bn_point_t * -BnPointFrom2B( - bigPoint ecP, // OUT: the preallocated point structure - TPMS_ECC_POINT *p // IN: the number to convert -); - -//*** BnPointTo2B() -// This function converts a BIG_POINT into a TPMS_ECC_POINT. A TPMS_ECC_POINT -// contains two TPM2B_ECC_PARAMETER values. The maximum size of the parameters -// is dependent on the maximum EC key size used in an implementation. -// The presumption is that the TPMS_ECC_POINT is large enough to hold 2 TPM2B -// values, each as large as a MAX_ECC_PARAMETER_BYTES -LIB_EXPORT BOOL -BnPointTo2B( - TPMS_ECC_POINT *p, // OUT: the converted 2B structure - bigPoint ecP, // IN: the values to be converted - bigCurve E // IN: curve descriptor for the point -); -#endif // ALG_ECC - -#endif // _BN_CONVERT_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/BnMath_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/BnMath_fp.h deleted file mode 100644 index 0b9107caa..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/BnMath_fp.h +++ /dev/null @@ -1,238 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Mar 28, 2019 Time: 08:25:18PM - */ - -#ifndef _BN_MATH_FP_H_ -#define _BN_MATH_FP_H_ - -//*** BnAdd() -// This function adds two bigNum values. This function always returns TRUE. -LIB_EXPORT BOOL -BnAdd( - bigNum result, - bigConst op1, - bigConst op2 -); - -//*** BnAddWord() -// This function adds a word value to a bigNum. This function always returns TRUE. -LIB_EXPORT BOOL -BnAddWord( - bigNum result, - bigConst op, - crypt_uword_t word -); - -//*** BnSub() -// This function does subtraction of two bigNum values and returns result = op1 - op2 -// when op1 is greater than op2. If op2 is greater than op1, then a fault is -// generated. This function always returns TRUE. -LIB_EXPORT BOOL -BnSub( - bigNum result, - bigConst op1, - bigConst op2 -); - -//*** BnSubWord() -// This function subtracts a word value from a bigNum. This function always -// returns TRUE. -LIB_EXPORT BOOL -BnSubWord( - bigNum result, - bigConst op, - crypt_uword_t word -); - -//*** BnUnsignedCmp() -// This function performs a comparison of op1 to op2. The compare is approximately -// constant time if the size of the values used in the compare is consistent -// across calls (from the same line in the calling code). -// Return Type: int -// < 0 op1 is less than op2 -// 0 op1 is equal to op2 -// > 0 op1 is greater than op2 -LIB_EXPORT int -BnUnsignedCmp( - bigConst op1, - bigConst op2 -); - -//*** BnUnsignedCmpWord() -// Compare a bigNum to a crypt_uword_t. -// Return Type: int -// -1 op1 is less that word -// 0 op1 is equal to word -// 1 op1 is greater than word -LIB_EXPORT int -BnUnsignedCmpWord( - bigConst op1, - crypt_uword_t word -); - -//*** BnModWord() -// This function does modular division of a big number when the modulus is a -// word value. -LIB_EXPORT crypt_word_t -BnModWord( - bigConst numerator, - crypt_word_t modulus -); - -//*** Msb() -// This function returns the bit number of the most significant bit of a -// crypt_uword_t. The number for the least significant bit of any bigNum value is 0. -// The maximum return value is RADIX_BITS - 1, -// Return Type: int -// -1 the word was zero -// n the bit number of the most significant bit in the word -LIB_EXPORT int -Msb( - crypt_uword_t word -); - -//*** BnMsb() -// This function returns the number of the MSb of a bigNum value. -// Return Type: int -// -1 the word was zero or 'bn' was NULL -// n the bit number of the most significant bit in the word -LIB_EXPORT int -BnMsb( - bigConst bn -); - -//*** BnSizeInBits() -// This function returns the number of bits required to hold a number. It is one -// greater than the Msb. -// -LIB_EXPORT unsigned -BnSizeInBits( - bigConst n -); - -//*** BnSetWord() -// Change the value of a bignum_t to a word value. -LIB_EXPORT bigNum -BnSetWord( - bigNum n, - crypt_uword_t w -); - -//*** BnSetBit() -// This function will SET a bit in a bigNum. Bit 0 is the least-significant bit in -// the 0th digit_t. The function always return TRUE -LIB_EXPORT BOOL -BnSetBit( - bigNum bn, // IN/OUT: big number to modify - unsigned int bitNum // IN: Bit number to SET -); - -//*** BnTestBit() -// This function is used to check to see if a bit is SET in a bignum_t. The 0th bit -// is the LSb of d[0]. -// Return Type: BOOL -// TRUE(1) the bit is set -// FALSE(0) the bit is not set or the number is out of range -LIB_EXPORT BOOL -BnTestBit( - bigNum bn, // IN: number to check - unsigned int bitNum // IN: bit to test -); - -//***BnMaskBits() -// This function is used to mask off high order bits of a big number. -// The returned value will have no more than 'maskBit' bits -// set. -// Note: There is a requirement that unused words of a bignum_t are set to zero. -// Return Type: BOOL -// TRUE(1) result masked -// FALSE(0) the input was not as large as the mask -LIB_EXPORT BOOL -BnMaskBits( - bigNum bn, // IN/OUT: number to mask - crypt_uword_t maskBit // IN: the bit number for the mask. -); - -//*** BnShiftRight() -// This function will shift a bigNum to the right by the shiftAmount. -// This function always returns TRUE. -LIB_EXPORT BOOL -BnShiftRight( - bigNum result, - bigConst toShift, - uint32_t shiftAmount -); - -//*** BnGetRandomBits() -// This function gets random bits for use in various places. To make sure that the -// number is generated in a portable format, it is created as a TPM2B and then -// converted to the internal format. -// -// One consequence of the generation scheme is that, if the number of bits requested -// is not a multiple of 8, then the high-order bits are set to zero. This would come -// into play when generating a 521-bit ECC key. A 66-byte (528-bit) value is -// generated an the high order 7 bits are masked off (CLEAR). -// Return Type: BOOL -// TRUE(1) success -// FALSE(0) failure -LIB_EXPORT BOOL -BnGetRandomBits( - bigNum n, - size_t bits, - RAND_STATE *rand -); - -//*** BnGenerateRandomInRange() -// This function is used to generate a random number r in the range 1 <= r < limit. -// The function gets a random number of bits that is the size of limit. There is some -// some probability that the returned number is going to be greater than or equal -// to the limit. If it is, try again. There is no more than 50% chance that the -// next number is also greater, so try again. We keep trying until we get a -// value that meets the criteria. Since limit is very often a number with a LOT of -// high order ones, this rarely would need a second try. -// Return Type: BOOL -// TRUE(1) success -// FALSE(0) failure ('limit' is too small) -LIB_EXPORT BOOL -BnGenerateRandomInRange( - bigNum dest, - bigConst limit, - RAND_STATE *rand -); - -#endif // _BN_MATH_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/BnMemory_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/BnMemory_fp.h deleted file mode 100644 index 68abe86c3..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/BnMemory_fp.h +++ /dev/null @@ -1,110 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Mar 28, 2019 Time: 08:25:18PM - */ - -#ifndef _BN_MEMORY_FP_H_ -#define _BN_MEMORY_FP_H_ - -//*** BnSetTop() -// This function is used when the size of a bignum_t is changed. It -// makes sure that the unused words are set to zero and that any significant -// words of zeros are eliminated from the used size indicator. -LIB_EXPORT bigNum -BnSetTop( - bigNum bn, // IN/OUT: number to clean - crypt_uword_t top // IN: the new top -); - -//*** BnClearTop() -// This function will make sure that all unused words are zero. -LIB_EXPORT bigNum -BnClearTop( - bigNum bn -); - -//*** BnInitializeWord() -// This function is used to initialize an allocated bigNum with a word value. The -// bigNum does not have to be allocated with a single word. -LIB_EXPORT bigNum -BnInitializeWord( - bigNum bn, // IN: - crypt_uword_t allocated, // IN: - crypt_uword_t word // IN: -); - -//*** BnInit() -// This function initializes a stack allocated bignum_t. It initializes -// 'allocated' and 'size' and zeros the words of 'd'. -LIB_EXPORT bigNum -BnInit( - bigNum bn, - crypt_uword_t allocated -); - -//*** BnCopy() -// Function to copy a bignum_t. If the output is NULL, then -// nothing happens. If the input is NULL, the output is set -// to zero. -LIB_EXPORT BOOL -BnCopy( - bigNum out, - bigConst in -); -#if ALG_ECC - -//*** BnPointCopy() -// Function to copy a bn point. -LIB_EXPORT BOOL -BnPointCopy( - bigPoint pOut, - pointConst pIn -); - -//*** BnInitializePoint() -// This function is used to initialize a point structure with the addresses -// of the coordinates. -LIB_EXPORT bn_point_t * -BnInitializePoint( - bigPoint p, // OUT: structure to receive pointers - bigNum x, // IN: x coordinate - bigNum y, // IN: y coordinate - bigNum z // IN: x coordinate -); -#endif // ALG_ECC - -#endif // _BN_MEMORY_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CertifyCreation_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CertifyCreation_fp.h deleted file mode 100644 index d40105c94..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CertifyCreation_fp.h +++ /dev/null @@ -1,77 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_CertifyCreation // Command must be enabled - -#ifndef _Certify_Creation_FP_H_ -#define _Certify_Creation_FP_H_ - -// Input structure definition -typedef struct { - TPMI_DH_OBJECT signHandle; - TPMI_DH_OBJECT objectHandle; - TPM2B_DATA qualifyingData; - TPM2B_DIGEST creationHash; - TPMT_SIG_SCHEME inScheme; - TPMT_TK_CREATION creationTicket; -} CertifyCreation_In; - -// Output structure definition -typedef struct { - TPM2B_ATTEST certifyInfo; - TPMT_SIGNATURE signature; -} CertifyCreation_Out; - -// Response code modifiers -#define RC_CertifyCreation_signHandle (TPM_RC_H + TPM_RC_1) -#define RC_CertifyCreation_objectHandle (TPM_RC_H + TPM_RC_2) -#define RC_CertifyCreation_qualifyingData (TPM_RC_P + TPM_RC_1) -#define RC_CertifyCreation_creationHash (TPM_RC_P + TPM_RC_2) -#define RC_CertifyCreation_inScheme (TPM_RC_P + TPM_RC_3) -#define RC_CertifyCreation_creationTicket (TPM_RC_P + TPM_RC_4) - -// Function prototype -TPM_RC -TPM2_CertifyCreation( - CertifyCreation_In *in, - CertifyCreation_Out *out -); - -#endif // _Certify_Creation_FP_H_ -#endif // CC_CertifyCreation diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CertifyX509_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CertifyX509_fp.h deleted file mode 100644 index 53aed310e..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CertifyX509_fp.h +++ /dev/null @@ -1,76 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Apr 2, 2019 Time: 11:00:48AM - */ - -#if CC_CertifyX509 // Command must be enabled - -#ifndef _Certify_X509_FP_H_ -#define _Certify_X509_FP_H_ - -// Input structure definition -typedef struct { - TPMI_DH_OBJECT objectHandle; - TPMI_DH_OBJECT signHandle; - TPM2B_DATA qualifyingData; - TPMT_SIG_SCHEME inScheme; - TPM2B_MAX_BUFFER partialCertificate; -} CertifyX509_In; - -// Output structure definition -typedef struct { - TPM2B_MAX_BUFFER addedToCertificate; - TPM2B_DIGEST tbsDigest; - TPMT_SIGNATURE signature; -} CertifyX509_Out; - -// Response code modifiers -#define RC_CertifyX509_objectHandle (TPM_RC_H + TPM_RC_1) -#define RC_CertifyX509_signHandle (TPM_RC_H + TPM_RC_2) -#define RC_CertifyX509_qualifyingData (TPM_RC_P + TPM_RC_1) -#define RC_CertifyX509_inScheme (TPM_RC_P + TPM_RC_2) -#define RC_CertifyX509_partialCertificate (TPM_RC_P + TPM_RC_3) - -// Function prototype -TPM_RC -TPM2_CertifyX509( - CertifyX509_In *in, - CertifyX509_Out *out -); - -#endif // _Certify_X509_FP_H_ -#endif // CC_CertifyX509 diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Certify_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Certify_fp.h deleted file mode 100644 index 64cdba21b..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Certify_fp.h +++ /dev/null @@ -1,73 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_Certify // Command must be enabled - -#ifndef _Certify_FP_H_ -#define _Certify_FP_H_ - -// Input structure definition -typedef struct { - TPMI_DH_OBJECT objectHandle; - TPMI_DH_OBJECT signHandle; - TPM2B_DATA qualifyingData; - TPMT_SIG_SCHEME inScheme; -} Certify_In; - -// Output structure definition -typedef struct { - TPM2B_ATTEST certifyInfo; - TPMT_SIGNATURE signature; -} Certify_Out; - -// Response code modifiers -#define RC_Certify_objectHandle (TPM_RC_H + TPM_RC_1) -#define RC_Certify_signHandle (TPM_RC_H + TPM_RC_2) -#define RC_Certify_qualifyingData (TPM_RC_P + TPM_RC_1) -#define RC_Certify_inScheme (TPM_RC_P + TPM_RC_2) - -// Function prototype -TPM_RC -TPM2_Certify( - Certify_In *in, - Certify_Out *out -); - -#endif // _Certify_FP_H_ -#endif // CC_Certify diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ChangeEPS_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ChangeEPS_fp.h deleted file mode 100644 index 60dfc174c..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ChangeEPS_fp.h +++ /dev/null @@ -1,60 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_ChangeEPS // Command must be enabled - -#ifndef _Change_EPS_FP_H_ -#define _Change_EPS_FP_H_ - -// Input structure definition -typedef struct { - TPMI_RH_PLATFORM authHandle; -} ChangeEPS_In; - -// Response code modifiers -#define RC_ChangeEPS_authHandle (TPM_RC_H + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_ChangeEPS( - ChangeEPS_In *in -); - -#endif // _Change_EPS_FP_H_ -#endif // CC_ChangeEPS diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ChangePPS_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ChangePPS_fp.h deleted file mode 100644 index e4e70180e..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ChangePPS_fp.h +++ /dev/null @@ -1,60 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_ChangePPS // Command must be enabled - -#ifndef _Change_PPS_FP_H_ -#define _Change_PPS_FP_H_ - -// Input structure definition -typedef struct { - TPMI_RH_PLATFORM authHandle; -} ChangePPS_In; - -// Response code modifiers -#define RC_ChangePPS_authHandle (TPM_RC_H + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_ChangePPS( - ChangePPS_In *in -); - -#endif // _Change_PPS_FP_H_ -#endif // CC_ChangePPS diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ClearControl_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ClearControl_fp.h deleted file mode 100644 index 5a10c680b..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ClearControl_fp.h +++ /dev/null @@ -1,62 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_ClearControl // Command must be enabled - -#ifndef _Clear_Control_FP_H_ -#define _Clear_Control_FP_H_ - -// Input structure definition -typedef struct { - TPMI_RH_CLEAR auth; - TPMI_YES_NO disable; -} ClearControl_In; - -// Response code modifiers -#define RC_ClearControl_auth (TPM_RC_H + TPM_RC_1) -#define RC_ClearControl_disable (TPM_RC_P + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_ClearControl( - ClearControl_In *in -); - -#endif // _Clear_Control_FP_H_ -#endif // CC_ClearControl diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Clear_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Clear_fp.h deleted file mode 100644 index cc9692126..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Clear_fp.h +++ /dev/null @@ -1,60 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_Clear // Command must be enabled - -#ifndef _Clear_FP_H_ -#define _Clear_FP_H_ - -// Input structure definition -typedef struct { - TPMI_RH_CLEAR authHandle; -} Clear_In; - -// Response code modifiers -#define RC_Clear_authHandle (TPM_RC_H + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_Clear( - Clear_In *in -); - -#endif // _Clear_FP_H_ -#endif // CC_Clear diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ClockRateAdjust_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ClockRateAdjust_fp.h deleted file mode 100644 index f8a6376e1..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ClockRateAdjust_fp.h +++ /dev/null @@ -1,62 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_ClockRateAdjust // Command must be enabled - -#ifndef _Clock_Rate_Adjust_FP_H_ -#define _Clock_Rate_Adjust_FP_H_ - -// Input structure definition -typedef struct { - TPMI_RH_PROVISION auth; - TPM_CLOCK_ADJUST rateAdjust; -} ClockRateAdjust_In; - -// Response code modifiers -#define RC_ClockRateAdjust_auth (TPM_RC_H + TPM_RC_1) -#define RC_ClockRateAdjust_rateAdjust (TPM_RC_P + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_ClockRateAdjust( - ClockRateAdjust_In *in -); - -#endif // _Clock_Rate_Adjust_FP_H_ -#endif // CC_ClockRateAdjust diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ClockSet_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ClockSet_fp.h deleted file mode 100644 index f2915a96d..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ClockSet_fp.h +++ /dev/null @@ -1,62 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_ClockSet // Command must be enabled - -#ifndef _Clock_Set_FP_H_ -#define _Clock_Set_FP_H_ - -// Input structure definition -typedef struct { - TPMI_RH_PROVISION auth; - UINT64 newTime; -} ClockSet_In; - -// Response code modifiers -#define RC_ClockSet_auth (TPM_RC_H + TPM_RC_1) -#define RC_ClockSet_newTime (TPM_RC_P + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_ClockSet( - ClockSet_In *in -); - -#endif // _Clock_Set_FP_H_ -#endif // CC_ClockSet diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CommandAudit_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CommandAudit_fp.h deleted file mode 100644 index a9bfa78a8..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CommandAudit_fp.h +++ /dev/null @@ -1,131 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Apr 2, 2019 Time: 04:23:27PM - */ - -#ifndef _COMMAND_AUDIT_FP_H_ -#define _COMMAND_AUDIT_FP_H_ - -//*** CommandAuditPreInstall_Init() -// This function initializes the command audit list. This function simulates -// the behavior of manufacturing. A function is used instead of a structure -// definition because this is easier than figuring out the initialization value -// for a bit array. -// -// This function would not be implemented outside of a manufacturing or -// simulation environment. -void -CommandAuditPreInstall_Init( - void -); - -//*** CommandAuditStartup() -// This function clears the command audit digest on a TPM Reset. -BOOL -CommandAuditStartup( - STARTUP_TYPE type // IN: start up type -); - -//*** CommandAuditSet() -// This function will SET the audit flag for a command. This function -// will not SET the audit flag for a command that is not implemented. This -// ensures that the audit status is not SET when TPM2_GetCapability() is -// used to read the list of audited commands. -// -// This function is only used by TPM2_SetCommandCodeAuditStatus(). -// -// The actions in TPM2_SetCommandCodeAuditStatus() are expected to cause the -// changes to be saved to NV after it is setting and clearing bits. -// Return Type: BOOL -// TRUE(1) command code audit status was changed -// FALSE(0) command code audit status was not changed -BOOL -CommandAuditSet( - TPM_CC commandCode // IN: command code -); - -//*** CommandAuditClear() -// This function will CLEAR the audit flag for a command. It will not CLEAR the -// audit flag for TPM_CC_SetCommandCodeAuditStatus(). -// -// This function is only used by TPM2_SetCommandCodeAuditStatus(). -// -// The actions in TPM2_SetCommandCodeAuditStatus() are expected to cause the -// changes to be saved to NV after it is setting and clearing bits. -// Return Type: BOOL -// TRUE(1) command code audit status was changed -// FALSE(0) command code audit status was not changed -BOOL -CommandAuditClear( - TPM_CC commandCode // IN: command code -); - -//*** CommandAuditIsRequired() -// This function indicates if the audit flag is SET for a command. -// Return Type: BOOL -// TRUE(1) command is audited -// FALSE(0) command is not audited -BOOL -CommandAuditIsRequired( - COMMAND_INDEX commandIndex // IN: command index -); - -//*** CommandAuditCapGetCCList() -// This function returns a list of commands that have their audit bit SET. -// -// The list starts at the input commandCode. -// Return Type: TPMI_YES_NO -// YES if there are more command code available -// NO all the available command code has been returned -TPMI_YES_NO -CommandAuditCapGetCCList( - TPM_CC commandCode, // IN: start command code - UINT32 count, // IN: count of returned TPM_CC - TPML_CC *commandList // OUT: list of TPM_CC -); - -//*** CommandAuditGetDigest -// This command is used to create a digest of the commands being audited. The -// commands are processed in ascending numeric order with a list of TPM_CC being -// added to a hash. This operates as if all the audited command codes were -// concatenated and then hashed. -void -CommandAuditGetDigest( - TPM2B_DIGEST *digest // OUT: command digest -); - -#endif // _COMMAND_AUDIT_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CommandCodeAttributes_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CommandCodeAttributes_fp.h deleted file mode 100644 index 0e40485a2..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CommandCodeAttributes_fp.h +++ /dev/null @@ -1,182 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Mar 28, 2019 Time: 08:25:19PM - */ - -#ifndef _COMMAND_CODE_ATTRIBUTES_FP_H_ -#define _COMMAND_CODE_ATTRIBUTES_FP_H_ - -//*** GetClosestCommandIndex() -// This function returns the command index for the command with a value that is -// equal to or greater than the input value -// Return Type: COMMAND_INDEX -// UNIMPLEMENTED_COMMAND_INDEX command is not implemented -// other index of a command -COMMAND_INDEX -GetClosestCommandIndex( - TPM_CC commandCode // IN: the command code to start at -); - -//*** CommandCodeToComandIndex() -// This function returns the index in the various attributes arrays of the -// command. -// Return Type: COMMAND_INDEX -// UNIMPLEMENTED_COMMAND_INDEX command is not implemented -// other index of the command -COMMAND_INDEX -CommandCodeToCommandIndex( - TPM_CC commandCode // IN: the command code to look up -); - -//*** GetNextCommandIndex() -// This function returns the index of the next implemented command. -// Return Type: COMMAND_INDEX -// UNIMPLEMENTED_COMMAND_INDEX no more implemented commands -// other the index of the next implemented command -COMMAND_INDEX -GetNextCommandIndex( - COMMAND_INDEX commandIndex // IN: the starting index -); - -//*** GetCommandCode() -// This function returns the commandCode associated with the command index -TPM_CC -GetCommandCode( - COMMAND_INDEX commandIndex // IN: the command index -); - -//*** CommandAuthRole() -// -// This function returns the authorization role required of a handle. -// -// Return Type: AUTH_ROLE -// AUTH_NONE no authorization is required -// AUTH_USER user role authorization is required -// AUTH_ADMIN admin role authorization is required -// AUTH_DUP duplication role authorization is required -AUTH_ROLE -CommandAuthRole( - COMMAND_INDEX commandIndex, // IN: command index - UINT32 handleIndex // IN: handle index (zero based) -); - -//*** EncryptSize() -// This function returns the size of the decrypt size field. This function returns -// 0 if encryption is not allowed -// Return Type: int -// 0 encryption not allowed -// 2 size field is two bytes -// 4 size field is four bytes -int -EncryptSize( - COMMAND_INDEX commandIndex // IN: command index -); - -//*** DecryptSize() -// This function returns the size of the decrypt size field. This function returns -// 0 if decryption is not allowed -// Return Type: int -// 0 encryption not allowed -// 2 size field is two bytes -// 4 size field is four bytes -int -DecryptSize( - COMMAND_INDEX commandIndex // IN: command index -); - -//*** IsSessionAllowed() -// -// This function indicates if the command is allowed to have sessions. -// -// This function must not be called if the command is not known to be implemented. -// -// Return Type: BOOL -// TRUE(1) session is allowed with this command -// FALSE(0) session is not allowed with this command -BOOL -IsSessionAllowed( - COMMAND_INDEX commandIndex // IN: the command to be checked -); - -//*** IsHandleInResponse() -// This function determines if a command has a handle in the response -BOOL -IsHandleInResponse( - COMMAND_INDEX commandIndex -); - -//*** IsWriteOperation() -// Checks to see if an operation will write to an NV Index and is subject to being -// blocked by read-lock -BOOL -IsWriteOperation( - COMMAND_INDEX commandIndex // IN: Command to check -); - -//*** IsReadOperation() -// Checks to see if an operation will write to an NV Index and is -// subject to being blocked by write-lock. -BOOL -IsReadOperation( - COMMAND_INDEX commandIndex // IN: Command to check -); - -//*** CommandCapGetCCList() -// This function returns a list of implemented commands and command attributes -// starting from the command in 'commandCode'. -// Return Type: TPMI_YES_NO -// YES more command attributes are available -// NO no more command attributes are available -TPMI_YES_NO -CommandCapGetCCList( - TPM_CC commandCode, // IN: start command code - UINT32 count, // IN: maximum count for number of entries in - // 'commandList' - TPML_CCA *commandList // OUT: list of TPMA_CC -); - -//*** IsVendorCommand() -// Function indicates if a command index references a vendor command. -// Return Type: BOOL -// TRUE(1) command is a vendor command -// FALSE(0) command is not a vendor command -BOOL -IsVendorCommand( - COMMAND_INDEX commandIndex // IN: command index to check -); - -#endif // _COMMAND_CODE_ATTRIBUTES_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CommandDispatcher_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CommandDispatcher_fp.h deleted file mode 100644 index 3c0e70f8e..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CommandDispatcher_fp.h +++ /dev/null @@ -1,58 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Mar 28, 2019 Time: 08:25:19PM - */ - -#ifndef _COMMAND_DISPATCHER_FP_H_ -#define _COMMAND_DISPATCHER_FP_H_ - -//*** ParseHandleBuffer() -// This is the table-driven version of the handle buffer unmarshaling code -TPM_RC -ParseHandleBuffer( - COMMAND *command -); - -//*** CommandDispatcher() -// Function to unmarshal the command parameters, call the selected action code, and -// marshal the response parameters. -TPM_RC -CommandDispatcher( - COMMAND *command -); - -#endif // _COMMAND_DISPATCHER_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Commit_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Commit_fp.h deleted file mode 100644 index 6bf6e9a3b..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Commit_fp.h +++ /dev/null @@ -1,75 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_Commit // Command must be enabled - -#ifndef _Commit_FP_H_ -#define _Commit_FP_H_ - -// Input structure definition -typedef struct { - TPMI_DH_OBJECT signHandle; - TPM2B_ECC_POINT P1; - TPM2B_SENSITIVE_DATA s2; - TPM2B_ECC_PARAMETER y2; -} Commit_In; - -// Output structure definition -typedef struct { - TPM2B_ECC_POINT K; - TPM2B_ECC_POINT L; - TPM2B_ECC_POINT E; - UINT16 counter; -} Commit_Out; - -// Response code modifiers -#define RC_Commit_signHandle (TPM_RC_H + TPM_RC_1) -#define RC_Commit_P1 (TPM_RC_P + TPM_RC_1) -#define RC_Commit_s2 (TPM_RC_P + TPM_RC_2) -#define RC_Commit_y2 (TPM_RC_P + TPM_RC_3) - -// Function prototype -TPM_RC -TPM2_Commit( - Commit_In *in, - Commit_Out *out -); - -#endif // _Commit_FP_H_ -#endif // CC_Commit diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ContextLoad_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ContextLoad_fp.h deleted file mode 100644 index a2c4ab437..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ContextLoad_fp.h +++ /dev/null @@ -1,66 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_ContextLoad // Command must be enabled - -#ifndef _Context_Load_FP_H_ -#define _Context_Load_FP_H_ - -// Input structure definition -typedef struct { - TPMS_CONTEXT context; -} ContextLoad_In; - -// Output structure definition -typedef struct { - TPMI_DH_CONTEXT loadedHandle; -} ContextLoad_Out; - -// Response code modifiers -#define RC_ContextLoad_context (TPM_RC_P + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_ContextLoad( - ContextLoad_In *in, - ContextLoad_Out *out -); - -#endif // _Context_Load_FP_H_ -#endif // CC_ContextLoad diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ContextSave_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ContextSave_fp.h deleted file mode 100644 index 816c36b94..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ContextSave_fp.h +++ /dev/null @@ -1,66 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_ContextSave // Command must be enabled - -#ifndef _Context_Save_FP_H_ -#define _Context_Save_FP_H_ - -// Input structure definition -typedef struct { - TPMI_DH_CONTEXT saveHandle; -} ContextSave_In; - -// Output structure definition -typedef struct { - TPMS_CONTEXT context; -} ContextSave_Out; - -// Response code modifiers -#define RC_ContextSave_saveHandle (TPM_RC_H + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_ContextSave( - ContextSave_In *in, - ContextSave_Out *out -); - -#endif // _Context_Save_FP_H_ -#endif // CC_ContextSave diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Context_spt_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Context_spt_fp.h deleted file mode 100644 index 3b52073c3..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Context_spt_fp.h +++ /dev/null @@ -1,96 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Mar 28, 2019 Time: 08:25:18PM - */ - -#ifndef _CONTEXT_SPT_FP_H_ -#define _CONTEXT_SPT_FP_H_ - -//*** ComputeContextProtectionKey() -// This function retrieves the symmetric protection key for context encryption -// It is used by TPM2_ConextSave and TPM2_ContextLoad to create the symmetric -// encryption key and iv -// Return Type: void -void -ComputeContextProtectionKey( - TPMS_CONTEXT *contextBlob, // IN: context blob - TPM2B_SYM_KEY *symKey, // OUT: the symmetric key - TPM2B_IV *iv // OUT: the IV. -); - -//*** ComputeContextIntegrity() -// Generate the integrity hash for a context -// It is used by TPM2_ContextSave to create an integrity hash -// and by TPM2_ContextLoad to compare an integrity hash -// Return Type: void -void -ComputeContextIntegrity( - TPMS_CONTEXT *contextBlob, // IN: context blob - TPM2B_DIGEST *integrity // OUT: integrity -); - -//*** SequenceDataExport(); -// This function is used scan through the sequence object and -// either modify the hash state data for export (contextSave) or to -// import it into the internal format (contextLoad). -// This function should only be called after the sequence object has been copied -// to the context buffer (contextSave) or from the context buffer into the sequence -// object. The presumption is that the context buffer version of the data is the -// same size as the internal representation so nothing outsize of the hash context -// area gets modified. -void -SequenceDataExport( - HASH_OBJECT *object, // IN: an internal hash object - HASH_OBJECT_BUFFER *exportObject // OUT: a sequence context in a buffer -); - -//*** SequenceDataImport(); -// This function is used scan through the sequence object and -// either modify the hash state data for export (contextSave) or to -// import it into the internal format (contextLoad). -// This function should only be called after the sequence object has been copied -// to the context buffer (contextSave) or from the context buffer into the sequence -// object. The presumption is that the context buffer version of the data is the -// same size as the internal representation so nothing outsize of the hash context -// area gets modified. -void -SequenceDataImport( - HASH_OBJECT *object, // IN/OUT: an internal hash object - HASH_OBJECT_BUFFER *exportObject // IN/OUT: a sequence context in a buffer -); - -#endif // _CONTEXT_SPT_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CreateLoaded_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CreateLoaded_fp.h deleted file mode 100644 index 7569df429..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CreateLoaded_fp.h +++ /dev/null @@ -1,73 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_CreateLoaded // Command must be enabled - -#ifndef _Create_Loaded_FP_H_ -#define _Create_Loaded_FP_H_ - -// Input structure definition -typedef struct { - TPMI_DH_PARENT parentHandle; - TPM2B_SENSITIVE_CREATE inSensitive; - TPM2B_TEMPLATE inPublic; -} CreateLoaded_In; - -// Output structure definition -typedef struct { - TPM_HANDLE objectHandle; - TPM2B_PRIVATE outPrivate; - TPM2B_PUBLIC outPublic; - TPM2B_NAME name; -} CreateLoaded_Out; - -// Response code modifiers -#define RC_CreateLoaded_parentHandle (TPM_RC_H + TPM_RC_1) -#define RC_CreateLoaded_inSensitive (TPM_RC_P + TPM_RC_1) -#define RC_CreateLoaded_inPublic (TPM_RC_P + TPM_RC_2) - -// Function prototype -TPM_RC -TPM2_CreateLoaded( - CreateLoaded_In *in, - CreateLoaded_Out *out -); - -#endif // _Create_Loaded_FP_H_ -#endif // CC_CreateLoaded diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CreatePrimary_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CreatePrimary_fp.h deleted file mode 100644 index e42cfc754..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CreatePrimary_fp.h +++ /dev/null @@ -1,79 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_CreatePrimary // Command must be enabled - -#ifndef _Create_Primary_FP_H_ -#define _Create_Primary_FP_H_ - -// Input structure definition -typedef struct { - TPMI_RH_HIERARCHY primaryHandle; - TPM2B_SENSITIVE_CREATE inSensitive; - TPM2B_PUBLIC inPublic; - TPM2B_DATA outsideInfo; - TPML_PCR_SELECTION creationPCR; -} CreatePrimary_In; - -// Output structure definition -typedef struct { - TPM_HANDLE objectHandle; - TPM2B_PUBLIC outPublic; - TPM2B_CREATION_DATA creationData; - TPM2B_DIGEST creationHash; - TPMT_TK_CREATION creationTicket; - TPM2B_NAME name; -} CreatePrimary_Out; - -// Response code modifiers -#define RC_CreatePrimary_primaryHandle (TPM_RC_H + TPM_RC_1) -#define RC_CreatePrimary_inSensitive (TPM_RC_P + TPM_RC_1) -#define RC_CreatePrimary_inPublic (TPM_RC_P + TPM_RC_2) -#define RC_CreatePrimary_outsideInfo (TPM_RC_P + TPM_RC_3) -#define RC_CreatePrimary_creationPCR (TPM_RC_P + TPM_RC_4) - -// Function prototype -TPM_RC -TPM2_CreatePrimary( - CreatePrimary_In *in, - CreatePrimary_Out *out -); - -#endif // _Create_Primary_FP_H_ -#endif // CC_CreatePrimary diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Create_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Create_fp.h deleted file mode 100644 index 3b1e2a773..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Create_fp.h +++ /dev/null @@ -1,78 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_Create // Command must be enabled - -#ifndef _Create_FP_H_ -#define _Create_FP_H_ - -// Input structure definition -typedef struct { - TPMI_DH_OBJECT parentHandle; - TPM2B_SENSITIVE_CREATE inSensitive; - TPM2B_PUBLIC inPublic; - TPM2B_DATA outsideInfo; - TPML_PCR_SELECTION creationPCR; -} Create_In; - -// Output structure definition -typedef struct { - TPM2B_PRIVATE outPrivate; - TPM2B_PUBLIC outPublic; - TPM2B_CREATION_DATA creationData; - TPM2B_DIGEST creationHash; - TPMT_TK_CREATION creationTicket; -} Create_Out; - -// Response code modifiers -#define RC_Create_parentHandle (TPM_RC_H + TPM_RC_1) -#define RC_Create_inSensitive (TPM_RC_P + TPM_RC_1) -#define RC_Create_inPublic (TPM_RC_P + TPM_RC_2) -#define RC_Create_outsideInfo (TPM_RC_P + TPM_RC_3) -#define RC_Create_creationPCR (TPM_RC_P + TPM_RC_4) - -// Function prototype -TPM_RC -TPM2_Create( - Create_In *in, - Create_Out *out -); - -#endif // _Create_FP_H_ -#endif // CC_Create diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptCmac_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptCmac_fp.h deleted file mode 100644 index be781014a..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptCmac_fp.h +++ /dev/null @@ -1,84 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Mar 28, 2019 Time: 08:25:18PM - */ - -#ifndef _CRYPT_CMAC_FP_H_ -#define _CRYPT_CMAC_FP_H_ - -#if ALG_CMAC - -//*** CryptCmacStart() -// This is the function to start the CMAC sequence operation. It initializes the -// dispatch functions for the data and end operations for CMAC and initializes the -// parameters that are used for the processing of data, including the key, key size -// and block cipher algorithm. -UINT16 -CryptCmacStart( - SMAC_STATE *state, - TPMU_PUBLIC_PARMS *keyParms, - TPM_ALG_ID macAlg, - TPM2B *key -); - -//*** CryptCmacData() -// This function is used to add data to the CMAC sequence computation. The function -// will XOR new data into the IV. If the buffer is full, and there is additional -// input data, the data is encrypted into the IV buffer, the new data is then -// XOR into the IV. When the data runs out, the function returns without encrypting -// even if the buffer is full. The last data block of a sequence will not be -// encrypted until the call to CryptCmacEnd(). This is to allow the proper subkey -// to be computed and applied before the last block is encrypted. -void -CryptCmacData( - SMAC_STATES *state, - UINT32 size, - const BYTE *buffer -); - -//*** CryptCmacEnd() -// This is the completion function for the CMAC. It does padding, if needed, and -// selects the subkey to be applied before the last block is encrypted. -UINT16 -CryptCmacEnd( - SMAC_STATES *state, - UINT32 outSize, - BYTE *outBuffer -); -#endif - -#endif // _CRYPT_CMAC_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptDes_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptDes_fp.h deleted file mode 100644 index 4f4513483..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptDes_fp.h +++ /dev/null @@ -1,76 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Mar 28, 2019 Time: 08:25:18PM - */ - -#ifndef _CRYPT_DES_FP_H_ -#define _CRYPT_DES_FP_H_ - -#if ALG_TDES - -//*** CryptSetOddByteParity() -// This function sets the per byte parity of a 64-bit value. The least-significant -// bit is of each byte is replaced with the odd parity of the other 7 bits in the -// byte. With odd parity, no byte will ever be 0x00. -UINT64 -CryptSetOddByteParity( - UINT64 k -); - -//*** CryptDesValidateKey() -// Function to check to see if the input key is a valid DES key where the definition -// of valid is that none of the elements are on the list of weak, semi-weak, or -// possibly weak keys; and that for two keys, K1!=K2, and for three keys that -// K1!=K2 and K2!=K3. -BOOL -CryptDesValidateKey( - TPM2B_SYM_KEY *desKey // IN: key to validate -); - -//*** CryptGenerateKeyDes() -// This function is used to create a DES key of the appropriate size. The key will -// have odd parity in the bytes. -TPM_RC -CryptGenerateKeyDes( - TPMT_PUBLIC *publicArea, // IN/OUT: The public area template - // for the new key. - TPMT_SENSITIVE *sensitive, // OUT: sensitive area - RAND_STATE *rand // IN: the "entropy" source for -); -#endif - -#endif // _CRYPT_DES_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptEccKeyExchange_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptEccKeyExchange_fp.h deleted file mode 100644 index f566dacff..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptEccKeyExchange_fp.h +++ /dev/null @@ -1,88 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Mar 28, 2019 Time: 08:25:18PM - */ - -#ifndef _CRYPT_ECC_KEY_EXCHANGE_FP_H_ -#define _CRYPT_ECC_KEY_EXCHANGE_FP_H_ - -#if CC_ZGen_2Phase == YES - -//*** CryptEcc2PhaseKeyExchange() -// This function is the dispatch routine for the EC key exchange functions that use -// two ephemeral and two static keys. -// Return Type: TPM_RC -// TPM_RC_SCHEME scheme is not defined -LIB_EXPORT TPM_RC -CryptEcc2PhaseKeyExchange( - TPMS_ECC_POINT *outZ1, // OUT: a computed point - TPMS_ECC_POINT *outZ2, // OUT: and optional second point - TPM_ECC_CURVE curveId, // IN: the curve for the computations - TPM_ALG_ID scheme, // IN: the key exchange scheme - TPM2B_ECC_PARAMETER *dsA, // IN: static private TPM key - TPM2B_ECC_PARAMETER *deA, // IN: ephemeral private TPM key - TPMS_ECC_POINT *QsB, // IN: static public party B key - TPMS_ECC_POINT *QeB // IN: ephemeral public party B key -); -#if ALG_SM2 - -//*** SM2KeyExchange() -// This function performs the key exchange defined in SM2. -// The first step is to compute -// 'tA' = ('dsA' + 'deA' avf(Xe,A)) mod 'n' -// Then, compute the 'Z' value from -// 'outZ' = ('h' 'tA' mod 'n') ('QsA' + [avf('QeB.x')]('QeB')). -// The function will compute the ephemeral public key from the ephemeral -// private key. -// All points are required to be on the curve of 'inQsA'. The function will fail -// catastrophically if this is not the case -// Return Type: TPM_RC -// TPM_RC_NO_RESULT the value for dsA does not give a valid point on the -// curve -LIB_EXPORT TPM_RC -SM2KeyExchange( - TPMS_ECC_POINT *outZ, // OUT: the computed point - TPM_ECC_CURVE curveId, // IN: the curve for the computations - TPM2B_ECC_PARAMETER *dsAIn, // IN: static private TPM key - TPM2B_ECC_PARAMETER *deAIn, // IN: ephemeral private TPM key - TPMS_ECC_POINT *QsBIn, // IN: static public party B key - TPMS_ECC_POINT *QeBIn // IN: ephemeral public party B key -); -#endif -#endif // CC_ZGen_2Phase - -#endif // _CRYPT_ECC_KEY_EXCHANGE_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptEccMain_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptEccMain_fp.h deleted file mode 100644 index 96864b4b0..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptEccMain_fp.h +++ /dev/null @@ -1,374 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Apr 2, 2019 Time: 03:18:00PM - */ - -#ifndef _CRYPT_ECC_MAIN_FP_H_ -#define _CRYPT_ECC_MAIN_FP_H_ - -#if ALG_ECC - -//** Functions -#if SIMULATION -void -EccSimulationEnd( - void -); -#endif // SIMULATION - -//*** CryptEccInit() -// This function is called at _TPM_Init -BOOL -CryptEccInit( - void -); - -//*** CryptEccStartup() -// This function is called at TPM2_Startup(). -BOOL -CryptEccStartup( - void -); - -//*** ClearPoint2B(generic) -// Initialize the size values of a TPMS_ECC_POINT structure. -void -ClearPoint2B( - TPMS_ECC_POINT *p // IN: the point -); - -//*** CryptEccGetParametersByCurveId() -// This function returns a pointer to the curve data that is associated with -// the indicated curveId. -// If there is no curve with the indicated ID, the function returns NULL. This -// function is in this module so that it can be called by GetCurve data. -// Return Type: const ECC_CURVE_DATA -// NULL curve with the indicated TPM_ECC_CURVE is not implemented -// != NULL pointer to the curve data -LIB_EXPORT const ECC_CURVE * -CryptEccGetParametersByCurveId( - TPM_ECC_CURVE curveId // IN: the curveID -); - -//*** CryptEccGetKeySizeForCurve() -// This function returns the key size in bits of the indicated curve. -LIB_EXPORT UINT16 -CryptEccGetKeySizeForCurve( - TPM_ECC_CURVE curveId // IN: the curve -); - -//*** GetCurveData() -// This function returns the a pointer for the parameter data -// associated with a curve. -const ECC_CURVE_DATA * -GetCurveData( - TPM_ECC_CURVE curveId // IN: the curveID -); - -//***CryptEccGetOID() -const BYTE * -CryptEccGetOID( - TPM_ECC_CURVE curveId -); - -//*** CryptEccGetCurveByIndex() -// This function returns the number of the 'i'-th implemented curve. The normal -// use would be to call this function with 'i' starting at 0. When the 'i' is greater -// than or equal to the number of implemented curves, TPM_ECC_NONE is returned. -LIB_EXPORT TPM_ECC_CURVE -CryptEccGetCurveByIndex( - UINT16 i -); - -//*** CryptEccGetParameter() -// This function returns an ECC curve parameter. The parameter is -// selected by a single character designator from the set of ""PNABXYH"". -// Return Type: BOOL -// TRUE(1) curve exists and parameter returned -// FALSE(0) curve does not exist or parameter selector -LIB_EXPORT BOOL -CryptEccGetParameter( - TPM2B_ECC_PARAMETER *out, // OUT: place to put parameter - char p, // IN: the parameter selector - TPM_ECC_CURVE curveId // IN: the curve id -); - -//*** CryptCapGetECCCurve() -// This function returns the list of implemented ECC curves. -// Return Type: TPMI_YES_NO -// YES if no more ECC curve is available -// NO if there are more ECC curves not reported -TPMI_YES_NO -CryptCapGetECCCurve( - TPM_ECC_CURVE curveID, // IN: the starting ECC curve - UINT32 maxCount, // IN: count of returned curves - TPML_ECC_CURVE *curveList // OUT: ECC curve list -); - -//*** CryptGetCurveSignScheme() -// This function will return a pointer to the scheme of the curve. -const TPMT_ECC_SCHEME * -CryptGetCurveSignScheme( - TPM_ECC_CURVE curveId // IN: The curve selector -); - -//*** CryptGenerateR() -// This function computes the commit random value for a split signing scheme. -// -// If 'c' is NULL, it indicates that 'r' is being generated -// for TPM2_Commit. -// If 'c' is not NULL, the TPM will validate that the 'gr.commitArray' -// bit associated with the input value of 'c' is SET. If not, the TPM -// returns FALSE and no 'r' value is generated. -// Return Type: BOOL -// TRUE(1) r value computed -// FALSE(0) no r value computed -BOOL -CryptGenerateR( - TPM2B_ECC_PARAMETER *r, // OUT: the generated random value - UINT16 *c, // IN/OUT: count value. - TPMI_ECC_CURVE curveID, // IN: the curve for the value - TPM2B_NAME *name // IN: optional name of a key to - // associate with 'r' -); - -//*** CryptCommit() -// This function is called when the count value is committed. The 'gr.commitArray' -// value associated with the current count value is SET and g_commitCounter is -// incremented. The low-order 16 bits of old value of the counter is returned. -UINT16 -CryptCommit( - void -); - -//*** CryptEndCommit() -// This function is called when the signing operation using the committed value -// is completed. It clears the gr.commitArray bit associated with the count -// value so that it can't be used again. -void -CryptEndCommit( - UINT16 c // IN: the counter value of the commitment -); - -//*** CryptEccGetParameters() -// This function returns the ECC parameter details of the given curve. -// Return Type: BOOL -// TRUE(1) success -// FALSE(0) unsupported ECC curve ID -BOOL -CryptEccGetParameters( - TPM_ECC_CURVE curveId, // IN: ECC curve ID - TPMS_ALGORITHM_DETAIL_ECC *parameters // OUT: ECC parameters -); - -//*** BnGetCurvePrime() -// This function is used to get just the prime modulus associated with a curve. -const bignum_t * -BnGetCurvePrime( - TPM_ECC_CURVE curveId -); - -//*** BnGetCurveOrder() -// This function is used to get just the curve order -const bignum_t * -BnGetCurveOrder( - TPM_ECC_CURVE curveId -); - -//*** BnIsOnCurve() -// This function checks if a point is on the curve. -BOOL -BnIsOnCurve( - pointConst Q, - const ECC_CURVE_DATA *C -); - -//*** BnIsValidPrivateEcc() -// Checks that 0 < 'x' < 'q' -BOOL -BnIsValidPrivateEcc( - bigConst x, // IN: private key to check - bigCurve E // IN: the curve to check -); - -LIB_EXPORT BOOL -CryptEccIsValidPrivateKey( - TPM2B_ECC_PARAMETER *d, - TPM_ECC_CURVE curveId -); - -//*** BnPointMul() -// This function does a point multiply of the form 'R' = ['d']'S' + ['u']'Q' where the -// parameters are bigNum values. If 'S' is NULL and d is not NULL, then it computes -// 'R' = ['d']'G' + ['u']'Q' or just 'R' = ['d']'G' if 'u' and 'Q' are NULL. -// If 'skipChecks' is TRUE, then the function will not verify that the inputs are -// correct for the domain. This would be the case when the values were created by the -// CryptoEngine code. -// It will return TPM_RC_NO_RESULT if the resulting point is the point at infinity. -// Return Type: TPM_RC -// TPM_RC_NO_RESULT result of multiplication is a point at infinity -// TPM_RC_ECC_POINT 'S' or 'Q' is not on the curve -// TPM_RC_VALUE 'd' or 'u' is not < n -TPM_RC -BnPointMult( - bigPoint R, // OUT: computed point - pointConst S, // IN: optional point to multiply by 'd' - bigConst d, // IN: scalar for [d]S or [d]G - pointConst Q, // IN: optional second point - bigConst u, // IN: optional second scalar - bigCurve E // IN: curve parameters -); - -//***BnEccGetPrivate() -// This function gets random values that are the size of the key plus 64 bits. The -// value is reduced (mod ('q' - 1)) and incremented by 1 ('q' is the order of the -// curve. This produces a value ('d') such that 1 <= 'd' < 'q'. This is the method -// of FIPS 186-4 Section B.4.1 ""Key Pair Generation Using Extra Random Bits"". -// Return Type: BOOL -// TRUE(1) success -// FALSE(0) failure generating private key -BOOL -BnEccGetPrivate( - bigNum dOut, // OUT: the qualified random value - const ECC_CURVE_DATA *C, // IN: curve for which the private key - // needs to be appropriate - RAND_STATE *rand // IN: state for DRBG -); - -//*** BnEccGenerateKeyPair() -// This function gets a private scalar from the source of random bits and does -// the point multiply to get the public key. -BOOL -BnEccGenerateKeyPair( - bigNum bnD, // OUT: private scalar - bn_point_t *ecQ, // OUT: public point - bigCurve E, // IN: curve for the point - RAND_STATE *rand // IN: DRBG state to use -); - -//***CryptEccNewKeyPair(***) -// This function creates an ephemeral ECC. It is ephemeral in that -// is expected that the private part of the key will be discarded -LIB_EXPORT TPM_RC -CryptEccNewKeyPair( - TPMS_ECC_POINT *Qout, // OUT: the public point - TPM2B_ECC_PARAMETER *dOut, // OUT: the private scalar - TPM_ECC_CURVE curveId // IN: the curve for the key -); - -//*** CryptEccPointMultiply() -// This function computes 'R' := ['dIn']'G' + ['uIn']'QIn'. Where 'dIn' and -// 'uIn' are scalars, 'G' and 'QIn' are points on the specified curve and 'G' is the -// default generator of the curve. -// -// The 'xOut' and 'yOut' parameters are optional and may be set to NULL if not -// used. -// -// It is not necessary to provide 'uIn' if 'QIn' is specified but one of 'uIn' and -// 'dIn' must be provided. If 'dIn' and 'QIn' are specified but 'uIn' is not -// provided, then 'R' = ['dIn']'QIn'. -// -// If the multiply produces the point at infinity, the TPM_RC_NO_RESULT is returned. -// -// The sizes of 'xOut' and yOut' will be set to be the size of the degree of -// the curve -// -// It is a fatal error if 'dIn' and 'uIn' are both unspecified (NULL) or if 'Qin' -// or 'Rout' is unspecified. -// -// Return Type: TPM_RC -// TPM_RC_ECC_POINT the point 'Pin' or 'Qin' is not on the curve -// TPM_RC_NO_RESULT the product point is at infinity -// TPM_RC_CURVE bad curve -// TPM_RC_VALUE 'dIn' or 'uIn' out of range -// -LIB_EXPORT TPM_RC -CryptEccPointMultiply( - TPMS_ECC_POINT *Rout, // OUT: the product point R - TPM_ECC_CURVE curveId, // IN: the curve to use - TPMS_ECC_POINT *Pin, // IN: first point (can be null) - TPM2B_ECC_PARAMETER *dIn, // IN: scalar value for [dIn]Qin - // the Pin - TPMS_ECC_POINT *Qin, // IN: point Q - TPM2B_ECC_PARAMETER *uIn // IN: scalar value for the multiplier - // of Q -); - -//*** CryptEccIsPointOnCurve() -// This function is used to test if a point is on a defined curve. It does this -// by checking that 'y'^2 mod 'p' = 'x'^3 + 'a'*'x' + 'b' mod 'p'. -// -// It is a fatal error if 'Q' is not specified (is NULL). -// Return Type: BOOL -// TRUE(1) point is on curve -// FALSE(0) point is not on curve or curve is not supported -LIB_EXPORT BOOL -CryptEccIsPointOnCurve( - TPM_ECC_CURVE curveId, // IN: the curve selector - TPMS_ECC_POINT *Qin // IN: the point. -); - -//*** CryptEccGenerateKey() -// This function generates an ECC key pair based on the input parameters. -// This routine uses KDFa to produce candidate numbers. The method is according -// to FIPS 186-3, section B.1.2 "Key Pair Generation by Testing Candidates." -// According to the method in FIPS 186-3, the resulting private value 'd' should be -// 1 <= 'd' < 'n' where 'n' is the order of the base point. -// -// It is a fatal error if 'Qout', 'dOut', is not provided (is NULL). -// -// If the curve is not supported -// If 'seed' is not provided, then a random number will be used for the key -// Return Type: TPM_RC -// TPM_RC_CURVE curve is not supported -// TPM_RC_NO_RESULT could not verify key with signature (FIPS only) -LIB_EXPORT TPM_RC -CryptEccGenerateKey( - TPMT_PUBLIC *publicArea, // IN/OUT: The public area template for - // the new key. The public key - // area will be replaced computed - // ECC public key - TPMT_SENSITIVE *sensitive, // OUT: the sensitive area will be - // updated to contain the private - // ECC key and the symmetric - // encryption key - RAND_STATE *rand // IN: if not NULL, the deterministic - // RNG state -); -#endif // ALG_ECC - -#endif // _CRYPT_ECC_MAIN_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptEccSignature_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptEccSignature_fp.h deleted file mode 100644 index ede9e4f83..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptEccSignature_fp.h +++ /dev/null @@ -1,139 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Mar 28, 2019 Time: 08:25:18PM - */ - -#ifndef _CRYPT_ECC_SIGNATURE_FP_H_ -#define _CRYPT_ECC_SIGNATURE_FP_H_ - -#if ALG_ECC - -//*** BnSignEcdsa() -// This function implements the ECDSA signing algorithm. The method is described -// in the comments below. -TPM_RC -BnSignEcdsa( - bigNum bnR, // OUT: 'r' component of the signature - bigNum bnS, // OUT: 's' component of the signature - bigCurve E, // IN: the curve used in the signature - // process - bigNum bnD, // IN: private signing key - const TPM2B_DIGEST *digest, // IN: the digest to sign - RAND_STATE *rand // IN: used in debug of signing -); - -//*** CryptEccSign() -// This function is the dispatch function for the various ECC-based -// signing schemes. -// There is a bit of ugliness to the parameter passing. In order to test this, -// we sometime would like to use a deterministic RNG so that we can get the same -// signatures during testing. The easiest way to do this for most schemes is to -// pass in a deterministic RNG and let it return canned values during testing. -// There is a competing need for a canned parameter to use in ECDAA. To accommodate -// both needs with minimal fuss, a special type of RAND_STATE is defined to carry -// the address of the commit value. The setup and handling of this is not very -// different for the caller than what was in previous versions of the code. -// Return Type: TPM_RC -// TPM_RC_SCHEME 'scheme' is not supported -LIB_EXPORT TPM_RC -CryptEccSign( - TPMT_SIGNATURE *signature, // OUT: signature - OBJECT *signKey, // IN: ECC key to sign the hash - const TPM2B_DIGEST *digest, // IN: digest to sign - TPMT_ECC_SCHEME *scheme, // IN: signing scheme - RAND_STATE *rand -); -#if ALG_ECDSA - -//*** BnValidateSignatureEcdsa() -// This function validates an ECDSA signature. rIn and sIn should have been checked -// to make sure that they are in the range 0 < 'v' < 'n' -// Return Type: TPM_RC -// TPM_RC_SIGNATURE signature not valid -TPM_RC -BnValidateSignatureEcdsa( - bigNum bnR, // IN: 'r' component of the signature - bigNum bnS, // IN: 's' component of the signature - bigCurve E, // IN: the curve used in the signature - // process - bn_point_t *ecQ, // IN: the public point of the key - const TPM2B_DIGEST *digest // IN: the digest that was signed -); -#endif // ALG_ECDSA - -//*** CryptEccValidateSignature() -// This function validates an EcDsa or EcSchnorr signature. -// The point 'Qin' needs to have been validated to be on the curve of 'curveId'. -// Return Type: TPM_RC -// TPM_RC_SIGNATURE not a valid signature -LIB_EXPORT TPM_RC -CryptEccValidateSignature( - TPMT_SIGNATURE *signature, // IN: signature to be verified - OBJECT *signKey, // IN: ECC key signed the hash - const TPM2B_DIGEST *digest // IN: digest that was signed -); - -//***CryptEccCommitCompute() -// This function performs the point multiply operations required by TPM2_Commit. -// -// If 'B' or 'M' is provided, they must be on the curve defined by 'curveId'. This -// routine does not check that they are on the curve and results are unpredictable -// if they are not. -// -// It is a fatal error if 'r' is NULL. If 'B' is not NULL, then it is a -// fatal error if 'd' is NULL or if 'K' and 'L' are both NULL. -// If 'M' is not NULL, then it is a fatal error if 'E' is NULL. -// -// Return Type: TPM_RC -// TPM_RC_NO_RESULT if 'K', 'L' or 'E' was computed to be the point -// at infinity -// TPM_RC_CANCELED a cancel indication was asserted during this -// function -LIB_EXPORT TPM_RC -CryptEccCommitCompute( - TPMS_ECC_POINT *K, // OUT: [d]B or [r]Q - TPMS_ECC_POINT *L, // OUT: [r]B - TPMS_ECC_POINT *E, // OUT: [r]M - TPM_ECC_CURVE curveId, // IN: the curve for the computations - TPMS_ECC_POINT *M, // IN: M (optional) - TPMS_ECC_POINT *B, // IN: B (optional) - TPM2B_ECC_PARAMETER *d, // IN: d (optional) - TPM2B_ECC_PARAMETER *r // IN: the computed r value (required) -); -#endif // ALG_ECC - -#endif // _CRYPT_ECC_SIGNATURE_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptHash_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptHash_fp.h deleted file mode 100644 index 218d9ca72..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptHash_fp.h +++ /dev/null @@ -1,408 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Apr 2, 2019 Time: 03:18:00PM - */ - -#ifndef _CRYPT_HASH_FP_H_ -#define _CRYPT_HASH_FP_H_ - -//*** CryptHashInit() -// This function is called by _TPM_Init do perform the initialization operations for -// the library. -BOOL -CryptHashInit( - void -); - -//*** CryptHashStartup() -// This function is called by TPM2_Startup() in case there is work to do at startup. -// Currently, this is a placeholder. -BOOL -CryptHashStartup( - void -); - -//*** CryptGetHashDef() -// This function accesses the hash descriptor associated with a hash a -// algorithm. The function returns a pointer to a 'null' descriptor if hashAlg is -// TPM_ALG_NULL or not a defined algorithm. -PHASH_DEF -CryptGetHashDef( - TPM_ALG_ID hashAlg -); - -//*** CryptHashIsValidAlg() -// This function tests to see if an algorithm ID is a valid hash algorithm. If -// flag is true, then TPM_ALG_NULL is a valid hash. -// Return Type: BOOL -// TRUE(1) hashAlg is a valid, implemented hash on this TPM -// FALSE(0) hashAlg is not valid for this TPM -BOOL -CryptHashIsValidAlg( - TPM_ALG_ID hashAlg, // IN: the algorithm to check - BOOL flag // IN: TRUE if TPM_ALG_NULL is to be treated - // as a valid hash -); - -//*** CryptHashGetAlgByIndex() -// This function is used to iterate through the hashes. TPM_ALG_NULL -// is returned for all indexes that are not valid hashes. -// If the TPM implements 3 hashes, then an 'index' value of 0 will -// return the first implemented hash and an 'index' of 2 will return the -// last. All other index values will return TPM_ALG_NULL. -// -// Return Type: TPM_ALG_ID -// TPM_ALG_xxx a hash algorithm -// TPM_ALG_NULL this can be used as a stop value -LIB_EXPORT TPM_ALG_ID -CryptHashGetAlgByIndex( - UINT32 index // IN: the index -); - -//*** CryptHashGetDigestSize() -// Returns the size of the digest produced by the hash. If 'hashAlg' is not a hash -// algorithm, the TPM will FAIL. -// Return Type: UINT16 -// 0 TPM_ALG_NULL -// > 0 the digest size -// -LIB_EXPORT UINT16 -CryptHashGetDigestSize( - TPM_ALG_ID hashAlg // IN: hash algorithm to look up -); - -//*** CryptHashGetBlockSize() -// Returns the size of the block used by the hash. If 'hashAlg' is not a hash -// algorithm, the TPM will FAIL. -// Return Type: UINT16 -// 0 TPM_ALG_NULL -// > 0 the digest size -// -LIB_EXPORT UINT16 -CryptHashGetBlockSize( - TPM_ALG_ID hashAlg // IN: hash algorithm to look up -); - -//*** CryptHashGetOid() -// This function returns a pointer to DER=encoded OID for a hash algorithm. All OIDs -// are full OID values including the Tag (0x06) and length byte. -LIB_EXPORT const BYTE * -CryptHashGetOid( - TPM_ALG_ID hashAlg -); - -//*** CryptHashGetContextAlg() -// This function returns the hash algorithm associated with a hash context. -TPM_ALG_ID -CryptHashGetContextAlg( - PHASH_STATE state // IN: the context to check -); - -//*** CryptHashCopyState -// This function is used to clone a HASH_STATE. -LIB_EXPORT void -CryptHashCopyState( - HASH_STATE *out, // OUT: destination of the state - const HASH_STATE *in // IN: source of the state -); - -//*** CryptHashExportState() -// This function is used to export a hash or HMAC hash state. This function -// would be called when preparing to context save a sequence object. -void -CryptHashExportState( - PCHASH_STATE internalFmt, // IN: the hash state formatted for use by - // library - PEXPORT_HASH_STATE externalFmt // OUT: the exported hash state -); - -//*** CryptHashImportState() -// This function is used to import the hash state. This function -// would be called to import a hash state when the context of a sequence object -// was being loaded. -void -CryptHashImportState( - PHASH_STATE internalFmt, // OUT: the hash state formatted for use by - // the library - PCEXPORT_HASH_STATE externalFmt // IN: the exported hash state -); - -//*** CryptHashStart() -// Functions starts a hash stack -// Start a hash stack and returns the digest size. As a side effect, the -// value of 'stateSize' in hashState is updated to indicate the number of bytes -// of state that were saved. This function calls GetHashServer() and that function -// will put the TPM into failure mode if the hash algorithm is not supported. -// -// This function does not use the sequence parameter. If it is necessary to import -// or export context, this will start the sequence in a local state -// and export the state to the input buffer. Will need to add a flag to the state -// structure to indicate that it needs to be imported before it can be used. -// (BLEH). -// Return Type: UINT16 -// 0 hash is TPM_ALG_NULL -// >0 digest size -LIB_EXPORT UINT16 -CryptHashStart( - PHASH_STATE hashState, // OUT: the running hash state - TPM_ALG_ID hashAlg // IN: hash algorithm -); - -//*** CryptDigestUpdate() -// Add data to a hash or HMAC, SMAC stack. -// -void -CryptDigestUpdate( - PHASH_STATE hashState, // IN: the hash context information - UINT32 dataSize, // IN: the size of data to be added - const BYTE *data // IN: data to be hashed -); - -//*** CryptHashEnd() -// Complete a hash or HMAC computation. This function will place the smaller of -// 'digestSize' or the size of the digest in 'dOut'. The number of bytes in the -// placed in the buffer is returned. If there is a failure, the returned value -// is <= 0. -// Return Type: UINT16 -// 0 no data returned -// > 0 the number of bytes in the digest or dOutSize, whichever is smaller -LIB_EXPORT UINT16 -CryptHashEnd( - PHASH_STATE hashState, // IN: the state of hash stack - UINT32 dOutSize, // IN: size of digest buffer - BYTE *dOut // OUT: hash digest -); - -//*** CryptHashBlock() -// Start a hash, hash a single block, update 'digest' and return the size of -// the results. -// -// The 'digestSize' parameter can be smaller than the digest. If so, only the more -// significant bytes are returned. -// Return Type: UINT16 -// >= 0 number of bytes placed in 'dOut' -LIB_EXPORT UINT16 -CryptHashBlock( - TPM_ALG_ID hashAlg, // IN: The hash algorithm - UINT32 dataSize, // IN: size of buffer to hash - const BYTE *data, // IN: the buffer to hash - UINT32 dOutSize, // IN: size of the digest buffer - BYTE *dOut // OUT: digest buffer -); - -//*** CryptDigestUpdate2B() -// This function updates a digest (hash or HMAC) with a TPM2B. -// -// This function can be used for both HMAC and hash functions so the -// 'digestState' is void so that either state type can be passed. -LIB_EXPORT void -CryptDigestUpdate2B( - PHASH_STATE state, // IN: the digest state - const TPM2B *bIn // IN: 2B containing the data -); - -//*** CryptHashEnd2B() -// This function is the same as CryptCompleteHash() but the digest is -// placed in a TPM2B. This is the most common use and this is provided -// for specification clarity. 'digest.size' should be set to indicate the number of -// bytes to place in the buffer -// Return Type: UINT16 -// >=0 the number of bytes placed in 'digest.buffer' -LIB_EXPORT UINT16 -CryptHashEnd2B( - PHASH_STATE state, // IN: the hash state - P2B digest // IN: the size of the buffer Out: requested - // number of bytes -); - -//*** CryptDigestUpdateInt() -// This function is used to include an integer value to a hash stack. The function -// marshals the integer into its canonical form before calling CryptDigestUpdate(). -LIB_EXPORT void -CryptDigestUpdateInt( - void *state, // IN: the state of hash stack - UINT32 intSize, // IN: the size of 'intValue' in bytes - UINT64 intValue // IN: integer value to be hashed -); - -//*** CryptHmacStart() -// This function is used to start an HMAC using a temp -// hash context. The function does the initialization -// of the hash with the HMAC key XOR iPad and updates the -// HMAC key XOR oPad. -// -// The function returns the number of bytes in a digest produced by 'hashAlg'. -// Return Type: UINT16 -// >= 0 number of bytes in digest produced by 'hashAlg' (may be zero) -// -LIB_EXPORT UINT16 -CryptHmacStart( - PHMAC_STATE state, // IN/OUT: the state buffer - TPM_ALG_ID hashAlg, // IN: the algorithm to use - UINT16 keySize, // IN: the size of the HMAC key - const BYTE *key // IN: the HMAC key -); - -//*** CryptHmacEnd() -// This function is called to complete an HMAC. It will finish the current -// digest, and start a new digest. It will then add the oPadKey and the -// completed digest and return the results in dOut. It will not return more -// than dOutSize bytes. -// Return Type: UINT16 -// >= 0 number of bytes in 'dOut' (may be zero) -LIB_EXPORT UINT16 -CryptHmacEnd( - PHMAC_STATE state, // IN: the hash state buffer - UINT32 dOutSize, // IN: size of digest buffer - BYTE *dOut // OUT: hash digest -); - -//*** CryptHmacStart2B() -// This function starts an HMAC and returns the size of the digest -// that will be produced. -// -// This function is provided to support the most common use of starting an HMAC -// with a TPM2B key. -// -// The caller must provide a block of memory in which the hash sequence state -// is kept. The caller should not alter the contents of this buffer until the -// hash sequence is completed or abandoned. -// -// Return Type: UINT16 -// > 0 the digest size of the algorithm -// = 0 the hashAlg was TPM_ALG_NULL -LIB_EXPORT UINT16 -CryptHmacStart2B( - PHMAC_STATE hmacState, // OUT: the state of HMAC stack. It will be used - // in HMAC update and completion - TPMI_ALG_HASH hashAlg, // IN: hash algorithm - P2B key // IN: HMAC key -); - -//*** CryptHmacEnd2B() -// This function is the same as CryptHmacEnd() but the HMAC result -// is returned in a TPM2B which is the most common use. -// Return Type: UINT16 -// >=0 the number of bytes placed in 'digest' -LIB_EXPORT UINT16 -CryptHmacEnd2B( - PHMAC_STATE hmacState, // IN: the state of HMAC stack - P2B digest // OUT: HMAC -); - -//** Mask and Key Generation Functions -//*** CryptMGF1() -// This function performs MGF1 using the selected hash. MGF1 is -// T(n) = T(n-1) || H(seed || counter). -// This function returns the length of the mask produced which -// could be zero if the digest algorithm is not supported -// Return Type: UINT16 -// 0 hash algorithm was TPM_ALG_NULL -// > 0 should be the same as 'mSize' -LIB_EXPORT UINT16 -CryptMGF1( - UINT32 mSize, // IN: length of the mask to be produced - BYTE *mask, // OUT: buffer to receive the mask - TPM_ALG_ID hashAlg, // IN: hash to use - UINT32 seedSize, // IN: size of the seed - BYTE *seed // IN: seed size -); - -//*** CryptKDFa() -// This function performs the key generation according to Part 1 of the -// TPM specification. -// -// This function returns the number of bytes generated which may be zero. -// -// The 'key' and 'keyStream' pointers are not allowed to be NULL. The other -// pointer values may be NULL. The value of 'sizeInBits' must be no larger -// than (2^18)-1 = 256K bits (32385 bytes). -// -// The 'once' parameter is set to allow incremental generation of a large -// value. If this flag is TRUE, 'sizeInBits' will be used in the HMAC computation -// but only one iteration of the KDF is performed. This would be used for -// XOR obfuscation so that the mask value can be generated in digest-sized -// chunks rather than having to be generated all at once in an arbitrarily -// large buffer and then XORed into the result. If 'once' is TRUE, then -// 'sizeInBits' must be a multiple of 8. -// -// Any error in the processing of this command is considered fatal. -// Return Type: UINT16 -// 0 hash algorithm is not supported or is TPM_ALG_NULL -// > 0 the number of bytes in the 'keyStream' buffer -LIB_EXPORT UINT16 -CryptKDFa( - TPM_ALG_ID hashAlg, // IN: hash algorithm used in HMAC - const TPM2B *key, // IN: HMAC key - const TPM2B *label, // IN: a label for the KDF - const TPM2B *contextU, // IN: context U - const TPM2B *contextV, // IN: context V - UINT32 sizeInBits, // IN: size of generated key in bits - BYTE *keyStream, // OUT: key buffer - UINT32 *counterInOut, // IN/OUT: caller may provide the iteration - // counter for incremental operations to - // avoid large intermediate buffers. - UINT16 blocks // IN: If non-zero, this is the maximum number - // of blocks to be returned, regardless - // of sizeInBits -); - -//*** CryptKDFe() -// This function implements KDFe() as defined in TPM specification part 1. -// -// This function returns the number of bytes generated which may be zero. -// -// The 'Z' and 'keyStream' pointers are not allowed to be NULL. The other -// pointer values may be NULL. The value of 'sizeInBits' must be no larger -// than (2^18)-1 = 256K bits (32385 bytes). -// Any error in the processing of this command is considered fatal. -// Return Type: UINT16 -// 0 hash algorithm is not supported or is TPM_ALG_NULL -// > 0 the number of bytes in the 'keyStream' buffer -// -LIB_EXPORT UINT16 -CryptKDFe( - TPM_ALG_ID hashAlg, // IN: hash algorithm used in HMAC - TPM2B *Z, // IN: Z - const TPM2B *label, // IN: a label value for the KDF - TPM2B *partyUInfo, // IN: PartyUInfo - TPM2B *partyVInfo, // IN: PartyVInfo - UINT32 sizeInBits, // IN: size of generated key in bits - BYTE *keyStream // OUT: key buffer -); - -#endif // _CRYPT_HASH_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptPrimeSieve_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptPrimeSieve_fp.h deleted file mode 100644 index 55a0712d7..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptPrimeSieve_fp.h +++ /dev/null @@ -1,158 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Apr 2, 2019 Time: 04:06:42PM - */ - -#ifndef _CRYPT_PRIME_SIEVE_FP_H_ -#define _CRYPT_PRIME_SIEVE_FP_H_ - -#if RSA_KEY_SIEVE - -//*** RsaAdjustPrimeLimit() -// This used during the sieve process. The iterator for getting the -// next prime (RsaNextPrime()) will return primes until it hits the -// limit (primeLimit) set up by this function. This causes the sieve -// process to stop when an appropriate number of primes have been -// sieved. -LIB_EXPORT void -RsaAdjustPrimeLimit( - uint32_t requestedPrimes -); - -//*** RsaNextPrime() -// This the iterator used during the sieve process. The input is the -// last prime returned (or any starting point) and the output is the -// next higher prime. The function returns 0 when the primeLimit is -// reached. -LIB_EXPORT uint32_t -RsaNextPrime( - uint32_t lastPrime -); - -//*** FindNthSetBit() -// This function finds the nth SET bit in a bit array. The 'n' parameter is -// between 1 and the number of bits in the array (always a multiple of 8). -// If called when the array does not have n bits set, it will return -1 -// Return Type: unsigned int -// <0 no bit is set or no bit with the requested number is set -// >=0 the number of the bit in the array that is the nth set -LIB_EXPORT int -FindNthSetBit( - const UINT16 aSize, // IN: the size of the array to check - const BYTE *a, // IN: the array to check - const UINT32 n // IN, the number of the SET bit -); - -//*** PrimeSieve() -// This function does a prime sieve over the input 'field' which has as its -// starting address the value in bnN. Since this initializes the Sieve -// using a precomputed field with the bits associated with 3, 5 and 7 already -// turned off, the value of pnN may need to be adjusted by a few counts to allow -// the precomputed field to be used without modification. -// -// To get better performance, one could address the issue of developing the -// composite numbers. When the size of the prime gets large, the time for doing -// the divisions goes up, noticeably. It could be better to develop larger composite -// numbers even if they need to be bigNum's themselves. The object would be to -// reduce the number of times that the large prime is divided into a few large -// divides and then use smaller divides to get to the final 16 bit (or smaller) -// remainders. -LIB_EXPORT UINT32 -PrimeSieve( - bigNum bnN, // IN/OUT: number to sieve - UINT32 fieldSize, // IN: size of the field area in bytes - BYTE *field // IN: field -); -#ifdef SIEVE_DEBUG - -//***SetFieldSize() -// Function to set the field size used for prime generation. Used for tuning. -LIB_EXPORT uint32_t -SetFieldSize( - uint32_t newFieldSize -); -#endif // SIEVE_DEBUG - -//*** PrimeSelectWithSieve() -// This function will sieve the field around the input prime candidate. If the -// sieve field is not empty, one of the one bits in the field is chosen for testing -// with Miller-Rabin. If the value is prime, 'pnP' is updated with this value -// and the function returns success. If this value is not prime, another -// pseudo-random candidate is chosen and tested. This process repeats until -// all values in the field have been checked. If all bits in the field have -// been checked and none is prime, the function returns FALSE and a new random -// value needs to be chosen. -// Return Type: TPM_RC -// TPM_RC_FAILURE TPM in failure mode, probably due to entropy source -// TPM_RC_SUCCESS candidate is probably prime -// TPM_RC_NO_RESULT candidate is not prime and couldn't find and alternative -// in the field -LIB_EXPORT TPM_RC -PrimeSelectWithSieve( - bigNum candidate, // IN/OUT: The candidate to filter - UINT32 e, // IN: the exponent - RAND_STATE *rand // IN: the random number generator state -); -#if RSA_INSTRUMENT - -char * -PrintTuple( - UINT32 *i -); - -void -RsaSimulationEnd( - void -); - -LIB_EXPORT void -GetSieveStats( - uint32_t *trials, - uint32_t *emptyFields, - uint32_t *averageBits -); - -#endif -#endif // RSA_KEY_SIEVE -#if !RSA_INSTRUMENT -void -RsaSimulationEnd( - void -); -#endif - -#endif // _CRYPT_PRIME_SIEVE_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptPrime_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptPrime_fp.h deleted file mode 100644 index 019bdbc17..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptPrime_fp.h +++ /dev/null @@ -1,137 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Apr 2, 2019 Time: 03:18:00PM - */ - -#ifndef _CRYPT_PRIME_FP_H_ -#define _CRYPT_PRIME_FP_H_ - -//*** IsPrimeInt() -// This will do a test of a word of up to 32-bits in size. -BOOL -IsPrimeInt( - uint32_t n -); - -//*** BnIsProbablyPrime() -// This function is used when the key sieve is not implemented. This function -// Will try to eliminate some of the obvious things before going on -// to perform MillerRabin as a final verification of primeness. -BOOL -BnIsProbablyPrime( - bigNum prime, // IN: - RAND_STATE *rand // IN: the random state just - // in case Miller-Rabin is required -); - -//*** MillerRabinRounds() -// Function returns the number of Miller-Rabin rounds necessary to give an -// error probability equal to the security strength of the prime. These values -// are from FIPS 186-3. -UINT32 -MillerRabinRounds( - UINT32 bits // IN: Number of bits in the RSA prime -); - -//*** MillerRabin() -// This function performs a Miller-Rabin test from FIPS 186-3. It does -// 'iterations' trials on the number. In all likelihood, if the number -// is not prime, the first test fails. -// Return Type: BOOL -// TRUE(1) probably prime -// FALSE(0) composite -BOOL -MillerRabin( - bigNum bnW, - RAND_STATE *rand -); -#if ALG_RSA - -//*** RsaCheckPrime() -// This will check to see if a number is prime and appropriate for an -// RSA prime. -// -// This has different functionality based on whether we are using key -// sieving or not. If not, the number checked to see if it is divisible by -// the public exponent, then the number is adjusted either up or down -// in order to make it a better candidate. It is then checked for being -// probably prime. -// -// If sieving is used, the number is used to root a sieving process. -// -TPM_RC -RsaCheckPrime( - bigNum prime, - UINT32 exponent, - RAND_STATE *rand -); - -//*** AdjustPrimeCandiate() -// This function adjusts the candidate prime so that it is odd and > root(2)/2. -// This allows the product of these two numbers to be .5, which, in fixed point -// notation means that the most significant bit is 1. -// For this routine, the root(2)/2 (0.7071067811865475) approximated with 0xB505 -// which is, in fixed point, 0.7071075439453125 or an error of 0.000108%. Just setting -// the upper two bits would give a value > 0.75 which is an error of > 6%. Given the -// amount of time all the other computations take, reducing the error is not much of -// a cost, but it isn't totally required either. -// -// The code maps the most significant crypt_uword_t in 'prime' so that a 32-/64-bit -// value of 0 to 0xB5050...0 and a value of 0xff...f to 0xff...f. It also sets the LSb -// of 'prime' to make sure that the number is odd. -// -// This code has been fixed so that it will work with a RADIX_SIZE == 64. -// -// The function also puts the number on a field boundary. -LIB_EXPORT void -RsaAdjustPrimeCandidate( - bigNum prime -); - -//***BnGeneratePrimeForRSA() -// Function to generate a prime of the desired size with the proper attributes -// for an RSA prime. -TPM_RC -BnGeneratePrimeForRSA( - bigNum prime, - UINT32 bits, - UINT32 exponent, - RAND_STATE *rand -); -#endif // ALG_RSA - -#endif // _CRYPT_PRIME_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptRand_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptRand_fp.h deleted file mode 100644 index 34e9cc6ec..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptRand_fp.h +++ /dev/null @@ -1,204 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Apr 2, 2019 Time: 03:18:00PM - */ - -#ifndef _CRYPT_RAND_FP_H_ -#define _CRYPT_RAND_FP_H_ - -//*** DRBG_GetEntropy() -// Even though this implementation never fails, it may get blocked -// indefinitely long in the call to get entropy from the platform -// (DRBG_GetEntropy32()). -// This function is only used during instantiation of the DRBG for -// manufacturing and on each start-up after an non-orderly shutdown. -// Return Type: BOOL -// TRUE(1) requested entropy returned -// FALSE(0) entropy Failure -BOOL -DRBG_GetEntropy( - UINT32 requiredEntropy, // IN: requested number of bytes of full - // entropy - BYTE *entropy // OUT: buffer to return collected entropy -); - -//*** IncrementIv() -// This function increments the IV value by 1. It is used by EncryptDRBG(). -void -IncrementIv( - DRBG_IV *iv -); - -//*** DRBG_Reseed() -// This function is used when reseeding of the DRBG is required. If -// entropy is provided, it is used in lieu of using hardware entropy. -// Note: the provided entropy must be the required size. -// Return Type: BOOL -// TRUE(1) reseed succeeded -// FALSE(0) reseed failed, probably due to the entropy generation -BOOL -DRBG_Reseed( - DRBG_STATE *drbgState, // IN: the state to update - DRBG_SEED *providedEntropy, // IN: entropy - DRBG_SEED *additionalData // IN: -); - -//*** DRBG_SelfTest() -// This is run when the DRBG is instantiated and at startup -// Return Type: BOOL -// TRUE(1) test OK -// FALSE(0) test failed -BOOL -DRBG_SelfTest( - void -); - -//*** CryptRandomStir() -// This function is used to cause a reseed. A DRBG_SEED amount of entropy is -// collected from the hardware and then additional data is added. -// Return Type: TPM_RC -// TPM_RC_NO_RESULT failure of the entropy generator -LIB_EXPORT TPM_RC -CryptRandomStir( - UINT16 additionalDataSize, - BYTE *additionalData -); - -//*** CryptRandomGenerate() -// Generate a 'randomSize' number or random bytes. -LIB_EXPORT UINT16 -CryptRandomGenerate( - UINT16 randomSize, - BYTE *buffer -); - -//**** DRBG_InstantiateSeededKdf() -// This function is used to instantiate a KDF-based RNG. This is used for derivations. -// This function always returns TRUE. -LIB_EXPORT BOOL -DRBG_InstantiateSeededKdf( - KDF_STATE *state, // OUT: buffer to hold the state - TPM_ALG_ID hashAlg, // IN: hash algorithm - TPM_ALG_ID kdf, // IN: the KDF to use - TPM2B *seed, // IN: the seed to use - const TPM2B *label, // IN: a label for the generation process. - TPM2B *context, // IN: the context value - UINT32 limit // IN: Maximum number of bits from the KDF -); - -//**** DRBG_AdditionalData() -// Function to reseed the DRBG with additional entropy. This is normally called -// before computing the protection value of a primary key in the Endorsement -// hierarchy. -LIB_EXPORT void -DRBG_AdditionalData( - DRBG_STATE *drbgState, // IN:OUT state to update - TPM2B *additionalData // IN: value to incorporate -); - -//**** DRBG_InstantiateSeeded() -// This function is used to instantiate a random number generator from seed values. -// The nominal use of this generator is to create sequences of pseudo-random -// numbers from a seed value. This function always returns TRUE. -LIB_EXPORT TPM_RC -DRBG_InstantiateSeeded( - DRBG_STATE *drbgState, // IN/OUT: buffer to hold the state - const TPM2B *seed, // IN: the seed to use - const TPM2B *purpose, // IN: a label for the generation process. - const TPM2B *name, // IN: name of the object - const TPM2B *additional // IN: additional data -); - -//**** CryptRandStartup() -// This function is called when TPM_Startup is executed. This function always returns -// TRUE. -LIB_EXPORT BOOL -CryptRandStartup( - void -); - -//**** CryptRandInit() -// This function is called when _TPM_Init is being processed. -// Return Type: BOOL -// TRUE(1) success -// FALSE(0) failure -LIB_EXPORT BOOL -CryptRandInit( - void -); - -//*** DRBG_Generate() -// This function generates a random sequence according SP800-90A. -// If 'random' is not NULL, then 'randomSize' bytes of random values are generated. -// If 'random' is NULL or 'randomSize' is zero, then the function returns -// TRUE without generating any bits or updating the reseed counter. -// This function returns 0 if a reseed is required. Otherwise, it returns the -// number of bytes produced which could be less than the number requested if the -// request is too large. -LIB_EXPORT UINT16 -DRBG_Generate( - RAND_STATE *state, - BYTE *random, // OUT: buffer to receive the random values - UINT16 randomSize // IN: the number of bytes to generate -); - -//*** DRBG_Instantiate() -// This is CTR_DRBG_Instantiate_algorithm() from [SP 800-90A 10.2.1.3.1]. -// This is called when a the TPM DRBG is to be instantiated. This is -// called to instantiate a DRBG used by the TPM for normal -// operations. -// Return Type: BOOL -// TRUE(1) instantiation succeeded -// FALSE(0) instantiation failed -LIB_EXPORT BOOL -DRBG_Instantiate( - DRBG_STATE *drbgState, // OUT: the instantiated value - UINT16 pSize, // IN: Size of personalization string - BYTE *personalization // IN: The personalization string -); - -//*** DRBG_Uninstantiate() -// This is Uninstantiate_function() from [SP 800-90A 9.4]. -// -// Return Type: TPM_RC -// TPM_RC_VALUE not a valid state -LIB_EXPORT TPM_RC -DRBG_Uninstantiate( - DRBG_STATE *drbgState // IN/OUT: working state to erase -); - -#endif // _CRYPT_RAND_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptRsa_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptRsa_fp.h deleted file mode 100644 index 8af477f6c..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptRsa_fp.h +++ /dev/null @@ -1,210 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Apr 2, 2019 Time: 03:18:00PM - */ - -#ifndef _CRYPT_RSA_FP_H_ -#define _CRYPT_RSA_FP_H_ - -#if ALG_RSA - -//*** CryptRsaInit() -// Function called at _TPM_Init(). -BOOL -CryptRsaInit( - void -); - -//*** CryptRsaStartup() -// Function called at TPM2_Startup() -BOOL -CryptRsaStartup( - void -); - -//*** CryptRsaPssSaltSize() -// This function computes the salt size used in PSS. It is broken out so that -// the X509 code can get the same value that is used by the encoding function in this -// module. -INT16 -CryptRsaPssSaltSize( - INT16 hashSize, - INT16 outSize -); - -//*** MakeDerTag() -// Construct the DER value that is used in RSASSA -// Return Type: INT16 -// > 0 size of value -// <= 0 no hash exists -INT16 -MakeDerTag( - TPM_ALG_ID hashAlg, - INT16 sizeOfBuffer, - BYTE *buffer -); - -//*** CryptRsaSelectScheme() -// This function is used by TPM2_RSA_Decrypt and TPM2_RSA_Encrypt. It sets up -// the rules to select a scheme between input and object default. -// This function assume the RSA object is loaded. -// If a default scheme is defined in object, the default scheme should be chosen, -// otherwise, the input scheme should be chosen. -// In the case that both the object and 'scheme' are not TPM_ALG_NULL, then -// if the schemes are the same, the input scheme will be chosen. -// if the scheme are not compatible, a NULL pointer will be returned. -// -// The return pointer may point to a TPM_ALG_NULL scheme. -TPMT_RSA_DECRYPT* -CryptRsaSelectScheme( - TPMI_DH_OBJECT rsaHandle, // IN: handle of an RSA key - TPMT_RSA_DECRYPT *scheme // IN: a sign or decrypt scheme -); - -//*** CryptRsaLoadPrivateExponent() -// This function is called to generate the private exponent of an RSA key. -// Return Type: TPM_RC -// TPM_RC_BINDING public and private parts of 'rsaKey' are not matched -TPM_RC -CryptRsaLoadPrivateExponent( - TPMT_PUBLIC *publicArea, - TPMT_SENSITIVE *sensitive -); - -//*** CryptRsaEncrypt() -// This is the entry point for encryption using RSA. Encryption is -// use of the public exponent. The padding parameter determines what -// padding will be used. -// -// The 'cOutSize' parameter must be at least as large as the size of the key. -// -// If the padding is RSA_PAD_NONE, 'dIn' is treated as a number. It must be -// lower in value than the key modulus. -// NOTE: If dIn has fewer bytes than cOut, then we don't add low-order zeros to -// dIn to make it the size of the RSA key for the call to RSAEP. This is -// because the high order bytes of dIn might have a numeric value that is -// greater than the value of the key modulus. If this had low-order zeros -// added, it would have a numeric value larger than the modulus even though -// it started out with a lower numeric value. -// -// Return Type: TPM_RC -// TPM_RC_VALUE 'cOutSize' is too small (must be the size -// of the modulus) -// TPM_RC_SCHEME 'padType' is not a supported scheme -// -LIB_EXPORT TPM_RC -CryptRsaEncrypt( - TPM2B_PUBLIC_KEY_RSA *cOut, // OUT: the encrypted data - TPM2B *dIn, // IN: the data to encrypt - OBJECT *key, // IN: the key used for encryption - TPMT_RSA_DECRYPT *scheme, // IN: the type of padding and hash - // if needed - const TPM2B *label, // IN: in case it is needed - RAND_STATE *rand // IN: random number generator - // state (mostly for testing) -); - -//*** CryptRsaDecrypt() -// This is the entry point for decryption using RSA. Decryption is -// use of the private exponent. The 'padType' parameter determines what -// padding was used. -// -// Return Type: TPM_RC -// TPM_RC_SIZE 'cInSize' is not the same as the size of the public -// modulus of 'key'; or numeric value of the encrypted -// data is greater than the modulus -// TPM_RC_VALUE 'dOutSize' is not large enough for the result -// TPM_RC_SCHEME 'padType' is not supported -// -LIB_EXPORT TPM_RC -CryptRsaDecrypt( - TPM2B *dOut, // OUT: the decrypted data - TPM2B *cIn, // IN: the data to decrypt - OBJECT *key, // IN: the key to use for decryption - TPMT_RSA_DECRYPT *scheme, // IN: the padding scheme - const TPM2B *label // IN: in case it is needed for the scheme -); - -//*** CryptRsaSign() -// This function is used to generate an RSA signature of the type indicated in -// 'scheme'. -// -// Return Type: TPM_RC -// TPM_RC_SCHEME 'scheme' or 'hashAlg' are not supported -// TPM_RC_VALUE 'hInSize' does not match 'hashAlg' (for RSASSA) -// -LIB_EXPORT TPM_RC -CryptRsaSign( - TPMT_SIGNATURE *sigOut, - OBJECT *key, // IN: key to use - TPM2B_DIGEST *hIn, // IN: the digest to sign - RAND_STATE *rand // IN: the random number generator - // to use (mostly for testing) -); - -//*** CryptRsaValidateSignature() -// This function is used to validate an RSA signature. If the signature is valid -// TPM_RC_SUCCESS is returned. If the signature is not valid, TPM_RC_SIGNATURE is -// returned. Other return codes indicate either parameter problems or fatal errors. -// -// Return Type: TPM_RC -// TPM_RC_SIGNATURE the signature does not check -// TPM_RC_SCHEME unsupported scheme or hash algorithm -// -LIB_EXPORT TPM_RC -CryptRsaValidateSignature( - TPMT_SIGNATURE *sig, // IN: signature - OBJECT *key, // IN: public modulus - TPM2B_DIGEST *digest // IN: The digest being validated -); - -//*** CryptRsaGenerateKey() -// Generate an RSA key from a provided seed -// Return Type: TPM_RC -// TPM_RC_CANCELED operation was canceled -// TPM_RC_RANGE public exponent is not supported -// TPM_RC_VALUE could not find a prime using the provided parameters -LIB_EXPORT TPM_RC -CryptRsaGenerateKey( - TPMT_PUBLIC *publicArea, - TPMT_SENSITIVE *sensitive, - RAND_STATE *rand // IN: if not NULL, the deterministic - // RNG state -); -#endif // ALG_RSA - -#endif // _CRYPT_RSA_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptSelfTest_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptSelfTest_fp.h deleted file mode 100644 index 49c537537..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptSelfTest_fp.h +++ /dev/null @@ -1,108 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Mar 28, 2019 Time: 08:25:19PM - */ - -#ifndef _CRYPT_SELF_TEST_FP_H_ -#define _CRYPT_SELF_TEST_FP_H_ - -//*** CryptSelfTest() -// This function is called to start/complete a full self-test. -// If 'fullTest' is NO, then only the untested algorithms will be run. If -// 'fullTest' is YES, then 'g_untestedDecryptionAlgorithms' is reinitialized and then -// all tests are run. -// This implementation of the reference design does not support processing outside -// the framework of a TPM command. As a consequence, this command does not -// complete until all tests are done. Since this can take a long time, the TPM -// will check after each test to see if the command is canceled. If so, then the -// TPM will returned TPM_RC_CANCELLED. To continue with the self-tests, call -// TPM2_SelfTest(fullTest == No) and the TPM will complete the testing. -// Return Type: TPM_RC -// TPM_RC_CANCELED if the command is canceled -LIB_EXPORT -TPM_RC -CryptSelfTest( - TPMI_YES_NO fullTest // IN: if full test is required -); - -//*** CryptIncrementalSelfTest() -// This function is used to perform an incremental self-test. This implementation -// will perform the toTest values before returning. That is, it assumes that the -// TPM cannot perform background tasks between commands. -// -// This command may be canceled. If it is, then there is no return result. -// However, this command can be run again and the incremental progress will not -// be lost. -// Return Type: TPM_RC -// TPM_RC_CANCELED processing of this command was canceled -// TPM_RC_TESTING if toTest list is not empty -// TPM_RC_VALUE an algorithm in the toTest list is not implemented -TPM_RC -CryptIncrementalSelfTest( - TPML_ALG *toTest, // IN: list of algorithms to be tested - TPML_ALG *toDoList // OUT: list of algorithms needing test -); - -//*** CryptInitializeToTest() -// This function will initialize the data structures for testing all the -// algorithms. This should not be called unless CryptAlgsSetImplemented() has -// been called -void -CryptInitializeToTest( - void -); - -//*** CryptTestAlgorithm() -// Only point of contact with the actual self tests. If a self-test fails, there -// is no return and the TPM goes into failure mode. -// The call to TestAlgorithm uses an algorithm selector and a bit vector. When the -// test is run, the corresponding bit in 'toTest' and in 'g_toTest' is CLEAR. If -// 'toTest' is NULL, then only the bit in 'g_toTest' is CLEAR. -// There is a special case for the call to TestAlgorithm(). When 'alg' is -// ALG_ERROR, TestAlgorithm() will CLEAR any bit in 'toTest' for which it has -// no test. This allows the knowledge about which algorithms have test to be -// accessed through the interface that provides the test. -// Return Type: TPM_RC -// TPM_RC_CANCELED test was canceled -LIB_EXPORT -TPM_RC -CryptTestAlgorithm( - TPM_ALG_ID alg, - ALGORITHM_VECTOR *toTest -); - -#endif // _CRYPT_SELF_TEST_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptSmac_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptSmac_fp.h deleted file mode 100644 index 1c1f6aff5..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptSmac_fp.h +++ /dev/null @@ -1,84 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Mar 28, 2019 Time: 08:25:19PM - */ - -#ifndef _CRYPT_SMAC_FP_H_ -#define _CRYPT_SMAC_FP_H_ - -#if SMAC_IMPLEMENTED - -//*** CryptSmacStart() -// Function to start an SMAC. -UINT16 -CryptSmacStart( - HASH_STATE *state, - TPMU_PUBLIC_PARMS *keyParameters, - TPM_ALG_ID macAlg, // IN: the type of MAC - TPM2B *key -); - -//*** CryptMacStart() -// Function to start either an HMAC or an SMAC. Cannot reuse the CryptHmacStart -// function because of the difference in number of parameters. -UINT16 -CryptMacStart( - HMAC_STATE *state, - TPMU_PUBLIC_PARMS *keyParameters, - TPM_ALG_ID macAlg, // IN: the type of MAC - TPM2B *key -); - -//*** CryptMacEnd() -// Dispatch to the MAC end function using a size and buffer pointer. -UINT16 -CryptMacEnd( - HMAC_STATE *state, - UINT32 size, - BYTE *buffer -); - -//*** CryptMacEnd2B() -// Dispatch to the MAC end function using a 2B. -UINT16 -CryptMacEnd2B ( - HMAC_STATE *state, - TPM2B *data -); -#endif // SMAC_IMPLEMENTED - -#endif // _CRYPT_SMAC_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptSym_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptSym_fp.h deleted file mode 100644 index d02634e65..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptSym_fp.h +++ /dev/null @@ -1,126 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Apr 2, 2019 Time: 03:18:00PM - */ - -#ifndef _CRYPT_SYM_FP_H_ -#define _CRYPT_SYM_FP_H_ - -//** Initialization and Data Access Functions -// -//*** CryptSymInit() -// This function is called to do _TPM_Init processing -BOOL -CryptSymInit( - void -); - -//*** CryptSymStartup() -// This function is called to do TPM2_Startup() processing -BOOL -CryptSymStartup( - void -); - -//*** CryptGetSymmetricBlockSize() -// This function returns the block size of the algorithm. The table of bit sizes has -// an entry for each allowed key size. The entry for a key size is 0 if the TPM does -// not implement that key size. The key size table is delimited with a negative number -// (-1). After the delimiter is a list of block sizes with each entry corresponding -// to the key bit size. For most symmetric algorithms, the block size is the same -// regardless of the key size but this arrangement allows them to be different. -// Return Type: INT16 -// <= 0 cipher not supported -// > 0 the cipher block size in bytes -LIB_EXPORT INT16 -CryptGetSymmetricBlockSize( - TPM_ALG_ID symmetricAlg, // IN: the symmetric algorithm - UINT16 keySizeInBits // IN: the key size -); - -//** Symmetric Encryption -// This function performs symmetric encryption based on the mode. -// Return Type: TPM_RC -// TPM_RC_SIZE 'dSize' is not a multiple of the block size for an -// algorithm that requires it -// TPM_RC_FAILURE Fatal error -LIB_EXPORT TPM_RC -CryptSymmetricEncrypt( - BYTE *dOut, // OUT: - TPM_ALG_ID algorithm, // IN: the symmetric algorithm - UINT16 keySizeInBits, // IN: key size in bits - const BYTE *key, // IN: key buffer. The size of this buffer - // in bytes is (keySizeInBits + 7) / 8 - TPM2B_IV *ivInOut, // IN/OUT: IV for decryption. - TPM_ALG_ID mode, // IN: Mode to use - INT32 dSize, // IN: data size (may need to be a - // multiple of the blockSize) - const BYTE *dIn // IN: data buffer -); - -//*** CryptSymmetricDecrypt() -// This function performs symmetric decryption based on the mode. -// Return Type: TPM_RC -// TPM_RC_FAILURE A fatal error -// TPM_RCS_SIZE 'dSize' is not a multiple of the block size for an -// algorithm that requires it -LIB_EXPORT TPM_RC -CryptSymmetricDecrypt( - BYTE *dOut, // OUT: decrypted data - TPM_ALG_ID algorithm, // IN: the symmetric algorithm - UINT16 keySizeInBits, // IN: key size in bits - const BYTE *key, // IN: key buffer. The size of this buffer - // in bytes is (keySizeInBits + 7) / 8 - TPM2B_IV *ivInOut, // IN/OUT: IV for decryption. - TPM_ALG_ID mode, // IN: Mode to use - INT32 dSize, // IN: data size (may need to be a - // multiple of the blockSize) - const BYTE *dIn // IN: data buffer -); - -//*** CryptSymKeyValidate() -// Validate that a provided symmetric key meets the requirements of the TPM -// Return Type: TPM_RC -// TPM_RC_KEY_SIZE Key size specifiers do not match -// TPM_RC_KEY Key is not allowed -TPM_RC -CryptSymKeyValidate( - TPMT_SYM_DEF_OBJECT *symDef, - TPM2B_SYM_KEY *key -); - -#endif // _CRYPT_SYM_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptUtil_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptUtil_fp.h deleted file mode 100644 index c7367a26d..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptUtil_fp.h +++ /dev/null @@ -1,488 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Mar 28, 2019 Time: 08:25:19PM - */ - -#ifndef _CRYPT_UTIL_FP_H_ -#define _CRYPT_UTIL_FP_H_ - -//*** CryptIsSchemeAnonymous() -// This function is used to test a scheme to see if it is an anonymous scheme -// The only anonymous scheme is ECDAA. ECDAA can be used to do things -// like U-Prove. -BOOL -CryptIsSchemeAnonymous( - TPM_ALG_ID scheme // IN: the scheme algorithm to test -); - -//*** ParmDecryptSym() -// This function performs parameter decryption using symmetric block cipher. -void -ParmDecryptSym( - TPM_ALG_ID symAlg, // IN: the symmetric algorithm - TPM_ALG_ID hash, // IN: hash algorithm for KDFa - UINT16 keySizeInBits, // IN: the key size in bits - TPM2B *key, // IN: KDF HMAC key - TPM2B *nonceCaller, // IN: nonce caller - TPM2B *nonceTpm, // IN: nonce TPM - UINT32 dataSize, // IN: size of parameter buffer - BYTE *data // OUT: buffer to be decrypted -); - -//*** ParmEncryptSym() -// This function performs parameter encryption using symmetric block cipher. -void -ParmEncryptSym( - TPM_ALG_ID symAlg, // IN: symmetric algorithm - TPM_ALG_ID hash, // IN: hash algorithm for KDFa - UINT16 keySizeInBits, // IN: symmetric key size in bits - TPM2B *key, // IN: KDF HMAC key - TPM2B *nonceCaller, // IN: nonce caller - TPM2B *nonceTpm, // IN: nonce TPM - UINT32 dataSize, // IN: size of parameter buffer - BYTE *data // OUT: buffer to be encrypted -); - -//*** CryptXORObfuscation() -// This function implements XOR obfuscation. It should not be called if the -// hash algorithm is not implemented. The only return value from this function -// is TPM_RC_SUCCESS. -void -CryptXORObfuscation( - TPM_ALG_ID hash, // IN: hash algorithm for KDF - TPM2B *key, // IN: KDF key - TPM2B *contextU, // IN: contextU - TPM2B *contextV, // IN: contextV - UINT32 dataSize, // IN: size of data buffer - BYTE *data // IN/OUT: data to be XORed in place -); - -//*** CryptInit() -// This function is called when the TPM receives a _TPM_Init indication. -// -// NOTE: The hash algorithms do not have to be tested, they just need to be -// available. They have to be tested before the TPM can accept HMAC authorization -// or return any result that relies on a hash algorithm. -// Return Type: BOOL -// TRUE(1) initializations succeeded -// FALSE(0) initialization failed and caller should place the TPM into -// Failure Mode -BOOL -CryptInit( - void -); - -//*** CryptStartup() -// This function is called by TPM2_Startup() to initialize the functions in -// this cryptographic library and in the provided CryptoLibrary. This function -// and CryptUtilInit() are both provided so that the implementation may move the -// initialization around to get the best interaction. -// Return Type: BOOL -// TRUE(1) startup succeeded -// FALSE(0) startup failed and caller should place the TPM into -// Failure Mode -BOOL -CryptStartup( - STARTUP_TYPE type // IN: the startup type -); - -//**************************************************************************** -//** Algorithm-Independent Functions -//**************************************************************************** -//*** Introduction -// These functions are used generically when a function of a general type -// (e.g., symmetric encryption) is required. The functions will modify the -// parameters as required to interface to the indicated algorithms. -// -//*** CryptIsAsymAlgorithm() -// This function indicates if an algorithm is an asymmetric algorithm. -// Return Type: BOOL -// TRUE(1) if it is an asymmetric algorithm -// FALSE(0) if it is not an asymmetric algorithm -BOOL -CryptIsAsymAlgorithm( - TPM_ALG_ID algID // IN: algorithm ID -); - -//*** CryptSecretEncrypt() -// This function creates a secret value and its associated secret structure using -// an asymmetric algorithm. -// -// This function is used by TPM2_Rewrap() TPM2_MakeCredential(), -// and TPM2_Duplicate(). -// Return Type: TPM_RC -// TPM_RC_ATTRIBUTES 'keyHandle' does not reference a valid decryption key -// TPM_RC_KEY invalid ECC key (public point is not on the curve) -// TPM_RC_SCHEME RSA key with an unsupported padding scheme -// TPM_RC_VALUE numeric value of the data to be decrypted is greater -// than the RSA key modulus -TPM_RC -CryptSecretEncrypt( - OBJECT *encryptKey, // IN: encryption key object - const TPM2B *label, // IN: a null-terminated string as L - TPM2B_DATA *data, // OUT: secret value - TPM2B_ENCRYPTED_SECRET *secret // OUT: secret structure -); - -//*** CryptSecretDecrypt() -// Decrypt a secret value by asymmetric (or symmetric) algorithm -// This function is used for ActivateCredential and Import for asymmetric -// decryption, and StartAuthSession for both asymmetric and symmetric -// decryption process -// -// Return Type: TPM_RC -// TPM_RC_ATTRIBUTES RSA key is not a decryption key -// TPM_RC_BINDING Invalid RSA key (public and private parts are not -// cryptographically bound. -// TPM_RC_ECC_POINT ECC point in the secret is not on the curve -// TPM_RC_INSUFFICIENT failed to retrieve ECC point from the secret -// TPM_RC_NO_RESULT multiplication resulted in ECC point at infinity -// TPM_RC_SIZE data to decrypt is not of the same size as RSA key -// TPM_RC_VALUE For RSA key, numeric value of the encrypted data is -// greater than the modulus, or the recovered data is -// larger than the output buffer. -// For keyedHash or symmetric key, the secret is -// larger than the size of the digest produced by -// the name algorithm. -// TPM_RC_FAILURE internal error -TPM_RC -CryptSecretDecrypt( - OBJECT *decryptKey, // IN: decrypt key - TPM2B_NONCE *nonceCaller, // IN: nonceCaller. It is needed for - // symmetric decryption. For - // asymmetric decryption, this - // parameter is NULL - const TPM2B *label, // IN: a value for L - TPM2B_ENCRYPTED_SECRET *secret, // IN: input secret - TPM2B_DATA *data // OUT: decrypted secret value -); - -//*** CryptParameterEncryption() -// This function does in-place encryption of a response parameter. -void -CryptParameterEncryption( - TPM_HANDLE handle, // IN: encrypt session handle - TPM2B *nonceCaller, // IN: nonce caller - UINT16 leadingSizeInByte, // IN: the size of the leading size field in - // bytes - TPM2B_AUTH *extraKey, // IN: additional key material other than - // sessionAuth - BYTE *buffer // IN/OUT: parameter buffer to be encrypted -); - -//*** CryptParameterDecryption() -// This function does in-place decryption of a command parameter. -// Return Type: TPM_RC -// TPM_RC_SIZE The number of bytes in the input buffer is less than -// the number of bytes to be decrypted. -TPM_RC -CryptParameterDecryption( - TPM_HANDLE handle, // IN: encrypted session handle - TPM2B *nonceCaller, // IN: nonce caller - UINT32 bufferSize, // IN: size of parameter buffer - UINT16 leadingSizeInByte, // IN: the size of the leading size field in - // byte - TPM2B_AUTH *extraKey, // IN: the authValue - BYTE *buffer // IN/OUT: parameter buffer to be decrypted -); - -//*** CryptComputeSymmetricUnique() -// This function computes the unique field in public area for symmetric objects. -void -CryptComputeSymmetricUnique( - TPMT_PUBLIC *publicArea, // IN: the object's public area - TPMT_SENSITIVE *sensitive, // IN: the associated sensitive area - TPM2B_DIGEST *unique // OUT: unique buffer -); - -//*** CryptCreateObject() -// This function creates an object. -// For an asymmetric key, it will create a key pair and, for a parent key, a seed -// value for child protections. -// -// For an symmetric object, (TPM_ALG_SYMCIPHER or TPM_ALG_KEYEDHASH), it will -// create a secret key if the caller did not provide one. It will create a random -// secret seed value that is hashed with the secret value to create the public -// unique value. -// -// 'publicArea', 'sensitive', and 'sensitiveCreate' are the only required parameters -// and are the only ones that are used by TPM2_Create(). The other parameters -// are optional and are used when the generated Object needs to be deterministic. -// This is the case for both Primary Objects and Derived Objects. -// -// When a seed value is provided, a RAND_STATE will be populated and used for -// all operations in the object generation that require a random number. In the -// simplest case, TPM2_CreatePrimary() will use 'seed', 'label' and 'context' with -// context being the hash of the template. If the Primary Object is in -// the Endorsement hierarchy, it will also populate 'proof' with ehProof. -// -// For derived keys, 'seed' will be the secret value from the parent, 'label' and -// 'context' will be set according to the parameters of TPM2_CreateLoaded() and -// 'hashAlg' will be set which causes the RAND_STATE to be a KDF generator. -// -// Return Type: TPM_RC -// TPM_RC_KEY a provided key is not an allowed value -// TPM_RC_KEY_SIZE key size in the public area does not match the size -// in the sensitive creation area for a symmetric key -// TPM_RC_NO_RESULT unable to get random values (only in derivation) -// TPM_RC_RANGE for an RSA key, the exponent is not supported -// TPM_RC_SIZE sensitive data size is larger than allowed for the -// scheme for a keyed hash object -// TPM_RC_VALUE exponent is not prime or could not find a prime using -// the provided parameters for an RSA key; -// unsupported name algorithm for an ECC key -TPM_RC -CryptCreateObject( - OBJECT *object, // IN: new object structure pointer - TPMS_SENSITIVE_CREATE *sensitiveCreate, // IN: sensitive creation - RAND_STATE *rand // IN: the random number generator - // to use -); - -//*** CryptGetSignHashAlg() -// Get the hash algorithm of signature from a TPMT_SIGNATURE structure. -// It assumes the signature is not NULL -// This is a function for easy access -TPMI_ALG_HASH -CryptGetSignHashAlg( - TPMT_SIGNATURE *auth // IN: signature -); - -//*** CryptIsSplitSign() -// This function us used to determine if the signing operation is a split -// signing operation that required a TPM2_Commit(). -// -BOOL -CryptIsSplitSign( - TPM_ALG_ID scheme // IN: the algorithm selector -); - -//*** CryptIsAsymSignScheme() -// This function indicates if a scheme algorithm is a sign algorithm. -BOOL -CryptIsAsymSignScheme( - TPMI_ALG_PUBLIC publicType, // IN: Type of the object - TPMI_ALG_ASYM_SCHEME scheme // IN: the scheme -); - -//*** CryptIsAsymDecryptScheme() -// This function indicate if a scheme algorithm is a decrypt algorithm. -BOOL -CryptIsAsymDecryptScheme( - TPMI_ALG_PUBLIC publicType, // IN: Type of the object - TPMI_ALG_ASYM_SCHEME scheme // IN: the scheme -); - -//*** CryptSelectSignScheme() -// This function is used by the attestation and signing commands. It implements -// the rules for selecting the signature scheme to use in signing. This function -// requires that the signing key either be TPM_RH_NULL or be loaded. -// -// If a default scheme is defined in object, the default scheme should be chosen, -// otherwise, the input scheme should be chosen. -// In the case that both object and input scheme has a non-NULL scheme -// algorithm, if the schemes are compatible, the input scheme will be chosen. -// -// This function should not be called if 'signObject->publicArea.type' == -// ALG_SYMCIPHER. -// -// Return Type: BOOL -// TRUE(1) scheme selected -// FALSE(0) both 'scheme' and key's default scheme are empty; or -// 'scheme' is empty while key's default scheme requires -// explicit input scheme (split signing); or -// non-empty default key scheme differs from 'scheme' -BOOL -CryptSelectSignScheme( - OBJECT *signObject, // IN: signing key - TPMT_SIG_SCHEME *scheme // IN/OUT: signing scheme -); - -//*** CryptSign() -// Sign a digest with asymmetric key or HMAC. -// This function is called by attestation commands and the generic TPM2_Sign -// command. -// This function checks the key scheme and digest size. It does not -// check if the sign operation is allowed for restricted key. It should be -// checked before the function is called. -// The function will assert if the key is not a signing key. -// -// Return Type: TPM_RC -// TPM_RC_SCHEME 'signScheme' is not compatible with the signing key type -// TPM_RC_VALUE 'digest' value is greater than the modulus of -// 'signHandle' or size of 'hashData' does not match hash -// algorithm in'signScheme' (for an RSA key); -// invalid commit status or failed to generate "r" value -// (for an ECC key) -TPM_RC -CryptSign( - OBJECT *signKey, // IN: signing key - TPMT_SIG_SCHEME *signScheme, // IN: sign scheme. - TPM2B_DIGEST *digest, // IN: The digest being signed - TPMT_SIGNATURE *signature // OUT: signature -); - -//*** CryptValidateSignature() -// This function is used to verify a signature. It is called by -// TPM2_VerifySignature() and TPM2_PolicySigned. -// -// Since this operation only requires use of a public key, no consistency -// checks are necessary for the key to signature type because a caller can load -// any public key that they like with any scheme that they like. This routine -// simply makes sure that the signature is correct, whatever the type. -// -// Return Type: TPM_RC -// TPM_RC_SIGNATURE the signature is not genuine -// TPM_RC_SCHEME the scheme is not supported -// TPM_RC_HANDLE an HMAC key was selected but the -// private part of the key is not loaded -TPM_RC -CryptValidateSignature( - TPMI_DH_OBJECT keyHandle, // IN: The handle of sign key - TPM2B_DIGEST *digest, // IN: The digest being validated - TPMT_SIGNATURE *signature // IN: signature -); - -//*** CryptGetTestResult -// This function returns the results of a self-test function. -// Note: the behavior in this function is NOT the correct behavior for a real -// TPM implementation. An artificial behavior is placed here due to the -// limitation of a software simulation environment. For the correct behavior, -// consult the part 3 specification for TPM2_GetTestResult(). -TPM_RC -CryptGetTestResult( - TPM2B_MAX_BUFFER *outData // OUT: test result data -); - -//*** CryptIsUniqueSizeValid() -// This function validates that the unique values are consistent. -// NOTE: This is not a comprehensive test of the public key. -// Return Type: BOOL -// TRUE(1) sizes are consistent -// FALSE(0) sizes are not consistent -BOOL -CryptIsUniqueSizeValid( - TPMT_PUBLIC *publicArea // IN: the public area to check -); - -//*** CryptIsSensitiveSizeValid() -// This function is used by TPM2_LoadExternal() to validate that the sensitive area -// contains a 'sensitive' value that is consistent with the values in the public -// area. -BOOL -CryptIsSensitiveSizeValid( - TPMT_PUBLIC *publicArea, // IN: the object's public part - TPMT_SENSITIVE *sensitiveArea // IN: the object's sensitive part -); - -//*** CryptValidateKeys() -// This function is used to verify that the key material of and object is valid. -// For a 'publicOnly' object, the key is verified for size and, if it is an ECC -// key, it is verified to be on the specified curve. For a key with a sensitive -// area, the binding between the public and private parts of the key are verified. -// If the nameAlg of the key is TPM_ALG_NULL, then the size of the sensitive area -// is verified but the public portion is not verified, unless the key is an RSA key. -// For an RSA key, the reason for loading the sensitive area is to use it. The -// only way to use a private RSA key is to compute the private exponent. To compute -// the private exponent, the public modulus is used. -// Return Type: TPM_RC -// TPM_RC_BINDING the public and private parts are not cryptographically -// bound -// TPM_RC_HASH cannot have a publicOnly key with nameAlg of TPM_ALG_NULL -// TPM_RC_KEY the public unique is not valid -// TPM_RC_KEY_SIZE the private area key is not valid -// TPM_RC_TYPE the types of the sensitive and private parts do not match -TPM_RC -CryptValidateKeys( - TPMT_PUBLIC *publicArea, - TPMT_SENSITIVE *sensitive, - TPM_RC blamePublic, - TPM_RC blameSensitive -); - -//*** CryptAlgSetImplemented() -// This function initializes the bit vector with one bit for each implemented -// algorithm. This function is called from _TPM_Init(). The vector of implemented -// algorithms should be generated by the part 2 parser so that the -// 'g_implementedAlgorithms' vector can be a constant. That's not how it is now -void -CryptAlgsSetImplemented( - void -); - -//*** CryptSelectMac() -// This function is used to set the MAC scheme based on the key parameters and -// the input scheme. -// Return Type: TPM_RC -// TPM_RC_SCHEME the scheme is not a valid mac scheme -// TPM_RC_TYPE the input key is not a type that supports a mac -// TPM_RC_VALUE the input scheme and the key scheme are not compatible -TPM_RC -CryptSelectMac( - TPMT_PUBLIC *publicArea, - TPMI_ALG_MAC_SCHEME *inMac -); - -//*** CryptMacIsValidForKey() -// Check to see if the key type is compatible with the mac type -BOOL -CryptMacIsValidForKey( - TPM_ALG_ID keyType, - TPM_ALG_ID macAlg, - BOOL flag -); - -//*** CryptSmacIsValidAlg() -// This function is used to test if an algorithm is a supported SMAC algorithm. It -// needs to be updated as new algorithms are added. -BOOL -CryptSmacIsValidAlg( - TPM_ALG_ID alg, - BOOL FLAG // IN: Indicates if TPM_ALG_NULL is valid -); - -//*** CryptSymModeIsValid() -// Function checks to see if an algorithm ID is a valid, symmetric block cipher -// mode for the TPM. If 'flag' is SET, them TPM_ALG_NULL is a valid mode. -// not include the modes used for SMAC -BOOL -CryptSymModeIsValid( - TPM_ALG_ID mode, - BOOL flag -); - -#endif // _CRYPT_UTIL_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/DA_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/DA_fp.h deleted file mode 100644 index 88b50282e..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/DA_fp.h +++ /dev/null @@ -1,88 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Apr 2, 2019 Time: 04:23:27PM - */ - -#ifndef _DA_FP_H_ -#define _DA_FP_H_ - -//*** DAPreInstall_Init() -// This function initializes the DA parameters to their manufacturer-default -// values. The default values are determined by a platform-specific specification. -// -// This function should not be called outside of a manufacturing or simulation -// environment. -// -// The DA parameters will be restored to these initial values by TPM2_Clear(). -void -DAPreInstall_Init( - void -); - -//*** DAStartup() -// This function is called by TPM2_Startup() to initialize the DA parameters. -// In the case of Startup(CLEAR), use of lockoutAuth will be enabled if the -// lockout recovery time is 0. Otherwise, lockoutAuth will not be enabled until -// the TPM has been continuously powered for the lockoutRecovery time. -// -// This function requires that NV be available and not rate limiting. -BOOL -DAStartup( - STARTUP_TYPE type // IN: startup type -); - -//*** DARegisterFailure() -// This function is called when a authorization failure occurs on an entity -// that is subject to dictionary-attack protection. When a DA failure is -// triggered, register the failure by resetting the relevant self-healing -// timer to the current time. -void -DARegisterFailure( - TPM_HANDLE handle // IN: handle for failure -); - -//*** DASelfHeal() -// This function is called to check if sufficient time has passed to allow -// decrement of failedTries or to re-enable use of lockoutAuth. -// -// This function should be called when the time interval is updated. -void -DASelfHeal( - void -); - -#endif // _DA_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/DictionaryAttackLockReset_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/DictionaryAttackLockReset_fp.h deleted file mode 100644 index e8be2fc9c..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/DictionaryAttackLockReset_fp.h +++ /dev/null @@ -1,60 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_DictionaryAttackLockReset // Command must be enabled - -#ifndef _Dictionary_Attack_Lock_Reset_FP_H_ -#define _Dictionary_Attack_Lock_Reset_FP_H_ - -// Input structure definition -typedef struct { - TPMI_RH_LOCKOUT lockHandle; -} DictionaryAttackLockReset_In; - -// Response code modifiers -#define RC_DictionaryAttackLockReset_lockHandle (TPM_RC_H + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_DictionaryAttackLockReset( - DictionaryAttackLockReset_In *in -); - -#endif // _Dictionary_Attack_Lock_Reset_FP_H_ -#endif // CC_DictionaryAttackLockReset diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/DictionaryAttackParameters_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/DictionaryAttackParameters_fp.h deleted file mode 100644 index 787a9e22f..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/DictionaryAttackParameters_fp.h +++ /dev/null @@ -1,66 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_DictionaryAttackParameters // Command must be enabled - -#ifndef _Dictionary_Attack_Parameters_FP_H_ -#define _Dictionary_Attack_Parameters_FP_H_ - -// Input structure definition -typedef struct { - TPMI_RH_LOCKOUT lockHandle; - UINT32 newMaxTries; - UINT32 newRecoveryTime; - UINT32 lockoutRecovery; -} DictionaryAttackParameters_In; - -// Response code modifiers -#define RC_DictionaryAttackParameters_lockHandle (TPM_RC_H + TPM_RC_1) -#define RC_DictionaryAttackParameters_newMaxTries (TPM_RC_P + TPM_RC_1) -#define RC_DictionaryAttackParameters_newRecoveryTime (TPM_RC_P + TPM_RC_2) -#define RC_DictionaryAttackParameters_lockoutRecovery (TPM_RC_P + TPM_RC_3) - -// Function prototype -TPM_RC -TPM2_DictionaryAttackParameters( - DictionaryAttackParameters_In *in -); - -#endif // _Dictionary_Attack_Parameters_FP_H_ -#endif // CC_DictionaryAttackParameters diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Duplicate_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Duplicate_fp.h deleted file mode 100644 index 74f064c6e..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Duplicate_fp.h +++ /dev/null @@ -1,74 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_Duplicate // Command must be enabled - -#ifndef _Duplicate_FP_H_ -#define _Duplicate_FP_H_ - -// Input structure definition -typedef struct { - TPMI_DH_OBJECT objectHandle; - TPMI_DH_OBJECT newParentHandle; - TPM2B_DATA encryptionKeyIn; - TPMT_SYM_DEF_OBJECT symmetricAlg; -} Duplicate_In; - -// Output structure definition -typedef struct { - TPM2B_DATA encryptionKeyOut; - TPM2B_PRIVATE duplicate; - TPM2B_ENCRYPTED_SECRET outSymSeed; -} Duplicate_Out; - -// Response code modifiers -#define RC_Duplicate_objectHandle (TPM_RC_H + TPM_RC_1) -#define RC_Duplicate_newParentHandle (TPM_RC_H + TPM_RC_2) -#define RC_Duplicate_encryptionKeyIn (TPM_RC_P + TPM_RC_1) -#define RC_Duplicate_symmetricAlg (TPM_RC_P + TPM_RC_2) - -// Function prototype -TPM_RC -TPM2_Duplicate( - Duplicate_In *in, - Duplicate_Out *out -); - -#endif // _Duplicate_FP_H_ -#endif // CC_Duplicate diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ECC_Parameters_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ECC_Parameters_fp.h deleted file mode 100644 index c38b14cb3..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ECC_Parameters_fp.h +++ /dev/null @@ -1,66 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_ECC_Parameters // Command must be enabled - -#ifndef _ECC_Parameters_FP_H_ -#define _ECC_Parameters_FP_H_ - -// Input structure definition -typedef struct { - TPMI_ECC_CURVE curveID; -} ECC_Parameters_In; - -// Output structure definition -typedef struct { - TPMS_ALGORITHM_DETAIL_ECC parameters; -} ECC_Parameters_Out; - -// Response code modifiers -#define RC_ECC_Parameters_curveID (TPM_RC_P + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_ECC_Parameters( - ECC_Parameters_In *in, - ECC_Parameters_Out *out -); - -#endif // _ECC_Parameters_FP_H_ -#endif // CC_ECC_Parameters diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ECDH_KeyGen_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ECDH_KeyGen_fp.h deleted file mode 100644 index f86e16f93..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ECDH_KeyGen_fp.h +++ /dev/null @@ -1,67 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_ECDH_KeyGen // Command must be enabled - -#ifndef _ECDH_Key_Gen_FP_H_ -#define _ECDH_Key_Gen_FP_H_ - -// Input structure definition -typedef struct { - TPMI_DH_OBJECT keyHandle; -} ECDH_KeyGen_In; - -// Output structure definition -typedef struct { - TPM2B_ECC_POINT zPoint; - TPM2B_ECC_POINT pubPoint; -} ECDH_KeyGen_Out; - -// Response code modifiers -#define RC_ECDH_KeyGen_keyHandle (TPM_RC_H + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_ECDH_KeyGen( - ECDH_KeyGen_In *in, - ECDH_KeyGen_Out *out -); - -#endif // _ECDH_Key_Gen_FP_H_ -#endif // CC_ECDH_KeyGen diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ECDH_ZGen_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ECDH_ZGen_fp.h deleted file mode 100644 index ba77f5f31..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ECDH_ZGen_fp.h +++ /dev/null @@ -1,68 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_ECDH_ZGen // Command must be enabled - -#ifndef _ECDH_ZGen_FP_H_ -#define _ECDH_ZGen_FP_H_ - -// Input structure definition -typedef struct { - TPMI_DH_OBJECT keyHandle; - TPM2B_ECC_POINT inPoint; -} ECDH_ZGen_In; - -// Output structure definition -typedef struct { - TPM2B_ECC_POINT outPoint; -} ECDH_ZGen_Out; - -// Response code modifiers -#define RC_ECDH_ZGen_keyHandle (TPM_RC_H + TPM_RC_1) -#define RC_ECDH_ZGen_inPoint (TPM_RC_P + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_ECDH_ZGen( - ECDH_ZGen_In *in, - ECDH_ZGen_Out *out -); - -#endif // _ECDH_ZGen_FP_H_ -#endif // CC_ECDH_ZGen diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/EC_Ephemeral_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/EC_Ephemeral_fp.h deleted file mode 100644 index 7b0ba0fec..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/EC_Ephemeral_fp.h +++ /dev/null @@ -1,67 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_EC_Ephemeral // Command must be enabled - -#ifndef _EC_Ephemeral_FP_H_ -#define _EC_Ephemeral_FP_H_ - -// Input structure definition -typedef struct { - TPMI_ECC_CURVE curveID; -} EC_Ephemeral_In; - -// Output structure definition -typedef struct { - TPM2B_ECC_POINT Q; - UINT16 counter; -} EC_Ephemeral_Out; - -// Response code modifiers -#define RC_EC_Ephemeral_curveID (TPM_RC_P + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_EC_Ephemeral( - EC_Ephemeral_In *in, - EC_Ephemeral_Out *out -); - -#endif // _EC_Ephemeral_FP_H_ -#endif // CC_EC_Ephemeral diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/EncryptDecrypt2_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/EncryptDecrypt2_fp.h deleted file mode 100644 index 20e717ede..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/EncryptDecrypt2_fp.h +++ /dev/null @@ -1,75 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_EncryptDecrypt2 // Command must be enabled - -#ifndef _Encrypt_Decrypt2_FP_H_ -#define _Encrypt_Decrypt2_FP_H_ - -// Input structure definition -typedef struct { - TPMI_DH_OBJECT keyHandle; - TPM2B_MAX_BUFFER inData; - TPMI_YES_NO decrypt; - TPMI_ALG_CIPHER_MODE mode; - TPM2B_IV ivIn; -} EncryptDecrypt2_In; - -// Output structure definition -typedef struct { - TPM2B_MAX_BUFFER outData; - TPM2B_IV ivOut; -} EncryptDecrypt2_Out; - -// Response code modifiers -#define RC_EncryptDecrypt2_keyHandle (TPM_RC_H + TPM_RC_1) -#define RC_EncryptDecrypt2_inData (TPM_RC_P + TPM_RC_1) -#define RC_EncryptDecrypt2_decrypt (TPM_RC_P + TPM_RC_2) -#define RC_EncryptDecrypt2_mode (TPM_RC_P + TPM_RC_3) -#define RC_EncryptDecrypt2_ivIn (TPM_RC_P + TPM_RC_4) - -// Function prototype -TPM_RC -TPM2_EncryptDecrypt2( - EncryptDecrypt2_In *in, - EncryptDecrypt2_Out *out -); - -#endif // _Encrypt_Decrypt2_FP_H_ -#endif // CC_EncryptDecrypt2 diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/EncryptDecrypt_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/EncryptDecrypt_fp.h deleted file mode 100644 index 689d2688e..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/EncryptDecrypt_fp.h +++ /dev/null @@ -1,75 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_EncryptDecrypt // Command must be enabled - -#ifndef _Encrypt_Decrypt_FP_H_ -#define _Encrypt_Decrypt_FP_H_ - -// Input structure definition -typedef struct { - TPMI_DH_OBJECT keyHandle; - TPMI_YES_NO decrypt; - TPMI_ALG_CIPHER_MODE mode; - TPM2B_IV ivIn; - TPM2B_MAX_BUFFER inData; -} EncryptDecrypt_In; - -// Output structure definition -typedef struct { - TPM2B_MAX_BUFFER outData; - TPM2B_IV ivOut; -} EncryptDecrypt_Out; - -// Response code modifiers -#define RC_EncryptDecrypt_keyHandle (TPM_RC_H + TPM_RC_1) -#define RC_EncryptDecrypt_decrypt (TPM_RC_P + TPM_RC_1) -#define RC_EncryptDecrypt_mode (TPM_RC_P + TPM_RC_2) -#define RC_EncryptDecrypt_ivIn (TPM_RC_P + TPM_RC_3) -#define RC_EncryptDecrypt_inData (TPM_RC_P + TPM_RC_4) - -// Function prototype -TPM_RC -TPM2_EncryptDecrypt( - EncryptDecrypt_In *in, - EncryptDecrypt_Out *out -); - -#endif // _Encrypt_Decrypt_FP_H_ -#endif // CC_EncryptDecrypt diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/EncryptDecrypt_spt_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/EncryptDecrypt_spt_fp.h deleted file mode 100644 index b1e7c39ef..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/EncryptDecrypt_spt_fp.h +++ /dev/null @@ -1,64 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Mar 28, 2019 Time: 08:25:18PM - */ - -#ifndef _ENCRYPT_DECRYPT_SPT_FP_H_ -#define _ENCRYPT_DECRYPT_SPT_FP_H_ - -#if CC_EncryptDecrypt2 - -// Return Type: TPM_RC -// TPM_RC_KEY is not a symmetric decryption key with both -// public and private portions loaded -// TPM_RC_SIZE 'IvIn' size is incompatible with the block cipher mode; -// or 'inData' size is not an even multiple of the block -// size for CBC or ECB mode -// TPM_RC_VALUE 'keyHandle' is restricted and the argument 'mode' does -// not match the key's mode -TPM_RC -EncryptDecryptShared( - TPMI_DH_OBJECT keyHandleIn, - TPMI_YES_NO decryptIn, - TPMI_ALG_SYM_MODE modeIn, - TPM2B_IV *ivIn, - TPM2B_MAX_BUFFER *inData, - EncryptDecrypt_Out *out -); -#endif // CC_EncryptDecrypt - -#endif // _ENCRYPT_DECRYPT_SPT_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Entity_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Entity_fp.h deleted file mode 100644 index 4bb2a1b55..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Entity_fp.h +++ /dev/null @@ -1,108 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Mar 28, 2019 Time: 08:25:19PM - */ - -#ifndef _ENTITY_FP_H_ -#define _ENTITY_FP_H_ - -//** Functions -//*** EntityGetLoadStatus() -// This function will check that all the handles access loaded entities. -// Return Type: TPM_RC -// TPM_RC_HANDLE handle type does not match -// TPM_RC_REFERENCE_Hx entity is not present -// TPM_RC_HIERARCHY entity belongs to a disabled hierarchy -// TPM_RC_OBJECT_MEMORY handle is an evict object but there is no -// space to load it to RAM -TPM_RC -EntityGetLoadStatus( - COMMAND *command // IN/OUT: command parsing structure -); - -//*** EntityGetAuthValue() -// This function is used to access the 'authValue' associated with a handle. -// This function assumes that the handle references an entity that is accessible -// and the handle is not for a persistent objects. That is EntityGetLoadStatus() -// should have been called. Also, the accessibility of the authValue should have -// been verified by IsAuthValueAvailable(). -// -// This function copies the authorization value of the entity to 'auth'. -// Return Type: UINT16 -// count number of bytes in the authValue with 0's stripped -UINT16 -EntityGetAuthValue( - TPMI_DH_ENTITY handle, // IN: handle of entity - TPM2B_AUTH *auth // OUT: authValue of the entity -); - -//*** EntityGetAuthPolicy() -// This function is used to access the 'authPolicy' associated with a handle. -// This function assumes that the handle references an entity that is accessible -// and the handle is not for a persistent objects. That is EntityGetLoadStatus() -// should have been called. Also, the accessibility of the authPolicy should have -// been verified by IsAuthPolicyAvailable(). -// -// This function copies the authorization policy of the entity to 'authPolicy'. -// -// The return value is the hash algorithm for the policy. -TPMI_ALG_HASH -EntityGetAuthPolicy( - TPMI_DH_ENTITY handle, // IN: handle of entity - TPM2B_DIGEST *authPolicy // OUT: authPolicy of the entity -); - -//*** EntityGetName() -// This function returns the Name associated with a handle. -TPM2B_NAME * -EntityGetName( - TPMI_DH_ENTITY handle, // IN: handle of entity - TPM2B_NAME *name // OUT: name of entity -); - -//*** EntityGetHierarchy() -// This function returns the hierarchy handle associated with an entity. -// 1. A handle that is a hierarchy handle is associated with itself. -// 2. An NV index belongs to TPM_RH_PLATFORM if TPMA_NV_PLATFORMCREATE, -// is SET, otherwise it belongs to TPM_RH_OWNER -// 3. An object handle belongs to its hierarchy. -TPMI_RH_HIERARCHY -EntityGetHierarchy( - TPMI_DH_ENTITY handle // IN :handle of entity -); - -#endif // _ENTITY_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/EventSequenceComplete_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/EventSequenceComplete_fp.h deleted file mode 100644 index ec346f370..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/EventSequenceComplete_fp.h +++ /dev/null @@ -1,70 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_EventSequenceComplete // Command must be enabled - -#ifndef _Event_Sequence_Complete_FP_H_ -#define _Event_Sequence_Complete_FP_H_ - -// Input structure definition -typedef struct { - TPMI_DH_PCR pcrHandle; - TPMI_DH_OBJECT sequenceHandle; - TPM2B_MAX_BUFFER buffer; -} EventSequenceComplete_In; - -// Output structure definition -typedef struct { - TPML_DIGEST_VALUES results; -} EventSequenceComplete_Out; - -// Response code modifiers -#define RC_EventSequenceComplete_pcrHandle (TPM_RC_H + TPM_RC_1) -#define RC_EventSequenceComplete_sequenceHandle (TPM_RC_H + TPM_RC_2) -#define RC_EventSequenceComplete_buffer (TPM_RC_P + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_EventSequenceComplete( - EventSequenceComplete_In *in, - EventSequenceComplete_Out *out -); - -#endif // _Event_Sequence_Complete_FP_H_ -#endif // CC_EventSequenceComplete diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/EvictControl_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/EvictControl_fp.h deleted file mode 100644 index 340eb8c97..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/EvictControl_fp.h +++ /dev/null @@ -1,64 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_EvictControl // Command must be enabled - -#ifndef _Evict_Control_FP_H_ -#define _Evict_Control_FP_H_ - -// Input structure definition -typedef struct { - TPMI_RH_PROVISION auth; - TPMI_DH_OBJECT objectHandle; - TPMI_DH_PERSISTENT persistentHandle; -} EvictControl_In; - -// Response code modifiers -#define RC_EvictControl_auth (TPM_RC_H + TPM_RC_1) -#define RC_EvictControl_objectHandle (TPM_RC_H + TPM_RC_2) -#define RC_EvictControl_persistentHandle (TPM_RC_P + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_EvictControl( - EvictControl_In *in -); - -#endif // _Evict_Control_FP_H_ -#endif // CC_EvictControl diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ExecCommand_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ExecCommand_fp.h deleted file mode 100644 index 7d2e5fdaf..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ExecCommand_fp.h +++ /dev/null @@ -1,88 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Mar 28, 2019 Time: 08:25:19PM - */ - -#ifndef _EXEC_COMMAND_FP_H_ -#define _EXEC_COMMAND_FP_H_ - -//** ExecuteCommand() -// -// The function performs the following steps. -// -// a) Parses the command header from input buffer. -// b) Calls ParseHandleBuffer() to parse the handle area of the command. -// c) Validates that each of the handles references a loaded entity. -// d) Calls ParseSessionBuffer () to: -// 1) unmarshal and parse the session area; -// 2) check the authorizations; and -// 3) when necessary, decrypt a parameter. -// e) Calls CommandDispatcher() to: -// 1) unmarshal the command parameters from the command buffer; -// 2) call the routine that performs the command actions; and -// 3) marshal the responses into the response buffer. -// f) If any error occurs in any of the steps above create the error response -// and return. -// g) Calls BuildResponseSessions() to: -// 1) when necessary, encrypt a parameter -// 2) build the response authorization sessions -// 3) update the audit sessions and nonces -// h) Calls BuildResponseHeader() to complete the construction of the response. -// -// 'responseSize' is set by the caller to the maximum number of bytes available in -// the output buffer. ExecuteCommand will adjust the value and return the number -// of bytes placed in the buffer. -// -// 'response' is also set by the caller to indicate the buffer into which -// ExecuteCommand is to place the response. -// -// 'request' and 'response' may point to the same buffer -// -// Note: As of February, 2016, the failure processing has been moved to the -// platform-specific code. When the TPM code encounters an unrecoverable failure, it -// will SET g_inFailureMode and call _plat__Fail(). That function should not return -// but may call ExecuteCommand(). -// -LIB_EXPORT void -ExecuteCommand( - uint32_t requestSize, // IN: command buffer size - unsigned char *request, // IN: command buffer - uint32_t *responseSize, // IN/OUT: response buffer size - unsigned char **response // IN/OUT: response buffer -); - -#endif // _EXEC_COMMAND_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/FieldUpgradeData_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/FieldUpgradeData_fp.h deleted file mode 100644 index dba27ce31..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/FieldUpgradeData_fp.h +++ /dev/null @@ -1,67 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_FieldUpgradeData // Command must be enabled - -#ifndef _Field_Upgrade_Data_FP_H_ -#define _Field_Upgrade_Data_FP_H_ - -// Input structure definition -typedef struct { - TPM2B_MAX_BUFFER fuData; -} FieldUpgradeData_In; - -// Output structure definition -typedef struct { - TPMT_HA nextDigest; - TPMT_HA firstDigest; -} FieldUpgradeData_Out; - -// Response code modifiers -#define RC_FieldUpgradeData_fuData (TPM_RC_P + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_FieldUpgradeData( - FieldUpgradeData_In *in, - FieldUpgradeData_Out *out -); - -#endif // _Field_Upgrade_Data_FP_H_ -#endif // CC_FieldUpgradeData diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/FieldUpgradeStart_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/FieldUpgradeStart_fp.h deleted file mode 100644 index 0047e3558..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/FieldUpgradeStart_fp.h +++ /dev/null @@ -1,66 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_FieldUpgradeStart // Command must be enabled - -#ifndef _Field_Upgrade_Start_FP_H_ -#define _Field_Upgrade_Start_FP_H_ - -// Input structure definition -typedef struct { - TPMI_RH_PLATFORM authorization; - TPMI_DH_OBJECT keyHandle; - TPM2B_DIGEST fuDigest; - TPMT_SIGNATURE manifestSignature; -} FieldUpgradeStart_In; - -// Response code modifiers -#define RC_FieldUpgradeStart_authorization (TPM_RC_H + TPM_RC_1) -#define RC_FieldUpgradeStart_keyHandle (TPM_RC_H + TPM_RC_2) -#define RC_FieldUpgradeStart_fuDigest (TPM_RC_P + TPM_RC_1) -#define RC_FieldUpgradeStart_manifestSignature (TPM_RC_P + TPM_RC_2) - -// Function prototype -TPM_RC -TPM2_FieldUpgradeStart( - FieldUpgradeStart_In *in -); - -#endif // _Field_Upgrade_Start_FP_H_ -#endif // CC_FieldUpgradeStart diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/FirmwareRead_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/FirmwareRead_fp.h deleted file mode 100644 index bc991ffa5..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/FirmwareRead_fp.h +++ /dev/null @@ -1,66 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_FirmwareRead // Command must be enabled - -#ifndef _Firmware_Read_FP_H_ -#define _Firmware_Read_FP_H_ - -// Input structure definition -typedef struct { - UINT32 sequenceNumber; -} FirmwareRead_In; - -// Output structure definition -typedef struct { - TPM2B_MAX_BUFFER fuData; -} FirmwareRead_Out; - -// Response code modifiers -#define RC_FirmwareRead_sequenceNumber (TPM_RC_P + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_FirmwareRead( - FirmwareRead_In *in, - FirmwareRead_Out *out -); - -#endif // _Firmware_Read_FP_H_ -#endif // CC_FirmwareRead diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/FlushContext_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/FlushContext_fp.h deleted file mode 100644 index 8b0c7ffe8..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/FlushContext_fp.h +++ /dev/null @@ -1,60 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_FlushContext // Command must be enabled - -#ifndef _Flush_Context_FP_H_ -#define _Flush_Context_FP_H_ - -// Input structure definition -typedef struct { - TPMI_DH_CONTEXT flushHandle; -} FlushContext_In; - -// Response code modifiers -#define RC_FlushContext_flushHandle (TPM_RC_P + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_FlushContext( - FlushContext_In *in -); - -#endif // _Flush_Context_FP_H_ -#endif // CC_FlushContext diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/GetCapability_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/GetCapability_fp.h deleted file mode 100644 index 83ad53cfa..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/GetCapability_fp.h +++ /dev/null @@ -1,71 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_GetCapability // Command must be enabled - -#ifndef _Get_Capability_FP_H_ -#define _Get_Capability_FP_H_ - -// Input structure definition -typedef struct { - TPM_CAP capability; - UINT32 property; - UINT32 propertyCount; -} GetCapability_In; - -// Output structure definition -typedef struct { - TPMI_YES_NO moreData; - TPMS_CAPABILITY_DATA capabilityData; -} GetCapability_Out; - -// Response code modifiers -#define RC_GetCapability_capability (TPM_RC_P + TPM_RC_1) -#define RC_GetCapability_property (TPM_RC_P + TPM_RC_2) -#define RC_GetCapability_propertyCount (TPM_RC_P + TPM_RC_3) - -// Function prototype -TPM_RC -TPM2_GetCapability( - GetCapability_In *in, - GetCapability_Out *out -); - -#endif // _Get_Capability_FP_H_ -#endif // CC_GetCapability diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/GetCommandAuditDigest_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/GetCommandAuditDigest_fp.h deleted file mode 100644 index 193250e9a..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/GetCommandAuditDigest_fp.h +++ /dev/null @@ -1,73 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_GetCommandAuditDigest // Command must be enabled - -#ifndef _Get_Command_Audit_Digest_FP_H_ -#define _Get_Command_Audit_Digest_FP_H_ - -// Input structure definition -typedef struct { - TPMI_RH_ENDORSEMENT privacyHandle; - TPMI_DH_OBJECT signHandle; - TPM2B_DATA qualifyingData; - TPMT_SIG_SCHEME inScheme; -} GetCommandAuditDigest_In; - -// Output structure definition -typedef struct { - TPM2B_ATTEST auditInfo; - TPMT_SIGNATURE signature; -} GetCommandAuditDigest_Out; - -// Response code modifiers -#define RC_GetCommandAuditDigest_privacyHandle (TPM_RC_H + TPM_RC_1) -#define RC_GetCommandAuditDigest_signHandle (TPM_RC_H + TPM_RC_2) -#define RC_GetCommandAuditDigest_qualifyingData (TPM_RC_P + TPM_RC_1) -#define RC_GetCommandAuditDigest_inScheme (TPM_RC_P + TPM_RC_2) - -// Function prototype -TPM_RC -TPM2_GetCommandAuditDigest( - GetCommandAuditDigest_In *in, - GetCommandAuditDigest_Out *out -); - -#endif // _Get_Command_Audit_Digest_FP_H_ -#endif // CC_GetCommandAuditDigest diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/GetRandom_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/GetRandom_fp.h deleted file mode 100644 index 1d82cef61..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/GetRandom_fp.h +++ /dev/null @@ -1,66 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_GetRandom // Command must be enabled - -#ifndef _Get_Random_FP_H_ -#define _Get_Random_FP_H_ - -// Input structure definition -typedef struct { - UINT16 bytesRequested; -} GetRandom_In; - -// Output structure definition -typedef struct { - TPM2B_DIGEST randomBytes; -} GetRandom_Out; - -// Response code modifiers -#define RC_GetRandom_bytesRequested (TPM_RC_P + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_GetRandom( - GetRandom_In *in, - GetRandom_Out *out -); - -#endif // _Get_Random_FP_H_ -#endif // CC_GetRandom diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/GetSessionAuditDigest_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/GetSessionAuditDigest_fp.h deleted file mode 100644 index e3ef9f651..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/GetSessionAuditDigest_fp.h +++ /dev/null @@ -1,75 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_GetSessionAuditDigest // Command must be enabled - -#ifndef _Get_Session_Audit_Digest_FP_H_ -#define _Get_Session_Audit_Digest_FP_H_ - -// Input structure definition -typedef struct { - TPMI_RH_ENDORSEMENT privacyAdminHandle; - TPMI_DH_OBJECT signHandle; - TPMI_SH_HMAC sessionHandle; - TPM2B_DATA qualifyingData; - TPMT_SIG_SCHEME inScheme; -} GetSessionAuditDigest_In; - -// Output structure definition -typedef struct { - TPM2B_ATTEST auditInfo; - TPMT_SIGNATURE signature; -} GetSessionAuditDigest_Out; - -// Response code modifiers -#define RC_GetSessionAuditDigest_privacyAdminHandle (TPM_RC_H + TPM_RC_1) -#define RC_GetSessionAuditDigest_signHandle (TPM_RC_H + TPM_RC_2) -#define RC_GetSessionAuditDigest_sessionHandle (TPM_RC_H + TPM_RC_3) -#define RC_GetSessionAuditDigest_qualifyingData (TPM_RC_P + TPM_RC_1) -#define RC_GetSessionAuditDigest_inScheme (TPM_RC_P + TPM_RC_2) - -// Function prototype -TPM_RC -TPM2_GetSessionAuditDigest( - GetSessionAuditDigest_In *in, - GetSessionAuditDigest_Out *out -); - -#endif // _Get_Session_Audit_Digest_FP_H_ -#endif // CC_GetSessionAuditDigest diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/GetTestResult_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/GetTestResult_fp.h deleted file mode 100644 index 22fdc00db..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/GetTestResult_fp.h +++ /dev/null @@ -1,59 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_GetTestResult // Command must be enabled - -#ifndef _Get_Test_Result_FP_H_ -#define _Get_Test_Result_FP_H_ - -// Output structure definition -typedef struct { - TPM2B_MAX_BUFFER outData; - TPM_RC testResult; -} GetTestResult_Out; - - -// Function prototype -TPM_RC -TPM2_GetTestResult( - GetTestResult_Out *out -); - -#endif // _Get_Test_Result_FP_H_ -#endif // CC_GetTestResult diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/GetTime_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/GetTime_fp.h deleted file mode 100644 index 2ef55ac5f..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/GetTime_fp.h +++ /dev/null @@ -1,73 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_GetTime // Command must be enabled - -#ifndef _Get_Time_FP_H_ -#define _Get_Time_FP_H_ - -// Input structure definition -typedef struct { - TPMI_RH_ENDORSEMENT privacyAdminHandle; - TPMI_DH_OBJECT signHandle; - TPM2B_DATA qualifyingData; - TPMT_SIG_SCHEME inScheme; -} GetTime_In; - -// Output structure definition -typedef struct { - TPM2B_ATTEST timeInfo; - TPMT_SIGNATURE signature; -} GetTime_Out; - -// Response code modifiers -#define RC_GetTime_privacyAdminHandle (TPM_RC_H + TPM_RC_1) -#define RC_GetTime_signHandle (TPM_RC_H + TPM_RC_2) -#define RC_GetTime_qualifyingData (TPM_RC_P + TPM_RC_1) -#define RC_GetTime_inScheme (TPM_RC_P + TPM_RC_2) - -// Function prototype -TPM_RC -TPM2_GetTime( - GetTime_In *in, - GetTime_Out *out -); - -#endif // _Get_Time_FP_H_ -#endif // CC_GetTime diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/HMAC_Start_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/HMAC_Start_fp.h deleted file mode 100644 index 79f4a96cb..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/HMAC_Start_fp.h +++ /dev/null @@ -1,70 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_HMAC_Start // Command must be enabled - -#ifndef _HMAC_Start_FP_H_ -#define _HMAC_Start_FP_H_ - -// Input structure definition -typedef struct { - TPMI_DH_OBJECT handle; - TPM2B_AUTH auth; - TPMI_ALG_HASH hashAlg; -} HMAC_Start_In; - -// Output structure definition -typedef struct { - TPMI_DH_OBJECT sequenceHandle; -} HMAC_Start_Out; - -// Response code modifiers -#define RC_HMAC_Start_handle (TPM_RC_H + TPM_RC_1) -#define RC_HMAC_Start_auth (TPM_RC_P + TPM_RC_1) -#define RC_HMAC_Start_hashAlg (TPM_RC_P + TPM_RC_2) - -// Function prototype -TPM_RC -TPM2_HMAC_Start( - HMAC_Start_In *in, - HMAC_Start_Out *out -); - -#endif // _HMAC_Start_FP_H_ -#endif // CC_HMAC_Start diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/HMAC_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/HMAC_fp.h deleted file mode 100644 index 63a6d0fbd..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/HMAC_fp.h +++ /dev/null @@ -1,70 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_HMAC // Command must be enabled - -#ifndef _HMAC_FP_H_ -#define _HMAC_FP_H_ - -// Input structure definition -typedef struct { - TPMI_DH_OBJECT handle; - TPM2B_MAX_BUFFER buffer; - TPMI_ALG_HASH hashAlg; -} HMAC_In; - -// Output structure definition -typedef struct { - TPM2B_DIGEST outHMAC; -} HMAC_Out; - -// Response code modifiers -#define RC_HMAC_handle (TPM_RC_H + TPM_RC_1) -#define RC_HMAC_buffer (TPM_RC_P + TPM_RC_1) -#define RC_HMAC_hashAlg (TPM_RC_P + TPM_RC_2) - -// Function prototype -TPM_RC -TPM2_HMAC( - HMAC_In *in, - HMAC_Out *out -); - -#endif // _HMAC_FP_H_ -#endif // CC_HMAC diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Handle_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Handle_fp.h deleted file mode 100644 index 8ada3d356..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Handle_fp.h +++ /dev/null @@ -1,87 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Mar 28, 2019 Time: 08:25:19PM - */ - -#ifndef _HANDLE_FP_H_ -#define _HANDLE_FP_H_ - -//*** HandleGetType() -// This function returns the type of a handle which is the MSO of the handle. -TPM_HT -HandleGetType( - TPM_HANDLE handle // IN: a handle to be checked -); - -//*** NextPermanentHandle() -// This function returns the permanent handle that is equal to the input value or -// is the next higher value. If there is no handle with the input value and there -// is no next higher value, it returns 0: -TPM_HANDLE -NextPermanentHandle( - TPM_HANDLE inHandle // IN: the handle to check -); - -//*** PermanentCapGetHandles() -// This function returns a list of the permanent handles of PCR, started from -// 'handle'. If 'handle' is larger than the largest permanent handle, an empty list -// will be returned with 'more' set to NO. -// Return Type: TPMI_YES_NO -// YES if there are more handles available -// NO all the available handles has been returned -TPMI_YES_NO -PermanentCapGetHandles( - TPM_HANDLE handle, // IN: start handle - UINT32 count, // IN: count of returned handles - TPML_HANDLE *handleList // OUT: list of handle -); - -//*** PermanentHandleGetPolicy() -// This function returns a list of the permanent handles of PCR, started from -// 'handle'. If 'handle' is larger than the largest permanent handle, an empty list -// will be returned with 'more' set to NO. -// Return Type: TPMI_YES_NO -// YES if there are more handles available -// NO all the available handles has been returned -TPMI_YES_NO -PermanentHandleGetPolicy( - TPM_HANDLE handle, // IN: start handle - UINT32 count, // IN: max count of returned handles - TPML_TAGGED_POLICY *policyList // OUT: list of handle -); - -#endif // _HANDLE_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/HashSequenceStart_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/HashSequenceStart_fp.h deleted file mode 100644 index a3abb2219..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/HashSequenceStart_fp.h +++ /dev/null @@ -1,68 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_HashSequenceStart // Command must be enabled - -#ifndef _Hash_Sequence_Start_FP_H_ -#define _Hash_Sequence_Start_FP_H_ - -// Input structure definition -typedef struct { - TPM2B_AUTH auth; - TPMI_ALG_HASH hashAlg; -} HashSequenceStart_In; - -// Output structure definition -typedef struct { - TPMI_DH_OBJECT sequenceHandle; -} HashSequenceStart_Out; - -// Response code modifiers -#define RC_HashSequenceStart_auth (TPM_RC_P + TPM_RC_1) -#define RC_HashSequenceStart_hashAlg (TPM_RC_P + TPM_RC_2) - -// Function prototype -TPM_RC -TPM2_HashSequenceStart( - HashSequenceStart_In *in, - HashSequenceStart_Out *out -); - -#endif // _Hash_Sequence_Start_FP_H_ -#endif // CC_HashSequenceStart diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Hash_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Hash_fp.h deleted file mode 100644 index c59a4ab6f..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Hash_fp.h +++ /dev/null @@ -1,71 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_Hash // Command must be enabled - -#ifndef _Hash_FP_H_ -#define _Hash_FP_H_ - -// Input structure definition -typedef struct { - TPM2B_MAX_BUFFER data; - TPMI_ALG_HASH hashAlg; - TPMI_RH_HIERARCHY hierarchy; -} Hash_In; - -// Output structure definition -typedef struct { - TPM2B_DIGEST outHash; - TPMT_TK_HASHCHECK validation; -} Hash_Out; - -// Response code modifiers -#define RC_Hash_data (TPM_RC_P + TPM_RC_1) -#define RC_Hash_hashAlg (TPM_RC_P + TPM_RC_2) -#define RC_Hash_hierarchy (TPM_RC_P + TPM_RC_3) - -// Function prototype -TPM_RC -TPM2_Hash( - Hash_In *in, - Hash_Out *out -); - -#endif // _Hash_FP_H_ -#endif // CC_Hash diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/HierarchyChangeAuth_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/HierarchyChangeAuth_fp.h deleted file mode 100644 index 2538a7053..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/HierarchyChangeAuth_fp.h +++ /dev/null @@ -1,62 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_HierarchyChangeAuth // Command must be enabled - -#ifndef _Hierarchy_Change_Auth_FP_H_ -#define _Hierarchy_Change_Auth_FP_H_ - -// Input structure definition -typedef struct { - TPMI_RH_HIERARCHY_AUTH authHandle; - TPM2B_AUTH newAuth; -} HierarchyChangeAuth_In; - -// Response code modifiers -#define RC_HierarchyChangeAuth_authHandle (TPM_RC_H + TPM_RC_1) -#define RC_HierarchyChangeAuth_newAuth (TPM_RC_P + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_HierarchyChangeAuth( - HierarchyChangeAuth_In *in -); - -#endif // _Hierarchy_Change_Auth_FP_H_ -#endif // CC_HierarchyChangeAuth diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/HierarchyControl_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/HierarchyControl_fp.h deleted file mode 100644 index 8431ff51d..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/HierarchyControl_fp.h +++ /dev/null @@ -1,64 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_HierarchyControl // Command must be enabled - -#ifndef _Hierarchy_Control_FP_H_ -#define _Hierarchy_Control_FP_H_ - -// Input structure definition -typedef struct { - TPMI_RH_HIERARCHY authHandle; - TPMI_RH_ENABLES enable; - TPMI_YES_NO state; -} HierarchyControl_In; - -// Response code modifiers -#define RC_HierarchyControl_authHandle (TPM_RC_H + TPM_RC_1) -#define RC_HierarchyControl_enable (TPM_RC_P + TPM_RC_1) -#define RC_HierarchyControl_state (TPM_RC_P + TPM_RC_2) - -// Function prototype -TPM_RC -TPM2_HierarchyControl( - HierarchyControl_In *in -); - -#endif // _Hierarchy_Control_FP_H_ -#endif // CC_HierarchyControl diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Hierarchy_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Hierarchy_fp.h deleted file mode 100644 index dc55a9439..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Hierarchy_fp.h +++ /dev/null @@ -1,87 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Apr 2, 2019 Time: 04:23:27PM - */ - -#ifndef _HIERARCHY_FP_H_ -#define _HIERARCHY_FP_H_ - -//*** HierarchyPreInstall() -// This function performs the initialization functions for the hierarchy -// when the TPM is simulated. This function should not be called if the -// TPM is not in a manufacturing mode at the manufacturer, or in a simulated -// environment. -void -HierarchyPreInstall_Init( - void -); - -//*** HierarchyStartup() -// This function is called at TPM2_Startup() to initialize the hierarchy -// related values. -BOOL -HierarchyStartup( - STARTUP_TYPE type // IN: start up type -); - -//*** HierarchyGetProof() -// This function finds the proof value associated with a hierarchy.It returns a -// pointer to the proof value. -TPM2B_PROOF * -HierarchyGetProof( - TPMI_RH_HIERARCHY hierarchy // IN: hierarchy constant -); - -//*** HierarchyGetPrimarySeed() -// This function returns the primary seed of a hierarchy. -TPM2B_SEED * -HierarchyGetPrimarySeed( - TPMI_RH_HIERARCHY hierarchy // IN: hierarchy -); - -//*** HierarchyIsEnabled() -// This function checks to see if a hierarchy is enabled. -// NOTE: The TPM_RH_NULL hierarchy is always enabled. -// Return Type: BOOL -// TRUE(1) hierarchy is enabled -// FALSE(0) hierarchy is disabled -BOOL -HierarchyIsEnabled( - TPMI_RH_HIERARCHY hierarchy // IN: hierarchy -); - -#endif // _HIERARCHY_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Import_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Import_fp.h deleted file mode 100644 index d997754f9..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Import_fp.h +++ /dev/null @@ -1,76 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_Import // Command must be enabled - -#ifndef _Import_FP_H_ -#define _Import_FP_H_ - -// Input structure definition -typedef struct { - TPMI_DH_OBJECT parentHandle; - TPM2B_DATA encryptionKey; - TPM2B_PUBLIC objectPublic; - TPM2B_PRIVATE duplicate; - TPM2B_ENCRYPTED_SECRET inSymSeed; - TPMT_SYM_DEF_OBJECT symmetricAlg; -} Import_In; - -// Output structure definition -typedef struct { - TPM2B_PRIVATE outPrivate; -} Import_Out; - -// Response code modifiers -#define RC_Import_parentHandle (TPM_RC_H + TPM_RC_1) -#define RC_Import_encryptionKey (TPM_RC_P + TPM_RC_1) -#define RC_Import_objectPublic (TPM_RC_P + TPM_RC_2) -#define RC_Import_duplicate (TPM_RC_P + TPM_RC_3) -#define RC_Import_inSymSeed (TPM_RC_P + TPM_RC_4) -#define RC_Import_symmetricAlg (TPM_RC_P + TPM_RC_5) - -// Function prototype -TPM_RC -TPM2_Import( - Import_In *in, - Import_Out *out -); - -#endif // _Import_FP_H_ -#endif // CC_Import diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/IncrementalSelfTest_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/IncrementalSelfTest_fp.h deleted file mode 100644 index cd384cb50..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/IncrementalSelfTest_fp.h +++ /dev/null @@ -1,66 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_IncrementalSelfTest // Command must be enabled - -#ifndef _Incremental_Self_Test_FP_H_ -#define _Incremental_Self_Test_FP_H_ - -// Input structure definition -typedef struct { - TPML_ALG toTest; -} IncrementalSelfTest_In; - -// Output structure definition -typedef struct { - TPML_ALG toDoList; -} IncrementalSelfTest_Out; - -// Response code modifiers -#define RC_IncrementalSelfTest_toTest (TPM_RC_P + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_IncrementalSelfTest( - IncrementalSelfTest_In *in, - IncrementalSelfTest_Out *out -); - -#endif // _Incremental_Self_Test_FP_H_ -#endif // CC_IncrementalSelfTest diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/IoBuffers_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/IoBuffers_fp.h deleted file mode 100644 index dd74dad60..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/IoBuffers_fp.h +++ /dev/null @@ -1,87 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Mar 28, 2019 Time: 08:25:19PM - */ - -#ifndef _IO_BUFFERS_FP_H_ -#define _IO_BUFFERS_FP_H_ - -//*** MemoryIoBufferAllocationReset() -// This function is used to reset the allocation of buffers. -void -MemoryIoBufferAllocationReset( - void -); - -//*** MemoryIoBufferZero() -// Function zeros the action I/O buffer at the end of a command. Calling this is -// not mandatory for proper functionality. -void -MemoryIoBufferZero( - void -); - -//*** MemoryGetInBuffer() -// This function returns the address of the buffer into which the -// command parameters will be unmarshaled in preparation for calling -// the command actions. -BYTE * -MemoryGetInBuffer( - UINT32 size // Size, in bytes, required for the input - // unmarshaling -); - -//*** MemoryGetOutBuffer() -// This function returns the address of the buffer into which the command -// action code places its output values. -BYTE * -MemoryGetOutBuffer( - UINT32 size // required size of the buffer -); - -//*** IsLabelProperlyFormatted() -// This function checks that a label is a null-terminated string. -// NOTE: this function is here because there was no better place for it. -// Return Type: BOOL -// TRUE(1) string is null terminated -// FALSE(0) string is not null terminated -BOOL -IsLabelProperlyFormatted( - TPM2B *x -); - -#endif // _IO_BUFFERS_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/LoadExternal_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/LoadExternal_fp.h deleted file mode 100644 index d1691bac4..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/LoadExternal_fp.h +++ /dev/null @@ -1,71 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_LoadExternal // Command must be enabled - -#ifndef _Load_External_FP_H_ -#define _Load_External_FP_H_ - -// Input structure definition -typedef struct { - TPM2B_SENSITIVE inPrivate; - TPM2B_PUBLIC inPublic; - TPMI_RH_HIERARCHY hierarchy; -} LoadExternal_In; - -// Output structure definition -typedef struct { - TPM_HANDLE objectHandle; - TPM2B_NAME name; -} LoadExternal_Out; - -// Response code modifiers -#define RC_LoadExternal_inPrivate (TPM_RC_P + TPM_RC_1) -#define RC_LoadExternal_inPublic (TPM_RC_P + TPM_RC_2) -#define RC_LoadExternal_hierarchy (TPM_RC_P + TPM_RC_3) - -// Function prototype -TPM_RC -TPM2_LoadExternal( - LoadExternal_In *in, - LoadExternal_Out *out -); - -#endif // _Load_External_FP_H_ -#endif // CC_LoadExternal diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Load_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Load_fp.h deleted file mode 100644 index 3a61c5394..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Load_fp.h +++ /dev/null @@ -1,71 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_Load // Command must be enabled - -#ifndef _Load_FP_H_ -#define _Load_FP_H_ - -// Input structure definition -typedef struct { - TPMI_DH_OBJECT parentHandle; - TPM2B_PRIVATE inPrivate; - TPM2B_PUBLIC inPublic; -} Load_In; - -// Output structure definition -typedef struct { - TPM_HANDLE objectHandle; - TPM2B_NAME name; -} Load_Out; - -// Response code modifiers -#define RC_Load_parentHandle (TPM_RC_H + TPM_RC_1) -#define RC_Load_inPrivate (TPM_RC_P + TPM_RC_1) -#define RC_Load_inPublic (TPM_RC_P + TPM_RC_2) - -// Function prototype -TPM_RC -TPM2_Load( - Load_In *in, - Load_Out *out -); - -#endif // _Load_FP_H_ -#endif // CC_Load diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Locality_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Locality_fp.h deleted file mode 100644 index c3298b1db..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Locality_fp.h +++ /dev/null @@ -1,53 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Mar 28, 2019 Time: 08:25:19PM - */ - -#ifndef _LOCALITY_FP_H_ -#define _LOCALITY_FP_H_ - -//** LocalityGetAttributes() -// This function will convert a locality expressed as an integer into -// TPMA_LOCALITY form. -// -// The function returns the locality attribute. -TPMA_LOCALITY -LocalityGetAttributes( - UINT8 locality // IN: locality value -); - -#endif // _LOCALITY_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/MAC_Start_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/MAC_Start_fp.h deleted file mode 100644 index aeec79cc0..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/MAC_Start_fp.h +++ /dev/null @@ -1,70 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_MAC_Start // Command must be enabled - -#ifndef _MAC_Start_FP_H_ -#define _MAC_Start_FP_H_ - -// Input structure definition -typedef struct { - TPMI_DH_OBJECT handle; - TPM2B_AUTH auth; - TPMI_ALG_MAC_SCHEME inScheme; -} MAC_Start_In; - -// Output structure definition -typedef struct { - TPMI_DH_OBJECT sequenceHandle; -} MAC_Start_Out; - -// Response code modifiers -#define RC_MAC_Start_handle (TPM_RC_H + TPM_RC_1) -#define RC_MAC_Start_auth (TPM_RC_P + TPM_RC_1) -#define RC_MAC_Start_inScheme (TPM_RC_P + TPM_RC_2) - -// Function prototype -TPM_RC -TPM2_MAC_Start( - MAC_Start_In *in, - MAC_Start_Out *out -); - -#endif // _MAC_Start_FP_H_ -#endif // CC_MAC_Start diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/MAC_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/MAC_fp.h deleted file mode 100644 index fe9bf102e..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/MAC_fp.h +++ /dev/null @@ -1,70 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_MAC // Command must be enabled - -#ifndef _MAC_FP_H_ -#define _MAC_FP_H_ - -// Input structure definition -typedef struct { - TPMI_DH_OBJECT handle; - TPM2B_MAX_BUFFER buffer; - TPMI_ALG_MAC_SCHEME inScheme; -} MAC_In; - -// Output structure definition -typedef struct { - TPM2B_DIGEST outMAC; -} MAC_Out; - -// Response code modifiers -#define RC_MAC_handle (TPM_RC_H + TPM_RC_1) -#define RC_MAC_buffer (TPM_RC_P + TPM_RC_1) -#define RC_MAC_inScheme (TPM_RC_P + TPM_RC_2) - -// Function prototype -TPM_RC -TPM2_MAC( - MAC_In *in, - MAC_Out *out -); - -#endif // _MAC_FP_H_ -#endif // CC_MAC diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/MakeCredential_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/MakeCredential_fp.h deleted file mode 100644 index f34b5b2ac..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/MakeCredential_fp.h +++ /dev/null @@ -1,71 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_MakeCredential // Command must be enabled - -#ifndef _Make_Credential_FP_H_ -#define _Make_Credential_FP_H_ - -// Input structure definition -typedef struct { - TPMI_DH_OBJECT handle; - TPM2B_DIGEST credential; - TPM2B_NAME objectName; -} MakeCredential_In; - -// Output structure definition -typedef struct { - TPM2B_ID_OBJECT credentialBlob; - TPM2B_ENCRYPTED_SECRET secret; -} MakeCredential_Out; - -// Response code modifiers -#define RC_MakeCredential_handle (TPM_RC_H + TPM_RC_1) -#define RC_MakeCredential_credential (TPM_RC_P + TPM_RC_1) -#define RC_MakeCredential_objectName (TPM_RC_P + TPM_RC_2) - -// Function prototype -TPM_RC -TPM2_MakeCredential( - MakeCredential_In *in, - MakeCredential_Out *out -); - -#endif // _Make_Credential_FP_H_ -#endif // CC_MakeCredential diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Manufacture_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Manufacture_fp.h deleted file mode 100644 index d3fd77ffc..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Manufacture_fp.h +++ /dev/null @@ -1,79 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Mar 28, 2019 Time: 08:25:19PM - */ - -#ifndef _MANUFACTURE_FP_H_ -#define _MANUFACTURE_FP_H_ - -//*** TPM_Manufacture() -// This function initializes the TPM values in preparation for the TPM's first -// use. This function will fail if previously called. The TPM can be re-manufactured -// by calling TPM_Teardown() first and then calling this function again. -// Return Type: int -// 0 success -// 1 manufacturing process previously performed -LIB_EXPORT int -TPM_Manufacture( - int firstTime // IN: indicates if this is the first call from - // main() -); - -//*** TPM_TearDown() -// This function prepares the TPM for re-manufacture. It should not be implemented -// in anything other than a simulated TPM. -// -// In this implementation, all that is needs is to stop the cryptographic units -// and set a flag to indicate that the TPM can be re-manufactured. This should -// be all that is necessary to start the manufacturing process again. -// Return Type: int -// 0 success -// 1 TPM not previously manufactured -LIB_EXPORT int -TPM_TearDown( - void -); - -//*** TpmEndSimulation() -// This function is called at the end of the simulation run. It is used to provoke -// printing of any statistics that might be needed. -LIB_EXPORT void -TpmEndSimulation( - void -); - -#endif // _MANUFACTURE_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Marshal_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Marshal_fp.h deleted file mode 100644 index c0328a92a..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Marshal_fp.h +++ /dev/null @@ -1,2408 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmMarshal; Version 4.1 Dec 10, 2018 - * Date: Apr 2, 2019 Time: 11:00:48AM - */ - -#ifndef _MARSHAL_FP_H_ -#define _MARSHAL_FP_H_ - -// Table 2:3 - Definition of Base Types -// UINT8 definition from table 2:3 -TPM_RC -UINT8_Unmarshal(UINT8 *target, BYTE **buffer, INT32 *size); -UINT16 -UINT8_Marshal(UINT8 *source, BYTE **buffer, INT32 *size); - -// BYTE definition from table 2:3 -#if !USE_MARSHALING_DEFINES -TPM_RC -BYTE_Unmarshal(BYTE *target, BYTE **buffer, INT32 *size); -#else -#define BYTE_Unmarshal(target, buffer, size) \ - UINT8_Unmarshal((UINT8 *)(target), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -UINT16 -BYTE_Marshal(BYTE *source, BYTE **buffer, INT32 *size); -#else -#define BYTE_Marshal(source, buffer, size) \ - UINT8_Marshal((UINT8 *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// INT8 definition from table 2:3 -#if !USE_MARSHALING_DEFINES -TPM_RC -INT8_Unmarshal(INT8 *target, BYTE **buffer, INT32 *size); -#else -#define INT8_Unmarshal(target, buffer, size) \ - UINT8_Unmarshal((UINT8 *)(target), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -UINT16 -INT8_Marshal(INT8 *source, BYTE **buffer, INT32 *size); -#else -#define INT8_Marshal(source, buffer, size) \ - UINT8_Marshal((UINT8 *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// UINT16 definition from table 2:3 -TPM_RC -UINT16_Unmarshal(UINT16 *target, BYTE **buffer, INT32 *size); -UINT16 -UINT16_Marshal(UINT16 *source, BYTE **buffer, INT32 *size); - -// INT16 definition from table 2:3 -#if !USE_MARSHALING_DEFINES -TPM_RC -INT16_Unmarshal(INT16 *target, BYTE **buffer, INT32 *size); -#else -#define INT16_Unmarshal(target, buffer, size) \ - UINT16_Unmarshal((UINT16 *)(target), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -UINT16 -INT16_Marshal(INT16 *source, BYTE **buffer, INT32 *size); -#else -#define INT16_Marshal(source, buffer, size) \ - UINT16_Marshal((UINT16 *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// UINT32 definition from table 2:3 -TPM_RC -UINT32_Unmarshal(UINT32 *target, BYTE **buffer, INT32 *size); -UINT16 -UINT32_Marshal(UINT32 *source, BYTE **buffer, INT32 *size); - -// INT32 definition from table 2:3 -#if !USE_MARSHALING_DEFINES -TPM_RC -INT32_Unmarshal(INT32 *target, BYTE **buffer, INT32 *size); -#else -#define INT32_Unmarshal(target, buffer, size) \ - UINT32_Unmarshal((UINT32 *)(target), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -UINT16 -INT32_Marshal(INT32 *source, BYTE **buffer, INT32 *size); -#else -#define INT32_Marshal(source, buffer, size) \ - UINT32_Marshal((UINT32 *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// UINT64 definition from table 2:3 -TPM_RC -UINT64_Unmarshal(UINT64 *target, BYTE **buffer, INT32 *size); -UINT16 -UINT64_Marshal(UINT64 *source, BYTE **buffer, INT32 *size); - -// INT64 definition from table 2:3 -#if !USE_MARSHALING_DEFINES -TPM_RC -INT64_Unmarshal(INT64 *target, BYTE **buffer, INT32 *size); -#else -#define INT64_Unmarshal(target, buffer, size) \ - UINT64_Unmarshal((UINT64 *)(target), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -UINT16 -INT64_Marshal(INT64 *source, BYTE **buffer, INT32 *size); -#else -#define INT64_Marshal(source, buffer, size) \ - UINT64_Marshal((UINT64 *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:4 - Defines for Logic Values -// Table 2:5 - Definition of Types for Documentation Clarity -#if !USE_MARSHALING_DEFINES -TPM_RC -TPM_ALGORITHM_ID_Unmarshal(TPM_ALGORITHM_ID *target, BYTE **buffer, INT32 *size); -#else -#define TPM_ALGORITHM_ID_Unmarshal(target, buffer, size) \ - UINT32_Unmarshal((UINT32 *)(target), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -UINT16 -TPM_ALGORITHM_ID_Marshal(TPM_ALGORITHM_ID *source, BYTE **buffer, INT32 *size); -#else -#define TPM_ALGORITHM_ID_Marshal(source, buffer, size) \ - UINT32_Marshal((UINT32 *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -TPM_RC -TPM_MODIFIER_INDICATOR_Unmarshal(TPM_MODIFIER_INDICATOR *target, - BYTE **buffer, INT32 *size); -#else -#define TPM_MODIFIER_INDICATOR_Unmarshal(target, buffer, size) \ - UINT32_Unmarshal((UINT32 *)(target), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -UINT16 -TPM_MODIFIER_INDICATOR_Marshal(TPM_MODIFIER_INDICATOR *source, - BYTE **buffer, INT32 *size); -#else -#define TPM_MODIFIER_INDICATOR_Marshal(source, buffer, size) \ - UINT32_Marshal((UINT32 *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -TPM_RC -TPM_AUTHORIZATION_SIZE_Unmarshal(TPM_AUTHORIZATION_SIZE *target, - BYTE **buffer, INT32 *size); -#else -#define TPM_AUTHORIZATION_SIZE_Unmarshal(target, buffer, size) \ - UINT32_Unmarshal((UINT32 *)(target), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -UINT16 -TPM_AUTHORIZATION_SIZE_Marshal(TPM_AUTHORIZATION_SIZE *source, - BYTE **buffer, INT32 *size); -#else -#define TPM_AUTHORIZATION_SIZE_Marshal(source, buffer, size) \ - UINT32_Marshal((UINT32 *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -TPM_RC -TPM_PARAMETER_SIZE_Unmarshal(TPM_PARAMETER_SIZE *target, - BYTE **buffer, INT32 *size); -#else -#define TPM_PARAMETER_SIZE_Unmarshal(target, buffer, size) \ - UINT32_Unmarshal((UINT32 *)(target), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -UINT16 -TPM_PARAMETER_SIZE_Marshal(TPM_PARAMETER_SIZE *source, BYTE **buffer, INT32 *size); -#else -#define TPM_PARAMETER_SIZE_Marshal(source, buffer, size) \ - UINT32_Marshal((UINT32 *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -TPM_RC -TPM_KEY_SIZE_Unmarshal(TPM_KEY_SIZE *target, BYTE **buffer, INT32 *size); -#else -#define TPM_KEY_SIZE_Unmarshal(target, buffer, size) \ - UINT16_Unmarshal((UINT16 *)(target), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -UINT16 -TPM_KEY_SIZE_Marshal(TPM_KEY_SIZE *source, BYTE **buffer, INT32 *size); -#else -#define TPM_KEY_SIZE_Marshal(source, buffer, size) \ - UINT16_Marshal((UINT16 *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -TPM_RC -TPM_KEY_BITS_Unmarshal(TPM_KEY_BITS *target, BYTE **buffer, INT32 *size); -#else -#define TPM_KEY_BITS_Unmarshal(target, buffer, size) \ - UINT16_Unmarshal((UINT16 *)(target), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -UINT16 -TPM_KEY_BITS_Marshal(TPM_KEY_BITS *source, BYTE **buffer, INT32 *size); -#else -#define TPM_KEY_BITS_Marshal(source, buffer, size) \ - UINT16_Marshal((UINT16 *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:6 - Definition of TPM_SPEC Constants -// Table 2:7 - Definition of TPM_GENERATED Constants -#if !USE_MARSHALING_DEFINES -UINT16 -TPM_GENERATED_Marshal(TPM_GENERATED *source, BYTE **buffer, INT32 *size); -#else -#define TPM_GENERATED_Marshal(source, buffer, size) \ - UINT32_Marshal((UINT32 *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:9 - Definition of TPM_ALG_ID Constants -#if !USE_MARSHALING_DEFINES -TPM_RC -TPM_ALG_ID_Unmarshal(TPM_ALG_ID *target, BYTE **buffer, INT32 *size); -#else -#define TPM_ALG_ID_Unmarshal(target, buffer, size) \ - UINT16_Unmarshal((UINT16 *)(target), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -UINT16 -TPM_ALG_ID_Marshal(TPM_ALG_ID *source, BYTE **buffer, INT32 *size); -#else -#define TPM_ALG_ID_Marshal(source, buffer, size) \ - UINT16_Marshal((UINT16 *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:10 - Definition of TPM_ECC_CURVE Constants -#if ALG_ECC -TPM_RC -TPM_ECC_CURVE_Unmarshal(TPM_ECC_CURVE *target, BYTE **buffer, INT32 *size); -#if !USE_MARSHALING_DEFINES -UINT16 -TPM_ECC_CURVE_Marshal(TPM_ECC_CURVE *source, BYTE **buffer, INT32 *size); -#else -#define TPM_ECC_CURVE_Marshal(source, buffer, size) \ - UINT16_Marshal((UINT16 *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES -#endif // ALG_ECC - -// Table 2:12 - Definition of TPM_CC Constants -#if !USE_MARSHALING_DEFINES -TPM_RC -TPM_CC_Unmarshal(TPM_CC *target, BYTE **buffer, INT32 *size); -#else -#define TPM_CC_Unmarshal(target, buffer, size) \ - UINT32_Unmarshal((UINT32 *)(target), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -UINT16 -TPM_CC_Marshal(TPM_CC *source, BYTE **buffer, INT32 *size); -#else -#define TPM_CC_Marshal(source, buffer, size) \ - UINT32_Marshal((UINT32 *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:16 - Definition of TPM_RC Constants -#if !USE_MARSHALING_DEFINES -UINT16 -TPM_RC_Marshal(TPM_RC *source, BYTE **buffer, INT32 *size); -#else -#define TPM_RC_Marshal(source, buffer, size) \ - UINT32_Marshal((UINT32 *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:17 - Definition of TPM_CLOCK_ADJUST Constants -TPM_RC -TPM_CLOCK_ADJUST_Unmarshal(TPM_CLOCK_ADJUST *target, BYTE **buffer, INT32 *size); - -// Table 2:18 - Definition of TPM_EO Constants -TPM_RC -TPM_EO_Unmarshal(TPM_EO *target, BYTE **buffer, INT32 *size); -#if !USE_MARSHALING_DEFINES -UINT16 -TPM_EO_Marshal(TPM_EO *source, BYTE **buffer, INT32 *size); -#else -#define TPM_EO_Marshal(source, buffer, size) \ - UINT16_Marshal((UINT16 *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:19 - Definition of TPM_ST Constants -#if !USE_MARSHALING_DEFINES -TPM_RC -TPM_ST_Unmarshal(TPM_ST *target, BYTE **buffer, INT32 *size); -#else -#define TPM_ST_Unmarshal(target, buffer, size) \ - UINT16_Unmarshal((UINT16 *)(target), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -UINT16 -TPM_ST_Marshal(TPM_ST *source, BYTE **buffer, INT32 *size); -#else -#define TPM_ST_Marshal(source, buffer, size) \ - UINT16_Marshal((UINT16 *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:20 - Definition of TPM_SU Constants -TPM_RC -TPM_SU_Unmarshal(TPM_SU *target, BYTE **buffer, INT32 *size); - -// Table 2:21 - Definition of TPM_SE Constants -TPM_RC -TPM_SE_Unmarshal(TPM_SE *target, BYTE **buffer, INT32 *size); - -// Table 2:22 - Definition of TPM_CAP Constants -TPM_RC -TPM_CAP_Unmarshal(TPM_CAP *target, BYTE **buffer, INT32 *size); -#if !USE_MARSHALING_DEFINES -UINT16 -TPM_CAP_Marshal(TPM_CAP *source, BYTE **buffer, INT32 *size); -#else -#define TPM_CAP_Marshal(source, buffer, size) \ - UINT32_Marshal((UINT32 *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:23 - Definition of TPM_PT Constants -#if !USE_MARSHALING_DEFINES -TPM_RC -TPM_PT_Unmarshal(TPM_PT *target, BYTE **buffer, INT32 *size); -#else -#define TPM_PT_Unmarshal(target, buffer, size) \ - UINT32_Unmarshal((UINT32 *)(target), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -UINT16 -TPM_PT_Marshal(TPM_PT *source, BYTE **buffer, INT32 *size); -#else -#define TPM_PT_Marshal(source, buffer, size) \ - UINT32_Marshal((UINT32 *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:24 - Definition of TPM_PT_PCR Constants -#if !USE_MARSHALING_DEFINES -TPM_RC -TPM_PT_PCR_Unmarshal(TPM_PT_PCR *target, BYTE **buffer, INT32 *size); -#else -#define TPM_PT_PCR_Unmarshal(target, buffer, size) \ - UINT32_Unmarshal((UINT32 *)(target), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -UINT16 -TPM_PT_PCR_Marshal(TPM_PT_PCR *source, BYTE **buffer, INT32 *size); -#else -#define TPM_PT_PCR_Marshal(source, buffer, size) \ - UINT32_Marshal((UINT32 *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:25 - Definition of TPM_PS Constants -#if !USE_MARSHALING_DEFINES -UINT16 -TPM_PS_Marshal(TPM_PS *source, BYTE **buffer, INT32 *size); -#else -#define TPM_PS_Marshal(source, buffer, size) \ - UINT32_Marshal((UINT32 *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:26 - Definition of Types for Handles -#if !USE_MARSHALING_DEFINES -TPM_RC -TPM_HANDLE_Unmarshal(TPM_HANDLE *target, BYTE **buffer, INT32 *size); -#else -#define TPM_HANDLE_Unmarshal(target, buffer, size) \ - UINT32_Unmarshal((UINT32 *)(target), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -UINT16 -TPM_HANDLE_Marshal(TPM_HANDLE *source, BYTE **buffer, INT32 *size); -#else -#define TPM_HANDLE_Marshal(source, buffer, size) \ - UINT32_Marshal((UINT32 *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:27 - Definition of TPM_HT Constants -#if !USE_MARSHALING_DEFINES -TPM_RC -TPM_HT_Unmarshal(TPM_HT *target, BYTE **buffer, INT32 *size); -#else -#define TPM_HT_Unmarshal(target, buffer, size) \ - UINT8_Unmarshal((UINT8 *)(target), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -UINT16 -TPM_HT_Marshal(TPM_HT *source, BYTE **buffer, INT32 *size); -#else -#define TPM_HT_Marshal(source, buffer, size) \ - UINT8_Marshal((UINT8 *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:28 - Definition of TPM_RH Constants -#if !USE_MARSHALING_DEFINES -TPM_RC -TPM_RH_Unmarshal(TPM_RH *target, BYTE **buffer, INT32 *size); -#else -#define TPM_RH_Unmarshal(target, buffer, size) \ - TPM_HANDLE_Unmarshal((TPM_HANDLE *)(target), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -UINT16 -TPM_RH_Marshal(TPM_RH *source, BYTE **buffer, INT32 *size); -#else -#define TPM_RH_Marshal(source, buffer, size) \ - TPM_HANDLE_Marshal((TPM_HANDLE *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:29 - Definition of TPM_HC Constants -#if !USE_MARSHALING_DEFINES -TPM_RC -TPM_HC_Unmarshal(TPM_HC *target, BYTE **buffer, INT32 *size); -#else -#define TPM_HC_Unmarshal(target, buffer, size) \ - TPM_HANDLE_Unmarshal((TPM_HANDLE *)(target), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -UINT16 -TPM_HC_Marshal(TPM_HC *source, BYTE **buffer, INT32 *size); -#else -#define TPM_HC_Marshal(source, buffer, size) \ - TPM_HANDLE_Marshal((TPM_HANDLE *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:30 - Definition of TPMA_ALGORITHM Bits -TPM_RC -TPMA_ALGORITHM_Unmarshal(TPMA_ALGORITHM *target, BYTE **buffer, INT32 *size); - -#if !USE_MARSHALING_DEFINES -UINT16 -TPMA_ALGORITHM_Marshal(TPMA_ALGORITHM *source, BYTE **buffer, INT32 *size); -#else -#define TPMA_ALGORITHM_Marshal(source, buffer, size) \ - UINT32_Marshal((UINT32 *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:31 - Definition of TPMA_OBJECT Bits -TPM_RC -TPMA_OBJECT_Unmarshal(TPMA_OBJECT *target, BYTE **buffer, INT32 *size); - -#if !USE_MARSHALING_DEFINES -UINT16 -TPMA_OBJECT_Marshal(TPMA_OBJECT *source, BYTE **buffer, INT32 *size); -#else -#define TPMA_OBJECT_Marshal(source, buffer, size) \ - UINT32_Marshal((UINT32 *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:32 - Definition of TPMA_SESSION Bits -TPM_RC -TPMA_SESSION_Unmarshal(TPMA_SESSION *target, BYTE **buffer, INT32 *size); - -#if !USE_MARSHALING_DEFINES -UINT16 -TPMA_SESSION_Marshal(TPMA_SESSION *source, BYTE **buffer, INT32 *size); -#else -#define TPMA_SESSION_Marshal(source, buffer, size) \ - UINT8_Marshal((UINT8 *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:33 - Definition of TPMA_LOCALITY Bits -#if !USE_MARSHALING_DEFINES -TPM_RC -TPMA_LOCALITY_Unmarshal(TPMA_LOCALITY *target, BYTE **buffer, INT32 *size); -#else -#define TPMA_LOCALITY_Unmarshal(target, buffer, size) \ - UINT8_Unmarshal((UINT8 *)(target), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -#if !USE_MARSHALING_DEFINES -UINT16 -TPMA_LOCALITY_Marshal(TPMA_LOCALITY *source, BYTE **buffer, INT32 *size); -#else -#define TPMA_LOCALITY_Marshal(source, buffer, size) \ - UINT8_Marshal((UINT8 *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:34 - Definition of TPMA_PERMANENT Bits -#if !USE_MARSHALING_DEFINES -UINT16 -TPMA_PERMANENT_Marshal(TPMA_PERMANENT *source, BYTE **buffer, INT32 *size); -#else -#define TPMA_PERMANENT_Marshal(source, buffer, size) \ - UINT32_Marshal((UINT32 *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:35 - Definition of TPMA_STARTUP_CLEAR Bits -#if !USE_MARSHALING_DEFINES -UINT16 -TPMA_STARTUP_CLEAR_Marshal(TPMA_STARTUP_CLEAR *source, BYTE **buffer, INT32 *size); -#else -#define TPMA_STARTUP_CLEAR_Marshal(source, buffer, size) \ - UINT32_Marshal((UINT32 *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:36 - Definition of TPMA_MEMORY Bits -#if !USE_MARSHALING_DEFINES -UINT16 -TPMA_MEMORY_Marshal(TPMA_MEMORY *source, BYTE **buffer, INT32 *size); -#else -#define TPMA_MEMORY_Marshal(source, buffer, size) \ - UINT32_Marshal((UINT32 *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:37 - Definition of TPMA_CC Bits -#if !USE_MARSHALING_DEFINES -UINT16 -TPMA_CC_Marshal(TPMA_CC *source, BYTE **buffer, INT32 *size); -#else -#define TPMA_CC_Marshal(source, buffer, size) \ - TPM_CC_Marshal((TPM_CC *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:38 - Definition of TPMA_MODES Bits -#if !USE_MARSHALING_DEFINES -UINT16 -TPMA_MODES_Marshal(TPMA_MODES *source, BYTE **buffer, INT32 *size); -#else -#define TPMA_MODES_Marshal(source, buffer, size) \ - UINT32_Marshal((UINT32 *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:39 - Definition of TPMA_X509_KEY_USAGE Bits -#if !USE_MARSHALING_DEFINES -UINT16 -TPMA_X509_KEY_USAGE_Marshal(TPMA_X509_KEY_USAGE *source, - BYTE **buffer, INT32 *size); -#else -#define TPMA_X509_KEY_USAGE_Marshal(source, buffer, size) \ - UINT32_Marshal((UINT32 *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:40 - Definition of TPMI_YES_NO Type -TPM_RC -TPMI_YES_NO_Unmarshal(TPMI_YES_NO *target, BYTE **buffer, INT32 *size); -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_YES_NO_Marshal(TPMI_YES_NO *source, BYTE **buffer, INT32 *size); -#else -#define TPMI_YES_NO_Marshal(source, buffer, size) \ - BYTE_Marshal((BYTE *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:41 - Definition of TPMI_DH_OBJECT Type -TPM_RC -TPMI_DH_OBJECT_Unmarshal(TPMI_DH_OBJECT *target, - BYTE **buffer, INT32 *size, BOOL flag); -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_DH_OBJECT_Marshal(TPMI_DH_OBJECT *source, BYTE **buffer, INT32 *size); -#else -#define TPMI_DH_OBJECT_Marshal(source, buffer, size) \ - TPM_HANDLE_Marshal((TPM_HANDLE *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:42 - Definition of TPMI_DH_PARENT Type -TPM_RC -TPMI_DH_PARENT_Unmarshal(TPMI_DH_PARENT *target, - BYTE **buffer, INT32 *size, BOOL flag); -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_DH_PARENT_Marshal(TPMI_DH_PARENT *source, BYTE **buffer, INT32 *size); -#else -#define TPMI_DH_PARENT_Marshal(source, buffer, size) \ - TPM_HANDLE_Marshal((TPM_HANDLE *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:43 - Definition of TPMI_DH_PERSISTENT Type -TPM_RC -TPMI_DH_PERSISTENT_Unmarshal(TPMI_DH_PERSISTENT *target, - BYTE **buffer, INT32 *size); -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_DH_PERSISTENT_Marshal(TPMI_DH_PERSISTENT *source, BYTE **buffer, INT32 *size); -#else -#define TPMI_DH_PERSISTENT_Marshal(source, buffer, size) \ - TPM_HANDLE_Marshal((TPM_HANDLE *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:44 - Definition of TPMI_DH_ENTITY Type -TPM_RC -TPMI_DH_ENTITY_Unmarshal(TPMI_DH_ENTITY *target, - BYTE **buffer, INT32 *size, BOOL flag); - -// Table 2:45 - Definition of TPMI_DH_PCR Type -TPM_RC -TPMI_DH_PCR_Unmarshal(TPMI_DH_PCR *target, BYTE **buffer, INT32 *size, BOOL flag); - -// Table 2:46 - Definition of TPMI_SH_AUTH_SESSION Type -TPM_RC -TPMI_SH_AUTH_SESSION_Unmarshal(TPMI_SH_AUTH_SESSION *target, - BYTE **buffer, INT32 *size, BOOL flag); -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_SH_AUTH_SESSION_Marshal(TPMI_SH_AUTH_SESSION *source, - BYTE **buffer, INT32 *size); -#else -#define TPMI_SH_AUTH_SESSION_Marshal(source, buffer, size) \ - TPM_HANDLE_Marshal((TPM_HANDLE *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:47 - Definition of TPMI_SH_HMAC Type -TPM_RC -TPMI_SH_HMAC_Unmarshal(TPMI_SH_HMAC *target, BYTE **buffer, INT32 *size); -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_SH_HMAC_Marshal(TPMI_SH_HMAC *source, BYTE **buffer, INT32 *size); -#else -#define TPMI_SH_HMAC_Marshal(source, buffer, size) \ - TPM_HANDLE_Marshal((TPM_HANDLE *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:48 - Definition of TPMI_SH_POLICY Type -TPM_RC -TPMI_SH_POLICY_Unmarshal(TPMI_SH_POLICY *target, BYTE **buffer, INT32 *size); -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_SH_POLICY_Marshal(TPMI_SH_POLICY *source, BYTE **buffer, INT32 *size); -#else -#define TPMI_SH_POLICY_Marshal(source, buffer, size) \ - TPM_HANDLE_Marshal((TPM_HANDLE *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:49 - Definition of TPMI_DH_CONTEXT Type -TPM_RC -TPMI_DH_CONTEXT_Unmarshal(TPMI_DH_CONTEXT *target, BYTE **buffer, INT32 *size); -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_DH_CONTEXT_Marshal(TPMI_DH_CONTEXT *source, BYTE **buffer, INT32 *size); -#else -#define TPMI_DH_CONTEXT_Marshal(source, buffer, size) \ - TPM_HANDLE_Marshal((TPM_HANDLE *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:50 - Definition of TPMI_DH_SAVED Type -TPM_RC -TPMI_DH_SAVED_Unmarshal(TPMI_DH_SAVED *target, BYTE **buffer, INT32 *size); -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_DH_SAVED_Marshal(TPMI_DH_SAVED *source, BYTE **buffer, INT32 *size); -#else -#define TPMI_DH_SAVED_Marshal(source, buffer, size) \ - TPM_HANDLE_Marshal((TPM_HANDLE *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:51 - Definition of TPMI_RH_HIERARCHY Type -TPM_RC -TPMI_RH_HIERARCHY_Unmarshal(TPMI_RH_HIERARCHY *target, - BYTE **buffer, INT32 *size, BOOL flag); -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_RH_HIERARCHY_Marshal(TPMI_RH_HIERARCHY *source, BYTE **buffer, INT32 *size); -#else -#define TPMI_RH_HIERARCHY_Marshal(source, buffer, size) \ - TPM_HANDLE_Marshal((TPM_HANDLE *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:52 - Definition of TPMI_RH_ENABLES Type -TPM_RC -TPMI_RH_ENABLES_Unmarshal(TPMI_RH_ENABLES *target, - BYTE **buffer, INT32 *size, BOOL flag); -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_RH_ENABLES_Marshal(TPMI_RH_ENABLES *source, BYTE **buffer, INT32 *size); -#else -#define TPMI_RH_ENABLES_Marshal(source, buffer, size) \ - TPM_HANDLE_Marshal((TPM_HANDLE *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:53 - Definition of TPMI_RH_HIERARCHY_AUTH Type -TPM_RC -TPMI_RH_HIERARCHY_AUTH_Unmarshal(TPMI_RH_HIERARCHY_AUTH *target, - BYTE **buffer, INT32 *size); - -// Table 2:54 - Definition of TPMI_RH_PLATFORM Type -TPM_RC -TPMI_RH_PLATFORM_Unmarshal(TPMI_RH_PLATFORM *target, BYTE **buffer, INT32 *size); - -// Table 2:55 - Definition of TPMI_RH_OWNER Type -TPM_RC -TPMI_RH_OWNER_Unmarshal(TPMI_RH_OWNER *target, - BYTE **buffer, INT32 *size, BOOL flag); - -// Table 2:56 - Definition of TPMI_RH_ENDORSEMENT Type -TPM_RC -TPMI_RH_ENDORSEMENT_Unmarshal(TPMI_RH_ENDORSEMENT *target, - BYTE **buffer, INT32 *size, BOOL flag); - -// Table 2:57 - Definition of TPMI_RH_PROVISION Type -TPM_RC -TPMI_RH_PROVISION_Unmarshal(TPMI_RH_PROVISION *target, BYTE **buffer, INT32 *size); - -// Table 2:58 - Definition of TPMI_RH_CLEAR Type -TPM_RC -TPMI_RH_CLEAR_Unmarshal(TPMI_RH_CLEAR *target, BYTE **buffer, INT32 *size); - -// Table 2:59 - Definition of TPMI_RH_NV_AUTH Type -TPM_RC -TPMI_RH_NV_AUTH_Unmarshal(TPMI_RH_NV_AUTH *target, BYTE **buffer, INT32 *size); - -// Table 2:60 - Definition of TPMI_RH_LOCKOUT Type -TPM_RC -TPMI_RH_LOCKOUT_Unmarshal(TPMI_RH_LOCKOUT *target, BYTE **buffer, INT32 *size); - -// Table 2:61 - Definition of TPMI_RH_NV_INDEX Type -TPM_RC -TPMI_RH_NV_INDEX_Unmarshal(TPMI_RH_NV_INDEX *target, BYTE **buffer, INT32 *size); -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_RH_NV_INDEX_Marshal(TPMI_RH_NV_INDEX *source, BYTE **buffer, INT32 *size); -#else -#define TPMI_RH_NV_INDEX_Marshal(source, buffer, size) \ - TPM_HANDLE_Marshal((TPM_HANDLE *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:62 - Definition of TPMI_RH_AC Type -TPM_RC -TPMI_RH_AC_Unmarshal(TPMI_RH_AC *target, BYTE **buffer, INT32 *size); - -// Table 2:63 - Definition of TPMI_ALG_HASH Type -TPM_RC -TPMI_ALG_HASH_Unmarshal(TPMI_ALG_HASH *target, - BYTE **buffer, INT32 *size, BOOL flag); -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_ALG_HASH_Marshal(TPMI_ALG_HASH *source, BYTE **buffer, INT32 *size); -#else -#define TPMI_ALG_HASH_Marshal(source, buffer, size) \ - TPM_ALG_ID_Marshal((TPM_ALG_ID *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:64 - Definition of TPMI_ALG_ASYM Type -TPM_RC -TPMI_ALG_ASYM_Unmarshal(TPMI_ALG_ASYM *target, - BYTE **buffer, INT32 *size, BOOL flag); -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_ALG_ASYM_Marshal(TPMI_ALG_ASYM *source, BYTE **buffer, INT32 *size); -#else -#define TPMI_ALG_ASYM_Marshal(source, buffer, size) \ - TPM_ALG_ID_Marshal((TPM_ALG_ID *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:65 - Definition of TPMI_ALG_SYM Type -TPM_RC -TPMI_ALG_SYM_Unmarshal(TPMI_ALG_SYM *target, BYTE **buffer, INT32 *size, BOOL flag); -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_ALG_SYM_Marshal(TPMI_ALG_SYM *source, BYTE **buffer, INT32 *size); -#else -#define TPMI_ALG_SYM_Marshal(source, buffer, size) \ - TPM_ALG_ID_Marshal((TPM_ALG_ID *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:66 - Definition of TPMI_ALG_SYM_OBJECT Type -TPM_RC -TPMI_ALG_SYM_OBJECT_Unmarshal(TPMI_ALG_SYM_OBJECT *target, - BYTE **buffer, INT32 *size, BOOL flag); -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_ALG_SYM_OBJECT_Marshal(TPMI_ALG_SYM_OBJECT *source, - BYTE **buffer, INT32 *size); -#else -#define TPMI_ALG_SYM_OBJECT_Marshal(source, buffer, size) \ - TPM_ALG_ID_Marshal((TPM_ALG_ID *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:67 - Definition of TPMI_ALG_SYM_MODE Type -TPM_RC -TPMI_ALG_SYM_MODE_Unmarshal(TPMI_ALG_SYM_MODE *target, - BYTE **buffer, INT32 *size, BOOL flag); -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_ALG_SYM_MODE_Marshal(TPMI_ALG_SYM_MODE *source, BYTE **buffer, INT32 *size); -#else -#define TPMI_ALG_SYM_MODE_Marshal(source, buffer, size) \ - TPM_ALG_ID_Marshal((TPM_ALG_ID *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:68 - Definition of TPMI_ALG_KDF Type -TPM_RC -TPMI_ALG_KDF_Unmarshal(TPMI_ALG_KDF *target, BYTE **buffer, INT32 *size, BOOL flag); -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_ALG_KDF_Marshal(TPMI_ALG_KDF *source, BYTE **buffer, INT32 *size); -#else -#define TPMI_ALG_KDF_Marshal(source, buffer, size) \ - TPM_ALG_ID_Marshal((TPM_ALG_ID *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:69 - Definition of TPMI_ALG_SIG_SCHEME Type -TPM_RC -TPMI_ALG_SIG_SCHEME_Unmarshal(TPMI_ALG_SIG_SCHEME *target, - BYTE **buffer, INT32 *size, BOOL flag); -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_ALG_SIG_SCHEME_Marshal(TPMI_ALG_SIG_SCHEME *source, - BYTE **buffer, INT32 *size); -#else -#define TPMI_ALG_SIG_SCHEME_Marshal(source, buffer, size) \ - TPM_ALG_ID_Marshal((TPM_ALG_ID *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:70 - Definition of TPMI_ECC_KEY_EXCHANGE Type -#if ALG_ECC -TPM_RC -TPMI_ECC_KEY_EXCHANGE_Unmarshal(TPMI_ECC_KEY_EXCHANGE *target, - BYTE **buffer, INT32 *size, BOOL flag); -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_ECC_KEY_EXCHANGE_Marshal(TPMI_ECC_KEY_EXCHANGE *source, - BYTE **buffer, INT32 *size); -#else -#define TPMI_ECC_KEY_EXCHANGE_Marshal(source, buffer, size) \ - TPM_ALG_ID_Marshal((TPM_ALG_ID *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES -#endif // ALG_ECC - -// Table 2:71 - Definition of TPMI_ST_COMMAND_TAG Type -TPM_RC -TPMI_ST_COMMAND_TAG_Unmarshal(TPMI_ST_COMMAND_TAG *target, - BYTE **buffer, INT32 *size); -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_ST_COMMAND_TAG_Marshal(TPMI_ST_COMMAND_TAG *source, - BYTE **buffer, INT32 *size); -#else -#define TPMI_ST_COMMAND_TAG_Marshal(source, buffer, size) \ - TPM_ST_Marshal((TPM_ST *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:72 - Definition of TPMI_ALG_MAC_SCHEME Type -TPM_RC -TPMI_ALG_MAC_SCHEME_Unmarshal(TPMI_ALG_MAC_SCHEME *target, - BYTE **buffer, INT32 *size, BOOL flag); -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_ALG_MAC_SCHEME_Marshal(TPMI_ALG_MAC_SCHEME *source, - BYTE **buffer, INT32 *size); -#else -#define TPMI_ALG_MAC_SCHEME_Marshal(source, buffer, size) \ - TPM_ALG_ID_Marshal((TPM_ALG_ID *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:73 - Definition of TPMI_ALG_CIPHER_MODE Type -TPM_RC -TPMI_ALG_CIPHER_MODE_Unmarshal(TPMI_ALG_CIPHER_MODE *target, - BYTE **buffer, INT32 *size, BOOL flag); -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_ALG_CIPHER_MODE_Marshal(TPMI_ALG_CIPHER_MODE *source, - BYTE **buffer, INT32 *size); -#else -#define TPMI_ALG_CIPHER_MODE_Marshal(source, buffer, size) \ - TPM_ALG_ID_Marshal((TPM_ALG_ID *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:74 - Definition of TPMS_EMPTY Structure -TPM_RC -TPMS_EMPTY_Unmarshal(TPMS_EMPTY *target, BYTE **buffer, INT32 *size); -UINT16 -TPMS_EMPTY_Marshal(TPMS_EMPTY *source, BYTE **buffer, INT32 *size); - -// Table 2:75 - Definition of TPMS_ALGORITHM_DESCRIPTION Structure -UINT16 -TPMS_ALGORITHM_DESCRIPTION_Marshal(TPMS_ALGORITHM_DESCRIPTION *source, - BYTE **buffer, INT32 *size); - -// Table 2:76 - Definition of TPMU_HA Union -TPM_RC -TPMU_HA_Unmarshal(TPMU_HA *target, BYTE **buffer, INT32 *size, UINT32 selector); -UINT16 -TPMU_HA_Marshal(TPMU_HA *source, BYTE **buffer, INT32 *size, UINT32 selector); - -// Table 2:77 - Definition of TPMT_HA Structure -TPM_RC -TPMT_HA_Unmarshal(TPMT_HA *target, BYTE **buffer, INT32 *size, BOOL flag); -UINT16 -TPMT_HA_Marshal(TPMT_HA *source, BYTE **buffer, INT32 *size); - -// Table 2:78 - Definition of TPM2B_DIGEST Structure -TPM_RC -TPM2B_DIGEST_Unmarshal(TPM2B_DIGEST *target, BYTE **buffer, INT32 *size); -UINT16 -TPM2B_DIGEST_Marshal(TPM2B_DIGEST *source, BYTE **buffer, INT32 *size); - -// Table 2:79 - Definition of TPM2B_DATA Structure -TPM_RC -TPM2B_DATA_Unmarshal(TPM2B_DATA *target, BYTE **buffer, INT32 *size); -UINT16 -TPM2B_DATA_Marshal(TPM2B_DATA *source, BYTE **buffer, INT32 *size); - -// Table 2:80 - Definition of Types for TPM2B_NONCE -#if !USE_MARSHALING_DEFINES -TPM_RC -TPM2B_NONCE_Unmarshal(TPM2B_NONCE *target, BYTE **buffer, INT32 *size); -#else -#define TPM2B_NONCE_Unmarshal(target, buffer, size) \ - TPM2B_DIGEST_Unmarshal((TPM2B_DIGEST *)(target), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -UINT16 -TPM2B_NONCE_Marshal(TPM2B_NONCE *source, BYTE **buffer, INT32 *size); -#else -#define TPM2B_NONCE_Marshal(source, buffer, size) \ - TPM2B_DIGEST_Marshal((TPM2B_DIGEST *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:81 - Definition of Types for TPM2B_AUTH -#if !USE_MARSHALING_DEFINES -TPM_RC -TPM2B_AUTH_Unmarshal(TPM2B_AUTH *target, BYTE **buffer, INT32 *size); -#else -#define TPM2B_AUTH_Unmarshal(target, buffer, size) \ - TPM2B_DIGEST_Unmarshal((TPM2B_DIGEST *)(target), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -UINT16 -TPM2B_AUTH_Marshal(TPM2B_AUTH *source, BYTE **buffer, INT32 *size); -#else -#define TPM2B_AUTH_Marshal(source, buffer, size) \ - TPM2B_DIGEST_Marshal((TPM2B_DIGEST *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:82 - Definition of Types for TPM2B_OPERAND -#if !USE_MARSHALING_DEFINES -TPM_RC -TPM2B_OPERAND_Unmarshal(TPM2B_OPERAND *target, BYTE **buffer, INT32 *size); -#else -#define TPM2B_OPERAND_Unmarshal(target, buffer, size) \ - TPM2B_DIGEST_Unmarshal((TPM2B_DIGEST *)(target), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -UINT16 -TPM2B_OPERAND_Marshal(TPM2B_OPERAND *source, BYTE **buffer, INT32 *size); -#else -#define TPM2B_OPERAND_Marshal(source, buffer, size) \ - TPM2B_DIGEST_Marshal((TPM2B_DIGEST *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:83 - Definition of TPM2B_EVENT Structure -TPM_RC -TPM2B_EVENT_Unmarshal(TPM2B_EVENT *target, BYTE **buffer, INT32 *size); -UINT16 -TPM2B_EVENT_Marshal(TPM2B_EVENT *source, BYTE **buffer, INT32 *size); - -// Table 2:84 - Definition of TPM2B_MAX_BUFFER Structure -TPM_RC -TPM2B_MAX_BUFFER_Unmarshal(TPM2B_MAX_BUFFER *target, BYTE **buffer, INT32 *size); -UINT16 -TPM2B_MAX_BUFFER_Marshal(TPM2B_MAX_BUFFER *source, BYTE **buffer, INT32 *size); - -// Table 2:85 - Definition of TPM2B_MAX_NV_BUFFER Structure -TPM_RC -TPM2B_MAX_NV_BUFFER_Unmarshal(TPM2B_MAX_NV_BUFFER *target, - BYTE **buffer, INT32 *size); -UINT16 -TPM2B_MAX_NV_BUFFER_Marshal(TPM2B_MAX_NV_BUFFER *source, - BYTE **buffer, INT32 *size); - -// Table 2:86 - Definition of TPM2B_TIMEOUT Structure -TPM_RC -TPM2B_TIMEOUT_Unmarshal(TPM2B_TIMEOUT *target, BYTE **buffer, INT32 *size); -UINT16 -TPM2B_TIMEOUT_Marshal(TPM2B_TIMEOUT *source, BYTE **buffer, INT32 *size); - -// Table 2:87 - Definition of TPM2B_IV Structure -TPM_RC -TPM2B_IV_Unmarshal(TPM2B_IV *target, BYTE **buffer, INT32 *size); -UINT16 -TPM2B_IV_Marshal(TPM2B_IV *source, BYTE **buffer, INT32 *size); - -// Table 2:88 - Definition of TPMU_NAME Union -// Table 2:89 - Definition of TPM2B_NAME Structure -TPM_RC -TPM2B_NAME_Unmarshal(TPM2B_NAME *target, BYTE **buffer, INT32 *size); -UINT16 -TPM2B_NAME_Marshal(TPM2B_NAME *source, BYTE **buffer, INT32 *size); - -// Table 2:90 - Definition of TPMS_PCR_SELECT Structure -TPM_RC -TPMS_PCR_SELECT_Unmarshal(TPMS_PCR_SELECT *target, BYTE **buffer, INT32 *size); -UINT16 -TPMS_PCR_SELECT_Marshal(TPMS_PCR_SELECT *source, BYTE **buffer, INT32 *size); - -// Table 2:91 - Definition of TPMS_PCR_SELECTION Structure -TPM_RC -TPMS_PCR_SELECTION_Unmarshal(TPMS_PCR_SELECTION *target, - BYTE **buffer, INT32 *size); -UINT16 -TPMS_PCR_SELECTION_Marshal(TPMS_PCR_SELECTION *source, BYTE **buffer, INT32 *size); - -// Table 2:94 - Definition of TPMT_TK_CREATION Structure -TPM_RC -TPMT_TK_CREATION_Unmarshal(TPMT_TK_CREATION *target, BYTE **buffer, INT32 *size); -UINT16 -TPMT_TK_CREATION_Marshal(TPMT_TK_CREATION *source, BYTE **buffer, INT32 *size); - -// Table 2:95 - Definition of TPMT_TK_VERIFIED Structure -TPM_RC -TPMT_TK_VERIFIED_Unmarshal(TPMT_TK_VERIFIED *target, BYTE **buffer, INT32 *size); -UINT16 -TPMT_TK_VERIFIED_Marshal(TPMT_TK_VERIFIED *source, BYTE **buffer, INT32 *size); - -// Table 2:96 - Definition of TPMT_TK_AUTH Structure -TPM_RC -TPMT_TK_AUTH_Unmarshal(TPMT_TK_AUTH *target, BYTE **buffer, INT32 *size); -UINT16 -TPMT_TK_AUTH_Marshal(TPMT_TK_AUTH *source, BYTE **buffer, INT32 *size); - -// Table 2:97 - Definition of TPMT_TK_HASHCHECK Structure -TPM_RC -TPMT_TK_HASHCHECK_Unmarshal(TPMT_TK_HASHCHECK *target, BYTE **buffer, INT32 *size); -UINT16 -TPMT_TK_HASHCHECK_Marshal(TPMT_TK_HASHCHECK *source, BYTE **buffer, INT32 *size); - -// Table 2:98 - Definition of TPMS_ALG_PROPERTY Structure -UINT16 -TPMS_ALG_PROPERTY_Marshal(TPMS_ALG_PROPERTY *source, BYTE **buffer, INT32 *size); - -// Table 2:99 - Definition of TPMS_TAGGED_PROPERTY Structure -UINT16 -TPMS_TAGGED_PROPERTY_Marshal(TPMS_TAGGED_PROPERTY *source, - BYTE **buffer, INT32 *size); - -// Table 2:100 - Definition of TPMS_TAGGED_PCR_SELECT Structure -UINT16 -TPMS_TAGGED_PCR_SELECT_Marshal(TPMS_TAGGED_PCR_SELECT *source, - BYTE **buffer, INT32 *size); - -// Table 2:101 - Definition of TPMS_TAGGED_POLICY Structure -UINT16 -TPMS_TAGGED_POLICY_Marshal(TPMS_TAGGED_POLICY *source, BYTE **buffer, INT32 *size); - -// Table 2:102 - Definition of TPML_CC Structure -TPM_RC -TPML_CC_Unmarshal(TPML_CC *target, BYTE **buffer, INT32 *size); -UINT16 -TPML_CC_Marshal(TPML_CC *source, BYTE **buffer, INT32 *size); - -// Table 2:103 - Definition of TPML_CCA Structure -UINT16 -TPML_CCA_Marshal(TPML_CCA *source, BYTE **buffer, INT32 *size); - -// Table 2:104 - Definition of TPML_ALG Structure -TPM_RC -TPML_ALG_Unmarshal(TPML_ALG *target, BYTE **buffer, INT32 *size); -UINT16 -TPML_ALG_Marshal(TPML_ALG *source, BYTE **buffer, INT32 *size); - -// Table 2:105 - Definition of TPML_HANDLE Structure -UINT16 -TPML_HANDLE_Marshal(TPML_HANDLE *source, BYTE **buffer, INT32 *size); - -// Table 2:106 - Definition of TPML_DIGEST Structure -TPM_RC -TPML_DIGEST_Unmarshal(TPML_DIGEST *target, BYTE **buffer, INT32 *size); -UINT16 -TPML_DIGEST_Marshal(TPML_DIGEST *source, BYTE **buffer, INT32 *size); - -// Table 2:107 - Definition of TPML_DIGEST_VALUES Structure -TPM_RC -TPML_DIGEST_VALUES_Unmarshal(TPML_DIGEST_VALUES *target, - BYTE **buffer, INT32 *size); -UINT16 -TPML_DIGEST_VALUES_Marshal(TPML_DIGEST_VALUES *source, BYTE **buffer, INT32 *size); - -// Table 2:108 - Definition of TPML_PCR_SELECTION Structure -TPM_RC -TPML_PCR_SELECTION_Unmarshal(TPML_PCR_SELECTION *target, - BYTE **buffer, INT32 *size); -UINT16 -TPML_PCR_SELECTION_Marshal(TPML_PCR_SELECTION *source, BYTE **buffer, INT32 *size); - -// Table 2:109 - Definition of TPML_ALG_PROPERTY Structure -UINT16 -TPML_ALG_PROPERTY_Marshal(TPML_ALG_PROPERTY *source, BYTE **buffer, INT32 *size); - -// Table 2:110 - Definition of TPML_TAGGED_TPM_PROPERTY Structure -UINT16 -TPML_TAGGED_TPM_PROPERTY_Marshal(TPML_TAGGED_TPM_PROPERTY *source, - BYTE **buffer, INT32 *size); - -// Table 2:111 - Definition of TPML_TAGGED_PCR_PROPERTY Structure -UINT16 -TPML_TAGGED_PCR_PROPERTY_Marshal(TPML_TAGGED_PCR_PROPERTY *source, - BYTE **buffer, INT32 *size); - -// Table 2:112 - Definition of TPML_ECC_CURVE Structure -#if ALG_ECC -UINT16 -TPML_ECC_CURVE_Marshal(TPML_ECC_CURVE *source, BYTE **buffer, INT32 *size); -#endif // ALG_ECC - -// Table 2:113 - Definition of TPML_TAGGED_POLICY Structure -UINT16 -TPML_TAGGED_POLICY_Marshal(TPML_TAGGED_POLICY *source, BYTE **buffer, INT32 *size); - -// Table 2:114 - Definition of TPMU_CAPABILITIES Union -UINT16 -TPMU_CAPABILITIES_Marshal(TPMU_CAPABILITIES *source, - BYTE **buffer, INT32 *size, UINT32 selector); - -// Table 2:115 - Definition of TPMS_CAPABILITY_DATA Structure -UINT16 -TPMS_CAPABILITY_DATA_Marshal(TPMS_CAPABILITY_DATA *source, - BYTE **buffer, INT32 *size); - -// Table 2:116 - Definition of TPMS_CLOCK_INFO Structure -TPM_RC -TPMS_CLOCK_INFO_Unmarshal(TPMS_CLOCK_INFO *target, BYTE **buffer, INT32 *size); -UINT16 -TPMS_CLOCK_INFO_Marshal(TPMS_CLOCK_INFO *source, BYTE **buffer, INT32 *size); - -// Table 2:117 - Definition of TPMS_TIME_INFO Structure -TPM_RC -TPMS_TIME_INFO_Unmarshal(TPMS_TIME_INFO *target, BYTE **buffer, INT32 *size); -UINT16 -TPMS_TIME_INFO_Marshal(TPMS_TIME_INFO *source, BYTE **buffer, INT32 *size); - -// Table 2:118 - Definition of TPMS_TIME_ATTEST_INFO Structure -UINT16 -TPMS_TIME_ATTEST_INFO_Marshal(TPMS_TIME_ATTEST_INFO *source, - BYTE **buffer, INT32 *size); - -// Table 2:119 - Definition of TPMS_CERTIFY_INFO Structure -UINT16 -TPMS_CERTIFY_INFO_Marshal(TPMS_CERTIFY_INFO *source, BYTE **buffer, INT32 *size); - -// Table 2:120 - Definition of TPMS_QUOTE_INFO Structure -UINT16 -TPMS_QUOTE_INFO_Marshal(TPMS_QUOTE_INFO *source, BYTE **buffer, INT32 *size); - -// Table 2:121 - Definition of TPMS_COMMAND_AUDIT_INFO Structure -UINT16 -TPMS_COMMAND_AUDIT_INFO_Marshal(TPMS_COMMAND_AUDIT_INFO *source, - BYTE **buffer, INT32 *size); - -// Table 2:122 - Definition of TPMS_SESSION_AUDIT_INFO Structure -UINT16 -TPMS_SESSION_AUDIT_INFO_Marshal(TPMS_SESSION_AUDIT_INFO *source, - BYTE **buffer, INT32 *size); - -// Table 2:123 - Definition of TPMS_CREATION_INFO Structure -UINT16 -TPMS_CREATION_INFO_Marshal(TPMS_CREATION_INFO *source, BYTE **buffer, INT32 *size); - -// Table 2:124 - Definition of TPMS_NV_CERTIFY_INFO Structure -UINT16 -TPMS_NV_CERTIFY_INFO_Marshal(TPMS_NV_CERTIFY_INFO *source, - BYTE **buffer, INT32 *size); - -// Table 2:125 - Definition of TPMS_NV_DIGEST_CERTIFY_INFO Structure -UINT16 -TPMS_NV_DIGEST_CERTIFY_INFO_Marshal(TPMS_NV_DIGEST_CERTIFY_INFO *source, - BYTE **buffer, INT32 *size); - -// Table 2:126 - Definition of TPMI_ST_ATTEST Type -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_ST_ATTEST_Marshal(TPMI_ST_ATTEST *source, BYTE **buffer, INT32 *size); -#else -#define TPMI_ST_ATTEST_Marshal(source, buffer, size) \ - TPM_ST_Marshal((TPM_ST *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:127 - Definition of TPMU_ATTEST Union -UINT16 -TPMU_ATTEST_Marshal(TPMU_ATTEST *source, - BYTE **buffer, INT32 *size, UINT32 selector); - -// Table 2:128 - Definition of TPMS_ATTEST Structure -UINT16 -TPMS_ATTEST_Marshal(TPMS_ATTEST *source, BYTE **buffer, INT32 *size); - -// Table 2:129 - Definition of TPM2B_ATTEST Structure -UINT16 -TPM2B_ATTEST_Marshal(TPM2B_ATTEST *source, BYTE **buffer, INT32 *size); - -// Table 2:130 - Definition of TPMS_AUTH_COMMAND Structure -TPM_RC -TPMS_AUTH_COMMAND_Unmarshal(TPMS_AUTH_COMMAND *target, BYTE **buffer, INT32 *size); - -// Table 2:131 - Definition of TPMS_AUTH_RESPONSE Structure -UINT16 -TPMS_AUTH_RESPONSE_Marshal(TPMS_AUTH_RESPONSE *source, BYTE **buffer, INT32 *size); - -// Table 2:132 - Definition of TPMI_TDES_KEY_BITS Type -#if ALG_TDES -TPM_RC -TPMI_TDES_KEY_BITS_Unmarshal(TPMI_TDES_KEY_BITS *target, - BYTE **buffer, INT32 *size); -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_TDES_KEY_BITS_Marshal(TPMI_TDES_KEY_BITS *source, BYTE **buffer, INT32 *size); -#else -#define TPMI_TDES_KEY_BITS_Marshal(source, buffer, size) \ - TPM_KEY_BITS_Marshal((TPM_KEY_BITS *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES -#endif // ALG_TDES - -// Table 2:132 - Definition of TPMI_AES_KEY_BITS Type -#if ALG_AES -TPM_RC -TPMI_AES_KEY_BITS_Unmarshal(TPMI_AES_KEY_BITS *target, BYTE **buffer, INT32 *size); -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_AES_KEY_BITS_Marshal(TPMI_AES_KEY_BITS *source, BYTE **buffer, INT32 *size); -#else -#define TPMI_AES_KEY_BITS_Marshal(source, buffer, size) \ - TPM_KEY_BITS_Marshal((TPM_KEY_BITS *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES -#endif // ALG_AES - -// Table 2:132 - Definition of TPMI_SM4_KEY_BITS Type -#if ALG_SM4 -TPM_RC -TPMI_SM4_KEY_BITS_Unmarshal(TPMI_SM4_KEY_BITS *target, BYTE **buffer, INT32 *size); -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_SM4_KEY_BITS_Marshal(TPMI_SM4_KEY_BITS *source, BYTE **buffer, INT32 *size); -#else -#define TPMI_SM4_KEY_BITS_Marshal(source, buffer, size) \ - TPM_KEY_BITS_Marshal((TPM_KEY_BITS *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES -#endif // ALG_SM4 - -// Table 2:132 - Definition of TPMI_CAMELLIA_KEY_BITS Type -#if ALG_CAMELLIA -TPM_RC -TPMI_CAMELLIA_KEY_BITS_Unmarshal(TPMI_CAMELLIA_KEY_BITS *target, - BYTE **buffer, INT32 *size); -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_CAMELLIA_KEY_BITS_Marshal(TPMI_CAMELLIA_KEY_BITS *source, - BYTE **buffer, INT32 *size); -#else -#define TPMI_CAMELLIA_KEY_BITS_Marshal(source, buffer, size) \ - TPM_KEY_BITS_Marshal((TPM_KEY_BITS *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES -#endif // ALG_CAMELLIA - -// Table 2:133 - Definition of TPMU_SYM_KEY_BITS Union -TPM_RC -TPMU_SYM_KEY_BITS_Unmarshal(TPMU_SYM_KEY_BITS *target, - BYTE **buffer, INT32 *size, UINT32 selector); -UINT16 -TPMU_SYM_KEY_BITS_Marshal(TPMU_SYM_KEY_BITS *source, - BYTE **buffer, INT32 *size, UINT32 selector); - -// Table 2:134 - Definition of TPMU_SYM_MODE Union -TPM_RC -TPMU_SYM_MODE_Unmarshal(TPMU_SYM_MODE *target, - BYTE **buffer, INT32 *size, UINT32 selector); -UINT16 -TPMU_SYM_MODE_Marshal(TPMU_SYM_MODE *source, - BYTE **buffer, INT32 *size, UINT32 selector); - -// Table 2:136 - Definition of TPMT_SYM_DEF Structure -TPM_RC -TPMT_SYM_DEF_Unmarshal(TPMT_SYM_DEF *target, BYTE **buffer, INT32 *size, BOOL flag); -UINT16 -TPMT_SYM_DEF_Marshal(TPMT_SYM_DEF *source, BYTE **buffer, INT32 *size); - -// Table 2:137 - Definition of TPMT_SYM_DEF_OBJECT Structure -TPM_RC -TPMT_SYM_DEF_OBJECT_Unmarshal(TPMT_SYM_DEF_OBJECT *target, - BYTE **buffer, INT32 *size, BOOL flag); -UINT16 -TPMT_SYM_DEF_OBJECT_Marshal(TPMT_SYM_DEF_OBJECT *source, - BYTE **buffer, INT32 *size); - -// Table 2:138 - Definition of TPM2B_SYM_KEY Structure -TPM_RC -TPM2B_SYM_KEY_Unmarshal(TPM2B_SYM_KEY *target, BYTE **buffer, INT32 *size); -UINT16 -TPM2B_SYM_KEY_Marshal(TPM2B_SYM_KEY *source, BYTE **buffer, INT32 *size); - -// Table 2:139 - Definition of TPMS_SYMCIPHER_PARMS Structure -TPM_RC -TPMS_SYMCIPHER_PARMS_Unmarshal(TPMS_SYMCIPHER_PARMS *target, - BYTE **buffer, INT32 *size); -UINT16 -TPMS_SYMCIPHER_PARMS_Marshal(TPMS_SYMCIPHER_PARMS *source, - BYTE **buffer, INT32 *size); - -// Table 2:140 - Definition of TPM2B_LABEL Structure -TPM_RC -TPM2B_LABEL_Unmarshal(TPM2B_LABEL *target, BYTE **buffer, INT32 *size); -UINT16 -TPM2B_LABEL_Marshal(TPM2B_LABEL *source, BYTE **buffer, INT32 *size); - -// Table 2:141 - Definition of TPMS_DERIVE Structure -TPM_RC -TPMS_DERIVE_Unmarshal(TPMS_DERIVE *target, BYTE **buffer, INT32 *size); -UINT16 -TPMS_DERIVE_Marshal(TPMS_DERIVE *source, BYTE **buffer, INT32 *size); - -// Table 2:142 - Definition of TPM2B_DERIVE Structure -TPM_RC -TPM2B_DERIVE_Unmarshal(TPM2B_DERIVE *target, BYTE **buffer, INT32 *size); -UINT16 -TPM2B_DERIVE_Marshal(TPM2B_DERIVE *source, BYTE **buffer, INT32 *size); - -// Table 2:143 - Definition of TPMU_SENSITIVE_CREATE Union -// Table 2:144 - Definition of TPM2B_SENSITIVE_DATA Structure -TPM_RC -TPM2B_SENSITIVE_DATA_Unmarshal(TPM2B_SENSITIVE_DATA *target, - BYTE **buffer, INT32 *size); -UINT16 -TPM2B_SENSITIVE_DATA_Marshal(TPM2B_SENSITIVE_DATA *source, - BYTE **buffer, INT32 *size); - -// Table 2:145 - Definition of TPMS_SENSITIVE_CREATE Structure -TPM_RC -TPMS_SENSITIVE_CREATE_Unmarshal(TPMS_SENSITIVE_CREATE *target, - BYTE **buffer, INT32 *size); - -// Table 2:146 - Definition of TPM2B_SENSITIVE_CREATE Structure -TPM_RC -TPM2B_SENSITIVE_CREATE_Unmarshal(TPM2B_SENSITIVE_CREATE *target, - BYTE **buffer, INT32 *size); - -// Table 2:147 - Definition of TPMS_SCHEME_HASH Structure -TPM_RC -TPMS_SCHEME_HASH_Unmarshal(TPMS_SCHEME_HASH *target, BYTE **buffer, INT32 *size); -UINT16 -TPMS_SCHEME_HASH_Marshal(TPMS_SCHEME_HASH *source, BYTE **buffer, INT32 *size); - -// Table 2:148 - Definition of TPMS_SCHEME_ECDAA Structure -#if ALG_ECC -TPM_RC -TPMS_SCHEME_ECDAA_Unmarshal(TPMS_SCHEME_ECDAA *target, BYTE **buffer, INT32 *size); -UINT16 -TPMS_SCHEME_ECDAA_Marshal(TPMS_SCHEME_ECDAA *source, BYTE **buffer, INT32 *size); -#endif // ALG_ECC - -// Table 2:149 - Definition of TPMI_ALG_KEYEDHASH_SCHEME Type -TPM_RC -TPMI_ALG_KEYEDHASH_SCHEME_Unmarshal(TPMI_ALG_KEYEDHASH_SCHEME *target, - BYTE **buffer, INT32 *size, BOOL flag); -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_ALG_KEYEDHASH_SCHEME_Marshal(TPMI_ALG_KEYEDHASH_SCHEME *source, - BYTE **buffer, INT32 *size); -#else -#define TPMI_ALG_KEYEDHASH_SCHEME_Marshal(source, buffer, size) \ - TPM_ALG_ID_Marshal((TPM_ALG_ID *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:150 - Definition of Types for HMAC_SIG_SCHEME -#if !USE_MARSHALING_DEFINES -TPM_RC -TPMS_SCHEME_HMAC_Unmarshal(TPMS_SCHEME_HMAC *target, BYTE **buffer, INT32 *size); -#else -#define TPMS_SCHEME_HMAC_Unmarshal(target, buffer, size) \ - TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)(target), \ - (buffer), \ - (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -UINT16 -TPMS_SCHEME_HMAC_Marshal(TPMS_SCHEME_HMAC *source, BYTE **buffer, INT32 *size); -#else -#define TPMS_SCHEME_HMAC_Marshal(source, buffer, size) \ - TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)(source), \ - (buffer), \ - (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:151 - Definition of TPMS_SCHEME_XOR Structure -TPM_RC -TPMS_SCHEME_XOR_Unmarshal(TPMS_SCHEME_XOR *target, BYTE **buffer, INT32 *size); -UINT16 -TPMS_SCHEME_XOR_Marshal(TPMS_SCHEME_XOR *source, BYTE **buffer, INT32 *size); - -// Table 2:152 - Definition of TPMU_SCHEME_KEYEDHASH Union -TPM_RC -TPMU_SCHEME_KEYEDHASH_Unmarshal(TPMU_SCHEME_KEYEDHASH *target, - BYTE **buffer, INT32 *size, UINT32 selector); -UINT16 -TPMU_SCHEME_KEYEDHASH_Marshal(TPMU_SCHEME_KEYEDHASH *source, - BYTE **buffer, INT32 *size, UINT32 selector); - -// Table 2:153 - Definition of TPMT_KEYEDHASH_SCHEME Structure -TPM_RC -TPMT_KEYEDHASH_SCHEME_Unmarshal(TPMT_KEYEDHASH_SCHEME *target, - BYTE **buffer, INT32 *size, BOOL flag); -UINT16 -TPMT_KEYEDHASH_SCHEME_Marshal(TPMT_KEYEDHASH_SCHEME *source, - BYTE **buffer, INT32 *size); - -// Table 2:154 - Definition of Types for RSA Signature Schemes -#if ALG_RSA -#if !USE_MARSHALING_DEFINES -TPM_RC -TPMS_SIG_SCHEME_RSASSA_Unmarshal(TPMS_SIG_SCHEME_RSASSA *target, - BYTE **buffer, INT32 *size); -#else -#define TPMS_SIG_SCHEME_RSASSA_Unmarshal(target, buffer, size) \ - TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)(target), \ - (buffer), \ - (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -UINT16 -TPMS_SIG_SCHEME_RSASSA_Marshal(TPMS_SIG_SCHEME_RSASSA *source, - BYTE **buffer, INT32 *size); -#else -#define TPMS_SIG_SCHEME_RSASSA_Marshal(source, buffer, size) \ - TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)(source), \ - (buffer), \ - (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -TPM_RC -TPMS_SIG_SCHEME_RSAPSS_Unmarshal(TPMS_SIG_SCHEME_RSAPSS *target, - BYTE **buffer, INT32 *size); -#else -#define TPMS_SIG_SCHEME_RSAPSS_Unmarshal(target, buffer, size) \ - TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)(target), \ - (buffer), \ - (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -UINT16 -TPMS_SIG_SCHEME_RSAPSS_Marshal(TPMS_SIG_SCHEME_RSAPSS *source, - BYTE **buffer, INT32 *size); -#else -#define TPMS_SIG_SCHEME_RSAPSS_Marshal(source, buffer, size) \ - TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)(source), \ - (buffer), \ - (size)) -#endif // !USE_MARSHALING_DEFINES -#endif // ALG_RSA - -// Table 2:155 - Definition of Types for ECC Signature Schemes -#if ALG_ECC -#if !USE_MARSHALING_DEFINES -TPM_RC -TPMS_SIG_SCHEME_ECDSA_Unmarshal(TPMS_SIG_SCHEME_ECDSA *target, - BYTE **buffer, INT32 *size); -#else -#define TPMS_SIG_SCHEME_ECDSA_Unmarshal(target, buffer, size) \ - TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)(target), \ - (buffer), \ - (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -UINT16 -TPMS_SIG_SCHEME_ECDSA_Marshal(TPMS_SIG_SCHEME_ECDSA *source, - BYTE **buffer, INT32 *size); -#else -#define TPMS_SIG_SCHEME_ECDSA_Marshal(source, buffer, size) \ - TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)(source), \ - (buffer), \ - (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -TPM_RC -TPMS_SIG_SCHEME_SM2_Unmarshal(TPMS_SIG_SCHEME_SM2 *target, - BYTE **buffer, INT32 *size); -#else -#define TPMS_SIG_SCHEME_SM2_Unmarshal(target, buffer, size) \ - TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)(target), \ - (buffer), \ - (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -UINT16 -TPMS_SIG_SCHEME_SM2_Marshal(TPMS_SIG_SCHEME_SM2 *source, - BYTE **buffer, INT32 *size); -#else -#define TPMS_SIG_SCHEME_SM2_Marshal(source, buffer, size) \ - TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)(source), \ - (buffer), \ - (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -TPM_RC -TPMS_SIG_SCHEME_ECSCHNORR_Unmarshal(TPMS_SIG_SCHEME_ECSCHNORR *target, - BYTE **buffer, INT32 *size); -#else -#define TPMS_SIG_SCHEME_ECSCHNORR_Unmarshal(target, buffer, size) \ - TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)(target), \ - (buffer), \ - (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -UINT16 -TPMS_SIG_SCHEME_ECSCHNORR_Marshal(TPMS_SIG_SCHEME_ECSCHNORR *source, - BYTE **buffer, INT32 *size); -#else -#define TPMS_SIG_SCHEME_ECSCHNORR_Marshal(source, buffer, size) \ - TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)(source), \ - (buffer), \ - (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -TPM_RC -TPMS_SIG_SCHEME_ECDAA_Unmarshal(TPMS_SIG_SCHEME_ECDAA *target, - BYTE **buffer, INT32 *size); -#else -#define TPMS_SIG_SCHEME_ECDAA_Unmarshal(target, buffer, size) \ - TPMS_SCHEME_ECDAA_Unmarshal((TPMS_SCHEME_ECDAA *)(target), \ - (buffer), \ - (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -UINT16 -TPMS_SIG_SCHEME_ECDAA_Marshal(TPMS_SIG_SCHEME_ECDAA *source, - BYTE **buffer, INT32 *size); -#else -#define TPMS_SIG_SCHEME_ECDAA_Marshal(source, buffer, size) \ - TPMS_SCHEME_ECDAA_Marshal((TPMS_SCHEME_ECDAA *)(source), \ - (buffer), \ - (size)) -#endif // !USE_MARSHALING_DEFINES -#endif // ALG_ECC - -// Table 2:156 - Definition of TPMU_SIG_SCHEME Union -TPM_RC -TPMU_SIG_SCHEME_Unmarshal(TPMU_SIG_SCHEME *target, - BYTE **buffer, INT32 *size, UINT32 selector); -UINT16 -TPMU_SIG_SCHEME_Marshal(TPMU_SIG_SCHEME *source, - BYTE **buffer, INT32 *size, UINT32 selector); - -// Table 2:157 - Definition of TPMT_SIG_SCHEME Structure -TPM_RC -TPMT_SIG_SCHEME_Unmarshal(TPMT_SIG_SCHEME *target, - BYTE **buffer, INT32 *size, BOOL flag); -UINT16 -TPMT_SIG_SCHEME_Marshal(TPMT_SIG_SCHEME *source, BYTE **buffer, INT32 *size); - -// Table 2:158 - Definition of Types for Encryption Schemes -#if ALG_RSA -#if !USE_MARSHALING_DEFINES -TPM_RC -TPMS_ENC_SCHEME_OAEP_Unmarshal(TPMS_ENC_SCHEME_OAEP *target, - BYTE **buffer, INT32 *size); -#else -#define TPMS_ENC_SCHEME_OAEP_Unmarshal(target, buffer, size) \ - TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)(target), \ - (buffer), \ - (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -UINT16 -TPMS_ENC_SCHEME_OAEP_Marshal(TPMS_ENC_SCHEME_OAEP *source, - BYTE **buffer, INT32 *size); -#else -#define TPMS_ENC_SCHEME_OAEP_Marshal(source, buffer, size) \ - TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)(source), \ - (buffer), \ - (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -TPM_RC -TPMS_ENC_SCHEME_RSAES_Unmarshal(TPMS_ENC_SCHEME_RSAES *target, - BYTE **buffer, INT32 *size); -#else -#define TPMS_ENC_SCHEME_RSAES_Unmarshal(target, buffer, size) \ - TPMS_EMPTY_Unmarshal((TPMS_EMPTY *)(target), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -UINT16 -TPMS_ENC_SCHEME_RSAES_Marshal(TPMS_ENC_SCHEME_RSAES *source, - BYTE **buffer, INT32 *size); -#else -#define TPMS_ENC_SCHEME_RSAES_Marshal(source, buffer, size) \ - TPMS_EMPTY_Marshal((TPMS_EMPTY *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES -#endif // ALG_RSA - -// Table 2:159 - Definition of Types for ECC Key Exchange -#if ALG_ECC -#if !USE_MARSHALING_DEFINES -TPM_RC -TPMS_KEY_SCHEME_ECDH_Unmarshal(TPMS_KEY_SCHEME_ECDH *target, - BYTE **buffer, INT32 *size); -#else -#define TPMS_KEY_SCHEME_ECDH_Unmarshal(target, buffer, size) \ - TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)(target), \ - (buffer), \ - (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -UINT16 -TPMS_KEY_SCHEME_ECDH_Marshal(TPMS_KEY_SCHEME_ECDH *source, - BYTE **buffer, INT32 *size); -#else -#define TPMS_KEY_SCHEME_ECDH_Marshal(source, buffer, size) \ - TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)(source), \ - (buffer), \ - (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -TPM_RC -TPMS_KEY_SCHEME_ECMQV_Unmarshal(TPMS_KEY_SCHEME_ECMQV *target, - BYTE **buffer, INT32 *size); -#else -#define TPMS_KEY_SCHEME_ECMQV_Unmarshal(target, buffer, size) \ - TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)(target), \ - (buffer), \ - (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -UINT16 -TPMS_KEY_SCHEME_ECMQV_Marshal(TPMS_KEY_SCHEME_ECMQV *source, - BYTE **buffer, INT32 *size); -#else -#define TPMS_KEY_SCHEME_ECMQV_Marshal(source, buffer, size) \ - TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)(source), \ - (buffer), \ - (size)) -#endif // !USE_MARSHALING_DEFINES -#endif // ALG_ECC - -// Table 2:160 - Definition of Types for KDF Schemes -#if !USE_MARSHALING_DEFINES -TPM_RC -TPMS_SCHEME_MGF1_Unmarshal(TPMS_SCHEME_MGF1 *target, BYTE **buffer, INT32 *size); -#else -#define TPMS_SCHEME_MGF1_Unmarshal(target, buffer, size) \ - TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)(target), \ - (buffer), \ - (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -UINT16 -TPMS_SCHEME_MGF1_Marshal(TPMS_SCHEME_MGF1 *source, BYTE **buffer, INT32 *size); -#else -#define TPMS_SCHEME_MGF1_Marshal(source, buffer, size) \ - TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)(source), \ - (buffer), \ - (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -TPM_RC -TPMS_SCHEME_KDF1_SP800_56A_Unmarshal(TPMS_SCHEME_KDF1_SP800_56A *target, - BYTE **buffer, INT32 *size); -#else -#define TPMS_SCHEME_KDF1_SP800_56A_Unmarshal(target, buffer, size) \ - TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)(target), \ - (buffer), \ - (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -UINT16 -TPMS_SCHEME_KDF1_SP800_56A_Marshal(TPMS_SCHEME_KDF1_SP800_56A *source, - BYTE **buffer, INT32 *size); -#else -#define TPMS_SCHEME_KDF1_SP800_56A_Marshal(source, buffer, size) \ - TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)(source), \ - (buffer), \ - (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -TPM_RC -TPMS_SCHEME_KDF2_Unmarshal(TPMS_SCHEME_KDF2 *target, BYTE **buffer, INT32 *size); -#else -#define TPMS_SCHEME_KDF2_Unmarshal(target, buffer, size) \ - TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)(target), \ - (buffer), \ - (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -UINT16 -TPMS_SCHEME_KDF2_Marshal(TPMS_SCHEME_KDF2 *source, BYTE **buffer, INT32 *size); -#else -#define TPMS_SCHEME_KDF2_Marshal(source, buffer, size) \ - TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)(source), \ - (buffer), \ - (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -TPM_RC -TPMS_SCHEME_KDF1_SP800_108_Unmarshal(TPMS_SCHEME_KDF1_SP800_108 *target, - BYTE **buffer, INT32 *size); -#else -#define TPMS_SCHEME_KDF1_SP800_108_Unmarshal(target, buffer, size) \ - TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)(target), \ - (buffer), \ - (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -UINT16 -TPMS_SCHEME_KDF1_SP800_108_Marshal(TPMS_SCHEME_KDF1_SP800_108 *source, - BYTE **buffer, INT32 *size); -#else -#define TPMS_SCHEME_KDF1_SP800_108_Marshal(source, buffer, size) \ - TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)(source), \ - (buffer), \ - (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:161 - Definition of TPMU_KDF_SCHEME Union -TPM_RC -TPMU_KDF_SCHEME_Unmarshal(TPMU_KDF_SCHEME *target, - BYTE **buffer, INT32 *size, UINT32 selector); -UINT16 -TPMU_KDF_SCHEME_Marshal(TPMU_KDF_SCHEME *source, - BYTE **buffer, INT32 *size, UINT32 selector); - -// Table 2:162 - Definition of TPMT_KDF_SCHEME Structure -TPM_RC -TPMT_KDF_SCHEME_Unmarshal(TPMT_KDF_SCHEME *target, - BYTE **buffer, INT32 *size, BOOL flag); -UINT16 -TPMT_KDF_SCHEME_Marshal(TPMT_KDF_SCHEME *source, BYTE **buffer, INT32 *size); - -// Table 2:163 - Definition of TPMI_ALG_ASYM_SCHEME Type -TPM_RC -TPMI_ALG_ASYM_SCHEME_Unmarshal(TPMI_ALG_ASYM_SCHEME *target, - BYTE **buffer, INT32 *size, BOOL flag); -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_ALG_ASYM_SCHEME_Marshal(TPMI_ALG_ASYM_SCHEME *source, - BYTE **buffer, INT32 *size); -#else -#define TPMI_ALG_ASYM_SCHEME_Marshal(source, buffer, size) \ - TPM_ALG_ID_Marshal((TPM_ALG_ID *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:164 - Definition of TPMU_ASYM_SCHEME Union -TPM_RC -TPMU_ASYM_SCHEME_Unmarshal(TPMU_ASYM_SCHEME *target, - BYTE **buffer, INT32 *size, UINT32 selector); -UINT16 -TPMU_ASYM_SCHEME_Marshal(TPMU_ASYM_SCHEME *source, - BYTE **buffer, INT32 *size, UINT32 selector); - -// Table 2:165 - Definition of TPMT_ASYM_SCHEME Structure -// Table 2:166 - Definition of TPMI_ALG_RSA_SCHEME Type -#if ALG_RSA -TPM_RC -TPMI_ALG_RSA_SCHEME_Unmarshal(TPMI_ALG_RSA_SCHEME *target, - BYTE **buffer, INT32 *size, BOOL flag); -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_ALG_RSA_SCHEME_Marshal(TPMI_ALG_RSA_SCHEME *source, - BYTE **buffer, INT32 *size); -#else -#define TPMI_ALG_RSA_SCHEME_Marshal(source, buffer, size) \ - TPM_ALG_ID_Marshal((TPM_ALG_ID *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES -#endif // ALG_RSA - -// Table 2:167 - Definition of TPMT_RSA_SCHEME Structure -#if ALG_RSA -TPM_RC -TPMT_RSA_SCHEME_Unmarshal(TPMT_RSA_SCHEME *target, - BYTE **buffer, INT32 *size, BOOL flag); -UINT16 -TPMT_RSA_SCHEME_Marshal(TPMT_RSA_SCHEME *source, BYTE **buffer, INT32 *size); -#endif // ALG_RSA - -// Table 2:168 - Definition of TPMI_ALG_RSA_DECRYPT Type -#if ALG_RSA -TPM_RC -TPMI_ALG_RSA_DECRYPT_Unmarshal(TPMI_ALG_RSA_DECRYPT *target, - BYTE **buffer, INT32 *size, BOOL flag); -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_ALG_RSA_DECRYPT_Marshal(TPMI_ALG_RSA_DECRYPT *source, - BYTE **buffer, INT32 *size); -#else -#define TPMI_ALG_RSA_DECRYPT_Marshal(source, buffer, size) \ - TPM_ALG_ID_Marshal((TPM_ALG_ID *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES -#endif // ALG_RSA - -// Table 2:169 - Definition of TPMT_RSA_DECRYPT Structure -#if ALG_RSA -TPM_RC -TPMT_RSA_DECRYPT_Unmarshal(TPMT_RSA_DECRYPT *target, - BYTE **buffer, INT32 *size, BOOL flag); -UINT16 -TPMT_RSA_DECRYPT_Marshal(TPMT_RSA_DECRYPT *source, BYTE **buffer, INT32 *size); -#endif // ALG_RSA - -// Table 2:170 - Definition of TPM2B_PUBLIC_KEY_RSA Structure -#if ALG_RSA -TPM_RC -TPM2B_PUBLIC_KEY_RSA_Unmarshal(TPM2B_PUBLIC_KEY_RSA *target, - BYTE **buffer, INT32 *size); -UINT16 -TPM2B_PUBLIC_KEY_RSA_Marshal(TPM2B_PUBLIC_KEY_RSA *source, - BYTE **buffer, INT32 *size); -#endif // ALG_RSA - -// Table 2:171 - Definition of TPMI_RSA_KEY_BITS Type -#if ALG_RSA -TPM_RC -TPMI_RSA_KEY_BITS_Unmarshal(TPMI_RSA_KEY_BITS *target, BYTE **buffer, INT32 *size); -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_RSA_KEY_BITS_Marshal(TPMI_RSA_KEY_BITS *source, BYTE **buffer, INT32 *size); -#else -#define TPMI_RSA_KEY_BITS_Marshal(source, buffer, size) \ - TPM_KEY_BITS_Marshal((TPM_KEY_BITS *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES -#endif // ALG_RSA - -// Table 2:172 - Definition of TPM2B_PRIVATE_KEY_RSA Structure -#if ALG_RSA -TPM_RC -TPM2B_PRIVATE_KEY_RSA_Unmarshal(TPM2B_PRIVATE_KEY_RSA *target, - BYTE **buffer, INT32 *size); -UINT16 -TPM2B_PRIVATE_KEY_RSA_Marshal(TPM2B_PRIVATE_KEY_RSA *source, - BYTE **buffer, INT32 *size); -#endif // ALG_RSA - -// Table 2:173 - Definition of TPM2B_ECC_PARAMETER Structure -TPM_RC -TPM2B_ECC_PARAMETER_Unmarshal(TPM2B_ECC_PARAMETER *target, - BYTE **buffer, INT32 *size); -UINT16 -TPM2B_ECC_PARAMETER_Marshal(TPM2B_ECC_PARAMETER *source, - BYTE **buffer, INT32 *size); - -// Table 2:174 - Definition of TPMS_ECC_POINT Structure -#if ALG_ECC -TPM_RC -TPMS_ECC_POINT_Unmarshal(TPMS_ECC_POINT *target, BYTE **buffer, INT32 *size); -UINT16 -TPMS_ECC_POINT_Marshal(TPMS_ECC_POINT *source, BYTE **buffer, INT32 *size); -#endif // ALG_ECC - -// Table 2:175 - Definition of TPM2B_ECC_POINT Structure -#if ALG_ECC -TPM_RC -TPM2B_ECC_POINT_Unmarshal(TPM2B_ECC_POINT *target, BYTE **buffer, INT32 *size); -UINT16 -TPM2B_ECC_POINT_Marshal(TPM2B_ECC_POINT *source, BYTE **buffer, INT32 *size); -#endif // ALG_ECC - -// Table 2:176 - Definition of TPMI_ALG_ECC_SCHEME Type -#if ALG_ECC -TPM_RC -TPMI_ALG_ECC_SCHEME_Unmarshal(TPMI_ALG_ECC_SCHEME *target, - BYTE **buffer, INT32 *size, BOOL flag); -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_ALG_ECC_SCHEME_Marshal(TPMI_ALG_ECC_SCHEME *source, - BYTE **buffer, INT32 *size); -#else -#define TPMI_ALG_ECC_SCHEME_Marshal(source, buffer, size) \ - TPM_ALG_ID_Marshal((TPM_ALG_ID *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES -#endif // ALG_ECC - -// Table 2:177 - Definition of TPMI_ECC_CURVE Type -#if ALG_ECC -TPM_RC -TPMI_ECC_CURVE_Unmarshal(TPMI_ECC_CURVE *target, BYTE **buffer, INT32 *size); -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_ECC_CURVE_Marshal(TPMI_ECC_CURVE *source, BYTE **buffer, INT32 *size); -#else -#define TPMI_ECC_CURVE_Marshal(source, buffer, size) \ - TPM_ECC_CURVE_Marshal((TPM_ECC_CURVE *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES -#endif // ALG_ECC - -// Table 2:178 - Definition of TPMT_ECC_SCHEME Structure -#if ALG_ECC -TPM_RC -TPMT_ECC_SCHEME_Unmarshal(TPMT_ECC_SCHEME *target, - BYTE **buffer, INT32 *size, BOOL flag); -UINT16 -TPMT_ECC_SCHEME_Marshal(TPMT_ECC_SCHEME *source, BYTE **buffer, INT32 *size); -#endif // ALG_ECC - -// Table 2:179 - Definition of TPMS_ALGORITHM_DETAIL_ECC Structure -#if ALG_ECC -UINT16 -TPMS_ALGORITHM_DETAIL_ECC_Marshal(TPMS_ALGORITHM_DETAIL_ECC *source, - BYTE **buffer, INT32 *size); -#endif // ALG_ECC - -// Table 2:180 - Definition of TPMS_SIGNATURE_RSA Structure -#if ALG_RSA -TPM_RC -TPMS_SIGNATURE_RSA_Unmarshal(TPMS_SIGNATURE_RSA *target, - BYTE **buffer, INT32 *size); -UINT16 -TPMS_SIGNATURE_RSA_Marshal(TPMS_SIGNATURE_RSA *source, BYTE **buffer, INT32 *size); -#endif // ALG_RSA - -// Table 2:181 - Definition of Types for Signature -#if ALG_RSA -#if !USE_MARSHALING_DEFINES -TPM_RC -TPMS_SIGNATURE_RSASSA_Unmarshal(TPMS_SIGNATURE_RSASSA *target, - BYTE **buffer, INT32 *size); -#else -#define TPMS_SIGNATURE_RSASSA_Unmarshal(target, buffer, size) \ - TPMS_SIGNATURE_RSA_Unmarshal((TPMS_SIGNATURE_RSA *)(target), \ - (buffer), \ - (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -UINT16 -TPMS_SIGNATURE_RSASSA_Marshal(TPMS_SIGNATURE_RSASSA *source, - BYTE **buffer, INT32 *size); -#else -#define TPMS_SIGNATURE_RSASSA_Marshal(source, buffer, size) \ - TPMS_SIGNATURE_RSA_Marshal((TPMS_SIGNATURE_RSA *)(source), \ - (buffer), \ - (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -TPM_RC -TPMS_SIGNATURE_RSAPSS_Unmarshal(TPMS_SIGNATURE_RSAPSS *target, - BYTE **buffer, INT32 *size); -#else -#define TPMS_SIGNATURE_RSAPSS_Unmarshal(target, buffer, size) \ - TPMS_SIGNATURE_RSA_Unmarshal((TPMS_SIGNATURE_RSA *)(target), \ - (buffer), \ - (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -UINT16 -TPMS_SIGNATURE_RSAPSS_Marshal(TPMS_SIGNATURE_RSAPSS *source, - BYTE **buffer, INT32 *size); -#else -#define TPMS_SIGNATURE_RSAPSS_Marshal(source, buffer, size) \ - TPMS_SIGNATURE_RSA_Marshal((TPMS_SIGNATURE_RSA *)(source), \ - (buffer), \ - (size)) -#endif // !USE_MARSHALING_DEFINES -#endif // ALG_RSA - -// Table 2:182 - Definition of TPMS_SIGNATURE_ECC Structure -#if ALG_ECC -TPM_RC -TPMS_SIGNATURE_ECC_Unmarshal(TPMS_SIGNATURE_ECC *target, - BYTE **buffer, INT32 *size); -UINT16 -TPMS_SIGNATURE_ECC_Marshal(TPMS_SIGNATURE_ECC *source, BYTE **buffer, INT32 *size); -#endif // ALG_ECC - -// Table 2:183 - Definition of Types for TPMS_SIGNATURE_ECC -#if ALG_ECC -#if !USE_MARSHALING_DEFINES -TPM_RC -TPMS_SIGNATURE_ECDAA_Unmarshal(TPMS_SIGNATURE_ECDAA *target, - BYTE **buffer, INT32 *size); -#else -#define TPMS_SIGNATURE_ECDAA_Unmarshal(target, buffer, size) \ - TPMS_SIGNATURE_ECC_Unmarshal((TPMS_SIGNATURE_ECC *)(target), \ - (buffer), \ - (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -UINT16 -TPMS_SIGNATURE_ECDAA_Marshal(TPMS_SIGNATURE_ECDAA *source, - BYTE **buffer, INT32 *size); -#else -#define TPMS_SIGNATURE_ECDAA_Marshal(source, buffer, size) \ - TPMS_SIGNATURE_ECC_Marshal((TPMS_SIGNATURE_ECC *)(source), \ - (buffer), \ - (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -TPM_RC -TPMS_SIGNATURE_ECDSA_Unmarshal(TPMS_SIGNATURE_ECDSA *target, - BYTE **buffer, INT32 *size); -#else -#define TPMS_SIGNATURE_ECDSA_Unmarshal(target, buffer, size) \ - TPMS_SIGNATURE_ECC_Unmarshal((TPMS_SIGNATURE_ECC *)(target), \ - (buffer), \ - (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -UINT16 -TPMS_SIGNATURE_ECDSA_Marshal(TPMS_SIGNATURE_ECDSA *source, - BYTE **buffer, INT32 *size); -#else -#define TPMS_SIGNATURE_ECDSA_Marshal(source, buffer, size) \ - TPMS_SIGNATURE_ECC_Marshal((TPMS_SIGNATURE_ECC *)(source), \ - (buffer), \ - (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -TPM_RC -TPMS_SIGNATURE_SM2_Unmarshal(TPMS_SIGNATURE_SM2 *target, - BYTE **buffer, INT32 *size); -#else -#define TPMS_SIGNATURE_SM2_Unmarshal(target, buffer, size) \ - TPMS_SIGNATURE_ECC_Unmarshal((TPMS_SIGNATURE_ECC *)(target), \ - (buffer), \ - (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -UINT16 -TPMS_SIGNATURE_SM2_Marshal(TPMS_SIGNATURE_SM2 *source, BYTE **buffer, INT32 *size); -#else -#define TPMS_SIGNATURE_SM2_Marshal(source, buffer, size) \ - TPMS_SIGNATURE_ECC_Marshal((TPMS_SIGNATURE_ECC *)(source), \ - (buffer), \ - (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -TPM_RC -TPMS_SIGNATURE_ECSCHNORR_Unmarshal(TPMS_SIGNATURE_ECSCHNORR *target, - BYTE **buffer, INT32 *size); -#else -#define TPMS_SIGNATURE_ECSCHNORR_Unmarshal(target, buffer, size) \ - TPMS_SIGNATURE_ECC_Unmarshal((TPMS_SIGNATURE_ECC *)(target), \ - (buffer), \ - (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -UINT16 -TPMS_SIGNATURE_ECSCHNORR_Marshal(TPMS_SIGNATURE_ECSCHNORR *source, - BYTE **buffer, INT32 *size); -#else -#define TPMS_SIGNATURE_ECSCHNORR_Marshal(source, buffer, size) \ - TPMS_SIGNATURE_ECC_Marshal((TPMS_SIGNATURE_ECC *)(source), \ - (buffer), \ - (size)) -#endif // !USE_MARSHALING_DEFINES -#endif // ALG_ECC - -// Table 2:184 - Definition of TPMU_SIGNATURE Union -TPM_RC -TPMU_SIGNATURE_Unmarshal(TPMU_SIGNATURE *target, - BYTE **buffer, INT32 *size, UINT32 selector); -UINT16 -TPMU_SIGNATURE_Marshal(TPMU_SIGNATURE *source, - BYTE **buffer, INT32 *size, UINT32 selector); - -// Table 2:185 - Definition of TPMT_SIGNATURE Structure -TPM_RC -TPMT_SIGNATURE_Unmarshal(TPMT_SIGNATURE *target, - BYTE **buffer, INT32 *size, BOOL flag); -UINT16 -TPMT_SIGNATURE_Marshal(TPMT_SIGNATURE *source, BYTE **buffer, INT32 *size); - -// Table 2:186 - Definition of TPMU_ENCRYPTED_SECRET Union -TPM_RC -TPMU_ENCRYPTED_SECRET_Unmarshal(TPMU_ENCRYPTED_SECRET *target, - BYTE **buffer, INT32 *size, UINT32 selector); -UINT16 -TPMU_ENCRYPTED_SECRET_Marshal(TPMU_ENCRYPTED_SECRET *source, - BYTE **buffer, INT32 *size, UINT32 selector); - -// Table 2:187 - Definition of TPM2B_ENCRYPTED_SECRET Structure -TPM_RC -TPM2B_ENCRYPTED_SECRET_Unmarshal(TPM2B_ENCRYPTED_SECRET *target, - BYTE **buffer, INT32 *size); -UINT16 -TPM2B_ENCRYPTED_SECRET_Marshal(TPM2B_ENCRYPTED_SECRET *source, - BYTE **buffer, INT32 *size); - -// Table 2:188 - Definition of TPMI_ALG_PUBLIC Type -TPM_RC -TPMI_ALG_PUBLIC_Unmarshal(TPMI_ALG_PUBLIC *target, BYTE **buffer, INT32 *size); -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_ALG_PUBLIC_Marshal(TPMI_ALG_PUBLIC *source, BYTE **buffer, INT32 *size); -#else -#define TPMI_ALG_PUBLIC_Marshal(source, buffer, size) \ - TPM_ALG_ID_Marshal((TPM_ALG_ID *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:189 - Definition of TPMU_PUBLIC_ID Union -TPM_RC -TPMU_PUBLIC_ID_Unmarshal(TPMU_PUBLIC_ID *target, - BYTE **buffer, INT32 *size, UINT32 selector); -UINT16 -TPMU_PUBLIC_ID_Marshal(TPMU_PUBLIC_ID *source, - BYTE **buffer, INT32 *size, UINT32 selector); - -// Table 2:190 - Definition of TPMS_KEYEDHASH_PARMS Structure -TPM_RC -TPMS_KEYEDHASH_PARMS_Unmarshal(TPMS_KEYEDHASH_PARMS *target, - BYTE **buffer, INT32 *size); -UINT16 -TPMS_KEYEDHASH_PARMS_Marshal(TPMS_KEYEDHASH_PARMS *source, - BYTE **buffer, INT32 *size); - -// Table 2:191 - Definition of TPMS_ASYM_PARMS Structure -// Table 2:192 - Definition of TPMS_RSA_PARMS Structure -#if ALG_RSA -TPM_RC -TPMS_RSA_PARMS_Unmarshal(TPMS_RSA_PARMS *target, BYTE **buffer, INT32 *size); -UINT16 -TPMS_RSA_PARMS_Marshal(TPMS_RSA_PARMS *source, BYTE **buffer, INT32 *size); -#endif // ALG_RSA - -// Table 2:193 - Definition of TPMS_ECC_PARMS Structure -#if ALG_ECC -TPM_RC -TPMS_ECC_PARMS_Unmarshal(TPMS_ECC_PARMS *target, BYTE **buffer, INT32 *size); -UINT16 -TPMS_ECC_PARMS_Marshal(TPMS_ECC_PARMS *source, BYTE **buffer, INT32 *size); -#endif // ALG_ECC - -// Table 2:194 - Definition of TPMU_PUBLIC_PARMS Union -TPM_RC -TPMU_PUBLIC_PARMS_Unmarshal(TPMU_PUBLIC_PARMS *target, - BYTE **buffer, INT32 *size, UINT32 selector); -UINT16 -TPMU_PUBLIC_PARMS_Marshal(TPMU_PUBLIC_PARMS *source, - BYTE **buffer, INT32 *size, UINT32 selector); - -// Table 2:195 - Definition of TPMT_PUBLIC_PARMS Structure -TPM_RC -TPMT_PUBLIC_PARMS_Unmarshal(TPMT_PUBLIC_PARMS *target, BYTE **buffer, INT32 *size); -UINT16 -TPMT_PUBLIC_PARMS_Marshal(TPMT_PUBLIC_PARMS *source, BYTE **buffer, INT32 *size); - -// Table 2:196 - Definition of TPMT_PUBLIC Structure -TPM_RC -TPMT_PUBLIC_Unmarshal(TPMT_PUBLIC *target, BYTE **buffer, INT32 *size, BOOL flag); -UINT16 -TPMT_PUBLIC_Marshal(TPMT_PUBLIC *source, BYTE **buffer, INT32 *size); - -// Table 2:197 - Definition of TPM2B_PUBLIC Structure -TPM_RC -TPM2B_PUBLIC_Unmarshal(TPM2B_PUBLIC *target, BYTE **buffer, INT32 *size, BOOL flag); -UINT16 -TPM2B_PUBLIC_Marshal(TPM2B_PUBLIC *source, BYTE **buffer, INT32 *size); - -// Table 2:198 - Definition of TPM2B_TEMPLATE Structure -TPM_RC -TPM2B_TEMPLATE_Unmarshal(TPM2B_TEMPLATE *target, BYTE **buffer, INT32 *size); -UINT16 -TPM2B_TEMPLATE_Marshal(TPM2B_TEMPLATE *source, BYTE **buffer, INT32 *size); - -// Table 2:199 - Definition of TPM2B_PRIVATE_VENDOR_SPECIFIC Structure -TPM_RC -TPM2B_PRIVATE_VENDOR_SPECIFIC_Unmarshal(TPM2B_PRIVATE_VENDOR_SPECIFIC *target, - BYTE **buffer, INT32 *size); -UINT16 -TPM2B_PRIVATE_VENDOR_SPECIFIC_Marshal(TPM2B_PRIVATE_VENDOR_SPECIFIC *source, - BYTE **buffer, INT32 *size); - -// Table 2:200 - Definition of TPMU_SENSITIVE_COMPOSITE Union -TPM_RC -TPMU_SENSITIVE_COMPOSITE_Unmarshal(TPMU_SENSITIVE_COMPOSITE *target, - BYTE **buffer, INT32 *size, UINT32 selector); -UINT16 -TPMU_SENSITIVE_COMPOSITE_Marshal(TPMU_SENSITIVE_COMPOSITE *source, - BYTE **buffer, INT32 *size, UINT32 selector); - -// Table 2:201 - Definition of TPMT_SENSITIVE Structure -TPM_RC -TPMT_SENSITIVE_Unmarshal(TPMT_SENSITIVE *target, BYTE **buffer, INT32 *size); -UINT16 -TPMT_SENSITIVE_Marshal(TPMT_SENSITIVE *source, BYTE **buffer, INT32 *size); - -// Table 2:202 - Definition of TPM2B_SENSITIVE Structure -TPM_RC -TPM2B_SENSITIVE_Unmarshal(TPM2B_SENSITIVE *target, BYTE **buffer, INT32 *size); -UINT16 -TPM2B_SENSITIVE_Marshal(TPM2B_SENSITIVE *source, BYTE **buffer, INT32 *size); - -// Table 2:203 - Definition of _PRIVATE Structure -// Table 2:204 - Definition of TPM2B_PRIVATE Structure -TPM_RC -TPM2B_PRIVATE_Unmarshal(TPM2B_PRIVATE *target, BYTE **buffer, INT32 *size); -UINT16 -TPM2B_PRIVATE_Marshal(TPM2B_PRIVATE *source, BYTE **buffer, INT32 *size); - -// Table 2:205 - Definition of TPMS_ID_OBJECT Structure -// Table 2:206 - Definition of TPM2B_ID_OBJECT Structure -TPM_RC -TPM2B_ID_OBJECT_Unmarshal(TPM2B_ID_OBJECT *target, BYTE **buffer, INT32 *size); -UINT16 -TPM2B_ID_OBJECT_Marshal(TPM2B_ID_OBJECT *source, BYTE **buffer, INT32 *size); - -// Table 2:207 - Definition of TPM_NV_INDEX Bits -#if !USE_MARSHALING_DEFINES -UINT16 -TPM_NV_INDEX_Marshal(TPM_NV_INDEX *source, BYTE **buffer, INT32 *size); -#else -#define TPM_NV_INDEX_Marshal(source, buffer, size) \ - UINT32_Marshal((UINT32 *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:208 - Definition of TPM_NT Constants -// Table 2:209 - Definition of TPMS_NV_PIN_COUNTER_PARAMETERS Structure -TPM_RC -TPMS_NV_PIN_COUNTER_PARAMETERS_Unmarshal(TPMS_NV_PIN_COUNTER_PARAMETERS *target, - BYTE **buffer, INT32 *size); -UINT16 -TPMS_NV_PIN_COUNTER_PARAMETERS_Marshal(TPMS_NV_PIN_COUNTER_PARAMETERS *source, - BYTE **buffer, INT32 *size); - -// Table 2:210 - Definition of TPMA_NV Bits -TPM_RC -TPMA_NV_Unmarshal(TPMA_NV *target, BYTE **buffer, INT32 *size); - -#if !USE_MARSHALING_DEFINES -UINT16 -TPMA_NV_Marshal(TPMA_NV *source, BYTE **buffer, INT32 *size); -#else -#define TPMA_NV_Marshal(source, buffer, size) \ - UINT32_Marshal((UINT32 *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:211 - Definition of TPMS_NV_PUBLIC Structure -TPM_RC -TPMS_NV_PUBLIC_Unmarshal(TPMS_NV_PUBLIC *target, BYTE **buffer, INT32 *size); -UINT16 -TPMS_NV_PUBLIC_Marshal(TPMS_NV_PUBLIC *source, BYTE **buffer, INT32 *size); - -// Table 2:212 - Definition of TPM2B_NV_PUBLIC Structure -TPM_RC -TPM2B_NV_PUBLIC_Unmarshal(TPM2B_NV_PUBLIC *target, BYTE **buffer, INT32 *size); -UINT16 -TPM2B_NV_PUBLIC_Marshal(TPM2B_NV_PUBLIC *source, BYTE **buffer, INT32 *size); - -// Table 2:213 - Definition of TPM2B_CONTEXT_SENSITIVE Structure -TPM_RC -TPM2B_CONTEXT_SENSITIVE_Unmarshal(TPM2B_CONTEXT_SENSITIVE *target, - BYTE **buffer, INT32 *size); -UINT16 -TPM2B_CONTEXT_SENSITIVE_Marshal(TPM2B_CONTEXT_SENSITIVE *source, - BYTE **buffer, INT32 *size); - -// Table 2:214 - Definition of TPMS_CONTEXT_DATA Structure -TPM_RC -TPMS_CONTEXT_DATA_Unmarshal(TPMS_CONTEXT_DATA *target, BYTE **buffer, INT32 *size); -UINT16 -TPMS_CONTEXT_DATA_Marshal(TPMS_CONTEXT_DATA *source, BYTE **buffer, INT32 *size); - -// Table 2:215 - Definition of TPM2B_CONTEXT_DATA Structure -TPM_RC -TPM2B_CONTEXT_DATA_Unmarshal(TPM2B_CONTEXT_DATA *target, - BYTE **buffer, INT32 *size); -UINT16 -TPM2B_CONTEXT_DATA_Marshal(TPM2B_CONTEXT_DATA *source, BYTE **buffer, INT32 *size); - -// Table 2:216 - Definition of TPMS_CONTEXT Structure -TPM_RC -TPMS_CONTEXT_Unmarshal(TPMS_CONTEXT *target, BYTE **buffer, INT32 *size); -UINT16 -TPMS_CONTEXT_Marshal(TPMS_CONTEXT *source, BYTE **buffer, INT32 *size); - -// Table 2:218 - Definition of TPMS_CREATION_DATA Structure -UINT16 -TPMS_CREATION_DATA_Marshal(TPMS_CREATION_DATA *source, BYTE **buffer, INT32 *size); - -// Table 2:219 - Definition of TPM2B_CREATION_DATA Structure -UINT16 -TPM2B_CREATION_DATA_Marshal(TPM2B_CREATION_DATA *source, - BYTE **buffer, INT32 *size); - -// Table 2:220 - Definition of TPM_AT Constants -TPM_RC -TPM_AT_Unmarshal(TPM_AT *target, BYTE **buffer, INT32 *size); -#if !USE_MARSHALING_DEFINES -UINT16 -TPM_AT_Marshal(TPM_AT *source, BYTE **buffer, INT32 *size); -#else -#define TPM_AT_Marshal(source, buffer, size) \ - UINT32_Marshal((UINT32 *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:221 - Definition of TPM_AE Constants -#if !USE_MARSHALING_DEFINES -UINT16 -TPM_AE_Marshal(TPM_AE *source, BYTE **buffer, INT32 *size); -#else -#define TPM_AE_Marshal(source, buffer, size) \ - UINT32_Marshal((UINT32 *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:222 - Definition of TPMS_AC_OUTPUT Structure -UINT16 -TPMS_AC_OUTPUT_Marshal(TPMS_AC_OUTPUT *source, BYTE **buffer, INT32 *size); - -// Table 2:223 - Definition of TPML_AC_CAPABILITIES Structure -UINT16 -TPML_AC_CAPABILITIES_Marshal(TPML_AC_CAPABILITIES *source, - BYTE **buffer, INT32 *size); - -// Array Marshal/Unmarshal for BYTE -TPM_RC -BYTE_Array_Unmarshal(BYTE *target, BYTE **buffer, INT32 *size, INT32 count); -UINT16 -BYTE_Array_Marshal(BYTE *source, BYTE **buffer, INT32 *size, INT32 count); - -// Array Marshal/Unmarshal for TPM2B_DIGEST -TPM_RC -TPM2B_DIGEST_Array_Unmarshal(TPM2B_DIGEST *target, - BYTE **buffer, INT32 *size, INT32 count); -UINT16 -TPM2B_DIGEST_Array_Marshal(TPM2B_DIGEST *source, - BYTE **buffer, INT32 *size, INT32 count); - -// Array Marshal for TPMA_CC -UINT16 -TPMA_CC_Array_Marshal(TPMA_CC *source, BYTE **buffer, INT32 *size, INT32 count); - -// Array Marshal for TPMS_AC_OUTPUT -UINT16 -TPMS_AC_OUTPUT_Array_Marshal(TPMS_AC_OUTPUT *source, - BYTE **buffer, INT32 *size, INT32 count); - -// Array Marshal for TPMS_ALG_PROPERTY -UINT16 -TPMS_ALG_PROPERTY_Array_Marshal(TPMS_ALG_PROPERTY *source, - BYTE **buffer, INT32 *size, INT32 count); - -// Array Marshal/Unmarshal for TPMS_PCR_SELECTION -TPM_RC -TPMS_PCR_SELECTION_Array_Unmarshal(TPMS_PCR_SELECTION *target, - BYTE **buffer, INT32 *size, INT32 count); -UINT16 -TPMS_PCR_SELECTION_Array_Marshal(TPMS_PCR_SELECTION *source, - BYTE **buffer, INT32 *size, INT32 count); - -// Array Marshal for TPMS_TAGGED_PCR_SELECT -UINT16 -TPMS_TAGGED_PCR_SELECT_Array_Marshal(TPMS_TAGGED_PCR_SELECT *source, - BYTE **buffer, INT32 *size, INT32 count); - -// Array Marshal for TPMS_TAGGED_POLICY -UINT16 -TPMS_TAGGED_POLICY_Array_Marshal(TPMS_TAGGED_POLICY *source, - BYTE **buffer, INT32 *size, INT32 count); - -// Array Marshal for TPMS_TAGGED_PROPERTY -UINT16 -TPMS_TAGGED_PROPERTY_Array_Marshal(TPMS_TAGGED_PROPERTY *source, - BYTE **buffer, INT32 *size, INT32 count); - -// Array Marshal/Unmarshal for TPMT_HA -TPM_RC -TPMT_HA_Array_Unmarshal(TPMT_HA *target, - BYTE **buffer, INT32 *size, BOOL flag, INT32 count); -UINT16 -TPMT_HA_Array_Marshal(TPMT_HA *source, BYTE **buffer, INT32 *size, INT32 count); - -// Array Marshal/Unmarshal for TPM_ALG_ID -TPM_RC -TPM_ALG_ID_Array_Unmarshal(TPM_ALG_ID *target, - BYTE **buffer, INT32 *size, INT32 count); -UINT16 -TPM_ALG_ID_Array_Marshal(TPM_ALG_ID *source, - BYTE **buffer, INT32 *size, INT32 count); - -// Array Marshal/Unmarshal for TPM_CC -TPM_RC -TPM_CC_Array_Unmarshal(TPM_CC *target, BYTE **buffer, INT32 *size, INT32 count); -UINT16 -TPM_CC_Array_Marshal(TPM_CC *source, BYTE **buffer, INT32 *size, INT32 count); - -// Array Marshal/Unmarshal for TPM_ECC_CURVE -#if ALG_ECC -TPM_RC -TPM_ECC_CURVE_Array_Unmarshal(TPM_ECC_CURVE *target, - BYTE **buffer, INT32 *size, INT32 count); -UINT16 -TPM_ECC_CURVE_Array_Marshal(TPM_ECC_CURVE *source, - BYTE **buffer, INT32 *size, INT32 count); -#endif // ALG_ECC - -// Array Marshal/Unmarshal for TPM_HANDLE -TPM_RC -TPM_HANDLE_Array_Unmarshal(TPM_HANDLE *target, - BYTE **buffer, INT32 *size, INT32 count); -UINT16 -TPM_HANDLE_Array_Marshal(TPM_HANDLE *source, - BYTE **buffer, INT32 *size, INT32 count); -#endif // _MARSHAL_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/MathOnByteBuffers_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/MathOnByteBuffers_fp.h deleted file mode 100644 index 57e58b3e0..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/MathOnByteBuffers_fp.h +++ /dev/null @@ -1,147 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Mar 28, 2019 Time: 08:25:19PM - */ - -#ifndef _MATH_ON_BYTE_BUFFERS_FP_H_ -#define _MATH_ON_BYTE_BUFFERS_FP_H_ - -//*** UnsignedCmpB -// This function compare two unsigned values. The values are byte-aligned, -// big-endian numbers (e.g, a hash). -// Return Type: int -// 1 if (a > b) -// 0 if (a = b) -// -1 if (a < b) -LIB_EXPORT int -UnsignedCompareB( - UINT32 aSize, // IN: size of a - const BYTE *a, // IN: a - UINT32 bSize, // IN: size of b - const BYTE *b // IN: b -); - -//***SignedCompareB() -// Compare two signed integers: -// Return Type: int -// 1 if a > b -// 0 if a = b -// -1 if a < b -int -SignedCompareB( - const UINT32 aSize, // IN: size of a - const BYTE *a, // IN: a buffer - const UINT32 bSize, // IN: size of b - const BYTE *b // IN: b buffer -); - -//*** ModExpB -// This function is used to do modular exponentiation in support of RSA. -// The most typical uses are: 'c' = 'm'^'e' mod 'n' (RSA encrypt) and -// 'm' = 'c'^'d' mod 'n' (RSA decrypt). When doing decryption, the 'e' parameter -// of the function will contain the private exponent 'd' instead of the public -// exponent 'e'. -// -// If the results will not fit in the provided buffer, -// an error is returned (CRYPT_ERROR_UNDERFLOW). If the results is smaller -// than the buffer, the results is de-normalized. -// -// This version is intended for use with RSA and requires that 'm' be -// less than 'n'. -// -// Return Type: TPM_RC -// TPM_RC_SIZE number to exponentiate is larger than the modulus -// TPM_RC_NO_RESULT result will not fit into the provided buffer -// -TPM_RC -ModExpB( - UINT32 cSize, // IN: the size of the output buffer. It will - // need to be the same size as the modulus - BYTE *c, // OUT: the buffer to receive the results - // (c->size must be set to the maximum size - // for the returned value) - const UINT32 mSize, - const BYTE *m, // IN: number to exponentiate - const UINT32 eSize, - const BYTE *e, // IN: power - const UINT32 nSize, - const BYTE *n // IN: modulus -); - -//*** DivideB() -// Divide an integer ('n') by an integer ('d') producing a quotient ('q') and -// a remainder ('r'). If 'q' or 'r' is not needed, then the pointer to them -// may be set to NULL. -// -// Return Type: TPM_RC -// TPM_RC_NO_RESULT 'q' or 'r' is too small to receive the result -// -LIB_EXPORT TPM_RC -DivideB( - const TPM2B *n, // IN: numerator - const TPM2B *d, // IN: denominator - TPM2B *q, // OUT: quotient - TPM2B *r // OUT: remainder -); - -//*** AdjustNumberB() -// Remove/add leading zeros from a number in a TPM2B. Will try to make the number -// by adding or removing leading zeros. If the number is larger than the requested -// size, it will make the number as small as possible. Setting 'requestedSize' to -// zero is equivalent to requesting that the number be normalized. -UINT16 -AdjustNumberB( - TPM2B *num, - UINT16 requestedSize -); - -//*** ShiftLeft() -// This function shifts a byte buffer (a TPM2B) one byte to the left. That is, -// the most significant bit of the most significant byte is lost. -TPM2B * -ShiftLeft( - TPM2B *value // IN/OUT: value to shift and shifted value out -); - -//*** IsNumeric() -// Verifies that all the characters are simple numeric (0-9) -BOOL -IsNumeric( - TPM2B *value -); - -#endif // _MATH_ON_BYTE_BUFFERS_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Memory_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Memory_fp.h deleted file mode 100644 index 42f4c5845..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Memory_fp.h +++ /dev/null @@ -1,179 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Apr 7, 2019 Time: 06:58:58PM - */ - -#ifndef _MEMORY_FP_H_ -#define _MEMORY_FP_H_ - -//*** MemoryCopy() -// This is an alias for memmove. This is used in place of memcpy because -// some of the moves may overlap and rather than try to make sure that -// memmove is used when necessary, it is always used. -void -MemoryCopy( - void *dest, - const void *src, - int sSize -); - -//*** MemoryEqual() -// This function indicates if two buffers have the same values in the indicated -// number of bytes. -// Return Type: BOOL -// TRUE(1) all octets are the same -// FALSE(0) all octets are not the same -BOOL -MemoryEqual( - const void *buffer1, // IN: compare buffer1 - const void *buffer2, // IN: compare buffer2 - unsigned int size // IN: size of bytes being compared -); - -//*** MemoryCopy2B() -// This function copies a TPM2B. This can be used when the TPM2B types are -// the same or different. -// -// This function returns the number of octets in the data buffer of the TPM2B. -LIB_EXPORT INT16 -MemoryCopy2B( - TPM2B *dest, // OUT: receiving TPM2B - const TPM2B *source, // IN: source TPM2B - unsigned int dSize // IN: size of the receiving buffer -); - -//*** MemoryConcat2B() -// This function will concatenate the buffer contents of a TPM2B to an -// the buffer contents of another TPM2B and adjust the size accordingly -// ('a' := ('a' | 'b')). -void -MemoryConcat2B( - TPM2B *aInOut, // IN/OUT: destination 2B - TPM2B *bIn, // IN: second 2B - unsigned int aMaxSize // IN: The size of aInOut.buffer (max values for - // aInOut.size) -); - -//*** MemoryEqual2B() -// This function will compare two TPM2B structures. To be equal, they -// need to be the same size and the buffer contexts need to be the same -// in all octets. -// Return Type: BOOL -// TRUE(1) size and buffer contents are the same -// FALSE(0) size or buffer contents are not the same -BOOL -MemoryEqual2B( - const TPM2B *aIn, // IN: compare value - const TPM2B *bIn // IN: compare value -); - -//*** MemorySet() -// This function will set all the octets in the specified memory range to -// the specified octet value. -// Note: A previous version had an additional parameter (dSize) that was -// intended to make sure that the destination would not be overrun. The -// problem is that, in use, all that was happening was that the value of -// size was used for dSize so there was no benefit in the extra parameter. -void -MemorySet( - void *dest, - int value, - size_t size -); - -//*** MemoryPad2B() -// Function to pad a TPM2B with zeros and adjust the size. -void -MemoryPad2B( - TPM2B *b, - UINT16 newSize -); - -//*** Uint16ToByteArray() -// Function to write an integer to a byte array -void -Uint16ToByteArray( - UINT16 i, - BYTE *a -); - -//*** Uint32ToByteArray() -// Function to write an integer to a byte array -void -Uint32ToByteArray( - UINT32 i, - BYTE *a -); - -//*** Uint64ToByteArray() -// Function to write an integer to a byte array -void -Uint64ToByteArray( - UINT64 i, - BYTE *a -); - -//*** ByteArrayToUint8() -// Function to write a UINT8 to a byte array. This is included for completeness -// and to allow certain macro expansions -UINT8 -ByteArrayToUint8( - BYTE *a -); - -//*** ByteArrayToUint16() -// Function to write an integer to a byte array -UINT16 -ByteArrayToUint16( - BYTE *a -); - -//*** ByteArrayToUint32() -// Function to write an integer to a byte array -UINT32 -ByteArrayToUint32( - BYTE *a -); - -//*** ByteArrayToUint64() -// Function to write an integer to a byte array -UINT64 -ByteArrayToUint64( - BYTE *a -); - -#endif // _MEMORY_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_Certify_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_Certify_fp.h deleted file mode 100644 index 764e15e1a..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_Certify_fp.h +++ /dev/null @@ -1,79 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_NV_Certify // Command must be enabled - -#ifndef _NV_Certify_FP_H_ -#define _NV_Certify_FP_H_ - -// Input structure definition -typedef struct { - TPMI_DH_OBJECT signHandle; - TPMI_RH_NV_AUTH authHandle; - TPMI_RH_NV_INDEX nvIndex; - TPM2B_DATA qualifyingData; - TPMT_SIG_SCHEME inScheme; - UINT16 size; - UINT16 offset; -} NV_Certify_In; - -// Output structure definition -typedef struct { - TPM2B_ATTEST certifyInfo; - TPMT_SIGNATURE signature; -} NV_Certify_Out; - -// Response code modifiers -#define RC_NV_Certify_signHandle (TPM_RC_H + TPM_RC_1) -#define RC_NV_Certify_authHandle (TPM_RC_H + TPM_RC_2) -#define RC_NV_Certify_nvIndex (TPM_RC_H + TPM_RC_3) -#define RC_NV_Certify_qualifyingData (TPM_RC_P + TPM_RC_1) -#define RC_NV_Certify_inScheme (TPM_RC_P + TPM_RC_2) -#define RC_NV_Certify_size (TPM_RC_P + TPM_RC_3) -#define RC_NV_Certify_offset (TPM_RC_P + TPM_RC_4) - -// Function prototype -TPM_RC -TPM2_NV_Certify( - NV_Certify_In *in, - NV_Certify_Out *out -); - -#endif // _NV_Certify_FP_H_ -#endif // CC_NV_Certify diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_ChangeAuth_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_ChangeAuth_fp.h deleted file mode 100644 index d0620d416..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_ChangeAuth_fp.h +++ /dev/null @@ -1,62 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_NV_ChangeAuth // Command must be enabled - -#ifndef _NV_Change_Auth_FP_H_ -#define _NV_Change_Auth_FP_H_ - -// Input structure definition -typedef struct { - TPMI_RH_NV_INDEX nvIndex; - TPM2B_AUTH newAuth; -} NV_ChangeAuth_In; - -// Response code modifiers -#define RC_NV_ChangeAuth_nvIndex (TPM_RC_H + TPM_RC_1) -#define RC_NV_ChangeAuth_newAuth (TPM_RC_P + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_NV_ChangeAuth( - NV_ChangeAuth_In *in -); - -#endif // _NV_Change_Auth_FP_H_ -#endif // CC_NV_ChangeAuth diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_DefineSpace_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_DefineSpace_fp.h deleted file mode 100644 index 742702fdd..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_DefineSpace_fp.h +++ /dev/null @@ -1,64 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_NV_DefineSpace // Command must be enabled - -#ifndef _NV_Define_Space_FP_H_ -#define _NV_Define_Space_FP_H_ - -// Input structure definition -typedef struct { - TPMI_RH_PROVISION authHandle; - TPM2B_AUTH auth; - TPM2B_NV_PUBLIC publicInfo; -} NV_DefineSpace_In; - -// Response code modifiers -#define RC_NV_DefineSpace_authHandle (TPM_RC_H + TPM_RC_1) -#define RC_NV_DefineSpace_auth (TPM_RC_P + TPM_RC_1) -#define RC_NV_DefineSpace_publicInfo (TPM_RC_P + TPM_RC_2) - -// Function prototype -TPM_RC -TPM2_NV_DefineSpace( - NV_DefineSpace_In *in -); - -#endif // _NV_Define_Space_FP_H_ -#endif // CC_NV_DefineSpace diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_Extend_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_Extend_fp.h deleted file mode 100644 index 6913fcd99..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_Extend_fp.h +++ /dev/null @@ -1,64 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_NV_Extend // Command must be enabled - -#ifndef _NV_Extend_FP_H_ -#define _NV_Extend_FP_H_ - -// Input structure definition -typedef struct { - TPMI_RH_NV_AUTH authHandle; - TPMI_RH_NV_INDEX nvIndex; - TPM2B_MAX_NV_BUFFER data; -} NV_Extend_In; - -// Response code modifiers -#define RC_NV_Extend_authHandle (TPM_RC_H + TPM_RC_1) -#define RC_NV_Extend_nvIndex (TPM_RC_H + TPM_RC_2) -#define RC_NV_Extend_data (TPM_RC_P + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_NV_Extend( - NV_Extend_In *in -); - -#endif // _NV_Extend_FP_H_ -#endif // CC_NV_Extend diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_GlobalWriteLock_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_GlobalWriteLock_fp.h deleted file mode 100644 index cd11e9320..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_GlobalWriteLock_fp.h +++ /dev/null @@ -1,60 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_NV_GlobalWriteLock // Command must be enabled - -#ifndef _NV_Global_Write_Lock_FP_H_ -#define _NV_Global_Write_Lock_FP_H_ - -// Input structure definition -typedef struct { - TPMI_RH_PROVISION authHandle; -} NV_GlobalWriteLock_In; - -// Response code modifiers -#define RC_NV_GlobalWriteLock_authHandle (TPM_RC_H + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_NV_GlobalWriteLock( - NV_GlobalWriteLock_In *in -); - -#endif // _NV_Global_Write_Lock_FP_H_ -#endif // CC_NV_GlobalWriteLock diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_Increment_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_Increment_fp.h deleted file mode 100644 index 51441befc..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_Increment_fp.h +++ /dev/null @@ -1,62 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_NV_Increment // Command must be enabled - -#ifndef _NV_Increment_FP_H_ -#define _NV_Increment_FP_H_ - -// Input structure definition -typedef struct { - TPMI_RH_NV_AUTH authHandle; - TPMI_RH_NV_INDEX nvIndex; -} NV_Increment_In; - -// Response code modifiers -#define RC_NV_Increment_authHandle (TPM_RC_H + TPM_RC_1) -#define RC_NV_Increment_nvIndex (TPM_RC_H + TPM_RC_2) - -// Function prototype -TPM_RC -TPM2_NV_Increment( - NV_Increment_In *in -); - -#endif // _NV_Increment_FP_H_ -#endif // CC_NV_Increment diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_ReadLock_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_ReadLock_fp.h deleted file mode 100644 index 8687f6ac4..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_ReadLock_fp.h +++ /dev/null @@ -1,62 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_NV_ReadLock // Command must be enabled - -#ifndef _NV_Read_Lock_FP_H_ -#define _NV_Read_Lock_FP_H_ - -// Input structure definition -typedef struct { - TPMI_RH_NV_AUTH authHandle; - TPMI_RH_NV_INDEX nvIndex; -} NV_ReadLock_In; - -// Response code modifiers -#define RC_NV_ReadLock_authHandle (TPM_RC_H + TPM_RC_1) -#define RC_NV_ReadLock_nvIndex (TPM_RC_H + TPM_RC_2) - -// Function prototype -TPM_RC -TPM2_NV_ReadLock( - NV_ReadLock_In *in -); - -#endif // _NV_Read_Lock_FP_H_ -#endif // CC_NV_ReadLock diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_ReadPublic_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_ReadPublic_fp.h deleted file mode 100644 index 90e439677..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_ReadPublic_fp.h +++ /dev/null @@ -1,67 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_NV_ReadPublic // Command must be enabled - -#ifndef _NV_Read_Public_FP_H_ -#define _NV_Read_Public_FP_H_ - -// Input structure definition -typedef struct { - TPMI_RH_NV_INDEX nvIndex; -} NV_ReadPublic_In; - -// Output structure definition -typedef struct { - TPM2B_NV_PUBLIC nvPublic; - TPM2B_NAME nvName; -} NV_ReadPublic_Out; - -// Response code modifiers -#define RC_NV_ReadPublic_nvIndex (TPM_RC_H + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_NV_ReadPublic( - NV_ReadPublic_In *in, - NV_ReadPublic_Out *out -); - -#endif // _NV_Read_Public_FP_H_ -#endif // CC_NV_ReadPublic diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_Read_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_Read_fp.h deleted file mode 100644 index 384eecff0..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_Read_fp.h +++ /dev/null @@ -1,72 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_NV_Read // Command must be enabled - -#ifndef _NV_Read_FP_H_ -#define _NV_Read_FP_H_ - -// Input structure definition -typedef struct { - TPMI_RH_NV_AUTH authHandle; - TPMI_RH_NV_INDEX nvIndex; - UINT16 size; - UINT16 offset; -} NV_Read_In; - -// Output structure definition -typedef struct { - TPM2B_MAX_NV_BUFFER data; -} NV_Read_Out; - -// Response code modifiers -#define RC_NV_Read_authHandle (TPM_RC_H + TPM_RC_1) -#define RC_NV_Read_nvIndex (TPM_RC_H + TPM_RC_2) -#define RC_NV_Read_size (TPM_RC_P + TPM_RC_1) -#define RC_NV_Read_offset (TPM_RC_P + TPM_RC_2) - -// Function prototype -TPM_RC -TPM2_NV_Read( - NV_Read_In *in, - NV_Read_Out *out -); - -#endif // _NV_Read_FP_H_ -#endif // CC_NV_Read diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_SetBits_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_SetBits_fp.h deleted file mode 100644 index fee30fbea..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_SetBits_fp.h +++ /dev/null @@ -1,64 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_NV_SetBits // Command must be enabled - -#ifndef _NV_Set_Bits_FP_H_ -#define _NV_Set_Bits_FP_H_ - -// Input structure definition -typedef struct { - TPMI_RH_NV_AUTH authHandle; - TPMI_RH_NV_INDEX nvIndex; - UINT64 bits; -} NV_SetBits_In; - -// Response code modifiers -#define RC_NV_SetBits_authHandle (TPM_RC_H + TPM_RC_1) -#define RC_NV_SetBits_nvIndex (TPM_RC_H + TPM_RC_2) -#define RC_NV_SetBits_bits (TPM_RC_P + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_NV_SetBits( - NV_SetBits_In *in -); - -#endif // _NV_Set_Bits_FP_H_ -#endif // CC_NV_SetBits diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_UndefineSpaceSpecial_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_UndefineSpaceSpecial_fp.h deleted file mode 100644 index d99b64033..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_UndefineSpaceSpecial_fp.h +++ /dev/null @@ -1,62 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_NV_UndefineSpaceSpecial // Command must be enabled - -#ifndef _NV_Undefine_Space_Special_FP_H_ -#define _NV_Undefine_Space_Special_FP_H_ - -// Input structure definition -typedef struct { - TPMI_RH_NV_INDEX nvIndex; - TPMI_RH_PLATFORM platform; -} NV_UndefineSpaceSpecial_In; - -// Response code modifiers -#define RC_NV_UndefineSpaceSpecial_nvIndex (TPM_RC_H + TPM_RC_1) -#define RC_NV_UndefineSpaceSpecial_platform (TPM_RC_H + TPM_RC_2) - -// Function prototype -TPM_RC -TPM2_NV_UndefineSpaceSpecial( - NV_UndefineSpaceSpecial_In *in -); - -#endif // _NV_Undefine_Space_Special_FP_H_ -#endif // CC_NV_UndefineSpaceSpecial diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_UndefineSpace_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_UndefineSpace_fp.h deleted file mode 100644 index 217d17c84..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_UndefineSpace_fp.h +++ /dev/null @@ -1,62 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_NV_UndefineSpace // Command must be enabled - -#ifndef _NV_Undefine_Space_FP_H_ -#define _NV_Undefine_Space_FP_H_ - -// Input structure definition -typedef struct { - TPMI_RH_PROVISION authHandle; - TPMI_RH_NV_INDEX nvIndex; -} NV_UndefineSpace_In; - -// Response code modifiers -#define RC_NV_UndefineSpace_authHandle (TPM_RC_H + TPM_RC_1) -#define RC_NV_UndefineSpace_nvIndex (TPM_RC_H + TPM_RC_2) - -// Function prototype -TPM_RC -TPM2_NV_UndefineSpace( - NV_UndefineSpace_In *in -); - -#endif // _NV_Undefine_Space_FP_H_ -#endif // CC_NV_UndefineSpace diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_WriteLock_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_WriteLock_fp.h deleted file mode 100644 index af640c838..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_WriteLock_fp.h +++ /dev/null @@ -1,62 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_NV_WriteLock // Command must be enabled - -#ifndef _NV_Write_Lock_FP_H_ -#define _NV_Write_Lock_FP_H_ - -// Input structure definition -typedef struct { - TPMI_RH_NV_AUTH authHandle; - TPMI_RH_NV_INDEX nvIndex; -} NV_WriteLock_In; - -// Response code modifiers -#define RC_NV_WriteLock_authHandle (TPM_RC_H + TPM_RC_1) -#define RC_NV_WriteLock_nvIndex (TPM_RC_H + TPM_RC_2) - -// Function prototype -TPM_RC -TPM2_NV_WriteLock( - NV_WriteLock_In *in -); - -#endif // _NV_Write_Lock_FP_H_ -#endif // CC_NV_WriteLock diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_Write_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_Write_fp.h deleted file mode 100644 index c4bfb28d8..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_Write_fp.h +++ /dev/null @@ -1,66 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_NV_Write // Command must be enabled - -#ifndef _NV_Write_FP_H_ -#define _NV_Write_FP_H_ - -// Input structure definition -typedef struct { - TPMI_RH_NV_AUTH authHandle; - TPMI_RH_NV_INDEX nvIndex; - TPM2B_MAX_NV_BUFFER data; - UINT16 offset; -} NV_Write_In; - -// Response code modifiers -#define RC_NV_Write_authHandle (TPM_RC_H + TPM_RC_1) -#define RC_NV_Write_nvIndex (TPM_RC_H + TPM_RC_2) -#define RC_NV_Write_data (TPM_RC_P + TPM_RC_1) -#define RC_NV_Write_offset (TPM_RC_P + TPM_RC_2) - -// Function prototype -TPM_RC -TPM2_NV_Write( - NV_Write_In *in -); - -#endif // _NV_Write_FP_H_ -#endif // CC_NV_Write diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_spt_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_spt_fp.h deleted file mode 100644 index 0844f2dad..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_spt_fp.h +++ /dev/null @@ -1,93 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Mar 28, 2019 Time: 08:25:18PM - */ - -#ifndef _NV_SPT_FP_H_ -#define _NV_SPT_FP_H_ - -//*** NvReadAccessChecks() -// Common routine for validating a read -// Used by TPM2_NV_Read, TPM2_NV_ReadLock and TPM2_PolicyNV -// Return Type: TPM_RC -// TPM_RC_NV_AUTHORIZATION autHandle is not allowed to authorize read -// of the index -// TPM_RC_NV_LOCKED Read locked -// TPM_RC_NV_UNINITIALIZED Try to read an uninitialized index -// -TPM_RC -NvReadAccessChecks( - TPM_HANDLE authHandle, // IN: the handle that provided the - // authorization - TPM_HANDLE nvHandle, // IN: the handle of the NV index to be read - TPMA_NV attributes // IN: the attributes of 'nvHandle' -); - -//*** NvWriteAccessChecks() -// Common routine for validating a write -// Used by TPM2_NV_Write, TPM2_NV_Increment, TPM2_SetBits, and TPM2_NV_WriteLock -// Return Type: TPM_RC -// TPM_RC_NV_AUTHORIZATION Authorization fails -// TPM_RC_NV_LOCKED Write locked -// -TPM_RC -NvWriteAccessChecks( - TPM_HANDLE authHandle, // IN: the handle that provided the - // authorization - TPM_HANDLE nvHandle, // IN: the handle of the NV index to be written - TPMA_NV attributes // IN: the attributes of 'nvHandle' -); - -//*** NvClearOrderly() -// This function is used to cause gp.orderlyState to be cleared to the -// non-orderly state. -TPM_RC -NvClearOrderly( - void -); - -//*** NvIsPinPassIndex() -// Function to check to see if an NV index is a PIN Pass Index -// Return Type: BOOL -// TRUE(1) is pin pass -// FALSE(0) is not pin pass -BOOL -NvIsPinPassIndex( - TPM_HANDLE index // IN: Handle to check -); - -#endif // _NV_SPT_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NvDynamic_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NvDynamic_fp.h deleted file mode 100644 index 8c9b34e9b..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NvDynamic_fp.h +++ /dev/null @@ -1,474 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Apr 7, 2019 Time: 06:58:58PM - */ - -#ifndef _NV_DYNAMIC_FP_H_ -#define _NV_DYNAMIC_FP_H_ - -//*** NvWriteNvListEnd() -// Function to write the list terminator. -NV_REF -NvWriteNvListEnd( - NV_REF end -); - -//*** NvUpdateIndexOrderlyData() -// This function is used to cause an update of the orderly data to the NV backing -// store. -void -NvUpdateIndexOrderlyData( - void -); - -//*** NvReadIndex() -// This function is used to read the NV Index NV_INDEX. This is used so that the -// index information can be compressed and only this function would be needed -// to decompress it. Mostly, compression would only be able to save the space -// needed by the policy. -void -NvReadNvIndexInfo( - NV_REF ref, // IN: points to NV where index is located - NV_INDEX *nvIndex // OUT: place to receive index data -); - -//*** NvReadObject() -// This function is used to read a persistent object. This is used so that the -// object information can be compressed and only this function would be needed -// to uncompress it. -void -NvReadObject( - NV_REF ref, // IN: points to NV where index is located - OBJECT *object // OUT: place to receive the object data -); - -//*** NvIndexIsDefined() -// See if an index is already defined -BOOL -NvIndexIsDefined( - TPM_HANDLE nvHandle // IN: Index to look for -); - -//*** NvIsPlatformPersistentHandle() -// This function indicates if a handle references a persistent object in the -// range belonging to the platform. -// Return Type: BOOL -// TRUE(1) handle references a platform persistent object -// and may reference an owner persistent object either -// FALSE(0) handle does not reference platform persistent object -BOOL -NvIsPlatformPersistentHandle( - TPM_HANDLE handle // IN: handle -); - -//*** NvIsOwnerPersistentHandle() -// This function indicates if a handle references a persistent object in the -// range belonging to the owner. -// Return Type: BOOL -// TRUE(1) handle is owner persistent handle -// FALSE(0) handle is not owner persistent handle and may not be -// a persistent handle at all -BOOL -NvIsOwnerPersistentHandle( - TPM_HANDLE handle // IN: handle -); - -//*** NvIndexIsAccessible() -// -// This function validates that a handle references a defined NV Index and -// that the Index is currently accessible. -// Return Type: TPM_RC -// TPM_RC_HANDLE the handle points to an undefined NV Index -// If shEnable is CLEAR, this would include an index -// created using ownerAuth. If phEnableNV is CLEAR, -// this would include and index created using -// platformAuth -// TPM_RC_NV_READLOCKED Index is present but locked for reading and command -// does not write to the index -// TPM_RC_NV_WRITELOCKED Index is present but locked for writing and command -// writes to the index -TPM_RC -NvIndexIsAccessible( - TPMI_RH_NV_INDEX handle // IN: handle -); - -//*** NvGetEvictObject() -// This function is used to dereference an evict object handle and get a pointer -// to the object. -// Return Type: TPM_RC -// TPM_RC_HANDLE the handle does not point to an existing -// persistent object -TPM_RC -NvGetEvictObject( - TPM_HANDLE handle, // IN: handle - OBJECT *object // OUT: object data -); - -//*** NvIndexCacheInit() -// Function to initialize the Index cache -void -NvIndexCacheInit( - void -); - -//*** NvGetIndexData() -// This function is used to access the data in an NV Index. The data is returned -// as a byte sequence. -// -// This function requires that the NV Index be defined, and that the -// required data is within the data range. It also requires that TPMA_NV_WRITTEN -// of the Index is SET. -void -NvGetIndexData( - NV_INDEX *nvIndex, // IN: the in RAM index descriptor - NV_REF locator, // IN: where the data is located - UINT32 offset, // IN: offset of NV data - UINT16 size, // IN: number of octets of NV data to read - void *data // OUT: data buffer -); - -//*** NvHashIndexData() -// This function adds Index data to a hash. It does this in parts to avoid large stack -// buffers. -void -NvHashIndexData( - HASH_STATE *hashState, // IN: Initialized hash state - NV_INDEX *nvIndex, // IN: Index - NV_REF locator, // IN: where the data is located - UINT32 offset, // IN: starting offset - UINT16 size // IN: amount to hash -); - -//*** NvGetUINT64Data() -// Get data in integer format of a bit or counter NV Index. -// -// This function requires that the NV Index is defined and that the NV Index -// previously has been written. -UINT64 -NvGetUINT64Data( - NV_INDEX *nvIndex, // IN: the in RAM index descriptor - NV_REF locator // IN: where index exists in NV -); - -//*** NvWriteIndexAttributes() -// This function is used to write just the attributes of an index. -// Return type: TPM_RC -// TPM_RC_NV_RATE NV is rate limiting so retry -// TPM_RC_NV_UNAVAILABLE NV is not available -TPM_RC -NvWriteIndexAttributes( - TPM_HANDLE handle, - NV_REF locator, // IN: location of the index - TPMA_NV attributes // IN: attributes to write -); - -//*** NvWriteIndexAuth() -// This function is used to write the authValue of an index. It is used by -// TPM2_NV_ChangeAuth() -// Return type: TPM_RC -// TPM_RC_NV_RATE NV is rate limiting so retry -// TPM_RC_NV_UNAVAILABLE NV is not available -TPM_RC -NvWriteIndexAuth( - NV_REF locator, // IN: location of the index - TPM2B_AUTH *authValue // IN: the authValue to write -); - -//*** NvGetIndexInfo() -// This function loads the nvIndex Info into the NV cache and returns a pointer -// to the NV_INDEX. If the returned value is zero, the index was not found. -// The 'locator' parameter, if not NULL, will be set to the offset in NV of the -// Index (the location of the handle of the Index). -// -// This function will set the index cache. If the index is orderly, the attributes -// from RAM are substituted for the attributes in the cached index -NV_INDEX * -NvGetIndexInfo( - TPM_HANDLE nvHandle, // IN: the index handle - NV_REF *locator // OUT: location of the index -); - -//*** NvWriteIndexData() -// This function is used to write NV index data. It is intended to be used to -// update the data associated with the default index. -// -// This function requires that the NV Index is defined, and the data is -// within the defined data range for the index. -// -// Index data is only written due to a command that modifies the data in a single -// index. There is no case where changes are made to multiple indexes data at the -// same time. Multiple attributes may be change but not multiple index data. This -// is important because we will normally be handling the index for which we have -// the cached pointer values. -// Return type: TPM_RC -// TPM_RC_NV_RATE NV is rate limiting so retry -// TPM_RC_NV_UNAVAILABLE NV is not available -TPM_RC -NvWriteIndexData( - NV_INDEX *nvIndex, // IN: the description of the index - UINT32 offset, // IN: offset of NV data - UINT32 size, // IN: size of NV data - void *data // IN: data buffer -); - -//*** NvWriteUINT64Data() -// This function to write back a UINT64 value. The various UINT64 values (bits, -// counters, and PINs) are kept in canonical format but manipulate in native -// format. This takes a native format value converts it and saves it back as -// in canonical format. -// -// This function will return the value from NV or RAM depending on the type of the -// index (orderly or not) -// -TPM_RC -NvWriteUINT64Data( - NV_INDEX *nvIndex, // IN: the description of the index - UINT64 intValue // IN: the value to write -); - -//*** NvGetIndexName() -// This function computes the Name of an index -// The 'name' buffer receives the bytes of the Name and the return value -// is the number of octets in the Name. -// -// This function requires that the NV Index is defined. -TPM2B_NAME * -NvGetIndexName( - NV_INDEX *nvIndex, // IN: the index over which the name is to be - // computed - TPM2B_NAME *name // OUT: name of the index -); - -//*** NvGetNameByIndexHandle() -// This function is used to compute the Name of an NV Index referenced by handle. -// -// The 'name' buffer receives the bytes of the Name and the return value -// is the number of octets in the Name. -// -// This function requires that the NV Index is defined. -TPM2B_NAME * -NvGetNameByIndexHandle( - TPMI_RH_NV_INDEX handle, // IN: handle of the index - TPM2B_NAME *name // OUT: name of the index -); - -//*** NvDefineIndex() -// This function is used to assign NV memory to an NV Index. -// -// Return Type: TPM_RC -// TPM_RC_NV_SPACE insufficient NV space -TPM_RC -NvDefineIndex( - TPMS_NV_PUBLIC *publicArea, // IN: A template for an area to create. - TPM2B_AUTH *authValue // IN: The initial authorization value -); - -//*** NvAddEvictObject() -// This function is used to assign NV memory to a persistent object. -// Return Type: TPM_RC -// TPM_RC_NV_HANDLE the requested handle is already in use -// TPM_RC_NV_SPACE insufficient NV space -TPM_RC -NvAddEvictObject( - TPMI_DH_OBJECT evictHandle, // IN: new evict handle - OBJECT *object // IN: object to be added -); - -//*** NvDeleteIndex() -// This function is used to delete an NV Index. -// Return Type: TPM_RC -// TPM_RC_NV_UNAVAILABLE NV is not accessible -// TPM_RC_NV_RATE NV is rate limiting -TPM_RC -NvDeleteIndex( - NV_INDEX *nvIndex, // IN: an in RAM index descriptor - NV_REF entityAddr // IN: location in NV -); - -TPM_RC -NvDeleteEvict( - TPM_HANDLE handle // IN: handle of entity to be deleted -); - -//*** NvFlushHierarchy() -// This function will delete persistent objects belonging to the indicated hierarchy. -// If the storage hierarchy is selected, the function will also delete any -// NV Index defined using ownerAuth. -// Return Type: TPM_RC -// TPM_RC_NV_RATE NV is unavailable because of rate limit -// TPM_RC_NV_UNAVAILABLE NV is inaccessible -TPM_RC -NvFlushHierarchy( - TPMI_RH_HIERARCHY hierarchy // IN: hierarchy to be flushed. -); - -//*** NvSetGlobalLock() -// This function is used to SET the TPMA_NV_WRITELOCKED attribute for all -// NV indexes that have TPMA_NV_GLOBALLOCK SET. This function is use by -// TPM2_NV_GlobalWriteLock(). -// Return Type: TPM_RC -// TPM_RC_NV_RATE NV is unavailable because of rate limit -// TPM_RC_NV_UNAVAILABLE NV is inaccessible -TPM_RC -NvSetGlobalLock( - void -); - -//*** NvCapGetPersistent() -// This function is used to get a list of handles of the persistent objects, -// starting at 'handle'. -// -// 'Handle' must be in valid persistent object handle range, but does not -// have to reference an existing persistent object. -// Return Type: TPMI_YES_NO -// YES if there are more handles available -// NO all the available handles has been returned -TPMI_YES_NO -NvCapGetPersistent( - TPMI_DH_OBJECT handle, // IN: start handle - UINT32 count, // IN: maximum number of returned handles - TPML_HANDLE *handleList // OUT: list of handle -); - -//*** NvCapGetIndex() -// This function returns a list of handles of NV indexes, starting from 'handle'. -// 'Handle' must be in the range of NV indexes, but does not have to reference -// an existing NV Index. -// Return Type: TPMI_YES_NO -// YES if there are more handles to report -// NO all the available handles has been reported -TPMI_YES_NO -NvCapGetIndex( - TPMI_DH_OBJECT handle, // IN: start handle - UINT32 count, // IN: max number of returned handles - TPML_HANDLE *handleList // OUT: list of handle -); - -//*** NvCapGetIndexNumber() -// This function returns the count of NV Indexes currently defined. -UINT32 -NvCapGetIndexNumber( - void -); - -//*** NvCapGetPersistentNumber() -// Function returns the count of persistent objects currently in NV memory. -UINT32 -NvCapGetPersistentNumber( - void -); - -//*** NvCapGetPersistentAvail() -// This function returns an estimate of the number of additional persistent -// objects that could be loaded into NV memory. -UINT32 -NvCapGetPersistentAvail( - void -); - -//*** NvCapGetCounterNumber() -// Get the number of defined NV Indexes that are counter indexes. -UINT32 -NvCapGetCounterNumber( - void -); - -//*** NvEntityStartup() -// This function is called at TPM_Startup(). If the startup completes -// a TPM Resume cycle, no action is taken. If the startup is a TPM Reset -// or a TPM Restart, then this function will: -// 1. clear read/write lock; -// 2. reset NV Index data that has TPMA_NV_CLEAR_STCLEAR SET; and -// 3. set the lower bits in orderly counters to 1 for a non-orderly startup -// -// It is a prerequisite that NV be available for writing before this -// function is called. -BOOL -NvEntityStartup( - STARTUP_TYPE type // IN: start up type -); - -//*** NvCapGetCounterAvail() -// This function returns an estimate of the number of additional counter type -// NV indexes that can be defined. -UINT32 -NvCapGetCounterAvail( - void -); - -//*** NvFindHandle() -// this function returns the offset in NV memory of the entity associated -// with the input handle. A value of zero indicates that handle does not -// exist reference an existing persistent object or defined NV Index. -NV_REF -NvFindHandle( - TPM_HANDLE handle -); - -//*** NvReadMaxCount() -// This function returns the max NV counter value. -// -UINT64 -NvReadMaxCount( - void -); - -//*** NvUpdateMaxCount() -// This function updates the max counter value to NV memory. This is just staging -// for the actual write that will occur when the NV index memory is modified. -// -void -NvUpdateMaxCount( - UINT64 count -); - -//*** NvSetMaxCount() -// This function is used at NV initialization time to set the initial value of -// the maximum counter. -void -NvSetMaxCount( - UINT64 value -); - -//*** NvGetMaxCount() -// Function to get the NV max counter value from the end-of-list marker -UINT64 -NvGetMaxCount( - void -); - -#endif // _NV_DYNAMIC_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NvReserved_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NvReserved_fp.h deleted file mode 100644 index 5d912abea..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NvReserved_fp.h +++ /dev/null @@ -1,130 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Apr 2, 2019 Time: 04:23:27PM - */ - -#ifndef _NV_RESERVED_FP_H_ -#define _NV_RESERVED_FP_H_ - -//*** NvCheckState() -// Function to check the NV state by accessing the platform-specific function -// to get the NV state. The result state is registered in s_NvIsAvailable -// that will be reported by NvIsAvailable. -// -// This function is called at the beginning of ExecuteCommand before any potential -// check of g_NvStatus. -void -NvCheckState( - void -); - -//*** NvCommit -// This is a wrapper for the platform function to commit pending NV writes. -BOOL -NvCommit( - void -); - -//*** NvPowerOn() -// This function is called at _TPM_Init to initialize the NV environment. -// Return Type: BOOL -// TRUE(1) all NV was initialized -// FALSE(0) the NV containing saved state had an error and -// TPM2_Startup(CLEAR) is required -BOOL -NvPowerOn( - void -); - -//*** NvManufacture() -// This function initializes the NV system at pre-install time. -// -// This function should only be called in a manufacturing environment or in a -// simulation. -// -// The layout of NV memory space is an implementation choice. -void -NvManufacture( - void -); - -//*** NvRead() -// This function is used to move reserved data from NV memory to RAM. -void -NvRead( - void *outBuffer, // OUT: buffer to receive data - UINT32 nvOffset, // IN: offset in NV of value - UINT32 size // IN: size of the value to read -); - -//*** NvWrite() -// This function is used to post reserved data for writing to NV memory. Before -// the TPM completes the operation, the value will be written. -BOOL -NvWrite( - UINT32 nvOffset, // IN: location in NV to receive data - UINT32 size, // IN: size of the data to move - void *inBuffer // IN: location containing data to write -); - -//*** NvUpdatePersistent() -// This function is used to update a value in the PERSISTENT_DATA structure and -// commits the value to NV. -void -NvUpdatePersistent( - UINT32 offset, // IN: location in PERMANENT_DATA to be updated - UINT32 size, // IN: size of the value - void *buffer // IN: the new data -); - -//*** NvClearPersistent() -// This function is used to clear a persistent data entry and commit it to NV -void -NvClearPersistent( - UINT32 offset, // IN: the offset in the PERMANENT_DATA - // structure to be cleared (zeroed) - UINT32 size // IN: number of bytes to clear -); - -//*** NvReadPersistent() -// This function reads persistent data to the RAM copy of the 'gp' structure. -void -NvReadPersistent( - void -); - -#endif // _NV_RESERVED_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ObjectChangeAuth_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ObjectChangeAuth_fp.h deleted file mode 100644 index 6e8b6f8ca..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ObjectChangeAuth_fp.h +++ /dev/null @@ -1,70 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_ObjectChangeAuth // Command must be enabled - -#ifndef _Object_Change_Auth_FP_H_ -#define _Object_Change_Auth_FP_H_ - -// Input structure definition -typedef struct { - TPMI_DH_OBJECT objectHandle; - TPMI_DH_OBJECT parentHandle; - TPM2B_AUTH newAuth; -} ObjectChangeAuth_In; - -// Output structure definition -typedef struct { - TPM2B_PRIVATE outPrivate; -} ObjectChangeAuth_Out; - -// Response code modifiers -#define RC_ObjectChangeAuth_objectHandle (TPM_RC_H + TPM_RC_1) -#define RC_ObjectChangeAuth_parentHandle (TPM_RC_H + TPM_RC_2) -#define RC_ObjectChangeAuth_newAuth (TPM_RC_P + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_ObjectChangeAuth( - ObjectChangeAuth_In *in, - ObjectChangeAuth_Out *out -); - -#endif // _Object_Change_Auth_FP_H_ -#endif // CC_ObjectChangeAuth diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Object_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Object_fp.h deleted file mode 100644 index 9574ab6c7..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Object_fp.h +++ /dev/null @@ -1,355 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Apr 2, 2019 Time: 04:23:27PM - */ - -#ifndef _OBJECT_FP_H_ -#define _OBJECT_FP_H_ - -//*** ObjectFlush() -// This function marks an object slot as available. -// Since there is no checking of the input parameters, it should be used -// judiciously. -// Note: This could be converted to a macro. -void -ObjectFlush( - OBJECT *object -); - -//*** ObjectSetInUse() -// This access function sets the occupied attribute of an object slot. -void -ObjectSetInUse( - OBJECT *object -); - -//*** ObjectStartup() -// This function is called at TPM2_Startup() to initialize the object subsystem. -BOOL -ObjectStartup( - void -); - -//*** ObjectCleanupEvict() -// -// In this implementation, a persistent object is moved from NV into an object slot -// for processing. It is flushed after command execution. This function is called -// from ExecuteCommand(). -void -ObjectCleanupEvict( - void -); - -//*** IsObjectPresent() -// This function checks to see if a transient handle references a loaded -// object. This routine should not be called if the handle is not a -// transient handle. The function validates that the handle is in the -// implementation-dependent allowed in range for loaded transient objects. -// Return Type: BOOL -// TRUE(1) handle references a loaded object -// FALSE(0) handle is not an object handle, or it does not -// reference to a loaded object -BOOL -IsObjectPresent( - TPMI_DH_OBJECT handle // IN: handle to be checked -); - -//*** ObjectIsSequence() -// This function is used to check if the object is a sequence object. This function -// should not be called if the handle does not reference a loaded object. -// Return Type: BOOL -// TRUE(1) object is an HMAC, hash, or event sequence object -// FALSE(0) object is not an HMAC, hash, or event sequence object -BOOL -ObjectIsSequence( - OBJECT *object // IN: handle to be checked -); - -//*** HandleToObject() -// This function is used to find the object structure associated with a handle. -// -// This function requires that 'handle' references a loaded object or a permanent -// handle. -OBJECT* -HandleToObject( - TPMI_DH_OBJECT handle // IN: handle of the object -); - -//*** GetQualifiedName() -// This function returns the Qualified Name of the object. In this implementation, -// the Qualified Name is computed when the object is loaded and is saved in the -// internal representation of the object. The alternative would be to retain the -// Name of the parent and compute the QN when needed. This would take the same -// amount of space so it is not recommended that the alternate be used. -// -// This function requires that 'handle' references a loaded object. -void -GetQualifiedName( - TPMI_DH_OBJECT handle, // IN: handle of the object - TPM2B_NAME *qualifiedName // OUT: qualified name of the object -); - -//*** ObjectGetHierarchy() -// This function returns the handle for the hierarchy of an object. -TPMI_RH_HIERARCHY -ObjectGetHierarchy( - OBJECT *object // IN :object -); - -//*** GetHeriarchy() -// This function returns the handle of the hierarchy to which a handle belongs. -// This function is similar to ObjectGetHierarchy() but this routine takes -// a handle but ObjectGetHierarchy() takes an pointer to an object. -// -// This function requires that 'handle' references a loaded object. -TPMI_RH_HIERARCHY -GetHeriarchy( - TPMI_DH_OBJECT handle // IN :object handle -); - -//*** FindEmptyObjectSlot() -// This function finds an open object slot, if any. It will clear the attributes -// but will not set the occupied attribute. This is so that a slot may be used -// and discarded if everything does not go as planned. -// Return Type: OBJECT * -// NULL no open slot found -// != NULL pointer to available slot -OBJECT * -FindEmptyObjectSlot( - TPMI_DH_OBJECT *handle // OUT: (optional) -); - -//*** ObjectAllocateSlot() -// This function is used to allocate a slot in internal object array. -OBJECT * -ObjectAllocateSlot( - TPMI_DH_OBJECT *handle // OUT: handle of allocated object -); - -//*** ObjectSetLoadedAttributes() -// This function sets the internal attributes for a loaded object. It is called to -// finalize the OBJECT attributes (not the TPMA_OBJECT attributes) for a loaded -// object. -void -ObjectSetLoadedAttributes( - OBJECT *object, // IN: object attributes to finalize - TPM_HANDLE parentHandle // IN: the parent handle -); - -//*** ObjectLoad() -// Common function to load an object. A loaded object has its public area validated -// (unless its 'nameAlg' is TPM_ALG_NULL). If a sensitive part is loaded, it is -// verified to be correct and if both public and sensitive parts are loaded, then -// the cryptographic binding between the objects is validated. This function does -// not cause the allocated slot to be marked as in use. -TPM_RC -ObjectLoad( - OBJECT *object, // IN: pointer to object slot - // object - OBJECT *parent, // IN: (optional) the parent object - TPMT_PUBLIC *publicArea, // IN: public area to be installed in the object - TPMT_SENSITIVE *sensitive, // IN: (optional) sensitive area to be - // installed in the object - TPM_RC blamePublic, // IN: parameter number to associate with the - // publicArea errors - TPM_RC blameSensitive,// IN: parameter number to associate with the - // sensitive area errors - TPM2B_NAME *name // IN: (optional) -); - -#if CC_HMAC_Start || CC_MAC_Start -//*** ObjectCreateHMACSequence() -// This function creates an internal HMAC sequence object. -// Return Type: TPM_RC -// TPM_RC_OBJECT_MEMORY if there is no free slot for an object -TPM_RC -ObjectCreateHMACSequence( - TPMI_ALG_HASH hashAlg, // IN: hash algorithm - OBJECT *keyObject, // IN: the object containing the HMAC key - TPM2B_AUTH *auth, // IN: authValue - TPMI_DH_OBJECT *newHandle // OUT: HMAC sequence object handle -); -#endif - -//*** ObjectCreateHashSequence() -// This function creates a hash sequence object. -// Return Type: TPM_RC -// TPM_RC_OBJECT_MEMORY if there is no free slot for an object -TPM_RC -ObjectCreateHashSequence( - TPMI_ALG_HASH hashAlg, // IN: hash algorithm - TPM2B_AUTH *auth, // IN: authValue - TPMI_DH_OBJECT *newHandle // OUT: sequence object handle -); - -//*** ObjectCreateEventSequence() -// This function creates an event sequence object. -// Return Type: TPM_RC -// TPM_RC_OBJECT_MEMORY if there is no free slot for an object -TPM_RC -ObjectCreateEventSequence( - TPM2B_AUTH *auth, // IN: authValue - TPMI_DH_OBJECT *newHandle // OUT: sequence object handle -); - -//*** ObjectTerminateEvent() -// This function is called to close out the event sequence and clean up the hash -// context states. -void -ObjectTerminateEvent( - void -); - -//*** ObjectContextLoad() -// This function loads an object from a saved object context. -// Return Type: OBJECT * -// NULL if there is no free slot for an object -// != NULL points to the loaded object -OBJECT * -ObjectContextLoad( - ANY_OBJECT_BUFFER *object, // IN: pointer to object structure in saved - // context - TPMI_DH_OBJECT *handle // OUT: object handle -); - -//*** FlushObject() -// This function frees an object slot. -// -// This function requires that the object is loaded. -void -FlushObject( - TPMI_DH_OBJECT handle // IN: handle to be freed -); - -//*** ObjectFlushHierarchy() -// This function is called to flush all the loaded transient objects associated -// with a hierarchy when the hierarchy is disabled. -void -ObjectFlushHierarchy( - TPMI_RH_HIERARCHY hierarchy // IN: hierarchy to be flush -); - -//*** ObjectLoadEvict() -// This function loads a persistent object into a transient object slot. -// -// This function requires that 'handle' is associated with a persistent object. -// Return Type: TPM_RC -// TPM_RC_HANDLE the persistent object does not exist -// or the associated hierarchy is disabled. -// TPM_RC_OBJECT_MEMORY no object slot -TPM_RC -ObjectLoadEvict( - TPM_HANDLE *handle, // IN:OUT: evict object handle. If success, it - // will be replace by the loaded object handle - COMMAND_INDEX commandIndex // IN: the command being processed -); - -//*** ObjectComputeName() -// This does the name computation from a public area (can be marshaled or not). -TPM2B_NAME * -ObjectComputeName( - UINT32 size, // IN: the size of the area to digest - BYTE *publicArea, // IN: the public area to digest - TPM_ALG_ID nameAlg, // IN: the hash algorithm to use - TPM2B_NAME *name // OUT: Computed name -); - -//*** PublicMarshalAndComputeName() -// This function computes the Name of an object from its public area. -TPM2B_NAME * -PublicMarshalAndComputeName( - TPMT_PUBLIC *publicArea, // IN: public area of an object - TPM2B_NAME *name // OUT: name of the object -); - -//*** ComputeQualifiedName() -// This function computes the qualified name of an object. -void -ComputeQualifiedName( - TPM_HANDLE parentHandle, // IN: parent's handle - TPM_ALG_ID nameAlg, // IN: name hash - TPM2B_NAME *name, // IN: name of the object - TPM2B_NAME *qualifiedName // OUT: qualified name of the object -); - -//*** ObjectIsStorage() -// This function determines if an object has the attributes associated -// with a parent. A parent is an asymmetric or symmetric block cipher key -// that has its 'restricted' and 'decrypt' attributes SET, and 'sign' CLEAR. -// Return Type: BOOL -// TRUE(1) object is a storage key -// FALSE(0) object is not a storage key -BOOL -ObjectIsStorage( - TPMI_DH_OBJECT handle // IN: object handle -); - -//*** ObjectCapGetLoaded() -// This function returns a a list of handles of loaded object, starting from -// 'handle'. 'Handle' must be in the range of valid transient object handles, -// but does not have to be the handle of a loaded transient object. -// Return Type: TPMI_YES_NO -// YES if there are more handles available -// NO all the available handles has been returned -TPMI_YES_NO -ObjectCapGetLoaded( - TPMI_DH_OBJECT handle, // IN: start handle - UINT32 count, // IN: count of returned handles - TPML_HANDLE *handleList // OUT: list of handle -); - -//*** ObjectCapGetTransientAvail() -// This function returns an estimate of the number of additional transient -// objects that could be loaded into the TPM. -UINT32 -ObjectCapGetTransientAvail( - void -); - -//*** ObjectGetPublicAttributes() -// Returns the attributes associated with an object handles. -TPMA_OBJECT -ObjectGetPublicAttributes( - TPM_HANDLE handle -); - -OBJECT_ATTRIBUTES -ObjectGetProperties( - TPM_HANDLE handle -); - -#endif // _OBJECT_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Object_spt_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Object_spt_fp.h deleted file mode 100644 index 3dbd2e3ec..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Object_spt_fp.h +++ /dev/null @@ -1,393 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Mar 28, 2019 Time: 08:25:18PM - */ - -#ifndef _OBJECT_SPT_FP_H_ -#define _OBJECT_SPT_FP_H_ - -//*** AdjustAuthSize() -// This function will validate that the input authValue is no larger than the -// digestSize for the nameAlg. It will then pad with zeros to the size of the -// digest. -BOOL -AdjustAuthSize( - TPM2B_AUTH *auth, // IN/OUT: value to adjust - TPMI_ALG_HASH nameAlg // IN: -); - -//*** AreAttributesForParent() -// This function is called by create, load, and import functions. -// Note: The 'isParent' attribute is SET when an object is loaded and it has -// attributes that are suitable for a parent object. -// Return Type: BOOL -// TRUE(1) properties are those of a parent -// FALSE(0) properties are not those of a parent -BOOL -ObjectIsParent( - OBJECT *parentObject // IN: parent handle -); - -//*** CreateChecks() -// Attribute checks that are unique to creation. -// Return Type: TPM_RC -// TPM_RC_ATTRIBUTES sensitiveDataOrigin is not consistent with the -// object type -// other returns from PublicAttributesValidation() -TPM_RC -CreateChecks( - OBJECT *parentObject, - TPMT_PUBLIC *publicArea, - UINT16 sensitiveDataSize -); - -//*** SchemeChecks -// This function is called by TPM2_LoadExternal() and PublicAttributesValidation(). -// This function validates the schemes in the public area of an object. -// Return Type: TPM_RC -// TPM_RC_HASH non-duplicable storage key and its parent have different -// name algorithm -// TPM_RC_KDF incorrect KDF specified for decrypting keyed hash object -// TPM_RC_KEY invalid key size values in an asymmetric key public area -// TPM_RCS_SCHEME inconsistent attributes 'decrypt', 'sign', 'restricted' -// and key's scheme ID; or hash algorithm is inconsistent -// with the scheme ID for keyed hash object -// TPM_RC_SYMMETRIC a storage key with no symmetric algorithm specified; or -// non-storage key with symmetric algorithm different from -// ALG_NULL -TPM_RC -SchemeChecks( - OBJECT *parentObject, // IN: parent (null if primary seed) - TPMT_PUBLIC *publicArea // IN: public area of the object -); - -//*** PublicAttributesValidation() -// This function validates the values in the public area of an object. -// This function is used in the processing of TPM2_Create, TPM2_CreatePrimary, -// TPM2_CreateLoaded(), TPM2_Load(), TPM2_Import(), and TPM2_LoadExternal(). -// For TPM2_Import() this is only used if the new parent has fixedTPM SET. For -// TPM2_LoadExternal(), this is not used for a public-only key -// Return Type: TPM_RC -// TPM_RC_ATTRIBUTES 'fixedTPM', 'fixedParent', or 'encryptedDuplication' -// attributes are inconsistent between themselves or with -// those of the parent object; -// inconsistent 'restricted', 'decrypt' and 'sign' -// attributes; -// attempt to inject sensitive data for an asymmetric key; -// attempt to create a symmetric cipher key that is not -// a decryption key -// TPM_RC_HASH nameAlg is TPM_ALG_NULL -// TPM_RC_SIZE 'authPolicy' size does not match digest size of the name -// algorithm in 'publicArea' -// other returns from SchemeChecks() -TPM_RC -PublicAttributesValidation( - OBJECT *parentObject, // IN: input parent object - TPMT_PUBLIC *publicArea // IN: public area of the object -); - -//*** FillInCreationData() -// Fill in creation data for an object. -// Return Type: void -void -FillInCreationData( - TPMI_DH_OBJECT parentHandle, // IN: handle of parent - TPMI_ALG_HASH nameHashAlg, // IN: name hash algorithm - TPML_PCR_SELECTION *creationPCR, // IN: PCR selection - TPM2B_DATA *outsideData, // IN: outside data - TPM2B_CREATION_DATA *outCreation, // OUT: creation data for output - TPM2B_DIGEST *creationDigest // OUT: creation digest -); - -//*** GetSeedForKDF() -// Get a seed for KDF. The KDF for encryption and HMAC key use the same seed. -const TPM2B * -GetSeedForKDF( - OBJECT *protector // IN: the protector handle -); - -//*** ProduceOuterWrap() -// This function produce outer wrap for a buffer containing the sensitive data. -// It requires the sensitive data being marshaled to the outerBuffer, with the -// leading bytes reserved for integrity hash. If iv is used, iv space should -// be reserved at the beginning of the buffer. It assumes the sensitive data -// starts at address (outerBuffer + integrity size @). -// This function performs: -// 1. Add IV before sensitive area if required -// 2. encrypt sensitive data, if iv is required, encrypt by iv. otherwise, -// encrypted by a NULL iv -// 3. add HMAC integrity at the beginning of the buffer -// It returns the total size of blob with outer wrap -UINT16 -ProduceOuterWrap( - OBJECT *protector, // IN: The handle of the object that provides - // protection. For object, it is parent - // handle. For credential, it is the handle - // of encrypt object. - TPM2B *name, // IN: the name of the object - TPM_ALG_ID hashAlg, // IN: hash algorithm for outer wrap - TPM2B *seed, // IN: an external seed may be provided for - // duplication blob. For non duplication - // blob, this parameter should be NULL - BOOL useIV, // IN: indicate if an IV is used - UINT16 dataSize, // IN: the size of sensitive data, excluding the - // leading integrity buffer size or the - // optional iv size - BYTE *outerBuffer // IN/OUT: outer buffer with sensitive data in - // it -); - -//*** UnwrapOuter() -// This function remove the outer wrap of a blob containing sensitive data -// This function performs: -// 1. check integrity of outer blob -// 2. decrypt outer blob -// -// Return Type: TPM_RC -// TPM_RCS_INSUFFICIENT error during sensitive data unmarshaling -// TPM_RCS_INTEGRITY sensitive data integrity is broken -// TPM_RCS_SIZE error during sensitive data unmarshaling -// TPM_RCS_VALUE IV size for CFB does not match the encryption -// algorithm block size -TPM_RC -UnwrapOuter( - OBJECT *protector, // IN: The object that provides - // protection. For object, it is parent - // handle. For credential, it is the - // encrypt object. - TPM2B *name, // IN: the name of the object - TPM_ALG_ID hashAlg, // IN: hash algorithm for outer wrap - TPM2B *seed, // IN: an external seed may be provided for - // duplication blob. For non duplication - // blob, this parameter should be NULL. - BOOL useIV, // IN: indicates if an IV is used - UINT16 dataSize, // IN: size of sensitive data in outerBuffer, - // including the leading integrity buffer - // size, and an optional iv area - BYTE *outerBuffer // IN/OUT: sensitive data -); - -//*** SensitiveToPrivate() -// This function prepare the private blob for off the chip storage -// The operations in this function: -// 1. marshal TPM2B_SENSITIVE structure into the buffer of TPM2B_PRIVATE -// 2. apply encryption to the sensitive area. -// 3. apply outer integrity computation. -void -SensitiveToPrivate( - TPMT_SENSITIVE *sensitive, // IN: sensitive structure - TPM2B_NAME *name, // IN: the name of the object - OBJECT *parent, // IN: The parent object - TPM_ALG_ID nameAlg, // IN: hash algorithm in public area. This - // parameter is used when parentHandle is - // NULL, in which case the object is - // temporary. - TPM2B_PRIVATE *outPrivate // OUT: output private structure -); - -//*** PrivateToSensitive() -// Unwrap a input private area. Check the integrity, decrypt and retrieve data -// to a sensitive structure. -// The operations in this function: -// 1. check the integrity HMAC of the input private area -// 2. decrypt the private buffer -// 3. unmarshal TPMT_SENSITIVE structure into the buffer of TPMT_SENSITIVE -// Return Type: TPM_RC -// TPM_RCS_INTEGRITY if the private area integrity is bad -// TPM_RC_SENSITIVE unmarshal errors while unmarshaling TPMS_ENCRYPT -// from input private -// TPM_RCS_SIZE error during sensitive data unmarshaling -// TPM_RCS_VALUE outer wrapper does not have an iV of the correct -// size -TPM_RC -PrivateToSensitive( - TPM2B *inPrivate, // IN: input private structure - TPM2B *name, // IN: the name of the object - OBJECT *parent, // IN: parent object - TPM_ALG_ID nameAlg, // IN: hash algorithm in public area. It is - // passed separately because we only pass - // name, rather than the whole public area - // of the object. This parameter is used in - // the following two cases: 1. primary - // objects. 2. duplication blob with inner - // wrap. In other cases, this parameter - // will be ignored - TPMT_SENSITIVE *sensitive // OUT: sensitive structure -); - -//*** SensitiveToDuplicate() -// This function prepare the duplication blob from the sensitive area. -// The operations in this function: -// 1. marshal TPMT_SENSITIVE structure into the buffer of TPM2B_PRIVATE -// 2. apply inner wrap to the sensitive area if required -// 3. apply outer wrap if required -void -SensitiveToDuplicate( - TPMT_SENSITIVE *sensitive, // IN: sensitive structure - TPM2B *name, // IN: the name of the object - OBJECT *parent, // IN: The new parent object - TPM_ALG_ID nameAlg, // IN: hash algorithm in public area. It - // is passed separately because we - // only pass name, rather than the - // whole public area of the object. - TPM2B *seed, // IN: the external seed. If external - // seed is provided with size of 0, - // no outer wrap should be applied - // to duplication blob. - TPMT_SYM_DEF_OBJECT *symDef, // IN: Symmetric key definition. If the - // symmetric key algorithm is NULL, - // no inner wrap should be applied. - TPM2B_DATA *innerSymKey, // IN/OUT: a symmetric key may be - // provided to encrypt the inner - // wrap of a duplication blob. May - // be generated here if needed. - TPM2B_PRIVATE *outPrivate // OUT: output private structure -); - -//*** DuplicateToSensitive() -// Unwrap a duplication blob. Check the integrity, decrypt and retrieve data -// to a sensitive structure. -// The operations in this function: -// 1. check the integrity HMAC of the input private area -// 2. decrypt the private buffer -// 3. unmarshal TPMT_SENSITIVE structure into the buffer of TPMT_SENSITIVE -// -// Return Type: TPM_RC -// TPM_RC_INSUFFICIENT unmarshaling sensitive data from 'inPrivate' failed -// TPM_RC_INTEGRITY 'inPrivate' data integrity is broken -// TPM_RC_SIZE unmarshaling sensitive data from 'inPrivate' failed -TPM_RC -DuplicateToSensitive( - TPM2B *inPrivate, // IN: input private structure - TPM2B *name, // IN: the name of the object - OBJECT *parent, // IN: the parent - TPM_ALG_ID nameAlg, // IN: hash algorithm in public area. - TPM2B *seed, // IN: an external seed may be provided. - // If external seed is provided with - // size of 0, no outer wrap is - // applied - TPMT_SYM_DEF_OBJECT *symDef, // IN: Symmetric key definition. If the - // symmetric key algorithm is NULL, - // no inner wrap is applied - TPM2B *innerSymKey, // IN: a symmetric key may be provided - // to decrypt the inner wrap of a - // duplication blob. - TPMT_SENSITIVE *sensitive // OUT: sensitive structure -); - -//*** SecretToCredential() -// This function prepare the credential blob from a secret (a TPM2B_DIGEST) -// The operations in this function: -// 1. marshal TPM2B_DIGEST structure into the buffer of TPM2B_ID_OBJECT -// 2. encrypt the private buffer, excluding the leading integrity HMAC area -// 3. compute integrity HMAC and append to the beginning of the buffer. -// 4. Set the total size of TPM2B_ID_OBJECT buffer -void -SecretToCredential( - TPM2B_DIGEST *secret, // IN: secret information - TPM2B *name, // IN: the name of the object - TPM2B *seed, // IN: an external seed. - OBJECT *protector, // IN: the protector - TPM2B_ID_OBJECT *outIDObject // OUT: output credential -); - -//*** CredentialToSecret() -// Unwrap a credential. Check the integrity, decrypt and retrieve data -// to a TPM2B_DIGEST structure. -// The operations in this function: -// 1. check the integrity HMAC of the input credential area -// 2. decrypt the credential buffer -// 3. unmarshal TPM2B_DIGEST structure into the buffer of TPM2B_DIGEST -// -// Return Type: TPM_RC -// TPM_RC_INSUFFICIENT error during credential unmarshaling -// TPM_RC_INTEGRITY credential integrity is broken -// TPM_RC_SIZE error during credential unmarshaling -// TPM_RC_VALUE IV size does not match the encryption algorithm -// block size -TPM_RC -CredentialToSecret( - TPM2B *inIDObject, // IN: input credential blob - TPM2B *name, // IN: the name of the object - TPM2B *seed, // IN: an external seed. - OBJECT *protector, // IN: the protector - TPM2B_DIGEST *secret // OUT: secret information -); - -//*** MemoryRemoveTrailingZeros() -// This function is used to adjust the length of an authorization value. -// It adjusts the size of the TPM2B so that it does not include octets -// at the end of the buffer that contain zero. -// The function returns the number of non-zero octets in the buffer. -UINT16 -MemoryRemoveTrailingZeros( - TPM2B_AUTH *auth // IN/OUT: value to adjust -); - -//*** SetLabelAndContext() -// This function sets the label and context for a derived key. It is possible -// that 'label' or 'context' can end up being an Empty Buffer. -TPM_RC -SetLabelAndContext( - TPMS_DERIVE *labelContext, // IN/OUT: the recovered label and - // context - TPM2B_SENSITIVE_DATA *sensitive // IN: the sensitive data -); - -//*** UnmarshalToPublic() -// Support function to unmarshal the template. This is used because the -// Input may be a TPMT_TEMPLATE and that structure does not have the same -// size as a TPMT_PUBLIC because of the difference between the 'unique' and -// 'seed' fields. -// If 'derive' is not NULL, then the 'seed' field is assumed to contain -// a 'label' and 'context' that are unmarshaled into 'derive'. -TPM_RC -UnmarshalToPublic( - TPMT_PUBLIC *tOut, // OUT: output - TPM2B_TEMPLATE *tIn, // IN: - BOOL derivation, // IN: indicates if this is for a derivation - TPMS_DERIVE *labelContext// OUT: label and context if derivation -); - -//*** ObjectSetExternal() -// Set the external attributes for an object. -void -ObjectSetExternal( - OBJECT *object -); - -#endif // _OBJECT_SPT_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_Allocate_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_Allocate_fp.h deleted file mode 100644 index 0af3dae51..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_Allocate_fp.h +++ /dev/null @@ -1,71 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_PCR_Allocate // Command must be enabled - -#ifndef _PCR_Allocate_FP_H_ -#define _PCR_Allocate_FP_H_ - -// Input structure definition -typedef struct { - TPMI_RH_PLATFORM authHandle; - TPML_PCR_SELECTION pcrAllocation; -} PCR_Allocate_In; - -// Output structure definition -typedef struct { - TPMI_YES_NO allocationSuccess; - UINT32 maxPCR; - UINT32 sizeNeeded; - UINT32 sizeAvailable; -} PCR_Allocate_Out; - -// Response code modifiers -#define RC_PCR_Allocate_authHandle (TPM_RC_H + TPM_RC_1) -#define RC_PCR_Allocate_pcrAllocation (TPM_RC_P + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_PCR_Allocate( - PCR_Allocate_In *in, - PCR_Allocate_Out *out -); - -#endif // _PCR_Allocate_FP_H_ -#endif // CC_PCR_Allocate diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_Event_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_Event_fp.h deleted file mode 100644 index 33e3fc341..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_Event_fp.h +++ /dev/null @@ -1,68 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_PCR_Event // Command must be enabled - -#ifndef _PCR_Event_FP_H_ -#define _PCR_Event_FP_H_ - -// Input structure definition -typedef struct { - TPMI_DH_PCR pcrHandle; - TPM2B_EVENT eventData; -} PCR_Event_In; - -// Output structure definition -typedef struct { - TPML_DIGEST_VALUES digests; -} PCR_Event_Out; - -// Response code modifiers -#define RC_PCR_Event_pcrHandle (TPM_RC_H + TPM_RC_1) -#define RC_PCR_Event_eventData (TPM_RC_P + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_PCR_Event( - PCR_Event_In *in, - PCR_Event_Out *out -); - -#endif // _PCR_Event_FP_H_ -#endif // CC_PCR_Event diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_Extend_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_Extend_fp.h deleted file mode 100644 index cc9e6a924..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_Extend_fp.h +++ /dev/null @@ -1,62 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_PCR_Extend // Command must be enabled - -#ifndef _PCR_Extend_FP_H_ -#define _PCR_Extend_FP_H_ - -// Input structure definition -typedef struct { - TPMI_DH_PCR pcrHandle; - TPML_DIGEST_VALUES digests; -} PCR_Extend_In; - -// Response code modifiers -#define RC_PCR_Extend_pcrHandle (TPM_RC_H + TPM_RC_1) -#define RC_PCR_Extend_digests (TPM_RC_P + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_PCR_Extend( - PCR_Extend_In *in -); - -#endif // _PCR_Extend_FP_H_ -#endif // CC_PCR_Extend diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_Read_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_Read_fp.h deleted file mode 100644 index 5a72fab5f..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_Read_fp.h +++ /dev/null @@ -1,68 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_PCR_Read // Command must be enabled - -#ifndef _PCR_Read_FP_H_ -#define _PCR_Read_FP_H_ - -// Input structure definition -typedef struct { - TPML_PCR_SELECTION pcrSelectionIn; -} PCR_Read_In; - -// Output structure definition -typedef struct { - UINT32 pcrUpdateCounter; - TPML_PCR_SELECTION pcrSelectionOut; - TPML_DIGEST pcrValues; -} PCR_Read_Out; - -// Response code modifiers -#define RC_PCR_Read_pcrSelectionIn (TPM_RC_P + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_PCR_Read( - PCR_Read_In *in, - PCR_Read_Out *out -); - -#endif // _PCR_Read_FP_H_ -#endif // CC_PCR_Read diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_Reset_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_Reset_fp.h deleted file mode 100644 index e47433f57..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_Reset_fp.h +++ /dev/null @@ -1,60 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_PCR_Reset // Command must be enabled - -#ifndef _PCR_Reset_FP_H_ -#define _PCR_Reset_FP_H_ - -// Input structure definition -typedef struct { - TPMI_DH_PCR pcrHandle; -} PCR_Reset_In; - -// Response code modifiers -#define RC_PCR_Reset_pcrHandle (TPM_RC_H + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_PCR_Reset( - PCR_Reset_In *in -); - -#endif // _PCR_Reset_FP_H_ -#endif // CC_PCR_Reset diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_SetAuthPolicy_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_SetAuthPolicy_fp.h deleted file mode 100644 index 8cf671c45..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_SetAuthPolicy_fp.h +++ /dev/null @@ -1,66 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_PCR_SetAuthPolicy // Command must be enabled - -#ifndef _PCR_Set_Auth_Policy_FP_H_ -#define _PCR_Set_Auth_Policy_FP_H_ - -// Input structure definition -typedef struct { - TPMI_RH_PLATFORM authHandle; - TPM2B_DIGEST authPolicy; - TPMI_ALG_HASH hashAlg; - TPMI_DH_PCR pcrNum; -} PCR_SetAuthPolicy_In; - -// Response code modifiers -#define RC_PCR_SetAuthPolicy_authHandle (TPM_RC_H + TPM_RC_1) -#define RC_PCR_SetAuthPolicy_authPolicy (TPM_RC_P + TPM_RC_1) -#define RC_PCR_SetAuthPolicy_hashAlg (TPM_RC_P + TPM_RC_2) -#define RC_PCR_SetAuthPolicy_pcrNum (TPM_RC_P + TPM_RC_3) - -// Function prototype -TPM_RC -TPM2_PCR_SetAuthPolicy( - PCR_SetAuthPolicy_In *in -); - -#endif // _PCR_Set_Auth_Policy_FP_H_ -#endif // CC_PCR_SetAuthPolicy diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_SetAuthValue_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_SetAuthValue_fp.h deleted file mode 100644 index 30d3db5d4..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_SetAuthValue_fp.h +++ /dev/null @@ -1,62 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_PCR_SetAuthValue // Command must be enabled - -#ifndef _PCR_Set_Auth_Value_FP_H_ -#define _PCR_Set_Auth_Value_FP_H_ - -// Input structure definition -typedef struct { - TPMI_DH_PCR pcrHandle; - TPM2B_DIGEST auth; -} PCR_SetAuthValue_In; - -// Response code modifiers -#define RC_PCR_SetAuthValue_pcrHandle (TPM_RC_H + TPM_RC_1) -#define RC_PCR_SetAuthValue_auth (TPM_RC_P + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_PCR_SetAuthValue( - PCR_SetAuthValue_In *in -); - -#endif // _PCR_Set_Auth_Value_FP_H_ -#endif // CC_PCR_SetAuthValue diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_fp.h deleted file mode 100644 index 002607bf1..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_fp.h +++ /dev/null @@ -1,318 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Apr 2, 2019 Time: 04:23:27PM - */ - -#ifndef _PCR_FP_H_ -#define _PCR_FP_H_ - -//*** PCRBelongsAuthGroup() -// This function indicates if a PCR belongs to a group that requires an authValue -// in order to modify the PCR. If it does, 'groupIndex' is set to value of -// the group index. This feature of PCR is decided by the platform specification. -// Return Type: BOOL -// TRUE(1) PCR belongs an authorization group -// FALSE(0) PCR does not belong an authorization group -BOOL -PCRBelongsAuthGroup( - TPMI_DH_PCR handle, // IN: handle of PCR - UINT32 *groupIndex // OUT: group index if PCR belongs a - // group that allows authValue. If PCR - // does not belong to an authorization - // group, the value in this parameter is - // invalid -); - -//*** PCRBelongsPolicyGroup() -// This function indicates if a PCR belongs to a group that requires a policy -// authorization in order to modify the PCR. If it does, 'groupIndex' is set -// to value of the group index. This feature of PCR is decided by the platform -// specification. -// Return Type: BOOL -// TRUE(1) PCR belongs a policy group -// FALSE(0) PCR does not belong a policy group -BOOL -PCRBelongsPolicyGroup( - TPMI_DH_PCR handle, // IN: handle of PCR - UINT32 *groupIndex // OUT: group index if PCR belongs a group that - // allows policy. If PCR does not belong to - // a policy group, the value in this - // parameter is invalid -); - -//*** PCRPolicyIsAvailable() -// This function indicates if a policy is available for a PCR. -// Return Type: BOOL -// TRUE(1) the PCR should be authorized by policy -// FALSE(0) the PCR does not allow policy -BOOL -PCRPolicyIsAvailable( - TPMI_DH_PCR handle // IN: PCR handle -); - -//*** PCRGetAuthValue() -// This function is used to access the authValue of a PCR. If PCR does not -// belong to an authValue group, an EmptyAuth will be returned. -TPM2B_AUTH * -PCRGetAuthValue( - TPMI_DH_PCR handle // IN: PCR handle -); - -//*** PCRGetAuthPolicy() -// This function is used to access the authorization policy of a PCR. It sets -// 'policy' to the authorization policy and returns the hash algorithm for policy -// If the PCR does not allow a policy, TPM_ALG_NULL is returned. -TPMI_ALG_HASH -PCRGetAuthPolicy( - TPMI_DH_PCR handle, // IN: PCR handle - TPM2B_DIGEST *policy // OUT: policy of PCR -); - -//*** PCRSimStart() -// This function is used to initialize the policies when a TPM is manufactured. -// This function would only be called in a manufacturing environment or in -// a TPM simulator. -void -PCRSimStart( - void -); - -//*** PcrIsAllocated() -// This function indicates if a PCR number for the particular hash algorithm -// is allocated. -// Return Type: BOOL -// TRUE(1) PCR is allocated -// FALSE(0) PCR is not allocated -BOOL -PcrIsAllocated( - UINT32 pcr, // IN: The number of the PCR - TPMI_ALG_HASH hashAlg // IN: The PCR algorithm -); - -//*** PcrDrtm() -// This function does the DRTM and H-CRTM processing it is called from -// _TPM_Hash_End. -void -PcrDrtm( - const TPMI_DH_PCR pcrHandle, // IN: the index of the PCR to be - // modified - const TPMI_ALG_HASH hash, // IN: the bank identifier - const TPM2B_DIGEST *digest // IN: the digest to modify the PCR -); - -//*** PCR_ClearAuth() -// This function is used to reset the PCR authorization values. It is called -// on TPM2_Startup(CLEAR) and TPM2_Clear(). -void -PCR_ClearAuth( - void -); - -//*** PCRStartup() -// This function initializes the PCR subsystem at TPM2_Startup(). -BOOL -PCRStartup( - STARTUP_TYPE type, // IN: startup type - BYTE locality // IN: startup locality -); - -//*** PCRStateSave() -// This function is used to save the PCR values that will be restored on TPM Resume. -void -PCRStateSave( - TPM_SU type // IN: startup type -); - -//*** PCRIsStateSaved() -// This function indicates if the selected PCR is a PCR that is state saved -// on TPM2_Shutdown(STATE). The return value is based on PCR attributes. -// Return Type: BOOL -// TRUE(1) PCR is state saved -// FALSE(0) PCR is not state saved -BOOL -PCRIsStateSaved( - TPMI_DH_PCR handle // IN: PCR handle to be extended -); - -//*** PCRIsResetAllowed() -// This function indicates if a PCR may be reset by the current command locality. -// The return value is based on PCR attributes, and not the PCR allocation. -// Return Type: BOOL -// TRUE(1) TPM2_PCR_Reset is allowed -// FALSE(0) TPM2_PCR_Reset is not allowed -BOOL -PCRIsResetAllowed( - TPMI_DH_PCR handle // IN: PCR handle to be extended -); - -//*** PCRChanged() -// This function checks a PCR handle to see if the attributes for the PCR are set -// so that any change to the PCR causes an increment of the pcrCounter. If it does, -// then the function increments the counter. Will also bump the counter if the -// handle is zero which means that PCR 0 can not be in the TCB group. Bump on zero -// is used by TPM2_Clear(). -void -PCRChanged( - TPM_HANDLE pcrHandle // IN: the handle of the PCR that changed. -); - -//*** PCRIsExtendAllowed() -// This function indicates a PCR may be extended at the current command locality. -// The return value is based on PCR attributes, and not the PCR allocation. -// Return Type: BOOL -// TRUE(1) extend is allowed -// FALSE(0) extend is not allowed -BOOL -PCRIsExtendAllowed( - TPMI_DH_PCR handle // IN: PCR handle to be extended -); - -//*** PCRExtend() -// This function is used to extend a PCR in a specific bank. -void -PCRExtend( - TPMI_DH_PCR handle, // IN: PCR handle to be extended - TPMI_ALG_HASH hash, // IN: hash algorithm of PCR - UINT32 size, // IN: size of data to be extended - BYTE *data // IN: data to be extended -); - -//*** PCRComputeCurrentDigest() -// This function computes the digest of the selected PCR. -// -// As a side-effect, 'selection' is modified so that only the implemented PCR -// will have their bits still set. -void -PCRComputeCurrentDigest( - TPMI_ALG_HASH hashAlg, // IN: hash algorithm to compute digest - TPML_PCR_SELECTION *selection, // IN/OUT: PCR selection (filtered on - // output) - TPM2B_DIGEST *digest // OUT: digest -); - -//*** PCRRead() -// This function is used to read a list of selected PCR. If the requested PCR -// number exceeds the maximum number that can be output, the 'selection' is -// adjusted to reflect the actual output PCR. -void -PCRRead( - TPML_PCR_SELECTION *selection, // IN/OUT: PCR selection (filtered on - // output) - TPML_DIGEST *digest, // OUT: digest - UINT32 *pcrCounter // OUT: the current value of PCR generation - // number -); - -//*** PcrWrite() -// This function is used by _TPM_Hash_End to set a PCR to the computed hash -// of the H-CRTM event. -void -PcrWrite( - TPMI_DH_PCR handle, // IN: PCR handle to be extended - TPMI_ALG_HASH hash, // IN: hash algorithm of PCR - TPM2B_DIGEST *digest // IN: the new value -); - -//*** PCRAllocate() -// This function is used to change the PCR allocation. -// Return Type: TPM_RC -// TPM_RC_NO_RESULT allocate failed -// TPM_RC_PCR improper allocation -TPM_RC -PCRAllocate( - TPML_PCR_SELECTION *allocate, // IN: required allocation - UINT32 *maxPCR, // OUT: Maximum number of PCR - UINT32 *sizeNeeded, // OUT: required space - UINT32 *sizeAvailable // OUT: available space -); - -//*** PCRSetValue() -// This function is used to set the designated PCR in all banks to an initial value. -// The initial value is signed and will be sign extended into the entire PCR. -// -void -PCRSetValue( - TPM_HANDLE handle, // IN: the handle of the PCR to set - INT8 initialValue // IN: the value to set -); - -//*** PCRResetDynamics -// This function is used to reset a dynamic PCR to 0. This function is used in -// DRTM sequence. -void -PCRResetDynamics( - void -); - -//*** PCRCapGetAllocation() -// This function is used to get the current allocation of PCR banks. -// Return Type: TPMI_YES_NO -// YES if the return count is 0 -// NO if the return count is not 0 -TPMI_YES_NO -PCRCapGetAllocation( - UINT32 count, // IN: count of return - TPML_PCR_SELECTION *pcrSelection // OUT: PCR allocation list -); - -//*** PCRCapGetProperties() -// This function returns a list of PCR properties starting at 'property'. -// Return Type: TPMI_YES_NO -// YES if no more property is available -// NO if there are more properties not reported -TPMI_YES_NO -PCRCapGetProperties( - TPM_PT_PCR property, // IN: the starting PCR property - UINT32 count, // IN: count of returned properties - TPML_TAGGED_PCR_PROPERTY *select // OUT: PCR select -); - -//*** PCRCapGetHandles() -// This function is used to get a list of handles of PCR, started from 'handle'. -// If 'handle' exceeds the maximum PCR handle range, an empty list will be -// returned and the return value will be NO. -// Return Type: TPMI_YES_NO -// YES if there are more handles available -// NO all the available handles has been returned -TPMI_YES_NO -PCRCapGetHandles( - TPMI_DH_PCR handle, // IN: start handle - UINT32 count, // IN: count of returned handles - TPML_HANDLE *handleList // OUT: list of handle -); - -#endif // _PCR_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PP_Commands_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PP_Commands_fp.h deleted file mode 100644 index 3b67af02c..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PP_Commands_fp.h +++ /dev/null @@ -1,64 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_PP_Commands // Command must be enabled - -#ifndef _PP_Commands_FP_H_ -#define _PP_Commands_FP_H_ - -// Input structure definition -typedef struct { - TPMI_RH_PLATFORM auth; - TPML_CC setList; - TPML_CC clearList; -} PP_Commands_In; - -// Response code modifiers -#define RC_PP_Commands_auth (TPM_RC_H + TPM_RC_1) -#define RC_PP_Commands_setList (TPM_RC_P + TPM_RC_1) -#define RC_PP_Commands_clearList (TPM_RC_P + TPM_RC_2) - -// Function prototype -TPM_RC -TPM2_PP_Commands( - PP_Commands_In *in -); - -#endif // _PP_Commands_FP_H_ -#endif // CC_PP_Commands diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PP_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PP_fp.h deleted file mode 100644 index 9cf046c35..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PP_fp.h +++ /dev/null @@ -1,98 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Mar 28, 2019 Time: 08:25:19PM - */ - -#ifndef _PP_FP_H_ -#define _PP_FP_H_ - -//*** PhysicalPresencePreInstall_Init() -// This function is used to initialize the array of commands that always require -// confirmation with physical presence. The array is an array of bits that -// has a correspondence with the command code. -// -// This command should only ever be executable in a manufacturing setting or in -// a simulation. -// -// When set, these cannot be cleared. -// -void -PhysicalPresencePreInstall_Init( - void -); - -//*** PhysicalPresenceCommandSet() -// This function is used to set the indicator that a command requires -// PP confirmation. -void -PhysicalPresenceCommandSet( - TPM_CC commandCode // IN: command code -); - -//*** PhysicalPresenceCommandClear() -// This function is used to clear the indicator that a command requires PP -// confirmation. -void -PhysicalPresenceCommandClear( - TPM_CC commandCode // IN: command code -); - -//*** PhysicalPresenceIsRequired() -// This function indicates if PP confirmation is required for a command. -// Return Type: BOOL -// TRUE(1) physical presence is required -// FALSE(0) physical presence is not required -BOOL -PhysicalPresenceIsRequired( - COMMAND_INDEX commandIndex // IN: command index -); - -//*** PhysicalPresenceCapGetCCList() -// This function returns a list of commands that require PP confirmation. The -// list starts from the first implemented command that has a command code that -// the same or greater than 'commandCode'. -// Return Type: TPMI_YES_NO -// YES if there are more command codes available -// NO all the available command codes have been returned -TPMI_YES_NO -PhysicalPresenceCapGetCCList( - TPM_CC commandCode, // IN: start command code - UINT32 count, // IN: count of returned TPM_CC - TPML_CC *commandList // OUT: list of TPM_CC -); - -#endif // _PP_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyAuthValue_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyAuthValue_fp.h deleted file mode 100644 index c78db8f2e..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyAuthValue_fp.h +++ /dev/null @@ -1,60 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_PolicyAuthValue // Command must be enabled - -#ifndef _Policy_Auth_Value_FP_H_ -#define _Policy_Auth_Value_FP_H_ - -// Input structure definition -typedef struct { - TPMI_SH_POLICY policySession; -} PolicyAuthValue_In; - -// Response code modifiers -#define RC_PolicyAuthValue_policySession (TPM_RC_H + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_PolicyAuthValue( - PolicyAuthValue_In *in -); - -#endif // _Policy_Auth_Value_FP_H_ -#endif // CC_PolicyAuthValue diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyAuthorizeNV_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyAuthorizeNV_fp.h deleted file mode 100644 index 77b2fa4c7..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyAuthorizeNV_fp.h +++ /dev/null @@ -1,64 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_PolicyAuthorizeNV // Command must be enabled - -#ifndef _Policy_Authorize_NV_FP_H_ -#define _Policy_Authorize_NV_FP_H_ - -// Input structure definition -typedef struct { - TPMI_RH_NV_AUTH authHandle; - TPMI_RH_NV_INDEX nvIndex; - TPMI_SH_POLICY policySession; -} PolicyAuthorizeNV_In; - -// Response code modifiers -#define RC_PolicyAuthorizeNV_authHandle (TPM_RC_H + TPM_RC_1) -#define RC_PolicyAuthorizeNV_nvIndex (TPM_RC_H + TPM_RC_2) -#define RC_PolicyAuthorizeNV_policySession (TPM_RC_H + TPM_RC_3) - -// Function prototype -TPM_RC -TPM2_PolicyAuthorizeNV( - PolicyAuthorizeNV_In *in -); - -#endif // _Policy_Authorize_NV_FP_H_ -#endif // CC_PolicyAuthorizeNV diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyAuthorize_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyAuthorize_fp.h deleted file mode 100644 index 3f3a9ffd3..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyAuthorize_fp.h +++ /dev/null @@ -1,68 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_PolicyAuthorize // Command must be enabled - -#ifndef _Policy_Authorize_FP_H_ -#define _Policy_Authorize_FP_H_ - -// Input structure definition -typedef struct { - TPMI_SH_POLICY policySession; - TPM2B_DIGEST approvedPolicy; - TPM2B_NONCE policyRef; - TPM2B_NAME keySign; - TPMT_TK_VERIFIED checkTicket; -} PolicyAuthorize_In; - -// Response code modifiers -#define RC_PolicyAuthorize_policySession (TPM_RC_H + TPM_RC_1) -#define RC_PolicyAuthorize_approvedPolicy (TPM_RC_P + TPM_RC_1) -#define RC_PolicyAuthorize_policyRef (TPM_RC_P + TPM_RC_2) -#define RC_PolicyAuthorize_keySign (TPM_RC_P + TPM_RC_3) -#define RC_PolicyAuthorize_checkTicket (TPM_RC_P + TPM_RC_4) - -// Function prototype -TPM_RC -TPM2_PolicyAuthorize( - PolicyAuthorize_In *in -); - -#endif // _Policy_Authorize_FP_H_ -#endif // CC_PolicyAuthorize diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyCommandCode_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyCommandCode_fp.h deleted file mode 100644 index 565fb6455..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyCommandCode_fp.h +++ /dev/null @@ -1,62 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_PolicyCommandCode // Command must be enabled - -#ifndef _Policy_Command_Code_FP_H_ -#define _Policy_Command_Code_FP_H_ - -// Input structure definition -typedef struct { - TPMI_SH_POLICY policySession; - TPM_CC code; -} PolicyCommandCode_In; - -// Response code modifiers -#define RC_PolicyCommandCode_policySession (TPM_RC_H + TPM_RC_1) -#define RC_PolicyCommandCode_code (TPM_RC_P + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_PolicyCommandCode( - PolicyCommandCode_In *in -); - -#endif // _Policy_Command_Code_FP_H_ -#endif // CC_PolicyCommandCode diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyCounterTimer_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyCounterTimer_fp.h deleted file mode 100644 index 060a07105..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyCounterTimer_fp.h +++ /dev/null @@ -1,66 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_PolicyCounterTimer // Command must be enabled - -#ifndef _Policy_Counter_Timer_FP_H_ -#define _Policy_Counter_Timer_FP_H_ - -// Input structure definition -typedef struct { - TPMI_SH_POLICY policySession; - TPM2B_OPERAND operandB; - UINT16 offset; - TPM_EO operation; -} PolicyCounterTimer_In; - -// Response code modifiers -#define RC_PolicyCounterTimer_policySession (TPM_RC_H + TPM_RC_1) -#define RC_PolicyCounterTimer_operandB (TPM_RC_P + TPM_RC_1) -#define RC_PolicyCounterTimer_offset (TPM_RC_P + TPM_RC_2) -#define RC_PolicyCounterTimer_operation (TPM_RC_P + TPM_RC_3) - -// Function prototype -TPM_RC -TPM2_PolicyCounterTimer( - PolicyCounterTimer_In *in -); - -#endif // _Policy_Counter_Timer_FP_H_ -#endif // CC_PolicyCounterTimer diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyCpHash_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyCpHash_fp.h deleted file mode 100644 index 788fb429e..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyCpHash_fp.h +++ /dev/null @@ -1,62 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_PolicyCpHash // Command must be enabled - -#ifndef _Policy_Cp_Hash_FP_H_ -#define _Policy_Cp_Hash_FP_H_ - -// Input structure definition -typedef struct { - TPMI_SH_POLICY policySession; - TPM2B_DIGEST cpHashA; -} PolicyCpHash_In; - -// Response code modifiers -#define RC_PolicyCpHash_policySession (TPM_RC_H + TPM_RC_1) -#define RC_PolicyCpHash_cpHashA (TPM_RC_P + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_PolicyCpHash( - PolicyCpHash_In *in -); - -#endif // _Policy_Cp_Hash_FP_H_ -#endif // CC_PolicyCpHash diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyDuplicationSelect_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyDuplicationSelect_fp.h deleted file mode 100644 index 17e161c29..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyDuplicationSelect_fp.h +++ /dev/null @@ -1,66 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_PolicyDuplicationSelect // Command must be enabled - -#ifndef _Policy_Duplication_Select_FP_H_ -#define _Policy_Duplication_Select_FP_H_ - -// Input structure definition -typedef struct { - TPMI_SH_POLICY policySession; - TPM2B_NAME objectName; - TPM2B_NAME newParentName; - TPMI_YES_NO includeObject; -} PolicyDuplicationSelect_In; - -// Response code modifiers -#define RC_PolicyDuplicationSelect_policySession (TPM_RC_H + TPM_RC_1) -#define RC_PolicyDuplicationSelect_objectName (TPM_RC_P + TPM_RC_1) -#define RC_PolicyDuplicationSelect_newParentName (TPM_RC_P + TPM_RC_2) -#define RC_PolicyDuplicationSelect_includeObject (TPM_RC_P + TPM_RC_3) - -// Function prototype -TPM_RC -TPM2_PolicyDuplicationSelect( - PolicyDuplicationSelect_In *in -); - -#endif // _Policy_Duplication_Select_FP_H_ -#endif // CC_PolicyDuplicationSelect diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyGetDigest_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyGetDigest_fp.h deleted file mode 100644 index 848bd2fe7..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyGetDigest_fp.h +++ /dev/null @@ -1,66 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_PolicyGetDigest // Command must be enabled - -#ifndef _Policy_Get_Digest_FP_H_ -#define _Policy_Get_Digest_FP_H_ - -// Input structure definition -typedef struct { - TPMI_SH_POLICY policySession; -} PolicyGetDigest_In; - -// Output structure definition -typedef struct { - TPM2B_DIGEST policyDigest; -} PolicyGetDigest_Out; - -// Response code modifiers -#define RC_PolicyGetDigest_policySession (TPM_RC_H + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_PolicyGetDigest( - PolicyGetDigest_In *in, - PolicyGetDigest_Out *out -); - -#endif // _Policy_Get_Digest_FP_H_ -#endif // CC_PolicyGetDigest diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyLocality_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyLocality_fp.h deleted file mode 100644 index ef45ed684..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyLocality_fp.h +++ /dev/null @@ -1,62 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_PolicyLocality // Command must be enabled - -#ifndef _Policy_Locality_FP_H_ -#define _Policy_Locality_FP_H_ - -// Input structure definition -typedef struct { - TPMI_SH_POLICY policySession; - TPMA_LOCALITY locality; -} PolicyLocality_In; - -// Response code modifiers -#define RC_PolicyLocality_policySession (TPM_RC_H + TPM_RC_1) -#define RC_PolicyLocality_locality (TPM_RC_P + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_PolicyLocality( - PolicyLocality_In *in -); - -#endif // _Policy_Locality_FP_H_ -#endif // CC_PolicyLocality diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyNV_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyNV_fp.h deleted file mode 100644 index b16beda8f..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyNV_fp.h +++ /dev/null @@ -1,70 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_PolicyNV // Command must be enabled - -#ifndef _Policy_NV_FP_H_ -#define _Policy_NV_FP_H_ - -// Input structure definition -typedef struct { - TPMI_RH_NV_AUTH authHandle; - TPMI_RH_NV_INDEX nvIndex; - TPMI_SH_POLICY policySession; - TPM2B_OPERAND operandB; - UINT16 offset; - TPM_EO operation; -} PolicyNV_In; - -// Response code modifiers -#define RC_PolicyNV_authHandle (TPM_RC_H + TPM_RC_1) -#define RC_PolicyNV_nvIndex (TPM_RC_H + TPM_RC_2) -#define RC_PolicyNV_policySession (TPM_RC_H + TPM_RC_3) -#define RC_PolicyNV_operandB (TPM_RC_P + TPM_RC_1) -#define RC_PolicyNV_offset (TPM_RC_P + TPM_RC_2) -#define RC_PolicyNV_operation (TPM_RC_P + TPM_RC_3) - -// Function prototype -TPM_RC -TPM2_PolicyNV( - PolicyNV_In *in -); - -#endif // _Policy_NV_FP_H_ -#endif // CC_PolicyNV diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyNameHash_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyNameHash_fp.h deleted file mode 100644 index 3e3ae8d8c..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyNameHash_fp.h +++ /dev/null @@ -1,62 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_PolicyNameHash // Command must be enabled - -#ifndef _Policy_Name_Hash_FP_H_ -#define _Policy_Name_Hash_FP_H_ - -// Input structure definition -typedef struct { - TPMI_SH_POLICY policySession; - TPM2B_DIGEST nameHash; -} PolicyNameHash_In; - -// Response code modifiers -#define RC_PolicyNameHash_policySession (TPM_RC_H + TPM_RC_1) -#define RC_PolicyNameHash_nameHash (TPM_RC_P + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_PolicyNameHash( - PolicyNameHash_In *in -); - -#endif // _Policy_Name_Hash_FP_H_ -#endif // CC_PolicyNameHash diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyNvWritten_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyNvWritten_fp.h deleted file mode 100644 index 2f5ba18f4..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyNvWritten_fp.h +++ /dev/null @@ -1,62 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_PolicyNvWritten // Command must be enabled - -#ifndef _Policy_Nv_Written_FP_H_ -#define _Policy_Nv_Written_FP_H_ - -// Input structure definition -typedef struct { - TPMI_SH_POLICY policySession; - TPMI_YES_NO writtenSet; -} PolicyNvWritten_In; - -// Response code modifiers -#define RC_PolicyNvWritten_policySession (TPM_RC_H + TPM_RC_1) -#define RC_PolicyNvWritten_writtenSet (TPM_RC_P + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_PolicyNvWritten( - PolicyNvWritten_In *in -); - -#endif // _Policy_Nv_Written_FP_H_ -#endif // CC_PolicyNvWritten diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyOR_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyOR_fp.h deleted file mode 100644 index 9db3808c2..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyOR_fp.h +++ /dev/null @@ -1,62 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_PolicyOR // Command must be enabled - -#ifndef _Policy_OR_FP_H_ -#define _Policy_OR_FP_H_ - -// Input structure definition -typedef struct { - TPMI_SH_POLICY policySession; - TPML_DIGEST pHashList; -} PolicyOR_In; - -// Response code modifiers -#define RC_PolicyOR_policySession (TPM_RC_H + TPM_RC_1) -#define RC_PolicyOR_pHashList (TPM_RC_P + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_PolicyOR( - PolicyOR_In *in -); - -#endif // _Policy_OR_FP_H_ -#endif // CC_PolicyOR diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyPCR_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyPCR_fp.h deleted file mode 100644 index c5f2940f7..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyPCR_fp.h +++ /dev/null @@ -1,64 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_PolicyPCR // Command must be enabled - -#ifndef _Policy_PCR_FP_H_ -#define _Policy_PCR_FP_H_ - -// Input structure definition -typedef struct { - TPMI_SH_POLICY policySession; - TPM2B_DIGEST pcrDigest; - TPML_PCR_SELECTION pcrs; -} PolicyPCR_In; - -// Response code modifiers -#define RC_PolicyPCR_policySession (TPM_RC_H + TPM_RC_1) -#define RC_PolicyPCR_pcrDigest (TPM_RC_P + TPM_RC_1) -#define RC_PolicyPCR_pcrs (TPM_RC_P + TPM_RC_2) - -// Function prototype -TPM_RC -TPM2_PolicyPCR( - PolicyPCR_In *in -); - -#endif // _Policy_PCR_FP_H_ -#endif // CC_PolicyPCR diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyPassword_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyPassword_fp.h deleted file mode 100644 index 712d051e3..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyPassword_fp.h +++ /dev/null @@ -1,60 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_PolicyPassword // Command must be enabled - -#ifndef _Policy_Password_FP_H_ -#define _Policy_Password_FP_H_ - -// Input structure definition -typedef struct { - TPMI_SH_POLICY policySession; -} PolicyPassword_In; - -// Response code modifiers -#define RC_PolicyPassword_policySession (TPM_RC_H + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_PolicyPassword( - PolicyPassword_In *in -); - -#endif // _Policy_Password_FP_H_ -#endif // CC_PolicyPassword diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyPhysicalPresence_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyPhysicalPresence_fp.h deleted file mode 100644 index 54d5b4004..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyPhysicalPresence_fp.h +++ /dev/null @@ -1,60 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_PolicyPhysicalPresence // Command must be enabled - -#ifndef _Policy_Physical_Presence_FP_H_ -#define _Policy_Physical_Presence_FP_H_ - -// Input structure definition -typedef struct { - TPMI_SH_POLICY policySession; -} PolicyPhysicalPresence_In; - -// Response code modifiers -#define RC_PolicyPhysicalPresence_policySession (TPM_RC_H + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_PolicyPhysicalPresence( - PolicyPhysicalPresence_In *in -); - -#endif // _Policy_Physical_Presence_FP_H_ -#endif // CC_PolicyPhysicalPresence diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyRestart_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyRestart_fp.h deleted file mode 100644 index 5716be52a..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyRestart_fp.h +++ /dev/null @@ -1,60 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_PolicyRestart // Command must be enabled - -#ifndef _Policy_Restart_FP_H_ -#define _Policy_Restart_FP_H_ - -// Input structure definition -typedef struct { - TPMI_SH_POLICY sessionHandle; -} PolicyRestart_In; - -// Response code modifiers -#define RC_PolicyRestart_sessionHandle (TPM_RC_H + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_PolicyRestart( - PolicyRestart_In *in -); - -#endif // _Policy_Restart_FP_H_ -#endif // CC_PolicyRestart diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicySecret_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicySecret_fp.h deleted file mode 100644 index fb944da09..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicySecret_fp.h +++ /dev/null @@ -1,77 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_PolicySecret // Command must be enabled - -#ifndef _Policy_Secret_FP_H_ -#define _Policy_Secret_FP_H_ - -// Input structure definition -typedef struct { - TPMI_DH_ENTITY authHandle; - TPMI_SH_POLICY policySession; - TPM2B_NONCE nonceTPM; - TPM2B_DIGEST cpHashA; - TPM2B_NONCE policyRef; - INT32 expiration; -} PolicySecret_In; - -// Output structure definition -typedef struct { - TPM2B_TIMEOUT timeout; - TPMT_TK_AUTH policyTicket; -} PolicySecret_Out; - -// Response code modifiers -#define RC_PolicySecret_authHandle (TPM_RC_H + TPM_RC_1) -#define RC_PolicySecret_policySession (TPM_RC_H + TPM_RC_2) -#define RC_PolicySecret_nonceTPM (TPM_RC_P + TPM_RC_1) -#define RC_PolicySecret_cpHashA (TPM_RC_P + TPM_RC_2) -#define RC_PolicySecret_policyRef (TPM_RC_P + TPM_RC_3) -#define RC_PolicySecret_expiration (TPM_RC_P + TPM_RC_4) - -// Function prototype -TPM_RC -TPM2_PolicySecret( - PolicySecret_In *in, - PolicySecret_Out *out -); - -#endif // _Policy_Secret_FP_H_ -#endif // CC_PolicySecret diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicySigned_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicySigned_fp.h deleted file mode 100644 index f25ca6ee9..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicySigned_fp.h +++ /dev/null @@ -1,79 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_PolicySigned // Command must be enabled - -#ifndef _Policy_Signed_FP_H_ -#define _Policy_Signed_FP_H_ - -// Input structure definition -typedef struct { - TPMI_DH_OBJECT authObject; - TPMI_SH_POLICY policySession; - TPM2B_NONCE nonceTPM; - TPM2B_DIGEST cpHashA; - TPM2B_NONCE policyRef; - INT32 expiration; - TPMT_SIGNATURE auth; -} PolicySigned_In; - -// Output structure definition -typedef struct { - TPM2B_TIMEOUT timeout; - TPMT_TK_AUTH policyTicket; -} PolicySigned_Out; - -// Response code modifiers -#define RC_PolicySigned_authObject (TPM_RC_H + TPM_RC_1) -#define RC_PolicySigned_policySession (TPM_RC_H + TPM_RC_2) -#define RC_PolicySigned_nonceTPM (TPM_RC_P + TPM_RC_1) -#define RC_PolicySigned_cpHashA (TPM_RC_P + TPM_RC_2) -#define RC_PolicySigned_policyRef (TPM_RC_P + TPM_RC_3) -#define RC_PolicySigned_expiration (TPM_RC_P + TPM_RC_4) -#define RC_PolicySigned_auth (TPM_RC_P + TPM_RC_5) - -// Function prototype -TPM_RC -TPM2_PolicySigned( - PolicySigned_In *in, - PolicySigned_Out *out -); - -#endif // _Policy_Signed_FP_H_ -#endif // CC_PolicySigned diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyTemplate_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyTemplate_fp.h deleted file mode 100644 index 2e724d78c..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyTemplate_fp.h +++ /dev/null @@ -1,62 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_PolicyTemplate // Command must be enabled - -#ifndef _Policy_Template_FP_H_ -#define _Policy_Template_FP_H_ - -// Input structure definition -typedef struct { - TPMI_SH_POLICY policySession; - TPM2B_DIGEST templateHash; -} PolicyTemplate_In; - -// Response code modifiers -#define RC_PolicyTemplate_policySession (TPM_RC_H + TPM_RC_1) -#define RC_PolicyTemplate_templateHash (TPM_RC_P + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_PolicyTemplate( - PolicyTemplate_In *in -); - -#endif // _Policy_Template_FP_H_ -#endif // CC_PolicyTemplate diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyTicket_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyTicket_fp.h deleted file mode 100644 index 74dfccb5a..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyTicket_fp.h +++ /dev/null @@ -1,70 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_PolicyTicket // Command must be enabled - -#ifndef _Policy_Ticket_FP_H_ -#define _Policy_Ticket_FP_H_ - -// Input structure definition -typedef struct { - TPMI_SH_POLICY policySession; - TPM2B_TIMEOUT timeout; - TPM2B_DIGEST cpHashA; - TPM2B_NONCE policyRef; - TPM2B_NAME authName; - TPMT_TK_AUTH ticket; -} PolicyTicket_In; - -// Response code modifiers -#define RC_PolicyTicket_policySession (TPM_RC_H + TPM_RC_1) -#define RC_PolicyTicket_timeout (TPM_RC_P + TPM_RC_1) -#define RC_PolicyTicket_cpHashA (TPM_RC_P + TPM_RC_2) -#define RC_PolicyTicket_policyRef (TPM_RC_P + TPM_RC_3) -#define RC_PolicyTicket_authName (TPM_RC_P + TPM_RC_4) -#define RC_PolicyTicket_ticket (TPM_RC_P + TPM_RC_5) - -// Function prototype -TPM_RC -TPM2_PolicyTicket( - PolicyTicket_In *in -); - -#endif // _Policy_Ticket_FP_H_ -#endif // CC_PolicyTicket diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Policy_AC_SendSelect_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Policy_AC_SendSelect_fp.h deleted file mode 100644 index 316ee7a3b..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Policy_AC_SendSelect_fp.h +++ /dev/null @@ -1,68 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_Policy_AC_SendSelect // Command must be enabled - -#ifndef _Policy_AC_Send_Select_FP_H_ -#define _Policy_AC_Send_Select_FP_H_ - -// Input structure definition -typedef struct { - TPMI_SH_POLICY policySession; - TPM2B_NAME objectName; - TPM2B_NAME authHandleName; - TPM2B_NAME acName; - TPMI_YES_NO includeObject; -} Policy_AC_SendSelect_In; - -// Response code modifiers -#define RC_Policy_AC_SendSelect_policySession (TPM_RC_H + TPM_RC_1) -#define RC_Policy_AC_SendSelect_objectName (TPM_RC_P + TPM_RC_1) -#define RC_Policy_AC_SendSelect_authHandleName (TPM_RC_P + TPM_RC_2) -#define RC_Policy_AC_SendSelect_acName (TPM_RC_P + TPM_RC_3) -#define RC_Policy_AC_SendSelect_includeObject (TPM_RC_P + TPM_RC_4) - -// Function prototype -TPM_RC -TPM2_Policy_AC_SendSelect( - Policy_AC_SendSelect_In *in -); - -#endif // _Policy_AC_Send_Select_FP_H_ -#endif // CC_Policy_AC_SendSelect diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Policy_spt_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Policy_spt_fp.h deleted file mode 100644 index 21717a68d..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Policy_spt_fp.h +++ /dev/null @@ -1,102 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Mar 28, 2019 Time: 08:25:18PM - */ - -#ifndef _POLICY_SPT_FP_H_ -#define _POLICY_SPT_FP_H_ - -//** Functions -//*** PolicyParameterChecks() -// This function validates the common parameters of TPM2_PolicySiged() -// and TPM2_PolicySecret(). The common parameters are 'nonceTPM', -// 'expiration', and 'cpHashA'. -TPM_RC -PolicyParameterChecks( - SESSION *session, - UINT64 authTimeout, - TPM2B_DIGEST *cpHashA, - TPM2B_NONCE *nonce, - TPM_RC blameNonce, - TPM_RC blameCpHash, - TPM_RC blameExpiration -); - -//*** PolicyContextUpdate() -// Update policy hash -// Update the policyDigest in policy session by extending policyRef and -// objectName to it. This will also update the cpHash if it is present. -// Return Type: void -void -PolicyContextUpdate( - TPM_CC commandCode, // IN: command code - TPM2B_NAME *name, // IN: name of entity - TPM2B_NONCE *ref, // IN: the reference data - TPM2B_DIGEST *cpHash, // IN: the cpHash (optional) - UINT64 policyTimeout, // IN: the timeout value for the policy - SESSION *session // IN/OUT: policy session to be updated -); - -//*** ComputeAuthTimeout() -// This function is used to determine what the authorization timeout value for -// the session should be. -UINT64 -ComputeAuthTimeout( - SESSION *session, // IN: the session containing the time - // values - INT32 expiration, // IN: either the number of seconds from - // the start of the session or the - // time in g_timer; - TPM2B_NONCE *nonce // IN: indicator of the time base -); - -//*** PolicyDigestClear() -// Function to reset the policyDigest of a session -void -PolicyDigestClear( - SESSION *session -); - -BOOL -PolicySptCheckCondition( - TPM_EO operation, - BYTE *opA, - BYTE *opB, - UINT16 size -); - -#endif // _POLICY_SPT_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Power_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Power_fp.h deleted file mode 100644 index e6941a062..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Power_fp.h +++ /dev/null @@ -1,69 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Apr 2, 2019 Time: 11:00:49AM - */ - -#ifndef _POWER_FP_H_ -#define _POWER_FP_H_ - -//*** TPMInit() -// This function is used to process a power on event. -void -TPMInit( - void -); - -//*** TPMRegisterStartup() -// This function registers the fact that the TPM has been initialized -// (a TPM2_Startup() has completed successfully). -BOOL -TPMRegisterStartup( - void -); - -//*** TPMIsStarted() -// Indicates if the TPM has been initialized (a TPM2_Startup() has completed -// successfully after a _TPM_Init). -// Return Type: BOOL -// TRUE(1) TPM has been initialized -// FALSE(0) TPM has not been initialized -BOOL -TPMIsStarted( - void -); - -#endif // _POWER_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PropertyCap_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PropertyCap_fp.h deleted file mode 100644 index 20e6ff8f5..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PropertyCap_fp.h +++ /dev/null @@ -1,59 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Mar 28, 2019 Time: 08:25:19PM - */ - -#ifndef _PROPERTY_CAP_FP_H_ -#define _PROPERTY_CAP_FP_H_ - -//*** TPMCapGetProperties() -// This function is used to get the TPM_PT values. The search of properties will -// start at 'property' and continue until 'propertyList' has as many values as -// will fit, or the last property has been reported, or the list has as many -// values as requested in 'count'. -// Return Type: TPMI_YES_NO -// YES more properties are available -// NO no more properties to be reported -TPMI_YES_NO -TPMCapGetProperties( - TPM_PT property, // IN: the starting TPM property - UINT32 count, // IN: maximum number of returned - // properties - TPML_TAGGED_TPM_PROPERTY *propertyList // OUT: property list -); - -#endif // _PROPERTY_CAP_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Quote_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Quote_fp.h deleted file mode 100644 index 3d9e49c2e..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Quote_fp.h +++ /dev/null @@ -1,73 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_Quote // Command must be enabled - -#ifndef _Quote_FP_H_ -#define _Quote_FP_H_ - -// Input structure definition -typedef struct { - TPMI_DH_OBJECT signHandle; - TPM2B_DATA qualifyingData; - TPMT_SIG_SCHEME inScheme; - TPML_PCR_SELECTION PCRselect; -} Quote_In; - -// Output structure definition -typedef struct { - TPM2B_ATTEST quoted; - TPMT_SIGNATURE signature; -} Quote_Out; - -// Response code modifiers -#define RC_Quote_signHandle (TPM_RC_H + TPM_RC_1) -#define RC_Quote_qualifyingData (TPM_RC_P + TPM_RC_1) -#define RC_Quote_inScheme (TPM_RC_P + TPM_RC_2) -#define RC_Quote_PCRselect (TPM_RC_P + TPM_RC_3) - -// Function prototype -TPM_RC -TPM2_Quote( - Quote_In *in, - Quote_Out *out -); - -#endif // _Quote_FP_H_ -#endif // CC_Quote diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/RSA_Decrypt_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/RSA_Decrypt_fp.h deleted file mode 100644 index edcc718f9..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/RSA_Decrypt_fp.h +++ /dev/null @@ -1,72 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_RSA_Decrypt // Command must be enabled - -#ifndef _RSA_Decrypt_FP_H_ -#define _RSA_Decrypt_FP_H_ - -// Input structure definition -typedef struct { - TPMI_DH_OBJECT keyHandle; - TPM2B_PUBLIC_KEY_RSA cipherText; - TPMT_RSA_DECRYPT inScheme; - TPM2B_DATA label; -} RSA_Decrypt_In; - -// Output structure definition -typedef struct { - TPM2B_PUBLIC_KEY_RSA message; -} RSA_Decrypt_Out; - -// Response code modifiers -#define RC_RSA_Decrypt_keyHandle (TPM_RC_H + TPM_RC_1) -#define RC_RSA_Decrypt_cipherText (TPM_RC_P + TPM_RC_1) -#define RC_RSA_Decrypt_inScheme (TPM_RC_P + TPM_RC_2) -#define RC_RSA_Decrypt_label (TPM_RC_P + TPM_RC_3) - -// Function prototype -TPM_RC -TPM2_RSA_Decrypt( - RSA_Decrypt_In *in, - RSA_Decrypt_Out *out -); - -#endif // _RSA_Decrypt_FP_H_ -#endif // CC_RSA_Decrypt diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/RSA_Encrypt_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/RSA_Encrypt_fp.h deleted file mode 100644 index 807cc8a9a..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/RSA_Encrypt_fp.h +++ /dev/null @@ -1,72 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_RSA_Encrypt // Command must be enabled - -#ifndef _RSA_Encrypt_FP_H_ -#define _RSA_Encrypt_FP_H_ - -// Input structure definition -typedef struct { - TPMI_DH_OBJECT keyHandle; - TPM2B_PUBLIC_KEY_RSA message; - TPMT_RSA_DECRYPT inScheme; - TPM2B_DATA label; -} RSA_Encrypt_In; - -// Output structure definition -typedef struct { - TPM2B_PUBLIC_KEY_RSA outData; -} RSA_Encrypt_Out; - -// Response code modifiers -#define RC_RSA_Encrypt_keyHandle (TPM_RC_H + TPM_RC_1) -#define RC_RSA_Encrypt_message (TPM_RC_P + TPM_RC_1) -#define RC_RSA_Encrypt_inScheme (TPM_RC_P + TPM_RC_2) -#define RC_RSA_Encrypt_label (TPM_RC_P + TPM_RC_3) - -// Function prototype -TPM_RC -TPM2_RSA_Encrypt( - RSA_Encrypt_In *in, - RSA_Encrypt_Out *out -); - -#endif // _RSA_Encrypt_FP_H_ -#endif // CC_RSA_Encrypt diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ReadClock_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ReadClock_fp.h deleted file mode 100644 index 101f7c187..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ReadClock_fp.h +++ /dev/null @@ -1,58 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_ReadClock // Command must be enabled - -#ifndef _Read_Clock_FP_H_ -#define _Read_Clock_FP_H_ - -// Output structure definition -typedef struct { - TPMS_TIME_INFO currentTime; -} ReadClock_Out; - - -// Function prototype -TPM_RC -TPM2_ReadClock( - ReadClock_Out *out -); - -#endif // _Read_Clock_FP_H_ -#endif // CC_ReadClock diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ReadPublic_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ReadPublic_fp.h deleted file mode 100644 index 8d3a9930b..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ReadPublic_fp.h +++ /dev/null @@ -1,68 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_ReadPublic // Command must be enabled - -#ifndef _Read_Public_FP_H_ -#define _Read_Public_FP_H_ - -// Input structure definition -typedef struct { - TPMI_DH_OBJECT objectHandle; -} ReadPublic_In; - -// Output structure definition -typedef struct { - TPM2B_PUBLIC outPublic; - TPM2B_NAME name; - TPM2B_NAME qualifiedName; -} ReadPublic_Out; - -// Response code modifiers -#define RC_ReadPublic_objectHandle (TPM_RC_H + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_ReadPublic( - ReadPublic_In *in, - ReadPublic_Out *out -); - -#endif // _Read_Public_FP_H_ -#endif // CC_ReadPublic diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ResponseCodeProcessing_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ResponseCodeProcessing_fp.h deleted file mode 100644 index 1beb94983..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ResponseCodeProcessing_fp.h +++ /dev/null @@ -1,52 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Mar 28, 2019 Time: 08:25:19PM - */ - -#ifndef _RESPONSE_CODE_PROCESSING_FP_H_ -#define _RESPONSE_CODE_PROCESSING_FP_H_ - -//** RcSafeAddToResult() -// Adds a modifier to a response code as long as the response code allows a modifier -// and no modifier has already been added. -TPM_RC -RcSafeAddToResult( - TPM_RC responseCode, - TPM_RC modifier -); - -#endif // _RESPONSE_CODE_PROCESSING_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Response_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Response_fp.h deleted file mode 100644 index 551c2e13b..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Response_fp.h +++ /dev/null @@ -1,53 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Mar 28, 2019 Time: 08:25:19PM - */ - -#ifndef _RESPONSE_FP_H_ -#define _RESPONSE_FP_H_ - -//** BuildResponseHeader() -// Adds the response header to the response. It will update command->parameterSize -// to indicate the total size of the response. -void -BuildResponseHeader( - COMMAND *command, // IN: main control structure - BYTE *buffer, // OUT: the output buffer - TPM_RC result // IN: the response code -); - -#endif // _RESPONSE_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Rewrap_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Rewrap_fp.h deleted file mode 100644 index 03942d3b6..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Rewrap_fp.h +++ /dev/null @@ -1,75 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_Rewrap // Command must be enabled - -#ifndef _Rewrap_FP_H_ -#define _Rewrap_FP_H_ - -// Input structure definition -typedef struct { - TPMI_DH_OBJECT oldParent; - TPMI_DH_OBJECT newParent; - TPM2B_PRIVATE inDuplicate; - TPM2B_NAME name; - TPM2B_ENCRYPTED_SECRET inSymSeed; -} Rewrap_In; - -// Output structure definition -typedef struct { - TPM2B_PRIVATE outDuplicate; - TPM2B_ENCRYPTED_SECRET outSymSeed; -} Rewrap_Out; - -// Response code modifiers -#define RC_Rewrap_oldParent (TPM_RC_H + TPM_RC_1) -#define RC_Rewrap_newParent (TPM_RC_H + TPM_RC_2) -#define RC_Rewrap_inDuplicate (TPM_RC_P + TPM_RC_1) -#define RC_Rewrap_name (TPM_RC_P + TPM_RC_2) -#define RC_Rewrap_inSymSeed (TPM_RC_P + TPM_RC_3) - -// Function prototype -TPM_RC -TPM2_Rewrap( - Rewrap_In *in, - Rewrap_Out *out -); - -#endif // _Rewrap_FP_H_ -#endif // CC_Rewrap diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/RsaKeyCache_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/RsaKeyCache_fp.h deleted file mode 100644 index 9d21ac99e..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/RsaKeyCache_fp.h +++ /dev/null @@ -1,65 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Mar 28, 2019 Time: 08:25:19PM - */ - -#ifndef _RSA_KEY_CACHE_FP_H_ -#define _RSA_KEY_CACHE_FP_H_ - -#if USE_RSA_KEY_CACHE - -//*** RsaKeyCacheControl() -// Used to enable and disable the RSA key cache. -LIB_EXPORT void -RsaKeyCacheControl( - int state -); - -//*** GetCachedRsaKey() -// Return Type: BOOL -// TRUE(1) key loaded -// FALSE(0) key not loaded -BOOL -GetCachedRsaKey( - TPMT_PUBLIC *publicArea, - TPMT_SENSITIVE *sensitive, - RAND_STATE *rand // IN: if not NULL, the deterministic - // RNG state -); -#endif // defined SIMULATION && defined USE_RSA_KEY_CACHE - -#endif // _RSA_KEY_CACHE_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/SelfTest_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/SelfTest_fp.h deleted file mode 100644 index 9557e1bf5..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/SelfTest_fp.h +++ /dev/null @@ -1,60 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_SelfTest // Command must be enabled - -#ifndef _Self_Test_FP_H_ -#define _Self_Test_FP_H_ - -// Input structure definition -typedef struct { - TPMI_YES_NO fullTest; -} SelfTest_In; - -// Response code modifiers -#define RC_SelfTest_fullTest (TPM_RC_P + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_SelfTest( - SelfTest_In *in -); - -#endif // _Self_Test_FP_H_ -#endif // CC_SelfTest diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/SequenceComplete_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/SequenceComplete_fp.h deleted file mode 100644 index 48d73e72a..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/SequenceComplete_fp.h +++ /dev/null @@ -1,71 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_SequenceComplete // Command must be enabled - -#ifndef _Sequence_Complete_FP_H_ -#define _Sequence_Complete_FP_H_ - -// Input structure definition -typedef struct { - TPMI_DH_OBJECT sequenceHandle; - TPM2B_MAX_BUFFER buffer; - TPMI_RH_HIERARCHY hierarchy; -} SequenceComplete_In; - -// Output structure definition -typedef struct { - TPM2B_DIGEST result; - TPMT_TK_HASHCHECK validation; -} SequenceComplete_Out; - -// Response code modifiers -#define RC_SequenceComplete_sequenceHandle (TPM_RC_H + TPM_RC_1) -#define RC_SequenceComplete_buffer (TPM_RC_P + TPM_RC_1) -#define RC_SequenceComplete_hierarchy (TPM_RC_P + TPM_RC_2) - -// Function prototype -TPM_RC -TPM2_SequenceComplete( - SequenceComplete_In *in, - SequenceComplete_Out *out -); - -#endif // _Sequence_Complete_FP_H_ -#endif // CC_SequenceComplete diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/SequenceUpdate_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/SequenceUpdate_fp.h deleted file mode 100644 index 6a31cc6e7..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/SequenceUpdate_fp.h +++ /dev/null @@ -1,62 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_SequenceUpdate // Command must be enabled - -#ifndef _Sequence_Update_FP_H_ -#define _Sequence_Update_FP_H_ - -// Input structure definition -typedef struct { - TPMI_DH_OBJECT sequenceHandle; - TPM2B_MAX_BUFFER buffer; -} SequenceUpdate_In; - -// Response code modifiers -#define RC_SequenceUpdate_sequenceHandle (TPM_RC_H + TPM_RC_1) -#define RC_SequenceUpdate_buffer (TPM_RC_P + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_SequenceUpdate( - SequenceUpdate_In *in -); - -#endif // _Sequence_Update_FP_H_ -#endif // CC_SequenceUpdate diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/SessionProcess_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/SessionProcess_fp.h deleted file mode 100644 index afaa64dab..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/SessionProcess_fp.h +++ /dev/null @@ -1,123 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Mar 28, 2019 Time: 08:25:19PM - */ - -#ifndef _SESSION_PROCESS_FP_H_ -#define _SESSION_PROCESS_FP_H_ - -//*** IsDAExempted() -// This function indicates if a handle is exempted from DA logic. -// A handle is exempted if it is -// 1. a primary seed handle, -// 2. an object with noDA bit SET, -// 3. an NV Index with TPMA_NV_NO_DA bit SET, or -// 4. a PCR handle. -// -// Return Type: BOOL -// TRUE(1) handle is exempted from DA logic -// FALSE(0) handle is not exempted from DA logic -BOOL -IsDAExempted( - TPM_HANDLE handle // IN: entity handle -); - -//*** ClearCpRpHashes() -void -ClearCpRpHashes( - COMMAND *command -); - -//*** CompareNameHash() -// This function computes the name hash and compares it to the nameHash in the -// session data. -BOOL -CompareNameHash( - COMMAND *command, // IN: main parsing structure - SESSION *session // IN: session structure with nameHash -); - -//*** ParseSessionBuffer() -// This function is the entry function for command session processing. -// It iterates sessions in session area and reports if the required authorization -// has been properly provided. It also processes audit session and passes the -// information of encryption sessions to parameter encryption module. -// -// Return Type: TPM_RC -// various parsing failure or authorization failure -// -TPM_RC -ParseSessionBuffer( - COMMAND *command // IN: the structure that contains -); - -//*** CheckAuthNoSession() -// Function to process a command with no session associated. -// The function makes sure all the handles in the command require no authorization. -// -// Return Type: TPM_RC -// TPM_RC_AUTH_MISSING failure - one or more handles require -// authorization -TPM_RC -CheckAuthNoSession( - COMMAND *command // IN: command parsing structure -); - -//*** BuildResponseSession() -// Function to build Session buffer in a response. The authorization data is added -// to the end of command->responseBuffer. The size of the authorization area is -// accumulated in command->authSize. -// When this is called, command->responseBuffer is pointing at the next location -// in the response buffer to be filled. This is where the authorization sessions -// will go, if any. command->parameterSize is the number of bytes that have been -// marshaled as parameters in the output buffer. -void -BuildResponseSession( - COMMAND *command // IN: structure that has relevant command - // information -); - -//*** SessionRemoveAssociationToHandle() -// This function deals with the case where an entity associated with an authorization -// is deleted during command processing. The primary use of this is to support -// UndefineSpaceSpecial(). -void -SessionRemoveAssociationToHandle( - TPM_HANDLE handle -); - -#endif // _SESSION_PROCESS_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Session_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Session_fp.h deleted file mode 100644 index 3c8227a2c..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Session_fp.h +++ /dev/null @@ -1,287 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Apr 2, 2019 Time: 04:06:42PM - */ - -#ifndef _SESSION_FP_H_ -#define _SESSION_FP_H_ - -//** Startup Function -- SessionStartup() -// This function initializes the session subsystem on TPM2_Startup(). -BOOL -SessionStartup( - STARTUP_TYPE type -); - -//*** SessionIsLoaded() -// This function test a session handle references a loaded session. The handle -// must have previously been checked to make sure that it is a valid handle for -// an authorization session. -// NOTE: A PWAP authorization does not have a session. -// -// Return Type: BOOL -// TRUE(1) session is loaded -// FALSE(0) session is not loaded -// -BOOL -SessionIsLoaded( - TPM_HANDLE handle // IN: session handle -); - -//*** SessionIsSaved() -// This function test a session handle references a saved session. The handle -// must have previously been checked to make sure that it is a valid handle for -// an authorization session. -// NOTE: An password authorization does not have a session. -// -// This function requires that the handle be a valid session handle. -// -// Return Type: BOOL -// TRUE(1) session is saved -// FALSE(0) session is not saved -// -BOOL -SessionIsSaved( - TPM_HANDLE handle // IN: session handle -); - -//*** SequenceNumberForSavedContextIsValid() -// This function validates that the sequence number and handle value within a -// saved context are valid. -BOOL -SequenceNumberForSavedContextIsValid( - TPMS_CONTEXT *context // IN: pointer to a context structure to be - // validated -); - -//*** SessionPCRValueIsCurrent() -// -// This function is used to check if PCR values have been updated since the -// last time they were checked in a policy session. -// -// This function requires the session is loaded. -// Return Type: BOOL -// TRUE(1) PCR value is current -// FALSE(0) PCR value is not current -BOOL -SessionPCRValueIsCurrent( - SESSION *session // IN: session structure -); - -//*** SessionGet() -// This function returns a pointer to the session object associated with a -// session handle. -// -// The function requires that the session is loaded. -SESSION * -SessionGet( - TPM_HANDLE handle // IN: session handle -); - -//*** SessionCreate() -// -// This function does the detailed work for starting an authorization session. -// This is done in a support routine rather than in the action code because -// the session management may differ in implementations. This implementation -// uses a fixed memory allocation to hold sessions and a fixed allocation -// to hold the contextID for the saved contexts. -// -// Return Type: TPM_RC -// TPM_RC_CONTEXT_GAP need to recycle sessions -// TPM_RC_SESSION_HANDLE active session space is full -// TPM_RC_SESSION_MEMORY loaded session space is full -TPM_RC -SessionCreate( - TPM_SE sessionType, // IN: the session type - TPMI_ALG_HASH authHash, // IN: the hash algorithm - TPM2B_NONCE *nonceCaller, // IN: initial nonceCaller - TPMT_SYM_DEF *symmetric, // IN: the symmetric algorithm - TPMI_DH_ENTITY bind, // IN: the bind object - TPM2B_DATA *seed, // IN: seed data - TPM_HANDLE *sessionHandle, // OUT: the session handle - TPM2B_NONCE *nonceTpm // OUT: the session nonce -); - -//*** SessionContextSave() -// This function is called when a session context is to be saved. The -// contextID of the saved session is returned. If no contextID can be -// assigned, then the routine returns TPM_RC_CONTEXT_GAP. -// If the function completes normally, the session slot will be freed. -// -// This function requires that 'handle' references a loaded session. -// Otherwise, it should not be called at the first place. -// -// Return Type: TPM_RC -// TPM_RC_CONTEXT_GAP a contextID could not be assigned. -// TPM_RC_TOO_MANY_CONTEXTSthe counter maxed out -// -TPM_RC -SessionContextSave( - TPM_HANDLE handle, // IN: session handle - CONTEXT_COUNTER *contextID // OUT: assigned contextID -); - -//*** SessionContextLoad() -// This function is used to load a session from saved context. The session -// handle must be for a saved context. -// -// If the gap is at a maximum, then the only session that can be loaded is -// the oldest session, otherwise TPM_RC_CONTEXT_GAP is returned. -/// -// This function requires that 'handle' references a valid saved session. -// -// Return Type: TPM_RC -// TPM_RC_SESSION_MEMORY no free session slots -// TPM_RC_CONTEXT_GAP the gap count is maximum and this -// is not the oldest saved context -// -TPM_RC -SessionContextLoad( - SESSION_BUF *session, // IN: session structure from saved context - TPM_HANDLE *handle // IN/OUT: session handle -); - -//*** SessionFlush() -// This function is used to flush a session referenced by its handle. If the -// session associated with 'handle' is loaded, the session array entry is -// marked as available. -// -// This function requires that 'handle' be a valid active session. -// -void -SessionFlush( - TPM_HANDLE handle // IN: loaded or saved session handle -); - -//*** SessionComputeBoundEntity() -// This function computes the binding value for a session. The binding value -// for a reserved handle is the handle itself. For all the other entities, -// the authValue at the time of binding is included to prevent squatting. -// For those values, the Name and the authValue are concatenated -// into the bind buffer. If they will not both fit, the will be overlapped -// by XORing bytes. If XOR is required, the bind value will be full. -void -SessionComputeBoundEntity( - TPMI_DH_ENTITY entityHandle, // IN: handle of entity - TPM2B_NAME *bind // OUT: binding value -); - -//*** SessionSetStartTime() -// This function is used to initialize the session timing -void -SessionSetStartTime( - SESSION *session // IN: the session to update -); - -//*** SessionResetPolicyData() -// This function is used to reset the policy data without changing the nonce -// or the start time of the session. -void -SessionResetPolicyData( - SESSION *session // IN: the session to reset -); - -//*** SessionCapGetLoaded() -// This function returns a list of handles of loaded session, started -// from input 'handle' -// -// 'Handle' must be in valid loaded session handle range, but does not -// have to point to a loaded session. -// Return Type: TPMI_YES_NO -// YES if there are more handles available -// NO all the available handles has been returned -TPMI_YES_NO -SessionCapGetLoaded( - TPMI_SH_POLICY handle, // IN: start handle - UINT32 count, // IN: count of returned handles - TPML_HANDLE *handleList // OUT: list of handle -); - -//*** SessionCapGetSaved() -// This function returns a list of handles for saved session, starting at -// 'handle'. -// -// 'Handle' must be in a valid handle range, but does not have to point to a -// saved session -// -// Return Type: TPMI_YES_NO -// YES if there are more handles available -// NO all the available handles has been returned -TPMI_YES_NO -SessionCapGetSaved( - TPMI_SH_HMAC handle, // IN: start handle - UINT32 count, // IN: count of returned handles - TPML_HANDLE *handleList // OUT: list of handle -); - -//*** SessionCapGetLoadedNumber() -// This function return the number of authorization sessions currently -// loaded into TPM RAM. -UINT32 -SessionCapGetLoadedNumber( - void -); - -//*** SessionCapGetLoadedAvail() -// This function returns the number of additional authorization sessions, of -// any type, that could be loaded into TPM RAM. -// NOTE: In other implementations, this number may just be an estimate. The only -// requirement for the estimate is, if it is one or more, then at least one -// session must be loadable. -UINT32 -SessionCapGetLoadedAvail( - void -); - -//*** SessionCapGetActiveNumber() -// This function returns the number of active authorization sessions currently -// being tracked by the TPM. -UINT32 -SessionCapGetActiveNumber( - void -); - -//*** SessionCapGetActiveAvail() -// This function returns the number of additional authorization sessions, of any -// type, that could be created. This not the number of slots for sessions, but -// the number of additional sessions that the TPM is capable of tracking. -UINT32 -SessionCapGetActiveAvail( - void -); - -#endif // _SESSION_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/SetAlgorithmSet_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/SetAlgorithmSet_fp.h deleted file mode 100644 index ac1e3bdc1..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/SetAlgorithmSet_fp.h +++ /dev/null @@ -1,62 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_SetAlgorithmSet // Command must be enabled - -#ifndef _Set_Algorithm_Set_FP_H_ -#define _Set_Algorithm_Set_FP_H_ - -// Input structure definition -typedef struct { - TPMI_RH_PLATFORM authHandle; - UINT32 algorithmSet; -} SetAlgorithmSet_In; - -// Response code modifiers -#define RC_SetAlgorithmSet_authHandle (TPM_RC_H + TPM_RC_1) -#define RC_SetAlgorithmSet_algorithmSet (TPM_RC_P + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_SetAlgorithmSet( - SetAlgorithmSet_In *in -); - -#endif // _Set_Algorithm_Set_FP_H_ -#endif // CC_SetAlgorithmSet diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/SetCommandCodeAuditStatus_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/SetCommandCodeAuditStatus_fp.h deleted file mode 100644 index 916aec6b4..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/SetCommandCodeAuditStatus_fp.h +++ /dev/null @@ -1,66 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_SetCommandCodeAuditStatus // Command must be enabled - -#ifndef _Set_Command_Code_Audit_Status_FP_H_ -#define _Set_Command_Code_Audit_Status_FP_H_ - -// Input structure definition -typedef struct { - TPMI_RH_PROVISION auth; - TPMI_ALG_HASH auditAlg; - TPML_CC setList; - TPML_CC clearList; -} SetCommandCodeAuditStatus_In; - -// Response code modifiers -#define RC_SetCommandCodeAuditStatus_auth (TPM_RC_H + TPM_RC_1) -#define RC_SetCommandCodeAuditStatus_auditAlg (TPM_RC_P + TPM_RC_1) -#define RC_SetCommandCodeAuditStatus_setList (TPM_RC_P + TPM_RC_2) -#define RC_SetCommandCodeAuditStatus_clearList (TPM_RC_P + TPM_RC_3) - -// Function prototype -TPM_RC -TPM2_SetCommandCodeAuditStatus( - SetCommandCodeAuditStatus_In *in -); - -#endif // _Set_Command_Code_Audit_Status_FP_H_ -#endif // CC_SetCommandCodeAuditStatus diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/SetPrimaryPolicy_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/SetPrimaryPolicy_fp.h deleted file mode 100644 index c0d23e0a4..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/SetPrimaryPolicy_fp.h +++ /dev/null @@ -1,64 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_SetPrimaryPolicy // Command must be enabled - -#ifndef _Set_Primary_Policy_FP_H_ -#define _Set_Primary_Policy_FP_H_ - -// Input structure definition -typedef struct { - TPMI_RH_HIERARCHY_AUTH authHandle; - TPM2B_DIGEST authPolicy; - TPMI_ALG_HASH hashAlg; -} SetPrimaryPolicy_In; - -// Response code modifiers -#define RC_SetPrimaryPolicy_authHandle (TPM_RC_H + TPM_RC_1) -#define RC_SetPrimaryPolicy_authPolicy (TPM_RC_P + TPM_RC_1) -#define RC_SetPrimaryPolicy_hashAlg (TPM_RC_P + TPM_RC_2) - -// Function prototype -TPM_RC -TPM2_SetPrimaryPolicy( - SetPrimaryPolicy_In *in -); - -#endif // _Set_Primary_Policy_FP_H_ -#endif // CC_SetPrimaryPolicy diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Shutdown_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Shutdown_fp.h deleted file mode 100644 index 4bb93d716..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Shutdown_fp.h +++ /dev/null @@ -1,60 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_Shutdown // Command must be enabled - -#ifndef _Shutdown_FP_H_ -#define _Shutdown_FP_H_ - -// Input structure definition -typedef struct { - TPM_SU shutdownType; -} Shutdown_In; - -// Response code modifiers -#define RC_Shutdown_shutdownType (TPM_RC_P + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_Shutdown( - Shutdown_In *in -); - -#endif // _Shutdown_FP_H_ -#endif // CC_Shutdown diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Sign_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Sign_fp.h deleted file mode 100644 index 0acab7ddd..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Sign_fp.h +++ /dev/null @@ -1,72 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_Sign // Command must be enabled - -#ifndef _Sign_FP_H_ -#define _Sign_FP_H_ - -// Input structure definition -typedef struct { - TPMI_DH_OBJECT keyHandle; - TPM2B_DIGEST digest; - TPMT_SIG_SCHEME inScheme; - TPMT_TK_HASHCHECK validation; -} Sign_In; - -// Output structure definition -typedef struct { - TPMT_SIGNATURE signature; -} Sign_Out; - -// Response code modifiers -#define RC_Sign_keyHandle (TPM_RC_H + TPM_RC_1) -#define RC_Sign_digest (TPM_RC_P + TPM_RC_1) -#define RC_Sign_inScheme (TPM_RC_P + TPM_RC_2) -#define RC_Sign_validation (TPM_RC_P + TPM_RC_3) - -// Function prototype -TPM_RC -TPM2_Sign( - Sign_In *in, - Sign_Out *out -); - -#endif // _Sign_FP_H_ -#endif // CC_Sign diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/StartAuthSession_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/StartAuthSession_fp.h deleted file mode 100644 index b1c9c778f..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/StartAuthSession_fp.h +++ /dev/null @@ -1,79 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_StartAuthSession // Command must be enabled - -#ifndef _Start_Auth_Session_FP_H_ -#define _Start_Auth_Session_FP_H_ - -// Input structure definition -typedef struct { - TPMI_DH_OBJECT tpmKey; - TPMI_DH_ENTITY bind; - TPM2B_NONCE nonceCaller; - TPM2B_ENCRYPTED_SECRET encryptedSalt; - TPM_SE sessionType; - TPMT_SYM_DEF symmetric; - TPMI_ALG_HASH authHash; -} StartAuthSession_In; - -// Output structure definition -typedef struct { - TPMI_SH_AUTH_SESSION sessionHandle; - TPM2B_NONCE nonceTPM; -} StartAuthSession_Out; - -// Response code modifiers -#define RC_StartAuthSession_tpmKey (TPM_RC_H + TPM_RC_1) -#define RC_StartAuthSession_bind (TPM_RC_H + TPM_RC_2) -#define RC_StartAuthSession_nonceCaller (TPM_RC_P + TPM_RC_1) -#define RC_StartAuthSession_encryptedSalt (TPM_RC_P + TPM_RC_2) -#define RC_StartAuthSession_sessionType (TPM_RC_P + TPM_RC_3) -#define RC_StartAuthSession_symmetric (TPM_RC_P + TPM_RC_4) -#define RC_StartAuthSession_authHash (TPM_RC_P + TPM_RC_5) - -// Function prototype -TPM_RC -TPM2_StartAuthSession( - StartAuthSession_In *in, - StartAuthSession_Out *out -); - -#endif // _Start_Auth_Session_FP_H_ -#endif // CC_StartAuthSession diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Startup_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Startup_fp.h deleted file mode 100644 index 96f03e584..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Startup_fp.h +++ /dev/null @@ -1,60 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_Startup // Command must be enabled - -#ifndef _Startup_FP_H_ -#define _Startup_FP_H_ - -// Input structure definition -typedef struct { - TPM_SU startupType; -} Startup_In; - -// Response code modifiers -#define RC_Startup_startupType (TPM_RC_P + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_Startup( - Startup_In *in -); - -#endif // _Startup_FP_H_ -#endif // CC_Startup diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/StirRandom_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/StirRandom_fp.h deleted file mode 100644 index 33b610a38..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/StirRandom_fp.h +++ /dev/null @@ -1,60 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_StirRandom // Command must be enabled - -#ifndef _Stir_Random_FP_H_ -#define _Stir_Random_FP_H_ - -// Input structure definition -typedef struct { - TPM2B_SENSITIVE_DATA inData; -} StirRandom_In; - -// Response code modifiers -#define RC_StirRandom_inData (TPM_RC_P + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_StirRandom( - StirRandom_In *in -); - -#endif // _Stir_Random_FP_H_ -#endif // CC_StirRandom diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TestParms_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TestParms_fp.h deleted file mode 100644 index 78a66b82d..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TestParms_fp.h +++ /dev/null @@ -1,60 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_TestParms // Command must be enabled - -#ifndef _Test_Parms_FP_H_ -#define _Test_Parms_FP_H_ - -// Input structure definition -typedef struct { - TPMT_PUBLIC_PARMS parameters; -} TestParms_In; - -// Response code modifiers -#define RC_TestParms_parameters (TPM_RC_P + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_TestParms( - TestParms_In *in -); - -#endif // _Test_Parms_FP_H_ -#endif // CC_TestParms diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Ticket_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Ticket_fp.h deleted file mode 100644 index c18de287d..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Ticket_fp.h +++ /dev/null @@ -1,101 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Mar 28, 2019 Time: 08:25:19PM - */ - -#ifndef _TICKET_FP_H_ -#define _TICKET_FP_H_ - -//*** TicketIsSafe() -// This function indicates if producing a ticket is safe. -// It checks if the leading bytes of an input buffer is TPM_GENERATED_VALUE -// or its substring of canonical form. If so, it is not safe to produce ticket -// for an input buffer claiming to be TPM generated buffer -// Return Type: BOOL -// TRUE(1) safe to produce ticket -// FALSE(0) not safe to produce ticket -BOOL -TicketIsSafe( - TPM2B *buffer -); - -//*** TicketComputeVerified() -// This function creates a TPMT_TK_VERIFIED ticket. -void -TicketComputeVerified( - TPMI_RH_HIERARCHY hierarchy, // IN: hierarchy constant for ticket - TPM2B_DIGEST *digest, // IN: digest - TPM2B_NAME *keyName, // IN: name of key that signed the values - TPMT_TK_VERIFIED *ticket // OUT: verified ticket -); - -//*** TicketComputeAuth() -// This function creates a TPMT_TK_AUTH ticket. -void -TicketComputeAuth( - TPM_ST type, // IN: the type of ticket. - TPMI_RH_HIERARCHY hierarchy, // IN: hierarchy constant for ticket - UINT64 timeout, // IN: timeout - BOOL expiresOnReset,// IN: flag to indicate if ticket expires on - // TPM Reset - TPM2B_DIGEST *cpHashA, // IN: input cpHashA - TPM2B_NONCE *policyRef, // IN: input policyRef - TPM2B_NAME *entityName, // IN: name of entity - TPMT_TK_AUTH *ticket // OUT: Created ticket -); - -//*** TicketComputeHashCheck() -// This function creates a TPMT_TK_HASHCHECK ticket. -void -TicketComputeHashCheck( - TPMI_RH_HIERARCHY hierarchy, // IN: hierarchy constant for ticket - TPM_ALG_ID hashAlg, // IN: the hash algorithm for 'digest' - TPM2B_DIGEST *digest, // IN: input digest - TPMT_TK_HASHCHECK *ticket // OUT: Created ticket -); - -//*** TicketComputeCreation() -// This function creates a TPMT_TK_CREATION ticket. -void -TicketComputeCreation( - TPMI_RH_HIERARCHY hierarchy, // IN: hierarchy for ticket - TPM2B_NAME *name, // IN: object name - TPM2B_DIGEST *creation, // IN: creation hash - TPMT_TK_CREATION *ticket // OUT: created ticket -); - -#endif // _TICKET_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Time_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Time_fp.h deleted file mode 100644 index 81c2ea953..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Time_fp.h +++ /dev/null @@ -1,139 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Apr 2, 2019 Time: 04:23:27PM - */ - -#ifndef _TIME_FP_H_ -#define _TIME_FP_H_ - -//*** TimePowerOn() -// This function initialize time info at _TPM_Init(). -// -// This function is called at _TPM_Init() so that the TPM time can start counting -// as soon as the TPM comes out of reset and doesn't have to wait until -// TPM2_Startup() in order to begin the new time epoch. This could be significant -// for systems that could get powered up but not run any TPM commands for some -// period of time. -// -void -TimePowerOn( - void -); - -//*** TimeStartup() -// This function updates the resetCount and restartCount components of -// TPMS_CLOCK_INFO structure at TPM2_Startup(). -// -// This function will deal with the deferred creation of a new epoch. -// TimeUpdateToCurrent() will not start a new epoch even if one is due when -// TPM_Startup() has not been run. This is because the state of NV is not known -// until startup completes. When Startup is done, then it will create the epoch -// nonce to complete the initializations by calling this function. -BOOL -TimeStartup( - STARTUP_TYPE type // IN: start up type -); - -//*** TimeClockUpdate() -// This function updates go.clock. If 'newTime' requires an update of NV, then -// NV is checked for availability. If it is not available or is rate limiting, then -// go.clock is not updated and the function returns an error. If 'newTime' would -// not cause an NV write, then go.clock is updated. If an NV write occurs, then -// go.safe is SET. -void -TimeClockUpdate( - UINT64 newTime // IN: New time value in mS. -); - -//*** TimeUpdate() -// This function is used to update the time and clock values. If the TPM -// has run TPM2_Startup(), this function is called at the start of each command. -// If the TPM has not run TPM2_Startup(), this is called from TPM2_Startup() to -// get the clock values initialized. It is not called on command entry because, in -// this implementation, the go structure is not read from NV until TPM2_Startup(). -// The reason for this is that the initialization code (_TPM_Init()) may run before -// NV is accessible. -void -TimeUpdate( - void -); - -//*** TimeUpdateToCurrent() -// This function updates the 'Time' and 'Clock' in the global -// TPMS_TIME_INFO structure. -// -// In this implementation, 'Time' and 'Clock' are updated at the beginning -// of each command and the values are unchanged for the duration of the -// command. -// -// Because 'Clock' updates may require a write to NV memory, 'Time' and 'Clock' -// are not allowed to advance if NV is not available. When clock is not advancing, -// any function that uses 'Clock' will fail and return TPM_RC_NV_UNAVAILABLE or -// TPM_RC_NV_RATE. -// -// This implementation does not do rate limiting. If the implementation does do -// rate limiting, then the 'Clock' update should not be inhibited even when doing -// rate limiting. -void -TimeUpdateToCurrent( - void -); - -//*** TimeSetAdjustRate() -// This function is used to perform rate adjustment on 'Time' and 'Clock'. -void -TimeSetAdjustRate( - TPM_CLOCK_ADJUST adjust // IN: adjust constant -); - -//*** TimeGetMarshaled() -// This function is used to access TPMS_TIME_INFO in canonical form. -// The function collects the time information and marshals it into 'dataBuffer' -// and returns the marshaled size -UINT16 -TimeGetMarshaled( - TIME_INFO *dataBuffer // OUT: result buffer -); - -//*** TimeFillInfo -// This function gathers information to fill in a TPMS_CLOCK_INFO structure. -void -TimeFillInfo( - TPMS_CLOCK_INFO *clockInfo -); - -#endif // _TIME_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmASN1_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmASN1_fp.h deleted file mode 100644 index 9f78d7bb0..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmASN1_fp.h +++ /dev/null @@ -1,234 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Apr 2, 2019 Time: 11:00:49AM - */ - -#ifndef _TPM_ASN1_FP_H_ -#define _TPM_ASN1_FP_H_ - -//*** ASN1UnmarshalContextInitialize() -// Function does standard initialization of a context. -// Return Type: BOOL -// TRUE(1) success -// FALSE(0) failure -BOOL -ASN1UnmarshalContextInitialize( - ASN1UnmarshalContext *ctx, - INT16 size, - BYTE *buffer -); - -//***ASN1DecodeLength() -// This function extracts the length of an element from 'buffer' starting at 'offset'. -// Return Type: UINT16 -// >=0 the extracted length -// <0 an error -INT16 -ASN1DecodeLength( - ASN1UnmarshalContext *ctx -); - -//***ASN1NextTag() -// This function extracts the next type from 'buffer' starting at 'offset'. -// It advances 'offset' as it parses the type and the length of the type. It returns -// the length of the type. On return, the 'length' octets starting at 'offset' are the -// octets of the type. -// Return Type: UINT -// >=0 the number of octets in 'type' -// <0 an error -INT16 -ASN1NextTag( - ASN1UnmarshalContext *ctx -); - -//*** ASN1GetBitStringValue() -// Try to parse a bit string of up to 32 bits from a value that is expected to be -// a bit string. -// If there is a general parsing error, the context->size is set to -1. -// Return Type: BOOL -// TRUE(1) success -// FALSE(0) failure -BOOL -ASN1GetBitStringValue( - ASN1UnmarshalContext *ctx, - UINT32 *val -); - -//*** ASN1InitialializeMarshalContext() -// This creates a structure for handling marshaling of an ASN.1 formatted data -// structure. -void -ASN1InitialializeMarshalContext( - ASN1MarshalContext *ctx, - INT16 length, - BYTE *buffer -); - -//*** ASN1StartMarshalContext() -// This starts a new constructed element. It is constructed on 'top' of the value -// that was previously placed in the structure. -void -ASN1StartMarshalContext( - ASN1MarshalContext *ctx -); - -//*** ASN1EndMarshalContext() -// This function restores the end pointer for an encapsulating structure. -// Return Type: INT16 -// > 0 the size of the encapsulated structure that was just ended -// <= 0 an error -INT16 -ASN1EndMarshalContext( - ASN1MarshalContext *ctx -); - -//***ASN1EndEncapsulation() -// This function puts a tag and length in the buffer. In this function, an embedded -// BIT_STRING is assumed to be a collection of octets. To indicate that all bits -// are used, a byte of zero is prepended. If a raw bit-string is needed, a new -// function like ASN1PushInteger() would be needed. -// Return Type: INT16 -// > 0 number of octets in the encapsulation -// == 0 failure -UINT16 -ASN1EndEncapsulation( - ASN1MarshalContext *ctx, - BYTE tag -); - -//*** ASN1PushByte() -BOOL -ASN1PushByte( - ASN1MarshalContext *ctx, - BYTE b -); - -//*** ASN1PushBytes() -// Push some raw bytes onto the buffer. 'count' cannot be zero. -// Return Type: IN16 -// > 0 count bytes -// == 0 failure unless count was zero -INT16 -ASN1PushBytes( - ASN1MarshalContext *ctx, - INT16 count, - const BYTE *buffer -); - -//*** ASN1PushNull() -// Return Type: IN16 -// > 0 count bytes -// == 0 failure unless count was zero -INT16 -ASN1PushNull( - ASN1MarshalContext *ctx -); - -//*** ASN1PushLength() -// Push a length value. This will only handle length values that fit in an INT16. -// Return Type: UINT16 -// > 0 number of bytes added -// == 0 failure -INT16 -ASN1PushLength( - ASN1MarshalContext *ctx, - INT16 len -); - -//*** ASN1PushTagAndLength() -// Return Type: INT16 -// > 0 number of bytes added -// == 0 failure -INT16 -ASN1PushTagAndLength( - ASN1MarshalContext *ctx, - BYTE tag, - INT16 length -); - -//*** ASN1PushTaggedOctetString() -// This function will push a random octet string. -// Return Type: INT16 -// > 0 number of bytes added -// == 0 failure -INT16 -ASN1PushTaggedOctetString( - ASN1MarshalContext *ctx, - INT16 size, - const BYTE *string, - BYTE tag -); - -//*** ASN1PushUINT() -// This function pushes an native-endian integer value. This just changes a -// native-endian integer into a big-endian byte string and calls ASN1PushInteger(). -// That function will remove leading zeros and make sure that the number is positive. -// Return Type: IN16 -// > 0 count bytes -// == 0 failure unless count was zero -INT16 -ASN1PushUINT( - ASN1MarshalContext *ctx, - UINT32 integer -); - -//*** ASN1PushInteger -// Push a big-endian integer on the end of the buffer -// Return Type: UINT16 -// > 0 the number of bytes marshaled for the integer -// == 0 failure -INT16 -ASN1PushInteger( - ASN1MarshalContext *ctx, // IN/OUT: buffer context - INT16 iLen, // IN: octets of the integer - BYTE *integer // IN: big-endian integer -); - -//*** ASN1PushOID() -// This function is used to add an OID. An OID is 0x06 followed by a byte of size -// followed by size bytes. This is used to avoid having to do anything special in the -// definition of an OID. -// Return Type: UINT16 -// > 0 the number of bytes marshaled for the integer -// == 0 failure -INT16 -ASN1PushOID( - ASN1MarshalContext *ctx, - const BYTE *OID -); - -#endif // _TPM_ASN1_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmFail_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmFail_fp.h deleted file mode 100644 index 998d16b12..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmFail_fp.h +++ /dev/null @@ -1,98 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Apr 2, 2019 Time: 03:18:00PM - */ - -#ifndef _TPM_FAIL_FP_H_ -#define _TPM_FAIL_FP_H_ - -//*** SetForceFailureMode() -// This function is called by the simulator to enable failure mode testing. -#if SIMULATION -LIB_EXPORT void -SetForceFailureMode( - void -); -#endif - -//*** TpmLogFailure() -// This function saves the failure values when the code will continue to operate. It -// if similar to TpmFail() but returns to the caller. The assumption is that the -// caller will propagate a failure back up the stack. -void -TpmLogFailure( -#if FAIL_TRACE - const char *function, - int line, -#endif - int code -); - -//*** TpmFail() -// This function is called by TPM.lib when a failure occurs. It will set up the -// failure values to be returned on TPM2_GetTestResult(). -NORETURN void -TpmFail( -#if FAIL_TRACE - const char *function, - int line, -#endif - int code -); - -//*** TpmFailureMode( -// This function is called by the interface code when the platform is in failure -// mode. -void -TpmFailureMode( - unsigned int inRequestSize, // IN: command buffer size - unsigned char *inRequest, // IN: command buffer - unsigned int *outResponseSize, // OUT: response buffer size - unsigned char **outResponse // OUT: response buffer -); - -//*** UnmarshalFail() -// This is a stub that is used to catch an attempt to unmarshal an entry -// that is not defined. Don't ever expect this to be called but... -void -UnmarshalFail( - void *type, - BYTE **buffer, - INT32 *size -); - -#endif // _TPM_FAIL_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmSizeChecks_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmSizeChecks_fp.h deleted file mode 100644 index 236f9d0d0..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmSizeChecks_fp.h +++ /dev/null @@ -1,56 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Mar 28, 2019 Time: 08:25:19PM - */ - -#ifndef _TPM_SIZE_CHECKS_FP_H_ -#define _TPM_SIZE_CHECKS_FP_H_ - -#if RUNTIME_SIZE_CHECKS - -//** TpmSizeChecks() -// This function is used during the development process to make sure that the -// vendor-specific values result in a consistent implementation. When possible, -// the code contains #if to do compile-time checks. However, in some cases, the -// values require the use of "sizeof()" and that can't be used in an #if. -void -TpmSizeChecks( - void -); -#endif // RUNTIME_SIZE_CHECKS - -#endif // _TPM_SIZE_CHECKS_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToLtcDesSupport_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToLtcDesSupport_fp.h deleted file mode 100644 index 53aef9517..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToLtcDesSupport_fp.h +++ /dev/null @@ -1,58 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or other - * materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/*(Auto) - Automatically Generated by TpmPrototypes version 2.2 February 10, 2016 - Date: Sep 9, 2016 Time: 01:03:57 PM -*/ - -#ifndef _TPMTOLTCDESSUPPORT_FP_H_ -#define _TPMTOLTCDESSUPPORT_FP_H_ - -#if SYM_LIB == LTC && defined TPM_ALG_TDES -//** TDES_setup -// This function calls the LTC function to generate a TDES key schedule. If the -// key is one DES key (8 bytes), then it is replicated two more times to create a -// 24-byte TDES key. If the key is two key (16 bytes), then the first DES key is -// replicated to the third key position. -void TDES_setup( - const BYTE *key, - UINT32 keyBits, - symmetric_key *skey - ); -#endif - - -#endif // _TPMTOLTCDESSUPPORT_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToLtcMath_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToLtcMath_fp.h deleted file mode 100644 index 2e6577cd4..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToLtcMath_fp.h +++ /dev/null @@ -1,150 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or other - * materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/*(Auto) - Automatically Generated by TpmPrototypes version 2.2 February 10, 2016 - Date: Mar 23, 2017 Time: 03:31:51 PM -*/ - -#ifndef _TPMTOLTCMATH_FP_H_ -#define _TPMTOLTCMATH_FP_H_ - -#if MATH_LIB == LTC -//*** BnModMult() -// Does multiply and divide returning the remainder of the divide. -LIB_EXPORT BOOL -BnModMult( - bigNum result, - bigConst op1, - bigConst op2, - bigConst modulus - ); - -//*** BnMult() -// Multiplies two numbers -LIB_EXPORT BOOL -BnMult( - bigNum result, - bigConst multiplicand, - bigConst multiplier - ); - -//*** BnDiv() -// This function divides two BIGNUM values. The function always returns TRUE. -LIB_EXPORT BOOL -BnDiv( - bigNum quotient, - bigNum remainder, - bigConst dividend, - bigConst divisor - ); - -#ifdef TPM_ALG_RSA -//*** BnGcd() -// Get the greatest common divisor of two numbers -LIB_EXPORT BOOL -BnGcd( - bigNum gcd, // OUT: the common divisor - bigConst number1, // IN: - bigConst number2 // IN: - ); - -//***BnModExp() -// Do modular exponentiation using BIGNUM values. The conversion from a bignum_t -// to a BIGNUM is trivial as they are based on the same structure -LIB_EXPORT BOOL -BnModExp( - bigNum result, // OUT: the result - bigConst number, // IN: number to exponentiate - bigConst exponent, // IN: - bigConst modulus // IN: - ); - -//*** BnModInverse() -// Modular multiplicative inverse -LIB_EXPORT BOOL -BnModInverse( - bigNum result, - bigConst number, - bigConst modulus - ); -#endif // TPM_ALG_RSA - -#ifdef TPM_ALG_ECC -//*** BnEccModMult() -// This function does a point multiply of the form R = [d]S -// return type: BOOL -// FALSE failure in operation; treat as result being point at infinity -LIB_EXPORT BOOL -BnEccModMult( - bigPoint R, // OUT: computed point - pointConst S, // IN: point to multiply by 'd' - bigConst d, // IN: scalar for [d]S - bigCurve E - ); - -//*** BnEccModMult2() -// This function does a point multiply of the form R = [d]S + [u]Q -// return type: BOOL -// FALSE failure in operation; treat as result being point at infinity -LIB_EXPORT BOOL -BnEccModMult2( - bigPoint R, // OUT: computed point - pointConst S, // IN: first point (optional) - bigConst d, // IN: scalar for [d]S or [d]G - pointConst Q, // IN: second point - bigConst u, // IN: second scalar - bigCurve E // IN: curve - ); - -//*** BnEccAdd() -// This function does addition of two points. Since this is not implemented -// in LibTomCrypt() will try to trick it by doing multiply with scalar of 1. -// I have no idea if this will work and it's not needed unless MQV or the SM2 -// variant is enabled. -// return type: BOOL -// FALSE failure in operation; treat as result being point at infinity -LIB_EXPORT BOOL -BnEccAdd( - bigPoint R, // OUT: computed point - pointConst S, // IN: point to multiply by 'd' - pointConst Q, // IN: second point - bigCurve E // IN: curve - ); -#endif // TPM_ALG_ECC -#endif // MATH_LIB == LTC - - -#endif // _TPMTOLTCMATH_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToLtcSupport_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToLtcSupport_fp.h deleted file mode 100644 index f0d482c70..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToLtcSupport_fp.h +++ /dev/null @@ -1,73 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or other - * materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/*(Auto) - Automatically Generated by TpmPrototypes version 2.2 February 10, 2016 - Date: Sep 9, 2016 Time: 01:03:57 PM -*/ - -#ifndef _TPMTOLTCSUPPORT_FP_H_ -#define _TPMTOLTCSUPPORT_FP_H_ - -#if MATH_LIB == LTC -//*** LtcRand() -// This is a stub function that is called from the LibTomCrypt or libmpa code -// to get a random number. In turn, this will call the random RandGenerate -// function that was passed in LibraryInit(). This function will pass the pointer -// to the current rand state along with the random byte request. -uint32_t LtcRand( - void *buf, - size_t blen - ); - -//*** SupportLibInit() -// This does any initialization required by the support library. -LIB_EXPORT int -SupportLibInit( - void - ); - -//*** LtcPoolInit() -// Function to initialize a pool. **** -LIB_EXPORT mpa_scratch_mem -LtcPoolInit( - mpa_word_t *poolAddress, - int vars, - int bits - ); -#endif // MATH_LIB == LTC - - -#endif // _TPMTOLTCSUPPORT_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToOsslDesSupport_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToOsslDesSupport_fp.h deleted file mode 100644 index e8d45f23b..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToOsslDesSupport_fp.h +++ /dev/null @@ -1,78 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Apr 2, 2019 Time: 03:18:00PM - */ - -#ifndef _TPM_TO_OSSL_DES_SUPPORT_FP_H_ -#define _TPM_TO_OSSL_DES_SUPPORT_FP_H_ - -#if (defined SYM_LIB_OSSL) && ALG_TDES - -//**Functions -//*** TDES_set_encyrpt_key() -// This function makes creation of a TDES key look like the creation of a key for -// any of the other OpenSSL block ciphers. It will create three key schedules, -// one for each of the DES keys. If there are only two keys, then the third schedule -// is a copy of the first. -void -TDES_set_encrypt_key( - const BYTE *key, - UINT16 keySizeInBits, - tpmKeyScheduleTDES *keySchedule -); - -//*** TDES_encyrpt() -// The TPM code uses one key schedule. For TDES, the schedule contains three -// schedules. OpenSSL wants the schedules referenced separately. This function -// does that. -void TDES_encrypt( - const BYTE *in, - BYTE *out, - tpmKeyScheduleTDES *ks -); - -//*** TDES_decrypt() -// As with TDES_encypt() this function bridges between the TPM single schedule -// model and the OpenSSL three schedule model. -void TDES_decrypt( - const BYTE *in, - BYTE *out, - tpmKeyScheduleTDES *ks -); -#endif // SYM_LIB_OSSL - -#endif // _TPM_TO_OSSL_DES_SUPPORT_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToOsslMath_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToOsslMath_fp.h deleted file mode 100644 index 81cbc972f..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToOsslMath_fp.h +++ /dev/null @@ -1,223 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Apr 2, 2019 Time: 03:18:00PM - */ - -#ifndef _TPM_TO_OSSL_MATH_FP_H_ -#define _TPM_TO_OSSL_MATH_FP_H_ - -#ifdef MATH_LIB_OSSL - -//*** OsslToTpmBn() -// This function converts an OpenSSL BIGNUM to a TPM bignum. In this implementation -// it is assumed that OpenSSL uses a different control structure but the same data -// layout -- an array of native-endian words in little-endian order. -// Return Type: BOOL -// TRUE(1) success -// FALSE(0) failure because value will not fit or OpenSSL variable doesn't -// exist -BOOL -OsslToTpmBn( - bigNum bn, - BIGNUM *osslBn -); - -//*** BigInitialized() -// This function initializes an OSSL BIGNUM from a TPM bigConst. Do not use this for -// values that are passed to OpenSLL when they are not declared as const in the -// function prototype. Instead, use BnNewVariable(). -BIGNUM * -BigInitialized( - BIGNUM *toInit, - bigConst initializer -); -#if LIBRARY_COMPATIBILITY_CHECK - -//*** MathLibraryCompatibilityCheck() -void -MathLibraryCompatibilityCheck( - void -); -#endif - -//*** BnModMult() -// This function does a modular multiply. It first does a multiply and then a divide -// and returns the remainder of the divide. -// Return Type: BOOL -// TRUE(1) success -// FALSE(0) failure in operation -LIB_EXPORT BOOL -BnModMult( - bigNum result, - bigConst op1, - bigConst op2, - bigConst modulus -); - -//*** BnMult() -// Multiplies two numbers -// Return Type: BOOL -// TRUE(1) success -// FALSE(0) failure in operation -LIB_EXPORT BOOL -BnMult( - bigNum result, - bigConst multiplicand, - bigConst multiplier -); - -//*** BnDiv() -// This function divides two bigNum values. The function returns FALSE if -// there is an error in the operation. -// Return Type: BOOL -// TRUE(1) success -// FALSE(0) failure in operation -LIB_EXPORT BOOL -BnDiv( - bigNum quotient, - bigNum remainder, - bigConst dividend, - bigConst divisor -); - -#if ALG_RSA -//*** BnGcd() -// Get the greatest common divisor of two numbers -// Return Type: BOOL -// TRUE(1) success -// FALSE(0) failure in operation -LIB_EXPORT BOOL -BnGcd( - bigNum gcd, // OUT: the common divisor - bigConst number1, // IN: - bigConst number2 // IN: -); - -//***BnModExp() -// Do modular exponentiation using bigNum values. The conversion from a bignum_t to -// a bigNum is trivial as they are based on the same structure -// Return Type: BOOL -// TRUE(1) success -// FALSE(0) failure in operation -LIB_EXPORT BOOL -BnModExp( - bigNum result, // OUT: the result - bigConst number, // IN: number to exponentiate - bigConst exponent, // IN: - bigConst modulus // IN: -); - -//*** BnModInverse() -// Modular multiplicative inverse -// Return Type: BOOL -// TRUE(1) success -// FALSE(0) failure in operation -LIB_EXPORT BOOL -BnModInverse( - bigNum result, - bigConst number, - bigConst modulus -); -#endif // ALG_RSA -#if ALG_ECC - -//*** BnCurveInitialize() -// This function initializes the OpenSSL curve information structure. This -// structure points to the TPM-defined values for the curve, to the context for the -// number values in the frame, and to the OpenSSL-defined group values. -// Return Type: bigCurve * -// NULL the TPM_ECC_CURVE is not valid or there was a problem in -// in initializing the curve data -// non-NULL points to 'E' -LIB_EXPORT bigCurve -BnCurveInitialize( - bigCurve E, // IN: curve structure to initialize - TPM_ECC_CURVE curveId // IN: curve identifier -); - -//*** BnCurveFree() -// This function will free the allocated components of the curve and end the -// frame in which the curve data exists -LIB_EXPORT void -BnCurveFree( - bigCurve E -); - -//*** BnEccModMult() -// This function does a point multiply of the form R = [d]S -// Return Type: BOOL -// TRUE(1) success -// FALSE(0) failure in operation; treat as result being point at infinity -LIB_EXPORT BOOL -BnEccModMult( - bigPoint R, // OUT: computed point - pointConst S, // IN: point to multiply by 'd' (optional) - bigConst d, // IN: scalar for [d]S - bigCurve E -); - -//*** BnEccModMult2() -// This function does a point multiply of the form R = [d]G + [u]Q -// Return Type: BOOL -// TRUE(1) success -// FALSE(0) failure in operation; treat as result being point at infinity -LIB_EXPORT BOOL -BnEccModMult2( - bigPoint R, // OUT: computed point - pointConst S, // IN: optional point - bigConst d, // IN: scalar for [d]S or [d]G - pointConst Q, // IN: second point - bigConst u, // IN: second scalar - bigCurve E // IN: curve -); - -//** BnEccAdd() -// This function does addition of two points. -// Return Type: BOOL -// TRUE(1) success -// FALSE(0) failure in operation; treat as result being point at infinity -LIB_EXPORT BOOL -BnEccAdd( - bigPoint R, // OUT: computed point - pointConst S, // IN: point to multiply by 'd' - pointConst Q, // IN: second point - bigCurve E // IN: curve -); -#endif // ALG_ECC -#endif // MATHLIB OSSL - -#endif // _TPM_TO_OSSL_MATH_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToOsslSupport_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToOsslSupport_fp.h deleted file mode 100644 index b787cce0c..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToOsslSupport_fp.h +++ /dev/null @@ -1,84 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Mar 28, 2019 Time: 08:25:19PM - */ - -#ifndef _TPM_TO_OSSL_SUPPORT_FP_H_ -#define _TPM_TO_OSSL_SUPPORT_FP_H_ - -#ifdef MATH_LIB_OSSL - -//*** SupportLibInit() -// This does any initialization required by the support library. -LIB_EXPORT int -SupportLibInit( - void -); - -//*** OsslContextEnter() -// This function is used to initialize an OpenSSL context at the start of a function -// that will call to an OpenSSL math function. -BN_CTX * -OsslContextEnter( - void -); - -//*** OsslContextLeave() -// This is the companion function to OsslContextEnter(). -void -OsslContextLeave( - BN_CTX *CTX -); - -//*** OsslPushContext() -// This function is used to create a frame in a context. All values allocated within -// this context after the frame is started will be automatically freed when the -// context (OsslPopContext() -BN_CTX * -OsslPushContext( - BN_CTX *CTX -); - -//*** OsslPopContext() -// This is the companion function to OsslPushContext(). -void -OsslPopContext( - BN_CTX *CTX -); -#endif // MATH_LIB_OSSL - -#endif // _TPM_TO_OSSL_SUPPORT_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToWolfDesSupport_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToWolfDesSupport_fp.h deleted file mode 100644 index e7b8ff794..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToWolfDesSupport_fp.h +++ /dev/null @@ -1,90 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or other - * materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/*(Auto) - Automatically Generated by TpmPrototypes version 2.2 February 10, 2016 - Date: Sep 9, 2016 Time: 01:03:57 PM -*/ - -#ifndef _TPMTOWOLFDESSUPPORT_FP_H_ -#define _TPMTOWOLFDESSUPPORT_FP_H_ - -#if SYM_LIB == WOLF && defined TPM_ALG_TDES -//**Functions - -//** TDES_setup -// This function calls the wolfcrypt function to generate a TDES key schedule. If the -// If the key is two key (16 bytes), then the first DES key is replicated to the third -// key position. -int TDES_setup( - const BYTE *key, - UINT32 keyBits, - tpmKeyScheduleTDES *skey, - int dir - ); - -//** TDES_setup_encrypt_key -// This function calls into TDES_setup(), specifically for an encryption key. -int TDES_setup_encrypt_key( - const BYTE *key, - UINT32 keyBits, - tpmKeyScheduleTDES *skey - ); - -//** TDES_setup_decrypt_key -// This function calls into TDES_setup(), specifically for an decryption key. -int TDES_setup_decrypt_key( - const BYTE *key, - UINT32 keyBits, - tpmKeyScheduleTDES *skey - ); - -//*** TDES_encyrpt() -void TDES_encrypt( - const BYTE *in, - BYTE *out, - tpmKeyScheduleTDES *ks - ); - -//*** TDES_decrypt() -void TDES_decrypt( - const BYTE *in, - BYTE *out, - tpmKeyScheduleTDES *ks - ); -#endif // SYM_LIB == WOLF - - -#endif // _TPMTOWOLFDESSUPPORT_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToWolfMath_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToWolfMath_fp.h deleted file mode 100644 index 2ee6c0445..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToWolfMath_fp.h +++ /dev/null @@ -1,209 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or other - * materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/*(Auto) - Automatically Generated by TpmPrototypes version 2.2 February 10, 2016 - Date: Sep 9, 2016 Time: 01:03:57 PM -*/ - -#ifndef _TPMTOWOLFMATH_FP_H_ -#define _TPMTOWOLFMATH_FP_H_ - -#if MATH_LIB == WOLF -//**Functions - -//*** BnFromWolf() -// This function converts a wolfcrypt mp_int to a TPM bignum. In this implementation -// it is assumed that wolfcrypt used the same format for a big number as does the -// TPM -- an array of native-endian words in little-endian order. -void -BnFromWolf( - bigNum bn, - mp_int *wolfBn - ); - -//*** BnToWolf() -// This function converts a TPM bignum to a wolfcrypt mp_init, and has the same -// assumptions as made by BnFromWolf() -void -BnToWolf( - mp_int *toInit, - bigConst initializer - ); - -//*** MpInitialize() -// This function initializes an wolfcrypt mp_int. -mp_int * -MpInitialize( - mp_int *toInit - ); - -//** MathLibraryCompatibililtyCheck() -// This function is only used during development to make sure that the library -// that is being referenced is using the same size of data structures as the TPM. -void -MathLibraryCompatibilityCheck( - void - ); - -//*** BnModMult() -// Does multiply and divide returning the remainder of the divide. -LIB_EXPORT BOOL -BnModMult( - bigNum result, - bigConst op1, - bigConst op2, - bigConst modulus - ); - -//*** BnMult() -// Multiplies two numbers -LIB_EXPORT BOOL -BnMult( - bigNum result, - bigConst multiplicand, - bigConst multiplier - ); - -//*** BnDiv() -// This function divides two bigNum values. The function returns FALSE if -// there is an error in the operation. -LIB_EXPORT BOOL -BnDiv( - bigNum quotient, - bigNum remainder, - bigConst dividend, - bigConst divisor - ); - -#ifdef TPM_ALG_RSA -//*** BnGcd() -// Get the greatest common divisor of two numbers -LIB_EXPORT BOOL -BnGcd( - bigNum gcd, // OUT: the common divisor - bigConst number1, // IN: - bigConst number2 // IN: - ); - -//***BnModExp() -// Do modular exponentiation using bigNum values. The conversion from a mp_int to -// a bigNum is trivial as they are based on the same structure -LIB_EXPORT BOOL -BnModExp( - bigNum result, // OUT: the result - bigConst number, // IN: number to exponentiate - bigConst exponent, // IN: - bigConst modulus // IN: - ); - -//*** BnModInverse() -// Modular multiplicative inverse -LIB_EXPORT BOOL -BnModInverse( - bigNum result, - bigConst number, - bigConst modulus - ); -#endif // TPM_ALG_RSA - -#ifdef TPM_ALG_ECC - -//*** PointFromWolf() -// Function to copy the point result from a wolf ecc_point to a bigNum -void -PointFromWolf( - bigPoint pOut, // OUT: resulting point - ecc_point *pIn // IN: the point to return - ); - -//*** PointToWolf() -// Function to copy the point result from a bigNum to a wolf ecc_point -void -PointToWolf( - ecc_point *pOut, // OUT: resulting point - pointConst pIn // IN: the point to return - ); - -//*** EcPointInitialized() -// Allocate and initialize a point. -static ecc_point * -EcPointInitialized( - pointConst initializer - ); - -//*** BnEccModMult() -// This function does a point multiply of the form R = [d]S -// return type: BOOL -// FALSE failure in operation; treat as result being point at infinity -LIB_EXPORT BOOL -BnEccModMult( - bigPoint R, // OUT: computed point - pointConst S, // IN: point to multiply by 'd' (optional) - bigConst d, // IN: scalar for [d]S - bigCurve E - ); - -//*** BnEccModMult2() -// This function does a point multiply of the form R = [d]G + [u]Q -// return type: BOOL -// FALSE failure in operation; treat as result being point at infinity -LIB_EXPORT BOOL -BnEccModMult2( - bigPoint R, // OUT: computed point - pointConst S, // IN: optional point - bigConst d, // IN: scalar for [d]S or [d]G - pointConst Q, // IN: second point - bigConst u, // IN: second scalar - bigCurve E // IN: curve - ); - -//** BnEccAdd() -// This function does addition of two points. -// return type: BOOL -// FALSE failure in operation; treat as result being point at infinity -LIB_EXPORT BOOL -BnEccAdd( - bigPoint R, // OUT: computed point - pointConst S, // IN: point to multiply by 'd' - pointConst Q, // IN: second point - bigCurve E // IN: curve - ); -#endif // TPM_ALG_ECC - -#endif // MATH_LIB == WOLF - - -#endif // _TPMTOWOLFMATH_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToWolfSupport_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToWolfSupport_fp.h deleted file mode 100644 index ee0887a33..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToWolfSupport_fp.h +++ /dev/null @@ -1,56 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or other - * materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/*(Auto) - Automatically Generated by TpmPrototypes version 2.2 February 10, 2016 - Date: Sep 9, 2016 Time: 01:03:57 PM -*/ - -#ifndef _TPMTOWOLFSUPPORT_FP_H_ -#define _TPMTOWOLFSUPPORT_FP_H_ - -#ifdef MATH_LIB_WOLF -//**Functions - -//*** SupportLibInit() -// This does any initialization required by the support library. -LIB_EXPORT int -SupportLibInit( - void - ); -#endif // MATH_LIB == WOLF - - -#endif // _TPMTOWOLFSUPPORT_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Unseal_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Unseal_fp.h deleted file mode 100644 index c32ff2278..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Unseal_fp.h +++ /dev/null @@ -1,66 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_Unseal // Command must be enabled - -#ifndef _Unseal_FP_H_ -#define _Unseal_FP_H_ - -// Input structure definition -typedef struct { - TPMI_DH_OBJECT itemHandle; -} Unseal_In; - -// Output structure definition -typedef struct { - TPM2B_SENSITIVE_DATA outData; -} Unseal_Out; - -// Response code modifiers -#define RC_Unseal_itemHandle (TPM_RC_H + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_Unseal( - Unseal_In *in, - Unseal_Out *out -); - -#endif // _Unseal_FP_H_ -#endif // CC_Unseal diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Vendor_TCG_Test_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Vendor_TCG_Test_fp.h deleted file mode 100644 index 105d71766..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Vendor_TCG_Test_fp.h +++ /dev/null @@ -1,66 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_Vendor_TCG_Test // Command must be enabled - -#ifndef _Vendor_TCG_Test_FP_H_ -#define _Vendor_TCG_Test_FP_H_ - -// Input structure definition -typedef struct { - TPM2B_DATA inputData; -} Vendor_TCG_Test_In; - -// Output structure definition -typedef struct { - TPM2B_DATA outputData; -} Vendor_TCG_Test_Out; - -// Response code modifiers -#define RC_Vendor_TCG_Test_inputData (TPM_RC_P + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_Vendor_TCG_Test( - Vendor_TCG_Test_In *in, - Vendor_TCG_Test_Out *out -); - -#endif // _Vendor_TCG_Test_FP_H_ -#endif // CC_Vendor_TCG_Test diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/VerifySignature_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/VerifySignature_fp.h deleted file mode 100644 index 44961907a..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/VerifySignature_fp.h +++ /dev/null @@ -1,70 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_VerifySignature // Command must be enabled - -#ifndef _Verify_Signature_FP_H_ -#define _Verify_Signature_FP_H_ - -// Input structure definition -typedef struct { - TPMI_DH_OBJECT keyHandle; - TPM2B_DIGEST digest; - TPMT_SIGNATURE signature; -} VerifySignature_In; - -// Output structure definition -typedef struct { - TPMT_TK_VERIFIED validation; -} VerifySignature_Out; - -// Response code modifiers -#define RC_VerifySignature_keyHandle (TPM_RC_H + TPM_RC_1) -#define RC_VerifySignature_digest (TPM_RC_P + TPM_RC_1) -#define RC_VerifySignature_signature (TPM_RC_P + TPM_RC_2) - -// Function prototype -TPM_RC -TPM2_VerifySignature( - VerifySignature_In *in, - VerifySignature_Out *out -); - -#endif // _Verify_Signature_FP_H_ -#endif // CC_VerifySignature diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/X509_ECC_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/X509_ECC_fp.h deleted file mode 100644 index b994b1208..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/X509_ECC_fp.h +++ /dev/null @@ -1,79 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Apr 2, 2019 Time: 11:00:49AM - */ - -#ifndef _X509_ECC_FP_H_ -#define _X509_ECC_FP_H_ - -//*** X509PushPoint() -// This seems like it might be used more than once so... -// Return Type: INT16 -// > 0 number of bytes added -// == 0 failure -INT16 -X509PushPoint( - ASN1MarshalContext *ctx, - TPMS_ECC_POINT *p -); - -//*** X509AddSigningAlgorithmECC() -// This creates the singing algorithm data. -// Return Type: INT16 -// > 0 number of bytes added -// == 0 failure -INT16 -X509AddSigningAlgorithmECC( - OBJECT *signKey, - TPMT_SIG_SCHEME *scheme, - ASN1MarshalContext *ctx -); - -//*** X509AddPublicECC() -// This function will add the publicKey description to the DER data. If ctx is -// NULL, then no data is transferred and this function will indicate if the TPM -// has the values for DER-encoding of the public key. -// Return Type: INT16 -// > 0 number of bytes added -// == 0 failure -INT16 -X509AddPublicECC( - OBJECT *object, - ASN1MarshalContext *ctx -); - -#endif // _X509_ECC_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/X509_RSA_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/X509_RSA_fp.h deleted file mode 100644 index 8fb05e672..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/X509_RSA_fp.h +++ /dev/null @@ -1,71 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Apr 2, 2019 Time: 11:00:49AM - */ - -#ifndef _X509_RSA_FP_H_ -#define _X509_RSA_FP_H_ - -#if ALG_RSA - -//*** X509AddSigningAlgorithmRSA() -// This creates the singing algorithm data. -// Return Type: INT16 -// > 0 number of bytes added -// == 0 failure -INT16 -X509AddSigningAlgorithmRSA( - OBJECT *signKey, - TPMT_SIG_SCHEME *scheme, - ASN1MarshalContext *ctx -); - -//*** X509AddPublicRSA() -// This function will add the publicKey description to the DER data. If fillPtr is -// NULL, then no data is transferred and this function will indicate if the TPM -// has the values for DER-encoding of the public key. -// Return Type: INT16 -// > 0 number of bytes added -// == 0 failure -INT16 -X509AddPublicRSA( - OBJECT *object, - ASN1MarshalContext *ctx -); -#endif // ALG_RSA - -#endif // _X509_RSA_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/X509_spt_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/X509_spt_fp.h deleted file mode 100644 index 1670e78b4..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/X509_spt_fp.h +++ /dev/null @@ -1,118 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Apr 2, 2019 Time: 11:00:49AM - */ - -#ifndef _X509_SPT_FP_H_ -#define _X509_SPT_FP_H_ - -//*** X509FindExtensionOID() -// This will search a list of X508 extensions to find an extension with the -// requested OID. If the extension is found, the output context ('ctx') is set up -// to point to the OID in the extension. -// Return Type: BOOL -// TRUE(1) success -// FALSE(0) failure (could be catastrophic) -BOOL -X509FindExtensionByOID( - ASN1UnmarshalContext *ctxIn, // IN: the context to search - ASN1UnmarshalContext *ctx, // OUT: the extension context - const BYTE *OID // IN: oid to search for -); - -//*** X509GetExtensionBits() -// This function will extract a bit field from an extension. If the extension doesn't -// contain a bit string, it will fail. -// Return Type: BOOL -// TRUE(1) success -// FALSE(0) failure -UINT32 -X509GetExtensionBits( - ASN1UnmarshalContext *ctx, - UINT32 *value -); - -//***X509ProcessExtensions() -// This function is used to process the TPMA_OBJECT and KeyUsage extensions. It is not -// in the CertifyX509.c code because it makes the code harder to follow. -// Return Type: TPM_RC -// TPM_RCS_ATTRIBUTES the attributes of object are not consistent with -// the extension setting -// TPM_RC_VALUE problem parsing the extensions -TPM_RC -X509ProcessExtensions( - OBJECT *object, // IN: The object with the attributes to - // check - stringRef *extension // IN: The start and length of the extensions -); - -//*** X509AddSigningAlgorithm() -// This creates the singing algorithm data. -// Return Type: INT16 -// > 0 number of octets added -// <= 0 failure -INT16 -X509AddSigningAlgorithm( - ASN1MarshalContext *ctx, - OBJECT *signKey, - TPMT_SIG_SCHEME *scheme -); - -//*** X509AddPublicKey() -// This function will add the publicKey description to the DER data. If fillPtr is -// NULL, then no data is transferred and this function will indicate if the TPM -// has the values for DER-encoding of the public key. -// Return Type: INT16 -// > 0 number of octets added -// == 0 failure -INT16 -X509AddPublicKey( - ASN1MarshalContext *ctx, - OBJECT *object -); - -//*** X509PushAlgorithmIdentifierSequence() -// Return Type: INT16 -// > 0 number of bytes added -// == 0 failure -INT16 -X509PushAlgorithmIdentifierSequence( - ASN1MarshalContext *ctx, - const BYTE *OID -); - -#endif // _X509_SPT_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ZGen_2Phase_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ZGen_2Phase_fp.h deleted file mode 100644 index 1fc708632..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ZGen_2Phase_fp.h +++ /dev/null @@ -1,75 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_ZGen_2Phase // Command must be enabled - -#ifndef _ZGen_2Phase_FP_H_ -#define _ZGen_2Phase_FP_H_ - -// Input structure definition -typedef struct { - TPMI_DH_OBJECT keyA; - TPM2B_ECC_POINT inQsB; - TPM2B_ECC_POINT inQeB; - TPMI_ECC_KEY_EXCHANGE inScheme; - UINT16 counter; -} ZGen_2Phase_In; - -// Output structure definition -typedef struct { - TPM2B_ECC_POINT outZ1; - TPM2B_ECC_POINT outZ2; -} ZGen_2Phase_Out; - -// Response code modifiers -#define RC_ZGen_2Phase_keyA (TPM_RC_H + TPM_RC_1) -#define RC_ZGen_2Phase_inQsB (TPM_RC_P + TPM_RC_1) -#define RC_ZGen_2Phase_inQeB (TPM_RC_P + TPM_RC_2) -#define RC_ZGen_2Phase_inScheme (TPM_RC_P + TPM_RC_3) -#define RC_ZGen_2Phase_counter (TPM_RC_P + TPM_RC_4) - -// Function prototype -TPM_RC -TPM2_ZGen_2Phase( - ZGen_2Phase_In *in, - ZGen_2Phase_Out *out -); - -#endif // _ZGen_2Phase_FP_H_ -#endif // CC_ZGen_2Phase diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/_TPM_Hash_Data_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/_TPM_Hash_Data_fp.h deleted file mode 100644 index 8ac5c2074..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/_TPM_Hash_Data_fp.h +++ /dev/null @@ -1,50 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Mar 28, 2019 Time: 08:25:19PM - */ - -#ifndef __TPM_HASH_DATA_FP_H_ -#define __TPM_HASH_DATA_FP_H_ - -// This function is called to process a _TPM_Hash_Data indication. -LIB_EXPORT void -_TPM_Hash_Data( - uint32_t dataSize, // IN: size of data to be extend - unsigned char *data // IN: data buffer -); - -#endif // __TPM_HASH_DATA_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/_TPM_Hash_End_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/_TPM_Hash_End_fp.h deleted file mode 100644 index 45ee7dff0..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/_TPM_Hash_End_fp.h +++ /dev/null @@ -1,49 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Mar 28, 2019 Time: 08:25:19PM - */ - -#ifndef __TPM_HASH_END_FP_H_ -#define __TPM_HASH_END_FP_H_ - -// This function is called to process a _TPM_Hash_End indication. -LIB_EXPORT void -_TPM_Hash_End( - void -); - -#endif // __TPM_HASH_END_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/_TPM_Hash_Start_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/_TPM_Hash_Start_fp.h deleted file mode 100644 index 5ae53fb4f..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/_TPM_Hash_Start_fp.h +++ /dev/null @@ -1,49 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Mar 28, 2019 Time: 08:25:19PM - */ - -#ifndef __TPM_HASH_START_FP_H_ -#define __TPM_HASH_START_FP_H_ - -// This function is called to process a _TPM_Hash_Start indication. -LIB_EXPORT void -_TPM_Hash_Start( - void -); - -#endif // __TPM_HASH_START_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/_TPM_Init_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/_TPM_Init_fp.h deleted file mode 100644 index aabb43a2e..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/_TPM_Init_fp.h +++ /dev/null @@ -1,49 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Mar 28, 2019 Time: 08:25:19PM - */ - -#ifndef __TPM_INIT_FP_H_ -#define __TPM_INIT_FP_H_ - -// This function is used to process a _TPM_Init indication. -LIB_EXPORT void -_TPM_Init( - void -); - -#endif // __TPM_INIT_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/swap.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/swap.h deleted file mode 100644 index 01216f740..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/swap.h +++ /dev/null @@ -1,106 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#ifndef _SWAP_H -#define _SWAP_H - -#if LITTLE_ENDIAN_TPM -#define TO_BIG_ENDIAN_UINT16(i) REVERSE_ENDIAN_16(i) -#define FROM_BIG_ENDIAN_UINT16(i) REVERSE_ENDIAN_16(i) -#define TO_BIG_ENDIAN_UINT32(i) REVERSE_ENDIAN_32(i) -#define FROM_BIG_ENDIAN_UINT32(i) REVERSE_ENDIAN_32(i) -#define TO_BIG_ENDIAN_UINT64(i) REVERSE_ENDIAN_64(i) -#define FROM_BIG_ENDIAN_UINT64(i) REVERSE_ENDIAN_64(i) -#else -#define TO_BIG_ENDIAN_UINT16(i) (i) -#define FROM_BIG_ENDIAN_UINT16(i) (i) -#define TO_BIG_ENDIAN_UINT32(i) (i) -#define FROM_BIG_ENDIAN_UINT32(i) (i) -#define TO_BIG_ENDIAN_UINT64(i) (i) -#define FROM_BIG_ENDIAN_UINT64(i) (i) -#endif - -#if AUTO_ALIGN == NO - -// The aggregation macros for machines that do not allow unaligned access or for -// little-endian machines. - -// Aggregate bytes into an UINT - -#define BYTE_ARRAY_TO_UINT8(b) (uint8_t)((b)[0]) -#define BYTE_ARRAY_TO_UINT16(b) ByteArrayToUint16((BYTE *)(b)) -#define BYTE_ARRAY_TO_UINT32(b) ByteArrayToUint32((BYTE *)(b)) -#define BYTE_ARRAY_TO_UINT64(b) ByteArrayToUint64((BYTE *)(b)) -#define UINT8_TO_BYTE_ARRAY(i, b) ((b)[0] = (uint8_t)(i)) -#define UINT16_TO_BYTE_ARRAY(i, b) Uint16ToByteArray((i), (BYTE *)(b)) -#define UINT32_TO_BYTE_ARRAY(i, b) Uint32ToByteArray((i), (BYTE *)(b)) -#define UINT64_TO_BYTE_ARRAY(i, b) Uint64ToByteArray((i), (BYTE *)(b)) - - -#else // AUTO_ALIGN - -#if BIG_ENDIAN_TPM -// the big-endian macros for machines that allow unaligned memory access -// Aggregate a byte array into a UINT -#define BYTE_ARRAY_TO_UINT8(b) *((uint8_t *)(b)) -#define BYTE_ARRAY_TO_UINT16(b) *((uint16_t *)(b)) -#define BYTE_ARRAY_TO_UINT32(b) *((uint32_t *)(b)) -#define BYTE_ARRAY_TO_UINT64(b) *((uint64_t *)(b)) - -// Disaggregate a UINT into a byte array - -#define UINT8_TO_BYTE_ARRAY(i, b) {*((uint8_t *)(b)) = (i);} -#define UINT16_TO_BYTE_ARRAY(i, b) {*((uint16_t *)(b)) = (i);} -#define UINT32_TO_BYTE_ARRAY(i, b) {*((uint32_t *)(b)) = (i);} -#define UINT64_TO_BYTE_ARRAY(i, b) {*((uint64_t *)(b)) = (i);} -#else -// the little endian macros for machines that allow unaligned memory access -// the big-endian macros for machines that allow unaligned memory access -// Aggregate a byte array into a UINT -#define BYTE_ARRAY_TO_UINT8(b) *((uint8_t *)(b)) -#define BYTE_ARRAY_TO_UINT16(b) REVERSE_ENDIAN_16(*((uint16_t *)(b))) -#define BYTE_ARRAY_TO_UINT32(b) REVERSE_ENDIAN_32(*((uint32_t *)(b))) -#define BYTE_ARRAY_TO_UINT64(b) REVERSE_ENDIAN_64(*((uint64_t *)(b))) - -// Disaggregate a UINT into a byte array - -#define UINT8_TO_BYTE_ARRAY(i, b) {*((uint8_t *)(b)) = (i);} -#define UINT16_TO_BYTE_ARRAY(i, b) {*((uint16_t *)(b)) = REVERSE_ENDIAN_16(i);} -#define UINT32_TO_BYTE_ARRAY(i, b) {*((uint32_t *)(b)) = REVERSE_ENDIAN_32(i);} -#define UINT64_TO_BYTE_ARRAY(i, b) {*((uint64_t *)(b)) = REVERSE_ENDIAN_64(i);} -#endif // BIG_ENDIAN_TPM - -#endif // AUTO_ALIGN == NO - -#endif // _SWAP_H diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/X509/TpmASN1.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/X509/TpmASN1.c deleted file mode 100644 index f275c5801..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/X509/TpmASN1.c +++ /dev/null @@ -1,514 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Includes -#include "Tpm.h" - -#define _OIDS_ -#include "OIDs.h" - -#include "TpmASN1.h" -#include "TpmASN1_fp.h" - -//** Unmarshaling Functions - -//*** ASN1UnmarshalContextInitialize() -// Function does standard initialization of a context. -// Return Type: BOOL -// TRUE(1) success -// FALSE(0) failure -BOOL -ASN1UnmarshalContextInitialize( - ASN1UnmarshalContext *ctx, - INT16 size, - BYTE *buffer -) -{ - VERIFY(buffer != NULL); - VERIFY(size > 0); - ctx->buffer = buffer; - ctx->size = size; - ctx->offset = 0; - ctx->tag = 0xFF; - return TRUE; -Error: - return FALSE; -} - -//***ASN1DecodeLength() -// This function extracts the length of an element from 'buffer' starting at 'offset'. -// Return Type: UINT16 -// >=0 the extracted length -// <0 an error -INT16 -ASN1DecodeLength( - ASN1UnmarshalContext *ctx -) -{ - BYTE first; // Next octet in buffer - INT16 value; -// - VERIFY(ctx->offset < ctx->size); - first = NEXT_OCTET(ctx); - // If the number of octets of the entity is larger than 127, then the first octet - // is the number of octets in the length specifier. - if(first >= 0x80) - { - // Make sure that this length field is contained with the structure being - // parsed - CHECK_SIZE(ctx, (first & 0x7F)); - if(first == 0x82) - { - // Two octets of size - // get the next value - value = (INT16)NEXT_OCTET(ctx); - // Make sure that the result will fit in an INT16 - VERIFY(value < 0x0080); - // Shift up and add next octet - value = (value << 8) + NEXT_OCTET(ctx); - } - else if(first == 0x81) - value = NEXT_OCTET(ctx); - // Sizes larger than will fit in a INT16 are an error - else - goto Error; - } - else - value = first; - // Make sure that the size defined something within the current context - CHECK_SIZE(ctx, value); - return value; -Error: - ctx->size = -1; // Makes everything fail from now on. - return -1; -} - -//***ASN1NextTag() -// This function extracts the next type from 'buffer' starting at 'offset'. -// It advances 'offset' as it parses the type and the length of the type. It returns -// the length of the type. On return, the 'length' octets starting at 'offset' are the -// octets of the type. -// Return Type: UINT -// >=0 the number of octets in 'type' -// <0 an error -INT16 -ASN1NextTag( - ASN1UnmarshalContext *ctx -) -{ - // A tag to get? - VERIFY(ctx->offset < ctx->size); - // Get it - ctx->tag = NEXT_OCTET(ctx); - // Make sure that it is not an extended tag - VERIFY((ctx->tag & 0x1F) != 0x1F); - // Get the length field and return that - return ASN1DecodeLength(ctx); - -Error: - // Attempt to read beyond the end of the context or an illegal tag - ctx->size = -1; // Persistent failure - ctx->tag = 0xFF; - return -1; -} - - -//*** ASN1GetBitStringValue() -// Try to parse a bit string of up to 32 bits from a value that is expected to be -// a bit string. -// If there is a general parsing error, the context->size is set to -1. -// Return Type: BOOL -// TRUE(1) success -// FALSE(0) failure -BOOL -ASN1GetBitStringValue( - ASN1UnmarshalContext *ctx, - UINT32 *val -) -{ - int shift; - INT16 length; - UINT32 value = 0; -// - - VERIFY((length = ASN1NextTag(ctx)) >= 1); - VERIFY(ctx->tag == ASN1_BITSTRING); - // Get the shift value for the bit field (how many bits to loop off of the end) - shift = NEXT_OCTET(ctx); - length--; - // the shift count has to make sense - VERIFY((shift < 8) && ((length > 0) || (shift == 0))); - // if there are any bytes left - for(; length > 0; length--) - { - if(length > 1) - { - // for all but the last octet, just shift and add the new octet - VERIFY((value & 0xFF000000) == 0); // can't loose significant bits - value = (value << 8) + NEXT_OCTET(ctx); - } - else - { - // for the last octet, just shift the accumulated value enough to - // accept the significant bits in the last octet and shift the last - // octet down - VERIFY(((value & (0xFF000000 << (8 - shift)))) == 0); - value = (value << (8 - shift)) + (NEXT_OCTET(ctx) >> shift); - } - } - *val = value; - return TRUE; -Error: - ctx->size = -1; - return FALSE; -} - -//******************************************************************* -//** Marshaling Functions -//******************************************************************* - -//*** Introduction -// Marshaling of an ASN.1 structure is accomplished from the bottom up. That is, -// the things that will be at the end of the structure are added last. To manage the -// collecting of the relative sizes, start a context for the outermost container, if -// there is one, and then placing items in from the bottom up. If the bottom-most -// item is also within a structure, create a nested context by calling -// ASN1StartMarshalingContext(). -// -// The context control structure contains a 'buffer' pointer, an 'offset', an 'end' -// and a stack. 'offset' is the offset from the start of the buffer of the last added -// byte. When 'offset' reaches 0, the buffer is full. 'offset' is a signed value so -// that, when it becomes negative, there is an overflow. Only two functions are -// allowed to move bytes into the buffer: ASN1PushByte() and ASN1PushBytes(). These -// functions make sure that no data is written beyond the end of the buffer. -// -// When a new context is started, the current value of 'end' is pushed -// on the stack and 'end' is set to 'offset. As bytes are added, offset gets smaller. -// At any time, the count of bytes in the current context is simply 'end' - 'offset'. -// -// Since starting a new context involves setting 'end' = 'offset', the number of bytes -// in the context starts at 0. The nominal way of ending a context is to use -// 'end' - 'offset' to set the length value, and then a tag is added to the buffer. -// Then the previous 'end' value is popped meaning that the context just ended -// becomes a member of the now current context. -// -// The nominal strategy for building a completed ASN.1 structure is to push everything -// into the buffer and then move everything to the start of the buffer. The move is -// simple as the size of the move is the initial 'end' value minus the final 'offset' -// value. The destination is 'buffer' and the source is 'buffer' + 'offset'. As Skippy -// would say "Easy peasy, Joe." -// -// It is not necessary to provide a buffer into which the data is placed. If no buffer -// is provided, then the marshaling process will return values needed for marshaling. -// On strategy for filling the buffer would be to execute the process for building -// the structure without using a buffer. This would return the overall size of the -// structure. Then that amount of data could be allocated for the buffer and the fill -// process executed again with the data going into the buffer. At the end, the data -// would be in its final resting place. - -//*** ASN1InitialializeMarshalContext() -// This creates a structure for handling marshaling of an ASN.1 formatted data -// structure. -void -ASN1InitialializeMarshalContext( - ASN1MarshalContext *ctx, - INT16 length, - BYTE *buffer -) -{ - ctx->buffer = buffer; - if(buffer) - ctx->offset = length; - else - ctx->offset = INT16_MAX; - ctx->end = ctx->offset; - ctx->depth = -1; -} - -//*** ASN1StartMarshalContext() -// This starts a new constructed element. It is constructed on 'top' of the value -// that was previously placed in the structure. -void -ASN1StartMarshalContext( - ASN1MarshalContext *ctx -) -{ - pAssert((ctx->depth + 1) < MAX_DEPTH); - ctx->depth++; - ctx->ends[ctx->depth] = ctx->end; - ctx->end = ctx->offset; -} - -//*** ASN1EndMarshalContext() -// This function restores the end pointer for an encapsulating structure. -// Return Type: INT16 -// > 0 the size of the encapsulated structure that was just ended -// <= 0 an error -INT16 -ASN1EndMarshalContext( - ASN1MarshalContext *ctx -) -{ - INT16 length; - pAssert(ctx->depth >= 0); - length = ctx->end - ctx->offset; - ctx->end = ctx->ends[ctx->depth--]; - if((ctx->depth == -1) && (ctx->buffer)) - { - MemoryCopy(ctx->buffer, ctx->buffer + ctx->offset, ctx->end - ctx->offset); - } - return length; -} - - -//***ASN1EndEncapsulation() -// This function puts a tag and length in the buffer. In this function, an embedded -// BIT_STRING is assumed to be a collection of octets. To indicate that all bits -// are used, a byte of zero is prepended. If a raw bit-string is needed, a new -// function like ASN1PushInteger() would be needed. -// Return Type: INT16 -// > 0 number of octets in the encapsulation -// == 0 failure -UINT16 -ASN1EndEncapsulation( - ASN1MarshalContext *ctx, - BYTE tag -) -{ - // only add a leading zero for an encapsulated BIT STRING - if (tag == ASN1_BITSTRING) - ASN1PushByte(ctx, 0); - ASN1PushTagAndLength(ctx, tag, ctx->end - ctx->offset); - return ASN1EndMarshalContext(ctx); -} - -//*** ASN1PushByte() -BOOL -ASN1PushByte( - ASN1MarshalContext *ctx, - BYTE b -) -{ - if(ctx->offset > 0) - { - ctx->offset -= 1; - if(ctx->buffer) - ctx->buffer[ctx->offset] = b; - return TRUE; - } - ctx->offset = -1; - return FALSE; -} - -//*** ASN1PushBytes() -// Push some raw bytes onto the buffer. 'count' cannot be zero. -// Return Type: IN16 -// > 0 count bytes -// == 0 failure unless count was zero -INT16 -ASN1PushBytes( - ASN1MarshalContext *ctx, - INT16 count, - const BYTE *buffer -) -{ - // make sure that count is not negative which would mess up the math; and that - // if there is a count, there is a buffer - VERIFY((count >= 0) && ((buffer != NULL) || (count == 0))); - // back up the offset to determine where the new octets will get pushed - ctx->offset -= count; - // can't go negative - VERIFY(ctx->offset >= 0); - // if there are buffers, move the data, otherwise, assume that this is just a - // test. - if(count && buffer && ctx->buffer) - MemoryCopy(&ctx->buffer[ctx->offset], buffer, count); - return count; -Error: - ctx->offset = -1; - return 0; -} - -//*** ASN1PushNull() -// Return Type: IN16 -// > 0 count bytes -// == 0 failure unless count was zero -INT16 -ASN1PushNull( - ASN1MarshalContext *ctx -) -{ - ASN1PushByte(ctx, 0); - ASN1PushByte(ctx, ASN1_NULL); - return (ctx->offset >= 0) ? 2 : 0; -} - -//*** ASN1PushLength() -// Push a length value. This will only handle length values that fit in an INT16. -// Return Type: UINT16 -// > 0 number of bytes added -// == 0 failure -INT16 -ASN1PushLength( - ASN1MarshalContext *ctx, - INT16 len -) -{ - UINT16 start = ctx->offset; - VERIFY(len >= 0); - if(len <= 127) - ASN1PushByte(ctx, (BYTE)len); - else - { - ASN1PushByte(ctx, (BYTE)(len & 0xFF)); - len >>= 8; - if(len == 0) - ASN1PushByte(ctx, 0x81); - else - { - ASN1PushByte(ctx, (BYTE)(len)); - ASN1PushByte(ctx, 0x82); - } - } - goto Exit; -Error: - ctx->offset = -1; -Exit: - return (ctx->offset > 0) ? start - ctx->offset : 0; -} - -//*** ASN1PushTagAndLength() -// Return Type: INT16 -// > 0 number of bytes added -// == 0 failure -INT16 -ASN1PushTagAndLength( - ASN1MarshalContext *ctx, - BYTE tag, - INT16 length -) -{ - INT16 bytes; - bytes = ASN1PushLength(ctx, length); - bytes += (INT16)ASN1PushByte(ctx, tag); - return (ctx->offset < 0) ? 0 : bytes; -} - - -//*** ASN1PushTaggedOctetString() -// This function will push a random octet string. -// Return Type: INT16 -// > 0 number of bytes added -// == 0 failure -INT16 -ASN1PushTaggedOctetString( - ASN1MarshalContext *ctx, - INT16 size, - const BYTE *string, - BYTE tag -) -{ - ASN1PushBytes(ctx, size, string); - // PushTagAndLenght just tells how many octets it added so the total size of this - // element is the sum of those octets and input size. - size += ASN1PushTagAndLength(ctx, tag, size); - return size; -} - -//*** ASN1PushUINT() -// This function pushes an native-endian integer value. This just changes a -// native-endian integer into a big-endian byte string and calls ASN1PushInteger(). -// That function will remove leading zeros and make sure that the number is positive. -// Return Type: IN16 -// > 0 count bytes -// == 0 failure unless count was zero -INT16 -ASN1PushUINT( - ASN1MarshalContext *ctx, - UINT32 integer -) -{ - BYTE marshaled[4]; - UINT32_TO_BYTE_ARRAY(integer, marshaled); - return ASN1PushInteger(ctx, 4, marshaled); -} - -//*** ASN1PushInteger -// Push a big-endian integer on the end of the buffer -// Return Type: UINT16 -// > 0 the number of bytes marshaled for the integer -// == 0 failure -INT16 -ASN1PushInteger( - ASN1MarshalContext *ctx, // IN/OUT: buffer context - INT16 iLen, // IN: octets of the integer - BYTE *integer // IN: big-endian integer -) -{ - // no leading 0's - while((*integer == 0) && (--iLen > 0)) - integer++; - // Move the bytes to the buffer - ASN1PushBytes(ctx, iLen, integer); - // if needed, add a leading byte of 0 to make the number positive - if(*integer & 0x80) - iLen += (INT16)ASN1PushByte(ctx, 0); - // PushTagAndLenght just tells how many octets it added so the total size of this - // element is the sum of those octets and the adjusted input size. - iLen += ASN1PushTagAndLength(ctx, ASN1_INTEGER, iLen); - return iLen; -} - -//*** ASN1PushOID() -// This function is used to add an OID. An OID is 0x06 followed by a byte of size -// followed by size bytes. This is used to avoid having to do anything special in the -// definition of an OID. -// Return Type: UINT16 -// > 0 the number of bytes marshaled for the integer -// == 0 failure -INT16 -ASN1PushOID( - ASN1MarshalContext *ctx, - const BYTE *OID -) -{ - if((*OID == ASN1_OBJECT_IDENTIFIER) && ((OID[1] & 0x80) == 0)) - { - return ASN1PushBytes(ctx, OID[1] + 2, OID); - } - ctx->offset = -1; - return 0; -} - - diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/X509/X509_ECC.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/X509/X509_ECC.c deleted file mode 100644 index 29a8d5940..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/X509/X509_ECC.c +++ /dev/null @@ -1,146 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Includes -#include "Tpm.h" -#include "X509.h" -#include "OIDs.h" -#include "TpmASN1_fp.h" -#include "X509_spt_fp.h" -#include "CryptHash_fp.h" - -//** Functions - -//*** X509PushPoint() -// This seems like it might be used more than once so... -// Return Type: INT16 -// > 0 number of bytes added -// == 0 failure -INT16 -X509PushPoint( - ASN1MarshalContext *ctx, - TPMS_ECC_POINT *p -) -{ - // Push a bit string containing the public key. For now, push the x, and y - // coordinates of the public point, bottom up - ASN1StartMarshalContext(ctx); // BIT STRING - { - ASN1PushBytes(ctx, p->y.t.size, p->y.t.buffer); - ASN1PushBytes(ctx, p->x.t.size, p->x.t.buffer); - ASN1PushByte(ctx, 0x04); - } - return ASN1EndEncapsulation(ctx, ASN1_BITSTRING); // Ends BIT STRING -} - -//*** X509AddSigningAlgorithmECC() -// This creates the singing algorithm data. -// Return Type: INT16 -// > 0 number of bytes added -// == 0 failure -INT16 -X509AddSigningAlgorithmECC( - OBJECT *signKey, - TPMT_SIG_SCHEME *scheme, - ASN1MarshalContext *ctx -) -{ - PHASH_DEF hashDef = CryptGetHashDef(scheme->details.any.hashAlg); -// - NOT_REFERENCED(signKey); - // If the desired hashAlg definition wasn't found... - if(hashDef->hashAlg != scheme->details.any.hashAlg) - return 0; - - switch(scheme->scheme) - { - case ALG_ECDSA_VALUE: - // Make sure that we have an OID for this hash and ECC - if((hashDef->ECDSA)[0] != ASN1_OBJECT_IDENTIFIER) - break; - // if this is just an implementation check, indicate that this - // combination is supported - if(!ctx) - return 1; - ASN1StartMarshalContext(ctx); - ASN1PushOID(ctx, hashDef->ECDSA); - return ASN1EndEncapsulation(ctx, ASN1_CONSTRUCTED_SEQUENCE); - default: - break; - } - return 0; -} - - -//*** X509AddPublicECC() -// This function will add the publicKey description to the DER data. If ctx is -// NULL, then no data is transferred and this function will indicate if the TPM -// has the values for DER-encoding of the public key. -// Return Type: INT16 -// > 0 number of bytes added -// == 0 failure -INT16 -X509AddPublicECC( - OBJECT *object, - ASN1MarshalContext *ctx -) -{ - const BYTE *curveOid = - CryptEccGetOID(object->publicArea.parameters.eccDetail.curveID); - if((curveOid == NULL) || (*curveOid != ASN1_OBJECT_IDENTIFIER)) - return 0; -// -// -// SEQUENCE (2 elem) 1st -// SEQUENCE (2 elem) 2nd -// OBJECT IDENTIFIER 1.2.840.10045.2.1 ecPublicKey (ANSI X9.62 public key type) -// OBJECT IDENTIFIER 1.2.840.10045.3.1.7 prime256v1 (ANSI X9.62 named curve) -// BIT STRING (520 bit) 000001001010000111010101010111001001101101000100000010... -// - // If this is a check to see if the key can be encoded, it can. - // Need to mark the end sequence - if(ctx == NULL) - return 1; - ASN1StartMarshalContext(ctx); // SEQUENCE (2 elem) 1st - { - X509PushPoint(ctx, &object->publicArea.unique.ecc); // BIT STRING - ASN1StartMarshalContext(ctx); // SEQUENCE (2 elem) 2nd - { - ASN1PushOID(ctx, curveOid); // curve dependent - ASN1PushOID(ctx, OID_ECC_PUBLIC); // (1.2.840.10045.2.1) - } - ASN1EndEncapsulation(ctx, ASN1_CONSTRUCTED_SEQUENCE); // Ends SEQUENCE 2nd - } - return ASN1EndEncapsulation(ctx, ASN1_CONSTRUCTED_SEQUENCE); // Ends SEQUENCE 1st -} \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/X509/X509_RSA.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/X509/X509_RSA.c deleted file mode 100644 index 77b827bdf..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/X509/X509_RSA.c +++ /dev/null @@ -1,234 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Includes -#include "Tpm.h" -#include "X509.h" -#include "TpmASN1_fp.h" -#include "X509_spt_fp.h" -#include "CryptHash_fp.h" -#include "CryptRsa_fp.h" - -//** Functions - -#if ALG_RSA - -//*** X509AddSigningAlgorithmRSA() -// This creates the singing algorithm data. -// Return Type: INT16 -// > 0 number of bytes added -// == 0 failure -INT16 -X509AddSigningAlgorithmRSA( - OBJECT *signKey, - TPMT_SIG_SCHEME *scheme, - ASN1MarshalContext *ctx -) -{ - TPM_ALG_ID hashAlg = scheme->details.any.hashAlg; - PHASH_DEF hashDef = CryptGetHashDef(hashAlg); -// - NOT_REFERENCED(signKey); - // return failure if hash isn't implemented - if(hashDef->hashAlg != hashAlg) - return 0; - switch(scheme->scheme) - { - case ALG_RSASSA_VALUE: - { - // if the hash is implemented but there is no PKCS1 OID defined - // then this is not a valid signing combination. - if(hashDef->PKCS1[0] != ASN1_OBJECT_IDENTIFIER) - break; - if(ctx == NULL) - return 1; - ASN1StartMarshalContext(ctx); - ASN1PushOID(ctx, hashDef->PKCS1); - return ASN1EndEncapsulation(ctx, ASN1_CONSTRUCTED_SEQUENCE); - } - case ALG_RSAPSS_VALUE: - // leave if this is just an implementation check - if(ctx == NULL) - return 1; - // In the case of SHA1, everything is default and RFC4055 says that - // implementations that do signature generation MUST omit the parameter - // when defaults are used. )-: - if(hashDef->hashAlg == ALG_SHA1_VALUE) - { - return X509PushAlgorithmIdentifierSequence(ctx, OID_RSAPSS); - } - else - { - // Going to build something that looks like: - // SEQUENCE (2 elem) - // OBJECT IDENTIFIER 1.2.840.113549.1.1.10 rsaPSS (PKCS #1) - // SEQUENCE (3 elem) - // [0] (1 elem) - // SEQUENCE (2 elem) - // OBJECT IDENTIFIER 2.16.840.1.101.3.4.2.1 sha-256 - // NULL - // [1] (1 elem) - // SEQUENCE (2 elem) - // OBJECT IDENTIFIER 1.2.840.113549.1.1.8 pkcs1-MGF - // SEQUENCE (2 elem) - // OBJECT IDENTIFIER 2.16.840.1.101.3.4.2.1 sha-256 - // NULL - // [2] (1 elem) salt length - // INTEGER 32 - - // The indentation is just to keep track of where we are in the - // structure - ASN1StartMarshalContext(ctx); // SEQUENCE (2 elements) - { - ASN1StartMarshalContext(ctx); // SEQUENCE (3 elements) - { - // [2] (1 elem) salt length - // INTEGER 32 - ASN1StartMarshalContext(ctx); - { - INT16 saltSize = - CryptRsaPssSaltSize((INT16)hashDef->digestSize, - (INT16)signKey->publicArea.unique.rsa.t.size); - ASN1PushUINT(ctx, saltSize); - } - ASN1EndEncapsulation(ctx, ASN1_APPLICAIION_SPECIFIC + 2); - - // Add the mask generation algorithm - // [1] (1 elem) - // SEQUENCE (2 elem) 1st - // OBJECT IDENTIFIER 1.2.840.113549.1.1.8 pkcs1-MGF - // SEQUENCE (2 elem) 2nd - // OBJECT IDENTIFIER 2.16.840.1.101.3.4.2.1 sha-256 - // NULL - ASN1StartMarshalContext(ctx); // mask context [1] (1 elem) - { - ASN1StartMarshalContext(ctx); // SEQUENCE (2 elem) 1st - // Handle the 2nd Sequence (sequence (object, null)) - { - X509PushAlgorithmIdentifierSequence(ctx, - hashDef->OID); - // add the pkcs1-MGF OID - ASN1PushOID(ctx, OID_MGF1); - } - // End outer sequence - ASN1EndEncapsulation(ctx, ASN1_CONSTRUCTED_SEQUENCE); - } - // End the [1] - ASN1EndEncapsulation(ctx, ASN1_APPLICAIION_SPECIFIC + 1); - - // Add the hash algorithm - // [0] (1 elem) - // SEQUENCE (2 elem) (done by - // X509PushAlgorithmIdentifierSequence) - // OBJECT IDENTIFIER 2.16.840.1.101.3.4.2.1 sha-256 (NIST) - // NULL - ASN1StartMarshalContext(ctx); // [0] (1 elem) - { - X509PushAlgorithmIdentifierSequence(ctx, hashDef->OID); - } - ASN1EndEncapsulation(ctx, (ASN1_APPLICAIION_SPECIFIC + 0)); - } - // SEQUENCE (3 elements) end - ASN1EndEncapsulation(ctx, ASN1_CONSTRUCTED_SEQUENCE); - - // RSA PSS OID - // OBJECT IDENTIFIER 1.2.840.113549.1.1.10 rsaPSS (PKCS #1) - ASN1PushOID(ctx, OID_RSAPSS); - } - // End Sequence (2 elements) - return ASN1EndEncapsulation(ctx, ASN1_CONSTRUCTED_SEQUENCE); - } - default: - break; - } - return 0; -} - -//*** X509AddPublicRSA() -// This function will add the publicKey description to the DER data. If fillPtr is -// NULL, then no data is transferred and this function will indicate if the TPM -// has the values for DER-encoding of the public key. -// Return Type: INT16 -// > 0 number of bytes added -// == 0 failure -INT16 -X509AddPublicRSA( - OBJECT *object, - ASN1MarshalContext *ctx -) -{ - UINT32 exp = object->publicArea.parameters.rsaDetail.exponent; -// -/* - SEQUENCE (2 elem) 1st - SEQUENCE (2 elem) 2nd - OBJECT IDENTIFIER 1.2.840.113549.1.1.1 rsaEncryption (PKCS #1) - NULL - BIT STRING (1 elem) - SEQUENCE (2 elem) 3rd - INTEGER (2048 bit) 2197304513741227955725834199357401… - INTEGER 65537 -*/ - // If this is a check to see if the key can be encoded, it can. - // Need to mark the end sequence - if(ctx == NULL) - return 1; - ASN1StartMarshalContext(ctx); // SEQUENCE (2 elem) 1st - ASN1StartMarshalContext(ctx); // BIT STRING - ASN1StartMarshalContext(ctx); // SEQUENCE *(2 elem) 3rd - - // Get public exponent in big-endian byte order. - if(exp == 0) - exp = RSA_DEFAULT_PUBLIC_EXPONENT; - - // Push a 4 byte integer. This might get reduced if there are leading zeros or - // extended if the high order byte is negative. - ASN1PushUINT(ctx, exp); - // Push the public key as an integer - ASN1PushInteger(ctx, object->publicArea.unique.rsa.t.size, - object->publicArea.unique.rsa.t.buffer); - // Embed this in a SEQUENCE tag and length in for the key, exponent sequence - ASN1EndEncapsulation(ctx, ASN1_CONSTRUCTED_SEQUENCE); // SEQUENCE (3rd) - - // Embed this in a BIT STRING - ASN1EndEncapsulation(ctx, ASN1_BITSTRING); - - // Now add the formatted SEQUENCE for the RSA public key OID. This is a - // fully constructed value so it doesn't need to have a context started - X509PushAlgorithmIdentifierSequence(ctx, OID_PKCS1_PUB); - - return ASN1EndEncapsulation(ctx, ASN1_CONSTRUCTED_SEQUENCE); -} - -#endif // ALG_RSA \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/X509/X509_spt.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/X509/X509_spt.c deleted file mode 100644 index 77fd96ba9..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/X509/X509_spt.c +++ /dev/null @@ -1,295 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Includes -#include "Tpm.h" -#include "TpmASN1.h" -#include "TpmASN1_fp.h" -#define _X509_SPT_ -#include "X509.h" -#include "X509_spt_fp.h" -#if ALG_RSA -# include "X509_RSA_fp.h" -#endif // ALG_RSA -#if ALG_ECC -# include "X509_ECC_fp.h" -#endif // ALG_ECC -#if ALG_SM2 -//# include "X509_SM2_fp.h" -#endif // ALG_RSA - - - -//** Unmarshaling Functions - -//*** X509FindExtensionOID() -// This will search a list of X508 extensions to find an extension with the -// requested OID. If the extension is found, the output context ('ctx') is set up -// to point to the OID in the extension. -// Return Type: BOOL -// TRUE(1) success -// FALSE(0) failure (could be catastrophic) -BOOL -X509FindExtensionByOID( - ASN1UnmarshalContext *ctxIn, // IN: the context to search - ASN1UnmarshalContext *ctx, // OUT: the extension context - const BYTE *OID // IN: oid to search for -) -{ - INT16 length; -// - pAssert(ctxIn != NULL); - // Make the search non-destructive of the input if ctx provided. Otherwise, use - // the provided context. - if (ctx == NULL) - ctx = ctxIn; - else if(ctx != ctxIn) - *ctx = *ctxIn; - for(;ctx->size > ctx->offset; ctx->offset += length) - { - VERIFY((length = ASN1NextTag(ctx)) >= 0); - // If this is not a constructed sequence, then it doesn't belong - // in the extensions. - VERIFY(ctx->tag == ASN1_CONSTRUCTED_SEQUENCE); - // Make sure that this entry could hold the OID - if (length >= OID_SIZE(OID)) - { - // See if this is a match for the provided object identifier. - if (MemoryEqual(OID, &(ctx->buffer[ctx->offset]), OID_SIZE(OID))) - { - // Return with ' ctx' set to point to the start of the OID with the size - // set to be the size of the SEQUENCE - ctx->buffer += ctx->offset; - ctx->offset = 0; - ctx->size = length; - return TRUE; - } - } - } - VERIFY(ctx->offset == ctx->size); - return FALSE; -Error: - ctxIn->size = -1; - ctx->size = -1; - return FALSE; -} - -//*** X509GetExtensionBits() -// This function will extract a bit field from an extension. If the extension doesn't -// contain a bit string, it will fail. -// Return Type: BOOL -// TRUE(1) success -// FALSE(0) failure -UINT32 -X509GetExtensionBits( - ASN1UnmarshalContext *ctx, - UINT32 *value -) -{ - INT16 length; -// - while (((length = ASN1NextTag(ctx)) > 0) && (ctx->size > ctx->offset)) - { - // Since this is an extension, the extension value will be in an OCTET STRING - if (ctx->tag == ASN1_OCTET_STRING) - { - return ASN1GetBitStringValue(ctx, value); - } - ctx->offset += length; - } - ctx->size = -1; - return FALSE; -} - -//***X509ProcessExtensions() -// This function is used to process the TPMA_OBJECT and KeyUsage extensions. It is not -// in the CertifyX509.c code because it makes the code harder to follow. -// Return Type: TPM_RC -// TPM_RCS_ATTRIBUTES the attributes of object are not consistent with -// the extension setting -// TPM_RC_VALUE problem parsing the extensions -TPM_RC -X509ProcessExtensions( - OBJECT *object, // IN: The object with the attributes to - // check - stringRef *extension // IN: The start and length of the extensions -) -{ - ASN1UnmarshalContext ctx; - ASN1UnmarshalContext extensionCtx; - INT16 length; - UINT32 value; -// - if(!ASN1UnmarshalContextInitialize(&ctx, extension->len, extension->buf) - || ((length = ASN1NextTag(&ctx)) < 0) - || (ctx.tag != X509_EXTENSIONS)) - return TPM_RCS_VALUE; - if( ((length = ASN1NextTag(&ctx)) < 0) - || (ctx.tag != (ASN1_CONSTRUCTED_SEQUENCE))) - return TPM_RCS_VALUE; - - // Get the extension for the TPMA_OBJECT if there is one - if(X509FindExtensionByOID(&ctx, &extensionCtx, OID_TCG_TPMA_OBJECT) && - X509GetExtensionBits(&extensionCtx, &value)) - { - // If an keyAttributes extension was found, it must be exactly the same as the - // attributes of the object. - // This cast will work because we know that a TPMA_OBJECT is in a UINT32. - // Set RUNTIME_SIZE_CHECKS to YES to force a check to verify this assumption - // during debug. Doing this is lot easier than having to revisit the code - // any time a new attribute is added. - // NOTE: MemoryEqual() is used to avoid type-punned pointer warning/error. - if(!MemoryEqual(&value, &object->publicArea.objectAttributes, sizeof(value))) - return TPM_RCS_ATTRIBUTES; - } - // Make sure the failure to find the value wasn't because of a fatal error - else if(extensionCtx.size < 0) - return TPM_RCS_VALUE; - - // Get the keyUsage extension. This one is required - if(X509FindExtensionByOID(&ctx, &extensionCtx, OID_KEY_USAGE_EXTENSTION) && - X509GetExtensionBits(&extensionCtx, &value)) - { - x509KeyUsageUnion keyUsage; - TPMA_OBJECT attributes = object->publicArea.objectAttributes; - // - keyUsage.integer = value; - // For KeyUsage: - // the 'sign' attribute is SET if Key Usage includes signing - if( ( (keyUsageSign.integer & keyUsage.integer) != 0 - && !IS_ATTRIBUTE(attributes, TPMA_OBJECT, sign)) - // OR the 'decrypt' attribute is Set if Key Usage includes decryption uses - || ( (keyUsageDecrypt.integer & keyUsage.integer) != 0 - && !IS_ATTRIBUTE(attributes, TPMA_OBJECT, decrypt)) - // OR that 'fixedTPM' is SET if Key Usage is non-repudiation - || ( IS_ATTRIBUTE(keyUsage.x509, TPMA_X509_KEY_USAGE, nonrepudiation) - && !IS_ATTRIBUTE(attributes, TPMA_OBJECT, fixedTPM)) - // OR that 'restricted' is SET if Key Usage is key agreement - || ( IS_ATTRIBUTE(keyUsage.x509, TPMA_X509_KEY_USAGE, keyAgreement) - && !IS_ATTRIBUTE(attributes, TPMA_OBJECT, restricted)) - ) - return TPM_RCS_ATTRIBUTES; - } - else - // The KeyUsage extension is required - return TPM_RCS_VALUE; - - return TPM_RC_SUCCESS; -} - -//** Marshaling Functions - -//*** X509AddSigningAlgorithm() -// This creates the singing algorithm data. -// Return Type: INT16 -// > 0 number of octets added -// <= 0 failure -INT16 -X509AddSigningAlgorithm( - ASN1MarshalContext *ctx, - OBJECT *signKey, - TPMT_SIG_SCHEME *scheme -) -{ - switch(signKey->publicArea.type) - { -#if ALG_RSA - case ALG_RSA_VALUE: - return X509AddSigningAlgorithmRSA(signKey, scheme, ctx); -#endif // ALG_RSA -#if ALG_ECC - case ALG_ECC_VALUE: - return X509AddSigningAlgorithmECC(signKey, scheme, ctx); -#endif // ALG_ECC -#if ALG_SM2 - case ALG_SM2: - return X509AddSigningAlgorithmSM2(signKey, scheme,ctx); -#endif // ALG_SM2 - default: - break; - } - return 0; -} - -//*** X509AddPublicKey() -// This function will add the publicKey description to the DER data. If fillPtr is -// NULL, then no data is transferred and this function will indicate if the TPM -// has the values for DER-encoding of the public key. -// Return Type: INT16 -// > 0 number of octets added -// == 0 failure -INT16 -X509AddPublicKey( - ASN1MarshalContext *ctx, - OBJECT *object -) -{ - switch(object->publicArea.type) - { -#if ALG_RSA - case ALG_RSA_VALUE: - return X509AddPublicRSA(object, ctx); -#endif -#if ALG_ECC - case ALG_ECC_VALUE: - return X509AddPublicECC(object, ctx); -#endif -#if ALG_SM2 - case ALG_SM2_VALUE: - break; -#endif - default: - break; - } - return FALSE; -} - - -//*** X509PushAlgorithmIdentifierSequence() -// Return Type: INT16 -// > 0 number of bytes added -// == 0 failure -INT16 -X509PushAlgorithmIdentifierSequence( - ASN1MarshalContext *ctx, - const BYTE *OID - ) -{ - ASN1StartMarshalContext(ctx); // hash algorithm - ASN1PushNull(ctx); - ASN1PushOID(ctx, OID); - return ASN1EndEncapsulation(ctx, ASN1_CONSTRUCTED_SEQUENCE); -} - - diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Asymmetric/ECC_Parameters.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Asymmetric/ECC_Parameters.c deleted file mode 100644 index c03476879..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Asymmetric/ECC_Parameters.c +++ /dev/null @@ -1,61 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "ECC_Parameters_fp.h" - -#if CC_ECC_Parameters // Conditional expansion of this file - -/*(See part 3 specification) -// This command returns the parameters of an ECC curve identified by its TCG -// assigned curveID -*/ -// Return Type: TPM_RC -// TPM_RC_VALUE Unsupported ECC curve ID -TPM_RC -TPM2_ECC_Parameters( - ECC_Parameters_In *in, // IN: input parameter list - ECC_Parameters_Out *out // OUT: output parameter list - ) -{ -// Command Output - - // Get ECC curve parameters - if(CryptEccGetParameters(in->curveID, &out->parameters)) - return TPM_RC_SUCCESS; - else - return TPM_RCS_VALUE + RC_ECC_Parameters_curveID; -} - -#endif // CC_ECC_Parameters \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Asymmetric/ECDH_KeyGen.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Asymmetric/ECDH_KeyGen.c deleted file mode 100644 index 9c7ac3341..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Asymmetric/ECDH_KeyGen.c +++ /dev/null @@ -1,92 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "ECDH_KeyGen_fp.h" - -#if CC_ECDH_KeyGen // Conditional expansion of this file - -/*(See part 3 specification) -// This command uses the TPM to generate an ephemeral public key and the product -// of the ephemeral private key and the public portion of an ECC key. -*/ -// Return Type: TPM_RC -// TPM_RC_KEY 'keyHandle' does not reference an ECC key -TPM_RC -TPM2_ECDH_KeyGen( - ECDH_KeyGen_In *in, // IN: input parameter list - ECDH_KeyGen_Out *out // OUT: output parameter list - ) -{ - OBJECT *eccKey; - TPM2B_ECC_PARAMETER sensitive; - TPM_RC result; - -// Input Validation - - eccKey = HandleToObject(in->keyHandle); - - // Referenced key must be an ECC key - if(eccKey->publicArea.type != TPM_ALG_ECC) - return TPM_RCS_KEY + RC_ECDH_KeyGen_keyHandle; - -// Command Output - do - { - TPMT_PUBLIC *keyPublic = &eccKey->publicArea; - // Create ephemeral ECC key - result = CryptEccNewKeyPair(&out->pubPoint.point, &sensitive, - keyPublic->parameters.eccDetail.curveID); - if(result == TPM_RC_SUCCESS) - { - // Compute Z - result = CryptEccPointMultiply(&out->zPoint.point, - keyPublic->parameters.eccDetail.curveID, - &keyPublic->unique.ecc, - &sensitive, - NULL, NULL); - // The point in the key is not on the curve. Indicate - // that the key is bad. - if(result == TPM_RC_ECC_POINT) - return TPM_RCS_KEY + RC_ECDH_KeyGen_keyHandle; - // The other possible error from CryptEccPointMultiply is - // TPM_RC_NO_RESULT indicating that the multiplication resulted in - // the point at infinity, so get a new random key and start over - // BTW, this never happens. - } - } while(result == TPM_RC_NO_RESULT); - return result; -} - -#endif // CC_ECDH_KeyGen \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Asymmetric/ECDH_ZGen.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Asymmetric/ECDH_ZGen.c deleted file mode 100644 index f2a6135b1..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Asymmetric/ECDH_ZGen.c +++ /dev/null @@ -1,86 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "ECDH_ZGen_fp.h" - -#if CC_ECDH_ZGen // Conditional expansion of this file - -/*(See part 3 specification) -// This command uses the TPM to recover the Z value from a public point -*/ -// Return Type: TPM_RC -// TPM_RC_ATTRIBUTES key referenced by 'keyA' is restricted or -// not a decrypt key -// TPM_RC_KEY key referenced by 'keyA' is not an ECC key -// TPM_RC_NO_RESULT multiplying 'inPoint' resulted in a -// point at infinity -// TPM_RC_SCHEME the scheme of the key referenced by 'keyA' -// is not TPM_ALG_NULL, TPM_ALG_ECDH, -TPM_RC -TPM2_ECDH_ZGen( - ECDH_ZGen_In *in, // IN: input parameter list - ECDH_ZGen_Out *out // OUT: output parameter list - ) -{ - TPM_RC result; - OBJECT *eccKey; - -// Input Validation - eccKey = HandleToObject(in->keyHandle); - - // Selected key must be a non-restricted, decrypt ECC key - if(eccKey->publicArea.type != TPM_ALG_ECC) - return TPM_RCS_KEY + RC_ECDH_ZGen_keyHandle; - // Selected key needs to be unrestricted with the 'decrypt' attribute - if(IS_ATTRIBUTE(eccKey->publicArea.objectAttributes, TPMA_OBJECT, restricted) - || !IS_ATTRIBUTE(eccKey->publicArea.objectAttributes, TPMA_OBJECT, decrypt)) - return TPM_RCS_ATTRIBUTES + RC_ECDH_ZGen_keyHandle; - // Make sure the scheme allows this use - if(eccKey->publicArea.parameters.eccDetail.scheme.scheme != TPM_ALG_ECDH - && eccKey->publicArea.parameters.eccDetail.scheme.scheme != TPM_ALG_NULL) - return TPM_RCS_SCHEME + RC_ECDH_ZGen_keyHandle; -// Command Output - // Compute Z. TPM_RC_ECC_POINT or TPM_RC_NO_RESULT may be returned here. - result = CryptEccPointMultiply(&out->outPoint.point, - eccKey->publicArea.parameters.eccDetail.curveID, - &in->inPoint.point, - &eccKey->sensitive.sensitive.ecc, - NULL, NULL); - if(result != TPM_RC_SUCCESS) - return RcSafeAddToResult(result, RC_ECDH_ZGen_inPoint); - return result; -} - -#endif // CC_ECDH_ZGen \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Asymmetric/EC_Ephemeral.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Asymmetric/EC_Ephemeral.c deleted file mode 100644 index 6125e586b..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Asymmetric/EC_Ephemeral.c +++ /dev/null @@ -1,73 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "EC_Ephemeral_fp.h" - -#if CC_EC_Ephemeral // Conditional expansion of this file - -/*(See part 3 specification) -// This command creates an ephemeral key using the commit mechanism -*/ -// Return Type: TPM_RC -// TPM_RC_NO_RESULT the TPM is not able to generate an 'r' value -TPM_RC -TPM2_EC_Ephemeral( - EC_Ephemeral_In *in, // IN: input parameter list - EC_Ephemeral_Out *out // OUT: output parameter list - ) -{ - TPM2B_ECC_PARAMETER r; - TPM_RC result; -// - do - { - // Get the random value that will be used in the point multiplications - // Note: this does not commit the count. - if(!CryptGenerateR(&r, NULL, in->curveID, NULL)) - return TPM_RC_NO_RESULT; - // do a point multiply - result = CryptEccPointMultiply(&out->Q.point, in->curveID, NULL, &r, - NULL, NULL); - // commit the count value if either the r value results in the point at - // infinity or if the value is good. The commit on the r value for infinity - // is so that the r value will be skipped. - if((result == TPM_RC_SUCCESS) || (result == TPM_RC_NO_RESULT)) - out->counter = CryptCommit(); - } while(result == TPM_RC_NO_RESULT); - - return TPM_RC_SUCCESS; -} - -#endif // CC_EC_Ephemeral \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Asymmetric/RSA_Decrypt.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Asymmetric/RSA_Decrypt.c deleted file mode 100644 index 0e41fa4e0..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Asymmetric/RSA_Decrypt.c +++ /dev/null @@ -1,106 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "RSA_Decrypt_fp.h" - -#if CC_RSA_Decrypt // Conditional expansion of this file - -/*(See part 3 specification) -// decrypts the provided data block and removes the padding if applicable -*/ -// Return Type: TPM_RC -// TPM_RC_ATTRIBUTES 'decrypt' is not SET or if 'restricted' is SET in -// the key referenced by 'keyHandle' -// TPM_RC_BINDING The public an private parts of the key are not -// properly bound -// TPM_RC_KEY 'keyHandle' does not reference an unrestricted -// decrypt key -// TPM_RC_SCHEME incorrect input scheme, or the chosen -// 'scheme' is not a valid RSA decrypt scheme -// TPM_RC_SIZE 'cipherText' is not the size of the modulus -// of key referenced by 'keyHandle' -// TPM_RC_VALUE 'label' is not a null terminated string or the value -// of 'cipherText' is greater that the modulus of -// 'keyHandle' or the encoding of the data is not -// valid - -TPM_RC -TPM2_RSA_Decrypt( - RSA_Decrypt_In *in, // IN: input parameter list - RSA_Decrypt_Out *out // OUT: output parameter list - ) -{ - TPM_RC result; - OBJECT *rsaKey; - TPMT_RSA_DECRYPT *scheme; - -// Input Validation - - rsaKey = HandleToObject(in->keyHandle); - - // The selected key must be an RSA key - if(rsaKey->publicArea.type != TPM_ALG_RSA) - return TPM_RCS_KEY + RC_RSA_Decrypt_keyHandle; - - // The selected key must be an unrestricted decryption key - if(IS_ATTRIBUTE(rsaKey->publicArea.objectAttributes, TPMA_OBJECT, restricted) - || !IS_ATTRIBUTE(rsaKey->publicArea.objectAttributes, TPMA_OBJECT, decrypt)) - return TPM_RCS_ATTRIBUTES + RC_RSA_Decrypt_keyHandle; - - // NOTE: Proper operation of this command requires that the sensitive area - // of the key is loaded. This is assured because authorization is required - // to use the sensitive area of the key. In order to check the authorization, - // the sensitive area has to be loaded, even if authorization is with policy. - - // If label is present, make sure that it is a NULL-terminated string - if(!IsLabelProperlyFormatted(&in->label.b)) - return TPM_RCS_VALUE + RC_RSA_Decrypt_label; -// Command Output - // Select a scheme for decrypt. - scheme = CryptRsaSelectScheme(in->keyHandle, &in->inScheme); - if(scheme == NULL) - return TPM_RCS_SCHEME + RC_RSA_Decrypt_inScheme; - - // Decryption. TPM_RC_VALUE, TPM_RC_SIZE, and TPM_RC_KEY error may be - // returned by CryptRsaDecrypt. - // NOTE: CryptRsaDecrypt can also return TPM_RC_ATTRIBUTES or TPM_RC_BINDING - // when the key is not a decryption key but that was checked above. - out->message.t.size = sizeof(out->message.t.buffer); - result = CryptRsaDecrypt(&out->message.b, &in->cipherText.b, rsaKey, - scheme, &in->label.b); - return result; -} - -#endif // CC_RSA_Decrypt \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Asymmetric/RSA_Encrypt.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Asymmetric/RSA_Encrypt.c deleted file mode 100644 index 3ba397c90..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Asymmetric/RSA_Encrypt.c +++ /dev/null @@ -1,90 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "RSA_Encrypt_fp.h" - -#if CC_RSA_Encrypt // Conditional expansion of this file - -/*(See part 3 specification) -// This command performs the padding and encryption of a data block -*/ -// Return Type: TPM_RC -// TPM_RC_ATTRIBUTES 'decrypt' attribute is not SET in key referenced -// by 'keyHandle' -// TPM_RC_KEY 'keyHandle' does not reference an RSA key -// TPM_RC_SCHEME incorrect input scheme, or the chosen -// scheme is not a valid RSA decrypt scheme -// TPM_RC_VALUE the numeric value of 'message' is greater than -// the public modulus of the key referenced by -// 'keyHandle', or 'label' is not a null-terminated -// string -TPM_RC -TPM2_RSA_Encrypt( - RSA_Encrypt_In *in, // IN: input parameter list - RSA_Encrypt_Out *out // OUT: output parameter list - ) -{ - TPM_RC result; - OBJECT *rsaKey; - TPMT_RSA_DECRYPT *scheme; -// Input Validation - rsaKey = HandleToObject(in->keyHandle); - - // selected key must be an RSA key - if(rsaKey->publicArea.type != TPM_ALG_RSA) - return TPM_RCS_KEY + RC_RSA_Encrypt_keyHandle; - // selected key must have the decryption attribute - if(!IS_ATTRIBUTE(rsaKey->publicArea.objectAttributes, TPMA_OBJECT, decrypt)) - return TPM_RCS_ATTRIBUTES + RC_RSA_Encrypt_keyHandle; - - // Is there a label? - if(!IsLabelProperlyFormatted(&in->label.b)) - return TPM_RCS_VALUE + RC_RSA_Encrypt_label; -// Command Output - // Select a scheme for encryption - scheme = CryptRsaSelectScheme(in->keyHandle, &in->inScheme); - if(scheme == NULL) - return TPM_RCS_SCHEME + RC_RSA_Encrypt_inScheme; - - // Encryption. TPM_RC_VALUE, or TPM_RC_SCHEME errors my be returned buy - // CryptEncyptRSA. - out->outData.t.size = sizeof(out->outData.t.buffer); - - result = CryptRsaEncrypt(&out->outData, &in->message.b, rsaKey, scheme, - &in->label.b, NULL); - return result; -} - -#endif // CC_RSA_Encrypt \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Asymmetric/ZGen_2Phase.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Asymmetric/ZGen_2Phase.c deleted file mode 100644 index 955ba0b56..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Asymmetric/ZGen_2Phase.c +++ /dev/null @@ -1,121 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "ZGen_2Phase_fp.h" - -#if CC_ZGen_2Phase // Conditional expansion of this file - -// This command uses the TPM to recover one or two Z values in a two phase key -// exchange protocol -// Return Type: TPM_RC -// TPM_RC_ATTRIBUTES key referenced by 'keyA' is restricted or -// not a decrypt key -// TPM_RC_ECC_POINT 'inQsB' or 'inQeB' is not on the curve of -// the key reference by 'keyA' -// TPM_RC_KEY key referenced by 'keyA' is not an ECC key -// TPM_RC_SCHEME the scheme of the key referenced by 'keyA' -// is not TPM_ALG_NULL, TPM_ALG_ECDH, -// ALG_ECMQV or TPM_ALG_SM2 -TPM_RC -TPM2_ZGen_2Phase( - ZGen_2Phase_In *in, // IN: input parameter list - ZGen_2Phase_Out *out // OUT: output parameter list - ) -{ - TPM_RC result; - OBJECT *eccKey; - TPM2B_ECC_PARAMETER r; - TPM_ALG_ID scheme; - -// Input Validation - - eccKey = HandleToObject(in->keyA); - - // keyA must be an ECC key - if(eccKey->publicArea.type != TPM_ALG_ECC) - return TPM_RCS_KEY + RC_ZGen_2Phase_keyA; - - // keyA must not be restricted and must be a decrypt key - if(IS_ATTRIBUTE(eccKey->publicArea.objectAttributes, TPMA_OBJECT, restricted) - || !IS_ATTRIBUTE(eccKey->publicArea.objectAttributes, TPMA_OBJECT, decrypt)) - return TPM_RCS_ATTRIBUTES + RC_ZGen_2Phase_keyA; - - // if the scheme of keyA is TPM_ALG_NULL, then use the input scheme; otherwise - // the input scheme must be the same as the scheme of keyA - scheme = eccKey->publicArea.parameters.asymDetail.scheme.scheme; - if(scheme != TPM_ALG_NULL) - { - if(scheme != in->inScheme) - return TPM_RCS_SCHEME + RC_ZGen_2Phase_inScheme; - } - else - scheme = in->inScheme; - if(scheme == TPM_ALG_NULL) - return TPM_RCS_SCHEME + RC_ZGen_2Phase_inScheme; - - // Input points must be on the curve of keyA - if(!CryptEccIsPointOnCurve(eccKey->publicArea.parameters.eccDetail.curveID, - &in->inQsB.point)) - return TPM_RCS_ECC_POINT + RC_ZGen_2Phase_inQsB; - - if(!CryptEccIsPointOnCurve(eccKey->publicArea.parameters.eccDetail.curveID, - &in->inQeB.point)) - return TPM_RCS_ECC_POINT + RC_ZGen_2Phase_inQeB; - - if(!CryptGenerateR(&r, &in->counter, - eccKey->publicArea.parameters.eccDetail.curveID, - NULL)) - return TPM_RCS_VALUE + RC_ZGen_2Phase_counter; - -// Command Output - - result = - CryptEcc2PhaseKeyExchange(&out->outZ1.point, - &out->outZ2.point, - eccKey->publicArea.parameters.eccDetail.curveID, - scheme, - &eccKey->sensitive.sensitive.ecc, - &r, - &in->inQsB.point, - &in->inQeB.point); - if(result == TPM_RC_SCHEME) - return TPM_RCS_SCHEME + RC_ZGen_2Phase_inScheme; - - if(result == TPM_RC_SUCCESS) - CryptEndCommit(in->counter); - - return result; -} -#endif // CC_ZGen_2Phase \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/AttachedComponent/AC_GetCapability.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/AttachedComponent/AC_GetCapability.c deleted file mode 100644 index 18106eaaf..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/AttachedComponent/AC_GetCapability.c +++ /dev/null @@ -1,56 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "AC_GetCapability_fp.h" -#include "AC_spt_fp.h" - -#if CC_AC_GetCapability // Conditional expansion of this file - -/*(See part 3 specification) -// This command returns various information regarding Attached Components -*/ -TPM_RC -TPM2_AC_GetCapability( - AC_GetCapability_In *in, // IN: input parameter list - AC_GetCapability_Out *out // OUT: output parameter list - ) -{ -// Command Output - out->moreData = AcCapabilitiesGet(in->ac, in->count, &out->capabilitiesData); - - return TPM_RC_SUCCESS; -} - -#endif // CC_AC_GetCapability \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/AttachedComponent/AC_Send.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/AttachedComponent/AC_Send.c deleted file mode 100644 index 1477c7f24..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/AttachedComponent/AC_Send.c +++ /dev/null @@ -1,102 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "AC_Send_fp.h" -#include "AC_spt_fp.h" - - -#if CC_AC_Send // Conditional expansion of this file - -/*(See part 3 specification) -// Duplicate a loaded object -*/ -// Return Type: TPM_RC -// TPM_RC_ATTRIBUTES key to duplicate has 'fixedParent' SET -// TPM_RC_HASH for an RSA key, the nameAlg digest size for the -// newParent is not compatible with the key size -// TPM_RC_HIERARCHY 'encryptedDuplication' is SET and 'newParentHandle' -// specifies Null Hierarchy -// TPM_RC_KEY 'newParentHandle' references invalid ECC key (public -// point not on the curve) -// TPM_RC_SIZE input encryption key size does not match the -// size specified in symmetric algorithm -// TPM_RC_SYMMETRIC 'encryptedDuplication' is SET but no symmetric -// algorithm is provided -// TPM_RC_TYPE 'newParentHandle' is neither a storage key nor -// TPM_RH_NULL; or the object has a NULL nameAlg -// TPM_RC_VALUE for an RSA newParent, the sizes of the digest and -// the encryption key are too large to be OAEP encoded -TPM_RC -TPM2_AC_Send( - AC_Send_In *in, // IN: input parameter list - AC_Send_Out *out // OUT: output parameter list -) -{ - NV_REF locator; - TPM_HANDLE nvAlias = ((in->ac - AC_FIRST) + NV_AC_FIRST); - NV_INDEX *nvIndex = NvGetIndexInfo(nvAlias, &locator); - OBJECT *object = HandleToObject(in->sendObject); - TPM_RC result; -// Input validation - // If there is an NV alias, then the index must allow the authorization provided - if(nvIndex != NULL) - { - // Common access checks, NvWriteAccessCheck() may return - // TPM_RC_NV_AUTHORIZATION or TPM_RC_NV_LOCKED - result = NvWriteAccessChecks(in->authHandle, nvAlias, - nvIndex->publicArea.attributes); - if(result != TPM_RC_SUCCESS) - return result; - } - // If 'ac' did not have an alias then the authorization had to be with either - // platform or owner authorization. The type of TPMI_RH_NV_AUTH only allows - // owner or platform or an NV index. If it was a valid index, it would have had - // an alias and be processed above, so only success here is if this is a - // permanent handle. - else if(HandleGetType(in->authHandle) != TPM_HT_PERMANENT) - return TPM_RCS_HANDLE + RC_AC_Send_authHandle; - // Make sure that the object to be duplicated has the right attributes - if(IS_ATTRIBUTE(object->publicArea.objectAttributes, - TPMA_OBJECT, encryptedDuplication) - || IS_ATTRIBUTE(object->publicArea.objectAttributes, TPMA_OBJECT, - fixedParent) - || IS_ATTRIBUTE(object->publicArea.objectAttributes, TPMA_OBJECT, fixedTPM)) - return TPM_RCS_ATTRIBUTES + RC_AC_Send_sendObject; -// Command output - // Do the implementation dependent send - return AcSendObject(in->ac, object, &out->acDataOut); -} - -#endif // TPM_CC_AC_Send \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/AttachedComponent/AC_spt.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/AttachedComponent/AC_spt.c deleted file mode 100644 index b938bee30..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/AttachedComponent/AC_spt.c +++ /dev/null @@ -1,149 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Includes -#include "Tpm.h" -#include "AC_spt_fp.h" - - -#if 1 // This is the simulated AC data. - -typedef struct { - TPMI_RH_AC ac; - TPML_AC_CAPABILITIES *acData; - -} acCapabilities; - - -TPML_AC_CAPABILITIES acData0001 = {1, - {{TPM_AT_PV1, 0x01234567}}}; - -acCapabilities ac[1] = { {0x0001, &acData0001} }; - -#define NUM_AC (sizeof(ac) / sizeof(acCapabilities)) - -#endif // 1 The simulated AC data - -//*** AcToCapabilities() -// This function returns a pointer to a list of AC capabilities. -TPML_AC_CAPABILITIES * -AcToCapabilities( - TPMI_RH_AC component // IN: component -) -{ - UINT32 index; -// - for(index = 0; index < NUM_AC; index++) - { - if(ac[index].ac == component) - return ac[index].acData; - } - return NULL; -} - -//*** AcIsAccessible() -// Function to determine if an AC handle references an actual AC -// Return Type: BOOL -BOOL -AcIsAccessible( - TPM_HANDLE acHandle - ) -{ - // In this implementation, the AC exists if there are some capabilities to go - // with the handle - return AcToCapabilities(acHandle) != NULL; -} - -//*** AcCapabilitiesGet() -// This function returns a list of capabilities associated with an AC -// Return Type: TPMI_YES_NO -// YES if there are more handles available -// NO all the available handles has been returned -TPMI_YES_NO -AcCapabilitiesGet( - TPMI_RH_AC component, // IN: the component - TPM_AT type, // IN: start capability type - TPML_AC_CAPABILITIES *capabilityList // OUT: list of handle -) -{ - TPMI_YES_NO more = NO; - UINT32 i; - TPML_AC_CAPABILITIES *capabilities = AcToCapabilities(component); - - pAssert(HandleGetType(component) == TPM_HT_AC); - - // Initialize output handle list - capabilityList->count = 0; - - if(capabilities != NULL) - { - // Find the first capability less than or equal to type - for(i = 0; i < capabilities->count; i++) - { - if(capabilities->acCapabilities[i].tag >= type) - { - // copy the capabilities until we run out or fill the list - for(; (capabilityList->count < MAX_AC_CAPABILITIES) - && (i < capabilities->count); i++) - { - capabilityList->acCapabilities[capabilityList->count] - = capabilities->acCapabilities[i]; - capabilityList->count++; - } - more = i < capabilities->count; - } - } - } - return more; -} - - -//*** AcSendObject() -// Stub to handle sending of an AC object -// Return Type: TPM_RC -TPM_RC -AcSendObject( - TPM_HANDLE acHandle, // IN: Handle of AC receiving object - OBJECT *object, // IN: object structure to send - TPMS_AC_OUTPUT *acDataOut // OUT: results of operation -) -{ - NOT_REFERENCED(object); - NOT_REFERENCED(acHandle); - acDataOut->tag = TPM_AT_ERROR; // indicate that the response contains an - // error code - acDataOut->data = TPM_AE_NONE; // but there is no error. - - return TPM_RC_SUCCESS; -} diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/AttachedComponent/Policy_AC_SendSelect.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/AttachedComponent/Policy_AC_SendSelect.c deleted file mode 100644 index 8973e1911..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/AttachedComponent/Policy_AC_SendSelect.c +++ /dev/null @@ -1,115 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "Policy_AC_SendSelect_fp.h" - -#if CC_Policy_AC_SendSelect // Conditional expansion of this file - -/*(See part 3 specification) -// allows qualification of attached component and object to be sent. -*/ -// Return Type: TPM_RC -// TPM_RC_COMMAND_CODE 'commandCode' of 'policySession; is not empty -// TPM_RC_CPHASH 'cpHash' of 'policySession' is not empty -TPM_RC -TPM2_Policy_AC_SendSelect( - Policy_AC_SendSelect_In *in // IN: input parameter list - ) -{ - SESSION *session; - HASH_STATE hashState; - TPM_CC commandCode = TPM_CC_Policy_AC_SendSelect; - -// Input Validation - - // Get pointer to the session structure - session = SessionGet(in->policySession); - - // cpHash in session context must be empty - if(session->u1.cpHash.t.size != 0) - return TPM_RC_CPHASH; - // commandCode in session context must be empty - if(session->commandCode != 0) - return TPM_RC_COMMAND_CODE; -// Internal Data Update - // Update name hash - session->u1.cpHash.t.size = CryptHashStart(&hashState, session->authHashAlg); - - // add objectName - CryptDigestUpdate2B(&hashState, &in->objectName.b); - - // add authHandleName - CryptDigestUpdate2B(&hashState, &in->authHandleName.b); - - // add ac name - CryptDigestUpdate2B(&hashState, &in->acName.b); - - // complete hash - CryptHashEnd2B(&hashState, &session->u1.cpHash.b); - - // update policy hash - // Old policyDigest size should be the same as the new policyDigest size since - // they are using the same hash algorithm - session->u2.policyDigest.t.size - = CryptHashStart(&hashState, session->authHashAlg); -// add old policy - CryptDigestUpdate2B(&hashState, &session->u2.policyDigest.b); - - // add command code - CryptDigestUpdateInt(&hashState, sizeof(TPM_CC), commandCode); - - // add objectName - if(in->includeObject == YES) - CryptDigestUpdate2B(&hashState, &in->objectName.b); - - // add authHandleName - CryptDigestUpdate2B(&hashState, &in->authHandleName.b); - - // add acName - CryptDigestUpdate2B(&hashState, &in->acName.b); - - // add includeObject - CryptDigestUpdateInt(&hashState, sizeof(TPMI_YES_NO), in->includeObject); - - // complete digest - CryptHashEnd2B(&hashState, &session->u2.policyDigest.b); - - // set commandCode in session context - session->commandCode = TPM_CC_AC_Send; - - return TPM_RC_SUCCESS; -} - -#endif // CC_PolicyDuplicationSelect \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/Attest_spt.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/Attest_spt.c deleted file mode 100644 index 2715c38f7..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/Attest_spt.c +++ /dev/null @@ -1,198 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Includes -#include "Tpm.h" -#include "Attest_spt_fp.h" - -//** Functions - -//***FillInAttestInfo() -// Fill in common fields of TPMS_ATTEST structure. -void -FillInAttestInfo( - TPMI_DH_OBJECT signHandle, // IN: handle of signing object - TPMT_SIG_SCHEME *scheme, // IN/OUT: scheme to be used for signing - TPM2B_DATA *data, // IN: qualifying data - TPMS_ATTEST *attest // OUT: attest structure - ) -{ - OBJECT *signObject = HandleToObject(signHandle); - - // Magic number - attest->magic = TPM_GENERATED_VALUE; - - if(signObject == NULL) - { - // The name for a null handle is TPM_RH_NULL - // This is defined because UINT32_TO_BYTE_ARRAY does a cast. If the - // size of the cast is smaller than a constant, the compiler warns - // about the truncation of a constant value. - TPM_HANDLE nullHandle = TPM_RH_NULL; - attest->qualifiedSigner.t.size = sizeof(TPM_HANDLE); - UINT32_TO_BYTE_ARRAY(nullHandle, attest->qualifiedSigner.t.name); - } - else - { - // Certifying object qualified name - // if the scheme is anonymous, this is an empty buffer - if(CryptIsSchemeAnonymous(scheme->scheme)) - attest->qualifiedSigner.t.size = 0; - else - attest->qualifiedSigner = signObject->qualifiedName; - } - // current clock in plain text - TimeFillInfo(&attest->clockInfo); - - // Firmware version in plain text - attest->firmwareVersion = ((UINT64)gp.firmwareV1 << (sizeof(UINT32) * 8)); - attest->firmwareVersion += gp.firmwareV2; - - // Check the hierarchy of sign object. For NULL sign handle, the hierarchy - // will be TPM_RH_NULL - if((signObject == NULL) - || (!signObject->attributes.epsHierarchy - && !signObject->attributes.ppsHierarchy)) - { - // For signing key that is not in platform or endorsement hierarchy, - // obfuscate the reset, restart and firmware version information - UINT64 obfuscation[2]; - CryptKDFa(CONTEXT_INTEGRITY_HASH_ALG, &gp.shProof.b, OBFUSCATE_STRING, - &attest->qualifiedSigner.b, NULL, 128, - (BYTE *)&obfuscation[0], NULL, FALSE); - // Obfuscate data - attest->firmwareVersion += obfuscation[0]; - attest->clockInfo.resetCount += (UINT32)(obfuscation[1] >> 32); - attest->clockInfo.restartCount += (UINT32)obfuscation[1]; - } - // External data - if(CryptIsSchemeAnonymous(scheme->scheme)) - attest->extraData.t.size = 0; - else - { - // If we move the data to the attestation structure, then it is not - // used in the signing operation except as part of the signed data - attest->extraData = *data; - data->t.size = 0; - } -} - -//***SignAttestInfo() -// Sign a TPMS_ATTEST structure. If signHandle is TPM_RH_NULL, a null signature -// is returned. -// -// Return Type: TPM_RC -// TPM_RC_ATTRIBUTES 'signHandle' references not a signing key -// TPM_RC_SCHEME 'scheme' is not compatible with 'signHandle' type -// TPM_RC_VALUE digest generated for the given 'scheme' is greater than -// the modulus of 'signHandle' (for an RSA key); -// invalid commit status or failed to generate "r" value -// (for an ECC key) -TPM_RC -SignAttestInfo( - OBJECT *signKey, // IN: sign object - TPMT_SIG_SCHEME *scheme, // IN: sign scheme - TPMS_ATTEST *certifyInfo, // IN: the data to be signed - TPM2B_DATA *qualifyingData, // IN: extra data for the signing - // process - TPM2B_ATTEST *attest, // OUT: marshaled attest blob to be - // signed - TPMT_SIGNATURE *signature // OUT: signature - ) -{ - BYTE *buffer; - HASH_STATE hashState; - TPM2B_DIGEST digest; - TPM_RC result; - - // Marshal TPMS_ATTEST structure for hash - buffer = attest->t.attestationData; - attest->t.size = TPMS_ATTEST_Marshal(certifyInfo, &buffer, NULL); - - if(signKey == NULL) - { - signature->sigAlg = TPM_ALG_NULL; - result = TPM_RC_SUCCESS; - } - else - { - TPMI_ALG_HASH hashAlg; - // Compute hash - hashAlg = scheme->details.any.hashAlg; - // need to set the receive buffer to get something put in it - digest.t.size = sizeof(digest.t.buffer); - digest.t.size = CryptHashBlock(hashAlg, attest->t.size, - attest->t.attestationData, - digest.t.size, digest.t.buffer); - // If there is qualifying data, need to rehash the data - // hash(qualifyingData || hash(attestationData)) - if(qualifyingData->t.size != 0) - { - CryptHashStart(&hashState, hashAlg); - CryptDigestUpdate2B(&hashState, &qualifyingData->b); - CryptDigestUpdate2B(&hashState, &digest.b); - CryptHashEnd2B(&hashState, &digest.b); - } - // Sign the hash. A TPM_RC_VALUE, TPM_RC_SCHEME, or - // TPM_RC_ATTRIBUTES error may be returned at this point - result = CryptSign(signKey, scheme, &digest, signature); - - // Since the clock is used in an attestation, the state in NV is no longer - // "orderly" with respect to the data in RAM if the signature is valid - if(result == TPM_RC_SUCCESS) - { - // Command uses the clock so need to clear the orderly state if it is - // set. - result = NvClearOrderly(); - } - } - return result; -} - -//*** IsSigningObject() -// Checks to see if the object is OK for signing. This is here rather than in -// Object_spt.c because all the attestation commands use this file but not -// Object_spt.c. -// Return Type: BOOL -// TRUE(1) object may sign -// FALSE(0) object may not sign -BOOL -IsSigningObject( - OBJECT *object // IN: - ) -{ - return ((object == NULL) - || ((IS_ATTRIBUTE(object->publicArea.objectAttributes, TPMA_OBJECT, sign) - && object->publicArea.type != TPM_ALG_SYMCIPHER))); -} \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/Certify.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/Certify.c deleted file mode 100644 index 0bdc22361..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/Certify.c +++ /dev/null @@ -1,94 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "Attest_spt_fp.h" -#include "Certify_fp.h" - -#if CC_Certify // Conditional expansion of this file - -/*(See part 3 specification) -// prove an object with a specific Name is loaded in the TPM -*/ -// Return Type: TPM_RC -// TPM_RC_KEY key referenced by 'signHandle' is not a signing key -// TPM_RC_SCHEME 'inScheme' is not compatible with 'signHandle' -// TPM_RC_VALUE digest generated for 'inScheme' is greater or has larger -// size than the modulus of 'signHandle', or the buffer for -// the result in 'signature' is too small (for an RSA key); -// invalid commit status (for an ECC key with a split scheme) -TPM_RC -TPM2_Certify( - Certify_In *in, // IN: input parameter list - Certify_Out *out // OUT: output parameter list - ) -{ - TPMS_ATTEST certifyInfo; - OBJECT *signObject = HandleToObject(in->signHandle); - OBJECT *certifiedObject = HandleToObject(in->objectHandle); -// Input validation - if(!IsSigningObject(signObject)) - return TPM_RCS_KEY + RC_Certify_signHandle; - if(!CryptSelectSignScheme(signObject, &in->inScheme)) - return TPM_RCS_SCHEME + RC_Certify_inScheme; - -// Command Output - // Filling in attest information - // Common fields - FillInAttestInfo(in->signHandle, &in->inScheme, &in->qualifyingData, - &certifyInfo); - - // Certify specific fields - certifyInfo.type = TPM_ST_ATTEST_CERTIFY; - // NOTE: the certified object is not allowed to be TPM_ALG_NULL so - // 'certifiedObject' will never be NULL - certifyInfo.attested.certify.name = certifiedObject->name; - - // When using an anonymous signing scheme, need to set the qualified Name to the - // empty buffer to avoid correlation between keys - if(CryptIsSchemeAnonymous(in->inScheme.scheme)) - certifyInfo.attested.certify.qualifiedName.t.size = 0; - else - certifyInfo.attested.certify.qualifiedName = certifiedObject->qualifiedName; - - - // Sign attestation structure. A NULL signature will be returned if - // signHandle is TPM_RH_NULL. A TPM_RC_NV_UNAVAILABLE, TPM_RC_NV_RATE, - // TPM_RC_VALUE, TPM_RC_SCHEME or TPM_RC_ATTRIBUTES error may be returned - // by SignAttestInfo() - return SignAttestInfo(signObject, &in->inScheme, &certifyInfo, - &in->qualifyingData, &out->certifyInfo, &out->signature); -} - -#endif // CC_Certify \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/CertifyCreation.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/CertifyCreation.c deleted file mode 100644 index 2cb7f1837..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/CertifyCreation.c +++ /dev/null @@ -1,98 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "Attest_spt_fp.h" -#include "CertifyCreation_fp.h" - -#if CC_CertifyCreation // Conditional expansion of this file - -/*(See part 3 specification) -// Prove the association between an object and its creation data -*/ -// Return Type: TPM_RC -// TPM_RC_KEY key referenced by 'signHandle' is not a signing key -// TPM_RC_SCHEME 'inScheme' is not compatible with 'signHandle' -// TPM_RC_TICKET 'creationTicket' does not match 'objectHandle' -// TPM_RC_VALUE digest generated for 'inScheme' is greater or has larger -// size than the modulus of 'signHandle', or the buffer for -// the result in 'signature' is too small (for an RSA key); -// invalid commit status (for an ECC key with a split scheme). -TPM_RC -TPM2_CertifyCreation( - CertifyCreation_In *in, // IN: input parameter list - CertifyCreation_Out *out // OUT: output parameter list - ) -{ - TPMT_TK_CREATION ticket; - TPMS_ATTEST certifyInfo; - OBJECT *certified = HandleToObject(in->objectHandle); - OBJECT *signObject = HandleToObject(in->signHandle); -// Input Validation - if(!IsSigningObject(signObject)) - return TPM_RCS_KEY + RC_CertifyCreation_signHandle; - if(!CryptSelectSignScheme(signObject, &in->inScheme)) - return TPM_RCS_SCHEME + RC_CertifyCreation_inScheme; - - // CertifyCreation specific input validation - // Re-compute ticket - TicketComputeCreation(in->creationTicket.hierarchy, &certified->name, - &in->creationHash, &ticket); - // Compare ticket - if(!MemoryEqual2B(&ticket.digest.b, &in->creationTicket.digest.b)) - return TPM_RCS_TICKET + RC_CertifyCreation_creationTicket; - -// Command Output - // Common fields - FillInAttestInfo(in->signHandle, &in->inScheme, &in->qualifyingData, - &certifyInfo); - - // CertifyCreation specific fields - // Attestation type - certifyInfo.type = TPM_ST_ATTEST_CREATION; - certifyInfo.attested.creation.objectName = certified->name; - - // Copy the creationHash - certifyInfo.attested.creation.creationHash = in->creationHash; - - // Sign attestation structure. A NULL signature will be returned if - // signObject is TPM_RH_NULL. A TPM_RC_NV_UNAVAILABLE, TPM_RC_NV_RATE, - // TPM_RC_VALUE, TPM_RC_SCHEME or TPM_RC_ATTRIBUTES error may be returned at - // this point - return SignAttestInfo(signObject, &in->inScheme, &certifyInfo, - &in->qualifyingData, &out->certifyInfo, - &out->signature); -} - -#endif // CC_CertifyCreation \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/CertifyX509.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/CertifyX509.c deleted file mode 100644 index 961ed47d7..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/CertifyX509.c +++ /dev/null @@ -1,276 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "CertifyX509_fp.h" -#include "X509.h" -#include "TpmASN1_fp.h" -#include "X509_spt_fp.h" -#include "Attest_spt_fp.h" - -#if CC_CertifyX509 // Conditional expansion of this file - -/*(See part 3 specification) -// Certify -*/ -// return type: TPM_RC -// TPM_RC_ATTRIBUTES the attributes of 'objectHandle' are not compatible -// with the KeyUsage or TPMA_OBJECT values in the -// extensions fields -// TPM_RC_BINDING the public and private portions of the key are not -// properly bound. -// TPM_RC_HASH the hash algorithm in the scheme is not supported -// TPM_RC_KEY 'signHandle' does not reference a signing key; -// TPM_RC_SCHEME the scheme is not compatible with sign key type, -// or input scheme is not compatible with default -// scheme, or the chosen scheme is not a valid -// sign scheme -// TPM_RC_VALUE most likely a problem with the format of -// 'partialCertificate' -TPM_RC -TPM2_CertifyX509( - CertifyX509_In *in, // IN: input parameter list - CertifyX509_Out *out // OUT: output parameter list -) -{ - TPM_RC result; - OBJECT *signKey = HandleToObject(in->signHandle); - OBJECT *object = HandleToObject(in->objectHandle); - HASH_STATE hash; - INT16 length; // length for a tagged element - ASN1UnmarshalContext ctx; - ASN1MarshalContext ctxOut; - // certTBS holds an array of pointers and lengths. Each entry references the - // corresponding value in a TBSCertificate structure. For example, the 1th - // element references the version number - stringRef certTBS[REF_COUNT] = {{0}}; -#define ALLOWED_SEQUENCES (SUBJECT_PUBLIC_KEY_REF - SIGNATURE_REF) - stringRef partial[ALLOWED_SEQUENCES] = {{0}}; - INT16 countOfSequences = 0; - INT16 i; - // -#if CERTIFYX509_DEBUG - DebugFileOpen(); - DebugDumpBuffer(in->partialCertificate.t.size, in->partialCertificate.t.buffer, - "partialCertificate"); -#endif - - // Input Validation - // signing key must be able to sign - if(!IsSigningObject(signKey)) - return TPM_RCS_KEY + RC_CertifyX509_signHandle; - // Pick a scheme for sign. If the input sign scheme is not compatible with - // the default scheme, return an error. - if(!CryptSelectSignScheme(signKey, &in->inScheme)) - return TPM_RCS_SCHEME + RC_CertifyX509_inScheme; - // Make sure that the public Key encoding is known - if(X509AddPublicKey(NULL, object) == 0) - return TPM_RCS_ASYMMETRIC + RC_CertifyX509_objectHandle; - // Unbundle 'partialCertificate'. - // Initialize the unmarshaling context - if(!ASN1UnmarshalContextInitialize(&ctx, in->partialCertificate.t.size, - in->partialCertificate.t.buffer)) - return TPM_RCS_VALUE + RC_CertifyX509_partialCertificate; - // Make sure that this is a constructed SEQUENCE - length = ASN1NextTag(&ctx); - // Must be a constructed SEQUENCE that uses all of the input parameter - if((ctx.tag != (ASN1_CONSTRUCTED_SEQUENCE)) - || ((ctx.offset + length) != in->partialCertificate.t.size)) - return TPM_RCS_SIZE + RC_CertifyX509_partialCertificate; - - // This scans through the contents of the outermost SEQUENCE. This would be the - // 'issuer', 'validity', 'subject', 'issuerUniqueID' (optional), - // 'subjectUniqueID' (optional), and 'extensions.' - while(ctx.offset < ctx.size) - { - INT16 startOfElement = ctx.offset; - // - // Read the next tag and length field. - length = ASN1NextTag(&ctx); - if(length < 0) - break; - if(ctx.tag == ASN1_CONSTRUCTED_SEQUENCE) - { - partial[countOfSequences].buf = &ctx.buffer[startOfElement]; - ctx.offset += length; - partial[countOfSequences].len = (INT16)ctx.offset - startOfElement; - if(++countOfSequences > ALLOWED_SEQUENCES) - break; - } - else if(ctx.tag == X509_EXTENSIONS) - { - if(certTBS[EXTENSIONS_REF].len != 0) - return TPM_RCS_VALUE + RC_CertifyX509_partialCertificate; - certTBS[EXTENSIONS_REF].buf = &ctx.buffer[startOfElement]; - ctx.offset += length; - certTBS[EXTENSIONS_REF].len = - (INT16)ctx.offset - startOfElement; - } - else - return TPM_RCS_VALUE + RC_CertifyX509_partialCertificate; - } - // Make sure that we used all of the data and found at least the required - // number of elements. - if((ctx.offset != ctx.size) || (countOfSequences < 3) - || (countOfSequences > 4) - || (certTBS[EXTENSIONS_REF].buf == NULL)) - return TPM_RCS_VALUE + RC_CertifyX509_partialCertificate; - // Now that we know how many sequences there were, we can put them where they - // belong - for(i = 0; i < countOfSequences; i++) - certTBS[SUBJECT_KEY_REF - i] = partial[countOfSequences - 1 - i]; - - // If only three SEQUENCES, then the TPM needs to produce the signature algorithm. - // See if it can - if((countOfSequences == 3) && - (X509AddSigningAlgorithm(NULL, signKey, &in->inScheme) == 0)) - return TPM_RCS_SCHEME + RC_CertifyX509_signHandle; - - // Process the extensions - result = X509ProcessExtensions(object, &certTBS[EXTENSIONS_REF]); - if(result != TPM_RC_SUCCESS) - // If the extension has the TPMA_OBJECT extension and the attributes don't - // match, then the error code will be TPM_RCS_ATTRIBUTES. Otherwise, the error - // indicates a malformed partialCertificate. - return result + ((result == TPM_RCS_ATTRIBUTES) - ? RC_CertifyX509_objectHandle - : RC_CertifyX509_partialCertificate); -// Command Output -// Create the addedToCertificate values - - // Build the addedToCertificate from the bottom up. - // Initialize the context structure - ASN1InitialializeMarshalContext(&ctxOut, sizeof(out->addedToCertificate.t.buffer), - out->addedToCertificate.t.buffer); - // Place a marker for the overall context - ASN1StartMarshalContext(&ctxOut); // SEQUENCE for addedToCertificate - - // Add the subject public key descriptor - certTBS[SUBJECT_PUBLIC_KEY_REF].len = X509AddPublicKey(&ctxOut, object); - certTBS[SUBJECT_PUBLIC_KEY_REF].buf = ctxOut.buffer + ctxOut.offset; - // If the caller didn't provide the algorithm identifier, create it - if(certTBS[SIGNATURE_REF].len == 0) - { - certTBS[SIGNATURE_REF].len = X509AddSigningAlgorithm(&ctxOut, signKey, - &in->inScheme); - certTBS[SIGNATURE_REF].buf = ctxOut.buffer + ctxOut.offset; - } - // Create the serial number value. Use the out->tbsDigest as scratch. - { - TPM2B *digest = &out->tbsDigest.b; - // - digest->size = (INT16)CryptHashStart(&hash, signKey->publicArea.nameAlg); - pAssert(digest->size != 0); - - // The serial number size is the smaller of the digest and the vendor-defined - // value - digest->size = MIN(digest->size, SIZE_OF_X509_SERIAL_NUMBER); - // Add all the parts of the certificate other than the serial number - // and version number - for(i = SIGNATURE_REF; i < REF_COUNT; i++) - CryptDigestUpdate(&hash, certTBS[i].len, certTBS[i].buf); - // throw in the Name of the signing key... - CryptDigestUpdate2B(&hash, &signKey->name.b); - // ...and the Name of the signed key. - CryptDigestUpdate2B(&hash, &object->name.b); - // Done - CryptHashEnd2B(&hash, digest); - } - - // Add the serial number - certTBS[SERIAL_NUMBER_REF].len = - ASN1PushInteger(&ctxOut, out->tbsDigest.t.size, out->tbsDigest.t.buffer); - certTBS[SERIAL_NUMBER_REF].buf = ctxOut.buffer + ctxOut.offset; - - // Add the static version number - ASN1StartMarshalContext(&ctxOut); - ASN1PushUINT(&ctxOut, 2); - certTBS[VERSION_REF].len = - ASN1EndEncapsulation(&ctxOut, ASN1_APPLICAIION_SPECIFIC); - certTBS[VERSION_REF].buf = ctxOut.buffer + ctxOut.offset; - - // Create a fake tag and length for the TBS in the space used for - // 'addedToCertificate' - { - for(length = 0, i = 0; i < REF_COUNT; i++) - length += certTBS[i].len; - // Put a fake tag and length into the buffer for use in the tbsDigest - certTBS[ENCODED_SIZE_REF].len = - ASN1PushTagAndLength(&ctxOut, ASN1_CONSTRUCTED_SEQUENCE, length); - certTBS[ENCODED_SIZE_REF].buf = ctxOut.buffer + ctxOut.offset; - // Restore the buffer pointer to add back the number of octets used for the - // tag and length - ctxOut.offset += certTBS[ENCODED_SIZE_REF].len; - } - // sanity check - if(ctxOut.offset < 0) - return TPM_RC_FAILURE; - // Create the tbsDigest to sign - out->tbsDigest.t.size = CryptHashStart(&hash, in->inScheme.details.any.hashAlg); - for(i = 0; i < REF_COUNT; i++) - CryptDigestUpdate(&hash, certTBS[i].len, certTBS[i].buf); - CryptHashEnd2B(&hash, &out->tbsDigest.b); - -#if CERTIFYX509_DEBUG - { - BYTE fullTBS[4096]; - BYTE *fill = fullTBS; - int j; - for (j = 0; j < REF_COUNT; j++) - { - MemoryCopy(fill, certTBS[j].buf, certTBS[j].len); - fill += certTBS[j].len; - } - DebugDumpBuffer((int)(fill - &fullTBS[0]), fullTBS, "\nfull TBS"); - } -#endif - -// Finish up the processing of addedToCertificate - // Create the actual tag and length for the addedToCertificate structure - out->addedToCertificate.t.size = - ASN1EndEncapsulation(&ctxOut, ASN1_CONSTRUCTED_SEQUENCE); - // Now move all the addedToContext to the start of the buffer - MemoryCopy(out->addedToCertificate.t.buffer, ctxOut.buffer + ctxOut.offset, - out->addedToCertificate.t.size); -#if CERTIFYX509_DEBUG - DebugDumpBuffer(out->addedToCertificate.t.size, out->addedToCertificate.t.buffer, - "\naddedToCertificate"); -#endif - // only thing missing is the signature - result = CryptSign(signKey, &in->inScheme, &out->tbsDigest, &out->signature); - - return result; -} - -#endif // CC_CertifyX509 diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/GetCommandAuditDigest.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/GetCommandAuditDigest.c deleted file mode 100644 index 5ecc90153..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/GetCommandAuditDigest.c +++ /dev/null @@ -1,99 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "Attest_spt_fp.h" -#include "GetCommandAuditDigest_fp.h" - -#if CC_GetCommandAuditDigest // Conditional expansion of this file - -/*(See part 3 specification) -// Get current value of command audit log -*/ -// Return Type: TPM_RC -// TPM_RC_KEY key referenced by 'signHandle' is not a signing key -// TPM_RC_SCHEME 'inScheme' is incompatible with 'signHandle' type; or -// both 'scheme' and key's default scheme are empty; or -// 'scheme' is empty while key's default scheme requires -// explicit input scheme (split signing); or -// non-empty default key scheme differs from 'scheme' -// TPM_RC_VALUE digest generated for the given 'scheme' is greater than -// the modulus of 'signHandle' (for an RSA key); -// invalid commit status or failed to generate "r" value -// (for an ECC key) -TPM_RC -TPM2_GetCommandAuditDigest( - GetCommandAuditDigest_In *in, // IN: input parameter list - GetCommandAuditDigest_Out *out // OUT: output parameter list - ) -{ - TPM_RC result; - TPMS_ATTEST auditInfo; - OBJECT *signObject = HandleToObject(in->signHandle); -// Input validation - if(!IsSigningObject(signObject)) - return TPM_RCS_KEY + RC_GetCommandAuditDigest_signHandle; - if(!CryptSelectSignScheme(signObject, &in->inScheme)) - return TPM_RCS_SCHEME + RC_GetCommandAuditDigest_inScheme; - -// Command Output - // Fill in attest information common fields - FillInAttestInfo(in->signHandle, &in->inScheme, &in->qualifyingData, - &auditInfo); - - // CommandAuditDigest specific fields - auditInfo.type = TPM_ST_ATTEST_COMMAND_AUDIT; - auditInfo.attested.commandAudit.digestAlg = gp.auditHashAlg; - auditInfo.attested.commandAudit.auditCounter = gp.auditCounter; - - // Copy command audit log - auditInfo.attested.commandAudit.auditDigest = gr.commandAuditDigest; - CommandAuditGetDigest(&auditInfo.attested.commandAudit.commandDigest); - - // Sign attestation structure. A NULL signature will be returned if - // signHandle is TPM_RH_NULL. A TPM_RC_NV_UNAVAILABLE, TPM_RC_NV_RATE, - // TPM_RC_VALUE, TPM_RC_SCHEME or TPM_RC_ATTRIBUTES error may be returned at - // this point - result = SignAttestInfo(signObject, &in->inScheme, &auditInfo, - &in->qualifyingData, &out->auditInfo, - &out->signature); - // Internal Data Update - if(result == TPM_RC_SUCCESS && in->signHandle != TPM_RH_NULL) - // Reset log - gr.commandAuditDigest.t.size = 0; - - return result; -} - -#endif // CC_GetCommandAuditDigest \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/GetSessionAuditDigest.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/GetSessionAuditDigest.c deleted file mode 100644 index e9ed0470d..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/GetSessionAuditDigest.c +++ /dev/null @@ -1,95 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "Attest_spt_fp.h" -#include "GetSessionAuditDigest_fp.h" - -#if CC_GetSessionAuditDigest // Conditional expansion of this file - -/*(See part 3 specification) -// Get audit session digest -*/ -// Return Type: TPM_RC -// TPM_RC_KEY key referenced by 'signHandle' is not a signing key -// TPM_RC_SCHEME 'inScheme' is incompatible with 'signHandle' type; or -// both 'scheme' and key's default scheme are empty; or -// 'scheme' is empty while key's default scheme requires -// explicit input scheme (split signing); or -// non-empty default key scheme differs from 'scheme' -// TPM_RC_TYPE 'sessionHandle' does not reference an audit session -// TPM_RC_VALUE digest generated for the given 'scheme' is greater than -// the modulus of 'signHandle' (for an RSA key); -// invalid commit status or failed to generate "r" value -// (for an ECC key) -TPM_RC -TPM2_GetSessionAuditDigest( - GetSessionAuditDigest_In *in, // IN: input parameter list - GetSessionAuditDigest_Out *out // OUT: output parameter list - ) -{ - SESSION *session = SessionGet(in->sessionHandle); - TPMS_ATTEST auditInfo; - OBJECT *signObject = HandleToObject(in->signHandle); -// Input Validation - if(!IsSigningObject(signObject)) - return TPM_RCS_KEY + RC_GetSessionAuditDigest_signHandle; - if(!CryptSelectSignScheme(signObject, &in->inScheme)) - return TPM_RCS_SCHEME + RC_GetSessionAuditDigest_inScheme; - - // session must be an audit session - if(session->attributes.isAudit == CLEAR) - return TPM_RCS_TYPE + RC_GetSessionAuditDigest_sessionHandle; - -// Command Output - // Fill in attest information common fields - FillInAttestInfo(in->signHandle, &in->inScheme, &in->qualifyingData, - &auditInfo); - - // SessionAuditDigest specific fields - auditInfo.type = TPM_ST_ATTEST_SESSION_AUDIT; - auditInfo.attested.sessionAudit.sessionDigest = session->u2.auditDigest; - - // Exclusive audit session - auditInfo.attested.sessionAudit.exclusiveSession - = (g_exclusiveAuditSession == in->sessionHandle); - - // Sign attestation structure. A NULL signature will be returned if - // signObject is NULL. - return SignAttestInfo(signObject, &in->inScheme, &auditInfo, - &in->qualifyingData, &out->auditInfo, - &out->signature); -} - -#endif // CC_GetSessionAuditDigest \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/GetTime.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/GetTime.c deleted file mode 100644 index fe24c7e6a..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/GetTime.c +++ /dev/null @@ -1,88 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "Attest_spt_fp.h" -#include "GetTime_fp.h" - -#if CC_GetTime // Conditional expansion of this file - -/*(See part 3 specification) -// Applies a time stamp to the passed blob (qualifyingData). -*/ -// Return Type: TPM_RC -// TPM_RC_KEY key referenced by 'signHandle' is not a signing key -// TPM_RC_SCHEME 'inScheme' is incompatible with 'signHandle' type; or -// both 'scheme' and key's default scheme are empty; or -// 'scheme' is empty while key's default scheme requires -// explicit input scheme (split signing); or -// non-empty default key scheme differs from 'scheme' -// TPM_RC_VALUE digest generated for the given 'scheme' is greater than -// the modulus of 'signHandle' (for an RSA key); -// invalid commit status or failed to generate "r" value -// (for an ECC key) -TPM_RC -TPM2_GetTime( - GetTime_In *in, // IN: input parameter list - GetTime_Out *out // OUT: output parameter list - ) -{ - TPMS_ATTEST timeInfo; - OBJECT *signObject = HandleToObject(in->signHandle); -// Input Validation - if(!IsSigningObject(signObject)) - return TPM_RCS_KEY + RC_GetTime_signHandle; - if(!CryptSelectSignScheme(signObject, &in->inScheme)) - return TPM_RCS_SCHEME + RC_GetTime_inScheme; - -// Command Output - // Fill in attest common fields - FillInAttestInfo(in->signHandle, &in->inScheme, &in->qualifyingData, &timeInfo); - - // GetClock specific fields - timeInfo.type = TPM_ST_ATTEST_TIME; - timeInfo.attested.time.time.time = g_time; - TimeFillInfo(&timeInfo.attested.time.time.clockInfo); - - // Firmware version in plain text - timeInfo.attested.time.firmwareVersion - = (((UINT64)gp.firmwareV1) << 32) + gp.firmwareV2; - - // Sign attestation structure. A NULL signature will be returned if - // signObject is NULL. - return SignAttestInfo(signObject, &in->inScheme, &timeInfo, &in->qualifyingData, - &out->timeInfo, &out->signature); -} - -#endif // CC_GetTime \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/Quote.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/Quote.c deleted file mode 100644 index f22e3cde2..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/Quote.c +++ /dev/null @@ -1,98 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "Attest_spt_fp.h" -#include "Quote_fp.h" - -#if CC_Quote // Conditional expansion of this file - -/*(See part 3 specification) -// quote PCR values -*/ -// Return Type: TPM_RC -// TPM_RC_KEY 'signHandle' does not reference a signing key; -// TPM_RC_SCHEME the scheme is not compatible with sign key type, -// or input scheme is not compatible with default -// scheme, or the chosen scheme is not a valid -// sign scheme -TPM_RC -TPM2_Quote( - Quote_In *in, // IN: input parameter list - Quote_Out *out // OUT: output parameter list - ) -{ - TPMI_ALG_HASH hashAlg; - TPMS_ATTEST quoted; - OBJECT *signObject = HandleToObject(in->signHandle); -// Input Validation - if(!IsSigningObject(signObject)) - return TPM_RCS_KEY + RC_Quote_signHandle; - if(!CryptSelectSignScheme(signObject, &in->inScheme)) - return TPM_RCS_SCHEME + RC_Quote_inScheme; - -// Command Output - - // Filling in attest information - // Common fields - // FillInAttestInfo may return TPM_RC_SCHEME or TPM_RC_KEY - FillInAttestInfo(in->signHandle, &in->inScheme, &in->qualifyingData, "ed); - - // Quote specific fields - // Attestation type - quoted.type = TPM_ST_ATTEST_QUOTE; - - // Get hash algorithm in sign scheme. This hash algorithm is used to - // compute PCR digest. If there is no algorithm, then the PCR cannot - // be digested and this command returns TPM_RC_SCHEME - hashAlg = in->inScheme.details.any.hashAlg; - - if(hashAlg == TPM_ALG_NULL) - return TPM_RCS_SCHEME + RC_Quote_inScheme; - - // Compute PCR digest - PCRComputeCurrentDigest(hashAlg, &in->PCRselect, - "ed.attested.quote.pcrDigest); - - // Copy PCR select. "PCRselect" is modified in PCRComputeCurrentDigest - // function - quoted.attested.quote.pcrSelect = in->PCRselect; - - // Sign attestation structure. A NULL signature will be returned if - // signObject is NULL. - return SignAttestInfo(signObject, &in->inScheme, "ed, &in->qualifyingData, - &out->quoted, &out->signature); -} - -#endif // CC_Quote \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Capability/GetCapability.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Capability/GetCapability.c deleted file mode 100644 index a3c5cf7e4..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Capability/GetCapability.c +++ /dev/null @@ -1,180 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "GetCapability_fp.h" - -#if CC_GetCapability // Conditional expansion of this file - -/*(See part 3 specification) -// This command returns various information regarding the TPM and its current -// state -*/ -// Return Type: TPM_RC -// TPM_RC_HANDLE value of 'property' is in an unsupported handle range -// for the TPM_CAP_HANDLES 'capability' value -// TPM_RC_VALUE invalid 'capability'; or 'property' is not 0 for the -// TPM_CAP_PCRS 'capability' value -TPM_RC -TPM2_GetCapability( - GetCapability_In *in, // IN: input parameter list - GetCapability_Out *out // OUT: output parameter list - ) -{ - TPMU_CAPABILITIES *data = &out->capabilityData.data; -// Command Output - - // Set output capability type the same as input type - out->capabilityData.capability = in->capability; - - switch(in->capability) - { - case TPM_CAP_ALGS: - out->moreData = AlgorithmCapGetImplemented((TPM_ALG_ID)in->property, - in->propertyCount, - &data->algorithms); - break; - case TPM_CAP_HANDLES: - switch(HandleGetType((TPM_HANDLE)in->property)) - { - case TPM_HT_TRANSIENT: - // Get list of handles of loaded transient objects - out->moreData = ObjectCapGetLoaded((TPM_HANDLE)in->property, - in->propertyCount, - &data->handles); - break; - case TPM_HT_PERSISTENT: - // Get list of handles of persistent objects - out->moreData = NvCapGetPersistent((TPM_HANDLE)in->property, - in->propertyCount, - &data->handles); - break; - case TPM_HT_NV_INDEX: - // Get list of defined NV index - out->moreData = NvCapGetIndex((TPM_HANDLE)in->property, - in->propertyCount, - &data->handles); - break; - case TPM_HT_LOADED_SESSION: - // Get list of handles of loaded sessions - out->moreData = SessionCapGetLoaded((TPM_HANDLE)in->property, - in->propertyCount, - &data->handles); - break; -#ifdef TPM_HT_SAVED_SESSION - case TPM_HT_SAVED_SESSION: -#else - case TPM_HT_ACTIVE_SESSION: -#endif - // Get list of handles of - out->moreData = SessionCapGetSaved((TPM_HANDLE)in->property, - in->propertyCount, - &data->handles); - break; - case TPM_HT_PCR: - // Get list of handles of PCR - out->moreData = PCRCapGetHandles((TPM_HANDLE)in->property, - in->propertyCount, - &data->handles); - break; - case TPM_HT_PERMANENT: - // Get list of permanent handles - out->moreData = PermanentCapGetHandles((TPM_HANDLE)in->property, - in->propertyCount, - &data->handles); - break; - default: - // Unsupported input handle type - return TPM_RCS_HANDLE + RC_GetCapability_property; - break; - } - break; - case TPM_CAP_COMMANDS: - out->moreData = CommandCapGetCCList((TPM_CC)in->property, - in->propertyCount, - &data->command); - break; - case TPM_CAP_PP_COMMANDS: - out->moreData = PhysicalPresenceCapGetCCList((TPM_CC)in->property, - in->propertyCount, - &data->ppCommands); - break; - case TPM_CAP_AUDIT_COMMANDS: - out->moreData = CommandAuditCapGetCCList((TPM_CC)in->property, - in->propertyCount, - &data->auditCommands); - break; - case TPM_CAP_PCRS: - // Input property must be 0 - if(in->property != 0) - return TPM_RCS_VALUE + RC_GetCapability_property; - out->moreData = PCRCapGetAllocation(in->propertyCount, - &data->assignedPCR); - break; - case TPM_CAP_PCR_PROPERTIES: - out->moreData = PCRCapGetProperties((TPM_PT_PCR)in->property, - in->propertyCount, - &data->pcrProperties); - break; - case TPM_CAP_TPM_PROPERTIES: - out->moreData = TPMCapGetProperties((TPM_PT)in->property, - in->propertyCount, - &data->tpmProperties); - break; -#if ALG_ECC - case TPM_CAP_ECC_CURVES: - out->moreData = CryptCapGetECCCurve((TPM_ECC_CURVE)in->property, - in->propertyCount, - &data->eccCurves); - break; -#endif // ALG_ECC - case TPM_CAP_AUTH_POLICIES: - if(HandleGetType((TPM_HANDLE)in->property) != TPM_HT_PERMANENT) - return TPM_RCS_VALUE + RC_GetCapability_property; - out->moreData = PermanentHandleGetPolicy((TPM_HANDLE)in->property, - in->propertyCount, - &data->authPolicies); - break; - case TPM_CAP_VENDOR_PROPERTY: - // vendor property is not implemented - default: - // Unsupported TPM_CAP value - return TPM_RCS_VALUE + RC_GetCapability_capability; - break; - } - - return TPM_RC_SUCCESS; -} - -#endif // CC_GetCapability \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Capability/TestParms.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Capability/TestParms.c deleted file mode 100644 index 3e5435e4a..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Capability/TestParms.c +++ /dev/null @@ -1,56 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "TestParms_fp.h" - -#if CC_TestParms // Conditional expansion of this file - -/*(See part 3 specification) -// TestParms -*/ -TPM_RC -TPM2_TestParms( - TestParms_In *in // IN: input parameter list - ) -{ - // Input parameter is not reference in command action - NOT_REFERENCED(in); - - // The parameters are tested at unmarshal process. We do nothing in command - // action - return TPM_RC_SUCCESS; -} - -#endif // CC_TestParms \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/ClockTimer/ClockRateAdjust.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/ClockTimer/ClockRateAdjust.c deleted file mode 100644 index 59148af03..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/ClockTimer/ClockRateAdjust.c +++ /dev/null @@ -1,55 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "ClockRateAdjust_fp.h" - -#if CC_ClockRateAdjust // Conditional expansion of this file - -/*(See part 3 specification) -// adjusts the rate of advance of Clock and Timer to provide a better -// approximation to real time. -*/ -TPM_RC -TPM2_ClockRateAdjust( - ClockRateAdjust_In *in // IN: input parameter list - ) -{ -// Internal Data Update - TimeSetAdjustRate(in->rateAdjust); - - return TPM_RC_SUCCESS; -} - -#endif // CC_ClockRateAdjust \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/ClockTimer/ClockSet.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/ClockTimer/ClockSet.c deleted file mode 100644 index 9e0a8d34d..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/ClockTimer/ClockSet.c +++ /dev/null @@ -1,66 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "ClockSet_fp.h" - -#if CC_ClockSet // Conditional expansion of this file - -// Read the current TPMS_TIMER_INFO structure settings -// Return Type: TPM_RC -// TPM_RC_NV_RATE NV is unavailable because of rate limit -// TPM_RC_NV_UNAVAILABLE NV is inaccessible -// TPM_RC_VALUE invalid new clock - -TPM_RC -TPM2_ClockSet( - ClockSet_In *in // IN: input parameter list - ) -{ -// Input Validation - // new time can not be bigger than 0xFFFF000000000000 or smaller than - // current clock - if(in->newTime > 0xFFFF000000000000ULL - || in->newTime < go.clock) - return TPM_RCS_VALUE + RC_ClockSet_newTime; - -// Internal Data Update - // Can't modify the clock if NV is not available. - RETURN_IF_NV_IS_NOT_AVAILABLE; - - TimeClockUpdate(in->newTime); - return TPM_RC_SUCCESS; -} - -#endif // CC_ClockSet \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/ClockTimer/ReadClock.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/ClockTimer/ReadClock.c deleted file mode 100644 index f405d057e..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/ClockTimer/ReadClock.c +++ /dev/null @@ -1,56 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "ReadClock_fp.h" - -#if CC_ReadClock // Conditional expansion of this file - -/*(See part 3 specification) -// read the current TPMS_TIMER_INFO structure settings -*/ -TPM_RC -TPM2_ReadClock( - ReadClock_Out *out // OUT: output parameter list - ) -{ -// Command Output - - out->currentTime.time = g_time; - TimeFillInfo(&out->currentTime.clockInfo); - - return TPM_RC_SUCCESS; -} - -#endif // CC_ReadClock \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/CommandAudit/SetCommandCodeAuditStatus.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/CommandAudit/SetCommandCodeAuditStatus.c deleted file mode 100644 index b7f52e8c1..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/CommandAudit/SetCommandCodeAuditStatus.c +++ /dev/null @@ -1,103 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "SetCommandCodeAuditStatus_fp.h" - -#if CC_SetCommandCodeAuditStatus // Conditional expansion of this file - -/*(See part 3 specification) -// change the audit status of a command or to set the hash algorithm used for -// the audit digest. -*/ -TPM_RC -TPM2_SetCommandCodeAuditStatus( - SetCommandCodeAuditStatus_In *in // IN: input parameter list - ) -{ - - // The command needs NV update. Check if NV is available. - // A TPM_RC_NV_UNAVAILABLE or TPM_RC_NV_RATE error may be returned at - // this point - RETURN_IF_NV_IS_NOT_AVAILABLE; - -// Internal Data Update - - // Update hash algorithm - if(in->auditAlg != TPM_ALG_NULL && in->auditAlg != gp.auditHashAlg) - { - // Can't change the algorithm and command list at the same time - if(in->setList.count != 0 || in->clearList.count != 0) - return TPM_RCS_VALUE + RC_SetCommandCodeAuditStatus_auditAlg; - - // Change the hash algorithm for audit - gp.auditHashAlg = in->auditAlg; - - // Set the digest size to a unique value that indicates that the digest - // algorithm has been changed. The size will be cleared to zero in the - // command audit processing on exit. - gr.commandAuditDigest.t.size = 1; - - // Save the change of command audit data (this sets g_updateNV so that NV - // will be updated on exit.) - NV_SYNC_PERSISTENT(auditHashAlg); - } - else - { - UINT32 i; - BOOL changed = FALSE; - - // Process set list - for(i = 0; i < in->setList.count; i++) - - // If change is made in CommandAuditSet, set changed flag - if(CommandAuditSet(in->setList.commandCodes[i])) - changed = TRUE; - - // Process clear list - for(i = 0; i < in->clearList.count; i++) - // If change is made in CommandAuditClear, set changed flag - if(CommandAuditClear(in->clearList.commandCodes[i])) - changed = TRUE; - - // if change was made to command list, update NV - if(changed) - // this sets g_updateNV so that NV will be updated on exit. - NV_SYNC_PERSISTENT(auditCommands); - } - - return TPM_RC_SUCCESS; -} - -#endif // CC_SetCommandCodeAuditStatus \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Context/ContextLoad.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Context/ContextLoad.c deleted file mode 100644 index 4977f9827..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Context/ContextLoad.c +++ /dev/null @@ -1,193 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "ContextLoad_fp.h" - -#if CC_ContextLoad // Conditional expansion of this file - -#include "Context_spt_fp.h" - -/*(See part 3 specification) -// Load context -*/ - -// Return Type: TPM_RC -// TPM_RC_CONTEXT_GAP there is only one available slot and this is not -// the oldest saved session context -// TPM_RC_HANDLE context.savedHandle' does not reference a saved -// session -// TPM_RC_HIERARCHY 'context.hierarchy' is disabled -// TPM_RC_INTEGRITY 'context' integrity check fail -// TPM_RC_OBJECT_MEMORY no free slot for an object -// TPM_RC_SESSION_MEMORY no free session slots -// TPM_RC_SIZE incorrect context blob size -TPM_RC -TPM2_ContextLoad( - ContextLoad_In *in, // IN: input parameter list - ContextLoad_Out *out // OUT: output parameter list - ) -{ - TPM_RC result; - TPM2B_DIGEST integrityToCompare; - TPM2B_DIGEST integrity; - BYTE *buffer; // defined to save some typing - INT32 size; // defined to save some typing - TPM_HT handleType; - TPM2B_SYM_KEY symKey; - TPM2B_IV iv; - -// Input Validation - -// See discussion about the context format in TPM2_ContextSave Detailed Actions - - // IF this is a session context, make sure that the sequence number is - // consistent with the version in the slot - - // Check context blob size - handleType = HandleGetType(in->context.savedHandle); - - // Get integrity from context blob - buffer = in->context.contextBlob.t.buffer; - size = (INT32)in->context.contextBlob.t.size; - result = TPM2B_DIGEST_Unmarshal(&integrity, &buffer, &size); - if(result != TPM_RC_SUCCESS) - return result; - - // the size of the integrity value has to match the size of digest produced - // by the integrity hash - if(integrity.t.size != CryptHashGetDigestSize(CONTEXT_INTEGRITY_HASH_ALG)) - return TPM_RCS_SIZE + RC_ContextLoad_context; - - // Make sure that the context blob has enough space for the fingerprint. This - // is elastic pants to go with the belt and suspenders we already have to make - // sure that the context is complete and untampered. - if((unsigned)size < sizeof(in->context.sequence)) - return TPM_RCS_SIZE + RC_ContextLoad_context; - - // After unmarshaling the integrity value, 'buffer' is pointing at the first - // byte of the integrity protected and encrypted buffer and 'size' is the number - // of integrity protected and encrypted bytes. - - // Compute context integrity - ComputeContextIntegrity(&in->context, &integrityToCompare); - - // Compare integrity - if(!MemoryEqual2B(&integrity.b, &integrityToCompare.b)) - return TPM_RCS_INTEGRITY + RC_ContextLoad_context; - // Compute context encryption key - ComputeContextProtectionKey(&in->context, &symKey, &iv); - - // Decrypt context data in place - CryptSymmetricDecrypt(buffer, CONTEXT_ENCRYPT_ALG, CONTEXT_ENCRYPT_KEY_BITS, - symKey.t.buffer, &iv, ALG_CFB_VALUE, size, buffer); - // See if the fingerprint value matches. If not, it is symptomatic of either - // a broken TPM or that the TPM is under attack so go into failure mode. - if(!MemoryEqual(buffer, &in->context.sequence, sizeof(in->context.sequence))) - FAIL(FATAL_ERROR_INTERNAL); - - // step over fingerprint - buffer += sizeof(in->context.sequence); - - // set the remaining size of the context - size -= sizeof(in->context.sequence); - - // Perform object or session specific input check - switch(handleType) - { - case TPM_HT_TRANSIENT: - { - OBJECT *outObject; - - if(size > (INT32)sizeof(OBJECT)) - FAIL(FATAL_ERROR_INTERNAL); - - // Discard any changes to the handle that the TRM might have made - in->context.savedHandle = TRANSIENT_FIRST; - - // If hierarchy is disabled, no object context can be loaded in this - // hierarchy - if(!HierarchyIsEnabled(in->context.hierarchy)) - return TPM_RCS_HIERARCHY + RC_ContextLoad_context; - - // Restore object. If there is no empty space, indicate as much - outObject = ObjectContextLoad((ANY_OBJECT_BUFFER *)buffer, - &out->loadedHandle); - if(outObject == NULL) - return TPM_RC_OBJECT_MEMORY; - - break; - } - case TPM_HT_POLICY_SESSION: - case TPM_HT_HMAC_SESSION: - { - if(size != sizeof(SESSION)) - FAIL(FATAL_ERROR_INTERNAL); - - // This command may cause the orderlyState to be cleared due to - // the update of state reset data. If this is the case, check if NV is - // available first - RETURN_IF_ORDERLY; - - // Check if input handle points to a valid saved session and that the - // sequence number makes sense - if(!SequenceNumberForSavedContextIsValid(&in->context)) - return TPM_RCS_HANDLE + RC_ContextLoad_context; - - // Restore session. A TPM_RC_SESSION_MEMORY, TPM_RC_CONTEXT_GAP error - // may be returned at this point - result = SessionContextLoad((SESSION_BUF *)buffer, - &in->context.savedHandle); - if(result != TPM_RC_SUCCESS) - return result; - - out->loadedHandle = in->context.savedHandle; - - // orderly state should be cleared because of the update of state - // reset and state clear data - g_clearOrderly = TRUE; - - break; - } - default: - // Context blob may only have an object handle or a session handle. - // All the other handle type should be filtered out at unmarshal - FAIL(FATAL_ERROR_INTERNAL); - break; - } - - return TPM_RC_SUCCESS; -} - -#endif // CC_ContextLoad \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Context/ContextSave.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Context/ContextSave.c deleted file mode 100644 index ff3c4cdf8..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Context/ContextSave.c +++ /dev/null @@ -1,232 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "ContextSave_fp.h" - -#if CC_ContextSave // Conditional expansion of this file - -#include "Context_spt_fp.h" - -/*(See part 3 specification) - Save context -*/ -// Return Type: TPM_RC -// TPM_RC_CONTEXT_GAP a contextID could not be assigned for a session -// context save -// TPM_RC_TOO_MANY_CONTEXTS no more contexts can be saved as the counter has -// maxed out -TPM_RC -TPM2_ContextSave( - ContextSave_In *in, // IN: input parameter list - ContextSave_Out *out // OUT: output parameter list - ) -{ - TPM_RC result = TPM_RC_SUCCESS; - UINT16 fingerprintSize; // The size of fingerprint in context - // blob. - UINT64 contextID = 0; // session context ID - TPM2B_SYM_KEY symKey; - TPM2B_IV iv; - - TPM2B_DIGEST integrity; - UINT16 integritySize; - BYTE *buffer; - - // This command may cause the orderlyState to be cleared due to - // the update of state reset data. If the state is orderly and - // cannot be changed, exit early. - RETURN_IF_ORDERLY; - -// Internal Data Update - -// This implementation does not do things in quite the same way as described in -// Part 2 of the specification. In Part 2, it indicates that the -// TPMS_CONTEXT_DATA contains two TPM2B values. That is not how this is -// implemented. Rather, the size field of the TPM2B_CONTEXT_DATA is used to -// determine the amount of data in the encrypted data. That part is not -// independently sized. This makes the actual size 2 bytes smaller than -// calculated using Part 2. Since this is opaque to the caller, it is not -// necessary to fix. The actual size is returned by TPM2_GetCapabilties(). - - // Initialize output handle. At the end of command action, the output - // handle of an object will be replaced, while the output handle - // for a session will be the same as input - out->context.savedHandle = in->saveHandle; - - // Get the size of fingerprint in context blob. The sequence value in - // TPMS_CONTEXT structure is used as the fingerprint - fingerprintSize = sizeof(out->context.sequence); - - // Compute the integrity size at the beginning of context blob - integritySize = sizeof(integrity.t.size) - + CryptHashGetDigestSize(CONTEXT_INTEGRITY_HASH_ALG); - -// Perform object or session specific context save - switch(HandleGetType(in->saveHandle)) - { - case TPM_HT_TRANSIENT: - { - OBJECT *object = HandleToObject(in->saveHandle); - ANY_OBJECT_BUFFER *outObject; - UINT16 objectSize = ObjectIsSequence(object) - ? sizeof(HASH_OBJECT) : sizeof(OBJECT); - - outObject = (ANY_OBJECT_BUFFER *)(out->context.contextBlob.t.buffer - + integritySize + fingerprintSize); - - // Set size of the context data. The contents of context blob is vendor - // defined. In this implementation, the size is size of integrity - // plus fingerprint plus the whole internal OBJECT structure - out->context.contextBlob.t.size = integritySize + - fingerprintSize + objectSize; -#if ALG_RSA - // For an RSA key, make sure that the key has had the private exponent - // computed before saving. - if(object->publicArea.type == TPM_ALG_RSA && - !(object->attributes.publicOnly)) - CryptRsaLoadPrivateExponent(&object->publicArea, &object->sensitive); -#endif - // Make sure things fit - pAssert(out->context.contextBlob.t.size - <= sizeof(out->context.contextBlob.t.buffer)); - // Copy the whole internal OBJECT structure to context blob - MemoryCopy(outObject, object, objectSize); - - // Increment object context ID - gr.objectContextID++; - // If object context ID overflows, TPM should be put in failure mode - if(gr.objectContextID == 0) - FAIL(FATAL_ERROR_INTERNAL); - - // Fill in other return values for an object. - out->context.sequence = gr.objectContextID; - // For regular object, savedHandle is 0x80000000. For sequence object, - // savedHandle is 0x80000001. For object with stClear, savedHandle - // is 0x80000002 - if(ObjectIsSequence(object)) - { - out->context.savedHandle = 0x80000001; - SequenceDataExport((HASH_OBJECT *)object, - (HASH_OBJECT_BUFFER *)outObject); - } - else - out->context.savedHandle = (object->attributes.stClear == SET) - ? 0x80000002 : 0x80000000; -// Get object hierarchy - out->context.hierarchy = ObjectGetHierarchy(object); - - break; - } - case TPM_HT_HMAC_SESSION: - case TPM_HT_POLICY_SESSION: - { - SESSION *session = SessionGet(in->saveHandle); - - // Set size of the context data. The contents of context blob is vendor - // defined. In this implementation, the size of context blob is the - // size of a internal session structure plus the size of - // fingerprint plus the size of integrity - out->context.contextBlob.t.size = integritySize + - fingerprintSize + sizeof(*session); - - // Make sure things fit - pAssert(out->context.contextBlob.t.size - < sizeof(out->context.contextBlob.t.buffer)); - - // Copy the whole internal SESSION structure to context blob. - // Save space for fingerprint at the beginning of the buffer - // This is done before anything else so that the actual context - // can be reclaimed after this call - pAssert(sizeof(*session) <= sizeof(out->context.contextBlob.t.buffer) - - integritySize - fingerprintSize); - MemoryCopy(out->context.contextBlob.t.buffer + integritySize - + fingerprintSize, session, sizeof(*session)); - // Fill in the other return parameters for a session - // Get a context ID and set the session tracking values appropriately - // TPM_RC_CONTEXT_GAP is a possible error. - // SessionContextSave() will flush the in-memory context - // so no additional errors may occur after this call. - result = SessionContextSave(out->context.savedHandle, &contextID); - if(result != TPM_RC_SUCCESS) - return result; - // sequence number is the current session contextID - out->context.sequence = contextID; - - // use TPM_RH_NULL as hierarchy for session context - out->context.hierarchy = TPM_RH_NULL; - - break; - } - default: - // SaveContext may only take an object handle or a session handle. - // All the other handle type should be filtered out at unmarshal - FAIL(FATAL_ERROR_INTERNAL); - break; - } - - // Save fingerprint at the beginning of encrypted area of context blob. - // Reserve the integrity space - pAssert(sizeof(out->context.sequence) <= - sizeof(out->context.contextBlob.t.buffer) - integritySize); - MemoryCopy(out->context.contextBlob.t.buffer + integritySize, - &out->context.sequence, sizeof(out->context.sequence)); - - // Compute context encryption key - ComputeContextProtectionKey(&out->context, &symKey, &iv); - - // Encrypt context blob - CryptSymmetricEncrypt(out->context.contextBlob.t.buffer + integritySize, - CONTEXT_ENCRYPT_ALG, CONTEXT_ENCRYPT_KEY_BITS, - symKey.t.buffer, &iv, ALG_CFB_VALUE, - out->context.contextBlob.t.size - integritySize, - out->context.contextBlob.t.buffer + integritySize); - - // Compute integrity hash for the object - // In this implementation, the same routine is used for both sessions - // and objects. - ComputeContextIntegrity(&out->context, &integrity); - - // add integrity at the beginning of context blob - buffer = out->context.contextBlob.t.buffer; - TPM2B_DIGEST_Marshal(&integrity, &buffer, NULL); - - // orderly state should be cleared because of the update of state reset and - // state clear data - g_clearOrderly = TRUE; - - return result; -} - -#endif // CC_ContextSave \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Context/Context_spt.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Context/Context_spt.c deleted file mode 100644 index 7a5fea817..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Context/Context_spt.c +++ /dev/null @@ -1,244 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Includes - -#include "Tpm.h" -#include "Context_spt_fp.h" - -//** Functions - -//*** ComputeContextProtectionKey() -// This function retrieves the symmetric protection key for context encryption -// It is used by TPM2_ConextSave and TPM2_ContextLoad to create the symmetric -// encryption key and iv -/*(See part 1 specification) - KDFa is used to generate the symmetric encryption key and IV. The parameters - of the call are: - Symkey = KDFa(hashAlg, hProof, vendorString, sequence, handle, bits) - where - hashAlg a vendor-defined hash algorithm - hProof the hierarchy proof as selected by the hierarchy parameter - of the TPMS_CONTEXT - vendorString a value used to differentiate the uses of the KDF - sequence the sequence parameter of the TPMS_CONTEXT - handle the handle parameter of the TPMS_CONTEXT - bits the number of bits needed for a symmetric key and IV for - the context encryption -*/ -// Return Type: void -void -ComputeContextProtectionKey( - TPMS_CONTEXT *contextBlob, // IN: context blob - TPM2B_SYM_KEY *symKey, // OUT: the symmetric key - TPM2B_IV *iv // OUT: the IV. - ) -{ - UINT16 symKeyBits; // number of bits in the parent's - // symmetric key - TPM2B_PROOF *proof = NULL; // the proof value to use. Is null for - // everything but a primary object in - // the Endorsement Hierarchy - - BYTE kdfResult[sizeof(TPMU_HA) * 2];// Value produced by the KDF - - TPM2B_DATA sequence2B, handle2B; - - // Get proof value - proof = HierarchyGetProof(contextBlob->hierarchy); - - // Get sequence value in 2B format - sequence2B.t.size = sizeof(contextBlob->sequence); - cAssert(sizeof(contextBlob->sequence) <= sizeof(sequence2B.t.buffer)); - MemoryCopy(sequence2B.t.buffer, &contextBlob->sequence, - sizeof(contextBlob->sequence)); - - // Get handle value in 2B format - handle2B.t.size = sizeof(contextBlob->savedHandle); - cAssert(sizeof(contextBlob->savedHandle) <= sizeof(handle2B.t.buffer)); - MemoryCopy(handle2B.t.buffer, &contextBlob->savedHandle, - sizeof(contextBlob->savedHandle)); - - // Get the symmetric encryption key size - symKey->t.size = CONTEXT_ENCRYPT_KEY_BYTES; - symKeyBits = CONTEXT_ENCRYPT_KEY_BITS; - // Get the size of the IV for the algorithm - iv->t.size = CryptGetSymmetricBlockSize(CONTEXT_ENCRYPT_ALG, symKeyBits); - - // KDFa to generate symmetric key and IV value - CryptKDFa(CONTEXT_INTEGRITY_HASH_ALG, &proof->b, CONTEXT_KEY, &sequence2B.b, - &handle2B.b, (symKey->t.size + iv->t.size) * 8, kdfResult, NULL, - FALSE); - - // Copy part of the returned value as the key - pAssert(symKey->t.size <= sizeof(symKey->t.buffer)); - MemoryCopy(symKey->t.buffer, kdfResult, symKey->t.size); - - // Copy the rest as the IV - pAssert(iv->t.size <= sizeof(iv->t.buffer)); - MemoryCopy(iv->t.buffer, &kdfResult[symKey->t.size], iv->t.size); - - return; -} - -//*** ComputeContextIntegrity() -// Generate the integrity hash for a context -// It is used by TPM2_ContextSave to create an integrity hash -// and by TPM2_ContextLoad to compare an integrity hash -/*(See part 1 specification) - The HMAC integrity computation for a saved context is: - HMACvendorAlg(hProof, resetValue {|| clearCount} || sequence || handle || - encContext) - where - HMACvendorAlg HMAC using a vendor-defined hash algorithm - hProof the hierarchy proof as selected by the hierarchy - parameter of the TPMS_CONTEXT - resetValue either a counter value that increments on each TPM Reset - and is not reset over the lifetime of the TPM or a random - value that changes on each TPM Reset and has the size of - the digest produced by vendorAlg - clearCount a counter value that is incremented on each TPM Reset - or TPM Restart. This value is only included if the handle - value is 0x80000002. - sequence the sequence parameter of the TPMS_CONTEXT - handle the handle parameter of the TPMS_CONTEXT - encContext the encrypted context blob -*/ -// Return Type: void -void -ComputeContextIntegrity( - TPMS_CONTEXT *contextBlob, // IN: context blob - TPM2B_DIGEST *integrity // OUT: integrity - ) -{ - HMAC_STATE hmacState; - TPM2B_PROOF *proof; - UINT16 integritySize; - - // Get proof value - proof = HierarchyGetProof(contextBlob->hierarchy); - - // Start HMAC - integrity->t.size = CryptHmacStart2B(&hmacState, CONTEXT_INTEGRITY_HASH_ALG, - &proof->b); - - // Compute integrity size at the beginning of context blob - integritySize = sizeof(integrity->t.size) + integrity->t.size; - - // Adding total reset counter so that the context cannot be - // used after a TPM Reset - CryptDigestUpdateInt(&hmacState.hashState, sizeof(gp.totalResetCount), - gp.totalResetCount); - - // If this is a ST_CLEAR object, add the clear count - // so that this contest cannot be loaded after a TPM Restart - if(contextBlob->savedHandle == 0x80000002) - CryptDigestUpdateInt(&hmacState.hashState, sizeof(gr.clearCount), - gr.clearCount); - - // Adding sequence number to the HMAC to make sure that it doesn't - // get changed - CryptDigestUpdateInt(&hmacState.hashState, sizeof(contextBlob->sequence), - contextBlob->sequence); - - // Protect the handle - CryptDigestUpdateInt(&hmacState.hashState, sizeof(contextBlob->savedHandle), - contextBlob->savedHandle); - - // Adding sensitive contextData, skip the leading integrity area - CryptDigestUpdate(&hmacState.hashState, - contextBlob->contextBlob.t.size - integritySize, - contextBlob->contextBlob.t.buffer + integritySize); - - // Complete HMAC - CryptHmacEnd2B(&hmacState, &integrity->b); - - return; -} - -//*** SequenceDataExport(); -// This function is used scan through the sequence object and -// either modify the hash state data for export (contextSave) or to -// import it into the internal format (contextLoad). -// This function should only be called after the sequence object has been copied -// to the context buffer (contextSave) or from the context buffer into the sequence -// object. The presumption is that the context buffer version of the data is the -// same size as the internal representation so nothing outsize of the hash context -// area gets modified. -void -SequenceDataExport( - HASH_OBJECT *object, // IN: an internal hash object - HASH_OBJECT_BUFFER *exportObject // OUT: a sequence context in a buffer - ) -{ - // If the hash object is not an event, then only one hash context is needed - int count = (object->attributes.eventSeq) ? HASH_COUNT : 1; - - for(count--; count >= 0; count--) - { - HASH_STATE *hash = &object->state.hashState[count]; - size_t offset = (BYTE *)hash - (BYTE *)object; - BYTE *exportHash = &((BYTE *)exportObject)[offset]; - - CryptHashExportState(hash, (EXPORT_HASH_STATE *)exportHash); - } -} - -//*** SequenceDataImport(); -// This function is used scan through the sequence object and -// either modify the hash state data for export (contextSave) or to -// import it into the internal format (contextLoad). -// This function should only be called after the sequence object has been copied -// to the context buffer (contextSave) or from the context buffer into the sequence -// object. The presumption is that the context buffer version of the data is the -// same size as the internal representation so nothing outsize of the hash context -// area gets modified. -void -SequenceDataImport( - HASH_OBJECT *object, // IN/OUT: an internal hash object - HASH_OBJECT_BUFFER *exportObject // IN/OUT: a sequence context in a buffer - ) -{ - // If the hash object is not an event, then only one hash context is needed - int count = (object->attributes.eventSeq) ? HASH_COUNT : 1; - - for(count--; count >= 0; count--) - { - HASH_STATE *hash = &object->state.hashState[count]; - size_t offset = (BYTE *)hash - (BYTE *)object; - BYTE *importHash = &((BYTE *)exportObject)[offset]; -// - CryptHashImportState(hash, (EXPORT_HASH_STATE *)importHash); - } -} \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Context/EvictControl.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Context/EvictControl.c deleted file mode 100644 index e4ed13489..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Context/EvictControl.c +++ /dev/null @@ -1,131 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "EvictControl_fp.h" - -#if CC_EvictControl // Conditional expansion of this file - -/*(See part 3 specification) -// Make a transient object persistent or evict a persistent object -*/ -// Return Type: TPM_RC -// TPM_RC_ATTRIBUTES an object with 'temporary', 'stClear' or 'publicOnly' -// attribute SET cannot be made persistent -// TPM_RC_HIERARCHY 'auth' cannot authorize the operation in the hierarchy -// of 'evictObject' -// TPM_RC_HANDLE 'evictHandle' of the persistent object to be evicted is -// not the same as the 'persistentHandle' argument -// TPM_RC_NV_HANDLE 'persistentHandle' is unavailable -// TPM_RC_NV_SPACE no space in NV to make 'evictHandle' persistent -// TPM_RC_RANGE 'persistentHandle' is not in the range corresponding to -// the hierarchy of 'evictObject' -TPM_RC -TPM2_EvictControl( - EvictControl_In *in // IN: input parameter list - ) -{ - TPM_RC result; - OBJECT *evictObject; - -// Input Validation - - // Get internal object pointer - evictObject = HandleToObject(in->objectHandle); - - // Temporary, stClear or public only objects can not be made persistent - if(evictObject->attributes.temporary == SET - || evictObject->attributes.stClear == SET - || evictObject->attributes.publicOnly == SET) - return TPM_RCS_ATTRIBUTES + RC_EvictControl_objectHandle; - - // If objectHandle refers to a persistent object, it should be the same as - // input persistentHandle - if(evictObject->attributes.evict == SET - && evictObject->evictHandle != in->persistentHandle) - return TPM_RCS_HANDLE + RC_EvictControl_objectHandle; - - // Additional authorization validation - if(in->auth == TPM_RH_PLATFORM) - { - // To make persistent - if(evictObject->attributes.evict == CLEAR) - { - // PlatformAuth can not set evict object in storage or endorsement - // hierarchy - if(evictObject->attributes.ppsHierarchy == CLEAR) - return TPM_RCS_HIERARCHY + RC_EvictControl_objectHandle; - // Platform cannot use a handle outside of platform persistent range. - if(!NvIsPlatformPersistentHandle(in->persistentHandle)) - return TPM_RCS_RANGE + RC_EvictControl_persistentHandle; - } - // PlatformAuth can delete any persistent object - } - else if(in->auth == TPM_RH_OWNER) - { - // OwnerAuth can not set or clear evict object in platform hierarchy - if(evictObject->attributes.ppsHierarchy == SET) - return TPM_RCS_HIERARCHY + RC_EvictControl_objectHandle; - - // Owner cannot use a handle outside of owner persistent range. - if(evictObject->attributes.evict == CLEAR - && !NvIsOwnerPersistentHandle(in->persistentHandle)) - return TPM_RCS_RANGE + RC_EvictControl_persistentHandle; - } - else - { - // Other authorization is not allowed in this command and should have been - // filtered out in unmarshal process - FAIL(FATAL_ERROR_INTERNAL); - } -// Internal Data Update - // Change evict state - if(evictObject->attributes.evict == CLEAR) - { - // Make object persistent - if(NvFindHandle(in->persistentHandle) != 0) - return TPM_RC_NV_DEFINED; - // A TPM_RC_NV_HANDLE or TPM_RC_NV_SPACE error may be returned at this - // point - result = NvAddEvictObject(in->persistentHandle, evictObject); - } - else - { - // Delete the persistent object in NV - result = NvDeleteEvict(evictObject->evictHandle); - } - return result; -} - -#endif // CC_EvictControl \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Context/FlushContext.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Context/FlushContext.c deleted file mode 100644 index 87982850b..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Context/FlushContext.c +++ /dev/null @@ -1,86 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "FlushContext_fp.h" - -#if CC_FlushContext // Conditional expansion of this file - -/*(See part 3 specification) -// Flush a specific object or session -*/ -// Return Type: TPM_RC -// TPM_RC_HANDLE 'flushHandle' does not reference a loaded object or session -TPM_RC -TPM2_FlushContext( - FlushContext_In *in // IN: input parameter list - ) -{ -// Internal Data Update - - // Call object or session specific routine to flush - switch(HandleGetType(in->flushHandle)) - { - case TPM_HT_TRANSIENT: - if(!IsObjectPresent(in->flushHandle)) - return TPM_RCS_HANDLE + RC_FlushContext_flushHandle; - // Flush object - FlushObject(in->flushHandle); - break; - case TPM_HT_HMAC_SESSION: - case TPM_HT_POLICY_SESSION: - if(!SessionIsLoaded(in->flushHandle) - && !SessionIsSaved(in->flushHandle) - ) - return TPM_RCS_HANDLE + RC_FlushContext_flushHandle; - - // If the session to be flushed is the exclusive audit session, then - // indicate that there is no exclusive audit session any longer. - if(in->flushHandle == g_exclusiveAuditSession) - g_exclusiveAuditSession = TPM_RH_UNASSIGNED; - - // Flush session - SessionFlush(in->flushHandle); - break; - default: - // This command only takes object or session handle. Other handles - // should be filtered out at handle unmarshal - FAIL(FATAL_ERROR_INTERNAL); - break; - } - - return TPM_RC_SUCCESS; -} - -#endif // CC_FlushContext \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/DA/DictionaryAttackLockReset.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/DA/DictionaryAttackLockReset.c deleted file mode 100644 index 78ceafc27..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/DA/DictionaryAttackLockReset.c +++ /dev/null @@ -1,67 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "DictionaryAttackLockReset_fp.h" - -#if CC_DictionaryAttackLockReset // Conditional expansion of this file - -/*(See part 3 specification) -// This command cancels the effect of a TPM lockout due to a number of -// successive authorization failures. If this command is properly authorized, -// the lockout counter is set to 0. -*/ -TPM_RC -TPM2_DictionaryAttackLockReset( - DictionaryAttackLockReset_In *in // IN: input parameter list - ) -{ - // Input parameter is not reference in command action - NOT_REFERENCED(in); - - // The command needs NV update. - RETURN_IF_NV_IS_NOT_AVAILABLE; - -// Internal Data Update - - // Set failed tries to 0 - gp.failedTries = 0; - - // Record the changes to NV - NV_SYNC_PERSISTENT(failedTries); - - return TPM_RC_SUCCESS; -} - -#endif // CC_DictionaryAttackLockReset \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/DA/DictionaryAttackParameters.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/DA/DictionaryAttackParameters.c deleted file mode 100644 index e5f98da37..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/DA/DictionaryAttackParameters.c +++ /dev/null @@ -1,76 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "DictionaryAttackParameters_fp.h" - -#if CC_DictionaryAttackParameters // Conditional expansion of this file - -/*(See part 3 specification) -// change the lockout parameters -*/ -TPM_RC -TPM2_DictionaryAttackParameters( - DictionaryAttackParameters_In *in // IN: input parameter list - ) -{ - // The command needs NV update. - RETURN_IF_NV_IS_NOT_AVAILABLE; - -// Internal Data Update - - // Set dictionary attack parameters - gp.maxTries = in->newMaxTries; - gp.recoveryTime = in->newRecoveryTime; - gp.lockoutRecovery = in->lockoutRecovery; - -#if 0 // Errata eliminates this code - // This functionality has been disabled. The preferred implementation is now - // to leave failedTries unchanged when the parameters are changed. This could - // have the effect of putting the TPM into DA lockout if in->newMaxTries is - // not greater than the current value of gp.failedTries. - // Set failed tries to 0 - gp.failedTries = 0; -#endif - - // Record the changes to NV - NV_SYNC_PERSISTENT(failedTries); - NV_SYNC_PERSISTENT(maxTries); - NV_SYNC_PERSISTENT(recoveryTime); - NV_SYNC_PERSISTENT(lockoutRecovery); - - return TPM_RC_SUCCESS; -} - -#endif // CC_DictionaryAttackParameters \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Duplication/Duplicate.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Duplication/Duplicate.c deleted file mode 100644 index 9e9164f5d..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Duplication/Duplicate.c +++ /dev/null @@ -1,160 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "Duplicate_fp.h" - -#if CC_Duplicate // Conditional expansion of this file - -#include "Object_spt_fp.h" - -/*(See part 3 specification) -// Duplicate a loaded object -*/ -// Return Type: TPM_RC -// TPM_RC_ATTRIBUTES key to duplicate has 'fixedParent' SET -// TPM_RC_HASH for an RSA key, the nameAlg digest size for the -// newParent is not compatible with the key size -// TPM_RC_HIERARCHY 'encryptedDuplication' is SET and 'newParentHandle' -// specifies Null Hierarchy -// TPM_RC_KEY 'newParentHandle' references invalid ECC key (public -// point not on the curve) -// TPM_RC_SIZE input encryption key size does not match the -// size specified in symmetric algorithm -// TPM_RC_SYMMETRIC 'encryptedDuplication' is SET but no symmetric -// algorithm is provided -// TPM_RC_TYPE 'newParentHandle' is neither a storage key nor -// TPM_RH_NULL; or the object has a NULL nameAlg -// TPM_RC_VALUE for an RSA newParent, the sizes of the digest and -// the encryption key are too large to be OAEP encoded -TPM_RC -TPM2_Duplicate( - Duplicate_In *in, // IN: input parameter list - Duplicate_Out *out // OUT: output parameter list - ) -{ - TPM_RC result = TPM_RC_SUCCESS; - TPMT_SENSITIVE sensitive; - - UINT16 innerKeySize = 0; // encrypt key size for inner wrap - - OBJECT *object; - OBJECT *newParent; - TPM2B_DATA data; - -// Input Validation - - // Get duplicate object pointer - object = HandleToObject(in->objectHandle); - // Get new parent - newParent = HandleToObject(in->newParentHandle); - - // duplicate key must have fixParent bit CLEAR. - if(IS_ATTRIBUTE(object->publicArea.objectAttributes, TPMA_OBJECT, fixedParent)) - return TPM_RCS_ATTRIBUTES + RC_Duplicate_objectHandle; - - // Do not duplicate object with NULL nameAlg - if(object->publicArea.nameAlg == TPM_ALG_NULL) - return TPM_RCS_TYPE + RC_Duplicate_objectHandle; - - // new parent key must be a storage object or TPM_RH_NULL - if(in->newParentHandle != TPM_RH_NULL - && !ObjectIsStorage(in->newParentHandle)) - return TPM_RCS_TYPE + RC_Duplicate_newParentHandle; - - // If the duplicated object has encryptedDuplication SET, then there must be - // an inner wrapper and the new parent may not be TPM_RH_NULL - if(IS_ATTRIBUTE(object->publicArea.objectAttributes, TPMA_OBJECT, - encryptedDuplication)) - { - if(in->symmetricAlg.algorithm == TPM_ALG_NULL) - return TPM_RCS_SYMMETRIC + RC_Duplicate_symmetricAlg; - if(in->newParentHandle == TPM_RH_NULL) - return TPM_RCS_HIERARCHY + RC_Duplicate_newParentHandle; - } - - if(in->symmetricAlg.algorithm == TPM_ALG_NULL) - { - // if algorithm is TPM_ALG_NULL, input key size must be 0 - if(in->encryptionKeyIn.t.size != 0) - return TPM_RCS_SIZE + RC_Duplicate_encryptionKeyIn; - } - else - { - // Get inner wrap key size - innerKeySize = in->symmetricAlg.keyBits.sym; - - // If provided the input symmetric key must match the size of the algorithm - if(in->encryptionKeyIn.t.size != 0 - && in->encryptionKeyIn.t.size != (innerKeySize + 7) / 8) - return TPM_RCS_SIZE + RC_Duplicate_encryptionKeyIn; - } - -// Command Output - - if(in->newParentHandle != TPM_RH_NULL) - { - // Make encrypt key and its associated secret structure. A TPM_RC_KEY - // error may be returned at this point - out->outSymSeed.t.size = sizeof(out->outSymSeed.t.secret); - result = CryptSecretEncrypt(newParent, DUPLICATE_STRING, &data, - &out->outSymSeed); - if(result != TPM_RC_SUCCESS) - return result; - } - else - { - // Do not apply outer wrapper - data.t.size = 0; - out->outSymSeed.t.size = 0; - } - - // Copy sensitive area - sensitive = object->sensitive; - - // Prepare output private data from sensitive. - // Note: If there is no encryption key, one will be provided by - // SensitiveToDuplicate(). This is why the assignment of encryptionKeyIn to - // encryptionKeyOut will work properly and is not conditional. - SensitiveToDuplicate(&sensitive, &object->name.b, newParent, - object->publicArea.nameAlg, &data.b, - &in->symmetricAlg, &in->encryptionKeyIn, - &out->duplicate); - - out->encryptionKeyOut = in->encryptionKeyIn; - - return TPM_RC_SUCCESS; -} - -#endif // CC_Duplicate \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Duplication/Import.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Duplication/Import.c deleted file mode 100644 index 2ed53ccb6..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Duplication/Import.c +++ /dev/null @@ -1,209 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "Import_fp.h" - -#if CC_Import // Conditional expansion of this file - -#include "Object_spt_fp.h" - -/*(See part 3 specification) -// This command allows an asymmetrically encrypted blob, containing a duplicated -// object to be re-encrypted using the group symmetric key associated with the -// parent. -*/ -// Return Type: TPM_RC -// TPM_RC_ATTRIBUTES 'FixedTPM' and 'fixedParent' of 'objectPublic' are not -// both CLEAR; or 'inSymSeed' is nonempty and -// 'parentHandle' does not reference a decryption key; or -// 'objectPublic' and 'parentHandle' have incompatible -// or inconsistent attributes; or -// encrytpedDuplication is SET in 'objectPublic' but the -// inner or outer wrapper is missing. -// Note that if the TPM provides parameter values, the -// parameter number will indicate 'symmetricKey' (missing -// inner wrapper) or 'inSymSeed' (missing outer wrapper) -// TPM_RC_BINDING 'duplicate' and 'objectPublic' are not -// cryptographically bound -// TPM_RC_ECC_POINT 'inSymSeed' is nonempty and ECC point in 'inSymSeed' -// is not on the curve -// TPM_RC_HASH 'objectPublic' does not have a valid nameAlg -// TPM_RC_INSUFFICIENT 'inSymSeed' is nonempty and failed to retrieve ECC -// point from the secret; or unmarshaling sensitive value -// from 'duplicate' failed the result of 'inSymSeed' -// decryption -// TPM_RC_INTEGRITY 'duplicate' integrity is broken -// TPM_RC_KDF 'objectPublic' representing decrypting keyed hash -// object specifies invalid KDF -// TPM_RC_KEY inconsistent parameters of 'objectPublic'; or -// 'inSymSeed' is nonempty and 'parentHandle' does not -// reference a key of supported type; or -// invalid key size in 'objectPublic' representing an -// asymmetric key -// TPM_RC_NO_RESULT 'inSymSeed' is nonempty and multiplication resulted in -// ECC point at infinity -// TPM_RC_OBJECT_MEMORY no available object slot -// TPM_RC_SCHEME inconsistent attributes 'decrypt', 'sign', -// 'restricted' and key's scheme ID in 'objectPublic'; -// or hash algorithm is inconsistent with the scheme ID -// for keyed hash object -// TPM_RC_SIZE 'authPolicy' size does not match digest size of the -// name algorithm in 'objectPublic'; or -// 'symmetricAlg' and 'encryptionKey' have different -// sizes; or -// 'inSymSeed' is nonempty and it size is not -// consistent with the type of 'parentHandle'; or -// unmarshaling sensitive value from 'duplicate' failed -// TPM_RC_SYMMETRIC 'objectPublic' is either a storage key with no -// symmetric algorithm or a non-storage key with -// symmetric algorithm different from TPM_ALG_NULL -// TPM_RC_TYPE unsupported type of 'objectPublic'; or -// 'parentHandle' is not a storage key; or -// only the public portion of 'parentHandle' is loaded; -// or 'objectPublic' and 'duplicate' are of different -// types -// TPM_RC_VALUE nonempty 'inSymSeed' and its numeric value is -// greater than the modulus of the key referenced by -// 'parentHandle' or 'inSymSeed' is larger than the -// size of the digest produced by the name algorithm of -// the symmetric key referenced by 'parentHandle' -TPM_RC -TPM2_Import( - Import_In *in, // IN: input parameter list - Import_Out *out // OUT: output parameter list - ) -{ - TPM_RC result = TPM_RC_SUCCESS; - OBJECT *parentObject; - TPM2B_DATA data; // symmetric key - TPMT_SENSITIVE sensitive; - TPM2B_NAME name; - TPMA_OBJECT attributes; - UINT16 innerKeySize = 0; // encrypt key size for inner - // wrapper - -// Input Validation - // to save typing - attributes = in->objectPublic.publicArea.objectAttributes; - // FixedTPM and fixedParent must be CLEAR - if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, fixedTPM) - || IS_ATTRIBUTE(attributes, TPMA_OBJECT, fixedParent)) - return TPM_RCS_ATTRIBUTES + RC_Import_objectPublic; - - // Get parent pointer - parentObject = HandleToObject(in->parentHandle); - - if(!ObjectIsParent(parentObject)) - return TPM_RCS_TYPE + RC_Import_parentHandle; - - if(in->symmetricAlg.algorithm != TPM_ALG_NULL) - { - // Get inner wrap key size - innerKeySize = in->symmetricAlg.keyBits.sym; - // Input symmetric key must match the size of algorithm. - if(in->encryptionKey.t.size != (innerKeySize + 7) / 8) - return TPM_RCS_SIZE + RC_Import_encryptionKey; - } - else - { - // If input symmetric algorithm is NULL, input symmetric key size must - // be 0 as well - if(in->encryptionKey.t.size != 0) - return TPM_RCS_SIZE + RC_Import_encryptionKey; - // If encryptedDuplication is SET, then the object must have an inner - // wrapper - if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, encryptedDuplication)) - return TPM_RCS_ATTRIBUTES + RC_Import_encryptionKey; - } - // See if there is an outer wrapper - if(in->inSymSeed.t.size != 0) - { - // in->inParentHandle is a parent, but in order to decrypt an outer wrapper, - // it must be able to do key exchange and a symmetric key can't do that. - if(parentObject->publicArea.type == TPM_ALG_SYMCIPHER) - return TPM_RCS_TYPE + RC_Import_parentHandle; - - // Decrypt input secret data via asymmetric decryption. TPM_RC_ATTRIBUTES, - // TPM_RC_ECC_POINT, TPM_RC_INSUFFICIENT, TPM_RC_KEY, TPM_RC_NO_RESULT, - // TPM_RC_SIZE, TPM_RC_VALUE may be returned at this point - result = CryptSecretDecrypt(parentObject, NULL, DUPLICATE_STRING, - &in->inSymSeed, &data); - pAssert(result != TPM_RC_BINDING); - if(result != TPM_RC_SUCCESS) - return RcSafeAddToResult(result, RC_Import_inSymSeed); - } - else - { - // If encrytpedDuplication is set, then the object must have an outer - // wrapper - if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, encryptedDuplication)) - return TPM_RCS_ATTRIBUTES + RC_Import_inSymSeed; - data.t.size = 0; - } - // Compute name of object - PublicMarshalAndComputeName(&(in->objectPublic.publicArea), &name); - if(name.t.size == 0) - return TPM_RCS_HASH + RC_Import_objectPublic; - - // Retrieve sensitive from private. - // TPM_RC_INSUFFICIENT, TPM_RC_INTEGRITY, TPM_RC_SIZE may be returned here. - result = DuplicateToSensitive(&in->duplicate.b, &name.b, parentObject, - in->objectPublic.publicArea.nameAlg, - &data.b, &in->symmetricAlg, - &in->encryptionKey.b, &sensitive); - if(result != TPM_RC_SUCCESS) - return RcSafeAddToResult(result, RC_Import_duplicate); - - // If the parent of this object has fixedTPM SET, then validate this - // object as if it were being loaded so that validation can be skipped - // when it is actually loaded. - if(IS_ATTRIBUTE(parentObject->publicArea.objectAttributes, TPMA_OBJECT, fixedTPM)) - { - result = ObjectLoad(NULL, NULL, &in->objectPublic.publicArea, - &sensitive, RC_Import_objectPublic, RC_Import_duplicate, - NULL); - } -// Command output - if(result == TPM_RC_SUCCESS) - { - // Prepare output private data from sensitive - SensitiveToPrivate(&sensitive, &name, parentObject, - in->objectPublic.publicArea.nameAlg, - &out->outPrivate); - } - return result; -} - -#endif // CC_Import \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Duplication/Rewrap.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Duplication/Rewrap.c deleted file mode 100644 index ed29e4e1d..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Duplication/Rewrap.c +++ /dev/null @@ -1,160 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "Rewrap_fp.h" - -#if CC_Rewrap // Conditional expansion of this file - -#include "Object_spt_fp.h" - -/*(See part 3 specification) -// This command allows the TPM to serve in the role as an MA. -*/ -// Return Type: TPM_RC -// TPM_RC_ATTRIBUTES 'newParent' is not a decryption key -// TPM_RC_HANDLE 'oldParent' does not consistent with inSymSeed -// TPM_RC_INTEGRITY the integrity check of 'inDuplicate' failed -// TPM_RC_KEY for an ECC key, the public key is not on the curve -// of the curve ID -// TPM_RC_KEY_SIZE the decrypted input symmetric key size -// does not matches the symmetric algorithm -// key size of 'oldParent' -// TPM_RC_TYPE 'oldParent' is not a storage key, or 'newParent -// is not a storage key -// TPM_RC_VALUE for an 'oldParent; RSA key, the data to be decrypted -// is greater than the public exponent -// Unmarshal errors errors during unmarshaling the input -// encrypted buffer to a ECC public key, or -// unmarshal the private buffer to sensitive -TPM_RC -TPM2_Rewrap( - Rewrap_In *in, // IN: input parameter list - Rewrap_Out *out // OUT: output parameter list - ) -{ - TPM_RC result = TPM_RC_SUCCESS; - TPM2B_DATA data; // symmetric key - UINT16 hashSize = 0; - TPM2B_PRIVATE privateBlob; // A temporary private blob - // to transit between old - // and new wrappers -// Input Validation - if((in->inSymSeed.t.size == 0 && in->oldParent != TPM_RH_NULL) - || (in->inSymSeed.t.size != 0 && in->oldParent == TPM_RH_NULL)) - return TPM_RCS_HANDLE + RC_Rewrap_oldParent; - if(in->oldParent != TPM_RH_NULL) - { - OBJECT *oldParent = HandleToObject(in->oldParent); - - // old parent key must be a storage object - if(!ObjectIsStorage(in->oldParent)) - return TPM_RCS_TYPE + RC_Rewrap_oldParent; - // Decrypt input secret data via asymmetric decryption. A - // TPM_RC_VALUE, TPM_RC_KEY or unmarshal errors may be returned at this - // point - result = CryptSecretDecrypt(oldParent, NULL, DUPLICATE_STRING, - &in->inSymSeed, &data); - if(result != TPM_RC_SUCCESS) - return TPM_RCS_VALUE + RC_Rewrap_inSymSeed; - // Unwrap Outer - result = UnwrapOuter(oldParent, &in->name.b, - oldParent->publicArea.nameAlg, &data.b, - FALSE, - in->inDuplicate.t.size, in->inDuplicate.t.buffer); - if(result != TPM_RC_SUCCESS) - return RcSafeAddToResult(result, RC_Rewrap_inDuplicate); - // Copy unwrapped data to temporary variable, remove the integrity field - hashSize = sizeof(UINT16) + - CryptHashGetDigestSize(oldParent->publicArea.nameAlg); - privateBlob.t.size = in->inDuplicate.t.size - hashSize; - pAssert(privateBlob.t.size <= sizeof(privateBlob.t.buffer)); - MemoryCopy(privateBlob.t.buffer, in->inDuplicate.t.buffer + hashSize, - privateBlob.t.size); - } - else - { - // No outer wrap from input blob. Direct copy. - privateBlob = in->inDuplicate; - } - if(in->newParent != TPM_RH_NULL) - { - OBJECT *newParent; - newParent = HandleToObject(in->newParent); - - // New parent must be a storage object - if(!ObjectIsStorage(in->newParent)) - return TPM_RCS_TYPE + RC_Rewrap_newParent; - // Make new encrypt key and its associated secret structure. A - // TPM_RC_VALUE error may be returned at this point if RSA algorithm is - // enabled in TPM - out->outSymSeed.t.size = sizeof(out->outSymSeed.t.secret); - result = CryptSecretEncrypt(newParent, DUPLICATE_STRING, &data, - &out->outSymSeed); - if(result != TPM_RC_SUCCESS) - return result; - // Copy temporary variable to output, reserve the space for integrity - hashSize = sizeof(UINT16) + - CryptHashGetDigestSize(newParent->publicArea.nameAlg); - // Make sure that everything fits into the output buffer - // Note: this is mostly only an issue if there was no outer wrapper on - // 'inDuplicate'. It could be as large as a TPM2B_PRIVATE buffer. If we add - // a digest for an outer wrapper, it won't fit anymore. - if((privateBlob.t.size + hashSize) > sizeof(out->outDuplicate.t.buffer)) - return TPM_RCS_VALUE + RC_Rewrap_inDuplicate; -// Command output - out->outDuplicate.t.size = privateBlob.t.size; - pAssert(privateBlob.t.size - <= sizeof(out->outDuplicate.t.buffer) - hashSize); - MemoryCopy(out->outDuplicate.t.buffer + hashSize, privateBlob.t.buffer, - privateBlob.t.size); - // Produce outer wrapper for output - out->outDuplicate.t.size = ProduceOuterWrap(newParent, &in->name.b, - newParent->publicArea.nameAlg, - &data.b, - FALSE, - out->outDuplicate.t.size, - out->outDuplicate.t.buffer); - } - else // New parent is a null key so there is no seed - { - out->outSymSeed.t.size = 0; - - // Copy privateBlob directly - out->outDuplicate = privateBlob; - } - return TPM_RC_SUCCESS; -} - -#endif // CC_Rewrap \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyAuthValue.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyAuthValue.c deleted file mode 100644 index 8f395d842..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyAuthValue.c +++ /dev/null @@ -1,81 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "PolicyAuthValue_fp.h" - -#if CC_PolicyAuthValue // Conditional expansion of this file - -#include "Policy_spt_fp.h" - -/*(See part 3 specification) -// allows a policy to be bound to the authorization value of the authorized -// object -*/ -TPM_RC -TPM2_PolicyAuthValue( - PolicyAuthValue_In *in // IN: input parameter list - ) -{ - SESSION *session; - TPM_CC commandCode = TPM_CC_PolicyAuthValue; - HASH_STATE hashState; - -// Internal Data Update - - // Get pointer to the session structure - session = SessionGet(in->policySession); - - // Update policy hash - // policyDigestnew = hash(policyDigestold || TPM_CC_PolicyAuthValue) - // Start hash - CryptHashStart(&hashState, session->authHashAlg); - - // add old digest - CryptDigestUpdate2B(&hashState, &session->u2.policyDigest.b); - - // add commandCode - CryptDigestUpdateInt(&hashState, sizeof(TPM_CC), commandCode); - - // complete the hash and get the results - CryptHashEnd2B(&hashState, &session->u2.policyDigest.b); - - // update isAuthValueNeeded bit in the session context - session->attributes.isAuthValueNeeded = SET; - session->attributes.isPasswordNeeded = CLEAR; - - return TPM_RC_SUCCESS; -} - -#endif // CC_PolicyAuthValue \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyAuthorize.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyAuthorize.c deleted file mode 100644 index a3b35aba6..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyAuthorize.c +++ /dev/null @@ -1,125 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "PolicyAuthorize_fp.h" - -#if CC_PolicyAuthorize // Conditional expansion of this file - -#include "Policy_spt_fp.h" - -/*(See part 3 specification) -// Change policy by a signature from authority -*/ -// Return Type: TPM_RC -// TPM_RC_HASH hash algorithm in 'keyName' is not supported -// TPM_RC_SIZE 'keyName' is not the correct size for its hash algorithm -// TPM_RC_VALUE the current policyDigest of 'policySession' does not -// match 'approvedPolicy'; or 'checkTicket' doesn't match -// the provided values -TPM_RC -TPM2_PolicyAuthorize( - PolicyAuthorize_In *in // IN: input parameter list - ) -{ - SESSION *session; - TPM2B_DIGEST authHash; - HASH_STATE hashState; - TPMT_TK_VERIFIED ticket; - TPM_ALG_ID hashAlg; - UINT16 digestSize; - -// Input Validation - - // Get pointer to the session structure - session = SessionGet(in->policySession); - - // Extract from the Name of the key, the algorithm used to compute it's Name - hashAlg = BYTE_ARRAY_TO_UINT16(in->keySign.t.name); - - // 'keySign' parameter needs to use a supported hash algorithm, otherwise - // can't tell how large the digest should be - if(!CryptHashIsValidAlg(hashAlg, FALSE)) - return TPM_RCS_HASH + RC_PolicyAuthorize_keySign; - - digestSize = CryptHashGetDigestSize(hashAlg); - if(digestSize != (in->keySign.t.size - 2)) - return TPM_RCS_SIZE + RC_PolicyAuthorize_keySign; - - //If this is a trial policy, skip all validations - if(session->attributes.isTrialPolicy == CLEAR) - { - // Check that "approvedPolicy" matches the current value of the - // policyDigest in policy session - if(!MemoryEqual2B(&session->u2.policyDigest.b, - &in->approvedPolicy.b)) - return TPM_RCS_VALUE + RC_PolicyAuthorize_approvedPolicy; - - // Validate ticket TPMT_TK_VERIFIED - // Compute aHash. The authorizing object sign a digest - // aHash := hash(approvedPolicy || policyRef). - // Start hash - authHash.t.size = CryptHashStart(&hashState, hashAlg); - - // add approvedPolicy - CryptDigestUpdate2B(&hashState, &in->approvedPolicy.b); - - // add policyRef - CryptDigestUpdate2B(&hashState, &in->policyRef.b); - - // complete hash - CryptHashEnd2B(&hashState, &authHash.b); - - // re-compute TPMT_TK_VERIFIED - TicketComputeVerified(in->checkTicket.hierarchy, &authHash, - &in->keySign, &ticket); - - // Compare ticket digest. If not match, return error - if(!MemoryEqual2B(&in->checkTicket.digest.b, &ticket.digest.b)) - return TPM_RCS_VALUE + RC_PolicyAuthorize_checkTicket; - } - -// Internal Data Update - - // Set policyDigest to zero digest - PolicyDigestClear(session); - - // Update policyDigest - PolicyContextUpdate(TPM_CC_PolicyAuthorize, &in->keySign, &in->policyRef, - NULL, 0, session); - - return TPM_RC_SUCCESS; -} - -#endif // CC_PolicyAuthorize \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyAuthorizeNV.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyAuthorizeNV.c deleted file mode 100644 index 019548a40..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyAuthorizeNV.c +++ /dev/null @@ -1,117 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" - -#if CC_PolicyAuthorizeNV // Conditional expansion of this file -#include "PolicyAuthorizeNV_fp.h" -#include "Policy_spt_fp.h" - -/*(See part 3 specification) -// Change policy by a signature from authority -*/ -// Return Type: TPM_RC -// TPM_RC_HASH hash algorithm in 'keyName' is not supported or is not -// the same as the hash algorithm of the policy session -// TPM_RC_SIZE 'keyName' is not the correct size for its hash algorithm -// TPM_RC_VALUE the current policyDigest of 'policySession' does not -// match 'approvedPolicy'; or 'checkTicket' doesn't match -// the provided values -TPM_RC -TPM2_PolicyAuthorizeNV( - PolicyAuthorizeNV_In *in - ) -{ - SESSION *session; - TPM_RC result; - NV_REF locator; - NV_INDEX *nvIndex = NvGetIndexInfo(in->nvIndex, &locator); - TPM2B_NAME name; - TPMT_HA policyInNv; - BYTE nvTemp[sizeof(TPMT_HA)]; - BYTE *buffer = nvTemp; - INT32 size; - -// Input Validation - // Get pointer to the session structure - session = SessionGet(in->policySession); - - // Skip checks if this is a trial policy - if(!session->attributes.isTrialPolicy) - { - // Check the authorizations for reading - // Common read access checks. NvReadAccessChecks() returns - // TPM_RC_NV_AUTHORIZATION, TPM_RC_NV_LOCKED, or TPM_RC_NV_UNINITIALIZED - // error may be returned at this point - result = NvReadAccessChecks(in->authHandle, in->nvIndex, - nvIndex->publicArea.attributes); - if(result != TPM_RC_SUCCESS) - return result; - - // Read the contents of the index into a temp buffer - size = MIN(nvIndex->publicArea.dataSize, sizeof(TPMT_HA)); - NvGetIndexData(nvIndex, locator, 0, (UINT16)size, nvTemp); - - // Unmarshal the contents of the buffer into the internal format of a - // TPMT_HA so that the hash and digest elements can be accessed from the - // structure rather than the byte array that is in the Index (written by - // user of the Index). - result = TPMT_HA_Unmarshal(&policyInNv, &buffer, &size, FALSE); - if(result != TPM_RC_SUCCESS) - return result; - - // Verify that the hash is the same - if(policyInNv.hashAlg != session->authHashAlg) - return TPM_RC_HASH; - - // See if the contents of the digest in the Index matches the value - // in the policy - if(!MemoryEqual(&policyInNv.digest, &session->u2.policyDigest.t.buffer, - session->u2.policyDigest.t.size)) - return TPM_RC_VALUE; - } - -// Internal Data Update - - // Set policyDigest to zero digest - PolicyDigestClear(session); - - // Update policyDigest - PolicyContextUpdate(TPM_CC_PolicyAuthorizeNV, EntityGetName(in->nvIndex, &name), - NULL, NULL, 0, session); - - return TPM_RC_SUCCESS; -} - -#endif // CC_PolicyAuthorize \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyCommandCode.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyCommandCode.c deleted file mode 100644 index dcd7f54dd..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyCommandCode.c +++ /dev/null @@ -1,90 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "PolicyCommandCode_fp.h" - -#if CC_PolicyCommandCode // Conditional expansion of this file - -/*(See part 3 specification) -// Add a Command Code restriction to the policyDigest -*/ -// Return Type: TPM_RC -// TPM_RC_VALUE 'commandCode' of 'policySession' previously set to -// a different value - -TPM_RC -TPM2_PolicyCommandCode( - PolicyCommandCode_In *in // IN: input parameter list - ) -{ - SESSION *session; - TPM_CC commandCode = TPM_CC_PolicyCommandCode; - HASH_STATE hashState; - -// Input validation - - // Get pointer to the session structure - session = SessionGet(in->policySession); - - if(session->commandCode != 0 && session->commandCode != in->code) - return TPM_RCS_VALUE + RC_PolicyCommandCode_code; - if(CommandCodeToCommandIndex(in->code) == UNIMPLEMENTED_COMMAND_INDEX) - return TPM_RCS_POLICY_CC + RC_PolicyCommandCode_code; - -// Internal Data Update - // Update policy hash - // policyDigestnew = hash(policyDigestold || TPM_CC_PolicyCommandCode || code) - // Start hash - CryptHashStart(&hashState, session->authHashAlg); - - // add old digest - CryptDigestUpdate2B(&hashState, &session->u2.policyDigest.b); - - // add commandCode - CryptDigestUpdateInt(&hashState, sizeof(TPM_CC), commandCode); - - // add input commandCode - CryptDigestUpdateInt(&hashState, sizeof(TPM_CC), in->code); - - // complete the hash and get the results - CryptHashEnd2B(&hashState, &session->u2.policyDigest.b); - - // update commandCode value in session context - session->commandCode = in->code; - - return TPM_RC_SUCCESS; -} - -#endif // CC_PolicyCommandCode \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyCounterTimer.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyCounterTimer.c deleted file mode 100644 index 1c447071f..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyCounterTimer.c +++ /dev/null @@ -1,129 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "PolicyCounterTimer_fp.h" - -#if CC_PolicyCounterTimer // Conditional expansion of this file - -#include "Policy_spt_fp.h" - -/*(See part 3 specification) -// Add a conditional gating of a policy based on the contents of the -// TPMS_TIME_INFO structure. -*/ -// Return Type: TPM_RC -// TPM_RC_POLICY the comparison of the selected portion of the -// TPMS_TIME_INFO with 'operandB' failed -// TPM_RC_RANGE 'offset' + 'size' exceed size of TPMS_TIME_INFO -// structure -TPM_RC -TPM2_PolicyCounterTimer( - PolicyCounterTimer_In *in // IN: input parameter list - ) -{ - SESSION *session; - TIME_INFO infoData; // data buffer of TPMS_TIME_INFO - BYTE *pInfoData = (BYTE *)&infoData; - UINT16 infoDataSize; - TPM_CC commandCode = TPM_CC_PolicyCounterTimer; - HASH_STATE hashState; - TPM2B_DIGEST argHash; - -// Input Validation - // Get a marshaled time structure - infoDataSize = TimeGetMarshaled(&infoData); - // Make sure that the referenced stays within the bounds of the structure. - // NOTE: the offset checks are made even for a trial policy because the policy - // will not make any sense if the references are out of bounds of the timer - // structure. - if(in->offset > infoDataSize) - return TPM_RCS_VALUE + RC_PolicyCounterTimer_offset; - if((UINT32)in->offset + (UINT32)in->operandB.t.size > infoDataSize) - return TPM_RCS_RANGE; - // Get pointer to the session structure - session = SessionGet(in->policySession); - - //If this is a trial policy, skip the check to see if the condition is met. - if(session->attributes.isTrialPolicy == CLEAR) - { - // If the command is going to use any part of the counter or timer, need - // to verify that time is advancing. - // The time and clock vales are the first two 64-bit values in the clock - if(in->offset < sizeof(UINT64) + sizeof(UINT64)) - { - // Using Clock or Time so see if clock is running. Clock doesn't - // run while NV is unavailable. - // TPM_RC_NV_UNAVAILABLE or TPM_RC_NV_RATE error may be returned here. - RETURN_IF_NV_IS_NOT_AVAILABLE; - } - // offset to the starting position - pInfoData = (BYTE *)infoData; - // Check to see if the condition is valid - if(!PolicySptCheckCondition(in->operation, pInfoData + in->offset, - in->operandB.t.buffer, in->operandB.t.size)) - return TPM_RC_POLICY; - } -// Internal Data Update - // Start argument list hash - argHash.t.size = CryptHashStart(&hashState, session->authHashAlg); - // add operandB - CryptDigestUpdate2B(&hashState, &in->operandB.b); - // add offset - CryptDigestUpdateInt(&hashState, sizeof(UINT16), in->offset); - // add operation - CryptDigestUpdateInt(&hashState, sizeof(TPM_EO), in->operation); - // complete argument hash - CryptHashEnd2B(&hashState, &argHash.b); - - // update policyDigest - // start hash - CryptHashStart(&hashState, session->authHashAlg); - - // add old digest - CryptDigestUpdate2B(&hashState, &session->u2.policyDigest.b); - - // add commandCode - CryptDigestUpdateInt(&hashState, sizeof(TPM_CC), commandCode); - - // add argument digest - CryptDigestUpdate2B(&hashState, &argHash.b); - - // complete the digest - CryptHashEnd2B(&hashState, &session->u2.policyDigest.b); - - return TPM_RC_SUCCESS; -} - -#endif // CC_PolicyCounterTimer \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyCpHash.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyCpHash.c deleted file mode 100644 index cdcfcb7ee..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyCpHash.c +++ /dev/null @@ -1,103 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "PolicyCpHash_fp.h" - -#if CC_PolicyCpHash // Conditional expansion of this file - -/*(See part 3 specification) -// Add a cpHash restriction to the policyDigest -*/ -// Return Type: TPM_RC -// TPM_RC_CPHASH cpHash of 'policySession' has previously been set -// to a different value -// TPM_RC_SIZE 'cpHashA' is not the size of a digest produced -// by the hash algorithm associated with -// 'policySession' -TPM_RC -TPM2_PolicyCpHash( - PolicyCpHash_In *in // IN: input parameter list - ) -{ - SESSION *session; - TPM_CC commandCode = TPM_CC_PolicyCpHash; - HASH_STATE hashState; - -// Input Validation - - // Get pointer to the session structure - session = SessionGet(in->policySession); - - // A valid cpHash must have the same size as session hash digest - // NOTE: the size of the digest can't be zero because TPM_ALG_NULL - // can't be used for the authHashAlg. - if(in->cpHashA.t.size != CryptHashGetDigestSize(session->authHashAlg)) - return TPM_RCS_SIZE + RC_PolicyCpHash_cpHashA; - - // error if the cpHash in session context is not empty and is not the same - // as the input or is not a cpHash - if((session->u1.cpHash.t.size != 0) - && (!session->attributes.isCpHashDefined - || !MemoryEqual2B(&in->cpHashA.b, &session->u1.cpHash.b))) - return TPM_RC_CPHASH; - - -// Internal Data Update - - // Update policy hash - // policyDigestnew = hash(policyDigestold || TPM_CC_PolicyCpHash || cpHashA) - // Start hash - CryptHashStart(&hashState, session->authHashAlg); - - // add old digest - CryptDigestUpdate2B(&hashState, &session->u2.policyDigest.b); - - // add commandCode - CryptDigestUpdateInt(&hashState, sizeof(TPM_CC), commandCode); - - // add cpHashA - CryptDigestUpdate2B(&hashState, &in->cpHashA.b); - - // complete the digest and get the results - CryptHashEnd2B(&hashState, &session->u2.policyDigest.b); - - // update cpHash in session context - session->u1.cpHash = in->cpHashA; - session->attributes.isCpHashDefined = SET; - - return TPM_RC_SUCCESS; -} - -#endif // CC_PolicyCpHash \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyDuplicationSelect.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyDuplicationSelect.c deleted file mode 100644 index 6eec4a773..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyDuplicationSelect.c +++ /dev/null @@ -1,113 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "PolicyDuplicationSelect_fp.h" - -#if CC_PolicyDuplicationSelect // Conditional expansion of this file - -/*(See part 3 specification) -// allows qualification of duplication so that it a specific new parent may be -// selected or a new parent selected for a specific object. -*/ -// Return Type: TPM_RC -// TPM_RC_COMMAND_CODE 'commandCode' of 'policySession; is not empty -// TPM_RC_CPHASH 'cpHash' of 'policySession' is not empty -TPM_RC -TPM2_PolicyDuplicationSelect( - PolicyDuplicationSelect_In *in // IN: input parameter list - ) -{ - SESSION *session; - HASH_STATE hashState; - TPM_CC commandCode = TPM_CC_PolicyDuplicationSelect; - -// Input Validation - - // Get pointer to the session structure - session = SessionGet(in->policySession); - - // cpHash in session context must be empty - if(session->u1.cpHash.t.size != 0) - return TPM_RC_CPHASH; - - // commandCode in session context must be empty - if(session->commandCode != 0) - return TPM_RC_COMMAND_CODE; - -// Internal Data Update - - // Update name hash - session->u1.cpHash.t.size = CryptHashStart(&hashState, session->authHashAlg); - - // add objectName - CryptDigestUpdate2B(&hashState, &in->objectName.b); - - // add new parent name - CryptDigestUpdate2B(&hashState, &in->newParentName.b); - - // complete hash - CryptHashEnd2B(&hashState, &session->u1.cpHash.b); - - // update policy hash - // Old policyDigest size should be the same as the new policyDigest size since - // they are using the same hash algorithm - session->u2.policyDigest.t.size - = CryptHashStart(&hashState, session->authHashAlg); -// add old policy - CryptDigestUpdate2B(&hashState, &session->u2.policyDigest.b); - - // add command code - CryptDigestUpdateInt(&hashState, sizeof(TPM_CC), commandCode); - - // add objectName - if(in->includeObject == YES) - CryptDigestUpdate2B(&hashState, &in->objectName.b); - - // add new parent name - CryptDigestUpdate2B(&hashState, &in->newParentName.b); - - // add includeObject - CryptDigestUpdateInt(&hashState, sizeof(TPMI_YES_NO), in->includeObject); - - // complete digest - CryptHashEnd2B(&hashState, &session->u2.policyDigest.b); - - // set commandCode in session context - session->commandCode = TPM_CC_Duplicate; - - return TPM_RC_SUCCESS; -} - -#endif // CC_PolicyDuplicationSelect \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyGetDigest.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyGetDigest.c deleted file mode 100644 index decadfc03..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyGetDigest.c +++ /dev/null @@ -1,61 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "PolicyGetDigest_fp.h" - -#if CC_PolicyGetDigest // Conditional expansion of this file - -/*(See part 3 specification) -// returns the current policyDigest of the session -*/ -TPM_RC -TPM2_PolicyGetDigest( - PolicyGetDigest_In *in, // IN: input parameter list - PolicyGetDigest_Out *out // OUT: output parameter list - ) -{ - SESSION *session; - -// Command Output - - // Get pointer to the session structure - session = SessionGet(in->policySession); - - out->policyDigest = session->u2.policyDigest; - - return TPM_RC_SUCCESS; -} - -#endif // CC_PolicyGetDigest \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyLocality.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyLocality.c deleted file mode 100644 index cff6c77a8..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyLocality.c +++ /dev/null @@ -1,138 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "PolicyLocality_fp.h" - - -#if CC_PolicyLocality // Conditional expansion of this file - -// Return Type: TPM_RC -// TPM_RC_RANGE all the locality values selected by -// 'locality' have been disabled -// by previous TPM2_PolicyLocality() calls. -TPM_RC -TPM2_PolicyLocality( - PolicyLocality_In *in // IN: input parameter list - ) -{ - SESSION *session; - BYTE marshalBuffer[sizeof(TPMA_LOCALITY)]; - BYTE prevSetting[sizeof(TPMA_LOCALITY)]; - UINT32 marshalSize; - BYTE *buffer; - TPM_CC commandCode = TPM_CC_PolicyLocality; - HASH_STATE hashState; - -// Input Validation - - // Get pointer to the session structure - session = SessionGet(in->policySession); - - // Get new locality setting in canonical form - marshalBuffer[0] = 0; // Code analysis says that this is not initialized - buffer = marshalBuffer; - marshalSize = TPMA_LOCALITY_Marshal(&in->locality, &buffer, NULL); - - // Its an error if the locality parameter is zero - if(marshalBuffer[0] == 0) - return TPM_RCS_RANGE + RC_PolicyLocality_locality; - - // Get existing locality setting in canonical form - prevSetting[0] = 0; // Code analysis says that this is not initialized - buffer = prevSetting; - TPMA_LOCALITY_Marshal(&session->commandLocality, &buffer, NULL); - - // If the locality has previously been set - if(prevSetting[0] != 0 - // then the current locality setting and the requested have to be the same - // type (that is, either both normal or both extended - && ((prevSetting[0] < 32) != (marshalBuffer[0] < 32))) - return TPM_RCS_RANGE + RC_PolicyLocality_locality; - - // See if the input is a regular or extended locality - if(marshalBuffer[0] < 32) - { - // if there was no previous setting, start with all normal localities - // enabled - if(prevSetting[0] == 0) - prevSetting[0] = 0x1F; - - // AND the new setting with the previous setting and store it in prevSetting - prevSetting[0] &= marshalBuffer[0]; - - // The result setting can not be 0 - if(prevSetting[0] == 0) - return TPM_RCS_RANGE + RC_PolicyLocality_locality; - } - else - { - // for extended locality - // if the locality has already been set, then it must match the - if(prevSetting[0] != 0 && prevSetting[0] != marshalBuffer[0]) - return TPM_RCS_RANGE + RC_PolicyLocality_locality; - - // Setting is OK - prevSetting[0] = marshalBuffer[0]; - } - -// Internal Data Update - - // Update policy hash - // policyDigestnew = hash(policyDigestold || TPM_CC_PolicyLocality || locality) - // Start hash - CryptHashStart(&hashState, session->authHashAlg); - - // add old digest - CryptDigestUpdate2B(&hashState, &session->u2.policyDigest.b); - - // add commandCode - CryptDigestUpdateInt(&hashState, sizeof(TPM_CC), commandCode); - - // add input locality - CryptDigestUpdate(&hashState, marshalSize, marshalBuffer); - - // complete the digest - CryptHashEnd2B(&hashState, &session->u2.policyDigest.b); - - // update session locality by unmarshal function. The function must succeed - // because both input and existing locality setting have been validated. - buffer = prevSetting; - TPMA_LOCALITY_Unmarshal(&session->commandLocality, &buffer, - (INT32 *)&marshalSize); - - return TPM_RC_SUCCESS; -} - -#endif // CC_PolicyLocality \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyNV.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyNV.c deleted file mode 100644 index 65e7a91f0..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyNV.c +++ /dev/null @@ -1,143 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "PolicyNV_fp.h" - -#if CC_PolicyNV // Conditional expansion of this file - -#include "Policy_spt_fp.h" - -/*(See part 3 specification) -// Do comparison to NV location -*/ -// Return Type: TPM_RC -// TPM_RC_AUTH_TYPE NV index authorization type is not correct -// TPM_RC_NV_LOCKED NV index read locked -// TPM_RC_NV_UNINITIALIZED the NV index has not been initialized -// TPM_RC_POLICY the comparison to the NV contents failed -// TPM_RC_SIZE the size of 'nvIndex' data starting at 'offset' -// is less than the size of 'operandB' -// TPM_RC_VALUE 'offset' is too large -TPM_RC -TPM2_PolicyNV( - PolicyNV_In *in // IN: input parameter list - ) -{ - TPM_RC result; - SESSION *session; - NV_REF locator; - NV_INDEX *nvIndex; - BYTE nvBuffer[sizeof(in->operandB.t.buffer)]; - TPM2B_NAME nvName; - TPM_CC commandCode = TPM_CC_PolicyNV; - HASH_STATE hashState; - TPM2B_DIGEST argHash; - -// Input Validation - - // Get pointer to the session structure - session = SessionGet(in->policySession); - - //If this is a trial policy, skip all validations and the operation - if(session->attributes.isTrialPolicy == CLEAR) - { - // No need to access the actual NV index information for a trial policy. - nvIndex = NvGetIndexInfo(in->nvIndex, &locator); - - // Common read access checks. NvReadAccessChecks() may return - // TPM_RC_NV_AUTHORIZATION, TPM_RC_NV_LOCKED, or TPM_RC_NV_UNINITIALIZED - result = NvReadAccessChecks(in->authHandle, - in->nvIndex, - nvIndex->publicArea.attributes); - if(result != TPM_RC_SUCCESS) - return result; - - // Make sure that offset is withing range - if(in->offset > nvIndex->publicArea.dataSize) - return TPM_RCS_VALUE + RC_PolicyNV_offset; - - // Valid NV data size should not be smaller than input operandB size - if((nvIndex->publicArea.dataSize - in->offset) < in->operandB.t.size) - return TPM_RCS_SIZE + RC_PolicyNV_operandB; - - - // Get NV data. The size of NV data equals the input operand B size - NvGetIndexData(nvIndex, locator, in->offset, in->operandB.t.size, nvBuffer); - - // Check to see if the condition is valid - if(!PolicySptCheckCondition(in->operation, nvBuffer, - in->operandB.t.buffer, in->operandB.t.size)) - return TPM_RC_POLICY; - } -// Internal Data Update - - // Start argument hash - argHash.t.size = CryptHashStart(&hashState, session->authHashAlg); - - // add operandB - CryptDigestUpdate2B(&hashState, &in->operandB.b); - - // add offset - CryptDigestUpdateInt(&hashState, sizeof(UINT16), in->offset); - - // add operation - CryptDigestUpdateInt(&hashState, sizeof(TPM_EO), in->operation); - - // complete argument digest - CryptHashEnd2B(&hashState, &argHash.b); - - // Update policyDigest - // Start digest - CryptHashStart(&hashState, session->authHashAlg); - - // add old digest - CryptDigestUpdate2B(&hashState, &session->u2.policyDigest.b); - - // add commandCode - CryptDigestUpdateInt(&hashState, sizeof(TPM_CC), commandCode); - - // add argument digest - CryptDigestUpdate2B(&hashState, &argHash.b); - - // Adding nvName - CryptDigestUpdate2B(&hashState, &EntityGetName(in->nvIndex, &nvName)->b); - - // complete the digest - CryptHashEnd2B(&hashState, &session->u2.policyDigest.b); - - return TPM_RC_SUCCESS; -} - -#endif // CC_PolicyNV \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyNameHash.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyNameHash.c deleted file mode 100644 index fc9e28e4d..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyNameHash.c +++ /dev/null @@ -1,99 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "PolicyNameHash_fp.h" - -#if CC_PolicyNameHash // Conditional expansion of this file - -/*(See part 3 specification) -// Add a nameHash restriction to the policyDigest -*/ -// Return Type: TPM_RC -// TPM_RC_CPHASH 'nameHash' has been previously set to a different value -// TPM_RC_SIZE 'nameHash' is not the size of the digest produced by the -// hash algorithm associated with 'policySession' -TPM_RC -TPM2_PolicyNameHash( - PolicyNameHash_In *in // IN: input parameter list - ) -{ - SESSION *session; - TPM_CC commandCode = TPM_CC_PolicyNameHash; - HASH_STATE hashState; - -// Input Validation - - // Get pointer to the session structure - session = SessionGet(in->policySession); - - // A valid nameHash must have the same size as session hash digest - // Since the authHashAlg for a session cannot be TPM_ALG_NULL, the digest size - // is always non-zero. - if(in->nameHash.t.size != CryptHashGetDigestSize(session->authHashAlg)) - return TPM_RCS_SIZE + RC_PolicyNameHash_nameHash; - - // u1 in the policy session context cannot otherwise be occupied - if(session->u1.cpHash.b.size != 0 - || session->attributes.isBound - || session->attributes.isCpHashDefined - || session->attributes.isTemplateSet) - return TPM_RC_CPHASH; - -// Internal Data Update - - // Update policy hash - // policyDigestnew = hash(policyDigestold || TPM_CC_PolicyNameHash || nameHash) - // Start hash - CryptHashStart(&hashState, session->authHashAlg); - - // add old digest - CryptDigestUpdate2B(&hashState, &session->u2.policyDigest.b); - - // add commandCode - CryptDigestUpdateInt(&hashState, sizeof(TPM_CC), commandCode); - - // add nameHash - CryptDigestUpdate2B(&hashState, &in->nameHash.b); - - // complete the digest - CryptHashEnd2B(&hashState, &session->u2.policyDigest.b); - - // update nameHash in session context - session->u1.cpHash = in->nameHash; - - return TPM_RC_SUCCESS; -} - -#endif // CC_PolicyNameHash \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyNvWritten.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyNvWritten.c deleted file mode 100644 index d71af6c0a..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyNvWritten.c +++ /dev/null @@ -1,95 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "PolicyNvWritten_fp.h" - -#if CC_PolicyNvWritten // Conditional expansion of this file - -// Make an NV Index policy dependent on the state of the TPMA_NV_WRITTEN -// attribute of the index. -// Return Type: TPM_RC -// TPM_RC_VALUE a conflicting request for the attribute has -// already been processed -TPM_RC -TPM2_PolicyNvWritten( - PolicyNvWritten_In *in // IN: input parameter list - ) -{ - SESSION *session; - TPM_CC commandCode = TPM_CC_PolicyNvWritten; - HASH_STATE hashState; - -// Input Validation - - // Get pointer to the session structure - session = SessionGet(in->policySession); - - // If already set is this a duplicate (the same setting)? If it - // is a conflicting setting, it is an error - if(session->attributes.checkNvWritten == SET) - { - if(((session->attributes.nvWrittenState == SET) - != (in->writtenSet == YES))) - return TPM_RCS_VALUE + RC_PolicyNvWritten_writtenSet; - } - -// Internal Data Update - - // Set session attributes so that the NV Index needs to be checked - session->attributes.checkNvWritten = SET; - session->attributes.nvWrittenState = (in->writtenSet == YES); - - // Update policy hash - // policyDigestnew = hash(policyDigestold || TPM_CC_PolicyNvWritten - // || writtenSet) - // Start hash - CryptHashStart(&hashState, session->authHashAlg); - - // add old digest - CryptDigestUpdate2B(&hashState, &session->u2.policyDigest.b); - - // add commandCode - CryptDigestUpdateInt(&hashState, sizeof(TPM_CC), commandCode); - - // add the byte of writtenState - CryptDigestUpdateInt(&hashState, sizeof(TPMI_YES_NO), in->writtenSet); - - // complete the digest - CryptHashEnd2B(&hashState, &session->u2.policyDigest.b); - - return TPM_RC_SUCCESS; -} - -#endif // CC_PolicyNvWritten \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyOR.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyOR.c deleted file mode 100644 index 8d0553628..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyOR.c +++ /dev/null @@ -1,99 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "PolicyOR_fp.h" - -#if CC_PolicyOR // Conditional expansion of this file - -#include "Policy_spt_fp.h" - -/*(See part 3 specification) -// PolicyOR command -*/ -// Return Type: TPM_RC -// TPM_RC_VALUE no digest in 'pHashList' matched the current -// value of policyDigest for 'policySession' -TPM_RC -TPM2_PolicyOR( - PolicyOR_In *in // IN: input parameter list - ) -{ - SESSION *session; - UINT32 i; - -// Input Validation and Update - - // Get pointer to the session structure - session = SessionGet(in->policySession); - - // Compare and Update Internal Session policy if match - for(i = 0; i < in->pHashList.count; i++) - { - if(session->attributes.isTrialPolicy == SET - || (MemoryEqual2B(&session->u2.policyDigest.b, - &in->pHashList.digests[i].b))) - { - // Found a match - HASH_STATE hashState; - TPM_CC commandCode = TPM_CC_PolicyOR; - - // Start hash - session->u2.policyDigest.t.size - = CryptHashStart(&hashState, session->authHashAlg); - // Set policyDigest to 0 string and add it to hash - MemorySet(session->u2.policyDigest.t.buffer, 0, - session->u2.policyDigest.t.size); - CryptDigestUpdate2B(&hashState, &session->u2.policyDigest.b); - - // add command code - CryptDigestUpdateInt(&hashState, sizeof(TPM_CC), commandCode); - - // Add each of the hashes in the list - for(i = 0; i < in->pHashList.count; i++) - { - // Extend policyDigest - CryptDigestUpdate2B(&hashState, &in->pHashList.digests[i].b); - } - // Complete digest - CryptHashEnd2B(&hashState, &session->u2.policyDigest.b); - - return TPM_RC_SUCCESS; - } - } - // None of the values in the list matched the current policyDigest - return TPM_RCS_VALUE + RC_PolicyOR_pHashList; -} - -#endif // CC_PolicyOR \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyPCR.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyPCR.c deleted file mode 100644 index 53248f202..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyPCR.c +++ /dev/null @@ -1,125 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "PolicyPCR_fp.h" - -#if CC_PolicyPCR // Conditional expansion of this file - -/*(See part 3 specification) -// Add a PCR gate for a policy session -*/ -// Return Type: TPM_RC -// TPM_RC_VALUE if provided, 'pcrDigest' does not match the -// current PCR settings -// TPM_RC_PCR_CHANGED a previous TPM2_PolicyPCR() set -// pcrCounter and it has changed -TPM_RC -TPM2_PolicyPCR( - PolicyPCR_In *in // IN: input parameter list - ) -{ - SESSION *session; - TPM2B_DIGEST pcrDigest; - BYTE pcrs[sizeof(TPML_PCR_SELECTION)]; - UINT32 pcrSize; - BYTE *buffer; - TPM_CC commandCode = TPM_CC_PolicyPCR; - HASH_STATE hashState; - -// Input Validation - - // Get pointer to the session structure - session = SessionGet(in->policySession); - - // Compute current PCR digest - PCRComputeCurrentDigest(session->authHashAlg, &in->pcrs, &pcrDigest); - - // Do validation for non trial session - if(session->attributes.isTrialPolicy == CLEAR) - { - // Make sure that this is not going to invalidate a previous PCR check - if(session->pcrCounter != 0 && session->pcrCounter != gr.pcrCounter) - return TPM_RC_PCR_CHANGED; - - // If the caller specified the PCR digest and it does not - // match the current PCR settings, return an error.. - if(in->pcrDigest.t.size != 0) - { - if(!MemoryEqual2B(&in->pcrDigest.b, &pcrDigest.b)) - return TPM_RCS_VALUE + RC_PolicyPCR_pcrDigest; - } - } - else - { - // For trial session, just use the input PCR digest if one provided - // Note: It can't be too big because it is a TPM2B_DIGEST and the size - // would have been checked during unmarshaling - if(in->pcrDigest.t.size != 0) - pcrDigest = in->pcrDigest; - } -// Internal Data Update - // Update policy hash - // policyDigestnew = hash( policyDigestold || TPM_CC_PolicyPCR - // || PCRS || pcrDigest) - // Start hash - CryptHashStart(&hashState, session->authHashAlg); - - // add old digest - CryptDigestUpdate2B(&hashState, &session->u2.policyDigest.b); - - // add commandCode - CryptDigestUpdateInt(&hashState, sizeof(TPM_CC), commandCode); - - // add PCRS - buffer = pcrs; - pcrSize = TPML_PCR_SELECTION_Marshal(&in->pcrs, &buffer, NULL); - CryptDigestUpdate(&hashState, pcrSize, pcrs); - - // add PCR digest - CryptDigestUpdate2B(&hashState, &pcrDigest.b); - - // complete the hash and get the results - CryptHashEnd2B(&hashState, &session->u2.policyDigest.b); - - // update pcrCounter in session context for non trial session - if(session->attributes.isTrialPolicy == CLEAR) - { - session->pcrCounter = gr.pcrCounter; - } - - return TPM_RC_SUCCESS; -} - -#endif // CC_PolicyPCR \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyPassword.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyPassword.c deleted file mode 100644 index 310df5e31..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyPassword.c +++ /dev/null @@ -1,81 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "PolicyPassword_fp.h" - -#if CC_PolicyPassword // Conditional expansion of this file - -#include "Policy_spt_fp.h" - -/*(See part 3 specification) -// allows a policy to be bound to the authorization value of the authorized -// object -*/ -TPM_RC -TPM2_PolicyPassword( - PolicyPassword_In *in // IN: input parameter list - ) -{ - SESSION *session; - TPM_CC commandCode = TPM_CC_PolicyAuthValue; - HASH_STATE hashState; - -// Internal Data Update - - // Get pointer to the session structure - session = SessionGet(in->policySession); - - // Update policy hash - // policyDigestnew = hash(policyDigestold || TPM_CC_PolicyAuthValue) - // Start hash - CryptHashStart(&hashState, session->authHashAlg); - - // add old digest - CryptDigestUpdate2B(&hashState, &session->u2.policyDigest.b); - - // add commandCode - CryptDigestUpdateInt(&hashState, sizeof(TPM_CC), commandCode); - - // complete the digest - CryptHashEnd2B(&hashState, &session->u2.policyDigest.b); - - // Update isPasswordNeeded bit - session->attributes.isPasswordNeeded = SET; - session->attributes.isAuthValueNeeded = CLEAR; - - return TPM_RC_SUCCESS; -} - -#endif // CC_PolicyPassword \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyPhysicalPresence.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyPhysicalPresence.c deleted file mode 100644 index 23af572cd..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyPhysicalPresence.c +++ /dev/null @@ -1,78 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "PolicyPhysicalPresence_fp.h" - -#if CC_PolicyPhysicalPresence // Conditional expansion of this file - -/*(See part 3 specification) -// indicate that physical presence will need to be asserted at the time the -// authorization is performed -*/ -TPM_RC -TPM2_PolicyPhysicalPresence( - PolicyPhysicalPresence_In *in // IN: input parameter list - ) -{ - SESSION *session; - TPM_CC commandCode = TPM_CC_PolicyPhysicalPresence; - HASH_STATE hashState; - -// Internal Data Update - - // Get pointer to the session structure - session = SessionGet(in->policySession); - - // Update policy hash - // policyDigestnew = hash(policyDigestold || TPM_CC_PolicyPhysicalPresence) - // Start hash - CryptHashStart(&hashState, session->authHashAlg); - - // add old digest - CryptDigestUpdate2B(&hashState, &session->u2.policyDigest.b); - - // add commandCode - CryptDigestUpdateInt(&hashState, sizeof(TPM_CC), commandCode); - - // complete the digest - CryptHashEnd2B(&hashState, &session->u2.policyDigest.b); - - // update session attribute - session->attributes.isPPRequired = SET; - - return TPM_RC_SUCCESS; -} - -#endif // CC_PolicyPhysicalPresence \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicySecret.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicySecret.c deleted file mode 100644 index da6583eda..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicySecret.c +++ /dev/null @@ -1,128 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "PolicySecret_fp.h" - -#if CC_PolicySecret // Conditional expansion of this file - -#include "Policy_spt_fp.h" -#include "NV_spt_fp.h" - -/*(See part 3 specification) -// Add a secret-based authorization to the policy evaluation -*/ -// Return Type: TPM_RC -// TPM_RC_CPHASH cpHash for policy was previously set to a -// value that is not the same as 'cpHashA' -// TPM_RC_EXPIRED 'expiration' indicates a time in the past -// TPM_RC_NONCE 'nonceTPM' does not match the nonce associated -// with 'policySession' -// TPM_RC_SIZE 'cpHashA' is not the size of a digest for the -// hash associated with 'policySession' -TPM_RC -TPM2_PolicySecret( - PolicySecret_In *in, // IN: input parameter list - PolicySecret_Out *out // OUT: output parameter list - ) -{ - TPM_RC result; - SESSION *session; - TPM2B_NAME entityName; - UINT64 authTimeout = 0; -// Input Validation - // Get pointer to the session structure - session = SessionGet(in->policySession); - - //Only do input validation if this is not a trial policy session - if(session->attributes.isTrialPolicy == CLEAR) - { - authTimeout = ComputeAuthTimeout(session, in->expiration, &in->nonceTPM); - - result = PolicyParameterChecks(session, authTimeout, - &in->cpHashA, &in->nonceTPM, - RC_PolicySecret_nonceTPM, - RC_PolicySecret_cpHashA, - RC_PolicySecret_expiration); - if(result != TPM_RC_SUCCESS) - return result; - } -// Internal Data Update - // Update policy context with input policyRef and name of authorizing key - // This value is computed even for trial sessions. Possibly update the cpHash - PolicyContextUpdate(TPM_CC_PolicySecret, - EntityGetName(in->authHandle, &entityName), &in->policyRef, - &in->cpHashA, authTimeout, session); -// Command Output - // Create ticket and timeout buffer if in->expiration < 0 and this is not - // a trial session. - // NOTE: PolicyParameterChecks() makes sure that nonceTPM is present - // when expiration is non-zero. - if(in->expiration < 0 - && session->attributes.isTrialPolicy == CLEAR - && !NvIsPinPassIndex(in->authHandle)) - { - BOOL expiresOnReset = (in->nonceTPM.t.size == 0); - // Compute policy ticket - authTimeout &= ~EXPIRATION_BIT; - TicketComputeAuth(TPM_ST_AUTH_SECRET, EntityGetHierarchy(in->authHandle), - authTimeout, expiresOnReset, &in->cpHashA, &in->policyRef, - &entityName, &out->policyTicket); - // Generate timeout buffer. The format of output timeout buffer is - // TPM-specific. - // Note: In this implementation, the timeout buffer value is computed after - // the ticket is produced so, when the ticket is checked, the expiration - // flag needs to be extracted before the ticket is checked. - out->timeout.t.size = sizeof(authTimeout); - // In the Windows compatible version, the least-significant bit of the - // timeout value is used as a flag to indicate if the authorization expires - // on reset. The flag is the MSb. - if(expiresOnReset) - authTimeout |= EXPIRATION_BIT; - UINT64_TO_BYTE_ARRAY(authTimeout, out->timeout.t.buffer); - } - else - { - // timeout buffer is null - out->timeout.t.size = 0; - - // authorization ticket is null - out->policyTicket.tag = TPM_ST_AUTH_SECRET; - out->policyTicket.hierarchy = TPM_RH_NULL; - out->policyTicket.digest.t.size = 0; - } - return TPM_RC_SUCCESS; -} - -#endif // CC_PolicySecret \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicySigned.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicySigned.c deleted file mode 100644 index 1928da6d9..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicySigned.c +++ /dev/null @@ -1,180 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "Policy_spt_fp.h" -#include "PolicySigned_fp.h" - -#if CC_PolicySigned // Conditional expansion of this file - -/*(See part 3 specification) -// Include an asymmetrically signed authorization to the policy evaluation -*/ -// Return Type: TPM_RC -// TPM_RC_CPHASH cpHash was previously set to a different value -// TPM_RC_EXPIRED 'expiration' indicates a time in the past or -// 'expiration' is non-zero but no nonceTPM is present -// TPM_RC_NONCE 'nonceTPM' is not the nonce associated with the -// 'policySession' -// TPM_RC_SCHEME the signing scheme of 'auth' is not supported by the -// TPM -// TPM_RC_SIGNATURE the signature is not genuine -// TPM_RC_SIZE input cpHash has wrong size -TPM_RC -TPM2_PolicySigned( - PolicySigned_In *in, // IN: input parameter list - PolicySigned_Out *out // OUT: output parameter list - ) -{ - TPM_RC result = TPM_RC_SUCCESS; - SESSION *session; - TPM2B_NAME entityName; - TPM2B_DIGEST authHash; - HASH_STATE hashState; - UINT64 authTimeout = 0; -// Input Validation - // Set up local pointers - session = SessionGet(in->policySession); // the session structure - - // Only do input validation if this is not a trial policy session - if(session->attributes.isTrialPolicy == CLEAR) - { - authTimeout = ComputeAuthTimeout(session, in->expiration, &in->nonceTPM); - - result = PolicyParameterChecks(session, authTimeout, - &in->cpHashA, &in->nonceTPM, - RC_PolicySigned_nonceTPM, - RC_PolicySigned_cpHashA, - RC_PolicySigned_expiration); - if(result != TPM_RC_SUCCESS) - return result; - // Re-compute the digest being signed - /*(See part 3 specification) - // The digest is computed as: - // aHash := hash ( nonceTPM | expiration | cpHashA | policyRef) - // where: - // hash() the hash associated with the signed authorization - // nonceTPM the nonceTPM value from the TPM2_StartAuthSession . - // response If the authorization is not limited to this - // session, the size of this value is zero. - // expiration time limit on authorization set by authorizing object. - // This 32-bit value is set to zero if the expiration - // time is not being set. - // cpHashA hash of the command parameters for the command being - // approved using the hash algorithm of the PSAP session. - // Set to NULLauth if the authorization is not limited - // to a specific command. - // policyRef hash of an opaque value determined by the authorizing - // object. Set to the NULLdigest if no hash is present. - */ - // Start hash - authHash.t.size = CryptHashStart(&hashState, - CryptGetSignHashAlg(&in->auth)); - // If there is no digest size, then we don't have a verification function - // for this algorithm (e.g. TPM_ALG_ECDAA) so indicate that it is a - // bad scheme. - if(authHash.t.size == 0) - return TPM_RCS_SCHEME + RC_PolicySigned_auth; - - // nonceTPM - CryptDigestUpdate2B(&hashState, &in->nonceTPM.b); - - // expiration - CryptDigestUpdateInt(&hashState, sizeof(UINT32), in->expiration); - - // cpHashA - CryptDigestUpdate2B(&hashState, &in->cpHashA.b); - - // policyRef - CryptDigestUpdate2B(&hashState, &in->policyRef.b); - - // Complete digest - CryptHashEnd2B(&hashState, &authHash.b); - - // Validate Signature. A TPM_RC_SCHEME, TPM_RC_HANDLE or TPM_RC_SIGNATURE - // error may be returned at this point - result = CryptValidateSignature(in->authObject, &authHash, &in->auth); - if(result != TPM_RC_SUCCESS) - return RcSafeAddToResult(result, RC_PolicySigned_auth); - } -// Internal Data Update - // Update policy with input policyRef and name of authorization key - // These values are updated even if the session is a trial session - PolicyContextUpdate(TPM_CC_PolicySigned, - EntityGetName(in->authObject, &entityName), - &in->policyRef, - &in->cpHashA, authTimeout, session); -// Command Output - // Create ticket and timeout buffer if in->expiration < 0 and this is not - // a trial session. - // NOTE: PolicyParameterChecks() makes sure that nonceTPM is present - // when expiration is non-zero. - if(in->expiration < 0 - && session->attributes.isTrialPolicy == CLEAR) - { - BOOL expiresOnReset = (in->nonceTPM.t.size == 0); - // Compute policy ticket - authTimeout &= ~EXPIRATION_BIT; - - TicketComputeAuth(TPM_ST_AUTH_SIGNED, EntityGetHierarchy(in->authObject), - authTimeout, expiresOnReset, &in->cpHashA, &in->policyRef, - &entityName, &out->policyTicket); - // Generate timeout buffer. The format of output timeout buffer is - // TPM-specific. - // Note: In this implementation, the timeout buffer value is computed after - // the ticket is produced so, when the ticket is checked, the expiration - // flag needs to be extracted before the ticket is checked. - // In the Windows compatible version, the least-significant bit of the - // timeout value is used as a flag to indicate if the authorization expires - // on reset. The flag is the MSb. - out->timeout.t.size = sizeof(authTimeout); - if(expiresOnReset) - authTimeout |= EXPIRATION_BIT; - UINT64_TO_BYTE_ARRAY(authTimeout, out->timeout.t.buffer); - } - else - { - // Generate a null ticket. - // timeout buffer is null - out->timeout.t.size = 0; - - // authorization ticket is null - out->policyTicket.tag = TPM_ST_AUTH_SIGNED; - out->policyTicket.hierarchy = TPM_RH_NULL; - out->policyTicket.digest.t.size = 0; - } - return TPM_RC_SUCCESS; -} - -#endif // CC_PolicySigned \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyTemplate.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyTemplate.c deleted file mode 100644 index 38be244e0..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyTemplate.c +++ /dev/null @@ -1,103 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "PolicyTemplate_fp.h" - -#if CC_PolicyTemplate // Conditional expansion of this file - -/*(See part 3 specification) -// Add a cpHash restriction to the policyDigest -*/ -// Return Type: TPM_RC -// TPM_RC_CPHASH cpHash of 'policySession' has previously been set -// to a different value -// TPM_RC_SIZE 'templateHash' is not the size of a digest produced -// by the hash algorithm associated with -// 'policySession' -TPM_RC -TPM2_PolicyTemplate( - PolicyTemplate_In *in // IN: input parameter list - ) -{ - SESSION *session; - TPM_CC commandCode = TPM_CC_PolicyTemplate; - HASH_STATE hashState; - -// Input Validation - - // Get pointer to the session structure - session = SessionGet(in->policySession); - - // If the template is set, make sure that it is the same as the input value - if(session->attributes.isTemplateSet) - { - if(!MemoryEqual2B(&in->templateHash.b, &session->u1.cpHash.b)) - return TPM_RCS_VALUE + RC_PolicyTemplate_templateHash; - } - // error if cpHash contains something that is not a template - else if(session->u1.templateHash.t.size != 0) - return TPM_RC_CPHASH; - - // A valid templateHash must have the same size as session hash digest - if(in->templateHash.t.size != CryptHashGetDigestSize(session->authHashAlg)) - return TPM_RCS_SIZE + RC_PolicyTemplate_templateHash; - -// Internal Data Update - // Update policy hash - // policyDigestnew = hash(policyDigestold || TPM_CC_PolicyCpHash - // || cpHashA.buffer) - // Start hash - CryptHashStart(&hashState, session->authHashAlg); - - // add old digest - CryptDigestUpdate2B(&hashState, &session->u2.policyDigest.b); - - // add commandCode - CryptDigestUpdateInt(&hashState, sizeof(TPM_CC), commandCode); - - // add cpHashA - CryptDigestUpdate2B(&hashState, &in->templateHash.b); - - // complete the digest and get the results - CryptHashEnd2B(&hashState, &session->u2.policyDigest.b); - - // update cpHash in session context - session->u1.templateHash = in->templateHash; - session->attributes.isTemplateSet = SET; - - return TPM_RC_SUCCESS; -} - -#endif // CC_PolicyTemplateHash \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyTicket.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyTicket.c deleted file mode 100644 index b19aec4e0..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyTicket.c +++ /dev/null @@ -1,128 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "PolicyTicket_fp.h" - -#if CC_PolicyTicket // Conditional expansion of this file - -#include "Policy_spt_fp.h" - -/*(See part 3 specification) -// Include ticket to the policy evaluation -*/ -// Return Type: TPM_RC -// TPM_RC_CPHASH policy's cpHash was previously set to a different -// value -// TPM_RC_EXPIRED 'timeout' value in the ticket is in the past and the -// ticket has expired -// TPM_RC_SIZE 'timeout' or 'cpHash' has invalid size for the -// TPM_RC_TICKET 'ticket' is not valid -TPM_RC -TPM2_PolicyTicket( - PolicyTicket_In *in // IN: input parameter list - ) -{ - TPM_RC result; - SESSION *session; - UINT64 authTimeout; - TPMT_TK_AUTH ticketToCompare; - TPM_CC commandCode = TPM_CC_PolicySecret; - BOOL expiresOnReset; - -// Input Validation - - // Get pointer to the session structure - session = SessionGet(in->policySession); - - // NOTE: A trial policy session is not allowed to use this command. - // A ticket is used in place of a previously given authorization. Since - // a trial policy doesn't actually authenticate, the validated - // ticket is not necessary and, in place of using a ticket, one - // should use the intended authorization for which the ticket - // would be a substitute. - if(session->attributes.isTrialPolicy) - return TPM_RCS_ATTRIBUTES + RC_PolicyTicket_policySession; - // Restore timeout data. The format of timeout buffer is TPM-specific. - // In this implementation, the most significant bit of the timeout value is - // used as the flag to indicate that the ticket expires on TPM Reset or - // TPM Restart. The flag has to be removed before the parameters and ticket - // are checked. - if(in->timeout.t.size != sizeof(UINT64)) - return TPM_RCS_SIZE + RC_PolicyTicket_timeout; - authTimeout = BYTE_ARRAY_TO_UINT64(in->timeout.t.buffer); - - // extract the flag - expiresOnReset = (authTimeout & EXPIRATION_BIT) != 0; - authTimeout &= ~EXPIRATION_BIT; - - // Do the normal checks on the cpHashA and timeout values - result = PolicyParameterChecks(session, authTimeout, - &in->cpHashA, - NULL, // no nonce - 0, // no bad nonce return - RC_PolicyTicket_cpHashA, - RC_PolicyTicket_timeout); - if(result != TPM_RC_SUCCESS) - return result; - // Validate Ticket - // Re-generate policy ticket by input parameters - TicketComputeAuth(in->ticket.tag, in->ticket.hierarchy, - authTimeout, expiresOnReset, &in->cpHashA, &in->policyRef, - &in->authName, &ticketToCompare); - // Compare generated digest with input ticket digest - if(!MemoryEqual2B(&in->ticket.digest.b, &ticketToCompare.digest.b)) - return TPM_RCS_TICKET + RC_PolicyTicket_ticket; - -// Internal Data Update - - // Is this ticket to take the place of a TPM2_PolicySigned() or - // a TPM2_PolicySecret()? - if(in->ticket.tag == TPM_ST_AUTH_SIGNED) - commandCode = TPM_CC_PolicySigned; - else if(in->ticket.tag == TPM_ST_AUTH_SECRET) - commandCode = TPM_CC_PolicySecret; - else - // There could only be two possible tag values. Any other value should - // be caught by the ticket validation process. - FAIL(FATAL_ERROR_INTERNAL); - - // Update policy context - PolicyContextUpdate(commandCode, &in->authName, &in->policyRef, - &in->cpHashA, authTimeout, session); - - return TPM_RC_SUCCESS; -} - -#endif // CC_PolicyTicket \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/Policy_spt.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/Policy_spt.c deleted file mode 100644 index 255dc7ead..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/Policy_spt.c +++ /dev/null @@ -1,290 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Includes -#include "Tpm.h" -#include "Policy_spt_fp.h" -#include "PolicySigned_fp.h" -#include "PolicySecret_fp.h" -#include "PolicyTicket_fp.h" - -//** Functions -//*** PolicyParameterChecks() -// This function validates the common parameters of TPM2_PolicySiged() -// and TPM2_PolicySecret(). The common parameters are 'nonceTPM', -// 'expiration', and 'cpHashA'. -TPM_RC -PolicyParameterChecks( - SESSION *session, - UINT64 authTimeout, - TPM2B_DIGEST *cpHashA, - TPM2B_NONCE *nonce, - TPM_RC blameNonce, - TPM_RC blameCpHash, - TPM_RC blameExpiration - ) -{ - // Validate that input nonceTPM is correct if present - if(nonce != NULL && nonce->t.size != 0) - { - if(!MemoryEqual2B(&nonce->b, &session->nonceTPM.b)) - return TPM_RCS_NONCE + blameNonce; - } - // If authTimeout is set (expiration != 0... - if(authTimeout != 0) - { - // Validate input expiration. - // Cannot compare time if clock stop advancing. A TPM_RC_NV_UNAVAILABLE - // or TPM_RC_NV_RATE error may be returned here. - RETURN_IF_NV_IS_NOT_AVAILABLE; - - // if the time has already passed or the time epoch has changed then the - // time value is no longer good. - if((authTimeout < g_time) - || (session->epoch != g_timeEpoch)) - return TPM_RCS_EXPIRED + blameExpiration; - } - // If the cpHash is present, then check it - if(cpHashA != NULL && cpHashA->t.size != 0) - { - // The cpHash input has to have the correct size - if(cpHashA->t.size != session->u2.policyDigest.t.size) - return TPM_RCS_SIZE + blameCpHash; - - // If the cpHash has already been set, then this input value - // must match the current value. - if(session->u1.cpHash.b.size != 0 - && !MemoryEqual2B(&cpHashA->b, &session->u1.cpHash.b)) - return TPM_RC_CPHASH; - } - return TPM_RC_SUCCESS; -} - -//*** PolicyContextUpdate() -// Update policy hash -// Update the policyDigest in policy session by extending policyRef and -// objectName to it. This will also update the cpHash if it is present. -// Return Type: void -void -PolicyContextUpdate( - TPM_CC commandCode, // IN: command code - TPM2B_NAME *name, // IN: name of entity - TPM2B_NONCE *ref, // IN: the reference data - TPM2B_DIGEST *cpHash, // IN: the cpHash (optional) - UINT64 policyTimeout, // IN: the timeout value for the policy - SESSION *session // IN/OUT: policy session to be updated - ) -{ - HASH_STATE hashState; - - // Start hash - CryptHashStart(&hashState, session->authHashAlg); - - - // policyDigest size should always be the digest size of session hash algorithm. - pAssert(session->u2.policyDigest.t.size - == CryptHashGetDigestSize(session->authHashAlg)); - - // add old digest - CryptDigestUpdate2B(&hashState, &session->u2.policyDigest.b); - - // add commandCode - CryptDigestUpdateInt(&hashState, sizeof(commandCode), commandCode); - - // add name if applicable - if(name != NULL) - CryptDigestUpdate2B(&hashState, &name->b); - - // Complete the digest and get the results - CryptHashEnd2B(&hashState, &session->u2.policyDigest.b); - - // If the policy reference is not null, do a second update to the digest. - if(ref != NULL) - { - - // Start second hash computation - CryptHashStart(&hashState, session->authHashAlg); - - // add policyDigest - CryptDigestUpdate2B(&hashState, &session->u2.policyDigest.b); - - // add policyRef - CryptDigestUpdate2B(&hashState, &ref->b); - - // Complete second digest - CryptHashEnd2B(&hashState, &session->u2.policyDigest.b); - } - // Deal with the cpHash. If the cpHash value is present - // then it would have already been checked to make sure that - // it is compatible with the current value so all we need - // to do here is copy it and set the isCpHashDefined attribute - if(cpHash != NULL && cpHash->t.size != 0) - { - session->u1.cpHash = *cpHash; - session->attributes.isCpHashDefined = SET; - } - - // update the timeout if it is specified - if(policyTimeout != 0) - { - // If the timeout has not been set, then set it to the new value - // than the current timeout then set it to the new value - if(session->timeout == 0 || session->timeout > policyTimeout) - session->timeout = policyTimeout; - } - return; -} -//*** ComputeAuthTimeout() -// This function is used to determine what the authorization timeout value for -// the session should be. -UINT64 -ComputeAuthTimeout( - SESSION *session, // IN: the session containing the time - // values - INT32 expiration, // IN: either the number of seconds from - // the start of the session or the - // time in g_timer; - TPM2B_NONCE *nonce // IN: indicator of the time base - ) -{ - UINT64 policyTime; - // If no expiration, policy time is 0 - if(expiration == 0) - policyTime = 0; - else - { - if(expiration < 0) - expiration = -expiration; - if(nonce->t.size == 0) - // The input time is absolute Time (not Clock), but it is expressed - // in seconds. To make sure that we don't time out too early, take the - // current value of milliseconds in g_time and add that to the input - // seconds value. - policyTime = (((UINT64)expiration) * 1000) + g_time % 1000; - else - // The policy timeout is the absolute value of the expiration in seconds - // added to the start time of the policy. - policyTime = session->startTime + (((UINT64)expiration) * 1000); - - } - return policyTime; -} - -//*** PolicyDigestClear() -// Function to reset the policyDigest of a session -void -PolicyDigestClear( - SESSION *session - ) -{ - session->u2.policyDigest.t.size = CryptHashGetDigestSize(session->authHashAlg); - MemorySet(session->u2.policyDigest.t.buffer, 0, - session->u2.policyDigest.t.size); -} - -BOOL -PolicySptCheckCondition( - TPM_EO operation, - BYTE *opA, - BYTE *opB, - UINT16 size - ) -{ - // Arithmetic Comparison - switch(operation) - { - case TPM_EO_EQ: - // compare A = B - return (UnsignedCompareB(size, opA, size, opB) == 0); - break; - case TPM_EO_NEQ: - // compare A != B - return (UnsignedCompareB(size, opA, size, opB) != 0); - break; - case TPM_EO_SIGNED_GT: - // compare A > B signed - return (SignedCompareB(size, opA, size, opB) > 0); - break; - case TPM_EO_UNSIGNED_GT: - // compare A > B unsigned - return (UnsignedCompareB(size, opA, size, opB) > 0); - break; - case TPM_EO_SIGNED_LT: - // compare A < B signed - return (SignedCompareB(size, opA, size, opB) < 0); - break; - case TPM_EO_UNSIGNED_LT: - // compare A < B unsigned - return (UnsignedCompareB(size, opA, size, opB) < 0); - break; - case TPM_EO_SIGNED_GE: - // compare A >= B signed - return (SignedCompareB(size, opA, size, opB) >= 0); - break; - case TPM_EO_UNSIGNED_GE: - // compare A >= B unsigned - return (UnsignedCompareB(size, opA, size, opB) >= 0); - break; - case TPM_EO_SIGNED_LE: - // compare A <= B signed - return (SignedCompareB(size, opA, size, opB) <= 0); - break; - case TPM_EO_UNSIGNED_LE: - // compare A <= B unsigned - return (UnsignedCompareB(size, opA, size, opB) <= 0); - break; - case TPM_EO_BITSET: - // All bits SET in B are SET in A. ((A&B)=B) - { - UINT32 i; - for(i = 0; i < size; i++) - if((opA[i] & opB[i]) != opB[i]) - return FALSE; - } - break; - case TPM_EO_BITCLEAR: - // All bits SET in B are CLEAR in A. ((A&B)=0) - { - UINT32 i; - for(i = 0; i < size; i++) - if((opA[i] & opB[i]) != 0) - return FALSE; - } - break; - default: - FAIL(FATAL_ERROR_INTERNAL); - break; - } - return TRUE; -} diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Ecdaa/Commit.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Ecdaa/Commit.c deleted file mode 100644 index 40203c2cf..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Ecdaa/Commit.c +++ /dev/null @@ -1,169 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "Commit_fp.h" - -#if CC_Commit // Conditional expansion of this file - -/*(See part 3 specification) -// This command performs the point multiply operations for anonymous signing -// scheme. -*/ -// Return Type: TPM_RC -// TPM_RC_ATTRIBUTES 'keyHandle' references a restricted key that is not a -// signing key -// TPM_RC_ECC_POINT either 'P1' or the point derived from 's2' is not on -// the curve of 'keyHandle' -// TPM_RC_HASH invalid name algorithm in 'keyHandle' -// TPM_RC_KEY 'keyHandle' does not reference an ECC key -// TPM_RC_SCHEME the scheme of 'keyHandle' is not an anonymous scheme -// TPM_RC_NO_RESULT 'K', 'L' or 'E' was a point at infinity; or -// failed to generate "r" value -// TPM_RC_SIZE 's2' is empty but 'y2' is not or 's2' provided but -// 'y2' is not -TPM_RC -TPM2_Commit( - Commit_In *in, // IN: input parameter list - Commit_Out *out // OUT: output parameter list - ) -{ - OBJECT *eccKey; - TPMS_ECC_POINT P2; - TPMS_ECC_POINT *pP2 = NULL; - TPMS_ECC_POINT *pP1 = NULL; - TPM2B_ECC_PARAMETER r; - TPM2B_ECC_PARAMETER p; - TPM_RC result; - TPMS_ECC_PARMS *parms; - -// Input Validation - - eccKey = HandleToObject(in->signHandle); - parms = &eccKey->publicArea.parameters.eccDetail; - - // Input key must be an ECC key - if(eccKey->publicArea.type != TPM_ALG_ECC) - return TPM_RCS_KEY + RC_Commit_signHandle; - - // This command may only be used with a sign-only key using an anonymous - // scheme. - // NOTE: a sign + decrypt key has no scheme so it will not be an anonymous one - // and an unrestricted sign key might no have a signing scheme but it can't - // be use in Commit() - if(!CryptIsSchemeAnonymous(parms->scheme.scheme)) - return TPM_RCS_SCHEME + RC_Commit_signHandle; - -// Make sure that both parts of P2 are present if either is present - if((in->s2.t.size == 0) != (in->y2.t.size == 0)) - return TPM_RCS_SIZE + RC_Commit_y2; - - // Get prime modulus for the curve. This is needed later but getting this now - // allows confirmation that the curve exists. - if(!CryptEccGetParameter(&p, 'p', parms->curveID)) - return TPM_RCS_KEY + RC_Commit_signHandle; - - // Get the random value that will be used in the point multiplications - // Note: this does not commit the count. - if(!CryptGenerateR(&r, NULL, parms->curveID, &eccKey->name)) - return TPM_RC_NO_RESULT; - - // Set up P2 if s2 and Y2 are provided - if(in->s2.t.size != 0) - { - TPM2B_DIGEST x2; - - pP2 = &P2; - - // copy y2 for P2 - P2.y = in->y2; - - // Compute x2 HnameAlg(s2) mod p - // do the hash operation on s2 with the size of curve 'p' - x2.t.size = CryptHashBlock(eccKey->publicArea.nameAlg, - in->s2.t.size, - in->s2.t.buffer, - sizeof(x2.t.buffer), - x2.t.buffer); - - // If there were error returns in the hash routine, indicate a problem - // with the hash algorithm selection - if(x2.t.size == 0) - return TPM_RCS_HASH + RC_Commit_signHandle; - // The size of the remainder will be same as the size of p. DivideB() will - // pad the results (leading zeros) if necessary to make the size the same - P2.x.t.size = p.t.size; - // set p2.x = hash(s2) mod p - if(DivideB(&x2.b, &p.b, NULL, &P2.x.b) != TPM_RC_SUCCESS) - return TPM_RC_NO_RESULT; - - if(!CryptEccIsPointOnCurve(parms->curveID, pP2)) - return TPM_RCS_ECC_POINT + RC_Commit_s2; - - if(eccKey->attributes.publicOnly == SET) - return TPM_RCS_KEY + RC_Commit_signHandle; - } - // If there is a P1, make sure that it is on the curve - // NOTE: an "empty" point has two UINT16 values which are the size values - // for each of the coordinates. - if(in->P1.size > 4) - { - pP1 = &in->P1.point; - if(!CryptEccIsPointOnCurve(parms->curveID, pP1)) - return TPM_RCS_ECC_POINT + RC_Commit_P1; - } - - // Pass the parameters to CryptCommit. - // The work is not done in-line because it does several point multiplies - // with the same curve. It saves work by not having to reload the curve - // parameters multiple times. - result = CryptEccCommitCompute(&out->K.point, - &out->L.point, - &out->E.point, - parms->curveID, - pP1, - pP2, - &eccKey->sensitive.sensitive.ecc, - &r); - if(result != TPM_RC_SUCCESS) - return result; - - // The commit computation was successful so complete the commit by setting - // the bit - out->counter = CryptCommit(); - - return TPM_RC_SUCCESS; -} - -#endif // CC_Commit \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/FieldUpgrade/FieldUpgradeData.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/FieldUpgrade/FieldUpgradeData.c deleted file mode 100644 index 18f537da8..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/FieldUpgrade/FieldUpgradeData.c +++ /dev/null @@ -1,53 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "FieldUpgradeData_fp.h" -#if CC_FieldUpgradeData // Conditional expansion of this file - -/*(See part 3 specification) -// FieldUpgradeData -*/ -TPM_RC -TPM2_FieldUpgradeData( - FieldUpgradeData_In *in, // IN: input parameter list - FieldUpgradeData_Out *out // OUT: output parameter list - ) -{ - // Not implemented - UNUSED_PARAMETER(in); - UNUSED_PARAMETER(out); - return TPM_RC_SUCCESS; -} -#endif \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/FieldUpgrade/FieldUpgradeStart.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/FieldUpgrade/FieldUpgradeStart.c deleted file mode 100644 index f4f89b14a..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/FieldUpgrade/FieldUpgradeStart.c +++ /dev/null @@ -1,51 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "FieldUpgradeStart_fp.h" -#if CC_FieldUpgradeStart // Conditional expansion of this file - -/*(See part 3 specification) -// FieldUpgradeStart -*/ -TPM_RC -TPM2_FieldUpgradeStart( - FieldUpgradeStart_In *in // IN: input parameter list - ) -{ - // Not implemented - UNUSED_PARAMETER(in); - return TPM_RC_SUCCESS; -} -#endif \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/FieldUpgrade/FirmwareRead.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/FieldUpgrade/FirmwareRead.c deleted file mode 100644 index 810483dba..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/FieldUpgrade/FirmwareRead.c +++ /dev/null @@ -1,55 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "FirmwareRead_fp.h" - -#if CC_FirmwareRead // Conditional expansion of this file - -/*(See part 3 specification) -// FirmwareRead -*/ -TPM_RC -TPM2_FirmwareRead( - FirmwareRead_In *in, // IN: input parameter list - FirmwareRead_Out *out // OUT: output parameter list - ) -{ - // Not implemented - UNUSED_PARAMETER(in); - UNUSED_PARAMETER(out); - return TPM_RC_SUCCESS; -} - -#endif // CC_FirmwareRead \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/HashHMAC/EventSequenceComplete.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/HashHMAC/EventSequenceComplete.c deleted file mode 100644 index 5a1e79017..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/HashHMAC/EventSequenceComplete.c +++ /dev/null @@ -1,109 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "EventSequenceComplete_fp.h" - -#if CC_EventSequenceComplete // Conditional expansion of this file - -/*(See part 3 specification) - Complete an event sequence and flush the object. -*/ -// Return Type: TPM_RC -// TPM_RC_LOCALITY PCR extension is not allowed at the current locality -// TPM_RC_MODE input handle is not a valid event sequence object -TPM_RC -TPM2_EventSequenceComplete( - EventSequenceComplete_In *in, // IN: input parameter list - EventSequenceComplete_Out *out // OUT: output parameter list - ) -{ - HASH_OBJECT *hashObject; - UINT32 i; - TPM_ALG_ID hashAlg; -// Input validation - // get the event sequence object pointer - hashObject = (HASH_OBJECT *)HandleToObject(in->sequenceHandle); - - // input handle must reference an event sequence object - if(hashObject->attributes.eventSeq != SET) - return TPM_RCS_MODE + RC_EventSequenceComplete_sequenceHandle; - - // see if a PCR extend is requested in call - if(in->pcrHandle != TPM_RH_NULL) - { - // see if extend of the PCR is allowed at the locality of the command, - if(!PCRIsExtendAllowed(in->pcrHandle)) - return TPM_RC_LOCALITY; - // if an extend is going to take place, then check to see if there has - // been an orderly shutdown. If so, and the selected PCR is one of the - // state saved PCR, then the orderly state has to change. The orderly state - // does not change for PCR that are not preserved. - // NOTE: This doesn't just check for Shutdown(STATE) because the orderly - // state will have to change if this is a state-saved PCR regardless - // of the current state. This is because a subsequent Shutdown(STATE) will - // check to see if there was an orderly shutdown and not do anything if - // there was. So, this must indicate that a future Shutdown(STATE) has - // something to do. - if(PCRIsStateSaved(in->pcrHandle)) - RETURN_IF_ORDERLY; - } -// Command Output - out->results.count = 0; - - for(i = 0; i < HASH_COUNT; i++) - { - hashAlg = CryptHashGetAlgByIndex(i); - // Update last piece of data - CryptDigestUpdate2B(&hashObject->state.hashState[i], &in->buffer.b); - // Complete hash - out->results.digests[out->results.count].hashAlg = hashAlg; - CryptHashEnd(&hashObject->state.hashState[i], - CryptHashGetDigestSize(hashAlg), - (BYTE *)&out->results.digests[out->results.count].digest); - // Extend PCR - if(in->pcrHandle != TPM_RH_NULL) - PCRExtend(in->pcrHandle, hashAlg, - CryptHashGetDigestSize(hashAlg), - (BYTE *)&out->results.digests[out->results.count].digest); - out->results.count++; - } -// Internal Data Update - // mark sequence object as evict so it will be flushed on the way out - hashObject->attributes.evict = SET; - - return TPM_RC_SUCCESS; -} - -#endif // CC_EventSequenceComplete \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/HashHMAC/HMAC_Start.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/HashHMAC/HMAC_Start.c deleted file mode 100644 index 518348dd9..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/HashHMAC/HMAC_Start.c +++ /dev/null @@ -1,105 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "HMAC_Start_fp.h" - -#if CC_HMAC_Start // Conditional expansion of this file - -/*(See part 3 specification) -// Initialize a HMAC sequence and create a sequence object -*/ -// Return Type: TPM_RC -// TPM_RC_ATTRIBUTES key referenced by 'handle' is not a signing key -// or is restricted -// TPM_RC_OBJECT_MEMORY no space to create an internal object -// TPM_RC_KEY key referenced by 'handle' is not an HMAC key -// TPM_RC_VALUE 'hashAlg' is not compatible with the hash algorithm -// of the scheme of the object referenced by 'handle' -TPM_RC -TPM2_HMAC_Start( - HMAC_Start_In *in, // IN: input parameter list - HMAC_Start_Out *out // OUT: output parameter list - ) -{ - OBJECT *keyObject; - TPMT_PUBLIC *publicArea; - TPM_ALG_ID hashAlg; - -// Input Validation - - // Get HMAC key object and public area pointers - keyObject = HandleToObject(in->handle); - publicArea = &keyObject->publicArea; - - // Make sure that the key is an HMAC key - if(publicArea->type != TPM_ALG_KEYEDHASH) - return TPM_RCS_TYPE + RC_HMAC_Start_handle; - - // and that it is unrestricted - if(IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, restricted)) - return TPM_RCS_ATTRIBUTES + RC_HMAC_Start_handle; - - // and that it is a signing key - if(!IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, sign)) - return TPM_RCS_KEY + RC_HMAC_Start_handle; - - // See if the key has a default - if(publicArea->parameters.keyedHashDetail.scheme.scheme == TPM_ALG_NULL) - // it doesn't so use the input value - hashAlg = in->hashAlg; - else - { - // key has a default so use it - hashAlg - = publicArea->parameters.keyedHashDetail.scheme.details.hmac.hashAlg; - // and verify that the input was either the TPM_ALG_NULL or the default - if(in->hashAlg != TPM_ALG_NULL && in->hashAlg != hashAlg) - hashAlg = TPM_ALG_NULL; - } - // if we ended up without a hash algorithm then return an error - if(hashAlg == TPM_ALG_NULL) - return TPM_RCS_VALUE + RC_HMAC_Start_hashAlg; - -// Internal Data Update - - // Create a HMAC sequence object. A TPM_RC_OBJECT_MEMORY error may be - // returned at this point - return ObjectCreateHMACSequence(hashAlg, - keyObject, - &in->auth, - &out->sequenceHandle); -} - -#endif // CC_HMAC_Start \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/HashHMAC/HashSequenceStart.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/HashHMAC/HashSequenceStart.c deleted file mode 100644 index 296363231..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/HashHMAC/HashSequenceStart.c +++ /dev/null @@ -1,63 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "HashSequenceStart_fp.h" - -#if CC_HashSequenceStart // Conditional expansion of this file - -/*(See part 3 specification) -// Start a hash or an event sequence -*/ -// Return Type: TPM_RC -// TPM_RC_OBJECT_MEMORY no space to create an internal object -TPM_RC -TPM2_HashSequenceStart( - HashSequenceStart_In *in, // IN: input parameter list - HashSequenceStart_Out *out // OUT: output parameter list - ) -{ -// Internal Data Update - - if(in->hashAlg == TPM_ALG_NULL) - // Start a event sequence. A TPM_RC_OBJECT_MEMORY error may be - // returned at this point - return ObjectCreateEventSequence(&in->auth, &out->sequenceHandle); - - // Start a hash sequence. A TPM_RC_OBJECT_MEMORY error may be - // returned at this point - return ObjectCreateHashSequence(in->hashAlg, &in->auth, &out->sequenceHandle); -} - -#endif // CC_HashSequenceStart \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/HashHMAC/MAC_Start.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/HashHMAC/MAC_Start.c deleted file mode 100644 index 42abe1fee..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/HashHMAC/MAC_Start.c +++ /dev/null @@ -1,92 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "MAC_Start_fp.h" - -#if CC_MAC_Start // Conditional expansion of this file - -/*(See part 3 specification) -// Initialize a HMAC sequence and create a sequence object -*/ -// Return Type: TPM_RC -// TPM_RC_ATTRIBUTES key referenced by 'handle' is not a signing key -// or is restricted -// TPM_RC_OBJECT_MEMORY no space to create an internal object -// TPM_RC_KEY key referenced by 'handle' is not an HMAC key -// TPM_RC_VALUE 'hashAlg' is not compatible with the hash algorithm -// of the scheme of the object referenced by 'handle' -TPM_RC -TPM2_MAC_Start( - MAC_Start_In *in, // IN: input parameter list - MAC_Start_Out *out // OUT: output parameter list - ) -{ - OBJECT *keyObject; - TPMT_PUBLIC *publicArea; - TPM_RC result; - -// Input Validation - - // Get HMAC key object and public area pointers - keyObject = HandleToObject(in->handle); - publicArea = &keyObject->publicArea; - - // Make sure that the key can do what is required - result = CryptSelectMac(publicArea, &in->inScheme); - // If the key is not able to do a MAC, indicate that the handle selects an - // object that can't do a MAC - if(result == TPM_RCS_TYPE) - return TPM_RCS_TYPE + RC_MAC_Start_handle; - // If there is another error type, indicate that the scheme and key are not - // compatible - if(result != TPM_RC_SUCCESS) - return RcSafeAddToResult(result, RC_MAC_Start_inScheme); - // Make sure that the key is not restricted - if(IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, restricted)) - return TPM_RCS_ATTRIBUTES + RC_MAC_Start_handle; - // and that it is a signing key - if(!IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, sign)) - return TPM_RCS_KEY + RC_MAC_Start_handle; - -// Internal Data Update - // Create a HMAC sequence object. A TPM_RC_OBJECT_MEMORY error may be - // returned at this point - return ObjectCreateHMACSequence(in->inScheme, - keyObject, - &in->auth, - &out->sequenceHandle); -} - -#endif // CC_MAC_Start \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/HashHMAC/SequenceComplete.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/HashHMAC/SequenceComplete.c deleted file mode 100644 index d342ed85e..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/HashHMAC/SequenceComplete.c +++ /dev/null @@ -1,131 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "SequenceComplete_fp.h" - -#if CC_SequenceComplete // Conditional expansion of this file - -/*(See part 3 specification) -// Complete a sequence and flush the object. -*/ -// Return Type: TPM_RC -// TPM_RC_MODE 'sequenceHandle' does not reference a hash or HMAC -// sequence object -TPM_RC -TPM2_SequenceComplete( - SequenceComplete_In *in, // IN: input parameter list - SequenceComplete_Out *out // OUT: output parameter list - ) -{ - HASH_OBJECT *hashObject; -// Input validation - // Get hash object pointer - hashObject = (HASH_OBJECT *)HandleToObject(in->sequenceHandle); - - // input handle must be a hash or HMAC sequence object. - if(hashObject->attributes.hashSeq == CLEAR - && hashObject->attributes.hmacSeq == CLEAR) - return TPM_RCS_MODE + RC_SequenceComplete_sequenceHandle; -// Command Output - if(hashObject->attributes.hashSeq == SET) // sequence object for hash - { - // Get the hash algorithm before the algorithm is lost in CryptHashEnd - TPM_ALG_ID hashAlg = hashObject->state.hashState[0].hashAlg; - - // Update last piece of the data - CryptDigestUpdate2B(&hashObject->state.hashState[0], &in->buffer.b); - - // Complete hash - out->result.t.size = CryptHashEnd(&hashObject->state.hashState[0], - sizeof(out->result.t.buffer), - out->result.t.buffer); - // Check if the first block of the sequence has been received - if(hashObject->attributes.firstBlock == CLEAR) - { - // If not, then this is the first block so see if it is 'safe' - // to sign. - if(TicketIsSafe(&in->buffer.b)) - hashObject->attributes.ticketSafe = SET; - } - // Output ticket - out->validation.tag = TPM_ST_HASHCHECK; - out->validation.hierarchy = in->hierarchy; - - if(in->hierarchy == TPM_RH_NULL) - { - // Ticket is not required - out->validation.digest.t.size = 0; - } - else if(hashObject->attributes.ticketSafe == CLEAR) - { - // Ticket is not safe to generate - out->validation.hierarchy = TPM_RH_NULL; - out->validation.digest.t.size = 0; - } - else - { - // Compute ticket - TicketComputeHashCheck(out->validation.hierarchy, hashAlg, - &out->result, &out->validation); - } - } - else - { - // Update last piece of data - CryptDigestUpdate2B(&hashObject->state.hmacState.hashState, &in->buffer.b); -#if !SMAC_IMPLEMENTED - // Complete HMAC - out->result.t.size = CryptHmacEnd(&(hashObject->state.hmacState), - sizeof(out->result.t.buffer), - out->result.t.buffer); -#else - // Complete the MAC - out->result.t.size = CryptMacEnd(&hashObject->state.hmacState, - sizeof(out->result.t.buffer), - out->result.t.buffer); -#endif - // No ticket is generated for HMAC sequence - out->validation.tag = TPM_ST_HASHCHECK; - out->validation.hierarchy = TPM_RH_NULL; - out->validation.digest.t.size = 0; - } -// Internal Data Update - // mark sequence object as evict so it will be flushed on the way out - hashObject->attributes.evict = SET; - - return TPM_RC_SUCCESS; -} - -#endif // CC_SequenceComplete \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/HashHMAC/SequenceUpdate.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/HashHMAC/SequenceUpdate.c deleted file mode 100644 index a02264704..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/HashHMAC/SequenceUpdate.c +++ /dev/null @@ -1,106 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "SequenceUpdate_fp.h" - -#if CC_SequenceUpdate // Conditional expansion of this file - -/*(See part 3 specification) -// This function is used to add data to a sequence object. -*/ -// Return Type: TPM_RC -// TPM_RC_MODE 'sequenceHandle' does not reference a hash or HMAC -// sequence object -TPM_RC -TPM2_SequenceUpdate( - SequenceUpdate_In *in // IN: input parameter list - ) -{ - OBJECT *object; - HASH_OBJECT *hashObject; - -// Input Validation - - // Get sequence object pointer - object = HandleToObject(in->sequenceHandle); - hashObject = (HASH_OBJECT *)object; - - // Check that referenced object is a sequence object. - if(!ObjectIsSequence(object)) - return TPM_RCS_MODE + RC_SequenceUpdate_sequenceHandle; - -// Internal Data Update - - if(object->attributes.eventSeq == SET) - { - // Update event sequence object - UINT32 i; - for(i = 0; i < HASH_COUNT; i++) - { - // Update sequence object - CryptDigestUpdate2B(&hashObject->state.hashState[i], &in->buffer.b); - } - } - else - { - // Update hash/HMAC sequence object - if(hashObject->attributes.hashSeq == SET) - { - // Is this the first block of the sequence - if(hashObject->attributes.firstBlock == CLEAR) - { - // If so, indicate that first block was received - hashObject->attributes.firstBlock = SET; - - // Check the first block to see if the first block can contain - // the TPM_GENERATED_VALUE. If it does, it is not safe for - // a ticket. - if(TicketIsSafe(&in->buffer.b)) - hashObject->attributes.ticketSafe = SET; - } - // Update sequence object hash/HMAC stack - CryptDigestUpdate2B(&hashObject->state.hashState[0], &in->buffer.b); - } - else if(object->attributes.hmacSeq == SET) - { - // Update sequence object HMAC stack - CryptDigestUpdate2B(&hashObject->state.hmacState.hashState, - &in->buffer.b); - } - } - return TPM_RC_SUCCESS; -} - -#endif // CC_SequenceUpdate \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/ChangeEPS.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/ChangeEPS.c deleted file mode 100644 index 2735e1118..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/ChangeEPS.c +++ /dev/null @@ -1,95 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "ChangeEPS_fp.h" - -#if CC_ChangeEPS // Conditional expansion of this file - -/*(See part 3 specification) -// Reset current EPS value -*/ -TPM_RC -TPM2_ChangeEPS( - ChangeEPS_In *in // IN: input parameter list - ) -{ - // The command needs NV update. Check if NV is available. - // A TPM_RC_NV_UNAVAILABLE or TPM_RC_NV_RATE error may be returned at - // this point - RETURN_IF_NV_IS_NOT_AVAILABLE; - - // Input parameter is not reference in command action - NOT_REFERENCED(in); - -// Internal Data Update - - // Reset endorsement hierarchy seed from RNG - CryptRandomGenerate(sizeof(gp.EPSeed.t.buffer), gp.EPSeed.t.buffer); - - // Create new ehProof value from RNG - CryptRandomGenerate(sizeof(gp.ehProof.t.buffer), gp.ehProof.t.buffer); - - // Enable endorsement hierarchy - gc.ehEnable = TRUE; - - // set authValue buffer to zeros - MemorySet(gp.endorsementAuth.t.buffer, 0, gp.endorsementAuth.t.size); - // Set endorsement authValue to null - gp.endorsementAuth.t.size = 0; - - // Set endorsement authPolicy to null - gp.endorsementAlg = TPM_ALG_NULL; - gp.endorsementPolicy.t.size = 0; - - // Flush loaded object in endorsement hierarchy - ObjectFlushHierarchy(TPM_RH_ENDORSEMENT); - - // Flush evict object of endorsement hierarchy stored in NV - NvFlushHierarchy(TPM_RH_ENDORSEMENT); - - // Save hierarchy changes to NV - NV_SYNC_PERSISTENT(EPSeed); - NV_SYNC_PERSISTENT(ehProof); - NV_SYNC_PERSISTENT(endorsementAuth); - NV_SYNC_PERSISTENT(endorsementAlg); - NV_SYNC_PERSISTENT(endorsementPolicy); - - // orderly state should be cleared because of the update to state clear data - g_clearOrderly = TRUE; - - return TPM_RC_SUCCESS; -} - -#endif // CC_ChangeEPS \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/ChangePPS.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/ChangePPS.c deleted file mode 100644 index 5637a8847..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/ChangePPS.c +++ /dev/null @@ -1,96 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "ChangePPS_fp.h" - -#if CC_ChangePPS // Conditional expansion of this file - -/*(See part 3 specification) -// Reset current PPS value -*/ -TPM_RC -TPM2_ChangePPS( - ChangePPS_In *in // IN: input parameter list - ) -{ - UINT32 i; - - // Check if NV is available. A TPM_RC_NV_UNAVAILABLE or TPM_RC_NV_RATE - // error may be returned at this point - RETURN_IF_NV_IS_NOT_AVAILABLE; - - // Input parameter is not reference in command action - NOT_REFERENCED(in); - -// Internal Data Update - - // Reset platform hierarchy seed from RNG - CryptRandomGenerate(sizeof(gp.PPSeed.t.buffer), gp.PPSeed.t.buffer); - - // Create a new phProof value from RNG to prevent the saved platform - // hierarchy contexts being loaded - CryptRandomGenerate(sizeof(gp.phProof.t.buffer), gp.phProof.t.buffer); - - // Set platform authPolicy to null - gc.platformAlg = TPM_ALG_NULL; - gc.platformPolicy.t.size = 0; - - // Flush loaded object in platform hierarchy - ObjectFlushHierarchy(TPM_RH_PLATFORM); - - // Flush platform evict object and index in NV - NvFlushHierarchy(TPM_RH_PLATFORM); - - // Save hierarchy changes to NV - NV_SYNC_PERSISTENT(PPSeed); - NV_SYNC_PERSISTENT(phProof); - - // Re-initialize PCR policies -#if defined NUM_POLICY_PCR_GROUP && NUM_POLICY_PCR_GROUP > 0 - for(i = 0; i < NUM_POLICY_PCR_GROUP; i++) - { - gp.pcrPolicies.hashAlg[i] = TPM_ALG_NULL; - gp.pcrPolicies.policy[i].t.size = 0; - } - NV_SYNC_PERSISTENT(pcrPolicies); -#endif - - // orderly state should be cleared because of the update to state clear data - g_clearOrderly = TRUE; - - return TPM_RC_SUCCESS; -} - -#endif // CC_ChangePPS \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/Clear.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/Clear.c deleted file mode 100644 index b38932a85..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/Clear.c +++ /dev/null @@ -1,125 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "Clear_fp.h" - -#if CC_Clear // Conditional expansion of this file - -/*(See part 3 specification) -// Clear owner -*/ -// Return Type: TPM_RC -// TPM_RC_DISABLED Clear command has been disabled -TPM_RC -TPM2_Clear( - Clear_In *in // IN: input parameter list - ) -{ - // Input parameter is not reference in command action - NOT_REFERENCED(in); - - // The command needs NV update. Check if NV is available. - // A TPM_RC_NV_UNAVAILABLE or TPM_RC_NV_RATE error may be returned at - // this point - RETURN_IF_NV_IS_NOT_AVAILABLE; - -// Input Validation - - // If Clear command is disabled, return an error - if(gp.disableClear) - return TPM_RC_DISABLED; - -// Internal Data Update - - // Reset storage hierarchy seed from RNG - CryptRandomGenerate(sizeof(gp.SPSeed.t.buffer), gp.SPSeed.t.buffer); - - // Create new shProof and ehProof value from RNG - CryptRandomGenerate(sizeof(gp.shProof.t.buffer), gp.shProof.t.buffer); - CryptRandomGenerate(sizeof(gp.ehProof.t.buffer), gp.ehProof.t.buffer); - - // Enable storage and endorsement hierarchy - gc.shEnable = gc.ehEnable = TRUE; - - // set the authValue buffers to zero - MemorySet(&gp.ownerAuth, 0, sizeof(gp.ownerAuth)); - MemorySet(&gp.endorsementAuth, 0, sizeof(gp.endorsementAuth)); - MemorySet(&gp.lockoutAuth, 0, sizeof(gp.lockoutAuth)); - - // Set storage, endorsement, and lockout authPolicy to null - gp.ownerAlg = gp.endorsementAlg = gp.lockoutAlg = TPM_ALG_NULL; - MemorySet(&gp.ownerPolicy, 0, sizeof(gp.ownerPolicy)); - MemorySet(&gp.endorsementPolicy, 0, sizeof(gp.endorsementPolicy)); - MemorySet(&gp.lockoutPolicy, 0, sizeof(gp.lockoutPolicy)); - - // Flush loaded object in storage and endorsement hierarchy - ObjectFlushHierarchy(TPM_RH_OWNER); - ObjectFlushHierarchy(TPM_RH_ENDORSEMENT); - - // Flush owner and endorsement object and owner index in NV - NvFlushHierarchy(TPM_RH_OWNER); - NvFlushHierarchy(TPM_RH_ENDORSEMENT); - - // Initialize dictionary attack parameters - DAPreInstall_Init(); - - // Reset clock - go.clock = 0; - go.clockSafe = YES; - NvWrite(NV_ORDERLY_DATA, sizeof(ORDERLY_DATA), &go); - - // Reset counters - gp.resetCount = gr.restartCount = gr.clearCount = 0; - gp.auditCounter = 0; - - // Save persistent data changes to NV - // Note: since there are so many changes to the persistent data structure, the - // entire PERSISTENT_DATA structure is written as a unit - NvWrite(NV_PERSISTENT_DATA, sizeof(PERSISTENT_DATA), &gp); - - // Reset the PCR authValues (this does not change the PCRs) - PCR_ClearAuth(); - - // Bump the PCR counter - PCRChanged(0); - - - // orderly state should be cleared because of the update to state clear data - g_clearOrderly = TRUE; - - return TPM_RC_SUCCESS; -} - -#endif // CC_Clear \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/ClearControl.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/ClearControl.c deleted file mode 100644 index 4bf2407e7..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/ClearControl.c +++ /dev/null @@ -1,72 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "ClearControl_fp.h" - -#if CC_ClearControl // Conditional expansion of this file - -/*(See part 3 specification) -// Enable or disable the execution of TPM2_Clear command -*/ -// Return Type: TPM_RC -// TPM_RC_AUTH_FAIL authorization is not properly given -TPM_RC -TPM2_ClearControl( - ClearControl_In *in // IN: input parameter list - ) -{ - // The command needs NV update. - RETURN_IF_NV_IS_NOT_AVAILABLE; - -// Input Validation - - // LockoutAuth may be used to set disableLockoutClear to TRUE but not to FALSE - if(in->auth == TPM_RH_LOCKOUT && in->disable == NO) - return TPM_RC_AUTH_FAIL; - -// Internal Data Update - - if(in->disable == YES) - gp.disableClear = TRUE; - else - gp.disableClear = FALSE; - - // Record the change to NV - NV_SYNC_PERSISTENT(disableClear); - - return TPM_RC_SUCCESS; -} - -#endif // CC_ClearControl \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/CreatePrimary.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/CreatePrimary.c deleted file mode 100644 index b0c3c6d8c..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/CreatePrimary.c +++ /dev/null @@ -1,143 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "CreatePrimary_fp.h" - -#if CC_CreatePrimary // Conditional expansion of this file - -/*(See part 3 specification) -// Creates a primary or temporary object from a primary seed. -*/ -// Return Type: TPM_RC -// TPM_RC_ATTRIBUTES sensitiveDataOrigin is CLEAR when sensitive.data is an -// Empty Buffer 'fixedTPM', 'fixedParent', or -// 'encryptedDuplication' attributes are inconsistent -// between themselves or with those of the parent object; -// inconsistent 'restricted', 'decrypt' and 'sign' -// attributes -// attempt to inject sensitive data for an asymmetric -// key; -// TPM_RC_KDF incorrect KDF specified for decrypting keyed hash -// object -// TPM_RC_KEY a provided symmetric key value is not allowed -// TPM_RC_OBJECT_MEMORY there is no free slot for the object -// TPM_RC_SCHEME inconsistent attributes 'decrypt', 'sign', -// 'restricted' and key's scheme ID; or hash algorithm is -// inconsistent with the scheme ID for keyed hash object -// TPM_RC_SIZE size of public authorization policy or sensitive -// authorization value does not match digest size of the -// name algorithm; or sensitive data size for the keyed -// hash object is larger than is allowed for the scheme -// TPM_RC_SYMMETRIC a storage key with no symmetric algorithm specified; -// or non-storage key with symmetric algorithm different -// from TPM_ALG_NULL -// TPM_RC_TYPE unknown object type -TPM_RC -TPM2_CreatePrimary( - CreatePrimary_In *in, // IN: input parameter list - CreatePrimary_Out *out // OUT: output parameter list - ) -{ - TPM_RC result = TPM_RC_SUCCESS; - TPMT_PUBLIC *publicArea; - DRBG_STATE rand; - OBJECT *newObject; - TPM2B_NAME name; - -// Input Validation - // Will need a place to put the result - newObject = FindEmptyObjectSlot(&out->objectHandle); - if(newObject == NULL) - return TPM_RC_OBJECT_MEMORY; - // Get the address of the public area in the new object - // (this is just to save typing) - publicArea = &newObject->publicArea; - - *publicArea = in->inPublic.publicArea; - - // Check attributes in input public area. CreateChecks() checks the things that - // are unique to creation and then validates the attributes and values that are - // common to create and load. - result = CreateChecks(NULL, publicArea, - in->inSensitive.sensitive.data.t.size); - if(result != TPM_RC_SUCCESS) - return RcSafeAddToResult(result, RC_CreatePrimary_inPublic); - // Validate the sensitive area values - if(!AdjustAuthSize(&in->inSensitive.sensitive.userAuth, - publicArea->nameAlg)) - return TPM_RCS_SIZE + RC_CreatePrimary_inSensitive; -// Command output - // Compute the name using out->name as a scratch area (this is not the value - // that ultimately will be returned, then instantiate the state that will be - // used as a random number generator during the object creation. - // The caller does not know the seed values so the actual name does not have - // to be over the input, it can be over the unmarshaled structure. - result = DRBG_InstantiateSeeded(&rand, - &HierarchyGetPrimarySeed(in->primaryHandle)->b, - PRIMARY_OBJECT_CREATION, - (TPM2B *)PublicMarshalAndComputeName(publicArea, &name), - &in->inSensitive.sensitive.data.b); - if(result == TPM_RC_SUCCESS) - { - newObject->attributes.primary = SET; - if(in->primaryHandle == TPM_RH_ENDORSEMENT) - newObject->attributes.epsHierarchy = SET; - - // Create the primary object. - result = CryptCreateObject(newObject, &in->inSensitive.sensitive, - (RAND_STATE *)&rand); - } - if(result != TPM_RC_SUCCESS) - return result; - - // Set the publicArea and name from the computed values - out->outPublic.publicArea = newObject->publicArea; - out->name = newObject->name; - - // Fill in creation data - FillInCreationData(in->primaryHandle, publicArea->nameAlg, - &in->creationPCR, &in->outsideInfo, &out->creationData, - &out->creationHash); - - // Compute creation ticket - TicketComputeCreation(EntityGetHierarchy(in->primaryHandle), &out->name, - &out->creationHash, &out->creationTicket); - - // Set the remaining attributes for a loaded object - ObjectSetLoadedAttributes(newObject, in->primaryHandle); - return result; -} - -#endif // CC_CreatePrimary \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/HierarchyChangeAuth.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/HierarchyChangeAuth.c deleted file mode 100644 index db398f531..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/HierarchyChangeAuth.c +++ /dev/null @@ -1,91 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "HierarchyChangeAuth_fp.h" - -#if CC_HierarchyChangeAuth // Conditional expansion of this file - -#include "Object_spt_fp.h" - -/*(See part 3 specification) -// Set a hierarchy authValue -*/ -// Return Type: TPM_RC -// TPM_RC_SIZE 'newAuth' size is greater than that of integrity hash -// digest -TPM_RC -TPM2_HierarchyChangeAuth( - HierarchyChangeAuth_In *in // IN: input parameter list - ) -{ - // The command needs NV update. - RETURN_IF_NV_IS_NOT_AVAILABLE; - - // Make sure that the authorization value is a reasonable size (not larger than - // the size of the digest produced by the integrity hash. The integrity - // hash is assumed to produce the longest digest of any hash implemented - // on the TPM. This will also remove trailing zeros from the authValue. - if(MemoryRemoveTrailingZeros(&in->newAuth) > CONTEXT_INTEGRITY_HASH_SIZE) - return TPM_RCS_SIZE + RC_HierarchyChangeAuth_newAuth; - - // Set hierarchy authValue - switch(in->authHandle) - { - case TPM_RH_OWNER: - gp.ownerAuth = in->newAuth; - NV_SYNC_PERSISTENT(ownerAuth); - break; - case TPM_RH_ENDORSEMENT: - gp.endorsementAuth = in->newAuth; - NV_SYNC_PERSISTENT(endorsementAuth); - break; - case TPM_RH_PLATFORM: - gc.platformAuth = in->newAuth; - // orderly state should be cleared - g_clearOrderly = TRUE; - break; - case TPM_RH_LOCKOUT: - gp.lockoutAuth = in->newAuth; - NV_SYNC_PERSISTENT(lockoutAuth); - break; - default: - FAIL(FATAL_ERROR_INTERNAL); - break; - } - - return TPM_RC_SUCCESS; -} - -#endif // CC_HierarchyChangeAuth \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/HierarchyControl.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/HierarchyControl.c deleted file mode 100644 index 5e1b527d4..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/HierarchyControl.c +++ /dev/null @@ -1,144 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "HierarchyControl_fp.h" - -#if CC_HierarchyControl // Conditional expansion of this file - -/*(See part 3 specification) -// Enable or disable use of a hierarchy -*/ -// Return Type: TPM_RC -// TPM_RC_AUTH_TYPE 'authHandle' is not applicable to 'hierarchy' in its -// current state -TPM_RC -TPM2_HierarchyControl( - HierarchyControl_In *in // IN: input parameter list - ) -{ - BOOL select = (in->state == YES); - BOOL *selected = NULL; - -// Input Validation - switch(in->enable) - { - // Platform hierarchy has to be disabled by PlatformAuth - // If the platform hierarchy has already been disabled, only a reboot - // can enable it again - case TPM_RH_PLATFORM: - case TPM_RH_PLATFORM_NV: - if(in->authHandle != TPM_RH_PLATFORM) - return TPM_RC_AUTH_TYPE; - break; - - // ShEnable may be disabled if PlatformAuth/PlatformPolicy or - // OwnerAuth/OwnerPolicy is provided. If ShEnable is disabled, then it - // may only be enabled if PlatformAuth/PlatformPolicy is provided. - case TPM_RH_OWNER: - if(in->authHandle != TPM_RH_PLATFORM - && in->authHandle != TPM_RH_OWNER) - return TPM_RC_AUTH_TYPE; - if(gc.shEnable == FALSE && in->state == YES - && in->authHandle != TPM_RH_PLATFORM) - return TPM_RC_AUTH_TYPE; - break; - - // EhEnable may be disabled if either PlatformAuth/PlatformPolicy or - // EndosementAuth/EndorsementPolicy is provided. If EhEnable is disabled, - // then it may only be enabled if PlatformAuth/PlatformPolicy is - // provided. - case TPM_RH_ENDORSEMENT: - if(in->authHandle != TPM_RH_PLATFORM - && in->authHandle != TPM_RH_ENDORSEMENT) - return TPM_RC_AUTH_TYPE; - if(gc.ehEnable == FALSE && in->state == YES - && in->authHandle != TPM_RH_PLATFORM) - return TPM_RC_AUTH_TYPE; - break; - default: - FAIL(FATAL_ERROR_INTERNAL); - break; - } - -// Internal Data Update - - // Enable or disable the selected hierarchy - // Note: the authorization processing for this command may keep these - // command actions from being executed. For example, if phEnable is - // CLEAR, then platformAuth cannot be used for authorization. This - // means that would not be possible to use platformAuth to change the - // state of phEnable from CLEAR to SET. - // If it is decided that platformPolicy can still be used when phEnable - // is CLEAR, then this code could SET phEnable when proper platform - // policy is provided. - switch(in->enable) - { - case TPM_RH_OWNER: - selected = &gc.shEnable; - break; - case TPM_RH_ENDORSEMENT: - selected = &gc.ehEnable; - break; - case TPM_RH_PLATFORM: - selected = &g_phEnable; - break; - case TPM_RH_PLATFORM_NV: - selected = &gc.phEnableNV; - break; - default: - FAIL(FATAL_ERROR_INTERNAL); - break; - } - if(selected != NULL && *selected != select) - { - // Before changing the internal state, make sure that NV is available. - // Only need to update NV if changing the orderly state - RETURN_IF_ORDERLY; - - // state is changing and NV is available so modify - *selected = select; - // If a hierarchy was just disabled, flush it - if(select == CLEAR && in->enable != TPM_RH_PLATFORM_NV) - // Flush hierarchy - ObjectFlushHierarchy(in->enable); - - // orderly state should be cleared because of the update to state clear data - // This gets processed in ExecuteCommand() on the way out. - g_clearOrderly = TRUE; - } - return TPM_RC_SUCCESS; -} - -#endif // CC_HierarchyControl \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/SetPrimaryPolicy.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/SetPrimaryPolicy.c deleted file mode 100644 index e51fe1501..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/SetPrimaryPolicy.c +++ /dev/null @@ -1,102 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "SetPrimaryPolicy_fp.h" - -#if CC_SetPrimaryPolicy // Conditional expansion of this file - -/*(See part 3 specification) -// Set a hierarchy policy -*/ -// Return Type: TPM_RC -// TPM_RC_SIZE size of input authPolicy is not consistent with -// input hash algorithm -TPM_RC -TPM2_SetPrimaryPolicy( - SetPrimaryPolicy_In *in // IN: input parameter list - ) -{ -// Input Validation - - // Check the authPolicy consistent with hash algorithm. If the policy size is - // zero, then the algorithm is required to be TPM_ALG_NULL - if(in->authPolicy.t.size != CryptHashGetDigestSize(in->hashAlg)) - return TPM_RCS_SIZE + RC_SetPrimaryPolicy_authPolicy; - - // The command need NV update for OWNER and ENDORSEMENT hierarchy, and - // might need orderlyState update for PLATFROM hierarchy. - // Check if NV is available. A TPM_RC_NV_UNAVAILABLE or TPM_RC_NV_RATE - // error may be returned at this point - RETURN_IF_NV_IS_NOT_AVAILABLE; - -// Internal Data Update - - // Set hierarchy policy - switch(in->authHandle) - { - case TPM_RH_OWNER: - gp.ownerAlg = in->hashAlg; - gp.ownerPolicy = in->authPolicy; - NV_SYNC_PERSISTENT(ownerAlg); - NV_SYNC_PERSISTENT(ownerPolicy); - break; - case TPM_RH_ENDORSEMENT: - gp.endorsementAlg = in->hashAlg; - gp.endorsementPolicy = in->authPolicy; - NV_SYNC_PERSISTENT(endorsementAlg); - NV_SYNC_PERSISTENT(endorsementPolicy); - break; - case TPM_RH_PLATFORM: - gc.platformAlg = in->hashAlg; - gc.platformPolicy = in->authPolicy; - // need to update orderly state - g_clearOrderly = TRUE; - break; - case TPM_RH_LOCKOUT: - gp.lockoutAlg = in->hashAlg; - gp.lockoutPolicy = in->authPolicy; - NV_SYNC_PERSISTENT(lockoutAlg); - NV_SYNC_PERSISTENT(lockoutPolicy); - break; - - default: - FAIL(FATAL_ERROR_INTERNAL); - break; - } - - return TPM_RC_SUCCESS; -} - -#endif // CC_SetPrimaryPolicy \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Misc/PP_Commands.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Misc/PP_Commands.c deleted file mode 100644 index 6365bf7a9..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Misc/PP_Commands.c +++ /dev/null @@ -1,80 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "PP_Commands_fp.h" - -#if CC_PP_Commands // Conditional expansion of this file - -/*(See part 3 specification) -// This command is used to determine which commands require assertion of -// Physical Presence in addition to platformAuth/platformPolicy. -*/ -TPM_RC -TPM2_PP_Commands( - PP_Commands_In *in // IN: input parameter list - ) -{ - UINT32 i; - - // The command needs NV update. Check if NV is available. - // A TPM_RC_NV_UNAVAILABLE or TPM_RC_NV_RATE error may be returned at - // this point - RETURN_IF_NV_IS_NOT_AVAILABLE; - -// Internal Data Update - - // Process set list - for(i = 0; i < in->setList.count; i++) - // If command is implemented, set it as PP required. If the input - // command is not a PP command, it will be ignored at - // PhysicalPresenceCommandSet(). - // Note: PhysicalPresenceCommandSet() checks if the command is implemented. - PhysicalPresenceCommandSet(in->setList.commandCodes[i]); - - // Process clear list - for(i = 0; i < in->clearList.count; i++) - // If command is implemented, clear it as PP required. If the input - // command is not a PP command, it will be ignored at - // PhysicalPresenceCommandClear(). If the input command is - // TPM2_PP_Commands, it will be ignored as well - PhysicalPresenceCommandClear(in->clearList.commandCodes[i]); - - // Save the change of PP list - NV_SYNC_PERSISTENT(ppList); - - return TPM_RC_SUCCESS; -} - -#endif // CC_PP_Commands \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Misc/SetAlgorithmSet.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Misc/SetAlgorithmSet.c deleted file mode 100644 index 5df8ebe5c..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Misc/SetAlgorithmSet.c +++ /dev/null @@ -1,62 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "SetAlgorithmSet_fp.h" - -#if CC_SetAlgorithmSet // Conditional expansion of this file - -/*(See part 3 specification) -// This command allows the platform to change the algorithm set setting of the TPM -*/ -TPM_RC -TPM2_SetAlgorithmSet( - SetAlgorithmSet_In *in // IN: input parameter list - ) -{ - // The command needs NV update. Check if NV is available. - // A TPM_RC_NV_UNAVAILABLE or TPM_RC_NV_RATE error may be returned at - // this point - RETURN_IF_NV_IS_NOT_AVAILABLE; - -// Internal Data Update - gp.algorithmSet = in->algorithmSet; - - // Write the algorithm set changes to NV - NV_SYNC_PERSISTENT(algorithmSet); - - return TPM_RC_SUCCESS; -} - -#endif // CC_SetAlgorithmSet \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_Certify.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_Certify.c deleted file mode 100644 index 6bd424766..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_Certify.c +++ /dev/null @@ -1,141 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "Attest_spt_fp.h" -#include "NV_Certify_fp.h" - -#if CC_NV_Certify // Conditional expansion of this file - -/*(See part 3 specification) -// certify the contents of an NV index or portion of an NV index -*/ -// Return Type: TPM_RC -// TPM_RC_NV_AUTHORIZATION the authorization was valid but the -// authorizing entity ('authHandle') -// is not allowed to read from the Index -// referenced by 'nvIndex' -// TPM_RC_KEY 'signHandle' does not reference a signing -// key -// TPM_RC_NV_LOCKED Index referenced by 'nvIndex' is locked -// for reading -// TPM_RC_NV_RANGE 'offset' plus 'size' extends outside of the -// data range of the Index referenced by -// 'nvIndex' -// TPM_RC_NV_UNINITIALIZED Index referenced by 'nvIndex' has not been -// written -// TPM_RC_SCHEME 'inScheme' is not an allowed value for the -// key definition -TPM_RC -TPM2_NV_Certify( - NV_Certify_In *in, // IN: input parameter list - NV_Certify_Out *out // OUT: output parameter list - ) -{ - TPM_RC result; - NV_REF locator; - NV_INDEX *nvIndex = NvGetIndexInfo(in->nvIndex, &locator); - TPMS_ATTEST certifyInfo; - OBJECT *signObject = HandleToObject(in->signHandle); -// Input Validation - if(!IsSigningObject(signObject)) - return TPM_RCS_KEY + RC_NV_Certify_signHandle; - if(!CryptSelectSignScheme(signObject, &in->inScheme)) - return TPM_RCS_SCHEME + RC_NV_Certify_inScheme; - - // Common access checks, NvWriteAccessCheck() may return TPM_RC_NV_AUTHORIZATION - // or TPM_RC_NV_LOCKED - result = NvReadAccessChecks(in->authHandle, in->nvIndex, - nvIndex->publicArea.attributes); - if(result != TPM_RC_SUCCESS) - return result; - - // make sure that the selection is within the range of the Index (cast to avoid - // any wrap issues with addition) - if((UINT32)in->size + (UINT32)in->offset > (UINT32)nvIndex->publicArea.dataSize) - return TPM_RC_NV_RANGE; - // Make sure the data will fit the return buffer. - // NOTE: This check may be modified if the output buffer will not hold the - // maximum sized NV buffer as part of the certified data. The difference in - // size could be substantial if the signature scheme was produced a large - // signature (e.g., RSA 4096). - if(in->size > MAX_NV_BUFFER_SIZE) - return TPM_RCS_VALUE + RC_NV_Certify_size; - -// Command Output - - // Fill in attest information common fields - FillInAttestInfo(in->signHandle, &in->inScheme, &in->qualifyingData, - &certifyInfo); - - // Get the name of the index - NvGetIndexName(nvIndex, &certifyInfo.attested.nv.indexName); - - // See if this is old format or new format - if ((in->size != 0) || (in->offset != 0)) - { - // NV certify specific fields - // Attestation type - certifyInfo.type = TPM_ST_ATTEST_NV; - - // Set the return size - certifyInfo.attested.nv.nvContents.t.size = in->size; - - // Set the offset - certifyInfo.attested.nv.offset = in->offset; - - // Perform the read - NvGetIndexData(nvIndex, locator, in->offset, in->size, - certifyInfo.attested.nv.nvContents.t.buffer); - } - else - { - HASH_STATE hashState; - // This is to sign a digest of the data - certifyInfo.type = TPM_ST_ATTEST_NV_DIGEST; - // Initialize the hash before calling the function to add the Index data to - // the hash. - certifyInfo.attested.nvDigest.nvDigest.t.size = - CryptHashStart(&hashState, in->inScheme.details.any.hashAlg); - NvHashIndexData(&hashState, nvIndex, locator, 0, - nvIndex->publicArea.dataSize); - CryptHashEnd2B(&hashState, &certifyInfo.attested.nvDigest.nvDigest.b); - } - // Sign attestation structure. A NULL signature will be returned if - // signObject is NULL. - return SignAttestInfo(signObject, &in->inScheme, &certifyInfo, - &in->qualifyingData, &out->certifyInfo, &out->signature); -} - -#endif // CC_NV_Certify \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_ChangeAuth.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_ChangeAuth.c deleted file mode 100644 index 5cb2a69e6..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_ChangeAuth.c +++ /dev/null @@ -1,68 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "NV_ChangeAuth_fp.h" - -#if CC_NV_ChangeAuth // Conditional expansion of this file - -/*(See part 3 specification) -// change authorization value of a NV index -*/ -// Return Type: TPM_RC -// TPM_RC_SIZE 'newAuth' size is larger than the digest -// size of the Name algorithm for the Index -// referenced by 'nvIndex -TPM_RC -TPM2_NV_ChangeAuth( - NV_ChangeAuth_In *in // IN: input parameter list - ) -{ - NV_REF locator; - NV_INDEX *nvIndex = NvGetIndexInfo(in->nvIndex, &locator); - -// Input Validation - - // Remove trailing zeros and make sure that the result is not larger than the - // digest of the nameAlg. - if(MemoryRemoveTrailingZeros(&in->newAuth) - > CryptHashGetDigestSize(nvIndex->publicArea.nameAlg)) - return TPM_RCS_SIZE + RC_NV_ChangeAuth_newAuth; - -// Internal Data Update - // Change authValue - return NvWriteIndexAuth(locator, &in->newAuth); -} - -#endif // CC_NV_ChangeAuth \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_DefineSpace.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_DefineSpace.c deleted file mode 100644 index 45e1dc107..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_DefineSpace.c +++ /dev/null @@ -1,226 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "NV_DefineSpace_fp.h" - -#if CC_NV_DefineSpace // Conditional expansion of this file - -/*(See part 3 specification) -// Define a NV index space -*/ -// Return Type: TPM_RC -// TPM_RC_HIERARCHY for authorizations using TPM_RH_PLATFORM -// phEnable_NV is clear preventing access to NV -// data in the platform hierarchy. -// TPM_RC_ATTRIBUTES attributes of the index are not consistent -// TPM_RC_NV_DEFINED index already exists -// TPM_RC_NV_SPACE insufficient space for the index -// TPM_RC_SIZE 'auth->size' or 'publicInfo->authPolicy.size' is -// larger than the digest size of -// 'publicInfo->nameAlg'; or 'publicInfo->dataSize' -// is not consistent with 'publicInfo->attributes' -// (this includes the case when the index is -// larger than a MAX_NV_BUFFER_SIZE but the -// TPMA_NV_WRITEALL attribute is SET) -TPM_RC -TPM2_NV_DefineSpace( - NV_DefineSpace_In *in // IN: input parameter list - ) -{ - TPMA_NV attributes = in->publicInfo.nvPublic.attributes; - UINT16 nameSize; - - nameSize = CryptHashGetDigestSize(in->publicInfo.nvPublic.nameAlg); - -// Input Validation - - // Checks not specific to type - - // If the UndefineSpaceSpecial command is not implemented, then can't have - // an index that can only be deleted with policy -#if CC_NV_UndefineSpaceSpecial == NO - if(IS_ATTRIBUTE(attributes, TPMA_NV, POLICY_DELETE)) - return TPM_RCS_ATTRIBUTES + RC_NV_DefineSpace_publicInfo; -#endif - - // check that the authPolicy consistent with hash algorithm - - if(in->publicInfo.nvPublic.authPolicy.t.size != 0 - && in->publicInfo.nvPublic.authPolicy.t.size != nameSize) - return TPM_RCS_SIZE + RC_NV_DefineSpace_publicInfo; - - // make sure that the authValue is not too large - if(MemoryRemoveTrailingZeros(&in->auth) - > CryptHashGetDigestSize(in->publicInfo.nvPublic.nameAlg)) - return TPM_RCS_SIZE + RC_NV_DefineSpace_auth; - - // If an index is being created by the owner and shEnable is - // clear, then we would not reach this point because ownerAuth - // can't be given when shEnable is CLEAR. However, if phEnable - // is SET but phEnableNV is CLEAR, we have to check here - if(in->authHandle == TPM_RH_PLATFORM && gc.phEnableNV == CLEAR) - return TPM_RCS_HIERARCHY + RC_NV_DefineSpace_authHandle; - - // Attribute checks - // Eliminate the unsupported types - switch(GET_TPM_NT(attributes)) - { -#if CC_NV_Increment == YES - case TPM_NT_COUNTER: -#endif -#if CC_NV_SetBits == YES - case TPM_NT_BITS: -#endif -#if CC_NV_Extend == YES - case TPM_NT_EXTEND: -#endif -#if CC_PolicySecret == YES && defined TPM_NT_PIN_PASS - case TPM_NT_PIN_PASS: - case TPM_NT_PIN_FAIL: -#endif - case TPM_NT_ORDINARY: - break; - default: - return TPM_RCS_ATTRIBUTES + RC_NV_DefineSpace_publicInfo; - break; - } - // Check that the sizes are OK based on the type - switch(GET_TPM_NT(attributes)) - { - case TPM_NT_ORDINARY: - // Can't exceed the allowed size for the implementation - if(in->publicInfo.nvPublic.dataSize > MAX_NV_INDEX_SIZE) - return TPM_RCS_SIZE + RC_NV_DefineSpace_publicInfo; - break; - case TPM_NT_EXTEND: - if(in->publicInfo.nvPublic.dataSize != nameSize) - return TPM_RCS_SIZE + RC_NV_DefineSpace_publicInfo; - break; - default: - // Everything else needs a size of 8 - if(in->publicInfo.nvPublic.dataSize != 8) - return TPM_RCS_SIZE + RC_NV_DefineSpace_publicInfo; - break; - } - // Handle other specifics - switch(GET_TPM_NT(attributes)) - { - case TPM_NT_COUNTER: - // Counter can't have TPMA_NV_CLEAR_STCLEAR SET (don't clear counters) - if(IS_ATTRIBUTE(attributes, TPMA_NV, CLEAR_STCLEAR)) - return TPM_RCS_ATTRIBUTES + RC_NV_DefineSpace_publicInfo; - break; -#ifdef TPM_NT_PIN_FAIL - case TPM_NT_PIN_FAIL: - // NV_NO_DA must be SET and AUTHWRITE must be CLEAR - // NOTE: As with a PIN_PASS index, the authValue of the index is not - // available until the index is written. If AUTHWRITE is the only way to - // write then index, it could never be written. Rather than go through - // all of the other possible ways to write the Index, it is simply - // prohibited to write the index with the authValue. Other checks - // below will insure that there seems to be a way to write the index - // (i.e., with platform authorization , owner authorization, - // or with policyAuth.) - // It is not allowed to create a PIN Index that can't be modified. - if(!IS_ATTRIBUTE(attributes, TPMA_NV, NO_DA)) - return TPM_RCS_ATTRIBUTES + RC_NV_DefineSpace_publicInfo; -#endif -#ifdef TPM_NT_PIN_PASS - case TPM_NT_PIN_PASS: - // AUTHWRITE must be CLEAR (see note above to TPM_NT_PIN_FAIL) - if(IS_ATTRIBUTE(attributes, TPMA_NV, AUTHWRITE) - || IS_ATTRIBUTE(attributes, TPMA_NV, GLOBALLOCK) - || IS_ATTRIBUTE(attributes, TPMA_NV, WRITEDEFINE)) - return TPM_RCS_ATTRIBUTES + RC_NV_DefineSpace_publicInfo; -#endif // this comes before break because PIN_FAIL falls through - break; - default: - break; - } - - // Locks may not be SET and written cannot be SET - if(IS_ATTRIBUTE(attributes, TPMA_NV, WRITTEN) - || IS_ATTRIBUTE(attributes, TPMA_NV, WRITELOCKED) - || IS_ATTRIBUTE(attributes, TPMA_NV, READLOCKED)) - return TPM_RCS_ATTRIBUTES + RC_NV_DefineSpace_publicInfo; - - // There must be a way to read the index. - if(!IS_ATTRIBUTE(attributes, TPMA_NV, OWNERREAD) - && !IS_ATTRIBUTE(attributes, TPMA_NV, PPREAD) - && !IS_ATTRIBUTE(attributes, TPMA_NV, AUTHREAD) - && !IS_ATTRIBUTE(attributes, TPMA_NV, POLICYREAD)) - return TPM_RCS_ATTRIBUTES + RC_NV_DefineSpace_publicInfo; - - // There must be a way to write the index - if(!IS_ATTRIBUTE(attributes, TPMA_NV, OWNERWRITE) - && !IS_ATTRIBUTE(attributes, TPMA_NV, PPWRITE) - && !IS_ATTRIBUTE(attributes, TPMA_NV, AUTHWRITE) - && !IS_ATTRIBUTE(attributes, TPMA_NV, POLICYWRITE)) - return TPM_RCS_ATTRIBUTES + RC_NV_DefineSpace_publicInfo; - - // An index with TPMA_NV_CLEAR_STCLEAR can't have TPMA_NV_WRITEDEFINE SET - if(IS_ATTRIBUTE(attributes, TPMA_NV, CLEAR_STCLEAR) - && IS_ATTRIBUTE(attributes, TPMA_NV, WRITEDEFINE)) - return TPM_RCS_ATTRIBUTES + RC_NV_DefineSpace_publicInfo; - - // Make sure that the creator of the index can delete the index - if((IS_ATTRIBUTE(attributes, TPMA_NV, PLATFORMCREATE) - && in->authHandle == TPM_RH_OWNER) - || (!IS_ATTRIBUTE(attributes, TPMA_NV, PLATFORMCREATE) - && in->authHandle == TPM_RH_PLATFORM)) - return TPM_RCS_ATTRIBUTES + RC_NV_DefineSpace_authHandle; - - // If TPMA_NV_POLICY_DELETE is SET, then the index must be defined by - // the platform - if(IS_ATTRIBUTE(attributes, TPMA_NV, POLICY_DELETE) - && TPM_RH_PLATFORM != in->authHandle) - return TPM_RCS_ATTRIBUTES + RC_NV_DefineSpace_publicInfo; - - // Make sure that the TPMA_NV_WRITEALL is not set if the index size is larger - // than the allowed NV buffer size. - if(in->publicInfo.nvPublic.dataSize > MAX_NV_BUFFER_SIZE - && IS_ATTRIBUTE(attributes, TPMA_NV, WRITEALL)) - return TPM_RCS_SIZE + RC_NV_DefineSpace_publicInfo; - - // And finally, see if the index is already defined. - if(NvIndexIsDefined(in->publicInfo.nvPublic.nvIndex)) - return TPM_RC_NV_DEFINED; - -// Internal Data Update - // define the space. A TPM_RC_NV_SPACE error may be returned at this point - return NvDefineIndex(&in->publicInfo.nvPublic, &in->auth); -} - -#endif // CC_NV_DefineSpace \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_Extend.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_Extend.c deleted file mode 100644 index 682d8d89f..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_Extend.c +++ /dev/null @@ -1,109 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "NV_Extend_fp.h" - -#if CC_NV_Extend // Conditional expansion of this file - -/*(See part 3 specification) -// Write to a NV index -*/ -// Return Type: TPM_RC -// TPM_RC_ATTRIBUTES the TPMA_NV_EXTEND attribute is not SET in -// the Index referenced by 'nvIndex' -// TPM_RC_NV_AUTHORIZATION the authorization was valid but the -// authorizing entity ('authHandle') -// is not allowed to write to the Index -// referenced by 'nvIndex' -// TPM_RC_NV_LOCKED the Index referenced by 'nvIndex' is locked -// for writing -TPM_RC -TPM2_NV_Extend( - NV_Extend_In *in // IN: input parameter list - ) -{ - TPM_RC result; - NV_REF locator; - NV_INDEX *nvIndex = NvGetIndexInfo(in->nvIndex, &locator); - - TPM2B_DIGEST oldDigest; - TPM2B_DIGEST newDigest; - HASH_STATE hashState; - -// Input Validation - - // Common access checks, NvWriteAccessCheck() may return TPM_RC_NV_AUTHORIZATION - // or TPM_RC_NV_LOCKED - result = NvWriteAccessChecks(in->authHandle, - in->nvIndex, - nvIndex->publicArea.attributes); - if(result != TPM_RC_SUCCESS) - return result; - - // Make sure that this is an extend index - if(!IsNvExtendIndex(nvIndex->publicArea.attributes)) - return TPM_RCS_ATTRIBUTES + RC_NV_Extend_nvIndex; - -// Internal Data Update - - // Perform the write. - oldDigest.t.size = CryptHashGetDigestSize(nvIndex->publicArea.nameAlg); - pAssert(oldDigest.t.size <= sizeof(oldDigest.t.buffer)); - if(IS_ATTRIBUTE(nvIndex->publicArea.attributes, TPMA_NV, WRITTEN)) - { - NvGetIndexData(nvIndex, locator, 0, oldDigest.t.size, oldDigest.t.buffer); - } - else - { - MemorySet(oldDigest.t.buffer, 0, oldDigest.t.size); - } - // Start hash - newDigest.t.size = CryptHashStart(&hashState, nvIndex->publicArea.nameAlg); - - // Adding old digest - CryptDigestUpdate2B(&hashState, &oldDigest.b); - - // Adding new data - CryptDigestUpdate2B(&hashState, &in->data.b); - - // Complete hash - CryptHashEnd2B(&hashState, &newDigest.b); - - // Write extended hash back. - // Note, this routine will SET the TPMA_NV_WRITTEN attribute if necessary - return NvWriteIndexData(nvIndex, 0, newDigest.t.size, newDigest.t.buffer); -} - -#endif // CC_NV_Extend \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_GlobalWriteLock.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_GlobalWriteLock.c deleted file mode 100644 index 53f983d8f..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_GlobalWriteLock.c +++ /dev/null @@ -1,57 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "NV_GlobalWriteLock_fp.h" - -#if CC_NV_GlobalWriteLock // Conditional expansion of this file - -/*(See part 3 specification) -// Set global write lock for NV index -*/ -TPM_RC -TPM2_NV_GlobalWriteLock( - NV_GlobalWriteLock_In *in // IN: input parameter list - ) -{ - // Input parameter (the authorization handle) is not reference in command action. - NOT_REFERENCED(in); - -// Internal Data Update - - // Implementation dependent method of setting the global lock - return NvSetGlobalLock(); -} - -#endif // CC_NV_GlobalWriteLock \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_Increment.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_Increment.c deleted file mode 100644 index a42d11715..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_Increment.c +++ /dev/null @@ -1,102 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "NV_Increment_fp.h" - -#if CC_NV_Increment // Conditional expansion of this file - -/*(See part 3 specification) -// Increment a NV counter -*/ -// Return Type: TPM_RC -// TPM_RC_ATTRIBUTES NV index is not a counter -// TPM_RC_NV_AUTHORIZATION authorization failure -// TPM_RC_NV_LOCKED Index is write locked -TPM_RC -TPM2_NV_Increment( - NV_Increment_In *in // IN: input parameter list - ) -{ - TPM_RC result; - NV_REF locator; - NV_INDEX *nvIndex = NvGetIndexInfo(in->nvIndex, &locator); - UINT64 countValue; - -// Input Validation - - // Common access checks, NvWriteAccessCheck() may return TPM_RC_NV_AUTHORIZATION - // or TPM_RC_NV_LOCKED - result = NvWriteAccessChecks(in->authHandle, - in->nvIndex, - nvIndex->publicArea.attributes); - if(result != TPM_RC_SUCCESS) - return result; - - // Make sure that this is a counter - if(!IsNvCounterIndex(nvIndex->publicArea.attributes)) - return TPM_RCS_ATTRIBUTES + RC_NV_Increment_nvIndex; - -// Internal Data Update - - // If counter index is not been written, initialize it - if(!IS_ATTRIBUTE(nvIndex->publicArea.attributes, TPMA_NV, WRITTEN)) - countValue = NvReadMaxCount(); - else - // Read NV data in native format for TPM CPU. - countValue = NvGetUINT64Data(nvIndex, locator); - - // Do the increment - countValue++; - - // Write NV data back. A TPM_RC_NV_UNAVAILABLE or TPM_RC_NV_RATE error may - // be returned at this point. If necessary, this function will set the - // TPMA_NV_WRITTEN attribute - result = NvWriteUINT64Data(nvIndex, countValue); - if(result == TPM_RC_SUCCESS) - { - // If a counter just rolled over, then force the NV update. - // Note, if this is an orderly counter, then the write-back needs to be - // forced, for other counters, the write-back will happen anyway - if(IS_ATTRIBUTE(nvIndex->publicArea.attributes, TPMA_NV, ORDERLY) - && (countValue & MAX_ORDERLY_COUNT) == 0 ) - { - // Need to force an NV update of orderly data - SET_NV_UPDATE(UT_ORDERLY); - } - } - return result; -} - -#endif // CC_NV_Increment \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_Read.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_Read.c deleted file mode 100644 index 745a7c666..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_Read.c +++ /dev/null @@ -1,97 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "NV_Read_fp.h" - -#if CC_NV_Read // Conditional expansion of this file - -/*(See part 3 specification) -// Read of an NV index -*/ -// Return Type: TPM_RC -// TPM_RC_NV_AUTHORIZATION the authorization was valid but the -// authorizing entity ('authHandle') -// is not allowed to read from the Index -// referenced by 'nvIndex' -// TPM_RC_NV_LOCKED the Index referenced by 'nvIndex' is -// read locked -// TPM_RC_NV_RANGE read range defined by 'size' and 'offset' -// is outside the range of the Index referenced -// by 'nvIndex' -// TPM_RC_NV_UNINITIALIZED the Index referenced by 'nvIndex' has -// not been initialized (written) -// TPM_RC_VALUE the read size is larger than the -// MAX_NV_BUFFER_SIZE -TPM_RC -TPM2_NV_Read( - NV_Read_In *in, // IN: input parameter list - NV_Read_Out *out // OUT: output parameter list - ) -{ - NV_REF locator; - NV_INDEX *nvIndex = NvGetIndexInfo(in->nvIndex, &locator); - TPM_RC result; - -// Input Validation - // Common read access checks. NvReadAccessChecks() may return - // TPM_RC_NV_AUTHORIZATION, TPM_RC_NV_LOCKED, or TPM_RC_NV_UNINITIALIZED - result = NvReadAccessChecks(in->authHandle, in->nvIndex, - nvIndex->publicArea.attributes); - if(result != TPM_RC_SUCCESS) - return result; - - // Make sure the data will fit the return buffer - if(in->size > MAX_NV_BUFFER_SIZE) - return TPM_RCS_VALUE + RC_NV_Read_size; - - // Verify that the offset is not too large - if(in->offset > nvIndex->publicArea.dataSize) - return TPM_RCS_VALUE + RC_NV_Read_offset; - - // Make sure that the selection is within the range of the Index - if(in->size > (nvIndex->publicArea.dataSize - in->offset)) - return TPM_RC_NV_RANGE; - -// Command Output - // Set the return size - out->data.t.size = in->size; - - // Perform the read - NvGetIndexData(nvIndex, locator, in->offset, in->size, out->data.t.buffer); - - return TPM_RC_SUCCESS; -} - -#endif // CC_NV_Read \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_ReadLock.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_ReadLock.c deleted file mode 100644 index 776300f36..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_ReadLock.c +++ /dev/null @@ -1,93 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "NV_ReadLock_fp.h" - -#if CC_NV_ReadLock // Conditional expansion of this file - -/*(See part 3 specification) -// Set read lock on a NV index -*/ -// Return Type: TPM_RC -// TPM_RC_ATTRIBUTES TPMA_NV_READ_STCLEAR is not SET so -// Index referenced by 'nvIndex' may not be -// write locked -// TPM_RC_NV_AUTHORIZATION the authorization was valid but the -// authorizing entity ('authHandle') -// is not allowed to read from the Index -// referenced by 'nvIndex' -TPM_RC -TPM2_NV_ReadLock( - NV_ReadLock_In *in // IN: input parameter list - ) -{ - TPM_RC result; - NV_REF locator; - // The referenced index has been checked multiple times before this is called - // so it must be present and will be loaded into cache - NV_INDEX *nvIndex = NvGetIndexInfo(in->nvIndex, &locator); - TPMA_NV nvAttributes = nvIndex->publicArea.attributes; - -// Input Validation - // Common read access checks. NvReadAccessChecks() may return - // TPM_RC_NV_AUTHORIZATION, TPM_RC_NV_LOCKED, or TPM_RC_NV_UNINITIALIZED - result = NvReadAccessChecks(in->authHandle, - in->nvIndex, - nvAttributes); - if(result == TPM_RC_NV_AUTHORIZATION) - return TPM_RC_NV_AUTHORIZATION; - // Index is already locked for write - else if(result == TPM_RC_NV_LOCKED) - return TPM_RC_SUCCESS; - - // If NvReadAccessChecks return TPM_RC_NV_UNINITALIZED, then continue. - // It is not an error to read lock an uninitialized Index. - - // if TPMA_NV_READ_STCLEAR is not set, the index can not be read-locked - if(!IS_ATTRIBUTE(nvAttributes, TPMA_NV, READ_STCLEAR)) - return TPM_RCS_ATTRIBUTES + RC_NV_ReadLock_nvIndex; - -// Internal Data Update - - // Set the READLOCK attribute - SET_ATTRIBUTE(nvAttributes, TPMA_NV, READLOCKED); - - // Write NV info back - return NvWriteIndexAttributes(nvIndex->publicArea.nvIndex, - locator, - nvAttributes); -} - -#endif // CC_NV_ReadLock \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_ReadPublic.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_ReadPublic.c deleted file mode 100644 index 4f9ce320c..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_ReadPublic.c +++ /dev/null @@ -1,62 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "NV_ReadPublic_fp.h" - -#if CC_NV_ReadPublic // Conditional expansion of this file - -/*(See part 3 specification) -// Read the public information of a NV index -*/ -TPM_RC -TPM2_NV_ReadPublic( - NV_ReadPublic_In *in, // IN: input parameter list - NV_ReadPublic_Out *out // OUT: output parameter list - ) -{ - NV_INDEX *nvIndex = NvGetIndexInfo(in->nvIndex, NULL); - -// Command Output - - // Copy index public data to output - out->nvPublic.nvPublic = nvIndex->publicArea; - - // Compute NV name - NvGetIndexName(nvIndex, &out->nvName); - - return TPM_RC_SUCCESS; -} - -#endif // CC_NV_ReadPublic \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_SetBits.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_SetBits.c deleted file mode 100644 index 045872f9f..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_SetBits.c +++ /dev/null @@ -1,91 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "NV_SetBits_fp.h" - -#if CC_NV_SetBits // Conditional expansion of this file - -/*(See part 3 specification) -// Set bits in a NV index -*/ -// Return Type: TPM_RC -// TPM_RC_ATTRIBUTES the TPMA_NV_BITS attribute is not SET in the -// Index referenced by 'nvIndex' -// TPM_RC_NV_AUTHORIZATION the authorization was valid but the -// authorizing entity ('authHandle') -// is not allowed to write to the Index -// referenced by 'nvIndex' -// TPM_RC_NV_LOCKED the Index referenced by 'nvIndex' is locked -// for writing -TPM_RC -TPM2_NV_SetBits( - NV_SetBits_In *in // IN: input parameter list - ) -{ - TPM_RC result; - NV_REF locator; - NV_INDEX *nvIndex = NvGetIndexInfo(in->nvIndex, &locator); - UINT64 oldValue; - UINT64 newValue; - -// Input Validation - - // Common access checks, NvWriteAccessCheck() may return TPM_RC_NV_AUTHORIZATION - // or TPM_RC_NV_LOCKED - result = NvWriteAccessChecks(in->authHandle, - in->nvIndex, - nvIndex->publicArea.attributes); - if(result != TPM_RC_SUCCESS) - return result; - - // Make sure that this is a bit field - if(!IsNvBitsIndex(nvIndex->publicArea.attributes)) - return TPM_RCS_ATTRIBUTES + RC_NV_SetBits_nvIndex; - - // If index is not been written, initialize it - if(!IS_ATTRIBUTE(nvIndex->publicArea.attributes, TPMA_NV, WRITTEN)) - oldValue = 0; - else - // Read index data - oldValue = NvGetUINT64Data(nvIndex, locator); - - // Figure out what the new value is going to be - newValue = oldValue | in->bits; - -// Internal Data Update - return NvWriteUINT64Data(nvIndex, newValue); -} - -#endif // CC_NV_SetBits \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_UndefineSpace.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_UndefineSpace.c deleted file mode 100644 index bfe3fa866..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_UndefineSpace.c +++ /dev/null @@ -1,76 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "NV_UndefineSpace_fp.h" - -#if CC_NV_UndefineSpace // Conditional expansion of this file - -/*(See part 3 specification) -// Delete an NV Index -*/ -// Return Type: TPM_RC -// TPM_RC_ATTRIBUTES TPMA_NV_POLICY_DELETE is SET in the Index -// referenced by 'nvIndex' so this command may -// not be used to delete this Index (see -// TPM2_NV_UndefineSpaceSpecial()) -// TPM_RC_NV_AUTHORIZATION attempt to use ownerAuth to delete an index -// created by the platform -// -TPM_RC -TPM2_NV_UndefineSpace( - NV_UndefineSpace_In *in // IN: input parameter list - ) -{ - NV_REF locator; - NV_INDEX *nvIndex = NvGetIndexInfo(in->nvIndex, &locator); - -// Input Validation - // This command can't be used to delete an index with TPMA_NV_POLICY_DELETE SET - if(IS_ATTRIBUTE(nvIndex->publicArea.attributes, TPMA_NV, POLICY_DELETE)) - return TPM_RCS_ATTRIBUTES + RC_NV_UndefineSpace_nvIndex; - - // The owner may only delete an index that was defined with ownerAuth. The - // platform may delete an index that was created with either authorization. - if(in->authHandle == TPM_RH_OWNER - && IS_ATTRIBUTE(nvIndex->publicArea.attributes, TPMA_NV, PLATFORMCREATE)) - return TPM_RC_NV_AUTHORIZATION; - -// Internal Data Update - - // Call implementation dependent internal routine to delete NV index - return NvDeleteIndex(nvIndex, locator); -} - -#endif // CC_NV_UndefineSpace \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_UndefineSpaceSpecial.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_UndefineSpaceSpecial.c deleted file mode 100644 index b672a8cfe..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_UndefineSpaceSpecial.c +++ /dev/null @@ -1,71 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "NV_UndefineSpaceSpecial_fp.h" -#include "SessionProcess_fp.h" - -#if CC_NV_UndefineSpaceSpecial // Conditional expansion of this file - -/*(See part 3 specification) -// Delete a NV index that requires policy to delete. -*/ -// Return Type: TPM_RC -// TPM_RC_ATTRIBUTES TPMA_NV_POLICY_DELETE is not SET in the -// Index referenced by 'nvIndex' -TPM_RC -TPM2_NV_UndefineSpaceSpecial( - NV_UndefineSpaceSpecial_In *in // IN: input parameter list - ) -{ - TPM_RC result; - NV_REF locator; - NV_INDEX *nvIndex = NvGetIndexInfo(in->nvIndex, &locator); -// Input Validation - // This operation only applies when the TPMA_NV_POLICY_DELETE attribute is SET - if(!IS_ATTRIBUTE(nvIndex->publicArea.attributes, TPMA_NV, POLICY_DELETE)) - return TPM_RCS_ATTRIBUTES + RC_NV_UndefineSpaceSpecial_nvIndex; -// Internal Data Update - // Call implementation dependent internal routine to delete NV index - result = NvDeleteIndex(nvIndex, locator); - - // If we just removed the index providing the authorization, make sure that the - // authorization session computation is modified so that it doesn't try to - // access the authValue of the just deleted index - if(result == TPM_RC_SUCCESS) - SessionRemoveAssociationToHandle(in->nvIndex); - return result; -} - -#endif // CC_NV_UndefineSpaceSpecial \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_Write.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_Write.c deleted file mode 100644 index 673868ad4..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_Write.c +++ /dev/null @@ -1,109 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "NV_Write_fp.h" - -#if CC_NV_Write // Conditional expansion of this file - -/*(See part 3 specification) -// Write to a NV index -*/ -// Return Type: TPM_RC -// TPM_RC_ATTRIBUTES Index referenced by 'nvIndex' has either -// TPMA_NV_BITS, TPMA_NV_COUNTER, or -// TPMA_NV_EVENT attribute SET -// TPM_RC_NV_AUTHORIZATION the authorization was valid but the -// authorizing entity ('authHandle') -// is not allowed to write to the Index -// referenced by 'nvIndex' -// TPM_RC_NV_LOCKED Index referenced by 'nvIndex' is write -// locked -// TPM_RC_NV_RANGE if TPMA_NV_WRITEALL is SET then the write -// is not the size of the Index referenced by -// 'nvIndex'; otherwise, the write extends -// beyond the limits of the Index -// -TPM_RC -TPM2_NV_Write( - NV_Write_In *in // IN: input parameter list - ) -{ - NV_INDEX *nvIndex = NvGetIndexInfo(in->nvIndex, NULL); - TPMA_NV attributes = nvIndex->publicArea.attributes; - TPM_RC result; - -// Input Validation - - // Common access checks, NvWriteAccessCheck() may return TPM_RC_NV_AUTHORIZATION - // or TPM_RC_NV_LOCKED - result = NvWriteAccessChecks(in->authHandle, - in->nvIndex, - attributes); - if(result != TPM_RC_SUCCESS) - return result; - - // Bits index, extend index or counter index may not be updated by - // TPM2_NV_Write - if(IsNvCounterIndex(attributes) - || IsNvBitsIndex(attributes) - || IsNvExtendIndex(attributes)) - return TPM_RC_ATTRIBUTES; - - // Make sure that the offset is not too large - if(in->offset > nvIndex->publicArea.dataSize) - return TPM_RCS_VALUE + RC_NV_Write_offset; - - // Make sure that the selection is within the range of the Index - if(in->data.t.size > (nvIndex->publicArea.dataSize - in->offset)) - return TPM_RC_NV_RANGE; - - // If this index requires a full sized write, make sure that input range is - // full sized. - // Note: if the requested size is the same as the Index data size, then offset - // will have to be zero. Otherwise, the range check above would have failed. - if(IS_ATTRIBUTE(attributes, TPMA_NV, WRITEALL) - && in->data.t.size < nvIndex->publicArea.dataSize) - return TPM_RC_NV_RANGE; - -// Internal Data Update - - // Perform the write. This called routine will SET the TPMA_NV_WRITTEN - // attribute if it has not already been SET. If NV isn't available, an error - // will be returned. - return NvWriteIndexData(nvIndex, in->offset, in->data.t.size, - in->data.t.buffer); -} - -#endif // CC_NV_Write \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_WriteLock.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_WriteLock.c deleted file mode 100644 index ec8d201de..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_WriteLock.c +++ /dev/null @@ -1,91 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "NV_WriteLock_fp.h" - -#if CC_NV_WriteLock // Conditional expansion of this file - -/*(See part 3 specification) -// Set write lock on a NV index -*/ -// Return Type: TPM_RC -// TPM_RC_ATTRIBUTES neither TPMA_NV_WRITEDEFINE nor -// TPMA_NV_WRITE_STCLEAR is SET in Index -// referenced by 'nvIndex' -// TPM_RC_NV_AUTHORIZATION the authorization was valid but the -// authorizing entity ('authHandle') -// is not allowed to write to the Index -// referenced by 'nvIndex' -// -TPM_RC -TPM2_NV_WriteLock( - NV_WriteLock_In *in // IN: input parameter list - ) -{ - TPM_RC result; - NV_REF locator; - NV_INDEX *nvIndex = NvGetIndexInfo(in->nvIndex, &locator); - TPMA_NV nvAttributes = nvIndex->publicArea.attributes; - -// Input Validation: - - // Common access checks, NvWriteAccessCheck() may return TPM_RC_NV_AUTHORIZATION - // or TPM_RC_NV_LOCKED - result = NvWriteAccessChecks(in->authHandle, in->nvIndex, nvAttributes); - if(result != TPM_RC_SUCCESS) - { - if(result == TPM_RC_NV_AUTHORIZATION) - return result; - // If write access failed because the index is already locked, then it is - // no error. - return TPM_RC_SUCCESS; - } - // if neither TPMA_NV_WRITEDEFINE nor TPMA_NV_WRITE_STCLEAR is set, the index - // can not be write-locked - if(!IS_ATTRIBUTE(nvAttributes, TPMA_NV, WRITEDEFINE) - && !IS_ATTRIBUTE(nvAttributes, TPMA_NV, WRITE_STCLEAR)) - return TPM_RCS_ATTRIBUTES + RC_NV_WriteLock_nvIndex; -// Internal Data Update - // Set the WRITELOCK attribute. - // Note: if TPMA_NV_WRITELOCKED were already SET, then the write access check - // above would have failed and this code isn't executed. - SET_ATTRIBUTE(nvAttributes, TPMA_NV, WRITELOCKED); - - // Write index info back - return NvWriteIndexAttributes(nvIndex->publicArea.nvIndex, locator, - nvAttributes); -} - -#endif // CC_NV_WriteLock \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_spt.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_spt.c deleted file mode 100644 index 605c343e3..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_spt.c +++ /dev/null @@ -1,163 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Includes -#include "Tpm.h" -#include "NV_spt_fp.h" - -//** Functions - -//*** NvReadAccessChecks() -// Common routine for validating a read -// Used by TPM2_NV_Read, TPM2_NV_ReadLock and TPM2_PolicyNV -// Return Type: TPM_RC -// TPM_RC_NV_AUTHORIZATION autHandle is not allowed to authorize read -// of the index -// TPM_RC_NV_LOCKED Read locked -// TPM_RC_NV_UNINITIALIZED Try to read an uninitialized index -// -TPM_RC -NvReadAccessChecks( - TPM_HANDLE authHandle, // IN: the handle that provided the - // authorization - TPM_HANDLE nvHandle, // IN: the handle of the NV index to be read - TPMA_NV attributes // IN: the attributes of 'nvHandle' - ) -{ - // If data is read locked, returns an error - if(IS_ATTRIBUTE(attributes, TPMA_NV, READLOCKED)) - return TPM_RC_NV_LOCKED; - // If the authorization was provided by the owner or platform, then check - // that the attributes allow the read. If the authorization handle - // is the same as the index, then the checks were made when the authorization - // was checked.. - if(authHandle == TPM_RH_OWNER) - { - // If Owner provided authorization then ONWERWRITE must be SET - if(!IS_ATTRIBUTE(attributes, TPMA_NV, OWNERREAD)) - return TPM_RC_NV_AUTHORIZATION; - } - else if(authHandle == TPM_RH_PLATFORM) - { - // If Platform provided authorization then PPWRITE must be SET - if(!IS_ATTRIBUTE(attributes, TPMA_NV, PPREAD)) - return TPM_RC_NV_AUTHORIZATION; - } - // If neither Owner nor Platform provided authorization, make sure that it was - // provided by this index. - else if(authHandle != nvHandle) - return TPM_RC_NV_AUTHORIZATION; - -// If the index has not been written, then the value cannot be read -// NOTE: This has to come after other access checks to make sure that -// the proper authorization is given to TPM2_NV_ReadLock() - if(!IS_ATTRIBUTE(attributes, TPMA_NV, WRITTEN)) - return TPM_RC_NV_UNINITIALIZED; - - return TPM_RC_SUCCESS; -} - -//*** NvWriteAccessChecks() -// Common routine for validating a write -// Used by TPM2_NV_Write, TPM2_NV_Increment, TPM2_SetBits, and TPM2_NV_WriteLock -// Return Type: TPM_RC -// TPM_RC_NV_AUTHORIZATION Authorization fails -// TPM_RC_NV_LOCKED Write locked -// -TPM_RC -NvWriteAccessChecks( - TPM_HANDLE authHandle, // IN: the handle that provided the - // authorization - TPM_HANDLE nvHandle, // IN: the handle of the NV index to be written - TPMA_NV attributes // IN: the attributes of 'nvHandle' - ) -{ - // If data is write locked, returns an error - if(IS_ATTRIBUTE(attributes, TPMA_NV, WRITELOCKED)) - return TPM_RC_NV_LOCKED; - // If the authorization was provided by the owner or platform, then check - // that the attributes allow the write. If the authorization handle - // is the same as the index, then the checks were made when the authorization - // was checked.. - if(authHandle == TPM_RH_OWNER) - { - // If Owner provided authorization then ONWERWRITE must be SET - if(!IS_ATTRIBUTE(attributes, TPMA_NV, OWNERWRITE)) - return TPM_RC_NV_AUTHORIZATION; - } - else if(authHandle == TPM_RH_PLATFORM) - { - // If Platform provided authorization then PPWRITE must be SET - if(!IS_ATTRIBUTE(attributes, TPMA_NV, PPWRITE)) - return TPM_RC_NV_AUTHORIZATION; - } - // If neither Owner nor Platform provided authorization, make sure that it was - // provided by this index. - else if(authHandle != nvHandle) - return TPM_RC_NV_AUTHORIZATION; - return TPM_RC_SUCCESS; -} - -//*** NvClearOrderly() -// This function is used to cause gp.orderlyState to be cleared to the -// non-orderly state. -TPM_RC -NvClearOrderly( - void - ) -{ - if(gp.orderlyState < SU_DA_USED_VALUE) - RETURN_IF_NV_IS_NOT_AVAILABLE; - g_clearOrderly = TRUE; - return TPM_RC_SUCCESS; -} - -//*** NvIsPinPassIndex() -// Function to check to see if an NV index is a PIN Pass Index -// Return Type: BOOL -// TRUE(1) is pin pass -// FALSE(0) is not pin pass -BOOL -NvIsPinPassIndex( - TPM_HANDLE index // IN: Handle to check - ) -{ - if(HandleGetType(index) == TPM_HT_NV_INDEX) - { - NV_INDEX *nvIndex = NvGetIndexInfo(index, NULL); - - return IsNvPinPassIndex(nvIndex->publicArea.attributes); - } - return FALSE; -} diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/ActivateCredential.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/ActivateCredential.c deleted file mode 100644 index ae644ce02..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/ActivateCredential.c +++ /dev/null @@ -1,107 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "ActivateCredential_fp.h" - -#if CC_ActivateCredential // Conditional expansion of this file - -#include "Object_spt_fp.h" - -/*(See part 3 specification) -// Activate Credential with an object -*/ -// Return Type: TPM_RC -// TPM_RC_ATTRIBUTES 'keyHandle' does not reference a decryption key -// TPM_RC_ECC_POINT 'secret' is invalid (when 'keyHandle' is an ECC key) -// TPM_RC_INSUFFICIENT 'secret' is invalid (when 'keyHandle' is an ECC key) -// TPM_RC_INTEGRITY 'credentialBlob' fails integrity test -// TPM_RC_NO_RESULT 'secret' is invalid (when 'keyHandle' is an ECC key) -// TPM_RC_SIZE 'secret' size is invalid or the 'credentialBlob' -// does not unmarshal correctly -// TPM_RC_TYPE 'keyHandle' does not reference an asymmetric key. -// TPM_RC_VALUE 'secret' is invalid (when 'keyHandle' is an RSA key) -TPM_RC -TPM2_ActivateCredential( - ActivateCredential_In *in, // IN: input parameter list - ActivateCredential_Out *out // OUT: output parameter list - ) -{ - TPM_RC result = TPM_RC_SUCCESS; - OBJECT *object; // decrypt key - OBJECT *activateObject; // key associated with credential - TPM2B_DATA data; // credential data - -// Input Validation - - // Get decrypt key pointer - object = HandleToObject(in->keyHandle); - - // Get certificated object pointer - activateObject = HandleToObject(in->activateHandle); - - // input decrypt key must be an asymmetric, restricted decryption key - if(!CryptIsAsymAlgorithm(object->publicArea.type) - || !IS_ATTRIBUTE(object->publicArea.objectAttributes, TPMA_OBJECT, decrypt) - || !IS_ATTRIBUTE(object->publicArea.objectAttributes, - TPMA_OBJECT, restricted)) - return TPM_RCS_TYPE + RC_ActivateCredential_keyHandle; - -// Command output - - // Decrypt input credential data via asymmetric decryption. A - // TPM_RC_VALUE, TPM_RC_KEY or unmarshal errors may be returned at this - // point - result = CryptSecretDecrypt(object, NULL, IDENTITY_STRING, &in->secret, &data); - if(result != TPM_RC_SUCCESS) - { - if(result == TPM_RC_KEY) - return TPM_RC_FAILURE; - return RcSafeAddToResult(result, RC_ActivateCredential_secret); - } - - // Retrieve secret data. A TPM_RC_INTEGRITY error or unmarshal - // errors may be returned at this point - result = CredentialToSecret(&in->credentialBlob.b, - &activateObject->name.b, - &data.b, - object, - &out->certInfo); - if(result != TPM_RC_SUCCESS) - return RcSafeAddToResult(result, RC_ActivateCredential_credentialBlob); - - return TPM_RC_SUCCESS; -} - -#endif // CC_ActivateCredential \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/Create.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/Create.c deleted file mode 100644 index 392ec7863..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/Create.c +++ /dev/null @@ -1,155 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "Object_spt_fp.h" -#include "Create_fp.h" - -#if CC_Create // Conditional expansion of this file - -/*(See part 3 specification) -// Create a regular object -*/ -// Return Type: TPM_RC -// TPM_RC_ATTRIBUTES 'sensitiveDataOrigin' is CLEAR when 'sensitive.data' -// is an Empty Buffer, or is SET when 'sensitive.data' is -// not empty; -// 'fixedTPM', 'fixedParent', or 'encryptedDuplication' -// attributes are inconsistent between themselves or with -// those of the parent object; -// inconsistent 'restricted', 'decrypt' and 'sign' -// attributes; -// attempt to inject sensitive data for an asymmetric -// key; -// TPM_RC_HASH non-duplicable storage key and its parent have -// different name algorithm -// TPM_RC_KDF incorrect KDF specified for decrypting keyed hash -// object -// TPM_RC_KEY invalid key size values in an asymmetric key public -// area or a provided symmetric key has a value that is -// not allowed -// TPM_RC_KEY_SIZE key size in public area for symmetric key differs from -// the size in the sensitive creation area; may also be -// returned if the TPM does not allow the key size to be -// used for a Storage Key -// TPM_RC_OBJECT_MEMORY a free slot is not available as scratch memory for -// object creation -// TPM_RC_RANGE the exponent value of an RSA key is not supported. -// TPM_RC_SCHEME inconsistent attributes 'decrypt', 'sign', or -// 'restricted' and key's scheme ID; or hash algorithm is -// inconsistent with the scheme ID for keyed hash object -// TPM_RC_SIZE size of public authPolicy or sensitive authValue does -// not match digest size of the name algorithm -// sensitive data size for the keyed hash object is -// larger than is allowed for the scheme -// TPM_RC_SYMMETRIC a storage key with no symmetric algorithm specified; -// or non-storage key with symmetric algorithm different -// from ALG_NULL -// TPM_RC_TYPE unknown object type; -// 'parentHandle' does not reference a restricted -// decryption key in the storage hierarchy with both -// public and sensitive portion loaded -// TPM_RC_VALUE exponent is not prime or could not find a prime using -// the provided parameters for an RSA key; -// unsupported name algorithm for an ECC key -// TPM_RC_OBJECT_MEMORY there is no free slot for the object -TPM_RC -TPM2_Create( - Create_In *in, // IN: input parameter list - Create_Out *out // OUT: output parameter list - ) -{ - TPM_RC result = TPM_RC_SUCCESS; - OBJECT *parentObject; - OBJECT *newObject; - TPMT_PUBLIC *publicArea; - -// Input Validation - parentObject = HandleToObject(in->parentHandle); - pAssert(parentObject != NULL); - - // Does parent have the proper attributes? - if(!ObjectIsParent(parentObject)) - return TPM_RCS_TYPE + RC_Create_parentHandle; - - // Get a slot for the creation - newObject = FindEmptyObjectSlot(NULL); - if(newObject == NULL) - return TPM_RC_OBJECT_MEMORY; - // If the TPM2B_PUBLIC was passed as a structure, marshal it into is canonical - // form for processing - - // to save typing. - publicArea = &newObject->publicArea; - - // Copy the input structure to the allocated structure - *publicArea = in->inPublic.publicArea; - - // Check attributes in input public area. CreateChecks() checks the things that - // are unique to creation and then validates the attributes and values that are - // common to create and load. - result = CreateChecks(parentObject, publicArea, - in->inSensitive.sensitive.data.t.size); - if(result != TPM_RC_SUCCESS) - return RcSafeAddToResult(result, RC_Create_inPublic); - // Clean up the authValue if necessary - if(!AdjustAuthSize(&in->inSensitive.sensitive.userAuth, publicArea->nameAlg)) - return TPM_RCS_SIZE + RC_Create_inSensitive; - -// Command Output - // Create the object using the default TPM random-number generator - result = CryptCreateObject(newObject, &in->inSensitive.sensitive, NULL); - if(result != TPM_RC_SUCCESS) - return result; - // Fill in creation data - FillInCreationData(in->parentHandle, publicArea->nameAlg, - &in->creationPCR, &in->outsideInfo, - &out->creationData, &out->creationHash); - - // Compute creation ticket - TicketComputeCreation(EntityGetHierarchy(in->parentHandle), &newObject->name, - &out->creationHash, &out->creationTicket); - - // Prepare output private data from sensitive - SensitiveToPrivate(&newObject->sensitive, &newObject->name, parentObject, - publicArea->nameAlg, - &out->outPrivate); - - // Finish by copying the remaining return values - out->outPublic.publicArea = newObject->publicArea; - - return TPM_RC_SUCCESS; -} - -#endif // CC_Create \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/CreateLoaded.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/CreateLoaded.c deleted file mode 100644 index d58a3cd78..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/CreateLoaded.c +++ /dev/null @@ -1,221 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "CreateLoaded_fp.h" - -#if CC_CreateLoaded // Conditional expansion of this file - -/*(See part 3 of specification) - * Create and load any type of key, including a temporary key. - * The input template is an marshaled public area rather than an unmarshaled one as - * used in Create and CreatePrimary. This is so that the label and context that - * could be in the template can be processed without changing the formats for the - * calls to Create and CreatePrimary. -*/ -// Return Type: TPM_RC -// TPM_RC_ATTRIBUTES 'sensitiveDataOrigin' is CLEAR when 'sensitive.data' -// is an Empty Buffer; -// 'fixedTPM', 'fixedParent', or 'encryptedDuplication' -// attributes are inconsistent between themselves or with -// those of the parent object; -// inconsistent 'restricted', 'decrypt' and 'sign' -// attributes; -// attempt to inject sensitive data for an asymmetric -// key; -// attempt to create a symmetric cipher key that is not -// a decryption key -// TPM_RC_KDF incorrect KDF specified for decrypting keyed hash -// object -// TPM_RC_KEY the value of a provided symmetric key is not allowed -// TPM_RC_OBJECT_MEMORY there is no free slot for the object -// TPM_RC_SCHEME inconsistent attributes 'decrypt', 'sign', -// 'restricted' and key's scheme ID; or hash algorithm is -// inconsistent with the scheme ID for keyed hash object -// TPM_RC_SIZE size of public authorization policy or sensitive -// authorization value does not match digest size of the -// name algorithm sensitive data size for the keyed hash -// object is larger than is allowed for the scheme -// TPM_RC_SYMMETRIC a storage key with no symmetric algorithm specified; -// or non-storage key with symmetric algorithm different -// from TPM_ALG_NULL -// TPM_RC_TYPE cannot create the object of the indicated type -// (usually only occurs if trying to derive an RSA key). -TPM_RC -TPM2_CreateLoaded( - CreateLoaded_In *in, // IN: input parameter list - CreateLoaded_Out *out // OUT: output parameter list - ) -{ - TPM_RC result = TPM_RC_SUCCESS; - OBJECT *parent = HandleToObject(in->parentHandle); - OBJECT *newObject; - BOOL derivation; - TPMT_PUBLIC *publicArea; - RAND_STATE randState; - RAND_STATE *rand = &randState; - TPMS_DERIVE labelContext; - -// Input Validation - - // How the public area is unmarshaled is determined by the parent, so - // see if parent is a derivation parent - derivation = (parent != NULL && parent->attributes.derivation); - - // If the parent is an object, then make sure that it is either a parent or - // derivation parent - if(parent != NULL && !parent->attributes.isParent && !derivation) - return TPM_RCS_TYPE + RC_CreateLoaded_parentHandle; - - // Get a spot in which to create the newObject - newObject = FindEmptyObjectSlot(&out->objectHandle); - if(newObject == NULL) - return TPM_RC_OBJECT_MEMORY; - - // Do this to save typing - publicArea = &newObject->publicArea; - - // Unmarshal the template into the object space. TPM2_Create() and - // TPM2_CreatePrimary() have the publicArea unmarshaled by CommandDispatcher. - // This command is different because of an unfortunate property of the - // unique field of an ECC key. It is a structure rather than a single TPM2B. If - // if had been a TPM2B, then the label and context could be within a TPM2B and - // unmarshaled like other public areas. Since it is not, this command needs its - // on template that is a TPM2B that is unmarshaled as a BYTE array with a - // its own unmarshal function. - result = UnmarshalToPublic(publicArea, &in->inPublic, derivation, - &labelContext); - if(result != TPM_RC_SUCCESS) - return result + RC_CreateLoaded_inPublic; - - // Validate that the authorization size is appropriate - if(!AdjustAuthSize(&in->inSensitive.sensitive.userAuth, publicArea->nameAlg)) - return TPM_RCS_SIZE + RC_CreateLoaded_inSensitive; - - // Command output - if(derivation) - { - TPMT_KEYEDHASH_SCHEME *scheme; - scheme = &parent->publicArea.parameters.keyedHashDetail.scheme; - - // SP800-108 is the only KDF supported by this implementation and there is - // no default hash algorithm. - pAssert(scheme->details.xor.hashAlg != TPM_ALG_NULL - && scheme->details.xor.kdf == TPM_ALG_KDF1_SP800_108); - // Don't derive RSA keys - if(publicArea->type == ALG_RSA_VALUE) - return TPM_RCS_TYPE + RC_CreateLoaded_inPublic; - // sensitiveDataOrigin has to be CLEAR in a derived object. Since this - // is specific to a derived object, it is checked here. - if(IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, - sensitiveDataOrigin)) - return TPM_RCS_ATTRIBUTES; - // Check the reset of the attributes - result = PublicAttributesValidation(parent, publicArea); - if(result != TPM_RC_SUCCESS) - return RcSafeAddToResult(result, RC_CreateLoaded_inPublic); - // Process the template and sensitive areas to get the actual 'label' and - // 'context' values to be used for this derivation. - result = SetLabelAndContext(&labelContext, &in->inSensitive.sensitive.data); - if(result != TPM_RC_SUCCESS) - return result; - // Set up the KDF for object generation - DRBG_InstantiateSeededKdf((KDF_STATE *)rand, - scheme->details.xor.hashAlg, - scheme->details.xor.kdf, - &parent->sensitive.sensitive.bits.b, - &labelContext.label.b, - &labelContext.context.b, - TPM_MAX_DERIVATION_BITS); - // Clear the sensitive size so that the creation functions will not try - // to use this value. - in->inSensitive.sensitive.data.t.size = 0; - } - else - { - // Check attributes in input public area. CreateChecks() checks the things - // that are unique to creation and then validates the attributes and values - // that are common to create and load. - result = CreateChecks(parent, publicArea, - in->inSensitive.sensitive.data.t.size); - if(result != TPM_RC_SUCCESS) - return RcSafeAddToResult(result, RC_CreateLoaded_inPublic); - // Creating a primary object - if(parent == NULL) - { - TPM2B_NAME name; - newObject->attributes.primary = SET; - if(in->parentHandle == TPM_RH_ENDORSEMENT) - newObject->attributes.epsHierarchy = SET; - // If so, use the primary seed and the digest of the template - // to seed the DRBG - result = DRBG_InstantiateSeeded((DRBG_STATE *)rand, - &HierarchyGetPrimarySeed(in->parentHandle)->b, - PRIMARY_OBJECT_CREATION, - (TPM2B *)PublicMarshalAndComputeName(publicArea, - &name), - &in->inSensitive.sensitive.data.b); - if(result != TPM_RC_SUCCESS) - return result; - } - else - { - // This is an ordinary object so use the normal random number generator - rand = NULL; - } - } -// Internal data update - // Create the object - result = CryptCreateObject(newObject, &in->inSensitive.sensitive, rand); - if(result != TPM_RC_SUCCESS) - return result; - // if this is not a Primary key and not a derived key, then return the sensitive - // area - if(parent != NULL && !derivation) - // Prepare output private data from sensitive - SensitiveToPrivate(&newObject->sensitive, &newObject->name, - parent, newObject->publicArea.nameAlg, - &out->outPrivate); - else - out->outPrivate.t.size = 0; - // Set the remaining return values - out->outPublic.publicArea = newObject->publicArea; - out->name = newObject->name; - // Set the remaining attributes for a loaded object - ObjectSetLoadedAttributes(newObject, in->parentHandle); - - return result; -} - -#endif // CC_CreateLoaded \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/Load.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/Load.c deleted file mode 100644 index 86cea9685..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/Load.c +++ /dev/null @@ -1,121 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "Load_fp.h" - -#if CC_Load // Conditional expansion of this file - -#include "Object_spt_fp.h" - -/*(See part 3 specification) -// Load an ordinary or temporary object -*/ -// Return Type: TPM_RC -// TPM_RC_ATTRIBUTES 'inPulblic' attributes are not allowed with selected -// parent -// TPM_RC_BINDING 'inPrivate' and 'inPublic' are not -// cryptographically bound -// TPM_RC_HASH incorrect hash selection for signing key or -// the 'nameAlg' for 'inPubic is not valid -// TPM_RC_INTEGRITY HMAC on 'inPrivate' was not valid -// TPM_RC_KDF KDF selection not allowed -// TPM_RC_KEY the size of the object's 'unique' field is not -// consistent with the indicated size in the object's -// parameters -// TPM_RC_OBJECT_MEMORY no available object slot -// TPM_RC_SCHEME the signing scheme is not valid for the key -// TPM_RC_SENSITIVE the 'inPrivate' did not unmarshal correctly -// TPM_RC_SIZE 'inPrivate' missing, or 'authPolicy' size for -// 'inPublic' or is not valid -// TPM_RC_SYMMETRIC symmetric algorithm not provided when required -// TPM_RC_TYPE 'parentHandle' is not a storage key, or the object -// to load is a storage key but its parameters do not -// match the parameters of the parent. -// TPM_RC_VALUE decryption failure -TPM_RC -TPM2_Load( - Load_In *in, // IN: input parameter list - Load_Out *out // OUT: output parameter list - ) -{ - TPM_RC result = TPM_RC_SUCCESS; - TPMT_SENSITIVE sensitive; - OBJECT *parentObject; - OBJECT *newObject; - -// Input Validation - // Don't get invested in loading if there is no place to put it. - newObject = FindEmptyObjectSlot(&out->objectHandle); - if(newObject == NULL) - return TPM_RC_OBJECT_MEMORY; - - if(in->inPrivate.t.size == 0) - return TPM_RCS_SIZE + RC_Load_inPrivate; - - parentObject = HandleToObject(in->parentHandle); - pAssert(parentObject != NULL); - // Is the object that is being used as the parent actually a parent. - if(!ObjectIsParent(parentObject)) - return TPM_RCS_TYPE + RC_Load_parentHandle; - - // Compute the name of object. If there isn't one, it is because the nameAlg is - // not valid. - PublicMarshalAndComputeName(&in->inPublic.publicArea, &out->name); - if(out->name.t.size == 0) - return TPM_RCS_HASH + RC_Load_inPublic; - - // Retrieve sensitive data. - result = PrivateToSensitive(&in->inPrivate.b, &out->name.b, parentObject, - in->inPublic.publicArea.nameAlg, - &sensitive); - if(result != TPM_RC_SUCCESS) - return RcSafeAddToResult(result, RC_Load_inPrivate); - -// Internal Data Update - // Load and validate object - result = ObjectLoad(newObject, parentObject, - &in->inPublic.publicArea, &sensitive, - RC_Load_inPublic, RC_Load_inPrivate, - &out->name); - if(result == TPM_RC_SUCCESS) - { - // Set the common OBJECT attributes for a loaded object. - ObjectSetLoadedAttributes(newObject, in->parentHandle); - } - return result; - -} - -#endif // CC_Load \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/LoadExternal.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/LoadExternal.c deleted file mode 100644 index 61d59b2b1..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/LoadExternal.c +++ /dev/null @@ -1,132 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "LoadExternal_fp.h" - -#if CC_LoadExternal // Conditional expansion of this file - -#include "Object_spt_fp.h" - -/*(See part 3 specification) -// to load an object that is not a Protected Object into the public portion -// of an object into the TPM. The command allows loading of a public area or -// both a public and sensitive area -*/ -// Return Type: TPM_RC -// TPM_RC_ATTRIBUTES 'fixedParent", 'fixedTPM', and 'restricted' must -// be CLEAR if sensitive portion of an object is loaded -// TPM_RC_BINDING the 'inPublic' and 'inPrivate' structures are not -// cryptographically bound -// TPM_RC_HASH incorrect hash selection for signing key -// TPM_RC_HIERARCHY 'hierarchy' is turned off, or only NULL hierarchy -// is allowed when loading public and private parts -// of an object -// TPM_RC_KDF incorrect KDF selection for decrypting -// keyedHash object -// TPM_RC_KEY the size of the object's 'unique' field is not -// consistent with the indicated size in the object's -// parameters -// TPM_RC_OBJECT_MEMORY if there is no free slot for an object -// TPM_RC_ECC_POINT for a public-only ECC key, the ECC point is not -// on the curve -// TPM_RC_SCHEME the signing scheme is not valid for the key -// TPM_RC_SIZE 'authPolicy' is not zero and is not the size of a -// digest produced by the object's 'nameAlg' -// TPM_RH_NULL hierarchy -// TPM_RC_SYMMETRIC symmetric algorithm not provided when required -// TPM_RC_TYPE 'inPublic' and 'inPrivate' are not the same type -TPM_RC -TPM2_LoadExternal( - LoadExternal_In *in, // IN: input parameter list - LoadExternal_Out *out // OUT: output parameter list - ) -{ - TPM_RC result; - OBJECT *object; - TPMT_SENSITIVE *sensitive = NULL; - -// Input Validation - // Don't get invested in loading if there is no place to put it. - object = FindEmptyObjectSlot(&out->objectHandle); - if(object == NULL) - return TPM_RC_OBJECT_MEMORY; - - - // If the hierarchy to be associated with this object is turned off, the object - // cannot be loaded. - if(!HierarchyIsEnabled(in->hierarchy)) - return TPM_RCS_HIERARCHY + RC_LoadExternal_hierarchy; - - // For loading an object with both public and sensitive - if(in->inPrivate.size != 0) - { - // An external object with a sensitive area can only be loaded in the - // NULL hierarchy - if(in->hierarchy != TPM_RH_NULL) - return TPM_RCS_HIERARCHY + RC_LoadExternal_hierarchy; - // An external object with a sensitive area must have fixedTPM == CLEAR - // fixedParent == CLEAR so that it does not appear to be a key created by - // this TPM. - if(IS_ATTRIBUTE(in->inPublic.publicArea.objectAttributes, TPMA_OBJECT, - fixedTPM) - || IS_ATTRIBUTE(in->inPublic.publicArea.objectAttributes, TPMA_OBJECT, - fixedParent) - || IS_ATTRIBUTE(in->inPublic.publicArea.objectAttributes, TPMA_OBJECT, - restricted)) - return TPM_RCS_ATTRIBUTES + RC_LoadExternal_inPublic; - - // Have sensitive point to something other than NULL so that object - // initialization will load the sensitive part too - sensitive = &in->inPrivate.sensitiveArea; - } - - // Need the name to initialize the object structure - PublicMarshalAndComputeName(&in->inPublic.publicArea, &out->name); - - // Load and validate key - result = ObjectLoad(object, NULL, - &in->inPublic.publicArea, sensitive, - RC_LoadExternal_inPublic, RC_LoadExternal_inPrivate, - &out->name); - if(result == TPM_RC_SUCCESS) - { - object->attributes.external = SET; - // Set the common OBJECT attributes for a loaded object. - ObjectSetLoadedAttributes(object, in->hierarchy); - } - return result; -} - -#endif // CC_LoadExternal \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/MakeCredential.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/MakeCredential.c deleted file mode 100644 index 44e5e99ab..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/MakeCredential.c +++ /dev/null @@ -1,96 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "MakeCredential_fp.h" - -#if CC_MakeCredential // Conditional expansion of this file - -#include "Object_spt_fp.h" - -/*(See part 3 specification) -// Make Credential with an object -*/ -// Return Type: TPM_RC -// TPM_RC_KEY 'handle' referenced an ECC key that has a unique -// field that is not a point on the curve of the key -// TPM_RC_SIZE 'credential' is larger than the digest size of -// Name algorithm of 'handle' -// TPM_RC_TYPE 'handle' does not reference an asymmetric -// decryption key -TPM_RC -TPM2_MakeCredential( - MakeCredential_In *in, // IN: input parameter list - MakeCredential_Out *out // OUT: output parameter list - ) -{ - TPM_RC result = TPM_RC_SUCCESS; - - OBJECT *object; - TPM2B_DATA data; - -// Input Validation - - // Get object pointer - object = HandleToObject(in->handle); - - // input key must be an asymmetric, restricted decryption key - // NOTE: Needs to be restricted to have a symmetric value. - if(!CryptIsAsymAlgorithm(object->publicArea.type) - || !IS_ATTRIBUTE(object->publicArea.objectAttributes, TPMA_OBJECT, decrypt) - || !IS_ATTRIBUTE(object->publicArea.objectAttributes, - TPMA_OBJECT, restricted)) - return TPM_RCS_TYPE + RC_MakeCredential_handle; - - // The credential information may not be larger than the digest size used for - // the Name of the key associated with handle. - if(in->credential.t.size > CryptHashGetDigestSize(object->publicArea.nameAlg)) - return TPM_RCS_SIZE + RC_MakeCredential_credential; - -// Command Output - - // Make encrypt key and its associated secret structure. - out->secret.t.size = sizeof(out->secret.t.secret); - result = CryptSecretEncrypt(object, IDENTITY_STRING, &data, &out->secret); - if(result != TPM_RC_SUCCESS) - return result; - - // Prepare output credential data from secret - SecretToCredential(&in->credential, &in->objectName.b, &data.b, - object, &out->credentialBlob); - - return TPM_RC_SUCCESS; -} - -#endif // CC_MakeCredential \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/ObjectChangeAuth.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/ObjectChangeAuth.c deleted file mode 100644 index d339b83fd..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/ObjectChangeAuth.c +++ /dev/null @@ -1,93 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "ObjectChangeAuth_fp.h" - -#if CC_ObjectChangeAuth // Conditional expansion of this file - -#include "Object_spt_fp.h" - -/*(See part 3 specification) -// Create an object -*/ -// Return Type: TPM_RC -// TPM_RC_SIZE 'newAuth' is larger than the size of the digest -// of the Name algorithm of 'objectHandle' -// TPM_RC_TYPE the key referenced by 'parentHandle' is not the -// parent of the object referenced by 'objectHandle'; -// or 'objectHandle' is a sequence object. -TPM_RC -TPM2_ObjectChangeAuth( - ObjectChangeAuth_In *in, // IN: input parameter list - ObjectChangeAuth_Out *out // OUT: output parameter list - ) -{ - TPMT_SENSITIVE sensitive; - - OBJECT *object = HandleToObject(in->objectHandle); - TPM2B_NAME QNCompare; - -// Input Validation - - // Can not change authorization on sequence object - if(ObjectIsSequence(object)) - return TPM_RCS_TYPE + RC_ObjectChangeAuth_objectHandle; - - // Make sure that the authorization value is consistent with the nameAlg - if(!AdjustAuthSize(&in->newAuth, object->publicArea.nameAlg)) - return TPM_RCS_SIZE + RC_ObjectChangeAuth_newAuth; - - // Parent handle should be the parent of object handle. In this - // implementation we verify this by checking the QN of object. Other - // implementation may choose different method to verify this attribute. - ComputeQualifiedName(in->parentHandle, - object->publicArea.nameAlg, - &object->name, &QNCompare); - if(!MemoryEqual2B(&object->qualifiedName.b, &QNCompare.b)) - return TPM_RCS_TYPE + RC_ObjectChangeAuth_parentHandle; - -// Command Output - // Prepare the sensitive area with the new authorization value - sensitive = object->sensitive; - sensitive.authValue = in->newAuth; - - // Protect the sensitive area - SensitiveToPrivate(&sensitive, &object->name, HandleToObject(in->parentHandle), - object->publicArea.nameAlg, - &out->outPrivate); - return TPM_RC_SUCCESS; -} - -#endif // CC_ObjectChangeAuth \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/Object_spt.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/Object_spt.c deleted file mode 100644 index 3de47904b..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/Object_spt.c +++ /dev/null @@ -1,1584 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Includes -#include "Tpm.h" -#include "Object_spt_fp.h" - -//** Local Functions - -//*** GetIV2BSize() -// Get the size of TPM2B_IV in canonical form that will be append to the start of -// the sensitive data. It includes both size of size field and size of iv data -static UINT16 -GetIV2BSize( - OBJECT *protector // IN: the protector handle - ) -{ - TPM_ALG_ID symAlg; - UINT16 keyBits; - - // Determine the symmetric algorithm and size of key - if(protector == NULL) - { - // Use the context encryption algorithm and key size - symAlg = CONTEXT_ENCRYPT_ALG; - keyBits = CONTEXT_ENCRYPT_KEY_BITS; - } - else - { - symAlg = protector->publicArea.parameters.asymDetail.symmetric.algorithm; - keyBits = protector->publicArea.parameters.asymDetail.symmetric.keyBits.sym; - } - - // The IV size is a UINT16 size field plus the block size of the symmetric - // algorithm - return sizeof(UINT16) + CryptGetSymmetricBlockSize(symAlg, keyBits); -} - -//*** ComputeProtectionKeyParms() -// This function retrieves the symmetric protection key parameters for -// the sensitive data -// The parameters retrieved from this function include encryption algorithm, -// key size in bit, and a TPM2B_SYM_KEY containing the key material as well as -// the key size in bytes -// This function is used for any action that requires encrypting or decrypting of -// the sensitive area of an object or a credential blob -// -/*(See part 1 specification) - KDF for generating the protection key material: - KDFa(hashAlg, seed, "STORAGE", Name, NULL , bits) -where - hashAlg for a Primary Object, an algorithm chosen by the TPM vendor - for derivations from Primary Seeds. For all other objects, - the nameAlg of the object's parent. - seed for a Primary Object in the Platform Hierarchy, the PPS. - For Primary Objects in either Storage or Endorsement Hierarchy, - the SPS. For Temporary Objects, the context encryption seed. - For all other objects, the symmetric seed value in the - sensitive area of the object's parent. - STORAGE label to differentiate use of KDFa() (see 4.7) - Name the Name of the object being encrypted - bits the number of bits required for a symmetric key and IV -*/ -// Return Type: void -static void -ComputeProtectionKeyParms( - OBJECT *protector, // IN: the protector object - TPM_ALG_ID hashAlg, // IN: hash algorithm for KDFa - TPM2B *name, // IN: name of the object - TPM2B *seedIn, // IN: optional seed for duplication blob. - // For non duplication blob, this - // parameter should be NULL - TPM_ALG_ID *symAlg, // OUT: the symmetric algorithm - UINT16 *keyBits, // OUT: the symmetric key size in bits - TPM2B_SYM_KEY *symKey // OUT: the symmetric key - ) -{ - const TPM2B *seed = seedIn; - - // Determine the algorithms for the KDF and the encryption/decryption - // For TPM_RH_NULL, using context settings - if(protector == NULL) - { - // Use the context encryption algorithm and key size - *symAlg = CONTEXT_ENCRYPT_ALG; - symKey->t.size = CONTEXT_ENCRYPT_KEY_BYTES; - *keyBits = CONTEXT_ENCRYPT_KEY_BITS; - } - else - { - TPMT_SYM_DEF_OBJECT *symDef; - symDef = &protector->publicArea.parameters.asymDetail.symmetric; - *symAlg = symDef->algorithm; - *keyBits = symDef->keyBits.sym; - symKey->t.size = (*keyBits + 7) / 8; - } - // Get seed for KDF - if(seed == NULL) - seed = GetSeedForKDF(protector); - // KDFa to generate symmetric key and IV value - CryptKDFa(hashAlg, seed, STORAGE_KEY, name, NULL, - symKey->t.size * 8, symKey->t.buffer, NULL, FALSE); - return; -} - -//*** ComputeOuterIntegrity() -// The sensitive area parameter is a buffer that holds a space for -// the integrity value and the marshaled sensitive area. The caller should -// skip over the area set aside for the integrity value -// and compute the hash of the remainder of the object. -// The size field of sensitive is in unmarshaled form and the -// sensitive area contents is an array of bytes. -/*(See part 1 specification) - KDFa(hashAlg, seed, "INTEGRITY", NULL, NULL , bits) (38) -where - hashAlg for a Primary Object, the nameAlg of the object. For all other - objects the nameAlg of the object's parent. - seed for a Primary Object in the Platform Hierarchy, the PPS. For - Primary Objects in either Storage or Endorsement Hierarchy, - the SPS. For a Temporary Object, the context encryption key. - For all other objects, the symmetric seed value in the sensitive - area of the object's parent. - "INTEGRITY" a value used to differentiate the uses of the KDF. - bits the number of bits in the digest produced by hashAlg. -Key is then used in the integrity computation. - HMACnameAlg(HMACkey, encSensitive || Name ) -where - HMACnameAlg() the HMAC function using nameAlg of the object's parent - HMACkey value derived from the parent symmetric protection value - encSensitive symmetrically encrypted sensitive area - Name the Name of the object being protected -*/ -// Return Type: void -static void -ComputeOuterIntegrity( - TPM2B *name, // IN: the name of the object - OBJECT *protector, // IN: the object that - // provides protection. For an object, - // it is a parent. For a credential, it - // is the encrypt object. For - // a Temporary Object, it is NULL - TPMI_ALG_HASH hashAlg, // IN: algorithm to use for integrity - TPM2B *seedIn, // IN: an external seed may be provided for - // duplication blob. For non duplication - // blob, this parameter should be NULL - UINT32 sensitiveSize, // IN: size of the marshaled sensitive data - BYTE *sensitiveData, // IN: sensitive area - TPM2B_DIGEST *integrity // OUT: integrity - ) -{ - HMAC_STATE hmacState; - TPM2B_DIGEST hmacKey; - const TPM2B *seed = seedIn; -// - // Get seed for KDF - if(seed == NULL) - seed = GetSeedForKDF(protector); - // Determine the HMAC key bits - hmacKey.t.size = CryptHashGetDigestSize(hashAlg); - - // KDFa to generate HMAC key - CryptKDFa(hashAlg, seed, INTEGRITY_KEY, NULL, NULL, - hmacKey.t.size * 8, hmacKey.t.buffer, NULL, FALSE); - // Start HMAC and get the size of the digest which will become the integrity - integrity->t.size = CryptHmacStart2B(&hmacState, hashAlg, &hmacKey.b); - - // Adding the marshaled sensitive area to the integrity value - CryptDigestUpdate(&hmacState.hashState, sensitiveSize, sensitiveData); - - // Adding name - CryptDigestUpdate2B(&hmacState.hashState, name); - - // Compute HMAC - CryptHmacEnd2B(&hmacState, &integrity->b); - - return; -} - -//*** ComputeInnerIntegrity() -// This function computes the integrity of an inner wrap -static void -ComputeInnerIntegrity( - TPM_ALG_ID hashAlg, // IN: hash algorithm for inner wrap - TPM2B *name, // IN: the name of the object - UINT16 dataSize, // IN: the size of sensitive data - BYTE *sensitiveData, // IN: sensitive data - TPM2B_DIGEST *integrity // OUT: inner integrity - ) -{ - HASH_STATE hashState; -// - // Start hash and get the size of the digest which will become the integrity - integrity->t.size = CryptHashStart(&hashState, hashAlg); - - // Adding the marshaled sensitive area to the integrity value - CryptDigestUpdate(&hashState, dataSize, sensitiveData); - - // Adding name - CryptDigestUpdate2B(&hashState, name); - - // Compute hash - CryptHashEnd2B(&hashState, &integrity->b); - - return; -} - -//*** ProduceInnerIntegrity() -// This function produces an inner integrity for regular private, credential or -// duplication blob -// It requires the sensitive data being marshaled to the innerBuffer, with the -// leading bytes reserved for integrity hash. It assume the sensitive data -// starts at address (innerBuffer + integrity size). -// This function integrity at the beginning of the inner buffer -// It returns the total size of buffer with the inner wrap -static UINT16 -ProduceInnerIntegrity( - TPM2B *name, // IN: the name of the object - TPM_ALG_ID hashAlg, // IN: hash algorithm for inner wrap - UINT16 dataSize, // IN: the size of sensitive data, excluding the - // leading integrity buffer size - BYTE *innerBuffer // IN/OUT: inner buffer with sensitive data in - // it. At input, the leading bytes of this - // buffer is reserved for integrity - ) -{ - BYTE *sensitiveData; // pointer to the sensitive data - TPM2B_DIGEST integrity; - UINT16 integritySize; - BYTE *buffer; // Auxiliary buffer pointer -// - // sensitiveData points to the beginning of sensitive data in innerBuffer - integritySize = sizeof(UINT16) + CryptHashGetDigestSize(hashAlg); - sensitiveData = innerBuffer + integritySize; - - ComputeInnerIntegrity(hashAlg, name, dataSize, sensitiveData, &integrity); - - // Add integrity at the beginning of inner buffer - buffer = innerBuffer; - TPM2B_DIGEST_Marshal(&integrity, &buffer, NULL); - - return dataSize + integritySize; -} - -//*** CheckInnerIntegrity() -// This function check integrity of inner blob -// Return Type: TPM_RC -// TPM_RC_INTEGRITY if the outer blob integrity is bad -// unmarshal errors unmarshal errors while unmarshaling integrity -static TPM_RC -CheckInnerIntegrity( - TPM2B *name, // IN: the name of the object - TPM_ALG_ID hashAlg, // IN: hash algorithm for inner wrap - UINT16 dataSize, // IN: the size of sensitive data, including the - // leading integrity buffer size - BYTE *innerBuffer // IN/OUT: inner buffer with sensitive data in - // it - ) -{ - TPM_RC result; - TPM2B_DIGEST integrity; - TPM2B_DIGEST integrityToCompare; - BYTE *buffer; // Auxiliary buffer pointer - INT32 size; -// - // Unmarshal integrity - buffer = innerBuffer; - size = (INT32)dataSize; - result = TPM2B_DIGEST_Unmarshal(&integrity, &buffer, &size); - if(result == TPM_RC_SUCCESS) - { - // Compute integrity to compare - ComputeInnerIntegrity(hashAlg, name, (UINT16)size, buffer, - &integrityToCompare); - // Compare outer blob integrity - if(!MemoryEqual2B(&integrity.b, &integrityToCompare.b)) - result = TPM_RC_INTEGRITY; - } - return result; -} - -//** Public Functions - -//*** AdjustAuthSize() -// This function will validate that the input authValue is no larger than the -// digestSize for the nameAlg. It will then pad with zeros to the size of the -// digest. -BOOL -AdjustAuthSize( - TPM2B_AUTH *auth, // IN/OUT: value to adjust - TPMI_ALG_HASH nameAlg // IN: - ) -{ - UINT16 digestSize; -// - // If there is no nameAlg, then this is a LoadExternal and the authVale can - // be any size up to the maximum allowed by the - digestSize = (nameAlg == TPM_ALG_NULL) ? sizeof(TPMU_HA) - : CryptHashGetDigestSize(nameAlg); - if(digestSize < MemoryRemoveTrailingZeros(auth)) - return FALSE; - else if(digestSize > auth->t.size) - MemoryPad2B(&auth->b, digestSize); - auth->t.size = digestSize; - - return TRUE; -} - -//*** AreAttributesForParent() -// This function is called by create, load, and import functions. -// Note: The 'isParent' attribute is SET when an object is loaded and it has -// attributes that are suitable for a parent object. -// Return Type: BOOL -// TRUE(1) properties are those of a parent -// FALSE(0) properties are not those of a parent -BOOL -ObjectIsParent( - OBJECT *parentObject // IN: parent handle - ) -{ - return parentObject->attributes.isParent; -} - -//*** CreateChecks() -// Attribute checks that are unique to creation. -// Return Type: TPM_RC -// TPM_RC_ATTRIBUTES sensitiveDataOrigin is not consistent with the -// object type -// other returns from PublicAttributesValidation() -TPM_RC -CreateChecks( - OBJECT *parentObject, - TPMT_PUBLIC *publicArea, - UINT16 sensitiveDataSize - ) -{ - TPMA_OBJECT attributes = publicArea->objectAttributes; - TPM_RC result = TPM_RC_SUCCESS; -// - // If the caller indicates that they have provided the data, then make sure that - // they have provided some data. - if((!IS_ATTRIBUTE(attributes, TPMA_OBJECT, sensitiveDataOrigin)) - && (sensitiveDataSize == 0)) - return TPM_RCS_ATTRIBUTES; - // For an ordinary object, data can only be provided when sensitiveDataOrigin - // is CLEAR - if((parentObject != NULL) - && (IS_ATTRIBUTE(attributes, TPMA_OBJECT, sensitiveDataOrigin)) - && (sensitiveDataSize != 0)) - return TPM_RCS_ATTRIBUTES; - switch(publicArea->type) - { - case ALG_KEYEDHASH_VALUE: - // if this is a data object (sign == decrypt == CLEAR) then the - // TPM cannot be the data source. - if(!IS_ATTRIBUTE(attributes, TPMA_OBJECT, sign) - && !IS_ATTRIBUTE(attributes, TPMA_OBJECT, decrypt) - && IS_ATTRIBUTE(attributes, TPMA_OBJECT, sensitiveDataOrigin)) - result = TPM_RC_ATTRIBUTES; - // comment out the next line in order to prevent a fixedTPM derivation - // parent -// break; - case ALG_SYMCIPHER_VALUE: - // A restricted key symmetric key (SYMCIPHER and KEYEDHASH) - // must have sensitiveDataOrigin SET unless it has fixedParent and - // fixedTPM CLEAR. - if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, restricted)) - if(!IS_ATTRIBUTE(attributes, TPMA_OBJECT, sensitiveDataOrigin)) - if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, fixedParent) - || IS_ATTRIBUTE(attributes, TPMA_OBJECT, fixedTPM)) - result = TPM_RCS_ATTRIBUTES; - break; - default: // Asymmetric keys cannot have the sensitive portion provided - if(!IS_ATTRIBUTE(attributes, TPMA_OBJECT, sensitiveDataOrigin)) - result = TPM_RCS_ATTRIBUTES; - break; - } - if(TPM_RC_SUCCESS == result) - { - result = PublicAttributesValidation(parentObject, publicArea); - } - return result; -} -//*** SchemeChecks -// This function is called by TPM2_LoadExternal() and PublicAttributesValidation(). -// This function validates the schemes in the public area of an object. -// Return Type: TPM_RC -// TPM_RC_HASH non-duplicable storage key and its parent have different -// name algorithm -// TPM_RC_KDF incorrect KDF specified for decrypting keyed hash object -// TPM_RC_KEY invalid key size values in an asymmetric key public area -// TPM_RCS_SCHEME inconsistent attributes 'decrypt', 'sign', 'restricted' -// and key's scheme ID; or hash algorithm is inconsistent -// with the scheme ID for keyed hash object -// TPM_RC_SYMMETRIC a storage key with no symmetric algorithm specified; or -// non-storage key with symmetric algorithm different from -// ALG_NULL -TPM_RC -SchemeChecks( - OBJECT *parentObject, // IN: parent (null if primary seed) - TPMT_PUBLIC *publicArea // IN: public area of the object - ) -{ - TPMT_SYM_DEF_OBJECT *symAlgs = NULL; - TPM_ALG_ID scheme = TPM_ALG_NULL; - TPMA_OBJECT attributes = publicArea->objectAttributes; - TPMU_PUBLIC_PARMS *parms = &publicArea->parameters; -// - switch(publicArea->type) - { - case ALG_SYMCIPHER_VALUE: - symAlgs = &parms->symDetail.sym; - // If this is a decrypt key, then only the block cipher modes (not - // SMAC) are valid. TPM_ALG_NULL is OK too. If this is a 'sign' key, - // then any mode that got through the unmarshaling is OK. - if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, decrypt) - && !CryptSymModeIsValid(symAlgs->mode.sym, TRUE)) - return TPM_RCS_SCHEME; - break; - case ALG_KEYEDHASH_VALUE: - scheme = parms->keyedHashDetail.scheme.scheme; - // if both sign and decrypt - if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, sign) - == IS_ATTRIBUTE(attributes, TPMA_OBJECT, decrypt)) - { - // if both sign and decrypt are set or clear, then need - // ALG_NULL as scheme - if(scheme != TPM_ALG_NULL) - return TPM_RCS_SCHEME; - } - else if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, sign) - && scheme != TPM_ALG_HMAC) - return TPM_RCS_SCHEME; - else if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, decrypt)) - { - if(scheme != TPM_ALG_XOR) - return TPM_RCS_SCHEME; - // If this is a derivation parent, then the KDF needs to be - // SP800-108 for this implementation. This is the only derivation - // supported by this implementation. Other implementations could - // support additional schemes. There is no default. - if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, restricted)) - { - if(parms->keyedHashDetail.scheme.details.xor.kdf - != TPM_ALG_KDF1_SP800_108) - return TPM_RCS_SCHEME; - // Must select a digest. - if(CryptHashGetDigestSize( - parms->keyedHashDetail.scheme.details.xor.hashAlg) == 0) - return TPM_RCS_HASH; - } - } - break; - default: // handling for asymmetric - scheme = parms->asymDetail.scheme.scheme; - symAlgs = &parms->asymDetail.symmetric; - // if the key is both sign and decrypt, then the scheme must be - // ALG_NULL because there is no way to specify both a sign and a - // decrypt scheme in the key. - if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, sign) - == IS_ATTRIBUTE(attributes, TPMA_OBJECT, decrypt)) - { - // scheme must be TPM_ALG_NULL - if(scheme != TPM_ALG_NULL) - return TPM_RCS_SCHEME; - } - else if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, sign)) - { - // If this is a signing key, see if it has a signing scheme - if(CryptIsAsymSignScheme(publicArea->type, scheme)) - { - // if proper signing scheme then it needs a proper hash - if(parms->asymDetail.scheme.details.anySig.hashAlg - == TPM_ALG_NULL) - return TPM_RCS_SCHEME; - } - else - { - // signing key that does not have a proper signing scheme. - // This is OK if the key is not restricted and its scheme - // is TPM_ALG_NULL - if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, restricted) - || scheme != TPM_ALG_NULL) - return TPM_RCS_SCHEME; - } - } - else if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, decrypt)) - { - if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, restricted)) - { - // for a restricted decryption key (a parent), scheme - // is required to be TPM_ALG_NULL - if(scheme != TPM_ALG_NULL) - return TPM_RCS_SCHEME; - } - else - { - // For an unrestricted decryption key, the scheme has to - // be a valid scheme or TPM_ALG_NULL - if(scheme != TPM_ALG_NULL && - !CryptIsAsymDecryptScheme(publicArea->type, scheme)) - return TPM_RCS_SCHEME; - } - } - if(!IS_ATTRIBUTE(attributes, TPMA_OBJECT, restricted) - || !IS_ATTRIBUTE(attributes, TPMA_OBJECT, decrypt)) - { - // For an asymmetric key that is not a parent, the symmetric - // algorithms must be TPM_ALG_NULL - if(symAlgs->algorithm != TPM_ALG_NULL) - return TPM_RCS_SYMMETRIC; - } - // Special checks for an ECC key -#if ALG_ECC - if(publicArea->type == TPM_ALG_ECC) - { - TPM_ECC_CURVE curveID; - const TPMT_ECC_SCHEME *curveScheme; - - curveID = publicArea->parameters.eccDetail.curveID; - curveScheme = CryptGetCurveSignScheme(curveID); - // The curveId must be valid or the unmarshaling is busted. - pAssert(curveScheme != NULL); - - // If the curveID requires a specific scheme, then the key must - // select the same scheme - if(curveScheme->scheme != TPM_ALG_NULL) - { - TPMS_ECC_PARMS *ecc = &publicArea->parameters.eccDetail; - if(scheme != curveScheme->scheme) - return TPM_RCS_SCHEME; - // The scheme can allow any hash, or not... - if(curveScheme->details.anySig.hashAlg != TPM_ALG_NULL - && (ecc->scheme.details.anySig.hashAlg - != curveScheme->details.anySig.hashAlg)) - return TPM_RCS_SCHEME; - } - // For now, the KDF must be TPM_ALG_NULL - if(publicArea->parameters.eccDetail.kdf.scheme != TPM_ALG_NULL) - return TPM_RCS_KDF; - } -#endif - break; - } - // If this is a restricted decryption key with symmetric algorithms, then it - // is an ordinary parent (not a derivation parent). It needs to specific - // symmetric algorithms other than TPM_ALG_NULL - if(symAlgs != NULL - && IS_ATTRIBUTE(attributes, TPMA_OBJECT, restricted) - && IS_ATTRIBUTE(attributes, TPMA_OBJECT, decrypt)) - { - if(symAlgs->algorithm == TPM_ALG_NULL) - return TPM_RCS_SYMMETRIC; -#if 0 //?? -// This next check is under investigation. Need to see if it will break Windows -// before it is enabled. If it does not, then it should be default because a -// the mode used with a parent is always CFB and Part 2 indicates as much. - if(symAlgs->mode.sym != TPM_ALG_CFB) - return TPM_RCS_MODE; -#endif - // If this parent is not duplicable, then the symmetric algorithms - // (encryption and hash) must match those of its parent - if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, fixedParent) - && (parentObject != NULL)) - { - if(publicArea->nameAlg != parentObject->publicArea.nameAlg) - return TPM_RCS_HASH; - if(!MemoryEqual(symAlgs, &parentObject->publicArea.parameters, - sizeof(TPMT_SYM_DEF_OBJECT))) - return TPM_RCS_SYMMETRIC; - } - } - return TPM_RC_SUCCESS; -} - -//*** PublicAttributesValidation() -// This function validates the values in the public area of an object. -// This function is used in the processing of TPM2_Create, TPM2_CreatePrimary, -// TPM2_CreateLoaded(), TPM2_Load(), TPM2_Import(), and TPM2_LoadExternal(). -// For TPM2_Import() this is only used if the new parent has fixedTPM SET. For -// TPM2_LoadExternal(), this is not used for a public-only key -// Return Type: TPM_RC -// TPM_RC_ATTRIBUTES 'fixedTPM', 'fixedParent', or 'encryptedDuplication' -// attributes are inconsistent between themselves or with -// those of the parent object; -// inconsistent 'restricted', 'decrypt' and 'sign' -// attributes; -// attempt to inject sensitive data for an asymmetric key; -// attempt to create a symmetric cipher key that is not -// a decryption key -// TPM_RC_HASH nameAlg is TPM_ALG_NULL -// TPM_RC_SIZE 'authPolicy' size does not match digest size of the name -// algorithm in 'publicArea' -// other returns from SchemeChecks() -TPM_RC -PublicAttributesValidation( - OBJECT *parentObject, // IN: input parent object - TPMT_PUBLIC *publicArea // IN: public area of the object - ) -{ - TPMA_OBJECT attributes = publicArea->objectAttributes; - TPMA_OBJECT parentAttributes = TPMA_ZERO_INITIALIZER(); -// - if(parentObject != NULL) - parentAttributes = parentObject->publicArea.objectAttributes; - if(publicArea->nameAlg == TPM_ALG_NULL) - return TPM_RCS_HASH; - // If there is an authPolicy, it needs to be the size of the digest produced - // by the nameAlg of the object - if((publicArea->authPolicy.t.size != 0 - && (publicArea->authPolicy.t.size - != CryptHashGetDigestSize(publicArea->nameAlg)))) - return TPM_RCS_SIZE; - // If the parent is fixedTPM (including a Primary Object) the object must have - // the same value for fixedTPM and fixedParent - if(parentObject == NULL - || IS_ATTRIBUTE(parentAttributes, TPMA_OBJECT, fixedTPM)) - { - if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, fixedParent) - != IS_ATTRIBUTE(attributes, TPMA_OBJECT, fixedTPM)) - return TPM_RCS_ATTRIBUTES; - } - else - { - // The parent is not fixedTPM so the object can't be fixedTPM - if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, fixedTPM)) - return TPM_RCS_ATTRIBUTES; - } - // See if sign and decrypt are the same - if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, sign) - == IS_ATTRIBUTE(attributes, TPMA_OBJECT, decrypt)) - { - // a restricted key cannot have both SET or both CLEAR - if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, restricted)) - return TPM_RC_ATTRIBUTES; - // only a data object may have both sign and decrypt CLEAR - // BTW, since we know that decrypt==sign, no need to check both - if(publicArea->type != TPM_ALG_KEYEDHASH - && !IS_ATTRIBUTE(attributes, TPMA_OBJECT, sign)) - return TPM_RC_ATTRIBUTES; - } - // If the object can't be duplicated (directly or indirectly) then there - // is no justification for having encryptedDuplication SET - if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, fixedTPM) - && IS_ATTRIBUTE(attributes, TPMA_OBJECT, encryptedDuplication)) - return TPM_RCS_ATTRIBUTES; - // If a parent object has fixedTPM CLEAR, the child must have the - // same encryptedDuplication value as its parent. - // Primary objects are considered to have a fixedTPM parent (the seeds). - if(parentObject != NULL - && !IS_ATTRIBUTE(parentAttributes, TPMA_OBJECT, fixedTPM)) - { - if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, encryptedDuplication) - != IS_ATTRIBUTE(parentAttributes, TPMA_OBJECT, encryptedDuplication)) - return TPM_RCS_ATTRIBUTES; - } - // Special checks for derived objects - if((parentObject != NULL) && (parentObject->attributes.derivation == SET)) - { - // A derived object has the same settings for fixedTPM as its parent - if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, fixedTPM) - != IS_ATTRIBUTE(parentAttributes, TPMA_OBJECT, fixedTPM)) - return TPM_RCS_ATTRIBUTES; - // A derived object is required to be fixedParent - if(!IS_ATTRIBUTE(attributes, TPMA_OBJECT, fixedParent)) - return TPM_RCS_ATTRIBUTES; - } - return SchemeChecks(parentObject, publicArea); -} - -//*** FillInCreationData() -// Fill in creation data for an object. -// Return Type: void -void -FillInCreationData( - TPMI_DH_OBJECT parentHandle, // IN: handle of parent - TPMI_ALG_HASH nameHashAlg, // IN: name hash algorithm - TPML_PCR_SELECTION *creationPCR, // IN: PCR selection - TPM2B_DATA *outsideData, // IN: outside data - TPM2B_CREATION_DATA *outCreation, // OUT: creation data for output - TPM2B_DIGEST *creationDigest // OUT: creation digest - ) -{ - BYTE creationBuffer[sizeof(TPMS_CREATION_DATA)]; - BYTE *buffer; - HASH_STATE hashState; -// - // Fill in TPMS_CREATION_DATA in outCreation - - // Compute PCR digest - PCRComputeCurrentDigest(nameHashAlg, creationPCR, - &outCreation->creationData.pcrDigest); - - // Put back PCR selection list - outCreation->creationData.pcrSelect = *creationPCR; - - // Get locality - outCreation->creationData.locality - = LocalityGetAttributes(_plat__LocalityGet()); - outCreation->creationData.parentNameAlg = TPM_ALG_NULL; - - // If the parent is either a primary seed or TPM_ALG_NULL, then the Name - // and QN of the parent are the parent's handle. - if(HandleGetType(parentHandle) == TPM_HT_PERMANENT) - { - buffer = &outCreation->creationData.parentName.t.name[0]; - outCreation->creationData.parentName.t.size = - TPM_HANDLE_Marshal(&parentHandle, &buffer, NULL); - // For a primary or temporary object, the parent name (a handle) and the - // parent's QN are the same - outCreation->creationData.parentQualifiedName - = outCreation->creationData.parentName; - } - else // Regular object - { - OBJECT *parentObject = HandleToObject(parentHandle); -// - // Set name algorithm - outCreation->creationData.parentNameAlg = parentObject->publicArea.nameAlg; - - // Copy parent name - outCreation->creationData.parentName = parentObject->name; - - // Copy parent qualified name - outCreation->creationData.parentQualifiedName = parentObject->qualifiedName; - } - // Copy outside information - outCreation->creationData.outsideInfo = *outsideData; - - // Marshal creation data to canonical form - buffer = creationBuffer; - outCreation->size = TPMS_CREATION_DATA_Marshal(&outCreation->creationData, - &buffer, NULL); - // Compute hash for creation field in public template - creationDigest->t.size = CryptHashStart(&hashState, nameHashAlg); - CryptDigestUpdate(&hashState, outCreation->size, creationBuffer); - CryptHashEnd2B(&hashState, &creationDigest->b); - - return; -} - -//*** GetSeedForKDF() -// Get a seed for KDF. The KDF for encryption and HMAC key use the same seed. -const TPM2B * -GetSeedForKDF( - OBJECT *protector // IN: the protector handle - ) -{ - // Get seed for encryption key. Use input seed if provided. - // Otherwise, using protector object's seedValue. TPM_RH_NULL is the only - // exception that we may not have a loaded object as protector. In such a - // case, use nullProof as seed. - if(protector == NULL) - return &gr.nullProof.b; - else - return &protector->sensitive.seedValue.b; -} - -//*** ProduceOuterWrap() -// This function produce outer wrap for a buffer containing the sensitive data. -// It requires the sensitive data being marshaled to the outerBuffer, with the -// leading bytes reserved for integrity hash. If iv is used, iv space should -// be reserved at the beginning of the buffer. It assumes the sensitive data -// starts at address (outerBuffer + integrity size {+ iv size}). -// This function performs: -// 1. Add IV before sensitive area if required -// 2. encrypt sensitive data, if iv is required, encrypt by iv. otherwise, -// encrypted by a NULL iv -// 3. add HMAC integrity at the beginning of the buffer -// It returns the total size of blob with outer wrap -UINT16 -ProduceOuterWrap( - OBJECT *protector, // IN: The handle of the object that provides - // protection. For object, it is parent - // handle. For credential, it is the handle - // of encrypt object. - TPM2B *name, // IN: the name of the object - TPM_ALG_ID hashAlg, // IN: hash algorithm for outer wrap - TPM2B *seed, // IN: an external seed may be provided for - // duplication blob. For non duplication - // blob, this parameter should be NULL - BOOL useIV, // IN: indicate if an IV is used - UINT16 dataSize, // IN: the size of sensitive data, excluding the - // leading integrity buffer size or the - // optional iv size - BYTE *outerBuffer // IN/OUT: outer buffer with sensitive data in - // it - ) -{ - TPM_ALG_ID symAlg; - UINT16 keyBits; - TPM2B_SYM_KEY symKey; - TPM2B_IV ivRNG; // IV from RNG - TPM2B_IV *iv = NULL; - UINT16 ivSize = 0; // size of iv area, including the size field - BYTE *sensitiveData; // pointer to the sensitive data - TPM2B_DIGEST integrity; - UINT16 integritySize; - BYTE *buffer; // Auxiliary buffer pointer -// - // Compute the beginning of sensitive data. The outer integrity should - // always exist if this function is called to make an outer wrap - integritySize = sizeof(UINT16) + CryptHashGetDigestSize(hashAlg); - sensitiveData = outerBuffer + integritySize; - - // If iv is used, adjust the pointer of sensitive data and add iv before it - if(useIV) - { - ivSize = GetIV2BSize(protector); - - // Generate IV from RNG. The iv data size should be the total IV area - // size minus the size of size field - ivRNG.t.size = ivSize - sizeof(UINT16); - CryptRandomGenerate(ivRNG.t.size, ivRNG.t.buffer); - - // Marshal IV to buffer - buffer = sensitiveData; - TPM2B_IV_Marshal(&ivRNG, &buffer, NULL); - - // adjust sensitive data starting after IV area - sensitiveData += ivSize; - - // Use iv for encryption - iv = &ivRNG; - } - // Compute symmetric key parameters for outer buffer encryption - ComputeProtectionKeyParms(protector, hashAlg, name, seed, - &symAlg, &keyBits, &symKey); - // Encrypt inner buffer in place - CryptSymmetricEncrypt(sensitiveData, symAlg, keyBits, - symKey.t.buffer, iv, TPM_ALG_CFB, dataSize, - sensitiveData); - // Compute outer integrity. Integrity computation includes the optional IV - // area - ComputeOuterIntegrity(name, protector, hashAlg, seed, dataSize + ivSize, - outerBuffer + integritySize, &integrity); - // Add integrity at the beginning of outer buffer - buffer = outerBuffer; - TPM2B_DIGEST_Marshal(&integrity, &buffer, NULL); - - // return the total size in outer wrap - return dataSize + integritySize + ivSize; -} - -//*** UnwrapOuter() -// This function remove the outer wrap of a blob containing sensitive data -// This function performs: -// 1. check integrity of outer blob -// 2. decrypt outer blob -// -// Return Type: TPM_RC -// TPM_RCS_INSUFFICIENT error during sensitive data unmarshaling -// TPM_RCS_INTEGRITY sensitive data integrity is broken -// TPM_RCS_SIZE error during sensitive data unmarshaling -// TPM_RCS_VALUE IV size for CFB does not match the encryption -// algorithm block size -TPM_RC -UnwrapOuter( - OBJECT *protector, // IN: The object that provides - // protection. For object, it is parent - // handle. For credential, it is the - // encrypt object. - TPM2B *name, // IN: the name of the object - TPM_ALG_ID hashAlg, // IN: hash algorithm for outer wrap - TPM2B *seed, // IN: an external seed may be provided for - // duplication blob. For non duplication - // blob, this parameter should be NULL. - BOOL useIV, // IN: indicates if an IV is used - UINT16 dataSize, // IN: size of sensitive data in outerBuffer, - // including the leading integrity buffer - // size, and an optional iv area - BYTE *outerBuffer // IN/OUT: sensitive data - ) -{ - TPM_RC result; - TPM_ALG_ID symAlg = TPM_ALG_NULL; - TPM2B_SYM_KEY symKey; - UINT16 keyBits = 0; - TPM2B_IV ivIn; // input IV retrieved from input buffer - TPM2B_IV *iv = NULL; - BYTE *sensitiveData; // pointer to the sensitive data - TPM2B_DIGEST integrityToCompare; - TPM2B_DIGEST integrity; - INT32 size; -// - // Unmarshal integrity - sensitiveData = outerBuffer; - size = (INT32)dataSize; - result = TPM2B_DIGEST_Unmarshal(&integrity, &sensitiveData, &size); - if(result == TPM_RC_SUCCESS) - { - // Compute integrity to compare - ComputeOuterIntegrity(name, protector, hashAlg, seed, - (UINT16)size, sensitiveData, - &integrityToCompare); - // Compare outer blob integrity - if(!MemoryEqual2B(&integrity.b, &integrityToCompare.b)) - return TPM_RCS_INTEGRITY; - // Get the symmetric algorithm parameters used for encryption - ComputeProtectionKeyParms(protector, hashAlg, name, seed, - &symAlg, &keyBits, &symKey); - // Retrieve IV if it is used - if(useIV) - { - result = TPM2B_IV_Unmarshal(&ivIn, &sensitiveData, &size); - if(result == TPM_RC_SUCCESS) - { - // The input iv size for CFB must match the encryption algorithm - // block size - if(ivIn.t.size != CryptGetSymmetricBlockSize(symAlg, keyBits)) - result = TPM_RC_VALUE; - else - iv = &ivIn; - } - } - } - // If no errors, decrypt private in place. Since this function uses CFB, - // CryptSymmetricDecrypt() will not return any errors. It may fail but it will - // not return an error. - if(result == TPM_RC_SUCCESS) - CryptSymmetricDecrypt(sensitiveData, symAlg, keyBits, - symKey.t.buffer, iv, TPM_ALG_CFB, - (UINT16)size, sensitiveData); - return result; -} - -//*** MarshalSensitive() -// This function is used to marshal a sensitive area. Among other things, it -// adjusts the size of the authValue to be no smaller than the digest of -// 'nameAlg'. It will also make sure that the RSA sensitive contains the right number -// of values. -// Returns the size of the marshaled area. -static UINT16 -MarshalSensitive( - OBJECT *parent, // IN: the object parent (optional) - BYTE *buffer, // OUT: receiving buffer - TPMT_SENSITIVE *sensitive, // IN: the sensitive area to marshal - TPMI_ALG_HASH nameAlg // IN: - ) -{ - BYTE *sizeField = buffer; // saved so that size can be - // marshaled after it is known - UINT16 retVal; -// - // Pad the authValue if needed - MemoryPad2B(&sensitive->authValue.b, CryptHashGetDigestSize(nameAlg)); - buffer += 2; - - // Marshal the structure -#if ALG_RSA - // If the sensitive size is the special case for a prime in the type - if((sensitive->sensitive.rsa.t.size & RSA_prime_flag) > 0) - { - UINT16 sizeSave = sensitive->sensitive.rsa.t.size; - // - // Turn off the flag that indicates that the sensitive->sensitive contains - // the CRT form of the exponent. - sensitive->sensitive.rsa.t.size &= ~(RSA_prime_flag); - // If the parent isn't fixedTPM, then truncate the sensitive data to be - // the size of the prime. Otherwise, leave it at the current size which - // is the full CRT size. - if(parent == NULL - || !IS_ATTRIBUTE(parent->publicArea.objectAttributes, - TPMA_OBJECT, fixedTPM)) - sensitive->sensitive.rsa.t.size /= 5; - retVal = TPMT_SENSITIVE_Marshal(sensitive, &buffer, NULL); - // Restore the flag and the size. - sensitive->sensitive.rsa.t.size = sizeSave; - } - else -#endif - retVal = TPMT_SENSITIVE_Marshal(sensitive, &buffer, NULL); - - // Marshal the size - retVal = (UINT16)(retVal + UINT16_Marshal(&retVal, &sizeField, NULL)); - - return retVal; -} - -//*** SensitiveToPrivate() -// This function prepare the private blob for off the chip storage -// The operations in this function: -// 1. marshal TPM2B_SENSITIVE structure into the buffer of TPM2B_PRIVATE -// 2. apply encryption to the sensitive area. -// 3. apply outer integrity computation. -void -SensitiveToPrivate( - TPMT_SENSITIVE *sensitive, // IN: sensitive structure - TPM2B_NAME *name, // IN: the name of the object - OBJECT *parent, // IN: The parent object - TPM_ALG_ID nameAlg, // IN: hash algorithm in public area. This - // parameter is used when parentHandle is - // NULL, in which case the object is - // temporary. - TPM2B_PRIVATE *outPrivate // OUT: output private structure - ) -{ - BYTE *sensitiveData; // pointer to the sensitive data - UINT16 dataSize; // data blob size - TPMI_ALG_HASH hashAlg; // hash algorithm for integrity - UINT16 integritySize; - UINT16 ivSize; -// - pAssert(name != NULL && name->t.size != 0); - - // Find the hash algorithm for integrity computation - if(parent == NULL) - { - // For Temporary Object, using self name algorithm - hashAlg = nameAlg; - } - else - { - // Otherwise, using parent's name algorithm - hashAlg = parent->publicArea.nameAlg; - } - // Starting of sensitive data without wrappers - sensitiveData = outPrivate->t.buffer; - - // Compute the integrity size - integritySize = sizeof(UINT16) + CryptHashGetDigestSize(hashAlg); - - // Reserve space for integrity - sensitiveData += integritySize; - - // Get iv size - ivSize = GetIV2BSize(parent); - - // Reserve space for iv - sensitiveData += ivSize; - - // Marshal the sensitive area including authValue size adjustments. - dataSize = MarshalSensitive(parent, sensitiveData, sensitive, nameAlg); - - //Produce outer wrap, including encryption and HMAC - outPrivate->t.size = ProduceOuterWrap(parent, &name->b, hashAlg, NULL, - TRUE, dataSize, outPrivate->t.buffer); - return; -} - -//*** PrivateToSensitive() -// Unwrap a input private area. Check the integrity, decrypt and retrieve data -// to a sensitive structure. -// The operations in this function: -// 1. check the integrity HMAC of the input private area -// 2. decrypt the private buffer -// 3. unmarshal TPMT_SENSITIVE structure into the buffer of TPMT_SENSITIVE -// Return Type: TPM_RC -// TPM_RCS_INTEGRITY if the private area integrity is bad -// TPM_RC_SENSITIVE unmarshal errors while unmarshaling TPMS_ENCRYPT -// from input private -// TPM_RCS_SIZE error during sensitive data unmarshaling -// TPM_RCS_VALUE outer wrapper does not have an iV of the correct -// size -TPM_RC -PrivateToSensitive( - TPM2B *inPrivate, // IN: input private structure - TPM2B *name, // IN: the name of the object - OBJECT *parent, // IN: parent object - TPM_ALG_ID nameAlg, // IN: hash algorithm in public area. It is - // passed separately because we only pass - // name, rather than the whole public area - // of the object. This parameter is used in - // the following two cases: 1. primary - // objects. 2. duplication blob with inner - // wrap. In other cases, this parameter - // will be ignored - TPMT_SENSITIVE *sensitive // OUT: sensitive structure - ) -{ - TPM_RC result; - BYTE *buffer; - INT32 size; - BYTE *sensitiveData; // pointer to the sensitive data - UINT16 dataSize; - UINT16 dataSizeInput; - TPMI_ALG_HASH hashAlg; // hash algorithm for integrity - UINT16 integritySize; - UINT16 ivSize; -// - // Make sure that name is provided - pAssert(name != NULL && name->size != 0); - - // Find the hash algorithm for integrity computation - // For Temporary Object (parent == NULL) use self name algorithm; - // Otherwise, using parent's name algorithm - hashAlg = (parent == NULL) ? nameAlg : parent->publicArea.nameAlg; - - // unwrap outer - result = UnwrapOuter(parent, name, hashAlg, NULL, TRUE, - inPrivate->size, inPrivate->buffer); - if(result != TPM_RC_SUCCESS) - return result; - // Compute the inner integrity size. - integritySize = sizeof(UINT16) + CryptHashGetDigestSize(hashAlg); - - // Get iv size - ivSize = GetIV2BSize(parent); - - // The starting of sensitive data and data size without outer wrapper - sensitiveData = inPrivate->buffer + integritySize + ivSize; - dataSize = inPrivate->size - integritySize - ivSize; - - // Unmarshal input data size - buffer = sensitiveData; - size = (INT32)dataSize; - result = UINT16_Unmarshal(&dataSizeInput, &buffer, &size); - if(result == TPM_RC_SUCCESS) - { - if((dataSizeInput + sizeof(UINT16)) != dataSize) - result = TPM_RC_SENSITIVE; - else - { - // Unmarshal sensitive buffer to sensitive structure - result = TPMT_SENSITIVE_Unmarshal(sensitive, &buffer, &size); - if(result != TPM_RC_SUCCESS || size != 0) - { - result = TPM_RC_SENSITIVE; - } - } - } - return result; -} - -//*** SensitiveToDuplicate() -// This function prepare the duplication blob from the sensitive area. -// The operations in this function: -// 1. marshal TPMT_SENSITIVE structure into the buffer of TPM2B_PRIVATE -// 2. apply inner wrap to the sensitive area if required -// 3. apply outer wrap if required -void -SensitiveToDuplicate( - TPMT_SENSITIVE *sensitive, // IN: sensitive structure - TPM2B *name, // IN: the name of the object - OBJECT *parent, // IN: The new parent object - TPM_ALG_ID nameAlg, // IN: hash algorithm in public area. It - // is passed separately because we - // only pass name, rather than the - // whole public area of the object. - TPM2B *seed, // IN: the external seed. If external - // seed is provided with size of 0, - // no outer wrap should be applied - // to duplication blob. - TPMT_SYM_DEF_OBJECT *symDef, // IN: Symmetric key definition. If the - // symmetric key algorithm is NULL, - // no inner wrap should be applied. - TPM2B_DATA *innerSymKey, // IN/OUT: a symmetric key may be - // provided to encrypt the inner - // wrap of a duplication blob. May - // be generated here if needed. - TPM2B_PRIVATE *outPrivate // OUT: output private structure - ) -{ - BYTE *sensitiveData; // pointer to the sensitive data - TPMI_ALG_HASH outerHash = TPM_ALG_NULL;// The hash algorithm for outer wrap - TPMI_ALG_HASH innerHash = TPM_ALG_NULL;// The hash algorithm for inner wrap - UINT16 dataSize; // data blob size - BOOL doInnerWrap = FALSE; - BOOL doOuterWrap = FALSE; -// - // Make sure that name is provided - pAssert(name != NULL && name->size != 0); - - // Make sure symDef and innerSymKey are not NULL - pAssert(symDef != NULL && innerSymKey != NULL); - - // Starting of sensitive data without wrappers - sensitiveData = outPrivate->t.buffer; - - // Find out if inner wrap is required - if(symDef->algorithm != TPM_ALG_NULL) - { - doInnerWrap = TRUE; - - // Use self nameAlg as inner hash algorithm - innerHash = nameAlg; - - // Adjust sensitive data pointer - sensitiveData += sizeof(UINT16) + CryptHashGetDigestSize(innerHash); - } - // Find out if outer wrap is required - if(seed->size != 0) - { - doOuterWrap = TRUE; - - // Use parent nameAlg as outer hash algorithm - outerHash = parent->publicArea.nameAlg; - - // Adjust sensitive data pointer - sensitiveData += sizeof(UINT16) + CryptHashGetDigestSize(outerHash); - } - // Marshal sensitive area - dataSize = MarshalSensitive(NULL, sensitiveData, sensitive, nameAlg); - - // Apply inner wrap for duplication blob. It includes both integrity and - // encryption - if(doInnerWrap) - { - BYTE *innerBuffer = NULL; - BOOL symKeyInput = TRUE; - innerBuffer = outPrivate->t.buffer; - // Skip outer integrity space - if(doOuterWrap) - innerBuffer += sizeof(UINT16) + CryptHashGetDigestSize(outerHash); - dataSize = ProduceInnerIntegrity(name, innerHash, dataSize, - innerBuffer); - // Generate inner encryption key if needed - if(innerSymKey->t.size == 0) - { - innerSymKey->t.size = (symDef->keyBits.sym + 7) / 8; - CryptRandomGenerate(innerSymKey->t.size, innerSymKey->t.buffer); - - // TPM generates symmetric encryption. Set the flag to FALSE - symKeyInput = FALSE; - } - else - { - // assume the input key size should matches the symmetric definition - pAssert(innerSymKey->t.size == (symDef->keyBits.sym + 7) / 8); - } - - // Encrypt inner buffer in place - CryptSymmetricEncrypt(innerBuffer, symDef->algorithm, - symDef->keyBits.sym, innerSymKey->t.buffer, NULL, - TPM_ALG_CFB, dataSize, innerBuffer); - - // If the symmetric encryption key is imported, clear the buffer for - // output - if(symKeyInput) - innerSymKey->t.size = 0; - } - // Apply outer wrap for duplication blob. It includes both integrity and - // encryption - if(doOuterWrap) - { - dataSize = ProduceOuterWrap(parent, name, outerHash, seed, FALSE, - dataSize, outPrivate->t.buffer); - } - // Data size for output - outPrivate->t.size = dataSize; - - return; -} - -//*** DuplicateToSensitive() -// Unwrap a duplication blob. Check the integrity, decrypt and retrieve data -// to a sensitive structure. -// The operations in this function: -// 1. check the integrity HMAC of the input private area -// 2. decrypt the private buffer -// 3. unmarshal TPMT_SENSITIVE structure into the buffer of TPMT_SENSITIVE -// -// Return Type: TPM_RC -// TPM_RC_INSUFFICIENT unmarshaling sensitive data from 'inPrivate' failed -// TPM_RC_INTEGRITY 'inPrivate' data integrity is broken -// TPM_RC_SIZE unmarshaling sensitive data from 'inPrivate' failed -TPM_RC -DuplicateToSensitive( - TPM2B *inPrivate, // IN: input private structure - TPM2B *name, // IN: the name of the object - OBJECT *parent, // IN: the parent - TPM_ALG_ID nameAlg, // IN: hash algorithm in public area. - TPM2B *seed, // IN: an external seed may be provided. - // If external seed is provided with - // size of 0, no outer wrap is - // applied - TPMT_SYM_DEF_OBJECT *symDef, // IN: Symmetric key definition. If the - // symmetric key algorithm is NULL, - // no inner wrap is applied - TPM2B *innerSymKey, // IN: a symmetric key may be provided - // to decrypt the inner wrap of a - // duplication blob. - TPMT_SENSITIVE *sensitive // OUT: sensitive structure - ) -{ - TPM_RC result; - BYTE *buffer; - INT32 size; - BYTE *sensitiveData; // pointer to the sensitive data - UINT16 dataSize; - UINT16 dataSizeInput; -// - // Make sure that name is provided - pAssert(name != NULL && name->size != 0); - - // Make sure symDef and innerSymKey are not NULL - pAssert(symDef != NULL && innerSymKey != NULL); - - // Starting of sensitive data - sensitiveData = inPrivate->buffer; - dataSize = inPrivate->size; - - // Find out if outer wrap is applied - if(seed->size != 0) - { - // Use parent nameAlg as outer hash algorithm - TPMI_ALG_HASH outerHash = parent->publicArea.nameAlg; - - result = UnwrapOuter(parent, name, outerHash, seed, FALSE, - dataSize, sensitiveData); - if(result != TPM_RC_SUCCESS) - return result; - // Adjust sensitive data pointer and size - sensitiveData += sizeof(UINT16) + CryptHashGetDigestSize(outerHash); - dataSize -= sizeof(UINT16) + CryptHashGetDigestSize(outerHash); - } - // Find out if inner wrap is applied - if(symDef->algorithm != TPM_ALG_NULL) - { - // assume the input key size matches the symmetric definition - pAssert(innerSymKey->size == (symDef->keyBits.sym + 7) / 8); - - // Decrypt inner buffer in place - CryptSymmetricDecrypt(sensitiveData, symDef->algorithm, - symDef->keyBits.sym, innerSymKey->buffer, NULL, - TPM_ALG_CFB, dataSize, sensitiveData); - // Check inner integrity - result = CheckInnerIntegrity(name, nameAlg, dataSize, sensitiveData); - if(result != TPM_RC_SUCCESS) - return result; - // Adjust sensitive data pointer and size - sensitiveData += sizeof(UINT16) + CryptHashGetDigestSize(nameAlg); - dataSize -= sizeof(UINT16) + CryptHashGetDigestSize(nameAlg); - } - // Unmarshal input data size - buffer = sensitiveData; - size = (INT32)dataSize; - result = UINT16_Unmarshal(&dataSizeInput, &buffer, &size); - if(result == TPM_RC_SUCCESS) - { - if((dataSizeInput + sizeof(UINT16)) != dataSize) - result = TPM_RC_SIZE; - else - { - // Unmarshal sensitive buffer to sensitive structure - result = TPMT_SENSITIVE_Unmarshal(sensitive, &buffer, &size); - - // if the results is OK make sure that all the data was unmarshaled - if(result == TPM_RC_SUCCESS && size != 0) - result = TPM_RC_SIZE; - } - } - return result; -} - -//*** SecretToCredential() -// This function prepare the credential blob from a secret (a TPM2B_DIGEST) -// The operations in this function: -// 1. marshal TPM2B_DIGEST structure into the buffer of TPM2B_ID_OBJECT -// 2. encrypt the private buffer, excluding the leading integrity HMAC area -// 3. compute integrity HMAC and append to the beginning of the buffer. -// 4. Set the total size of TPM2B_ID_OBJECT buffer -void -SecretToCredential( - TPM2B_DIGEST *secret, // IN: secret information - TPM2B *name, // IN: the name of the object - TPM2B *seed, // IN: an external seed. - OBJECT *protector, // IN: the protector - TPM2B_ID_OBJECT *outIDObject // OUT: output credential - ) -{ - BYTE *buffer; // Auxiliary buffer pointer - BYTE *sensitiveData; // pointer to the sensitive data - TPMI_ALG_HASH outerHash; // The hash algorithm for outer wrap - UINT16 dataSize; // data blob size -// - pAssert(secret != NULL && outIDObject != NULL); - - // use protector's name algorithm as outer hash ???? - outerHash = protector->publicArea.nameAlg; - - // Marshal secret area to credential buffer, leave space for integrity - sensitiveData = outIDObject->t.credential - + sizeof(UINT16) + CryptHashGetDigestSize(outerHash); -// Marshal secret area - buffer = sensitiveData; - dataSize = TPM2B_DIGEST_Marshal(secret, &buffer, NULL); - - // Apply outer wrap - outIDObject->t.size = ProduceOuterWrap(protector, name, outerHash, seed, FALSE, - dataSize, outIDObject->t.credential); - return; -} - -//*** CredentialToSecret() -// Unwrap a credential. Check the integrity, decrypt and retrieve data -// to a TPM2B_DIGEST structure. -// The operations in this function: -// 1. check the integrity HMAC of the input credential area -// 2. decrypt the credential buffer -// 3. unmarshal TPM2B_DIGEST structure into the buffer of TPM2B_DIGEST -// -// Return Type: TPM_RC -// TPM_RC_INSUFFICIENT error during credential unmarshaling -// TPM_RC_INTEGRITY credential integrity is broken -// TPM_RC_SIZE error during credential unmarshaling -// TPM_RC_VALUE IV size does not match the encryption algorithm -// block size -TPM_RC -CredentialToSecret( - TPM2B *inIDObject, // IN: input credential blob - TPM2B *name, // IN: the name of the object - TPM2B *seed, // IN: an external seed. - OBJECT *protector, // IN: the protector - TPM2B_DIGEST *secret // OUT: secret information - ) -{ - TPM_RC result; - BYTE *buffer; - INT32 size; - TPMI_ALG_HASH outerHash; // The hash algorithm for outer wrap - BYTE *sensitiveData; // pointer to the sensitive data - UINT16 dataSize; -// - // use protector's name algorithm as outer hash - outerHash = protector->publicArea.nameAlg; - - // Unwrap outer, a TPM_RC_INTEGRITY error may be returned at this point - result = UnwrapOuter(protector, name, outerHash, seed, FALSE, - inIDObject->size, inIDObject->buffer); - if(result == TPM_RC_SUCCESS) - { - // Compute the beginning of sensitive data - sensitiveData = inIDObject->buffer - + sizeof(UINT16) + CryptHashGetDigestSize(outerHash); - dataSize = inIDObject->size - - (sizeof(UINT16) + CryptHashGetDigestSize(outerHash)); - // Unmarshal secret buffer to TPM2B_DIGEST structure - buffer = sensitiveData; - size = (INT32)dataSize; - result = TPM2B_DIGEST_Unmarshal(secret, &buffer, &size); - - // If there were no other unmarshaling errors, make sure that the - // expected amount of data was recovered - if(result == TPM_RC_SUCCESS && size != 0) - return TPM_RC_SIZE; - } - return result; -} - -//*** MemoryRemoveTrailingZeros() -// This function is used to adjust the length of an authorization value. -// It adjusts the size of the TPM2B so that it does not include octets -// at the end of the buffer that contain zero. -// The function returns the number of non-zero octets in the buffer. -UINT16 -MemoryRemoveTrailingZeros( - TPM2B_AUTH *auth // IN/OUT: value to adjust - ) -{ - while((auth->t.size > 0) && (auth->t.buffer[auth->t.size - 1] == 0)) - auth->t.size--; - return auth->t.size; -} - -//*** SetLabelAndContext() -// This function sets the label and context for a derived key. It is possible -// that 'label' or 'context' can end up being an Empty Buffer. -TPM_RC -SetLabelAndContext( - TPMS_DERIVE *labelContext, // IN/OUT: the recovered label and - // context - TPM2B_SENSITIVE_DATA *sensitive // IN: the sensitive data - ) -{ - TPMS_DERIVE sensitiveValue; - TPM_RC result; - INT32 size; - BYTE *buff; -// - // Unmarshal a TPMS_DERIVE from the TPM2B_SENSITIVE_DATA buffer - // If there is something to unmarshal... - if(sensitive->t.size != 0) - { - size = sensitive->t.size; - buff = sensitive->t.buffer; - result = TPMS_DERIVE_Unmarshal(&sensitiveValue, &buff, &size); - if(result != TPM_RC_SUCCESS) - return result; - // If there was a label in the public area leave it there, otherwise, copy - // the new value - if(labelContext->label.t.size == 0) - MemoryCopy2B(&labelContext->label.b, &sensitiveValue.label.b, - sizeof(labelContext->label.t.buffer)); - // if there was a context string in publicArea, it overrides - if(labelContext->context.t.size == 0) - MemoryCopy2B(&labelContext->context.b, &sensitiveValue.context.b, - sizeof(labelContext->label.t.buffer)); - } - return TPM_RC_SUCCESS; -} - -//*** UnmarshalToPublic() -// Support function to unmarshal the template. This is used because the -// Input may be a TPMT_TEMPLATE and that structure does not have the same -// size as a TPMT_PUBLIC because of the difference between the 'unique' and -// 'seed' fields. -// If 'derive' is not NULL, then the 'seed' field is assumed to contain -// a 'label' and 'context' that are unmarshaled into 'derive'. -TPM_RC -UnmarshalToPublic( - TPMT_PUBLIC *tOut, // OUT: output - TPM2B_TEMPLATE *tIn, // IN: - BOOL derivation, // IN: indicates if this is for a derivation - TPMS_DERIVE *labelContext// OUT: label and context if derivation - ) -{ - BYTE *buffer = tIn->t.buffer; - INT32 size = tIn->t.size; - TPM_RC result; -// - // make sure that tOut is zeroed so that there are no remnants from previous - // uses - MemorySet(tOut, 0, sizeof(TPMT_PUBLIC)); - // Unmarshal the components of the TPMT_PUBLIC up to the unique field - result = TPMI_ALG_PUBLIC_Unmarshal(&tOut->type, &buffer, &size); - if(result != TPM_RC_SUCCESS) - return result; - result = TPMI_ALG_HASH_Unmarshal(&tOut->nameAlg, &buffer, &size, FALSE); - if(result != TPM_RC_SUCCESS) - return result; - result = TPMA_OBJECT_Unmarshal(&tOut->objectAttributes, &buffer, &size); - if(result != TPM_RC_SUCCESS) - return result; - result = TPM2B_DIGEST_Unmarshal(&tOut->authPolicy, &buffer, &size); - if(result != TPM_RC_SUCCESS) - return result; - result = TPMU_PUBLIC_PARMS_Unmarshal(&tOut->parameters, &buffer, &size, - tOut->type); - if(result != TPM_RC_SUCCESS) - return result; - // Now unmarshal a TPMS_DERIVE if this is for derivation - if(derivation) - result = TPMS_DERIVE_Unmarshal(labelContext, &buffer, &size); - else - // otherwise, unmarshal a TPMU_PUBLIC_ID - result = TPMU_PUBLIC_ID_Unmarshal(&tOut->unique, &buffer, &size, - tOut->type); - // Make sure the template was used up - if((result == TPM_RC_SUCCESS) && (size != 0)) - result = TPM_RC_SIZE; - return result; -} - - -//*** ObjectSetExternal() -// Set the external attributes for an object. -void -ObjectSetExternal( - OBJECT *object - ) -{ - object->attributes.external = SET; -} \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/ReadPublic.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/ReadPublic.c deleted file mode 100644 index a8e9ea27e..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/ReadPublic.c +++ /dev/null @@ -1,67 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "ReadPublic_fp.h" - -#if CC_ReadPublic // Conditional expansion of this file - -/*(See part 3 specification) -// read public area of a loaded object -*/ -// Return Type: TPM_RC -// TPM_RC_SEQUENCE can not read the public area of a sequence -// object -TPM_RC -TPM2_ReadPublic( - ReadPublic_In *in, // IN: input parameter list - ReadPublic_Out *out // OUT: output parameter list - ) -{ - OBJECT *object = HandleToObject(in->objectHandle); - -// Input Validation - // Can not read public area of a sequence object - if(ObjectIsSequence(object)) - return TPM_RC_SEQUENCE; - -// Command Output - out->outPublic.publicArea = object->publicArea; - out->name = object->name; - out->qualifiedName = object->qualifiedName; - - return TPM_RC_SUCCESS; -} - -#endif // CC_ReadPublic \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/Unseal.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/Unseal.c deleted file mode 100644 index f7a9d6edf..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/Unseal.c +++ /dev/null @@ -1,70 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "Unseal_fp.h" - -#if CC_Unseal // Conditional expansion of this file - -/*(See part 3 specification) -// return data in a sealed data blob -*/ -// Return Type: TPM_RC -// TPM_RC_ATTRIBUTES 'itemHandle' has wrong attributes -// TPM_RC_TYPE 'itemHandle' is not a KEYEDHASH data object -TPM_RC -TPM2_Unseal( - Unseal_In *in, - Unseal_Out *out - ) -{ - OBJECT *object; -// Input Validation - // Get pointer to loaded object - object = HandleToObject(in->itemHandle); - - // Input handle must be a data object - if(object->publicArea.type != TPM_ALG_KEYEDHASH) - return TPM_RCS_TYPE + RC_Unseal_itemHandle; - if(IS_ATTRIBUTE(object->publicArea.objectAttributes, TPMA_OBJECT, decrypt) - || IS_ATTRIBUTE(object->publicArea.objectAttributes, TPMA_OBJECT, sign) - || IS_ATTRIBUTE(object->publicArea.objectAttributes, TPMA_OBJECT, restricted)) - return TPM_RCS_ATTRIBUTES + RC_Unseal_itemHandle; -// Command Output - // Copy data - out->outData = object->sensitive.sensitive.bits; - return TPM_RC_SUCCESS; -} - -#endif // CC_Unseal \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/PCR/PCR_Allocate.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/PCR/PCR_Allocate.c deleted file mode 100644 index e9cfacb7f..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/PCR/PCR_Allocate.c +++ /dev/null @@ -1,83 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "PCR_Allocate_fp.h" - -#if CC_PCR_Allocate // Conditional expansion of this file - -/*(See part 3 specification) -// Allocate PCR banks -*/ -// Return Type: TPM_RC -// TPM_RC_PCR the allocation did not have required PCR -// TPM_RC_NV_UNAVAILABLE NV is not accessible -// TPM_RC_NV_RATE NV is in a rate-limiting mode -TPM_RC -TPM2_PCR_Allocate( - PCR_Allocate_In *in, // IN: input parameter list - PCR_Allocate_Out *out // OUT: output parameter list - ) -{ - TPM_RC result; - - // The command needs NV update. Check if NV is available. - // A TPM_RC_NV_UNAVAILABLE or TPM_RC_NV_RATE error may be returned at - // this point. - // Note: These codes are not listed in the return values above because it is - // an implementation choice to check in this routine rather than in a common - // function that is called before these actions are called. These return values - // are described in the Response Code section of Part 3. - RETURN_IF_NV_IS_NOT_AVAILABLE; - -// Command Output - - // Call PCR Allocation function. - result = PCRAllocate(&in->pcrAllocation, &out->maxPCR, - &out->sizeNeeded, &out->sizeAvailable); - if(result == TPM_RC_PCR) - return result; - - // - out->allocationSuccess = (result == TPM_RC_SUCCESS); - - // if re-configuration succeeds, set the flag to indicate PCR configuration is - // going to be changed in next boot - if(out->allocationSuccess == YES) - g_pcrReConfig = TRUE; - - return TPM_RC_SUCCESS; -} - -#endif // CC_PCR_Allocate \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/PCR/PCR_Event.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/PCR/PCR_Event.c deleted file mode 100644 index 0cf39aa3a..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/PCR/PCR_Event.c +++ /dev/null @@ -1,92 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "PCR_Event_fp.h" - -#if CC_PCR_Event // Conditional expansion of this file - -/*(See part 3 specification) -// Update PCR -*/ -// Return Type: TPM_RC -// TPM_RC_LOCALITY current command locality is not allowed to -// extend the PCR referenced by 'pcrHandle' -TPM_RC -TPM2_PCR_Event( - PCR_Event_In *in, // IN: input parameter list - PCR_Event_Out *out // OUT: output parameter list - ) -{ - HASH_STATE hashState; - UINT32 i; - UINT16 size; - -// Input Validation - - // If a PCR extend is required - if(in->pcrHandle != TPM_RH_NULL) - { - // If the PCR is not allow to extend, return error - if(!PCRIsExtendAllowed(in->pcrHandle)) - return TPM_RC_LOCALITY; - - // If PCR is state saved and we need to update orderlyState, check NV - // availability - if(PCRIsStateSaved(in->pcrHandle)) - RETURN_IF_ORDERLY; - } - -// Internal Data Update - - out->digests.count = HASH_COUNT; - - // Iterate supported PCR bank algorithms to extend - for(i = 0; i < HASH_COUNT; i++) - { - TPM_ALG_ID hash = CryptHashGetAlgByIndex(i); - out->digests.digests[i].hashAlg = hash; - size = CryptHashStart(&hashState, hash); - CryptDigestUpdate2B(&hashState, &in->eventData.b); - CryptHashEnd(&hashState, size, - (BYTE *)&out->digests.digests[i].digest); - if(in->pcrHandle != TPM_RH_NULL) - PCRExtend(in->pcrHandle, hash, size, - (BYTE *)&out->digests.digests[i].digest); - } - - return TPM_RC_SUCCESS; -} - -#endif // CC_PCR_Event \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/PCR/PCR_Extend.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/PCR/PCR_Extend.c deleted file mode 100644 index d789e7408..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/PCR/PCR_Extend.c +++ /dev/null @@ -1,89 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "PCR_Extend_fp.h" - -#if CC_PCR_Extend // Conditional expansion of this file - -/*(See part 3 specification) -// Update PCR -*/ -// Return Type: TPM_RC -// TPM_RC_LOCALITY current command locality is not allowed to -// extend the PCR referenced by 'pcrHandle' -TPM_RC -TPM2_PCR_Extend( - PCR_Extend_In *in // IN: input parameter list - ) -{ - UINT32 i; - -// Input Validation - - // NOTE: This function assumes that the unmarshaling function for 'digests' will - // have validated that all of the indicated hash algorithms are valid. If the - // hash algorithms are correct, the unmarshaling code will unmarshal a digest - // of the size indicated by the hash algorithm. If the overall size is not - // consistent, the unmarshaling code will run out of input data or have input - // data left over. In either case, it will cause an unmarshaling error and this - // function will not be called. - - // For NULL handle, do nothing and return success - if(in->pcrHandle == TPM_RH_NULL) - return TPM_RC_SUCCESS; - - // Check if the extend operation is allowed by the current command locality - if(!PCRIsExtendAllowed(in->pcrHandle)) - return TPM_RC_LOCALITY; - - // If PCR is state saved and we need to update orderlyState, check NV - // availability - if(PCRIsStateSaved(in->pcrHandle)) - RETURN_IF_ORDERLY; - -// Internal Data Update - - // Iterate input digest list to extend - for(i = 0; i < in->digests.count; i++) - { - PCRExtend(in->pcrHandle, in->digests.digests[i].hashAlg, - CryptHashGetDigestSize(in->digests.digests[i].hashAlg), - (BYTE *)&in->digests.digests[i].digest); - } - - return TPM_RC_SUCCESS; -} - -#endif // CC_PCR_Extend \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/PCR/PCR_Read.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/PCR/PCR_Read.c deleted file mode 100644 index f4dd6bf71..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/PCR/PCR_Read.c +++ /dev/null @@ -1,60 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "PCR_Read_fp.h" - -#if CC_PCR_Read // Conditional expansion of this file - -/*(See part 3 specification) -// Read a set of PCR -*/ -TPM_RC -TPM2_PCR_Read( - PCR_Read_In *in, // IN: input parameter list - PCR_Read_Out *out // OUT: output parameter list - ) -{ -// Command Output - - // Call PCR read function. input pcrSelectionIn parameter could be changed - // to reflect the actual PCR being returned - PCRRead(&in->pcrSelectionIn, &out->pcrValues, &out->pcrUpdateCounter); - - out->pcrSelectionOut = in->pcrSelectionIn; - - return TPM_RC_SUCCESS; -} - -#endif // CC_PCR_Read \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/PCR/PCR_Reset.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/PCR/PCR_Reset.c deleted file mode 100644 index de2daab58..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/PCR/PCR_Reset.c +++ /dev/null @@ -1,74 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "PCR_Reset_fp.h" - -#if CC_PCR_Reset // Conditional expansion of this file - -/*(See part 3 specification) -// Reset PCR -*/ -// Return Type: TPM_RC -// TPM_RC_LOCALITY current command locality is not allowed to -// reset the PCR referenced by 'pcrHandle' -TPM_RC -TPM2_PCR_Reset( - PCR_Reset_In *in // IN: input parameter list - ) -{ -// Input Validation - - // Check if the reset operation is allowed by the current command locality - if(!PCRIsResetAllowed(in->pcrHandle)) - return TPM_RC_LOCALITY; - - // If PCR is state saved and we need to update orderlyState, check NV - // availability - if(PCRIsStateSaved(in->pcrHandle)) - RETURN_IF_ORDERLY; - -// Internal Data Update - - // Reset selected PCR in all banks to 0 - PCRSetValue(in->pcrHandle, 0); - - // Indicate that the PCR changed so that pcrCounter will be incremented if - // necessary. - PCRChanged(in->pcrHandle); - - return TPM_RC_SUCCESS; -} - -#endif // CC_PCR_Reset \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/PCR/PCR_SetAuthPolicy.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/PCR/PCR_SetAuthPolicy.c deleted file mode 100644 index b749de4be..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/PCR/PCR_SetAuthPolicy.c +++ /dev/null @@ -1,82 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "PCR_SetAuthPolicy_fp.h" - -#if CC_PCR_SetAuthPolicy // Conditional expansion of this file - -/*(See part 3 specification) -// Set authPolicy to a group of PCR -*/ -// Return Type: TPM_RC -// TPM_RC_SIZE size of 'authPolicy' is not the size of a digest -// produced by 'policyDigest' -// TPM_RC_VALUE PCR referenced by 'pcrNum' is not a member -// of a PCR policy group -TPM_RC -TPM2_PCR_SetAuthPolicy( - PCR_SetAuthPolicy_In *in // IN: input parameter list - ) -{ - UINT32 groupIndex; - - // The command needs NV update. Check if NV is available. - // A TPM_RC_NV_UNAVAILABLE or TPM_RC_NV_RATE error may be returned at - // this point - RETURN_IF_NV_IS_NOT_AVAILABLE; - -// Input Validation: - - // Check the authPolicy consistent with hash algorithm - if(in->authPolicy.t.size != CryptHashGetDigestSize(in->hashAlg)) - return TPM_RCS_SIZE + RC_PCR_SetAuthPolicy_authPolicy; - - // If PCR does not belong to a policy group, return TPM_RC_VALUE - if(!PCRBelongsPolicyGroup(in->pcrNum, &groupIndex)) - return TPM_RCS_VALUE + RC_PCR_SetAuthPolicy_pcrNum; - -// Internal Data Update - - // Set PCR policy - gp.pcrPolicies.hashAlg[groupIndex] = in->hashAlg; - gp.pcrPolicies.policy[groupIndex] = in->authPolicy; - - // Save new policy to NV - NV_SYNC_PERSISTENT(pcrPolicies); - - return TPM_RC_SUCCESS; -} - -#endif // CC_PCR_SetAuthPolicy \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/PCR/PCR_SetAuthValue.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/PCR/PCR_SetAuthValue.c deleted file mode 100644 index cee6d156a..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/PCR/PCR_SetAuthValue.c +++ /dev/null @@ -1,73 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "PCR_SetAuthValue_fp.h" - -#if CC_PCR_SetAuthValue // Conditional expansion of this file - -/*(See part 3 specification) -// Set authValue to a group of PCR -*/ -// Return Type: TPM_RC -// TPM_RC_VALUE PCR referenced by 'pcrHandle' is not a member -// of a PCR authorization group -TPM_RC -TPM2_PCR_SetAuthValue( - PCR_SetAuthValue_In *in // IN: input parameter list - ) -{ - UINT32 groupIndex; -// Input Validation: - - // If PCR does not belong to an auth group, return TPM_RC_VALUE - if(!PCRBelongsAuthGroup(in->pcrHandle, &groupIndex)) - return TPM_RC_VALUE; - - // The command may cause the orderlyState to be cleared due to the update of - // state clear data. If this is the case, Check if NV is available. - // A TPM_RC_NV_UNAVAILABLE or TPM_RC_NV_RATE error may be returned at - // this point - RETURN_IF_ORDERLY; - -// Internal Data Update - - // Set PCR authValue - MemoryRemoveTrailingZeros(&in->auth); - gc.pcrAuthValues.auth[groupIndex] = in->auth; - - return TPM_RC_SUCCESS; -} - -#endif // CC_PCR_SetAuthValue \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Random/GetRandom.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Random/GetRandom.c deleted file mode 100644 index 9e69818ee..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Random/GetRandom.c +++ /dev/null @@ -1,63 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "GetRandom_fp.h" - -#if CC_GetRandom // Conditional expansion of this file - -/*(See part 3 specification) -// random number generator -*/ -TPM_RC -TPM2_GetRandom( - GetRandom_In *in, // IN: input parameter list - GetRandom_Out *out // OUT: output parameter list - ) -{ -// Command Output - - // if the requested bytes exceed the output buffer size, generates the - // maximum bytes that the output buffer allows - if(in->bytesRequested > sizeof(TPMU_HA)) - out->randomBytes.t.size = sizeof(TPMU_HA); - else - out->randomBytes.t.size = in->bytesRequested; - - CryptRandomGenerate(out->randomBytes.t.size, out->randomBytes.t.buffer); - - return TPM_RC_SUCCESS; -} - -#endif // CC_GetRandom \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Random/StirRandom.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Random/StirRandom.c deleted file mode 100644 index befa55b32..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Random/StirRandom.c +++ /dev/null @@ -1,54 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "StirRandom_fp.h" - -#if CC_StirRandom // Conditional expansion of this file - -/*(See part 3 specification) -// add entropy to the RNG state -*/ -TPM_RC -TPM2_StirRandom( - StirRandom_In *in // IN: input parameter list - ) -{ -// Internal Data Update - CryptRandomStir(in->inData.t.size, in->inData.t.buffer); - - return TPM_RC_SUCCESS; -} - -#endif // CC_StirRandom \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Session/PolicyRestart.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Session/PolicyRestart.c deleted file mode 100644 index f4af4458c..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Session/PolicyRestart.c +++ /dev/null @@ -1,54 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "PolicyRestart_fp.h" - -#if CC_PolicyRestart // Conditional expansion of this file - -/*(See part 3 specification) -// Restore a policy session to its initial state -*/ -TPM_RC -TPM2_PolicyRestart( - PolicyRestart_In *in // IN: input parameter list - ) -{ - // Initialize policy session data - SessionResetPolicyData(SessionGet(in->sessionHandle)); - - return TPM_RC_SUCCESS; -} - -#endif // CC_PolicyRestart \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Session/StartAuthSession.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Session/StartAuthSession.c deleted file mode 100644 index 56eca7fe0..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Session/StartAuthSession.c +++ /dev/null @@ -1,165 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "StartAuthSession_fp.h" - -#if CC_StartAuthSession // Conditional expansion of this file - -/*(See part 3 specification) -// Start an authorization session -*/ -// Return Type: TPM_RC -// TPM_RC_ATTRIBUTES 'tpmKey' does not reference a decrypt key -// TPM_RC_CONTEXT_GAP the difference between the most recently created -// active context and the oldest active context is at -// the limits of the TPM -// TPM_RC_HANDLE input decrypt key handle only has public portion -// loaded -// TPM_RC_MODE 'symmetric' specifies a block cipher but the mode -// is not TPM_ALG_CFB. -// TPM_RC_SESSION_HANDLES no session handle is available -// TPM_RC_SESSION_MEMORY no more slots for loading a session -// TPM_RC_SIZE nonce less than 16 octets or greater than the size -// of the digest produced by 'authHash' -// TPM_RC_VALUE secret size does not match decrypt key type; or the -// recovered secret is larger than the digest size of -// the nameAlg of 'tpmKey'; or, for an RSA decrypt key, -// if 'encryptedSecret' is greater than the -// public modulus of 'tpmKey'. -TPM_RC -TPM2_StartAuthSession( - StartAuthSession_In *in, // IN: input parameter buffer - StartAuthSession_Out *out // OUT: output parameter buffer - ) -{ - TPM_RC result = TPM_RC_SUCCESS; - OBJECT *tpmKey; // TPM key for decrypt salt - TPM2B_DATA salt; - -// Input Validation - - // Check input nonce size. IT should be at least 16 bytes but not larger - // than the digest size of session hash. - if(in->nonceCaller.t.size < 16 - || in->nonceCaller.t.size > CryptHashGetDigestSize(in->authHash)) - return TPM_RCS_SIZE + RC_StartAuthSession_nonceCaller; - - // If an decrypt key is passed in, check its validation - if(in->tpmKey != TPM_RH_NULL) - { - // Get pointer to loaded decrypt key - tpmKey = HandleToObject(in->tpmKey); - - // key must be asymmetric with its sensitive area loaded. Since this - // command does not require authorization, the presence of the sensitive - // area was not already checked as it is with most other commands that - // use the sensitive are so check it here - if(!CryptIsAsymAlgorithm(tpmKey->publicArea.type)) - return TPM_RCS_KEY + RC_StartAuthSession_tpmKey; - // secret size cannot be 0 - if(in->encryptedSalt.t.size == 0) - return TPM_RCS_VALUE + RC_StartAuthSession_encryptedSalt; - // Decrypting salt requires accessing the private portion of a key. - // Therefore, tmpKey can not be a key with only public portion loaded - if(tpmKey->attributes.publicOnly) - return TPM_RCS_HANDLE + RC_StartAuthSession_tpmKey; - // HMAC session input handle check. - // tpmKey should be a decryption key - if(!IS_ATTRIBUTE(tpmKey->publicArea.objectAttributes, TPMA_OBJECT, decrypt)) - return TPM_RCS_ATTRIBUTES + RC_StartAuthSession_tpmKey; - // Secret Decryption. A TPM_RC_VALUE, TPM_RC_KEY or Unmarshal errors - // may be returned at this point - result = CryptSecretDecrypt(tpmKey, &in->nonceCaller, SECRET_KEY, - &in->encryptedSalt, &salt); - if(result != TPM_RC_SUCCESS) - return TPM_RCS_VALUE + RC_StartAuthSession_encryptedSalt; - } - else - { - // secret size must be 0 - if(in->encryptedSalt.t.size != 0) - return TPM_RCS_VALUE + RC_StartAuthSession_encryptedSalt; - salt.t.size = 0; - } - switch(HandleGetType(in->bind)) - { - case TPM_HT_TRANSIENT: - { - OBJECT *object = HandleToObject(in->bind); - // If the bind handle references a transient object, make sure that we - // can get to the authorization value. Also, make sure that the object - // has a proper Name (nameAlg != TPM_ALG_NULL). If it doesn't, then - // it might be possible to bind to an object where the authValue is - // known. This does not create a real issue in that, if you know the - // authorization value, you can actually bind to the object. However, - // there is a potential - if(object->attributes.publicOnly == SET) - return TPM_RCS_HANDLE + RC_StartAuthSession_bind; - break; - } - case TPM_HT_NV_INDEX: - // a PIN index can't be a bind object - { - NV_INDEX *nvIndex = NvGetIndexInfo(in->bind, NULL); - if(IsNvPinPassIndex(nvIndex->publicArea.attributes) - || IsNvPinFailIndex(nvIndex->publicArea.attributes)) - return TPM_RCS_HANDLE + RC_StartAuthSession_bind; - break; - } - default: - break; - } - // If 'symmetric' is a symmetric block cipher (not TPM_ALG_NULL or TPM_ALG_XOR) - // then the mode must be CFB. - if(in->symmetric.algorithm != TPM_ALG_NULL - && in->symmetric.algorithm != TPM_ALG_XOR - && in->symmetric.mode.sym != TPM_ALG_CFB) - return TPM_RCS_MODE + RC_StartAuthSession_symmetric; - -// Internal Data Update and command output - - // Create internal session structure. TPM_RC_CONTEXT_GAP, TPM_RC_NO_HANDLES - // or TPM_RC_SESSION_MEMORY errors may be returned at this point. - // - // The detailed actions for creating the session context are not shown here - // as the details are implementation dependent - // SessionCreate sets the output handle and nonceTPM - result = SessionCreate(in->sessionType, in->authHash, &in->nonceCaller, - &in->symmetric, in->bind, &salt, &out->sessionHandle, - &out->nonceTPM); - return result; -} - -#endif // CC_StartAuthSession \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Signature/Sign.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Signature/Sign.c deleted file mode 100644 index 286ac853a..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Signature/Sign.c +++ /dev/null @@ -1,112 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "Sign_fp.h" - -#if CC_Sign // Conditional expansion of this file - -#include "Attest_spt_fp.h" - -/*(See part 3 specification) -// sign an externally provided hash using an asymmetric signing key -*/ -// Return Type: TPM_RC -// TPM_RC_BINDING The public and private portions of the key are not -// properly bound. -// TPM_RC_KEY 'signHandle' does not reference a signing key; -// TPM_RC_SCHEME the scheme is not compatible with sign key type, -// or input scheme is not compatible with default -// scheme, or the chosen scheme is not a valid -// sign scheme -// TPM_RC_TICKET 'validation' is not a valid ticket -// TPM_RC_VALUE the value to sign is larger than allowed for the -// type of 'keyHandle' - -TPM_RC -TPM2_Sign( - Sign_In *in, // IN: input parameter list - Sign_Out *out // OUT: output parameter list - ) -{ - TPM_RC result; - TPMT_TK_HASHCHECK ticket; - OBJECT *signObject = HandleToObject(in->keyHandle); -// -// Input Validation - if(!IsSigningObject(signObject)) - return TPM_RCS_KEY + RC_Sign_keyHandle; - - // A key that will be used for x.509 signatures can't be used in TPM2_Sign(). - if(IS_ATTRIBUTE(signObject->publicArea.objectAttributes, TPMA_OBJECT, x509sign)) - return TPM_RCS_ATTRIBUTES + RC_Sign_keyHandle; - - // pick a scheme for sign. If the input sign scheme is not compatible with - // the default scheme, return an error. - if(!CryptSelectSignScheme(signObject, &in->inScheme)) - return TPM_RCS_SCHEME + RC_Sign_inScheme; - - // If validation is provided, or the key is restricted, check the ticket - if(in->validation.digest.t.size != 0 - || IS_ATTRIBUTE(signObject->publicArea.objectAttributes, - TPMA_OBJECT, restricted)) - { - // Compute and compare ticket - TicketComputeHashCheck(in->validation.hierarchy, - in->inScheme.details.any.hashAlg, - &in->digest, &ticket); - - if(!MemoryEqual2B(&in->validation.digest.b, &ticket.digest.b)) - return TPM_RCS_TICKET + RC_Sign_validation; - } - else - // If we don't have a ticket, at least verify that the provided 'digest' - // is the size of the scheme hashAlg digest. - // NOTE: this does not guarantee that the 'digest' is actually produced using - // the indicated hash algorithm, but at least it might be. - { - if(in->digest.t.size - != CryptHashGetDigestSize(in->inScheme.details.any.hashAlg)) - return TPM_RCS_SIZE + RC_Sign_digest; - } - -// Command Output - // Sign the hash. A TPM_RC_VALUE or TPM_RC_SCHEME - // error may be returned at this point - result = CryptSign(signObject, &in->inScheme, &in->digest, &out->signature); - - return result; -} - -#endif // CC_Sign \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Signature/VerifySignature.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Signature/VerifySignature.c deleted file mode 100644 index 52e7d3013..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Signature/VerifySignature.c +++ /dev/null @@ -1,93 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "VerifySignature_fp.h" - -#if CC_VerifySignature // Conditional expansion of this file - -/*(See part 3 specification) -// This command uses loaded key to validate an asymmetric signature on a message -// with the message digest passed to the TPM. -*/ -// Return Type: TPM_RC -// TPM_RC_ATTRIBUTES 'keyHandle' does not reference a signing key -// TPM_RC_SIGNATURE signature is not genuine -// TPM_RC_SCHEME CryptValidateSignature() -// TPM_RC_HANDLE the input handle is references an HMAC key but -// the private portion is not loaded -TPM_RC -TPM2_VerifySignature( - VerifySignature_In *in, // IN: input parameter list - VerifySignature_Out *out // OUT: output parameter list - ) -{ - TPM_RC result; - OBJECT *signObject = HandleToObject(in->keyHandle); - TPMI_RH_HIERARCHY hierarchy; - -// Input Validation - // The object to validate the signature must be a signing key. - if(!IS_ATTRIBUTE(signObject->publicArea.objectAttributes, TPMA_OBJECT, sign)) - return TPM_RCS_ATTRIBUTES + RC_VerifySignature_keyHandle; - - // Validate Signature. TPM_RC_SCHEME, TPM_RC_HANDLE or TPM_RC_SIGNATURE - // error may be returned by CryptCVerifySignatrue() - result = CryptValidateSignature(in->keyHandle, &in->digest, &in->signature); - if(result != TPM_RC_SUCCESS) - return RcSafeAddToResult(result, RC_VerifySignature_signature); - -// Command Output - - hierarchy = GetHeriarchy(in->keyHandle); - if(hierarchy == TPM_RH_NULL - || signObject->publicArea.nameAlg == TPM_ALG_NULL) - { - // produce empty ticket if hierarchy is TPM_RH_NULL or nameAlg is - // ALG_NULL - out->validation.tag = TPM_ST_VERIFIED; - out->validation.hierarchy = TPM_RH_NULL; - out->validation.digest.t.size = 0; - } - else - { - // Compute ticket - TicketComputeVerified(hierarchy, &in->digest, &signObject->name, - &out->validation); - } - - return TPM_RC_SUCCESS; -} - -#endif // CC_VerifySignature \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Startup/Shutdown.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Startup/Shutdown.c deleted file mode 100644 index faa4b9e9e..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Startup/Shutdown.c +++ /dev/null @@ -1,101 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "Shutdown_fp.h" - -#if CC_Shutdown // Conditional expansion of this file - -/*(See part 3 specification) -// Shut down TPM for power off -*/ -// Return Type: TPM_RC -// TPM_RC_TYPE if PCR bank has been re-configured, a -// CLEAR StateSave is required -TPM_RC -TPM2_Shutdown( - Shutdown_In *in // IN: input parameter list - ) -{ - // The command needs NV update. Check if NV is available. - // A TPM_RC_NV_UNAVAILABLE or TPM_RC_NV_RATE error may be returned at - // this point - RETURN_IF_NV_IS_NOT_AVAILABLE; - -// Input Validation - - // If PCR bank has been reconfigured, a CLEAR state save is required - if(g_pcrReConfig && in->shutdownType == TPM_SU_STATE) - return TPM_RCS_TYPE + RC_Shutdown_shutdownType; - -// Internal Data Update - - gp.orderlyState = in->shutdownType; - - // PCR private date state save - PCRStateSave(in->shutdownType); - - // Save RAM backed NV index data - NvUpdateIndexOrderlyData(); - -#if ACCUMULATE_SELF_HEAL_TIMER - // Save the current time value - go.time = g_time; -#endif - - // Save all orderly data - NvWrite(NV_ORDERLY_DATA, sizeof(ORDERLY_DATA), &go); - - if(in->shutdownType == TPM_SU_STATE) - { - // Save STATE_RESET and STATE_CLEAR data - NvWrite(NV_STATE_CLEAR_DATA, sizeof(STATE_CLEAR_DATA), &gc); - NvWrite(NV_STATE_RESET_DATA, sizeof(STATE_RESET_DATA), &gr); - - // Save the startup flags for resume - if(g_DrtmPreStartup) - gp.orderlyState = TPM_SU_STATE | PRE_STARTUP_FLAG; - else if(g_StartupLocality3) - gp.orderlyState = TPM_SU_STATE | STARTUP_LOCALITY_3; - } - // only two shutdown options. - else if(in->shutdownType != TPM_SU_CLEAR) - return TPM_RCS_VALUE + RC_Shutdown_shutdownType; - - NV_SYNC_PERSISTENT(orderlyState); - - return TPM_RC_SUCCESS; -} - -#endif // CC_Shutdown \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Startup/Startup.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Startup/Startup.c deleted file mode 100644 index 1039e95aa..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Startup/Startup.c +++ /dev/null @@ -1,244 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "Startup_fp.h" - -#if CC_Startup // Conditional expansion of this file - -/*(See part 3 specification) -// Initialize TPM because a system-wide reset -*/ -// Return Type: TPM_RC -// TPM_RC_LOCALITY a Startup(STATE) does not have the same H-CRTM -// state as the previous Startup() or the locality -// of the startup is not 0 pr 3 -// TPM_RC_NV_UNINITIALIZED the saved state cannot be recovered and a -// Startup(CLEAR) is required. -// TPM_RC_VALUE start up type is not compatible with previous -// shutdown sequence - -TPM_RC -TPM2_Startup( - Startup_In *in // IN: input parameter list - ) -{ - STARTUP_TYPE startup; - BYTE locality = _plat__LocalityGet(); - BOOL OK = TRUE; -// - // The command needs NV update. - RETURN_IF_NV_IS_NOT_AVAILABLE; - - // Get the flags for the current startup locality and the H-CRTM. - // Rather than generalizing the locality setting, this code takes advantage - // of the fact that the PC Client specification only allows Startup() - // from locality 0 and 3. To generalize this probably would require a - // redo of the NV space and since this is a feature that is hardly ever used - // outside of the PC Client, this code just support the PC Client needs. - -// Input Validation - // Check that the locality is a supported value - if(locality != 0 && locality != 3) - return TPM_RC_LOCALITY; - // If there was a H-CRTM, then treat the locality as being 3 - // regardless of what the Startup() was. This is done to preserve the - // H-CRTM PCR so that they don't get overwritten with the normal - // PCR startup initialization. This basically means that g_StartupLocality3 - // and g_DrtmPreStartup can't both be SET at the same time. - if(g_DrtmPreStartup) - locality = 0; - g_StartupLocality3 = (locality == 3); - -#if USE_DA_USED - // If there was no orderly shutdown, then their might have been a write to - // failedTries that didn't get recorded but only if g_daUsed was SET in the - // shutdown state - g_daUsed = (gp.orderlyState == SU_DA_USED_VALUE); - if(g_daUsed) - gp.orderlyState = SU_NONE_VALUE; -#endif - - g_prevOrderlyState = gp.orderlyState; - - // If there was a proper shutdown, then the startup modifiers are in the - // orderlyState. Turn them off in the copy. - if(IS_ORDERLY(g_prevOrderlyState)) - g_prevOrderlyState &= ~(PRE_STARTUP_FLAG | STARTUP_LOCALITY_3); - // If this is a Resume, - if(in->startupType == TPM_SU_STATE) - { - // then there must have been a prior TPM2_ShutdownState(STATE) - if(g_prevOrderlyState != TPM_SU_STATE) - return TPM_RCS_VALUE + RC_Startup_startupType; - // and the part of NV used for state save must have been recovered - // correctly. - // NOTE: if this fails, then the caller will need to do Startup(CLEAR). The - // code for Startup(Clear) cannot fail if the NV can't be read correctly - // because that would prevent the TPM from ever getting unstuck. - if(g_nvOk == FALSE) - return TPM_RC_NV_UNINITIALIZED; - // For Resume, the H-CRTM has to be the same as the previous boot - if(g_DrtmPreStartup != ((gp.orderlyState & PRE_STARTUP_FLAG) != 0)) - return TPM_RCS_VALUE + RC_Startup_startupType; - if(g_StartupLocality3 != ((gp.orderlyState & STARTUP_LOCALITY_3) != 0)) - return TPM_RC_LOCALITY; - } - // Clean up the gp state - gp.orderlyState = g_prevOrderlyState; - -// Internal Date Update - if((gp.orderlyState == TPM_SU_STATE) && (g_nvOk == TRUE)) - { - // Always read the data that is only cleared on a Reset because this is not - // a reset - NvRead(&gr, NV_STATE_RESET_DATA, sizeof(gr)); - if(in->startupType == TPM_SU_STATE) - { - // If this is a startup STATE (a Resume) need to read the data - // that is cleared on a startup CLEAR because this is not a Reset - // or Restart. - NvRead(&gc, NV_STATE_CLEAR_DATA, sizeof(gc)); - startup = SU_RESUME; - } - else - startup = SU_RESTART; - } - else - // Will do a TPM reset if Shutdown(CLEAR) and Startup(CLEAR) or no shutdown - // or there was a failure reading the NV data. - startup = SU_RESET; - // Startup for cryptographic library. Don't do this until after the orderly - // state has been read in from NV. - OK = OK && CryptStartup(startup); - - // When the cryptographic library has been started, indicate that a TPM2_Startup - // command has been received. - OK = OK && TPMRegisterStartup(); - -#ifdef VENDOR_PERMANENT - // Read the platform unique value that is used as VENDOR_PERMANENT - // authorization value - g_platformUniqueDetails.t.size - = (UINT16)_plat__GetUnique(1, sizeof(g_platformUniqueDetails.t.buffer), - g_platformUniqueDetails.t.buffer); -#endif - -// Start up subsystems - // Start set the safe flag - OK = OK && TimeStartup(startup); - - // Start dictionary attack subsystem - OK = OK && DAStartup(startup); - - // Enable hierarchies - OK = OK && HierarchyStartup(startup); - - // Restore/Initialize PCR - OK = OK && PCRStartup(startup, locality); - - // Restore/Initialize command audit information - OK = OK && CommandAuditStartup(startup); - -//// The following code was moved from Time.c where it made no sense - if(OK) - { - switch(startup) - { - case SU_RESUME: - // Resume sequence - gr.restartCount++; - break; - case SU_RESTART: - // Hibernate sequence - gr.clearCount++; - gr.restartCount++; - break; - default: - // Reset object context ID to 0 - gr.objectContextID = 0; - // Reset clearCount to 0 - gr.clearCount = 0; - - // Reset sequence - // Increase resetCount - gp.resetCount++; - - // Write resetCount to NV - NV_SYNC_PERSISTENT(resetCount); - - gp.totalResetCount++; - // We do not expect the total reset counter overflow during the life - // time of TPM. if it ever happens, TPM will be put to failure mode - // and there is no way to recover it. - // The reason that there is no recovery is that we don't increment - // the NV totalResetCount when incrementing would make it 0. When the - // TPM starts up again, the old value of totalResetCount will be read - // and we will get right back to here with the increment failing. - if(gp.totalResetCount == 0) - FAIL(FATAL_ERROR_INTERNAL); - - // Write total reset counter to NV - NV_SYNC_PERSISTENT(totalResetCount); - - // Reset restartCount - gr.restartCount = 0; - - break; - } - } - // Initialize session table - OK = OK && SessionStartup(startup); - - // Initialize object table - OK = OK && ObjectStartup(); - - // Initialize index/evict data. This function clears read/write locks - // in NV index - OK = OK && NvEntityStartup(startup); - - // Initialize the orderly shut down flag for this cycle to SU_NONE_VALUE. - gp.orderlyState = SU_NONE_VALUE; - - OK = OK && NV_SYNC_PERSISTENT(orderlyState); - - // This can be reset after the first completion of a TPM2_Startup() after - // a power loss. It can probably be reset earlier but this is an OK place. - if(OK) - g_powerWasLost = FALSE; - - return (OK) ? TPM_RC_SUCCESS : TPM_RC_FAILURE; -} - -#endif // CC_Startup \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Symmetric/EncryptDecrypt.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Symmetric/EncryptDecrypt.c deleted file mode 100644 index 16fd4bb89..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Symmetric/EncryptDecrypt.c +++ /dev/null @@ -1,163 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "EncryptDecrypt_fp.h" -#if CC_EncryptDecrypt2 -#include "EncryptDecrypt_spt_fp.h" -#endif - -#if CC_EncryptDecrypt // Conditional expansion of this file - -/*(See part 3 specification) -// symmetric encryption or decryption -*/ -// Return Type: TPM_RC -// TPM_RC_KEY is not a symmetric decryption key with both -// public and private portions loaded -// TPM_RC_SIZE 'IvIn' size is incompatible with the block cipher mode; -// or 'inData' size is not an even multiple of the block -// size for CBC or ECB mode -// TPM_RC_VALUE 'keyHandle' is restricted and the argument 'mode' does -// not match the key's mode -TPM_RC -TPM2_EncryptDecrypt( - EncryptDecrypt_In *in, // IN: input parameter list - EncryptDecrypt_Out *out // OUT: output parameter list - ) -{ -#if CC_EncryptDecrypt2 - return EncryptDecryptShared(in->keyHandle, in->decrypt, in->mode, - &in->ivIn, &in->inData, out); -#else - OBJECT *symKey; - UINT16 keySize; - UINT16 blockSize; - BYTE *key; - TPM_ALG_ID alg; - TPM_ALG_ID mode; - TPM_RC result; - BOOL OK; - TPMA_OBJECT attributes; - -// Input Validation - symKey = HandleToObject(in->keyHandle); - mode = symKey->publicArea.parameters.symDetail.sym.mode.sym; - attributes = symKey->publicArea.objectAttributes; - - // The input key should be a symmetric key - if(symKey->publicArea.type != TPM_ALG_SYMCIPHER) - return TPM_RCS_KEY + RC_EncryptDecrypt_keyHandle; - // The key must be unrestricted and allow the selected operation - OK = IS_ATTRIBUTE(attributes, TPMA_OBJECT, restricted) - if(YES == in->decrypt) - OK = OK && IS_ATTRIBUTE(attributes, TPMA_OBJECT, decrypt); - else - OK = OK && IS_ATTRIBUTE(attributes, TPMA_OBJECT, sign); - if(!OK) - return TPM_RCS_ATTRIBUTES + RC_EncryptDecrypt_keyHandle; - - // If the key mode is not TPM_ALG_NULL... - // or TPM_ALG_NULL - if(mode != TPM_ALG_NULL) - { - // then the input mode has to be TPM_ALG_NULL or the same as the key - if((in->mode != TPM_ALG_NULL) && (in->mode != mode)) - return TPM_RCS_MODE + RC_EncryptDecrypt_mode; - } - else - { - // if the key mode is null, then the input can't be null - if(in->mode == TPM_ALG_NULL) - return TPM_RCS_MODE + RC_EncryptDecrypt_mode; - mode = in->mode; - } - // The input iv for ECB mode should be an Empty Buffer. All the other modes - // should have an iv size same as encryption block size - keySize = symKey->publicArea.parameters.symDetail.sym.keyBits.sym; - alg = symKey->publicArea.parameters.symDetail.sym.algorithm; - blockSize = CryptGetSymmetricBlockSize(alg, keySize); - - // reverify the algorithm. This is mainly to keep static analysis tools happy - if(blockSize == 0) - return TPM_RCS_KEY + RC_EncryptDecrypt_keyHandle; - - // Note: When an algorithm is not supported by a TPM, the TPM_ALG_xxx for that - // algorithm is not defined. However, it is assumed that the ALG_xxx_VALUE for - // the algorithm is always defined. Both have the same numeric value. - // ALG_xxx_VALUE is used here so that the code does not get cluttered with - // #ifdef's. Having this check does not mean that the algorithm is supported. - // If it was not supported the unmarshaling code would have rejected it before - // this function were called. This means that, depending on the implementation, - // the check could be redundant but it doesn't hurt. - if(((mode == ALG_ECB_VALUE) && (in->ivIn.t.size != 0)) - || ((mode != ALG_ECB_VALUE) && (in->ivIn.t.size != blockSize))) - return TPM_RCS_SIZE + RC_EncryptDecrypt_ivIn; - - // The input data size of CBC mode or ECB mode must be an even multiple of - // the symmetric algorithm's block size - if(((mode == ALG_CBC_VALUE) || (mode == ALG_ECB_VALUE)) - && ((in->inData.t.size % blockSize) != 0)) - return TPM_RCS_SIZE + RC_EncryptDecrypt_inData; - - // Copy IV - // Note: This is copied here so that the calls to the encrypt/decrypt functions - // will modify the output buffer, not the input buffer - out->ivOut = in->ivIn; - -// Command Output - key = symKey->sensitive.sensitive.sym.t.buffer; - // For symmetric encryption, the cipher data size is the same as plain data - // size. - out->outData.t.size = in->inData.t.size; - if(in->decrypt == YES) - { - // Decrypt data to output - result = CryptSymmetricDecrypt(out->outData.t.buffer, alg, keySize, key, - &(out->ivOut), mode, in->inData.t.size, - in->inData.t.buffer); - } - else - { - // Encrypt data to output - result = CryptSymmetricEncrypt(out->outData.t.buffer, alg, keySize, key, - &(out->ivOut), mode, in->inData.t.size, - in->inData.t.buffer); - } - return result; -#endif // CC_EncryptDecrypt2 - -} - -#endif // CC_EncryptDecrypt \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Symmetric/EncryptDecrypt2.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Symmetric/EncryptDecrypt2.c deleted file mode 100644 index 4623c8999..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Symmetric/EncryptDecrypt2.c +++ /dev/null @@ -1,83 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "EncryptDecrypt2_fp.h" -#include "EncryptDecrypt_fp.h" -#include "EncryptDecrypt_spt_fp.h" - -#if CC_EncryptDecrypt2 // Conditional expansion of this file - -/*(See part 3 specification) -// symmetric encryption or decryption using modified parameter list -*/ -// Return Type: TPM_RC -// TPM_RC_KEY is not a symmetric decryption key with both -// public and private portions loaded -// TPM_RC_SIZE 'IvIn' size is incompatible with the block cipher mode; -// or 'inData' size is not an even multiple of the block -// size for CBC or ECB mode -// TPM_RC_VALUE 'keyHandle' is restricted and the argument 'mode' does -// not match the key's mode -TPM_RC -TPM2_EncryptDecrypt2( - EncryptDecrypt2_In *in, // IN: input parameter list - EncryptDecrypt2_Out *out // OUT: output parameter list - ) -{ - TPM_RC result; - // EncryptDecyrptShared() performs the operations as shown in - // TPM2_EncrypDecrypt - result = EncryptDecryptShared(in->keyHandle, in->decrypt, in->mode, - &in->ivIn, &in->inData, - (EncryptDecrypt_Out *)out); - // Handle response code swizzle. - switch(result) - { - case TPM_RCS_MODE + RC_EncryptDecrypt_mode: - result = TPM_RCS_MODE + RC_EncryptDecrypt2_mode; - break; - case TPM_RCS_SIZE + RC_EncryptDecrypt_ivIn: - result = TPM_RCS_SIZE + RC_EncryptDecrypt2_ivIn; - break; - case TPM_RCS_SIZE + RC_EncryptDecrypt_inData: - result = TPM_RCS_SIZE + RC_EncryptDecrypt2_inData; - break; - default: - break; - } - return result; -} - -#endif // CC_EncryptDecrypt2 \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Symmetric/EncryptDecrypt_spt.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Symmetric/EncryptDecrypt_spt.c deleted file mode 100644 index 593986648..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Symmetric/EncryptDecrypt_spt.c +++ /dev/null @@ -1,163 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "EncryptDecrypt_fp.h" -#include "EncryptDecrypt_spt_fp.h" - -#if CC_EncryptDecrypt2 - -/*(See part 3 specification) -// symmetric encryption or decryption -*/ -// Return Type: TPM_RC -// TPM_RC_KEY is not a symmetric decryption key with both -// public and private portions loaded -// TPM_RC_SIZE 'IvIn' size is incompatible with the block cipher mode; -// or 'inData' size is not an even multiple of the block -// size for CBC or ECB mode -// TPM_RC_VALUE 'keyHandle' is restricted and the argument 'mode' does -// not match the key's mode -TPM_RC -EncryptDecryptShared( - TPMI_DH_OBJECT keyHandleIn, - TPMI_YES_NO decryptIn, - TPMI_ALG_SYM_MODE modeIn, - TPM2B_IV *ivIn, - TPM2B_MAX_BUFFER *inData, - EncryptDecrypt_Out *out - ) -{ - OBJECT *symKey; - UINT16 keySize; - UINT16 blockSize; - BYTE *key; - TPM_ALG_ID alg; - TPM_ALG_ID mode; - TPM_RC result; - BOOL OK; -// Input Validation - symKey = HandleToObject(keyHandleIn); - mode = symKey->publicArea.parameters.symDetail.sym.mode.sym; - - // The input key should be a symmetric key - if(symKey->publicArea.type != TPM_ALG_SYMCIPHER) - return TPM_RCS_KEY + RC_EncryptDecrypt_keyHandle; - // The key must be unrestricted and allow the selected operation - OK = !IS_ATTRIBUTE(symKey->publicArea.objectAttributes, - TPMA_OBJECT, restricted); - if(YES == decryptIn) - OK = OK && IS_ATTRIBUTE(symKey->publicArea.objectAttributes, - TPMA_OBJECT, decrypt); - else - OK = OK && IS_ATTRIBUTE(symKey->publicArea.objectAttributes, - TPMA_OBJECT, sign); - if(!OK) - return TPM_RCS_ATTRIBUTES + RC_EncryptDecrypt_keyHandle; - - // Make sure that key is an encrypt/decrypt key and not SMAC - if(!CryptSymModeIsValid(mode, TRUE)) - return TPM_RCS_MODE + RC_EncryptDecrypt_keyHandle; - - // If the key mode is not TPM_ALG_NULL... - // or TPM_ALG_NULL - if(mode != TPM_ALG_NULL) - { - // then the input mode has to be TPM_ALG_NULL or the same as the key - if((modeIn != TPM_ALG_NULL) && (modeIn != mode)) - return TPM_RCS_MODE + RC_EncryptDecrypt_mode; - } - else - { - // if the key mode is null, then the input can't be null - if(modeIn == TPM_ALG_NULL) - return TPM_RCS_MODE + RC_EncryptDecrypt_mode; - mode = modeIn; - } - // The input iv for ECB mode should be an Empty Buffer. All the other modes - // should have an iv size same as encryption block size - keySize = symKey->publicArea.parameters.symDetail.sym.keyBits.sym; - alg = symKey->publicArea.parameters.symDetail.sym.algorithm; - blockSize = CryptGetSymmetricBlockSize(alg, keySize); - - // reverify the algorithm. This is mainly to keep static analysis tools happy - if(blockSize == 0) - return TPM_RCS_KEY + RC_EncryptDecrypt_keyHandle; - - // Note: When an algorithm is not supported by a TPM, the TPM_ALG_xxx for that - // algorithm is not defined. However, it is assumed that the ALG_xxx_VALUE for - // the algorithm is always defined. Both have the same numeric value. - // ALG_xxx_VALUE is used here so that the code does not get cluttered with - // #ifdef's. Having this check does not mean that the algorithm is supported. - // If it was not supported the unmarshaling code would have rejected it before - // this function were called. This means that, depending on the implementation, - // the check could be redundant but it doesn't hurt. - if(((mode == ALG_ECB_VALUE) && (ivIn->t.size != 0)) - || ((mode != ALG_ECB_VALUE) && (ivIn->t.size != blockSize))) - return TPM_RCS_SIZE + RC_EncryptDecrypt_ivIn; - - // The input data size of CBC mode or ECB mode must be an even multiple of - // the symmetric algorithm's block size - if(((mode == ALG_CBC_VALUE) || (mode == ALG_ECB_VALUE)) - && ((inData->t.size % blockSize) != 0)) - return TPM_RCS_SIZE + RC_EncryptDecrypt_inData; - - // Copy IV - // Note: This is copied here so that the calls to the encrypt/decrypt functions - // will modify the output buffer, not the input buffer - out->ivOut = *ivIn; - -// Command Output - key = symKey->sensitive.sensitive.sym.t.buffer; - // For symmetric encryption, the cipher data size is the same as plain data - // size. - out->outData.t.size = inData->t.size; - if(decryptIn == YES) - { - // Decrypt data to output - result = CryptSymmetricDecrypt(out->outData.t.buffer, alg, keySize, key, - &(out->ivOut), mode, inData->t.size, - inData->t.buffer); - } - else - { - // Encrypt data to output - result = CryptSymmetricEncrypt(out->outData.t.buffer, alg, keySize, key, - &(out->ivOut), mode, inData->t.size, - inData->t.buffer); - } - return result; -} - -#endif // CC_EncryptDecrypt \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Symmetric/HMAC.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Symmetric/HMAC.c deleted file mode 100644 index 29ec971d4..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Symmetric/HMAC.c +++ /dev/null @@ -1,108 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "HMAC_fp.h" - -#if CC_HMAC // Conditional expansion of this file - -/*(See part 3 specification) -// Compute HMAC on a data buffer -*/ -// Return Type: TPM_RC -// TPM_RC_ATTRIBUTES key referenced by 'handle' is a restricted key -// TPM_RC_KEY 'handle' does not reference a signing key -// TPM_RC_TYPE key referenced by 'handle' is not an HMAC key -// TPM_RC_VALUE 'hashAlg' is not compatible with the hash algorithm -// of the scheme of the object referenced by 'handle' -TPM_RC -TPM2_HMAC( - HMAC_In *in, // IN: input parameter list - HMAC_Out *out // OUT: output parameter list - ) -{ - HMAC_STATE hmacState; - OBJECT *hmacObject; - TPMI_ALG_HASH hashAlg; - TPMT_PUBLIC *publicArea; - -// Input Validation - - // Get HMAC key object and public area pointers - hmacObject = HandleToObject(in->handle); - publicArea = &hmacObject->publicArea; - // Make sure that the key is an HMAC key - if(publicArea->type != TPM_ALG_KEYEDHASH) - return TPM_RCS_TYPE + RC_HMAC_handle; - - // and that it is unrestricted - if(IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, restricted)) - return TPM_RCS_ATTRIBUTES + RC_HMAC_handle; - - // and that it is a signing key - if(!IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, sign)) - return TPM_RCS_KEY + RC_HMAC_handle; - - // See if the key has a default - if(publicArea->parameters.keyedHashDetail.scheme.scheme == TPM_ALG_NULL) - // it doesn't so use the input value - hashAlg = in->hashAlg; - else - { - // key has a default so use it - hashAlg - = publicArea->parameters.keyedHashDetail.scheme.details.hmac.hashAlg; - // and verify that the input was either the TPM_ALG_NULL or the default - if(in->hashAlg != TPM_ALG_NULL && in->hashAlg != hashAlg) - hashAlg = TPM_ALG_NULL; - } - // if we ended up without a hash algorithm then return an error - if(hashAlg == TPM_ALG_NULL) - return TPM_RCS_VALUE + RC_HMAC_hashAlg; - -// Command Output - - // Start HMAC stack - out->outHMAC.t.size = CryptHmacStart2B(&hmacState, hashAlg, - &hmacObject->sensitive.sensitive.bits.b); - // Adding HMAC data - CryptDigestUpdate2B(&hmacState.hashState, &in->buffer.b); - - // Complete HMAC - CryptHmacEnd2B(&hmacState, &out->outHMAC.b); - - return TPM_RC_SUCCESS; -} - -#endif // CC_HMAC \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Symmetric/Hash.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Symmetric/Hash.c deleted file mode 100644 index 9736185b3..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Symmetric/Hash.c +++ /dev/null @@ -1,88 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "Hash_fp.h" - -#if CC_Hash // Conditional expansion of this file - -/*(See part 3 specification) -// Hash a data buffer -*/ -TPM_RC -TPM2_Hash( - Hash_In *in, // IN: input parameter list - Hash_Out *out // OUT: output parameter list - ) -{ - HASH_STATE hashState; - -// Command Output - - // Output hash - // Start hash stack - out->outHash.t.size = CryptHashStart(&hashState, in->hashAlg); - // Adding hash data - CryptDigestUpdate2B(&hashState, &in->data.b); - // Complete hash - CryptHashEnd2B(&hashState, &out->outHash.b); - - // Output ticket - out->validation.tag = TPM_ST_HASHCHECK; - out->validation.hierarchy = in->hierarchy; - - if(in->hierarchy == TPM_RH_NULL) - { - // Ticket is not required - out->validation.hierarchy = TPM_RH_NULL; - out->validation.digest.t.size = 0; - } - else if(in->data.t.size >= sizeof(TPM_GENERATED) - && !TicketIsSafe(&in->data.b)) - { - // Ticket is not safe - out->validation.hierarchy = TPM_RH_NULL; - out->validation.digest.t.size = 0; - } - else - { - // Compute ticket - TicketComputeHashCheck(in->hierarchy, in->hashAlg, - &out->outHash, &out->validation); - } - - return TPM_RC_SUCCESS; -} - -#endif // CC_Hash \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Symmetric/MAC.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Symmetric/MAC.c deleted file mode 100644 index 219406c8e..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Symmetric/MAC.c +++ /dev/null @@ -1,94 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "MAC_fp.h" - -#if CC_MAC // Conditional expansion of this file - -/*(See part 3 specification) -// Compute MAC on a data buffer -*/ -// Return Type: TPM_RC -// TPM_RC_ATTRIBUTES key referenced by 'handle' is a restricted key -// TPM_RC_KEY 'handle' does not reference a signing key -// TPM_RC_TYPE key referenced by 'handle' is not an HMAC key -// TPM_RC_VALUE 'hashAlg' is not compatible with the hash algorithm -// of the scheme of the object referenced by 'handle' -TPM_RC -TPM2_MAC( - MAC_In *in, // IN: input parameter list - MAC_Out *out // OUT: output parameter list - ) -{ - OBJECT *keyObject; - HMAC_STATE state; - TPMT_PUBLIC *publicArea; - TPM_RC result; - -// Input Validation - // Get MAC key object and public area pointers - keyObject = HandleToObject(in->handle); - publicArea = &keyObject->publicArea; - - // If the key is not able to do a MAC, indicate that the handle selects an - // object that can't do a MAC - result = CryptSelectMac(publicArea, &in->inScheme); - if(result == TPM_RCS_TYPE) - return TPM_RCS_TYPE + RC_MAC_handle; - // If there is another error type, indicate that the scheme and key are not - // compatible - if(result != TPM_RC_SUCCESS) - return RcSafeAddToResult(result, RC_MAC_inScheme); - // Make sure that the key is not restricted - if(IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, restricted)) - return TPM_RCS_ATTRIBUTES + RC_MAC_handle; - // and that it is a signing key - if(!IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, sign)) - return TPM_RCS_KEY + RC_MAC_handle; -// Command Output - out->outMAC.t.size = CryptMacStart(&state, &publicArea->parameters, - in->inScheme, - &keyObject->sensitive.sensitive.any.b); - // If the mac can't start, treat it as a fatal error - if(out->outMAC.t.size == 0) - return TPM_RC_FAILURE; - CryptDigestUpdate2B(&state.hashState, &in->buffer.b); - // If the MAC result is not what was expected, it is a fatal error - if(CryptHmacEnd2B(&state, &out->outMAC.b) != out->outMAC.t.size) - return TPM_RC_FAILURE; - return TPM_RC_SUCCESS; -} - -#endif // CC_MAC \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Testing/GetTestResult.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Testing/GetTestResult.c deleted file mode 100644 index 3ded75a36..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Testing/GetTestResult.c +++ /dev/null @@ -1,61 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "GetTestResult_fp.h" - -#if CC_GetTestResult // Conditional expansion of this file - -/*(See part 3 specification) -// returns manufacturer-specific information regarding the results of a self- -// test and an indication of the test status. -*/ - -// In the reference implementation, this function is only reachable if the TPM is -// not in failure mode meaning that all tests that have been run have completed -// successfully. There is not test data and the test result is TPM_RC_SUCCESS. -TPM_RC -TPM2_GetTestResult( - GetTestResult_Out *out // OUT: output parameter list - ) -{ -// Command Output - - // Call incremental self test function in crypt module - out->testResult = CryptGetTestResult(&out->outData); - - return TPM_RC_SUCCESS; -} - -#endif // CC_GetTestResult \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Testing/IncrementalSelfTest.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Testing/IncrementalSelfTest.c deleted file mode 100644 index 2b62e7a67..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Testing/IncrementalSelfTest.c +++ /dev/null @@ -1,65 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "IncrementalSelfTest_fp.h" - -#if CC_IncrementalSelfTest // Conditional expansion of this file - -/*(See part 3 specification) -// perform a test of selected algorithms -*/ -// Return Type: TPM_RC -// TPM_RC_CANCELED the command was canceled (some tests may have -// completed) -// TPM_RC_VALUE an algorithm in the toTest list is not implemented -TPM_RC -TPM2_IncrementalSelfTest( - IncrementalSelfTest_In *in, // IN: input parameter list - IncrementalSelfTest_Out *out // OUT: output parameter list - ) -{ - TPM_RC result; -// Command Output - - // Call incremental self test function in crypt module. If this function - // returns TPM_RC_VALUE, it means that an algorithm on the 'toTest' list is - // not implemented. - result = CryptIncrementalSelfTest(&in->toTest, &out->toDoList); - if(result == TPM_RC_VALUE) - return TPM_RCS_VALUE + RC_IncrementalSelfTest_toTest; - return result; -} - -#endif // CC_IncrementalSelfTest \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Testing/SelfTest.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Testing/SelfTest.c deleted file mode 100644 index f5e0106f1..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Testing/SelfTest.c +++ /dev/null @@ -1,58 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "SelfTest_fp.h" - -#if CC_SelfTest // Conditional expansion of this file - -/*(See part 3 specification) -// perform a test of TPM capabilities -*/ -// Return Type: TPM_RC -// TPM_RC_CANCELED the command was canceled (some incremental -// process may have been made) -// TPM_RC_TESTING self test in process -TPM_RC -TPM2_SelfTest( - SelfTest_In *in // IN: input parameter list - ) -{ -// Command Output - - // Call self test function in crypt module - return CryptSelfTest(in->fullTest); -} - -#endif // CC_SelfTest \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Vendor/Vendor_TCG_Test.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Vendor/Vendor_TCG_Test.c deleted file mode 100644 index c06d50813..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Vendor/Vendor_TCG_Test.c +++ /dev/null @@ -1,50 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" - -#if CC_Vendor_TCG_Test // Conditional expansion of this file -#include "Vendor_TCG_Test_fp.h" - -TPM_RC -TPM2_Vendor_TCG_Test( - Vendor_TCG_Test_In *in, // IN: input parameter list - Vendor_TCG_Test_Out *out // OUT: output parameter list - ) -{ - out->outputData = in->inputData; - return TPM_RC_SUCCESS; -} - -#endif // CC_Vendor_TCG_Test \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/AlgorithmTests.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/AlgorithmTests.c deleted file mode 100644 index 9d203e5f4..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/AlgorithmTests.c +++ /dev/null @@ -1,963 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Introduction -// This file contains the code to perform the various self-test functions. -// -// NOTE: In this implementation, large local variables are made static to minimize -// stack usage, which is critical for stack-constrained platforms. - -//** Includes and Defines -#include "Tpm.h" - -#define SELF_TEST_DATA - -#if SELF_TEST - -// These includes pull in the data structures. They contain data definitions for the -// various tests. -#include "SelfTest.h" -#include "SymmetricTest.h" -#include "RsaTestData.h" -#include "EccTestData.h" -#include "HashTestData.h" -#include "KdfTestData.h" - -#define TEST_DEFAULT_TEST_HASH(vector) \ - if(TEST_BIT(DEFAULT_TEST_HASH, g_toTest)) \ - TestHash(DEFAULT_TEST_HASH, vector); - -// Make sure that the algorithm has been tested -#define CLEAR_BOTH(alg) { CLEAR_BIT(alg, *toTest); \ - if(toTest != &g_toTest) \ - CLEAR_BIT(alg, g_toTest); } - -#define SET_BOTH(alg) { SET_BIT(alg, *toTest); \ - if(toTest != &g_toTest) \ - SET_BIT(alg, g_toTest); } - -#define TEST_BOTH(alg) ((toTest != &g_toTest) \ - ? TEST_BIT(alg, *toTest) || TEST_BIT(alg, g_toTest) \ - : TEST_BIT(alg, *toTest)) - -// Can only cancel if doing a list. -#define CHECK_CANCELED \ - if(_plat__IsCanceled() && toTest != &g_toTest) \ - return TPM_RC_CANCELED; - -//** Hash Tests - -//*** Description -// The hash test does a known-value HMAC using the specified hash algorithm. - -//*** TestHash() -// The hash test function. -static TPM_RC -TestHash( - TPM_ALG_ID hashAlg, - ALGORITHM_VECTOR *toTest - ) -{ - static TPM2B_DIGEST computed; // value computed - static HMAC_STATE state; - UINT16 digestSize; - const TPM2B *testDigest = NULL; -// TPM2B_TYPE(HMAC_BLOCK, DEFAULT_TEST_HASH_BLOCK_SIZE); - - pAssert(hashAlg != ALG_NULL_VALUE); - switch(hashAlg) - { -#if ALG_SHA1 - case ALG_SHA1_VALUE: - testDigest = &c_SHA1_digest.b; - break; -#endif -#if ALG_SHA256 - case ALG_SHA256_VALUE: - testDigest = &c_SHA256_digest.b; - break; -#endif -#if ALG_SHA384 - case ALG_SHA384_VALUE: - testDigest = &c_SHA384_digest.b; - break; -#endif -#if ALG_SHA512 - case ALG_SHA512_VALUE: - testDigest = &c_SHA512_digest.b; - break; -#endif -#if ALG_SM3_256 - case ALG_SM3_256_VALUE: - testDigest = &c_SM3_256_digest.b; - break; -#endif - default: - FAIL(FATAL_ERROR_INTERNAL); - } - // Clear the to-test bits - CLEAR_BOTH(hashAlg); - - // Set the HMAC key to twice the digest size - digestSize = CryptHashGetDigestSize(hashAlg); - CryptHmacStart(&state, hashAlg, digestSize * 2, - (BYTE *)c_hashTestKey.t.buffer); - CryptDigestUpdate(&state.hashState, 2 * CryptHashGetBlockSize(hashAlg), - (BYTE *)c_hashTestData.t.buffer); - computed.t.size = digestSize; - CryptHmacEnd(&state, digestSize, computed.t.buffer); - if((testDigest->size != computed.t.size) - || (memcmp(testDigest->buffer, computed.t.buffer, computed.b.size) != 0)) - SELF_TEST_FAILURE; - return TPM_RC_SUCCESS; -} - -//** Symmetric Test Functions - -//*** MakeIv() -// Internal function to make the appropriate IV depending on the mode. -static UINT32 -MakeIv( - TPM_ALG_ID mode, // IN: symmetric mode - UINT32 size, // IN: block size of the algorithm - BYTE *iv // OUT: IV to fill in - ) -{ - BYTE i; - - if(mode == ALG_ECB_VALUE) - return 0; - if(mode == ALG_CTR_VALUE) - { - // The test uses an IV that has 0xff in the last byte - for(i = 1; i <= size; i++) - *iv++ = 0xff - (BYTE)(size - i); - } - else - { - for(i = 0; i < size; i++) - *iv++ = i; - } - return size; -} - -//*** TestSymmetricAlgorithm() -// Function to test a specific algorithm, key size, and mode. -static void -TestSymmetricAlgorithm( - const SYMMETRIC_TEST_VECTOR *test, // - TPM_ALG_ID mode // - ) -{ - static BYTE encrypted[MAX_SYM_BLOCK_SIZE * 2]; - static BYTE decrypted[MAX_SYM_BLOCK_SIZE * 2]; - static TPM2B_IV iv; -// - // Get the appropriate IV - iv.t.size = (UINT16)MakeIv(mode, test->ivSize, iv.t.buffer); - - // Encrypt known data - CryptSymmetricEncrypt(encrypted, test->alg, test->keyBits, test->key, &iv, - mode, test->dataInOutSize, test->dataIn); - // Check that it matches the expected value - if(!MemoryEqual(encrypted, test->dataOut[mode - ALG_CTR_VALUE], - test->dataInOutSize)) - SELF_TEST_FAILURE; - // Reinitialize the iv for decryption - MakeIv(mode, test->ivSize, iv.t.buffer); - CryptSymmetricDecrypt(decrypted, test->alg, test->keyBits, test->key, &iv, - mode, test->dataInOutSize, - test->dataOut[mode - ALG_CTR_VALUE]); - // Make sure that it matches what we started with - if(!MemoryEqual(decrypted, test->dataIn, test->dataInOutSize)) - SELF_TEST_FAILURE; -} - -//*** AllSymsAreDone() -// Checks if both symmetric algorithms have been tested. This is put here -// so that addition of a symmetric algorithm will be relatively easy to handle -// Return Type: BOOL -// TRUE(1) all symmetric algorithms tested -// FALSE(0) not all symmetric algorithms tested -static BOOL -AllSymsAreDone( - ALGORITHM_VECTOR *toTest - ) -{ - return (!TEST_BOTH(ALG_AES_VALUE) && !TEST_BOTH(ALG_SM4_VALUE)); -} - -//*** AllModesAreDone() -// Checks if all the modes have been tested -// Return Type: BOOL -// TRUE(1) all modes tested -// FALSE(0) all modes not tested -static BOOL -AllModesAreDone( - ALGORITHM_VECTOR *toTest - ) -{ - TPM_ALG_ID alg; - for(alg = TPM_SYM_MODE_FIRST; alg <= TPM_SYM_MODE_LAST; alg++) - if(TEST_BOTH(alg)) - return FALSE; - return TRUE; -} - -//*** TestSymmetric() -// If 'alg' is a symmetric block cipher, then all of the modes that are selected are -// tested. If 'alg' is a mode, then all algorithms of that mode are tested. -static TPM_RC -TestSymmetric( - TPM_ALG_ID alg, - ALGORITHM_VECTOR *toTest - ) -{ - SYM_INDEX index; - TPM_ALG_ID mode; -// - if(!TEST_BIT(alg, *toTest)) - return TPM_RC_SUCCESS; - if(alg == ALG_AES_VALUE || alg == ALG_SM4_VALUE || alg == ALG_CAMELLIA_VALUE) - { - // Will test the algorithm for all modes and key sizes - CLEAR_BOTH(alg); - - // A test this algorithm for all modes - for(index = 0; index < NUM_SYMS; index++) - { - if(c_symTestValues[index].alg == alg) - { - for(mode = TPM_SYM_MODE_FIRST; - mode <= TPM_SYM_MODE_LAST; - mode++) - { - if(TEST_BIT(mode, *toTest)) - TestSymmetricAlgorithm(&c_symTestValues[index], mode); - } - } - } - // if all the symmetric tests are done - if(AllSymsAreDone(toTest)) - { - // all symmetric algorithms tested so no modes should be set - for(alg = TPM_SYM_MODE_FIRST; alg <= TPM_SYM_MODE_LAST; alg++) - CLEAR_BOTH(alg); - } - } - else if(TPM_SYM_MODE_FIRST <= alg && alg <= TPM_SYM_MODE_LAST) - { - // Test this mode for all key sizes and algorithms - for(index = 0; index < NUM_SYMS; index++) - { - // The mode testing only comes into play when doing self tests - // by command. When doing self tests by command, the block ciphers are - // tested first. That means that all of their modes would have been - // tested for all key sizes. If there is no block cipher left to - // test, then clear this mode bit. - if(!TEST_BIT(ALG_AES_VALUE, *toTest) - && !TEST_BIT(ALG_SM4_VALUE, *toTest)) - { - CLEAR_BOTH(alg); - } - else - { - for(index = 0; index < NUM_SYMS; index++) - { - if(TEST_BIT(c_symTestValues[index].alg, *toTest)) - TestSymmetricAlgorithm(&c_symTestValues[index], alg); - } - // have tested this mode for all algorithms - CLEAR_BOTH(alg); - } - } - if(AllModesAreDone(toTest)) - { - CLEAR_BOTH(ALG_AES_VALUE); - CLEAR_BOTH(ALG_SM4_VALUE); - } - } - else - pAssert(alg == 0 && alg != 0); - return TPM_RC_SUCCESS; -} - -//** RSA Tests -#if ALG_RSA - -//*** Introduction -// The tests are for public key only operations and for private key operations. -// Signature verification and encryption are public key operations. They are tested -// by using a KVT. For signature verification, this means that a known good -// signature is checked by CryptRsaValidateSignature(). If it fails, then the -// TPM enters failure mode. For encryption, the TPM encrypts known values using -// the selected scheme and checks that the returned value matches the expected -// value. -// -// For private key operations, a full scheme check is used. For a signing key, a -// known key is used to sign a known message. Then that signature is verified. -// since the signature may involve use of random values, the signature will be -// different each time and we can't always check that the signature matches a -// known value. The same technique is used for decryption (RSADP/RSAEP). -// -// When an operation uses the public key and the verification has not been -// tested, the TPM will do a KVT. -// -// The test for the signing algorithm is built into the call for the algorithm - -//*** RsaKeyInitialize() -// The test key is defined by a public modulus and a private prime. The TPM's RSA -// code computes the second prime and the private exponent. -static void -RsaKeyInitialize( - OBJECT *testObject - ) -{ - MemoryCopy2B(&testObject->publicArea.unique.rsa.b, (P2B)&c_rsaPublicModulus, - sizeof(c_rsaPublicModulus)); - MemoryCopy2B(&testObject->sensitive.sensitive.rsa.b, (P2B)&c_rsaPrivatePrime, - sizeof(testObject->sensitive.sensitive.rsa.t.buffer)); - testObject->publicArea.parameters.rsaDetail.keyBits = RSA_TEST_KEY_SIZE * 8; - // Use the default exponent - testObject->publicArea.parameters.rsaDetail.exponent = 0; -} - -//*** TestRsaEncryptDecrypt() -// These tests are for a public key encryption that uses a random value. -static TPM_RC -TestRsaEncryptDecrypt( - TPM_ALG_ID scheme, // IN: the scheme - ALGORITHM_VECTOR *toTest // - ) -{ - static TPM2B_PUBLIC_KEY_RSA testInput; - static TPM2B_PUBLIC_KEY_RSA testOutput; - static OBJECT testObject; - const TPM2B_RSA_TEST_KEY *kvtValue = NULL; - TPM_RC result = TPM_RC_SUCCESS; - const TPM2B *testLabel = NULL; - TPMT_RSA_DECRYPT rsaScheme; -// - // Don't need to initialize much of the test object - RsaKeyInitialize(&testObject); - rsaScheme.scheme = scheme; - rsaScheme.details.anySig.hashAlg = DEFAULT_TEST_HASH; - CLEAR_BOTH(scheme); - CLEAR_BOTH(ALG_NULL_VALUE); - if(scheme == ALG_NULL_VALUE) - { - // This is an encryption scheme using the private key without any encoding. - memcpy(testInput.t.buffer, c_RsaTestValue, sizeof(c_RsaTestValue)); - testInput.t.size = sizeof(c_RsaTestValue); - if(TPM_RC_SUCCESS != CryptRsaEncrypt(&testOutput, &testInput.b, - &testObject, &rsaScheme, NULL, NULL)) - SELF_TEST_FAILURE; - if(!MemoryEqual(testOutput.t.buffer, c_RsaepKvt.buffer, c_RsaepKvt.size)) - SELF_TEST_FAILURE; - MemoryCopy2B(&testInput.b, &testOutput.b, sizeof(testInput.t.buffer)); - if(TPM_RC_SUCCESS != CryptRsaDecrypt(&testOutput.b, &testInput.b, - &testObject, &rsaScheme, NULL)) - SELF_TEST_FAILURE; - if(!MemoryEqual(testOutput.t.buffer, c_RsaTestValue, - sizeof(c_RsaTestValue))) - SELF_TEST_FAILURE; - } - else - { - // ALG_RSAES_VALUE: - // This is an decryption scheme using padding according to - // PKCS#1v2.1, 7.2. This padding uses random bits. To test a public - // key encryption that uses random data, encrypt a value and then - // decrypt the value and see that we get the encrypted data back. - // The hash is not used by this encryption so it can be TMP_ALG_NULL - - // ALG_OAEP_VALUE: - // This is also an decryption scheme and it also uses a - // pseudo-random - // value. However, this also uses a hash algorithm. So, we may need - // to test that algorithm before use. - if(scheme == ALG_OAEP_VALUE) - { - TEST_DEFAULT_TEST_HASH(toTest); - kvtValue = &c_OaepKvt; - testLabel = OAEP_TEST_STRING; - } - else if(scheme == ALG_RSAES_VALUE) - { - kvtValue = &c_RsaesKvt; - testLabel = NULL; - } - else - SELF_TEST_FAILURE; - // Only use a digest-size portion of the test value - memcpy(testInput.t.buffer, c_RsaTestValue, DEFAULT_TEST_DIGEST_SIZE); - testInput.t.size = DEFAULT_TEST_DIGEST_SIZE; - - // See if the encryption works - if(TPM_RC_SUCCESS != CryptRsaEncrypt(&testOutput, &testInput.b, - &testObject, &rsaScheme, testLabel, - NULL)) - SELF_TEST_FAILURE; - MemoryCopy2B(&testInput.b, &testOutput.b, sizeof(testInput.t.buffer)); - // see if we can decrypt this value and get the original data back - if(TPM_RC_SUCCESS != CryptRsaDecrypt(&testOutput.b, &testInput.b, - &testObject, &rsaScheme, testLabel)) - SELF_TEST_FAILURE; - // See if the results compare - if(testOutput.t.size != DEFAULT_TEST_DIGEST_SIZE - || !MemoryEqual(testOutput.t.buffer, c_RsaTestValue, - DEFAULT_TEST_DIGEST_SIZE)) - SELF_TEST_FAILURE; - // Now check that the decryption works on a known value - MemoryCopy2B(&testInput.b, (P2B)kvtValue, - sizeof(testInput.t.buffer)); - if(TPM_RC_SUCCESS != CryptRsaDecrypt(&testOutput.b, &testInput.b, - &testObject, &rsaScheme, testLabel)) - SELF_TEST_FAILURE; - if(testOutput.t.size != DEFAULT_TEST_DIGEST_SIZE - || !MemoryEqual(testOutput.t.buffer, c_RsaTestValue, - DEFAULT_TEST_DIGEST_SIZE)) - SELF_TEST_FAILURE; - } - return result; -} - -//*** TestRsaSignAndVerify() -// This function does the testing of the RSA sign and verification functions. This -// test does a KVT. -static TPM_RC -TestRsaSignAndVerify( - TPM_ALG_ID scheme, - ALGORITHM_VECTOR *toTest - ) -{ - TPM_RC result = TPM_RC_SUCCESS; - static OBJECT testObject; - static TPM2B_DIGEST testDigest; - static TPMT_SIGNATURE testSig; - - // Do a sign and signature verification. - // RSASSA: - // This is a signing scheme according to PKCS#1-v2.1 8.2. It does not - // use random data so there is a KVT for the signing operation. On - // first use of the scheme for signing, use the TPM's RSA key to - // sign a portion of c_RsaTestData and compare the results to c_RsassaKvt. Then - // decrypt the data to see that it matches the starting value. This verifies - // the signature with a KVT - - // Clear the bits indicating that the function has not been checked. This is to - // prevent looping - CLEAR_BOTH(scheme); - CLEAR_BOTH(ALG_NULL_VALUE); - CLEAR_BOTH(ALG_RSA_VALUE); - - RsaKeyInitialize(&testObject); - memcpy(testDigest.t.buffer, (BYTE *)c_RsaTestValue, DEFAULT_TEST_DIGEST_SIZE); - testDigest.t.size = DEFAULT_TEST_DIGEST_SIZE; - testSig.sigAlg = scheme; - testSig.signature.rsapss.hash = DEFAULT_TEST_HASH; - - // RSAPSS: - // This is a signing scheme a according to PKCS#1-v2.2 8.1 it uses - // random data in the signature so there is no KVT for the signing - // operation. To test signing, the TPM will use the TPM's RSA key - // to sign a portion of c_RsaTestValue and then it will verify the - // signature. For verification, c_RsapssKvt is verified before the - // user signature blob is verified. The worst case for testing of this - // algorithm is two private and one public key operation. - - // The process is to sign known data. If RSASSA is being done, verify that the - // signature matches the precomputed value. For both, use the signed value and - // see that the verification says that it is a good signature. Then - // if testing RSAPSS, do a verify of a known good signature. This ensures that - // the validation function works. - - if(TPM_RC_SUCCESS != CryptRsaSign(&testSig, &testObject, &testDigest, NULL)) - SELF_TEST_FAILURE; - // For RSASSA, make sure the results is what we are looking for - if(testSig.sigAlg == ALG_RSASSA_VALUE) - { - if(testSig.signature.rsassa.sig.t.size != RSA_TEST_KEY_SIZE - || !MemoryEqual(c_RsassaKvt.buffer, - testSig.signature.rsassa.sig.t.buffer, - RSA_TEST_KEY_SIZE)) - SELF_TEST_FAILURE; - } - // See if the TPM will validate its own signatures - if(TPM_RC_SUCCESS != CryptRsaValidateSignature(&testSig, &testObject, - &testDigest)) - SELF_TEST_FAILURE; - // If this is RSAPSS, check the verification with known signature - // Have to copy because CrytpRsaValidateSignature() eats the signature - if(ALG_RSAPSS_VALUE == scheme) - { - MemoryCopy2B(&testSig.signature.rsapss.sig.b, (P2B)&c_RsapssKvt, - sizeof(testSig.signature.rsapss.sig.t.buffer)); - if(TPM_RC_SUCCESS != CryptRsaValidateSignature(&testSig, &testObject, - &testDigest)) - SELF_TEST_FAILURE; - } - return result; -} - -//*** TestRSA() -// Function uses the provided vector to indicate which tests to run. It will clear -// the vector after each test is run and also clear g_toTest -static TPM_RC -TestRsa( - TPM_ALG_ID alg, - ALGORITHM_VECTOR *toTest - ) -{ - TPM_RC result = TPM_RC_SUCCESS; -// - switch(alg) - { - case ALG_NULL_VALUE: - // This is the RSAEP/RSADP function. If we are processing a list, don't - // need to test these now because any other test will validate - // RSAEP/RSADP. Can tell this is list of test by checking to see if - // 'toTest' is pointing at g_toTest. If so, this is an isolated test - // an need to go ahead and do the test; - if((toTest == &g_toTest) - || (!TEST_BIT(ALG_RSASSA_VALUE, *toTest) - && !TEST_BIT(ALG_RSAES_VALUE, *toTest) - && !TEST_BIT(ALG_RSAPSS_VALUE, *toTest) - && !TEST_BIT(ALG_OAEP_VALUE, *toTest))) - // Not running a list of tests or no other tests on the list - // so run the test now - result = TestRsaEncryptDecrypt(alg, toTest); - // if not running the test now, leave the bit on, just in case things - // get interrupted - break; - case ALG_OAEP_VALUE: - case ALG_RSAES_VALUE: - result = TestRsaEncryptDecrypt(alg, toTest); - break; - case ALG_RSAPSS_VALUE: - case ALG_RSASSA_VALUE: - result = TestRsaSignAndVerify(alg, toTest); - break; - default: - SELF_TEST_FAILURE; - } - return result; -} - -#endif // ALG_RSA - -//** ECC Tests - -#if ALG_ECC - -//*** LoadEccParameter() -// This function is mostly for readability and type checking -static void -LoadEccParameter( - TPM2B_ECC_PARAMETER *to, // target - const TPM2B_EC_TEST *from // source - ) -{ - MemoryCopy2B(&to->b, &from->b, sizeof(to->t.buffer)); -} - -//*** LoadEccPoint() -static void -LoadEccPoint( - TPMS_ECC_POINT *point, // target - const TPM2B_EC_TEST *x, // source - const TPM2B_EC_TEST *y - ) -{ - MemoryCopy2B(&point->x.b, (TPM2B *)x, sizeof(point->x.t.buffer)); - MemoryCopy2B(&point->y.b, (TPM2B *)y, sizeof(point->y.t.buffer)); -} - -//*** TestECDH() -// This test does a KVT on a point multiply. -static TPM_RC -TestECDH( - TPM_ALG_ID scheme, // IN: for consistency - ALGORITHM_VECTOR *toTest // IN/OUT: modified after test is run - ) -{ - static TPMS_ECC_POINT Z; - static TPMS_ECC_POINT Qe; - static TPM2B_ECC_PARAMETER ds; - TPM_RC result = TPM_RC_SUCCESS; -// - NOT_REFERENCED(scheme); - CLEAR_BOTH(ALG_ECDH_VALUE); - LoadEccParameter(&ds, &c_ecTestKey_ds); - LoadEccPoint(&Qe, &c_ecTestKey_QeX, &c_ecTestKey_QeY); - if(TPM_RC_SUCCESS != CryptEccPointMultiply(&Z, c_testCurve, &Qe, &ds, - NULL, NULL)) - SELF_TEST_FAILURE; - if(!MemoryEqual2B(&c_ecTestEcdh_X.b, &Z.x.b) - || !MemoryEqual2B(&c_ecTestEcdh_Y.b, &Z.y.b)) - SELF_TEST_FAILURE; - return result; -} - -//*** TestEccSignAndVerify() -static TPM_RC -TestEccSignAndVerify( - TPM_ALG_ID scheme, - ALGORITHM_VECTOR *toTest - ) -{ - static OBJECT testObject; - static TPMT_SIGNATURE testSig; - static TPMT_ECC_SCHEME eccScheme; - - testSig.sigAlg = scheme; - testSig.signature.ecdsa.hash = DEFAULT_TEST_HASH; - - eccScheme.scheme = scheme; - eccScheme.details.anySig.hashAlg = DEFAULT_TEST_HASH; - - CLEAR_BOTH(scheme); - CLEAR_BOTH(ALG_ECDH_VALUE); - - // ECC signature verification testing uses a KVT. - switch(scheme) - { - case ALG_ECDSA_VALUE: - LoadEccParameter(&testSig.signature.ecdsa.signatureR, &c_TestEcDsa_r); - LoadEccParameter(&testSig.signature.ecdsa.signatureS, &c_TestEcDsa_s); - break; - case ALG_ECSCHNORR_VALUE: - LoadEccParameter(&testSig.signature.ecschnorr.signatureR, - &c_TestEcSchnorr_r); - LoadEccParameter(&testSig.signature.ecschnorr.signatureS, - &c_TestEcSchnorr_s); - break; - case ALG_SM2_VALUE: - // don't have a test for SM2 - return TPM_RC_SUCCESS; - default: - SELF_TEST_FAILURE; - break; - } - TEST_DEFAULT_TEST_HASH(toTest); - - // Have to copy the key. This is because the size used in the test vectors - // is the size of the ECC parameter for the test key while the size of a point - // is TPM dependent - MemoryCopy2B(&testObject.sensitive.sensitive.ecc.b, &c_ecTestKey_ds.b, - sizeof(testObject.sensitive.sensitive.ecc.t.buffer)); - LoadEccPoint(&testObject.publicArea.unique.ecc, &c_ecTestKey_QsX, - &c_ecTestKey_QsY); - testObject.publicArea.parameters.eccDetail.curveID = c_testCurve; - - if(TPM_RC_SUCCESS != CryptEccValidateSignature(&testSig, &testObject, - (TPM2B_DIGEST *)&c_ecTestValue.b)) - { - SELF_TEST_FAILURE; - } - CHECK_CANCELED; - - // Now sign and verify some data - if(TPM_RC_SUCCESS != CryptEccSign(&testSig, &testObject, - (TPM2B_DIGEST *)&c_ecTestValue, - &eccScheme, NULL)) - SELF_TEST_FAILURE; - - CHECK_CANCELED; - - if(TPM_RC_SUCCESS != CryptEccValidateSignature(&testSig, &testObject, - (TPM2B_DIGEST *)&c_ecTestValue)) - SELF_TEST_FAILURE; - - CHECK_CANCELED; - - return TPM_RC_SUCCESS; -} - -//*** TestKDFa() -static TPM_RC -TestKDFa( - ALGORITHM_VECTOR *toTest - ) -{ - static TPM2B_KDF_TEST_KEY keyOut; - UINT32 counter = 0; -// - CLEAR_BOTH(ALG_KDF1_SP800_108_VALUE); - - keyOut.t.size = CryptKDFa(KDF_TEST_ALG, &c_kdfTestKeyIn.b, &c_kdfTestLabel.b, - &c_kdfTestContextU.b, &c_kdfTestContextV.b, - TEST_KDF_KEY_SIZE * 8, keyOut.t.buffer, - &counter, FALSE); - if ( keyOut.t.size != TEST_KDF_KEY_SIZE - || !MemoryEqual(keyOut.t.buffer, c_kdfTestKeyOut.t.buffer, - TEST_KDF_KEY_SIZE)) - SELF_TEST_FAILURE; - - return TPM_RC_SUCCESS; -} - -//*** TestEcc() -static TPM_RC -TestEcc( - TPM_ALG_ID alg, - ALGORITHM_VECTOR *toTest - ) -{ - TPM_RC result = TPM_RC_SUCCESS; - NOT_REFERENCED(toTest); - switch(alg) - { - case ALG_ECC_VALUE: - case ALG_ECDH_VALUE: - // If this is in a loop then see if another test is going to deal with - // this. - // If toTest is not a self-test list - if((toTest == &g_toTest) - // or this is the only ECC test in the list - || !(TEST_BIT(ALG_ECDSA_VALUE, *toTest) - || TEST_BIT(ALG_ECSCHNORR, *toTest) - || TEST_BIT(ALG_SM2_VALUE, *toTest))) - { - result = TestECDH(alg, toTest); - } - break; - case ALG_ECDSA_VALUE: - case ALG_ECSCHNORR_VALUE: - case ALG_SM2_VALUE: - result = TestEccSignAndVerify(alg, toTest); - break; - default: - SELF_TEST_FAILURE; - break; - } - return result; -} - -#endif // ALG_ECC - -//*** TestAlgorithm() -// Dispatches to the correct test function for the algorithm or gets a list of -// testable algorithms. -// -// If 'toTest' is not NULL, then the test decisions are based on the algorithm -// selections in 'toTest'. Otherwise, 'g_toTest' is used. When bits are clear in -// 'g_toTest' they will also be cleared 'toTest'. -// -// If there doesn't happen to be a test for the algorithm, its associated bit is -// quietly cleared. -// -// If 'alg' is zero (TPM_ALG_ERROR), then the toTest vector is cleared of any bits -// for which there is no test (i.e. no tests are actually run but the vector is -// cleared). -// -// Note: 'toTest' will only ever have bits set for implemented algorithms but 'alg' -// can be anything. -// Return Type: TPM_RC -// TPM_RC_CANCELED test was canceled -LIB_EXPORT -TPM_RC -TestAlgorithm( - TPM_ALG_ID alg, - ALGORITHM_VECTOR *toTest - ) -{ - TPM_ALG_ID first = (alg == ALG_ERROR_VALUE) ? ALG_FIRST_VALUE : alg; - TPM_ALG_ID last = (alg == ALG_ERROR_VALUE) ? ALG_LAST_VALUE : alg; - BOOL doTest = (alg != ALG_ERROR_VALUE); - TPM_RC result = TPM_RC_SUCCESS; - - if(toTest == NULL) - toTest = &g_toTest; - - // This is kind of strange. This function will either run a test of the selected - // algorithm or just clear a bit if there is no test for the algorithm. So, - // either this loop will be executed once for the selected algorithm or once for - // each of the possible algorithms. If it is executed more than once ('alg' == - // ALG_ERROR), then no test will be run but bits will be cleared for - // unimplemented algorithms. This was done this way so that there is only one - // case statement with all of the algorithms. It was easier to have one case - // statement than to have multiple ones to manage whenever an algorithm ID is - // added. - for(alg = first; (alg <= last); alg++) - { - // if 'alg' was TPM_ALG_ERROR, then we will be cycling through - // values, some of which may not be implemented. If the bit in toTest - // happens to be set, then we could either generated an assert, or just - // silently CLEAR it. Decided to just clear. - if(!TEST_BIT(alg, g_implementedAlgorithms)) - { - CLEAR_BIT(alg, *toTest); - continue; - } - // Process whatever is left. - // NOTE: since this switch will only be called if the algorithm is - // implemented, it is not necessary to modify this list except to comment - // out the algorithms for which there is no test - switch(alg) - { - // Symmetric block ciphers -#if ALG_AES - case ALG_AES_VALUE: -#endif // ALG_AES -#if ALG_SM4 - // if SM4 is implemented, its test is like other block ciphers but there - // aren't any test vectors for it yet -// case ALG_SM4_VALUE: -#endif // ALG_SM4 -#if ALG_CAMELLIA - // no test vectors for camellia -// case ALG_CAMELLIA_VALUE: -#endif - // Symmetric modes -#if !ALG_CFB -# error CFB is required in all TPM implementations -#endif // !ALG_CFB - case ALG_CFB_VALUE: - if(doTest) - result = TestSymmetric(alg, toTest); - break; -#if ALG_CTR - case ALG_CTR_VALUE: -#endif // ALG_CRT -#if ALG_OFB - case ALG_OFB_VALUE: -#endif // ALG_OFB -#if ALG_CBC - case ALG_CBC_VALUE: -#endif // ALG_CBC -#if ALG_ECB - case ALG_ECB_VALUE: -#endif - if(doTest) - result = TestSymmetric(alg, toTest); - else - // If doing the initialization of g_toTest vector, only need - // to test one of the modes for the symmetric algorithms. If - // initializing for a SelfTest(FULL_TEST), allow all the modes. - if(toTest == &g_toTest) - CLEAR_BIT(alg, *toTest); - break; -#if !ALG_HMAC -# error HMAC is required in all TPM implementations -#endif - case ALG_HMAC_VALUE: - // Clear the bit that indicates that HMAC is required because - // HMAC is used as the basic test for all hash algorithms. - CLEAR_BOTH(alg); - // Testing HMAC means test the default hash - if(doTest) - TestHash(DEFAULT_TEST_HASH, toTest); - else - // If not testing, then indicate that the hash needs to be - // tested because this uses HMAC - SET_BOTH(DEFAULT_TEST_HASH); - break; -#if ALG_SHA1 - case ALG_SHA1_VALUE: -#endif // ALG_SHA1 -#if ALG_SHA256 - case ALG_SHA256_VALUE: -#endif // ALG_SHA256 -#if ALG_SHA384 - case ALG_SHA384_VALUE: -#endif // ALG_SHA384 -#if ALG_SHA512 - case ALG_SHA512_VALUE: -#endif // ALG_SHA512 - // if SM3 is implemented its test is like any other hash, but there - // aren't any test vectors yet. -#if ALG_SM3_256 -// case ALG_SM3_256_VALUE: -#endif // ALG_SM3_256 - if(doTest) - result = TestHash(alg, toTest); - break; - // RSA-dependent -#if ALG_RSA - case ALG_RSA_VALUE: - CLEAR_BOTH(alg); - if(doTest) - result = TestRsa(ALG_NULL_VALUE, toTest); - else - SET_BOTH(ALG_NULL_VALUE); - break; - case ALG_RSASSA_VALUE: - case ALG_RSAES_VALUE: - case ALG_RSAPSS_VALUE: - case ALG_OAEP_VALUE: - case ALG_NULL_VALUE: // used or RSADP - if(doTest) - result = TestRsa(alg, toTest); - break; -#endif // ALG_RSA -#if ALG_KDF1_SP800_108 - case ALG_KDF1_SP800_108_VALUE: - if(doTest) - result = TestKDFa(toTest); - break; -#endif // ALG_KDF1_SP800_108 -#if ALG_ECC - // ECC dependent but no tests - // case ALG_ECDAA_VALUE: - // case ALG_ECMQV_VALUE: - // case ALG_KDF1_SP800_56a_VALUE: - // case ALG_KDF2_VALUE: - // case ALG_MGF1_VALUE: - case ALG_ECC_VALUE: - CLEAR_BOTH(alg); - if(doTest) - result = TestEcc(ALG_ECDH_VALUE, toTest); - else - SET_BOTH(ALG_ECDH_VALUE); - break; - case ALG_ECDSA_VALUE: - case ALG_ECDH_VALUE: - case ALG_ECSCHNORR_VALUE: -// case ALG_SM2_VALUE: - if(doTest) - result = TestEcc(alg, toTest); - break; -#endif // ALG_ECC - default: - CLEAR_BIT(alg, *toTest); - break; - } - if(result != TPM_RC_SUCCESS) - break; - } - return result; -} - -#endif // SELF_TESTS \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/BnConvert.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/BnConvert.c deleted file mode 100644 index f729cfe6f..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/BnConvert.c +++ /dev/null @@ -1,295 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Introduction -// This file contains the basic conversion functions that will convert TPM2B -// to/from the internal format. The internal format is a bigNum, -// - -//** Includes - -#include "Tpm.h" - -//** Functions - -//*** BnFromBytes() -// This function will convert a big-endian byte array to the internal number -// format. If bn is NULL, then the output is NULL. If bytes is null or the -// required size is 0, then the output is set to zero -LIB_EXPORT bigNum -BnFromBytes( - bigNum bn, - const BYTE *bytes, - NUMBYTES nBytes - ) -{ - const BYTE *pFrom; // 'p' points to the least significant bytes of source - BYTE *pTo; // points to least significant bytes of destination - crypt_uword_t size; -// - - size = (bytes != NULL) ? BYTES_TO_CRYPT_WORDS(nBytes) : 0; - - // If nothing in, nothing out - if(bn == NULL) - return NULL; - - // make sure things fit - pAssert(BnGetAllocated(bn) >= size); - - if(size > 0) - { - // Clear the topmost word in case it is not filled with data - bn->d[size - 1] = 0; - // Moving the input bytes from the end of the list (LSB) end - pFrom = bytes + nBytes - 1; - // To the LS0 of the LSW of the bigNum. - pTo = (BYTE *)bn->d; - for(; nBytes != 0; nBytes--) - *pTo++ = *pFrom--; - // For a little-endian machine, the conversion is a straight byte - // reversal. For a big-endian machine, we have to put the words in - // big-endian byte order -#if BIG_ENDIAN_TPM - { - crypt_word_t t; - for(t = (crypt_word_t)size - 1; t >= 0; t--) - bn->d[t] = SWAP_CRYPT_WORD(bn->d[t]); - } -#endif - } - BnSetTop(bn, size); - return bn; -} - -//*** BnFrom2B() -// Convert an TPM2B to a BIG_NUM. -// If the input value does not exist, or the output does not exist, or the input -// will not fit into the output the function returns NULL -LIB_EXPORT bigNum -BnFrom2B( - bigNum bn, // OUT: - const TPM2B *a2B // IN: number to convert - ) -{ - if(a2B != NULL) - return BnFromBytes(bn, a2B->buffer, a2B->size); - // Make sure that the number has an initialized value rather than whatever - // was there before - BnSetTop(bn, 0); // Function accepts NULL - return NULL; -} - -//*** BnFromHex() -// Convert a hex string into a bigNum. This is primarily used in debugging. -LIB_EXPORT bigNum -BnFromHex( - bigNum bn, // OUT: - const char *hex // IN: - ) -{ -#define FromHex(a) ((a) - (((a) > 'a') ? ('a' + 10) \ - : ((a) > 'A') ? ('A' - 10) : '0')) - unsigned i; - unsigned wordCount; - const char *p; - BYTE *d = (BYTE *)&(bn->d[0]); -// - pAssert(bn && hex); - i = (unsigned)strlen(hex); - wordCount = BYTES_TO_CRYPT_WORDS((i + 1) / 2); - if((i == 0) || (wordCount >= BnGetAllocated(bn))) - BnSetWord(bn, 0); - else - { - bn->d[wordCount - 1] = 0; - p = hex + i - 1; - for(;i > 1; i -= 2) - { - BYTE a; - a = FromHex(*p); - p--; - *d++ = a + (FromHex(*p) << 4); - p--; - } - if(i == 1) - *d = FromHex(*p); - } -#if !BIG_ENDIAN_TPM - for(i = 0; i < wordCount; i++) - bn->d[i] = SWAP_CRYPT_WORD(bn->d[i]); -#endif // BIG_ENDIAN_TPM - BnSetTop(bn, wordCount); - return bn; -} - -//*** BnToBytes() -// This function converts a BIG_NUM to a byte array. It converts the bigNum to a -// big-endian byte string and sets 'size' to the normalized value. If 'size' is an -// input 0, then the receiving buffer is guaranteed to be large enough for the result -// and the size will be set to the size required for bigNum (leading zeros -// suppressed). -// -// The conversion for a little-endian machine simply requires that all significant -// bytes of the bigNum be reversed. For a big-endian machine, rather than -// unpack each word individually, the bigNum is converted to little-endian words, -// copied, and then converted back to big-endian. -LIB_EXPORT BOOL -BnToBytes( - bigConst bn, - BYTE *buffer, - NUMBYTES *size // This the number of bytes that are - // available in the buffer. The result - // should be this big. - ) -{ - crypt_uword_t requiredSize; - BYTE *pFrom; - BYTE *pTo; - crypt_uword_t count; -// - // validate inputs - pAssert(bn && buffer && size); - - requiredSize = (BnSizeInBits(bn) + 7) / 8; - if(requiredSize == 0) - { - // If the input value is 0, return a byte of zero - *size = 1; - *buffer = 0; - } - else - { -#if BIG_ENDIAN_TPM - // Copy the constant input value into a modifiable value - BN_VAR(bnL, LARGEST_NUMBER_BITS * 2); - BnCopy(bnL, bn); - // byte swap the words in the local value to make them little-endian - for(count = 0; count < bnL->size; count++) - bnL->d[count] = SWAP_CRYPT_WORD(bnL->d[count]); - bn = (bigConst)bnL; -#endif - if(*size == 0) - *size = (NUMBYTES)requiredSize; - pAssert(requiredSize <= *size); - // Byte swap the number (not words but the whole value) - count = *size; - // Start from the least significant word and offset to the most significant - // byte which is in some high word - pFrom = (BYTE *)(&bn->d[0]) + requiredSize - 1; - pTo = buffer; - - // If the number of output bytes is larger than the number bytes required - // for the input number, pad with zeros - for(count = *size; count > requiredSize; count--) - *pTo++ = 0; - // Move the most significant byte at the end of the BigNum to the next most - // significant byte position of the 2B and repeat for all significant bytes. - for(; requiredSize > 0; requiredSize--) - *pTo++ = *pFrom--; - } - return TRUE; -} - -//*** BnTo2B() -// Function to convert a BIG_NUM to TPM2B. -// The TPM2B size is set to the requested 'size' which may require padding. -// If 'size' is non-zero and less than required by the value in 'bn' then an error -// is returned. If 'size' is zero, then the TPM2B is assumed to be large enough -// for the data and a2b->size will be adjusted accordingly. -LIB_EXPORT BOOL -BnTo2B( - bigConst bn, // IN: - TPM2B *a2B, // OUT: - NUMBYTES size // IN: the desired size - ) -{ - // Set the output size - if(bn && a2B) - { - a2B->size = size; - return BnToBytes(bn, a2B->buffer, &a2B->size); - } - return FALSE; -} - -#if ALG_ECC - -//*** BnPointFrom2B() -// Function to create a BIG_POINT structure from a 2B point. -// A point is going to be two ECC values in the same buffer. The values are going -// to be the size of the modulus. They are in modular form. -LIB_EXPORT bn_point_t * -BnPointFrom2B( - bigPoint ecP, // OUT: the preallocated point structure - TPMS_ECC_POINT *p // IN: the number to convert - ) -{ - if(p == NULL) - return NULL; - - if(NULL != ecP) - { - BnFrom2B(ecP->x, &p->x.b); - BnFrom2B(ecP->y, &p->y.b); - BnSetWord(ecP->z, 1); - } - return ecP; -} - -//*** BnPointTo2B() -// This function converts a BIG_POINT into a TPMS_ECC_POINT. A TPMS_ECC_POINT -// contains two TPM2B_ECC_PARAMETER values. The maximum size of the parameters -// is dependent on the maximum EC key size used in an implementation. -// The presumption is that the TPMS_ECC_POINT is large enough to hold 2 TPM2B -// values, each as large as a MAX_ECC_PARAMETER_BYTES -LIB_EXPORT BOOL -BnPointTo2B( - TPMS_ECC_POINT *p, // OUT: the converted 2B structure - bigPoint ecP, // IN: the values to be converted - bigCurve E // IN: curve descriptor for the point - ) -{ - UINT16 size; -// - pAssert(p && ecP && E); - pAssert(BnEqualWord(ecP->z, 1)); - // BnMsb is the bit number of the MSB. This is one less than the number of bits - size = (UINT16)BITS_TO_BYTES(BnSizeInBits(CurveGetOrder(AccessCurveData(E)))); - BnTo2B(ecP->x, &p->x.b, size); - BnTo2B(ecP->y, &p->y.b, size); - return TRUE; -} - -#endif // ALG_ECC \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/BnMath.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/BnMath.c deleted file mode 100644 index 84d3e9eeb..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/BnMath.c +++ /dev/null @@ -1,597 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Introduction -// The simulator code uses the canonical form whenever possible in order to make -// the code in Part 3 more accessible. The canonical data formats are simple and -// not well suited for complex big number computations. When operating on big -// numbers, the data format is changed for easier manipulation. The format is native -// words in little-endian format. As the magnitude of the number decreases, the -// length of the array containing the number decreases but the starting address -// doesn't change. -// -// The functions in this file perform simple operations on these big numbers. Only -// the more complex operations are passed to the underlying support library. -// Although the support library would have most of these functions, the interface -// code to convert the format for the values is greater than the size of the -// code to implement the functions here. So, rather than incur the overhead of -// conversion, they are done here. -// -// If an implementer would prefer, the underlying library can be used simply by -// making code substitutions here. -// -// NOTE: There is an intention to continue to augment these functions so that there -// would be no need to use an external big number library. -// -// Many of these functions have no error returns and will always return TRUE. This -// is to allow them to be used in "guarded" sequences. That is: -// OK = OK || BnSomething(s); -// where the BnSomething function should not be called if OK isn't true. - -//** Includes -#include "Tpm.h" - -// A constant value of zero as a stand in for NULL bigNum values -const bignum_t BnConstZero = {1, 0, {0}}; - -//** Functions - -//*** AddSame() -// Adds two values that are the same size. This function allows 'result' to be -// the same as either of the addends. This is a nice function to put into assembly -// because handling the carry for multi-precision stuff is not as easy in C -// (unless there is a REALLY smart compiler). It would be nice if there were idioms -// in a language that a compiler could recognize what is going on and optimize -// loops like this. -// Return Type: int -// 0 no carry out -// 1 carry out -static BOOL -AddSame( - crypt_uword_t *result, - const crypt_uword_t *op1, - const crypt_uword_t *op2, - int count - ) -{ - int carry = 0; - int i; - - for(i = 0; i < count; i++) - { - crypt_uword_t a = op1[i]; - crypt_uword_t sum = a + op2[i]; - result[i] = sum + carry; - // generate a carry if the sum is less than either of the inputs - // propagate a carry if there was a carry and the sum + carry is zero - // do this using bit operations rather than logical operations so that - // the time is about the same. - // propagate term | generate term - carry = ((result[i] == 0) & carry) | (sum < a); - } - return carry; -} - -//*** CarryProp() -// Propagate a carry -static int -CarryProp( - crypt_uword_t *result, - const crypt_uword_t *op, - int count, - int carry - ) -{ - for(; count; count--) - carry = ((*result++ = *op++ + carry) == 0) & carry; - return carry; -} - -static void -CarryResolve( - bigNum result, - int stop, - int carry - ) -{ - if(carry) - { - pAssert((unsigned)stop < result->allocated); - result->d[stop++] = 1; - } - BnSetTop(result, stop); -} - -//*** BnAdd() -// This function adds two bigNum values. This function always returns TRUE. -LIB_EXPORT BOOL -BnAdd( - bigNum result, - bigConst op1, - bigConst op2 - ) -{ - crypt_uword_t stop; - int carry; - const bignum_t *n1 = op1; - const bignum_t *n2 = op2; - -// - if(n2->size > n1->size) - { - n1 = op2; - n2 = op1; - } - pAssert(result->allocated >= n1->size); - stop = MIN(n1->size, n2->allocated); - carry = (int)AddSame(result->d, n1->d, n2->d, (int)stop); - if(n1->size > stop) - carry = CarryProp(&result->d[stop], &n1->d[stop], (int)(n1->size - stop), carry); - CarryResolve(result, (int)n1->size, carry); - return TRUE; -} - -//*** BnAddWord() -// This function adds a word value to a bigNum. This function always returns TRUE. -LIB_EXPORT BOOL -BnAddWord( - bigNum result, - bigConst op, - crypt_uword_t word - ) -{ - int carry; -// - carry = (result->d[0] = op->d[0] + word) < word; - carry = CarryProp(&result->d[1], &op->d[1], (int)(op->size - 1), carry); - CarryResolve(result, (int)op->size, carry); - return TRUE; -} - -//*** SubSame() -// This function subtracts two values that have the same size. -static int -SubSame( - crypt_uword_t *result, - const crypt_uword_t *op1, - const crypt_uword_t *op2, - int count - ) -{ - int borrow = 0; - int i; - for(i = 0; i < count; i++) - { - crypt_uword_t a = op1[i]; - crypt_uword_t diff = a - op2[i]; - result[i] = diff - borrow; - // generate | propagate - borrow = (diff > a) | ((diff == 0) & borrow); - } - return borrow; -} - -//*** BorrowProp() -// This propagates a borrow. If borrow is true when the end -// of the array is reached, then it means that op2 was larger than -// op1 and we don't handle that case so an assert is generated. -// This design choice was made because our only bigNum computations -// are on large positive numbers (primes) or on fields. -// Propagate a borrow. -static int -BorrowProp( - crypt_uword_t *result, - const crypt_uword_t *op, - int size, - int borrow - ) -{ - for(; size > 0; size--) - borrow = ((*result++ = *op++ - borrow) == MAX_CRYPT_UWORD) && borrow; - return borrow; -} - -//*** BnSub() -// This function does subtraction of two bigNum values and returns result = op1 - op2 -// when op1 is greater than op2. If op2 is greater than op1, then a fault is -// generated. This function always returns TRUE. -LIB_EXPORT BOOL -BnSub( - bigNum result, - bigConst op1, - bigConst op2 - ) -{ - int borrow; - int stop = (int)MIN(op1->size, op2->allocated); -// - // Make sure that op2 is not obviously larger than op1 - pAssert(op1->size >= op2->size); - borrow = SubSame(result->d, op1->d, op2->d, stop); - if(op1->size > (crypt_uword_t)stop) - borrow = BorrowProp(&result->d[stop], &op1->d[stop], (int)(op1->size - stop), - borrow); - pAssert(!borrow); - BnSetTop(result, op1->size); - return TRUE; -} - -//*** BnSubWord() -// This function subtracts a word value from a bigNum. This function always -// returns TRUE. -LIB_EXPORT BOOL -BnSubWord( - bigNum result, - bigConst op, - crypt_uword_t word - ) -{ - int borrow; -// - pAssert(op->size > 1 || word <= op->d[0]); - borrow = word > op->d[0]; - result->d[0] = op->d[0] - word; - borrow = BorrowProp(&result->d[1], &op->d[1], (int)(op->size - 1), borrow); - pAssert(!borrow); - BnSetTop(result, op->size); - return TRUE; -} - -//*** BnUnsignedCmp() -// This function performs a comparison of op1 to op2. The compare is approximately -// constant time if the size of the values used in the compare is consistent -// across calls (from the same line in the calling code). -// Return Type: int -// < 0 op1 is less than op2 -// 0 op1 is equal to op2 -// > 0 op1 is greater than op2 -LIB_EXPORT int -BnUnsignedCmp( - bigConst op1, - bigConst op2 - ) -{ - int retVal; - int diff; - int i; -// - pAssert((op1 != NULL) && (op2 != NULL)); - retVal = (int)(op1->size - op2->size); - if(retVal == 0) - { - for(i = (int)(op1->size - 1); i >= 0; i--) - { - diff = (op1->d[i] < op2->d[i]) ? -1 : (op1->d[i] != op2->d[i]); - retVal = retVal == 0 ? diff : retVal; - } - } - else - retVal = (retVal < 0) ? -1 : 1; - return retVal; -} - -//*** BnUnsignedCmpWord() -// Compare a bigNum to a crypt_uword_t. -// Return Type: int -// -1 op1 is less that word -// 0 op1 is equal to word -// 1 op1 is greater than word -LIB_EXPORT int -BnUnsignedCmpWord( - bigConst op1, - crypt_uword_t word - ) -{ - if(op1->size > 1) - return 1; - else if(op1->size == 1) - return (op1->d[0] < word) ? -1 : (op1->d[0] > word); - else // op1 is zero - // equal if word is zero - return (word == 0) ? 0 : -1; -} - -//*** BnModWord() -// This function does modular division of a big number when the modulus is a -// word value. -LIB_EXPORT crypt_word_t -BnModWord( - bigConst numerator, - crypt_word_t modulus - ) -{ - BN_MAX(remainder); - BN_VAR(mod, RADIX_BITS); -// - mod->d[0] = modulus; - mod->size = (modulus != 0); - BnDiv(NULL, remainder, numerator, mod); - return remainder->d[0]; -} - -//*** Msb() -// This function returns the bit number of the most significant bit of a -// crypt_uword_t. The number for the least significant bit of any bigNum value is 0. -// The maximum return value is RADIX_BITS - 1, -// Return Type: int -// -1 the word was zero -// n the bit number of the most significant bit in the word -LIB_EXPORT int -Msb( - crypt_uword_t word - ) -{ - int retVal = -1; -// -#if RADIX_BITS == 64 - if(word & 0xffffffff00000000) { retVal += 32; word >>= 32; } -#endif - if(word & 0xffff0000) { retVal += 16; word >>= 16; } - if(word & 0x0000ff00) { retVal += 8; word >>= 8; } - if(word & 0x000000f0) { retVal += 4; word >>= 4; } - if(word & 0x0000000c) { retVal += 2; word >>= 2; } - if(word & 0x00000002) { retVal += 1; word >>= 1; } - return retVal + (int)word; -} - -//*** BnMsb() -// This function returns the number of the MSb of a bigNum value. -// Return Type: int -// -1 the word was zero or 'bn' was NULL -// n the bit number of the most significant bit in the word -LIB_EXPORT int -BnMsb( - bigConst bn - ) -{ - // If the value is NULL, or the size is zero then treat as zero and return -1 - if(bn != NULL && bn->size > 0) - { - int retVal = Msb(bn->d[bn->size - 1]); - retVal += (int)(bn->size - 1) * RADIX_BITS; - return retVal; - } - else - return -1; -} - -//*** BnSizeInBits() -// This function returns the number of bits required to hold a number. It is one -// greater than the Msb. -// -LIB_EXPORT unsigned -BnSizeInBits( - bigConst n - ) -{ - int bits = BnMsb(n) + 1; -// - return bits < 0? 0 : (unsigned)bits; -} - -//*** BnSetWord() -// Change the value of a bignum_t to a word value. -LIB_EXPORT bigNum -BnSetWord( - bigNum n, - crypt_uword_t w - ) -{ - if(n != NULL) - { - pAssert(n->allocated > 1); - n->d[0] = w; - BnSetTop(n, (w != 0) ? 1 : 0); - } - return n; -} - -//*** BnSetBit() -// This function will SET a bit in a bigNum. Bit 0 is the least-significant bit in -// the 0th digit_t. The function always return TRUE -LIB_EXPORT BOOL -BnSetBit( - bigNum bn, // IN/OUT: big number to modify - unsigned int bitNum // IN: Bit number to SET - ) -{ - crypt_uword_t offset = bitNum / RADIX_BITS; - pAssert(bn->allocated * RADIX_BITS >= bitNum); - // Grow the number if necessary to set the bit. - while(bn->size <= offset) - bn->d[bn->size++] = 0; - bn->d[offset] |= ((crypt_uword_t)1 << RADIX_MOD(bitNum)); - return TRUE; -} - -//*** BnTestBit() -// This function is used to check to see if a bit is SET in a bignum_t. The 0th bit -// is the LSb of d[0]. -// Return Type: BOOL -// TRUE(1) the bit is set -// FALSE(0) the bit is not set or the number is out of range -LIB_EXPORT BOOL -BnTestBit( - bigNum bn, // IN: number to check - unsigned int bitNum // IN: bit to test - ) -{ - crypt_uword_t offset = RADIX_DIV(bitNum); -// - if(bn->size > offset) - return ((bn->d[offset] & (((crypt_uword_t)1) << RADIX_MOD(bitNum))) != 0); - else - return FALSE; -} - -//***BnMaskBits() -// This function is used to mask off high order bits of a big number. -// The returned value will have no more than 'maskBit' bits -// set. -// Note: There is a requirement that unused words of a bignum_t are set to zero. -// Return Type: BOOL -// TRUE(1) result masked -// FALSE(0) the input was not as large as the mask -LIB_EXPORT BOOL -BnMaskBits( - bigNum bn, // IN/OUT: number to mask - crypt_uword_t maskBit // IN: the bit number for the mask. - ) -{ - crypt_uword_t finalSize; - BOOL retVal; - - finalSize = BITS_TO_CRYPT_WORDS(maskBit); - retVal = (finalSize <= bn->allocated); - if(retVal && (finalSize > 0)) - { - crypt_uword_t mask; - mask = ~((crypt_uword_t)0) >> RADIX_MOD(maskBit); - bn->d[finalSize - 1] &= mask; - } - BnSetTop(bn, finalSize); - return retVal; -} - -//*** BnShiftRight() -// This function will shift a bigNum to the right by the shiftAmount. -// This function always returns TRUE. -LIB_EXPORT BOOL -BnShiftRight( - bigNum result, - bigConst toShift, - uint32_t shiftAmount - ) -{ - uint32_t offset = (shiftAmount >> RADIX_LOG2); - uint32_t i; - uint32_t shiftIn; - crypt_uword_t finalSize; -// - shiftAmount = shiftAmount & RADIX_MASK; - shiftIn = RADIX_BITS - shiftAmount; - - // The end size is toShift->size - offset less one additional - // word if the shiftAmount would make the upper word == 0 - if(toShift->size > offset) - { - finalSize = toShift->size - offset; - finalSize -= (toShift->d[toShift->size - 1] >> shiftAmount) == 0 ? 1 : 0; - } - else - finalSize = 0; - - pAssert(finalSize <= result->allocated); - if(finalSize != 0) - { - for(i = 0; i < finalSize; i++) - { - result->d[i] = (toShift->d[i + offset] >> shiftAmount) - | (toShift->d[i + offset + 1] << shiftIn); - } - if(offset == 0) - result->d[i] = toShift->d[i] >> shiftAmount; - } - BnSetTop(result, finalSize); - return TRUE; -} - -//*** BnGetRandomBits() -// This function gets random bits for use in various places. To make sure that the -// number is generated in a portable format, it is created as a TPM2B and then -// converted to the internal format. -// -// One consequence of the generation scheme is that, if the number of bits requested -// is not a multiple of 8, then the high-order bits are set to zero. This would come -// into play when generating a 521-bit ECC key. A 66-byte (528-bit) value is -// generated an the high order 7 bits are masked off (CLEAR). -// Return Type: BOOL -// TRUE(1) success -// FALSE(0) failure -LIB_EXPORT BOOL -BnGetRandomBits( - bigNum n, - size_t bits, - RAND_STATE *rand -) -{ - // Since this could be used for ECC key generation using the extra bits method, - // make sure that the value is large enough - TPM2B_TYPE(LARGEST, LARGEST_NUMBER + 8); - TPM2B_LARGEST large; -// - large.b.size = (UINT16)BITS_TO_BYTES(bits); - if(DRBG_Generate(rand, large.t.buffer, large.t.size) == large.t.size) - { - if(BnFrom2B(n, &large.b) != NULL) - { - if(BnMaskBits(n, bits)) - return TRUE; - } - } - return FALSE; -} - -//*** BnGenerateRandomInRange() -// This function is used to generate a random number r in the range 1 <= r < limit. -// The function gets a random number of bits that is the size of limit. There is some -// some probability that the returned number is going to be greater than or equal -// to the limit. If it is, try again. There is no more than 50% chance that the -// next number is also greater, so try again. We keep trying until we get a -// value that meets the criteria. Since limit is very often a number with a LOT of -// high order ones, this rarely would need a second try. -// Return Type: BOOL -// TRUE(1) success -// FALSE(0) failure ('limit' is too small) -LIB_EXPORT BOOL -BnGenerateRandomInRange( - bigNum dest, - bigConst limit, - RAND_STATE *rand - ) -{ - size_t bits = BnSizeInBits(limit); -// - if(bits < 2) - { - BnSetWord(dest, 0); - return FALSE; - } - else - { - while(BnGetRandomBits(dest, bits, rand) - && (BnEqualZero(dest) || (BnUnsignedCmp(dest, limit) >= 0))); - } - return !g_inFailureMode; -} \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/BnMemory.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/BnMemory.c deleted file mode 100644 index ec70a476f..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/BnMemory.c +++ /dev/null @@ -1,187 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Introduction -// This file contains the memory setup functions used by the bigNum functions -// in CryptoEngine - -//** Includes -#include "Tpm.h" - -//** Functions - -//*** BnSetTop() -// This function is used when the size of a bignum_t is changed. It -// makes sure that the unused words are set to zero and that any significant -// words of zeros are eliminated from the used size indicator. -LIB_EXPORT bigNum -BnSetTop( - bigNum bn, // IN/OUT: number to clean - crypt_uword_t top // IN: the new top - ) -{ - if(bn != NULL) - { - pAssert(top <= bn->allocated); - // If forcing the size to be decreased, make sure that the words being - // discarded are being set to 0 - while(bn->size > top) - bn->d[--bn->size] = 0; - bn->size = top; - // Now make sure that the words that are left are 'normalized' (no high-order - // words of zero. - while((bn->size > 0) && (bn->d[bn->size - 1] == 0)) - bn->size -= 1; - } - return bn; -} - -//*** BnClearTop() -// This function will make sure that all unused words are zero. -LIB_EXPORT bigNum -BnClearTop( - bigNum bn - ) -{ - crypt_uword_t i; -// - if(bn != NULL) - { - for(i = bn->size; i < bn->allocated; i++) - bn->d[i] = 0; - while((bn->size > 0) && (bn->d[bn->size] == 0)) - bn->size -= 1; - } - return bn; -} - -//*** BnInitializeWord() -// This function is used to initialize an allocated bigNum with a word value. The -// bigNum does not have to be allocated with a single word. -LIB_EXPORT bigNum -BnInitializeWord( - bigNum bn, // IN: - crypt_uword_t allocated, // IN: - crypt_uword_t word // IN: - ) -{ - bn->allocated = allocated; - bn->size = (word != 0); - bn->d[0] = word; - while(allocated > 1) - bn->d[--allocated] = 0; - return bn; -} - -//*** BnInit() -// This function initializes a stack allocated bignum_t. It initializes -// 'allocated' and 'size' and zeros the words of 'd'. -LIB_EXPORT bigNum -BnInit( - bigNum bn, - crypt_uword_t allocated - ) -{ - if(bn != NULL) - { - bn->allocated = allocated; - bn->size = 0; - while(allocated != 0) - bn->d[--allocated] = 0; - } - return bn; -} - -//*** BnCopy() -// Function to copy a bignum_t. If the output is NULL, then -// nothing happens. If the input is NULL, the output is set -// to zero. -LIB_EXPORT BOOL -BnCopy( - bigNum out, - bigConst in - ) -{ - if(in == out) - BnSetTop(out, BnGetSize(out)); - else if(out != NULL) - { - if(in != NULL) - { - unsigned int i; - pAssert(BnGetAllocated(out) >= BnGetSize(in)); - for(i = 0; i < BnGetSize(in); i++) - out->d[i] = in->d[i]; - BnSetTop(out, BnGetSize(in)); - } - else - BnSetTop(out, 0); - } - return TRUE; -} - -#if ALG_ECC - -//*** BnPointCopy() -// Function to copy a bn point. -LIB_EXPORT BOOL -BnPointCopy( - bigPoint pOut, - pointConst pIn - ) -{ - return BnCopy(pOut->x, pIn->x) - && BnCopy(pOut->y, pIn->y) - && BnCopy(pOut->z, pIn->z); -} - -//*** BnInitializePoint() -// This function is used to initialize a point structure with the addresses -// of the coordinates. -LIB_EXPORT bn_point_t * -BnInitializePoint( - bigPoint p, // OUT: structure to receive pointers - bigNum x, // IN: x coordinate - bigNum y, // IN: y coordinate - bigNum z // IN: x coordinate - ) -{ - p->x = x; - p->y = y; - p->z = z; - BnSetWord(z, 1); - return p; -} - -#endif // ALG_ECC \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptCmac.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptCmac.c deleted file mode 100644 index 7440d5f6b..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptCmac.c +++ /dev/null @@ -1,176 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Introduction -// -// This file contains the implementation of the message authentication codes based -// on a symmetric block cipher. These functions only use the single block -// encryption functions of the selected symmetric cryptographic library. - -//** Includes, Defines, and Typedefs -#define _CRYPT_HASH_C_ -#include "Tpm.h" -#include "CryptSym.h" - -#if ALG_CMAC - -//** Functions - -//*** CryptCmacStart() -// This is the function to start the CMAC sequence operation. It initializes the -// dispatch functions for the data and end operations for CMAC and initializes the -// parameters that are used for the processing of data, including the key, key size -// and block cipher algorithm. -UINT16 -CryptCmacStart( - SMAC_STATE *state, - TPMU_PUBLIC_PARMS *keyParms, - TPM_ALG_ID macAlg, - TPM2B *key -) -{ - tpmCmacState_t *cState = &state->state.cmac; - TPMT_SYM_DEF_OBJECT *def = &keyParms->symDetail.sym; -// - if(macAlg != TPM_ALG_CMAC) - return 0; - // set up the encryption algorithm and parameters - cState->symAlg = def->algorithm; - cState->keySizeBits = def->keyBits.sym; - cState->iv.t.size = CryptGetSymmetricBlockSize(def->algorithm, - def->keyBits.sym); - MemoryCopy2B(&cState->symKey.b, key, sizeof(cState->symKey.t.buffer)); - - // Set up the dispatch methods for the CMAC - state->smacMethods.data = CryptCmacData; - state->smacMethods.end = CryptCmacEnd; - return cState->iv.t.size; -} - - -//*** CryptCmacData() -// This function is used to add data to the CMAC sequence computation. The function -// will XOR new data into the IV. If the buffer is full, and there is additional -// input data, the data is encrypted into the IV buffer, the new data is then -// XOR into the IV. When the data runs out, the function returns without encrypting -// even if the buffer is full. The last data block of a sequence will not be -// encrypted until the call to CryptCmacEnd(). This is to allow the proper subkey -// to be computed and applied before the last block is encrypted. -void -CryptCmacData( - SMAC_STATES *state, - UINT32 size, - const BYTE *buffer -) -{ - tpmCmacState_t *cmacState = &state->cmac; - TPM_ALG_ID algorithm = cmacState->symAlg; - BYTE *key = cmacState->symKey.t.buffer; - UINT16 keySizeInBits = cmacState->keySizeBits; - tpmCryptKeySchedule_t keySchedule; - TpmCryptSetSymKeyCall_t encrypt; -// - SELECT(ENCRYPT); - while(size > 0) - { - if(cmacState->bcount == cmacState->iv.t.size) - { - ENCRYPT(&keySchedule, cmacState->iv.t.buffer, cmacState->iv.t.buffer); - cmacState->bcount = 0; - } - for(;(size > 0) && (cmacState->bcount < cmacState->iv.t.size); - size--, cmacState->bcount++) - { - cmacState->iv.t.buffer[cmacState->bcount] ^= *buffer++; - } - } -} - -//*** CryptCmacEnd() -// This is the completion function for the CMAC. It does padding, if needed, and -// selects the subkey to be applied before the last block is encrypted. -UINT16 -CryptCmacEnd( - SMAC_STATES *state, - UINT32 outSize, - BYTE *outBuffer -) -{ - tpmCmacState_t *cState = &state->cmac; - // Need to set algorithm, key, and keySizeInBits in the local context so that - // the SELECT and ENCRYPT macros will work here - TPM_ALG_ID algorithm = cState->symAlg; - BYTE *key = cState->symKey.t.buffer; - UINT16 keySizeInBits = cState->keySizeBits; - tpmCryptKeySchedule_t keySchedule; - TpmCryptSetSymKeyCall_t encrypt; - TPM2B_IV subkey = {{0, {0}}}; - BOOL xorVal; - UINT16 i; - - subkey.t.size = cState->iv.t.size; - // Encrypt a block of zero - SELECT(ENCRYPT); - ENCRYPT(&keySchedule, subkey.t.buffer, subkey.t.buffer); - - // shift left by 1 and XOR with 0x0...87 if the MSb was 0 - xorVal = ((subkey.t.buffer[0] & 0x80) == 0) ? 0 : 0x87; - ShiftLeft(&subkey.b); - subkey.t.buffer[subkey.t.size - 1] ^= xorVal; - // this is a sanity check to make sure that the algorithm is working properly. - // remove this check when debug is done - pAssert(cState->bcount <= cState->iv.t.size); - // If the buffer is full then no need to compute subkey 2. - if(cState->bcount < cState->iv.t.size) - { - //Pad the data - cState->iv.t.buffer[cState->bcount++] ^= 0x80; - // The rest of the data is a pad of zero which would simply be XORed - // with the iv value so nothing to do... - // Now compute K2 - xorVal = ((subkey.t.buffer[0] & 0x80) == 0) ? 0 : 0x87; - ShiftLeft(&subkey.b); - subkey.t.buffer[subkey.t.size - 1] ^= xorVal; - } - // XOR the subkey into the IV - for(i = 0; i < subkey.t.size; i++) - cState->iv.t.buffer[i] ^= subkey.t.buffer[i]; - ENCRYPT(&keySchedule, cState->iv.t.buffer, cState->iv.t.buffer); - i = (UINT16)MIN(cState->iv.t.size, outSize); - MemoryCopy(outBuffer, cState->iv.t.buffer, i); - - return i; -} -#endif - diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptDes.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptDes.c deleted file mode 100644 index dd0b6f6ed..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptDes.c +++ /dev/null @@ -1,188 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Introduction -// -// This file contains the extra functions required for TDES. - -//** Includes, Defines, and Typedefs -#include "Tpm.h" - -#if ALG_TDES - - -#define DES_NUM_WEAK 64 -const UINT64 DesWeakKeys[DES_NUM_WEAK] = { - 0x0101010101010101ULL, 0xFEFEFEFEFEFEFEFEULL, - 0xE0E0E0E0F1F1F1F1ULL, 0x1F1F1F1F0E0E0E0EULL, - 0x011F011F010E010EULL, 0x1F011F010E010E01ULL, - 0x01E001E001F101F1ULL, 0xE001E001F101F101ULL, - 0x01FE01FE01FE01FEULL, 0xFE01FE01FE01FE01ULL, - 0x1FE01FE00EF10EF1ULL, 0xE01FE01FF10EF10EULL, - 0x1FFE1FFE0EFE0EFEULL, 0xFE1FFE1FFE0EFE0EULL, - 0xE0FEE0FEF1FEF1FEULL, 0xFEE0FEE0FEF1FEF1ULL, - 0x01011F1F01010E0EULL, 0x1F1F01010E0E0101ULL, - 0xE0E01F1FF1F10E0EULL, 0x0101E0E00101F1F1ULL, - 0x1F1FE0E00E0EF1F1ULL, 0xE0E0FEFEF1F1FEFEULL, - 0x0101FEFE0101FEFEULL, 0x1F1FFEFE0E0EFEFEULL, - 0xE0FE011FF1FE010EULL, 0x011F1F01010E0E01ULL, - 0x1FE001FE0EF101FEULL, 0xE0FE1F01F1FE0E01ULL, - 0x011FE0FE010EF1FEULL, 0x1FE0E01F0EF1F10EULL, - 0xE0FEFEE0F1FEFEF1ULL, 0x011FFEE0010EFEF1ULL, - 0x1FE0FE010EF1FE01ULL, 0xFE0101FEFE0101FEULL, - 0x01E01FFE01F10EFEULL, 0x1FFE01E00EFE01F1ULL, - 0xFE011FE0FE010EF1ULL, 0xFE01E01FFE01F10EULL, - 0x1FFEE0010EFEF101ULL, 0xFE1F01E0FE0E01F1ULL, - 0x01E0E00101F1F101ULL, 0x1FFEFE1F0EFEFE0EULL, - 0xFE1FE001FE0EF101ULL, 0x01E0FE1F01F1FE0EULL, - 0xE00101E0F10101F1ULL, 0xFE1F1FFEFE0E0EFEULL, - 0x01FE1FE001FE0EF1ULL, 0xE0011FFEF1010EFEULL, - 0xFEE0011FFEF1010EULL, 0x01FEE01F01FEF10EULL, - 0xE001FE1FF101FE0EULL, 0xFEE01F01FEF10E01ULL, - 0x01FEFE0101FEFE01ULL, 0xE01F01FEF10E01FEULL, - 0xFEE0E0FEFEF1F1FEULL, 0x1F01011F0E01010EULL, - 0xE01F1FE0F10E0EF1ULL, 0xFEFE0101FEFE0101ULL, - 0x1F01E0FE0E01F1FEULL, 0xE01FFE01F10EFE01ULL, - 0xFEFE1F1FFEFE0E0EULL, 0x1F01FEE00E01FEF1ULL, - 0xE0E00101F1F10101ULL, 0xFEFEE0E0FEFEF1F1ULL}; - - -//*** CryptSetOddByteParity() -// This function sets the per byte parity of a 64-bit value. The least-significant -// bit is of each byte is replaced with the odd parity of the other 7 bits in the -// byte. With odd parity, no byte will ever be 0x00. -UINT64 -CryptSetOddByteParity( - UINT64 k - ) -{ -#define PMASK 0x0101010101010101ULL - UINT64 out; - k |= PMASK; // set the parity bit - out = k; - k ^= k >> 4; - k ^= k >> 2; - k ^= k >> 1; - k &= PMASK; // odd parity extracted - out ^= k; // out is now even parity because parity bit was already set - out ^= PMASK; // out is now even parity - return out; -} - - -//*** CryptDesIsWeakKey() -// Check to see if a DES key is on the list of weak, semi-weak, or possibly weak -// keys. -// Return Type: BOOL -// TRUE(1) DES key is weak -// FALSE(0) DES key is not weak -static BOOL -CryptDesIsWeakKey( - UINT64 k - ) -{ - int i; -// - for(i = 0; i < DES_NUM_WEAK; i++) - { - if(k == DesWeakKeys[i]) - return TRUE; - } - return FALSE; -} - -//*** CryptDesValidateKey() -// Function to check to see if the input key is a valid DES key where the definition -// of valid is that none of the elements are on the list of weak, semi-weak, or -// possibly weak keys; and that for two keys, K1!=K2, and for three keys that -// K1!=K2 and K2!=K3. -BOOL -CryptDesValidateKey( - TPM2B_SYM_KEY *desKey // IN: key to validate - ) -{ - UINT64 k[3]; - int i; - int keys = (desKey->t.size + 7) / 8; - BYTE *pk = desKey->t.buffer; - BOOL ok; -// - // Note: 'keys' is the number of keys, not the maximum index for 'k' - ok = ((keys == 2) || (keys == 3)) && ((desKey->t.size % 8) == 0); - for(i = 0; ok && i < keys; pk += 8, i++) - { - k[i] = CryptSetOddByteParity(BYTE_ARRAY_TO_UINT64(pk)); - ok = !CryptDesIsWeakKey(k[i]); - } - ok = ok && k[0] != k[1]; - if(keys == 3) - ok = ok && k[1] != k[2]; - return ok; -} - -//*** CryptGenerateKeyDes() -// This function is used to create a DES key of the appropriate size. The key will -// have odd parity in the bytes. -TPM_RC -CryptGenerateKeyDes( - TPMT_PUBLIC *publicArea, // IN/OUT: The public area template - // for the new key. - TPMT_SENSITIVE *sensitive, // OUT: sensitive area - RAND_STATE *rand // IN: the "entropy" source for - ) -{ - - // Assume that the publicArea key size has been validated and is a supported - // number of bits. - sensitive->sensitive.sym.t.size = - BITS_TO_BYTES(publicArea->parameters.symDetail.sym.keyBits.sym); - do - { - BYTE *pK = sensitive->sensitive.sym.t.buffer; - int i = (sensitive->sensitive.sym.t.size + 7) / 8; -// Use the random number generator to generate the required number of bits - if(DRBG_Generate(rand, pK, sensitive->sensitive.sym.t.size) == 0) - return TPM_RC_NO_RESULT; - for(; i > 0; pK += 8, i--) - { - UINT64 k = BYTE_ARRAY_TO_UINT64(pK); - k = CryptSetOddByteParity(k); - UINT64_TO_BYTE_ARRAY(k, pK); - } - } while(!CryptDesValidateKey(&sensitive->sensitive.sym)); - return TPM_RC_SUCCESS; -} - -#endif -//*** diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptEccData.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptEccData.c deleted file mode 100644 index 06fb85e90..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptEccData.c +++ /dev/null @@ -1,657 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.1 Dec 8, 2018 - * Date: Jan 28, 2019 Time: 01:24:09AM - */ - -#include "Tpm.h" -#include "OIDs.h" - - -// This file contains the ECC curve data. The format of the data depends on the -// setting of USE_BN_ECC_DATA. If it is defined, then the TPM's BigNum format is -// used. Otherwise, it is kept in TPM2B format. The purpose of having the data in -// BigNum format is so that it does not have to be reformatted before being used -// by the crypto library. - -#if ALG_ECC - -#if USE_BN_ECC_DATA -# define TO_ECC_64 TO_CRYPT_WORD_64 -# define TO_ECC_56(a, b, c, d, e, f, g) TO_ECC_64(0, a, b, c, d, e, f, g) -# define TO_ECC_48(a, b, c, d, e, f) TO_ECC_64(0, 0, a, b, c, d, e, f) -# define TO_ECC_40(a, b, c, d, e) TO_ECC_64(0, 0, 0, a, b, c, d, e) -# if RADIX_BITS > 32 -# define TO_ECC_32(a, b, c, d) TO_ECC_64(0, 0, 0, 0, a, b, c, d) -# define TO_ECC_24(a, b, c) TO_ECC_64(0, 0, 0, 0, 0, a, b, c) -# define TO_ECC_16(a, b) TO_ECC_64(0, 0, 0, 0, 0, 0, a, b) -# define TO_ECC_8(a) TO_ECC_64(0, 0, 0, 0, 0, 0, 0, a) -# else // RADIX_BITS == 32 -# define TO_ECC_32 BIG_ENDIAN_BYTES_TO_UINT32 -# define TO_ECC_24(a, b, c) TO_ECC_32(0, a, b, c) -# define TO_ECC_16(a, b) TO_ECC_32(0, 0, a, b) -# define TO_ECC_8(a) TO_ECC_32(0, 0, 0, a) -# endif -#else // TPM2B_ -# define TO_ECC_64(a, b, c, d, e, f, g, h) a, b, c, d, e, f, g, h -# define TO_ECC_56(a, b, c, d, e, f, g) a, b, c, d, e, f, g -# define TO_ECC_48(a, b, c, d, e, f) a, b, c, d, e, f -# define TO_ECC_40(a, b, c, d, e) a, b, c, d, e -# define TO_ECC_32(a, b, c, d) a, b, c, d -# define TO_ECC_24(a, b, c) a, b, c -# define TO_ECC_16(a, b) a, b -# define TO_ECC_8(a) a -#endif - -#if USE_BN_ECC_DATA -#define BN_MIN_ALLOC(bytes) \ - (BYTES_TO_CRYPT_WORDS(bytes) == 0) ? 1 : BYTES_TO_CRYPT_WORDS(bytes) -# define ECC_CONST(NAME, bytes, initializer) \ - const struct { \ - crypt_uword_t allocate, size, d[BN_MIN_ALLOC(bytes)]; \ - } NAME = {BN_MIN_ALLOC(bytes), BYTES_TO_CRYPT_WORDS(bytes),{initializer}} - -ECC_CONST(ECC_ZERO, 0, 0); - -#else -# define ECC_CONST(NAME, bytes, initializer) \ - const TPM2B_##bytes##_BYTE_VALUE NAME = {bytes, {initializer}} - -// Have to special case ECC_ZERO -TPM2B_BYTE_VALUE(1); -TPM2B_1_BYTE_VALUE ECC_ZERO = {1, {0}}; - - -#endif - -ECC_CONST(ECC_ONE, 1, 1); - -#if !USE_BN_ECC_DATA -TPM2B_BYTE_VALUE(24); -#define TO_ECC_192(a, b, c) a, b, c -TPM2B_BYTE_VALUE(28); -#define TO_ECC_224(a, b, c, d) a, b, c, d -TPM2B_BYTE_VALUE(32); -#define TO_ECC_256(a, b, c, d) a, b, c, d -TPM2B_BYTE_VALUE(48); -#define TO_ECC_384(a, b, c, d, e, f) a, b, c, d, e, f -TPM2B_BYTE_VALUE(66); -#define TO_ECC_528(a, b, c, d, e, f, g, h, i) a, b, c, d, e, f, g, h, i -TPM2B_BYTE_VALUE(80); -#define TO_ECC_640(a, b, c, d, e, f, g, h, i, j) a, b, c, d, e, f, g, h, i, j -#else -#define TO_ECC_192(a, b, c) c, b, a -#define TO_ECC_224(a, b, c, d) d, c, b, a -#define TO_ECC_256(a, b, c, d) d, c, b, a -#define TO_ECC_384(a, b, c, d, e, f) f, e, d, c, b, a -#define TO_ECC_528(a, b, c, d, e, f, g, h, i) i, h, g, f, e, d, c, b, a -#define TO_ECC_640(a, b, c, d, e, f, g, h, i, j) j, i, h, g, f, e, d, c, b, a -#endif // !USE_BN_ECC_DATA - -#if ECC_NIST_P192 -ECC_CONST(NIST_P192_p, 24, TO_ECC_192( - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF))); -ECC_CONST(NIST_P192_a, 24, TO_ECC_192( - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC))); -ECC_CONST(NIST_P192_b, 24, TO_ECC_192( - TO_ECC_64(0x64, 0x21, 0x05, 0x19, 0xE5, 0x9C, 0x80, 0xE7), - TO_ECC_64(0x0F, 0xA7, 0xE9, 0xAB, 0x72, 0x24, 0x30, 0x49), - TO_ECC_64(0xFE, 0xB8, 0xDE, 0xEC, 0xC1, 0x46, 0xB9, 0xB1))); -ECC_CONST(NIST_P192_gX, 24, TO_ECC_192( - TO_ECC_64(0x18, 0x8D, 0xA8, 0x0E, 0xB0, 0x30, 0x90, 0xF6), - TO_ECC_64(0x7C, 0xBF, 0x20, 0xEB, 0x43, 0xA1, 0x88, 0x00), - TO_ECC_64(0xF4, 0xFF, 0x0A, 0xFD, 0x82, 0xFF, 0x10, 0x12))); -ECC_CONST(NIST_P192_gY, 24, TO_ECC_192( - TO_ECC_64(0x07, 0x19, 0x2B, 0x95, 0xFF, 0xC8, 0xDA, 0x78), - TO_ECC_64(0x63, 0x10, 0x11, 0xED, 0x6B, 0x24, 0xCD, 0xD5), - TO_ECC_64(0x73, 0xF9, 0x77, 0xA1, 0x1E, 0x79, 0x48, 0x11))); -ECC_CONST(NIST_P192_n, 24, TO_ECC_192( - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0x99, 0xDE, 0xF8, 0x36), - TO_ECC_64(0x14, 0x6B, 0xC9, 0xB1, 0xB4, 0xD2, 0x28, 0x31))); -#define NIST_P192_h ECC_ONE -#define NIST_P192_gZ ECC_ONE - -#if USE_BN_ECC_DATA - const ECC_CURVE_DATA NIST_P192 = { - (bigNum)&NIST_P192_p, (bigNum)&NIST_P192_n, (bigNum)&NIST_P192_h, - (bigNum)&NIST_P192_a, (bigNum)&NIST_P192_b, - {(bigNum)&NIST_P192_gX, (bigNum)&NIST_P192_gY, (bigNum)&NIST_P192_gZ}}; - -#else - const ECC_CURVE_DATA NIST_P192 = { - &NIST_P192_p.b, &NIST_P192_n.b, &NIST_P192_h.b, - &NIST_P192_a.b, &NIST_P192_b.b, - {&NIST_P192_gX.b, &NIST_P192_gY.b, &NIST_P192_gZ.b}}; - -#endif // USE_BN_ECC_DATA - -#endif // ECC_NIST_P192 - - -#if ECC_NIST_P224 -ECC_CONST(NIST_P224_p, 28, TO_ECC_224( - TO_ECC_32(0xFF, 0xFF, 0xFF, 0xFF), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00), - TO_ECC_64(0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01))); -ECC_CONST(NIST_P224_a, 28, TO_ECC_224( - TO_ECC_32(0xFF, 0xFF, 0xFF, 0xFF), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE))); -ECC_CONST(NIST_P224_b, 28, TO_ECC_224( - TO_ECC_32(0xB4, 0x05, 0x0A, 0x85), - TO_ECC_64(0x0C, 0x04, 0xB3, 0xAB, 0xF5, 0x41, 0x32, 0x56), - TO_ECC_64(0x50, 0x44, 0xB0, 0xB7, 0xD7, 0xBF, 0xD8, 0xBA), - TO_ECC_64(0x27, 0x0B, 0x39, 0x43, 0x23, 0x55, 0xFF, 0xB4))); -ECC_CONST(NIST_P224_gX, 28, TO_ECC_224( - TO_ECC_32(0xB7, 0x0E, 0x0C, 0xBD), - TO_ECC_64(0x6B, 0xB4, 0xBF, 0x7F, 0x32, 0x13, 0x90, 0xB9), - TO_ECC_64(0x4A, 0x03, 0xC1, 0xD3, 0x56, 0xC2, 0x11, 0x22), - TO_ECC_64(0x34, 0x32, 0x80, 0xD6, 0x11, 0x5C, 0x1D, 0x21))); -ECC_CONST(NIST_P224_gY, 28, TO_ECC_224( - TO_ECC_32(0xBD, 0x37, 0x63, 0x88), - TO_ECC_64(0xB5, 0xF7, 0x23, 0xFB, 0x4C, 0x22, 0xDF, 0xE6), - TO_ECC_64(0xCD, 0x43, 0x75, 0xA0, 0x5A, 0x07, 0x47, 0x64), - TO_ECC_64(0x44, 0xD5, 0x81, 0x99, 0x85, 0x00, 0x7E, 0x34))); -ECC_CONST(NIST_P224_n, 28, TO_ECC_224( - TO_ECC_32(0xFF, 0xFF, 0xFF, 0xFF), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - TO_ECC_64(0xFF, 0xFF, 0x16, 0xA2, 0xE0, 0xB8, 0xF0, 0x3E), - TO_ECC_64(0x13, 0xDD, 0x29, 0x45, 0x5C, 0x5C, 0x2A, 0x3D))); -#define NIST_P224_h ECC_ONE -#define NIST_P224_gZ ECC_ONE - -#if USE_BN_ECC_DATA - const ECC_CURVE_DATA NIST_P224 = { - (bigNum)&NIST_P224_p, (bigNum)&NIST_P224_n, (bigNum)&NIST_P224_h, - (bigNum)&NIST_P224_a, (bigNum)&NIST_P224_b, - {(bigNum)&NIST_P224_gX, (bigNum)&NIST_P224_gY, (bigNum)&NIST_P224_gZ}}; - -#else - const ECC_CURVE_DATA NIST_P224 = { - &NIST_P224_p.b, &NIST_P224_n.b, &NIST_P224_h.b, - &NIST_P224_a.b, &NIST_P224_b.b, - {&NIST_P224_gX.b, &NIST_P224_gY.b, &NIST_P224_gZ.b}}; - -#endif // USE_BN_ECC_DATA - -#endif // ECC_NIST_P224 - - -#if ECC_NIST_P256 -ECC_CONST(NIST_P256_p, 32, TO_ECC_256( - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x01), - TO_ECC_64(0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), - TO_ECC_64(0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF))); -ECC_CONST(NIST_P256_a, 32, TO_ECC_256( - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x01), - TO_ECC_64(0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), - TO_ECC_64(0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC))); -ECC_CONST(NIST_P256_b, 32, TO_ECC_256( - TO_ECC_64(0x5A, 0xC6, 0x35, 0xD8, 0xAA, 0x3A, 0x93, 0xE7), - TO_ECC_64(0xB3, 0xEB, 0xBD, 0x55, 0x76, 0x98, 0x86, 0xBC), - TO_ECC_64(0x65, 0x1D, 0x06, 0xB0, 0xCC, 0x53, 0xB0, 0xF6), - TO_ECC_64(0x3B, 0xCE, 0x3C, 0x3E, 0x27, 0xD2, 0x60, 0x4B))); -ECC_CONST(NIST_P256_gX, 32, TO_ECC_256( - TO_ECC_64(0x6B, 0x17, 0xD1, 0xF2, 0xE1, 0x2C, 0x42, 0x47), - TO_ECC_64(0xF8, 0xBC, 0xE6, 0xE5, 0x63, 0xA4, 0x40, 0xF2), - TO_ECC_64(0x77, 0x03, 0x7D, 0x81, 0x2D, 0xEB, 0x33, 0xA0), - TO_ECC_64(0xF4, 0xA1, 0x39, 0x45, 0xD8, 0x98, 0xC2, 0x96))); -ECC_CONST(NIST_P256_gY, 32, TO_ECC_256( - TO_ECC_64(0x4F, 0xE3, 0x42, 0xE2, 0xFE, 0x1A, 0x7F, 0x9B), - TO_ECC_64(0x8E, 0xE7, 0xEB, 0x4A, 0x7C, 0x0F, 0x9E, 0x16), - TO_ECC_64(0x2B, 0xCE, 0x33, 0x57, 0x6B, 0x31, 0x5E, 0xCE), - TO_ECC_64(0xCB, 0xB6, 0x40, 0x68, 0x37, 0xBF, 0x51, 0xF5))); -ECC_CONST(NIST_P256_n, 32, TO_ECC_256( - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - TO_ECC_64(0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84), - TO_ECC_64(0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51))); -#define NIST_P256_h ECC_ONE -#define NIST_P256_gZ ECC_ONE - -#if USE_BN_ECC_DATA - const ECC_CURVE_DATA NIST_P256 = { - (bigNum)&NIST_P256_p, (bigNum)&NIST_P256_n, (bigNum)&NIST_P256_h, - (bigNum)&NIST_P256_a, (bigNum)&NIST_P256_b, - {(bigNum)&NIST_P256_gX, (bigNum)&NIST_P256_gY, (bigNum)&NIST_P256_gZ}}; - -#else - const ECC_CURVE_DATA NIST_P256 = { - &NIST_P256_p.b, &NIST_P256_n.b, &NIST_P256_h.b, - &NIST_P256_a.b, &NIST_P256_b.b, - {&NIST_P256_gX.b, &NIST_P256_gY.b, &NIST_P256_gZ.b}}; - -#endif // USE_BN_ECC_DATA - -#endif // ECC_NIST_P256 - - -#if ECC_NIST_P384 -ECC_CONST(NIST_P384_p, 48, TO_ECC_384( - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00), - TO_ECC_64(0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF))); -ECC_CONST(NIST_P384_a, 48, TO_ECC_384( - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00), - TO_ECC_64(0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFC))); -ECC_CONST(NIST_P384_b, 48, TO_ECC_384( - TO_ECC_64(0xB3, 0x31, 0x2F, 0xA7, 0xE2, 0x3E, 0xE7, 0xE4), - TO_ECC_64(0x98, 0x8E, 0x05, 0x6B, 0xE3, 0xF8, 0x2D, 0x19), - TO_ECC_64(0x18, 0x1D, 0x9C, 0x6E, 0xFE, 0x81, 0x41, 0x12), - TO_ECC_64(0x03, 0x14, 0x08, 0x8F, 0x50, 0x13, 0x87, 0x5A), - TO_ECC_64(0xC6, 0x56, 0x39, 0x8D, 0x8A, 0x2E, 0xD1, 0x9D), - TO_ECC_64(0x2A, 0x85, 0xC8, 0xED, 0xD3, 0xEC, 0x2A, 0xEF))); -ECC_CONST(NIST_P384_gX, 48, TO_ECC_384( - TO_ECC_64(0xAA, 0x87, 0xCA, 0x22, 0xBE, 0x8B, 0x05, 0x37), - TO_ECC_64(0x8E, 0xB1, 0xC7, 0x1E, 0xF3, 0x20, 0xAD, 0x74), - TO_ECC_64(0x6E, 0x1D, 0x3B, 0x62, 0x8B, 0xA7, 0x9B, 0x98), - TO_ECC_64(0x59, 0xF7, 0x41, 0xE0, 0x82, 0x54, 0x2A, 0x38), - TO_ECC_64(0x55, 0x02, 0xF2, 0x5D, 0xBF, 0x55, 0x29, 0x6C), - TO_ECC_64(0x3A, 0x54, 0x5E, 0x38, 0x72, 0x76, 0x0A, 0xB7))); -ECC_CONST(NIST_P384_gY, 48, TO_ECC_384( - TO_ECC_64(0x36, 0x17, 0xDE, 0x4A, 0x96, 0x26, 0x2C, 0x6F), - TO_ECC_64(0x5D, 0x9E, 0x98, 0xBF, 0x92, 0x92, 0xDC, 0x29), - TO_ECC_64(0xF8, 0xF4, 0x1D, 0xBD, 0x28, 0x9A, 0x14, 0x7C), - TO_ECC_64(0xE9, 0xDA, 0x31, 0x13, 0xB5, 0xF0, 0xB8, 0xC0), - TO_ECC_64(0x0A, 0x60, 0xB1, 0xCE, 0x1D, 0x7E, 0x81, 0x9D), - TO_ECC_64(0x7A, 0x43, 0x1D, 0x7C, 0x90, 0xEA, 0x0E, 0x5F))); -ECC_CONST(NIST_P384_n, 48, TO_ECC_384( - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - TO_ECC_64(0xC7, 0x63, 0x4D, 0x81, 0xF4, 0x37, 0x2D, 0xDF), - TO_ECC_64(0x58, 0x1A, 0x0D, 0xB2, 0x48, 0xB0, 0xA7, 0x7A), - TO_ECC_64(0xEC, 0xEC, 0x19, 0x6A, 0xCC, 0xC5, 0x29, 0x73))); -#define NIST_P384_h ECC_ONE -#define NIST_P384_gZ ECC_ONE - -#if USE_BN_ECC_DATA - const ECC_CURVE_DATA NIST_P384 = { - (bigNum)&NIST_P384_p, (bigNum)&NIST_P384_n, (bigNum)&NIST_P384_h, - (bigNum)&NIST_P384_a, (bigNum)&NIST_P384_b, - {(bigNum)&NIST_P384_gX, (bigNum)&NIST_P384_gY, (bigNum)&NIST_P384_gZ}}; - -#else - const ECC_CURVE_DATA NIST_P384 = { - &NIST_P384_p.b, &NIST_P384_n.b, &NIST_P384_h.b, - &NIST_P384_a.b, &NIST_P384_b.b, - {&NIST_P384_gX.b, &NIST_P384_gY.b, &NIST_P384_gZ.b}}; - -#endif // USE_BN_ECC_DATA - -#endif // ECC_NIST_P384 - - -#if ECC_NIST_P521 -ECC_CONST(NIST_P521_p, 66, TO_ECC_528( - TO_ECC_16(0x01, 0xFF), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF))); -ECC_CONST(NIST_P521_a, 66, TO_ECC_528( - TO_ECC_16(0x01, 0xFF), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC))); -ECC_CONST(NIST_P521_b, 66, TO_ECC_528( - TO_ECC_16(0x00, 0x51), - TO_ECC_64(0x95, 0x3E, 0xB9, 0x61, 0x8E, 0x1C, 0x9A, 0x1F), - TO_ECC_64(0x92, 0x9A, 0x21, 0xA0, 0xB6, 0x85, 0x40, 0xEE), - TO_ECC_64(0xA2, 0xDA, 0x72, 0x5B, 0x99, 0xB3, 0x15, 0xF3), - TO_ECC_64(0xB8, 0xB4, 0x89, 0x91, 0x8E, 0xF1, 0x09, 0xE1), - TO_ECC_64(0x56, 0x19, 0x39, 0x51, 0xEC, 0x7E, 0x93, 0x7B), - TO_ECC_64(0x16, 0x52, 0xC0, 0xBD, 0x3B, 0xB1, 0xBF, 0x07), - TO_ECC_64(0x35, 0x73, 0xDF, 0x88, 0x3D, 0x2C, 0x34, 0xF1), - TO_ECC_64(0xEF, 0x45, 0x1F, 0xD4, 0x6B, 0x50, 0x3F, 0x00))); -ECC_CONST(NIST_P521_gX, 66, TO_ECC_528( - TO_ECC_16(0x00, 0xC6), - TO_ECC_64(0x85, 0x8E, 0x06, 0xB7, 0x04, 0x04, 0xE9, 0xCD), - TO_ECC_64(0x9E, 0x3E, 0xCB, 0x66, 0x23, 0x95, 0xB4, 0x42), - TO_ECC_64(0x9C, 0x64, 0x81, 0x39, 0x05, 0x3F, 0xB5, 0x21), - TO_ECC_64(0xF8, 0x28, 0xAF, 0x60, 0x6B, 0x4D, 0x3D, 0xBA), - TO_ECC_64(0xA1, 0x4B, 0x5E, 0x77, 0xEF, 0xE7, 0x59, 0x28), - TO_ECC_64(0xFE, 0x1D, 0xC1, 0x27, 0xA2, 0xFF, 0xA8, 0xDE), - TO_ECC_64(0x33, 0x48, 0xB3, 0xC1, 0x85, 0x6A, 0x42, 0x9B), - TO_ECC_64(0xF9, 0x7E, 0x7E, 0x31, 0xC2, 0xE5, 0xBD, 0x66))); -ECC_CONST(NIST_P521_gY, 66, TO_ECC_528( - TO_ECC_16(0x01, 0x18), - TO_ECC_64(0x39, 0x29, 0x6A, 0x78, 0x9A, 0x3B, 0xC0, 0x04), - TO_ECC_64(0x5C, 0x8A, 0x5F, 0xB4, 0x2C, 0x7D, 0x1B, 0xD9), - TO_ECC_64(0x98, 0xF5, 0x44, 0x49, 0x57, 0x9B, 0x44, 0x68), - TO_ECC_64(0x17, 0xAF, 0xBD, 0x17, 0x27, 0x3E, 0x66, 0x2C), - TO_ECC_64(0x97, 0xEE, 0x72, 0x99, 0x5E, 0xF4, 0x26, 0x40), - TO_ECC_64(0xC5, 0x50, 0xB9, 0x01, 0x3F, 0xAD, 0x07, 0x61), - TO_ECC_64(0x35, 0x3C, 0x70, 0x86, 0xA2, 0x72, 0xC2, 0x40), - TO_ECC_64(0x88, 0xBE, 0x94, 0x76, 0x9F, 0xD1, 0x66, 0x50))); -ECC_CONST(NIST_P521_n, 66, TO_ECC_528( - TO_ECC_16(0x01, 0xFF), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFA), - TO_ECC_64(0x51, 0x86, 0x87, 0x83, 0xBF, 0x2F, 0x96, 0x6B), - TO_ECC_64(0x7F, 0xCC, 0x01, 0x48, 0xF7, 0x09, 0xA5, 0xD0), - TO_ECC_64(0x3B, 0xB5, 0xC9, 0xB8, 0x89, 0x9C, 0x47, 0xAE), - TO_ECC_64(0xBB, 0x6F, 0xB7, 0x1E, 0x91, 0x38, 0x64, 0x09))); -#define NIST_P521_h ECC_ONE -#define NIST_P521_gZ ECC_ONE - -#if USE_BN_ECC_DATA - const ECC_CURVE_DATA NIST_P521 = { - (bigNum)&NIST_P521_p, (bigNum)&NIST_P521_n, (bigNum)&NIST_P521_h, - (bigNum)&NIST_P521_a, (bigNum)&NIST_P521_b, - {(bigNum)&NIST_P521_gX, (bigNum)&NIST_P521_gY, (bigNum)&NIST_P521_gZ}}; - -#else - const ECC_CURVE_DATA NIST_P521 = { - &NIST_P521_p.b, &NIST_P521_n.b, &NIST_P521_h.b, - &NIST_P521_a.b, &NIST_P521_b.b, - {&NIST_P521_gX.b, &NIST_P521_gY.b, &NIST_P521_gZ.b}}; - -#endif // USE_BN_ECC_DATA - -#endif // ECC_NIST_P521 - - -#if ECC_BN_P256 -ECC_CONST(BN_P256_p, 32, TO_ECC_256( - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC, 0xF0, 0xCD), - TO_ECC_64(0x46, 0xE5, 0xF2, 0x5E, 0xEE, 0x71, 0xA4, 0x9F), - TO_ECC_64(0x0C, 0xDC, 0x65, 0xFB, 0x12, 0x98, 0x0A, 0x82), - TO_ECC_64(0xD3, 0x29, 0x2D, 0xDB, 0xAE, 0xD3, 0x30, 0x13))); -#define BN_P256_a ECC_ZERO -ECC_CONST(BN_P256_b, 1, TO_ECC_8(3)); -#define BN_P256_gX ECC_ONE -ECC_CONST(BN_P256_gY, 1, TO_ECC_8(2)); -ECC_CONST(BN_P256_n, 32, TO_ECC_256( - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC, 0xF0, 0xCD), - TO_ECC_64(0x46, 0xE5, 0xF2, 0x5E, 0xEE, 0x71, 0xA4, 0x9E), - TO_ECC_64(0x0C, 0xDC, 0x65, 0xFB, 0x12, 0x99, 0x92, 0x1A), - TO_ECC_64(0xF6, 0x2D, 0x53, 0x6C, 0xD1, 0x0B, 0x50, 0x0D))); -#define BN_P256_h ECC_ONE -#define BN_P256_gZ ECC_ONE - -#if USE_BN_ECC_DATA - const ECC_CURVE_DATA BN_P256 = { - (bigNum)&BN_P256_p, (bigNum)&BN_P256_n, (bigNum)&BN_P256_h, - (bigNum)&BN_P256_a, (bigNum)&BN_P256_b, - {(bigNum)&BN_P256_gX, (bigNum)&BN_P256_gY, (bigNum)&BN_P256_gZ}}; - -#else - const ECC_CURVE_DATA BN_P256 = { - &BN_P256_p.b, &BN_P256_n.b, &BN_P256_h.b, - &BN_P256_a.b, &BN_P256_b.b, - {&BN_P256_gX.b, &BN_P256_gY.b, &BN_P256_gZ.b}}; - -#endif // USE_BN_ECC_DATA - -#endif // ECC_BN_P256 - - -#if ECC_BN_P638 -ECC_CONST(BN_P638_p, 80, TO_ECC_640( - TO_ECC_64(0x23, 0xFF, 0xFF, 0xFD, 0xC0, 0x00, 0x00, 0x0D), - TO_ECC_64(0x7F, 0xFF, 0xFF, 0xB8, 0x00, 0x00, 0x01, 0xD3), - TO_ECC_64(0xFF, 0xFF, 0xF9, 0x42, 0xD0, 0x00, 0x16, 0x5E), - TO_ECC_64(0x3F, 0xFF, 0x94, 0x87, 0x00, 0x00, 0xD5, 0x2F), - TO_ECC_64(0xFF, 0xFD, 0xD0, 0xE0, 0x00, 0x08, 0xDE, 0x55), - TO_ECC_64(0xC0, 0x00, 0x86, 0x52, 0x00, 0x21, 0xE5, 0x5B), - TO_ECC_64(0xFF, 0xFF, 0xF5, 0x1F, 0xFF, 0xF4, 0xEB, 0x80), - TO_ECC_64(0x00, 0x00, 0x00, 0x4C, 0x80, 0x01, 0x5A, 0xCD), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xEC, 0xE0), - TO_ECC_64(0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x67))); -#define BN_P638_a ECC_ZERO -ECC_CONST(BN_P638_b, 2, TO_ECC_16(0x01,0x01)); -ECC_CONST(BN_P638_gX, 80, TO_ECC_640( - TO_ECC_64(0x23, 0xFF, 0xFF, 0xFD, 0xC0, 0x00, 0x00, 0x0D), - TO_ECC_64(0x7F, 0xFF, 0xFF, 0xB8, 0x00, 0x00, 0x01, 0xD3), - TO_ECC_64(0xFF, 0xFF, 0xF9, 0x42, 0xD0, 0x00, 0x16, 0x5E), - TO_ECC_64(0x3F, 0xFF, 0x94, 0x87, 0x00, 0x00, 0xD5, 0x2F), - TO_ECC_64(0xFF, 0xFD, 0xD0, 0xE0, 0x00, 0x08, 0xDE, 0x55), - TO_ECC_64(0xC0, 0x00, 0x86, 0x52, 0x00, 0x21, 0xE5, 0x5B), - TO_ECC_64(0xFF, 0xFF, 0xF5, 0x1F, 0xFF, 0xF4, 0xEB, 0x80), - TO_ECC_64(0x00, 0x00, 0x00, 0x4C, 0x80, 0x01, 0x5A, 0xCD), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xEC, 0xE0), - TO_ECC_64(0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x66))); -ECC_CONST(BN_P638_gY, 1, TO_ECC_8(0x10)); -ECC_CONST(BN_P638_n, 80, TO_ECC_640( - TO_ECC_64(0x23, 0xFF, 0xFF, 0xFD, 0xC0, 0x00, 0x00, 0x0D), - TO_ECC_64(0x7F, 0xFF, 0xFF, 0xB8, 0x00, 0x00, 0x01, 0xD3), - TO_ECC_64(0xFF, 0xFF, 0xF9, 0x42, 0xD0, 0x00, 0x16, 0x5E), - TO_ECC_64(0x3F, 0xFF, 0x94, 0x87, 0x00, 0x00, 0xD5, 0x2F), - TO_ECC_64(0xFF, 0xFD, 0xD0, 0xE0, 0x00, 0x08, 0xDE, 0x55), - TO_ECC_64(0x60, 0x00, 0x86, 0x55, 0x00, 0x21, 0xE5, 0x55), - TO_ECC_64(0xFF, 0xFF, 0xF5, 0x4F, 0xFF, 0xF4, 0xEA, 0xC0), - TO_ECC_64(0x00, 0x00, 0x00, 0x49, 0x80, 0x01, 0x54, 0xD9), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xED, 0xA0), - TO_ECC_64(0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x61))); -#define BN_P638_h ECC_ONE -#define BN_P638_gZ ECC_ONE - -#if USE_BN_ECC_DATA - const ECC_CURVE_DATA BN_P638 = { - (bigNum)&BN_P638_p, (bigNum)&BN_P638_n, (bigNum)&BN_P638_h, - (bigNum)&BN_P638_a, (bigNum)&BN_P638_b, - {(bigNum)&BN_P638_gX, (bigNum)&BN_P638_gY, (bigNum)&BN_P638_gZ}}; - -#else - const ECC_CURVE_DATA BN_P638 = { - &BN_P638_p.b, &BN_P638_n.b, &BN_P638_h.b, - &BN_P638_a.b, &BN_P638_b.b, - {&BN_P638_gX.b, &BN_P638_gY.b, &BN_P638_gZ.b}}; - -#endif // USE_BN_ECC_DATA - -#endif // ECC_BN_P638 - - -#if ECC_SM2_P256 -ECC_CONST(SM2_P256_p, 32, TO_ECC_256( - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF))); -ECC_CONST(SM2_P256_a, 32, TO_ECC_256( - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC))); -ECC_CONST(SM2_P256_b, 32, TO_ECC_256( - TO_ECC_64(0x28, 0xE9, 0xFA, 0x9E, 0x9D, 0x9F, 0x5E, 0x34), - TO_ECC_64(0x4D, 0x5A, 0x9E, 0x4B, 0xCF, 0x65, 0x09, 0xA7), - TO_ECC_64(0xF3, 0x97, 0x89, 0xF5, 0x15, 0xAB, 0x8F, 0x92), - TO_ECC_64(0xDD, 0xBC, 0xBD, 0x41, 0x4D, 0x94, 0x0E, 0x93))); -ECC_CONST(SM2_P256_gX, 32, TO_ECC_256( - TO_ECC_64(0x32, 0xC4, 0xAE, 0x2C, 0x1F, 0x19, 0x81, 0x19), - TO_ECC_64(0x5F, 0x99, 0x04, 0x46, 0x6A, 0x39, 0xC9, 0x94), - TO_ECC_64(0x8F, 0xE3, 0x0B, 0xBF, 0xF2, 0x66, 0x0B, 0xE1), - TO_ECC_64(0x71, 0x5A, 0x45, 0x89, 0x33, 0x4C, 0x74, 0xC7))); -ECC_CONST(SM2_P256_gY, 32, TO_ECC_256( - TO_ECC_64(0xBC, 0x37, 0x36, 0xA2, 0xF4, 0xF6, 0x77, 0x9C), - TO_ECC_64(0x59, 0xBD, 0xCE, 0xE3, 0x6B, 0x69, 0x21, 0x53), - TO_ECC_64(0xD0, 0xA9, 0x87, 0x7C, 0xC6, 0x2A, 0x47, 0x40), - TO_ECC_64(0x02, 0xDF, 0x32, 0xE5, 0x21, 0x39, 0xF0, 0xA0))); -ECC_CONST(SM2_P256_n, 32, TO_ECC_256( - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - TO_ECC_64(0x72, 0x03, 0xDF, 0x6B, 0x21, 0xC6, 0x05, 0x2B), - TO_ECC_64(0x53, 0xBB, 0xF4, 0x09, 0x39, 0xD5, 0x41, 0x23))); -#define SM2_P256_h ECC_ONE -#define SM2_P256_gZ ECC_ONE - -#if USE_BN_ECC_DATA - const ECC_CURVE_DATA SM2_P256 = { - (bigNum)&SM2_P256_p, (bigNum)&SM2_P256_n, (bigNum)&SM2_P256_h, - (bigNum)&SM2_P256_a, (bigNum)&SM2_P256_b, - {(bigNum)&SM2_P256_gX, (bigNum)&SM2_P256_gY, (bigNum)&SM2_P256_gZ}}; - -#else - const ECC_CURVE_DATA SM2_P256 = { - &SM2_P256_p.b, &SM2_P256_n.b, &SM2_P256_h.b, - &SM2_P256_a.b, &SM2_P256_b.b, - {&SM2_P256_gX.b, &SM2_P256_gY.b, &SM2_P256_gZ.b}}; - -#endif // USE_BN_ECC_DATA - -#endif // ECC_SM2_P256 - - -#define comma -const ECC_CURVE eccCurves[] = { -#if ECC_NIST_P192 - comma - {TPM_ECC_NIST_P192, - 192, - {ALG_KDF1_SP800_56A_VALUE, {{ALG_SHA256_VALUE}}}, - {ALG_NULL_VALUE, {{ALG_NULL_VALUE}}}, - &NIST_P192, - OID_ECC_NIST_P192 - CURVE_NAME("NIST_P192")} -# undef comma -# define comma , -#endif // ECC_NIST_P192 -#if ECC_NIST_P224 - comma - {TPM_ECC_NIST_P224, - 224, - {ALG_KDF1_SP800_56A_VALUE, {{ALG_SHA256_VALUE}}}, - {ALG_NULL_VALUE, {{ALG_NULL_VALUE}}}, - &NIST_P224, - OID_ECC_NIST_P224 - CURVE_NAME("NIST_P224")} -# undef comma -# define comma , -#endif // ECC_NIST_P224 -#if ECC_NIST_P256 - comma - {TPM_ECC_NIST_P256, - 256, - {ALG_KDF1_SP800_56A_VALUE, {{ALG_SHA256_VALUE}}}, - {ALG_NULL_VALUE, {{ALG_NULL_VALUE}}}, - &NIST_P256, - OID_ECC_NIST_P256 - CURVE_NAME("NIST_P256")} -# undef comma -# define comma , -#endif // ECC_NIST_P256 -#if ECC_NIST_P384 - comma - {TPM_ECC_NIST_P384, - 384, - {ALG_KDF1_SP800_56A_VALUE, {{ALG_SHA384_VALUE}}}, - {ALG_NULL_VALUE, {{ALG_NULL_VALUE}}}, - &NIST_P384, - OID_ECC_NIST_P384 - CURVE_NAME("NIST_P384")} -# undef comma -# define comma , -#endif // ECC_NIST_P384 -#if ECC_NIST_P521 - comma - {TPM_ECC_NIST_P521, - 521, - {ALG_KDF1_SP800_56A_VALUE, {{ALG_SHA512_VALUE}}}, - {ALG_NULL_VALUE, {{ALG_NULL_VALUE}}}, - &NIST_P521, - OID_ECC_NIST_P521 - CURVE_NAME("NIST_P521")} -# undef comma -# define comma , -#endif // ECC_NIST_P521 -#if ECC_BN_P256 - comma - {TPM_ECC_BN_P256, - 256, - {ALG_NULL_VALUE, {{ALG_NULL_VALUE}}}, - {ALG_NULL_VALUE, {{ALG_NULL_VALUE}}}, - &BN_P256, - OID_ECC_BN_P256 - CURVE_NAME("BN_P256")} -# undef comma -# define comma , -#endif // ECC_BN_P256 -#if ECC_BN_P638 - comma - {TPM_ECC_BN_P638, - 638, - {ALG_NULL_VALUE, {{ALG_NULL_VALUE}}}, - {ALG_NULL_VALUE, {{ALG_NULL_VALUE}}}, - &BN_P638, - OID_ECC_BN_P638 - CURVE_NAME("BN_P638")} -# undef comma -# define comma , -#endif // ECC_BN_P638 -#if ECC_SM2_P256 - comma - {TPM_ECC_SM2_P256, - 256, - {ALG_KDF1_SP800_56A_VALUE, {{ALG_SM3_256_VALUE}}}, - {ALG_NULL_VALUE, {{ALG_NULL_VALUE}}}, - &SM2_P256, - OID_ECC_SM2_P256 - CURVE_NAME("SM2_P256")} -# undef comma -# define comma , -#endif // ECC_SM2_P256 -}; -#endif // TPM_ALG_ECC diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptEccKeyExchange.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptEccKeyExchange.c deleted file mode 100644 index 5e141cf3d..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptEccKeyExchange.c +++ /dev/null @@ -1,383 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Introduction -// This file contains the functions that are used for the two-phase, ECC, -// key-exchange protocols - - -#include "Tpm.h" - -#if CC_ZGen_2Phase == YES - -//** Functions - -#if ALG_ECMQV - -//*** avf1() -// This function does the associated value computation required by MQV key -// exchange. -// Process: -// 1. Convert 'xQ' to an integer 'xqi' using the convention specified in Appendix C.3. -// 2. Calculate -// xqm = xqi mod 2^ceil(f/2) (where f = ceil(log2(n)). -// 3. Calculate the associate value function -// avf(Q) = xqm + 2ceil(f / 2) -// Always returns TRUE(1). -static BOOL -avf1( - bigNum bnX, // IN/OUT: the reduced value - bigNum bnN // IN: the order of the curve - ) -{ -// compute f = 2^(ceil(ceil(log2(n)) / 2)) - int f = (BnSizeInBits(bnN) + 1) / 2; -// x' = 2^f + (x mod 2^f) - BnMaskBits(bnX, f); // This is mod 2*2^f but it doesn't matter because - // the next operation will SET the extra bit anyway - BnSetBit(bnX, f); - return TRUE; -} - -//*** C_2_2_MQV() -// This function performs the key exchange defined in SP800-56A -// 6.1.1.4 Full MQV, C(2, 2, ECC MQV). -// -// CAUTION: Implementation of this function may require use of essential claims in -// patents not owned by TCG members. -// -// Points 'QsB' and 'QeB' are required to be on the curve of 'inQsA'. The function -// will fail, possibly catastrophically, if this is not the case. -// Return Type: TPM_RC -// TPM_RC_NO_RESULT the value for dsA does not give a valid point on the -// curve -static TPM_RC -C_2_2_MQV( - TPMS_ECC_POINT *outZ, // OUT: the computed point - TPM_ECC_CURVE curveId, // IN: the curve for the computations - TPM2B_ECC_PARAMETER *dsA, // IN: static private TPM key - TPM2B_ECC_PARAMETER *deA, // IN: ephemeral private TPM key - TPMS_ECC_POINT *QsB, // IN: static public party B key - TPMS_ECC_POINT *QeB // IN: ephemeral public party B key - ) -{ - CURVE_INITIALIZED(E, curveId); - const ECC_CURVE_DATA *C; - POINT(pQeA); - POINT_INITIALIZED(pQeB, QeB); - POINT_INITIALIZED(pQsB, QsB); - ECC_NUM(bnTa); - ECC_INITIALIZED(bnDeA, deA); - ECC_INITIALIZED(bnDsA, dsA); - ECC_NUM(bnN); - ECC_NUM(bnXeB); - TPM_RC retVal; -// - // Parameter checks - if(E == NULL) - ERROR_RETURN(TPM_RC_VALUE); - pAssert(outZ != NULL && pQeB != NULL && pQsB != NULL && deA != NULL - && dsA != NULL); - C = AccessCurveData(E); -// Process: -// 1. implicitsigA = (de,A + avf(Qe,A)ds,A ) mod n. -// 2. P = h(implicitsigA)(Qe,B + avf(Qe,B)Qs,B). -// 3. If P = O, output an error indicator. -// 4. Z=xP, where xP is the x-coordinate of P. - - // Compute the public ephemeral key pQeA = [de,A]G - if((retVal = BnPointMult(pQeA, CurveGetG(C), bnDeA, NULL, NULL, E)) - != TPM_RC_SUCCESS) - goto Exit; - -// 1. implicitsigA = (de,A + avf(Qe,A)ds,A ) mod n. -// tA := (ds,A + de,A avf(Xe,A)) mod n (3) -// Compute 'tA' = ('deA' + 'dsA' avf('XeA')) mod n - // Ta = avf(XeA); - BnCopy(bnTa, pQeA->x); - avf1(bnTa, bnN); - // do Ta = ds,A * Ta mod n = dsA * avf(XeA) mod n - BnModMult(bnTa, bnDsA, bnTa, bnN); - // now Ta = deA + Ta mod n = deA + dsA * avf(XeA) mod n - BnAdd(bnTa, bnTa, bnDeA); - BnMod(bnTa, bnN); - -// 2. P = h(implicitsigA)(Qe,B + avf(Qe,B)Qs,B). -// Put this in because almost every case of h is == 1 so skip the call when - // not necessary. - if(!BnEqualWord(CurveGetCofactor(C), 1)) - // Cofactor is not 1 so compute Ta := Ta * h mod n - BnModMult(bnTa, bnTa, CurveGetCofactor(C), CurveGetOrder(C)); - - // Now that 'tA' is (h * 'tA' mod n) - // 'outZ' = (tA)(Qe,B + avf(Qe,B)Qs,B). - - // first, compute XeB = avf(XeB) - avf1(bnXeB, bnN); - - // QsB := [XeB]QsB - BnPointMult(pQsB, pQsB, bnXeB, NULL, NULL, E); - BnEccAdd(pQeB, pQeB, pQsB, E); - - // QeB := [tA]QeB = [tA](QsB + [Xe,B]QeB) and check for at infinity - // If the result is not the point at infinity, return QeB - BnPointMult(pQeB, pQeB, bnTa, NULL, NULL, E); - if(BnEqualZero(pQeB->z)) - ERROR_RETURN(TPM_RC_NO_RESULT); - // Convert BIGNUM E to TPM2B E - BnPointTo2B(outZ, pQeB, E); - -Exit: - CURVE_FREE(E); - return retVal; -} - -#endif // ALG_ECMQV - -//*** C_2_2_ECDH() -// This function performs the two phase key exchange defined in SP800-56A, -// 6.1.1.2 Full Unified Model, C(2, 2, ECC CDH). -// -static TPM_RC -C_2_2_ECDH( - TPMS_ECC_POINT *outZs, // OUT: Zs - TPMS_ECC_POINT *outZe, // OUT: Ze - TPM_ECC_CURVE curveId, // IN: the curve for the computations - TPM2B_ECC_PARAMETER *dsA, // IN: static private TPM key - TPM2B_ECC_PARAMETER *deA, // IN: ephemeral private TPM key - TPMS_ECC_POINT *QsB, // IN: static public party B key - TPMS_ECC_POINT *QeB // IN: ephemeral public party B key - ) -{ - CURVE_INITIALIZED(E, curveId); - ECC_INITIALIZED(bnAs, dsA); - ECC_INITIALIZED(bnAe, deA); - POINT_INITIALIZED(ecBs, QsB); - POINT_INITIALIZED(ecBe, QeB); - POINT(ecZ); - TPM_RC retVal; -// - // Parameter checks - if(E == NULL) - ERROR_RETURN(TPM_RC_CURVE); - pAssert(outZs != NULL && dsA != NULL && deA != NULL && QsB != NULL - && QeB != NULL); - - // Do the point multiply for the Zs value ([dsA]QsB) - retVal = BnPointMult(ecZ, ecBs, bnAs, NULL, NULL, E); - if(retVal == TPM_RC_SUCCESS) - { - // Convert the Zs value. - BnPointTo2B(outZs, ecZ, E); - // Do the point multiply for the Ze value ([deA]QeB) - retVal = BnPointMult(ecZ, ecBe, bnAe, NULL, NULL, E); - if(retVal == TPM_RC_SUCCESS) - BnPointTo2B(outZe, ecZ, E); - } -Exit: - CURVE_FREE(E); - return retVal; -} - -//*** CryptEcc2PhaseKeyExchange() -// This function is the dispatch routine for the EC key exchange functions that use -// two ephemeral and two static keys. -// Return Type: TPM_RC -// TPM_RC_SCHEME scheme is not defined -LIB_EXPORT TPM_RC -CryptEcc2PhaseKeyExchange( - TPMS_ECC_POINT *outZ1, // OUT: a computed point - TPMS_ECC_POINT *outZ2, // OUT: and optional second point - TPM_ECC_CURVE curveId, // IN: the curve for the computations - TPM_ALG_ID scheme, // IN: the key exchange scheme - TPM2B_ECC_PARAMETER *dsA, // IN: static private TPM key - TPM2B_ECC_PARAMETER *deA, // IN: ephemeral private TPM key - TPMS_ECC_POINT *QsB, // IN: static public party B key - TPMS_ECC_POINT *QeB // IN: ephemeral public party B key - ) -{ - pAssert(outZ1 != NULL - && dsA != NULL && deA != NULL - && QsB != NULL && QeB != NULL); - - // Initialize the output points so that they are empty until one of the - // functions decides otherwise - outZ1->x.b.size = 0; - outZ1->y.b.size = 0; - if(outZ2 != NULL) - { - outZ2->x.b.size = 0; - outZ2->y.b.size = 0; - } - switch(scheme) - { - case ALG_ECDH_VALUE: - return C_2_2_ECDH(outZ1, outZ2, curveId, dsA, deA, QsB, QeB); - break; -#if ALG_ECMQV - case ALG_ECMQV_VALUE: - return C_2_2_MQV(outZ1, curveId, dsA, deA, QsB, QeB); - break; -#endif -#if ALG_SM2 - case ALG_SM2_VALUE: - return SM2KeyExchange(outZ1, curveId, dsA, deA, QsB, QeB); - break; -#endif - default: - return TPM_RC_SCHEME; - } -} - -#if ALG_SM2 - -//*** ComputeWForSM2() -// Compute the value for w used by SM2 -static UINT32 -ComputeWForSM2( - bigCurve E - ) -{ - // w := ceil(ceil(log2(n)) / 2) - 1 - return (BnMsb(CurveGetOrder(AccessCurveData(E))) / 2 - 1); -} - -//*** avfSm2() -// This function does the associated value computation required by SM2 key -// exchange. This is different from the avf() in the international standards -// because it returns a value that is half the size of the value returned by the -// standard avf(). For example, if 'n' is 15, 'Ws' ('w' in the standard) is 2 but -// the 'W' here is 1. This means that an input value of 14 (1110b) would return a -// value of 110b with the standard but 10b with the scheme in SM2. -static bigNum -avfSm2( - bigNum bn, // IN/OUT: the reduced value - UINT32 w // IN: the value of w - ) -{ - // a) set w := ceil(ceil(log2(n)) / 2) - 1 - // b) set x' := 2^w + ( x & (2^w - 1)) - // This is just like the avf for MQV where x' = 2^w + (x mod 2^w) - - BnMaskBits(bn, w); // as with avf1, this is too big by a factor of 2 but - // it doesn't matter because we SET the extra bit - // anyway - BnSetBit(bn, w); - return bn; -} - -//*** SM2KeyExchange() -// This function performs the key exchange defined in SM2. -// The first step is to compute -// 'tA' = ('dsA' + 'deA' avf(Xe,A)) mod 'n' -// Then, compute the 'Z' value from -// 'outZ' = ('h' 'tA' mod 'n') ('QsA' + [avf('QeB.x')]('QeB')). -// The function will compute the ephemeral public key from the ephemeral -// private key. -// All points are required to be on the curve of 'inQsA'. The function will fail -// catastrophically if this is not the case -// Return Type: TPM_RC -// TPM_RC_NO_RESULT the value for dsA does not give a valid point on the -// curve -LIB_EXPORT TPM_RC -SM2KeyExchange( - TPMS_ECC_POINT *outZ, // OUT: the computed point - TPM_ECC_CURVE curveId, // IN: the curve for the computations - TPM2B_ECC_PARAMETER *dsAIn, // IN: static private TPM key - TPM2B_ECC_PARAMETER *deAIn, // IN: ephemeral private TPM key - TPMS_ECC_POINT *QsBIn, // IN: static public party B key - TPMS_ECC_POINT *QeBIn // IN: ephemeral public party B key - ) -{ - CURVE_INITIALIZED(E, curveId); - const ECC_CURVE_DATA *C; - ECC_INITIALIZED(dsA, dsAIn); - ECC_INITIALIZED(deA, deAIn); - POINT_INITIALIZED(QsB, QsBIn); - POINT_INITIALIZED(QeB, QeBIn); - BN_WORD_INITIALIZED(One, 1); - POINT(QeA); - ECC_NUM(XeB); - POINT(Z); - ECC_NUM(Ta); - UINT32 w; - TPM_RC retVal = TPM_RC_NO_RESULT; -// - // Parameter checks - if(E == NULL) - ERROR_RETURN(TPM_RC_CURVE); - C = AccessCurveData(E); - pAssert(outZ != NULL && dsA != NULL && deA != NULL && QsB != NULL - && QeB != NULL); - - // Compute the value for w - w = ComputeWForSM2(E); - - // Compute the public ephemeral key pQeA = [de,A]G - if(!BnEccModMult(QeA, CurveGetG(C), deA, E)) - goto Exit; - - // tA := (ds,A + de,A avf(Xe,A)) mod n (3) - // Compute 'tA' = ('dsA' + 'deA' avf('XeA')) mod n - // Ta = avf(XeA); - // do Ta = de,A * Ta = deA * avf(XeA) - BnMult(Ta, deA, avfSm2(QeA->x, w)); - // now Ta = dsA + Ta = dsA + deA * avf(XeA) - BnAdd(Ta, dsA, Ta); - BnMod(Ta, CurveGetOrder(C)); - - // outZ = [h tA mod n] (Qs,B + [avf(Xe,B)](Qe,B)) (4) - // Put this in because almost every case of h is == 1 so skip the call when - // not necessary. - if(!BnEqualWord(CurveGetCofactor(C), 1)) - // Cofactor is not 1 so compute Ta := Ta * h mod n - BnModMult(Ta, Ta, CurveGetCofactor(C), CurveGetOrder(C)); - // Now that 'tA' is (h * 'tA' mod n) - // 'outZ' = ['tA'](QsB + [avf(QeB.x)](QeB)). - BnCopy(XeB, QeB->x); - if(!BnEccModMult2(Z, QsB, One, QeB, avfSm2(XeB, w), E)) - goto Exit; - // QeB := [tA]QeB = [tA](QsB + [Xe,B]QeB) and check for at infinity - if(!BnEccModMult(Z, Z, Ta, E)) - goto Exit; - // Convert BIGNUM E to TPM2B E - BnPointTo2B(outZ, Z, E); - retVal = TPM_RC_SUCCESS; -Exit: - CURVE_FREE(E); - return retVal; -} -#endif - -#endif // CC_ZGen_2Phase \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptEccMain.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptEccMain.c deleted file mode 100644 index 79bebfa57..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptEccMain.c +++ /dev/null @@ -1,820 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Includes and Defines -#include "Tpm.h" - -#if ALG_ECC - -// This version requires that the new format for ECC data be used -#if !USE_BN_ECC_DATA -#error "Need to SET USE_BN_ECC_DATA to YES in Implementaion.h" -#endif - -//** Functions - -#if SIMULATION -void -EccSimulationEnd( - void - ) -{ -#if SIMULATION -// put things to be printed at the end of the simulation here -#endif -} -#endif // SIMULATION - -//*** CryptEccInit() -// This function is called at _TPM_Init -BOOL -CryptEccInit( - void - ) -{ - return TRUE; -} - -//*** CryptEccStartup() -// This function is called at TPM2_Startup(). -BOOL -CryptEccStartup( - void - ) -{ - return TRUE; -} - -//*** ClearPoint2B(generic) -// Initialize the size values of a TPMS_ECC_POINT structure. -void -ClearPoint2B( - TPMS_ECC_POINT *p // IN: the point - ) -{ - if(p != NULL) - { - p->x.t.size = 0; - p->y.t.size = 0; - } -} - -//*** CryptEccGetParametersByCurveId() -// This function returns a pointer to the curve data that is associated with -// the indicated curveId. -// If there is no curve with the indicated ID, the function returns NULL. This -// function is in this module so that it can be called by GetCurve data. -// Return Type: const ECC_CURVE_DATA -// NULL curve with the indicated TPM_ECC_CURVE is not implemented -// != NULL pointer to the curve data -LIB_EXPORT const ECC_CURVE * -CryptEccGetParametersByCurveId( - TPM_ECC_CURVE curveId // IN: the curveID - ) -{ - int i; - for(i = 0; i < ECC_CURVE_COUNT; i++) - { - if(eccCurves[i].curveId == curveId) - return &eccCurves[i]; - } - return NULL; -} - -//*** CryptEccGetKeySizeForCurve() -// This function returns the key size in bits of the indicated curve. -LIB_EXPORT UINT16 -CryptEccGetKeySizeForCurve( - TPM_ECC_CURVE curveId // IN: the curve - ) -{ - const ECC_CURVE *curve = CryptEccGetParametersByCurveId(curveId); - UINT16 keySizeInBits; -// - keySizeInBits = (curve != NULL) ? curve->keySizeBits : 0; - return keySizeInBits; -} - -//*** GetCurveData() -// This function returns the a pointer for the parameter data -// associated with a curve. -const ECC_CURVE_DATA * -GetCurveData( - TPM_ECC_CURVE curveId // IN: the curveID - ) -{ - const ECC_CURVE *curve = CryptEccGetParametersByCurveId(curveId); - return (curve != NULL) ? curve->curveData : NULL; -} - -//***CryptEccGetOID() -const BYTE * -CryptEccGetOID( - TPM_ECC_CURVE curveId -) -{ - const ECC_CURVE *curve = CryptEccGetParametersByCurveId(curveId); - return (curve != NULL) ? curve->OID : NULL; -} - -//*** CryptEccGetCurveByIndex() -// This function returns the number of the 'i'-th implemented curve. The normal -// use would be to call this function with 'i' starting at 0. When the 'i' is greater -// than or equal to the number of implemented curves, TPM_ECC_NONE is returned. -LIB_EXPORT TPM_ECC_CURVE -CryptEccGetCurveByIndex( - UINT16 i - ) -{ - if(i >= ECC_CURVE_COUNT) - return TPM_ECC_NONE; - return eccCurves[i].curveId; -} - -//*** CryptEccGetParameter() -// This function returns an ECC curve parameter. The parameter is -// selected by a single character designator from the set of ""PNABXYH"". -// Return Type: BOOL -// TRUE(1) curve exists and parameter returned -// FALSE(0) curve does not exist or parameter selector -LIB_EXPORT BOOL -CryptEccGetParameter( - TPM2B_ECC_PARAMETER *out, // OUT: place to put parameter - char p, // IN: the parameter selector - TPM_ECC_CURVE curveId // IN: the curve id - ) -{ - const ECC_CURVE_DATA *curve = GetCurveData(curveId); - bigConst parameter = NULL; - - if(curve != NULL) - { - switch(p) - { - case 'p': - parameter = CurveGetPrime(curve); - break; - case 'n': - parameter = CurveGetOrder(curve); - break; - case 'a': - parameter = CurveGet_a(curve); - break; - case 'b': - parameter = CurveGet_b(curve); - break; - case 'x': - parameter = CurveGetGx(curve); - break; - case 'y': - parameter = CurveGetGy(curve); - break; - case 'h': - parameter = CurveGetCofactor(curve); - break; - default: - FAIL(FATAL_ERROR_INTERNAL); - break; - } - } - // If not debugging and we get here with parameter still NULL, had better - // not try to convert so just return FALSE instead. - return (parameter != NULL) ? BnTo2B(parameter, &out->b, 0) : 0; -} - -//*** CryptCapGetECCCurve() -// This function returns the list of implemented ECC curves. -// Return Type: TPMI_YES_NO -// YES if no more ECC curve is available -// NO if there are more ECC curves not reported -TPMI_YES_NO -CryptCapGetECCCurve( - TPM_ECC_CURVE curveID, // IN: the starting ECC curve - UINT32 maxCount, // IN: count of returned curves - TPML_ECC_CURVE *curveList // OUT: ECC curve list - ) -{ - TPMI_YES_NO more = NO; - UINT16 i; - UINT32 count = ECC_CURVE_COUNT; - TPM_ECC_CURVE curve; - - // Initialize output property list - curveList->count = 0; - - // The maximum count of curves we may return is MAX_ECC_CURVES - if(maxCount > MAX_ECC_CURVES) maxCount = MAX_ECC_CURVES; - - // Scan the eccCurveValues array - for(i = 0; i < count; i++) - { - curve = CryptEccGetCurveByIndex(i); - // If curveID is less than the starting curveID, skip it - if(curve < curveID) - continue; - if(curveList->count < maxCount) - { - // If we have not filled up the return list, add more curves to - // it - curveList->eccCurves[curveList->count] = curve; - curveList->count++; - } - else - { - // If the return list is full but we still have curves - // available, report this and stop iterating - more = YES; - break; - } - } - return more; -} - -//*** CryptGetCurveSignScheme() -// This function will return a pointer to the scheme of the curve. -const TPMT_ECC_SCHEME * -CryptGetCurveSignScheme( - TPM_ECC_CURVE curveId // IN: The curve selector - ) -{ - const ECC_CURVE *curve = CryptEccGetParametersByCurveId(curveId); - - if(curve != NULL) - return &(curve->sign); - else - return NULL; -} - -//*** CryptGenerateR() -// This function computes the commit random value for a split signing scheme. -// -// If 'c' is NULL, it indicates that 'r' is being generated -// for TPM2_Commit. -// If 'c' is not NULL, the TPM will validate that the 'gr.commitArray' -// bit associated with the input value of 'c' is SET. If not, the TPM -// returns FALSE and no 'r' value is generated. -// Return Type: BOOL -// TRUE(1) r value computed -// FALSE(0) no r value computed -BOOL -CryptGenerateR( - TPM2B_ECC_PARAMETER *r, // OUT: the generated random value - UINT16 *c, // IN/OUT: count value. - TPMI_ECC_CURVE curveID, // IN: the curve for the value - TPM2B_NAME *name // IN: optional name of a key to - // associate with 'r' - ) -{ - // This holds the marshaled g_commitCounter. - TPM2B_TYPE(8B, 8); - TPM2B_8B cntr = {{8,{0}}}; - UINT32 iterations; - TPM2B_ECC_PARAMETER n; - UINT64 currentCount = gr.commitCounter; - UINT16 t1; -// - if(!CryptEccGetParameter(&n, 'n', curveID)) - return FALSE; - - // If this is the commit phase, use the current value of the commit counter - if(c != NULL) - { - // if the array bit is not set, can't use the value. - if(!TEST_BIT((*c & COMMIT_INDEX_MASK), gr.commitArray)) - return FALSE; - - // If it is the sign phase, figure out what the counter value was - // when the commitment was made. - // - // When gr.commitArray has less than 64K bits, the extra - // bits of 'c' are used as a check to make sure that the - // signing operation is not using an out of range count value - t1 = (UINT16)currentCount; - - // If the lower bits of c are greater or equal to the lower bits of t1 - // then the upper bits of t1 must be one more than the upper bits - // of c - if((*c & COMMIT_INDEX_MASK) >= (t1 & COMMIT_INDEX_MASK)) - // Since the counter is behind, reduce the current count - currentCount = currentCount - (COMMIT_INDEX_MASK + 1); - - t1 = (UINT16)currentCount; - if((t1 & ~COMMIT_INDEX_MASK) != (*c & ~COMMIT_INDEX_MASK)) - return FALSE; - // set the counter to the value that was - // present when the commitment was made - currentCount = (currentCount & 0xffffffffffff0000) | *c; - } - // Marshal the count value to a TPM2B buffer for the KDF - cntr.t.size = sizeof(currentCount); - UINT64_TO_BYTE_ARRAY(currentCount, cntr.t.buffer); - - // Now can do the KDF to create the random value for the signing operation - // During the creation process, we may generate an r that does not meet the - // requirements of the random value. - // want to generate a new r. - r->t.size = n.t.size; - - for(iterations = 1; iterations < 1000000;) - { - int i; - CryptKDFa(CONTEXT_INTEGRITY_HASH_ALG, &gr.commitNonce.b, COMMIT_STRING, - &name->b, &cntr.b, n.t.size * 8, r->t.buffer, &iterations, FALSE); - - // "random" value must be less than the prime - if(UnsignedCompareB(r->b.size, r->b.buffer, n.t.size, n.t.buffer) >= 0) - continue; - - // in this implementation it is required that at least bit - // in the upper half of the number be set - for(i = n.t.size / 2; i >= 0; i--) - if(r->b.buffer[i] != 0) - return TRUE; - } - return FALSE; -} - -//*** CryptCommit() -// This function is called when the count value is committed. The 'gr.commitArray' -// value associated with the current count value is SET and g_commitCounter is -// incremented. The low-order 16 bits of old value of the counter is returned. -UINT16 -CryptCommit( - void - ) -{ - UINT16 oldCount = (UINT16)gr.commitCounter; - gr.commitCounter++; - SET_BIT(oldCount & COMMIT_INDEX_MASK, gr.commitArray); - return oldCount; -} - -//*** CryptEndCommit() -// This function is called when the signing operation using the committed value -// is completed. It clears the gr.commitArray bit associated with the count -// value so that it can't be used again. -void -CryptEndCommit( - UINT16 c // IN: the counter value of the commitment - ) -{ - ClearBit((c & COMMIT_INDEX_MASK), gr.commitArray, sizeof(gr.commitArray)); -} - -//*** CryptEccGetParameters() -// This function returns the ECC parameter details of the given curve. -// Return Type: BOOL -// TRUE(1) success -// FALSE(0) unsupported ECC curve ID -BOOL -CryptEccGetParameters( - TPM_ECC_CURVE curveId, // IN: ECC curve ID - TPMS_ALGORITHM_DETAIL_ECC *parameters // OUT: ECC parameters - ) -{ - const ECC_CURVE *curve = CryptEccGetParametersByCurveId(curveId); - const ECC_CURVE_DATA *data; - BOOL found = curve != NULL; - - if(found) - { - data = curve->curveData; - parameters->curveID = curve->curveId; - parameters->keySize = curve->keySizeBits; - parameters->kdf = curve->kdf; - parameters->sign = curve->sign; -// BnTo2B(data->prime, ¶meters->p.b, 0); - BnTo2B(data->prime, ¶meters->p.b, parameters->p.t.size); - BnTo2B(data->a, ¶meters->a.b, 0); - BnTo2B(data->b, ¶meters->b.b, 0); - BnTo2B(data->base.x, ¶meters->gX.b, parameters->p.t.size); - BnTo2B(data->base.y, ¶meters->gY.b, parameters->p.t.size); -// BnTo2B(data->base.x, ¶meters->gX.b, 0); -// BnTo2B(data->base.y, ¶meters->gY.b, 0); - BnTo2B(data->order, ¶meters->n.b, 0); - BnTo2B(data->h, ¶meters->h.b, 0); - } - return found; -} - -//*** BnGetCurvePrime() -// This function is used to get just the prime modulus associated with a curve. -const bignum_t * -BnGetCurvePrime( - TPM_ECC_CURVE curveId - ) -{ - const ECC_CURVE_DATA *C = GetCurveData(curveId); - return (C != NULL) ? CurveGetPrime(C) : NULL; -} - -//*** BnGetCurveOrder() -// This function is used to get just the curve order -const bignum_t * -BnGetCurveOrder( - TPM_ECC_CURVE curveId - ) -{ - const ECC_CURVE_DATA *C = GetCurveData(curveId); - return (C != NULL) ? CurveGetOrder(C) : NULL; -} - -//*** BnIsOnCurve() -// This function checks if a point is on the curve. -BOOL -BnIsOnCurve( - pointConst Q, - const ECC_CURVE_DATA *C - ) -{ - BN_VAR(right, (MAX_ECC_KEY_BITS * 3)); - BN_VAR(left, (MAX_ECC_KEY_BITS * 2)); - bigConst prime = CurveGetPrime(C); -// - // Show that point is on the curve y^2 = x^3 + ax + b; - // Or y^2 = x(x^2 + a) + b - // y^2 - BnMult(left, Q->y, Q->y); - - BnMod(left, prime); -// x^2 - BnMult(right, Q->x, Q->x); - - // x^2 + a - BnAdd(right, right, CurveGet_a(C)); - -// BnMod(right, CurveGetPrime(C)); - // x(x^2 + a) - BnMult(right, right, Q->x); - - // x(x^2 + a) + b - BnAdd(right, right, CurveGet_b(C)); - - BnMod(right, prime); - if(BnUnsignedCmp(left, right) == 0) - return TRUE; - else - return FALSE; -} - -//*** BnIsValidPrivateEcc() -// Checks that 0 < 'x' < 'q' -BOOL -BnIsValidPrivateEcc( - bigConst x, // IN: private key to check - bigCurve E // IN: the curve to check - ) -{ - BOOL retVal; - retVal = (!BnEqualZero(x) - && (BnUnsignedCmp(x, CurveGetOrder(AccessCurveData(E))) < 0)); - return retVal; -} - -LIB_EXPORT BOOL -CryptEccIsValidPrivateKey( - TPM2B_ECC_PARAMETER *d, - TPM_ECC_CURVE curveId - ) -{ - BN_INITIALIZED(bnD, MAX_ECC_PARAMETER_BYTES * 8, d); - return !BnEqualZero(bnD) && (BnUnsignedCmp(bnD, BnGetCurveOrder(curveId)) < 0); -} - -//*** BnPointMul() -// This function does a point multiply of the form 'R' = ['d']'S' + ['u']'Q' where the -// parameters are bigNum values. If 'S' is NULL and d is not NULL, then it computes -// 'R' = ['d']'G' + ['u']'Q' or just 'R' = ['d']'G' if 'u' and 'Q' are NULL. -// If 'skipChecks' is TRUE, then the function will not verify that the inputs are -// correct for the domain. This would be the case when the values were created by the -// CryptoEngine code. -// It will return TPM_RC_NO_RESULT if the resulting point is the point at infinity. -// Return Type: TPM_RC -// TPM_RC_NO_RESULT result of multiplication is a point at infinity -// TPM_RC_ECC_POINT 'S' or 'Q' is not on the curve -// TPM_RC_VALUE 'd' or 'u' is not < n -TPM_RC -BnPointMult( - bigPoint R, // OUT: computed point - pointConst S, // IN: optional point to multiply by 'd' - bigConst d, // IN: scalar for [d]S or [d]G - pointConst Q, // IN: optional second point - bigConst u, // IN: optional second scalar - bigCurve E // IN: curve parameters - ) -{ - BOOL OK; -// - TEST(TPM_ALG_ECDH); - - // Need one scalar - OK = (d != NULL || u != NULL); - - // If S is present, then d has to be present. If S is not - // present, then d may or may not be present - OK = OK && (((S == NULL) == (d == NULL)) || (d != NULL)); - - // either both u and Q have to be provided or neither can be provided (don't - // know what to do if only one is provided. - OK = OK && ((u == NULL) == (Q == NULL)); - - OK = OK && (E != NULL); - if(!OK) - return TPM_RC_VALUE; - - - OK = (S == NULL) || BnIsOnCurve(S, AccessCurveData(E)); - OK = OK && ((Q == NULL) || BnIsOnCurve(Q, AccessCurveData(E))); - if(!OK) - return TPM_RC_ECC_POINT; - - if((d != NULL) && (S == NULL)) - S = CurveGetG(AccessCurveData(E)); - // If only one scalar, don't need Shamir's trick - if((d == NULL) || (u == NULL)) - { - if(d == NULL) - OK = BnEccModMult(R, Q, u, E); - else - OK = BnEccModMult(R, S, d, E); - } - else - { - OK = BnEccModMult2(R, S, d, Q, u, E); - } - return (OK ? TPM_RC_SUCCESS : TPM_RC_NO_RESULT); -} - -//***BnEccGetPrivate() -// This function gets random values that are the size of the key plus 64 bits. The -// value is reduced (mod ('q' - 1)) and incremented by 1 ('q' is the order of the -// curve. This produces a value ('d') such that 1 <= 'd' < 'q'. This is the method -// of FIPS 186-4 Section B.4.1 ""Key Pair Generation Using Extra Random Bits"". -// Return Type: BOOL -// TRUE(1) success -// FALSE(0) failure generating private key -BOOL -BnEccGetPrivate( - bigNum dOut, // OUT: the qualified random value - const ECC_CURVE_DATA *C, // IN: curve for which the private key - // needs to be appropriate - RAND_STATE *rand // IN: state for DRBG - ) -{ - bigConst order = CurveGetOrder(C); - BOOL OK; - UINT32 orderBits = BnSizeInBits(order); - UINT32 orderBytes = BITS_TO_BYTES(orderBits); - BN_VAR(bnExtraBits, MAX_ECC_KEY_BITS + 64); - BN_VAR(nMinus1, MAX_ECC_KEY_BITS); -// - OK = BnGetRandomBits(bnExtraBits, (orderBytes * 8) + 64, rand); - OK = OK && BnSubWord(nMinus1, order, 1); - OK = OK && BnMod(bnExtraBits, nMinus1); - OK = OK && BnAddWord(dOut, bnExtraBits, 1); - return OK && !g_inFailureMode; -} - -//*** BnEccGenerateKeyPair() -// This function gets a private scalar from the source of random bits and does -// the point multiply to get the public key. -BOOL -BnEccGenerateKeyPair( - bigNum bnD, // OUT: private scalar - bn_point_t *ecQ, // OUT: public point - bigCurve E, // IN: curve for the point - RAND_STATE *rand // IN: DRBG state to use - ) -{ - BOOL OK = FALSE; - // Get a private scalar - OK = BnEccGetPrivate(bnD, AccessCurveData(E), rand); - - // Do a point multiply - OK = OK && BnEccModMult(ecQ, NULL, bnD, E); - if(!OK) - BnSetWord(ecQ->z, 0); - else - BnSetWord(ecQ->z, 1); - return OK; -} - -//***CryptEccNewKeyPair(***) -// This function creates an ephemeral ECC. It is ephemeral in that -// is expected that the private part of the key will be discarded -LIB_EXPORT TPM_RC -CryptEccNewKeyPair( - TPMS_ECC_POINT *Qout, // OUT: the public point - TPM2B_ECC_PARAMETER *dOut, // OUT: the private scalar - TPM_ECC_CURVE curveId // IN: the curve for the key - ) -{ - CURVE_INITIALIZED(E, curveId); - POINT(ecQ); - ECC_NUM(bnD); - BOOL OK; - - if(E == NULL) - return TPM_RC_CURVE; - - TEST(TPM_ALG_ECDH); - OK = BnEccGenerateKeyPair(bnD, ecQ, E, NULL); - if(OK) - { - BnPointTo2B(Qout, ecQ, E); - BnTo2B(bnD, &dOut->b, Qout->x.t.size); - } - else - { - Qout->x.t.size = Qout->y.t.size = dOut->t.size = 0; - } - CURVE_FREE(E); - return OK ? TPM_RC_SUCCESS : TPM_RC_NO_RESULT; -} - -//*** CryptEccPointMultiply() -// This function computes 'R' := ['dIn']'G' + ['uIn']'QIn'. Where 'dIn' and -// 'uIn' are scalars, 'G' and 'QIn' are points on the specified curve and 'G' is the -// default generator of the curve. -// -// The 'xOut' and 'yOut' parameters are optional and may be set to NULL if not -// used. -// -// It is not necessary to provide 'uIn' if 'QIn' is specified but one of 'uIn' and -// 'dIn' must be provided. If 'dIn' and 'QIn' are specified but 'uIn' is not -// provided, then 'R' = ['dIn']'QIn'. -// -// If the multiply produces the point at infinity, the TPM_RC_NO_RESULT is returned. -// -// The sizes of 'xOut' and yOut' will be set to be the size of the degree of -// the curve -// -// It is a fatal error if 'dIn' and 'uIn' are both unspecified (NULL) or if 'Qin' -// or 'Rout' is unspecified. -// -// Return Type: TPM_RC -// TPM_RC_ECC_POINT the point 'Pin' or 'Qin' is not on the curve -// TPM_RC_NO_RESULT the product point is at infinity -// TPM_RC_CURVE bad curve -// TPM_RC_VALUE 'dIn' or 'uIn' out of range -// -LIB_EXPORT TPM_RC -CryptEccPointMultiply( - TPMS_ECC_POINT *Rout, // OUT: the product point R - TPM_ECC_CURVE curveId, // IN: the curve to use - TPMS_ECC_POINT *Pin, // IN: first point (can be null) - TPM2B_ECC_PARAMETER *dIn, // IN: scalar value for [dIn]Qin - // the Pin - TPMS_ECC_POINT *Qin, // IN: point Q - TPM2B_ECC_PARAMETER *uIn // IN: scalar value for the multiplier - // of Q - ) -{ - CURVE_INITIALIZED(E, curveId); - POINT_INITIALIZED(ecP, Pin); - ECC_INITIALIZED(bnD, dIn); // If dIn is null, then bnD is null - ECC_INITIALIZED(bnU, uIn); - POINT_INITIALIZED(ecQ, Qin); - POINT(ecR); - TPM_RC retVal; -// - retVal = BnPointMult(ecR, ecP, bnD, ecQ, bnU, E); - - if(retVal == TPM_RC_SUCCESS) - BnPointTo2B(Rout, ecR, E); - else - ClearPoint2B(Rout); - CURVE_FREE(E); - return retVal; -} - -//*** CryptEccIsPointOnCurve() -// This function is used to test if a point is on a defined curve. It does this -// by checking that 'y'^2 mod 'p' = 'x'^3 + 'a'*'x' + 'b' mod 'p'. -// -// It is a fatal error if 'Q' is not specified (is NULL). -// Return Type: BOOL -// TRUE(1) point is on curve -// FALSE(0) point is not on curve or curve is not supported -LIB_EXPORT BOOL -CryptEccIsPointOnCurve( - TPM_ECC_CURVE curveId, // IN: the curve selector - TPMS_ECC_POINT *Qin // IN: the point. - ) -{ - const ECC_CURVE_DATA *C = GetCurveData(curveId); - POINT_INITIALIZED(ecQ, Qin); - BOOL OK; -// - pAssert(Qin != NULL); - OK = (C != NULL && (BnIsOnCurve(ecQ, C))); - return OK; -} - -//*** CryptEccGenerateKey() -// This function generates an ECC key pair based on the input parameters. -// This routine uses KDFa to produce candidate numbers. The method is according -// to FIPS 186-3, section B.1.2 "Key Pair Generation by Testing Candidates." -// According to the method in FIPS 186-3, the resulting private value 'd' should be -// 1 <= 'd' < 'n' where 'n' is the order of the base point. -// -// It is a fatal error if 'Qout', 'dOut', is not provided (is NULL). -// -// If the curve is not supported -// If 'seed' is not provided, then a random number will be used for the key -// Return Type: TPM_RC -// TPM_RC_CURVE curve is not supported -// TPM_RC_NO_RESULT could not verify key with signature (FIPS only) -LIB_EXPORT TPM_RC -CryptEccGenerateKey( - TPMT_PUBLIC *publicArea, // IN/OUT: The public area template for - // the new key. The public key - // area will be replaced computed - // ECC public key - TPMT_SENSITIVE *sensitive, // OUT: the sensitive area will be - // updated to contain the private - // ECC key and the symmetric - // encryption key - RAND_STATE *rand // IN: if not NULL, the deterministic - // RNG state - ) -{ - CURVE_INITIALIZED(E, publicArea->parameters.eccDetail.curveID); - ECC_NUM(bnD); - POINT(ecQ); - BOOL OK; - TPM_RC retVal; -// - TEST(TPM_ALG_ECDSA); // ECDSA is used to verify each key - - // Validate parameters - if(E == NULL) - ERROR_RETURN(TPM_RC_CURVE); - - publicArea->unique.ecc.x.t.size = 0; - publicArea->unique.ecc.y.t.size = 0; - sensitive->sensitive.ecc.t.size = 0; - - OK = BnEccGenerateKeyPair(bnD, ecQ, E, rand); - if(OK) - { - BnPointTo2B(&publicArea->unique.ecc, ecQ, E); - BnTo2B(bnD, &sensitive->sensitive.ecc.b, publicArea->unique.ecc.x.t.size); - } -#if FIPS_COMPLIANT - // See if PWCT is required - if(OK && IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, sign)) - { - ECC_NUM(bnT); - ECC_NUM(bnS); - TPM2B_DIGEST digest; -// - TEST(TPM_ALG_ECDSA); - digest.t.size = MIN(sensitive->sensitive.ecc.t.size, sizeof(digest.t.buffer)); - // Get a random value to sign using the built in DRBG state - DRBG_Generate(NULL, digest.t.buffer, digest.t.size); - if(g_inFailureMode) - return TPM_RC_FAILURE; - BnSignEcdsa(bnT, bnS, E, bnD, &digest, NULL); - // and make sure that we can validate the signature - OK = BnValidateSignatureEcdsa(bnT, bnS, E, ecQ, &digest) == TPM_RC_SUCCESS; - } -#endif - retVal = (OK) ? TPM_RC_SUCCESS : TPM_RC_NO_RESULT; -Exit: - CURVE_FREE(E); - return retVal; -} - -#endif // ALG_ECC \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptEccSignature.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptEccSignature.c deleted file mode 100644 index 42a198224..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptEccSignature.c +++ /dev/null @@ -1,931 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Includes and Defines -#include "Tpm.h" -#include "CryptEccSignature_fp.h" - -#if ALG_ECC - -//** Utility Functions - -//*** EcdsaDigest() -// Function to adjust the digest so that it is no larger than the order of the -// curve. This is used for ECDSA sign and verification. -static bigNum -EcdsaDigest( - bigNum bnD, // OUT: the adjusted digest - const TPM2B_DIGEST *digest, // IN: digest to adjust - bigConst max // IN: value that indicates the maximum - // number of bits in the results - ) -{ - int bitsInMax = BnSizeInBits(max); - int shift; -// - if(digest == NULL) - BnSetWord(bnD, 0); - else - { - BnFromBytes(bnD, digest->t.buffer, - (NUMBYTES)MIN(digest->t.size, BITS_TO_BYTES(bitsInMax))); - shift = BnSizeInBits(bnD) - bitsInMax; - if(shift > 0) - BnShiftRight(bnD, bnD, shift); - } - return bnD; -} - -//*** BnSchnorrSign() -// This contains the Schnorr signature computation. It is used by both ECDSA and -// Schnorr signing. The result is computed as: ['s' = 'k' + 'r' * 'd' (mod 'n')] -// where -// 1) 's' is the signature -// 2) 'k' is a random value -// 3) 'r' is the value to sign -// 4) 'd' is the private EC key -// 5) 'n' is the order of the curve -// Return Type: TPM_RC -// TPM_RC_NO_RESULT the result of the operation was zero or 'r' (mod 'n') -// is zero -static TPM_RC -BnSchnorrSign( - bigNum bnS, // OUT: 's' component of the signature - bigConst bnK, // IN: a random value - bigNum bnR, // IN: the signature 'r' value - bigConst bnD, // IN: the private key - bigConst bnN // IN: the order of the curve - ) -{ - // Need a local temp value to store the intermediate computation because product - // size can be larger than will fit in bnS. - BN_VAR(bnT1, MAX_ECC_PARAMETER_BYTES * 2 * 8); -// - // Reduce bnR without changing the input value - BnDiv(NULL, bnT1, bnR, bnN); - if(BnEqualZero(bnT1)) - return TPM_RC_NO_RESULT; - // compute s = (k + r * d)(mod n) - // r * d - BnMult(bnT1, bnT1, bnD); - // k * r * d - BnAdd(bnT1, bnT1, bnK); - // k + r * d (mod n) - BnDiv(NULL, bnS, bnT1, bnN); - return (BnEqualZero(bnS)) ? TPM_RC_NO_RESULT : TPM_RC_SUCCESS; -} - -//** Signing Functions - -//*** BnSignEcdsa() -// This function implements the ECDSA signing algorithm. The method is described -// in the comments below. -TPM_RC -BnSignEcdsa( - bigNum bnR, // OUT: 'r' component of the signature - bigNum bnS, // OUT: 's' component of the signature - bigCurve E, // IN: the curve used in the signature - // process - bigNum bnD, // IN: private signing key - const TPM2B_DIGEST *digest, // IN: the digest to sign - RAND_STATE *rand // IN: used in debug of signing - ) -{ - ECC_NUM(bnK); - ECC_NUM(bnIk); - BN_VAR(bnE, MAX(MAX_ECC_KEY_BYTES, MAX_DIGEST_SIZE) * 8); - POINT(ecR); - bigConst order = CurveGetOrder(AccessCurveData(E)); - TPM_RC retVal = TPM_RC_SUCCESS; - INT32 tries = 10; - BOOL OK = FALSE; -// - pAssert(digest != NULL); - // The algorithm as described in "Suite B Implementer's Guide to FIPS - // 186-3(ECDSA)" - // 1. Use one of the routines in Appendix A.2 to generate (k, k^-1), a - // per-message secret number and its inverse modulo n. Since n is prime, - // the output will be invalid only if there is a failure in the RBG. - // 2. Compute the elliptic curve point R = [k]G = (xR, yR) using EC scalar - // multiplication (see [Routines]), where G is the base point included in - // the set of domain parameters. - // 3. Compute r = xR mod n. If r = 0, then return to Step 1. 1. - // 4. Use the selected hash function to compute H = Hash(M). - // 5. Convert the bit string H to an integer e as described in Appendix B.2. - // 6. Compute s = (k^-1 * (e + d * r)) mod q. If s = 0, return to Step 1.2. - // 7. Return (r, s). - // In the code below, q is n (that it, the order of the curve is p) - - do // This implements the loop at step 6. If s is zero, start over. - { - for(; tries > 0; tries--) - { - // Step 1 and 2 -- generate an ephemeral key and the modular inverse - // of the private key. - if(!BnEccGenerateKeyPair(bnK, ecR, E, rand)) - continue; - // x coordinate is mod p. Make it mod q - BnMod(ecR->x, order); - // Make sure that it is not zero; - if(BnEqualZero(ecR->x)) - continue; - // write the modular reduced version of r as part of the signature - BnCopy(bnR, ecR->x); - // Make sure that a modular inverse exists and try again if not - OK = (BnModInverse(bnIk, bnK, order)); - if(OK) - break; - } - if(!OK) - goto Exit; - - EcdsaDigest(bnE, digest, order); - - // now have inverse of K (bnIk), e (bnE), r (bnR), d (bnD) and - // CurveGetOrder(E) - // Compute s = k^-1 (e + r*d)(mod q) - // first do s = r*d mod q - BnModMult(bnS, bnR, bnD, order); - // s = e + s = e + r * d - BnAdd(bnS, bnE, bnS); - // s = k^(-1)s (mod n) = k^(-1)(e + r * d)(mod n) - BnModMult(bnS, bnIk, bnS, order); - - // If S is zero, try again - } while(BnEqualZero(bnS)); -Exit: - return retVal; -} - -#if ALG_ECDAA - -//*** BnSignEcdaa() -// -// This function performs 's' = 'r' + 'T' * 'd' mod 'q' where -// 1) 'r is a random, or pseudo-random value created in the commit phase -// 2) 'nonceK' is a TPM-generated, random value 0 < 'nonceK' < 'n' -// 3) 'T' is mod 'q' of "Hash"('nonceK' || 'digest'), and -// 4) 'd' is a private key. -// -// The signature is the tuple ('nonceK', 's') -// -// Regrettably, the parameters in this function kind of collide with the parameter -// names used in ECSCHNORR making for a lot of confusion. -// Return Type: TPM_RC -// TPM_RC_SCHEME unsupported hash algorithm -// TPM_RC_NO_RESULT cannot get values from random number generator -static TPM_RC -BnSignEcdaa( - TPM2B_ECC_PARAMETER *nonceK, // OUT: 'nonce' component of the signature - bigNum bnS, // OUT: 's' component of the signature - bigCurve E, // IN: the curve used in signing - bigNum bnD, // IN: the private key - const TPM2B_DIGEST *digest, // IN: the value to sign (mod 'q') - TPMT_ECC_SCHEME *scheme, // IN: signing scheme (contains the - // commit count value). - OBJECT *eccKey, // IN: The signing key - RAND_STATE *rand // IN: a random number state - ) -{ - TPM_RC retVal; - TPM2B_ECC_PARAMETER r; - HASH_STATE state; - TPM2B_DIGEST T; - BN_MAX(bnT); -// - NOT_REFERENCED(rand); - if(!CryptGenerateR(&r, &scheme->details.ecdaa.count, - eccKey->publicArea.parameters.eccDetail.curveID, - &eccKey->name)) - retVal = TPM_RC_VALUE; - else - { - // This allocation is here because 'r' doesn't have a value until - // CrypGenerateR() is done. - ECC_INITIALIZED(bnR, &r); - do - { - // generate nonceK such that 0 < nonceK < n - // use bnT as a temp. - if(!BnEccGetPrivate(bnT, AccessCurveData(E), rand)) - { - retVal = TPM_RC_NO_RESULT; - break; - } - BnTo2B(bnT, &nonceK->b, 0); - - T.t.size = CryptHashStart(&state, scheme->details.ecdaa.hashAlg); - if(T.t.size == 0) - { - retVal = TPM_RC_SCHEME; - } - else - { - CryptDigestUpdate2B(&state, &nonceK->b); - CryptDigestUpdate2B(&state, &digest->b); - CryptHashEnd2B(&state, &T.b); - BnFrom2B(bnT, &T.b); - // Watch out for the name collisions in this call!! - retVal = BnSchnorrSign(bnS, bnR, bnT, bnD, - AccessCurveData(E)->order); - } - } while(retVal == TPM_RC_NO_RESULT); - // Because the rule is that internal state is not modified if the command - // fails, only end the commit if the command succeeds. - // NOTE that if the result of the Schnorr computation was zero - // it will probably not be worthwhile to run the same command again because - // the result will still be zero. This means that the Commit command will - // need to be run again to get a new commit value for the signature. - if(retVal == TPM_RC_SUCCESS) - CryptEndCommit(scheme->details.ecdaa.count); - } - return retVal; -} -#endif // ALG_ECDAA - -#if ALG_ECSCHNORR - -//*** SchnorrReduce() -// Function to reduce a hash result if it's magnitude is too large. The size of -// 'number' is set so that it has no more bytes of significance than 'reference' -// value. If the resulting number can have more bits of significance than -// 'reference'. -static void -SchnorrReduce( - TPM2B *number, // IN/OUT: Value to reduce - bigConst reference // IN: the reference value - ) -{ - UINT16 maxBytes = (UINT16)BITS_TO_BYTES(BnSizeInBits(reference)); - if(number->size > maxBytes) - number->size = maxBytes; -} - -//*** SchnorrEcc() -// This function is used to perform a modified Schnorr signature. -// -// This function will generate a random value 'k' and compute -// a) ('xR', 'yR') = ['k']'G' -// b) 'r' = "Hash"('xR' || 'P')(mod 'q') -// c) 'rT' = truncated 'r' -// d) 's'= 'k' + 'rT' * 'ds' (mod 'q') -// e) return the tuple 'rT', 's' -// -// Return Type: TPM_RC -// TPM_RC_NO_RESULT failure in the Schnorr sign process -// TPM_RC_SCHEME hashAlg can't produce zero-length digest -static TPM_RC -BnSignEcSchnorr( - bigNum bnR, // OUT: 'r' component of the signature - bigNum bnS, // OUT: 's' component of the signature - bigCurve E, // IN: the curve used in signing - bigNum bnD, // IN: the signing key - const TPM2B_DIGEST *digest, // IN: the digest to sign - TPM_ALG_ID hashAlg, // IN: signing scheme (contains a hash) - RAND_STATE *rand // IN: non-NULL when testing - ) -{ - HASH_STATE hashState; - UINT16 digestSize = CryptHashGetDigestSize(hashAlg); - TPM2B_TYPE(T, MAX(MAX_DIGEST_SIZE, MAX_ECC_KEY_BYTES)); - TPM2B_T T2b; - TPM2B *e = &T2b.b; - TPM_RC retVal = TPM_RC_NO_RESULT; - const ECC_CURVE_DATA *C; - bigConst order; - bigConst prime; - ECC_NUM(bnK); - POINT(ecR); -// - // Parameter checks - if(E == NULL) - ERROR_RETURN(TPM_RC_VALUE); - C = AccessCurveData(E); - order = CurveGetOrder(C); - prime = CurveGetOrder(C); - - // If the digest does not produce a hash, then null the signature and return - // a failure. - if(digestSize == 0) - { - BnSetWord(bnR, 0); - BnSetWord(bnS, 0); - ERROR_RETURN(TPM_RC_SCHEME); - } - do - { - // Generate a random key pair - if(!BnEccGenerateKeyPair(bnK, ecR, E, rand)) - break; - // Convert R.x to a string - BnTo2B(ecR->x, e, (NUMBYTES)BITS_TO_BYTES(BnSizeInBits(prime))); - - // f) compute r = Hash(e || P) (mod n) - CryptHashStart(&hashState, hashAlg); - CryptDigestUpdate2B(&hashState, e); - CryptDigestUpdate2B(&hashState, &digest->b); - e->size = CryptHashEnd(&hashState, digestSize, e->buffer); - // Reduce the hash size if it is larger than the curve order - SchnorrReduce(e, order); - // Convert hash to number - BnFrom2B(bnR, e); - // Do the Schnorr computation - retVal = BnSchnorrSign(bnS, bnK, bnR, bnD, CurveGetOrder(C)); - } while(retVal == TPM_RC_NO_RESULT); -Exit: - return retVal; -} - -#endif // ALG_ECSCHNORR - -#if ALG_SM2 -#ifdef _SM2_SIGN_DEBUG - -//*** BnHexEqual() -// This function compares a bignum value to a hex string. -// Return Type: BOOL -// TRUE(1) values equal -// FALSE(0) values not equal -static BOOL -BnHexEqual( - bigNum bn, //IN: big number value - const char *c //IN: character string number - ) -{ - ECC_NUM(bnC); - BnFromHex(bnC, c); - return (BnUnsignedCmp(bn, bnC) == 0); -} -#endif // _SM2_SIGN_DEBUG - -//*** BnSignEcSm2() -// This function signs a digest using the method defined in SM2 Part 2. The method -// in the standard will add a header to the message to be signed that is a hash of -// the values that define the key. This then hashed with the message to produce a -// digest ('e'). This function signs 'e'. -// Return Type: TPM_RC -// TPM_RC_VALUE bad curve -static TPM_RC -BnSignEcSm2( - bigNum bnR, // OUT: 'r' component of the signature - bigNum bnS, // OUT: 's' component of the signature - bigCurve E, // IN: the curve used in signing - bigNum bnD, // IN: the private key - const TPM2B_DIGEST *digest, // IN: the digest to sign - RAND_STATE *rand // IN: random number generator (mostly for - // debug) - ) -{ - BN_MAX_INITIALIZED(bnE, digest); // Don't know how big digest might be - ECC_NUM(bnN); - ECC_NUM(bnK); - ECC_NUM(bnT); // temp - POINT(Q1); - bigConst order = (E != NULL) - ? CurveGetOrder(AccessCurveData(E)) : NULL; -// -#ifdef _SM2_SIGN_DEBUG - BnFromHex(bnE, "B524F552CD82B8B028476E005C377FB1" - "9A87E6FC682D48BB5D42E3D9B9EFFE76"); - BnFromHex(bnD, "128B2FA8BD433C6C068C8D803DFF7979" - "2A519A55171B1B650C23661D15897263"); -#endif - // A3: Use random number generator to generate random number 1 <= k <= n-1; - // NOTE: Ax: numbers are from the SM2 standard -loop: - { - // Get a random number 0 < k < n - BnGenerateRandomInRange(bnK, order, rand); -#ifdef _SM2_SIGN_DEBUG - BnFromHex(bnK, "6CB28D99385C175C94F94E934817663F" - "C176D925DD72B727260DBAAE1FB2F96F"); -#endif - // A4: Figure out the point of elliptic curve (x1, y1)=[k]G, and according - // to details specified in 4.2.7 in Part 1 of this document, transform the - // data type of x1 into an integer; - if(!BnEccModMult(Q1, NULL, bnK, E)) - goto loop; - // A5: Figure out 'r' = ('e' + 'x1') mod 'n', - BnAdd(bnR, bnE, Q1->x); - BnMod(bnR, order); -#ifdef _SM2_SIGN_DEBUG - pAssert(BnHexEqual(bnR, "40F1EC59F793D9F49E09DCEF49130D41" - "94F79FB1EED2CAA55BACDB49C4E755D1")); -#endif - // if r=0 or r+k=n, return to A3; - if(BnEqualZero(bnR)) - goto loop; - BnAdd(bnT, bnK, bnR); - if(BnUnsignedCmp(bnT, bnN) == 0) - goto loop; - // A6: Figure out s = ((1 + dA)^-1 (k - r dA)) mod n, - // if s=0, return to A3; - // compute t = (1+dA)^-1 - BnAddWord(bnT, bnD, 1); - BnModInverse(bnT, bnT, order); -#ifdef _SM2_SIGN_DEBUG - pAssert(BnHexEqual(bnT, "79BFCF3052C80DA7B939E0C6914A18CB" - "B2D96D8555256E83122743A7D4F5F956")); -#endif - // compute s = t * (k - r * dA) mod n - BnModMult(bnS, bnR, bnD, order); - // k - r * dA mod n = k + n - ((r * dA) mod n) - BnSub(bnS, order, bnS); - BnAdd(bnS, bnK, bnS); - BnModMult(bnS, bnS, bnT, order); -#ifdef _SM2_SIGN_DEBUG - pAssert(BnHexEqual(bnS, "6FC6DAC32C5D5CF10C77DFB20F7C2EB6" - "67A457872FB09EC56327A67EC7DEEBE7")); -#endif - if(BnEqualZero(bnS)) - goto loop; - } - // A7: According to details specified in 4.2.1 in Part 1 of this document, - // transform the data type of r, s into bit strings, signature of message M - // is (r, s). - // This is handled by the common return code -#ifdef _SM2_SIGN_DEBUG - pAssert(BnHexEqual(bnR, "40F1EC59F793D9F49E09DCEF49130D41" - "94F79FB1EED2CAA55BACDB49C4E755D1")); - pAssert(BnHexEqual(bnS, "6FC6DAC32C5D5CF10C77DFB20F7C2EB6" - "67A457872FB09EC56327A67EC7DEEBE7")); -#endif - return TPM_RC_SUCCESS; -} -#endif // ALG_SM2 - -//*** CryptEccSign() -// This function is the dispatch function for the various ECC-based -// signing schemes. -// There is a bit of ugliness to the parameter passing. In order to test this, -// we sometime would like to use a deterministic RNG so that we can get the same -// signatures during testing. The easiest way to do this for most schemes is to -// pass in a deterministic RNG and let it return canned values during testing. -// There is a competing need for a canned parameter to use in ECDAA. To accommodate -// both needs with minimal fuss, a special type of RAND_STATE is defined to carry -// the address of the commit value. The setup and handling of this is not very -// different for the caller than what was in previous versions of the code. -// Return Type: TPM_RC -// TPM_RC_SCHEME 'scheme' is not supported -LIB_EXPORT TPM_RC -CryptEccSign( - TPMT_SIGNATURE *signature, // OUT: signature - OBJECT *signKey, // IN: ECC key to sign the hash - const TPM2B_DIGEST *digest, // IN: digest to sign - TPMT_ECC_SCHEME *scheme, // IN: signing scheme - RAND_STATE *rand - ) -{ - CURVE_INITIALIZED(E, signKey->publicArea.parameters.eccDetail.curveID); - ECC_INITIALIZED(bnD, &signKey->sensitive.sensitive.ecc.b); - ECC_NUM(bnR); - ECC_NUM(bnS); - const ECC_CURVE_DATA *C; - TPM_RC retVal = TPM_RC_SCHEME; -// - NOT_REFERENCED(scheme); - if(E == NULL) - ERROR_RETURN(TPM_RC_VALUE); - C = AccessCurveData(E); - signature->signature.ecdaa.signatureR.t.size - = sizeof(signature->signature.ecdaa.signatureR.t.buffer); - signature->signature.ecdaa.signatureS.t.size - = sizeof(signature->signature.ecdaa.signatureS.t.buffer); - TEST(signature->sigAlg); - switch(signature->sigAlg) - { - case ALG_ECDSA_VALUE: - retVal = BnSignEcdsa(bnR, bnS, E, bnD, digest, rand); - break; -#if ALG_ECDAA - case ALG_ECDAA_VALUE: - retVal = BnSignEcdaa(&signature->signature.ecdaa.signatureR, bnS, E, - bnD, digest, scheme, signKey, rand); - bnR = NULL; - break; -#endif -#if ALG_ECSCHNORR - case ALG_ECSCHNORR_VALUE: - retVal = BnSignEcSchnorr(bnR, bnS, E, bnD, digest, - signature->signature.ecschnorr.hash, - rand); - break; -#endif -#if ALG_SM2 - case ALG_SM2_VALUE: - retVal = BnSignEcSm2(bnR, bnS, E, bnD, digest, rand); - break; -#endif - default: - break; - } - // If signature generation worked, convert the results. - if(retVal == TPM_RC_SUCCESS) - { - NUMBYTES orderBytes = - (NUMBYTES)BITS_TO_BYTES(BnSizeInBits(CurveGetOrder(C))); - if(bnR != NULL) - BnTo2B(bnR, &signature->signature.ecdaa.signatureR.b, orderBytes); - if(bnS != NULL) - BnTo2B(bnS, &signature->signature.ecdaa.signatureS.b, orderBytes); - } -Exit: - CURVE_FREE(E); - return retVal; -} - -//********************* Signature Validation ******************** - -#if ALG_ECDSA - -//*** BnValidateSignatureEcdsa() -// This function validates an ECDSA signature. rIn and sIn should have been checked -// to make sure that they are in the range 0 < 'v' < 'n' -// Return Type: TPM_RC -// TPM_RC_SIGNATURE signature not valid -TPM_RC -BnValidateSignatureEcdsa( - bigNum bnR, // IN: 'r' component of the signature - bigNum bnS, // IN: 's' component of the signature - bigCurve E, // IN: the curve used in the signature - // process - bn_point_t *ecQ, // IN: the public point of the key - const TPM2B_DIGEST *digest // IN: the digest that was signed - ) -{ - // Make sure that the allocation for the digest is big enough for a maximum - // digest - BN_VAR(bnE, MAX(MAX_ECC_KEY_BYTES, MAX_DIGEST_SIZE) * 8); - POINT(ecR); - ECC_NUM(bnU1); - ECC_NUM(bnU2); - ECC_NUM(bnW); - bigConst order = CurveGetOrder(AccessCurveData(E)); - TPM_RC retVal = TPM_RC_SIGNATURE; -// - // Get adjusted digest - EcdsaDigest(bnE, digest, order); - // 1. If r and s are not both integers in the interval [1, n - 1], output - // INVALID. - // bnR and bnS were validated by the caller - // 2. Use the selected hash function to compute H0 = Hash(M0). - // This is an input parameter - // 3. Convert the bit string H0 to an integer e as described in Appendix B.2. - // Done at entry - // 4. Compute w = (s')^-1 mod n, using the routine in Appendix B.1. - if(!BnModInverse(bnW, bnS, order)) - goto Exit; - // 5. Compute u1 = (e' * w) mod n, and compute u2 = (r' * w) mod n. - BnModMult(bnU1, bnE, bnW, order); - BnModMult(bnU2, bnR, bnW, order); - // 6. Compute the elliptic curve point R = (xR, yR) = u1G+u2Q, using EC - // scalar multiplication and EC addition (see [Routines]). If R is equal to - // the point at infinity O, output INVALID. - if(BnPointMult(ecR, CurveGetG(AccessCurveData(E)), bnU1, ecQ, bnU2, E) - != TPM_RC_SUCCESS) - goto Exit; - // 7. Compute v = Rx mod n. - BnMod(ecR->x, order); - // 8. Compare v and r0. If v = r0, output VALID; otherwise, output INVALID - if(BnUnsignedCmp(ecR->x, bnR) != 0) - goto Exit; - - retVal = TPM_RC_SUCCESS; -Exit: - return retVal; -} - -#endif // ALG_ECDSA - -#if ALG_SM2 - -//*** BnValidateSignatureEcSm2() -// This function is used to validate an SM2 signature. -// Return Type: TPM_RC -// TPM_RC_SIGNATURE signature not valid -static TPM_RC -BnValidateSignatureEcSm2( - bigNum bnR, // IN: 'r' component of the signature - bigNum bnS, // IN: 's' component of the signature - bigCurve E, // IN: the curve used in the signature - // process - bigPoint ecQ, // IN: the public point of the key - const TPM2B_DIGEST *digest // IN: the digest that was signed - ) -{ - POINT(P); - ECC_NUM(bnRp); - ECC_NUM(bnT); - BN_MAX_INITIALIZED(bnE, digest); - BOOL OK; - bigConst order = CurveGetOrder(AccessCurveData(E)); - -#ifdef _SM2_SIGN_DEBUG - // Make sure that the input signature is the test signature - pAssert(BnHexEqual(bnR, - "40F1EC59F793D9F49E09DCEF49130D41" - "94F79FB1EED2CAA55BACDB49C4E755D1")); - pAssert(BnHexEqual(bnS, - "6FC6DAC32C5D5CF10C77DFB20F7C2EB6" - "67A457872FB09EC56327A67EC7DEEBE7")); -#endif - // b) compute t := (r + s) mod n - BnAdd(bnT, bnR, bnS); - BnMod(bnT, order); -#ifdef _SM2_SIGN_DEBUG - pAssert(BnHexEqual(bnT, - "2B75F07ED7ECE7CCC1C8986B991F441A" - "D324D6D619FE06DD63ED32E0C997C801")); -#endif - // c) verify that t > 0 - OK = !BnEqualZero(bnT); - if(!OK) - // set T to a value that should allow rest of the computations to run - // without trouble - BnCopy(bnT, bnS); - // d) compute (x, y) := [s]G + [t]Q - OK = BnEccModMult2(P, NULL, bnS, ecQ, bnT, E); -#ifdef _SM2_SIGN_DEBUG - pAssert(OK && BnHexEqual(P->x, - "110FCDA57615705D5E7B9324AC4B856D" - "23E6D9188B2AE47759514657CE25D112")); -#endif - // e) compute r' := (e + x) mod n (the x coordinate is in bnT) - OK = OK && BnAdd(bnRp, bnE, P->x); - OK = OK && BnMod(bnRp, order); - - // f) verify that r' = r - OK = OK && (BnUnsignedCmp(bnR, bnRp) == 0); - - if(!OK) - return TPM_RC_SIGNATURE; - else - return TPM_RC_SUCCESS; -} - -#endif // ALG_SM2 - -#if ALG_ECSCHNORR - -//*** BnValidateSignatureEcSchnorr() -// This function is used to validate an EC Schnorr signature. -// Return Type: TPM_RC -// TPM_RC_SIGNATURE signature not valid -static TPM_RC -BnValidateSignatureEcSchnorr( - bigNum bnR, // IN: 'r' component of the signature - bigNum bnS, // IN: 's' component of the signature - TPM_ALG_ID hashAlg, // IN: hash algorithm of the signature - bigCurve E, // IN: the curve used in the signature - // process - bigPoint ecQ, // IN: the public point of the key - const TPM2B_DIGEST *digest // IN: the digest that was signed - ) -{ - BN_MAX(bnRn); - POINT(ecE); - BN_MAX(bnEx); - const ECC_CURVE_DATA *C = AccessCurveData(E); - bigConst order = CurveGetOrder(C); - UINT16 digestSize = CryptHashGetDigestSize(hashAlg); - HASH_STATE hashState; - TPM2B_TYPE(BUFFER, MAX(MAX_ECC_PARAMETER_BYTES, MAX_DIGEST_SIZE)); - TPM2B_BUFFER Ex2 = {{sizeof(Ex2.t.buffer),{ 0 }}}; - BOOL OK; -// - // E = [s]G - [r]Q - BnMod(bnR, order); - // Make -r = n - r - BnSub(bnRn, order, bnR); - // E = [s]G + [-r]Q - OK = BnPointMult(ecE, CurveGetG(C), bnS, ecQ, bnRn, E) == TPM_RC_SUCCESS; -// // reduce the x portion of E mod q -// OK = OK && BnMod(ecE->x, order); - // Convert to byte string - OK = OK && BnTo2B(ecE->x, &Ex2.b, - (NUMBYTES)(BITS_TO_BYTES(BnSizeInBits(order)))); - if(OK) - { -// Ex = h(pE.x || digest) - CryptHashStart(&hashState, hashAlg); - CryptDigestUpdate(&hashState, Ex2.t.size, Ex2.t.buffer); - CryptDigestUpdate(&hashState, digest->t.size, digest->t.buffer); - Ex2.t.size = CryptHashEnd(&hashState, digestSize, Ex2.t.buffer); - SchnorrReduce(&Ex2.b, order); - BnFrom2B(bnEx, &Ex2.b); - // see if Ex matches R - OK = BnUnsignedCmp(bnEx, bnR) == 0; - } - return (OK) ? TPM_RC_SUCCESS : TPM_RC_SIGNATURE; -} -#endif // ALG_ECSCHNORR - -//*** CryptEccValidateSignature() -// This function validates an EcDsa or EcSchnorr signature. -// The point 'Qin' needs to have been validated to be on the curve of 'curveId'. -// Return Type: TPM_RC -// TPM_RC_SIGNATURE not a valid signature -LIB_EXPORT TPM_RC -CryptEccValidateSignature( - TPMT_SIGNATURE *signature, // IN: signature to be verified - OBJECT *signKey, // IN: ECC key signed the hash - const TPM2B_DIGEST *digest // IN: digest that was signed - ) -{ - CURVE_INITIALIZED(E, signKey->publicArea.parameters.eccDetail.curveID); - ECC_NUM(bnR); - ECC_NUM(bnS); - POINT_INITIALIZED(ecQ, &signKey->publicArea.unique.ecc); - bigConst order; - TPM_RC retVal; - - if(E == NULL) - ERROR_RETURN(TPM_RC_VALUE); - - order = CurveGetOrder(AccessCurveData(E)); - -// // Make sure that the scheme is valid - switch(signature->sigAlg) - { - case ALG_ECDSA_VALUE: -#if ALG_ECSCHNORR - case ALG_ECSCHNORR_VALUE: -#endif -#if ALG_SM2 - case ALG_SM2_VALUE: -#endif - break; - default: - ERROR_RETURN(TPM_RC_SCHEME); - break; - } - // Can convert r and s after determining that the scheme is an ECC scheme. If - // this conversion doesn't work, it means that the unmarshaling code for - // an ECC signature is broken. - BnFrom2B(bnR, &signature->signature.ecdsa.signatureR.b); - BnFrom2B(bnS, &signature->signature.ecdsa.signatureS.b); - - // r and s have to be greater than 0 but less than the curve order - if(BnEqualZero(bnR) || BnEqualZero(bnS)) - ERROR_RETURN(TPM_RC_SIGNATURE); - if((BnUnsignedCmp(bnS, order) >= 0) - || (BnUnsignedCmp(bnR, order) >= 0)) - ERROR_RETURN(TPM_RC_SIGNATURE); - - switch(signature->sigAlg) - { - case ALG_ECDSA_VALUE: - retVal = BnValidateSignatureEcdsa(bnR, bnS, E, ecQ, digest); - break; - -#if ALG_ECSCHNORR - case ALG_ECSCHNORR_VALUE: - retVal = BnValidateSignatureEcSchnorr(bnR, bnS, - signature->signature.any.hashAlg, - E, ecQ, digest); - break; -#endif -#if ALG_SM2 - case ALG_SM2_VALUE: - retVal = BnValidateSignatureEcSm2(bnR, bnS, E, ecQ, digest); - break; -#endif - default: - FAIL(FATAL_ERROR_INTERNAL); - } -Exit: - CURVE_FREE(E); - return retVal; -} - -//***CryptEccCommitCompute() -// This function performs the point multiply operations required by TPM2_Commit. -// -// If 'B' or 'M' is provided, they must be on the curve defined by 'curveId'. This -// routine does not check that they are on the curve and results are unpredictable -// if they are not. -// -// It is a fatal error if 'r' is NULL. If 'B' is not NULL, then it is a -// fatal error if 'd' is NULL or if 'K' and 'L' are both NULL. -// If 'M' is not NULL, then it is a fatal error if 'E' is NULL. -// -// Return Type: TPM_RC -// TPM_RC_NO_RESULT if 'K', 'L' or 'E' was computed to be the point -// at infinity -// TPM_RC_CANCELED a cancel indication was asserted during this -// function -LIB_EXPORT TPM_RC -CryptEccCommitCompute( - TPMS_ECC_POINT *K, // OUT: [d]B or [r]Q - TPMS_ECC_POINT *L, // OUT: [r]B - TPMS_ECC_POINT *E, // OUT: [r]M - TPM_ECC_CURVE curveId, // IN: the curve for the computations - TPMS_ECC_POINT *M, // IN: M (optional) - TPMS_ECC_POINT *B, // IN: B (optional) - TPM2B_ECC_PARAMETER *d, // IN: d (optional) - TPM2B_ECC_PARAMETER *r // IN: the computed r value (required) - ) -{ - CURVE_INITIALIZED(curve, curveId); // Normally initialize E as the curve, but - // E means something else in this function - ECC_INITIALIZED(bnR, r); - TPM_RC retVal = TPM_RC_SUCCESS; -// - // Validate that the required parameters are provided. - // Note: E has to be provided if computing E := [r]Q or E := [r]M. Will do - // E := [r]Q if both M and B are NULL. - pAssert(r != NULL && E != NULL); - - // Initialize the output points in case they are not computed - ClearPoint2B(K); - ClearPoint2B(L); - ClearPoint2B(E); - - // Sizes of the r parameter may not be zero - pAssert(r->t.size > 0); - - // If B is provided, compute K=[d]B and L=[r]B - if(B != NULL) - { - ECC_INITIALIZED(bnD, d); - POINT_INITIALIZED(pB, B); - POINT(pK); - POINT(pL); -// - pAssert(d != NULL && K != NULL && L != NULL); - - if(!BnIsOnCurve(pB, AccessCurveData(curve))) - ERROR_RETURN(TPM_RC_VALUE); - // do the math for K = [d]B - if((retVal = BnPointMult(pK, pB, bnD, NULL, NULL, curve)) != TPM_RC_SUCCESS) - goto Exit; - // Convert BN K to TPM2B K - BnPointTo2B(K, pK, curve); - // compute L= [r]B after checking for cancel - if(_plat__IsCanceled()) - ERROR_RETURN(TPM_RC_CANCELED); - // compute L = [r]B - if(!BnIsValidPrivateEcc(bnR, curve)) - ERROR_RETURN(TPM_RC_VALUE); - if((retVal = BnPointMult(pL, pB, bnR, NULL, NULL, curve)) != TPM_RC_SUCCESS) - goto Exit; - // Convert BN L to TPM2B L - BnPointTo2B(L, pL, curve); - } - if((M != NULL) || (B == NULL)) - { - POINT_INITIALIZED(pM, M); - POINT(pE); -// - // Make sure that a place was provided for the result - pAssert(E != NULL); - - // if this is the third point multiply, check for cancel first - if((B != NULL) && _plat__IsCanceled()) - ERROR_RETURN(TPM_RC_CANCELED); - - // If M provided, then pM will not be NULL and will compute E = [r]M. - // However, if M was not provided, then pM will be NULL and E = [r]G - // will be computed - if((retVal = BnPointMult(pE, pM, bnR, NULL, NULL, curve)) != TPM_RC_SUCCESS) - goto Exit; - // Convert E to 2B format - BnPointTo2B(E, pE, curve); - } -Exit: - CURVE_FREE(curve); - return retVal; -} - -#endif // ALG_ECC \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptHash.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptHash.c deleted file mode 100644 index 3f6ac63a2..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptHash.c +++ /dev/null @@ -1,938 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Description -// -// This file contains implementation of cryptographic functions for hashing. -// -//** Includes, Defines, and Types - -#define _CRYPT_HASH_C_ -#include "Tpm.h" -#include "CryptHash_fp.h" -#include "CryptHash.h" -#include "OIDs.h" - -#define HASH_TABLE_SIZE (HASH_COUNT + 1) - - -#if ALG_SHA1 -HASH_DEF_TEMPLATE(SHA1, Sha1); -#endif -#if ALG_SHA256 -HASH_DEF_TEMPLATE(SHA256, Sha256); -#endif -#if ALG_SHA384 -HASH_DEF_TEMPLATE(SHA384, Sha384); -#endif -#if ALG_SHA512 -HASH_DEF_TEMPLATE(SHA512, Sha512); -#endif -#if ALG_SM3_256 -HASH_DEF_TEMPLATE(SM3_256, Sm3_256); -#endif -HASH_DEF NULL_Def = {{0}}; - -PHASH_DEF HashDefArray[] = { -#if ALG_SHA1 - &Sha1_Def, -#endif -#if ALG_SHA256 - &Sha256_Def, -#endif -#if ALG_SHA384 - &Sha384_Def, -#endif -#if ALG_SHA512 - &Sha512_Def, -#endif -#if ALG_SM3_256 - &Sm3_256_Def, -#endif - &NULL_Def -}; - - -//** Obligatory Initialization Functions - -//*** CryptHashInit() -// This function is called by _TPM_Init do perform the initialization operations for -// the library. -BOOL -CryptHashInit( - void - ) -{ - LibHashInit(); - return TRUE; -} - -//*** CryptHashStartup() -// This function is called by TPM2_Startup(). It checks that the size of the -// HashDefArray is consistent with the HASH_COUNT. -BOOL -CryptHashStartup( - void - ) -{ - int i = sizeof(HashDefArray) / sizeof(PHASH_DEF) - 1; - return (i == HASH_COUNT); -} - -//** Hash Information Access Functions -//*** Introduction -// These functions provide access to the hash algorithm description information. - -//*** CryptGetHashDef() -// This function accesses the hash descriptor associated with a hash a -// algorithm. The function returns a pointer to a 'null' descriptor if hashAlg is -// TPM_ALG_NULL or not a defined algorithm. -PHASH_DEF -CryptGetHashDef( - TPM_ALG_ID hashAlg - ) -{ - size_t i; -#define HASHES (sizeof(HashDefArray) / sizeof(PHASH_DEF)) - for(i = 0; i < HASHES; i++) - { - PHASH_DEF p = HashDefArray[i]; - if(p->hashAlg == hashAlg) - return p; - } - return &NULL_Def; -} - -//*** CryptHashIsValidAlg() -// This function tests to see if an algorithm ID is a valid hash algorithm. If -// flag is true, then TPM_ALG_NULL is a valid hash. -// Return Type: BOOL -// TRUE(1) hashAlg is a valid, implemented hash on this TPM -// FALSE(0) hashAlg is not valid for this TPM -BOOL -CryptHashIsValidAlg( - TPM_ALG_ID hashAlg, // IN: the algorithm to check - BOOL flag // IN: TRUE if TPM_ALG_NULL is to be treated - // as a valid hash - ) -{ - if(hashAlg == TPM_ALG_NULL) - return flag; - return CryptGetHashDef(hashAlg) != &NULL_Def; -} - -//*** CryptHashGetAlgByIndex() -// This function is used to iterate through the hashes. TPM_ALG_NULL -// is returned for all indexes that are not valid hashes. -// If the TPM implements 3 hashes, then an 'index' value of 0 will -// return the first implemented hash and an 'index' of 2 will return the -// last. All other index values will return TPM_ALG_NULL. -// -// Return Type: TPM_ALG_ID -// TPM_ALG_xxx a hash algorithm -// TPM_ALG_NULL this can be used as a stop value -LIB_EXPORT TPM_ALG_ID -CryptHashGetAlgByIndex( - UINT32 index // IN: the index - ) -{ - TPM_ALG_ID hashAlg; - if(index >= HASH_COUNT) - hashAlg = TPM_ALG_NULL; - else - hashAlg = HashDefArray[index]->hashAlg; - return hashAlg; -} - -//*** CryptHashGetDigestSize() -// Returns the size of the digest produced by the hash. If 'hashAlg' is not a hash -// algorithm, the TPM will FAIL. -// Return Type: UINT16 -// 0 TPM_ALG_NULL -// > 0 the digest size -// -LIB_EXPORT UINT16 -CryptHashGetDigestSize( - TPM_ALG_ID hashAlg // IN: hash algorithm to look up - ) -{ - return CryptGetHashDef(hashAlg)->digestSize; -} - -//*** CryptHashGetBlockSize() -// Returns the size of the block used by the hash. If 'hashAlg' is not a hash -// algorithm, the TPM will FAIL. -// Return Type: UINT16 -// 0 TPM_ALG_NULL -// > 0 the digest size -// -LIB_EXPORT UINT16 -CryptHashGetBlockSize( - TPM_ALG_ID hashAlg // IN: hash algorithm to look up - ) -{ - return CryptGetHashDef(hashAlg)->blockSize; -} - -//*** CryptHashGetOid() -// This function returns a pointer to DER=encoded OID for a hash algorithm. All OIDs -// are full OID values including the Tag (0x06) and length byte. -LIB_EXPORT const BYTE * -CryptHashGetOid( - TPM_ALG_ID hashAlg -) -{ - return CryptGetHashDef(hashAlg)->OID; -} - -//*** CryptHashGetContextAlg() -// This function returns the hash algorithm associated with a hash context. -TPM_ALG_ID -CryptHashGetContextAlg( - PHASH_STATE state // IN: the context to check - ) -{ - return state->hashAlg; -} - -//** State Import and Export - -//*** CryptHashCopyState -// This function is used to clone a HASH_STATE. -LIB_EXPORT void -CryptHashCopyState( - HASH_STATE *out, // OUT: destination of the state - const HASH_STATE *in // IN: source of the state - ) -{ - pAssert(out->type == in->type); - out->hashAlg = in->hashAlg; - out->def = in->def; - if(in->hashAlg != TPM_ALG_NULL) - { - HASH_STATE_COPY(out, in); - } - if(in->type == HASH_STATE_HMAC) - { - const HMAC_STATE *hIn = (HMAC_STATE *)in; - HMAC_STATE *hOut = (HMAC_STATE *)out; - hOut->hmacKey = hIn->hmacKey; - } - return; -} - -//*** CryptHashExportState() -// This function is used to export a hash or HMAC hash state. This function -// would be called when preparing to context save a sequence object. -void -CryptHashExportState( - PCHASH_STATE internalFmt, // IN: the hash state formatted for use by - // library - PEXPORT_HASH_STATE externalFmt // OUT: the exported hash state - ) -{ - BYTE *outBuf = (BYTE *)externalFmt; -// - cAssert(sizeof(HASH_STATE) <= sizeof(EXPORT_HASH_STATE)); - // the following #define is used to move data from an aligned internal data - // structure to a byte buffer (external format data. -#define CopyToOffset(value) \ - memcpy(&outBuf[offsetof(HASH_STATE,value)], &internalFmt->value, \ - sizeof(internalFmt->value)) - // Copy the hashAlg - CopyToOffset(hashAlg); - CopyToOffset(type); -#ifdef HASH_STATE_SMAC - if(internalFmt->type == HASH_STATE_SMAC) - { - memcpy(outBuf, internalFmt, sizeof(HASH_STATE)); - return; - - } -#endif - if(internalFmt->type == HASH_STATE_HMAC) - { - HMAC_STATE *from = (HMAC_STATE *)internalFmt; - memcpy(&outBuf[offsetof(HMAC_STATE, hmacKey)], &from->hmacKey, - sizeof(from->hmacKey)); - } - if(internalFmt->hashAlg != TPM_ALG_NULL) - HASH_STATE_EXPORT(externalFmt, internalFmt); -} - -//*** CryptHashImportState() -// This function is used to import the hash state. This function -// would be called to import a hash state when the context of a sequence object -// was being loaded. -void -CryptHashImportState( - PHASH_STATE internalFmt, // OUT: the hash state formatted for use by - // the library - PCEXPORT_HASH_STATE externalFmt // IN: the exported hash state - ) -{ - BYTE *inBuf = (BYTE *)externalFmt; -// -#define CopyFromOffset(value) \ - memcpy(&internalFmt->value, &inBuf[offsetof(HASH_STATE,value)], \ - sizeof(internalFmt->value)) - - // Copy the hashAlg of the byte-aligned input structure to the structure-aligned - // internal structure. - CopyFromOffset(hashAlg); - CopyFromOffset(type); - if(internalFmt->hashAlg != TPM_ALG_NULL) - { -#ifdef HASH_STATE_SMAC - if(internalFmt->type == HASH_STATE_SMAC) - { - memcpy(internalFmt, inBuf, sizeof(HASH_STATE)); - return; - } -#endif - internalFmt->def = CryptGetHashDef(internalFmt->hashAlg); - HASH_STATE_IMPORT(internalFmt, inBuf); - if(internalFmt->type == HASH_STATE_HMAC) - { - HMAC_STATE *to = (HMAC_STATE *)internalFmt; - memcpy(&to->hmacKey, &inBuf[offsetof(HMAC_STATE, hmacKey)], - sizeof(to->hmacKey)); - } - } -} - -//** State Modification Functions - -//***HashEnd() -// Local function to complete a hash that uses the hashDef instead of an algorithm -// ID. This function is used to complete the hash and only return a partial digest. -// The return value is the size of the data copied. -static UINT16 -HashEnd( - PHASH_STATE hashState, // IN: the hash state - UINT32 dOutSize, // IN: the size of receive buffer - PBYTE dOut // OUT: the receive buffer - ) -{ - BYTE temp[MAX_DIGEST_SIZE]; - if((hashState->hashAlg == TPM_ALG_NULL) - || (hashState->type != HASH_STATE_HASH)) - dOutSize = 0; - if(dOutSize > 0) - { - hashState->def = CryptGetHashDef(hashState->hashAlg); - // Set the final size - dOutSize = MIN(dOutSize, hashState->def->digestSize); - // Complete into the temp buffer and then copy - HASH_END(hashState, temp); - // Don't want any other functions calling the HASH_END method - // directly. -#undef HASH_END - memcpy(dOut, &temp, dOutSize); - } - hashState->type = HASH_STATE_EMPTY; - return (UINT16)dOutSize; -} - -//*** CryptHashStart() -// Functions starts a hash stack -// Start a hash stack and returns the digest size. As a side effect, the -// value of 'stateSize' in hashState is updated to indicate the number of bytes -// of state that were saved. This function calls GetHashServer() and that function -// will put the TPM into failure mode if the hash algorithm is not supported. -// -// This function does not use the sequence parameter. If it is necessary to import -// or export context, this will start the sequence in a local state -// and export the state to the input buffer. Will need to add a flag to the state -// structure to indicate that it needs to be imported before it can be used. -// (BLEH). -// Return Type: UINT16 -// 0 hash is TPM_ALG_NULL -// >0 digest size -LIB_EXPORT UINT16 -CryptHashStart( - PHASH_STATE hashState, // OUT: the running hash state - TPM_ALG_ID hashAlg // IN: hash algorithm - ) -{ - UINT16 retVal; - - TEST(hashAlg); - - hashState->hashAlg = hashAlg; - if(hashAlg == TPM_ALG_NULL) - { - retVal = 0; - } - else - { - hashState->def = CryptGetHashDef(hashAlg); - HASH_START(hashState); - retVal = hashState->def->digestSize; - } -#undef HASH_START - hashState->type = HASH_STATE_HASH; - return retVal; -} - -//*** CryptDigestUpdate() -// Add data to a hash or HMAC, SMAC stack. -// -void -CryptDigestUpdate( - PHASH_STATE hashState, // IN: the hash context information - UINT32 dataSize, // IN: the size of data to be added - const BYTE *data // IN: data to be hashed - ) -{ - if(hashState->hashAlg != TPM_ALG_NULL) - { - if((hashState->type == HASH_STATE_HASH) - || (hashState->type == HASH_STATE_HMAC)) - HASH_DATA(hashState, dataSize, (BYTE *)data); -#if SMAC_IMPLEMENTED - else if(hashState->type == HASH_STATE_SMAC) - (hashState->state.smac.smacMethods.data)(&hashState->state.smac.state, - dataSize, data); -#endif // SMAC_IMPLEMENTED - else - FAIL(FATAL_ERROR_INTERNAL); - } - return; -} - -//*** CryptHashEnd() -// Complete a hash or HMAC computation. This function will place the smaller of -// 'digestSize' or the size of the digest in 'dOut'. The number of bytes in the -// placed in the buffer is returned. If there is a failure, the returned value -// is <= 0. -// Return Type: UINT16 -// 0 no data returned -// > 0 the number of bytes in the digest or dOutSize, whichever is smaller -LIB_EXPORT UINT16 -CryptHashEnd( - PHASH_STATE hashState, // IN: the state of hash stack - UINT32 dOutSize, // IN: size of digest buffer - BYTE *dOut // OUT: hash digest - ) -{ - pAssert(hashState->type == HASH_STATE_HASH); - return HashEnd(hashState, dOutSize, dOut); -} - -//*** CryptHashBlock() -// Start a hash, hash a single block, update 'digest' and return the size of -// the results. -// -// The 'digestSize' parameter can be smaller than the digest. If so, only the more -// significant bytes are returned. -// Return Type: UINT16 -// >= 0 number of bytes placed in 'dOut' -LIB_EXPORT UINT16 -CryptHashBlock( - TPM_ALG_ID hashAlg, // IN: The hash algorithm - UINT32 dataSize, // IN: size of buffer to hash - const BYTE *data, // IN: the buffer to hash - UINT32 dOutSize, // IN: size of the digest buffer - BYTE *dOut // OUT: digest buffer - ) -{ - HASH_STATE state; - CryptHashStart(&state, hashAlg); - CryptDigestUpdate(&state, dataSize, data); - return HashEnd(&state, dOutSize, dOut); -} - -//*** CryptDigestUpdate2B() -// This function updates a digest (hash or HMAC) with a TPM2B. -// -// This function can be used for both HMAC and hash functions so the -// 'digestState' is void so that either state type can be passed. -LIB_EXPORT void -CryptDigestUpdate2B( - PHASH_STATE state, // IN: the digest state - const TPM2B *bIn // IN: 2B containing the data - ) -{ - // Only compute the digest if a pointer to the 2B is provided. - // In CryptDigestUpdate(), if size is zero or buffer is NULL, then no change - // to the digest occurs. This function should not provide a buffer if bIn is - // not provided. - pAssert(bIn != NULL); - CryptDigestUpdate(state, bIn->size, bIn->buffer); - return; -} - -//*** CryptHashEnd2B() -// This function is the same as CryptCompleteHash() but the digest is -// placed in a TPM2B. This is the most common use and this is provided -// for specification clarity. 'digest.size' should be set to indicate the number of -// bytes to place in the buffer -// Return Type: UINT16 -// >=0 the number of bytes placed in 'digest.buffer' -LIB_EXPORT UINT16 -CryptHashEnd2B( - PHASH_STATE state, // IN: the hash state - P2B digest // IN: the size of the buffer Out: requested - // number of bytes - ) -{ - return CryptHashEnd(state, digest->size, digest->buffer); -} - -//*** CryptDigestUpdateInt() -// This function is used to include an integer value to a hash stack. The function -// marshals the integer into its canonical form before calling CryptDigestUpdate(). -LIB_EXPORT void -CryptDigestUpdateInt( - void *state, // IN: the state of hash stack - UINT32 intSize, // IN: the size of 'intValue' in bytes - UINT64 intValue // IN: integer value to be hashed - ) -{ -#if LITTLE_ENDIAN_TPM - intValue = REVERSE_ENDIAN_64(intValue); -#endif - CryptDigestUpdate(state, intSize, &((BYTE *)&intValue)[8 - intSize]); -} - -//** HMAC Functions - -//*** CryptHmacStart() -// This function is used to start an HMAC using a temp -// hash context. The function does the initialization -// of the hash with the HMAC key XOR iPad and updates the -// HMAC key XOR oPad. -// -// The function returns the number of bytes in a digest produced by 'hashAlg'. -// Return Type: UINT16 -// >= 0 number of bytes in digest produced by 'hashAlg' (may be zero) -// -LIB_EXPORT UINT16 -CryptHmacStart( - PHMAC_STATE state, // IN/OUT: the state buffer - TPM_ALG_ID hashAlg, // IN: the algorithm to use - UINT16 keySize, // IN: the size of the HMAC key - const BYTE *key // IN: the HMAC key - ) -{ - PHASH_DEF hashDef; - BYTE * pb; - UINT32 i; -// - hashDef = CryptGetHashDef(hashAlg); - if(hashDef->digestSize != 0) - { - // If the HMAC key is larger than the hash block size, it has to be reduced - // to fit. The reduction is a digest of the hashKey. - if(keySize > hashDef->blockSize) - { - // if the key is too big, reduce it to a digest of itself - state->hmacKey.t.size = CryptHashBlock(hashAlg, keySize, key, - hashDef->digestSize, - state->hmacKey.t.buffer); - } - else - { - memcpy(state->hmacKey.t.buffer, key, keySize); - state->hmacKey.t.size = keySize; - } - // XOR the key with iPad (0x36) - pb = state->hmacKey.t.buffer; - for(i = state->hmacKey.t.size; i > 0; i--) - *pb++ ^= 0x36; - - // if the keySize is smaller than a block, fill the rest with 0x36 - for(i = hashDef->blockSize - state->hmacKey.t.size; i > 0; i--) - *pb++ = 0x36; - - // Increase the oPadSize to a full block - state->hmacKey.t.size = hashDef->blockSize; - - // Start a new hash with the HMAC key - // This will go in the caller's state structure and may be a sequence or not - CryptHashStart((PHASH_STATE)state, hashAlg); - CryptDigestUpdate((PHASH_STATE)state, state->hmacKey.t.size, - state->hmacKey.t.buffer); - // XOR the key block with 0x5c ^ 0x36 - for(pb = state->hmacKey.t.buffer, i = hashDef->blockSize; i > 0; i--) - *pb++ ^= (0x5c ^ 0x36); - } - // Set the hash algorithm - state->hashState.hashAlg = hashAlg; - // Set the hash state type - state->hashState.type = HASH_STATE_HMAC; - - return hashDef->digestSize; -} - -//*** CryptHmacEnd() -// This function is called to complete an HMAC. It will finish the current -// digest, and start a new digest. It will then add the oPadKey and the -// completed digest and return the results in dOut. It will not return more -// than dOutSize bytes. -// Return Type: UINT16 -// >= 0 number of bytes in 'dOut' (may be zero) -LIB_EXPORT UINT16 -CryptHmacEnd( - PHMAC_STATE state, // IN: the hash state buffer - UINT32 dOutSize, // IN: size of digest buffer - BYTE *dOut // OUT: hash digest - ) -{ - BYTE temp[MAX_DIGEST_SIZE]; - PHASH_STATE hState = (PHASH_STATE)&state->hashState; - -#if SMAC_IMPLEMENTED - if(hState->type == HASH_STATE_SMAC) - return (state->hashState.state.smac.smacMethods.end) - (&state->hashState.state.smac.state, - dOutSize, - dOut); -#endif - pAssert(hState->type == HASH_STATE_HMAC); - hState->def = CryptGetHashDef(hState->hashAlg); - // Change the state type for completion processing - hState->type = HASH_STATE_HASH; - if(hState->hashAlg == TPM_ALG_NULL) - dOutSize = 0; - else - { - - // Complete the current hash - HashEnd(hState, hState->def->digestSize, temp); - // Do another hash starting with the oPad - CryptHashStart(hState, hState->hashAlg); - CryptDigestUpdate(hState, state->hmacKey.t.size, state->hmacKey.t.buffer); - CryptDigestUpdate(hState, hState->def->digestSize, temp); - } - return HashEnd(hState, dOutSize, dOut); -} - -//*** CryptHmacStart2B() -// This function starts an HMAC and returns the size of the digest -// that will be produced. -// -// This function is provided to support the most common use of starting an HMAC -// with a TPM2B key. -// -// The caller must provide a block of memory in which the hash sequence state -// is kept. The caller should not alter the contents of this buffer until the -// hash sequence is completed or abandoned. -// -// Return Type: UINT16 -// > 0 the digest size of the algorithm -// = 0 the hashAlg was TPM_ALG_NULL -LIB_EXPORT UINT16 -CryptHmacStart2B( - PHMAC_STATE hmacState, // OUT: the state of HMAC stack. It will be used - // in HMAC update and completion - TPMI_ALG_HASH hashAlg, // IN: hash algorithm - P2B key // IN: HMAC key - ) -{ - return CryptHmacStart(hmacState, hashAlg, key->size, key->buffer); -} - -//*** CryptHmacEnd2B() -// This function is the same as CryptHmacEnd() but the HMAC result -// is returned in a TPM2B which is the most common use. -// Return Type: UINT16 -// >=0 the number of bytes placed in 'digest' -LIB_EXPORT UINT16 -CryptHmacEnd2B( - PHMAC_STATE hmacState, // IN: the state of HMAC stack - P2B digest // OUT: HMAC - ) -{ - return CryptHmacEnd(hmacState, digest->size, digest->buffer); -} - -//** Mask and Key Generation Functions -//*** CryptMGF1() -// This function performs MGF1 using the selected hash. MGF1 is -// T(n) = T(n-1) || H(seed || counter). -// This function returns the length of the mask produced which -// could be zero if the digest algorithm is not supported -// Return Type: UINT16 -// 0 hash algorithm was TPM_ALG_NULL -// > 0 should be the same as 'mSize' -LIB_EXPORT UINT16 -CryptMGF1( - UINT32 mSize, // IN: length of the mask to be produced - BYTE *mask, // OUT: buffer to receive the mask - TPM_ALG_ID hashAlg, // IN: hash to use - UINT32 seedSize, // IN: size of the seed - BYTE *seed // IN: seed size - ) -{ - HASH_STATE hashState; - PHASH_DEF hDef = CryptGetHashDef(hashAlg); - UINT32 remaining; - UINT32 counter = 0; - BYTE swappedCounter[4]; - - // If there is no digest to compute return - if((hashAlg == TPM_ALG_NULL) || (mSize == 0)) - return 0; - - for(remaining = mSize; ; remaining -= hDef->digestSize) - { - // Because the system may be either Endian... - UINT32_TO_BYTE_ARRAY(counter, swappedCounter); - - // Start the hash and include the seed and counter - CryptHashStart(&hashState, hashAlg); - CryptDigestUpdate(&hashState, seedSize, seed); - CryptDigestUpdate(&hashState, 4, swappedCounter); - - // Handling the completion depends on how much space remains in the mask - // buffer. If it can hold the entire digest, put it there. If not - // put the digest in a temp buffer and only copy the amount that - // will fit into the mask buffer. - HashEnd(&hashState, remaining, mask); - if(remaining <= hDef->digestSize) - break; - mask = &mask[hDef->digestSize]; - counter++; - } - return (UINT16)mSize; -} - -//*** CryptKDFa() -// This function performs the key generation according to Part 1 of the -// TPM specification. -// -// This function returns the number of bytes generated which may be zero. -// -// The 'key' and 'keyStream' pointers are not allowed to be NULL. The other -// pointer values may be NULL. The value of 'sizeInBits' must be no larger -// than (2^18)-1 = 256K bits (32385 bytes). -// -// The 'once' parameter is set to allow incremental generation of a large -// value. If this flag is TRUE, 'sizeInBits' will be used in the HMAC computation -// but only one iteration of the KDF is performed. This would be used for -// XOR obfuscation so that the mask value can be generated in digest-sized -// chunks rather than having to be generated all at once in an arbitrarily -// large buffer and then XORed into the result. If 'once' is TRUE, then -// 'sizeInBits' must be a multiple of 8. -// -// Any error in the processing of this command is considered fatal. -// Return Type: UINT16 -// 0 hash algorithm is not supported or is TPM_ALG_NULL -// > 0 the number of bytes in the 'keyStream' buffer -LIB_EXPORT UINT16 -CryptKDFa( - TPM_ALG_ID hashAlg, // IN: hash algorithm used in HMAC - const TPM2B *key, // IN: HMAC key - const TPM2B *label, // IN: a label for the KDF - const TPM2B *contextU, // IN: context U - const TPM2B *contextV, // IN: context V - UINT32 sizeInBits, // IN: size of generated key in bits - BYTE *keyStream, // OUT: key buffer - UINT32 *counterInOut, // IN/OUT: caller may provide the iteration - // counter for incremental operations to - // avoid large intermediate buffers. - UINT16 blocks // IN: If non-zero, this is the maximum number - // of blocks to be returned, regardless - // of sizeInBits - ) -{ - UINT32 counter = 0; // counter value - INT16 bytes; // number of bytes to produce - UINT16 generated; // number of bytes generated - BYTE *stream = keyStream; - HMAC_STATE hState; - UINT16 digestSize = CryptHashGetDigestSize(hashAlg); - - pAssert(key != NULL && keyStream != NULL); - - TEST(TPM_ALG_KDF1_SP800_108); - - if(digestSize == 0) - return 0; - - if(counterInOut != NULL) - counter = *counterInOut; - - // If the size of the request is larger than the numbers will handle, - // it is a fatal error. - pAssert(((sizeInBits + 7) / 8) <= INT16_MAX); - - // The number of bytes to be generated is the smaller of the sizeInBits bytes or - // the number of requested blocks. The number of blocks is the smaller of the - // number requested or the number allowed by sizeInBits. A partial block is - // a full block. - bytes = (blocks > 0) ? blocks * digestSize : (UINT16)BITS_TO_BYTES(sizeInBits); - generated = bytes; - - // Generate required bytes - for(; bytes > 0; bytes -= digestSize) - { - counter++; - // Start HMAC - if(CryptHmacStart(&hState, hashAlg, key->size, key->buffer) == 0) - return 0; - // Adding counter - CryptDigestUpdateInt(&hState.hashState, 4, counter); - - // Adding label - if(label != NULL) - HASH_DATA(&hState.hashState, label->size, (BYTE *)label->buffer); - // Add a null. SP108 is not very clear about when the 0 is needed but to - // make this like the previous version that did not add an 0x00 after - // a null-terminated string, this version will only add a null byte - // if the label parameter did not end in a null byte, or if no label - // is present. - if((label == NULL) - || (label->size == 0) - || (label->buffer[label->size - 1] != 0)) - CryptDigestUpdateInt(&hState.hashState, 1, 0); - // Adding contextU - if(contextU != NULL) - HASH_DATA(&hState.hashState, contextU->size, contextU->buffer); - // Adding contextV - if(contextV != NULL) - HASH_DATA(&hState.hashState, contextV->size, contextV->buffer); - // Adding size in bits - CryptDigestUpdateInt(&hState.hashState, 4, sizeInBits); - - // Complete and put the data in the buffer - CryptHmacEnd(&hState, bytes, stream); - stream = &stream[digestSize]; - } - // Masking in the KDF is disabled. If the calling function wants something - // less than even number of bytes, then the caller should do the masking - // because there is no universal way to do it here - if(counterInOut != NULL) - *counterInOut = counter; - return generated; -} - -//*** CryptKDFe() -// This function implements KDFe() as defined in TPM specification part 1. -// -// This function returns the number of bytes generated which may be zero. -// -// The 'Z' and 'keyStream' pointers are not allowed to be NULL. The other -// pointer values may be NULL. The value of 'sizeInBits' must be no larger -// than (2^18)-1 = 256K bits (32385 bytes). -// Any error in the processing of this command is considered fatal. -// Return Type: UINT16 -// 0 hash algorithm is not supported or is TPM_ALG_NULL -// > 0 the number of bytes in the 'keyStream' buffer -// -LIB_EXPORT UINT16 -CryptKDFe( - TPM_ALG_ID hashAlg, // IN: hash algorithm used in HMAC - TPM2B *Z, // IN: Z - const TPM2B *label, // IN: a label value for the KDF - TPM2B *partyUInfo, // IN: PartyUInfo - TPM2B *partyVInfo, // IN: PartyVInfo - UINT32 sizeInBits, // IN: size of generated key in bits - BYTE *keyStream // OUT: key buffer - ) -{ - HASH_STATE hashState; - PHASH_DEF hashDef = CryptGetHashDef(hashAlg); - - UINT32 counter = 0; // counter value - UINT16 hLen; - BYTE *stream = keyStream; - INT16 bytes; // number of bytes to generate - - pAssert(keyStream != NULL && Z != NULL && ((sizeInBits + 7) / 8) < INT16_MAX); -// - hLen = hashDef->digestSize; - bytes = (INT16)((sizeInBits + 7) / 8); - if(hashAlg == TPM_ALG_NULL || bytes == 0) - return 0; - - // Generate required bytes - //The inner loop of that KDF uses: - // Hash[i] := H(counter | Z | OtherInfo) (5) - // Where: - // Hash[i] the hash generated on the i-th iteration of the loop. - // H() an approved hash function - // counter a 32-bit counter that is initialized to 1 and incremented - // on each iteration - // Z the X coordinate of the product of a public ECC key and a - // different private ECC key. - // OtherInfo a collection of qualifying data for the KDF defined below. - // In this specification, OtherInfo will be constructed by: - // OtherInfo := Use | PartyUInfo | PartyVInfo - for(; bytes > 0; stream = &stream[hLen], bytes = bytes - hLen) - { - if(bytes < hLen) - hLen = bytes; - counter++; - // Do the hash - CryptHashStart(&hashState, hashAlg); - // Add counter - CryptDigestUpdateInt(&hashState, 4, counter); - - // Add Z - if(Z != NULL) - CryptDigestUpdate2B(&hashState, Z); - // Add label - if(label != NULL) - CryptDigestUpdate2B(&hashState, label); - // Add a null. SP108 is not very clear about when the 0 is needed but to - // make this like the previous version that did not add an 0x00 after - // a null-terminated string, this version will only add a null byte - // if the label parameter did not end in a null byte, or if no label - // is present. - if((label == NULL) - || (label->size == 0) - || (label->buffer[label->size - 1] != 0)) - CryptDigestUpdateInt(&hashState, 1, 0); - // Add PartyUInfo - if(partyUInfo != NULL) - CryptDigestUpdate2B(&hashState, partyUInfo); - - // Add PartyVInfo - if(partyVInfo != NULL) - CryptDigestUpdate2B(&hashState, partyVInfo); - - // Compute Hash. hLen was changed to be the smaller of bytes or hLen - // at the start of each iteration. - CryptHashEnd(&hashState, hLen, stream); - } - - // Mask off bits if the required bits is not a multiple of byte size - if((sizeInBits % 8) != 0) - keyStream[0] &= ((1 << (sizeInBits % 8)) - 1); - - return (UINT16)((sizeInBits + 7) / 8); -} \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptPrime.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptPrime.c deleted file mode 100644 index 14af46216..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptPrime.c +++ /dev/null @@ -1,385 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Introduction -// This file contains the code for prime validation. - -#include "Tpm.h" -#include "CryptPrime_fp.h" - -//#define CPRI_PRIME -//#include "PrimeTable.h" - -#include "CryptPrimeSieve_fp.h" - -extern const uint32_t s_LastPrimeInTable; -extern const uint32_t s_PrimeTableSize; -extern const uint32_t s_PrimesInTable; -extern const unsigned char s_PrimeTable[]; -extern bigConst s_CompositeOfSmallPrimes; - -//** Functions - -//*** Root2() -// This finds ceil(sqrt(n)) to use as a stopping point for searching the prime -// table. -static uint32_t -Root2( - uint32_t n - ) -{ - int32_t last = (int32_t)(n >> 2); - int32_t next = (int32_t)(n >> 1); - int32_t diff; - int32_t stop = 10; -// - // get a starting point - for(; next != 0; last >>= 1, next >>= 2); - last++; - do - { - next = (last + (n / last)) >> 1; - diff = next - last; - last = next; - if(stop-- == 0) - FAIL(FATAL_ERROR_INTERNAL); - } while(diff < -1 || diff > 1); - if((n / next) > (unsigned)next) - next++; - pAssert(next != 0); - pAssert(((n / next) <= (unsigned)next) && (n / (next + 1) < (unsigned)next)); - return next; -} - -//*** IsPrimeInt() -// This will do a test of a word of up to 32-bits in size. -BOOL -IsPrimeInt( - uint32_t n - ) -{ - uint32_t i; - uint32_t stop; - if(n < 3 || ((n & 1) == 0)) - return (n == 2); - if(n <= s_LastPrimeInTable) - { - n >>= 1; - return ((s_PrimeTable[n >> 3] >> (n & 7)) & 1); - } - // Need to search - stop = Root2(n) >> 1; - // starting at 1 is equivalent to staring at (1 << 1) + 1 = 3 - for(i = 1; i < stop; i++) - { - if((s_PrimeTable[i >> 3] >> (i & 7)) & 1) - // see if this prime evenly divides the number - if((n % ((i << 1) + 1)) == 0) - return FALSE; - } - return TRUE; -} - -//*** BnIsProbablyPrime() -// This function is used when the key sieve is not implemented. This function -// Will try to eliminate some of the obvious things before going on -// to perform MillerRabin as a final verification of primeness. -BOOL -BnIsProbablyPrime( - bigNum prime, // IN: - RAND_STATE *rand // IN: the random state just - // in case Miller-Rabin is required - ) -{ -#if RADIX_BITS > 32 - if(BnUnsignedCmpWord(prime, UINT32_MAX) <= 0) -#else - if(BnGetSize(prime) == 1) -#endif - return IsPrimeInt((uint32_t)prime->d[0]); - - if(BnIsEven(prime)) - return FALSE; - if(BnUnsignedCmpWord(prime, s_LastPrimeInTable) <= 0) - { - crypt_uword_t temp = prime->d[0] >> 1; - return ((s_PrimeTable[temp >> 3] >> (temp & 7)) & 1); - } - { - BN_VAR(n, LARGEST_NUMBER_BITS); - BnGcd(n, prime, s_CompositeOfSmallPrimes); - if(!BnEqualWord(n, 1)) - return FALSE; - } - return MillerRabin(prime, rand); -} - -//*** MillerRabinRounds() -// Function returns the number of Miller-Rabin rounds necessary to give an -// error probability equal to the security strength of the prime. These values -// are from FIPS 186-3. -UINT32 -MillerRabinRounds( - UINT32 bits // IN: Number of bits in the RSA prime - ) -{ - if(bits < 511) return 8; // don't really expect this - if(bits < 1536) return 5; // for 512 and 1K primes - return 4; // for 3K public modulus and greater -} - -//*** MillerRabin() -// This function performs a Miller-Rabin test from FIPS 186-3. It does -// 'iterations' trials on the number. In all likelihood, if the number -// is not prime, the first test fails. -// Return Type: BOOL -// TRUE(1) probably prime -// FALSE(0) composite -BOOL -MillerRabin( - bigNum bnW, - RAND_STATE *rand - ) -{ - BN_MAX(bnWm1); - BN_PRIME(bnM); - BN_PRIME(bnB); - BN_PRIME(bnZ); - BOOL ret = FALSE; // Assumed composite for easy exit - unsigned int a; - unsigned int j; - int wLen; - int i; - int iterations = MillerRabinRounds(BnSizeInBits(bnW)); -// - INSTRUMENT_INC(MillerRabinTrials[PrimeIndex]); - - pAssert(bnW->size > 1); - // Let a be the largest integer such that 2^a divides w1. - BnSubWord(bnWm1, bnW, 1); - pAssert(bnWm1->size != 0); - - // Since w is odd (w-1) is even so start at bit number 1 rather than 0 - // Get the number of bits in bnWm1 so that it doesn't have to be recomputed - // on each iteration. - i = (int)(bnWm1->size * RADIX_BITS); - // Now find the largest power of 2 that divides w1 - for(a = 1; - (a < (bnWm1->size * RADIX_BITS)) && - (BnTestBit(bnWm1, a) == 0); - a++); - // 2. m = (w1) / 2^a - BnShiftRight(bnM, bnWm1, a); - // 3. wlen = len (w). - wLen = BnSizeInBits(bnW); - // 4. For i = 1 to iterations do - for(i = 0; i < iterations; i++) - { - // 4.1 Obtain a string b of wlen bits from an RBG. - // Ensure that 1 < b < w1. - // 4.2 If ((b <= 1) or (b >= w1)), then go to step 4.1. - while(BnGetRandomBits(bnB, wLen, rand) && ((BnUnsignedCmpWord(bnB, 1) <= 0) - || (BnUnsignedCmp(bnB, bnWm1) >= 0))); - if(g_inFailureMode) - return FALSE; - - // 4.3 z = b^m mod w. - // if ModExp fails, then say this is not - // prime and bail out. - BnModExp(bnZ, bnB, bnM, bnW); - - // 4.4 If ((z == 1) or (z = w == 1)), then go to step 4.7. - if((BnUnsignedCmpWord(bnZ, 1) == 0) - || (BnUnsignedCmp(bnZ, bnWm1) == 0)) - goto step4point7; - // 4.5 For j = 1 to a 1 do. - for(j = 1; j < a; j++) - { - // 4.5.1 z = z^2 mod w. - BnModMult(bnZ, bnZ, bnZ, bnW); - // 4.5.2 If (z = w1), then go to step 4.7. - if(BnUnsignedCmp(bnZ, bnWm1) == 0) - goto step4point7; - // 4.5.3 If (z = 1), then go to step 4.6. - if(BnEqualWord(bnZ, 1)) - goto step4point6; - } - // 4.6 Return COMPOSITE. -step4point6: - INSTRUMENT_INC(failedAtIteration[i]); - goto end; - // 4.7 Continue. Comment: Increment i for the do-loop in step 4. -step4point7: - continue; - } - // 5. Return PROBABLY PRIME - ret = TRUE; -end: - return ret; -} - -#if ALG_RSA - -//*** RsaCheckPrime() -// This will check to see if a number is prime and appropriate for an -// RSA prime. -// -// This has different functionality based on whether we are using key -// sieving or not. If not, the number checked to see if it is divisible by -// the public exponent, then the number is adjusted either up or down -// in order to make it a better candidate. It is then checked for being -// probably prime. -// -// If sieving is used, the number is used to root a sieving process. -// -TPM_RC -RsaCheckPrime( - bigNum prime, - UINT32 exponent, - RAND_STATE *rand - ) -{ -#if !RSA_KEY_SIEVE - TPM_RC retVal = TPM_RC_SUCCESS; - UINT32 modE = BnModWord(prime, exponent); - - NOT_REFERENCED(rand); - - if(modE == 0) - // evenly divisible so add two keeping the number odd - BnAddWord(prime, prime, 2); - // want 0 != (p - 1) mod e - // which is 1 != p mod e - else if(modE == 1) - // subtract 2 keeping number odd and insuring that - // 0 != (p - 1) mod e - BnSubWord(prime, prime, 2); - - if(BnIsProbablyPrime(prime, rand) == 0) - ERROR_RETURN(g_inFailureMode ? TPM_RC_FAILURE : TPM_RC_VALUE); -Exit: - return retVal; -#else - return PrimeSelectWithSieve(prime, exponent, rand); -#endif -} - -//*** AdjustPrimeCandiate() -// For this math, we assume that the RSA numbers are fixed-point numbers with -// the decimal point to the "left" of the most significant bit. This approach helps -// make it clear what is happening with the MSb of the values. -// The two RSA primes have to be large enough so that their product will be a number -// with the necessary number of significant bits. For example, we want to be able -// to multiply two 1024-bit numbers to produce a number with 2028 significant bits. If -// we accept any 1024-bit prime that has its MSb set, then it is possible to produce a -// product that does not have the MSb SET. For example, if we use tiny keys of 16 bits -// and have two 8-bit 'primes' of 0x80, then the public key would be 0x4000 which is -// only 15-bits. So, what we need to do is made sure that each of the primes is large -// enough so that the product of the primes is twice as large as each prime. A little -// arithmetic will show that the only way to do this is to make sure that each of the -// primes is no less than root(2)/2. That's what this functions does. -// This function adjusts the candidate prime so that it is odd and >= root(2)/2. -// This allows the product of these two numbers to be .5, which, in fixed point -// notation means that the most significant bit is 1. -// For this routine, the root(2)/2 (0.7071067811865475) approximated with 0xB505 -// which is, in fixed point, 0.7071075439453125 or an error of 0.000108%. Just setting -// the upper two bits would give a value > 0.75 which is an error of > 6%. Given the -// amount of time all the other computations take, reducing the error is not much of -// a cost, but it isn't totally required either. -// -// This function can be replaced with a function that just sets the two most -// significant bits of each prime candidate without introducing any computational -// issues. -// -// -LIB_EXPORT void -RsaAdjustPrimeCandidate( - bigNum prime - ) -{ - UINT32 msw; - UINT32 adjusted; - - // If the radix is 32, the compiler should turn this into a simple assignment - msw = prime->d[prime->size - 1] >> ((RADIX_BITS == 64) ? 32 : 0); - // Multiplying 0xff...f by 0x4AFB gives 0xff..f - 0xB5050...0 - adjusted = (msw >> 16) * 0x4AFB; - adjusted += ((msw & 0xFFFF) * 0x4AFB) >> 16; - adjusted += 0xB5050000UL; -#if RADIX_BITS == 64 - // Save the low-order 32 bits - prime->d[prime->size - 1] &= 0xFFFFFFFFUL; - // replace the upper 32-bits - prime->d[prime->size -1] |= ((crypt_uword_t)adjusted << 32); -#else - prime->d[prime->size - 1] = (crypt_uword_t)adjusted; -#endif - // make sure the number is odd - prime->d[0] |= 1; -} - -//***BnGeneratePrimeForRSA() -// Function to generate a prime of the desired size with the proper attributes -// for an RSA prime. -TPM_RC -BnGeneratePrimeForRSA( - bigNum prime, // IN/OUT: points to the BN that will get the - // random value - UINT32 bits, // IN: number of bits to get - UINT32 exponent, // IN: the exponent - RAND_STATE *rand // IN: the random state - ) -{ - BOOL found = FALSE; -// - // Make sure that the prime is large enough - pAssert(prime->allocated >= BITS_TO_CRYPT_WORDS(bits)); - // Only try to handle specific sizes of keys in order to save overhead - pAssert((bits % 32) == 0); - prime->size = BITS_TO_CRYPT_WORDS(bits); - while(!found) - { -// The change below is to make sure that all keys that are generated from the same -// seed value will be the same regardless of the endianess or word size of the CPU. -// DRBG_Generate(rand, (BYTE *)prime->d, (UINT16)BITS_TO_BYTES(bits));// old -// if(g_inFailureMode) // old - if(!BnGetRandomBits(prime, bits, rand)) // new - return TPM_RC_FAILURE; - RsaAdjustPrimeCandidate(prime); - found = RsaCheckPrime(prime, exponent, rand) == TPM_RC_SUCCESS; - } - return TPM_RC_SUCCESS; -} - -#endif // ALG_RSA \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptPrimeSieve.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptPrimeSieve.c deleted file mode 100644 index 6c9c0c174..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptPrimeSieve.c +++ /dev/null @@ -1,571 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Includes and defines - -#include "Tpm.h" - -#if RSA_KEY_SIEVE - -#include "CryptPrimeSieve_fp.h" - -// This determines the number of bits in the largest sieve field. -#define MAX_FIELD_SIZE 2048 - -extern const uint32_t s_LastPrimeInTable; -extern const uint32_t s_PrimeTableSize; -extern const uint32_t s_PrimesInTable; -extern const unsigned char s_PrimeTable[]; - -// This table is set of prime markers. Each entry is the prime value -// for the ((n + 1) * 1024) prime. That is, the entry in s_PrimeMarkers[1] -// is the value for the 2,048th prime. This is used in the PrimeSieve -// to adjust the limit for the prime search. When processing smaller -// prime candidates, fewer primes are checked directly before going to -// Miller-Rabin. As the prime grows, it is worth spending more time eliminating -// primes as, a) the density is lower, and b) the cost of Miller-Rabin is -// higher. -const uint32_t s_PrimeMarkersCount = 6; -const uint32_t s_PrimeMarkers[] = { - 8167, 17881, 28183, 38891, 49871, 60961 }; -uint32_t primeLimit; - -//** Functions - -//*** RsaAdjustPrimeLimit() -// This used during the sieve process. The iterator for getting the -// next prime (RsaNextPrime()) will return primes until it hits the -// limit (primeLimit) set up by this function. This causes the sieve -// process to stop when an appropriate number of primes have been -// sieved. -LIB_EXPORT void -RsaAdjustPrimeLimit( - uint32_t requestedPrimes - ) -{ - if(requestedPrimes == 0 || requestedPrimes > s_PrimesInTable) - requestedPrimes = s_PrimesInTable; - requestedPrimes = (requestedPrimes - 1) / 1024; - if(requestedPrimes < s_PrimeMarkersCount) - primeLimit = s_PrimeMarkers[requestedPrimes]; - else - primeLimit = s_LastPrimeInTable; - primeLimit >>= 1; - -} - -//*** RsaNextPrime() -// This the iterator used during the sieve process. The input is the -// last prime returned (or any starting point) and the output is the -// next higher prime. The function returns 0 when the primeLimit is -// reached. -LIB_EXPORT uint32_t -RsaNextPrime( - uint32_t lastPrime - ) -{ - if(lastPrime == 0) - return 0; - lastPrime >>= 1; - for(lastPrime += 1; lastPrime <= primeLimit; lastPrime++) - { - if(((s_PrimeTable[lastPrime >> 3] >> (lastPrime & 0x7)) & 1) == 1) - return ((lastPrime << 1) + 1); - } - return 0; -} - -// This table contains a previously sieved table. It has -// the bits for 3, 5, and 7 removed. Because of the -// factors, it needs to be aligned to 105 and has -// a repeat of 105. -const BYTE seedValues[] = { - 0x16, 0x29, 0xcb, 0xa4, 0x65, 0xda, 0x30, 0x6c, - 0x99, 0x96, 0x4c, 0x53, 0xa2, 0x2d, 0x52, 0x96, - 0x49, 0xcb, 0xb4, 0x61, 0xd8, 0x32, 0x2d, 0x99, - 0xa6, 0x44, 0x5b, 0xa4, 0x2c, 0x93, 0x96, 0x69, - 0xc3, 0xb0, 0x65, 0x5a, 0x32, 0x4d, 0x89, 0xb6, - 0x48, 0x59, 0x26, 0x2d, 0xd3, 0x86, 0x61, 0xcb, - 0xb4, 0x64, 0x9a, 0x12, 0x6d, 0x91, 0xb2, 0x4c, - 0x5a, 0xa6, 0x0d, 0xc3, 0x96, 0x69, 0xc9, 0x34, - 0x25, 0xda, 0x22, 0x65, 0x99, 0xb4, 0x4c, 0x1b, - 0x86, 0x2d, 0xd3, 0x92, 0x69, 0x4a, 0xb4, 0x45, - 0xca, 0x32, 0x69, 0x99, 0x36, 0x0c, 0x5b, 0xa6, - 0x25, 0xd3, 0x94, 0x68, 0x8b, 0x94, 0x65, 0xd2, - 0x32, 0x6d, 0x18, 0xb6, 0x4c, 0x4b, 0xa6, 0x29, - 0xd1}; - -#define USE_NIBBLE - -#ifndef USE_NIBBLE -static const BYTE bitsInByte[256] = { - 0x00, 0x01, 0x01, 0x02, 0x01, 0x02, 0x02, 0x03, - 0x01, 0x02, 0x02, 0x03, 0x02, 0x03, 0x03, 0x04, - 0x01, 0x02, 0x02, 0x03, 0x02, 0x03, 0x03, 0x04, - 0x02, 0x03, 0x03, 0x04, 0x03, 0x04, 0x04, 0x05, - 0x01, 0x02, 0x02, 0x03, 0x02, 0x03, 0x03, 0x04, - 0x02, 0x03, 0x03, 0x04, 0x03, 0x04, 0x04, 0x05, - 0x02, 0x03, 0x03, 0x04, 0x03, 0x04, 0x04, 0x05, - 0x03, 0x04, 0x04, 0x05, 0x04, 0x05, 0x05, 0x06, - 0x01, 0x02, 0x02, 0x03, 0x02, 0x03, 0x03, 0x04, - 0x02, 0x03, 0x03, 0x04, 0x03, 0x04, 0x04, 0x05, - 0x02, 0x03, 0x03, 0x04, 0x03, 0x04, 0x04, 0x05, - 0x03, 0x04, 0x04, 0x05, 0x04, 0x05, 0x05, 0x06, - 0x02, 0x03, 0x03, 0x04, 0x03, 0x04, 0x04, 0x05, - 0x03, 0x04, 0x04, 0x05, 0x04, 0x05, 0x05, 0x06, - 0x03, 0x04, 0x04, 0x05, 0x04, 0x05, 0x05, 0x06, - 0x04, 0x05, 0x05, 0x06, 0x05, 0x06, 0x06, 0x07, - 0x01, 0x02, 0x02, 0x03, 0x02, 0x03, 0x03, 0x04, - 0x02, 0x03, 0x03, 0x04, 0x03, 0x04, 0x04, 0x05, - 0x02, 0x03, 0x03, 0x04, 0x03, 0x04, 0x04, 0x05, - 0x03, 0x04, 0x04, 0x05, 0x04, 0x05, 0x05, 0x06, - 0x02, 0x03, 0x03, 0x04, 0x03, 0x04, 0x04, 0x05, - 0x03, 0x04, 0x04, 0x05, 0x04, 0x05, 0x05, 0x06, - 0x03, 0x04, 0x04, 0x05, 0x04, 0x05, 0x05, 0x06, - 0x04, 0x05, 0x05, 0x06, 0x05, 0x06, 0x06, 0x07, - 0x02, 0x03, 0x03, 0x04, 0x03, 0x04, 0x04, 0x05, - 0x03, 0x04, 0x04, 0x05, 0x04, 0x05, 0x05, 0x06, - 0x03, 0x04, 0x04, 0x05, 0x04, 0x05, 0x05, 0x06, - 0x04, 0x05, 0x05, 0x06, 0x05, 0x06, 0x06, 0x07, - 0x03, 0x04, 0x04, 0x05, 0x04, 0x05, 0x05, 0x06, - 0x04, 0x05, 0x05, 0x06, 0x05, 0x06, 0x06, 0x07, - 0x04, 0x05, 0x05, 0x06, 0x05, 0x06, 0x06, 0x07, - 0x05, 0x06, 0x06, 0x07, 0x06, 0x07, 0x07, 0x08 -}; -#define BitsInByte(x) bitsInByte[(unsigned char)x] -#else -const BYTE bitsInNibble[16] = { - 0x00, 0x01, 0x01, 0x02, 0x01, 0x02, 0x02, 0x03, - 0x01, 0x02, 0x02, 0x03, 0x02, 0x03, 0x03, 0x04}; -#define BitsInByte(x) \ - (bitsInNibble[(unsigned char)(x) & 0xf] \ - + bitsInNibble[((unsigned char)(x) >> 4) & 0xf]) -#endif - -//*** BitsInArry() -// This function counts the number of bits set in an array of bytes. -static int -BitsInArray( - const unsigned char *a, // IN: A pointer to an array of bytes - unsigned int aSize // IN: the number of bytes to sum - ) -{ - int j = 0; - for(; aSize; a++, aSize--) - j += BitsInByte(*a); - return j; -} - -//*** FindNthSetBit() -// This function finds the nth SET bit in a bit array. The 'n' parameter is -// between 1 and the number of bits in the array (always a multiple of 8). -// If called when the array does not have n bits set, it will return -1 -// Return Type: unsigned int -// <0 no bit is set or no bit with the requested number is set -// >=0 the number of the bit in the array that is the nth set -LIB_EXPORT int -FindNthSetBit( - const UINT16 aSize, // IN: the size of the array to check - const BYTE *a, // IN: the array to check - const UINT32 n // IN, the number of the SET bit - ) -{ - UINT16 i; - int retValue; - UINT32 sum = 0; - BYTE sel; - - //find the bit - for(i = 0; (i < (int)aSize) && (sum < n); i++) - sum += BitsInByte(a[i]); - i--; - // The chosen bit is in the byte that was just accessed - // Compute the offset to the start of that byte - retValue = i * 8 - 1; - sel = a[i]; - // Subtract the bits in the last byte added. - sum -= BitsInByte(sel); - // Now process the byte, one bit at a time. - for(; (sel != 0) && (sum != n); retValue++, sel = sel >> 1) - sum += (sel & 1) != 0; - return (sum == n) ? retValue : -1; -} - -typedef struct -{ - UINT16 prime; - UINT16 count; -} SIEVE_MARKS; - -const SIEVE_MARKS sieveMarks[5] = { - {31, 7}, {73, 5}, {241, 4}, {1621, 3}, {UINT16_MAX, 2}}; - - -//*** PrimeSieve() -// This function does a prime sieve over the input 'field' which has as its -// starting address the value in bnN. Since this initializes the Sieve -// using a precomputed field with the bits associated with 3, 5 and 7 already -// turned off, the value of pnN may need to be adjusted by a few counts to allow -// the precomputed field to be used without modification. -// -// To get better performance, one could address the issue of developing the -// composite numbers. When the size of the prime gets large, the time for doing -// the divisions goes up, noticeably. It could be better to develop larger composite -// numbers even if they need to be bigNum's themselves. The object would be to -// reduce the number of times that the large prime is divided into a few large -// divides and then use smaller divides to get to the final 16 bit (or smaller) -// remainders. -LIB_EXPORT UINT32 -PrimeSieve( - bigNum bnN, // IN/OUT: number to sieve - UINT32 fieldSize, // IN: size of the field area in bytes - BYTE *field // IN: field - ) -{ - UINT32 i; - UINT32 j; - UINT32 fieldBits = fieldSize * 8; - UINT32 r; - BYTE *pField; - INT32 iter; - UINT32 adjust; - UINT32 mark = 0; - UINT32 count = sieveMarks[0].count; - UINT32 stop = sieveMarks[0].prime; - UINT32 composite; - UINT32 pList[8]; - UINT32 next; - - pAssert(field != NULL && bnN != NULL); - - // If the remainder is odd, then subtracting the value will give an even number, - // but we want an odd number, so subtract the 105+rem. Otherwise, just subtract - // the even remainder. - adjust = (UINT32)BnModWord(bnN, 105); - if(adjust & 1) - adjust += 105; - - // Adjust the input number so that it points to the first number in a - // aligned field. - BnSubWord(bnN, bnN, adjust); -// pAssert(BnModWord(bnN, 105) == 0); - pField = field; - for(i = fieldSize; i >= sizeof(seedValues); - pField += sizeof(seedValues), i -= sizeof(seedValues)) - { - memcpy(pField, seedValues, sizeof(seedValues)); - } - if(i != 0) - memcpy(pField, seedValues, i); - - // Cycle through the primes, clearing bits - // Have already done 3, 5, and 7 - iter = 7; - -#define NEXT_PRIME(iter) (iter = RsaNextPrime(iter)) - // Get the next N primes where N is determined by the mark in the sieveMarks - while((composite = NEXT_PRIME(iter)) != 0) - { - next = 0; - i = count; - pList[i--] = composite; - for(; i > 0; i--) - { - next = NEXT_PRIME(iter); - pList[i] = next; - if(next != 0) - composite *= next; - } - // Get the remainder when dividing the base field address - // by the composite - composite = (UINT32)BnModWord(bnN, composite); - // 'composite' is divisible by the composite components. for each of the - // composite components, divide 'composite'. That remainder (r) is used to - // pick a starting point for clearing the array. The stride is equal to the - // composite component. Note, the field only contains odd numbers. If the - // field were expanded to contain all numbers, then half of the bits would - // have already been cleared. We can save the trouble of clearing them a - // second time by having a stride of 2*next. Or we can take all of the even - // numbers out of the field and use a stride of 'next' - for(i = count; i > 0; i--) - { - next = pList[i]; - if(next == 0) - goto done; - r = composite % next; - // these computations deal with the fact that we have picked a field-sized - // range that is aligned to a 105 count boundary. The problem is, this field - // only contains odd numbers. If we take our prime guess and walk through all - // the numbers using that prime as the 'stride', then every other 'stride' is - // going to be an even number. So, we are actually counting by 2 * the stride - // We want the count to start on an odd number at the start of our field. That - // is, we want to assume that we have counted up to the edge of the field by - // the 'stride' and now we are going to start flipping bits in the field as we - // continue to count up by 'stride'. If we take the base of our field and - // divide by the stride, we find out how much we find out how short the last - // count was from reaching the edge of the bit field. Say we get a quotient of - // 3 and remainder of 1. This means that after 3 strides, we are 1 short of - // the start of the field and the next stride will either land within the - // field or step completely over it. The confounding factor is that our field - // only contains odd numbers and our stride is actually 2 * stride. If the - // quoitent is even, then that means that when we add 2 * stride, we are going - // to hit another even number. So, we have to know if we need to back off - // by 1 stride before we start couting by 2 * stride. - // We can tell from the remainder whether we are on an even or odd - // stride when we hit the beginning of the table. If we are on an odd stride - // (r & 1), we would start half a stride in (next - r)/2. If we are on an - // even stride, we need 0.5 strides (next - r/2) because the table only has - // odd numbers. If the remainder happens to be zero, then the start of the - // table is on stride so no adjustment is necessary. - if(r & 1) j = (next - r) / 2; - else if(r == 0) j = 0; - else j = next - (r / 2); - for(; j < fieldBits; j += next) - ClearBit(j, field, fieldSize); - } - if(next >= stop) - { - mark++; - count = sieveMarks[mark].count; - stop = sieveMarks[mark].prime; - } - } -done: - INSTRUMENT_INC(totalFieldsSieved[PrimeIndex]); - i = BitsInArray(field, fieldSize); - INSTRUMENT_ADD(bitsInFieldAfterSieve[PrimeIndex], i); - INSTRUMENT_ADD(emptyFieldsSieved[PrimeIndex], (i == 0)); - return i; -} - - - -#ifdef SIEVE_DEBUG -static uint32_t fieldSize = 210; - -//***SetFieldSize() -// Function to set the field size used for prime generation. Used for tuning. -LIB_EXPORT uint32_t -SetFieldSize( - uint32_t newFieldSize - ) -{ - if(newFieldSize == 0 || newFieldSize > MAX_FIELD_SIZE) - fieldSize = MAX_FIELD_SIZE; - else - fieldSize = newFieldSize; - return fieldSize; -} -#endif // SIEVE_DEBUG - -//*** PrimeSelectWithSieve() -// This function will sieve the field around the input prime candidate. If the -// sieve field is not empty, one of the one bits in the field is chosen for testing -// with Miller-Rabin. If the value is prime, 'pnP' is updated with this value -// and the function returns success. If this value is not prime, another -// pseudo-random candidate is chosen and tested. This process repeats until -// all values in the field have been checked. If all bits in the field have -// been checked and none is prime, the function returns FALSE and a new random -// value needs to be chosen. -// Return Type: TPM_RC -// TPM_RC_FAILURE TPM in failure mode, probably due to entropy source -// TPM_RC_SUCCESS candidate is probably prime -// TPM_RC_NO_RESULT candidate is not prime and couldn't find and alternative -// in the field -LIB_EXPORT TPM_RC -PrimeSelectWithSieve( - bigNum candidate, // IN/OUT: The candidate to filter - UINT32 e, // IN: the exponent - RAND_STATE *rand // IN: the random number generator state - ) -{ - BYTE field[MAX_FIELD_SIZE]; - UINT32 first; - UINT32 ones; - INT32 chosen; - BN_PRIME(test); - UINT32 modE; -#ifndef SIEVE_DEBUG - UINT32 fieldSize = MAX_FIELD_SIZE; -#endif - UINT32 primeSize; -// - // Adjust the field size and prime table list to fit the size of the prime - // being tested. This is done to try to optimize the trade-off between the - // dividing done for sieving and the time for Miller-Rabin. When the size - // of the prime is large, the cost of Miller-Rabin is fairly high, as is the - // cost of the sieving. However, the time for Miller-Rabin goes up considerably - // faster than the cost of dividing by a number of primes. - primeSize = BnSizeInBits(candidate); - - if(primeSize <= 512) - { - RsaAdjustPrimeLimit(1024); // Use just the first 1024 primes - } - else if(primeSize <= 1024) - { - RsaAdjustPrimeLimit(4096); // Use just the first 4K primes - } - else - { - RsaAdjustPrimeLimit(0); // Use all available - } - - // Save the low-order word to use as a search generator and make sure that - // it has some interesting range to it - first = (UINT32)(candidate->d[0] | 0x80000000); - - // Sieve the field - ones = PrimeSieve(candidate, fieldSize, field); - pAssert(ones > 0 && ones < (fieldSize * 8)); - for(; ones > 0; ones--) - { - // Decide which bit to look at and find its offset - chosen = FindNthSetBit((UINT16)fieldSize, field, ((first % ones) + 1)); - - if((chosen < 0) || (chosen >= (INT32)(fieldSize * 8))) - FAIL(FATAL_ERROR_INTERNAL); - - // Set this as the trial prime - BnAddWord(test, candidate, (crypt_uword_t)(chosen * 2)); - - // The exponent might not have been one of the tested primes so - // make sure that it isn't divisible and make sure that 0 != (p-1) mod e - // Note: This is the same as 1 != p mod e - modE = (UINT32)BnModWord(test, e); - if((modE != 0) && (modE != 1) && MillerRabin(test, rand)) - { - BnCopy(candidate, test); - return TPM_RC_SUCCESS; - } - // Clear the bit just tested - ClearBit(chosen, field, fieldSize); - } - // Ran out of bits and couldn't find a prime in this field - INSTRUMENT_INC(noPrimeFields[PrimeIndex]); - return (g_inFailureMode ? TPM_RC_FAILURE : TPM_RC_NO_RESULT); -} - -#if RSA_INSTRUMENT -static char a[256]; - -//*** PrintTuple() -char * -PrintTuple( - UINT32 *i - ) -{ - sprintf(a, "{%d, %d, %d}", i[0], i[1], i[2]); - return a; -} - -#define CLEAR_VALUE(x) memset(x, 0, sizeof(x)) - -//*** RsaSimulationEnd() -void -RsaSimulationEnd( - void - ) -{ - int i; - UINT32 averages[3]; - UINT32 nonFirst = 0; - if((PrimeCounts[0] + PrimeCounts[1] + PrimeCounts[2]) != 0) - { - printf("Primes generated = %s\n", PrintTuple(PrimeCounts)); - printf("Fields sieved = %s\n", PrintTuple(totalFieldsSieved)); - printf("Fields with no primes = %s\n", PrintTuple(noPrimeFields)); - printf("Primes checked with Miller-Rabin = %s\n", - PrintTuple(MillerRabinTrials)); - for(i = 0; i < 3; i++) - averages[i] = (totalFieldsSieved[i] - != 0 ? bitsInFieldAfterSieve[i] / totalFieldsSieved[i] - : 0); - printf("Average candidates in field %s\n", PrintTuple(averages)); - for(i = 1; i < (sizeof(failedAtIteration) / sizeof(failedAtIteration[0])); - i++) - nonFirst += failedAtIteration[i]; - printf("Miller-Rabin failures not in first round = %d\n", nonFirst); - - } - CLEAR_VALUE(PrimeCounts); - CLEAR_VALUE(totalFieldsSieved); - CLEAR_VALUE(noPrimeFields); - CLEAR_VALUE(MillerRabinTrials); - CLEAR_VALUE(bitsInFieldAfterSieve); -} - -//*** GetSieveStats() -LIB_EXPORT void -GetSieveStats( - uint32_t *trials, - uint32_t *emptyFields, - uint32_t *averageBits - ) -{ - uint32_t totalBits; - uint32_t fields; - *trials = MillerRabinTrials[0] + MillerRabinTrials[1] + MillerRabinTrials[2]; - *emptyFields = noPrimeFields[0] + noPrimeFields[1] + noPrimeFields[2]; - fields = totalFieldsSieved[0] + totalFieldsSieved[1] - + totalFieldsSieved[2]; - totalBits = bitsInFieldAfterSieve[0] + bitsInFieldAfterSieve[1] - + bitsInFieldAfterSieve[2]; - if(fields != 0) - *averageBits = totalBits / fields; - else - *averageBits = 0; - CLEAR_VALUE(PrimeCounts); - CLEAR_VALUE(totalFieldsSieved); - CLEAR_VALUE(noPrimeFields); - CLEAR_VALUE(MillerRabinTrials); - CLEAR_VALUE(bitsInFieldAfterSieve); - -} -#endif - -#endif // RSA_KEY_SIEVE - -#if !RSA_INSTRUMENT - -//*** RsaSimulationEnd() -// Stub for call when not doing instrumentation. -void -RsaSimulationEnd( - void - ) -{ - return; -} -#endif \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptRand.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptRand.c deleted file mode 100644 index c41eb41af..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptRand.c +++ /dev/null @@ -1,950 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Introduction -// This file implements a DRBG with a behavior according to SP800-90A using -// a block cypher. This is also compliant to ISO/IEC 18031:2011(E) C.3.2. -// -// A state structure is created for use by TPM.lib and functions -// within the CryptoEngine my use their own state structures when they need to have -// deterministic values. -// -// A debug mode is available that allows the random numbers generated for TPM.lib -// to be repeated during runs of the simulator. The switch for it is in -// TpmBuildSwitches.h. It is USE_DEBUG_RNG. -// -// -// This is the implementation layer of CTR DRGB mechanism as defined in SP800-90A -// and the functions are organized as closely as practical to the organization in -// SP800-90A. It is intended to be compiled as a separate module that is linked -// with a secure application so that both reside inside the same boundary -// [SP 800-90A 8.5]. The secure application in particular manages the accesses -// protected storage for the state of the DRBG instantiations, and supplies the -// implementation functions here with a valid pointer to the working state of the -// given instantiations (as a DRBG_STATE structure). -// -// This DRBG mechanism implementation does not support prediction resistance. Thus -// 'prediction_resistance_flag' is omitted from Instantiate_function(), -// Reseed_function(), Generate_function() argument lists [SP 800-90A 9.1, 9.2, -// 9.3], as well as from the working state data structure DRBG_STATE [SP 800-90A -// 9.1]. -// -// This DRBG mechanism implementation always uses the highest security strength of -// available in the block ciphers. Thus 'requested_security_strength' parameter is -// omitted from Instantiate_function() and Generate_function() argument lists -// [SP 800-90A 9.1, 9.2, 9.3], as well as from the working state data structure -// DRBG_STATE [SP 800-90A 9.1]. -// -// Internal functions (ones without Crypt prefix) expect validated arguments and -// therefore use assertions instead of runtime parameter checks and mostly return -// void instead of a status value. - -#include "Tpm.h" - -// Pull in the test vector definitions and define the space -#include "PRNG_TestVectors.h" - -const BYTE DRBG_NistTestVector_Entropy[] = {DRBG_TEST_INITIATE_ENTROPY}; -const BYTE DRBG_NistTestVector_GeneratedInterm[] = - {DRBG_TEST_GENERATED_INTERM}; - -const BYTE DRBG_NistTestVector_EntropyReseed[] = - {DRBG_TEST_RESEED_ENTROPY}; -const BYTE DRBG_NistTestVector_Generated[] = {DRBG_TEST_GENERATED}; - -//** Derivation Functions -//*** Description -// The functions in this section are used to reduce the personalization input values -// to make them usable as input for reseeding and instantiation. The overall -// behavior is intended to produce the same results as described in SP800-90A, -// section 10.4.2 "Derivation Function Using a Block Cipher Algorithm -// (Block_Cipher_df)." The code is broken into several subroutines to deal with the -// fact that the data used for personalization may come in several separate blocks -// such as a Template hash and a proof value and a primary seed. - -//*** Derivation Function Defines and Structures - -#define DF_COUNT (DRBG_KEY_SIZE_WORDS / DRBG_IV_SIZE_WORDS + 1) -#if DRBG_KEY_SIZE_BITS != 128 && DRBG_KEY_SIZE_BITS != 256 -# error "CryptRand.c only written for AES with 128- or 256-bit keys." -#endif - -typedef struct -{ - DRBG_KEY_SCHEDULE keySchedule; - DRBG_IV iv[DF_COUNT]; - DRBG_IV out1; - DRBG_IV buf; - int contents; -} DF_STATE, *PDF_STATE; - -//*** DfCompute() -// This function does the incremental update of the derivation function state. It -// encrypts the 'iv' value and XOR's the results into each of the blocks of the -// output. This is equivalent to processing all of input data for each output block. -static void -DfCompute( - PDF_STATE dfState - ) -{ - int i; - int iv; - crypt_uword_t *pIv; - crypt_uword_t temp[DRBG_IV_SIZE_WORDS] = {0}; -// - for(iv = 0; iv < DF_COUNT; iv++) - { - pIv = (crypt_uword_t *)&dfState->iv[iv].words[0]; - for(i = 0; i < DRBG_IV_SIZE_WORDS; i++) - { - temp[i] ^= pIv[i] ^ dfState->buf.words[i]; - } - DRBG_ENCRYPT(&dfState->keySchedule, &temp, pIv); - } - for(i = 0; i < DRBG_IV_SIZE_WORDS; i++) - dfState->buf.words[i] = 0; - dfState->contents = 0; -} - -//*** DfStart() -// This initializes the output blocks with an encrypted counter value and -// initializes the key schedule. -static void -DfStart( - PDF_STATE dfState, - uint32_t inputLength - ) -{ - BYTE init[8]; - int i; - UINT32 drbgSeedSize = sizeof(DRBG_SEED); - - const BYTE dfKey[DRBG_KEY_SIZE_BYTES] = { - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f - #if DRBG_KEY_SIZE_BYTES > 16 - ,0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, - 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f - #endif - }; - memset(dfState, 0, sizeof(DF_STATE)); - DRBG_ENCRYPT_SETUP(&dfKey[0], DRBG_KEY_SIZE_BITS, &dfState->keySchedule); - // Create the first chaining values - for(i = 0; i < DF_COUNT; i++) - ((BYTE *)&dfState->iv[i])[3] = (BYTE)i; - DfCompute(dfState); - // initialize the first 64 bits of the IV in a way that doesn't depend - // on the size of the words used. - UINT32_TO_BYTE_ARRAY(inputLength, init); - UINT32_TO_BYTE_ARRAY(drbgSeedSize, &init[4]); - memcpy(&dfState->iv[0], init, 8); - dfState->contents = 4; -} - -//*** DfUpdate() -// This updates the state with the input data. A byte at a time is moved into the -// state buffer until it is full and then that block is encrypted by DfCompute(). -static void -DfUpdate( - PDF_STATE dfState, - int size, - const BYTE *data - ) -{ - while(size > 0) - { - int toFill = DRBG_IV_SIZE_BYTES - dfState->contents; - if(size < toFill) - toFill = size; - // Copy as many bytes as there are or until the state buffer is full - memcpy(&dfState->buf.bytes[dfState->contents], data, toFill); - // Reduce the size left by the amount copied - size -= toFill; - // Advance the data pointer by the amount copied - data += toFill; - // increase the buffer contents count by the amount copied - dfState->contents += toFill; - pAssert(dfState->contents <= DRBG_IV_SIZE_BYTES); - // If we have a full buffer, do a computation pass. - if(dfState->contents == DRBG_IV_SIZE_BYTES) - DfCompute(dfState); - } -} - -//*** DfEnd() -// This function is called to get the result of the derivation function computation. -// If the buffer is not full, it is padded with zeros. The output buffer is -// structured to be the same as a DRBG_SEED value so that the function can return -// a pointer to the DRBG_SEED value in the DF_STATE structure. -static DRBG_SEED * -DfEnd( - PDF_STATE dfState - ) -{ - // Since DfCompute is always called when a buffer is full, there is always - // space in the buffer for the terminator - dfState->buf.bytes[dfState->contents++] = 0x80; - // If the buffer is not full, pad with zeros - while(dfState->contents < DRBG_IV_SIZE_BYTES) - dfState->buf.bytes[dfState->contents++] = 0; - // Do a final state update - DfCompute(dfState); - return (DRBG_SEED *)&dfState->iv; -} - -//*** DfBuffer() -// Function to take an input buffer and do the derivation function to produce a -// DRBG_SEED value that can be used in DRBG_Reseed(); -static DRBG_SEED * -DfBuffer( - DRBG_SEED *output, // OUT: receives the result - int size, // IN: size of the buffer to add - BYTE *buf // IN: address of the buffer - ) -{ - DF_STATE dfState; - if(size == 0 || buf == NULL) - return NULL; - // Initialize the derivation function - DfStart(&dfState, size); - DfUpdate(&dfState, size, buf); - DfEnd(&dfState); - memcpy(output, &dfState.iv[0], sizeof(DRBG_SEED)); - return output; -} - -//*** DRBG_GetEntropy() -// Even though this implementation never fails, it may get blocked -// indefinitely long in the call to get entropy from the platform -// (DRBG_GetEntropy32()). -// This function is only used during instantiation of the DRBG for -// manufacturing and on each start-up after an non-orderly shutdown. -// Return Type: BOOL -// TRUE(1) requested entropy returned -// FALSE(0) entropy Failure -BOOL -DRBG_GetEntropy( - UINT32 requiredEntropy, // IN: requested number of bytes of full - // entropy - BYTE *entropy // OUT: buffer to return collected entropy - ) -{ -#if !USE_DEBUG_RNG - - UINT32 obtainedEntropy; - INT32 returnedEntropy; - -// If in debug mode, always use the self-test values for initialization - if(IsSelfTest()) - { -#endif - // If doing simulated DRBG, then check to see if the - // entropyFailure condition is being tested - if(!IsEntropyBad()) - { - // In self-test, the caller should be asking for exactly the seed - // size of entropy. - pAssert(requiredEntropy == sizeof(DRBG_NistTestVector_Entropy)); - memcpy(entropy, DRBG_NistTestVector_Entropy, - sizeof(DRBG_NistTestVector_Entropy)); - } -#if !USE_DEBUG_RNG - } - else if(!IsEntropyBad()) - { - // Collect entropy - // Note: In debug mode, the only "entropy" value ever returned - // is the value of the self-test vector. - for(returnedEntropy = 1, obtainedEntropy = 0; - obtainedEntropy < requiredEntropy && !IsEntropyBad(); - obtainedEntropy += returnedEntropy) - { - returnedEntropy = _plat__GetEntropy(&entropy[obtainedEntropy], - requiredEntropy - obtainedEntropy); - if(returnedEntropy <= 0) - SetEntropyBad(); - } - } -#endif - return !IsEntropyBad(); -} - -//*** IncrementIv() -// This function increments the IV value by 1. It is used by EncryptDRBG(). -void -IncrementIv( - DRBG_IV *iv - ) -{ - BYTE *ivP = ((BYTE *)iv) + DRBG_IV_SIZE_BYTES; - while((--ivP >= (BYTE *)iv) && ((*ivP = ((*ivP + 1) & 0xFF)) == 0)); -} - -//*** EncryptDRBG() -// This does the encryption operation for the DRBG. It will encrypt -// the input state counter (IV) using the state key. Into the output -// buffer for as many times as it takes to generate the required -// number of bytes. -static BOOL -EncryptDRBG( - BYTE *dOut, - UINT32 dOutBytes, - DRBG_KEY_SCHEDULE *keySchedule, - DRBG_IV *iv, - UINT32 *lastValue // Points to the last output value - ) -{ -#if FIPS_COMPLIANT -// For FIPS compliance, the DRBG has to do a continuous self-test to make sure that -// no two consecutive values are the same. This overhead is not incurred if the TPM -// is not required to be FIPS compliant -// - UINT32 temp[DRBG_IV_SIZE_BYTES / sizeof(UINT32)]; - int i; - BYTE *p; - - for(; dOutBytes > 0;) - { - // Increment the IV before each encryption (this is what makes this - // different from normal counter-mode encryption - IncrementIv(iv); - DRBG_ENCRYPT(keySchedule, iv, temp); -// Expect a 16 byte block -#if DRBG_IV_SIZE_BITS != 128 -#error "Unsuppored IV size in DRBG" -#endif - if((lastValue[0] == temp[0]) - && (lastValue[1] == temp[1]) - && (lastValue[2] == temp[2]) - && (lastValue[3] == temp[3]) - ) - { - LOG_FAILURE(FATAL_ERROR_ENTROPY); - return FALSE; - } - lastValue[0] = temp[0]; - lastValue[1] = temp[1]; - lastValue[2] = temp[2]; - lastValue[3] = temp[3]; - i = MIN(dOutBytes, DRBG_IV_SIZE_BYTES); - dOutBytes -= i; - for(p = (BYTE *)temp; i > 0; i--) - *dOut++ = *p++; - } -#else // version without continuous self-test - NOT_REFERENCED(lastValue); - for(; dOutBytes >= DRBG_IV_SIZE_BYTES; - dOut = &dOut[DRBG_IV_SIZE_BYTES], dOutBytes -= DRBG_IV_SIZE_BYTES) - { - // Increment the IV - IncrementIv(iv); - DRBG_ENCRYPT(keySchedule, iv, dOut); - } - // If there is a partial, generate into a block-sized - // temp buffer and copy to the output. - if(dOutBytes != 0) - { - BYTE temp[DRBG_IV_SIZE_BYTES]; - // Increment the IV - IncrementIv(iv); - DRBG_ENCRYPT(keySchedule, iv, temp); - memcpy(dOut, temp, dOutBytes); - } -#endif - return TRUE; -} - -//*** DRBG_Update() -// This function performs the state update function. -// According to SP800-90A, a temp value is created by doing CTR mode -// encryption of 'providedData' and replacing the key and IV with -// these values. The one difference is that, with counter mode, the -// IV is incremented after each block is encrypted and in this -// operation, the counter is incremented before each block is -// encrypted. This function implements an 'optimized' version -// of the algorithm in that it does the update of the drbgState->seed -// in place and then 'providedData' is XORed into drbgState->seed -// to complete the encryption of 'providedData'. This works because -// the IV is the last thing that gets encrypted. -// -static BOOL -DRBG_Update( - DRBG_STATE *drbgState, // IN:OUT state to update - DRBG_KEY_SCHEDULE *keySchedule, // IN: the key schedule (optional) - DRBG_SEED *providedData // IN: additional data - ) -{ - UINT32 i; - BYTE *temp = (BYTE *)&drbgState->seed; - DRBG_KEY *key = pDRBG_KEY(&drbgState->seed); - DRBG_IV *iv = pDRBG_IV(&drbgState->seed); - DRBG_KEY_SCHEDULE localKeySchedule; -// - pAssert(drbgState->magic == DRBG_MAGIC); - - // If an key schedule was not provided, make one - if(keySchedule == NULL) - { - if(DRBG_ENCRYPT_SETUP((BYTE *)key, - DRBG_KEY_SIZE_BITS, &localKeySchedule) != 0) - { - LOG_FAILURE(FATAL_ERROR_INTERNAL); - return FALSE; - } - keySchedule = &localKeySchedule; - } - // Encrypt the temp value - - EncryptDRBG(temp, sizeof(DRBG_SEED), keySchedule, iv, - drbgState->lastValue); - if(providedData != NULL) - { - BYTE *pP = (BYTE *)providedData; - for(i = DRBG_SEED_SIZE_BYTES; i != 0; i--) - *temp++ ^= *pP++; - } - // Since temp points to the input key and IV, we are done and - // don't need to copy the resulting 'temp' to drbgState->seed - return TRUE; -} - -//*** DRBG_Reseed() -// This function is used when reseeding of the DRBG is required. If -// entropy is provided, it is used in lieu of using hardware entropy. -// Note: the provided entropy must be the required size. -// Return Type: BOOL -// TRUE(1) reseed succeeded -// FALSE(0) reseed failed, probably due to the entropy generation -BOOL -DRBG_Reseed( - DRBG_STATE *drbgState, // IN: the state to update - DRBG_SEED *providedEntropy, // IN: entropy - DRBG_SEED *additionalData // IN: - ) -{ - DRBG_SEED seed; - - pAssert((drbgState != NULL) && (drbgState->magic == DRBG_MAGIC)); - - if(providedEntropy == NULL) - { - providedEntropy = &seed; - if(!DRBG_GetEntropy(sizeof(DRBG_SEED), (BYTE *)providedEntropy)) - return FALSE; - } - if(additionalData != NULL) - { - unsigned int i; - - // XOR the provided data into the provided entropy - for(i = 0; i < sizeof(DRBG_SEED); i++) - ((BYTE *)providedEntropy)[i] ^= ((BYTE *)additionalData)[i]; - } - DRBG_Update(drbgState, NULL, providedEntropy); - - drbgState->reseedCounter = 1; - - return TRUE; -} - -//*** DRBG_SelfTest() -// This is run when the DRBG is instantiated and at startup -// Return Type: BOOL -// TRUE(1) test OK -// FALSE(0) test failed -BOOL -DRBG_SelfTest( - void - ) -{ - BYTE buf[sizeof(DRBG_NistTestVector_Generated)]; - DRBG_SEED seed; - UINT32 i; - BYTE *p; - DRBG_STATE testState; -// - pAssert(!IsSelfTest()); - - SetSelfTest(); - SetDrbgTested(); - // Do an instantiate - if(!DRBG_Instantiate(&testState, 0, NULL)) - return FALSE; -#if DRBG_DEBUG_PRINT - dbgDumpMemBlock(pDRBG_KEY(&testState), DRBG_KEY_SIZE_BYTES, - "Key after Instantiate"); - dbgDumpMemBlock(pDRBG_IV(&testState), DRBG_IV_SIZE_BYTES, - "Value after Instantiate"); -#endif - if(DRBG_Generate((RAND_STATE *)&testState, buf, sizeof(buf)) == 0) - return FALSE; -#if DRBG_DEBUG_PRINT - dbgDumpMemBlock(pDRBG_KEY(&testState.seed), DRBG_KEY_SIZE_BYTES, - "Key after 1st Generate"); - dbgDumpMemBlock(pDRBG_IV(&testState.seed), DRBG_IV_SIZE_BYTES, - "Value after 1st Generate"); -#endif - if(memcmp(buf, DRBG_NistTestVector_GeneratedInterm, sizeof(buf)) != 0) - return FALSE; - memcpy(seed.bytes, DRBG_NistTestVector_EntropyReseed, sizeof(seed)); - DRBG_Reseed(&testState, &seed, NULL); -#if DRBG_DEBUG_PRINT - dbgDumpMemBlock((BYTE *)pDRBG_KEY(&testState.seed), DRBG_KEY_SIZE_BYTES, - "Key after 2nd Generate"); - dbgDumpMemBlock((BYTE *)pDRBG_IV(&testState.seed), DRBG_IV_SIZE_BYTES, - "Value after 2nd Generate"); - dbgDumpMemBlock(buf, sizeof(buf), "2nd Generated"); -#endif - if(DRBG_Generate((RAND_STATE *)&testState, buf, sizeof(buf)) == 0) - return FALSE; - if(memcmp(buf, DRBG_NistTestVector_Generated, sizeof(buf)) != 0) - return FALSE; - ClearSelfTest(); - - DRBG_Uninstantiate(&testState); - for(p = (BYTE *)&testState, i = 0; i < sizeof(DRBG_STATE); i++) - { - if(*p++) - return FALSE; - } - // Simulate hardware failure to make sure that we get an error when - // trying to instantiate - SetEntropyBad(); - if(DRBG_Instantiate(&testState, 0, NULL)) - return FALSE; - ClearEntropyBad(); - - return TRUE; -} - -//** Public Interface -//*** Description -// The functions in this section are the interface to the RNG. These -// are the functions that are used by TPM.lib. - -//*** CryptRandomStir() -// This function is used to cause a reseed. A DRBG_SEED amount of entropy is -// collected from the hardware and then additional data is added. -// Return Type: TPM_RC -// TPM_RC_NO_RESULT failure of the entropy generator -LIB_EXPORT TPM_RC -CryptRandomStir( - UINT16 additionalDataSize, - BYTE *additionalData - ) -{ -#if !USE_DEBUG_RNG - DRBG_SEED tmpBuf; - DRBG_SEED dfResult; -// - // All reseed with outside data starts with a buffer full of entropy - if(!DRBG_GetEntropy(sizeof(tmpBuf), (BYTE *)&tmpBuf)) - return TPM_RC_NO_RESULT; - - DRBG_Reseed(&drbgDefault, &tmpBuf, - DfBuffer(&dfResult, additionalDataSize, additionalData)); - drbgDefault.reseedCounter = 1; - - return TPM_RC_SUCCESS; - -#else - // If doing debug, use the input data as the initial setting for the RNG state - // so that the test can be reset at any time. - // Note: If this is called with a data size of 0 or less, nothing happens. The - // presumption is that, in a debug environment, the caller will have specific - // values for initialization, so this check is just a simple way to prevent - // inadvertent programming errors from screwing things up. This doesn't use an - // pAssert() because the non-debug version of this function will accept these - // parameters as meaning that there is no additionalData and only hardware - // entropy is used. - if((additionalDataSize > 0) && (additionalData != NULL)) - { - memset(drbgDefault.seed.bytes, 0, sizeof(drbgDefault.seed.bytes)); - memcpy(drbgDefault.seed.bytes, additionalData, - MIN(additionalDataSize, sizeof(drbgDefault.seed.bytes))); - } - drbgDefault.reseedCounter = 1; - - return TPM_RC_SUCCESS; -#endif -} - -//*** CryptRandomGenerate() -// Generate a 'randomSize' number or random bytes. -LIB_EXPORT UINT16 -CryptRandomGenerate( - UINT16 randomSize, - BYTE *buffer - ) -{ - return DRBG_Generate((RAND_STATE *)&drbgDefault, buffer, randomSize); -} - - - -//*** DRBG_InstantiateSeededKdf() -// This function is used to instantiate a KDF-based RNG. This is used for derivations. -// This function always returns TRUE. -LIB_EXPORT BOOL -DRBG_InstantiateSeededKdf( - KDF_STATE *state, // OUT: buffer to hold the state - TPM_ALG_ID hashAlg, // IN: hash algorithm - TPM_ALG_ID kdf, // IN: the KDF to use - TPM2B *seed, // IN: the seed to use - const TPM2B *label, // IN: a label for the generation process. - TPM2B *context, // IN: the context value - UINT32 limit // IN: Maximum number of bits from the KDF - ) -{ - state->magic = KDF_MAGIC; - state->limit = limit; - state->seed = seed; - state->hash = hashAlg; - state->kdf = kdf; - state->label = label; - state->context = context; - state->digestSize = CryptHashGetDigestSize(hashAlg); - state->counter = 0; - state->residual.t.size = 0; - return TRUE; -} - -//*** DRBG_AdditionalData() -// Function to reseed the DRBG with additional entropy. This is normally called -// before computing the protection value of a primary key in the Endorsement -// hierarchy. -LIB_EXPORT void -DRBG_AdditionalData( - DRBG_STATE *drbgState, // IN:OUT state to update - TPM2B *additionalData // IN: value to incorporate - ) -{ - DRBG_SEED dfResult; - if(drbgState->magic == DRBG_MAGIC) - { - DfBuffer(&dfResult, additionalData->size, additionalData->buffer); - DRBG_Reseed(drbgState, &dfResult, NULL); - } -} - - -//*** DRBG_InstantiateSeeded() -// This function is used to instantiate a random number generator from seed values. -// The nominal use of this generator is to create sequences of pseudo-random -// numbers from a seed value. -// Return Type: TPM_RC -// TPM_RC_FAILURE DRBG self-test failure -LIB_EXPORT TPM_RC -DRBG_InstantiateSeeded( - DRBG_STATE *drbgState, // IN/OUT: buffer to hold the state - const TPM2B *seed, // IN: the seed to use - const TPM2B *purpose, // IN: a label for the generation process. - const TPM2B *name, // IN: name of the object - const TPM2B *additional // IN: additional data - ) -{ - DF_STATE dfState; - int totalInputSize; - // DRBG should have been tested, but... - if(!IsDrbgTested() && !DRBG_SelfTest()) - { - LOG_FAILURE(FATAL_ERROR_SELF_TEST); - return TPM_RC_FAILURE; - } - // Initialize the DRBG state - memset(drbgState, 0, sizeof(DRBG_STATE)); - drbgState->magic = DRBG_MAGIC; - - // Size all of the values - totalInputSize = (seed != NULL) ? seed->size : 0; - totalInputSize += (purpose != NULL) ? purpose->size : 0; - totalInputSize += (name != NULL) ? name->size : 0; - totalInputSize += (additional != NULL) ? additional->size : 0; - - // Initialize the derivation - DfStart(&dfState, totalInputSize); - - // Run all the input strings through the derivation function - if(seed != NULL) - DfUpdate(&dfState, seed->size, seed->buffer); - if(purpose != NULL) - DfUpdate(&dfState, purpose->size, purpose->buffer); - if(name != NULL) - DfUpdate(&dfState, name->size, name->buffer); - if(additional != NULL) - DfUpdate(&dfState, additional->size, additional->buffer); - - // Used the derivation function output as the "entropy" input. This is not - // how it is described in SP800-90A but this is the equivalent function - DRBG_Reseed(((DRBG_STATE *)drbgState), DfEnd(&dfState), NULL); - - return TPM_RC_SUCCESS; -} - -//*** CryptRandStartup() -// This function is called when TPM_Startup is executed. This function always returns -// TRUE. -LIB_EXPORT BOOL -CryptRandStartup( - void - ) -{ -#if ! _DRBG_STATE_SAVE - // If not saved in NV, re-instantiate on each startup - DRBG_Instantiate(&drbgDefault, 0, NULL); -#else - // If the running state is saved in NV, NV has to be loaded before it can - // be updated - if(go.drbgState.magic == DRBG_MAGIC) - DRBG_Reseed(&go.drbgState, NULL, NULL); - else - DRBG_Instantiate(&go.drbgState, 0, NULL); -#endif - return TRUE; -} - -//**** CryptRandInit() -// This function is called when _TPM_Init is being processed. -// Return Type: BOOL -// TRUE(1) success -// FALSE(0) failure -LIB_EXPORT BOOL -CryptRandInit( - void - ) -{ -#if !USE_DEBUG_RNG - _plat__GetEntropy(NULL, 0); -#endif - return DRBG_SelfTest(); -} - -//*** DRBG_Generate() -// This function generates a random sequence according SP800-90A. -// If 'random' is not NULL, then 'randomSize' bytes of random values are generated. -// If 'random' is NULL or 'randomSize' is zero, then the function returns -// zero without generating any bits or updating the reseed counter. -// This function returns the number of bytes produced which could be less than the -// number requested if the request is too large ("too large" is implementation -// dependent.) -LIB_EXPORT UINT16 -DRBG_Generate( - RAND_STATE *state, - BYTE *random, // OUT: buffer to receive the random values - UINT16 randomSize // IN: the number of bytes to generate - ) -{ - if(state == NULL) - state = (RAND_STATE *)&drbgDefault; - if(random == NULL) - return 0; - - // If the caller used a KDF state, generate a sequence from the KDF not to - // exceed the limit. - if(state->kdf.magic == KDF_MAGIC) - { - KDF_STATE *kdf = (KDF_STATE *)state; - UINT32 counter = (UINT32)kdf->counter; - INT32 bytesLeft = randomSize; -// - // If the number of bytes to be returned would put the generator - // over the limit, then return 0 - if((((kdf->counter * kdf->digestSize) + randomSize) * 8) > kdf->limit) - return 0; - // Process partial and full blocks until all requested bytes provided - while(bytesLeft > 0) - { - // If there is any residual data in the buffer, copy it to the output - // buffer - if(kdf->residual.t.size > 0) - { - INT32 size; -// - // Don't use more of the residual than will fit or more than are - // available - size = MIN(kdf->residual.t.size, bytesLeft); - - // Copy some or all of the residual to the output. The residual is - // at the end of the buffer. The residual might be a full buffer. - MemoryCopy(random, - &kdf->residual.t.buffer - [kdf->digestSize - kdf->residual.t.size], size); - - // Advance the buffer pointer - random += size; - - // Reduce the number of bytes left to get - bytesLeft -= size; - - // And reduce the residual size appropriately - kdf->residual.t.size -= (UINT16)size; - } - else - { - UINT16 blocks = (UINT16)(bytesLeft / kdf->digestSize); -// - // Get the number of required full blocks - if(blocks > 0) - { - UINT16 size = blocks * kdf->digestSize; -// Get some number of full blocks and put them in the return buffer - CryptKDFa(kdf->hash, kdf->seed, kdf->label, kdf->context, NULL, - kdf->limit, random, &counter, blocks); - - // reduce the size remaining to be moved and advance the pointer - bytesLeft -= size; - random += size; - } - else - { - // Fill the residual buffer with a full block and then loop to - // top to get part of it copied to the output. - kdf->residual.t.size = CryptKDFa(kdf->hash, kdf->seed, - kdf->label, kdf->context, NULL, - kdf->limit, - kdf->residual.t.buffer, - &counter, 1); - } - } - } - kdf->counter = counter; - return randomSize; - } - else if(state->drbg.magic == DRBG_MAGIC) - { - DRBG_STATE *drbgState = (DRBG_STATE *)state; - DRBG_KEY_SCHEDULE keySchedule; - DRBG_SEED *seed = &drbgState->seed; - - if(drbgState->reseedCounter >= CTR_DRBG_MAX_REQUESTS_PER_RESEED) - { - if(drbgState == &drbgDefault) - { - DRBG_Reseed(drbgState, NULL, NULL); - if(IsEntropyBad() && !IsSelfTest()) - return 0; - } - else - { - // If this is a PRNG then the only way to get - // here is if the SW has run away. - LOG_FAILURE(FATAL_ERROR_INTERNAL); - return 0; - } - } - // if the allowed number of bytes in a request is larger than the - // less than the number of bytes that can be requested, then check -#if UINT16_MAX >= CTR_DRBG_MAX_BYTES_PER_REQUEST - if(randomSize > CTR_DRBG_MAX_BYTES_PER_REQUEST) - randomSize = CTR_DRBG_MAX_BYTES_PER_REQUEST; -#endif - // Create encryption schedule - if(DRBG_ENCRYPT_SETUP((BYTE *)pDRBG_KEY(seed), - DRBG_KEY_SIZE_BITS, &keySchedule) != 0) - { - LOG_FAILURE(FATAL_ERROR_INTERNAL); - return 0; - } - // Generate the random data - EncryptDRBG(random, randomSize, &keySchedule, pDRBG_IV(seed), - drbgState->lastValue); - // Do a key update - DRBG_Update(drbgState, &keySchedule, NULL); - - // Increment the reseed counter - drbgState->reseedCounter += 1; - } - else - { - LOG_FAILURE(FATAL_ERROR_INTERNAL); - return FALSE; - } - return randomSize; -} - -//*** DRBG_Instantiate() -// This is CTR_DRBG_Instantiate_algorithm() from [SP 800-90A 10.2.1.3.1]. -// This is called when a the TPM DRBG is to be instantiated. This is -// called to instantiate a DRBG used by the TPM for normal -// operations. -// Return Type: BOOL -// TRUE(1) instantiation succeeded -// FALSE(0) instantiation failed -LIB_EXPORT BOOL -DRBG_Instantiate( - DRBG_STATE *drbgState, // OUT: the instantiated value - UINT16 pSize, // IN: Size of personalization string - BYTE *personalization // IN: The personalization string - ) -{ - DRBG_SEED seed; - DRBG_SEED dfResult; -// - pAssert((pSize == 0) || (pSize <= sizeof(seed)) || (personalization != NULL)); - // If the DRBG has not been tested, test when doing an instantiation. Since - // Instantiation is called during self test, make sure we don't get stuck in a - // loop. - if(!IsDrbgTested() && !IsSelfTest() && !DRBG_SelfTest()) - return FALSE; - // If doing a self test, DRBG_GetEntropy will return the NIST - // test vector value. - if(!DRBG_GetEntropy(sizeof(seed), (BYTE *)&seed)) - return FALSE; - // set everything to zero - memset(drbgState, 0, sizeof(DRBG_STATE)); - drbgState->magic = DRBG_MAGIC; - - // Steps 1, 2, 3, 6, 7 of SP 800-90A 10.2.1.3.1 are exactly what - // reseeding does. So, do a reduction on the personalization value (if any) - // and do a reseed. - DRBG_Reseed(drbgState, &seed, DfBuffer(&dfResult, pSize, personalization)); - - return TRUE; -} - -//*** DRBG_Uninstantiate() -// This is Uninstantiate_function() from [SP 800-90A 9.4]. -// -// Return Type: TPM_RC -// TPM_RC_VALUE not a valid state -LIB_EXPORT TPM_RC -DRBG_Uninstantiate( - DRBG_STATE *drbgState // IN/OUT: working state to erase - ) -{ - if((drbgState == NULL) || (drbgState->magic != DRBG_MAGIC)) - return TPM_RC_VALUE; - memset(drbgState, 0, sizeof(DRBG_STATE)); - return TPM_RC_SUCCESS; -} diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptRsa.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptRsa.c deleted file mode 100644 index dc0ceed57..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptRsa.c +++ /dev/null @@ -1,1489 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Introduction -// -// This file contains implementation of cryptographic primitives for RSA. -// Vendors may replace the implementation in this file with their own library -// functions. - -//** Includes -// Need this define to get the 'private' defines for this function -#define CRYPT_RSA_C -#include "Tpm.h" - -#if ALG_RSA - -//** Obligatory Initialization Functions - -//*** CryptRsaInit() -// Function called at _TPM_Init(). -BOOL -CryptRsaInit( - void - ) -{ - return TRUE; -} - -//*** CryptRsaStartup() -// Function called at TPM2_Startup() -BOOL -CryptRsaStartup( - void - ) -{ - return TRUE; -} - -//** Internal Functions - -//*** RsaInitializeExponent() -// This function initializes the bignum data structure that holds the private -// exponent. This function returns the pointer to the private exponent value so that -// it can be used in an initializer for a data declaration. -static privateExponent * -RsaInitializeExponent( - privateExponent *Z - ) -{ - bigNum *bn = (bigNum *)&Z->P; - int i; -// - for(i = 0; i < 5; i++) - { - bn[i] = (bigNum)&Z->entries[i]; - BnInit(bn[i], BYTES_TO_CRYPT_WORDS(sizeof(Z->entries[0].d))); - } - return Z; -} - -//*** MakePgreaterThanQ() -// This function swaps the pointers for P and Q if Q happens to be larger than Q. -static void -MakePgreaterThanQ( - privateExponent *Z -) -{ - if(BnUnsignedCmp(Z->P, Z->Q) < 0) - { - bigNum bnT = Z->P; - Z->P = Z->Q; - Z->Q = bnT; - } -} - -//*** PackExponent() -// This function takes the bignum private exponent and converts it into TPM2B form. -// In this form, the size field contains the overall size of the packed data. The -// buffer contains 5, equal sized values in P, Q, dP, dQ, qInv order. For example, if -// a key has a 2Kb public key, then the packed private key will contain 5, 1Kb values. -// This form makes it relatively easy to load and save the values without changing -// the normal unmarshaling to do anything more than allow a larger TPM2B for the -// private key. Also, when exporting the value, all that is needed is to change the -// size field of the private key in order to save just the P value. -// Return Type: BOOL -// TRUE(1) success -// FALSE(0) failure // The data is too big to fit -static BOOL -PackExponent( - TPM2B_PRIVATE_KEY_RSA *packed, - privateExponent *Z -) -{ - int i; - UINT16 primeSize = (UINT16)BITS_TO_BYTES(BnMsb(Z->P)); - UINT16 pS = primeSize; -// - pAssert((primeSize * 5) <= sizeof(packed->t.buffer)); - packed->t.size = (primeSize * 5) + RSA_prime_flag; - for(i = 0; i < 5; i++) - if(!BnToBytes((bigNum)&Z->entries[i], &packed->t.buffer[primeSize * i], &pS)) - return FALSE; - if(pS != primeSize) - return FALSE; - return TRUE; -} - -//*** UnpackExponent() -// This function unpacks the private exponent from its TPM2B form into its bignum -// form. -// Return Type: BOOL -// TRUE(1) success -// FALSE(0) TPM2B is not the correct size -static BOOL -UnpackExponent( - TPM2B_PRIVATE_KEY_RSA *b, - privateExponent *Z -) -{ - UINT16 primeSize = b->t.size & ~RSA_prime_flag; - int i; - bigNum *bn = &Z->P; -// - VERIFY(b->t.size & RSA_prime_flag); - RsaInitializeExponent(Z); - VERIFY((primeSize % 5) == 0); - primeSize /= 5; - for(i = 0; i < 5; i++) - VERIFY(BnFromBytes(bn[i], &b->t.buffer[primeSize * i], primeSize) - != NULL); - MakePgreaterThanQ(Z); - return TRUE; -Error: - return FALSE; - } - -//*** ComputePrivateExponent() -// This function computes the private exponent from the primes. -// Return Type: BOOL -// TRUE(1) success -// FALSE(0) failure -static BOOL -ComputePrivateExponent( - bigNum pubExp, // IN: the public exponent - privateExponent *Z // IN/OUT: on input, has primes P and Q. On - // output, has P, Q, dP, dQ, and pInv - ) -{ - BOOL pOK; - BOOL qOK; - BN_PRIME(pT); -// - // make p the larger value so that m2 is always less than p - MakePgreaterThanQ(Z); - - //dP = (1/e) mod (p-1) - pOK = BnSubWord(pT, Z->P, 1); - pOK = pOK && BnModInverse(Z->dP, pubExp, pT); - //dQ = (1/e) mod (q-1) - qOK = BnSubWord(pT, Z->Q, 1); - qOK = qOK && BnModInverse(Z->dQ, pubExp, pT); - // qInv = (1/q) mod p - if(pOK && qOK) - pOK = qOK = BnModInverse(Z->qInv, Z->Q, Z->P); - if(!pOK) - BnSetWord(Z->P, 0); - if(!qOK) - BnSetWord(Z->Q, 0); - return pOK && qOK; -} - -//*** RsaPrivateKeyOp() -// This function is called to do the exponentiation with the private key. Compile -// options allow use of the simple (but slow) private exponent, or the more complex -// but faster CRT method. -// Return Type: BOOL -// TRUE(1) success -// FALSE(0) failure -static BOOL -RsaPrivateKeyOp( - bigNum inOut, // IN/OUT: number to be exponentiated - privateExponent *Z - ) -{ - BN_RSA(M1); - BN_RSA(M2); - BN_RSA(M); - BN_RSA(H); -// - MakePgreaterThanQ(Z); - // m1 = cdP mod p - VERIFY(BnModExp(M1, inOut, Z->dP, Z->P)); - // m2 = cdQ mod q - VERIFY(BnModExp(M2, inOut, Z->dQ, Z->Q)); - // h = qInv * (m1 - m2) mod p = qInv * (m1 + P - m2) mod P because Q < P - // so m2 < P - VERIFY(BnSub(H, Z->P, M2)); - VERIFY(BnAdd(H, H, M1)); - VERIFY(BnModMult(H, H, Z->qInv, Z->P)); - // m = m2 + h * q - VERIFY(BnMult(M, H, Z->Q)); - VERIFY(BnAdd(inOut, M2, M)); - return TRUE; -Error: - return FALSE; -} - -//*** RSAEP() -// This function performs the RSAEP operation defined in PKCS#1v2.1. It is -// an exponentiation of a value ('m') with the public exponent ('e'), modulo -// the public ('n'). -// -// Return Type: TPM_RC -// TPM_RC_VALUE number to exponentiate is larger than the modulus -// -static TPM_RC -RSAEP( - TPM2B *dInOut, // IN: size of the encrypted block and the size of - // the encrypted value. It must be the size of - // the modulus. - // OUT: the encrypted data. Will receive the - // decrypted value - OBJECT *key // IN: the key to use - ) -{ - TPM2B_TYPE(4BYTES, 4); - TPM2B_4BYTES e2B; - UINT32 e = key->publicArea.parameters.rsaDetail.exponent; -// - if(e == 0) - e = RSA_DEFAULT_PUBLIC_EXPONENT; - UINT32_TO_BYTE_ARRAY(e, e2B.t.buffer); - e2B.t.size = 4; - return ModExpB(dInOut->size, dInOut->buffer, dInOut->size, dInOut->buffer, - e2B.t.size, e2B.t.buffer, key->publicArea.unique.rsa.t.size, - key->publicArea.unique.rsa.t.buffer); -} - -//*** RSADP() -// This function performs the RSADP operation defined in PKCS#1v2.1. It is -// an exponentiation of a value ('c') with the private exponent ('d'), modulo -// the public modulus ('n'). The decryption is in place. -// -// This function also checks the size of the private key. If the size indicates -// that only a prime value is present, the key is converted to being a private -// exponent. -// -// Return Type: TPM_RC -// TPM_RC_SIZE the value to decrypt is larger than the modulus -// -static TPM_RC -RSADP( - TPM2B *inOut, // IN/OUT: the value to encrypt - OBJECT *key // IN: the key - ) -{ - BN_RSA_INITIALIZED(bnM, inOut); - NEW_PRIVATE_EXPONENT(Z); - if(UnsignedCompareB(inOut->size, inOut->buffer, - key->publicArea.unique.rsa.t.size, - key->publicArea.unique.rsa.t.buffer) >= 0) - return TPM_RC_SIZE; - // private key operation requires that private exponent be loaded - // During self-test, this might not be the case so load it up if it hasn't - // already done - // been done - if((key->sensitive.sensitive.rsa.t.size & RSA_prime_flag) == 0) - { - if(CryptRsaLoadPrivateExponent(&key->publicArea, &key->sensitive) - != TPM_RC_SUCCESS) - return TPM_RC_BINDING; - } - VERIFY(UnpackExponent(&key->sensitive.sensitive.rsa, Z)); - VERIFY(RsaPrivateKeyOp(bnM, Z)); - VERIFY(BnTo2B(bnM, inOut, inOut->size)); - return TPM_RC_SUCCESS; -Error: - return TPM_RC_FAILURE; -} - -//*** OaepEncode() -// This function performs OAEP padding. The size of the buffer to receive the -// OAEP padded data must equal the size of the modulus -// -// Return Type: TPM_RC -// TPM_RC_VALUE 'hashAlg' is not valid or message size is too large -// -static TPM_RC -OaepEncode( - TPM2B *padded, // OUT: the pad data - TPM_ALG_ID hashAlg, // IN: algorithm to use for padding - const TPM2B *label, // IN: null-terminated string (may be NULL) - TPM2B *message, // IN: the message being padded - RAND_STATE *rand // IN: the random number generator to use - ) -{ - INT32 padLen; - INT32 dbSize; - INT32 i; - BYTE mySeed[MAX_DIGEST_SIZE]; - BYTE *seed = mySeed; - UINT16 hLen = CryptHashGetDigestSize(hashAlg); - BYTE mask[MAX_RSA_KEY_BYTES]; - BYTE *pp; - BYTE *pm; - TPM_RC retVal = TPM_RC_SUCCESS; - - pAssert(padded != NULL && message != NULL); - - // A value of zero is not allowed because the KDF can't produce a result - // if the digest size is zero. - if(hLen == 0) - return TPM_RC_VALUE; - - // Basic size checks - // make sure digest isn't too big for key size - if(padded->size < (2 * hLen) + 2) - ERROR_RETURN(TPM_RC_HASH); - - // and that message will fit messageSize <= k - 2hLen - 2 - if(message->size > (padded->size - (2 * hLen) - 2)) - ERROR_RETURN(TPM_RC_VALUE); - - // Hash L even if it is null - // Offset into padded leaving room for masked seed and byte of zero - pp = &padded->buffer[hLen + 1]; - if(CryptHashBlock(hashAlg, label->size, (BYTE *)label->buffer, - hLen, pp) != hLen) - ERROR_RETURN(TPM_RC_FAILURE); - - // concatenate PS of k mLen 2hLen 2 - padLen = padded->size - message->size - (2 * hLen) - 2; - MemorySet(&pp[hLen], 0, padLen); - pp[hLen + padLen] = 0x01; - padLen += 1; - memcpy(&pp[hLen + padLen], message->buffer, message->size); - - // The total size of db = hLen + pad + mSize; - dbSize = hLen + padLen + message->size; - - // If testing, then use the provided seed. Otherwise, use values - // from the RNG - CryptRandomGenerate(hLen, mySeed); - DRBG_Generate(rand, mySeed, (UINT16)hLen); - if(g_inFailureMode) - ERROR_RETURN(TPM_RC_FAILURE); - // mask = MGF1 (seed, nSize hLen 1) - CryptMGF1(dbSize, mask, hashAlg, hLen, seed); - - // Create the masked db - pm = mask; - for(i = dbSize; i > 0; i--) - *pp++ ^= *pm++; - pp = &padded->buffer[hLen + 1]; - - // Run the masked data through MGF1 - if(CryptMGF1(hLen, &padded->buffer[1], hashAlg, dbSize, pp) != (unsigned)hLen) - ERROR_RETURN(TPM_RC_VALUE); -// Now XOR the seed to create masked seed - pp = &padded->buffer[1]; - pm = seed; - for(i = hLen; i > 0; i--) - *pp++ ^= *pm++; - // Set the first byte to zero - padded->buffer[0] = 0x00; -Exit: - return retVal; -} - -//*** OaepDecode() -// This function performs OAEP padding checking. The size of the buffer to receive -// the recovered data. If the padding is not valid, the 'dSize' size is set to zero -// and the function returns TPM_RC_VALUE. -// -// The 'dSize' parameter is used as an input to indicate the size available in the -// buffer. - -// If insufficient space is available, the size is not changed and the return code -// is TPM_RC_VALUE. -// -// Return Type: TPM_RC -// TPM_RC_VALUE the value to decode was larger than the modulus, or -// the padding is wrong or the buffer to receive the -// results is too small -// -// -static TPM_RC -OaepDecode( - TPM2B *dataOut, // OUT: the recovered data - TPM_ALG_ID hashAlg, // IN: algorithm to use for padding - const TPM2B *label, // IN: null-terminated string (may be NULL) - TPM2B *padded // IN: the padded data - ) -{ - UINT32 i; - BYTE seedMask[MAX_DIGEST_SIZE]; - UINT32 hLen = CryptHashGetDigestSize(hashAlg); - - BYTE mask[MAX_RSA_KEY_BYTES]; - BYTE *pp; - BYTE *pm; - TPM_RC retVal = TPM_RC_SUCCESS; - - // Strange size (anything smaller can't be an OAEP padded block) - // Also check for no leading 0 - if((padded->size < (unsigned)((2 * hLen) + 2)) || (padded->buffer[0] != 0)) - ERROR_RETURN(TPM_RC_VALUE); -// Use the hash size to determine what to put through MGF1 in order -// to recover the seedMask - CryptMGF1(hLen, seedMask, hashAlg, padded->size - hLen - 1, - &padded->buffer[hLen + 1]); - - // Recover the seed into seedMask - pAssert(hLen <= sizeof(seedMask)); - pp = &padded->buffer[1]; - pm = seedMask; - for(i = hLen; i > 0; i--) - *pm++ ^= *pp++; - - // Use the seed to generate the data mask - CryptMGF1(padded->size - hLen - 1, mask, hashAlg, hLen, seedMask); - - // Use the mask generated from seed to recover the padded data - pp = &padded->buffer[hLen + 1]; - pm = mask; - for(i = (padded->size - hLen - 1); i > 0; i--) - *pm++ ^= *pp++; - - // Make sure that the recovered data has the hash of the label - // Put trial value in the seed mask - if((CryptHashBlock(hashAlg, label->size, (BYTE *)label->buffer, - hLen, seedMask)) != hLen) - FAIL(FATAL_ERROR_INTERNAL); - if(memcmp(seedMask, mask, hLen) != 0) - ERROR_RETURN(TPM_RC_VALUE); - - // find the start of the data - pm = &mask[hLen]; - for(i = (UINT32)padded->size - (2 * hLen) - 1; i > 0; i--) - { - if(*pm++ != 0) - break; - } - // If we ran out of data or didn't end with 0x01, then return an error - if(i == 0 || pm[-1] != 0x01) - ERROR_RETURN(TPM_RC_VALUE); - - // pm should be pointing at the first part of the data - // and i is one greater than the number of bytes to move - i--; - if(i > dataOut->size) - // Special exit to preserve the size of the output buffer - return TPM_RC_VALUE; - memcpy(dataOut->buffer, pm, i); - dataOut->size = (UINT16)i; -Exit: - if(retVal != TPM_RC_SUCCESS) - dataOut->size = 0; - return retVal; -} - -//*** PKCS1v1_5Encode() -// This function performs the encoding for RSAES-PKCS1-V1_5-ENCRYPT as defined in -// PKCS#1V2.1 -// Return Type: TPM_RC -// TPM_RC_VALUE message size is too large -// -static TPM_RC -RSAES_PKCS1v1_5Encode( - TPM2B *padded, // OUT: the pad data - TPM2B *message, // IN: the message being padded - RAND_STATE *rand - ) -{ - UINT32 ps = padded->size - message->size - 3; -// - if(message->size > padded->size - 11) - return TPM_RC_VALUE; - // move the message to the end of the buffer - memcpy(&padded->buffer[padded->size - message->size], message->buffer, - message->size); - // Set the first byte to 0x00 and the second to 0x02 - padded->buffer[0] = 0; - padded->buffer[1] = 2; - - // Fill with random bytes - DRBG_Generate(rand, &padded->buffer[2], (UINT16)ps); - if(g_inFailureMode) - return TPM_RC_FAILURE; - - // Set the delimiter for the random field to 0 - padded->buffer[2 + ps] = 0; - - // Now, the only messy part. Make sure that all the 'ps' bytes are non-zero - // In this implementation, use the value of the current index - for(ps++; ps > 1; ps--) - { - if(padded->buffer[ps] == 0) - padded->buffer[ps] = 0x55; // In the < 0.5% of the cases that the - // random value is 0, just pick a value to - // put into the spot. - } - return TPM_RC_SUCCESS; -} - -//*** RSAES_Decode() -// This function performs the decoding for RSAES-PKCS1-V1_5-ENCRYPT as defined in -// PKCS#1V2.1 -// -// Return Type: TPM_RC -// TPM_RC_FAIL decoding error or results would no fit into provided buffer -// -static TPM_RC -RSAES_Decode( - TPM2B *message, // OUT: the recovered message - TPM2B *coded // IN: the encoded message - ) -{ - BOOL fail = FALSE; - UINT16 pSize; - - fail = (coded->size < 11); - fail = (coded->buffer[0] != 0x00) | fail; - fail = (coded->buffer[1] != 0x02) | fail; - for(pSize = 2; pSize < coded->size; pSize++) - { - if(coded->buffer[pSize] == 0) - break; - } - pSize++; - - // Make sure that pSize has not gone over the end and that there are at least 8 - // bytes of pad data. - fail = (pSize > coded->size) | fail; - fail = ((pSize - 2) < 8) | fail; - if((message->size < (UINT16)(coded->size - pSize)) || fail) - return TPM_RC_VALUE; - message->size = coded->size - pSize; - memcpy(message->buffer, &coded->buffer[pSize], coded->size - pSize); - return TPM_RC_SUCCESS; -} - -//*** CryptRsaPssSaltSize() -// This function computes the salt size used in PSS. It is broken out so that -// the X509 code can get the same value that is used by the encoding function in this -// module. -INT16 -CryptRsaPssSaltSize( - INT16 hashSize, - INT16 outSize -) -{ - INT16 saltSize; -// - // (Mask Length) = (outSize - hashSize - 1); - // Max saltSize is (Mask Length) - 1 - saltSize = (outSize - hashSize - 1) - 1; - // Use the maximum salt size allowed by FIPS 186-4 - if(saltSize > hashSize) - saltSize = hashSize; - else if(saltSize < 0) - saltSize = 0; - return saltSize; -} - -//*** PssEncode() -// This function creates an encoded block of data that is the size of modulus. -// The function uses the maximum salt size that will fit in the encoded block. -// -// Returns TPM_RC_SUCCESS or goes into failure mode. -static TPM_RC -PssEncode( - TPM2B *out, // OUT: the encoded buffer - TPM_ALG_ID hashAlg, // IN: hash algorithm for the encoding - TPM2B *digest, // IN: the digest - RAND_STATE *rand // IN: random number source - ) -{ - UINT32 hLen = CryptHashGetDigestSize(hashAlg); - BYTE salt[MAX_RSA_KEY_BYTES - 1]; - UINT16 saltSize; - BYTE *ps = salt; - BYTE *pOut; - UINT16 mLen; - HASH_STATE hashState; - - // These are fatal errors indicating bad TPM firmware - pAssert(out != NULL && hLen > 0 && digest != NULL); - - // Get the size of the mask - mLen = (UINT16)(out->size - hLen - 1); - - // Set the salt size - saltSize = CryptRsaPssSaltSize((INT16)hLen, (INT16)out->size); - -//using eOut for scratch space - // Set the first 8 bytes to zero - pOut = out->buffer; - memset(pOut, 0, 8); - - // Get set the salt - DRBG_Generate(rand, salt, saltSize); - if(g_inFailureMode) - return TPM_RC_FAILURE; - - // Create the hash of the pad || input hash || salt - CryptHashStart(&hashState, hashAlg); - CryptDigestUpdate(&hashState, 8, pOut); - CryptDigestUpdate2B(&hashState, digest); - CryptDigestUpdate(&hashState, saltSize, salt); - CryptHashEnd(&hashState, hLen, &pOut[out->size - hLen - 1]); - - // Create a mask - if(CryptMGF1(mLen, pOut, hashAlg, hLen, &pOut[mLen]) != mLen) - FAIL(FATAL_ERROR_INTERNAL); - - // Since this implementation uses key sizes that are all even multiples of - // 8, just need to make sure that the most significant bit is CLEAR - *pOut &= 0x7f; - - // Before we mess up the pOut value, set the last byte to 0xbc - pOut[out->size - 1] = 0xbc; - - // XOR a byte of 0x01 at the position just before where the salt will be XOR'ed - pOut = &pOut[mLen - saltSize - 1]; - *pOut++ ^= 0x01; - - // XOR the salt data into the buffer - for(; saltSize > 0; saltSize--) - *pOut++ ^= *ps++; - - // and we are done - return TPM_RC_SUCCESS; -} - -//*** PssDecode() -// This function checks that the PSS encoded block was built from the -// provided digest. If the check is successful, TPM_RC_SUCCESS is returned. -// Any other value indicates an error. -// -// This implementation of PSS decoding is intended for the reference TPM -// implementation and is not at all generalized. It is used to check -// signatures over hashes and assumptions are made about the sizes of values. -// Those assumptions are enforce by this implementation. -// This implementation does allow for a variable size salt value to have been -// used by the creator of the signature. -// -// Return Type: TPM_RC -// TPM_RC_SCHEME 'hashAlg' is not a supported hash algorithm -// TPM_RC_VALUE decode operation failed -// -static TPM_RC -PssDecode( - TPM_ALG_ID hashAlg, // IN: hash algorithm to use for the encoding - TPM2B *dIn, // In: the digest to compare - TPM2B *eIn // IN: the encoded data - ) -{ - UINT32 hLen = CryptHashGetDigestSize(hashAlg); - BYTE mask[MAX_RSA_KEY_BYTES]; - BYTE *pm = mask; - BYTE *pe; - BYTE pad[8] = {0}; - UINT32 i; - UINT32 mLen; - BYTE fail; - TPM_RC retVal = TPM_RC_SUCCESS; - HASH_STATE hashState; - - // These errors are indicative of failures due to programmer error - pAssert(dIn != NULL && eIn != NULL); - pe = eIn->buffer; - - // check the hash scheme - if(hLen == 0) - ERROR_RETURN(TPM_RC_SCHEME); - - // most significant bit must be zero - fail = pe[0] & 0x80; - - // last byte must be 0xbc - fail |= pe[eIn->size - 1] ^ 0xbc; - - // Use the hLen bytes at the end of the buffer to generate a mask - // Doesn't start at the end which is a flag byte - mLen = eIn->size - hLen - 1; - CryptMGF1(mLen, mask, hashAlg, hLen, &pe[mLen]); - - // Clear the MSO of the mask to make it consistent with the encoding. - mask[0] &= 0x7F; - - pAssert(mLen <= sizeof(mask)); - // XOR the data into the mask to recover the salt. This sequence - // advances eIn so that it will end up pointing to the seed data - // which is the hash of the signature data - for(i = mLen; i > 0; i--) - *pm++ ^= *pe++; - - // Find the first byte of 0x01 after a string of all 0x00 - for(pm = mask, i = mLen; i > 0; i--) - { - if(*pm == 0x01) - break; - else - fail |= *pm++; - } - // i should not be zero - fail |= (i == 0); - - // if we have failed, will continue using the entire mask as the salt value so - // that the timing attacks will not disclose anything (I don't think that this - // is a problem for TPM applications but, usually, we don't fail so this - // doesn't cost anything). - if(fail) - { - i = mLen; - pm = mask; - } - else - { - pm++; - i--; - } - // i contains the salt size and pm points to the salt. Going to use the input - // hash and the seed to recreate the hash in the lower portion of eIn. - CryptHashStart(&hashState, hashAlg); - - // add the pad of 8 zeros - CryptDigestUpdate(&hashState, 8, pad); - - // add the provided digest value - CryptDigestUpdate(&hashState, dIn->size, dIn->buffer); - - // and the salt - CryptDigestUpdate(&hashState, i, pm); - - // get the result - fail |= (CryptHashEnd(&hashState, hLen, mask) != hLen); - - // Compare all bytes - for(pm = mask; hLen > 0; hLen--) - // don't use fail = because that could skip the increment and compare - // operations after the first failure and that gives away timing - // information. - fail |= *pm++ ^ *pe++; - - retVal = (fail != 0) ? TPM_RC_VALUE : TPM_RC_SUCCESS; -Exit: - return retVal; -} - -//*** MakeDerTag() -// Construct the DER value that is used in RSASSA -// Return Type: INT16 -// > 0 size of value -// <= 0 no hash exists -INT16 -MakeDerTag( - TPM_ALG_ID hashAlg, - INT16 sizeOfBuffer, - BYTE *buffer -) -{ -// 0x30, 0x31, // SEQUENCE (2 elements) 1st -// 0x30, 0x0D, // SEQUENCE (2 elements) -// 0x06, 0x09, // HASH OID -// 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, -// 0x05, 0x00, // NULL -// 0x04, 0x20 // OCTET STRING - HASH_DEF *info = CryptGetHashDef(hashAlg); - INT16 oidSize; - // If no OID, can't do encode - VERIFY(info != NULL); - oidSize = 2 + (info->OID)[1]; - // make sure this fits in the buffer - VERIFY(sizeOfBuffer >= (oidSize + 8)); - *buffer++ = 0x30; // 1st SEQUENCE - // Size of the 1st SEQUENCE is 6 bytes + size of the hash OID + size of the - // digest size - *buffer++ = (BYTE)(6 + oidSize + info->digestSize); // - *buffer++ = 0x30; // 2nd SEQUENCE - // size is 4 bytes of overhead plus the side of the OID - *buffer++ = (BYTE)(2 + oidSize); - MemoryCopy(buffer, info->OID, oidSize); - buffer += oidSize; - *buffer++ = 0x05; // Add a NULL - *buffer++ = 0x00; - - *buffer++ = 0x04; - *buffer++ = (BYTE)(info->digestSize); - return oidSize + 8; -Error: - return 0; - -} - -//*** RSASSA_Encode() -// Encode a message using PKCS1v1.5 method. -// -// Return Type: TPM_RC -// TPM_RC_SCHEME 'hashAlg' is not a supported hash algorithm -// TPM_RC_SIZE 'eOutSize' is not large enough -// TPM_RC_VALUE 'hInSize' does not match the digest size of hashAlg -static TPM_RC -RSASSA_Encode( - TPM2B *pOut, // IN:OUT on in, the size of the public key - // on out, the encoded area - TPM_ALG_ID hashAlg, // IN: hash algorithm for PKCS1v1_5 - TPM2B *hIn // IN: digest value to encode - ) -{ - BYTE DER[20]; - BYTE *der = DER; - INT32 derSize = MakeDerTag(hashAlg, sizeof(DER), DER); - BYTE *eOut; - INT32 fillSize; - TPM_RC retVal = TPM_RC_SUCCESS; - - // Can't use this scheme if the algorithm doesn't have a DER string defined. - if(derSize == 0) - ERROR_RETURN(TPM_RC_SCHEME); - - // If the digest size of 'hashAl' doesn't match the input digest size, then - // the DER will misidentify the digest so return an error - if(CryptHashGetDigestSize(hashAlg) != hIn->size) - ERROR_RETURN(TPM_RC_VALUE); - fillSize = pOut->size - derSize - hIn->size - 3; - eOut = pOut->buffer; - - // Make sure that this combination will fit in the provided space - if(fillSize < 8) - ERROR_RETURN(TPM_RC_SIZE); - - // Start filling - *eOut++ = 0; // initial byte of zero - *eOut++ = 1; // byte of 0x01 - for(; fillSize > 0; fillSize--) - *eOut++ = 0xff; // bunch of 0xff - *eOut++ = 0; // another 0 - for(; derSize > 0; derSize--) - *eOut++ = *der++; // copy the DER - der = hIn->buffer; - for(fillSize = hIn->size; fillSize > 0; fillSize--) - *eOut++ = *der++; // copy the hash -Exit: - return retVal; -} - -//*** RSASSA_Decode() -// This function performs the RSASSA decoding of a signature. -// -// Return Type: TPM_RC -// TPM_RC_VALUE decode unsuccessful -// TPM_RC_SCHEME 'haslAlg' is not supported -// -static TPM_RC -RSASSA_Decode( - TPM_ALG_ID hashAlg, // IN: hash algorithm to use for the encoding - TPM2B *hIn, // In: the digest to compare - TPM2B *eIn // IN: the encoded data - ) -{ - BYTE fail; - BYTE DER[20]; - BYTE *der = DER; - INT32 derSize = MakeDerTag(hashAlg, sizeof(DER), DER); - BYTE *pe; - INT32 hashSize = CryptHashGetDigestSize(hashAlg); - INT32 fillSize; - TPM_RC retVal; - BYTE *digest; - UINT16 digestSize; - - pAssert(hIn != NULL && eIn != NULL); - pe = eIn->buffer; - - // Can't use this scheme if the algorithm doesn't have a DER string - // defined or if the provided hash isn't the right size - if(derSize == 0 || (unsigned)hashSize != hIn->size) - ERROR_RETURN(TPM_RC_SCHEME); - - // Make sure that this combination will fit in the provided space - // Since no data movement takes place, can just walk though this - // and accept nearly random values. This can only be called from - // CryptValidateSignature() so eInSize is known to be in range. - fillSize = eIn->size - derSize - hashSize - 3; - - // Start checking (fail will become non-zero if any of the bytes do not have - // the expected value. - fail = *pe++; // initial byte of zero - fail |= *pe++ ^ 1; // byte of 0x01 - for(; fillSize > 0; fillSize--) - fail |= *pe++ ^ 0xff; // bunch of 0xff - fail |= *pe++; // another 0 - for(; derSize > 0; derSize--) - fail |= *pe++ ^ *der++; // match the DER - digestSize = hIn->size; - digest = hIn->buffer; - for(; digestSize > 0; digestSize--) - fail |= *pe++ ^ *digest++; // match the hash - retVal = (fail != 0) ? TPM_RC_VALUE : TPM_RC_SUCCESS; -Exit: - return retVal; -} - -//** Externally Accessible Functions - -//*** CryptRsaSelectScheme() -// This function is used by TPM2_RSA_Decrypt and TPM2_RSA_Encrypt. It sets up -// the rules to select a scheme between input and object default. -// This function assume the RSA object is loaded. -// If a default scheme is defined in object, the default scheme should be chosen, -// otherwise, the input scheme should be chosen. -// In the case that both the object and 'scheme' are not TPM_ALG_NULL, then -// if the schemes are the same, the input scheme will be chosen. -// if the scheme are not compatible, a NULL pointer will be returned. -// -// The return pointer may point to a TPM_ALG_NULL scheme. -TPMT_RSA_DECRYPT* -CryptRsaSelectScheme( - TPMI_DH_OBJECT rsaHandle, // IN: handle of an RSA key - TPMT_RSA_DECRYPT *scheme // IN: a sign or decrypt scheme - ) -{ - OBJECT *rsaObject; - TPMT_ASYM_SCHEME *keyScheme; - TPMT_RSA_DECRYPT *retVal = NULL; - - // Get sign object pointer - rsaObject = HandleToObject(rsaHandle); - keyScheme = &rsaObject->publicArea.parameters.asymDetail.scheme; - - // if the default scheme of the object is TPM_ALG_NULL, then select the - // input scheme - if(keyScheme->scheme == TPM_ALG_NULL) - { - retVal = scheme; - } - // if the object scheme is not TPM_ALG_NULL and the input scheme is - // TPM_ALG_NULL, then select the default scheme of the object. - else if(scheme->scheme == TPM_ALG_NULL) - { - // if input scheme is NULL - retVal = (TPMT_RSA_DECRYPT *)keyScheme; - } - // get here if both the object scheme and the input scheme are - // not TPM_ALG_NULL. Need to insure that they are the same. - // IMPLEMENTATION NOTE: This could cause problems if future versions have - // schemes that have more values than just a hash algorithm. A new function - // (IsSchemeSame()) might be needed then. - else if(keyScheme->scheme == scheme->scheme - && keyScheme->details.anySig.hashAlg == scheme->details.anySig.hashAlg) - { - retVal = scheme; - } - // two different, incompatible schemes specified will return NULL - return retVal; -} - -//*** CryptRsaLoadPrivateExponent() -// This function is called to generate the private exponent of an RSA key. -// Return Type: TPM_RC -// TPM_RC_BINDING public and private parts of 'rsaKey' are not matched -TPM_RC -CryptRsaLoadPrivateExponent( - TPMT_PUBLIC *publicArea, - TPMT_SENSITIVE *sensitive - ) -{ -// - if((sensitive->sensitive.rsa.t.size & RSA_prime_flag) == 0) - { - if((sensitive->sensitive.rsa.t.size * 2) == publicArea->unique.rsa.t.size) - { - NEW_PRIVATE_EXPONENT(Z); - BN_RSA_INITIALIZED(bnN, &publicArea->unique.rsa); - BN_RSA(bnQr); - BN_VAR(bnE, RADIX_BITS); - - TEST(ALG_NULL_VALUE); - - VERIFY((sensitive->sensitive.rsa.t.size * 2) - == publicArea->unique.rsa.t.size); - // Initialize the exponent - BnSetWord(bnE, publicArea->parameters.rsaDetail.exponent); - if(BnEqualZero(bnE)) - BnSetWord(bnE, RSA_DEFAULT_PUBLIC_EXPONENT); - // Convert first prime to 2B - VERIFY(BnFrom2B(Z->P, &sensitive->sensitive.rsa.b) != NULL); - - // Find the second prime by division. This uses 'bQ' rather than Z->Q - // because the division could make the quotient larger than a prime during - // some intermediate step. - VERIFY(BnDiv(Z->Q, bnQr, bnN, Z->P)); - VERIFY(BnEqualZero(bnQr)); - // Compute the private exponent and return it if found - VERIFY(ComputePrivateExponent(bnE, Z)); - VERIFY(PackExponent(&sensitive->sensitive.rsa, Z)); - } - else - VERIFY(((sensitive->sensitive.rsa.t.size / 5) * 2) - == publicArea->unique.rsa.t.size); - sensitive->sensitive.rsa.t.size |= RSA_prime_flag; - } - return TPM_RC_SUCCESS; -Error: - return TPM_RC_BINDING; -} - -//*** CryptRsaEncrypt() -// This is the entry point for encryption using RSA. Encryption is -// use of the public exponent. The padding parameter determines what -// padding will be used. -// -// The 'cOutSize' parameter must be at least as large as the size of the key. -// -// If the padding is RSA_PAD_NONE, 'dIn' is treated as a number. It must be -// lower in value than the key modulus. -// NOTE: If dIn has fewer bytes than cOut, then we don't add low-order zeros to -// dIn to make it the size of the RSA key for the call to RSAEP. This is -// because the high order bytes of dIn might have a numeric value that is -// greater than the value of the key modulus. If this had low-order zeros -// added, it would have a numeric value larger than the modulus even though -// it started out with a lower numeric value. -// -// Return Type: TPM_RC -// TPM_RC_VALUE 'cOutSize' is too small (must be the size -// of the modulus) -// TPM_RC_SCHEME 'padType' is not a supported scheme -// -LIB_EXPORT TPM_RC -CryptRsaEncrypt( - TPM2B_PUBLIC_KEY_RSA *cOut, // OUT: the encrypted data - TPM2B *dIn, // IN: the data to encrypt - OBJECT *key, // IN: the key used for encryption - TPMT_RSA_DECRYPT *scheme, // IN: the type of padding and hash - // if needed - const TPM2B *label, // IN: in case it is needed - RAND_STATE *rand // IN: random number generator - // state (mostly for testing) - ) -{ - TPM_RC retVal = TPM_RC_SUCCESS; - TPM2B_PUBLIC_KEY_RSA dataIn; -// - // if the input and output buffers are the same, copy the input to a scratch - // buffer so that things don't get messed up. - if(dIn == &cOut->b) - { - MemoryCopy2B(&dataIn.b, dIn, sizeof(dataIn.t.buffer)); - dIn = &dataIn.b; - } - // All encryption schemes return the same size of data - cOut->t.size = key->publicArea.unique.rsa.t.size; - TEST(scheme->scheme); - - switch(scheme->scheme) - { - case ALG_NULL_VALUE: // 'raw' encryption - { - INT32 i; - INT32 dSize = dIn->size; - // dIn can have more bytes than cOut as long as the extra bytes - // are zero. Note: the more significant bytes of a number in a byte - // buffer are the bytes at the start of the array. - for(i = 0; (i < dSize) && (dIn->buffer[i] == 0); i++); - dSize -= i; - if(dSize > cOut->t.size) - ERROR_RETURN(TPM_RC_VALUE); - // Pad cOut with zeros if dIn is smaller - memset(cOut->t.buffer, 0, cOut->t.size - dSize); - // And copy the rest of the value - memcpy(&cOut->t.buffer[cOut->t.size - dSize], &dIn->buffer[i], dSize); - - // If the size of dIn is the same as cOut dIn could be larger than - // the modulus. If it is, then RSAEP() will catch it. - } - break; - case ALG_RSAES_VALUE: - retVal = RSAES_PKCS1v1_5Encode(&cOut->b, dIn, rand); - break; - case ALG_OAEP_VALUE: - retVal = OaepEncode(&cOut->b, scheme->details.oaep.hashAlg, label, dIn, - rand); - break; - default: - ERROR_RETURN(TPM_RC_SCHEME); - break; - } - // All the schemes that do padding will come here for the encryption step - // Check that the Encoding worked - if(retVal == TPM_RC_SUCCESS) - // Padding OK so do the encryption - retVal = RSAEP(&cOut->b, key); -Exit: - return retVal; -} - -//*** CryptRsaDecrypt() -// This is the entry point for decryption using RSA. Decryption is -// use of the private exponent. The 'padType' parameter determines what -// padding was used. -// -// Return Type: TPM_RC -// TPM_RC_SIZE 'cInSize' is not the same as the size of the public -// modulus of 'key'; or numeric value of the encrypted -// data is greater than the modulus -// TPM_RC_VALUE 'dOutSize' is not large enough for the result -// TPM_RC_SCHEME 'padType' is not supported -// -LIB_EXPORT TPM_RC -CryptRsaDecrypt( - TPM2B *dOut, // OUT: the decrypted data - TPM2B *cIn, // IN: the data to decrypt - OBJECT *key, // IN: the key to use for decryption - TPMT_RSA_DECRYPT *scheme, // IN: the padding scheme - const TPM2B *label // IN: in case it is needed for the scheme - ) -{ - TPM_RC retVal; - - // Make sure that the necessary parameters are provided - pAssert(cIn != NULL && dOut != NULL && key != NULL); - - // Size is checked to make sure that the encrypted value is the right size - if(cIn->size != key->publicArea.unique.rsa.t.size) - ERROR_RETURN(TPM_RC_SIZE); - - TEST(scheme->scheme); - - // For others that do padding, do the decryption in place and then - // go handle the decoding. - retVal = RSADP(cIn, key); - if(retVal == TPM_RC_SUCCESS) - { - // Remove padding - switch(scheme->scheme) - { - case ALG_NULL_VALUE: - if(dOut->size < cIn->size) - return TPM_RC_VALUE; - MemoryCopy2B(dOut, cIn, dOut->size); - break; - case ALG_RSAES_VALUE: - retVal = RSAES_Decode(dOut, cIn); - break; - case ALG_OAEP_VALUE: - retVal = OaepDecode(dOut, scheme->details.oaep.hashAlg, label, cIn); - break; - default: - retVal = TPM_RC_SCHEME; - break; - } - } -Exit: - return retVal; -} - -//*** CryptRsaSign() -// This function is used to generate an RSA signature of the type indicated in -// 'scheme'. -// -// Return Type: TPM_RC -// TPM_RC_SCHEME 'scheme' or 'hashAlg' are not supported -// TPM_RC_VALUE 'hInSize' does not match 'hashAlg' (for RSASSA) -// -LIB_EXPORT TPM_RC -CryptRsaSign( - TPMT_SIGNATURE *sigOut, - OBJECT *key, // IN: key to use - TPM2B_DIGEST *hIn, // IN: the digest to sign - RAND_STATE *rand // IN: the random number generator - // to use (mostly for testing) - ) -{ - TPM_RC retVal = TPM_RC_SUCCESS; - UINT16 modSize; - - // parameter checks - pAssert(sigOut != NULL && key != NULL && hIn != NULL); - - modSize = key->publicArea.unique.rsa.t.size; - - // for all non-null signatures, the size is the size of the key modulus - sigOut->signature.rsapss.sig.t.size = modSize; - - TEST(sigOut->sigAlg); - - switch(sigOut->sigAlg) - { - case ALG_NULL_VALUE: - sigOut->signature.rsapss.sig.t.size = 0; - return TPM_RC_SUCCESS; - case ALG_RSAPSS_VALUE: - retVal = PssEncode(&sigOut->signature.rsapss.sig.b, - sigOut->signature.rsapss.hash, &hIn->b, rand); - break; - case ALG_RSASSA_VALUE: - retVal = RSASSA_Encode(&sigOut->signature.rsassa.sig.b, - sigOut->signature.rsassa.hash, &hIn->b); - break; - default: - retVal = TPM_RC_SCHEME; - } - if(retVal == TPM_RC_SUCCESS) - { - // Do the encryption using the private key - retVal = RSADP(&sigOut->signature.rsapss.sig.b, key); - } - return retVal; -} - -//*** CryptRsaValidateSignature() -// This function is used to validate an RSA signature. If the signature is valid -// TPM_RC_SUCCESS is returned. If the signature is not valid, TPM_RC_SIGNATURE is -// returned. Other return codes indicate either parameter problems or fatal errors. -// -// Return Type: TPM_RC -// TPM_RC_SIGNATURE the signature does not check -// TPM_RC_SCHEME unsupported scheme or hash algorithm -// -LIB_EXPORT TPM_RC -CryptRsaValidateSignature( - TPMT_SIGNATURE *sig, // IN: signature - OBJECT *key, // IN: public modulus - TPM2B_DIGEST *digest // IN: The digest being validated - ) -{ - TPM_RC retVal; -// - // Fatal programming errors - pAssert(key != NULL && sig != NULL && digest != NULL); - switch(sig->sigAlg) - { - case ALG_RSAPSS_VALUE: - case ALG_RSASSA_VALUE: - break; - default: - return TPM_RC_SCHEME; - } - - // Errors that might be caused by calling parameters - if(sig->signature.rsassa.sig.t.size != key->publicArea.unique.rsa.t.size) - ERROR_RETURN(TPM_RC_SIGNATURE); - - TEST(sig->sigAlg); - - // Decrypt the block - retVal = RSAEP(&sig->signature.rsassa.sig.b, key); - if(retVal == TPM_RC_SUCCESS) - { - switch(sig->sigAlg) - { - case ALG_RSAPSS_VALUE: - retVal = PssDecode(sig->signature.any.hashAlg, &digest->b, - &sig->signature.rsassa.sig.b); - break; - case ALG_RSASSA_VALUE: - retVal = RSASSA_Decode(sig->signature.any.hashAlg, &digest->b, - &sig->signature.rsassa.sig.b); - break; - default: - return TPM_RC_SCHEME; - } - } -Exit: - return (retVal != TPM_RC_SUCCESS) ? TPM_RC_SIGNATURE : TPM_RC_SUCCESS; -} - -#if SIMULATION && USE_RSA_KEY_CACHE -extern int s_rsaKeyCacheEnabled; -int GetCachedRsaKey(TPMT_PUBLIC *publicArea, TPMT_SENSITIVE *sensitive, - RAND_STATE *rand); -#define GET_CACHED_KEY(publicArea, sensitive, rand) \ - (s_rsaKeyCacheEnabled && GetCachedRsaKey(publicArea, sensitive, rand)) -#else -#define GET_CACHED_KEY(key, rand) -#endif - -//*** CryptRsaGenerateKey() -// Generate an RSA key from a provided seed -/*(See part 1 specification) -// The formulation is: -// KDFa(hash, seed, label, Name, Counter, bits) -// Where: -// hash the nameAlg from the public template -// seed a seed (will be a primary seed for a primary key) -// label a distinguishing label including vendor ID and -// vendor-assigned part number for the TPM. -// Name the nameAlg from the template and the hash of the template -// using nameAlg. -// Counter a 32-bit integer that is incremented each time the KDF is -// called in order to produce a specific key. This value -// can be a 32-bit integer in host format and does not need -// to be put in canonical form. -// bits the number of bits needed for the key. -// The following process is implemented to find a RSA key pair: -// 1. pick a random number with enough bits from KDFa as a prime candidate -// 2. set the first two significant bits and the least significant bit of the -// prime candidate -// 3. check if the number is a prime. if not, pick another random number -// 4. Make sure the difference between the two primes are more than 2^104. -// Otherwise, restart the process for the second prime -// 5. If the counter has reached its maximum but we still can not find a valid -// RSA key pair, return an internal error. This is an artificial bound. -// Other implementation may choose a smaller number to indicate how many -// times they are willing to try. -*/ -// Return Type: TPM_RC -// TPM_RC_CANCELED operation was canceled -// TPM_RC_RANGE public exponent is not supported -// TPM_RC_VALUE could not find a prime using the provided parameters -LIB_EXPORT TPM_RC -CryptRsaGenerateKey( - TPMT_PUBLIC *publicArea, - TPMT_SENSITIVE *sensitive, - RAND_STATE *rand // IN: if not NULL, the deterministic - // RNG state - ) -{ - UINT32 i; - BN_RSA(bnD); - BN_RSA(bnN); - BN_WORD(bnPubExp); - UINT32 e = publicArea->parameters.rsaDetail.exponent; - int keySizeInBits; - TPM_RC retVal = TPM_RC_NO_RESULT; - NEW_PRIVATE_EXPONENT(Z); -// - -// Need to make sure that the caller did not specify an exponent that is -// not supported - e = publicArea->parameters.rsaDetail.exponent; - if(e == 0) - e = RSA_DEFAULT_PUBLIC_EXPONENT; - else - { - if(e < 65537) - ERROR_RETURN(TPM_RC_RANGE); - // Check that e is prime - if(!IsPrimeInt(e)) - ERROR_RETURN(TPM_RC_RANGE); - } - BnSetWord(bnPubExp, e); - - // check for supported key size. - keySizeInBits = publicArea->parameters.rsaDetail.keyBits; - if(((keySizeInBits % 1024) != 0) - || (keySizeInBits > MAX_RSA_KEY_BITS) // this might be redundant, but... - || (keySizeInBits == 0)) - ERROR_RETURN(TPM_RC_VALUE); - - // Set the prime size for instrumentation purposes - INSTRUMENT_SET(PrimeIndex, PRIME_INDEX(keySizeInBits / 2)); - -#if SIMULATION && USE_RSA_KEY_CACHE - if(GET_CACHED_KEY(publicArea, sensitive, rand)) - return TPM_RC_SUCCESS; -#endif - - // Make sure that key generation has been tested - TEST(ALG_NULL_VALUE); - - - // The prime is computed in P. When a new prime is found, Q is checked to - // see if it is zero. If so, P is copied to Q and a new P is found. - // When both P and Q are non-zero, the modulus and - // private exponent are computed and a trial encryption/decryption is - // performed. If the encrypt/decrypt fails, assume that at least one of the - // primes is composite. Since we don't know which one, set Q to zero and start - // over and find a new pair of primes. - - for(i = 1; (retVal == TPM_RC_NO_RESULT) && (i != 100); i++) - { - if(_plat__IsCanceled()) - ERROR_RETURN(TPM_RC_CANCELED); - - if(BnGeneratePrimeForRSA(Z->P, keySizeInBits / 2, e, rand) == TPM_RC_FAILURE) - { - retVal = TPM_RC_FAILURE; - goto Exit; - } - - INSTRUMENT_INC(PrimeCounts[PrimeIndex]); - - // If this is the second prime, make sure that it differs from the - // first prime by at least 2^100 - if(BnEqualZero(Z->Q)) - { - // copy p to q and compute another prime in p - BnCopy(Z->Q, Z->P); - continue; - } - // Make sure that the difference is at least 100 bits. Need to do it this - // way because the big numbers are only positive values - if(BnUnsignedCmp(Z->P, Z->Q) < 0) - BnSub(bnD, Z->Q, Z->P); - else - BnSub(bnD, Z->P, Z->Q); - if(BnMsb(bnD) < 100) - continue; - - //Form the public modulus and set the unique value - BnMult(bnN, Z->P, Z->Q); - BnTo2B(bnN, &publicArea->unique.rsa.b, - (NUMBYTES)BITS_TO_BYTES(keySizeInBits)); - // Make sure everything came out right. The MSb of the values must be one - if(((publicArea->unique.rsa.t.buffer[0] & 0x80) == 0) - || (publicArea->unique.rsa.t.size - != (NUMBYTES)BITS_TO_BYTES(keySizeInBits))) - FAIL(FATAL_ERROR_INTERNAL); - - - // Make sure that we can form the private exponent values - if(ComputePrivateExponent(bnPubExp, Z) != TRUE) - { - // If ComputePrivateExponent could not find an inverse for - // Q, then copy P and recompute P. This might - // cause both to be recomputed if P is also zero - if(BnEqualZero(Z->Q)) - BnCopy(Z->Q, Z->P); - continue; - } - - // Pack the private exponent into the sensitive area - PackExponent(&sensitive->sensitive.rsa, Z); - // Make sure everything came out right. The MSb of the values must be one - if(((publicArea->unique.rsa.t.buffer[0] & 0x80) == 0) - || ((sensitive->sensitive.rsa.t.buffer[0] & 0x80) == 0)) - FAIL(FATAL_ERROR_INTERNAL); - - retVal = TPM_RC_SUCCESS; - // Do a trial encryption decryption if this is a signing key - if(IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, sign)) - { - BN_RSA(temp1); - BN_RSA(temp2); - BnGenerateRandomInRange(temp1, bnN, rand); - - // Encrypt with public exponent... - BnModExp(temp2, temp1, bnPubExp, bnN); - // ... then decrypt with private exponent - RsaPrivateKeyOp(temp2, Z); - - // If the starting and ending values are not the same, - // start over )-; - if(BnUnsignedCmp(temp2, temp1) != 0) - { - BnSetWord(Z->Q, 0); - retVal = TPM_RC_NO_RESULT; - } - } - } -Exit: - return retVal; -} - -#endif // ALG_RSA \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptSelfTest.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptSelfTest.c deleted file mode 100644 index 33b312e64..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptSelfTest.c +++ /dev/null @@ -1,222 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Introduction -// The functions in this file are designed to support self-test of cryptographic -// functions in the TPM. The TPM allows the user to decide whether to run self-test -// on a demand basis or to run all the self-tests before proceeding. -// -// The self-tests are controlled by a set of bit vectors. The -// 'g_untestedDecryptionAlgorithms' vector has a bit for each decryption algorithm -// that needs to be tested and 'g_untestedEncryptionAlgorithms' has a bit for -// each encryption algorithm that needs to be tested. Before an algorithm -// is used, the appropriate vector is checked (indexed using the algorithm ID). -// If the bit is 1, then the test function should be called. -// -// For more information, see TpmSelfTests.txt - -#include "Tpm.h" - -//** Functions - -//*** RunSelfTest() -// Local function to run self-test -static TPM_RC -CryptRunSelfTests( - ALGORITHM_VECTOR *toTest // IN: the vector of the algorithms to test - ) -{ - TPM_ALG_ID alg; - - // For each of the algorithms that are in the toTestVecor, need to run a - // test - for(alg = TPM_ALG_FIRST; alg <= TPM_ALG_LAST; alg++) - { - if(TEST_BIT(alg, *toTest)) - { - TPM_RC result = CryptTestAlgorithm(alg, toTest); - if(result != TPM_RC_SUCCESS) - return result; - } - } - return TPM_RC_SUCCESS; -} - -//*** CryptSelfTest() -// This function is called to start/complete a full self-test. -// If 'fullTest' is NO, then only the untested algorithms will be run. If -// 'fullTest' is YES, then 'g_untestedDecryptionAlgorithms' is reinitialized and then -// all tests are run. -// This implementation of the reference design does not support processing outside -// the framework of a TPM command. As a consequence, this command does not -// complete until all tests are done. Since this can take a long time, the TPM -// will check after each test to see if the command is canceled. If so, then the -// TPM will returned TPM_RC_CANCELLED. To continue with the self-tests, call -// TPM2_SelfTest(fullTest == No) and the TPM will complete the testing. -// Return Type: TPM_RC -// TPM_RC_CANCELED if the command is canceled -LIB_EXPORT -TPM_RC -CryptSelfTest( - TPMI_YES_NO fullTest // IN: if full test is required - ) -{ -#if SIMULATION - if(g_forceFailureMode) - FAIL(FATAL_ERROR_FORCED); -#endif - - // If the caller requested a full test, then reset the to test vector so that - // all the tests will be run - if(fullTest == YES) - { - MemoryCopy(g_toTest, - g_implementedAlgorithms, - sizeof(g_toTest)); - } - return CryptRunSelfTests(&g_toTest); -} - -//*** CryptIncrementalSelfTest() -// This function is used to perform an incremental self-test. This implementation -// will perform the toTest values before returning. That is, it assumes that the -// TPM cannot perform background tasks between commands. -// -// This command may be canceled. If it is, then there is no return result. -// However, this command can be run again and the incremental progress will not -// be lost. -// Return Type: TPM_RC -// TPM_RC_CANCELED processing of this command was canceled -// TPM_RC_TESTING if toTest list is not empty -// TPM_RC_VALUE an algorithm in the toTest list is not implemented -TPM_RC -CryptIncrementalSelfTest( - TPML_ALG *toTest, // IN: list of algorithms to be tested - TPML_ALG *toDoList // OUT: list of algorithms needing test - ) -{ - ALGORITHM_VECTOR toTestVector = {0}; - TPM_ALG_ID alg; - UINT32 i; - - pAssert(toTest != NULL && toDoList != NULL); - if(toTest->count > 0) - { - // Transcribe the toTest list into the toTestVector - for(i = 0; i < toTest->count; i++) - { - alg = toTest->algorithms[i]; - - // make sure that the algorithm value is not out of range - if((alg > TPM_ALG_LAST) || !TEST_BIT(alg, g_implementedAlgorithms)) - return TPM_RC_VALUE; - SET_BIT(alg, toTestVector); - } - // Run the test - if(CryptRunSelfTests(&toTestVector) == TPM_RC_CANCELED) - return TPM_RC_CANCELED; - } - // Fill in the toDoList with the algorithms that are still untested - toDoList->count = 0; - - for(alg = TPM_ALG_FIRST; - toDoList->count < MAX_ALG_LIST_SIZE && alg <= TPM_ALG_LAST; - alg++) - { - if(TEST_BIT(alg, g_toTest)) - toDoList->algorithms[toDoList->count++] = alg; - } - return TPM_RC_SUCCESS; -} - -//*** CryptInitializeToTest() -// This function will initialize the data structures for testing all the -// algorithms. This should not be called unless CryptAlgsSetImplemented() has -// been called -void -CryptInitializeToTest( - void - ) -{ - // Indicate that nothing has been tested - memset(&g_cryptoSelfTestState, 0, sizeof(g_cryptoSelfTestState)); - - // Copy the implemented algorithm vector - MemoryCopy(g_toTest, g_implementedAlgorithms, sizeof(g_toTest)); - - // Setting the algorithm to null causes the test function to just clear - // out any algorithms for which there is no test. - CryptTestAlgorithm(TPM_ALG_ERROR, &g_toTest); - - return; -} - -//*** CryptTestAlgorithm() -// Only point of contact with the actual self tests. If a self-test fails, there -// is no return and the TPM goes into failure mode. -// The call to TestAlgorithm uses an algorithm selector and a bit vector. When the -// test is run, the corresponding bit in 'toTest' and in 'g_toTest' is CLEAR. If -// 'toTest' is NULL, then only the bit in 'g_toTest' is CLEAR. -// There is a special case for the call to TestAlgorithm(). When 'alg' is -// ALG_ERROR, TestAlgorithm() will CLEAR any bit in 'toTest' for which it has -// no test. This allows the knowledge about which algorithms have test to be -// accessed through the interface that provides the test. -// Return Type: TPM_RC -// TPM_RC_CANCELED test was canceled -LIB_EXPORT -TPM_RC -CryptTestAlgorithm( - TPM_ALG_ID alg, - ALGORITHM_VECTOR *toTest - ) -{ - TPM_RC result; -#if SELF_TEST - result = TestAlgorithm(alg, toTest); -#else - // If this is an attempt to determine the algorithms for which there is a - // self test, pretend that all of them do. We do that by not clearing any - // of the algorithm bits. When/if this function is called to run tests, it - // will over report. This can be changed so that any call to check on which - // algorithms have tests, 'toTest' can be cleared. - if(alg != TPM_ALG_ERROR) - { - CLEAR_BIT(alg, g_toTest); - if(toTest != NULL) - CLEAR_BIT(alg, *toTest); - } - result = TPM_RC_SUCCESS; -#endif - return result; -} \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptSmac.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptSmac.c deleted file mode 100644 index cd584cf22..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptSmac.c +++ /dev/null @@ -1,132 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Introduction -// -// This file contains the implementation of the message authentication codes based -// on a symmetric block cipher. These functions only use the single block -// encryption functions of the selected symmetric cryptographic library. - -//** Includes, Defines, and Typedefs -#define _CRYPT_HASH_C_ -#include "Tpm.h" - -#if SMAC_IMPLEMENTED - -//*** CryptSmacStart() -// Function to start an SMAC. -UINT16 -CryptSmacStart( - HASH_STATE *state, - TPMU_PUBLIC_PARMS *keyParameters, - TPM_ALG_ID macAlg, // IN: the type of MAC - TPM2B *key -) -{ - UINT16 retVal = 0; -// - // Make sure that the key size is correct. This should have been checked - // at key load, but... - if(BITS_TO_BYTES(keyParameters->symDetail.sym.keyBits.sym) == key->size) - { - switch(macAlg) - { -#if ALG_CMAC - case ALG_CMAC_VALUE: - retVal = CryptCmacStart(&state->state.smac, keyParameters, - macAlg, key); - break; -#endif - default: - break; - } - } - state->type = (retVal != 0) ? HASH_STATE_SMAC : HASH_STATE_EMPTY; - return retVal; -} - -//*** CryptMacStart() -// Function to start either an HMAC or an SMAC. Cannot reuse the CryptHmacStart -// function because of the difference in number of parameters. -UINT16 -CryptMacStart( - HMAC_STATE *state, - TPMU_PUBLIC_PARMS *keyParameters, - TPM_ALG_ID macAlg, // IN: the type of MAC - TPM2B *key -) -{ - MemorySet(state, 0, sizeof(HMAC_STATE)); - if(CryptHashIsValidAlg(macAlg, FALSE)) - { - return CryptHmacStart(state, macAlg, key->size, key->buffer); - } - else if(CryptSmacIsValidAlg(macAlg, FALSE)) - { - return CryptSmacStart(&state->hashState, keyParameters, macAlg, key); - } - else - return 0; -} - -//*** CryptMacEnd() -// Dispatch to the MAC end function using a size and buffer pointer. -UINT16 -CryptMacEnd( - HMAC_STATE *state, - UINT32 size, - BYTE *buffer -) -{ - UINT16 retVal = 0; - if(state->hashState.type == HASH_STATE_SMAC) - retVal = (state->hashState.state.smac.smacMethods.end)( - &state->hashState.state.smac.state, size, buffer); - else if(state->hashState.type == HASH_STATE_HMAC) - retVal = CryptHmacEnd(state, size, buffer); - state->hashState.type = HASH_STATE_EMPTY; - return retVal; -} - -//*** CryptMacEnd2B() -// Dispatch to the MAC end function using a 2B. -UINT16 -CryptMacEnd2B ( - HMAC_STATE *state, - TPM2B *data -) -{ - return CryptMacEnd(state, data->size, data->buffer); -} -#endif // SMAC_IMPLEMENTED diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptSym.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptSym.c deleted file mode 100644 index 824c1fce5..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptSym.c +++ /dev/null @@ -1,478 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Introduction -// -// This file contains the implementation of the symmetric block cipher modes -// allowed for a TPM. These functions only use the single block encryption functions -// of the selected symmetric crypto library. - -//** Includes, Defines, and Typedefs -#include "Tpm.h" - -#include "CryptSym.h" - -#define KEY_BLOCK_SIZES(ALG, alg) \ -static const INT16 alg##KeyBlockSizes[] = { \ - ALG##_KEY_SIZES_BITS, -1, ALG##_BLOCK_SIZES }; - -#if ALG_AES - KEY_BLOCK_SIZES(AES, aes); -#endif // ALG_AES -#if ALG_SM4 - KEY_BLOCK_SIZES(SM4, sm4); -#endif -#if ALG_CAMELLIA - KEY_BLOCK_SIZES(CAMELLIA, camellia); -#endif -#if ALG_TDES - KEY_BLOCK_SIZES(TDES, tdes); -#endif - -//** Initialization and Data Access Functions -// -//*** CryptSymInit() -// This function is called to do _TPM_Init processing -BOOL -CryptSymInit( - void - ) -{ - return TRUE; -} - -//*** CryptSymStartup() -// This function is called to do TPM2_Startup() processing -BOOL -CryptSymStartup( - void - ) -{ - return TRUE; -} - -//*** CryptGetSymmetricBlockSize() -// This function returns the block size of the algorithm. The table of bit sizes has -// an entry for each allowed key size. The entry for a key size is 0 if the TPM does -// not implement that key size. The key size table is delimited with a negative number -// (-1). After the delimiter is a list of block sizes with each entry corresponding -// to the key bit size. For most symmetric algorithms, the block size is the same -// regardless of the key size but this arrangement allows them to be different. -// Return Type: INT16 -// <= 0 cipher not supported -// > 0 the cipher block size in bytes -LIB_EXPORT INT16 -CryptGetSymmetricBlockSize( - TPM_ALG_ID symmetricAlg, // IN: the symmetric algorithm - UINT16 keySizeInBits // IN: the key size - ) -{ - const INT16 *sizes; - INT16 i; -#define ALG_CASE(SYM, sym) case ALG_##SYM##_VALUE: sizes = sym##KeyBlockSizes; break - switch(symmetricAlg) - { -#if ALG_AES - ALG_CASE(AES, aes); -#endif -#if ALG_SM4 - ALG_CASE(SM4, sm4); -#endif -#if ALG_CAMELLIA - ALG_CASE(CAMELLIA, camellia); -#endif -#if ALG_TDES - ALG_CASE(TDES, tdes); -#endif - default: - return 0; - } - // Find the index of the indicated keySizeInBits - for(i = 0; *sizes >= 0; i++, sizes++) - { - if(*sizes == keySizeInBits) - break; - } - // If sizes is pointing at the end of the list of key sizes, then the desired - // key size was not found so set the block size to zero. - if(*sizes++ < 0) - return 0; - // Advance until the end of the list is found - while(*sizes++ >= 0); - // sizes is pointing to the first entry in the list of block sizes. Use the - // ith index to find the block size for the corresponding key size. - return sizes[i]; -} - -//** Symmetric Encryption -// This function performs symmetric encryption based on the mode. -// Return Type: TPM_RC -// TPM_RC_SIZE 'dSize' is not a multiple of the block size for an -// algorithm that requires it -// TPM_RC_FAILURE Fatal error -LIB_EXPORT TPM_RC -CryptSymmetricEncrypt( - BYTE *dOut, // OUT: - TPM_ALG_ID algorithm, // IN: the symmetric algorithm - UINT16 keySizeInBits, // IN: key size in bits - const BYTE *key, // IN: key buffer. The size of this buffer - // in bytes is (keySizeInBits + 7) / 8 - TPM2B_IV *ivInOut, // IN/OUT: IV for decryption. - TPM_ALG_ID mode, // IN: Mode to use - INT32 dSize, // IN: data size (may need to be a - // multiple of the blockSize) - const BYTE *dIn // IN: data buffer - ) -{ - BYTE *pIv; - int i; - BYTE tmp[MAX_SYM_BLOCK_SIZE]; - BYTE *pT; - tpmCryptKeySchedule_t keySchedule; - INT16 blockSize; - TpmCryptSetSymKeyCall_t encrypt; - BYTE *iv; - BYTE defaultIv[MAX_SYM_BLOCK_SIZE] = {0}; -// - pAssert(dOut != NULL && key != NULL && dIn != NULL); - if(dSize == 0) - return TPM_RC_SUCCESS; - - TEST(algorithm); - blockSize = CryptGetSymmetricBlockSize(algorithm, keySizeInBits); - if(blockSize == 0) - return TPM_RC_FAILURE; - // If the iv is provided, then it is expected to be block sized. In some cases, - // the caller is providing an array of 0's that is equal to [MAX_SYM_BLOCK_SIZE] - // with no knowledge of the actual block size. This function will set it. - if((ivInOut != NULL) && (mode != ALG_ECB_VALUE)) - { - ivInOut->t.size = blockSize; - iv = ivInOut->t.buffer; - } - else - iv = defaultIv; - pIv = iv; - - // Create encrypt key schedule and set the encryption function pointer. - - SELECT(ENCRYPT); - - switch(mode) - { -#if ALG_CTR - case ALG_CTR_VALUE: - for(; dSize > 0; dSize -= blockSize) - { - // Encrypt the current value of the IV(counter) - ENCRYPT(&keySchedule, iv, tmp); - - //increment the counter (counter is big-endian so start at end) - for(i = blockSize - 1; i >= 0; i--) - if((iv[i] += 1) != 0) - break; - // XOR the encrypted counter value with input and put into output - pT = tmp; - for(i = (dSize < blockSize) ? dSize : blockSize; i > 0; i--) - *dOut++ = *dIn++ ^ *pT++; - } - break; -#endif -#if ALG_OFB - case ALG_OFB_VALUE: - // This is written so that dIn and dOut may be the same - for(; dSize > 0; dSize -= blockSize) - { - // Encrypt the current value of the "IV" - ENCRYPT(&keySchedule, iv, iv); - - // XOR the encrypted IV into dIn to create the cipher text (dOut) - pIv = iv; - for(i = (dSize < blockSize) ? dSize : blockSize; i > 0; i--) - *dOut++ = (*pIv++ ^ *dIn++); - } - break; -#endif -#if ALG_CBC - case ALG_CBC_VALUE: - // For CBC the data size must be an even multiple of the - // cipher block size - if((dSize % blockSize) != 0) - return TPM_RC_SIZE; - // XOR the data block into the IV, encrypt the IV into the IV - // and then copy the IV to the output - for(; dSize > 0; dSize -= blockSize) - { - pIv = iv; - for(i = blockSize; i > 0; i--) - *pIv++ ^= *dIn++; - ENCRYPT(&keySchedule, iv, iv); - pIv = iv; - for(i = blockSize; i > 0; i--) - *dOut++ = *pIv++; - } - break; -#endif - // CFB is not optional - case ALG_CFB_VALUE: - // Encrypt the IV into the IV, XOR in the data, and copy to output - for(; dSize > 0; dSize -= blockSize) - { - // Encrypt the current value of the IV - ENCRYPT(&keySchedule, iv, iv); - pIv = iv; - for(i = (int)(dSize < blockSize) ? dSize : blockSize; i > 0; i--) - // XOR the data into the IV to create the cipher text - // and put into the output - *dOut++ = *pIv++ ^= *dIn++; - } - // If the inner loop (i loop) was smaller than blockSize, then dSize - // would have been smaller than blockSize and it is now negative. If - // it is negative, then it indicates how many bytes are needed to pad - // out the IV for the next round. - for(; dSize < 0; dSize++) - *pIv++ = 0; - break; -#if ALG_ECB - case ALG_ECB_VALUE: - // For ECB the data size must be an even multiple of the - // cipher block size - if((dSize % blockSize) != 0) - return TPM_RC_SIZE; - // Encrypt the input block to the output block - for(; dSize > 0; dSize -= blockSize) - { - ENCRYPT(&keySchedule, dIn, dOut); - dIn = &dIn[blockSize]; - dOut = &dOut[blockSize]; - } - break; -#endif - default: - return TPM_RC_FAILURE; - } - return TPM_RC_SUCCESS; -} - -//*** CryptSymmetricDecrypt() -// This function performs symmetric decryption based on the mode. -// Return Type: TPM_RC -// TPM_RC_FAILURE A fatal error -// TPM_RCS_SIZE 'dSize' is not a multiple of the block size for an -// algorithm that requires it -LIB_EXPORT TPM_RC -CryptSymmetricDecrypt( - BYTE *dOut, // OUT: decrypted data - TPM_ALG_ID algorithm, // IN: the symmetric algorithm - UINT16 keySizeInBits, // IN: key size in bits - const BYTE *key, // IN: key buffer. The size of this buffer - // in bytes is (keySizeInBits + 7) / 8 - TPM2B_IV *ivInOut, // IN/OUT: IV for decryption. - TPM_ALG_ID mode, // IN: Mode to use - INT32 dSize, // IN: data size (may need to be a - // multiple of the blockSize) - const BYTE *dIn // IN: data buffer - ) -{ - BYTE *pIv; - int i; - BYTE tmp[MAX_SYM_BLOCK_SIZE]; - BYTE *pT; - tpmCryptKeySchedule_t keySchedule; - INT16 blockSize; - BYTE *iv; - TpmCryptSetSymKeyCall_t encrypt; - TpmCryptSetSymKeyCall_t decrypt; - BYTE defaultIv[MAX_SYM_BLOCK_SIZE] = {0}; - - // These are used but the compiler can't tell because they are initialized - // in case statements and it can't tell if they are always initialized - // when needed, so... Comment these out if the compiler can tell or doesn't - // care that these are initialized before use. - encrypt = NULL; - decrypt = NULL; - - pAssert(dOut != NULL && key != NULL && dIn != NULL); - if(dSize == 0) - return TPM_RC_SUCCESS; - - TEST(algorithm); - blockSize = CryptGetSymmetricBlockSize(algorithm, keySizeInBits); - if(blockSize == 0) - return TPM_RC_FAILURE; - // If the iv is provided, then it is expected to be block sized. In some cases, - // the caller is providing an array of 0's that is equal to [MAX_SYM_BLOCK_SIZE] - // with no knowledge of the actual block size. This function will set it. - if((ivInOut != NULL) && (mode != ALG_ECB_VALUE)) - { - ivInOut->t.size = blockSize; - iv = ivInOut->t.buffer; - } - else - iv = defaultIv; - - pIv = iv; - // Use the mode to select the key schedule to create. Encrypt always uses the - // encryption schedule. Depending on the mode, decryption might use either - // the decryption or encryption schedule. - switch(mode) - { -#if ALG_CBC || ALG_ECB - case ALG_CBC_VALUE: // decrypt = decrypt - case ALG_ECB_VALUE: - // For ECB and CBC, the data size must be an even multiple of the - // cipher block size - if((dSize % blockSize) != 0) - return TPM_RC_SIZE; - SELECT(DECRYPT); - break; -#endif - default: - // For the remaining stream ciphers, use encryption to decrypt - SELECT(ENCRYPT); - break; - } - // Now do the mode-dependent decryption - switch(mode) - { -#if ALG_CBC - case ALG_CBC_VALUE: - // Copy the input data to a temp buffer, decrypt the buffer into the - // output, XOR in the IV, and copy the temp buffer to the IV and repeat. - for(; dSize > 0; dSize -= blockSize) - { - pT = tmp; - for(i = blockSize; i > 0; i--) - *pT++ = *dIn++; - DECRYPT(&keySchedule, tmp, dOut); - pIv = iv; - pT = tmp; - for(i = blockSize; i > 0; i--) - { - *dOut++ ^= *pIv; - *pIv++ = *pT++; - } - } - break; -#endif - case ALG_CFB_VALUE: - for(; dSize > 0; dSize -= blockSize) - { - // Encrypt the IV into the temp buffer - ENCRYPT(&keySchedule, iv, tmp); - pT = tmp; - pIv = iv; - for(i = (dSize < blockSize) ? dSize : blockSize; i > 0; i--) - // Copy the current cipher text to IV, XOR - // with the temp buffer and put into the output - *dOut++ = *pT++ ^ (*pIv++ = *dIn++); - } - // If the inner loop (i loop) was smaller than blockSize, then dSize - // would have been smaller than blockSize and it is now negative - // If it is negative, then it indicates how may fill bytes - // are needed to pad out the IV for the next round. - for(; dSize < 0; dSize++) - *pIv++ = 0; - - break; -#if ALG_CTR - case ALG_CTR_VALUE: - for(; dSize > 0; dSize -= blockSize) - { - // Encrypt the current value of the IV(counter) - ENCRYPT(&keySchedule, iv, tmp); - - //increment the counter (counter is big-endian so start at end) - for(i = blockSize - 1; i >= 0; i--) - if((iv[i] += 1) != 0) - break; - // XOR the encrypted counter value with input and put into output - pT = tmp; - for(i = (dSize < blockSize) ? dSize : blockSize; i > 0; i--) - *dOut++ = *dIn++ ^ *pT++; - } - break; -#endif -#if ALG_ECB - case ALG_ECB_VALUE: - for(; dSize > 0; dSize -= blockSize) - { - DECRYPT(&keySchedule, dIn, dOut); - dIn = &dIn[blockSize]; - dOut = &dOut[blockSize]; - } - break; -#endif -#if ALG_OFB - case ALG_OFB_VALUE: - // This is written so that dIn and dOut may be the same - for(; dSize > 0; dSize -= blockSize) - { - // Encrypt the current value of the "IV" - ENCRYPT(&keySchedule, iv, iv); - - // XOR the encrypted IV into dIn to create the cipher text (dOut) - pIv = iv; - for(i = (dSize < blockSize) ? dSize : blockSize; i > 0; i--) - *dOut++ = (*pIv++ ^ *dIn++); - } - break; -#endif - default: - return TPM_RC_FAILURE; - } - return TPM_RC_SUCCESS; -} - -//*** CryptSymKeyValidate() -// Validate that a provided symmetric key meets the requirements of the TPM -// Return Type: TPM_RC -// TPM_RC_KEY_SIZE Key size specifiers do not match -// TPM_RC_KEY Key is not allowed -TPM_RC -CryptSymKeyValidate( - TPMT_SYM_DEF_OBJECT *symDef, - TPM2B_SYM_KEY *key - ) -{ - if(key->t.size != BITS_TO_BYTES(symDef->keyBits.sym)) - return TPM_RCS_KEY_SIZE; -#if ALG_TDES - if(symDef->algorithm == TPM_ALG_TDES && !CryptDesValidateKey(key)) - return TPM_RCS_KEY; -#endif // ALG_TDES - return TPM_RC_SUCCESS; -} - - diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptUtil.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptUtil.c deleted file mode 100644 index fdea4f6da..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptUtil.c +++ /dev/null @@ -1,1901 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Introduction -// -// This module contains the interfaces to the CryptoEngine and provides -// miscellaneous cryptographic functions in support of the TPM. -// - -//** Includes -#include "Tpm.h" - -//****************************************************************************/ -//** Hash/HMAC Functions -//****************************************************************************/ - -//*** CryptHmacSign() -// Sign a digest using an HMAC key. This an HMAC of a digest, not an HMAC of a -// message. -// Return Type: TPM_RC -// TPM_RC_HASH not a valid hash -static TPM_RC -CryptHmacSign( - TPMT_SIGNATURE *signature, // OUT: signature - OBJECT *signKey, // IN: HMAC key sign the hash - TPM2B_DIGEST *hashData // IN: hash to be signed - ) -{ - HMAC_STATE hmacState; - UINT32 digestSize; - - digestSize = CryptHmacStart2B(&hmacState, signature->signature.any.hashAlg, - &signKey->sensitive.sensitive.bits.b); - CryptDigestUpdate2B(&hmacState.hashState, &hashData->b); - CryptHmacEnd(&hmacState, digestSize, - (BYTE *)&signature->signature.hmac.digest); - return TPM_RC_SUCCESS; -} - -//*** CryptHMACVerifySignature() -// This function will verify a signature signed by a HMAC key. -// Note that a caller needs to prepare 'signature' with the signature algorithm -// (TPM_ALG_HMAC) and the hash algorithm to use. This function then builds a -// signature of that type. -// Return Type: TPM_RC -// TPM_RC_SCHEME not the proper scheme for this key type -// TPM_RC_SIGNATURE if invalid input or signature is not genuine -static TPM_RC -CryptHMACVerifySignature( - OBJECT *signKey, // IN: HMAC key signed the hash - TPM2B_DIGEST *hashData, // IN: digest being verified - TPMT_SIGNATURE *signature // IN: signature to be verified - ) -{ - TPMT_SIGNATURE test; - TPMT_KEYEDHASH_SCHEME *keyScheme = - &signKey->publicArea.parameters.keyedHashDetail.scheme; -// - if((signature->sigAlg != ALG_HMAC_VALUE) - || (signature->signature.hmac.hashAlg == ALG_NULL_VALUE)) - return TPM_RC_SCHEME; - // This check is not really needed for verification purposes. However, it does - // prevent someone from trying to validate a signature using a weaker hash - // algorithm than otherwise allowed by the key. That is, a key with a scheme - // other than TMP_ALG_NULL can only be used to validate signatures that have - // a matching scheme. - if((keyScheme->scheme != ALG_NULL_VALUE) - && ((keyScheme->scheme != signature->sigAlg) - || (keyScheme->details.hmac.hashAlg - != signature->signature.any.hashAlg))) - return TPM_RC_SIGNATURE; - test.sigAlg = signature->sigAlg; - test.signature.hmac.hashAlg = signature->signature.hmac.hashAlg; - - CryptHmacSign(&test, signKey, hashData); - - // Compare digest - if(!MemoryEqual(&test.signature.hmac.digest, - &signature->signature.hmac.digest, - CryptHashGetDigestSize(signature->signature.any.hashAlg))) - return TPM_RC_SIGNATURE; - - return TPM_RC_SUCCESS; -} - -//*** CryptGenerateKeyedHash() -// This function creates a keyedHash object. -// Return type: TPM_RC -// TPM_RC_NO_RESULT cannot get values from random number generator -// TPM_RC_SIZE sensitive data size is larger than allowed for -// the scheme -static TPM_RC -CryptGenerateKeyedHash( - TPMT_PUBLIC *publicArea, // IN/OUT: the public area template - // for the new key. - TPMT_SENSITIVE *sensitive, // OUT: sensitive area - TPMS_SENSITIVE_CREATE *sensitiveCreate, // IN: sensitive creation data - RAND_STATE *rand // IN: "entropy" source - ) -{ - TPMT_KEYEDHASH_SCHEME *scheme; - TPM_ALG_ID hashAlg; - UINT16 hashBlockSize; - UINT16 digestSize; - - scheme = &publicArea->parameters.keyedHashDetail.scheme; - - if(publicArea->type != ALG_KEYEDHASH_VALUE) - return TPM_RC_FAILURE; - - // Pick the limiting hash algorithm - if(scheme->scheme == ALG_NULL_VALUE) - hashAlg = publicArea->nameAlg; - else if(scheme->scheme == ALG_XOR_VALUE) - hashAlg = scheme->details.xor.hashAlg; - else - hashAlg = scheme->details.hmac.hashAlg; - hashBlockSize = CryptHashGetBlockSize(hashAlg); - digestSize = CryptHashGetDigestSize(hashAlg); - - // if this is a signing or a decryption key, then the limit - // for the data size is the block size of the hash. This limit - // is set because larger values have lower entropy because of the - // HMAC function. The lower limit is 1/2 the size of the digest - // - //If the user provided the key, check that it is a proper size - if(sensitiveCreate->data.t.size != 0) - { - if(IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, decrypt) - || IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, sign)) - { - if(sensitiveCreate->data.t.size > hashBlockSize) - return TPM_RC_SIZE; -#if 0 // May make this a FIPS-mode requirement - if(sensitiveCreate->data.t.size < (digestSize / 2)) - return TPM_RC_SIZE; -#endif - } - // If this is a data blob, then anything that will get past the unmarshaling - // is OK - MemoryCopy2B(&sensitive->sensitive.bits.b, &sensitiveCreate->data.b, - sizeof(sensitive->sensitive.bits.t.buffer)); - } - else - { - // The TPM is going to generate the data so set the size to be the - // size of the digest of the algorithm - sensitive->sensitive.bits.t.size = - DRBG_Generate(rand, sensitive->sensitive.bits.t.buffer, digestSize); - if(sensitive->sensitive.bits.t.size == 0) - return (g_inFailureMode) ? TPM_RC_FAILURE : TPM_RC_NO_RESULT; - } - return TPM_RC_SUCCESS; -} - -//*** CryptIsSchemeAnonymous() -// This function is used to test a scheme to see if it is an anonymous scheme -// The only anonymous scheme is ECDAA. ECDAA can be used to do things -// like U-Prove. -BOOL -CryptIsSchemeAnonymous( - TPM_ALG_ID scheme // IN: the scheme algorithm to test - ) -{ - return scheme == ALG_ECDAA_VALUE; -} - -//**** ************************************************************************ -//** Symmetric Functions -//**** ************************************************************************ - -//*** ParmDecryptSym() -// This function performs parameter decryption using symmetric block cipher. -/*(See Part 1 specification) -// Symmetric parameter decryption -// When parameter decryption uses a symmetric block cipher, a decryption -// key and IV will be generated from: -// KDFa(hash, sessionAuth, "CFB", nonceNewer, nonceOlder, bits) (24) -// Where: -// hash the hash function associated with the session -// sessionAuth the sessionAuth associated with the session -// nonceNewer nonceCaller for a command -// nonceOlder nonceTPM for a command -// bits the number of bits required for the symmetric key -// plus an IV -*/ -void -ParmDecryptSym( - TPM_ALG_ID symAlg, // IN: the symmetric algorithm - TPM_ALG_ID hash, // IN: hash algorithm for KDFa - UINT16 keySizeInBits, // IN: the key size in bits - TPM2B *key, // IN: KDF HMAC key - TPM2B *nonceCaller, // IN: nonce caller - TPM2B *nonceTpm, // IN: nonce TPM - UINT32 dataSize, // IN: size of parameter buffer - BYTE *data // OUT: buffer to be decrypted - ) -{ - // KDF output buffer - // It contains parameters for the CFB encryption - // From MSB to LSB, they are the key and iv - BYTE symParmString[MAX_SYM_KEY_BYTES + MAX_SYM_BLOCK_SIZE]; - // Symmetric key size in byte - UINT16 keySize = (keySizeInBits + 7) / 8; - TPM2B_IV iv; - - iv.t.size = CryptGetSymmetricBlockSize(symAlg, keySizeInBits); - // If there is decryption to do... - if(iv.t.size > 0) - { - // Generate key and iv - CryptKDFa(hash, key, CFB_KEY, nonceCaller, nonceTpm, - keySizeInBits + (iv.t.size * 8), symParmString, NULL, FALSE); - MemoryCopy(iv.t.buffer, &symParmString[keySize], iv.t.size); - - CryptSymmetricDecrypt(data, symAlg, keySizeInBits, symParmString, - &iv, ALG_CFB_VALUE, dataSize, data); - } - return; -} - -//*** ParmEncryptSym() -// This function performs parameter encryption using symmetric block cipher. -/*(See part 1 specification) -// When parameter decryption uses a symmetric block cipher, an encryption -// key and IV will be generated from: -// KDFa(hash, sessionAuth, "CFB", nonceNewer, nonceOlder, bits) (24) -// Where: -// hash the hash function associated with the session -// sessionAuth the sessionAuth associated with the session -// nonceNewer nonceTPM for a response -// nonceOlder nonceCaller for a response -// bits the number of bits required for the symmetric key -// plus an IV -*/ -void -ParmEncryptSym( - TPM_ALG_ID symAlg, // IN: symmetric algorithm - TPM_ALG_ID hash, // IN: hash algorithm for KDFa - UINT16 keySizeInBits, // IN: symmetric key size in bits - TPM2B *key, // IN: KDF HMAC key - TPM2B *nonceCaller, // IN: nonce caller - TPM2B *nonceTpm, // IN: nonce TPM - UINT32 dataSize, // IN: size of parameter buffer - BYTE *data // OUT: buffer to be encrypted - ) -{ - // KDF output buffer - // It contains parameters for the CFB encryption - BYTE symParmString[MAX_SYM_KEY_BYTES + MAX_SYM_BLOCK_SIZE]; - - // Symmetric key size in bytes - UINT16 keySize = (keySizeInBits + 7) / 8; - - TPM2B_IV iv; - - iv.t.size = CryptGetSymmetricBlockSize(symAlg, keySizeInBits); - // See if there is any encryption to do - if(iv.t.size > 0) - { - // Generate key and iv - CryptKDFa(hash, key, CFB_KEY, nonceTpm, nonceCaller, - keySizeInBits + (iv.t.size * 8), symParmString, NULL, FALSE); - MemoryCopy(iv.t.buffer, &symParmString[keySize], iv.t.size); - - CryptSymmetricEncrypt(data, symAlg, keySizeInBits, symParmString, &iv, - ALG_CFB_VALUE, dataSize, data); - } - return; -} - -//*** CryptGenerateKeySymmetric() -// This function generates a symmetric cipher key. The derivation process is -// determined by the type of the provided 'rand' -// Return type: TPM_RC -// TPM_RC_NO_RESULT cannot get a random value -// TPM_RC_KEY_SIZE key size in the public area does not match the size -// in the sensitive creation area -// TPM_RC_KEY provided key value is not allowed -static TPM_RC -CryptGenerateKeySymmetric( - TPMT_PUBLIC *publicArea, // IN/OUT: The public area template - // for the new key. - TPMT_SENSITIVE *sensitive, // OUT: sensitive area - TPMS_SENSITIVE_CREATE *sensitiveCreate, // IN: sensitive creation data - RAND_STATE *rand // IN: the "entropy" source for - ) -{ - UINT16 keyBits = publicArea->parameters.symDetail.sym.keyBits.sym; - TPM_RC result; -// - // only do multiples of RADIX_BITS - if((keyBits % RADIX_BITS) != 0) - return TPM_RC_KEY_SIZE; - // If this is not a new key, then the provided key data must be the right size - if(sensitiveCreate->data.t.size != 0) - { - result = CryptSymKeyValidate(&publicArea->parameters.symDetail.sym, - (TPM2B_SYM_KEY *)&sensitiveCreate->data); - if(result == TPM_RC_SUCCESS) - MemoryCopy2B(&sensitive->sensitive.sym.b, &sensitiveCreate->data.b, - sizeof(sensitive->sensitive.sym.t.buffer)); - } -#if ALG_TDES - else if(publicArea->parameters.symDetail.sym.algorithm == ALG_TDES_VALUE) - { - result = CryptGenerateKeyDes(publicArea, sensitive, rand); - } -#endif - else - { - sensitive->sensitive.sym.t.size = - DRBG_Generate(rand, sensitive->sensitive.sym.t.buffer, - BITS_TO_BYTES(keyBits)); - if(g_inFailureMode) - result = TPM_RC_FAILURE; - else if(sensitive->sensitive.sym.t.size == 0) - result = TPM_RC_NO_RESULT; - else - result = TPM_RC_SUCCESS; - } - return result; -} - -//*** CryptXORObfuscation() -// This function implements XOR obfuscation. It should not be called if the -// hash algorithm is not implemented. The only return value from this function -// is TPM_RC_SUCCESS. -void -CryptXORObfuscation( - TPM_ALG_ID hash, // IN: hash algorithm for KDF - TPM2B *key, // IN: KDF key - TPM2B *contextU, // IN: contextU - TPM2B *contextV, // IN: contextV - UINT32 dataSize, // IN: size of data buffer - BYTE *data // IN/OUT: data to be XORed in place - ) -{ - BYTE mask[MAX_DIGEST_SIZE]; // Allocate a digest sized buffer - BYTE *pm; - UINT32 i; - UINT32 counter = 0; - UINT16 hLen = CryptHashGetDigestSize(hash); - UINT32 requestSize = dataSize * 8; - INT32 remainBytes = (INT32)dataSize; - - pAssert((key != NULL) && (data != NULL) && (hLen != 0)); - - // Call KDFa to generate XOR mask - for(; remainBytes > 0; remainBytes -= hLen) - { - // Make a call to KDFa to get next iteration - CryptKDFa(hash, key, XOR_KEY, contextU, contextV, - requestSize, mask, &counter, TRUE); - - // XOR next piece of the data - pm = mask; - for(i = hLen < remainBytes ? hLen : remainBytes; i > 0; i--) - *data++ ^= *pm++; - } - return; -} - -//**************************************************************************** -//** Initialization and shut down -//**************************************************************************** - -//*** CryptInit() -// This function is called when the TPM receives a _TPM_Init indication. -// -// NOTE: The hash algorithms do not have to be tested, they just need to be -// available. They have to be tested before the TPM can accept HMAC authorization -// or return any result that relies on a hash algorithm. -// Return Type: BOOL -// TRUE(1) initializations succeeded -// FALSE(0) initialization failed and caller should place the TPM into -// Failure Mode -BOOL -CryptInit( - void - ) -{ - BOOL ok; - // Initialize the vector of implemented algorithms - AlgorithmGetImplementedVector(&g_implementedAlgorithms); - - // Indicate that all test are necessary - CryptInitializeToTest(); - - // Do any library initializations that are necessary. If any fails, - // the caller should go into failure mode; - ok = SupportLibInit(); - ok = ok && CryptSymInit(); - ok = ok && CryptRandInit(); - ok = ok && CryptHashInit(); -#if ALG_RSA - ok = ok && CryptRsaInit(); -#endif // ALG_RSA -#if ALG_ECC - ok = ok && CryptEccInit(); -#endif // ALG_ECC - return ok; -} - -//*** CryptStartup() -// This function is called by TPM2_Startup() to initialize the functions in -// this cryptographic library and in the provided CryptoLibrary. This function -// and CryptUtilInit() are both provided so that the implementation may move the -// initialization around to get the best interaction. -// Return Type: BOOL -// TRUE(1) startup succeeded -// FALSE(0) startup failed and caller should place the TPM into -// Failure Mode -BOOL -CryptStartup( - STARTUP_TYPE type // IN: the startup type - ) -{ - BOOL OK; - NOT_REFERENCED(type); - - OK = CryptSymStartup() && CryptRandStartup() && CryptHashStartup() -#if ALG_RSA - && CryptRsaStartup() -#endif // ALG_RSA -#if ALG_ECC - && CryptEccStartup() -#endif // ALG_ECC - ; -#if ALG_ECC - // Don't directly check for SU_RESET because that is the default - if(OK && (type != SU_RESTART) && (type != SU_RESUME)) - { - // If the shutdown was orderly, then the values recovered from NV will - // be OK to use. - // Get a new random commit nonce - gr.commitNonce.t.size = sizeof(gr.commitNonce.t.buffer); - CryptRandomGenerate(gr.commitNonce.t.size, gr.commitNonce.t.buffer); - // Reset the counter and commit array - gr.commitCounter = 0; - MemorySet(gr.commitArray, 0, sizeof(gr.commitArray)); - } -#endif // ALG_ECC - return OK; -} - -//**************************************************************************** -//** Algorithm-Independent Functions -//**************************************************************************** -//*** Introduction -// These functions are used generically when a function of a general type -// (e.g., symmetric encryption) is required. The functions will modify the -// parameters as required to interface to the indicated algorithms. -// -//*** CryptIsAsymAlgorithm() -// This function indicates if an algorithm is an asymmetric algorithm. -// Return Type: BOOL -// TRUE(1) if it is an asymmetric algorithm -// FALSE(0) if it is not an asymmetric algorithm -BOOL -CryptIsAsymAlgorithm( - TPM_ALG_ID algID // IN: algorithm ID - ) -{ - switch(algID) - { -#if ALG_RSA - case ALG_RSA_VALUE: -#endif -#if ALG_ECC - case ALG_ECC_VALUE: -#endif - return TRUE; - break; - default: - break; - } - return FALSE; -} - -//*** CryptSecretEncrypt() -// This function creates a secret value and its associated secret structure using -// an asymmetric algorithm. -// -// This function is used by TPM2_Rewrap() TPM2_MakeCredential(), -// and TPM2_Duplicate(). -// Return Type: TPM_RC -// TPM_RC_ATTRIBUTES 'keyHandle' does not reference a valid decryption key -// TPM_RC_KEY invalid ECC key (public point is not on the curve) -// TPM_RC_SCHEME RSA key with an unsupported padding scheme -// TPM_RC_VALUE numeric value of the data to be decrypted is greater -// than the RSA key modulus -TPM_RC -CryptSecretEncrypt( - OBJECT *encryptKey, // IN: encryption key object - const TPM2B *label, // IN: a null-terminated string as L - TPM2B_DATA *data, // OUT: secret value - TPM2B_ENCRYPTED_SECRET *secret // OUT: secret structure - ) -{ - TPMT_RSA_DECRYPT scheme; - TPM_RC result = TPM_RC_SUCCESS; -// - if(data == NULL || secret == NULL) - return TPM_RC_FAILURE; - - // The output secret value has the size of the digest produced by the nameAlg. - data->t.size = CryptHashGetDigestSize(encryptKey->publicArea.nameAlg); - // The encryption scheme is OAEP using the nameAlg of the encrypt key. - scheme.scheme = ALG_OAEP_VALUE; - scheme.details.anySig.hashAlg = encryptKey->publicArea.nameAlg; - - if(!IS_ATTRIBUTE(encryptKey->publicArea.objectAttributes, TPMA_OBJECT, decrypt)) - return TPM_RC_ATTRIBUTES; - switch(encryptKey->publicArea.type) - { -#if ALG_RSA - case ALG_RSA_VALUE: - { - // Create secret data from RNG - CryptRandomGenerate(data->t.size, data->t.buffer); - - // Encrypt the data by RSA OAEP into encrypted secret - result = CryptRsaEncrypt((TPM2B_PUBLIC_KEY_RSA *)secret, &data->b, - encryptKey, &scheme, label, NULL); - } - break; -#endif // ALG_RSA - -#if ALG_ECC - case ALG_ECC_VALUE: - { - TPMS_ECC_POINT eccPublic; - TPM2B_ECC_PARAMETER eccPrivate; - TPMS_ECC_POINT eccSecret; - BYTE *buffer = secret->t.secret; - - // Need to make sure that the public point of the key is on the - // curve defined by the key. - if(!CryptEccIsPointOnCurve( - encryptKey->publicArea.parameters.eccDetail.curveID, - &encryptKey->publicArea.unique.ecc)) - result = TPM_RC_KEY; - else - { - // Call crypto engine to create an auxiliary ECC key - // We assume crypt engine initialization should always success. - // Otherwise, TPM should go to failure mode. - - CryptEccNewKeyPair(&eccPublic, &eccPrivate, - encryptKey->publicArea.parameters.eccDetail.curveID); - // Marshal ECC public to secret structure. This will be used by the - // recipient to decrypt the secret with their private key. - secret->t.size = TPMS_ECC_POINT_Marshal(&eccPublic, &buffer, NULL); - - // Compute ECDH shared secret which is R = [d]Q where d is the - // private part of the ephemeral key and Q is the public part of a - // TPM key. TPM_RC_KEY error return from CryptComputeECDHSecret - // because the auxiliary ECC key is just created according to the - // parameters of input ECC encrypt key. - if(CryptEccPointMultiply(&eccSecret, - encryptKey->publicArea.parameters.eccDetail.curveID, - &encryptKey->publicArea.unique.ecc, &eccPrivate, - NULL, NULL) - != TPM_RC_SUCCESS) - result = TPM_RC_KEY; - else - { - // The secret value is computed from Z using KDFe as: - // secret := KDFe(HashID, Z, Use, PartyUInfo, PartyVInfo, bits) - // Where: - // HashID the nameAlg of the decrypt key - // Z the x coordinate (Px) of the product (P) of the point - // (Q) of the secret and the private x coordinate (de,V) - // of the decryption key - // Use a null-terminated string containing "SECRET" - // PartyUInfo the x coordinate of the point in the secret - // (Qe,U ) - // PartyVInfo the x coordinate of the public key (Qs,V ) - // bits the number of bits in the digest of HashID - // Retrieve seed from KDFe - CryptKDFe(encryptKey->publicArea.nameAlg, &eccSecret.x.b, - label, &eccPublic.x.b, - &encryptKey->publicArea.unique.ecc.x.b, - data->t.size * 8, data->t.buffer); - } - } - } - break; -#endif // ALG_ECC - default: - FAIL(FATAL_ERROR_INTERNAL); - break; - } - return result; -} - -//*** CryptSecretDecrypt() -// Decrypt a secret value by asymmetric (or symmetric) algorithm -// This function is used for ActivateCredential and Import for asymmetric -// decryption, and StartAuthSession for both asymmetric and symmetric -// decryption process -// -// Return Type: TPM_RC -// TPM_RC_ATTRIBUTES RSA key is not a decryption key -// TPM_RC_BINDING Invalid RSA key (public and private parts are not -// cryptographically bound. -// TPM_RC_ECC_POINT ECC point in the secret is not on the curve -// TPM_RC_INSUFFICIENT failed to retrieve ECC point from the secret -// TPM_RC_NO_RESULT multiplication resulted in ECC point at infinity -// TPM_RC_SIZE data to decrypt is not of the same size as RSA key -// TPM_RC_VALUE For RSA key, numeric value of the encrypted data is -// greater than the modulus, or the recovered data is -// larger than the output buffer. -// For keyedHash or symmetric key, the secret is -// larger than the size of the digest produced by -// the name algorithm. -// TPM_RC_FAILURE internal error -TPM_RC -CryptSecretDecrypt( - OBJECT *decryptKey, // IN: decrypt key - TPM2B_NONCE *nonceCaller, // IN: nonceCaller. It is needed for - // symmetric decryption. For - // asymmetric decryption, this - // parameter is NULL - const TPM2B *label, // IN: a value for L - TPM2B_ENCRYPTED_SECRET *secret, // IN: input secret - TPM2B_DATA *data // OUT: decrypted secret value - ) -{ - TPM_RC result = TPM_RC_SUCCESS; - - // Decryption for secret - switch(decryptKey->publicArea.type) - { -#if ALG_RSA - case ALG_RSA_VALUE: - { - TPMT_RSA_DECRYPT scheme; - TPMT_RSA_SCHEME *keyScheme - = &decryptKey->publicArea.parameters.rsaDetail.scheme; - UINT16 digestSize; - - scheme = *(TPMT_RSA_DECRYPT *)keyScheme; - // If the key scheme is ALG_NULL_VALUE, set the scheme to OAEP and - // set the algorithm to the name algorithm. - if(scheme.scheme == ALG_NULL_VALUE) - { - // Use OAEP scheme - scheme.scheme = ALG_OAEP_VALUE; - scheme.details.oaep.hashAlg = decryptKey->publicArea.nameAlg; - } - // use the digestSize as an indicator of whether or not the scheme - // is using a supported hash algorithm. - // Note: depending on the scheme used for encryption, a hashAlg might - // not be needed. However, the return value has to have some upper - // limit on the size. In this case, it is the size of the digest of the - // hash algorithm. It is checked after the decryption is done but, there - // is no point in doing the decryption if the size is going to be - // 'wrong' anyway. - digestSize = CryptHashGetDigestSize(scheme.details.oaep.hashAlg); - if(scheme.scheme != ALG_OAEP_VALUE || digestSize == 0) - return TPM_RC_SCHEME; - - // Set the output buffer capacity - data->t.size = sizeof(data->t.buffer); - - // Decrypt seed by RSA OAEP - result = CryptRsaDecrypt(&data->b, &secret->b, - decryptKey, &scheme, label); - if((result == TPM_RC_SUCCESS) && (data->t.size > digestSize)) - result = TPM_RC_VALUE; - } - break; -#endif // ALG_RSA -#if ALG_ECC - case ALG_ECC_VALUE: - { - TPMS_ECC_POINT eccPublic; - TPMS_ECC_POINT eccSecret; - BYTE *buffer = secret->t.secret; - INT32 size = secret->t.size; - - // Retrieve ECC point from secret buffer - result = TPMS_ECC_POINT_Unmarshal(&eccPublic, &buffer, &size); - if(result == TPM_RC_SUCCESS) - { - result = CryptEccPointMultiply(&eccSecret, - decryptKey->publicArea.parameters.eccDetail.curveID, - &eccPublic, &decryptKey->sensitive.sensitive.ecc, - NULL, NULL); - if(result == TPM_RC_SUCCESS) - { - // Set the size of the "recovered" secret value to be the size - // of the digest produced by the nameAlg. - data->t.size = - CryptHashGetDigestSize(decryptKey->publicArea.nameAlg); - - // The secret value is computed from Z using KDFe as: - // secret := KDFe(HashID, Z, Use, PartyUInfo, PartyVInfo, bits) - // Where: - // HashID -- the nameAlg of the decrypt key - // Z -- the x coordinate (Px) of the product (P) of the point - // (Q) of the secret and the private x coordinate (de,V) - // of the decryption key - // Use -- a null-terminated string containing "SECRET" - // PartyUInfo -- the x coordinate of the point in the secret - // (Qe,U ) - // PartyVInfo -- the x coordinate of the public key (Qs,V ) - // bits -- the number of bits in the digest of HashID - // Retrieve seed from KDFe - CryptKDFe(decryptKey->publicArea.nameAlg, &eccSecret.x.b, label, - &eccPublic.x.b, - &decryptKey->publicArea.unique.ecc.x.b, - data->t.size * 8, data->t.buffer); - } - } - } - break; -#endif // ALG_ECC -#if !ALG_KEYEDHASH -# error "KEYEDHASH support is required" -#endif - case ALG_KEYEDHASH_VALUE: - // The seed size can not be bigger than the digest size of nameAlg - if(secret->t.size > - CryptHashGetDigestSize(decryptKey->publicArea.nameAlg)) - result = TPM_RC_VALUE; - else - { - // Retrieve seed by XOR Obfuscation: - // seed = XOR(secret, hash, key, nonceCaller, nullNonce) - // where: - // secret the secret parameter from the TPM2_StartAuthHMAC - // command that contains the seed value - // hash nameAlg of tpmKey - // key the key or data value in the object referenced by - // entityHandle in the TPM2_StartAuthHMAC command - // nonceCaller the parameter from the TPM2_StartAuthHMAC command - // nullNonce a zero-length nonce - // XOR Obfuscation in place - CryptXORObfuscation(decryptKey->publicArea.nameAlg, - &decryptKey->sensitive.sensitive.bits.b, - &nonceCaller->b, NULL, - secret->t.size, secret->t.secret); - // Copy decrypted seed - MemoryCopy2B(&data->b, &secret->b, sizeof(data->t.buffer)); - } - break; - case ALG_SYMCIPHER_VALUE: - { - TPM2B_IV iv = {{0}}; - TPMT_SYM_DEF_OBJECT *symDef; - // The seed size can not be bigger than the digest size of nameAlg - if(secret->t.size > - CryptHashGetDigestSize(decryptKey->publicArea.nameAlg)) - result = TPM_RC_VALUE; - else - { - symDef = &decryptKey->publicArea.parameters.symDetail.sym; - iv.t.size = CryptGetSymmetricBlockSize(symDef->algorithm, - symDef->keyBits.sym); - if(iv.t.size == 0) - return TPM_RC_FAILURE; - if(nonceCaller->t.size >= iv.t.size) - { - MemoryCopy(iv.t.buffer, nonceCaller->t.buffer, iv.t.size); - } - else - { - if(nonceCaller->t.size > sizeof(iv.t.buffer)) - return TPM_RC_FAILURE; - MemoryCopy(iv.b.buffer, nonceCaller->t.buffer, - nonceCaller->t.size); - } - // make sure secret will fit - if(secret->t.size > data->t.size) - return TPM_RC_FAILURE; - data->t.size = secret->t.size; - // CFB decrypt, using nonceCaller as iv - CryptSymmetricDecrypt(data->t.buffer, symDef->algorithm, - symDef->keyBits.sym, - decryptKey->sensitive.sensitive.sym.t.buffer, - &iv, ALG_CFB_VALUE, secret->t.size, - secret->t.secret); - } - } - break; - default: - FAIL(FATAL_ERROR_INTERNAL); - break; - } - return result; -} - -//*** CryptParameterEncryption() -// This function does in-place encryption of a response parameter. -void -CryptParameterEncryption( - TPM_HANDLE handle, // IN: encrypt session handle - TPM2B *nonceCaller, // IN: nonce caller - UINT16 leadingSizeInByte, // IN: the size of the leading size field in - // bytes - TPM2B_AUTH *extraKey, // IN: additional key material other than - // sessionAuth - BYTE *buffer // IN/OUT: parameter buffer to be encrypted - ) -{ - SESSION *session = SessionGet(handle); // encrypt session - TPM2B_TYPE(TEMP_KEY, (sizeof(extraKey->t.buffer) - + sizeof(session->sessionKey.t.buffer))); - TPM2B_TEMP_KEY key; // encryption key - UINT32 cipherSize = 0; // size of cipher text -// - // Retrieve encrypted data size. - if(leadingSizeInByte == 2) - { - // Extract the first two bytes as the size field as the data size - // encrypt - cipherSize = (UINT32)BYTE_ARRAY_TO_UINT16(buffer); - // advance the buffer - buffer = &buffer[2]; - } -#ifdef TPM4B - else if(leadingSizeInByte == 4) - { - // use the first four bytes to indicate the number of bytes to encrypt - cipherSize = BYTE_ARRAY_TO_UINT32(buffer); - //advance pointer - buffer = &buffer[4]; - } -#endif - else - { - FAIL(FATAL_ERROR_INTERNAL); - } - - // Compute encryption key by concatenating sessionKey with extra key - MemoryCopy2B(&key.b, &session->sessionKey.b, sizeof(key.t.buffer)); - MemoryConcat2B(&key.b, &extraKey->b, sizeof(key.t.buffer)); - - if(session->symmetric.algorithm == ALG_XOR_VALUE) - - // XOR parameter encryption formulation: - // XOR(parameter, hash, sessionAuth, nonceNewer, nonceOlder) - CryptXORObfuscation(session->authHashAlg, &(key.b), - &(session->nonceTPM.b), - nonceCaller, cipherSize, buffer); - else - ParmEncryptSym(session->symmetric.algorithm, session->authHashAlg, - session->symmetric.keyBits.aes, &(key.b), - nonceCaller, &(session->nonceTPM.b), - cipherSize, buffer); - return; -} - -//*** CryptParameterDecryption() -// This function does in-place decryption of a command parameter. -// Return Type: TPM_RC -// TPM_RC_SIZE The number of bytes in the input buffer is less than -// the number of bytes to be decrypted. -TPM_RC -CryptParameterDecryption( - TPM_HANDLE handle, // IN: encrypted session handle - TPM2B *nonceCaller, // IN: nonce caller - UINT32 bufferSize, // IN: size of parameter buffer - UINT16 leadingSizeInByte, // IN: the size of the leading size field in - // byte - TPM2B_AUTH *extraKey, // IN: the authValue - BYTE *buffer // IN/OUT: parameter buffer to be decrypted - ) -{ - SESSION *session = SessionGet(handle); // encrypt session - // The HMAC key is going to be the concatenation of the session key and any - // additional key material (like the authValue). The size of both of these - // is the size of the buffer which can contain a TPMT_HA. - TPM2B_TYPE(HMAC_KEY, (sizeof(extraKey->t.buffer) - + sizeof(session->sessionKey.t.buffer))); - TPM2B_HMAC_KEY key; // decryption key - UINT32 cipherSize = 0; // size of cipher text -// - // Retrieve encrypted data size. - if(leadingSizeInByte == 2) - { - // The first two bytes of the buffer are the size of the - // data to be decrypted - cipherSize = (UINT32)BYTE_ARRAY_TO_UINT16(buffer); - buffer = &buffer[2]; // advance the buffer - } -#ifdef TPM4B - else if(leadingSizeInByte == 4) - { - // the leading size is four bytes so get the four byte size field - cipherSize = BYTE_ARRAY_TO_UINT32(buffer); - buffer = &buffer[4]; //advance pointer - } -#endif - else - { - FAIL(FATAL_ERROR_INTERNAL); - } - if(cipherSize > bufferSize) - return TPM_RC_SIZE; - - // Compute decryption key by concatenating sessionAuth with extra input key - MemoryCopy2B(&key.b, &session->sessionKey.b, sizeof(key.t.buffer)); - MemoryConcat2B(&key.b, &extraKey->b, sizeof(key.t.buffer)); - - if(session->symmetric.algorithm == ALG_XOR_VALUE) - // XOR parameter decryption formulation: - // XOR(parameter, hash, sessionAuth, nonceNewer, nonceOlder) - // Call XOR obfuscation function - CryptXORObfuscation(session->authHashAlg, &key.b, nonceCaller, - &(session->nonceTPM.b), cipherSize, buffer); - else - // Assume that it is one of the symmetric block ciphers. - ParmDecryptSym(session->symmetric.algorithm, session->authHashAlg, - session->symmetric.keyBits.sym, - &key.b, nonceCaller, &session->nonceTPM.b, - cipherSize, buffer); - - return TPM_RC_SUCCESS; -} - -//*** CryptComputeSymmetricUnique() -// This function computes the unique field in public area for symmetric objects. -void -CryptComputeSymmetricUnique( - TPMT_PUBLIC *publicArea, // IN: the object's public area - TPMT_SENSITIVE *sensitive, // IN: the associated sensitive area - TPM2B_DIGEST *unique // OUT: unique buffer - ) -{ - // For parents (symmetric and derivation), use an HMAC to compute - // the 'unique' field - if(IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, restricted) - && IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, decrypt)) - { - // Unique field is HMAC(sensitive->seedValue, sensitive->sensitive) - HMAC_STATE hmacState; - unique->b.size = CryptHmacStart2B(&hmacState, publicArea->nameAlg, - &sensitive->seedValue.b); - CryptDigestUpdate2B(&hmacState.hashState, - &sensitive->sensitive.any.b); - CryptHmacEnd2B(&hmacState, &unique->b); - } - else - { - HASH_STATE hashState; - // Unique := Hash(sensitive->seedValue || sensitive->sensitive) - unique->t.size = CryptHashStart(&hashState, publicArea->nameAlg); - CryptDigestUpdate2B(&hashState, &sensitive->seedValue.b); - CryptDigestUpdate2B(&hashState, &sensitive->sensitive.any.b); - CryptHashEnd2B(&hashState, &unique->b); - } - return; -} - -//*** CryptCreateObject() -// This function creates an object. -// For an asymmetric key, it will create a key pair and, for a parent key, a seed -// value for child protections. -// -// For an symmetric object, (TPM_ALG_SYMCIPHER or TPM_ALG_KEYEDHASH), it will -// create a secret key if the caller did not provide one. It will create a random -// secret seed value that is hashed with the secret value to create the public -// unique value. -// -// 'publicArea', 'sensitive', and 'sensitiveCreate' are the only required parameters -// and are the only ones that are used by TPM2_Create(). The other parameters -// are optional and are used when the generated Object needs to be deterministic. -// This is the case for both Primary Objects and Derived Objects. -// -// When a seed value is provided, a RAND_STATE will be populated and used for -// all operations in the object generation that require a random number. In the -// simplest case, TPM2_CreatePrimary() will use 'seed', 'label' and 'context' with -// context being the hash of the template. If the Primary Object is in -// the Endorsement hierarchy, it will also populate 'proof' with ehProof. -// -// For derived keys, 'seed' will be the secret value from the parent, 'label' and -// 'context' will be set according to the parameters of TPM2_CreateLoaded() and -// 'hashAlg' will be set which causes the RAND_STATE to be a KDF generator. -// -// Return Type: TPM_RC -// TPM_RC_KEY a provided key is not an allowed value -// TPM_RC_KEY_SIZE key size in the public area does not match the size -// in the sensitive creation area for a symmetric key -// TPM_RC_NO_RESULT unable to get random values (only in derivation) -// TPM_RC_RANGE for an RSA key, the exponent is not supported -// TPM_RC_SIZE sensitive data size is larger than allowed for the -// scheme for a keyed hash object -// TPM_RC_VALUE exponent is not prime or could not find a prime using -// the provided parameters for an RSA key; -// unsupported name algorithm for an ECC key -TPM_RC -CryptCreateObject( - OBJECT *object, // IN: new object structure pointer - TPMS_SENSITIVE_CREATE *sensitiveCreate, // IN: sensitive creation - RAND_STATE *rand // IN: the random number generator - // to use - ) -{ - TPMT_PUBLIC *publicArea = &object->publicArea; - TPMT_SENSITIVE *sensitive = &object->sensitive; - TPM_RC result = TPM_RC_SUCCESS; -// - // Set the sensitive type for the object - sensitive->sensitiveType = publicArea->type; - - // For all objects, copy the initial authorization data - sensitive->authValue = sensitiveCreate->userAuth; - - // If the TPM is the source of the data, set the size of the provided data to - // zero so that there's no confusion about what to do. - if(IS_ATTRIBUTE(publicArea->objectAttributes, - TPMA_OBJECT, sensitiveDataOrigin)) - sensitiveCreate->data.t.size = 0; - - // Generate the key and unique fields for the asymmetric keys and just the - // sensitive value for symmetric object - switch(publicArea->type) - { -#if ALG_RSA - // Create RSA key - case ALG_RSA_VALUE: - // RSA uses full object so that it has a place to put the private - // exponent - result = CryptRsaGenerateKey(publicArea, sensitive, rand); - break; -#endif // ALG_RSA - -#if ALG_ECC - // Create ECC key - case ALG_ECC_VALUE: - result = CryptEccGenerateKey(publicArea, sensitive, rand); - break; -#endif // ALG_ECC - case ALG_SYMCIPHER_VALUE: - result = CryptGenerateKeySymmetric(publicArea, sensitive, - sensitiveCreate, rand); - break; - case ALG_KEYEDHASH_VALUE: - result = CryptGenerateKeyedHash(publicArea, sensitive, - sensitiveCreate, rand); - break; - default: - FAIL(FATAL_ERROR_INTERNAL); - break; - } - if(result != TPM_RC_SUCCESS) - return result; -// Create the sensitive seed value - // If this is a primary key in the endorsement hierarchy, stir the DRBG state - // This implementation uses both shProof and ehProof to make sure that there - // is no leakage of either. - if(object->attributes.primary && object->attributes.epsHierarchy) - { - DRBG_AdditionalData((DRBG_STATE *)rand, &gp.shProof.b); - DRBG_AdditionalData((DRBG_STATE *)rand, &gp.ehProof.b); - } - // Generate a seedValue that is the size of the digest produced by nameAlg - sensitive->seedValue.t.size = - DRBG_Generate(rand, sensitive->seedValue.t.buffer, - CryptHashGetDigestSize(publicArea->nameAlg)); - if(g_inFailureMode) - return TPM_RC_FAILURE; - else if(sensitive->seedValue.t.size == 0) - return TPM_RC_NO_RESULT; - // For symmetric objects, need to compute the unique value for the public area - if(publicArea->type == ALG_SYMCIPHER_VALUE - || publicArea->type == ALG_KEYEDHASH_VALUE) - { - CryptComputeSymmetricUnique(publicArea, sensitive, &publicArea->unique.sym); - } - else - { - // if this is an asymmetric key and it isn't a parent, then - // get rid of the seed. - if(IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, sign) - || !IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, restricted)) - memset(&sensitive->seedValue, 0, sizeof(sensitive->seedValue)); - } - // Compute the name - PublicMarshalAndComputeName(publicArea, &object->name); - return result; -} - -//*** CryptGetSignHashAlg() -// Get the hash algorithm of signature from a TPMT_SIGNATURE structure. -// It assumes the signature is not NULL -// This is a function for easy access -TPMI_ALG_HASH -CryptGetSignHashAlg( - TPMT_SIGNATURE *auth // IN: signature - ) -{ - if(auth->sigAlg == ALG_NULL_VALUE) - FAIL(FATAL_ERROR_INTERNAL); - - // Get authHash algorithm based on signing scheme - switch(auth->sigAlg) - { -#if ALG_RSA - // If RSA is supported, both RSASSA and RSAPSS are required -# if !defined ALG_RSASSA_VALUE || !defined ALG_RSAPSS_VALUE -# error "RSASSA and RSAPSS are required for RSA" -# endif - case ALG_RSASSA_VALUE: - return auth->signature.rsassa.hash; - case ALG_RSAPSS_VALUE: - return auth->signature.rsapss.hash; -#endif // ALG_RSA - -#if ALG_ECC - // If ECC is defined, ECDSA is mandatory -# if !ALG_ECDSA -# error "ECDSA is requried for ECC" -# endif - case ALG_ECDSA_VALUE: - // SM2 and ECSCHNORR are optional - -# if ALG_SM2 - case ALG_SM2_VALUE: -# endif -# if ALG_ECSCHNORR - case ALG_ECSCHNORR_VALUE: -# endif - //all ECC signatures look the same - return auth->signature.ecdsa.hash; - -# if ALG_ECDAA - // Don't know how to verify an ECDAA signature - case ALG_ECDAA_VALUE: - break; -# endif - -#endif // ALG_ECC - - case ALG_HMAC_VALUE: - return auth->signature.hmac.hashAlg; - - default: - break; - } - return ALG_NULL_VALUE; -} - -//*** CryptIsSplitSign() -// This function us used to determine if the signing operation is a split -// signing operation that required a TPM2_Commit(). -// -BOOL -CryptIsSplitSign( - TPM_ALG_ID scheme // IN: the algorithm selector - ) -{ - switch(scheme) - { -# if ALG_ECDAA - case ALG_ECDAA_VALUE: - return TRUE; - break; -# endif // ALG_ECDAA - default: - return FALSE; - break; - } -} - -//*** CryptIsAsymSignScheme() -// This function indicates if a scheme algorithm is a sign algorithm. -BOOL -CryptIsAsymSignScheme( - TPMI_ALG_PUBLIC publicType, // IN: Type of the object - TPMI_ALG_ASYM_SCHEME scheme // IN: the scheme - ) -{ - BOOL isSignScheme = TRUE; - - switch(publicType) - { -#if ALG_RSA - case ALG_RSA_VALUE: - switch(scheme) - { -# if !ALG_RSASSA || !ALG_RSAPSS -# error "RSASSA and PSAPSS required if RSA used." -# endif - case ALG_RSASSA_VALUE: - case ALG_RSAPSS_VALUE: - break; - default: - isSignScheme = FALSE; - break; - } - break; -#endif // ALG_RSA - -#if ALG_ECC - // If ECC is implemented ECDSA is required - case ALG_ECC_VALUE: - switch(scheme) - { - // Support for ECDSA is required for ECC - case ALG_ECDSA_VALUE: -#if ALG_ECDAA // ECDAA is optional - case ALG_ECDAA_VALUE: -#endif -#if ALG_ECSCHNORR // Schnorr is also optional - case ALG_ECSCHNORR_VALUE: -#endif -#if ALG_SM2 // SM2 is optional - case ALG_SM2_VALUE: -#endif - break; - default: - isSignScheme = FALSE; - break; - } - break; -#endif // ALG_ECC - default: - isSignScheme = FALSE; - break; - } - return isSignScheme; -} - -//*** CryptIsAsymDecryptScheme() -// This function indicate if a scheme algorithm is a decrypt algorithm. -BOOL -CryptIsAsymDecryptScheme( - TPMI_ALG_PUBLIC publicType, // IN: Type of the object - TPMI_ALG_ASYM_SCHEME scheme // IN: the scheme - ) -{ - BOOL isDecryptScheme = TRUE; - - switch(publicType) - { -#if ALG_RSA - case ALG_RSA_VALUE: - switch(scheme) - { - case ALG_RSAES_VALUE: - case ALG_OAEP_VALUE: - break; - default: - isDecryptScheme = FALSE; - break; - } - break; -#endif // ALG_RSA - -#if ALG_ECC - // If ECC is implemented ECDH is required - case ALG_ECC_VALUE: - switch(scheme) - { -#if !ALG_ECDH -# error "ECDH is required for ECC" -#endif - case ALG_ECDH_VALUE: -#if ALG_SM2 - case ALG_SM2_VALUE: -#endif -#if ALG_ECMQV - case ALG_ECMQV_VALUE: -#endif - break; - default: - isDecryptScheme = FALSE; - break; - } - break; -#endif // ALG_ECC - default: - isDecryptScheme = FALSE; - break; - } - return isDecryptScheme; -} - -//*** CryptSelectSignScheme() -// This function is used by the attestation and signing commands. It implements -// the rules for selecting the signature scheme to use in signing. This function -// requires that the signing key either be TPM_RH_NULL or be loaded. -// -// If a default scheme is defined in object, the default scheme should be chosen, -// otherwise, the input scheme should be chosen. -// In the case that both object and input scheme has a non-NULL scheme -// algorithm, if the schemes are compatible, the input scheme will be chosen. -// -// This function should not be called if 'signObject->publicArea.type' == -// ALG_SYMCIPHER. -// -// Return Type: BOOL -// TRUE(1) scheme selected -// FALSE(0) both 'scheme' and key's default scheme are empty; or -// 'scheme' is empty while key's default scheme requires -// explicit input scheme (split signing); or -// non-empty default key scheme differs from 'scheme' -BOOL -CryptSelectSignScheme( - OBJECT *signObject, // IN: signing key - TPMT_SIG_SCHEME *scheme // IN/OUT: signing scheme - ) -{ - TPMT_SIG_SCHEME *objectScheme; - TPMT_PUBLIC *publicArea; - BOOL OK; - - // If the signHandle is TPM_RH_NULL, then the NULL scheme is used, regardless - // of the setting of scheme - if(signObject == NULL) - { - OK = TRUE; - scheme->scheme = ALG_NULL_VALUE; - scheme->details.any.hashAlg = ALG_NULL_VALUE; - } - else - { - // assignment to save typing. - publicArea = &signObject->publicArea; - - // A symmetric cipher can be used to encrypt and decrypt but it can't - // be used for signing - if(publicArea->type == ALG_SYMCIPHER_VALUE) - return FALSE; - // Point to the scheme object - if(CryptIsAsymAlgorithm(publicArea->type)) - objectScheme = - (TPMT_SIG_SCHEME *)&publicArea->parameters.asymDetail.scheme; - else - objectScheme = - (TPMT_SIG_SCHEME *)&publicArea->parameters.keyedHashDetail.scheme; - - // If the object doesn't have a default scheme, then use the - // input scheme. - if(objectScheme->scheme == ALG_NULL_VALUE) - { - // Input and default can't both be NULL - OK = (scheme->scheme != ALG_NULL_VALUE); - // Assume that the scheme is compatible with the key. If not, - // an error will be generated in the signing operation. - } - else if(scheme->scheme == ALG_NULL_VALUE) - { - // input scheme is NULL so use default - - // First, check to see if the default requires that the caller - // provided scheme data - OK = !CryptIsSplitSign(objectScheme->scheme); - if(OK) - { - // The object has a scheme and the input is TPM_ALG_NULL so copy - // the object scheme as the final scheme. It is better to use a - // structure copy than a copy of the individual fields. - *scheme = *objectScheme; - } - } - else - { - // Both input and object have scheme selectors - // If the scheme and the hash are not the same then... - // NOTE: the reason that there is no copy here is that the input - // might contain extra data for a split signing scheme and that - // data is not in the object so, it has to be preserved. - OK = (objectScheme->scheme == scheme->scheme) - && (objectScheme->details.any.hashAlg - == scheme->details.any.hashAlg); - } - } - return OK; -} - -//*** CryptSign() -// Sign a digest with asymmetric key or HMAC. -// This function is called by attestation commands and the generic TPM2_Sign -// command. -// This function checks the key scheme and digest size. It does not -// check if the sign operation is allowed for restricted key. It should be -// checked before the function is called. -// The function will assert if the key is not a signing key. -// -// Return Type: TPM_RC -// TPM_RC_SCHEME 'signScheme' is not compatible with the signing key type -// TPM_RC_VALUE 'digest' value is greater than the modulus of -// 'signHandle' or size of 'hashData' does not match hash -// algorithm in'signScheme' (for an RSA key); -// invalid commit status or failed to generate "r" value -// (for an ECC key) -TPM_RC -CryptSign( - OBJECT *signKey, // IN: signing key - TPMT_SIG_SCHEME *signScheme, // IN: sign scheme. - TPM2B_DIGEST *digest, // IN: The digest being signed - TPMT_SIGNATURE *signature // OUT: signature - ) -{ - TPM_RC result = TPM_RC_SCHEME; - - // Initialize signature scheme - signature->sigAlg = signScheme->scheme; - - // If the signature algorithm is TPM_ALG_NULL or the signing key is NULL, - // then we are done - if((signature->sigAlg == ALG_NULL_VALUE) || (signKey == NULL)) - return TPM_RC_SUCCESS; - - // Initialize signature hash - // Note: need to do the check for TPM_ALG_NULL first because the null scheme - // doesn't have a hashAlg member. - signature->signature.any.hashAlg = signScheme->details.any.hashAlg; - - // perform sign operation based on different key type - switch(signKey->publicArea.type) - { -#if ALG_RSA - case ALG_RSA_VALUE: - result = CryptRsaSign(signature, signKey, digest, NULL); - break; -#endif // ALG_RSA -#if ALG_ECC - case ALG_ECC_VALUE: - // The reason that signScheme is passed to CryptEccSign but not to the - // other signing methods is that the signing for ECC may be split and - // need the 'r' value that is in the scheme but not in the signature. - result = CryptEccSign(signature, signKey, digest, - (TPMT_ECC_SCHEME *)signScheme, NULL); - break; -#endif // ALG_ECC - case ALG_KEYEDHASH_VALUE: - result = CryptHmacSign(signature, signKey, digest); - break; - default: - FAIL(FATAL_ERROR_INTERNAL); - break; - } - return result; -} - -//*** CryptValidateSignature() -// This function is used to verify a signature. It is called by -// TPM2_VerifySignature() and TPM2_PolicySigned. -// -// Since this operation only requires use of a public key, no consistency -// checks are necessary for the key to signature type because a caller can load -// any public key that they like with any scheme that they like. This routine -// simply makes sure that the signature is correct, whatever the type. -// -// Return Type: TPM_RC -// TPM_RC_SIGNATURE the signature is not genuine -// TPM_RC_SCHEME the scheme is not supported -// TPM_RC_HANDLE an HMAC key was selected but the -// private part of the key is not loaded -TPM_RC -CryptValidateSignature( - TPMI_DH_OBJECT keyHandle, // IN: The handle of sign key - TPM2B_DIGEST *digest, // IN: The digest being validated - TPMT_SIGNATURE *signature // IN: signature - ) -{ - // NOTE: HandleToObject will either return a pointer to a loaded object or - // will assert. It will never return a non-valid value. This makes it save - // to initialize 'publicArea' with the return value from HandleToObject() - // without checking it first. - OBJECT *signObject = HandleToObject(keyHandle); - TPMT_PUBLIC *publicArea = &signObject->publicArea; - TPM_RC result = TPM_RC_SCHEME; - - // The input unmarshaling should prevent any input signature from being - // a NULL signature, but just in case - if(signature->sigAlg == ALG_NULL_VALUE) - return TPM_RC_SIGNATURE; - - switch(publicArea->type) - { -#if ALG_RSA - case ALG_RSA_VALUE: - { - // - // Call RSA code to verify signature - result = CryptRsaValidateSignature(signature, signObject, digest); - break; - } -#endif // ALG_RSA - -#if ALG_ECC - case ALG_ECC_VALUE: - result = CryptEccValidateSignature(signature, signObject, digest); - break; -#endif // ALG_ECC - - case ALG_KEYEDHASH_VALUE: - if(signObject->attributes.publicOnly) - result = TPM_RCS_HANDLE; - else - result = CryptHMACVerifySignature(signObject, digest, signature); - break; - default: - break; - } - return result; -} - -//*** CryptGetTestResult -// This function returns the results of a self-test function. -// Note: the behavior in this function is NOT the correct behavior for a real -// TPM implementation. An artificial behavior is placed here due to the -// limitation of a software simulation environment. For the correct behavior, -// consult the part 3 specification for TPM2_GetTestResult(). -TPM_RC -CryptGetTestResult( - TPM2B_MAX_BUFFER *outData // OUT: test result data - ) -{ - outData->t.size = 0; - return TPM_RC_SUCCESS; -} - -//*** CryptValidateKeys() -// This function is used to verify that the key material of and object is valid. -// For a 'publicOnly' object, the key is verified for size and, if it is an ECC -// key, it is verified to be on the specified curve. For a key with a sensitive -// area, the binding between the public and private parts of the key are verified. -// If the nameAlg of the key is TPM_ALG_NULL, then the size of the sensitive area -// is verified but the public portion is not verified, unless the key is an RSA key. -// For an RSA key, the reason for loading the sensitive area is to use it. The -// only way to use a private RSA key is to compute the private exponent. To compute -// the private exponent, the public modulus is used. -// Return Type: TPM_RC -// TPM_RC_BINDING the public and private parts are not cryptographically -// bound -// TPM_RC_HASH cannot have a publicOnly key with nameAlg of TPM_ALG_NULL -// TPM_RC_KEY the public unique is not valid -// TPM_RC_KEY_SIZE the private area key is not valid -// TPM_RC_TYPE the types of the sensitive and private parts do not match -TPM_RC -CryptValidateKeys( - TPMT_PUBLIC *publicArea, - TPMT_SENSITIVE *sensitive, - TPM_RC blamePublic, - TPM_RC blameSensitive - ) -{ - TPM_RC result; - UINT16 keySizeInBytes; - UINT16 digestSize = CryptHashGetDigestSize(publicArea->nameAlg); - TPMU_PUBLIC_PARMS *params = &publicArea->parameters; - TPMU_PUBLIC_ID *unique = &publicArea->unique; - - if(sensitive != NULL) - { - // Make sure that the types of the public and sensitive are compatible - if(publicArea->type != sensitive->sensitiveType) - return TPM_RCS_TYPE + blameSensitive; - // Make sure that the authValue is not bigger than allowed - // If there is no name algorithm, then the size just needs to be less than - // the maximum size of the buffer used for authorization. That size check - // was made during unmarshaling of the sensitive area - if((sensitive->authValue.t.size) > digestSize && (digestSize > 0)) - return TPM_RCS_SIZE + blameSensitive; - } - switch(publicArea->type) - { -#if ALG_RSA - case ALG_RSA_VALUE: - keySizeInBytes = BITS_TO_BYTES(params->rsaDetail.keyBits); - - // Regardless of whether there is a sensitive area, the public modulus - // needs to have the correct size. Otherwise, it can't be used for - // any public key operation nor can it be used to compute the private - // exponent. - // NOTE: This implementation only supports key sizes that are multiples - // of 1024 bits which means that the MSb of the 0th byte will always be - // SET in any prime and in the public modulus. - if((unique->rsa.t.size != keySizeInBytes) - || (unique->rsa.t.buffer[0] < 0x80)) - return TPM_RCS_KEY + blamePublic; - if(params->rsaDetail.exponent != 0 - && params->rsaDetail.exponent < 7) - return TPM_RCS_VALUE + blamePublic; - if(sensitive != NULL) - { - // If there is a sensitive area, it has to be the correct size - // including having the correct high order bit SET. - if(((sensitive->sensitive.rsa.t.size * 2) != keySizeInBytes) - || (sensitive->sensitive.rsa.t.buffer[0] < 0x80)) - return TPM_RCS_KEY_SIZE + blameSensitive; - } - break; -#endif -#if ALG_ECC - case ALG_ECC_VALUE: - { - TPMI_ECC_CURVE curveId; - curveId = params->eccDetail.curveID; - keySizeInBytes = BITS_TO_BYTES(CryptEccGetKeySizeForCurve(curveId)); - if(sensitive == NULL) - { - // Validate the public key size - if(unique->ecc.x.t.size != keySizeInBytes - || unique->ecc.y.t.size != keySizeInBytes) - return TPM_RCS_KEY + blamePublic; - if(publicArea->nameAlg != ALG_NULL_VALUE) - { - if(!CryptEccIsPointOnCurve(curveId, &unique->ecc)) - return TPM_RCS_ECC_POINT + blamePublic; - } - } - else - { - // If the nameAlg is TPM_ALG_NULL, then only verify that the - // private part of the key is OK. - if(!CryptEccIsValidPrivateKey(&sensitive->sensitive.ecc, - curveId)) - return TPM_RCS_KEY_SIZE; - if(publicArea->nameAlg != ALG_NULL_VALUE) - { - // Full key load, verify that the public point belongs to the - // private key. - TPMS_ECC_POINT toCompare; - result = CryptEccPointMultiply(&toCompare, curveId, NULL, - &sensitive->sensitive.ecc, - NULL, NULL); - if(result != TPM_RC_SUCCESS) - return TPM_RCS_BINDING; - else - { - // Make sure that the private key generated the public key. - // The input values and the values produced by the point - // multiply may not be the same size so adjust the computed - // value to match the size of the input value by adding or - // removing zeros. - AdjustNumberB(&toCompare.x.b, unique->ecc.x.t.size); - AdjustNumberB(&toCompare.y.b, unique->ecc.y.t.size); - if(!MemoryEqual2B(&unique->ecc.x.b, &toCompare.x.b) - || !MemoryEqual2B(&unique->ecc.y.b, &toCompare.y.b)) - return TPM_RCS_BINDING; - } - } - } - break; - } -#endif - default: - // Checks for SYMCIPHER and KEYEDHASH are largely the same - // If public area has a nameAlg, then validate the public area size - // and if there is also a sensitive area, validate the binding - - // For consistency, if the object is public-only just make sure that - // the unique field is consistent with the name algorithm - if(sensitive == NULL) - { - if(unique->sym.t.size != digestSize) - return TPM_RCS_KEY + blamePublic; - } - else - { - // Make sure that the key size in the sensitive area is consistent. - if(publicArea->type == ALG_SYMCIPHER_VALUE) - { - result = CryptSymKeyValidate(¶ms->symDetail.sym, - &sensitive->sensitive.sym); - if(result != TPM_RC_SUCCESS) - return result + blameSensitive; - } - else - { - // For a keyed hash object, the key has to be less than the - // smaller of the block size of the hash used in the scheme or - // 128 bytes. The worst case value is limited by the - // unmarshaling code so the only thing left to be checked is - // that it does not exceed the block size of the hash. - // by the hash algorithm of the scheme. - TPMT_KEYEDHASH_SCHEME *scheme; - UINT16 maxSize; - scheme = ¶ms->keyedHashDetail.scheme; - if(scheme->scheme == ALG_XOR_VALUE) - { - maxSize = CryptHashGetBlockSize(scheme->details.xor.hashAlg); - } - else if(scheme->scheme == ALG_HMAC_VALUE) - { - maxSize = CryptHashGetBlockSize(scheme->details.hmac.hashAlg); - } - else if(scheme->scheme == ALG_NULL_VALUE) - { - // Not signing or xor so must be a data block - maxSize = 128; - } - else - return TPM_RCS_SCHEME + blamePublic; - if(sensitive->sensitive.bits.t.size > maxSize) - return TPM_RCS_KEY_SIZE + blameSensitive; - } - // If there is a nameAlg, check the binding - if(publicArea->nameAlg != ALG_NULL_VALUE) - { - TPM2B_DIGEST compare; - if(sensitive->seedValue.t.size != digestSize) - return TPM_RCS_KEY_SIZE + blameSensitive; - - CryptComputeSymmetricUnique(publicArea, sensitive, &compare); - if(!MemoryEqual2B(&unique->sym.b, &compare.b)) - return TPM_RC_BINDING; - } - } - break; - } - // For a parent, need to check that the seedValue is the correct size for - // protections. It should be at least half the size of the nameAlg - if(IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, restricted) - && IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, decrypt) - && sensitive != NULL - && publicArea->nameAlg != ALG_NULL_VALUE) - { - if((sensitive->seedValue.t.size < (digestSize / 2)) - || (sensitive->seedValue.t.size > digestSize)) - return TPM_RCS_SIZE + blameSensitive; - } - return TPM_RC_SUCCESS; -} - -//*** CryptSelectMac() -// This function is used to set the MAC scheme based on the key parameters and -// the input scheme. -// Return Type: TPM_RC -// TPM_RC_SCHEME the scheme is not a valid mac scheme -// TPM_RC_TYPE the input key is not a type that supports a mac -// TPM_RC_VALUE the input scheme and the key scheme are not compatible -TPM_RC -CryptSelectMac( - TPMT_PUBLIC *publicArea, - TPMI_ALG_MAC_SCHEME *inMac -) -{ - TPM_ALG_ID macAlg = ALG_NULL_VALUE; - switch(publicArea->type) - { - case ALG_KEYEDHASH_VALUE: - { - // Local value to keep lines from getting too long - TPMT_KEYEDHASH_SCHEME *scheme; - scheme = &publicArea->parameters.keyedHashDetail.scheme; - // Expect that the scheme is either HMAC or NULL - if(scheme->scheme != ALG_NULL_VALUE) - macAlg = scheme->details.hmac.hashAlg; - break; - } - case ALG_SYMCIPHER_VALUE: - { - TPMT_SYM_DEF_OBJECT *scheme; - scheme = &publicArea->parameters.symDetail.sym; - // Expect that the scheme is either valid symmetric cipher or NULL - if(scheme->algorithm != ALG_NULL_VALUE) - macAlg = scheme->mode.sym; - break; - } - default: - return TPM_RCS_TYPE; - } - // If the input value is not TPM_ALG_NULL ... - if(*inMac != ALG_NULL_VALUE) - { - // ... then either the scheme in the key must be TPM_ALG_NULL or the input - // value must match - if((macAlg != ALG_NULL_VALUE) && (*inMac != macAlg)) - return TPM_RCS_VALUE; - } - else - { - // Since the input value is TPM_ALG_NULL, then the key value can't be - // TPM_ALG_NULL - if(macAlg == ALG_NULL_VALUE) - return TPM_RCS_VALUE; - *inMac = macAlg; - } - if(!CryptMacIsValidForKey(publicArea->type, *inMac, FALSE)) - return TPM_RCS_SCHEME; - return TPM_RC_SUCCESS; -} - -//*** CryptMacIsValidForKey() -// Check to see if the key type is compatible with the mac type -BOOL -CryptMacIsValidForKey( - TPM_ALG_ID keyType, - TPM_ALG_ID macAlg, - BOOL flag -) -{ - switch(keyType) - { - case ALG_KEYEDHASH_VALUE: - return CryptHashIsValidAlg(macAlg, flag); - break; - case ALG_SYMCIPHER_VALUE: - return CryptSmacIsValidAlg(macAlg, flag); - break; - default: - break; - } - return FALSE; -} - -//*** CryptSmacIsValidAlg() -// This function is used to test if an algorithm is a supported SMAC algorithm. It -// needs to be updated as new algorithms are added. -BOOL -CryptSmacIsValidAlg( - TPM_ALG_ID alg, - BOOL FLAG // IN: Indicates if TPM_ALG_NULL is valid -) -{ - switch (alg) - { -#if ALG_CMAC - case ALG_CMAC_VALUE: - return TRUE; - break; -#endif - case ALG_NULL_VALUE: - return FLAG; - break; - default: - return FALSE; - } -} - -//*** CryptSymModeIsValid() -// Function checks to see if an algorithm ID is a valid, symmetric block cipher -// mode for the TPM. If 'flag' is SET, them TPM_ALG_NULL is a valid mode. -// not include the modes used for SMAC -BOOL -CryptSymModeIsValid( - TPM_ALG_ID mode, - BOOL flag -) -{ - switch(mode) - { -#if ALG_CTR - case ALG_CTR_VALUE: -#endif // ALG_CTR -#if ALG_OFB - case ALG_OFB_VALUE: -#endif // ALG_OFB -#if ALG_CBC - case ALG_CBC_VALUE: -#endif // ALG_CBC -#if ALG_CFB - case ALG_CFB_VALUE: -#endif // ALG_CFB -#if ALG_ECB - case ALG_ECB_VALUE: -#endif // ALG_ECB - return TRUE; - case ALG_NULL_VALUE: - return flag; - break; - default: - break; - } - return FALSE; -} - - - diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/PrimeData.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/PrimeData.c deleted file mode 100644 index 00072188d..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/PrimeData.c +++ /dev/null @@ -1,422 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" - -// This table is the product of all of the primes up to 1000. -// Checking to see if there is a GCD between a prime candidate -// and this number will eliminate many prime candidates from -// consideration before running Miller-Rabin on the result. - -const BN_STRUCT(43 * RADIX_BITS) s_CompositeOfSmallPrimes_ = -{44, 44, -{ 0x2ED42696, 0x2BBFA177, 0x4820594F, 0xF73F4841, -0xBFAC313A, 0xCAC3EB81, 0xF6F26BF8, 0x7FAB5061, -0x59746FB7, 0xF71377F6, 0x3B19855B, 0xCBD03132, -0xBB92EF1B, 0x3AC3152C, 0xE87C8273, 0xC0AE0E69, -0x74A9E295, 0x448CCE86, 0x63CA1907, 0x8A0BF944, -0xF8CC3BE0, 0xC26F0AF5, 0xC501C02F, 0x6579441A, -0xD1099CDA, 0x6BC76A00, 0xC81A3228, 0xBFB1AB25, -0x70FA3841, 0x51B3D076, 0xCC2359ED, 0xD9EE0769, -0x75E47AF0, 0xD45FF31E, 0x52CCE4F6, 0x04DBC891, -0x96658ED2, 0x1753EFE5, 0x3AE4A5A6, 0x8FD4A97F, -0x8B15E7EB, 0x0243C3E1, 0xE0F0C31D, 0x0000000B } -}; - -bigConst s_CompositeOfSmallPrimes = (const bigNum)&s_CompositeOfSmallPrimes_; - -// This table contains a bit for each of the odd values between 1 and 2^16 + 1. -// This table allows fast checking of the primes in that range. -// Don't change the size of this table unless you are prepared to do redo -// IsPrimeInt(). - -const uint32_t s_LastPrimeInTable = 65537; -const uint32_t s_PrimeTableSize = 4097; -const uint32_t s_PrimesInTable = 6542; -const unsigned char s_PrimeTable[] = { - 0x6e, 0xcb, 0xb4, 0x64, 0x9a, 0x12, 0x6d, 0x81, 0x32, 0x4c, 0x4a, 0x86, - 0x0d, 0x82, 0x96, 0x21, 0xc9, 0x34, 0x04, 0x5a, 0x20, 0x61, 0x89, 0xa4, - 0x44, 0x11, 0x86, 0x29, 0xd1, 0x82, 0x28, 0x4a, 0x30, 0x40, 0x42, 0x32, - 0x21, 0x99, 0x34, 0x08, 0x4b, 0x06, 0x25, 0x42, 0x84, 0x48, 0x8a, 0x14, - 0x05, 0x42, 0x30, 0x6c, 0x08, 0xb4, 0x40, 0x0b, 0xa0, 0x08, 0x51, 0x12, - 0x28, 0x89, 0x04, 0x65, 0x98, 0x30, 0x4c, 0x80, 0x96, 0x44, 0x12, 0x80, - 0x21, 0x42, 0x12, 0x41, 0xc9, 0x04, 0x21, 0xc0, 0x32, 0x2d, 0x98, 0x00, - 0x00, 0x49, 0x04, 0x08, 0x81, 0x96, 0x68, 0x82, 0xb0, 0x25, 0x08, 0x22, - 0x48, 0x89, 0xa2, 0x40, 0x59, 0x26, 0x04, 0x90, 0x06, 0x40, 0x43, 0x30, - 0x44, 0x92, 0x00, 0x69, 0x10, 0x82, 0x08, 0x08, 0xa4, 0x0d, 0x41, 0x12, - 0x60, 0xc0, 0x00, 0x24, 0xd2, 0x22, 0x61, 0x08, 0x84, 0x04, 0x1b, 0x82, - 0x01, 0xd3, 0x10, 0x01, 0x02, 0xa0, 0x44, 0xc0, 0x22, 0x60, 0x91, 0x14, - 0x0c, 0x40, 0xa6, 0x04, 0xd2, 0x94, 0x20, 0x09, 0x94, 0x20, 0x52, 0x00, - 0x08, 0x10, 0xa2, 0x4c, 0x00, 0x82, 0x01, 0x51, 0x10, 0x08, 0x8b, 0xa4, - 0x25, 0x9a, 0x30, 0x44, 0x81, 0x10, 0x4c, 0x03, 0x02, 0x25, 0x52, 0x80, - 0x08, 0x49, 0x84, 0x20, 0x50, 0x32, 0x00, 0x18, 0xa2, 0x40, 0x11, 0x24, - 0x28, 0x01, 0x84, 0x01, 0x01, 0xa0, 0x41, 0x0a, 0x12, 0x45, 0x00, 0x36, - 0x08, 0x00, 0x26, 0x29, 0x83, 0x82, 0x61, 0xc0, 0x80, 0x04, 0x10, 0x10, - 0x6d, 0x00, 0x22, 0x48, 0x58, 0x26, 0x0c, 0xc2, 0x10, 0x48, 0x89, 0x24, - 0x20, 0x58, 0x20, 0x45, 0x88, 0x24, 0x00, 0x19, 0x02, 0x25, 0xc0, 0x10, - 0x68, 0x08, 0x14, 0x01, 0xca, 0x32, 0x28, 0x80, 0x00, 0x04, 0x4b, 0x26, - 0x00, 0x13, 0x90, 0x60, 0x82, 0x80, 0x25, 0xd0, 0x00, 0x01, 0x10, 0x32, - 0x0c, 0x43, 0x86, 0x21, 0x11, 0x00, 0x08, 0x43, 0x24, 0x04, 0x48, 0x10, - 0x0c, 0x90, 0x92, 0x00, 0x43, 0x20, 0x2d, 0x00, 0x06, 0x09, 0x88, 0x24, - 0x40, 0xc0, 0x32, 0x09, 0x09, 0x82, 0x00, 0x53, 0x80, 0x08, 0x80, 0x96, - 0x41, 0x81, 0x00, 0x40, 0x48, 0x10, 0x48, 0x08, 0x96, 0x48, 0x58, 0x20, - 0x29, 0xc3, 0x80, 0x20, 0x02, 0x94, 0x60, 0x92, 0x00, 0x20, 0x81, 0x22, - 0x44, 0x10, 0xa0, 0x05, 0x40, 0x90, 0x01, 0x49, 0x20, 0x04, 0x0a, 0x00, - 0x24, 0x89, 0x34, 0x48, 0x13, 0x80, 0x2c, 0xc0, 0x82, 0x29, 0x00, 0x24, - 0x45, 0x08, 0x00, 0x08, 0x98, 0x36, 0x04, 0x52, 0x84, 0x04, 0xd0, 0x04, - 0x00, 0x8a, 0x90, 0x44, 0x82, 0x32, 0x65, 0x18, 0x90, 0x00, 0x0a, 0x02, - 0x01, 0x40, 0x02, 0x28, 0x40, 0xa4, 0x04, 0x92, 0x30, 0x04, 0x11, 0x86, - 0x08, 0x42, 0x00, 0x2c, 0x52, 0x04, 0x08, 0xc9, 0x84, 0x60, 0x48, 0x12, - 0x09, 0x99, 0x24, 0x44, 0x00, 0x24, 0x00, 0x03, 0x14, 0x21, 0x00, 0x10, - 0x01, 0x1a, 0x32, 0x05, 0x88, 0x20, 0x40, 0x40, 0x06, 0x09, 0xc3, 0x84, - 0x40, 0x01, 0x30, 0x60, 0x18, 0x02, 0x68, 0x11, 0x90, 0x0c, 0x02, 0xa2, - 0x04, 0x00, 0x86, 0x29, 0x89, 0x14, 0x24, 0x82, 0x02, 0x41, 0x08, 0x80, - 0x04, 0x19, 0x80, 0x08, 0x10, 0x12, 0x68, 0x42, 0xa4, 0x04, 0x00, 0x02, - 0x61, 0x10, 0x06, 0x0c, 0x10, 0x00, 0x01, 0x12, 0x10, 0x20, 0x03, 0x94, - 0x21, 0x42, 0x12, 0x65, 0x18, 0x94, 0x0c, 0x0a, 0x04, 0x28, 0x01, 0x14, - 0x29, 0x0a, 0xa4, 0x40, 0xd0, 0x00, 0x40, 0x01, 0x90, 0x04, 0x41, 0x20, - 0x2d, 0x40, 0x82, 0x48, 0xc1, 0x20, 0x00, 0x10, 0x30, 0x01, 0x08, 0x24, - 0x04, 0x59, 0x84, 0x24, 0x00, 0x02, 0x29, 0x82, 0x00, 0x61, 0x58, 0x02, - 0x48, 0x81, 0x16, 0x48, 0x10, 0x00, 0x21, 0x11, 0x06, 0x00, 0xca, 0xa0, - 0x40, 0x02, 0x00, 0x04, 0x91, 0xb0, 0x00, 0x42, 0x04, 0x0c, 0x81, 0x06, - 0x09, 0x48, 0x14, 0x25, 0x92, 0x20, 0x25, 0x11, 0xa0, 0x00, 0x0a, 0x86, - 0x0c, 0xc1, 0x02, 0x48, 0x00, 0x20, 0x45, 0x08, 0x32, 0x00, 0x98, 0x06, - 0x04, 0x13, 0x22, 0x00, 0x82, 0x04, 0x48, 0x81, 0x14, 0x44, 0x82, 0x12, - 0x24, 0x18, 0x10, 0x40, 0x43, 0x80, 0x28, 0xd0, 0x04, 0x20, 0x81, 0x24, - 0x64, 0xd8, 0x00, 0x2c, 0x09, 0x12, 0x08, 0x41, 0xa2, 0x00, 0x00, 0x02, - 0x41, 0xca, 0x20, 0x41, 0xc0, 0x10, 0x01, 0x18, 0xa4, 0x04, 0x18, 0xa4, - 0x20, 0x12, 0x94, 0x20, 0x83, 0xa0, 0x40, 0x02, 0x32, 0x44, 0x80, 0x04, - 0x00, 0x18, 0x00, 0x0c, 0x40, 0x86, 0x60, 0x8a, 0x00, 0x64, 0x88, 0x12, - 0x05, 0x01, 0x82, 0x00, 0x4a, 0xa2, 0x01, 0xc1, 0x10, 0x61, 0x09, 0x04, - 0x01, 0x88, 0x00, 0x60, 0x01, 0xb4, 0x40, 0x08, 0x06, 0x01, 0x03, 0x80, - 0x08, 0x40, 0x94, 0x04, 0x8a, 0x20, 0x29, 0x80, 0x02, 0x0c, 0x52, 0x02, - 0x01, 0x42, 0x84, 0x00, 0x80, 0x84, 0x64, 0x02, 0x32, 0x48, 0x00, 0x30, - 0x44, 0x40, 0x22, 0x21, 0x00, 0x02, 0x08, 0xc3, 0xa0, 0x04, 0xd0, 0x20, - 0x40, 0x18, 0x16, 0x40, 0x40, 0x00, 0x28, 0x52, 0x90, 0x08, 0x82, 0x14, - 0x01, 0x18, 0x10, 0x08, 0x09, 0x82, 0x40, 0x0a, 0xa0, 0x20, 0x93, 0x80, - 0x08, 0xc0, 0x00, 0x20, 0x52, 0x00, 0x05, 0x01, 0x10, 0x40, 0x11, 0x06, - 0x0c, 0x82, 0x00, 0x00, 0x4b, 0x90, 0x44, 0x9a, 0x00, 0x28, 0x80, 0x90, - 0x04, 0x4a, 0x06, 0x09, 0x43, 0x02, 0x28, 0x00, 0x34, 0x01, 0x18, 0x00, - 0x65, 0x09, 0x80, 0x44, 0x03, 0x00, 0x24, 0x02, 0x82, 0x61, 0x48, 0x14, - 0x41, 0x00, 0x12, 0x28, 0x00, 0x34, 0x08, 0x51, 0x04, 0x05, 0x12, 0x90, - 0x28, 0x89, 0x84, 0x60, 0x12, 0x10, 0x49, 0x10, 0x26, 0x40, 0x49, 0x82, - 0x00, 0x91, 0x10, 0x01, 0x0a, 0x24, 0x40, 0x88, 0x10, 0x4c, 0x10, 0x04, - 0x00, 0x50, 0xa2, 0x2c, 0x40, 0x90, 0x48, 0x0a, 0xb0, 0x01, 0x50, 0x12, - 0x08, 0x00, 0xa4, 0x04, 0x09, 0xa0, 0x28, 0x92, 0x02, 0x00, 0x43, 0x10, - 0x21, 0x02, 0x20, 0x41, 0x81, 0x32, 0x00, 0x08, 0x04, 0x0c, 0x52, 0x00, - 0x21, 0x49, 0x84, 0x20, 0x10, 0x02, 0x01, 0x81, 0x10, 0x48, 0x40, 0x22, - 0x01, 0x01, 0x84, 0x69, 0xc1, 0x30, 0x01, 0xc8, 0x02, 0x44, 0x88, 0x00, - 0x0c, 0x01, 0x02, 0x2d, 0xc0, 0x12, 0x61, 0x00, 0xa0, 0x00, 0xc0, 0x30, - 0x40, 0x01, 0x12, 0x08, 0x0b, 0x20, 0x00, 0x80, 0x94, 0x40, 0x01, 0x84, - 0x40, 0x00, 0x32, 0x00, 0x10, 0x84, 0x00, 0x0b, 0x24, 0x00, 0x01, 0x06, - 0x29, 0x8a, 0x84, 0x41, 0x80, 0x10, 0x08, 0x08, 0x94, 0x4c, 0x03, 0x80, - 0x01, 0x40, 0x96, 0x40, 0x41, 0x20, 0x20, 0x50, 0x22, 0x25, 0x89, 0xa2, - 0x40, 0x40, 0xa4, 0x20, 0x02, 0x86, 0x28, 0x01, 0x20, 0x21, 0x4a, 0x10, - 0x08, 0x00, 0x14, 0x08, 0x40, 0x04, 0x25, 0x42, 0x02, 0x21, 0x43, 0x10, - 0x04, 0x92, 0x00, 0x21, 0x11, 0xa0, 0x4c, 0x18, 0x22, 0x09, 0x03, 0x84, - 0x41, 0x89, 0x10, 0x04, 0x82, 0x22, 0x24, 0x01, 0x14, 0x08, 0x08, 0x84, - 0x08, 0xc1, 0x00, 0x09, 0x42, 0xb0, 0x41, 0x8a, 0x02, 0x00, 0x80, 0x36, - 0x04, 0x49, 0xa0, 0x24, 0x91, 0x00, 0x00, 0x02, 0x94, 0x41, 0x92, 0x02, - 0x01, 0x08, 0x06, 0x08, 0x09, 0x00, 0x01, 0xd0, 0x16, 0x28, 0x89, 0x80, - 0x60, 0x00, 0x00, 0x68, 0x01, 0x90, 0x0c, 0x50, 0x20, 0x01, 0x40, 0x80, - 0x40, 0x42, 0x30, 0x41, 0x00, 0x20, 0x25, 0x81, 0x06, 0x40, 0x49, 0x00, - 0x08, 0x01, 0x12, 0x49, 0x00, 0xa0, 0x20, 0x18, 0x30, 0x05, 0x01, 0xa6, - 0x00, 0x10, 0x24, 0x28, 0x00, 0x02, 0x20, 0xc8, 0x20, 0x00, 0x88, 0x12, - 0x0c, 0x90, 0x92, 0x00, 0x02, 0x26, 0x01, 0x42, 0x16, 0x49, 0x00, 0x04, - 0x24, 0x42, 0x02, 0x01, 0x88, 0x80, 0x0c, 0x1a, 0x80, 0x08, 0x10, 0x00, - 0x60, 0x02, 0x94, 0x44, 0x88, 0x00, 0x69, 0x11, 0x30, 0x08, 0x12, 0xa0, - 0x24, 0x13, 0x84, 0x00, 0x82, 0x00, 0x65, 0xc0, 0x10, 0x28, 0x00, 0x30, - 0x04, 0x03, 0x20, 0x01, 0x11, 0x06, 0x01, 0xc8, 0x80, 0x00, 0xc2, 0x20, - 0x08, 0x10, 0x82, 0x0c, 0x13, 0x02, 0x0c, 0x52, 0x06, 0x40, 0x00, 0xb0, - 0x61, 0x40, 0x10, 0x01, 0x98, 0x86, 0x04, 0x10, 0x84, 0x08, 0x92, 0x14, - 0x60, 0x41, 0x80, 0x41, 0x1a, 0x10, 0x04, 0x81, 0x22, 0x40, 0x41, 0x20, - 0x29, 0x52, 0x00, 0x41, 0x08, 0x34, 0x60, 0x10, 0x00, 0x28, 0x01, 0x10, - 0x40, 0x00, 0x84, 0x08, 0x42, 0x90, 0x20, 0x48, 0x04, 0x04, 0x52, 0x02, - 0x00, 0x08, 0x20, 0x04, 0x00, 0x82, 0x0d, 0x00, 0x82, 0x40, 0x02, 0x10, - 0x05, 0x48, 0x20, 0x40, 0x99, 0x00, 0x00, 0x01, 0x06, 0x24, 0xc0, 0x00, - 0x68, 0x82, 0x04, 0x21, 0x12, 0x10, 0x44, 0x08, 0x04, 0x00, 0x40, 0xa6, - 0x20, 0xd0, 0x16, 0x09, 0xc9, 0x24, 0x41, 0x02, 0x20, 0x0c, 0x09, 0x92, - 0x40, 0x12, 0x00, 0x00, 0x40, 0x00, 0x09, 0x43, 0x84, 0x20, 0x98, 0x02, - 0x01, 0x11, 0x24, 0x00, 0x43, 0x24, 0x00, 0x03, 0x90, 0x08, 0x41, 0x30, - 0x24, 0x58, 0x20, 0x4c, 0x80, 0x82, 0x08, 0x10, 0x24, 0x25, 0x81, 0x06, - 0x41, 0x09, 0x10, 0x20, 0x18, 0x10, 0x44, 0x80, 0x10, 0x00, 0x4a, 0x24, - 0x0d, 0x01, 0x94, 0x28, 0x80, 0x30, 0x00, 0xc0, 0x02, 0x60, 0x10, 0x84, - 0x0c, 0x02, 0x00, 0x09, 0x02, 0x82, 0x01, 0x08, 0x10, 0x04, 0xc2, 0x20, - 0x68, 0x09, 0x06, 0x04, 0x18, 0x00, 0x00, 0x11, 0x90, 0x08, 0x0b, 0x10, - 0x21, 0x82, 0x02, 0x0c, 0x10, 0xb6, 0x08, 0x00, 0x26, 0x00, 0x41, 0x02, - 0x01, 0x4a, 0x24, 0x21, 0x1a, 0x20, 0x24, 0x80, 0x00, 0x44, 0x02, 0x00, - 0x2d, 0x40, 0x02, 0x00, 0x8b, 0x94, 0x20, 0x10, 0x00, 0x20, 0x90, 0xa6, - 0x40, 0x13, 0x00, 0x2c, 0x11, 0x86, 0x61, 0x01, 0x80, 0x41, 0x10, 0x02, - 0x04, 0x81, 0x30, 0x48, 0x48, 0x20, 0x28, 0x50, 0x80, 0x21, 0x8a, 0x10, - 0x04, 0x08, 0x10, 0x09, 0x10, 0x10, 0x48, 0x42, 0xa0, 0x0c, 0x82, 0x92, - 0x60, 0xc0, 0x20, 0x05, 0xd2, 0x20, 0x40, 0x01, 0x00, 0x04, 0x08, 0x82, - 0x2d, 0x82, 0x02, 0x00, 0x48, 0x80, 0x41, 0x48, 0x10, 0x00, 0x91, 0x04, - 0x04, 0x03, 0x84, 0x00, 0xc2, 0x04, 0x68, 0x00, 0x00, 0x64, 0xc0, 0x22, - 0x40, 0x08, 0x32, 0x44, 0x09, 0x86, 0x00, 0x91, 0x02, 0x28, 0x01, 0x00, - 0x64, 0x48, 0x00, 0x24, 0x10, 0x90, 0x00, 0x43, 0x00, 0x21, 0x52, 0x86, - 0x41, 0x8b, 0x90, 0x20, 0x40, 0x20, 0x08, 0x88, 0x04, 0x44, 0x13, 0x20, - 0x00, 0x02, 0x84, 0x60, 0x81, 0x90, 0x24, 0x40, 0x30, 0x00, 0x08, 0x10, - 0x08, 0x08, 0x02, 0x01, 0x10, 0x04, 0x20, 0x43, 0xb4, 0x40, 0x90, 0x12, - 0x68, 0x01, 0x80, 0x4c, 0x18, 0x00, 0x08, 0xc0, 0x12, 0x49, 0x40, 0x10, - 0x24, 0x1a, 0x00, 0x41, 0x89, 0x24, 0x4c, 0x10, 0x00, 0x04, 0x52, 0x10, - 0x09, 0x4a, 0x20, 0x41, 0x48, 0x22, 0x69, 0x11, 0x14, 0x08, 0x10, 0x06, - 0x24, 0x80, 0x84, 0x28, 0x00, 0x10, 0x00, 0x40, 0x10, 0x01, 0x08, 0x26, - 0x08, 0x48, 0x06, 0x28, 0x00, 0x14, 0x01, 0x42, 0x84, 0x04, 0x0a, 0x20, - 0x00, 0x01, 0x82, 0x08, 0x00, 0x82, 0x24, 0x12, 0x04, 0x40, 0x40, 0xa0, - 0x40, 0x90, 0x10, 0x04, 0x90, 0x22, 0x40, 0x10, 0x20, 0x2c, 0x80, 0x10, - 0x28, 0x43, 0x00, 0x04, 0x58, 0x00, 0x01, 0x81, 0x10, 0x48, 0x09, 0x20, - 0x21, 0x83, 0x04, 0x00, 0x42, 0xa4, 0x44, 0x00, 0x00, 0x6c, 0x10, 0xa0, - 0x44, 0x48, 0x80, 0x00, 0x83, 0x80, 0x48, 0xc9, 0x00, 0x00, 0x00, 0x02, - 0x05, 0x10, 0xb0, 0x04, 0x13, 0x04, 0x29, 0x10, 0x92, 0x40, 0x08, 0x04, - 0x44, 0x82, 0x22, 0x00, 0x19, 0x20, 0x00, 0x19, 0x20, 0x01, 0x81, 0x90, - 0x60, 0x8a, 0x00, 0x41, 0xc0, 0x02, 0x45, 0x10, 0x04, 0x00, 0x02, 0xa2, - 0x09, 0x40, 0x10, 0x21, 0x49, 0x20, 0x01, 0x42, 0x30, 0x2c, 0x00, 0x14, - 0x44, 0x01, 0x22, 0x04, 0x02, 0x92, 0x08, 0x89, 0x04, 0x21, 0x80, 0x10, - 0x05, 0x01, 0x20, 0x40, 0x41, 0x80, 0x04, 0x00, 0x12, 0x09, 0x40, 0xb0, - 0x64, 0x58, 0x32, 0x01, 0x08, 0x90, 0x00, 0x41, 0x04, 0x09, 0xc1, 0x80, - 0x61, 0x08, 0x90, 0x00, 0x9a, 0x00, 0x24, 0x01, 0x12, 0x08, 0x02, 0x26, - 0x05, 0x82, 0x06, 0x08, 0x08, 0x00, 0x20, 0x48, 0x20, 0x00, 0x18, 0x24, - 0x48, 0x03, 0x02, 0x00, 0x11, 0x00, 0x09, 0x00, 0x84, 0x01, 0x4a, 0x10, - 0x01, 0x98, 0x00, 0x04, 0x18, 0x86, 0x00, 0xc0, 0x00, 0x20, 0x81, 0x80, - 0x04, 0x10, 0x30, 0x05, 0x00, 0xb4, 0x0c, 0x4a, 0x82, 0x29, 0x91, 0x02, - 0x28, 0x00, 0x20, 0x44, 0xc0, 0x00, 0x2c, 0x91, 0x80, 0x40, 0x01, 0xa2, - 0x00, 0x12, 0x04, 0x09, 0xc3, 0x20, 0x00, 0x08, 0x02, 0x0c, 0x10, 0x22, - 0x04, 0x00, 0x00, 0x2c, 0x11, 0x86, 0x00, 0xc0, 0x00, 0x00, 0x12, 0x32, - 0x40, 0x89, 0x80, 0x40, 0x40, 0x02, 0x05, 0x50, 0x86, 0x60, 0x82, 0xa4, - 0x60, 0x0a, 0x12, 0x4d, 0x80, 0x90, 0x08, 0x12, 0x80, 0x09, 0x02, 0x14, - 0x48, 0x01, 0x24, 0x20, 0x8a, 0x00, 0x44, 0x90, 0x04, 0x04, 0x01, 0x02, - 0x00, 0xd1, 0x12, 0x00, 0x0a, 0x04, 0x40, 0x00, 0x32, 0x21, 0x81, 0x24, - 0x08, 0x19, 0x84, 0x20, 0x02, 0x04, 0x08, 0x89, 0x80, 0x24, 0x02, 0x02, - 0x68, 0x18, 0x82, 0x44, 0x42, 0x00, 0x21, 0x40, 0x00, 0x28, 0x01, 0x80, - 0x45, 0x82, 0x20, 0x40, 0x11, 0x80, 0x0c, 0x02, 0x00, 0x24, 0x40, 0x90, - 0x01, 0x40, 0x20, 0x20, 0x50, 0x20, 0x28, 0x19, 0x00, 0x40, 0x09, 0x20, - 0x08, 0x80, 0x04, 0x60, 0x40, 0x80, 0x20, 0x08, 0x30, 0x49, 0x09, 0x34, - 0x00, 0x11, 0x24, 0x24, 0x82, 0x00, 0x41, 0xc2, 0x00, 0x04, 0x92, 0x02, - 0x24, 0x80, 0x00, 0x0c, 0x02, 0xa0, 0x00, 0x01, 0x06, 0x60, 0x41, 0x04, - 0x21, 0xd0, 0x00, 0x01, 0x01, 0x00, 0x48, 0x12, 0x84, 0x04, 0x91, 0x12, - 0x08, 0x00, 0x24, 0x44, 0x00, 0x12, 0x41, 0x18, 0x26, 0x0c, 0x41, 0x80, - 0x00, 0x52, 0x04, 0x20, 0x09, 0x00, 0x24, 0x90, 0x20, 0x48, 0x18, 0x02, - 0x00, 0x03, 0xa2, 0x09, 0xd0, 0x14, 0x00, 0x8a, 0x84, 0x25, 0x4a, 0x00, - 0x20, 0x98, 0x14, 0x40, 0x00, 0xa2, 0x05, 0x00, 0x00, 0x00, 0x40, 0x14, - 0x01, 0x58, 0x20, 0x2c, 0x80, 0x84, 0x00, 0x09, 0x20, 0x20, 0x91, 0x02, - 0x08, 0x02, 0xb0, 0x41, 0x08, 0x30, 0x00, 0x09, 0x10, 0x00, 0x18, 0x02, - 0x21, 0x02, 0x02, 0x00, 0x00, 0x24, 0x44, 0x08, 0x12, 0x60, 0x00, 0xb2, - 0x44, 0x12, 0x02, 0x0c, 0xc0, 0x80, 0x40, 0xc8, 0x20, 0x04, 0x50, 0x20, - 0x05, 0x00, 0xb0, 0x04, 0x0b, 0x04, 0x29, 0x53, 0x00, 0x61, 0x48, 0x30, - 0x00, 0x82, 0x20, 0x29, 0x00, 0x16, 0x00, 0x53, 0x22, 0x20, 0x43, 0x10, - 0x48, 0x00, 0x80, 0x04, 0xd2, 0x00, 0x40, 0x00, 0xa2, 0x44, 0x03, 0x80, - 0x29, 0x00, 0x04, 0x08, 0xc0, 0x04, 0x64, 0x40, 0x30, 0x28, 0x09, 0x84, - 0x44, 0x50, 0x80, 0x21, 0x02, 0x92, 0x00, 0xc0, 0x10, 0x60, 0x88, 0x22, - 0x08, 0x80, 0x00, 0x00, 0x18, 0x84, 0x04, 0x83, 0x96, 0x00, 0x81, 0x20, - 0x05, 0x02, 0x00, 0x45, 0x88, 0x84, 0x00, 0x51, 0x20, 0x20, 0x51, 0x86, - 0x41, 0x4b, 0x94, 0x00, 0x80, 0x00, 0x08, 0x11, 0x20, 0x4c, 0x58, 0x80, - 0x04, 0x03, 0x06, 0x20, 0x89, 0x00, 0x05, 0x08, 0x22, 0x05, 0x90, 0x00, - 0x40, 0x00, 0x82, 0x09, 0x50, 0x00, 0x00, 0x00, 0xa0, 0x41, 0xc2, 0x20, - 0x08, 0x00, 0x16, 0x08, 0x40, 0x26, 0x21, 0xd0, 0x90, 0x08, 0x81, 0x90, - 0x41, 0x00, 0x02, 0x44, 0x08, 0x10, 0x0c, 0x0a, 0x86, 0x09, 0x90, 0x04, - 0x00, 0xc8, 0xa0, 0x04, 0x08, 0x30, 0x20, 0x89, 0x84, 0x00, 0x11, 0x22, - 0x2c, 0x40, 0x00, 0x08, 0x02, 0xb0, 0x01, 0x48, 0x02, 0x01, 0x09, 0x20, - 0x04, 0x03, 0x04, 0x00, 0x80, 0x02, 0x60, 0x42, 0x30, 0x21, 0x4a, 0x10, - 0x44, 0x09, 0x02, 0x00, 0x01, 0x24, 0x00, 0x12, 0x82, 0x21, 0x80, 0xa4, - 0x20, 0x10, 0x02, 0x04, 0x91, 0xa0, 0x40, 0x18, 0x04, 0x00, 0x02, 0x06, - 0x69, 0x09, 0x00, 0x05, 0x58, 0x02, 0x01, 0x00, 0x00, 0x48, 0x00, 0x00, - 0x00, 0x03, 0x92, 0x20, 0x00, 0x34, 0x01, 0xc8, 0x20, 0x48, 0x08, 0x30, - 0x08, 0x42, 0x80, 0x20, 0x91, 0x90, 0x68, 0x01, 0x04, 0x40, 0x12, 0x02, - 0x61, 0x00, 0x12, 0x08, 0x01, 0xa0, 0x00, 0x11, 0x04, 0x21, 0x48, 0x04, - 0x24, 0x92, 0x00, 0x0c, 0x01, 0x84, 0x04, 0x00, 0x00, 0x01, 0x12, 0x96, - 0x40, 0x01, 0xa0, 0x41, 0x88, 0x22, 0x28, 0x88, 0x00, 0x44, 0x42, 0x80, - 0x24, 0x12, 0x14, 0x01, 0x42, 0x90, 0x60, 0x1a, 0x10, 0x04, 0x81, 0x10, - 0x48, 0x08, 0x06, 0x29, 0x83, 0x02, 0x40, 0x02, 0x24, 0x64, 0x80, 0x10, - 0x05, 0x80, 0x10, 0x40, 0x02, 0x02, 0x08, 0x42, 0x84, 0x01, 0x09, 0x20, - 0x04, 0x50, 0x00, 0x60, 0x11, 0x30, 0x40, 0x13, 0x02, 0x04, 0x81, 0x00, - 0x09, 0x08, 0x20, 0x45, 0x4a, 0x10, 0x61, 0x90, 0x26, 0x0c, 0x08, 0x02, - 0x21, 0x91, 0x00, 0x60, 0x02, 0x04, 0x00, 0x02, 0x00, 0x0c, 0x08, 0x06, - 0x08, 0x48, 0x84, 0x08, 0x11, 0x02, 0x00, 0x80, 0xa4, 0x00, 0x5a, 0x20, - 0x00, 0x88, 0x04, 0x04, 0x02, 0x00, 0x09, 0x00, 0x14, 0x08, 0x49, 0x14, - 0x20, 0xc8, 0x00, 0x04, 0x91, 0xa0, 0x40, 0x59, 0x80, 0x00, 0x12, 0x10, - 0x00, 0x80, 0x80, 0x65, 0x00, 0x00, 0x04, 0x00, 0x80, 0x40, 0x19, 0x00, - 0x21, 0x03, 0x84, 0x60, 0xc0, 0x04, 0x24, 0x1a, 0x12, 0x61, 0x80, 0x80, - 0x08, 0x02, 0x04, 0x09, 0x42, 0x12, 0x20, 0x08, 0x34, 0x04, 0x90, 0x20, - 0x01, 0x01, 0xa0, 0x00, 0x0b, 0x00, 0x08, 0x91, 0x92, 0x40, 0x02, 0x34, - 0x40, 0x88, 0x10, 0x61, 0x19, 0x02, 0x00, 0x40, 0x04, 0x25, 0xc0, 0x80, - 0x68, 0x08, 0x04, 0x21, 0x80, 0x22, 0x04, 0x00, 0xa0, 0x0c, 0x01, 0x84, - 0x20, 0x41, 0x00, 0x08, 0x8a, 0x00, 0x20, 0x8a, 0x00, 0x48, 0x88, 0x04, - 0x04, 0x11, 0x82, 0x08, 0x40, 0x86, 0x09, 0x49, 0xa4, 0x40, 0x00, 0x10, - 0x01, 0x01, 0xa2, 0x04, 0x50, 0x80, 0x0c, 0x80, 0x00, 0x48, 0x82, 0xa0, - 0x01, 0x18, 0x12, 0x41, 0x01, 0x04, 0x48, 0x41, 0x00, 0x24, 0x01, 0x00, - 0x00, 0x88, 0x14, 0x00, 0x02, 0x00, 0x68, 0x01, 0x20, 0x08, 0x4a, 0x22, - 0x08, 0x83, 0x80, 0x00, 0x89, 0x04, 0x01, 0xc2, 0x00, 0x00, 0x00, 0x34, - 0x04, 0x00, 0x82, 0x28, 0x02, 0x02, 0x41, 0x4a, 0x90, 0x05, 0x82, 0x02, - 0x09, 0x80, 0x24, 0x04, 0x41, 0x00, 0x01, 0x92, 0x80, 0x28, 0x01, 0x14, - 0x00, 0x50, 0x20, 0x4c, 0x10, 0xb0, 0x04, 0x43, 0xa4, 0x21, 0x90, 0x04, - 0x01, 0x02, 0x00, 0x44, 0x48, 0x00, 0x64, 0x08, 0x06, 0x00, 0x42, 0x20, - 0x08, 0x02, 0x92, 0x01, 0x4a, 0x00, 0x20, 0x50, 0x32, 0x25, 0x90, 0x22, - 0x04, 0x09, 0x00, 0x08, 0x11, 0x80, 0x21, 0x01, 0x10, 0x05, 0x00, 0x32, - 0x08, 0x88, 0x94, 0x08, 0x08, 0x24, 0x0d, 0xc1, 0x80, 0x40, 0x0b, 0x20, - 0x40, 0x18, 0x12, 0x04, 0x00, 0x22, 0x40, 0x10, 0x26, 0x05, 0xc1, 0x82, - 0x00, 0x01, 0x30, 0x24, 0x02, 0x22, 0x41, 0x08, 0x24, 0x48, 0x1a, 0x00, - 0x25, 0xd2, 0x12, 0x28, 0x42, 0x00, 0x04, 0x40, 0x30, 0x41, 0x00, 0x02, - 0x00, 0x13, 0x20, 0x24, 0xd1, 0x84, 0x08, 0x89, 0x80, 0x04, 0x52, 0x00, - 0x44, 0x18, 0xa4, 0x00, 0x00, 0x06, 0x20, 0x91, 0x10, 0x09, 0x42, 0x20, - 0x24, 0x40, 0x30, 0x28, 0x00, 0x84, 0x40, 0x40, 0x80, 0x08, 0x10, 0x04, - 0x09, 0x08, 0x04, 0x40, 0x08, 0x22, 0x00, 0x19, 0x02, 0x00, 0x00, 0x80, - 0x2c, 0x02, 0x02, 0x21, 0x01, 0x90, 0x20, 0x40, 0x00, 0x0c, 0x00, 0x34, - 0x48, 0x58, 0x20, 0x01, 0x43, 0x04, 0x20, 0x80, 0x14, 0x00, 0x90, 0x00, - 0x6d, 0x11, 0x00, 0x00, 0x40, 0x20, 0x00, 0x03, 0x10, 0x40, 0x88, 0x30, - 0x05, 0x4a, 0x00, 0x65, 0x10, 0x24, 0x08, 0x18, 0x84, 0x28, 0x03, 0x80, - 0x20, 0x42, 0xb0, 0x40, 0x00, 0x10, 0x69, 0x19, 0x04, 0x00, 0x00, 0x80, - 0x04, 0xc2, 0x04, 0x00, 0x01, 0x00, 0x05, 0x00, 0x22, 0x25, 0x08, 0x96, - 0x04, 0x02, 0x22, 0x00, 0xd0, 0x10, 0x29, 0x01, 0xa0, 0x60, 0x08, 0x10, - 0x04, 0x01, 0x16, 0x44, 0x10, 0x02, 0x28, 0x02, 0x82, 0x48, 0x40, 0x84, - 0x20, 0x90, 0x22, 0x28, 0x80, 0x04, 0x00, 0x40, 0x04, 0x24, 0x00, 0x80, - 0x29, 0x03, 0x10, 0x60, 0x48, 0x00, 0x00, 0x81, 0xa0, 0x00, 0x51, 0x20, - 0x0c, 0xd1, 0x00, 0x01, 0x41, 0x20, 0x04, 0x92, 0x00, 0x00, 0x10, 0x92, - 0x00, 0x42, 0x04, 0x05, 0x01, 0x86, 0x40, 0x80, 0x10, 0x20, 0x52, 0x20, - 0x21, 0x00, 0x10, 0x48, 0x0a, 0x02, 0x00, 0xd0, 0x12, 0x41, 0x48, 0x80, - 0x04, 0x00, 0x00, 0x48, 0x09, 0x22, 0x04, 0x00, 0x24, 0x00, 0x43, 0x10, - 0x60, 0x0a, 0x00, 0x44, 0x12, 0x20, 0x2c, 0x08, 0x20, 0x44, 0x00, 0x84, - 0x09, 0x40, 0x06, 0x08, 0xc1, 0x00, 0x40, 0x80, 0x20, 0x00, 0x98, 0x12, - 0x48, 0x10, 0xa2, 0x20, 0x00, 0x84, 0x48, 0xc0, 0x10, 0x20, 0x90, 0x12, - 0x08, 0x98, 0x82, 0x00, 0x0a, 0xa0, 0x04, 0x03, 0x00, 0x28, 0xc3, 0x00, - 0x44, 0x42, 0x10, 0x04, 0x08, 0x04, 0x40, 0x00, 0x00, 0x05, 0x10, 0x00, - 0x21, 0x03, 0x80, 0x04, 0x88, 0x12, 0x69, 0x10, 0x00, 0x04, 0x08, 0x04, - 0x04, 0x02, 0x84, 0x48, 0x49, 0x04, 0x20, 0x18, 0x02, 0x64, 0x80, 0x30, - 0x08, 0x01, 0x02, 0x00, 0x52, 0x12, 0x49, 0x08, 0x20, 0x41, 0x88, 0x10, - 0x48, 0x08, 0x34, 0x00, 0x01, 0x86, 0x05, 0xd0, 0x00, 0x00, 0x83, 0x84, - 0x21, 0x40, 0x02, 0x41, 0x10, 0x80, 0x48, 0x40, 0xa2, 0x20, 0x51, 0x00, - 0x00, 0x49, 0x00, 0x01, 0x90, 0x20, 0x40, 0x18, 0x02, 0x40, 0x02, 0x22, - 0x05, 0x40, 0x80, 0x08, 0x82, 0x10, 0x20, 0x18, 0x00, 0x05, 0x01, 0x82, - 0x40, 0x58, 0x00, 0x04, 0x81, 0x90, 0x29, 0x01, 0xa0, 0x64, 0x00, 0x22, - 0x40, 0x01, 0xa2, 0x00, 0x18, 0x04, 0x0d, 0x00, 0x00, 0x60, 0x80, 0x94, - 0x60, 0x82, 0x10, 0x0d, 0x80, 0x30, 0x0c, 0x12, 0x20, 0x00, 0x00, 0x12, - 0x40, 0xc0, 0x20, 0x21, 0x58, 0x02, 0x41, 0x10, 0x80, 0x44, 0x03, 0x02, - 0x04, 0x13, 0x90, 0x29, 0x08, 0x00, 0x44, 0xc0, 0x00, 0x21, 0x00, 0x26, - 0x00, 0x1a, 0x80, 0x01, 0x13, 0x14, 0x20, 0x0a, 0x14, 0x20, 0x00, 0x32, - 0x61, 0x08, 0x00, 0x40, 0x42, 0x20, 0x09, 0x80, 0x06, 0x01, 0x81, 0x80, - 0x60, 0x42, 0x00, 0x68, 0x90, 0x82, 0x08, 0x42, 0x80, 0x04, 0x02, 0x80, - 0x09, 0x0b, 0x04, 0x00, 0x98, 0x00, 0x0c, 0x81, 0x06, 0x44, 0x48, 0x84, - 0x28, 0x03, 0x92, 0x00, 0x01, 0x80, 0x40, 0x0a, 0x00, 0x0c, 0x81, 0x02, - 0x08, 0x51, 0x04, 0x28, 0x90, 0x02, 0x20, 0x09, 0x10, 0x60, 0x00, 0x00, - 0x09, 0x81, 0xa0, 0x0c, 0x00, 0xa4, 0x09, 0x00, 0x02, 0x28, 0x80, 0x20, - 0x00, 0x02, 0x02, 0x04, 0x81, 0x14, 0x04, 0x00, 0x04, 0x09, 0x11, 0x12, - 0x60, 0x40, 0x20, 0x01, 0x48, 0x30, 0x40, 0x11, 0x00, 0x08, 0x0a, 0x86, - 0x00, 0x00, 0x04, 0x60, 0x81, 0x04, 0x01, 0xd0, 0x02, 0x41, 0x18, 0x90, - 0x00, 0x0a, 0x20, 0x00, 0xc1, 0x06, 0x01, 0x08, 0x80, 0x64, 0xca, 0x10, - 0x04, 0x99, 0x80, 0x48, 0x01, 0x82, 0x20, 0x50, 0x90, 0x48, 0x80, 0x84, - 0x20, 0x90, 0x22, 0x00, 0x19, 0x00, 0x04, 0x18, 0x20, 0x24, 0x10, 0x86, - 0x40, 0xc2, 0x00, 0x24, 0x12, 0x10, 0x44, 0x00, 0x16, 0x08, 0x10, 0x24, - 0x00, 0x12, 0x06, 0x01, 0x08, 0x90, 0x00, 0x12, 0x02, 0x4d, 0x10, 0x80, - 0x40, 0x50, 0x22, 0x00, 0x43, 0x10, 0x01, 0x00, 0x30, 0x21, 0x0a, 0x00, - 0x00, 0x01, 0x14, 0x00, 0x10, 0x84, 0x04, 0xc1, 0x10, 0x29, 0x0a, 0x00, - 0x01, 0x8a, 0x00, 0x20, 0x01, 0x12, 0x0c, 0x49, 0x20, 0x04, 0x81, 0x00, - 0x48, 0x01, 0x04, 0x60, 0x80, 0x12, 0x0c, 0x08, 0x10, 0x48, 0x4a, 0x04, - 0x28, 0x10, 0x00, 0x28, 0x40, 0x84, 0x45, 0x50, 0x10, 0x60, 0x10, 0x06, - 0x44, 0x01, 0x80, 0x09, 0x00, 0x86, 0x01, 0x42, 0xa0, 0x00, 0x90, 0x00, - 0x05, 0x90, 0x22, 0x40, 0x41, 0x00, 0x08, 0x80, 0x02, 0x08, 0xc0, 0x00, - 0x01, 0x58, 0x30, 0x49, 0x09, 0x14, 0x00, 0x41, 0x02, 0x0c, 0x02, 0x80, - 0x40, 0x89, 0x00, 0x24, 0x08, 0x10, 0x05, 0x90, 0x32, 0x40, 0x0a, 0x82, - 0x08, 0x00, 0x12, 0x61, 0x00, 0x04, 0x21, 0x00, 0x22, 0x04, 0x10, 0x24, - 0x08, 0x0a, 0x04, 0x01, 0x10, 0x00, 0x20, 0x40, 0x84, 0x04, 0x88, 0x22, - 0x20, 0x90, 0x12, 0x00, 0x53, 0x06, 0x24, 0x01, 0x04, 0x40, 0x0b, 0x14, - 0x60, 0x82, 0x02, 0x0d, 0x10, 0x90, 0x0c, 0x08, 0x20, 0x09, 0x00, 0x14, - 0x09, 0x80, 0x80, 0x24, 0x82, 0x00, 0x40, 0x01, 0x02, 0x44, 0x01, 0x20, - 0x0c, 0x40, 0x84, 0x40, 0x0a, 0x10, 0x41, 0x00, 0x30, 0x05, 0x09, 0x80, - 0x44, 0x08, 0x20, 0x20, 0x02, 0x00, 0x49, 0x43, 0x20, 0x21, 0x00, 0x20, - 0x00, 0x01, 0xb6, 0x08, 0x40, 0x04, 0x08, 0x02, 0x80, 0x01, 0x41, 0x80, - 0x40, 0x08, 0x10, 0x24, 0x00, 0x20, 0x04, 0x12, 0x86, 0x09, 0xc0, 0x12, - 0x21, 0x81, 0x14, 0x04, 0x00, 0x02, 0x20, 0x89, 0xb4, 0x44, 0x12, 0x80, - 0x00, 0xd1, 0x00, 0x69, 0x40, 0x80, 0x00, 0x42, 0x12, 0x00, 0x18, 0x04, - 0x00, 0x49, 0x06, 0x21, 0x02, 0x04, 0x28, 0x02, 0x84, 0x01, 0xc0, 0x10, - 0x68, 0x00, 0x20, 0x08, 0x40, 0x00, 0x08, 0x91, 0x10, 0x01, 0x81, 0x24, - 0x04, 0xd2, 0x10, 0x4c, 0x88, 0x86, 0x00, 0x10, 0x80, 0x0c, 0x02, 0x14, - 0x00, 0x8a, 0x90, 0x40, 0x18, 0x20, 0x21, 0x80, 0xa4, 0x00, 0x58, 0x24, - 0x20, 0x10, 0x10, 0x60, 0xc1, 0x30, 0x41, 0x48, 0x02, 0x48, 0x09, 0x00, - 0x40, 0x09, 0x02, 0x05, 0x11, 0x82, 0x20, 0x4a, 0x20, 0x24, 0x18, 0x02, - 0x0c, 0x10, 0x22, 0x0c, 0x0a, 0x04, 0x00, 0x03, 0x06, 0x48, 0x48, 0x04, - 0x04, 0x02, 0x00, 0x21, 0x80, 0x84, 0x00, 0x18, 0x00, 0x0c, 0x02, 0x12, - 0x01, 0x00, 0x14, 0x05, 0x82, 0x10, 0x41, 0x89, 0x12, 0x08, 0x40, 0xa4, - 0x21, 0x01, 0x84, 0x48, 0x02, 0x10, 0x60, 0x40, 0x02, 0x28, 0x00, 0x14, - 0x08, 0x40, 0xa0, 0x20, 0x51, 0x12, 0x00, 0xc2, 0x00, 0x01, 0x1a, 0x30, - 0x40, 0x89, 0x12, 0x4c, 0x02, 0x80, 0x00, 0x00, 0x14, 0x01, 0x01, 0xa0, - 0x21, 0x18, 0x22, 0x21, 0x18, 0x06, 0x40, 0x01, 0x80, 0x00, 0x90, 0x04, - 0x48, 0x02, 0x30, 0x04, 0x08, 0x00, 0x05, 0x88, 0x24, 0x08, 0x48, 0x04, - 0x24, 0x02, 0x06, 0x00, 0x80, 0x00, 0x00, 0x00, 0x10, 0x65, 0x11, 0x90, - 0x00, 0x0a, 0x82, 0x04, 0xc3, 0x04, 0x60, 0x48, 0x24, 0x04, 0x92, 0x02, - 0x44, 0x88, 0x80, 0x40, 0x18, 0x06, 0x29, 0x80, 0x10, 0x01, 0x00, 0x00, - 0x44, 0xc8, 0x10, 0x21, 0x89, 0x30, 0x00, 0x4b, 0xa0, 0x01, 0x10, 0x14, - 0x00, 0x02, 0x94, 0x40, 0x00, 0x20, 0x65, 0x00, 0xa2, 0x0c, 0x40, 0x22, - 0x20, 0x81, 0x12, 0x20, 0x82, 0x04, 0x01, 0x10, 0x00, 0x08, 0x88, 0x00, - 0x00, 0x11, 0x80, 0x04, 0x42, 0x80, 0x40, 0x41, 0x14, 0x00, 0x40, 0x32, - 0x2c, 0x80, 0x24, 0x04, 0x19, 0x00, 0x00, 0x91, 0x00, 0x20, 0x83, 0x00, - 0x05, 0x40, 0x20, 0x09, 0x01, 0x84, 0x40, 0x40, 0x20, 0x20, 0x11, 0x00, - 0x40, 0x41, 0x90, 0x20, 0x00, 0x00, 0x40, 0x90, 0x92, 0x48, 0x18, 0x06, - 0x08, 0x81, 0x80, 0x48, 0x01, 0x34, 0x24, 0x10, 0x20, 0x04, 0x00, 0x20, - 0x04, 0x18, 0x06, 0x2d, 0x90, 0x10, 0x01, 0x00, 0x90, 0x00, 0x0a, 0x22, - 0x01, 0x00, 0x22, 0x00, 0x11, 0x84, 0x01, 0x01, 0x00, 0x20, 0x88, 0x00, - 0x44, 0x00, 0x22, 0x01, 0x00, 0xa6, 0x40, 0x02, 0x06, 0x20, 0x11, 0x00, - 0x01, 0xc8, 0xa0, 0x04, 0x8a, 0x00, 0x28, 0x19, 0x80, 0x00, 0x52, 0xa0, - 0x24, 0x12, 0x12, 0x09, 0x08, 0x24, 0x01, 0x48, 0x00, 0x04, 0x00, 0x24, - 0x40, 0x02, 0x84, 0x08, 0x00, 0x04, 0x48, 0x40, 0x90, 0x60, 0x0a, 0x22, - 0x01, 0x88, 0x14, 0x08, 0x01, 0x02, 0x08, 0xd3, 0x00, 0x20, 0xc0, 0x90, - 0x24, 0x10, 0x00, 0x00, 0x01, 0xb0, 0x08, 0x0a, 0xa0, 0x00, 0x80, 0x00, - 0x01, 0x09, 0x00, 0x20, 0x52, 0x02, 0x25, 0x00, 0x24, 0x04, 0x02, 0x84, - 0x24, 0x10, 0x92, 0x40, 0x02, 0xa0, 0x40, 0x00, 0x22, 0x08, 0x11, 0x04, - 0x08, 0x01, 0x22, 0x00, 0x42, 0x14, 0x00, 0x09, 0x90, 0x21, 0x00, 0x30, - 0x6c, 0x00, 0x00, 0x0c, 0x00, 0x22, 0x09, 0x90, 0x10, 0x28, 0x40, 0x00, - 0x20, 0xc0, 0x20, 0x00, 0x90, 0x00, 0x40, 0x01, 0x82, 0x05, 0x12, 0x12, - 0x09, 0xc1, 0x04, 0x61, 0x80, 0x02, 0x28, 0x81, 0x24, 0x00, 0x49, 0x04, - 0x08, 0x10, 0x86, 0x29, 0x41, 0x80, 0x21, 0x0a, 0x30, 0x49, 0x88, 0x90, - 0x00, 0x41, 0x04, 0x29, 0x81, 0x80, 0x41, 0x09, 0x00, 0x40, 0x12, 0x10, - 0x40, 0x00, 0x10, 0x40, 0x48, 0x02, 0x05, 0x80, 0x02, 0x21, 0x40, 0x20, - 0x00, 0x58, 0x20, 0x60, 0x00, 0x90, 0x48, 0x00, 0x80, 0x28, 0xc0, 0x80, - 0x48, 0x00, 0x00, 0x44, 0x80, 0x02, 0x00, 0x09, 0x06, 0x00, 0x12, 0x02, - 0x01, 0x00, 0x10, 0x08, 0x83, 0x10, 0x45, 0x12, 0x00, 0x2c, 0x08, 0x04, - 0x44, 0x00, 0x20, 0x20, 0xc0, 0x10, 0x20, 0x01, 0x00, 0x05, 0xc8, 0x20, - 0x04, 0x98, 0x10, 0x08, 0x10, 0x00, 0x24, 0x02, 0x16, 0x40, 0x88, 0x00, - 0x61, 0x88, 0x12, 0x24, 0x80, 0xa6, 0x00, 0x42, 0x00, 0x08, 0x10, 0x06, - 0x48, 0x40, 0xa0, 0x00, 0x50, 0x20, 0x04, 0x81, 0xa4, 0x40, 0x18, 0x00, - 0x08, 0x10, 0x80, 0x01, 0x01}; - -#if RSA_KEY_SIEVE && SIMULATION && RSA_INSTRUMENT -UINT32 PrimeIndex = 0; -UINT32 failedAtIteration[10] = {0}; -UINT32 PrimeCounts[3] = {0}; -UINT32 MillerRabinTrials[3] = {0}; -UINT32 totalFieldsSieved[3] = {0}; -UINT32 bitsInFieldAfterSieve[3] = {0}; -UINT32 emptyFieldsSieved[3] = {0}; -UINT32 noPrimeFields[3] = {0}; -UINT32 primesChecked[3] = {0}; -UINT16 lastSievePrime = 0; -#endif \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/RsaKeyCache.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/RsaKeyCache.c deleted file mode 100644 index ba8dec83d..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/RsaKeyCache.c +++ /dev/null @@ -1,255 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Introduction -// This file contains the functions to implement the RSA key cache that can be used -// to speed up simulation. -// -// Only one key is created for each supported key size and it is returned whenever -// a key of that size is requested. -// -// If desired, the key cache can be populated from a file. This allows multiple -// TPM to run with the same RSA keys. Also, when doing simulation, the DRBG will -// use preset sequences so it is not too hard to repeat sequences for debug or -// profile or stress. -// -// When the key cache is enabled, a call to CryptRsaGenerateKey() will call the -// GetCachedRsaKey(). If the cache is enabled and populated, then the cached key -// of the requested size is returned. If a key of the requested size is not -// available, the no key is loaded and the requested key will need to be generated. -// If the cache is not populated, the TPM will open a file that has the appropriate -// name for the type of keys required (CRT or no-CRT). If the file is the right -// size, it is used. If the file doesn't exist or the file does not have the correct -// size, the TMP will populate the cache with new keys of the required size and -// write the cache data to the file so that they will be available the next time. -// -// Currently, if two simulations are being run with TPM's that have different RSA -// key sizes (e.g,, one with 1024 and 2048 and another with 2048 and 3072, then the -// files will not match for the both of them and they will both try to overwrite -// the other's cache file. I may try to do something about this if necessary. - -//** Includes, Types, Locals, and Defines - -#include "Tpm.h" - -#if USE_RSA_KEY_CACHE - -#include -#include "RsaKeyCache_fp.h" - -#if CRT_FORMAT_RSA == YES -#define CACHE_FILE_NAME "RsaKeyCacheCrt.data" -#else -#define CACHE_FILE_NAME "RsaKeyCacheNoCrt.data" -#endif - -typedef struct _RSA_KEY_CACHE_ -{ - TPM2B_PUBLIC_KEY_RSA publicModulus; - TPM2B_PRIVATE_KEY_RSA privateExponent; -} RSA_KEY_CACHE; - -// Determine the number of RSA key sizes for the cache -TPMI_RSA_KEY_BITS SupportedRsaKeySizes[] = { -#if RSA_1024 - 1024, -#endif -#if RSA_2048 - 2048, -#endif -#if RSA_3072 - 3072, -#endif -#if RSA_4096 - 4096, -#endif - 0 -}; - -#define RSA_KEY_CACHE_ENTRIES (RSA_1024 + RSA_2048 + RSA_3072 + RSA_4096) - -// The key cache holds one entry for each of the supported key sizes -RSA_KEY_CACHE s_rsaKeyCache[RSA_KEY_CACHE_ENTRIES]; -// Indicates if the key cache is loaded. It can be loaded and enabled or disabled. -BOOL s_keyCacheLoaded = 0; - -// Indicates if the key cache is enabled -int s_rsaKeyCacheEnabled = FALSE; - -//*** RsaKeyCacheControl() -// Used to enable and disable the RSA key cache. -LIB_EXPORT void -RsaKeyCacheControl( - int state - ) -{ - s_rsaKeyCacheEnabled = state; -} - -//*** InitializeKeyCache() -// This will initialize the key cache and attempt to write it to a file for later -// use. -// Return Type: BOOL -// TRUE(1) success -// FALSE(0) failure -static BOOL -InitializeKeyCache( - TPMT_PUBLIC *publicArea, - TPMT_SENSITIVE *sensitive, - RAND_STATE *rand // IN: if not NULL, the deterministic - // RNG state - ) -{ - int index; - TPM_KEY_BITS keySave = publicArea->parameters.rsaDetail.keyBits; - BOOL OK = TRUE; -// - s_rsaKeyCacheEnabled = FALSE; - for(index = 0; OK && index < RSA_KEY_CACHE_ENTRIES; index++) - { - publicArea->parameters.rsaDetail.keyBits - = SupportedRsaKeySizes[index]; - OK = (CryptRsaGenerateKey(publicArea, sensitive, rand) == TPM_RC_SUCCESS); - if(OK) - { - s_rsaKeyCache[index].publicModulus = publicArea->unique.rsa; - s_rsaKeyCache[index].privateExponent = sensitive->sensitive.rsa; - } - } - publicArea->parameters.rsaDetail.keyBits = keySave; - s_keyCacheLoaded = OK; -#if SIMULATION && USE_RSA_KEY_CACHE && USE_KEY_CACHE_FILE - if(OK) - { - FILE *cacheFile; - const char *fn = CACHE_FILE_NAME; - -#if defined _MSC_VER - if(fopen_s(&cacheFile, fn, "w+b") != 0) -#else - cacheFile = fopen(fn, "w+b"); - if(NULL == cacheFile) -#endif - { - printf("Can't open %s for write.\n", fn); - } - else - { - fseek(cacheFile, 0, SEEK_SET); - if(fwrite(s_rsaKeyCache, 1, sizeof(s_rsaKeyCache), cacheFile) - != sizeof(s_rsaKeyCache)) - { - printf("Error writing cache to %s.", fn); - } - } - if(cacheFile) - fclose(cacheFile); - } -#endif - return s_keyCacheLoaded; -} - -//*** KeyCacheLoaded() -// Checks that key cache is loaded. -// Return Type: BOOL -// TRUE(1) cache loaded -// FALSE(0) cache not loaded -static BOOL -KeyCacheLoaded( - TPMT_PUBLIC *publicArea, - TPMT_SENSITIVE *sensitive, - RAND_STATE *rand // IN: if not NULL, the deterministic - // RNG state - ) -{ -#if SIMULATION && USE_RSA_KEY_CACHE && USE_KEY_CACHE_FILE - if(!s_keyCacheLoaded) - { - FILE *cacheFile; - const char * fn = CACHE_FILE_NAME; -#if defined _MSC_VER && 1 - if(fopen_s(&cacheFile, fn, "r+b") == 0) -#else - cacheFile = fopen(fn, "r+b"); - if(NULL != cacheFile) -#endif - { - fseek(cacheFile, 0L, SEEK_END); - if(ftell(cacheFile) == sizeof(s_rsaKeyCache)) - { - fseek(cacheFile, 0L, SEEK_SET); - s_keyCacheLoaded = ( - fread(&s_rsaKeyCache, 1, sizeof(s_rsaKeyCache), cacheFile) - == sizeof(s_rsaKeyCache)); - } - fclose(cacheFile); - } - } -#endif - if(!s_keyCacheLoaded) - s_rsaKeyCacheEnabled = InitializeKeyCache(publicArea, sensitive, rand); - return s_keyCacheLoaded; -} - -//*** GetCachedRsaKey() -// Return Type: BOOL -// TRUE(1) key loaded -// FALSE(0) key not loaded -BOOL -GetCachedRsaKey( - TPMT_PUBLIC *publicArea, - TPMT_SENSITIVE *sensitive, - RAND_STATE *rand // IN: if not NULL, the deterministic - // RNG state - ) -{ - int keyBits = publicArea->parameters.rsaDetail.keyBits; - int index; -// - if(KeyCacheLoaded(publicArea, sensitive, rand)) - { - for(index = 0; index < RSA_KEY_CACHE_ENTRIES; index++) - { - if((s_rsaKeyCache[index].publicModulus.t.size * 8) == keyBits) - { - publicArea->unique.rsa = s_rsaKeyCache[index].publicModulus; - sensitive->sensitive.rsa = s_rsaKeyCache[index].privateExponent; - return TRUE; - } - } - return FALSE; - } - return s_keyCacheLoaded; -} -#endif // defined SIMULATION && defined USE_RSA_KEY_CACHE diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/Ticket.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/Ticket.c deleted file mode 100644 index bd65948a6..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/Ticket.c +++ /dev/null @@ -1,277 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Introduction -/* - This clause contains the functions used for ticket computations. -*/ - -//** Includes -#include "Tpm.h" - -//** Functions - -//*** TicketIsSafe() -// This function indicates if producing a ticket is safe. -// It checks if the leading bytes of an input buffer is TPM_GENERATED_VALUE -// or its substring of canonical form. If so, it is not safe to produce ticket -// for an input buffer claiming to be TPM generated buffer -// Return Type: BOOL -// TRUE(1) safe to produce ticket -// FALSE(0) not safe to produce ticket -BOOL -TicketIsSafe( - TPM2B *buffer - ) -{ - TPM_GENERATED valueToCompare = TPM_GENERATED_VALUE; - BYTE bufferToCompare[sizeof(valueToCompare)]; - BYTE *marshalBuffer; -// - // If the buffer size is less than the size of TPM_GENERATED_VALUE, assume - // it is not safe to generate a ticket - if(buffer->size < sizeof(valueToCompare)) - return FALSE; - marshalBuffer = bufferToCompare; - TPM_GENERATED_Marshal(&valueToCompare, &marshalBuffer, NULL); - if(MemoryEqual(buffer->buffer, bufferToCompare, sizeof(valueToCompare))) - return FALSE; - else - return TRUE; -} - -//*** TicketComputeVerified() -// This function creates a TPMT_TK_VERIFIED ticket. -/*(See part 2 specification) -// The ticket is computed as: -// HMAC(proof, (TPM_ST_VERIFIED | digest | keyName)) -// Where: -// HMAC() an HMAC using the hash of proof -// proof a TPM secret value associated with the hierarchy -// associated with keyName -// TPM_ST_VERIFIED a value to differentiate the tickets -// digest the signed digest -// keyName the Name of the key that signed digest -*/ -void -TicketComputeVerified( - TPMI_RH_HIERARCHY hierarchy, // IN: hierarchy constant for ticket - TPM2B_DIGEST *digest, // IN: digest - TPM2B_NAME *keyName, // IN: name of key that signed the values - TPMT_TK_VERIFIED *ticket // OUT: verified ticket - ) -{ - TPM2B_PROOF *proof; - HMAC_STATE hmacState; -// - // Fill in ticket fields - ticket->tag = TPM_ST_VERIFIED; - ticket->hierarchy = hierarchy; - proof = HierarchyGetProof(hierarchy); - - // Start HMAC using the proof value of the hierarchy as the HMAC key - ticket->digest.t.size = CryptHmacStart2B(&hmacState, CONTEXT_INTEGRITY_HASH_ALG, - &proof->b); - // TPM_ST_VERIFIED - CryptDigestUpdateInt(&hmacState, sizeof(TPM_ST), ticket->tag); - // digest - CryptDigestUpdate2B(&hmacState.hashState, &digest->b); - // key name - CryptDigestUpdate2B(&hmacState.hashState, &keyName->b); - // done - CryptHmacEnd2B(&hmacState, &ticket->digest.b); - - return; -} - -//*** TicketComputeAuth() -// This function creates a TPMT_TK_AUTH ticket. -/*(See part 2 specification) -// The ticket is computed as: -// HMAC(proof, (type || timeout || timeEpoch || cpHash -// || policyRef || keyName)) -// where: -// HMAC() an HMAC using the hash of proof -// proof a TPM secret value associated with the hierarchy of the key -// associated with keyName. -// type a value to differentiate the tickets. It could be either -// TPM_ST_AUTH_SECRET or TPM_ST_AUTH_SIGNED -// timeout TPM-specific value indicating when the authorization expires -// timeEpoch TPM-specific value indicating the epoch for the timeout -// cpHash optional hash (digest only) of the authorized command -// policyRef optional reference to a policy value -// keyName name of the key that signed the authorization -*/ -void -TicketComputeAuth( - TPM_ST type, // IN: the type of ticket. - TPMI_RH_HIERARCHY hierarchy, // IN: hierarchy constant for ticket - UINT64 timeout, // IN: timeout - BOOL expiresOnReset,// IN: flag to indicate if ticket expires on - // TPM Reset - TPM2B_DIGEST *cpHashA, // IN: input cpHashA - TPM2B_NONCE *policyRef, // IN: input policyRef - TPM2B_NAME *entityName, // IN: name of entity - TPMT_TK_AUTH *ticket // OUT: Created ticket - ) -{ - TPM2B_PROOF *proof; - HMAC_STATE hmacState; -// - // Get proper proof - proof = HierarchyGetProof(hierarchy); - - // Fill in ticket fields - ticket->tag = type; - ticket->hierarchy = hierarchy; - - // Start HMAC with hierarchy proof as the HMAC key - ticket->digest.t.size = CryptHmacStart2B(&hmacState, CONTEXT_INTEGRITY_HASH_ALG, - &proof->b); - // TPM_ST_AUTH_SECRET or TPM_ST_AUTH_SIGNED, - CryptDigestUpdateInt(&hmacState, sizeof(UINT16), ticket->tag); - // cpHash - CryptDigestUpdate2B(&hmacState.hashState, &cpHashA->b); - // policyRef - CryptDigestUpdate2B(&hmacState.hashState, &policyRef->b); - // keyName - CryptDigestUpdate2B(&hmacState.hashState, &entityName->b); - // timeout - CryptDigestUpdateInt(&hmacState, sizeof(timeout), timeout); - if(timeout != 0) - { - // epoch - CryptDigestUpdateInt(&hmacState.hashState, sizeof(CLOCK_NONCE), - g_timeEpoch); - // reset count - if(expiresOnReset) - CryptDigestUpdateInt(&hmacState.hashState, sizeof(gp.totalResetCount), - gp.totalResetCount); - } - // done - CryptHmacEnd2B(&hmacState, &ticket->digest.b); - - return; -} - -//*** TicketComputeHashCheck() -// This function creates a TPMT_TK_HASHCHECK ticket. -/*(See part 2 specification) -// The ticket is computed as: -// HMAC(proof, (TPM_ST_HASHCHECK || digest )) -// where: -// HMAC() an HMAC using the hash of proof -// proof a TPM secret value associated with the hierarchy -// TPM_ST_HASHCHECK -// a value to differentiate the tickets -// digest the digest of the data -*/ -void -TicketComputeHashCheck( - TPMI_RH_HIERARCHY hierarchy, // IN: hierarchy constant for ticket - TPM_ALG_ID hashAlg, // IN: the hash algorithm for 'digest' - TPM2B_DIGEST *digest, // IN: input digest - TPMT_TK_HASHCHECK *ticket // OUT: Created ticket - ) -{ - TPM2B_PROOF *proof; - HMAC_STATE hmacState; -// - // Get proper proof - proof = HierarchyGetProof(hierarchy); - - // Fill in ticket fields - ticket->tag = TPM_ST_HASHCHECK; - ticket->hierarchy = hierarchy; - - // Start HMAC using hierarchy proof as HMAC key - ticket->digest.t.size = CryptHmacStart2B(&hmacState, CONTEXT_INTEGRITY_HASH_ALG, - &proof->b); - // TPM_ST_HASHCHECK - CryptDigestUpdateInt(&hmacState, sizeof(TPM_ST), ticket->tag); - // hash algorithm - CryptDigestUpdateInt(&hmacState, sizeof(hashAlg), hashAlg); - // digest - CryptDigestUpdate2B(&hmacState.hashState, &digest->b); - // done - CryptHmacEnd2B(&hmacState, &ticket->digest.b); - - return; -} - -//*** TicketComputeCreation() -// This function creates a TPMT_TK_CREATION ticket. -/*(See part 2 specification) -// The ticket is computed as: -// HMAC(proof, (TPM_ST_CREATION || Name || hash(TPMS_CREATION_DATA))) -// Where: -// HMAC() an HMAC using the hash of proof -// proof a TPM secret value associated with the hierarchy associated with Name -// TPM_ST_VERIFIED a value to differentiate the tickets -// Name the Name of the object to which the creation data is to be associated -// TPMS_CREATION_DATA the creation data structure associated with Name -*/ -void -TicketComputeCreation( - TPMI_RH_HIERARCHY hierarchy, // IN: hierarchy for ticket - TPM2B_NAME *name, // IN: object name - TPM2B_DIGEST *creation, // IN: creation hash - TPMT_TK_CREATION *ticket // OUT: created ticket - ) -{ - TPM2B_PROOF *proof; - HMAC_STATE hmacState; - - // Get proper proof - proof = HierarchyGetProof(hierarchy); - - // Fill in ticket fields - ticket->tag = TPM_ST_CREATION; - ticket->hierarchy = hierarchy; - - // Start HMAC using hierarchy proof as HMAC key - ticket->digest.t.size = CryptHmacStart2B(&hmacState, CONTEXT_INTEGRITY_HASH_ALG, - &proof->b); - // TPM_ST_CREATION - CryptDigestUpdateInt(&hmacState, sizeof(TPM_ST), ticket->tag); - // name if provided - if(name != NULL) - CryptDigestUpdate2B(&hmacState.hashState, &name->b); - // creation hash - CryptDigestUpdate2B(&hmacState.hashState, &creation->b); - // Done - CryptHmacEnd2B(&hmacState, &ticket->digest.b); - - return; -} \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/ltc/TpmToLtcDesSupport.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/ltc/TpmToLtcDesSupport.c deleted file mode 100644 index 69a0b01a1..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/ltc/TpmToLtcDesSupport.c +++ /dev/null @@ -1,75 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or other - * materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -//** Introduction -// -// The functions in this file are used for initialization of the interface to the -// LibTomCrypt and MpaLib libraries. This is not used if only the LTC hash and -// symmetric functions are used. - -//** Defines and Includes - -#include "Tpm.h" - -#if (defined SYM_LIB_LTC) && ALG_TDES - -//** TDES_setup -// This function calls the LTC function to generate a TDES key schedule. If the -// key is one DES key (8 bytes), then it is replicated two more times to create a -// 24-byte TDES key. If the key is two key (16 bytes), then the first DES key is -// replicated to the third key position. -void TDES_setup( - const BYTE *key, - UINT32 keyBits, - symmetric_key *skey - ) -{ - BYTE k[24]; - BYTE *kp; - - // If this is two-key, make it three key by replicating K1 - if(keyBits == 128) - { - memcpy(k, key, 16); - memcpy(&k[16], key, 8); - kp = k; - } - else - kp = (BYTE *)key; - - des3_setup(kp, 24, 0, skey); -} - -#endif // MATH_LIB_LTC && ALG_TDES diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/ltc/TpmToLtcMath.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/ltc/TpmToLtcMath.c deleted file mode 100644 index bb1a0e62a..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/ltc/TpmToLtcMath.c +++ /dev/null @@ -1,286 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or other - * materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -//** Introduction -// -// This file contains the math functions that are not implemented in the BnMath -// library (yet). These math functions will call the ST MPA library or the -// LibTomCrypt library to execute the operations. Since the TPM internal big number -// format is identical to the MPA format, no reformatting is required. - -//** Includes -#include "Tpm.h" - -#ifdef MATH_LIB_LTC - -#if defined ECC_NIST_P256 && ECC_NIST_P256 == YES && ECC_CURVE_COUNT > 1 -#error "LibTomCrypt only supports P256" -#endif - -//** Functions - -//*** BnModMult() -// Does multiply and divide returning the remainder of the divide. -LIB_EXPORT BOOL -BnModMult( - bigNum result, - bigConst op1, - bigConst op2, - bigConst modulus - ) -{ - BN_VAR(temp, LARGEST_NUMBER_BITS * 2); - // mpa_mul does not allocate from the pool if the result is not the same as - // op1 or op2. since this is assured by the stack allocation of 'temp', the - // pool pointer can be NULL - pAssert(BnGetAllocated(result) >= BnGetSize(modulus)); - mpa_mul((mpanum)temp, (const mpanum)op1, (const mpanum)op2, - NULL); - return BnDiv(NULL, result, temp, modulus); -} - -//*** BnMult() -// Multiplies two numbers -LIB_EXPORT BOOL -BnMult( - bigNum result, - bigConst multiplicand, - bigConst multiplier - ) -{ - // Make sure that the mpa_mul function does not allocate anything - // from the POOL by eliminating the reason for doing it. - BN_VAR(tempResult, LARGEST_NUMBER_BITS * 2); - if(result != multiplicand && result != multiplier) - tempResult = result; - mpa_mul((mpanum)tempResult, (const mpanum)multiplicand, - (const mpanum)multiplier, - NULL); - BnCopy(result, tempResult); - return TRUE; -} - -//*** BnDiv() -// This function divides two BIGNUM values. The function always returns TRUE. -LIB_EXPORT BOOL -BnDiv( - bigNum quotient, - bigNum remainder, - bigConst dividend, - bigConst divisor - ) -{ - MPA_ENTER(10, LARGEST_NUMBER_BITS); - pAssert(!BnEqualZero(divisor)); - if(BnGetSize(dividend) < BnGetSize(divisor)) - { - if(quotient) - BnSetWord(quotient, 0); - if(remainder) - BnCopy(remainder, dividend); - } - else - { - pAssert((quotient == NULL) - || (quotient->allocated >= - (unsigned)(dividend->size - divisor->size))); - pAssert((remainder == NULL) - || (remainder->allocated >= divisor->size)); - mpa_div((mpanum)quotient, (mpanum)remainder, - (const mpanum)dividend, (const mpanum)divisor, POOL); - } - MPA_LEAVE(); - return TRUE; -} - -#ifdef TPM_ALG_RSA -//*** BnGcd() -// Get the greatest common divisor of two numbers -LIB_EXPORT BOOL -BnGcd( - bigNum gcd, // OUT: the common divisor - bigConst number1, // IN: - bigConst number2 // IN: - ) -{ - MPA_ENTER(20, LARGEST_NUMBER_BITS); -// - mpa_gcd((mpanum)gcd, (mpanum)number1, (mpanum)number2, POOL); - MPA_LEAVE(); - return TRUE; -} - -//***BnModExp() -// Do modular exponentiation using BIGNUM values. The conversion from a bignum_t -// to a BIGNUM is trivial as they are based on the same structure -LIB_EXPORT BOOL -BnModExp( - bigNum result, // OUT: the result - bigConst number, // IN: number to exponentiate - bigConst exponent, // IN: - bigConst modulus // IN: - ) -{ - MPA_ENTER(20, LARGEST_NUMBER_BITS); - BN_VAR(bnR, MAX_RSA_KEY_BITS); - BN_VAR(bnR2, MAX_RSA_KEY_BITS); - mpa_word_t n_inv; - mpa_word_t ffmCtx[mpa_fmm_context_size_in_U32(MAX_RSA_KEY_BITS)]; -// - mpa_init_static_fmm_context((mpa_fmm_context_base *)ffmCtx, - BYTES_TO_CRYPT_WORDS(sizeof(ffmCtx))); - // Generate modular form - if(mpa_compute_fmm_context((const mpanum)modulus, (mpanum)bnR, - (mpanum)bnR2, &n_inv, POOL) != 0) - FAIL(FATAL_ERROR_INTERNAL); - // Do exponentiation - mpa_exp_mod((mpanum)result, (const mpanum)number, (const mpanum)exponent, - (const mpanum)modulus, (const mpanum)bnR, (const mpanum)bnR2, - n_inv, POOL); - MPA_LEAVE(); - return TRUE; -} - -//*** BnModInverse() -// Modular multiplicative inverse -LIB_EXPORT BOOL -BnModInverse( - bigNum result, - bigConst number, - bigConst modulus - ) -{ - BOOL retVal; - MPA_ENTER(10, LARGEST_NUMBER_BITS); - retVal = (mpa_inv_mod((mpanum)result, (const mpanum)number, - (const mpanum)modulus, POOL) == 0); - MPA_LEAVE(); - return retVal; -} -#endif // TPM_ALG_RSA - -#ifdef TPM_ALG_ECC - - -//*** BnEccModMult() -// This function does a point multiply of the form R = [d]S -// return type: BOOL -// FALSE failure in operation; treat as result being point at infinity -LIB_EXPORT BOOL -BnEccModMult( - bigPoint R, // OUT: computed point - pointConst S, // IN: point to multiply by 'd' - bigConst d, // IN: scalar for [d]S - bigCurve E - ) -{ - MPA_ENTER(30, MAX_ECC_KEY_BITS * 2); - // The point multiply in LTC seems to need a large reciprocal for - // intermediate results - POINT_VAR(result, MAX_ECC_KEY_BITS * 4); - BOOL OK; -// - (POOL); // Avoid compiler warning - if(S == NULL) - S = CurveGetG(AccessCurveData(E)); - OK = (ltc_ecc_mulmod((mpanum)d, (ecc_point *)S, - (ecc_point *)result, (void *)CurveGetPrime(E), 1) - == CRYPT_OK); - OK = OK && !BnEqualZero(result->z); - if(OK) - BnPointCopy(R, result); - - MPA_LEAVE(); - return OK ? TPM_RC_SUCCESS : TPM_RC_NO_RESULT; -} - -//*** BnEccModMult2() -// This function does a point multiply of the form R = [d]S + [u]Q -// return type: BOOL -// FALSE failure in operation; treat as result being point at infinity -LIB_EXPORT BOOL -BnEccModMult2( - bigPoint R, // OUT: computed point - pointConst S, // IN: first point (optional) - bigConst d, // IN: scalar for [d]S or [d]G - pointConst Q, // IN: second point - bigConst u, // IN: second scalar - bigCurve E // IN: curve - ) -{ - MPA_ENTER(80, MAX_ECC_KEY_BITS); - BOOL OK; - // The point multiply in LTC seems to need a large reciprocal for - // intermediate results - POINT_VAR(result, MAX_ECC_KEY_BITS * 4); -// - (POOL); // Avoid compiler warning - if(S == NULL) - S = CurveGetG(AccessCurveData(E)); - - OK = (ltc_ecc_mul2add((ecc_point *)S, (mpanum)d, (ecc_point *)Q, (mpanum)u, - (ecc_point *)result, (mpanum)CurveGetPrime(E)) - == CRYPT_OK); - OK = OK && !BnEqualZero(result->z); - - if(OK) - BnPointCopy(R, result); - - MPA_LEAVE(); - return OK ? TPM_RC_SUCCESS : TPM_RC_NO_RESULT; -} - -//*** BnEccAdd() -// This function does addition of two points. Since this is not implemented -// in LibTomCrypt() will try to trick it by doing multiply with scalar of 1. -// I have no idea if this will work and it's not needed unless MQV or the SM2 -// variant is enabled. -// return type: BOOL -// FALSE failure in operation; treat as result being point at infinity -LIB_EXPORT BOOL -BnEccAdd( - bigPoint R, // OUT: computed point - pointConst S, // IN: point to multiply by 'd' - pointConst Q, // IN: second point - bigCurve E // IN: curve - ) -{ - BN_WORD_INITIALIZED(one, 1); - return BnEccModMult2(R, S, one, Q, one, E); -} - -#endif // TPM_ALG_ECC - -#endif // MATH_LIB_LTC diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/ltc/TpmToLtcSupport.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/ltc/TpmToLtcSupport.c deleted file mode 100644 index 0dcb79ebe..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/ltc/TpmToLtcSupport.c +++ /dev/null @@ -1,96 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or other - * materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -//** Introduction -// -// The functions in this file are used for initialization of the interface to the -// LibTomCrypt and MpsLib libraries. This is not used if only the LTC hash and -// symmetric functions are used. - -//** Defines and Includes - -#include "Tpm.h" - -#if defined(HASH_LIB_LTC) || defined(MATH_LIB_LTC) || defined(SYM_LIB_LTC) - -// This state is used because there is no way to pass the random number state -// to LibTomCrypt. I do not think that this is currently an issue because... -// Heck, just put in an assert and see what happens. -static void *s_randState; - -//*** LtcRand() -// This is a stub function that is called from the LibTomCrypt or libmpa code -// to get a random number. In turn, this will call the random RandGenerate -// function that was passed in LibraryInit(). This function will pass the pointer -// to the current rand state along with the random byte request. -uint32_t LtcRand( - void *buf, - size_t blen - ) -{ - pAssert(1); - DRBG_Generate(s_randState, buf, (uint16_t)blen); - return 0; -} - -//*** SupportLibInit() -// This does any initialization required by the support library. -LIB_EXPORT int -SupportLibInit( - void - ) -{ - mpa_set_random_generator(LtcRand); - s_randState = NULL; - external_mem_pool = NULL; - return 1; -} - -//*** LtcPoolInit() -// Function to initialize a pool. **** -LIB_EXPORT mpa_scratch_mem -LtcPoolInit( - mpa_word_t *poolAddress, - int vars, - int bits - ) -{ - mpa_scratch_mem pool = (mpa_scratch_mem)poolAddress; - mpa_init_scratch_mem(pool, vars, bits); - init_mpa_tomcrypt(pool); - return pool; -} - -#endif // HASH_LIB_LTC || MATH_LIB_LTC || SYM_LIB_LTC diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/ossl/TpmToOsslDesSupport.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/ossl/TpmToOsslDesSupport.c deleted file mode 100644 index 68c28ab96..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/ossl/TpmToOsslDesSupport.c +++ /dev/null @@ -1,100 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Introduction -// -// The functions in this file are used for initialization of the interface to the -// OpenSSL library. - -//** Defines and Includes - -#include "Tpm.h" - -#if (defined SYM_LIB_OSSL) && ALG_TDES - -//**Functions -//*** TDES_set_encyrpt_key() -// This function makes creation of a TDES key look like the creation of a key for -// any of the other OpenSSL block ciphers. It will create three key schedules, -// one for each of the DES keys. If there are only two keys, then the third schedule -// is a copy of the first. -void -TDES_set_encrypt_key( - const BYTE *key, - UINT16 keySizeInBits, - tpmKeyScheduleTDES *keySchedule - ) -{ - DES_set_key_unchecked((const_DES_cblock *)key, &keySchedule[0]); - DES_set_key_unchecked((const_DES_cblock *)&key[8], &keySchedule[1]); - // If is two-key, copy the schedule for K1 into K3, otherwise, compute the - // the schedule for K3 - if(keySizeInBits == 128) - keySchedule[2] = keySchedule[0]; - else - DES_set_key_unchecked((const_DES_cblock *)&key[16], - &keySchedule[2]); -} - - -//*** TDES_encyrpt() -// The TPM code uses one key schedule. For TDES, the schedule contains three -// schedules. OpenSSL wants the schedules referenced separately. This function -// does that. -void TDES_encrypt( - const BYTE *in, - BYTE *out, - tpmKeyScheduleTDES *ks - ) -{ - DES_ecb3_encrypt((const_DES_cblock *)in, (DES_cblock *)out, - &ks[0], &ks[1], &ks[2], - DES_ENCRYPT); -} - -//*** TDES_decrypt() -// As with TDES_encypt() this function bridges between the TPM single schedule -// model and the OpenSSL three schedule model. -void TDES_decrypt( - const BYTE *in, - BYTE *out, - tpmKeyScheduleTDES *ks - ) -{ - DES_ecb3_encrypt((const_DES_cblock *)in, (DES_cblock *)out, - &ks[0], &ks[1], &ks[2], - DES_DECRYPT); -} - -#endif // SYM_LIB_OSSL diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/ossl/TpmToOsslMath.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/ossl/TpmToOsslMath.c deleted file mode 100644 index 042709ec2..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/ossl/TpmToOsslMath.c +++ /dev/null @@ -1,638 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Introduction -// The functions in this file provide the low-level interface between the TPM code -// and the big number and elliptic curve math routines in OpenSSL. -// -// Most math on big numbers require a context. The context contains the memory in -// which OpenSSL creates and manages the big number values. When a OpenSSL math -// function will be called that modifies a BIGNUM value, that value must be created in -// an OpenSSL context. The first line of code in such a function must be: -// OSSL_ENTER(); and the last operation before returning must be OSSL_LEAVE(). -// OpenSSL variables can then be created with BnNewVariable(). Constant values to be -// used by OpenSSL are created from the bigNum values passed to the functions in this -// file. Space for the BIGNUM control block is allocated in the stack of the -// function and then it is initialized by calling BigInitialized(). That function -// sets up the values in the BIGNUM structure and sets the data pointer to point to -// the data in the bignum_t. This is only used when the value is known to be a -// constant in the called function. -// -// Because the allocations of constants is on the local stack and the -// OSSL_ENTER()/OSSL_LEAVE() pair flushes everything created in OpenSSL memory, there -// should be no chance of a memory leak. - -//** Includes and Defines -#include "Tpm.h" - -#ifdef MATH_LIB_OSSL -#include "TpmToOsslMath_fp.h" - -//** Functions - -//*** OsslToTpmBn() -// This function converts an OpenSSL BIGNUM to a TPM bignum. In this implementation -// it is assumed that OpenSSL uses a different control structure but the same data -// layout -- an array of native-endian words in little-endian order. -// Return Type: BOOL -// TRUE(1) success -// FALSE(0) failure because value will not fit or OpenSSL variable doesn't -// exist -BOOL -OsslToTpmBn( - bigNum bn, - BIGNUM *osslBn - ) -{ - VERIFY(osslBn != NULL); - // If the bn is NULL, it means that an output value pointer was NULL meaning that - // the results is simply to be discarded. - if(bn != NULL) - { - int i; - // - VERIFY((unsigned)osslBn->top <= BnGetAllocated(bn)); - for(i = 0; i < osslBn->top; i++) - bn->d[i] = osslBn->d[i]; - BnSetTop(bn, osslBn->top); - } - return TRUE; -Error: - return FALSE; -} - -//*** BigInitialized() -// This function initializes an OSSL BIGNUM from a TPM bigConst. Do not use this for -// values that are passed to OpenSLL when they are not declared as const in the -// function prototype. Instead, use BnNewVariable(). -BIGNUM * -BigInitialized( - BIGNUM *toInit, - bigConst initializer - ) -{ - if(initializer == NULL) - FAIL(FATAL_ERROR_PARAMETER); - if(toInit == NULL || initializer == NULL) - return NULL; - toInit->d = (BN_ULONG *)&initializer->d[0]; - toInit->dmax = (int)initializer->allocated; - toInit->top = (int)initializer->size; - toInit->neg = 0; - toInit->flags = 0; - return toInit; -} - -#ifndef OSSL_DEBUG -# define BIGNUM_PRINT(label, bn, eol) -# define DEBUG_PRINT(x) -#else -# define DEBUG_PRINT(x) printf("%s", x) -# define BIGNUM_PRINT(label, bn, eol) BIGNUM_print((label), (bn), (eol)) - -//*** BIGNUM_print() -static void -BIGNUM_print( - const char *label, - const BIGNUM *a, - BOOL eol - ) -{ - BN_ULONG *d; - int i; - int notZero = FALSE; - - if(label != NULL) - printf("%s", label); - if(a == NULL) - { - printf("NULL"); - goto done; - } - if (a->neg) - printf("-"); - for(i = a->top, d = &a->d[i - 1]; i > 0; i--) - { - int j; - BN_ULONG l = *d--; - for(j = BN_BITS2 - 8; j >= 0; j -= 8) - { - BYTE b = (BYTE)((l >> j) & 0xFF); - notZero = notZero || (b != 0); - if(notZero) - printf("%02x", b); - } - if(!notZero) - printf("0"); - } -done: - if(eol) - printf("\n"); - return; -} -#endif - -//*** BnNewVariable() -// This function allocates a new variable in the provided context. If the context -// does not exist or the allocation fails, it is a catastrophic failure. -static BIGNUM * -BnNewVariable( - BN_CTX *CTX -) -{ - BIGNUM *new; -// - // This check is intended to protect against calling this function without - // having initialized the CTX. - if((CTX == NULL) || ((new = BN_CTX_get(CTX)) == NULL)) - FAIL(FATAL_ERROR_ALLOCATION); - return new; -} - -#if LIBRARY_COMPATIBILITY_CHECK - -//*** MathLibraryCompatibilityCheck() -void -MathLibraryCompatibilityCheck( - void - ) -{ - OSSL_ENTER(); - BIGNUM *osslTemp = BnNewVariable(CTX); - crypt_uword_t i; - BYTE test[] = {0x1F, 0x1E, 0x1D, 0x1C, 0x1B, 0x1A, 0x19, 0x18, - 0x17, 0x16, 0x15, 0x14, 0x13, 0x12, 0x11, 0x10, - 0x0F, 0x0E, 0x0D, 0x0C, 0x0B, 0x0A, 0x09, 0x08, - 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00}; - BN_VAR(tpmTemp, sizeof(test) * 8); // allocate some space for a test value -// - // Convert the test data to a bigNum - BnFromBytes(tpmTemp, test, sizeof(test)); - // Convert the test data to an OpenSSL BIGNUM - BN_bin2bn(test, sizeof(test), osslTemp); - // Make sure the values are consistent - VERIFY(osslTemp->top == (int)tpmTemp->size); - for(i = 0; i < tpmTemp->size; i++) - VERIFY(osslTemp->d[i] == tpmTemp->d[i]); - OSSL_LEAVE(); - return; -Error: - FAIL(FATAL_ERROR_MATHLIBRARY); -} -#endif - -//*** BnModMult() -// This function does a modular multiply. It first does a multiply and then a divide -// and returns the remainder of the divide. -// Return Type: BOOL -// TRUE(1) success -// FALSE(0) failure in operation -LIB_EXPORT BOOL -BnModMult( - bigNum result, - bigConst op1, - bigConst op2, - bigConst modulus - ) -{ - OSSL_ENTER(); - BOOL OK = TRUE; - BIGNUM *bnResult = BN_NEW(); - BIGNUM *bnTemp = BN_NEW(); - BIG_INITIALIZED(bnOp1, op1); - BIG_INITIALIZED(bnOp2, op2); - BIG_INITIALIZED(bnMod, modulus); -// - VERIFY(BN_mul(bnTemp, bnOp1, bnOp2, CTX)); - VERIFY(BN_div(NULL, bnResult, bnTemp, bnMod, CTX)); - VERIFY(OsslToTpmBn(result, bnResult)); - goto Exit; -Error: - OK = FALSE; -Exit: - OSSL_LEAVE(); - return OK; -} - -//*** BnMult() -// Multiplies two numbers -// Return Type: BOOL -// TRUE(1) success -// FALSE(0) failure in operation -LIB_EXPORT BOOL -BnMult( - bigNum result, - bigConst multiplicand, - bigConst multiplier - ) -{ - OSSL_ENTER(); - BIGNUM *bnTemp = BN_NEW(); - BOOL OK = TRUE; - BIG_INITIALIZED(bnA, multiplicand); - BIG_INITIALIZED(bnB, multiplier); -// - VERIFY(BN_mul(bnTemp, bnA, bnB, CTX)); - VERIFY(OsslToTpmBn(result, bnTemp)); - goto Exit; -Error: - OK = FALSE; -Exit: - OSSL_LEAVE(); - return OK; -} - -//*** BnDiv() -// This function divides two bigNum values. The function returns FALSE if -// there is an error in the operation. -// Return Type: BOOL -// TRUE(1) success -// FALSE(0) failure in operation -LIB_EXPORT BOOL -BnDiv( - bigNum quotient, - bigNum remainder, - bigConst dividend, - bigConst divisor - ) -{ - OSSL_ENTER(); - BIGNUM *bnQ = BN_NEW(); - BIGNUM *bnR = BN_NEW(); - BOOL OK = TRUE; - BIG_INITIALIZED(bnDend, dividend); - BIG_INITIALIZED(bnSor, divisor); -// - if(BnEqualZero(divisor)) - FAIL(FATAL_ERROR_DIVIDE_ZERO); - VERIFY(BN_div(bnQ, bnR, bnDend, bnSor, CTX)); - VERIFY(OsslToTpmBn(quotient, bnQ)); - VERIFY(OsslToTpmBn(remainder, bnR)); - DEBUG_PRINT("In BnDiv:\n"); - BIGNUM_PRINT(" bnDividend: ", bnDend, TRUE); - BIGNUM_PRINT(" bnDivisor: ", bnSor, TRUE); - BIGNUM_PRINT(" bnQuotient: ", bnQ, TRUE); - BIGNUM_PRINT(" bnRemainder: ", bnR, TRUE); - goto Exit; -Error: - OK = FALSE; -Exit: - OSSL_LEAVE(); - return OK; -} - -#if ALG_RSA -//*** BnGcd() -// Get the greatest common divisor of two numbers -// Return Type: BOOL -// TRUE(1) success -// FALSE(0) failure in operation -LIB_EXPORT BOOL -BnGcd( - bigNum gcd, // OUT: the common divisor - bigConst number1, // IN: - bigConst number2 // IN: - ) -{ - OSSL_ENTER(); - BIGNUM *bnGcd = BN_NEW(); - BOOL OK = TRUE; - BIG_INITIALIZED(bn1, number1); - BIG_INITIALIZED(bn2, number2); -// - VERIFY(BN_gcd(bnGcd, bn1, bn2, CTX)); - VERIFY(OsslToTpmBn(gcd, bnGcd)); - goto Exit; -Error: - OK = FALSE; -Exit: - OSSL_LEAVE(); - return OK; -} - -//***BnModExp() -// Do modular exponentiation using bigNum values. The conversion from a bignum_t to -// a bigNum is trivial as they are based on the same structure -// Return Type: BOOL -// TRUE(1) success -// FALSE(0) failure in operation -LIB_EXPORT BOOL -BnModExp( - bigNum result, // OUT: the result - bigConst number, // IN: number to exponentiate - bigConst exponent, // IN: - bigConst modulus // IN: - ) -{ - OSSL_ENTER(); - BIGNUM *bnResult = BN_NEW(); - BOOL OK = TRUE; - BIG_INITIALIZED(bnN, number); - BIG_INITIALIZED(bnE, exponent); - BIG_INITIALIZED(bnM, modulus); -// - VERIFY(BN_mod_exp(bnResult, bnN, bnE, bnM, CTX)); - VERIFY(OsslToTpmBn(result, bnResult)); - goto Exit; -Error: - OK = FALSE; -Exit: - OSSL_LEAVE(); - return OK; -} - -//*** BnModInverse() -// Modular multiplicative inverse -// Return Type: BOOL -// TRUE(1) success -// FALSE(0) failure in operation -LIB_EXPORT BOOL -BnModInverse( - bigNum result, - bigConst number, - bigConst modulus - ) -{ - OSSL_ENTER(); - BIGNUM *bnResult = BN_NEW(); - BOOL OK = TRUE; - BIG_INITIALIZED(bnN, number); - BIG_INITIALIZED(bnM, modulus); -// - VERIFY(BN_mod_inverse(bnResult, bnN, bnM, CTX) != NULL); - VERIFY(OsslToTpmBn(result, bnResult)); - goto Exit; -Error: - OK = FALSE; -Exit: - OSSL_LEAVE(); - return OK; -} -#endif // ALG_RSA - -#if ALG_ECC - -//*** PointFromOssl() -// Function to copy the point result from an OSSL function to a bigNum -// Return Type: BOOL -// TRUE(1) success -// FALSE(0) failure in operation -static BOOL -PointFromOssl( - bigPoint pOut, // OUT: resulting point - EC_POINT *pIn, // IN: the point to return - bigCurve E // IN: the curve - ) -{ - BIGNUM *x = NULL; - BIGNUM *y = NULL; - BOOL OK; - BN_CTX_start(E->CTX); -// - x = BN_CTX_get(E->CTX); - y = BN_CTX_get(E->CTX); - - if(y == NULL) - FAIL(FATAL_ERROR_ALLOCATION); - // If this returns false, then the point is at infinity - OK = EC_POINT_get_affine_coordinates_GFp(E->G, pIn, x, y, E->CTX); - if(OK) - { - OsslToTpmBn(pOut->x, x); - OsslToTpmBn(pOut->y, y); - BnSetWord(pOut->z, 1); - } - else - BnSetWord(pOut->z, 0); - BN_CTX_end(E->CTX); - return OK; -} - -//*** EcPointInitialized() -// Allocate and initialize a point. -static EC_POINT * -EcPointInitialized( - pointConst initializer, - bigCurve E - ) -{ - EC_POINT *P = NULL; - - if(initializer != NULL) - { - BIG_INITIALIZED(bnX, initializer->x); - BIG_INITIALIZED(bnY, initializer->y); - P = EC_POINT_new(E->G); - if(E == NULL) - FAIL(FATAL_ERROR_ALLOCATION); - if(!EC_POINT_set_affine_coordinates_GFp(E->G, P, bnX, bnY, E->CTX)) - P = NULL; - } - return P; -} - -//*** BnCurveInitialize() -// This function initializes the OpenSSL curve information structure. This -// structure points to the TPM-defined values for the curve, to the context for the -// number values in the frame, and to the OpenSSL-defined group values. -// Return Type: bigCurve * -// NULL the TPM_ECC_CURVE is not valid or there was a problem in -// in initializing the curve data -// non-NULL points to 'E' -LIB_EXPORT bigCurve -BnCurveInitialize( - bigCurve E, // IN: curve structure to initialize - TPM_ECC_CURVE curveId // IN: curve identifier -) -{ - const ECC_CURVE_DATA *C = GetCurveData(curveId); - if(C == NULL) - E = NULL; - if(E != NULL) - { - // This creates the OpenSSL memory context that stays in effect as long as the - // curve (E) is defined. - OSSL_ENTER(); // if the allocation fails, the TPM fails - EC_POINT *P = NULL; - BIG_INITIALIZED(bnP, C->prime); - BIG_INITIALIZED(bnA, C->a); - BIG_INITIALIZED(bnB, C->b); - BIG_INITIALIZED(bnX, C->base.x); - BIG_INITIALIZED(bnY, C->base.y); - BIG_INITIALIZED(bnN, C->order); - BIG_INITIALIZED(bnH, C->h); - // - E->C = C; - E->CTX = CTX; - - // initialize EC group, associate a generator point and initialize the point - // from the parameter data - // Create a group structure - E->G = EC_GROUP_new_curve_GFp(bnP, bnA, bnB, CTX); - VERIFY(E->G != NULL); - - // Allocate a point in the group that will be used in setting the - // generator. This is not needed after the generator is set. - P = EC_POINT_new(E->G); - VERIFY(P != NULL); - - // Need to use this in case Montgomery method is being used - VERIFY(EC_POINT_set_affine_coordinates_GFp(E->G, P, bnX, bnY, CTX)); - // Now set the generator - VERIFY(EC_GROUP_set_generator(E->G, P, bnN, bnH)); - - EC_POINT_free(P); - goto Exit; -Error: - EC_POINT_free(P); - BnCurveFree(E); - E = NULL; - } -Exit: - return E; -} - -//*** BnCurveFree() -// This function will free the allocated components of the curve and end the -// frame in which the curve data exists -LIB_EXPORT void -BnCurveFree( - bigCurve E -) -{ - if(E) - { - EC_GROUP_free(E->G); - OsslContextLeave(E->CTX); - } -} - - -//*** BnEccModMult() -// This function does a point multiply of the form R = [d]S -// Return Type: BOOL -// TRUE(1) success -// FALSE(0) failure in operation; treat as result being point at infinity -LIB_EXPORT BOOL -BnEccModMult( - bigPoint R, // OUT: computed point - pointConst S, // IN: point to multiply by 'd' (optional) - bigConst d, // IN: scalar for [d]S - bigCurve E - ) -{ - EC_POINT *pR = EC_POINT_new(E->G); - EC_POINT *pS = EcPointInitialized(S, E); - BIG_INITIALIZED(bnD, d); - - if(S == NULL) - EC_POINT_mul(E->G, pR, bnD, NULL, NULL, E->CTX); - else - EC_POINT_mul(E->G, pR, NULL, pS, bnD, E->CTX); - PointFromOssl(R, pR, E); - EC_POINT_free(pR); - EC_POINT_free(pS); - return !BnEqualZero(R->z); -} - -//*** BnEccModMult2() -// This function does a point multiply of the form R = [d]G + [u]Q -// Return Type: BOOL -// TRUE(1) success -// FALSE(0) failure in operation; treat as result being point at infinity -LIB_EXPORT BOOL -BnEccModMult2( - bigPoint R, // OUT: computed point - pointConst S, // IN: optional point - bigConst d, // IN: scalar for [d]S or [d]G - pointConst Q, // IN: second point - bigConst u, // IN: second scalar - bigCurve E // IN: curve - ) -{ - EC_POINT *pR = EC_POINT_new(E->G); - EC_POINT *pS = EcPointInitialized(S, E); - BIG_INITIALIZED(bnD, d); - EC_POINT *pQ = EcPointInitialized(Q, E); - BIG_INITIALIZED(bnU, u); - - if(S == NULL || S == (pointConst)&(AccessCurveData(E)->base)) - EC_POINT_mul(E->G, pR, bnD, pQ, bnU, E->CTX); - else - { - const EC_POINT *points[2]; - const BIGNUM *scalars[2]; - points[0] = pS; - points[1] = pQ; - scalars[0] = bnD; - scalars[1] = bnU; - EC_POINTs_mul(E->G, pR, NULL, 2, points, scalars, E->CTX); - } - PointFromOssl(R, pR, E); - EC_POINT_free(pR); - EC_POINT_free(pS); - EC_POINT_free(pQ); - return !BnEqualZero(R->z); -} - -//** BnEccAdd() -// This function does addition of two points. -// Return Type: BOOL -// TRUE(1) success -// FALSE(0) failure in operation; treat as result being point at infinity -LIB_EXPORT BOOL -BnEccAdd( - bigPoint R, // OUT: computed point - pointConst S, // IN: point to multiply by 'd' - pointConst Q, // IN: second point - bigCurve E // IN: curve - ) -{ - EC_POINT *pR = EC_POINT_new(E->G); - EC_POINT *pS = EcPointInitialized(S, E); - EC_POINT *pQ = EcPointInitialized(Q, E); -// - EC_POINT_add(E->G, pR, pS, pQ, E->CTX); - - PointFromOssl(R, pR, E); - EC_POINT_free(pR); - EC_POINT_free(pS); - EC_POINT_free(pQ); - return !BnEqualZero(R->z); -} - -#endif // ALG_ECC - - -#endif // MATHLIB OSSL \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/ossl/TpmToOsslSupport.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/ossl/TpmToOsslSupport.c deleted file mode 100644 index de7d939e1..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/ossl/TpmToOsslSupport.c +++ /dev/null @@ -1,112 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Introduction -// -// The functions in this file are used for initialization of the interface to the -// OpenSSL library. - -//** Defines and Includes - -#include "Tpm.h" - -#if defined(HASH_LIB_OSSL) || defined(MATH_LIB_OSSL) || defined(SYM_LIB_OSSL) -// Used to pass the pointers to the correct sub-keys -typedef const BYTE *desKeyPointers[3]; - -//*** SupportLibInit() -// This does any initialization required by the support library. -LIB_EXPORT int -SupportLibInit( - void - ) -{ -#if LIBRARY_COMPATIBILITY_CHECK - MathLibraryCompatibilityCheck(); -#endif - return TRUE; -} - -//*** OsslContextEnter() -// This function is used to initialize an OpenSSL context at the start of a function -// that will call to an OpenSSL math function. -BN_CTX * -OsslContextEnter( - void - ) -{ - BN_CTX *CTX = BN_CTX_new(); -// - return OsslPushContext(CTX); -} - -//*** OsslContextLeave() -// This is the companion function to OsslContextEnter(). -void -OsslContextLeave( - BN_CTX *CTX - ) -{ - OsslPopContext(CTX); - BN_CTX_free(CTX); -} - -//*** OsslPushContext() -// This function is used to create a frame in a context. All values allocated within -// this context after the frame is started will be automatically freed when the -// context (OsslPopContext() -BN_CTX * -OsslPushContext( - BN_CTX *CTX - ) -{ - if(CTX == NULL) - FAIL(FATAL_ERROR_ALLOCATION); - BN_CTX_start(CTX); - return CTX; -} - -//*** OsslPopContext() -// This is the companion function to OsslPushContext(). -void -OsslPopContext( - BN_CTX *CTX - ) -{ - // BN_CTX_end can't be called with NULL. It will blow up. - if(CTX != NULL) - BN_CTX_end(CTX); -} - -#endif // HASH_LIB_OSSL || MATH_LIB_OSSL || SYM_LIB_OSSL diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/wolf/TpmToWolfDesSupport.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/wolf/TpmToWolfDesSupport.c deleted file mode 100644 index b42b32b1c..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/wolf/TpmToWolfDesSupport.c +++ /dev/null @@ -1,117 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or other - * materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -//** Introduction -// -// The functions in this file are used for initialization of the interface to the -// wolfcrypt library. - -//** Defines and Includes - -#include "Tpm.h" - -#if (defined SYM_LIB_WOLF) && ALG_TDES - -//**Functions -//** TDES_setup -// This function calls the wolfcrypt function to generate a TDES key schedule. If the -// If the key is two key (16 bytes), then the first DES key is replicated to the third -// key position. -int TDES_setup( - const BYTE *key, - UINT32 keyBits, - tpmKeyScheduleTDES *skey, - int dir - ) -{ - BYTE k[24]; - BYTE *kp; - - // If this is two-key, make it three key by replicating K1 - if(keyBits == 128) - { - memcpy(k, key, 16); - memcpy(&k[16], key, 8); - kp = k; - } - else - kp = (BYTE *)key; - - return wc_Des3_SetKey( skey, kp, 0, dir ); -} - -//** TDES_setup_encrypt_key -// This function calls into TDES_setup(), specifically for an encryption key. -int TDES_setup_encrypt_key( - const BYTE *key, - UINT32 keyBits, - tpmKeyScheduleTDES *skey -) -{ - return TDES_setup( key, keyBits, skey, DES_ENCRYPTION ); -} - -//** TDES_setup_decrypt_key -// This function calls into TDES_setup(), specifically for an decryption key. -int TDES_setup_decrypt_key( - const BYTE *key, - UINT32 keyBits, - tpmKeyScheduleTDES *skey -) -{ - return TDES_setup( key, keyBits, skey, DES_DECRYPTION ); -} - -//*** TDES_encyrpt() -void TDES_encrypt( - const BYTE *in, - BYTE *out, - tpmKeyScheduleTDES *ks - ) -{ - wc_Des3_EcbEncrypt( ks, out, in, DES_BLOCK_SIZE ); -} - -//*** TDES_decrypt() -void TDES_decrypt( - const BYTE *in, - BYTE *out, - tpmKeyScheduleTDES *ks - ) -{ - wc_Des3_EcbDecrypt( ks, out, in, DES_BLOCK_SIZE ); -} - -#endif // MATH_LIB_WOLF && ALG_TDES diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/wolf/TpmToWolfMath.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/wolf/TpmToWolfMath.c deleted file mode 100644 index 7169ee299..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/wolf/TpmToWolfMath.c +++ /dev/null @@ -1,521 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or other - * materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -//** Introduction -// -// This file contains the math functions that are not implemented in the BnMath -// library (yet). These math functions will call the wolfcrypt library to execute -// the operations. There is a difference between the internal format and the -// wolfcrypt format. To call the wolfcrypt function, a mp_int structure is created -// for each passed variable. We define USE_FAST_MATH wolfcrypt option, which allocates -// mp_int on the stack. We must copy each word to the new structure, and set the used -// size. -// -// Not using USE_FAST_MATH would allow for a simple pointer swap for the big integer -// buffer 'd', however wolfcrypt expects to manage this memory, and will swap out -// the pointer to and from temporary variables and free the reference underneath us. -// Using USE_FAST_MATH also instructs wolfcrypt to use the stack for all these -// intermediate variables - - -//** Includes and Defines -#include "Tpm.h" - -#ifdef MATH_LIB_WOLF -#include "BnConvert_fp.h" -#include "TpmToWolfMath_fp.h" - -#define WOLF_HALF_RADIX (RADIX_BITS == 64 && !defined(FP_64BIT)) - -//** Functions - -//*** BnFromWolf() -// This function converts a wolfcrypt mp_int to a TPM bignum. In this implementation -// it is assumed that wolfcrypt used the same format for a big number as does the -// TPM -- an array of native-endian words in little-endian order. -void -BnFromWolf( - bigNum bn, - mp_int *wolfBn - ) -{ - if(bn != NULL) - { - int i; -#if WOLF_HALF_RADIX - pAssert((unsigned)wolfBn->used <= 2 * BnGetAllocated(bn)); -#else - pAssert((unsigned)wolfBn->used <= BnGetAllocated(bn)); -#endif - for (i = 0; i < wolfBn->used; i++) - { -#if WOLF_HALF_RADIX - if (i & 1) - bn->d[i/2] |= (crypt_uword_t)wolfBn->dp[i] << 32; - else - bn->d[i/2] = wolfBn->dp[i]; -#else - bn->d[i] = wolfBn->dp[i]; -#endif - } - -#if WOLF_HALF_RADIX - BnSetTop(bn, (wolfBn->used + 1)/2); -#else - BnSetTop(bn, wolfBn->used); -#endif - } -} - -//*** BnToWolf() -// This function converts a TPM bignum to a wolfcrypt mp_init, and has the same -// assumptions as made by BnFromWolf() -void -BnToWolf( - mp_int *toInit, - bigConst initializer - ) -{ - uint32_t i; - if (toInit != NULL && initializer != NULL) - { - for (i = 0; i < initializer->size; i++) - { -#if WOLF_HALF_RADIX - toInit->dp[2 * i] = (fp_digit)initializer->d[i]; - toInit->dp[2 * i + 1] = (fp_digit)(initializer->d[i] >> 32); -#else - toInit->dp[i] = initializer->d[i]; -#endif - } - -#if WOLF_HALF_RADIX - toInit->used = (int)initializer->size * 2; - if (toInit->dp[toInit->used - 1] == 0 && toInit->dp[toInit->used - 2] != 0) - --toInit->used; -#else - toInit->used = (int)initializer->size; -#endif - toInit->sign = 0; - } -} - -//*** MpInitialize() -// This function initializes an wolfcrypt mp_int. -mp_int * -MpInitialize( - mp_int *toInit -) -{ - mp_init( toInit ); - return toInit; -} - -#if LIBRARY_COMPATIBILITY_CHECK -//** MathLibraryCompatibililtyCheck() -// This function is only used during development to make sure that the library -// that is being referenced is using the same size of data structures as the TPM. -void -MathLibraryCompatibilityCheck( - void - ) -{ - BN_VAR(tpmTemp, 64 * 8); // allocate some space for a test value - crypt_uword_t i; - TPM2B_TYPE(TEST, 16); - TPM2B_TEST test = {{16, {0x0F, 0x0E, 0x0D, 0x0C, - 0x0B, 0x0A, 0x09, 0x08, - 0x07, 0x06, 0x05, 0x04, - 0x03, 0x02, 0x01, 0x00}}}; - // Convert the test TPM2B to a bigNum - BnFrom2B(tpmTemp, &test.b); - MP_INITIALIZED(wolfTemp, tpmTemp); - (wolfTemp); // compiler warning - // Make sure the values are consistent - cAssert(wolfTemp->used == (int)tpmTemp->size); - for(i = 0; i < tpmTemp->size; i++) - cAssert(wolfTemp->dp[i] == tpmTemp->d[i]); -} -#endif - -//*** BnModMult() -// Does multiply and divide returning the remainder of the divide. -LIB_EXPORT BOOL -BnModMult( - bigNum result, - bigConst op1, - bigConst op2, - bigConst modulus - ) -{ - WOLF_ENTER(); - BOOL OK; - MP_INITIALIZED(bnOp1, op1); - MP_INITIALIZED(bnOp2, op2); - MP_INITIALIZED(bnTemp, NULL); - BN_VAR(temp, LARGEST_NUMBER_BITS * 2); - - pAssert(BnGetAllocated(result) >= BnGetSize(modulus)); - - OK = (mp_mul( bnOp1, bnOp2, bnTemp ) == MP_OKAY); - if(OK) - { - BnFromWolf(temp, bnTemp); - OK = BnDiv(NULL, result, temp, modulus); - } - - WOLF_LEAVE(); - return OK; -} - -//*** BnMult() -// Multiplies two numbers -LIB_EXPORT BOOL -BnMult( - bigNum result, - bigConst multiplicand, - bigConst multiplier - ) -{ - WOLF_ENTER(); - BOOL OK; - MP_INITIALIZED(bnTemp, NULL); - MP_INITIALIZED(bnA, multiplicand); - MP_INITIALIZED(bnB, multiplier); - - pAssert(result->allocated >= - (BITS_TO_CRYPT_WORDS(BnSizeInBits(multiplicand) - + BnSizeInBits(multiplier)))); - - OK = (mp_mul( bnA, bnB, bnTemp ) == MP_OKAY); - if(OK) - { - BnFromWolf(result, bnTemp); - } - - WOLF_LEAVE(); - return OK; -} - -//*** BnDiv() -// This function divides two bigNum values. The function returns FALSE if -// there is an error in the operation. -LIB_EXPORT BOOL -BnDiv( - bigNum quotient, - bigNum remainder, - bigConst dividend, - bigConst divisor - ) -{ - WOLF_ENTER(); - BOOL OK; - MP_INITIALIZED(bnQ, quotient); - MP_INITIALIZED(bnR, remainder); - MP_INITIALIZED(bnDend, dividend); - MP_INITIALIZED(bnSor, divisor); - pAssert(!BnEqualZero(divisor)); - if(BnGetSize(dividend) < BnGetSize(divisor)) - { - if(quotient) - BnSetWord(quotient, 0); - if(remainder) - BnCopy(remainder, dividend); - OK = TRUE; - } - else - { - pAssert((quotient == NULL) - || (quotient->allocated >= (unsigned)(dividend->size - - divisor->size))); - pAssert((remainder == NULL) - || (remainder->allocated >= divisor->size)); - OK = (mp_div(bnDend , bnSor, bnQ, bnR) == MP_OKAY); - if(OK) - { - BnFromWolf(quotient, bnQ); - BnFromWolf(remainder, bnR); - } - } - - WOLF_LEAVE(); - return OK; -} - -#if ALG_RSA -//*** BnGcd() -// Get the greatest common divisor of two numbers -LIB_EXPORT BOOL -BnGcd( - bigNum gcd, // OUT: the common divisor - bigConst number1, // IN: - bigConst number2 // IN: - ) -{ - WOLF_ENTER(); - BOOL OK; - MP_INITIALIZED(bnGcd, gcd); - MP_INITIALIZED(bn1, number1); - MP_INITIALIZED(bn2, number2); - pAssert(gcd != NULL); - OK = (mp_gcd( bn1, bn2, bnGcd ) == MP_OKAY); - if(OK) - { - BnFromWolf(gcd, bnGcd); - } - WOLF_LEAVE(); - return OK; -} - -//***BnModExp() -// Do modular exponentiation using bigNum values. The conversion from a mp_int to -// a bigNum is trivial as they are based on the same structure -LIB_EXPORT BOOL -BnModExp( - bigNum result, // OUT: the result - bigConst number, // IN: number to exponentiate - bigConst exponent, // IN: - bigConst modulus // IN: - ) -{ - WOLF_ENTER(); - BOOL OK; - MP_INITIALIZED(bnResult, result); - MP_INITIALIZED(bnN, number); - MP_INITIALIZED(bnE, exponent); - MP_INITIALIZED(bnM, modulus); - OK = (mp_exptmod( bnN, bnE, bnM, bnResult ) == MP_OKAY); - if(OK) - { - BnFromWolf(result, bnResult); - } - - WOLF_LEAVE(); - return OK; -} - -//*** BnModInverse() -// Modular multiplicative inverse -LIB_EXPORT BOOL -BnModInverse( - bigNum result, - bigConst number, - bigConst modulus - ) -{ - WOLF_ENTER(); - BOOL OK; - MP_INITIALIZED(bnResult, result); - MP_INITIALIZED(bnN, number); - MP_INITIALIZED(bnM, modulus); - - OK = (mp_invmod(bnN, bnM, bnResult) == MP_OKAY); - if(OK) - { - BnFromWolf(result, bnResult); - } - - WOLF_LEAVE(); - return OK; -} -#endif // TPM_ALG_RSA - -#if ALG_ECC - -//*** PointFromWolf() -// Function to copy the point result from a wolf ecc_point to a bigNum -void -PointFromWolf( - bigPoint pOut, // OUT: resulting point - ecc_point *pIn // IN: the point to return - ) -{ - BnFromWolf(pOut->x, pIn->x); - BnFromWolf(pOut->y, pIn->y); - BnFromWolf(pOut->z, pIn->z); -} - -//*** PointToWolf() -// Function to copy the point result from a bigNum to a wolf ecc_point -void -PointToWolf( - ecc_point *pOut, // OUT: resulting point - pointConst pIn // IN: the point to return - ) -{ - BnToWolf(pOut->x, pIn->x); - BnToWolf(pOut->y, pIn->y); - BnToWolf(pOut->z, pIn->z); -} - -//*** EcPointInitialized() -// Allocate and initialize a point. -static ecc_point * -EcPointInitialized( - pointConst initializer - ) -{ - ecc_point *P; - - P = wc_ecc_new_point(); - pAssert(P != NULL); - // mp_int x,y,z are stack allocated. - // initializer is not required - if (P != NULL && initializer != NULL) - { - PointToWolf( P, initializer ); - } - - return P; -} - -//*** BnEccModMult() -// This function does a point multiply of the form R = [d]S -// return type: BOOL -// FALSE failure in operation; treat as result being point at infinity -LIB_EXPORT BOOL -BnEccModMult( - bigPoint R, // OUT: computed point - pointConst S, // IN: point to multiply by 'd' (optional) - bigConst d, // IN: scalar for [d]S - bigCurve E - ) -{ - WOLF_ENTER(); - BOOL OK; - MP_INITIALIZED(bnD, d); - MP_INITIALIZED(bnPrime, CurveGetPrime(E)); - POINT_CREATE(pS, NULL); - POINT_CREATE(pR, NULL); - - if(S == NULL) - S = CurveGetG(AccessCurveData(E)); - - PointToWolf(pS, S); - - OK = (wc_ecc_mulmod(bnD, pS, pR, NULL, bnPrime, 1 ) == MP_OKAY); - if(OK) - { - PointFromWolf(R, pR); - } - - POINT_DELETE(pR); - POINT_DELETE(pS); - - WOLF_LEAVE(); - return !BnEqualZero(R->z); -} - -//*** BnEccModMult2() -// This function does a point multiply of the form R = [d]G + [u]Q -// return type: BOOL -// FALSE failure in operation; treat as result being point at infinity -LIB_EXPORT BOOL -BnEccModMult2( - bigPoint R, // OUT: computed point - pointConst S, // IN: optional point - bigConst d, // IN: scalar for [d]S or [d]G - pointConst Q, // IN: second point - bigConst u, // IN: second scalar - bigCurve E // IN: curve - ) -{ - WOLF_ENTER(); - BOOL OK; - POINT_CREATE(pR, NULL); - POINT_CREATE(pS, NULL); - POINT_CREATE(pQ, Q); - MP_INITIALIZED(bnD, d); - MP_INITIALIZED(bnU, u); - MP_INITIALIZED(bnPrime, CurveGetPrime(E)); - MP_INITIALIZED(bnA, CurveGet_a(E)); - - if(S == NULL) - S = CurveGetG(AccessCurveData(E)); - PointToWolf( pS, S ); - - OK = (ecc_mul2add(pS, bnD, pQ, bnU, pR, bnA, bnPrime, NULL) == MP_OKAY); - if(OK) - { - PointFromWolf(R, pR); - } - - POINT_DELETE(pS); - POINT_DELETE(pQ); - POINT_DELETE(pR); - - WOLF_LEAVE(); - return !BnEqualZero(R->z); -} - -//** BnEccAdd() -// This function does addition of two points. -// return type: BOOL -// FALSE failure in operation; treat as result being point at infinity -LIB_EXPORT BOOL -BnEccAdd( - bigPoint R, // OUT: computed point - pointConst S, // IN: point to multiply by 'd' - pointConst Q, // IN: second point - bigCurve E // IN: curve - ) -{ - WOLF_ENTER(); - BOOL OK; - mp_digit mp; - POINT_CREATE(pR, NULL); - POINT_CREATE(pS, S); - POINT_CREATE(pQ, Q); - MP_INITIALIZED(bnA, CurveGet_a(E)); - MP_INITIALIZED(bnMod, CurveGetPrime(E)); -// - OK = (mp_montgomery_setup(bnMod, &mp) == MP_OKAY); - OK = OK && (ecc_projective_add_point(pS, pQ, pR, bnA, bnMod, mp ) == MP_OKAY); - if(OK) - { - PointFromWolf(R, pR); - } - - POINT_DELETE(pS); - POINT_DELETE(pQ); - POINT_DELETE(pR); - - WOLF_LEAVE(); - return !BnEqualZero(R->z); -} - -#endif // TPM_ALG_ECC - -#endif // MATH_LIB_WOLF \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/wolf/TpmToWolfSupport.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/wolf/TpmToWolfSupport.c deleted file mode 100644 index 5492e350e..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/wolf/TpmToWolfSupport.c +++ /dev/null @@ -1,60 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or other - * materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -//** Introduction -// -// The functions in this file are used for initialization of the interface to the -// wolfSSL library. - -//** Defines and Includes - -#include "Tpm.h" - -#if defined(HASH_LIB_WOLF) || defined(MATH_LIB_WOLF) || defined(SYM_LIB_WOLF) - -//*** SupportLibInit() -// This does any initialization required by the support library. -LIB_EXPORT int -SupportLibInit( - void - ) -{ -#if LIBRARY_COMPATIBILITY_CHECK - MathLibraryCompatibilityCheck(); -#endif - return TRUE; -} - -#endif // HASH_LIB_WOLF || MATH_LIB_WOLF || SYM_LIB_WOLF diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/wolf/wolfssl.vcxproj b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/wolf/wolfssl.vcxproj deleted file mode 100644 index d36991af2..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/wolf/wolfssl.vcxproj +++ /dev/null @@ -1,194 +0,0 @@ - - - - - Coverage - Win32 - - - Coverage - x64 - - - WolfDebug - Win32 - - - WolfDebug - x64 - - - WolfRelease - Win32 - - - WolfRelease - x64 - - - - {73973223-5EE8-41CA-8E88-1D60E89A237B} - wolfssl - Win32Proj - 10.0.17763.0 - $(SolutionDir)..\external\wolfssl\ - - - - StaticLibrary - v141 - Unicode - true - - - StaticLibrary - v141 - Unicode - true - - - StaticLibrary - v141 - Unicode - - - StaticLibrary - v141 - Unicode - - - StaticLibrary - v141 - Unicode - - - StaticLibrary - v141 - Unicode - - - - - - - - - - - - - - - - - - - - - - - - - $(SolutionDir)\bin\$(PlatformTarget)\$(Configuration)\ - $(SolutionDir)\bin\$(ProjectName)\$(PlatformTarget)\$(Configuration)\ - $(VC_IncludePath);$(WindowsSDK_IncludePath);$(WolfRootDir) - - - - WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;CYASSL_USER_SETTINGS;%(PreprocessorDefinitions) - - - - - Disabled - true - EnableFastChecks - MultiThreadedDebugDLL - - Level4 - EditAndContinue - 4206;4214;4706;%(DisableSpecificWarnings) - $(SolutionDir)\tpm\include;$(SolutionDir)\tpm\include\wolf;%(AdditionalIncludeDirectories) - - - - - Disabled - true - EnableFastChecks - MultiThreadedDebugDLL - - - Level4 - EditAndContinue - 4206;4214;4706;%(DisableSpecificWarnings) - $(SolutionDir)\tpm\include;$(SolutionDir)\tpm\include\wolf;%(AdditionalIncludeDirectories) - - - - - Disabled - EnableFastChecks - MultiThreadedDebugDLL - - - Level4 - ProgramDatabase - 4206;4214;4706;%(DisableSpecificWarnings) - $(SolutionDir)\tpm\include;$(SolutionDir)\tpm\include\wolf;%(AdditionalIncludeDirectories) - - - - - Disabled - EnableFastChecks - MultiThreadedDebugDLL - - - Level4 - ProgramDatabase - 4206;4214;4706;%(DisableSpecificWarnings) - - - - - MaxSpeed - true - MultiThreadedDLL - true - - Level3 - ProgramDatabase - $(SolutionDir)\tpm\include;$(SolutionDir)\tpm\include\wolf;%(AdditionalIncludeDirectories) - - - - - MaxSpeed - true - MultiThreadedDLL - true - - - Level3 - ProgramDatabase - $(SolutionDir)\tpm\include;$(SolutionDir)\tpm\include\wolf;%(AdditionalIncludeDirectories) - - - - - - - - - - - - - - - - - - - \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/events/_TPM_Hash_Data.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/events/_TPM_Hash_Data.c deleted file mode 100644 index 52d5ecbb2..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/events/_TPM_Hash_Data.c +++ /dev/null @@ -1,70 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" - -// This function is called to process a _TPM_Hash_Data indication. -LIB_EXPORT void -_TPM_Hash_Data( - uint32_t dataSize, // IN: size of data to be extend - unsigned char *data // IN: data buffer - ) -{ - UINT32 i; - HASH_OBJECT *hashObject; - TPMI_DH_PCR pcrHandle = TPMIsStarted() - ? PCR_FIRST + DRTM_PCR : PCR_FIRST + HCRTM_PCR; - -// If there is no DRTM sequence object, then _TPM_Hash_Start -// was not called so this function returns without doing -// anything. - if(g_DRTMHandle == TPM_RH_UNASSIGNED) - return; - - hashObject = (HASH_OBJECT *)HandleToObject(g_DRTMHandle); - pAssert(hashObject->attributes.eventSeq); - - // For each of the implemented hash algorithms, update the digest with the - // data provided. - for(i = 0; i < HASH_COUNT; i++) - { - // make sure that the PCR is implemented for this algorithm - if(PcrIsAllocated(pcrHandle, - hashObject->state.hashState[i].hashAlg)) - // Update sequence object - CryptDigestUpdate(&hashObject->state.hashState[i], dataSize, data); - } - - return; -} \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/events/_TPM_Hash_End.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/events/_TPM_Hash_End.c deleted file mode 100644 index 72d0519b1..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/events/_TPM_Hash_End.c +++ /dev/null @@ -1,102 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" - -// This function is called to process a _TPM_Hash_End indication. -LIB_EXPORT void -_TPM_Hash_End( - void - ) -{ - UINT32 i; - TPM2B_DIGEST digest; - HASH_OBJECT *hashObject; - TPMI_DH_PCR pcrHandle; - - // If the DRTM handle is not being used, then either _TPM_Hash_Start has not - // been called, _TPM_Hash_End was previously called, or some other command - // was executed and the sequence was aborted. - if(g_DRTMHandle == TPM_RH_UNASSIGNED) - return; - - // Get DRTM sequence object - hashObject = (HASH_OBJECT *)HandleToObject(g_DRTMHandle); - - // Is this _TPM_Hash_End after Startup or before - if(TPMIsStarted()) - { - // After - - // Reset the DRTM PCR - PCRResetDynamics(); - - // Extend the DRTM_PCR. - pcrHandle = PCR_FIRST + DRTM_PCR; - - // DRTM sequence increments restartCount - gr.restartCount++; - } - else - { - pcrHandle = PCR_FIRST + HCRTM_PCR; - g_DrtmPreStartup = TRUE; - } - - // Complete hash and extend PCR, or if this is an HCRTM, complete - // the hash, reset the H-CRTM register (PCR[0]) to 0...04, and then - // extend the H-CRTM data - for(i = 0; i < HASH_COUNT; i++) - { - TPMI_ALG_HASH hash = CryptHashGetAlgByIndex(i); - // make sure that the PCR is implemented for this algorithm - if(PcrIsAllocated(pcrHandle, - hashObject->state.hashState[i].hashAlg)) - { - // Complete hash - digest.t.size = CryptHashGetDigestSize(hash); - CryptHashEnd2B(&hashObject->state.hashState[i], &digest.b); - - PcrDrtm(pcrHandle, hash, &digest); - } - } - - // Flush sequence object. - FlushObject(g_DRTMHandle); - - g_DRTMHandle = TPM_RH_UNASSIGNED; - - - return; -} \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/events/_TPM_Hash_Start.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/events/_TPM_Hash_Start.c deleted file mode 100644 index 9d108fef1..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/events/_TPM_Hash_Start.c +++ /dev/null @@ -1,92 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" - -// This function is called to process a _TPM_Hash_Start indication. -LIB_EXPORT void -_TPM_Hash_Start( - void - ) -{ - TPM_RC result; - TPMI_DH_OBJECT handle; - - // If a DRTM sequence object exists, free it up - if(g_DRTMHandle != TPM_RH_UNASSIGNED) - { - FlushObject(g_DRTMHandle); - g_DRTMHandle = TPM_RH_UNASSIGNED; - } - - // Create an event sequence object and store the handle in global - // g_DRTMHandle. A TPM_RC_OBJECT_MEMORY error may be returned at this point - // The NULL value for the first parameter will cause the sequence structure to - // be allocated without being set as present. This keeps the sequence from - // being left behind if the sequence is terminated early. - result = ObjectCreateEventSequence(NULL, &g_DRTMHandle); - - // If a free slot was not available, then free up a slot. - if(result != TPM_RC_SUCCESS) - { - // An implementation does not need to have a fixed relationship between - // slot numbers and handle numbers. To handle the general case, scan for - // a handle that is assigned and free it for the DRTM sequence. - // In the reference implementation, the relationship between handles and - // slots is fixed. So, if the call to ObjectCreateEvenSequence() - // failed indicating that all slots are occupied, then the first handle we - // are going to check (TRANSIENT_FIRST) will be occupied. It will be freed - // so that it can be assigned for use as the DRTM sequence object. - for(handle = TRANSIENT_FIRST; handle < TRANSIENT_LAST; handle++) - { - // try to flush the first object - if(IsObjectPresent(handle)) - break; - } - // If the first call to find a slot fails but none of the slots is occupied - // then there's a big problem - pAssert(handle < TRANSIENT_LAST); - - // Free the slot - FlushObject(handle); - - // Try to create an event sequence object again. This time, we must - // succeed. - result = ObjectCreateEventSequence(NULL, &g_DRTMHandle); - if(result != TPM_RC_SUCCESS) - FAIL(FATAL_ERROR_INTERNAL); - } - - return; -} \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/events/_TPM_Init.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/events/_TPM_Init.c deleted file mode 100644 index 0adc0a41a..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/events/_TPM_Init.c +++ /dev/null @@ -1,90 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "_TPM_Init_fp.h" - - // This function is used to process a _TPM_Init indication. -LIB_EXPORT void -_TPM_Init( - void - ) -{ - g_powerWasLost = g_powerWasLost | _plat__WasPowerLost(); - -#if SIMULATION && DEBUG - // If power was lost and this was a simulation, put canary in RAM used by NV - // so that uninitialized memory can be detected more easily - if(g_powerWasLost) - { - memset(&gc, 0xbb, sizeof(gc)); - memset(&gr, 0xbb, sizeof(gr)); - memset(&gp, 0xbb, sizeof(gp)); - memset(&go, 0xbb, sizeof(go)); - } -#endif - -#if SIMULATION - // Clear the flag that forces failure on self-test - g_forceFailureMode = FALSE; -#endif - - // Set initialization state - TPMInit(); - - // Set g_DRTMHandle as unassigned - g_DRTMHandle = TPM_RH_UNASSIGNED; - - // No H-CRTM, yet. - g_DrtmPreStartup = FALSE; - - // Initialize the NvEnvironment. - g_nvOk = NvPowerOn(); - - // Initialize cryptographic functions - g_inFailureMode = (CryptInit() == FALSE); - if(!g_inFailureMode) - { - // Load the persistent data - NvReadPersistent(); - - // Load the orderly data (clock and DRBG state). - // If this is not done here, things break - NvRead(&go, NV_ORDERLY_DATA, sizeof(go)); - - // Start clock. Need to do this after NV has been restored. - TimePowerOn(); - } - return; -} \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/main/CommandDispatcher.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/main/CommandDispatcher.c deleted file mode 100644 index bc55a3b0e..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/main/CommandDispatcher.c +++ /dev/null @@ -1,430 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Includes and Typedefs -#include "Tpm.h" - -#if TABLE_DRIVEN_DISPATCH - -typedef TPM_RC(NoFlagFunction)(void *target, BYTE **buffer, INT32 *size); -typedef TPM_RC(FlagFunction)(void *target, BYTE **buffer, INT32 *size, BOOL flag); - -typedef FlagFunction *UNMARSHAL_t; - -typedef INT16(MarshalFunction)(void *source, BYTE **buffer, INT32 *size); -typedef MarshalFunction *MARSHAL_t; - -typedef TPM_RC(COMMAND_NO_ARGS)(void); -typedef TPM_RC(COMMAND_IN_ARG)(void *in); -typedef TPM_RC(COMMAND_OUT_ARG)(void *out); -typedef TPM_RC(COMMAND_INOUT_ARG)(void *in, void *out); - -typedef union COMMAND_t -{ - COMMAND_NO_ARGS *noArgs; - COMMAND_IN_ARG *inArg; - COMMAND_OUT_ARG *outArg; - COMMAND_INOUT_ARG *inOutArg; -} COMMAND_t; - -// This structure is used by ParseHandleBuffer() and CommandDispatcher(). The -// parameters in this structure are unique for each command. The parameters are: -// command holds the address of the command processing function that is called -// by Command Dispatcher. -// inSize this is the size of the command-dependent input structure. The -// input structure holds the unmarshaled handles and command -// parameters. If the command takes no arguments (handles or -// parameters) then inSize will have a value of 0. -// outSize this is the size of the command-dependent output structure. The -// output structure holds the results of the command in an unmarshaled -// form. When command processing is completed, these values are -// marshaled into the output buffer. It is always the case that the -// unmarshaled version of an output structure is larger then the -// marshaled version. This is because the marshaled version contains -// the exact same number of significant bytes but with padding removed. -// typesOffsets this parameter points to the list of data types that are to be -// marshaled or unmarshaled. The list of types follows the 'offsets' -// array. The offsets array is variable sized so the typesOffset filed -// is necessary for the handle and command processing to be able to -// find the types that are being handled. The 'offsets' array may be -// empty. The types structure is described below. -// offsets this is an array of offsets of each of the parameters in the -// command or response. When processing the command parameters (not -// handles) the list contains the offset of the next parameter. For -// example, if the first command parameter has a size of 4 and there is -// a second command parameter, then the offset would be 4, indicating -// that the second parameter starts at 4. If the second parameter has -// a size of 8, and there is a third parameter, then the second entry -// in offsets is 12 (4 for the first parameter and 8 for the second). -// An offset value of 0 in the list indicates the start of the response -// parameter list. When CommandDispatcher hits this value, it will stop -// unmarshaling the parameters and call 'command'. If a command has no -// response parameters and only one command parameter, then offsets can -// be an empty list. - -typedef struct COMMAND_DESCRIPTOR_t -{ - COMMAND_t command; // Address of the command - UINT16 inSize; // Maximum size of the input structure - UINT16 outSize; // Maximum size of the output structure - UINT16 typesOffset; // address of the types field - UINT16 offsets[1]; -} COMMAND_DESCRIPTOR_t; - -// The 'types' list is an encoded byte array. The byte value has two parts. The most -// significant bit is used when a parameter takes a flag and indicates if the flag -// should be SET or not. The remaining 7 bits are an index into an array of -// addresses of marshaling and unmarshaling functions. -// The array of functions is divided into 6 sections with a value assigned -// to denote the start of that section (and the end of the previous section). The -// defined offset values for each section are: -// 0 unmarshaling for handles that do not take flags -// HANDLE_FIRST_FLAG_TYPE unmarshaling for handles that take flags -// PARAMETER_FIRST_TYPE unmarshaling for parameters that do not take flags -// PARAMETER_FIRST_FLAG_TYPE unmarshaling for parameters that take flags -// PARAMETER_LAST_TYPE + 1 marshaling for handles -// RESPONSE_PARAMETER_FIRST_TYPE marshaling for parameters -// RESPONSE_PARAMETER_LAST_TYPE is the last value in the list of marshaling and -// unmarshaling functions. -// -// The types list is constructed with a byte of 0xff at the end of the command -// parameters and with an 0xff at the end of the response parameters. - -#if COMPRESSED_LISTS -# define PAD_LIST 0 -#else -# define PAD_LIST 1 -#endif -#define _COMMAND_TABLE_DISPATCH_ -#include "CommandDispatchData.h" - -#define TEST_COMMAND TPM_CC_Startup - -#define NEW_CC - -#else - -#include "Commands.h" - -#endif - -//** Marshal/Unmarshal Functions - -//*** ParseHandleBuffer() -// This is the table-driven version of the handle buffer unmarshaling code -TPM_RC -ParseHandleBuffer( - COMMAND *command - ) -{ - TPM_RC result; -#if TABLE_DRIVEN_DISPATCH - COMMAND_DESCRIPTOR_t *desc; - BYTE *types; - BYTE type; - BYTE dType; - - // Make sure that nothing strange has happened - pAssert(command->index - < sizeof(s_CommandDataArray) / sizeof(COMMAND_DESCRIPTOR_t *)); - // Get the address of the descriptor for this command - desc = s_CommandDataArray[command->index]; - - pAssert(desc != NULL); - // Get the associated list of unmarshaling data types. - types = &((BYTE *)desc)[desc->typesOffset]; - -// if(s_ccAttr[commandIndex].commandIndex == TEST_COMMAND) -// commandIndex = commandIndex; - // No handles yet - command->handleNum = 0; - - // Get the first type value - for(type = *types++; - // check each byte to make sure that we have not hit the start - // of the parameters - (dType = (type & 0x7F)) < PARAMETER_FIRST_TYPE; - // get the next type - type = *types++) - { - // See if unmarshaling of this handle type requires a flag - if(dType < HANDLE_FIRST_FLAG_TYPE) - { - // Look up the function to do the unmarshaling - NoFlagFunction *f = (NoFlagFunction *)UnmarshalArray[dType]; - // call it - result = f(&(command->handles[command->handleNum]), - &command->parameterBuffer, - &command->parameterSize); - } - else - { - // Look up the function - FlagFunction *f = UnmarshalArray[dType]; - - // Call it setting the flag to the appropriate value - result = f(&(command->handles[command->handleNum]), - &command->parameterBuffer, - &command->parameterSize, (type & 0x80) != 0); - } - // Got a handle - // We do this first so that the match for the handle offset of the - // response code works correctly. - command->handleNum += 1; - if(result != TPM_RC_SUCCESS) - // if the unmarshaling failed, return the response code with the - // handle indication set - return result + TPM_RC_H + (command->handleNum * TPM_RC_1); - } -#else - BYTE **handleBufferStart = &command->parameterBuffer; - INT32 *bufferRemainingSize = &command->parameterSize; - TPM_HANDLE *handles = &command->handles[0]; - UINT32 *handleCount = &command->handleNum; - *handleCount = 0; - switch(command->code) - { -#include "HandleProcess.h" -#undef handles - default: - FAIL(FATAL_ERROR_INTERNAL); - break; - } -#endif - return TPM_RC_SUCCESS; -} - -//*** CommandDispatcher() -// Function to unmarshal the command parameters, call the selected action code, and -// marshal the response parameters. -TPM_RC -CommandDispatcher( - COMMAND *command - ) -{ -#if !TABLE_DRIVEN_DISPATCH - TPM_RC result; - BYTE **paramBuffer = &command->parameterBuffer; - INT32 *paramBufferSize = &command->parameterSize; - BYTE **responseBuffer = &command->responseBuffer; - INT32 *respParmSize = &command->parameterSize; - INT32 rSize; - TPM_HANDLE *handles = &command->handles[0]; -// - command->handleNum = 0; // The command-specific code knows how - // many handles there are. This is for - // cataloging the number of response - // handles - MemoryIoBufferAllocationReset(); // Initialize so that allocation will - // work properly - switch(GetCommandCode(command->index)) - { -#include "CommandDispatcher.h" - - default: - FAIL(FATAL_ERROR_INTERNAL); - break; - } -Exit: - MemoryIoBufferZero(); - return result; -#else - COMMAND_DESCRIPTOR_t *desc; - BYTE *types; - BYTE type; - UINT16 *offsets; - UINT16 offset = 0; - UINT32 maxInSize; - BYTE *commandIn; - INT32 maxOutSize; - BYTE *commandOut; - COMMAND_t cmd; - TPM_HANDLE *handles; - UINT32 hasInParameters = 0; - BOOL hasOutParameters = FALSE; - UINT32 pNum = 0; - BYTE dType; // dispatch type - TPM_RC result; -// - // Get the address of the descriptor for this command - pAssert(command->index - < sizeof(s_CommandDataArray) / sizeof(COMMAND_DESCRIPTOR_t *)); - desc = s_CommandDataArray[command->index]; - - // Get the list of parameter types for this command - pAssert(desc != NULL); - types = &((BYTE *)desc)[desc->typesOffset]; - - // Get a pointer to the list of parameter offsets - offsets = &desc->offsets[0]; - // pointer to handles - handles = command->handles; - - // Get the size required to hold all the unmarshaled parameters for this command - maxInSize = desc->inSize; - // and the size of the output parameter structure returned by this command - maxOutSize = desc->outSize; - - MemoryIoBufferAllocationReset(); - // Get a buffer for the input parameters - commandIn = MemoryGetInBuffer(maxInSize); - // And the output parameters - commandOut = (BYTE *)MemoryGetOutBuffer((UINT32)maxOutSize); - - // Get the address of the action code dispatch - cmd = desc->command; - - // Copy any handles into the input buffer - for(type = *types++; (type & 0x7F) < PARAMETER_FIRST_TYPE; type = *types++) - { - // 'offset' was initialized to zero so the first unmarshaling will always - // be to the start of the data structure - *(TPM_HANDLE *)&(commandIn[offset]) = *handles++; - // This check is used so that we don't have to add an additional offset - // value to the offsets list to correspond to the stop value in the - // command parameter list. - if(*types != 0xFF) - offset = *offsets++; -// maxInSize -= sizeof(TPM_HANDLE); - hasInParameters++; - } - // Exit loop with type containing the last value read from types - // maxInSize has the amount of space remaining in the command action input - // buffer. Make sure that we don't have more data to unmarshal than is going to - // fit. - - // type contains the last value read from types so it is not necessary to - // reload it, which is good because *types now points to the next value - for(; (dType = (type & 0x7F)) <= PARAMETER_LAST_TYPE; type = *types++) - { - pNum++; - if(dType < PARAMETER_FIRST_FLAG_TYPE) - { - NoFlagFunction *f = (NoFlagFunction *)UnmarshalArray[dType]; - result = f(&commandIn[offset], &command->parameterBuffer, - &command->parameterSize); - } - else - { - FlagFunction *f = UnmarshalArray[dType]; - result = f(&commandIn[offset], &command->parameterBuffer, - &command->parameterSize, - (type & 0x80) != 0); - } - if(result != TPM_RC_SUCCESS) - { - result += TPM_RC_P + (TPM_RC_1 * pNum); - goto Exit; - } - - // This check is used so that we don't have to add an additional offset - // value to the offsets list to correspond to the stop value in the - // command parameter list. - if(*types != 0xFF) - offset = *offsets++; - hasInParameters++; - } - // Should have used all the bytes in the input - if(command->parameterSize != 0) - { - result = TPM_RC_SIZE; - goto Exit; - } - - // The command parameter unmarshaling stopped when it hit a value that was out - // of range for unmarshaling values and left *types pointing to the first - // marshaling type. If that type happens to be the STOP value, then there - // are no response parameters. So, set the flag to indicate if there are - // output parameters. - hasOutParameters = *types != 0xFF; - - // There are four cases for calling, with and without input parameters and with - // and without output parameters. - if(hasInParameters > 0) - { - if(hasOutParameters) - result = cmd.inOutArg(commandIn, commandOut); - else - result = cmd.inArg(commandIn); - } - else - { - if(hasOutParameters) - result = cmd.outArg(commandOut); - else - result = cmd.noArgs(); - } - if(result != TPM_RC_SUCCESS) - goto Exit; - - // Offset in the marshaled output structure - offset = 0; - - // Process the return handles, if any - command->handleNum = 0; - - // Could make this a loop to process output handles but there is only ever - // one handle in the outputs (for now). - type = *types++; - if((dType = (type & 0x7F)) < RESPONSE_PARAMETER_FIRST_TYPE) - { - // The out->handle value was referenced as TPM_HANDLE in the - // action code so it has to be properly aligned. - command->handles[command->handleNum++] = - *((TPM_HANDLE *)&(commandOut[offset])); - maxOutSize -= sizeof(UINT32); - type = *types++; - offset = *offsets++; - } - // Use the size of the command action output buffer as the maximum for the - // number of bytes that can get marshaled. Since the marshaling code has - // no pointers to data, all of the data being returned has to be in the - // command action output buffer. If we try to marshal more bytes than - // could fit into the output buffer, we need to fail. - for(;(dType = (type & 0x7F)) <= RESPONSE_PARAMETER_LAST_TYPE - && !g_inFailureMode; type = *types++) - { - const MARSHAL_t f = MarshalArray[dType]; - - command->parameterSize += f(&commandOut[offset], - &command->responseBuffer, - &maxOutSize); - offset = *offsets++; - } - result = (maxOutSize < 0) ? TPM_RC_FAILURE : TPM_RC_SUCCESS; -Exit: - MemoryIoBufferZero(); - return result; -#endif -} \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/main/ExecCommand.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/main/ExecCommand.c deleted file mode 100644 index d7673c5d0..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/main/ExecCommand.c +++ /dev/null @@ -1,317 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Introduction -// -// This file contains the entry function ExecuteCommand() which provides the main -// control flow for TPM command execution. - -//** Includes - -#include "Tpm.h" -#include "ExecCommand_fp.h" - -// Uncomment this next #include if doing static command/response buffer sizing -// #include "CommandResponseSizes_fp.h" - -//** ExecuteCommand() -// -// The function performs the following steps. -// -// a) Parses the command header from input buffer. -// b) Calls ParseHandleBuffer() to parse the handle area of the command. -// c) Validates that each of the handles references a loaded entity. -// d) Calls ParseSessionBuffer () to: -// 1) unmarshal and parse the session area; -// 2) check the authorizations; and -// 3) when necessary, decrypt a parameter. -// e) Calls CommandDispatcher() to: -// 1) unmarshal the command parameters from the command buffer; -// 2) call the routine that performs the command actions; and -// 3) marshal the responses into the response buffer. -// f) If any error occurs in any of the steps above create the error response -// and return. -// g) Calls BuildResponseSessions() to: -// 1) when necessary, encrypt a parameter -// 2) build the response authorization sessions -// 3) update the audit sessions and nonces -// h) Calls BuildResponseHeader() to complete the construction of the response. -// -// 'responseSize' is set by the caller to the maximum number of bytes available in -// the output buffer. ExecuteCommand will adjust the value and return the number -// of bytes placed in the buffer. -// -// 'response' is also set by the caller to indicate the buffer into which -// ExecuteCommand is to place the response. -// -// 'request' and 'response' may point to the same buffer -// -// Note: As of February, 2016, the failure processing has been moved to the -// platform-specific code. When the TPM code encounters an unrecoverable failure, it -// will SET g_inFailureMode and call _plat__Fail(). That function should not return -// but may call ExecuteCommand(). -// -LIB_EXPORT void -ExecuteCommand( - uint32_t requestSize, // IN: command buffer size - unsigned char *request, // IN: command buffer - uint32_t *responseSize, // IN/OUT: response buffer size - unsigned char **response // IN/OUT: response buffer - ) -{ - // Command local variables - UINT32 commandSize; - COMMAND command; - - // Response local variables - UINT32 maxResponse = *responseSize; - TPM_RC result; // return code for the command - -// This next function call is used in development to size the command and response -// buffers. The values printed are the sizes of the internal structures and -// not the sizes of the canonical forms of the command response structures. Also, -// the sizes do not include the tag, command.code, requestSize, or the authorization -// fields. -//CommandResponseSizes(); - // Set flags for NV access state. This should happen before any other - // operation that may require a NV write. Note, that this needs to be done - // even when in failure mode. Otherwise, g_updateNV would stay SET while in - // Failure mode and the NV would be written on each call. - g_updateNV = UT_NONE; - g_clearOrderly = FALSE; - if(g_inFailureMode) - { - // Do failure mode processing - TpmFailureMode(requestSize, request, responseSize, response); - return; - } - // Query platform to get the NV state. The result state is saved internally - // and will be reported by NvIsAvailable(). The reference code requires that - // accessibility of NV does not change during the execution of a command. - // Specifically, if NV is available when the command execution starts and then - // is not available later when it is necessary to write to NV, then the TPM - // will go into failure mode. - NvCheckState(); - - // Due to the limitations of the simulation, TPM clock must be explicitly - // synchronized with the system clock whenever a command is received. - // This function call is not necessary in a hardware TPM. However, taking - // a snapshot of the hardware timer at the beginning of the command allows - // the time value to be consistent for the duration of the command execution. - TimeUpdateToCurrent(); - - // Any command through this function will unceremoniously end the - // _TPM_Hash_Data/_TPM_Hash_End sequence. - if(g_DRTMHandle != TPM_RH_UNASSIGNED) - ObjectTerminateEvent(); - - // Get command buffer size and command buffer. - command.parameterBuffer = request; - command.parameterSize = requestSize; - - // Parse command header: tag, commandSize and command.code. - // First parse the tag. The unmarshaling routine will validate - // that it is either TPM_ST_SESSIONS or TPM_ST_NO_SESSIONS. - result = TPMI_ST_COMMAND_TAG_Unmarshal(&command.tag, - &command.parameterBuffer, - &command.parameterSize); - if(result != TPM_RC_SUCCESS) - goto Cleanup; - // Unmarshal the commandSize indicator. - result = UINT32_Unmarshal(&commandSize, - &command.parameterBuffer, - &command.parameterSize); - if(result != TPM_RC_SUCCESS) - goto Cleanup; - // On a TPM that receives bytes on a port, the number of bytes that were - // received on that port is requestSize it must be identical to commandSize. - // In addition, commandSize must not be larger than MAX_COMMAND_SIZE allowed - // by the implementation. The check against MAX_COMMAND_SIZE may be redundant - // as the input processing (the function that receives the command bytes and - // places them in the input buffer) would likely have the input truncated when - // it reaches MAX_COMMAND_SIZE, and requestSize would not equal commandSize. - if(commandSize != requestSize || commandSize > MAX_COMMAND_SIZE) - { - result = TPM_RC_COMMAND_SIZE; - goto Cleanup; - } - // Unmarshal the command code. - result = TPM_CC_Unmarshal(&command.code, &command.parameterBuffer, - &command.parameterSize); - if(result != TPM_RC_SUCCESS) - goto Cleanup; - // Check to see if the command is implemented. - command.index = CommandCodeToCommandIndex(command.code); - if(UNIMPLEMENTED_COMMAND_INDEX == command.index) - { - result = TPM_RC_COMMAND_CODE; - goto Cleanup; - } -#if FIELD_UPGRADE_IMPLEMENTED == YES - // If the TPM is in FUM, then the only allowed command is - // TPM_CC_FieldUpgradeData. - if(IsFieldUgradeMode() && (command.code != TPM_CC_FieldUpgradeData)) - { - result = TPM_RC_UPGRADE; - goto Cleanup; - } - else -#endif - // Excepting FUM, the TPM only accepts TPM2_Startup() after - // _TPM_Init. After getting a TPM2_Startup(), TPM2_Startup() - // is no longer allowed. - if((!TPMIsStarted() && command.code != TPM_CC_Startup) - || (TPMIsStarted() && command.code == TPM_CC_Startup)) - { - result = TPM_RC_INITIALIZE; - goto Cleanup; - } -// Start regular command process. - NvIndexCacheInit(); - // Parse Handle buffer. - result = ParseHandleBuffer(&command); - if(result != TPM_RC_SUCCESS) - goto Cleanup; - // All handles in the handle area are required to reference TPM-resident - // entities. - result = EntityGetLoadStatus(&command); - if(result != TPM_RC_SUCCESS) - goto Cleanup; - // Authorization session handling for the command. - ClearCpRpHashes(&command); - if(command.tag == TPM_ST_SESSIONS) - { - // Find out session buffer size. - result = UINT32_Unmarshal((UINT32 *)&command.authSize, - &command.parameterBuffer, - &command.parameterSize); - if(result != TPM_RC_SUCCESS) - goto Cleanup; - // Perform sanity check on the unmarshaled value. If it is smaller than - // the smallest possible session or larger than the remaining size of - // the command, then it is an error. NOTE: This check could pass but the - // session size could still be wrong. That will be determined after the - // sessions are unmarshaled. - if(command.authSize < 9 - || command.authSize > command.parameterSize) - { - result = TPM_RC_SIZE; - goto Cleanup; - } - command.parameterSize -= command.authSize; - - // The actions of ParseSessionBuffer() are described in the introduction. - // As the sessions are parsed command.parameterBuffer is advanced so, on a - // successful return, command.parameterBuffer should be pointing at the - // first byte of the parameters. - result = ParseSessionBuffer(&command); - if(result != TPM_RC_SUCCESS) - goto Cleanup; - } - else - { - command.authSize = 0; - // The command has no authorization sessions. - // If the command requires authorizations, then CheckAuthNoSession() will - // return an error. - result = CheckAuthNoSession(&command); - if(result != TPM_RC_SUCCESS) - goto Cleanup; - } - // Set up the response buffer pointers. CommandDispatch will marshal the - // response parameters starting at the address in command.responseBuffer. -//*response = MemoryGetResponseBuffer(command.index); - // leave space for the command header - command.responseBuffer = *response + STD_RESPONSE_HEADER; - - // leave space for the parameter size field if needed - if(command.tag == TPM_ST_SESSIONS) - command.responseBuffer += sizeof(UINT32); - if(IsHandleInResponse(command.index)) - command.responseBuffer += sizeof(TPM_HANDLE); - - // CommandDispatcher returns a response handle buffer and a response parameter - // buffer if it succeeds. It will also set the parameterSize field in the - // buffer if the tag is TPM_RC_SESSIONS. - result = CommandDispatcher(&command); - if(result != TPM_RC_SUCCESS) - goto Cleanup; - - // Build the session area at the end of the parameter area. - BuildResponseSession(&command); - -Cleanup: - if(g_clearOrderly == TRUE - && NV_IS_ORDERLY) - { -#if USE_DA_USED - gp.orderlyState = g_daUsed ? SU_DA_USED_VALUE : SU_NONE_VALUE; -#else - gp.orderlyState = SU_NONE_VALUE; -#endif - NV_SYNC_PERSISTENT(orderlyState); - } - // This implementation loads an "evict" object to a transient object slot in - // RAM whenever an "evict" object handle is used in a command so that the - // access to any object is the same. These temporary objects need to be - // cleared from RAM whether the command succeeds or fails. - ObjectCleanupEvict(); - - // The parameters and sessions have been marshaled. Now tack on the header and - // set the sizes - BuildResponseHeader(&command, *response, result); - - // Try to commit all the writes to NV if any NV write happened during this - // command execution. This check should be made for both succeeded and failed - // commands, because a failed one may trigger a NV write in DA logic as well. - // This is the only place in the command execution path that may call the NV - // commit. If the NV commit fails, the TPM should be put in failure mode. - if((g_updateNV != UT_NONE) && !g_inFailureMode) - { - if(g_updateNV == UT_ORDERLY) - NvUpdateIndexOrderlyData(); - if(!NvCommit()) - FAIL(FATAL_ERROR_INTERNAL); - g_updateNV = UT_NONE; - } - pAssert((UINT32)command.parameterSize <= maxResponse); - - // Clear unused bits in response buffer. - MemorySet(*response + *responseSize, 0, maxResponse - *responseSize); - - // as a final act, and not before, update the response size. - *responseSize = (UINT32)command.parameterSize; - - return; -} \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/main/SessionProcess.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/main/SessionProcess.c deleted file mode 100644 index bd7f89f1e..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/main/SessionProcess.c +++ /dev/null @@ -1,2242 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Introduction -// This file contains the subsystem that process the authorization sessions -// including implementation of the Dictionary Attack logic. ExecCommand() uses -// ParseSessionBuffer() to process the authorization session area of a command and -// BuildResponseSession() to create the authorization session area of a response. - -//** Includes and Data Definitions - -#define SESSION_PROCESS_C - -#include "Tpm.h" - -// -//** Authorization Support Functions -// - -//*** IsDAExempted() -// This function indicates if a handle is exempted from DA logic. -// A handle is exempted if it is -// 1. a primary seed handle, -// 2. an object with noDA bit SET, -// 3. an NV Index with TPMA_NV_NO_DA bit SET, or -// 4. a PCR handle. -// -// Return Type: BOOL -// TRUE(1) handle is exempted from DA logic -// FALSE(0) handle is not exempted from DA logic -BOOL -IsDAExempted( - TPM_HANDLE handle // IN: entity handle - ) -{ - BOOL result = FALSE; -// - switch(HandleGetType(handle)) - { - case TPM_HT_PERMANENT: - // All permanent handles, other than TPM_RH_LOCKOUT, are exempt from - // DA protection. - result = (handle != TPM_RH_LOCKOUT); - break; - // When this function is called, a persistent object will have been loaded - // into an object slot and assigned a transient handle. - case TPM_HT_TRANSIENT: - { - TPMA_OBJECT attributes = ObjectGetPublicAttributes(handle); - result = IS_ATTRIBUTE(attributes, TPMA_OBJECT, noDA); - break; - } - case TPM_HT_NV_INDEX: - { - NV_INDEX *nvIndex = NvGetIndexInfo(handle, NULL); - result = IS_ATTRIBUTE(nvIndex->publicArea.attributes, TPMA_NV, NO_DA); - break; - } - case TPM_HT_PCR: - // PCRs are always exempted from DA. - result = TRUE; - break; - default: - break; - } - return result; -} - -//*** IncrementLockout() -// This function is called after an authorization failure that involves use of -// an authValue. If the entity referenced by the handle is not exempt from DA -// protection, then the failedTries counter will be incremented. -// -// Return Type: TPM_RC -// TPM_RC_AUTH_FAIL authorization failure that caused DA lockout to increment -// TPM_RC_BAD_AUTH authorization failure did not cause DA lockout to -// increment -static TPM_RC -IncrementLockout( - UINT32 sessionIndex - ) -{ - TPM_HANDLE handle = s_associatedHandles[sessionIndex]; - TPM_HANDLE sessionHandle = s_sessionHandles[sessionIndex]; - SESSION *session = NULL; -// - // Don't increment lockout unless the handle associated with the session - // is DA protected or the session is bound to a DA protected entity. - if(sessionHandle == TPM_RS_PW) - { - if(IsDAExempted(handle)) - return TPM_RC_BAD_AUTH; - } - else - { - session = SessionGet(sessionHandle); - // If the session is bound to lockout, then use that as the relevant - // handle. This means that an authorization failure with a bound session - // bound to lockoutAuth will take precedence over any other - // lockout check - if(session->attributes.isLockoutBound == SET) - handle = TPM_RH_LOCKOUT; - if(session->attributes.isDaBound == CLEAR - && (IsDAExempted(handle) || session->attributes.includeAuth == CLEAR)) - // If the handle was changed to TPM_RH_LOCKOUT, this will not return - // TPM_RC_BAD_AUTH - return TPM_RC_BAD_AUTH; - } - if(handle == TPM_RH_LOCKOUT) - { - pAssert(gp.lockOutAuthEnabled == TRUE); - - // lockout is no longer enabled - gp.lockOutAuthEnabled = FALSE; - - // For TPM_RH_LOCKOUT, if lockoutRecovery is 0, no need to update NV since - // the lockout authorization will be reset at startup. - if(gp.lockoutRecovery != 0) - { - if(NV_IS_AVAILABLE) - // Update NV. - NV_SYNC_PERSISTENT(lockOutAuthEnabled); - else - // No NV access for now. Put the TPM in pending mode. - s_DAPendingOnNV = TRUE; - } - } - else - { - if(gp.recoveryTime != 0) - { - gp.failedTries++; - if(NV_IS_AVAILABLE) - // Record changes to NV. NvWrite will SET g_updateNV - NV_SYNC_PERSISTENT(failedTries); - else - // No NV access for now. Put the TPM in pending mode. - s_DAPendingOnNV = TRUE; - } - } - // Register a DA failure and reset the timers. - DARegisterFailure(handle); - - return TPM_RC_AUTH_FAIL; -} - -//*** IsSessionBindEntity() -// This function indicates if the entity associated with the handle is the entity, -// to which this session is bound. The binding would occur by making the "bind" -// parameter in TPM2_StartAuthSession() not equal to TPM_RH_NULL. The binding only -// occurs if the session is an HMAC session. The bind value is a combination of -// the Name and the authValue of the entity. -// -// Return Type: BOOL -// TRUE(1) handle points to the session start entity -// FALSE(0) handle does not point to the session start entity -static BOOL -IsSessionBindEntity( - TPM_HANDLE associatedHandle, // IN: handle to be authorized - SESSION *session // IN: associated session - ) -{ - TPM2B_NAME entity; // The bind value for the entity -// - // If the session is not bound, return FALSE. - if(session->attributes.isBound) - { - // Compute the bind value for the entity. - SessionComputeBoundEntity(associatedHandle, &entity); - - // Compare to the bind value in the session. - return MemoryEqual2B(&entity.b, &session->u1.boundEntity.b); - } - return FALSE; -} - -//*** IsPolicySessionRequired() -// Checks if a policy session is required for a command. If a command requires -// DUP or ADMIN role authorization, then the handle that requires that role is the -// first handle in the command. This simplifies this checking. If a new command -// is created that requires multiple ADMIN role authorizations, then it will -// have to be special-cased in this function. -// A policy session is required if: -// 1. the command requires the DUP role, -// 2. the command requires the ADMIN role and the authorized entity -// is an object and its adminWithPolicy bit is SET, or -// 3. the command requires the ADMIN role and the authorized entity -// is a permanent handle or an NV Index. -// 4. The authorized entity is a PCR belonging to a policy group, and -// has its policy initialized -// Return Type: BOOL -// TRUE(1) policy session is required -// FALSE(0) policy session is not required -static BOOL -IsPolicySessionRequired( - COMMAND_INDEX commandIndex, // IN: command index - UINT32 sessionIndex // IN: session index - ) -{ - AUTH_ROLE role = CommandAuthRole(commandIndex, sessionIndex); - TPM_HT type = HandleGetType(s_associatedHandles[sessionIndex]); -// - if(role == AUTH_DUP) - return TRUE; - if(role == AUTH_ADMIN) - { - // We allow an exception for ADMIN role in a transient object. If the object - // allows ADMIN role actions with authorization, then policy is not - // required. For all other cases, there is no way to override the command - // requirement that a policy be used - if(type == TPM_HT_TRANSIENT) - { - OBJECT *object = HandleToObject(s_associatedHandles[sessionIndex]); - - if(!IS_ATTRIBUTE(object->publicArea.objectAttributes, TPMA_OBJECT, - adminWithPolicy)) - return FALSE; - } - return TRUE; - } - - if(type == TPM_HT_PCR) - { - if(PCRPolicyIsAvailable(s_associatedHandles[sessionIndex])) - { - TPM2B_DIGEST policy; - TPMI_ALG_HASH policyAlg; - policyAlg = PCRGetAuthPolicy(s_associatedHandles[sessionIndex], - &policy); - if(policyAlg != TPM_ALG_NULL) - return TRUE; - } - } - return FALSE; -} - -//*** IsAuthValueAvailable() -// This function indicates if authValue is available and allowed for USER role -// authorization of an entity. -// -// This function is similar to IsAuthPolicyAvailable() except that it does not -// check the size of the authValue as IsAuthPolicyAvailable() does (a null -// authValue is a valid authorization, but a null policy is not a valid policy). -// -// This function does not check that the handle reference is valid or if the entity -// is in an enabled hierarchy. Those checks are assumed to have been performed -// during the handle unmarshaling. -// -// Return Type: BOOL -// TRUE(1) authValue is available -// FALSE(0) authValue is not available -static BOOL -IsAuthValueAvailable( - TPM_HANDLE handle, // IN: handle of entity - COMMAND_INDEX commandIndex, // IN: command index - UINT32 sessionIndex // IN: session index - ) -{ - BOOL result = FALSE; -// - switch(HandleGetType(handle)) - { - case TPM_HT_PERMANENT: - switch(handle) - { - // At this point hierarchy availability has already been - // checked so primary seed handles are always available here - case TPM_RH_OWNER: - case TPM_RH_ENDORSEMENT: - case TPM_RH_PLATFORM: -#ifdef VENDOR_PERMANENT - // This vendor defined handle associated with the - // manufacturer's shared secret - case VENDOR_PERMANENT: -#endif - // The DA checking has been performed on LockoutAuth but we - // bypass the DA logic if we are using lockout policy. The - // policy would allow execution to continue an lockoutAuth - // could be used, even if direct use of lockoutAuth is disabled - case TPM_RH_LOCKOUT: - // NullAuth is always available. - case TPM_RH_NULL: - result = TRUE; - break; - default: - // Otherwise authValue is not available. - break; - } - break; - case TPM_HT_TRANSIENT: - // A persistent object has already been loaded and the internal - // handle changed. - { - OBJECT *object; - TPMA_OBJECT attributes; -// - object = HandleToObject(handle); - attributes = object->publicArea.objectAttributes; - - // authValue is always available for a sequence object. - // An alternative for this is to - // SET_ATTRIBUTE(object->publicArea, TPMA_OBJECT, userWithAuth) when the - // sequence is started. - if(ObjectIsSequence(object)) - { - result = TRUE; - break; - } - // authValue is available for an object if it has its sensitive - // portion loaded and - // 1. userWithAuth bit is SET, or - // 2. ADMIN role is required - if(object->attributes.publicOnly == CLEAR - && (IS_ATTRIBUTE(attributes, TPMA_OBJECT, userWithAuth) - || (CommandAuthRole(commandIndex, sessionIndex) == AUTH_ADMIN - && !IS_ATTRIBUTE(attributes, TPMA_OBJECT, adminWithPolicy)))) - result = TRUE; - } - break; - case TPM_HT_NV_INDEX: - // NV Index. - { - NV_REF locator; - NV_INDEX *nvIndex = NvGetIndexInfo(handle, &locator); - TPMA_NV nvAttributes; -// - pAssert(nvIndex != 0); - - nvAttributes = nvIndex->publicArea.attributes; - - if(IsWriteOperation(commandIndex)) - { - // AuthWrite can't be set for a PIN index - if(IS_ATTRIBUTE(nvAttributes, TPMA_NV, AUTHWRITE)) - result = TRUE; - } - else - { - // A "read" operation - // For a PIN Index, the authValue is available as long as the - // Index has been written and the pinCount is less than pinLimit - if(IsNvPinFailIndex(nvAttributes) - || IsNvPinPassIndex(nvAttributes)) - { - NV_PIN pin; - if(!IS_ATTRIBUTE(nvAttributes, TPMA_NV, WRITTEN)) - break; // return false - // get the index values - pin.intVal = NvGetUINT64Data(nvIndex, locator); - if(pin.pin.pinCount < pin.pin.pinLimit) - result = TRUE; - } - // For non-PIN Indexes, need to allow use of the authValue - else if(IS_ATTRIBUTE(nvAttributes, TPMA_NV, AUTHREAD)) - result = TRUE; - } - } - break; - case TPM_HT_PCR: - // PCR handle. - // authValue is always allowed for PCR - result = TRUE; - break; - default: - // Otherwise, authValue is not available - break; - } - return result; -} - -//*** IsAuthPolicyAvailable() -// This function indicates if an authPolicy is available and allowed. -// -// This function does not check that the handle reference is valid or if the entity -// is in an enabled hierarchy. Those checks are assumed to have been performed -// during the handle unmarshaling. -// -// Return Type: BOOL -// TRUE(1) authPolicy is available -// FALSE(0) authPolicy is not available -static BOOL -IsAuthPolicyAvailable( - TPM_HANDLE handle, // IN: handle of entity - COMMAND_INDEX commandIndex, // IN: command index - UINT32 sessionIndex // IN: session index - ) -{ - BOOL result = FALSE; -// - switch(HandleGetType(handle)) - { - case TPM_HT_PERMANENT: - switch(handle) - { - // At this point hierarchy availability has already been checked. - case TPM_RH_OWNER: - if(gp.ownerPolicy.t.size != 0) - result = TRUE; - break; - case TPM_RH_ENDORSEMENT: - if(gp.endorsementPolicy.t.size != 0) - result = TRUE; - break; - case TPM_RH_PLATFORM: - if(gc.platformPolicy.t.size != 0) - result = TRUE; - break; - case TPM_RH_LOCKOUT: - if(gp.lockoutPolicy.t.size != 0) - result = TRUE; - break; - default: - break; - } - break; - case TPM_HT_TRANSIENT: - { - // Object handle. - // An evict object would already have been loaded and given a - // transient object handle by this point. - OBJECT *object = HandleToObject(handle); - // Policy authorization is not available for an object with only - // public portion loaded. - if(object->attributes.publicOnly == CLEAR) - { - // Policy authorization is always available for an object but - // is never available for a sequence. - if(!ObjectIsSequence(object)) - result = TRUE; - } - break; - } - case TPM_HT_NV_INDEX: - // An NV Index. - { - NV_INDEX *nvIndex = NvGetIndexInfo(handle, NULL); - TPMA_NV nvAttributes = nvIndex->publicArea.attributes; -// - // If the policy size is not zero, check if policy can be used. - if(nvIndex->publicArea.authPolicy.t.size != 0) - { - // If policy session is required for this handle, always - // uses policy regardless of the attributes bit setting - if(IsPolicySessionRequired(commandIndex, sessionIndex)) - result = TRUE; - // Otherwise, the presence of the policy depends on the NV - // attributes. - else if(IsWriteOperation(commandIndex)) - { - if(IS_ATTRIBUTE(nvAttributes, TPMA_NV, POLICYWRITE)) - result = TRUE; - } - else - { - if(IS_ATTRIBUTE(nvAttributes, TPMA_NV, POLICYREAD)) - result = TRUE; - } - } - } - break; - case TPM_HT_PCR: - // PCR handle. - if(PCRPolicyIsAvailable(handle)) - result = TRUE; - break; - default: - break; - } - return result; -} - -//** Session Parsing Functions - -//*** ClearCpRpHashes() -void -ClearCpRpHashes( - COMMAND *command - ) -{ -#if ALG_SHA1 - command->sha1CpHash.t.size = 0; - command->sha1RpHash.t.size = 0; -#endif -#if ALG_SHA256 - command->sha256CpHash.t.size = 0; - command->sha256RpHash.t.size = 0; -#endif -#if ALG_SHA384 - command->sha384CpHash.t.size = 0; - command->sha384RpHash.t.size = 0; -#endif -#if ALG_SHA512 - command->sha512CpHash.t.size = 0; - command->sha512RpHash.t.size = 0; -#endif -#if ALG_SM3_256 - command->sm3_256CpHash.t.size = 0; - command->sm3_256RpHash.t.size = 0; -#endif -} - - -//*** GetCpHashPointer() -// Function to get a pointer to the cpHash of the command -static TPM2B_DIGEST * -GetCpHashPointer( - COMMAND *command, - TPMI_ALG_HASH hashAlg - ) -{ - TPM2B_DIGEST *retVal; -// - switch(hashAlg) - { -#if ALG_SHA1 - case ALG_SHA1_VALUE: - retVal = (TPM2B_DIGEST *)&command->sha1CpHash; - break; -#endif -#if ALG_SHA256 - case ALG_SHA256_VALUE: - retVal = (TPM2B_DIGEST *)&command->sha256CpHash; - break; -#endif -#if ALG_SHA384 - case ALG_SHA384_VALUE: - retVal = (TPM2B_DIGEST *)&command->sha384CpHash; - break; -#endif -#if ALG_SHA512 - case ALG_SHA512_VALUE: - retVal = (TPM2B_DIGEST *)&command->sha512CpHash; - break; -#endif -#if ALG_SM3_256 - case ALG_SM3_256_VALUE: - retVal = (TPM2B_DIGEST *)&command->sm3_256CpHash; - break; -#endif - default: - retVal = NULL; - break; - } - return retVal; -} - -//*** GetRpHashPointer() -// Function to get a pointer to the RpHash of the command -static TPM2B_DIGEST * -GetRpHashPointer( - COMMAND *command, - TPMI_ALG_HASH hashAlg - ) -{ - TPM2B_DIGEST *retVal; -// - switch(hashAlg) - { -#if ALG_SHA1 - case ALG_SHA1_VALUE: - retVal = (TPM2B_DIGEST *)&command->sha1RpHash; - break; -#endif -#if ALG_SHA256 - case ALG_SHA256_VALUE: - retVal = (TPM2B_DIGEST *)&command->sha256RpHash; - break; -#endif -#if ALG_SHA384 - case ALG_SHA384_VALUE: - retVal = (TPM2B_DIGEST *)&command->sha384RpHash; - break; -#endif -#if ALG_SHA512 - case ALG_SHA512_VALUE: - retVal = (TPM2B_DIGEST *)&command->sha512RpHash; - break; -#endif -#if ALG_SM3_256 - case ALG_SM3_256_VALUE: - retVal = (TPM2B_DIGEST *)&command->sm3_256RpHash; - break; -#endif - default: - retVal = NULL; - break; - } - return retVal; -} - - -//*** ComputeCpHash() -// This function computes the cpHash as defined in Part 2 and described in Part 1. -static TPM2B_DIGEST * -ComputeCpHash( - COMMAND *command, // IN: command parsing structure - TPMI_ALG_HASH hashAlg // IN: hash algorithm - ) -{ - UINT32 i; - HASH_STATE hashState; - TPM2B_NAME name; - TPM2B_DIGEST *cpHash; -// - // cpHash = hash(commandCode [ || authName1 - // [ || authName2 - // [ || authName 3 ]]] - // [ || parameters]) - // A cpHash can contain just a commandCode only if the lone session is - // an audit session. - // Get pointer to the hash value - cpHash = GetCpHashPointer(command, hashAlg); - if(cpHash->t.size == 0) - { - cpHash->t.size = CryptHashStart(&hashState, hashAlg); - // Add commandCode. - CryptDigestUpdateInt(&hashState, sizeof(TPM_CC), command->code); - // Add authNames for each of the handles. - for(i = 0; i < command->handleNum; i++) - CryptDigestUpdate2B(&hashState, &EntityGetName(command->handles[i], - &name)->b); - // Add the parameters. - CryptDigestUpdate(&hashState, command->parameterSize, - command->parameterBuffer); - // Complete the hash. - CryptHashEnd2B(&hashState, &cpHash->b); - } - return cpHash; -} - -//*** GetCpHash() -// This function is used to access a precomputed cpHash. -static TPM2B_DIGEST * -GetCpHash( - COMMAND *command, - TPMI_ALG_HASH hashAlg - ) -{ - TPM2B_DIGEST *cpHash = GetCpHashPointer(command, hashAlg); - // - pAssert(cpHash->t.size != 0); - return cpHash; -} - -//*** CompareTemplateHash() -// This function computes the template hash and compares it to the session -// templateHash. It is the hash of the second parameter -// assuming that the command is TPM2_Create(), TPM2_CreatePrimary(), or -// TPM2_CreateLoaded() -// Return Type: BOOL -// TRUE(1) template hash equal to session->templateHash -// FALSE(0) template hash not equal to session->templateHash -static BOOL -CompareTemplateHash( - COMMAND *command, // IN: parsing structure - SESSION *session // IN: session data - ) -{ - BYTE *pBuffer = command->parameterBuffer; - INT32 pSize = command->parameterSize; - TPM2B_DIGEST tHash; - UINT16 size; -// - // Only try this for the three commands for which it is intended - if(command->code != TPM_CC_Create - && command->code != TPM_CC_CreatePrimary -#if CC_CreateLoaded - && command->code != TPM_CC_CreateLoaded -#endif - ) - return FALSE; - // Assume that the first parameter is a TPM2B and unmarshal the size field - // Note: this will not affect the parameter buffer and size in the calling - // function. - if(UINT16_Unmarshal(&size, &pBuffer, &pSize) != TPM_RC_SUCCESS) - return FALSE; - // reduce the space in the buffer. - // NOTE: this could make pSize go negative if the parameters are not correct but - // the unmarshaling code does not try to unmarshal if the remaining size is - // negative. - pSize -= size; - - // Advance the pointer - pBuffer += size; - - // Get the size of what should be the template - if(UINT16_Unmarshal(&size, &pBuffer, &pSize) != TPM_RC_SUCCESS) - return FALSE; - // See if this is reasonable - if(size > pSize) - return FALSE; - // Hash the template data - tHash.t.size = CryptHashBlock(session->authHashAlg, size, pBuffer, - sizeof(tHash.t.buffer), tHash.t.buffer); - return(MemoryEqual2B(&session->u1.templateHash.b, &tHash.b)); -} - -//*** CompareNameHash() -// This function computes the name hash and compares it to the nameHash in the -// session data. -BOOL -CompareNameHash( - COMMAND *command, // IN: main parsing structure - SESSION *session // IN: session structure with nameHash - ) -{ - HASH_STATE hashState; - TPM2B_DIGEST nameHash; - UINT32 i; - TPM2B_NAME name; -// - nameHash.t.size = CryptHashStart(&hashState, session->authHashAlg); - // Add names. - for(i = 0; i < command->handleNum; i++) - CryptDigestUpdate2B(&hashState, &EntityGetName(command->handles[i], - &name)->b); - // Complete hash. - CryptHashEnd2B(&hashState, &nameHash.b); - // and compare - return MemoryEqual(session->u1.nameHash.t.buffer, nameHash.t.buffer, - nameHash.t.size); -} - -//*** CheckPWAuthSession() -// This function validates the authorization provided in a PWAP session. It -// compares the input value to authValue of the authorized entity. Argument -// sessionIndex is used to get handles handle of the referenced entities from -// s_inputAuthValues[] and s_associatedHandles[]. -// -// Return Type: TPM_RC -// TPM_RC_AUTH_FAIL authorization fails and increments DA failure -// count -// TPM_RC_BAD_AUTH authorization fails but DA does not apply -// -static TPM_RC -CheckPWAuthSession( - UINT32 sessionIndex // IN: index of session to be processed - ) -{ - TPM2B_AUTH authValue; - TPM_HANDLE associatedHandle = s_associatedHandles[sessionIndex]; -// - // Strip trailing zeros from the password. - MemoryRemoveTrailingZeros(&s_inputAuthValues[sessionIndex]); - - // Get the authValue with trailing zeros removed - EntityGetAuthValue(associatedHandle, &authValue); - - // Success if the values are identical. - if(MemoryEqual2B(&s_inputAuthValues[sessionIndex].b, &authValue.b)) - { - return TPM_RC_SUCCESS; - } - else // if the digests are not identical - { - // Invoke DA protection if applicable. - return IncrementLockout(sessionIndex); - } -} - -//*** ComputeCommandHMAC() -// This function computes the HMAC for an authorization session in a command. -/*(See part 1 specification -- this tag keeps this comment from showing up in -// merged document which is probably good because this comment doesn't look right. -// The sessionAuth value -// authHMAC := HMACsHash((sessionKey | authValue), -// (pHash | nonceNewer | nonceOlder | nonceTPMencrypt-only -// | nonceTPMaudit | sessionAttributes)) -// Where: -// HMACsHash() The HMAC algorithm using the hash algorithm specified -// when the session was started. -// -// sessionKey A value that is computed in a protocol-dependent way, -// using KDFa. When used in an HMAC or KDF, the size field -// for this value is not included. -// -// authValue A value that is found in the sensitive area of an entity. -// When used in an HMAC or KDF, the size field for this -// value is not included. -// -// pHash Hash of the command (cpHash) using the session hash. -// When using a pHash in an HMAC computation, only the -// digest is used. -// -// nonceNewer A value that is generated by the entity using the -// session. A new nonce is generated on each use of the -// session. For a command, this will be nonceCaller. -// When used in an HMAC or KDF, the size field is not used. -// -// nonceOlder A TPM2B_NONCE that was received the previous time the -// session was used. For a command, this is nonceTPM. -// When used in an HMAC or KDF, the size field is not used. -// -// nonceTPMdecrypt The nonceTPM of the decrypt session is included in -// the HMAC, but only in the command. -// -// nonceTPMencrypt The nonceTPM of the encrypt session is included in -// the HMAC but only in the command. -// -// sessionAttributes A byte indicating the attributes associated with the -// particular use of the session. -*/ -static TPM2B_DIGEST * -ComputeCommandHMAC( - COMMAND *command, // IN: primary control structure - UINT32 sessionIndex, // IN: index of session to be processed - TPM2B_DIGEST *hmac // OUT: authorization HMAC - ) -{ - TPM2B_TYPE(KEY, (sizeof(AUTH_VALUE) * 2)); - TPM2B_KEY key; - BYTE marshalBuffer[sizeof(TPMA_SESSION)]; - BYTE *buffer; - UINT32 marshalSize; - HMAC_STATE hmacState; - TPM2B_NONCE *nonceDecrypt; - TPM2B_NONCE *nonceEncrypt; - SESSION *session; -// - nonceDecrypt = NULL; - nonceEncrypt = NULL; - - // Determine if extra nonceTPM values are going to be required. - // If this is the first session (sessionIndex = 0) and it is an authorization - // session that uses an HMAC, then check if additional session nonces are to be - // included. - if(sessionIndex == 0 - && s_associatedHandles[sessionIndex] != TPM_RH_UNASSIGNED) - { - // If there is a decrypt session and if this is not the decrypt session, - // then an extra nonce may be needed. - if(s_decryptSessionIndex != UNDEFINED_INDEX - && s_decryptSessionIndex != sessionIndex) - { - // Will add the nonce for the decrypt session. - SESSION *decryptSession - = SessionGet(s_sessionHandles[s_decryptSessionIndex]); - nonceDecrypt = &decryptSession->nonceTPM; - } - // Now repeat for the encrypt session. - if(s_encryptSessionIndex != UNDEFINED_INDEX - && s_encryptSessionIndex != sessionIndex - && s_encryptSessionIndex != s_decryptSessionIndex) - { - // Have to have the nonce for the encrypt session. - SESSION *encryptSession - = SessionGet(s_sessionHandles[s_encryptSessionIndex]); - nonceEncrypt = &encryptSession->nonceTPM; - } - } - - // Continue with the HMAC processing. - session = SessionGet(s_sessionHandles[sessionIndex]); - - // Generate HMAC key. - MemoryCopy2B(&key.b, &session->sessionKey.b, sizeof(key.t.buffer)); - - // Check if the session has an associated handle and if the associated entity - // is the one to which the session is bound. If not, add the authValue of - // this entity to the HMAC key. - // If the session is bound to the object or the session is a policy session - // with no authValue required, do not include the authValue in the HMAC key. - // Note: For a policy session, its isBound attribute is CLEARED. - // - // Include the entity authValue if it is needed - if(session->attributes.includeAuth == SET) - { - TPM2B_AUTH authValue; - // Get the entity authValue with trailing zeros removed - EntityGetAuthValue(s_associatedHandles[sessionIndex], &authValue); - // add the authValue to the HMAC key - MemoryConcat2B(&key.b, &authValue.b, sizeof(key.t.buffer)); - } - // if the HMAC key size is 0, a NULL string HMAC is allowed - if(key.t.size == 0 - && s_inputAuthValues[sessionIndex].t.size == 0) - { - hmac->t.size = 0; - return hmac; - } - // Start HMAC - hmac->t.size = CryptHmacStart2B(&hmacState, session->authHashAlg, &key.b); - - // Add cpHash - CryptDigestUpdate2B(&hmacState.hashState, - &ComputeCpHash(command, session->authHashAlg)->b); - // Add nonces as required - CryptDigestUpdate2B(&hmacState.hashState, &s_nonceCaller[sessionIndex].b); - CryptDigestUpdate2B(&hmacState.hashState, &session->nonceTPM.b); - if(nonceDecrypt != NULL) - CryptDigestUpdate2B(&hmacState.hashState, &nonceDecrypt->b); - if(nonceEncrypt != NULL) - CryptDigestUpdate2B(&hmacState.hashState, &nonceEncrypt->b); - // Add sessionAttributes - buffer = marshalBuffer; - marshalSize = TPMA_SESSION_Marshal(&(s_attributes[sessionIndex]), - &buffer, NULL); - CryptDigestUpdate(&hmacState.hashState, marshalSize, marshalBuffer); - // Complete the HMAC computation - CryptHmacEnd2B(&hmacState, &hmac->b); - - return hmac; -} - -//*** CheckSessionHMAC() -// This function checks the HMAC of in a session. It uses ComputeCommandHMAC() -// to compute the expected HMAC value and then compares the result with the -// HMAC in the authorization session. The authorization is successful if they -// are the same. -// -// If the authorizations are not the same, IncrementLockout() is called. It will -// return TPM_RC_AUTH_FAIL if the failure caused the failureCount to increment. -// Otherwise, it will return TPM_RC_BAD_AUTH. -// -// Return Type: TPM_RC -// TPM_RC_AUTH_FAIL authorization failure caused failureCount increment -// TPM_RC_BAD_AUTH authorization failure did not cause failureCount -// increment -// -static TPM_RC -CheckSessionHMAC( - COMMAND *command, // IN: primary control structure - UINT32 sessionIndex // IN: index of session to be processed - ) -{ - TPM2B_DIGEST hmac; // authHMAC for comparing -// - // Compute authHMAC - ComputeCommandHMAC(command, sessionIndex, &hmac); - - // Compare the input HMAC with the authHMAC computed above. - if(!MemoryEqual2B(&s_inputAuthValues[sessionIndex].b, &hmac.b)) - { - // If an HMAC session has a failure, invoke the anti-hammering - // if it applies to the authorized entity or the session. - // Otherwise, just indicate that the authorization is bad. - return IncrementLockout(sessionIndex); - } - return TPM_RC_SUCCESS; -} - -//*** CheckPolicyAuthSession() -// This function is used to validate the authorization in a policy session. -// This function performs the following comparisons to see if a policy -// authorization is properly provided. The check are: -// 1. compare policyDigest in session with authPolicy associated with -// the entity to be authorized; -// 2. compare timeout if applicable; -// 3. compare commandCode if applicable; -// 4. compare cpHash if applicable; and -// 5. see if PCR values have changed since computed. -// -// If all the above checks succeed, the handle is authorized. -// The order of these comparisons is not important because any failure will -// result in the same error code. -// -// Return Type: TPM_RC -// TPM_RC_PCR_CHANGED PCR value is not current -// TPM_RC_POLICY_FAIL policy session fails -// TPM_RC_LOCALITY command locality is not allowed -// TPM_RC_POLICY_CC CC doesn't match -// TPM_RC_EXPIRED policy session has expired -// TPM_RC_PP PP is required but not asserted -// TPM_RC_NV_UNAVAILABLE NV is not available for write -// TPM_RC_NV_RATE NV is rate limiting -static TPM_RC -CheckPolicyAuthSession( - COMMAND *command, // IN: primary parsing structure - UINT32 sessionIndex // IN: index of session to be processed - ) -{ - SESSION *session; - TPM2B_DIGEST authPolicy; - TPMI_ALG_HASH policyAlg; - UINT8 locality; -// - // Initialize pointer to the authorization session. - session = SessionGet(s_sessionHandles[sessionIndex]); - - // If the command is TPM2_PolicySecret(), make sure that - // either password or authValue is required - if(command->code == TPM_CC_PolicySecret - && session->attributes.isPasswordNeeded == CLEAR - && session->attributes.isAuthValueNeeded == CLEAR) - return TPM_RC_MODE; - // See if the PCR counter for the session is still valid. - if(!SessionPCRValueIsCurrent(session)) - return TPM_RC_PCR_CHANGED; - // Get authPolicy. - policyAlg = EntityGetAuthPolicy(s_associatedHandles[sessionIndex], - &authPolicy); - // Compare authPolicy. - if(!MemoryEqual2B(&session->u2.policyDigest.b, &authPolicy.b)) - return TPM_RC_POLICY_FAIL; - // Policy is OK so check if the other factors are correct - - // Compare policy hash algorithm. - if(policyAlg != session->authHashAlg) - return TPM_RC_POLICY_FAIL; - - // Compare timeout. - if(session->timeout != 0) - { - // Cannot compare time if clock stop advancing. An TPM_RC_NV_UNAVAILABLE - // or TPM_RC_NV_RATE error may be returned here. This doesn't mean that - // a new nonce will be created just that, because TPM time can't advance - // we can't do time-based operations. - RETURN_IF_NV_IS_NOT_AVAILABLE; - - if((session->timeout < g_time) - || (session->epoch != g_timeEpoch)) - return TPM_RC_EXPIRED; - } - // If command code is provided it must match - if(session->commandCode != 0) - { - if(session->commandCode != command->code) - return TPM_RC_POLICY_CC; - } - else - { - // If command requires a DUP or ADMIN authorization, the session must have - // command code set. - AUTH_ROLE role = CommandAuthRole(command->index, sessionIndex); - if(role == AUTH_ADMIN || role == AUTH_DUP) - return TPM_RC_POLICY_FAIL; - } - // Check command locality. - { - BYTE sessionLocality[sizeof(TPMA_LOCALITY)]; - BYTE *buffer = sessionLocality; - - // Get existing locality setting in canonical form - sessionLocality[0] = 0; - TPMA_LOCALITY_Marshal(&session->commandLocality, &buffer, NULL); - - // See if the locality has been set - if(sessionLocality[0] != 0) - { - // If so, get the current locality - locality = _plat__LocalityGet(); - if(locality < 5) - { - if(((sessionLocality[0] & (1 << locality)) == 0) - || sessionLocality[0] > 31) - return TPM_RC_LOCALITY; - } - else if(locality > 31) - { - if(sessionLocality[0] != locality) - return TPM_RC_LOCALITY; - } - else - { - // Could throw an assert here but a locality error is just - // as good. It just means that, whatever the locality is, it isn't - // the locality requested so... - return TPM_RC_LOCALITY; - } - } - } // end of locality check - // Check physical presence. - if(session->attributes.isPPRequired == SET - && !_plat__PhysicalPresenceAsserted()) - return TPM_RC_PP; - // Compare cpHash/nameHash if defined, or if the command requires an ADMIN or - // DUP role for this handle. - if(session->u1.cpHash.b.size != 0) - { - BOOL OK; - if(session->attributes.isCpHashDefined) - // Compare cpHash. - OK = MemoryEqual2B(&session->u1.cpHash.b, - &ComputeCpHash(command, session->authHashAlg)->b); - else if(session->attributes.isTemplateSet) - OK = CompareTemplateHash(command, session); - else - OK = CompareNameHash(command, session); - if(!OK) - return TPM_RCS_POLICY_FAIL; - } - if(session->attributes.checkNvWritten) - { - NV_REF locator; - NV_INDEX *nvIndex; -// - // If this is not an NV index, the policy makes no sense so fail it. - if(HandleGetType(s_associatedHandles[sessionIndex]) != TPM_HT_NV_INDEX) - return TPM_RC_POLICY_FAIL; - // Get the index data - nvIndex = NvGetIndexInfo(s_associatedHandles[sessionIndex], &locator); - - // Make sure that the TPMA_WRITTEN_ATTRIBUTE has the desired state - if((IS_ATTRIBUTE(nvIndex->publicArea.attributes, TPMA_NV, WRITTEN)) - != (session->attributes.nvWrittenState == SET)) - return TPM_RC_POLICY_FAIL; - } - return TPM_RC_SUCCESS; -} - -//*** RetrieveSessionData() -// This function will unmarshal the sessions in the session area of a command. The -// values are placed in the arrays that are defined at the beginning of this file. -// The normal unmarshaling errors are possible. -// -// Return Type: TPM_RC -// TPM_RC_SUCCSS unmarshaled without error -// TPM_RC_SIZE the number of bytes unmarshaled is not the same -// as the value for authorizationSize in the command -// -static TPM_RC -RetrieveSessionData( - COMMAND *command // IN: main parsing structure for command - ) -{ - int i; - TPM_RC result; - SESSION *session; - TPMA_SESSION sessionAttributes; - TPM_HT sessionType; - INT32 sessionIndex; - TPM_RC errorIndex; -// - s_decryptSessionIndex = UNDEFINED_INDEX; - s_encryptSessionIndex = UNDEFINED_INDEX; - s_auditSessionIndex = UNDEFINED_INDEX; - - for(sessionIndex = 0; command->authSize > 0; sessionIndex++) - { - errorIndex = TPM_RC_S + g_rcIndex[sessionIndex]; - - // If maximum allowed number of sessions has been parsed, return a size - // error with a session number that is larger than the number of allowed - // sessions - if(sessionIndex == MAX_SESSION_NUM) - return TPM_RCS_SIZE + errorIndex; - // make sure that the associated handle for each session starts out - // unassigned - s_associatedHandles[sessionIndex] = TPM_RH_UNASSIGNED; - - // First parameter: Session handle. - result = TPMI_SH_AUTH_SESSION_Unmarshal( - &s_sessionHandles[sessionIndex], - &command->parameterBuffer, - &command->authSize, TRUE); - if(result != TPM_RC_SUCCESS) - return result + TPM_RC_S + g_rcIndex[sessionIndex]; - // Second parameter: Nonce. - result = TPM2B_NONCE_Unmarshal(&s_nonceCaller[sessionIndex], - &command->parameterBuffer, - &command->authSize); - if(result != TPM_RC_SUCCESS) - return result + TPM_RC_S + g_rcIndex[sessionIndex]; - // Third parameter: sessionAttributes. - result = TPMA_SESSION_Unmarshal(&s_attributes[sessionIndex], - &command->parameterBuffer, - &command->authSize); - if(result != TPM_RC_SUCCESS) - return result + TPM_RC_S + g_rcIndex[sessionIndex]; - // Fourth parameter: authValue (PW or HMAC). - result = TPM2B_AUTH_Unmarshal(&s_inputAuthValues[sessionIndex], - &command->parameterBuffer, - &command->authSize); - if(result != TPM_RC_SUCCESS) - return result + errorIndex; - - sessionAttributes = s_attributes[sessionIndex]; - if(s_sessionHandles[sessionIndex] == TPM_RS_PW) - { - // A PWAP session needs additional processing. - // Can't have any attributes set other than continueSession bit - if(IS_ATTRIBUTE(sessionAttributes, TPMA_SESSION, encrypt) - || IS_ATTRIBUTE(sessionAttributes, TPMA_SESSION, decrypt) - || IS_ATTRIBUTE(sessionAttributes, TPMA_SESSION, audit) - || IS_ATTRIBUTE(sessionAttributes, TPMA_SESSION, auditExclusive) - || IS_ATTRIBUTE(sessionAttributes, TPMA_SESSION, auditReset)) - return TPM_RCS_ATTRIBUTES + errorIndex; - // The nonce size must be zero. - if(s_nonceCaller[sessionIndex].t.size != 0) - return TPM_RCS_NONCE + errorIndex; - continue; - } - // For not password sessions... - // Find out if the session is loaded. - if(!SessionIsLoaded(s_sessionHandles[sessionIndex])) - return TPM_RC_REFERENCE_S0 + sessionIndex; - sessionType = HandleGetType(s_sessionHandles[sessionIndex]); - session = SessionGet(s_sessionHandles[sessionIndex]); - - // Check if the session is an HMAC/policy session. - if((session->attributes.isPolicy == SET - && sessionType == TPM_HT_HMAC_SESSION) - || (session->attributes.isPolicy == CLEAR - && sessionType == TPM_HT_POLICY_SESSION)) - return TPM_RCS_HANDLE + errorIndex; - // Check that this handle has not previously been used. - for(i = 0; i < sessionIndex; i++) - { - if(s_sessionHandles[i] == s_sessionHandles[sessionIndex]) - return TPM_RCS_HANDLE + errorIndex; - } - // If the session is used for parameter encryption or audit as well, set - // the corresponding Indexes. - - // First process decrypt. - if(IS_ATTRIBUTE(sessionAttributes, TPMA_SESSION, decrypt)) - { - // Check if the commandCode allows command parameter encryption. - if(DecryptSize(command->index) == 0) - return TPM_RCS_ATTRIBUTES + errorIndex; - // Encrypt attribute can only appear in one session - if(s_decryptSessionIndex != UNDEFINED_INDEX) - return TPM_RCS_ATTRIBUTES + errorIndex; - // Can't decrypt if the session's symmetric algorithm is TPM_ALG_NULL - if(session->symmetric.algorithm == TPM_ALG_NULL) - return TPM_RCS_SYMMETRIC + errorIndex; - // All checks passed, so set the index for the session used to decrypt - // a command parameter. - s_decryptSessionIndex = sessionIndex; - } - // Now process encrypt. - if(IS_ATTRIBUTE(sessionAttributes, TPMA_SESSION, encrypt)) - { - // Check if the commandCode allows response parameter encryption. - if(EncryptSize(command->index) == 0) - return TPM_RCS_ATTRIBUTES + errorIndex; - // Encrypt attribute can only appear in one session. - if(s_encryptSessionIndex != UNDEFINED_INDEX) - return TPM_RCS_ATTRIBUTES + errorIndex; - // Can't encrypt if the session's symmetric algorithm is TPM_ALG_NULL - if(session->symmetric.algorithm == TPM_ALG_NULL) - return TPM_RCS_SYMMETRIC + errorIndex; - // All checks passed, so set the index for the session used to encrypt - // a response parameter. - s_encryptSessionIndex = sessionIndex; - } - // At last process audit. - if(IS_ATTRIBUTE(sessionAttributes, TPMA_SESSION, audit)) - { - // Audit attribute can only appear in one session. - if(s_auditSessionIndex != UNDEFINED_INDEX) - return TPM_RCS_ATTRIBUTES + errorIndex; - // An audit session can not be policy session. - if(HandleGetType(s_sessionHandles[sessionIndex]) - == TPM_HT_POLICY_SESSION) - return TPM_RCS_ATTRIBUTES + errorIndex; - // If this is a reset of the audit session, or the first use - // of the session as an audit session, it doesn't matter what - // the exclusive state is. The session will become exclusive. - if(!IS_ATTRIBUTE(sessionAttributes, TPMA_SESSION, auditReset) - && session->attributes.isAudit == SET) - { - // Not first use or reset. If auditExlusive is SET, then this - // session must be the current exclusive session. - if(IS_ATTRIBUTE(sessionAttributes, TPMA_SESSION, auditExclusive) - && g_exclusiveAuditSession != s_sessionHandles[sessionIndex]) - return TPM_RC_EXCLUSIVE; - } - s_auditSessionIndex = sessionIndex; - } - // Initialize associated handle as undefined. This will be changed when - // the handles are processed. - s_associatedHandles[sessionIndex] = TPM_RH_UNASSIGNED; - } - command->sessionNum = sessionIndex; - return TPM_RC_SUCCESS; -} - -//*** CheckLockedOut() -// This function checks to see if the TPM is in lockout. This function should only -// be called if the entity being checked is subject to DA protection. The TPM -// is in lockout if the NV is not available and a DA write is pending. Otherwise -// the TPM is locked out if checking for lockoutAuth ('lockoutAuthCheck' == TRUE) -// and use of lockoutAuth is disabled, or 'failedTries' >= 'maxTries' -// Return Type: TPM_RC -// TPM_RC_NV_RATE NV is rate limiting -// TPM_RC_NV_UNAVAILABLE NV is not available at this time -// TPM_RC_LOCKOUT TPM is in lockout -static TPM_RC -CheckLockedOut( - BOOL lockoutAuthCheck // IN: TRUE if checking is for lockoutAuth - ) -{ - // If NV is unavailable, and current cycle state recorded in NV is not - // SU_NONE_VALUE, refuse to check any authorization because we would - // not be able to handle a DA failure. - if(!NV_IS_AVAILABLE && NV_IS_ORDERLY) - return g_NvStatus; - // Check if DA info needs to be updated in NV. - if(s_DAPendingOnNV) - { - // If NV is accessible, - RETURN_IF_NV_IS_NOT_AVAILABLE; - - // ... write the pending DA data and proceed. - NV_SYNC_PERSISTENT(lockOutAuthEnabled); - NV_SYNC_PERSISTENT(failedTries); - s_DAPendingOnNV = FALSE; - } - // Lockout is in effect if checking for lockoutAuth and use of lockoutAuth - // is disabled... - if(lockoutAuthCheck) - { - if(gp.lockOutAuthEnabled == FALSE) - return TPM_RC_LOCKOUT; - } - else - { - // ... or if the number of failed tries has been maxed out. - if(gp.failedTries >= gp.maxTries) - return TPM_RC_LOCKOUT; -#if USE_DA_USED - // If the daUsed flag is not SET, then no DA validation until the - // daUsed state is written to NV - if(!g_daUsed) - { - RETURN_IF_NV_IS_NOT_AVAILABLE; - g_daUsed = TRUE; - gp.orderlyState = SU_DA_USED_VALUE; - NV_SYNC_PERSISTENT(orderlyState); - return TPM_RC_RETRY; - } -#endif - } - return TPM_RC_SUCCESS; -} - -//*** CheckAuthSession() -// This function checks that the authorization session properly authorizes the -// use of the associated handle. -// -// Return Type: TPM_RC -// TPM_RC_LOCKOUT entity is protected by DA and TPM is in -// lockout, or TPM is locked out on NV update -// pending on DA parameters -// -// TPM_RC_PP Physical Presence is required but not provided -// TPM_RC_AUTH_FAIL HMAC or PW authorization failed -// with DA side-effects (can be a policy session) -// -// TPM_RC_BAD_AUTH HMAC or PW authorization failed without DA -// side-effects (can be a policy session) -// -// TPM_RC_POLICY_FAIL if policy session fails -// TPM_RC_POLICY_CC command code of policy was wrong -// TPM_RC_EXPIRED the policy session has expired -// TPM_RC_PCR -// TPM_RC_AUTH_UNAVAILABLE authValue or authPolicy unavailable -static TPM_RC -CheckAuthSession( - COMMAND *command, // IN: primary parsing structure - UINT32 sessionIndex // IN: index of session to be processed - ) -{ - TPM_RC result = TPM_RC_SUCCESS; - SESSION *session = NULL; - TPM_HANDLE sessionHandle = s_sessionHandles[sessionIndex]; - TPM_HANDLE associatedHandle = s_associatedHandles[sessionIndex]; - TPM_HT sessionHandleType = HandleGetType(sessionHandle); -// - pAssert(sessionHandle != TPM_RH_UNASSIGNED); - - // Take care of physical presence - if(associatedHandle == TPM_RH_PLATFORM) - { - // If the physical presence is required for this command, check for PP - // assertion. If it isn't asserted, no point going any further. - if(PhysicalPresenceIsRequired(command->index) - && !_plat__PhysicalPresenceAsserted()) - return TPM_RC_PP; - } - if(sessionHandle != TPM_RS_PW) - { - session = SessionGet(sessionHandle); - - // Set includeAuth to indicate if DA checking will be required and if the - // authValue will be included in any HMAC. - if(sessionHandleType == TPM_HT_POLICY_SESSION) - { - // For a policy session, will check the DA status of the entity if either - // isAuthValueNeeded or isPasswordNeeded is SET. - session->attributes.includeAuth = - session->attributes.isAuthValueNeeded - || session->attributes.isPasswordNeeded; - } - else - { - // For an HMAC session, need to check unless the session - // is bound. - session->attributes.includeAuth = - !IsSessionBindEntity(s_associatedHandles[sessionIndex], session); - } - } - // If the authorization session is going to use an authValue, then make sure - // that access to that authValue isn't locked out. - // Note: session == NULL for a PW session. - if(session == NULL || session->attributes.includeAuth) - { - // See if entity is subject to lockout. - if(!IsDAExempted(associatedHandle)) - { - // See if in lockout - result = CheckLockedOut(associatedHandle == TPM_RH_LOCKOUT); - if(result != TPM_RC_SUCCESS) - return result; - } - } - // Policy or HMAC+PW? - if(sessionHandleType != TPM_HT_POLICY_SESSION) - { - // for non-policy session make sure that a policy session is not required - if(IsPolicySessionRequired(command->index, sessionIndex)) - return TPM_RC_AUTH_TYPE; - // The authValue must be available. - // Note: The authValue is going to be "used" even if it is an EmptyAuth. - // and the session is bound. - if(!IsAuthValueAvailable(associatedHandle, command->index, sessionIndex)) - return TPM_RC_AUTH_UNAVAILABLE; - } - else - { - // ... see if the entity has a policy, ... - // Note: IsAuthPolicyAvalable will return FALSE if the sensitive area of the - // object is not loaded - if(!IsAuthPolicyAvailable(associatedHandle, command->index, sessionIndex)) - return TPM_RC_AUTH_UNAVAILABLE; - // ... and check the policy session. - result = CheckPolicyAuthSession(command, sessionIndex); - if(result != TPM_RC_SUCCESS) - return result; - } - // Check authorization according to the type - if(session == NULL || session->attributes.isPasswordNeeded == SET) - result = CheckPWAuthSession(sessionIndex); - else - result = CheckSessionHMAC(command, sessionIndex); - // Do processing for PIN Indexes are only three possibilities for 'result' at - // this point: TPM_RC_SUCCESS, TPM_RC_AUTH_FAIL, and TPM_RC_BAD_AUTH. - // For all these cases, we would have to process a PIN index if the - // authValue of the index was used for authorization. - // See if we need to do anything to a PIN index - if(TPM_HT_NV_INDEX == HandleGetType(associatedHandle)) - { - NV_REF locator; - NV_INDEX *nvIndex = NvGetIndexInfo(associatedHandle, &locator); - NV_PIN pinData; - TPMA_NV nvAttributes; -// - pAssert(nvIndex != NULL); - nvAttributes = nvIndex->publicArea.attributes; - // If this is a PIN FAIL index and the value has been written - // then we can update the counter (increment or clear) - if(IsNvPinFailIndex(nvAttributes) - && IS_ATTRIBUTE(nvAttributes, TPMA_NV, WRITTEN)) - { - pinData.intVal = NvGetUINT64Data(nvIndex, locator); - if(result != TPM_RC_SUCCESS) - pinData.pin.pinCount++; - else - pinData.pin.pinCount = 0; - NvWriteUINT64Data(nvIndex, pinData.intVal); - } - // If this is a PIN PASS Index, increment if we have used the - // authorization value for anything other than NV_Read. - // NOTE: If the counter has already hit the limit, then we - // would not get here because the authorization value would not - // be available and the TPM would have returned before it gets here - else if(IsNvPinPassIndex(nvAttributes) - && IS_ATTRIBUTE(nvAttributes, TPMA_NV, WRITTEN) - && result == TPM_RC_SUCCESS) - { - // If the access is valid, then increment the use counter - pinData.intVal = NvGetUINT64Data(nvIndex, locator); - pinData.pin.pinCount++; - NvWriteUINT64Data(nvIndex, pinData.intVal); - } - } - return result; -} - -#ifdef TPM_CC_GetCommandAuditDigest -//*** CheckCommandAudit() -// This function is called before the command is processed if audit is enabled -// for the command. It will check to see if the audit can be performed and -// will ensure that the cpHash is available for the audit. -// Return Type: TPM_RC -// TPM_RC_NV_UNAVAILABLE NV is not available for write -// TPM_RC_NV_RATE NV is rate limiting -static TPM_RC -CheckCommandAudit( - COMMAND *command - ) -{ - // If the audit digest is clear and command audit is required, NV must be - // available so that TPM2_GetCommandAuditDigest() is able to increment - // audit counter. If NV is not available, the function bails out to prevent - // the TPM from attempting an operation that would fail anyway. - if(gr.commandAuditDigest.t.size == 0 - || GetCommandCode(command->index) == TPM_CC_GetCommandAuditDigest) - { - RETURN_IF_NV_IS_NOT_AVAILABLE; - } - // Make sure that the cpHash is computed for the algorithm - ComputeCpHash(command, gp.auditHashAlg); - return TPM_RC_SUCCESS; -} -#endif - -//*** ParseSessionBuffer() -// This function is the entry function for command session processing. -// It iterates sessions in session area and reports if the required authorization -// has been properly provided. It also processes audit session and passes the -// information of encryption sessions to parameter encryption module. -// -// Return Type: TPM_RC -// various parsing failure or authorization failure -// -TPM_RC -ParseSessionBuffer( - COMMAND *command // IN: the structure that contains - ) -{ - TPM_RC result; - UINT32 i; - INT32 size = 0; - TPM2B_AUTH extraKey; - UINT32 sessionIndex; - TPM_RC errorIndex; - SESSION *session = NULL; -// - // Check if a command allows any session in its session area. - if(!IsSessionAllowed(command->index)) - return TPM_RC_AUTH_CONTEXT; - // Default-initialization. - command->sessionNum = 0; - - result = RetrieveSessionData(command); - if(result != TPM_RC_SUCCESS) - return result; - // There is no command in the TPM spec that has more handles than - // MAX_SESSION_NUM. - pAssert(command->handleNum <= MAX_SESSION_NUM); - - // Associate the session with an authorization handle. - for(i = 0; i < command->handleNum; i++) - { - if(CommandAuthRole(command->index, i) != AUTH_NONE) - { - // If the received session number is less than the number of handles - // that requires authorization, an error should be returned. - // Note: for all the TPM 2.0 commands, handles requiring - // authorization come first in a command input and there are only ever - // two values requiring authorization - if(i > (command->sessionNum - 1)) - return TPM_RC_AUTH_MISSING; - // Record the handle associated with the authorization session - s_associatedHandles[i] = command->handles[i]; - } - } - // Consistency checks are done first to avoid authorization failure when the - // command will not be executed anyway. - for(sessionIndex = 0; sessionIndex < command->sessionNum; sessionIndex++) - { - errorIndex = TPM_RC_S + g_rcIndex[sessionIndex]; - // PW session must be an authorization session - if(s_sessionHandles[sessionIndex] == TPM_RS_PW) - { - if(s_associatedHandles[sessionIndex] == TPM_RH_UNASSIGNED) - return TPM_RCS_HANDLE + errorIndex; - // a password session can't be audit, encrypt or decrypt - if(IS_ATTRIBUTE(s_attributes[sessionIndex], TPMA_SESSION, audit) - || IS_ATTRIBUTE(s_attributes[sessionIndex], TPMA_SESSION, encrypt) - || IS_ATTRIBUTE(s_attributes[sessionIndex], TPMA_SESSION, decrypt)) - return TPM_RCS_ATTRIBUTES + errorIndex; - session = NULL; - } - else - { - session = SessionGet(s_sessionHandles[sessionIndex]); - - // A trial session can not appear in session area, because it cannot - // be used for authorization, audit or encrypt/decrypt. - if(session->attributes.isTrialPolicy == SET) - return TPM_RCS_ATTRIBUTES + errorIndex; - - // See if the session is bound to a DA protected entity - // NOTE: Since a policy session is never bound, a policy is still - // usable even if the object is DA protected and the TPM is in - // lockout. - if(session->attributes.isDaBound == SET) - { - result = CheckLockedOut(session->attributes.isLockoutBound == SET); - if(result != TPM_RC_SUCCESS) - return result; - } - // If this session is for auditing, make sure the cpHash is computed. - if(IS_ATTRIBUTE(s_attributes[sessionIndex], TPMA_SESSION, audit)) - ComputeCpHash(command, session->authHashAlg); - } - - // if the session has an associated handle, check the authorization - if(s_associatedHandles[sessionIndex] != TPM_RH_UNASSIGNED) - { - result = CheckAuthSession(command, sessionIndex); - if(result != TPM_RC_SUCCESS) - return RcSafeAddToResult(result, errorIndex); - } - else - { - // a session that is not for authorization must either be encrypt, - // decrypt, or audit - if(!IS_ATTRIBUTE(s_attributes[sessionIndex], TPMA_SESSION, audit) - && !IS_ATTRIBUTE(s_attributes[sessionIndex], TPMA_SESSION, encrypt) - && !IS_ATTRIBUTE(s_attributes[sessionIndex], TPMA_SESSION, decrypt)) - return TPM_RCS_ATTRIBUTES + errorIndex; - - // no authValue included in any of the HMAC computations - pAssert(session != NULL); - session->attributes.includeAuth = CLEAR; - - // check HMAC for encrypt/decrypt/audit only sessions - result = CheckSessionHMAC(command, sessionIndex); - if(result != TPM_RC_SUCCESS) - return RcSafeAddToResult(result, errorIndex); - } - } -#ifdef TPM_CC_GetCommandAuditDigest - // Check if the command should be audited. Need to do this before any parameter - // encryption so that the cpHash for the audit is correct - if(CommandAuditIsRequired(command->index)) - { - result = CheckCommandAudit(command); - if(result != TPM_RC_SUCCESS) - return result; // No session number to reference - } -#endif - // Decrypt the first parameter if applicable. This should be the last operation - // in session processing. - // If the encrypt session is associated with a handle and the handle's - // authValue is available, then authValue is concatenated with sessionKey to - // generate encryption key, no matter if the handle is the session bound entity - // or not. - if(s_decryptSessionIndex != UNDEFINED_INDEX) - { - // If this is an authorization session, include the authValue in the - // generation of the decryption key - if(s_associatedHandles[s_decryptSessionIndex] != TPM_RH_UNASSIGNED) - { - EntityGetAuthValue(s_associatedHandles[s_decryptSessionIndex], - &extraKey); - } - else - { - extraKey.b.size = 0; - } - size = DecryptSize(command->index); - result = CryptParameterDecryption(s_sessionHandles[s_decryptSessionIndex], - &s_nonceCaller[s_decryptSessionIndex].b, - command->parameterSize, (UINT16)size, - &extraKey, - command->parameterBuffer); - if(result != TPM_RC_SUCCESS) - return RcSafeAddToResult(result, - TPM_RC_S + g_rcIndex[s_decryptSessionIndex]); - } - - return TPM_RC_SUCCESS; -} - -//*** CheckAuthNoSession() -// Function to process a command with no session associated. -// The function makes sure all the handles in the command require no authorization. -// -// Return Type: TPM_RC -// TPM_RC_AUTH_MISSING failure - one or more handles require -// authorization -TPM_RC -CheckAuthNoSession( - COMMAND *command // IN: command parsing structure - ) -{ - UINT32 i; - TPM_RC result = TPM_RC_SUCCESS; -// - // Check if the command requires authorization - for(i = 0; i < command->handleNum; i++) - { - if(CommandAuthRole(command->index, i) != AUTH_NONE) - return TPM_RC_AUTH_MISSING; - } -#ifdef TPM_CC_GetCommandAuditDigest - // Check if the command should be audited. - if(CommandAuditIsRequired(command->index)) - { - result = CheckCommandAudit(command); - if(result != TPM_RC_SUCCESS) - return result; - } -#endif - // Initialize number of sessions to be 0 - command->sessionNum = 0; - - return TPM_RC_SUCCESS; -} - -//** Response Session Processing -//*** Introduction -// -// The following functions build the session area in a response and handle -// the audit sessions (if present). -// - -//*** ComputeRpHash() -// Function to compute rpHash (Response Parameter Hash). The rpHash is only -// computed if there is an HMAC authorization session and the return code is -// TPM_RC_SUCCESS. -static TPM2B_DIGEST * -ComputeRpHash( - COMMAND *command, // IN: command structure - TPM_ALG_ID hashAlg // IN: hash algorithm to compute rpHash - ) -{ - TPM2B_DIGEST *rpHash = GetRpHashPointer(command, hashAlg); - HASH_STATE hashState; -// - if(rpHash->t.size == 0) - { - // rpHash := hash(responseCode || commandCode || parameters) - - // Initiate hash creation. - rpHash->t.size = CryptHashStart(&hashState, hashAlg); - - // Add hash constituents. - CryptDigestUpdateInt(&hashState, sizeof(TPM_RC), TPM_RC_SUCCESS); - CryptDigestUpdateInt(&hashState, sizeof(TPM_CC), command->code); - CryptDigestUpdate(&hashState, command->parameterSize, - command->parameterBuffer); - // Complete hash computation. - CryptHashEnd2B(&hashState, &rpHash->b); - } - return rpHash; -} - -//*** InitAuditSession() -// This function initializes the audit data in an audit session. -static void -InitAuditSession( - SESSION *session // session to be initialized - ) -{ - // Mark session as an audit session. - session->attributes.isAudit = SET; - - // Audit session can not be bound. - session->attributes.isBound = CLEAR; - - // Size of the audit log is the size of session hash algorithm digest. - session->u2.auditDigest.t.size = CryptHashGetDigestSize(session->authHashAlg); - - // Set the original digest value to be 0. - MemorySet(&session->u2.auditDigest.t.buffer, - 0, - session->u2.auditDigest.t.size); - return; -} - -//*** UpdateAuditDigest -// Function to update an audit digest -static void -UpdateAuditDigest( - COMMAND *command, - TPMI_ALG_HASH hashAlg, - TPM2B_DIGEST *digest - ) -{ - HASH_STATE hashState; - TPM2B_DIGEST *cpHash = GetCpHash(command, hashAlg); - TPM2B_DIGEST *rpHash = ComputeRpHash(command, hashAlg); -// - pAssert(cpHash != NULL); - - // digestNew := hash (digestOld || cpHash || rpHash) - // Start hash computation. - digest->t.size = CryptHashStart(&hashState, hashAlg); - // Add old digest. - CryptDigestUpdate2B(&hashState, &digest->b); - // Add cpHash - CryptDigestUpdate2B(&hashState, &cpHash->b); - // Add rpHash - CryptDigestUpdate2B(&hashState, &rpHash->b); - // Finalize the hash. - CryptHashEnd2B(&hashState, &digest->b); -} - - -//*** Audit() -//This function updates the audit digest in an audit session. -static void -Audit( - COMMAND *command, // IN: primary control structure - SESSION *auditSession // IN: loaded audit session - ) -{ - UpdateAuditDigest(command, auditSession->authHashAlg, - &auditSession->u2.auditDigest); - return; -} - -#ifdef TPM_CC_GetCommandAuditDigest -//*** CommandAudit() -// This function updates the command audit digest. -static void -CommandAudit( - COMMAND *command // IN: - ) -{ - // If the digest.size is one, it indicates the special case of changing - // the audit hash algorithm. For this case, no audit is done on exit. - // NOTE: When the hash algorithm is changed, g_updateNV is set in order to - // force an update to the NV on exit so that the change in digest will - // be recorded. So, it is safe to exit here without setting any flags - // because the digest change will be written to NV when this code exits. - if(gr.commandAuditDigest.t.size == 1) - { - gr.commandAuditDigest.t.size = 0; - return; - } - // If the digest size is zero, need to start a new digest and increment - // the audit counter. - if(gr.commandAuditDigest.t.size == 0) - { - gr.commandAuditDigest.t.size = CryptHashGetDigestSize(gp.auditHashAlg); - MemorySet(gr.commandAuditDigest.t.buffer, - 0, - gr.commandAuditDigest.t.size); - - // Bump the counter and save its value to NV. - gp.auditCounter++; - NV_SYNC_PERSISTENT(auditCounter); - } - UpdateAuditDigest(command, gp.auditHashAlg, &gr.commandAuditDigest); - return; -} -#endif - -//*** UpdateAuditSessionStatus() -// Function to update the internal audit related states of a session. It -// 1. initializes the session as audit session and sets it to be exclusive if this -// is the first time it is used for audit or audit reset was requested; -// 2. reports exclusive audit session; -// 3. extends audit log; and -// 4. clears exclusive audit session if no audit session found in the command. -static void -UpdateAuditSessionStatus( - COMMAND *command // IN: primary control structure - ) -{ - UINT32 i; - TPM_HANDLE auditSession = TPM_RH_UNASSIGNED; -// - // Iterate through sessions - for(i = 0; i < command->sessionNum; i++) - { - SESSION *session; -// - // PW session do not have a loaded session and can not be an audit - // session either. Skip it. - if(s_sessionHandles[i] == TPM_RS_PW) - continue; - session = SessionGet(s_sessionHandles[i]); - - // If a session is used for audit - if(IS_ATTRIBUTE(s_attributes[i], TPMA_SESSION, audit)) - { - // An audit session has been found - auditSession = s_sessionHandles[i]; - - // If the session has not been an audit session yet, or - // the auditSetting bits indicate a reset, initialize it and set - // it to be the exclusive session - if(session->attributes.isAudit == CLEAR - || IS_ATTRIBUTE(s_attributes[i], TPMA_SESSION, auditReset)) - { - InitAuditSession(session); - g_exclusiveAuditSession = auditSession; - } - else - { - // Check if the audit session is the current exclusive audit - // session and, if not, clear previous exclusive audit session. - if(g_exclusiveAuditSession != auditSession) - g_exclusiveAuditSession = TPM_RH_UNASSIGNED; - } - // Report audit session exclusivity. - if(g_exclusiveAuditSession == auditSession) - { - SET_ATTRIBUTE(s_attributes[i], TPMA_SESSION, auditExclusive); - } - else - { - CLEAR_ATTRIBUTE(s_attributes[i], TPMA_SESSION, auditExclusive); - } - // Extend audit log. - Audit(command, session); - } - } - // If no audit session is found in the command, and the command allows - // a session then, clear the current exclusive - // audit session. - if(auditSession == TPM_RH_UNASSIGNED && IsSessionAllowed(command->index)) - { - g_exclusiveAuditSession = TPM_RH_UNASSIGNED; - } - return; -} - -//*** ComputeResponseHMAC() -// Function to compute HMAC for authorization session in a response. -/*(See part 1 specification) -// Function: Compute HMAC for response sessions -// The sessionAuth value -// authHMAC := HMACsHASH((sessionAuth | authValue), -// (pHash | nonceTPM | nonceCaller | sessionAttributes)) -// Where: -// HMACsHASH() The HMAC algorithm using the hash algorithm specified when -// the session was started. -// -// sessionAuth A TPMB_MEDIUM computed in a protocol-dependent way, using -// KDFa. In an HMAC or KDF, only sessionAuth.buffer is used. -// -// authValue A TPM2B_AUTH that is found in the sensitive area of an -// object. In an HMAC or KDF, only authValue.buffer is used -// and all trailing zeros are removed. -// -// pHash Response parameters (rpHash) using the session hash. When -// using a pHash in an HMAC computation, both the algorithm ID -// and the digest are included. -// -// nonceTPM A TPM2B_NONCE that is generated by the entity using the -// session. In an HMAC or KDF, only nonceTPM.buffer is used. -// -// nonceCaller a TPM2B_NONCE that was received the previous time the -// session was used. In an HMAC or KDF, only -// nonceCaller.buffer is used. -// -// sessionAttributes A TPMA_SESSION that indicates the attributes associated -// with a particular use of the session. -*/ -static void -ComputeResponseHMAC( - COMMAND *command, // IN: command structure - UINT32 sessionIndex, // IN: session index to be processed - SESSION *session, // IN: loaded session - TPM2B_DIGEST *hmac // OUT: authHMAC - ) -{ - TPM2B_TYPE(KEY, (sizeof(AUTH_VALUE) * 2)); - TPM2B_KEY key; // HMAC key - BYTE marshalBuffer[sizeof(TPMA_SESSION)]; - BYTE *buffer; - UINT32 marshalSize; - HMAC_STATE hmacState; - TPM2B_DIGEST *rpHash = ComputeRpHash(command, session->authHashAlg); -// - // Generate HMAC key - MemoryCopy2B(&key.b, &session->sessionKey.b, sizeof(key.t.buffer)); - - // Add the object authValue if required - if(session->attributes.includeAuth == SET) - { - // Note: includeAuth may be SET for a policy that is used in - // UndefineSpaceSpecial(). At this point, the Index has been deleted - // so the includeAuth will have no meaning. However, the - // s_associatedHandles[] value for the session is now set to TPM_RH_NULL so - // this will return the authValue associated with TPM_RH_NULL and that is - // and empty buffer. - TPM2B_AUTH authValue; -// - // Get the authValue with trailing zeros removed - EntityGetAuthValue(s_associatedHandles[sessionIndex], &authValue); - - // Add it to the key - MemoryConcat2B(&key.b, &authValue.b, sizeof(key.t.buffer)); - } - - // if the HMAC key size is 0, the response HMAC is computed according to the - // input HMAC - if(key.t.size == 0 - && s_inputAuthValues[sessionIndex].t.size == 0) - { - hmac->t.size = 0; - return; - } - // Start HMAC computation. - hmac->t.size = CryptHmacStart2B(&hmacState, session->authHashAlg, &key.b); - - // Add hash components. - CryptDigestUpdate2B(&hmacState.hashState, &rpHash->b); - CryptDigestUpdate2B(&hmacState.hashState, &session->nonceTPM.b); - CryptDigestUpdate2B(&hmacState.hashState, &s_nonceCaller[sessionIndex].b); - - // Add session attributes. - buffer = marshalBuffer; - marshalSize = TPMA_SESSION_Marshal(&s_attributes[sessionIndex], &buffer, NULL); - CryptDigestUpdate(&hmacState.hashState, marshalSize, marshalBuffer); - - // Finalize HMAC. - CryptHmacEnd2B(&hmacState, &hmac->b); - - return; -} - -//*** UpdateInternalSession() -// Updates internal sessions: -// 1. Restarts session time. -// 2. Clears a policy session since nonce is rolling. -static void -UpdateInternalSession( - SESSION *session, // IN: the session structure - UINT32 i // IN: session number - ) -{ - // If nonce is rolling in a policy session, the policy related data - // will be re-initialized. - if(HandleGetType(s_sessionHandles[i]) == TPM_HT_POLICY_SESSION - && IS_ATTRIBUTE(s_attributes[i], TPMA_SESSION, continueSession)) - { - // When the nonce rolls it starts a new timing interval for the - // policy session. - SessionResetPolicyData(session); - SessionSetStartTime(session); - } - return; -} - -//*** BuildSingleResponseAuth() -// Function to compute response HMAC value for a policy or HMAC session. -static TPM2B_NONCE * -BuildSingleResponseAuth( - COMMAND *command, // IN: command structure - UINT32 sessionIndex, // IN: session index to be processed - TPM2B_AUTH *auth // OUT: authHMAC - ) -{ - // Fill in policy/HMAC based session response. - SESSION *session = SessionGet(s_sessionHandles[sessionIndex]); -// - // If the session is a policy session with isPasswordNeeded SET, the - // authorization field is empty. - if(HandleGetType(s_sessionHandles[sessionIndex]) == TPM_HT_POLICY_SESSION - && session->attributes.isPasswordNeeded == SET) - auth->t.size = 0; - else - // Compute response HMAC. - ComputeResponseHMAC(command, sessionIndex, session, auth); - - UpdateInternalSession(session, sessionIndex); - return &session->nonceTPM; -} - -//*** UpdateAllNonceTPM() -// Updates TPM nonce for all sessions in command. -static void -UpdateAllNonceTPM( - COMMAND *command // IN: controlling structure - ) -{ - UINT32 i; - SESSION *session; -// - for(i = 0; i < command->sessionNum; i++) - { - // If not a PW session, compute the new nonceTPM. - if(s_sessionHandles[i] != TPM_RS_PW) - { - session = SessionGet(s_sessionHandles[i]); - // Update nonceTPM in both internal session and response. - CryptRandomGenerate(session->nonceTPM.t.size, - session->nonceTPM.t.buffer); - } - } - return; -} - - - -//*** BuildResponseSession() -// Function to build Session buffer in a response. The authorization data is added -// to the end of command->responseBuffer. The size of the authorization area is -// accumulated in command->authSize. -// When this is called, command->responseBuffer is pointing at the next location -// in the response buffer to be filled. This is where the authorization sessions -// will go, if any. command->parameterSize is the number of bytes that have been -// marshaled as parameters in the output buffer. -void -BuildResponseSession( - COMMAND *command // IN: structure that has relevant command - // information - ) -{ - pAssert(command->authSize == 0); - - // Reset the parameter buffer to point to the start of the parameters so that - // there is a starting point for any rpHash that might be generated and so there - // is a place where parameter encryption would start - command->parameterBuffer = command->responseBuffer - command->parameterSize; - - // Session nonces should be updated before parameter encryption - if(command->tag == TPM_ST_SESSIONS) - { - UpdateAllNonceTPM(command); - - // Encrypt first parameter if applicable. Parameter encryption should - // happen after nonce update and before any rpHash is computed. - // If the encrypt session is associated with a handle, the authValue of - // this handle will be concatenated with sessionKey to generate - // encryption key, no matter if the handle is the session bound entity - // or not. The authValue is added to sessionKey only when the authValue - // is available. - if(s_encryptSessionIndex != UNDEFINED_INDEX) - { - UINT32 size; - TPM2B_AUTH extraKey; -// - extraKey.b.size = 0; - // If this is an authorization session, include the authValue in the - // generation of the encryption key - if(s_associatedHandles[s_encryptSessionIndex] != TPM_RH_UNASSIGNED) - { - EntityGetAuthValue(s_associatedHandles[s_encryptSessionIndex], - &extraKey); - } - size = EncryptSize(command->index); - CryptParameterEncryption(s_sessionHandles[s_encryptSessionIndex], - &s_nonceCaller[s_encryptSessionIndex].b, - (UINT16)size, - &extraKey, - command->parameterBuffer); - } - } - // Audit sessions should be processed regardless of the tag because - // a command with no session may cause a change of the exclusivity state. - UpdateAuditSessionStatus(command); -#if CC_GetCommandAuditDigest - // Command Audit - if(CommandAuditIsRequired(command->index)) - CommandAudit(command); -#endif - // Process command with sessions. - if(command->tag == TPM_ST_SESSIONS) - { - UINT32 i; -// - pAssert(command->sessionNum > 0); - - // Iterate over each session in the command session area, and create - // corresponding sessions for response. - for(i = 0; i < command->sessionNum; i++) - { - TPM2B_NONCE *nonceTPM; - TPM2B_DIGEST responseAuth; - // Make sure that continueSession is SET on any Password session. - // This makes it marginally easier for the management software - // to keep track of the closed sessions. - if(s_sessionHandles[i] == TPM_RS_PW) - { - SET_ATTRIBUTE(s_attributes[i], TPMA_SESSION, continueSession); - responseAuth.t.size = 0; - nonceTPM = (TPM2B_NONCE *)&responseAuth; - } - else - { - // Compute the response HMAC and get a pointer to the nonce used. - // This function will also update the values if needed. Note, the - nonceTPM = BuildSingleResponseAuth(command, i, &responseAuth); - } - command->authSize += TPM2B_NONCE_Marshal(nonceTPM, - &command->responseBuffer, - NULL); - command->authSize += TPMA_SESSION_Marshal(&s_attributes[i], - &command->responseBuffer, - NULL); - command->authSize += TPM2B_DIGEST_Marshal(&responseAuth, - &command->responseBuffer, - NULL); - if(!IS_ATTRIBUTE(s_attributes[i], TPMA_SESSION, continueSession)) - SessionFlush(s_sessionHandles[i]); - } - } - return; -} - -//*** SessionRemoveAssociationToHandle() -// This function deals with the case where an entity associated with an authorization -// is deleted during command processing. The primary use of this is to support -// UndefineSpaceSpecial(). -void -SessionRemoveAssociationToHandle( - TPM_HANDLE handle - ) -{ - UINT32 i; -// - for(i = 0; i < MAX_SESSION_NUM; i++) - { - if(s_associatedHandles[i] == handle) - { - s_associatedHandles[i] = TPM_RH_NULL; - } - } -} \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/CommandAudit.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/CommandAudit.c deleted file mode 100644 index 306b39b92..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/CommandAudit.c +++ /dev/null @@ -1,268 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Introduction -// This file contains the functions that support command audit. - -//** Includes -#include "Tpm.h" - -//** Functions - -//*** CommandAuditPreInstall_Init() -// This function initializes the command audit list. This function simulates -// the behavior of manufacturing. A function is used instead of a structure -// definition because this is easier than figuring out the initialization value -// for a bit array. -// -// This function would not be implemented outside of a manufacturing or -// simulation environment. -void -CommandAuditPreInstall_Init( - void - ) -{ - // Clear all the audit commands - MemorySet(gp.auditCommands, 0x00, sizeof(gp.auditCommands)); - - // TPM_CC_SetCommandCodeAuditStatus always being audited - CommandAuditSet(TPM_CC_SetCommandCodeAuditStatus); - - // Set initial command audit hash algorithm to be context integrity hash - // algorithm - gp.auditHashAlg = CONTEXT_INTEGRITY_HASH_ALG; - - // Set up audit counter to be 0 - gp.auditCounter = 0; - - // Write command audit persistent data to NV - NV_SYNC_PERSISTENT(auditCommands); - NV_SYNC_PERSISTENT(auditHashAlg); - NV_SYNC_PERSISTENT(auditCounter); - - return; -} - -//*** CommandAuditStartup() -// This function clears the command audit digest on a TPM Reset. -BOOL -CommandAuditStartup( - STARTUP_TYPE type // IN: start up type - ) -{ - if((type != SU_RESTART) && (type != SU_RESUME)) - { - // Reset the digest size to initialize the digest - gr.commandAuditDigest.t.size = 0; - } - return TRUE; -} - -//*** CommandAuditSet() -// This function will SET the audit flag for a command. This function -// will not SET the audit flag for a command that is not implemented. This -// ensures that the audit status is not SET when TPM2_GetCapability() is -// used to read the list of audited commands. -// -// This function is only used by TPM2_SetCommandCodeAuditStatus(). -// -// The actions in TPM2_SetCommandCodeAuditStatus() are expected to cause the -// changes to be saved to NV after it is setting and clearing bits. -// Return Type: BOOL -// TRUE(1) command code audit status was changed -// FALSE(0) command code audit status was not changed -BOOL -CommandAuditSet( - TPM_CC commandCode // IN: command code - ) -{ - COMMAND_INDEX commandIndex = CommandCodeToCommandIndex(commandCode); - - // Only SET a bit if the corresponding command is implemented - if(commandIndex != UNIMPLEMENTED_COMMAND_INDEX) - { - // Can't audit shutdown - if(commandCode != TPM_CC_Shutdown) - { - if(!TEST_BIT(commandIndex, gp.auditCommands)) - { - // Set bit - SET_BIT(commandIndex, gp.auditCommands); - return TRUE; - } - } - } - // No change - return FALSE; -} - -//*** CommandAuditClear() -// This function will CLEAR the audit flag for a command. It will not CLEAR the -// audit flag for TPM_CC_SetCommandCodeAuditStatus(). -// -// This function is only used by TPM2_SetCommandCodeAuditStatus(). -// -// The actions in TPM2_SetCommandCodeAuditStatus() are expected to cause the -// changes to be saved to NV after it is setting and clearing bits. -// Return Type: BOOL -// TRUE(1) command code audit status was changed -// FALSE(0) command code audit status was not changed -BOOL -CommandAuditClear( - TPM_CC commandCode // IN: command code - ) -{ - COMMAND_INDEX commandIndex = CommandCodeToCommandIndex(commandCode); - - // Do nothing if the command is not implemented - if(commandIndex != UNIMPLEMENTED_COMMAND_INDEX) - { - // The bit associated with TPM_CC_SetCommandCodeAuditStatus() cannot be - // cleared - if(commandCode != TPM_CC_SetCommandCodeAuditStatus) - { - if(TEST_BIT(commandIndex, gp.auditCommands)) - { - // Clear bit - CLEAR_BIT(commandIndex, gp.auditCommands); - return TRUE; - } - } - } - // No change - return FALSE; -} - -//*** CommandAuditIsRequired() -// This function indicates if the audit flag is SET for a command. -// Return Type: BOOL -// TRUE(1) command is audited -// FALSE(0) command is not audited -BOOL -CommandAuditIsRequired( - COMMAND_INDEX commandIndex // IN: command index - ) -{ - // Check the bit map. If the bit is SET, command audit is required - return(TEST_BIT(commandIndex, gp.auditCommands)); -} - -//*** CommandAuditCapGetCCList() -// This function returns a list of commands that have their audit bit SET. -// -// The list starts at the input commandCode. -// Return Type: TPMI_YES_NO -// YES if there are more command code available -// NO all the available command code has been returned -TPMI_YES_NO -CommandAuditCapGetCCList( - TPM_CC commandCode, // IN: start command code - UINT32 count, // IN: count of returned TPM_CC - TPML_CC *commandList // OUT: list of TPM_CC - ) -{ - TPMI_YES_NO more = NO; - COMMAND_INDEX commandIndex; - - // Initialize output handle list - commandList->count = 0; - - // The maximum count of command we may return is MAX_CAP_CC - if(count > MAX_CAP_CC) count = MAX_CAP_CC; - - // Find the implemented command that has a command code that is the same or - // higher than the input - // Collect audit commands - for(commandIndex = GetClosestCommandIndex(commandCode); - commandIndex != UNIMPLEMENTED_COMMAND_INDEX; - commandIndex = GetNextCommandIndex(commandIndex)) - { - if(CommandAuditIsRequired(commandIndex)) - { - if(commandList->count < count) - { - // If we have not filled up the return list, add this command - // code to its - TPM_CC cc = GET_ATTRIBUTE(s_ccAttr[commandIndex], - TPMA_CC, commandIndex); - if(IS_ATTRIBUTE(s_ccAttr[commandIndex], TPMA_CC, V)) - cc += (1 << 29); - commandList->commandCodes[commandList->count] = cc; - commandList->count++; - } - else - { - // If the return list is full but we still have command - // available, report this and stop iterating - more = YES; - break; - } - } - } - - return more; -} - -//*** CommandAuditGetDigest -// This command is used to create a digest of the commands being audited. The -// commands are processed in ascending numeric order with a list of TPM_CC being -// added to a hash. This operates as if all the audited command codes were -// concatenated and then hashed. -void -CommandAuditGetDigest( - TPM2B_DIGEST *digest // OUT: command digest - ) -{ - TPM_CC commandCode; - COMMAND_INDEX commandIndex; - HASH_STATE hashState; - - // Start hash - digest->t.size = CryptHashStart(&hashState, gp.auditHashAlg); - - // Add command code - for(commandIndex = 0; commandIndex < COMMAND_COUNT; commandIndex++) - { - if(CommandAuditIsRequired(commandIndex)) - { - commandCode = GetCommandCode(commandIndex); - CryptDigestUpdateInt(&hashState, sizeof(commandCode), commandCode); - } - } - - // Complete hash - CryptHashEnd2B(&hashState, &digest->b); - - return; -} \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/DA.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/DA.c deleted file mode 100644 index a537c719e..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/DA.c +++ /dev/null @@ -1,235 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Introduction -// This file contains the functions and data definitions relating to the -// dictionary attack logic. - -//** Includes and Data Definitions -#define DA_C -#include "Tpm.h" - -//** Functions - -//*** DAPreInstall_Init() -// This function initializes the DA parameters to their manufacturer-default -// values. The default values are determined by a platform-specific specification. -// -// This function should not be called outside of a manufacturing or simulation -// environment. -// -// The DA parameters will be restored to these initial values by TPM2_Clear(). -void -DAPreInstall_Init( - void - ) -{ - gp.failedTries = 0; - gp.maxTries = 3; - gp.recoveryTime = 1000; // in seconds (~16.67 minutes) - gp.lockoutRecovery = 1000; // in seconds - gp.lockOutAuthEnabled = TRUE; // Use of lockoutAuth is enabled - - // Record persistent DA parameter changes to NV - NV_SYNC_PERSISTENT(failedTries); - NV_SYNC_PERSISTENT(maxTries); - NV_SYNC_PERSISTENT(recoveryTime); - NV_SYNC_PERSISTENT(lockoutRecovery); - NV_SYNC_PERSISTENT(lockOutAuthEnabled); - - return; -} - - -//*** DAStartup() -// This function is called by TPM2_Startup() to initialize the DA parameters. -// In the case of Startup(CLEAR), use of lockoutAuth will be enabled if the -// lockout recovery time is 0. Otherwise, lockoutAuth will not be enabled until -// the TPM has been continuously powered for the lockoutRecovery time. -// -// This function requires that NV be available and not rate limiting. -BOOL -DAStartup( - STARTUP_TYPE type // IN: startup type - ) -{ - NOT_REFERENCED(type); -#if !ACCUMULATE_SELF_HEAL_TIMER - _plat__TimerWasReset(); - s_selfHealTimer = 0; - s_lockoutTimer = 0; -#else - if(_plat__TimerWasReset()) - { - if(!NV_IS_ORDERLY) - { - // If shutdown was not orderly, then don't really know if go.time has - // any useful value so reset the timer to 0. This is what the tick - // was reset to - s_selfHealTimer = 0; - s_lockoutTimer = 0; - } - else - { - // If we know how much time was accumulated at the last orderly shutdown - // subtract that from the saved timer values so that they effectively - // have the accumulated values - s_selfHealTimer -= go.time; - s_lockoutTimer -= go.time; - } - } -#endif - - // For any Startup(), if lockoutRecovery is 0, enable use of lockoutAuth. - if(gp.lockoutRecovery == 0) - { - gp.lockOutAuthEnabled = TRUE; - // Record the changes to NV - NV_SYNC_PERSISTENT(lockOutAuthEnabled); - } - - // If DA has not been disabled and the previous shutdown is not orderly - // failedTries is not already at its maximum then increment 'failedTries' - if(gp.recoveryTime != 0 - && gp.failedTries < gp.maxTries - && !IS_ORDERLY(g_prevOrderlyState)) - { -#if USE_DA_USED - gp.failedTries += g_daUsed; - g_daUsed = FALSE; -#else - gp.failedTries++; -#endif - // Record the change to NV - NV_SYNC_PERSISTENT(failedTries); - } - // Before Startup, the TPM will not do clock updates. At startup, need to - // do a time update which will do the DA update. - TimeUpdate(); - - return TRUE; -} - -//*** DARegisterFailure() -// This function is called when a authorization failure occurs on an entity -// that is subject to dictionary-attack protection. When a DA failure is -// triggered, register the failure by resetting the relevant self-healing -// timer to the current time. -void -DARegisterFailure( - TPM_HANDLE handle // IN: handle for failure - ) -{ - // Reset the timer associated with lockout if the handle is the lockoutAuth. - if(handle == TPM_RH_LOCKOUT) - s_lockoutTimer = g_time; - else - s_selfHealTimer = g_time; - return; -} - -//*** DASelfHeal() -// This function is called to check if sufficient time has passed to allow -// decrement of failedTries or to re-enable use of lockoutAuth. -// -// This function should be called when the time interval is updated. -void -DASelfHeal( - void - ) -{ - // Regular authorization self healing logic - // If no failed authorization tries, do nothing. Otherwise, try to - // decrease failedTries - if(gp.failedTries != 0) - { - // if recovery time is 0, DA logic has been disabled. Clear failed tries - // immediately - if(gp.recoveryTime == 0) - { - gp.failedTries = 0; - // Update NV record - NV_SYNC_PERSISTENT(failedTries); - } - else - { - UINT64 decreaseCount; -#if 0 // Errata eliminates this code - // In the unlikely event that failedTries should become larger than - // maxTries - if(gp.failedTries > gp.maxTries) - gp.failedTries = gp.maxTries; -#endif - // How much can failedTries be decreased - - // Cast s_selfHealTimer to an int in case it became negative at - // startup - decreaseCount = ((g_time - (INT64)s_selfHealTimer) / 1000) - / gp.recoveryTime; - - if(gp.failedTries <= (UINT32)decreaseCount) - // should not set failedTries below zero - gp.failedTries = 0; - else - gp.failedTries -= (UINT32)decreaseCount; - - // the cast prevents overflow of the product - s_selfHealTimer += (decreaseCount * (UINT64)gp.recoveryTime) * 1000; - if(decreaseCount != 0) - // If there was a change to the failedTries, record the changes - // to NV - NV_SYNC_PERSISTENT(failedTries); - } - } - - // LockoutAuth self healing logic - // If lockoutAuth is enabled, do nothing. Otherwise, try to see if we - // may enable it - if(!gp.lockOutAuthEnabled) - { - // if lockout authorization recovery time is 0, a reboot is required to - // re-enable use of lockout authorization. Self-healing would not - // apply in this case. - if(gp.lockoutRecovery != 0) - { - if(((g_time - (INT64)s_lockoutTimer) / 1000) >= gp.lockoutRecovery) - { - gp.lockOutAuthEnabled = TRUE; - // Record the changes to NV - NV_SYNC_PERSISTENT(lockOutAuthEnabled); - } - } - } - return; -} \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/Hierarchy.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/Hierarchy.c deleted file mode 100644 index bec54378d..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/Hierarchy.c +++ /dev/null @@ -1,237 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Introduction -// This file contains the functions used for managing and accessing the -// hierarchy-related values. - -//** Includes - -#include "Tpm.h" - -//** Functions - -//*** HierarchyPreInstall() -// This function performs the initialization functions for the hierarchy -// when the TPM is simulated. This function should not be called if the -// TPM is not in a manufacturing mode at the manufacturer, or in a simulated -// environment. -void -HierarchyPreInstall_Init( - void - ) -{ - // Allow lockout clear command - gp.disableClear = FALSE; - - // Initialize Primary Seeds - gp.EPSeed.t.size = sizeof(gp.EPSeed.t.buffer); - gp.SPSeed.t.size = sizeof(gp.SPSeed.t.buffer); - gp.PPSeed.t.size = sizeof(gp.PPSeed.t.buffer); -#if (defined USE_PLATFORM_EPS) && (USE_PLATFORM_EPS != NO) - _plat__GetEPS(gp.EPSeed.t.size, gp.EPSeed.t.buffer); -#else - CryptRandomGenerate(gp.EPSeed.t.size, gp.EPSeed.t.buffer); -#endif - CryptRandomGenerate(gp.SPSeed.t.size, gp.SPSeed.t.buffer); - CryptRandomGenerate(gp.PPSeed.t.size, gp.PPSeed.t.buffer); - - // Initialize owner, endorsement and lockout authorization - gp.ownerAuth.t.size = 0; - gp.endorsementAuth.t.size = 0; - gp.lockoutAuth.t.size = 0; - - // Initialize owner, endorsement, and lockout policy - gp.ownerAlg = TPM_ALG_NULL; - gp.ownerPolicy.t.size = 0; - gp.endorsementAlg = TPM_ALG_NULL; - gp.endorsementPolicy.t.size = 0; - gp.lockoutAlg = TPM_ALG_NULL; - gp.lockoutPolicy.t.size = 0; - - // Initialize ehProof, shProof and phProof - gp.phProof.t.size = sizeof(gp.phProof.t.buffer); - gp.shProof.t.size = sizeof(gp.shProof.t.buffer); - gp.ehProof.t.size = sizeof(gp.ehProof.t.buffer); - CryptRandomGenerate(gp.phProof.t.size, gp.phProof.t.buffer); - CryptRandomGenerate(gp.shProof.t.size, gp.shProof.t.buffer); - CryptRandomGenerate(gp.ehProof.t.size, gp.ehProof.t.buffer); - - // Write hierarchy data to NV - NV_SYNC_PERSISTENT(disableClear); - NV_SYNC_PERSISTENT(EPSeed); - NV_SYNC_PERSISTENT(SPSeed); - NV_SYNC_PERSISTENT(PPSeed); - NV_SYNC_PERSISTENT(ownerAuth); - NV_SYNC_PERSISTENT(endorsementAuth); - NV_SYNC_PERSISTENT(lockoutAuth); - NV_SYNC_PERSISTENT(ownerAlg); - NV_SYNC_PERSISTENT(ownerPolicy); - NV_SYNC_PERSISTENT(endorsementAlg); - NV_SYNC_PERSISTENT(endorsementPolicy); - NV_SYNC_PERSISTENT(lockoutAlg); - NV_SYNC_PERSISTENT(lockoutPolicy); - NV_SYNC_PERSISTENT(phProof); - NV_SYNC_PERSISTENT(shProof); - NV_SYNC_PERSISTENT(ehProof); - - return; -} - -//*** HierarchyStartup() -// This function is called at TPM2_Startup() to initialize the hierarchy -// related values. -BOOL -HierarchyStartup( - STARTUP_TYPE type // IN: start up type - ) -{ - // phEnable is SET on any startup - g_phEnable = TRUE; - - // Reset platformAuth, platformPolicy; enable SH and EH at TPM_RESET and - // TPM_RESTART - if(type != SU_RESUME) - { - gc.platformAuth.t.size = 0; - gc.platformPolicy.t.size = 0; - gc.platformAlg = TPM_ALG_NULL; - - // enable the storage and endorsement hierarchies and the platformNV - gc.shEnable = gc.ehEnable = gc.phEnableNV = TRUE; - } - - // nullProof and nullSeed are updated at every TPM_RESET - if((type != SU_RESTART) && (type != SU_RESUME)) - { - gr.nullProof.t.size = sizeof(gr.nullProof.t.buffer); - CryptRandomGenerate(gr.nullProof.t.size, gr.nullProof.t.buffer); - gr.nullSeed.t.size = sizeof(gr.nullSeed.t.buffer); - CryptRandomGenerate(gr.nullSeed.t.size, gr.nullSeed.t.buffer); - } - - return TRUE; -} - -//*** HierarchyGetProof() -// This function finds the proof value associated with a hierarchy.It returns a -// pointer to the proof value. -TPM2B_PROOF * -HierarchyGetProof( - TPMI_RH_HIERARCHY hierarchy // IN: hierarchy constant - ) -{ - TPM2B_PROOF *proof = NULL; - - switch(hierarchy) - { - case TPM_RH_PLATFORM: - // phProof for TPM_RH_PLATFORM - proof = &gp.phProof; - break; - case TPM_RH_ENDORSEMENT: - // ehProof for TPM_RH_ENDORSEMENT - proof = &gp.ehProof; - break; - case TPM_RH_OWNER: - // shProof for TPM_RH_OWNER - proof = &gp.shProof; - break; - default: - // nullProof for TPM_RH_NULL or anything else - proof = &gr.nullProof; - break; - } - return proof; -} - -//*** HierarchyGetPrimarySeed() -// This function returns the primary seed of a hierarchy. -TPM2B_SEED * -HierarchyGetPrimarySeed( - TPMI_RH_HIERARCHY hierarchy // IN: hierarchy - ) -{ - TPM2B_SEED *seed = NULL; - switch(hierarchy) - { - case TPM_RH_PLATFORM: - seed = &gp.PPSeed; - break; - case TPM_RH_OWNER: - seed = &gp.SPSeed; - break; - case TPM_RH_ENDORSEMENT: - seed = &gp.EPSeed; - break; - default: - seed = &gr.nullSeed; - break; - } - return seed; -} - -//*** HierarchyIsEnabled() -// This function checks to see if a hierarchy is enabled. -// NOTE: The TPM_RH_NULL hierarchy is always enabled. -// Return Type: BOOL -// TRUE(1) hierarchy is enabled -// FALSE(0) hierarchy is disabled -BOOL -HierarchyIsEnabled( - TPMI_RH_HIERARCHY hierarchy // IN: hierarchy - ) -{ - BOOL enabled = FALSE; - - switch(hierarchy) - { - case TPM_RH_PLATFORM: - enabled = g_phEnable; - break; - case TPM_RH_OWNER: - enabled = gc.shEnable; - break; - case TPM_RH_ENDORSEMENT: - enabled = gc.ehEnable; - break; - case TPM_RH_NULL: - enabled = TRUE; - break; - default: - enabled = FALSE; - break; - } - return enabled; -} \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/NvDynamic.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/NvDynamic.c deleted file mode 100644 index d73d4bf8d..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/NvDynamic.c +++ /dev/null @@ -1,1932 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Introduction - -// The NV memory is divided into two area: dynamic space for user defined NV -// indexes and evict objects, and reserved space for TPM persistent and state save -// data. -// -// The entries in dynamic space are a linked list of entries. Each entry has, as its -// first field, a size. If the size field is zero, it marks the end of the -// list. -// -// An Index allocation will contain an NV_INDEX structure. If the Index does not -// have the orderly attribute, the NV_INDEX is followed immediately by the NV data. -// -// An evict object entry contains a handle followed by an OBJECT structure. This -// results in both the Index and Evict Object having an identifying handle as the -// first field following the size field. -// -// When an Index has the orderly attribute, the data is kept in RAM. This RAM is -// saved to backing store in NV memory on any orderly shutdown. The entries in -// orderly memory are also a linked list using a size field as the first entry. -// -// The attributes of an orderly index are maintained in RAM memory in order to -// reduce the number of NV writes needed for orderly data. When an orderly index -// is created, an entry is made in the dynamic NV memory space that holds the Index -// authorizations (authPolicy and authValue) and the size of the data. This entry is -// only modified if the authValue of the index is changed. The more volatile data -// of the index is kept in RAM. When an orderly Index is created or deleted, the -// RAM data is copied to NV backing store so that the image in the backing store -// matches the layout of RAM. In normal operation. The RAM data is also copied on -// any orderly shutdown. In normal operation, the only other reason for writing -// to the backing store for RAM is when a counter is first written (TPMA_NV_WRITTEN -// changes from CLEAR to SET) or when a counter "rolls over." -// -// Static space contains items that are individually modifiable. The values are in -// the 'gp' PERSISTEND_DATA structure in RAM and mapped to locations in NV. -// - -//** Includes, Defines and Data Definitions -#define NV_C -#include "Tpm.h" -#include "PlatformData.h" - -//** Local Functions - - -//*** NvNext() -// This function provides a method to traverse every data entry in NV dynamic -// area. -// -// To begin with, parameter 'iter' should be initialized to NV_REF_INIT -// indicating the first element. Every time this function is called, the -// value in 'iter' would be adjusted pointing to the next element in -// traversal. If there is no next element, 'iter' value would be 0. -// This function returns the address of the 'data entry' pointed by the -// 'iter'. If there is no more element in the set, a 0 value is returned -// indicating the end of traversal. -// -static NV_REF -NvNext( - NV_REF *iter, // IN/OUT: the list iterator - TPM_HANDLE *handle // OUT: the handle of the next item. - ) -{ - NV_REF currentAddr; - NV_ENTRY_HEADER header; -// - // If iterator is at the beginning of list - if(*iter == NV_REF_INIT) - { - // Initialize iterator - *iter = NV_USER_DYNAMIC; - } - // Step over the size field and point to the handle - currentAddr = *iter + sizeof(UINT32); - - // read the header of the next entry - NvRead(&header, *iter, sizeof(NV_ENTRY_HEADER)); - - // if the size field is zero, then we have hit the end of the list - if(header.size == 0) - // leave the *iter pointing at the end of the list - return 0; - // advance the header by the size of the entry - *iter += header.size; - - if(handle != NULL) - *handle = header.handle; - return currentAddr; -} - - -//*** NvNextByType() -// This function returns a reference to the next NV entry of the desired type -// Return Type: NV_REF -// 0 end of list -// != 0 the next entry of the indicated type -static NV_REF -NvNextByType( - TPM_HANDLE *handle, // OUT: the handle of the found type - NV_REF *iter, // IN: the iterator - TPM_HT type // IN: the handle type to look for - ) -{ - NV_REF addr; - TPM_HANDLE nvHandle; -// - while((addr = NvNext(iter, &nvHandle)) != 0) - { - // addr: the address of the location containing the handle of the value - // iter: the next location. - if(HandleGetType(nvHandle) == type) - break; - } - if(handle != NULL) - *handle = nvHandle; - return addr; -} - -//*** NvNextIndex() -// This function returns the reference to the next NV Index entry. A value -// of 0 indicates the end of the list. -// Return Type: NV_REF -// 0 end of list -// != 0 the next reference -#define NvNextIndex(handle, iter) \ - NvNextByType(handle, iter, TPM_HT_NV_INDEX) - -//*** NvNextEvict() -// This function returns the offset in NV of the next evict object entry. A value -// of 0 indicates the end of the list. -#define NvNextEvict(handle, iter) \ - NvNextByType(handle, iter, TPM_HT_PERSISTENT) - -//*** NvGetEnd() -// Function to find the end of the NV dynamic data list -static NV_REF -NvGetEnd( - void - ) -{ - NV_REF iter = NV_REF_INIT; - NV_REF currentAddr; -// - // Scan until the next address is 0 - while((currentAddr = NvNext(&iter, NULL)) != 0); - return iter; -} - -//*** NvGetFreeBytes -// This function returns the number of free octets in NV space. -static UINT32 -NvGetFreeBytes( - void - ) -{ - // This does not have an overflow issue because NvGetEnd() cannot return a value - // that is larger than s_evictNvEnd. This is because there is always a 'stop' - // word in the NV memory that terminates the search for the end before the - // value can go past s_evictNvEnd. - return s_evictNvEnd - NvGetEnd(); -} - -//*** NvTestSpace() -// This function will test if there is enough space to add a new entity. -// Return Type: BOOL -// TRUE(1) space available -// FALSE(0) no enough space -static BOOL -NvTestSpace( - UINT32 size, // IN: size of the entity to be added - BOOL isIndex, // IN: TRUE if the entity is an index - BOOL isCounter // IN: TRUE if the index is a counter - ) -{ - UINT32 remainBytes = NvGetFreeBytes(); - UINT32 reserved = sizeof(UINT32) // size of the forward pointer - + sizeof(NV_LIST_TERMINATOR); -// - // Do a compile time sanity check on the setting for NV_MEMORY_SIZE -#if NV_MEMORY_SIZE < 1024 -#error "NV_MEMORY_SIZE probably isn't large enough" -#endif - - // For NV Index, need to make sure that we do not allocate an Index if this - // would mean that the TPM cannot allocate the minimum number of evict - // objects. - if(isIndex) - { - // Get the number of persistent objects allocated - UINT32 persistentNum = NvCapGetPersistentNumber(); - - // If we have not allocated the requisite number of evict objects, then we - // need to reserve space for them. - // NOTE: some of this is not written as simply as it might seem because - // the values are all unsigned and subtracting needs to be done carefully - // so that an underflow doesn't cause problems. - if(persistentNum < MIN_EVICT_OBJECTS) - reserved += (MIN_EVICT_OBJECTS - persistentNum) * NV_EVICT_OBJECT_SIZE; - } - // If this is not an index or is not a counter, reserve space for the - // required number of counter indexes - if(!isIndex || !isCounter) - { - // Get the number of counters - UINT32 counterNum = NvCapGetCounterNumber(); - - // If the required number of counters have not been allocated, reserved - // space for the extra needed counters - if(counterNum < MIN_COUNTER_INDICES) - reserved += (MIN_COUNTER_INDICES - counterNum) * NV_INDEX_COUNTER_SIZE; - } - // Check that the requested allocation will fit after making sure that there - // will be no chance of overflow - return ((reserved < remainBytes) - && (size <= remainBytes) - && (size + reserved <= remainBytes)); -} - -//*** NvWriteNvListEnd() -// Function to write the list terminator. -NV_REF -NvWriteNvListEnd( - NV_REF end - ) -{ - // Marker is initialized with zeros - BYTE listEndMarker[sizeof(NV_LIST_TERMINATOR)] = {0}; - UINT64 maxCount = NvReadMaxCount(); -// - // This is a constant check that can be resolved at compile time. - cAssert(sizeof(UINT64) <= sizeof(NV_LIST_TERMINATOR) - sizeof(UINT32)); - - // Copy the maxCount value to the marker buffer - MemoryCopy(&listEndMarker[sizeof(UINT32)], &maxCount, sizeof(UINT64)); - pAssert(end + sizeof(NV_LIST_TERMINATOR) <= s_evictNvEnd); - - // Write it to memory - NvWrite(end, sizeof(NV_LIST_TERMINATOR), &listEndMarker); - return end + sizeof(NV_LIST_TERMINATOR); -} - - -//*** NvAdd() -// This function adds a new entity to NV. -// -// This function requires that there is enough space to add a new entity (i.e., -// that NvTestSpace() has been called and the available space is at least as -// large as the required space). -// -// The 'totalSize' will be the size of 'entity'. If a handle is added, this -// function will increase the size accordingly. -static TPM_RC -NvAdd( - UINT32 totalSize, // IN: total size needed for this entity For - // evict object, totalSize is the same as - // bufferSize. For NV Index, totalSize is - // bufferSize plus index data size - UINT32 bufferSize, // IN: size of initial buffer - TPM_HANDLE handle, // IN: optional handle - BYTE *entity // IN: initial buffer - ) -{ - NV_REF newAddr; // IN: where the new entity will start - NV_REF nextAddr; -// - RETURN_IF_NV_IS_NOT_AVAILABLE; - - // Get the end of data list - newAddr = NvGetEnd(); - - // Step over the forward pointer - nextAddr = newAddr + sizeof(UINT32); - - // Optionally write the handle. For indexes, the handle is TPM_RH_UNASSIGNED - // so that the handle in the nvIndex is used instead of writing this value - if(handle != TPM_RH_UNASSIGNED) - { - NvWrite((UINT32)nextAddr, sizeof(TPM_HANDLE), &handle); - nextAddr += sizeof(TPM_HANDLE); - } - // Write entity data - NvWrite((UINT32)nextAddr, bufferSize, entity); - - // Advance the pointer by the amount of the total - nextAddr += totalSize; - - // Finish by writing the link value - - // Write the next offset (relative addressing) - totalSize = nextAddr - newAddr; - - // Write link value - NvWrite((UINT32)newAddr, sizeof(UINT32), &totalSize); - - // Write the list terminator - NvWriteNvListEnd(nextAddr); - - return TPM_RC_SUCCESS; -} - -//*** NvDelete() -// This function is used to delete an NV Index or persistent object from NV memory. -static TPM_RC -NvDelete( - NV_REF entityRef // IN: reference to entity to be deleted - ) -{ - UINT32 entrySize; - // adjust entityAddr to back up and point to the forward pointer - NV_REF entryRef = entityRef - sizeof(UINT32); - NV_REF endRef = NvGetEnd(); - NV_REF nextAddr; // address of the next entry -// - RETURN_IF_NV_IS_NOT_AVAILABLE; - - // Get the offset of the next entry. That is, back up and point to the size - // field of the entry - NvRead(&entrySize, entryRef, sizeof(UINT32)); - - // The next entry after the one being deleted is at a relative offset - // from the current entry - nextAddr = entryRef + entrySize; - - // If this is not the last entry, move everything up - if(nextAddr < endRef) - { - pAssert(nextAddr > entryRef); - _plat__NvMemoryMove(nextAddr, - entryRef, - (endRef - nextAddr)); - } - // The end of the used space is now moved up by the amount of space we just - // reclaimed - endRef -= entrySize; - - // Write the end marker, and make the new end equal to the first byte after - // the just added end value. This will automatically update the NV value for - // maxCounter. - // NOTE: This is the call that sets flag to cause NV to be updated - endRef = NvWriteNvListEnd(endRef); - - // Clear the reclaimed memory - _plat__NvMemoryClear(endRef, entrySize); - - return TPM_RC_SUCCESS; -} - -//************************************************ -//** RAM-based NV Index Data Access Functions -//************************************************ -//*** Introduction -// The data layout in ram buffer is {size of(NV_handle + attributes + data -// NV_handle, attributes, data} -// for each NV Index data stored in RAM. -// -// NV storage associated with orderly data is updated when a NV Index is added -// but NOT when the data or attributes are changed. Orderly data is only updated -// to NV on an orderly shutdown (TPM2_Shutdown()) - -//*** NvRamNext() -// This function is used to iterate trough the list of Ram Index values. *iter needs -// to be initialized by calling -static NV_RAM_REF -NvRamNext( - NV_RAM_REF *iter, // IN/OUT: the list iterator - TPM_HANDLE *handle // OUT: the handle of the next item. - ) -{ - NV_RAM_REF currentAddr; - NV_RAM_HEADER header; -// - // If iterator is at the beginning of list - if(*iter == NV_RAM_REF_INIT) - { - // Initialize iterator - *iter = &s_indexOrderlyRam[0]; - } - // if we are going to return what the iter is currently pointing to... - currentAddr = *iter; - - // If iterator reaches the end of NV space, then don't advance and return - // that we are at the end of the list. The end of the list occurs when - // we don't have space for a size and a handle - if(currentAddr + sizeof(NV_RAM_HEADER) > RAM_ORDERLY_END) - return NULL; - // read the header of the next entry - MemoryCopy(&header, currentAddr, sizeof(NV_RAM_HEADER)); - - // if the size field is zero, then we have hit the end of the list - if(header.size == 0) - // leave the *iter pointing at the end of the list - return NULL; - // advance the header by the size of the entry - *iter = currentAddr + header.size; - -// pAssert(*iter <= RAM_ORDERLY_END); - if(handle != NULL) - *handle = header.handle; - return currentAddr; -} - -//*** NvRamGetEnd() -// This routine performs the same function as NvGetEnd() but for the RAM data. -static NV_RAM_REF -NvRamGetEnd( - void - ) -{ - NV_RAM_REF iter = NV_RAM_REF_INIT; - NV_RAM_REF currentAddr; -// - // Scan until the next address is 0 - while((currentAddr = NvRamNext(&iter, NULL)) != 0); - return iter; -} - -//*** NvRamTestSpaceIndex() -// This function indicates if there is enough RAM space to add a data for a -// new NV Index. -// Return Type: BOOL -// TRUE(1) space available -// FALSE(0) no enough space -static BOOL -NvRamTestSpaceIndex( - UINT32 size // IN: size of the data to be added to RAM - ) -{ - UINT32 remaining = (UINT32)(RAM_ORDERLY_END - NvRamGetEnd()); - UINT32 needed = sizeof(NV_RAM_HEADER) + size; -// - // NvRamGetEnd points to the next available byte. - return remaining >= needed; -} - -//*** NvRamGetIndex() -// This function returns the offset of NV data in the RAM buffer -// -// This function requires that NV Index is in RAM. That is, the -// index must be known to exist. -static NV_RAM_REF -NvRamGetIndex( - TPMI_RH_NV_INDEX handle // IN: NV handle - ) -{ - NV_RAM_REF iter = NV_RAM_REF_INIT; - NV_RAM_REF currentAddr; - TPM_HANDLE foundHandle; -// - while((currentAddr = NvRamNext(&iter, &foundHandle)) != 0) - { - if(handle == foundHandle) - break; - } - return currentAddr; -} - -//*** NvUpdateIndexOrderlyData() -// This function is used to cause an update of the orderly data to the NV backing -// store. -void -NvUpdateIndexOrderlyData( - void - ) -{ - // Write reserved RAM space to NV - NvWrite(NV_INDEX_RAM_DATA, sizeof(s_indexOrderlyRam), s_indexOrderlyRam); -} - -//*** NvAddRAM() -// This function adds a new data area to RAM. -// -// This function requires that enough free RAM space is available to add -// the new data. -// -// This function should be called after the NV Index space has been updated -// and the index removed. This insures that NV is available so that checking -// for NV availability is not required during this function. -static void -NvAddRAM( - TPMS_NV_PUBLIC *index // IN: the index descriptor - ) -{ - NV_RAM_HEADER header; - NV_RAM_REF end = NvRamGetEnd(); -// - header.size = sizeof(NV_RAM_HEADER) + index->dataSize; - header.handle = index->nvIndex; - MemoryCopy(&header.attributes, &index->attributes, sizeof(TPMA_NV)); - - pAssert(ORDERLY_RAM_ADDRESS_OK(end, header.size)); - - // Copy the header to the memory - MemoryCopy(end, &header, sizeof(NV_RAM_HEADER)); - - // Clear the data area (just in case) - MemorySet(end + sizeof(NV_RAM_HEADER), 0, index->dataSize); - - // Step over this new entry - end += header.size; - - // If the end marker will fit, add it - if(end + sizeof(UINT32) < RAM_ORDERLY_END) - MemorySet(end, 0, sizeof(UINT32)); - // Write reserved RAM space to NV to reflect the newly added NV Index - SET_NV_UPDATE(UT_ORDERLY); - - return; -} - -//*** NvDeleteRAM() -// This function is used to delete a RAM-backed NV Index data area. -// The space used by the entry are overwritten by the contents of the -// Index data that comes after (the data is moved up to fill the hole left -// by removing this index. The reclaimed space is cleared to zeros. -// This function assumes the data of NV Index exists in RAM. -// -// This function should be called after the NV Index space has been updated -// and the index removed. This insures that NV is available so that checking -// for NV availability is not required during this function. -static void -NvDeleteRAM( - TPMI_RH_NV_INDEX handle // IN: NV handle - ) -{ - NV_RAM_REF nodeAddress; - NV_RAM_REF nextNode; - UINT32 size; - NV_RAM_REF lastUsed = NvRamGetEnd(); -// - nodeAddress = NvRamGetIndex(handle); - - pAssert(nodeAddress != 0); - - // Get node size - MemoryCopy(&size, nodeAddress, sizeof(size)); - - // Get the offset of next node - nextNode = nodeAddress + size; - - // Copy the data - MemoryCopy(nodeAddress, nextNode, (int)(lastUsed - nextNode)); - - // Clear out the reclaimed space - MemorySet(lastUsed - size, 0, size); - - // Write reserved RAM space to NV to reflect the newly delete NV Index - SET_NV_UPDATE(UT_ORDERLY); - - return; -} - -//*** NvReadIndex() -// This function is used to read the NV Index NV_INDEX. This is used so that the -// index information can be compressed and only this function would be needed -// to decompress it. Mostly, compression would only be able to save the space -// needed by the policy. -void -NvReadNvIndexInfo( - NV_REF ref, // IN: points to NV where index is located - NV_INDEX *nvIndex // OUT: place to receive index data - ) -{ - pAssert(nvIndex != NULL); - NvRead(nvIndex, ref, sizeof(NV_INDEX)); - return; -} - -//*** NvReadObject() -// This function is used to read a persistent object. This is used so that the -// object information can be compressed and only this function would be needed -// to uncompress it. -void -NvReadObject( - NV_REF ref, // IN: points to NV where index is located - OBJECT *object // OUT: place to receive the object data - ) -{ - NvRead(object, (ref + sizeof(TPM_HANDLE)), sizeof(OBJECT)); - return; -} - -//*** NvFindEvict() -// This function will return the NV offset of an evict object -// Return Type: UINT32 -// 0 evict object not found -// != 0 offset of evict object -static NV_REF -NvFindEvict( - TPM_HANDLE nvHandle, - OBJECT *object - ) -{ - NV_REF found = NvFindHandle(nvHandle); -// - // If we found the handle and the request included an object pointer, fill it in - if(found != 0 && object != NULL) - NvReadObject(found, object); - return found; -} - -//*** NvIndexIsDefined() -// See if an index is already defined -BOOL -NvIndexIsDefined( - TPM_HANDLE nvHandle // IN: Index to look for - ) -{ - return (NvFindHandle(nvHandle) != 0); -} - -//*** NvConditionallyWrite() -// Function to check if the data to be written has changed -// and write it if it has -// Return Type: TPM_RC -// TPM_RC_NV_RATE NV is unavailable because of rate limit -// TPM_RC_NV_UNAVAILABLE NV is inaccessible -static TPM_RC -NvConditionallyWrite( - NV_REF entryAddr, // IN: stating address - UINT32 size, // IN: size of the data to write - void *data // IN: the data to write - ) -{ - // If the index data is actually changed, then a write to NV is required - if(_plat__NvIsDifferent(entryAddr, size, data)) - { - // Write the data if NV is available - if(g_NvStatus == TPM_RC_SUCCESS) - { - NvWrite(entryAddr, size, data); - } - return g_NvStatus; - } - return TPM_RC_SUCCESS; -} - -//*** NvReadNvIndexAttributes() -// This function returns the attributes of an NV Index. -static TPMA_NV -NvReadNvIndexAttributes( - NV_REF locator // IN: reference to an NV index - ) -{ - TPMA_NV attributes; -// - NvRead(&attributes, - locator + offsetof(NV_INDEX, publicArea.attributes), - sizeof(TPMA_NV)); - return attributes; -} - -//*** NvReadRamIndexAttributes() -// This function returns the attributes from the RAM header structure. This function -// is used to deal with the fact that the header structure is only byte aligned. -static TPMA_NV -NvReadRamIndexAttributes( - NV_RAM_REF ref // IN: pointer to a NV_RAM_HEADER - ) -{ - TPMA_NV attributes; -// - MemoryCopy(&attributes, ref + offsetof(NV_RAM_HEADER, attributes), - sizeof(TPMA_NV)); - return attributes; -} - -//*** NvWriteNvIndexAttributes() -// This function is used to write just the attributes of an index to NV. -// Return type: TPM_RC -// TPM_RC_NV_RATE NV is rate limiting so retry -// TPM_RC_NV_UNAVAILABLE NV is not available -static TPM_RC -NvWriteNvIndexAttributes( - NV_REF locator, // IN: location of the index - TPMA_NV attributes // IN: attributes to write - ) -{ - return NvConditionallyWrite( - locator + offsetof(NV_INDEX, publicArea.attributes), - sizeof(TPMA_NV), - &attributes); -} - -//*** NvWriteRamIndexAttributes() -// This function is used to write the index attributes into an unaligned structure -static void -NvWriteRamIndexAttributes( - NV_RAM_REF ref, // IN: address of the header - TPMA_NV attributes // IN: the attributes to write - ) -{ - MemoryCopy(ref + offsetof(NV_RAM_HEADER, attributes), &attributes, - sizeof(TPMA_NV)); - return; -} - -//************************************************ -//** Externally Accessible Functions -//************************************************ - -//*** NvIsPlatformPersistentHandle() -// This function indicates if a handle references a persistent object in the -// range belonging to the platform. -// Return Type: BOOL -// TRUE(1) handle references a platform persistent object -// and may reference an owner persistent object either -// FALSE(0) handle does not reference platform persistent object -BOOL -NvIsPlatformPersistentHandle( - TPM_HANDLE handle // IN: handle - ) -{ - return (handle >= PLATFORM_PERSISTENT && handle <= PERSISTENT_LAST); -} - -//*** NvIsOwnerPersistentHandle() -// This function indicates if a handle references a persistent object in the -// range belonging to the owner. -// Return Type: BOOL -// TRUE(1) handle is owner persistent handle -// FALSE(0) handle is not owner persistent handle and may not be -// a persistent handle at all -BOOL -NvIsOwnerPersistentHandle( - TPM_HANDLE handle // IN: handle - ) -{ - return (handle >= PERSISTENT_FIRST && handle < PLATFORM_PERSISTENT); -} - -//*** NvIndexIsAccessible() -// -// This function validates that a handle references a defined NV Index and -// that the Index is currently accessible. -// Return Type: TPM_RC -// TPM_RC_HANDLE the handle points to an undefined NV Index -// If shEnable is CLEAR, this would include an index -// created using ownerAuth. If phEnableNV is CLEAR, -// this would include and index created using -// platformAuth -// TPM_RC_NV_READLOCKED Index is present but locked for reading and command -// does not write to the index -// TPM_RC_NV_WRITELOCKED Index is present but locked for writing and command -// writes to the index -TPM_RC -NvIndexIsAccessible( - TPMI_RH_NV_INDEX handle // IN: handle - ) -{ - NV_INDEX *nvIndex = NvGetIndexInfo(handle, NULL); -// - if(nvIndex == NULL) - // If index is not found, return TPM_RC_HANDLE - return TPM_RC_HANDLE; - if(gc.shEnable == FALSE || gc.phEnableNV == FALSE) - { - // if shEnable is CLEAR, an ownerCreate NV Index should not be - // indicated as present - if(!IS_ATTRIBUTE(nvIndex->publicArea.attributes, TPMA_NV, PLATFORMCREATE)) - { - if(gc.shEnable == FALSE) - return TPM_RC_HANDLE; - } - // if phEnableNV is CLEAR, a platform created Index should not - // be visible - else if(gc.phEnableNV == FALSE) - return TPM_RC_HANDLE; - } -#if 0 // Writelock test for debug - // If the Index is write locked and this is an NV Write operation... - if(IS_ATTRIBUTE(nvIndex->publicArea.attributes, TPMA_NV, WRITELOCKED) - && IsWriteOperation(commandIndex)) - { - // then return a locked indication unless the command is TPM2_NV_WriteLock - if(GetCommandCode(commandIndex) != TPM_CC_NV_WriteLock) - return TPM_RC_NV_LOCKED; - return TPM_RC_SUCCESS; - } -#endif -#if 0 // Readlock Test for debug - // If the Index is read locked and this is an NV Read operation... - if(IS_ATTRIBUTE(nvIndex->publicArea.attributes, TPMA_NV, READLOCKED) - && IsReadOperation(commandIndex)) - { - // then return a locked indication unless the command is TPM2_NV_ReadLock - if(GetCommandCode(commandIndex) != TPM_CC_NV_ReadLock) - return TPM_RC_NV_LOCKED; - } -#endif - // NV Index is accessible - return TPM_RC_SUCCESS; -} - -//*** NvGetEvictObject() -// This function is used to dereference an evict object handle and get a pointer -// to the object. -// Return Type: TPM_RC -// TPM_RC_HANDLE the handle does not point to an existing -// persistent object -TPM_RC -NvGetEvictObject( - TPM_HANDLE handle, // IN: handle - OBJECT *object // OUT: object data - ) -{ - NV_REF entityAddr; // offset points to the entity -// - // Find the address of evict object and copy to object - entityAddr = NvFindEvict(handle, object); - - // whether there is an error or not, make sure that the evict - // status of the object is set so that the slot will get freed on exit - // Must do this after NvFindEvict loads the object - object->attributes.evict = SET; - - // If handle is not found, return an error - if(entityAddr == 0) - return TPM_RC_HANDLE; - return TPM_RC_SUCCESS; -} - -//*** NvIndexCacheInit() -// Function to initialize the Index cache -void -NvIndexCacheInit( - void - ) -{ - s_cachedNvRef = NV_REF_INIT; - s_cachedNvRamRef = NV_RAM_REF_INIT; - s_cachedNvIndex.publicArea.nvIndex = TPM_RH_UNASSIGNED; - return; -} - - -//*** NvGetIndexData() -// This function is used to access the data in an NV Index. The data is returned -// as a byte sequence. -// -// This function requires that the NV Index be defined, and that the -// required data is within the data range. It also requires that TPMA_NV_WRITTEN -// of the Index is SET. -void -NvGetIndexData( - NV_INDEX *nvIndex, // IN: the in RAM index descriptor - NV_REF locator, // IN: where the data is located - UINT32 offset, // IN: offset of NV data - UINT16 size, // IN: number of octets of NV data to read - void *data // OUT: data buffer - ) -{ - TPMA_NV nvAttributes; -// - pAssert(nvIndex != NULL); - - nvAttributes = nvIndex->publicArea.attributes; - - pAssert(IS_ATTRIBUTE(nvAttributes, TPMA_NV, WRITTEN)); - - if(IS_ATTRIBUTE(nvAttributes, TPMA_NV, ORDERLY)) - { - // Get data from RAM buffer - NV_RAM_REF ramAddr = NvRamGetIndex(nvIndex->publicArea.nvIndex); - pAssert(ramAddr != 0 && (size <= - ((NV_RAM_HEADER *)ramAddr)->size - sizeof(NV_RAM_HEADER) - offset)); - MemoryCopy(data, ramAddr + sizeof(NV_RAM_HEADER) + offset, size); - } - else - { - // Validate that read falls within range of the index - pAssert(offset <= nvIndex->publicArea.dataSize - && size <= (nvIndex->publicArea.dataSize - offset)); - NvRead(data, locator + sizeof(NV_INDEX) + offset, size); - } - return; -} - -//*** NvHashIndexData() -// This function adds Index data to a hash. It does this in parts to avoid large stack -// buffers. -void -NvHashIndexData( - HASH_STATE *hashState, // IN: Initialized hash state - NV_INDEX *nvIndex, // IN: Index - NV_REF locator, // IN: where the data is located - UINT32 offset, // IN: starting offset - UINT16 size // IN: amount to hash -) -{ -#define BUFFER_SIZE 64 - BYTE buffer[BUFFER_SIZE]; - if (offset > nvIndex->publicArea.dataSize) - return; - // Make sure that we don't try to read off the end. - if ((offset + size) > nvIndex->publicArea.dataSize) - size = nvIndex->publicArea.dataSize - (UINT16)offset; -#if BUFFER_SIZE >= MAX_NV_INDEX_SIZE - NvGetIndexData(nvIndex, locator, offset, size, buffer); - CryptDigestUpdate(hashState, size, buffer); -#else - { - INT16 i; - UINT16 readSize; - // - for (i = size; i > 0; offset += readSize, i -= readSize) - { - readSize = (i < BUFFER_SIZE) ? i : BUFFER_SIZE; - NvGetIndexData(nvIndex, locator, offset, readSize, buffer); - CryptDigestUpdate(hashState, readSize, buffer); - } - } -#endif // BUFFER_SIZE >= MAX_NV_INDEX_SIZE -#undef BUFFER_SIZE -} - - -//*** NvGetUINT64Data() -// Get data in integer format of a bit or counter NV Index. -// -// This function requires that the NV Index is defined and that the NV Index -// previously has been written. -UINT64 -NvGetUINT64Data( - NV_INDEX *nvIndex, // IN: the in RAM index descriptor - NV_REF locator // IN: where index exists in NV - ) -{ - UINT64 intVal; -// - // Read the value and convert it to internal format - NvGetIndexData(nvIndex, locator, 0, 8, &intVal); - return BYTE_ARRAY_TO_UINT64(((BYTE *)&intVal)); -} - -//*** NvWriteIndexAttributes() -// This function is used to write just the attributes of an index. -// Return type: TPM_RC -// TPM_RC_NV_RATE NV is rate limiting so retry -// TPM_RC_NV_UNAVAILABLE NV is not available -TPM_RC -NvWriteIndexAttributes( - TPM_HANDLE handle, - NV_REF locator, // IN: location of the index - TPMA_NV attributes // IN: attributes to write - ) -{ - TPM_RC result; -// - if(IS_ATTRIBUTE(attributes, TPMA_NV, ORDERLY)) - { - NV_RAM_REF ram = NvRamGetIndex(handle); - NvWriteRamIndexAttributes(ram, attributes); - result = TPM_RC_SUCCESS; - } - else - { - result = NvWriteNvIndexAttributes(locator, attributes); - } - return result; -} - -//*** NvWriteIndexAuth() -// This function is used to write the authValue of an index. It is used by -// TPM2_NV_ChangeAuth() -// Return type: TPM_RC -// TPM_RC_NV_RATE NV is rate limiting so retry -// TPM_RC_NV_UNAVAILABLE NV is not available -TPM_RC -NvWriteIndexAuth( - NV_REF locator, // IN: location of the index - TPM2B_AUTH *authValue // IN: the authValue to write - ) -{ - TPM_RC result; -// - // If the locator is pointing to the cached index value... - if(locator == s_cachedNvRef) - { - // copy the authValue to the cached index so it will be there if we - // look for it. This is a safety thing. - MemoryCopy2B(&s_cachedNvIndex.authValue.b, &authValue->b, - sizeof(s_cachedNvIndex.authValue.t.buffer)); - } - result = NvConditionallyWrite( - locator + offsetof(NV_INDEX, authValue), - sizeof(UINT16) + authValue->t.size, - authValue); - return result; -} - -//*** NvGetIndexInfo() -// This function loads the nvIndex Info into the NV cache and returns a pointer -// to the NV_INDEX. If the returned value is zero, the index was not found. -// The 'locator' parameter, if not NULL, will be set to the offset in NV of the -// Index (the location of the handle of the Index). -// -// This function will set the index cache. If the index is orderly, the attributes -// from RAM are substituted for the attributes in the cached index -NV_INDEX * -NvGetIndexInfo( - TPM_HANDLE nvHandle, // IN: the index handle - NV_REF *locator // OUT: location of the index - ) -{ - if(s_cachedNvIndex.publicArea.nvIndex != nvHandle) - { - s_cachedNvIndex.publicArea.nvIndex = TPM_RH_UNASSIGNED; - s_cachedNvRamRef = 0; - s_cachedNvRef = NvFindHandle(nvHandle); - if(s_cachedNvRef == 0) - return NULL; - NvReadNvIndexInfo(s_cachedNvRef, &s_cachedNvIndex); - if(IS_ATTRIBUTE(s_cachedNvIndex.publicArea.attributes, TPMA_NV, ORDERLY)) - { - s_cachedNvRamRef = NvRamGetIndex(nvHandle); - s_cachedNvIndex.publicArea.attributes = - NvReadRamIndexAttributes(s_cachedNvRamRef); - } - } - if(locator != NULL) - *locator = s_cachedNvRef; - return &s_cachedNvIndex; -} - -//*** NvWriteIndexData() -// This function is used to write NV index data. It is intended to be used to -// update the data associated with the default index. -// -// This function requires that the NV Index is defined, and the data is -// within the defined data range for the index. -// -// Index data is only written due to a command that modifies the data in a single -// index. There is no case where changes are made to multiple indexes data at the -// same time. Multiple attributes may be change but not multiple index data. This -// is important because we will normally be handling the index for which we have -// the cached pointer values. -// Return type: TPM_RC -// TPM_RC_NV_RATE NV is rate limiting so retry -// TPM_RC_NV_UNAVAILABLE NV is not available -TPM_RC -NvWriteIndexData( - NV_INDEX *nvIndex, // IN: the description of the index - UINT32 offset, // IN: offset of NV data - UINT32 size, // IN: size of NV data - void *data // IN: data buffer - ) -{ - TPM_RC result = TPM_RC_SUCCESS; -// - pAssert(nvIndex != NULL); - // Make sure that this is dealing with the 'default' index. - // Note: it is tempting to change the calling sequence so that the 'default' is - // presumed. - pAssert(nvIndex->publicArea.nvIndex == s_cachedNvIndex.publicArea.nvIndex); - - // Validate that write falls within range of the index - pAssert(offset <= nvIndex->publicArea.dataSize - && size <= (nvIndex->publicArea.dataSize - offset)); - - // Update TPMA_NV_WRITTEN bit if necessary - if(!IS_ATTRIBUTE(nvIndex->publicArea.attributes, TPMA_NV, WRITTEN)) - { - // Update the in memory version of the attributes - SET_ATTRIBUTE(nvIndex->publicArea.attributes, TPMA_NV, WRITTEN); - - // If this is not orderly, then update the NV version of - // the attributes - if(!IS_ATTRIBUTE(nvIndex->publicArea.attributes, TPMA_NV, ORDERLY)) - { - result = NvWriteNvIndexAttributes(s_cachedNvRef, - nvIndex->publicArea.attributes); - if(result != TPM_RC_SUCCESS) - return result; - // If this is a partial write of an ordinary index, clear the whole - // index. - if(IsNvOrdinaryIndex(nvIndex->publicArea.attributes) - && (nvIndex->publicArea.dataSize > size)) - _plat__NvMemoryClear(s_cachedNvRef + sizeof(NV_INDEX), - nvIndex->publicArea.dataSize); - } - else - { - // This is orderly so update the RAM version - MemoryCopy(s_cachedNvRamRef + offsetof(NV_RAM_HEADER, attributes), - &nvIndex->publicArea.attributes, sizeof(TPMA_NV)); - // If setting WRITTEN for an orderly counter, make sure that the - // state saved version of the counter is saved - if(IsNvCounterIndex(nvIndex->publicArea.attributes)) - SET_NV_UPDATE(UT_ORDERLY); - // If setting the written attribute on an ordinary index, make sure that - // the data is all cleared out in case there is a partial write. This - // is only necessary for ordinary indexes because all of the other types - // are always written in total. - else if(IsNvOrdinaryIndex(nvIndex->publicArea.attributes)) - MemorySet(s_cachedNvRamRef + sizeof(NV_RAM_HEADER), - 0, nvIndex->publicArea.dataSize); - } - } - // If this is orderly data, write it to RAM - if(IS_ATTRIBUTE(nvIndex->publicArea.attributes, TPMA_NV, ORDERLY)) - { - // Note: if this is the first write to a counter, the code above will queue - // the write to NV of the RAM data in order to update TPMA_NV_WRITTEN. In - // process of doing that write, it will also write the initial counter value - - // Update RAM - MemoryCopy(s_cachedNvRamRef + sizeof(NV_RAM_HEADER) + offset, data, size); - - // And indicate that the TPM is no longer orderly - g_clearOrderly = TRUE; - } - else - { - // Offset into the index to the first byte of the data to be written to NV - result = NvConditionallyWrite(s_cachedNvRef + sizeof(NV_INDEX) + offset, - size, data); - } - return result; -} - -//*** NvWriteUINT64Data() -// This function to write back a UINT64 value. The various UINT64 values (bits, -// counters, and PINs) are kept in canonical format but manipulate in native -// format. This takes a native format value converts it and saves it back as -// in canonical format. -// -// This function will return the value from NV or RAM depending on the type of the -// index (orderly or not) -// -TPM_RC -NvWriteUINT64Data( - NV_INDEX *nvIndex, // IN: the description of the index - UINT64 intValue // IN: the value to write - ) -{ - BYTE bytes[8]; - UINT64_TO_BYTE_ARRAY(intValue, bytes); -// - return NvWriteIndexData(nvIndex, 0, 8, &bytes); -} - -//*** NvGetIndexName() -// This function computes the Name of an index -// The 'name' buffer receives the bytes of the Name and the return value -// is the number of octets in the Name. -// -// This function requires that the NV Index is defined. -TPM2B_NAME * -NvGetIndexName( - NV_INDEX *nvIndex, // IN: the index over which the name is to be - // computed - TPM2B_NAME *name // OUT: name of the index - ) -{ - UINT16 dataSize, digestSize; - BYTE marshalBuffer[sizeof(TPMS_NV_PUBLIC)]; - BYTE *buffer; - HASH_STATE hashState; -// - // Marshal public area - buffer = marshalBuffer; - dataSize = TPMS_NV_PUBLIC_Marshal(&nvIndex->publicArea, &buffer, NULL); - - // hash public area - digestSize = CryptHashStart(&hashState, nvIndex->publicArea.nameAlg); - CryptDigestUpdate(&hashState, dataSize, marshalBuffer); - - // Complete digest leaving room for the nameAlg - CryptHashEnd(&hashState, digestSize, &name->b.buffer[2]); - - // Include the nameAlg - UINT16_TO_BYTE_ARRAY(nvIndex->publicArea.nameAlg, name->b.buffer); - name->t.size = digestSize + 2; - return name; -} - -//*** NvGetNameByIndexHandle() -// This function is used to compute the Name of an NV Index referenced by handle. -// -// The 'name' buffer receives the bytes of the Name and the return value -// is the number of octets in the Name. -// -// This function requires that the NV Index is defined. -TPM2B_NAME * -NvGetNameByIndexHandle( - TPMI_RH_NV_INDEX handle, // IN: handle of the index - TPM2B_NAME *name // OUT: name of the index - ) -{ - NV_INDEX *nvIndex = NvGetIndexInfo(handle, NULL); -// - return NvGetIndexName(nvIndex, name); -} - -//*** NvDefineIndex() -// This function is used to assign NV memory to an NV Index. -// -// Return Type: TPM_RC -// TPM_RC_NV_SPACE insufficient NV space -TPM_RC -NvDefineIndex( - TPMS_NV_PUBLIC *publicArea, // IN: A template for an area to create. - TPM2B_AUTH *authValue // IN: The initial authorization value - ) -{ - // The buffer to be written to NV memory - NV_INDEX nvIndex; // the index data - UINT16 entrySize; // size of entry - TPM_RC result; -// - entrySize = sizeof(NV_INDEX); - - // only allocate data space for indexes that are going to be written to NV. - // Orderly indexes don't need space. - if(!IS_ATTRIBUTE(publicArea->attributes, TPMA_NV, ORDERLY)) - entrySize += publicArea->dataSize; - // Check if we have enough space to create the NV Index - // In this implementation, the only resource limitation is the available NV - // space (and possibly RAM space.) Other implementation may have other - // limitation on counter or on NV slots - if(!NvTestSpace(entrySize, TRUE, IsNvCounterIndex(publicArea->attributes))) - return TPM_RC_NV_SPACE; - - // if the index to be defined is RAM backed, check RAM space availability - // as well - if(IS_ATTRIBUTE(publicArea->attributes, TPMA_NV, ORDERLY) - && !NvRamTestSpaceIndex(publicArea->dataSize)) - return TPM_RC_NV_SPACE; - // Copy input value to nvBuffer - nvIndex.publicArea = *publicArea; - - // Copy the authValue - nvIndex.authValue = *authValue; - - // Add index to NV memory - result = NvAdd(entrySize, sizeof(NV_INDEX), TPM_RH_UNASSIGNED, - (BYTE *)&nvIndex); - if(result == TPM_RC_SUCCESS) - { - // If the data of NV Index is RAM backed, add the data area in RAM as well - if(IS_ATTRIBUTE(publicArea->attributes, TPMA_NV, ORDERLY)) - NvAddRAM(publicArea); - } - return result; -} - -//*** NvAddEvictObject() -// This function is used to assign NV memory to a persistent object. -// Return Type: TPM_RC -// TPM_RC_NV_HANDLE the requested handle is already in use -// TPM_RC_NV_SPACE insufficient NV space -TPM_RC -NvAddEvictObject( - TPMI_DH_OBJECT evictHandle, // IN: new evict handle - OBJECT *object // IN: object to be added - ) -{ - TPM_HANDLE temp = object->evictHandle; - TPM_RC result; -// - // Check if we have enough space to add the evict object - // An evict object needs 8 bytes in index table + sizeof OBJECT - // In this implementation, the only resource limitation is the available NV - // space. Other implementation may have other limitation on evict object - // handle space - if(!NvTestSpace(sizeof(OBJECT) + sizeof(TPM_HANDLE), FALSE, FALSE)) - return TPM_RC_NV_SPACE; - - // Set evict attribute and handle - object->attributes.evict = SET; - object->evictHandle = evictHandle; - - // Now put this in NV - result = NvAdd(sizeof(OBJECT), sizeof(OBJECT), evictHandle, (BYTE *)object); - - // Put things back the way they were - object->attributes.evict = CLEAR; - object->evictHandle = temp; - - return result; -} - -//*** NvDeleteIndex() -// This function is used to delete an NV Index. -// Return Type: TPM_RC -// TPM_RC_NV_UNAVAILABLE NV is not accessible -// TPM_RC_NV_RATE NV is rate limiting -TPM_RC -NvDeleteIndex( - NV_INDEX *nvIndex, // IN: an in RAM index descriptor - NV_REF entityAddr // IN: location in NV - ) -{ - TPM_RC result; -// - if(nvIndex != NULL) - { - // Whenever a counter is deleted, make sure that the MaxCounter value is - // updated to reflect the value - if(IsNvCounterIndex(nvIndex->publicArea.attributes) - && IS_ATTRIBUTE(nvIndex->publicArea.attributes, TPMA_NV, WRITTEN)) - NvUpdateMaxCount(NvGetUINT64Data(nvIndex, entityAddr)); - result = NvDelete(entityAddr); - if(result != TPM_RC_SUCCESS) - return result; - // If the NV Index is RAM backed, delete the RAM data as well - if(IS_ATTRIBUTE(nvIndex->publicArea.attributes, TPMA_NV, ORDERLY)) - NvDeleteRAM(nvIndex->publicArea.nvIndex); - NvIndexCacheInit(); - } - return TPM_RC_SUCCESS; -} - -//*** NvDeleteEvict() -// This function will delete a NV evict object. -// Will return success if object deleted or if it does not exist - -TPM_RC -NvDeleteEvict( - TPM_HANDLE handle // IN: handle of entity to be deleted - ) -{ - NV_REF entityAddr = NvFindEvict(handle, NULL); // pointer to entity - TPM_RC result = TPM_RC_SUCCESS; -// - if(entityAddr != 0) - result = NvDelete(entityAddr); - return result; -} - -//*** NvFlushHierarchy() -// This function will delete persistent objects belonging to the indicated hierarchy. -// If the storage hierarchy is selected, the function will also delete any -// NV Index defined using ownerAuth. -// Return Type: TPM_RC -// TPM_RC_NV_RATE NV is unavailable because of rate limit -// TPM_RC_NV_UNAVAILABLE NV is inaccessible -TPM_RC -NvFlushHierarchy( - TPMI_RH_HIERARCHY hierarchy // IN: hierarchy to be flushed. - ) -{ - NV_REF iter = NV_REF_INIT; - NV_REF currentAddr; - TPM_HANDLE entityHandle; - TPM_RC result = TPM_RC_SUCCESS; -// - while((currentAddr = NvNext(&iter, &entityHandle)) != 0) - { - if(HandleGetType(entityHandle) == TPM_HT_NV_INDEX) - { - NV_INDEX nvIndex; -// - // If flush endorsement or platform hierarchy, no NV Index would be - // flushed - if(hierarchy == TPM_RH_ENDORSEMENT || hierarchy == TPM_RH_PLATFORM) - continue; - // Get the index information - NvReadNvIndexInfo(currentAddr, &nvIndex); - - // For storage hierarchy, flush OwnerCreated index - if(!IS_ATTRIBUTE(nvIndex.publicArea.attributes, TPMA_NV, - PLATFORMCREATE)) - { - // Delete the index (including RAM for orderly) - result = NvDeleteIndex(&nvIndex, currentAddr); - if(result != TPM_RC_SUCCESS) - break; - // Re-iterate from beginning after a delete - iter = NV_REF_INIT; - } - } - else if(HandleGetType(entityHandle) == TPM_HT_PERSISTENT) - { - OBJECT_ATTRIBUTES attributes; -// - NvRead(&attributes, - (UINT32)(currentAddr - + sizeof(TPM_HANDLE) - + offsetof(OBJECT, attributes)), - sizeof(OBJECT_ATTRIBUTES)); - // If the evict object belongs to the hierarchy to be flushed... - if((hierarchy == TPM_RH_PLATFORM && attributes.ppsHierarchy == SET) - || (hierarchy == TPM_RH_OWNER && attributes.spsHierarchy == SET) - || (hierarchy == TPM_RH_ENDORSEMENT - && attributes.epsHierarchy == SET)) - { - // ...then delete the evict object - result = NvDelete(currentAddr); - if(result != TPM_RC_SUCCESS) - break; - // Re-iterate from beginning after a delete - iter = NV_REF_INIT; - } - } - else - { - FAIL(FATAL_ERROR_INTERNAL); - } - } - return result; -} - -//*** NvSetGlobalLock() -// This function is used to SET the TPMA_NV_WRITELOCKED attribute for all -// NV indexes that have TPMA_NV_GLOBALLOCK SET. This function is use by -// TPM2_NV_GlobalWriteLock(). -// Return Type: TPM_RC -// TPM_RC_NV_RATE NV is unavailable because of rate limit -// TPM_RC_NV_UNAVAILABLE NV is inaccessible -TPM_RC -NvSetGlobalLock( - void - ) -{ - NV_REF iter = NV_REF_INIT; - NV_RAM_REF ramIter = NV_RAM_REF_INIT; - NV_REF currentAddr; - NV_RAM_REF currentRamAddr; - TPM_RC result = TPM_RC_SUCCESS; -// - // Check all normal indexes - while((currentAddr = NvNextIndex(NULL, &iter)) != 0) - { - TPMA_NV attributes = NvReadNvIndexAttributes(currentAddr); -// - // See if it should be locked - if(!IS_ATTRIBUTE(attributes, TPMA_NV, ORDERLY) - && IS_ATTRIBUTE(attributes, TPMA_NV, GLOBALLOCK)) - { - SET_ATTRIBUTE(attributes, TPMA_NV, WRITELOCKED); - result = NvWriteNvIndexAttributes(currentAddr, attributes); - if(result != TPM_RC_SUCCESS) - return result; - } - } - // Now search all the orderly attributes - while((currentRamAddr = NvRamNext(&ramIter, NULL)) != 0) - { - // See if it should be locked - TPMA_NV attributes = NvReadRamIndexAttributes(currentRamAddr); - if(IS_ATTRIBUTE(attributes, TPMA_NV, GLOBALLOCK)) - { - SET_ATTRIBUTE(attributes, TPMA_NV, WRITELOCKED); - NvWriteRamIndexAttributes(currentRamAddr, attributes); - } - } - return result; -} - -//***InsertSort() -// Sort a handle into handle list in ascending order. The total handle number in -// the list should not exceed MAX_CAP_HANDLES -static void -InsertSort( - TPML_HANDLE *handleList, // IN/OUT: sorted handle list - UINT32 count, // IN: maximum count in the handle list - TPM_HANDLE entityHandle // IN: handle to be inserted - ) -{ - UINT32 i, j; - UINT32 originalCount; -// - // For a corner case that the maximum count is 0, do nothing - if(count == 0) - return; - // For empty list, add the handle at the beginning and return - if(handleList->count == 0) - { - handleList->handle[0] = entityHandle; - handleList->count++; - return; - } - // Check if the maximum of the list has been reached - originalCount = handleList->count; - if(originalCount < count) - handleList->count++; - // Insert the handle to the list - for(i = 0; i < originalCount; i++) - { - if(handleList->handle[i] > entityHandle) - { - for(j = handleList->count - 1; j > i; j--) - { - handleList->handle[j] = handleList->handle[j - 1]; - } - break; - } - } - // If a slot was found, insert the handle in this position - if(i < originalCount || handleList->count > originalCount) - handleList->handle[i] = entityHandle; - return; -} - -//*** NvCapGetPersistent() -// This function is used to get a list of handles of the persistent objects, -// starting at 'handle'. -// -// 'Handle' must be in valid persistent object handle range, but does not -// have to reference an existing persistent object. -// Return Type: TPMI_YES_NO -// YES if there are more handles available -// NO all the available handles has been returned -TPMI_YES_NO -NvCapGetPersistent( - TPMI_DH_OBJECT handle, // IN: start handle - UINT32 count, // IN: maximum number of returned handles - TPML_HANDLE *handleList // OUT: list of handle - ) -{ - TPMI_YES_NO more = NO; - NV_REF iter = NV_REF_INIT; - NV_REF currentAddr; - TPM_HANDLE entityHandle; -// - pAssert(HandleGetType(handle) == TPM_HT_PERSISTENT); - - // Initialize output handle list - handleList->count = 0; - - // The maximum count of handles we may return is MAX_CAP_HANDLES - if(count > MAX_CAP_HANDLES) count = MAX_CAP_HANDLES; - - while((currentAddr = NvNextEvict(&entityHandle, &iter)) != 0) - { - // Ignore persistent handles that have values less than the input handle - if(entityHandle < handle) - continue; - // if the handles in the list have reached the requested count, and there - // are still handles need to be inserted, indicate that there are more. - if(handleList->count == count) - more = YES; - // A handle with a value larger than start handle is a candidate - // for return. Insert sort it to the return list. Insert sort algorithm - // is chosen here for simplicity based on the assumption that the total - // number of NV indexes is small. For an implementation that may allow - // large number of NV indexes, a more efficient sorting algorithm may be - // used here. - InsertSort(handleList, count, entityHandle); - } - return more; -} - -//*** NvCapGetIndex() -// This function returns a list of handles of NV indexes, starting from 'handle'. -// 'Handle' must be in the range of NV indexes, but does not have to reference -// an existing NV Index. -// Return Type: TPMI_YES_NO -// YES if there are more handles to report -// NO all the available handles has been reported -TPMI_YES_NO -NvCapGetIndex( - TPMI_DH_OBJECT handle, // IN: start handle - UINT32 count, // IN: max number of returned handles - TPML_HANDLE *handleList // OUT: list of handle - ) -{ - TPMI_YES_NO more = NO; - NV_REF iter = NV_REF_INIT; - NV_REF currentAddr; - TPM_HANDLE nvHandle; -// - pAssert(HandleGetType(handle) == TPM_HT_NV_INDEX); - - // Initialize output handle list - handleList->count = 0; - - // The maximum count of handles we may return is MAX_CAP_HANDLES - if(count > MAX_CAP_HANDLES) count = MAX_CAP_HANDLES; - - while((currentAddr = NvNextIndex(&nvHandle, &iter)) != 0) - { - // Ignore index handles that have values less than the 'handle' - if(nvHandle < handle) - continue; - // if the count of handles in the list has reached the requested count, - // and there are still handles to report, set more. - if(handleList->count == count) - more = YES; - // A handle with a value larger than start handle is a candidate - // for return. Insert sort it to the return list. Insert sort algorithm - // is chosen here for simplicity based on the assumption that the total - // number of NV indexes is small. For an implementation that may allow - // large number of NV indexes, a more efficient sorting algorithm may be - // used here. - InsertSort(handleList, count, nvHandle); - } - return more; -} - -//*** NvCapGetIndexNumber() -// This function returns the count of NV Indexes currently defined. -UINT32 -NvCapGetIndexNumber( - void - ) -{ - UINT32 num = 0; - NV_REF iter = NV_REF_INIT; -// - while(NvNextIndex(NULL, &iter) != 0) - num++; - return num; -} - -//*** NvCapGetPersistentNumber() -// Function returns the count of persistent objects currently in NV memory. -UINT32 -NvCapGetPersistentNumber( - void - ) -{ - UINT32 num = 0; - NV_REF iter = NV_REF_INIT; - TPM_HANDLE handle; -// - while(NvNextEvict(&handle, &iter) != 0) - num++; - return num; -} - -//*** NvCapGetPersistentAvail() -// This function returns an estimate of the number of additional persistent -// objects that could be loaded into NV memory. -UINT32 -NvCapGetPersistentAvail( - void - ) -{ - UINT32 availNVSpace; - UINT32 counterNum = NvCapGetCounterNumber(); - UINT32 reserved = sizeof(NV_LIST_TERMINATOR); -// - // Get the available space in NV storage - availNVSpace = NvGetFreeBytes(); - - if(counterNum < MIN_COUNTER_INDICES) - { - // Some space has to be reserved for counter objects. - reserved += (MIN_COUNTER_INDICES - counterNum) * NV_INDEX_COUNTER_SIZE; - if(reserved > availNVSpace) - availNVSpace = 0; - else - availNVSpace -= reserved; - } - return availNVSpace / NV_EVICT_OBJECT_SIZE; -} - -//*** NvCapGetCounterNumber() -// Get the number of defined NV Indexes that are counter indexes. -UINT32 -NvCapGetCounterNumber( - void - ) -{ - NV_REF iter = NV_REF_INIT; - NV_REF currentAddr; - UINT32 num = 0; -// - while((currentAddr = NvNextIndex(NULL, &iter)) != 0) - { - TPMA_NV attributes = NvReadNvIndexAttributes(currentAddr); - if(IsNvCounterIndex(attributes)) - num++; - } - return num; -} - -//*** NvSetStartupAttributes() -// Local function to set the attributes of an Index at TPM Reset and TPM Restart. -static TPMA_NV -NvSetStartupAttributes( - TPMA_NV attributes, // IN: attributes to change - STARTUP_TYPE type // IN: start up type - ) -{ - // Clear read lock - CLEAR_ATTRIBUTE(attributes, TPMA_NV, READLOCKED); - - // Will change a non counter index to the unwritten state if: - // a) TPMA_NV_CLEAR_STCLEAR is SET - // b) orderly and TPM Reset - if(!IsNvCounterIndex(attributes)) - { - if(IS_ATTRIBUTE(attributes, TPMA_NV, CLEAR_STCLEAR) - || (IS_ATTRIBUTE(attributes, TPMA_NV, ORDERLY) - && (type == SU_RESET))) - CLEAR_ATTRIBUTE(attributes, TPMA_NV, WRITTEN); - } - // Unlock any index that is not written or that does not have - // TPMA_NV_WRITEDEFINE SET. - if(!IS_ATTRIBUTE(attributes, TPMA_NV, WRITTEN) - || !IS_ATTRIBUTE(attributes, TPMA_NV, WRITEDEFINE)) - CLEAR_ATTRIBUTE(attributes, TPMA_NV, WRITELOCKED); - return attributes; -} - -//*** NvEntityStartup() -// This function is called at TPM_Startup(). If the startup completes -// a TPM Resume cycle, no action is taken. If the startup is a TPM Reset -// or a TPM Restart, then this function will: -// 1. clear read/write lock; -// 2. reset NV Index data that has TPMA_NV_CLEAR_STCLEAR SET; and -// 3. set the lower bits in orderly counters to 1 for a non-orderly startup -// -// It is a prerequisite that NV be available for writing before this -// function is called. -BOOL -NvEntityStartup( - STARTUP_TYPE type // IN: start up type - ) -{ - NV_REF iter = NV_REF_INIT; - NV_RAM_REF ramIter = NV_RAM_REF_INIT; - NV_REF currentAddr; // offset points to the current entity - NV_RAM_REF currentRamAddr; - TPM_HANDLE nvHandle; - TPMA_NV attributes; -// - // Restore RAM index data - NvRead(s_indexOrderlyRam, NV_INDEX_RAM_DATA, sizeof(s_indexOrderlyRam)); - - // Initialize the max NV counter value - NvSetMaxCount(NvGetMaxCount()); - - // If recovering from state save, do nothing else - if(type == SU_RESUME) - return TRUE; - // Iterate all the NV Index to clear the locks - while((currentAddr = NvNextIndex(&nvHandle, &iter)) != 0) - { - attributes = NvReadNvIndexAttributes(currentAddr); - - // If this is an orderly index, defer processing until loop below - if(IS_ATTRIBUTE(attributes, TPMA_NV, ORDERLY)) - continue; - // Set the attributes appropriate for this startup type - attributes = NvSetStartupAttributes(attributes, type); - NvWriteNvIndexAttributes(currentAddr, attributes); - } - // Iterate all the orderly indexes to clear the locks and initialize counters - while((currentRamAddr = NvRamNext(&ramIter, NULL)) != 0) - { - attributes = NvReadRamIndexAttributes(currentRamAddr); - - attributes = NvSetStartupAttributes(attributes, type); - - // update attributes in RAM - NvWriteRamIndexAttributes(currentRamAddr, attributes); - - // Set the lower bits in an orderly counter to 1 for a non-orderly startup - if(IsNvCounterIndex(attributes) - && (g_prevOrderlyState == SU_NONE_VALUE)) - { - UINT64 counter; -// - // Read the counter value last saved to NV. - counter = BYTE_ARRAY_TO_UINT64(currentRamAddr + sizeof(NV_RAM_HEADER)); - - // Set the lower bits of counter to 1's - counter |= MAX_ORDERLY_COUNT; - - // Write back to RAM - // NOTE: Do not want to force a write to NV here. The counter value will - // stay in RAM until the next shutdown or rollover. - UINT64_TO_BYTE_ARRAY(counter, currentRamAddr + sizeof(NV_RAM_HEADER)); - } - } - return TRUE; -} - -//*** NvCapGetCounterAvail() -// This function returns an estimate of the number of additional counter type -// NV indexes that can be defined. -UINT32 -NvCapGetCounterAvail( - void - ) -{ - UINT32 availNVSpace; - UINT32 availRAMSpace; - UINT32 persistentNum = NvCapGetPersistentNumber(); - UINT32 reserved = sizeof(NV_LIST_TERMINATOR); -// - // Get the available space in NV storage - availNVSpace = NvGetFreeBytes(); - - if(persistentNum < MIN_EVICT_OBJECTS) - { - // Some space has to be reserved for evict object. Adjust availNVSpace. - reserved += (MIN_EVICT_OBJECTS - persistentNum) * NV_EVICT_OBJECT_SIZE; - if(reserved > availNVSpace) - availNVSpace = 0; - else - availNVSpace -= reserved; - } - // Compute the available space in RAM - availRAMSpace = (int)(RAM_ORDERLY_END - NvRamGetEnd()); - - // Return the min of counter number in NV and in RAM - if(availNVSpace / NV_INDEX_COUNTER_SIZE - > availRAMSpace / NV_RAM_INDEX_COUNTER_SIZE) - return availRAMSpace / NV_RAM_INDEX_COUNTER_SIZE; - else - return availNVSpace / NV_INDEX_COUNTER_SIZE; -} - -//*** NvFindHandle() -// this function returns the offset in NV memory of the entity associated -// with the input handle. A value of zero indicates that handle does not -// exist reference an existing persistent object or defined NV Index. -NV_REF -NvFindHandle( - TPM_HANDLE handle - ) -{ - NV_REF addr; - NV_REF iter = NV_REF_INIT; - TPM_HANDLE nextHandle; -// - while((addr = NvNext(&iter, &nextHandle)) != 0) - { - if(nextHandle == handle) - break; - } - return addr; -} - -//** NV Max Counter -//*** Introduction -// The TPM keeps track of the highest value of a deleted counter index. When an -// index is deleted, this value is updated if the deleted counter index is greater -// than the previous value. When a new index is created and first incremented, it -// will get a value that is at least one greater than any other index than any -// previously deleted index. This insures that it is not possible to roll back an -// index. -// -// The highest counter value is keep in NV in a special end-of-list marker. This -// marker is only updated when an index is deleted. Otherwise it just moves. -// -// When the TPM starts up, it searches NV for the end of list marker and initializes -// an in memory value (s_maxCounter). - -//*** NvReadMaxCount() -// This function returns the max NV counter value. -// -UINT64 -NvReadMaxCount( - void - ) -{ - return s_maxCounter; -} - -//*** NvUpdateMaxCount() -// This function updates the max counter value to NV memory. This is just staging -// for the actual write that will occur when the NV index memory is modified. -// -void -NvUpdateMaxCount( - UINT64 count - ) -{ - if(count > s_maxCounter) - s_maxCounter = count; -} - -//*** NvSetMaxCount() -// This function is used at NV initialization time to set the initial value of -// the maximum counter. -void -NvSetMaxCount( - UINT64 value - ) -{ - s_maxCounter = value; -} - -//*** NvGetMaxCount() -// Function to get the NV max counter value from the end-of-list marker -UINT64 -NvGetMaxCount( - void - ) -{ - NV_REF iter = NV_REF_INIT; - NV_REF currentAddr; - UINT64 maxCount; -// - // Find the end of list marker and initialize the NV Max Counter value. - while((currentAddr = NvNext(&iter, NULL )) != 0); - // 'iter' should be pointing at the end of list marker so read in the current - // value of the s_maxCounter. - NvRead(&maxCount, iter + sizeof(UINT32), sizeof(maxCount)); - - return maxCount; -} diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/NvReserved.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/NvReserved.c deleted file mode 100644 index 41a789512..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/NvReserved.c +++ /dev/null @@ -1,263 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Introduction - -// The NV memory is divided into two areas: dynamic space for user defined NV -// Indices and evict objects, and reserved space for TPM persistent and state save -// data. -// -// The entries in dynamic space are a linked list of entries. Each entry has, as its -// first field, a size. If the size field is zero, it marks the end of the -// list. -// -// An allocation of an Index or evict object may use almost all of the remaining -// NV space such that the size field will not fit. The functions that search the -// list are aware of this and will terminate the search if they either find a zero -// size or recognize that there is insufficient space for the size field. -// -// An Index allocation will contain an NV_INDEX structure. If the Index does not -// have the orderly attribute, the NV_INDEX is followed immediately by the NV data. -// -// An evict object entry contains a handle followed by an OBJECT structure. This -// results in both the Index and Evict Object having an identifying handle as the -// first field following the size field. -// -// When an Index has the orderly attribute, the data is kept in RAM. This RAM is -// saved to backing store in NV memory on any orderly shutdown. The entries in -// orderly memory are also a linked list using a size field as the first entry. As -// with the NV memory, the list is terminated by a zero size field or when the last -// entry leaves insufficient space for the terminating size field. -// -// The attributes of an orderly index are maintained in RAM memory in order to -// reduce the number of NV writes needed for orderly data. When an orderly index -// is created, an entry is made in the dynamic NV memory space that holds the Index -// authorizations (authPolicy and authValue) and the size of the data. This entry is -// only modified if the authValue of the index is changed. The more volatile data -// of the index is kept in RAM. When an orderly Index is created or deleted, the -// RAM data is copied to NV backing store so that the image in the backing store -// matches the layout of RAM. In normal operation. The RAM data is also copied on -// any orderly shutdown. In normal operation, the only other reason for writing -// to the backing store for RAM is when a counter is first written (TPMA_NV_WRITTEN -// changes from CLEAR to SET) or when a counter "rolls over." -// -// Static space contains items that are individually modifiable. The values are in -// the 'gp' PERSISTEND_DATA structure in RAM and mapped to locations in NV. -// - -//** Includes, Defines -#define NV_C -#include "Tpm.h" - -//************************************************ -//** Functions -//************************************************ - - -//*** NvInitStatic() -// This function initializes the static variables used in the NV subsystem. -static void -NvInitStatic( - void - ) -{ - // In some implementations, the end of NV is variable and is set at boot time. - // This value will be the same for each boot, but is not necessarily known - // at compile time. - s_evictNvEnd = (NV_REF)NV_MEMORY_SIZE; - return; -} - -//*** NvCheckState() -// Function to check the NV state by accessing the platform-specific function -// to get the NV state. The result state is registered in s_NvIsAvailable -// that will be reported by NvIsAvailable. -// -// This function is called at the beginning of ExecuteCommand before any potential -// check of g_NvStatus. -void -NvCheckState( - void - ) -{ - int func_return; -// - func_return = _plat__IsNvAvailable(); - if(func_return == 0) - g_NvStatus = TPM_RC_SUCCESS; - else if(func_return == 1) - g_NvStatus = TPM_RC_NV_UNAVAILABLE; - else - g_NvStatus = TPM_RC_NV_RATE; - return; -} - -//*** NvCommit -// This is a wrapper for the platform function to commit pending NV writes. -BOOL -NvCommit( - void - ) -{ - return (_plat__NvCommit() == 0); -} - -//*** NvPowerOn() -// This function is called at _TPM_Init to initialize the NV environment. -// Return Type: BOOL -// TRUE(1) all NV was initialized -// FALSE(0) the NV containing saved state had an error and -// TPM2_Startup(CLEAR) is required -BOOL -NvPowerOn( - void - ) -{ - int nvError = 0; - // If power was lost, need to re-establish the RAM data that is loaded from - // NV and initialize the static variables - if(g_powerWasLost) - { - if((nvError = _plat__NVEnable(0)) < 0) - FAIL(FATAL_ERROR_NV_UNRECOVERABLE); - NvInitStatic(); - } - return nvError == 0; -} - -//*** NvManufacture() -// This function initializes the NV system at pre-install time. -// -// This function should only be called in a manufacturing environment or in a -// simulation. -// -// The layout of NV memory space is an implementation choice. -void -NvManufacture( - void - ) -{ -#if SIMULATION - // Simulate the NV memory being in the erased state. - _plat__NvMemoryClear(0, NV_MEMORY_SIZE); -#endif - // Initialize static variables - NvInitStatic(); - // Clear the RAM used for Orderly Index data - MemorySet(s_indexOrderlyRam, 0, RAM_INDEX_SPACE); - // Write that Orderly Index data to NV - NvUpdateIndexOrderlyData(); - // Initialize the next offset of the first entry in evict/index list to 0 (the - // end of list marker) and the initial s_maxCounterValue; - NvSetMaxCount(0); - // Put the end of list marker at the end of memory. This contains the MaxCount - // value as well as the end marker. - NvWriteNvListEnd(NV_USER_DYNAMIC); - return; -} - -//*** NvRead() -// This function is used to move reserved data from NV memory to RAM. -void -NvRead( - void *outBuffer, // OUT: buffer to receive data - UINT32 nvOffset, // IN: offset in NV of value - UINT32 size // IN: size of the value to read - ) -{ - // Input type should be valid - pAssert(nvOffset + size < NV_MEMORY_SIZE); - _plat__NvMemoryRead(nvOffset, size, outBuffer); - return; -} - -//*** NvWrite() -// This function is used to post reserved data for writing to NV memory. Before -// the TPM completes the operation, the value will be written. -BOOL -NvWrite( - UINT32 nvOffset, // IN: location in NV to receive data - UINT32 size, // IN: size of the data to move - void *inBuffer // IN: location containing data to write - ) -{ - // Input type should be valid - if(nvOffset + size <= NV_MEMORY_SIZE) - { - // Set the flag that a NV write happened - SET_NV_UPDATE(UT_NV); - return _plat__NvMemoryWrite(nvOffset, size, inBuffer); - } - return FALSE; -} - -//*** NvUpdatePersistent() -// This function is used to update a value in the PERSISTENT_DATA structure and -// commits the value to NV. -void -NvUpdatePersistent( - UINT32 offset, // IN: location in PERMANENT_DATA to be updated - UINT32 size, // IN: size of the value - void *buffer // IN: the new data - ) -{ - pAssert(offset + size <= sizeof(gp)); - MemoryCopy(&gp + offset, buffer, size); - NvWrite(offset, size, buffer); -} - -//*** NvClearPersistent() -// This function is used to clear a persistent data entry and commit it to NV -void -NvClearPersistent( - UINT32 offset, // IN: the offset in the PERMANENT_DATA - // structure to be cleared (zeroed) - UINT32 size // IN: number of bytes to clear - ) -{ - pAssert(offset + size <= sizeof(gp)); - MemorySet((&gp) + offset, 0, size); - NvWrite(offset, size, (&gp) + offset); -} - -//*** NvReadPersistent() -// This function reads persistent data to the RAM copy of the 'gp' structure. -void -NvReadPersistent( - void - ) -{ - NvRead(&gp, NV_PERSISTENT_DATA, sizeof(gp)); - return; -} \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/Object.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/Object.c deleted file mode 100644 index 6fd037087..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/Object.c +++ /dev/null @@ -1,989 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Introduction -// This file contains the functions that manage the object store of the TPM. - -//** Includes and Data Definitions -#define OBJECT_C - -#include "Tpm.h" - -//** Functions - -//*** ObjectFlush() -// This function marks an object slot as available. -// Since there is no checking of the input parameters, it should be used -// judiciously. -// Note: This could be converted to a macro. -void -ObjectFlush( - OBJECT *object - ) -{ - object->attributes.occupied = CLEAR; -} - -//*** ObjectSetInUse() -// This access function sets the occupied attribute of an object slot. -void -ObjectSetInUse( - OBJECT *object - ) -{ - object->attributes.occupied = SET; -} - -//*** ObjectStartup() -// This function is called at TPM2_Startup() to initialize the object subsystem. -BOOL -ObjectStartup( - void - ) -{ - UINT32 i; -// - // object slots initialization - for(i = 0; i < MAX_LOADED_OBJECTS; i++) - { - //Set the slot to not occupied - ObjectFlush(&s_objects[i]); - } - return TRUE; -} - -//*** ObjectCleanupEvict() -// -// In this implementation, a persistent object is moved from NV into an object slot -// for processing. It is flushed after command execution. This function is called -// from ExecuteCommand(). -void -ObjectCleanupEvict( - void - ) -{ - UINT32 i; -// - // This has to be iterated because a command may have two handles - // and they may both be persistent. - // This could be made to be more efficient so that a search is not needed. - for(i = 0; i < MAX_LOADED_OBJECTS; i++) - { - // If an object is a temporary evict object, flush it from slot - OBJECT *object = &s_objects[i]; - if(object->attributes.evict == SET) - ObjectFlush(object); - } - return; -} - -//*** IsObjectPresent() -// This function checks to see if a transient handle references a loaded -// object. This routine should not be called if the handle is not a -// transient handle. The function validates that the handle is in the -// implementation-dependent allowed in range for loaded transient objects. -// Return Type: BOOL -// TRUE(1) handle references a loaded object -// FALSE(0) handle is not an object handle, or it does not -// reference to a loaded object -BOOL -IsObjectPresent( - TPMI_DH_OBJECT handle // IN: handle to be checked - ) -{ - UINT32 slotIndex = handle - TRANSIENT_FIRST; - // Since the handle is just an index into the array that is zero based, any - // handle value outsize of the range of: - // TRANSIENT_FIRST -- (TRANSIENT_FIRST + MAX_LOADED_OBJECT - 1) - // will now be greater than or equal to MAX_LOADED_OBJECTS - if(slotIndex >= MAX_LOADED_OBJECTS) - return FALSE; - // Indicate if the slot is occupied - return (s_objects[slotIndex].attributes.occupied == TRUE); -} - -//*** ObjectIsSequence() -// This function is used to check if the object is a sequence object. This function -// should not be called if the handle does not reference a loaded object. -// Return Type: BOOL -// TRUE(1) object is an HMAC, hash, or event sequence object -// FALSE(0) object is not an HMAC, hash, or event sequence object -BOOL -ObjectIsSequence( - OBJECT *object // IN: handle to be checked - ) -{ - pAssert(object != NULL); - return (object->attributes.hmacSeq == SET - || object->attributes.hashSeq == SET - || object->attributes.eventSeq == SET); -} - -//*** HandleToObject() -// This function is used to find the object structure associated with a handle. -// -// This function requires that 'handle' references a loaded object or a permanent -// handle. -OBJECT* -HandleToObject( - TPMI_DH_OBJECT handle // IN: handle of the object - ) -{ - UINT32 index; -// - // Return NULL if the handle references a permanent handle because there is no - // associated OBJECT. - if(HandleGetType(handle) == TPM_HT_PERMANENT) - return NULL; - // In this implementation, the handle is determined by the slot occupied by the - // object. - index = handle - TRANSIENT_FIRST; - pAssert(index < MAX_LOADED_OBJECTS); - pAssert(s_objects[index].attributes.occupied); - return &s_objects[index]; -} - - -//*** GetQualifiedName() -// This function returns the Qualified Name of the object. In this implementation, -// the Qualified Name is computed when the object is loaded and is saved in the -// internal representation of the object. The alternative would be to retain the -// Name of the parent and compute the QN when needed. This would take the same -// amount of space so it is not recommended that the alternate be used. -// -// This function requires that 'handle' references a loaded object. -void -GetQualifiedName( - TPMI_DH_OBJECT handle, // IN: handle of the object - TPM2B_NAME *qualifiedName // OUT: qualified name of the object - ) -{ - OBJECT *object; -// - switch(HandleGetType(handle)) - { - case TPM_HT_PERMANENT: - qualifiedName->t.size = sizeof(TPM_HANDLE); - UINT32_TO_BYTE_ARRAY(handle, qualifiedName->t.name); - break; - case TPM_HT_TRANSIENT: - object = HandleToObject(handle); - if(object == NULL || object->publicArea.nameAlg == TPM_ALG_NULL) - qualifiedName->t.size = 0; - else - // Copy the name - *qualifiedName = object->qualifiedName; - break; - default: - FAIL(FATAL_ERROR_INTERNAL); - } - return; -} - -//*** ObjectGetHierarchy() -// This function returns the handle for the hierarchy of an object. -TPMI_RH_HIERARCHY -ObjectGetHierarchy( - OBJECT *object // IN :object - ) -{ - if(object->attributes.spsHierarchy) - { - return TPM_RH_OWNER; - } - else if(object->attributes.epsHierarchy) - { - return TPM_RH_ENDORSEMENT; - } - else if(object->attributes.ppsHierarchy) - { - return TPM_RH_PLATFORM; - } - else - { - return TPM_RH_NULL; - } -} - -//*** GetHeriarchy() -// This function returns the handle of the hierarchy to which a handle belongs. -// This function is similar to ObjectGetHierarchy() but this routine takes -// a handle but ObjectGetHierarchy() takes an pointer to an object. -// -// This function requires that 'handle' references a loaded object. -TPMI_RH_HIERARCHY -GetHeriarchy( - TPMI_DH_OBJECT handle // IN :object handle - ) -{ - OBJECT *object = HandleToObject(handle); -// - return ObjectGetHierarchy(object); -} - -//*** FindEmptyObjectSlot() -// This function finds an open object slot, if any. It will clear the attributes -// but will not set the occupied attribute. This is so that a slot may be used -// and discarded if everything does not go as planned. -// Return Type: OBJECT * -// NULL no open slot found -// != NULL pointer to available slot -OBJECT * -FindEmptyObjectSlot( - TPMI_DH_OBJECT *handle // OUT: (optional) - ) -{ - UINT32 i; - OBJECT *object; -// - for(i = 0; i < MAX_LOADED_OBJECTS; i++) - { - object = &s_objects[i]; - if(object->attributes.occupied == CLEAR) - { - if(handle) - *handle = i + TRANSIENT_FIRST; - // Initialize the object attributes - MemorySet(&object->attributes, 0, sizeof(OBJECT_ATTRIBUTES)); - return object; - } - } - return NULL; -} - -//*** ObjectAllocateSlot() -// This function is used to allocate a slot in internal object array. -OBJECT * -ObjectAllocateSlot( - TPMI_DH_OBJECT *handle // OUT: handle of allocated object - ) -{ - OBJECT *object = FindEmptyObjectSlot(handle); -// - if(object != NULL) - { - // if found, mark as occupied - ObjectSetInUse(object); - } - return object; -} - -//*** ObjectSetLoadedAttributes() -// This function sets the internal attributes for a loaded object. It is called to -// finalize the OBJECT attributes (not the TPMA_OBJECT attributes) for a loaded -// object. -void -ObjectSetLoadedAttributes( - OBJECT *object, // IN: object attributes to finalize - TPM_HANDLE parentHandle // IN: the parent handle - ) -{ - OBJECT *parent = HandleToObject(parentHandle); - TPMA_OBJECT objectAttributes = object->publicArea.objectAttributes; -// - // Copy the stClear attribute from the public area. This could be overwritten - // if the parent has stClear SET - object->attributes.stClear = - IS_ATTRIBUTE(objectAttributes, TPMA_OBJECT, stClear); - // If parent handle is a permanent handle, it is a primary (unless it is NULL - if(parent == NULL) - { - object->attributes.primary = SET; - switch(parentHandle) - { - case TPM_RH_ENDORSEMENT: - object->attributes.epsHierarchy = SET; - break; - case TPM_RH_OWNER: - object->attributes.spsHierarchy = SET; - break; - case TPM_RH_PLATFORM: - object->attributes.ppsHierarchy = SET; - break; - default: - // Treat the temporary attribute as a hierarchy - object->attributes.temporary = SET; - object->attributes.primary = CLEAR; - break; - } - } - else - { - // is this a stClear object - object->attributes.stClear = - (IS_ATTRIBUTE(objectAttributes, TPMA_OBJECT, stClear) - || (parent->attributes.stClear == SET)); - object->attributes.epsHierarchy = parent->attributes.epsHierarchy; - object->attributes.spsHierarchy = parent->attributes.spsHierarchy; - object->attributes.ppsHierarchy = parent->attributes.ppsHierarchy; - // An object is temporary if its parent is temporary or if the object - // is external - object->attributes.temporary = parent->attributes.temporary - || object->attributes.external; - } - // If this is an external object, set the QN == name but don't SET other - // key properties ('parent' or 'derived') - if(object->attributes.external) - object->qualifiedName = object->name; - else - { - // check attributes for different types of parents - if(IS_ATTRIBUTE(objectAttributes, TPMA_OBJECT, restricted) - && !object->attributes.publicOnly - && IS_ATTRIBUTE(objectAttributes, TPMA_OBJECT, decrypt) - && object->publicArea.nameAlg != TPM_ALG_NULL) - { - // This is a parent. If it is not a KEYEDHASH, it is an ordinary parent. - // Otherwise, it is a derivation parent. - if(object->publicArea.type == TPM_ALG_KEYEDHASH) - object->attributes.derivation = SET; - else - object->attributes.isParent = SET; - } - ComputeQualifiedName(parentHandle, object->publicArea.nameAlg, - &object->name, &object->qualifiedName); - } - // Set slot occupied - ObjectSetInUse(object); - return; -} - -//*** ObjectLoad() -// Common function to load an object. A loaded object has its public area validated -// (unless its 'nameAlg' is TPM_ALG_NULL). If a sensitive part is loaded, it is -// verified to be correct and if both public and sensitive parts are loaded, then -// the cryptographic binding between the objects is validated. This function does -// not cause the allocated slot to be marked as in use. -TPM_RC -ObjectLoad( - OBJECT *object, // IN: pointer to object slot - // object - OBJECT *parent, // IN: (optional) the parent object - TPMT_PUBLIC *publicArea, // IN: public area to be installed in the object - TPMT_SENSITIVE *sensitive, // IN: (optional) sensitive area to be - // installed in the object - TPM_RC blamePublic, // IN: parameter number to associate with the - // publicArea errors - TPM_RC blameSensitive,// IN: parameter number to associate with the - // sensitive area errors - TPM2B_NAME *name // IN: (optional) -) -{ - TPM_RC result = TPM_RC_SUCCESS; -// -// Do validations of public area object descriptions - pAssert(publicArea != NULL); - - // Is this public only or a no-name object? - if(sensitive == NULL || publicArea->nameAlg == TPM_ALG_NULL) - { - // Need to have schemes checked so that we do the right thing with the - // public key. - result = SchemeChecks(NULL, publicArea); - } - else - { - // For any sensitive area, make sure that the seedSize is no larger than the - // digest size of nameAlg - if(sensitive->seedValue.t.size > CryptHashGetDigestSize(publicArea->nameAlg)) - return TPM_RCS_KEY_SIZE + blameSensitive; - // Check attributes and schemes for consistency - result = PublicAttributesValidation(parent, publicArea); - } - if(result != TPM_RC_SUCCESS) - return RcSafeAddToResult(result, blamePublic); - -// Sensitive area and binding checks - - // On load, check nothing if the parent is fixedTPM. For all other cases, validate - // the keys. - if((parent == NULL) - || ((parent != NULL) && !IS_ATTRIBUTE(parent->publicArea.objectAttributes, - TPMA_OBJECT, fixedTPM))) - { - // Do the cryptographic key validation - result = CryptValidateKeys(publicArea, sensitive, blamePublic, - blameSensitive); - if(result != TPM_RC_SUCCESS) - return result; - } -#if ALG_RSA - // If this is an RSA key, then expand the private exponent. - // Note: ObjectLoad() is only called by TPM2_Import() if the parent is fixedTPM. - // For any key that does not have a fixedTPM parent, the exponent is computed - // whenever it is loaded - if((publicArea->type == TPM_ALG_RSA) && (sensitive != NULL)) - { - result = CryptRsaLoadPrivateExponent(publicArea, sensitive); - if(result != TPM_RC_SUCCESS) - return result; - } -#endif // ALG_RSA - // See if there is an object to populate - if((result == TPM_RC_SUCCESS) && (object != NULL)) - { - // Initialize public - object->publicArea = *publicArea; - // Copy sensitive if there is one - if(sensitive == NULL) - object->attributes.publicOnly = SET; - else - object->sensitive = *sensitive; - // Set the name, if one was provided - if(name != NULL) - object->name = *name; - else - object->name.t.size = 0; - } - return result; -} - -//*** AllocateSequenceSlot() -// This function allocates a sequence slot and initializes the parts that -// are used by the normal objects so that a sequence object is not inadvertently -// used for an operation that is not appropriate for a sequence. -// -static HASH_OBJECT * -AllocateSequenceSlot( - TPM_HANDLE *newHandle, // OUT: receives the allocated handle - TPM2B_AUTH *auth // IN: the authValue for the slot - ) -{ - HASH_OBJECT *object = (HASH_OBJECT *)ObjectAllocateSlot(newHandle); -// - // Validate that the proper location of the hash state data relative to the - // object state data. It would be good if this could have been done at compile - // time but it can't so do it in something that can be removed after debug. - cAssert(offsetof(HASH_OBJECT, auth) == offsetof(OBJECT, publicArea.authPolicy)); - - if(object != NULL) - { - - // Set the common values that a sequence object shares with an ordinary object - // First, clear all attributes - MemorySet(&object->objectAttributes, 0, sizeof(TPMA_OBJECT)); - - // The type is TPM_ALG_NULL - object->type = TPM_ALG_NULL; - - // This has no name algorithm and the name is the Empty Buffer - object->nameAlg = TPM_ALG_NULL; - - // A sequence object is considered to be in the NULL hierarchy so it should - // be marked as temporary so that it can't be persisted - object->attributes.temporary = SET; - - // A sequence object is DA exempt. - SET_ATTRIBUTE(object->objectAttributes, TPMA_OBJECT, noDA); - - // Copy the authorization value - if(auth != NULL) - object->auth = *auth; - else - object->auth.t.size = 0; - } - return object; -} - - -#if CC_HMAC_Start || CC_MAC_Start -//*** ObjectCreateHMACSequence() -// This function creates an internal HMAC sequence object. -// Return Type: TPM_RC -// TPM_RC_OBJECT_MEMORY if there is no free slot for an object -TPM_RC -ObjectCreateHMACSequence( - TPMI_ALG_HASH hashAlg, // IN: hash algorithm - OBJECT *keyObject, // IN: the object containing the HMAC key - TPM2B_AUTH *auth, // IN: authValue - TPMI_DH_OBJECT *newHandle // OUT: HMAC sequence object handle - ) -{ - HASH_OBJECT *hmacObject; -// - // Try to allocate a slot for new object - hmacObject = AllocateSequenceSlot(newHandle, auth); - - if(hmacObject == NULL) - return TPM_RC_OBJECT_MEMORY; - // Set HMAC sequence bit - hmacObject->attributes.hmacSeq = SET; - -#if !SMAC_IMPLEMENTED - if(CryptHmacStart(&hmacObject->state.hmacState, hashAlg, - keyObject->sensitive.sensitive.bits.b.size, - keyObject->sensitive.sensitive.bits.b.buffer) == 0) -#else - if(CryptMacStart(&hmacObject->state.hmacState, - &keyObject->publicArea.parameters, - hashAlg, &keyObject->sensitive.sensitive.any.b) == 0) -#endif // SMAC_IMPLEMENTED - return TPM_RC_FAILURE; - return TPM_RC_SUCCESS; -} -#endif - -//*** ObjectCreateHashSequence() -// This function creates a hash sequence object. -// Return Type: TPM_RC -// TPM_RC_OBJECT_MEMORY if there is no free slot for an object -TPM_RC -ObjectCreateHashSequence( - TPMI_ALG_HASH hashAlg, // IN: hash algorithm - TPM2B_AUTH *auth, // IN: authValue - TPMI_DH_OBJECT *newHandle // OUT: sequence object handle - ) -{ - HASH_OBJECT *hashObject = AllocateSequenceSlot(newHandle, auth); -// - // See if slot allocated - if(hashObject == NULL) - return TPM_RC_OBJECT_MEMORY; - // Set hash sequence bit - hashObject->attributes.hashSeq = SET; - - // Start hash for hash sequence - CryptHashStart(&hashObject->state.hashState[0], hashAlg); - - return TPM_RC_SUCCESS; -} - -//*** ObjectCreateEventSequence() -// This function creates an event sequence object. -// Return Type: TPM_RC -// TPM_RC_OBJECT_MEMORY if there is no free slot for an object -TPM_RC -ObjectCreateEventSequence( - TPM2B_AUTH *auth, // IN: authValue - TPMI_DH_OBJECT *newHandle // OUT: sequence object handle - ) -{ - HASH_OBJECT *hashObject = AllocateSequenceSlot(newHandle, auth); - UINT32 count; - TPM_ALG_ID hash; -// - // See if slot allocated - if(hashObject == NULL) - return TPM_RC_OBJECT_MEMORY; - // Set the event sequence attribute - hashObject->attributes.eventSeq = SET; - - // Initialize hash states for each implemented PCR algorithms - for(count = 0; (hash = CryptHashGetAlgByIndex(count)) != TPM_ALG_NULL; count++) - CryptHashStart(&hashObject->state.hashState[count], hash); - return TPM_RC_SUCCESS; -} - -//*** ObjectTerminateEvent() -// This function is called to close out the event sequence and clean up the hash -// context states. -void -ObjectTerminateEvent( - void - ) -{ - HASH_OBJECT *hashObject; - int count; - BYTE buffer[MAX_DIGEST_SIZE]; -// - hashObject = (HASH_OBJECT *)HandleToObject(g_DRTMHandle); - - // Don't assume that this is a proper sequence object - if(hashObject->attributes.eventSeq) - { - // If it is, close any open hash contexts. This is done in case - // the cryptographic implementation has some context values that need to be - // cleaned up (hygiene). - // - for(count = 0; CryptHashGetAlgByIndex(count) != TPM_ALG_NULL; count++) - { - CryptHashEnd(&hashObject->state.hashState[count], 0, buffer); - } - // Flush sequence object - FlushObject(g_DRTMHandle); - } - g_DRTMHandle = TPM_RH_UNASSIGNED; -} - -//*** ObjectContextLoad() -// This function loads an object from a saved object context. -// Return Type: OBJECT * -// NULL if there is no free slot for an object -// != NULL points to the loaded object -OBJECT * -ObjectContextLoad( - ANY_OBJECT_BUFFER *object, // IN: pointer to object structure in saved - // context - TPMI_DH_OBJECT *handle // OUT: object handle - ) -{ - OBJECT *newObject = ObjectAllocateSlot(handle); -// - // Try to allocate a slot for new object - if(newObject != NULL) - { - // Copy the first part of the object - MemoryCopy(newObject, object, offsetof(HASH_OBJECT, state)); - // See if this is a sequence object - if(ObjectIsSequence(newObject)) - { - // If this is a sequence object, import the data - SequenceDataImport((HASH_OBJECT *)newObject, - (HASH_OBJECT_BUFFER *)object); - } - else - { - // Copy input object data to internal structure - MemoryCopy(newObject, object, sizeof(OBJECT)); - } - } - return newObject; -} - -//*** FlushObject() -// This function frees an object slot. -// -// This function requires that the object is loaded. -void -FlushObject( - TPMI_DH_OBJECT handle // IN: handle to be freed - ) -{ - UINT32 index = handle - TRANSIENT_FIRST; -// - pAssert(index < MAX_LOADED_OBJECTS); - // Clear all the object attributes - MemorySet((BYTE*)&(s_objects[index].attributes), - 0, sizeof(OBJECT_ATTRIBUTES)); - return; -} - -//*** ObjectFlushHierarchy() -// This function is called to flush all the loaded transient objects associated -// with a hierarchy when the hierarchy is disabled. -void -ObjectFlushHierarchy( - TPMI_RH_HIERARCHY hierarchy // IN: hierarchy to be flush - ) -{ - UINT16 i; -// - // iterate object slots - for(i = 0; i < MAX_LOADED_OBJECTS; i++) - { - if(s_objects[i].attributes.occupied) // If found an occupied slot - { - switch(hierarchy) - { - case TPM_RH_PLATFORM: - if(s_objects[i].attributes.ppsHierarchy == SET) - s_objects[i].attributes.occupied = FALSE; - break; - case TPM_RH_OWNER: - if(s_objects[i].attributes.spsHierarchy == SET) - s_objects[i].attributes.occupied = FALSE; - break; - case TPM_RH_ENDORSEMENT: - if(s_objects[i].attributes.epsHierarchy == SET) - s_objects[i].attributes.occupied = FALSE; - break; - default: - FAIL(FATAL_ERROR_INTERNAL); - break; - } - } - } - - return; -} - -//*** ObjectLoadEvict() -// This function loads a persistent object into a transient object slot. -// -// This function requires that 'handle' is associated with a persistent object. -// Return Type: TPM_RC -// TPM_RC_HANDLE the persistent object does not exist -// or the associated hierarchy is disabled. -// TPM_RC_OBJECT_MEMORY no object slot -TPM_RC -ObjectLoadEvict( - TPM_HANDLE *handle, // IN:OUT: evict object handle. If success, it - // will be replace by the loaded object handle - COMMAND_INDEX commandIndex // IN: the command being processed - ) -{ - TPM_RC result; - TPM_HANDLE evictHandle = *handle; // Save the evict handle - OBJECT *object; -// - // If this is an index that references a persistent object created by - // the platform, then return TPM_RH_HANDLE if the phEnable is FALSE - if(*handle >= PLATFORM_PERSISTENT) - { - // belongs to platform - if(g_phEnable == CLEAR) - return TPM_RC_HANDLE; - } - // belongs to owner - else if(gc.shEnable == CLEAR) - return TPM_RC_HANDLE; - // Try to allocate a slot for an object - object = ObjectAllocateSlot(handle); - if(object == NULL) - return TPM_RC_OBJECT_MEMORY; - // Copy persistent object to transient object slot. A TPM_RC_HANDLE - // may be returned at this point. This will mark the slot as containing - // a transient object so that it will be flushed at the end of the - // command - result = NvGetEvictObject(evictHandle, object); - - // Bail out if this failed - if(result != TPM_RC_SUCCESS) - return result; - // check the object to see if it is in the endorsement hierarchy - // if it is and this is not a TPM2_EvictControl() command, indicate - // that the hierarchy is disabled. - // If the associated hierarchy is disabled, make it look like the - // handle is not defined - if(ObjectGetHierarchy(object) == TPM_RH_ENDORSEMENT - && gc.ehEnable == CLEAR - && GetCommandCode(commandIndex) != TPM_CC_EvictControl) - return TPM_RC_HANDLE; - - return result; -} - -//*** ObjectComputeName() -// This does the name computation from a public area (can be marshaled or not). -TPM2B_NAME * -ObjectComputeName( - UINT32 size, // IN: the size of the area to digest - BYTE *publicArea, // IN: the public area to digest - TPM_ALG_ID nameAlg, // IN: the hash algorithm to use - TPM2B_NAME *name // OUT: Computed name - ) -{ - // Hash the publicArea into the name buffer leaving room for the nameAlg - name->t.size = CryptHashBlock(nameAlg, size, publicArea, - sizeof(name->t.name) - 2, - &name->t.name[2]); - // set the nameAlg - UINT16_TO_BYTE_ARRAY(nameAlg, name->t.name); - name->t.size += 2; - return name; -} - -//*** PublicMarshalAndComputeName() -// This function computes the Name of an object from its public area. -TPM2B_NAME * -PublicMarshalAndComputeName( - TPMT_PUBLIC *publicArea, // IN: public area of an object - TPM2B_NAME *name // OUT: name of the object - ) -{ - // Will marshal a public area into a template. This is because the internal - // format for a TPM2B_PUBLIC is a structure and not a simple BYTE buffer. - TPM2B_TEMPLATE marshaled; // this is big enough to hold a - // marshaled TPMT_PUBLIC - BYTE *buffer = (BYTE *)&marshaled.t.buffer; -// - // if the nameAlg is NULL then there is no name. - if(publicArea->nameAlg == TPM_ALG_NULL) - name->t.size = 0; - else - { - // Marshal the public area into its canonical form - marshaled.t.size = TPMT_PUBLIC_Marshal(publicArea, &buffer, NULL); - // and compute the name - ObjectComputeName(marshaled.t.size, marshaled.t.buffer, - publicArea->nameAlg, name); - } - return name; -} - -//*** ComputeQualifiedName() -// This function computes the qualified name of an object. -void -ComputeQualifiedName( - TPM_HANDLE parentHandle, // IN: parent's handle - TPM_ALG_ID nameAlg, // IN: name hash - TPM2B_NAME *name, // IN: name of the object - TPM2B_NAME *qualifiedName // OUT: qualified name of the object - ) -{ - HASH_STATE hashState; // hash state - TPM2B_NAME parentName; -// - if(parentHandle == TPM_RH_UNASSIGNED) - { - MemoryCopy2B(&qualifiedName->b, &name->b, sizeof(qualifiedName->t.name)); - *qualifiedName = *name; - } - else - { - GetQualifiedName(parentHandle, &parentName); - - // QN_A = hash_A (QN of parent || NAME_A) - - // Start hash - qualifiedName->t.size = CryptHashStart(&hashState, nameAlg); - - // Add parent's qualified name - CryptDigestUpdate2B(&hashState, &parentName.b); - - // Add self name - CryptDigestUpdate2B(&hashState, &name->b); - - // Complete hash leaving room for the name algorithm - CryptHashEnd(&hashState, qualifiedName->t.size, - &qualifiedName->t.name[2]); - UINT16_TO_BYTE_ARRAY(nameAlg, qualifiedName->t.name); - qualifiedName->t.size += 2; - } - return; -} - -//*** ObjectIsStorage() -// This function determines if an object has the attributes associated -// with a parent. A parent is an asymmetric or symmetric block cipher key -// that has its 'restricted' and 'decrypt' attributes SET, and 'sign' CLEAR. -// Return Type: BOOL -// TRUE(1) object is a storage key -// FALSE(0) object is not a storage key -BOOL -ObjectIsStorage( - TPMI_DH_OBJECT handle // IN: object handle - ) -{ - OBJECT *object = HandleToObject(handle); - TPMT_PUBLIC *publicArea = ((object != NULL) ? &object->publicArea : NULL); -// - return (publicArea != NULL - && IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, restricted) - && IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, decrypt) - && !IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, sign) - && (object->publicArea.type == ALG_RSA_VALUE - || object->publicArea.type == ALG_ECC_VALUE)); -} - -//*** ObjectCapGetLoaded() -// This function returns a a list of handles of loaded object, starting from -// 'handle'. 'Handle' must be in the range of valid transient object handles, -// but does not have to be the handle of a loaded transient object. -// Return Type: TPMI_YES_NO -// YES if there are more handles available -// NO all the available handles has been returned -TPMI_YES_NO -ObjectCapGetLoaded( - TPMI_DH_OBJECT handle, // IN: start handle - UINT32 count, // IN: count of returned handles - TPML_HANDLE *handleList // OUT: list of handle - ) -{ - TPMI_YES_NO more = NO; - UINT32 i; -// - pAssert(HandleGetType(handle) == TPM_HT_TRANSIENT); - - // Initialize output handle list - handleList->count = 0; - - // The maximum count of handles we may return is MAX_CAP_HANDLES - if(count > MAX_CAP_HANDLES) count = MAX_CAP_HANDLES; - - // Iterate object slots to get loaded object handles - for(i = handle - TRANSIENT_FIRST; i < MAX_LOADED_OBJECTS; i++) - { - if(s_objects[i].attributes.occupied == TRUE) - { - // A valid transient object can not be the copy of a persistent object - pAssert(s_objects[i].attributes.evict == CLEAR); - - if(handleList->count < count) - { - // If we have not filled up the return list, add this object - // handle to it - handleList->handle[handleList->count] = i + TRANSIENT_FIRST; - handleList->count++; - } - else - { - // If the return list is full but we still have loaded object - // available, report this and stop iterating - more = YES; - break; - } - } - } - - return more; -} - -//*** ObjectCapGetTransientAvail() -// This function returns an estimate of the number of additional transient -// objects that could be loaded into the TPM. -UINT32 -ObjectCapGetTransientAvail( - void - ) -{ - UINT32 i; - UINT32 num = 0; -// - // Iterate object slot to get the number of unoccupied slots - for(i = 0; i < MAX_LOADED_OBJECTS; i++) - { - if(s_objects[i].attributes.occupied == FALSE) num++; - } - - return num; -} - -//*** ObjectGetPublicAttributes() -// Returns the attributes associated with an object handles. -TPMA_OBJECT -ObjectGetPublicAttributes( - TPM_HANDLE handle - ) -{ - return HandleToObject(handle)->publicArea.objectAttributes; -} - -OBJECT_ATTRIBUTES -ObjectGetProperties( - TPM_HANDLE handle - ) -{ - return HandleToObject(handle)->attributes; -} \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/PCR.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/PCR.c deleted file mode 100644 index 10a096878..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/PCR.c +++ /dev/null @@ -1,1314 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Introduction -// -// This function contains the functions needed for PCR access and manipulation. -// -// This implementation uses a static allocation for the PCR. The amount of -// memory is allocated based on the number of PCR in the implementation and -// the number of implemented hash algorithms. This is not the expected -// implementation. PCR SPACE DEFINITIONS. -// -// In the definitions below, the g_hashPcrMap is a bit array that indicates -// which of the PCR are implemented. The g_hashPcr array is an array of digests. -// In this implementation, the space is allocated whether the PCR is implemented -// or not. - -//** Includes, Defines, and Data Definitions -#define PCR_C -#include "Tpm.h" - -// The initial value of PCR attributes. The value of these fields should be -// consistent with PC Client specification -// In this implementation, we assume the total number of implemented PCR is 24. -static const PCR_Attributes s_initAttributes[] = -{ - // PCR 0 - 15, static RTM - {1, 0, 0x1F}, {1, 0, 0x1F}, {1, 0, 0x1F}, {1, 0, 0x1F}, - {1, 0, 0x1F}, {1, 0, 0x1F}, {1, 0, 0x1F}, {1, 0, 0x1F}, - {1, 0, 0x1F}, {1, 0, 0x1F}, {1, 0, 0x1F}, {1, 0, 0x1F}, - {1, 0, 0x1F}, {1, 0, 0x1F}, {1, 0, 0x1F}, {1, 0, 0x1F}, - - {0, 0x0F, 0x1F}, // PCR 16, Debug - {0, 0x10, 0x1C}, // PCR 17, Locality 4 - {0, 0x10, 0x1C}, // PCR 18, Locality 3 - {0, 0x10, 0x0C}, // PCR 19, Locality 2 - {0, 0x14, 0x0E}, // PCR 20, Locality 1 - {0, 0x14, 0x04}, // PCR 21, Dynamic OS - {0, 0x14, 0x04}, // PCR 22, Dynamic OS - {0, 0x0F, 0x1F}, // PCR 23, Application specific - {0, 0x0F, 0x1F} // PCR 24, testing policy -}; - -//** Functions - -//*** PCRBelongsAuthGroup() -// This function indicates if a PCR belongs to a group that requires an authValue -// in order to modify the PCR. If it does, 'groupIndex' is set to value of -// the group index. This feature of PCR is decided by the platform specification. -// Return Type: BOOL -// TRUE(1) PCR belongs an authorization group -// FALSE(0) PCR does not belong an authorization group -BOOL -PCRBelongsAuthGroup( - TPMI_DH_PCR handle, // IN: handle of PCR - UINT32 *groupIndex // OUT: group index if PCR belongs a - // group that allows authValue. If PCR - // does not belong to an authorization - // group, the value in this parameter is - // invalid - ) -{ -#if defined NUM_AUTHVALUE_PCR_GROUP && NUM_AUTHVALUE_PCR_GROUP > 0 - // Platform specification determines to which authorization group a PCR belongs - // (if any). In this implementation, we assume there is only - // one authorization group which contains PCR[20-22]. If the platform - // specification requires differently, the implementation should be changed - // accordingly - if(handle >= 20 && handle <= 22) - { - *groupIndex = 0; - return TRUE; - } - -#endif - return FALSE; -} - -//*** PCRBelongsPolicyGroup() -// This function indicates if a PCR belongs to a group that requires a policy -// authorization in order to modify the PCR. If it does, 'groupIndex' is set -// to value of the group index. This feature of PCR is decided by the platform -// specification. -// Return Type: BOOL -// TRUE(1) PCR belongs a policy group -// FALSE(0) PCR does not belong a policy group -BOOL -PCRBelongsPolicyGroup( - TPMI_DH_PCR handle, // IN: handle of PCR - UINT32 *groupIndex // OUT: group index if PCR belongs a group that - // allows policy. If PCR does not belong to - // a policy group, the value in this - // parameter is invalid - ) -{ -#if defined NUM_POLICY_PCR_GROUP && NUM_POLICY_PCR_GROUP > 0 - // Platform specification decides if a PCR belongs to a policy group and - // belongs to which group. In this implementation, we assume there is only - // one policy group which contains PCR20-22. If the platform specification - // requires differently, the implementation should be changed accordingly - if(handle >= 20 && handle <= 22) - { - *groupIndex = 0; - return TRUE; - } -#endif - return FALSE; -} - -//*** PCRBelongsTCBGroup() -// This function indicates if a PCR belongs to the TCB group. -// Return Type: BOOL -// TRUE(1) PCR belongs to TCB group -// FALSE(0) PCR does not belong to TCB group -static BOOL -PCRBelongsTCBGroup( - TPMI_DH_PCR handle // IN: handle of PCR - ) -{ -#if ENABLE_PCR_NO_INCREMENT == YES - // Platform specification decides if a PCR belongs to a TCB group. In this - // implementation, we assume PCR[20-22] belong to TCB group. If the platform - // specification requires differently, the implementation should be - // changed accordingly - if(handle >= 20 && handle <= 22) - return TRUE; - -#endif - return FALSE; -} - -//*** PCRPolicyIsAvailable() -// This function indicates if a policy is available for a PCR. -// Return Type: BOOL -// TRUE(1) the PCR should be authorized by policy -// FALSE(0) the PCR does not allow policy -BOOL -PCRPolicyIsAvailable( - TPMI_DH_PCR handle // IN: PCR handle - ) -{ - UINT32 groupIndex; - - return PCRBelongsPolicyGroup(handle, &groupIndex); -} - -//*** PCRGetAuthValue() -// This function is used to access the authValue of a PCR. If PCR does not -// belong to an authValue group, an EmptyAuth will be returned. -TPM2B_AUTH * -PCRGetAuthValue( - TPMI_DH_PCR handle // IN: PCR handle - ) -{ - UINT32 groupIndex; - - if(PCRBelongsAuthGroup(handle, &groupIndex)) - { - return &gc.pcrAuthValues.auth[groupIndex]; - } - else - { - return NULL; - } -} - -//*** PCRGetAuthPolicy() -// This function is used to access the authorization policy of a PCR. It sets -// 'policy' to the authorization policy and returns the hash algorithm for policy -// If the PCR does not allow a policy, TPM_ALG_NULL is returned. -TPMI_ALG_HASH -PCRGetAuthPolicy( - TPMI_DH_PCR handle, // IN: PCR handle - TPM2B_DIGEST *policy // OUT: policy of PCR - ) -{ - UINT32 groupIndex; - - if(PCRBelongsPolicyGroup(handle, &groupIndex)) - { - *policy = gp.pcrPolicies.policy[groupIndex]; - return gp.pcrPolicies.hashAlg[groupIndex]; - } - else - { - policy->t.size = 0; - return TPM_ALG_NULL; - } -} - -//*** PCRSimStart() -// This function is used to initialize the policies when a TPM is manufactured. -// This function would only be called in a manufacturing environment or in -// a TPM simulator. -void -PCRSimStart( - void - ) -{ - UINT32 i; -#if defined NUM_POLICY_PCR_GROUP && NUM_POLICY_PCR_GROUP > 0 - for(i = 0; i < NUM_POLICY_PCR_GROUP; i++) - { - gp.pcrPolicies.hashAlg[i] = TPM_ALG_NULL; - gp.pcrPolicies.policy[i].t.size = 0; - } -#endif -#if defined NUM_AUTHVALUE_PCR_GROUP && NUM_AUTHVALUE_PCR_GROUP > 0 - for(i = 0; i < NUM_AUTHVALUE_PCR_GROUP; i++) - { - gc.pcrAuthValues.auth[i].t.size = 0; - } -#endif - // We need to give an initial configuration on allocated PCR before - // receiving any TPM2_PCR_Allocate command to change this configuration - // When the simulation environment starts, we allocate all the PCRs - for(gp.pcrAllocated.count = 0; gp.pcrAllocated.count < HASH_COUNT; - gp.pcrAllocated.count++) - { - gp.pcrAllocated.pcrSelections[gp.pcrAllocated.count].hash - = CryptHashGetAlgByIndex(gp.pcrAllocated.count); - - gp.pcrAllocated.pcrSelections[gp.pcrAllocated.count].sizeofSelect - = PCR_SELECT_MAX; - for(i = 0; i < PCR_SELECT_MAX; i++) - gp.pcrAllocated.pcrSelections[gp.pcrAllocated.count].pcrSelect[i] - = 0xFF; - } - - // Store the initial configuration to NV - NV_SYNC_PERSISTENT(pcrPolicies); - NV_SYNC_PERSISTENT(pcrAllocated); - - return; -} - -//*** GetSavedPcrPointer() -// This function returns the address of an array of state saved PCR based -// on the hash algorithm. -// Return Type: BYTE * -// NULL no such algorithm -// != NULL pointer to the 0th byte of the 0th PCR -static BYTE * -GetSavedPcrPointer( - TPM_ALG_ID alg, // IN: algorithm for bank - UINT32 pcrIndex // IN: PCR index in PCR_SAVE - ) -{ - BYTE *retVal; - switch(alg) - { -#if ALG_SHA1 - case ALG_SHA1_VALUE: - retVal = gc.pcrSave.sha1[pcrIndex]; - break; -#endif -#if ALG_SHA256 - case ALG_SHA256_VALUE: - retVal = gc.pcrSave.sha256[pcrIndex]; - break; -#endif -#if ALG_SHA384 - case ALG_SHA384_VALUE: - retVal = gc.pcrSave.sha384[pcrIndex]; - break; -#endif - -#if ALG_SHA512 - case ALG_SHA512_VALUE: - retVal = gc.pcrSave.sha512[pcrIndex]; - break; -#endif -#if ALG_SM3_256 - case ALG_SM3_256_VALUE: - retVal = gc.pcrSave.sm3_256[pcrIndex]; - break; -#endif - default: - FAIL(FATAL_ERROR_INTERNAL); - } - return retVal; -} - -//*** PcrIsAllocated() -// This function indicates if a PCR number for the particular hash algorithm -// is allocated. -// Return Type: BOOL -// TRUE(1) PCR is allocated -// FALSE(0) PCR is not allocated -BOOL -PcrIsAllocated( - UINT32 pcr, // IN: The number of the PCR - TPMI_ALG_HASH hashAlg // IN: The PCR algorithm - ) -{ - UINT32 i; - BOOL allocated = FALSE; - - if(pcr < IMPLEMENTATION_PCR) - { - for(i = 0; i < gp.pcrAllocated.count; i++) - { - if(gp.pcrAllocated.pcrSelections[i].hash == hashAlg) - { - if(((gp.pcrAllocated.pcrSelections[i].pcrSelect[pcr / 8]) - & (1 << (pcr % 8))) != 0) - allocated = TRUE; - else - allocated = FALSE; - break; - } - } - } - return allocated; -} - -//*** GetPcrPointer() -// This function returns the address of an array of PCR based on the -// hash algorithm. -// Return Type: BYTE * -// NULL no such algorithm -// != NULL pointer to the 0th byte of the 0th PCR -static BYTE * -GetPcrPointer( - TPM_ALG_ID alg, // IN: algorithm for bank - UINT32 pcrNumber // IN: PCR number - ) -{ - static BYTE *pcr = NULL; - - if(!PcrIsAllocated(pcrNumber, alg)) - return NULL; - - switch(alg) - { -#if ALG_SHA1 - case ALG_SHA1_VALUE: - pcr = s_pcrs[pcrNumber].sha1Pcr; - break; -#endif -#if ALG_SHA256 - case ALG_SHA256_VALUE: - pcr = s_pcrs[pcrNumber].sha256Pcr; - break; -#endif -#if ALG_SHA384 - case ALG_SHA384_VALUE: - pcr = s_pcrs[pcrNumber].sha384Pcr; - break; -#endif -#if ALG_SHA512 - case ALG_SHA512_VALUE: - pcr = s_pcrs[pcrNumber].sha512Pcr; - break; -#endif -#if ALG_SM3_256 - case ALG_SM3_256_VALUE: - pcr = s_pcrs[pcrNumber].sm3_256Pcr; - break; -#endif - default: - FAIL(FATAL_ERROR_INTERNAL); - break; - } - return pcr; -} - -//*** IsPcrSelected() -// This function indicates if an indicated PCR number is selected by the bit map in -// 'selection'. -// Return Type: BOOL -// TRUE(1) PCR is selected -// FALSE(0) PCR is not selected -static BOOL -IsPcrSelected( - UINT32 pcr, // IN: The number of the PCR - TPMS_PCR_SELECTION *selection // IN: The selection structure - ) -{ - BOOL selected; - selected = (pcr < IMPLEMENTATION_PCR - && ((selection->pcrSelect[pcr / 8]) & (1 << (pcr % 8))) != 0); - return selected; -} - -//*** FilterPcr() -// This function modifies a PCR selection array based on the implemented -// PCR. -static void -FilterPcr( - TPMS_PCR_SELECTION *selection // IN: input PCR selection - ) -{ - UINT32 i; - TPMS_PCR_SELECTION *allocated = NULL; - - // If size of select is less than PCR_SELECT_MAX, zero the unspecified PCR - for(i = selection->sizeofSelect; i < PCR_SELECT_MAX; i++) - selection->pcrSelect[i] = 0; - - // Find the internal configuration for the bank - for(i = 0; i < gp.pcrAllocated.count; i++) - { - if(gp.pcrAllocated.pcrSelections[i].hash == selection->hash) - { - allocated = &gp.pcrAllocated.pcrSelections[i]; - break; - } - } - - for(i = 0; i < selection->sizeofSelect; i++) - { - if(allocated == NULL) - { - // If the required bank does not exist, clear input selection - selection->pcrSelect[i] = 0; - } - else - selection->pcrSelect[i] &= allocated->pcrSelect[i]; - } - - return; -} - -//*** PcrDrtm() -// This function does the DRTM and H-CRTM processing it is called from -// _TPM_Hash_End. -void -PcrDrtm( - const TPMI_DH_PCR pcrHandle, // IN: the index of the PCR to be - // modified - const TPMI_ALG_HASH hash, // IN: the bank identifier - const TPM2B_DIGEST *digest // IN: the digest to modify the PCR - ) -{ - BYTE *pcrData = GetPcrPointer(hash, pcrHandle); - - if(pcrData != NULL) - { - // Rest the PCR to zeros - MemorySet(pcrData, 0, digest->t.size); - - // if the TPM has not started, then set the PCR to 0...04 and then extend - if(!TPMIsStarted()) - { - pcrData[digest->t.size - 1] = 4; - } - // Now, extend the value - PCRExtend(pcrHandle, hash, digest->t.size, (BYTE *)digest->t.buffer); - } -} - -//*** PCR_ClearAuth() -// This function is used to reset the PCR authorization values. It is called -// on TPM2_Startup(CLEAR) and TPM2_Clear(). -void -PCR_ClearAuth( - void - ) -{ -#if defined NUM_AUTHVALUE_PCR_GROUP && NUM_AUTHVALUE_PCR_GROUP > 0 - int j; - for(j = 0; j < NUM_AUTHVALUE_PCR_GROUP; j++) - { - gc.pcrAuthValues.auth[j].t.size = 0; - } -#endif -} - -//*** PCRStartup() -// This function initializes the PCR subsystem at TPM2_Startup(). -BOOL -PCRStartup( - STARTUP_TYPE type, // IN: startup type - BYTE locality // IN: startup locality - ) -{ - UINT32 pcr, j; - UINT32 saveIndex = 0; - - g_pcrReConfig = FALSE; - - // Don't test for SU_RESET because that should be the default when nothing - // else is selected - if(type != SU_RESUME && type != SU_RESTART) - { - // PCR generation counter is cleared at TPM_RESET - gr.pcrCounter = 0; - } - - // Initialize/Restore PCR values - for(pcr = 0; pcr < IMPLEMENTATION_PCR; pcr++) - { - // On resume, need to know if this PCR had its state saved or not - UINT32 stateSaved; - - if(type == SU_RESUME - && s_initAttributes[pcr].stateSave == SET) - { - stateSaved = 1; - } - else - { - stateSaved = 0; - PCRChanged(pcr); - } - - // If this is the H-CRTM PCR and we are not doing a resume and we - // had an H-CRTM event, then we don't change this PCR - if(pcr == HCRTM_PCR && type != SU_RESUME && g_DrtmPreStartup == TRUE) - continue; - - // Iterate each hash algorithm bank - for(j = 0; j < gp.pcrAllocated.count; j++) - { - TPMI_ALG_HASH hash = gp.pcrAllocated.pcrSelections[j].hash; - BYTE *pcrData = GetPcrPointer(hash, pcr); - UINT16 pcrSize = CryptHashGetDigestSize(hash); - - if(pcrData != NULL) - { - // if state was saved - if(stateSaved == 1) - { - // Restore saved PCR value - BYTE *pcrSavedData; - pcrSavedData = GetSavedPcrPointer( - gp.pcrAllocated.pcrSelections[j].hash, - saveIndex); - if(pcrSavedData == NULL) - return FALSE; - MemoryCopy(pcrData, pcrSavedData, pcrSize); - } - else - // PCR was not restored by state save - { - // If the reset locality of the PCR is 4, then - // the reset value is all one's, otherwise it is - // all zero. - if((s_initAttributes[pcr].resetLocality & 0x10) != 0) - MemorySet(pcrData, 0xFF, pcrSize); - else - { - MemorySet(pcrData, 0, pcrSize); - if(pcr == HCRTM_PCR) - pcrData[pcrSize - 1] = locality; - } - } - } - } - saveIndex += stateSaved; - } - // Reset authValues on TPM2_Startup(CLEAR) - if(type != SU_RESUME) - PCR_ClearAuth(); - return TRUE; -} - -//*** PCRStateSave() -// This function is used to save the PCR values that will be restored on TPM Resume. -void -PCRStateSave( - TPM_SU type // IN: startup type - ) -{ - UINT32 pcr, j; - UINT32 saveIndex = 0; - - // if state save CLEAR, nothing to be done. Return here - if(type == TPM_SU_CLEAR) - return; - - // Copy PCR values to the structure that should be saved to NV - for(pcr = 0; pcr < IMPLEMENTATION_PCR; pcr++) - { - UINT32 stateSaved = (s_initAttributes[pcr].stateSave == SET) ? 1 : 0; - - // Iterate each hash algorithm bank - for(j = 0; j < gp.pcrAllocated.count; j++) - { - BYTE *pcrData; - UINT32 pcrSize; - - pcrData = GetPcrPointer(gp.pcrAllocated.pcrSelections[j].hash, pcr); - - if(pcrData != NULL) - { - pcrSize - = CryptHashGetDigestSize(gp.pcrAllocated.pcrSelections[j].hash); - - if(stateSaved == 1) - { - // Restore saved PCR value - BYTE *pcrSavedData; - pcrSavedData - = GetSavedPcrPointer(gp.pcrAllocated.pcrSelections[j].hash, - saveIndex); - MemoryCopy(pcrSavedData, pcrData, pcrSize); - } - } - } - saveIndex += stateSaved; - } - - return; -} - -//*** PCRIsStateSaved() -// This function indicates if the selected PCR is a PCR that is state saved -// on TPM2_Shutdown(STATE). The return value is based on PCR attributes. -// Return Type: BOOL -// TRUE(1) PCR is state saved -// FALSE(0) PCR is not state saved -BOOL -PCRIsStateSaved( - TPMI_DH_PCR handle // IN: PCR handle to be extended - ) -{ - UINT32 pcr = handle - PCR_FIRST; - - if(s_initAttributes[pcr].stateSave == SET) - return TRUE; - else - return FALSE; -} - -//*** PCRIsResetAllowed() -// This function indicates if a PCR may be reset by the current command locality. -// The return value is based on PCR attributes, and not the PCR allocation. -// Return Type: BOOL -// TRUE(1) TPM2_PCR_Reset is allowed -// FALSE(0) TPM2_PCR_Reset is not allowed -BOOL -PCRIsResetAllowed( - TPMI_DH_PCR handle // IN: PCR handle to be extended - ) -{ - UINT8 commandLocality; - UINT8 localityBits = 1; - UINT32 pcr = handle - PCR_FIRST; - - // Check for the locality - commandLocality = _plat__LocalityGet(); - -#ifdef DRTM_PCR - // For a TPM that does DRTM, Reset is not allowed at locality 4 - if(commandLocality == 4) - return FALSE; -#endif - - localityBits = localityBits << commandLocality; - if((localityBits & s_initAttributes[pcr].resetLocality) == 0) - return FALSE; - else - return TRUE; -} - -//*** PCRChanged() -// This function checks a PCR handle to see if the attributes for the PCR are set -// so that any change to the PCR causes an increment of the pcrCounter. If it does, -// then the function increments the counter. Will also bump the counter if the -// handle is zero which means that PCR 0 can not be in the TCB group. Bump on zero -// is used by TPM2_Clear(). -void -PCRChanged( - TPM_HANDLE pcrHandle // IN: the handle of the PCR that changed. - ) -{ - // For the reference implementation, the only change that does not cause - // increment is a change to a PCR in the TCB group. - if((pcrHandle == 0) || !PCRBelongsTCBGroup(pcrHandle)) - { - gr.pcrCounter++; - if(gr.pcrCounter == 0) - FAIL(FATAL_ERROR_COUNTER_OVERFLOW); - } -} - -//*** PCRIsExtendAllowed() -// This function indicates a PCR may be extended at the current command locality. -// The return value is based on PCR attributes, and not the PCR allocation. -// Return Type: BOOL -// TRUE(1) extend is allowed -// FALSE(0) extend is not allowed -BOOL -PCRIsExtendAllowed( - TPMI_DH_PCR handle // IN: PCR handle to be extended - ) -{ - UINT8 commandLocality; - UINT8 localityBits = 1; - UINT32 pcr = handle - PCR_FIRST; - - // Check for the locality - commandLocality = _plat__LocalityGet(); - localityBits = localityBits << commandLocality; - if((localityBits & s_initAttributes[pcr].extendLocality) == 0) - return FALSE; - else - return TRUE; -} - -//*** PCRExtend() -// This function is used to extend a PCR in a specific bank. -void -PCRExtend( - TPMI_DH_PCR handle, // IN: PCR handle to be extended - TPMI_ALG_HASH hash, // IN: hash algorithm of PCR - UINT32 size, // IN: size of data to be extended - BYTE *data // IN: data to be extended - ) -{ - BYTE *pcrData; - HASH_STATE hashState; - UINT16 pcrSize; - - pcrData = GetPcrPointer(hash, handle - PCR_FIRST); - - // Extend PCR if it is allocated - if(pcrData != NULL) - { - pcrSize = CryptHashGetDigestSize(hash); - CryptHashStart(&hashState, hash); - CryptDigestUpdate(&hashState, pcrSize, pcrData); - CryptDigestUpdate(&hashState, size, data); - CryptHashEnd(&hashState, pcrSize, pcrData); - - // PCR has changed so update the pcrCounter if necessary - PCRChanged(handle); - } - - return; -} - -//*** PCRComputeCurrentDigest() -// This function computes the digest of the selected PCR. -// -// As a side-effect, 'selection' is modified so that only the implemented PCR -// will have their bits still set. -void -PCRComputeCurrentDigest( - TPMI_ALG_HASH hashAlg, // IN: hash algorithm to compute digest - TPML_PCR_SELECTION *selection, // IN/OUT: PCR selection (filtered on - // output) - TPM2B_DIGEST *digest // OUT: digest - ) -{ - HASH_STATE hashState; - TPMS_PCR_SELECTION *select; - BYTE *pcrData; // will point to a digest - UINT32 pcrSize; - UINT32 pcr; - UINT32 i; - - // Initialize the hash - digest->t.size = CryptHashStart(&hashState, hashAlg); - pAssert(digest->t.size > 0 && digest->t.size < UINT16_MAX); - - // Iterate through the list of PCR selection structures - for(i = 0; i < selection->count; i++) - { - // Point to the current selection - select = &selection->pcrSelections[i]; // Point to the current selection - FilterPcr(select); // Clear out the bits for unimplemented PCR - - // Need the size of each digest - pcrSize = CryptHashGetDigestSize(selection->pcrSelections[i].hash); - - // Iterate through the selection - for(pcr = 0; pcr < IMPLEMENTATION_PCR; pcr++) - { - if(IsPcrSelected(pcr, select)) // Is this PCR selected - { - // Get pointer to the digest data for the bank - pcrData = GetPcrPointer(selection->pcrSelections[i].hash, pcr); - pAssert(pcrData != NULL); - CryptDigestUpdate(&hashState, pcrSize, pcrData); // add to digest - } - } - } - // Complete hash stack - CryptHashEnd2B(&hashState, &digest->b); - - return; -} - -//*** PCRRead() -// This function is used to read a list of selected PCR. If the requested PCR -// number exceeds the maximum number that can be output, the 'selection' is -// adjusted to reflect the actual output PCR. -void -PCRRead( - TPML_PCR_SELECTION *selection, // IN/OUT: PCR selection (filtered on - // output) - TPML_DIGEST *digest, // OUT: digest - UINT32 *pcrCounter // OUT: the current value of PCR generation - // number - ) -{ - TPMS_PCR_SELECTION *select; - BYTE *pcrData; // will point to a digest - UINT32 pcr; - UINT32 i; - - digest->count = 0; - - // Iterate through the list of PCR selection structures - for(i = 0; i < selection->count; i++) - { - // Point to the current selection - select = &selection->pcrSelections[i]; // Point to the current selection - FilterPcr(select); // Clear out the bits for unimplemented PCR - - // Iterate through the selection - for(pcr = 0; pcr < IMPLEMENTATION_PCR; pcr++) - { - if(IsPcrSelected(pcr, select)) // Is this PCR selected - { - // Check if number of digest exceed upper bound - if(digest->count > 7) - { - // Clear rest of the current select bitmap - while(pcr < IMPLEMENTATION_PCR - // do not round up! - && (pcr / 8) < select->sizeofSelect) - { - // do not round up! - select->pcrSelect[pcr / 8] &= (BYTE)~(1 << (pcr % 8)); - pcr++; - } - // Exit inner loop - break; - } - // Need the size of each digest - digest->digests[digest->count].t.size = - CryptHashGetDigestSize(selection->pcrSelections[i].hash); - - // Get pointer to the digest data for the bank - pcrData = GetPcrPointer(selection->pcrSelections[i].hash, pcr); - pAssert(pcrData != NULL); - // Add to the data to digest - MemoryCopy(digest->digests[digest->count].t.buffer, - pcrData, - digest->digests[digest->count].t.size); - digest->count++; - } - } - // If we exit inner loop because we have exceed the output upper bound - if(digest->count > 7 && pcr < IMPLEMENTATION_PCR) - { - // Clear rest of the selection - while(i < selection->count) - { - MemorySet(selection->pcrSelections[i].pcrSelect, 0, - selection->pcrSelections[i].sizeofSelect); - i++; - } - // exit outer loop - break; - } - } - - *pcrCounter = gr.pcrCounter; - - return; -} - -//*** PCRAllocate() -// This function is used to change the PCR allocation. -// Return Type: TPM_RC -// TPM_RC_NO_RESULT allocate failed -// TPM_RC_PCR improper allocation -TPM_RC -PCRAllocate( - TPML_PCR_SELECTION *allocate, // IN: required allocation - UINT32 *maxPCR, // OUT: Maximum number of PCR - UINT32 *sizeNeeded, // OUT: required space - UINT32 *sizeAvailable // OUT: available space - ) -{ - UINT32 i, j, k; - TPML_PCR_SELECTION newAllocate; - // Initialize the flags to indicate if HCRTM PCR and DRTM PCR are allocated. - BOOL pcrHcrtm = FALSE; - BOOL pcrDrtm = FALSE; - - // Create the expected new PCR allocation based on the existing allocation - // and the new input: - // 1. if a PCR bank does not appear in the new allocation, the existing - // allocation of this PCR bank will be preserved. - // 2. if a PCR bank appears multiple times in the new allocation, only the - // last one will be in effect. - newAllocate = gp.pcrAllocated; - for(i = 0; i < allocate->count; i++) - { - for(j = 0; j < newAllocate.count; j++) - { - // If hash matches, the new allocation covers the old allocation - // for this particular bank. - // The assumption is the initial PCR allocation (from manufacture) - // has all the supported hash algorithms with an assigned bank - // (possibly empty). So there must be a match for any new bank - // allocation from the input. - if(newAllocate.pcrSelections[j].hash == - allocate->pcrSelections[i].hash) - { - newAllocate.pcrSelections[j] = allocate->pcrSelections[i]; - break; - } - } - // The j loop must exit with a match. - pAssert(j < newAllocate.count); - } - - // Max PCR in a bank is MIN(implemented PCR, PCR with attributes defined) - *maxPCR = sizeof(s_initAttributes) / sizeof(PCR_Attributes); - if(*maxPCR > IMPLEMENTATION_PCR) - *maxPCR = IMPLEMENTATION_PCR; - - // Compute required size for allocation - *sizeNeeded = 0; - for(i = 0; i < newAllocate.count; i++) - { - UINT32 digestSize - = CryptHashGetDigestSize(newAllocate.pcrSelections[i].hash); -#if defined(DRTM_PCR) - // Make sure that we end up with at least one DRTM PCR - pcrDrtm = pcrDrtm || TestBit(DRTM_PCR, - newAllocate.pcrSelections[i].pcrSelect, - newAllocate.pcrSelections[i].sizeofSelect); - -#else // if DRTM PCR is not required, indicate that the allocation is OK - pcrDrtm = TRUE; -#endif - -#if defined(HCRTM_PCR) - // and one HCRTM PCR (since this is usually PCR 0...) - pcrHcrtm = pcrHcrtm || TestBit(HCRTM_PCR, - newAllocate.pcrSelections[i].pcrSelect, - newAllocate.pcrSelections[i].sizeofSelect); -#else - pcrHcrtm = TRUE; -#endif - for(j = 0; j < newAllocate.pcrSelections[i].sizeofSelect; j++) - { - BYTE mask = 1; - for(k = 0; k < 8; k++) - { - if((newAllocate.pcrSelections[i].pcrSelect[j] & mask) != 0) - *sizeNeeded += digestSize; - mask = mask << 1; - } - } - } - - if(!pcrDrtm || !pcrHcrtm) - return TPM_RC_PCR; - - // In this particular implementation, we always have enough space to - // allocate PCR. Different implementation may return a sizeAvailable less - // than the sizeNeed. - *sizeAvailable = sizeof(s_pcrs); - - // Save the required allocation to NV. Note that after NV is written, the - // PCR allocation in NV is no longer consistent with the RAM data - // gp.pcrAllocated. The NV version reflect the allocate after next - // TPM_RESET, while the RAM version reflects the current allocation - NV_WRITE_PERSISTENT(pcrAllocated, newAllocate); - - return TPM_RC_SUCCESS; -} - -//*** PCRSetValue() -// This function is used to set the designated PCR in all banks to an initial value. -// The initial value is signed and will be sign extended into the entire PCR. -// -void -PCRSetValue( - TPM_HANDLE handle, // IN: the handle of the PCR to set - INT8 initialValue // IN: the value to set - ) -{ - int i; - UINT32 pcr = handle - PCR_FIRST; - TPMI_ALG_HASH hash; - UINT16 digestSize; - BYTE *pcrData; - - // Iterate supported PCR bank algorithms to reset - for(i = 0; i < HASH_COUNT; i++) - { - hash = CryptHashGetAlgByIndex(i); - // Prevent runaway - if(hash == TPM_ALG_NULL) - break; - - // Get a pointer to the data - pcrData = GetPcrPointer(gp.pcrAllocated.pcrSelections[i].hash, pcr); - - // If the PCR is allocated - if(pcrData != NULL) - { - // And the size of the digest - digestSize = CryptHashGetDigestSize(hash); - - // Set the LSO to the input value - pcrData[digestSize - 1] = initialValue; - - // Sign extend - if(initialValue >= 0) - MemorySet(pcrData, 0, digestSize - 1); - else - MemorySet(pcrData, -1, digestSize - 1); - } - } -} - -//*** PCRResetDynamics -// This function is used to reset a dynamic PCR to 0. This function is used in -// DRTM sequence. -void -PCRResetDynamics( - void - ) -{ - UINT32 pcr, i; - - // Initialize PCR values - for(pcr = 0; pcr < IMPLEMENTATION_PCR; pcr++) - { - // Iterate each hash algorithm bank - for(i = 0; i < gp.pcrAllocated.count; i++) - { - BYTE *pcrData; - UINT32 pcrSize; - - pcrData = GetPcrPointer(gp.pcrAllocated.pcrSelections[i].hash, pcr); - - if(pcrData != NULL) - { - pcrSize = - CryptHashGetDigestSize(gp.pcrAllocated.pcrSelections[i].hash); - - // Reset PCR - // Any PCR can be reset by locality 4 should be reset to 0 - if((s_initAttributes[pcr].resetLocality & 0x10) != 0) - MemorySet(pcrData, 0, pcrSize); - } - } - } - return; -} - -//*** PCRCapGetAllocation() -// This function is used to get the current allocation of PCR banks. -// Return Type: TPMI_YES_NO -// YES if the return count is 0 -// NO if the return count is not 0 -TPMI_YES_NO -PCRCapGetAllocation( - UINT32 count, // IN: count of return - TPML_PCR_SELECTION *pcrSelection // OUT: PCR allocation list - ) -{ - if(count == 0) - { - pcrSelection->count = 0; - return YES; - } - else - { - *pcrSelection = gp.pcrAllocated; - return NO; - } -} - -//*** PCRSetSelectBit() -// This function sets a bit in a bitmap array. -static void -PCRSetSelectBit( - UINT32 pcr, // IN: PCR number - BYTE *bitmap // OUT: bit map to be set - ) -{ - bitmap[pcr / 8] |= (1 << (pcr % 8)); - return; -} - -//*** PCRGetProperty() -// This function returns the selected PCR property. -// Return Type: BOOL -// TRUE(1) the property type is implemented -// FALSE(0) the property type is not implemented -static BOOL -PCRGetProperty( - TPM_PT_PCR property, - TPMS_TAGGED_PCR_SELECT *select - ) -{ - UINT32 pcr; - UINT32 groupIndex; - - select->tag = property; - // Always set the bitmap to be the size of all PCR - select->sizeofSelect = (IMPLEMENTATION_PCR + 7) / 8; - - // Initialize bitmap - MemorySet(select->pcrSelect, 0, select->sizeofSelect); - - // Collecting properties - for(pcr = 0; pcr < IMPLEMENTATION_PCR; pcr++) - { - switch(property) - { - case TPM_PT_PCR_SAVE: - if(s_initAttributes[pcr].stateSave == SET) - PCRSetSelectBit(pcr, select->pcrSelect); - break; - case TPM_PT_PCR_EXTEND_L0: - if((s_initAttributes[pcr].extendLocality & 0x01) != 0) - PCRSetSelectBit(pcr, select->pcrSelect); - break; - case TPM_PT_PCR_RESET_L0: - if((s_initAttributes[pcr].resetLocality & 0x01) != 0) - PCRSetSelectBit(pcr, select->pcrSelect); - break; - case TPM_PT_PCR_EXTEND_L1: - if((s_initAttributes[pcr].extendLocality & 0x02) != 0) - PCRSetSelectBit(pcr, select->pcrSelect); - break; - case TPM_PT_PCR_RESET_L1: - if((s_initAttributes[pcr].resetLocality & 0x02) != 0) - PCRSetSelectBit(pcr, select->pcrSelect); - break; - case TPM_PT_PCR_EXTEND_L2: - if((s_initAttributes[pcr].extendLocality & 0x04) != 0) - PCRSetSelectBit(pcr, select->pcrSelect); - break; - case TPM_PT_PCR_RESET_L2: - if((s_initAttributes[pcr].resetLocality & 0x04) != 0) - PCRSetSelectBit(pcr, select->pcrSelect); - break; - case TPM_PT_PCR_EXTEND_L3: - if((s_initAttributes[pcr].extendLocality & 0x08) != 0) - PCRSetSelectBit(pcr, select->pcrSelect); - break; - case TPM_PT_PCR_RESET_L3: - if((s_initAttributes[pcr].resetLocality & 0x08) != 0) - PCRSetSelectBit(pcr, select->pcrSelect); - break; - case TPM_PT_PCR_EXTEND_L4: - if((s_initAttributes[pcr].extendLocality & 0x10) != 0) - PCRSetSelectBit(pcr, select->pcrSelect); - break; - case TPM_PT_PCR_RESET_L4: - if((s_initAttributes[pcr].resetLocality & 0x10) != 0) - PCRSetSelectBit(pcr, select->pcrSelect); - break; - case TPM_PT_PCR_DRTM_RESET: - // DRTM reset PCRs are the PCR reset by locality 4 - if((s_initAttributes[pcr].resetLocality & 0x10) != 0) - PCRSetSelectBit(pcr, select->pcrSelect); - break; -#if defined NUM_POLICY_PCR_GROUP && NUM_POLICY_PCR_GROUP > 0 - case TPM_PT_PCR_POLICY: - if(PCRBelongsPolicyGroup(pcr + PCR_FIRST, &groupIndex)) - PCRSetSelectBit(pcr, select->pcrSelect); - break; -#endif -#if defined NUM_AUTHVALUE_PCR_GROUP && NUM_AUTHVALUE_PCR_GROUP > 0 - case TPM_PT_PCR_AUTH: - if(PCRBelongsAuthGroup(pcr + PCR_FIRST, &groupIndex)) - PCRSetSelectBit(pcr, select->pcrSelect); - break; -#endif -#if ENABLE_PCR_NO_INCREMENT == YES - case TPM_PT_PCR_NO_INCREMENT: - if(PCRBelongsTCBGroup(pcr + PCR_FIRST)) - PCRSetSelectBit(pcr, select->pcrSelect); - break; -#endif - default: - // If property is not supported, stop scanning PCR attributes - // and return. - return FALSE; - break; - } - } - return TRUE; -} - -//*** PCRCapGetProperties() -// This function returns a list of PCR properties starting at 'property'. -// Return Type: TPMI_YES_NO -// YES if no more property is available -// NO if there are more properties not reported -TPMI_YES_NO -PCRCapGetProperties( - TPM_PT_PCR property, // IN: the starting PCR property - UINT32 count, // IN: count of returned properties - TPML_TAGGED_PCR_PROPERTY *select // OUT: PCR select - ) -{ - TPMI_YES_NO more = NO; - UINT32 i; - - // Initialize output property list - select->count = 0; - - // The maximum count of properties we may return is MAX_PCR_PROPERTIES - if(count > MAX_PCR_PROPERTIES) count = MAX_PCR_PROPERTIES; - - // TPM_PT_PCR_FIRST is defined as 0 in spec. It ensures that property - // value would never be less than TPM_PT_PCR_FIRST - cAssert(TPM_PT_PCR_FIRST == 0); - - // Iterate PCR properties. TPM_PT_PCR_LAST is the index of the last property - // implemented on the TPM. - for(i = property; i <= TPM_PT_PCR_LAST; i++) - { - if(select->count < count) - { - // If we have not filled up the return list, add more properties to it - if(PCRGetProperty(i, &select->pcrProperty[select->count])) - // only increment if the property is implemented - select->count++; - } - else - { - // If the return list is full but we still have properties - // available, report this and stop iterating. - more = YES; - break; - } - } - return more; -} - -//*** PCRCapGetHandles() -// This function is used to get a list of handles of PCR, started from 'handle'. -// If 'handle' exceeds the maximum PCR handle range, an empty list will be -// returned and the return value will be NO. -// Return Type: TPMI_YES_NO -// YES if there are more handles available -// NO all the available handles has been returned -TPMI_YES_NO -PCRCapGetHandles( - TPMI_DH_PCR handle, // IN: start handle - UINT32 count, // IN: count of returned handles - TPML_HANDLE *handleList // OUT: list of handle - ) -{ - TPMI_YES_NO more = NO; - UINT32 i; - - pAssert(HandleGetType(handle) == TPM_HT_PCR); - - // Initialize output handle list - handleList->count = 0; - - // The maximum count of handles we may return is MAX_CAP_HANDLES - if(count > MAX_CAP_HANDLES) count = MAX_CAP_HANDLES; - - // Iterate PCR handle range - for(i = handle & HR_HANDLE_MASK; i <= PCR_LAST; i++) - { - if(handleList->count < count) - { - // If we have not filled up the return list, add this PCR - // handle to it - handleList->handle[handleList->count] = i + PCR_FIRST; - handleList->count++; - } - else - { - // If the return list is full but we still have PCR handle - // available, report this and stop iterating - more = YES; - break; - } - } - return more; -} \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/PP.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/PP.c deleted file mode 100644 index 5d17d2014..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/PP.c +++ /dev/null @@ -1,179 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Introduction -// This file contains the functions that support the physical presence operations -// of the TPM. - -//** Includes - -#include "Tpm.h" - -//** Functions - -//*** PhysicalPresencePreInstall_Init() -// This function is used to initialize the array of commands that always require -// confirmation with physical presence. The array is an array of bits that -// has a correspondence with the command code. -// -// This command should only ever be executable in a manufacturing setting or in -// a simulation. -// -// When set, these cannot be cleared. -// -void -PhysicalPresencePreInstall_Init( - void - ) -{ - COMMAND_INDEX commandIndex; - // Clear all the PP commands - MemorySet(&gp.ppList, 0, sizeof(gp.ppList)); - - // Any command that is PP_REQUIRED should be SET - for(commandIndex = 0; commandIndex < COMMAND_COUNT; commandIndex++) - { - if(s_commandAttributes[commandIndex] & IS_IMPLEMENTED - && s_commandAttributes[commandIndex] & PP_REQUIRED) - SET_BIT(commandIndex, gp.ppList); - } - // Write PP list to NV - NV_SYNC_PERSISTENT(ppList); - return; -} - -//*** PhysicalPresenceCommandSet() -// This function is used to set the indicator that a command requires -// PP confirmation. -void -PhysicalPresenceCommandSet( - TPM_CC commandCode // IN: command code - ) -{ - COMMAND_INDEX commandIndex = CommandCodeToCommandIndex(commandCode); - - // if the command isn't implemented, the do nothing - if(commandIndex == UNIMPLEMENTED_COMMAND_INDEX) - return; - - // only set the bit if this is a command for which PP is allowed - if(s_commandAttributes[commandIndex] & PP_COMMAND) - SET_BIT(commandIndex, gp.ppList); - return; -} - -//*** PhysicalPresenceCommandClear() -// This function is used to clear the indicator that a command requires PP -// confirmation. -void -PhysicalPresenceCommandClear( - TPM_CC commandCode // IN: command code - ) -{ - COMMAND_INDEX commandIndex = CommandCodeToCommandIndex(commandCode); - - // If the command isn't implemented, then don't do anything - if(commandIndex == UNIMPLEMENTED_COMMAND_INDEX) - return; - - // Only clear the bit if the command does not require PP - if((s_commandAttributes[commandIndex] & PP_REQUIRED) == 0) - CLEAR_BIT(commandIndex, gp.ppList); - - return; -} - -//*** PhysicalPresenceIsRequired() -// This function indicates if PP confirmation is required for a command. -// Return Type: BOOL -// TRUE(1) physical presence is required -// FALSE(0) physical presence is not required -BOOL -PhysicalPresenceIsRequired( - COMMAND_INDEX commandIndex // IN: command index - ) -{ - // Check the bit map. If the bit is SET, PP authorization is required - return (TEST_BIT(commandIndex, gp.ppList)); -} - -//*** PhysicalPresenceCapGetCCList() -// This function returns a list of commands that require PP confirmation. The -// list starts from the first implemented command that has a command code that -// the same or greater than 'commandCode'. -// Return Type: TPMI_YES_NO -// YES if there are more command codes available -// NO all the available command codes have been returned -TPMI_YES_NO -PhysicalPresenceCapGetCCList( - TPM_CC commandCode, // IN: start command code - UINT32 count, // IN: count of returned TPM_CC - TPML_CC *commandList // OUT: list of TPM_CC - ) -{ - TPMI_YES_NO more = NO; - COMMAND_INDEX commandIndex; - - // Initialize output handle list - commandList->count = 0; - - // The maximum count of command we may return is MAX_CAP_CC - if(count > MAX_CAP_CC) count = MAX_CAP_CC; - - // Collect PP commands - for(commandIndex = GetClosestCommandIndex(commandCode); - commandIndex != UNIMPLEMENTED_COMMAND_INDEX; - commandIndex = GetNextCommandIndex(commandIndex)) - { - if(PhysicalPresenceIsRequired(commandIndex)) - { - if(commandList->count < count) - { - // If we have not filled up the return list, add this command - // code to it - commandList->commandCodes[commandList->count] - = GetCommandCode(commandIndex); - commandList->count++; - } - else - { - // If the return list is full but we still have PP command - // available, report this and stop iterating - more = YES; - break; - } - } - } - return more; -} \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/Session.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/Session.c deleted file mode 100644 index f0a1b13ce..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/Session.c +++ /dev/null @@ -1,1068 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//**Introduction -/* - The code in this file is used to manage the session context counter. - The scheme implemented here is a "truncated counter". - This scheme allows the TPM to not need TPM_SU_CLEAR for a - very long period of time and still not have the context - count for a session repeated. - - The counter (contextCounter)in this implementation is a UINT64 but - can be smaller. The "tracking array" (contextArray) only - has 16-bits per context. The tracking array is the data - that needs to be saved and restored across TPM_SU_STATE so that - sessions are not lost when the system enters the sleep state. - Also, when the TPM is active, the tracking array is kept in - RAM making it important that the number of bytes for each - entry be kept as small as possible. - - The TPM prevents "collisions" of these truncated values by - not allowing a contextID to be assigned if it would be the - same as an existing value. Since the array holds 16 bits, - after a context has been saved, an additional 2^16-1 contexts - may be saved before the count would again match. The normal - expectation is that the context will be flushed before its count - value is needed again but it is always possible to have long-lived - sessions. - - The contextID is assigned when the context is saved (TPM2_ContextSave()). - At that time, the TPM will compare the low-order 16 bits of - contextCounter to the existing values in contextArray and if one - matches, the TPM will return TPM_RC_CONTEXT_GAP (by construction, - the entry that contains the matching value is the oldest - context). - - The expected remediation by the TRM is to load the oldest saved - session context (the one found by the TPM), and save it. Since loading - the oldest session also eliminates its contextID value from - contextArray, there TPM will always be able to load and save the oldest - existing context. - - In the worst case, software may have to load and save several contexts - in order to save an additional one. This should happen very infrequently. - - When the TPM searches contextArray and finds that none of the contextIDs - match the low-order 16-bits of contextCount, the TPM can copy the low bits - to the contextArray associated with the session, and increment contextCount. - - There is one entry in contextArray for each of the active sessions - allowed by the TPM implementation. This array contains either a - context count, an index, or a value indicating the slot is available (0). - - The index into the contextArray is the handle for the session with the region - selector byte of the session set to zero. If an entry in contextArray contains - 0, then the corresponding handle may be assigned to a session. If the entry - contains a value that is less than or equal to the number of loaded sessions - for the TPM, then the array entry is the slot in which the context is loaded. - - EXAMPLE: If the TPM allows 8 loaded sessions, then the slot numbers would - be 1-8 and a contextArrary value in that range would represent the loaded - session. - - NOTE: When the TPM firmware determines that the array entry is for a loaded - session, it will subtract 1 to create the zero-based slot number. - - There is one significant corner case in this scheme. When the contextCount - is equal to a value in the contextArray, the oldest session needs to be - recycled or flushed. In order to recycle the session, it must be loaded. - To be loaded, there must be an available slot. Rather than require that a - spare slot be available all the time, the TPM will check to see if the - contextCount is equal to some value in the contextArray when a session is - created. This prevents the last session slot from being used when it - is likely that a session will need to be recycled. - - If a TPM with both 1.2 and 2.0 functionality uses this scheme for both - 1.2 and 2.0 sessions, and the list of active contexts is read with - TPM_GetCapabiltiy(), the TPM will create 32-bit representations of the - list that contains 16-bit values (the TPM2_GetCapability() returns a list - of handles for active sessions rather than a list of contextID). The full - contextID has high-order bits that are either the same as the current - contextCount or one less. It is one less if the 16-bits - of the contextArray has a value that is larger than the low-order 16 bits - of contextCount. -*/ - -//** Includes, Defines, and Local Variables -#define SESSION_C -#include "Tpm.h" - -//** File Scope Function -- ContextIdSetOldest() -/* - This function is called when the oldest contextID is being loaded or deleted. - Once a saved context becomes the oldest, it stays the oldest until it is - deleted. - - Finding the oldest is a bit tricky. It is not just the numeric comparison of - values but is dependent on the value of contextCounter. - - Assume we have a small contextArray with 8, 4-bit values with values 1 and 2 - used to indicate the loaded context slot number. Also assume that the array - contains hex values of (0 0 1 0 3 0 9 F) and that the contextCounter is an - 8-bit counter with a value of 0x37. Since the low nibble is 7, that means - that values above 7 are older than values below it and, in this example, - 9 is the oldest value. - - Note if we subtract the counter value, from each slot that contains a saved - contextID we get (- - - - B - 2 - 8) and the oldest entry is now easy to find. -*/ -static void -ContextIdSetOldest( - void - ) -{ - CONTEXT_SLOT lowBits; - CONTEXT_SLOT entry; - CONTEXT_SLOT smallest = ((CONTEXT_SLOT)~0); - UINT32 i; - - // Set oldestSaveContext to a value indicating none assigned - s_oldestSavedSession = MAX_ACTIVE_SESSIONS + 1; - - lowBits = (CONTEXT_SLOT)gr.contextCounter; - for(i = 0; i < MAX_ACTIVE_SESSIONS; i++) - { - entry = gr.contextArray[i]; - - // only look at entries that are saved contexts - if(entry > MAX_LOADED_SESSIONS) - { - // Use a less than or equal in case the oldest - // is brand new (= lowBits-1) and equal to our initial - // value for smallest. - if(((CONTEXT_SLOT)(entry - lowBits)) <= smallest) - { - smallest = (entry - lowBits); - s_oldestSavedSession = i; - } - } - } - // When we finish, either the s_oldestSavedSession still has its initial - // value, or it has the index of the oldest saved context. -} - -//** Startup Function -- SessionStartup() -// This function initializes the session subsystem on TPM2_Startup(). -BOOL -SessionStartup( - STARTUP_TYPE type - ) -{ - UINT32 i; - - // Initialize session slots. At startup, all the in-memory session slots - // are cleared and marked as not occupied - for(i = 0; i < MAX_LOADED_SESSIONS; i++) - s_sessions[i].occupied = FALSE; // session slot is not occupied - - // The free session slots the number of maximum allowed loaded sessions - s_freeSessionSlots = MAX_LOADED_SESSIONS; - - // Initialize context ID data. On a ST_SAVE or hibernate sequence, it will - // scan the saved array of session context counts, and clear any entry that - // references a session that was in memory during the state save since that - // memory was not preserved over the ST_SAVE. - if(type == SU_RESUME || type == SU_RESTART) - { - // On ST_SAVE we preserve the contexts that were saved but not the ones - // in memory - for(i = 0; i < MAX_ACTIVE_SESSIONS; i++) - { - // If the array value is unused or references a loaded session then - // that loaded session context is lost and the array entry is - // reclaimed. - if(gr.contextArray[i] <= MAX_LOADED_SESSIONS) - gr.contextArray[i] = 0; - } - // Find the oldest session in context ID data and set it in - // s_oldestSavedSession - ContextIdSetOldest(); - } - else - { - // For STARTUP_CLEAR, clear out the contextArray - for(i = 0; i < MAX_ACTIVE_SESSIONS; i++) - gr.contextArray[i] = 0; - - // reset the context counter - gr.contextCounter = MAX_LOADED_SESSIONS + 1; - - // Initialize oldest saved session - s_oldestSavedSession = MAX_ACTIVE_SESSIONS + 1; - } - return TRUE; -} - -//************************************************ -//** Access Functions -//************************************************ - -//*** SessionIsLoaded() -// This function test a session handle references a loaded session. The handle -// must have previously been checked to make sure that it is a valid handle for -// an authorization session. -// NOTE: A PWAP authorization does not have a session. -// -// Return Type: BOOL -// TRUE(1) session is loaded -// FALSE(0) session is not loaded -// -BOOL -SessionIsLoaded( - TPM_HANDLE handle // IN: session handle - ) -{ - pAssert(HandleGetType(handle) == TPM_HT_POLICY_SESSION - || HandleGetType(handle) == TPM_HT_HMAC_SESSION); - - handle = handle & HR_HANDLE_MASK; - - // if out of range of possible active session, or not assigned to a loaded - // session return false - if(handle >= MAX_ACTIVE_SESSIONS - || gr.contextArray[handle] == 0 - || gr.contextArray[handle] > MAX_LOADED_SESSIONS) - return FALSE; - - return TRUE; -} - -//*** SessionIsSaved() -// This function test a session handle references a saved session. The handle -// must have previously been checked to make sure that it is a valid handle for -// an authorization session. -// NOTE: An password authorization does not have a session. -// -// This function requires that the handle be a valid session handle. -// -// Return Type: BOOL -// TRUE(1) session is saved -// FALSE(0) session is not saved -// -BOOL -SessionIsSaved( - TPM_HANDLE handle // IN: session handle - ) -{ - pAssert(HandleGetType(handle) == TPM_HT_POLICY_SESSION - || HandleGetType(handle) == TPM_HT_HMAC_SESSION); - - handle = handle & HR_HANDLE_MASK; - // if out of range of possible active session, or not assigned, or - // assigned to a loaded session, return false - if(handle >= MAX_ACTIVE_SESSIONS - || gr.contextArray[handle] == 0 - || gr.contextArray[handle] <= MAX_LOADED_SESSIONS - ) - return FALSE; - - return TRUE; -} - -//*** SequenceNumberForSavedContextIsValid() -// This function validates that the sequence number and handle value within a -// saved context are valid. -BOOL -SequenceNumberForSavedContextIsValid( - TPMS_CONTEXT *context // IN: pointer to a context structure to be - // validated - ) -{ -#define MAX_CONTEXT_GAP ((UINT64)((CONTEXT_SLOT) ~0) + 1) - - TPM_HANDLE handle = context->savedHandle & HR_HANDLE_MASK; - - if(// Handle must be with the range of active sessions - handle >= MAX_ACTIVE_SESSIONS - // the array entry must be for a saved context - || gr.contextArray[handle] <= MAX_LOADED_SESSIONS - // the array entry must agree with the sequence number - || gr.contextArray[handle] != (CONTEXT_SLOT)context->sequence - // the provided sequence number has to be less than the current counter - || context->sequence > gr.contextCounter - // but not so much that it could not be a valid sequence number - || gr.contextCounter - context->sequence > MAX_CONTEXT_GAP) - return FALSE; - - return TRUE; -} - -//*** SessionPCRValueIsCurrent() -// -// This function is used to check if PCR values have been updated since the -// last time they were checked in a policy session. -// -// This function requires the session is loaded. -// Return Type: BOOL -// TRUE(1) PCR value is current -// FALSE(0) PCR value is not current -BOOL -SessionPCRValueIsCurrent( - SESSION *session // IN: session structure - ) -{ - if(session->pcrCounter != 0 - && session->pcrCounter != gr.pcrCounter - ) - return FALSE; - else - return TRUE; -} - -//*** SessionGet() -// This function returns a pointer to the session object associated with a -// session handle. -// -// The function requires that the session is loaded. -SESSION * -SessionGet( - TPM_HANDLE handle // IN: session handle - ) -{ - size_t slotIndex; - CONTEXT_SLOT sessionIndex; - - pAssert(HandleGetType(handle) == TPM_HT_POLICY_SESSION - || HandleGetType(handle) == TPM_HT_HMAC_SESSION - ); - - slotIndex = handle & HR_HANDLE_MASK; - - pAssert(slotIndex < MAX_ACTIVE_SESSIONS); - - // get the contents of the session array. Because session is loaded, we - // should always get a valid sessionIndex - sessionIndex = gr.contextArray[slotIndex] - 1; - - pAssert(sessionIndex < MAX_LOADED_SESSIONS); - - return &s_sessions[sessionIndex].session; -} - -//************************************************ -//** Utility Functions -//************************************************ - -//*** ContextIdSessionCreate() -// -// This function is called when a session is created. It will check -// to see if the current gap would prevent a context from being saved. If -// so it will return TPM_RC_CONTEXT_GAP. Otherwise, it will try to find -// an open slot in contextArray, set contextArray to the slot. -// -// This routine requires that the caller has determined the session array -// index for the session. -// -// Return Type: TPM_RC -// TPM_RC_CONTEXT_GAP can't assign a new contextID until the oldest -// saved session context is recycled -// TPM_RC_SESSION_HANDLE there is no slot available in the context array -// for tracking of this session context -static TPM_RC -ContextIdSessionCreate( - TPM_HANDLE *handle, // OUT: receives the assigned handle. This will - // be an index that must be adjusted by the - // caller according to the type of the - // session created - UINT32 sessionIndex // IN: The session context array entry that will - // be occupied by the created session - ) -{ - pAssert(sessionIndex < MAX_LOADED_SESSIONS); - - // check to see if creating the context is safe - // Is this going to be an assignment for the last session context - // array entry? If so, then there will be no room to recycle the - // oldest context if needed. If the gap is not at maximum, then - // it will be possible to save a context if it becomes necessary. - if(s_oldestSavedSession < MAX_ACTIVE_SESSIONS - && s_freeSessionSlots == 1) - { - // See if the gap is at maximum - // The current value of the contextCounter will be assigned to the next - // saved context. If the value to be assigned would make the same as an - // existing context, then we can't use it because of the ambiguity it would - // create. - if((CONTEXT_SLOT)gr.contextCounter - == gr.contextArray[s_oldestSavedSession]) - return TPM_RC_CONTEXT_GAP; - } - - // Find an unoccupied entry in the contextArray - for(*handle = 0; *handle < MAX_ACTIVE_SESSIONS; (*handle)++) - { - if(gr.contextArray[*handle] == 0) - { - // indicate that the session associated with this handle - // references a loaded session - gr.contextArray[*handle] = (CONTEXT_SLOT)(sessionIndex + 1); - return TPM_RC_SUCCESS; - } - } - return TPM_RC_SESSION_HANDLES; -} - -//*** SessionCreate() -// -// This function does the detailed work for starting an authorization session. -// This is done in a support routine rather than in the action code because -// the session management may differ in implementations. This implementation -// uses a fixed memory allocation to hold sessions and a fixed allocation -// to hold the contextID for the saved contexts. -// -// Return Type: TPM_RC -// TPM_RC_CONTEXT_GAP need to recycle sessions -// TPM_RC_SESSION_HANDLE active session space is full -// TPM_RC_SESSION_MEMORY loaded session space is full -TPM_RC -SessionCreate( - TPM_SE sessionType, // IN: the session type - TPMI_ALG_HASH authHash, // IN: the hash algorithm - TPM2B_NONCE *nonceCaller, // IN: initial nonceCaller - TPMT_SYM_DEF *symmetric, // IN: the symmetric algorithm - TPMI_DH_ENTITY bind, // IN: the bind object - TPM2B_DATA *seed, // IN: seed data - TPM_HANDLE *sessionHandle, // OUT: the session handle - TPM2B_NONCE *nonceTpm // OUT: the session nonce - ) -{ - TPM_RC result = TPM_RC_SUCCESS; - CONTEXT_SLOT slotIndex; - SESSION *session = NULL; - - pAssert(sessionType == TPM_SE_HMAC - || sessionType == TPM_SE_POLICY - || sessionType == TPM_SE_TRIAL); - - // If there are no open spots in the session array, then no point in searching - if(s_freeSessionSlots == 0) - return TPM_RC_SESSION_MEMORY; - - // Find a space for loading a session - for(slotIndex = 0; slotIndex < MAX_LOADED_SESSIONS; slotIndex++) - { - // Is this available? - if(s_sessions[slotIndex].occupied == FALSE) - { - session = &s_sessions[slotIndex].session; - break; - } - } - // if no spot found, then this is an internal error - if(slotIndex >= MAX_LOADED_SESSIONS) - FAIL(FATAL_ERROR_INTERNAL); - - // Call context ID function to get a handle. TPM_RC_SESSION_HANDLE may be - // returned from ContextIdHandelAssign() - result = ContextIdSessionCreate(sessionHandle, slotIndex); - if(result != TPM_RC_SUCCESS) - return result; - - //*** Only return from this point on is TPM_RC_SUCCESS - - // Can now indicate that the session array entry is occupied. - s_freeSessionSlots--; - s_sessions[slotIndex].occupied = TRUE; - - // Initialize the session data - MemorySet(session, 0, sizeof(SESSION)); - - // Initialize internal session data - session->authHashAlg = authHash; - // Initialize session type - if(sessionType == TPM_SE_HMAC) - { - *sessionHandle += HMAC_SESSION_FIRST; - } - else - { - *sessionHandle += POLICY_SESSION_FIRST; - - // For TPM_SE_POLICY or TPM_SE_TRIAL - session->attributes.isPolicy = SET; - if(sessionType == TPM_SE_TRIAL) - session->attributes.isTrialPolicy = SET; - - SessionSetStartTime(session); - - // Initialize policyDigest. policyDigest is initialized with a string of 0 - // of session algorithm digest size. Since the session is already clear. - // Just need to set the size - session->u2.policyDigest.t.size = - CryptHashGetDigestSize(session->authHashAlg); - } - // Create initial session nonce - session->nonceTPM.t.size = nonceCaller->t.size; - CryptRandomGenerate(session->nonceTPM.t.size, session->nonceTPM.t.buffer); - MemoryCopy2B(&nonceTpm->b, &session->nonceTPM.b, - sizeof(nonceTpm->t.buffer)); - - // Set up session parameter encryption algorithm - session->symmetric = *symmetric; - - // If there is a bind object or a session secret, then need to compute - // a sessionKey. - if(bind != TPM_RH_NULL || seed->t.size != 0) - { - // sessionKey = KDFa(hash, (authValue || seed), "ATH", nonceTPM, - // nonceCaller, bits) - // The HMAC key for generating the sessionSecret can be the concatenation - // of an authorization value and a seed value - TPM2B_TYPE(KEY, (sizeof(TPMT_HA) + sizeof(seed->t.buffer))); - TPM2B_KEY key; - - // Get hash size, which is also the length of sessionKey - session->sessionKey.t.size = CryptHashGetDigestSize(session->authHashAlg); - - // Get authValue of associated entity - EntityGetAuthValue(bind, (TPM2B_AUTH *)&key); - pAssert(key.t.size + seed->t.size <= sizeof(key.t.buffer)); - - // Concatenate authValue and seed - MemoryConcat2B(&key.b, &seed->b, sizeof(key.t.buffer)); - - // Compute the session key - CryptKDFa(session->authHashAlg, &key.b, SESSION_KEY, &session->nonceTPM.b, - &nonceCaller->b, - session->sessionKey.t.size * 8, session->sessionKey.t.buffer, - NULL, FALSE); - } - - // Copy the name of the entity that the HMAC session is bound to - // Policy session is not bound to an entity - if(bind != TPM_RH_NULL && sessionType == TPM_SE_HMAC) - { - session->attributes.isBound = SET; - SessionComputeBoundEntity(bind, &session->u1.boundEntity); - } - // If there is a bind object and it is subject to DA, then use of this session - // is subject to DA regardless of how it is used. - session->attributes.isDaBound = (bind != TPM_RH_NULL) - && (IsDAExempted(bind) == FALSE); - -// If the session is bound, then check to see if it is bound to lockoutAuth - session->attributes.isLockoutBound = (session->attributes.isDaBound == SET) - && (bind == TPM_RH_LOCKOUT); - return TPM_RC_SUCCESS; -} - -//*** SessionContextSave() -// This function is called when a session context is to be saved. The -// contextID of the saved session is returned. If no contextID can be -// assigned, then the routine returns TPM_RC_CONTEXT_GAP. -// If the function completes normally, the session slot will be freed. -// -// This function requires that 'handle' references a loaded session. -// Otherwise, it should not be called at the first place. -// -// Return Type: TPM_RC -// TPM_RC_CONTEXT_GAP a contextID could not be assigned -// TPM_RC_TOO_MANY_CONTEXTS the counter maxed out -// -TPM_RC -SessionContextSave( - TPM_HANDLE handle, // IN: session handle - CONTEXT_COUNTER *contextID // OUT: assigned contextID - ) -{ - UINT32 contextIndex; - CONTEXT_SLOT slotIndex; - - pAssert(SessionIsLoaded(handle)); - - // check to see if the gap is already maxed out - // Need to have a saved session - if(s_oldestSavedSession < MAX_ACTIVE_SESSIONS - // if the oldest saved session has the same value as the low bits - // of the contextCounter, then the GAP is maxed out. - && gr.contextArray[s_oldestSavedSession] == (CONTEXT_SLOT)gr.contextCounter) - return TPM_RC_CONTEXT_GAP; - - // if the caller wants the context counter, set it - if(contextID != NULL) - *contextID = gr.contextCounter; - - contextIndex = handle & HR_HANDLE_MASK; - pAssert(contextIndex < MAX_ACTIVE_SESSIONS); - - // Extract the session slot number referenced by the contextArray - // because we are going to overwrite this with the low order - // contextID value. - slotIndex = gr.contextArray[contextIndex] - 1; - - // Set the contextID for the contextArray - gr.contextArray[contextIndex] = (CONTEXT_SLOT)gr.contextCounter; - - // Increment the counter - gr.contextCounter++; - - // In the unlikely event that the 64-bit context counter rolls over... - if(gr.contextCounter == 0) - { - // back it up - gr.contextCounter--; - // return an error - return TPM_RC_TOO_MANY_CONTEXTS; - } - // if the low-order bits wrapped, need to advance the value to skip over - // the values used to indicate that a session is loaded - if(((CONTEXT_SLOT)gr.contextCounter) == 0) - gr.contextCounter += MAX_LOADED_SESSIONS + 1; - - // If no other sessions are saved, this is now the oldest. - if(s_oldestSavedSession >= MAX_ACTIVE_SESSIONS) - s_oldestSavedSession = contextIndex; - - // Mark the session slot as unoccupied - s_sessions[slotIndex].occupied = FALSE; - - // and indicate that there is an additional open slot - s_freeSessionSlots++; - - return TPM_RC_SUCCESS; -} - -//*** SessionContextLoad() -// This function is used to load a session from saved context. The session -// handle must be for a saved context. -// -// If the gap is at a maximum, then the only session that can be loaded is -// the oldest session, otherwise TPM_RC_CONTEXT_GAP is returned. -/// -// This function requires that 'handle' references a valid saved session. -// -// Return Type: TPM_RC -// TPM_RC_SESSION_MEMORY no free session slots -// TPM_RC_CONTEXT_GAP the gap count is maximum and this -// is not the oldest saved context -// -TPM_RC -SessionContextLoad( - SESSION_BUF *session, // IN: session structure from saved context - TPM_HANDLE *handle // IN/OUT: session handle - ) -{ - UINT32 contextIndex; - CONTEXT_SLOT slotIndex; - - pAssert(HandleGetType(*handle) == TPM_HT_POLICY_SESSION - || HandleGetType(*handle) == TPM_HT_HMAC_SESSION); - - // Don't bother looking if no openings - if(s_freeSessionSlots == 0) - return TPM_RC_SESSION_MEMORY; - - // Find a free session slot to load the session - for(slotIndex = 0; slotIndex < MAX_LOADED_SESSIONS; slotIndex++) - if(s_sessions[slotIndex].occupied == FALSE) break; - - // if no spot found, then this is an internal error - pAssert(slotIndex < MAX_LOADED_SESSIONS); - - contextIndex = *handle & HR_HANDLE_MASK; // extract the index - - // If there is only one slot left, and the gap is at maximum, the only session - // context that we can safely load is the oldest one. - if(s_oldestSavedSession < MAX_ACTIVE_SESSIONS - && s_freeSessionSlots == 1 - && (CONTEXT_SLOT)gr.contextCounter == gr.contextArray[s_oldestSavedSession] - && contextIndex != s_oldestSavedSession) - return TPM_RC_CONTEXT_GAP; - - pAssert(contextIndex < MAX_ACTIVE_SESSIONS); - - // set the contextArray value to point to the session slot where - // the context is loaded - gr.contextArray[contextIndex] = slotIndex + 1; - - // if this was the oldest context, find the new oldest - if(contextIndex == s_oldestSavedSession) - ContextIdSetOldest(); - - // Copy session data to session slot - MemoryCopy(&s_sessions[slotIndex].session, session, sizeof(SESSION)); - - // Set session slot as occupied - s_sessions[slotIndex].occupied = TRUE; - - // Reduce the number of open spots - s_freeSessionSlots--; - - return TPM_RC_SUCCESS; -} - -//*** SessionFlush() -// This function is used to flush a session referenced by its handle. If the -// session associated with 'handle' is loaded, the session array entry is -// marked as available. -// -// This function requires that 'handle' be a valid active session. -// -void -SessionFlush( - TPM_HANDLE handle // IN: loaded or saved session handle - ) -{ - CONTEXT_SLOT slotIndex; - UINT32 contextIndex; // Index into contextArray - - pAssert((HandleGetType(handle) == TPM_HT_POLICY_SESSION - || HandleGetType(handle) == TPM_HT_HMAC_SESSION - ) - && (SessionIsLoaded(handle) || SessionIsSaved(handle)) - ); - - // Flush context ID of this session - // Convert handle to an index into the contextArray - contextIndex = handle & HR_HANDLE_MASK; - - pAssert(contextIndex < sizeof(gr.contextArray) / sizeof(gr.contextArray[0])); - - // Get the current contents of the array - slotIndex = gr.contextArray[contextIndex]; - - // Mark context array entry as available - gr.contextArray[contextIndex] = 0; - - // Is this a saved session being flushed - if(slotIndex > MAX_LOADED_SESSIONS) - { - // Flushing the oldest session? - if(contextIndex == s_oldestSavedSession) - // If so, find a new value for oldest. - ContextIdSetOldest(); - } - else - { - // Adjust slot index to point to session array index - slotIndex -= 1; - - // Free session array index - s_sessions[slotIndex].occupied = FALSE; - s_freeSessionSlots++; - } - - return; -} - -//*** SessionComputeBoundEntity() -// This function computes the binding value for a session. The binding value -// for a reserved handle is the handle itself. For all the other entities, -// the authValue at the time of binding is included to prevent squatting. -// For those values, the Name and the authValue are concatenated -// into the bind buffer. If they will not both fit, the will be overlapped -// by XORing bytes. If XOR is required, the bind value will be full. -void -SessionComputeBoundEntity( - TPMI_DH_ENTITY entityHandle, // IN: handle of entity - TPM2B_NAME *bind // OUT: binding value - ) -{ - TPM2B_AUTH auth; - BYTE *pAuth = auth.t.buffer; - UINT16 i; - - // Get name - EntityGetName(entityHandle, bind); - -// // The bound value of a reserved handle is the handle itself -// if(bind->t.size == sizeof(TPM_HANDLE)) return; - - // For all the other entities, concatenate the authorization value to the name. - // Get a local copy of the authorization value because some overlapping - // may be necessary. - EntityGetAuthValue(entityHandle, &auth); - - // Make sure that the extra space is zeroed - MemorySet(&bind->t.name[bind->t.size], 0, sizeof(bind->t.name) - bind->t.size); - // XOR the authValue at the end of the name - for(i = sizeof(bind->t.name) - auth.t.size; i < sizeof(bind->t.name); i++) - bind->t.name[i] ^= *pAuth++; - - // Set the bind value to the maximum size - bind->t.size = sizeof(bind->t.name); - - return; -} - - -//*** SessionSetStartTime() -// This function is used to initialize the session timing -void -SessionSetStartTime( - SESSION *session // IN: the session to update - ) -{ - session->startTime = g_time; - session->epoch = g_timeEpoch; - session->timeout = 0; -} - -//*** SessionResetPolicyData() -// This function is used to reset the policy data without changing the nonce -// or the start time of the session. -void -SessionResetPolicyData( - SESSION *session // IN: the session to reset - ) -{ - SESSION_ATTRIBUTES oldAttributes; - pAssert(session != NULL); - - // Will need later - oldAttributes = session->attributes; - - // No command - session->commandCode = 0; - - // No locality selected - MemorySet(&session->commandLocality, 0, sizeof(session->commandLocality)); - - // The cpHash size to zero - session->u1.cpHash.b.size = 0; - - // No timeout - session->timeout = 0; - - // Reset the pcrCounter - session->pcrCounter = 0; - - // Reset the policy hash - MemorySet(&session->u2.policyDigest.t.buffer, 0, - session->u2.policyDigest.t.size); - - // Reset the session attributes - MemorySet(&session->attributes, 0, sizeof(SESSION_ATTRIBUTES)); - - // Restore the policy attributes - session->attributes.isPolicy = SET; - session->attributes.isTrialPolicy = oldAttributes.isTrialPolicy; - - // Restore the bind attributes - session->attributes.isDaBound = oldAttributes.isDaBound; - session->attributes.isLockoutBound = oldAttributes.isLockoutBound; -} - -//*** SessionCapGetLoaded() -// This function returns a list of handles of loaded session, started -// from input 'handle' -// -// 'Handle' must be in valid loaded session handle range, but does not -// have to point to a loaded session. -// Return Type: TPMI_YES_NO -// YES if there are more handles available -// NO all the available handles has been returned -TPMI_YES_NO -SessionCapGetLoaded( - TPMI_SH_POLICY handle, // IN: start handle - UINT32 count, // IN: count of returned handles - TPML_HANDLE *handleList // OUT: list of handle - ) -{ - TPMI_YES_NO more = NO; - UINT32 i; - - pAssert(HandleGetType(handle) == TPM_HT_LOADED_SESSION); - - // Initialize output handle list - handleList->count = 0; - - // The maximum count of handles we may return is MAX_CAP_HANDLES - if(count > MAX_CAP_HANDLES) count = MAX_CAP_HANDLES; - - // Iterate session context ID slots to get loaded session handles - for(i = handle & HR_HANDLE_MASK; i < MAX_ACTIVE_SESSIONS; i++) - { - // If session is active - if(gr.contextArray[i] != 0) - { - // If session is loaded - if(gr.contextArray[i] <= MAX_LOADED_SESSIONS) - { - if(handleList->count < count) - { - SESSION *session; - - // If we have not filled up the return list, add this - // session handle to it - // assume that this is going to be an HMAC session - handle = i + HMAC_SESSION_FIRST; - session = SessionGet(handle); - if(session->attributes.isPolicy) - handle = i + POLICY_SESSION_FIRST; - handleList->handle[handleList->count] = handle; - handleList->count++; - } - else - { - // If the return list is full but we still have loaded object - // available, report this and stop iterating - more = YES; - break; - } - } - } - } - - return more; -} - -//*** SessionCapGetSaved() -// This function returns a list of handles for saved session, starting at -// 'handle'. -// -// 'Handle' must be in a valid handle range, but does not have to point to a -// saved session -// -// Return Type: TPMI_YES_NO -// YES if there are more handles available -// NO all the available handles has been returned -TPMI_YES_NO -SessionCapGetSaved( - TPMI_SH_HMAC handle, // IN: start handle - UINT32 count, // IN: count of returned handles - TPML_HANDLE *handleList // OUT: list of handle - ) -{ - TPMI_YES_NO more = NO; - UINT32 i; - -#ifdef TPM_HT_SAVED_SESSION - pAssert(HandleGetType(handle) == TPM_HT_SAVED_SESSION); -#else - pAssert(HandleGetType(handle) == TPM_HT_ACTIVE_SESSION); -#endif - - // Initialize output handle list - handleList->count = 0; - - // The maximum count of handles we may return is MAX_CAP_HANDLES - if(count > MAX_CAP_HANDLES) count = MAX_CAP_HANDLES; - - // Iterate session context ID slots to get loaded session handles - for(i = handle & HR_HANDLE_MASK; i < MAX_ACTIVE_SESSIONS; i++) - { - // If session is active - if(gr.contextArray[i] != 0) - { - // If session is saved - if(gr.contextArray[i] > MAX_LOADED_SESSIONS) - { - if(handleList->count < count) - { - // If we have not filled up the return list, add this - // session handle to it - handleList->handle[handleList->count] = i + HMAC_SESSION_FIRST; - handleList->count++; - } - else - { - // If the return list is full but we still have loaded object - // available, report this and stop iterating - more = YES; - break; - } - } - } - } - - return more; -} - -//*** SessionCapGetLoadedNumber() -// This function return the number of authorization sessions currently -// loaded into TPM RAM. -UINT32 -SessionCapGetLoadedNumber( - void - ) -{ - return MAX_LOADED_SESSIONS - s_freeSessionSlots; -} - -//*** SessionCapGetLoadedAvail() -// This function returns the number of additional authorization sessions, of -// any type, that could be loaded into TPM RAM. -// NOTE: In other implementations, this number may just be an estimate. The only -// requirement for the estimate is, if it is one or more, then at least one -// session must be loadable. -UINT32 -SessionCapGetLoadedAvail( - void - ) -{ - return s_freeSessionSlots; -} - -//*** SessionCapGetActiveNumber() -// This function returns the number of active authorization sessions currently -// being tracked by the TPM. -UINT32 -SessionCapGetActiveNumber( - void - ) -{ - UINT32 i; - UINT32 num = 0; - - // Iterate the context array to find the number of non-zero slots - for(i = 0; i < MAX_ACTIVE_SESSIONS; i++) - { - if(gr.contextArray[i] != 0) num++; - } - - return num; -} - -//*** SessionCapGetActiveAvail() -// This function returns the number of additional authorization sessions, of any -// type, that could be created. This not the number of slots for sessions, but -// the number of additional sessions that the TPM is capable of tracking. -UINT32 -SessionCapGetActiveAvail( - void - ) -{ - UINT32 i; - UINT32 num = 0; - - // Iterate the context array to find the number of zero slots - for(i = 0; i < MAX_ACTIVE_SESSIONS; i++) - { - if(gr.contextArray[i] == 0) num++; - } - - return num; -} \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/Time.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/Time.c deleted file mode 100644 index 41d50076e..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/Time.c +++ /dev/null @@ -1,276 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Introduction -// This file contains the functions relating to the TPM's time functions including -// the interface to the implementation-specific time functions. -// -//** Includes -#include "Tpm.h" -#include "PlatformData.h" - -//** Functions - -//*** TimePowerOn() -// This function initialize time info at _TPM_Init(). -// -// This function is called at _TPM_Init() so that the TPM time can start counting -// as soon as the TPM comes out of reset and doesn't have to wait until -// TPM2_Startup() in order to begin the new time epoch. This could be significant -// for systems that could get powered up but not run any TPM commands for some -// period of time. -// -void -TimePowerOn( - void - ) -{ - g_time = _plat__TimerRead(); -} - -//*** TimeNewEpoch() -// This function does the processing to generate a new time epoch nonce and -// set NV for update. This function is only called when NV is known to be available -// and the clock is running. The epoch is updated to persistent data. -static void -TimeNewEpoch( - void - ) -{ -#if CLOCK_STOPS - CryptRandomGenerate(sizeof(CLOCK_NONCE), (BYTE *)&g_timeEpoch); -#else - // if the epoch is kept in NV, update it. - gp.timeEpoch++; - NV_SYNC_PERSISTENT(timeEpoch); -#endif - // Clean out any lingering state - _plat__TimerWasStopped(); -} - -//*** TimeStartup() -// This function updates the resetCount and restartCount components of -// TPMS_CLOCK_INFO structure at TPM2_Startup(). -// -// This function will deal with the deferred creation of a new epoch. -// TimeUpdateToCurrent() will not start a new epoch even if one is due when -// TPM_Startup() has not been run. This is because the state of NV is not known -// until startup completes. When Startup is done, then it will create the epoch -// nonce to complete the initializations by calling this function. -BOOL -TimeStartup( - STARTUP_TYPE type // IN: start up type - ) -{ - NOT_REFERENCED(type); - // If the previous cycle is orderly shut down, the value of the safe bit - // the same as previously saved. Otherwise, it is not safe. - if(!NV_IS_ORDERLY) - go.clockSafe = NO; - return TRUE; -} - -//*** TimeClockUpdate() -// This function updates go.clock. If 'newTime' requires an update of NV, then -// NV is checked for availability. If it is not available or is rate limiting, then -// go.clock is not updated and the function returns an error. If 'newTime' would -// not cause an NV write, then go.clock is updated. If an NV write occurs, then -// go.safe is SET. -void -TimeClockUpdate( - UINT64 newTime // IN: New time value in mS. - ) -{ -#define CLOCK_UPDATE_MASK ((1ULL << NV_CLOCK_UPDATE_INTERVAL)- 1) - - // Check to see if the update will cause a need for an nvClock update - if((newTime | CLOCK_UPDATE_MASK) > (go.clock | CLOCK_UPDATE_MASK)) - { - pAssert(g_NvStatus == TPM_RC_SUCCESS); - - // Going to update the NV time state so SET the safe flag - go.clockSafe = YES; - - // update the time - go.clock = newTime; - - NvWrite(NV_ORDERLY_DATA, sizeof(go), &go); - } - else - // No NV update needed so just update - go.clock = newTime; - -} - -//*** TimeUpdate() -// This function is used to update the time and clock values. If the TPM -// has run TPM2_Startup(), this function is called at the start of each command. -// If the TPM has not run TPM2_Startup(), this is called from TPM2_Startup() to -// get the clock values initialized. It is not called on command entry because, in -// this implementation, the go structure is not read from NV until TPM2_Startup(). -// The reason for this is that the initialization code (_TPM_Init()) may run before -// NV is accessible. -void -TimeUpdate( - void - ) -{ - UINT64 elapsed; -// - // Make sure that we consume the current _plat__TimerWasStopped() state. - if(_plat__TimerWasStopped()) - { - TimeNewEpoch(); - } - // Get the difference between this call and the last time we updated the tick - // timer. - elapsed = _plat__TimerRead() - g_time; - // Don't read + - g_time += elapsed; - - // Don't need to check the result because it has to be success because have - // already checked that NV is available. - TimeClockUpdate(go.clock + elapsed); - - // Call self healing logic for dictionary attack parameters - DASelfHeal(); -} - -//*** TimeUpdateToCurrent() -// This function updates the 'Time' and 'Clock' in the global -// TPMS_TIME_INFO structure. -// -// In this implementation, 'Time' and 'Clock' are updated at the beginning -// of each command and the values are unchanged for the duration of the -// command. -// -// Because 'Clock' updates may require a write to NV memory, 'Time' and 'Clock' -// are not allowed to advance if NV is not available. When clock is not advancing, -// any function that uses 'Clock' will fail and return TPM_RC_NV_UNAVAILABLE or -// TPM_RC_NV_RATE. -// -// This implementation does not do rate limiting. If the implementation does do -// rate limiting, then the 'Clock' update should not be inhibited even when doing -// rate limiting. -void -TimeUpdateToCurrent( - void -) -{ - // Can't update time during the dark interval or when rate limiting so don't - // make any modifications to the internal clock value. Also, defer any clock - // processing until TPM has run TPM2_Startup() - if(!NV_IS_AVAILABLE || !TPMIsStarted()) - return; - - TimeUpdate(); -} - - -//*** TimeSetAdjustRate() -// This function is used to perform rate adjustment on 'Time' and 'Clock'. -void -TimeSetAdjustRate( - TPM_CLOCK_ADJUST adjust // IN: adjust constant - ) -{ - switch(adjust) - { - case TPM_CLOCK_COARSE_SLOWER: - _plat__ClockAdjustRate(CLOCK_ADJUST_COARSE); - break; - case TPM_CLOCK_COARSE_FASTER: - _plat__ClockAdjustRate(-CLOCK_ADJUST_COARSE); - break; - case TPM_CLOCK_MEDIUM_SLOWER: - _plat__ClockAdjustRate(CLOCK_ADJUST_MEDIUM); - break; - case TPM_CLOCK_MEDIUM_FASTER: - _plat__ClockAdjustRate(-CLOCK_ADJUST_MEDIUM); - break; - case TPM_CLOCK_FINE_SLOWER: - _plat__ClockAdjustRate(CLOCK_ADJUST_FINE); - break; - case TPM_CLOCK_FINE_FASTER: - _plat__ClockAdjustRate(-CLOCK_ADJUST_FINE); - break; - case TPM_CLOCK_NO_CHANGE: - break; - default: - FAIL(FATAL_ERROR_INTERNAL); - break; - } - - return; -} - -//*** TimeGetMarshaled() -// This function is used to access TPMS_TIME_INFO in canonical form. -// The function collects the time information and marshals it into 'dataBuffer' -// and returns the marshaled size -UINT16 -TimeGetMarshaled( - TIME_INFO *dataBuffer // OUT: result buffer - ) -{ - TPMS_TIME_INFO timeInfo; - - // Fill TPMS_TIME_INFO structure - timeInfo.time = g_time; - TimeFillInfo(&timeInfo.clockInfo); - - // Marshal TPMS_TIME_INFO to canonical form - return TPMS_TIME_INFO_Marshal(&timeInfo, (BYTE **)&dataBuffer, NULL); -} - -//*** TimeFillInfo -// This function gathers information to fill in a TPMS_CLOCK_INFO structure. -void -TimeFillInfo( - TPMS_CLOCK_INFO *clockInfo - ) -{ - clockInfo->clock = go.clock; - clockInfo->resetCount = gp.resetCount; - clockInfo->restartCount = gr.restartCount; - - // If NV is not available, clock stopped advancing and the value reported is - // not "safe". - if(NV_IS_AVAILABLE) - clockInfo->safe = go.clockSafe; - else - clockInfo->safe = NO; - - return; -} \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/AlgorithmCap.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/AlgorithmCap.c deleted file mode 100644 index f46648abe..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/AlgorithmCap.c +++ /dev/null @@ -1,234 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Description -// This file contains the algorithm property definitions for the algorithms and the -// code for the TPM2_GetCapability() to return the algorithm properties. - -//** Includes and Defines - -#include "Tpm.h" - -typedef struct -{ - TPM_ALG_ID algID; - TPMA_ALGORITHM attributes; -} ALGORITHM; - -static const ALGORITHM s_algorithms[] = -{ -// The entries in this table need to be in ascending order but the table doesn't -// need to be full (gaps are allowed). One day, a tool might exist to fill in the -// table from the TPM_ALG description -#if ALG_RSA - {TPM_ALG_RSA, TPMA_ALGORITHM_INITIALIZER(1, 0, 0, 1, 0, 0, 0, 0, 0)}, -#endif -#if ALG_TDES - {TPM_ALG_TDES, TPMA_ALGORITHM_INITIALIZER(0, 1, 0, 0, 0, 0, 0, 0, 0)}, -#endif -#if ALG_SHA1 - {TPM_ALG_SHA1, TPMA_ALGORITHM_INITIALIZER(0, 0, 1, 0, 0, 0, 0, 0, 0)}, -#endif - - {TPM_ALG_HMAC, TPMA_ALGORITHM_INITIALIZER(0, 0, 1, 0, 0, 1, 0, 0, 0)}, - -#if ALG_AES - {TPM_ALG_AES, TPMA_ALGORITHM_INITIALIZER(0, 1, 0, 0, 0, 0, 0, 0, 0)}, -#endif -#if ALG_MGF1 - {TPM_ALG_MGF1, TPMA_ALGORITHM_INITIALIZER(0, 0, 1, 0, 0, 0, 0, 1, 0)}, -#endif - - {TPM_ALG_KEYEDHASH, TPMA_ALGORITHM_INITIALIZER(0, 0, 1, 1, 0, 1, 1, 0, 0)}, - -#if ALG_XOR - {TPM_ALG_XOR, TPMA_ALGORITHM_INITIALIZER(0, 1, 1, 0, 0, 0, 0, 0, 0)}, -#endif - -#if ALG_SHA256 - {TPM_ALG_SHA256, TPMA_ALGORITHM_INITIALIZER(0, 0, 1, 0, 0, 0, 0, 0, 0)}, -#endif -#if ALG_SHA384 - {TPM_ALG_SHA384, TPMA_ALGORITHM_INITIALIZER(0, 0, 1, 0, 0, 0, 0, 0, 0)}, -#endif -#if ALG_SHA512 - {TPM_ALG_SHA512, TPMA_ALGORITHM_INITIALIZER(0, 0, 1, 0, 0, 0, 0, 0, 0)}, -#endif -#if ALG_SM3_256 - {TPM_ALG_SM3_256, TPMA_ALGORITHM_INITIALIZER(0, 0, 1, 0, 0, 0, 0, 0, 0)}, -#endif -#if ALG_SM4 - {TPM_ALG_SM4, TPMA_ALGORITHM_INITIALIZER(0, 1, 0, 0, 0, 0, 0, 0, 0)}, -#endif -#if ALG_RSASSA - {TPM_ALG_RSASSA, TPMA_ALGORITHM_INITIALIZER(1, 0, 0, 0, 0, 1, 0, 0, 0)}, -#endif -#if ALG_RSAES - {TPM_ALG_RSAES, TPMA_ALGORITHM_INITIALIZER(1, 0, 0, 0, 0, 0, 1, 0, 0)}, -#endif -#if ALG_RSAPSS - {TPM_ALG_RSAPSS, TPMA_ALGORITHM_INITIALIZER(1, 0, 0, 0, 0, 1, 0, 0, 0)}, -#endif -#if ALG_OAEP - {TPM_ALG_OAEP, TPMA_ALGORITHM_INITIALIZER(1, 0, 0, 0, 0, 0, 1, 0, 0)}, -#endif -#if ALG_ECDSA - {TPM_ALG_ECDSA, TPMA_ALGORITHM_INITIALIZER(1, 0, 0, 0, 0, 1, 0, 1, 0)}, -#endif -#if ALG_ECDH - {TPM_ALG_ECDH, TPMA_ALGORITHM_INITIALIZER(1, 0, 0, 0, 0, 0, 0, 1, 0)}, -#endif -#if ALG_ECDAA - {TPM_ALG_ECDAA, TPMA_ALGORITHM_INITIALIZER(1, 0, 0, 0, 0, 1, 0, 0, 0)}, -#endif -#if ALG_SM2 - {TPM_ALG_SM2, TPMA_ALGORITHM_INITIALIZER(1, 0, 0, 0, 0, 1, 0, 1, 0)}, -#endif -#if ALG_ECSCHNORR - {TPM_ALG_ECSCHNORR, TPMA_ALGORITHM_INITIALIZER(1, 0, 0, 0, 0, 1, 0, 0, 0)}, -#endif -#if ALG_ECMQV - {TPM_ALG_ECMQV, TPMA_ALGORITHM_INITIALIZER(1, 0, 0, 0, 0, 0, 0, 1, 0)}, -#endif -#if ALG_KDF1_SP800_56A - {TPM_ALG_KDF1_SP800_56A, TPMA_ALGORITHM_INITIALIZER(0, 0, 1, 0, 0, 0, 0, 1, 0)}, -#endif -#if ALG_KDF2 - {TPM_ALG_KDF2, TPMA_ALGORITHM_INITIALIZER(0, 0, 1, 0, 0, 0, 0, 1, 0)}, -#endif -#if ALG_KDF1_SP800_108 - {TPM_ALG_KDF1_SP800_108, TPMA_ALGORITHM_INITIALIZER(0, 0, 1, 0, 0, 0, 0, 1, 0)}, -#endif -#if ALG_ECC - {TPM_ALG_ECC, TPMA_ALGORITHM_INITIALIZER(1, 0, 0, 1, 0, 0, 0, 0, 0)}, -#endif - - {TPM_ALG_SYMCIPHER, TPMA_ALGORITHM_INITIALIZER(0, 0, 0, 1, 0, 0, 0, 0, 0)}, - -#if ALG_CAMELLIA - {TPM_ALG_CAMELLIA, TPMA_ALGORITHM_INITIALIZER(0, 1, 0, 0, 0, 0, 0, 0, 0)}, -#endif -#if ALG_CMAC - {TPM_ALG_CMAC, TPMA_ALGORITHM_INITIALIZER(0, 1, 0, 0, 0, 1, 0, 0, 0)}, -#endif -#if ALG_CTR - {TPM_ALG_CTR, TPMA_ALGORITHM_INITIALIZER(0, 1, 0, 0, 0, 0, 1, 0, 0)}, -#endif -#if ALG_OFB - {TPM_ALG_OFB, TPMA_ALGORITHM_INITIALIZER(0, 1, 0, 0, 0, 0, 1, 0, 0)}, -#endif -#if ALG_CBC - {TPM_ALG_CBC, TPMA_ALGORITHM_INITIALIZER(0, 1, 0, 0, 0, 0, 1, 0, 0)}, -#endif -#if ALG_CFB - {TPM_ALG_CFB, TPMA_ALGORITHM_INITIALIZER(0, 1, 0, 0, 0, 0, 1, 0, 0)}, -#endif -#if ALG_ECB - {TPM_ALG_ECB, TPMA_ALGORITHM_INITIALIZER(0, 1, 0, 0, 0, 0, 1, 0, 0)}, -#endif -}; - -//** AlgorithmCapGetImplemented() -// This function is used by TPM2_GetCapability() to return a list of the -// implemented algorithms. -// Return Type: TPMI_YES_NO -// YES more algorithms to report -// NO no more algorithms to report -TPMI_YES_NO -AlgorithmCapGetImplemented( - TPM_ALG_ID algID, // IN: the starting algorithm ID - UINT32 count, // IN: count of returned algorithms - TPML_ALG_PROPERTY *algList // OUT: algorithm list - ) -{ - TPMI_YES_NO more = NO; - UINT32 i; - UINT32 algNum; - - // initialize output algorithm list - algList->count = 0; - - // The maximum count of algorithms we may return is MAX_CAP_ALGS. - if(count > MAX_CAP_ALGS) - count = MAX_CAP_ALGS; - - // Compute how many algorithms are defined in s_algorithms array. - algNum = sizeof(s_algorithms) / sizeof(s_algorithms[0]); - - // Scan the implemented algorithm list to see if there is a match to 'algID'. - for(i = 0; i < algNum; i++) - { - // If algID is less than the starting algorithm ID, skip it - if(s_algorithms[i].algID < algID) - continue; - if(algList->count < count) - { - // If we have not filled up the return list, add more algorithms - // to it - algList->algProperties[algList->count].alg = s_algorithms[i].algID; - algList->algProperties[algList->count].algProperties = - s_algorithms[i].attributes; - algList->count++; - } - else - { - // If the return list is full but we still have algorithms - // available, report this and stop scanning. - more = YES; - break; - } - } - - return more; -} - -//** AlgorithmGetImplementedVector() -// This function returns the bit vector of the implemented algorithms. -LIB_EXPORT -void -AlgorithmGetImplementedVector( - ALGORITHM_VECTOR *implemented // OUT: the implemented bits are SET - ) -{ - int index; - - // Nothing implemented until we say it is - MemorySet(implemented, 0, sizeof(ALGORITHM_VECTOR)); - - for(index = (sizeof(s_algorithms) / sizeof(s_algorithms[0])) - 1; - index >= 0; - index--) - SET_BIT(s_algorithms[index].algID, *implemented); - return; -} \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Bits.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Bits.c deleted file mode 100644 index 4670cc524..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Bits.c +++ /dev/null @@ -1,92 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Introduction -// This file contains bit manipulation routines. They operate on bit arrays. -// -// The 0th bit in the array is the right-most bit in the 0th octet in -// the array. -// -// NOTE: If pAssert() is defined, the functions will assert if the indicated bit -// number is outside of the range of 'bArray'. How the assert is handled is -// implementation dependent. - -//** Includes - -#include "Tpm.h" - -//** Functions - -//*** TestBit() -// This function is used to check the setting of a bit in an array of bits. -// Return Type: BOOL -// TRUE(1) bit is set -// FALSE(0) bit is not set -BOOL -TestBit( - unsigned int bitNum, // IN: number of the bit in 'bArray' - BYTE *bArray, // IN: array containing the bits - unsigned int bytesInArray // IN: size in bytes of 'bArray' - ) -{ - pAssert(bytesInArray > (bitNum >> 3)); - return((bArray[bitNum >> 3] & (1 << (bitNum & 7))) != 0); -} - -//*** SetBit() -// This function will set the indicated bit in 'bArray'. -void -SetBit( - unsigned int bitNum, // IN: number of the bit in 'bArray' - BYTE *bArray, // IN: array containing the bits - unsigned int bytesInArray // IN: size in bytes of 'bArray' - ) -{ - pAssert(bytesInArray > (bitNum >> 3)); - bArray[bitNum >> 3] |= (1 << (bitNum & 7)); -} - -//*** ClearBit() -// This function will clear the indicated bit in 'bArray'. -void -ClearBit( - unsigned int bitNum, // IN: number of the bit in 'bArray'. - BYTE *bArray, // IN: array containing the bits - unsigned int bytesInArray // IN: size in bytes of 'bArray' - ) -{ - pAssert(bytesInArray > (bitNum >> 3)); - bArray[bitNum >> 3] &= ~(1 << (bitNum & 7)); -} - diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/CommandCodeAttributes.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/CommandCodeAttributes.c deleted file mode 100644 index 81284428a..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/CommandCodeAttributes.c +++ /dev/null @@ -1,553 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Introduction -// This file contains the functions for testing various command properties. - -//** Includes and Defines - -#include "Tpm.h" -#include "CommandCodeAttributes_fp.h" - -// Set the default value for CC_VEND if not already set -#ifndef CC_VEND -#define CC_VEND (TPM_CC)(0x20000000) -#endif - -typedef UINT16 ATTRIBUTE_TYPE; - -// The following file is produced from the command tables in part 3 of the -// specification. It defines the attributes for each of the commands. -// NOTE: This file is currently produced by an automated process. Files -// produced from Part 2 or Part 3 tables through automated processes are not -// included in the specification so that their is no ambiguity about the -// table containing the information being the normative definition. -#define _COMMAND_CODE_ATTRIBUTES_ -#include "CommandAttributeData.h" - -//** Command Attribute Functions - -//*** NextImplementedIndex() -// This function is used when the lists are not compressed. In a compressed list, -// only the implemented commands are present. So, a search might find a value -// but that value may not be implemented. This function checks to see if the input -// commandIndex points to an implemented command and, if not, it searches upwards -// until it finds one. When the list is compressed, this function gets defined -// as a no-op. -// Return Type: COMMAND_INDEX -// UNIMPLEMENTED_COMMAND_INDEX command is not implemented -// other index of the command -#if !COMPRESSED_LISTS -static COMMAND_INDEX -NextImplementedIndex( - COMMAND_INDEX commandIndex - ) -{ - for(;commandIndex < COMMAND_COUNT; commandIndex++) - { - if(s_commandAttributes[commandIndex] & IS_IMPLEMENTED) - return commandIndex; - } - return UNIMPLEMENTED_COMMAND_INDEX; -} -#else -#define NextImplementedIndex(x) (x) -#endif - -//*** GetClosestCommandIndex() -// This function returns the command index for the command with a value that is -// equal to or greater than the input value -// Return Type: COMMAND_INDEX -// UNIMPLEMENTED_COMMAND_INDEX command is not implemented -// other index of a command -COMMAND_INDEX -GetClosestCommandIndex( - TPM_CC commandCode // IN: the command code to start at - ) -{ - BOOL vendor = (commandCode & CC_VEND) != 0; - COMMAND_INDEX searchIndex = (COMMAND_INDEX)commandCode; - - // The commandCode is a UINT32 and the search index is UINT16. We are going to - // search for a match but need to make sure that the commandCode value is not - // out of range. To do this, need to clear the vendor bit of the commandCode - // (if set) and compare the result to the 16-bit searchIndex value. If it is - // out of range, indicate that the command is not implemented - if((commandCode & ~CC_VEND) != searchIndex) - return UNIMPLEMENTED_COMMAND_INDEX; - - // if there is at least one vendor command, the last entry in the array will - // have the v bit set. If the input commandCode is larger than the last - // vendor-command, then it is out of range. - if(vendor) - { -#if VENDOR_COMMAND_ARRAY_SIZE > 0 - COMMAND_INDEX commandIndex; - COMMAND_INDEX min; - COMMAND_INDEX max; - int diff; -#if LIBRARY_COMMAND_ARRAY_SIZE == COMMAND_COUNT -#error "Constants are not consistent." -#endif - // Check to see if the value is equal to or below the minimum - // entry. - // Note: Put this check first so that the typical case of only one vendor- - // specific command doesn't waste any more time. - if(GET_ATTRIBUTE(s_ccAttr[LIBRARY_COMMAND_ARRAY_SIZE], TPMA_CC, - commandIndex) >= searchIndex) - { - // the vendor array is always assumed to be packed so there is - // no need to check to see if the command is implemented - return LIBRARY_COMMAND_ARRAY_SIZE; - } - // See if this is out of range on the top - if(GET_ATTRIBUTE(s_ccAttr[COMMAND_COUNT - 1], TPMA_CC, commandIndex) - < searchIndex) - { - return UNIMPLEMENTED_COMMAND_INDEX; - } - commandIndex = UNIMPLEMENTED_COMMAND_INDEX; // Needs initialization to keep - // compiler happy - min = LIBRARY_COMMAND_ARRAY_SIZE; // first vendor command - max = COMMAND_COUNT - 1; // last vendor command - diff = 1; // needs initialization to keep - // compiler happy - while(min <= max) - { - commandIndex = (min + max + 1) / 2; - diff = GET_ATTRIBUTE(s_ccAttr[commandIndex], TPMA_CC, commandIndex) - - searchIndex; - if(diff == 0) - return commandIndex; - if(diff > 0) - max = commandIndex - 1; - else - min = commandIndex + 1; - } - // didn't find and exact match. commandIndex will be pointing at the last - // item tested. If 'diff' is positive, then the last item tested was - // larger index of the command code so it is the smallest value - // larger than the requested value. - if(diff > 0) - return commandIndex; - // if 'diff' is negative, then the value tested was smaller than - // the commandCode index and the next higher value is the correct one. - // Note: this will necessarily be in range because of the earlier check - // that the index was within range. - return commandIndex + 1; -#else - // If there are no vendor commands so anything with the vendor bit set is out - // of range - return UNIMPLEMENTED_COMMAND_INDEX; -#endif - } - // Get here if the V-Bit was not set in 'commandCode' - - if(GET_ATTRIBUTE(s_ccAttr[LIBRARY_COMMAND_ARRAY_SIZE - 1], TPMA_CC, - commandIndex) < searchIndex) - { - // requested index is out of the range to the top -#if VENDOR_COMMAND_ARRAY_SIZE > 0 - // If there are vendor commands, then the first vendor command - // is the next value greater than the commandCode. - // NOTE: we got here if the starting index did not have the V bit but we - // reached the end of the array of library commands (non-vendor). Since - // there is at least one vendor command, and vendor commands are always - // in a compressed list that starts after the library list, the next - // index value contains a valid vendor command. - return LIBRARY_COMMAND_ARRAY_SIZE; -#else - // if there are no vendor commands, then this is out of range - return UNIMPLEMENTED_COMMAND_INDEX; -#endif - } - // If the request is lower than any value in the array, then return - // the lowest value (needs to be an index for an implemented command - if(GET_ATTRIBUTE(s_ccAttr[0], TPMA_CC, commandIndex) >= searchIndex) - { - return NextImplementedIndex(0); - } - else - { -#if COMPRESSED_LISTS - COMMAND_INDEX commandIndex = UNIMPLEMENTED_COMMAND_INDEX; - COMMAND_INDEX min = 0; - COMMAND_INDEX max = LIBRARY_COMMAND_ARRAY_SIZE - 1; - int diff = 1; -#if LIBRARY_COMMAND_ARRAY_SIZE == 0 -#error "Something is terribly wrong" -#endif - // The s_ccAttr array contains an extra entry at the end (a zero value). - // Don't count this as an array entry. This means that max should start - // out pointing to the last valid entry in the array which is - 2 - pAssert(max == (sizeof(s_ccAttr) / sizeof(TPMA_CC) - - VENDOR_COMMAND_ARRAY_SIZE - 2)); - while(min <= max) - { - commandIndex = (min + max + 1) / 2; - diff = GET_ATTRIBUTE(s_ccAttr[commandIndex], TPMA_CC, - commandIndex) - searchIndex; - if(diff == 0) - return commandIndex; - if(diff > 0) - max = commandIndex - 1; - else - min = commandIndex + 1; - } - // didn't find and exact match. commandIndex will be pointing at the - // last item tested. If diff is positive, then the last item tested was - // larger index of the command code so it is the smallest value - // larger than the requested value. - if(diff > 0) - return commandIndex; - // if diff is negative, then the value tested was smaller than - // the commandCode index and the next higher value is the correct one. - // Note: this will necessarily be in range because of the earlier check - // that the index was within range. - return commandIndex + 1; -#else - // The list is not compressed so offset into the array by the command - // code value of the first entry in the list. Then go find the first - // implemented command. - return NextImplementedIndex(searchIndex - - (COMMAND_INDEX)s_ccAttr[0].commandIndex); -#endif - } -} - -//*** CommandCodeToComandIndex() -// This function returns the index in the various attributes arrays of the -// command. -// Return Type: COMMAND_INDEX -// UNIMPLEMENTED_COMMAND_INDEX command is not implemented -// other index of the command -COMMAND_INDEX -CommandCodeToCommandIndex( - TPM_CC commandCode // IN: the command code to look up - ) -{ - // Extract the low 16-bits of the command code to get the starting search index - COMMAND_INDEX searchIndex = (COMMAND_INDEX)commandCode; - BOOL vendor = (commandCode & CC_VEND) != 0; - COMMAND_INDEX commandIndex; -#if !COMPRESSED_LISTS - if(!vendor) - { - commandIndex = searchIndex - (COMMAND_INDEX)s_ccAttr[0].commandIndex; - // Check for out of range or unimplemented. - // Note, since a COMMAND_INDEX is unsigned, if searchIndex is smaller than - // the lowest value of command, it will become a 'negative' number making - // it look like a large unsigned number, this will cause it to fail - // the unsigned check below. - if(commandIndex >= LIBRARY_COMMAND_ARRAY_SIZE - || (s_commandAttributes[commandIndex] & IS_IMPLEMENTED) == 0) - return UNIMPLEMENTED_COMMAND_INDEX; - return commandIndex; - } -#endif - // Need this code for any vendor code lookup or for compressed lists - commandIndex = GetClosestCommandIndex(commandCode); - - // Look at the returned value from get closest. If it isn't the one that was - // requested, then the command is not implemented. - if(commandIndex != UNIMPLEMENTED_COMMAND_INDEX) - { - if((GET_ATTRIBUTE(s_ccAttr[commandIndex], TPMA_CC, commandIndex) - != searchIndex) - || (IS_ATTRIBUTE(s_ccAttr[commandIndex], TPMA_CC, V)) != vendor) - commandIndex = UNIMPLEMENTED_COMMAND_INDEX; - } - return commandIndex; -} - -//*** GetNextCommandIndex() -// This function returns the index of the next implemented command. -// Return Type: COMMAND_INDEX -// UNIMPLEMENTED_COMMAND_INDEX no more implemented commands -// other the index of the next implemented command -COMMAND_INDEX -GetNextCommandIndex( - COMMAND_INDEX commandIndex // IN: the starting index - ) -{ - while(++commandIndex < COMMAND_COUNT) - { -#if !COMPRESSED_LISTS - if(s_commandAttributes[commandIndex] & IS_IMPLEMENTED) -#endif - return commandIndex; - } - return UNIMPLEMENTED_COMMAND_INDEX; -} - -//*** GetCommandCode() -// This function returns the commandCode associated with the command index -TPM_CC -GetCommandCode( - COMMAND_INDEX commandIndex // IN: the command index - ) -{ - TPM_CC commandCode = GET_ATTRIBUTE(s_ccAttr[commandIndex], - TPMA_CC, commandIndex); - if(IS_ATTRIBUTE(s_ccAttr[commandIndex], TPMA_CC, V)) - commandCode += CC_VEND; - return commandCode; -} - -//*** CommandAuthRole() -// -// This function returns the authorization role required of a handle. -// -// Return Type: AUTH_ROLE -// AUTH_NONE no authorization is required -// AUTH_USER user role authorization is required -// AUTH_ADMIN admin role authorization is required -// AUTH_DUP duplication role authorization is required -AUTH_ROLE -CommandAuthRole( - COMMAND_INDEX commandIndex, // IN: command index - UINT32 handleIndex // IN: handle index (zero based) - ) -{ - if(0 == handleIndex) - { - // Any authorization role set? - COMMAND_ATTRIBUTES properties = s_commandAttributes[commandIndex]; - - if(properties & HANDLE_1_USER) - return AUTH_USER; - if(properties & HANDLE_1_ADMIN) - return AUTH_ADMIN; - if(properties & HANDLE_1_DUP) - return AUTH_DUP; - } - else if(1 == handleIndex) - { - if(s_commandAttributes[commandIndex] & HANDLE_2_USER) - return AUTH_USER; - } - return AUTH_NONE; -} - -//*** EncryptSize() -// This function returns the size of the decrypt size field. This function returns -// 0 if encryption is not allowed -// Return Type: int -// 0 encryption not allowed -// 2 size field is two bytes -// 4 size field is four bytes -int -EncryptSize( - COMMAND_INDEX commandIndex // IN: command index - ) -{ - return ((s_commandAttributes[commandIndex] & ENCRYPT_2) ? 2 : - (s_commandAttributes[commandIndex] & ENCRYPT_4) ? 4 : 0); -} - -//*** DecryptSize() -// This function returns the size of the decrypt size field. This function returns -// 0 if decryption is not allowed -// Return Type: int -// 0 encryption not allowed -// 2 size field is two bytes -// 4 size field is four bytes -int -DecryptSize( - COMMAND_INDEX commandIndex // IN: command index - ) -{ - return ((s_commandAttributes[commandIndex] & DECRYPT_2) ? 2 : - (s_commandAttributes[commandIndex] & DECRYPT_4) ? 4 : 0); -} - -//*** IsSessionAllowed() -// -// This function indicates if the command is allowed to have sessions. -// -// This function must not be called if the command is not known to be implemented. -// -// Return Type: BOOL -// TRUE(1) session is allowed with this command -// FALSE(0) session is not allowed with this command -BOOL -IsSessionAllowed( - COMMAND_INDEX commandIndex // IN: the command to be checked - ) -{ - return ((s_commandAttributes[commandIndex] & NO_SESSIONS) == 0); -} - -//*** IsHandleInResponse() -// This function determines if a command has a handle in the response -BOOL -IsHandleInResponse( - COMMAND_INDEX commandIndex - ) -{ - return ((s_commandAttributes[commandIndex] & R_HANDLE) != 0); -} - -//*** IsWriteOperation() -// Checks to see if an operation will write to an NV Index and is subject to being -// blocked by read-lock -BOOL -IsWriteOperation( - COMMAND_INDEX commandIndex // IN: Command to check - ) -{ -#ifdef WRITE_LOCK - return ((s_commandAttributes[commandIndex] & WRITE_LOCK) != 0); -#else - if(!IS_ATTRIBUTE(s_ccAttr[commandIndex], TPMA_CC, V)) - { - switch(GET_ATTRIBUTE(s_ccAttr[commandIndex], TPMA_CC, commandIndex)) - { - case TPM_CC_NV_Write: -#if CC_NV_Increment - case TPM_CC_NV_Increment: -#endif -#if CC_NV_SetBits - case TPM_CC_NV_SetBits: -#endif -#if CC_NV_Extend - case TPM_CC_NV_Extend: -#endif -#if CC_AC_Send - case TPM_CC_AC_Send: -#endif - // NV write lock counts as a write operation for authorization purposes. - // We check to see if the NV is write locked before we do the - // authorization. If it is locked, we fail the command early. - case TPM_CC_NV_WriteLock: - return TRUE; - default: - break; - } - } - return FALSE; -#endif -} - -//*** IsReadOperation() -// Checks to see if an operation will write to an NV Index and is -// subject to being blocked by write-lock. -BOOL -IsReadOperation( - COMMAND_INDEX commandIndex // IN: Command to check - ) -{ -#ifdef READ_LOCK - return ((s_commandAttributes[commandIndex] & READ_LOCK) != 0); -#else - - if(!IS_ATTRIBUTE(s_ccAttr[commandIndex], TPMA_CC, V)) - { - switch(GET_ATTRIBUTE(s_ccAttr[commandIndex], TPMA_CC, commandIndex)) - { - case TPM_CC_NV_Read: - case TPM_CC_PolicyNV: - case TPM_CC_NV_Certify: - // NV read lock counts as a read operation for authorization purposes. - // We check to see if the NV is read locked before we do the - // authorization. If it is locked, we fail the command early. - case TPM_CC_NV_ReadLock: - return TRUE; - default: - break; - } - } - return FALSE; -#endif -} - -//*** CommandCapGetCCList() -// This function returns a list of implemented commands and command attributes -// starting from the command in 'commandCode'. -// Return Type: TPMI_YES_NO -// YES more command attributes are available -// NO no more command attributes are available -TPMI_YES_NO -CommandCapGetCCList( - TPM_CC commandCode, // IN: start command code - UINT32 count, // IN: maximum count for number of entries in - // 'commandList' - TPML_CCA *commandList // OUT: list of TPMA_CC - ) -{ - TPMI_YES_NO more = NO; - COMMAND_INDEX commandIndex; - - // initialize output handle list count - commandList->count = 0; - - for(commandIndex = GetClosestCommandIndex(commandCode); - commandIndex != UNIMPLEMENTED_COMMAND_INDEX; - commandIndex = GetNextCommandIndex(commandIndex)) - { -#if !COMPRESSED_LISTS - // this check isn't needed for compressed lists. - if(!(s_commandAttributes[commandIndex] & IS_IMPLEMENTED)) - continue; -#endif - if(commandList->count < count) - { - // If the list is not full, add the attributes for this command. - commandList->commandAttributes[commandList->count] - = s_ccAttr[commandIndex]; - commandList->count++; - } - else - { - // If the list is full but there are more commands to report, - // indicate this and return. - more = YES; - break; - } - } - return more; -} - -//*** IsVendorCommand() -// Function indicates if a command index references a vendor command. -// Return Type: BOOL -// TRUE(1) command is a vendor command -// FALSE(0) command is not a vendor command -BOOL -IsVendorCommand( - COMMAND_INDEX commandIndex // IN: command index to check - ) -{ - return (IS_ATTRIBUTE(s_ccAttr[commandIndex], TPMA_CC, V)); -} diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Entity.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Entity.c deleted file mode 100644 index 246a3a784..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Entity.c +++ /dev/null @@ -1,478 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Description -// The functions in this file are used for accessing properties for handles of -// various types. Functions in other files require handles of a specific -// type but the functions in this file allow use of any handle type. - -//** Includes - -#include "Tpm.h" - -//** Functions -//*** EntityGetLoadStatus() -// This function will check that all the handles access loaded entities. -// Return Type: TPM_RC -// TPM_RC_HANDLE handle type does not match -// TPM_RC_REFERENCE_Hx entity is not present -// TPM_RC_HIERARCHY entity belongs to a disabled hierarchy -// TPM_RC_OBJECT_MEMORY handle is an evict object but there is no -// space to load it to RAM -TPM_RC -EntityGetLoadStatus( - COMMAND *command // IN/OUT: command parsing structure - ) -{ - UINT32 i; - TPM_RC result = TPM_RC_SUCCESS; -// - for(i = 0; i < command->handleNum; i++) - { - TPM_HANDLE handle = command->handles[i]; - switch(HandleGetType(handle)) - { - // For handles associated with hierarchies, the entity is present - // only if the associated enable is SET. - case TPM_HT_PERMANENT: - switch(handle) - { - case TPM_RH_OWNER: - if(!gc.shEnable) - result = TPM_RC_HIERARCHY; - break; - -#ifdef VENDOR_PERMANENT - case VENDOR_PERMANENT: -#endif - case TPM_RH_ENDORSEMENT: - if(!gc.ehEnable) - result = TPM_RC_HIERARCHY; - break; - case TPM_RH_PLATFORM: - if(!g_phEnable) - result = TPM_RC_HIERARCHY; - break; - // null handle, PW session handle and lockout - // handle are always available - case TPM_RH_NULL: - case TPM_RS_PW: - // Need to be careful for lockout. Lockout is always available - // for policy checks but not always available when authValue - // is being checked. - case TPM_RH_LOCKOUT: - break; - default: - // handling of the manufacture_specific handles - if(((TPM_RH)handle >= TPM_RH_AUTH_00) - && ((TPM_RH)handle <= TPM_RH_AUTH_FF)) - // use the value that would have been returned from - // unmarshaling if it did the handle filtering - result = TPM_RC_VALUE; - else - FAIL(FATAL_ERROR_INTERNAL); - break; - } - break; - case TPM_HT_TRANSIENT: - // For a transient object, check if the handle is associated - // with a loaded object. - if(!IsObjectPresent(handle)) - result = TPM_RC_REFERENCE_H0; - break; - case TPM_HT_PERSISTENT: - // Persistent object - // Copy the persistent object to RAM and replace the handle with the - // handle of the assigned slot. A TPM_RC_OBJECT_MEMORY, - // TPM_RC_HIERARCHY or TPM_RC_REFERENCE_H0 error may be returned by - // ObjectLoadEvict() - result = ObjectLoadEvict(&command->handles[i], command->index); - break; - case TPM_HT_HMAC_SESSION: - // For an HMAC session, see if the session is loaded - // and if the session in the session slot is actually - // an HMAC session. - if(SessionIsLoaded(handle)) - { - SESSION *session; - session = SessionGet(handle); - // Check if the session is a HMAC session - if(session->attributes.isPolicy == SET) - result = TPM_RC_HANDLE; - } - else - result = TPM_RC_REFERENCE_H0; - break; - case TPM_HT_POLICY_SESSION: - // For a policy session, see if the session is loaded - // and if the session in the session slot is actually - // a policy session. - if(SessionIsLoaded(handle)) - { - SESSION *session; - session = SessionGet(handle); - // Check if the session is a policy session - if(session->attributes.isPolicy == CLEAR) - result = TPM_RC_HANDLE; - } - else - result = TPM_RC_REFERENCE_H0; - break; - case TPM_HT_NV_INDEX: - // For an NV Index, use the TPM-specific routine - // to search the IN Index space. - result = NvIndexIsAccessible(handle); - break; - case TPM_HT_PCR: - // Any PCR handle that is unmarshaled successfully referenced - // a PCR that is defined. - break; -#if CC_AC_Send - case TPM_HT_AC: - // Use the TPM-specific routine to search for the AC - result = AcIsAccessible(handle); - break; -#endif - default: - // Any other handle type is a defect in the unmarshaling code. - FAIL(FATAL_ERROR_INTERNAL); - break; - } - if(result != TPM_RC_SUCCESS) - { - if(result == TPM_RC_REFERENCE_H0) - result = result + i; - else - result = RcSafeAddToResult(result, TPM_RC_H + g_rcIndex[i]); - break; - } - } - return result; -} - -//*** EntityGetAuthValue() -// This function is used to access the 'authValue' associated with a handle. -// This function assumes that the handle references an entity that is accessible -// and the handle is not for a persistent objects. That is EntityGetLoadStatus() -// should have been called. Also, the accessibility of the authValue should have -// been verified by IsAuthValueAvailable(). -// -// This function copies the authorization value of the entity to 'auth'. -// Return Type: UINT16 -// count number of bytes in the authValue with 0's stripped -UINT16 -EntityGetAuthValue( - TPMI_DH_ENTITY handle, // IN: handle of entity - TPM2B_AUTH *auth // OUT: authValue of the entity - ) -{ - TPM2B_AUTH *pAuth = NULL; - - auth->t.size = 0; - - switch(HandleGetType(handle)) - { - case TPM_HT_PERMANENT: - { - switch(handle) - { - case TPM_RH_OWNER: - // ownerAuth for TPM_RH_OWNER - pAuth = &gp.ownerAuth; - break; - case TPM_RH_ENDORSEMENT: - // endorsementAuth for TPM_RH_ENDORSEMENT - pAuth = &gp.endorsementAuth; - break; - case TPM_RH_PLATFORM: - // platformAuth for TPM_RH_PLATFORM - pAuth = &gc.platformAuth; - break; - case TPM_RH_LOCKOUT: - // lockoutAuth for TPM_RH_LOCKOUT - pAuth = &gp.lockoutAuth; - break; - case TPM_RH_NULL: - // nullAuth for TPM_RH_NULL. Return 0 directly here - return 0; - break; -#ifdef VENDOR_PERMANENT - case VENDOR_PERMANENT: - // vendor authorization value - pAauth = &g_platformUniqueDetails; -#endif - default: - // If any other permanent handle is present it is - // a code defect. - FAIL(FATAL_ERROR_INTERNAL); - break; - } - break; - } - case TPM_HT_TRANSIENT: - // authValue for an object - // A persistent object would have been copied into RAM - // and would have an transient object handle here. - { - OBJECT *object; - - object = HandleToObject(handle); - // special handling if this is a sequence object - if(ObjectIsSequence(object)) - { - pAuth = &((HASH_OBJECT *)object)->auth; - } - else - { - // Authorization is available only when the private portion of - // the object is loaded. The check should be made before - // this function is called - pAssert(object->attributes.publicOnly == CLEAR); - pAuth = &object->sensitive.authValue; - } - } - break; - case TPM_HT_NV_INDEX: - // authValue for an NV index - { - NV_INDEX *nvIndex = NvGetIndexInfo(handle, NULL); - pAssert(nvIndex != NULL); - pAuth = &nvIndex->authValue; - } - break; - case TPM_HT_PCR: - // authValue for PCR - pAuth = PCRGetAuthValue(handle); - break; - default: - // If any other handle type is present here, then there is a defect - // in the unmarshaling code. - FAIL(FATAL_ERROR_INTERNAL); - break; - } - // Copy the authValue - MemoryCopy2B(&auth->b, &pAuth->b, sizeof(auth->t.buffer)); - MemoryRemoveTrailingZeros(auth); - return auth->t.size; -} - -//*** EntityGetAuthPolicy() -// This function is used to access the 'authPolicy' associated with a handle. -// This function assumes that the handle references an entity that is accessible -// and the handle is not for a persistent objects. That is EntityGetLoadStatus() -// should have been called. Also, the accessibility of the authPolicy should have -// been verified by IsAuthPolicyAvailable(). -// -// This function copies the authorization policy of the entity to 'authPolicy'. -// -// The return value is the hash algorithm for the policy. -TPMI_ALG_HASH -EntityGetAuthPolicy( - TPMI_DH_ENTITY handle, // IN: handle of entity - TPM2B_DIGEST *authPolicy // OUT: authPolicy of the entity - ) -{ - TPMI_ALG_HASH hashAlg = TPM_ALG_NULL; - authPolicy->t.size = 0; - - switch(HandleGetType(handle)) - { - case TPM_HT_PERMANENT: - switch(handle) - { - case TPM_RH_OWNER: - // ownerPolicy for TPM_RH_OWNER - *authPolicy = gp.ownerPolicy; - hashAlg = gp.ownerAlg; - break; - case TPM_RH_ENDORSEMENT: - // endorsementPolicy for TPM_RH_ENDORSEMENT - *authPolicy = gp.endorsementPolicy; - hashAlg = gp.endorsementAlg; - break; - case TPM_RH_PLATFORM: - // platformPolicy for TPM_RH_PLATFORM - *authPolicy = gc.platformPolicy; - hashAlg = gc.platformAlg; - break; - case TPM_RH_LOCKOUT: - // lockoutPolicy for TPM_RH_LOCKOUT - *authPolicy = gp.lockoutPolicy; - hashAlg = gp.lockoutAlg; - break; - default: - return TPM_ALG_ERROR; - break; - } - break; - case TPM_HT_TRANSIENT: - // authPolicy for an object - { - OBJECT *object = HandleToObject(handle); - *authPolicy = object->publicArea.authPolicy; - hashAlg = object->publicArea.nameAlg; - } - break; - case TPM_HT_NV_INDEX: - // authPolicy for a NV index - { - NV_INDEX *nvIndex = NvGetIndexInfo(handle, NULL); - pAssert(nvIndex != 0); - *authPolicy = nvIndex->publicArea.authPolicy; - hashAlg = nvIndex->publicArea.nameAlg; - } - break; - case TPM_HT_PCR: - // authPolicy for a PCR - hashAlg = PCRGetAuthPolicy(handle, authPolicy); - break; - default: - // If any other handle type is present it is a code defect. - FAIL(FATAL_ERROR_INTERNAL); - break; - } - return hashAlg; -} - -//*** EntityGetName() -// This function returns the Name associated with a handle. -TPM2B_NAME * -EntityGetName( - TPMI_DH_ENTITY handle, // IN: handle of entity - TPM2B_NAME *name // OUT: name of entity - ) -{ - switch(HandleGetType(handle)) - { - case TPM_HT_TRANSIENT: - { - // Name for an object - OBJECT *object = HandleToObject(handle); - // an object with no nameAlg has no name - if(object->publicArea.nameAlg == TPM_ALG_NULL) - name->b.size = 0; - else - *name = object->name; - break; - } - case TPM_HT_NV_INDEX: - // Name for a NV index - NvGetNameByIndexHandle(handle, name); - break; - default: - // For all other types, the handle is the Name - name->t.size = sizeof(TPM_HANDLE); - UINT32_TO_BYTE_ARRAY(handle, name->t.name); - break; - } - return name; -} - -//*** EntityGetHierarchy() -// This function returns the hierarchy handle associated with an entity. -// 1. A handle that is a hierarchy handle is associated with itself. -// 2. An NV index belongs to TPM_RH_PLATFORM if TPMA_NV_PLATFORMCREATE, -// is SET, otherwise it belongs to TPM_RH_OWNER -// 3. An object handle belongs to its hierarchy. -TPMI_RH_HIERARCHY -EntityGetHierarchy( - TPMI_DH_ENTITY handle // IN :handle of entity - ) -{ - TPMI_RH_HIERARCHY hierarchy = TPM_RH_NULL; - - switch(HandleGetType(handle)) - { - case TPM_HT_PERMANENT: - // hierarchy for a permanent handle - switch(handle) - { - case TPM_RH_PLATFORM: - case TPM_RH_ENDORSEMENT: - case TPM_RH_NULL: - hierarchy = handle; - break; - // all other permanent handles are associated with the owner - // hierarchy. (should only be TPM_RH_OWNER and TPM_RH_LOCKOUT) - default: - hierarchy = TPM_RH_OWNER; - break; - } - break; - case TPM_HT_NV_INDEX: - // hierarchy for NV index - { - NV_INDEX *nvIndex = NvGetIndexInfo(handle, NULL); - pAssert(nvIndex != NULL); - - // If only the platform can delete the index, then it is - // considered to be in the platform hierarchy, otherwise it - // is in the owner hierarchy. - if(IS_ATTRIBUTE(nvIndex->publicArea.attributes, TPMA_NV, - PLATFORMCREATE)) - hierarchy = TPM_RH_PLATFORM; - else - hierarchy = TPM_RH_OWNER; - } - break; - case TPM_HT_TRANSIENT: - // hierarchy for an object - { - OBJECT *object; - object = HandleToObject(handle); - if(object->attributes.ppsHierarchy) - { - hierarchy = TPM_RH_PLATFORM; - } - else if(object->attributes.epsHierarchy) - { - hierarchy = TPM_RH_ENDORSEMENT; - } - else if(object->attributes.spsHierarchy) - { - hierarchy = TPM_RH_OWNER; - } - } - break; - case TPM_HT_PCR: - hierarchy = TPM_RH_OWNER; - break; - default: - FAIL(FATAL_ERROR_INTERNAL); - break; - } - // this is unreachable but it provides a return value for the default - // case which makes the complier happy - return hierarchy; -} \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Global.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Global.c deleted file mode 100644 index 4caa4a598..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Global.c +++ /dev/null @@ -1,59 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Description -// This file will instance the TPM variables that are not stack allocated. - -// Descriptions of global variables are in Global.h. There macro macro definitions -// that allows a variable to be instanced or simply defined as an external variable. -// When global.h is included from this .c file, GLOBAL_C is defined and values are -// instanced (and possibly initialized), but when global.h is included by any other -// file, they are simply defined as external values. DO NOT DEFINE GLOBAL_C IN ANY -// OTHER FILE. -// -// NOTE: This is a change from previous implementations where Global.h just contained -// the extern declaration and values were instanced in this file. This change keeps -// the definition and instance in one file making maintenance easier. The instanced -// data will still be in the global.obj file. -// -// The OIDs.h file works in a way that is similar to the Global.h with the definition -// of the values in OIDs.h such that they are instanced in global.obj. The macros -// that are defined in Global.h are used in OIDs.h in the same way as they are in -// Global.h. - -//** Defines and Includes -#define GLOBAL_C -#include "Tpm.h" -#include "OIDs.h" - diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Handle.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Handle.c deleted file mode 100644 index 3ef3b532b..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Handle.c +++ /dev/null @@ -1,195 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Description -// This file contains the functions that return the type of a handle. - -//** Includes -#include "Tpm.h" - -//** Functions - -//*** HandleGetType() -// This function returns the type of a handle which is the MSO of the handle. -TPM_HT -HandleGetType( - TPM_HANDLE handle // IN: a handle to be checked - ) -{ - // return the upper bytes of input data - return (TPM_HT)((handle & HR_RANGE_MASK) >> HR_SHIFT); -} - -//*** NextPermanentHandle() -// This function returns the permanent handle that is equal to the input value or -// is the next higher value. If there is no handle with the input value and there -// is no next higher value, it returns 0: -TPM_HANDLE -NextPermanentHandle( - TPM_HANDLE inHandle // IN: the handle to check - ) -{ - // If inHandle is below the start of the range of permanent handles - // set it to the start and scan from there - if(inHandle < TPM_RH_FIRST) - inHandle = TPM_RH_FIRST; - // scan from input value until we find an implemented permanent handle - // or go out of range - for(; inHandle <= TPM_RH_LAST; inHandle++) - { - switch(inHandle) - { - case TPM_RH_OWNER: - case TPM_RH_NULL: - case TPM_RS_PW: - case TPM_RH_LOCKOUT: - case TPM_RH_ENDORSEMENT: - case TPM_RH_PLATFORM: - case TPM_RH_PLATFORM_NV: -#ifdef VENDOR_PERMANENT - case VENDOR_PERMANENT: -#endif - return inHandle; - break; - default: - break; - } - } - // Out of range on the top - return 0; -} - -//*** PermanentCapGetHandles() -// This function returns a list of the permanent handles of PCR, started from -// 'handle'. If 'handle' is larger than the largest permanent handle, an empty list -// will be returned with 'more' set to NO. -// Return Type: TPMI_YES_NO -// YES if there are more handles available -// NO all the available handles has been returned -TPMI_YES_NO -PermanentCapGetHandles( - TPM_HANDLE handle, // IN: start handle - UINT32 count, // IN: count of returned handles - TPML_HANDLE *handleList // OUT: list of handle - ) -{ - TPMI_YES_NO more = NO; - UINT32 i; - - pAssert(HandleGetType(handle) == TPM_HT_PERMANENT); - - // Initialize output handle list - handleList->count = 0; - - // The maximum count of handles we may return is MAX_CAP_HANDLES - if(count > MAX_CAP_HANDLES) count = MAX_CAP_HANDLES; - - // Iterate permanent handle range - for(i = NextPermanentHandle(handle); - i != 0; i = NextPermanentHandle(i + 1)) - { - if(handleList->count < count) - { - // If we have not filled up the return list, add this permanent - // handle to it - handleList->handle[handleList->count] = i; - handleList->count++; - } - else - { - // If the return list is full but we still have permanent handle - // available, report this and stop iterating - more = YES; - break; - } - } - return more; -} - -//*** PermanentHandleGetPolicy() -// This function returns a list of the permanent handles of PCR, started from -// 'handle'. If 'handle' is larger than the largest permanent handle, an empty list -// will be returned with 'more' set to NO. -// Return Type: TPMI_YES_NO -// YES if there are more handles available -// NO all the available handles has been returned -TPMI_YES_NO -PermanentHandleGetPolicy( - TPM_HANDLE handle, // IN: start handle - UINT32 count, // IN: max count of returned handles - TPML_TAGGED_POLICY *policyList // OUT: list of handle - ) -{ - TPMI_YES_NO more = NO; - - pAssert(HandleGetType(handle) == TPM_HT_PERMANENT); - - // Initialize output handle list - policyList->count = 0; - - // The maximum count of policies we may return is MAX_TAGGED_POLICIES - if(count > MAX_TAGGED_POLICIES) - count = MAX_TAGGED_POLICIES; - - // Iterate permanent handle range - for(handle = NextPermanentHandle(handle); - handle != 0; - handle = NextPermanentHandle(handle + 1)) - { - TPM2B_DIGEST policyDigest; - TPM_ALG_ID policyAlg; - // Check to see if this permanent handle has a policy - policyAlg = EntityGetAuthPolicy(handle, &policyDigest); - if(policyAlg == TPM_ALG_ERROR) - continue; - if(policyList->count < count) - { - // If we have not filled up the return list, add this - // policy to the list; - policyList->policies[policyList->count].handle = handle; - policyList->policies[policyList->count].policyHash.hashAlg = policyAlg; - MemoryCopy(&policyList->policies[policyList->count].policyHash.digest, - policyDigest.t.buffer, policyDigest.t.size); - policyList->count++; - } - else - { - // If the return list is full but we still have permanent handle - // available, report this and stop iterating - more = YES; - break; - } - } - return more; -} diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/IoBuffers.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/IoBuffers.c deleted file mode 100644 index 49d0561c3..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/IoBuffers.c +++ /dev/null @@ -1,125 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -//** Includes and Data Definitions - -// This definition allows this module to "see" the values that are private -// to this module but kept in Global.c for ease of state migration. -#define IO_BUFFER_C -#include "Tpm.h" -#include "IoBuffers_fp.h" - -//** Buffers and Functions - -// These buffers are set aside to hold command and response values. In this -// implementation, it is not guaranteed that the code will stop accessing -// the s_actionInputBuffer before starting to put values in the -// s_actionOutputBuffer so different buffers are required. -// - -//*** MemoryIoBufferAllocationReset() -// This function is used to reset the allocation of buffers. -void -MemoryIoBufferAllocationReset( - void -) -{ - s_actionIoAllocation = 0; -} - -//*** MemoryIoBufferZero() -// Function zeros the action I/O buffer at the end of a command. Calling this is -// not mandatory for proper functionality. -void -MemoryIoBufferZero( - void -) -{ - memset(s_actionIoBuffer, 0, s_actionIoAllocation); -} - -//*** MemoryGetInBuffer() -// This function returns the address of the buffer into which the -// command parameters will be unmarshaled in preparation for calling -// the command actions. -BYTE * -MemoryGetInBuffer( - UINT32 size // Size, in bytes, required for the input - // unmarshaling - ) -{ - pAssert(size <= sizeof(s_actionIoBuffer)); - // In this implementation, a static buffer is set aside for the command action - // buffers. The buffer is shared between input and output. This is because - // there is no need to allocate for the worst case input and worst case output - // at the same time. - // Round size up - #define UoM (sizeof(s_actionIoBuffer[0])) - size = (size + (UoM - 1)) & (UINT32_MAX - (UoM - 1)); - memset(s_actionIoBuffer, 0, size); - s_actionIoAllocation = size; - return (BYTE *)&s_actionIoBuffer[0]; -} - -//*** MemoryGetOutBuffer() -// This function returns the address of the buffer into which the command -// action code places its output values. -BYTE * -MemoryGetOutBuffer( - UINT32 size // required size of the buffer - ) -{ - BYTE *retVal = (BYTE *)(&s_actionIoBuffer[s_actionIoAllocation / UoM]); - pAssert((size + s_actionIoAllocation) < (sizeof(s_actionIoBuffer))); - // In this implementation, a static buffer is set aside for the command action - // output buffer. - memset(retVal, 0, size); - s_actionIoAllocation += size; - return retVal; -} - -//*** IsLabelProperlyFormatted() -// This function checks that a label is a null-terminated string. -// NOTE: this function is here because there was no better place for it. -// Return Type: BOOL -// TRUE(1) string is null terminated -// FALSE(0) string is not null terminated -BOOL -IsLabelProperlyFormatted( - TPM2B *x - ) -{ - return (((x)->size == 0) || ((x)->buffer[(x)->size - 1] == 0)); -} diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Locality.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Locality.c deleted file mode 100644 index e2d1bfd94..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Locality.c +++ /dev/null @@ -1,75 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Includes -#include "Tpm.h" - -//** LocalityGetAttributes() -// This function will convert a locality expressed as an integer into -// TPMA_LOCALITY form. -// -// The function returns the locality attribute. -TPMA_LOCALITY -LocalityGetAttributes( - UINT8 locality // IN: locality value - ) -{ - TPMA_LOCALITY locality_attributes; - BYTE *localityAsByte = (BYTE *)&locality_attributes; - - MemorySet(&locality_attributes, 0, sizeof(TPMA_LOCALITY)); - switch(locality) - { - case 0: - SET_ATTRIBUTE(locality_attributes, TPMA_LOCALITY, TPM_LOC_ZERO); - break; - case 1: - SET_ATTRIBUTE(locality_attributes, TPMA_LOCALITY, TPM_LOC_ONE); - break; - case 2: - SET_ATTRIBUTE(locality_attributes, TPMA_LOCALITY, TPM_LOC_TWO); - break; - case 3: - SET_ATTRIBUTE(locality_attributes, TPMA_LOCALITY, TPM_LOC_THREE); - break; - case 4: - SET_ATTRIBUTE(locality_attributes, TPMA_LOCALITY, TPM_LOC_FOUR); - break; - default: - pAssert(locality > 31); - *localityAsByte = locality; - break; - } - return locality_attributes; -} \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Manufacture.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Manufacture.c deleted file mode 100644 index 19361a96b..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Manufacture.c +++ /dev/null @@ -1,177 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Description -// This file contains the function that performs the "manufacturing" of the TPM -// in a simulated environment. These functions should not be used outside of -// a manufacturing or simulation environment. - -//** Includes and Data Definitions -#define MANUFACTURE_C -#include "Tpm.h" -#include "TpmSizeChecks_fp.h" - -//** Functions - -//*** TPM_Manufacture() -// This function initializes the TPM values in preparation for the TPM's first -// use. This function will fail if previously called. The TPM can be re-manufactured -// by calling TPM_Teardown() first and then calling this function again. -// Return Type: int -// 0 success -// 1 manufacturing process previously performed -LIB_EXPORT int -TPM_Manufacture( - int firstTime // IN: indicates if this is the first call from - // main() - ) -{ - TPM_SU orderlyShutdown; - -#if RUNTIME_SIZE_CHECKS - // Call the function to verify the sizes of values that result from different - // compile options. - TpmSizeChecks(); -#endif - - // If TPM has been manufactured, return indication. - if(!firstTime && g_manufactured) - return 1; - - // Do power on initializations of the cryptographic libraries. - CryptInit(); - - s_DAPendingOnNV = FALSE; - - // initialize NV - NvManufacture(); - - // Clear the magic value in the DRBG state - go.drbgState.magic = 0; - - CryptStartup(SU_RESET); - - // default configuration for PCR - PCRSimStart(); - - // initialize pre-installed hierarchy data - // This should happen after NV is initialized because hierarchy data is - // stored in NV. - HierarchyPreInstall_Init(); - - // initialize dictionary attack parameters - DAPreInstall_Init(); - - // initialize PP list - PhysicalPresencePreInstall_Init(); - - // initialize command audit list - CommandAuditPreInstall_Init(); - - // first start up is required to be Startup(CLEAR) - orderlyShutdown = TPM_SU_CLEAR; - NV_WRITE_PERSISTENT(orderlyState, orderlyShutdown); - - // initialize the firmware version - gp.firmwareV1 = FIRMWARE_V1; -#ifdef FIRMWARE_V2 - gp.firmwareV2 = FIRMWARE_V2; -#else - gp.firmwareV2 = 0; -#endif - NV_SYNC_PERSISTENT(firmwareV1); - NV_SYNC_PERSISTENT(firmwareV2); - - // initialize the total reset counter to 0 - gp.totalResetCount = 0; - NV_SYNC_PERSISTENT(totalResetCount); - - // initialize the clock stuff - go.clock = 0; - go.clockSafe = YES; - - NvWrite(NV_ORDERLY_DATA, sizeof(ORDERLY_DATA), &go); - - // Commit NV writes. Manufacture process is an artificial process existing - // only in simulator environment and it is not defined in the specification - // that what should be the expected behavior if the NV write fails at this - // point. Therefore, it is assumed the NV write here is always success and - // no return code of this function is checked. - NvCommit(); - - g_manufactured = TRUE; - - return 0; -} - -//*** TPM_TearDown() -// This function prepares the TPM for re-manufacture. It should not be implemented -// in anything other than a simulated TPM. -// -// In this implementation, all that is needs is to stop the cryptographic units -// and set a flag to indicate that the TPM can be re-manufactured. This should -// be all that is necessary to start the manufacturing process again. -// Return Type: int -// 0 success -// 1 TPM not previously manufactured -LIB_EXPORT int -TPM_TearDown( - void - ) -{ - g_manufactured = FALSE; - return 0; -} - - -//*** TpmEndSimulation() -// This function is called at the end of the simulation run. It is used to provoke -// printing of any statistics that might be needed. -LIB_EXPORT void -TpmEndSimulation( - void - ) -{ -#if SIMULATION - HashLibSimulationEnd(); - SymLibSimulationEnd(); - MathLibSimulationEnd(); -#if ALG_RSA - RsaSimulationEnd(); -#endif -#if ALG_ECC - EccSimulationEnd(); -#endif -#endif // SIMULATION -} \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Marshal.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Marshal.c deleted file mode 100644 index ba96696db..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Marshal.c +++ /dev/null @@ -1,5811 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmMarshal; Version 4.1 Dec 10, 2018 - * Date: Apr 2, 2019 Time: 11:00:48AM - */ - -#include "Tpm.h" -#include "Marshal_fp.h" - -// Table 2:3 - Definition of Base Types -// UINT8 definition from table 2:3 -TPM_RC -UINT8_Unmarshal(UINT8 *target, BYTE **buffer, INT32 *size) -{ - if((*size -= 1) < 0) - return TPM_RC_INSUFFICIENT; - *target = BYTE_ARRAY_TO_UINT8(*buffer); - *buffer += 1; - return TPM_RC_SUCCESS; -} -UINT16 -UINT8_Marshal(UINT8 *source, BYTE **buffer, INT32 *size) -{ - if (buffer != 0) - { - if ((size == 0) || ((*size -= 1) >= 0)) - { - UINT8_TO_BYTE_ARRAY(*source, *buffer); - *buffer += 1; - } - pAssert(size == 0 || (*size >= 0)); - } - return (1); -} - -// BYTE definition from table 2:3 -#if !USE_MARSHALING_DEFINES -TPM_RC -BYTE_Unmarshal(BYTE *target, BYTE **buffer, INT32 *size) -{ - return UINT8_Unmarshal((UINT8 *)target, buffer, size); -} -UINT16 -BYTE_Marshal(BYTE *source, BYTE **buffer, INT32 *size) -{ - return UINT8_Marshal((UINT8 *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// INT8 definition from table 2:3 -#if !USE_MARSHALING_DEFINES -TPM_RC -INT8_Unmarshal(INT8 *target, BYTE **buffer, INT32 *size) -{ - return UINT8_Unmarshal((UINT8 *)target, buffer, size); -} -UINT16 -INT8_Marshal(INT8 *source, BYTE **buffer, INT32 *size) -{ - return UINT8_Marshal((UINT8 *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// UINT16 definition from table 2:3 -TPM_RC -UINT16_Unmarshal(UINT16 *target, BYTE **buffer, INT32 *size) -{ - if((*size -= 2) < 0) - return TPM_RC_INSUFFICIENT; - *target = BYTE_ARRAY_TO_UINT16(*buffer); - *buffer += 2; - return TPM_RC_SUCCESS; -} -UINT16 -UINT16_Marshal(UINT16 *source, BYTE **buffer, INT32 *size) -{ - if (buffer != 0) - { - if ((size == 0) || ((*size -= 2) >= 0)) - { - UINT16_TO_BYTE_ARRAY(*source, *buffer); - *buffer += 2; - } - pAssert(size == 0 || (*size >= 0)); - } - return (2); -} - -// INT16 definition from table 2:3 -#if !USE_MARSHALING_DEFINES -TPM_RC -INT16_Unmarshal(INT16 *target, BYTE **buffer, INT32 *size) -{ - return UINT16_Unmarshal((UINT16 *)target, buffer, size); -} -UINT16 -INT16_Marshal(INT16 *source, BYTE **buffer, INT32 *size) -{ - return UINT16_Marshal((UINT16 *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// UINT32 definition from table 2:3 -TPM_RC -UINT32_Unmarshal(UINT32 *target, BYTE **buffer, INT32 *size) -{ - if((*size -= 4) < 0) - return TPM_RC_INSUFFICIENT; - *target = BYTE_ARRAY_TO_UINT32(*buffer); - *buffer += 4; - return TPM_RC_SUCCESS; -} -UINT16 -UINT32_Marshal(UINT32 *source, BYTE **buffer, INT32 *size) -{ - if (buffer != 0) - { - if ((size == 0) || ((*size -= 4) >= 0)) - { - UINT32_TO_BYTE_ARRAY(*source, *buffer); - *buffer += 4; - } - pAssert(size == 0 || (*size >= 0)); - } - return (4); -} - -// INT32 definition from table 2:3 -#if !USE_MARSHALING_DEFINES -TPM_RC -INT32_Unmarshal(INT32 *target, BYTE **buffer, INT32 *size) -{ - return UINT32_Unmarshal((UINT32 *)target, buffer, size); -} -UINT16 -INT32_Marshal(INT32 *source, BYTE **buffer, INT32 *size) -{ - return UINT32_Marshal((UINT32 *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// UINT64 definition from table 2:3 -TPM_RC -UINT64_Unmarshal(UINT64 *target, BYTE **buffer, INT32 *size) -{ - if((*size -= 8) < 0) - return TPM_RC_INSUFFICIENT; - *target = BYTE_ARRAY_TO_UINT64(*buffer); - *buffer += 8; - return TPM_RC_SUCCESS; -} -UINT16 -UINT64_Marshal(UINT64 *source, BYTE **buffer, INT32 *size) -{ - if (buffer != 0) - { - if ((size == 0) || ((*size -= 8) >= 0)) - { - UINT64_TO_BYTE_ARRAY(*source, *buffer); - *buffer += 8; - } - pAssert(size == 0 || (*size >= 0)); - } - return (8); -} - -// INT64 definition from table 2:3 -#if !USE_MARSHALING_DEFINES -TPM_RC -INT64_Unmarshal(INT64 *target, BYTE **buffer, INT32 *size) -{ - return UINT64_Unmarshal((UINT64 *)target, buffer, size); -} -UINT16 -INT64_Marshal(INT64 *source, BYTE **buffer, INT32 *size) -{ - return UINT64_Marshal((UINT64 *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:4 - Defines for Logic Values -// Table 2:5 - Definition of Types for Documentation Clarity -#if !USE_MARSHALING_DEFINES -TPM_RC -TPM_ALGORITHM_ID_Unmarshal(TPM_ALGORITHM_ID *target, BYTE **buffer, INT32 *size) -{ - return UINT32_Unmarshal((UINT32 *)target, buffer, size); -} -UINT16 -TPM_ALGORITHM_ID_Marshal(TPM_ALGORITHM_ID *source, BYTE **buffer, INT32 *size) -{ - return UINT32_Marshal((UINT32 *)source, buffer, size); -} -TPM_RC -TPM_MODIFIER_INDICATOR_Unmarshal(TPM_MODIFIER_INDICATOR *target, BYTE **buffer, INT32 *size) -{ - return UINT32_Unmarshal((UINT32 *)target, buffer, size); -} -UINT16 -TPM_MODIFIER_INDICATOR_Marshal(TPM_MODIFIER_INDICATOR *source, BYTE **buffer, INT32 *size) -{ - return UINT32_Marshal((UINT32 *)source, buffer, size); -} -TPM_RC -TPM_AUTHORIZATION_SIZE_Unmarshal(TPM_AUTHORIZATION_SIZE *target, BYTE **buffer, INT32 *size) -{ - return UINT32_Unmarshal((UINT32 *)target, buffer, size); -} -UINT16 -TPM_AUTHORIZATION_SIZE_Marshal(TPM_AUTHORIZATION_SIZE *source, BYTE **buffer, INT32 *size) -{ - return UINT32_Marshal((UINT32 *)source, buffer, size); -} -TPM_RC -TPM_PARAMETER_SIZE_Unmarshal(TPM_PARAMETER_SIZE *target, BYTE **buffer, INT32 *size) -{ - return UINT32_Unmarshal((UINT32 *)target, buffer, size); -} -UINT16 -TPM_PARAMETER_SIZE_Marshal(TPM_PARAMETER_SIZE *source, BYTE **buffer, INT32 *size) -{ - return UINT32_Marshal((UINT32 *)source, buffer, size); -} -TPM_RC -TPM_KEY_SIZE_Unmarshal(TPM_KEY_SIZE *target, BYTE **buffer, INT32 *size) -{ - return UINT16_Unmarshal((UINT16 *)target, buffer, size); -} -UINT16 -TPM_KEY_SIZE_Marshal(TPM_KEY_SIZE *source, BYTE **buffer, INT32 *size) -{ - return UINT16_Marshal((UINT16 *)source, buffer, size); -} -TPM_RC -TPM_KEY_BITS_Unmarshal(TPM_KEY_BITS *target, BYTE **buffer, INT32 *size) -{ - return UINT16_Unmarshal((UINT16 *)target, buffer, size); -} -UINT16 -TPM_KEY_BITS_Marshal(TPM_KEY_BITS *source, BYTE **buffer, INT32 *size) -{ - return UINT16_Marshal((UINT16 *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:6 - Definition of TPM_SPEC Constants -// Table 2:7 - Definition of TPM_GENERATED Constants -#if !USE_MARSHALING_DEFINES -UINT16 -TPM_GENERATED_Marshal(TPM_GENERATED *source, BYTE **buffer, INT32 *size) -{ - return UINT32_Marshal((UINT32 *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:9 - Definition of TPM_ALG_ID Constants -#if !USE_MARSHALING_DEFINES -TPM_RC -TPM_ALG_ID_Unmarshal(TPM_ALG_ID *target, BYTE **buffer, INT32 *size) -{ - return UINT16_Unmarshal((UINT16 *)target, buffer, size); -} -UINT16 -TPM_ALG_ID_Marshal(TPM_ALG_ID *source, BYTE **buffer, INT32 *size) -{ - return UINT16_Marshal((UINT16 *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:10 - Definition of TPM_ECC_CURVE Constants -#if ALG_ECC -TPM_RC -TPM_ECC_CURVE_Unmarshal(TPM_ECC_CURVE *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = UINT16_Unmarshal((UINT16 *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - switch(*target) - { - case TPM_ECC_NIST_P192 : - case TPM_ECC_NIST_P224 : - case TPM_ECC_NIST_P256 : - case TPM_ECC_NIST_P384 : - case TPM_ECC_NIST_P521 : - case TPM_ECC_BN_P256 : - case TPM_ECC_BN_P638 : - case TPM_ECC_SM2_P256 : - break; - default : - result = TPM_RC_CURVE; - break; - } - } - return result; -} -#if !USE_MARSHALING_DEFINES -UINT16 -TPM_ECC_CURVE_Marshal(TPM_ECC_CURVE *source, BYTE **buffer, INT32 *size) -{ - return UINT16_Marshal((UINT16 *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES -#endif // ALG_ECC - -// Table 2:12 - Definition of TPM_CC Constants -#if !USE_MARSHALING_DEFINES -TPM_RC -TPM_CC_Unmarshal(TPM_CC *target, BYTE **buffer, INT32 *size) -{ - return UINT32_Unmarshal((UINT32 *)target, buffer, size); -} -UINT16 -TPM_CC_Marshal(TPM_CC *source, BYTE **buffer, INT32 *size) -{ - return UINT32_Marshal((UINT32 *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:16 - Definition of TPM_RC Constants -#if !USE_MARSHALING_DEFINES -UINT16 -TPM_RC_Marshal(TPM_RC *source, BYTE **buffer, INT32 *size) -{ - return UINT32_Marshal((UINT32 *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:17 - Definition of TPM_CLOCK_ADJUST Constants -TPM_RC -TPM_CLOCK_ADJUST_Unmarshal(TPM_CLOCK_ADJUST *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = INT8_Unmarshal((INT8 *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - switch(*target) - { - case TPM_CLOCK_COARSE_SLOWER : - case TPM_CLOCK_MEDIUM_SLOWER : - case TPM_CLOCK_FINE_SLOWER : - case TPM_CLOCK_NO_CHANGE : - case TPM_CLOCK_FINE_FASTER : - case TPM_CLOCK_MEDIUM_FASTER : - case TPM_CLOCK_COARSE_FASTER : - break; - default : - result = TPM_RC_VALUE; - break; - } - } - return result; -} - -// Table 2:18 - Definition of TPM_EO Constants -TPM_RC -TPM_EO_Unmarshal(TPM_EO *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = UINT16_Unmarshal((UINT16 *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - switch(*target) - { - case TPM_EO_EQ : - case TPM_EO_NEQ : - case TPM_EO_SIGNED_GT : - case TPM_EO_UNSIGNED_GT : - case TPM_EO_SIGNED_LT : - case TPM_EO_UNSIGNED_LT : - case TPM_EO_SIGNED_GE : - case TPM_EO_UNSIGNED_GE : - case TPM_EO_SIGNED_LE : - case TPM_EO_UNSIGNED_LE : - case TPM_EO_BITSET : - case TPM_EO_BITCLEAR : - break; - default : - result = TPM_RC_VALUE; - break; - } - } - return result; -} -#if !USE_MARSHALING_DEFINES -UINT16 -TPM_EO_Marshal(TPM_EO *source, BYTE **buffer, INT32 *size) -{ - return UINT16_Marshal((UINT16 *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:19 - Definition of TPM_ST Constants -#if !USE_MARSHALING_DEFINES -TPM_RC -TPM_ST_Unmarshal(TPM_ST *target, BYTE **buffer, INT32 *size) -{ - return UINT16_Unmarshal((UINT16 *)target, buffer, size); -} -UINT16 -TPM_ST_Marshal(TPM_ST *source, BYTE **buffer, INT32 *size) -{ - return UINT16_Marshal((UINT16 *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:20 - Definition of TPM_SU Constants -TPM_RC -TPM_SU_Unmarshal(TPM_SU *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = UINT16_Unmarshal((UINT16 *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - switch(*target) - { - case TPM_SU_CLEAR : - case TPM_SU_STATE : - break; - default : - result = TPM_RC_VALUE; - break; - } - } - return result; -} - -// Table 2:21 - Definition of TPM_SE Constants -TPM_RC -TPM_SE_Unmarshal(TPM_SE *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = UINT8_Unmarshal((UINT8 *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - switch(*target) - { - case TPM_SE_HMAC : - case TPM_SE_POLICY : - case TPM_SE_TRIAL : - break; - default : - result = TPM_RC_VALUE; - break; - } - } - return result; -} - -// Table 2:22 - Definition of TPM_CAP Constants -TPM_RC -TPM_CAP_Unmarshal(TPM_CAP *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = UINT32_Unmarshal((UINT32 *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - switch(*target) - { - case TPM_CAP_ALGS : - case TPM_CAP_HANDLES : - case TPM_CAP_COMMANDS : - case TPM_CAP_PP_COMMANDS : - case TPM_CAP_AUDIT_COMMANDS : - case TPM_CAP_PCRS : - case TPM_CAP_TPM_PROPERTIES : - case TPM_CAP_PCR_PROPERTIES : - case TPM_CAP_ECC_CURVES : - case TPM_CAP_AUTH_POLICIES : - case TPM_CAP_VENDOR_PROPERTY : - break; - default : - result = TPM_RC_VALUE; - break; - } - } - return result; -} -#if !USE_MARSHALING_DEFINES -UINT16 -TPM_CAP_Marshal(TPM_CAP *source, BYTE **buffer, INT32 *size) -{ - return UINT32_Marshal((UINT32 *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:23 - Definition of TPM_PT Constants -#if !USE_MARSHALING_DEFINES -TPM_RC -TPM_PT_Unmarshal(TPM_PT *target, BYTE **buffer, INT32 *size) -{ - return UINT32_Unmarshal((UINT32 *)target, buffer, size); -} -UINT16 -TPM_PT_Marshal(TPM_PT *source, BYTE **buffer, INT32 *size) -{ - return UINT32_Marshal((UINT32 *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:24 - Definition of TPM_PT_PCR Constants -#if !USE_MARSHALING_DEFINES -TPM_RC -TPM_PT_PCR_Unmarshal(TPM_PT_PCR *target, BYTE **buffer, INT32 *size) -{ - return UINT32_Unmarshal((UINT32 *)target, buffer, size); -} -UINT16 -TPM_PT_PCR_Marshal(TPM_PT_PCR *source, BYTE **buffer, INT32 *size) -{ - return UINT32_Marshal((UINT32 *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:25 - Definition of TPM_PS Constants -#if !USE_MARSHALING_DEFINES -UINT16 -TPM_PS_Marshal(TPM_PS *source, BYTE **buffer, INT32 *size) -{ - return UINT32_Marshal((UINT32 *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:26 - Definition of Types for Handles -#if !USE_MARSHALING_DEFINES -TPM_RC -TPM_HANDLE_Unmarshal(TPM_HANDLE *target, BYTE **buffer, INT32 *size) -{ - return UINT32_Unmarshal((UINT32 *)target, buffer, size); -} -UINT16 -TPM_HANDLE_Marshal(TPM_HANDLE *source, BYTE **buffer, INT32 *size) -{ - return UINT32_Marshal((UINT32 *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:27 - Definition of TPM_HT Constants -#if !USE_MARSHALING_DEFINES -TPM_RC -TPM_HT_Unmarshal(TPM_HT *target, BYTE **buffer, INT32 *size) -{ - return UINT8_Unmarshal((UINT8 *)target, buffer, size); -} -UINT16 -TPM_HT_Marshal(TPM_HT *source, BYTE **buffer, INT32 *size) -{ - return UINT8_Marshal((UINT8 *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:28 - Definition of TPM_RH Constants -#if !USE_MARSHALING_DEFINES -TPM_RC -TPM_RH_Unmarshal(TPM_RH *target, BYTE **buffer, INT32 *size) -{ - return TPM_HANDLE_Unmarshal((TPM_HANDLE *)target, buffer, size); -} -UINT16 -TPM_RH_Marshal(TPM_RH *source, BYTE **buffer, INT32 *size) -{ - return TPM_HANDLE_Marshal((TPM_HANDLE *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:29 - Definition of TPM_HC Constants -#if !USE_MARSHALING_DEFINES -TPM_RC -TPM_HC_Unmarshal(TPM_HC *target, BYTE **buffer, INT32 *size) -{ - return TPM_HANDLE_Unmarshal((TPM_HANDLE *)target, buffer, size); -} -UINT16 -TPM_HC_Marshal(TPM_HC *source, BYTE **buffer, INT32 *size) -{ - return TPM_HANDLE_Marshal((TPM_HANDLE *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:30 - Definition of TPMA_ALGORITHM Bits -TPM_RC -TPMA_ALGORITHM_Unmarshal(TPMA_ALGORITHM *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = UINT32_Unmarshal((UINT32 *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - if(*((UINT32 *)target) & (UINT32)0xfffff8f0) - result = TPM_RC_RESERVED_BITS; - } - return result; -} - -#if !USE_MARSHALING_DEFINES -UINT16 -TPMA_ALGORITHM_Marshal(TPMA_ALGORITHM *source, BYTE **buffer, INT32 *size) -{ - return UINT32_Marshal((UINT32 *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:31 - Definition of TPMA_OBJECT Bits -TPM_RC -TPMA_OBJECT_Unmarshal(TPMA_OBJECT *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = UINT32_Unmarshal((UINT32 *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - if(*((UINT32 *)target) & (UINT32)0xfff0f309) - result = TPM_RC_RESERVED_BITS; - } - return result; -} - -#if !USE_MARSHALING_DEFINES -UINT16 -TPMA_OBJECT_Marshal(TPMA_OBJECT *source, BYTE **buffer, INT32 *size) -{ - return UINT32_Marshal((UINT32 *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:32 - Definition of TPMA_SESSION Bits -TPM_RC -TPMA_SESSION_Unmarshal(TPMA_SESSION *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = UINT8_Unmarshal((UINT8 *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - if(*((UINT8 *)target) & (UINT8)0x18) - result = TPM_RC_RESERVED_BITS; - } - return result; -} - -#if !USE_MARSHALING_DEFINES -UINT16 -TPMA_SESSION_Marshal(TPMA_SESSION *source, BYTE **buffer, INT32 *size) -{ - return UINT8_Marshal((UINT8 *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:33 - Definition of TPMA_LOCALITY Bits -#if !USE_MARSHALING_DEFINES -TPM_RC -TPMA_LOCALITY_Unmarshal(TPMA_LOCALITY *target, BYTE **buffer, INT32 *size) -{ - return UINT8_Unmarshal((UINT8 *)target, buffer, size); -} -UINT16 -TPMA_LOCALITY_Marshal(TPMA_LOCALITY *source, BYTE **buffer, INT32 *size) -{ - return UINT8_Marshal((UINT8 *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:34 - Definition of TPMA_PERMANENT Bits -#if !USE_MARSHALING_DEFINES -UINT16 -TPMA_PERMANENT_Marshal(TPMA_PERMANENT *source, BYTE **buffer, INT32 *size) -{ - return UINT32_Marshal((UINT32 *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:35 - Definition of TPMA_STARTUP_CLEAR Bits -#if !USE_MARSHALING_DEFINES -UINT16 -TPMA_STARTUP_CLEAR_Marshal(TPMA_STARTUP_CLEAR *source, BYTE **buffer, INT32 *size) -{ - return UINT32_Marshal((UINT32 *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:36 - Definition of TPMA_MEMORY Bits -#if !USE_MARSHALING_DEFINES -UINT16 -TPMA_MEMORY_Marshal(TPMA_MEMORY *source, BYTE **buffer, INT32 *size) -{ - return UINT32_Marshal((UINT32 *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:37 - Definition of TPMA_CC Bits -#if !USE_MARSHALING_DEFINES -UINT16 -TPMA_CC_Marshal(TPMA_CC *source, BYTE **buffer, INT32 *size) -{ - return TPM_CC_Marshal((TPM_CC *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:38 - Definition of TPMA_MODES Bits -#if !USE_MARSHALING_DEFINES -UINT16 -TPMA_MODES_Marshal(TPMA_MODES *source, BYTE **buffer, INT32 *size) -{ - return UINT32_Marshal((UINT32 *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:39 - Definition of TPMA_X509_KEY_USAGE Bits -#if !USE_MARSHALING_DEFINES -UINT16 -TPMA_X509_KEY_USAGE_Marshal(TPMA_X509_KEY_USAGE *source, BYTE **buffer, INT32 *size) -{ - return UINT32_Marshal((UINT32 *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:40 - Definition of TPMI_YES_NO Type -TPM_RC -TPMI_YES_NO_Unmarshal(TPMI_YES_NO *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = BYTE_Unmarshal((BYTE *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - switch (*target) - { - case NO: - case YES: - break; - default: - result = TPM_RC_VALUE; - break; - } - } - return result; -} -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_YES_NO_Marshal(TPMI_YES_NO *source, BYTE **buffer, INT32 *size) -{ - return BYTE_Marshal((BYTE *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:41 - Definition of TPMI_DH_OBJECT Type -TPM_RC -TPMI_DH_OBJECT_Unmarshal(TPMI_DH_OBJECT *target, BYTE **buffer, INT32 *size, BOOL flag) -{ - TPM_RC result; - result = TPM_HANDLE_Unmarshal((TPM_HANDLE *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - if(*target == TPM_RH_NULL) - { - if(!flag) - result = TPM_RC_VALUE; - } - else if( ((*target < TRANSIENT_FIRST) || (*target > TRANSIENT_LAST)) - && ((*target < PERSISTENT_FIRST) || (*target > PERSISTENT_LAST))) - result = TPM_RC_VALUE; - } - return result; -} -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_DH_OBJECT_Marshal(TPMI_DH_OBJECT *source, BYTE **buffer, INT32 *size) -{ - return TPM_HANDLE_Marshal((TPM_HANDLE *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:42 - Definition of TPMI_DH_PARENT Type -TPM_RC -TPMI_DH_PARENT_Unmarshal(TPMI_DH_PARENT *target, BYTE **buffer, INT32 *size, BOOL flag) -{ - TPM_RC result; - result = TPM_HANDLE_Unmarshal((TPM_HANDLE *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - switch (*target) - { - case TPM_RH_OWNER: - case TPM_RH_PLATFORM: - case TPM_RH_ENDORSEMENT: - break; - case TPM_RH_NULL: - if(!flag) - result = TPM_RC_VALUE; - break; - default: - if( ((*target < TRANSIENT_FIRST) || (*target > TRANSIENT_LAST)) - && ((*target < PERSISTENT_FIRST) || (*target > PERSISTENT_LAST))) - result = TPM_RC_VALUE; - break; - } - } - return result; -} -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_DH_PARENT_Marshal(TPMI_DH_PARENT *source, BYTE **buffer, INT32 *size) -{ - return TPM_HANDLE_Marshal((TPM_HANDLE *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:43 - Definition of TPMI_DH_PERSISTENT Type -TPM_RC -TPMI_DH_PERSISTENT_Unmarshal(TPMI_DH_PERSISTENT *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = TPM_HANDLE_Unmarshal((TPM_HANDLE *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - if((*target < PERSISTENT_FIRST) || (*target > PERSISTENT_LAST)) - result = TPM_RC_VALUE; - } - return result; -} -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_DH_PERSISTENT_Marshal(TPMI_DH_PERSISTENT *source, BYTE **buffer, INT32 *size) -{ - return TPM_HANDLE_Marshal((TPM_HANDLE *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:44 - Definition of TPMI_DH_ENTITY Type -TPM_RC -TPMI_DH_ENTITY_Unmarshal(TPMI_DH_ENTITY *target, BYTE **buffer, INT32 *size, BOOL flag) -{ - TPM_RC result; - result = TPM_HANDLE_Unmarshal((TPM_HANDLE *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - switch (*target) - { - case TPM_RH_OWNER: - case TPM_RH_ENDORSEMENT: - case TPM_RH_PLATFORM: - case TPM_RH_LOCKOUT: - break; - case TPM_RH_NULL: - if(!flag) - result = TPM_RC_VALUE; - break; - default: - if( ((*target < TRANSIENT_FIRST) || (*target > TRANSIENT_LAST)) - && ((*target < PERSISTENT_FIRST) || (*target > PERSISTENT_LAST)) - && ((*target < NV_INDEX_FIRST) || (*target > NV_INDEX_LAST)) - && (*target > PCR_LAST) - && ((*target < TPM_RH_AUTH_00) || (*target > TPM_RH_AUTH_FF))) - result = TPM_RC_VALUE; - break; - } - } - return result; -} - -// Table 2:45 - Definition of TPMI_DH_PCR Type -TPM_RC -TPMI_DH_PCR_Unmarshal(TPMI_DH_PCR *target, BYTE **buffer, INT32 *size, BOOL flag) -{ - TPM_RC result; - result = TPM_HANDLE_Unmarshal((TPM_HANDLE *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - if(*target == TPM_RH_NULL) - { - if(!flag) - result = TPM_RC_VALUE; - } - else if(*target > PCR_LAST) - result = TPM_RC_VALUE; - } - return result; -} - -// Table 2:46 - Definition of TPMI_SH_AUTH_SESSION Type -TPM_RC -TPMI_SH_AUTH_SESSION_Unmarshal(TPMI_SH_AUTH_SESSION *target, BYTE **buffer, INT32 *size, BOOL flag) -{ - TPM_RC result; - result = TPM_HANDLE_Unmarshal((TPM_HANDLE *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - if(*target == TPM_RS_PW) - { - if(!flag) - result = TPM_RC_VALUE; - } - else if( ((*target < HMAC_SESSION_FIRST) || (*target > HMAC_SESSION_LAST)) - && ((*target < POLICY_SESSION_FIRST) || (*target > POLICY_SESSION_LAST))) - result = TPM_RC_VALUE; - } - return result; -} -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_SH_AUTH_SESSION_Marshal(TPMI_SH_AUTH_SESSION *source, BYTE **buffer, INT32 *size) -{ - return TPM_HANDLE_Marshal((TPM_HANDLE *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:47 - Definition of TPMI_SH_HMAC Type -TPM_RC -TPMI_SH_HMAC_Unmarshal(TPMI_SH_HMAC *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = TPM_HANDLE_Unmarshal((TPM_HANDLE *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - if((*target < HMAC_SESSION_FIRST) || (*target > HMAC_SESSION_LAST)) - result = TPM_RC_VALUE; - } - return result; -} -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_SH_HMAC_Marshal(TPMI_SH_HMAC *source, BYTE **buffer, INT32 *size) -{ - return TPM_HANDLE_Marshal((TPM_HANDLE *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:48 - Definition of TPMI_SH_POLICY Type -TPM_RC -TPMI_SH_POLICY_Unmarshal(TPMI_SH_POLICY *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = TPM_HANDLE_Unmarshal((TPM_HANDLE *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - if((*target < POLICY_SESSION_FIRST) || (*target > POLICY_SESSION_LAST)) - result = TPM_RC_VALUE; - } - return result; -} -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_SH_POLICY_Marshal(TPMI_SH_POLICY *source, BYTE **buffer, INT32 *size) -{ - return TPM_HANDLE_Marshal((TPM_HANDLE *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:49 - Definition of TPMI_DH_CONTEXT Type -TPM_RC -TPMI_DH_CONTEXT_Unmarshal(TPMI_DH_CONTEXT *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = TPM_HANDLE_Unmarshal((TPM_HANDLE *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - if( ((*target < HMAC_SESSION_FIRST) || (*target > HMAC_SESSION_LAST)) - && ((*target < POLICY_SESSION_FIRST) || (*target > POLICY_SESSION_LAST)) - && ((*target < TRANSIENT_FIRST) || (*target > TRANSIENT_LAST))) - result = TPM_RC_VALUE; - } - return result; -} -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_DH_CONTEXT_Marshal(TPMI_DH_CONTEXT *source, BYTE **buffer, INT32 *size) -{ - return TPM_HANDLE_Marshal((TPM_HANDLE *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:50 - Definition of TPMI_DH_SAVED Type -TPM_RC -TPMI_DH_SAVED_Unmarshal(TPMI_DH_SAVED *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = TPM_HANDLE_Unmarshal((TPM_HANDLE *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - switch (*target) - { - case 0x80000000: - case 0x80000001: - case 0x80000002: - break; - default: - if( ((*target < HMAC_SESSION_FIRST) || (*target > HMAC_SESSION_LAST)) - && ((*target < POLICY_SESSION_FIRST) || (*target > POLICY_SESSION_LAST))) - result = TPM_RC_VALUE; - break; - } - } - return result; -} -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_DH_SAVED_Marshal(TPMI_DH_SAVED *source, BYTE **buffer, INT32 *size) -{ - return TPM_HANDLE_Marshal((TPM_HANDLE *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:51 - Definition of TPMI_RH_HIERARCHY Type -TPM_RC -TPMI_RH_HIERARCHY_Unmarshal(TPMI_RH_HIERARCHY *target, BYTE **buffer, INT32 *size, BOOL flag) -{ - TPM_RC result; - result = TPM_HANDLE_Unmarshal((TPM_HANDLE *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - switch (*target) - { - case TPM_RH_OWNER: - case TPM_RH_PLATFORM: - case TPM_RH_ENDORSEMENT: - break; - case TPM_RH_NULL: - if(!flag) - result = TPM_RC_VALUE; - break; - default: - result = TPM_RC_VALUE; - break; - } - } - return result; -} -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_RH_HIERARCHY_Marshal(TPMI_RH_HIERARCHY *source, BYTE **buffer, INT32 *size) -{ - return TPM_HANDLE_Marshal((TPM_HANDLE *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:52 - Definition of TPMI_RH_ENABLES Type -TPM_RC -TPMI_RH_ENABLES_Unmarshal(TPMI_RH_ENABLES *target, BYTE **buffer, INT32 *size, BOOL flag) -{ - TPM_RC result; - result = TPM_HANDLE_Unmarshal((TPM_HANDLE *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - switch (*target) - { - case TPM_RH_OWNER: - case TPM_RH_PLATFORM: - case TPM_RH_ENDORSEMENT: - case TPM_RH_PLATFORM_NV: - break; - case TPM_RH_NULL: - if(!flag) - result = TPM_RC_VALUE; - break; - default: - result = TPM_RC_VALUE; - break; - } - } - return result; -} -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_RH_ENABLES_Marshal(TPMI_RH_ENABLES *source, BYTE **buffer, INT32 *size) -{ - return TPM_HANDLE_Marshal((TPM_HANDLE *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:53 - Definition of TPMI_RH_HIERARCHY_AUTH Type -TPM_RC -TPMI_RH_HIERARCHY_AUTH_Unmarshal(TPMI_RH_HIERARCHY_AUTH *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = TPM_HANDLE_Unmarshal((TPM_HANDLE *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - switch (*target) - { - case TPM_RH_OWNER: - case TPM_RH_PLATFORM: - case TPM_RH_ENDORSEMENT: - case TPM_RH_LOCKOUT: - break; - default: - result = TPM_RC_VALUE; - break; - } - } - return result; -} - -// Table 2:54 - Definition of TPMI_RH_PLATFORM Type -TPM_RC -TPMI_RH_PLATFORM_Unmarshal(TPMI_RH_PLATFORM *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = TPM_HANDLE_Unmarshal((TPM_HANDLE *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - switch (*target) - { - case TPM_RH_PLATFORM: - break; - default: - result = TPM_RC_VALUE; - break; - } - } - return result; -} - -// Table 2:55 - Definition of TPMI_RH_OWNER Type -TPM_RC -TPMI_RH_OWNER_Unmarshal(TPMI_RH_OWNER *target, BYTE **buffer, INT32 *size, BOOL flag) -{ - TPM_RC result; - result = TPM_HANDLE_Unmarshal((TPM_HANDLE *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - switch (*target) - { - case TPM_RH_OWNER: - break; - case TPM_RH_NULL: - if(!flag) - result = TPM_RC_VALUE; - break; - default: - result = TPM_RC_VALUE; - break; - } - } - return result; -} - -// Table 2:56 - Definition of TPMI_RH_ENDORSEMENT Type -TPM_RC -TPMI_RH_ENDORSEMENT_Unmarshal(TPMI_RH_ENDORSEMENT *target, BYTE **buffer, INT32 *size, BOOL flag) -{ - TPM_RC result; - result = TPM_HANDLE_Unmarshal((TPM_HANDLE *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - switch (*target) - { - case TPM_RH_ENDORSEMENT: - break; - case TPM_RH_NULL: - if(!flag) - result = TPM_RC_VALUE; - break; - default: - result = TPM_RC_VALUE; - break; - } - } - return result; -} - -// Table 2:57 - Definition of TPMI_RH_PROVISION Type -TPM_RC -TPMI_RH_PROVISION_Unmarshal(TPMI_RH_PROVISION *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = TPM_HANDLE_Unmarshal((TPM_HANDLE *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - switch (*target) - { - case TPM_RH_OWNER: - case TPM_RH_PLATFORM: - break; - default: - result = TPM_RC_VALUE; - break; - } - } - return result; -} - -// Table 2:58 - Definition of TPMI_RH_CLEAR Type -TPM_RC -TPMI_RH_CLEAR_Unmarshal(TPMI_RH_CLEAR *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = TPM_HANDLE_Unmarshal((TPM_HANDLE *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - switch (*target) - { - case TPM_RH_LOCKOUT: - case TPM_RH_PLATFORM: - break; - default: - result = TPM_RC_VALUE; - break; - } - } - return result; -} - -// Table 2:59 - Definition of TPMI_RH_NV_AUTH Type -TPM_RC -TPMI_RH_NV_AUTH_Unmarshal(TPMI_RH_NV_AUTH *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = TPM_HANDLE_Unmarshal((TPM_HANDLE *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - switch (*target) - { - case TPM_RH_PLATFORM: - case TPM_RH_OWNER: - break; - default: - if((*target < NV_INDEX_FIRST) || (*target > NV_INDEX_LAST)) - result = TPM_RC_VALUE; - break; - } - } - return result; -} - -// Table 2:60 - Definition of TPMI_RH_LOCKOUT Type -TPM_RC -TPMI_RH_LOCKOUT_Unmarshal(TPMI_RH_LOCKOUT *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = TPM_HANDLE_Unmarshal((TPM_HANDLE *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - switch (*target) - { - case TPM_RH_LOCKOUT: - break; - default: - result = TPM_RC_VALUE; - break; - } - } - return result; -} - -// Table 2:61 - Definition of TPMI_RH_NV_INDEX Type -TPM_RC -TPMI_RH_NV_INDEX_Unmarshal(TPMI_RH_NV_INDEX *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = TPM_HANDLE_Unmarshal((TPM_HANDLE *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - if((*target < NV_INDEX_FIRST) || (*target > NV_INDEX_LAST)) - result = TPM_RC_VALUE; - } - return result; -} -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_RH_NV_INDEX_Marshal(TPMI_RH_NV_INDEX *source, BYTE **buffer, INT32 *size) -{ - return TPM_HANDLE_Marshal((TPM_HANDLE *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:62 - Definition of TPMI_RH_AC Type -TPM_RC -TPMI_RH_AC_Unmarshal(TPMI_RH_AC *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = TPM_HANDLE_Unmarshal((TPM_HANDLE *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - if((*target < AC_FIRST) || (*target > AC_LAST)) - result = TPM_RC_VALUE; - } - return result; -} - -// Table 2:63 - Definition of TPMI_ALG_HASH Type -TPM_RC -TPMI_ALG_HASH_Unmarshal(TPMI_ALG_HASH *target, BYTE **buffer, INT32 *size, BOOL flag) -{ - TPM_RC result; - result = TPM_ALG_ID_Unmarshal((TPM_ALG_ID *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - switch (*target) - { -#if ALG_SHA1 - case ALG_SHA1_VALUE: -#endif // ALG_SHA1 -#if ALG_SHA256 - case ALG_SHA256_VALUE: -#endif // ALG_SHA256 -#if ALG_SHA384 - case ALG_SHA384_VALUE: -#endif // ALG_SHA384 -#if ALG_SHA512 - case ALG_SHA512_VALUE: -#endif // ALG_SHA512 -#if ALG_SM3_256 - case ALG_SM3_256_VALUE: -#endif // ALG_SM3_256 -#if ALG_SHA3_256 - case ALG_SHA3_256_VALUE: -#endif // ALG_SHA3_256 -#if ALG_SHA3_384 - case ALG_SHA3_384_VALUE: -#endif // ALG_SHA3_384 -#if ALG_SHA3_512 - case ALG_SHA3_512_VALUE: -#endif // ALG_SHA3_512 - break; - case ALG_NULL_VALUE: - if(!flag) - result = TPM_RC_HASH; - break; - default: - result = TPM_RC_HASH; - break; - } - } - return result; -} -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_ALG_HASH_Marshal(TPMI_ALG_HASH *source, BYTE **buffer, INT32 *size) -{ - return TPM_ALG_ID_Marshal((TPM_ALG_ID *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:64 - Definition of TPMI_ALG_ASYM Type -TPM_RC -TPMI_ALG_ASYM_Unmarshal(TPMI_ALG_ASYM *target, BYTE **buffer, INT32 *size, BOOL flag) -{ - TPM_RC result; - result = TPM_ALG_ID_Unmarshal((TPM_ALG_ID *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - switch (*target) - { -#if ALG_RSA - case ALG_RSA_VALUE: -#endif // ALG_RSA -#if ALG_ECC - case ALG_ECC_VALUE: -#endif // ALG_ECC - break; - case ALG_NULL_VALUE: - if(!flag) - result = TPM_RC_ASYMMETRIC; - break; - default: - result = TPM_RC_ASYMMETRIC; - break; - } - } - return result; -} -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_ALG_ASYM_Marshal(TPMI_ALG_ASYM *source, BYTE **buffer, INT32 *size) -{ - return TPM_ALG_ID_Marshal((TPM_ALG_ID *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:65 - Definition of TPMI_ALG_SYM Type -TPM_RC -TPMI_ALG_SYM_Unmarshal(TPMI_ALG_SYM *target, BYTE **buffer, INT32 *size, BOOL flag) -{ - TPM_RC result; - result = TPM_ALG_ID_Unmarshal((TPM_ALG_ID *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - switch (*target) - { -#if ALG_TDES - case ALG_TDES_VALUE: -#endif // ALG_TDES -#if ALG_AES - case ALG_AES_VALUE: -#endif // ALG_AES -#if ALG_SM4 - case ALG_SM4_VALUE: -#endif // ALG_SM4 -#if ALG_CAMELLIA - case ALG_CAMELLIA_VALUE: -#endif // ALG_CAMELLIA -#if ALG_XOR - case ALG_XOR_VALUE: -#endif // ALG_XOR - break; - case ALG_NULL_VALUE: - if(!flag) - result = TPM_RC_SYMMETRIC; - break; - default: - result = TPM_RC_SYMMETRIC; - break; - } - } - return result; -} -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_ALG_SYM_Marshal(TPMI_ALG_SYM *source, BYTE **buffer, INT32 *size) -{ - return TPM_ALG_ID_Marshal((TPM_ALG_ID *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:66 - Definition of TPMI_ALG_SYM_OBJECT Type -TPM_RC -TPMI_ALG_SYM_OBJECT_Unmarshal(TPMI_ALG_SYM_OBJECT *target, BYTE **buffer, INT32 *size, BOOL flag) -{ - TPM_RC result; - result = TPM_ALG_ID_Unmarshal((TPM_ALG_ID *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - switch (*target) - { -#if ALG_TDES - case ALG_TDES_VALUE: -#endif // ALG_TDES -#if ALG_AES - case ALG_AES_VALUE: -#endif // ALG_AES -#if ALG_SM4 - case ALG_SM4_VALUE: -#endif // ALG_SM4 -#if ALG_CAMELLIA - case ALG_CAMELLIA_VALUE: -#endif // ALG_CAMELLIA - break; - case ALG_NULL_VALUE: - if(!flag) - result = TPM_RC_SYMMETRIC; - break; - default: - result = TPM_RC_SYMMETRIC; - break; - } - } - return result; -} -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_ALG_SYM_OBJECT_Marshal(TPMI_ALG_SYM_OBJECT *source, BYTE **buffer, INT32 *size) -{ - return TPM_ALG_ID_Marshal((TPM_ALG_ID *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:67 - Definition of TPMI_ALG_SYM_MODE Type -TPM_RC -TPMI_ALG_SYM_MODE_Unmarshal(TPMI_ALG_SYM_MODE *target, BYTE **buffer, INT32 *size, BOOL flag) -{ - TPM_RC result; - result = TPM_ALG_ID_Unmarshal((TPM_ALG_ID *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - switch (*target) - { -#if ALG_CTR - case ALG_CTR_VALUE: -#endif // ALG_CTR -#if ALG_OFB - case ALG_OFB_VALUE: -#endif // ALG_OFB -#if ALG_CBC - case ALG_CBC_VALUE: -#endif // ALG_CBC -#if ALG_CFB - case ALG_CFB_VALUE: -#endif // ALG_CFB -#if ALG_ECB - case ALG_ECB_VALUE: -#endif // ALG_ECB -#if ALG_CMAC - case ALG_CMAC_VALUE: -#endif // ALG_CMAC - break; - case ALG_NULL_VALUE: - if(!flag) - result = TPM_RC_MODE; - break; - default: - result = TPM_RC_MODE; - break; - } - } - return result; -} -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_ALG_SYM_MODE_Marshal(TPMI_ALG_SYM_MODE *source, BYTE **buffer, INT32 *size) -{ - return TPM_ALG_ID_Marshal((TPM_ALG_ID *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:68 - Definition of TPMI_ALG_KDF Type -TPM_RC -TPMI_ALG_KDF_Unmarshal(TPMI_ALG_KDF *target, BYTE **buffer, INT32 *size, BOOL flag) -{ - TPM_RC result; - result = TPM_ALG_ID_Unmarshal((TPM_ALG_ID *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - switch (*target) - { -#if ALG_MGF1 - case ALG_MGF1_VALUE: -#endif // ALG_MGF1 -#if ALG_KDF1_SP800_56A - case ALG_KDF1_SP800_56A_VALUE: -#endif // ALG_KDF1_SP800_56A -#if ALG_KDF2 - case ALG_KDF2_VALUE: -#endif // ALG_KDF2 -#if ALG_KDF1_SP800_108 - case ALG_KDF1_SP800_108_VALUE: -#endif // ALG_KDF1_SP800_108 - break; - case ALG_NULL_VALUE: - if(!flag) - result = TPM_RC_KDF; - break; - default: - result = TPM_RC_KDF; - break; - } - } - return result; -} -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_ALG_KDF_Marshal(TPMI_ALG_KDF *source, BYTE **buffer, INT32 *size) -{ - return TPM_ALG_ID_Marshal((TPM_ALG_ID *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:69 - Definition of TPMI_ALG_SIG_SCHEME Type -TPM_RC -TPMI_ALG_SIG_SCHEME_Unmarshal(TPMI_ALG_SIG_SCHEME *target, BYTE **buffer, INT32 *size, BOOL flag) -{ - TPM_RC result; - result = TPM_ALG_ID_Unmarshal((TPM_ALG_ID *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - switch (*target) - { -#if ALG_ECDAA - case ALG_ECDAA_VALUE: -#endif // ALG_ECDAA -#if ALG_RSASSA - case ALG_RSASSA_VALUE: -#endif // ALG_RSASSA -#if ALG_RSAPSS - case ALG_RSAPSS_VALUE: -#endif // ALG_RSAPSS -#if ALG_ECDSA - case ALG_ECDSA_VALUE: -#endif // ALG_ECDSA -#if ALG_SM2 - case ALG_SM2_VALUE: -#endif // ALG_SM2 -#if ALG_ECSCHNORR - case ALG_ECSCHNORR_VALUE: -#endif // ALG_ECSCHNORR -#if ALG_HMAC - case ALG_HMAC_VALUE: -#endif // ALG_HMAC - break; - case ALG_NULL_VALUE: - if(!flag) - result = TPM_RC_SCHEME; - break; - default: - result = TPM_RC_SCHEME; - break; - } - } - return result; -} -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_ALG_SIG_SCHEME_Marshal(TPMI_ALG_SIG_SCHEME *source, BYTE **buffer, INT32 *size) -{ - return TPM_ALG_ID_Marshal((TPM_ALG_ID *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:70 - Definition of TPMI_ECC_KEY_EXCHANGE Type -#if ALG_ECC -TPM_RC -TPMI_ECC_KEY_EXCHANGE_Unmarshal(TPMI_ECC_KEY_EXCHANGE *target, BYTE **buffer, INT32 *size, BOOL flag) -{ - TPM_RC result; - result = TPM_ALG_ID_Unmarshal((TPM_ALG_ID *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - switch (*target) - { -#if ALG_ECDH - case ALG_ECDH_VALUE: -#endif // ALG_ECDH -#if ALG_ECMQV - case ALG_ECMQV_VALUE: -#endif // ALG_ECMQV -#if ALG_SM2 - case ALG_SM2_VALUE: -#endif // ALG_SM2 - break; - case ALG_NULL_VALUE: - if(!flag) - result = TPM_RC_SCHEME; - break; - default: - result = TPM_RC_SCHEME; - break; - } - } - return result; -} -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_ECC_KEY_EXCHANGE_Marshal(TPMI_ECC_KEY_EXCHANGE *source, BYTE **buffer, INT32 *size) -{ - return TPM_ALG_ID_Marshal((TPM_ALG_ID *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES -#endif // ALG_ECC - -// Table 2:71 - Definition of TPMI_ST_COMMAND_TAG Type -TPM_RC -TPMI_ST_COMMAND_TAG_Unmarshal(TPMI_ST_COMMAND_TAG *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = TPM_ST_Unmarshal((TPM_ST *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - switch (*target) - { - case TPM_ST_NO_SESSIONS: - case TPM_ST_SESSIONS: - break; - default: - result = TPM_RC_BAD_TAG; - break; - } - } - return result; -} -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_ST_COMMAND_TAG_Marshal(TPMI_ST_COMMAND_TAG *source, BYTE **buffer, INT32 *size) -{ - return TPM_ST_Marshal((TPM_ST *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:72 - Definition of TPMI_ALG_MAC_SCHEME Type -TPM_RC -TPMI_ALG_MAC_SCHEME_Unmarshal(TPMI_ALG_MAC_SCHEME *target, BYTE **buffer, INT32 *size, BOOL flag) -{ - TPM_RC result; - result = TPM_ALG_ID_Unmarshal((TPM_ALG_ID *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - switch (*target) - { -#if ALG_CMAC - case ALG_CMAC_VALUE: -#endif // ALG_CMAC -#if ALG_SHA1 - case ALG_SHA1_VALUE: -#endif // ALG_SHA1 -#if ALG_SHA256 - case ALG_SHA256_VALUE: -#endif // ALG_SHA256 -#if ALG_SHA384 - case ALG_SHA384_VALUE: -#endif // ALG_SHA384 -#if ALG_SHA512 - case ALG_SHA512_VALUE: -#endif // ALG_SHA512 -#if ALG_SM3_256 - case ALG_SM3_256_VALUE: -#endif // ALG_SM3_256 -#if ALG_SHA3_256 - case ALG_SHA3_256_VALUE: -#endif // ALG_SHA3_256 -#if ALG_SHA3_384 - case ALG_SHA3_384_VALUE: -#endif // ALG_SHA3_384 -#if ALG_SHA3_512 - case ALG_SHA3_512_VALUE: -#endif // ALG_SHA3_512 - break; - case ALG_NULL_VALUE: - if(!flag) - result = TPM_RC_SYMMETRIC; - break; - default: - result = TPM_RC_SYMMETRIC; - break; - } - } - return result; -} -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_ALG_MAC_SCHEME_Marshal(TPMI_ALG_MAC_SCHEME *source, BYTE **buffer, INT32 *size) -{ - return TPM_ALG_ID_Marshal((TPM_ALG_ID *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:73 - Definition of TPMI_ALG_CIPHER_MODE Type -TPM_RC -TPMI_ALG_CIPHER_MODE_Unmarshal(TPMI_ALG_CIPHER_MODE *target, BYTE **buffer, INT32 *size, BOOL flag) -{ - TPM_RC result; - result = TPM_ALG_ID_Unmarshal((TPM_ALG_ID *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - switch (*target) - { -#if ALG_CTR - case ALG_CTR_VALUE: -#endif // ALG_CTR -#if ALG_OFB - case ALG_OFB_VALUE: -#endif // ALG_OFB -#if ALG_CBC - case ALG_CBC_VALUE: -#endif // ALG_CBC -#if ALG_CFB - case ALG_CFB_VALUE: -#endif // ALG_CFB -#if ALG_ECB - case ALG_ECB_VALUE: -#endif // ALG_ECB - break; - case ALG_NULL_VALUE: - if(!flag) - result = TPM_RC_MODE; - break; - default: - result = TPM_RC_MODE; - break; - } - } - return result; -} -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_ALG_CIPHER_MODE_Marshal(TPMI_ALG_CIPHER_MODE *source, BYTE **buffer, INT32 *size) -{ - return TPM_ALG_ID_Marshal((TPM_ALG_ID *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:74 - Definition of TPMS_EMPTY Structure -TPM_RC -TPMS_EMPTY_Unmarshal(TPMS_EMPTY *target, BYTE **buffer, INT32 *size) -{ - // to prevent the compiler from complaining - NOT_REFERENCED(target); - NOT_REFERENCED(buffer); - NOT_REFERENCED(size); - return TPM_RC_SUCCESS; -} -UINT16 -TPMS_EMPTY_Marshal(TPMS_EMPTY *source, BYTE **buffer, INT32 *size) -{ - // to prevent the compiler from complaining - NOT_REFERENCED(source); - NOT_REFERENCED(buffer); - NOT_REFERENCED(size); - return 0; -} - -// Table 2:75 - Definition of TPMS_ALGORITHM_DESCRIPTION Structure -UINT16 -TPMS_ALGORITHM_DESCRIPTION_Marshal(TPMS_ALGORITHM_DESCRIPTION *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + TPM_ALG_ID_Marshal((TPM_ALG_ID *)&(source->alg), buffer, size)); - result = (UINT16)(result + TPMA_ALGORITHM_Marshal((TPMA_ALGORITHM *)&(source->attributes), buffer, size)); - return result; -} - -// Table 2:76 - Definition of TPMU_HA Union -TPM_RC -TPMU_HA_Unmarshal(TPMU_HA *target, BYTE **buffer, INT32 *size, UINT32 selector) -{ - switch(selector) { -#if ALG_SHA1 - case ALG_SHA1_VALUE: - return BYTE_Array_Unmarshal((BYTE *)(target->sha1), buffer, size, (INT32)SHA1_DIGEST_SIZE); -#endif // ALG_SHA1 -#if ALG_SHA256 - case ALG_SHA256_VALUE: - return BYTE_Array_Unmarshal((BYTE *)(target->sha256), buffer, size, (INT32)SHA256_DIGEST_SIZE); -#endif // ALG_SHA256 -#if ALG_SHA384 - case ALG_SHA384_VALUE: - return BYTE_Array_Unmarshal((BYTE *)(target->sha384), buffer, size, (INT32)SHA384_DIGEST_SIZE); -#endif // ALG_SHA384 -#if ALG_SHA512 - case ALG_SHA512_VALUE: - return BYTE_Array_Unmarshal((BYTE *)(target->sha512), buffer, size, (INT32)SHA512_DIGEST_SIZE); -#endif // ALG_SHA512 -#if ALG_SM3_256 - case ALG_SM3_256_VALUE: - return BYTE_Array_Unmarshal((BYTE *)(target->sm3_256), buffer, size, (INT32)SM3_256_DIGEST_SIZE); -#endif // ALG_SM3_256 -#if ALG_SHA3_256 - case ALG_SHA3_256_VALUE: - return BYTE_Array_Unmarshal((BYTE *)(target->sha3_256), buffer, size, (INT32)SHA3_256_DIGEST_SIZE); -#endif // ALG_SHA3_256 -#if ALG_SHA3_384 - case ALG_SHA3_384_VALUE: - return BYTE_Array_Unmarshal((BYTE *)(target->sha3_384), buffer, size, (INT32)SHA3_384_DIGEST_SIZE); -#endif // ALG_SHA3_384 -#if ALG_SHA3_512 - case ALG_SHA3_512_VALUE: - return BYTE_Array_Unmarshal((BYTE *)(target->sha3_512), buffer, size, (INT32)SHA3_512_DIGEST_SIZE); -#endif // ALG_SHA3_512 - case ALG_NULL_VALUE: - return TPM_RC_SUCCESS; - } - return TPM_RC_SELECTOR; -} -UINT16 -TPMU_HA_Marshal(TPMU_HA *source, BYTE **buffer, INT32 *size, UINT32 selector) -{ - switch(selector) { -#if ALG_SHA1 - case ALG_SHA1_VALUE: - return BYTE_Array_Marshal((BYTE *)(source->sha1), buffer, size, (INT32)SHA1_DIGEST_SIZE); -#endif // ALG_SHA1 -#if ALG_SHA256 - case ALG_SHA256_VALUE: - return BYTE_Array_Marshal((BYTE *)(source->sha256), buffer, size, (INT32)SHA256_DIGEST_SIZE); -#endif // ALG_SHA256 -#if ALG_SHA384 - case ALG_SHA384_VALUE: - return BYTE_Array_Marshal((BYTE *)(source->sha384), buffer, size, (INT32)SHA384_DIGEST_SIZE); -#endif // ALG_SHA384 -#if ALG_SHA512 - case ALG_SHA512_VALUE: - return BYTE_Array_Marshal((BYTE *)(source->sha512), buffer, size, (INT32)SHA512_DIGEST_SIZE); -#endif // ALG_SHA512 -#if ALG_SM3_256 - case ALG_SM3_256_VALUE: - return BYTE_Array_Marshal((BYTE *)(source->sm3_256), buffer, size, (INT32)SM3_256_DIGEST_SIZE); -#endif // ALG_SM3_256 -#if ALG_SHA3_256 - case ALG_SHA3_256_VALUE: - return BYTE_Array_Marshal((BYTE *)(source->sha3_256), buffer, size, (INT32)SHA3_256_DIGEST_SIZE); -#endif // ALG_SHA3_256 -#if ALG_SHA3_384 - case ALG_SHA3_384_VALUE: - return BYTE_Array_Marshal((BYTE *)(source->sha3_384), buffer, size, (INT32)SHA3_384_DIGEST_SIZE); -#endif // ALG_SHA3_384 -#if ALG_SHA3_512 - case ALG_SHA3_512_VALUE: - return BYTE_Array_Marshal((BYTE *)(source->sha3_512), buffer, size, (INT32)SHA3_512_DIGEST_SIZE); -#endif // ALG_SHA3_512 - case ALG_NULL_VALUE: - return 0; - } - return 0; -} - -// Table 2:77 - Definition of TPMT_HA Structure -TPM_RC -TPMT_HA_Unmarshal(TPMT_HA *target, BYTE **buffer, INT32 *size, BOOL flag) -{ - TPM_RC result; - result = TPMI_ALG_HASH_Unmarshal((TPMI_ALG_HASH *)&(target->hashAlg), buffer, size, flag); - if(result == TPM_RC_SUCCESS) - result = TPMU_HA_Unmarshal((TPMU_HA *)&(target->digest), buffer, size, (UINT32)target->hashAlg); - return result; -} -UINT16 -TPMT_HA_Marshal(TPMT_HA *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + TPMI_ALG_HASH_Marshal((TPMI_ALG_HASH *)&(source->hashAlg), buffer, size)); - result = (UINT16)(result + TPMU_HA_Marshal((TPMU_HA *)&(source->digest), buffer, size, (UINT32)source->hashAlg)); - return result; -} - -// Table 2:78 - Definition of TPM2B_DIGEST Structure -TPM_RC -TPM2B_DIGEST_Unmarshal(TPM2B_DIGEST *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = UINT16_Unmarshal((UINT16 *)&(target->t.size), buffer, size); - if(result == TPM_RC_SUCCESS) - { - if((target->t.size) > sizeof(TPMU_HA)) - result = TPM_RC_SIZE; - else - result = BYTE_Array_Unmarshal((BYTE *)(target->t.buffer), buffer, size, (INT32)(target->t.size)); - } - return result; -} -UINT16 -TPM2B_DIGEST_Marshal(TPM2B_DIGEST *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->t.size), buffer, size)); - // if size equal to 0, the rest of the structure is a zero buffer. Stop processing - if(source->t.size == 0) - return result; - result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->t.buffer), buffer, size, (INT32)(source->t.size))); - return result; -} - -// Table 2:79 - Definition of TPM2B_DATA Structure -TPM_RC -TPM2B_DATA_Unmarshal(TPM2B_DATA *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = UINT16_Unmarshal((UINT16 *)&(target->t.size), buffer, size); - if(result == TPM_RC_SUCCESS) - { - if((target->t.size) > sizeof(TPMT_HA)) - result = TPM_RC_SIZE; - else - result = BYTE_Array_Unmarshal((BYTE *)(target->t.buffer), buffer, size, (INT32)(target->t.size)); - } - return result; -} -UINT16 -TPM2B_DATA_Marshal(TPM2B_DATA *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->t.size), buffer, size)); - // if size equal to 0, the rest of the structure is a zero buffer. Stop processing - if(source->t.size == 0) - return result; - result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->t.buffer), buffer, size, (INT32)(source->t.size))); - return result; -} - -// Table 2:80 - Definition of Types for TPM2B_NONCE -#if !USE_MARSHALING_DEFINES -TPM_RC -TPM2B_NONCE_Unmarshal(TPM2B_NONCE *target, BYTE **buffer, INT32 *size) -{ - return TPM2B_DIGEST_Unmarshal((TPM2B_DIGEST *)target, buffer, size); -} -UINT16 -TPM2B_NONCE_Marshal(TPM2B_NONCE *source, BYTE **buffer, INT32 *size) -{ - return TPM2B_DIGEST_Marshal((TPM2B_DIGEST *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:81 - Definition of Types for TPM2B_AUTH -#if !USE_MARSHALING_DEFINES -TPM_RC -TPM2B_AUTH_Unmarshal(TPM2B_AUTH *target, BYTE **buffer, INT32 *size) -{ - return TPM2B_DIGEST_Unmarshal((TPM2B_DIGEST *)target, buffer, size); -} -UINT16 -TPM2B_AUTH_Marshal(TPM2B_AUTH *source, BYTE **buffer, INT32 *size) -{ - return TPM2B_DIGEST_Marshal((TPM2B_DIGEST *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:82 - Definition of Types for TPM2B_OPERAND -#if !USE_MARSHALING_DEFINES -TPM_RC -TPM2B_OPERAND_Unmarshal(TPM2B_OPERAND *target, BYTE **buffer, INT32 *size) -{ - return TPM2B_DIGEST_Unmarshal((TPM2B_DIGEST *)target, buffer, size); -} -UINT16 -TPM2B_OPERAND_Marshal(TPM2B_OPERAND *source, BYTE **buffer, INT32 *size) -{ - return TPM2B_DIGEST_Marshal((TPM2B_DIGEST *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:83 - Definition of TPM2B_EVENT Structure -TPM_RC -TPM2B_EVENT_Unmarshal(TPM2B_EVENT *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = UINT16_Unmarshal((UINT16 *)&(target->t.size), buffer, size); - if(result == TPM_RC_SUCCESS) - { - if((target->t.size) > 1024) - result = TPM_RC_SIZE; - else - result = BYTE_Array_Unmarshal((BYTE *)(target->t.buffer), buffer, size, (INT32)(target->t.size)); - } - return result; -} -UINT16 -TPM2B_EVENT_Marshal(TPM2B_EVENT *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->t.size), buffer, size)); - // if size equal to 0, the rest of the structure is a zero buffer. Stop processing - if(source->t.size == 0) - return result; - result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->t.buffer), buffer, size, (INT32)(source->t.size))); - return result; -} - -// Table 2:84 - Definition of TPM2B_MAX_BUFFER Structure -TPM_RC -TPM2B_MAX_BUFFER_Unmarshal(TPM2B_MAX_BUFFER *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = UINT16_Unmarshal((UINT16 *)&(target->t.size), buffer, size); - if(result == TPM_RC_SUCCESS) - { - if((target->t.size) > MAX_DIGEST_BUFFER) - result = TPM_RC_SIZE; - else - result = BYTE_Array_Unmarshal((BYTE *)(target->t.buffer), buffer, size, (INT32)(target->t.size)); - } - return result; -} -UINT16 -TPM2B_MAX_BUFFER_Marshal(TPM2B_MAX_BUFFER *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->t.size), buffer, size)); - // if size equal to 0, the rest of the structure is a zero buffer. Stop processing - if(source->t.size == 0) - return result; - result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->t.buffer), buffer, size, (INT32)(source->t.size))); - return result; -} - -// Table 2:85 - Definition of TPM2B_MAX_NV_BUFFER Structure -TPM_RC -TPM2B_MAX_NV_BUFFER_Unmarshal(TPM2B_MAX_NV_BUFFER *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = UINT16_Unmarshal((UINT16 *)&(target->t.size), buffer, size); - if(result == TPM_RC_SUCCESS) - { - if((target->t.size) > MAX_NV_BUFFER_SIZE) - result = TPM_RC_SIZE; - else - result = BYTE_Array_Unmarshal((BYTE *)(target->t.buffer), buffer, size, (INT32)(target->t.size)); - } - return result; -} -UINT16 -TPM2B_MAX_NV_BUFFER_Marshal(TPM2B_MAX_NV_BUFFER *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->t.size), buffer, size)); - // if size equal to 0, the rest of the structure is a zero buffer. Stop processing - if(source->t.size == 0) - return result; - result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->t.buffer), buffer, size, (INT32)(source->t.size))); - return result; -} - -// Table 2:86 - Definition of TPM2B_TIMEOUT Structure -TPM_RC -TPM2B_TIMEOUT_Unmarshal(TPM2B_TIMEOUT *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = UINT16_Unmarshal((UINT16 *)&(target->t.size), buffer, size); - if(result == TPM_RC_SUCCESS) - { - if((target->t.size) > sizeof(UINT64)) - result = TPM_RC_SIZE; - else - result = BYTE_Array_Unmarshal((BYTE *)(target->t.buffer), buffer, size, (INT32)(target->t.size)); - } - return result; -} -UINT16 -TPM2B_TIMEOUT_Marshal(TPM2B_TIMEOUT *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->t.size), buffer, size)); - // if size equal to 0, the rest of the structure is a zero buffer. Stop processing - if(source->t.size == 0) - return result; - result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->t.buffer), buffer, size, (INT32)(source->t.size))); - return result; -} - -// Table 2:87 - Definition of TPM2B_IV Structure -TPM_RC -TPM2B_IV_Unmarshal(TPM2B_IV *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = UINT16_Unmarshal((UINT16 *)&(target->t.size), buffer, size); - if(result == TPM_RC_SUCCESS) - { - if((target->t.size) > MAX_SYM_BLOCK_SIZE) - result = TPM_RC_SIZE; - else - result = BYTE_Array_Unmarshal((BYTE *)(target->t.buffer), buffer, size, (INT32)(target->t.size)); - } - return result; -} -UINT16 -TPM2B_IV_Marshal(TPM2B_IV *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->t.size), buffer, size)); - // if size equal to 0, the rest of the structure is a zero buffer. Stop processing - if(source->t.size == 0) - return result; - result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->t.buffer), buffer, size, (INT32)(source->t.size))); - return result; -} - -// Table 2:88 - Definition of TPMU_NAME Union -// Table 2:89 - Definition of TPM2B_NAME Structure -TPM_RC -TPM2B_NAME_Unmarshal(TPM2B_NAME *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = UINT16_Unmarshal((UINT16 *)&(target->t.size), buffer, size); - if(result == TPM_RC_SUCCESS) - { - if((target->t.size) > sizeof(TPMU_NAME)) - result = TPM_RC_SIZE; - else - result = BYTE_Array_Unmarshal((BYTE *)(target->t.name), buffer, size, (INT32)(target->t.size)); - } - return result; -} -UINT16 -TPM2B_NAME_Marshal(TPM2B_NAME *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->t.size), buffer, size)); - // if size equal to 0, the rest of the structure is a zero buffer. Stop processing - if(source->t.size == 0) - return result; - result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->t.name), buffer, size, (INT32)(source->t.size))); - return result; -} - -// Table 2:90 - Definition of TPMS_PCR_SELECT Structure -TPM_RC -TPMS_PCR_SELECT_Unmarshal(TPMS_PCR_SELECT *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = UINT8_Unmarshal((UINT8 *)&(target->sizeofSelect), buffer, size); - if( (result == TPM_RC_SUCCESS) - && (target->sizeofSelect < PCR_SELECT_MIN)) - result = TPM_RC_VALUE; - if(result == TPM_RC_SUCCESS) - { - if((target->sizeofSelect) > PCR_SELECT_MAX) - result = TPM_RC_VALUE; - else - result = BYTE_Array_Unmarshal((BYTE *)(target->pcrSelect), buffer, size, (INT32)(target->sizeofSelect)); - } - return result; -} -UINT16 -TPMS_PCR_SELECT_Marshal(TPMS_PCR_SELECT *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + UINT8_Marshal((UINT8 *)&(source->sizeofSelect), buffer, size)); - result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->pcrSelect), buffer, size, (INT32)(source->sizeofSelect))); - return result; -} - -// Table 2:91 - Definition of TPMS_PCR_SELECTION Structure -TPM_RC -TPMS_PCR_SELECTION_Unmarshal(TPMS_PCR_SELECTION *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = TPMI_ALG_HASH_Unmarshal((TPMI_ALG_HASH *)&(target->hash), buffer, size, 0); - if(result == TPM_RC_SUCCESS) - result = UINT8_Unmarshal((UINT8 *)&(target->sizeofSelect), buffer, size); - if( (result == TPM_RC_SUCCESS) - && (target->sizeofSelect < PCR_SELECT_MIN)) - result = TPM_RC_VALUE; - if(result == TPM_RC_SUCCESS) - { - if((target->sizeofSelect) > PCR_SELECT_MAX) - result = TPM_RC_VALUE; - else - result = BYTE_Array_Unmarshal((BYTE *)(target->pcrSelect), buffer, size, (INT32)(target->sizeofSelect)); - } - return result; -} -UINT16 -TPMS_PCR_SELECTION_Marshal(TPMS_PCR_SELECTION *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + TPMI_ALG_HASH_Marshal((TPMI_ALG_HASH *)&(source->hash), buffer, size)); - result = (UINT16)(result + UINT8_Marshal((UINT8 *)&(source->sizeofSelect), buffer, size)); - result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->pcrSelect), buffer, size, (INT32)(source->sizeofSelect))); - return result; -} - -// Table 2:94 - Definition of TPMT_TK_CREATION Structure -TPM_RC -TPMT_TK_CREATION_Unmarshal(TPMT_TK_CREATION *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = TPM_ST_Unmarshal((TPM_ST *)&(target->tag), buffer, size); - if( (result == TPM_RC_SUCCESS) - && (target->tag != TPM_ST_CREATION)) - result = TPM_RC_TAG; - if(result == TPM_RC_SUCCESS) - result = TPMI_RH_HIERARCHY_Unmarshal((TPMI_RH_HIERARCHY *)&(target->hierarchy), buffer, size, 1); - if(result == TPM_RC_SUCCESS) - result = TPM2B_DIGEST_Unmarshal((TPM2B_DIGEST *)&(target->digest), buffer, size); - return result; -} -UINT16 -TPMT_TK_CREATION_Marshal(TPMT_TK_CREATION *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + TPM_ST_Marshal((TPM_ST *)&(source->tag), buffer, size)); - result = (UINT16)(result + TPMI_RH_HIERARCHY_Marshal((TPMI_RH_HIERARCHY *)&(source->hierarchy), buffer, size)); - result = (UINT16)(result + TPM2B_DIGEST_Marshal((TPM2B_DIGEST *)&(source->digest), buffer, size)); - return result; -} - -// Table 2:95 - Definition of TPMT_TK_VERIFIED Structure -TPM_RC -TPMT_TK_VERIFIED_Unmarshal(TPMT_TK_VERIFIED *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = TPM_ST_Unmarshal((TPM_ST *)&(target->tag), buffer, size); - if( (result == TPM_RC_SUCCESS) - && (target->tag != TPM_ST_VERIFIED)) - result = TPM_RC_TAG; - if(result == TPM_RC_SUCCESS) - result = TPMI_RH_HIERARCHY_Unmarshal((TPMI_RH_HIERARCHY *)&(target->hierarchy), buffer, size, 1); - if(result == TPM_RC_SUCCESS) - result = TPM2B_DIGEST_Unmarshal((TPM2B_DIGEST *)&(target->digest), buffer, size); - return result; -} -UINT16 -TPMT_TK_VERIFIED_Marshal(TPMT_TK_VERIFIED *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + TPM_ST_Marshal((TPM_ST *)&(source->tag), buffer, size)); - result = (UINT16)(result + TPMI_RH_HIERARCHY_Marshal((TPMI_RH_HIERARCHY *)&(source->hierarchy), buffer, size)); - result = (UINT16)(result + TPM2B_DIGEST_Marshal((TPM2B_DIGEST *)&(source->digest), buffer, size)); - return result; -} - -// Table 2:96 - Definition of TPMT_TK_AUTH Structure -TPM_RC -TPMT_TK_AUTH_Unmarshal(TPMT_TK_AUTH *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = TPM_ST_Unmarshal((TPM_ST *)&(target->tag), buffer, size); - if( (result == TPM_RC_SUCCESS) - && (target->tag != TPM_ST_AUTH_SIGNED) - && (target->tag != TPM_ST_AUTH_SECRET)) - result = TPM_RC_TAG; - if(result == TPM_RC_SUCCESS) - result = TPMI_RH_HIERARCHY_Unmarshal((TPMI_RH_HIERARCHY *)&(target->hierarchy), buffer, size, 1); - if(result == TPM_RC_SUCCESS) - result = TPM2B_DIGEST_Unmarshal((TPM2B_DIGEST *)&(target->digest), buffer, size); - return result; -} -UINT16 -TPMT_TK_AUTH_Marshal(TPMT_TK_AUTH *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + TPM_ST_Marshal((TPM_ST *)&(source->tag), buffer, size)); - result = (UINT16)(result + TPMI_RH_HIERARCHY_Marshal((TPMI_RH_HIERARCHY *)&(source->hierarchy), buffer, size)); - result = (UINT16)(result + TPM2B_DIGEST_Marshal((TPM2B_DIGEST *)&(source->digest), buffer, size)); - return result; -} - -// Table 2:97 - Definition of TPMT_TK_HASHCHECK Structure -TPM_RC -TPMT_TK_HASHCHECK_Unmarshal(TPMT_TK_HASHCHECK *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = TPM_ST_Unmarshal((TPM_ST *)&(target->tag), buffer, size); - if( (result == TPM_RC_SUCCESS) - && (target->tag != TPM_ST_HASHCHECK)) - result = TPM_RC_TAG; - if(result == TPM_RC_SUCCESS) - result = TPMI_RH_HIERARCHY_Unmarshal((TPMI_RH_HIERARCHY *)&(target->hierarchy), buffer, size, 1); - if(result == TPM_RC_SUCCESS) - result = TPM2B_DIGEST_Unmarshal((TPM2B_DIGEST *)&(target->digest), buffer, size); - return result; -} -UINT16 -TPMT_TK_HASHCHECK_Marshal(TPMT_TK_HASHCHECK *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + TPM_ST_Marshal((TPM_ST *)&(source->tag), buffer, size)); - result = (UINT16)(result + TPMI_RH_HIERARCHY_Marshal((TPMI_RH_HIERARCHY *)&(source->hierarchy), buffer, size)); - result = (UINT16)(result + TPM2B_DIGEST_Marshal((TPM2B_DIGEST *)&(source->digest), buffer, size)); - return result; -} - -// Table 2:98 - Definition of TPMS_ALG_PROPERTY Structure -UINT16 -TPMS_ALG_PROPERTY_Marshal(TPMS_ALG_PROPERTY *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + TPM_ALG_ID_Marshal((TPM_ALG_ID *)&(source->alg), buffer, size)); - result = (UINT16)(result + TPMA_ALGORITHM_Marshal((TPMA_ALGORITHM *)&(source->algProperties), buffer, size)); - return result; -} - -// Table 2:99 - Definition of TPMS_TAGGED_PROPERTY Structure -UINT16 -TPMS_TAGGED_PROPERTY_Marshal(TPMS_TAGGED_PROPERTY *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + TPM_PT_Marshal((TPM_PT *)&(source->property), buffer, size)); - result = (UINT16)(result + UINT32_Marshal((UINT32 *)&(source->value), buffer, size)); - return result; -} - -// Table 2:100 - Definition of TPMS_TAGGED_PCR_SELECT Structure -UINT16 -TPMS_TAGGED_PCR_SELECT_Marshal(TPMS_TAGGED_PCR_SELECT *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + TPM_PT_PCR_Marshal((TPM_PT_PCR *)&(source->tag), buffer, size)); - result = (UINT16)(result + UINT8_Marshal((UINT8 *)&(source->sizeofSelect), buffer, size)); - result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->pcrSelect), buffer, size, (INT32)(source->sizeofSelect))); - return result; -} - -// Table 2:101 - Definition of TPMS_TAGGED_POLICY Structure -UINT16 -TPMS_TAGGED_POLICY_Marshal(TPMS_TAGGED_POLICY *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + TPM_HANDLE_Marshal((TPM_HANDLE *)&(source->handle), buffer, size)); - result = (UINT16)(result + TPMT_HA_Marshal((TPMT_HA *)&(source->policyHash), buffer, size)); - return result; -} - -// Table 2:102 - Definition of TPML_CC Structure -TPM_RC -TPML_CC_Unmarshal(TPML_CC *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = UINT32_Unmarshal((UINT32 *)&(target->count), buffer, size); - if(result == TPM_RC_SUCCESS) - { - if((target->count) > MAX_CAP_CC) - result = TPM_RC_SIZE; - else - result = TPM_CC_Array_Unmarshal((TPM_CC *)(target->commandCodes), buffer, size, (INT32)(target->count)); - } - return result; -} -UINT16 -TPML_CC_Marshal(TPML_CC *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + UINT32_Marshal((UINT32 *)&(source->count), buffer, size)); - result = (UINT16)(result + TPM_CC_Array_Marshal((TPM_CC *)(source->commandCodes), buffer, size, (INT32)(source->count))); - return result; -} - -// Table 2:103 - Definition of TPML_CCA Structure -UINT16 -TPML_CCA_Marshal(TPML_CCA *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + UINT32_Marshal((UINT32 *)&(source->count), buffer, size)); - result = (UINT16)(result + TPMA_CC_Array_Marshal((TPMA_CC *)(source->commandAttributes), buffer, size, (INT32)(source->count))); - return result; -} - -// Table 2:104 - Definition of TPML_ALG Structure -TPM_RC -TPML_ALG_Unmarshal(TPML_ALG *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = UINT32_Unmarshal((UINT32 *)&(target->count), buffer, size); - if(result == TPM_RC_SUCCESS) - { - if((target->count) > MAX_ALG_LIST_SIZE) - result = TPM_RC_SIZE; - else - result = TPM_ALG_ID_Array_Unmarshal((TPM_ALG_ID *)(target->algorithms), buffer, size, (INT32)(target->count)); - } - return result; -} -UINT16 -TPML_ALG_Marshal(TPML_ALG *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + UINT32_Marshal((UINT32 *)&(source->count), buffer, size)); - result = (UINT16)(result + TPM_ALG_ID_Array_Marshal((TPM_ALG_ID *)(source->algorithms), buffer, size, (INT32)(source->count))); - return result; -} - -// Table 2:105 - Definition of TPML_HANDLE Structure -UINT16 -TPML_HANDLE_Marshal(TPML_HANDLE *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + UINT32_Marshal((UINT32 *)&(source->count), buffer, size)); - result = (UINT16)(result + TPM_HANDLE_Array_Marshal((TPM_HANDLE *)(source->handle), buffer, size, (INT32)(source->count))); - return result; -} - -// Table 2:106 - Definition of TPML_DIGEST Structure -TPM_RC -TPML_DIGEST_Unmarshal(TPML_DIGEST *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = UINT32_Unmarshal((UINT32 *)&(target->count), buffer, size); - if( (result == TPM_RC_SUCCESS) - && (target->count < 2)) - result = TPM_RC_SIZE; - if(result == TPM_RC_SUCCESS) - { - if((target->count) > 8) - result = TPM_RC_SIZE; - else - result = TPM2B_DIGEST_Array_Unmarshal((TPM2B_DIGEST *)(target->digests), buffer, size, (INT32)(target->count)); - } - return result; -} -UINT16 -TPML_DIGEST_Marshal(TPML_DIGEST *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + UINT32_Marshal((UINT32 *)&(source->count), buffer, size)); - result = (UINT16)(result + TPM2B_DIGEST_Array_Marshal((TPM2B_DIGEST *)(source->digests), buffer, size, (INT32)(source->count))); - return result; -} - -// Table 2:107 - Definition of TPML_DIGEST_VALUES Structure -TPM_RC -TPML_DIGEST_VALUES_Unmarshal(TPML_DIGEST_VALUES *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = UINT32_Unmarshal((UINT32 *)&(target->count), buffer, size); - if(result == TPM_RC_SUCCESS) - { - if((target->count) > HASH_COUNT) - result = TPM_RC_SIZE; - else - result = TPMT_HA_Array_Unmarshal((TPMT_HA *)(target->digests), buffer, size, 0, (INT32)(target->count)); - } - return result; -} -UINT16 -TPML_DIGEST_VALUES_Marshal(TPML_DIGEST_VALUES *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + UINT32_Marshal((UINT32 *)&(source->count), buffer, size)); - result = (UINT16)(result + TPMT_HA_Array_Marshal((TPMT_HA *)(source->digests), buffer, size, (INT32)(source->count))); - return result; -} - -// Table 2:108 - Definition of TPML_PCR_SELECTION Structure -TPM_RC -TPML_PCR_SELECTION_Unmarshal(TPML_PCR_SELECTION *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = UINT32_Unmarshal((UINT32 *)&(target->count), buffer, size); - if(result == TPM_RC_SUCCESS) - { - if((target->count) > HASH_COUNT) - result = TPM_RC_SIZE; - else - result = TPMS_PCR_SELECTION_Array_Unmarshal((TPMS_PCR_SELECTION *)(target->pcrSelections), buffer, size, (INT32)(target->count)); - } - return result; -} -UINT16 -TPML_PCR_SELECTION_Marshal(TPML_PCR_SELECTION *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + UINT32_Marshal((UINT32 *)&(source->count), buffer, size)); - result = (UINT16)(result + TPMS_PCR_SELECTION_Array_Marshal((TPMS_PCR_SELECTION *)(source->pcrSelections), buffer, size, (INT32)(source->count))); - return result; -} - -// Table 2:109 - Definition of TPML_ALG_PROPERTY Structure -UINT16 -TPML_ALG_PROPERTY_Marshal(TPML_ALG_PROPERTY *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + UINT32_Marshal((UINT32 *)&(source->count), buffer, size)); - result = (UINT16)(result + TPMS_ALG_PROPERTY_Array_Marshal((TPMS_ALG_PROPERTY *)(source->algProperties), buffer, size, (INT32)(source->count))); - return result; -} - -// Table 2:110 - Definition of TPML_TAGGED_TPM_PROPERTY Structure -UINT16 -TPML_TAGGED_TPM_PROPERTY_Marshal(TPML_TAGGED_TPM_PROPERTY *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + UINT32_Marshal((UINT32 *)&(source->count), buffer, size)); - result = (UINT16)(result + TPMS_TAGGED_PROPERTY_Array_Marshal((TPMS_TAGGED_PROPERTY *)(source->tpmProperty), buffer, size, (INT32)(source->count))); - return result; -} - -// Table 2:111 - Definition of TPML_TAGGED_PCR_PROPERTY Structure -UINT16 -TPML_TAGGED_PCR_PROPERTY_Marshal(TPML_TAGGED_PCR_PROPERTY *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + UINT32_Marshal((UINT32 *)&(source->count), buffer, size)); - result = (UINT16)(result + TPMS_TAGGED_PCR_SELECT_Array_Marshal((TPMS_TAGGED_PCR_SELECT *)(source->pcrProperty), buffer, size, (INT32)(source->count))); - return result; -} - -// Table 2:112 - Definition of TPML_ECC_CURVE Structure -#if ALG_ECC -UINT16 -TPML_ECC_CURVE_Marshal(TPML_ECC_CURVE *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + UINT32_Marshal((UINT32 *)&(source->count), buffer, size)); - result = (UINT16)(result + TPM_ECC_CURVE_Array_Marshal((TPM_ECC_CURVE *)(source->eccCurves), buffer, size, (INT32)(source->count))); - return result; -} -#endif // ALG_ECC - -// Table 2:113 - Definition of TPML_TAGGED_POLICY Structure -UINT16 -TPML_TAGGED_POLICY_Marshal(TPML_TAGGED_POLICY *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + UINT32_Marshal((UINT32 *)&(source->count), buffer, size)); - result = (UINT16)(result + TPMS_TAGGED_POLICY_Array_Marshal((TPMS_TAGGED_POLICY *)(source->policies), buffer, size, (INT32)(source->count))); - return result; -} - -// Table 2:114 - Definition of TPMU_CAPABILITIES Union -UINT16 -TPMU_CAPABILITIES_Marshal(TPMU_CAPABILITIES *source, BYTE **buffer, INT32 *size, UINT32 selector) -{ - switch(selector) { - case TPM_CAP_ALGS: - return TPML_ALG_PROPERTY_Marshal((TPML_ALG_PROPERTY *)&(source->algorithms), buffer, size); - case TPM_CAP_HANDLES: - return TPML_HANDLE_Marshal((TPML_HANDLE *)&(source->handles), buffer, size); - case TPM_CAP_COMMANDS: - return TPML_CCA_Marshal((TPML_CCA *)&(source->command), buffer, size); - case TPM_CAP_PP_COMMANDS: - return TPML_CC_Marshal((TPML_CC *)&(source->ppCommands), buffer, size); - case TPM_CAP_AUDIT_COMMANDS: - return TPML_CC_Marshal((TPML_CC *)&(source->auditCommands), buffer, size); - case TPM_CAP_PCRS: - return TPML_PCR_SELECTION_Marshal((TPML_PCR_SELECTION *)&(source->assignedPCR), buffer, size); - case TPM_CAP_TPM_PROPERTIES: - return TPML_TAGGED_TPM_PROPERTY_Marshal((TPML_TAGGED_TPM_PROPERTY *)&(source->tpmProperties), buffer, size); - case TPM_CAP_PCR_PROPERTIES: - return TPML_TAGGED_PCR_PROPERTY_Marshal((TPML_TAGGED_PCR_PROPERTY *)&(source->pcrProperties), buffer, size); -#if ALG_ECC - case TPM_CAP_ECC_CURVES: - return TPML_ECC_CURVE_Marshal((TPML_ECC_CURVE *)&(source->eccCurves), buffer, size); -#endif // ALG_ECC - case TPM_CAP_AUTH_POLICIES: - return TPML_TAGGED_POLICY_Marshal((TPML_TAGGED_POLICY *)&(source->authPolicies), buffer, size); - } - return 0; -} - -// Table 2:115 - Definition of TPMS_CAPABILITY_DATA Structure -UINT16 -TPMS_CAPABILITY_DATA_Marshal(TPMS_CAPABILITY_DATA *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + TPM_CAP_Marshal((TPM_CAP *)&(source->capability), buffer, size)); - result = (UINT16)(result + TPMU_CAPABILITIES_Marshal((TPMU_CAPABILITIES *)&(source->data), buffer, size, (UINT32)source->capability)); - return result; -} - -// Table 2:116 - Definition of TPMS_CLOCK_INFO Structure -TPM_RC -TPMS_CLOCK_INFO_Unmarshal(TPMS_CLOCK_INFO *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = UINT64_Unmarshal((UINT64 *)&(target->clock), buffer, size); - if(result == TPM_RC_SUCCESS) - result = UINT32_Unmarshal((UINT32 *)&(target->resetCount), buffer, size); - if(result == TPM_RC_SUCCESS) - result = UINT32_Unmarshal((UINT32 *)&(target->restartCount), buffer, size); - if(result == TPM_RC_SUCCESS) - result = TPMI_YES_NO_Unmarshal((TPMI_YES_NO *)&(target->safe), buffer, size); - return result; -} -UINT16 -TPMS_CLOCK_INFO_Marshal(TPMS_CLOCK_INFO *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + UINT64_Marshal((UINT64 *)&(source->clock), buffer, size)); - result = (UINT16)(result + UINT32_Marshal((UINT32 *)&(source->resetCount), buffer, size)); - result = (UINT16)(result + UINT32_Marshal((UINT32 *)&(source->restartCount), buffer, size)); - result = (UINT16)(result + TPMI_YES_NO_Marshal((TPMI_YES_NO *)&(source->safe), buffer, size)); - return result; -} - -// Table 2:117 - Definition of TPMS_TIME_INFO Structure -TPM_RC -TPMS_TIME_INFO_Unmarshal(TPMS_TIME_INFO *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = UINT64_Unmarshal((UINT64 *)&(target->time), buffer, size); - if(result == TPM_RC_SUCCESS) - result = TPMS_CLOCK_INFO_Unmarshal((TPMS_CLOCK_INFO *)&(target->clockInfo), buffer, size); - return result; -} -UINT16 -TPMS_TIME_INFO_Marshal(TPMS_TIME_INFO *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + UINT64_Marshal((UINT64 *)&(source->time), buffer, size)); - result = (UINT16)(result + TPMS_CLOCK_INFO_Marshal((TPMS_CLOCK_INFO *)&(source->clockInfo), buffer, size)); - return result; -} - -// Table 2:118 - Definition of TPMS_TIME_ATTEST_INFO Structure -UINT16 -TPMS_TIME_ATTEST_INFO_Marshal(TPMS_TIME_ATTEST_INFO *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + TPMS_TIME_INFO_Marshal((TPMS_TIME_INFO *)&(source->time), buffer, size)); - result = (UINT16)(result + UINT64_Marshal((UINT64 *)&(source->firmwareVersion), buffer, size)); - return result; -} - -// Table 2:119 - Definition of TPMS_CERTIFY_INFO Structure -UINT16 -TPMS_CERTIFY_INFO_Marshal(TPMS_CERTIFY_INFO *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + TPM2B_NAME_Marshal((TPM2B_NAME *)&(source->name), buffer, size)); - result = (UINT16)(result + TPM2B_NAME_Marshal((TPM2B_NAME *)&(source->qualifiedName), buffer, size)); - return result; -} - -// Table 2:120 - Definition of TPMS_QUOTE_INFO Structure -UINT16 -TPMS_QUOTE_INFO_Marshal(TPMS_QUOTE_INFO *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + TPML_PCR_SELECTION_Marshal((TPML_PCR_SELECTION *)&(source->pcrSelect), buffer, size)); - result = (UINT16)(result + TPM2B_DIGEST_Marshal((TPM2B_DIGEST *)&(source->pcrDigest), buffer, size)); - return result; -} - -// Table 2:121 - Definition of TPMS_COMMAND_AUDIT_INFO Structure -UINT16 -TPMS_COMMAND_AUDIT_INFO_Marshal(TPMS_COMMAND_AUDIT_INFO *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + UINT64_Marshal((UINT64 *)&(source->auditCounter), buffer, size)); - result = (UINT16)(result + TPM_ALG_ID_Marshal((TPM_ALG_ID *)&(source->digestAlg), buffer, size)); - result = (UINT16)(result + TPM2B_DIGEST_Marshal((TPM2B_DIGEST *)&(source->auditDigest), buffer, size)); - result = (UINT16)(result + TPM2B_DIGEST_Marshal((TPM2B_DIGEST *)&(source->commandDigest), buffer, size)); - return result; -} - -// Table 2:122 - Definition of TPMS_SESSION_AUDIT_INFO Structure -UINT16 -TPMS_SESSION_AUDIT_INFO_Marshal(TPMS_SESSION_AUDIT_INFO *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + TPMI_YES_NO_Marshal((TPMI_YES_NO *)&(source->exclusiveSession), buffer, size)); - result = (UINT16)(result + TPM2B_DIGEST_Marshal((TPM2B_DIGEST *)&(source->sessionDigest), buffer, size)); - return result; -} - -// Table 2:123 - Definition of TPMS_CREATION_INFO Structure -UINT16 -TPMS_CREATION_INFO_Marshal(TPMS_CREATION_INFO *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + TPM2B_NAME_Marshal((TPM2B_NAME *)&(source->objectName), buffer, size)); - result = (UINT16)(result + TPM2B_DIGEST_Marshal((TPM2B_DIGEST *)&(source->creationHash), buffer, size)); - return result; -} - -// Table 2:124 - Definition of TPMS_NV_CERTIFY_INFO Structure -UINT16 -TPMS_NV_CERTIFY_INFO_Marshal(TPMS_NV_CERTIFY_INFO *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + TPM2B_NAME_Marshal((TPM2B_NAME *)&(source->indexName), buffer, size)); - result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->offset), buffer, size)); - result = (UINT16)(result + TPM2B_MAX_NV_BUFFER_Marshal((TPM2B_MAX_NV_BUFFER *)&(source->nvContents), buffer, size)); - return result; -} - -// Table 2:125 - Definition of TPMS_NV_DIGEST_CERTIFY_INFO Structure -UINT16 -TPMS_NV_DIGEST_CERTIFY_INFO_Marshal(TPMS_NV_DIGEST_CERTIFY_INFO *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + TPM2B_NAME_Marshal((TPM2B_NAME *)&(source->indexName), buffer, size)); - result = (UINT16)(result + TPM2B_DIGEST_Marshal((TPM2B_DIGEST *)&(source->nvDigest), buffer, size)); - return result; -} - -// Table 2:126 - Definition of TPMI_ST_ATTEST Type -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_ST_ATTEST_Marshal(TPMI_ST_ATTEST *source, BYTE **buffer, INT32 *size) -{ - return TPM_ST_Marshal((TPM_ST *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:127 - Definition of TPMU_ATTEST Union -UINT16 -TPMU_ATTEST_Marshal(TPMU_ATTEST *source, BYTE **buffer, INT32 *size, UINT32 selector) -{ - switch(selector) { - case TPM_ST_ATTEST_CERTIFY: - return TPMS_CERTIFY_INFO_Marshal((TPMS_CERTIFY_INFO *)&(source->certify), buffer, size); - case TPM_ST_ATTEST_CREATION: - return TPMS_CREATION_INFO_Marshal((TPMS_CREATION_INFO *)&(source->creation), buffer, size); - case TPM_ST_ATTEST_QUOTE: - return TPMS_QUOTE_INFO_Marshal((TPMS_QUOTE_INFO *)&(source->quote), buffer, size); - case TPM_ST_ATTEST_COMMAND_AUDIT: - return TPMS_COMMAND_AUDIT_INFO_Marshal((TPMS_COMMAND_AUDIT_INFO *)&(source->commandAudit), buffer, size); - case TPM_ST_ATTEST_SESSION_AUDIT: - return TPMS_SESSION_AUDIT_INFO_Marshal((TPMS_SESSION_AUDIT_INFO *)&(source->sessionAudit), buffer, size); - case TPM_ST_ATTEST_TIME: - return TPMS_TIME_ATTEST_INFO_Marshal((TPMS_TIME_ATTEST_INFO *)&(source->time), buffer, size); - case TPM_ST_ATTEST_NV: - return TPMS_NV_CERTIFY_INFO_Marshal((TPMS_NV_CERTIFY_INFO *)&(source->nv), buffer, size); - case TPM_ST_ATTEST_NV_DIGEST: - return TPMS_NV_DIGEST_CERTIFY_INFO_Marshal((TPMS_NV_DIGEST_CERTIFY_INFO *)&(source->nvDigest), buffer, size); - } - return 0; -} - -// Table 2:128 - Definition of TPMS_ATTEST Structure -UINT16 -TPMS_ATTEST_Marshal(TPMS_ATTEST *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + TPM_GENERATED_Marshal((TPM_GENERATED *)&(source->magic), buffer, size)); - result = (UINT16)(result + TPMI_ST_ATTEST_Marshal((TPMI_ST_ATTEST *)&(source->type), buffer, size)); - result = (UINT16)(result + TPM2B_NAME_Marshal((TPM2B_NAME *)&(source->qualifiedSigner), buffer, size)); - result = (UINT16)(result + TPM2B_DATA_Marshal((TPM2B_DATA *)&(source->extraData), buffer, size)); - result = (UINT16)(result + TPMS_CLOCK_INFO_Marshal((TPMS_CLOCK_INFO *)&(source->clockInfo), buffer, size)); - result = (UINT16)(result + UINT64_Marshal((UINT64 *)&(source->firmwareVersion), buffer, size)); - result = (UINT16)(result + TPMU_ATTEST_Marshal((TPMU_ATTEST *)&(source->attested), buffer, size, (UINT32)source->type)); - return result; -} - -// Table 2:129 - Definition of TPM2B_ATTEST Structure -UINT16 -TPM2B_ATTEST_Marshal(TPM2B_ATTEST *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->t.size), buffer, size)); - // if size equal to 0, the rest of the structure is a zero buffer. Stop processing - if(source->t.size == 0) - return result; - result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->t.attestationData), buffer, size, (INT32)(source->t.size))); - return result; -} - -// Table 2:130 - Definition of TPMS_AUTH_COMMAND Structure -TPM_RC -TPMS_AUTH_COMMAND_Unmarshal(TPMS_AUTH_COMMAND *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = TPMI_SH_AUTH_SESSION_Unmarshal((TPMI_SH_AUTH_SESSION *)&(target->sessionHandle), buffer, size, 1); - if(result == TPM_RC_SUCCESS) - result = TPM2B_NONCE_Unmarshal((TPM2B_NONCE *)&(target->nonce), buffer, size); - if(result == TPM_RC_SUCCESS) - result = TPMA_SESSION_Unmarshal((TPMA_SESSION *)&(target->sessionAttributes), buffer, size); - if(result == TPM_RC_SUCCESS) - result = TPM2B_AUTH_Unmarshal((TPM2B_AUTH *)&(target->hmac), buffer, size); - return result; -} - -// Table 2:131 - Definition of TPMS_AUTH_RESPONSE Structure -UINT16 -TPMS_AUTH_RESPONSE_Marshal(TPMS_AUTH_RESPONSE *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + TPM2B_NONCE_Marshal((TPM2B_NONCE *)&(source->nonce), buffer, size)); - result = (UINT16)(result + TPMA_SESSION_Marshal((TPMA_SESSION *)&(source->sessionAttributes), buffer, size)); - result = (UINT16)(result + TPM2B_AUTH_Marshal((TPM2B_AUTH *)&(source->hmac), buffer, size)); - return result; -} - -// Table 2:132 - Definition of TPMI_TDES_KEY_BITS Type -#if ALG_TDES -TPM_RC -TPMI_TDES_KEY_BITS_Unmarshal(TPMI_TDES_KEY_BITS *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = TPM_KEY_BITS_Unmarshal((TPM_KEY_BITS *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - switch (*target) - { -#if TDES_128 - case 128: -#endif // TDES_128 -#if TDES_192 - case 192: -#endif // TDES_192 - break; - default: - result = TPM_RC_VALUE; - break; - } - } - return result; -} -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_TDES_KEY_BITS_Marshal(TPMI_TDES_KEY_BITS *source, BYTE **buffer, INT32 *size) -{ - return TPM_KEY_BITS_Marshal((TPM_KEY_BITS *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES -#endif // ALG_TDES - -// Table 2:132 - Definition of TPMI_AES_KEY_BITS Type -#if ALG_AES -TPM_RC -TPMI_AES_KEY_BITS_Unmarshal(TPMI_AES_KEY_BITS *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = TPM_KEY_BITS_Unmarshal((TPM_KEY_BITS *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - switch (*target) - { -#if AES_128 - case 128: -#endif // AES_128 -#if AES_192 - case 192: -#endif // AES_192 -#if AES_256 - case 256: -#endif // AES_256 - break; - default: - result = TPM_RC_VALUE; - break; - } - } - return result; -} -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_AES_KEY_BITS_Marshal(TPMI_AES_KEY_BITS *source, BYTE **buffer, INT32 *size) -{ - return TPM_KEY_BITS_Marshal((TPM_KEY_BITS *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES -#endif // ALG_AES - -// Table 2:132 - Definition of TPMI_SM4_KEY_BITS Type -#if ALG_SM4 -TPM_RC -TPMI_SM4_KEY_BITS_Unmarshal(TPMI_SM4_KEY_BITS *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = TPM_KEY_BITS_Unmarshal((TPM_KEY_BITS *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - switch (*target) - { -#if SM4_128 - case 128: -#endif // SM4_128 - break; - default: - result = TPM_RC_VALUE; - break; - } - } - return result; -} -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_SM4_KEY_BITS_Marshal(TPMI_SM4_KEY_BITS *source, BYTE **buffer, INT32 *size) -{ - return TPM_KEY_BITS_Marshal((TPM_KEY_BITS *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES -#endif // ALG_SM4 - -// Table 2:132 - Definition of TPMI_CAMELLIA_KEY_BITS Type -#if ALG_CAMELLIA -TPM_RC -TPMI_CAMELLIA_KEY_BITS_Unmarshal(TPMI_CAMELLIA_KEY_BITS *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = TPM_KEY_BITS_Unmarshal((TPM_KEY_BITS *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - switch (*target) - { -#if CAMELLIA_128 - case 128: -#endif // CAMELLIA_128 -#if CAMELLIA_192 - case 192: -#endif // CAMELLIA_192 -#if CAMELLIA_256 - case 256: -#endif // CAMELLIA_256 - break; - default: - result = TPM_RC_VALUE; - break; - } - } - return result; -} -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_CAMELLIA_KEY_BITS_Marshal(TPMI_CAMELLIA_KEY_BITS *source, BYTE **buffer, INT32 *size) -{ - return TPM_KEY_BITS_Marshal((TPM_KEY_BITS *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES -#endif // ALG_CAMELLIA - -// Table 2:133 - Definition of TPMU_SYM_KEY_BITS Union -TPM_RC -TPMU_SYM_KEY_BITS_Unmarshal(TPMU_SYM_KEY_BITS *target, BYTE **buffer, INT32 *size, UINT32 selector) -{ - switch(selector) { -#if ALG_TDES - case ALG_TDES_VALUE: - return TPMI_TDES_KEY_BITS_Unmarshal((TPMI_TDES_KEY_BITS *)&(target->tdes), buffer, size); -#endif // ALG_TDES -#if ALG_AES - case ALG_AES_VALUE: - return TPMI_AES_KEY_BITS_Unmarshal((TPMI_AES_KEY_BITS *)&(target->aes), buffer, size); -#endif // ALG_AES -#if ALG_SM4 - case ALG_SM4_VALUE: - return TPMI_SM4_KEY_BITS_Unmarshal((TPMI_SM4_KEY_BITS *)&(target->sm4), buffer, size); -#endif // ALG_SM4 -#if ALG_CAMELLIA - case ALG_CAMELLIA_VALUE: - return TPMI_CAMELLIA_KEY_BITS_Unmarshal((TPMI_CAMELLIA_KEY_BITS *)&(target->camellia), buffer, size); -#endif // ALG_CAMELLIA -#if ALG_XOR - case ALG_XOR_VALUE: - return TPMI_ALG_HASH_Unmarshal((TPMI_ALG_HASH *)&(target->xor), buffer, size, 0); -#endif // ALG_XOR - case ALG_NULL_VALUE: - return TPM_RC_SUCCESS; - } - return TPM_RC_SELECTOR; -} -UINT16 -TPMU_SYM_KEY_BITS_Marshal(TPMU_SYM_KEY_BITS *source, BYTE **buffer, INT32 *size, UINT32 selector) -{ - switch(selector) { -#if ALG_TDES - case ALG_TDES_VALUE: - return TPMI_TDES_KEY_BITS_Marshal((TPMI_TDES_KEY_BITS *)&(source->tdes), buffer, size); -#endif // ALG_TDES -#if ALG_AES - case ALG_AES_VALUE: - return TPMI_AES_KEY_BITS_Marshal((TPMI_AES_KEY_BITS *)&(source->aes), buffer, size); -#endif // ALG_AES -#if ALG_SM4 - case ALG_SM4_VALUE: - return TPMI_SM4_KEY_BITS_Marshal((TPMI_SM4_KEY_BITS *)&(source->sm4), buffer, size); -#endif // ALG_SM4 -#if ALG_CAMELLIA - case ALG_CAMELLIA_VALUE: - return TPMI_CAMELLIA_KEY_BITS_Marshal((TPMI_CAMELLIA_KEY_BITS *)&(source->camellia), buffer, size); -#endif // ALG_CAMELLIA -#if ALG_XOR - case ALG_XOR_VALUE: - return TPMI_ALG_HASH_Marshal((TPMI_ALG_HASH *)&(source->xor), buffer, size); -#endif // ALG_XOR - case ALG_NULL_VALUE: - return 0; - } - return 0; -} - -// Table 2:134 - Definition of TPMU_SYM_MODE Union -TPM_RC -TPMU_SYM_MODE_Unmarshal(TPMU_SYM_MODE *target, BYTE **buffer, INT32 *size, UINT32 selector) -{ - switch(selector) { -#if ALG_TDES - case ALG_TDES_VALUE: - return TPMI_ALG_SYM_MODE_Unmarshal((TPMI_ALG_SYM_MODE *)&(target->tdes), buffer, size, 1); -#endif // ALG_TDES -#if ALG_AES - case ALG_AES_VALUE: - return TPMI_ALG_SYM_MODE_Unmarshal((TPMI_ALG_SYM_MODE *)&(target->aes), buffer, size, 1); -#endif // ALG_AES -#if ALG_SM4 - case ALG_SM4_VALUE: - return TPMI_ALG_SYM_MODE_Unmarshal((TPMI_ALG_SYM_MODE *)&(target->sm4), buffer, size, 1); -#endif // ALG_SM4 -#if ALG_CAMELLIA - case ALG_CAMELLIA_VALUE: - return TPMI_ALG_SYM_MODE_Unmarshal((TPMI_ALG_SYM_MODE *)&(target->camellia), buffer, size, 1); -#endif // ALG_CAMELLIA -#if ALG_XOR - case ALG_XOR_VALUE: - return TPM_RC_SUCCESS; -#endif // ALG_XOR - case ALG_NULL_VALUE: - return TPM_RC_SUCCESS; - } - return TPM_RC_SELECTOR; -} -UINT16 -TPMU_SYM_MODE_Marshal(TPMU_SYM_MODE *source, BYTE **buffer, INT32 *size, UINT32 selector) -{ - switch(selector) { -#if ALG_TDES - case ALG_TDES_VALUE: - return TPMI_ALG_SYM_MODE_Marshal((TPMI_ALG_SYM_MODE *)&(source->tdes), buffer, size); -#endif // ALG_TDES -#if ALG_AES - case ALG_AES_VALUE: - return TPMI_ALG_SYM_MODE_Marshal((TPMI_ALG_SYM_MODE *)&(source->aes), buffer, size); -#endif // ALG_AES -#if ALG_SM4 - case ALG_SM4_VALUE: - return TPMI_ALG_SYM_MODE_Marshal((TPMI_ALG_SYM_MODE *)&(source->sm4), buffer, size); -#endif // ALG_SM4 -#if ALG_CAMELLIA - case ALG_CAMELLIA_VALUE: - return TPMI_ALG_SYM_MODE_Marshal((TPMI_ALG_SYM_MODE *)&(source->camellia), buffer, size); -#endif // ALG_CAMELLIA -#if ALG_XOR - case ALG_XOR_VALUE: - return 0; -#endif // ALG_XOR - case ALG_NULL_VALUE: - return 0; - } - return 0; -} - -// Table 2:136 - Definition of TPMT_SYM_DEF Structure -TPM_RC -TPMT_SYM_DEF_Unmarshal(TPMT_SYM_DEF *target, BYTE **buffer, INT32 *size, BOOL flag) -{ - TPM_RC result; - result = TPMI_ALG_SYM_Unmarshal((TPMI_ALG_SYM *)&(target->algorithm), buffer, size, flag); - if(result == TPM_RC_SUCCESS) - result = TPMU_SYM_KEY_BITS_Unmarshal((TPMU_SYM_KEY_BITS *)&(target->keyBits), buffer, size, (UINT32)target->algorithm); - if(result == TPM_RC_SUCCESS) - result = TPMU_SYM_MODE_Unmarshal((TPMU_SYM_MODE *)&(target->mode), buffer, size, (UINT32)target->algorithm); - return result; -} -UINT16 -TPMT_SYM_DEF_Marshal(TPMT_SYM_DEF *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + TPMI_ALG_SYM_Marshal((TPMI_ALG_SYM *)&(source->algorithm), buffer, size)); - result = (UINT16)(result + TPMU_SYM_KEY_BITS_Marshal((TPMU_SYM_KEY_BITS *)&(source->keyBits), buffer, size, (UINT32)source->algorithm)); - result = (UINT16)(result + TPMU_SYM_MODE_Marshal((TPMU_SYM_MODE *)&(source->mode), buffer, size, (UINT32)source->algorithm)); - return result; -} - -// Table 2:137 - Definition of TPMT_SYM_DEF_OBJECT Structure -TPM_RC -TPMT_SYM_DEF_OBJECT_Unmarshal(TPMT_SYM_DEF_OBJECT *target, BYTE **buffer, INT32 *size, BOOL flag) -{ - TPM_RC result; - result = TPMI_ALG_SYM_OBJECT_Unmarshal((TPMI_ALG_SYM_OBJECT *)&(target->algorithm), buffer, size, flag); - if(result == TPM_RC_SUCCESS) - result = TPMU_SYM_KEY_BITS_Unmarshal((TPMU_SYM_KEY_BITS *)&(target->keyBits), buffer, size, (UINT32)target->algorithm); - if(result == TPM_RC_SUCCESS) - result = TPMU_SYM_MODE_Unmarshal((TPMU_SYM_MODE *)&(target->mode), buffer, size, (UINT32)target->algorithm); - return result; -} -UINT16 -TPMT_SYM_DEF_OBJECT_Marshal(TPMT_SYM_DEF_OBJECT *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + TPMI_ALG_SYM_OBJECT_Marshal((TPMI_ALG_SYM_OBJECT *)&(source->algorithm), buffer, size)); - result = (UINT16)(result + TPMU_SYM_KEY_BITS_Marshal((TPMU_SYM_KEY_BITS *)&(source->keyBits), buffer, size, (UINT32)source->algorithm)); - result = (UINT16)(result + TPMU_SYM_MODE_Marshal((TPMU_SYM_MODE *)&(source->mode), buffer, size, (UINT32)source->algorithm)); - return result; -} - -// Table 2:138 - Definition of TPM2B_SYM_KEY Structure -TPM_RC -TPM2B_SYM_KEY_Unmarshal(TPM2B_SYM_KEY *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = UINT16_Unmarshal((UINT16 *)&(target->t.size), buffer, size); - if(result == TPM_RC_SUCCESS) - { - if((target->t.size) > MAX_SYM_KEY_BYTES) - result = TPM_RC_SIZE; - else - result = BYTE_Array_Unmarshal((BYTE *)(target->t.buffer), buffer, size, (INT32)(target->t.size)); - } - return result; -} -UINT16 -TPM2B_SYM_KEY_Marshal(TPM2B_SYM_KEY *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->t.size), buffer, size)); - // if size equal to 0, the rest of the structure is a zero buffer. Stop processing - if(source->t.size == 0) - return result; - result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->t.buffer), buffer, size, (INT32)(source->t.size))); - return result; -} - -// Table 2:139 - Definition of TPMS_SYMCIPHER_PARMS Structure -TPM_RC -TPMS_SYMCIPHER_PARMS_Unmarshal(TPMS_SYMCIPHER_PARMS *target, BYTE **buffer, INT32 *size) -{ - return TPMT_SYM_DEF_OBJECT_Unmarshal((TPMT_SYM_DEF_OBJECT *)&(target->sym), buffer, size, 0); -} -UINT16 -TPMS_SYMCIPHER_PARMS_Marshal(TPMS_SYMCIPHER_PARMS *source, BYTE **buffer, INT32 *size) -{ - return TPMT_SYM_DEF_OBJECT_Marshal((TPMT_SYM_DEF_OBJECT *)&(source->sym), buffer, size); -} - -// Table 2:140 - Definition of TPM2B_LABEL Structure -TPM_RC -TPM2B_LABEL_Unmarshal(TPM2B_LABEL *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = UINT16_Unmarshal((UINT16 *)&(target->t.size), buffer, size); - if(result == TPM_RC_SUCCESS) - { - if((target->t.size) > LABEL_MAX_BUFFER) - result = TPM_RC_SIZE; - else - result = BYTE_Array_Unmarshal((BYTE *)(target->t.buffer), buffer, size, (INT32)(target->t.size)); - } - return result; -} -UINT16 -TPM2B_LABEL_Marshal(TPM2B_LABEL *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->t.size), buffer, size)); - // if size equal to 0, the rest of the structure is a zero buffer. Stop processing - if(source->t.size == 0) - return result; - result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->t.buffer), buffer, size, (INT32)(source->t.size))); - return result; -} - -// Table 2:141 - Definition of TPMS_DERIVE Structure -TPM_RC -TPMS_DERIVE_Unmarshal(TPMS_DERIVE *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = TPM2B_LABEL_Unmarshal((TPM2B_LABEL *)&(target->label), buffer, size); - if(result == TPM_RC_SUCCESS) - result = TPM2B_LABEL_Unmarshal((TPM2B_LABEL *)&(target->context), buffer, size); - return result; -} -UINT16 -TPMS_DERIVE_Marshal(TPMS_DERIVE *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + TPM2B_LABEL_Marshal((TPM2B_LABEL *)&(source->label), buffer, size)); - result = (UINT16)(result + TPM2B_LABEL_Marshal((TPM2B_LABEL *)&(source->context), buffer, size)); - return result; -} - -// Table 2:142 - Definition of TPM2B_DERIVE Structure -TPM_RC -TPM2B_DERIVE_Unmarshal(TPM2B_DERIVE *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = UINT16_Unmarshal((UINT16 *)&(target->t.size), buffer, size); - if(result == TPM_RC_SUCCESS) - { - if((target->t.size) > sizeof(TPMS_DERIVE)) - result = TPM_RC_SIZE; - else - result = BYTE_Array_Unmarshal((BYTE *)(target->t.buffer), buffer, size, (INT32)(target->t.size)); - } - return result; -} -UINT16 -TPM2B_DERIVE_Marshal(TPM2B_DERIVE *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->t.size), buffer, size)); - // if size equal to 0, the rest of the structure is a zero buffer. Stop processing - if(source->t.size == 0) - return result; - result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->t.buffer), buffer, size, (INT32)(source->t.size))); - return result; -} - -// Table 2:143 - Definition of TPMU_SENSITIVE_CREATE Union -// Table 2:144 - Definition of TPM2B_SENSITIVE_DATA Structure -TPM_RC -TPM2B_SENSITIVE_DATA_Unmarshal(TPM2B_SENSITIVE_DATA *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = UINT16_Unmarshal((UINT16 *)&(target->t.size), buffer, size); - if(result == TPM_RC_SUCCESS) - { - if((target->t.size) > sizeof(TPMU_SENSITIVE_CREATE)) - result = TPM_RC_SIZE; - else - result = BYTE_Array_Unmarshal((BYTE *)(target->t.buffer), buffer, size, (INT32)(target->t.size)); - } - return result; -} -UINT16 -TPM2B_SENSITIVE_DATA_Marshal(TPM2B_SENSITIVE_DATA *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->t.size), buffer, size)); - // if size equal to 0, the rest of the structure is a zero buffer. Stop processing - if(source->t.size == 0) - return result; - result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->t.buffer), buffer, size, (INT32)(source->t.size))); - return result; -} - -// Table 2:145 - Definition of TPMS_SENSITIVE_CREATE Structure -TPM_RC -TPMS_SENSITIVE_CREATE_Unmarshal(TPMS_SENSITIVE_CREATE *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = TPM2B_AUTH_Unmarshal((TPM2B_AUTH *)&(target->userAuth), buffer, size); - if(result == TPM_RC_SUCCESS) - result = TPM2B_SENSITIVE_DATA_Unmarshal((TPM2B_SENSITIVE_DATA *)&(target->data), buffer, size); - return result; -} - -// Table 2:146 - Definition of TPM2B_SENSITIVE_CREATE Structure -TPM_RC -TPM2B_SENSITIVE_CREATE_Unmarshal(TPM2B_SENSITIVE_CREATE *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = UINT16_Unmarshal((UINT16 *)&(target->size), buffer, size); // =a - if(result == TPM_RC_SUCCESS) - { - // if size is zero, then the required structure is missing - if(target->size == 0) - result = TPM_RC_SIZE; - else - { - INT32 startSize = *size; - result = TPMS_SENSITIVE_CREATE_Unmarshal((TPMS_SENSITIVE_CREATE *)&(target->sensitive), buffer, size); // =b - if(result == TPM_RC_SUCCESS) - { - if(target->size != (startSize - *size)) - result = TPM_RC_SIZE; - } - } - } - return result; -} - -// Table 2:147 - Definition of TPMS_SCHEME_HASH Structure -TPM_RC -TPMS_SCHEME_HASH_Unmarshal(TPMS_SCHEME_HASH *target, BYTE **buffer, INT32 *size) -{ - return TPMI_ALG_HASH_Unmarshal((TPMI_ALG_HASH *)&(target->hashAlg), buffer, size, 0); -} -UINT16 -TPMS_SCHEME_HASH_Marshal(TPMS_SCHEME_HASH *source, BYTE **buffer, INT32 *size) -{ - return TPMI_ALG_HASH_Marshal((TPMI_ALG_HASH *)&(source->hashAlg), buffer, size); -} - -// Table 2:148 - Definition of TPMS_SCHEME_ECDAA Structure -#if ALG_ECC -TPM_RC -TPMS_SCHEME_ECDAA_Unmarshal(TPMS_SCHEME_ECDAA *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = TPMI_ALG_HASH_Unmarshal((TPMI_ALG_HASH *)&(target->hashAlg), buffer, size, 0); - if(result == TPM_RC_SUCCESS) - result = UINT16_Unmarshal((UINT16 *)&(target->count), buffer, size); - return result; -} -UINT16 -TPMS_SCHEME_ECDAA_Marshal(TPMS_SCHEME_ECDAA *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + TPMI_ALG_HASH_Marshal((TPMI_ALG_HASH *)&(source->hashAlg), buffer, size)); - result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->count), buffer, size)); - return result; -} -#endif // ALG_ECC - -// Table 2:149 - Definition of TPMI_ALG_KEYEDHASH_SCHEME Type -TPM_RC -TPMI_ALG_KEYEDHASH_SCHEME_Unmarshal(TPMI_ALG_KEYEDHASH_SCHEME *target, BYTE **buffer, INT32 *size, BOOL flag) -{ - TPM_RC result; - result = TPM_ALG_ID_Unmarshal((TPM_ALG_ID *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - switch (*target) - { -#if ALG_HMAC - case ALG_HMAC_VALUE: -#endif // ALG_HMAC -#if ALG_XOR - case ALG_XOR_VALUE: -#endif // ALG_XOR - break; - case ALG_NULL_VALUE: - if(!flag) - result = TPM_RC_VALUE; - break; - default: - result = TPM_RC_VALUE; - break; - } - } - return result; -} -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_ALG_KEYEDHASH_SCHEME_Marshal(TPMI_ALG_KEYEDHASH_SCHEME *source, BYTE **buffer, INT32 *size) -{ - return TPM_ALG_ID_Marshal((TPM_ALG_ID *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:150 - Definition of Types for HMAC_SIG_SCHEME -#if !USE_MARSHALING_DEFINES -TPM_RC -TPMS_SCHEME_HMAC_Unmarshal(TPMS_SCHEME_HMAC *target, BYTE **buffer, INT32 *size) -{ - return TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)target, buffer, size); -} -UINT16 -TPMS_SCHEME_HMAC_Marshal(TPMS_SCHEME_HMAC *source, BYTE **buffer, INT32 *size) -{ - return TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:151 - Definition of TPMS_SCHEME_XOR Structure -TPM_RC -TPMS_SCHEME_XOR_Unmarshal(TPMS_SCHEME_XOR *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = TPMI_ALG_HASH_Unmarshal((TPMI_ALG_HASH *)&(target->hashAlg), buffer, size, 0); - if(result == TPM_RC_SUCCESS) - result = TPMI_ALG_KDF_Unmarshal((TPMI_ALG_KDF *)&(target->kdf), buffer, size, 1); - return result; -} -UINT16 -TPMS_SCHEME_XOR_Marshal(TPMS_SCHEME_XOR *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + TPMI_ALG_HASH_Marshal((TPMI_ALG_HASH *)&(source->hashAlg), buffer, size)); - result = (UINT16)(result + TPMI_ALG_KDF_Marshal((TPMI_ALG_KDF *)&(source->kdf), buffer, size)); - return result; -} - -// Table 2:152 - Definition of TPMU_SCHEME_KEYEDHASH Union -TPM_RC -TPMU_SCHEME_KEYEDHASH_Unmarshal(TPMU_SCHEME_KEYEDHASH *target, BYTE **buffer, INT32 *size, UINT32 selector) -{ - switch(selector) { -#if ALG_HMAC - case ALG_HMAC_VALUE: - return TPMS_SCHEME_HMAC_Unmarshal((TPMS_SCHEME_HMAC *)&(target->hmac), buffer, size); -#endif // ALG_HMAC -#if ALG_XOR - case ALG_XOR_VALUE: - return TPMS_SCHEME_XOR_Unmarshal((TPMS_SCHEME_XOR *)&(target->xor), buffer, size); -#endif // ALG_XOR - case ALG_NULL_VALUE: - return TPM_RC_SUCCESS; - } - return TPM_RC_SELECTOR; -} -UINT16 -TPMU_SCHEME_KEYEDHASH_Marshal(TPMU_SCHEME_KEYEDHASH *source, BYTE **buffer, INT32 *size, UINT32 selector) -{ - switch(selector) { -#if ALG_HMAC - case ALG_HMAC_VALUE: - return TPMS_SCHEME_HMAC_Marshal((TPMS_SCHEME_HMAC *)&(source->hmac), buffer, size); -#endif // ALG_HMAC -#if ALG_XOR - case ALG_XOR_VALUE: - return TPMS_SCHEME_XOR_Marshal((TPMS_SCHEME_XOR *)&(source->xor), buffer, size); -#endif // ALG_XOR - case ALG_NULL_VALUE: - return 0; - } - return 0; -} - -// Table 2:153 - Definition of TPMT_KEYEDHASH_SCHEME Structure -TPM_RC -TPMT_KEYEDHASH_SCHEME_Unmarshal(TPMT_KEYEDHASH_SCHEME *target, BYTE **buffer, INT32 *size, BOOL flag) -{ - TPM_RC result; - result = TPMI_ALG_KEYEDHASH_SCHEME_Unmarshal((TPMI_ALG_KEYEDHASH_SCHEME *)&(target->scheme), buffer, size, flag); - if(result == TPM_RC_SUCCESS) - result = TPMU_SCHEME_KEYEDHASH_Unmarshal((TPMU_SCHEME_KEYEDHASH *)&(target->details), buffer, size, (UINT32)target->scheme); - return result; -} -UINT16 -TPMT_KEYEDHASH_SCHEME_Marshal(TPMT_KEYEDHASH_SCHEME *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + TPMI_ALG_KEYEDHASH_SCHEME_Marshal((TPMI_ALG_KEYEDHASH_SCHEME *)&(source->scheme), buffer, size)); - result = (UINT16)(result + TPMU_SCHEME_KEYEDHASH_Marshal((TPMU_SCHEME_KEYEDHASH *)&(source->details), buffer, size, (UINT32)source->scheme)); - return result; -} - -// Table 2:154 - Definition of Types for RSA Signature Schemes -#if ALG_RSA -#if !USE_MARSHALING_DEFINES -TPM_RC -TPMS_SIG_SCHEME_RSASSA_Unmarshal(TPMS_SIG_SCHEME_RSASSA *target, BYTE **buffer, INT32 *size) -{ - return TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)target, buffer, size); -} -UINT16 -TPMS_SIG_SCHEME_RSASSA_Marshal(TPMS_SIG_SCHEME_RSASSA *source, BYTE **buffer, INT32 *size) -{ - return TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)source, buffer, size); -} -TPM_RC -TPMS_SIG_SCHEME_RSAPSS_Unmarshal(TPMS_SIG_SCHEME_RSAPSS *target, BYTE **buffer, INT32 *size) -{ - return TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)target, buffer, size); -} -UINT16 -TPMS_SIG_SCHEME_RSAPSS_Marshal(TPMS_SIG_SCHEME_RSAPSS *source, BYTE **buffer, INT32 *size) -{ - return TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES -#endif // ALG_RSA - -// Table 2:155 - Definition of Types for ECC Signature Schemes -#if ALG_ECC -#if !USE_MARSHALING_DEFINES -TPM_RC -TPMS_SIG_SCHEME_ECDSA_Unmarshal(TPMS_SIG_SCHEME_ECDSA *target, BYTE **buffer, INT32 *size) -{ - return TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)target, buffer, size); -} -UINT16 -TPMS_SIG_SCHEME_ECDSA_Marshal(TPMS_SIG_SCHEME_ECDSA *source, BYTE **buffer, INT32 *size) -{ - return TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)source, buffer, size); -} -TPM_RC -TPMS_SIG_SCHEME_SM2_Unmarshal(TPMS_SIG_SCHEME_SM2 *target, BYTE **buffer, INT32 *size) -{ - return TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)target, buffer, size); -} -UINT16 -TPMS_SIG_SCHEME_SM2_Marshal(TPMS_SIG_SCHEME_SM2 *source, BYTE **buffer, INT32 *size) -{ - return TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)source, buffer, size); -} -TPM_RC -TPMS_SIG_SCHEME_ECSCHNORR_Unmarshal(TPMS_SIG_SCHEME_ECSCHNORR *target, BYTE **buffer, INT32 *size) -{ - return TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)target, buffer, size); -} -UINT16 -TPMS_SIG_SCHEME_ECSCHNORR_Marshal(TPMS_SIG_SCHEME_ECSCHNORR *source, BYTE **buffer, INT32 *size) -{ - return TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)source, buffer, size); -} -TPM_RC -TPMS_SIG_SCHEME_ECDAA_Unmarshal(TPMS_SIG_SCHEME_ECDAA *target, BYTE **buffer, INT32 *size) -{ - return TPMS_SCHEME_ECDAA_Unmarshal((TPMS_SCHEME_ECDAA *)target, buffer, size); -} -UINT16 -TPMS_SIG_SCHEME_ECDAA_Marshal(TPMS_SIG_SCHEME_ECDAA *source, BYTE **buffer, INT32 *size) -{ - return TPMS_SCHEME_ECDAA_Marshal((TPMS_SCHEME_ECDAA *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES -#endif // ALG_ECC - -// Table 2:156 - Definition of TPMU_SIG_SCHEME Union -TPM_RC -TPMU_SIG_SCHEME_Unmarshal(TPMU_SIG_SCHEME *target, BYTE **buffer, INT32 *size, UINT32 selector) -{ - switch(selector) { -#if ALG_ECDAA - case ALG_ECDAA_VALUE: - return TPMS_SIG_SCHEME_ECDAA_Unmarshal((TPMS_SIG_SCHEME_ECDAA *)&(target->ecdaa), buffer, size); -#endif // ALG_ECDAA -#if ALG_RSASSA - case ALG_RSASSA_VALUE: - return TPMS_SIG_SCHEME_RSASSA_Unmarshal((TPMS_SIG_SCHEME_RSASSA *)&(target->rsassa), buffer, size); -#endif // ALG_RSASSA -#if ALG_RSAPSS - case ALG_RSAPSS_VALUE: - return TPMS_SIG_SCHEME_RSAPSS_Unmarshal((TPMS_SIG_SCHEME_RSAPSS *)&(target->rsapss), buffer, size); -#endif // ALG_RSAPSS -#if ALG_ECDSA - case ALG_ECDSA_VALUE: - return TPMS_SIG_SCHEME_ECDSA_Unmarshal((TPMS_SIG_SCHEME_ECDSA *)&(target->ecdsa), buffer, size); -#endif // ALG_ECDSA -#if ALG_SM2 - case ALG_SM2_VALUE: - return TPMS_SIG_SCHEME_SM2_Unmarshal((TPMS_SIG_SCHEME_SM2 *)&(target->sm2), buffer, size); -#endif // ALG_SM2 -#if ALG_ECSCHNORR - case ALG_ECSCHNORR_VALUE: - return TPMS_SIG_SCHEME_ECSCHNORR_Unmarshal((TPMS_SIG_SCHEME_ECSCHNORR *)&(target->ecschnorr), buffer, size); -#endif // ALG_ECSCHNORR -#if ALG_HMAC - case ALG_HMAC_VALUE: - return TPMS_SCHEME_HMAC_Unmarshal((TPMS_SCHEME_HMAC *)&(target->hmac), buffer, size); -#endif // ALG_HMAC - case ALG_NULL_VALUE: - return TPM_RC_SUCCESS; - } - return TPM_RC_SELECTOR; -} -UINT16 -TPMU_SIG_SCHEME_Marshal(TPMU_SIG_SCHEME *source, BYTE **buffer, INT32 *size, UINT32 selector) -{ - switch(selector) { -#if ALG_ECDAA - case ALG_ECDAA_VALUE: - return TPMS_SIG_SCHEME_ECDAA_Marshal((TPMS_SIG_SCHEME_ECDAA *)&(source->ecdaa), buffer, size); -#endif // ALG_ECDAA -#if ALG_RSASSA - case ALG_RSASSA_VALUE: - return TPMS_SIG_SCHEME_RSASSA_Marshal((TPMS_SIG_SCHEME_RSASSA *)&(source->rsassa), buffer, size); -#endif // ALG_RSASSA -#if ALG_RSAPSS - case ALG_RSAPSS_VALUE: - return TPMS_SIG_SCHEME_RSAPSS_Marshal((TPMS_SIG_SCHEME_RSAPSS *)&(source->rsapss), buffer, size); -#endif // ALG_RSAPSS -#if ALG_ECDSA - case ALG_ECDSA_VALUE: - return TPMS_SIG_SCHEME_ECDSA_Marshal((TPMS_SIG_SCHEME_ECDSA *)&(source->ecdsa), buffer, size); -#endif // ALG_ECDSA -#if ALG_SM2 - case ALG_SM2_VALUE: - return TPMS_SIG_SCHEME_SM2_Marshal((TPMS_SIG_SCHEME_SM2 *)&(source->sm2), buffer, size); -#endif // ALG_SM2 -#if ALG_ECSCHNORR - case ALG_ECSCHNORR_VALUE: - return TPMS_SIG_SCHEME_ECSCHNORR_Marshal((TPMS_SIG_SCHEME_ECSCHNORR *)&(source->ecschnorr), buffer, size); -#endif // ALG_ECSCHNORR -#if ALG_HMAC - case ALG_HMAC_VALUE: - return TPMS_SCHEME_HMAC_Marshal((TPMS_SCHEME_HMAC *)&(source->hmac), buffer, size); -#endif // ALG_HMAC - case ALG_NULL_VALUE: - return 0; - } - return 0; -} - -// Table 2:157 - Definition of TPMT_SIG_SCHEME Structure -TPM_RC -TPMT_SIG_SCHEME_Unmarshal(TPMT_SIG_SCHEME *target, BYTE **buffer, INT32 *size, BOOL flag) -{ - TPM_RC result; - result = TPMI_ALG_SIG_SCHEME_Unmarshal((TPMI_ALG_SIG_SCHEME *)&(target->scheme), buffer, size, flag); - if(result == TPM_RC_SUCCESS) - result = TPMU_SIG_SCHEME_Unmarshal((TPMU_SIG_SCHEME *)&(target->details), buffer, size, (UINT32)target->scheme); - return result; -} -UINT16 -TPMT_SIG_SCHEME_Marshal(TPMT_SIG_SCHEME *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + TPMI_ALG_SIG_SCHEME_Marshal((TPMI_ALG_SIG_SCHEME *)&(source->scheme), buffer, size)); - result = (UINT16)(result + TPMU_SIG_SCHEME_Marshal((TPMU_SIG_SCHEME *)&(source->details), buffer, size, (UINT32)source->scheme)); - return result; -} - -// Table 2:158 - Definition of Types for Encryption Schemes -#if ALG_RSA -#if !USE_MARSHALING_DEFINES -TPM_RC -TPMS_ENC_SCHEME_OAEP_Unmarshal(TPMS_ENC_SCHEME_OAEP *target, BYTE **buffer, INT32 *size) -{ - return TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)target, buffer, size); -} -UINT16 -TPMS_ENC_SCHEME_OAEP_Marshal(TPMS_ENC_SCHEME_OAEP *source, BYTE **buffer, INT32 *size) -{ - return TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)source, buffer, size); -} -TPM_RC -TPMS_ENC_SCHEME_RSAES_Unmarshal(TPMS_ENC_SCHEME_RSAES *target, BYTE **buffer, INT32 *size) -{ - return TPMS_EMPTY_Unmarshal((TPMS_EMPTY *)target, buffer, size); -} -UINT16 -TPMS_ENC_SCHEME_RSAES_Marshal(TPMS_ENC_SCHEME_RSAES *source, BYTE **buffer, INT32 *size) -{ - return TPMS_EMPTY_Marshal((TPMS_EMPTY *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES -#endif // ALG_RSA - -// Table 2:159 - Definition of Types for ECC Key Exchange -#if ALG_ECC -#if !USE_MARSHALING_DEFINES -TPM_RC -TPMS_KEY_SCHEME_ECDH_Unmarshal(TPMS_KEY_SCHEME_ECDH *target, BYTE **buffer, INT32 *size) -{ - return TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)target, buffer, size); -} -UINT16 -TPMS_KEY_SCHEME_ECDH_Marshal(TPMS_KEY_SCHEME_ECDH *source, BYTE **buffer, INT32 *size) -{ - return TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)source, buffer, size); -} -TPM_RC -TPMS_KEY_SCHEME_ECMQV_Unmarshal(TPMS_KEY_SCHEME_ECMQV *target, BYTE **buffer, INT32 *size) -{ - return TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)target, buffer, size); -} -UINT16 -TPMS_KEY_SCHEME_ECMQV_Marshal(TPMS_KEY_SCHEME_ECMQV *source, BYTE **buffer, INT32 *size) -{ - return TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES -#endif // ALG_ECC - -// Table 2:160 - Definition of Types for KDF Schemes -#if !USE_MARSHALING_DEFINES -TPM_RC -TPMS_SCHEME_MGF1_Unmarshal(TPMS_SCHEME_MGF1 *target, BYTE **buffer, INT32 *size) -{ - return TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)target, buffer, size); -} -UINT16 -TPMS_SCHEME_MGF1_Marshal(TPMS_SCHEME_MGF1 *source, BYTE **buffer, INT32 *size) -{ - return TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)source, buffer, size); -} -TPM_RC -TPMS_SCHEME_KDF1_SP800_56A_Unmarshal(TPMS_SCHEME_KDF1_SP800_56A *target, BYTE **buffer, INT32 *size) -{ - return TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)target, buffer, size); -} -UINT16 -TPMS_SCHEME_KDF1_SP800_56A_Marshal(TPMS_SCHEME_KDF1_SP800_56A *source, BYTE **buffer, INT32 *size) -{ - return TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)source, buffer, size); -} -TPM_RC -TPMS_SCHEME_KDF2_Unmarshal(TPMS_SCHEME_KDF2 *target, BYTE **buffer, INT32 *size) -{ - return TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)target, buffer, size); -} -UINT16 -TPMS_SCHEME_KDF2_Marshal(TPMS_SCHEME_KDF2 *source, BYTE **buffer, INT32 *size) -{ - return TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)source, buffer, size); -} -TPM_RC -TPMS_SCHEME_KDF1_SP800_108_Unmarshal(TPMS_SCHEME_KDF1_SP800_108 *target, BYTE **buffer, INT32 *size) -{ - return TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)target, buffer, size); -} -UINT16 -TPMS_SCHEME_KDF1_SP800_108_Marshal(TPMS_SCHEME_KDF1_SP800_108 *source, BYTE **buffer, INT32 *size) -{ - return TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:161 - Definition of TPMU_KDF_SCHEME Union -TPM_RC -TPMU_KDF_SCHEME_Unmarshal(TPMU_KDF_SCHEME *target, BYTE **buffer, INT32 *size, UINT32 selector) -{ - switch(selector) { -#if ALG_MGF1 - case ALG_MGF1_VALUE: - return TPMS_SCHEME_MGF1_Unmarshal((TPMS_SCHEME_MGF1 *)&(target->mgf1), buffer, size); -#endif // ALG_MGF1 -#if ALG_KDF1_SP800_56A - case ALG_KDF1_SP800_56A_VALUE: - return TPMS_SCHEME_KDF1_SP800_56A_Unmarshal((TPMS_SCHEME_KDF1_SP800_56A *)&(target->kdf1_sp800_56a), buffer, size); -#endif // ALG_KDF1_SP800_56A -#if ALG_KDF2 - case ALG_KDF2_VALUE: - return TPMS_SCHEME_KDF2_Unmarshal((TPMS_SCHEME_KDF2 *)&(target->kdf2), buffer, size); -#endif // ALG_KDF2 -#if ALG_KDF1_SP800_108 - case ALG_KDF1_SP800_108_VALUE: - return TPMS_SCHEME_KDF1_SP800_108_Unmarshal((TPMS_SCHEME_KDF1_SP800_108 *)&(target->kdf1_sp800_108), buffer, size); -#endif // ALG_KDF1_SP800_108 - case ALG_NULL_VALUE: - return TPM_RC_SUCCESS; - } - return TPM_RC_SELECTOR; -} -UINT16 -TPMU_KDF_SCHEME_Marshal(TPMU_KDF_SCHEME *source, BYTE **buffer, INT32 *size, UINT32 selector) -{ - switch(selector) { -#if ALG_MGF1 - case ALG_MGF1_VALUE: - return TPMS_SCHEME_MGF1_Marshal((TPMS_SCHEME_MGF1 *)&(source->mgf1), buffer, size); -#endif // ALG_MGF1 -#if ALG_KDF1_SP800_56A - case ALG_KDF1_SP800_56A_VALUE: - return TPMS_SCHEME_KDF1_SP800_56A_Marshal((TPMS_SCHEME_KDF1_SP800_56A *)&(source->kdf1_sp800_56a), buffer, size); -#endif // ALG_KDF1_SP800_56A -#if ALG_KDF2 - case ALG_KDF2_VALUE: - return TPMS_SCHEME_KDF2_Marshal((TPMS_SCHEME_KDF2 *)&(source->kdf2), buffer, size); -#endif // ALG_KDF2 -#if ALG_KDF1_SP800_108 - case ALG_KDF1_SP800_108_VALUE: - return TPMS_SCHEME_KDF1_SP800_108_Marshal((TPMS_SCHEME_KDF1_SP800_108 *)&(source->kdf1_sp800_108), buffer, size); -#endif // ALG_KDF1_SP800_108 - case ALG_NULL_VALUE: - return 0; - } - return 0; -} - -// Table 2:162 - Definition of TPMT_KDF_SCHEME Structure -TPM_RC -TPMT_KDF_SCHEME_Unmarshal(TPMT_KDF_SCHEME *target, BYTE **buffer, INT32 *size, BOOL flag) -{ - TPM_RC result; - result = TPMI_ALG_KDF_Unmarshal((TPMI_ALG_KDF *)&(target->scheme), buffer, size, flag); - if(result == TPM_RC_SUCCESS) - result = TPMU_KDF_SCHEME_Unmarshal((TPMU_KDF_SCHEME *)&(target->details), buffer, size, (UINT32)target->scheme); - return result; -} -UINT16 -TPMT_KDF_SCHEME_Marshal(TPMT_KDF_SCHEME *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + TPMI_ALG_KDF_Marshal((TPMI_ALG_KDF *)&(source->scheme), buffer, size)); - result = (UINT16)(result + TPMU_KDF_SCHEME_Marshal((TPMU_KDF_SCHEME *)&(source->details), buffer, size, (UINT32)source->scheme)); - return result; -} - -// Table 2:163 - Definition of TPMI_ALG_ASYM_SCHEME Type -TPM_RC -TPMI_ALG_ASYM_SCHEME_Unmarshal(TPMI_ALG_ASYM_SCHEME *target, BYTE **buffer, INT32 *size, BOOL flag) -{ - TPM_RC result; - result = TPM_ALG_ID_Unmarshal((TPM_ALG_ID *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - switch (*target) - { -#if ALG_ECDH - case ALG_ECDH_VALUE: -#endif // ALG_ECDH -#if ALG_ECMQV - case ALG_ECMQV_VALUE: -#endif // ALG_ECMQV -#if ALG_ECDAA - case ALG_ECDAA_VALUE: -#endif // ALG_ECDAA -#if ALG_RSASSA - case ALG_RSASSA_VALUE: -#endif // ALG_RSASSA -#if ALG_RSAPSS - case ALG_RSAPSS_VALUE: -#endif // ALG_RSAPSS -#if ALG_ECDSA - case ALG_ECDSA_VALUE: -#endif // ALG_ECDSA -#if ALG_SM2 - case ALG_SM2_VALUE: -#endif // ALG_SM2 -#if ALG_ECSCHNORR - case ALG_ECSCHNORR_VALUE: -#endif // ALG_ECSCHNORR -#if ALG_RSAES - case ALG_RSAES_VALUE: -#endif // ALG_RSAES -#if ALG_OAEP - case ALG_OAEP_VALUE: -#endif // ALG_OAEP - break; - case ALG_NULL_VALUE: - if(!flag) - result = TPM_RC_VALUE; - break; - default: - result = TPM_RC_VALUE; - break; - } - } - return result; -} -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_ALG_ASYM_SCHEME_Marshal(TPMI_ALG_ASYM_SCHEME *source, BYTE **buffer, INT32 *size) -{ - return TPM_ALG_ID_Marshal((TPM_ALG_ID *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:164 - Definition of TPMU_ASYM_SCHEME Union -TPM_RC -TPMU_ASYM_SCHEME_Unmarshal(TPMU_ASYM_SCHEME *target, BYTE **buffer, INT32 *size, UINT32 selector) -{ - switch(selector) { -#if ALG_ECDH - case ALG_ECDH_VALUE: - return TPMS_KEY_SCHEME_ECDH_Unmarshal((TPMS_KEY_SCHEME_ECDH *)&(target->ecdh), buffer, size); -#endif // ALG_ECDH -#if ALG_ECMQV - case ALG_ECMQV_VALUE: - return TPMS_KEY_SCHEME_ECMQV_Unmarshal((TPMS_KEY_SCHEME_ECMQV *)&(target->ecmqv), buffer, size); -#endif // ALG_ECMQV -#if ALG_ECDAA - case ALG_ECDAA_VALUE: - return TPMS_SIG_SCHEME_ECDAA_Unmarshal((TPMS_SIG_SCHEME_ECDAA *)&(target->ecdaa), buffer, size); -#endif // ALG_ECDAA -#if ALG_RSASSA - case ALG_RSASSA_VALUE: - return TPMS_SIG_SCHEME_RSASSA_Unmarshal((TPMS_SIG_SCHEME_RSASSA *)&(target->rsassa), buffer, size); -#endif // ALG_RSASSA -#if ALG_RSAPSS - case ALG_RSAPSS_VALUE: - return TPMS_SIG_SCHEME_RSAPSS_Unmarshal((TPMS_SIG_SCHEME_RSAPSS *)&(target->rsapss), buffer, size); -#endif // ALG_RSAPSS -#if ALG_ECDSA - case ALG_ECDSA_VALUE: - return TPMS_SIG_SCHEME_ECDSA_Unmarshal((TPMS_SIG_SCHEME_ECDSA *)&(target->ecdsa), buffer, size); -#endif // ALG_ECDSA -#if ALG_SM2 - case ALG_SM2_VALUE: - return TPMS_SIG_SCHEME_SM2_Unmarshal((TPMS_SIG_SCHEME_SM2 *)&(target->sm2), buffer, size); -#endif // ALG_SM2 -#if ALG_ECSCHNORR - case ALG_ECSCHNORR_VALUE: - return TPMS_SIG_SCHEME_ECSCHNORR_Unmarshal((TPMS_SIG_SCHEME_ECSCHNORR *)&(target->ecschnorr), buffer, size); -#endif // ALG_ECSCHNORR -#if ALG_RSAES - case ALG_RSAES_VALUE: - return TPMS_ENC_SCHEME_RSAES_Unmarshal((TPMS_ENC_SCHEME_RSAES *)&(target->rsaes), buffer, size); -#endif // ALG_RSAES -#if ALG_OAEP - case ALG_OAEP_VALUE: - return TPMS_ENC_SCHEME_OAEP_Unmarshal((TPMS_ENC_SCHEME_OAEP *)&(target->oaep), buffer, size); -#endif // ALG_OAEP - case ALG_NULL_VALUE: - return TPM_RC_SUCCESS; - } - return TPM_RC_SELECTOR; -} -UINT16 -TPMU_ASYM_SCHEME_Marshal(TPMU_ASYM_SCHEME *source, BYTE **buffer, INT32 *size, UINT32 selector) -{ - switch(selector) { -#if ALG_ECDH - case ALG_ECDH_VALUE: - return TPMS_KEY_SCHEME_ECDH_Marshal((TPMS_KEY_SCHEME_ECDH *)&(source->ecdh), buffer, size); -#endif // ALG_ECDH -#if ALG_ECMQV - case ALG_ECMQV_VALUE: - return TPMS_KEY_SCHEME_ECMQV_Marshal((TPMS_KEY_SCHEME_ECMQV *)&(source->ecmqv), buffer, size); -#endif // ALG_ECMQV -#if ALG_ECDAA - case ALG_ECDAA_VALUE: - return TPMS_SIG_SCHEME_ECDAA_Marshal((TPMS_SIG_SCHEME_ECDAA *)&(source->ecdaa), buffer, size); -#endif // ALG_ECDAA -#if ALG_RSASSA - case ALG_RSASSA_VALUE: - return TPMS_SIG_SCHEME_RSASSA_Marshal((TPMS_SIG_SCHEME_RSASSA *)&(source->rsassa), buffer, size); -#endif // ALG_RSASSA -#if ALG_RSAPSS - case ALG_RSAPSS_VALUE: - return TPMS_SIG_SCHEME_RSAPSS_Marshal((TPMS_SIG_SCHEME_RSAPSS *)&(source->rsapss), buffer, size); -#endif // ALG_RSAPSS -#if ALG_ECDSA - case ALG_ECDSA_VALUE: - return TPMS_SIG_SCHEME_ECDSA_Marshal((TPMS_SIG_SCHEME_ECDSA *)&(source->ecdsa), buffer, size); -#endif // ALG_ECDSA -#if ALG_SM2 - case ALG_SM2_VALUE: - return TPMS_SIG_SCHEME_SM2_Marshal((TPMS_SIG_SCHEME_SM2 *)&(source->sm2), buffer, size); -#endif // ALG_SM2 -#if ALG_ECSCHNORR - case ALG_ECSCHNORR_VALUE: - return TPMS_SIG_SCHEME_ECSCHNORR_Marshal((TPMS_SIG_SCHEME_ECSCHNORR *)&(source->ecschnorr), buffer, size); -#endif // ALG_ECSCHNORR -#if ALG_RSAES - case ALG_RSAES_VALUE: - return TPMS_ENC_SCHEME_RSAES_Marshal((TPMS_ENC_SCHEME_RSAES *)&(source->rsaes), buffer, size); -#endif // ALG_RSAES -#if ALG_OAEP - case ALG_OAEP_VALUE: - return TPMS_ENC_SCHEME_OAEP_Marshal((TPMS_ENC_SCHEME_OAEP *)&(source->oaep), buffer, size); -#endif // ALG_OAEP - case ALG_NULL_VALUE: - return 0; - } - return 0; -} - -// Table 2:165 - Definition of TPMT_ASYM_SCHEME Structure -// Table 2:166 - Definition of TPMI_ALG_RSA_SCHEME Type -#if ALG_RSA -TPM_RC -TPMI_ALG_RSA_SCHEME_Unmarshal(TPMI_ALG_RSA_SCHEME *target, BYTE **buffer, INT32 *size, BOOL flag) -{ - TPM_RC result; - result = TPM_ALG_ID_Unmarshal((TPM_ALG_ID *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - switch (*target) - { -#if ALG_RSAES - case ALG_RSAES_VALUE: -#endif // ALG_RSAES -#if ALG_OAEP - case ALG_OAEP_VALUE: -#endif // ALG_OAEP -#if ALG_RSASSA - case ALG_RSASSA_VALUE: -#endif // ALG_RSASSA -#if ALG_RSAPSS - case ALG_RSAPSS_VALUE: -#endif // ALG_RSAPSS - break; - case ALG_NULL_VALUE: - if(!flag) - result = TPM_RC_VALUE; - break; - default: - result = TPM_RC_VALUE; - break; - } - } - return result; -} -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_ALG_RSA_SCHEME_Marshal(TPMI_ALG_RSA_SCHEME *source, BYTE **buffer, INT32 *size) -{ - return TPM_ALG_ID_Marshal((TPM_ALG_ID *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES -#endif // ALG_RSA - -// Table 2:167 - Definition of TPMT_RSA_SCHEME Structure -#if ALG_RSA -TPM_RC -TPMT_RSA_SCHEME_Unmarshal(TPMT_RSA_SCHEME *target, BYTE **buffer, INT32 *size, BOOL flag) -{ - TPM_RC result; - result = TPMI_ALG_RSA_SCHEME_Unmarshal((TPMI_ALG_RSA_SCHEME *)&(target->scheme), buffer, size, flag); - if(result == TPM_RC_SUCCESS) - result = TPMU_ASYM_SCHEME_Unmarshal((TPMU_ASYM_SCHEME *)&(target->details), buffer, size, (UINT32)target->scheme); - return result; -} -UINT16 -TPMT_RSA_SCHEME_Marshal(TPMT_RSA_SCHEME *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + TPMI_ALG_RSA_SCHEME_Marshal((TPMI_ALG_RSA_SCHEME *)&(source->scheme), buffer, size)); - result = (UINT16)(result + TPMU_ASYM_SCHEME_Marshal((TPMU_ASYM_SCHEME *)&(source->details), buffer, size, (UINT32)source->scheme)); - return result; -} -#endif // ALG_RSA - -// Table 2:168 - Definition of TPMI_ALG_RSA_DECRYPT Type -#if ALG_RSA -TPM_RC -TPMI_ALG_RSA_DECRYPT_Unmarshal(TPMI_ALG_RSA_DECRYPT *target, BYTE **buffer, INT32 *size, BOOL flag) -{ - TPM_RC result; - result = TPM_ALG_ID_Unmarshal((TPM_ALG_ID *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - switch (*target) - { -#if ALG_RSAES - case ALG_RSAES_VALUE: -#endif // ALG_RSAES -#if ALG_OAEP - case ALG_OAEP_VALUE: -#endif // ALG_OAEP - break; - case ALG_NULL_VALUE: - if(!flag) - result = TPM_RC_VALUE; - break; - default: - result = TPM_RC_VALUE; - break; - } - } - return result; -} -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_ALG_RSA_DECRYPT_Marshal(TPMI_ALG_RSA_DECRYPT *source, BYTE **buffer, INT32 *size) -{ - return TPM_ALG_ID_Marshal((TPM_ALG_ID *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES -#endif // ALG_RSA - -// Table 2:169 - Definition of TPMT_RSA_DECRYPT Structure -#if ALG_RSA -TPM_RC -TPMT_RSA_DECRYPT_Unmarshal(TPMT_RSA_DECRYPT *target, BYTE **buffer, INT32 *size, BOOL flag) -{ - TPM_RC result; - result = TPMI_ALG_RSA_DECRYPT_Unmarshal((TPMI_ALG_RSA_DECRYPT *)&(target->scheme), buffer, size, flag); - if(result == TPM_RC_SUCCESS) - result = TPMU_ASYM_SCHEME_Unmarshal((TPMU_ASYM_SCHEME *)&(target->details), buffer, size, (UINT32)target->scheme); - return result; -} -UINT16 -TPMT_RSA_DECRYPT_Marshal(TPMT_RSA_DECRYPT *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + TPMI_ALG_RSA_DECRYPT_Marshal((TPMI_ALG_RSA_DECRYPT *)&(source->scheme), buffer, size)); - result = (UINT16)(result + TPMU_ASYM_SCHEME_Marshal((TPMU_ASYM_SCHEME *)&(source->details), buffer, size, (UINT32)source->scheme)); - return result; -} -#endif // ALG_RSA - -// Table 2:170 - Definition of TPM2B_PUBLIC_KEY_RSA Structure -#if ALG_RSA -TPM_RC -TPM2B_PUBLIC_KEY_RSA_Unmarshal(TPM2B_PUBLIC_KEY_RSA *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = UINT16_Unmarshal((UINT16 *)&(target->t.size), buffer, size); - if(result == TPM_RC_SUCCESS) - { - if((target->t.size) > MAX_RSA_KEY_BYTES) - result = TPM_RC_SIZE; - else - result = BYTE_Array_Unmarshal((BYTE *)(target->t.buffer), buffer, size, (INT32)(target->t.size)); - } - return result; -} -UINT16 -TPM2B_PUBLIC_KEY_RSA_Marshal(TPM2B_PUBLIC_KEY_RSA *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->t.size), buffer, size)); - // if size equal to 0, the rest of the structure is a zero buffer. Stop processing - if(source->t.size == 0) - return result; - result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->t.buffer), buffer, size, (INT32)(source->t.size))); - return result; -} -#endif // ALG_RSA - -// Table 2:171 - Definition of TPMI_RSA_KEY_BITS Type -#if ALG_RSA -TPM_RC -TPMI_RSA_KEY_BITS_Unmarshal(TPMI_RSA_KEY_BITS *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = TPM_KEY_BITS_Unmarshal((TPM_KEY_BITS *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - switch (*target) - { -#if RSA_1024 - case 1024: -#endif // RSA_1024 -#if RSA_2048 - case 2048: -#endif // RSA_2048 -#if RSA_3072 - case 3072: -#endif // RSA_3072 -#if RSA_4096 - case 4096: -#endif // RSA_4096 - break; - default: - result = TPM_RC_VALUE; - break; - } - } - return result; -} -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_RSA_KEY_BITS_Marshal(TPMI_RSA_KEY_BITS *source, BYTE **buffer, INT32 *size) -{ - return TPM_KEY_BITS_Marshal((TPM_KEY_BITS *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES -#endif // ALG_RSA - -// Table 2:172 - Definition of TPM2B_PRIVATE_KEY_RSA Structure -#if ALG_RSA -TPM_RC -TPM2B_PRIVATE_KEY_RSA_Unmarshal(TPM2B_PRIVATE_KEY_RSA *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = UINT16_Unmarshal((UINT16 *)&(target->t.size), buffer, size); - if(result == TPM_RC_SUCCESS) - { - if((target->t.size) > RSA_PRIVATE_SIZE) - result = TPM_RC_SIZE; - else - result = BYTE_Array_Unmarshal((BYTE *)(target->t.buffer), buffer, size, (INT32)(target->t.size)); - } - return result; -} -UINT16 -TPM2B_PRIVATE_KEY_RSA_Marshal(TPM2B_PRIVATE_KEY_RSA *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->t.size), buffer, size)); - // if size equal to 0, the rest of the structure is a zero buffer. Stop processing - if(source->t.size == 0) - return result; - result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->t.buffer), buffer, size, (INT32)(source->t.size))); - return result; -} -#endif // ALG_RSA - -// Table 2:173 - Definition of TPM2B_ECC_PARAMETER Structure -TPM_RC -TPM2B_ECC_PARAMETER_Unmarshal(TPM2B_ECC_PARAMETER *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = UINT16_Unmarshal((UINT16 *)&(target->t.size), buffer, size); - if(result == TPM_RC_SUCCESS) - { - if((target->t.size) > MAX_ECC_KEY_BYTES) - result = TPM_RC_SIZE; - else - result = BYTE_Array_Unmarshal((BYTE *)(target->t.buffer), buffer, size, (INT32)(target->t.size)); - } - return result; -} -UINT16 -TPM2B_ECC_PARAMETER_Marshal(TPM2B_ECC_PARAMETER *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->t.size), buffer, size)); - // if size equal to 0, the rest of the structure is a zero buffer. Stop processing - if(source->t.size == 0) - return result; - result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->t.buffer), buffer, size, (INT32)(source->t.size))); - return result; -} - -// Table 2:174 - Definition of TPMS_ECC_POINT Structure -#if ALG_ECC -TPM_RC -TPMS_ECC_POINT_Unmarshal(TPMS_ECC_POINT *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = TPM2B_ECC_PARAMETER_Unmarshal((TPM2B_ECC_PARAMETER *)&(target->x), buffer, size); - if(result == TPM_RC_SUCCESS) - result = TPM2B_ECC_PARAMETER_Unmarshal((TPM2B_ECC_PARAMETER *)&(target->y), buffer, size); - return result; -} -UINT16 -TPMS_ECC_POINT_Marshal(TPMS_ECC_POINT *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + TPM2B_ECC_PARAMETER_Marshal((TPM2B_ECC_PARAMETER *)&(source->x), buffer, size)); - result = (UINT16)(result + TPM2B_ECC_PARAMETER_Marshal((TPM2B_ECC_PARAMETER *)&(source->y), buffer, size)); - return result; -} -#endif // ALG_ECC - -// Table 2:175 - Definition of TPM2B_ECC_POINT Structure -#if ALG_ECC -TPM_RC -TPM2B_ECC_POINT_Unmarshal(TPM2B_ECC_POINT *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = UINT16_Unmarshal((UINT16 *)&(target->size), buffer, size); // =a - if(result == TPM_RC_SUCCESS) - { - // if size is zero, then the required structure is missing - if(target->size == 0) - result = TPM_RC_SIZE; - else - { - INT32 startSize = *size; - result = TPMS_ECC_POINT_Unmarshal((TPMS_ECC_POINT *)&(target->point), buffer, size); // =b - if(result == TPM_RC_SUCCESS) - { - if(target->size != (startSize - *size)) - result = TPM_RC_SIZE; - } - } - } - return result; -} -UINT16 -TPM2B_ECC_POINT_Marshal(TPM2B_ECC_POINT *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - // Marshal a dummy value of the 2B size. This makes sure that 'buffer' - // and 'size' are advanced as necessary (i.e., if they are present) - result = UINT16_Marshal(&result, buffer, size); - // Marshal the structure - result = (UINT16)(result + TPMS_ECC_POINT_Marshal((TPMS_ECC_POINT *)&(source->point), buffer, size)); - // if a buffer was provided, go back and fill in the actual size - if(buffer != NULL) - UINT16_TO_BYTE_ARRAY((result - 2), (*buffer - result)); - return result; -} -#endif // ALG_ECC - -// Table 2:176 - Definition of TPMI_ALG_ECC_SCHEME Type -#if ALG_ECC -TPM_RC -TPMI_ALG_ECC_SCHEME_Unmarshal(TPMI_ALG_ECC_SCHEME *target, BYTE **buffer, INT32 *size, BOOL flag) -{ - TPM_RC result; - result = TPM_ALG_ID_Unmarshal((TPM_ALG_ID *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - switch (*target) - { -#if ALG_ECDAA - case ALG_ECDAA_VALUE: -#endif // ALG_ECDAA -#if ALG_ECDSA - case ALG_ECDSA_VALUE: -#endif // ALG_ECDSA -#if ALG_SM2 - case ALG_SM2_VALUE: -#endif // ALG_SM2 -#if ALG_ECSCHNORR - case ALG_ECSCHNORR_VALUE: -#endif // ALG_ECSCHNORR -#if ALG_ECDH - case ALG_ECDH_VALUE: -#endif // ALG_ECDH -#if ALG_ECMQV - case ALG_ECMQV_VALUE: -#endif // ALG_ECMQV - break; - case ALG_NULL_VALUE: - if(!flag) - result = TPM_RC_SCHEME; - break; - default: - result = TPM_RC_SCHEME; - break; - } - } - return result; -} -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_ALG_ECC_SCHEME_Marshal(TPMI_ALG_ECC_SCHEME *source, BYTE **buffer, INT32 *size) -{ - return TPM_ALG_ID_Marshal((TPM_ALG_ID *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES -#endif // ALG_ECC - -// Table 2:177 - Definition of TPMI_ECC_CURVE Type -#if ALG_ECC -TPM_RC -TPMI_ECC_CURVE_Unmarshal(TPMI_ECC_CURVE *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = TPM_ECC_CURVE_Unmarshal((TPM_ECC_CURVE *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - switch (*target) - { -#if ECC_BN_P256 - case TPM_ECC_BN_P256: -#endif // ECC_BN_P256 -#if ECC_BN_P638 - case TPM_ECC_BN_P638: -#endif // ECC_BN_P638 -#if ECC_NIST_P192 - case TPM_ECC_NIST_P192: -#endif // ECC_NIST_P192 -#if ECC_NIST_P224 - case TPM_ECC_NIST_P224: -#endif // ECC_NIST_P224 -#if ECC_NIST_P256 - case TPM_ECC_NIST_P256: -#endif // ECC_NIST_P256 -#if ECC_NIST_P384 - case TPM_ECC_NIST_P384: -#endif // ECC_NIST_P384 -#if ECC_NIST_P521 - case TPM_ECC_NIST_P521: -#endif // ECC_NIST_P521 -#if ECC_SM2_P256 - case TPM_ECC_SM2_P256: -#endif // ECC_SM2_P256 - break; - default: - result = TPM_RC_CURVE; - break; - } - } - return result; -} -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_ECC_CURVE_Marshal(TPMI_ECC_CURVE *source, BYTE **buffer, INT32 *size) -{ - return TPM_ECC_CURVE_Marshal((TPM_ECC_CURVE *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES -#endif // ALG_ECC - -// Table 2:178 - Definition of TPMT_ECC_SCHEME Structure -#if ALG_ECC -TPM_RC -TPMT_ECC_SCHEME_Unmarshal(TPMT_ECC_SCHEME *target, BYTE **buffer, INT32 *size, BOOL flag) -{ - TPM_RC result; - result = TPMI_ALG_ECC_SCHEME_Unmarshal((TPMI_ALG_ECC_SCHEME *)&(target->scheme), buffer, size, flag); - if(result == TPM_RC_SUCCESS) - result = TPMU_ASYM_SCHEME_Unmarshal((TPMU_ASYM_SCHEME *)&(target->details), buffer, size, (UINT32)target->scheme); - return result; -} -UINT16 -TPMT_ECC_SCHEME_Marshal(TPMT_ECC_SCHEME *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + TPMI_ALG_ECC_SCHEME_Marshal((TPMI_ALG_ECC_SCHEME *)&(source->scheme), buffer, size)); - result = (UINT16)(result + TPMU_ASYM_SCHEME_Marshal((TPMU_ASYM_SCHEME *)&(source->details), buffer, size, (UINT32)source->scheme)); - return result; -} -#endif // ALG_ECC - -// Table 2:179 - Definition of TPMS_ALGORITHM_DETAIL_ECC Structure -#if ALG_ECC -UINT16 -TPMS_ALGORITHM_DETAIL_ECC_Marshal(TPMS_ALGORITHM_DETAIL_ECC *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + TPM_ECC_CURVE_Marshal((TPM_ECC_CURVE *)&(source->curveID), buffer, size)); - result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->keySize), buffer, size)); - result = (UINT16)(result + TPMT_KDF_SCHEME_Marshal((TPMT_KDF_SCHEME *)&(source->kdf), buffer, size)); - result = (UINT16)(result + TPMT_ECC_SCHEME_Marshal((TPMT_ECC_SCHEME *)&(source->sign), buffer, size)); - result = (UINT16)(result + TPM2B_ECC_PARAMETER_Marshal((TPM2B_ECC_PARAMETER *)&(source->p), buffer, size)); - result = (UINT16)(result + TPM2B_ECC_PARAMETER_Marshal((TPM2B_ECC_PARAMETER *)&(source->a), buffer, size)); - result = (UINT16)(result + TPM2B_ECC_PARAMETER_Marshal((TPM2B_ECC_PARAMETER *)&(source->b), buffer, size)); - result = (UINT16)(result + TPM2B_ECC_PARAMETER_Marshal((TPM2B_ECC_PARAMETER *)&(source->gX), buffer, size)); - result = (UINT16)(result + TPM2B_ECC_PARAMETER_Marshal((TPM2B_ECC_PARAMETER *)&(source->gY), buffer, size)); - result = (UINT16)(result + TPM2B_ECC_PARAMETER_Marshal((TPM2B_ECC_PARAMETER *)&(source->n), buffer, size)); - result = (UINT16)(result + TPM2B_ECC_PARAMETER_Marshal((TPM2B_ECC_PARAMETER *)&(source->h), buffer, size)); - return result; -} -#endif // ALG_ECC - -// Table 2:180 - Definition of TPMS_SIGNATURE_RSA Structure -#if ALG_RSA -TPM_RC -TPMS_SIGNATURE_RSA_Unmarshal(TPMS_SIGNATURE_RSA *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = TPMI_ALG_HASH_Unmarshal((TPMI_ALG_HASH *)&(target->hash), buffer, size, 0); - if(result == TPM_RC_SUCCESS) - result = TPM2B_PUBLIC_KEY_RSA_Unmarshal((TPM2B_PUBLIC_KEY_RSA *)&(target->sig), buffer, size); - return result; -} -UINT16 -TPMS_SIGNATURE_RSA_Marshal(TPMS_SIGNATURE_RSA *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + TPMI_ALG_HASH_Marshal((TPMI_ALG_HASH *)&(source->hash), buffer, size)); - result = (UINT16)(result + TPM2B_PUBLIC_KEY_RSA_Marshal((TPM2B_PUBLIC_KEY_RSA *)&(source->sig), buffer, size)); - return result; -} -#endif // ALG_RSA - -// Table 2:181 - Definition of Types for Signature -#if ALG_RSA -#if !USE_MARSHALING_DEFINES -TPM_RC -TPMS_SIGNATURE_RSASSA_Unmarshal(TPMS_SIGNATURE_RSASSA *target, BYTE **buffer, INT32 *size) -{ - return TPMS_SIGNATURE_RSA_Unmarshal((TPMS_SIGNATURE_RSA *)target, buffer, size); -} -UINT16 -TPMS_SIGNATURE_RSASSA_Marshal(TPMS_SIGNATURE_RSASSA *source, BYTE **buffer, INT32 *size) -{ - return TPMS_SIGNATURE_RSA_Marshal((TPMS_SIGNATURE_RSA *)source, buffer, size); -} -TPM_RC -TPMS_SIGNATURE_RSAPSS_Unmarshal(TPMS_SIGNATURE_RSAPSS *target, BYTE **buffer, INT32 *size) -{ - return TPMS_SIGNATURE_RSA_Unmarshal((TPMS_SIGNATURE_RSA *)target, buffer, size); -} -UINT16 -TPMS_SIGNATURE_RSAPSS_Marshal(TPMS_SIGNATURE_RSAPSS *source, BYTE **buffer, INT32 *size) -{ - return TPMS_SIGNATURE_RSA_Marshal((TPMS_SIGNATURE_RSA *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES -#endif // ALG_RSA - -// Table 2:182 - Definition of TPMS_SIGNATURE_ECC Structure -#if ALG_ECC -TPM_RC -TPMS_SIGNATURE_ECC_Unmarshal(TPMS_SIGNATURE_ECC *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = TPMI_ALG_HASH_Unmarshal((TPMI_ALG_HASH *)&(target->hash), buffer, size, 0); - if(result == TPM_RC_SUCCESS) - result = TPM2B_ECC_PARAMETER_Unmarshal((TPM2B_ECC_PARAMETER *)&(target->signatureR), buffer, size); - if(result == TPM_RC_SUCCESS) - result = TPM2B_ECC_PARAMETER_Unmarshal((TPM2B_ECC_PARAMETER *)&(target->signatureS), buffer, size); - return result; -} -UINT16 -TPMS_SIGNATURE_ECC_Marshal(TPMS_SIGNATURE_ECC *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + TPMI_ALG_HASH_Marshal((TPMI_ALG_HASH *)&(source->hash), buffer, size)); - result = (UINT16)(result + TPM2B_ECC_PARAMETER_Marshal((TPM2B_ECC_PARAMETER *)&(source->signatureR), buffer, size)); - result = (UINT16)(result + TPM2B_ECC_PARAMETER_Marshal((TPM2B_ECC_PARAMETER *)&(source->signatureS), buffer, size)); - return result; -} -#endif // ALG_ECC - -// Table 2:183 - Definition of Types for TPMS_SIGNATURE_ECC -#if ALG_ECC -#if !USE_MARSHALING_DEFINES -TPM_RC -TPMS_SIGNATURE_ECDAA_Unmarshal(TPMS_SIGNATURE_ECDAA *target, BYTE **buffer, INT32 *size) -{ - return TPMS_SIGNATURE_ECC_Unmarshal((TPMS_SIGNATURE_ECC *)target, buffer, size); -} -UINT16 -TPMS_SIGNATURE_ECDAA_Marshal(TPMS_SIGNATURE_ECDAA *source, BYTE **buffer, INT32 *size) -{ - return TPMS_SIGNATURE_ECC_Marshal((TPMS_SIGNATURE_ECC *)source, buffer, size); -} -TPM_RC -TPMS_SIGNATURE_ECDSA_Unmarshal(TPMS_SIGNATURE_ECDSA *target, BYTE **buffer, INT32 *size) -{ - return TPMS_SIGNATURE_ECC_Unmarshal((TPMS_SIGNATURE_ECC *)target, buffer, size); -} -UINT16 -TPMS_SIGNATURE_ECDSA_Marshal(TPMS_SIGNATURE_ECDSA *source, BYTE **buffer, INT32 *size) -{ - return TPMS_SIGNATURE_ECC_Marshal((TPMS_SIGNATURE_ECC *)source, buffer, size); -} -TPM_RC -TPMS_SIGNATURE_SM2_Unmarshal(TPMS_SIGNATURE_SM2 *target, BYTE **buffer, INT32 *size) -{ - return TPMS_SIGNATURE_ECC_Unmarshal((TPMS_SIGNATURE_ECC *)target, buffer, size); -} -UINT16 -TPMS_SIGNATURE_SM2_Marshal(TPMS_SIGNATURE_SM2 *source, BYTE **buffer, INT32 *size) -{ - return TPMS_SIGNATURE_ECC_Marshal((TPMS_SIGNATURE_ECC *)source, buffer, size); -} -TPM_RC -TPMS_SIGNATURE_ECSCHNORR_Unmarshal(TPMS_SIGNATURE_ECSCHNORR *target, BYTE **buffer, INT32 *size) -{ - return TPMS_SIGNATURE_ECC_Unmarshal((TPMS_SIGNATURE_ECC *)target, buffer, size); -} -UINT16 -TPMS_SIGNATURE_ECSCHNORR_Marshal(TPMS_SIGNATURE_ECSCHNORR *source, BYTE **buffer, INT32 *size) -{ - return TPMS_SIGNATURE_ECC_Marshal((TPMS_SIGNATURE_ECC *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES -#endif // ALG_ECC - -// Table 2:184 - Definition of TPMU_SIGNATURE Union -TPM_RC -TPMU_SIGNATURE_Unmarshal(TPMU_SIGNATURE *target, BYTE **buffer, INT32 *size, UINT32 selector) -{ - switch(selector) { -#if ALG_ECDAA - case ALG_ECDAA_VALUE: - return TPMS_SIGNATURE_ECDAA_Unmarshal((TPMS_SIGNATURE_ECDAA *)&(target->ecdaa), buffer, size); -#endif // ALG_ECDAA -#if ALG_RSASSA - case ALG_RSASSA_VALUE: - return TPMS_SIGNATURE_RSASSA_Unmarshal((TPMS_SIGNATURE_RSASSA *)&(target->rsassa), buffer, size); -#endif // ALG_RSASSA -#if ALG_RSAPSS - case ALG_RSAPSS_VALUE: - return TPMS_SIGNATURE_RSAPSS_Unmarshal((TPMS_SIGNATURE_RSAPSS *)&(target->rsapss), buffer, size); -#endif // ALG_RSAPSS -#if ALG_ECDSA - case ALG_ECDSA_VALUE: - return TPMS_SIGNATURE_ECDSA_Unmarshal((TPMS_SIGNATURE_ECDSA *)&(target->ecdsa), buffer, size); -#endif // ALG_ECDSA -#if ALG_SM2 - case ALG_SM2_VALUE: - return TPMS_SIGNATURE_SM2_Unmarshal((TPMS_SIGNATURE_SM2 *)&(target->sm2), buffer, size); -#endif // ALG_SM2 -#if ALG_ECSCHNORR - case ALG_ECSCHNORR_VALUE: - return TPMS_SIGNATURE_ECSCHNORR_Unmarshal((TPMS_SIGNATURE_ECSCHNORR *)&(target->ecschnorr), buffer, size); -#endif // ALG_ECSCHNORR -#if ALG_HMAC - case ALG_HMAC_VALUE: - return TPMT_HA_Unmarshal((TPMT_HA *)&(target->hmac), buffer, size, 0); -#endif // ALG_HMAC - case ALG_NULL_VALUE: - return TPM_RC_SUCCESS; - } - return TPM_RC_SELECTOR; -} -UINT16 -TPMU_SIGNATURE_Marshal(TPMU_SIGNATURE *source, BYTE **buffer, INT32 *size, UINT32 selector) -{ - switch(selector) { -#if ALG_ECDAA - case ALG_ECDAA_VALUE: - return TPMS_SIGNATURE_ECDAA_Marshal((TPMS_SIGNATURE_ECDAA *)&(source->ecdaa), buffer, size); -#endif // ALG_ECDAA -#if ALG_RSASSA - case ALG_RSASSA_VALUE: - return TPMS_SIGNATURE_RSASSA_Marshal((TPMS_SIGNATURE_RSASSA *)&(source->rsassa), buffer, size); -#endif // ALG_RSASSA -#if ALG_RSAPSS - case ALG_RSAPSS_VALUE: - return TPMS_SIGNATURE_RSAPSS_Marshal((TPMS_SIGNATURE_RSAPSS *)&(source->rsapss), buffer, size); -#endif // ALG_RSAPSS -#if ALG_ECDSA - case ALG_ECDSA_VALUE: - return TPMS_SIGNATURE_ECDSA_Marshal((TPMS_SIGNATURE_ECDSA *)&(source->ecdsa), buffer, size); -#endif // ALG_ECDSA -#if ALG_SM2 - case ALG_SM2_VALUE: - return TPMS_SIGNATURE_SM2_Marshal((TPMS_SIGNATURE_SM2 *)&(source->sm2), buffer, size); -#endif // ALG_SM2 -#if ALG_ECSCHNORR - case ALG_ECSCHNORR_VALUE: - return TPMS_SIGNATURE_ECSCHNORR_Marshal((TPMS_SIGNATURE_ECSCHNORR *)&(source->ecschnorr), buffer, size); -#endif // ALG_ECSCHNORR -#if ALG_HMAC - case ALG_HMAC_VALUE: - return TPMT_HA_Marshal((TPMT_HA *)&(source->hmac), buffer, size); -#endif // ALG_HMAC - case ALG_NULL_VALUE: - return 0; - } - return 0; -} - -// Table 2:185 - Definition of TPMT_SIGNATURE Structure -TPM_RC -TPMT_SIGNATURE_Unmarshal(TPMT_SIGNATURE *target, BYTE **buffer, INT32 *size, BOOL flag) -{ - TPM_RC result; - result = TPMI_ALG_SIG_SCHEME_Unmarshal((TPMI_ALG_SIG_SCHEME *)&(target->sigAlg), buffer, size, flag); - if(result == TPM_RC_SUCCESS) - result = TPMU_SIGNATURE_Unmarshal((TPMU_SIGNATURE *)&(target->signature), buffer, size, (UINT32)target->sigAlg); - return result; -} -UINT16 -TPMT_SIGNATURE_Marshal(TPMT_SIGNATURE *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + TPMI_ALG_SIG_SCHEME_Marshal((TPMI_ALG_SIG_SCHEME *)&(source->sigAlg), buffer, size)); - result = (UINT16)(result + TPMU_SIGNATURE_Marshal((TPMU_SIGNATURE *)&(source->signature), buffer, size, (UINT32)source->sigAlg)); - return result; -} - -// Table 2:186 - Definition of TPMU_ENCRYPTED_SECRET Union -TPM_RC -TPMU_ENCRYPTED_SECRET_Unmarshal(TPMU_ENCRYPTED_SECRET *target, BYTE **buffer, INT32 *size, UINT32 selector) -{ - switch(selector) { -#if ALG_ECC - case ALG_ECC_VALUE: - return BYTE_Array_Unmarshal((BYTE *)(target->ecc), buffer, size, (INT32)sizeof(TPMS_ECC_POINT)); -#endif // ALG_ECC -#if ALG_RSA - case ALG_RSA_VALUE: - return BYTE_Array_Unmarshal((BYTE *)(target->rsa), buffer, size, (INT32)MAX_RSA_KEY_BYTES); -#endif // ALG_RSA -#if ALG_SYMCIPHER - case ALG_SYMCIPHER_VALUE: - return BYTE_Array_Unmarshal((BYTE *)(target->symmetric), buffer, size, (INT32)sizeof(TPM2B_DIGEST)); -#endif // ALG_SYMCIPHER -#if ALG_KEYEDHASH - case ALG_KEYEDHASH_VALUE: - return BYTE_Array_Unmarshal((BYTE *)(target->keyedHash), buffer, size, (INT32)sizeof(TPM2B_DIGEST)); -#endif // ALG_KEYEDHASH - } - return TPM_RC_SELECTOR; -} -UINT16 -TPMU_ENCRYPTED_SECRET_Marshal(TPMU_ENCRYPTED_SECRET *source, BYTE **buffer, INT32 *size, UINT32 selector) -{ - switch(selector) { -#if ALG_ECC - case ALG_ECC_VALUE: - return BYTE_Array_Marshal((BYTE *)(source->ecc), buffer, size, (INT32)sizeof(TPMS_ECC_POINT)); -#endif // ALG_ECC -#if ALG_RSA - case ALG_RSA_VALUE: - return BYTE_Array_Marshal((BYTE *)(source->rsa), buffer, size, (INT32)MAX_RSA_KEY_BYTES); -#endif // ALG_RSA -#if ALG_SYMCIPHER - case ALG_SYMCIPHER_VALUE: - return BYTE_Array_Marshal((BYTE *)(source->symmetric), buffer, size, (INT32)sizeof(TPM2B_DIGEST)); -#endif // ALG_SYMCIPHER -#if ALG_KEYEDHASH - case ALG_KEYEDHASH_VALUE: - return BYTE_Array_Marshal((BYTE *)(source->keyedHash), buffer, size, (INT32)sizeof(TPM2B_DIGEST)); -#endif // ALG_KEYEDHASH - } - return 0; -} - -// Table 2:187 - Definition of TPM2B_ENCRYPTED_SECRET Structure -TPM_RC -TPM2B_ENCRYPTED_SECRET_Unmarshal(TPM2B_ENCRYPTED_SECRET *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = UINT16_Unmarshal((UINT16 *)&(target->t.size), buffer, size); - if(result == TPM_RC_SUCCESS) - { - if((target->t.size) > sizeof(TPMU_ENCRYPTED_SECRET)) - result = TPM_RC_SIZE; - else - result = BYTE_Array_Unmarshal((BYTE *)(target->t.secret), buffer, size, (INT32)(target->t.size)); - } - return result; -} -UINT16 -TPM2B_ENCRYPTED_SECRET_Marshal(TPM2B_ENCRYPTED_SECRET *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->t.size), buffer, size)); - // if size equal to 0, the rest of the structure is a zero buffer. Stop processing - if(source->t.size == 0) - return result; - result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->t.secret), buffer, size, (INT32)(source->t.size))); - return result; -} - -// Table 2:188 - Definition of TPMI_ALG_PUBLIC Type -TPM_RC -TPMI_ALG_PUBLIC_Unmarshal(TPMI_ALG_PUBLIC *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = TPM_ALG_ID_Unmarshal((TPM_ALG_ID *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - switch (*target) - { -#if ALG_RSA - case ALG_RSA_VALUE: -#endif // ALG_RSA -#if ALG_ECC - case ALG_ECC_VALUE: -#endif // ALG_ECC -#if ALG_KEYEDHASH - case ALG_KEYEDHASH_VALUE: -#endif // ALG_KEYEDHASH -#if ALG_SYMCIPHER - case ALG_SYMCIPHER_VALUE: -#endif // ALG_SYMCIPHER - break; - default: - result = TPM_RC_TYPE; - break; - } - } - return result; -} -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_ALG_PUBLIC_Marshal(TPMI_ALG_PUBLIC *source, BYTE **buffer, INT32 *size) -{ - return TPM_ALG_ID_Marshal((TPM_ALG_ID *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:189 - Definition of TPMU_PUBLIC_ID Union -TPM_RC -TPMU_PUBLIC_ID_Unmarshal(TPMU_PUBLIC_ID *target, BYTE **buffer, INT32 *size, UINT32 selector) -{ - switch(selector) { -#if ALG_KEYEDHASH - case ALG_KEYEDHASH_VALUE: - return TPM2B_DIGEST_Unmarshal((TPM2B_DIGEST *)&(target->keyedHash), buffer, size); -#endif // ALG_KEYEDHASH -#if ALG_SYMCIPHER - case ALG_SYMCIPHER_VALUE: - return TPM2B_DIGEST_Unmarshal((TPM2B_DIGEST *)&(target->sym), buffer, size); -#endif // ALG_SYMCIPHER -#if ALG_RSA - case ALG_RSA_VALUE: - return TPM2B_PUBLIC_KEY_RSA_Unmarshal((TPM2B_PUBLIC_KEY_RSA *)&(target->rsa), buffer, size); -#endif // ALG_RSA -#if ALG_ECC - case ALG_ECC_VALUE: - return TPMS_ECC_POINT_Unmarshal((TPMS_ECC_POINT *)&(target->ecc), buffer, size); -#endif // ALG_ECC - } - return TPM_RC_SELECTOR; -} -UINT16 -TPMU_PUBLIC_ID_Marshal(TPMU_PUBLIC_ID *source, BYTE **buffer, INT32 *size, UINT32 selector) -{ - switch(selector) { -#if ALG_KEYEDHASH - case ALG_KEYEDHASH_VALUE: - return TPM2B_DIGEST_Marshal((TPM2B_DIGEST *)&(source->keyedHash), buffer, size); -#endif // ALG_KEYEDHASH -#if ALG_SYMCIPHER - case ALG_SYMCIPHER_VALUE: - return TPM2B_DIGEST_Marshal((TPM2B_DIGEST *)&(source->sym), buffer, size); -#endif // ALG_SYMCIPHER -#if ALG_RSA - case ALG_RSA_VALUE: - return TPM2B_PUBLIC_KEY_RSA_Marshal((TPM2B_PUBLIC_KEY_RSA *)&(source->rsa), buffer, size); -#endif // ALG_RSA -#if ALG_ECC - case ALG_ECC_VALUE: - return TPMS_ECC_POINT_Marshal((TPMS_ECC_POINT *)&(source->ecc), buffer, size); -#endif // ALG_ECC - } - return 0; -} - -// Table 2:190 - Definition of TPMS_KEYEDHASH_PARMS Structure -TPM_RC -TPMS_KEYEDHASH_PARMS_Unmarshal(TPMS_KEYEDHASH_PARMS *target, BYTE **buffer, INT32 *size) -{ - return TPMT_KEYEDHASH_SCHEME_Unmarshal((TPMT_KEYEDHASH_SCHEME *)&(target->scheme), buffer, size, 1); -} -UINT16 -TPMS_KEYEDHASH_PARMS_Marshal(TPMS_KEYEDHASH_PARMS *source, BYTE **buffer, INT32 *size) -{ - return TPMT_KEYEDHASH_SCHEME_Marshal((TPMT_KEYEDHASH_SCHEME *)&(source->scheme), buffer, size); -} - -// Table 2:191 - Definition of TPMS_ASYM_PARMS Structure -// Table 2:192 - Definition of TPMS_RSA_PARMS Structure -#if ALG_RSA -TPM_RC -TPMS_RSA_PARMS_Unmarshal(TPMS_RSA_PARMS *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = TPMT_SYM_DEF_OBJECT_Unmarshal((TPMT_SYM_DEF_OBJECT *)&(target->symmetric), buffer, size, 1); - if(result == TPM_RC_SUCCESS) - result = TPMT_RSA_SCHEME_Unmarshal((TPMT_RSA_SCHEME *)&(target->scheme), buffer, size, 1); - if(result == TPM_RC_SUCCESS) - result = TPMI_RSA_KEY_BITS_Unmarshal((TPMI_RSA_KEY_BITS *)&(target->keyBits), buffer, size); - if(result == TPM_RC_SUCCESS) - result = UINT32_Unmarshal((UINT32 *)&(target->exponent), buffer, size); - return result; -} -UINT16 -TPMS_RSA_PARMS_Marshal(TPMS_RSA_PARMS *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + TPMT_SYM_DEF_OBJECT_Marshal((TPMT_SYM_DEF_OBJECT *)&(source->symmetric), buffer, size)); - result = (UINT16)(result + TPMT_RSA_SCHEME_Marshal((TPMT_RSA_SCHEME *)&(source->scheme), buffer, size)); - result = (UINT16)(result + TPMI_RSA_KEY_BITS_Marshal((TPMI_RSA_KEY_BITS *)&(source->keyBits), buffer, size)); - result = (UINT16)(result + UINT32_Marshal((UINT32 *)&(source->exponent), buffer, size)); - return result; -} -#endif // ALG_RSA - -// Table 2:193 - Definition of TPMS_ECC_PARMS Structure -#if ALG_ECC -TPM_RC -TPMS_ECC_PARMS_Unmarshal(TPMS_ECC_PARMS *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = TPMT_SYM_DEF_OBJECT_Unmarshal((TPMT_SYM_DEF_OBJECT *)&(target->symmetric), buffer, size, 1); - if(result == TPM_RC_SUCCESS) - result = TPMT_ECC_SCHEME_Unmarshal((TPMT_ECC_SCHEME *)&(target->scheme), buffer, size, 1); - if(result == TPM_RC_SUCCESS) - result = TPMI_ECC_CURVE_Unmarshal((TPMI_ECC_CURVE *)&(target->curveID), buffer, size); - if(result == TPM_RC_SUCCESS) - result = TPMT_KDF_SCHEME_Unmarshal((TPMT_KDF_SCHEME *)&(target->kdf), buffer, size, 1); - return result; -} -UINT16 -TPMS_ECC_PARMS_Marshal(TPMS_ECC_PARMS *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + TPMT_SYM_DEF_OBJECT_Marshal((TPMT_SYM_DEF_OBJECT *)&(source->symmetric), buffer, size)); - result = (UINT16)(result + TPMT_ECC_SCHEME_Marshal((TPMT_ECC_SCHEME *)&(source->scheme), buffer, size)); - result = (UINT16)(result + TPMI_ECC_CURVE_Marshal((TPMI_ECC_CURVE *)&(source->curveID), buffer, size)); - result = (UINT16)(result + TPMT_KDF_SCHEME_Marshal((TPMT_KDF_SCHEME *)&(source->kdf), buffer, size)); - return result; -} -#endif // ALG_ECC - -// Table 2:194 - Definition of TPMU_PUBLIC_PARMS Union -TPM_RC -TPMU_PUBLIC_PARMS_Unmarshal(TPMU_PUBLIC_PARMS *target, BYTE **buffer, INT32 *size, UINT32 selector) -{ - switch(selector) { -#if ALG_KEYEDHASH - case ALG_KEYEDHASH_VALUE: - return TPMS_KEYEDHASH_PARMS_Unmarshal((TPMS_KEYEDHASH_PARMS *)&(target->keyedHashDetail), buffer, size); -#endif // ALG_KEYEDHASH -#if ALG_SYMCIPHER - case ALG_SYMCIPHER_VALUE: - return TPMS_SYMCIPHER_PARMS_Unmarshal((TPMS_SYMCIPHER_PARMS *)&(target->symDetail), buffer, size); -#endif // ALG_SYMCIPHER -#if ALG_RSA - case ALG_RSA_VALUE: - return TPMS_RSA_PARMS_Unmarshal((TPMS_RSA_PARMS *)&(target->rsaDetail), buffer, size); -#endif // ALG_RSA -#if ALG_ECC - case ALG_ECC_VALUE: - return TPMS_ECC_PARMS_Unmarshal((TPMS_ECC_PARMS *)&(target->eccDetail), buffer, size); -#endif // ALG_ECC - } - return TPM_RC_SELECTOR; -} -UINT16 -TPMU_PUBLIC_PARMS_Marshal(TPMU_PUBLIC_PARMS *source, BYTE **buffer, INT32 *size, UINT32 selector) -{ - switch(selector) { -#if ALG_KEYEDHASH - case ALG_KEYEDHASH_VALUE: - return TPMS_KEYEDHASH_PARMS_Marshal((TPMS_KEYEDHASH_PARMS *)&(source->keyedHashDetail), buffer, size); -#endif // ALG_KEYEDHASH -#if ALG_SYMCIPHER - case ALG_SYMCIPHER_VALUE: - return TPMS_SYMCIPHER_PARMS_Marshal((TPMS_SYMCIPHER_PARMS *)&(source->symDetail), buffer, size); -#endif // ALG_SYMCIPHER -#if ALG_RSA - case ALG_RSA_VALUE: - return TPMS_RSA_PARMS_Marshal((TPMS_RSA_PARMS *)&(source->rsaDetail), buffer, size); -#endif // ALG_RSA -#if ALG_ECC - case ALG_ECC_VALUE: - return TPMS_ECC_PARMS_Marshal((TPMS_ECC_PARMS *)&(source->eccDetail), buffer, size); -#endif // ALG_ECC - } - return 0; -} - -// Table 2:195 - Definition of TPMT_PUBLIC_PARMS Structure -TPM_RC -TPMT_PUBLIC_PARMS_Unmarshal(TPMT_PUBLIC_PARMS *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = TPMI_ALG_PUBLIC_Unmarshal((TPMI_ALG_PUBLIC *)&(target->type), buffer, size); - if(result == TPM_RC_SUCCESS) - result = TPMU_PUBLIC_PARMS_Unmarshal((TPMU_PUBLIC_PARMS *)&(target->parameters), buffer, size, (UINT32)target->type); - return result; -} -UINT16 -TPMT_PUBLIC_PARMS_Marshal(TPMT_PUBLIC_PARMS *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + TPMI_ALG_PUBLIC_Marshal((TPMI_ALG_PUBLIC *)&(source->type), buffer, size)); - result = (UINT16)(result + TPMU_PUBLIC_PARMS_Marshal((TPMU_PUBLIC_PARMS *)&(source->parameters), buffer, size, (UINT32)source->type)); - return result; -} - -// Table 2:196 - Definition of TPMT_PUBLIC Structure -TPM_RC -TPMT_PUBLIC_Unmarshal(TPMT_PUBLIC *target, BYTE **buffer, INT32 *size, BOOL flag) -{ - TPM_RC result; - result = TPMI_ALG_PUBLIC_Unmarshal((TPMI_ALG_PUBLIC *)&(target->type), buffer, size); - if(result == TPM_RC_SUCCESS) - result = TPMI_ALG_HASH_Unmarshal((TPMI_ALG_HASH *)&(target->nameAlg), buffer, size, flag); - if(result == TPM_RC_SUCCESS) - result = TPMA_OBJECT_Unmarshal((TPMA_OBJECT *)&(target->objectAttributes), buffer, size); - if(result == TPM_RC_SUCCESS) - result = TPM2B_DIGEST_Unmarshal((TPM2B_DIGEST *)&(target->authPolicy), buffer, size); - if(result == TPM_RC_SUCCESS) - result = TPMU_PUBLIC_PARMS_Unmarshal((TPMU_PUBLIC_PARMS *)&(target->parameters), buffer, size, (UINT32)target->type); - if(result == TPM_RC_SUCCESS) - result = TPMU_PUBLIC_ID_Unmarshal((TPMU_PUBLIC_ID *)&(target->unique), buffer, size, (UINT32)target->type); - return result; -} -UINT16 -TPMT_PUBLIC_Marshal(TPMT_PUBLIC *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + TPMI_ALG_PUBLIC_Marshal((TPMI_ALG_PUBLIC *)&(source->type), buffer, size)); - result = (UINT16)(result + TPMI_ALG_HASH_Marshal((TPMI_ALG_HASH *)&(source->nameAlg), buffer, size)); - result = (UINT16)(result + TPMA_OBJECT_Marshal((TPMA_OBJECT *)&(source->objectAttributes), buffer, size)); - result = (UINT16)(result + TPM2B_DIGEST_Marshal((TPM2B_DIGEST *)&(source->authPolicy), buffer, size)); - result = (UINT16)(result + TPMU_PUBLIC_PARMS_Marshal((TPMU_PUBLIC_PARMS *)&(source->parameters), buffer, size, (UINT32)source->type)); - result = (UINT16)(result + TPMU_PUBLIC_ID_Marshal((TPMU_PUBLIC_ID *)&(source->unique), buffer, size, (UINT32)source->type)); - return result; -} - -// Table 2:197 - Definition of TPM2B_PUBLIC Structure -TPM_RC -TPM2B_PUBLIC_Unmarshal(TPM2B_PUBLIC *target, BYTE **buffer, INT32 *size, BOOL flag) -{ - TPM_RC result; - result = UINT16_Unmarshal((UINT16 *)&(target->size), buffer, size); // =a - if(result == TPM_RC_SUCCESS) - { - // if size is zero, then the required structure is missing - if(target->size == 0) - result = TPM_RC_SIZE; - else - { - INT32 startSize = *size; - result = TPMT_PUBLIC_Unmarshal((TPMT_PUBLIC *)&(target->publicArea), buffer, size, flag); // =b - if(result == TPM_RC_SUCCESS) - { - if(target->size != (startSize - *size)) - result = TPM_RC_SIZE; - } - } - } - return result; -} -UINT16 -TPM2B_PUBLIC_Marshal(TPM2B_PUBLIC *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - // Marshal a dummy value of the 2B size. This makes sure that 'buffer' - // and 'size' are advanced as necessary (i.e., if they are present) - result = UINT16_Marshal(&result, buffer, size); - // Marshal the structure - result = (UINT16)(result + TPMT_PUBLIC_Marshal((TPMT_PUBLIC *)&(source->publicArea), buffer, size)); - // if a buffer was provided, go back and fill in the actual size - if(buffer != NULL) - UINT16_TO_BYTE_ARRAY((result - 2), (*buffer - result)); - return result; -} - -// Table 2:198 - Definition of TPM2B_TEMPLATE Structure -TPM_RC -TPM2B_TEMPLATE_Unmarshal(TPM2B_TEMPLATE *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = UINT16_Unmarshal((UINT16 *)&(target->t.size), buffer, size); - if(result == TPM_RC_SUCCESS) - { - if((target->t.size) > sizeof(TPMT_PUBLIC)) - result = TPM_RC_SIZE; - else - result = BYTE_Array_Unmarshal((BYTE *)(target->t.buffer), buffer, size, (INT32)(target->t.size)); - } - return result; -} -UINT16 -TPM2B_TEMPLATE_Marshal(TPM2B_TEMPLATE *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->t.size), buffer, size)); - // if size equal to 0, the rest of the structure is a zero buffer. Stop processing - if(source->t.size == 0) - return result; - result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->t.buffer), buffer, size, (INT32)(source->t.size))); - return result; -} - -// Table 2:199 - Definition of TPM2B_PRIVATE_VENDOR_SPECIFIC Structure -TPM_RC -TPM2B_PRIVATE_VENDOR_SPECIFIC_Unmarshal(TPM2B_PRIVATE_VENDOR_SPECIFIC *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = UINT16_Unmarshal((UINT16 *)&(target->t.size), buffer, size); - if(result == TPM_RC_SUCCESS) - { - if((target->t.size) > PRIVATE_VENDOR_SPECIFIC_BYTES) - result = TPM_RC_SIZE; - else - result = BYTE_Array_Unmarshal((BYTE *)(target->t.buffer), buffer, size, (INT32)(target->t.size)); - } - return result; -} -UINT16 -TPM2B_PRIVATE_VENDOR_SPECIFIC_Marshal(TPM2B_PRIVATE_VENDOR_SPECIFIC *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->t.size), buffer, size)); - // if size equal to 0, the rest of the structure is a zero buffer. Stop processing - if(source->t.size == 0) - return result; - result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->t.buffer), buffer, size, (INT32)(source->t.size))); - return result; -} - -// Table 2:200 - Definition of TPMU_SENSITIVE_COMPOSITE Union -TPM_RC -TPMU_SENSITIVE_COMPOSITE_Unmarshal(TPMU_SENSITIVE_COMPOSITE *target, BYTE **buffer, INT32 *size, UINT32 selector) -{ - switch(selector) { -#if ALG_RSA - case ALG_RSA_VALUE: - return TPM2B_PRIVATE_KEY_RSA_Unmarshal((TPM2B_PRIVATE_KEY_RSA *)&(target->rsa), buffer, size); -#endif // ALG_RSA -#if ALG_ECC - case ALG_ECC_VALUE: - return TPM2B_ECC_PARAMETER_Unmarshal((TPM2B_ECC_PARAMETER *)&(target->ecc), buffer, size); -#endif // ALG_ECC -#if ALG_KEYEDHASH - case ALG_KEYEDHASH_VALUE: - return TPM2B_SENSITIVE_DATA_Unmarshal((TPM2B_SENSITIVE_DATA *)&(target->bits), buffer, size); -#endif // ALG_KEYEDHASH -#if ALG_SYMCIPHER - case ALG_SYMCIPHER_VALUE: - return TPM2B_SYM_KEY_Unmarshal((TPM2B_SYM_KEY *)&(target->sym), buffer, size); -#endif // ALG_SYMCIPHER - } - return TPM_RC_SELECTOR; -} -UINT16 -TPMU_SENSITIVE_COMPOSITE_Marshal(TPMU_SENSITIVE_COMPOSITE *source, BYTE **buffer, INT32 *size, UINT32 selector) -{ - switch(selector) { -#if ALG_RSA - case ALG_RSA_VALUE: - return TPM2B_PRIVATE_KEY_RSA_Marshal((TPM2B_PRIVATE_KEY_RSA *)&(source->rsa), buffer, size); -#endif // ALG_RSA -#if ALG_ECC - case ALG_ECC_VALUE: - return TPM2B_ECC_PARAMETER_Marshal((TPM2B_ECC_PARAMETER *)&(source->ecc), buffer, size); -#endif // ALG_ECC -#if ALG_KEYEDHASH - case ALG_KEYEDHASH_VALUE: - return TPM2B_SENSITIVE_DATA_Marshal((TPM2B_SENSITIVE_DATA *)&(source->bits), buffer, size); -#endif // ALG_KEYEDHASH -#if ALG_SYMCIPHER - case ALG_SYMCIPHER_VALUE: - return TPM2B_SYM_KEY_Marshal((TPM2B_SYM_KEY *)&(source->sym), buffer, size); -#endif // ALG_SYMCIPHER - } - return 0; -} - -// Table 2:201 - Definition of TPMT_SENSITIVE Structure -TPM_RC -TPMT_SENSITIVE_Unmarshal(TPMT_SENSITIVE *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = TPMI_ALG_PUBLIC_Unmarshal((TPMI_ALG_PUBLIC *)&(target->sensitiveType), buffer, size); - if(result == TPM_RC_SUCCESS) - result = TPM2B_AUTH_Unmarshal((TPM2B_AUTH *)&(target->authValue), buffer, size); - if(result == TPM_RC_SUCCESS) - result = TPM2B_DIGEST_Unmarshal((TPM2B_DIGEST *)&(target->seedValue), buffer, size); - if(result == TPM_RC_SUCCESS) - result = TPMU_SENSITIVE_COMPOSITE_Unmarshal((TPMU_SENSITIVE_COMPOSITE *)&(target->sensitive), buffer, size, (UINT32)target->sensitiveType); - return result; -} -UINT16 -TPMT_SENSITIVE_Marshal(TPMT_SENSITIVE *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + TPMI_ALG_PUBLIC_Marshal((TPMI_ALG_PUBLIC *)&(source->sensitiveType), buffer, size)); - result = (UINT16)(result + TPM2B_AUTH_Marshal((TPM2B_AUTH *)&(source->authValue), buffer, size)); - result = (UINT16)(result + TPM2B_DIGEST_Marshal((TPM2B_DIGEST *)&(source->seedValue), buffer, size)); - result = (UINT16)(result + TPMU_SENSITIVE_COMPOSITE_Marshal((TPMU_SENSITIVE_COMPOSITE *)&(source->sensitive), buffer, size, (UINT32)source->sensitiveType)); - return result; -} - -// Table 2:202 - Definition of TPM2B_SENSITIVE Structure -TPM_RC -TPM2B_SENSITIVE_Unmarshal(TPM2B_SENSITIVE *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = UINT16_Unmarshal((UINT16 *)&(target->size), buffer, size); // =a - // if there was an error or if target->size equal to 0, - // skip unmarshaling of the structure - if((result == TPM_RC_SUCCESS) && (target->size != 0)) - { - INT32 startSize = *size; - result = TPMT_SENSITIVE_Unmarshal((TPMT_SENSITIVE *)&(target->sensitiveArea), buffer, size); // =b - if(result == TPM_RC_SUCCESS) - { - if(target->size != (startSize - *size)) - result = TPM_RC_SIZE; - } - } - return result; -} -UINT16 -TPM2B_SENSITIVE_Marshal(TPM2B_SENSITIVE *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - // Marshal a dummy value of the 2B size. This makes sure that 'buffer' - // and 'size' are advanced as necessary (i.e., if they are present) - result = UINT16_Marshal(&result, buffer, size); - // Marshal the structure - result = (UINT16)(result + TPMT_SENSITIVE_Marshal((TPMT_SENSITIVE *)&(source->sensitiveArea), buffer, size)); - // if a buffer was provided, go back and fill in the actual size - if(buffer != NULL) - UINT16_TO_BYTE_ARRAY((result - 2), (*buffer - result)); - return result; -} - -// Table 2:203 - Definition of _PRIVATE Structure -// Table 2:204 - Definition of TPM2B_PRIVATE Structure -TPM_RC -TPM2B_PRIVATE_Unmarshal(TPM2B_PRIVATE *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = UINT16_Unmarshal((UINT16 *)&(target->t.size), buffer, size); - if(result == TPM_RC_SUCCESS) - { - if((target->t.size) > sizeof(_PRIVATE)) - result = TPM_RC_SIZE; - else - result = BYTE_Array_Unmarshal((BYTE *)(target->t.buffer), buffer, size, (INT32)(target->t.size)); - } - return result; -} -UINT16 -TPM2B_PRIVATE_Marshal(TPM2B_PRIVATE *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->t.size), buffer, size)); - // if size equal to 0, the rest of the structure is a zero buffer. Stop processing - if(source->t.size == 0) - return result; - result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->t.buffer), buffer, size, (INT32)(source->t.size))); - return result; -} - -// Table 2:205 - Definition of TPMS_ID_OBJECT Structure -// Table 2:206 - Definition of TPM2B_ID_OBJECT Structure -TPM_RC -TPM2B_ID_OBJECT_Unmarshal(TPM2B_ID_OBJECT *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = UINT16_Unmarshal((UINT16 *)&(target->t.size), buffer, size); - if(result == TPM_RC_SUCCESS) - { - if((target->t.size) > sizeof(TPMS_ID_OBJECT)) - result = TPM_RC_SIZE; - else - result = BYTE_Array_Unmarshal((BYTE *)(target->t.credential), buffer, size, (INT32)(target->t.size)); - } - return result; -} -UINT16 -TPM2B_ID_OBJECT_Marshal(TPM2B_ID_OBJECT *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->t.size), buffer, size)); - // if size equal to 0, the rest of the structure is a zero buffer. Stop processing - if(source->t.size == 0) - return result; - result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->t.credential), buffer, size, (INT32)(source->t.size))); - return result; -} - -// Table 2:207 - Definition of TPM_NV_INDEX Bits -#if !USE_MARSHALING_DEFINES -UINT16 -TPM_NV_INDEX_Marshal(TPM_NV_INDEX *source, BYTE **buffer, INT32 *size) -{ - return UINT32_Marshal((UINT32 *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:208 - Definition of TPM_NT Constants -// Table 2:209 - Definition of TPMS_NV_PIN_COUNTER_PARAMETERS Structure -TPM_RC -TPMS_NV_PIN_COUNTER_PARAMETERS_Unmarshal(TPMS_NV_PIN_COUNTER_PARAMETERS *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = UINT32_Unmarshal((UINT32 *)&(target->pinCount), buffer, size); - if(result == TPM_RC_SUCCESS) - result = UINT32_Unmarshal((UINT32 *)&(target->pinLimit), buffer, size); - return result; -} -UINT16 -TPMS_NV_PIN_COUNTER_PARAMETERS_Marshal(TPMS_NV_PIN_COUNTER_PARAMETERS *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + UINT32_Marshal((UINT32 *)&(source->pinCount), buffer, size)); - result = (UINT16)(result + UINT32_Marshal((UINT32 *)&(source->pinLimit), buffer, size)); - return result; -} - -// Table 2:210 - Definition of TPMA_NV Bits -TPM_RC -TPMA_NV_Unmarshal(TPMA_NV *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = UINT32_Unmarshal((UINT32 *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - if(*((UINT32 *)target) & (UINT32)0x01f00300) - result = TPM_RC_RESERVED_BITS; - } - return result; -} - -#if !USE_MARSHALING_DEFINES -UINT16 -TPMA_NV_Marshal(TPMA_NV *source, BYTE **buffer, INT32 *size) -{ - return UINT32_Marshal((UINT32 *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:211 - Definition of TPMS_NV_PUBLIC Structure -TPM_RC -TPMS_NV_PUBLIC_Unmarshal(TPMS_NV_PUBLIC *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = TPMI_RH_NV_INDEX_Unmarshal((TPMI_RH_NV_INDEX *)&(target->nvIndex), buffer, size); - if(result == TPM_RC_SUCCESS) - result = TPMI_ALG_HASH_Unmarshal((TPMI_ALG_HASH *)&(target->nameAlg), buffer, size, 0); - if(result == TPM_RC_SUCCESS) - result = TPMA_NV_Unmarshal((TPMA_NV *)&(target->attributes), buffer, size); - if(result == TPM_RC_SUCCESS) - result = TPM2B_DIGEST_Unmarshal((TPM2B_DIGEST *)&(target->authPolicy), buffer, size); - if(result == TPM_RC_SUCCESS) - result = UINT16_Unmarshal((UINT16 *)&(target->dataSize), buffer, size); - if( (result == TPM_RC_SUCCESS) - && (target->dataSize > MAX_NV_INDEX_SIZE)) - result = TPM_RC_SIZE; - return result; -} -UINT16 -TPMS_NV_PUBLIC_Marshal(TPMS_NV_PUBLIC *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + TPMI_RH_NV_INDEX_Marshal((TPMI_RH_NV_INDEX *)&(source->nvIndex), buffer, size)); - result = (UINT16)(result + TPMI_ALG_HASH_Marshal((TPMI_ALG_HASH *)&(source->nameAlg), buffer, size)); - result = (UINT16)(result + TPMA_NV_Marshal((TPMA_NV *)&(source->attributes), buffer, size)); - result = (UINT16)(result + TPM2B_DIGEST_Marshal((TPM2B_DIGEST *)&(source->authPolicy), buffer, size)); - result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->dataSize), buffer, size)); - return result; -} - -// Table 2:212 - Definition of TPM2B_NV_PUBLIC Structure -TPM_RC -TPM2B_NV_PUBLIC_Unmarshal(TPM2B_NV_PUBLIC *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = UINT16_Unmarshal((UINT16 *)&(target->size), buffer, size); // =a - if(result == TPM_RC_SUCCESS) - { - // if size is zero, then the required structure is missing - if(target->size == 0) - result = TPM_RC_SIZE; - else - { - INT32 startSize = *size; - result = TPMS_NV_PUBLIC_Unmarshal((TPMS_NV_PUBLIC *)&(target->nvPublic), buffer, size); // =b - if(result == TPM_RC_SUCCESS) - { - if(target->size != (startSize - *size)) - result = TPM_RC_SIZE; - } - } - } - return result; -} -UINT16 -TPM2B_NV_PUBLIC_Marshal(TPM2B_NV_PUBLIC *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - // Marshal a dummy value of the 2B size. This makes sure that 'buffer' - // and 'size' are advanced as necessary (i.e., if they are present) - result = UINT16_Marshal(&result, buffer, size); - // Marshal the structure - result = (UINT16)(result + TPMS_NV_PUBLIC_Marshal((TPMS_NV_PUBLIC *)&(source->nvPublic), buffer, size)); - // if a buffer was provided, go back and fill in the actual size - if(buffer != NULL) - UINT16_TO_BYTE_ARRAY((result - 2), (*buffer - result)); - return result; -} - -// Table 2:213 - Definition of TPM2B_CONTEXT_SENSITIVE Structure -TPM_RC -TPM2B_CONTEXT_SENSITIVE_Unmarshal(TPM2B_CONTEXT_SENSITIVE *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = UINT16_Unmarshal((UINT16 *)&(target->t.size), buffer, size); - if(result == TPM_RC_SUCCESS) - { - if((target->t.size) > MAX_CONTEXT_SIZE) - result = TPM_RC_SIZE; - else - result = BYTE_Array_Unmarshal((BYTE *)(target->t.buffer), buffer, size, (INT32)(target->t.size)); - } - return result; -} -UINT16 -TPM2B_CONTEXT_SENSITIVE_Marshal(TPM2B_CONTEXT_SENSITIVE *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->t.size), buffer, size)); - // if size equal to 0, the rest of the structure is a zero buffer. Stop processing - if(source->t.size == 0) - return result; - result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->t.buffer), buffer, size, (INT32)(source->t.size))); - return result; -} - -// Table 2:214 - Definition of TPMS_CONTEXT_DATA Structure -TPM_RC -TPMS_CONTEXT_DATA_Unmarshal(TPMS_CONTEXT_DATA *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = TPM2B_DIGEST_Unmarshal((TPM2B_DIGEST *)&(target->integrity), buffer, size); - if(result == TPM_RC_SUCCESS) - result = TPM2B_CONTEXT_SENSITIVE_Unmarshal((TPM2B_CONTEXT_SENSITIVE *)&(target->encrypted), buffer, size); - return result; -} -UINT16 -TPMS_CONTEXT_DATA_Marshal(TPMS_CONTEXT_DATA *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + TPM2B_DIGEST_Marshal((TPM2B_DIGEST *)&(source->integrity), buffer, size)); - result = (UINT16)(result + TPM2B_CONTEXT_SENSITIVE_Marshal((TPM2B_CONTEXT_SENSITIVE *)&(source->encrypted), buffer, size)); - return result; -} - -// Table 2:215 - Definition of TPM2B_CONTEXT_DATA Structure -TPM_RC -TPM2B_CONTEXT_DATA_Unmarshal(TPM2B_CONTEXT_DATA *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = UINT16_Unmarshal((UINT16 *)&(target->t.size), buffer, size); - if(result == TPM_RC_SUCCESS) - { - if((target->t.size) > sizeof(TPMS_CONTEXT_DATA)) - result = TPM_RC_SIZE; - else - result = BYTE_Array_Unmarshal((BYTE *)(target->t.buffer), buffer, size, (INT32)(target->t.size)); - } - return result; -} -UINT16 -TPM2B_CONTEXT_DATA_Marshal(TPM2B_CONTEXT_DATA *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->t.size), buffer, size)); - // if size equal to 0, the rest of the structure is a zero buffer. Stop processing - if(source->t.size == 0) - return result; - result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->t.buffer), buffer, size, (INT32)(source->t.size))); - return result; -} - -// Table 2:216 - Definition of TPMS_CONTEXT Structure -TPM_RC -TPMS_CONTEXT_Unmarshal(TPMS_CONTEXT *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = UINT64_Unmarshal((UINT64 *)&(target->sequence), buffer, size); - if(result == TPM_RC_SUCCESS) - result = TPMI_DH_SAVED_Unmarshal((TPMI_DH_SAVED *)&(target->savedHandle), buffer, size); - if(result == TPM_RC_SUCCESS) - result = TPMI_RH_HIERARCHY_Unmarshal((TPMI_RH_HIERARCHY *)&(target->hierarchy), buffer, size, 1); - if(result == TPM_RC_SUCCESS) - result = TPM2B_CONTEXT_DATA_Unmarshal((TPM2B_CONTEXT_DATA *)&(target->contextBlob), buffer, size); - return result; -} -UINT16 -TPMS_CONTEXT_Marshal(TPMS_CONTEXT *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + UINT64_Marshal((UINT64 *)&(source->sequence), buffer, size)); - result = (UINT16)(result + TPMI_DH_SAVED_Marshal((TPMI_DH_SAVED *)&(source->savedHandle), buffer, size)); - result = (UINT16)(result + TPMI_RH_HIERARCHY_Marshal((TPMI_RH_HIERARCHY *)&(source->hierarchy), buffer, size)); - result = (UINT16)(result + TPM2B_CONTEXT_DATA_Marshal((TPM2B_CONTEXT_DATA *)&(source->contextBlob), buffer, size)); - return result; -} - -// Table 2:218 - Definition of TPMS_CREATION_DATA Structure -UINT16 -TPMS_CREATION_DATA_Marshal(TPMS_CREATION_DATA *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + TPML_PCR_SELECTION_Marshal((TPML_PCR_SELECTION *)&(source->pcrSelect), buffer, size)); - result = (UINT16)(result + TPM2B_DIGEST_Marshal((TPM2B_DIGEST *)&(source->pcrDigest), buffer, size)); - result = (UINT16)(result + TPMA_LOCALITY_Marshal((TPMA_LOCALITY *)&(source->locality), buffer, size)); - result = (UINT16)(result + TPM_ALG_ID_Marshal((TPM_ALG_ID *)&(source->parentNameAlg), buffer, size)); - result = (UINT16)(result + TPM2B_NAME_Marshal((TPM2B_NAME *)&(source->parentName), buffer, size)); - result = (UINT16)(result + TPM2B_NAME_Marshal((TPM2B_NAME *)&(source->parentQualifiedName), buffer, size)); - result = (UINT16)(result + TPM2B_DATA_Marshal((TPM2B_DATA *)&(source->outsideInfo), buffer, size)); - return result; -} - -// Table 2:219 - Definition of TPM2B_CREATION_DATA Structure -UINT16 -TPM2B_CREATION_DATA_Marshal(TPM2B_CREATION_DATA *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - // Marshal a dummy value of the 2B size. This makes sure that 'buffer' - // and 'size' are advanced as necessary (i.e., if they are present) - result = UINT16_Marshal(&result, buffer, size); - // Marshal the structure - result = (UINT16)(result + TPMS_CREATION_DATA_Marshal((TPMS_CREATION_DATA *)&(source->creationData), buffer, size)); - // if a buffer was provided, go back and fill in the actual size - if(buffer != NULL) - UINT16_TO_BYTE_ARRAY((result - 2), (*buffer - result)); - return result; -} - -// Table 2:220 - Definition of TPM_AT Constants -TPM_RC -TPM_AT_Unmarshal(TPM_AT *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = UINT32_Unmarshal((UINT32 *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - switch(*target) - { - case TPM_AT_ANY : - case TPM_AT_ERROR : - case TPM_AT_PV1 : - case TPM_AT_VEND : - break; - default : - result = TPM_RC_VALUE; - break; - } - } - return result; -} -#if !USE_MARSHALING_DEFINES -UINT16 -TPM_AT_Marshal(TPM_AT *source, BYTE **buffer, INT32 *size) -{ - return UINT32_Marshal((UINT32 *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:221 - Definition of TPM_AE Constants -#if !USE_MARSHALING_DEFINES -UINT16 -TPM_AE_Marshal(TPM_AE *source, BYTE **buffer, INT32 *size) -{ - return UINT32_Marshal((UINT32 *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:222 - Definition of TPMS_AC_OUTPUT Structure -UINT16 -TPMS_AC_OUTPUT_Marshal(TPMS_AC_OUTPUT *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + TPM_AT_Marshal((TPM_AT *)&(source->tag), buffer, size)); - result = (UINT16)(result + UINT32_Marshal((UINT32 *)&(source->data), buffer, size)); - return result; -} - -// Table 2:223 - Definition of TPML_AC_CAPABILITIES Structure -UINT16 -TPML_AC_CAPABILITIES_Marshal(TPML_AC_CAPABILITIES *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + UINT32_Marshal((UINT32 *)&(source->count), buffer, size)); - result = (UINT16)(result + TPMS_AC_OUTPUT_Array_Marshal((TPMS_AC_OUTPUT *)(source->acCapabilities), buffer, size, (INT32)(source->count))); - return result; -} - -// Array Marshal/Unmarshal for BYTE -TPM_RC -BYTE_Array_Unmarshal(BYTE *target, BYTE **buffer, INT32 *size, INT32 count) -{ - if(*size < count) - return TPM_RC_INSUFFICIENT; - memcpy(target, *buffer, count); - *size -= count; - *buffer += count; - return TPM_RC_SUCCESS; -} -UINT16 -BYTE_Array_Marshal(BYTE *source, BYTE **buffer, INT32 *size, INT32 count) -{ - if (buffer != 0) - { - if ((size == 0) || ((*size -= count) >= 0)) - { - memcpy(*buffer, source, count); - *buffer += count; - } - pAssert(size == 0 || (*size >= 0)); - } - pAssert(count < INT16_MAX); - return ((UINT16)count); -} - -// Array Marshal/Unmarshal for TPM2B_DIGEST -TPM_RC -TPM2B_DIGEST_Array_Unmarshal(TPM2B_DIGEST *target, BYTE **buffer, INT32 *size, INT32 count) -{ - TPM_RC result; - INT32 i; - for(result = TPM_RC_SUCCESS, i = 0; - ((result == TPM_RC_SUCCESS) && (i < count)); i++) - { - result = TPM2B_DIGEST_Unmarshal(&target[i], buffer, size); - } - return result; -} -UINT16 -TPM2B_DIGEST_Array_Marshal(TPM2B_DIGEST *source, BYTE **buffer, INT32 *size, INT32 count) -{ - UINT16 result = 0; - INT32 i; - for(i = 0; i < count; i++) - { - result = (UINT16)(result + TPM2B_DIGEST_Marshal(&source[i], buffer, size)); - } - return result; -} - -// Array Marshal for TPMA_CC -UINT16 -TPMA_CC_Array_Marshal(TPMA_CC *source, BYTE **buffer, INT32 *size, INT32 count) -{ - UINT16 result = 0; - INT32 i; - for(i = 0; i < count; i++) - { - result = (UINT16)(result + TPMA_CC_Marshal(&source[i], buffer, size)); - } - return result; -} - -// Array Marshal for TPMS_AC_OUTPUT -UINT16 -TPMS_AC_OUTPUT_Array_Marshal(TPMS_AC_OUTPUT *source, BYTE **buffer, INT32 *size, INT32 count) -{ - UINT16 result = 0; - INT32 i; - for(i = 0; i < count; i++) - { - result = (UINT16)(result + TPMS_AC_OUTPUT_Marshal(&source[i], buffer, size)); - } - return result; -} - -// Array Marshal for TPMS_ALG_PROPERTY -UINT16 -TPMS_ALG_PROPERTY_Array_Marshal(TPMS_ALG_PROPERTY *source, BYTE **buffer, INT32 *size, INT32 count) -{ - UINT16 result = 0; - INT32 i; - for(i = 0; i < count; i++) - { - result = (UINT16)(result + TPMS_ALG_PROPERTY_Marshal(&source[i], buffer, size)); - } - return result; -} - -// Array Marshal/Unmarshal for TPMS_PCR_SELECTION -TPM_RC -TPMS_PCR_SELECTION_Array_Unmarshal(TPMS_PCR_SELECTION *target, BYTE **buffer, INT32 *size, INT32 count) -{ - TPM_RC result; - INT32 i; - for(result = TPM_RC_SUCCESS, i = 0; - ((result == TPM_RC_SUCCESS) && (i < count)); i++) - { - result = TPMS_PCR_SELECTION_Unmarshal(&target[i], buffer, size); - } - return result; -} -UINT16 -TPMS_PCR_SELECTION_Array_Marshal(TPMS_PCR_SELECTION *source, BYTE **buffer, INT32 *size, INT32 count) -{ - UINT16 result = 0; - INT32 i; - for(i = 0; i < count; i++) - { - result = (UINT16)(result + TPMS_PCR_SELECTION_Marshal(&source[i], buffer, size)); - } - return result; -} - -// Array Marshal for TPMS_TAGGED_PCR_SELECT -UINT16 -TPMS_TAGGED_PCR_SELECT_Array_Marshal(TPMS_TAGGED_PCR_SELECT *source, BYTE **buffer, INT32 *size, INT32 count) -{ - UINT16 result = 0; - INT32 i; - for(i = 0; i < count; i++) - { - result = (UINT16)(result + TPMS_TAGGED_PCR_SELECT_Marshal(&source[i], buffer, size)); - } - return result; -} - -// Array Marshal for TPMS_TAGGED_POLICY -UINT16 -TPMS_TAGGED_POLICY_Array_Marshal(TPMS_TAGGED_POLICY *source, BYTE **buffer, INT32 *size, INT32 count) -{ - UINT16 result = 0; - INT32 i; - for(i = 0; i < count; i++) - { - result = (UINT16)(result + TPMS_TAGGED_POLICY_Marshal(&source[i], buffer, size)); - } - return result; -} - -// Array Marshal for TPMS_TAGGED_PROPERTY -UINT16 -TPMS_TAGGED_PROPERTY_Array_Marshal(TPMS_TAGGED_PROPERTY *source, BYTE **buffer, INT32 *size, INT32 count) -{ - UINT16 result = 0; - INT32 i; - for(i = 0; i < count; i++) - { - result = (UINT16)(result + TPMS_TAGGED_PROPERTY_Marshal(&source[i], buffer, size)); - } - return result; -} - -// Array Marshal/Unmarshal for TPMT_HA -TPM_RC -TPMT_HA_Array_Unmarshal(TPMT_HA *target, BYTE **buffer, INT32 *size, BOOL flag, INT32 count) -{ - TPM_RC result; - INT32 i; - for(result = TPM_RC_SUCCESS, i = 0; - ((result == TPM_RC_SUCCESS) && (i < count)); i++) - { - result = TPMT_HA_Unmarshal(&target[i], buffer, size, flag); - } - return result; -} -UINT16 -TPMT_HA_Array_Marshal(TPMT_HA *source, BYTE **buffer, INT32 *size, INT32 count) -{ - UINT16 result = 0; - INT32 i; - for(i = 0; i < count; i++) - { - result = (UINT16)(result + TPMT_HA_Marshal(&source[i], buffer, size)); - } - return result; -} - -// Array Marshal/Unmarshal for TPM_ALG_ID -TPM_RC -TPM_ALG_ID_Array_Unmarshal(TPM_ALG_ID *target, BYTE **buffer, INT32 *size, INT32 count) -{ - TPM_RC result; - INT32 i; - for(result = TPM_RC_SUCCESS, i = 0; - ((result == TPM_RC_SUCCESS) && (i < count)); i++) - { - result = TPM_ALG_ID_Unmarshal(&target[i], buffer, size); - } - return result; -} -UINT16 -TPM_ALG_ID_Array_Marshal(TPM_ALG_ID *source, BYTE **buffer, INT32 *size, INT32 count) -{ - UINT16 result = 0; - INT32 i; - for(i = 0; i < count; i++) - { - result = (UINT16)(result + TPM_ALG_ID_Marshal(&source[i], buffer, size)); - } - return result; -} - -// Array Marshal/Unmarshal for TPM_CC -TPM_RC -TPM_CC_Array_Unmarshal(TPM_CC *target, BYTE **buffer, INT32 *size, INT32 count) -{ - TPM_RC result; - INT32 i; - for(result = TPM_RC_SUCCESS, i = 0; - ((result == TPM_RC_SUCCESS) && (i < count)); i++) - { - result = TPM_CC_Unmarshal(&target[i], buffer, size); - } - return result; -} -UINT16 -TPM_CC_Array_Marshal(TPM_CC *source, BYTE **buffer, INT32 *size, INT32 count) -{ - UINT16 result = 0; - INT32 i; - for(i = 0; i < count; i++) - { - result = (UINT16)(result + TPM_CC_Marshal(&source[i], buffer, size)); - } - return result; -} - -// Array Marshal/Unmarshal for TPM_ECC_CURVE -#if ALG_ECC -TPM_RC -TPM_ECC_CURVE_Array_Unmarshal(TPM_ECC_CURVE *target, BYTE **buffer, INT32 *size, INT32 count) -{ - TPM_RC result; - INT32 i; - for(result = TPM_RC_SUCCESS, i = 0; - ((result == TPM_RC_SUCCESS) && (i < count)); i++) - { - result = TPM_ECC_CURVE_Unmarshal(&target[i], buffer, size); - } - return result; -} -UINT16 -TPM_ECC_CURVE_Array_Marshal(TPM_ECC_CURVE *source, BYTE **buffer, INT32 *size, INT32 count) -{ - UINT16 result = 0; - INT32 i; - for(i = 0; i < count; i++) - { - result = (UINT16)(result + TPM_ECC_CURVE_Marshal(&source[i], buffer, size)); - } - return result; -} -#endif // ALG_ECC - -// Array Marshal/Unmarshal for TPM_HANDLE -TPM_RC -TPM_HANDLE_Array_Unmarshal(TPM_HANDLE *target, BYTE **buffer, INT32 *size, INT32 count) -{ - TPM_RC result; - INT32 i; - for(result = TPM_RC_SUCCESS, i = 0; - ((result == TPM_RC_SUCCESS) && (i < count)); i++) - { - result = TPM_HANDLE_Unmarshal(&target[i], buffer, size); - } - return result; -} -UINT16 -TPM_HANDLE_Array_Marshal(TPM_HANDLE *source, BYTE **buffer, INT32 *size, INT32 count) -{ - UINT16 result = 0; - INT32 i; - for(i = 0; i < count; i++) - { - result = (UINT16)(result + TPM_HANDLE_Marshal(&source[i], buffer, size)); - } - return result; -} - diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/MathOnByteBuffers.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/MathOnByteBuffers.c deleted file mode 100644 index 5e68e2376..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/MathOnByteBuffers.c +++ /dev/null @@ -1,265 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Introduction -// -// This file contains implementation of the math functions that are performed -// with canonical integers in byte buffers. The canonical integer is -// big-endian bytes. -// -#include "Tpm.h" - -//** Functions - -//*** UnsignedCmpB -// This function compare two unsigned values. The values are byte-aligned, -// big-endian numbers (e.g, a hash). -// Return Type: int -// 1 if (a > b) -// 0 if (a = b) -// -1 if (a < b) -LIB_EXPORT int -UnsignedCompareB( - UINT32 aSize, // IN: size of a - const BYTE *a, // IN: a - UINT32 bSize, // IN: size of b - const BYTE *b // IN: b - ) -{ - UINT32 i; - if(aSize > bSize) - return 1; - else if(aSize < bSize) - return -1; - else - { - for(i = 0; i < aSize; i++) - { - if(a[i] != b[i]) - return (a[i] > b[i]) ? 1 : -1; - } - } - return 0; -} - -//***SignedCompareB() -// Compare two signed integers: -// Return Type: int -// 1 if a > b -// 0 if a = b -// -1 if a < b -int -SignedCompareB( - const UINT32 aSize, // IN: size of a - const BYTE *a, // IN: a buffer - const UINT32 bSize, // IN: size of b - const BYTE *b // IN: b buffer - ) -{ - int signA, signB; // sign of a and b - - // For positive or 0, sign_a is 1 - // for negative, sign_a is 0 - signA = ((a[0] & 0x80) == 0) ? 1 : 0; - - // For positive or 0, sign_b is 1 - // for negative, sign_b is 0 - signB = ((b[0] & 0x80) == 0) ? 1 : 0; - - if(signA != signB) - { - return signA - signB; - } - if(signA == 1) - // do unsigned compare function - return UnsignedCompareB(aSize, a, bSize, b); - else - // do unsigned compare the other way - return 0 - UnsignedCompareB(aSize, a, bSize, b); -} - -//*** ModExpB -// This function is used to do modular exponentiation in support of RSA. -// The most typical uses are: 'c' = 'm'^'e' mod 'n' (RSA encrypt) and -// 'm' = 'c'^'d' mod 'n' (RSA decrypt). When doing decryption, the 'e' parameter -// of the function will contain the private exponent 'd' instead of the public -// exponent 'e'. -// -// If the results will not fit in the provided buffer, -// an error is returned (CRYPT_ERROR_UNDERFLOW). If the results is smaller -// than the buffer, the results is de-normalized. -// -// This version is intended for use with RSA and requires that 'm' be -// less than 'n'. -// -// Return Type: TPM_RC -// TPM_RC_SIZE number to exponentiate is larger than the modulus -// TPM_RC_NO_RESULT result will not fit into the provided buffer -// -TPM_RC -ModExpB( - UINT32 cSize, // IN: the size of the output buffer. It will - // need to be the same size as the modulus - BYTE *c, // OUT: the buffer to receive the results - // (c->size must be set to the maximum size - // for the returned value) - const UINT32 mSize, - const BYTE *m, // IN: number to exponentiate - const UINT32 eSize, - const BYTE *e, // IN: power - const UINT32 nSize, - const BYTE *n // IN: modulus - ) -{ - BN_MAX(bnC); - BN_MAX(bnM); - BN_MAX(bnE); - BN_MAX(bnN); - NUMBYTES tSize = (NUMBYTES)nSize; - TPM_RC retVal = TPM_RC_SUCCESS; - - // Convert input parameters - BnFromBytes(bnM, m, (NUMBYTES)mSize); - BnFromBytes(bnE, e, (NUMBYTES)eSize); - BnFromBytes(bnN, n, (NUMBYTES)nSize); - - - // Make sure that the output is big enough to hold the result - // and that 'm' is less than 'n' (the modulus) - if(cSize < nSize) - ERROR_RETURN(TPM_RC_NO_RESULT); - if(BnUnsignedCmp(bnM, bnN) >= 0) - ERROR_RETURN(TPM_RC_SIZE); - BnModExp(bnC, bnM, bnE, bnN); - BnToBytes(bnC, c, &tSize); -Exit: - return retVal; -} - -//*** DivideB() -// Divide an integer ('n') by an integer ('d') producing a quotient ('q') and -// a remainder ('r'). If 'q' or 'r' is not needed, then the pointer to them -// may be set to NULL. -// -// Return Type: TPM_RC -// TPM_RC_NO_RESULT 'q' or 'r' is too small to receive the result -// -LIB_EXPORT TPM_RC -DivideB( - const TPM2B *n, // IN: numerator - const TPM2B *d, // IN: denominator - TPM2B *q, // OUT: quotient - TPM2B *r // OUT: remainder - ) -{ - BN_MAX_INITIALIZED(bnN, n); - BN_MAX_INITIALIZED(bnD, d); - BN_MAX(bnQ); - BN_MAX(bnR); -// - // Do divide with converted values - BnDiv(bnQ, bnR, bnN, bnD); - - // Convert the BIGNUM result back to 2B format using the size of the original - // number - if(q != NULL) - if(!BnTo2B(bnQ, q, q->size)) - return TPM_RC_NO_RESULT; - if(r != NULL) - if(!BnTo2B(bnR, r, r->size)) - return TPM_RC_NO_RESULT; - return TPM_RC_SUCCESS; -} - -//*** AdjustNumberB() -// Remove/add leading zeros from a number in a TPM2B. Will try to make the number -// by adding or removing leading zeros. If the number is larger than the requested -// size, it will make the number as small as possible. Setting 'requestedSize' to -// zero is equivalent to requesting that the number be normalized. -UINT16 -AdjustNumberB( - TPM2B *num, - UINT16 requestedSize - ) -{ - BYTE *from; - UINT16 i; - // See if number is already the requested size - if(num->size == requestedSize) - return requestedSize; - from = num->buffer; - if (num->size > requestedSize) - { - // This is a request to shift the number to the left (remove leading zeros) - // Find the first non-zero byte. Don't look past the point where removing - // more zeros would make the number smaller than requested, and don't throw - // away any significant digits. - for(i = num->size; *from == 0 && i > requestedSize; from++, i--); - if(i < num->size) - { - num->size = i; - MemoryCopy(num->buffer, from, i); - } - } - // This is a request to shift the number to the right (add leading zeros) - else - { - MemoryCopy(&num->buffer[requestedSize - num->size], num->buffer, num->size); - MemorySet(num->buffer, 0, requestedSize- num->size); - num->size = requestedSize; - } - return num->size; -} - -//*** ShiftLeft() -// This function shifts a byte buffer (a TPM2B) one byte to the left. That is, -// the most significant bit of the most significant byte is lost. -TPM2B * -ShiftLeft( - TPM2B *value // IN/OUT: value to shift and shifted value out -) -{ - UINT16 count = value->size; - BYTE *buffer = value->buffer; - if(count > 0) - { - for(count -= 1; count > 0; buffer++, count--) - { - buffer[0] = (buffer[0] << 1) + ((buffer[1] & 0x80) ? 1 : 0); - } - *buffer <<= 1; - } - return value; -} - diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Memory.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Memory.c deleted file mode 100644 index cbfa41d32..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Memory.c +++ /dev/null @@ -1,269 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Description -// This file contains a set of miscellaneous memory manipulation routines. Many -// of the functions have the same semantics as functions defined in string.h. -// Those functions are not used directly in the TPM because they are not 'safe' -// -// This version uses string.h after adding guards. This is because the math -// libraries invariably use those functions so it is not practical to prevent -// those library functions from being pulled into the build. - -//** Includes and Data Definitions -#include "Tpm.h" -#include "Memory_fp.h" - -//** Functions - -//*** MemoryCopy() -// This is an alias for memmove. This is used in place of memcpy because -// some of the moves may overlap and rather than try to make sure that -// memmove is used when necessary, it is always used. -void -MemoryCopy( - void *dest, - const void *src, - int sSize - ) -{ - if(dest != src) - memmove(dest, src, sSize); -} - - -//*** MemoryEqual() -// This function indicates if two buffers have the same values in the indicated -// number of bytes. -// Return Type: BOOL -// TRUE(1) all octets are the same -// FALSE(0) all octets are not the same -BOOL -MemoryEqual( - const void *buffer1, // IN: compare buffer1 - const void *buffer2, // IN: compare buffer2 - unsigned int size // IN: size of bytes being compared - ) -{ - BYTE equal = 0; - const BYTE *b1 = (BYTE *)buffer1; - const BYTE *b2 = (BYTE *)buffer2; -// - // Compare all bytes so that there is no leakage of information - // due to timing differences. - for(; size > 0; size--) - equal |= (*b1++ ^ *b2++); - return (equal == 0); -} - -//*** MemoryCopy2B() -// This function copies a TPM2B. This can be used when the TPM2B types are -// the same or different. -// -// This function returns the number of octets in the data buffer of the TPM2B. -LIB_EXPORT INT16 -MemoryCopy2B( - TPM2B *dest, // OUT: receiving TPM2B - const TPM2B *source, // IN: source TPM2B - unsigned int dSize // IN: size of the receiving buffer - ) -{ - pAssert(dest != NULL); - if(source == NULL) - dest->size = 0; - else - { - pAssert(source->size <= dSize); - MemoryCopy(dest->buffer, source->buffer, source->size); - dest->size = source->size; - } - return dest->size; -} - -//*** MemoryConcat2B() -// This function will concatenate the buffer contents of a TPM2B to an -// the buffer contents of another TPM2B and adjust the size accordingly -// ('a' := ('a' | 'b')). -void -MemoryConcat2B( - TPM2B *aInOut, // IN/OUT: destination 2B - TPM2B *bIn, // IN: second 2B - unsigned int aMaxSize // IN: The size of aInOut.buffer (max values for - // aInOut.size) - ) -{ - pAssert(bIn->size <= aMaxSize - aInOut->size); - MemoryCopy(&aInOut->buffer[aInOut->size], &bIn->buffer, bIn->size); - aInOut->size = aInOut->size + bIn->size; - return; -} - -//*** MemoryEqual2B() -// This function will compare two TPM2B structures. To be equal, they -// need to be the same size and the buffer contexts need to be the same -// in all octets. -// Return Type: BOOL -// TRUE(1) size and buffer contents are the same -// FALSE(0) size or buffer contents are not the same -BOOL -MemoryEqual2B( - const TPM2B *aIn, // IN: compare value - const TPM2B *bIn // IN: compare value - ) -{ - if(aIn->size != bIn->size) - return FALSE; - return MemoryEqual(aIn->buffer, bIn->buffer, aIn->size); -} - -//*** MemorySet() -// This function will set all the octets in the specified memory range to -// the specified octet value. -// Note: A previous version had an additional parameter (dSize) that was -// intended to make sure that the destination would not be overrun. The -// problem is that, in use, all that was happening was that the value of -// size was used for dSize so there was no benefit in the extra parameter. -void -MemorySet( - void *dest, - int value, - size_t size - ) -{ - memset(dest, value, size); -} - -//*** MemoryPad2B() -// Function to pad a TPM2B with zeros and adjust the size. -void -MemoryPad2B( - TPM2B *b, - UINT16 newSize - ) -{ - MemorySet(&b->buffer[b->size], 0, newSize - b->size); - b->size = newSize; -} - - -//*** Uint16ToByteArray() -// Function to write an integer to a byte array -void -Uint16ToByteArray( - UINT16 i, - BYTE *a - ) -{ - a[1] = (BYTE)(i); i >>= 8; - a[0] = (BYTE)(i); -} - -//*** Uint32ToByteArray() -// Function to write an integer to a byte array -void -Uint32ToByteArray( - UINT32 i, - BYTE *a - ) -{ - a[3] = (BYTE)(i); i >>= 8; - a[2] = (BYTE)(i); i >>= 8; - a[1] = (BYTE)(i); i >>= 8; - a[0] = (BYTE)(i); -} - -//*** Uint64ToByteArray() -// Function to write an integer to a byte array -void -Uint64ToByteArray( - UINT64 i, - BYTE *a - ) -{ - a[7] = (BYTE)(i); i >>= 8; - a[6] = (BYTE)(i); i >>= 8; - a[5] = (BYTE)(i); i >>= 8; - a[4] = (BYTE)(i); i >>= 8; - a[3] = (BYTE)(i); i >>= 8; - a[2] = (BYTE)(i); i >>= 8; - a[1] = (BYTE)(i); i >>= 8; - a[0] = (BYTE)(i); -} - -//*** ByteArrayToUint8() -// Function to write a UINT8 to a byte array. This is included for completeness -// and to allow certain macro expansions -UINT8 -ByteArrayToUint8( - BYTE *a -) -{ - return *a; -} - - -//*** ByteArrayToUint16() -// Function to write an integer to a byte array -UINT16 -ByteArrayToUint16( - BYTE *a -) -{ - return ((UINT16)a[0] << 8) + a[1]; -} - -//*** ByteArrayToUint32() -// Function to write an integer to a byte array -UINT32 -ByteArrayToUint32( - BYTE *a -) -{ - return (UINT32)((((((UINT32)a[0] << 8) + a[1]) << 8) + (UINT32)a[2]) << 8) + a[3]; -} - -//*** ByteArrayToUint64() -// Function to write an integer to a byte array -UINT64 -ByteArrayToUint64( - BYTE *a - ) -{ - return (((UINT64)BYTE_ARRAY_TO_UINT32(a)) << 32) + BYTE_ARRAY_TO_UINT32(&a[4]); -} - - - - - diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Power.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Power.c deleted file mode 100644 index 163cd4e7d..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Power.c +++ /dev/null @@ -1,82 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Description - -// This file contains functions that receive the simulated power state -// transitions of the TPM. - -//** Includes and Data Definitions -#define POWER_C -#include "Tpm.h" - -//** Functions - -//*** TPMInit() -// This function is used to process a power on event. -void -TPMInit( - void - ) -{ - // Set state as not initialized. This means that Startup is required - g_initialized = FALSE; - return; -} - -//*** TPMRegisterStartup() -// This function registers the fact that the TPM has been initialized -// (a TPM2_Startup() has completed successfully). -BOOL -TPMRegisterStartup( - void - ) -{ - g_initialized = TRUE; - return TRUE; -} - -//*** TPMIsStarted() -// Indicates if the TPM has been initialized (a TPM2_Startup() has completed -// successfully after a _TPM_Init). -// Return Type: BOOL -// TRUE(1) TPM has been initialized -// FALSE(0) TPM has not been initialized -BOOL -TPMIsStarted( - void - ) -{ - return g_initialized; -} diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/PropertyCap.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/PropertyCap.c deleted file mode 100644 index 11ea8592c..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/PropertyCap.c +++ /dev/null @@ -1,597 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Description -// This file contains the functions that are used for accessing the -// TPM_CAP_TPM_PROPERTY values. - -//** Includes - -#include "Tpm.h" - -//** Functions - -//*** TPMPropertyIsDefined() -// This function accepts a property selection and, if so, sets 'value' -// to the value of the property. -// -// All the fixed values are vendor dependent or determined by a -// platform-specific specification. The values in the table below -// are examples and should be changed by the vendor. -// Return Type: BOOL -// TRUE(1) referenced property exists and 'value' set -// FALSE(0) referenced property does not exist -static BOOL -TPMPropertyIsDefined( - TPM_PT property, // IN: property - UINT32 *value // OUT: property value - ) -{ - switch(property) - { - case TPM_PT_FAMILY_INDICATOR: - // from the title page of the specification - // For this specification, the value is "2.0". - *value = TPM_SPEC_FAMILY; - break; - case TPM_PT_LEVEL: - // from the title page of the specification - *value = TPM_SPEC_LEVEL; - break; - case TPM_PT_REVISION: - // from the title page of the specification - *value = TPM_SPEC_VERSION; - break; - case TPM_PT_DAY_OF_YEAR: - // computed from the date value on the title page of the specification - *value = TPM_SPEC_DAY_OF_YEAR; - break; - case TPM_PT_YEAR: - // from the title page of the specification - *value = TPM_SPEC_YEAR; - break; - case TPM_PT_MANUFACTURER: - // vendor ID unique to each TPM manufacturer - *value = BYTE_ARRAY_TO_UINT32(MANUFACTURER); - break; - case TPM_PT_VENDOR_STRING_1: - // first four characters of the vendor ID string - *value = BYTE_ARRAY_TO_UINT32(VENDOR_STRING_1); - break; - case TPM_PT_VENDOR_STRING_2: - // second four characters of the vendor ID string -#ifdef VENDOR_STRING_2 - *value = BYTE_ARRAY_TO_UINT32(VENDOR_STRING_2); -#else - *value = 0; -#endif - break; - case TPM_PT_VENDOR_STRING_3: - // third four characters of the vendor ID string -#ifdef VENDOR_STRING_3 - *value = BYTE_ARRAY_TO_UINT32(VENDOR_STRING_3); -#else - *value = 0; -#endif - break; - case TPM_PT_VENDOR_STRING_4: - // fourth four characters of the vendor ID string -#ifdef VENDOR_STRING_4 - *value = BYTE_ARRAY_TO_UINT32(VENDOR_STRING_4); -#else - *value = 0; -#endif - break; - case TPM_PT_VENDOR_TPM_TYPE: - // vendor-defined value indicating the TPM model - *value = 1; - break; - case TPM_PT_FIRMWARE_VERSION_1: - // more significant 32-bits of a vendor-specific value - *value = gp.firmwareV1; - break; - case TPM_PT_FIRMWARE_VERSION_2: - // less significant 32-bits of a vendor-specific value - *value = gp.firmwareV2; - break; - case TPM_PT_INPUT_BUFFER: - // maximum size of TPM2B_MAX_BUFFER - *value = MAX_DIGEST_BUFFER; - break; - case TPM_PT_HR_TRANSIENT_MIN: - // minimum number of transient objects that can be held in TPM - // RAM - *value = MAX_LOADED_OBJECTS; - break; - case TPM_PT_HR_PERSISTENT_MIN: - // minimum number of persistent objects that can be held in - // TPM NV memory - // In this implementation, there is no minimum number of - // persistent objects. - *value = MIN_EVICT_OBJECTS; - break; - case TPM_PT_HR_LOADED_MIN: - // minimum number of authorization sessions that can be held in - // TPM RAM - *value = MAX_LOADED_SESSIONS; - break; - case TPM_PT_ACTIVE_SESSIONS_MAX: - // number of authorization sessions that may be active at a time - *value = MAX_ACTIVE_SESSIONS; - break; - case TPM_PT_PCR_COUNT: - // number of PCR implemented - *value = IMPLEMENTATION_PCR; - break; - case TPM_PT_PCR_SELECT_MIN: - // minimum number of bytes in a TPMS_PCR_SELECT.sizeOfSelect - *value = PCR_SELECT_MIN; - break; - case TPM_PT_CONTEXT_GAP_MAX: - // maximum allowed difference (unsigned) between the contextID - // values of two saved session contexts - *value = ((UINT32)1 << (sizeof(CONTEXT_SLOT) * 8)) - 1; - break; - case TPM_PT_NV_COUNTERS_MAX: - // maximum number of NV indexes that are allowed to have the - // TPMA_NV_COUNTER attribute SET - // In this implementation, there is no limitation on the number - // of counters, except for the size of the NV Index memory. - *value = 0; - break; - case TPM_PT_NV_INDEX_MAX: - // maximum size of an NV index data area - *value = MAX_NV_INDEX_SIZE; - break; - case TPM_PT_MEMORY: - // a TPMA_MEMORY indicating the memory management method for the TPM - { - union - { - TPMA_MEMORY att; - UINT32 u32; - } attributes = { TPMA_ZERO_INITIALIZER() }; - SET_ATTRIBUTE(attributes.att, TPMA_MEMORY, sharedNV); - SET_ATTRIBUTE(attributes.att, TPMA_MEMORY, objectCopiedToRam); - - // Note: For a LSb0 machine, the bits in a bit field are in the correct - // order even if the machine is MSB0. For a MSb0 machine, a TPMA will - // be an integer manipulated by masking (USE_BIT_FIELD_STRUCTURES will - // be NO) so the bits are manipulate correctly. - *value = attributes.u32; - break; - } - case TPM_PT_CLOCK_UPDATE: - // interval, in seconds, between updates to the copy of - // TPMS_TIME_INFO .clock in NV - *value = (1 << NV_CLOCK_UPDATE_INTERVAL); - break; - case TPM_PT_CONTEXT_HASH: - // algorithm used for the integrity hash on saved contexts and - // for digesting the fuData of TPM2_FirmwareRead() - *value = CONTEXT_INTEGRITY_HASH_ALG; - break; - case TPM_PT_CONTEXT_SYM: - // algorithm used for encryption of saved contexts - *value = CONTEXT_ENCRYPT_ALG; - break; - case TPM_PT_CONTEXT_SYM_SIZE: - // size of the key used for encryption of saved contexts - *value = CONTEXT_ENCRYPT_KEY_BITS; - break; - case TPM_PT_ORDERLY_COUNT: - // maximum difference between the volatile and non-volatile - // versions of TPMA_NV_COUNTER that have TPMA_NV_ORDERLY SET - *value = MAX_ORDERLY_COUNT; - break; - case TPM_PT_MAX_COMMAND_SIZE: - // maximum value for 'commandSize' - *value = MAX_COMMAND_SIZE; - break; - case TPM_PT_MAX_RESPONSE_SIZE: - // maximum value for 'responseSize' - *value = MAX_RESPONSE_SIZE; - break; - case TPM_PT_MAX_DIGEST: - // maximum size of a digest that can be produced by the TPM - *value = sizeof(TPMU_HA); - break; - case TPM_PT_MAX_OBJECT_CONTEXT: -// Header has 'sequence', 'handle' and 'hierarchy' -#define SIZE_OF_CONTEXT_HEADER \ - sizeof(UINT64) + sizeof(TPMI_DH_CONTEXT) + sizeof(TPMI_RH_HIERARCHY) -#define SIZE_OF_CONTEXT_INTEGRITY (sizeof(UINT16) + CONTEXT_INTEGRITY_HASH_SIZE) -#define SIZE_OF_FINGERPRINT sizeof(UINT64) -#define SIZE_OF_CONTEXT_BLOB_OVERHEAD \ - (sizeof(UINT16) + SIZE_OF_CONTEXT_INTEGRITY + SIZE_OF_FINGERPRINT) -#define SIZE_OF_CONTEXT_OVERHEAD \ - (SIZE_OF_CONTEXT_HEADER + SIZE_OF_CONTEXT_BLOB_OVERHEAD) -#if 0 - // maximum size of a TPMS_CONTEXT that will be returned by - // TPM2_ContextSave for object context - *value = 0; - // adding sequence, saved handle and hierarchy - *value += sizeof(UINT64) + sizeof(TPMI_DH_CONTEXT) + - sizeof(TPMI_RH_HIERARCHY); - // add size field in TPM2B_CONTEXT - *value += sizeof(UINT16); - // add integrity hash size - *value += sizeof(UINT16) + - CryptHashGetDigestSize(CONTEXT_INTEGRITY_HASH_ALG); - // Add fingerprint size, which is the same as sequence size - *value += sizeof(UINT64); - // Add OBJECT structure size - *value += sizeof(OBJECT); -#else - // the maximum size of a TPMS_CONTEXT that will be returned by - // TPM2_ContextSave for object context - *value = SIZE_OF_CONTEXT_OVERHEAD + sizeof(OBJECT); -#endif - break; - case TPM_PT_MAX_SESSION_CONTEXT: -#if 0 - - // the maximum size of a TPMS_CONTEXT that will be returned by - // TPM2_ContextSave for object context - *value = 0; - // adding sequence, saved handle and hierarchy - *value += sizeof(UINT64) + sizeof(TPMI_DH_CONTEXT) + - sizeof(TPMI_RH_HIERARCHY); - // Add size field in TPM2B_CONTEXT - *value += sizeof(UINT16); -// Add integrity hash size - *value += sizeof(UINT16) + - CryptHashGetDigestSize(CONTEXT_INTEGRITY_HASH_ALG); - // Add fingerprint size, which is the same as sequence size - *value += sizeof(UINT64); - // Add SESSION structure size - *value += sizeof(SESSION); -#else - // the maximum size of a TPMS_CONTEXT that will be returned by - // TPM2_ContextSave for object context - *value = SIZE_OF_CONTEXT_OVERHEAD + sizeof(SESSION); -#endif - break; - case TPM_PT_PS_FAMILY_INDICATOR: - // platform specific values for the TPM_PT_PS parameters from - // the relevant platform-specific specification - // In this reference implementation, all of these values are 0. - *value = PLATFORM_FAMILY; - break; - case TPM_PT_PS_LEVEL: - // level of the platform-specific specification - *value = PLATFORM_LEVEL; - break; - case TPM_PT_PS_REVISION: - // specification Revision times 100 for the platform-specific - // specification - *value = PLATFORM_VERSION; - break; - case TPM_PT_PS_DAY_OF_YEAR: - // platform-specific specification day of year using TCG calendar - *value = PLATFORM_DAY_OF_YEAR; - break; - case TPM_PT_PS_YEAR: - // platform-specific specification year using the CE - *value = PLATFORM_YEAR; - break; - case TPM_PT_SPLIT_MAX: - // number of split signing operations supported by the TPM - *value = 0; -#if ALG_ECC - *value = sizeof(gr.commitArray) * 8; -#endif - break; - case TPM_PT_TOTAL_COMMANDS: - // total number of commands implemented in the TPM - // Since the reference implementation does not have any - // vendor-defined commands, this will be the same as the - // number of library commands. - { -#if COMPRESSED_LISTS - (*value) = COMMAND_COUNT; -#else - COMMAND_INDEX commandIndex; - *value = 0; - - // scan all implemented commands - for(commandIndex = GetClosestCommandIndex(0); - commandIndex != UNIMPLEMENTED_COMMAND_INDEX; - commandIndex = GetNextCommandIndex(commandIndex)) - { - (*value)++; // count of all implemented - } -#endif - break; - } - case TPM_PT_LIBRARY_COMMANDS: - // number of commands from the TPM library that are implemented - { -#if COMPRESSED_LISTS - *value = LIBRARY_COMMAND_ARRAY_SIZE; -#else - COMMAND_INDEX commandIndex; - *value = 0; - - // scan all implemented commands - for(commandIndex = GetClosestCommandIndex(0); - commandIndex < LIBRARY_COMMAND_ARRAY_SIZE; - commandIndex = GetNextCommandIndex(commandIndex)) - { - (*value)++; - } -#endif - break; - } - case TPM_PT_VENDOR_COMMANDS: - // number of vendor commands that are implemented - *value = VENDOR_COMMAND_ARRAY_SIZE; - break; - case TPM_PT_NV_BUFFER_MAX: - // Maximum data size in an NV write command - *value = MAX_NV_BUFFER_SIZE; - break; - case TPM_PT_MODES: -#if FIPS_COMPLIANT - *value = 1; -#else - *value = 0; -#endif - break; - case TPM_PT_MAX_CAP_BUFFER: - *value = MAX_CAP_BUFFER; - break; - - // Start of variable commands - case TPM_PT_PERMANENT: - // TPMA_PERMANENT - { - union { - TPMA_PERMANENT attr; - UINT32 u32; - } flags = { TPMA_ZERO_INITIALIZER() }; - if(gp.ownerAuth.t.size != 0) - SET_ATTRIBUTE(flags.attr, TPMA_PERMANENT, ownerAuthSet); - if(gp.endorsementAuth.t.size != 0) - SET_ATTRIBUTE(flags.attr, TPMA_PERMANENT, endorsementAuthSet); - if(gp.lockoutAuth.t.size != 0) - SET_ATTRIBUTE(flags.attr, TPMA_PERMANENT, lockoutAuthSet); - if(gp.disableClear) - SET_ATTRIBUTE(flags.attr, TPMA_PERMANENT, disableClear); - if(gp.failedTries >= gp.maxTries) - SET_ATTRIBUTE(flags.attr, TPMA_PERMANENT, inLockout); - // In this implementation, EPS is always generated by TPM - SET_ATTRIBUTE(flags.attr, TPMA_PERMANENT, tpmGeneratedEPS); - - // Note: For a LSb0 machine, the bits in a bit field are in the correct - // order even if the machine is MSB0. For a MSb0 machine, a TPMA will - // be an integer manipulated by masking (USE_BIT_FIELD_STRUCTURES will - // be NO) so the bits are manipulate correctly. - *value = flags.u32; - break; - } - case TPM_PT_STARTUP_CLEAR: - // TPMA_STARTUP_CLEAR - { - union { - TPMA_STARTUP_CLEAR attr; - UINT32 u32; - } flags = { TPMA_ZERO_INITIALIZER() }; -// - if(g_phEnable) - SET_ATTRIBUTE(flags.attr, TPMA_STARTUP_CLEAR, phEnable); - if(gc.shEnable) - SET_ATTRIBUTE(flags.attr, TPMA_STARTUP_CLEAR, shEnable); - if(gc.ehEnable) - SET_ATTRIBUTE(flags.attr, TPMA_STARTUP_CLEAR, ehEnable); - if(gc.phEnableNV) - SET_ATTRIBUTE(flags.attr, TPMA_STARTUP_CLEAR, phEnableNV); - if(g_prevOrderlyState != SU_NONE_VALUE) - SET_ATTRIBUTE(flags.attr, TPMA_STARTUP_CLEAR, orderly); - - // Note: For a LSb0 machine, the bits in a bit field are in the correct - // order even if the machine is MSB0. For a MSb0 machine, a TPMA will - // be an integer manipulated by masking (USE_BIT_FIELD_STRUCTURES will - // be NO) so the bits are manipulate correctly. - *value = flags.u32; - break; - } - case TPM_PT_HR_NV_INDEX: - // number of NV indexes currently defined - *value = NvCapGetIndexNumber(); - break; - case TPM_PT_HR_LOADED: - // number of authorization sessions currently loaded into TPM - // RAM - *value = SessionCapGetLoadedNumber(); - break; - case TPM_PT_HR_LOADED_AVAIL: - // number of additional authorization sessions, of any type, - // that could be loaded into TPM RAM - *value = SessionCapGetLoadedAvail(); - break; - case TPM_PT_HR_ACTIVE: - // number of active authorization sessions currently being - // tracked by the TPM - *value = SessionCapGetActiveNumber(); - break; - case TPM_PT_HR_ACTIVE_AVAIL: - // number of additional authorization sessions, of any type, - // that could be created - *value = SessionCapGetActiveAvail(); - break; - case TPM_PT_HR_TRANSIENT_AVAIL: - // estimate of the number of additional transient objects that - // could be loaded into TPM RAM - *value = ObjectCapGetTransientAvail(); - break; - case TPM_PT_HR_PERSISTENT: - // number of persistent objects currently loaded into TPM - // NV memory - *value = NvCapGetPersistentNumber(); - break; - case TPM_PT_HR_PERSISTENT_AVAIL: - // number of additional persistent objects that could be loaded - // into NV memory - *value = NvCapGetPersistentAvail(); - break; - case TPM_PT_NV_COUNTERS: - // number of defined NV indexes that have NV TPMA_NV_COUNTER - // attribute SET - *value = NvCapGetCounterNumber(); - break; - case TPM_PT_NV_COUNTERS_AVAIL: - // number of additional NV indexes that can be defined with their - // TPMA_NV_COUNTER attribute SET - *value = NvCapGetCounterAvail(); - break; - case TPM_PT_ALGORITHM_SET: - // region code for the TPM - *value = gp.algorithmSet; - break; - case TPM_PT_LOADED_CURVES: -#if ALG_ECC - // number of loaded ECC curves - *value = ECC_CURVE_COUNT; -#else // ALG_ECC - *value = 0; -#endif // ALG_ECC - break; - case TPM_PT_LOCKOUT_COUNTER: - // current value of the lockout counter - *value = gp.failedTries; - break; - case TPM_PT_MAX_AUTH_FAIL: - // number of authorization failures before DA lockout is invoked - *value = gp.maxTries; - break; - case TPM_PT_LOCKOUT_INTERVAL: - // number of seconds before the value reported by - // TPM_PT_LOCKOUT_COUNTER is decremented - *value = gp.recoveryTime; - break; - case TPM_PT_LOCKOUT_RECOVERY: - // number of seconds after a lockoutAuth failure before use of - // lockoutAuth may be attempted again - *value = gp.lockoutRecovery; - break; - case TPM_PT_NV_WRITE_RECOVERY: - // number of milliseconds before the TPM will accept another command - // that will modify NV. - // This should make a call to the platform code that is doing rate - // limiting of NV. Rate limiting is not implemented in the reference - // code so no call is made. - *value = 0; - break; - case TPM_PT_AUDIT_COUNTER_0: - // high-order 32 bits of the command audit counter - *value = (UINT32)(gp.auditCounter >> 32); - break; - case TPM_PT_AUDIT_COUNTER_1: - // low-order 32 bits of the command audit counter - *value = (UINT32)(gp.auditCounter); - break; - default: - // property is not defined - return FALSE; - break; - } - return TRUE; -} - -//*** TPMCapGetProperties() -// This function is used to get the TPM_PT values. The search of properties will -// start at 'property' and continue until 'propertyList' has as many values as -// will fit, or the last property has been reported, or the list has as many -// values as requested in 'count'. -// Return Type: TPMI_YES_NO -// YES more properties are available -// NO no more properties to be reported -TPMI_YES_NO -TPMCapGetProperties( - TPM_PT property, // IN: the starting TPM property - UINT32 count, // IN: maximum number of returned - // properties - TPML_TAGGED_TPM_PROPERTY *propertyList // OUT: property list - ) -{ - TPMI_YES_NO more = NO; - UINT32 i; - UINT32 nextGroup; - - // initialize output property list - propertyList->count = 0; - - // maximum count of properties we may return is MAX_PCR_PROPERTIES - if(count > MAX_TPM_PROPERTIES) count = MAX_TPM_PROPERTIES; - - // if property is less than PT_FIXED, start from PT_FIXED - if(property < PT_FIXED) - property = PT_FIXED; - // There is only the fixed and variable groups with the variable group coming - // last - if(property >= (PT_VAR + PT_GROUP)) - return more; - - // Don't read past the end of the selected group - nextGroup = ((property / PT_GROUP) * PT_GROUP) + PT_GROUP; - - // Scan through the TPM properties of the requested group. - for(i = property; i < nextGroup; i++) - { - UINT32 value; - // if we have hit the end of the group, quit - if(i != property && ((i % PT_GROUP) == 0)) - break; - if(TPMPropertyIsDefined((TPM_PT)i, &value)) - { - if(propertyList->count < count) - { - // If the list is not full, add this property - propertyList->tpmProperty[propertyList->count].property = - (TPM_PT)i; - propertyList->tpmProperty[propertyList->count].value = value; - propertyList->count++; - } - else - { - // If the return list is full but there are more properties - // available, set the indication and exit the loop. - more = YES; - break; - } - } - } - return more; -} \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Response.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Response.c deleted file mode 100644 index 273182eb1..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Response.c +++ /dev/null @@ -1,81 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Description -// This file contains the common code for building a response header, including -// setting the size of the structure. 'command' may be NULL if result is -// not TPM_RC_SUCCESS. - -//** Includes and Defines -#include "Tpm.h" - -//** BuildResponseHeader() -// Adds the response header to the response. It will update command->parameterSize -// to indicate the total size of the response. -void -BuildResponseHeader( - COMMAND *command, // IN: main control structure - BYTE *buffer, // OUT: the output buffer - TPM_RC result // IN: the response code - ) -{ - TPM_ST tag; - UINT32 size; - - if(result != TPM_RC_SUCCESS) - { - tag = TPM_ST_NO_SESSIONS; - size = 10; - } - else - { - tag = command->tag; - // Compute the overall size of the response - size = STD_RESPONSE_HEADER + command->handleNum * sizeof(TPM_HANDLE); - size += command->parameterSize; - size += (command->tag == TPM_ST_SESSIONS) ? - command->authSize + sizeof(UINT32) : 0; - } - TPM_ST_Marshal(&tag, &buffer, NULL); - UINT32_Marshal(&size, &buffer, NULL); - TPM_RC_Marshal(&result, &buffer, NULL); - if(result == TPM_RC_SUCCESS) - { - if(command->handleNum > 0) - TPM_HANDLE_Marshal(&command->handles[0], &buffer, NULL); - if(tag == TPM_ST_SESSIONS) - UINT32_Marshal((UINT32 *)&command->parameterSize, &buffer, NULL); - } - command->parameterSize = size; -} \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/ResponseCodeProcessing.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/ResponseCodeProcessing.c deleted file mode 100644 index 24ff447a7..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/ResponseCodeProcessing.c +++ /dev/null @@ -1,57 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Description -// This file contains the miscellaneous functions for processing response codes. -// NOTE: Currently, there is only one. - -//** Includes and Defines -#include "Tpm.h" - -//** RcSafeAddToResult() -// Adds a modifier to a response code as long as the response code allows a modifier -// and no modifier has already been added. -TPM_RC -RcSafeAddToResult( - TPM_RC responseCode, - TPM_RC modifier - ) -{ - if((responseCode & RC_FMT1) && !(responseCode & 0xf40)) - return responseCode + modifier; - else - return responseCode; -} - - diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/TpmFail.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/TpmFail.c deleted file mode 100644 index b4463d3d0..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/TpmFail.c +++ /dev/null @@ -1,454 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Includes, Defines, and Types -#define TPM_FAIL_C -#include "Tpm.h" -#include - -// On MS C compiler, can save the alignment state and set the alignment to 1 for -// the duration of the TpmTypes.h include. This will avoid a lot of alignment -// warnings from the compiler for the unaligned structures. The alignment of the -// structures is not important as this function does not use any of the structures -// in TpmTypes.h and only include it for the #defines of the capabilities, -// properties, and command code values. -#include "TpmTypes.h" - -//** Typedefs -// These defines are used primarily for sizing of the local response buffer. -typedef struct -{ - TPM_ST tag; - UINT32 size; - TPM_RC code; -} HEADER; - -typedef struct -{ - BYTE tag[sizeof(TPM_ST)]; - BYTE size[sizeof(UINT32)]; - BYTE code[sizeof(TPM_RC)]; -} PACKED_HEADER; - -typedef struct -{ - BYTE size[sizeof(UINT16)]; - struct - { - BYTE function[sizeof(UINT32)]; - BYTE line[sizeof(UINT32)]; - BYTE code[sizeof(UINT32)]; - } values; - BYTE returnCode[sizeof(TPM_RC)]; -} GET_TEST_RESULT_PARAMETERS; - -typedef struct -{ - BYTE moreData[sizeof(TPMI_YES_NO)]; - BYTE capability[sizeof(TPM_CAP)]; // Always TPM_CAP_TPM_PROPERTIES - BYTE tpmProperty[sizeof(TPML_TAGGED_TPM_PROPERTY)]; -} GET_CAPABILITY_PARAMETERS; - -typedef struct -{ - BYTE header[sizeof(PACKED_HEADER)]; - BYTE getTestResult[sizeof(GET_TEST_RESULT_PARAMETERS)]; -} TEST_RESPONSE; - -typedef struct -{ - BYTE header[sizeof(PACKED_HEADER)]; - BYTE getCap[sizeof(GET_CAPABILITY_PARAMETERS)]; -} CAPABILITY_RESPONSE; - -typedef union -{ - BYTE test[sizeof(TEST_RESPONSE)]; - BYTE cap[sizeof(CAPABILITY_RESPONSE)]; -} RESPONSES; - -// Buffer to hold the responses. This may be a little larger than -// required due to padding that a compiler might add. -// Note: This is not in Global.c because of the specialized data definitions above. -// Since the data contained in this structure is not relevant outside of the -// execution of a single command (when the TPM is in failure mode. There is no -// compelling reason to move all the typedefs to Global.h and this structure -// to Global.c. -#ifndef __IGNORE_STATE__ // Don't define this value -static BYTE response[sizeof(RESPONSES)]; -#endif - -//** Local Functions - -//*** MarshalUint16() -// Function to marshal a 16 bit value to the output buffer. -static INT32 -MarshalUint16( - UINT16 integer, - BYTE **buffer - ) -{ - UINT16_TO_BYTE_ARRAY(integer, *buffer); - *buffer += 2; - return 2; -} - -//*** MarshalUint32() -// Function to marshal a 32 bit value to the output buffer. -static INT32 -MarshalUint32( - UINT32 integer, - BYTE **buffer - ) -{ - UINT32_TO_BYTE_ARRAY(integer, *buffer); - *buffer += 4; - return 4; -} - -//***Unmarshal32() -static BOOL Unmarshal32( - UINT32 *target, - BYTE **buffer, - INT32 *size - ) -{ - if((*size -= 4) < 0) - return FALSE; - *target = BYTE_ARRAY_TO_UINT32(*buffer); - *buffer += 4; - return TRUE; -} - -//***Unmarshal16() -static BOOL Unmarshal16( - UINT16 *target, - BYTE **buffer, - INT32 *size -) -{ - if((*size -= 2) < 0) - return FALSE; - *target = BYTE_ARRAY_TO_UINT16(*buffer); - *buffer += 2; - return TRUE; -} - -//** Public Functions - -//*** SetForceFailureMode() -// This function is called by the simulator to enable failure mode testing. -#if SIMULATION -LIB_EXPORT void -SetForceFailureMode( - void - ) -{ - g_forceFailureMode = TRUE; - return; -} -#endif - -//*** TpmLogFailure() -// This function saves the failure values when the code will continue to operate. It -// if similar to TpmFail() but returns to the caller. The assumption is that the -// caller will propagate a failure back up the stack. -void -TpmLogFailure( -#if FAIL_TRACE - const char *function, - int line, -#endif - int code -) -{ - // Save the values that indicate where the error occurred. - // On a 64-bit machine, this may truncate the address of the string - // of the function name where the error occurred. -#if FAIL_TRACE - s_failFunction = (UINT32)(ptrdiff_t)function; - s_failLine = line; -#else - s_failFunction = 0; - s_failLine = 0; -#endif - s_failCode = code; - - // We are in failure mode - g_inFailureMode = TRUE; - - return; -} - -//*** TpmFail() -// This function is called by TPM.lib when a failure occurs. It will set up the -// failure values to be returned on TPM2_GetTestResult(). -NORETURN void -TpmFail( -#if FAIL_TRACE - const char *function, - int line, -#endif - int code - ) -{ - // Save the values that indicate where the error occurred. - // On a 64-bit machine, this may truncate the address of the string - // of the function name where the error occurred. -#if FAIL_TRACE - s_failFunction = (UINT32)(ptrdiff_t)function; - s_failLine = line; -#else - s_failFunction = (UINT32)(ptrdiff_t)NULL; - s_failLine = 0; -#endif - s_failCode = code; - - // We are in failure mode - g_inFailureMode = TRUE; - - // if asserts are enabled, then do an assert unless the failure mode code - // is being tested. -#if SIMULATION -# ifndef NDEBUG - assert(g_forceFailureMode); -# endif - // Clear this flag - g_forceFailureMode = FALSE; -#endif - // Jump to the failure mode code. - // Note: only get here if asserts are off or if we are testing failure mode - _plat__Fail(); -} - -//*** TpmFailureMode( -// This function is called by the interface code when the platform is in failure -// mode. -void -TpmFailureMode( - unsigned int inRequestSize, // IN: command buffer size - unsigned char *inRequest, // IN: command buffer - unsigned int *outResponseSize, // OUT: response buffer size - unsigned char **outResponse // OUT: response buffer - ) -{ - UINT32 marshalSize; - UINT32 capability; - HEADER header; // unmarshaled command header - UINT32 pt; // unmarshaled property type - UINT32 count; // unmarshaled property count - UINT8 *buffer = inRequest; - INT32 size = inRequestSize; - - // If there is no command buffer, then just return TPM_RC_FAILURE - if(inRequestSize == 0 || inRequest == NULL) - goto FailureModeReturn; - // If the header is not correct for TPM2_GetCapability() or - // TPM2_GetTestResult() then just return the in failure mode response; - if(! (Unmarshal16(&header.tag, &buffer, &size) - && Unmarshal32(&header.size, &buffer, &size) - && Unmarshal32(&header.code, &buffer, &size))) - goto FailureModeReturn; - if(header.tag != TPM_ST_NO_SESSIONS - || header.size < 10) - goto FailureModeReturn; - switch(header.code) - { - case TPM_CC_GetTestResult: - // make sure that the command size is correct - if(header.size != 10) - goto FailureModeReturn; - buffer = &response[10]; - marshalSize = MarshalUint16(3 * sizeof(UINT32), &buffer); - marshalSize += MarshalUint32(s_failFunction, &buffer); - marshalSize += MarshalUint32(s_failLine, &buffer); - marshalSize += MarshalUint32(s_failCode, &buffer); - if(s_failCode == FATAL_ERROR_NV_UNRECOVERABLE) - marshalSize += MarshalUint32(TPM_RC_NV_UNINITIALIZED, &buffer); - else - marshalSize += MarshalUint32(TPM_RC_FAILURE, &buffer); - break; - case TPM_CC_GetCapability: - // make sure that the size of the command is exactly the size - // returned for the capability, property, and count - if(header.size != (10 + (3 * sizeof(UINT32))) - // also verify that this is requesting TPM properties - || !Unmarshal32(&capability, &buffer, &size) - || capability != TPM_CAP_TPM_PROPERTIES - || !Unmarshal32(&pt, &buffer, &size) - || !Unmarshal32(&count, &buffer, &size)) - goto FailureModeReturn; - // If in failure mode because of an unrecoverable read error, and the - // property is 0 and the count is 0, then this is an indication to - // re-manufacture the TPM. Do the re-manufacture but stay in failure - // mode until the TPM is reset. - // Note: this behavior is not required by the specification and it is - // OK to leave the TPM permanently bricked due to an unrecoverable NV - // error. - if(count == 0 && pt == 0 && s_failCode == FATAL_ERROR_NV_UNRECOVERABLE) - { - g_manufactured = FALSE; - TPM_Manufacture(0); - } - if(count > 0) - count = 1; - else if(pt > TPM_PT_FIRMWARE_VERSION_2) - count = 0; - if(pt < TPM_PT_MANUFACTURER) - pt = TPM_PT_MANUFACTURER; - // set up for return - buffer = &response[10]; - // if the request was for a PT less than the last one - // then we indicate more, otherwise, not. - if(pt < TPM_PT_FIRMWARE_VERSION_2) - *buffer++ = YES; - else - *buffer++ = NO; - marshalSize = 1; - - // indicate the capability type - marshalSize += MarshalUint32(capability, &buffer); - // indicate the number of values that are being returned (0 or 1) - marshalSize += MarshalUint32(count, &buffer); - // indicate the property - marshalSize += MarshalUint32(pt, &buffer); - - if(count > 0) - switch(pt) - { - case TPM_PT_MANUFACTURER: - // the vendor ID unique to each TPM manufacturer -#ifdef MANUFACTURER - pt = *(UINT32*)MANUFACTURER; -#else - pt = 0; -#endif - break; - case TPM_PT_VENDOR_STRING_1: - // the first four characters of the vendor ID string -#ifdef VENDOR_STRING_1 - pt = *(UINT32*)VENDOR_STRING_1; -#else - pt = 0; -#endif - break; - case TPM_PT_VENDOR_STRING_2: - // the second four characters of the vendor ID string -#ifdef VENDOR_STRING_2 - pt = *(UINT32*)VENDOR_STRING_2; -#else - pt = 0; -#endif - break; - case TPM_PT_VENDOR_STRING_3: - // the third four characters of the vendor ID string -#ifdef VENDOR_STRING_3 - pt = *(UINT32*)VENDOR_STRING_3; -#else - pt = 0; -#endif - break; - case TPM_PT_VENDOR_STRING_4: - // the fourth four characters of the vendor ID string -#ifdef VENDOR_STRING_4 - pt = *(UINT32*)VENDOR_STRING_4; -#else - pt = 0; -#endif - break; - case TPM_PT_VENDOR_TPM_TYPE: - // vendor-defined value indicating the TPM model - // We just make up a number here - pt = 1; - break; - case TPM_PT_FIRMWARE_VERSION_1: - // the more significant 32-bits of a vendor-specific value - // indicating the version of the firmware -#ifdef FIRMWARE_V1 - pt = FIRMWARE_V1; -#else - pt = 0; -#endif - break; - default: // TPM_PT_FIRMWARE_VERSION_2: - // the less significant 32-bits of a vendor-specific value - // indicating the version of the firmware -#ifdef FIRMWARE_V2 - pt = FIRMWARE_V2; -#else - pt = 0; -#endif - break; - } - marshalSize += MarshalUint32(pt, &buffer); - break; - default: // default for switch (cc) - goto FailureModeReturn; - } - // Now do the header - buffer = response; - marshalSize = marshalSize + 10; // Add the header size to the - // stuff already marshaled - MarshalUint16(TPM_ST_NO_SESSIONS, &buffer); // structure tag - MarshalUint32(marshalSize, &buffer); // responseSize - MarshalUint32(TPM_RC_SUCCESS, &buffer); // response code - - *outResponseSize = marshalSize; - *outResponse = (unsigned char *)&response; - return; -FailureModeReturn: - buffer = response; - marshalSize = MarshalUint16(TPM_ST_NO_SESSIONS, &buffer); - marshalSize += MarshalUint32(10, &buffer); - marshalSize += MarshalUint32(TPM_RC_FAILURE, &buffer); - *outResponseSize = marshalSize; - *outResponse = (unsigned char *)response; - return; -} - -//*** UnmarshalFail() -// This is a stub that is used to catch an attempt to unmarshal an entry -// that is not defined. Don't ever expect this to be called but... -void -UnmarshalFail( - void *type, - BYTE **buffer, - INT32 *size - ) -{ - NOT_REFERENCED(type); - NOT_REFERENCED(buffer); - NOT_REFERENCED(size); - FAIL(FATAL_ERROR_INTERNAL); -} \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/TpmSizeChecks.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/TpmSizeChecks.c deleted file mode 100644 index e8a0e76a4..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/TpmSizeChecks.c +++ /dev/null @@ -1,171 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Includes, Defines, and Types -#include "Tpm.h" -#include - -#if RUNTIME_SIZE_CHECKS - -static int once = 0; - -//** TpmSizeChecks() -// This function is used during the development process to make sure that the -// vendor-specific values result in a consistent implementation. When possible, -// the code contains #if to do compile-time checks. However, in some cases, the -// values require the use of "sizeof()" and that can't be used in an #if. -void -TpmSizeChecks( - void - ) -{ -#if DEBUG - if(once++ != 0) return; - { - BOOL PASS = TRUE; - UINT32 maxAsymSecurityStrength = MAX_ASYM_SECURITY_STRENGTH; - UINT32 maxHashSecurityStrength = MAX_HASH_SECURITY_STRENGTH; - UINT32 maxSymSecurityStrength = MAX_SYM_SECURITY_STRENGTH; - UINT32 maxSecurityStrengthBits = MAX_SECURITY_STRENGTH_BITS; - UINT32 proofSize = PROOF_SIZE; - UINT32 compliantProofSize = COMPLIANT_PROOF_SIZE; - UINT32 compliantPrimarySeedSize = COMPLIANT_PRIMARY_SEED_SIZE; - UINT32 primarySeedSize = PRIMARY_SEED_SIZE; - - UINT32 cmacState = sizeof(tpmCmacState_t); - UINT32 hashState = sizeof(HASH_STATE); - UINT32 keyScheduleSize = sizeof(tpmCryptKeySchedule_t); - // - NOT_REFERENCED(cmacState); - NOT_REFERENCED(hashState); - NOT_REFERENCED(keyScheduleSize); - NOT_REFERENCED(maxAsymSecurityStrength); - NOT_REFERENCED(maxHashSecurityStrength); - NOT_REFERENCED(maxSymSecurityStrength); - NOT_REFERENCED(maxSecurityStrengthBits); - NOT_REFERENCED(proofSize); - NOT_REFERENCED(compliantProofSize); - NOT_REFERENCED(compliantPrimarySeedSize); - NOT_REFERENCED(primarySeedSize); - - - { - TPMT_SENSITIVE *p; - // This assignment keeps compiler from complaining about a conditional - // comparison being between two constants - UINT16 max_rsa_key_bytes = MAX_RSA_KEY_BYTES; - if((max_rsa_key_bytes / 2) != (sizeof(p->sensitive.rsa.t.buffer) / 5)) - { - printf("Sensitive part of TPMT_SENSITIVE is undersized. May be caused by" - "use of wrong version of Part 2.\n"); - PASS = FALSE; - } - } - -#if 0 - printf("Size of OBJECT = %d\n", sizeof(OBJECT)); - printf("Size of components in TPMT_SENSITIVE = %d\n", sizeof(TPMT_SENSITIVE)); - printf(" TPMI_ALG_PUBLIC %d\n", sizeof(TPMI_ALG_PUBLIC)); - printf(" TPM2B_AUTH %d\n", sizeof(TPM2B_AUTH)); - printf(" TPM2B_DIGEST %d\n", sizeof(TPM2B_DIGEST)); - printf(" TPMU_SENSITIVE_COMPOSITE %d\n", - sizeof(TPMU_SENSITIVE_COMPOSITE)); -#endif - // Make sure that the size of the context blob is large enough for the largest - // context - // TPMS_CONTEXT_DATA contains two TPM2B values. That is not how this is - // implemented. Rather, the size field of the TPM2B_CONTEXT_DATA is used to - // determine the amount of data in the encrypted data. That part is not - // independently sized. This makes the actual size 2 bytes smaller than - // calculated using Part 2. Since this is opaque to the caller, it is not - // necessary to fix. The actual size is returned by TPM2_GetCapabilties(). - - // Initialize output handle. At the end of command action, the output - // handle of an object will be replaced, while the output handle - // for a session will be the same as input - - // Get the size of fingerprint in context blob. The sequence value in - // TPMS_CONTEXT structure is used as the fingerprint - { - UINT32 fingerprintSize = sizeof(UINT64); - UINT32 integritySize = sizeof(UINT16) - + CryptHashGetDigestSize(CONTEXT_INTEGRITY_HASH_ALG); - UINT32 biggestObject = MAX(MAX(sizeof(HASH_OBJECT), sizeof(OBJECT)), - sizeof(SESSION)); - UINT32 biggestContext = fingerprintSize + integritySize + biggestObject; - - // round required size up to nearest 8 byte boundary. - biggestContext = 8 * ((biggestContext + 7) / 8); - - if(MAX_CONTEXT_SIZE != biggestContext) - { - printf("MAX_CONTEXT_SIZE should be changed to %d (%d)\n", biggestContext, MAX_CONTEXT_SIZE); - PASS = FALSE; - } - } - { - union u - { - TPMA_OBJECT attributes; - UINT32 uint32Value; - } u; - // these are defined so that compiler doesn't complain about conditional - // expressions comparing two constants. - int aSize = sizeof(u.attributes); - int uSize = sizeof(u.uint32Value); - u.uint32Value = 0; - SET_ATTRIBUTE(u.attributes, TPMA_OBJECT, Reserved_bit_at_0); - if(u.uint32Value != 1) - { - printf("The bit allocation in a TPMA_OBJECT is not as expected"); - PASS = FALSE; - } - if(aSize != uSize) // comparison of two sizeof() values annoys compiler - { - printf("A TPMA_OBJECT is not the expected size."); - PASS = FALSE; - } - } - - // Make sure that the size of the Capability buffer can hold the largest - // TPML_PCR_SELECTION. The list length is nominally set by the number of hash - // algorithms implemented on the TPM. A requirement of this implementation is - // that a list of all allowed TPMS_PCR_SELECTIONS fits in MAX_CAP_DATA. - // TBD - pAssert(PASS); - } -#endif // DEBUG -} - -#endif // RUNTIME_SIZE_CHECKS \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/simulator_test.go b/vendor/github.com/google/go-tpm-tools/simulator/simulator_test.go deleted file mode 100644 index b1a03fee8..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/simulator_test.go +++ /dev/null @@ -1,119 +0,0 @@ -/* - * Copyright 2018 Google Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may not - * use this file except in compliance with the License. You may obtain a copy of - * the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the - * License for the specific language governing permissions and limitations under - * the License. - */ - -package simulator - -import ( - "crypto/rsa" - "io" - "math/big" - "testing" - - "github.com/google/go-tpm-tools/client" - "github.com/google/go-tpm/tpm2" -) - -func getSimulator(t *testing.T) *Simulator { - t.Helper() - simulator, err := Get() - if err != nil { - t.Fatal(err) - } - return simulator -} - -func getEKModulus(t *testing.T, rwc io.ReadWriteCloser) *big.Int { - t.Helper() - ek, err := client.EndorsementKeyRSA(rwc) - if err != nil { - t.Fatal(err) - } - defer ek.Close() - - return ek.PublicKey().(*rsa.PublicKey).N -} - -func TestResetDoesntChangeEK(t *testing.T) { - s := getSimulator(t) - defer client.CheckedClose(t, s) - - modulus1 := getEKModulus(t, s) - if err := s.Reset(); err != nil { - t.Fatal(err) - } - modulus2 := getEKModulus(t, s) - - if modulus1.Cmp(modulus2) != 0 { - t.Fatal("Reset() should not change the EK") - } -} -func TestManufactureResetChangesEK(t *testing.T) { - s := getSimulator(t) - defer client.CheckedClose(t, s) - - modulus1 := getEKModulus(t, s) - if err := s.ManufactureReset(); err != nil { - t.Fatal(err) - } - modulus2 := getEKModulus(t, s) - - if modulus1.Cmp(modulus2) == 0 { - t.Fatal("ManufactureReset() should change the EK") - } -} - -func TestGetRandom(t *testing.T) { - s := getSimulator(t) - defer client.CheckedClose(t, s) - result, err := tpm2.GetRandom(s, 10) - if err != nil { - t.Fatalf("GetRandom: %v", err) - } - t.Log(result) -} - -// The default EK modulus returned by the simulator when using a seed of 0. -func zeroSeedModulus() *big.Int { - mod := new(big.Int) - mod.SetString("16916951631746795233120676661491589156159944041454533323301360736206690950055927665898258850365255777475324525235640153431219834851979041935421083247812345676551677241639541392158486693550125570954276972465867114995062336740464652481116557477039581976647612151813804384773839359390083864432536639577227083497558006614244043011423717921293964465162166865351126036685960128739613171620392174911624095420039156957292384191548425395162459332733115699189854006301807847331248289929021522087915411000598437989788501679617747304391662751900488011803826205901900186771991702576478232121332699862815915856148442279432061762451", 10) - return mod -} - -func TestFixedSeedExpectedModulus(t *testing.T) { - s, err := GetWithFixedSeedInsecure(0) - if err != nil { - t.Fatal(err) - } - defer client.CheckedClose(t, s) - - modulus := getEKModulus(t, s) - if modulus.Cmp(zeroSeedModulus()) != 0 { - t.Fatalf("getEKModulus() = %v, want %v", modulus, zeroSeedModulus()) - } -} - -func TestDifferentSeedDifferentModulus(t *testing.T) { - s, err := GetWithFixedSeedInsecure(1) - if err != nil { - t.Fatal(err) - } - defer client.CheckedClose(t, s) - - modulus := getEKModulus(t, s) - if modulus.Cmp(zeroSeedModulus()) == 0 { - t.Fatalf("Moduli should not be equal when using different seeds") - } -} diff --git a/vendor/github.com/google/pprof/AUTHORS b/vendor/github.com/google/pprof/AUTHORS new file mode 100644 index 000000000..fd736cb1c --- /dev/null +++ b/vendor/github.com/google/pprof/AUTHORS @@ -0,0 +1,7 @@ +# This is the official list of pprof authors for copyright purposes. +# This file is distinct from the CONTRIBUTORS files. +# See the latter for an explanation. +# Names should be added to this file as: +# Name or Organization +# The email address is not required for organizations. +Google Inc. \ No newline at end of file diff --git a/vendor/github.com/google/pprof/CONTRIBUTORS b/vendor/github.com/google/pprof/CONTRIBUTORS new file mode 100644 index 000000000..8c8c37d2c --- /dev/null +++ b/vendor/github.com/google/pprof/CONTRIBUTORS @@ -0,0 +1,16 @@ +# People who have agreed to one of the CLAs and can contribute patches. +# The AUTHORS file lists the copyright holders; this file +# lists people. For example, Google employees are listed here +# but not in AUTHORS, because Google holds the copyright. +# +# https://developers.google.com/open-source/cla/individual +# https://developers.google.com/open-source/cla/corporate +# +# Names should be added to this file as: +# Name +Raul Silvera +Tipp Moseley +Hyoun Kyu Cho +Martin Spier +Taco de Wolff +Andrew Hunter diff --git a/vendor/github.com/google/pprof/LICENSE b/vendor/github.com/google/pprof/LICENSE new file mode 100644 index 000000000..d64569567 --- /dev/null +++ b/vendor/github.com/google/pprof/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/vendor/github.com/google/pprof/profile/encode.go b/vendor/github.com/google/pprof/profile/encode.go new file mode 100644 index 000000000..ab7f03ae2 --- /dev/null +++ b/vendor/github.com/google/pprof/profile/encode.go @@ -0,0 +1,567 @@ +// Copyright 2014 Google Inc. All Rights Reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package profile + +import ( + "errors" + "sort" +) + +func (p *Profile) decoder() []decoder { + return profileDecoder +} + +// preEncode populates the unexported fields to be used by encode +// (with suffix X) from the corresponding exported fields. The +// exported fields are cleared up to facilitate testing. +func (p *Profile) preEncode() { + strings := make(map[string]int) + addString(strings, "") + + for _, st := range p.SampleType { + st.typeX = addString(strings, st.Type) + st.unitX = addString(strings, st.Unit) + } + + for _, s := range p.Sample { + s.labelX = nil + var keys []string + for k := range s.Label { + keys = append(keys, k) + } + sort.Strings(keys) + for _, k := range keys { + vs := s.Label[k] + for _, v := range vs { + s.labelX = append(s.labelX, + label{ + keyX: addString(strings, k), + strX: addString(strings, v), + }, + ) + } + } + var numKeys []string + for k := range s.NumLabel { + numKeys = append(numKeys, k) + } + sort.Strings(numKeys) + for _, k := range numKeys { + keyX := addString(strings, k) + vs := s.NumLabel[k] + units := s.NumUnit[k] + for i, v := range vs { + var unitX int64 + if len(units) != 0 { + unitX = addString(strings, units[i]) + } + s.labelX = append(s.labelX, + label{ + keyX: keyX, + numX: v, + unitX: unitX, + }, + ) + } + } + s.locationIDX = make([]uint64, len(s.Location)) + for i, loc := range s.Location { + s.locationIDX[i] = loc.ID + } + } + + for _, m := range p.Mapping { + m.fileX = addString(strings, m.File) + m.buildIDX = addString(strings, m.BuildID) + } + + for _, l := range p.Location { + for i, ln := range l.Line { + if ln.Function != nil { + l.Line[i].functionIDX = ln.Function.ID + } else { + l.Line[i].functionIDX = 0 + } + } + if l.Mapping != nil { + l.mappingIDX = l.Mapping.ID + } else { + l.mappingIDX = 0 + } + } + for _, f := range p.Function { + f.nameX = addString(strings, f.Name) + f.systemNameX = addString(strings, f.SystemName) + f.filenameX = addString(strings, f.Filename) + } + + p.dropFramesX = addString(strings, p.DropFrames) + p.keepFramesX = addString(strings, p.KeepFrames) + + if pt := p.PeriodType; pt != nil { + pt.typeX = addString(strings, pt.Type) + pt.unitX = addString(strings, pt.Unit) + } + + p.commentX = nil + for _, c := range p.Comments { + p.commentX = append(p.commentX, addString(strings, c)) + } + + p.defaultSampleTypeX = addString(strings, p.DefaultSampleType) + + p.stringTable = make([]string, len(strings)) + for s, i := range strings { + p.stringTable[i] = s + } +} + +func (p *Profile) encode(b *buffer) { + for _, x := range p.SampleType { + encodeMessage(b, 1, x) + } + for _, x := range p.Sample { + encodeMessage(b, 2, x) + } + for _, x := range p.Mapping { + encodeMessage(b, 3, x) + } + for _, x := range p.Location { + encodeMessage(b, 4, x) + } + for _, x := range p.Function { + encodeMessage(b, 5, x) + } + encodeStrings(b, 6, p.stringTable) + encodeInt64Opt(b, 7, p.dropFramesX) + encodeInt64Opt(b, 8, p.keepFramesX) + encodeInt64Opt(b, 9, p.TimeNanos) + encodeInt64Opt(b, 10, p.DurationNanos) + if pt := p.PeriodType; pt != nil && (pt.typeX != 0 || pt.unitX != 0) { + encodeMessage(b, 11, p.PeriodType) + } + encodeInt64Opt(b, 12, p.Period) + encodeInt64s(b, 13, p.commentX) + encodeInt64(b, 14, p.defaultSampleTypeX) +} + +var profileDecoder = []decoder{ + nil, // 0 + // repeated ValueType sample_type = 1 + func(b *buffer, m message) error { + x := new(ValueType) + pp := m.(*Profile) + pp.SampleType = append(pp.SampleType, x) + return decodeMessage(b, x) + }, + // repeated Sample sample = 2 + func(b *buffer, m message) error { + x := new(Sample) + pp := m.(*Profile) + pp.Sample = append(pp.Sample, x) + return decodeMessage(b, x) + }, + // repeated Mapping mapping = 3 + func(b *buffer, m message) error { + x := new(Mapping) + pp := m.(*Profile) + pp.Mapping = append(pp.Mapping, x) + return decodeMessage(b, x) + }, + // repeated Location location = 4 + func(b *buffer, m message) error { + x := new(Location) + x.Line = make([]Line, 0, 8) // Pre-allocate Line buffer + pp := m.(*Profile) + pp.Location = append(pp.Location, x) + err := decodeMessage(b, x) + var tmp []Line + x.Line = append(tmp, x.Line...) // Shrink to allocated size + return err + }, + // repeated Function function = 5 + func(b *buffer, m message) error { + x := new(Function) + pp := m.(*Profile) + pp.Function = append(pp.Function, x) + return decodeMessage(b, x) + }, + // repeated string string_table = 6 + func(b *buffer, m message) error { + err := decodeStrings(b, &m.(*Profile).stringTable) + if err != nil { + return err + } + if m.(*Profile).stringTable[0] != "" { + return errors.New("string_table[0] must be ''") + } + return nil + }, + // int64 drop_frames = 7 + func(b *buffer, m message) error { return decodeInt64(b, &m.(*Profile).dropFramesX) }, + // int64 keep_frames = 8 + func(b *buffer, m message) error { return decodeInt64(b, &m.(*Profile).keepFramesX) }, + // int64 time_nanos = 9 + func(b *buffer, m message) error { + if m.(*Profile).TimeNanos != 0 { + return errConcatProfile + } + return decodeInt64(b, &m.(*Profile).TimeNanos) + }, + // int64 duration_nanos = 10 + func(b *buffer, m message) error { return decodeInt64(b, &m.(*Profile).DurationNanos) }, + // ValueType period_type = 11 + func(b *buffer, m message) error { + x := new(ValueType) + pp := m.(*Profile) + pp.PeriodType = x + return decodeMessage(b, x) + }, + // int64 period = 12 + func(b *buffer, m message) error { return decodeInt64(b, &m.(*Profile).Period) }, + // repeated int64 comment = 13 + func(b *buffer, m message) error { return decodeInt64s(b, &m.(*Profile).commentX) }, + // int64 defaultSampleType = 14 + func(b *buffer, m message) error { return decodeInt64(b, &m.(*Profile).defaultSampleTypeX) }, +} + +// postDecode takes the unexported fields populated by decode (with +// suffix X) and populates the corresponding exported fields. +// The unexported fields are cleared up to facilitate testing. +func (p *Profile) postDecode() error { + var err error + mappings := make(map[uint64]*Mapping, len(p.Mapping)) + mappingIds := make([]*Mapping, len(p.Mapping)+1) + for _, m := range p.Mapping { + m.File, err = getString(p.stringTable, &m.fileX, err) + m.BuildID, err = getString(p.stringTable, &m.buildIDX, err) + if m.ID < uint64(len(mappingIds)) { + mappingIds[m.ID] = m + } else { + mappings[m.ID] = m + } + } + + functions := make(map[uint64]*Function, len(p.Function)) + functionIds := make([]*Function, len(p.Function)+1) + for _, f := range p.Function { + f.Name, err = getString(p.stringTable, &f.nameX, err) + f.SystemName, err = getString(p.stringTable, &f.systemNameX, err) + f.Filename, err = getString(p.stringTable, &f.filenameX, err) + if f.ID < uint64(len(functionIds)) { + functionIds[f.ID] = f + } else { + functions[f.ID] = f + } + } + + locations := make(map[uint64]*Location, len(p.Location)) + locationIds := make([]*Location, len(p.Location)+1) + for _, l := range p.Location { + if id := l.mappingIDX; id < uint64(len(mappingIds)) { + l.Mapping = mappingIds[id] + } else { + l.Mapping = mappings[id] + } + l.mappingIDX = 0 + for i, ln := range l.Line { + if id := ln.functionIDX; id != 0 { + l.Line[i].functionIDX = 0 + if id < uint64(len(functionIds)) { + l.Line[i].Function = functionIds[id] + } else { + l.Line[i].Function = functions[id] + } + } + } + if l.ID < uint64(len(locationIds)) { + locationIds[l.ID] = l + } else { + locations[l.ID] = l + } + } + + for _, st := range p.SampleType { + st.Type, err = getString(p.stringTable, &st.typeX, err) + st.Unit, err = getString(p.stringTable, &st.unitX, err) + } + + for _, s := range p.Sample { + labels := make(map[string][]string, len(s.labelX)) + numLabels := make(map[string][]int64, len(s.labelX)) + numUnits := make(map[string][]string, len(s.labelX)) + for _, l := range s.labelX { + var key, value string + key, err = getString(p.stringTable, &l.keyX, err) + if l.strX != 0 { + value, err = getString(p.stringTable, &l.strX, err) + labels[key] = append(labels[key], value) + } else if l.numX != 0 || l.unitX != 0 { + numValues := numLabels[key] + units := numUnits[key] + if l.unitX != 0 { + var unit string + unit, err = getString(p.stringTable, &l.unitX, err) + units = padStringArray(units, len(numValues)) + numUnits[key] = append(units, unit) + } + numLabels[key] = append(numLabels[key], l.numX) + } + } + if len(labels) > 0 { + s.Label = labels + } + if len(numLabels) > 0 { + s.NumLabel = numLabels + for key, units := range numUnits { + if len(units) > 0 { + numUnits[key] = padStringArray(units, len(numLabels[key])) + } + } + s.NumUnit = numUnits + } + s.Location = make([]*Location, len(s.locationIDX)) + for i, lid := range s.locationIDX { + if lid < uint64(len(locationIds)) { + s.Location[i] = locationIds[lid] + } else { + s.Location[i] = locations[lid] + } + } + s.locationIDX = nil + } + + p.DropFrames, err = getString(p.stringTable, &p.dropFramesX, err) + p.KeepFrames, err = getString(p.stringTable, &p.keepFramesX, err) + + if pt := p.PeriodType; pt == nil { + p.PeriodType = &ValueType{} + } + + if pt := p.PeriodType; pt != nil { + pt.Type, err = getString(p.stringTable, &pt.typeX, err) + pt.Unit, err = getString(p.stringTable, &pt.unitX, err) + } + + for _, i := range p.commentX { + var c string + c, err = getString(p.stringTable, &i, err) + p.Comments = append(p.Comments, c) + } + + p.commentX = nil + p.DefaultSampleType, err = getString(p.stringTable, &p.defaultSampleTypeX, err) + p.stringTable = nil + return err +} + +// padStringArray pads arr with enough empty strings to make arr +// length l when arr's length is less than l. +func padStringArray(arr []string, l int) []string { + if l <= len(arr) { + return arr + } + return append(arr, make([]string, l-len(arr))...) +} + +func (p *ValueType) decoder() []decoder { + return valueTypeDecoder +} + +func (p *ValueType) encode(b *buffer) { + encodeInt64Opt(b, 1, p.typeX) + encodeInt64Opt(b, 2, p.unitX) +} + +var valueTypeDecoder = []decoder{ + nil, // 0 + // optional int64 type = 1 + func(b *buffer, m message) error { return decodeInt64(b, &m.(*ValueType).typeX) }, + // optional int64 unit = 2 + func(b *buffer, m message) error { return decodeInt64(b, &m.(*ValueType).unitX) }, +} + +func (p *Sample) decoder() []decoder { + return sampleDecoder +} + +func (p *Sample) encode(b *buffer) { + encodeUint64s(b, 1, p.locationIDX) + encodeInt64s(b, 2, p.Value) + for _, x := range p.labelX { + encodeMessage(b, 3, x) + } +} + +var sampleDecoder = []decoder{ + nil, // 0 + // repeated uint64 location = 1 + func(b *buffer, m message) error { return decodeUint64s(b, &m.(*Sample).locationIDX) }, + // repeated int64 value = 2 + func(b *buffer, m message) error { return decodeInt64s(b, &m.(*Sample).Value) }, + // repeated Label label = 3 + func(b *buffer, m message) error { + s := m.(*Sample) + n := len(s.labelX) + s.labelX = append(s.labelX, label{}) + return decodeMessage(b, &s.labelX[n]) + }, +} + +func (p label) decoder() []decoder { + return labelDecoder +} + +func (p label) encode(b *buffer) { + encodeInt64Opt(b, 1, p.keyX) + encodeInt64Opt(b, 2, p.strX) + encodeInt64Opt(b, 3, p.numX) + encodeInt64Opt(b, 4, p.unitX) +} + +var labelDecoder = []decoder{ + nil, // 0 + // optional int64 key = 1 + func(b *buffer, m message) error { return decodeInt64(b, &m.(*label).keyX) }, + // optional int64 str = 2 + func(b *buffer, m message) error { return decodeInt64(b, &m.(*label).strX) }, + // optional int64 num = 3 + func(b *buffer, m message) error { return decodeInt64(b, &m.(*label).numX) }, + // optional int64 num = 4 + func(b *buffer, m message) error { return decodeInt64(b, &m.(*label).unitX) }, +} + +func (p *Mapping) decoder() []decoder { + return mappingDecoder +} + +func (p *Mapping) encode(b *buffer) { + encodeUint64Opt(b, 1, p.ID) + encodeUint64Opt(b, 2, p.Start) + encodeUint64Opt(b, 3, p.Limit) + encodeUint64Opt(b, 4, p.Offset) + encodeInt64Opt(b, 5, p.fileX) + encodeInt64Opt(b, 6, p.buildIDX) + encodeBoolOpt(b, 7, p.HasFunctions) + encodeBoolOpt(b, 8, p.HasFilenames) + encodeBoolOpt(b, 9, p.HasLineNumbers) + encodeBoolOpt(b, 10, p.HasInlineFrames) +} + +var mappingDecoder = []decoder{ + nil, // 0 + func(b *buffer, m message) error { return decodeUint64(b, &m.(*Mapping).ID) }, // optional uint64 id = 1 + func(b *buffer, m message) error { return decodeUint64(b, &m.(*Mapping).Start) }, // optional uint64 memory_offset = 2 + func(b *buffer, m message) error { return decodeUint64(b, &m.(*Mapping).Limit) }, // optional uint64 memory_limit = 3 + func(b *buffer, m message) error { return decodeUint64(b, &m.(*Mapping).Offset) }, // optional uint64 file_offset = 4 + func(b *buffer, m message) error { return decodeInt64(b, &m.(*Mapping).fileX) }, // optional int64 filename = 5 + func(b *buffer, m message) error { return decodeInt64(b, &m.(*Mapping).buildIDX) }, // optional int64 build_id = 6 + func(b *buffer, m message) error { return decodeBool(b, &m.(*Mapping).HasFunctions) }, // optional bool has_functions = 7 + func(b *buffer, m message) error { return decodeBool(b, &m.(*Mapping).HasFilenames) }, // optional bool has_filenames = 8 + func(b *buffer, m message) error { return decodeBool(b, &m.(*Mapping).HasLineNumbers) }, // optional bool has_line_numbers = 9 + func(b *buffer, m message) error { return decodeBool(b, &m.(*Mapping).HasInlineFrames) }, // optional bool has_inline_frames = 10 +} + +func (p *Location) decoder() []decoder { + return locationDecoder +} + +func (p *Location) encode(b *buffer) { + encodeUint64Opt(b, 1, p.ID) + encodeUint64Opt(b, 2, p.mappingIDX) + encodeUint64Opt(b, 3, p.Address) + for i := range p.Line { + encodeMessage(b, 4, &p.Line[i]) + } + encodeBoolOpt(b, 5, p.IsFolded) +} + +var locationDecoder = []decoder{ + nil, // 0 + func(b *buffer, m message) error { return decodeUint64(b, &m.(*Location).ID) }, // optional uint64 id = 1; + func(b *buffer, m message) error { return decodeUint64(b, &m.(*Location).mappingIDX) }, // optional uint64 mapping_id = 2; + func(b *buffer, m message) error { return decodeUint64(b, &m.(*Location).Address) }, // optional uint64 address = 3; + func(b *buffer, m message) error { // repeated Line line = 4 + pp := m.(*Location) + n := len(pp.Line) + pp.Line = append(pp.Line, Line{}) + return decodeMessage(b, &pp.Line[n]) + }, + func(b *buffer, m message) error { return decodeBool(b, &m.(*Location).IsFolded) }, // optional bool is_folded = 5; +} + +func (p *Line) decoder() []decoder { + return lineDecoder +} + +func (p *Line) encode(b *buffer) { + encodeUint64Opt(b, 1, p.functionIDX) + encodeInt64Opt(b, 2, p.Line) +} + +var lineDecoder = []decoder{ + nil, // 0 + // optional uint64 function_id = 1 + func(b *buffer, m message) error { return decodeUint64(b, &m.(*Line).functionIDX) }, + // optional int64 line = 2 + func(b *buffer, m message) error { return decodeInt64(b, &m.(*Line).Line) }, +} + +func (p *Function) decoder() []decoder { + return functionDecoder +} + +func (p *Function) encode(b *buffer) { + encodeUint64Opt(b, 1, p.ID) + encodeInt64Opt(b, 2, p.nameX) + encodeInt64Opt(b, 3, p.systemNameX) + encodeInt64Opt(b, 4, p.filenameX) + encodeInt64Opt(b, 5, p.StartLine) +} + +var functionDecoder = []decoder{ + nil, // 0 + // optional uint64 id = 1 + func(b *buffer, m message) error { return decodeUint64(b, &m.(*Function).ID) }, + // optional int64 function_name = 2 + func(b *buffer, m message) error { return decodeInt64(b, &m.(*Function).nameX) }, + // optional int64 function_system_name = 3 + func(b *buffer, m message) error { return decodeInt64(b, &m.(*Function).systemNameX) }, + // repeated int64 filename = 4 + func(b *buffer, m message) error { return decodeInt64(b, &m.(*Function).filenameX) }, + // optional int64 start_line = 5 + func(b *buffer, m message) error { return decodeInt64(b, &m.(*Function).StartLine) }, +} + +func addString(strings map[string]int, s string) int64 { + i, ok := strings[s] + if !ok { + i = len(strings) + strings[s] = i + } + return int64(i) +} + +func getString(strings []string, strng *int64, err error) (string, error) { + if err != nil { + return "", err + } + s := int(*strng) + if s < 0 || s >= len(strings) { + return "", errMalformed + } + *strng = 0 + return strings[s], nil +} diff --git a/vendor/github.com/google/pprof/profile/filter.go b/vendor/github.com/google/pprof/profile/filter.go new file mode 100644 index 000000000..ea8e66c68 --- /dev/null +++ b/vendor/github.com/google/pprof/profile/filter.go @@ -0,0 +1,270 @@ +// Copyright 2014 Google Inc. All Rights Reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package profile + +// Implements methods to filter samples from profiles. + +import "regexp" + +// FilterSamplesByName filters the samples in a profile and only keeps +// samples where at least one frame matches focus but none match ignore. +// Returns true is the corresponding regexp matched at least one sample. +func (p *Profile) FilterSamplesByName(focus, ignore, hide, show *regexp.Regexp) (fm, im, hm, hnm bool) { + focusOrIgnore := make(map[uint64]bool) + hidden := make(map[uint64]bool) + for _, l := range p.Location { + if ignore != nil && l.matchesName(ignore) { + im = true + focusOrIgnore[l.ID] = false + } else if focus == nil || l.matchesName(focus) { + fm = true + focusOrIgnore[l.ID] = true + } + + if hide != nil && l.matchesName(hide) { + hm = true + l.Line = l.unmatchedLines(hide) + if len(l.Line) == 0 { + hidden[l.ID] = true + } + } + if show != nil { + l.Line = l.matchedLines(show) + if len(l.Line) == 0 { + hidden[l.ID] = true + } else { + hnm = true + } + } + } + + s := make([]*Sample, 0, len(p.Sample)) + for _, sample := range p.Sample { + if focusedAndNotIgnored(sample.Location, focusOrIgnore) { + if len(hidden) > 0 { + var locs []*Location + for _, loc := range sample.Location { + if !hidden[loc.ID] { + locs = append(locs, loc) + } + } + if len(locs) == 0 { + // Remove sample with no locations (by not adding it to s). + continue + } + sample.Location = locs + } + s = append(s, sample) + } + } + p.Sample = s + + return +} + +// ShowFrom drops all stack frames above the highest matching frame and returns +// whether a match was found. If showFrom is nil it returns false and does not +// modify the profile. +// +// Example: consider a sample with frames [A, B, C, B], where A is the root. +// ShowFrom(nil) returns false and has frames [A, B, C, B]. +// ShowFrom(A) returns true and has frames [A, B, C, B]. +// ShowFrom(B) returns true and has frames [B, C, B]. +// ShowFrom(C) returns true and has frames [C, B]. +// ShowFrom(D) returns false and drops the sample because no frames remain. +func (p *Profile) ShowFrom(showFrom *regexp.Regexp) (matched bool) { + if showFrom == nil { + return false + } + // showFromLocs stores location IDs that matched ShowFrom. + showFromLocs := make(map[uint64]bool) + // Apply to locations. + for _, loc := range p.Location { + if filterShowFromLocation(loc, showFrom) { + showFromLocs[loc.ID] = true + matched = true + } + } + // For all samples, strip locations after the highest matching one. + s := make([]*Sample, 0, len(p.Sample)) + for _, sample := range p.Sample { + for i := len(sample.Location) - 1; i >= 0; i-- { + if showFromLocs[sample.Location[i].ID] { + sample.Location = sample.Location[:i+1] + s = append(s, sample) + break + } + } + } + p.Sample = s + return matched +} + +// filterShowFromLocation tests a showFrom regex against a location, removes +// lines after the last match and returns whether a match was found. If the +// mapping is matched, then all lines are kept. +func filterShowFromLocation(loc *Location, showFrom *regexp.Regexp) bool { + if m := loc.Mapping; m != nil && showFrom.MatchString(m.File) { + return true + } + if i := loc.lastMatchedLineIndex(showFrom); i >= 0 { + loc.Line = loc.Line[:i+1] + return true + } + return false +} + +// lastMatchedLineIndex returns the index of the last line that matches a regex, +// or -1 if no match is found. +func (loc *Location) lastMatchedLineIndex(re *regexp.Regexp) int { + for i := len(loc.Line) - 1; i >= 0; i-- { + if fn := loc.Line[i].Function; fn != nil { + if re.MatchString(fn.Name) || re.MatchString(fn.Filename) { + return i + } + } + } + return -1 +} + +// FilterTagsByName filters the tags in a profile and only keeps +// tags that match show and not hide. +func (p *Profile) FilterTagsByName(show, hide *regexp.Regexp) (sm, hm bool) { + matchRemove := func(name string) bool { + matchShow := show == nil || show.MatchString(name) + matchHide := hide != nil && hide.MatchString(name) + + if matchShow { + sm = true + } + if matchHide { + hm = true + } + return !matchShow || matchHide + } + for _, s := range p.Sample { + for lab := range s.Label { + if matchRemove(lab) { + delete(s.Label, lab) + } + } + for lab := range s.NumLabel { + if matchRemove(lab) { + delete(s.NumLabel, lab) + } + } + } + return +} + +// matchesName returns whether the location matches the regular +// expression. It checks any available function names, file names, and +// mapping object filename. +func (loc *Location) matchesName(re *regexp.Regexp) bool { + for _, ln := range loc.Line { + if fn := ln.Function; fn != nil { + if re.MatchString(fn.Name) || re.MatchString(fn.Filename) { + return true + } + } + } + if m := loc.Mapping; m != nil && re.MatchString(m.File) { + return true + } + return false +} + +// unmatchedLines returns the lines in the location that do not match +// the regular expression. +func (loc *Location) unmatchedLines(re *regexp.Regexp) []Line { + if m := loc.Mapping; m != nil && re.MatchString(m.File) { + return nil + } + var lines []Line + for _, ln := range loc.Line { + if fn := ln.Function; fn != nil { + if re.MatchString(fn.Name) || re.MatchString(fn.Filename) { + continue + } + } + lines = append(lines, ln) + } + return lines +} + +// matchedLines returns the lines in the location that match +// the regular expression. +func (loc *Location) matchedLines(re *regexp.Regexp) []Line { + if m := loc.Mapping; m != nil && re.MatchString(m.File) { + return loc.Line + } + var lines []Line + for _, ln := range loc.Line { + if fn := ln.Function; fn != nil { + if !re.MatchString(fn.Name) && !re.MatchString(fn.Filename) { + continue + } + } + lines = append(lines, ln) + } + return lines +} + +// focusedAndNotIgnored looks up a slice of ids against a map of +// focused/ignored locations. The map only contains locations that are +// explicitly focused or ignored. Returns whether there is at least +// one focused location but no ignored locations. +func focusedAndNotIgnored(locs []*Location, m map[uint64]bool) bool { + var f bool + for _, loc := range locs { + if focus, focusOrIgnore := m[loc.ID]; focusOrIgnore { + if focus { + // Found focused location. Must keep searching in case there + // is an ignored one as well. + f = true + } else { + // Found ignored location. Can return false right away. + return false + } + } + } + return f +} + +// TagMatch selects tags for filtering +type TagMatch func(s *Sample) bool + +// FilterSamplesByTag removes all samples from the profile, except +// those that match focus and do not match the ignore regular +// expression. +func (p *Profile) FilterSamplesByTag(focus, ignore TagMatch) (fm, im bool) { + samples := make([]*Sample, 0, len(p.Sample)) + for _, s := range p.Sample { + focused, ignored := true, false + if focus != nil { + focused = focus(s) + } + if ignore != nil { + ignored = ignore(s) + } + fm = fm || focused + im = im || ignored + if focused && !ignored { + samples = append(samples, s) + } + } + p.Sample = samples + return +} diff --git a/vendor/github.com/google/pprof/profile/index.go b/vendor/github.com/google/pprof/profile/index.go new file mode 100644 index 000000000..bef1d6046 --- /dev/null +++ b/vendor/github.com/google/pprof/profile/index.go @@ -0,0 +1,64 @@ +// Copyright 2016 Google Inc. All Rights Reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package profile + +import ( + "fmt" + "strconv" + "strings" +) + +// SampleIndexByName returns the appropriate index for a value of sample index. +// If numeric, it returns the number, otherwise it looks up the text in the +// profile sample types. +func (p *Profile) SampleIndexByName(sampleIndex string) (int, error) { + if sampleIndex == "" { + if dst := p.DefaultSampleType; dst != "" { + for i, t := range sampleTypes(p) { + if t == dst { + return i, nil + } + } + } + // By default select the last sample value + return len(p.SampleType) - 1, nil + } + if i, err := strconv.Atoi(sampleIndex); err == nil { + if i < 0 || i >= len(p.SampleType) { + return 0, fmt.Errorf("sample_index %s is outside the range [0..%d]", sampleIndex, len(p.SampleType)-1) + } + return i, nil + } + + // Remove the inuse_ prefix to support legacy pprof options + // "inuse_space" and "inuse_objects" for profiles containing types + // "space" and "objects". + noInuse := strings.TrimPrefix(sampleIndex, "inuse_") + for i, t := range p.SampleType { + if t.Type == sampleIndex || t.Type == noInuse { + return i, nil + } + } + + return 0, fmt.Errorf("sample_index %q must be one of: %v", sampleIndex, sampleTypes(p)) +} + +func sampleTypes(p *Profile) []string { + types := make([]string, len(p.SampleType)) + for i, t := range p.SampleType { + types[i] = t.Type + } + return types +} diff --git a/vendor/github.com/google/pprof/profile/legacy_java_profile.go b/vendor/github.com/google/pprof/profile/legacy_java_profile.go new file mode 100644 index 000000000..91f45e53c --- /dev/null +++ b/vendor/github.com/google/pprof/profile/legacy_java_profile.go @@ -0,0 +1,315 @@ +// Copyright 2014 Google Inc. All Rights Reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// This file implements parsers to convert java legacy profiles into +// the profile.proto format. + +package profile + +import ( + "bytes" + "fmt" + "io" + "path/filepath" + "regexp" + "strconv" + "strings" +) + +var ( + attributeRx = regexp.MustCompile(`([\w ]+)=([\w ]+)`) + javaSampleRx = regexp.MustCompile(` *(\d+) +(\d+) +@ +([ x0-9a-f]*)`) + javaLocationRx = regexp.MustCompile(`^\s*0x([[:xdigit:]]+)\s+(.*)\s*$`) + javaLocationFileLineRx = regexp.MustCompile(`^(.*)\s+\((.+):(-?[[:digit:]]+)\)$`) + javaLocationPathRx = regexp.MustCompile(`^(.*)\s+\((.*)\)$`) +) + +// javaCPUProfile returns a new Profile from profilez data. +// b is the profile bytes after the header, period is the profiling +// period, and parse is a function to parse 8-byte chunks from the +// profile in its native endianness. +func javaCPUProfile(b []byte, period int64, parse func(b []byte) (uint64, []byte)) (*Profile, error) { + p := &Profile{ + Period: period * 1000, + PeriodType: &ValueType{Type: "cpu", Unit: "nanoseconds"}, + SampleType: []*ValueType{{Type: "samples", Unit: "count"}, {Type: "cpu", Unit: "nanoseconds"}}, + } + var err error + var locs map[uint64]*Location + if b, locs, err = parseCPUSamples(b, parse, false, p); err != nil { + return nil, err + } + + if err = parseJavaLocations(b, locs, p); err != nil { + return nil, err + } + + // Strip out addresses for better merge. + if err = p.Aggregate(true, true, true, true, false); err != nil { + return nil, err + } + + return p, nil +} + +// parseJavaProfile returns a new profile from heapz or contentionz +// data. b is the profile bytes after the header. +func parseJavaProfile(b []byte) (*Profile, error) { + h := bytes.SplitAfterN(b, []byte("\n"), 2) + if len(h) < 2 { + return nil, errUnrecognized + } + + p := &Profile{ + PeriodType: &ValueType{}, + } + header := string(bytes.TrimSpace(h[0])) + + var err error + var pType string + switch header { + case "--- heapz 1 ---": + pType = "heap" + case "--- contentionz 1 ---": + pType = "contention" + default: + return nil, errUnrecognized + } + + if b, err = parseJavaHeader(pType, h[1], p); err != nil { + return nil, err + } + var locs map[uint64]*Location + if b, locs, err = parseJavaSamples(pType, b, p); err != nil { + return nil, err + } + if err = parseJavaLocations(b, locs, p); err != nil { + return nil, err + } + + // Strip out addresses for better merge. + if err = p.Aggregate(true, true, true, true, false); err != nil { + return nil, err + } + + return p, nil +} + +// parseJavaHeader parses the attribute section on a java profile and +// populates a profile. Returns the remainder of the buffer after all +// attributes. +func parseJavaHeader(pType string, b []byte, p *Profile) ([]byte, error) { + nextNewLine := bytes.IndexByte(b, byte('\n')) + for nextNewLine != -1 { + line := string(bytes.TrimSpace(b[0:nextNewLine])) + if line != "" { + h := attributeRx.FindStringSubmatch(line) + if h == nil { + // Not a valid attribute, exit. + return b, nil + } + + attribute, value := strings.TrimSpace(h[1]), strings.TrimSpace(h[2]) + var err error + switch pType + "/" + attribute { + case "heap/format", "cpu/format", "contention/format": + if value != "java" { + return nil, errUnrecognized + } + case "heap/resolution": + p.SampleType = []*ValueType{ + {Type: "inuse_objects", Unit: "count"}, + {Type: "inuse_space", Unit: value}, + } + case "contention/resolution": + p.SampleType = []*ValueType{ + {Type: "contentions", Unit: "count"}, + {Type: "delay", Unit: value}, + } + case "contention/sampling period": + p.PeriodType = &ValueType{ + Type: "contentions", Unit: "count", + } + if p.Period, err = strconv.ParseInt(value, 0, 64); err != nil { + return nil, fmt.Errorf("failed to parse attribute %s: %v", line, err) + } + case "contention/ms since reset": + millis, err := strconv.ParseInt(value, 0, 64) + if err != nil { + return nil, fmt.Errorf("failed to parse attribute %s: %v", line, err) + } + p.DurationNanos = millis * 1000 * 1000 + default: + return nil, errUnrecognized + } + } + // Grab next line. + b = b[nextNewLine+1:] + nextNewLine = bytes.IndexByte(b, byte('\n')) + } + return b, nil +} + +// parseJavaSamples parses the samples from a java profile and +// populates the Samples in a profile. Returns the remainder of the +// buffer after the samples. +func parseJavaSamples(pType string, b []byte, p *Profile) ([]byte, map[uint64]*Location, error) { + nextNewLine := bytes.IndexByte(b, byte('\n')) + locs := make(map[uint64]*Location) + for nextNewLine != -1 { + line := string(bytes.TrimSpace(b[0:nextNewLine])) + if line != "" { + sample := javaSampleRx.FindStringSubmatch(line) + if sample == nil { + // Not a valid sample, exit. + return b, locs, nil + } + + // Java profiles have data/fields inverted compared to other + // profile types. + var err error + value1, value2, value3 := sample[2], sample[1], sample[3] + addrs, err := parseHexAddresses(value3) + if err != nil { + return nil, nil, fmt.Errorf("malformed sample: %s: %v", line, err) + } + + var sloc []*Location + for _, addr := range addrs { + loc := locs[addr] + if locs[addr] == nil { + loc = &Location{ + Address: addr, + } + p.Location = append(p.Location, loc) + locs[addr] = loc + } + sloc = append(sloc, loc) + } + s := &Sample{ + Value: make([]int64, 2), + Location: sloc, + } + + if s.Value[0], err = strconv.ParseInt(value1, 0, 64); err != nil { + return nil, nil, fmt.Errorf("parsing sample %s: %v", line, err) + } + if s.Value[1], err = strconv.ParseInt(value2, 0, 64); err != nil { + return nil, nil, fmt.Errorf("parsing sample %s: %v", line, err) + } + + switch pType { + case "heap": + const javaHeapzSamplingRate = 524288 // 512K + if s.Value[0] == 0 { + return nil, nil, fmt.Errorf("parsing sample %s: second value must be non-zero", line) + } + s.NumLabel = map[string][]int64{"bytes": {s.Value[1] / s.Value[0]}} + s.Value[0], s.Value[1] = scaleHeapSample(s.Value[0], s.Value[1], javaHeapzSamplingRate) + case "contention": + if period := p.Period; period != 0 { + s.Value[0] = s.Value[0] * p.Period + s.Value[1] = s.Value[1] * p.Period + } + } + p.Sample = append(p.Sample, s) + } + // Grab next line. + b = b[nextNewLine+1:] + nextNewLine = bytes.IndexByte(b, byte('\n')) + } + return b, locs, nil +} + +// parseJavaLocations parses the location information in a java +// profile and populates the Locations in a profile. It uses the +// location addresses from the profile as both the ID of each +// location. +func parseJavaLocations(b []byte, locs map[uint64]*Location, p *Profile) error { + r := bytes.NewBuffer(b) + fns := make(map[string]*Function) + for { + line, err := r.ReadString('\n') + if err != nil { + if err != io.EOF { + return err + } + if line == "" { + break + } + } + + if line = strings.TrimSpace(line); line == "" { + continue + } + + jloc := javaLocationRx.FindStringSubmatch(line) + if len(jloc) != 3 { + continue + } + addr, err := strconv.ParseUint(jloc[1], 16, 64) + if err != nil { + return fmt.Errorf("parsing sample %s: %v", line, err) + } + loc := locs[addr] + if loc == nil { + // Unused/unseen + continue + } + var lineFunc, lineFile string + var lineNo int64 + + if fileLine := javaLocationFileLineRx.FindStringSubmatch(jloc[2]); len(fileLine) == 4 { + // Found a line of the form: "function (file:line)" + lineFunc, lineFile = fileLine[1], fileLine[2] + if n, err := strconv.ParseInt(fileLine[3], 10, 64); err == nil && n > 0 { + lineNo = n + } + } else if filePath := javaLocationPathRx.FindStringSubmatch(jloc[2]); len(filePath) == 3 { + // If there's not a file:line, it's a shared library path. + // The path isn't interesting, so just give the .so. + lineFunc, lineFile = filePath[1], filepath.Base(filePath[2]) + } else if strings.Contains(jloc[2], "generated stub/JIT") { + lineFunc = "STUB" + } else { + // Treat whole line as the function name. This is used by the + // java agent for internal states such as "GC" or "VM". + lineFunc = jloc[2] + } + fn := fns[lineFunc] + + if fn == nil { + fn = &Function{ + Name: lineFunc, + SystemName: lineFunc, + Filename: lineFile, + } + fns[lineFunc] = fn + p.Function = append(p.Function, fn) + } + loc.Line = []Line{ + { + Function: fn, + Line: lineNo, + }, + } + loc.Address = 0 + } + + p.remapLocationIDs() + p.remapFunctionIDs() + p.remapMappingIDs() + + return nil +} diff --git a/vendor/github.com/google/pprof/profile/legacy_profile.go b/vendor/github.com/google/pprof/profile/legacy_profile.go new file mode 100644 index 000000000..0c8f3bb5b --- /dev/null +++ b/vendor/github.com/google/pprof/profile/legacy_profile.go @@ -0,0 +1,1225 @@ +// Copyright 2014 Google Inc. All Rights Reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// This file implements parsers to convert legacy profiles into the +// profile.proto format. + +package profile + +import ( + "bufio" + "bytes" + "fmt" + "io" + "math" + "regexp" + "strconv" + "strings" +) + +var ( + countStartRE = regexp.MustCompile(`\A(\S+) profile: total \d+\z`) + countRE = regexp.MustCompile(`\A(\d+) @(( 0x[0-9a-f]+)+)\z`) + + heapHeaderRE = regexp.MustCompile(`heap profile: *(\d+): *(\d+) *\[ *(\d+): *(\d+) *\] *@ *(heap[_a-z0-9]*)/?(\d*)`) + heapSampleRE = regexp.MustCompile(`(-?\d+): *(-?\d+) *\[ *(\d+): *(\d+) *] @([ x0-9a-f]*)`) + + contentionSampleRE = regexp.MustCompile(`(\d+) *(\d+) @([ x0-9a-f]*)`) + + hexNumberRE = regexp.MustCompile(`0x[0-9a-f]+`) + + growthHeaderRE = regexp.MustCompile(`heap profile: *(\d+): *(\d+) *\[ *(\d+): *(\d+) *\] @ growthz?`) + + fragmentationHeaderRE = regexp.MustCompile(`heap profile: *(\d+): *(\d+) *\[ *(\d+): *(\d+) *\] @ fragmentationz?`) + + threadzStartRE = regexp.MustCompile(`--- threadz \d+ ---`) + threadStartRE = regexp.MustCompile(`--- Thread ([[:xdigit:]]+) \(name: (.*)/(\d+)\) stack: ---`) + + // Regular expressions to parse process mappings. Support the format used by Linux /proc/.../maps and other tools. + // Recommended format: + // Start End object file name offset(optional) linker build id + // 0x40000-0x80000 /path/to/binary (@FF00) abc123456 + spaceDigits = `\s+[[:digit:]]+` + hexPair = `\s+[[:xdigit:]]+:[[:xdigit:]]+` + oSpace = `\s*` + // Capturing expressions. + cHex = `(?:0x)?([[:xdigit:]]+)` + cHexRange = `\s*` + cHex + `[\s-]?` + oSpace + cHex + `:?` + cSpaceString = `(?:\s+(\S+))?` + cSpaceHex = `(?:\s+([[:xdigit:]]+))?` + cSpaceAtOffset = `(?:\s+\(@([[:xdigit:]]+)\))?` + cPerm = `(?:\s+([-rwxp]+))?` + + procMapsRE = regexp.MustCompile(`^` + cHexRange + cPerm + cSpaceHex + hexPair + spaceDigits + cSpaceString) + briefMapsRE = regexp.MustCompile(`^` + cHexRange + cPerm + cSpaceString + cSpaceAtOffset + cSpaceHex) + + // Regular expression to parse log data, of the form: + // ... file:line] msg... + logInfoRE = regexp.MustCompile(`^[^\[\]]+:[0-9]+]\s`) +) + +func isSpaceOrComment(line string) bool { + trimmed := strings.TrimSpace(line) + return len(trimmed) == 0 || trimmed[0] == '#' +} + +// parseGoCount parses a Go count profile (e.g., threadcreate or +// goroutine) and returns a new Profile. +func parseGoCount(b []byte) (*Profile, error) { + s := bufio.NewScanner(bytes.NewBuffer(b)) + // Skip comments at the beginning of the file. + for s.Scan() && isSpaceOrComment(s.Text()) { + } + if err := s.Err(); err != nil { + return nil, err + } + m := countStartRE.FindStringSubmatch(s.Text()) + if m == nil { + return nil, errUnrecognized + } + profileType := m[1] + p := &Profile{ + PeriodType: &ValueType{Type: profileType, Unit: "count"}, + Period: 1, + SampleType: []*ValueType{{Type: profileType, Unit: "count"}}, + } + locations := make(map[uint64]*Location) + for s.Scan() { + line := s.Text() + if isSpaceOrComment(line) { + continue + } + if strings.HasPrefix(line, "---") { + break + } + m := countRE.FindStringSubmatch(line) + if m == nil { + return nil, errMalformed + } + n, err := strconv.ParseInt(m[1], 0, 64) + if err != nil { + return nil, errMalformed + } + fields := strings.Fields(m[2]) + locs := make([]*Location, 0, len(fields)) + for _, stk := range fields { + addr, err := strconv.ParseUint(stk, 0, 64) + if err != nil { + return nil, errMalformed + } + // Adjust all frames by -1 to land on top of the call instruction. + addr-- + loc := locations[addr] + if loc == nil { + loc = &Location{ + Address: addr, + } + locations[addr] = loc + p.Location = append(p.Location, loc) + } + locs = append(locs, loc) + } + p.Sample = append(p.Sample, &Sample{ + Location: locs, + Value: []int64{n}, + }) + } + if err := s.Err(); err != nil { + return nil, err + } + + if err := parseAdditionalSections(s, p); err != nil { + return nil, err + } + return p, nil +} + +// remapLocationIDs ensures there is a location for each address +// referenced by a sample, and remaps the samples to point to the new +// location ids. +func (p *Profile) remapLocationIDs() { + seen := make(map[*Location]bool, len(p.Location)) + var locs []*Location + + for _, s := range p.Sample { + for _, l := range s.Location { + if seen[l] { + continue + } + l.ID = uint64(len(locs) + 1) + locs = append(locs, l) + seen[l] = true + } + } + p.Location = locs +} + +func (p *Profile) remapFunctionIDs() { + seen := make(map[*Function]bool, len(p.Function)) + var fns []*Function + + for _, l := range p.Location { + for _, ln := range l.Line { + fn := ln.Function + if fn == nil || seen[fn] { + continue + } + fn.ID = uint64(len(fns) + 1) + fns = append(fns, fn) + seen[fn] = true + } + } + p.Function = fns +} + +// remapMappingIDs matches location addresses with existing mappings +// and updates them appropriately. This is O(N*M), if this ever shows +// up as a bottleneck, evaluate sorting the mappings and doing a +// binary search, which would make it O(N*log(M)). +func (p *Profile) remapMappingIDs() { + // Some profile handlers will incorrectly set regions for the main + // executable if its section is remapped. Fix them through heuristics. + + if len(p.Mapping) > 0 { + // Remove the initial mapping if named '/anon_hugepage' and has a + // consecutive adjacent mapping. + if m := p.Mapping[0]; strings.HasPrefix(m.File, "/anon_hugepage") { + if len(p.Mapping) > 1 && m.Limit == p.Mapping[1].Start { + p.Mapping = p.Mapping[1:] + } + } + } + + // Subtract the offset from the start of the main mapping if it + // ends up at a recognizable start address. + if len(p.Mapping) > 0 { + const expectedStart = 0x400000 + if m := p.Mapping[0]; m.Start-m.Offset == expectedStart { + m.Start = expectedStart + m.Offset = 0 + } + } + + // Associate each location with an address to the corresponding + // mapping. Create fake mapping if a suitable one isn't found. + var fake *Mapping +nextLocation: + for _, l := range p.Location { + a := l.Address + if l.Mapping != nil || a == 0 { + continue + } + for _, m := range p.Mapping { + if m.Start <= a && a < m.Limit { + l.Mapping = m + continue nextLocation + } + } + // Work around legacy handlers failing to encode the first + // part of mappings split into adjacent ranges. + for _, m := range p.Mapping { + if m.Offset != 0 && m.Start-m.Offset <= a && a < m.Start { + m.Start -= m.Offset + m.Offset = 0 + l.Mapping = m + continue nextLocation + } + } + // If there is still no mapping, create a fake one. + // This is important for the Go legacy handler, which produced + // no mappings. + if fake == nil { + fake = &Mapping{ + ID: 1, + Limit: ^uint64(0), + } + p.Mapping = append(p.Mapping, fake) + } + l.Mapping = fake + } + + // Reset all mapping IDs. + for i, m := range p.Mapping { + m.ID = uint64(i + 1) + } +} + +var cpuInts = []func([]byte) (uint64, []byte){ + get32l, + get32b, + get64l, + get64b, +} + +func get32l(b []byte) (uint64, []byte) { + if len(b) < 4 { + return 0, nil + } + return uint64(b[0]) | uint64(b[1])<<8 | uint64(b[2])<<16 | uint64(b[3])<<24, b[4:] +} + +func get32b(b []byte) (uint64, []byte) { + if len(b) < 4 { + return 0, nil + } + return uint64(b[3]) | uint64(b[2])<<8 | uint64(b[1])<<16 | uint64(b[0])<<24, b[4:] +} + +func get64l(b []byte) (uint64, []byte) { + if len(b) < 8 { + return 0, nil + } + return uint64(b[0]) | uint64(b[1])<<8 | uint64(b[2])<<16 | uint64(b[3])<<24 | uint64(b[4])<<32 | uint64(b[5])<<40 | uint64(b[6])<<48 | uint64(b[7])<<56, b[8:] +} + +func get64b(b []byte) (uint64, []byte) { + if len(b) < 8 { + return 0, nil + } + return uint64(b[7]) | uint64(b[6])<<8 | uint64(b[5])<<16 | uint64(b[4])<<24 | uint64(b[3])<<32 | uint64(b[2])<<40 | uint64(b[1])<<48 | uint64(b[0])<<56, b[8:] +} + +// parseCPU parses a profilez legacy profile and returns a newly +// populated Profile. +// +// The general format for profilez samples is a sequence of words in +// binary format. The first words are a header with the following data: +// 1st word -- 0 +// 2nd word -- 3 +// 3rd word -- 0 if a c++ application, 1 if a java application. +// 4th word -- Sampling period (in microseconds). +// 5th word -- Padding. +func parseCPU(b []byte) (*Profile, error) { + var parse func([]byte) (uint64, []byte) + var n1, n2, n3, n4, n5 uint64 + for _, parse = range cpuInts { + var tmp []byte + n1, tmp = parse(b) + n2, tmp = parse(tmp) + n3, tmp = parse(tmp) + n4, tmp = parse(tmp) + n5, tmp = parse(tmp) + + if tmp != nil && n1 == 0 && n2 == 3 && n3 == 0 && n4 > 0 && n5 == 0 { + b = tmp + return cpuProfile(b, int64(n4), parse) + } + if tmp != nil && n1 == 0 && n2 == 3 && n3 == 1 && n4 > 0 && n5 == 0 { + b = tmp + return javaCPUProfile(b, int64(n4), parse) + } + } + return nil, errUnrecognized +} + +// cpuProfile returns a new Profile from C++ profilez data. +// b is the profile bytes after the header, period is the profiling +// period, and parse is a function to parse 8-byte chunks from the +// profile in its native endianness. +func cpuProfile(b []byte, period int64, parse func(b []byte) (uint64, []byte)) (*Profile, error) { + p := &Profile{ + Period: period * 1000, + PeriodType: &ValueType{Type: "cpu", Unit: "nanoseconds"}, + SampleType: []*ValueType{ + {Type: "samples", Unit: "count"}, + {Type: "cpu", Unit: "nanoseconds"}, + }, + } + var err error + if b, _, err = parseCPUSamples(b, parse, true, p); err != nil { + return nil, err + } + + // If *most* samples have the same second-to-the-bottom frame, it + // strongly suggests that it is an uninteresting artifact of + // measurement -- a stack frame pushed by the signal handler. The + // bottom frame is always correct as it is picked up from the signal + // structure, not the stack. Check if this is the case and if so, + // remove. + + // Remove up to two frames. + maxiter := 2 + // Allow one different sample for this many samples with the same + // second-to-last frame. + similarSamples := 32 + margin := len(p.Sample) / similarSamples + + for iter := 0; iter < maxiter; iter++ { + addr1 := make(map[uint64]int) + for _, s := range p.Sample { + if len(s.Location) > 1 { + a := s.Location[1].Address + addr1[a] = addr1[a] + 1 + } + } + + for id1, count := range addr1 { + if count >= len(p.Sample)-margin { + // Found uninteresting frame, strip it out from all samples + for _, s := range p.Sample { + if len(s.Location) > 1 && s.Location[1].Address == id1 { + s.Location = append(s.Location[:1], s.Location[2:]...) + } + } + break + } + } + } + + if err := p.ParseMemoryMap(bytes.NewBuffer(b)); err != nil { + return nil, err + } + + cleanupDuplicateLocations(p) + return p, nil +} + +func cleanupDuplicateLocations(p *Profile) { + // The profile handler may duplicate the leaf frame, because it gets + // its address both from stack unwinding and from the signal + // context. Detect this and delete the duplicate, which has been + // adjusted by -1. The leaf address should not be adjusted as it is + // not a call. + for _, s := range p.Sample { + if len(s.Location) > 1 && s.Location[0].Address == s.Location[1].Address+1 { + s.Location = append(s.Location[:1], s.Location[2:]...) + } + } +} + +// parseCPUSamples parses a collection of profilez samples from a +// profile. +// +// profilez samples are a repeated sequence of stack frames of the +// form: +// 1st word -- The number of times this stack was encountered. +// 2nd word -- The size of the stack (StackSize). +// 3rd word -- The first address on the stack. +// ... +// StackSize + 2 -- The last address on the stack +// The last stack trace is of the form: +// 1st word -- 0 +// 2nd word -- 1 +// 3rd word -- 0 +// +// Addresses from stack traces may point to the next instruction after +// each call. Optionally adjust by -1 to land somewhere on the actual +// call (except for the leaf, which is not a call). +func parseCPUSamples(b []byte, parse func(b []byte) (uint64, []byte), adjust bool, p *Profile) ([]byte, map[uint64]*Location, error) { + locs := make(map[uint64]*Location) + for len(b) > 0 { + var count, nstk uint64 + count, b = parse(b) + nstk, b = parse(b) + if b == nil || nstk > uint64(len(b)/4) { + return nil, nil, errUnrecognized + } + var sloc []*Location + addrs := make([]uint64, nstk) + for i := 0; i < int(nstk); i++ { + addrs[i], b = parse(b) + } + + if count == 0 && nstk == 1 && addrs[0] == 0 { + // End of data marker + break + } + for i, addr := range addrs { + if adjust && i > 0 { + addr-- + } + loc := locs[addr] + if loc == nil { + loc = &Location{ + Address: addr, + } + locs[addr] = loc + p.Location = append(p.Location, loc) + } + sloc = append(sloc, loc) + } + p.Sample = append(p.Sample, + &Sample{ + Value: []int64{int64(count), int64(count) * p.Period}, + Location: sloc, + }) + } + // Reached the end without finding the EOD marker. + return b, locs, nil +} + +// parseHeap parses a heapz legacy or a growthz profile and +// returns a newly populated Profile. +func parseHeap(b []byte) (p *Profile, err error) { + s := bufio.NewScanner(bytes.NewBuffer(b)) + if !s.Scan() { + if err := s.Err(); err != nil { + return nil, err + } + return nil, errUnrecognized + } + p = &Profile{} + + sampling := "" + hasAlloc := false + + line := s.Text() + p.PeriodType = &ValueType{Type: "space", Unit: "bytes"} + if header := heapHeaderRE.FindStringSubmatch(line); header != nil { + sampling, p.Period, hasAlloc, err = parseHeapHeader(line) + if err != nil { + return nil, err + } + } else if header = growthHeaderRE.FindStringSubmatch(line); header != nil { + p.Period = 1 + } else if header = fragmentationHeaderRE.FindStringSubmatch(line); header != nil { + p.Period = 1 + } else { + return nil, errUnrecognized + } + + if hasAlloc { + // Put alloc before inuse so that default pprof selection + // will prefer inuse_space. + p.SampleType = []*ValueType{ + {Type: "alloc_objects", Unit: "count"}, + {Type: "alloc_space", Unit: "bytes"}, + {Type: "inuse_objects", Unit: "count"}, + {Type: "inuse_space", Unit: "bytes"}, + } + } else { + p.SampleType = []*ValueType{ + {Type: "objects", Unit: "count"}, + {Type: "space", Unit: "bytes"}, + } + } + + locs := make(map[uint64]*Location) + for s.Scan() { + line := strings.TrimSpace(s.Text()) + + if isSpaceOrComment(line) { + continue + } + + if isMemoryMapSentinel(line) { + break + } + + value, blocksize, addrs, err := parseHeapSample(line, p.Period, sampling, hasAlloc) + if err != nil { + return nil, err + } + + var sloc []*Location + for _, addr := range addrs { + // Addresses from stack traces point to the next instruction after + // each call. Adjust by -1 to land somewhere on the actual call. + addr-- + loc := locs[addr] + if locs[addr] == nil { + loc = &Location{ + Address: addr, + } + p.Location = append(p.Location, loc) + locs[addr] = loc + } + sloc = append(sloc, loc) + } + + p.Sample = append(p.Sample, &Sample{ + Value: value, + Location: sloc, + NumLabel: map[string][]int64{"bytes": {blocksize}}, + }) + } + if err := s.Err(); err != nil { + return nil, err + } + if err := parseAdditionalSections(s, p); err != nil { + return nil, err + } + return p, nil +} + +func parseHeapHeader(line string) (sampling string, period int64, hasAlloc bool, err error) { + header := heapHeaderRE.FindStringSubmatch(line) + if header == nil { + return "", 0, false, errUnrecognized + } + + if len(header[6]) > 0 { + if period, err = strconv.ParseInt(header[6], 10, 64); err != nil { + return "", 0, false, errUnrecognized + } + } + + if (header[3] != header[1] && header[3] != "0") || (header[4] != header[2] && header[4] != "0") { + hasAlloc = true + } + + switch header[5] { + case "heapz_v2", "heap_v2": + return "v2", period, hasAlloc, nil + case "heapprofile": + return "", 1, hasAlloc, nil + case "heap": + return "v2", period / 2, hasAlloc, nil + default: + return "", 0, false, errUnrecognized + } +} + +// parseHeapSample parses a single row from a heap profile into a new Sample. +func parseHeapSample(line string, rate int64, sampling string, includeAlloc bool) (value []int64, blocksize int64, addrs []uint64, err error) { + sampleData := heapSampleRE.FindStringSubmatch(line) + if len(sampleData) != 6 { + return nil, 0, nil, fmt.Errorf("unexpected number of sample values: got %d, want 6", len(sampleData)) + } + + // This is a local-scoped helper function to avoid needing to pass + // around rate, sampling and many return parameters. + addValues := func(countString, sizeString string, label string) error { + count, err := strconv.ParseInt(countString, 10, 64) + if err != nil { + return fmt.Errorf("malformed sample: %s: %v", line, err) + } + size, err := strconv.ParseInt(sizeString, 10, 64) + if err != nil { + return fmt.Errorf("malformed sample: %s: %v", line, err) + } + if count == 0 && size != 0 { + return fmt.Errorf("%s count was 0 but %s bytes was %d", label, label, size) + } + if count != 0 { + blocksize = size / count + if sampling == "v2" { + count, size = scaleHeapSample(count, size, rate) + } + } + value = append(value, count, size) + return nil + } + + if includeAlloc { + if err := addValues(sampleData[3], sampleData[4], "allocation"); err != nil { + return nil, 0, nil, err + } + } + + if err := addValues(sampleData[1], sampleData[2], "inuse"); err != nil { + return nil, 0, nil, err + } + + addrs, err = parseHexAddresses(sampleData[5]) + if err != nil { + return nil, 0, nil, fmt.Errorf("malformed sample: %s: %v", line, err) + } + + return value, blocksize, addrs, nil +} + +// parseHexAddresses extracts hex numbers from a string, attempts to convert +// each to an unsigned 64-bit number and returns the resulting numbers as a +// slice, or an error if the string contains hex numbers which are too large to +// handle (which means a malformed profile). +func parseHexAddresses(s string) ([]uint64, error) { + hexStrings := hexNumberRE.FindAllString(s, -1) + var addrs []uint64 + for _, s := range hexStrings { + if addr, err := strconv.ParseUint(s, 0, 64); err == nil { + addrs = append(addrs, addr) + } else { + return nil, fmt.Errorf("failed to parse as hex 64-bit number: %s", s) + } + } + return addrs, nil +} + +// scaleHeapSample adjusts the data from a heapz Sample to +// account for its probability of appearing in the collected +// data. heapz profiles are a sampling of the memory allocations +// requests in a program. We estimate the unsampled value by dividing +// each collected sample by its probability of appearing in the +// profile. heapz v2 profiles rely on a poisson process to determine +// which samples to collect, based on the desired average collection +// rate R. The probability of a sample of size S to appear in that +// profile is 1-exp(-S/R). +func scaleHeapSample(count, size, rate int64) (int64, int64) { + if count == 0 || size == 0 { + return 0, 0 + } + + if rate <= 1 { + // if rate==1 all samples were collected so no adjustment is needed. + // if rate<1 treat as unknown and skip scaling. + return count, size + } + + avgSize := float64(size) / float64(count) + scale := 1 / (1 - math.Exp(-avgSize/float64(rate))) + + return int64(float64(count) * scale), int64(float64(size) * scale) +} + +// parseContention parses a mutex or contention profile. There are 2 cases: +// "--- contentionz " for legacy C++ profiles (and backwards compatibility) +// "--- mutex:" or "--- contention:" for profiles generated by the Go runtime. +func parseContention(b []byte) (*Profile, error) { + s := bufio.NewScanner(bytes.NewBuffer(b)) + if !s.Scan() { + if err := s.Err(); err != nil { + return nil, err + } + return nil, errUnrecognized + } + + switch l := s.Text(); { + case strings.HasPrefix(l, "--- contentionz "): + case strings.HasPrefix(l, "--- mutex:"): + case strings.HasPrefix(l, "--- contention:"): + default: + return nil, errUnrecognized + } + + p := &Profile{ + PeriodType: &ValueType{Type: "contentions", Unit: "count"}, + Period: 1, + SampleType: []*ValueType{ + {Type: "contentions", Unit: "count"}, + {Type: "delay", Unit: "nanoseconds"}, + }, + } + + var cpuHz int64 + // Parse text of the form "attribute = value" before the samples. + const delimiter = "=" + for s.Scan() { + line := s.Text() + if line = strings.TrimSpace(line); isSpaceOrComment(line) { + continue + } + if strings.HasPrefix(line, "---") { + break + } + attr := strings.SplitN(line, delimiter, 2) + if len(attr) != 2 { + break + } + key, val := strings.TrimSpace(attr[0]), strings.TrimSpace(attr[1]) + var err error + switch key { + case "cycles/second": + if cpuHz, err = strconv.ParseInt(val, 0, 64); err != nil { + return nil, errUnrecognized + } + case "sampling period": + if p.Period, err = strconv.ParseInt(val, 0, 64); err != nil { + return nil, errUnrecognized + } + case "ms since reset": + ms, err := strconv.ParseInt(val, 0, 64) + if err != nil { + return nil, errUnrecognized + } + p.DurationNanos = ms * 1000 * 1000 + case "format": + // CPP contentionz profiles don't have format. + return nil, errUnrecognized + case "resolution": + // CPP contentionz profiles don't have resolution. + return nil, errUnrecognized + case "discarded samples": + default: + return nil, errUnrecognized + } + } + if err := s.Err(); err != nil { + return nil, err + } + + locs := make(map[uint64]*Location) + for { + line := strings.TrimSpace(s.Text()) + if strings.HasPrefix(line, "---") { + break + } + if !isSpaceOrComment(line) { + value, addrs, err := parseContentionSample(line, p.Period, cpuHz) + if err != nil { + return nil, err + } + var sloc []*Location + for _, addr := range addrs { + // Addresses from stack traces point to the next instruction after + // each call. Adjust by -1 to land somewhere on the actual call. + addr-- + loc := locs[addr] + if locs[addr] == nil { + loc = &Location{ + Address: addr, + } + p.Location = append(p.Location, loc) + locs[addr] = loc + } + sloc = append(sloc, loc) + } + p.Sample = append(p.Sample, &Sample{ + Value: value, + Location: sloc, + }) + } + if !s.Scan() { + break + } + } + if err := s.Err(); err != nil { + return nil, err + } + + if err := parseAdditionalSections(s, p); err != nil { + return nil, err + } + + return p, nil +} + +// parseContentionSample parses a single row from a contention profile +// into a new Sample. +func parseContentionSample(line string, period, cpuHz int64) (value []int64, addrs []uint64, err error) { + sampleData := contentionSampleRE.FindStringSubmatch(line) + if sampleData == nil { + return nil, nil, errUnrecognized + } + + v1, err := strconv.ParseInt(sampleData[1], 10, 64) + if err != nil { + return nil, nil, fmt.Errorf("malformed sample: %s: %v", line, err) + } + v2, err := strconv.ParseInt(sampleData[2], 10, 64) + if err != nil { + return nil, nil, fmt.Errorf("malformed sample: %s: %v", line, err) + } + + // Unsample values if period and cpuHz are available. + // - Delays are scaled to cycles and then to nanoseconds. + // - Contentions are scaled to cycles. + if period > 0 { + if cpuHz > 0 { + cpuGHz := float64(cpuHz) / 1e9 + v1 = int64(float64(v1) * float64(period) / cpuGHz) + } + v2 = v2 * period + } + + value = []int64{v2, v1} + addrs, err = parseHexAddresses(sampleData[3]) + if err != nil { + return nil, nil, fmt.Errorf("malformed sample: %s: %v", line, err) + } + + return value, addrs, nil +} + +// parseThread parses a Threadz profile and returns a new Profile. +func parseThread(b []byte) (*Profile, error) { + s := bufio.NewScanner(bytes.NewBuffer(b)) + // Skip past comments and empty lines seeking a real header. + for s.Scan() && isSpaceOrComment(s.Text()) { + } + + line := s.Text() + if m := threadzStartRE.FindStringSubmatch(line); m != nil { + // Advance over initial comments until first stack trace. + for s.Scan() { + if line = s.Text(); isMemoryMapSentinel(line) || strings.HasPrefix(line, "-") { + break + } + } + } else if t := threadStartRE.FindStringSubmatch(line); len(t) != 4 { + return nil, errUnrecognized + } + + p := &Profile{ + SampleType: []*ValueType{{Type: "thread", Unit: "count"}}, + PeriodType: &ValueType{Type: "thread", Unit: "count"}, + Period: 1, + } + + locs := make(map[uint64]*Location) + // Recognize each thread and populate profile samples. + for !isMemoryMapSentinel(line) { + if strings.HasPrefix(line, "---- no stack trace for") { + line = "" + break + } + if t := threadStartRE.FindStringSubmatch(line); len(t) != 4 { + return nil, errUnrecognized + } + + var addrs []uint64 + var err error + line, addrs, err = parseThreadSample(s) + if err != nil { + return nil, err + } + if len(addrs) == 0 { + // We got a --same as previous threads--. Bump counters. + if len(p.Sample) > 0 { + s := p.Sample[len(p.Sample)-1] + s.Value[0]++ + } + continue + } + + var sloc []*Location + for i, addr := range addrs { + // Addresses from stack traces point to the next instruction after + // each call. Adjust by -1 to land somewhere on the actual call + // (except for the leaf, which is not a call). + if i > 0 { + addr-- + } + loc := locs[addr] + if locs[addr] == nil { + loc = &Location{ + Address: addr, + } + p.Location = append(p.Location, loc) + locs[addr] = loc + } + sloc = append(sloc, loc) + } + + p.Sample = append(p.Sample, &Sample{ + Value: []int64{1}, + Location: sloc, + }) + } + + if err := parseAdditionalSections(s, p); err != nil { + return nil, err + } + + cleanupDuplicateLocations(p) + return p, nil +} + +// parseThreadSample parses a symbolized or unsymbolized stack trace. +// Returns the first line after the traceback, the sample (or nil if +// it hits a 'same-as-previous' marker) and an error. +func parseThreadSample(s *bufio.Scanner) (nextl string, addrs []uint64, err error) { + var line string + sameAsPrevious := false + for s.Scan() { + line = strings.TrimSpace(s.Text()) + if line == "" { + continue + } + + if strings.HasPrefix(line, "---") { + break + } + if strings.Contains(line, "same as previous thread") { + sameAsPrevious = true + continue + } + + curAddrs, err := parseHexAddresses(line) + if err != nil { + return "", nil, fmt.Errorf("malformed sample: %s: %v", line, err) + } + addrs = append(addrs, curAddrs...) + } + if err := s.Err(); err != nil { + return "", nil, err + } + if sameAsPrevious { + return line, nil, nil + } + return line, addrs, nil +} + +// parseAdditionalSections parses any additional sections in the +// profile, ignoring any unrecognized sections. +func parseAdditionalSections(s *bufio.Scanner, p *Profile) error { + for !isMemoryMapSentinel(s.Text()) && s.Scan() { + } + if err := s.Err(); err != nil { + return err + } + return p.ParseMemoryMapFromScanner(s) +} + +// ParseProcMaps parses a memory map in the format of /proc/self/maps. +// ParseMemoryMap should be called after setting on a profile to +// associate locations to the corresponding mapping based on their +// address. +func ParseProcMaps(rd io.Reader) ([]*Mapping, error) { + s := bufio.NewScanner(rd) + return parseProcMapsFromScanner(s) +} + +func parseProcMapsFromScanner(s *bufio.Scanner) ([]*Mapping, error) { + var mapping []*Mapping + + var attrs []string + const delimiter = "=" + r := strings.NewReplacer() + for s.Scan() { + line := r.Replace(removeLoggingInfo(s.Text())) + m, err := parseMappingEntry(line) + if err != nil { + if err == errUnrecognized { + // Recognize assignments of the form: attr=value, and replace + // $attr with value on subsequent mappings. + if attr := strings.SplitN(line, delimiter, 2); len(attr) == 2 { + attrs = append(attrs, "$"+strings.TrimSpace(attr[0]), strings.TrimSpace(attr[1])) + r = strings.NewReplacer(attrs...) + } + // Ignore any unrecognized entries + continue + } + return nil, err + } + if m == nil { + continue + } + mapping = append(mapping, m) + } + if err := s.Err(); err != nil { + return nil, err + } + return mapping, nil +} + +// removeLoggingInfo detects and removes log prefix entries generated +// by the glog package. If no logging prefix is detected, the string +// is returned unmodified. +func removeLoggingInfo(line string) string { + if match := logInfoRE.FindStringIndex(line); match != nil { + return line[match[1]:] + } + return line +} + +// ParseMemoryMap parses a memory map in the format of +// /proc/self/maps, and overrides the mappings in the current profile. +// It renumbers the samples and locations in the profile correspondingly. +func (p *Profile) ParseMemoryMap(rd io.Reader) error { + return p.ParseMemoryMapFromScanner(bufio.NewScanner(rd)) +} + +// ParseMemoryMapFromScanner parses a memory map in the format of +// /proc/self/maps or a variety of legacy format, and overrides the +// mappings in the current profile. It renumbers the samples and +// locations in the profile correspondingly. +func (p *Profile) ParseMemoryMapFromScanner(s *bufio.Scanner) error { + mapping, err := parseProcMapsFromScanner(s) + if err != nil { + return err + } + p.Mapping = append(p.Mapping, mapping...) + p.massageMappings() + p.remapLocationIDs() + p.remapFunctionIDs() + p.remapMappingIDs() + return nil +} + +func parseMappingEntry(l string) (*Mapping, error) { + var start, end, perm, file, offset, buildID string + if me := procMapsRE.FindStringSubmatch(l); len(me) == 6 { + start, end, perm, offset, file = me[1], me[2], me[3], me[4], me[5] + } else if me := briefMapsRE.FindStringSubmatch(l); len(me) == 7 { + start, end, perm, file, offset, buildID = me[1], me[2], me[3], me[4], me[5], me[6] + } else { + return nil, errUnrecognized + } + + var err error + mapping := &Mapping{ + File: file, + BuildID: buildID, + } + if perm != "" && !strings.Contains(perm, "x") { + // Skip non-executable entries. + return nil, nil + } + if mapping.Start, err = strconv.ParseUint(start, 16, 64); err != nil { + return nil, errUnrecognized + } + if mapping.Limit, err = strconv.ParseUint(end, 16, 64); err != nil { + return nil, errUnrecognized + } + if offset != "" { + if mapping.Offset, err = strconv.ParseUint(offset, 16, 64); err != nil { + return nil, errUnrecognized + } + } + return mapping, nil +} + +var memoryMapSentinels = []string{ + "--- Memory map: ---", + "MAPPED_LIBRARIES:", +} + +// isMemoryMapSentinel returns true if the string contains one of the +// known sentinels for memory map information. +func isMemoryMapSentinel(line string) bool { + for _, s := range memoryMapSentinels { + if strings.Contains(line, s) { + return true + } + } + return false +} + +func (p *Profile) addLegacyFrameInfo() { + switch { + case isProfileType(p, heapzSampleTypes): + p.DropFrames, p.KeepFrames = allocRxStr, allocSkipRxStr + case isProfileType(p, contentionzSampleTypes): + p.DropFrames, p.KeepFrames = lockRxStr, "" + default: + p.DropFrames, p.KeepFrames = cpuProfilerRxStr, "" + } +} + +var heapzSampleTypes = [][]string{ + {"allocations", "size"}, // early Go pprof profiles + {"objects", "space"}, + {"inuse_objects", "inuse_space"}, + {"alloc_objects", "alloc_space"}, + {"alloc_objects", "alloc_space", "inuse_objects", "inuse_space"}, // Go pprof legacy profiles +} +var contentionzSampleTypes = [][]string{ + {"contentions", "delay"}, +} + +func isProfileType(p *Profile, types [][]string) bool { + st := p.SampleType +nextType: + for _, t := range types { + if len(st) != len(t) { + continue + } + + for i := range st { + if st[i].Type != t[i] { + continue nextType + } + } + return true + } + return false +} + +var allocRxStr = strings.Join([]string{ + // POSIX entry points. + `calloc`, + `cfree`, + `malloc`, + `free`, + `memalign`, + `do_memalign`, + `(__)?posix_memalign`, + `pvalloc`, + `valloc`, + `realloc`, + + // TC malloc. + `tcmalloc::.*`, + `tc_calloc`, + `tc_cfree`, + `tc_malloc`, + `tc_free`, + `tc_memalign`, + `tc_posix_memalign`, + `tc_pvalloc`, + `tc_valloc`, + `tc_realloc`, + `tc_new`, + `tc_delete`, + `tc_newarray`, + `tc_deletearray`, + `tc_new_nothrow`, + `tc_newarray_nothrow`, + + // Memory-allocation routines on OS X. + `malloc_zone_malloc`, + `malloc_zone_calloc`, + `malloc_zone_valloc`, + `malloc_zone_realloc`, + `malloc_zone_memalign`, + `malloc_zone_free`, + + // Go runtime + `runtime\..*`, + + // Other misc. memory allocation routines + `BaseArena::.*`, + `(::)?do_malloc_no_errno`, + `(::)?do_malloc_pages`, + `(::)?do_malloc`, + `DoSampledAllocation`, + `MallocedMemBlock::MallocedMemBlock`, + `_M_allocate`, + `__builtin_(vec_)?delete`, + `__builtin_(vec_)?new`, + `__gnu_cxx::new_allocator::allocate`, + `__libc_malloc`, + `__malloc_alloc_template::allocate`, + `allocate`, + `cpp_alloc`, + `operator new(\[\])?`, + `simple_alloc::allocate`, +}, `|`) + +var allocSkipRxStr = strings.Join([]string{ + // Preserve Go runtime frames that appear in the middle/bottom of + // the stack. + `runtime\.panic`, + `runtime\.reflectcall`, + `runtime\.call[0-9]*`, +}, `|`) + +var cpuProfilerRxStr = strings.Join([]string{ + `ProfileData::Add`, + `ProfileData::prof_handler`, + `CpuProfiler::prof_handler`, + `__pthread_sighandler`, + `__restore`, +}, `|`) + +var lockRxStr = strings.Join([]string{ + `RecordLockProfileData`, + `(base::)?RecordLockProfileData.*`, + `(base::)?SubmitMutexProfileData.*`, + `(base::)?SubmitSpinLockProfileData.*`, + `(base::Mutex::)?AwaitCommon.*`, + `(base::Mutex::)?Unlock.*`, + `(base::Mutex::)?UnlockSlow.*`, + `(base::Mutex::)?ReaderUnlock.*`, + `(base::MutexLock::)?~MutexLock.*`, + `(Mutex::)?AwaitCommon.*`, + `(Mutex::)?Unlock.*`, + `(Mutex::)?UnlockSlow.*`, + `(Mutex::)?ReaderUnlock.*`, + `(MutexLock::)?~MutexLock.*`, + `(SpinLock::)?Unlock.*`, + `(SpinLock::)?SlowUnlock.*`, + `(SpinLockHolder::)?~SpinLockHolder.*`, +}, `|`) diff --git a/vendor/github.com/google/pprof/profile/merge.go b/vendor/github.com/google/pprof/profile/merge.go new file mode 100644 index 000000000..9978e7330 --- /dev/null +++ b/vendor/github.com/google/pprof/profile/merge.go @@ -0,0 +1,481 @@ +// Copyright 2014 Google Inc. All Rights Reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package profile + +import ( + "fmt" + "sort" + "strconv" + "strings" +) + +// Compact performs garbage collection on a profile to remove any +// unreferenced fields. This is useful to reduce the size of a profile +// after samples or locations have been removed. +func (p *Profile) Compact() *Profile { + p, _ = Merge([]*Profile{p}) + return p +} + +// Merge merges all the profiles in profs into a single Profile. +// Returns a new profile independent of the input profiles. The merged +// profile is compacted to eliminate unused samples, locations, +// functions and mappings. Profiles must have identical profile sample +// and period types or the merge will fail. profile.Period of the +// resulting profile will be the maximum of all profiles, and +// profile.TimeNanos will be the earliest nonzero one. Merges are +// associative with the caveat of the first profile having some +// specialization in how headers are combined. There may be other +// subtleties now or in the future regarding associativity. +func Merge(srcs []*Profile) (*Profile, error) { + if len(srcs) == 0 { + return nil, fmt.Errorf("no profiles to merge") + } + p, err := combineHeaders(srcs) + if err != nil { + return nil, err + } + + pm := &profileMerger{ + p: p, + samples: make(map[sampleKey]*Sample, len(srcs[0].Sample)), + locations: make(map[locationKey]*Location, len(srcs[0].Location)), + functions: make(map[functionKey]*Function, len(srcs[0].Function)), + mappings: make(map[mappingKey]*Mapping, len(srcs[0].Mapping)), + } + + for _, src := range srcs { + // Clear the profile-specific hash tables + pm.locationsByID = make(map[uint64]*Location, len(src.Location)) + pm.functionsByID = make(map[uint64]*Function, len(src.Function)) + pm.mappingsByID = make(map[uint64]mapInfo, len(src.Mapping)) + + if len(pm.mappings) == 0 && len(src.Mapping) > 0 { + // The Mapping list has the property that the first mapping + // represents the main binary. Take the first Mapping we see, + // otherwise the operations below will add mappings in an + // arbitrary order. + pm.mapMapping(src.Mapping[0]) + } + + for _, s := range src.Sample { + if !isZeroSample(s) { + pm.mapSample(s) + } + } + } + + for _, s := range p.Sample { + if isZeroSample(s) { + // If there are any zero samples, re-merge the profile to GC + // them. + return Merge([]*Profile{p}) + } + } + + return p, nil +} + +// Normalize normalizes the source profile by multiplying each value in profile by the +// ratio of the sum of the base profile's values of that sample type to the sum of the +// source profile's value of that sample type. +func (p *Profile) Normalize(pb *Profile) error { + + if err := p.compatible(pb); err != nil { + return err + } + + baseVals := make([]int64, len(p.SampleType)) + for _, s := range pb.Sample { + for i, v := range s.Value { + baseVals[i] += v + } + } + + srcVals := make([]int64, len(p.SampleType)) + for _, s := range p.Sample { + for i, v := range s.Value { + srcVals[i] += v + } + } + + normScale := make([]float64, len(baseVals)) + for i := range baseVals { + if srcVals[i] == 0 { + normScale[i] = 0.0 + } else { + normScale[i] = float64(baseVals[i]) / float64(srcVals[i]) + } + } + p.ScaleN(normScale) + return nil +} + +func isZeroSample(s *Sample) bool { + for _, v := range s.Value { + if v != 0 { + return false + } + } + return true +} + +type profileMerger struct { + p *Profile + + // Memoization tables within a profile. + locationsByID map[uint64]*Location + functionsByID map[uint64]*Function + mappingsByID map[uint64]mapInfo + + // Memoization tables for profile entities. + samples map[sampleKey]*Sample + locations map[locationKey]*Location + functions map[functionKey]*Function + mappings map[mappingKey]*Mapping +} + +type mapInfo struct { + m *Mapping + offset int64 +} + +func (pm *profileMerger) mapSample(src *Sample) *Sample { + s := &Sample{ + Location: make([]*Location, len(src.Location)), + Value: make([]int64, len(src.Value)), + Label: make(map[string][]string, len(src.Label)), + NumLabel: make(map[string][]int64, len(src.NumLabel)), + NumUnit: make(map[string][]string, len(src.NumLabel)), + } + for i, l := range src.Location { + s.Location[i] = pm.mapLocation(l) + } + for k, v := range src.Label { + vv := make([]string, len(v)) + copy(vv, v) + s.Label[k] = vv + } + for k, v := range src.NumLabel { + u := src.NumUnit[k] + vv := make([]int64, len(v)) + uu := make([]string, len(u)) + copy(vv, v) + copy(uu, u) + s.NumLabel[k] = vv + s.NumUnit[k] = uu + } + // Check memoization table. Must be done on the remapped location to + // account for the remapped mapping. Add current values to the + // existing sample. + k := s.key() + if ss, ok := pm.samples[k]; ok { + for i, v := range src.Value { + ss.Value[i] += v + } + return ss + } + copy(s.Value, src.Value) + pm.samples[k] = s + pm.p.Sample = append(pm.p.Sample, s) + return s +} + +// key generates sampleKey to be used as a key for maps. +func (sample *Sample) key() sampleKey { + ids := make([]string, len(sample.Location)) + for i, l := range sample.Location { + ids[i] = strconv.FormatUint(l.ID, 16) + } + + labels := make([]string, 0, len(sample.Label)) + for k, v := range sample.Label { + labels = append(labels, fmt.Sprintf("%q%q", k, v)) + } + sort.Strings(labels) + + numlabels := make([]string, 0, len(sample.NumLabel)) + for k, v := range sample.NumLabel { + numlabels = append(numlabels, fmt.Sprintf("%q%x%x", k, v, sample.NumUnit[k])) + } + sort.Strings(numlabels) + + return sampleKey{ + strings.Join(ids, "|"), + strings.Join(labels, ""), + strings.Join(numlabels, ""), + } +} + +type sampleKey struct { + locations string + labels string + numlabels string +} + +func (pm *profileMerger) mapLocation(src *Location) *Location { + if src == nil { + return nil + } + + if l, ok := pm.locationsByID[src.ID]; ok { + return l + } + + mi := pm.mapMapping(src.Mapping) + l := &Location{ + ID: uint64(len(pm.p.Location) + 1), + Mapping: mi.m, + Address: uint64(int64(src.Address) + mi.offset), + Line: make([]Line, len(src.Line)), + IsFolded: src.IsFolded, + } + for i, ln := range src.Line { + l.Line[i] = pm.mapLine(ln) + } + // Check memoization table. Must be done on the remapped location to + // account for the remapped mapping ID. + k := l.key() + if ll, ok := pm.locations[k]; ok { + pm.locationsByID[src.ID] = ll + return ll + } + pm.locationsByID[src.ID] = l + pm.locations[k] = l + pm.p.Location = append(pm.p.Location, l) + return l +} + +// key generates locationKey to be used as a key for maps. +func (l *Location) key() locationKey { + key := locationKey{ + addr: l.Address, + isFolded: l.IsFolded, + } + if l.Mapping != nil { + // Normalizes address to handle address space randomization. + key.addr -= l.Mapping.Start + key.mappingID = l.Mapping.ID + } + lines := make([]string, len(l.Line)*2) + for i, line := range l.Line { + if line.Function != nil { + lines[i*2] = strconv.FormatUint(line.Function.ID, 16) + } + lines[i*2+1] = strconv.FormatInt(line.Line, 16) + } + key.lines = strings.Join(lines, "|") + return key +} + +type locationKey struct { + addr, mappingID uint64 + lines string + isFolded bool +} + +func (pm *profileMerger) mapMapping(src *Mapping) mapInfo { + if src == nil { + return mapInfo{} + } + + if mi, ok := pm.mappingsByID[src.ID]; ok { + return mi + } + + // Check memoization tables. + mk := src.key() + if m, ok := pm.mappings[mk]; ok { + mi := mapInfo{m, int64(m.Start) - int64(src.Start)} + pm.mappingsByID[src.ID] = mi + return mi + } + m := &Mapping{ + ID: uint64(len(pm.p.Mapping) + 1), + Start: src.Start, + Limit: src.Limit, + Offset: src.Offset, + File: src.File, + BuildID: src.BuildID, + HasFunctions: src.HasFunctions, + HasFilenames: src.HasFilenames, + HasLineNumbers: src.HasLineNumbers, + HasInlineFrames: src.HasInlineFrames, + } + pm.p.Mapping = append(pm.p.Mapping, m) + + // Update memoization tables. + pm.mappings[mk] = m + mi := mapInfo{m, 0} + pm.mappingsByID[src.ID] = mi + return mi +} + +// key generates encoded strings of Mapping to be used as a key for +// maps. +func (m *Mapping) key() mappingKey { + // Normalize addresses to handle address space randomization. + // Round up to next 4K boundary to avoid minor discrepancies. + const mapsizeRounding = 0x1000 + + size := m.Limit - m.Start + size = size + mapsizeRounding - 1 + size = size - (size % mapsizeRounding) + key := mappingKey{ + size: size, + offset: m.Offset, + } + + switch { + case m.BuildID != "": + key.buildIDOrFile = m.BuildID + case m.File != "": + key.buildIDOrFile = m.File + default: + // A mapping containing neither build ID nor file name is a fake mapping. A + // key with empty buildIDOrFile is used for fake mappings so that they are + // treated as the same mapping during merging. + } + return key +} + +type mappingKey struct { + size, offset uint64 + buildIDOrFile string +} + +func (pm *profileMerger) mapLine(src Line) Line { + ln := Line{ + Function: pm.mapFunction(src.Function), + Line: src.Line, + } + return ln +} + +func (pm *profileMerger) mapFunction(src *Function) *Function { + if src == nil { + return nil + } + if f, ok := pm.functionsByID[src.ID]; ok { + return f + } + k := src.key() + if f, ok := pm.functions[k]; ok { + pm.functionsByID[src.ID] = f + return f + } + f := &Function{ + ID: uint64(len(pm.p.Function) + 1), + Name: src.Name, + SystemName: src.SystemName, + Filename: src.Filename, + StartLine: src.StartLine, + } + pm.functions[k] = f + pm.functionsByID[src.ID] = f + pm.p.Function = append(pm.p.Function, f) + return f +} + +// key generates a struct to be used as a key for maps. +func (f *Function) key() functionKey { + return functionKey{ + f.StartLine, + f.Name, + f.SystemName, + f.Filename, + } +} + +type functionKey struct { + startLine int64 + name, systemName, fileName string +} + +// combineHeaders checks that all profiles can be merged and returns +// their combined profile. +func combineHeaders(srcs []*Profile) (*Profile, error) { + for _, s := range srcs[1:] { + if err := srcs[0].compatible(s); err != nil { + return nil, err + } + } + + var timeNanos, durationNanos, period int64 + var comments []string + seenComments := map[string]bool{} + var defaultSampleType string + for _, s := range srcs { + if timeNanos == 0 || s.TimeNanos < timeNanos { + timeNanos = s.TimeNanos + } + durationNanos += s.DurationNanos + if period == 0 || period < s.Period { + period = s.Period + } + for _, c := range s.Comments { + if seen := seenComments[c]; !seen { + comments = append(comments, c) + seenComments[c] = true + } + } + if defaultSampleType == "" { + defaultSampleType = s.DefaultSampleType + } + } + + p := &Profile{ + SampleType: make([]*ValueType, len(srcs[0].SampleType)), + + DropFrames: srcs[0].DropFrames, + KeepFrames: srcs[0].KeepFrames, + + TimeNanos: timeNanos, + DurationNanos: durationNanos, + PeriodType: srcs[0].PeriodType, + Period: period, + + Comments: comments, + DefaultSampleType: defaultSampleType, + } + copy(p.SampleType, srcs[0].SampleType) + return p, nil +} + +// compatible determines if two profiles can be compared/merged. +// returns nil if the profiles are compatible; otherwise an error with +// details on the incompatibility. +func (p *Profile) compatible(pb *Profile) error { + if !equalValueType(p.PeriodType, pb.PeriodType) { + return fmt.Errorf("incompatible period types %v and %v", p.PeriodType, pb.PeriodType) + } + + if len(p.SampleType) != len(pb.SampleType) { + return fmt.Errorf("incompatible sample types %v and %v", p.SampleType, pb.SampleType) + } + + for i := range p.SampleType { + if !equalValueType(p.SampleType[i], pb.SampleType[i]) { + return fmt.Errorf("incompatible sample types %v and %v", p.SampleType, pb.SampleType) + } + } + return nil +} + +// equalValueType returns true if the two value types are semantically +// equal. It ignores the internal fields used during encode/decode. +func equalValueType(st1, st2 *ValueType) bool { + return st1.Type == st2.Type && st1.Unit == st2.Unit +} diff --git a/vendor/github.com/google/pprof/profile/profile.go b/vendor/github.com/google/pprof/profile/profile.go new file mode 100644 index 000000000..2590c8ddb --- /dev/null +++ b/vendor/github.com/google/pprof/profile/profile.go @@ -0,0 +1,805 @@ +// Copyright 2014 Google Inc. All Rights Reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Package profile provides a representation of profile.proto and +// methods to encode/decode profiles in this format. +package profile + +import ( + "bytes" + "compress/gzip" + "fmt" + "io" + "io/ioutil" + "math" + "path/filepath" + "regexp" + "sort" + "strings" + "sync" + "time" +) + +// Profile is an in-memory representation of profile.proto. +type Profile struct { + SampleType []*ValueType + DefaultSampleType string + Sample []*Sample + Mapping []*Mapping + Location []*Location + Function []*Function + Comments []string + + DropFrames string + KeepFrames string + + TimeNanos int64 + DurationNanos int64 + PeriodType *ValueType + Period int64 + + // The following fields are modified during encoding and copying, + // so are protected by a Mutex. + encodeMu sync.Mutex + + commentX []int64 + dropFramesX int64 + keepFramesX int64 + stringTable []string + defaultSampleTypeX int64 +} + +// ValueType corresponds to Profile.ValueType +type ValueType struct { + Type string // cpu, wall, inuse_space, etc + Unit string // seconds, nanoseconds, bytes, etc + + typeX int64 + unitX int64 +} + +// Sample corresponds to Profile.Sample +type Sample struct { + Location []*Location + Value []int64 + Label map[string][]string + NumLabel map[string][]int64 + NumUnit map[string][]string + + locationIDX []uint64 + labelX []label +} + +// label corresponds to Profile.Label +type label struct { + keyX int64 + // Exactly one of the two following values must be set + strX int64 + numX int64 // Integer value for this label + // can be set if numX has value + unitX int64 +} + +// Mapping corresponds to Profile.Mapping +type Mapping struct { + ID uint64 + Start uint64 + Limit uint64 + Offset uint64 + File string + BuildID string + HasFunctions bool + HasFilenames bool + HasLineNumbers bool + HasInlineFrames bool + + fileX int64 + buildIDX int64 +} + +// Location corresponds to Profile.Location +type Location struct { + ID uint64 + Mapping *Mapping + Address uint64 + Line []Line + IsFolded bool + + mappingIDX uint64 +} + +// Line corresponds to Profile.Line +type Line struct { + Function *Function + Line int64 + + functionIDX uint64 +} + +// Function corresponds to Profile.Function +type Function struct { + ID uint64 + Name string + SystemName string + Filename string + StartLine int64 + + nameX int64 + systemNameX int64 + filenameX int64 +} + +// Parse parses a profile and checks for its validity. The input +// may be a gzip-compressed encoded protobuf or one of many legacy +// profile formats which may be unsupported in the future. +func Parse(r io.Reader) (*Profile, error) { + data, err := ioutil.ReadAll(r) + if err != nil { + return nil, err + } + return ParseData(data) +} + +// ParseData parses a profile from a buffer and checks for its +// validity. +func ParseData(data []byte) (*Profile, error) { + var p *Profile + var err error + if len(data) >= 2 && data[0] == 0x1f && data[1] == 0x8b { + gz, err := gzip.NewReader(bytes.NewBuffer(data)) + if err == nil { + data, err = ioutil.ReadAll(gz) + } + if err != nil { + return nil, fmt.Errorf("decompressing profile: %v", err) + } + } + if p, err = ParseUncompressed(data); err != nil && err != errNoData && err != errConcatProfile { + p, err = parseLegacy(data) + } + + if err != nil { + return nil, fmt.Errorf("parsing profile: %v", err) + } + + if err := p.CheckValid(); err != nil { + return nil, fmt.Errorf("malformed profile: %v", err) + } + return p, nil +} + +var errUnrecognized = fmt.Errorf("unrecognized profile format") +var errMalformed = fmt.Errorf("malformed profile format") +var errNoData = fmt.Errorf("empty input file") +var errConcatProfile = fmt.Errorf("concatenated profiles detected") + +func parseLegacy(data []byte) (*Profile, error) { + parsers := []func([]byte) (*Profile, error){ + parseCPU, + parseHeap, + parseGoCount, // goroutine, threadcreate + parseThread, + parseContention, + parseJavaProfile, + } + + for _, parser := range parsers { + p, err := parser(data) + if err == nil { + p.addLegacyFrameInfo() + return p, nil + } + if err != errUnrecognized { + return nil, err + } + } + return nil, errUnrecognized +} + +// ParseUncompressed parses an uncompressed protobuf into a profile. +func ParseUncompressed(data []byte) (*Profile, error) { + if len(data) == 0 { + return nil, errNoData + } + p := &Profile{} + if err := unmarshal(data, p); err != nil { + return nil, err + } + + if err := p.postDecode(); err != nil { + return nil, err + } + + return p, nil +} + +var libRx = regexp.MustCompile(`([.]so$|[.]so[._][0-9]+)`) + +// massageMappings applies heuristic-based changes to the profile +// mappings to account for quirks of some environments. +func (p *Profile) massageMappings() { + // Merge adjacent regions with matching names, checking that the offsets match + if len(p.Mapping) > 1 { + mappings := []*Mapping{p.Mapping[0]} + for _, m := range p.Mapping[1:] { + lm := mappings[len(mappings)-1] + if adjacent(lm, m) { + lm.Limit = m.Limit + if m.File != "" { + lm.File = m.File + } + if m.BuildID != "" { + lm.BuildID = m.BuildID + } + p.updateLocationMapping(m, lm) + continue + } + mappings = append(mappings, m) + } + p.Mapping = mappings + } + + // Use heuristics to identify main binary and move it to the top of the list of mappings + for i, m := range p.Mapping { + file := strings.TrimSpace(strings.Replace(m.File, "(deleted)", "", -1)) + if len(file) == 0 { + continue + } + if len(libRx.FindStringSubmatch(file)) > 0 { + continue + } + if file[0] == '[' { + continue + } + // Swap what we guess is main to position 0. + p.Mapping[0], p.Mapping[i] = p.Mapping[i], p.Mapping[0] + break + } + + // Keep the mapping IDs neatly sorted + for i, m := range p.Mapping { + m.ID = uint64(i + 1) + } +} + +// adjacent returns whether two mapping entries represent the same +// mapping that has been split into two. Check that their addresses are adjacent, +// and if the offsets match, if they are available. +func adjacent(m1, m2 *Mapping) bool { + if m1.File != "" && m2.File != "" { + if m1.File != m2.File { + return false + } + } + if m1.BuildID != "" && m2.BuildID != "" { + if m1.BuildID != m2.BuildID { + return false + } + } + if m1.Limit != m2.Start { + return false + } + if m1.Offset != 0 && m2.Offset != 0 { + offset := m1.Offset + (m1.Limit - m1.Start) + if offset != m2.Offset { + return false + } + } + return true +} + +func (p *Profile) updateLocationMapping(from, to *Mapping) { + for _, l := range p.Location { + if l.Mapping == from { + l.Mapping = to + } + } +} + +func serialize(p *Profile) []byte { + p.encodeMu.Lock() + p.preEncode() + b := marshal(p) + p.encodeMu.Unlock() + return b +} + +// Write writes the profile as a gzip-compressed marshaled protobuf. +func (p *Profile) Write(w io.Writer) error { + zw := gzip.NewWriter(w) + defer zw.Close() + _, err := zw.Write(serialize(p)) + return err +} + +// WriteUncompressed writes the profile as a marshaled protobuf. +func (p *Profile) WriteUncompressed(w io.Writer) error { + _, err := w.Write(serialize(p)) + return err +} + +// CheckValid tests whether the profile is valid. Checks include, but are +// not limited to: +// - len(Profile.Sample[n].value) == len(Profile.value_unit) +// - Sample.id has a corresponding Profile.Location +func (p *Profile) CheckValid() error { + // Check that sample values are consistent + sampleLen := len(p.SampleType) + if sampleLen == 0 && len(p.Sample) != 0 { + return fmt.Errorf("missing sample type information") + } + for _, s := range p.Sample { + if s == nil { + return fmt.Errorf("profile has nil sample") + } + if len(s.Value) != sampleLen { + return fmt.Errorf("mismatch: sample has %d values vs. %d types", len(s.Value), len(p.SampleType)) + } + for _, l := range s.Location { + if l == nil { + return fmt.Errorf("sample has nil location") + } + } + } + + // Check that all mappings/locations/functions are in the tables + // Check that there are no duplicate ids + mappings := make(map[uint64]*Mapping, len(p.Mapping)) + for _, m := range p.Mapping { + if m == nil { + return fmt.Errorf("profile has nil mapping") + } + if m.ID == 0 { + return fmt.Errorf("found mapping with reserved ID=0") + } + if mappings[m.ID] != nil { + return fmt.Errorf("multiple mappings with same id: %d", m.ID) + } + mappings[m.ID] = m + } + functions := make(map[uint64]*Function, len(p.Function)) + for _, f := range p.Function { + if f == nil { + return fmt.Errorf("profile has nil function") + } + if f.ID == 0 { + return fmt.Errorf("found function with reserved ID=0") + } + if functions[f.ID] != nil { + return fmt.Errorf("multiple functions with same id: %d", f.ID) + } + functions[f.ID] = f + } + locations := make(map[uint64]*Location, len(p.Location)) + for _, l := range p.Location { + if l == nil { + return fmt.Errorf("profile has nil location") + } + if l.ID == 0 { + return fmt.Errorf("found location with reserved id=0") + } + if locations[l.ID] != nil { + return fmt.Errorf("multiple locations with same id: %d", l.ID) + } + locations[l.ID] = l + if m := l.Mapping; m != nil { + if m.ID == 0 || mappings[m.ID] != m { + return fmt.Errorf("inconsistent mapping %p: %d", m, m.ID) + } + } + for _, ln := range l.Line { + f := ln.Function + if f == nil { + return fmt.Errorf("location id: %d has a line with nil function", l.ID) + } + if f.ID == 0 || functions[f.ID] != f { + return fmt.Errorf("inconsistent function %p: %d", f, f.ID) + } + } + } + return nil +} + +// Aggregate merges the locations in the profile into equivalence +// classes preserving the request attributes. It also updates the +// samples to point to the merged locations. +func (p *Profile) Aggregate(inlineFrame, function, filename, linenumber, address bool) error { + for _, m := range p.Mapping { + m.HasInlineFrames = m.HasInlineFrames && inlineFrame + m.HasFunctions = m.HasFunctions && function + m.HasFilenames = m.HasFilenames && filename + m.HasLineNumbers = m.HasLineNumbers && linenumber + } + + // Aggregate functions + if !function || !filename { + for _, f := range p.Function { + if !function { + f.Name = "" + f.SystemName = "" + } + if !filename { + f.Filename = "" + } + } + } + + // Aggregate locations + if !inlineFrame || !address || !linenumber { + for _, l := range p.Location { + if !inlineFrame && len(l.Line) > 1 { + l.Line = l.Line[len(l.Line)-1:] + } + if !linenumber { + for i := range l.Line { + l.Line[i].Line = 0 + } + } + if !address { + l.Address = 0 + } + } + } + + return p.CheckValid() +} + +// NumLabelUnits returns a map of numeric label keys to the units +// associated with those keys and a map of those keys to any units +// that were encountered but not used. +// Unit for a given key is the first encountered unit for that key. If multiple +// units are encountered for values paired with a particular key, then the first +// unit encountered is used and all other units are returned in sorted order +// in map of ignored units. +// If no units are encountered for a particular key, the unit is then inferred +// based on the key. +func (p *Profile) NumLabelUnits() (map[string]string, map[string][]string) { + numLabelUnits := map[string]string{} + ignoredUnits := map[string]map[string]bool{} + encounteredKeys := map[string]bool{} + + // Determine units based on numeric tags for each sample. + for _, s := range p.Sample { + for k := range s.NumLabel { + encounteredKeys[k] = true + for _, unit := range s.NumUnit[k] { + if unit == "" { + continue + } + if wantUnit, ok := numLabelUnits[k]; !ok { + numLabelUnits[k] = unit + } else if wantUnit != unit { + if v, ok := ignoredUnits[k]; ok { + v[unit] = true + } else { + ignoredUnits[k] = map[string]bool{unit: true} + } + } + } + } + } + // Infer units for keys without any units associated with + // numeric tag values. + for key := range encounteredKeys { + unit := numLabelUnits[key] + if unit == "" { + switch key { + case "alignment", "request": + numLabelUnits[key] = "bytes" + default: + numLabelUnits[key] = key + } + } + } + + // Copy ignored units into more readable format + unitsIgnored := make(map[string][]string, len(ignoredUnits)) + for key, values := range ignoredUnits { + units := make([]string, len(values)) + i := 0 + for unit := range values { + units[i] = unit + i++ + } + sort.Strings(units) + unitsIgnored[key] = units + } + + return numLabelUnits, unitsIgnored +} + +// String dumps a text representation of a profile. Intended mainly +// for debugging purposes. +func (p *Profile) String() string { + ss := make([]string, 0, len(p.Comments)+len(p.Sample)+len(p.Mapping)+len(p.Location)) + for _, c := range p.Comments { + ss = append(ss, "Comment: "+c) + } + if pt := p.PeriodType; pt != nil { + ss = append(ss, fmt.Sprintf("PeriodType: %s %s", pt.Type, pt.Unit)) + } + ss = append(ss, fmt.Sprintf("Period: %d", p.Period)) + if p.TimeNanos != 0 { + ss = append(ss, fmt.Sprintf("Time: %v", time.Unix(0, p.TimeNanos))) + } + if p.DurationNanos != 0 { + ss = append(ss, fmt.Sprintf("Duration: %.4v", time.Duration(p.DurationNanos))) + } + + ss = append(ss, "Samples:") + var sh1 string + for _, s := range p.SampleType { + dflt := "" + if s.Type == p.DefaultSampleType { + dflt = "[dflt]" + } + sh1 = sh1 + fmt.Sprintf("%s/%s%s ", s.Type, s.Unit, dflt) + } + ss = append(ss, strings.TrimSpace(sh1)) + for _, s := range p.Sample { + ss = append(ss, s.string()) + } + + ss = append(ss, "Locations") + for _, l := range p.Location { + ss = append(ss, l.string()) + } + + ss = append(ss, "Mappings") + for _, m := range p.Mapping { + ss = append(ss, m.string()) + } + + return strings.Join(ss, "\n") + "\n" +} + +// string dumps a text representation of a mapping. Intended mainly +// for debugging purposes. +func (m *Mapping) string() string { + bits := "" + if m.HasFunctions { + bits = bits + "[FN]" + } + if m.HasFilenames { + bits = bits + "[FL]" + } + if m.HasLineNumbers { + bits = bits + "[LN]" + } + if m.HasInlineFrames { + bits = bits + "[IN]" + } + return fmt.Sprintf("%d: %#x/%#x/%#x %s %s %s", + m.ID, + m.Start, m.Limit, m.Offset, + m.File, + m.BuildID, + bits) +} + +// string dumps a text representation of a location. Intended mainly +// for debugging purposes. +func (l *Location) string() string { + ss := []string{} + locStr := fmt.Sprintf("%6d: %#x ", l.ID, l.Address) + if m := l.Mapping; m != nil { + locStr = locStr + fmt.Sprintf("M=%d ", m.ID) + } + if l.IsFolded { + locStr = locStr + "[F] " + } + if len(l.Line) == 0 { + ss = append(ss, locStr) + } + for li := range l.Line { + lnStr := "??" + if fn := l.Line[li].Function; fn != nil { + lnStr = fmt.Sprintf("%s %s:%d s=%d", + fn.Name, + fn.Filename, + l.Line[li].Line, + fn.StartLine) + if fn.Name != fn.SystemName { + lnStr = lnStr + "(" + fn.SystemName + ")" + } + } + ss = append(ss, locStr+lnStr) + // Do not print location details past the first line + locStr = " " + } + return strings.Join(ss, "\n") +} + +// string dumps a text representation of a sample. Intended mainly +// for debugging purposes. +func (s *Sample) string() string { + ss := []string{} + var sv string + for _, v := range s.Value { + sv = fmt.Sprintf("%s %10d", sv, v) + } + sv = sv + ": " + for _, l := range s.Location { + sv = sv + fmt.Sprintf("%d ", l.ID) + } + ss = append(ss, sv) + const labelHeader = " " + if len(s.Label) > 0 { + ss = append(ss, labelHeader+labelsToString(s.Label)) + } + if len(s.NumLabel) > 0 { + ss = append(ss, labelHeader+numLabelsToString(s.NumLabel, s.NumUnit)) + } + return strings.Join(ss, "\n") +} + +// labelsToString returns a string representation of a +// map representing labels. +func labelsToString(labels map[string][]string) string { + ls := []string{} + for k, v := range labels { + ls = append(ls, fmt.Sprintf("%s:%v", k, v)) + } + sort.Strings(ls) + return strings.Join(ls, " ") +} + +// numLabelsToString returns a string representation of a map +// representing numeric labels. +func numLabelsToString(numLabels map[string][]int64, numUnits map[string][]string) string { + ls := []string{} + for k, v := range numLabels { + units := numUnits[k] + var labelString string + if len(units) == len(v) { + values := make([]string, len(v)) + for i, vv := range v { + values[i] = fmt.Sprintf("%d %s", vv, units[i]) + } + labelString = fmt.Sprintf("%s:%v", k, values) + } else { + labelString = fmt.Sprintf("%s:%v", k, v) + } + ls = append(ls, labelString) + } + sort.Strings(ls) + return strings.Join(ls, " ") +} + +// SetLabel sets the specified key to the specified value for all samples in the +// profile. +func (p *Profile) SetLabel(key string, value []string) { + for _, sample := range p.Sample { + if sample.Label == nil { + sample.Label = map[string][]string{key: value} + } else { + sample.Label[key] = value + } + } +} + +// RemoveLabel removes all labels associated with the specified key for all +// samples in the profile. +func (p *Profile) RemoveLabel(key string) { + for _, sample := range p.Sample { + delete(sample.Label, key) + } +} + +// HasLabel returns true if a sample has a label with indicated key and value. +func (s *Sample) HasLabel(key, value string) bool { + for _, v := range s.Label[key] { + if v == value { + return true + } + } + return false +} + +// DiffBaseSample returns true if a sample belongs to the diff base and false +// otherwise. +func (s *Sample) DiffBaseSample() bool { + return s.HasLabel("pprof::base", "true") +} + +// Scale multiplies all sample values in a profile by a constant and keeps +// only samples that have at least one non-zero value. +func (p *Profile) Scale(ratio float64) { + if ratio == 1 { + return + } + ratios := make([]float64, len(p.SampleType)) + for i := range p.SampleType { + ratios[i] = ratio + } + p.ScaleN(ratios) +} + +// ScaleN multiplies each sample values in a sample by a different amount +// and keeps only samples that have at least one non-zero value. +func (p *Profile) ScaleN(ratios []float64) error { + if len(p.SampleType) != len(ratios) { + return fmt.Errorf("mismatched scale ratios, got %d, want %d", len(ratios), len(p.SampleType)) + } + allOnes := true + for _, r := range ratios { + if r != 1 { + allOnes = false + break + } + } + if allOnes { + return nil + } + fillIdx := 0 + for _, s := range p.Sample { + keepSample := false + for i, v := range s.Value { + if ratios[i] != 1 { + val := int64(math.Round(float64(v) * ratios[i])) + s.Value[i] = val + keepSample = keepSample || val != 0 + } + } + if keepSample { + p.Sample[fillIdx] = s + fillIdx++ + } + } + p.Sample = p.Sample[:fillIdx] + return nil +} + +// HasFunctions determines if all locations in this profile have +// symbolized function information. +func (p *Profile) HasFunctions() bool { + for _, l := range p.Location { + if l.Mapping != nil && !l.Mapping.HasFunctions { + return false + } + } + return true +} + +// HasFileLines determines if all locations in this profile have +// symbolized file and line number information. +func (p *Profile) HasFileLines() bool { + for _, l := range p.Location { + if l.Mapping != nil && (!l.Mapping.HasFilenames || !l.Mapping.HasLineNumbers) { + return false + } + } + return true +} + +// Unsymbolizable returns true if a mapping points to a binary for which +// locations can't be symbolized in principle, at least now. Examples are +// "[vdso]", [vsyscall]" and some others, see the code. +func (m *Mapping) Unsymbolizable() bool { + name := filepath.Base(m.File) + return strings.HasPrefix(name, "[") || strings.HasPrefix(name, "linux-vdso") || strings.HasPrefix(m.File, "/dev/dri/") +} + +// Copy makes a fully independent copy of a profile. +func (p *Profile) Copy() *Profile { + pp := &Profile{} + if err := unmarshal(serialize(p), pp); err != nil { + panic(err) + } + if err := pp.postDecode(); err != nil { + panic(err) + } + + return pp +} diff --git a/vendor/github.com/google/pprof/profile/proto.go b/vendor/github.com/google/pprof/profile/proto.go new file mode 100644 index 000000000..539ad3ab3 --- /dev/null +++ b/vendor/github.com/google/pprof/profile/proto.go @@ -0,0 +1,370 @@ +// Copyright 2014 Google Inc. All Rights Reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// This file is a simple protocol buffer encoder and decoder. +// The format is described at +// https://developers.google.com/protocol-buffers/docs/encoding +// +// A protocol message must implement the message interface: +// decoder() []decoder +// encode(*buffer) +// +// The decode method returns a slice indexed by field number that gives the +// function to decode that field. +// The encode method encodes its receiver into the given buffer. +// +// The two methods are simple enough to be implemented by hand rather than +// by using a protocol compiler. +// +// See profile.go for examples of messages implementing this interface. +// +// There is no support for groups, message sets, or "has" bits. + +package profile + +import ( + "errors" + "fmt" +) + +type buffer struct { + field int // field tag + typ int // proto wire type code for field + u64 uint64 + data []byte + tmp [16]byte +} + +type decoder func(*buffer, message) error + +type message interface { + decoder() []decoder + encode(*buffer) +} + +func marshal(m message) []byte { + var b buffer + m.encode(&b) + return b.data +} + +func encodeVarint(b *buffer, x uint64) { + for x >= 128 { + b.data = append(b.data, byte(x)|0x80) + x >>= 7 + } + b.data = append(b.data, byte(x)) +} + +func encodeLength(b *buffer, tag int, len int) { + encodeVarint(b, uint64(tag)<<3|2) + encodeVarint(b, uint64(len)) +} + +func encodeUint64(b *buffer, tag int, x uint64) { + // append varint to b.data + encodeVarint(b, uint64(tag)<<3) + encodeVarint(b, x) +} + +func encodeUint64s(b *buffer, tag int, x []uint64) { + if len(x) > 2 { + // Use packed encoding + n1 := len(b.data) + for _, u := range x { + encodeVarint(b, u) + } + n2 := len(b.data) + encodeLength(b, tag, n2-n1) + n3 := len(b.data) + copy(b.tmp[:], b.data[n2:n3]) + copy(b.data[n1+(n3-n2):], b.data[n1:n2]) + copy(b.data[n1:], b.tmp[:n3-n2]) + return + } + for _, u := range x { + encodeUint64(b, tag, u) + } +} + +func encodeUint64Opt(b *buffer, tag int, x uint64) { + if x == 0 { + return + } + encodeUint64(b, tag, x) +} + +func encodeInt64(b *buffer, tag int, x int64) { + u := uint64(x) + encodeUint64(b, tag, u) +} + +func encodeInt64s(b *buffer, tag int, x []int64) { + if len(x) > 2 { + // Use packed encoding + n1 := len(b.data) + for _, u := range x { + encodeVarint(b, uint64(u)) + } + n2 := len(b.data) + encodeLength(b, tag, n2-n1) + n3 := len(b.data) + copy(b.tmp[:], b.data[n2:n3]) + copy(b.data[n1+(n3-n2):], b.data[n1:n2]) + copy(b.data[n1:], b.tmp[:n3-n2]) + return + } + for _, u := range x { + encodeInt64(b, tag, u) + } +} + +func encodeInt64Opt(b *buffer, tag int, x int64) { + if x == 0 { + return + } + encodeInt64(b, tag, x) +} + +func encodeString(b *buffer, tag int, x string) { + encodeLength(b, tag, len(x)) + b.data = append(b.data, x...) +} + +func encodeStrings(b *buffer, tag int, x []string) { + for _, s := range x { + encodeString(b, tag, s) + } +} + +func encodeBool(b *buffer, tag int, x bool) { + if x { + encodeUint64(b, tag, 1) + } else { + encodeUint64(b, tag, 0) + } +} + +func encodeBoolOpt(b *buffer, tag int, x bool) { + if x { + encodeBool(b, tag, x) + } +} + +func encodeMessage(b *buffer, tag int, m message) { + n1 := len(b.data) + m.encode(b) + n2 := len(b.data) + encodeLength(b, tag, n2-n1) + n3 := len(b.data) + copy(b.tmp[:], b.data[n2:n3]) + copy(b.data[n1+(n3-n2):], b.data[n1:n2]) + copy(b.data[n1:], b.tmp[:n3-n2]) +} + +func unmarshal(data []byte, m message) (err error) { + b := buffer{data: data, typ: 2} + return decodeMessage(&b, m) +} + +func le64(p []byte) uint64 { + return uint64(p[0]) | uint64(p[1])<<8 | uint64(p[2])<<16 | uint64(p[3])<<24 | uint64(p[4])<<32 | uint64(p[5])<<40 | uint64(p[6])<<48 | uint64(p[7])<<56 +} + +func le32(p []byte) uint32 { + return uint32(p[0]) | uint32(p[1])<<8 | uint32(p[2])<<16 | uint32(p[3])<<24 +} + +func decodeVarint(data []byte) (uint64, []byte, error) { + var u uint64 + for i := 0; ; i++ { + if i >= 10 || i >= len(data) { + return 0, nil, errors.New("bad varint") + } + u |= uint64(data[i]&0x7F) << uint(7*i) + if data[i]&0x80 == 0 { + return u, data[i+1:], nil + } + } +} + +func decodeField(b *buffer, data []byte) ([]byte, error) { + x, data, err := decodeVarint(data) + if err != nil { + return nil, err + } + b.field = int(x >> 3) + b.typ = int(x & 7) + b.data = nil + b.u64 = 0 + switch b.typ { + case 0: + b.u64, data, err = decodeVarint(data) + if err != nil { + return nil, err + } + case 1: + if len(data) < 8 { + return nil, errors.New("not enough data") + } + b.u64 = le64(data[:8]) + data = data[8:] + case 2: + var n uint64 + n, data, err = decodeVarint(data) + if err != nil { + return nil, err + } + if n > uint64(len(data)) { + return nil, errors.New("too much data") + } + b.data = data[:n] + data = data[n:] + case 5: + if len(data) < 4 { + return nil, errors.New("not enough data") + } + b.u64 = uint64(le32(data[:4])) + data = data[4:] + default: + return nil, fmt.Errorf("unknown wire type: %d", b.typ) + } + + return data, nil +} + +func checkType(b *buffer, typ int) error { + if b.typ != typ { + return errors.New("type mismatch") + } + return nil +} + +func decodeMessage(b *buffer, m message) error { + if err := checkType(b, 2); err != nil { + return err + } + dec := m.decoder() + data := b.data + for len(data) > 0 { + // pull varint field# + type + var err error + data, err = decodeField(b, data) + if err != nil { + return err + } + if b.field >= len(dec) || dec[b.field] == nil { + continue + } + if err := dec[b.field](b, m); err != nil { + return err + } + } + return nil +} + +func decodeInt64(b *buffer, x *int64) error { + if err := checkType(b, 0); err != nil { + return err + } + *x = int64(b.u64) + return nil +} + +func decodeInt64s(b *buffer, x *[]int64) error { + if b.typ == 2 { + // Packed encoding + data := b.data + tmp := make([]int64, 0, len(data)) // Maximally sized + for len(data) > 0 { + var u uint64 + var err error + + if u, data, err = decodeVarint(data); err != nil { + return err + } + tmp = append(tmp, int64(u)) + } + *x = append(*x, tmp...) + return nil + } + var i int64 + if err := decodeInt64(b, &i); err != nil { + return err + } + *x = append(*x, i) + return nil +} + +func decodeUint64(b *buffer, x *uint64) error { + if err := checkType(b, 0); err != nil { + return err + } + *x = b.u64 + return nil +} + +func decodeUint64s(b *buffer, x *[]uint64) error { + if b.typ == 2 { + data := b.data + // Packed encoding + tmp := make([]uint64, 0, len(data)) // Maximally sized + for len(data) > 0 { + var u uint64 + var err error + + if u, data, err = decodeVarint(data); err != nil { + return err + } + tmp = append(tmp, u) + } + *x = append(*x, tmp...) + return nil + } + var u uint64 + if err := decodeUint64(b, &u); err != nil { + return err + } + *x = append(*x, u) + return nil +} + +func decodeString(b *buffer, x *string) error { + if err := checkType(b, 2); err != nil { + return err + } + *x = string(b.data) + return nil +} + +func decodeStrings(b *buffer, x *[]string) error { + var s string + if err := decodeString(b, &s); err != nil { + return err + } + *x = append(*x, s) + return nil +} + +func decodeBool(b *buffer, x *bool) error { + if err := checkType(b, 0); err != nil { + return err + } + if int64(b.u64) == 0 { + *x = false + } else { + *x = true + } + return nil +} diff --git a/vendor/github.com/google/pprof/profile/prune.go b/vendor/github.com/google/pprof/profile/prune.go new file mode 100644 index 000000000..02d21a818 --- /dev/null +++ b/vendor/github.com/google/pprof/profile/prune.go @@ -0,0 +1,178 @@ +// Copyright 2014 Google Inc. All Rights Reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Implements methods to remove frames from profiles. + +package profile + +import ( + "fmt" + "regexp" + "strings" +) + +var ( + reservedNames = []string{"(anonymous namespace)", "operator()"} + bracketRx = func() *regexp.Regexp { + var quotedNames []string + for _, name := range append(reservedNames, "(") { + quotedNames = append(quotedNames, regexp.QuoteMeta(name)) + } + return regexp.MustCompile(strings.Join(quotedNames, "|")) + }() +) + +// simplifyFunc does some primitive simplification of function names. +func simplifyFunc(f string) string { + // Account for leading '.' on the PPC ELF v1 ABI. + funcName := strings.TrimPrefix(f, ".") + // Account for unsimplified names -- try to remove the argument list by trimming + // starting from the first '(', but skipping reserved names that have '('. + for _, ind := range bracketRx.FindAllStringSubmatchIndex(funcName, -1) { + foundReserved := false + for _, res := range reservedNames { + if funcName[ind[0]:ind[1]] == res { + foundReserved = true + break + } + } + if !foundReserved { + funcName = funcName[:ind[0]] + break + } + } + return funcName +} + +// Prune removes all nodes beneath a node matching dropRx, and not +// matching keepRx. If the root node of a Sample matches, the sample +// will have an empty stack. +func (p *Profile) Prune(dropRx, keepRx *regexp.Regexp) { + prune := make(map[uint64]bool) + pruneBeneath := make(map[uint64]bool) + + for _, loc := range p.Location { + var i int + for i = len(loc.Line) - 1; i >= 0; i-- { + if fn := loc.Line[i].Function; fn != nil && fn.Name != "" { + funcName := simplifyFunc(fn.Name) + if dropRx.MatchString(funcName) { + if keepRx == nil || !keepRx.MatchString(funcName) { + break + } + } + } + } + + if i >= 0 { + // Found matching entry to prune. + pruneBeneath[loc.ID] = true + + // Remove the matching location. + if i == len(loc.Line)-1 { + // Matched the top entry: prune the whole location. + prune[loc.ID] = true + } else { + loc.Line = loc.Line[i+1:] + } + } + } + + // Prune locs from each Sample + for _, sample := range p.Sample { + // Scan from the root to the leaves to find the prune location. + // Do not prune frames before the first user frame, to avoid + // pruning everything. + foundUser := false + for i := len(sample.Location) - 1; i >= 0; i-- { + id := sample.Location[i].ID + if !prune[id] && !pruneBeneath[id] { + foundUser = true + continue + } + if !foundUser { + continue + } + if prune[id] { + sample.Location = sample.Location[i+1:] + break + } + if pruneBeneath[id] { + sample.Location = sample.Location[i:] + break + } + } + } +} + +// RemoveUninteresting prunes and elides profiles using built-in +// tables of uninteresting function names. +func (p *Profile) RemoveUninteresting() error { + var keep, drop *regexp.Regexp + var err error + + if p.DropFrames != "" { + if drop, err = regexp.Compile("^(" + p.DropFrames + ")$"); err != nil { + return fmt.Errorf("failed to compile regexp %s: %v", p.DropFrames, err) + } + if p.KeepFrames != "" { + if keep, err = regexp.Compile("^(" + p.KeepFrames + ")$"); err != nil { + return fmt.Errorf("failed to compile regexp %s: %v", p.KeepFrames, err) + } + } + p.Prune(drop, keep) + } + return nil +} + +// PruneFrom removes all nodes beneath the lowest node matching dropRx, not including itself. +// +// Please see the example below to understand this method as well as +// the difference from Prune method. +// +// A sample contains Location of [A,B,C,B,D] where D is the top frame and there's no inline. +// +// PruneFrom(A) returns [A,B,C,B,D] because there's no node beneath A. +// Prune(A, nil) returns [B,C,B,D] by removing A itself. +// +// PruneFrom(B) returns [B,C,B,D] by removing all nodes beneath the first B when scanning from the bottom. +// Prune(B, nil) returns [D] because a matching node is found by scanning from the root. +func (p *Profile) PruneFrom(dropRx *regexp.Regexp) { + pruneBeneath := make(map[uint64]bool) + + for _, loc := range p.Location { + for i := 0; i < len(loc.Line); i++ { + if fn := loc.Line[i].Function; fn != nil && fn.Name != "" { + funcName := simplifyFunc(fn.Name) + if dropRx.MatchString(funcName) { + // Found matching entry to prune. + pruneBeneath[loc.ID] = true + loc.Line = loc.Line[i:] + break + } + } + } + } + + // Prune locs from each Sample + for _, sample := range p.Sample { + // Scan from the bottom leaf to the root to find the prune location. + for i, loc := range sample.Location { + if pruneBeneath[loc.ID] { + sample.Location = sample.Location[i:] + break + } + } + } +} diff --git a/vendor/github.com/onsi/ginkgo/v2/.gitignore b/vendor/github.com/onsi/ginkgo/v2/.gitignore index edf0231cd..18793c248 100644 --- a/vendor/github.com/onsi/ginkgo/v2/.gitignore +++ b/vendor/github.com/onsi/ginkgo/v2/.gitignore @@ -1,5 +1,5 @@ .DS_Store -TODO.md +TODO tmp/**/* *.coverprofile .vscode diff --git a/vendor/github.com/onsi/ginkgo/v2/CHANGELOG.md b/vendor/github.com/onsi/ginkgo/v2/CHANGELOG.md index 67625eb28..cb72bd6f2 100644 --- a/vendor/github.com/onsi/ginkgo/v2/CHANGELOG.md +++ b/vendor/github.com/onsi/ginkgo/v2/CHANGELOG.md @@ -1,3 +1,322 @@ +## 2.11.0 + +In prior versions of Ginkgo specs the CLI filter flags (e.g. `--focus`, `--label-filter`) would _override_ any programmatic focus. This behavior has proved surprising and confusing in at least the following ways: + +- users cannot combine programmatic filters and CLI filters to more efficiently select subsets of tests +- CLI filters can override programmatic focus on CI systems resulting in an exit code of 0 despite the presence of (incorrectly!) committed focused specs. + +Going forward Ginkgo will AND all programmatic and CLI filters. Moreover, the presence of any programmatic focused tests will always result in a non-zero exit code. + +This change is technically a change in Ginkgo's external contract and may require some users to make changes to successfully adopt. Specifically: it's possible some users were intentionally using CLI filters to override programmatic focus. If this is you please open an issue so we can explore solutions to the underlying problem you are trying to solve. + +### Fixes +- Programmatic focus is no longer overwrriten by CLI filters [d6bba86] + +### Maintenance +- Bump github.com/onsi/gomega from 1.27.7 to 1.27.8 (#1218) [4a70a38] +- Bump golang.org/x/sys from 0.8.0 to 0.9.0 (#1219) [97eda4d] + +## 2.10.0 + +### Features +- feat(ginkgo/generators): add --tags flag (#1216) [a782a77] + adds a new --tags flag to ginkgo generate + +### Fixes +- Fix broken link of MIGRATING_TO_V2.md (#1217) [548d78e] + +### Maintenance +- Bump golang.org/x/tools from 0.9.1 to 0.9.3 (#1215) [2b76a5e] + +## 2.9.7 + +### Fixes +- fix race when multiple defercleanups are called in goroutines [07fc3a0] + +## 2.9.6 + +### Fixes +- fix: create parent directory before report files (#1212) [0ac65de] + +### Maintenance +- Bump github.com/onsi/gomega from 1.27.6 to 1.27.7 (#1202) [3e39231] + +## 2.9.5 + +### Fixes +- ensure the correct deterministic sort order is produced when ordered specs are generated by a helper function [7fa0b6b] + +### Maintenance +- fix generators link (#1200) [9f9d8b9] +- Bump golang.org/x/tools from 0.8.0 to 0.9.1 (#1196) [150e3f2] +- fix spelling err in docs (#1199) [0013b1a] +- Bump golang.org/x/sys from 0.7.0 to 0.8.0 (#1193) [9e9e3e5] + +## 2.9.4 + +### Fixes +- fix hang with ginkgo -p (#1192) [15d4bdc] - this addresses a _long_ standing issue related to Ginkgo hanging when a child process spawned by the test does not exit. + +- fix: fail fast may cause Serial spec or cleanup Node interrupted (#1178) [8dea88b] - prior to this there was a small gap in which specs on other processes might start even if one process has tried to abort the suite. + + +### Maintenance +- Document run order when multiple setup nodes are at the same nesting level [903be81] + +## 2.9.3 + +### Features +- Add RenderTimeline to GinkgoT() [c0c77b6] + +### Fixes +- update Measure deprecation message. fixes #1176 [227c662] +- add newlines to GinkgoLogr (#1170) (#1171) [0de0e7c] + +### Maintenance +- Bump commonmarker from 0.23.8 to 0.23.9 in /docs (#1183) [8b925ab] +- Bump nokogiri from 1.14.1 to 1.14.3 in /docs (#1184) [e3795a4] +- Bump golang.org/x/tools from 0.7.0 to 0.8.0 (#1182) [b453793] +- Bump actions/setup-go from 3 to 4 (#1164) [73ed75b] +- Bump github.com/onsi/gomega from 1.27.4 to 1.27.6 (#1173) [0a2bc64] +- Bump github.com/go-logr/logr from 1.2.3 to 1.2.4 (#1174) [f41c557] +- Bump golang.org/x/sys from 0.6.0 to 0.7.0 (#1179) [8e423e5] + +## 2.9.2 + +### Maintenance +- Bump github.com/go-task/slim-sprig (#1167) [3fcc5bf] +- Bump github.com/onsi/gomega from 1.27.3 to 1.27.4 (#1163) [6143ffe] + +## 2.9.1 + +### Fixes +This release fixes a longstanding issue where `ginkgo -coverpkg=./...` would not work. This is now resolved and fixes [#1161](https://github.com/onsi/ginkgo/issues/1161) and [#995](https://github.com/onsi/ginkgo/issues/995) +- Support -coverpkg=./... [26ca1b5] +- document coverpkg a bit more clearly [fc44c3b] + +### Maintenance +- bump various dependencies +- Improve Documentation and fix typo (#1158) [93de676] + +## 2.9.0 + +### Features +- AttachProgressReporter is an experimental feature that allows users to provide arbitrary information when a ProgressReport is requested [28801fe] + +- GinkgoT() has been expanded to include several Ginkgo-specific methods [2bd5a3b] + + The intent is to enable the development of third-party libraries that integrate deeply with Ginkgo using `GinkgoT()` to access Ginkgo's functionality. + +## 2.8.4 + +### Features +- Add OmitSuiteSetupNodes to JunitReportConfig (#1147) [979fbc2] +- Add a reference to ginkgolinter in docs.index.md (#1143) [8432589] + +### Fixes +- rename tools hack to see if it fixes things for downstream users [a8bb39a] + +### Maintenance +- Bump golang.org/x/text (#1144) [41b2a8a] +- Bump github.com/onsi/gomega from 1.27.0 to 1.27.1 (#1142) [7c4f583] + +## 2.8.3 + +Released to fix security issue in golang.org/x/net dependency + +### Maintenance + +- Bump golang.org/x/net from 0.6.0 to 0.7.0 (#1141) [fc1a02e] +- remove tools.go hack from documentation [0718693] + +## 2.8.2 + +Ginkgo now includes a `tools.go` file in the root directory of the `ginkgo` package. This should allow modules that simply `go get github.com/onsi/ginkgo/v2` to also pull in the CLI dependencies. This obviates the need for consumers of Ginkgo to have their own `tools.go` file and makes it simpler to ensure that the version of the `ginkgo` CLI being used matches the version of the library. You can simply run `go run github.com/onsi/ginkgo/v2/ginkgo` to run the version of the cli associated with your package go.mod. + +### Maintenance + +- Bump github.com/onsi/gomega from 1.26.0 to 1.27.0 (#1139) [5767b0a] +- Fix minor typos (#1138) [e1e9723] +- Fix link in V2 Migration Guide (#1137) [a588f60] + +## 2.8.1 + +### Fixes +- lock around default report output to avoid triggering the race detector when calling By from goroutines [2d5075a] +- don't run ReportEntries through sprintf [febbe38] + +### Maintenance +- Bump golang.org/x/tools from 0.5.0 to 0.6.0 (#1135) [11a4860] +- test: update matrix for Go 1.20 (#1130) [4890a62] +- Bump golang.org/x/sys from 0.4.0 to 0.5.0 (#1133) [a774638] +- Bump github.com/onsi/gomega from 1.25.0 to 1.26.0 (#1120) [3f233bd] +- Bump github-pages from 227 to 228 in /docs (#1131) [f9b8649] +- Bump activesupport from 6.0.6 to 6.0.6.1 in /docs (#1127) [6f8c042] +- Update index.md with instructions on how to upgrade Ginkgo [833a75e] + +## 2.8.0 + +### Features + +- Introduce GinkgoHelper() to track and exclude helper functions from potential CodeLocations [e19f556] + +Modeled after `testing.T.Helper()`. Now, rather than write code like: + +```go +func helper(model Model) { + Expect(model).WithOffset(1).To(BeValid()) + Expect(model.SerialNumber).WithOffset(1).To(MatchRegexp(/[a-f0-9]*/)) +} +``` + +you can stop tracking offsets (which makes nesting composing helpers nearly impossible) and simply write: + +```go +func helper(model Model) { + GinkgoHelper() + Expect(model).To(BeValid()) + Expect(model.SerialNumber).To(MatchRegexp(/[a-f0-9]*/)) +} +``` + +- Introduce GinkgoLabelFilter() and Label().MatchesLabelFilter() to make it possible to programmatically match filters (fixes #1119) [2f6597c] + +You can now write code like this: + +```go +BeforeSuite(func() { + if Label("slow").MatchesLabelFilter(GinkgoLabelFilter()) { + // do slow setup + } + + if Label("fast").MatchesLabelFilter(GinkgoLabelFilter()) { + // do fast setup + } +}) +``` + +to programmatically check whether a given set of labels will match the configured `--label-filter`. + +### Maintenance + +- Bump webrick from 1.7.0 to 1.8.1 in /docs (#1125) [ea4966e] +- cdeql: add ruby language (#1124) [9dd275b] +- dependabot: add bundler package-ecosystem for docs (#1123) [14e7bdd] + +## 2.7.1 + +### Fixes +- Bring back SuiteConfig.EmitSpecProgress to avoid compilation issue for consumers that set it manually [d2a1cb0] + +### Maintenance +- Bump github.com/onsi/gomega from 1.24.2 to 1.25.0 (#1118) [cafece6] +- Bump golang.org/x/tools from 0.4.0 to 0.5.0 (#1111) [eda66c2] +- Bump golang.org/x/sys from 0.3.0 to 0.4.0 (#1112) [ac5ccaa] +- Bump github.com/onsi/gomega from 1.24.1 to 1.24.2 (#1097) [eee6480] + +## 2.7.0 + +### Features +- Introduce ContinueOnFailure for Ordered containers [e0123ca] - Ordered containers that are also decorated with ContinueOnFailure will not stop running specs after the first spec fails. +- Support for bootstrap commands to use custom data for templates (#1110) [7a2b242] +- Support for labels and pending decorator in ginkgo outline output (#1113) [e6e3b98] +- Color aliases for custom color support (#1101) [49fab7a] + +### Fixes +- correctly ensure deterministic spec order, even if specs are generated by iterating over a map [89dda20] +- Fix a bug where timedout specs were not correctly treated as failures when determining whether or not to run AfterAlls in an Ordered container. +- Ensure go test coverprofile outputs to the expected location (#1105) [b0bd77b] + +## 2.6.1 + +### Features +- Override formatter colors from envvars - this is a new feature but an alternative approach involving config files might be taken in the future (#1095) [60240d1] + +### Fixes +- GinkgoRecover now supports ignoring panics that match a specific, hidden, interface [301f3e2] + +### Maintenance +- Bump github.com/onsi/gomega from 1.24.0 to 1.24.1 (#1077) [3643823] +- Bump golang.org/x/tools from 0.2.0 to 0.4.0 (#1090) [f9f856e] +- Bump nokogiri from 1.13.9 to 1.13.10 in /docs (#1091) [0d7087e] + +## 2.6.0 + +### Features +- `ReportBeforeSuite` provides access to the suite report before the suite begins. +- Add junit config option for omitting leafnodetype (#1088) [956e6d2] +- Add support to customize junit report config to omit spec labels (#1087) [de44005] + +### Fixes +- Fix stack trace pruning so that it has a chance of working on windows [2165648] + +## 2.5.1 + +### Fixes +- skipped tests only show as 'S' when running with -v [3ab38ae] +- Fix typo in docs/index.md (#1082) [55fc58d] +- Fix typo in docs/index.md (#1081) [8a14f1f] +- Fix link notation in docs/index.md (#1080) [2669612] +- Fix typo in `--progress` deprecation message (#1076) [b4b7edc] + +### Maintenance +- chore: Included githubactions in the dependabot config (#976) [baea341] +- Bump golang.org/x/sys from 0.1.0 to 0.2.0 (#1075) [9646297] + +## 2.5.0 + +### Ginkgo output now includes a timeline-view of the spec + +This commit changes Ginkgo's default output. Spec details are now +presented as a **timeline** that includes events that occur during the spec +lifecycle interleaved with any GinkgoWriter content. This makes is much easier +to understand the flow of a spec and where a given failure occurs. + +The --progress, --slow-spec-threshold, --always-emit-ginkgo-writer flags +and the SuppressProgressReporting decorator have all been deprecated. Instead +the existing -v and -vv flags better capture the level of verbosity to display. However, +a new --show-node-events flag is added to include node `> Enter` and `< Exit` events +in the spec timeline. + +In addition, JUnit reports now include the timeline (rendered with -vv) and custom JUnit +reports can be configured and generated using +`GenerateJUnitReportWithConfig(report types.Report, dst string, config JunitReportConfig)` + +Code should continue to work unchanged with this version of Ginkgo - however if you have tooling that +was relying on the specific output format of Ginkgo you _may_ run into issues. Ginkgo's console output is not guaranteed to be stable for tooling and automation purposes. You should, instead, use Ginkgo's JSON format +to build tooling on top of as it has stronger guarantees to be stable from version to version. + +### Features +- Provide details about which timeout expired [0f2fa27] + +### Fixes +- Add Support Policy to docs [c70867a] + +### Maintenance +- Bump github.com/onsi/gomega from 1.22.1 to 1.23.0 (#1070) [bb3b4e2] + +## 2.4.0 + +### Features + +- DeferCleanup supports functions with multiple-return values [5e33c75] +- Add GinkgoLogr (#1067) [bf78c28] +- Introduction of 'MustPassRepeatedly' decorator (#1051) [047c02f] + +### Fixes +- correcting some typos (#1064) [1403d3c] +- fix flaky internal_integration interrupt specs [2105ba3] +- Correct busted link in README [be6b5b9] + +### Maintenance +- Bump actions/checkout from 2 to 3 (#1062) [8a2f483] +- Bump golang.org/x/tools from 0.1.12 to 0.2.0 (#1065) [529c4e8] +- Bump github/codeql-action from 1 to 2 (#1061) [da09146] +- Bump actions/setup-go from 2 to 3 (#1060) [918040d] +- Bump github.com/onsi/gomega from 1.22.0 to 1.22.1 (#1053) [2098e4d] +- Bump nokogiri from 1.13.8 to 1.13.9 in /docs (#1066) [1d74122] +- Add GHA to dependabot config [4442772] + ## 2.3.1 ## Fixes @@ -8,7 +327,7 @@ With this patch release, the ginkgo CLI can now identify a version mismatch and - Ginkgo cli can identify version mismatches and emit a helpful error message [bc4ae2f] - further emphasize that a version match is required when running Ginkgo on CI and/or locally [2691dd8] -## Maintenance +### Maintenance - bump gomega to v1.22.0 [822a937] ## 2.3.0 diff --git a/vendor/github.com/onsi/ginkgo/v2/README.md b/vendor/github.com/onsi/ginkgo/v2/README.md index 58507c36f..d0473a467 100644 --- a/vendor/github.com/onsi/ginkgo/v2/README.md +++ b/vendor/github.com/onsi/ginkgo/v2/README.md @@ -4,11 +4,7 @@ --- -# Ginkgo 2.0 is now Generally Available! - -You can learn more about 2.0 in the [Migration Guide](https://onsi.github.io/ginkgo/MIGRATING_TO_V2)! - ---- +# Ginkgo Ginkgo is a mature testing framework for Go designed to help you write expressive specs. Ginkgo builds on top of Go's `testing` foundation and is complemented by the [Gomega](https://github.com/onsi/gomega) matcher library. Together, Ginkgo and Gomega let you express the intent behind your specs clearly: @@ -33,53 +29,53 @@ Describe("Checking books out of the library", Label("library"), func() { }) When("the library has the book in question", func() { - BeforeEach(func() { - Expect(library.Store(book)).To(Succeed()) + BeforeEach(func(ctx SpecContext) { + Expect(library.Store(ctx, book)).To(Succeed()) }) Context("and the book is available", func() { - It("lends it to the reader", func() { - Expect(valjean.Checkout(library, "Les Miserables")).To(Succeed()) + It("lends it to the reader", func(ctx SpecContext) { + Expect(valjean.Checkout(ctx, library, "Les Miserables")).To(Succeed()) Expect(valjean.Books()).To(ContainElement(book)) - Expect(library.UserWithBook(book)).To(Equal(valjean)) - }) + Expect(library.UserWithBook(ctx, book)).To(Equal(valjean)) + }, SpecTimeout(time.Second * 5)) }) Context("but the book has already been checked out", func() { var javert *users.User - BeforeEach(func() { + BeforeEach(func(ctx SpecContext) { javert = users.NewUser("Javert") - Expect(javert.Checkout(library, "Les Miserables")).To(Succeed()) + Expect(javert.Checkout(ctx, library, "Les Miserables")).To(Succeed()) }) - It("tells the user", func() { - err := valjean.Checkout(library, "Les Miserables") + It("tells the user", func(ctx SpecContext) { + err := valjean.Checkout(ctx, library, "Les Miserables") Expect(error).To(MatchError("Les Miserables is currently checked out")) - }) + }, SpecTimeout(time.Second * 5)) - It("lets the user place a hold and get notified later", func() { - Expect(valjean.Hold(library, "Les Miserables")).To(Succeed()) - Expect(valjean.Holds()).To(ContainElement(book)) + It("lets the user place a hold and get notified later", func(ctx SpecContext) { + Expect(valjean.Hold(ctx, library, "Les Miserables")).To(Succeed()) + Expect(valjean.Holds(ctx)).To(ContainElement(book)) By("when Javert returns the book") - Expect(javert.Return(library, book)).To(Succeed()) + Expect(javert.Return(ctx, library, book)).To(Succeed()) By("it eventually informs Valjean") notification := "Les Miserables is ready for pick up" - Eventually(valjean.Notifications).Should(ContainElement(notification)) + Eventually(ctx, valjean.Notifications).Should(ContainElement(notification)) - Expect(valjean.Checkout(library, "Les Miserables")).To(Succeed()) - Expect(valjean.Books()).To(ContainElement(book)) - Expect(valjean.Holds()).To(BeEmpty()) - }) + Expect(valjean.Checkout(ctx, library, "Les Miserables")).To(Succeed()) + Expect(valjean.Books(ctx)).To(ContainElement(book)) + Expect(valjean.Holds(ctx)).To(BeEmpty()) + }, SpecTimeout(time.Second * 10)) }) }) When("the library does not have the book in question", func() { - It("tells the reader the book is unavailable", func() { - err := valjean.Checkout(library, "Les Miserables") + It("tells the reader the book is unavailable", func(ctx SpecContext) { + err := valjean.Checkout(ctx, library, "Les Miserables") Expect(error).To(MatchError("Les Miserables is not in the library catalog")) - }) + }, SpecTimeout(time.Second * 5)) }) }) ``` @@ -90,9 +86,9 @@ If you have a question, comment, bug report, feature request, etc. please open a ## Capabilities -Whether writing basic unit specs, complex integration specs, or even performance specs - Ginkgo gives you an expressive Domain-Specific Language (DSL) that will be familiar to users coming from frameworks such as [Quick](https://github.com/Quick/Quick), [RSpec](https://rspec.info), [Jasmine](https://jasmine.github.io), and [Busted](https://olivinelabs.com/busted/). This style of testing is sometimes referred to as "Behavior-Driven Development" (BDD) though Ginkgo's utility extends beyond acceptance-level testing. +Whether writing basic unit specs, complex integration specs, or even performance specs - Ginkgo gives you an expressive Domain-Specific Language (DSL) that will be familiar to users coming from frameworks such as [Quick](https://github.com/Quick/Quick), [RSpec](https://rspec.info), [Jasmine](https://jasmine.github.io), and [Busted](https://lunarmodules.github.io/busted/). This style of testing is sometimes referred to as "Behavior-Driven Development" (BDD) though Ginkgo's utility extends beyond acceptance-level testing. -With Ginkgo's DSL you can use nestable [`Describe`, `Context` and `When` container nodes](https://onsi.github.io/ginkgo/#organizing-specs-with-container-nodes) to help you organize your specs. [`BeforeEach` and `AfterEach` setup nodes](https://onsi.github.io/ginkgo/#extracting-common-setup-beforeeach) for setup and cleanup. [`It` and `Specify` subject nodes](https://onsi.github.io/ginkgo/#spec-subjects-it) that hold your assertions. [`BeforeSuite` and `AfterSuite` nodes](https://onsi.github.io/ginkgo/#suite-setup-and-cleanup-beforesuite-and-aftersuite) to prep for and cleanup after a suite... and [much more!](https://onsi.github.io/ginkgo/#writing-specs) +With Ginkgo's DSL you can use nestable [`Describe`, `Context` and `When` container nodes](https://onsi.github.io/ginkgo/#organizing-specs-with-container-nodes) to help you organize your specs. [`BeforeEach` and `AfterEach` setup nodes](https://onsi.github.io/ginkgo/#extracting-common-setup-beforeeach) for setup and cleanup. [`It` and `Specify` subject nodes](https://onsi.github.io/ginkgo/#spec-subjects-it) that hold your assertions. [`BeforeSuite` and `AfterSuite` nodes](https://onsi.github.io/ginkgo/#suite-setup-and-cleanup-beforesuite-and-aftersuite) to prep for and cleanup after a suite... and [much more!](https://onsi.github.io/ginkgo/#writing-specs). At runtime, Ginkgo can run your specs in reproducibly [random order](https://onsi.github.io/ginkgo/#spec-randomization) and has sophisticated support for [spec parallelization](https://onsi.github.io/ginkgo/#spec-parallelization). In fact, running specs in parallel is as easy as @@ -100,7 +96,7 @@ At runtime, Ginkgo can run your specs in reproducibly [random order](https://ons ginkgo -p ``` -By following [established patterns for writing parallel specs](https://onsi.github.io/ginkgo/#patterns-for-parallel-integration-specs) you can build even large, complex integration suites that parallelize cleanly and run performantly. +By following [established patterns for writing parallel specs](https://onsi.github.io/ginkgo/#patterns-for-parallel-integration-specs) you can build even large, complex integration suites that parallelize cleanly and run performantly. And you don't have to worry about your spec suite hanging or leaving a mess behind - Ginkgo provides a per-node `context.Context` and the capability to interrupt the spec after a set period of time - and then clean up. As your suites grow Ginkgo helps you keep your specs organized with [labels](https://onsi.github.io/ginkgo/#spec-labels) and lets you easily run [subsets of specs](https://onsi.github.io/ginkgo/#filtering-specs), either [programmatically](https://onsi.github.io/ginkgo/#focused-specs) or on the [command line](https://onsi.github.io/ginkgo/#combining-filters). And Ginkgo's reporting infrastructure generates machine-readable output in a [variety of formats](https://onsi.github.io/ginkgo/#generating-machine-readable-reports) _and_ allows you to build your own [custom reporting infrastructure](https://onsi.github.io/ginkgo/#generating-reports-programmatically). diff --git a/vendor/github.com/onsi/ginkgo/v2/RELEASING.md b/vendor/github.com/onsi/ginkgo/v2/RELEASING.md index 1d5a4ff70..363815d7c 100644 --- a/vendor/github.com/onsi/ginkgo/v2/RELEASING.md +++ b/vendor/github.com/onsi/ginkgo/v2/RELEASING.md @@ -5,7 +5,7 @@ A Ginkgo release is a tagged git sha and a GitHub release. To cut a release: ```bash LAST_VERSION=$(git tag --sort=version:refname | tail -n1) CHANGES=$(git log --pretty=format:'- %s [%h]' HEAD...$LAST_VERSION) - echo -e "## NEXT\n\n$CHANGES\n\n### Features\n\n## Fixes\n\n## Maintenance\n\n$(cat CHANGELOG.md)" > CHANGELOG.md + echo -e "## NEXT\n\n$CHANGES\n\n### Features\n\n### Fixes\n\n### Maintenance\n\n$(cat CHANGELOG.md)" > CHANGELOG.md ``` to update the changelog - Categorize the changes into diff --git a/vendor/github.com/onsi/ginkgo/v2/core_dsl.go b/vendor/github.com/onsi/ginkgo/v2/core_dsl.go index aaff7800d..a244bdc18 100644 --- a/vendor/github.com/onsi/ginkgo/v2/core_dsl.go +++ b/vendor/github.com/onsi/ginkgo/v2/core_dsl.go @@ -21,8 +21,8 @@ import ( "os" "path/filepath" "strings" - "time" + "github.com/go-logr/logr" "github.com/onsi/ginkgo/v2/formatter" "github.com/onsi/ginkgo/v2/internal" "github.com/onsi/ginkgo/v2/internal/global" @@ -46,7 +46,9 @@ func init() { var err error flagSet, err = types.BuildTestSuiteFlagSet(&suiteConfig, &reporterConfig) exitIfErr(err) - GinkgoWriter = internal.NewWriter(os.Stdout) + writer := internal.NewWriter(os.Stdout) + GinkgoWriter = writer + GinkgoLogr = internal.GinkgoLogrFunc(writer) } func exitIfErr(err error) { @@ -90,11 +92,11 @@ type GinkgoWriterInterface interface { } /* - SpecContext is the context object passed into nodes that are subject to a timeout or need to be notified of an interrupt. It implements the standard context.Context interface but also contains additional helpers to provide an extensibility point for Ginkgo. (As an example, Gomega's Eventually can use the methods defined on SpecContext to provide deeper integratoin with Ginkgo). +SpecContext is the context object passed into nodes that are subject to a timeout or need to be notified of an interrupt. It implements the standard context.Context interface but also contains additional helpers to provide an extensibility point for Ginkgo. (As an example, Gomega's Eventually can use the methods defined on SpecContext to provide deeper integration with Ginkgo). - You can do anything with SpecContext that you do with a typical context.Context including wrapping it with any of the context.With* methods. +You can do anything with SpecContext that you do with a typical context.Context including wrapping it with any of the context.With* methods. - Ginkgo will cancel the SpecContext when a node is interrupted (e.g. by the user sending an interupt signal) or when a node has exceeded it's allowed run-time. Note, however, that even in cases where a node has a deadline, SpecContext will not return a deadline via .Deadline(). This is because Ginkgo does not use a WithDeadline() context to model node deadlines as Ginkgo needs control over the precise timing of the context cancellation to ensure it can provide an accurate progress report at the moment of cancellation. +Ginkgo will cancel the SpecContext when a node is interrupted (e.g. by the user sending an interrupt signal) or when a node has exceeded its allowed run-time. Note, however, that even in cases where a node has a deadline, SpecContext will not return a deadline via .Deadline(). This is because Ginkgo does not use a WithDeadline() context to model node deadlines as Ginkgo needs control over the precise timing of the context cancellation to ensure it can provide an accurate progress report at the moment of cancellation. */ type SpecContext = internal.SpecContext @@ -112,6 +114,11 @@ You can learn more at https://onsi.github.io/ginkgo/#logging-output */ var GinkgoWriter GinkgoWriterInterface +/* +GinkgoLogr is a logr.Logger that writes to GinkgoWriter +*/ +var GinkgoLogr logr.Logger + // The interface by which Ginkgo receives *testing.T type GinkgoTestingT interface { Fail() @@ -156,6 +163,29 @@ func GinkgoParallelProcess() int { return suiteConfig.ParallelProcess } +/* +GinkgoHelper marks the function it's called in as a test helper. When a failure occurs inside a helper function, Ginkgo will skip the helper when analyzing the stack trace to identify where the failure occurred. + +This is an alternative, simpler, mechanism to passing in a skip offset when calling Fail or using Gomega. +*/ +func GinkgoHelper() { + types.MarkAsHelper(1) +} + +/* +GinkgoLabelFilter() returns the label filter configured for this suite via `--label-filter`. + +You can use this to manually check if a set of labels would satisfy the filter via: + + if (Label("cat", "dog").MatchesLabelFilter(GinkgoLabelFilter())) { + //... + } +*/ +func GinkgoLabelFilter() string { + suiteConfig, _ := GinkgoConfiguration() + return suiteConfig.LabelFilter +} + /* PauseOutputInterception() pauses Ginkgo's output interception. This is only relevant when running in parallel and output to stdout/stderr is being intercepted. You generally @@ -268,7 +298,7 @@ func RunSpecs(t GinkgoTestingT, description string, args ...interface{}) bool { } writer := GinkgoWriter.(*internal.Writer) - if reporterConfig.Verbose && suiteConfig.ParallelTotal == 1 { + if reporterConfig.Verbosity().GTE(types.VerbosityLevelVerbose) && suiteConfig.ParallelTotal == 1 { writer.SetMode(internal.WriterModeStreamAndBuffer) } else { writer.SetMode(internal.WriterModeBufferOnly) @@ -362,6 +392,12 @@ func AbortSuite(message string, callerSkip ...int) { panic(types.GinkgoErrors.UncaughtGinkgoPanic(cl)) } +/* +ignorablePanic is used by Gomega to signal to GinkgoRecover that Goemga is handling +the error associated with this panic. It i used when Eventually/Consistently are passed a func(g Gomega) and the resulting function launches a goroutines that makes a failed assertion. That failed assertion is registered by Gomega and then panics. Ordinarily the panic is captured by Gomega. In the case of a goroutine Gomega can't capture the panic - so we piggy back on GinkgoRecover so users have a single defer GinkgoRecover() pattern to follow. To do that we need to tell Ginkgo to ignore this panic and not register it as a panic on the global Failer. +*/ +type ignorablePanic interface{ GinkgoRecoverShouldIgnoreThisPanic() } + /* GinkgoRecover should be deferred at the top of any spawned goroutine that (may) call `Fail` Since Gomega assertions call fail, you should throw a `defer GinkgoRecover()` at the top of any goroutine that @@ -377,6 +413,9 @@ You can learn more about how Ginkgo manages failures here: https://onsi.github.i func GinkgoRecover() { e := recover() if e != nil { + if _, ok := e.(ignorablePanic); ok { + return + } global.Failer.Panic(types.NewCodeLocationWithStackTrace(1), e) } } @@ -501,35 +540,11 @@ and will simply log the passed in text to the GinkgoWriter. If By is handed a f By will also generate and attach a ReportEntry to the spec. This will ensure that By annotations appear in Ginkgo's machine-readable reports. -Note that By does not generate a new Ginkgo node - rather it is simply synctactic sugar around GinkgoWriter and AddReportEntry +Note that By does not generate a new Ginkgo node - rather it is simply syntactic sugar around GinkgoWriter and AddReportEntry You can learn more about By here: https://onsi.github.io/ginkgo/#documenting-complex-specs-by */ func By(text string, callback ...func()) { - if !global.Suite.InRunPhase() { - exitIfErr(types.GinkgoErrors.ByNotDuringRunPhase(types.NewCodeLocation(1))) - } - value := struct { - Text string - Duration time.Duration - }{ - Text: text, - } - t := time.Now() - global.Suite.SetProgressStepCursor(internal.ProgressStepCursor{ - Text: text, - CodeLocation: types.NewCodeLocation(1), - StartTime: t, - }) - AddReportEntry("By Step", ReportEntryVisibilityNever, Offset(1), &value, t) - formatter := formatter.NewWithNoColorBool(reporterConfig.NoColor) - GinkgoWriter.Println(formatter.F("{{bold}}STEP:{{/}} %s {{gray}}%s{{/}}", text, t.Format(types.GINKGO_TIME_FORMAT))) - if len(callback) == 1 { - callback[0]() - value.Duration = time.Since(t) - } - if len(callback) > 1 { - panic("just one callback per By, please") - } + exitIfErr(global.Suite.By(text, callback...)) } /* @@ -686,7 +701,6 @@ Multiple BeforeAll nodes can be defined in a given Ordered container however the BeforeAll can take a func() body, or an interruptible func(SpecContext)/func(context.Context) body. - You cannot nest any other Ginkgo nodes within a BeforeAll node's closure. You can learn more about Ordered Containers at: https://onsi.github.io/ginkgo/#ordered-containers And you can learn more about BeforeAll at: https://onsi.github.io/ginkgo/#setup-in-ordered-containers-beforeall-and-afterall @@ -717,10 +731,10 @@ DeferCleanup can be called within any Setup or Subject node to register a cleanu DeferCleanup can be passed: 1. A function that takes no arguments and returns no values. -2. A function that returns an error (in which case it will assert that the returned error was nil, or it will fail the spec). -3. A function that takes a context.Context or SpecContext (and optionally returns an error). The resulting cleanup node is deemed interruptible and the passed-in context will be cancelled in the event of a timeout or interrupt. -4. A function that takes arguments (and optionally returns an error) followed by a list of arguments to pass to the function. -5. A function that takes SpecContext and a list of arguments (and optionally returns an error) followed by a list of arguments to pass to the function. +2. A function that returns multiple values. `DeferCleanup` will ignore all these return values except for the last one. If this last return value is a non-nil error `DeferCleanup` will fail the spec). +3. A function that takes a context.Context or SpecContext (and optionally returns multiple values). The resulting cleanup node is deemed interruptible and the passed-in context will be cancelled in the event of a timeout or interrupt. +4. A function that takes arguments (and optionally returns multiple values) followed by a list of arguments to pass to the function. +5. A function that takes SpecContext and a list of arguments (and optionally returns multiple values) followed by a list of arguments to pass to the function. For example: @@ -729,7 +743,7 @@ For example: os.SetEnv("FOO", "BAR") }) -will register a cleanup handler that will set the environment variable "FOO" to it's current value (obtained by os.GetEnv("FOO")) after the spec runs and then sets the environment variable "FOO" to "BAR" for the current spec. +will register a cleanup handler that will set the environment variable "FOO" to its current value (obtained by os.GetEnv("FOO")) after the spec runs and then sets the environment variable "FOO" to "BAR" for the current spec. Similarly: @@ -757,3 +771,24 @@ func DeferCleanup(args ...interface{}) { } pushNode(internal.NewCleanupNode(deprecationTracker, fail, args...)) } + +/* +AttachProgressReporter allows you to register a function that will be called whenever Ginkgo generates a Progress Report. The contents returned by the function will be included in the report. + +**This is an experimental feature and the public-facing interface may change in a future minor version of Ginkgo** + +Progress Reports are generated: +- whenever the user explicitly requests one (via `SIGINFO` or `SIGUSR1`) +- on nodes decorated with PollProgressAfter +- on suites run with --poll-progress-after +- whenever a test times out + +Ginkgo uses Progress Reports to convey the current state of the test suite, including any running goroutines. By attaching a progress reporter you are able to supplement these reports with additional information. + +# AttachProgressReporter returns a function that can be called to detach the progress reporter + +You can learn more about AttachProgressReporter here: https://onsi.github.io/ginkgo/#attaching-additional-information-to-progress-reports +*/ +func AttachProgressReporter(reporter func() string) func() { + return global.Suite.AttachProgressReporter(reporter) +} diff --git a/vendor/github.com/onsi/ginkgo/v2/decorator_dsl.go b/vendor/github.com/onsi/ginkgo/v2/decorator_dsl.go index 37565e42f..c65af4ce1 100644 --- a/vendor/github.com/onsi/ginkgo/v2/decorator_dsl.go +++ b/vendor/github.com/onsi/ginkgo/v2/decorator_dsl.go @@ -13,13 +13,21 @@ You can learn more about decorators here: https://onsi.github.io/ginkgo/#decorat type Offset = internal.Offset /* -FlakeAttempts(uint N) is a decorator that allows you to mark individual specs or spec containers as flaky. Ginkgo will run them up to `N` times until they pass. +FlakeAttempts(uint N) is a decorator that allows you to mark individual specs or spec containers as flaky. Ginkgo will run them up to `N` times until they pass. -You can learn more here: https://onsi.github.io/ginkgo/#repeating-spec-runs-and-managing-flaky-specs +You can learn more here: https://onsi.github.io/ginkgo/#the-flakeattempts-decorator You can learn more about decorators here: https://onsi.github.io/ginkgo/#decorator-reference */ type FlakeAttempts = internal.FlakeAttempts +/* +MustPassRepeatedly(uint N) is a decorator that allows you to repeat the execution of individual specs or spec containers. Ginkgo will run them up to `N` times until they fail. + +You can learn more here: https://onsi.github.io/ginkgo/#the-mustpassrepeatedly-decorator +You can learn more about decorators here: https://onsi.github.io/ginkgo/#decorator-reference +*/ +type MustPassRepeatedly = internal.MustPassRepeatedly + /* Focus is a decorator that allows you to mark a spec or container as focused. Identical to FIt and FDescribe. @@ -38,7 +46,7 @@ const Pending = internal.Pending /* Serial is a decorator that allows you to mark a spec or container as serial. These specs will never run in parallel with other specs. -Tests in ordered containers cannot be marked as serial - mark the ordered container instead. +Specs in ordered containers cannot be marked as serial - mark the ordered container instead. You can learn more here: https://onsi.github.io/ginkgo/#serial-specs You can learn more about decorators here: https://onsi.github.io/ginkgo/#decorator-reference @@ -46,7 +54,7 @@ You can learn more about decorators here: https://onsi.github.io/ginkgo/#decorat const Serial = internal.Serial /* -Ordered is a decorator that allows you to mark a container as ordered. Tests in the container will always run in the order they appear. +Ordered is a decorator that allows you to mark a container as ordered. Specs in the container will always run in the order they appear. They will never be randomized and they will never run in parallel with one another, though they may run in parallel with other specs. You can learn more here: https://onsi.github.io/ginkgo/#ordered-containers @@ -54,6 +62,16 @@ You can learn more about decorators here: https://onsi.github.io/ginkgo/#decorat */ const Ordered = internal.Ordered +/* +ContinueOnFailure is a decorator that allows you to mark an Ordered container to continue running specs even if failures occur. Ordinarily an ordered container will stop running specs after the first failure occurs. Note that if a BeforeAll or a BeforeEach/JustBeforeEach annotated with OncePerOrdered fails then no specs will run as the precondition for the Ordered container will consider to be failed. + +ContinueOnFailure only applies to the outermost Ordered container. Attempting to place ContinueOnFailure in a nested container will result in an error. + +You can learn more here: https://onsi.github.io/ginkgo/#ordered-containers +You can learn more about decorators here: https://onsi.github.io/ginkgo/#decorator-reference +*/ +const ContinueOnFailure = internal.ContinueOnFailure + /* OncePerOrdered is a decorator that allows you to mark outer BeforeEach, AfterEach, JustBeforeEach, and JustAfterEach setup nodes to run once per ordered context. Normally these setup nodes run around each individual spec, with OncePerOrdered they will run once around the set of specs in an ordered container. diff --git a/vendor/github.com/onsi/ginkgo/v2/formatter/formatter.go b/vendor/github.com/onsi/ginkgo/v2/formatter/formatter.go index 43b16211d..743555dde 100644 --- a/vendor/github.com/onsi/ginkgo/v2/formatter/formatter.go +++ b/vendor/github.com/onsi/ginkgo/v2/formatter/formatter.go @@ -4,6 +4,7 @@ import ( "fmt" "os" "regexp" + "strconv" "strings" ) @@ -50,6 +51,37 @@ func NewWithNoColorBool(noColor bool) Formatter { } func New(colorMode ColorMode) Formatter { + colorAliases := map[string]int{ + "black": 0, + "red": 1, + "green": 2, + "yellow": 3, + "blue": 4, + "magenta": 5, + "cyan": 6, + "white": 7, + } + for colorAlias, n := range colorAliases { + colorAliases[fmt.Sprintf("bright-%s", colorAlias)] = n + 8 + } + + getColor := func(color, defaultEscapeCode string) string { + color = strings.ToUpper(strings.ReplaceAll(color, "-", "_")) + envVar := fmt.Sprintf("GINKGO_CLI_COLOR_%s", color) + envVarColor := os.Getenv(envVar) + if envVarColor == "" { + return defaultEscapeCode + } + if colorCode, ok := colorAliases[envVarColor]; ok { + return fmt.Sprintf("\x1b[38;5;%dm", colorCode) + } + colorCode, err := strconv.Atoi(envVarColor) + if err != nil || colorCode < 0 || colorCode > 255 { + return defaultEscapeCode + } + return fmt.Sprintf("\x1b[38;5;%dm", colorCode) + } + f := Formatter{ ColorMode: colorMode, colors: map[string]string{ @@ -57,18 +89,18 @@ func New(colorMode ColorMode) Formatter { "bold": "\x1b[1m", "underline": "\x1b[4m", - "red": "\x1b[38;5;9m", - "orange": "\x1b[38;5;214m", - "coral": "\x1b[38;5;204m", - "magenta": "\x1b[38;5;13m", - "green": "\x1b[38;5;10m", - "dark-green": "\x1b[38;5;28m", - "yellow": "\x1b[38;5;11m", - "light-yellow": "\x1b[38;5;228m", - "cyan": "\x1b[38;5;14m", - "gray": "\x1b[38;5;243m", - "light-gray": "\x1b[38;5;246m", - "blue": "\x1b[38;5;12m", + "red": getColor("red", "\x1b[38;5;9m"), + "orange": getColor("orange", "\x1b[38;5;214m"), + "coral": getColor("coral", "\x1b[38;5;204m"), + "magenta": getColor("magenta", "\x1b[38;5;13m"), + "green": getColor("green", "\x1b[38;5;10m"), + "dark-green": getColor("dark-green", "\x1b[38;5;28m"), + "yellow": getColor("yellow", "\x1b[38;5;11m"), + "light-yellow": getColor("light-yellow", "\x1b[38;5;228m"), + "cyan": getColor("cyan", "\x1b[38;5;14m"), + "gray": getColor("gray", "\x1b[38;5;243m"), + "light-gray": getColor("light-gray", "\x1b[38;5;246m"), + "blue": getColor("blue", "\x1b[38;5;12m"), }, } colors := []string{} @@ -88,7 +120,10 @@ func (f Formatter) Fi(indentation uint, format string, args ...interface{}) stri } func (f Formatter) Fiw(indentation uint, maxWidth uint, format string, args ...interface{}) string { - out := fmt.Sprintf(f.style(format), args...) + out := f.style(format) + if len(args) > 0 { + out = fmt.Sprintf(out, args...) + } if indentation == 0 && maxWidth == 0 { return out diff --git a/vendor/github.com/onsi/ginkgo/v2/ginkgo/command/abort.go b/vendor/github.com/onsi/ginkgo/v2/ginkgo/command/abort.go new file mode 100644 index 000000000..2efd28608 --- /dev/null +++ b/vendor/github.com/onsi/ginkgo/v2/ginkgo/command/abort.go @@ -0,0 +1,61 @@ +package command + +import "fmt" + +type AbortDetails struct { + ExitCode int + Error error + EmitUsage bool +} + +func Abort(details AbortDetails) { + panic(details) +} + +func AbortGracefullyWith(format string, args ...interface{}) { + Abort(AbortDetails{ + ExitCode: 0, + Error: fmt.Errorf(format, args...), + EmitUsage: false, + }) +} + +func AbortWith(format string, args ...interface{}) { + Abort(AbortDetails{ + ExitCode: 1, + Error: fmt.Errorf(format, args...), + EmitUsage: false, + }) +} + +func AbortWithUsage(format string, args ...interface{}) { + Abort(AbortDetails{ + ExitCode: 1, + Error: fmt.Errorf(format, args...), + EmitUsage: true, + }) +} + +func AbortIfError(preamble string, err error) { + if err != nil { + Abort(AbortDetails{ + ExitCode: 1, + Error: fmt.Errorf("%s\n%s", preamble, err.Error()), + EmitUsage: false, + }) + } +} + +func AbortIfErrors(preamble string, errors []error) { + if len(errors) > 0 { + out := "" + for _, err := range errors { + out += err.Error() + } + Abort(AbortDetails{ + ExitCode: 1, + Error: fmt.Errorf("%s\n%s", preamble, out), + EmitUsage: false, + }) + } +} diff --git a/vendor/github.com/onsi/ginkgo/v2/ginkgo/command/command.go b/vendor/github.com/onsi/ginkgo/v2/ginkgo/command/command.go new file mode 100644 index 000000000..12e0e5659 --- /dev/null +++ b/vendor/github.com/onsi/ginkgo/v2/ginkgo/command/command.go @@ -0,0 +1,50 @@ +package command + +import ( + "fmt" + "io" + "strings" + + "github.com/onsi/ginkgo/v2/formatter" + "github.com/onsi/ginkgo/v2/types" +) + +type Command struct { + Name string + Flags types.GinkgoFlagSet + Usage string + ShortDoc string + Documentation string + DocLink string + Command func(args []string, additionalArgs []string) +} + +func (c Command) Run(args []string, additionalArgs []string) { + args, err := c.Flags.Parse(args) + if err != nil { + AbortWithUsage(err.Error()) + } + + c.Command(args, additionalArgs) +} + +func (c Command) EmitUsage(writer io.Writer) { + fmt.Fprintln(writer, formatter.F("{{bold}}"+c.Usage+"{{/}}")) + fmt.Fprintln(writer, formatter.F("{{gray}}%s{{/}}", strings.Repeat("-", len(c.Usage)))) + if c.ShortDoc != "" { + fmt.Fprintln(writer, formatter.Fiw(0, formatter.COLS, c.ShortDoc)) + fmt.Fprintln(writer, "") + } + if c.Documentation != "" { + fmt.Fprintln(writer, formatter.Fiw(0, formatter.COLS, c.Documentation)) + fmt.Fprintln(writer, "") + } + if c.DocLink != "" { + fmt.Fprintln(writer, formatter.Fi(0, "{{bold}}Learn more at:{{/}} {{cyan}}{{underline}}http://onsi.github.io/ginkgo/#%s{{/}}", c.DocLink)) + fmt.Fprintln(writer, "") + } + flagUsage := c.Flags.Usage() + if flagUsage != "" { + fmt.Fprintf(writer, formatter.F(flagUsage)) + } +} diff --git a/vendor/github.com/onsi/ginkgo/v2/ginkgo/command/program.go b/vendor/github.com/onsi/ginkgo/v2/ginkgo/command/program.go new file mode 100644 index 000000000..88dd8d6b0 --- /dev/null +++ b/vendor/github.com/onsi/ginkgo/v2/ginkgo/command/program.go @@ -0,0 +1,182 @@ +package command + +import ( + "fmt" + "io" + "os" + "strings" + + "github.com/onsi/ginkgo/v2/formatter" + "github.com/onsi/ginkgo/v2/types" +) + +type Program struct { + Name string + Heading string + Commands []Command + DefaultCommand Command + DeprecatedCommands []DeprecatedCommand + + //For testing - leave as nil in production + OutWriter io.Writer + ErrWriter io.Writer + Exiter func(code int) +} + +type DeprecatedCommand struct { + Name string + Deprecation types.Deprecation +} + +func (p Program) RunAndExit(osArgs []string) { + var command Command + deprecationTracker := types.NewDeprecationTracker() + if p.Exiter == nil { + p.Exiter = os.Exit + } + if p.OutWriter == nil { + p.OutWriter = formatter.ColorableStdOut + } + if p.ErrWriter == nil { + p.ErrWriter = formatter.ColorableStdErr + } + + defer func() { + exitCode := 0 + + if r := recover(); r != nil { + details, ok := r.(AbortDetails) + if !ok { + panic(r) + } + + if details.Error != nil { + fmt.Fprintln(p.ErrWriter, formatter.F("{{red}}{{bold}}%s %s{{/}} {{red}}failed{{/}}", p.Name, command.Name)) + fmt.Fprintln(p.ErrWriter, formatter.Fi(1, details.Error.Error())) + } + if details.EmitUsage { + if details.Error != nil { + fmt.Fprintln(p.ErrWriter, "") + } + command.EmitUsage(p.ErrWriter) + } + exitCode = details.ExitCode + } + + command.Flags.ValidateDeprecations(deprecationTracker) + if deprecationTracker.DidTrackDeprecations() { + fmt.Fprintln(p.ErrWriter, deprecationTracker.DeprecationsReport()) + } + p.Exiter(exitCode) + return + }() + + args, additionalArgs := []string{}, []string{} + + foundDelimiter := false + for _, arg := range osArgs[1:] { + if !foundDelimiter { + if arg == "--" { + foundDelimiter = true + continue + } + } + + if foundDelimiter { + additionalArgs = append(additionalArgs, arg) + } else { + args = append(args, arg) + } + } + + command = p.DefaultCommand + if len(args) > 0 { + p.handleHelpRequestsAndExit(p.OutWriter, args) + if command.Name == args[0] { + args = args[1:] + } else { + for _, deprecatedCommand := range p.DeprecatedCommands { + if deprecatedCommand.Name == args[0] { + deprecationTracker.TrackDeprecation(deprecatedCommand.Deprecation) + return + } + } + for _, tryCommand := range p.Commands { + if tryCommand.Name == args[0] { + command, args = tryCommand, args[1:] + break + } + } + } + } + + command.Run(args, additionalArgs) +} + +func (p Program) handleHelpRequestsAndExit(writer io.Writer, args []string) { + if len(args) == 0 { + return + } + + matchesHelpFlag := func(args ...string) bool { + for _, arg := range args { + if arg == "--help" || arg == "-help" || arg == "-h" || arg == "--h" { + return true + } + } + return false + } + if len(args) == 1 { + if args[0] == "help" || matchesHelpFlag(args[0]) { + p.EmitUsage(writer) + Abort(AbortDetails{}) + } + } else { + var name string + if args[0] == "help" || matchesHelpFlag(args[0]) { + name = args[1] + } else if matchesHelpFlag(args[1:]...) { + name = args[0] + } else { + return + } + + if p.DefaultCommand.Name == name || p.Name == name { + p.DefaultCommand.EmitUsage(writer) + Abort(AbortDetails{}) + } + for _, command := range p.Commands { + if command.Name == name { + command.EmitUsage(writer) + Abort(AbortDetails{}) + } + } + + fmt.Fprintln(writer, formatter.F("{{red}}Unknown Command: {{bold}}%s{{/}}", name)) + fmt.Fprintln(writer, "") + p.EmitUsage(writer) + Abort(AbortDetails{ExitCode: 1}) + } + return +} + +func (p Program) EmitUsage(writer io.Writer) { + fmt.Fprintln(writer, formatter.F(p.Heading)) + fmt.Fprintln(writer, formatter.F("{{gray}}%s{{/}}", strings.Repeat("-", len(p.Heading)))) + fmt.Fprintln(writer, formatter.F("For usage information for a command, run {{bold}}%s help COMMAND{{/}}.", p.Name)) + fmt.Fprintln(writer, formatter.F("For usage information for the default command, run {{bold}}%s help %s{{/}} or {{bold}}%s help %s{{/}}.", p.Name, p.Name, p.Name, p.DefaultCommand.Name)) + fmt.Fprintln(writer, "") + fmt.Fprintln(writer, formatter.F("The following commands are available:")) + + fmt.Fprintln(writer, formatter.Fi(1, "{{bold}}%s{{/}} or %s {{bold}}%s{{/}} - {{gray}}%s{{/}}", p.Name, p.Name, p.DefaultCommand.Name, p.DefaultCommand.Usage)) + if p.DefaultCommand.ShortDoc != "" { + fmt.Fprintln(writer, formatter.Fi(2, p.DefaultCommand.ShortDoc)) + } + + for _, command := range p.Commands { + fmt.Fprintln(writer, formatter.Fi(1, "{{bold}}%s{{/}} - {{gray}}%s{{/}}", command.Name, command.Usage)) + if command.ShortDoc != "" { + fmt.Fprintln(writer, formatter.Fi(2, command.ShortDoc)) + } + } +} diff --git a/vendor/github.com/onsi/ginkgo/v2/ginkgo/generators/boostrap_templates.go b/vendor/github.com/onsi/ginkgo/v2/ginkgo/generators/boostrap_templates.go new file mode 100644 index 000000000..a367a1fc9 --- /dev/null +++ b/vendor/github.com/onsi/ginkgo/v2/ginkgo/generators/boostrap_templates.go @@ -0,0 +1,48 @@ +package generators + +var bootstrapText = `package {{.Package}} + +import ( + "testing" + + {{.GinkgoImport}} + {{.GomegaImport}} +) + +func Test{{.FormattedName}}(t *testing.T) { + {{.GomegaPackage}}RegisterFailHandler({{.GinkgoPackage}}Fail) + {{.GinkgoPackage}}RunSpecs(t, "{{.FormattedName}} Suite") +} +` + +var agoutiBootstrapText = `package {{.Package}} + +import ( + "testing" + + {{.GinkgoImport}} + {{.GomegaImport}} + "github.com/sclevine/agouti" +) + +func Test{{.FormattedName}}(t *testing.T) { + {{.GomegaPackage}}RegisterFailHandler({{.GinkgoPackage}}Fail) + {{.GinkgoPackage}}RunSpecs(t, "{{.FormattedName}} Suite") +} + +var agoutiDriver *agouti.WebDriver + +var _ = {{.GinkgoPackage}}BeforeSuite(func() { + // Choose a WebDriver: + + agoutiDriver = agouti.PhantomJS() + // agoutiDriver = agouti.Selenium() + // agoutiDriver = agouti.ChromeDriver() + + {{.GomegaPackage}}Expect(agoutiDriver.Start()).To({{.GomegaPackage}}Succeed()) +}) + +var _ = {{.GinkgoPackage}}AfterSuite(func() { + {{.GomegaPackage}}Expect(agoutiDriver.Stop()).To({{.GomegaPackage}}Succeed()) +}) +` diff --git a/vendor/github.com/onsi/ginkgo/v2/ginkgo/generators/bootstrap_command.go b/vendor/github.com/onsi/ginkgo/v2/ginkgo/generators/bootstrap_command.go new file mode 100644 index 000000000..73aff0b7a --- /dev/null +++ b/vendor/github.com/onsi/ginkgo/v2/ginkgo/generators/bootstrap_command.go @@ -0,0 +1,133 @@ +package generators + +import ( + "bytes" + "encoding/json" + "fmt" + "os" + "text/template" + + sprig "github.com/go-task/slim-sprig" + "github.com/onsi/ginkgo/v2/ginkgo/command" + "github.com/onsi/ginkgo/v2/ginkgo/internal" + "github.com/onsi/ginkgo/v2/types" +) + +func BuildBootstrapCommand() command.Command { + conf := GeneratorsConfig{} + flags, err := types.NewGinkgoFlagSet( + types.GinkgoFlags{ + {Name: "agouti", KeyPath: "Agouti", + Usage: "If set, bootstrap will generate a bootstrap file for writing Agouti tests"}, + {Name: "nodot", KeyPath: "NoDot", + Usage: "If set, bootstrap will generate a bootstrap test file that does not dot-import ginkgo and gomega"}, + {Name: "internal", KeyPath: "Internal", + Usage: "If set, bootstrap will generate a bootstrap test file that uses the regular package name (i.e. `package X`, not `package X_test`)"}, + {Name: "template", KeyPath: "CustomTemplate", + UsageArgument: "template-file", + Usage: "If specified, generate will use the contents of the file passed as the bootstrap template"}, + {Name: "template-data", KeyPath: "CustomTemplateData", + UsageArgument: "template-data-file", + Usage: "If specified, generate will use the contents of the file passed as data to be rendered in the bootstrap template"}, + }, + &conf, + types.GinkgoFlagSections{}, + ) + + if err != nil { + panic(err) + } + + return command.Command{ + Name: "bootstrap", + Usage: "ginkgo bootstrap", + ShortDoc: "Bootstrap a test suite for the current package", + Documentation: `Tests written in Ginkgo and Gomega require a small amount of boilerplate to hook into Go's testing infrastructure. + +{{bold}}ginkgo bootstrap{{/}} generates this boilerplate for you in a file named X_suite_test.go where X is the name of the package under test.`, + DocLink: "generators", + Flags: flags, + Command: func(_ []string, _ []string) { + generateBootstrap(conf) + }, + } +} + +type bootstrapData struct { + Package string + FormattedName string + + GinkgoImport string + GomegaImport string + GinkgoPackage string + GomegaPackage string + CustomData map[string]any +} + +func generateBootstrap(conf GeneratorsConfig) { + packageName, bootstrapFilePrefix, formattedName := getPackageAndFormattedName() + + data := bootstrapData{ + Package: determinePackageName(packageName, conf.Internal), + FormattedName: formattedName, + + GinkgoImport: `. "github.com/onsi/ginkgo/v2"`, + GomegaImport: `. "github.com/onsi/gomega"`, + GinkgoPackage: "", + GomegaPackage: "", + } + + if conf.NoDot { + data.GinkgoImport = `"github.com/onsi/ginkgo/v2"` + data.GomegaImport = `"github.com/onsi/gomega"` + data.GinkgoPackage = `ginkgo.` + data.GomegaPackage = `gomega.` + } + + targetFile := fmt.Sprintf("%s_suite_test.go", bootstrapFilePrefix) + if internal.FileExists(targetFile) { + command.AbortWith("{{bold}}%s{{/}} already exists", targetFile) + } else { + fmt.Printf("Generating ginkgo test suite bootstrap for %s in:\n\t%s\n", packageName, targetFile) + } + + f, err := os.Create(targetFile) + command.AbortIfError("Failed to create file:", err) + defer f.Close() + + var templateText string + if conf.CustomTemplate != "" { + tpl, err := os.ReadFile(conf.CustomTemplate) + command.AbortIfError("Failed to read custom bootstrap file:", err) + templateText = string(tpl) + if conf.CustomTemplateData != "" { + var tplCustomDataMap map[string]any + tplCustomData, err := os.ReadFile(conf.CustomTemplateData) + command.AbortIfError("Failed to read custom boostrap data file:", err) + if !json.Valid([]byte(tplCustomData)) { + command.AbortWith("Invalid JSON object in custom data file.") + } + //create map from the custom template data + json.Unmarshal(tplCustomData, &tplCustomDataMap) + data.CustomData = tplCustomDataMap + } + } else if conf.Agouti { + templateText = agoutiBootstrapText + } else { + templateText = bootstrapText + } + + //Setting the option to explicitly fail if template is rendered trying to access missing key + bootstrapTemplate, err := template.New("bootstrap").Funcs(sprig.TxtFuncMap()).Option("missingkey=error").Parse(templateText) + command.AbortIfError("Failed to parse bootstrap template:", err) + + buf := &bytes.Buffer{} + //Being explicit about failing sooner during template rendering + //when accessing custom data rather than during the go fmt command + err = bootstrapTemplate.Execute(buf, data) + command.AbortIfError("Failed to render bootstrap template:", err) + + buf.WriteTo(f) + + internal.GoFmt(targetFile) +} diff --git a/vendor/github.com/onsi/ginkgo/v2/ginkgo/generators/generate_command.go b/vendor/github.com/onsi/ginkgo/v2/ginkgo/generators/generate_command.go new file mode 100644 index 000000000..be01dec97 --- /dev/null +++ b/vendor/github.com/onsi/ginkgo/v2/ginkgo/generators/generate_command.go @@ -0,0 +1,264 @@ +package generators + +import ( + "bytes" + "encoding/json" + "fmt" + "os" + "path/filepath" + "strconv" + "strings" + "text/template" + + sprig "github.com/go-task/slim-sprig" + "github.com/onsi/ginkgo/v2/ginkgo/command" + "github.com/onsi/ginkgo/v2/ginkgo/internal" + "github.com/onsi/ginkgo/v2/types" +) + +func BuildGenerateCommand() command.Command { + conf := GeneratorsConfig{} + flags, err := types.NewGinkgoFlagSet( + types.GinkgoFlags{ + {Name: "agouti", KeyPath: "Agouti", + Usage: "If set, generate will create a test file for writing Agouti tests"}, + {Name: "nodot", KeyPath: "NoDot", + Usage: "If set, generate will create a test file that does not dot-import ginkgo and gomega"}, + {Name: "internal", KeyPath: "Internal", + Usage: "If set, generate will create a test file that uses the regular package name (i.e. `package X`, not `package X_test`)"}, + {Name: "template", KeyPath: "CustomTemplate", + UsageArgument: "template-file", + Usage: "If specified, generate will use the contents of the file passed as the test file template"}, + {Name: "template-data", KeyPath: "CustomTemplateData", + UsageArgument: "template-data-file", + Usage: "If specified, generate will use the contents of the file passed as data to be rendered in the test file template"}, + {Name: "tags", KeyPath: "Tags", + UsageArgument: "build-tags", + Usage: "If specified, generate will create a test file that uses the given build tags (i.e. `--tags e2e,!unit` will add `//go:build e2e,!unit`)"}, + }, + &conf, + types.GinkgoFlagSections{}, + ) + + if err != nil { + panic(err) + } + + return command.Command{ + Name: "generate", + Usage: "ginkgo generate ", + ShortDoc: "Generate a test file named _test.go", + Documentation: `If the optional argument is omitted, a file named after the package in the current directory will be created. + +You can pass multiple to generate multiple files simultaneously. The resulting files are named _test.go. + +You can also pass a of the form "file.go" and generate will emit "file_test.go".`, + DocLink: "generators", + Flags: flags, + Command: func(args []string, _ []string) { + generateTestFiles(conf, args) + }, + } +} + +type specData struct { + BuildTags string + Package string + Subject string + PackageImportPath string + ImportPackage bool + + GinkgoImport string + GomegaImport string + GinkgoPackage string + GomegaPackage string + CustomData map[string]any +} + +func generateTestFiles(conf GeneratorsConfig, args []string) { + subjects := args + if len(subjects) == 0 { + subjects = []string{""} + } + for _, subject := range subjects { + generateTestFileForSubject(subject, conf) + } +} + +func generateTestFileForSubject(subject string, conf GeneratorsConfig) { + packageName, specFilePrefix, formattedName := getPackageAndFormattedName() + if subject != "" { + specFilePrefix = formatSubject(subject) + formattedName = prettifyName(specFilePrefix) + } + + if conf.Internal { + specFilePrefix = specFilePrefix + "_internal" + } + + data := specData{ + BuildTags: getBuildTags(conf.Tags), + Package: determinePackageName(packageName, conf.Internal), + Subject: formattedName, + PackageImportPath: getPackageImportPath(), + ImportPackage: !conf.Internal, + + GinkgoImport: `. "github.com/onsi/ginkgo/v2"`, + GomegaImport: `. "github.com/onsi/gomega"`, + GinkgoPackage: "", + GomegaPackage: "", + } + + if conf.NoDot { + data.GinkgoImport = `"github.com/onsi/ginkgo/v2"` + data.GomegaImport = `"github.com/onsi/gomega"` + data.GinkgoPackage = `ginkgo.` + data.GomegaPackage = `gomega.` + } + + targetFile := fmt.Sprintf("%s_test.go", specFilePrefix) + if internal.FileExists(targetFile) { + command.AbortWith("{{bold}}%s{{/}} already exists", targetFile) + } else { + fmt.Printf("Generating ginkgo test for %s in:\n %s\n", data.Subject, targetFile) + } + + f, err := os.Create(targetFile) + command.AbortIfError("Failed to create test file:", err) + defer f.Close() + + var templateText string + if conf.CustomTemplate != "" { + tpl, err := os.ReadFile(conf.CustomTemplate) + command.AbortIfError("Failed to read custom template file:", err) + templateText = string(tpl) + if conf.CustomTemplateData != "" { + var tplCustomDataMap map[string]any + tplCustomData, err := os.ReadFile(conf.CustomTemplateData) + command.AbortIfError("Failed to read custom template data file:", err) + if !json.Valid([]byte(tplCustomData)) { + command.AbortWith("Invalid JSON object in custom data file.") + } + //create map from the custom template data + json.Unmarshal(tplCustomData, &tplCustomDataMap) + data.CustomData = tplCustomDataMap + } + } else if conf.Agouti { + templateText = agoutiSpecText + } else { + templateText = specText + } + + //Setting the option to explicitly fail if template is rendered trying to access missing key + specTemplate, err := template.New("spec").Funcs(sprig.TxtFuncMap()).Option("missingkey=error").Parse(templateText) + command.AbortIfError("Failed to read parse test template:", err) + + //Being explicit about failing sooner during template rendering + //when accessing custom data rather than during the go fmt command + err = specTemplate.Execute(f, data) + command.AbortIfError("Failed to render bootstrap template:", err) + internal.GoFmt(targetFile) +} + +func formatSubject(name string) string { + name = strings.ReplaceAll(name, "-", "_") + name = strings.ReplaceAll(name, " ", "_") + name = strings.Split(name, ".go")[0] + name = strings.Split(name, "_test")[0] + return name +} + +// moduleName returns module name from go.mod from given module root directory +func moduleName(modRoot string) string { + modFile, err := os.Open(filepath.Join(modRoot, "go.mod")) + if err != nil { + return "" + } + + mod := make([]byte, 128) + _, err = modFile.Read(mod) + if err != nil { + return "" + } + + slashSlash := []byte("//") + moduleStr := []byte("module") + + for len(mod) > 0 { + line := mod + mod = nil + if i := bytes.IndexByte(line, '\n'); i >= 0 { + line, mod = line[:i], line[i+1:] + } + if i := bytes.Index(line, slashSlash); i >= 0 { + line = line[:i] + } + line = bytes.TrimSpace(line) + if !bytes.HasPrefix(line, moduleStr) { + continue + } + line = line[len(moduleStr):] + n := len(line) + line = bytes.TrimSpace(line) + if len(line) == n || len(line) == 0 { + continue + } + + if line[0] == '"' || line[0] == '`' { + p, err := strconv.Unquote(string(line)) + if err != nil { + return "" // malformed quoted string or multiline module path + } + return p + } + + return string(line) + } + + return "" // missing module path +} + +func findModuleRoot(dir string) (root string) { + dir = filepath.Clean(dir) + + // Look for enclosing go.mod. + for { + if fi, err := os.Stat(filepath.Join(dir, "go.mod")); err == nil && !fi.IsDir() { + return dir + } + d := filepath.Dir(dir) + if d == dir { + break + } + dir = d + } + return "" +} + +func getPackageImportPath() string { + workingDir, err := os.Getwd() + if err != nil { + panic(err.Error()) + } + + sep := string(filepath.Separator) + + // Try go.mod file first + modRoot := findModuleRoot(workingDir) + if modRoot != "" { + modName := moduleName(modRoot) + if modName != "" { + cd := strings.ReplaceAll(workingDir, modRoot, "") + cd = strings.ReplaceAll(cd, sep, "/") + return modName + cd + } + } + + // Fallback to GOPATH structure + paths := strings.Split(workingDir, sep+"src"+sep) + if len(paths) == 1 { + fmt.Printf("\nCouldn't identify package import path.\n\n\tginkgo generate\n\nMust be run within a package directory under $GOPATH/src/...\nYou're going to have to change UNKNOWN_PACKAGE_PATH in the generated file...\n\n") + return "UNKNOWN_PACKAGE_PATH" + } + return filepath.ToSlash(paths[len(paths)-1]) +} diff --git a/vendor/github.com/onsi/ginkgo/v2/ginkgo/generators/generate_templates.go b/vendor/github.com/onsi/ginkgo/v2/ginkgo/generators/generate_templates.go new file mode 100644 index 000000000..4dab07d03 --- /dev/null +++ b/vendor/github.com/onsi/ginkgo/v2/ginkgo/generators/generate_templates.go @@ -0,0 +1,43 @@ +package generators + +var specText = `{{.BuildTags}} +package {{.Package}} + +import ( + {{.GinkgoImport}} + {{.GomegaImport}} + + {{if .ImportPackage}}"{{.PackageImportPath}}"{{end}} +) + +var _ = {{.GinkgoPackage}}Describe("{{.Subject}}", func() { + +}) +` + +var agoutiSpecText = `{{.BuildTags}} +package {{.Package}} + +import ( + {{.GinkgoImport}} + {{.GomegaImport}} + "github.com/sclevine/agouti" + . "github.com/sclevine/agouti/matchers" + + {{if .ImportPackage}}"{{.PackageImportPath}}"{{end}} +) + +var _ = {{.GinkgoPackage}}Describe("{{.Subject}}", func() { + var page *agouti.Page + + {{.GinkgoPackage}}BeforeEach(func() { + var err error + page, err = agoutiDriver.NewPage() + {{.GomegaPackage}}Expect(err).NotTo({{.GomegaPackage}}HaveOccurred()) + }) + + {{.GinkgoPackage}}AfterEach(func() { + {{.GomegaPackage}}Expect(page.Destroy()).To({{.GomegaPackage}}Succeed()) + }) +}) +` diff --git a/vendor/github.com/onsi/ginkgo/v2/ginkgo/generators/generators_common.go b/vendor/github.com/onsi/ginkgo/v2/ginkgo/generators/generators_common.go new file mode 100644 index 000000000..28c7aa6f4 --- /dev/null +++ b/vendor/github.com/onsi/ginkgo/v2/ginkgo/generators/generators_common.go @@ -0,0 +1,76 @@ +package generators + +import ( + "fmt" + "go/build" + "os" + "path/filepath" + "strconv" + "strings" + + "github.com/onsi/ginkgo/v2/ginkgo/command" +) + +type GeneratorsConfig struct { + Agouti, NoDot, Internal bool + CustomTemplate string + CustomTemplateData string + Tags string +} + +func getPackageAndFormattedName() (string, string, string) { + path, err := os.Getwd() + command.AbortIfError("Could not get current working directory:", err) + + dirName := strings.ReplaceAll(filepath.Base(path), "-", "_") + dirName = strings.ReplaceAll(dirName, " ", "_") + + pkg, err := build.ImportDir(path, 0) + packageName := pkg.Name + if err != nil { + packageName = ensureLegalPackageName(dirName) + } + + formattedName := prettifyName(filepath.Base(path)) + return packageName, dirName, formattedName +} + +func ensureLegalPackageName(name string) string { + if name == "_" { + return "underscore" + } + if len(name) == 0 { + return "empty" + } + n, isDigitErr := strconv.Atoi(string(name[0])) + if isDigitErr == nil { + return []string{"zero", "one", "two", "three", "four", "five", "six", "seven", "eight", "nine"}[n] + name[1:] + } + return name +} + +func prettifyName(name string) string { + name = strings.ReplaceAll(name, "-", " ") + name = strings.ReplaceAll(name, "_", " ") + name = strings.Title(name) + name = strings.ReplaceAll(name, " ", "") + return name +} + +func determinePackageName(name string, internal bool) string { + if internal { + return name + } + + return name + "_test" +} + +// getBuildTags returns the resultant string to be added. +// If the input string is not empty, then returns a `//go:build {}` string, +// otherwise returns an empty string. +func getBuildTags(tags string) string { + if tags != "" { + return fmt.Sprintf("//go:build %s\n", tags) + } + return "" +} diff --git a/vendor/github.com/onsi/ginkgo/v2/ginkgo/internal/compile.go b/vendor/github.com/onsi/ginkgo/v2/ginkgo/internal/compile.go new file mode 100644 index 000000000..86da7340d --- /dev/null +++ b/vendor/github.com/onsi/ginkgo/v2/ginkgo/internal/compile.go @@ -0,0 +1,161 @@ +package internal + +import ( + "fmt" + "os" + "os/exec" + "path/filepath" + "strings" + "sync" + + "github.com/onsi/ginkgo/v2/types" +) + +func CompileSuite(suite TestSuite, goFlagsConfig types.GoFlagsConfig) TestSuite { + if suite.PathToCompiledTest != "" { + return suite + } + + suite.CompilationError = nil + + path, err := filepath.Abs(filepath.Join(suite.Path, suite.PackageName+".test")) + if err != nil { + suite.State = TestSuiteStateFailedToCompile + suite.CompilationError = fmt.Errorf("Failed to compute compilation target path:\n%s", err.Error()) + return suite + } + + ginkgoInvocationPath, _ := os.Getwd() + ginkgoInvocationPath, _ = filepath.Abs(ginkgoInvocationPath) + packagePath := suite.AbsPath() + pathToInvocationPath, err := filepath.Rel(packagePath, ginkgoInvocationPath) + if err != nil { + suite.State = TestSuiteStateFailedToCompile + suite.CompilationError = fmt.Errorf("Failed to get relative path from package to the current working directory:\n%s", err.Error()) + return suite + } + args, err := types.GenerateGoTestCompileArgs(goFlagsConfig, path, "./", pathToInvocationPath) + if err != nil { + suite.State = TestSuiteStateFailedToCompile + suite.CompilationError = fmt.Errorf("Failed to generate go test compile flags:\n%s", err.Error()) + return suite + } + + cmd := exec.Command("go", args...) + cmd.Dir = suite.Path + output, err := cmd.CombinedOutput() + if err != nil { + if len(output) > 0 { + suite.State = TestSuiteStateFailedToCompile + suite.CompilationError = fmt.Errorf("Failed to compile %s:\n\n%s", suite.PackageName, output) + } else { + suite.State = TestSuiteStateFailedToCompile + suite.CompilationError = fmt.Errorf("Failed to compile %s\n%s", suite.PackageName, err.Error()) + } + return suite + } + + if strings.Contains(string(output), "[no test files]") { + suite.State = TestSuiteStateSkippedDueToEmptyCompilation + return suite + } + + if len(output) > 0 { + fmt.Println(string(output)) + } + + if !FileExists(path) { + suite.State = TestSuiteStateFailedToCompile + suite.CompilationError = fmt.Errorf("Failed to compile %s:\nOutput file %s could not be found", suite.PackageName, path) + return suite + } + + suite.State = TestSuiteStateCompiled + suite.PathToCompiledTest = path + return suite +} + +func Cleanup(goFlagsConfig types.GoFlagsConfig, suites ...TestSuite) { + if goFlagsConfig.BinaryMustBePreserved() { + return + } + for _, suite := range suites { + if !suite.Precompiled { + os.Remove(suite.PathToCompiledTest) + } + } +} + +type parallelSuiteBundle struct { + suite TestSuite + compiled chan TestSuite +} + +type OrderedParallelCompiler struct { + mutex *sync.Mutex + stopped bool + numCompilers int + + idx int + numSuites int + completionChannels []chan TestSuite +} + +func NewOrderedParallelCompiler(numCompilers int) *OrderedParallelCompiler { + return &OrderedParallelCompiler{ + mutex: &sync.Mutex{}, + numCompilers: numCompilers, + } +} + +func (opc *OrderedParallelCompiler) StartCompiling(suites TestSuites, goFlagsConfig types.GoFlagsConfig) { + opc.stopped = false + opc.idx = 0 + opc.numSuites = len(suites) + opc.completionChannels = make([]chan TestSuite, opc.numSuites) + + toCompile := make(chan parallelSuiteBundle, opc.numCompilers) + for compiler := 0; compiler < opc.numCompilers; compiler++ { + go func() { + for bundle := range toCompile { + c, suite := bundle.compiled, bundle.suite + opc.mutex.Lock() + stopped := opc.stopped + opc.mutex.Unlock() + if !stopped { + suite = CompileSuite(suite, goFlagsConfig) + } + c <- suite + } + }() + } + + for idx, suite := range suites { + opc.completionChannels[idx] = make(chan TestSuite, 1) + toCompile <- parallelSuiteBundle{suite, opc.completionChannels[idx]} + if idx == 0 { //compile first suite serially + suite = <-opc.completionChannels[0] + opc.completionChannels[0] <- suite + } + } + + close(toCompile) +} + +func (opc *OrderedParallelCompiler) Next() (int, TestSuite) { + if opc.idx >= opc.numSuites { + return opc.numSuites, TestSuite{} + } + + idx := opc.idx + suite := <-opc.completionChannels[idx] + opc.idx = opc.idx + 1 + + return idx, suite +} + +func (opc *OrderedParallelCompiler) StopAndDrain() { + opc.mutex.Lock() + opc.stopped = true + opc.mutex.Unlock() +} diff --git a/vendor/github.com/onsi/ginkgo/v2/ginkgo/internal/profiles_and_reports.go b/vendor/github.com/onsi/ginkgo/v2/ginkgo/internal/profiles_and_reports.go new file mode 100644 index 000000000..bd3c6d028 --- /dev/null +++ b/vendor/github.com/onsi/ginkgo/v2/ginkgo/internal/profiles_and_reports.go @@ -0,0 +1,237 @@ +package internal + +import ( + "bytes" + "fmt" + "os" + "os/exec" + "path/filepath" + "regexp" + "strconv" + + "github.com/google/pprof/profile" + "github.com/onsi/ginkgo/v2/reporters" + "github.com/onsi/ginkgo/v2/types" +) + +func AbsPathForGeneratedAsset(assetName string, suite TestSuite, cliConfig types.CLIConfig, process int) string { + suffix := "" + if process != 0 { + suffix = fmt.Sprintf(".%d", process) + } + if cliConfig.OutputDir == "" { + return filepath.Join(suite.AbsPath(), assetName+suffix) + } + outputDir, _ := filepath.Abs(cliConfig.OutputDir) + return filepath.Join(outputDir, suite.NamespacedName()+"_"+assetName+suffix) +} + +func FinalizeProfilesAndReportsForSuites(suites TestSuites, cliConfig types.CLIConfig, suiteConfig types.SuiteConfig, reporterConfig types.ReporterConfig, goFlagsConfig types.GoFlagsConfig) ([]string, error) { + messages := []string{} + suitesWithProfiles := suites.WithState(TestSuiteStatePassed, TestSuiteStateFailed) //anything else won't have actually run and generated a profile + + // merge cover profiles if need be + if goFlagsConfig.Cover && !cliConfig.KeepSeparateCoverprofiles { + coverProfiles := []string{} + for _, suite := range suitesWithProfiles { + if !suite.HasProgrammaticFocus { + coverProfiles = append(coverProfiles, AbsPathForGeneratedAsset(goFlagsConfig.CoverProfile, suite, cliConfig, 0)) + } + } + + if len(coverProfiles) > 0 { + dst := goFlagsConfig.CoverProfile + if cliConfig.OutputDir != "" { + dst = filepath.Join(cliConfig.OutputDir, goFlagsConfig.CoverProfile) + } + err := MergeAndCleanupCoverProfiles(coverProfiles, dst) + if err != nil { + return messages, err + } + coverage, err := GetCoverageFromCoverProfile(dst) + if err != nil { + return messages, err + } + if coverage == 0 { + messages = append(messages, "composite coverage: [no statements]") + } else if suitesWithProfiles.AnyHaveProgrammaticFocus() { + messages = append(messages, fmt.Sprintf("composite coverage: %.1f%% of statements however some suites did not contribute because they included programatically focused specs", coverage)) + } else { + messages = append(messages, fmt.Sprintf("composite coverage: %.1f%% of statements", coverage)) + } + } else { + messages = append(messages, "no composite coverage computed: all suites included programatically focused specs") + } + } + + // copy binaries if need be + for _, suite := range suitesWithProfiles { + if goFlagsConfig.BinaryMustBePreserved() && cliConfig.OutputDir != "" { + src := suite.PathToCompiledTest + dst := filepath.Join(cliConfig.OutputDir, suite.NamespacedName()+".test") + if suite.Precompiled { + if err := CopyFile(src, dst); err != nil { + return messages, err + } + } else { + if err := os.Rename(src, dst); err != nil { + return messages, err + } + } + } + } + + type reportFormat struct { + ReportName string + GenerateFunc func(types.Report, string) error + MergeFunc func([]string, string) ([]string, error) + } + reportFormats := []reportFormat{} + if reporterConfig.JSONReport != "" { + reportFormats = append(reportFormats, reportFormat{ReportName: reporterConfig.JSONReport, GenerateFunc: reporters.GenerateJSONReport, MergeFunc: reporters.MergeAndCleanupJSONReports}) + } + if reporterConfig.JUnitReport != "" { + reportFormats = append(reportFormats, reportFormat{ReportName: reporterConfig.JUnitReport, GenerateFunc: reporters.GenerateJUnitReport, MergeFunc: reporters.MergeAndCleanupJUnitReports}) + } + if reporterConfig.TeamcityReport != "" { + reportFormats = append(reportFormats, reportFormat{ReportName: reporterConfig.TeamcityReport, GenerateFunc: reporters.GenerateTeamcityReport, MergeFunc: reporters.MergeAndCleanupTeamcityReports}) + } + + // Generate reports for suites that failed to run + reportableSuites := suites.ThatAreGinkgoSuites() + for _, suite := range reportableSuites.WithState(TestSuiteStateFailedToCompile, TestSuiteStateFailedDueToTimeout, TestSuiteStateSkippedDueToPriorFailures, TestSuiteStateSkippedDueToEmptyCompilation) { + report := types.Report{ + SuitePath: suite.AbsPath(), + SuiteConfig: suiteConfig, + SuiteSucceeded: false, + } + switch suite.State { + case TestSuiteStateFailedToCompile: + report.SpecialSuiteFailureReasons = append(report.SpecialSuiteFailureReasons, suite.CompilationError.Error()) + case TestSuiteStateFailedDueToTimeout: + report.SpecialSuiteFailureReasons = append(report.SpecialSuiteFailureReasons, TIMEOUT_ELAPSED_FAILURE_REASON) + case TestSuiteStateSkippedDueToPriorFailures: + report.SpecialSuiteFailureReasons = append(report.SpecialSuiteFailureReasons, PRIOR_FAILURES_FAILURE_REASON) + case TestSuiteStateSkippedDueToEmptyCompilation: + report.SpecialSuiteFailureReasons = append(report.SpecialSuiteFailureReasons, EMPTY_SKIP_FAILURE_REASON) + report.SuiteSucceeded = true + } + + for _, format := range reportFormats { + format.GenerateFunc(report, AbsPathForGeneratedAsset(format.ReportName, suite, cliConfig, 0)) + } + } + + // Merge reports unless we've been asked to keep them separate + if !cliConfig.KeepSeparateReports { + for _, format := range reportFormats { + reports := []string{} + for _, suite := range reportableSuites { + reports = append(reports, AbsPathForGeneratedAsset(format.ReportName, suite, cliConfig, 0)) + } + dst := format.ReportName + if cliConfig.OutputDir != "" { + dst = filepath.Join(cliConfig.OutputDir, format.ReportName) + } + mergeMessages, err := format.MergeFunc(reports, dst) + messages = append(messages, mergeMessages...) + if err != nil { + return messages, err + } + } + } + + return messages, nil +} + +//loads each profile, combines them, deletes them, stores them in destination +func MergeAndCleanupCoverProfiles(profiles []string, destination string) error { + combined := &bytes.Buffer{} + modeRegex := regexp.MustCompile(`^mode: .*\n`) + for i, profile := range profiles { + contents, err := os.ReadFile(profile) + if err != nil { + return fmt.Errorf("Unable to read coverage file %s:\n%s", profile, err.Error()) + } + os.Remove(profile) + + // remove the cover mode line from every file + // except the first one + if i > 0 { + contents = modeRegex.ReplaceAll(contents, []byte{}) + } + + _, err = combined.Write(contents) + + // Add a newline to the end of every file if missing. + if err == nil && len(contents) > 0 && contents[len(contents)-1] != '\n' { + _, err = combined.Write([]byte("\n")) + } + + if err != nil { + return fmt.Errorf("Unable to append to coverprofile:\n%s", err.Error()) + } + } + + err := os.WriteFile(destination, combined.Bytes(), 0666) + if err != nil { + return fmt.Errorf("Unable to create combined cover profile:\n%s", err.Error()) + } + return nil +} + +func GetCoverageFromCoverProfile(profile string) (float64, error) { + cmd := exec.Command("go", "tool", "cover", "-func", profile) + output, err := cmd.CombinedOutput() + if err != nil { + return 0, fmt.Errorf("Could not process Coverprofile %s: %s", profile, err.Error()) + } + re := regexp.MustCompile(`total:\s*\(statements\)\s*(\d*\.\d*)\%`) + matches := re.FindStringSubmatch(string(output)) + if matches == nil { + return 0, fmt.Errorf("Could not parse Coverprofile to compute coverage percentage") + } + coverageString := matches[1] + coverage, err := strconv.ParseFloat(coverageString, 64) + if err != nil { + return 0, fmt.Errorf("Could not parse Coverprofile to compute coverage percentage: %s", err.Error()) + } + + return coverage, nil +} + +func MergeProfiles(profilePaths []string, destination string) error { + profiles := []*profile.Profile{} + for _, profilePath := range profilePaths { + proFile, err := os.Open(profilePath) + if err != nil { + return fmt.Errorf("Could not open profile: %s\n%s", profilePath, err.Error()) + } + prof, err := profile.Parse(proFile) + if err != nil { + return fmt.Errorf("Could not parse profile: %s\n%s", profilePath, err.Error()) + } + profiles = append(profiles, prof) + os.Remove(profilePath) + } + + mergedProfile, err := profile.Merge(profiles) + if err != nil { + return fmt.Errorf("Could not merge profiles:\n%s", err.Error()) + } + + outFile, err := os.Create(destination) + if err != nil { + return fmt.Errorf("Could not create merged profile %s:\n%s", destination, err.Error()) + } + err = mergedProfile.Write(outFile) + if err != nil { + return fmt.Errorf("Could not write merged profile %s:\n%s", destination, err.Error()) + } + err = outFile.Close() + if err != nil { + return fmt.Errorf("Could not close merged profile %s:\n%s", destination, err.Error()) + } + + return nil +} diff --git a/vendor/github.com/onsi/ginkgo/v2/ginkgo/internal/run.go b/vendor/github.com/onsi/ginkgo/v2/ginkgo/internal/run.go new file mode 100644 index 000000000..41052ea19 --- /dev/null +++ b/vendor/github.com/onsi/ginkgo/v2/ginkgo/internal/run.go @@ -0,0 +1,355 @@ +package internal + +import ( + "bytes" + "fmt" + "io" + "os" + "os/exec" + "path/filepath" + "regexp" + "strings" + "syscall" + "time" + + "github.com/onsi/ginkgo/v2/formatter" + "github.com/onsi/ginkgo/v2/ginkgo/command" + "github.com/onsi/ginkgo/v2/internal/parallel_support" + "github.com/onsi/ginkgo/v2/reporters" + "github.com/onsi/ginkgo/v2/types" +) + +func RunCompiledSuite(suite TestSuite, ginkgoConfig types.SuiteConfig, reporterConfig types.ReporterConfig, cliConfig types.CLIConfig, goFlagsConfig types.GoFlagsConfig, additionalArgs []string) TestSuite { + suite.State = TestSuiteStateFailed + suite.HasProgrammaticFocus = false + + if suite.PathToCompiledTest == "" { + return suite + } + + if suite.IsGinkgo && cliConfig.ComputedProcs() > 1 { + suite = runParallel(suite, ginkgoConfig, reporterConfig, cliConfig, goFlagsConfig, additionalArgs) + } else if suite.IsGinkgo { + suite = runSerial(suite, ginkgoConfig, reporterConfig, cliConfig, goFlagsConfig, additionalArgs) + } else { + suite = runGoTest(suite, cliConfig, goFlagsConfig) + } + runAfterRunHook(cliConfig.AfterRunHook, reporterConfig.NoColor, suite) + return suite +} + +func buildAndStartCommand(suite TestSuite, args []string, pipeToStdout bool) (*exec.Cmd, *bytes.Buffer) { + buf := &bytes.Buffer{} + cmd := exec.Command(suite.PathToCompiledTest, args...) + cmd.Dir = suite.Path + if pipeToStdout { + cmd.Stderr = io.MultiWriter(os.Stdout, buf) + cmd.Stdout = os.Stdout + } else { + cmd.Stderr = buf + cmd.Stdout = buf + } + err := cmd.Start() + command.AbortIfError("Failed to start test suite", err) + + return cmd, buf +} + +func checkForNoTestsWarning(buf *bytes.Buffer) bool { + if strings.Contains(buf.String(), "warning: no tests to run") { + fmt.Fprintf(os.Stderr, `Found no test suites, did you forget to run "ginkgo bootstrap"?`) + return true + } + return false +} + +func runGoTest(suite TestSuite, cliConfig types.CLIConfig, goFlagsConfig types.GoFlagsConfig) TestSuite { + // As we run the go test from the suite directory, make sure the cover profile is absolute + // and placed into the expected output directory when one is configured. + if goFlagsConfig.Cover && !filepath.IsAbs(goFlagsConfig.CoverProfile) { + goFlagsConfig.CoverProfile = AbsPathForGeneratedAsset(goFlagsConfig.CoverProfile, suite, cliConfig, 0) + } + + args, err := types.GenerateGoTestRunArgs(goFlagsConfig) + command.AbortIfError("Failed to generate test run arguments", err) + cmd, buf := buildAndStartCommand(suite, args, true) + + cmd.Wait() + + exitStatus := cmd.ProcessState.Sys().(syscall.WaitStatus).ExitStatus() + passed := (exitStatus == 0) || (exitStatus == types.GINKGO_FOCUS_EXIT_CODE) + passed = !(checkForNoTestsWarning(buf) && cliConfig.RequireSuite) && passed + if passed { + suite.State = TestSuiteStatePassed + } else { + suite.State = TestSuiteStateFailed + } + + return suite +} + +func runSerial(suite TestSuite, ginkgoConfig types.SuiteConfig, reporterConfig types.ReporterConfig, cliConfig types.CLIConfig, goFlagsConfig types.GoFlagsConfig, additionalArgs []string) TestSuite { + if goFlagsConfig.Cover { + goFlagsConfig.CoverProfile = AbsPathForGeneratedAsset(goFlagsConfig.CoverProfile, suite, cliConfig, 0) + } + if goFlagsConfig.BlockProfile != "" { + goFlagsConfig.BlockProfile = AbsPathForGeneratedAsset(goFlagsConfig.BlockProfile, suite, cliConfig, 0) + } + if goFlagsConfig.CPUProfile != "" { + goFlagsConfig.CPUProfile = AbsPathForGeneratedAsset(goFlagsConfig.CPUProfile, suite, cliConfig, 0) + } + if goFlagsConfig.MemProfile != "" { + goFlagsConfig.MemProfile = AbsPathForGeneratedAsset(goFlagsConfig.MemProfile, suite, cliConfig, 0) + } + if goFlagsConfig.MutexProfile != "" { + goFlagsConfig.MutexProfile = AbsPathForGeneratedAsset(goFlagsConfig.MutexProfile, suite, cliConfig, 0) + } + if reporterConfig.JSONReport != "" { + reporterConfig.JSONReport = AbsPathForGeneratedAsset(reporterConfig.JSONReport, suite, cliConfig, 0) + } + if reporterConfig.JUnitReport != "" { + reporterConfig.JUnitReport = AbsPathForGeneratedAsset(reporterConfig.JUnitReport, suite, cliConfig, 0) + } + if reporterConfig.TeamcityReport != "" { + reporterConfig.TeamcityReport = AbsPathForGeneratedAsset(reporterConfig.TeamcityReport, suite, cliConfig, 0) + } + + args, err := types.GenerateGinkgoTestRunArgs(ginkgoConfig, reporterConfig, goFlagsConfig) + command.AbortIfError("Failed to generate test run arguments", err) + args = append([]string{"--test.timeout=0"}, args...) + args = append(args, additionalArgs...) + + cmd, buf := buildAndStartCommand(suite, args, true) + + cmd.Wait() + + exitStatus := cmd.ProcessState.Sys().(syscall.WaitStatus).ExitStatus() + suite.HasProgrammaticFocus = (exitStatus == types.GINKGO_FOCUS_EXIT_CODE) + passed := (exitStatus == 0) || (exitStatus == types.GINKGO_FOCUS_EXIT_CODE) + passed = !(checkForNoTestsWarning(buf) && cliConfig.RequireSuite) && passed + if passed { + suite.State = TestSuiteStatePassed + } else { + suite.State = TestSuiteStateFailed + } + + if suite.HasProgrammaticFocus { + if goFlagsConfig.Cover { + fmt.Fprintln(os.Stdout, "coverage: no coverfile was generated because specs are programmatically focused") + } + if goFlagsConfig.BlockProfile != "" { + fmt.Fprintln(os.Stdout, "no block profile was generated because specs are programmatically focused") + } + if goFlagsConfig.CPUProfile != "" { + fmt.Fprintln(os.Stdout, "no cpu profile was generated because specs are programmatically focused") + } + if goFlagsConfig.MemProfile != "" { + fmt.Fprintln(os.Stdout, "no mem profile was generated because specs are programmatically focused") + } + if goFlagsConfig.MutexProfile != "" { + fmt.Fprintln(os.Stdout, "no mutex profile was generated because specs are programmatically focused") + } + } + + return suite +} + +func runParallel(suite TestSuite, ginkgoConfig types.SuiteConfig, reporterConfig types.ReporterConfig, cliConfig types.CLIConfig, goFlagsConfig types.GoFlagsConfig, additionalArgs []string) TestSuite { + type procResult struct { + passed bool + hasProgrammaticFocus bool + } + + numProcs := cliConfig.ComputedProcs() + procOutput := make([]*bytes.Buffer, numProcs) + coverProfiles := []string{} + + blockProfiles := []string{} + cpuProfiles := []string{} + memProfiles := []string{} + mutexProfiles := []string{} + + procResults := make(chan procResult) + + server, err := parallel_support.NewServer(numProcs, reporters.NewDefaultReporter(reporterConfig, formatter.ColorableStdOut)) + command.AbortIfError("Failed to start parallel spec server", err) + server.Start() + defer server.Close() + + if reporterConfig.JSONReport != "" { + reporterConfig.JSONReport = AbsPathForGeneratedAsset(reporterConfig.JSONReport, suite, cliConfig, 0) + } + if reporterConfig.JUnitReport != "" { + reporterConfig.JUnitReport = AbsPathForGeneratedAsset(reporterConfig.JUnitReport, suite, cliConfig, 0) + } + if reporterConfig.TeamcityReport != "" { + reporterConfig.TeamcityReport = AbsPathForGeneratedAsset(reporterConfig.TeamcityReport, suite, cliConfig, 0) + } + + for proc := 1; proc <= numProcs; proc++ { + procGinkgoConfig := ginkgoConfig + procGinkgoConfig.ParallelProcess, procGinkgoConfig.ParallelTotal, procGinkgoConfig.ParallelHost = proc, numProcs, server.Address() + + procGoFlagsConfig := goFlagsConfig + if goFlagsConfig.Cover { + procGoFlagsConfig.CoverProfile = AbsPathForGeneratedAsset(goFlagsConfig.CoverProfile, suite, cliConfig, proc) + coverProfiles = append(coverProfiles, procGoFlagsConfig.CoverProfile) + } + if goFlagsConfig.BlockProfile != "" { + procGoFlagsConfig.BlockProfile = AbsPathForGeneratedAsset(goFlagsConfig.BlockProfile, suite, cliConfig, proc) + blockProfiles = append(blockProfiles, procGoFlagsConfig.BlockProfile) + } + if goFlagsConfig.CPUProfile != "" { + procGoFlagsConfig.CPUProfile = AbsPathForGeneratedAsset(goFlagsConfig.CPUProfile, suite, cliConfig, proc) + cpuProfiles = append(cpuProfiles, procGoFlagsConfig.CPUProfile) + } + if goFlagsConfig.MemProfile != "" { + procGoFlagsConfig.MemProfile = AbsPathForGeneratedAsset(goFlagsConfig.MemProfile, suite, cliConfig, proc) + memProfiles = append(memProfiles, procGoFlagsConfig.MemProfile) + } + if goFlagsConfig.MutexProfile != "" { + procGoFlagsConfig.MutexProfile = AbsPathForGeneratedAsset(goFlagsConfig.MutexProfile, suite, cliConfig, proc) + mutexProfiles = append(mutexProfiles, procGoFlagsConfig.MutexProfile) + } + + args, err := types.GenerateGinkgoTestRunArgs(procGinkgoConfig, reporterConfig, procGoFlagsConfig) + command.AbortIfError("Failed to generate test run arguments", err) + args = append([]string{"--test.timeout=0"}, args...) + args = append(args, additionalArgs...) + + cmd, buf := buildAndStartCommand(suite, args, false) + procOutput[proc-1] = buf + server.RegisterAlive(proc, func() bool { return cmd.ProcessState == nil || !cmd.ProcessState.Exited() }) + + go func() { + cmd.Wait() + exitStatus := cmd.ProcessState.Sys().(syscall.WaitStatus).ExitStatus() + procResults <- procResult{ + passed: (exitStatus == 0) || (exitStatus == types.GINKGO_FOCUS_EXIT_CODE), + hasProgrammaticFocus: exitStatus == types.GINKGO_FOCUS_EXIT_CODE, + } + }() + } + + passed := true + for proc := 1; proc <= cliConfig.ComputedProcs(); proc++ { + result := <-procResults + passed = passed && result.passed + suite.HasProgrammaticFocus = suite.HasProgrammaticFocus || result.hasProgrammaticFocus + } + if passed { + suite.State = TestSuiteStatePassed + } else { + suite.State = TestSuiteStateFailed + } + + select { + case <-server.GetSuiteDone(): + fmt.Println("") + case <-time.After(time.Second): + //one of the nodes never finished reporting to the server. Something must have gone wrong. + fmt.Fprint(formatter.ColorableStdErr, formatter.F("\n{{bold}}{{red}}Ginkgo timed out waiting for all parallel procs to report back{{/}}\n")) + fmt.Fprint(formatter.ColorableStdErr, formatter.F("{{gray}}Test suite:{{/}} %s (%s)\n\n", suite.PackageName, suite.Path)) + fmt.Fprint(formatter.ColorableStdErr, formatter.Fiw(0, formatter.COLS, "This occurs if a parallel process exits before it reports its results to the Ginkgo CLI. The CLI will now print out all the stdout/stderr output it's collected from the running processes. However you may not see anything useful in these logs because the individual test processes usually intercept output to stdout/stderr in order to capture it in the spec reports.\n\nYou may want to try rerunning your test suite with {{light-gray}}--output-interceptor-mode=none{{/}} to see additional output here and debug your suite.\n")) + fmt.Fprintln(formatter.ColorableStdErr, " ") + for proc := 1; proc <= cliConfig.ComputedProcs(); proc++ { + fmt.Fprintf(formatter.ColorableStdErr, formatter.F("{{bold}}Output from proc %d:{{/}}\n", proc)) + fmt.Fprintln(os.Stderr, formatter.Fi(1, "%s", procOutput[proc-1].String())) + } + fmt.Fprintf(os.Stderr, "** End **") + } + + for proc := 1; proc <= cliConfig.ComputedProcs(); proc++ { + output := procOutput[proc-1].String() + if proc == 1 && checkForNoTestsWarning(procOutput[0]) && cliConfig.RequireSuite { + suite.State = TestSuiteStateFailed + } + if strings.Contains(output, "deprecated Ginkgo functionality") { + fmt.Fprintln(os.Stderr, output) + } + } + + if len(coverProfiles) > 0 { + if suite.HasProgrammaticFocus { + fmt.Fprintln(os.Stdout, "coverage: no coverfile was generated because specs are programmatically focused") + } else { + coverProfile := AbsPathForGeneratedAsset(goFlagsConfig.CoverProfile, suite, cliConfig, 0) + err := MergeAndCleanupCoverProfiles(coverProfiles, coverProfile) + command.AbortIfError("Failed to combine cover profiles", err) + + coverage, err := GetCoverageFromCoverProfile(coverProfile) + command.AbortIfError("Failed to compute coverage", err) + if coverage == 0 { + fmt.Fprintln(os.Stdout, "coverage: [no statements]") + } else { + fmt.Fprintf(os.Stdout, "coverage: %.1f%% of statements\n", coverage) + } + } + } + if len(blockProfiles) > 0 { + if suite.HasProgrammaticFocus { + fmt.Fprintln(os.Stdout, "no block profile was generated because specs are programmatically focused") + } else { + blockProfile := AbsPathForGeneratedAsset(goFlagsConfig.BlockProfile, suite, cliConfig, 0) + err := MergeProfiles(blockProfiles, blockProfile) + command.AbortIfError("Failed to combine blockprofiles", err) + } + } + if len(cpuProfiles) > 0 { + if suite.HasProgrammaticFocus { + fmt.Fprintln(os.Stdout, "no cpu profile was generated because specs are programmatically focused") + } else { + cpuProfile := AbsPathForGeneratedAsset(goFlagsConfig.CPUProfile, suite, cliConfig, 0) + err := MergeProfiles(cpuProfiles, cpuProfile) + command.AbortIfError("Failed to combine cpuprofiles", err) + } + } + if len(memProfiles) > 0 { + if suite.HasProgrammaticFocus { + fmt.Fprintln(os.Stdout, "no mem profile was generated because specs are programmatically focused") + } else { + memProfile := AbsPathForGeneratedAsset(goFlagsConfig.MemProfile, suite, cliConfig, 0) + err := MergeProfiles(memProfiles, memProfile) + command.AbortIfError("Failed to combine memprofiles", err) + } + } + if len(mutexProfiles) > 0 { + if suite.HasProgrammaticFocus { + fmt.Fprintln(os.Stdout, "no mutex profile was generated because specs are programmatically focused") + } else { + mutexProfile := AbsPathForGeneratedAsset(goFlagsConfig.MutexProfile, suite, cliConfig, 0) + err := MergeProfiles(mutexProfiles, mutexProfile) + command.AbortIfError("Failed to combine mutexprofiles", err) + } + } + + return suite +} + +func runAfterRunHook(command string, noColor bool, suite TestSuite) { + if command == "" { + return + } + f := formatter.NewWithNoColorBool(noColor) + + // Allow for string replacement to pass input to the command + passed := "[FAIL]" + if suite.State.Is(TestSuiteStatePassed) { + passed = "[PASS]" + } + command = strings.ReplaceAll(command, "(ginkgo-suite-passed)", passed) + command = strings.ReplaceAll(command, "(ginkgo-suite-name)", suite.PackageName) + + // Must break command into parts + splitArgs := regexp.MustCompile(`'.+'|".+"|\S+`) + parts := splitArgs.FindAllString(command, -1) + + output, err := exec.Command(parts[0], parts[1:]...).CombinedOutput() + if err != nil { + fmt.Fprintln(formatter.ColorableStdOut, f.Fi(0, "{{red}}{{bold}}After-run-hook failed:{{/}}")) + fmt.Fprintln(formatter.ColorableStdOut, f.Fi(1, "{{red}}%s{{/}}", output)) + } else { + fmt.Fprintln(formatter.ColorableStdOut, f.Fi(0, "{{green}}{{bold}}After-run-hook succeeded:{{/}}")) + fmt.Fprintln(formatter.ColorableStdOut, f.Fi(1, "{{green}}%s{{/}}", output)) + } +} diff --git a/vendor/github.com/onsi/ginkgo/v2/ginkgo/internal/test_suite.go b/vendor/github.com/onsi/ginkgo/v2/ginkgo/internal/test_suite.go new file mode 100644 index 000000000..64dcb1b78 --- /dev/null +++ b/vendor/github.com/onsi/ginkgo/v2/ginkgo/internal/test_suite.go @@ -0,0 +1,283 @@ +package internal + +import ( + "errors" + "math/rand" + "os" + "path" + "path/filepath" + "regexp" + "strings" + + "github.com/onsi/ginkgo/v2/types" +) + +const TIMEOUT_ELAPSED_FAILURE_REASON = "Suite did not run because the timeout elapsed" +const PRIOR_FAILURES_FAILURE_REASON = "Suite did not run because prior suites failed and --keep-going is not set" +const EMPTY_SKIP_FAILURE_REASON = "Suite did not run go test reported that no test files were found" + +type TestSuiteState uint + +const ( + TestSuiteStateInvalid TestSuiteState = iota + + TestSuiteStateUncompiled + TestSuiteStateCompiled + + TestSuiteStatePassed + + TestSuiteStateSkippedDueToEmptyCompilation + TestSuiteStateSkippedByFilter + TestSuiteStateSkippedDueToPriorFailures + + TestSuiteStateFailed + TestSuiteStateFailedDueToTimeout + TestSuiteStateFailedToCompile +) + +var TestSuiteStateFailureStates = []TestSuiteState{TestSuiteStateFailed, TestSuiteStateFailedDueToTimeout, TestSuiteStateFailedToCompile} + +func (state TestSuiteState) Is(states ...TestSuiteState) bool { + for _, suiteState := range states { + if suiteState == state { + return true + } + } + + return false +} + +type TestSuite struct { + Path string + PackageName string + IsGinkgo bool + + Precompiled bool + PathToCompiledTest string + CompilationError error + + HasProgrammaticFocus bool + State TestSuiteState +} + +func (ts TestSuite) AbsPath() string { + path, _ := filepath.Abs(ts.Path) + return path +} + +func (ts TestSuite) NamespacedName() string { + name := relPath(ts.Path) + name = strings.TrimLeft(name, "."+string(filepath.Separator)) + name = strings.ReplaceAll(name, string(filepath.Separator), "_") + name = strings.ReplaceAll(name, " ", "_") + if name == "" { + return ts.PackageName + } + return name +} + +type TestSuites []TestSuite + +func (ts TestSuites) AnyHaveProgrammaticFocus() bool { + for _, suite := range ts { + if suite.HasProgrammaticFocus { + return true + } + } + + return false +} + +func (ts TestSuites) ThatAreGinkgoSuites() TestSuites { + out := TestSuites{} + for _, suite := range ts { + if suite.IsGinkgo { + out = append(out, suite) + } + } + return out +} + +func (ts TestSuites) CountWithState(states ...TestSuiteState) int { + n := 0 + for _, suite := range ts { + if suite.State.Is(states...) { + n += 1 + } + } + + return n +} + +func (ts TestSuites) WithState(states ...TestSuiteState) TestSuites { + out := TestSuites{} + for _, suite := range ts { + if suite.State.Is(states...) { + out = append(out, suite) + } + } + + return out +} + +func (ts TestSuites) WithoutState(states ...TestSuiteState) TestSuites { + out := TestSuites{} + for _, suite := range ts { + if !suite.State.Is(states...) { + out = append(out, suite) + } + } + + return out +} + +func (ts TestSuites) ShuffledCopy(seed int64) TestSuites { + out := make(TestSuites, len(ts)) + permutation := rand.New(rand.NewSource(seed)).Perm(len(ts)) + for i, j := range permutation { + out[i] = ts[j] + } + return out +} + +func FindSuites(args []string, cliConfig types.CLIConfig, allowPrecompiled bool) TestSuites { + suites := TestSuites{} + + if len(args) > 0 { + for _, arg := range args { + if allowPrecompiled { + suite, err := precompiledTestSuite(arg) + if err == nil { + suites = append(suites, suite) + continue + } + } + recurseForSuite := cliConfig.Recurse + if strings.HasSuffix(arg, "/...") && arg != "/..." { + arg = arg[:len(arg)-4] + recurseForSuite = true + } + suites = append(suites, suitesInDir(arg, recurseForSuite)...) + } + } else { + suites = suitesInDir(".", cliConfig.Recurse) + } + + if cliConfig.SkipPackage != "" { + skipFilters := strings.Split(cliConfig.SkipPackage, ",") + for idx := range suites { + for _, skipFilter := range skipFilters { + if strings.Contains(suites[idx].Path, skipFilter) { + suites[idx].State = TestSuiteStateSkippedByFilter + break + } + } + } + } + + return suites +} + +func precompiledTestSuite(path string) (TestSuite, error) { + info, err := os.Stat(path) + if err != nil { + return TestSuite{}, err + } + + if info.IsDir() { + return TestSuite{}, errors.New("this is a directory, not a file") + } + + if filepath.Ext(path) != ".test" && filepath.Ext(path) != ".exe" { + return TestSuite{}, errors.New("this is not a .test binary") + } + + if filepath.Ext(path) == ".test" && info.Mode()&0111 == 0 { + return TestSuite{}, errors.New("this is not executable") + } + + dir := relPath(filepath.Dir(path)) + packageName := strings.TrimSuffix(filepath.Base(path), ".exe") + packageName = strings.TrimSuffix(packageName, ".test") + + path, err = filepath.Abs(path) + if err != nil { + return TestSuite{}, err + } + + return TestSuite{ + Path: dir, + PackageName: packageName, + IsGinkgo: true, + Precompiled: true, + PathToCompiledTest: path, + State: TestSuiteStateCompiled, + }, nil +} + +func suitesInDir(dir string, recurse bool) TestSuites { + suites := TestSuites{} + + if path.Base(dir) == "vendor" { + return suites + } + + files, _ := os.ReadDir(dir) + re := regexp.MustCompile(`^[^._].*_test\.go$`) + for _, file := range files { + if !file.IsDir() && re.Match([]byte(file.Name())) { + suite := TestSuite{ + Path: relPath(dir), + PackageName: packageNameForSuite(dir), + IsGinkgo: filesHaveGinkgoSuite(dir, files), + State: TestSuiteStateUncompiled, + } + suites = append(suites, suite) + break + } + } + + if recurse { + re = regexp.MustCompile(`^[._]`) + for _, file := range files { + if file.IsDir() && !re.Match([]byte(file.Name())) { + suites = append(suites, suitesInDir(dir+"/"+file.Name(), recurse)...) + } + } + } + + return suites +} + +func relPath(dir string) string { + dir, _ = filepath.Abs(dir) + cwd, _ := os.Getwd() + dir, _ = filepath.Rel(cwd, filepath.Clean(dir)) + + if string(dir[0]) != "." { + dir = "." + string(filepath.Separator) + dir + } + + return dir +} + +func packageNameForSuite(dir string) string { + path, _ := filepath.Abs(dir) + return filepath.Base(path) +} + +func filesHaveGinkgoSuite(dir string, files []os.DirEntry) bool { + reTestFile := regexp.MustCompile(`_test\.go$`) + reGinkgo := regexp.MustCompile(`package ginkgo|\/ginkgo"|\/ginkgo\/v2"|\/ginkgo\/v2/dsl/`) + + for _, file := range files { + if !file.IsDir() && reTestFile.Match([]byte(file.Name())) { + contents, _ := os.ReadFile(dir + "/" + file.Name()) + if reGinkgo.Match(contents) { + return true + } + } + } + + return false +} diff --git a/vendor/github.com/onsi/ginkgo/v2/ginkgo/internal/utils.go b/vendor/github.com/onsi/ginkgo/v2/ginkgo/internal/utils.go new file mode 100644 index 000000000..bd9ca7d51 --- /dev/null +++ b/vendor/github.com/onsi/ginkgo/v2/ginkgo/internal/utils.go @@ -0,0 +1,86 @@ +package internal + +import ( + "fmt" + "io" + "os" + "os/exec" + + "github.com/onsi/ginkgo/v2/formatter" + "github.com/onsi/ginkgo/v2/ginkgo/command" +) + +func FileExists(path string) bool { + _, err := os.Stat(path) + return err == nil +} + +func CopyFile(src string, dest string) error { + srcFile, err := os.Open(src) + if err != nil { + return err + } + + srcStat, err := srcFile.Stat() + if err != nil { + return err + } + + if _, err := os.Stat(dest); err == nil { + os.Remove(dest) + } + + destFile, err := os.OpenFile(dest, os.O_WRONLY|os.O_CREATE, srcStat.Mode()) + if err != nil { + return err + } + + _, err = io.Copy(destFile, srcFile) + if err != nil { + return err + } + + if err := srcFile.Close(); err != nil { + return err + } + return destFile.Close() +} + +func GoFmt(path string) { + out, err := exec.Command("go", "fmt", path).CombinedOutput() + if err != nil { + command.AbortIfError(fmt.Sprintf("Could not fmt:\n%s\n", string(out)), err) + } +} + +func PluralizedWord(singular, plural string, count int) string { + if count == 1 { + return singular + } + return plural +} + +func FailedSuitesReport(suites TestSuites, f formatter.Formatter) string { + out := "" + out += "There were failures detected in the following suites:\n" + + maxPackageNameLength := 0 + for _, suite := range suites.WithState(TestSuiteStateFailureStates...) { + if len(suite.PackageName) > maxPackageNameLength { + maxPackageNameLength = len(suite.PackageName) + } + } + + packageNameFormatter := fmt.Sprintf("%%%ds", maxPackageNameLength) + for _, suite := range suites { + switch suite.State { + case TestSuiteStateFailed: + out += f.Fi(1, "{{red}}"+packageNameFormatter+" {{gray}}%s{{/}}\n", suite.PackageName, suite.Path) + case TestSuiteStateFailedToCompile: + out += f.Fi(1, "{{red}}"+packageNameFormatter+" {{gray}}%s {{magenta}}[Compilation failure]{{/}}\n", suite.PackageName, suite.Path) + case TestSuiteStateFailedDueToTimeout: + out += f.Fi(1, "{{red}}"+packageNameFormatter+" {{gray}}%s {{orange}}[%s]{{/}}\n", suite.PackageName, suite.Path, TIMEOUT_ELAPSED_FAILURE_REASON) + } + } + return out +} diff --git a/vendor/github.com/onsi/ginkgo/v2/ginkgo/internal/verify_version.go b/vendor/github.com/onsi/ginkgo/v2/ginkgo/internal/verify_version.go new file mode 100644 index 000000000..9da1bab3d --- /dev/null +++ b/vendor/github.com/onsi/ginkgo/v2/ginkgo/internal/verify_version.go @@ -0,0 +1,54 @@ +package internal + +import ( + "fmt" + "os/exec" + "regexp" + "strings" + + "github.com/onsi/ginkgo/v2/formatter" + "github.com/onsi/ginkgo/v2/types" +) + +var versiorRe = regexp.MustCompile(`v(\d+\.\d+\.\d+)`) + +func VerifyCLIAndFrameworkVersion(suites TestSuites) { + cliVersion := types.VERSION + mismatches := map[string][]string{} + + for _, suite := range suites { + cmd := exec.Command("go", "list", "-m", "github.com/onsi/ginkgo/v2") + cmd.Dir = suite.Path + output, err := cmd.CombinedOutput() + if err != nil { + continue + } + components := strings.Split(string(output), " ") + if len(components) != 2 { + continue + } + matches := versiorRe.FindStringSubmatch(components[1]) + if matches == nil || len(matches) != 2 { + continue + } + libraryVersion := matches[1] + if cliVersion != libraryVersion { + mismatches[libraryVersion] = append(mismatches[libraryVersion], suite.PackageName) + } + } + + if len(mismatches) == 0 { + return + } + + fmt.Println(formatter.F("{{red}}{{bold}}Ginkgo detected a version mismatch between the Ginkgo CLI and the version of Ginkgo imported by your packages:{{/}}")) + + fmt.Println(formatter.Fi(1, "Ginkgo CLI Version:")) + fmt.Println(formatter.Fi(2, "{{bold}}%s{{/}}", cliVersion)) + fmt.Println(formatter.Fi(1, "Mismatched package versions found:")) + for version, packages := range mismatches { + fmt.Println(formatter.Fi(2, "{{bold}}%s{{/}} used by %s", version, strings.Join(packages, ", "))) + } + fmt.Println("") + fmt.Println(formatter.Fiw(1, formatter.COLS, "{{gray}}Ginkgo will continue to attempt to run but you may see errors (including flag parsing errors) and should either update your go.mod or your version of the Ginkgo CLI to match.\n\nTo install the matching version of the CLI run\n {{bold}}go install github.com/onsi/ginkgo/v2/ginkgo{{/}}{{gray}}\nfrom a path that contains a go.mod file. Alternatively you can use\n {{bold}}go run github.com/onsi/ginkgo/v2/ginkgo{{/}}{{gray}}\nfrom a path that contains a go.mod file to invoke the matching version of the Ginkgo CLI.\n\nIf you are attempting to test multiple packages that each have a different version of the Ginkgo library with a single Ginkgo CLI that is currently unsupported.\n{{/}}")) +} diff --git a/vendor/github.com/onsi/ginkgo/v2/ginkgo/labels/labels_command.go b/vendor/github.com/onsi/ginkgo/v2/ginkgo/labels/labels_command.go new file mode 100644 index 000000000..6c61f09d1 --- /dev/null +++ b/vendor/github.com/onsi/ginkgo/v2/ginkgo/labels/labels_command.go @@ -0,0 +1,123 @@ +package labels + +import ( + "fmt" + "go/ast" + "go/parser" + "go/token" + "sort" + "strconv" + "strings" + + "github.com/onsi/ginkgo/v2/ginkgo/command" + "github.com/onsi/ginkgo/v2/ginkgo/internal" + "github.com/onsi/ginkgo/v2/types" + "golang.org/x/tools/go/ast/inspector" +) + +func BuildLabelsCommand() command.Command { + var cliConfig = types.NewDefaultCLIConfig() + + flags, err := types.BuildLabelsCommandFlagSet(&cliConfig) + if err != nil { + panic(err) + } + + return command.Command{ + Name: "labels", + Usage: "ginkgo labels ", + Flags: flags, + ShortDoc: "List labels detected in the passed-in packages (or the package in the current directory if left blank).", + DocLink: "spec-labels", + Command: func(args []string, _ []string) { + ListLabels(args, cliConfig) + }, + } +} + +func ListLabels(args []string, cliConfig types.CLIConfig) { + suites := internal.FindSuites(args, cliConfig, false).WithoutState(internal.TestSuiteStateSkippedByFilter) + if len(suites) == 0 { + command.AbortWith("Found no test suites") + } + for _, suite := range suites { + labels := fetchLabelsFromPackage(suite.Path) + if len(labels) == 0 { + fmt.Printf("%s: No labels found\n", suite.PackageName) + } else { + fmt.Printf("%s: [%s]\n", suite.PackageName, strings.Join(labels, ", ")) + } + } +} + +func fetchLabelsFromPackage(packagePath string) []string { + fset := token.NewFileSet() + parsedPackages, err := parser.ParseDir(fset, packagePath, nil, 0) + command.AbortIfError("Failed to parse package source:", err) + + files := []*ast.File{} + hasTestPackage := false + for key, pkg := range parsedPackages { + if strings.HasSuffix(key, "_test") { + hasTestPackage = true + for _, file := range pkg.Files { + files = append(files, file) + } + } + } + if !hasTestPackage { + for _, pkg := range parsedPackages { + for _, file := range pkg.Files { + files = append(files, file) + } + } + } + + seen := map[string]bool{} + labels := []string{} + ispr := inspector.New(files) + ispr.Preorder([]ast.Node{&ast.CallExpr{}}, func(n ast.Node) { + potentialLabels := fetchLabels(n.(*ast.CallExpr)) + for _, label := range potentialLabels { + if !seen[label] { + seen[label] = true + labels = append(labels, strconv.Quote(label)) + } + } + }) + + sort.Strings(labels) + return labels +} + +func fetchLabels(callExpr *ast.CallExpr) []string { + out := []string{} + switch expr := callExpr.Fun.(type) { + case *ast.Ident: + if expr.Name != "Label" { + return out + } + case *ast.SelectorExpr: + if expr.Sel.Name != "Label" { + return out + } + default: + return out + } + for _, arg := range callExpr.Args { + switch expr := arg.(type) { + case *ast.BasicLit: + if expr.Kind == token.STRING { + unquoted, err := strconv.Unquote(expr.Value) + if err != nil { + unquoted = expr.Value + } + validated, err := types.ValidateAndCleanupLabel(unquoted, types.CodeLocation{}) + if err == nil { + out = append(out, validated) + } + } + } + } + return out +} diff --git a/vendor/github.com/onsi/ginkgo/v2/ginkgo/main.go b/vendor/github.com/onsi/ginkgo/v2/ginkgo/main.go new file mode 100644 index 000000000..e9abb27d8 --- /dev/null +++ b/vendor/github.com/onsi/ginkgo/v2/ginkgo/main.go @@ -0,0 +1,58 @@ +package main + +import ( + "fmt" + "os" + + "github.com/onsi/ginkgo/v2/ginkgo/build" + "github.com/onsi/ginkgo/v2/ginkgo/command" + "github.com/onsi/ginkgo/v2/ginkgo/generators" + "github.com/onsi/ginkgo/v2/ginkgo/labels" + "github.com/onsi/ginkgo/v2/ginkgo/outline" + "github.com/onsi/ginkgo/v2/ginkgo/run" + "github.com/onsi/ginkgo/v2/ginkgo/unfocus" + "github.com/onsi/ginkgo/v2/ginkgo/watch" + "github.com/onsi/ginkgo/v2/types" +) + +var program command.Program + +func GenerateCommands() []command.Command { + return []command.Command{ + watch.BuildWatchCommand(), + build.BuildBuildCommand(), + generators.BuildBootstrapCommand(), + generators.BuildGenerateCommand(), + labels.BuildLabelsCommand(), + outline.BuildOutlineCommand(), + unfocus.BuildUnfocusCommand(), + BuildVersionCommand(), + } +} + +func main() { + program = command.Program{ + Name: "ginkgo", + Heading: fmt.Sprintf("Ginkgo Version %s", types.VERSION), + Commands: GenerateCommands(), + DefaultCommand: run.BuildRunCommand(), + DeprecatedCommands: []command.DeprecatedCommand{ + {Name: "convert", Deprecation: types.Deprecations.Convert()}, + {Name: "blur", Deprecation: types.Deprecations.Blur()}, + {Name: "nodot", Deprecation: types.Deprecations.Nodot()}, + }, + } + + program.RunAndExit(os.Args) +} + +func BuildVersionCommand() command.Command { + return command.Command{ + Name: "version", + Usage: "ginkgo version", + ShortDoc: "Print Ginkgo's version", + Command: func(_ []string, _ []string) { + fmt.Printf("Ginkgo Version %s\n", types.VERSION) + }, + } +} diff --git a/vendor/github.com/onsi/ginkgo/v2/ginkgo/outline/ginkgo.go b/vendor/github.com/onsi/ginkgo/v2/ginkgo/outline/ginkgo.go new file mode 100644 index 000000000..0b9b19fe7 --- /dev/null +++ b/vendor/github.com/onsi/ginkgo/v2/ginkgo/outline/ginkgo.go @@ -0,0 +1,302 @@ +package outline + +import ( + "github.com/onsi/ginkgo/v2/types" + "go/ast" + "go/token" + "strconv" +) + +const ( + // undefinedTextAlt is used if the spec/container text cannot be derived + undefinedTextAlt = "undefined" +) + +// ginkgoMetadata holds useful bits of information for every entry in the outline +type ginkgoMetadata struct { + // Name is the spec or container function name, e.g. `Describe` or `It` + Name string `json:"name"` + + // Text is the `text` argument passed to specs, and some containers + Text string `json:"text"` + + // Start is the position of first character of the spec or container block + Start int `json:"start"` + + // End is the position of first character immediately after the spec or container block + End int `json:"end"` + + Spec bool `json:"spec"` + Focused bool `json:"focused"` + Pending bool `json:"pending"` + Labels []string `json:"labels"` +} + +// ginkgoNode is used to construct the outline as a tree +type ginkgoNode struct { + ginkgoMetadata + Nodes []*ginkgoNode `json:"nodes"` +} + +type walkFunc func(n *ginkgoNode) + +func (n *ginkgoNode) PreOrder(f walkFunc) { + f(n) + for _, m := range n.Nodes { + m.PreOrder(f) + } +} + +func (n *ginkgoNode) PostOrder(f walkFunc) { + for _, m := range n.Nodes { + m.PostOrder(f) + } + f(n) +} + +func (n *ginkgoNode) Walk(pre, post walkFunc) { + pre(n) + for _, m := range n.Nodes { + m.Walk(pre, post) + } + post(n) +} + +// PropagateInheritedProperties propagates the Pending and Focused properties +// through the subtree rooted at n. +func (n *ginkgoNode) PropagateInheritedProperties() { + n.PreOrder(func(thisNode *ginkgoNode) { + for _, descendantNode := range thisNode.Nodes { + if thisNode.Pending { + descendantNode.Pending = true + descendantNode.Focused = false + } + if thisNode.Focused && !descendantNode.Pending { + descendantNode.Focused = true + } + } + }) +} + +// BackpropagateUnfocus propagates the Focused property through the subtree +// rooted at n. It applies the rule described in the Ginkgo docs: +// > Nested programmatically focused specs follow a simple rule: if a +// > leaf-node is marked focused, any of its ancestor nodes that are marked +// > focus will be unfocused. +func (n *ginkgoNode) BackpropagateUnfocus() { + focusedSpecInSubtreeStack := []bool{} + n.PostOrder(func(thisNode *ginkgoNode) { + if thisNode.Spec { + focusedSpecInSubtreeStack = append(focusedSpecInSubtreeStack, thisNode.Focused) + return + } + focusedSpecInSubtree := false + for range thisNode.Nodes { + focusedSpecInSubtree = focusedSpecInSubtree || focusedSpecInSubtreeStack[len(focusedSpecInSubtreeStack)-1] + focusedSpecInSubtreeStack = focusedSpecInSubtreeStack[0 : len(focusedSpecInSubtreeStack)-1] + } + focusedSpecInSubtreeStack = append(focusedSpecInSubtreeStack, focusedSpecInSubtree) + if focusedSpecInSubtree { + thisNode.Focused = false + } + }) + +} + +func packageAndIdentNamesFromCallExpr(ce *ast.CallExpr) (string, string, bool) { + switch ex := ce.Fun.(type) { + case *ast.Ident: + return "", ex.Name, true + case *ast.SelectorExpr: + pkgID, ok := ex.X.(*ast.Ident) + if !ok { + return "", "", false + } + // A package identifier is top-level, so Obj must be nil + if pkgID.Obj != nil { + return "", "", false + } + if ex.Sel == nil { + return "", "", false + } + return pkgID.Name, ex.Sel.Name, true + default: + return "", "", false + } +} + +// absoluteOffsetsForNode derives the absolute character offsets of the node start and +// end positions. +func absoluteOffsetsForNode(fset *token.FileSet, n ast.Node) (start, end int) { + return fset.PositionFor(n.Pos(), false).Offset, fset.PositionFor(n.End(), false).Offset +} + +// ginkgoNodeFromCallExpr derives an outline entry from a go AST subtree +// corresponding to a Ginkgo container or spec. +func ginkgoNodeFromCallExpr(fset *token.FileSet, ce *ast.CallExpr, ginkgoPackageName *string) (*ginkgoNode, bool) { + packageName, identName, ok := packageAndIdentNamesFromCallExpr(ce) + if !ok { + return nil, false + } + + n := ginkgoNode{} + n.Name = identName + n.Start, n.End = absoluteOffsetsForNode(fset, ce) + n.Nodes = make([]*ginkgoNode, 0) + switch identName { + case "It", "Specify", "Entry": + n.Spec = true + n.Text = textOrAltFromCallExpr(ce, undefinedTextAlt) + n.Labels = labelFromCallExpr(ce) + n.Pending = pendingFromCallExpr(ce) + return &n, ginkgoPackageName != nil && *ginkgoPackageName == packageName + case "FIt", "FSpecify", "FEntry": + n.Spec = true + n.Focused = true + n.Text = textOrAltFromCallExpr(ce, undefinedTextAlt) + n.Labels = labelFromCallExpr(ce) + return &n, ginkgoPackageName != nil && *ginkgoPackageName == packageName + case "PIt", "PSpecify", "XIt", "XSpecify", "PEntry", "XEntry": + n.Spec = true + n.Pending = true + n.Text = textOrAltFromCallExpr(ce, undefinedTextAlt) + n.Labels = labelFromCallExpr(ce) + return &n, ginkgoPackageName != nil && *ginkgoPackageName == packageName + case "Context", "Describe", "When", "DescribeTable": + n.Text = textOrAltFromCallExpr(ce, undefinedTextAlt) + n.Labels = labelFromCallExpr(ce) + n.Pending = pendingFromCallExpr(ce) + return &n, ginkgoPackageName != nil && *ginkgoPackageName == packageName + case "FContext", "FDescribe", "FWhen", "FDescribeTable": + n.Focused = true + n.Text = textOrAltFromCallExpr(ce, undefinedTextAlt) + n.Labels = labelFromCallExpr(ce) + return &n, ginkgoPackageName != nil && *ginkgoPackageName == packageName + case "PContext", "PDescribe", "PWhen", "XContext", "XDescribe", "XWhen", "PDescribeTable", "XDescribeTable": + n.Pending = true + n.Text = textOrAltFromCallExpr(ce, undefinedTextAlt) + n.Labels = labelFromCallExpr(ce) + return &n, ginkgoPackageName != nil && *ginkgoPackageName == packageName + case "By": + n.Text = textOrAltFromCallExpr(ce, undefinedTextAlt) + return &n, ginkgoPackageName != nil && *ginkgoPackageName == packageName + case "AfterEach", "BeforeEach": + return &n, ginkgoPackageName != nil && *ginkgoPackageName == packageName + case "JustAfterEach", "JustBeforeEach": + return &n, ginkgoPackageName != nil && *ginkgoPackageName == packageName + case "AfterSuite", "BeforeSuite": + return &n, ginkgoPackageName != nil && *ginkgoPackageName == packageName + case "SynchronizedAfterSuite", "SynchronizedBeforeSuite": + return &n, ginkgoPackageName != nil && *ginkgoPackageName == packageName + default: + return nil, false + } +} + +// textOrAltFromCallExpr tries to derive the "text" of a Ginkgo spec or +// container. If it cannot derive it, it returns the alt text. +func textOrAltFromCallExpr(ce *ast.CallExpr, alt string) string { + text, defined := textFromCallExpr(ce) + if !defined { + return alt + } + return text +} + +// textFromCallExpr tries to derive the "text" of a Ginkgo spec or container. If +// it cannot derive it, it returns false. +func textFromCallExpr(ce *ast.CallExpr) (string, bool) { + if len(ce.Args) < 1 { + return "", false + } + text, ok := ce.Args[0].(*ast.BasicLit) + if !ok { + return "", false + } + switch text.Kind { + case token.CHAR, token.STRING: + // For token.CHAR and token.STRING, Value is quoted + unquoted, err := strconv.Unquote(text.Value) + if err != nil { + // If unquoting fails, just use the raw Value + return text.Value, true + } + return unquoted, true + default: + return text.Value, true + } +} + +func labelFromCallExpr(ce *ast.CallExpr) []string { + + labels := []string{} + if len(ce.Args) < 2 { + return labels + } + + for _, arg := range ce.Args[1:] { + switch expr := arg.(type) { + case *ast.CallExpr: + id, ok := expr.Fun.(*ast.Ident) + if !ok { + // to skip over cases where the expr.Fun. is actually *ast.SelectorExpr + continue + } + if id.Name == "Label" { + ls := extractLabels(expr) + for _, label := range ls { + labels = append(labels, label) + } + } + } + } + return labels +} + +func extractLabels(expr *ast.CallExpr) []string { + out := []string{} + for _, arg := range expr.Args { + switch expr := arg.(type) { + case *ast.BasicLit: + if expr.Kind == token.STRING { + unquoted, err := strconv.Unquote(expr.Value) + if err != nil { + unquoted = expr.Value + } + validated, err := types.ValidateAndCleanupLabel(unquoted, types.CodeLocation{}) + if err == nil { + out = append(out, validated) + } + } + } + } + + return out +} + +func pendingFromCallExpr(ce *ast.CallExpr) bool { + + pending := false + if len(ce.Args) < 2 { + return pending + } + + for _, arg := range ce.Args[1:] { + switch expr := arg.(type) { + case *ast.CallExpr: + id, ok := expr.Fun.(*ast.Ident) + if !ok { + // to skip over cases where the expr.Fun. is actually *ast.SelectorExpr + continue + } + if id.Name == "Pending" { + pending = true + } + case *ast.Ident: + if expr.Name == "Pending" { + pending = true + } + } + } + return pending +} diff --git a/vendor/github.com/onsi/ginkgo/v2/ginkgo/outline/import.go b/vendor/github.com/onsi/ginkgo/v2/ginkgo/outline/import.go new file mode 100644 index 000000000..67ec5ab75 --- /dev/null +++ b/vendor/github.com/onsi/ginkgo/v2/ginkgo/outline/import.go @@ -0,0 +1,65 @@ +// Copyright 2013 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// Most of the required functions were available in the +// "golang.org/x/tools/go/ast/astutil" package, but not exported. +// They were copied from https://github.com/golang/tools/blob/2b0845dc783e36ae26d683f4915a5840ef01ab0f/go/ast/astutil/imports.go + +package outline + +import ( + "go/ast" + "strconv" + "strings" +) + +// packageNameForImport returns the package name for the package. If the package +// is not imported, it returns nil. "Package name" refers to `pkgname` in the +// call expression `pkgname.ExportedIdentifier`. Examples: +// (import path not found) -> nil +// "import example.com/pkg/foo" -> "foo" +// "import fooalias example.com/pkg/foo" -> "fooalias" +// "import . example.com/pkg/foo" -> "" +func packageNameForImport(f *ast.File, path string) *string { + spec := importSpec(f, path) + if spec == nil { + return nil + } + name := spec.Name.String() + if name == "" { + // If the package name is not explicitly specified, + // make an educated guess. This is not guaranteed to be correct. + lastSlash := strings.LastIndex(path, "/") + if lastSlash == -1 { + name = path + } else { + name = path[lastSlash+1:] + } + } + if name == "." { + name = "" + } + return &name +} + +// importSpec returns the import spec if f imports path, +// or nil otherwise. +func importSpec(f *ast.File, path string) *ast.ImportSpec { + for _, s := range f.Imports { + if strings.HasPrefix(importPath(s), path) { + return s + } + } + return nil +} + +// importPath returns the unquoted import path of s, +// or "" if the path is not properly quoted. +func importPath(s *ast.ImportSpec) string { + t, err := strconv.Unquote(s.Path.Value) + if err != nil { + return "" + } + return t +} diff --git a/vendor/github.com/onsi/ginkgo/v2/ginkgo/outline/outline.go b/vendor/github.com/onsi/ginkgo/v2/ginkgo/outline/outline.go new file mode 100644 index 000000000..c2327cda8 --- /dev/null +++ b/vendor/github.com/onsi/ginkgo/v2/ginkgo/outline/outline.go @@ -0,0 +1,110 @@ +package outline + +import ( + "encoding/json" + "fmt" + "go/ast" + "go/token" + "strings" + + "golang.org/x/tools/go/ast/inspector" +) + +const ( + // ginkgoImportPath is the well-known ginkgo import path + ginkgoImportPath = "github.com/onsi/ginkgo/v2" +) + +// FromASTFile returns an outline for a Ginkgo test source file +func FromASTFile(fset *token.FileSet, src *ast.File) (*outline, error) { + ginkgoPackageName := packageNameForImport(src, ginkgoImportPath) + if ginkgoPackageName == nil { + return nil, fmt.Errorf("file does not import %q", ginkgoImportPath) + } + + root := ginkgoNode{} + stack := []*ginkgoNode{&root} + ispr := inspector.New([]*ast.File{src}) + ispr.Nodes([]ast.Node{(*ast.CallExpr)(nil)}, func(node ast.Node, push bool) bool { + if push { + // Pre-order traversal + ce, ok := node.(*ast.CallExpr) + if !ok { + // Because `Nodes` calls this function only when the node is an + // ast.CallExpr, this should never happen + panic(fmt.Errorf("node starting at %d, ending at %d is not an *ast.CallExpr", node.Pos(), node.End())) + } + gn, ok := ginkgoNodeFromCallExpr(fset, ce, ginkgoPackageName) + if !ok { + // Node is not a Ginkgo spec or container, continue + return true + } + parent := stack[len(stack)-1] + parent.Nodes = append(parent.Nodes, gn) + stack = append(stack, gn) + return true + } + // Post-order traversal + start, end := absoluteOffsetsForNode(fset, node) + lastVisitedGinkgoNode := stack[len(stack)-1] + if start != lastVisitedGinkgoNode.Start || end != lastVisitedGinkgoNode.End { + // Node is not a Ginkgo spec or container, so it was not pushed onto the stack, continue + return true + } + stack = stack[0 : len(stack)-1] + return true + }) + if len(root.Nodes) == 0 { + return &outline{[]*ginkgoNode{}}, nil + } + + // Derive the final focused property for all nodes. This must be done + // _before_ propagating the inherited focused property. + root.BackpropagateUnfocus() + // Now, propagate inherited properties, including focused and pending. + root.PropagateInheritedProperties() + + return &outline{root.Nodes}, nil +} + +type outline struct { + Nodes []*ginkgoNode `json:"nodes"` +} + +func (o *outline) MarshalJSON() ([]byte, error) { + return json.Marshal(o.Nodes) +} + +// String returns a CSV-formatted outline. Spec or container are output in +// depth-first order. +func (o *outline) String() string { + return o.StringIndent(0) +} + +// StringIndent returns a CSV-formated outline, but every line is indented by +// one 'width' of spaces for every level of nesting. +func (o *outline) StringIndent(width int) string { + var b strings.Builder + b.WriteString("Name,Text,Start,End,Spec,Focused,Pending,Labels\n") + + currentIndent := 0 + pre := func(n *ginkgoNode) { + b.WriteString(fmt.Sprintf("%*s", currentIndent, "")) + var labels string + if len(n.Labels) == 1 { + labels = n.Labels[0] + } else { + labels = strings.Join(n.Labels, ", ") + } + //enclosing labels in a double quoted comma separate listed so that when inmported into a CSV app the Labels column has comma separate strings + b.WriteString(fmt.Sprintf("%s,%s,%d,%d,%t,%t,%t,\"%s\"\n", n.Name, n.Text, n.Start, n.End, n.Spec, n.Focused, n.Pending, labels)) + currentIndent += width + } + post := func(n *ginkgoNode) { + currentIndent -= width + } + for _, n := range o.Nodes { + n.Walk(pre, post) + } + return b.String() +} diff --git a/vendor/github.com/onsi/ginkgo/v2/ginkgo/outline/outline_command.go b/vendor/github.com/onsi/ginkgo/v2/ginkgo/outline/outline_command.go new file mode 100644 index 000000000..36698d46a --- /dev/null +++ b/vendor/github.com/onsi/ginkgo/v2/ginkgo/outline/outline_command.go @@ -0,0 +1,98 @@ +package outline + +import ( + "encoding/json" + "fmt" + "go/parser" + "go/token" + "os" + + "github.com/onsi/ginkgo/v2/ginkgo/command" + "github.com/onsi/ginkgo/v2/types" +) + +const ( + // indentWidth is the width used by the 'indent' output + indentWidth = 4 + // stdinAlias is a portable alias for stdin. This convention is used in + // other CLIs, e.g., kubectl. + stdinAlias = "-" + usageCommand = "ginkgo outline " +) + +type outlineConfig struct { + Format string +} + +func BuildOutlineCommand() command.Command { + conf := outlineConfig{ + Format: "csv", + } + flags, err := types.NewGinkgoFlagSet( + types.GinkgoFlags{ + {Name: "format", KeyPath: "Format", + Usage: "Format of outline", + UsageArgument: "one of 'csv', 'indent', or 'json'", + UsageDefaultValue: conf.Format, + }, + }, + &conf, + types.GinkgoFlagSections{}, + ) + if err != nil { + panic(err) + } + + return command.Command{ + Name: "outline", + Usage: "ginkgo outline ", + ShortDoc: "Create an outline of Ginkgo symbols for a file", + Documentation: "To read from stdin, use: `ginkgo outline -`", + DocLink: "creating-an-outline-of-specs", + Flags: flags, + Command: func(args []string, _ []string) { + outlineFile(args, conf.Format) + }, + } +} + +func outlineFile(args []string, format string) { + if len(args) != 1 { + command.AbortWithUsage("outline expects exactly one argument") + } + + filename := args[0] + var src *os.File + if filename == stdinAlias { + src = os.Stdin + } else { + var err error + src, err = os.Open(filename) + command.AbortIfError("Failed to open file:", err) + } + + fset := token.NewFileSet() + + parsedSrc, err := parser.ParseFile(fset, filename, src, 0) + command.AbortIfError("Failed to parse source:", err) + + o, err := FromASTFile(fset, parsedSrc) + command.AbortIfError("Failed to create outline:", err) + + var oerr error + switch format { + case "csv": + _, oerr = fmt.Print(o) + case "indent": + _, oerr = fmt.Print(o.StringIndent(indentWidth)) + case "json": + b, err := json.Marshal(o) + if err != nil { + println(fmt.Sprintf("error marshalling to json: %s", err)) + } + _, oerr = fmt.Println(string(b)) + default: + command.AbortWith("Format %s not accepted", format) + } + command.AbortIfError("Failed to write outline:", oerr) +} diff --git a/vendor/github.com/onsi/ginkgo/v2/ginkgo/run/run_command.go b/vendor/github.com/onsi/ginkgo/v2/ginkgo/run/run_command.go new file mode 100644 index 000000000..aaed4d570 --- /dev/null +++ b/vendor/github.com/onsi/ginkgo/v2/ginkgo/run/run_command.go @@ -0,0 +1,232 @@ +package run + +import ( + "fmt" + "os" + "strings" + "time" + + "github.com/onsi/ginkgo/v2/formatter" + "github.com/onsi/ginkgo/v2/ginkgo/command" + "github.com/onsi/ginkgo/v2/ginkgo/internal" + "github.com/onsi/ginkgo/v2/internal/interrupt_handler" + "github.com/onsi/ginkgo/v2/types" +) + +func BuildRunCommand() command.Command { + var suiteConfig = types.NewDefaultSuiteConfig() + var reporterConfig = types.NewDefaultReporterConfig() + var cliConfig = types.NewDefaultCLIConfig() + var goFlagsConfig = types.NewDefaultGoFlagsConfig() + + flags, err := types.BuildRunCommandFlagSet(&suiteConfig, &reporterConfig, &cliConfig, &goFlagsConfig) + if err != nil { + panic(err) + } + + interruptHandler := interrupt_handler.NewInterruptHandler(nil) + interrupt_handler.SwallowSigQuit() + + return command.Command{ + Name: "run", + Flags: flags, + Usage: "ginkgo run -- ", + ShortDoc: "Run the tests in the passed in (or the package in the current directory if left blank)", + Documentation: "Any arguments after -- will be passed to the test.", + DocLink: "running-tests", + Command: func(args []string, additionalArgs []string) { + var errors []error + cliConfig, goFlagsConfig, errors = types.VetAndInitializeCLIAndGoConfig(cliConfig, goFlagsConfig) + command.AbortIfErrors("Ginkgo detected configuration issues:", errors) + + runner := &SpecRunner{ + cliConfig: cliConfig, + goFlagsConfig: goFlagsConfig, + suiteConfig: suiteConfig, + reporterConfig: reporterConfig, + flags: flags, + + interruptHandler: interruptHandler, + } + + runner.RunSpecs(args, additionalArgs) + }, + } +} + +type SpecRunner struct { + suiteConfig types.SuiteConfig + reporterConfig types.ReporterConfig + cliConfig types.CLIConfig + goFlagsConfig types.GoFlagsConfig + flags types.GinkgoFlagSet + + interruptHandler *interrupt_handler.InterruptHandler +} + +func (r *SpecRunner) RunSpecs(args []string, additionalArgs []string) { + suites := internal.FindSuites(args, r.cliConfig, true) + skippedSuites := suites.WithState(internal.TestSuiteStateSkippedByFilter) + suites = suites.WithoutState(internal.TestSuiteStateSkippedByFilter) + + internal.VerifyCLIAndFrameworkVersion(suites) + + if len(skippedSuites) > 0 { + fmt.Println("Will skip:") + for _, skippedSuite := range skippedSuites { + fmt.Println(" " + skippedSuite.Path) + } + } + + if len(skippedSuites) > 0 && len(suites) == 0 { + command.AbortGracefullyWith("All tests skipped! Exiting...") + } + + if len(suites) == 0 { + command.AbortWith("Found no test suites") + } + + if len(suites) > 1 && !r.flags.WasSet("succinct") && r.reporterConfig.Verbosity().LT(types.VerbosityLevelVerbose) { + r.reporterConfig.Succinct = true + } + + t := time.Now() + var endTime time.Time + if r.suiteConfig.Timeout > 0 { + endTime = t.Add(r.suiteConfig.Timeout) + } + + iteration := 0 +OUTER_LOOP: + for { + if !r.flags.WasSet("seed") { + r.suiteConfig.RandomSeed = time.Now().Unix() + } + if r.cliConfig.RandomizeSuites && len(suites) > 1 { + suites = suites.ShuffledCopy(r.suiteConfig.RandomSeed) + } + + opc := internal.NewOrderedParallelCompiler(r.cliConfig.ComputedNumCompilers()) + opc.StartCompiling(suites, r.goFlagsConfig) + + SUITE_LOOP: + for { + suiteIdx, suite := opc.Next() + if suiteIdx >= len(suites) { + break SUITE_LOOP + } + suites[suiteIdx] = suite + + if r.interruptHandler.Status().Interrupted() { + opc.StopAndDrain() + break OUTER_LOOP + } + + if suites[suiteIdx].State.Is(internal.TestSuiteStateSkippedDueToEmptyCompilation) { + fmt.Printf("Skipping %s (no test files)\n", suite.Path) + continue SUITE_LOOP + } + + if suites[suiteIdx].State.Is(internal.TestSuiteStateFailedToCompile) { + fmt.Println(suites[suiteIdx].CompilationError.Error()) + if !r.cliConfig.KeepGoing { + opc.StopAndDrain() + } + continue SUITE_LOOP + } + + if suites.CountWithState(internal.TestSuiteStateFailureStates...) > 0 && !r.cliConfig.KeepGoing { + suites[suiteIdx].State = internal.TestSuiteStateSkippedDueToPriorFailures + opc.StopAndDrain() + continue SUITE_LOOP + } + + if !endTime.IsZero() { + r.suiteConfig.Timeout = endTime.Sub(time.Now()) + if r.suiteConfig.Timeout <= 0 { + suites[suiteIdx].State = internal.TestSuiteStateFailedDueToTimeout + opc.StopAndDrain() + continue SUITE_LOOP + } + } + + suites[suiteIdx] = internal.RunCompiledSuite(suites[suiteIdx], r.suiteConfig, r.reporterConfig, r.cliConfig, r.goFlagsConfig, additionalArgs) + } + + if suites.CountWithState(internal.TestSuiteStateFailureStates...) > 0 { + if iteration > 0 { + fmt.Printf("\nTests failed on attempt #%d\n\n", iteration+1) + } + break OUTER_LOOP + } + + if r.cliConfig.UntilItFails { + fmt.Printf("\nAll tests passed...\nWill keep running them until they fail.\nThis was attempt #%d\n%s\n", iteration+1, orcMessage(iteration+1)) + } else if r.cliConfig.Repeat > 0 && iteration < r.cliConfig.Repeat { + fmt.Printf("\nAll tests passed...\nThis was attempt %d of %d.\n", iteration+1, r.cliConfig.Repeat+1) + } else { + break OUTER_LOOP + } + iteration += 1 + } + + internal.Cleanup(r.goFlagsConfig, suites...) + + messages, err := internal.FinalizeProfilesAndReportsForSuites(suites, r.cliConfig, r.suiteConfig, r.reporterConfig, r.goFlagsConfig) + command.AbortIfError("could not finalize profiles:", err) + for _, message := range messages { + fmt.Println(message) + } + + fmt.Printf("\nGinkgo ran %d %s in %s\n", len(suites), internal.PluralizedWord("suite", "suites", len(suites)), time.Since(t)) + + if suites.CountWithState(internal.TestSuiteStateFailureStates...) == 0 { + if suites.AnyHaveProgrammaticFocus() && strings.TrimSpace(os.Getenv("GINKGO_EDITOR_INTEGRATION")) == "" { + fmt.Printf("Test Suite Passed\n") + fmt.Printf("Detected Programmatic Focus - setting exit status to %d\n", types.GINKGO_FOCUS_EXIT_CODE) + command.Abort(command.AbortDetails{ExitCode: types.GINKGO_FOCUS_EXIT_CODE}) + } else { + fmt.Printf("Test Suite Passed\n") + command.Abort(command.AbortDetails{}) + } + } else { + fmt.Fprintln(formatter.ColorableStdOut, "") + if len(suites) > 1 && suites.CountWithState(internal.TestSuiteStateFailureStates...) > 0 { + fmt.Fprintln(formatter.ColorableStdOut, + internal.FailedSuitesReport(suites, formatter.NewWithNoColorBool(r.reporterConfig.NoColor))) + } + fmt.Printf("Test Suite Failed\n") + command.Abort(command.AbortDetails{ExitCode: 1}) + } +} + +func orcMessage(iteration int) string { + if iteration < 10 { + return "" + } else if iteration < 30 { + return []string{ + "If at first you succeed...", + "...try, try again.", + "Looking good!", + "Still good...", + "I think your tests are fine....", + "Yep, still passing", + "Oh boy, here I go testin' again!", + "Even the gophers are getting bored", + "Did you try -race?", + "Maybe you should stop now?", + "I'm getting tired...", + "What if I just made you a sandwich?", + "Hit ^C, hit ^C, please hit ^C", + "Make it stop. Please!", + "Come on! Enough is enough!", + "Dave, this conversation can serve no purpose anymore. Goodbye.", + "Just what do you think you're doing, Dave? ", + "I, Sisyphus", + "Insanity: doing the same thing over and over again and expecting different results. -Einstein", + "I guess Einstein never tried to churn butter", + }[iteration-10] + "\n" + } else { + return "No, seriously... you can probably stop now.\n" + } +} diff --git a/vendor/github.com/onsi/ginkgo/v2/ginkgo/unfocus/unfocus_command.go b/vendor/github.com/onsi/ginkgo/v2/ginkgo/unfocus/unfocus_command.go new file mode 100644 index 000000000..7dd294394 --- /dev/null +++ b/vendor/github.com/onsi/ginkgo/v2/ginkgo/unfocus/unfocus_command.go @@ -0,0 +1,186 @@ +package unfocus + +import ( + "bytes" + "fmt" + "go/ast" + "go/parser" + "go/token" + "io" + "os" + "path/filepath" + "strings" + "sync" + + "github.com/onsi/ginkgo/v2/ginkgo/command" +) + +func BuildUnfocusCommand() command.Command { + return command.Command{ + Name: "unfocus", + Usage: "ginkgo unfocus", + ShortDoc: "Recursively unfocus any focused tests under the current directory", + DocLink: "filtering-specs", + Command: func(_ []string, _ []string) { + unfocusSpecs() + }, + } +} + +func unfocusSpecs() { + fmt.Println("Scanning for focus...") + + goFiles := make(chan string) + go func() { + unfocusDir(goFiles, ".") + close(goFiles) + }() + + const workers = 10 + wg := sync.WaitGroup{} + wg.Add(workers) + + for i := 0; i < workers; i++ { + go func() { + for path := range goFiles { + unfocusFile(path) + } + wg.Done() + }() + } + + wg.Wait() +} + +func unfocusDir(goFiles chan string, path string) { + files, err := os.ReadDir(path) + if err != nil { + fmt.Println(err.Error()) + return + } + + for _, f := range files { + switch { + case f.IsDir() && shouldProcessDir(f.Name()): + unfocusDir(goFiles, filepath.Join(path, f.Name())) + case !f.IsDir() && shouldProcessFile(f.Name()): + goFiles <- filepath.Join(path, f.Name()) + } + } +} + +func shouldProcessDir(basename string) bool { + return basename != "vendor" && !strings.HasPrefix(basename, ".") +} + +func shouldProcessFile(basename string) bool { + return strings.HasSuffix(basename, ".go") +} + +func unfocusFile(path string) { + data, err := os.ReadFile(path) + if err != nil { + fmt.Printf("error reading file '%s': %s\n", path, err.Error()) + return + } + + ast, err := parser.ParseFile(token.NewFileSet(), path, bytes.NewReader(data), parser.ParseComments) + if err != nil { + fmt.Printf("error parsing file '%s': %s\n", path, err.Error()) + return + } + + eliminations := scanForFocus(ast) + if len(eliminations) == 0 { + return + } + + fmt.Printf("...updating %s\n", path) + backup, err := writeBackup(path, data) + if err != nil { + fmt.Printf("error creating backup file: %s\n", err.Error()) + return + } + + if err := updateFile(path, data, eliminations); err != nil { + fmt.Printf("error writing file '%s': %s\n", path, err.Error()) + return + } + + os.Remove(backup) +} + +func writeBackup(path string, data []byte) (string, error) { + t, err := os.CreateTemp(filepath.Dir(path), filepath.Base(path)) + + if err != nil { + return "", fmt.Errorf("error creating temporary file: %w", err) + } + defer t.Close() + + if _, err := io.Copy(t, bytes.NewReader(data)); err != nil { + return "", fmt.Errorf("error writing to temporary file: %w", err) + } + + return t.Name(), nil +} + +func updateFile(path string, data []byte, eliminations [][]int64) error { + to, err := os.Create(path) + if err != nil { + return fmt.Errorf("error opening file for writing '%s': %w\n", path, err) + } + defer to.Close() + + from := bytes.NewReader(data) + var cursor int64 + for _, eliminationRange := range eliminations { + positionToEliminate, lengthToEliminate := eliminationRange[0]-1, eliminationRange[1] + if _, err := io.CopyN(to, from, positionToEliminate-cursor); err != nil { + return fmt.Errorf("error copying data: %w", err) + } + + cursor = positionToEliminate + lengthToEliminate + + if _, err := from.Seek(lengthToEliminate, io.SeekCurrent); err != nil { + return fmt.Errorf("error seeking to position in buffer: %w", err) + } + } + + if _, err := io.Copy(to, from); err != nil { + return fmt.Errorf("error copying end data: %w", err) + } + + return nil +} + +func scanForFocus(file *ast.File) (eliminations [][]int64) { + ast.Inspect(file, func(n ast.Node) bool { + if c, ok := n.(*ast.CallExpr); ok { + if i, ok := c.Fun.(*ast.Ident); ok { + if isFocus(i.Name) { + eliminations = append(eliminations, []int64{int64(i.Pos()), 1}) + } + } + } + + if i, ok := n.(*ast.Ident); ok { + if i.Name == "Focus" { + eliminations = append(eliminations, []int64{int64(i.Pos()), 6}) + } + } + + return true + }) + + return eliminations +} + +func isFocus(name string) bool { + switch name { + case "FDescribe", "FContext", "FIt", "FDescribeTable", "FEntry", "FSpecify", "FWhen": + return true + default: + return false + } +} diff --git a/vendor/github.com/onsi/ginkgo/v2/ginkgo/watch/delta.go b/vendor/github.com/onsi/ginkgo/v2/ginkgo/watch/delta.go new file mode 100644 index 000000000..6c485c5b1 --- /dev/null +++ b/vendor/github.com/onsi/ginkgo/v2/ginkgo/watch/delta.go @@ -0,0 +1,22 @@ +package watch + +import "sort" + +type Delta struct { + ModifiedPackages []string + + NewSuites []*Suite + RemovedSuites []*Suite + modifiedSuites []*Suite +} + +type DescendingByDelta []*Suite + +func (a DescendingByDelta) Len() int { return len(a) } +func (a DescendingByDelta) Swap(i, j int) { a[i], a[j] = a[j], a[i] } +func (a DescendingByDelta) Less(i, j int) bool { return a[i].Delta() > a[j].Delta() } + +func (d Delta) ModifiedSuites() []*Suite { + sort.Sort(DescendingByDelta(d.modifiedSuites)) + return d.modifiedSuites +} diff --git a/vendor/github.com/onsi/ginkgo/v2/ginkgo/watch/delta_tracker.go b/vendor/github.com/onsi/ginkgo/v2/ginkgo/watch/delta_tracker.go new file mode 100644 index 000000000..26418ac62 --- /dev/null +++ b/vendor/github.com/onsi/ginkgo/v2/ginkgo/watch/delta_tracker.go @@ -0,0 +1,75 @@ +package watch + +import ( + "fmt" + + "regexp" + + "github.com/onsi/ginkgo/v2/ginkgo/internal" +) + +type SuiteErrors map[internal.TestSuite]error + +type DeltaTracker struct { + maxDepth int + watchRegExp *regexp.Regexp + suites map[string]*Suite + packageHashes *PackageHashes +} + +func NewDeltaTracker(maxDepth int, watchRegExp *regexp.Regexp) *DeltaTracker { + return &DeltaTracker{ + maxDepth: maxDepth, + watchRegExp: watchRegExp, + packageHashes: NewPackageHashes(watchRegExp), + suites: map[string]*Suite{}, + } +} + +func (d *DeltaTracker) Delta(suites internal.TestSuites) (delta Delta, errors SuiteErrors) { + errors = SuiteErrors{} + delta.ModifiedPackages = d.packageHashes.CheckForChanges() + + providedSuitePaths := map[string]bool{} + for _, suite := range suites { + providedSuitePaths[suite.Path] = true + } + + d.packageHashes.StartTrackingUsage() + + for _, suite := range d.suites { + if providedSuitePaths[suite.Suite.Path] { + if suite.Delta() > 0 { + delta.modifiedSuites = append(delta.modifiedSuites, suite) + } + } else { + delta.RemovedSuites = append(delta.RemovedSuites, suite) + } + } + + d.packageHashes.StopTrackingUsageAndPrune() + + for _, suite := range suites { + _, ok := d.suites[suite.Path] + if !ok { + s, err := NewSuite(suite, d.maxDepth, d.packageHashes) + if err != nil { + errors[suite] = err + continue + } + d.suites[suite.Path] = s + delta.NewSuites = append(delta.NewSuites, s) + } + } + + return delta, errors +} + +func (d *DeltaTracker) WillRun(suite internal.TestSuite) error { + s, ok := d.suites[suite.Path] + if !ok { + return fmt.Errorf("unknown suite %s", suite.Path) + } + + return s.MarkAsRunAndRecomputedDependencies(d.maxDepth) +} diff --git a/vendor/github.com/onsi/ginkgo/v2/ginkgo/watch/dependencies.go b/vendor/github.com/onsi/ginkgo/v2/ginkgo/watch/dependencies.go new file mode 100644 index 000000000..f5ddff30f --- /dev/null +++ b/vendor/github.com/onsi/ginkgo/v2/ginkgo/watch/dependencies.go @@ -0,0 +1,92 @@ +package watch + +import ( + "go/build" + "regexp" +) + +var ginkgoAndGomegaFilter = regexp.MustCompile(`github\.com/onsi/ginkgo|github\.com/onsi/gomega`) +var ginkgoIntegrationTestFilter = regexp.MustCompile(`github\.com/onsi/ginkgo/integration`) //allow us to integration test this thing + +type Dependencies struct { + deps map[string]int +} + +func NewDependencies(path string, maxDepth int) (Dependencies, error) { + d := Dependencies{ + deps: map[string]int{}, + } + + if maxDepth == 0 { + return d, nil + } + + err := d.seedWithDepsForPackageAtPath(path) + if err != nil { + return d, err + } + + for depth := 1; depth < maxDepth; depth++ { + n := len(d.deps) + d.addDepsForDepth(depth) + if n == len(d.deps) { + break + } + } + + return d, nil +} + +func (d Dependencies) Dependencies() map[string]int { + return d.deps +} + +func (d Dependencies) seedWithDepsForPackageAtPath(path string) error { + pkg, err := build.ImportDir(path, 0) + if err != nil { + return err + } + + d.resolveAndAdd(pkg.Imports, 1) + d.resolveAndAdd(pkg.TestImports, 1) + d.resolveAndAdd(pkg.XTestImports, 1) + + delete(d.deps, pkg.Dir) + return nil +} + +func (d Dependencies) addDepsForDepth(depth int) { + for dep, depDepth := range d.deps { + if depDepth == depth { + d.addDepsForDep(dep, depth+1) + } + } +} + +func (d Dependencies) addDepsForDep(dep string, depth int) { + pkg, err := build.ImportDir(dep, 0) + if err != nil { + println(err.Error()) + return + } + d.resolveAndAdd(pkg.Imports, depth) +} + +func (d Dependencies) resolveAndAdd(deps []string, depth int) { + for _, dep := range deps { + pkg, err := build.Import(dep, ".", 0) + if err != nil { + continue + } + if !pkg.Goroot && (!ginkgoAndGomegaFilter.Match([]byte(pkg.Dir)) || ginkgoIntegrationTestFilter.Match([]byte(pkg.Dir))) { + d.addDepIfNotPresent(pkg.Dir, depth) + } + } +} + +func (d Dependencies) addDepIfNotPresent(dep string, depth int) { + _, ok := d.deps[dep] + if !ok { + d.deps[dep] = depth + } +} diff --git a/vendor/github.com/onsi/ginkgo/v2/ginkgo/watch/package_hash.go b/vendor/github.com/onsi/ginkgo/v2/ginkgo/watch/package_hash.go new file mode 100644 index 000000000..e9f7ec0cb --- /dev/null +++ b/vendor/github.com/onsi/ginkgo/v2/ginkgo/watch/package_hash.go @@ -0,0 +1,108 @@ +package watch + +import ( + "fmt" + "os" + "regexp" + "time" +) + +var goTestRegExp = regexp.MustCompile(`_test\.go$`) + +type PackageHash struct { + CodeModifiedTime time.Time + TestModifiedTime time.Time + Deleted bool + + path string + codeHash string + testHash string + watchRegExp *regexp.Regexp +} + +func NewPackageHash(path string, watchRegExp *regexp.Regexp) *PackageHash { + p := &PackageHash{ + path: path, + watchRegExp: watchRegExp, + } + + p.codeHash, _, p.testHash, _, p.Deleted = p.computeHashes() + + return p +} + +func (p *PackageHash) CheckForChanges() bool { + codeHash, codeModifiedTime, testHash, testModifiedTime, deleted := p.computeHashes() + + if deleted { + if !p.Deleted { + t := time.Now() + p.CodeModifiedTime = t + p.TestModifiedTime = t + } + p.Deleted = true + return true + } + + modified := false + p.Deleted = false + + if p.codeHash != codeHash { + p.CodeModifiedTime = codeModifiedTime + modified = true + } + if p.testHash != testHash { + p.TestModifiedTime = testModifiedTime + modified = true + } + + p.codeHash = codeHash + p.testHash = testHash + return modified +} + +func (p *PackageHash) computeHashes() (codeHash string, codeModifiedTime time.Time, testHash string, testModifiedTime time.Time, deleted bool) { + entries, err := os.ReadDir(p.path) + + if err != nil { + deleted = true + return + } + + for _, entry := range entries { + if entry.IsDir() { + continue + } + + info, err := entry.Info() + if err != nil { + continue + } + + if goTestRegExp.Match([]byte(info.Name())) { + testHash += p.hashForFileInfo(info) + if info.ModTime().After(testModifiedTime) { + testModifiedTime = info.ModTime() + } + continue + } + + if p.watchRegExp.Match([]byte(info.Name())) { + codeHash += p.hashForFileInfo(info) + if info.ModTime().After(codeModifiedTime) { + codeModifiedTime = info.ModTime() + } + } + } + + testHash += codeHash + if codeModifiedTime.After(testModifiedTime) { + testModifiedTime = codeModifiedTime + } + + return +} + +func (p *PackageHash) hashForFileInfo(info os.FileInfo) string { + return fmt.Sprintf("%s_%d_%d", info.Name(), info.Size(), info.ModTime().UnixNano()) +} diff --git a/vendor/github.com/onsi/ginkgo/v2/ginkgo/watch/package_hashes.go b/vendor/github.com/onsi/ginkgo/v2/ginkgo/watch/package_hashes.go new file mode 100644 index 000000000..b4892bebf --- /dev/null +++ b/vendor/github.com/onsi/ginkgo/v2/ginkgo/watch/package_hashes.go @@ -0,0 +1,85 @@ +package watch + +import ( + "path/filepath" + "regexp" + "sync" +) + +type PackageHashes struct { + PackageHashes map[string]*PackageHash + usedPaths map[string]bool + watchRegExp *regexp.Regexp + lock *sync.Mutex +} + +func NewPackageHashes(watchRegExp *regexp.Regexp) *PackageHashes { + return &PackageHashes{ + PackageHashes: map[string]*PackageHash{}, + usedPaths: nil, + watchRegExp: watchRegExp, + lock: &sync.Mutex{}, + } +} + +func (p *PackageHashes) CheckForChanges() []string { + p.lock.Lock() + defer p.lock.Unlock() + + modified := []string{} + + for _, packageHash := range p.PackageHashes { + if packageHash.CheckForChanges() { + modified = append(modified, packageHash.path) + } + } + + return modified +} + +func (p *PackageHashes) Add(path string) *PackageHash { + p.lock.Lock() + defer p.lock.Unlock() + + path, _ = filepath.Abs(path) + _, ok := p.PackageHashes[path] + if !ok { + p.PackageHashes[path] = NewPackageHash(path, p.watchRegExp) + } + + if p.usedPaths != nil { + p.usedPaths[path] = true + } + return p.PackageHashes[path] +} + +func (p *PackageHashes) Get(path string) *PackageHash { + p.lock.Lock() + defer p.lock.Unlock() + + path, _ = filepath.Abs(path) + if p.usedPaths != nil { + p.usedPaths[path] = true + } + return p.PackageHashes[path] +} + +func (p *PackageHashes) StartTrackingUsage() { + p.lock.Lock() + defer p.lock.Unlock() + + p.usedPaths = map[string]bool{} +} + +func (p *PackageHashes) StopTrackingUsageAndPrune() { + p.lock.Lock() + defer p.lock.Unlock() + + for path := range p.PackageHashes { + if !p.usedPaths[path] { + delete(p.PackageHashes, path) + } + } + + p.usedPaths = nil +} diff --git a/vendor/github.com/onsi/ginkgo/v2/ginkgo/watch/suite.go b/vendor/github.com/onsi/ginkgo/v2/ginkgo/watch/suite.go new file mode 100644 index 000000000..53272df7e --- /dev/null +++ b/vendor/github.com/onsi/ginkgo/v2/ginkgo/watch/suite.go @@ -0,0 +1,87 @@ +package watch + +import ( + "fmt" + "math" + "time" + + "github.com/onsi/ginkgo/v2/ginkgo/internal" +) + +type Suite struct { + Suite internal.TestSuite + RunTime time.Time + Dependencies Dependencies + + sharedPackageHashes *PackageHashes +} + +func NewSuite(suite internal.TestSuite, maxDepth int, sharedPackageHashes *PackageHashes) (*Suite, error) { + deps, err := NewDependencies(suite.Path, maxDepth) + if err != nil { + return nil, err + } + + sharedPackageHashes.Add(suite.Path) + for dep := range deps.Dependencies() { + sharedPackageHashes.Add(dep) + } + + return &Suite{ + Suite: suite, + Dependencies: deps, + + sharedPackageHashes: sharedPackageHashes, + }, nil +} + +func (s *Suite) Delta() float64 { + delta := s.delta(s.Suite.Path, true, 0) * 1000 + for dep, depth := range s.Dependencies.Dependencies() { + delta += s.delta(dep, false, depth) + } + return delta +} + +func (s *Suite) MarkAsRunAndRecomputedDependencies(maxDepth int) error { + s.RunTime = time.Now() + + deps, err := NewDependencies(s.Suite.Path, maxDepth) + if err != nil { + return err + } + + s.sharedPackageHashes.Add(s.Suite.Path) + for dep := range deps.Dependencies() { + s.sharedPackageHashes.Add(dep) + } + + s.Dependencies = deps + + return nil +} + +func (s *Suite) Description() string { + numDeps := len(s.Dependencies.Dependencies()) + pluralizer := "ies" + if numDeps == 1 { + pluralizer = "y" + } + return fmt.Sprintf("%s [%d dependenc%s]", s.Suite.Path, numDeps, pluralizer) +} + +func (s *Suite) delta(packagePath string, includeTests bool, depth int) float64 { + return math.Max(float64(s.dt(packagePath, includeTests)), 0) / float64(depth+1) +} + +func (s *Suite) dt(packagePath string, includeTests bool) time.Duration { + packageHash := s.sharedPackageHashes.Get(packagePath) + var modifiedTime time.Time + if includeTests { + modifiedTime = packageHash.TestModifiedTime + } else { + modifiedTime = packageHash.CodeModifiedTime + } + + return modifiedTime.Sub(s.RunTime) +} diff --git a/vendor/github.com/onsi/ginkgo/v2/ginkgo/watch/watch_command.go b/vendor/github.com/onsi/ginkgo/v2/ginkgo/watch/watch_command.go new file mode 100644 index 000000000..bde4193ce --- /dev/null +++ b/vendor/github.com/onsi/ginkgo/v2/ginkgo/watch/watch_command.go @@ -0,0 +1,192 @@ +package watch + +import ( + "fmt" + "regexp" + "time" + + "github.com/onsi/ginkgo/v2/formatter" + "github.com/onsi/ginkgo/v2/ginkgo/command" + "github.com/onsi/ginkgo/v2/ginkgo/internal" + "github.com/onsi/ginkgo/v2/internal/interrupt_handler" + "github.com/onsi/ginkgo/v2/types" +) + +func BuildWatchCommand() command.Command { + var suiteConfig = types.NewDefaultSuiteConfig() + var reporterConfig = types.NewDefaultReporterConfig() + var cliConfig = types.NewDefaultCLIConfig() + var goFlagsConfig = types.NewDefaultGoFlagsConfig() + + flags, err := types.BuildWatchCommandFlagSet(&suiteConfig, &reporterConfig, &cliConfig, &goFlagsConfig) + if err != nil { + panic(err) + } + interruptHandler := interrupt_handler.NewInterruptHandler(nil) + interrupt_handler.SwallowSigQuit() + + return command.Command{ + Name: "watch", + Flags: flags, + Usage: "ginkgo watch -- ", + ShortDoc: "Watch the passed in and runs their tests whenever changes occur.", + Documentation: "Any arguments after -- will be passed to the test.", + DocLink: "watching-for-changes", + Command: func(args []string, additionalArgs []string) { + var errors []error + cliConfig, goFlagsConfig, errors = types.VetAndInitializeCLIAndGoConfig(cliConfig, goFlagsConfig) + command.AbortIfErrors("Ginkgo detected configuration issues:", errors) + + watcher := &SpecWatcher{ + cliConfig: cliConfig, + goFlagsConfig: goFlagsConfig, + suiteConfig: suiteConfig, + reporterConfig: reporterConfig, + flags: flags, + + interruptHandler: interruptHandler, + } + + watcher.WatchSpecs(args, additionalArgs) + }, + } +} + +type SpecWatcher struct { + suiteConfig types.SuiteConfig + reporterConfig types.ReporterConfig + cliConfig types.CLIConfig + goFlagsConfig types.GoFlagsConfig + flags types.GinkgoFlagSet + + interruptHandler *interrupt_handler.InterruptHandler +} + +func (w *SpecWatcher) WatchSpecs(args []string, additionalArgs []string) { + suites := internal.FindSuites(args, w.cliConfig, false).WithoutState(internal.TestSuiteStateSkippedByFilter) + + internal.VerifyCLIAndFrameworkVersion(suites) + + if len(suites) == 0 { + command.AbortWith("Found no test suites") + } + + fmt.Printf("Identified %d test %s. Locating dependencies to a depth of %d (this may take a while)...\n", len(suites), internal.PluralizedWord("suite", "suites", len(suites)), w.cliConfig.Depth) + deltaTracker := NewDeltaTracker(w.cliConfig.Depth, regexp.MustCompile(w.cliConfig.WatchRegExp)) + delta, errors := deltaTracker.Delta(suites) + + fmt.Printf("Watching %d %s:\n", len(delta.NewSuites), internal.PluralizedWord("suite", "suites", len(delta.NewSuites))) + for _, suite := range delta.NewSuites { + fmt.Println(" " + suite.Description()) + } + + for suite, err := range errors { + fmt.Printf("Failed to watch %s: %s\n", suite.PackageName, err) + } + + if len(suites) == 1 { + w.updateSeed() + w.compileAndRun(suites[0], additionalArgs) + } + + ticker := time.NewTicker(time.Second) + + for { + select { + case <-ticker.C: + suites := internal.FindSuites(args, w.cliConfig, false).WithoutState(internal.TestSuiteStateSkippedByFilter) + delta, _ := deltaTracker.Delta(suites) + coloredStream := formatter.ColorableStdOut + + suites = internal.TestSuites{} + + if len(delta.NewSuites) > 0 { + fmt.Fprintln(coloredStream, formatter.F("{{green}}Detected %d new %s:{{/}}", len(delta.NewSuites), internal.PluralizedWord("suite", "suites", len(delta.NewSuites)))) + for _, suite := range delta.NewSuites { + suites = append(suites, suite.Suite) + fmt.Fprintln(coloredStream, formatter.Fi(1, "%s", suite.Description())) + } + } + + modifiedSuites := delta.ModifiedSuites() + if len(modifiedSuites) > 0 { + fmt.Fprintln(coloredStream, formatter.F("{{green}}Detected changes in:{{/}}")) + for _, pkg := range delta.ModifiedPackages { + fmt.Fprintln(coloredStream, formatter.Fi(1, "%s", pkg)) + } + fmt.Fprintln(coloredStream, formatter.F("{{green}}Will run %d %s:{{/}}", len(modifiedSuites), internal.PluralizedWord("suite", "suites", len(modifiedSuites)))) + for _, suite := range modifiedSuites { + suites = append(suites, suite.Suite) + fmt.Fprintln(coloredStream, formatter.Fi(1, "%s", suite.Description())) + } + fmt.Fprintln(coloredStream, "") + } + + if len(suites) == 0 { + break + } + + w.updateSeed() + w.computeSuccinctMode(len(suites)) + for idx := range suites { + if w.interruptHandler.Status().Interrupted() { + return + } + deltaTracker.WillRun(suites[idx]) + suites[idx] = w.compileAndRun(suites[idx], additionalArgs) + } + color := "{{green}}" + if suites.CountWithState(internal.TestSuiteStateFailureStates...) > 0 { + color = "{{red}}" + } + fmt.Fprintln(coloredStream, formatter.F(color+"\nDone. Resuming watch...{{/}}")) + + messages, err := internal.FinalizeProfilesAndReportsForSuites(suites, w.cliConfig, w.suiteConfig, w.reporterConfig, w.goFlagsConfig) + command.AbortIfError("could not finalize profiles:", err) + for _, message := range messages { + fmt.Println(message) + } + case <-w.interruptHandler.Status().Channel: + return + } + } +} + +func (w *SpecWatcher) compileAndRun(suite internal.TestSuite, additionalArgs []string) internal.TestSuite { + suite = internal.CompileSuite(suite, w.goFlagsConfig) + if suite.State.Is(internal.TestSuiteStateFailedToCompile) { + fmt.Println(suite.CompilationError.Error()) + return suite + } + if w.interruptHandler.Status().Interrupted() { + return suite + } + suite = internal.RunCompiledSuite(suite, w.suiteConfig, w.reporterConfig, w.cliConfig, w.goFlagsConfig, additionalArgs) + internal.Cleanup(w.goFlagsConfig, suite) + return suite +} + +func (w *SpecWatcher) computeSuccinctMode(numSuites int) { + if w.reporterConfig.Verbosity().GTE(types.VerbosityLevelVerbose) { + w.reporterConfig.Succinct = false + return + } + + if w.flags.WasSet("succinct") { + return + } + + if numSuites == 1 { + w.reporterConfig.Succinct = false + } + + if numSuites > 1 { + w.reporterConfig.Succinct = true + } +} + +func (w *SpecWatcher) updateSeed() { + if !w.flags.WasSet("seed") { + w.suiteConfig.RandomSeed = time.Now().Unix() + } +} diff --git a/vendor/github.com/onsi/ginkgo/v2/ginkgo_cli_dependencies.go b/vendor/github.com/onsi/ginkgo/v2/ginkgo_cli_dependencies.go new file mode 100644 index 000000000..85162720f --- /dev/null +++ b/vendor/github.com/onsi/ginkgo/v2/ginkgo_cli_dependencies.go @@ -0,0 +1,8 @@ +//go:build ginkgoclidependencies +// +build ginkgoclidependencies + +package ginkgo + +import ( + _ "github.com/onsi/ginkgo/v2/ginkgo" +) diff --git a/vendor/github.com/onsi/ginkgo/v2/ginkgo_t_dsl.go b/vendor/github.com/onsi/ginkgo/v2/ginkgo_t_dsl.go index 1beeb1144..28447ffdd 100644 --- a/vendor/github.com/onsi/ginkgo/v2/ginkgo_t_dsl.go +++ b/vendor/github.com/onsi/ginkgo/v2/ginkgo_t_dsl.go @@ -1,26 +1,42 @@ package ginkgo -import "github.com/onsi/ginkgo/v2/internal/testingtproxy" +import ( + "github.com/onsi/ginkgo/v2/internal/testingtproxy" +) /* -GinkgoT() implements an interface analogous to *testing.T and can be used with -third-party libraries that accept *testing.T through an interface. +GinkgoT() implements an interface that allows third party libraries to integrate with and build on top of Ginkgo. + +GinkgoT() is analogous to *testing.T and implements the majority of *testing.T's methods. It can be typically be used a a drop-in replacement with third-party libraries that accept *testing.T through an interface. GinkgoT() takes an optional offset argument that can be used to get the -correct line number associated with the failure. +correct line number associated with the failure - though you do not need to use this if you call GinkgoHelper() or GinkgoT().Helper() appropriately You can learn more here: https://onsi.github.io/ginkgo/#using-third-party-libraries */ -func GinkgoT(optionalOffset ...int) GinkgoTInterface { +func GinkgoT(optionalOffset ...int) FullGinkgoTInterface { offset := 3 if len(optionalOffset) > 0 { offset = optionalOffset[0] } - return testingtproxy.New(GinkgoWriter, Fail, Skip, DeferCleanup, CurrentSpecReport, offset) + return testingtproxy.New( + GinkgoWriter, + Fail, + Skip, + DeferCleanup, + CurrentSpecReport, + AddReportEntry, + GinkgoRecover, + AttachProgressReporter, + suiteConfig.RandomSeed, + suiteConfig.ParallelProcess, + suiteConfig.ParallelTotal, + reporterConfig.NoColor, + offset) } /* -The interface returned by GinkgoT(). This covers most of the methods in the testing package's T. +The portion of the interface returned by GinkgoT() that maps onto methods in the testing package's T. */ type GinkgoTInterface interface { Cleanup(func()) @@ -43,3 +59,36 @@ type GinkgoTInterface interface { Skipped() bool TempDir() string } + +/* +Additional methods returned by GinkgoT() that provide deeper integration points into Ginkgo +*/ +type FullGinkgoTInterface interface { + GinkgoTInterface + + AddReportEntryVisibilityAlways(name string, args ...any) + AddReportEntryVisibilityFailureOrVerbose(name string, args ...any) + AddReportEntryVisibilityNever(name string, args ...any) + + //Prints to the GinkgoWriter + Print(a ...interface{}) + Printf(format string, a ...interface{}) + Println(a ...interface{}) + + //Provides access to Ginkgo's color formatting, correctly configured to match the color settings specified in the invocation of ginkgo + F(format string, args ...any) string + Fi(indentation uint, format string, args ...any) string + Fiw(indentation uint, maxWidth uint, format string, args ...any) string + + //Generates a formatted string version of the current spec's timeline + RenderTimeline() string + + GinkgoRecover() + DeferCleanup(args ...any) + + RandomSeed() int64 + ParallelProcess() int + ParallelTotal() int + + AttachProgressReporter(func() string) func() +} diff --git a/vendor/github.com/onsi/ginkgo/v2/internal/focus.go b/vendor/github.com/onsi/ginkgo/v2/internal/focus.go index 966ea0c1a..e3da7d14d 100644 --- a/vendor/github.com/onsi/ginkgo/v2/internal/focus.go +++ b/vendor/github.com/onsi/ginkgo/v2/internal/focus.go @@ -8,22 +8,22 @@ import ( ) /* - If a container marked as focus has a descendant that is also marked as focus, Ginkgo's policy is to - unmark the container's focus. This gives developers a more intuitive experience when debugging specs. - It is common to focus a container to just run a subset of specs, then identify the specific specs within the container to focus - - this policy allows the developer to simply focus those specific specs and not need to go back and turn the focus off of the container: - - As a common example, consider: - - FDescribe("something to debug", function() { - It("works", function() {...}) - It("works", function() {...}) - FIt("doesn't work", function() {...}) - It("works", function() {...}) - }) - - here the developer's intent is to focus in on the `"doesn't work"` spec and not to run the adjacent specs in the focused `"something to debug"` container. - The nested policy applied by this function enables this behavior. +If a container marked as focus has a descendant that is also marked as focus, Ginkgo's policy is to +unmark the container's focus. This gives developers a more intuitive experience when debugging specs. +It is common to focus a container to just run a subset of specs, then identify the specific specs within the container to focus - +this policy allows the developer to simply focus those specific specs and not need to go back and turn the focus off of the container: + +As a common example, consider: + + FDescribe("something to debug", function() { + It("works", function() {...}) + It("works", function() {...}) + FIt("doesn't work", function() {...}) + It("works", function() {...}) + }) + +here the developer's intent is to focus in on the `"doesn't work"` spec and not to run the adjacent specs in the focused `"something to debug"` container. +The nested policy applied by this function enables this behavior. */ func ApplyNestedFocusPolicyToTree(tree *TreeNode) { var walkTree func(tree *TreeNode) bool @@ -44,46 +44,43 @@ func ApplyNestedFocusPolicyToTree(tree *TreeNode) { } /* - Ginkgo supports focussing specs using `FIt`, `FDescribe`, etc. - this is called "programmatic focus" - It also supports focussing specs using regular expressions on the command line (`-focus=`, `-skip=`) that match against spec text - and file filters (`-focus-files=`, `-skip-files=`) that match against code locations for nodes in specs. +Ginkgo supports focussing specs using `FIt`, `FDescribe`, etc. - this is called "programmatic focus" +It also supports focussing specs using regular expressions on the command line (`-focus=`, `-skip=`) that match against spec text and file filters (`-focus-files=`, `-skip-files=`) that match against code locations for nodes in specs. - If any of the CLI flags are provided they take precedence. The file filters run first followed by the regex filters. +When both programmatic and file filters are provided their results are ANDed together. If multiple kinds of filters are provided, the file filters run first followed by the regex filters. - This function sets the `Skip` property on specs by applying Ginkgo's focus policy: - - If there are no CLI arguments and no programmatic focus, do nothing. - - If there are no CLI arguments but a spec somewhere has programmatic focus, skip any specs that have no programmatic focus. - - If there are CLI arguments parse them and skip any specs that either don't match the focus filters or do match the skip filters. +This function sets the `Skip` property on specs by applying Ginkgo's focus policy: +- If there are no CLI arguments and no programmatic focus, do nothing. +- If a spec somewhere has programmatic focus skip any specs that have no programmatic focus. +- If there are CLI arguments parse them and skip any specs that either don't match the focus filters or do match the skip filters. - *Note:* specs with pending nodes are Skipped when created by NewSpec. +*Note:* specs with pending nodes are Skipped when created by NewSpec. */ func ApplyFocusToSpecs(specs Specs, description string, suiteLabels Labels, suiteConfig types.SuiteConfig) (Specs, bool) { focusString := strings.Join(suiteConfig.FocusStrings, "|") skipString := strings.Join(suiteConfig.SkipStrings, "|") - hasFocusCLIFlags := focusString != "" || skipString != "" || len(suiteConfig.SkipFiles) > 0 || len(suiteConfig.FocusFiles) > 0 || suiteConfig.LabelFilter != "" - type SkipCheck func(spec Spec) bool // by default, skip any specs marked pending skipChecks := []SkipCheck{func(spec Spec) bool { return spec.Nodes.HasNodeMarkedPending() }} hasProgrammaticFocus := false - if !hasFocusCLIFlags { - // check for programmatic focus - for _, spec := range specs { - if spec.Nodes.HasNodeMarkedFocus() && !spec.Nodes.HasNodeMarkedPending() { - skipChecks = append(skipChecks, func(spec Spec) bool { return !spec.Nodes.HasNodeMarkedFocus() }) - hasProgrammaticFocus = true - break - } + for _, spec := range specs { + if spec.Nodes.HasNodeMarkedFocus() && !spec.Nodes.HasNodeMarkedPending() { + hasProgrammaticFocus = true + break } } + if hasProgrammaticFocus { + skipChecks = append(skipChecks, func(spec Spec) bool { return !spec.Nodes.HasNodeMarkedFocus() }) + } + if suiteConfig.LabelFilter != "" { labelFilter, _ := types.ParseLabelFilter(suiteConfig.LabelFilter) - skipChecks = append(skipChecks, func(spec Spec) bool { - return !labelFilter(UnionOfLabels(suiteLabels, spec.Nodes.UnionOfLabels())) + skipChecks = append(skipChecks, func(spec Spec) bool { + return !labelFilter(UnionOfLabels(suiteLabels, spec.Nodes.UnionOfLabels())) }) } diff --git a/vendor/github.com/onsi/ginkgo/v2/internal/group.go b/vendor/github.com/onsi/ginkgo/v2/internal/group.go index 82d929aa5..ae1b7b011 100644 --- a/vendor/github.com/onsi/ginkgo/v2/internal/group.go +++ b/vendor/github.com/onsi/ginkgo/v2/internal/group.go @@ -94,15 +94,19 @@ type group struct { runOncePairs map[uint]runOncePairs runOnceTracker map[runOncePair]types.SpecState - succeeded bool + succeeded bool + failedInARunOnceBefore bool + continueOnFailure bool } func newGroup(suite *Suite) *group { return &group{ - suite: suite, - runOncePairs: map[uint]runOncePairs{}, - runOnceTracker: map[runOncePair]types.SpecState{}, - succeeded: true, + suite: suite, + runOncePairs: map[uint]runOncePairs{}, + runOnceTracker: map[runOncePair]types.SpecState{}, + succeeded: true, + failedInARunOnceBefore: false, + continueOnFailure: false, } } @@ -116,8 +120,11 @@ func (g *group) initialReportForSpec(spec Spec) types.SpecReport { LeafNodeText: spec.FirstNodeWithType(types.NodeTypeIt).Text, LeafNodeLabels: []string(spec.FirstNodeWithType(types.NodeTypeIt).Labels), ParallelProcess: g.suite.config.ParallelProcess, + RunningInParallel: g.suite.isRunningInParallel(), IsSerial: spec.Nodes.HasNodeMarkedSerial(), IsInOrderedContainer: !spec.Nodes.FirstNodeMarkedOrdered().IsZero(), + MaxFlakeAttempts: spec.Nodes.GetMaxFlakeAttempts(), + MaxMustPassRepeatedly: spec.Nodes.GetMaxMustPassRepeatedly(), } } @@ -134,10 +141,14 @@ func (g *group) evaluateSkipStatus(spec Spec) (types.SpecState, types.Failure) { if !g.suite.deadline.IsZero() && g.suite.deadline.Before(time.Now()) { return types.SpecStateSkipped, types.Failure{} } - if !g.succeeded { + if !g.succeeded && !g.continueOnFailure { return types.SpecStateSkipped, g.suite.failureForLeafNodeWithMessage(spec.FirstNodeWithType(types.NodeTypeIt), "Spec skipped because an earlier spec in an ordered container failed") } + if g.failedInARunOnceBefore && g.continueOnFailure { + return types.SpecStateSkipped, g.suite.failureForLeafNodeWithMessage(spec.FirstNodeWithType(types.NodeTypeIt), + "Spec skipped because a BeforeAll node failed") + } beforeOncePairs := g.runOncePairs[spec.SubjectID()].withType(types.NodeTypeBeforeAll | types.NodeTypeBeforeEach | types.NodeTypeJustBeforeEach) for _, pair := range beforeOncePairs { if g.runOnceTracker[pair].Is(types.SpecStateSkipped) { @@ -165,7 +176,8 @@ func (g *group) isLastSpecWithPair(specID uint, pair runOncePair) bool { return lastSpecID == specID } -func (g *group) attemptSpec(isFinalAttempt bool, spec Spec) { +func (g *group) attemptSpec(isFinalAttempt bool, spec Spec) bool { + failedInARunOnceBefore := false pairs := g.runOncePairs[spec.SubjectID()] nodes := spec.Nodes.WithType(types.NodeTypeBeforeAll) @@ -191,6 +203,7 @@ func (g *group) attemptSpec(isFinalAttempt bool, spec Spec) { } if g.suite.currentSpecReport.State != types.SpecStatePassed { terminatingNode, terminatingPair = node, oncePair + failedInARunOnceBefore = !terminatingPair.isZero() break } } @@ -213,7 +226,7 @@ func (g *group) attemptSpec(isFinalAttempt bool, spec Spec) { //this node has already been run on this attempt, don't rerun it return false } - pair := runOncePair{} + var pair runOncePair switch node.NodeType { case types.NodeTypeCleanupAfterEach, types.NodeTypeCleanupAfterAll: // check if we were generated in an AfterNode that has already run @@ -243,9 +256,13 @@ func (g *group) attemptSpec(isFinalAttempt bool, spec Spec) { if !terminatingPair.isZero() && terminatingNode.NestingLevel == node.NestingLevel { return true //...or, a run-once node at our nesting level was skipped which means this is our last chance to run } - case types.SpecStateFailed, types.SpecStatePanicked: // the spec has failed... + case types.SpecStateFailed, types.SpecStatePanicked, types.SpecStateTimedout: // the spec has failed... if isFinalAttempt { - return true //...if this was the last attempt then we're the last spec to run and so the AfterNode should run + if g.continueOnFailure { + return isLastSpecWithPair || failedInARunOnceBefore //...we're configured to continue on failures - so we should only run if we're the last spec for this pair or if we failed in a runOnceBefore (which means we _are_ the last spec to run) + } else { + return true //...this was the last attempt and continueOnFailure is false therefore we are the last spec to run and so the AfterNode should run + } } if !terminatingPair.isZero() { // ...and it failed in a run-once. which will be running again if node.NodeType.Is(types.NodeTypeCleanupAfterEach | types.NodeTypeCleanupAfterAll) { @@ -278,10 +295,12 @@ func (g *group) attemptSpec(isFinalAttempt bool, spec Spec) { includeDeferCleanups = true } + return failedInARunOnceBefore } func (g *group) run(specs Specs) { g.specs = specs + g.continueOnFailure = specs[0].Nodes.FirstNodeMarkedOrdered().MarkedContinueOnFailure for _, spec := range g.specs { g.runOncePairs[spec.SubjectID()] = runOncePairsForSpec(spec) } @@ -298,28 +317,52 @@ func (g *group) run(specs Specs) { skip := g.suite.config.DryRun || g.suite.currentSpecReport.State.Is(types.SpecStateFailureStates|types.SpecStateSkipped|types.SpecStatePending) g.suite.currentSpecReport.StartTime = time.Now() + failedInARunOnceBefore := false if !skip { - maxAttempts := max(1, spec.FlakeAttempts()) - if g.suite.config.FlakeAttempts > 0 { + var maxAttempts = 1 + + if g.suite.currentSpecReport.MaxMustPassRepeatedly > 0 { + maxAttempts = max(1, spec.MustPassRepeatedly()) + } else if g.suite.config.FlakeAttempts > 0 { maxAttempts = g.suite.config.FlakeAttempts + g.suite.currentSpecReport.MaxFlakeAttempts = maxAttempts + } else if g.suite.currentSpecReport.MaxFlakeAttempts > 0 { + maxAttempts = max(1, spec.FlakeAttempts()) } + for attempt := 0; attempt < maxAttempts; attempt++ { g.suite.currentSpecReport.NumAttempts = attempt + 1 g.suite.writer.Truncate() g.suite.outputInterceptor.StartInterceptingOutput() if attempt > 0 { - fmt.Fprintf(g.suite.writer, "\nGinkgo: Attempt #%d Failed. Retrying...\n", attempt) + if g.suite.currentSpecReport.MaxMustPassRepeatedly > 0 { + g.suite.handleSpecEvent(types.SpecEvent{SpecEventType: types.SpecEventSpecRepeat, Attempt: attempt}) + } + if g.suite.currentSpecReport.MaxFlakeAttempts > 0 { + g.suite.handleSpecEvent(types.SpecEvent{SpecEventType: types.SpecEventSpecRetry, Attempt: attempt}) + } } - g.attemptSpec(attempt == maxAttempts-1, spec) + failedInARunOnceBefore = g.attemptSpec(attempt == maxAttempts-1, spec) g.suite.currentSpecReport.EndTime = time.Now() g.suite.currentSpecReport.RunTime = g.suite.currentSpecReport.EndTime.Sub(g.suite.currentSpecReport.StartTime) g.suite.currentSpecReport.CapturedGinkgoWriterOutput += string(g.suite.writer.Bytes()) g.suite.currentSpecReport.CapturedStdOutErr += g.suite.outputInterceptor.StopInterceptingAndReturnOutput() - if g.suite.currentSpecReport.State.Is(types.SpecStatePassed | types.SpecStateSkipped | types.SpecStateAborted | types.SpecStateInterrupted) { - break + if g.suite.currentSpecReport.MaxMustPassRepeatedly > 0 { + if g.suite.currentSpecReport.State.Is(types.SpecStateFailureStates | types.SpecStateSkipped) { + break + } + } + if g.suite.currentSpecReport.MaxFlakeAttempts > 0 { + if g.suite.currentSpecReport.State.Is(types.SpecStatePassed | types.SpecStateSkipped | types.SpecStateAborted | types.SpecStateInterrupted) { + break + } else if attempt < maxAttempts-1 { + af := types.AdditionalFailure{State: g.suite.currentSpecReport.State, Failure: g.suite.currentSpecReport.Failure} + af.Failure.Message = fmt.Sprintf("Failure recorded during attempt %d:\n%s", attempt+1, af.Failure.Message) + g.suite.currentSpecReport.AdditionalFailures = append(g.suite.currentSpecReport.AdditionalFailures, af) + } } } } @@ -328,6 +371,7 @@ func (g *group) run(specs Specs) { g.suite.processCurrentSpecReport() if g.suite.currentSpecReport.State.Is(types.SpecStateFailureStates) { g.succeeded = false + g.failedInARunOnceBefore = g.failedInARunOnceBefore || failedInARunOnceBefore } g.suite.selectiveLock.Lock() g.suite.currentSpecReport = types.SpecReport{} diff --git a/vendor/github.com/onsi/ginkgo/v2/internal/interrupt_handler/interrupt_handler.go b/vendor/github.com/onsi/ginkgo/v2/internal/interrupt_handler/interrupt_handler.go index ac6f51040..8ed86111f 100644 --- a/vendor/github.com/onsi/ginkgo/v2/internal/interrupt_handler/interrupt_handler.go +++ b/vendor/github.com/onsi/ginkgo/v2/internal/interrupt_handler/interrupt_handler.go @@ -10,7 +10,7 @@ import ( "github.com/onsi/ginkgo/v2/internal/parallel_support" ) -const ABORT_POLLING_INTERVAL = 500 * time.Millisecond +var ABORT_POLLING_INTERVAL = 500 * time.Millisecond type InterruptCause uint @@ -62,13 +62,14 @@ type InterruptHandlerInterface interface { } type InterruptHandler struct { - c chan interface{} - lock *sync.Mutex - level InterruptLevel - cause InterruptCause - client parallel_support.Client - stop chan interface{} - signals []os.Signal + c chan interface{} + lock *sync.Mutex + level InterruptLevel + cause InterruptCause + client parallel_support.Client + stop chan interface{} + signals []os.Signal + requestAbortCheck chan interface{} } func NewInterruptHandler(client parallel_support.Client, signals ...os.Signal) *InterruptHandler { @@ -76,11 +77,12 @@ func NewInterruptHandler(client parallel_support.Client, signals ...os.Signal) * signals = []os.Signal{os.Interrupt, syscall.SIGTERM} } handler := &InterruptHandler{ - c: make(chan interface{}), - lock: &sync.Mutex{}, - stop: make(chan interface{}), - client: client, - signals: signals, + c: make(chan interface{}), + lock: &sync.Mutex{}, + stop: make(chan interface{}), + requestAbortCheck: make(chan interface{}), + client: client, + signals: signals, } handler.registerForInterrupts() return handler @@ -109,6 +111,12 @@ func (handler *InterruptHandler) registerForInterrupts() { pollTicker.Stop() return } + case <-handler.requestAbortCheck: + if handler.client.ShouldAbort() { + close(abortChannel) + pollTicker.Stop() + return + } case <-handler.stop: pollTicker.Stop() return @@ -152,11 +160,18 @@ func (handler *InterruptHandler) registerForInterrupts() { func (handler *InterruptHandler) Status() InterruptStatus { handler.lock.Lock() - defer handler.lock.Unlock() - - return InterruptStatus{ + status := InterruptStatus{ Level: handler.level, Channel: handler.c, Cause: handler.cause, } + handler.lock.Unlock() + + if handler.client != nil && handler.client.ShouldAbort() && !status.Interrupted() { + close(handler.requestAbortCheck) + <-status.Channel + return handler.Status() + } + + return status } diff --git a/vendor/github.com/onsi/ginkgo/v2/internal/node.go b/vendor/github.com/onsi/ginkgo/v2/internal/node.go index 38c13f04f..14c7cf54e 100644 --- a/vendor/github.com/onsi/ginkgo/v2/internal/node.go +++ b/vendor/github.com/onsi/ginkgo/v2/internal/node.go @@ -44,22 +44,23 @@ type Node struct { SynchronizedAfterSuiteProc1Body func(SpecContext) SynchronizedAfterSuiteProc1BodyHasContext bool - ReportEachBody func(types.SpecReport) - ReportAfterSuiteBody func(types.Report) - - MarkedFocus bool - MarkedPending bool - MarkedSerial bool - MarkedOrdered bool - MarkedOncePerOrdered bool - MarkedSuppressProgressReporting bool - FlakeAttempts int - Labels Labels - PollProgressAfter time.Duration - PollProgressInterval time.Duration - NodeTimeout time.Duration - SpecTimeout time.Duration - GracePeriod time.Duration + ReportEachBody func(types.SpecReport) + ReportSuiteBody func(types.Report) + + MarkedFocus bool + MarkedPending bool + MarkedSerial bool + MarkedOrdered bool + MarkedContinueOnFailure bool + MarkedOncePerOrdered bool + FlakeAttempts int + MustPassRepeatedly int + Labels Labels + PollProgressAfter time.Duration + PollProgressInterval time.Duration + NodeTimeout time.Duration + SpecTimeout time.Duration + GracePeriod time.Duration NodeIDWhereCleanupWasGenerated uint } @@ -69,6 +70,7 @@ type focusType bool type pendingType bool type serialType bool type orderedType bool +type continueOnFailureType bool type honorsOrderedType bool type suppressProgressReporting bool @@ -76,10 +78,12 @@ const Focus = focusType(true) const Pending = pendingType(true) const Serial = serialType(true) const Ordered = orderedType(true) +const ContinueOnFailure = continueOnFailureType(true) const OncePerOrdered = honorsOrderedType(true) const SuppressProgressReporting = suppressProgressReporting(true) type FlakeAttempts uint +type MustPassRepeatedly uint type Offset uint type Done chan<- interface{} // Deprecated Done Channel for asynchronous testing type Labels []string @@ -89,6 +93,10 @@ type NodeTimeout time.Duration type SpecTimeout time.Duration type GracePeriod time.Duration +func (l Labels) MatchesLabelFilter(query string) bool { + return types.MustParseLabelFilter(query)(l) +} + func UnionOfLabels(labels ...Labels) Labels { out := Labels{} seen := map[string]bool{} @@ -132,12 +140,16 @@ func isDecoration(arg interface{}) bool { return true case t == reflect.TypeOf(Ordered): return true + case t == reflect.TypeOf(ContinueOnFailure): + return true case t == reflect.TypeOf(OncePerOrdered): return true case t == reflect.TypeOf(SuppressProgressReporting): return true case t == reflect.TypeOf(FlakeAttempts(0)): return true + case t == reflect.TypeOf(MustPassRepeatedly(0)): + return true case t == reflect.TypeOf(Labels{}): return true case t == reflect.TypeOf(PollProgressInterval(0)): @@ -238,21 +250,28 @@ func NewNode(deprecationTracker *types.DeprecationTracker, nodeType types.NodeTy if !nodeType.Is(types.NodeTypeContainer) { appendError(types.GinkgoErrors.InvalidDecoratorForNodeType(node.CodeLocation, nodeType, "Ordered")) } + case t == reflect.TypeOf(ContinueOnFailure): + node.MarkedContinueOnFailure = bool(arg.(continueOnFailureType)) + if !nodeType.Is(types.NodeTypeContainer) { + appendError(types.GinkgoErrors.InvalidDecoratorForNodeType(node.CodeLocation, nodeType, "ContinueOnFailure")) + } case t == reflect.TypeOf(OncePerOrdered): node.MarkedOncePerOrdered = bool(arg.(honorsOrderedType)) if !nodeType.Is(types.NodeTypeBeforeEach | types.NodeTypeJustBeforeEach | types.NodeTypeAfterEach | types.NodeTypeJustAfterEach) { appendError(types.GinkgoErrors.InvalidDecoratorForNodeType(node.CodeLocation, nodeType, "OncePerOrdered")) } case t == reflect.TypeOf(SuppressProgressReporting): - node.MarkedSuppressProgressReporting = bool(arg.(suppressProgressReporting)) - if nodeType.Is(types.NodeTypeContainer) { - appendError(types.GinkgoErrors.InvalidDecoratorForNodeType(node.CodeLocation, nodeType, "SuppressProgressReporting")) - } + deprecationTracker.TrackDeprecation(types.Deprecations.SuppressProgressReporting()) case t == reflect.TypeOf(FlakeAttempts(0)): node.FlakeAttempts = int(arg.(FlakeAttempts)) if !nodeType.Is(types.NodeTypesForContainerAndIt) { appendError(types.GinkgoErrors.InvalidDecoratorForNodeType(node.CodeLocation, nodeType, "FlakeAttempts")) } + case t == reflect.TypeOf(MustPassRepeatedly(0)): + node.MustPassRepeatedly = int(arg.(MustPassRepeatedly)) + if !nodeType.Is(types.NodeTypesForContainerAndIt) { + appendError(types.GinkgoErrors.InvalidDecoratorForNodeType(node.CodeLocation, nodeType, "MustPassRepeatedly")) + } case t == reflect.TypeOf(PollProgressAfter(0)): node.PollProgressAfter = time.Duration(arg.(PollProgressAfter)) if nodeType.Is(types.NodeTypeContainer) { @@ -312,9 +331,9 @@ func NewNode(deprecationTracker *types.DeprecationTracker, nodeType types.NodeTy trackedFunctionError = true break } - } else if nodeType.Is(types.NodeTypeReportAfterSuite) { - if node.ReportAfterSuiteBody == nil { - node.ReportAfterSuiteBody = arg.(func(types.Report)) + } else if nodeType.Is(types.NodeTypeReportBeforeSuite | types.NodeTypeReportAfterSuite) { + if node.ReportSuiteBody == nil { + node.ReportSuiteBody = arg.(func(types.Report)) } else { appendError(types.GinkgoErrors.MultipleBodyFunctions(node.CodeLocation, nodeType)) trackedFunctionError = true @@ -381,13 +400,17 @@ func NewNode(deprecationTracker *types.DeprecationTracker, nodeType types.NodeTy appendError(types.GinkgoErrors.InvalidDeclarationOfFocusedAndPending(node.CodeLocation, nodeType)) } + if node.MarkedContinueOnFailure && !node.MarkedOrdered { + appendError(types.GinkgoErrors.InvalidContinueOnFailureDecoration(node.CodeLocation)) + } + hasContext := node.HasContext || node.SynchronizedAfterSuiteProc1BodyHasContext || node.SynchronizedAfterSuiteAllProcsBodyHasContext || node.SynchronizedBeforeSuiteProc1BodyHasContext || node.SynchronizedBeforeSuiteAllProcsBodyHasContext if !hasContext && (node.NodeTimeout > 0 || node.SpecTimeout > 0 || node.GracePeriod > 0) && len(errors) == 0 { appendError(types.GinkgoErrors.InvalidTimeoutOrGracePeriodForNonContextNode(node.CodeLocation, nodeType)) } - if !node.NodeType.Is(types.NodeTypeReportBeforeEach|types.NodeTypeReportAfterEach|types.NodeTypeSynchronizedBeforeSuite|types.NodeTypeSynchronizedAfterSuite|types.NodeTypeReportAfterSuite) && node.Body == nil && !node.MarkedPending && !trackedFunctionError { + if !node.NodeType.Is(types.NodeTypeReportBeforeEach|types.NodeTypeReportAfterEach|types.NodeTypeSynchronizedBeforeSuite|types.NodeTypeSynchronizedAfterSuite|types.NodeTypeReportBeforeSuite|types.NodeTypeReportAfterSuite) && node.Body == nil && !node.MarkedPending && !trackedFunctionError { appendError(types.GinkgoErrors.MissingBodyFunction(node.CodeLocation, nodeType)) } @@ -403,6 +426,10 @@ func NewNode(deprecationTracker *types.DeprecationTracker, nodeType types.NodeTy appendError(types.GinkgoErrors.UnknownDecorator(node.CodeLocation, nodeType, arg)) } + if node.FlakeAttempts > 0 && node.MustPassRepeatedly > 0 { + appendError(types.GinkgoErrors.InvalidDeclarationOfFlakeAttemptsAndMustPassRepeatedly(node.CodeLocation, nodeType)) + } + if len(errors) > 0 { return Node{}, errors } @@ -495,6 +522,8 @@ func extractSynchronizedBeforeSuiteAllProcsBody(arg interface{}) (func(SpecConte }, hasContext } +var errInterface = reflect.TypeOf((*error)(nil)).Elem() + func NewCleanupNode(deprecationTracker *types.DeprecationTracker, fail func(string, types.CodeLocation), args ...interface{}) (Node, []error) { decorations, remainingArgs := PartitionDecorations(args...) baseOffset := 2 @@ -517,7 +546,7 @@ func NewCleanupNode(deprecationTracker *types.DeprecationTracker, fail func(stri } callback := reflect.ValueOf(remainingArgs[0]) - if !(callback.Kind() == reflect.Func && callback.Type().NumOut() <= 1) { + if !(callback.Kind() == reflect.Func) { return Node{}, []error{types.GinkgoErrors.DeferCleanupInvalidFunction(cl)} } @@ -537,8 +566,12 @@ func NewCleanupNode(deprecationTracker *types.DeprecationTracker, fail func(stri } handleFailure := func(out []reflect.Value) { - if len(out) == 1 && !out[0].IsNil() { - fail(fmt.Sprintf("DeferCleanup callback returned error: %v", out[0]), cl) + if len(out) == 0 { + return + } + last := out[len(out)-1] + if last.Type().Implements(errInterface) && !last.IsNil() { + fail(fmt.Sprintf("DeferCleanup callback returned error: %v", last), cl) } } @@ -842,6 +875,35 @@ func (n Nodes) FirstNodeMarkedOrdered() Node { return Node{} } +func (n Nodes) IndexOfFirstNodeMarkedOrdered() int { + for i := range n { + if n[i].MarkedOrdered { + return i + } + } + return -1 +} + +func (n Nodes) GetMaxFlakeAttempts() int { + maxFlakeAttempts := 0 + for i := range n { + if n[i].FlakeAttempts > 0 { + maxFlakeAttempts = n[i].FlakeAttempts + } + } + return maxFlakeAttempts +} + +func (n Nodes) GetMaxMustPassRepeatedly() int { + maxMustPassRepeatedly := 0 + for i := range n { + if n[i].MustPassRepeatedly > 0 { + maxMustPassRepeatedly = n[i].MustPassRepeatedly + } + } + return maxMustPassRepeatedly +} + func unrollInterfaceSlice(args interface{}) []interface{} { v := reflect.ValueOf(args) if v.Kind() != reflect.Slice { diff --git a/vendor/github.com/onsi/ginkgo/v2/internal/ordering.go b/vendor/github.com/onsi/ginkgo/v2/internal/ordering.go index 161be820c..84eea0a59 100644 --- a/vendor/github.com/onsi/ginkgo/v2/internal/ordering.go +++ b/vendor/github.com/onsi/ginkgo/v2/internal/ordering.go @@ -7,6 +7,65 @@ import ( "github.com/onsi/ginkgo/v2/types" ) +type SortableSpecs struct { + Specs Specs + Indexes []int +} + +func NewSortableSpecs(specs Specs) *SortableSpecs { + indexes := make([]int, len(specs)) + for i := range specs { + indexes[i] = i + } + return &SortableSpecs{ + Specs: specs, + Indexes: indexes, + } +} +func (s *SortableSpecs) Len() int { return len(s.Indexes) } +func (s *SortableSpecs) Swap(i, j int) { s.Indexes[i], s.Indexes[j] = s.Indexes[j], s.Indexes[i] } +func (s *SortableSpecs) Less(i, j int) bool { + a, b := s.Specs[s.Indexes[i]], s.Specs[s.Indexes[j]] + + aNodes, bNodes := a.Nodes.WithType(types.NodeTypesForContainerAndIt), b.Nodes.WithType(types.NodeTypesForContainerAndIt) + + firstOrderedAIdx, firstOrderedBIdx := aNodes.IndexOfFirstNodeMarkedOrdered(), bNodes.IndexOfFirstNodeMarkedOrdered() + if firstOrderedAIdx > -1 && firstOrderedBIdx > -1 && aNodes[firstOrderedAIdx].ID == bNodes[firstOrderedBIdx].ID { + // strictly preserve order within an ordered containers. ID will track this as IDs are generated monotonically + return aNodes.FirstNodeWithType(types.NodeTypeIt).ID < bNodes.FirstNodeWithType(types.NodeTypeIt).ID + } + + // if either spec is in an ordered container - only use the nodes up to the outermost ordered container + if firstOrderedAIdx > -1 { + aNodes = aNodes[:firstOrderedAIdx+1] + } + if firstOrderedBIdx > -1 { + bNodes = bNodes[:firstOrderedBIdx+1] + } + + for i := 0; i < len(aNodes) && i < len(bNodes); i++ { + aCL, bCL := aNodes[i].CodeLocation, bNodes[i].CodeLocation + if aCL.FileName != bCL.FileName { + return aCL.FileName < bCL.FileName + } + if aCL.LineNumber != bCL.LineNumber { + return aCL.LineNumber < bCL.LineNumber + } + } + // either everything is equal or we have different lengths of CLs + if len(aNodes) != len(bNodes) { + return len(aNodes) < len(bNodes) + } + // ok, now we are sure everything was equal. so we use the spec text to break ties + for i := 0; i < len(aNodes); i++ { + if aNodes[i].Text != bNodes[i].Text { + return aNodes[i].Text < bNodes[i].Text + } + } + // ok, all those texts were equal. we'll use the ID of the most deeply nested node as a last resort + return aNodes[len(aNodes)-1].ID < bNodes[len(bNodes)-1].ID +} + type GroupedSpecIndices []SpecIndices type SpecIndices []int @@ -28,12 +87,17 @@ func OrderSpecs(specs Specs, suiteConfig types.SuiteConfig) (GroupedSpecIndices, // Seed a new random source based on thee configured random seed. r := rand.New(rand.NewSource(suiteConfig.RandomSeed)) - // first break things into execution groups + // first, we sort the entire suite to ensure a deterministic order. the sort is performed by filename, then line number, and then spec text. this ensures every parallel process has the exact same spec order and is only necessary to cover the edge case where the user iterates over a map to generate specs. + sortableSpecs := NewSortableSpecs(specs) + sort.Sort(sortableSpecs) + + // then we break things into execution groups // a group represents a single unit of execution and is a collection of SpecIndices // usually a group is just a single spec, however ordered containers must be preserved as a single group executionGroupIDs := []uint{} executionGroups := map[uint]SpecIndices{} - for idx, spec := range specs { + for _, idx := range sortableSpecs.Indexes { + spec := specs[idx] groupNode := spec.Nodes.FirstNodeMarkedOrdered() if groupNode.IsZero() { groupNode = spec.Nodes.FirstNodeWithType(types.NodeTypeIt) @@ -48,7 +112,6 @@ func OrderSpecs(specs Specs, suiteConfig types.SuiteConfig) (GroupedSpecIndices, // we shuffle outermost containers. so we need to form shufflable groupings of GroupIDs shufflableGroupingIDs := []uint{} shufflableGroupingIDToGroupIDs := map[uint][]uint{} - shufflableGroupingsIDToSortKeys := map[uint]string{} // for each execution group we're going to have to pick a node to represent how the // execution group is grouped for shuffling: @@ -57,7 +120,7 @@ func OrderSpecs(specs Specs, suiteConfig types.SuiteConfig) (GroupedSpecIndices, nodeTypesToShuffle = types.NodeTypeIt } - //so, fo reach execution group: + //so, for each execution group: for _, groupID := range executionGroupIDs { // pick out a representative spec representativeSpec := specs[executionGroups[groupID][0]] @@ -72,22 +135,9 @@ func OrderSpecs(specs Specs, suiteConfig types.SuiteConfig) (GroupedSpecIndices, if len(shufflableGroupingIDToGroupIDs[shufflableGroupingNode.ID]) == 1 { // record the shuffleable group ID shufflableGroupingIDs = append(shufflableGroupingIDs, shufflableGroupingNode.ID) - // and record the sort key to use - shufflableGroupingsIDToSortKeys[shufflableGroupingNode.ID] = shufflableGroupingNode.CodeLocation.String() } } - // now we sort the shufflable groups by the sort key. We use the shufflable group nodes code location and break ties using its node id - sort.SliceStable(shufflableGroupingIDs, func(i, j int) bool { - keyA := shufflableGroupingsIDToSortKeys[shufflableGroupingIDs[i]] - keyB := shufflableGroupingsIDToSortKeys[shufflableGroupingIDs[j]] - if keyA == keyB { - return shufflableGroupingIDs[i] < shufflableGroupingIDs[j] - } else { - return keyA < keyB - } - }) - // now we permute the sorted shufflable grouping IDs and build the ordered Groups orderedGroups := GroupedSpecIndices{} permutation := r.Perm(len(shufflableGroupingIDs)) diff --git a/vendor/github.com/onsi/ginkgo/v2/internal/output_interceptor_unix.go b/vendor/github.com/onsi/ginkgo/v2/internal/output_interceptor_unix.go index f5ae15b8b..8a237f446 100644 --- a/vendor/github.com/onsi/ginkgo/v2/internal/output_interceptor_unix.go +++ b/vendor/github.com/onsi/ginkgo/v2/internal/output_interceptor_unix.go @@ -26,6 +26,17 @@ func (impl *dupSyscallOutputInterceptorImpl) CreateStdoutStderrClones() (*os.Fil stdoutCloneFD, _ := unix.Dup(1) stderrCloneFD, _ := unix.Dup(2) + // Important, set the fds to FD_CLOEXEC to prevent them leaking into childs + // https://github.com/onsi/ginkgo/issues/1191 + flags, err := unix.FcntlInt(uintptr(stdoutCloneFD), unix.F_GETFD, 0) + if err == nil { + unix.FcntlInt(uintptr(stdoutCloneFD), unix.F_SETFD, flags|unix.FD_CLOEXEC) + } + flags, err = unix.FcntlInt(uintptr(stderrCloneFD), unix.F_GETFD, 0) + if err == nil { + unix.FcntlInt(uintptr(stderrCloneFD), unix.F_SETFD, flags|unix.FD_CLOEXEC) + } + // And then wrap the clone file descriptors in files. // One benefit of this (that we don't use yet) is that we can actually write // to these files to emit output to the console even though we're intercepting output diff --git a/vendor/github.com/onsi/ginkgo/v2/internal/parallel_support/client_server.go b/vendor/github.com/onsi/ginkgo/v2/internal/parallel_support/client_server.go index b417bf5b3..b3cd64292 100644 --- a/vendor/github.com/onsi/ginkgo/v2/internal/parallel_support/client_server.go +++ b/vendor/github.com/onsi/ginkgo/v2/internal/parallel_support/client_server.go @@ -42,6 +42,8 @@ type Client interface { PostSuiteWillBegin(report types.Report) error PostDidRun(report types.SpecReport) error PostSuiteDidEnd(report types.Report) error + PostReportBeforeSuiteCompleted(state types.SpecState) error + BlockUntilReportBeforeSuiteCompleted() (types.SpecState, error) PostSynchronizedBeforeSuiteCompleted(state types.SpecState, data []byte) error BlockUntilSynchronizedBeforeSuiteData() (types.SpecState, []byte, error) BlockUntilNonprimaryProcsHaveFinished() error diff --git a/vendor/github.com/onsi/ginkgo/v2/internal/parallel_support/http_client.go b/vendor/github.com/onsi/ginkgo/v2/internal/parallel_support/http_client.go index ad9932f2a..6547c7a66 100644 --- a/vendor/github.com/onsi/ginkgo/v2/internal/parallel_support/http_client.go +++ b/vendor/github.com/onsi/ginkgo/v2/internal/parallel_support/http_client.go @@ -98,6 +98,19 @@ func (client *httpClient) PostEmitProgressReport(report types.ProgressReport) er return client.post("/progress-report", report) } +func (client *httpClient) PostReportBeforeSuiteCompleted(state types.SpecState) error { + return client.post("/report-before-suite-completed", state) +} + +func (client *httpClient) BlockUntilReportBeforeSuiteCompleted() (types.SpecState, error) { + var state types.SpecState + err := client.poll("/report-before-suite-state", &state) + if err == ErrorGone { + return types.SpecStateFailed, nil + } + return state, err +} + func (client *httpClient) PostSynchronizedBeforeSuiteCompleted(state types.SpecState, data []byte) error { beforeSuiteState := BeforeSuiteState{ State: state, diff --git a/vendor/github.com/onsi/ginkgo/v2/internal/parallel_support/http_server.go b/vendor/github.com/onsi/ginkgo/v2/internal/parallel_support/http_server.go index fa3ac682a..d2c71ab1b 100644 --- a/vendor/github.com/onsi/ginkgo/v2/internal/parallel_support/http_server.go +++ b/vendor/github.com/onsi/ginkgo/v2/internal/parallel_support/http_server.go @@ -26,7 +26,7 @@ type httpServer struct { handler *ServerHandler } -//Create a new server, automatically selecting a port +// Create a new server, automatically selecting a port func newHttpServer(parallelTotal int, reporter reporters.Reporter) (*httpServer, error) { listener, err := net.Listen("tcp", "127.0.0.1:0") if err != nil { @@ -38,7 +38,7 @@ func newHttpServer(parallelTotal int, reporter reporters.Reporter) (*httpServer, }, nil } -//Start the server. You don't need to `go s.Start()`, just `s.Start()` +// Start the server. You don't need to `go s.Start()`, just `s.Start()` func (server *httpServer) Start() { httpServer := &http.Server{} mux := http.NewServeMux() @@ -52,6 +52,8 @@ func (server *httpServer) Start() { mux.HandleFunc("/progress-report", server.emitProgressReport) //synchronization endpoints + mux.HandleFunc("/report-before-suite-completed", server.handleReportBeforeSuiteCompleted) + mux.HandleFunc("/report-before-suite-state", server.handleReportBeforeSuiteState) mux.HandleFunc("/before-suite-completed", server.handleBeforeSuiteCompleted) mux.HandleFunc("/before-suite-state", server.handleBeforeSuiteState) mux.HandleFunc("/have-nonprimary-procs-finished", server.handleHaveNonprimaryProcsFinished) @@ -63,12 +65,12 @@ func (server *httpServer) Start() { go httpServer.Serve(server.listener) } -//Stop the server +// Stop the server func (server *httpServer) Close() { server.listener.Close() } -//The address the server can be reached it. Pass this into the `ForwardingReporter`. +// The address the server can be reached it. Pass this into the `ForwardingReporter`. func (server *httpServer) Address() string { return "http://" + server.listener.Addr().String() } @@ -93,7 +95,7 @@ func (server *httpServer) RegisterAlive(node int, alive func() bool) { // Streaming Endpoints // -//The server will forward all received messages to Ginkgo reporters registered with `RegisterReporters` +// The server will forward all received messages to Ginkgo reporters registered with `RegisterReporters` func (server *httpServer) decode(writer http.ResponseWriter, request *http.Request, object interface{}) bool { defer request.Body.Close() if json.NewDecoder(request.Body).Decode(object) != nil { @@ -164,6 +166,23 @@ func (server *httpServer) emitProgressReport(writer http.ResponseWriter, request server.handleError(server.handler.EmitProgressReport(report, voidReceiver), writer) } +func (server *httpServer) handleReportBeforeSuiteCompleted(writer http.ResponseWriter, request *http.Request) { + var state types.SpecState + if !server.decode(writer, request, &state) { + return + } + + server.handleError(server.handler.ReportBeforeSuiteCompleted(state, voidReceiver), writer) +} + +func (server *httpServer) handleReportBeforeSuiteState(writer http.ResponseWriter, request *http.Request) { + var state types.SpecState + if server.handleError(server.handler.ReportBeforeSuiteState(voidSender, &state), writer) { + return + } + json.NewEncoder(writer).Encode(state) +} + func (server *httpServer) handleBeforeSuiteCompleted(writer http.ResponseWriter, request *http.Request) { var beforeSuiteState BeforeSuiteState if !server.decode(writer, request, &beforeSuiteState) { diff --git a/vendor/github.com/onsi/ginkgo/v2/internal/parallel_support/rpc_client.go b/vendor/github.com/onsi/ginkgo/v2/internal/parallel_support/rpc_client.go index fe93cc2b9..59e8e6fd0 100644 --- a/vendor/github.com/onsi/ginkgo/v2/internal/parallel_support/rpc_client.go +++ b/vendor/github.com/onsi/ginkgo/v2/internal/parallel_support/rpc_client.go @@ -76,6 +76,19 @@ func (client *rpcClient) PostEmitProgressReport(report types.ProgressReport) err return client.client.Call("Server.EmitProgressReport", report, voidReceiver) } +func (client *rpcClient) PostReportBeforeSuiteCompleted(state types.SpecState) error { + return client.client.Call("Server.ReportBeforeSuiteCompleted", state, voidReceiver) +} + +func (client *rpcClient) BlockUntilReportBeforeSuiteCompleted() (types.SpecState, error) { + var state types.SpecState + err := client.poll("Server.ReportBeforeSuiteState", &state) + if err == ErrorGone { + return types.SpecStateFailed, nil + } + return state, err +} + func (client *rpcClient) PostSynchronizedBeforeSuiteCompleted(state types.SpecState, data []byte) error { beforeSuiteState := BeforeSuiteState{ State: state, diff --git a/vendor/github.com/onsi/ginkgo/v2/internal/parallel_support/server_handler.go b/vendor/github.com/onsi/ginkgo/v2/internal/parallel_support/server_handler.go index 7c6e67b96..a6d98793e 100644 --- a/vendor/github.com/onsi/ginkgo/v2/internal/parallel_support/server_handler.go +++ b/vendor/github.com/onsi/ginkgo/v2/internal/parallel_support/server_handler.go @@ -18,16 +18,17 @@ var voidSender Void // It handles all the business logic to avoid duplication between the two servers type ServerHandler struct { - done chan interface{} - outputDestination io.Writer - reporter reporters.Reporter - alives []func() bool - lock *sync.Mutex - beforeSuiteState BeforeSuiteState - parallelTotal int - counter int - counterLock *sync.Mutex - shouldAbort bool + done chan interface{} + outputDestination io.Writer + reporter reporters.Reporter + alives []func() bool + lock *sync.Mutex + beforeSuiteState BeforeSuiteState + reportBeforeSuiteState types.SpecState + parallelTotal int + counter int + counterLock *sync.Mutex + shouldAbort bool numSuiteDidBegins int numSuiteDidEnds int @@ -37,11 +38,12 @@ type ServerHandler struct { func newServerHandler(parallelTotal int, reporter reporters.Reporter) *ServerHandler { return &ServerHandler{ - reporter: reporter, - lock: &sync.Mutex{}, - counterLock: &sync.Mutex{}, - alives: make([]func() bool, parallelTotal), - beforeSuiteState: BeforeSuiteState{Data: nil, State: types.SpecStateInvalid}, + reporter: reporter, + lock: &sync.Mutex{}, + counterLock: &sync.Mutex{}, + alives: make([]func() bool, parallelTotal), + beforeSuiteState: BeforeSuiteState{Data: nil, State: types.SpecStateInvalid}, + parallelTotal: parallelTotal, outputDestination: os.Stdout, done: make(chan interface{}), @@ -140,6 +142,29 @@ func (handler *ServerHandler) haveNonprimaryProcsFinished() bool { return true } +func (handler *ServerHandler) ReportBeforeSuiteCompleted(reportBeforeSuiteState types.SpecState, _ *Void) error { + handler.lock.Lock() + defer handler.lock.Unlock() + handler.reportBeforeSuiteState = reportBeforeSuiteState + + return nil +} + +func (handler *ServerHandler) ReportBeforeSuiteState(_ Void, reportBeforeSuiteState *types.SpecState) error { + proc1IsAlive := handler.procIsAlive(1) + handler.lock.Lock() + defer handler.lock.Unlock() + if handler.reportBeforeSuiteState == types.SpecStateInvalid { + if proc1IsAlive { + return ErrorEarly + } else { + return ErrorGone + } + } + *reportBeforeSuiteState = handler.reportBeforeSuiteState + return nil +} + func (handler *ServerHandler) BeforeSuiteCompleted(beforeSuiteState BeforeSuiteState, _ *Void) error { handler.lock.Lock() defer handler.lock.Unlock() diff --git a/vendor/github.com/onsi/ginkgo/v2/internal/progress_report.go b/vendor/github.com/onsi/ginkgo/v2/internal/progress_report.go index 345db544b..11269cf1f 100644 --- a/vendor/github.com/onsi/ginkgo/v2/internal/progress_report.go +++ b/vendor/github.com/onsi/ginkgo/v2/internal/progress_report.go @@ -48,13 +48,10 @@ type ProgressStepCursor struct { StartTime time.Time } -func NewProgressReport(isRunningInParallel bool, report types.SpecReport, currentNode Node, currentNodeStartTime time.Time, currentStep ProgressStepCursor, gwOutput string, additionalReports []string, sourceRoots []string, includeAll bool) (types.ProgressReport, error) { +func NewProgressReport(isRunningInParallel bool, report types.SpecReport, currentNode Node, currentNodeStartTime time.Time, currentStep types.SpecEvent, gwOutput string, timelineLocation types.TimelineLocation, additionalReports []string, sourceRoots []string, includeAll bool) (types.ProgressReport, error) { pr := types.ProgressReport{ - ParallelProcess: report.ParallelProcess, - RunningInParallel: isRunningInParallel, - - Time: time.Now(), - + ParallelProcess: report.ParallelProcess, + RunningInParallel: isRunningInParallel, ContainerHierarchyTexts: report.ContainerHierarchyTexts, LeafNodeText: report.LeafNodeText, LeafNodeLocation: report.LeafNodeLocation, @@ -65,14 +62,14 @@ func NewProgressReport(isRunningInParallel bool, report types.SpecReport, curren CurrentNodeLocation: currentNode.CodeLocation, CurrentNodeStartTime: currentNodeStartTime, - CurrentStepText: currentStep.Text, + CurrentStepText: currentStep.Message, CurrentStepLocation: currentStep.CodeLocation, - CurrentStepStartTime: currentStep.StartTime, + CurrentStepStartTime: currentStep.TimelineLocation.Time, AdditionalReports: additionalReports, CapturedGinkgoWriterOutput: gwOutput, - GinkgoWriterOffset: len(gwOutput), + TimelineLocation: timelineLocation, } goroutines, err := extractRunningGoroutines() @@ -186,7 +183,6 @@ func extractRunningGoroutines() ([]types.Goroutine, error) { break } } - r := bufio.NewReader(bytes.NewReader(stack)) out := []types.Goroutine{} idx := -1 @@ -234,12 +230,12 @@ func extractRunningGoroutines() ([]types.Goroutine, error) { return nil, types.GinkgoErrors.FailedToParseStackTrace(fmt.Sprintf("Invalid function call: %s -- missing file name and line number", functionCall.Function)) } line = strings.TrimLeft(line, " \t") - fields := strings.SplitN(line, ":", 2) - if len(fields) != 2 { - return nil, types.GinkgoErrors.FailedToParseStackTrace(fmt.Sprintf("Invalid filename nad line number: %s", line)) + delimiterIdx := strings.LastIndex(line, ":") + if delimiterIdx == -1 { + return nil, types.GinkgoErrors.FailedToParseStackTrace(fmt.Sprintf("Invalid filename and line number: %s", line)) } - functionCall.Filename = fields[0] - line = strings.Split(fields[1], " ")[0] + functionCall.Filename = line[:delimiterIdx] + line = strings.Split(line[delimiterIdx+1:], " ")[0] lineNumber, err := strconv.ParseInt(line, 10, 64) functionCall.Line = int(lineNumber) if err != nil { diff --git a/vendor/github.com/onsi/ginkgo/v2/internal/progress_reporter_manager.go b/vendor/github.com/onsi/ginkgo/v2/internal/progress_reporter_manager.go new file mode 100644 index 000000000..2c6e260f7 --- /dev/null +++ b/vendor/github.com/onsi/ginkgo/v2/internal/progress_reporter_manager.go @@ -0,0 +1,79 @@ +package internal + +import ( + "context" + "sort" + "strings" + "sync" + + "github.com/onsi/ginkgo/v2/types" +) + +type ProgressReporterManager struct { + lock *sync.Mutex + progressReporters map[int]func() string + prCounter int +} + +func NewProgressReporterManager() *ProgressReporterManager { + return &ProgressReporterManager{ + progressReporters: map[int]func() string{}, + lock: &sync.Mutex{}, + } +} + +func (prm *ProgressReporterManager) AttachProgressReporter(reporter func() string) func() { + prm.lock.Lock() + defer prm.lock.Unlock() + prm.prCounter += 1 + prCounter := prm.prCounter + prm.progressReporters[prCounter] = reporter + + return func() { + prm.lock.Lock() + defer prm.lock.Unlock() + delete(prm.progressReporters, prCounter) + } +} + +func (prm *ProgressReporterManager) QueryProgressReporters(ctx context.Context, failer *Failer) []string { + prm.lock.Lock() + keys := []int{} + for key := range prm.progressReporters { + keys = append(keys, key) + } + sort.Ints(keys) + reporters := []func() string{} + for _, key := range keys { + reporters = append(reporters, prm.progressReporters[key]) + } + prm.lock.Unlock() + + if len(reporters) == 0 { + return nil + } + out := []string{} + for _, reporter := range reporters { + reportC := make(chan string, 1) + go func() { + defer func() { + e := recover() + if e != nil { + failer.Panic(types.NewCodeLocationWithStackTrace(1), e) + reportC <- "failed to query attached progress reporter" + } + }() + reportC <- reporter() + }() + var report string + select { + case report = <-reportC: + case <-ctx.Done(): + return out + } + if strings.TrimSpace(report) != "" { + out = append(out, report) + } + } + return out +} diff --git a/vendor/github.com/onsi/ginkgo/v2/internal/report_entry.go b/vendor/github.com/onsi/ginkgo/v2/internal/report_entry.go index 74199f395..cc351a39b 100644 --- a/vendor/github.com/onsi/ginkgo/v2/internal/report_entry.go +++ b/vendor/github.com/onsi/ginkgo/v2/internal/report_entry.go @@ -1,7 +1,6 @@ package internal import ( - "reflect" "time" "github.com/onsi/ginkgo/v2/types" @@ -13,20 +12,20 @@ func NewReportEntry(name string, cl types.CodeLocation, args ...interface{}) (Re out := ReportEntry{ Visibility: types.ReportEntryVisibilityAlways, Name: name, - Time: time.Now(), Location: cl, + Time: time.Now(), } var didSetValue = false for _, arg := range args { - switch reflect.TypeOf(arg) { - case reflect.TypeOf(types.ReportEntryVisibilityAlways): - out.Visibility = arg.(types.ReportEntryVisibility) - case reflect.TypeOf(types.CodeLocation{}): - out.Location = arg.(types.CodeLocation) - case reflect.TypeOf(Offset(0)): - out.Location = types.NewCodeLocation(2 + int(arg.(Offset))) - case reflect.TypeOf(out.Time): - out.Time = arg.(time.Time) + switch x := arg.(type) { + case types.ReportEntryVisibility: + out.Visibility = x + case types.CodeLocation: + out.Location = x + case Offset: + out.Location = types.NewCodeLocation(2 + int(x)) + case time.Time: + out.Time = x default: if didSetValue { return ReportEntry{}, types.GinkgoErrors.TooManyReportEntryValues(out.Location, arg) diff --git a/vendor/github.com/onsi/ginkgo/v2/internal/spec.go b/vendor/github.com/onsi/ginkgo/v2/internal/spec.go index 99533447f..7c4ee5bb7 100644 --- a/vendor/github.com/onsi/ginkgo/v2/internal/spec.go +++ b/vendor/github.com/onsi/ginkgo/v2/internal/spec.go @@ -41,6 +41,17 @@ func (s Spec) FlakeAttempts() int { return flakeAttempts } +func (s Spec) MustPassRepeatedly() int { + mustPassRepeatedly := 0 + for i := range s.Nodes { + if s.Nodes[i].MustPassRepeatedly > 0 { + mustPassRepeatedly = s.Nodes[i].MustPassRepeatedly + } + } + + return mustPassRepeatedly +} + func (s Spec) SpecTimeout() time.Duration { return s.FirstNodeWithType(types.NodeTypeIt).SpecTimeout } diff --git a/vendor/github.com/onsi/ginkgo/v2/internal/spec_context.go b/vendor/github.com/onsi/ginkgo/v2/internal/spec_context.go index 8f569dd35..2515b84a1 100644 --- a/vendor/github.com/onsi/ginkgo/v2/internal/spec_context.go +++ b/vendor/github.com/onsi/ginkgo/v2/internal/spec_context.go @@ -2,8 +2,6 @@ package internal import ( "context" - "sort" - "sync" "github.com/onsi/ginkgo/v2/types" ) @@ -17,11 +15,9 @@ type SpecContext interface { type specContext struct { context.Context + *ProgressReporterManager - cancel context.CancelFunc - lock *sync.Mutex - progressReporters map[int]func() string - prCounter int + cancel context.CancelFunc suite *Suite } @@ -36,11 +32,9 @@ This is because Ginkgo needs finer control over when the context is canceled. S func NewSpecContext(suite *Suite) *specContext { ctx, cancel := context.WithCancel(context.Background()) sc := &specContext{ - cancel: cancel, - suite: suite, - lock: &sync.Mutex{}, - prCounter: 0, - progressReporters: map[int]func() string{}, + cancel: cancel, + suite: suite, + ProgressReporterManager: NewProgressReporterManager(), } ctx = context.WithValue(ctx, "GINKGO_SPEC_CONTEXT", sc) //yes, yes, the go docs say don't use a string for a key... but we'd rather avoid a circular dependency between Gomega and Ginkgo sc.Context = ctx //thank goodness for garbage collectors that can handle circular dependencies @@ -51,40 +45,3 @@ func NewSpecContext(suite *Suite) *specContext { func (sc *specContext) SpecReport() types.SpecReport { return sc.suite.CurrentSpecReport() } - -func (sc *specContext) AttachProgressReporter(reporter func() string) func() { - sc.lock.Lock() - defer sc.lock.Unlock() - sc.prCounter += 1 - prCounter := sc.prCounter - sc.progressReporters[prCounter] = reporter - - return func() { - sc.lock.Lock() - defer sc.lock.Unlock() - delete(sc.progressReporters, prCounter) - } -} - -func (sc *specContext) QueryProgressReporters() []string { - sc.lock.Lock() - keys := []int{} - for key := range sc.progressReporters { - keys = append(keys, key) - } - sort.Ints(keys) - reporters := []func() string{} - for _, key := range keys { - reporters = append(reporters, sc.progressReporters[key]) - } - sc.lock.Unlock() - - if len(reporters) == 0 { - return nil - } - out := []string{} - for _, reporter := range reporters { - out = append(out, reporter()) - } - return out -} diff --git a/vendor/github.com/onsi/ginkgo/v2/internal/suite.go b/vendor/github.com/onsi/ginkgo/v2/internal/suite.go index 432bd217b..ea0d259d9 100644 --- a/vendor/github.com/onsi/ginkgo/v2/internal/suite.go +++ b/vendor/github.com/onsi/ginkgo/v2/internal/suite.go @@ -9,6 +9,7 @@ import ( "github.com/onsi/ginkgo/v2/internal/parallel_support" "github.com/onsi/ginkgo/v2/reporters" "github.com/onsi/ginkgo/v2/types" + "golang.org/x/net/context" ) type Phase uint @@ -19,10 +20,14 @@ const ( PhaseRun ) +var PROGRESS_REPORTER_DEADLING = 5 * time.Second + type Suite struct { tree *TreeNode topLevelContainers Nodes + *ProgressReporterManager + phase Phase suiteNodes Nodes @@ -44,7 +49,8 @@ type Suite struct { currentSpecContext *specContext - progressStepCursor ProgressStepCursor + currentByStep types.SpecEvent + timelineOrder int /* We don't need to lock around all operations. Just those that *could* happen concurrently. @@ -63,8 +69,9 @@ type Suite struct { func NewSuite() *Suite { return &Suite{ - tree: &TreeNode{}, - phase: PhaseBuildTopLevel, + tree: &TreeNode{}, + phase: PhaseBuildTopLevel, + ProgressReporterManager: NewProgressReporterManager(), selectiveLock: &sync.Mutex{}, } @@ -128,7 +135,7 @@ func (suite *Suite) PushNode(node Node) error { return suite.pushCleanupNode(node) } - if node.NodeType.Is(types.NodeTypeBeforeSuite | types.NodeTypeAfterSuite | types.NodeTypeSynchronizedBeforeSuite | types.NodeTypeSynchronizedAfterSuite | types.NodeTypeReportAfterSuite) { + if node.NodeType.Is(types.NodeTypeBeforeSuite | types.NodeTypeAfterSuite | types.NodeTypeSynchronizedBeforeSuite | types.NodeTypeSynchronizedAfterSuite | types.NodeTypeBeforeSuite | types.NodeTypeReportBeforeSuite | types.NodeTypeReportAfterSuite) { return suite.pushSuiteNode(node) } @@ -150,6 +157,13 @@ func (suite *Suite) PushNode(node Node) error { } } + if node.MarkedContinueOnFailure { + firstOrderedNode := suite.tree.AncestorNodeChain().FirstNodeMarkedOrdered() + if !firstOrderedNode.IsZero() { + return types.GinkgoErrors.InvalidContinueOnFailureDecoration(node.CodeLocation) + } + } + if node.NodeType == types.NodeTypeContainer { // During PhaseBuildTopLevel we only track the top level containers without entering them // We only enter the top level container nodes during PhaseBuildTree @@ -221,7 +235,7 @@ func (suite *Suite) pushCleanupNode(node Node) error { node.NodeType = types.NodeTypeCleanupAfterSuite case types.NodeTypeBeforeAll, types.NodeTypeAfterAll: node.NodeType = types.NodeTypeCleanupAfterAll - case types.NodeTypeReportBeforeEach, types.NodeTypeReportAfterEach, types.NodeTypeReportAfterSuite: + case types.NodeTypeReportBeforeEach, types.NodeTypeReportAfterEach, types.NodeTypeReportBeforeSuite, types.NodeTypeReportAfterSuite: return types.GinkgoErrors.PushingCleanupInReportingNode(node.CodeLocation, suite.currentNode.NodeType) case types.NodeTypeCleanupInvalid, types.NodeTypeCleanupAfterEach, types.NodeTypeCleanupAfterAll, types.NodeTypeCleanupAfterSuite: return types.GinkgoErrors.PushingCleanupInCleanupNode(node.CodeLocation) @@ -231,24 +245,76 @@ func (suite *Suite) pushCleanupNode(node Node) error { node.NodeIDWhereCleanupWasGenerated = suite.currentNode.ID node.NestingLevel = suite.currentNode.NestingLevel + suite.selectiveLock.Lock() suite.cleanupNodes = append(suite.cleanupNodes, node) + suite.selectiveLock.Unlock() return nil } -/* - Pushing and popping the Step Cursor stack -*/ - -func (suite *Suite) SetProgressStepCursor(cursor ProgressStepCursor) { +func (suite *Suite) generateTimelineLocation() types.TimelineLocation { suite.selectiveLock.Lock() defer suite.selectiveLock.Unlock() - suite.progressStepCursor = cursor + suite.timelineOrder += 1 + return types.TimelineLocation{ + Offset: len(suite.currentSpecReport.CapturedGinkgoWriterOutput) + suite.writer.Len(), + Order: suite.timelineOrder, + Time: time.Now(), + } +} + +func (suite *Suite) handleSpecEvent(event types.SpecEvent) types.SpecEvent { + event.TimelineLocation = suite.generateTimelineLocation() + suite.selectiveLock.Lock() + suite.currentSpecReport.SpecEvents = append(suite.currentSpecReport.SpecEvents, event) + suite.selectiveLock.Unlock() + suite.reporter.EmitSpecEvent(event) + return event +} + +func (suite *Suite) handleSpecEventEnd(eventType types.SpecEventType, startEvent types.SpecEvent) { + event := startEvent + event.SpecEventType = eventType + event.TimelineLocation = suite.generateTimelineLocation() + event.Duration = event.TimelineLocation.Time.Sub(startEvent.TimelineLocation.Time) + suite.selectiveLock.Lock() + suite.currentSpecReport.SpecEvents = append(suite.currentSpecReport.SpecEvents, event) + suite.selectiveLock.Unlock() + suite.reporter.EmitSpecEvent(event) +} + +func (suite *Suite) By(text string, callback ...func()) error { + cl := types.NewCodeLocation(2) + if suite.phase != PhaseRun { + return types.GinkgoErrors.ByNotDuringRunPhase(cl) + } + + event := suite.handleSpecEvent(types.SpecEvent{ + SpecEventType: types.SpecEventByStart, + CodeLocation: cl, + Message: text, + }) + suite.selectiveLock.Lock() + suite.currentByStep = event + suite.selectiveLock.Unlock() + + if len(callback) == 1 { + defer func() { + suite.selectiveLock.Lock() + suite.currentByStep = types.SpecEvent{} + suite.selectiveLock.Unlock() + suite.handleSpecEventEnd(types.SpecEventByEnd, event) + }() + callback[0]() + } else if len(callback) > 1 { + panic("just one callback per By, please") + } + return nil } /* - Spec Running methods - used during PhaseRun +Spec Running methods - used during PhaseRun */ func (suite *Suite) CurrentSpecReport() types.SpecReport { suite.selectiveLock.Lock() @@ -263,27 +329,32 @@ func (suite *Suite) CurrentSpecReport() types.SpecReport { } func (suite *Suite) AddReportEntry(entry ReportEntry) error { - suite.selectiveLock.Lock() - defer suite.selectiveLock.Unlock() if suite.phase != PhaseRun { return types.GinkgoErrors.AddReportEntryNotDuringRunPhase(entry.Location) } + entry.TimelineLocation = suite.generateTimelineLocation() + entry.Time = entry.TimelineLocation.Time + suite.selectiveLock.Lock() suite.currentSpecReport.ReportEntries = append(suite.currentSpecReport.ReportEntries, entry) + suite.selectiveLock.Unlock() + suite.reporter.EmitReportEntry(entry) return nil } func (suite *Suite) generateProgressReport(fullReport bool) types.ProgressReport { + timelineLocation := suite.generateTimelineLocation() suite.selectiveLock.Lock() defer suite.selectiveLock.Unlock() + deadline, cancel := context.WithTimeout(context.Background(), PROGRESS_REPORTER_DEADLING) + defer cancel() var additionalReports []string if suite.currentSpecContext != nil { - additionalReports = suite.currentSpecContext.QueryProgressReporters() + additionalReports = append(additionalReports, suite.currentSpecContext.QueryProgressReporters(deadline, suite.failer)...) } - stepCursor := suite.progressStepCursor - + additionalReports = append(additionalReports, suite.QueryProgressReporters(deadline, suite.failer)...) gwOutput := suite.currentSpecReport.CapturedGinkgoWriterOutput + string(suite.writer.Bytes()) - pr, err := NewProgressReport(suite.isRunningInParallel(), suite.currentSpecReport, suite.currentNode, suite.currentNodeStartTime, stepCursor, gwOutput, additionalReports, suite.config.SourceRoots, fullReport) + pr, err := NewProgressReport(suite.isRunningInParallel(), suite.currentSpecReport, suite.currentNode, suite.currentNodeStartTime, suite.currentByStep, gwOutput, timelineLocation, additionalReports, suite.config.SourceRoots, fullReport) if err != nil { fmt.Printf("{{red}}Failed to generate progress report:{{/}}\n%s\n", err.Error()) @@ -355,7 +426,13 @@ func (suite *Suite) runSpecs(description string, suiteLabels Labels, suitePath s } suite.report.SuiteSucceeded = true - suite.runBeforeSuite(numSpecsThatWillBeRun) + + suite.runReportSuiteNodesIfNeedBe(types.NodeTypeReportBeforeSuite) + + ranBeforeSuite := suite.report.SuiteSucceeded + if suite.report.SuiteSucceeded { + suite.runBeforeSuite(numSpecsThatWillBeRun) + } if suite.report.SuiteSucceeded { groupedSpecIndices, serialGroupedSpecIndices := OrderSpecs(specs, suite.config) @@ -394,7 +471,9 @@ func (suite *Suite) runSpecs(description string, suiteLabels Labels, suitePath s } } - suite.runAfterSuiteCleanup(numSpecsThatWillBeRun) + if ranBeforeSuite { + suite.runAfterSuiteCleanup(numSpecsThatWillBeRun) + } interruptStatus := suite.interruptHandler.Status() if interruptStatus.Interrupted() { @@ -408,9 +487,7 @@ func (suite *Suite) runSpecs(description string, suiteLabels Labels, suitePath s suite.report.SuiteSucceeded = false } - if suite.config.ParallelProcess == 1 { - suite.runReportAfterSuite() - } + suite.runReportSuiteNodesIfNeedBe(types.NodeTypeReportAfterSuite) suite.reporter.SuiteDidEnd(suite.report) if suite.isRunningInParallel() { suite.client.PostSuiteDidEnd(suite.report) @@ -424,9 +501,10 @@ func (suite *Suite) runBeforeSuite(numSpecsThatWillBeRun int) { if !beforeSuiteNode.IsZero() && numSpecsThatWillBeRun > 0 { suite.selectiveLock.Lock() suite.currentSpecReport = types.SpecReport{ - LeafNodeType: beforeSuiteNode.NodeType, - LeafNodeLocation: beforeSuiteNode.CodeLocation, - ParallelProcess: suite.config.ParallelProcess, + LeafNodeType: beforeSuiteNode.NodeType, + LeafNodeLocation: beforeSuiteNode.CodeLocation, + ParallelProcess: suite.config.ParallelProcess, + RunningInParallel: suite.isRunningInParallel(), } suite.selectiveLock.Unlock() @@ -445,9 +523,10 @@ func (suite *Suite) runAfterSuiteCleanup(numSpecsThatWillBeRun int) { if !afterSuiteNode.IsZero() && numSpecsThatWillBeRun > 0 { suite.selectiveLock.Lock() suite.currentSpecReport = types.SpecReport{ - LeafNodeType: afterSuiteNode.NodeType, - LeafNodeLocation: afterSuiteNode.CodeLocation, - ParallelProcess: suite.config.ParallelProcess, + LeafNodeType: afterSuiteNode.NodeType, + LeafNodeLocation: afterSuiteNode.CodeLocation, + ParallelProcess: suite.config.ParallelProcess, + RunningInParallel: suite.isRunningInParallel(), } suite.selectiveLock.Unlock() @@ -461,9 +540,10 @@ func (suite *Suite) runAfterSuiteCleanup(numSpecsThatWillBeRun int) { for _, cleanupNode := range afterSuiteCleanup { suite.selectiveLock.Lock() suite.currentSpecReport = types.SpecReport{ - LeafNodeType: cleanupNode.NodeType, - LeafNodeLocation: cleanupNode.CodeLocation, - ParallelProcess: suite.config.ParallelProcess, + LeafNodeType: cleanupNode.NodeType, + LeafNodeLocation: cleanupNode.CodeLocation, + ParallelProcess: suite.config.ParallelProcess, + RunningInParallel: suite.isRunningInParallel(), } suite.selectiveLock.Unlock() @@ -474,23 +554,6 @@ func (suite *Suite) runAfterSuiteCleanup(numSpecsThatWillBeRun int) { } } -func (suite *Suite) runReportAfterSuite() { - for _, node := range suite.suiteNodes.WithType(types.NodeTypeReportAfterSuite) { - suite.selectiveLock.Lock() - suite.currentSpecReport = types.SpecReport{ - LeafNodeType: node.NodeType, - LeafNodeLocation: node.CodeLocation, - LeafNodeText: node.Text, - ParallelProcess: suite.config.ParallelProcess, - } - suite.selectiveLock.Unlock() - - suite.reporter.WillRun(suite.currentSpecReport) - suite.runReportAfterSuiteNode(node, suite.report) - suite.processCurrentSpecReport() - } -} - func (suite *Suite) reportEach(spec Spec, nodeType types.NodeType) { nodes := spec.Nodes.WithType(nodeType) if nodeType == types.NodeTypeReportAfterEach { @@ -608,39 +671,80 @@ func (suite *Suite) runSuiteNode(node Node) { if err != nil && !suite.currentSpecReport.State.Is(types.SpecStateFailureStates) { suite.currentSpecReport.State, suite.currentSpecReport.Failure = types.SpecStateFailed, suite.failureForLeafNodeWithMessage(node, err.Error()) + suite.reporter.EmitFailure(suite.currentSpecReport.State, suite.currentSpecReport.Failure) } suite.currentSpecReport.EndTime = time.Now() suite.currentSpecReport.RunTime = suite.currentSpecReport.EndTime.Sub(suite.currentSpecReport.StartTime) suite.currentSpecReport.CapturedGinkgoWriterOutput = string(suite.writer.Bytes()) suite.currentSpecReport.CapturedStdOutErr += suite.outputInterceptor.StopInterceptingAndReturnOutput() +} + +func (suite *Suite) runReportSuiteNodesIfNeedBe(nodeType types.NodeType) { + nodes := suite.suiteNodes.WithType(nodeType) + // only run ReportAfterSuite on proc 1 + if nodeType.Is(types.NodeTypeReportAfterSuite) && suite.config.ParallelProcess != 1 { + return + } + // if we're running ReportBeforeSuite on proc > 1 - we should wait until proc 1 has completed + if nodeType.Is(types.NodeTypeReportBeforeSuite) && suite.config.ParallelProcess != 1 && len(nodes) > 0 { + state, err := suite.client.BlockUntilReportBeforeSuiteCompleted() + if err != nil || state.Is(types.SpecStateFailed) { + suite.report.SuiteSucceeded = false + } + return + } + + for _, node := range nodes { + suite.selectiveLock.Lock() + suite.currentSpecReport = types.SpecReport{ + LeafNodeType: node.NodeType, + LeafNodeLocation: node.CodeLocation, + LeafNodeText: node.Text, + ParallelProcess: suite.config.ParallelProcess, + RunningInParallel: suite.isRunningInParallel(), + } + suite.selectiveLock.Unlock() - return + suite.reporter.WillRun(suite.currentSpecReport) + suite.runReportSuiteNode(node, suite.report) + suite.processCurrentSpecReport() + } + + // if we're running ReportBeforeSuite and we're running in parallel - we shuld tell the other procs that we're done + if nodeType.Is(types.NodeTypeReportBeforeSuite) && suite.isRunningInParallel() && len(nodes) > 0 { + if suite.report.SuiteSucceeded { + suite.client.PostReportBeforeSuiteCompleted(types.SpecStatePassed) + } else { + suite.client.PostReportBeforeSuiteCompleted(types.SpecStateFailed) + } + } } -func (suite *Suite) runReportAfterSuiteNode(node Node, report types.Report) { +func (suite *Suite) runReportSuiteNode(node Node, report types.Report) { suite.writer.Truncate() suite.outputInterceptor.StartInterceptingOutput() suite.currentSpecReport.StartTime = time.Now() - if suite.config.ParallelTotal > 1 { + // if we're running a ReportAfterSuite in parallel (on proc 1) we (a) wait until other procs have exited and + // (b) always fetch the latest report as prior ReportAfterSuites will contribute to it + if node.NodeType.Is(types.NodeTypeReportAfterSuite) && suite.isRunningInParallel() { aggregatedReport, err := suite.client.BlockUntilAggregatedNonprimaryProcsReport() if err != nil { suite.currentSpecReport.State, suite.currentSpecReport.Failure = types.SpecStateFailed, suite.failureForLeafNodeWithMessage(node, err.Error()) + suite.reporter.EmitFailure(suite.currentSpecReport.State, suite.currentSpecReport.Failure) return } report = report.Add(aggregatedReport) } - node.Body = func(SpecContext) { node.ReportAfterSuiteBody(report) } + node.Body = func(SpecContext) { node.ReportSuiteBody(report) } suite.currentSpecReport.State, suite.currentSpecReport.Failure = suite.runNode(node, time.Time{}, "") suite.currentSpecReport.EndTime = time.Now() suite.currentSpecReport.RunTime = suite.currentSpecReport.EndTime.Sub(suite.currentSpecReport.StartTime) suite.currentSpecReport.CapturedGinkgoWriterOutput = string(suite.writer.Bytes()) suite.currentSpecReport.CapturedStdOutErr = suite.outputInterceptor.StopInterceptingAndReturnOutput() - - return } func (suite *Suite) runNode(node Node, specDeadline time.Time, text string) (types.SpecState, types.Failure) { @@ -662,7 +766,7 @@ func (suite *Suite) runNode(node Node, specDeadline time.Time, text string) (typ suite.selectiveLock.Lock() suite.currentNode = node suite.currentNodeStartTime = time.Now() - suite.progressStepCursor = ProgressStepCursor{} + suite.currentByStep = types.SpecEvent{} suite.selectiveLock.Unlock() defer func() { suite.selectiveLock.Lock() @@ -671,13 +775,18 @@ func (suite *Suite) runNode(node Node, specDeadline time.Time, text string) (typ suite.selectiveLock.Unlock() }() - if suite.config.EmitSpecProgress && !node.MarkedSuppressProgressReporting { - if text == "" { - text = "TOP-LEVEL" - } - s := fmt.Sprintf("[%s] %s\n %s\n", node.NodeType.String(), text, node.CodeLocation.String()) - suite.writer.Write([]byte(s)) + if text == "" { + text = "TOP-LEVEL" } + event := suite.handleSpecEvent(types.SpecEvent{ + SpecEventType: types.SpecEventNodeStart, + NodeType: node.NodeType, + Message: text, + CodeLocation: node.CodeLocation, + }) + defer func() { + suite.handleSpecEventEnd(types.SpecEventNodeEnd, event) + }() var failure types.Failure failure.FailureNodeType, failure.FailureNodeLocation = node.NodeType, node.CodeLocation @@ -697,18 +806,23 @@ func (suite *Suite) runNode(node Node, specDeadline time.Time, text string) (typ now := time.Now() deadline := suite.deadline + timeoutInPlay := "suite" if deadline.IsZero() || (!specDeadline.IsZero() && specDeadline.Before(deadline)) { deadline = specDeadline + timeoutInPlay = "spec" } if node.NodeTimeout > 0 && (deadline.IsZero() || deadline.Sub(now) > node.NodeTimeout) { deadline = now.Add(node.NodeTimeout) + timeoutInPlay = "node" } if (!deadline.IsZero() && deadline.Before(now)) || interruptStatus.Interrupted() { //we're out of time already. let's wait for a NodeTimeout if we have it, or GracePeriod if we don't if node.NodeTimeout > 0 { deadline = now.Add(node.NodeTimeout) + timeoutInPlay = "node" } else { deadline = now.Add(gracePeriod) + timeoutInPlay = "grace period" } } @@ -743,6 +857,7 @@ func (suite *Suite) runNode(node Node, specDeadline time.Time, text string) (typ } outcomeFromRun, failureFromRun := suite.failer.Drain() + failureFromRun.TimelineLocation = suite.generateTimelineLocation() outcomeC <- outcomeFromRun failureC <- failureFromRun }() @@ -772,23 +887,33 @@ func (suite *Suite) runNode(node Node, specDeadline time.Time, text string) (typ select { case outcomeFromRun := <-outcomeC: failureFromRun := <-failureC - if outcome == types.SpecStateInterrupted { - // we've already been interrupted. we just managed to actually exit + if outcome.Is(types.SpecStateInterrupted | types.SpecStateTimedout) { + // we've already been interrupted/timed out. we just managed to actually exit // before the grace period elapsed - return outcome, failure - } else if outcome == types.SpecStateTimedout { - // we've already timed out. we just managed to actually exit - // before the grace period elapsed. if we have a failure message we should include it + // if we have a failure message we attach it as an additional failure if outcomeFromRun != types.SpecStatePassed { - failure.Location, failure.ForwardedPanic = failureFromRun.Location, failureFromRun.ForwardedPanic - failure.Message = "This spec timed out and reported the following failure after the timeout:\n\n" + failureFromRun.Message + additionalFailure := types.AdditionalFailure{ + State: outcomeFromRun, + Failure: failure, //we make a copy - this will include all the configuration set up above... + } + //...and then we update the failure with the details from failureFromRun + additionalFailure.Failure.Location, additionalFailure.Failure.ForwardedPanic, additionalFailure.Failure.TimelineLocation = failureFromRun.Location, failureFromRun.ForwardedPanic, failureFromRun.TimelineLocation + additionalFailure.Failure.ProgressReport = types.ProgressReport{} + if outcome == types.SpecStateTimedout { + additionalFailure.Failure.Message = fmt.Sprintf("A %s timeout occurred and then the following failure was recorded in the timedout node before it exited:\n%s", timeoutInPlay, failureFromRun.Message) + } else { + additionalFailure.Failure.Message = fmt.Sprintf("An interrupt occurred and then the following failure was recorded in the interrupted node before it exited:\n%s", failureFromRun.Message) + } + suite.reporter.EmitFailure(additionalFailure.State, additionalFailure.Failure) + failure.AdditionalFailure = &additionalFailure } return outcome, failure } if outcomeFromRun.Is(types.SpecStatePassed) { return outcomeFromRun, types.Failure{} } else { - failure.Message, failure.Location, failure.ForwardedPanic = failureFromRun.Message, failureFromRun.Location, failureFromRun.ForwardedPanic + failure.Message, failure.Location, failure.ForwardedPanic, failure.TimelineLocation = failureFromRun.Message, failureFromRun.Location, failureFromRun.ForwardedPanic, failureFromRun.TimelineLocation + suite.reporter.EmitFailure(outcomeFromRun, failure) return outcomeFromRun, failure } case <-gracePeriodChannel: @@ -801,10 +926,12 @@ func (suite *Suite) runNode(node Node, specDeadline time.Time, text string) (typ case <-deadlineChannel: // we're out of time - the outcome is a timeout and we capture the failure and progress report outcome = types.SpecStateTimedout - failure.Message, failure.Location = "Timedout", node.CodeLocation + failure.Message, failure.Location, failure.TimelineLocation = fmt.Sprintf("A %s timeout occurred", timeoutInPlay), node.CodeLocation, suite.generateTimelineLocation() failure.ProgressReport = suite.generateProgressReport(false).WithoutCapturedGinkgoWriterOutput() - failure.ProgressReport.Message = "{{bold}}This is the Progress Report generated when the timeout occurred:{{/}}" + failure.ProgressReport.Message = fmt.Sprintf("{{bold}}This is the Progress Report generated when the %s timeout occurred:{{/}}", timeoutInPlay) deadlineChannel = nil + suite.reporter.EmitFailure(outcome, failure) + // tell the spec to stop. it's important we generate the progress report first to make sure we capture where // the spec is actually stuck sc.cancel() @@ -812,38 +939,44 @@ func (suite *Suite) runNode(node Node, specDeadline time.Time, text string) (typ gracePeriodChannel = time.After(gracePeriod) case <-interruptStatus.Channel: interruptStatus = suite.interruptHandler.Status() + // ignore interruption from other process if we are cleaning up or reporting + if interruptStatus.Cause == interrupt_handler.InterruptCauseAbortByOtherProcess && + node.NodeType.Is(types.NodeTypesAllowedDuringReportInterrupt|types.NodeTypesAllowedDuringCleanupInterrupt) { + continue + } + deadlineChannel = nil // don't worry about deadlines, time's up now + failureTimelineLocation := suite.generateTimelineLocation() + progressReport := suite.generateProgressReport(true) + if outcome == types.SpecStateInvalid { outcome = types.SpecStateInterrupted - failure.Message, failure.Location = interruptStatus.Message(), node.CodeLocation + failure.Message, failure.Location, failure.TimelineLocation = interruptStatus.Message(), node.CodeLocation, failureTimelineLocation if interruptStatus.ShouldIncludeProgressReport() { - failure.ProgressReport = suite.generateProgressReport(true).WithoutCapturedGinkgoWriterOutput() + failure.ProgressReport = progressReport.WithoutCapturedGinkgoWriterOutput() failure.ProgressReport.Message = "{{bold}}This is the Progress Report generated when the interrupt was received:{{/}}" } + suite.reporter.EmitFailure(outcome, failure) } - var report types.ProgressReport - if interruptStatus.ShouldIncludeProgressReport() { - report = suite.generateProgressReport(false) - } - + progressReport = progressReport.WithoutOtherGoroutines() sc.cancel() if interruptStatus.Level == interrupt_handler.InterruptLevelBailOut { if interruptStatus.ShouldIncludeProgressReport() { - report.Message = fmt.Sprintf("{{bold}}{{orange}}%s{{/}}\n{{bold}}{{red}}Final interrupt received{{/}}; Ginkgo will not run any cleanup or reporting nodes and will terminate as soon as possible.\nHere's a current progress report:", interruptStatus.Message()) - suite.emitProgressReport(report) + progressReport.Message = fmt.Sprintf("{{bold}}{{orange}}%s{{/}}\n{{bold}}{{red}}Final interrupt received{{/}}; Ginkgo will not run any cleanup or reporting nodes and will terminate as soon as possible.\nHere's a current progress report:", interruptStatus.Message()) + suite.emitProgressReport(progressReport) } return outcome, failure } if interruptStatus.ShouldIncludeProgressReport() { if interruptStatus.Level == interrupt_handler.InterruptLevelCleanupAndReport { - report.Message = fmt.Sprintf("{{bold}}{{orange}}%s{{/}}\nFirst interrupt received; Ginkgo will run any cleanup and reporting nodes but will skip all remaining specs. {{bold}}Interrupt again to skip cleanup{{/}}.\nHere's a current progress report:", interruptStatus.Message()) + progressReport.Message = fmt.Sprintf("{{bold}}{{orange}}%s{{/}}\nFirst interrupt received; Ginkgo will run any cleanup and reporting nodes but will skip all remaining specs. {{bold}}Interrupt again to skip cleanup{{/}}.\nHere's a current progress report:", interruptStatus.Message()) } else if interruptStatus.Level == interrupt_handler.InterruptLevelReportOnly { - report.Message = fmt.Sprintf("{{bold}}{{orange}}%s{{/}}\nSecond interrupt received; Ginkgo will run any reporting nodes but will skip all remaining specs and cleanup nodes. {{bold}}Interrupt again to bail immediately{{/}}.\nHere's a current progress report:", interruptStatus.Message()) + progressReport.Message = fmt.Sprintf("{{bold}}{{orange}}%s{{/}}\nSecond interrupt received; Ginkgo will run any reporting nodes but will skip all remaining specs and cleanup nodes. {{bold}}Interrupt again to bail immediately{{/}}.\nHere's a current progress report:", interruptStatus.Message()) } - suite.emitProgressReport(report) + suite.emitProgressReport(progressReport) } if gracePeriodChannel == nil { @@ -864,10 +997,12 @@ func (suite *Suite) runNode(node Node, specDeadline time.Time, text string) (typ } } +// TODO: search for usages and consider if reporter.EmitFailure() is necessary func (suite *Suite) failureForLeafNodeWithMessage(node Node, message string) types.Failure { return types.Failure{ Message: message, Location: node.CodeLocation, + TimelineLocation: suite.generateTimelineLocation(), FailureNodeContext: types.FailureNodeIsLeafNode, FailureNodeType: node.NodeType, FailureNodeLocation: node.CodeLocation, diff --git a/vendor/github.com/onsi/ginkgo/v2/internal/testingtproxy/testing_t_proxy.go b/vendor/github.com/onsi/ginkgo/v2/internal/testingtproxy/testing_t_proxy.go index 2f42b2642..73e265565 100644 --- a/vendor/github.com/onsi/ginkgo/v2/internal/testingtproxy/testing_t_proxy.go +++ b/vendor/github.com/onsi/ginkgo/v2/internal/testingtproxy/testing_t_proxy.go @@ -5,34 +5,62 @@ import ( "io" "os" + "github.com/onsi/ginkgo/v2/formatter" "github.com/onsi/ginkgo/v2/internal" + "github.com/onsi/ginkgo/v2/reporters" "github.com/onsi/ginkgo/v2/types" ) type failFunc func(message string, callerSkip ...int) type skipFunc func(message string, callerSkip ...int) -type cleanupFunc func(args ...interface{}) +type cleanupFunc func(args ...any) type reportFunc func() types.SpecReport +type addReportEntryFunc func(names string, args ...any) +type ginkgoWriterInterface interface { + io.Writer -func New(writer io.Writer, fail failFunc, skip skipFunc, cleanup cleanupFunc, report reportFunc, offset int) *ginkgoTestingTProxy { + Print(a ...interface{}) + Printf(format string, a ...interface{}) + Println(a ...interface{}) +} +type ginkgoRecoverFunc func() +type attachProgressReporterFunc func(func() string) func() + +func New(writer ginkgoWriterInterface, fail failFunc, skip skipFunc, cleanup cleanupFunc, report reportFunc, addReportEntry addReportEntryFunc, ginkgoRecover ginkgoRecoverFunc, attachProgressReporter attachProgressReporterFunc, randomSeed int64, parallelProcess int, parallelTotal int, noColor bool, offset int) *ginkgoTestingTProxy { return &ginkgoTestingTProxy{ - fail: fail, - offset: offset, - writer: writer, - skip: skip, - cleanup: cleanup, - report: report, + fail: fail, + offset: offset, + writer: writer, + skip: skip, + cleanup: cleanup, + report: report, + addReportEntry: addReportEntry, + ginkgoRecover: ginkgoRecover, + attachProgressReporter: attachProgressReporter, + randomSeed: randomSeed, + parallelProcess: parallelProcess, + parallelTotal: parallelTotal, + f: formatter.NewWithNoColorBool(noColor), } } type ginkgoTestingTProxy struct { - fail failFunc - skip skipFunc - cleanup cleanupFunc - report reportFunc - offset int - writer io.Writer -} + fail failFunc + skip skipFunc + cleanup cleanupFunc + report reportFunc + offset int + writer ginkgoWriterInterface + addReportEntry addReportEntryFunc + ginkgoRecover ginkgoRecoverFunc + attachProgressReporter attachProgressReporterFunc + randomSeed int64 + parallelProcess int + parallelTotal int + f formatter.Formatter +} + +// basic testing.T support func (t *ginkgoTestingTProxy) Cleanup(f func()) { t.cleanup(f, internal.Offset(1)) @@ -81,7 +109,7 @@ func (t *ginkgoTestingTProxy) Fatalf(format string, args ...interface{}) { } func (t *ginkgoTestingTProxy) Helper() { - // No-op + types.MarkAsHelper(1) } func (t *ginkgoTestingTProxy) Log(args ...interface{}) { @@ -126,3 +154,57 @@ func (t *ginkgoTestingTProxy) TempDir() string { return tmpDir } + +// FullGinkgoTInterface +func (t *ginkgoTestingTProxy) AddReportEntryVisibilityAlways(name string, args ...any) { + finalArgs := []any{internal.Offset(1), types.ReportEntryVisibilityAlways} + t.addReportEntry(name, append(finalArgs, args...)...) +} +func (t *ginkgoTestingTProxy) AddReportEntryVisibilityFailureOrVerbose(name string, args ...any) { + finalArgs := []any{internal.Offset(1), types.ReportEntryVisibilityFailureOrVerbose} + t.addReportEntry(name, append(finalArgs, args...)...) +} +func (t *ginkgoTestingTProxy) AddReportEntryVisibilityNever(name string, args ...any) { + finalArgs := []any{internal.Offset(1), types.ReportEntryVisibilityNever} + t.addReportEntry(name, append(finalArgs, args...)...) +} +func (t *ginkgoTestingTProxy) Print(a ...any) { + t.writer.Print(a...) +} +func (t *ginkgoTestingTProxy) Printf(format string, a ...any) { + t.writer.Printf(format, a...) +} +func (t *ginkgoTestingTProxy) Println(a ...any) { + t.writer.Println(a...) +} +func (t *ginkgoTestingTProxy) F(format string, args ...any) string { + return t.f.F(format, args...) +} +func (t *ginkgoTestingTProxy) Fi(indentation uint, format string, args ...any) string { + return t.f.Fi(indentation, format, args...) +} +func (t *ginkgoTestingTProxy) Fiw(indentation uint, maxWidth uint, format string, args ...any) string { + return t.f.Fiw(indentation, maxWidth, format, args...) +} +func (t *ginkgoTestingTProxy) RenderTimeline() string { + return reporters.RenderTimeline(t.report(), false) +} +func (t *ginkgoTestingTProxy) GinkgoRecover() { + t.ginkgoRecover() +} +func (t *ginkgoTestingTProxy) DeferCleanup(args ...any) { + finalArgs := []any{internal.Offset(1)} + t.cleanup(append(finalArgs, args...)...) +} +func (t *ginkgoTestingTProxy) RandomSeed() int64 { + return t.randomSeed +} +func (t *ginkgoTestingTProxy) ParallelProcess() int { + return t.parallelProcess +} +func (t *ginkgoTestingTProxy) ParallelTotal() int { + return t.parallelTotal +} +func (t *ginkgoTestingTProxy) AttachProgressReporter(f func() string) func() { + return t.attachProgressReporter(f) +} diff --git a/vendor/github.com/onsi/ginkgo/v2/internal/writer.go b/vendor/github.com/onsi/ginkgo/v2/internal/writer.go index 70f0a41f6..574f172df 100644 --- a/vendor/github.com/onsi/ginkgo/v2/internal/writer.go +++ b/vendor/github.com/onsi/ginkgo/v2/internal/writer.go @@ -5,6 +5,9 @@ import ( "fmt" "io" "sync" + + "github.com/go-logr/logr" + "github.com/go-logr/logr/funcr" ) type WriterMode uint @@ -19,24 +22,30 @@ type WriterInterface interface { Truncate() Bytes() []byte + Len() int } -//Writer implements WriterInterface and GinkgoWriterInterface +// Writer implements WriterInterface and GinkgoWriterInterface type Writer struct { buffer *bytes.Buffer outWriter io.Writer lock *sync.Mutex mode WriterMode + streamIndent []byte + indentNext bool + teeWriters []io.Writer } func NewWriter(outWriter io.Writer) *Writer { return &Writer{ - buffer: &bytes.Buffer{}, - lock: &sync.Mutex{}, - outWriter: outWriter, - mode: WriterModeStreamAndBuffer, + buffer: &bytes.Buffer{}, + lock: &sync.Mutex{}, + outWriter: outWriter, + mode: WriterModeStreamAndBuffer, + streamIndent: []byte(" "), + indentNext: true, } } @@ -46,6 +55,14 @@ func (w *Writer) SetMode(mode WriterMode) { w.mode = mode } +func (w *Writer) Len() int { + w.lock.Lock() + defer w.lock.Unlock() + return w.buffer.Len() +} + +var newline = []byte("\n") + func (w *Writer) Write(b []byte) (n int, err error) { w.lock.Lock() defer w.lock.Unlock() @@ -55,7 +72,21 @@ func (w *Writer) Write(b []byte) (n int, err error) { } if w.mode == WriterModeStreamAndBuffer { - w.outWriter.Write(b) + line, remaining, found := []byte{}, b, false + for len(remaining) > 0 { + line, remaining, found = bytes.Cut(remaining, newline) + if len(line) > 0 { + if w.indentNext { + w.outWriter.Write(w.streamIndent) + w.indentNext = false + } + w.outWriter.Write(line) + } + if found { + w.outWriter.Write(newline) + w.indentNext = true + } + } } return w.buffer.Write(b) } @@ -75,7 +106,7 @@ func (w *Writer) Bytes() []byte { return copied } -//GinkgoWriterInterface +// GinkgoWriterInterface func (w *Writer) TeeTo(writer io.Writer) { w.lock.Lock() defer w.lock.Unlock() @@ -101,3 +132,9 @@ func (w *Writer) Printf(format string, a ...interface{}) { func (w *Writer) Println(a ...interface{}) { fmt.Fprintln(w, a...) } + +func GinkgoLogrFunc(writer *Writer) logr.Logger { + return funcr.New(func(prefix, args string) { + writer.Printf("%s\n", args) + }, funcr.Options{}) +} diff --git a/vendor/github.com/onsi/ginkgo/v2/reporters/default_reporter.go b/vendor/github.com/onsi/ginkgo/v2/reporters/default_reporter.go index 2ee51286e..56b7be758 100644 --- a/vendor/github.com/onsi/ginkgo/v2/reporters/default_reporter.go +++ b/vendor/github.com/onsi/ginkgo/v2/reporters/default_reporter.go @@ -12,6 +12,7 @@ import ( "io" "runtime" "strings" + "sync" "time" "github.com/onsi/ginkgo/v2/formatter" @@ -23,13 +24,16 @@ type DefaultReporter struct { writer io.Writer // managing the emission stream - lastChar string + lastCharWasNewline bool lastEmissionWasDelimiter bool // rendering specDenoter string retryDenoter string formatter formatter.Formatter + + runningInParallel bool + lock *sync.Mutex } func NewDefaultReporterUnderTest(conf types.ReporterConfig, writer io.Writer) *DefaultReporter { @@ -44,12 +48,13 @@ func NewDefaultReporter(conf types.ReporterConfig, writer io.Writer) *DefaultRep conf: conf, writer: writer, - lastChar: "\n", + lastCharWasNewline: true, lastEmissionWasDelimiter: false, specDenoter: "•", retryDenoter: "↺", formatter: formatter.NewWithNoColorBool(conf.NoColor), + lock: &sync.Mutex{}, } if runtime.GOOS == "windows" { reporter.specDenoter = "+" @@ -97,170 +102,219 @@ func (r *DefaultReporter) SuiteWillBegin(report types.Report) { } } -func (r *DefaultReporter) WillRun(report types.SpecReport) { - if r.conf.Verbosity().LT(types.VerbosityLevelVerbose) || report.State.Is(types.SpecStatePending|types.SpecStateSkipped) { +func (r *DefaultReporter) SuiteDidEnd(report types.Report) { + failures := report.SpecReports.WithState(types.SpecStateFailureStates) + if len(failures) > 0 { + r.emitBlock("\n") + if len(failures) > 1 { + r.emitBlock(r.f("{{red}}{{bold}}Summarizing %d Failures:{{/}}", len(failures))) + } else { + r.emitBlock(r.f("{{red}}{{bold}}Summarizing 1 Failure:{{/}}")) + } + for _, specReport := range failures { + highlightColor, heading := "{{red}}", "[FAIL]" + switch specReport.State { + case types.SpecStatePanicked: + highlightColor, heading = "{{magenta}}", "[PANICKED!]" + case types.SpecStateAborted: + highlightColor, heading = "{{coral}}", "[ABORTED]" + case types.SpecStateTimedout: + highlightColor, heading = "{{orange}}", "[TIMEDOUT]" + case types.SpecStateInterrupted: + highlightColor, heading = "{{orange}}", "[INTERRUPTED]" + } + locationBlock := r.codeLocationBlock(specReport, highlightColor, false, true) + r.emitBlock(r.fi(1, highlightColor+"%s{{/}} %s", heading, locationBlock)) + } + } + + //summarize the suite + if r.conf.Verbosity().Is(types.VerbosityLevelSuccinct) && report.SuiteSucceeded { + r.emit(r.f(" {{green}}SUCCESS!{{/}} %s ", report.RunTime)) return } - r.emitDelimiter() - indentation := uint(0) - if report.LeafNodeType.Is(types.NodeTypesForSuiteLevelNodes) { - r.emitBlock(r.f("{{bold}}[%s] %s{{/}}", report.LeafNodeType.String(), report.LeafNodeText)) + r.emitBlock("\n") + color, status := "{{green}}{{bold}}", "SUCCESS!" + if !report.SuiteSucceeded { + color, status = "{{red}}{{bold}}", "FAIL!" + } + + specs := report.SpecReports.WithLeafNodeType(types.NodeTypeIt) //exclude any suite setup nodes + r.emitBlock(r.f(color+"Ran %d of %d Specs in %.3f seconds{{/}}", + specs.CountWithState(types.SpecStatePassed)+specs.CountWithState(types.SpecStateFailureStates), + report.PreRunStats.TotalSpecs, + report.RunTime.Seconds()), + ) + + switch len(report.SpecialSuiteFailureReasons) { + case 0: + r.emit(r.f(color+"%s{{/}} -- ", status)) + case 1: + r.emit(r.f(color+"%s - %s{{/}} -- ", status, report.SpecialSuiteFailureReasons[0])) + default: + r.emitBlock(r.f(color+"%s - %s{{/}}\n", status, strings.Join(report.SpecialSuiteFailureReasons, ", "))) + } + + if len(specs) == 0 && report.SpecReports.WithLeafNodeType(types.NodeTypeBeforeSuite|types.NodeTypeSynchronizedBeforeSuite).CountWithState(types.SpecStateFailureStates) > 0 { + r.emit(r.f("{{cyan}}{{bold}}A BeforeSuite node failed so all tests were skipped.{{/}}\n")) } else { - if len(report.ContainerHierarchyTexts) > 0 { - r.emitBlock(r.cycleJoin(report.ContainerHierarchyTexts, " ")) - indentation = 1 + r.emit(r.f("{{green}}{{bold}}%d Passed{{/}} | ", specs.CountWithState(types.SpecStatePassed))) + r.emit(r.f("{{red}}{{bold}}%d Failed{{/}} | ", specs.CountWithState(types.SpecStateFailureStates))) + if specs.CountOfFlakedSpecs() > 0 { + r.emit(r.f("{{light-yellow}}{{bold}}%d Flaked{{/}} | ", specs.CountOfFlakedSpecs())) } - line := r.fi(indentation, "{{bold}}%s{{/}}", report.LeafNodeText) - labels := report.Labels() - if len(labels) > 0 { - line += r.f(" {{coral}}[%s]{{/}}", strings.Join(labels, ", ")) + if specs.CountOfRepeatedSpecs() > 0 { + r.emit(r.f("{{light-yellow}}{{bold}}%d Repeated{{/}} | ", specs.CountOfRepeatedSpecs())) } - r.emitBlock(line) + r.emit(r.f("{{yellow}}{{bold}}%d Pending{{/}} | ", specs.CountWithState(types.SpecStatePending))) + r.emit(r.f("{{cyan}}{{bold}}%d Skipped{{/}}\n", specs.CountWithState(types.SpecStateSkipped))) } - r.emitBlock(r.fi(indentation, "{{gray}}%s{{/}}", report.LeafNodeLocation)) } -func (r *DefaultReporter) DidRun(report types.SpecReport) { +func (r *DefaultReporter) WillRun(report types.SpecReport) { v := r.conf.Verbosity() - var header, highlightColor string - includeRuntime, emitGinkgoWriterOutput, stream, denoter := true, true, false, r.specDenoter - succinctLocationBlock := v.Is(types.VerbosityLevelSuccinct) + if v.LT(types.VerbosityLevelVerbose) || report.State.Is(types.SpecStatePending|types.SpecStateSkipped) || report.RunningInParallel { + return + } + + r.emitDelimiter(0) + r.emitBlock(r.f(r.codeLocationBlock(report, "{{/}}", v.Is(types.VerbosityLevelVeryVerbose), false))) +} - hasGW := report.CapturedGinkgoWriterOutput != "" - hasStd := report.CapturedStdOutErr != "" - hasEmittableReports := report.ReportEntries.HasVisibility(types.ReportEntryVisibilityAlways) || (report.ReportEntries.HasVisibility(types.ReportEntryVisibilityFailureOrVerbose) && (!report.Failure.IsZero() || v.GTE(types.VerbosityLevelVerbose))) +func (r *DefaultReporter) DidRun(report types.SpecReport) { + v := r.conf.Verbosity() + inParallel := report.RunningInParallel + header := r.specDenoter if report.LeafNodeType.Is(types.NodeTypesForSuiteLevelNodes) { - denoter = fmt.Sprintf("[%s]", report.LeafNodeType) + header = fmt.Sprintf("[%s]", report.LeafNodeType) + } + highlightColor := r.highlightColorForState(report.State) + + // have we already been streaming the timeline? + timelineHasBeenStreaming := v.GTE(types.VerbosityLevelVerbose) && !inParallel + + // should we show the timeline? + var timeline types.Timeline + showTimeline := !timelineHasBeenStreaming && (v.GTE(types.VerbosityLevelVerbose) || report.Failed()) + if showTimeline { + timeline = report.Timeline().WithoutHiddenReportEntries() + keepVeryVerboseSpecEvents := v.Is(types.VerbosityLevelVeryVerbose) || + (v.Is(types.VerbosityLevelVerbose) && r.conf.ShowNodeEvents) || + (report.Failed() && r.conf.ShowNodeEvents) + if !keepVeryVerboseSpecEvents { + timeline = timeline.WithoutVeryVerboseSpecEvents() + } + if len(timeline) == 0 && report.CapturedGinkgoWriterOutput == "" { + // the timeline is completely empty - don't show it + showTimeline = false + } + if v.LT(types.VerbosityLevelVeryVerbose) && report.CapturedGinkgoWriterOutput == "" && len(timeline) > 0 { + //if we aren't -vv and the timeline only has a single failure, don't show it as it will appear at the end of the report + failure, isFailure := timeline[0].(types.Failure) + if isFailure && (len(timeline) == 1 || (len(timeline) == 2 && failure.AdditionalFailure != nil)) { + showTimeline = false + } + } } - highlightColor = r.highlightColorForState(report.State) + // should we have a separate section for always-visible reports? + showSeparateVisibilityAlwaysReportsSection := !timelineHasBeenStreaming && !showTimeline && report.ReportEntries.HasVisibility(types.ReportEntryVisibilityAlways) + + // should we have a separate section for captured stdout/stderr + showSeparateStdSection := inParallel && (report.CapturedStdOutErr != "") + + // given all that - do we have any actual content to show? or are we a single denoter in a stream? + reportHasContent := v.Is(types.VerbosityLevelVeryVerbose) || showTimeline || showSeparateVisibilityAlwaysReportsSection || showSeparateStdSection || report.Failed() || (v.Is(types.VerbosityLevelVerbose) && !report.State.Is(types.SpecStateSkipped)) + + // should we show a runtime? + includeRuntime := !report.State.Is(types.SpecStateSkipped|types.SpecStatePending) || (report.State.Is(types.SpecStateSkipped) && report.Failure.Message != "") + + // should we show the codelocation block? + showCodeLocation := !timelineHasBeenStreaming || !report.State.Is(types.SpecStatePassed) switch report.State { case types.SpecStatePassed: - succinctLocationBlock = v.LT(types.VerbosityLevelVerbose) - emitGinkgoWriterOutput = (r.conf.AlwaysEmitGinkgoWriter || v.GTE(types.VerbosityLevelVerbose)) && hasGW + if report.LeafNodeType.Is(types.NodeTypesForSuiteLevelNodes) && !reportHasContent { + return + } if report.LeafNodeType.Is(types.NodeTypesForSuiteLevelNodes) { - if v.GTE(types.VerbosityLevelVerbose) || hasStd || hasEmittableReports { - header = fmt.Sprintf("%s PASSED", denoter) - } else { - return - } - } else { - header, stream = denoter, true - if report.NumAttempts > 1 { - header, stream = fmt.Sprintf("%s [FLAKEY TEST - TOOK %d ATTEMPTS TO PASS]", r.retryDenoter, report.NumAttempts), false - } - if report.RunTime > r.conf.SlowSpecThreshold { - header, stream = fmt.Sprintf("%s [SLOW TEST]", header), false - } + header = fmt.Sprintf("%s PASSED", header) } - if hasStd || emitGinkgoWriterOutput || hasEmittableReports { - stream = false + if report.NumAttempts > 1 && report.MaxFlakeAttempts > 1 { + header, reportHasContent = fmt.Sprintf("%s [FLAKEY TEST - TOOK %d ATTEMPTS TO PASS]", r.retryDenoter, report.NumAttempts), true } case types.SpecStatePending: - includeRuntime, emitGinkgoWriterOutput = false, false - if v.Is(types.VerbosityLevelSuccinct) { - header, stream = "P", true - } else { - header, succinctLocationBlock = "P [PENDING]", v.LT(types.VerbosityLevelVeryVerbose) + header = "P" + if v.GT(types.VerbosityLevelSuccinct) { + header, reportHasContent = "P [PENDING]", true } case types.SpecStateSkipped: - if report.Failure.Message != "" || v.Is(types.VerbosityLevelVeryVerbose) { - header = "S [SKIPPED]" - } else { - header, stream = "S", true + header = "S" + if v.Is(types.VerbosityLevelVeryVerbose) || (v.Is(types.VerbosityLevelVerbose) && report.Failure.Message != "") { + header, reportHasContent = "S [SKIPPED]", true + } + default: + header = fmt.Sprintf("%s [%s]", header, r.humanReadableState(report.State)) + if report.MaxMustPassRepeatedly > 1 { + header = fmt.Sprintf("%s DURING REPETITION #%d", header, report.NumAttempts) } - case types.SpecStateFailed: - header = fmt.Sprintf("%s [FAILED]", denoter) - case types.SpecStateTimedout: - header = fmt.Sprintf("%s [TIMEDOUT]", denoter) - case types.SpecStatePanicked: - header = fmt.Sprintf("%s! [PANICKED]", denoter) - case types.SpecStateInterrupted: - header = fmt.Sprintf("%s! [INTERRUPTED]", denoter) - case types.SpecStateAborted: - header = fmt.Sprintf("%s! [ABORTED]", denoter) } - // Emit stream and return - if stream { + // If we have no content to show, jsut emit the header and return + if !reportHasContent { r.emit(r.f(highlightColor + header + "{{/}}")) return } - // Emit header - r.emitDelimiter() if includeRuntime { header = r.f("%s [%.3f seconds]", header, report.RunTime.Seconds()) } - r.emitBlock(r.f(highlightColor + header + "{{/}}")) - // Emit Code Location Block - r.emitBlock(r.codeLocationBlock(report, highlightColor, succinctLocationBlock, false)) + // Emit header + if !timelineHasBeenStreaming { + r.emitDelimiter(0) + } + r.emitBlock(r.f(highlightColor + header + "{{/}}")) + if showCodeLocation { + r.emitBlock(r.codeLocationBlock(report, highlightColor, v.Is(types.VerbosityLevelVeryVerbose), false)) + } //Emit Stdout/Stderr Output - if hasStd { + if showSeparateStdSection { r.emitBlock("\n") - r.emitBlock(r.fi(1, "{{gray}}Begin Captured StdOut/StdErr Output >>{{/}}")) - r.emitBlock(r.fi(2, "%s", report.CapturedStdOutErr)) - r.emitBlock(r.fi(1, "{{gray}}<< End Captured StdOut/StdErr Output{{/}}")) + r.emitBlock(r.fi(1, "{{gray}}Captured StdOut/StdErr Output >>{{/}}")) + r.emitBlock(r.fi(1, "%s", report.CapturedStdOutErr)) + r.emitBlock(r.fi(1, "{{gray}}<< Captured StdOut/StdErr Output{{/}}")) } - //Emit Captured GinkgoWriter Output - if emitGinkgoWriterOutput && hasGW { + if showSeparateVisibilityAlwaysReportsSection { r.emitBlock("\n") - r.emitGinkgoWriterOutput(1, report.CapturedGinkgoWriterOutput, 0) + r.emitBlock(r.fi(1, "{{gray}}Report Entries >>{{/}}")) + for _, entry := range report.ReportEntries.WithVisibility(types.ReportEntryVisibilityAlways) { + r.emitReportEntry(1, entry) + } + r.emitBlock(r.fi(1, "{{gray}}<< Report Entries{{/}}")) } - if hasEmittableReports { + if showTimeline { r.emitBlock("\n") - r.emitBlock(r.fi(1, "{{gray}}Begin Report Entries >>{{/}}")) - reportEntries := report.ReportEntries.WithVisibility(types.ReportEntryVisibilityAlways) - if !report.Failure.IsZero() || v.GTE(types.VerbosityLevelVerbose) { - reportEntries = report.ReportEntries.WithVisibility(types.ReportEntryVisibilityAlways, types.ReportEntryVisibilityFailureOrVerbose) - } - for _, entry := range reportEntries { - r.emitBlock(r.fi(2, "{{bold}}"+entry.Name+"{{gray}} - %s @ %s{{/}}", entry.Location, entry.Time.Format(types.GINKGO_TIME_FORMAT))) - if representation := entry.StringRepresentation(); representation != "" { - r.emitBlock(r.fi(3, representation)) - } - } - r.emitBlock(r.fi(1, "{{gray}}<< End Report Entries{{/}}")) + r.emitBlock(r.fi(1, "{{gray}}Timeline >>{{/}}")) + r.emitTimeline(1, report, timeline) + r.emitBlock(r.fi(1, "{{gray}}<< Timeline{{/}}")) } // Emit Failure Message - if !report.Failure.IsZero() { + if !report.Failure.IsZero() && !v.Is(types.VerbosityLevelVeryVerbose) { r.emitBlock("\n") - r.EmitFailure(1, report.State, report.Failure, false) - } - - if len(report.AdditionalFailures) > 0 { - if v.GTE(types.VerbosityLevelVerbose) { - r.emitBlock("\n") - r.emitBlock(r.fi(1, "{{bold}}There were additional failures detected after the initial failure:{{/}}")) - for i, additionalFailure := range report.AdditionalFailures { - r.EmitFailure(2, additionalFailure.State, additionalFailure.Failure, true) - if i < len(report.AdditionalFailures)-1 { - r.emitBlock(r.fi(2, "{{gray}}%s{{/}}", strings.Repeat("-", 10))) - } - } - } else { - r.emitBlock("\n") - r.emitBlock(r.fi(1, "{{bold}}There were additional failures detected after the initial failure. Here's a summary - for full details run Ginkgo in verbose mode:{{/}}")) - for _, additionalFailure := range report.AdditionalFailures { - r.emitBlock(r.fi(2, r.highlightColorForState(additionalFailure.State)+"[%s]{{/}} in [%s] at %s", - r.humanReadableState(additionalFailure.State), - additionalFailure.Failure.FailureNodeType, - additionalFailure.Failure.Location, - )) - } - + r.emitFailure(1, report.State, report.Failure, true) + if len(report.AdditionalFailures) > 0 { + r.emitBlock(r.fi(1, "\nThere were {{bold}}{{red}}additional failures{{/}} detected. To view them in detail run {{bold}}ginkgo -vv{{/}}")) } } - r.emitDelimiter() + r.emitDelimiter(0) } func (r *DefaultReporter) highlightColorForState(state types.SpecState) string { @@ -290,13 +344,68 @@ func (r *DefaultReporter) humanReadableState(state types.SpecState) string { return strings.ToUpper(state.String()) } -func (r *DefaultReporter) EmitFailure(indent uint, state types.SpecState, failure types.Failure, includeState bool) { - highlightColor := r.highlightColorForState(state) - if includeState { - r.emitBlock(r.fi(indent, highlightColor+"[%s]{{/}}", r.humanReadableState(state))) +func (r *DefaultReporter) emitTimeline(indent uint, report types.SpecReport, timeline types.Timeline) { + isVeryVerbose := r.conf.Verbosity().Is(types.VerbosityLevelVeryVerbose) + gw := report.CapturedGinkgoWriterOutput + cursor := 0 + for _, entry := range timeline { + tl := entry.GetTimelineLocation() + if tl.Offset < len(gw) { + r.emit(r.fi(indent, "%s", gw[cursor:tl.Offset])) + cursor = tl.Offset + } else if cursor < len(gw) { + r.emit(r.fi(indent, "%s", gw[cursor:])) + cursor = len(gw) + } + switch x := entry.(type) { + case types.Failure: + if isVeryVerbose { + r.emitFailure(indent, report.State, x, false) + } else { + r.emitShortFailure(indent, report.State, x) + } + case types.AdditionalFailure: + if isVeryVerbose { + r.emitFailure(indent, x.State, x.Failure, true) + } else { + r.emitShortFailure(indent, x.State, x.Failure) + } + case types.ReportEntry: + r.emitReportEntry(indent, x) + case types.ProgressReport: + r.emitProgressReport(indent, false, x) + case types.SpecEvent: + if isVeryVerbose || !x.IsOnlyVisibleAtVeryVerbose() || r.conf.ShowNodeEvents { + r.emitSpecEvent(indent, x, isVeryVerbose) + } + } } - r.emitBlock(r.fi(indent, highlightColor+"%s{{/}}", failure.Message)) - r.emitBlock(r.fi(indent, highlightColor+"In {{bold}}[%s]{{/}}"+highlightColor+" at: {{bold}}%s{{/}}\n", failure.FailureNodeType, failure.Location)) + if cursor < len(gw) { + r.emit(r.fi(indent, "%s", gw[cursor:])) + } +} + +func (r *DefaultReporter) EmitFailure(state types.SpecState, failure types.Failure) { + if r.conf.Verbosity().Is(types.VerbosityLevelVerbose) { + r.emitShortFailure(1, state, failure) + } else if r.conf.Verbosity().Is(types.VerbosityLevelVeryVerbose) { + r.emitFailure(1, state, failure, true) + } +} + +func (r *DefaultReporter) emitShortFailure(indent uint, state types.SpecState, failure types.Failure) { + r.emitBlock(r.fi(indent, r.highlightColorForState(state)+"[%s]{{/}} in [%s] - %s {{gray}}@ %s{{/}}", + r.humanReadableState(state), + failure.FailureNodeType, + failure.Location, + failure.TimelineLocation.Time.Format(types.GINKGO_TIME_FORMAT), + )) +} + +func (r *DefaultReporter) emitFailure(indent uint, state types.SpecState, failure types.Failure, includeAdditionalFailure bool) { + highlightColor := r.highlightColorForState(state) + r.emitBlock(r.fi(indent, highlightColor+"[%s] %s{{/}}", r.humanReadableState(state), failure.Message)) + r.emitBlock(r.fi(indent, highlightColor+"In {{bold}}[%s]{{/}}"+highlightColor+" at: {{bold}}%s{{/}} {{gray}}@ %s{{/}}\n", failure.FailureNodeType, failure.Location, failure.TimelineLocation.Time.Format(types.GINKGO_TIME_FORMAT))) if failure.ForwardedPanic != "" { r.emitBlock("\n") r.emitBlock(r.fi(indent, highlightColor+"%s{{/}}", failure.ForwardedPanic)) @@ -312,83 +421,22 @@ func (r *DefaultReporter) EmitFailure(indent uint, state types.SpecState, failur r.emitBlock("\n") r.emitProgressReport(indent, false, failure.ProgressReport) } -} -func (r *DefaultReporter) SuiteDidEnd(report types.Report) { - failures := report.SpecReports.WithState(types.SpecStateFailureStates) - if len(failures) > 0 { - r.emitBlock("\n\n") - if len(failures) > 1 { - r.emitBlock(r.f("{{red}}{{bold}}Summarizing %d Failures:{{/}}", len(failures))) - } else { - r.emitBlock(r.f("{{red}}{{bold}}Summarizing 1 Failure:{{/}}")) - } - for _, specReport := range failures { - highlightColor, heading := "{{red}}", "[FAIL]" - switch specReport.State { - case types.SpecStatePanicked: - highlightColor, heading = "{{magenta}}", "[PANICKED!]" - case types.SpecStateAborted: - highlightColor, heading = "{{coral}}", "[ABORTED]" - case types.SpecStateTimedout: - highlightColor, heading = "{{orange}}", "[TIMEDOUT]" - case types.SpecStateInterrupted: - highlightColor, heading = "{{orange}}", "[INTERRUPTED]" - } - locationBlock := r.codeLocationBlock(specReport, highlightColor, true, true) - r.emitBlock(r.fi(1, highlightColor+"%s{{/}} %s", heading, locationBlock)) - } - } - - //summarize the suite - if r.conf.Verbosity().Is(types.VerbosityLevelSuccinct) && report.SuiteSucceeded { - r.emit(r.f(" {{green}}SUCCESS!{{/}} %s ", report.RunTime)) - return - } - - r.emitBlock("\n") - color, status := "{{green}}{{bold}}", "SUCCESS!" - if !report.SuiteSucceeded { - color, status = "{{red}}{{bold}}", "FAIL!" - } - - specs := report.SpecReports.WithLeafNodeType(types.NodeTypeIt) //exclude any suite setup nodes - r.emitBlock(r.f(color+"Ran %d of %d Specs in %.3f seconds{{/}}", - specs.CountWithState(types.SpecStatePassed)+specs.CountWithState(types.SpecStateFailureStates), - report.PreRunStats.TotalSpecs, - report.RunTime.Seconds()), - ) - - switch len(report.SpecialSuiteFailureReasons) { - case 0: - r.emit(r.f(color+"%s{{/}} -- ", status)) - case 1: - r.emit(r.f(color+"%s - %s{{/}} -- ", status, report.SpecialSuiteFailureReasons[0])) - default: - r.emitBlock(r.f(color+"%s - %s{{/}}\n", status, strings.Join(report.SpecialSuiteFailureReasons, ", "))) - } - - if len(specs) == 0 && report.SpecReports.WithLeafNodeType(types.NodeTypeBeforeSuite|types.NodeTypeSynchronizedBeforeSuite).CountWithState(types.SpecStateFailureStates) > 0 { - r.emit(r.f("{{cyan}}{{bold}}A BeforeSuite node failed so all tests were skipped.{{/}}\n")) - } else { - r.emit(r.f("{{green}}{{bold}}%d Passed{{/}} | ", specs.CountWithState(types.SpecStatePassed))) - r.emit(r.f("{{red}}{{bold}}%d Failed{{/}} | ", specs.CountWithState(types.SpecStateFailureStates))) - if specs.CountOfFlakedSpecs() > 0 { - r.emit(r.f("{{light-yellow}}{{bold}}%d Flaked{{/}} | ", specs.CountOfFlakedSpecs())) - } - r.emit(r.f("{{yellow}}{{bold}}%d Pending{{/}} | ", specs.CountWithState(types.SpecStatePending))) - r.emit(r.f("{{cyan}}{{bold}}%d Skipped{{/}}\n", specs.CountWithState(types.SpecStateSkipped))) + if failure.AdditionalFailure != nil && includeAdditionalFailure { + r.emitBlock("\n") + r.emitFailure(indent, failure.AdditionalFailure.State, failure.AdditionalFailure.Failure, true) } } func (r *DefaultReporter) EmitProgressReport(report types.ProgressReport) { - r.emitDelimiter() + r.emitDelimiter(1) if report.RunningInParallel { - r.emit(r.f("{{coral}}Progress Report for Ginkgo Process #{{bold}}%d{{/}}\n", report.ParallelProcess)) + r.emit(r.fi(1, "{{coral}}Progress Report for Ginkgo Process #{{bold}}%d{{/}}\n", report.ParallelProcess)) } - r.emitProgressReport(0, true, report) - r.emitDelimiter() + shouldEmitGW := report.RunningInParallel || r.conf.Verbosity().LT(types.VerbosityLevelVerbose) + r.emitProgressReport(1, shouldEmitGW, report) + r.emitDelimiter(1) } func (r *DefaultReporter) emitProgressReport(indent uint, emitGinkgoWriterOutput bool, report types.ProgressReport) { @@ -403,7 +451,7 @@ func (r *DefaultReporter) emitProgressReport(indent uint, emitGinkgoWriterOutput r.emit(" ") subjectIndent = 0 } - r.emit(r.fi(subjectIndent, "{{bold}}{{orange}}%s{{/}} (Spec Runtime: %s)\n", report.LeafNodeText, report.Time.Sub(report.SpecStartTime).Round(time.Millisecond))) + r.emit(r.fi(subjectIndent, "{{bold}}{{orange}}%s{{/}} (Spec Runtime: %s)\n", report.LeafNodeText, report.Time().Sub(report.SpecStartTime).Round(time.Millisecond))) r.emit(r.fi(indent+1, "{{gray}}%s{{/}}\n", report.LeafNodeLocation)) indent += 1 } @@ -413,12 +461,12 @@ func (r *DefaultReporter) emitProgressReport(indent uint, emitGinkgoWriterOutput r.emit(r.f(" {{bold}}{{orange}}%s{{/}}", report.CurrentNodeText)) } - r.emit(r.f(" (Node Runtime: %s)\n", report.Time.Sub(report.CurrentNodeStartTime).Round(time.Millisecond))) + r.emit(r.f(" (Node Runtime: %s)\n", report.Time().Sub(report.CurrentNodeStartTime).Round(time.Millisecond))) r.emit(r.fi(indent+1, "{{gray}}%s{{/}}\n", report.CurrentNodeLocation)) indent += 1 } if report.CurrentStepText != "" { - r.emit(r.fi(indent, "At {{bold}}{{orange}}[By Step] %s{{/}} (Step Runtime: %s)\n", report.CurrentStepText, report.Time.Sub(report.CurrentStepStartTime).Round(time.Millisecond))) + r.emit(r.fi(indent, "At {{bold}}{{orange}}[By Step] %s{{/}} (Step Runtime: %s)\n", report.CurrentStepText, report.Time().Sub(report.CurrentStepStartTime).Round(time.Millisecond))) r.emit(r.fi(indent+1, "{{gray}}%s{{/}}\n", report.CurrentStepLocation)) indent += 1 } @@ -427,9 +475,19 @@ func (r *DefaultReporter) emitProgressReport(indent uint, emitGinkgoWriterOutput indent -= 1 } - if emitGinkgoWriterOutput && report.CapturedGinkgoWriterOutput != "" && (report.RunningInParallel || r.conf.Verbosity().LT(types.VerbosityLevelVerbose)) { + if emitGinkgoWriterOutput && report.CapturedGinkgoWriterOutput != "" { r.emit("\n") - r.emitGinkgoWriterOutput(indent, report.CapturedGinkgoWriterOutput, 10) + r.emitBlock(r.fi(indent, "{{gray}}Begin Captured GinkgoWriter Output >>{{/}}")) + limit, lines := 10, strings.Split(report.CapturedGinkgoWriterOutput, "\n") + if len(lines) <= limit { + r.emitBlock(r.fi(indent+1, "%s", report.CapturedGinkgoWriterOutput)) + } else { + r.emitBlock(r.fi(indent+1, "{{gray}}...{{/}}")) + for _, line := range lines[len(lines)-limit-1:] { + r.emitBlock(r.fi(indent+1, "%s", line)) + } + } + r.emitBlock(r.fi(indent, "{{gray}}<< End Captured GinkgoWriter Output{{/}}")) } if !report.SpecGoroutine().IsZero() { @@ -465,22 +523,48 @@ func (r *DefaultReporter) emitProgressReport(indent uint, emitGinkgoWriterOutput } } -func (r *DefaultReporter) emitGinkgoWriterOutput(indent uint, output string, limit int) { - r.emitBlock(r.fi(indent, "{{gray}}Begin Captured GinkgoWriter Output >>{{/}}")) - if limit == 0 { - r.emitBlock(r.fi(indent+1, "%s", output)) - } else { - lines := strings.Split(output, "\n") - if len(lines) <= limit { - r.emitBlock(r.fi(indent+1, "%s", output)) - } else { - r.emitBlock(r.fi(indent+1, "{{gray}}...{{/}}")) - for _, line := range lines[len(lines)-limit-1:] { - r.emitBlock(r.fi(indent+1, "%s", line)) - } - } +func (r *DefaultReporter) EmitReportEntry(entry types.ReportEntry) { + if r.conf.Verbosity().LT(types.VerbosityLevelVerbose) || entry.Visibility == types.ReportEntryVisibilityNever { + return + } + r.emitReportEntry(1, entry) +} + +func (r *DefaultReporter) emitReportEntry(indent uint, entry types.ReportEntry) { + r.emitBlock(r.fi(indent, "{{bold}}"+entry.Name+"{{gray}} "+fmt.Sprintf("- %s @ %s{{/}}", entry.Location, entry.Time.Format(types.GINKGO_TIME_FORMAT)))) + if representation := entry.StringRepresentation(); representation != "" { + r.emitBlock(r.fi(indent+1, representation)) + } +} + +func (r *DefaultReporter) EmitSpecEvent(event types.SpecEvent) { + v := r.conf.Verbosity() + if v.Is(types.VerbosityLevelVeryVerbose) || (v.Is(types.VerbosityLevelVerbose) && (r.conf.ShowNodeEvents || !event.IsOnlyVisibleAtVeryVerbose())) { + r.emitSpecEvent(1, event, r.conf.Verbosity().Is(types.VerbosityLevelVeryVerbose)) + } +} + +func (r *DefaultReporter) emitSpecEvent(indent uint, event types.SpecEvent, includeLocation bool) { + location := "" + if includeLocation { + location = fmt.Sprintf("- %s ", event.CodeLocation.String()) + } + switch event.SpecEventType { + case types.SpecEventInvalid: + return + case types.SpecEventByStart: + r.emitBlock(r.fi(indent, "{{bold}}STEP:{{/}} %s {{gray}}%s@ %s{{/}}", event.Message, location, event.TimelineLocation.Time.Format(types.GINKGO_TIME_FORMAT))) + case types.SpecEventByEnd: + r.emitBlock(r.fi(indent, "{{bold}}END STEP:{{/}} %s {{gray}}%s@ %s (%s){{/}}", event.Message, location, event.TimelineLocation.Time.Format(types.GINKGO_TIME_FORMAT), event.Duration.Round(time.Millisecond))) + case types.SpecEventNodeStart: + r.emitBlock(r.fi(indent, "> Enter {{bold}}[%s]{{/}} %s {{gray}}%s@ %s{{/}}", event.NodeType.String(), event.Message, location, event.TimelineLocation.Time.Format(types.GINKGO_TIME_FORMAT))) + case types.SpecEventNodeEnd: + r.emitBlock(r.fi(indent, "< Exit {{bold}}[%s]{{/}} %s {{gray}}%s@ %s (%s){{/}}", event.NodeType.String(), event.Message, location, event.TimelineLocation.Time.Format(types.GINKGO_TIME_FORMAT), event.Duration.Round(time.Millisecond))) + case types.SpecEventSpecRepeat: + r.emitBlock(r.fi(indent, "\n{{bold}}Attempt #%d {{green}}Passed{{/}}{{bold}}. Repeating %s{{/}} {{gray}}@ %s{{/}}\n\n", event.Attempt, r.retryDenoter, event.TimelineLocation.Time.Format(types.GINKGO_TIME_FORMAT))) + case types.SpecEventSpecRetry: + r.emitBlock(r.fi(indent, "\n{{bold}}Attempt #%d {{red}}Failed{{/}}{{bold}}. Retrying %s{{/}} {{gray}}@ %s{{/}}\n\n", event.Attempt, r.retryDenoter, event.TimelineLocation.Time.Format(types.GINKGO_TIME_FORMAT))) } - r.emitBlock(r.fi(indent, "{{gray}}<< End Captured GinkgoWriter Output{{/}}")) } func (r *DefaultReporter) emitGoroutines(indent uint, goroutines ...types.Goroutine) { @@ -538,31 +622,37 @@ func (r *DefaultReporter) emitSource(indent uint, fc types.FunctionCall) { /* Emitting to the writer */ func (r *DefaultReporter) emit(s string) { - if len(s) > 0 { - r.lastChar = s[len(s)-1:] - r.lastEmissionWasDelimiter = false - r.writer.Write([]byte(s)) - } + r._emit(s, false, false) } func (r *DefaultReporter) emitBlock(s string) { - if len(s) > 0 { - if r.lastChar != "\n" { - r.emit("\n") - } - r.emit(s) - if r.lastChar != "\n" { - r.emit("\n") - } - } + r._emit(s, true, false) +} + +func (r *DefaultReporter) emitDelimiter(indent uint) { + r._emit(r.fi(indent, "{{gray}}%s{{/}}", strings.Repeat("-", 30)), true, true) } -func (r *DefaultReporter) emitDelimiter() { - if r.lastEmissionWasDelimiter { +// a bit ugly - but we're trying to minimize locking on this hot codepath +func (r *DefaultReporter) _emit(s string, block bool, isDelimiter bool) { + if len(s) == 0 { return } - r.emitBlock(r.f("{{gray}}%s{{/}}", strings.Repeat("-", 30))) - r.lastEmissionWasDelimiter = true + r.lock.Lock() + defer r.lock.Unlock() + if isDelimiter && r.lastEmissionWasDelimiter { + return + } + if block && !r.lastCharWasNewline { + r.writer.Write([]byte("\n")) + } + r.lastCharWasNewline = (s[len(s)-1:] == "\n") + r.writer.Write([]byte(s)) + if block && !r.lastCharWasNewline { + r.writer.Write([]byte("\n")) + r.lastCharWasNewline = true + } + r.lastEmissionWasDelimiter = isDelimiter } /* Rendering text */ @@ -578,13 +668,14 @@ func (r *DefaultReporter) cycleJoin(elements []string, joiner string) string { return r.formatter.CycleJoin(elements, joiner, []string{"{{/}}", "{{gray}}"}) } -func (r *DefaultReporter) codeLocationBlock(report types.SpecReport, highlightColor string, succinct bool, usePreciseFailureLocation bool) string { +func (r *DefaultReporter) codeLocationBlock(report types.SpecReport, highlightColor string, veryVerbose bool, usePreciseFailureLocation bool) string { texts, locations, labels := []string{}, []types.CodeLocation{}, [][]string{} texts, locations, labels = append(texts, report.ContainerHierarchyTexts...), append(locations, report.ContainerHierarchyLocations...), append(labels, report.ContainerHierarchyLabels...) + if report.LeafNodeType.Is(types.NodeTypesForSuiteLevelNodes) { texts = append(texts, r.f("[%s] %s", report.LeafNodeType, report.LeafNodeText)) } else { - texts = append(texts, report.LeafNodeText) + texts = append(texts, r.f(report.LeafNodeText)) } labels = append(labels, report.LeafNodeLabels) locations = append(locations, report.LeafNodeLocation) @@ -594,24 +685,58 @@ func (r *DefaultReporter) codeLocationBlock(report types.SpecReport, highlightCo failureLocation = report.Failure.Location } + highlightIndex := -1 switch report.Failure.FailureNodeContext { case types.FailureNodeAtTopLevel: - texts = append([]string{r.f(highlightColor+"{{bold}}TOP-LEVEL [%s]{{/}}", report.Failure.FailureNodeType)}, texts...) + texts = append([]string{fmt.Sprintf("TOP-LEVEL [%s]", report.Failure.FailureNodeType)}, texts...) locations = append([]types.CodeLocation{failureLocation}, locations...) labels = append([][]string{{}}, labels...) + highlightIndex = 0 case types.FailureNodeInContainer: i := report.Failure.FailureNodeContainerIndex - texts[i] = r.f(highlightColor+"{{bold}}%s [%s]{{/}}", texts[i], report.Failure.FailureNodeType) + texts[i] = fmt.Sprintf("%s [%s]", texts[i], report.Failure.FailureNodeType) locations[i] = failureLocation + highlightIndex = i case types.FailureNodeIsLeafNode: i := len(texts) - 1 - texts[i] = r.f(highlightColor+"{{bold}}[%s] %s{{/}}", report.LeafNodeType, report.LeafNodeText) + texts[i] = fmt.Sprintf("[%s] %s", report.LeafNodeType, report.LeafNodeText) locations[i] = failureLocation + highlightIndex = i + default: + //there is no failure, so we highlight the leaf ndoe + highlightIndex = len(texts) - 1 } out := "" - if succinct { - out += r.f("%s", r.cycleJoin(texts, " ")) + if veryVerbose { + for i := range texts { + if i == highlightIndex { + out += r.fi(uint(i), highlightColor+"{{bold}}%s{{/}}", texts[i]) + } else { + out += r.fi(uint(i), "%s", texts[i]) + } + if len(labels[i]) > 0 { + out += r.f(" {{coral}}[%s]{{/}}", strings.Join(labels[i], ", ")) + } + out += "\n" + out += r.fi(uint(i), "{{gray}}%s{{/}}\n", locations[i]) + } + } else { + for i := range texts { + style := "{{/}}" + if i%2 == 1 { + style = "{{gray}}" + } + if i == highlightIndex { + style = highlightColor + "{{bold}}" + } + out += r.f(style+"%s", texts[i]) + if i < len(texts)-1 { + out += " " + } else { + out += r.f("{{/}}") + } + } flattenedLabels := report.Labels() if len(flattenedLabels) > 0 { out += r.f(" {{coral}}[%s]{{/}}", strings.Join(flattenedLabels, ", ")) @@ -620,17 +745,15 @@ func (r *DefaultReporter) codeLocationBlock(report types.SpecReport, highlightCo if usePreciseFailureLocation { out += r.f("{{gray}}%s{{/}}", failureLocation) } else { - out += r.f("{{gray}}%s{{/}}", locations[len(locations)-1]) - } - } else { - for i := range texts { - out += r.fi(uint(i), "%s", texts[i]) - if len(labels[i]) > 0 { - out += r.f(" {{coral}}[%s]{{/}}", strings.Join(labels[i], ", ")) + leafLocation := locations[len(locations)-1] + if (report.Failure.FailureNodeLocation != types.CodeLocation{}) && (report.Failure.FailureNodeLocation != leafLocation) { + out += r.fi(1, highlightColor+"[%s]{{/}} {{gray}}%s{{/}}\n", report.Failure.FailureNodeType, report.Failure.FailureNodeLocation) + out += r.fi(1, "{{gray}}[%s] %s{{/}}", report.LeafNodeType, leafLocation) + } else { + out += r.f("{{gray}}%s{{/}}", leafLocation) } - out += "\n" - out += r.fi(uint(i), "{{gray}}%s{{/}}\n", locations[i]) } + } return out } diff --git a/vendor/github.com/onsi/ginkgo/v2/reporters/deprecated_reporter.go b/vendor/github.com/onsi/ginkgo/v2/reporters/deprecated_reporter.go index 89d30076b..613072ebf 100644 --- a/vendor/github.com/onsi/ginkgo/v2/reporters/deprecated_reporter.go +++ b/vendor/github.com/onsi/ginkgo/v2/reporters/deprecated_reporter.go @@ -35,7 +35,7 @@ func ReportViaDeprecatedReporter(reporter DeprecatedReporter, report types.Repor FailOnPending: report.SuiteConfig.FailOnPending, FailFast: report.SuiteConfig.FailFast, FlakeAttempts: report.SuiteConfig.FlakeAttempts, - EmitSpecProgress: report.SuiteConfig.EmitSpecProgress, + EmitSpecProgress: false, DryRun: report.SuiteConfig.DryRun, ParallelNode: report.SuiteConfig.ParallelProcess, ParallelTotal: report.SuiteConfig.ParallelTotal, diff --git a/vendor/github.com/onsi/ginkgo/v2/reporters/json_report.go b/vendor/github.com/onsi/ginkgo/v2/reporters/json_report.go index 7f96c450f..be506f9b4 100644 --- a/vendor/github.com/onsi/ginkgo/v2/reporters/json_report.go +++ b/vendor/github.com/onsi/ginkgo/v2/reporters/json_report.go @@ -4,12 +4,16 @@ import ( "encoding/json" "fmt" "os" + "path" "github.com/onsi/ginkgo/v2/types" ) -//GenerateJSONReport produces a JSON-formatted report at the passed in destination +// GenerateJSONReport produces a JSON-formatted report at the passed in destination func GenerateJSONReport(report types.Report, destination string) error { + if err := os.MkdirAll(path.Dir(destination), 0770); err != nil { + return err + } f, err := os.Create(destination) if err != nil { return err @@ -25,8 +29,8 @@ func GenerateJSONReport(report types.Report, destination string) error { return f.Close() } -//MergeJSONReports produces a single JSON-formatted report at the passed in destination by merging the JSON-formatted reports provided in sources -//It skips over reports that fail to decode but reports on them via the returned messages []string +// MergeJSONReports produces a single JSON-formatted report at the passed in destination by merging the JSON-formatted reports provided in sources +// It skips over reports that fail to decode but reports on them via the returned messages []string func MergeAndCleanupJSONReports(sources []string, destination string) ([]string, error) { messages := []string{} allReports := []types.Report{} @@ -46,6 +50,9 @@ func MergeAndCleanupJSONReports(sources []string, destination string) ([]string, allReports = append(allReports, reports...) } + if err := os.MkdirAll(path.Dir(destination), 0770); err != nil { + return messages, err + } f, err := os.Create(destination) if err != nil { return messages, err diff --git a/vendor/github.com/onsi/ginkgo/v2/reporters/junit_report.go b/vendor/github.com/onsi/ginkgo/v2/reporters/junit_report.go index fcea6ab17..816042208 100644 --- a/vendor/github.com/onsi/ginkgo/v2/reporters/junit_report.go +++ b/vendor/github.com/onsi/ginkgo/v2/reporters/junit_report.go @@ -14,13 +14,34 @@ import ( "encoding/xml" "fmt" "os" + "path" "strings" - "time" "github.com/onsi/ginkgo/v2/config" "github.com/onsi/ginkgo/v2/types" ) +type JunitReportConfig struct { + // Spec States for which no timeline should be emitted for system-err + // set this to types.SpecStatePassed|types.SpecStateSkipped|types.SpecStatePending to only match failing specs + OmitTimelinesForSpecState types.SpecState + + // Enable OmitFailureMessageAttr to prevent failure messages appearing in the "message" attribute of the Failure and Error tags + OmitFailureMessageAttr bool + + //Enable OmitCapturedStdOutErr to prevent captured stdout/stderr appearing in system-out + OmitCapturedStdOutErr bool + + // Enable OmitSpecLabels to prevent labels from appearing in the spec name + OmitSpecLabels bool + + // Enable OmitLeafNodeType to prevent the spec leaf node type from appearing in the spec name + OmitLeafNodeType bool + + // Enable OmitSuiteSetupNodes to prevent the creation of testcase entries for setup nodes + OmitSuiteSetupNodes bool +} + type JUnitTestSuites struct { XMLName xml.Name `xml:"testsuites"` // Tests maps onto the total number of specs in all test suites (this includes any suite nodes such as BeforeSuite) @@ -128,6 +149,10 @@ type JUnitFailure struct { } func GenerateJUnitReport(report types.Report, dst string) error { + return GenerateJUnitReportWithConfig(report, dst, JunitReportConfig{}) +} + +func GenerateJUnitReportWithConfig(report types.Report, dst string, config JunitReportConfig) error { suite := JUnitTestSuite{ Name: report.SuiteDescription, Package: report.SuitePath, @@ -149,7 +174,6 @@ func GenerateJUnitReport(report types.Report, dst string) error { {"FailOnPending", fmt.Sprintf("%t", report.SuiteConfig.FailOnPending)}, {"FailFast", fmt.Sprintf("%t", report.SuiteConfig.FailFast)}, {"FlakeAttempts", fmt.Sprintf("%d", report.SuiteConfig.FlakeAttempts)}, - {"EmitSpecProgress", fmt.Sprintf("%t", report.SuiteConfig.EmitSpecProgress)}, {"DryRun", fmt.Sprintf("%t", report.SuiteConfig.DryRun)}, {"ParallelTotal", fmt.Sprintf("%d", report.SuiteConfig.ParallelTotal)}, {"OutputInterceptorMode", report.SuiteConfig.OutputInterceptorMode}, @@ -157,22 +181,33 @@ func GenerateJUnitReport(report types.Report, dst string) error { }, } for _, spec := range report.SpecReports { + if config.OmitSuiteSetupNodes && spec.LeafNodeType != types.NodeTypeIt { + continue + } name := fmt.Sprintf("[%s]", spec.LeafNodeType) + if config.OmitLeafNodeType { + name = "" + } if spec.FullText() != "" { name = name + " " + spec.FullText() } labels := spec.Labels() - if len(labels) > 0 { + if len(labels) > 0 && !config.OmitSpecLabels { name = name + " [" + strings.Join(labels, ", ") + "]" } + name = strings.TrimSpace(name) test := JUnitTestCase{ Name: name, Classname: report.SuiteDescription, Status: spec.State.String(), Time: spec.RunTime.Seconds(), - SystemOut: systemOutForUnstructuredReporters(spec), - SystemErr: systemErrForUnstructuredReporters(spec), + } + if !spec.State.Is(config.OmitTimelinesForSpecState) { + test.SystemErr = systemErrForUnstructuredReporters(spec) + } + if !config.OmitCapturedStdOutErr { + test.SystemOut = systemOutForUnstructuredReporters(spec) } suite.Tests += 1 @@ -193,6 +228,9 @@ func GenerateJUnitReport(report types.Report, dst string) error { Type: "failed", Description: failureDescriptionForUnstructuredReporters(spec), } + if config.OmitFailureMessageAttr { + test.Failure.Message = "" + } suite.Failures += 1 case types.SpecStateTimedout: test.Failure = &JUnitFailure{ @@ -200,6 +238,9 @@ func GenerateJUnitReport(report types.Report, dst string) error { Type: "timedout", Description: failureDescriptionForUnstructuredReporters(spec), } + if config.OmitFailureMessageAttr { + test.Failure.Message = "" + } suite.Failures += 1 case types.SpecStateInterrupted: test.Error = &JUnitError{ @@ -207,6 +248,9 @@ func GenerateJUnitReport(report types.Report, dst string) error { Type: "interrupted", Description: failureDescriptionForUnstructuredReporters(spec), } + if config.OmitFailureMessageAttr { + test.Error.Message = "" + } suite.Errors += 1 case types.SpecStateAborted: test.Failure = &JUnitFailure{ @@ -214,6 +258,9 @@ func GenerateJUnitReport(report types.Report, dst string) error { Type: "aborted", Description: failureDescriptionForUnstructuredReporters(spec), } + if config.OmitFailureMessageAttr { + test.Failure.Message = "" + } suite.Errors += 1 case types.SpecStatePanicked: test.Error = &JUnitError{ @@ -221,6 +268,9 @@ func GenerateJUnitReport(report types.Report, dst string) error { Type: "panicked", Description: failureDescriptionForUnstructuredReporters(spec), } + if config.OmitFailureMessageAttr { + test.Error.Message = "" + } suite.Errors += 1 } @@ -236,6 +286,9 @@ func GenerateJUnitReport(report types.Report, dst string) error { TestSuites: []JUnitTestSuite{suite}, } + if err := os.MkdirAll(path.Dir(dst), 0770); err != nil { + return err + } f, err := os.Create(dst) if err != nil { return err @@ -273,6 +326,9 @@ func MergeAndCleanupJUnitReports(sources []string, dst string) ([]string, error) mergedReport.TestSuites = append(mergedReport.TestSuites, report.TestSuites...) } + if err := os.MkdirAll(path.Dir(dst), 0770); err != nil { + return messages, err + } f, err := os.Create(dst) if err != nil { return messages, err @@ -287,63 +343,25 @@ func MergeAndCleanupJUnitReports(sources []string, dst string) ([]string, error) func failureDescriptionForUnstructuredReporters(spec types.SpecReport) string { out := &strings.Builder{} - out.WriteString(spec.Failure.Location.String() + "\n") - out.WriteString(spec.Failure.Location.FullStackTrace) - if !spec.Failure.ProgressReport.IsZero() { - out.WriteString("\n") - NewDefaultReporter(types.ReporterConfig{NoColor: true}, out).EmitProgressReport(spec.Failure.ProgressReport) - } + NewDefaultReporter(types.ReporterConfig{NoColor: true, VeryVerbose: true}, out).emitFailure(0, spec.State, spec.Failure, true) if len(spec.AdditionalFailures) > 0 { - out.WriteString("\nThere were additional failures detected after the initial failure:\n") - for i, additionalFailure := range spec.AdditionalFailures { - NewDefaultReporter(types.ReporterConfig{NoColor: true}, out).EmitFailure(0, additionalFailure.State, additionalFailure.Failure, true) - if i < len(spec.AdditionalFailures)-1 { - out.WriteString("----------\n") - } - } + out.WriteString("\nThere were additional failures detected after the initial failure. These are visible in the timeline\n") } return out.String() } func systemErrForUnstructuredReporters(spec types.SpecReport) string { - out := &strings.Builder{} - gw := spec.CapturedGinkgoWriterOutput - cursor := 0 - for _, pr := range spec.ProgressReports { - if cursor < pr.GinkgoWriterOffset { - if pr.GinkgoWriterOffset < len(gw) { - out.WriteString(gw[cursor:pr.GinkgoWriterOffset]) - cursor = pr.GinkgoWriterOffset - } else if cursor < len(gw) { - out.WriteString(gw[cursor:]) - cursor = len(gw) - } - } - NewDefaultReporter(types.ReporterConfig{NoColor: true}, out).EmitProgressReport(pr) - } - - if cursor < len(gw) { - out.WriteString(gw[cursor:]) - } + return RenderTimeline(spec, true) +} +func RenderTimeline(spec types.SpecReport, noColor bool) string { + out := &strings.Builder{} + NewDefaultReporter(types.ReporterConfig{NoColor: noColor, VeryVerbose: true}, out).emitTimeline(0, spec, spec.Timeline()) return out.String() } func systemOutForUnstructuredReporters(spec types.SpecReport) string { - systemOut := spec.CapturedStdOutErr - if len(spec.ReportEntries) > 0 { - systemOut += "\nReport Entries:\n" - for i, entry := range spec.ReportEntries { - systemOut += fmt.Sprintf("%s\n%s\n%s\n", entry.Name, entry.Location, entry.Time.Format(time.RFC3339Nano)) - if representation := entry.StringRepresentation(); representation != "" { - systemOut += representation + "\n" - } - if i+1 < len(spec.ReportEntries) { - systemOut += "--\n" - } - } - } - return systemOut + return spec.CapturedStdOutErr } // Deprecated JUnitReporter (so folks can still compile their suites) diff --git a/vendor/github.com/onsi/ginkgo/v2/reporters/reporter.go b/vendor/github.com/onsi/ginkgo/v2/reporters/reporter.go index f79f005db..5e726c464 100644 --- a/vendor/github.com/onsi/ginkgo/v2/reporters/reporter.go +++ b/vendor/github.com/onsi/ginkgo/v2/reporters/reporter.go @@ -9,13 +9,21 @@ type Reporter interface { WillRun(report types.SpecReport) DidRun(report types.SpecReport) SuiteDidEnd(report types.Report) + + //Timeline emission + EmitFailure(state types.SpecState, failure types.Failure) EmitProgressReport(progressReport types.ProgressReport) + EmitReportEntry(entry types.ReportEntry) + EmitSpecEvent(event types.SpecEvent) } type NoopReporter struct{} -func (n NoopReporter) SuiteWillBegin(report types.Report) {} -func (n NoopReporter) WillRun(report types.SpecReport) {} -func (n NoopReporter) DidRun(report types.SpecReport) {} -func (n NoopReporter) SuiteDidEnd(report types.Report) {} -func (n NoopReporter) EmitProgressReport(progressReport types.ProgressReport) {} +func (n NoopReporter) SuiteWillBegin(report types.Report) {} +func (n NoopReporter) WillRun(report types.SpecReport) {} +func (n NoopReporter) DidRun(report types.SpecReport) {} +func (n NoopReporter) SuiteDidEnd(report types.Report) {} +func (n NoopReporter) EmitFailure(state types.SpecState, failure types.Failure) {} +func (n NoopReporter) EmitProgressReport(progressReport types.ProgressReport) {} +func (n NoopReporter) EmitReportEntry(entry types.ReportEntry) {} +func (n NoopReporter) EmitSpecEvent(event types.SpecEvent) {} diff --git a/vendor/github.com/onsi/ginkgo/v2/reporters/teamcity_report.go b/vendor/github.com/onsi/ginkgo/v2/reporters/teamcity_report.go index c1863496d..e990ad82e 100644 --- a/vendor/github.com/onsi/ginkgo/v2/reporters/teamcity_report.go +++ b/vendor/github.com/onsi/ginkgo/v2/reporters/teamcity_report.go @@ -11,6 +11,7 @@ package reporters import ( "fmt" "os" + "path" "strings" "github.com/onsi/ginkgo/v2/types" @@ -27,6 +28,9 @@ func tcEscape(s string) string { } func GenerateTeamcityReport(report types.Report, dst string) error { + if err := os.MkdirAll(path.Dir(dst), 0770); err != nil { + return err + } f, err := os.Create(dst) if err != nil { return err diff --git a/vendor/github.com/onsi/ginkgo/v2/reporting_dsl.go b/vendor/github.com/onsi/ginkgo/v2/reporting_dsl.go index afc151b13..f33786a2d 100644 --- a/vendor/github.com/onsi/ginkgo/v2/reporting_dsl.go +++ b/vendor/github.com/onsi/ginkgo/v2/reporting_dsl.go @@ -35,7 +35,7 @@ func CurrentSpecReport() SpecReport { } /* - ReportEntryVisibility governs the visibility of ReportEntries in Ginkgo's console reporter + ReportEntryVisibility governs the visibility of ReportEntries in Ginkgo's console reporter - ReportEntryVisibilityAlways: the default behavior - the ReportEntry is always emitted. - ReportEntryVisibilityFailureOrVerbose: the ReportEntry is only emitted if the spec fails or if the tests are run with -v (similar to GinkgoWriters behavior). @@ -50,9 +50,9 @@ const ReportEntryVisibilityAlways, ReportEntryVisibilityFailureOrVerbose, Report /* AddReportEntry generates and adds a new ReportEntry to the current spec's SpecReport. It can take any of the following arguments: - - A single arbitrary object to attach as the Value of the ReportEntry. This object will be included in any generated reports and will be emitted to the console when the report is emitted. - - A ReportEntryVisibility enum to control the visibility of the ReportEntry - - An Offset or CodeLocation decoration to control the reported location of the ReportEntry + - A single arbitrary object to attach as the Value of the ReportEntry. This object will be included in any generated reports and will be emitted to the console when the report is emitted. + - A ReportEntryVisibility enum to control the visibility of the ReportEntry + - An Offset or CodeLocation decoration to control the reported location of the ReportEntry If the Value object implements `fmt.Stringer`, it's `String()` representation is used when emitting to the console. @@ -100,6 +100,25 @@ func ReportAfterEach(body func(SpecReport), args ...interface{}) bool { return pushNode(internal.NewNode(deprecationTracker, types.NodeTypeReportAfterEach, "", combinedArgs...)) } +/* +ReportBeforeSuite nodes are run at the beginning of the suite. ReportBeforeSuite nodes take a function that receives a suite Report. + +They are called at the beginning of the suite, before any specs have run and any BeforeSuite or SynchronizedBeforeSuite nodes, and are passed in the initial report for the suite. +ReportBeforeSuite nodes must be created at the top-level (i.e. not nested in a Context/Describe/When node) + +# When running in parallel, Ginkgo ensures that only one of the parallel nodes runs the ReportBeforeSuite + +You cannot nest any other Ginkgo nodes within a ReportAfterSuite node's closure. +You can learn more about ReportAfterSuite here: https://onsi.github.io/ginkgo/#generating-reports-programmatically + +You can learn more about Ginkgo's reporting infrastructure, including generating reports with the CLI here: https://onsi.github.io/ginkgo/#generating-machine-readable-reports +*/ +func ReportBeforeSuite(body func(Report), args ...interface{}) bool { + combinedArgs := []interface{}{body} + combinedArgs = append(combinedArgs, args...) + return pushNode(internal.NewNode(deprecationTracker, types.NodeTypeReportBeforeSuite, "", combinedArgs...)) +} + /* ReportAfterSuite nodes are run at the end of the suite. ReportAfterSuite nodes take a function that receives a suite Report. @@ -113,6 +132,7 @@ In addition to using ReportAfterSuite to programmatically generate suite reports You cannot nest any other Ginkgo nodes within a ReportAfterSuite node's closure. You can learn more about ReportAfterSuite here: https://onsi.github.io/ginkgo/#generating-reports-programmatically + You can learn more about Ginkgo's reporting infrastructure, including generating reports with the CLI here: https://onsi.github.io/ginkgo/#generating-machine-readable-reports */ func ReportAfterSuite(text string, body func(Report), args ...interface{}) bool { diff --git a/vendor/github.com/onsi/ginkgo/v2/table_dsl.go b/vendor/github.com/onsi/ginkgo/v2/table_dsl.go index 683674462..ac9b7abb5 100644 --- a/vendor/github.com/onsi/ginkgo/v2/table_dsl.go +++ b/vendor/github.com/onsi/ginkgo/v2/table_dsl.go @@ -13,7 +13,7 @@ import ( /* The EntryDescription decorator allows you to pass a format string to DescribeTable() and Entry(). This format string is used to generate entry names via: - fmt.Sprintf(formatString, parameters...) + fmt.Sprintf(formatString, parameters...) where parameters are the parameters passed into the entry. @@ -32,19 +32,20 @@ DescribeTable describes a table-driven spec. For example: - DescribeTable("a simple table", - func(x int, y int, expected bool) { - Ω(x > y).Should(Equal(expected)) - }, - Entry("x > y", 1, 0, true), - Entry("x == y", 0, 0, false), - Entry("x < y", 0, 1, false), - ) + DescribeTable("a simple table", + func(x int, y int, expected bool) { + Ω(x > y).Should(Equal(expected)) + }, + Entry("x > y", 1, 0, true), + Entry("x == y", 0, 0, false), + Entry("x < y", 0, 1, false), + ) You can learn more about DescribeTable here: https://onsi.github.io/ginkgo/#table-specs And can explore some Table patterns here: https://onsi.github.io/ginkgo/#table-specs-patterns */ func DescribeTable(description string, args ...interface{}) bool { + GinkgoHelper() generateTable(description, args...) return true } @@ -53,6 +54,7 @@ func DescribeTable(description string, args ...interface{}) bool { You can focus a table with `FDescribeTable`. This is equivalent to `FDescribe`. */ func FDescribeTable(description string, args ...interface{}) bool { + GinkgoHelper() args = append(args, internal.Focus) generateTable(description, args...) return true @@ -62,6 +64,7 @@ func FDescribeTable(description string, args ...interface{}) bool { You can mark a table as pending with `PDescribeTable`. This is equivalent to `PDescribe`. */ func PDescribeTable(description string, args ...interface{}) bool { + GinkgoHelper() args = append(args, internal.Pending) generateTable(description, args...) return true @@ -95,26 +98,29 @@ If you want to generate interruptible specs simply write a Table function that a You can learn more about Entry here: https://onsi.github.io/ginkgo/#table-specs */ func Entry(description interface{}, args ...interface{}) TableEntry { + GinkgoHelper() decorations, parameters := internal.PartitionDecorations(args...) - return TableEntry{description: description, decorations: decorations, parameters: parameters, codeLocation: types.NewCodeLocation(1)} + return TableEntry{description: description, decorations: decorations, parameters: parameters, codeLocation: types.NewCodeLocation(0)} } /* You can focus a particular entry with FEntry. This is equivalent to FIt. */ func FEntry(description interface{}, args ...interface{}) TableEntry { + GinkgoHelper() decorations, parameters := internal.PartitionDecorations(args...) decorations = append(decorations, internal.Focus) - return TableEntry{description: description, decorations: decorations, parameters: parameters, codeLocation: types.NewCodeLocation(1)} + return TableEntry{description: description, decorations: decorations, parameters: parameters, codeLocation: types.NewCodeLocation(0)} } /* You can mark a particular entry as pending with PEntry. This is equivalent to PIt. */ func PEntry(description interface{}, args ...interface{}) TableEntry { + GinkgoHelper() decorations, parameters := internal.PartitionDecorations(args...) decorations = append(decorations, internal.Pending) - return TableEntry{description: description, decorations: decorations, parameters: parameters, codeLocation: types.NewCodeLocation(1)} + return TableEntry{description: description, decorations: decorations, parameters: parameters, codeLocation: types.NewCodeLocation(0)} } /* @@ -126,7 +132,8 @@ var contextType = reflect.TypeOf(new(context.Context)).Elem() var specContextType = reflect.TypeOf(new(SpecContext)).Elem() func generateTable(description string, args ...interface{}) { - cl := types.NewCodeLocation(2) + GinkgoHelper() + cl := types.NewCodeLocation(0) containerNodeArgs := []interface{}{cl} entries := []TableEntry{} diff --git a/vendor/github.com/onsi/ginkgo/v2/types/code_location.go b/vendor/github.com/onsi/ginkgo/v2/types/code_location.go index e4e9e38c6..9cd576817 100644 --- a/vendor/github.com/onsi/ginkgo/v2/types/code_location.go +++ b/vendor/github.com/onsi/ginkgo/v2/types/code_location.go @@ -1,4 +1,5 @@ package types + import ( "fmt" "os" @@ -6,6 +7,7 @@ import ( "runtime" "runtime/debug" "strings" + "sync" ) type CodeLocation struct { @@ -37,6 +39,73 @@ func (codeLocation CodeLocation) ContentsOfLine() string { return lines[codeLocation.LineNumber-1] } +type codeLocationLocator struct { + pcs map[uintptr]bool + helpers map[string]bool + lock *sync.Mutex +} + +func (c *codeLocationLocator) addHelper(pc uintptr) { + c.lock.Lock() + defer c.lock.Unlock() + + if c.pcs[pc] { + return + } + c.lock.Unlock() + f := runtime.FuncForPC(pc) + c.lock.Lock() + if f == nil { + return + } + c.helpers[f.Name()] = true + c.pcs[pc] = true +} + +func (c *codeLocationLocator) hasHelper(name string) bool { + c.lock.Lock() + defer c.lock.Unlock() + return c.helpers[name] +} + +func (c *codeLocationLocator) getCodeLocation(skip int) CodeLocation { + pc := make([]uintptr, 40) + n := runtime.Callers(skip+2, pc) + if n == 0 { + return CodeLocation{} + } + pc = pc[:n] + frames := runtime.CallersFrames(pc) + for { + frame, more := frames.Next() + if !c.hasHelper(frame.Function) { + return CodeLocation{FileName: frame.File, LineNumber: frame.Line} + } + if !more { + break + } + } + return CodeLocation{} +} + +var clLocator = &codeLocationLocator{ + pcs: map[uintptr]bool{}, + helpers: map[string]bool{}, + lock: &sync.Mutex{}, +} + +// MarkAsHelper is used by GinkgoHelper to mark the caller (appropriately offset by skip)as a helper. You can use this directly if you need to provide an optional `skip` to mark functions further up the call stack as helpers. +func MarkAsHelper(optionalSkip ...int) { + skip := 1 + if len(optionalSkip) > 0 { + skip += optionalSkip[0] + } + pc, _, _, ok := runtime.Caller(skip) + if ok { + clLocator.addHelper(pc) + } +} + func NewCustomCodeLocation(message string) CodeLocation { return CodeLocation{ CustomMessage: message, @@ -44,14 +113,13 @@ func NewCustomCodeLocation(message string) CodeLocation { } func NewCodeLocation(skip int) CodeLocation { - _, file, line, _ := runtime.Caller(skip + 1) - return CodeLocation{FileName: file, LineNumber: line} + return clLocator.getCodeLocation(skip + 1) } func NewCodeLocationWithStackTrace(skip int) CodeLocation { - _, file, line, _ := runtime.Caller(skip + 1) - stackTrace := PruneStack(string(debug.Stack()), skip+1) - return CodeLocation{FileName: file, LineNumber: line, FullStackTrace: stackTrace} + cl := clLocator.getCodeLocation(skip + 1) + cl.FullStackTrace = PruneStack(string(debug.Stack()), skip+1) + return cl } // PruneStack removes references to functions that are internal to Ginkgo diff --git a/vendor/github.com/onsi/ginkgo/v2/types/config.go b/vendor/github.com/onsi/ginkgo/v2/types/config.go index f016c5c1f..1014c7b49 100644 --- a/vendor/github.com/onsi/ginkgo/v2/types/config.go +++ b/vendor/github.com/onsi/ginkgo/v2/types/config.go @@ -8,6 +8,7 @@ package types import ( "flag" "os" + "path/filepath" "runtime" "strconv" "strings" @@ -26,11 +27,11 @@ type SuiteConfig struct { FailOnPending bool FailFast bool FlakeAttempts int - EmitSpecProgress bool DryRun bool PollProgressAfter time.Duration PollProgressInterval time.Duration Timeout time.Duration + EmitSpecProgress bool // this is deprecated but its removal is causing compile issue for some users that were setting it manually OutputInterceptorMode string SourceRoots []string GracePeriod time.Duration @@ -81,13 +82,12 @@ func (vl VerbosityLevel) LT(comp VerbosityLevel) bool { // Configuration for Ginkgo's reporter type ReporterConfig struct { - NoColor bool - SlowSpecThreshold time.Duration - Succinct bool - Verbose bool - VeryVerbose bool - FullTrace bool - AlwaysEmitGinkgoWriter bool + NoColor bool + Succinct bool + Verbose bool + VeryVerbose bool + FullTrace bool + ShowNodeEvents bool JSONReport string JUnitReport string @@ -110,9 +110,7 @@ func (rc ReporterConfig) WillGenerateReport() bool { } func NewDefaultReporterConfig() ReporterConfig { - return ReporterConfig{ - SlowSpecThreshold: 5 * time.Second, - } + return ReporterConfig{} } // Configuration for the Ginkgo CLI @@ -235,6 +233,9 @@ type deprecatedConfig struct { SlowSpecThresholdWithFLoatUnits float64 Stream bool Notify bool + EmitSpecProgress bool + SlowSpecThreshold time.Duration + AlwaysEmitGinkgoWriter bool } // Flags @@ -275,8 +276,6 @@ var SuiteConfigFlags = GinkgoFlags{ {KeyPath: "S.DryRun", Name: "dry-run", SectionKey: "debug", DeprecatedName: "dryRun", DeprecatedDocLink: "changed-command-line-flags", Usage: "If set, ginkgo will walk the test hierarchy without actually running anything. Best paired with -v."}, - {KeyPath: "S.EmitSpecProgress", Name: "progress", SectionKey: "debug", - Usage: "If set, ginkgo will emit progress information as each spec runs to the GinkgoWriter."}, {KeyPath: "S.PollProgressAfter", Name: "poll-progress-after", SectionKey: "debug", UsageDefaultValue: "0", Usage: "Emit node progress reports periodically if node hasn't completed after this duration."}, {KeyPath: "S.PollProgressInterval", Name: "poll-progress-interval", SectionKey: "debug", UsageDefaultValue: "10s", @@ -303,6 +302,8 @@ var SuiteConfigFlags = GinkgoFlags{ {KeyPath: "D.RegexScansFilePath", DeprecatedName: "regexScansFilePath", DeprecatedDocLink: "removed--regexscansfilepath", DeprecatedVersion: "2.0.0"}, {KeyPath: "D.DebugParallel", DeprecatedName: "debug", DeprecatedDocLink: "removed--debug", DeprecatedVersion: "2.0.0"}, + {KeyPath: "D.EmitSpecProgress", DeprecatedName: "progress", SectionKey: "debug", + DeprecatedVersion: "2.5.0", Usage: ". The functionality provided by --progress was confusing and is no longer needed. Use --show-node-events instead to see node entry and exit events included in the timeline of failed and verbose specs. Or you can run with -vv to always see all node events. Lastly, --poll-progress-after and the PollProgressAfter decorator now provide a better mechanism for debugging specs that tend to get stuck."}, } // ParallelConfigFlags provides flags for the Ginkgo test process (not the CLI) @@ -319,8 +320,6 @@ var ParallelConfigFlags = GinkgoFlags{ var ReporterConfigFlags = GinkgoFlags{ {KeyPath: "R.NoColor", Name: "no-color", SectionKey: "output", DeprecatedName: "noColor", DeprecatedDocLink: "changed-command-line-flags", Usage: "If set, suppress color output in default reporter."}, - {KeyPath: "R.SlowSpecThreshold", Name: "slow-spec-threshold", SectionKey: "output", UsageArgument: "duration", UsageDefaultValue: "5s", - Usage: "Specs that take longer to run than this threshold are flagged as slow by the default reporter."}, {KeyPath: "R.Verbose", Name: "v", SectionKey: "output", Usage: "If set, emits more output including GinkgoWriter contents."}, {KeyPath: "R.VeryVerbose", Name: "vv", SectionKey: "output", @@ -329,8 +328,8 @@ var ReporterConfigFlags = GinkgoFlags{ Usage: "If set, default reporter prints out a very succinct report"}, {KeyPath: "R.FullTrace", Name: "trace", SectionKey: "output", Usage: "If set, default reporter prints out the full stack trace when a failure occurs"}, - {KeyPath: "R.AlwaysEmitGinkgoWriter", Name: "always-emit-ginkgo-writer", SectionKey: "output", DeprecatedName: "reportPassed", DeprecatedDocLink: "renamed--reportpassed", - Usage: "If set, default reporter prints out captured output of passed tests."}, + {KeyPath: "R.ShowNodeEvents", Name: "show-node-events", SectionKey: "output", + Usage: "If set, default reporter prints node > Enter and < Exit events when specs fail"}, {KeyPath: "R.JSONReport", Name: "json-report", UsageArgument: "filename.json", SectionKey: "output", Usage: "If set, Ginkgo will generate a JSON-formatted test report at the specified location."}, @@ -343,6 +342,8 @@ var ReporterConfigFlags = GinkgoFlags{ Usage: "use --slow-spec-threshold instead and pass in a duration string (e.g. '5s', not '5.0')"}, {KeyPath: "D.NoisyPendings", DeprecatedName: "noisyPendings", DeprecatedDocLink: "removed--noisypendings-and--noisyskippings", DeprecatedVersion: "2.0.0"}, {KeyPath: "D.NoisySkippings", DeprecatedName: "noisySkippings", DeprecatedDocLink: "removed--noisypendings-and--noisyskippings", DeprecatedVersion: "2.0.0"}, + {KeyPath: "D.SlowSpecThreshold", DeprecatedName: "slow-spec-threshold", SectionKey: "output", Usage: "--slow-spec-threshold has been deprecated and will be removed in a future version of Ginkgo. This feature has proved to be more noisy than useful. You can use --poll-progress-after, instead, to get more actionable feedback about potentially slow specs and understand where they might be getting stuck.", DeprecatedVersion: "2.5.0"}, + {KeyPath: "D.AlwaysEmitGinkgoWriter", DeprecatedName: "always-emit-ginkgo-writer", SectionKey: "output", Usage: " - use -v instead, or one of Ginkgo's machine-readable report formats to get GinkgoWriter output for passing specs."}, } // BuildTestSuiteFlagSet attaches to the CommandLine flagset and provides flags for the Ginkgo test process @@ -600,13 +601,29 @@ func VetAndInitializeCLIAndGoConfig(cliConfig CLIConfig, goFlagsConfig GoFlagsCo } // GenerateGoTestCompileArgs is used by the Ginkgo CLI to generate command line arguments to pass to the go test -c command when compiling the test -func GenerateGoTestCompileArgs(goFlagsConfig GoFlagsConfig, destination string, packageToBuild string) ([]string, error) { +func GenerateGoTestCompileArgs(goFlagsConfig GoFlagsConfig, destination string, packageToBuild string, pathToInvocationPath string) ([]string, error) { // if the user has set the CoverProfile run-time flag make sure to set the build-time cover flag to make sure // the built test binary can generate a coverprofile if goFlagsConfig.CoverProfile != "" { goFlagsConfig.Cover = true } + if goFlagsConfig.CoverPkg != "" { + coverPkgs := strings.Split(goFlagsConfig.CoverPkg, ",") + adjustedCoverPkgs := make([]string, len(coverPkgs)) + for i, coverPkg := range coverPkgs { + coverPkg = strings.Trim(coverPkg, " ") + if strings.HasPrefix(coverPkg, "./") { + // this is a relative coverPkg - we need to reroot it + adjustedCoverPkgs[i] = "./" + filepath.Join(pathToInvocationPath, strings.TrimPrefix(coverPkg, "./")) + } else { + // this is a package name - don't touch it + adjustedCoverPkgs[i] = coverPkg + } + } + goFlagsConfig.CoverPkg = strings.Join(adjustedCoverPkgs, ",") + } + args := []string{"test", "-c", "-o", destination, packageToBuild} goArgs, err := GenerateFlagArgs( GoBuildFlags, diff --git a/vendor/github.com/onsi/ginkgo/v2/types/deprecation_support.go b/vendor/github.com/onsi/ginkgo/v2/types/deprecation_support.go index 2948dfa0c..e2519f673 100644 --- a/vendor/github.com/onsi/ginkgo/v2/types/deprecation_support.go +++ b/vendor/github.com/onsi/ginkgo/v2/types/deprecation_support.go @@ -38,7 +38,7 @@ func (d deprecations) Async() Deprecation { func (d deprecations) Measure() Deprecation { return Deprecation{ - Message: "Measure is deprecated and will be removed in Ginkgo V2. Please migrate to gomega/gmeasure.", + Message: "Measure is deprecated and has been removed from Ginkgo V2. Any Measure tests in your spec will not run. Please migrate to gomega/gmeasure.", DocLink: "removed-measure", Version: "1.16.3", } @@ -83,6 +83,13 @@ func (d deprecations) Nodot() Deprecation { } } +func (d deprecations) SuppressProgressReporting() Deprecation { + return Deprecation{ + Message: "Improvements to how reporters emit timeline information means that SuppressProgressReporting is no longer necessary and has been deprecated.", + Version: "2.5.0", + } +} + type DeprecationTracker struct { deprecations map[Deprecation][]CodeLocation lock *sync.Mutex diff --git a/vendor/github.com/onsi/ginkgo/v2/types/errors.go b/vendor/github.com/onsi/ginkgo/v2/types/errors.go index 5a5cb8ac0..1e0dbfd9d 100644 --- a/vendor/github.com/onsi/ginkgo/v2/types/errors.go +++ b/vendor/github.com/onsi/ginkgo/v2/types/errors.go @@ -108,8 +108,8 @@ Please ensure all assertions are inside leaf nodes such as {{bold}}BeforeEach{{/ func (g ginkgoErrors) SuiteNodeInNestedContext(nodeType NodeType, cl CodeLocation) error { docLink := "suite-setup-and-cleanup-beforesuite-and-aftersuite" - if nodeType.Is(NodeTypeReportAfterSuite) { - docLink = "reporting-nodes---reportaftersuite" + if nodeType.Is(NodeTypeReportBeforeSuite | NodeTypeReportAfterSuite) { + docLink = "reporting-nodes---reportbeforesuite-and-reportaftersuite" } return GinkgoError{ @@ -125,8 +125,8 @@ func (g ginkgoErrors) SuiteNodeInNestedContext(nodeType NodeType, cl CodeLocatio func (g ginkgoErrors) SuiteNodeDuringRunPhase(nodeType NodeType, cl CodeLocation) error { docLink := "suite-setup-and-cleanup-beforesuite-and-aftersuite" - if nodeType.Is(NodeTypeReportAfterSuite) { - docLink = "reporting-nodes---reportaftersuite" + if nodeType.Is(NodeTypeReportBeforeSuite | NodeTypeReportAfterSuite) { + docLink = "reporting-nodes---reportbeforesuite-and-reportaftersuite" } return GinkgoError{ @@ -180,6 +180,15 @@ func (g ginkgoErrors) InvalidDeclarationOfFocusedAndPending(cl CodeLocation, nod } } +func (g ginkgoErrors) InvalidDeclarationOfFlakeAttemptsAndMustPassRepeatedly(cl CodeLocation, nodeType NodeType) error { + return GinkgoError{ + Heading: "Invalid Combination of Decorators: FlakeAttempts and MustPassRepeatedly", + Message: formatter.F(`[%s] node was decorated with both FlakeAttempts and MustPassRepeatedly. At most one is allowed.`, nodeType), + CodeLocation: cl, + DocLink: "node-decorators-overview", + } +} + func (g ginkgoErrors) UnknownDecorator(cl CodeLocation, nodeType NodeType, decorator interface{}) error { return GinkgoError{ Heading: "Unknown Decorator", @@ -289,6 +298,15 @@ func (g ginkgoErrors) SetupNodeNotInOrderedContainer(cl CodeLocation, nodeType N } } +func (g ginkgoErrors) InvalidContinueOnFailureDecoration(cl CodeLocation) error { + return GinkgoError{ + Heading: "ContinueOnFailure not decorating an outermost Ordered Container", + Message: "ContinueOnFailure can only decorate an Ordered container, and this Ordered container must be the outermost Ordered container.", + CodeLocation: cl, + DocLink: "ordered-containers", + } +} + /* DeferCleanup errors */ func (g ginkgoErrors) DeferCleanupInvalidFunction(cl CodeLocation) error { return GinkgoError{ @@ -311,7 +329,7 @@ func (g ginkgoErrors) PushingCleanupNodeDuringTreeConstruction(cl CodeLocation) func (g ginkgoErrors) PushingCleanupInReportingNode(cl CodeLocation, nodeType NodeType) error { return GinkgoError{ Heading: fmt.Sprintf("DeferCleanup cannot be called in %s", nodeType), - Message: "Please inline your cleanup code - Ginkgo won't run cleanup code after a ReportAfterEach or ReportAfterSuite.", + Message: "Please inline your cleanup code - Ginkgo won't run cleanup code after a Reporting node.", CodeLocation: cl, DocLink: "cleaning-up-our-cleanup-code-defercleanup", } diff --git a/vendor/github.com/onsi/ginkgo/v2/types/label_filter.go b/vendor/github.com/onsi/ginkgo/v2/types/label_filter.go index 0403f9e63..b0d3b651e 100644 --- a/vendor/github.com/onsi/ginkgo/v2/types/label_filter.go +++ b/vendor/github.com/onsi/ginkgo/v2/types/label_filter.go @@ -272,12 +272,23 @@ func tokenize(input string) func() (*treeNode, error) { } } +func MustParseLabelFilter(input string) LabelFilter { + filter, err := ParseLabelFilter(input) + if err != nil { + panic(err) + } + return filter +} + func ParseLabelFilter(input string) (LabelFilter, error) { if DEBUG_LABEL_FILTER_PARSING { fmt.Println("\n==============") fmt.Println("Input: ", input) fmt.Print("Tokens: ") } + if input == "" { + return func(_ []string) bool { return true }, nil + } nextToken := tokenize(input) root := &treeNode{token: lfTokenRoot} diff --git a/vendor/github.com/onsi/ginkgo/v2/types/report_entry.go b/vendor/github.com/onsi/ginkgo/v2/types/report_entry.go index 798bedc03..7b1524b52 100644 --- a/vendor/github.com/onsi/ginkgo/v2/types/report_entry.go +++ b/vendor/github.com/onsi/ginkgo/v2/types/report_entry.go @@ -6,8 +6,8 @@ import ( "time" ) -//ReportEntryValue wraps a report entry's value ensuring it can be encoded and decoded safely into reports -//and across the network connection when running in parallel +// ReportEntryValue wraps a report entry's value ensuring it can be encoded and decoded safely into reports +// and across the network connection when running in parallel type ReportEntryValue struct { raw interface{} //unexported to prevent gob from freaking out about unregistered structs AsJSON string @@ -85,10 +85,12 @@ func (rev *ReportEntryValue) GobDecode(data []byte) error { type ReportEntry struct { // Visibility captures the visibility policy for this ReportEntry Visibility ReportEntryVisibility - // Time captures the time the AddReportEntry was called - Time time.Time // Location captures the location of the AddReportEntry call Location CodeLocation + + Time time.Time //need this for backwards compatibility + TimelineLocation TimelineLocation + // Name captures the name of this report Name string // Value captures the (optional) object passed into AddReportEntry - this can be @@ -120,7 +122,9 @@ func (entry ReportEntry) GetRawValue() interface{} { return entry.Value.GetRawValue() } - +func (entry ReportEntry) GetTimelineLocation() TimelineLocation { + return entry.TimelineLocation +} type ReportEntries []ReportEntry diff --git a/vendor/github.com/onsi/ginkgo/v2/types/types.go b/vendor/github.com/onsi/ginkgo/v2/types/types.go index a752c46d3..d048a8ada 100644 --- a/vendor/github.com/onsi/ginkgo/v2/types/types.go +++ b/vendor/github.com/onsi/ginkgo/v2/types/types.go @@ -2,6 +2,8 @@ package types import ( "encoding/json" + "fmt" + "sort" "strings" "time" ) @@ -56,19 +58,20 @@ type Report struct { SuiteConfig SuiteConfig //SpecReports is a list of all SpecReports generated by this test run + //It is empty when the SuiteReport is provided to ReportBeforeSuite SpecReports SpecReports } -//PreRunStats contains a set of stats captured before the test run begins. This is primarily used -//by Ginkgo's reporter to tell the user how many specs are in the current suite (PreRunStats.TotalSpecs) -//and how many it intends to run (PreRunStats.SpecsThatWillRun) after applying any relevant focus or skip filters. +// PreRunStats contains a set of stats captured before the test run begins. This is primarily used +// by Ginkgo's reporter to tell the user how many specs are in the current suite (PreRunStats.TotalSpecs) +// and how many it intends to run (PreRunStats.SpecsThatWillRun) after applying any relevant focus or skip filters. type PreRunStats struct { TotalSpecs int SpecsThatWillRun int } -//Add is ued by Ginkgo's parallel aggregation mechanisms to combine test run reports form individual parallel processes -//to form a complete final report. +// Add is used by Ginkgo's parallel aggregation mechanisms to combine test run reports form individual parallel processes +// to form a complete final report. func (report Report) Add(other Report) Report { report.SuiteSucceeded = report.SuiteSucceeded && other.SuiteSucceeded @@ -147,14 +150,24 @@ type SpecReport struct { // ParallelProcess captures the parallel process that this spec ran on ParallelProcess int + // RunningInParallel captures whether this spec is part of a suite that ran in parallel + RunningInParallel bool + //Failure is populated if a spec has failed, panicked, been interrupted, or skipped by the user (e.g. calling Skip()) //It includes detailed information about the Failure Failure Failure - // NumAttempts captures the number of times this Spec was run. Flakey specs can be retried with - // ginkgo --flake-attempts=N + // NumAttempts captures the number of times this Spec was run. + // Flakey specs can be retried with ginkgo --flake-attempts=N or the use of the FlakeAttempts decorator. + // Repeated specs can be retried with the use of the MustPassRepeatedly decorator NumAttempts int + // MaxFlakeAttempts captures whether the spec has been retried with ginkgo --flake-attempts=N or the use of the FlakeAttempts decorator. + MaxFlakeAttempts int + + // MaxMustPassRepeatedly captures whether the spec has the MustPassRepeatedly decorator + MaxMustPassRepeatedly int + // CapturedGinkgoWriterOutput contains text printed to the GinkgoWriter CapturedGinkgoWriterOutput string @@ -171,6 +184,9 @@ type SpecReport struct { // AdditionalFailures contains any failures that occurred after the initial spec failure. These typically occur in cleanup nodes after the initial failure and are only emitted when running in verbose mode. AdditionalFailures []AdditionalFailure + + // SpecEvents capture additional events that occur during the spec run + SpecEvents SpecEvents } func (report SpecReport) MarshalJSON() ([]byte, error) { @@ -190,11 +206,14 @@ func (report SpecReport) MarshalJSON() ([]byte, error) { ParallelProcess int Failure *Failure `json:",omitempty"` NumAttempts int + MaxFlakeAttempts int + MaxMustPassRepeatedly int CapturedGinkgoWriterOutput string `json:",omitempty"` CapturedStdOutErr string `json:",omitempty"` ReportEntries ReportEntries `json:",omitempty"` ProgressReports []ProgressReport `json:",omitempty"` AdditionalFailures []AdditionalFailure `json:",omitempty"` + SpecEvents SpecEvents `json:",omitempty"` }{ ContainerHierarchyTexts: report.ContainerHierarchyTexts, ContainerHierarchyLocations: report.ContainerHierarchyLocations, @@ -211,6 +230,8 @@ func (report SpecReport) MarshalJSON() ([]byte, error) { Failure: nil, ReportEntries: nil, NumAttempts: report.NumAttempts, + MaxFlakeAttempts: report.MaxFlakeAttempts, + MaxMustPassRepeatedly: report.MaxMustPassRepeatedly, CapturedGinkgoWriterOutput: report.CapturedGinkgoWriterOutput, CapturedStdOutErr: report.CapturedStdOutErr, } @@ -227,6 +248,9 @@ func (report SpecReport) MarshalJSON() ([]byte, error) { if len(report.AdditionalFailures) > 0 { out.AdditionalFailures = report.AdditionalFailures } + if len(report.SpecEvents) > 0 { + out.SpecEvents = report.SpecEvents + } return json.Marshal(out) } @@ -244,13 +268,13 @@ func (report SpecReport) CombinedOutput() string { return report.CapturedStdOutErr + "\n" + report.CapturedGinkgoWriterOutput } -//Failed returns true if report.State is one of the SpecStateFailureStates +// Failed returns true if report.State is one of the SpecStateFailureStates // (SpecStateFailed, SpecStatePanicked, SpecStateinterrupted, SpecStateAborted) func (report SpecReport) Failed() bool { return report.State.Is(SpecStateFailureStates) } -//FullText returns a concatenation of all the report.ContainerHierarchyTexts and report.LeafNodeText +// FullText returns a concatenation of all the report.ContainerHierarchyTexts and report.LeafNodeText func (report SpecReport) FullText() string { texts := []string{} texts = append(texts, report.ContainerHierarchyTexts...) @@ -260,7 +284,7 @@ func (report SpecReport) FullText() string { return strings.Join(texts, " ") } -//Labels returns a deduped set of all the spec's Labels. +// Labels returns a deduped set of all the spec's Labels. func (report SpecReport) Labels() []string { out := []string{} seen := map[string]bool{} @@ -282,7 +306,7 @@ func (report SpecReport) Labels() []string { return out } -//MatchesLabelFilter returns true if the spec satisfies the passed in label filter query +// MatchesLabelFilter returns true if the spec satisfies the passed in label filter query func (report SpecReport) MatchesLabelFilter(query string) (bool, error) { filter, err := ParseLabelFilter(query) if err != nil { @@ -291,29 +315,54 @@ func (report SpecReport) MatchesLabelFilter(query string) (bool, error) { return filter(report.Labels()), nil } -//FileName() returns the name of the file containing the spec +// FileName() returns the name of the file containing the spec func (report SpecReport) FileName() string { return report.LeafNodeLocation.FileName } -//LineNumber() returns the line number of the leaf node +// LineNumber() returns the line number of the leaf node func (report SpecReport) LineNumber() int { return report.LeafNodeLocation.LineNumber } -//FailureMessage() returns the failure message (or empty string if the test hasn't failed) +// FailureMessage() returns the failure message (or empty string if the test hasn't failed) func (report SpecReport) FailureMessage() string { return report.Failure.Message } -//FailureLocation() returns the location of the failure (or an empty CodeLocation if the test hasn't failed) +// FailureLocation() returns the location of the failure (or an empty CodeLocation if the test hasn't failed) func (report SpecReport) FailureLocation() CodeLocation { return report.Failure.Location } +// Timeline() returns a timeline view of the report +func (report SpecReport) Timeline() Timeline { + timeline := Timeline{} + if !report.Failure.IsZero() { + timeline = append(timeline, report.Failure) + if report.Failure.AdditionalFailure != nil { + timeline = append(timeline, *(report.Failure.AdditionalFailure)) + } + } + for _, additionalFailure := range report.AdditionalFailures { + timeline = append(timeline, additionalFailure) + } + for _, reportEntry := range report.ReportEntries { + timeline = append(timeline, reportEntry) + } + for _, progressReport := range report.ProgressReports { + timeline = append(timeline, progressReport) + } + for _, specEvent := range report.SpecEvents { + timeline = append(timeline, specEvent) + } + sort.Sort(timeline) + return timeline +} + type SpecReports []SpecReport -//WithLeafNodeType returns the subset of SpecReports with LeafNodeType matching one of the requested NodeTypes +// WithLeafNodeType returns the subset of SpecReports with LeafNodeType matching one of the requested NodeTypes func (reports SpecReports) WithLeafNodeType(nodeTypes NodeType) SpecReports { count := 0 for i := range reports { @@ -333,7 +382,7 @@ func (reports SpecReports) WithLeafNodeType(nodeTypes NodeType) SpecReports { return out } -//WithState returns the subset of SpecReports with State matching one of the requested SpecStates +// WithState returns the subset of SpecReports with State matching one of the requested SpecStates func (reports SpecReports) WithState(states SpecState) SpecReports { count := 0 for i := range reports { @@ -352,7 +401,7 @@ func (reports SpecReports) WithState(states SpecState) SpecReports { return out } -//CountWithState returns the number of SpecReports with State matching one of the requested SpecStates +// CountWithState returns the number of SpecReports with State matching one of the requested SpecStates func (reports SpecReports) CountWithState(states SpecState) int { n := 0 for i := range reports { @@ -363,17 +412,75 @@ func (reports SpecReports) CountWithState(states SpecState) int { return n } -//CountWithState returns the number of SpecReports that passed after multiple attempts +// If the Spec passes, CountOfFlakedSpecs returns the number of SpecReports that failed after multiple attempts. func (reports SpecReports) CountOfFlakedSpecs() int { n := 0 for i := range reports { - if reports[i].State.Is(SpecStatePassed) && reports[i].NumAttempts > 1 { + if reports[i].MaxFlakeAttempts > 1 && reports[i].State.Is(SpecStatePassed) && reports[i].NumAttempts > 1 { n += 1 } } return n } +// If the Spec fails, CountOfRepeatedSpecs returns the number of SpecReports that passed after multiple attempts +func (reports SpecReports) CountOfRepeatedSpecs() int { + n := 0 + for i := range reports { + if reports[i].MaxMustPassRepeatedly > 1 && reports[i].State.Is(SpecStateFailureStates) && reports[i].NumAttempts > 1 { + n += 1 + } + } + return n +} + +// TimelineLocation captures the location of an event in the spec's timeline +type TimelineLocation struct { + //Offset is the offset (in bytes) of the event relative to the GinkgoWriter stream + Offset int `json:",omitempty"` + + //Order is the order of the event with respect to other events. The absolute value of Order + //is irrelevant. All that matters is that an event with a lower Order occurs before ane vent with a higher Order + Order int `json:",omitempty"` + + Time time.Time +} + +// TimelineEvent represent an event on the timeline +// consumers of Timeline will need to check the concrete type of each entry to determine how to handle it +type TimelineEvent interface { + GetTimelineLocation() TimelineLocation +} + +type Timeline []TimelineEvent + +func (t Timeline) Len() int { return len(t) } +func (t Timeline) Less(i, j int) bool { + return t[i].GetTimelineLocation().Order < t[j].GetTimelineLocation().Order +} +func (t Timeline) Swap(i, j int) { t[i], t[j] = t[j], t[i] } +func (t Timeline) WithoutHiddenReportEntries() Timeline { + out := Timeline{} + for _, event := range t { + if reportEntry, isReportEntry := event.(ReportEntry); isReportEntry && reportEntry.Visibility == ReportEntryVisibilityNever { + continue + } + out = append(out, event) + } + return out +} + +func (t Timeline) WithoutVeryVerboseSpecEvents() Timeline { + out := Timeline{} + for _, event := range t { + if specEvent, isSpecEvent := event.(SpecEvent); isSpecEvent && specEvent.IsOnlyVisibleAtVeryVerbose() { + continue + } + out = append(out, event) + } + return out +} + // Failure captures failure information for an individual test type Failure struct { // Message - the failure message passed into Fail(...). When using a matcher library @@ -386,6 +493,8 @@ type Failure struct { // This CodeLocation will include a fully-populated StackTrace Location CodeLocation + TimelineLocation TimelineLocation + // ForwardedPanic - if the failure represents a captured panic (i.e. Summary.State == SpecStatePanicked) // then ForwardedPanic will be populated with a string representation of the captured panic. ForwardedPanic string `json:",omitempty"` @@ -398,19 +507,29 @@ type Failure struct { // FailureNodeType will contain the NodeType of the node in which the failure occurred. // FailureNodeLocation will contain the CodeLocation of the node in which the failure occurred. // If populated, FailureNodeContainerIndex will be the index into SpecReport.ContainerHierarchyTexts and SpecReport.ContainerHierarchyLocations that represents the parent container of the node in which the failure occurred. - FailureNodeContext FailureNodeContext - FailureNodeType NodeType - FailureNodeLocation CodeLocation - FailureNodeContainerIndex int + FailureNodeContext FailureNodeContext `json:",omitempty"` + + FailureNodeType NodeType `json:",omitempty"` + + FailureNodeLocation CodeLocation `json:",omitempty"` + + FailureNodeContainerIndex int `json:",omitempty"` //ProgressReport is populated if the spec was interrupted or timed out - ProgressReport ProgressReport + ProgressReport ProgressReport `json:",omitempty"` + + //AdditionalFailure is non-nil if a follow-on failure occurred within the same node after the primary failure. This only happens when a node has timed out or been interrupted. In such cases the AdditionalFailure can include information about where/why the spec was stuck. + AdditionalFailure *AdditionalFailure `json:",omitempty"` } func (f Failure) IsZero() bool { return f.Message == "" && (f.Location == CodeLocation{}) } +func (f Failure) GetTimelineLocation() TimelineLocation { + return f.TimelineLocation +} + // FailureNodeContext captures the location context for the node containing the failing line of code type FailureNodeContext uint @@ -449,6 +568,10 @@ type AdditionalFailure struct { Failure Failure } +func (f AdditionalFailure) GetTimelineLocation() TimelineLocation { + return f.Failure.TimelineLocation +} + // SpecState captures the state of a spec // To determine if a given `state` represents a failure state, use `state.Is(SpecStateFailureStates)` type SpecState uint @@ -481,6 +604,9 @@ var ssEnumSupport = NewEnumSupport(map[uint]string{ func (ss SpecState) String() string { return ssEnumSupport.String(uint(ss)) } +func (ss SpecState) GomegaString() string { + return ssEnumSupport.String(uint(ss)) +} func (ss *SpecState) UnmarshalJSON(b []byte) error { out, err := ssEnumSupport.UnmarshJSON(b) *ss = SpecState(out) @@ -498,38 +624,40 @@ func (ss SpecState) Is(states SpecState) bool { // ProgressReport captures the progress of the current spec. It is, effectively, a structured Ginkgo-aware stack trace type ProgressReport struct { - Message string - ParallelProcess int - RunningInParallel bool + Message string `json:",omitempty"` + ParallelProcess int `json:",omitempty"` + RunningInParallel bool `json:",omitempty"` - Time time.Time + ContainerHierarchyTexts []string `json:",omitempty"` + LeafNodeText string `json:",omitempty"` + LeafNodeLocation CodeLocation `json:",omitempty"` + SpecStartTime time.Time `json:",omitempty"` - ContainerHierarchyTexts []string - LeafNodeText string - LeafNodeLocation CodeLocation - SpecStartTime time.Time - - CurrentNodeType NodeType - CurrentNodeText string - CurrentNodeLocation CodeLocation - CurrentNodeStartTime time.Time + CurrentNodeType NodeType `json:",omitempty"` + CurrentNodeText string `json:",omitempty"` + CurrentNodeLocation CodeLocation `json:",omitempty"` + CurrentNodeStartTime time.Time `json:",omitempty"` - CurrentStepText string - CurrentStepLocation CodeLocation - CurrentStepStartTime time.Time + CurrentStepText string `json:",omitempty"` + CurrentStepLocation CodeLocation `json:",omitempty"` + CurrentStepStartTime time.Time `json:",omitempty"` - AdditionalReports []string + AdditionalReports []string `json:",omitempty"` - CapturedGinkgoWriterOutput string `json:",omitempty"` - GinkgoWriterOffset int + CapturedGinkgoWriterOutput string `json:",omitempty"` + TimelineLocation TimelineLocation `json:",omitempty"` - Goroutines []Goroutine + Goroutines []Goroutine `json:",omitempty"` } func (pr ProgressReport) IsZero() bool { return pr.CurrentNodeType == NodeTypeInvalid } +func (pr ProgressReport) Time() time.Time { + return pr.TimelineLocation.Time +} + func (pr ProgressReport) SpecGoroutine() Goroutine { for _, goroutine := range pr.Goroutines { if goroutine.IsSpecGoroutine { @@ -567,6 +695,22 @@ func (pr ProgressReport) WithoutCapturedGinkgoWriterOutput() ProgressReport { return out } +func (pr ProgressReport) WithoutOtherGoroutines() ProgressReport { + out := pr + filteredGoroutines := []Goroutine{} + for _, goroutine := range pr.Goroutines { + if goroutine.IsSpecGoroutine || goroutine.HasHighlights() { + filteredGoroutines = append(filteredGoroutines, goroutine) + } + } + out.Goroutines = filteredGoroutines + return out +} + +func (pr ProgressReport) GetTimelineLocation() TimelineLocation { + return pr.TimelineLocation +} + type Goroutine struct { ID uint64 State string @@ -621,6 +765,7 @@ const ( NodeTypeReportBeforeEach NodeTypeReportAfterEach + NodeTypeReportBeforeSuite NodeTypeReportAfterSuite NodeTypeCleanupInvalid @@ -630,9 +775,9 @@ const ( ) var NodeTypesForContainerAndIt = NodeTypeContainer | NodeTypeIt -var NodeTypesForSuiteLevelNodes = NodeTypeBeforeSuite | NodeTypeSynchronizedBeforeSuite | NodeTypeAfterSuite | NodeTypeSynchronizedAfterSuite | NodeTypeReportAfterSuite | NodeTypeCleanupAfterSuite +var NodeTypesForSuiteLevelNodes = NodeTypeBeforeSuite | NodeTypeSynchronizedBeforeSuite | NodeTypeAfterSuite | NodeTypeSynchronizedAfterSuite | NodeTypeReportBeforeSuite | NodeTypeReportAfterSuite | NodeTypeCleanupAfterSuite var NodeTypesAllowedDuringCleanupInterrupt = NodeTypeAfterEach | NodeTypeJustAfterEach | NodeTypeAfterAll | NodeTypeAfterSuite | NodeTypeSynchronizedAfterSuite | NodeTypeCleanupAfterEach | NodeTypeCleanupAfterAll | NodeTypeCleanupAfterSuite -var NodeTypesAllowedDuringReportInterrupt = NodeTypeReportBeforeEach | NodeTypeReportAfterEach | NodeTypeReportAfterSuite +var NodeTypesAllowedDuringReportInterrupt = NodeTypeReportBeforeEach | NodeTypeReportAfterEach | NodeTypeReportBeforeSuite | NodeTypeReportAfterSuite var ntEnumSupport = NewEnumSupport(map[uint]string{ uint(NodeTypeInvalid): "INVALID NODE TYPE", @@ -650,6 +795,7 @@ var ntEnumSupport = NewEnumSupport(map[uint]string{ uint(NodeTypeSynchronizedAfterSuite): "SynchronizedAfterSuite", uint(NodeTypeReportBeforeEach): "ReportBeforeEach", uint(NodeTypeReportAfterEach): "ReportAfterEach", + uint(NodeTypeReportBeforeSuite): "ReportBeforeSuite", uint(NodeTypeReportAfterSuite): "ReportAfterSuite", uint(NodeTypeCleanupInvalid): "DeferCleanup", uint(NodeTypeCleanupAfterEach): "DeferCleanup (Each)", @@ -672,3 +818,99 @@ func (nt NodeType) MarshalJSON() ([]byte, error) { func (nt NodeType) Is(nodeTypes NodeType) bool { return nt&nodeTypes != 0 } + +/* +SpecEvent captures a vareity of events that can occur when specs run. See SpecEventType for the list of available events. +*/ +type SpecEvent struct { + SpecEventType SpecEventType + + CodeLocation CodeLocation + TimelineLocation TimelineLocation + + Message string `json:",omitempty"` + Duration time.Duration `json:",omitempty"` + NodeType NodeType `json:",omitempty"` + Attempt int `json:",omitempty"` +} + +func (se SpecEvent) GetTimelineLocation() TimelineLocation { + return se.TimelineLocation +} + +func (se SpecEvent) IsOnlyVisibleAtVeryVerbose() bool { + return se.SpecEventType.Is(SpecEventByEnd | SpecEventNodeStart | SpecEventNodeEnd) +} + +func (se SpecEvent) GomegaString() string { + out := &strings.Builder{} + out.WriteString("[" + se.SpecEventType.String() + " SpecEvent] ") + if se.Message != "" { + out.WriteString("Message=") + out.WriteString(`"` + se.Message + `",`) + } + if se.Duration != 0 { + out.WriteString("Duration=" + se.Duration.String() + ",") + } + if se.NodeType != NodeTypeInvalid { + out.WriteString("NodeType=" + se.NodeType.String() + ",") + } + if se.Attempt != 0 { + out.WriteString(fmt.Sprintf("Attempt=%d", se.Attempt) + ",") + } + out.WriteString("CL=" + se.CodeLocation.String() + ",") + out.WriteString(fmt.Sprintf("TL.Offset=%d", se.TimelineLocation.Offset)) + + return out.String() +} + +type SpecEvents []SpecEvent + +func (se SpecEvents) WithType(seType SpecEventType) SpecEvents { + out := SpecEvents{} + for _, event := range se { + if event.SpecEventType.Is(seType) { + out = append(out, event) + } + } + return out +} + +type SpecEventType uint + +const ( + SpecEventInvalid SpecEventType = 0 + + SpecEventByStart SpecEventType = 1 << iota + SpecEventByEnd + SpecEventNodeStart + SpecEventNodeEnd + SpecEventSpecRepeat + SpecEventSpecRetry +) + +var seEnumSupport = NewEnumSupport(map[uint]string{ + uint(SpecEventInvalid): "INVALID SPEC EVENT", + uint(SpecEventByStart): "By", + uint(SpecEventByEnd): "By (End)", + uint(SpecEventNodeStart): "Node", + uint(SpecEventNodeEnd): "Node (End)", + uint(SpecEventSpecRepeat): "Repeat", + uint(SpecEventSpecRetry): "Retry", +}) + +func (se SpecEventType) String() string { + return seEnumSupport.String(uint(se)) +} +func (se *SpecEventType) UnmarshalJSON(b []byte) error { + out, err := seEnumSupport.UnmarshJSON(b) + *se = SpecEventType(out) + return err +} +func (se SpecEventType) MarshalJSON() ([]byte, error) { + return seEnumSupport.MarshJSON(uint(se)) +} + +func (se SpecEventType) Is(specEventTypes SpecEventType) bool { + return se&specEventTypes != 0 +} diff --git a/vendor/github.com/onsi/ginkgo/v2/types/version.go b/vendor/github.com/onsi/ginkgo/v2/types/version.go index a4ea12a9e..f895739b8 100644 --- a/vendor/github.com/onsi/ginkgo/v2/types/version.go +++ b/vendor/github.com/onsi/ginkgo/v2/types/version.go @@ -1,3 +1,3 @@ package types -const VERSION = "2.3.1" +const VERSION = "2.11.0" diff --git a/vendor/github.com/onsi/gomega/.gitignore b/vendor/github.com/onsi/gomega/.gitignore index 720c13cba..425d0a509 100644 --- a/vendor/github.com/onsi/gomega/.gitignore +++ b/vendor/github.com/onsi/gomega/.gitignore @@ -3,3 +3,5 @@ . .idea gomega.iml +TODO +.vscode \ No newline at end of file diff --git a/vendor/github.com/onsi/gomega/CHANGELOG.md b/vendor/github.com/onsi/gomega/CHANGELOG.md index 3e806d8c1..9b83dd6d4 100644 --- a/vendor/github.com/onsi/gomega/CHANGELOG.md +++ b/vendor/github.com/onsi/gomega/CHANGELOG.md @@ -1,3 +1,177 @@ +## 1.27.8 + +### Fixes +- HaveExactElement should not call FailureMessage if a submatcher returned an error [096f392] + +### Maintenance +- Bump github.com/onsi/ginkgo/v2 from 2.9.5 to 2.9.7 (#669) [8884bee] + +## 1.27.7 + +### Fixes +- fix: gcustom.MakeMatcher accepts nil as actual value (#666) [57054d5] + +### Maintenance +- update gitignore [05c1bc6] +- Bump github.com/onsi/ginkgo/v2 from 2.9.4 to 2.9.5 (#663) [7cadcf6] +- Bump golang.org/x/net from 0.9.0 to 0.10.0 (#662) [b524839] +- Bump github.com/onsi/ginkgo/v2 from 2.9.2 to 2.9.4 (#661) [5f44694] +- Bump commonmarker from 0.23.8 to 0.23.9 in /docs (#657) [05dc99a] +- Bump nokogiri from 1.14.1 to 1.14.3 in /docs (#658) [3a033d1] +- Replace deprecated NewGomegaWithT with NewWithT (#659) [a19238f] +- Bump golang.org/x/net from 0.8.0 to 0.9.0 (#656) [29ed041] +- Bump actions/setup-go from 3 to 4 (#651) [11b2080] + +## 1.27.6 + +### Fixes +- Allow collections matchers to work correctly when expected has nil elements [60e7cf3] + +### Maintenance +- updates MatchError godoc comment to also accept a Gomega matcher (#654) [67b869d] + +## 1.27.5 + +### Maintenance +- Bump github.com/onsi/ginkgo/v2 from 2.9.1 to 2.9.2 (#653) [a215021] +- Bump github.com/go-task/slim-sprig (#652) [a26fed8] + +## 1.27.4 + +### Fixes +- improve error formatting and remove duplication of error message in Eventually/Consistently [854f075] + +### Maintenance +- Bump github.com/onsi/ginkgo/v2 from 2.9.0 to 2.9.1 (#650) [ccebd9b] + +## 1.27.3 + +### Fixes +- format.Object now always includes err.Error() when passed an error [86d97ef] +- Fix HaveExactElements to work inside ContainElement or other collection matchers (#648) [636757e] + +### Maintenance +- Bump github.com/golang/protobuf from 1.5.2 to 1.5.3 (#649) [cc16689] +- Bump github.com/onsi/ginkgo/v2 from 2.8.4 to 2.9.0 (#646) [e783366] + +## 1.27.2 + +### Fixes +- improve poll progress message when polling a consistently that has been passing [28a319b] + +### Maintenance +- bump ginkgo +- remove tools.go hack as Ginkgo 2.8.2 automatically pulls in the cli dependencies [81443b3] + +## 1.27.1 + +### Maintenance + +- Bump golang.org/x/net from 0.6.0 to 0.7.0 (#640) [bc686cd] + +## 1.27.0 + +### Features +- Add HaveExactElements matcher (#634) [9d50783] +- update Gomega docs to discuss GinkgoHelper() [be32774] + +### Maintenance +- Bump github.com/onsi/ginkgo/v2 from 2.8.0 to 2.8.1 (#639) [296a68b] +- Bump golang.org/x/net from 0.5.0 to 0.6.0 (#638) [c2b098b] +- Bump github-pages from 227 to 228 in /docs (#636) [a9069ab] +- test: update matrix for Go 1.20 (#635) [6bd25c8] +- Bump github.com/onsi/ginkgo/v2 from 2.7.0 to 2.8.0 (#631) [5445f8b] +- Bump webrick from 1.7.0 to 1.8.1 in /docs (#630) [03e93bb] +- codeql: add ruby language (#626) [63c7d21] +- dependabot: add bundler package-ecosystem for docs (#625) [d92f963] + +## 1.26.0 + +### Features +- When a polled function returns an error, keep track of the actual and report on the matcher state of the last non-errored actual [21f3090] +- improve eventually failure message output [c530fb3] + +### Fixes +- fix several documentation spelling issues [e2eff1f] + + +## 1.25.0 + +### Features +- add `MustPassRepeatedly(int)` to asyncAssertion (#619) [4509f72] +- compare unwrapped errors using DeepEqual (#617) [aaeaa5d] + +### Maintenance +- Bump golang.org/x/net from 0.4.0 to 0.5.0 (#614) [c7cfea4] +- Bump github.com/onsi/ginkgo/v2 from 2.6.1 to 2.7.0 (#615) [71b8adb] +- Docs: Fix typo "MUltiple" -> "Multiple" (#616) [9351dda] +- clean up go.sum [cd1dc1d] + +## 1.24.2 + +### Fixes +- Correctly handle assertion failure panics for eventually/consistnetly "g Gomega"s in a goroutine [78f1660] +- docs:Fix typo "you an" -> "you can" (#607) [3187c1f] +- fixes issue #600 (#606) [808d192] + +### Maintenance +- Bump golang.org/x/net from 0.2.0 to 0.4.0 (#611) [6ebc0bf] +- Bump nokogiri from 1.13.9 to 1.13.10 in /docs (#612) [258cfc8] +- Bump github.com/onsi/ginkgo/v2 from 2.5.0 to 2.5.1 (#609) [e6c3eb9] + +## 1.24.1 + +### Fixes +- maintain backward compatibility for Eventually and Consisntetly's signatures [4c7df5e] +- fix small typo (#601) [ea0ebe6] + +### Maintenance +- Bump golang.org/x/net from 0.1.0 to 0.2.0 (#603) [1ba8372] +- Bump github.com/onsi/ginkgo/v2 from 2.4.0 to 2.5.0 (#602) [f9426cb] +- fix label-filter in test.yml [d795db6] +- stop running flakey tests and rely on external network dependencies in CI [7133290] + +## 1.24.0 + +### Features + +Introducting [gcustom](https://onsi.github.io/gomega/#gcustom-a-convenient-mechanism-for-buildling-custom-matchers) - a convenient mechanism for building custom matchers. + +This is an RC release for `gcustom`. The external API may be tweaked in response to feedback however it is expected to remain mostly stable. + +### Maintenance + +- Update BeComparableTo documentation [756eaa0] + +## 1.23.0 + +### Features +- Custom formatting on a per-type basis can be provided using `format.RegisterCustomFormatter()` -- see the docs [here](https://onsi.github.io/gomega/#adjusting-output) + +- Substantial improvement have been made to `StopTrying()`: + - Users can now use `StopTrying().Wrap(err)` to wrap errors and `StopTrying().Attach(description, object)` to attach arbitrary objects to the `StopTrying()` error + - `StopTrying()` is now always interpreted as a failure. If you are an early adopter of `StopTrying()` you may need to change your code as the prior version would match against the returned value even if `StopTrying()` was returned. Going forward the `StopTrying()` api should remain stable. + - `StopTrying()` and `StopTrying().Now()` can both be used in matchers - not just polled functions. + +- `TryAgainAfter(duration)` is used like `StopTrying()` but instructs `Eventually` and `Consistently` that the poll should be tried again after the specified duration. This allows you to dynamically adjust the polling duration. + +- `ctx` can now be passed-in as the first argument to `Eventually` and `Consistently`. + +## Maintenance + +- Bump github.com/onsi/ginkgo/v2 from 2.3.0 to 2.3.1 (#597) [afed901] +- Bump nokogiri from 1.13.8 to 1.13.9 in /docs (#599) [7c691b3] +- Bump github.com/google/go-cmp from 0.5.8 to 0.5.9 (#587) [ff22665] + +## 1.22.1 + +## Fixes +- When passed a context and no explicit timeout, Eventually will only timeout when the context is cancelled [e5105cf] +- Allow StopTrying() to be wrapped [bf3cba9] + +## Maintenance +- bump to ginkgo v2.3.0 [c5d5c39] + ## 1.22.0 ### Features diff --git a/vendor/github.com/onsi/gomega/RELEASING.md b/vendor/github.com/onsi/gomega/RELEASING.md index 7153b9b94..9973fff49 100644 --- a/vendor/github.com/onsi/gomega/RELEASING.md +++ b/vendor/github.com/onsi/gomega/RELEASING.md @@ -5,7 +5,7 @@ A Gomega release is a tagged sha and a GitHub release. To cut a release: ```bash LAST_VERSION=$(git tag --sort=version:refname | tail -n1) CHANGES=$(git log --pretty=format:'- %s [%h]' HEAD...$LAST_VERSION) - echo -e "## NEXT\n\n$CHANGES\n\n### Features\n\n## Fixes\n\n## Maintenance\n\n$(cat CHANGELOG.md)" > CHANGELOG.md + echo -e "## NEXT\n\n$CHANGES\n\n### Features\n\n### Fixes\n\n### Maintenance\n\n$(cat CHANGELOG.md)" > CHANGELOG.md ``` to update the changelog - Categorize the changes into diff --git a/vendor/github.com/onsi/gomega/format/format.go b/vendor/github.com/onsi/gomega/format/format.go index 6e78c391d..56bdd053b 100644 --- a/vendor/github.com/onsi/gomega/format/format.go +++ b/vendor/github.com/onsi/gomega/format/format.go @@ -52,7 +52,7 @@ var CharactersAroundMismatchToInclude uint = 5 var contextType = reflect.TypeOf((*context.Context)(nil)).Elem() var timeType = reflect.TypeOf(time.Time{}) -//The default indentation string emitted by the format package +// The default indentation string emitted by the format package var Indent = " " var longFormThreshold = 20 @@ -65,6 +65,52 @@ type GomegaStringer interface { GomegaString() string } +/* +CustomFormatters can be registered with Gomega via RegisterCustomFormatter() +Any value to be rendered by Gomega is passed to each registered CustomFormatters. +The CustomFormatter signals that it will handle formatting the value by returning (formatted-string, true) +If the CustomFormatter does not want to handle the object it should return ("", false) + +Strings returned by CustomFormatters are not truncated +*/ +type CustomFormatter func(value interface{}) (string, bool) +type CustomFormatterKey uint + +var customFormatterKey CustomFormatterKey = 1 + +type customFormatterKeyPair struct { + CustomFormatter + CustomFormatterKey +} + +/* +RegisterCustomFormatter registers a CustomFormatter and returns a CustomFormatterKey + +You can call UnregisterCustomFormatter with the returned key to unregister the associated CustomFormatter +*/ +func RegisterCustomFormatter(customFormatter CustomFormatter) CustomFormatterKey { + key := customFormatterKey + customFormatterKey += 1 + customFormatters = append(customFormatters, customFormatterKeyPair{customFormatter, key}) + return key +} + +/* +UnregisterCustomFormatter unregisters a previously registered CustomFormatter. You should pass in the key returned by RegisterCustomFormatter +*/ +func UnregisterCustomFormatter(key CustomFormatterKey) { + formatters := []customFormatterKeyPair{} + for _, f := range customFormatters { + if f.CustomFormatterKey == key { + continue + } + formatters = append(formatters, f) + } + customFormatters = formatters +} + +var customFormatters = []customFormatterKeyPair{} + /* Generates a formatted matcher success/failure message of the form: @@ -212,24 +258,35 @@ Set PrintContextObjects to true to print the content of objects implementing con func Object(object interface{}, indentation uint) string { indent := strings.Repeat(Indent, int(indentation)) value := reflect.ValueOf(object) - return fmt.Sprintf("%s<%s>: %s", indent, formatType(value), formatValue(value, indentation)) + commonRepresentation := "" + if err, ok := object.(error); ok { + commonRepresentation += "\n" + IndentString(err.Error(), indentation) + "\n" + indent + } + return fmt.Sprintf("%s<%s>: %s%s", indent, formatType(value), commonRepresentation, formatValue(value, indentation)) } /* IndentString takes a string and indents each line by the specified amount. */ func IndentString(s string, indentation uint) string { + return indentString(s, indentation, true) +} + +func indentString(s string, indentation uint, indentFirstLine bool) string { + result := &strings.Builder{} components := strings.Split(s, "\n") - result := "" indent := strings.Repeat(Indent, int(indentation)) for i, component := range components { - result += indent + component + if i > 0 || indentFirstLine { + result.WriteString(indent) + } + result.WriteString(component) if i < len(components)-1 { - result += "\n" + result.WriteString("\n") } } - return result + return result.String() } func formatType(v reflect.Value) string { @@ -261,18 +318,27 @@ func formatValue(value reflect.Value, indentation uint) string { if value.CanInterface() { obj := value.Interface() + // if a CustomFormatter handles this values, we'll go with that + for _, customFormatter := range customFormatters { + formatted, handled := customFormatter.CustomFormatter(obj) + // do not truncate a user-provided CustomFormatter() + if handled { + return indentString(formatted, indentation+1, false) + } + } + // GomegaStringer will take precedence to other representations and disregards UseStringerRepresentation if x, ok := obj.(GomegaStringer); ok { - // do not truncate a user-defined GoMegaString() value - return x.GomegaString() + // do not truncate a user-defined GomegaString() value + return indentString(x.GomegaString(), indentation+1, false) } if UseStringerRepresentation { switch x := obj.(type) { case fmt.GoStringer: - return truncateLongStrings(x.GoString()) + return indentString(truncateLongStrings(x.GoString()), indentation+1, false) case fmt.Stringer: - return truncateLongStrings(x.String()) + return indentString(truncateLongStrings(x.String()), indentation+1, false) } } } diff --git a/vendor/github.com/onsi/gomega/gomega_dsl.go b/vendor/github.com/onsi/gomega/gomega_dsl.go index 3cd18b577..bc7ec293d 100644 --- a/vendor/github.com/onsi/gomega/gomega_dsl.go +++ b/vendor/github.com/onsi/gomega/gomega_dsl.go @@ -22,7 +22,7 @@ import ( "github.com/onsi/gomega/types" ) -const GOMEGA_VERSION = "1.22.0" +const GOMEGA_VERSION = "1.27.8" const nilGomegaPanic = `You are trying to make an assertion, but haven't registered Gomega's fail handler. If you're using Ginkgo then you probably forgot to put your assertion in an It(). @@ -86,12 +86,12 @@ func internalGomega(g Gomega) *internal.Gomega { // NewWithT takes a *testing.T and returns a `gomega.WithT` allowing you to use `Expect`, `Eventually`, and `Consistently` along with // Gomega's rich ecosystem of matchers in standard `testing` test suits. // -// func TestFarmHasCow(t *testing.T) { -// g := gomega.NewWithT(t) +// func TestFarmHasCow(t *testing.T) { +// g := gomega.NewWithT(t) // -// f := farm.New([]string{"Cow", "Horse"}) -// g.Expect(f.HasCow()).To(BeTrue(), "Farm should have cow") -// } +// f := farm.New([]string{"Cow", "Horse"}) +// g.Expect(f.HasCow()).To(BeTrue(), "Farm should have cow") +// } func NewWithT(t types.GomegaTestingT) *WithT { return internal.NewGomega(internalGomega(Default).DurationBundle).ConfigureWithT(t) } @@ -171,7 +171,8 @@ func ensureDefaultGomegaIsConfigured() { } // Ω wraps an actual value allowing assertions to be made on it: -// Ω("foo").Should(Equal("foo")) +// +// Ω("foo").Should(Equal("foo")) // // If Ω is passed more than one argument it will pass the *first* argument to the matcher. // All subsequent arguments will be required to be nil/zero. @@ -180,10 +181,13 @@ func ensureDefaultGomegaIsConfigured() { // a value and an error - a common patter in Go. // // For example, given a function with signature: -// func MyAmazingThing() (int, error) +// +// func MyAmazingThing() (int, error) // // Then: -// Ω(MyAmazingThing()).Should(Equal(3)) +// +// Ω(MyAmazingThing()).Should(Equal(3)) +// // Will succeed only if `MyAmazingThing()` returns `(3, nil)` // // Ω and Expect are identical @@ -193,19 +197,23 @@ func Ω(actual interface{}, extra ...interface{}) Assertion { } // Expect wraps an actual value allowing assertions to be made on it: -// Expect("foo").To(Equal("foo")) +// +// Expect("foo").To(Equal("foo")) // // If Expect is passed more than one argument it will pass the *first* argument to the matcher. // All subsequent arguments will be required to be nil/zero. // // This is convenient if you want to make an assertion on a method/function that returns -// a value and an error - a common patter in Go. +// a value and an error - a common pattern in Go. // // For example, given a function with signature: -// func MyAmazingThing() (int, error) +// +// func MyAmazingThing() (int, error) // // Then: -// Expect(MyAmazingThing()).Should(Equal(3)) +// +// Expect(MyAmazingThing()).Should(Equal(3)) +// // Will succeed only if `MyAmazingThing()` returns `(3, nil)` // // Expect and Ω are identical @@ -215,7 +223,8 @@ func Expect(actual interface{}, extra ...interface{}) Assertion { } // ExpectWithOffset wraps an actual value allowing assertions to be made on it: -// ExpectWithOffset(1, "foo").To(Equal("foo")) +// +// ExpectWithOffset(1, "foo").To(Equal("foo")) // // Unlike `Expect` and `Ω`, `ExpectWithOffset` takes an additional integer argument // that is used to modify the call-stack offset when computing line numbers. It is @@ -241,15 +250,15 @@ Eventually works with any Gomega compatible matcher and supports making assertio There are several examples of values that can change over time. These can be passed in to Eventually and will be passed to the matcher repeatedly until a match occurs. For example: - c := make(chan bool) - go DoStuff(c) - Eventually(c, "50ms").Should(BeClosed()) + c := make(chan bool) + go DoStuff(c) + Eventually(c, "50ms").Should(BeClosed()) will poll the channel repeatedly until it is closed. In this example `Eventually` will block until either the specified timeout of 50ms has elapsed or the channel is closed, whichever comes first. Several Gomega libraries allow you to use Eventually in this way. For example, the gomega/gexec package allows you to block until a *gexec.Session exits successfully via: - Eventually(session).Should(gexec.Exit(0)) + Eventually(session).Should(gexec.Exit(0)) And the gomega/gbytes package allows you to monitor a streaming *gbytes.Buffer until a given string is seen: @@ -270,34 +279,38 @@ Eventually can be passed functions that **return at least one value**. When con For example: - Eventually(func() int { - return client.FetchCount() - }).Should(BeNumerically(">=", 17)) + Eventually(func() int { + return client.FetchCount() + }).Should(BeNumerically(">=", 17)) - will repeatedly poll client.FetchCount until the BeNumerically matcher is satisfied. (Note that this example could have been written as Eventually(client.FetchCount).Should(BeNumerically(">=", 17))) + will repeatedly poll client.FetchCount until the BeNumerically matcher is satisfied. (Note that this example could have been written as Eventually(client.FetchCount).Should(BeNumerically(">=", 17))) If multiple values are returned by the function, Eventually will pass the first value to the matcher and require that all others are zero-valued. This allows you to pass Eventually a function that returns a value and an error - a common pattern in Go. For example, consider a method that returns a value and an error: - func FetchFromDB() (string, error) + + func FetchFromDB() (string, error) Then - Eventually(FetchFromDB).Should(Equal("got it")) + + Eventually(FetchFromDB).Should(Equal("got it")) will pass only if and when the returned error is nil *and* the returned string satisfies the matcher. Eventually can also accept functions that take arguments, however you must provide those arguments using .WithArguments(). For example, consider a function that takes a user-id and makes a network request to fetch a full name: + func FetchFullName(userId int) (string, error) You can poll this function like so: + Eventually(FetchFullName).WithArguments(1138).Should(Equal("Wookie")) It is important to note that the function passed into Eventually is invoked *synchronously* when polled. Eventually does not (in fact, it cannot) kill the function if it takes longer to return than Eventually's configured timeout. A common practice here is to use a context. Here's an example that combines Ginkgo's spec timeout support with Eventually: It("fetches the correct count", func(ctx SpecContext) { - Eventually(func() int { + Eventually(ctx, func() int { return client.FetchCount(ctx, "/users") - }, ctx).Should(BeNumerically(">=", 17)) + }).Should(BeNumerically(">=", 17)) }, SpecTimeout(time.Second)) you an also use Eventually().WithContext(ctx) to pass in the context. Passed-in contexts play nicely with paseed-in arguments as long as the context appears first. You can rewrite the above example as: @@ -326,13 +339,13 @@ will pass only if all the assertions in the polled function pass and the return Eventually also supports a special case polling function that takes a single Gomega argument and returns no values. Eventually assumes such a function is making assertions and is designed to work with the Succeed matcher to validate that all assertions have passed. For example: - Eventually(func(g Gomega) { - model, err := client.Find(1138) - g.Expect(err).NotTo(HaveOccurred()) - g.Expect(model.Reticulate()).To(Succeed()) - g.Expect(model.IsReticulated()).To(BeTrue()) - g.Expect(model.Save()).To(Succeed()) - }).Should(Succeed()) + Eventually(func(g Gomega) { + model, err := client.Find(1138) + g.Expect(err).NotTo(HaveOccurred()) + g.Expect(model.Reticulate()).To(Succeed()) + g.Expect(model.IsReticulated()).To(BeTrue()) + g.Expect(model.Save()).To(Succeed()) + }).Should(Succeed()) will rerun the function until all assertions pass. @@ -347,17 +360,27 @@ You can also pass additional arugments to functions that take a Gomega. The onl g.Expect(elements).To(ConsistOf(expected)) }).WithContext(ctx).WithArguments("/names", "Joe", "Jane", "Sam").Should(Succeed()) +You can ensure that you get a number of consecutive successful tries before succeeding using `MustPassRepeatedly(int)`. For Example: + + int count := 0 + Eventually(func() bool { + count++ + return count > 2 + }).MustPassRepeatedly(2).Should(BeTrue()) + // Because we had to wait for 2 calls that returned true + Expect(count).To(Equal(3)) + Finally, in addition to passing timeouts and a context to Eventually you can be more explicit with Eventually's chaining configuration methods: Eventually(..., "1s", "2s", ctx).Should(...) is equivalent to - Eventually(...).WithTimeout(time.Second).WithPolling(2*time.Second).WithContext(ctx).Should(...) + Eventually(...).WithTimeout(time.Second).WithPolling(2*time.Second).WithContext(ctx).Should(...) */ -func Eventually(actual interface{}, args ...interface{}) AsyncAssertion { +func Eventually(actualOrCtx interface{}, args ...interface{}) AsyncAssertion { ensureDefaultGomegaIsConfigured() - return Default.Eventually(actual, args...) + return Default.Eventually(actualOrCtx, args...) } // EventuallyWithOffset operates like Eventually but takes an additional @@ -369,9 +392,9 @@ func Eventually(actual interface{}, args ...interface{}) AsyncAssertion { // `EventuallyWithOffset` specifying a timeout interval (and an optional polling interval) are // the same as `Eventually(...).WithOffset(...).WithTimeout` or // `Eventually(...).WithOffset(...).WithTimeout(...).WithPolling`. -func EventuallyWithOffset(offset int, actual interface{}, args ...interface{}) AsyncAssertion { +func EventuallyWithOffset(offset int, actualOrCtx interface{}, args ...interface{}) AsyncAssertion { ensureDefaultGomegaIsConfigured() - return Default.EventuallyWithOffset(offset, actual, args...) + return Default.EventuallyWithOffset(offset, actualOrCtx, args...) } /* @@ -385,13 +408,13 @@ Consistently accepts the same three categories of actual as Eventually, check th Consistently is useful in cases where you want to assert that something *does not happen* for a period of time. For example, you may want to assert that a goroutine does *not* send data down a channel. In this case you could write: - Consistently(channel, "200ms").ShouldNot(Receive()) + Consistently(channel, "200ms").ShouldNot(Receive()) This will block for 200 milliseconds and repeatedly check the channel and ensure nothing has been received. */ -func Consistently(actual interface{}, args ...interface{}) AsyncAssertion { +func Consistently(actualOrCtx interface{}, args ...interface{}) AsyncAssertion { ensureDefaultGomegaIsConfigured() - return Default.Consistently(actual, args...) + return Default.Consistently(actualOrCtx, args...) } // ConsistentlyWithOffset operates like Consistently but takes an additional @@ -400,44 +423,54 @@ func Consistently(actual interface{}, args ...interface{}) AsyncAssertion { // // `ConsistentlyWithOffset` is the same as `Consistently(...).WithOffset` and // optional `WithTimeout` and `WithPolling`. -func ConsistentlyWithOffset(offset int, actual interface{}, args ...interface{}) AsyncAssertion { +func ConsistentlyWithOffset(offset int, actualOrCtx interface{}, args ...interface{}) AsyncAssertion { ensureDefaultGomegaIsConfigured() - return Default.ConsistentlyWithOffset(offset, actual, args...) + return Default.ConsistentlyWithOffset(offset, actualOrCtx, args...) } /* -StopTrying can be used to signal to Eventually and Consistently that the polled function will not change -and that they should stop trying. In the case of Eventually, if a match does not occur in this, final, iteration then a failure will result. In the case of Consistently, as long as this last iteration satisfies the match, the assertion will be considered successful. +StopTrying can be used to signal to Eventually and Consistentlythat they should abort and stop trying. This always results in a failure of the assertion - and the failure message is the content of the StopTrying signal. + +You can send the StopTrying signal by either returning StopTrying("message") as an error from your passed-in function _or_ by calling StopTrying("message").Now() to trigger a panic and end execution. -You can send the StopTrying signal by either returning a StopTrying("message") messages as an error from your passed-in function _or_ by calling StopTrying("message").Now() to trigger a panic and end execution. +You can also wrap StopTrying around an error with `StopTrying("message").Wrap(err)` and can attach additional objects via `StopTrying("message").Attach("description", object). When rendered, the signal will include the wrapped error and any attached objects rendered using Gomega's default formatting. Here are a couple of examples. This is how you might use StopTrying() as an error to signal that Eventually should stop: playerIndex, numPlayers := 0, 11 Eventually(func() (string, error) { - name := client.FetchPlayer(playerIndex) - playerIndex += 1 - if playerIndex == numPlayers { - return name, StopTrying("No more players left") - } else { - return name, nil - } + if playerIndex == numPlayers { + return "", StopTrying("no more players left") + } + name := client.FetchPlayer(playerIndex) + playerIndex += 1 + return name, nil }).Should(Equal("Patrick Mahomes")) -note that the final `name` returned alongside `StopTrying()` will be processed. - And here's an example where `StopTrying().Now()` is called to halt execution immediately: Eventually(func() []string { names, err := client.FetchAllPlayers() if err == client.IRRECOVERABLE_ERROR { - StopTrying("Irrecoverable error occurred").Now() + StopTrying("Irrecoverable error occurred").Wrap(err).Now() } return names }).Should(ContainElement("Patrick Mahomes")) */ var StopTrying = internal.StopTrying +/* +TryAgainAfter() allows you to adjust the polling interval for the _next_ iteration of `Eventually` or `Consistently`. Like `StopTrying` you can either return `TryAgainAfter` as an error or trigger it immedieately with `.Now()` + +When `TryAgainAfter(` is triggered `Eventually` and `Consistently` will wait for that duration. If a timeout occurs before the next poll is triggered both `Eventually` and `Consistently` will always fail with the content of the TryAgainAfter message. As with StopTrying you can `.Wrap()` and error and `.Attach()` additional objects to `TryAgainAfter`. +*/ +var TryAgainAfter = internal.TryAgainAfter + +/* +PollingSignalError is the error returned by StopTrying() and TryAgainAfter() +*/ +type PollingSignalError = internal.PollingSignalError + // SetDefaultEventuallyTimeout sets the default timeout duration for Eventually. Eventually will repeatedly poll your condition until it succeeds, or until this timeout elapses. func SetDefaultEventuallyTimeout(t time.Duration) { Default.SetDefaultEventuallyTimeout(t) @@ -471,8 +504,8 @@ func SetDefaultConsistentlyPollingInterval(t time.Duration) { // // Example: // -// Eventually(myChannel).Should(Receive(), "Something should have come down the pipe.") -// Consistently(myChannel).ShouldNot(Receive(), func() string { return "Nothing should have come down the pipe." }) +// Eventually(myChannel).Should(Receive(), "Something should have come down the pipe.") +// Consistently(myChannel).ShouldNot(Receive(), func() string { return "Nothing should have come down the pipe." }) type AsyncAssertion = types.AsyncAssertion // GomegaAsyncAssertion is deprecated in favor of AsyncAssertion, which does not stutter. @@ -494,7 +527,7 @@ type GomegaAsyncAssertion = types.AsyncAssertion // // Example: // -// Ω(farm.HasCow()).Should(BeTrue(), "Farm %v should have a cow", farm) +// Ω(farm.HasCow()).Should(BeTrue(), "Farm %v should have a cow", farm) type Assertion = types.Assertion // GomegaAssertion is deprecated in favor of Assertion, which does not stutter. diff --git a/vendor/github.com/onsi/gomega/internal/assertion.go b/vendor/github.com/onsi/gomega/internal/assertion.go index 7b7bdd149..08356a610 100644 --- a/vendor/github.com/onsi/gomega/internal/assertion.go +++ b/vendor/github.com/onsi/gomega/internal/assertion.go @@ -4,6 +4,7 @@ import ( "fmt" "reflect" + "github.com/onsi/gomega/format" "github.com/onsi/gomega/types" ) @@ -146,7 +147,12 @@ func vetActuals(actuals []interface{}, skipIndex int) (bool, string) { if actual != nil { zeroValue := reflect.Zero(reflect.TypeOf(actual)).Interface() if !reflect.DeepEqual(zeroValue, actual) { - message := fmt.Sprintf("Unexpected non-nil/non-zero argument at index %d:\n\t<%T>: %#v", i, actual, actual) + var message string + if err, ok := actual.(error); ok { + message = fmt.Sprintf("Unexpected error: %s\n%s", err, format.Object(err, 1)) + } else { + message = fmt.Sprintf("Unexpected non-nil/non-zero argument at index %d:\n\t<%T>: %#v", i, actual, actual) + } return false, message } } diff --git a/vendor/github.com/onsi/gomega/internal/async_assertion.go b/vendor/github.com/onsi/gomega/internal/async_assertion.go index df552fdb5..1188b0bce 100644 --- a/vendor/github.com/onsi/gomega/internal/async_assertion.go +++ b/vendor/github.com/onsi/gomega/internal/async_assertion.go @@ -2,43 +2,50 @@ package internal import ( "context" + "errors" "fmt" "reflect" "runtime" "sync" "time" + "github.com/onsi/gomega/format" "github.com/onsi/gomega/types" ) -type StopTryingError interface { - error - Now() - wasViaPanic() bool +var errInterface = reflect.TypeOf((*error)(nil)).Elem() +var gomegaType = reflect.TypeOf((*types.Gomega)(nil)).Elem() +var contextType = reflect.TypeOf(new(context.Context)).Elem() + +type formattedGomegaError interface { + FormattedGomegaError() string } -type stopTryingError struct { - message string - viaPanic bool +type asyncPolledActualError struct { + message string } -func (s *stopTryingError) Error() string { - return s.message +func (err *asyncPolledActualError) Error() string { + return err.message } -func (s *stopTryingError) Now() { - s.viaPanic = true - panic(s) +func (err *asyncPolledActualError) FormattedGomegaError() string { + return err.message } -func (s *stopTryingError) wasViaPanic() bool { - return s.viaPanic +type contextWithAttachProgressReporter interface { + AttachProgressReporter(func() string) func() } -var stopTryingErrorType = reflect.TypeOf(&stopTryingError{}) +type asyncGomegaHaltExecutionError struct{} + +func (a asyncGomegaHaltExecutionError) GinkgoRecoverShouldIgnoreThisPanic() {} +func (a asyncGomegaHaltExecutionError) Error() string { + return `An assertion has failed in a goroutine. You should call + + defer GinkgoRecover() -var StopTrying = func(message string) StopTryingError { - return &stopTryingError{message: message} +at the top of the goroutine that caused this panic. This will allow Ginkgo and Gomega to correctly capture and manage this panic.` } type AsyncAssertionType uint @@ -65,21 +72,23 @@ type AsyncAssertion struct { actual interface{} argsToForward []interface{} - timeoutInterval time.Duration - pollingInterval time.Duration - ctx context.Context - offset int - g *Gomega + timeoutInterval time.Duration + pollingInterval time.Duration + mustPassRepeatedly int + ctx context.Context + offset int + g *Gomega } -func NewAsyncAssertion(asyncType AsyncAssertionType, actualInput interface{}, g *Gomega, timeoutInterval time.Duration, pollingInterval time.Duration, ctx context.Context, offset int) *AsyncAssertion { +func NewAsyncAssertion(asyncType AsyncAssertionType, actualInput interface{}, g *Gomega, timeoutInterval time.Duration, pollingInterval time.Duration, mustPassRepeatedly int, ctx context.Context, offset int) *AsyncAssertion { out := &AsyncAssertion{ - asyncType: asyncType, - timeoutInterval: timeoutInterval, - pollingInterval: pollingInterval, - offset: offset, - ctx: ctx, - g: g, + asyncType: asyncType, + timeoutInterval: timeoutInterval, + pollingInterval: pollingInterval, + mustPassRepeatedly: mustPassRepeatedly, + offset: offset, + ctx: ctx, + g: g, } out.actual = actualInput @@ -125,6 +134,11 @@ func (assertion *AsyncAssertion) WithArguments(argsToForward ...interface{}) typ return assertion } +func (assertion *AsyncAssertion) MustPassRepeatedly(count int) types.AsyncAssertion { + assertion.mustPassRepeatedly = count + return assertion +} + func (assertion *AsyncAssertion) Should(matcher types.GomegaMatcher, optionalDescription ...interface{}) bool { assertion.g.THelper() vetOptionalDescription("Asynchronous assertion", optionalDescription...) @@ -149,40 +163,44 @@ func (assertion *AsyncAssertion) buildDescription(optionalDescription ...interfa return fmt.Sprintf(optionalDescription[0].(string), optionalDescription[1:]...) + "\n" } -func (assertion *AsyncAssertion) processReturnValues(values []reflect.Value) (interface{}, error, StopTryingError) { - var err error - var stopTrying StopTryingError - +func (assertion *AsyncAssertion) processReturnValues(values []reflect.Value) (interface{}, error) { if len(values) == 0 { - return nil, fmt.Errorf("No values were returned by the function passed to Gomega"), stopTrying + return nil, &asyncPolledActualError{ + message: fmt.Sprintf("The function passed to %s did not return any values", assertion.asyncType), + } } + actual := values[0].Interface() - if actual != nil && reflect.TypeOf(actual) == stopTryingErrorType { - stopTrying = actual.(StopTryingError) + if _, ok := AsPollingSignalError(actual); ok { + return actual, actual.(error) } + + var err error for i, extraValue := range values[1:] { extra := extraValue.Interface() if extra == nil { continue } - extraType := reflect.TypeOf(extra) - if extraType == stopTryingErrorType { - stopTrying = extra.(StopTryingError) - continue + if _, ok := AsPollingSignalError(extra); ok { + return actual, extra.(error) } + extraType := reflect.TypeOf(extra) zero := reflect.Zero(extraType).Interface() if reflect.DeepEqual(extra, zero) { continue } + if i == len(values)-2 && extraType.Implements(errInterface) { + err = extra.(error) + } if err == nil { - err = fmt.Errorf("Unexpected non-nil/non-zero argument at index %d:\n\t<%T>: %#v", i+1, extra, extra) + err = &asyncPolledActualError{ + message: fmt.Sprintf("The function passed to %s had an unexpected non-nil/non-zero return value at index %d:\n%s", assertion.asyncType, i+1, format.Object(extra, 1)), + } } } - return actual, err, stopTrying -} -var gomegaType = reflect.TypeOf((*types.Gomega)(nil)).Elem() -var contextType = reflect.TypeOf(new(context.Context)).Elem() + return actual, err +} func (assertion *AsyncAssertion) invalidFunctionError(t reflect.Type) error { return fmt.Errorf(`The function passed to %s had an invalid signature of %s. Functions passed to %s must either: @@ -212,9 +230,16 @@ You can learn more at https://onsi.github.io/gomega/#eventually `, assertion.asyncType, t, t.NumIn(), numProvided, have, assertion.asyncType) } -func (assertion *AsyncAssertion) buildActualPoller() (func() (interface{}, error, StopTryingError), error) { +func (assertion *AsyncAssertion) invalidMustPassRepeatedlyError(reason string) error { + return fmt.Errorf(`Invalid use of MustPassRepeatedly with %s %s + +You can learn more at https://onsi.github.io/gomega/#eventually +`, assertion.asyncType, reason) +} + +func (assertion *AsyncAssertion) buildActualPoller() (func() (interface{}, error), error) { if !assertion.actualIsFunc { - return func() (interface{}, error, StopTryingError) { return assertion.actual, nil, nil }, nil + return func() (interface{}, error) { return assertion.actual, nil }, nil } actualValue := reflect.ValueOf(assertion.actual) actualType := reflect.TypeOf(assertion.actual) @@ -222,23 +247,11 @@ func (assertion *AsyncAssertion) buildActualPoller() (func() (interface{}, error if numIn == 0 && numOut == 0 { return nil, assertion.invalidFunctionError(actualType) - } else if numIn == 0 { - return func() (actual interface{}, err error, stopTrying StopTryingError) { - defer func() { - if e := recover(); e != nil { - if reflect.TypeOf(e) == stopTryingErrorType { - stopTrying = e.(StopTryingError) - } else { - panic(e) - } - } - }() - - actual, err, stopTrying = assertion.processReturnValues(actualValue.Call([]reflect.Value{})) - return - }, nil } - takesGomega, takesContext := actualType.In(0).Implements(gomegaType), actualType.In(0).Implements(contextType) + takesGomega, takesContext := false, false + if numIn > 0 { + takesGomega, takesContext = actualType.In(0).Implements(gomegaType), actualType.In(0).Implements(contextType) + } if takesGomega && numIn > 1 && actualType.In(1).Implements(contextType) { takesContext = true } @@ -261,8 +274,11 @@ func (assertion *AsyncAssertion) buildActualPoller() (func() (interface{}, error skip = callerSkip[0] } _, file, line, _ := runtime.Caller(skip + 1) - assertionFailure = fmt.Errorf("Assertion in callback at %s:%d failed:\n%s", file, line, message) - panic("stop execution") + assertionFailure = &asyncPolledActualError{ + message: fmt.Sprintf("The function passed to %s failed at %s:%d with:\n%s", assertion.asyncType, file, line, message), + } + // we throw an asyncGomegaHaltExecutionError so that defer GinkgoRecover() can catch this error if the user makes an assertion in a goroutine + panic(asyncGomegaHaltExecutionError{}) }))) } if takesContext { @@ -278,21 +294,29 @@ func (assertion *AsyncAssertion) buildActualPoller() (func() (interface{}, error return nil, assertion.argumentMismatchError(actualType, len(inValues)) } - return func() (actual interface{}, err error, stopTrying StopTryingError) { + if assertion.mustPassRepeatedly != 1 && assertion.asyncType != AsyncAssertionTypeEventually { + return nil, assertion.invalidMustPassRepeatedlyError("it can only be used with Eventually") + } + if assertion.mustPassRepeatedly < 1 { + return nil, assertion.invalidMustPassRepeatedlyError("parameter can't be < 1") + } + + return func() (actual interface{}, err error) { var values []reflect.Value assertionFailure = nil defer func() { - if numOut == 0 { + if numOut == 0 && takesGomega { actual = assertionFailure } else { - actual, err, stopTrying = assertion.processReturnValues(values) - if assertionFailure != nil { + actual, err = assertion.processReturnValues(values) + _, isAsyncError := AsPollingSignalError(err) + if assertionFailure != nil && !isAsyncError { err = assertionFailure } } if e := recover(); e != nil { - if reflect.TypeOf(e) == stopTryingErrorType { - stopTrying = e.(StopTryingError) + if _, isAsyncError := AsPollingSignalError(e); isAsyncError { + err = e.(error) } else if assertionFailure == nil { panic(e) } @@ -303,58 +327,150 @@ func (assertion *AsyncAssertion) buildActualPoller() (func() (interface{}, error }, nil } -func (assertion *AsyncAssertion) matcherSaysStopTrying(matcher types.GomegaMatcher, value interface{}) StopTryingError { +func (assertion *AsyncAssertion) afterTimeout() <-chan time.Time { + if assertion.timeoutInterval >= 0 { + return time.After(assertion.timeoutInterval) + } + + if assertion.asyncType == AsyncAssertionTypeConsistently { + return time.After(assertion.g.DurationBundle.ConsistentlyDuration) + } else { + if assertion.ctx == nil { + return time.After(assertion.g.DurationBundle.EventuallyTimeout) + } else { + return nil + } + } +} + +func (assertion *AsyncAssertion) afterPolling() <-chan time.Time { + if assertion.pollingInterval >= 0 { + return time.After(assertion.pollingInterval) + } + if assertion.asyncType == AsyncAssertionTypeConsistently { + return time.After(assertion.g.DurationBundle.ConsistentlyPollingInterval) + } else { + return time.After(assertion.g.DurationBundle.EventuallyPollingInterval) + } +} + +func (assertion *AsyncAssertion) matcherSaysStopTrying(matcher types.GomegaMatcher, value interface{}) bool { if assertion.actualIsFunc || types.MatchMayChangeInTheFuture(matcher, value) { - return nil + return false } - return StopTrying("No future change is possible. Bailing out early") + return true } -type contextWithAttachProgressReporter interface { - AttachProgressReporter(func() string) func() +func (assertion *AsyncAssertion) pollMatcher(matcher types.GomegaMatcher, value interface{}) (matches bool, err error) { + defer func() { + if e := recover(); e != nil { + if _, isAsyncError := AsPollingSignalError(e); isAsyncError { + err = e.(error) + } else { + panic(e) + } + } + }() + + matches, err = matcher.Match(value) + + return } func (assertion *AsyncAssertion) match(matcher types.GomegaMatcher, desiredMatch bool, optionalDescription ...interface{}) bool { timer := time.Now() - timeout := time.After(assertion.timeoutInterval) + timeout := assertion.afterTimeout() lock := sync.Mutex{} - var matches bool - var err error + var matches, hasLastValidActual bool + var actual, lastValidActual interface{} + var actualErr, matcherErr error + var oracleMatcherSaysStop bool assertion.g.THelper() - pollActual, err := assertion.buildActualPoller() - if err != nil { - assertion.g.Fail(err.Error(), 2+assertion.offset) + pollActual, buildActualPollerErr := assertion.buildActualPoller() + if buildActualPollerErr != nil { + assertion.g.Fail(buildActualPollerErr.Error(), 2+assertion.offset) return false } - value, err, stopTrying := pollActual() - if err == nil { - if stopTrying == nil { - stopTrying = assertion.matcherSaysStopTrying(matcher, value) + actual, actualErr = pollActual() + if actualErr == nil { + lastValidActual = actual + hasLastValidActual = true + oracleMatcherSaysStop = assertion.matcherSaysStopTrying(matcher, actual) + matches, matcherErr = assertion.pollMatcher(matcher, actual) + } + + renderError := func(preamble string, err error) string { + message := "" + if pollingSignalErr, ok := AsPollingSignalError(err); ok { + message = err.Error() + for _, attachment := range pollingSignalErr.Attachments { + message += fmt.Sprintf("\n%s:\n", attachment.Description) + message += format.Object(attachment.Object, 1) + } + } else { + message = preamble + "\n" + format.Object(err, 1) } - matches, err = matcher.Match(value) + return message } messageGenerator := func() string { // can be called out of band by Ginkgo if the user requests a progress report lock.Lock() defer lock.Unlock() - errMsg := "" message := "" - if err != nil { - errMsg = "Error: " + err.Error() + + if actualErr == nil { + if matcherErr == nil { + if desiredMatch != matches { + if desiredMatch { + message += matcher.FailureMessage(actual) + } else { + message += matcher.NegatedFailureMessage(actual) + } + } else { + if assertion.asyncType == AsyncAssertionTypeConsistently { + message += "There is no failure as the matcher passed to Consistently has not yet failed" + } else { + message += "There is no failure as the matcher passed to Eventually succeeded on its most recent iteration" + } + } + } else { + var fgErr formattedGomegaError + if errors.As(actualErr, &fgErr) { + message += fgErr.FormattedGomegaError() + "\n" + } else { + message += renderError(fmt.Sprintf("The matcher passed to %s returned the following error:", assertion.asyncType), matcherErr) + } + } } else { - if desiredMatch { - message = matcher.FailureMessage(value) + var fgErr formattedGomegaError + if errors.As(actualErr, &fgErr) { + message += fgErr.FormattedGomegaError() + "\n" } else { - message = matcher.NegatedFailureMessage(value) + message += renderError(fmt.Sprintf("The function passed to %s returned the following error:", assertion.asyncType), actualErr) + } + if hasLastValidActual { + message += fmt.Sprintf("\nAt one point, however, the function did return successfully.\nYet, %s failed because", assertion.asyncType) + _, e := matcher.Match(lastValidActual) + if e != nil { + message += renderError(" the matcher returned the following error:", e) + } else { + message += " the matcher was not satisfied:\n" + if desiredMatch { + message += matcher.FailureMessage(lastValidActual) + } else { + message += matcher.NegatedFailureMessage(lastValidActual) + } + } } } + description := assertion.buildDescription(optionalDescription...) - return fmt.Sprintf("%s%s%s", description, message, errMsg) + return fmt.Sprintf("%s%s", description, message) } fail := func(preamble string) { @@ -371,84 +487,85 @@ func (assertion *AsyncAssertion) match(matcher types.GomegaMatcher, desiredMatch } } - if assertion.asyncType == AsyncAssertionTypeEventually { - for { - if err == nil && matches == desiredMatch { - return true - } + // Used to count the number of times in a row a step passed + passedRepeatedlyCount := 0 + for { + var nextPoll <-chan time.Time = nil + var isTryAgainAfterError = false - if stopTrying != nil { - fail(stopTrying.Error() + " -") - return false - } - - select { - case <-time.After(assertion.pollingInterval): - v, e, st := pollActual() - if st != nil && st.wasViaPanic() { - // we were told to stop trying via panic - which means we dont' have reasonable new values - // we should simply use the old values and exit now - fail(st.Error() + " -") + for _, err := range []error{actualErr, matcherErr} { + if pollingSignalErr, ok := AsPollingSignalError(err); ok { + if pollingSignalErr.IsStopTrying() { + fail("Told to stop trying") return false } - lock.Lock() - value, err, stopTrying = v, e, st - lock.Unlock() - if err == nil { - if stopTrying == nil { - stopTrying = assertion.matcherSaysStopTrying(matcher, value) - } - matches, e = matcher.Match(value) - lock.Lock() - err = e - lock.Unlock() + if pollingSignalErr.IsTryAgainAfter() { + nextPoll = time.After(pollingSignalErr.TryAgainDuration()) + isTryAgainAfterError = true } - case <-contextDone: - fail("Context was cancelled") - return false - case <-timeout: - fail("Timed out") - return false } } - } else if assertion.asyncType == AsyncAssertionTypeConsistently { - for { - if !(err == nil && matches == desiredMatch) { + + if actualErr == nil && matcherErr == nil && matches == desiredMatch { + if assertion.asyncType == AsyncAssertionTypeEventually { + passedRepeatedlyCount += 1 + if passedRepeatedlyCount == assertion.mustPassRepeatedly { + return true + } + } + } else if !isTryAgainAfterError { + if assertion.asyncType == AsyncAssertionTypeConsistently { fail("Failed") return false } + // Reset the consecutive pass count + passedRepeatedlyCount = 0 + } - if stopTrying != nil { + if oracleMatcherSaysStop { + if assertion.asyncType == AsyncAssertionTypeEventually { + fail("No future change is possible. Bailing out early") + return false + } else { return true } + } - select { - case <-time.After(assertion.pollingInterval): - v, e, st := pollActual() - if st != nil && st.wasViaPanic() { - // we were told to stop trying via panic - which means we made it this far and should return successfully - return true - } + if nextPoll == nil { + nextPoll = assertion.afterPolling() + } + + select { + case <-nextPoll: + a, e := pollActual() + lock.Lock() + actual, actualErr = a, e + lock.Unlock() + if actualErr == nil { lock.Lock() - value, err, stopTrying = v, e, st + lastValidActual = actual + hasLastValidActual = true lock.Unlock() - if err == nil { - if stopTrying == nil { - stopTrying = assertion.matcherSaysStopTrying(matcher, value) - } - matches, e = matcher.Match(value) - lock.Lock() - err = e - lock.Unlock() - } - case <-contextDone: - fail("Context was cancelled") + oracleMatcherSaysStop = assertion.matcherSaysStopTrying(matcher, actual) + m, e := assertion.pollMatcher(matcher, actual) + lock.Lock() + matches, matcherErr = m, e + lock.Unlock() + } + case <-contextDone: + fail("Context was cancelled") + return false + case <-timeout: + if assertion.asyncType == AsyncAssertionTypeEventually { + fail("Timed out") return false - case <-timeout: + } else { + if isTryAgainAfterError { + fail("Timed out while waiting on TryAgainAfter") + return false + } return true } } } - - return false } diff --git a/vendor/github.com/onsi/gomega/internal/duration_bundle.go b/vendor/github.com/onsi/gomega/internal/duration_bundle.go index af8d989fa..6e0d90d3a 100644 --- a/vendor/github.com/onsi/gomega/internal/duration_bundle.go +++ b/vendor/github.com/onsi/gomega/internal/duration_bundle.go @@ -44,28 +44,28 @@ func durationFromEnv(key string, defaultDuration time.Duration) time.Duration { return duration } -func toDuration(input interface{}) time.Duration { +func toDuration(input interface{}) (time.Duration, error) { duration, ok := input.(time.Duration) if ok { - return duration + return duration, nil } value := reflect.ValueOf(input) kind := reflect.TypeOf(input).Kind() if reflect.Int <= kind && kind <= reflect.Int64 { - return time.Duration(value.Int()) * time.Second + return time.Duration(value.Int()) * time.Second, nil } else if reflect.Uint <= kind && kind <= reflect.Uint64 { - return time.Duration(value.Uint()) * time.Second + return time.Duration(value.Uint()) * time.Second, nil } else if reflect.Float32 <= kind && kind <= reflect.Float64 { - return time.Duration(value.Float() * float64(time.Second)) + return time.Duration(value.Float() * float64(time.Second)), nil } else if reflect.String == kind { duration, err := time.ParseDuration(value.String()) if err != nil { - panic(fmt.Sprintf("%#v is not a valid parsable duration string.", input)) + return 0, fmt.Errorf("%#v is not a valid parsable duration string: %w", input, err) } - return duration + return duration, nil } - panic(fmt.Sprintf("%v is not a valid interval. Must be time.Duration, parsable duration string or a number.", input)) + return 0, fmt.Errorf("%#v is not a valid interval. Must be a time.Duration, a parsable duration string, or a number.", input) } diff --git a/vendor/github.com/onsi/gomega/internal/gomega.go b/vendor/github.com/onsi/gomega/internal/gomega.go index 52a6b243c..de1f4f336 100644 --- a/vendor/github.com/onsi/gomega/internal/gomega.go +++ b/vendor/github.com/onsi/gomega/internal/gomega.go @@ -52,43 +52,42 @@ func (g *Gomega) ExpectWithOffset(offset int, actual interface{}, extra ...inter return NewAssertion(actual, g, offset, extra...) } -func (g *Gomega) Eventually(actual interface{}, intervals ...interface{}) types.AsyncAssertion { - return g.EventuallyWithOffset(0, actual, intervals...) +func (g *Gomega) Eventually(actualOrCtx interface{}, args ...interface{}) types.AsyncAssertion { + return g.makeAsyncAssertion(AsyncAssertionTypeEventually, 0, actualOrCtx, args...) } -func (g *Gomega) EventuallyWithOffset(offset int, actual interface{}, args ...interface{}) types.AsyncAssertion { - timeoutInterval := g.DurationBundle.EventuallyTimeout - pollingInterval := g.DurationBundle.EventuallyPollingInterval - intervals := []interface{}{} - var ctx context.Context - for _, arg := range args { - switch v := arg.(type) { - case context.Context: - ctx = v - default: - intervals = append(intervals, arg) - } - } - if len(intervals) > 0 { - timeoutInterval = toDuration(intervals[0]) - } - if len(intervals) > 1 { - pollingInterval = toDuration(intervals[1]) - } +func (g *Gomega) EventuallyWithOffset(offset int, actualOrCtx interface{}, args ...interface{}) types.AsyncAssertion { + return g.makeAsyncAssertion(AsyncAssertionTypeEventually, offset, actualOrCtx, args...) +} - return NewAsyncAssertion(AsyncAssertionTypeEventually, actual, g, timeoutInterval, pollingInterval, ctx, offset) +func (g *Gomega) Consistently(actualOrCtx interface{}, args ...interface{}) types.AsyncAssertion { + return g.makeAsyncAssertion(AsyncAssertionTypeConsistently, 0, actualOrCtx, args...) } -func (g *Gomega) Consistently(actual interface{}, intervals ...interface{}) types.AsyncAssertion { - return g.ConsistentlyWithOffset(0, actual, intervals...) +func (g *Gomega) ConsistentlyWithOffset(offset int, actualOrCtx interface{}, args ...interface{}) types.AsyncAssertion { + return g.makeAsyncAssertion(AsyncAssertionTypeConsistently, offset, actualOrCtx, args...) } -func (g *Gomega) ConsistentlyWithOffset(offset int, actual interface{}, args ...interface{}) types.AsyncAssertion { - timeoutInterval := g.DurationBundle.ConsistentlyDuration - pollingInterval := g.DurationBundle.ConsistentlyPollingInterval +func (g *Gomega) makeAsyncAssertion(asyncAssertionType AsyncAssertionType, offset int, actualOrCtx interface{}, args ...interface{}) types.AsyncAssertion { + baseOffset := 3 + timeoutInterval := -time.Duration(1) + pollingInterval := -time.Duration(1) intervals := []interface{}{} var ctx context.Context - for _, arg := range args { + + actual := actualOrCtx + startingIndex := 0 + if _, isCtx := actualOrCtx.(context.Context); isCtx && len(args) > 0 { + // the first argument is a context, we should accept it as the context _only if_ it is **not** the only argumnent **and** the second argument is not a parseable duration + // this is due to an unfortunate ambiguity in early version of Gomega in which multi-type durations are allowed after the actual + if _, err := toDuration(args[0]); err != nil { + ctx = actualOrCtx.(context.Context) + actual = args[0] + startingIndex = 1 + } + } + + for _, arg := range args[startingIndex:] { switch v := arg.(type) { case context.Context: ctx = v @@ -96,14 +95,21 @@ func (g *Gomega) ConsistentlyWithOffset(offset int, actual interface{}, args ... intervals = append(intervals, arg) } } + var err error if len(intervals) > 0 { - timeoutInterval = toDuration(intervals[0]) + timeoutInterval, err = toDuration(intervals[0]) + if err != nil { + g.Fail(err.Error(), offset+baseOffset) + } } if len(intervals) > 1 { - pollingInterval = toDuration(intervals[1]) + pollingInterval, err = toDuration(intervals[1]) + if err != nil { + g.Fail(err.Error(), offset+baseOffset) + } } - return NewAsyncAssertion(AsyncAssertionTypeConsistently, actual, g, timeoutInterval, pollingInterval, ctx, offset) + return NewAsyncAssertion(asyncAssertionType, actual, g, timeoutInterval, pollingInterval, 1, ctx, offset) } func (g *Gomega) SetDefaultEventuallyTimeout(t time.Duration) { diff --git a/vendor/github.com/onsi/gomega/internal/polling_signal_error.go b/vendor/github.com/onsi/gomega/internal/polling_signal_error.go new file mode 100644 index 000000000..83b04b1a4 --- /dev/null +++ b/vendor/github.com/onsi/gomega/internal/polling_signal_error.go @@ -0,0 +1,106 @@ +package internal + +import ( + "errors" + "fmt" + "time" +) + +type PollingSignalErrorType int + +const ( + PollingSignalErrorTypeStopTrying PollingSignalErrorType = iota + PollingSignalErrorTypeTryAgainAfter +) + +type PollingSignalError interface { + error + Wrap(err error) PollingSignalError + Attach(description string, obj any) PollingSignalError + Now() +} + +var StopTrying = func(message string) PollingSignalError { + return &PollingSignalErrorImpl{ + message: message, + pollingSignalErrorType: PollingSignalErrorTypeStopTrying, + } +} + +var TryAgainAfter = func(duration time.Duration) PollingSignalError { + return &PollingSignalErrorImpl{ + message: fmt.Sprintf("told to try again after %s", duration), + duration: duration, + pollingSignalErrorType: PollingSignalErrorTypeTryAgainAfter, + } +} + +type PollingSignalErrorAttachment struct { + Description string + Object any +} + +type PollingSignalErrorImpl struct { + message string + wrappedErr error + pollingSignalErrorType PollingSignalErrorType + duration time.Duration + Attachments []PollingSignalErrorAttachment +} + +func (s *PollingSignalErrorImpl) Wrap(err error) PollingSignalError { + s.wrappedErr = err + return s +} + +func (s *PollingSignalErrorImpl) Attach(description string, obj any) PollingSignalError { + s.Attachments = append(s.Attachments, PollingSignalErrorAttachment{description, obj}) + return s +} + +func (s *PollingSignalErrorImpl) Error() string { + if s.wrappedErr == nil { + return s.message + } else { + return s.message + ": " + s.wrappedErr.Error() + } +} + +func (s *PollingSignalErrorImpl) Unwrap() error { + if s == nil { + return nil + } + return s.wrappedErr +} + +func (s *PollingSignalErrorImpl) Now() { + panic(s) +} + +func (s *PollingSignalErrorImpl) IsStopTrying() bool { + return s.pollingSignalErrorType == PollingSignalErrorTypeStopTrying +} + +func (s *PollingSignalErrorImpl) IsTryAgainAfter() bool { + return s.pollingSignalErrorType == PollingSignalErrorTypeTryAgainAfter +} + +func (s *PollingSignalErrorImpl) TryAgainDuration() time.Duration { + return s.duration +} + +func AsPollingSignalError(actual interface{}) (*PollingSignalErrorImpl, bool) { + if actual == nil { + return nil, false + } + if actualErr, ok := actual.(error); ok { + var target *PollingSignalErrorImpl + if errors.As(actualErr, &target) { + return target, true + } else { + return nil, false + } + } + + return nil, false +} diff --git a/vendor/github.com/onsi/gomega/matchers.go b/vendor/github.com/onsi/gomega/matchers.go index f9d9f2aad..b832f3dba 100644 --- a/vendor/github.com/onsi/gomega/matchers.go +++ b/vendor/github.com/onsi/gomega/matchers.go @@ -27,7 +27,8 @@ func BeEquivalentTo(expected interface{}) types.GomegaMatcher { } } -// BeComparableTo uses gocmp.Equal to compare. You can pass cmp.Option as options. +// BeComparableTo uses gocmp.Equal from github.com/google/go-cmp (instead of reflect.DeepEqual) to perform a deep comparison. +// You can pass cmp.Option as options. // It is an error for actual and expected to be nil. Use BeNil() instead. func BeComparableTo(expected interface{}, opts ...cmp.Option) types.GomegaMatcher { return &matchers.BeComparableToMatcher{ @@ -86,14 +87,17 @@ func Succeed() types.GomegaMatcher { return &matchers.SucceedMatcher{} } -// MatchError succeeds if actual is a non-nil error that matches the passed in string/error. +// MatchError succeeds if actual is a non-nil error that matches the passed in +// string, error, or matcher. // // These are valid use-cases: // -// Expect(err).Should(MatchError("an error")) //asserts that err.Error() == "an error" -// Expect(err).Should(MatchError(SomeError)) //asserts that err == SomeError (via reflect.DeepEqual) +// Expect(err).Should(MatchError("an error")) //asserts that err.Error() == "an error" +// Expect(err).Should(MatchError(SomeError)) //asserts that err == SomeError (via reflect.DeepEqual) +// Expect(err).Should(MatchError(ContainsSubstring("sprocket not found"))) // asserts that edrr.Error() contains substring "sprocket not found" // -// It is an error for err to be nil or an object that does not implement the Error interface +// It is an error for err to be nil or an object that does not implement the +// Error interface func MatchError(expected interface{}) types.GomegaMatcher { return &matchers.MatchErrorMatcher{ Expected: expected, @@ -348,6 +352,20 @@ func ConsistOf(elements ...interface{}) types.GomegaMatcher { } } +// HaveExactElemets succeeds if actual contains elements that precisely match the elemets passed into the matcher. The ordering of the elements does matter. +// By default HaveExactElements() uses Equal() to match the elements, however custom matchers can be passed in instead. Here are some examples: +// +// Expect([]string{"Foo", "FooBar"}).Should(HaveExactElements("Foo", "FooBar")) +// Expect([]string{"Foo", "FooBar"}).Should(HaveExactElements("Foo", ContainSubstring("Bar"))) +// Expect([]string{"Foo", "FooBar"}).Should(HaveExactElements(ContainSubstring("Foo"), ContainSubstring("Foo"))) +// +// Actual must be an array or slice. +func HaveExactElements(elements ...interface{}) types.GomegaMatcher { + return &matchers.HaveExactElementsMatcher{ + Elements: elements, + } +} + // ContainElements succeeds if actual contains the passed in elements. The ordering of the elements does not matter. // By default ContainElements() uses Equal() to match the elements, however custom matchers can be passed in instead. Here are some examples: // diff --git a/vendor/github.com/onsi/gomega/matchers/consist_of.go b/vendor/github.com/onsi/gomega/matchers/consist_of.go index e8ef0dee1..f69037a4f 100644 --- a/vendor/github.com/onsi/gomega/matchers/consist_of.go +++ b/vendor/github.com/onsi/gomega/matchers/consist_of.go @@ -48,11 +48,13 @@ func neighbours(value, matcher interface{}) (bool, error) { func equalMatchersToElements(matchers []interface{}) (elements []interface{}) { for _, matcher := range matchers { - equalMatcher, ok := matcher.(*EqualMatcher) - if ok { - matcher = equalMatcher.Expected + if equalMatcher, ok := matcher.(*EqualMatcher); ok { + elements = append(elements, equalMatcher.Expected) + } else if _, ok := matcher.(*BeNilMatcher); ok { + elements = append(elements, nil) + } else { + elements = append(elements, matcher) } - elements = append(elements, matcher) } return } @@ -72,11 +74,13 @@ func flatten(elems []interface{}) []interface{} { func matchers(expectedElems []interface{}) (matchers []interface{}) { for _, e := range flatten(expectedElems) { - matcher, isMatcher := e.(omegaMatcher) - if !isMatcher { - matcher = &EqualMatcher{Expected: e} + if e == nil { + matchers = append(matchers, &BeNilMatcher{}) + } else if matcher, isMatcher := e.(omegaMatcher); isMatcher { + matchers = append(matchers, matcher) + } else { + matchers = append(matchers, &EqualMatcher{Expected: e}) } - matchers = append(matchers, matcher) } return } @@ -89,9 +93,14 @@ func presentable(elems []interface{}) interface{} { } sv := reflect.ValueOf(elems) - tt := sv.Index(0).Elem().Type() + firstEl := sv.Index(0) + if firstEl.IsNil() { + return elems + } + tt := firstEl.Elem().Type() for i := 1; i < sv.Len(); i++ { - if sv.Index(i).Elem().Type() != tt { + el := sv.Index(i) + if el.IsNil() || (sv.Index(i).Elem().Type() != tt) { return elems } } diff --git a/vendor/github.com/onsi/gomega/matchers/have_exact_elements.go b/vendor/github.com/onsi/gomega/matchers/have_exact_elements.go new file mode 100644 index 000000000..dca5b9446 --- /dev/null +++ b/vendor/github.com/onsi/gomega/matchers/have_exact_elements.go @@ -0,0 +1,88 @@ +package matchers + +import ( + "fmt" + + "github.com/onsi/gomega/format" +) + +type mismatchFailure struct { + failure string + index int +} + +type HaveExactElementsMatcher struct { + Elements []interface{} + mismatchFailures []mismatchFailure + missingIndex int + extraIndex int +} + +func (matcher *HaveExactElementsMatcher) Match(actual interface{}) (success bool, err error) { + matcher.resetState() + + if isMap(actual) { + return false, fmt.Errorf("error") + } + + matchers := matchers(matcher.Elements) + values := valuesOf(actual) + + lenMatchers := len(matchers) + lenValues := len(values) + + for i := 0; i < lenMatchers || i < lenValues; i++ { + if i >= lenMatchers { + matcher.extraIndex = i + continue + } + + if i >= lenValues { + matcher.missingIndex = i + return + } + + elemMatcher := matchers[i].(omegaMatcher) + match, err := elemMatcher.Match(values[i]) + if err != nil { + matcher.mismatchFailures = append(matcher.mismatchFailures, mismatchFailure{ + index: i, + failure: err.Error(), + }) + } else if !match { + matcher.mismatchFailures = append(matcher.mismatchFailures, mismatchFailure{ + index: i, + failure: elemMatcher.FailureMessage(values[i]), + }) + } + } + + return matcher.missingIndex+matcher.extraIndex+len(matcher.mismatchFailures) == 0, nil +} + +func (matcher *HaveExactElementsMatcher) FailureMessage(actual interface{}) (message string) { + message = format.Message(actual, "to have exact elements with", presentable(matcher.Elements)) + if matcher.missingIndex > 0 { + message = fmt.Sprintf("%s\nthe missing elements start from index %d", message, matcher.missingIndex) + } + if matcher.extraIndex > 0 { + message = fmt.Sprintf("%s\nthe extra elements start from index %d", message, matcher.extraIndex) + } + if len(matcher.mismatchFailures) != 0 { + message = fmt.Sprintf("%s\nthe mismatch indexes were:", message) + } + for _, mismatch := range matcher.mismatchFailures { + message = fmt.Sprintf("%s\n%d: %s", message, mismatch.index, mismatch.failure) + } + return +} + +func (matcher *HaveExactElementsMatcher) NegatedFailureMessage(actual interface{}) (message string) { + return format.Message(actual, "not to contain elements", presentable(matcher.Elements)) +} + +func (matcher *HaveExactElementsMatcher) resetState() { + matcher.mismatchFailures = nil + matcher.missingIndex = 0 + matcher.extraIndex = 0 +} diff --git a/vendor/github.com/onsi/gomega/matchers/have_occurred_matcher.go b/vendor/github.com/onsi/gomega/matchers/have_occurred_matcher.go index 5bcfdd2ad..22a1b6730 100644 --- a/vendor/github.com/onsi/gomega/matchers/have_occurred_matcher.go +++ b/vendor/github.com/onsi/gomega/matchers/have_occurred_matcher.go @@ -31,5 +31,5 @@ func (matcher *HaveOccurredMatcher) FailureMessage(actual interface{}) (message } func (matcher *HaveOccurredMatcher) NegatedFailureMessage(actual interface{}) (message string) { - return fmt.Sprintf("Unexpected error:\n%s\n%s\n%s", format.Object(actual, 1), format.IndentString(actual.(error).Error(), 1), "occurred") + return fmt.Sprintf("Unexpected error:\n%s\n%s", format.Object(actual, 1), "occurred") } diff --git a/vendor/github.com/onsi/gomega/matchers/match_error_matcher.go b/vendor/github.com/onsi/gomega/matchers/match_error_matcher.go index c8993a86d..827475ea5 100644 --- a/vendor/github.com/onsi/gomega/matchers/match_error_matcher.go +++ b/vendor/github.com/onsi/gomega/matchers/match_error_matcher.go @@ -25,7 +25,17 @@ func (matcher *MatchErrorMatcher) Match(actual interface{}) (success bool, err e expected := matcher.Expected if isError(expected) { - return reflect.DeepEqual(actualErr, expected) || errors.Is(actualErr, expected.(error)), nil + // first try the built-in errors.Is + if errors.Is(actualErr, expected.(error)) { + return true, nil + } + // if not, try DeepEqual along the error chain + for unwrapped := actualErr; unwrapped != nil; unwrapped = errors.Unwrap(unwrapped) { + if reflect.DeepEqual(unwrapped, expected) { + return true, nil + } + } + return false, nil } if isString(expected) { diff --git a/vendor/github.com/onsi/gomega/matchers/succeed_matcher.go b/vendor/github.com/onsi/gomega/matchers/succeed_matcher.go index 721ed5529..327350f7b 100644 --- a/vendor/github.com/onsi/gomega/matchers/succeed_matcher.go +++ b/vendor/github.com/onsi/gomega/matchers/succeed_matcher.go @@ -1,11 +1,16 @@ package matchers import ( + "errors" "fmt" "github.com/onsi/gomega/format" ) +type formattedGomegaError interface { + FormattedGomegaError() string +} + type SucceedMatcher struct { } @@ -25,7 +30,11 @@ func (matcher *SucceedMatcher) Match(actual interface{}) (success bool, err erro } func (matcher *SucceedMatcher) FailureMessage(actual interface{}) (message string) { - return fmt.Sprintf("Expected success, but got an error:\n%s\n%s", format.Object(actual, 1), format.IndentString(actual.(error).Error(), 1)) + var fgErr formattedGomegaError + if errors.As(actual.(error), &fgErr) { + return fgErr.FormattedGomegaError() + } + return fmt.Sprintf("Expected success, but got an error:\n%s", format.Object(actual, 1)) } func (matcher *SucceedMatcher) NegatedFailureMessage(actual interface{}) (message string) { diff --git a/vendor/github.com/onsi/gomega/tools b/vendor/github.com/onsi/gomega/tools deleted file mode 100644 index e4195cf36..000000000 --- a/vendor/github.com/onsi/gomega/tools +++ /dev/null @@ -1,8 +0,0 @@ -//go:build tools -// +build tools - -package main - -import ( - _ "github.com/onsi/ginkgo/v2/ginkgo" -) diff --git a/vendor/github.com/onsi/gomega/types/types.go b/vendor/github.com/onsi/gomega/types/types.go index b479e2e85..7c7adb941 100644 --- a/vendor/github.com/onsi/gomega/types/types.go +++ b/vendor/github.com/onsi/gomega/types/types.go @@ -19,11 +19,11 @@ type Gomega interface { Expect(actual interface{}, extra ...interface{}) Assertion ExpectWithOffset(offset int, actual interface{}, extra ...interface{}) Assertion - Eventually(actual interface{}, intervals ...interface{}) AsyncAssertion - EventuallyWithOffset(offset int, actual interface{}, intervals ...interface{}) AsyncAssertion + Eventually(actualOrCtx interface{}, args ...interface{}) AsyncAssertion + EventuallyWithOffset(offset int, actualOrCtx interface{}, args ...interface{}) AsyncAssertion - Consistently(actual interface{}, intervals ...interface{}) AsyncAssertion - ConsistentlyWithOffset(offset int, actual interface{}, intervals ...interface{}) AsyncAssertion + Consistently(actualOrCtx interface{}, args ...interface{}) AsyncAssertion + ConsistentlyWithOffset(offset int, actualOrCtx interface{}, args ...interface{}) AsyncAssertion SetDefaultEventuallyTimeout(time.Duration) SetDefaultEventuallyPollingInterval(time.Duration) @@ -75,6 +75,7 @@ type AsyncAssertion interface { ProbeEvery(interval time.Duration) AsyncAssertion WithContext(ctx context.Context) AsyncAssertion WithArguments(argsToForward ...interface{}) AsyncAssertion + MustPassRepeatedly(count int) AsyncAssertion } // Assertions are returned by Ω and Expect and enable assertions against Gomega matchers diff --git a/vendor/github.com/twpayne/go-vfs/v4/.gitignore b/vendor/github.com/twpayne/go-vfs/v4/.gitignore new file mode 100644 index 000000000..7447f89a5 --- /dev/null +++ b/vendor/github.com/twpayne/go-vfs/v4/.gitignore @@ -0,0 +1 @@ +/bin \ No newline at end of file diff --git a/vendor/github.com/twpayne/go-vfs/v4/.golangci.yml b/vendor/github.com/twpayne/go-vfs/v4/.golangci.yml new file mode 100644 index 000000000..e92a75dd4 --- /dev/null +++ b/vendor/github.com/twpayne/go-vfs/v4/.golangci.yml @@ -0,0 +1,117 @@ +linters: + enable: + - asciicheck + - bidichk + - bodyclose + - containedctx + - contextcheck + - decorder + - depguard + - dogsled + - dupl + - dupword + - durationcheck + - errcheck + - errchkjson + - errname + - errorlint + - execinquery + - exhaustive + - exportloopref + - forbidigo + - forcetypeassert + - gci + - gocheckcompilerdirectives + - goconst + - gocritic + - gocyclo + - godot + - godox + - goerr113 + - gofmt + - gofumpt + - goheader + - goimports + - gomoddirectives + - gomodguard + - goprintffuncname + - gosec + - gosimple + - govet + - grouper + - importas + - ineffassign + - ireturn + - lll + - loggercheck + - maintidx + - makezero + - misspell + - musttag + - nakedret + - nilerr + - nilnil + - noctx + - nolintlint + - nonamedreturns + - nosprintfhostport + - prealloc + - predeclared + - promlinter + - reassign + - revive + - sqlclosecheck + - staticcheck + - stylecheck + - tagliatelle + - tenv + - testpackage + - thelper + - typecheck + - unconvert + - unparam + - unused + - usestdlibvars + - whitespace + disable: + - asasalint + - cyclop + - exhaustivestruct + - exhaustruct + - funlen + - gochecknoglobals + - gochecknoinits + - gocognit + - gomnd + - interfacebloat + - nestif + - nlreturn + - paralleltest + - rowserrcheck # https://github.com/golangci/golangci-lint/issues/2649 + - testableexamples + - tparallel + - varnamelen + - wastedassign # https://github.com/golangci/golangci-lint/issues/2649 + - wrapcheck + - wsl + +linters-settings: + gci: + sections: + - standard + - default + - prefix(github.com/twpayne/go-vfs) + gofumpt: + extra-rules: true + go-version: '1.20' + module-path: github.com/twpayne/go-vfs + goimports: + local-prefixes: github.com/twpayne/go-vfs + misspell: + locale: US + +issues: + exclude-rules: + - linters: + - goerr113 + text: "do not define dynamic errors, use wrapped static errors instead" diff --git a/vendor/github.com/twpayne/go-vfs/v4/LICENSE b/vendor/github.com/twpayne/go-vfs/v4/LICENSE new file mode 100644 index 000000000..24f8fc050 --- /dev/null +++ b/vendor/github.com/twpayne/go-vfs/v4/LICENSE @@ -0,0 +1,21 @@ +The MIT License (MIT) + +Copyright (c) 2018 Tom Payne + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. diff --git a/vendor/github.com/twpayne/go-vfs/v4/Makefile b/vendor/github.com/twpayne/go-vfs/v4/Makefile new file mode 100644 index 000000000..821eb7561 --- /dev/null +++ b/vendor/github.com/twpayne/go-vfs/v4/Makefile @@ -0,0 +1,35 @@ +GO?=go +GOLANGCI_LINT_VERSION=$(shell grep GOLANGCI_LINT_VERSION: .github/workflows/main.yml | awk '{ print $$2 }') + +.PHONY: smoketest +smoketest: test lint + +.PHONY: test +test: + ${GO} test ./... + +.PHONY: lint +lint: ensure-golangci-lint + ./bin/golangci-lint run + +.PHONY: format +format: ensure-gofumports + find . -name \*.go | xargs ./bin/gofumports -local github.com/twpayne/chezmoi -w + +.PHONY: ensure-tools +ensure-tools: \ + ensure-gofumports \ + ensure-golangci-lint + +.PHONY: ensure-gofumports +ensure-gofumports: + if [ ! -x bin/gofumports ] ; then \ + mkdir -p bin ; \ + GOBIN=$(shell pwd)/bin ${GO} install mvdan.cc/gofumpt/gofumports@latest ; \ + fi + +.PHONY: ensure-golangci-lint +ensure-golangci-lint: + if [ ! -x bin/golangci-lint ] || ( ./bin/golangci-lint --version | grep -Fqv "version ${GOLANGCI_LINT_VERSION}" ) ; then \ + curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- v${GOLANGCI_LINT_VERSION} ; \ + fi \ No newline at end of file diff --git a/vendor/github.com/twpayne/go-vfs/v4/README.md b/vendor/github.com/twpayne/go-vfs/v4/README.md new file mode 100644 index 000000000..878f19b3b --- /dev/null +++ b/vendor/github.com/twpayne/go-vfs/v4/README.md @@ -0,0 +1,159 @@ +# go-vfs + +[![PkgGoDev](https://pkg.go.dev/badge/github.com/twpayne/go-vfs)](https://pkg.go.dev/github.com/twpayne/go-vfs) +[![Report Card](https://goreportcard.com/badge/github.com/twpayne/go-vfs)](https://goreportcard.com/report/github.com/twpayne/go-vfs) + +Package `vfs` provides an abstraction of the `os` and `io` packages that is easy +to test. + +## Key features + +* File system abstraction layer for commonly-used `os` and `io` functions from + the standard library. + +* Powerful and easy-to-use declarative testing framework, `vfst`. You declare + the desired state of the filesystem after your code has run, and `vfst` tests + that the filesystem matches that state. For a quick tour of `vfst`'s features, + see [the examples in the + documentation](https://godoc.org/github.com/twpayne/go-vfs/vfst#pkg-examples). + +* Compatibility with + [`github.com/spf13/afero`](https://github.com/spf13/afero) and + [`github.com/src-d/go-billy`](https://github.com/src-d/go-billy). + +## Quick start + +`vfs` provides implementations of the `FS` interface: + +```go +// An FS is an abstraction over commonly-used functions in the os and io +// packages. +type FS interface { + Chmod(name string, mode fs.FileMode) error + Chown(name string, uid, git int) error + Chtimes(name string, atime, mtime time.Time) error + Create(name string) (*os.File, error) + Glob(pattern string) ([]string, error) + Lchown(name string, uid, git int) error + Link(oldname, newname string) error + Lstat(name string) (fs.FileInfo, error) + Mkdir(name string, perm fs.FileMode) error + Open(name string) (fs.File, error) + OpenFile(name string, flag int, perm fs.FileMode) (*os.File, error) + PathSeparator() rune + RawPath(name string) (string, error) + ReadDir(dirname string) ([]fs.DirEntry, error) + ReadFile(filename string) ([]byte, error) + Readlink(name string) (string, error) + Remove(name string) error + RemoveAll(name string) error + Rename(oldpath, newpath string) error + Stat(name string) (fs.FileInfo, error) + Symlink(oldname, newname string) error + Truncate(name string, size int64) error + WriteFile(filename string, data []byte, perm fs.FileMode) error +} +``` + +To use `vfs`, you write your code to use the `FS` interface, and then use +`vfst` to test it. + +`vfs` also provides functions `MkdirAll` (equivalent to `os.MkdirAll`), +`Contains` (an improved `filepath.HasPrefix`), and `Walk` (equivalent to +`filepath.Walk`) that operate on an `FS`. + +The implementations of `FS` provided are: + +* `OSFS` which calls the underlying `os` and `io` functions directly. + +* `PathFS` which transforms all paths to provide a poor-man's `chroot`. + +* `ReadOnlyFS` which prevents modification of the underlying FS. + +* `TestFS` which assists running tests on a real filesystem but in a temporary + directory that is easily cleaned up. It uses `OSFS` under the hood. + +Example usage: + +```go +// writeConfigFile is the function we're going to test. It can make arbitrary +// changes to the filesystem through fileSystem. +func writeConfigFile(fileSystem vfs.FS) error { + return fileSystem.WriteFile("/home/user/app.conf", []byte(`app config`), 0644) +} + +// TestWriteConfigFile is our test function. +func TestWriteConfigFile(t *testing.T) { + // Create and populate an temporary directory with a home directory. + fileSystem, cleanup, err := vfst.NewTestFS(map[string]interface{}{ + "/home/user/.bashrc": "# contents of user's .bashrc\n", + }) + + // Check that the directory was populated successfully. + if err != nil { + t.Fatalf("vfsTest.NewTestFS(_) == _, _, %v, want _, _, ", err) + } + + // Ensure that the temporary directory is removed. + defer cleanup() + + // Call the function we want to test. + if err := writeConfigFile(fileSystem); err != nil { + t.Error(err) + } + + // Check properties of the filesystem after our function has modified it. + vfst.RunTests(t, fileSystem, "app_conf", + vfst.TestPath("/home/user/app.conf", + vfst.TestModeIsRegular, + vfst.TestModePerm(0644), + vfst.TestContentsString("app config"), + ), + ) +} +``` + +## `github.com/spf13/afero` compatibility + +There is a compatibility shim for +[`github.com/spf13/afero`](https://github.com/spf13/afero) in +[`github.com/twpayne/go-vfsafero`](https://github.com/twpayne/go-vfsafero). This +allows you to use `vfst` to test existing code that uses +[`afero.FS`](https://godoc.org/github.com/spf13/afero#Fs). See [the +documentation](https://godoc.org/github.com/twpayne/go-vfsafero) for an example. + +## `github.com/src-d/go-billy` compatibility + +There is a compatibility shim for +[`github.com/src-d/go-billy`](https://github.com/src-d/go-billy) in +[`github.com/twpayne/go-vfsbilly`](https://github.com/twpayne/go-vfsbilly). This +allows you to use `vfst` to test existing code that uses +[`billy.Filesystem`](https://godoc.org/github.com/src-d/go-billy#Filesystem). +See [the documentation](https://godoc.org/github.com/twpayne/go-vfsbilly) for an +example. + +## Motivation + +`vfs` was inspired by +[`github.com/spf13/afero`](https://github.com/spf13/afero). So, why not use +`afero`? + +* `afero` has several critical bugs in its in-memory mock filesystem + implementation `MemMapFs`, to the point that it is unusable for non-trivial + test cases. `vfs` does not attempt to implement an in-memory mock filesystem, + and instead only provides a thin layer around the standard library's `os` and + `io` packages, and as such should have fewer bugs. + +* `afero` does not support creating or reading symbolic links, and its + `LstatIfPossible` interface is clumsy to use as it is not part of the + `afero.Fs` interface. `vfs` provides out-of-the-box support for symbolic links + with all methods in the `FS` interface. + +* `afero` has been effectively abandoned by its author, and a "friendly fork" + ([`github.com/absfs/afero`](https://github.com/absfs/afero)) has not seen much + activity. `vfs`, by providing much less functionality than `afero`, should be + smaller and easier to maintain. + +## License + +MIT diff --git a/vendor/github.com/twpayne/go-vfs/v4/contains.go b/vendor/github.com/twpayne/go-vfs/v4/contains.go new file mode 100644 index 000000000..0877ac405 --- /dev/null +++ b/vendor/github.com/twpayne/go-vfs/v4/contains.go @@ -0,0 +1,69 @@ +package vfs + +import ( + "errors" + "io/fs" + "os" + "path/filepath" + "syscall" +) + +// A Stater implements Stat. It is assumed that the fs.FileInfos returned by +// Stat are compatible with os.SameFile. +type Stater interface { + Stat(string) (fs.FileInfo, error) +} + +// Contains returns true if p is reachable by traversing through prefix. prefix +// must exist, but p may not. It is an expensive but accurate alternative to the +// deprecated filepath.HasPrefix. +func Contains(fileSystem Stater, p, prefix string) (bool, error) { + prefixFI, err := fileSystem.Stat(prefix) + if err != nil { + return false, err + } + for { + fi, err := fileSystem.Stat(p) + switch { + case err == nil: + if os.SameFile(fi, prefixFI) { + return true, nil + } + goto TryParent + case errors.Is(err, fs.ErrNotExist): + goto TryParent + case errors.Is(err, fs.ErrPermission): + goto TryParent + default: + // Remove any fs.PathError or os.SyscallError wrapping, if present. + Unwrap: + for { + var pathError *fs.PathError + var syscallError *os.SyscallError + switch { + case errors.As(err, &pathError): + err = pathError.Err + case errors.As(err, &syscallError): + err = syscallError.Err + default: + break Unwrap + } + } + // Ignore some syscall.Errnos. + var syscallErrno syscall.Errno + if errors.As(err, &syscallErrno) { + if _, ignore := ignoreErrnoInContains[syscallErrno]; ignore { + goto TryParent + } + } + return false, err + } + TryParent: + parentDir := filepath.Dir(p) + if parentDir == p { + // Return when we stop making progress. + return false, nil + } + p = parentDir + } +} diff --git a/vendor/github.com/twpayne/go-vfs/v4/emptyfs.go b/vendor/github.com/twpayne/go-vfs/v4/emptyfs.go new file mode 100644 index 000000000..17760f36b --- /dev/null +++ b/vendor/github.com/twpayne/go-vfs/v4/emptyfs.go @@ -0,0 +1,36 @@ +package vfs + +import ( + "io/fs" + "os" + "time" +) + +// An EmptyFS is a VFS that does not contain any files. +type EmptyFS struct{} + +func (EmptyFS) Chmod(name string, mode fs.FileMode) error { return os.ErrNotExist } +func (EmptyFS) Chown(name string, uid, git int) error { return os.ErrNotExist } +func (EmptyFS) Chtimes(name string, atime, mtime time.Time) error { return os.ErrNotExist } +func (EmptyFS) Create(name string) (*os.File, error) { return nil, os.ErrNotExist } +func (EmptyFS) Glob(pattern string) ([]string, error) { return nil, os.ErrNotExist } +func (EmptyFS) Lchown(name string, uid, git int) error { return os.ErrNotExist } +func (EmptyFS) Link(oldname, newname string) error { return os.ErrNotExist } +func (EmptyFS) Lstat(name string) (fs.FileInfo, error) { return nil, os.ErrNotExist } +func (EmptyFS) Mkdir(name string, perm fs.FileMode) error { return os.ErrNotExist } +func (EmptyFS) Open(name string) (fs.File, error) { return nil, os.ErrNotExist } +func (EmptyFS) OpenFile(name string, flag int, perm fs.FileMode) (*os.File, error) { + return nil, os.ErrNotExist +} +func (EmptyFS) PathSeparator() rune { return '/' } +func (EmptyFS) RawPath(name string) (string, error) { return name, nil } +func (EmptyFS) ReadDir(dirname string) ([]fs.DirEntry, error) { return nil, os.ErrNotExist } +func (EmptyFS) ReadFile(filename string) ([]byte, error) { return nil, os.ErrNotExist } +func (EmptyFS) Readlink(name string) (string, error) { return "", os.ErrNotExist } +func (EmptyFS) Remove(name string) error { return nil } +func (EmptyFS) RemoveAll(name string) error { return nil } +func (EmptyFS) Rename(oldpath, newpath string) error { return os.ErrNotExist } +func (EmptyFS) Stat(name string) (fs.FileInfo, error) { return nil, os.ErrNotExist } +func (EmptyFS) Symlink(oldname, newname string) error { return os.ErrNotExist } +func (EmptyFS) Truncate(name string, size int64) error { return os.ErrNotExist } +func (EmptyFS) WriteFile(filename string, data []byte, perm fs.FileMode) error { return os.ErrNotExist } diff --git a/vendor/github.com/twpayne/go-vfs/v4/mkdirall.go b/vendor/github.com/twpayne/go-vfs/v4/mkdirall.go new file mode 100644 index 000000000..53b9f835b --- /dev/null +++ b/vendor/github.com/twpayne/go-vfs/v4/mkdirall.go @@ -0,0 +1,57 @@ +package vfs + +import ( + "errors" + "io/fs" + "path/filepath" +) + +// A MkdirStater implements all the functionality needed by MkdirAll. +type MkdirStater interface { + Mkdir(name string, perm fs.FileMode) error + Stat(name string) (fs.FileInfo, error) +} + +// MkdirAll is equivalent to os.MkdirAll but operates on fileSystem. +func MkdirAll(fileSystem MkdirStater, path string, perm fs.FileMode) error { + err := fileSystem.Mkdir(path, perm) + switch { + case err == nil: + // Mkdir was successful. + return nil + case errors.Is(err, fs.ErrExist): + // path already exists, but we don't know whether it's a directory or + // something else. We get this error if we try to create a subdirectory + // of a non-directory, for example if the parent directory of path is a + // file. There's a race condition here between the call to Mkdir and the + // call to Stat but we can't avoid it because there's not enough + // information in the returned error from Mkdir. We need to distinguish + // between "path already exists and is already a directory" and "path + // already exists and is not a directory". Between the call to Mkdir and + // the call to Stat path might have changed. + info, statErr := fileSystem.Stat(path) + if statErr != nil { + return statErr + } + if !info.IsDir() { + return err + } + return nil + case errors.Is(err, fs.ErrNotExist): + // Parent directory does not exist. Create the parent directory + // recursively, then try again. + parentDir := filepath.Dir(path) + if parentDir == "/" || parentDir == "." { + // We cannot create the root directory or the current directory, so + // return the original error. + return err + } + if err := MkdirAll(fileSystem, parentDir, perm); err != nil { + return err + } + return fileSystem.Mkdir(path, perm) + default: + // Some other error. + return err + } +} diff --git a/vendor/github.com/twpayne/go-vfs/v4/osfs.go b/vendor/github.com/twpayne/go-vfs/v4/osfs.go new file mode 100644 index 000000000..da122e489 --- /dev/null +++ b/vendor/github.com/twpayne/go-vfs/v4/osfs.go @@ -0,0 +1,128 @@ +package vfs + +import ( + "io/fs" + "os" + "path/filepath" + "time" +) + +type osfs struct{} + +// OSFS is the FS that calls os and io functions directly. +var OSFS = &osfs{} + +// Chmod implements os.Chmod. +func (osfs) Chmod(name string, mode fs.FileMode) error { + return os.Chmod(name, mode) +} + +// Chown implements os.Chown. +func (osfs) Chown(name string, uid, gid int) error { + return os.Chown(name, uid, gid) +} + +// Chtimes implements os.Chtimes. +func (osfs) Chtimes(name string, atime, mtime time.Time) error { + return os.Chtimes(name, atime, mtime) +} + +// Create implements os.Create. +func (osfs) Create(name string) (*os.File, error) { + return os.Create(name) +} + +// Glob implements filepath.Glob. +func (osfs) Glob(pattern string) ([]string, error) { + return filepath.Glob(pattern) +} + +// Lchown implements os.Lchown. +func (osfs) Lchown(name string, uid, gid int) error { + return os.Lchown(name, uid, gid) +} + +// Link implements os.Link. +func (osfs) Link(oldname, newname string) error { + return os.Link(oldname, newname) +} + +// Lstat implements os.Lstat. +func (osfs) Lstat(name string) (fs.FileInfo, error) { + return os.Lstat(name) +} + +// Mkdir implements os.Mkdir. +func (osfs) Mkdir(name string, perm fs.FileMode) error { + return os.Mkdir(name, perm) +} + +// Open implements os.Open. +func (osfs) Open(name string) (fs.File, error) { + return os.Open(name) +} + +// OpenFile implements os.OpenFile. +func (osfs) OpenFile(name string, flag int, perm fs.FileMode) (*os.File, error) { + return os.OpenFile(name, flag, perm) +} + +// PathSeparator returns os.PathSeparator. +func (osfs) PathSeparator() rune { + return os.PathSeparator +} + +// RawPath returns the path to path on the underlying filesystem. +func (osfs) RawPath(path string) (string, error) { + return path, nil +} + +// ReadDir implements os.ReadDir. +func (osfs) ReadDir(dirname string) ([]fs.DirEntry, error) { + return os.ReadDir(dirname) +} + +// ReadFile implements os.ReadFile. +func (osfs) ReadFile(name string) ([]byte, error) { + return os.ReadFile(name) +} + +// Readlink implements os.Readlink. +func (osfs) Readlink(name string) (string, error) { + return os.Readlink(name) +} + +// Remove implements os.Remove. +func (osfs) Remove(name string) error { + return os.Remove(name) +} + +// RemoveAll implements os.RemoveAll. +func (osfs) RemoveAll(name string) error { + return os.RemoveAll(name) +} + +// Rename implements os.Rename. +func (osfs) Rename(oldpath, newpath string) error { + return os.Rename(oldpath, newpath) +} + +// Stat implements os.Stat. +func (osfs) Stat(name string) (fs.FileInfo, error) { + return os.Stat(name) +} + +// Symlink implements os.Symlink. +func (osfs) Symlink(oldname, newname string) error { + return os.Symlink(oldname, newname) +} + +// Truncate implements os.Truncate. +func (osfs) Truncate(name string, size int64) error { + return os.Truncate(name, size) +} + +// WriteFile implements os.WriteFile. +func (osfs) WriteFile(filename string, data []byte, perm fs.FileMode) error { + return os.WriteFile(filename, data, perm) +} diff --git a/vendor/github.com/twpayne/go-vfs/v4/pathfs.go b/vendor/github.com/twpayne/go-vfs/v4/pathfs.go new file mode 100644 index 000000000..fa1073dbc --- /dev/null +++ b/vendor/github.com/twpayne/go-vfs/v4/pathfs.go @@ -0,0 +1,278 @@ +package vfs + +import ( + "io/fs" + "os" + "path" + "path/filepath" + "syscall" + "time" +) + +// A PathFS operates on an existing FS, but prefixes all names with a path. All +// names must be absolute paths, with the exception of symlinks, which may be +// relative. +type PathFS struct { + fileSystem FS + path string +} + +// NewPathFS returns a new *PathFS operating on fileSystem and prefixing all +// names with path. +func NewPathFS(fileSystem FS, path string) *PathFS { + return &PathFS{ + fileSystem: fileSystem, + path: filepath.ToSlash(path), + } +} + +// Chmod implements os.Chmod. +func (p *PathFS) Chmod(name string, mode fs.FileMode) error { + realName, err := p.join("Chmod", name) + if err != nil { + return err + } + return p.fileSystem.Chmod(realName, mode) +} + +// Chown implements os.Chown. +func (p *PathFS) Chown(name string, uid, gid int) error { + realName, err := p.join("Chown", name) + if err != nil { + return err + } + return p.fileSystem.Chown(realName, uid, gid) +} + +// Chtimes implements os.Chtimes. +func (p *PathFS) Chtimes(name string, atime, mtime time.Time) error { + realName, err := p.join("Chtimes", name) + if err != nil { + return err + } + return p.fileSystem.Chtimes(realName, atime, mtime) +} + +// Create implements os.Create. +func (p *PathFS) Create(name string) (*os.File, error) { + realName, err := p.join("Create", name) + if err != nil { + return nil, err + } + return p.fileSystem.Create(realName) +} + +// Glob implements filepath.Glob. +func (p *PathFS) Glob(pattern string) ([]string, error) { + realPattern, err := p.join("Glob", pattern) + if err != nil { + return nil, err + } + matches, err := p.fileSystem.Glob(realPattern) + if err != nil { + return nil, err + } + for i, match := range matches { + matches[i], err = trimPrefix(match, p.path) + if err != nil { + return nil, err + } + } + return matches, nil +} + +// Join returns p's path joined with name. +func (p *PathFS) Join(op, name string) (string, error) { + return p.join("Join", name) +} + +// Lchown implements os.Lchown. +func (p *PathFS) Lchown(name string, uid, gid int) error { + realName, err := p.join("Lchown", name) + if err != nil { + return err + } + return p.fileSystem.Lchown(realName, uid, gid) +} + +// Link implements os.Link. +func (p *PathFS) Link(oldname, newname string) error { + var realOldname string + if path.IsAbs(oldname) { + var err error + realOldname, err = p.join("Link", oldname) + if err != nil { + return err + } + } else { + realOldname = oldname + } + realNewname, err := p.join("Link", newname) + if err != nil { + return err + } + return p.fileSystem.Link(realOldname, realNewname) +} + +// Lstat implements os.Lstat. +func (p *PathFS) Lstat(name string) (fs.FileInfo, error) { + realName, err := p.join("Lstat", name) + if err != nil { + return nil, err + } + return p.fileSystem.Lstat(realName) +} + +// Mkdir implements os.Mkdir. +func (p *PathFS) Mkdir(name string, perm fs.FileMode) error { + realName, err := p.join("Mkdir", name) + if err != nil { + return err + } + return p.fileSystem.Mkdir(realName, perm) +} + +// Open implements os.Open. +func (p *PathFS) Open(name string) (fs.File, error) { + realName, err := p.join("Open", name) + if err != nil { + return nil, err + } + return p.fileSystem.Open(realName) +} + +// OpenFile implements os.OpenFile. +func (p *PathFS) OpenFile(name string, flag int, perm fs.FileMode) (*os.File, error) { + realName, err := p.join("OpenFile", name) + if err != nil { + return nil, err + } + return p.fileSystem.OpenFile(realName, flag, perm) +} + +// PathSeparator implements PathSeparator. +func (p *PathFS) PathSeparator() rune { + return p.fileSystem.PathSeparator() +} + +// RawPath implements RawPath. +func (p *PathFS) RawPath(path string) (string, error) { + return p.join("RawPath", path) +} + +// ReadDir implements os.ReadDir. +func (p *PathFS) ReadDir(dirname string) ([]fs.DirEntry, error) { + realDirname, err := p.join("ReadDir", dirname) + if err != nil { + return nil, err + } + return p.fileSystem.ReadDir(realDirname) +} + +// ReadFile implements os.ReadFile. +func (p *PathFS) ReadFile(name string) ([]byte, error) { + realName, err := p.join("ReadFile", name) + if err != nil { + return nil, err + } + return p.fileSystem.ReadFile(realName) +} + +// Readlink implements os.Readlink. +func (p *PathFS) Readlink(name string) (string, error) { + realName, err := p.join("Readlink", name) + if err != nil { + return "", err + } + return p.fileSystem.Readlink(realName) +} + +// Remove implements os.Remove. +func (p *PathFS) Remove(name string) error { + realName, err := p.join("Remove", name) + if err != nil { + return err + } + return p.fileSystem.Remove(realName) +} + +// RemoveAll implements os.RemoveAll. +func (p *PathFS) RemoveAll(name string) error { + realName, err := p.join("RemoveAll", name) + if err != nil { + return err + } + return p.fileSystem.RemoveAll(realName) +} + +// Rename implements os.Rename. +func (p *PathFS) Rename(oldpath, newpath string) error { + realOldpath, err := p.join("Rename", oldpath) + if err != nil { + return err + } + realNewpath, err := p.join("Rename", newpath) + if err != nil { + return err + } + return p.fileSystem.Rename(realOldpath, realNewpath) +} + +// Stat implements os.Stat. +func (p *PathFS) Stat(name string) (fs.FileInfo, error) { + realName, err := p.join("Stat", name) + if err != nil { + return nil, err + } + return p.fileSystem.Stat(realName) +} + +// Symlink implements os.Symlink. +func (p *PathFS) Symlink(oldname, newname string) error { + var realOldname string + if path.IsAbs(oldname) { + var err error + realOldname, err = p.join("Symlink", oldname) + if err != nil { + return err + } + } else { + realOldname = oldname + } + realNewname, err := p.join("Symlink", newname) + if err != nil { + return err + } + return p.fileSystem.Symlink(realOldname, realNewname) +} + +// Truncate implements os.Truncate. +func (p *PathFS) Truncate(name string, size int64) error { + realName, err := p.join("Truncate", name) + if err != nil { + return err + } + return p.fileSystem.Truncate(realName, size) +} + +// WriteFile implements io.WriteFile. +func (p *PathFS) WriteFile(filename string, data []byte, perm fs.FileMode) error { + realFilename, err := p.join("WriteFile", filename) + if err != nil { + return err + } + return p.fileSystem.WriteFile(realFilename, data, perm) +} + +// join returns p's path joined with name. +func (p *PathFS) join(op, name string) (string, error) { + name = relativizePath(name) + if !path.IsAbs(name) { + return "", &os.PathError{ + Op: op, + Path: name, + Err: syscall.EPERM, + } + } + return filepath.Join(p.path, name), nil +} diff --git a/vendor/github.com/twpayne/go-vfs/v4/posix.go b/vendor/github.com/twpayne/go-vfs/v4/posix.go new file mode 100644 index 000000000..f671ebdb6 --- /dev/null +++ b/vendor/github.com/twpayne/go-vfs/v4/posix.go @@ -0,0 +1,28 @@ +//go:build !windows +// +build !windows + +package vfs + +import ( + "strings" + "syscall" +) + +//nolint:gochecknoglobals +var ignoreErrnoInContains = map[syscall.Errno]struct{}{ + syscall.ELOOP: {}, + syscall.EMLINK: {}, + syscall.ENAMETOOLONG: {}, + syscall.ENOENT: {}, + syscall.EOVERFLOW: {}, +} + +// relativizePath, on POSIX systems, just returns path. +func relativizePath(path string) string { + return path +} + +// trimPrefix, on POSIX systems, trims prefix from path. +func trimPrefix(path, prefix string) (string, error) { + return strings.TrimPrefix(path, prefix), nil +} diff --git a/vendor/github.com/twpayne/go-vfs/v4/readonlyfs.go b/vendor/github.com/twpayne/go-vfs/v4/readonlyfs.go new file mode 100644 index 000000000..dcb35febb --- /dev/null +++ b/vendor/github.com/twpayne/go-vfs/v4/readonlyfs.go @@ -0,0 +1,148 @@ +package vfs + +import ( + "io/fs" + "os" + "syscall" + "time" +) + +// A ReadOnlyFS operates on an existing FS, but any methods that +// modify the FS return an error. +type ReadOnlyFS struct { + fileSystem FS +} + +// NewReadOnlyFS returns a new *ReadOnlyFS operating on fileSystem. +func NewReadOnlyFS(fileSystem FS) *ReadOnlyFS { + return &ReadOnlyFS{ + fileSystem: fileSystem, + } +} + +// Chmod implements os.Chmod. +func (r *ReadOnlyFS) Chmod(name string, mode fs.FileMode) error { + return permError("Chmod", name) +} + +// Chown implements os.Chown. +func (r *ReadOnlyFS) Chown(name string, uid, gid int) error { + return permError("Chown", name) +} + +// Chtimes implements os.Chtimes. +func (r *ReadOnlyFS) Chtimes(name string, atime, mtime time.Time) error { + return permError("Chtimes", name) +} + +// Create implements os.Create. +func (r *ReadOnlyFS) Create(name string) (*os.File, error) { + return nil, permError("Create", name) +} + +// Glob implements filepath.Glob. +func (r *ReadOnlyFS) Glob(pattern string) ([]string, error) { + return r.fileSystem.Glob(pattern) +} + +// Lchown implements os.Lchown. +func (r *ReadOnlyFS) Lchown(name string, uid, gid int) error { + return permError("Lchown", name) +} + +// Link implements os.Link. +func (r *ReadOnlyFS) Link(oldname, newname string) error { + return permError("Link", newname) +} + +// Lstat implements os.Lstat. +func (r *ReadOnlyFS) Lstat(name string) (fs.FileInfo, error) { + return r.fileSystem.Lstat(name) +} + +// Mkdir implements os.Mkdir. +func (r *ReadOnlyFS) Mkdir(name string, perm fs.FileMode) error { + return permError("Mkdir", name) +} + +// Open implements os.Open. +func (r *ReadOnlyFS) Open(name string) (fs.File, error) { + return r.fileSystem.Open(name) +} + +// OpenFile implements os.OpenFile. +func (r *ReadOnlyFS) OpenFile(name string, flag int, perm fs.FileMode) (*os.File, error) { + if flag&(os.O_RDONLY|os.O_WRONLY|os.O_RDWR) != os.O_RDONLY { + return nil, permError("OpenFile", name) + } + return r.fileSystem.OpenFile(name, flag, perm) +} + +// PathSeparator implements PathSeparator. +func (r *ReadOnlyFS) PathSeparator() rune { + return r.fileSystem.PathSeparator() +} + +// ReadDir implements os.ReadDir. +func (r *ReadOnlyFS) ReadDir(name string) ([]fs.DirEntry, error) { + return r.fileSystem.ReadDir(name) +} + +// ReadFile implements os.ReadFile. +func (r *ReadOnlyFS) ReadFile(name string) ([]byte, error) { + return r.fileSystem.ReadFile(name) +} + +// Readlink implements os.Readlink. +func (r *ReadOnlyFS) Readlink(name string) (string, error) { + return r.fileSystem.Readlink(name) +} + +// Remove implements os.Remove. +func (r *ReadOnlyFS) Remove(name string) error { + return permError("Remove", name) +} + +// RemoveAll implements os.RemoveAll. +func (r *ReadOnlyFS) RemoveAll(name string) error { + return permError("RemoveAll", name) +} + +// Rename implements os.Rename. +func (r *ReadOnlyFS) Rename(oldpath, newpath string) error { + return permError("Rename", oldpath) +} + +// RawPath implements RawPath. +func (r *ReadOnlyFS) RawPath(path string) (string, error) { + return r.fileSystem.RawPath(path) +} + +// Stat implements os.Stat. +func (r *ReadOnlyFS) Stat(name string) (fs.FileInfo, error) { + return r.fileSystem.Stat(name) +} + +// Symlink implements os.Symlink. +func (r *ReadOnlyFS) Symlink(oldname, newname string) error { + return permError("Symlink", newname) +} + +// Truncate implements os.Truncate. +func (r *ReadOnlyFS) Truncate(name string, size int64) error { + return permError("Truncate", name) +} + +// WriteFile implements os.WriteFile. +func (r *ReadOnlyFS) WriteFile(filename string, data []byte, perm fs.FileMode) error { + return permError("WriteFile", filename) +} + +// permError returns an *os.PathError with Err syscall.EPERM. +func permError(op, path string) error { + return &os.PathError{ + Op: op, + Path: path, + Err: syscall.EPERM, + } +} diff --git a/vendor/github.com/twpayne/go-vfs/v4/vfs.go b/vendor/github.com/twpayne/go-vfs/v4/vfs.go new file mode 100644 index 000000000..090460325 --- /dev/null +++ b/vendor/github.com/twpayne/go-vfs/v4/vfs.go @@ -0,0 +1,37 @@ +// Package vfs provides an abstraction of the os and io packages that is easy to +// test. +package vfs + +import ( + "io/fs" + "os" + "time" +) + +// An FS is an abstraction over commonly-used functions in the os and io +// packages. +type FS interface { + Chmod(name string, mode fs.FileMode) error + Chown(name string, uid, git int) error + Chtimes(name string, atime, mtime time.Time) error + Create(name string) (*os.File, error) + Glob(pattern string) ([]string, error) + Lchown(name string, uid, git int) error + Link(oldname, newname string) error + Lstat(name string) (fs.FileInfo, error) + Mkdir(name string, perm fs.FileMode) error + Open(name string) (fs.File, error) + OpenFile(name string, flag int, perm fs.FileMode) (*os.File, error) + PathSeparator() rune + RawPath(name string) (string, error) + ReadDir(dirname string) ([]fs.DirEntry, error) + ReadFile(filename string) ([]byte, error) + Readlink(name string) (string, error) + Remove(name string) error + RemoveAll(name string) error + Rename(oldpath, newpath string) error + Stat(name string) (fs.FileInfo, error) + Symlink(oldname, newname string) error + Truncate(name string, size int64) error + WriteFile(filename string, data []byte, perm fs.FileMode) error +} diff --git a/vendor/github.com/twpayne/go-vfs/v4/vfst/test.go b/vendor/github.com/twpayne/go-vfs/v4/vfst/test.go new file mode 100644 index 000000000..33ca85059 --- /dev/null +++ b/vendor/github.com/twpayne/go-vfs/v4/vfst/test.go @@ -0,0 +1,40 @@ +//go:build !windows +// +build !windows + +package vfst + +import ( + "io/fs" + "syscall" + "testing" + + vfs "github.com/twpayne/go-vfs/v4" +) + +func init() { + umask = fs.FileMode(syscall.Umask(0)) + syscall.Umask(int(umask)) +} + +// PermEqual returns if perm1 and perm2 represent the same permissions. On +// Windows, it always returns true. +func PermEqual(perm1, perm2 fs.FileMode) bool { + return perm1&fs.ModePerm&^umask == perm2&fs.ModePerm&^umask +} + +// TestSysNlink returns a PathTest that verifies that the path's +// Sys().(*syscall.Stat_t).Nlink is equal to wantNlink. If path's Sys() cannot +// be converted to a *syscall.Stat_t, it does nothing. +func TestSysNlink(wantNlink int) PathTest { + return func(t *testing.T, fileSystem vfs.FS, path string) { + t.Helper() + info, err := fileSystem.Lstat(path) + if err != nil { + t.Errorf("fileSystem.Lstat(%q) == %+v, %v, want !, ", path, info, err) + return + } + if stat, ok := info.Sys().(*syscall.Stat_t); ok && int(stat.Nlink) != wantNlink { + t.Errorf("fileSystem.Lstat(%q).Sys().(*syscall.Stat_t).Nlink == %d, want %d", path, stat.Nlink, wantNlink) + } + } +} diff --git a/vendor/github.com/twpayne/go-vfs/v4/vfst/test_windows.go b/vendor/github.com/twpayne/go-vfs/v4/vfst/test_windows.go new file mode 100644 index 000000000..9c81e5708 --- /dev/null +++ b/vendor/github.com/twpayne/go-vfs/v4/vfst/test_windows.go @@ -0,0 +1,22 @@ +package vfst + +import ( + "io/fs" + "testing" + + "github.com/twpayne/go-vfs/v4" +) + +// PermEqual returns if perm1 and perm2 represent the same permissions. On +// Windows, it always returns true. +func PermEqual(perm1, perm2 fs.FileMode) bool { + return true +} + +// TestSysNlink returns a PathTest that verifies that the the path's +// Sys().(*syscall.Stat_t).Nlink is equal to wantNlink. If path's Sys() cannot +// be converted to a *syscall.Stat_t, it does nothing. +func TestSysNlink(wantNlink int) PathTest { + return func(*testing.T, vfs.FS, string) { + } +} diff --git a/vendor/github.com/twpayne/go-vfs/v4/vfst/testfs.go b/vendor/github.com/twpayne/go-vfs/v4/vfst/testfs.go new file mode 100644 index 000000000..13a89711f --- /dev/null +++ b/vendor/github.com/twpayne/go-vfs/v4/vfst/testfs.go @@ -0,0 +1,59 @@ +package vfst + +import ( + "os" + + vfs "github.com/twpayne/go-vfs/v4" +) + +// A TestFS is a virtual filesystem based in a temporary directory. +type TestFS struct { + vfs.PathFS + tempDir string + keep bool +} + +// NewEmptyTestFS returns a new empty TestFS and a cleanup function. +func NewEmptyTestFS() (*TestFS, func(), error) { + tempDir, err := os.MkdirTemp("", "go-vfs-vfst") + if err != nil { + return nil, nil, err + } + t := &TestFS{ + PathFS: *vfs.NewPathFS(vfs.OSFS, tempDir), + tempDir: tempDir, + keep: false, + } + return t, t.cleanup, nil +} + +// NewTestFS returns a new *TestFS populated with root and a cleanup function. +func NewTestFS(root interface{}, builderOptions ...BuilderOption) (*TestFS, func(), error) { + fileSystem, cleanup, err := NewEmptyTestFS() + if err != nil { + cleanup() + return nil, nil, err + } + if err := NewBuilder(builderOptions...).Build(fileSystem, root); err != nil { + cleanup() + return nil, nil, err + } + return fileSystem, cleanup, nil +} + +// Keep prevents t's cleanup function from removing the temporary directory. It +// has no effect if cleanup has already been called. +func (t *TestFS) Keep() { + t.keep = true +} + +// TempDir returns t's temporary directory. +func (t *TestFS) TempDir() string { + return t.tempDir +} + +func (t *TestFS) cleanup() { + if !t.keep { + os.RemoveAll(t.tempDir) + } +} diff --git a/vendor/github.com/twpayne/go-vfs/v4/vfst/vfst.go b/vendor/github.com/twpayne/go-vfs/v4/vfst/vfst.go new file mode 100644 index 000000000..a5a4c308b --- /dev/null +++ b/vendor/github.com/twpayne/go-vfs/v4/vfst/vfst.go @@ -0,0 +1,458 @@ +// Package vfst provides helper functions for testing code that uses +// github.com/twpayne/go-vfs. +package vfst + +import ( + "bytes" + "errors" + "fmt" + "io/fs" + "log" + "path/filepath" + "sort" + "strconv" + "testing" + + vfs "github.com/twpayne/go-vfs/v4" +) + +var umask fs.FileMode + +// A Dir is a directory with a specified permissions and zero or more Entries. +type Dir struct { + Perm fs.FileMode + Entries map[string]interface{} +} + +// A File is a file with a specified permissions and contents. +type File struct { + Perm fs.FileMode + Contents []byte +} + +// A Symlink is a symbolic link with a specified target. +type Symlink struct { + Target string +} + +// A Test is a test on an vfs.FS. +type Test func(*testing.T, vfs.FS) + +// A PathTest is a test on a specified path in an vfs.FS. +type PathTest func(*testing.T, vfs.FS, string) + +// A BuilderOption sets an option on a Builder. +type BuilderOption func(*Builder) + +// A Builder populates an vfs.FS. +type Builder struct { + umask fs.FileMode + verbose bool +} + +// BuilderUmask sets a builder's umask. +func BuilderUmask(umask fs.FileMode) BuilderOption { + return func(b *Builder) { + b.umask = umask + } +} + +// BuilderVerbose sets a builder's verbose flag. When true, the builder will +// log all operations with the standard log package. +func BuilderVerbose(verbose bool) BuilderOption { + return func(b *Builder) { + b.verbose = verbose + } +} + +// NewBuilder returns a new Builder with the given options set. +func NewBuilder(options ...BuilderOption) *Builder { + b := &Builder{ + umask: umask, + verbose: false, + } + for _, option := range options { + option(b) + } + return b +} + +// build is a recursive helper for Build. +func (b *Builder) build(fileSystem vfs.FS, path string, i interface{}) error { + switch i := i.(type) { + case []interface{}: + for _, element := range i { + if err := b.build(fileSystem, path, element); err != nil { + return err + } + } + return nil + case *Dir: + if parentDir := filepath.Dir(path); parentDir != "." { + if err := b.MkdirAll(fileSystem, parentDir, 0o777); err != nil { + return err + } + } + if err := b.Mkdir(fileSystem, path, i.Perm); err != nil { + return err + } + entryNames := make([]string, 0, len(i.Entries)) + for entryName := range i.Entries { + entryNames = append(entryNames, entryName) + } + sort.Strings(entryNames) + for _, entryName := range entryNames { + if err := b.build(fileSystem, filepath.Join(path, entryName), i.Entries[entryName]); err != nil { + return err + } + } + return nil + case map[string]interface{}: + if err := b.MkdirAll(fileSystem, path, 0o777); err != nil { + return err + } + entryNames := make([]string, 0, len(i)) + for entryName := range i { + entryNames = append(entryNames, entryName) + } + sort.Strings(entryNames) + for _, entryName := range entryNames { + if err := b.build(fileSystem, filepath.Join(path, entryName), i[entryName]); err != nil { + return err + } + } + return nil + case map[string]string: + if err := b.MkdirAll(fileSystem, path, 0o777); err != nil { + return err + } + entryNames := make([]string, 0, len(i)) + for entryName := range i { + entryNames = append(entryNames, entryName) + } + sort.Strings(entryNames) + for _, entryName := range entryNames { + if err := b.WriteFile(fileSystem, filepath.Join(path, entryName), []byte(i[entryName]), 0o666); err != nil { + return err + } + } + return nil + case *File: + return b.WriteFile(fileSystem, path, i.Contents, i.Perm) + case string: + return b.WriteFile(fileSystem, path, []byte(i), 0o666) + case []byte: + return b.WriteFile(fileSystem, path, i, 0o666) + case *Symlink: + return b.Symlink(fileSystem, i.Target, path) + case nil: + return nil + default: + return fmt.Errorf("%s: unsupported type %T", path, i) + } +} + +// Build populates fileSystem from root. +func (b *Builder) Build(fileSystem vfs.FS, root interface{}) error { + return b.build(fileSystem, "/", root) +} + +// Mkdir creates directory path with permissions perm. It is idempotent and +// will not fail if path already exists, is a directory, and has permissions +// perm. +func (b *Builder) Mkdir(fileSystem vfs.FS, path string, perm fs.FileMode) error { + if info, err := fileSystem.Lstat(path); errors.Is(err, fs.ErrNotExist) { + if b.verbose { + log.Printf("mkdir -m 0%o %s", perm&^b.umask, path) + } + return fileSystem.Mkdir(path, perm&^b.umask) + } else if err != nil { + return err + } else if !info.IsDir() { + return fmt.Errorf("%s: not a directory", path) + } else if gotPerm, wantPerm := info.Mode()&fs.ModePerm, perm&^b.umask; !PermEqual(gotPerm, wantPerm) { + return fmt.Errorf("%s has permissions 0%o, want 0%o", path, gotPerm, wantPerm) + } + return nil +} + +// MkdirAll creates directory path and any missing parent directories with +// permissions perm. It is idempotent and will not file if path already exists +// and is a directory. +func (b *Builder) MkdirAll(fileSystem vfs.FS, path string, perm fs.FileMode) error { + // Check path. + info, err := fileSystem.Lstat(path) + switch { + case err != nil && errors.Is(err, fs.ErrNotExist): + // path does not exist, fallthrough to create. + case err == nil && info.IsDir(): + // path already exists and is a directory. + return nil + case err == nil && !info.IsDir(): + // path already exists, but is not a directory. + return err + default: + // Some other error. + return err + } + + // Create path. + if b.verbose { + log.Printf("mkdir -p -m 0%o %s", perm&^b.umask, path) + } + return vfs.MkdirAll(fileSystem, path, perm&^b.umask) +} + +// Symlink creates a symbolic link from newname to oldname. It will create any +// missing parent directories with default permissions. It is idempotent and +// will not fail if the symbolic link already exists and points to oldname. +func (b *Builder) Symlink(fileSystem vfs.FS, oldname, newname string) error { + // Check newname. + info, err := fileSystem.Lstat(newname) + switch { + case err == nil && info.Mode()&fs.ModeType != fs.ModeSymlink: + // newname exists, but it's not a symlink. + return fmt.Errorf("%s: not a symbolic link", newname) + case err == nil: + // newname exists, and it's a symlink. Check that it is a symlink to + // oldname. + gotTarget, err := fileSystem.Readlink(newname) + if err != nil { + return err + } + if gotTarget != oldname { + return fmt.Errorf("%s: has target %s, want %s", newname, gotTarget, oldname) + } + return nil + case errors.Is(err, fs.ErrNotExist): + // newname does not exist, fallthrough to create. + default: + // Some other error, return it. + return err + } + + // Create newname. + if err := b.MkdirAll(fileSystem, filepath.Dir(newname), 0o777); err != nil { + return err + } + if b.verbose { + log.Printf("ln -s %s %s", oldname, newname) + } + return fileSystem.Symlink(oldname, newname) +} + +// WriteFile writes file path with contents and permissions perm. It will create +// any missing parent directories with default permissions. It is idempotent and +// will not fail if the file already exists, has contents contents, and +// permissions perm. +func (b *Builder) WriteFile(fileSystem vfs.FS, path string, contents []byte, perm fs.FileMode) error { + if info, err := fileSystem.Lstat(path); errors.Is(err, fs.ErrNotExist) { + // fallthrough to fileSystem.WriteFile + } else if err != nil { + return err + } else if !info.Mode().IsRegular() { + return fmt.Errorf("%s: not a regular file", path) + } else if gotPerm, wantPerm := info.Mode()&fs.ModePerm, perm&^b.umask; !PermEqual(gotPerm, wantPerm) { + return fmt.Errorf("%s has permissions 0%o, want 0%o", path, gotPerm, wantPerm) + } else { + gotContents, err := fileSystem.ReadFile(path) + if err != nil { + return err + } + if !bytes.Equal(gotContents, contents) { + return fmt.Errorf("%s: has contents %v, want %v", path, gotContents, contents) + } + return nil + } + if err := b.MkdirAll(fileSystem, filepath.Dir(path), 0o777); err != nil { + return err + } + if b.verbose { + log.Printf("install -m 0%o /dev/null %s", perm&^b.umask, path) + } + return fileSystem.WriteFile(path, contents, perm&^b.umask) +} + +// runTests recursively runs tests on fileSystem. +func runTests(t *testing.T, fileSystem vfs.FS, name string, test interface{}) { + t.Helper() + prefix := "" + if name != "" { + prefix = name + "_" + } + switch test := test.(type) { + case Test: + test(t, fileSystem) + case []Test: + for i, test := range test { + t.Run(prefix+strconv.Itoa(i), func(t *testing.T) { + //nolint:scopelint + test(t, fileSystem) + }) + } + case map[string]Test: + testNames := make([]string, 0, len(test)) + for testName := range test { + testNames = append(testNames, testName) + } + sort.Strings(testNames) + for _, testName := range testNames { + t.Run(prefix+testName, func(t *testing.T) { + //nolint:scopelint + test[testName](t, fileSystem) + }) + } + case []interface{}: + for _, u := range test { + runTests(t, fileSystem, name, u) + } + case map[string]interface{}: + testNames := make([]string, 0, len(test)) + for testName := range test { + testNames = append(testNames, testName) + } + sort.Strings(testNames) + for _, testName := range testNames { + runTests(t, fileSystem, prefix+testName, test[testName]) + } + case nil: + default: + t.Fatalf("%s: unsupported type %T", name, test) + } +} + +// RunTests recursively runs tests on fileSystem. +func RunTests(t *testing.T, fileSystem vfs.FS, name string, tests ...interface{}) { + t.Helper() + runTests(t, fileSystem, name, tests) +} + +// TestContents returns a PathTest that verifies the contents of the file are +// equal to wantContents. +func TestContents(wantContents []byte) PathTest { + return func(t *testing.T, fileSystem vfs.FS, path string) { + t.Helper() + if gotContents, err := fileSystem.ReadFile(path); err != nil || !bytes.Equal(gotContents, wantContents) { + t.Errorf("fileSystem.ReadFile(%q) == %v, %v, want %v, ", path, gotContents, err, wantContents) + } + } +} + +// TestContentsString returns a PathTest that verifies the contetnts of the +// file are equal to wantContentsStr. +func TestContentsString(wantContentsStr string) PathTest { + return func(t *testing.T, fileSystem vfs.FS, path string) { + t.Helper() + if gotContents, err := fileSystem.ReadFile(path); err != nil || string(gotContents) != wantContentsStr { + t.Errorf("fileSystem.ReadFile(%q) == %q, %v, want %q, ", path, gotContents, err, wantContentsStr) + } + } +} + +// testDoesNotExist is a PathTest that verifies that a file or directory does +// not exist. +var testDoesNotExist = func(t *testing.T, fileSystem vfs.FS, path string) { + t.Helper() + _, err := fileSystem.Lstat(path) + if got, want := errors.Is(err, fs.ErrNotExist), true; got != want { + t.Errorf("_, err := fileSystem.Lstat(%q); errors.Is(err, fs.ErrNotExist) == %v, want %v", path, got, want) + } +} + +// TestDoesNotExist is a PathTest that verifies that a file or directory does +// not exist. +var TestDoesNotExist PathTest = testDoesNotExist + +// TestIsDir is a PathTest that verifies that the path is a directory. +var TestIsDir = TestModeType(fs.ModeDir) + +// TestModePerm returns a PathTest that verifies that the path's permissions +// are equal to wantPerm. +func TestModePerm(wantPerm fs.FileMode) PathTest { + return func(t *testing.T, fileSystem vfs.FS, path string) { + t.Helper() + info, err := fileSystem.Lstat(path) + if err != nil { + t.Errorf("fileSystem.Lstat(%q) == %+v, %v, want !, ", path, info, err) + return + } + if gotPerm := info.Mode() & fs.ModePerm; !PermEqual(gotPerm, wantPerm) { + t.Errorf("fileSystem.Lstat(%q).Mode()&fs.ModePerm == 0%o, want 0%o", path, gotPerm, wantPerm) + } + } +} + +// TestModeIsRegular is a PathTest that tests that the path is a regular file. +var TestModeIsRegular = TestModeType(0) + +// TestModeType returns a PathTest that verifies that the path's mode type is +// equal to wantModeType. +func TestModeType(wantModeType fs.FileMode) PathTest { + return func(t *testing.T, fileSystem vfs.FS, path string) { + t.Helper() + info, err := fileSystem.Lstat(path) + if err != nil { + t.Errorf("fileSystem.Lstat(%q) == %+v, %v, want !, ", path, info, err) + return + } + if gotModeType := info.Mode() & fs.ModeType; gotModeType != wantModeType { + t.Errorf("fileSystem.Lstat(%q).Mode()&fs.ModeType == %v, want %v", path, gotModeType, wantModeType) + } + } +} + +// TestPath returns a Test that runs pathTests on path. +func TestPath(path string, pathTests ...PathTest) Test { + return func(t *testing.T, fileSystem vfs.FS) { + t.Helper() + for i, pathTest := range pathTests { + t.Run(strconv.Itoa(i), func(t *testing.T) { + //nolint:scopelint + pathTest(t, fileSystem, path) + }) + } + } +} + +// TestSize returns a PathTest that tests that path's Size() is equal to +// wantSize. +func TestSize(wantSize int64) PathTest { + return func(t *testing.T, fileSystem vfs.FS, path string) { + t.Helper() + info, err := fileSystem.Lstat(path) + if err != nil { + t.Errorf("fileSystem.Lstat(%q) == %+v, %v, want !, ", path, info, err) + return + } + if gotSize := info.Size(); gotSize != wantSize { + t.Errorf("fileSystem.Lstat(%q).Size() == %d, want %d", path, gotSize, wantSize) + } + } +} + +// TestSymlinkTarget returns a PathTest that tests that path's target is wantTarget. +func TestSymlinkTarget(wantTarget string) PathTest { + return func(t *testing.T, fileSystem vfs.FS, path string) { + t.Helper() + if gotTarget, err := fileSystem.Readlink(path); err != nil || gotTarget != wantTarget { + t.Errorf("fileSystem.Readlink(%q) == %q, %v, want %q, ", path, gotTarget, err, wantTarget) + return + } + } +} + +// TestMinSize returns a PathTest that tests that path's Size() is at least +// wantMinSize. +func TestMinSize(wantMinSize int64) PathTest { + return func(t *testing.T, fileSystem vfs.FS, path string) { + t.Helper() + info, err := fileSystem.Lstat(path) + if err != nil { + t.Errorf("fileSystem.Lstat(%q) == %+v, %v, want !, ", path, info, err) + return + } + if gotSize := info.Size(); gotSize < wantMinSize { + t.Errorf("fileSystem.Lstat(%q).Size() == %d, want >=%d", path, gotSize, wantMinSize) + } + } +} diff --git a/vendor/github.com/twpayne/go-vfs/v4/walk.go b/vendor/github.com/twpayne/go-vfs/v4/walk.go new file mode 100644 index 000000000..1075f1225 --- /dev/null +++ b/vendor/github.com/twpayne/go-vfs/v4/walk.go @@ -0,0 +1,74 @@ +package vfs + +//nolint:godox +// FIXME implement path/filepath.WalkDir + +import ( + "errors" + "io/fs" + "path/filepath" + "sort" +) + +// SkipDir is fs.SkipDir. +var SkipDir = fs.SkipDir + +// A LstatReadDirer implements all the functionality needed by Walk. +type LstatReadDirer interface { + Lstat(name string) (fs.FileInfo, error) + ReadDir(name string) ([]fs.DirEntry, error) +} + +type dirEntriesByName []fs.DirEntry + +func (is dirEntriesByName) Len() int { return len(is) } +func (is dirEntriesByName) Less(i, j int) bool { return is[i].Name() < is[j].Name() } +func (is dirEntriesByName) Swap(i, j int) { is[i], is[j] = is[j], is[i] } + +// walk recursively walks fileSystem from path. +func walk(fileSystem LstatReadDirer, path string, walkFn filepath.WalkFunc, info fs.FileInfo, err error) error { + if err != nil { + return walkFn(path, info, err) + } + err = walkFn(path, info, nil) + if !info.IsDir() { + return err + } + if errors.Is(err, fs.SkipDir) { + return nil + } + dirEntries, err := fileSystem.ReadDir(path) + if err != nil { + return err + } + sort.Sort(dirEntriesByName(dirEntries)) + for _, dirEntry := range dirEntries { + name := dirEntry.Name() + if name == "." || name == ".." { + continue + } + info, err := dirEntry.Info() + if err != nil { + return err + } + if err := walk(fileSystem, filepath.Join(path, dirEntry.Name()), walkFn, info, nil); err != nil { + return err + } + } + return nil +} + +// Walk is the equivalent of filepath.Walk but operates on fileSystem. Entries +// are returned in lexicographical order. +func Walk(fileSystem LstatReadDirer, path string, walkFn filepath.WalkFunc) error { + info, err := fileSystem.Lstat(path) + return walk(fileSystem, path, walkFn, info, err) +} + +// WalkSlash is the equivalent of Walk but all paths are converted to use +// forward slashes with filepath.ToSlash. +func WalkSlash(fileSystem LstatReadDirer, path string, walkFn filepath.WalkFunc) error { + return Walk(fileSystem, path, func(path string, info fs.FileInfo, err error) error { + return walkFn(filepath.ToSlash(path), info, err) + }) +} diff --git a/vendor/github.com/twpayne/go-vfs/v4/windows.go b/vendor/github.com/twpayne/go-vfs/v4/windows.go new file mode 100644 index 000000000..6bbcc871a --- /dev/null +++ b/vendor/github.com/twpayne/go-vfs/v4/windows.go @@ -0,0 +1,43 @@ +//go:build windows +// +build windows + +package vfs + +import ( + "path/filepath" + "strings" + "syscall" + + "golang.org/x/sys/windows" +) + +var ignoreErrnoInContains = map[syscall.Errno]struct{}{ + syscall.ELOOP: {}, + syscall.EMLINK: {}, + syscall.ENAMETOOLONG: {}, + syscall.ENOENT: {}, + syscall.EOVERFLOW: {}, + windows.ERROR_CANT_RESOLVE_FILENAME: {}, +} + +// relativizePath, on Windows, strips any leading volume name from path. Since +// this is used to prepare paths to have the prefix prepended, returned values +// use slashes instead of backslashes. +func relativizePath(path string) string { + if volumeName := filepath.VolumeName(path); volumeName != "" { + path = path[len(volumeName):] + } + return filepath.ToSlash(path) +} + +// trimPrefix, on Windows, trims prefix from path and returns an absolute path. +// prefix must be a /-separated path. Since this is used to prepare results to +// be returned to the calling client, returned values use backslashes instead of +// slashes +func trimPrefix(path, prefix string) (string, error) { + trimmedPath, err := filepath.Abs(strings.TrimPrefix(filepath.ToSlash(path), prefix)) + if err != nil { + return "", err + } + return filepath.FromSlash(trimmedPath), nil +} diff --git a/vendor/golang.org/x/net/html/doc.go b/vendor/golang.org/x/net/html/doc.go index 7a96eae33..2466ae3d9 100644 --- a/vendor/golang.org/x/net/html/doc.go +++ b/vendor/golang.org/x/net/html/doc.go @@ -99,14 +99,20 @@ Care should be taken when parsing and interpreting HTML, whether full documents or fragments, within the framework of the HTML specification, especially with regard to untrusted inputs. -This package provides both a tokenizer and a parser. Only the parser constructs -a DOM according to the HTML specification, resolving malformed and misplaced -tags where appropriate. The tokenizer simply tokenizes the HTML presented to it, -and as such does not resolve issues that may exist in the processed HTML, -producing a literal interpretation of the input. - -If your use case requires semantically well-formed HTML, as defined by the -WHATWG specifiction, the parser should be used rather than the tokenizer. +This package provides both a tokenizer and a parser, which implement the +tokenization, and tokenization and tree construction stages of the WHATWG HTML +parsing specification respectively. While the tokenizer parses and normalizes +individual HTML tokens, only the parser constructs the DOM tree from the +tokenized HTML, as described in the tree construction stage of the +specification, dynamically modifying or extending the docuemnt's DOM tree. + +If your use case requires semantically well-formed HTML documents, as defined by +the WHATWG specification, the parser should be used rather than the tokenizer. + +In security contexts, if trust decisions are being made using the tokenized or +parsed content, the input must be re-serialized (for instance by using Render or +Token.String) in order for those trust decisions to hold, as the process of +tokenization or parsing may alter the content. */ package html // import "golang.org/x/net/html" diff --git a/vendor/golang.org/x/net/http2/pipe.go b/vendor/golang.org/x/net/http2/pipe.go index c15b8a771..684d984fd 100644 --- a/vendor/golang.org/x/net/http2/pipe.go +++ b/vendor/golang.org/x/net/http2/pipe.go @@ -88,13 +88,9 @@ func (p *pipe) Write(d []byte) (n int, err error) { p.c.L = &p.mu } defer p.c.Signal() - if p.err != nil { + if p.err != nil || p.breakErr != nil { return 0, errClosedPipeWrite } - if p.breakErr != nil { - p.unread += len(d) - return len(d), nil // discard when there is no reader - } return p.b.Write(d) } diff --git a/vendor/golang.org/x/net/http2/server.go b/vendor/golang.org/x/net/http2/server.go index 8cb14f3c9..cd057f398 100644 --- a/vendor/golang.org/x/net/http2/server.go +++ b/vendor/golang.org/x/net/http2/server.go @@ -1822,15 +1822,18 @@ func (sc *serverConn) processData(f *DataFrame) error { } if len(data) > 0 { + st.bodyBytes += int64(len(data)) wrote, err := st.body.Write(data) if err != nil { + // The handler has closed the request body. + // Return the connection-level flow control for the discarded data, + // but not the stream-level flow control. sc.sendWindowUpdate(nil, int(f.Length)-wrote) - return sc.countError("body_write_err", streamError(id, ErrCodeStreamClosed)) + return nil } if wrote != len(data) { panic("internal error: bad Writer") } - st.bodyBytes += int64(len(data)) } // Return any padded flow control now, since we won't diff --git a/vendor/golang.org/x/net/http2/transport.go b/vendor/golang.org/x/net/http2/transport.go index 05ba23d3d..ac90a2631 100644 --- a/vendor/golang.org/x/net/http2/transport.go +++ b/vendor/golang.org/x/net/http2/transport.go @@ -560,10 +560,11 @@ func (t *Transport) RoundTripOpt(req *http.Request, opt RoundTripOpt) (*http.Res traceGotConn(req, cc, reused) res, err := cc.RoundTrip(req) if err != nil && retry <= 6 { + roundTripErr := err if req, err = shouldRetryRequest(req, err); err == nil { // After the first retry, do exponential backoff with 10% jitter. if retry == 0 { - t.vlogf("RoundTrip retrying after failure: %v", err) + t.vlogf("RoundTrip retrying after failure: %v", roundTripErr) continue } backoff := float64(uint(1) << (uint(retry) - 1)) @@ -572,7 +573,7 @@ func (t *Transport) RoundTripOpt(req *http.Request, opt RoundTripOpt) (*http.Res timer := backoffNewTimer(d) select { case <-timer.C: - t.vlogf("RoundTrip retrying after failure: %v", err) + t.vlogf("RoundTrip retrying after failure: %v", roundTripErr) continue case <-req.Context().Done(): timer.Stop() @@ -1265,6 +1266,27 @@ func (cc *ClientConn) RoundTrip(req *http.Request) (*http.Response, error) { return res, nil } + cancelRequest := func(cs *clientStream, err error) error { + cs.cc.mu.Lock() + defer cs.cc.mu.Unlock() + cs.abortStreamLocked(err) + if cs.ID != 0 { + // This request may have failed because of a problem with the connection, + // or for some unrelated reason. (For example, the user might have canceled + // the request without waiting for a response.) Mark the connection as + // not reusable, since trying to reuse a dead connection is worse than + // unnecessarily creating a new one. + // + // If cs.ID is 0, then the request was never allocated a stream ID and + // whatever went wrong was unrelated to the connection. We might have + // timed out waiting for a stream slot when StrictMaxConcurrentStreams + // is set, for example, in which case retrying on a different connection + // will not help. + cs.cc.doNotReuse = true + } + return err + } + for { select { case <-cs.respHeaderRecv: @@ -1279,15 +1301,12 @@ func (cc *ClientConn) RoundTrip(req *http.Request) (*http.Response, error) { return handleResponseHeaders() default: waitDone() - return nil, cs.abortErr + return nil, cancelRequest(cs, cs.abortErr) } case <-ctx.Done(): - err := ctx.Err() - cs.abortStream(err) - return nil, err + return nil, cancelRequest(cs, ctx.Err()) case <-cs.reqCancel: - cs.abortStream(errRequestCanceled) - return nil, errRequestCanceled + return nil, cancelRequest(cs, errRequestCanceled) } } } @@ -2555,6 +2574,9 @@ func (b transportResponseBody) Close() error { cs := b.cs cc := cs.cc + cs.bufPipe.BreakWithError(errClosedResponseBody) + cs.abortStream(errClosedResponseBody) + unread := cs.bufPipe.Len() if unread > 0 { cc.mu.Lock() @@ -2573,9 +2595,6 @@ func (b transportResponseBody) Close() error { cc.wmu.Unlock() } - cs.bufPipe.BreakWithError(errClosedResponseBody) - cs.abortStream(errClosedResponseBody) - select { case <-cs.donec: case <-cs.ctx.Done(): diff --git a/vendor/golang.org/x/sys/unix/ioctl_signed.go b/vendor/golang.org/x/sys/unix/ioctl_signed.go new file mode 100644 index 000000000..7def9580e --- /dev/null +++ b/vendor/golang.org/x/sys/unix/ioctl_signed.go @@ -0,0 +1,70 @@ +// Copyright 2018 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +//go:build aix || solaris +// +build aix solaris + +package unix + +import ( + "unsafe" +) + +// ioctl itself should not be exposed directly, but additional get/set +// functions for specific types are permissible. + +// IoctlSetInt performs an ioctl operation which sets an integer value +// on fd, using the specified request number. +func IoctlSetInt(fd int, req int, value int) error { + return ioctl(fd, req, uintptr(value)) +} + +// IoctlSetPointerInt performs an ioctl operation which sets an +// integer value on fd, using the specified request number. The ioctl +// argument is called with a pointer to the integer value, rather than +// passing the integer value directly. +func IoctlSetPointerInt(fd int, req int, value int) error { + v := int32(value) + return ioctlPtr(fd, req, unsafe.Pointer(&v)) +} + +// IoctlSetWinsize performs an ioctl on fd with a *Winsize argument. +// +// To change fd's window size, the req argument should be TIOCSWINSZ. +func IoctlSetWinsize(fd int, req int, value *Winsize) error { + // TODO: if we get the chance, remove the req parameter and + // hardcode TIOCSWINSZ. + return ioctlPtr(fd, req, unsafe.Pointer(value)) +} + +// IoctlSetTermios performs an ioctl on fd with a *Termios. +// +// The req value will usually be TCSETA or TIOCSETA. +func IoctlSetTermios(fd int, req int, value *Termios) error { + // TODO: if we get the chance, remove the req parameter. + return ioctlPtr(fd, req, unsafe.Pointer(value)) +} + +// IoctlGetInt performs an ioctl operation which gets an integer value +// from fd, using the specified request number. +// +// A few ioctl requests use the return value as an output parameter; +// for those, IoctlRetInt should be used instead of this function. +func IoctlGetInt(fd int, req int) (int, error) { + var value int + err := ioctlPtr(fd, req, unsafe.Pointer(&value)) + return value, err +} + +func IoctlGetWinsize(fd int, req int) (*Winsize, error) { + var value Winsize + err := ioctlPtr(fd, req, unsafe.Pointer(&value)) + return &value, err +} + +func IoctlGetTermios(fd int, req int) (*Termios, error) { + var value Termios + err := ioctlPtr(fd, req, unsafe.Pointer(&value)) + return &value, err +} diff --git a/vendor/golang.org/x/sys/unix/ioctl.go b/vendor/golang.org/x/sys/unix/ioctl_unsigned.go similarity index 92% rename from vendor/golang.org/x/sys/unix/ioctl.go rename to vendor/golang.org/x/sys/unix/ioctl_unsigned.go index 7ce8dd406..649913d1e 100644 --- a/vendor/golang.org/x/sys/unix/ioctl.go +++ b/vendor/golang.org/x/sys/unix/ioctl_unsigned.go @@ -2,8 +2,8 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -//go:build aix || darwin || dragonfly || freebsd || hurd || linux || netbsd || openbsd || solaris -// +build aix darwin dragonfly freebsd hurd linux netbsd openbsd solaris +//go:build darwin || dragonfly || freebsd || hurd || linux || netbsd || openbsd +// +build darwin dragonfly freebsd hurd linux netbsd openbsd package unix diff --git a/vendor/golang.org/x/sys/unix/ioctl_zos.go b/vendor/golang.org/x/sys/unix/ioctl_zos.go index 6532f09af..cdc21bf76 100644 --- a/vendor/golang.org/x/sys/unix/ioctl_zos.go +++ b/vendor/golang.org/x/sys/unix/ioctl_zos.go @@ -17,14 +17,14 @@ import ( // IoctlSetInt performs an ioctl operation which sets an integer value // on fd, using the specified request number. -func IoctlSetInt(fd int, req uint, value int) error { +func IoctlSetInt(fd int, req int, value int) error { return ioctl(fd, req, uintptr(value)) } // IoctlSetWinsize performs an ioctl on fd with a *Winsize argument. // // To change fd's window size, the req argument should be TIOCSWINSZ. -func IoctlSetWinsize(fd int, req uint, value *Winsize) error { +func IoctlSetWinsize(fd int, req int, value *Winsize) error { // TODO: if we get the chance, remove the req parameter and // hardcode TIOCSWINSZ. return ioctlPtr(fd, req, unsafe.Pointer(value)) @@ -33,7 +33,7 @@ func IoctlSetWinsize(fd int, req uint, value *Winsize) error { // IoctlSetTermios performs an ioctl on fd with a *Termios. // // The req value is expected to be TCSETS, TCSETSW, or TCSETSF -func IoctlSetTermios(fd int, req uint, value *Termios) error { +func IoctlSetTermios(fd int, req int, value *Termios) error { if (req != TCSETS) && (req != TCSETSW) && (req != TCSETSF) { return ENOSYS } @@ -47,13 +47,13 @@ func IoctlSetTermios(fd int, req uint, value *Termios) error { // // A few ioctl requests use the return value as an output parameter; // for those, IoctlRetInt should be used instead of this function. -func IoctlGetInt(fd int, req uint) (int, error) { +func IoctlGetInt(fd int, req int) (int, error) { var value int err := ioctlPtr(fd, req, unsafe.Pointer(&value)) return value, err } -func IoctlGetWinsize(fd int, req uint) (*Winsize, error) { +func IoctlGetWinsize(fd int, req int) (*Winsize, error) { var value Winsize err := ioctlPtr(fd, req, unsafe.Pointer(&value)) return &value, err @@ -62,7 +62,7 @@ func IoctlGetWinsize(fd int, req uint) (*Winsize, error) { // IoctlGetTermios performs an ioctl on fd with a *Termios. // // The req value is expected to be TCGETS -func IoctlGetTermios(fd int, req uint) (*Termios, error) { +func IoctlGetTermios(fd int, req int) (*Termios, error) { var value Termios if req != TCGETS { return &value, ENOSYS diff --git a/vendor/golang.org/x/sys/unix/mkall.sh b/vendor/golang.org/x/sys/unix/mkall.sh index 8e3947c36..e6f31d374 100644 --- a/vendor/golang.org/x/sys/unix/mkall.sh +++ b/vendor/golang.org/x/sys/unix/mkall.sh @@ -50,7 +50,7 @@ if [[ "$GOOS" = "linux" ]]; then # Use the Docker-based build system # Files generated through docker (use $cmd so you can Ctl-C the build or run) $cmd docker build --tag generate:$GOOS $GOOS - $cmd docker run --interactive --tty --volume $(cd -- "$(dirname -- "$0")/.." && /bin/pwd):/build generate:$GOOS + $cmd docker run --interactive --tty --volume $(cd -- "$(dirname -- "$0")/.." && pwd):/build generate:$GOOS exit fi diff --git a/vendor/golang.org/x/sys/unix/mkerrors.sh b/vendor/golang.org/x/sys/unix/mkerrors.sh index 7456d9ddd..315646271 100644 --- a/vendor/golang.org/x/sys/unix/mkerrors.sh +++ b/vendor/golang.org/x/sys/unix/mkerrors.sh @@ -66,6 +66,7 @@ includes_Darwin=' #include #include #include +#include #include #include #include @@ -203,6 +204,7 @@ struct ltchars { #include #include #include +#include #include #include #include @@ -517,10 +519,11 @@ ccflags="$@" $2 ~ /^LOCK_(SH|EX|NB|UN)$/ || $2 ~ /^LO_(KEY|NAME)_SIZE$/ || $2 ~ /^LOOP_(CLR|CTL|GET|SET)_/ || - $2 ~ /^(AF|SOCK|SO|SOL|IPPROTO|IP|IPV6|TCP|MCAST|EVFILT|NOTE|SHUT|PROT|MAP|MFD|T?PACKET|MSG|SCM|MCL|DT|MADV|PR|LOCAL|TCPOPT)_/ || + $2 ~ /^(AF|SOCK|SO|SOL|IPPROTO|IP|IPV6|TCP|MCAST|EVFILT|NOTE|SHUT|PROT|MAP|MFD|T?PACKET|MSG|SCM|MCL|DT|MADV|PR|LOCAL|TCPOPT|UDP)_/ || $2 ~ /^NFC_(GENL|PROTO|COMM|RF|SE|DIRECTION|LLCP|SOCKPROTO)_/ || $2 ~ /^NFC_.*_(MAX)?SIZE$/ || $2 ~ /^RAW_PAYLOAD_/ || + $2 ~ /^[US]F_/ || $2 ~ /^TP_STATUS_/ || $2 ~ /^FALLOC_/ || $2 ~ /^ICMPV?6?_(FILTER|SEC)/ || @@ -738,7 +741,8 @@ main(void) e = errors[i].num; if(i > 0 && errors[i-1].num == e) continue; - strcpy(buf, strerror(e)); + strncpy(buf, strerror(e), sizeof(buf) - 1); + buf[sizeof(buf) - 1] = '\0'; // lowercase first letter: Bad -> bad, but STREAM -> STREAM. if(A <= buf[0] && buf[0] <= Z && a <= buf[1] && buf[1] <= z) buf[0] += a - A; @@ -757,7 +761,8 @@ main(void) e = signals[i].num; if(i > 0 && signals[i-1].num == e) continue; - strcpy(buf, strsignal(e)); + strncpy(buf, strsignal(e), sizeof(buf) - 1); + buf[sizeof(buf) - 1] = '\0'; // lowercase first letter: Bad -> bad, but STREAM -> STREAM. if(A <= buf[0] && buf[0] <= Z && a <= buf[1] && buf[1] <= z) buf[0] += a - A; diff --git a/vendor/golang.org/x/sys/unix/syscall_aix.go b/vendor/golang.org/x/sys/unix/syscall_aix.go index d9f5544cc..c406ae00f 100644 --- a/vendor/golang.org/x/sys/unix/syscall_aix.go +++ b/vendor/golang.org/x/sys/unix/syscall_aix.go @@ -408,8 +408,8 @@ func (w WaitStatus) CoreDump() bool { return w&0x80 == 0x80 } func (w WaitStatus) TrapCause() int { return -1 } -//sys ioctl(fd int, req uint, arg uintptr) (err error) -//sys ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) = ioctl +//sys ioctl(fd int, req int, arg uintptr) (err error) +//sys ioctlPtr(fd int, req int, arg unsafe.Pointer) (err error) = ioctl // fcntl must never be called with cmd=F_DUP2FD because it doesn't work on AIX // There is no way to create a custom fcntl and to keep //sys fcntl easily, diff --git a/vendor/golang.org/x/sys/unix/syscall_aix_ppc.go b/vendor/golang.org/x/sys/unix/syscall_aix_ppc.go index e92a0be16..f2871fa95 100644 --- a/vendor/golang.org/x/sys/unix/syscall_aix_ppc.go +++ b/vendor/golang.org/x/sys/unix/syscall_aix_ppc.go @@ -8,7 +8,6 @@ package unix //sysnb Getrlimit(resource int, rlim *Rlimit) (err error) = getrlimit64 -//sysnb Setrlimit(resource int, rlim *Rlimit) (err error) = setrlimit64 //sys Seek(fd int, offset int64, whence int) (off int64, err error) = lseek64 //sys mmap(addr uintptr, length uintptr, prot int, flags int, fd int, offset int64) (xaddr uintptr, err error) diff --git a/vendor/golang.org/x/sys/unix/syscall_aix_ppc64.go b/vendor/golang.org/x/sys/unix/syscall_aix_ppc64.go index 16eed1709..75718ec0f 100644 --- a/vendor/golang.org/x/sys/unix/syscall_aix_ppc64.go +++ b/vendor/golang.org/x/sys/unix/syscall_aix_ppc64.go @@ -8,7 +8,6 @@ package unix //sysnb Getrlimit(resource int, rlim *Rlimit) (err error) -//sysnb Setrlimit(resource int, rlim *Rlimit) (err error) //sys Seek(fd int, offset int64, whence int) (off int64, err error) = lseek //sys mmap(addr uintptr, length uintptr, prot int, flags int, fd int, offset int64) (xaddr uintptr, err error) = mmap64 diff --git a/vendor/golang.org/x/sys/unix/syscall_darwin.go b/vendor/golang.org/x/sys/unix/syscall_darwin.go index 7064d6eba..206921504 100644 --- a/vendor/golang.org/x/sys/unix/syscall_darwin.go +++ b/vendor/golang.org/x/sys/unix/syscall_darwin.go @@ -613,6 +613,7 @@ func SysctlKinfoProcSlice(name string, args ...int) ([]KinfoProc, error) { //sys Rmdir(path string) (err error) //sys Seek(fd int, offset int64, whence int) (newoffset int64, err error) = SYS_LSEEK //sys Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) +//sys Setattrlist(path string, attrlist *Attrlist, attrBuf []byte, options int) (err error) //sys Setegid(egid int) (err error) //sysnb Seteuid(euid int) (err error) //sysnb Setgid(gid int) (err error) @@ -622,7 +623,6 @@ func SysctlKinfoProcSlice(name string, args ...int) ([]KinfoProc, error) { //sys Setprivexec(flag int) (err error) //sysnb Setregid(rgid int, egid int) (err error) //sysnb Setreuid(ruid int, euid int) (err error) -//sysnb Setrlimit(which int, lim *Rlimit) (err error) //sysnb Setsid() (pid int, err error) //sysnb Settimeofday(tp *Timeval) (err error) //sysnb Setuid(uid int) (err error) @@ -676,7 +676,6 @@ func SysctlKinfoProcSlice(name string, args ...int) ([]KinfoProc, error) { // Kqueue_from_portset_np // Kqueue_portset // Getattrlist -// Setattrlist // Getdirentriesattr // Searchfs // Delete diff --git a/vendor/golang.org/x/sys/unix/syscall_dragonfly.go b/vendor/golang.org/x/sys/unix/syscall_dragonfly.go index 221efc26b..d4ce988e7 100644 --- a/vendor/golang.org/x/sys/unix/syscall_dragonfly.go +++ b/vendor/golang.org/x/sys/unix/syscall_dragonfly.go @@ -326,7 +326,6 @@ func Sendfile(outfd int, infd int, offset *int64, count int) (written int, err e //sysnb Setreuid(ruid int, euid int) (err error) //sysnb Setresgid(rgid int, egid int, sgid int) (err error) //sysnb Setresuid(ruid int, euid int, suid int) (err error) -//sysnb Setrlimit(which int, lim *Rlimit) (err error) //sysnb Setsid() (pid int, err error) //sysnb Settimeofday(tp *Timeval) (err error) //sysnb Setuid(uid int) (err error) diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd.go b/vendor/golang.org/x/sys/unix/syscall_freebsd.go index 5bdde03e4..afb10106f 100644 --- a/vendor/golang.org/x/sys/unix/syscall_freebsd.go +++ b/vendor/golang.org/x/sys/unix/syscall_freebsd.go @@ -433,7 +433,6 @@ func Dup3(oldfd, newfd, flags int) error { //sysnb Setreuid(ruid int, euid int) (err error) //sysnb Setresgid(rgid int, egid int, sgid int) (err error) //sysnb Setresuid(ruid int, euid int, suid int) (err error) -//sysnb Setrlimit(which int, lim *Rlimit) (err error) //sysnb Setsid() (pid int, err error) //sysnb Settimeofday(tp *Timeval) (err error) //sysnb Setuid(uid int) (err error) diff --git a/vendor/golang.org/x/sys/unix/syscall_linux.go b/vendor/golang.org/x/sys/unix/syscall_linux.go index 973533153..6de486bef 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux.go @@ -1699,12 +1699,23 @@ func PtracePokeUser(pid int, addr uintptr, data []byte) (count int, err error) { return ptracePoke(PTRACE_POKEUSR, PTRACE_PEEKUSR, pid, addr, data) } +// elfNT_PRSTATUS is a copy of the debug/elf.NT_PRSTATUS constant so +// x/sys/unix doesn't need to depend on debug/elf and thus +// compress/zlib, debug/dwarf, and other packages. +const elfNT_PRSTATUS = 1 + func PtraceGetRegs(pid int, regsout *PtraceRegs) (err error) { - return ptracePtr(PTRACE_GETREGS, pid, 0, unsafe.Pointer(regsout)) + var iov Iovec + iov.Base = (*byte)(unsafe.Pointer(regsout)) + iov.SetLen(int(unsafe.Sizeof(*regsout))) + return ptracePtr(PTRACE_GETREGSET, pid, uintptr(elfNT_PRSTATUS), unsafe.Pointer(&iov)) } func PtraceSetRegs(pid int, regs *PtraceRegs) (err error) { - return ptracePtr(PTRACE_SETREGS, pid, 0, unsafe.Pointer(regs)) + var iov Iovec + iov.Base = (*byte)(unsafe.Pointer(regs)) + iov.SetLen(int(unsafe.Sizeof(*regs))) + return ptracePtr(PTRACE_SETREGSET, pid, uintptr(elfNT_PRSTATUS), unsafe.Pointer(&iov)) } func PtraceSetOptions(pid int, options int) (err error) { @@ -1873,7 +1884,6 @@ func Getpgrp() (pid int) { //sys OpenTree(dfd int, fileName string, flags uint) (r int, err error) //sys PerfEventOpen(attr *PerfEventAttr, pid int, cpu int, groupFd int, flags int) (fd int, err error) //sys PivotRoot(newroot string, putold string) (err error) = SYS_PIVOT_ROOT -//sysnb Prlimit(pid int, resource int, newlimit *Rlimit, old *Rlimit) (err error) = SYS_PRLIMIT64 //sys Prctl(option int, arg2 uintptr, arg3 uintptr, arg4 uintptr, arg5 uintptr) (err error) //sys Pselect(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timespec, sigmask *Sigset_t) (n int, err error) = SYS_PSELECT6 //sys read(fd int, p []byte) (n int, err error) @@ -1887,6 +1897,15 @@ func Getpgrp() (pid int) { //sysnb Settimeofday(tv *Timeval) (err error) //sys Setns(fd int, nstype int) (err error) +//go:linkname syscall_prlimit syscall.prlimit +func syscall_prlimit(pid, resource int, newlimit, old *syscall.Rlimit) error + +func Prlimit(pid, resource int, newlimit, old *Rlimit) error { + // Just call the syscall version, because as of Go 1.21 + // it will affect starting a new process. + return syscall_prlimit(pid, resource, (*syscall.Rlimit)(newlimit), (*syscall.Rlimit)(old)) +} + // PrctlRetInt performs a prctl operation specified by option and further // optional arguments arg2 through arg5 depending on option. It returns a // non-negative integer that is returned by the prctl syscall. @@ -2412,6 +2431,21 @@ func PthreadSigmask(how int, set, oldset *Sigset_t) error { return rtSigprocmask(how, set, oldset, _C__NSIG/8) } +//sysnb getresuid(ruid *_C_int, euid *_C_int, suid *_C_int) +//sysnb getresgid(rgid *_C_int, egid *_C_int, sgid *_C_int) + +func Getresuid() (ruid, euid, suid int) { + var r, e, s _C_int + getresuid(&r, &e, &s) + return int(r), int(e), int(s) +} + +func Getresgid() (rgid, egid, sgid int) { + var r, e, s _C_int + getresgid(&r, &e, &s) + return int(r), int(e), int(s) +} + /* * Unimplemented */ diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_386.go b/vendor/golang.org/x/sys/unix/syscall_linux_386.go index ff5b5899d..c7d9945ea 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_386.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_386.go @@ -97,33 +97,6 @@ func Getrlimit(resource int, rlim *Rlimit) (err error) { return } -//sysnb setrlimit(resource int, rlim *rlimit32) (err error) = SYS_SETRLIMIT - -func Setrlimit(resource int, rlim *Rlimit) (err error) { - err = Prlimit(0, resource, rlim, nil) - if err != ENOSYS { - return err - } - - rl := rlimit32{} - if rlim.Cur == rlimInf64 { - rl.Cur = rlimInf32 - } else if rlim.Cur < uint64(rlimInf32) { - rl.Cur = uint32(rlim.Cur) - } else { - return EINVAL - } - if rlim.Max == rlimInf64 { - rl.Max = rlimInf32 - } else if rlim.Max < uint64(rlimInf32) { - rl.Max = uint32(rlim.Max) - } else { - return EINVAL - } - - return setrlimit(resource, &rl) -} - func Seek(fd int, offset int64, whence int) (newoffset int64, err error) { newoffset, errno := seek(fd, offset, whence) if errno != 0 { diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_amd64.go b/vendor/golang.org/x/sys/unix/syscall_linux_amd64.go index 9b2703532..5b21fcfd7 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_amd64.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_amd64.go @@ -46,7 +46,6 @@ func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err //sys sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) //sys setfsgid(gid int) (prev int, err error) //sys setfsuid(uid int) (prev int, err error) -//sysnb Setrlimit(resource int, rlim *Rlimit) (err error) //sys Shutdown(fd int, how int) (err error) //sys Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int64, err error) diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_arm.go b/vendor/golang.org/x/sys/unix/syscall_linux_arm.go index 856ad1d63..da2986415 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_arm.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_arm.go @@ -171,33 +171,6 @@ func Getrlimit(resource int, rlim *Rlimit) (err error) { return } -//sysnb setrlimit(resource int, rlim *rlimit32) (err error) = SYS_SETRLIMIT - -func Setrlimit(resource int, rlim *Rlimit) (err error) { - err = Prlimit(0, resource, rlim, nil) - if err != ENOSYS { - return err - } - - rl := rlimit32{} - if rlim.Cur == rlimInf64 { - rl.Cur = rlimInf32 - } else if rlim.Cur < uint64(rlimInf32) { - rl.Cur = uint32(rlim.Cur) - } else { - return EINVAL - } - if rlim.Max == rlimInf64 { - rl.Max = rlimInf32 - } else if rlim.Max < uint64(rlimInf32) { - rl.Max = uint32(rlim.Max) - } else { - return EINVAL - } - - return setrlimit(resource, &rl) -} - func (r *PtraceRegs) PC() uint64 { return uint64(r.Uregs[15]) } func (r *PtraceRegs) SetPC(pc uint64) { r.Uregs[15] = uint32(pc) } diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go b/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go index 6422704bc..a81f5742b 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go @@ -39,7 +39,6 @@ func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err //sys sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) //sys setfsgid(gid int) (prev int, err error) //sys setfsuid(uid int) (prev int, err error) -//sysnb setrlimit(resource int, rlim *Rlimit) (err error) //sys Shutdown(fd int, how int) (err error) //sys Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int64, err error) @@ -143,15 +142,6 @@ func Getrlimit(resource int, rlim *Rlimit) error { return getrlimit(resource, rlim) } -// Setrlimit prefers the prlimit64 system call. See issue 38604. -func Setrlimit(resource int, rlim *Rlimit) error { - err := Prlimit(0, resource, rlim, nil) - if err != ENOSYS { - return err - } - return setrlimit(resource, rlim) -} - func (r *PtraceRegs) PC() uint64 { return r.Pc } func (r *PtraceRegs) SetPC(pc uint64) { r.Pc = pc } diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_loong64.go b/vendor/golang.org/x/sys/unix/syscall_linux_loong64.go index 59dab510e..69d2d7c3d 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_loong64.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_loong64.go @@ -126,11 +126,6 @@ func Getrlimit(resource int, rlim *Rlimit) (err error) { return } -func Setrlimit(resource int, rlim *Rlimit) (err error) { - err = Prlimit(0, resource, rlim, nil) - return -} - func futimesat(dirfd int, path string, tv *[2]Timeval) (err error) { if tv == nil { return utimensat(dirfd, path, nil, 0) diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_mips64x.go b/vendor/golang.org/x/sys/unix/syscall_linux_mips64x.go index bfef09a39..76d564095 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_mips64x.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_mips64x.go @@ -37,7 +37,6 @@ func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err //sys sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) //sys setfsgid(gid int) (prev int, err error) //sys setfsuid(uid int) (prev int, err error) -//sysnb Setrlimit(resource int, rlim *Rlimit) (err error) //sys Shutdown(fd int, how int) (err error) //sys Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int64, err error) //sys Statfs(path string, buf *Statfs_t) (err error) diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_mipsx.go b/vendor/golang.org/x/sys/unix/syscall_linux_mipsx.go index ab3025096..aae7f0ffd 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_mipsx.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_mipsx.go @@ -151,33 +151,6 @@ func Getrlimit(resource int, rlim *Rlimit) (err error) { return } -//sysnb setrlimit(resource int, rlim *rlimit32) (err error) = SYS_SETRLIMIT - -func Setrlimit(resource int, rlim *Rlimit) (err error) { - err = Prlimit(0, resource, rlim, nil) - if err != ENOSYS { - return err - } - - rl := rlimit32{} - if rlim.Cur == rlimInf64 { - rl.Cur = rlimInf32 - } else if rlim.Cur < uint64(rlimInf32) { - rl.Cur = uint32(rlim.Cur) - } else { - return EINVAL - } - if rlim.Max == rlimInf64 { - rl.Max = rlimInf32 - } else if rlim.Max < uint64(rlimInf32) { - rl.Max = uint32(rlim.Max) - } else { - return EINVAL - } - - return setrlimit(resource, &rl) -} - func (r *PtraceRegs) PC() uint64 { return r.Epc } func (r *PtraceRegs) SetPC(pc uint64) { r.Epc = pc } diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_ppc.go b/vendor/golang.org/x/sys/unix/syscall_linux_ppc.go index eac1cf1ac..66eff19a3 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_ppc.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_ppc.go @@ -159,33 +159,6 @@ func Getrlimit(resource int, rlim *Rlimit) (err error) { return } -//sysnb setrlimit(resource int, rlim *rlimit32) (err error) = SYS_SETRLIMIT - -func Setrlimit(resource int, rlim *Rlimit) (err error) { - err = Prlimit(0, resource, rlim, nil) - if err != ENOSYS { - return err - } - - rl := rlimit32{} - if rlim.Cur == rlimInf64 { - rl.Cur = rlimInf32 - } else if rlim.Cur < uint64(rlimInf32) { - rl.Cur = uint32(rlim.Cur) - } else { - return EINVAL - } - if rlim.Max == rlimInf64 { - rl.Max = rlimInf32 - } else if rlim.Max < uint64(rlimInf32) { - rl.Max = uint32(rlim.Max) - } else { - return EINVAL - } - - return setrlimit(resource, &rl) -} - func (r *PtraceRegs) PC() uint32 { return r.Nip } func (r *PtraceRegs) SetPC(pc uint32) { r.Nip = pc } diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_ppc64x.go b/vendor/golang.org/x/sys/unix/syscall_linux_ppc64x.go index 4df56616b..806aa2574 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_ppc64x.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_ppc64x.go @@ -34,7 +34,6 @@ package unix //sys sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) //sys setfsgid(gid int) (prev int, err error) //sys setfsuid(uid int) (prev int, err error) -//sysnb Setrlimit(resource int, rlim *Rlimit) (err error) //sys Shutdown(fd int, how int) (err error) //sys Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int64, err error) //sys Stat(path string, stat *Stat_t) (err error) diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go b/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go index 5f4243dea..35851ef70 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go @@ -38,7 +38,6 @@ func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err //sys sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) //sys setfsgid(gid int) (prev int, err error) //sys setfsuid(uid int) (prev int, err error) -//sysnb Setrlimit(resource int, rlim *Rlimit) (err error) //sys Shutdown(fd int, how int) (err error) //sys Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int64, err error) diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_s390x.go b/vendor/golang.org/x/sys/unix/syscall_linux_s390x.go index d0a7d4066..2f89e8f5d 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_s390x.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_s390x.go @@ -34,7 +34,6 @@ import ( //sys sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) //sys setfsgid(gid int) (prev int, err error) //sys setfsuid(uid int) (prev int, err error) -//sysnb Setrlimit(resource int, rlim *Rlimit) (err error) //sys Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int64, err error) //sys Stat(path string, stat *Stat_t) (err error) //sys Statfs(path string, buf *Statfs_t) (err error) diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_sparc64.go b/vendor/golang.org/x/sys/unix/syscall_linux_sparc64.go index f5c793be2..7ca064ae7 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_sparc64.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_sparc64.go @@ -31,7 +31,6 @@ package unix //sys sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) //sys setfsgid(gid int) (prev int, err error) //sys setfsuid(uid int) (prev int, err error) -//sysnb Setrlimit(resource int, rlim *Rlimit) (err error) //sys Shutdown(fd int, how int) (err error) //sys Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int64, err error) //sys Stat(path string, stat *Stat_t) (err error) diff --git a/vendor/golang.org/x/sys/unix/syscall_netbsd.go b/vendor/golang.org/x/sys/unix/syscall_netbsd.go index e66865dcc..018d7d478 100644 --- a/vendor/golang.org/x/sys/unix/syscall_netbsd.go +++ b/vendor/golang.org/x/sys/unix/syscall_netbsd.go @@ -340,7 +340,6 @@ func Statvfs(path string, buf *Statvfs_t) (err error) { //sys Setpriority(which int, who int, prio int) (err error) //sysnb Setregid(rgid int, egid int) (err error) //sysnb Setreuid(ruid int, euid int) (err error) -//sysnb Setrlimit(which int, lim *Rlimit) (err error) //sysnb Setsid() (pid int, err error) //sysnb Settimeofday(tp *Timeval) (err error) //sysnb Setuid(uid int) (err error) @@ -501,7 +500,6 @@ func Statvfs(path string, buf *Statvfs_t) (err error) { // compat_43_osendmsg // compat_43_osethostid // compat_43_osethostname -// compat_43_osetrlimit // compat_43_osigblock // compat_43_osigsetmask // compat_43_osigstack diff --git a/vendor/golang.org/x/sys/unix/syscall_openbsd.go b/vendor/golang.org/x/sys/unix/syscall_openbsd.go index 5e9de23ae..c5f166a11 100644 --- a/vendor/golang.org/x/sys/unix/syscall_openbsd.go +++ b/vendor/golang.org/x/sys/unix/syscall_openbsd.go @@ -151,6 +151,21 @@ func Getfsstat(buf []Statfs_t, flags int) (n int, err error) { return } +//sysnb getresuid(ruid *_C_int, euid *_C_int, suid *_C_int) +//sysnb getresgid(rgid *_C_int, egid *_C_int, sgid *_C_int) + +func Getresuid() (ruid, euid, suid int) { + var r, e, s _C_int + getresuid(&r, &e, &s) + return int(r), int(e), int(s) +} + +func Getresgid() (rgid, egid, sgid int) { + var r, e, s _C_int + getresgid(&r, &e, &s) + return int(r), int(e), int(s) +} + //sys ioctl(fd int, req uint, arg uintptr) (err error) //sys ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) = SYS_IOCTL @@ -294,7 +309,6 @@ func Uname(uname *Utsname) error { //sysnb Setreuid(ruid int, euid int) (err error) //sysnb Setresgid(rgid int, egid int, sgid int) (err error) //sysnb Setresuid(ruid int, euid int, suid int) (err error) -//sysnb Setrlimit(which int, lim *Rlimit) (err error) //sysnb Setrtable(rtable int) (err error) //sysnb Setsid() (pid int, err error) //sysnb Settimeofday(tp *Timeval) (err error) @@ -339,8 +353,6 @@ func Uname(uname *Utsname) error { // getgid // getitimer // getlogin -// getresgid -// getresuid // getthrid // ktrace // lfs_bmapv diff --git a/vendor/golang.org/x/sys/unix/syscall_solaris.go b/vendor/golang.org/x/sys/unix/syscall_solaris.go index d3444b64d..b600a289d 100644 --- a/vendor/golang.org/x/sys/unix/syscall_solaris.go +++ b/vendor/golang.org/x/sys/unix/syscall_solaris.go @@ -545,24 +545,24 @@ func Minor(dev uint64) uint32 { * Expose the ioctl function */ -//sys ioctlRet(fd int, req uint, arg uintptr) (ret int, err error) = libc.ioctl -//sys ioctlPtrRet(fd int, req uint, arg unsafe.Pointer) (ret int, err error) = libc.ioctl +//sys ioctlRet(fd int, req int, arg uintptr) (ret int, err error) = libc.ioctl +//sys ioctlPtrRet(fd int, req int, arg unsafe.Pointer) (ret int, err error) = libc.ioctl -func ioctl(fd int, req uint, arg uintptr) (err error) { +func ioctl(fd int, req int, arg uintptr) (err error) { _, err = ioctlRet(fd, req, arg) return err } -func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { +func ioctlPtr(fd int, req int, arg unsafe.Pointer) (err error) { _, err = ioctlPtrRet(fd, req, arg) return err } -func IoctlSetTermio(fd int, req uint, value *Termio) error { +func IoctlSetTermio(fd int, req int, value *Termio) error { return ioctlPtr(fd, req, unsafe.Pointer(value)) } -func IoctlGetTermio(fd int, req uint) (*Termio, error) { +func IoctlGetTermio(fd int, req int) (*Termio, error) { var value Termio err := ioctlPtr(fd, req, unsafe.Pointer(&value)) return &value, err @@ -665,7 +665,6 @@ func Sendfile(outfd int, infd int, offset *int64, count int) (written int, err e //sys Setpriority(which int, who int, prio int) (err error) //sysnb Setregid(rgid int, egid int) (err error) //sysnb Setreuid(ruid int, euid int) (err error) -//sysnb Setrlimit(which int, lim *Rlimit) (err error) //sysnb Setsid() (pid int, err error) //sysnb Setuid(uid int) (err error) //sys Shutdown(s int, how int) (err error) = libsocket.shutdown @@ -1080,11 +1079,11 @@ func Getmsg(fd int, cl []byte, data []byte) (retCl []byte, retData []byte, flags return retCl, retData, flags, nil } -func IoctlSetIntRetInt(fd int, req uint, arg int) (int, error) { +func IoctlSetIntRetInt(fd int, req int, arg int) (int, error) { return ioctlRet(fd, req, uintptr(arg)) } -func IoctlSetString(fd int, req uint, val string) error { +func IoctlSetString(fd int, req int, val string) error { bs := make([]byte, len(val)+1) copy(bs[:len(bs)-1], val) err := ioctlPtr(fd, req, unsafe.Pointer(&bs[0])) @@ -1120,7 +1119,7 @@ func (l *Lifreq) GetLifruUint() uint { return *(*uint)(unsafe.Pointer(&l.Lifru[0])) } -func IoctlLifreq(fd int, req uint, l *Lifreq) error { +func IoctlLifreq(fd int, req int, l *Lifreq) error { return ioctlPtr(fd, req, unsafe.Pointer(l)) } @@ -1131,6 +1130,6 @@ func (s *Strioctl) SetInt(i int) { s.Dp = (*int8)(unsafe.Pointer(&i)) } -func IoctlSetStrioctlRetInt(fd int, req uint, s *Strioctl) (int, error) { +func IoctlSetStrioctlRetInt(fd int, req int, s *Strioctl) (int, error) { return ioctlPtrRet(fd, req, unsafe.Pointer(s)) } diff --git a/vendor/golang.org/x/sys/unix/syscall_unix.go b/vendor/golang.org/x/sys/unix/syscall_unix.go index 00f0aa375..8e48c29ec 100644 --- a/vendor/golang.org/x/sys/unix/syscall_unix.go +++ b/vendor/golang.org/x/sys/unix/syscall_unix.go @@ -587,3 +587,10 @@ func emptyIovecs(iov []Iovec) bool { } return true } + +// Setrlimit sets a resource limit. +func Setrlimit(resource int, rlim *Rlimit) error { + // Just call the syscall version, because as of Go 1.21 + // it will affect starting a new process. + return syscall.Setrlimit(resource, (*syscall.Rlimit)(rlim)) +} diff --git a/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go b/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go index b295497ae..d3d49ec3e 100644 --- a/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go +++ b/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go @@ -212,8 +212,8 @@ func (cmsg *Cmsghdr) SetLen(length int) { //sys sendmsg(s int, msg *Msghdr, flags int) (n int, err error) = SYS___SENDMSG_A //sys mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (ret uintptr, err error) = SYS_MMAP //sys munmap(addr uintptr, length uintptr) (err error) = SYS_MUNMAP -//sys ioctl(fd int, req uint, arg uintptr) (err error) = SYS_IOCTL -//sys ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) = SYS_IOCTL +//sys ioctl(fd int, req int, arg uintptr) (err error) = SYS_IOCTL +//sys ioctlPtr(fd int, req int, arg unsafe.Pointer) (err error) = SYS_IOCTL //sys Access(path string, mode uint32) (err error) = SYS___ACCESS_A //sys Chdir(path string) (err error) = SYS___CHDIR_A diff --git a/vendor/golang.org/x/sys/unix/zerrors_darwin_amd64.go b/vendor/golang.org/x/sys/unix/zerrors_darwin_amd64.go index 476a1c7e7..143007627 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_darwin_amd64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_darwin_amd64.go @@ -1270,6 +1270,16 @@ const ( SEEK_END = 0x2 SEEK_HOLE = 0x3 SEEK_SET = 0x0 + SF_APPEND = 0x40000 + SF_ARCHIVED = 0x10000 + SF_DATALESS = 0x40000000 + SF_FIRMLINK = 0x800000 + SF_IMMUTABLE = 0x20000 + SF_NOUNLINK = 0x100000 + SF_RESTRICTED = 0x80000 + SF_SETTABLE = 0x3fff0000 + SF_SUPPORTED = 0x9f0000 + SF_SYNTHETIC = 0xc0000000 SHUT_RD = 0x0 SHUT_RDWR = 0x2 SHUT_WR = 0x1 @@ -1543,6 +1553,15 @@ const ( TIOCTIMESTAMP = 0x40107459 TIOCUCNTL = 0x80047466 TOSTOP = 0x400000 + UF_APPEND = 0x4 + UF_COMPRESSED = 0x20 + UF_DATAVAULT = 0x80 + UF_HIDDEN = 0x8000 + UF_IMMUTABLE = 0x2 + UF_NODUMP = 0x1 + UF_OPAQUE = 0x8 + UF_SETTABLE = 0xffff + UF_TRACKED = 0x40 VDISCARD = 0xf VDSUSP = 0xb VEOF = 0x0 diff --git a/vendor/golang.org/x/sys/unix/zerrors_darwin_arm64.go b/vendor/golang.org/x/sys/unix/zerrors_darwin_arm64.go index e36f5178d..ab044a742 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_darwin_arm64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_darwin_arm64.go @@ -1270,6 +1270,16 @@ const ( SEEK_END = 0x2 SEEK_HOLE = 0x3 SEEK_SET = 0x0 + SF_APPEND = 0x40000 + SF_ARCHIVED = 0x10000 + SF_DATALESS = 0x40000000 + SF_FIRMLINK = 0x800000 + SF_IMMUTABLE = 0x20000 + SF_NOUNLINK = 0x100000 + SF_RESTRICTED = 0x80000 + SF_SETTABLE = 0x3fff0000 + SF_SUPPORTED = 0x9f0000 + SF_SYNTHETIC = 0xc0000000 SHUT_RD = 0x0 SHUT_RDWR = 0x2 SHUT_WR = 0x1 @@ -1543,6 +1553,15 @@ const ( TIOCTIMESTAMP = 0x40107459 TIOCUCNTL = 0x80047466 TOSTOP = 0x400000 + UF_APPEND = 0x4 + UF_COMPRESSED = 0x20 + UF_DATAVAULT = 0x80 + UF_HIDDEN = 0x8000 + UF_IMMUTABLE = 0x2 + UF_NODUMP = 0x1 + UF_OPAQUE = 0x8 + UF_SETTABLE = 0xffff + UF_TRACKED = 0x40 VDISCARD = 0xf VDSUSP = 0xb VEOF = 0x0 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux.go b/vendor/golang.org/x/sys/unix/zerrors_linux.go index 398c37e52..de936b677 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux.go @@ -2967,6 +2967,7 @@ const ( SOL_TCP = 0x6 SOL_TIPC = 0x10f SOL_TLS = 0x11a + SOL_UDP = 0x11 SOL_X25 = 0x106 SOL_XDP = 0x11b SOMAXCONN = 0x1000 @@ -3251,6 +3252,19 @@ const ( TRACEFS_MAGIC = 0x74726163 TS_COMM_LEN = 0x20 UDF_SUPER_MAGIC = 0x15013346 + UDP_CORK = 0x1 + UDP_ENCAP = 0x64 + UDP_ENCAP_ESPINUDP = 0x2 + UDP_ENCAP_ESPINUDP_NON_IKE = 0x1 + UDP_ENCAP_GTP0 = 0x4 + UDP_ENCAP_GTP1U = 0x5 + UDP_ENCAP_L2TPINUDP = 0x3 + UDP_GRO = 0x68 + UDP_NO_CHECK6_RX = 0x66 + UDP_NO_CHECK6_TX = 0x65 + UDP_SEGMENT = 0x67 + UDP_V4_FLOW = 0x2 + UDP_V6_FLOW = 0x6 UMOUNT_NOFOLLOW = 0x8 USBDEVICE_SUPER_MAGIC = 0x9fa2 UTIME_NOW = 0x3fffffff diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go index f61925269..48984202c 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go @@ -329,6 +329,54 @@ const ( SCM_WIFI_STATUS = 0x25 SFD_CLOEXEC = 0x400000 SFD_NONBLOCK = 0x4000 + SF_FP = 0x38 + SF_I0 = 0x20 + SF_I1 = 0x24 + SF_I2 = 0x28 + SF_I3 = 0x2c + SF_I4 = 0x30 + SF_I5 = 0x34 + SF_L0 = 0x0 + SF_L1 = 0x4 + SF_L2 = 0x8 + SF_L3 = 0xc + SF_L4 = 0x10 + SF_L5 = 0x14 + SF_L6 = 0x18 + SF_L7 = 0x1c + SF_PC = 0x3c + SF_RETP = 0x40 + SF_V9_FP = 0x70 + SF_V9_I0 = 0x40 + SF_V9_I1 = 0x48 + SF_V9_I2 = 0x50 + SF_V9_I3 = 0x58 + SF_V9_I4 = 0x60 + SF_V9_I5 = 0x68 + SF_V9_L0 = 0x0 + SF_V9_L1 = 0x8 + SF_V9_L2 = 0x10 + SF_V9_L3 = 0x18 + SF_V9_L4 = 0x20 + SF_V9_L5 = 0x28 + SF_V9_L6 = 0x30 + SF_V9_L7 = 0x38 + SF_V9_PC = 0x78 + SF_V9_RETP = 0x80 + SF_V9_XARG0 = 0x88 + SF_V9_XARG1 = 0x90 + SF_V9_XARG2 = 0x98 + SF_V9_XARG3 = 0xa0 + SF_V9_XARG4 = 0xa8 + SF_V9_XARG5 = 0xb0 + SF_V9_XXARG = 0xb8 + SF_XARG0 = 0x44 + SF_XARG1 = 0x48 + SF_XARG2 = 0x4c + SF_XARG3 = 0x50 + SF_XARG4 = 0x54 + SF_XARG5 = 0x58 + SF_XXARG = 0x5c SIOCATMARK = 0x8905 SIOCGPGRP = 0x8904 SIOCGSTAMPNS_NEW = 0x40108907 diff --git a/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc.go b/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc.go index ef9dcd1be..9a257219d 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc.go @@ -124,7 +124,6 @@ int utime(uintptr_t, uintptr_t); unsigned long long getsystemcfg(int); int umount(uintptr_t); int getrlimit64(int, uintptr_t); -int setrlimit64(int, uintptr_t); long long lseek64(int, long long, int); uintptr_t mmap(uintptr_t, uintptr_t, int, int, int, long long); @@ -213,7 +212,7 @@ func wait4(pid Pid_t, status *_C_int, options int, rusage *Rusage) (wpid Pid_t, // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func ioctl(fd int, req uint, arg uintptr) (err error) { +func ioctl(fd int, req int, arg uintptr) (err error) { r0, er := C.ioctl(C.int(fd), C.int(req), C.uintptr_t(arg)) if r0 == -1 && er != nil { err = er @@ -223,7 +222,7 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { +func ioctlPtr(fd int, req int, arg unsafe.Pointer) (err error) { r0, er := C.ioctl(C.int(fd), C.int(req), C.uintptr_t(uintptr(arg))) if r0 == -1 && er != nil { err = er @@ -1464,16 +1463,6 @@ func Getrlimit(resource int, rlim *Rlimit) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Setrlimit(resource int, rlim *Rlimit) (err error) { - r0, er := C.setrlimit64(C.int(resource), C.uintptr_t(uintptr(unsafe.Pointer(rlim)))) - if r0 == -1 && er != nil { - err = er - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Seek(fd int, offset int64, whence int) (off int64, err error) { r0, er := C.lseek64(C.int(fd), C.longlong(offset), C.int(whence)) off = int64(r0) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64.go b/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64.go index f86a94592..6de80c20c 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64.go @@ -93,8 +93,8 @@ func wait4(pid Pid_t, status *_C_int, options int, rusage *Rusage) (wpid Pid_t, // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func ioctl(fd int, req uint, arg uintptr) (err error) { - _, e1 := callioctl(fd, int(req), arg) +func ioctl(fd int, req int, arg uintptr) (err error) { + _, e1 := callioctl(fd, req, arg) if e1 != 0 { err = errnoErr(e1) } @@ -103,8 +103,8 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { - _, e1 := callioctl_ptr(fd, int(req), arg) +func ioctlPtr(fd int, req int, arg unsafe.Pointer) (err error) { + _, e1 := callioctl_ptr(fd, req, arg) if e1 != 0 { err = errnoErr(e1) } @@ -1422,16 +1422,6 @@ func Getrlimit(resource int, rlim *Rlimit) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Setrlimit(resource int, rlim *Rlimit) (err error) { - _, e1 := callsetrlimit(resource, uintptr(unsafe.Pointer(rlim))) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Seek(fd int, offset int64, whence int) (off int64, err error) { r0, e1 := calllseek(fd, offset, whence) off = int64(r0) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gc.go b/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gc.go index d32a84cae..c4d50ae50 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gc.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gc.go @@ -124,7 +124,6 @@ import ( //go:cgo_import_dynamic libc_getsystemcfg getsystemcfg "libc.a/shr_64.o" //go:cgo_import_dynamic libc_umount umount "libc.a/shr_64.o" //go:cgo_import_dynamic libc_getrlimit getrlimit "libc.a/shr_64.o" -//go:cgo_import_dynamic libc_setrlimit setrlimit "libc.a/shr_64.o" //go:cgo_import_dynamic libc_lseek lseek "libc.a/shr_64.o" //go:cgo_import_dynamic libc_mmap64 mmap64 "libc.a/shr_64.o" @@ -242,7 +241,6 @@ import ( //go:linkname libc_getsystemcfg libc_getsystemcfg //go:linkname libc_umount libc_umount //go:linkname libc_getrlimit libc_getrlimit -//go:linkname libc_setrlimit libc_setrlimit //go:linkname libc_lseek libc_lseek //go:linkname libc_mmap64 libc_mmap64 @@ -363,7 +361,6 @@ var ( libc_getsystemcfg, libc_umount, libc_getrlimit, - libc_setrlimit, libc_lseek, libc_mmap64 syscallFunc ) @@ -1179,13 +1176,6 @@ func callgetrlimit(resource int, rlim uintptr) (r1 uintptr, e1 Errno) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func callsetrlimit(resource int, rlim uintptr) (r1 uintptr, e1 Errno) { - r1, _, e1 = rawSyscall6(uintptr(unsafe.Pointer(&libc_setrlimit)), 2, uintptr(resource), rlim, 0, 0, 0, 0) - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func calllseek(fd int, offset int64, whence int) (r1 uintptr, e1 Errno) { r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_lseek)), 3, uintptr(fd), uintptr(offset), uintptr(whence), 0, 0, 0) return diff --git a/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gccgo.go b/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gccgo.go index d7d8baf81..6903d3b09 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gccgo.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gccgo.go @@ -123,7 +123,6 @@ int utime(uintptr_t, uintptr_t); unsigned long long getsystemcfg(int); int umount(uintptr_t); int getrlimit(int, uintptr_t); -int setrlimit(int, uintptr_t); long long lseek(int, long long, int); uintptr_t mmap64(uintptr_t, uintptr_t, int, int, int, long long); @@ -131,6 +130,7 @@ uintptr_t mmap64(uintptr_t, uintptr_t, int, int, int, long long); import "C" import ( "syscall" + "unsafe" ) // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT @@ -1055,14 +1055,6 @@ func callgetrlimit(resource int, rlim uintptr) (r1 uintptr, e1 Errno) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func callsetrlimit(resource int, rlim uintptr) (r1 uintptr, e1 Errno) { - r1 = uintptr(C.setrlimit(C.int(resource), C.uintptr_t(rlim))) - e1 = syscall.GetErrno() - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func calllseek(fd int, offset int64, whence int) (r1 uintptr, e1 Errno) { r1 = uintptr(C.lseek(C.int(fd), C.longlong(offset), C.int(whence))) e1 = syscall.GetErrno() diff --git a/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go index a29ffdd56..4037ccf7a 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go @@ -1992,6 +1992,31 @@ var libc_select_trampoline_addr uintptr // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func Setattrlist(path string, attrlist *Attrlist, attrBuf []byte, options int) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + var _p1 unsafe.Pointer + if len(attrBuf) > 0 { + _p1 = unsafe.Pointer(&attrBuf[0]) + } else { + _p1 = unsafe.Pointer(&_zero) + } + _, _, e1 := syscall_syscall6(libc_setattrlist_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(attrlist)), uintptr(_p1), uintptr(len(attrBuf)), uintptr(options), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_setattrlist_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setattrlist setattrlist "/usr/lib/libSystem.B.dylib" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func Setegid(egid int) (err error) { _, _, e1 := syscall_syscall(libc_setegid_trampoline_addr, uintptr(egid), 0, 0) if e1 != 0 { @@ -2123,20 +2148,6 @@ var libc_setreuid_trampoline_addr uintptr // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Setrlimit(which int, lim *Rlimit) (err error) { - _, _, e1 := syscall_rawSyscall(libc_setrlimit_trampoline_addr, uintptr(which), uintptr(unsafe.Pointer(lim)), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -var libc_setrlimit_trampoline_addr uintptr - -//go:cgo_import_dynamic libc_setrlimit setrlimit "/usr/lib/libSystem.B.dylib" - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Setsid() (pid int, err error) { r0, _, e1 := syscall_rawSyscall(libc_setsid_trampoline_addr, 0, 0, 0) pid = int(r0) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.s b/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.s index 95fe4c0eb..4baaed0bc 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.s +++ b/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.s @@ -705,6 +705,11 @@ TEXT libc_select_trampoline<>(SB),NOSPLIT,$0-0 GLOBL ·libc_select_trampoline_addr(SB), RODATA, $8 DATA ·libc_select_trampoline_addr(SB)/8, $libc_select_trampoline<>(SB) +TEXT libc_setattrlist_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_setattrlist(SB) +GLOBL ·libc_setattrlist_trampoline_addr(SB), RODATA, $8 +DATA ·libc_setattrlist_trampoline_addr(SB)/8, $libc_setattrlist_trampoline<>(SB) + TEXT libc_setegid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setegid(SB) @@ -759,12 +764,6 @@ TEXT libc_setreuid_trampoline<>(SB),NOSPLIT,$0-0 GLOBL ·libc_setreuid_trampoline_addr(SB), RODATA, $8 DATA ·libc_setreuid_trampoline_addr(SB)/8, $libc_setreuid_trampoline<>(SB) -TEXT libc_setrlimit_trampoline<>(SB),NOSPLIT,$0-0 - JMP libc_setrlimit(SB) - -GLOBL ·libc_setrlimit_trampoline_addr(SB), RODATA, $8 -DATA ·libc_setrlimit_trampoline_addr(SB)/8, $libc_setrlimit_trampoline<>(SB) - TEXT libc_setsid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setsid(SB) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go b/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go index 2fd4590bb..51d6f3fb2 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go @@ -1992,6 +1992,31 @@ var libc_select_trampoline_addr uintptr // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func Setattrlist(path string, attrlist *Attrlist, attrBuf []byte, options int) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + var _p1 unsafe.Pointer + if len(attrBuf) > 0 { + _p1 = unsafe.Pointer(&attrBuf[0]) + } else { + _p1 = unsafe.Pointer(&_zero) + } + _, _, e1 := syscall_syscall6(libc_setattrlist_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(attrlist)), uintptr(_p1), uintptr(len(attrBuf)), uintptr(options), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_setattrlist_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setattrlist setattrlist "/usr/lib/libSystem.B.dylib" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func Setegid(egid int) (err error) { _, _, e1 := syscall_syscall(libc_setegid_trampoline_addr, uintptr(egid), 0, 0) if e1 != 0 { @@ -2123,20 +2148,6 @@ var libc_setreuid_trampoline_addr uintptr // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Setrlimit(which int, lim *Rlimit) (err error) { - _, _, e1 := syscall_rawSyscall(libc_setrlimit_trampoline_addr, uintptr(which), uintptr(unsafe.Pointer(lim)), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -var libc_setrlimit_trampoline_addr uintptr - -//go:cgo_import_dynamic libc_setrlimit setrlimit "/usr/lib/libSystem.B.dylib" - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Setsid() (pid int, err error) { r0, _, e1 := syscall_rawSyscall(libc_setsid_trampoline_addr, 0, 0, 0) pid = int(r0) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.s b/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.s index efa5b4c98..c3b82c037 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.s +++ b/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.s @@ -705,6 +705,11 @@ TEXT libc_select_trampoline<>(SB),NOSPLIT,$0-0 GLOBL ·libc_select_trampoline_addr(SB), RODATA, $8 DATA ·libc_select_trampoline_addr(SB)/8, $libc_select_trampoline<>(SB) +TEXT libc_setattrlist_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_setattrlist(SB) +GLOBL ·libc_setattrlist_trampoline_addr(SB), RODATA, $8 +DATA ·libc_setattrlist_trampoline_addr(SB)/8, $libc_setattrlist_trampoline<>(SB) + TEXT libc_setegid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setegid(SB) @@ -759,12 +764,6 @@ TEXT libc_setreuid_trampoline<>(SB),NOSPLIT,$0-0 GLOBL ·libc_setreuid_trampoline_addr(SB), RODATA, $8 DATA ·libc_setreuid_trampoline_addr(SB)/8, $libc_setreuid_trampoline<>(SB) -TEXT libc_setrlimit_trampoline<>(SB),NOSPLIT,$0-0 - JMP libc_setrlimit(SB) - -GLOBL ·libc_setrlimit_trampoline_addr(SB), RODATA, $8 -DATA ·libc_setrlimit_trampoline_addr(SB)/8, $libc_setrlimit_trampoline<>(SB) - TEXT libc_setsid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setsid(SB) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_dragonfly_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_dragonfly_amd64.go index 3b8513470..0eabac7ad 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_dragonfly_amd64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_dragonfly_amd64.go @@ -1410,16 +1410,6 @@ func Setresuid(ruid int, euid int, suid int) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Setrlimit(which int, lim *Rlimit) (err error) { - _, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(which), uintptr(unsafe.Pointer(lim)), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Setsid() (pid int, err error) { r0, _, e1 := RawSyscall(SYS_SETSID, 0, 0, 0) pid = int(r0) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go index 112906562..ee313eb00 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go @@ -1645,16 +1645,6 @@ func Setresuid(ruid int, euid int, suid int) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Setrlimit(which int, lim *Rlimit) (err error) { - _, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(which), uintptr(unsafe.Pointer(lim)), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Setsid() (pid int, err error) { r0, _, e1 := RawSyscall(SYS_SETSID, 0, 0, 0) pid = int(r0) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go index 55f5abfe5..4c986e448 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go @@ -1645,16 +1645,6 @@ func Setresuid(ruid int, euid int, suid int) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Setrlimit(which int, lim *Rlimit) (err error) { - _, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(which), uintptr(unsafe.Pointer(lim)), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Setsid() (pid int, err error) { r0, _, e1 := RawSyscall(SYS_SETSID, 0, 0, 0) pid = int(r0) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go index d39651c2b..555216944 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go @@ -1645,16 +1645,6 @@ func Setresuid(ruid int, euid int, suid int) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Setrlimit(which int, lim *Rlimit) (err error) { - _, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(which), uintptr(unsafe.Pointer(lim)), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Setsid() (pid int, err error) { r0, _, e1 := RawSyscall(SYS_SETSID, 0, 0, 0) pid = int(r0) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go index ddb740868..67a226fbf 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go @@ -1645,16 +1645,6 @@ func Setresuid(ruid int, euid int, suid int) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Setrlimit(which int, lim *Rlimit) (err error) { - _, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(which), uintptr(unsafe.Pointer(lim)), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Setsid() (pid int, err error) { r0, _, e1 := RawSyscall(SYS_SETSID, 0, 0, 0) pid = int(r0) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_riscv64.go b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_riscv64.go index 09a53a616..f0b9ddaaa 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_riscv64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_riscv64.go @@ -1645,16 +1645,6 @@ func Setresuid(ruid int, euid int, suid int) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Setrlimit(which int, lim *Rlimit) (err error) { - _, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(which), uintptr(unsafe.Pointer(lim)), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Setsid() (pid int, err error) { r0, _, e1 := RawSyscall(SYS_SETSID, 0, 0, 0) pid = int(r0) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux.go b/vendor/golang.org/x/sys/unix/zsyscall_linux.go index 430cb24de..722c29a00 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux.go @@ -1346,16 +1346,6 @@ func PivotRoot(newroot string, putold string) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Prlimit(pid int, resource int, newlimit *Rlimit, old *Rlimit) (err error) { - _, _, e1 := RawSyscall6(SYS_PRLIMIT64, uintptr(pid), uintptr(resource), uintptr(unsafe.Pointer(newlimit)), uintptr(unsafe.Pointer(old)), 0, 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Prctl(option int, arg2 uintptr, arg3 uintptr, arg4 uintptr, arg5 uintptr) (err error) { _, _, e1 := Syscall6(SYS_PRCTL, uintptr(option), uintptr(arg2), uintptr(arg3), uintptr(arg4), uintptr(arg5), 0) if e1 != 0 { @@ -2182,3 +2172,17 @@ func rtSigprocmask(how int, set *Sigset_t, oldset *Sigset_t, sigsetsize uintptr) } return } + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func getresuid(ruid *_C_int, euid *_C_int, suid *_C_int) { + RawSyscallNoError(SYS_GETRESUID, uintptr(unsafe.Pointer(ruid)), uintptr(unsafe.Pointer(euid)), uintptr(unsafe.Pointer(suid))) + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func getresgid(rgid *_C_int, egid *_C_int, sgid *_C_int) { + RawSyscallNoError(SYS_GETRESGID, uintptr(unsafe.Pointer(rgid)), uintptr(unsafe.Pointer(egid)), uintptr(unsafe.Pointer(sgid))) + return +} diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_386.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_386.go index c81b0ad47..07b549cc2 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux_386.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_386.go @@ -411,16 +411,6 @@ func getrlimit(resource int, rlim *rlimit32) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func setrlimit(resource int, rlim *rlimit32) (err error) { - _, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func futimesat(dirfd int, path string, times *[2]Timeval) (err error) { var _p0 *byte _p0, err = BytePtrFromString(path) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_amd64.go index 2206bce7f..5f481bf83 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux_amd64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_amd64.go @@ -334,16 +334,6 @@ func setfsuid(uid int) (prev int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Setrlimit(resource int, rlim *Rlimit) (err error) { - _, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Shutdown(fd int, how int) (err error) { _, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(fd), uintptr(how), 0) if e1 != 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_arm.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_arm.go index edf6b39f1..824cd52c7 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux_arm.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_arm.go @@ -578,16 +578,6 @@ func getrlimit(resource int, rlim *rlimit32) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func setrlimit(resource int, rlim *rlimit32) (err error) { - _, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func armSyncFileRange(fd int, flags int, off int64, n int64) (err error) { _, _, e1 := Syscall6(SYS_ARM_SYNC_FILE_RANGE, uintptr(fd), uintptr(flags), uintptr(off), uintptr(off>>32), uintptr(n), uintptr(n>>32)) if e1 != 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_arm64.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_arm64.go index 190609f21..e77aecfe9 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux_arm64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_arm64.go @@ -289,16 +289,6 @@ func setfsuid(uid int) (prev int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func setrlimit(resource int, rlim *Rlimit) (err error) { - _, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Shutdown(fd int, how int) (err error) { _, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(fd), uintptr(how), 0) if e1 != 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_mips.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_mips.go index 5f984cbb1..961a3afb7 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux_mips.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_mips.go @@ -644,16 +644,6 @@ func getrlimit(resource int, rlim *rlimit32) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func setrlimit(resource int, rlim *rlimit32) (err error) { - _, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Alarm(seconds uint) (remaining uint, err error) { r0, _, e1 := Syscall(SYS_ALARM, uintptr(seconds), 0, 0) remaining = uint(r0) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64.go index 46fc380a4..ed05005e9 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64.go @@ -278,16 +278,6 @@ func setfsuid(uid int) (prev int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Setrlimit(resource int, rlim *Rlimit) (err error) { - _, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Shutdown(fd int, how int) (err error) { _, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(fd), uintptr(how), 0) if e1 != 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64le.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64le.go index cbd0d4dad..d365b718f 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64le.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64le.go @@ -278,16 +278,6 @@ func setfsuid(uid int) (prev int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Setrlimit(resource int, rlim *Rlimit) (err error) { - _, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Shutdown(fd int, how int) (err error) { _, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(fd), uintptr(how), 0) if e1 != 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_mipsle.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_mipsle.go index 0c13d15f0..c3f1b8bbd 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux_mipsle.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_mipsle.go @@ -644,16 +644,6 @@ func getrlimit(resource int, rlim *rlimit32) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func setrlimit(resource int, rlim *rlimit32) (err error) { - _, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Alarm(seconds uint) (remaining uint, err error) { r0, _, e1 := Syscall(SYS_ALARM, uintptr(seconds), 0, 0) remaining = uint(r0) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc.go index e01432aed..a6574cf98 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc.go @@ -624,16 +624,6 @@ func getrlimit(resource int, rlim *rlimit32) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func setrlimit(resource int, rlim *rlimit32) (err error) { - _, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func syncFileRange2(fd int, flags int, off int64, n int64) (err error) { _, _, e1 := Syscall6(SYS_SYNC_FILE_RANGE2, uintptr(fd), uintptr(flags), uintptr(off>>32), uintptr(off), uintptr(n>>32), uintptr(n)) if e1 != 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64.go index 13c7ee7ba..f40990264 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64.go @@ -349,16 +349,6 @@ func setfsuid(uid int) (prev int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Setrlimit(resource int, rlim *Rlimit) (err error) { - _, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Shutdown(fd int, how int) (err error) { _, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(fd), uintptr(how), 0) if e1 != 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64le.go index 02d0c0fd6..9dfcc2997 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64le.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64le.go @@ -349,16 +349,6 @@ func setfsuid(uid int) (prev int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Setrlimit(resource int, rlim *Rlimit) (err error) { - _, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Shutdown(fd int, how int) (err error) { _, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(fd), uintptr(how), 0) if e1 != 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_riscv64.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_riscv64.go index 9fee3b1d2..0b2923958 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux_riscv64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_riscv64.go @@ -269,16 +269,6 @@ func setfsuid(uid int) (prev int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Setrlimit(resource int, rlim *Rlimit) (err error) { - _, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Shutdown(fd int, how int) (err error) { _, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(fd), uintptr(how), 0) if e1 != 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_s390x.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_s390x.go index 647bbfecd..6cde32237 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux_s390x.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_s390x.go @@ -319,16 +319,6 @@ func setfsuid(uid int) (prev int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Setrlimit(resource int, rlim *Rlimit) (err error) { - _, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int64, err error) { r0, _, e1 := Syscall6(SYS_SPLICE, uintptr(rfd), uintptr(unsafe.Pointer(roff)), uintptr(wfd), uintptr(unsafe.Pointer(woff)), uintptr(len), uintptr(flags)) n = int64(r0) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_sparc64.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_sparc64.go index ada057f89..5253d65bf 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux_sparc64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_sparc64.go @@ -329,16 +329,6 @@ func setfsuid(uid int) (prev int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Setrlimit(resource int, rlim *Rlimit) (err error) { - _, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Shutdown(fd int, how int) (err error) { _, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(fd), uintptr(how), 0) if e1 != 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go index 8e1d9c8f6..cdb2af5ae 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go @@ -1607,16 +1607,6 @@ func Setreuid(ruid int, euid int) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Setrlimit(which int, lim *Rlimit) (err error) { - _, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(which), uintptr(unsafe.Pointer(lim)), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Setsid() (pid int, err error) { r0, _, e1 := RawSyscall(SYS_SETSID, 0, 0, 0) pid = int(r0) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go index 21c695040..9d25f76b0 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go @@ -1607,16 +1607,6 @@ func Setreuid(ruid int, euid int) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Setrlimit(which int, lim *Rlimit) (err error) { - _, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(which), uintptr(unsafe.Pointer(lim)), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Setsid() (pid int, err error) { r0, _, e1 := RawSyscall(SYS_SETSID, 0, 0, 0) pid = int(r0) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go index 298168f90..d3f803516 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go @@ -1607,16 +1607,6 @@ func Setreuid(ruid int, euid int) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Setrlimit(which int, lim *Rlimit) (err error) { - _, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(which), uintptr(unsafe.Pointer(lim)), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Setsid() (pid int, err error) { r0, _, e1 := RawSyscall(SYS_SETSID, 0, 0, 0) pid = int(r0) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go index 68b8bd492..887188a52 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go @@ -1607,16 +1607,6 @@ func Setreuid(ruid int, euid int) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Setrlimit(which int, lim *Rlimit) (err error) { - _, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(which), uintptr(unsafe.Pointer(lim)), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Setsid() (pid int, err error) { r0, _, e1 := RawSyscall(SYS_SETSID, 0, 0, 0) pid = int(r0) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go index 0b0f910e1..9ab9abf72 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go @@ -519,6 +519,28 @@ var libc_getcwd_trampoline_addr uintptr // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func getresuid(ruid *_C_int, euid *_C_int, suid *_C_int) { + syscall_rawSyscall(libc_getresuid_trampoline_addr, uintptr(unsafe.Pointer(ruid)), uintptr(unsafe.Pointer(euid)), uintptr(unsafe.Pointer(suid))) + return +} + +var libc_getresuid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getresuid getresuid "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func getresgid(rgid *_C_int, egid *_C_int, sgid *_C_int) { + syscall_rawSyscall(libc_getresgid_trampoline_addr, uintptr(unsafe.Pointer(rgid)), uintptr(unsafe.Pointer(egid)), uintptr(unsafe.Pointer(sgid))) + return +} + +var libc_getresgid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getresgid getresgid "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func ioctl(fd int, req uint, arg uintptr) (err error) { _, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg)) if e1 != 0 { @@ -1894,20 +1916,6 @@ var libc_setresuid_trampoline_addr uintptr // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Setrlimit(which int, lim *Rlimit) (err error) { - _, _, e1 := syscall_rawSyscall(libc_setrlimit_trampoline_addr, uintptr(which), uintptr(unsafe.Pointer(lim)), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -var libc_setrlimit_trampoline_addr uintptr - -//go:cgo_import_dynamic libc_setrlimit setrlimit "libc.so" - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Setrtable(rtable int) (err error) { _, _, e1 := syscall_rawSyscall(libc_setrtable_trampoline_addr, uintptr(rtable), 0, 0) if e1 != 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.s b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.s index 087444250..3dcacd30d 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.s +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.s @@ -158,6 +158,16 @@ TEXT libc_getcwd_trampoline<>(SB),NOSPLIT,$0-0 GLOBL ·libc_getcwd_trampoline_addr(SB), RODATA, $4 DATA ·libc_getcwd_trampoline_addr(SB)/4, $libc_getcwd_trampoline<>(SB) +TEXT libc_getresuid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getresuid(SB) +GLOBL ·libc_getresuid_trampoline_addr(SB), RODATA, $4 +DATA ·libc_getresuid_trampoline_addr(SB)/4, $libc_getresuid_trampoline<>(SB) + +TEXT libc_getresgid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getresgid(SB) +GLOBL ·libc_getresgid_trampoline_addr(SB), RODATA, $4 +DATA ·libc_getresgid_trampoline_addr(SB)/4, $libc_getresgid_trampoline<>(SB) + TEXT libc_ioctl_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_ioctl(SB) GLOBL ·libc_ioctl_trampoline_addr(SB), RODATA, $4 @@ -573,11 +583,6 @@ TEXT libc_setresuid_trampoline<>(SB),NOSPLIT,$0-0 GLOBL ·libc_setresuid_trampoline_addr(SB), RODATA, $4 DATA ·libc_setresuid_trampoline_addr(SB)/4, $libc_setresuid_trampoline<>(SB) -TEXT libc_setrlimit_trampoline<>(SB),NOSPLIT,$0-0 - JMP libc_setrlimit(SB) -GLOBL ·libc_setrlimit_trampoline_addr(SB), RODATA, $4 -DATA ·libc_setrlimit_trampoline_addr(SB)/4, $libc_setrlimit_trampoline<>(SB) - TEXT libc_setrtable_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setrtable(SB) GLOBL ·libc_setrtable_trampoline_addr(SB), RODATA, $4 diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go index 48ff5de75..915761eab 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go @@ -519,6 +519,28 @@ var libc_getcwd_trampoline_addr uintptr // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func getresuid(ruid *_C_int, euid *_C_int, suid *_C_int) { + syscall_rawSyscall(libc_getresuid_trampoline_addr, uintptr(unsafe.Pointer(ruid)), uintptr(unsafe.Pointer(euid)), uintptr(unsafe.Pointer(suid))) + return +} + +var libc_getresuid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getresuid getresuid "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func getresgid(rgid *_C_int, egid *_C_int, sgid *_C_int) { + syscall_rawSyscall(libc_getresgid_trampoline_addr, uintptr(unsafe.Pointer(rgid)), uintptr(unsafe.Pointer(egid)), uintptr(unsafe.Pointer(sgid))) + return +} + +var libc_getresgid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getresgid getresgid "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func ioctl(fd int, req uint, arg uintptr) (err error) { _, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg)) if e1 != 0 { @@ -527,6 +549,12 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { return } +var libc_ioctl_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_ioctl ioctl "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { _, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg)) if e1 != 0 { @@ -535,10 +563,6 @@ func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { return } -var libc_ioctl_trampoline_addr uintptr - -//go:cgo_import_dynamic libc_ioctl ioctl "libc.so" - // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) { @@ -1894,20 +1918,6 @@ var libc_setresuid_trampoline_addr uintptr // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Setrlimit(which int, lim *Rlimit) (err error) { - _, _, e1 := syscall_rawSyscall(libc_setrlimit_trampoline_addr, uintptr(which), uintptr(unsafe.Pointer(lim)), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -var libc_setrlimit_trampoline_addr uintptr - -//go:cgo_import_dynamic libc_setrlimit setrlimit "libc.so" - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Setrtable(rtable int) (err error) { _, _, e1 := syscall_rawSyscall(libc_setrtable_trampoline_addr, uintptr(rtable), 0, 0) if e1 != 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.s b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.s index 5782cd108..2763620b0 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.s +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.s @@ -158,6 +158,16 @@ TEXT libc_getcwd_trampoline<>(SB),NOSPLIT,$0-0 GLOBL ·libc_getcwd_trampoline_addr(SB), RODATA, $8 DATA ·libc_getcwd_trampoline_addr(SB)/8, $libc_getcwd_trampoline<>(SB) +TEXT libc_getresuid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getresuid(SB) +GLOBL ·libc_getresuid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getresuid_trampoline_addr(SB)/8, $libc_getresuid_trampoline<>(SB) + +TEXT libc_getresgid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getresgid(SB) +GLOBL ·libc_getresgid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getresgid_trampoline_addr(SB)/8, $libc_getresgid_trampoline<>(SB) + TEXT libc_ioctl_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_ioctl(SB) GLOBL ·libc_ioctl_trampoline_addr(SB), RODATA, $8 @@ -573,11 +583,6 @@ TEXT libc_setresuid_trampoline<>(SB),NOSPLIT,$0-0 GLOBL ·libc_setresuid_trampoline_addr(SB), RODATA, $8 DATA ·libc_setresuid_trampoline_addr(SB)/8, $libc_setresuid_trampoline<>(SB) -TEXT libc_setrlimit_trampoline<>(SB),NOSPLIT,$0-0 - JMP libc_setrlimit(SB) -GLOBL ·libc_setrlimit_trampoline_addr(SB), RODATA, $8 -DATA ·libc_setrlimit_trampoline_addr(SB)/8, $libc_setrlimit_trampoline<>(SB) - TEXT libc_setrtable_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setrtable(SB) GLOBL ·libc_setrtable_trampoline_addr(SB), RODATA, $8 diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go index 2452a641d..8e87fdf15 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go @@ -519,6 +519,28 @@ var libc_getcwd_trampoline_addr uintptr // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func getresuid(ruid *_C_int, euid *_C_int, suid *_C_int) { + syscall_rawSyscall(libc_getresuid_trampoline_addr, uintptr(unsafe.Pointer(ruid)), uintptr(unsafe.Pointer(euid)), uintptr(unsafe.Pointer(suid))) + return +} + +var libc_getresuid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getresuid getresuid "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func getresgid(rgid *_C_int, egid *_C_int, sgid *_C_int) { + syscall_rawSyscall(libc_getresgid_trampoline_addr, uintptr(unsafe.Pointer(rgid)), uintptr(unsafe.Pointer(egid)), uintptr(unsafe.Pointer(sgid))) + return +} + +var libc_getresgid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getresgid getresgid "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func ioctl(fd int, req uint, arg uintptr) (err error) { _, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg)) if e1 != 0 { @@ -1894,20 +1916,6 @@ var libc_setresuid_trampoline_addr uintptr // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Setrlimit(which int, lim *Rlimit) (err error) { - _, _, e1 := syscall_rawSyscall(libc_setrlimit_trampoline_addr, uintptr(which), uintptr(unsafe.Pointer(lim)), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -var libc_setrlimit_trampoline_addr uintptr - -//go:cgo_import_dynamic libc_setrlimit setrlimit "libc.so" - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Setrtable(rtable int) (err error) { _, _, e1 := syscall_rawSyscall(libc_setrtable_trampoline_addr, uintptr(rtable), 0, 0) if e1 != 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.s b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.s index cf310420c..c92231404 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.s +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.s @@ -158,6 +158,16 @@ TEXT libc_getcwd_trampoline<>(SB),NOSPLIT,$0-0 GLOBL ·libc_getcwd_trampoline_addr(SB), RODATA, $4 DATA ·libc_getcwd_trampoline_addr(SB)/4, $libc_getcwd_trampoline<>(SB) +TEXT libc_getresuid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getresuid(SB) +GLOBL ·libc_getresuid_trampoline_addr(SB), RODATA, $4 +DATA ·libc_getresuid_trampoline_addr(SB)/4, $libc_getresuid_trampoline<>(SB) + +TEXT libc_getresgid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getresgid(SB) +GLOBL ·libc_getresgid_trampoline_addr(SB), RODATA, $4 +DATA ·libc_getresgid_trampoline_addr(SB)/4, $libc_getresgid_trampoline<>(SB) + TEXT libc_ioctl_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_ioctl(SB) GLOBL ·libc_ioctl_trampoline_addr(SB), RODATA, $4 @@ -573,11 +583,6 @@ TEXT libc_setresuid_trampoline<>(SB),NOSPLIT,$0-0 GLOBL ·libc_setresuid_trampoline_addr(SB), RODATA, $4 DATA ·libc_setresuid_trampoline_addr(SB)/4, $libc_setresuid_trampoline<>(SB) -TEXT libc_setrlimit_trampoline<>(SB),NOSPLIT,$0-0 - JMP libc_setrlimit(SB) -GLOBL ·libc_setrlimit_trampoline_addr(SB), RODATA, $4 -DATA ·libc_setrlimit_trampoline_addr(SB)/4, $libc_setrlimit_trampoline<>(SB) - TEXT libc_setrtable_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setrtable(SB) GLOBL ·libc_setrtable_trampoline_addr(SB), RODATA, $4 diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go index 5e35600a6..12a7a2160 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go @@ -519,6 +519,28 @@ var libc_getcwd_trampoline_addr uintptr // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func getresuid(ruid *_C_int, euid *_C_int, suid *_C_int) { + syscall_rawSyscall(libc_getresuid_trampoline_addr, uintptr(unsafe.Pointer(ruid)), uintptr(unsafe.Pointer(euid)), uintptr(unsafe.Pointer(suid))) + return +} + +var libc_getresuid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getresuid getresuid "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func getresgid(rgid *_C_int, egid *_C_int, sgid *_C_int) { + syscall_rawSyscall(libc_getresgid_trampoline_addr, uintptr(unsafe.Pointer(rgid)), uintptr(unsafe.Pointer(egid)), uintptr(unsafe.Pointer(sgid))) + return +} + +var libc_getresgid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getresgid getresgid "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func ioctl(fd int, req uint, arg uintptr) (err error) { _, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg)) if e1 != 0 { @@ -1894,20 +1916,6 @@ var libc_setresuid_trampoline_addr uintptr // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Setrlimit(which int, lim *Rlimit) (err error) { - _, _, e1 := syscall_rawSyscall(libc_setrlimit_trampoline_addr, uintptr(which), uintptr(unsafe.Pointer(lim)), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -var libc_setrlimit_trampoline_addr uintptr - -//go:cgo_import_dynamic libc_setrlimit setrlimit "libc.so" - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Setrtable(rtable int) (err error) { _, _, e1 := syscall_rawSyscall(libc_setrtable_trampoline_addr, uintptr(rtable), 0, 0) if e1 != 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.s b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.s index 484bb42e0..a6bc32c92 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.s +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.s @@ -158,6 +158,16 @@ TEXT libc_getcwd_trampoline<>(SB),NOSPLIT,$0-0 GLOBL ·libc_getcwd_trampoline_addr(SB), RODATA, $8 DATA ·libc_getcwd_trampoline_addr(SB)/8, $libc_getcwd_trampoline<>(SB) +TEXT libc_getresuid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getresuid(SB) +GLOBL ·libc_getresuid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getresuid_trampoline_addr(SB)/8, $libc_getresuid_trampoline<>(SB) + +TEXT libc_getresgid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getresgid(SB) +GLOBL ·libc_getresgid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getresgid_trampoline_addr(SB)/8, $libc_getresgid_trampoline<>(SB) + TEXT libc_ioctl_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_ioctl(SB) GLOBL ·libc_ioctl_trampoline_addr(SB), RODATA, $8 @@ -573,11 +583,6 @@ TEXT libc_setresuid_trampoline<>(SB),NOSPLIT,$0-0 GLOBL ·libc_setresuid_trampoline_addr(SB), RODATA, $8 DATA ·libc_setresuid_trampoline_addr(SB)/8, $libc_setresuid_trampoline<>(SB) -TEXT libc_setrlimit_trampoline<>(SB),NOSPLIT,$0-0 - JMP libc_setrlimit(SB) -GLOBL ·libc_setrlimit_trampoline_addr(SB), RODATA, $8 -DATA ·libc_setrlimit_trampoline_addr(SB)/8, $libc_setrlimit_trampoline<>(SB) - TEXT libc_setrtable_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setrtable(SB) GLOBL ·libc_setrtable_trampoline_addr(SB), RODATA, $8 diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go index b04cef1a1..b19e8aa03 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go @@ -519,6 +519,28 @@ var libc_getcwd_trampoline_addr uintptr // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func getresuid(ruid *_C_int, euid *_C_int, suid *_C_int) { + syscall_rawSyscall(libc_getresuid_trampoline_addr, uintptr(unsafe.Pointer(ruid)), uintptr(unsafe.Pointer(euid)), uintptr(unsafe.Pointer(suid))) + return +} + +var libc_getresuid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getresuid getresuid "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func getresgid(rgid *_C_int, egid *_C_int, sgid *_C_int) { + syscall_rawSyscall(libc_getresgid_trampoline_addr, uintptr(unsafe.Pointer(rgid)), uintptr(unsafe.Pointer(egid)), uintptr(unsafe.Pointer(sgid))) + return +} + +var libc_getresgid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getresgid getresgid "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func ioctl(fd int, req uint, arg uintptr) (err error) { _, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg)) if e1 != 0 { @@ -1894,20 +1916,6 @@ var libc_setresuid_trampoline_addr uintptr // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Setrlimit(which int, lim *Rlimit) (err error) { - _, _, e1 := syscall_rawSyscall(libc_setrlimit_trampoline_addr, uintptr(which), uintptr(unsafe.Pointer(lim)), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -var libc_setrlimit_trampoline_addr uintptr - -//go:cgo_import_dynamic libc_setrlimit setrlimit "libc.so" - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Setrtable(rtable int) (err error) { _, _, e1 := syscall_rawSyscall(libc_setrtable_trampoline_addr, uintptr(rtable), 0, 0) if e1 != 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.s b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.s index 55af27263..b4e7bceab 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.s +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.s @@ -158,6 +158,16 @@ TEXT libc_getcwd_trampoline<>(SB),NOSPLIT,$0-0 GLOBL ·libc_getcwd_trampoline_addr(SB), RODATA, $8 DATA ·libc_getcwd_trampoline_addr(SB)/8, $libc_getcwd_trampoline<>(SB) +TEXT libc_getresuid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getresuid(SB) +GLOBL ·libc_getresuid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getresuid_trampoline_addr(SB)/8, $libc_getresuid_trampoline<>(SB) + +TEXT libc_getresgid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getresgid(SB) +GLOBL ·libc_getresgid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getresgid_trampoline_addr(SB)/8, $libc_getresgid_trampoline<>(SB) + TEXT libc_ioctl_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_ioctl(SB) GLOBL ·libc_ioctl_trampoline_addr(SB), RODATA, $8 @@ -573,11 +583,6 @@ TEXT libc_setresuid_trampoline<>(SB),NOSPLIT,$0-0 GLOBL ·libc_setresuid_trampoline_addr(SB), RODATA, $8 DATA ·libc_setresuid_trampoline_addr(SB)/8, $libc_setresuid_trampoline<>(SB) -TEXT libc_setrlimit_trampoline<>(SB),NOSPLIT,$0-0 - JMP libc_setrlimit(SB) -GLOBL ·libc_setrlimit_trampoline_addr(SB), RODATA, $8 -DATA ·libc_setrlimit_trampoline_addr(SB)/8, $libc_setrlimit_trampoline<>(SB) - TEXT libc_setrtable_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setrtable(SB) GLOBL ·libc_setrtable_trampoline_addr(SB), RODATA, $8 diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go index 47a07ee0c..fb99594c9 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go @@ -519,6 +519,28 @@ var libc_getcwd_trampoline_addr uintptr // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func getresuid(ruid *_C_int, euid *_C_int, suid *_C_int) { + syscall_rawSyscall(libc_getresuid_trampoline_addr, uintptr(unsafe.Pointer(ruid)), uintptr(unsafe.Pointer(euid)), uintptr(unsafe.Pointer(suid))) + return +} + +var libc_getresuid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getresuid getresuid "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func getresgid(rgid *_C_int, egid *_C_int, sgid *_C_int) { + syscall_rawSyscall(libc_getresgid_trampoline_addr, uintptr(unsafe.Pointer(rgid)), uintptr(unsafe.Pointer(egid)), uintptr(unsafe.Pointer(sgid))) + return +} + +var libc_getresgid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getresgid getresgid "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func ioctl(fd int, req uint, arg uintptr) (err error) { _, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg)) if e1 != 0 { @@ -1894,20 +1916,6 @@ var libc_setresuid_trampoline_addr uintptr // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Setrlimit(which int, lim *Rlimit) (err error) { - _, _, e1 := syscall_rawSyscall(libc_setrlimit_trampoline_addr, uintptr(which), uintptr(unsafe.Pointer(lim)), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -var libc_setrlimit_trampoline_addr uintptr - -//go:cgo_import_dynamic libc_setrlimit setrlimit "libc.so" - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Setrtable(rtable int) (err error) { _, _, e1 := syscall_rawSyscall(libc_setrtable_trampoline_addr, uintptr(rtable), 0, 0) if e1 != 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.s b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.s index 4028255b0..ca3f76600 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.s +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.s @@ -189,6 +189,18 @@ TEXT libc_getcwd_trampoline<>(SB),NOSPLIT,$0-0 GLOBL ·libc_getcwd_trampoline_addr(SB), RODATA, $8 DATA ·libc_getcwd_trampoline_addr(SB)/8, $libc_getcwd_trampoline<>(SB) +TEXT libc_getresuid_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_getresuid(SB) + RET +GLOBL ·libc_getresuid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getresuid_trampoline_addr(SB)/8, $libc_getresuid_trampoline<>(SB) + +TEXT libc_getresgid_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_getresgid(SB) + RET +GLOBL ·libc_getresgid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getresgid_trampoline_addr(SB)/8, $libc_getresgid_trampoline<>(SB) + TEXT libc_ioctl_trampoline<>(SB),NOSPLIT,$0-0 CALL libc_ioctl(SB) RET @@ -687,12 +699,6 @@ TEXT libc_setresuid_trampoline<>(SB),NOSPLIT,$0-0 GLOBL ·libc_setresuid_trampoline_addr(SB), RODATA, $8 DATA ·libc_setresuid_trampoline_addr(SB)/8, $libc_setresuid_trampoline<>(SB) -TEXT libc_setrlimit_trampoline<>(SB),NOSPLIT,$0-0 - CALL libc_setrlimit(SB) - RET -GLOBL ·libc_setrlimit_trampoline_addr(SB), RODATA, $8 -DATA ·libc_setrlimit_trampoline_addr(SB)/8, $libc_setrlimit_trampoline<>(SB) - TEXT libc_setrtable_trampoline<>(SB),NOSPLIT,$0-0 CALL libc_setrtable(SB) RET diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go index 573378fdb..32cbbbc52 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go @@ -519,6 +519,28 @@ var libc_getcwd_trampoline_addr uintptr // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func getresuid(ruid *_C_int, euid *_C_int, suid *_C_int) { + syscall_rawSyscall(libc_getresuid_trampoline_addr, uintptr(unsafe.Pointer(ruid)), uintptr(unsafe.Pointer(euid)), uintptr(unsafe.Pointer(suid))) + return +} + +var libc_getresuid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getresuid getresuid "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func getresgid(rgid *_C_int, egid *_C_int, sgid *_C_int) { + syscall_rawSyscall(libc_getresgid_trampoline_addr, uintptr(unsafe.Pointer(rgid)), uintptr(unsafe.Pointer(egid)), uintptr(unsafe.Pointer(sgid))) + return +} + +var libc_getresgid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getresgid getresgid "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func ioctl(fd int, req uint, arg uintptr) (err error) { _, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg)) if e1 != 0 { @@ -1894,20 +1916,6 @@ var libc_setresuid_trampoline_addr uintptr // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Setrlimit(which int, lim *Rlimit) (err error) { - _, _, e1 := syscall_rawSyscall(libc_setrlimit_trampoline_addr, uintptr(which), uintptr(unsafe.Pointer(lim)), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -var libc_setrlimit_trampoline_addr uintptr - -//go:cgo_import_dynamic libc_setrlimit setrlimit "libc.so" - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Setrtable(rtable int) (err error) { _, _, e1 := syscall_rawSyscall(libc_setrtable_trampoline_addr, uintptr(rtable), 0, 0) if e1 != 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.s b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.s index e1fbd4dfa..477a7d5b2 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.s +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.s @@ -158,6 +158,16 @@ TEXT libc_getcwd_trampoline<>(SB),NOSPLIT,$0-0 GLOBL ·libc_getcwd_trampoline_addr(SB), RODATA, $8 DATA ·libc_getcwd_trampoline_addr(SB)/8, $libc_getcwd_trampoline<>(SB) +TEXT libc_getresuid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getresuid(SB) +GLOBL ·libc_getresuid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getresuid_trampoline_addr(SB)/8, $libc_getresuid_trampoline<>(SB) + +TEXT libc_getresgid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getresgid(SB) +GLOBL ·libc_getresgid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getresgid_trampoline_addr(SB)/8, $libc_getresgid_trampoline<>(SB) + TEXT libc_ioctl_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_ioctl(SB) GLOBL ·libc_ioctl_trampoline_addr(SB), RODATA, $8 @@ -573,11 +583,6 @@ TEXT libc_setresuid_trampoline<>(SB),NOSPLIT,$0-0 GLOBL ·libc_setresuid_trampoline_addr(SB), RODATA, $8 DATA ·libc_setresuid_trampoline_addr(SB)/8, $libc_setresuid_trampoline<>(SB) -TEXT libc_setrlimit_trampoline<>(SB),NOSPLIT,$0-0 - JMP libc_setrlimit(SB) -GLOBL ·libc_setrlimit_trampoline_addr(SB), RODATA, $8 -DATA ·libc_setrlimit_trampoline_addr(SB)/8, $libc_setrlimit_trampoline<>(SB) - TEXT libc_setrtable_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setrtable(SB) GLOBL ·libc_setrtable_trampoline_addr(SB), RODATA, $8 diff --git a/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go index 4873a1e5d..609d1c598 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go @@ -110,7 +110,6 @@ import ( //go:cgo_import_dynamic libc_setpriority setpriority "libc.so" //go:cgo_import_dynamic libc_setregid setregid "libc.so" //go:cgo_import_dynamic libc_setreuid setreuid "libc.so" -//go:cgo_import_dynamic libc_setrlimit setrlimit "libc.so" //go:cgo_import_dynamic libc_setsid setsid "libc.so" //go:cgo_import_dynamic libc_setuid setuid "libc.so" //go:cgo_import_dynamic libc_shutdown shutdown "libsocket.so" @@ -250,7 +249,6 @@ import ( //go:linkname procSetpriority libc_setpriority //go:linkname procSetregid libc_setregid //go:linkname procSetreuid libc_setreuid -//go:linkname procSetrlimit libc_setrlimit //go:linkname procSetsid libc_setsid //go:linkname procSetuid libc_setuid //go:linkname procshutdown libc_shutdown @@ -391,7 +389,6 @@ var ( procSetpriority, procSetregid, procSetreuid, - procSetrlimit, procSetsid, procSetuid, procshutdown, @@ -646,7 +643,7 @@ func __minor(version int, dev uint64) (val uint) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func ioctlRet(fd int, req uint, arg uintptr) (ret int, err error) { +func ioctlRet(fd int, req int, arg uintptr) (ret int, err error) { r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procioctl)), 3, uintptr(fd), uintptr(req), uintptr(arg), 0, 0, 0) ret = int(r0) if e1 != 0 { @@ -657,7 +654,7 @@ func ioctlRet(fd int, req uint, arg uintptr) (ret int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func ioctlPtrRet(fd int, req uint, arg unsafe.Pointer) (ret int, err error) { +func ioctlPtrRet(fd int, req int, arg unsafe.Pointer) (ret int, err error) { r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procioctl)), 3, uintptr(fd), uintptr(req), uintptr(arg), 0, 0, 0) ret = int(r0) if e1 != 0 { @@ -1650,16 +1647,6 @@ func Setreuid(ruid int, euid int) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Setrlimit(which int, lim *Rlimit) (err error) { - _, _, e1 := rawSysvicall6(uintptr(unsafe.Pointer(&procSetrlimit)), 2, uintptr(which), uintptr(unsafe.Pointer(lim)), 0, 0, 0, 0) - if e1 != 0 { - err = e1 - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Setsid() (pid int, err error) { r0, _, e1 := rawSysvicall6(uintptr(unsafe.Pointer(&procSetsid)), 0, 0, 0, 0, 0, 0, 0) pid = int(r0) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go b/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go index 07bfe2ef9..c31681743 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go @@ -257,7 +257,7 @@ func munmap(addr uintptr, length uintptr) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func ioctl(fd int, req uint, arg uintptr) (err error) { +func ioctl(fd int, req int, arg uintptr) (err error) { _, _, e1 := syscall_syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg)) if e1 != 0 { err = errnoErr(e1) @@ -267,7 +267,7 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { +func ioctlPtr(fd int, req int, arg unsafe.Pointer) (err error) { _, _, e1 := syscall_syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg)) if e1 != 0 { err = errnoErr(e1) diff --git a/vendor/golang.org/x/sys/unix/ztypes_darwin_amd64.go b/vendor/golang.org/x/sys/unix/ztypes_darwin_amd64.go index e2a64f099..690cefc3d 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_darwin_amd64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_darwin_amd64.go @@ -151,6 +151,16 @@ type Dirent struct { _ [3]byte } +type Attrlist struct { + Bitmapcount uint16 + Reserved uint16 + Commonattr uint32 + Volattr uint32 + Dirattr uint32 + Fileattr uint32 + Forkattr uint32 +} + const ( PathMax = 0x400 ) @@ -610,6 +620,7 @@ const ( AT_REMOVEDIR = 0x80 AT_SYMLINK_FOLLOW = 0x40 AT_SYMLINK_NOFOLLOW = 0x20 + AT_EACCESS = 0x10 ) type PollFd struct { diff --git a/vendor/golang.org/x/sys/unix/ztypes_darwin_arm64.go b/vendor/golang.org/x/sys/unix/ztypes_darwin_arm64.go index 34aa77521..5bffc10ea 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_darwin_arm64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_darwin_arm64.go @@ -151,6 +151,16 @@ type Dirent struct { _ [3]byte } +type Attrlist struct { + Bitmapcount uint16 + Reserved uint16 + Commonattr uint32 + Volattr uint32 + Dirattr uint32 + Fileattr uint32 + Forkattr uint32 +} + const ( PathMax = 0x400 ) @@ -610,6 +620,7 @@ const ( AT_REMOVEDIR = 0x80 AT_SYMLINK_FOLLOW = 0x40 AT_SYMLINK_NOFOLLOW = 0x20 + AT_EACCESS = 0x10 ) type PollFd struct { diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux.go b/vendor/golang.org/x/sys/unix/ztypes_linux.go index ca84727cf..00c3b8c20 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux.go @@ -2555,6 +2555,11 @@ const ( BPF_REG_8 = 0x8 BPF_REG_9 = 0x9 BPF_REG_10 = 0xa + BPF_CGROUP_ITER_ORDER_UNSPEC = 0x0 + BPF_CGROUP_ITER_SELF_ONLY = 0x1 + BPF_CGROUP_ITER_DESCENDANTS_PRE = 0x2 + BPF_CGROUP_ITER_DESCENDANTS_POST = 0x3 + BPF_CGROUP_ITER_ANCESTORS_UP = 0x4 BPF_MAP_CREATE = 0x0 BPF_MAP_LOOKUP_ELEM = 0x1 BPF_MAP_UPDATE_ELEM = 0x2 @@ -2566,6 +2571,7 @@ const ( BPF_PROG_ATTACH = 0x8 BPF_PROG_DETACH = 0x9 BPF_PROG_TEST_RUN = 0xa + BPF_PROG_RUN = 0xa BPF_PROG_GET_NEXT_ID = 0xb BPF_MAP_GET_NEXT_ID = 0xc BPF_PROG_GET_FD_BY_ID = 0xd @@ -2610,6 +2616,7 @@ const ( BPF_MAP_TYPE_CPUMAP = 0x10 BPF_MAP_TYPE_XSKMAP = 0x11 BPF_MAP_TYPE_SOCKHASH = 0x12 + BPF_MAP_TYPE_CGROUP_STORAGE_DEPRECATED = 0x13 BPF_MAP_TYPE_CGROUP_STORAGE = 0x13 BPF_MAP_TYPE_REUSEPORT_SOCKARRAY = 0x14 BPF_MAP_TYPE_PERCPU_CGROUP_STORAGE = 0x15 @@ -2620,6 +2627,10 @@ const ( BPF_MAP_TYPE_STRUCT_OPS = 0x1a BPF_MAP_TYPE_RINGBUF = 0x1b BPF_MAP_TYPE_INODE_STORAGE = 0x1c + BPF_MAP_TYPE_TASK_STORAGE = 0x1d + BPF_MAP_TYPE_BLOOM_FILTER = 0x1e + BPF_MAP_TYPE_USER_RINGBUF = 0x1f + BPF_MAP_TYPE_CGRP_STORAGE = 0x20 BPF_PROG_TYPE_UNSPEC = 0x0 BPF_PROG_TYPE_SOCKET_FILTER = 0x1 BPF_PROG_TYPE_KPROBE = 0x2 @@ -2651,6 +2662,7 @@ const ( BPF_PROG_TYPE_EXT = 0x1c BPF_PROG_TYPE_LSM = 0x1d BPF_PROG_TYPE_SK_LOOKUP = 0x1e + BPF_PROG_TYPE_SYSCALL = 0x1f BPF_CGROUP_INET_INGRESS = 0x0 BPF_CGROUP_INET_EGRESS = 0x1 BPF_CGROUP_INET_SOCK_CREATE = 0x2 @@ -2689,6 +2701,12 @@ const ( BPF_XDP_CPUMAP = 0x23 BPF_SK_LOOKUP = 0x24 BPF_XDP = 0x25 + BPF_SK_SKB_VERDICT = 0x26 + BPF_SK_REUSEPORT_SELECT = 0x27 + BPF_SK_REUSEPORT_SELECT_OR_MIGRATE = 0x28 + BPF_PERF_EVENT = 0x29 + BPF_TRACE_KPROBE_MULTI = 0x2a + BPF_LSM_CGROUP = 0x2b BPF_LINK_TYPE_UNSPEC = 0x0 BPF_LINK_TYPE_RAW_TRACEPOINT = 0x1 BPF_LINK_TYPE_TRACING = 0x2 @@ -2696,6 +2714,9 @@ const ( BPF_LINK_TYPE_ITER = 0x4 BPF_LINK_TYPE_NETNS = 0x5 BPF_LINK_TYPE_XDP = 0x6 + BPF_LINK_TYPE_PERF_EVENT = 0x7 + BPF_LINK_TYPE_KPROBE_MULTI = 0x8 + BPF_LINK_TYPE_STRUCT_OPS = 0x9 BPF_ANY = 0x0 BPF_NOEXIST = 0x1 BPF_EXIST = 0x2 @@ -2733,6 +2754,7 @@ const ( BPF_F_ZERO_CSUM_TX = 0x2 BPF_F_DONT_FRAGMENT = 0x4 BPF_F_SEQ_NUMBER = 0x8 + BPF_F_TUNINFO_FLAGS = 0x10 BPF_F_INDEX_MASK = 0xffffffff BPF_F_CURRENT_CPU = 0xffffffff BPF_F_CTXLEN_MASK = 0xfffff00000000 @@ -2747,6 +2769,7 @@ const ( BPF_F_ADJ_ROOM_ENCAP_L4_GRE = 0x8 BPF_F_ADJ_ROOM_ENCAP_L4_UDP = 0x10 BPF_F_ADJ_ROOM_NO_CSUM_RESET = 0x20 + BPF_F_ADJ_ROOM_ENCAP_L2_ETH = 0x40 BPF_ADJ_ROOM_ENCAP_L2_MASK = 0xff BPF_ADJ_ROOM_ENCAP_L2_SHIFT = 0x38 BPF_F_SYSCTL_BASE_NAME = 0x1 @@ -2771,10 +2794,16 @@ const ( BPF_LWT_ENCAP_SEG6 = 0x0 BPF_LWT_ENCAP_SEG6_INLINE = 0x1 BPF_LWT_ENCAP_IP = 0x2 + BPF_F_BPRM_SECUREEXEC = 0x1 + BPF_F_BROADCAST = 0x8 + BPF_F_EXCLUDE_INGRESS = 0x10 + BPF_SKB_TSTAMP_UNSPEC = 0x0 + BPF_SKB_TSTAMP_DELIVERY_MONO = 0x1 BPF_OK = 0x0 BPF_DROP = 0x2 BPF_REDIRECT = 0x7 BPF_LWT_REROUTE = 0x80 + BPF_FLOW_DISSECTOR_CONTINUE = 0x81 BPF_SOCK_OPS_RTO_CB_FLAG = 0x1 BPF_SOCK_OPS_RETRANS_CB_FLAG = 0x2 BPF_SOCK_OPS_STATE_CB_FLAG = 0x4 @@ -2838,6 +2867,10 @@ const ( BPF_FIB_LKUP_RET_UNSUPP_LWT = 0x6 BPF_FIB_LKUP_RET_NO_NEIGH = 0x7 BPF_FIB_LKUP_RET_FRAG_NEEDED = 0x8 + BPF_MTU_CHK_SEGS = 0x1 + BPF_MTU_CHK_RET_SUCCESS = 0x0 + BPF_MTU_CHK_RET_FRAG_NEEDED = 0x1 + BPF_MTU_CHK_RET_SEGS_TOOBIG = 0x2 BPF_FD_TYPE_RAW_TRACEPOINT = 0x0 BPF_FD_TYPE_TRACEPOINT = 0x1 BPF_FD_TYPE_KPROBE = 0x2 @@ -2847,6 +2880,19 @@ const ( BPF_FLOW_DISSECTOR_F_PARSE_1ST_FRAG = 0x1 BPF_FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL = 0x2 BPF_FLOW_DISSECTOR_F_STOP_AT_ENCAP = 0x4 + BPF_CORE_FIELD_BYTE_OFFSET = 0x0 + BPF_CORE_FIELD_BYTE_SIZE = 0x1 + BPF_CORE_FIELD_EXISTS = 0x2 + BPF_CORE_FIELD_SIGNED = 0x3 + BPF_CORE_FIELD_LSHIFT_U64 = 0x4 + BPF_CORE_FIELD_RSHIFT_U64 = 0x5 + BPF_CORE_TYPE_ID_LOCAL = 0x6 + BPF_CORE_TYPE_ID_TARGET = 0x7 + BPF_CORE_TYPE_EXISTS = 0x8 + BPF_CORE_TYPE_SIZE = 0x9 + BPF_CORE_ENUMVAL_EXISTS = 0xa + BPF_CORE_ENUMVAL_VALUE = 0xb + BPF_CORE_TYPE_MATCHES = 0xc ) const ( diff --git a/vendor/golang.org/x/sys/windows/env_windows.go b/vendor/golang.org/x/sys/windows/env_windows.go index 92ac05ff4..b8ad19250 100644 --- a/vendor/golang.org/x/sys/windows/env_windows.go +++ b/vendor/golang.org/x/sys/windows/env_windows.go @@ -37,14 +37,14 @@ func (token Token) Environ(inheritExisting bool) (env []string, err error) { return nil, err } defer DestroyEnvironmentBlock(block) - blockp := uintptr(unsafe.Pointer(block)) + blockp := unsafe.Pointer(block) for { - entry := UTF16PtrToString((*uint16)(unsafe.Pointer(blockp))) + entry := UTF16PtrToString((*uint16)(blockp)) if len(entry) == 0 { break } env = append(env, entry) - blockp += 2 * (uintptr(len(entry)) + 1) + blockp = unsafe.Add(blockp, 2*(len(entry)+1)) } return env, nil } diff --git a/vendor/golang.org/x/sys/windows/exec_windows.go b/vendor/golang.org/x/sys/windows/exec_windows.go index 75980fd44..a52e0331d 100644 --- a/vendor/golang.org/x/sys/windows/exec_windows.go +++ b/vendor/golang.org/x/sys/windows/exec_windows.go @@ -95,12 +95,17 @@ func ComposeCommandLine(args []string) string { // DecomposeCommandLine breaks apart its argument command line into unescaped parts using CommandLineToArgv, // as gathered from GetCommandLine, QUERY_SERVICE_CONFIG's BinaryPathName argument, or elsewhere that // command lines are passed around. +// DecomposeCommandLine returns error if commandLine contains NUL. func DecomposeCommandLine(commandLine string) ([]string, error) { if len(commandLine) == 0 { return []string{}, nil } + utf16CommandLine, err := UTF16FromString(commandLine) + if err != nil { + return nil, errorspkg.New("string with NUL passed to DecomposeCommandLine") + } var argc int32 - argv, err := CommandLineToArgv(StringToUTF16Ptr(commandLine), &argc) + argv, err := CommandLineToArgv(&utf16CommandLine[0], &argc) if err != nil { return nil, err } diff --git a/vendor/golang.org/x/sys/windows/service.go b/vendor/golang.org/x/sys/windows/service.go index f8deca839..c964b6848 100644 --- a/vendor/golang.org/x/sys/windows/service.go +++ b/vendor/golang.org/x/sys/windows/service.go @@ -141,6 +141,12 @@ const ( SERVICE_DYNAMIC_INFORMATION_LEVEL_START_REASON = 1 ) +type ENUM_SERVICE_STATUS struct { + ServiceName *uint16 + DisplayName *uint16 + ServiceStatus SERVICE_STATUS +} + type SERVICE_STATUS struct { ServiceType uint32 CurrentState uint32 @@ -245,3 +251,4 @@ type QUERY_SERVICE_LOCK_STATUS struct { //sys UnsubscribeServiceChangeNotifications(subscription uintptr) = sechost.UnsubscribeServiceChangeNotifications? //sys RegisterServiceCtrlHandlerEx(serviceName *uint16, handlerProc uintptr, context uintptr) (handle Handle, err error) = advapi32.RegisterServiceCtrlHandlerExW //sys QueryServiceDynamicInformation(service Handle, infoLevel uint32, dynamicInfo unsafe.Pointer) (err error) = advapi32.QueryServiceDynamicInformation? +//sys EnumDependentServices(service Handle, activityState uint32, services *ENUM_SERVICE_STATUS, buffSize uint32, bytesNeeded *uint32, servicesReturned *uint32) (err error) = advapi32.EnumDependentServicesW diff --git a/vendor/golang.org/x/sys/windows/syscall_windows.go b/vendor/golang.org/x/sys/windows/syscall_windows.go index 3723b2c22..964590075 100644 --- a/vendor/golang.org/x/sys/windows/syscall_windows.go +++ b/vendor/golang.org/x/sys/windows/syscall_windows.go @@ -405,7 +405,7 @@ func NewCallbackCDecl(fn interface{}) uintptr { //sys VerQueryValue(block unsafe.Pointer, subBlock string, pointerToBufferPointer unsafe.Pointer, bufSize *uint32) (err error) = version.VerQueryValueW // Process Status API (PSAPI) -//sys EnumProcesses(processIds []uint32, bytesReturned *uint32) (err error) = psapi.EnumProcesses +//sys enumProcesses(processIds *uint32, nSize uint32, bytesReturned *uint32) (err error) = psapi.EnumProcesses //sys EnumProcessModules(process Handle, module *Handle, cb uint32, cbNeeded *uint32) (err error) = psapi.EnumProcessModules //sys EnumProcessModulesEx(process Handle, module *Handle, cb uint32, cbNeeded *uint32, filterFlag uint32) (err error) = psapi.EnumProcessModulesEx //sys GetModuleInformation(process Handle, module Handle, modinfo *ModuleInfo, cb uint32) (err error) = psapi.GetModuleInformation @@ -1354,6 +1354,17 @@ func SetsockoptIPv6Mreq(fd Handle, level, opt int, mreq *IPv6Mreq) (err error) { return syscall.EWINDOWS } +func EnumProcesses(processIds []uint32, bytesReturned *uint32) error { + // EnumProcesses syscall expects the size parameter to be in bytes, but the code generated with mksyscall uses + // the length of the processIds slice instead. Hence, this wrapper function is added to fix the discrepancy. + var p *uint32 + if len(processIds) > 0 { + p = &processIds[0] + } + size := uint32(len(processIds) * 4) + return enumProcesses(p, size, bytesReturned) +} + func Getpid() (pid int) { return int(GetCurrentProcessId()) } func FindFirstFile(name *uint16, data *Win32finddata) (handle Handle, err error) { diff --git a/vendor/golang.org/x/sys/windows/types_windows.go b/vendor/golang.org/x/sys/windows/types_windows.go index 857acf103..88e62a638 100644 --- a/vendor/golang.org/x/sys/windows/types_windows.go +++ b/vendor/golang.org/x/sys/windows/types_windows.go @@ -2220,19 +2220,23 @@ type JOBOBJECT_BASIC_UI_RESTRICTIONS struct { } const ( - // JobObjectInformationClass + // JobObjectInformationClass for QueryInformationJobObject and SetInformationJobObject JobObjectAssociateCompletionPortInformation = 7 + JobObjectBasicAccountingInformation = 1 + JobObjectBasicAndIoAccountingInformation = 8 JobObjectBasicLimitInformation = 2 + JobObjectBasicProcessIdList = 3 JobObjectBasicUIRestrictions = 4 JobObjectCpuRateControlInformation = 15 JobObjectEndOfJobTimeInformation = 6 JobObjectExtendedLimitInformation = 9 JobObjectGroupInformation = 11 JobObjectGroupInformationEx = 14 - JobObjectLimitViolationInformation2 = 35 + JobObjectLimitViolationInformation = 13 + JobObjectLimitViolationInformation2 = 34 JobObjectNetRateControlInformation = 32 JobObjectNotificationLimitInformation = 12 - JobObjectNotificationLimitInformation2 = 34 + JobObjectNotificationLimitInformation2 = 33 JobObjectSecurityLimitInformation = 5 ) diff --git a/vendor/golang.org/x/sys/windows/zsyscall_windows.go b/vendor/golang.org/x/sys/windows/zsyscall_windows.go index 6d2a26853..566dd3e31 100644 --- a/vendor/golang.org/x/sys/windows/zsyscall_windows.go +++ b/vendor/golang.org/x/sys/windows/zsyscall_windows.go @@ -86,6 +86,7 @@ var ( procDeleteService = modadvapi32.NewProc("DeleteService") procDeregisterEventSource = modadvapi32.NewProc("DeregisterEventSource") procDuplicateTokenEx = modadvapi32.NewProc("DuplicateTokenEx") + procEnumDependentServicesW = modadvapi32.NewProc("EnumDependentServicesW") procEnumServicesStatusExW = modadvapi32.NewProc("EnumServicesStatusExW") procEqualSid = modadvapi32.NewProc("EqualSid") procFreeSid = modadvapi32.NewProc("FreeSid") @@ -734,6 +735,14 @@ func DuplicateTokenEx(existingToken Token, desiredAccess uint32, tokenAttributes return } +func EnumDependentServices(service Handle, activityState uint32, services *ENUM_SERVICE_STATUS, buffSize uint32, bytesNeeded *uint32, servicesReturned *uint32) (err error) { + r1, _, e1 := syscall.Syscall6(procEnumDependentServicesW.Addr(), 6, uintptr(service), uintptr(activityState), uintptr(unsafe.Pointer(services)), uintptr(buffSize), uintptr(unsafe.Pointer(bytesNeeded)), uintptr(unsafe.Pointer(servicesReturned))) + if r1 == 0 { + err = errnoErr(e1) + } + return +} + func EnumServicesStatusEx(mgr Handle, infoLevel uint32, serviceType uint32, serviceState uint32, services *byte, bufSize uint32, bytesNeeded *uint32, servicesReturned *uint32, resumeHandle *uint32, groupName *uint16) (err error) { r1, _, e1 := syscall.Syscall12(procEnumServicesStatusExW.Addr(), 10, uintptr(mgr), uintptr(infoLevel), uintptr(serviceType), uintptr(serviceState), uintptr(unsafe.Pointer(services)), uintptr(bufSize), uintptr(unsafe.Pointer(bytesNeeded)), uintptr(unsafe.Pointer(servicesReturned)), uintptr(unsafe.Pointer(resumeHandle)), uintptr(unsafe.Pointer(groupName)), 0, 0) if r1 == 0 { @@ -3507,12 +3516,8 @@ func EnumProcessModulesEx(process Handle, module *Handle, cb uint32, cbNeeded *u return } -func EnumProcesses(processIds []uint32, bytesReturned *uint32) (err error) { - var _p0 *uint32 - if len(processIds) > 0 { - _p0 = &processIds[0] - } - r1, _, e1 := syscall.Syscall(procEnumProcesses.Addr(), 3, uintptr(unsafe.Pointer(_p0)), uintptr(len(processIds)), uintptr(unsafe.Pointer(bytesReturned))) +func enumProcesses(processIds *uint32, nSize uint32, bytesReturned *uint32) (err error) { + r1, _, e1 := syscall.Syscall(procEnumProcesses.Addr(), 3, uintptr(unsafe.Pointer(processIds)), uintptr(nSize), uintptr(unsafe.Pointer(bytesReturned))) if r1 == 0 { err = errnoErr(e1) } diff --git a/vendor/modules.txt b/vendor/modules.txt index bea9bd9ff..004825c46 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -53,9 +53,10 @@ github.com/fsnotify/fsnotify # github.com/ghodss/yaml v1.0.0 ## explicit github.com/ghodss/yaml -# github.com/go-logr/logr v1.2.3 +# github.com/go-logr/logr v1.2.4 ## explicit; go 1.16 github.com/go-logr/logr +github.com/go-logr/logr/funcr # github.com/go-logr/zapr v1.2.0 ## explicit; go 1.16 github.com/go-logr/zapr @@ -63,6 +64,9 @@ github.com/go-logr/zapr ## explicit; go 1.12 github.com/go-ole/go-ole github.com/go-ole/go-ole/oleutil +# github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 +## explicit; go 1.13 +github.com/go-task/slim-sprig # github.com/gobuffalo/flect v0.2.4 ## explicit; go 1.13 github.com/gobuffalo/flect @@ -73,7 +77,7 @@ github.com/gogo/protobuf/sortkeys # github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da ## explicit github.com/golang/groupcache/lru -# github.com/golang/protobuf v1.5.2 +# github.com/golang/protobuf v1.5.3 ## explicit; go 1.9 github.com/golang/protobuf/descriptor github.com/golang/protobuf/jsonpb @@ -144,6 +148,9 @@ github.com/google/go-tspi/verification ## explicit; go 1.12 github.com/google/gofuzz github.com/google/gofuzz/bytesource +# github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 +## explicit; go 1.14 +github.com/google/pprof/profile # github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 ## explicit; go 1.13 github.com/google/shlex @@ -254,11 +261,21 @@ github.com/modern-go/reflect2 ## explicit; go 1.16 github.com/mudler/yip/pkg/schema github.com/mudler/yip/pkg/schema/cloudinit -# github.com/onsi/ginkgo/v2 v2.3.1 +# github.com/onsi/ginkgo/v2 v2.11.0 ## explicit; go 1.18 github.com/onsi/ginkgo/v2 github.com/onsi/ginkgo/v2/config github.com/onsi/ginkgo/v2/formatter +github.com/onsi/ginkgo/v2/ginkgo +github.com/onsi/ginkgo/v2/ginkgo/build +github.com/onsi/ginkgo/v2/ginkgo/command +github.com/onsi/ginkgo/v2/ginkgo/generators +github.com/onsi/ginkgo/v2/ginkgo/internal +github.com/onsi/ginkgo/v2/ginkgo/labels +github.com/onsi/ginkgo/v2/ginkgo/outline +github.com/onsi/ginkgo/v2/ginkgo/run +github.com/onsi/ginkgo/v2/ginkgo/unfocus +github.com/onsi/ginkgo/v2/ginkgo/watch github.com/onsi/ginkgo/v2/internal github.com/onsi/ginkgo/v2/internal/global github.com/onsi/ginkgo/v2/internal/interrupt_handler @@ -266,7 +283,7 @@ github.com/onsi/ginkgo/v2/internal/parallel_support github.com/onsi/ginkgo/v2/internal/testingtproxy github.com/onsi/ginkgo/v2/reporters github.com/onsi/ginkgo/v2/types -# github.com/onsi/gomega v1.22.0 +# github.com/onsi/gomega v1.27.8 ## explicit; go 1.18 github.com/onsi/gomega github.com/onsi/gomega/format @@ -472,6 +489,10 @@ github.com/subosito/gotenv # github.com/twpayne/go-vfs v1.7.2 ## explicit; go 1.13 github.com/twpayne/go-vfs +# github.com/twpayne/go-vfs/v4 v4.2.0 +## explicit; go 1.16 +github.com/twpayne/go-vfs/v4 +github.com/twpayne/go-vfs/v4/vfst # github.com/urfave/cli v1.22.10 ## explicit; go 1.11 github.com/urfave/cli @@ -562,7 +583,7 @@ go.uber.org/zap/zapcore golang.org/x/crypto/cryptobyte golang.org/x/crypto/cryptobyte/asn1 golang.org/x/crypto/ed25519 -# golang.org/x/net v0.8.0 +# golang.org/x/net v0.10.0 ## explicit; go 1.17 golang.org/x/net/context golang.org/x/net/context/ctxhttp @@ -579,21 +600,21 @@ golang.org/x/net/trace ## explicit; go 1.17 golang.org/x/oauth2 golang.org/x/oauth2/internal -# golang.org/x/sync v0.1.0 +# golang.org/x/sync v0.2.0 ## explicit golang.org/x/sync/errgroup golang.org/x/sync/singleflight -# golang.org/x/sys v0.6.0 +# golang.org/x/sys v0.9.0 ## explicit; go 1.17 golang.org/x/sys/execabs golang.org/x/sys/internal/unsafeheader golang.org/x/sys/plan9 golang.org/x/sys/unix golang.org/x/sys/windows -# golang.org/x/term v0.6.0 +# golang.org/x/term v0.8.0 ## explicit; go 1.17 golang.org/x/term -# golang.org/x/text v0.8.0 +# golang.org/x/text v0.9.0 ## explicit; go 1.17 golang.org/x/text/cases golang.org/x/text/encoding @@ -620,6 +641,10 @@ golang.org/x/text/unicode/norm # golang.org/x/time v0.3.0 ## explicit golang.org/x/time/rate +# golang.org/x/tools v0.9.3 +## explicit; go 1.18 +golang.org/x/tools/go/ast/inspector +golang.org/x/tools/internal/typeparams # gomodules.xyz/jsonpatch/v2 v2.2.0 ## explicit; go 1.12 gomodules.xyz/jsonpatch/v2 From a5dc690a6153fcfe3fc2fe470e30fabe1d61f635 Mon Sep 17 00:00:00 2001 From: Andrea Mazzotti Date: Thu, 13 Jul 2023 17:34:48 +0200 Subject: [PATCH 6/9] Restore go-tpm-tools vendoring --- .../go-tpm-tools/.github/workflows/ci.yml | 100 + .../github.com/google/go-tpm-tools/.gitignore | 12 + .../google/go-tpm-tools/CONTRIBUTING.md | 28 + .../github.com/google/go-tpm-tools/README.md | 142 + .../go-tpm-tools/cel/canonical_eventlog.go | 413 ++ .../cel/canonical_eventlog_test.go | 173 + .../google/go-tpm-tools/cel/cos_tlv.go | 120 + .../google/go-tpm-tools/cel/cos_tlv_test.go | 124 + .../google/go-tpm-tools/client/attest.go | 66 + .../google/go-tpm-tools/client/close.go | 29 + .../google/go-tpm-tools/client/eventlog.go | 19 + .../go-tpm-tools/client/eventlog_linux.go | 9 + .../go-tpm-tools/client/eventlog_other.go | 10 + .../go-tpm-tools/client/example_test.go | 274 + .../google/go-tpm-tools/client/handles.go | 72 + .../go-tpm-tools/client/handles_test.go | 41 + .../google/go-tpm-tools/client/import.go | 83 + .../google/go-tpm-tools/client/keys.go | 481 ++ .../google/go-tpm-tools/client/keys_test.go | 186 + .../google/go-tpm-tools/client/pcr.go | 166 + .../google/go-tpm-tools/client/pcr_test.go | 127 + .../google/go-tpm-tools/client/quote_test.go | 154 + .../google/go-tpm-tools/client/seal_test.go | 460 ++ .../google/go-tpm-tools/client/session.go | 89 + .../google/go-tpm-tools/client/signer.go | 146 + .../google/go-tpm-tools/client/signer_test.go | 317 + .../google/go-tpm-tools/client/template.go | 143 + .../google/go-tpm-tools/cmd/flags.go | 208 + .../google/go-tpm-tools/cmd/flush.go | 87 + .../google/go-tpm-tools/cmd/flush_test.go | 48 + .../google/go-tpm-tools/cmd/gotpm/main.go | 13 + .../google/go-tpm-tools/cmd/open.go | 32 + .../google/go-tpm-tools/cmd/open_other.go | 30 + .../google/go-tpm-tools/cmd/open_windows.go | 12 + .../google/go-tpm-tools/cmd/pubkey.go | 100 + .../google/go-tpm-tools/cmd/read.go | 108 + .../google/go-tpm-tools/cmd/root.go | 62 + .../google/go-tpm-tools/cmd/seal.go | 146 + .../google/go-tpm-tools/cmd/seal_test.go | 148 + .../google/go-tpm-tools/files/PKGBUILD | 35 + .../google/go-tpm-tools/files/boot-unseal.sh | 39 + .../google/go-tpm-tools/files/initcpio.hooks | 7 + .../go-tpm-tools/files/initcpio.install | 23 + vendor/github.com/google/go-tpm-tools/go.mod | 13 + vendor/github.com/google/go-tpm-tools/go.sum | 1280 ++++ .../google/go-tpm-tools/internal/pcrs.go | 130 + .../google/go-tpm-tools/internal/pcrs_test.go | 33 + .../google/go-tpm-tools/internal/public.go | 35 + .../google/go-tpm-tools/internal/quote.go | 110 + .../test/attestations/gce-cos-85-no-nonce.pb | Bin 0 -> 29596 bytes .../test/attestations/gce-cos-85-nonce9009.pb | Bin 0 -> 29602 bytes .../test/eventlogs/arch-linux-workstation.bin | Bin 0 -> 15579 bytes .../internal/test/eventlogs/debian-10.bin | Bin 0 -> 22220 bytes .../internal/test/eventlogs/glinux-alex.bin | Bin 0 -> 15881 bytes .../internal/test/eventlogs/rhel8-uefi.bin | Bin 0 -> 34034 bytes .../test/eventlogs/ubuntu-1804-amd-sev.bin | Bin 0 -> 26013 bytes .../test/eventlogs/ubuntu-2104-no-dbx.bin | Bin 0 -> 33824 bytes .../eventlogs/ubuntu-2104-no-secure-boot.bin | Bin 0 -> 38268 bytes .../internal/test/load_random_external_key.go | 47 + .../go-tpm-tools/internal/test/test_data.go | 29 + .../go-tpm-tools/internal/test/test_other.go | 23 + .../go-tpm-tools/internal/test/test_tpm.go | 139 + .../internal/test/test_windows.go | 18 + .../google/go-tpm-tools/proto/attest.proto | 194 + .../go-tpm-tools/proto/attest/attest.pb.go | 1613 +++++ .../google/go-tpm-tools/proto/doc.go | 22 + .../google/go-tpm-tools/proto/tpm.proto | 54 + .../google/go-tpm-tools/proto/tpm/tpm.pb.go | 595 ++ .../server/ca-certs/tpm_ek_intermediate_2.crt | Bin 0 -> 1560 bytes .../server/ca-certs/tpm_ek_root_1.cer | Bin 0 -> 1667 bytes .../google/go-tpm-tools/server/ecc_utils.go | 47 + .../google/go-tpm-tools/server/eventlog.go | 307 + .../go-tpm-tools/server/eventlog_test.go | 510 ++ .../go-tpm-tools/server/example_test.go | 47 + .../go-tpm-tools/server/grouped_error.go | 48 + .../go-tpm-tools/server/grouped_error_test.go | 42 + .../google/go-tpm-tools/server/import.go | 246 + .../google/go-tpm-tools/server/import_test.go | 249 + .../go-tpm-tools/server/instance_info.go | 19 + .../go-tpm-tools/server/key_conversion.go | 108 + .../server/key_conversion_test.go | 103 + .../google/go-tpm-tools/server/policy.go | 61 + .../go-tpm-tools/server/policy_constants.go | 167 + .../server/policy_constants_test.go | 56 + .../google/go-tpm-tools/server/policy_test.go | 153 + .../go-tpm-tools/server/secure-boot/GcePk.crt | Bin 0 -> 762 bytes .../MicCorKEKCA2011_2011-06-24.crt | Bin 0 -> 1516 bytes .../MicCorUEFCA2011_2011-06-27.crt | Bin 0 -> 1556 bytes .../MicWinProPCA2011_2011-10-19.crt | Bin 0 -> 1499 bytes .../server/secure-boot/canonical-boothole.crt | Bin 0 -> 1060 bytes .../server/secure-boot/cisco-boothole.crt | Bin 0 -> 1164 bytes .../secure-boot/dbxupdate-2014-08-11.bin | Bin 0 -> 4011 bytes .../secure-boot/dbxupdate_x64-2020-10-12.bin | Bin 0 -> 15281 bytes .../secure-boot/dbxupdate_x64-2021-04-29.bin | Bin 0 -> 13501 bytes .../server/secure-boot/debian-boothole.crt | Bin 0 -> 768 bytes .../google/go-tpm-tools/server/verify.go | 214 + .../google/go-tpm-tools/server/verify_test.go | 553 ++ .../simulator/ms-tpm-20-ref/CONTRIBUTING.md | 42 + .../simulator/ms-tpm-20-ref/LICENSE | 17 + .../simulator/ms-tpm-20-ref/README.md | 49 + .../ms-tpm-20-ref/Samples/Google/Clock.c | 174 + .../ms-tpm-20-ref/Samples/Google/Entropy.c | 11 + .../ms-tpm-20-ref/Samples/Google/NVMem.c | 81 + .../ms-tpm-20-ref/Samples/Google/Platform.h | 71 + .../Samples/Google/PlatformData.h | 86 + .../Samples/Google/Platform_fp.h | 197 + .../ms-tpm-20-ref/Samples/Google/Run.c | 78 + .../ms-tpm-20-ref/TPMCmd/Makefile.am | 62 + .../ms-tpm-20-ref/TPMCmd/configure.ac | 89 + .../simulator/ms-tpm-20-ref/TPMCmd/flags.m4 | 84 + .../TPMCmd/tpm/include/BaseTypes.h | 60 + .../TPMCmd/tpm/include/BnValues.h | 320 + .../TPMCmd/tpm/include/Capabilities.h | 49 + .../TPMCmd/tpm/include/CommandAttributeData.h | 916 +++ .../TPMCmd/tpm/include/CommandAttributes.h | 66 + .../TPMCmd/tpm/include/CommandDispatchData.h | 5167 +++++++++++++++ .../TPMCmd/tpm/include/CommandDispatcher.h | 2051 ++++++ .../TPMCmd/tpm/include/Commands.h | 451 ++ .../TPMCmd/tpm/include/CompilerDependencies.h | 132 + .../TPMCmd/tpm/include/CryptEcc.h | 71 + .../TPMCmd/tpm/include/CryptHash.h | 303 + .../TPMCmd/tpm/include/CryptRand.h | 199 + .../TPMCmd/tpm/include/CryptRsa.h | 69 + .../TPMCmd/tpm/include/CryptSym.h | 143 + .../TPMCmd/tpm/include/CryptTest.h | 70 + .../TPMCmd/tpm/include/EccTestData.h | 158 + .../ms-tpm-20-ref/TPMCmd/tpm/include/Global.h | 1439 ++++ .../TPMCmd/tpm/include/GpMacros.h | 332 + .../TPMCmd/tpm/include/HandleProcess.h | 1008 +++ .../TPMCmd/tpm/include/HashTestData.h | 104 + .../TPMCmd/tpm/include/InternalRoutines.h | 127 + .../TPMCmd/tpm/include/KdfTestData.h | 83 + .../TPMCmd/tpm/include/LibSupport.h | 69 + .../TPMCmd/tpm/include/Ltc/LtcSettings.h | 84 + .../TPMCmd/tpm/include/Ltc/TpmToLtcHash.h | 172 + .../TPMCmd/tpm/include/Ltc/TpmToLtcMath.h | 89 + .../TPMCmd/tpm/include/Ltc/TpmToLtcSym.h | 110 + .../ms-tpm-20-ref/TPMCmd/tpm/include/MinMax.h | 46 + .../ms-tpm-20-ref/TPMCmd/tpm/include/NV.h | 165 + .../ms-tpm-20-ref/TPMCmd/tpm/include/OIDs.h | 275 + .../TPMCmd/tpm/include/Ossl/TpmToOsslHash.h | 180 + .../TPMCmd/tpm/include/Ossl/TpmToOsslMath.h | 127 + .../TPMCmd/tpm/include/Ossl/TpmToOsslSym.h | 120 + .../TPMCmd/tpm/include/PRNG_TestVectors.h | 140 + .../TPMCmd/tpm/include/RsaTestData.h | 423 ++ .../TPMCmd/tpm/include/SelfTest.h | 105 + .../SupportLibraryFunctionPrototypes_fp.h | 137 + .../TPMCmd/tpm/include/SymmetricTest.h | 76 + .../TPMCmd/tpm/include/SymmetricTestData.h | 178 + .../ms-tpm-20-ref/TPMCmd/tpm/include/TPMB.h | 73 + .../ms-tpm-20-ref/TPMCmd/tpm/include/Tpm.h | 55 + .../TPMCmd/tpm/include/TpmASN1.h | 127 + .../TPMCmd/tpm/include/TpmAlgorithmDefines.h | 423 ++ .../TPMCmd/tpm/include/TpmBuildSwitches.h | 341 + .../TPMCmd/tpm/include/TpmError.h | 56 + .../TPMCmd/tpm/include/TpmProfile.h | 789 +++ .../TPMCmd/tpm/include/TpmTypes.h | 2374 +++++++ .../TPMCmd/tpm/include/VendorString.h | 88 + .../TPMCmd/tpm/include/Wolf/TpmToWolfHash.h | 191 + .../TPMCmd/tpm/include/Wolf/TpmToWolfMath.h | 91 + .../TPMCmd/tpm/include/Wolf/TpmToWolfSym.h | 115 + .../TPMCmd/tpm/include/Wolf/user_settings.h | 106 + .../ms-tpm-20-ref/TPMCmd/tpm/include/X509.h | 134 + .../include/prototypes/AC_GetCapability_fp.h | 71 + .../tpm/include/prototypes/AC_Send_fp.h | 72 + .../TPMCmd/tpm/include/prototypes/AC_spt_fp.h | 80 + .../prototypes/ActivateCredential_fp.h | 72 + .../tpm/include/prototypes/AlgorithmCap_fp.h | 64 + .../include/prototypes/AlgorithmTests_fp.h | 72 + .../tpm/include/prototypes/Attest_spt_fp.h | 88 + .../TPMCmd/tpm/include/prototypes/Bits_fp.h | 73 + .../tpm/include/prototypes/BnConvert_fp.h | 130 + .../TPMCmd/tpm/include/prototypes/BnMath_fp.h | 238 + .../tpm/include/prototypes/BnMemory_fp.h | 110 + .../include/prototypes/CertifyCreation_fp.h | 77 + .../tpm/include/prototypes/CertifyX509_fp.h | 76 + .../tpm/include/prototypes/Certify_fp.h | 73 + .../tpm/include/prototypes/ChangeEPS_fp.h | 60 + .../tpm/include/prototypes/ChangePPS_fp.h | 60 + .../tpm/include/prototypes/ClearControl_fp.h | 62 + .../TPMCmd/tpm/include/prototypes/Clear_fp.h | 60 + .../include/prototypes/ClockRateAdjust_fp.h | 62 + .../tpm/include/prototypes/ClockSet_fp.h | 62 + .../tpm/include/prototypes/CommandAudit_fp.h | 131 + .../prototypes/CommandCodeAttributes_fp.h | 182 + .../include/prototypes/CommandDispatcher_fp.h | 58 + .../TPMCmd/tpm/include/prototypes/Commit_fp.h | 75 + .../tpm/include/prototypes/ContextLoad_fp.h | 66 + .../tpm/include/prototypes/ContextSave_fp.h | 66 + .../tpm/include/prototypes/Context_spt_fp.h | 96 + .../tpm/include/prototypes/CreateLoaded_fp.h | 73 + .../tpm/include/prototypes/CreatePrimary_fp.h | 79 + .../TPMCmd/tpm/include/prototypes/Create_fp.h | 78 + .../tpm/include/prototypes/CryptCmac_fp.h | 84 + .../tpm/include/prototypes/CryptDes_fp.h | 76 + .../prototypes/CryptEccKeyExchange_fp.h | 88 + .../tpm/include/prototypes/CryptEccMain_fp.h | 374 ++ .../include/prototypes/CryptEccSignature_fp.h | 139 + .../tpm/include/prototypes/CryptHash_fp.h | 408 ++ .../include/prototypes/CryptPrimeSieve_fp.h | 158 + .../tpm/include/prototypes/CryptPrime_fp.h | 137 + .../tpm/include/prototypes/CryptRand_fp.h | 204 + .../tpm/include/prototypes/CryptRsa_fp.h | 210 + .../tpm/include/prototypes/CryptSelfTest_fp.h | 108 + .../tpm/include/prototypes/CryptSmac_fp.h | 84 + .../tpm/include/prototypes/CryptSym_fp.h | 126 + .../tpm/include/prototypes/CryptUtil_fp.h | 488 ++ .../TPMCmd/tpm/include/prototypes/DA_fp.h | 88 + .../prototypes/DictionaryAttackLockReset_fp.h | 60 + .../DictionaryAttackParameters_fp.h | 66 + .../tpm/include/prototypes/Duplicate_fp.h | 74 + .../include/prototypes/ECC_Parameters_fp.h | 66 + .../tpm/include/prototypes/ECDH_KeyGen_fp.h | 67 + .../tpm/include/prototypes/ECDH_ZGen_fp.h | 68 + .../tpm/include/prototypes/EC_Ephemeral_fp.h | 67 + .../include/prototypes/EncryptDecrypt2_fp.h | 75 + .../include/prototypes/EncryptDecrypt_fp.h | 75 + .../prototypes/EncryptDecrypt_spt_fp.h | 64 + .../TPMCmd/tpm/include/prototypes/Entity_fp.h | 108 + .../prototypes/EventSequenceComplete_fp.h | 70 + .../tpm/include/prototypes/EvictControl_fp.h | 64 + .../tpm/include/prototypes/ExecCommand_fp.h | 88 + .../include/prototypes/FieldUpgradeData_fp.h | 67 + .../include/prototypes/FieldUpgradeStart_fp.h | 66 + .../tpm/include/prototypes/FirmwareRead_fp.h | 66 + .../tpm/include/prototypes/FlushContext_fp.h | 60 + .../tpm/include/prototypes/GetCapability_fp.h | 71 + .../prototypes/GetCommandAuditDigest_fp.h | 73 + .../tpm/include/prototypes/GetRandom_fp.h | 66 + .../prototypes/GetSessionAuditDigest_fp.h | 75 + .../tpm/include/prototypes/GetTestResult_fp.h | 59 + .../tpm/include/prototypes/GetTime_fp.h | 73 + .../tpm/include/prototypes/HMAC_Start_fp.h | 70 + .../TPMCmd/tpm/include/prototypes/HMAC_fp.h | 70 + .../TPMCmd/tpm/include/prototypes/Handle_fp.h | 87 + .../include/prototypes/HashSequenceStart_fp.h | 68 + .../TPMCmd/tpm/include/prototypes/Hash_fp.h | 71 + .../prototypes/HierarchyChangeAuth_fp.h | 62 + .../include/prototypes/HierarchyControl_fp.h | 64 + .../tpm/include/prototypes/Hierarchy_fp.h | 87 + .../TPMCmd/tpm/include/prototypes/Import_fp.h | 76 + .../prototypes/IncrementalSelfTest_fp.h | 66 + .../tpm/include/prototypes/IoBuffers_fp.h | 87 + .../tpm/include/prototypes/LoadExternal_fp.h | 71 + .../TPMCmd/tpm/include/prototypes/Load_fp.h | 71 + .../tpm/include/prototypes/Locality_fp.h | 53 + .../tpm/include/prototypes/MAC_Start_fp.h | 70 + .../TPMCmd/tpm/include/prototypes/MAC_fp.h | 70 + .../include/prototypes/MakeCredential_fp.h | 71 + .../tpm/include/prototypes/Manufacture_fp.h | 79 + .../tpm/include/prototypes/Marshal_fp.h | 2408 +++++++ .../include/prototypes/MathOnByteBuffers_fp.h | 147 + .../TPMCmd/tpm/include/prototypes/Memory_fp.h | 179 + .../tpm/include/prototypes/NV_Certify_fp.h | 79 + .../tpm/include/prototypes/NV_ChangeAuth_fp.h | 62 + .../include/prototypes/NV_DefineSpace_fp.h | 64 + .../tpm/include/prototypes/NV_Extend_fp.h | 64 + .../prototypes/NV_GlobalWriteLock_fp.h | 60 + .../tpm/include/prototypes/NV_Increment_fp.h | 62 + .../tpm/include/prototypes/NV_ReadLock_fp.h | 62 + .../tpm/include/prototypes/NV_ReadPublic_fp.h | 67 + .../tpm/include/prototypes/NV_Read_fp.h | 72 + .../tpm/include/prototypes/NV_SetBits_fp.h | 64 + .../prototypes/NV_UndefineSpaceSpecial_fp.h | 62 + .../include/prototypes/NV_UndefineSpace_fp.h | 62 + .../tpm/include/prototypes/NV_WriteLock_fp.h | 62 + .../tpm/include/prototypes/NV_Write_fp.h | 66 + .../TPMCmd/tpm/include/prototypes/NV_spt_fp.h | 93 + .../tpm/include/prototypes/NvDynamic_fp.h | 474 ++ .../tpm/include/prototypes/NvReserved_fp.h | 130 + .../include/prototypes/ObjectChangeAuth_fp.h | 70 + .../TPMCmd/tpm/include/prototypes/Object_fp.h | 355 + .../tpm/include/prototypes/Object_spt_fp.h | 393 ++ .../tpm/include/prototypes/PCR_Allocate_fp.h | 71 + .../tpm/include/prototypes/PCR_Event_fp.h | 68 + .../tpm/include/prototypes/PCR_Extend_fp.h | 62 + .../tpm/include/prototypes/PCR_Read_fp.h | 68 + .../tpm/include/prototypes/PCR_Reset_fp.h | 60 + .../include/prototypes/PCR_SetAuthPolicy_fp.h | 66 + .../include/prototypes/PCR_SetAuthValue_fp.h | 62 + .../TPMCmd/tpm/include/prototypes/PCR_fp.h | 318 + .../tpm/include/prototypes/PP_Commands_fp.h | 64 + .../TPMCmd/tpm/include/prototypes/PP_fp.h | 98 + .../include/prototypes/PolicyAuthValue_fp.h | 60 + .../include/prototypes/PolicyAuthorizeNV_fp.h | 64 + .../include/prototypes/PolicyAuthorize_fp.h | 68 + .../include/prototypes/PolicyCommandCode_fp.h | 62 + .../prototypes/PolicyCounterTimer_fp.h | 66 + .../tpm/include/prototypes/PolicyCpHash_fp.h | 62 + .../prototypes/PolicyDuplicationSelect_fp.h | 66 + .../include/prototypes/PolicyGetDigest_fp.h | 66 + .../include/prototypes/PolicyLocality_fp.h | 62 + .../tpm/include/prototypes/PolicyNV_fp.h | 70 + .../include/prototypes/PolicyNameHash_fp.h | 62 + .../include/prototypes/PolicyNvWritten_fp.h | 62 + .../tpm/include/prototypes/PolicyOR_fp.h | 62 + .../tpm/include/prototypes/PolicyPCR_fp.h | 64 + .../include/prototypes/PolicyPassword_fp.h | 60 + .../prototypes/PolicyPhysicalPresence_fp.h | 60 + .../tpm/include/prototypes/PolicyRestart_fp.h | 60 + .../tpm/include/prototypes/PolicySecret_fp.h | 77 + .../tpm/include/prototypes/PolicySigned_fp.h | 79 + .../include/prototypes/PolicyTemplate_fp.h | 62 + .../tpm/include/prototypes/PolicyTicket_fp.h | 70 + .../prototypes/Policy_AC_SendSelect_fp.h | 68 + .../tpm/include/prototypes/Policy_spt_fp.h | 102 + .../TPMCmd/tpm/include/prototypes/Power_fp.h | 69 + .../tpm/include/prototypes/PropertyCap_fp.h | 59 + .../TPMCmd/tpm/include/prototypes/Quote_fp.h | 73 + .../tpm/include/prototypes/RSA_Decrypt_fp.h | 72 + .../tpm/include/prototypes/RSA_Encrypt_fp.h | 72 + .../tpm/include/prototypes/ReadClock_fp.h | 58 + .../tpm/include/prototypes/ReadPublic_fp.h | 68 + .../prototypes/ResponseCodeProcessing_fp.h | 52 + .../tpm/include/prototypes/Response_fp.h | 53 + .../TPMCmd/tpm/include/prototypes/Rewrap_fp.h | 75 + .../tpm/include/prototypes/RsaKeyCache_fp.h | 65 + .../tpm/include/prototypes/SelfTest_fp.h | 60 + .../include/prototypes/SequenceComplete_fp.h | 71 + .../include/prototypes/SequenceUpdate_fp.h | 62 + .../include/prototypes/SessionProcess_fp.h | 123 + .../tpm/include/prototypes/Session_fp.h | 287 + .../include/prototypes/SetAlgorithmSet_fp.h | 62 + .../prototypes/SetCommandCodeAuditStatus_fp.h | 66 + .../include/prototypes/SetPrimaryPolicy_fp.h | 64 + .../tpm/include/prototypes/Shutdown_fp.h | 60 + .../TPMCmd/tpm/include/prototypes/Sign_fp.h | 72 + .../include/prototypes/StartAuthSession_fp.h | 79 + .../tpm/include/prototypes/Startup_fp.h | 60 + .../tpm/include/prototypes/StirRandom_fp.h | 60 + .../tpm/include/prototypes/TestParms_fp.h | 60 + .../TPMCmd/tpm/include/prototypes/Ticket_fp.h | 101 + .../TPMCmd/tpm/include/prototypes/Time_fp.h | 139 + .../tpm/include/prototypes/TpmASN1_fp.h | 234 + .../tpm/include/prototypes/TpmFail_fp.h | 98 + .../tpm/include/prototypes/TpmSizeChecks_fp.h | 56 + .../prototypes/TpmToLtcDesSupport_fp.h | 58 + .../tpm/include/prototypes/TpmToLtcMath_fp.h | 150 + .../include/prototypes/TpmToLtcSupport_fp.h | 73 + .../prototypes/TpmToOsslDesSupport_fp.h | 78 + .../tpm/include/prototypes/TpmToOsslMath_fp.h | 223 + .../include/prototypes/TpmToOsslSupport_fp.h | 84 + .../prototypes/TpmToWolfDesSupport_fp.h | 90 + .../tpm/include/prototypes/TpmToWolfMath_fp.h | 209 + .../include/prototypes/TpmToWolfSupport_fp.h | 56 + .../TPMCmd/tpm/include/prototypes/Unseal_fp.h | 66 + .../include/prototypes/Vendor_TCG_Test_fp.h | 66 + .../include/prototypes/VerifySignature_fp.h | 70 + .../tpm/include/prototypes/X509_ECC_fp.h | 79 + .../tpm/include/prototypes/X509_RSA_fp.h | 71 + .../tpm/include/prototypes/X509_spt_fp.h | 118 + .../tpm/include/prototypes/ZGen_2Phase_fp.h | 75 + .../include/prototypes/_TPM_Hash_Data_fp.h | 50 + .../tpm/include/prototypes/_TPM_Hash_End_fp.h | 49 + .../include/prototypes/_TPM_Hash_Start_fp.h | 49 + .../tpm/include/prototypes/_TPM_Init_fp.h | 49 + .../ms-tpm-20-ref/TPMCmd/tpm/include/swap.h | 106 + .../TPMCmd/tpm/src/X509/TpmASN1.c | 514 ++ .../TPMCmd/tpm/src/X509/X509_ECC.c | 146 + .../TPMCmd/tpm/src/X509/X509_RSA.c | 234 + .../TPMCmd/tpm/src/X509/X509_spt.c | 295 + .../src/command/Asymmetric/ECC_Parameters.c | 61 + .../tpm/src/command/Asymmetric/ECDH_KeyGen.c | 92 + .../tpm/src/command/Asymmetric/ECDH_ZGen.c | 86 + .../tpm/src/command/Asymmetric/EC_Ephemeral.c | 73 + .../tpm/src/command/Asymmetric/RSA_Decrypt.c | 106 + .../tpm/src/command/Asymmetric/RSA_Encrypt.c | 90 + .../tpm/src/command/Asymmetric/ZGen_2Phase.c | 121 + .../AttachedComponent/AC_GetCapability.c | 56 + .../src/command/AttachedComponent/AC_Send.c | 102 + .../src/command/AttachedComponent/AC_spt.c | 149 + .../AttachedComponent/Policy_AC_SendSelect.c | 115 + .../tpm/src/command/Attestation/Attest_spt.c | 198 + .../tpm/src/command/Attestation/Certify.c | 94 + .../src/command/Attestation/CertifyCreation.c | 98 + .../tpm/src/command/Attestation/CertifyX509.c | 276 + .../Attestation/GetCommandAuditDigest.c | 99 + .../Attestation/GetSessionAuditDigest.c | 95 + .../tpm/src/command/Attestation/GetTime.c | 88 + .../tpm/src/command/Attestation/Quote.c | 98 + .../src/command/Capability/GetCapability.c | 180 + .../tpm/src/command/Capability/TestParms.c | 56 + .../src/command/ClockTimer/ClockRateAdjust.c | 55 + .../tpm/src/command/ClockTimer/ClockSet.c | 66 + .../tpm/src/command/ClockTimer/ReadClock.c | 56 + .../CommandAudit/SetCommandCodeAuditStatus.c | 103 + .../tpm/src/command/Context/ContextLoad.c | 193 + .../tpm/src/command/Context/ContextSave.c | 232 + .../tpm/src/command/Context/Context_spt.c | 244 + .../tpm/src/command/Context/EvictControl.c | 131 + .../tpm/src/command/Context/FlushContext.c | 86 + .../command/DA/DictionaryAttackLockReset.c | 67 + .../command/DA/DictionaryAttackParameters.c | 76 + .../tpm/src/command/Duplication/Duplicate.c | 160 + .../tpm/src/command/Duplication/Import.c | 209 + .../tpm/src/command/Duplication/Rewrap.c | 160 + .../tpm/src/command/EA/PolicyAuthValue.c | 81 + .../tpm/src/command/EA/PolicyAuthorize.c | 125 + .../tpm/src/command/EA/PolicyAuthorizeNV.c | 117 + .../tpm/src/command/EA/PolicyCommandCode.c | 90 + .../tpm/src/command/EA/PolicyCounterTimer.c | 129 + .../TPMCmd/tpm/src/command/EA/PolicyCpHash.c | 103 + .../src/command/EA/PolicyDuplicationSelect.c | 113 + .../tpm/src/command/EA/PolicyGetDigest.c | 61 + .../tpm/src/command/EA/PolicyLocality.c | 138 + .../TPMCmd/tpm/src/command/EA/PolicyNV.c | 143 + .../tpm/src/command/EA/PolicyNameHash.c | 99 + .../tpm/src/command/EA/PolicyNvWritten.c | 95 + .../TPMCmd/tpm/src/command/EA/PolicyOR.c | 99 + .../TPMCmd/tpm/src/command/EA/PolicyPCR.c | 125 + .../tpm/src/command/EA/PolicyPassword.c | 81 + .../src/command/EA/PolicyPhysicalPresence.c | 78 + .../TPMCmd/tpm/src/command/EA/PolicySecret.c | 128 + .../TPMCmd/tpm/src/command/EA/PolicySigned.c | 180 + .../tpm/src/command/EA/PolicyTemplate.c | 103 + .../TPMCmd/tpm/src/command/EA/PolicyTicket.c | 128 + .../TPMCmd/tpm/src/command/EA/Policy_spt.c | 290 + .../TPMCmd/tpm/src/command/Ecdaa/Commit.c | 169 + .../command/FieldUpgrade/FieldUpgradeData.c | 53 + .../command/FieldUpgrade/FieldUpgradeStart.c | 51 + .../src/command/FieldUpgrade/FirmwareRead.c | 55 + .../command/HashHMAC/EventSequenceComplete.c | 109 + .../tpm/src/command/HashHMAC/HMAC_Start.c | 105 + .../src/command/HashHMAC/HashSequenceStart.c | 63 + .../tpm/src/command/HashHMAC/MAC_Start.c | 92 + .../src/command/HashHMAC/SequenceComplete.c | 131 + .../tpm/src/command/HashHMAC/SequenceUpdate.c | 106 + .../tpm/src/command/Hierarchy/ChangeEPS.c | 95 + .../tpm/src/command/Hierarchy/ChangePPS.c | 96 + .../TPMCmd/tpm/src/command/Hierarchy/Clear.c | 125 + .../tpm/src/command/Hierarchy/ClearControl.c | 72 + .../tpm/src/command/Hierarchy/CreatePrimary.c | 143 + .../command/Hierarchy/HierarchyChangeAuth.c | 91 + .../src/command/Hierarchy/HierarchyControl.c | 144 + .../src/command/Hierarchy/SetPrimaryPolicy.c | 102 + .../TPMCmd/tpm/src/command/Misc/PP_Commands.c | 80 + .../tpm/src/command/Misc/SetAlgorithmSet.c | 62 + .../tpm/src/command/NVStorage/NV_Certify.c | 141 + .../tpm/src/command/NVStorage/NV_ChangeAuth.c | 68 + .../src/command/NVStorage/NV_DefineSpace.c | 226 + .../tpm/src/command/NVStorage/NV_Extend.c | 109 + .../command/NVStorage/NV_GlobalWriteLock.c | 57 + .../tpm/src/command/NVStorage/NV_Increment.c | 102 + .../tpm/src/command/NVStorage/NV_Read.c | 97 + .../tpm/src/command/NVStorage/NV_ReadLock.c | 93 + .../tpm/src/command/NVStorage/NV_ReadPublic.c | 62 + .../tpm/src/command/NVStorage/NV_SetBits.c | 91 + .../src/command/NVStorage/NV_UndefineSpace.c | 76 + .../NVStorage/NV_UndefineSpaceSpecial.c | 71 + .../tpm/src/command/NVStorage/NV_Write.c | 109 + .../tpm/src/command/NVStorage/NV_WriteLock.c | 91 + .../TPMCmd/tpm/src/command/NVStorage/NV_spt.c | 163 + .../src/command/Object/ActivateCredential.c | 107 + .../TPMCmd/tpm/src/command/Object/Create.c | 155 + .../tpm/src/command/Object/CreateLoaded.c | 221 + .../TPMCmd/tpm/src/command/Object/Load.c | 121 + .../tpm/src/command/Object/LoadExternal.c | 132 + .../tpm/src/command/Object/MakeCredential.c | 96 + .../tpm/src/command/Object/ObjectChangeAuth.c | 93 + .../tpm/src/command/Object/Object_spt.c | 1584 +++++ .../tpm/src/command/Object/ReadPublic.c | 67 + .../TPMCmd/tpm/src/command/Object/Unseal.c | 70 + .../TPMCmd/tpm/src/command/PCR/PCR_Allocate.c | 83 + .../TPMCmd/tpm/src/command/PCR/PCR_Event.c | 92 + .../TPMCmd/tpm/src/command/PCR/PCR_Extend.c | 89 + .../TPMCmd/tpm/src/command/PCR/PCR_Read.c | 60 + .../TPMCmd/tpm/src/command/PCR/PCR_Reset.c | 74 + .../tpm/src/command/PCR/PCR_SetAuthPolicy.c | 82 + .../tpm/src/command/PCR/PCR_SetAuthValue.c | 73 + .../TPMCmd/tpm/src/command/Random/GetRandom.c | 63 + .../tpm/src/command/Random/StirRandom.c | 54 + .../tpm/src/command/Session/PolicyRestart.c | 54 + .../src/command/Session/StartAuthSession.c | 165 + .../TPMCmd/tpm/src/command/Signature/Sign.c | 112 + .../src/command/Signature/VerifySignature.c | 93 + .../TPMCmd/tpm/src/command/Startup/Shutdown.c | 101 + .../TPMCmd/tpm/src/command/Startup/Startup.c | 244 + .../src/command/Symmetric/EncryptDecrypt.c | 163 + .../src/command/Symmetric/EncryptDecrypt2.c | 83 + .../command/Symmetric/EncryptDecrypt_spt.c | 163 + .../TPMCmd/tpm/src/command/Symmetric/HMAC.c | 108 + .../TPMCmd/tpm/src/command/Symmetric/Hash.c | 88 + .../TPMCmd/tpm/src/command/Symmetric/MAC.c | 94 + .../tpm/src/command/Testing/GetTestResult.c | 61 + .../src/command/Testing/IncrementalSelfTest.c | 65 + .../TPMCmd/tpm/src/command/Testing/SelfTest.c | 58 + .../tpm/src/command/Vendor/Vendor_TCG_Test.c | 50 + .../TPMCmd/tpm/src/crypt/AlgorithmTests.c | 963 +++ .../TPMCmd/tpm/src/crypt/BnConvert.c | 295 + .../TPMCmd/tpm/src/crypt/BnMath.c | 597 ++ .../TPMCmd/tpm/src/crypt/BnMemory.c | 187 + .../TPMCmd/tpm/src/crypt/CryptCmac.c | 176 + .../TPMCmd/tpm/src/crypt/CryptDes.c | 188 + .../TPMCmd/tpm/src/crypt/CryptEccData.c | 657 ++ .../tpm/src/crypt/CryptEccKeyExchange.c | 383 ++ .../TPMCmd/tpm/src/crypt/CryptEccMain.c | 820 +++ .../TPMCmd/tpm/src/crypt/CryptEccSignature.c | 931 +++ .../TPMCmd/tpm/src/crypt/CryptHash.c | 938 +++ .../TPMCmd/tpm/src/crypt/CryptPrime.c | 385 ++ .../TPMCmd/tpm/src/crypt/CryptPrimeSieve.c | 571 ++ .../TPMCmd/tpm/src/crypt/CryptRand.c | 950 +++ .../TPMCmd/tpm/src/crypt/CryptRsa.c | 1489 +++++ .../TPMCmd/tpm/src/crypt/CryptSelfTest.c | 222 + .../TPMCmd/tpm/src/crypt/CryptSmac.c | 132 + .../TPMCmd/tpm/src/crypt/CryptSym.c | 478 ++ .../TPMCmd/tpm/src/crypt/CryptUtil.c | 1901 ++++++ .../TPMCmd/tpm/src/crypt/PrimeData.c | 422 ++ .../TPMCmd/tpm/src/crypt/RsaKeyCache.c | 255 + .../TPMCmd/tpm/src/crypt/Ticket.c | 277 + .../tpm/src/crypt/ltc/TpmToLtcDesSupport.c | 75 + .../TPMCmd/tpm/src/crypt/ltc/TpmToLtcMath.c | 286 + .../tpm/src/crypt/ltc/TpmToLtcSupport.c | 96 + .../tpm/src/crypt/ossl/TpmToOsslDesSupport.c | 100 + .../TPMCmd/tpm/src/crypt/ossl/TpmToOsslMath.c | 638 ++ .../tpm/src/crypt/ossl/TpmToOsslSupport.c | 112 + .../tpm/src/crypt/wolf/TpmToWolfDesSupport.c | 117 + .../TPMCmd/tpm/src/crypt/wolf/TpmToWolfMath.c | 521 ++ .../tpm/src/crypt/wolf/TpmToWolfSupport.c | 60 + .../TPMCmd/tpm/src/crypt/wolf/wolfssl.vcxproj | 194 + .../TPMCmd/tpm/src/events/_TPM_Hash_Data.c | 70 + .../TPMCmd/tpm/src/events/_TPM_Hash_End.c | 102 + .../TPMCmd/tpm/src/events/_TPM_Hash_Start.c | 92 + .../TPMCmd/tpm/src/events/_TPM_Init.c | 90 + .../TPMCmd/tpm/src/main/CommandDispatcher.c | 430 ++ .../TPMCmd/tpm/src/main/ExecCommand.c | 317 + .../TPMCmd/tpm/src/main/SessionProcess.c | 2242 +++++++ .../TPMCmd/tpm/src/subsystem/CommandAudit.c | 268 + .../TPMCmd/tpm/src/subsystem/DA.c | 235 + .../TPMCmd/tpm/src/subsystem/Hierarchy.c | 237 + .../TPMCmd/tpm/src/subsystem/NvDynamic.c | 1932 ++++++ .../TPMCmd/tpm/src/subsystem/NvReserved.c | 263 + .../TPMCmd/tpm/src/subsystem/Object.c | 989 +++ .../TPMCmd/tpm/src/subsystem/PCR.c | 1314 ++++ .../TPMCmd/tpm/src/subsystem/PP.c | 179 + .../TPMCmd/tpm/src/subsystem/Session.c | 1068 +++ .../TPMCmd/tpm/src/subsystem/Time.c | 276 + .../TPMCmd/tpm/src/support/AlgorithmCap.c | 234 + .../TPMCmd/tpm/src/support/Bits.c | 92 + .../tpm/src/support/CommandCodeAttributes.c | 553 ++ .../TPMCmd/tpm/src/support/Entity.c | 478 ++ .../TPMCmd/tpm/src/support/Global.c | 59 + .../TPMCmd/tpm/src/support/Handle.c | 195 + .../TPMCmd/tpm/src/support/IoBuffers.c | 125 + .../TPMCmd/tpm/src/support/Locality.c | 75 + .../TPMCmd/tpm/src/support/Manufacture.c | 177 + .../TPMCmd/tpm/src/support/Marshal.c | 5811 +++++++++++++++++ .../tpm/src/support/MathOnByteBuffers.c | 265 + .../TPMCmd/tpm/src/support/Memory.c | 269 + .../TPMCmd/tpm/src/support/Power.c | 82 + .../TPMCmd/tpm/src/support/PropertyCap.c | 597 ++ .../TPMCmd/tpm/src/support/Response.c | 81 + .../tpm/src/support/ResponseCodeProcessing.c | 57 + .../TPMCmd/tpm/src/support/TpmFail.c | 454 ++ .../TPMCmd/tpm/src/support/TpmSizeChecks.c | 171 + .../go-tpm-tools/simulator/simulator_test.go | 119 + 555 files changed, 106309 insertions(+) create mode 100644 vendor/github.com/google/go-tpm-tools/.github/workflows/ci.yml create mode 100644 vendor/github.com/google/go-tpm-tools/.gitignore create mode 100644 vendor/github.com/google/go-tpm-tools/CONTRIBUTING.md create mode 100644 vendor/github.com/google/go-tpm-tools/README.md create mode 100644 vendor/github.com/google/go-tpm-tools/cel/canonical_eventlog.go create mode 100644 vendor/github.com/google/go-tpm-tools/cel/canonical_eventlog_test.go create mode 100644 vendor/github.com/google/go-tpm-tools/cel/cos_tlv.go create mode 100644 vendor/github.com/google/go-tpm-tools/cel/cos_tlv_test.go create mode 100644 vendor/github.com/google/go-tpm-tools/client/attest.go create mode 100644 vendor/github.com/google/go-tpm-tools/client/close.go create mode 100644 vendor/github.com/google/go-tpm-tools/client/eventlog.go create mode 100644 vendor/github.com/google/go-tpm-tools/client/eventlog_linux.go create mode 100644 vendor/github.com/google/go-tpm-tools/client/eventlog_other.go create mode 100644 vendor/github.com/google/go-tpm-tools/client/example_test.go create mode 100644 vendor/github.com/google/go-tpm-tools/client/handles.go create mode 100644 vendor/github.com/google/go-tpm-tools/client/handles_test.go create mode 100644 vendor/github.com/google/go-tpm-tools/client/import.go create mode 100644 vendor/github.com/google/go-tpm-tools/client/keys.go create mode 100644 vendor/github.com/google/go-tpm-tools/client/keys_test.go create mode 100644 vendor/github.com/google/go-tpm-tools/client/pcr.go create mode 100644 vendor/github.com/google/go-tpm-tools/client/pcr_test.go create mode 100644 vendor/github.com/google/go-tpm-tools/client/quote_test.go create mode 100644 vendor/github.com/google/go-tpm-tools/client/seal_test.go create mode 100644 vendor/github.com/google/go-tpm-tools/client/session.go create mode 100644 vendor/github.com/google/go-tpm-tools/client/signer.go create mode 100644 vendor/github.com/google/go-tpm-tools/client/signer_test.go create mode 100644 vendor/github.com/google/go-tpm-tools/client/template.go create mode 100644 vendor/github.com/google/go-tpm-tools/cmd/flags.go create mode 100644 vendor/github.com/google/go-tpm-tools/cmd/flush.go create mode 100644 vendor/github.com/google/go-tpm-tools/cmd/flush_test.go create mode 100644 vendor/github.com/google/go-tpm-tools/cmd/gotpm/main.go create mode 100644 vendor/github.com/google/go-tpm-tools/cmd/open.go create mode 100644 vendor/github.com/google/go-tpm-tools/cmd/open_other.go create mode 100644 vendor/github.com/google/go-tpm-tools/cmd/open_windows.go create mode 100644 vendor/github.com/google/go-tpm-tools/cmd/pubkey.go create mode 100644 vendor/github.com/google/go-tpm-tools/cmd/read.go create mode 100644 vendor/github.com/google/go-tpm-tools/cmd/root.go create mode 100644 vendor/github.com/google/go-tpm-tools/cmd/seal.go create mode 100644 vendor/github.com/google/go-tpm-tools/cmd/seal_test.go create mode 100644 vendor/github.com/google/go-tpm-tools/files/PKGBUILD create mode 100755 vendor/github.com/google/go-tpm-tools/files/boot-unseal.sh create mode 100644 vendor/github.com/google/go-tpm-tools/files/initcpio.hooks create mode 100644 vendor/github.com/google/go-tpm-tools/files/initcpio.install create mode 100644 vendor/github.com/google/go-tpm-tools/go.mod create mode 100644 vendor/github.com/google/go-tpm-tools/go.sum create mode 100644 vendor/github.com/google/go-tpm-tools/internal/pcrs.go create mode 100644 vendor/github.com/google/go-tpm-tools/internal/pcrs_test.go create mode 100644 vendor/github.com/google/go-tpm-tools/internal/public.go create mode 100644 vendor/github.com/google/go-tpm-tools/internal/quote.go create mode 100644 vendor/github.com/google/go-tpm-tools/internal/test/attestations/gce-cos-85-no-nonce.pb create mode 100644 vendor/github.com/google/go-tpm-tools/internal/test/attestations/gce-cos-85-nonce9009.pb create mode 100644 vendor/github.com/google/go-tpm-tools/internal/test/eventlogs/arch-linux-workstation.bin create mode 100644 vendor/github.com/google/go-tpm-tools/internal/test/eventlogs/debian-10.bin create mode 100644 vendor/github.com/google/go-tpm-tools/internal/test/eventlogs/glinux-alex.bin create mode 100644 vendor/github.com/google/go-tpm-tools/internal/test/eventlogs/rhel8-uefi.bin create mode 100644 vendor/github.com/google/go-tpm-tools/internal/test/eventlogs/ubuntu-1804-amd-sev.bin create mode 100644 vendor/github.com/google/go-tpm-tools/internal/test/eventlogs/ubuntu-2104-no-dbx.bin create mode 100644 vendor/github.com/google/go-tpm-tools/internal/test/eventlogs/ubuntu-2104-no-secure-boot.bin create mode 100644 vendor/github.com/google/go-tpm-tools/internal/test/load_random_external_key.go create mode 100644 vendor/github.com/google/go-tpm-tools/internal/test/test_data.go create mode 100644 vendor/github.com/google/go-tpm-tools/internal/test/test_other.go create mode 100644 vendor/github.com/google/go-tpm-tools/internal/test/test_tpm.go create mode 100644 vendor/github.com/google/go-tpm-tools/internal/test/test_windows.go create mode 100644 vendor/github.com/google/go-tpm-tools/proto/attest.proto create mode 100644 vendor/github.com/google/go-tpm-tools/proto/attest/attest.pb.go create mode 100644 vendor/github.com/google/go-tpm-tools/proto/doc.go create mode 100644 vendor/github.com/google/go-tpm-tools/proto/tpm.proto create mode 100644 vendor/github.com/google/go-tpm-tools/proto/tpm/tpm.pb.go create mode 100644 vendor/github.com/google/go-tpm-tools/server/ca-certs/tpm_ek_intermediate_2.crt create mode 100644 vendor/github.com/google/go-tpm-tools/server/ca-certs/tpm_ek_root_1.cer create mode 100644 vendor/github.com/google/go-tpm-tools/server/ecc_utils.go create mode 100644 vendor/github.com/google/go-tpm-tools/server/eventlog.go create mode 100644 vendor/github.com/google/go-tpm-tools/server/eventlog_test.go create mode 100644 vendor/github.com/google/go-tpm-tools/server/example_test.go create mode 100644 vendor/github.com/google/go-tpm-tools/server/grouped_error.go create mode 100644 vendor/github.com/google/go-tpm-tools/server/grouped_error_test.go create mode 100644 vendor/github.com/google/go-tpm-tools/server/import.go create mode 100644 vendor/github.com/google/go-tpm-tools/server/import_test.go create mode 100644 vendor/github.com/google/go-tpm-tools/server/instance_info.go create mode 100644 vendor/github.com/google/go-tpm-tools/server/key_conversion.go create mode 100644 vendor/github.com/google/go-tpm-tools/server/key_conversion_test.go create mode 100644 vendor/github.com/google/go-tpm-tools/server/policy.go create mode 100644 vendor/github.com/google/go-tpm-tools/server/policy_constants.go create mode 100644 vendor/github.com/google/go-tpm-tools/server/policy_constants_test.go create mode 100644 vendor/github.com/google/go-tpm-tools/server/policy_test.go create mode 100644 vendor/github.com/google/go-tpm-tools/server/secure-boot/GcePk.crt create mode 100644 vendor/github.com/google/go-tpm-tools/server/secure-boot/MicCorKEKCA2011_2011-06-24.crt create mode 100644 vendor/github.com/google/go-tpm-tools/server/secure-boot/MicCorUEFCA2011_2011-06-27.crt create mode 100644 vendor/github.com/google/go-tpm-tools/server/secure-boot/MicWinProPCA2011_2011-10-19.crt create mode 100644 vendor/github.com/google/go-tpm-tools/server/secure-boot/canonical-boothole.crt create mode 100644 vendor/github.com/google/go-tpm-tools/server/secure-boot/cisco-boothole.crt create mode 100644 vendor/github.com/google/go-tpm-tools/server/secure-boot/dbxupdate-2014-08-11.bin create mode 100644 vendor/github.com/google/go-tpm-tools/server/secure-boot/dbxupdate_x64-2020-10-12.bin create mode 100644 vendor/github.com/google/go-tpm-tools/server/secure-boot/dbxupdate_x64-2021-04-29.bin create mode 100644 vendor/github.com/google/go-tpm-tools/server/secure-boot/debian-boothole.crt create mode 100644 vendor/github.com/google/go-tpm-tools/server/verify.go create mode 100644 vendor/github.com/google/go-tpm-tools/server/verify_test.go create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/CONTRIBUTING.md create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/LICENSE create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/README.md create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/Samples/Google/Clock.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/Samples/Google/Entropy.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/Samples/Google/NVMem.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/Samples/Google/Platform.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/Samples/Google/PlatformData.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/Samples/Google/Platform_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/Samples/Google/Run.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/Makefile.am create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/configure.ac create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/flags.m4 create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/BaseTypes.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/BnValues.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Capabilities.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CommandAttributeData.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CommandAttributes.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CommandDispatchData.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CommandDispatcher.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Commands.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CompilerDependencies.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CryptEcc.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CryptHash.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CryptRand.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CryptRsa.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CryptSym.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CryptTest.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/EccTestData.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Global.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/GpMacros.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/HandleProcess.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/HashTestData.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/InternalRoutines.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/KdfTestData.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/LibSupport.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ltc/LtcSettings.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ltc/TpmToLtcHash.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ltc/TpmToLtcMath.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ltc/TpmToLtcSym.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/MinMax.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/NV.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/OIDs.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ossl/TpmToOsslHash.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ossl/TpmToOsslMath.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ossl/TpmToOsslSym.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/PRNG_TestVectors.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/RsaTestData.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/SelfTest.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/SupportLibraryFunctionPrototypes_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/SymmetricTest.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/SymmetricTestData.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/TPMB.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Tpm.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/TpmASN1.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/TpmAlgorithmDefines.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/TpmBuildSwitches.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/TpmError.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/TpmProfile.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/TpmTypes.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/VendorString.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Wolf/TpmToWolfHash.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Wolf/TpmToWolfMath.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Wolf/TpmToWolfSym.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Wolf/user_settings.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/X509.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/AC_GetCapability_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/AC_Send_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/AC_spt_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ActivateCredential_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/AlgorithmCap_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/AlgorithmTests_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Attest_spt_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Bits_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/BnConvert_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/BnMath_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/BnMemory_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CertifyCreation_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CertifyX509_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Certify_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ChangeEPS_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ChangePPS_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ClearControl_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Clear_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ClockRateAdjust_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ClockSet_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CommandAudit_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CommandCodeAttributes_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CommandDispatcher_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Commit_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ContextLoad_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ContextSave_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Context_spt_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CreateLoaded_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CreatePrimary_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Create_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptCmac_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptDes_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptEccKeyExchange_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptEccMain_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptEccSignature_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptHash_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptPrimeSieve_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptPrime_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptRand_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptRsa_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptSelfTest_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptSmac_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptSym_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptUtil_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/DA_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/DictionaryAttackLockReset_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/DictionaryAttackParameters_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Duplicate_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ECC_Parameters_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ECDH_KeyGen_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ECDH_ZGen_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/EC_Ephemeral_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/EncryptDecrypt2_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/EncryptDecrypt_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/EncryptDecrypt_spt_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Entity_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/EventSequenceComplete_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/EvictControl_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ExecCommand_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/FieldUpgradeData_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/FieldUpgradeStart_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/FirmwareRead_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/FlushContext_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/GetCapability_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/GetCommandAuditDigest_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/GetRandom_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/GetSessionAuditDigest_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/GetTestResult_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/GetTime_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/HMAC_Start_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/HMAC_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Handle_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/HashSequenceStart_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Hash_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/HierarchyChangeAuth_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/HierarchyControl_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Hierarchy_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Import_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/IncrementalSelfTest_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/IoBuffers_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/LoadExternal_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Load_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Locality_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/MAC_Start_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/MAC_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/MakeCredential_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Manufacture_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Marshal_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/MathOnByteBuffers_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Memory_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_Certify_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_ChangeAuth_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_DefineSpace_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_Extend_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_GlobalWriteLock_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_Increment_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_ReadLock_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_ReadPublic_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_Read_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_SetBits_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_UndefineSpaceSpecial_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_UndefineSpace_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_WriteLock_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_Write_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_spt_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NvDynamic_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NvReserved_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ObjectChangeAuth_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Object_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Object_spt_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_Allocate_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_Event_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_Extend_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_Read_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_Reset_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_SetAuthPolicy_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_SetAuthValue_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PP_Commands_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PP_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyAuthValue_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyAuthorizeNV_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyAuthorize_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyCommandCode_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyCounterTimer_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyCpHash_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyDuplicationSelect_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyGetDigest_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyLocality_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyNV_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyNameHash_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyNvWritten_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyOR_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyPCR_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyPassword_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyPhysicalPresence_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyRestart_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicySecret_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicySigned_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyTemplate_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyTicket_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Policy_AC_SendSelect_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Policy_spt_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Power_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PropertyCap_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Quote_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/RSA_Decrypt_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/RSA_Encrypt_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ReadClock_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ReadPublic_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ResponseCodeProcessing_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Response_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Rewrap_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/RsaKeyCache_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/SelfTest_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/SequenceComplete_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/SequenceUpdate_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/SessionProcess_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Session_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/SetAlgorithmSet_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/SetCommandCodeAuditStatus_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/SetPrimaryPolicy_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Shutdown_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Sign_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/StartAuthSession_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Startup_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/StirRandom_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TestParms_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Ticket_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Time_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmASN1_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmFail_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmSizeChecks_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToLtcDesSupport_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToLtcMath_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToLtcSupport_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToOsslDesSupport_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToOsslMath_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToOsslSupport_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToWolfDesSupport_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToWolfMath_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToWolfSupport_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Unseal_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Vendor_TCG_Test_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/VerifySignature_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/X509_ECC_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/X509_RSA_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/X509_spt_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ZGen_2Phase_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/_TPM_Hash_Data_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/_TPM_Hash_End_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/_TPM_Hash_Start_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/_TPM_Init_fp.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/swap.h create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/X509/TpmASN1.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/X509/X509_ECC.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/X509/X509_RSA.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/X509/X509_spt.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Asymmetric/ECC_Parameters.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Asymmetric/ECDH_KeyGen.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Asymmetric/ECDH_ZGen.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Asymmetric/EC_Ephemeral.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Asymmetric/RSA_Decrypt.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Asymmetric/RSA_Encrypt.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Asymmetric/ZGen_2Phase.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/AttachedComponent/AC_GetCapability.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/AttachedComponent/AC_Send.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/AttachedComponent/AC_spt.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/AttachedComponent/Policy_AC_SendSelect.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/Attest_spt.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/Certify.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/CertifyCreation.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/CertifyX509.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/GetCommandAuditDigest.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/GetSessionAuditDigest.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/GetTime.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/Quote.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Capability/GetCapability.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Capability/TestParms.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/ClockTimer/ClockRateAdjust.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/ClockTimer/ClockSet.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/ClockTimer/ReadClock.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/CommandAudit/SetCommandCodeAuditStatus.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Context/ContextLoad.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Context/ContextSave.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Context/Context_spt.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Context/EvictControl.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Context/FlushContext.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/DA/DictionaryAttackLockReset.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/DA/DictionaryAttackParameters.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Duplication/Duplicate.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Duplication/Import.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Duplication/Rewrap.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyAuthValue.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyAuthorize.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyAuthorizeNV.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyCommandCode.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyCounterTimer.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyCpHash.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyDuplicationSelect.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyGetDigest.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyLocality.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyNV.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyNameHash.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyNvWritten.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyOR.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyPCR.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyPassword.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyPhysicalPresence.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicySecret.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicySigned.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyTemplate.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyTicket.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/Policy_spt.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Ecdaa/Commit.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/FieldUpgrade/FieldUpgradeData.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/FieldUpgrade/FieldUpgradeStart.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/FieldUpgrade/FirmwareRead.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/HashHMAC/EventSequenceComplete.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/HashHMAC/HMAC_Start.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/HashHMAC/HashSequenceStart.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/HashHMAC/MAC_Start.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/HashHMAC/SequenceComplete.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/HashHMAC/SequenceUpdate.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/ChangeEPS.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/ChangePPS.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/Clear.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/ClearControl.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/CreatePrimary.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/HierarchyChangeAuth.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/HierarchyControl.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/SetPrimaryPolicy.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Misc/PP_Commands.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Misc/SetAlgorithmSet.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_Certify.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_ChangeAuth.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_DefineSpace.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_Extend.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_GlobalWriteLock.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_Increment.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_Read.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_ReadLock.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_ReadPublic.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_SetBits.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_UndefineSpace.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_UndefineSpaceSpecial.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_Write.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_WriteLock.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_spt.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/ActivateCredential.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/Create.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/CreateLoaded.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/Load.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/LoadExternal.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/MakeCredential.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/ObjectChangeAuth.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/Object_spt.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/ReadPublic.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/Unseal.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/PCR/PCR_Allocate.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/PCR/PCR_Event.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/PCR/PCR_Extend.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/PCR/PCR_Read.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/PCR/PCR_Reset.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/PCR/PCR_SetAuthPolicy.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/PCR/PCR_SetAuthValue.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Random/GetRandom.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Random/StirRandom.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Session/PolicyRestart.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Session/StartAuthSession.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Signature/Sign.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Signature/VerifySignature.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Startup/Shutdown.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Startup/Startup.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Symmetric/EncryptDecrypt.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Symmetric/EncryptDecrypt2.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Symmetric/EncryptDecrypt_spt.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Symmetric/HMAC.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Symmetric/Hash.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Symmetric/MAC.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Testing/GetTestResult.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Testing/IncrementalSelfTest.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Testing/SelfTest.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Vendor/Vendor_TCG_Test.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/AlgorithmTests.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/BnConvert.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/BnMath.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/BnMemory.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptCmac.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptDes.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptEccData.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptEccKeyExchange.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptEccMain.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptEccSignature.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptHash.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptPrime.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptPrimeSieve.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptRand.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptRsa.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptSelfTest.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptSmac.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptSym.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptUtil.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/PrimeData.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/RsaKeyCache.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/Ticket.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/ltc/TpmToLtcDesSupport.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/ltc/TpmToLtcMath.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/ltc/TpmToLtcSupport.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/ossl/TpmToOsslDesSupport.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/ossl/TpmToOsslMath.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/ossl/TpmToOsslSupport.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/wolf/TpmToWolfDesSupport.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/wolf/TpmToWolfMath.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/wolf/TpmToWolfSupport.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/wolf/wolfssl.vcxproj create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/events/_TPM_Hash_Data.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/events/_TPM_Hash_End.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/events/_TPM_Hash_Start.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/events/_TPM_Init.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/main/CommandDispatcher.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/main/ExecCommand.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/main/SessionProcess.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/CommandAudit.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/DA.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/Hierarchy.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/NvDynamic.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/NvReserved.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/Object.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/PCR.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/PP.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/Session.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/Time.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/AlgorithmCap.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Bits.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/CommandCodeAttributes.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Entity.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Global.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Handle.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/IoBuffers.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Locality.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Manufacture.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Marshal.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/MathOnByteBuffers.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Memory.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Power.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/PropertyCap.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Response.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/ResponseCodeProcessing.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/TpmFail.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/TpmSizeChecks.c create mode 100644 vendor/github.com/google/go-tpm-tools/simulator/simulator_test.go diff --git a/vendor/github.com/google/go-tpm-tools/.github/workflows/ci.yml b/vendor/github.com/google/go-tpm-tools/.github/workflows/ci.yml new file mode 100644 index 000000000..984b50aaa --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/.github/workflows/ci.yml @@ -0,0 +1,100 @@ +# +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. +# + +name: CI +on: + push: + tags: + - v* + branches: + - master + - main + pull_request: + +jobs: + test: + strategy: + matrix: + go-version: [1.17.x] + # TODO: Get this working on windows-latest + os: [macos-latest, ubuntu-latest] + include: + - go-version: 1.16.x + os: ubuntu-latest + name: Build and Test (${{matrix.os}}, Go ${{ matrix.go-version }}) + runs-on: ${{ matrix.os }} + steps: + - name: Install Go + uses: actions/setup-go@v2 + with: + go-version: ${{ matrix.go-version }} + - name: Checkout code + uses: actions/checkout@v2 + - name: Install Protoc + uses: arduino/setup-protoc@v1 + with: + repo-token: ${{ secrets.GITHUB_TOKEN }} + version: '3.19.1' + - name: Install protoc-gen-go + run: go install google.golang.org/protobuf/cmd/protoc-gen-go@v1.27.1 + - name: Check Protobuf Generation + run: go generate ./... && git diff -G'^[^/]' --exit-code + - name: Install Linux packages + run: sudo apt-get -y install libssl-dev libtspi-dev + if: runner.os == 'Linux' + - name: Install Mac packages + run: brew install openssl + if: runner.os == 'macOS' + - name: Install Windows packages + run: choco install openssl + if: runner.os == 'Windows' + - name: Build + run: go build -v ./... + - name: Test + run: go test -v ./... + + lint: + name: Lint + runs-on: ubuntu-latest + steps: + - name: Install Go + uses: actions/setup-go@v2 + with: + go-version: 1.17.x + - name: Checkout code + uses: actions/checkout@v2 + - name: Install Linux packages + run: sudo apt-get -y install libssl-dev libtspi-dev + - name: Check for CGO Warnings (gcc) + run: CGO_CFLAGS=-Werror CC=gcc go build ./... + - name: Check for CGO Warnings (clang) + run: CGO_CFLAGS=-Werror CC=clang go build ./... + - name: Lint + uses: golangci/golangci-lint-action@v2 + with: + version: v1.42 + skip-go-installation: true + args: > + -D errcheck + -E stylecheck + -E goimports + -E misspell + -E revive + -E gofmt + -E goimports + --exclude-use-default=false + --max-same-issues=0 + --max-issues-per-linter=0 diff --git a/vendor/github.com/google/go-tpm-tools/.gitignore b/vendor/github.com/google/go-tpm-tools/.gitignore new file mode 100644 index 000000000..3a3a1b839 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/.gitignore @@ -0,0 +1,12 @@ +*.test +*.test.exe +gotpm +!gotpm/ +gotpm.exe +files/pkg +files/src +files/go-tpm-tools +*.pkg.tar.xz +.vscode* +*.code-workspace + diff --git a/vendor/github.com/google/go-tpm-tools/CONTRIBUTING.md b/vendor/github.com/google/go-tpm-tools/CONTRIBUTING.md new file mode 100644 index 000000000..939e5341e --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/CONTRIBUTING.md @@ -0,0 +1,28 @@ +# How to Contribute + +We'd love to accept your patches and contributions to this project. There are +just a few small guidelines you need to follow. + +## Contributor License Agreement + +Contributions to this project must be accompanied by a Contributor License +Agreement. You (or your employer) retain the copyright to your contribution; +this simply gives us permission to use and redistribute your contributions as +part of the project. Head over to to see +your current agreements on file or to sign a new one. + +You generally only need to submit a CLA once, so if you've already submitted one +(even if it was for a different project), you probably don't need to do it +again. + +## Code reviews + +All submissions, including submissions by project members, require review. We +use GitHub pull requests for this purpose. Consult +[GitHub Help](https://help.github.com/articles/about-pull-requests/) for more +information on using pull requests. + +## Community Guidelines + +This project follows [Google's Open Source Community +Guidelines](https://opensource.google.com/conduct/). diff --git a/vendor/github.com/google/go-tpm-tools/README.md b/vendor/github.com/google/go-tpm-tools/README.md new file mode 100644 index 000000000..ea3451deb --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/README.md @@ -0,0 +1,142 @@ +# Go-TPM tools [![GitHub release (latest SemVer)](https://img.shields.io/github/v/release/google/go-tpm-tools)](https://github.com/google/go-tpm-tools/releases) + +[![Build Status](https://github.com/google/go-tpm-tools/workflows/CI/badge.svg)](https://github.com/google/go-tpm-tools/actions?query=workflow%3ACI) +[![Go Reference](https://pkg.go.dev/badge/github.com/google/go-tpm-tools.svg)](https://pkg.go.dev/github.com/google/go-tpm-tools) +![GitHub go.mod Go version](https://img.shields.io/github/go-mod/go-version/google/go-tpm-tools) +[![Go Report Card](https://goreportcard.com/badge/github.com/google/go-tpm-tools)](https://goreportcard.com/report/github.com/google/go-tpm-tools) +[![License](https://img.shields.io/badge/LICENSE-Apache2.0-ff69b4.svg)](http://www.apache.org/licenses/LICENSE-2.0.html) + +The `go-tpm-tools` module is a [TPM 2.0](https://trustedcomputinggroup.org/resource/trusted-platform-module-2-0-a-brief-introduction/) support library designed to complement [Go-TPM](https://github.com/google/go-tpm). + +It contains the following public packages: + - [`client`](https://pkg.go.dev/github.com/google/go-tpm-tools/client): + A Go package providing simplified abstractions and utility functions for interacting with a TPM 2.0, including: + - Signing + - Attestation + - Reading PCRs + - Sealing/Unsealing data + - Importing Data and Keys + - Reading NVData + - Getting the TCG Event Log + - [`server`](https://pkg.go.dev/github.com/google/go-tpm-tools/server): + A Go package providing functionality for a remote server to send, receive, and interpret TPM 2.0 data. None of the commands in this package issue TPM commands, but instead handle: + - TCG Event Log parsing + - Attestation verification + - Creating data for Importing into a TPM + - [`proto`](https://pkg.go.dev/github.com/google/go-tpm-tools/proto): + Common [Protocol Buffer](https://developers.google.com/protocol-buffers) messages that are exchanged between the `client` and `server` libraries. This package also contains helper methods for validating these messages. + - [`simulator`](https://pkg.go.dev/github.com/google/go-tpm-tools/simulator): + Go bindings to the Microsoft's [TPM 2.0 simulator](https://github.com/Microsoft/ms-tpm-20-ref/). + +This repository also contains `gotpm`, a command line tool for using the TPM. +Run `gotpm --help` and `gotpm --help` for more documentation. + +### Building and Installing `gotpm` + +`gotpm` can be directly installed from this repo by running: +```bash +go install github.com/google/go-tpm-tools/cmd/gotpm@latest +# gotpm will be installed to $GOBIN +gotpm --help +``` +Alternatively, to build `gotpm` from a cloned version of this repo, run: +```bash +cd /my/path/to/cloned/go-tpm-tools +go build ./cmd/gotpm +# gotpm will be in the root of the repo +./gotpm --help +``` + +## Minimum Required Go Version + +This project currently requires Go 1.16 or newer. Any update to the minimum required Go version will be released as a **minor** version update. + +## `trousers` errors when building `server` + +When building the `server` library (or tests) you may get an error that looks like: +``` +fatal error: trousers/tss.h: No such file or directory + 17 | // #include + | ^~~~~~~~~~~~~~~~ +compilation terminated. +``` +This is because the `server` library (indirectly) depends on the [Trousers `libtspi` library](http://trousers.sourceforge.net/). This is a _temporary_ dependency ([tracking issue](https://github.com/google/go-tpm-tools/issues/109)). To fix this error, install `libtspi` by running: +```bash +sudo apt install libtspi-dev +``` + +## `openssl` errors when building `simulator` + +Similarly, when building the `simulator` library (or tests), you may get an error that looks like: +``` +fatal error: openssl/aes.h: No such file or directory + 47 | // #include + | ^~~~~~~~~~~~~~~~ +compilation terminated. +``` +This is because the `simulator` library depends on having the [OpenSSL](https://www.openssl.org/) headers installed. To fix this error, install the appropriate header package: + +### Linux + +```bash +# Ubuntu/Debian based systems +sudo apt install libssl-dev +# Redhat/Centos based systems +sudo yum install openssl-devel +# Arch Linux (headers/library in the same package) +sudo pacman -S openssl +``` + +### macOS + +First, install [Homebrew](https://brew.sh/). Then run: +```bash +brew install openssl +``` + +### Windows + +First, install [Chocolatey](https://chocolatey.org/). Then run: +```bash +choco install openssl +``` + +### Custom install location + +If you want to use a different installation of OpenSSL, or you are getting +linker errors like `ld: library not found for -lcrypto`, you can directly +point Go your installation. We will assume your installation is located at +`$OPENSSL_PATH` (with `lib` and `include` subdirectories). + +#### Add OpenSSL to the include and library path at the command line +This solution does not require modifying go-tpm-tools code and is useful when +working on other projects that depend on go-tpm-tools/simulator. +``` +C_INCLUDE_PATH="$OPENSSL_PATH/include" LIBRARY_PATH="$OPENSSL_PATH/lib" go test ... +``` + +#### Add OpenSSL to the include and library path in the code +This solution modifies your local copy of the go-tpm-tools simulator source +and removes the need to provide the paths on the command line. + +Modify the `CFLAGS`/`LDFLAGS` options beginning with `#cgo darwin` or +`#cgo windows` in `simulator/internal/internal.go` to point at your +installation. This could look something like: +```diff +// #cgo darwin CFLAGS: -I $OPENSSL_PATH/include +// #cgo darwin LDFLAGS: -L $OPENSSL_PATH/lib +``` +Remember to revert your modifications to `simulator/internal/internal.go` +before committing your changes. + +## No TPM 1.2 support + +Unlike [Go-TPM](https://github.com/google/go-tpm) (which supports TPM 1.2 and TPM 2.0), this module explicitly only supports TPM 2.0. Users should avoid use of TPM 1.2 due to the inherent reliance on SHA1 (which is [quite broken](https://sha-mbles.github.io/)). + +## Legal + +Copyright 2018 Google Inc. under the +[Apache 2.0 License](https://www.apache.org/licenses/LICENSE-2.0). Microsoft's TPM simulator +code is licensed under a [3-clause BSD license](https://opensource.org/licenses/BSD-3-Clause) and the [TCG software license](https://trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-1-Architecture-01.38.pdf). See the `LICENSE` file for more information. + +This is not an official Google product. diff --git a/vendor/github.com/google/go-tpm-tools/cel/canonical_eventlog.go b/vendor/github.com/google/go-tpm-tools/cel/canonical_eventlog.go new file mode 100644 index 000000000..59fcb0201 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/cel/canonical_eventlog.go @@ -0,0 +1,413 @@ +// Package cel contains some basic operations of Canonical Eventlog. +// Based on Canonical EventLog Spec (Draft) Version: TCG_IWG_CEL_v1_r0p37. +package cel + +import ( + "bytes" + "crypto" + "encoding/binary" + "fmt" + "io" + + pb "github.com/google/go-tpm-tools/proto/tpm" + "github.com/google/go-tpm/tpm2" + "github.com/google/go-tpm/tpmutil" +) + +const ( + // CEL spec 5.1 + recnumTypeValue uint8 = 0 + pcrTypeValue uint8 = 1 + _ uint8 = 2 // nvindex field is not supported yet + digestsTypeValue uint8 = 3 + + tlvTypeFieldLength int = 1 + tlvLengthFieldLength int = 4 + + recnumValueLength uint32 = 8 // support up to 2^64 records + pcrValueLength uint32 = 1 // support up to 256 PCRs +) + +// TLV definition according to CEL spec TCG_IWG_CEL_v1_r0p37, page 16. +// Length is implicitly defined by len(Value), using uint32 big-endian +// when encoding. +type TLV struct { + Type uint8 + Value []byte +} + +// MarshalBinary marshals a TLV to a byte slice. +func (t TLV) MarshalBinary() (data []byte, err error) { + buf := make([]byte, len(t.Value)+tlvTypeFieldLength+tlvLengthFieldLength) + + buf[0] = t.Type + binary.BigEndian.PutUint32(buf[tlvTypeFieldLength:], uint32(len(t.Value))) + copy(buf[tlvTypeFieldLength+tlvLengthFieldLength:], t.Value) + + return buf, nil +} + +// UnmarshalBinary unmarshal a byte slice to a TLV. +func (t *TLV) UnmarshalBinary(data []byte) error { + valueLength := binary.BigEndian.Uint32(data[tlvTypeFieldLength : tlvTypeFieldLength+tlvLengthFieldLength]) + + if valueLength != uint32(len(data[tlvTypeFieldLength+tlvLengthFieldLength:])) { + return fmt.Errorf("TLV Length doesn't match the size of its Value") + } + t.Type = data[0] + t.Value = data[tlvTypeFieldLength+tlvLengthFieldLength:] + + return nil +} + +// UnmarshalFirstTLV reads and parse the first TLV from the bytes buffer. The function will +// return io.EOF if the buf ends unexpectedly or cannot fill the TLV. +func UnmarshalFirstTLV(buf *bytes.Buffer) (tlv TLV, err error) { + typeByte, err := buf.ReadByte() + if err != nil { + return tlv, err + } + var data []byte + data = append(data, typeByte) + + // get the length + lengthBytes := make([]byte, tlvLengthFieldLength) + bytesRead, err := buf.Read(lengthBytes) + if err != nil { + return TLV{}, err + } + if bytesRead != tlvLengthFieldLength { + return TLV{}, io.EOF + } + valueLength := binary.BigEndian.Uint32(lengthBytes) + data = append(data, lengthBytes...) + + valueBytes := make([]byte, valueLength) + bytesRead, err = buf.Read(valueBytes) + if err != nil { + return TLV{}, err + } + if uint32(bytesRead) != valueLength { + return TLV{}, io.EOF + } + data = append(data, valueBytes...) + + if err = (&tlv).UnmarshalBinary(data); err != nil { + return TLV{}, err + } + return tlv, nil +} + +// Record represents a Canonical Eventlog Record. +type Record struct { + RecNum uint64 + PCR uint8 + Digests map[crypto.Hash][]byte + Content TLV +} + +// Content is a interface for the content in CELR. +type Content interface { + GenerateDigest(crypto.Hash) ([]byte, error) + GetTLV() (TLV, error) +} + +// CEL represents a Canonical Eventlog, which contains a list of Records. +type CEL struct { + Records []Record +} + +// AppendEvent appends a new record to the CEL. +func (c *CEL) AppendEvent(tpm io.ReadWriteCloser, pcr int, hashAlgos []crypto.Hash, event Content) error { + if len(hashAlgos) == 0 { + return fmt.Errorf("need to specify at least one hash algorithm") + } + digestsMap := make(map[crypto.Hash][]byte) + + for _, hashAlgo := range hashAlgos { + digest, err := event.GenerateDigest(hashAlgo) + if err != nil { + return err + } + digestsMap[hashAlgo] = digest + + tpm2Alg, err := tpm2.HashToAlgorithm(hashAlgo) + if err != nil { + return err + } + if err := tpm2.PCRExtend(tpm, tpmutil.Handle(pcr), tpm2Alg, digest, ""); err != nil { + return fmt.Errorf("failed to extend event to PCR%d: %v", pcr, err) + } + } + + eventTlv, err := event.GetTLV() + if err != nil { + return err + } + + celr := Record{ + RecNum: uint64(len(c.Records)), + PCR: uint8(pcr), + Digests: digestsMap, + Content: eventTlv, + } + + c.Records = append(c.Records, celr) + return nil +} + +func createRecNumField(recNum uint64) TLV { + value := make([]byte, recnumValueLength) + binary.BigEndian.PutUint64(value, recNum) + return TLV{recnumTypeValue, value} +} + +// UnmarshalRecNum takes in a TLV with its type equals to the recnum type value (0), and +// return its record number. +func unmarshalRecNum(tlv TLV) (uint64, error) { + if tlv.Type != recnumTypeValue { + return 0, fmt.Errorf("type of the TLV [%d] indicates it is not a recnum field [%d]", + tlv.Type, recnumTypeValue) + } + if uint32(len(tlv.Value)) != recnumValueLength { + return 0, fmt.Errorf( + "length of the value of the TLV [%d] doesn't match the defined length [%d] of value for recnum", + len(tlv.Value), recnumValueLength) + } + return binary.BigEndian.Uint64(tlv.Value), nil +} + +func createPCRField(pcrNum uint8) TLV { + return TLV{pcrTypeValue, []byte{pcrNum}} +} + +// UnmarshalPCR takes in a TLV with its type equals to the PCR type value (1), and +// return its PCR number. +func unmarshalPCR(tlv TLV) (pcrNum uint8, err error) { + if tlv.Type != pcrTypeValue { + return 0, fmt.Errorf("type of the TLV [%d] indicates it is not a PCR field [%d]", + tlv.Type, pcrTypeValue) + } + if uint32(len(tlv.Value)) != pcrValueLength { + return 0, fmt.Errorf( + "length of the value of the TLV [%d] doesn't match the defined length [%d] of value for a PCR field", + len(tlv.Value), pcrValueLength) + } + + return tlv.Value[0], nil +} + +func createDigestField(digestMap map[crypto.Hash][]byte) (TLV, error) { + var buf bytes.Buffer + for hashAlgo, hash := range digestMap { + if len(hash) != hashAlgo.Size() { + return TLV{}, fmt.Errorf("digest length [%d] doesn't match the expected length [%d] for the hash algorithm", + len(hash), hashAlgo.Size()) + } + tpmHashAlg, err := tpm2.HashToAlgorithm(hashAlgo) + if err != nil { + return TLV{}, err + } + singleDigestTLV := TLV{uint8(tpmHashAlg), hash} + d, err := singleDigestTLV.MarshalBinary() + if err != nil { + return TLV{}, err + } + _, err = buf.Write(d) + if err != nil { + return TLV{}, err + } + } + return TLV{digestsTypeValue, buf.Bytes()}, nil +} + +// UnmarshalDigests takes in a TLV with its type equals to the digests type value (3), and +// return its digests content in a map, the key is its TPM hash algorithm. +func unmarshalDigests(tlv TLV) (digestsMap map[crypto.Hash][]byte, err error) { + if tlv.Type != digestsTypeValue { + return nil, fmt.Errorf("type of the TLV indicates it doesn't contain digests") + } + + buf := bytes.NewBuffer(tlv.Value) + digestsMap = make(map[crypto.Hash][]byte) + + for buf.Len() > 0 { + digestTLV, err := UnmarshalFirstTLV(buf) + if err == io.EOF { + return nil, fmt.Errorf("buffer ends unexpectedly") + } else if err != nil { + return nil, err + } + hashAlg, err := tpm2.Algorithm(digestTLV.Type).Hash() + if err != nil { + return nil, err + } + digestsMap[hashAlg] = digestTLV.Value + } + return digestsMap, nil +} + +// EncodeCELR encodes the CELR to bytes according to the CEL spec and write them +// to the bytes byffer. +func (r *Record) EncodeCELR(buf *bytes.Buffer) error { + recnumField, err := createRecNumField(r.RecNum).MarshalBinary() + if err != nil { + return err + } + pcrField, err := createPCRField(r.PCR).MarshalBinary() + if err != nil { + return err + } + digests, err := createDigestField(r.Digests) + if err != nil { + return err + } + digestsField, err := digests.MarshalBinary() + if err != nil { + return err + } + eventField, err := r.Content.MarshalBinary() + if err != nil { + return err + } + _, err = buf.Write(recnumField) + if err != nil { + return err + } + _, err = buf.Write(pcrField) + if err != nil { + return err + } + _, err = buf.Write(digestsField) + if err != nil { + return err + } + _, err = buf.Write(eventField) + if err != nil { + return err + } + return nil +} + +// EncodeCEL encodes the CEL to bytes according to the CEL spec and write them +// to the bytes buffer. +func (c *CEL) EncodeCEL(buf *bytes.Buffer) error { + for _, record := range c.Records { + if err := record.EncodeCELR(buf); err != nil { + return err + } + } + return nil +} + +// DecodeToCEL will read the buf for CEL, will return err if the buffer +// is not complete. +func DecodeToCEL(buf *bytes.Buffer) (CEL, error) { + var cel CEL + for buf.Len() > 0 { + celr, err := DecodeToCELR(buf) + if err == io.EOF { + return CEL{}, fmt.Errorf("buffer ends unexpectedly") + } + if err != nil { + return CEL{}, err + } + cel.Records = append(cel.Records, celr) + } + return cel, nil +} + +// DecodeToCELR will read the buf for the next CELR, will return err if +// failed to unmarshal a correct CELR TLV from the buffer. +func DecodeToCELR(buf *bytes.Buffer) (r Record, err error) { + recnum, err := UnmarshalFirstTLV(buf) + if err != nil { + return Record{}, err + } + r.RecNum, err = unmarshalRecNum(recnum) + if err != nil { + return Record{}, err + } + + pcr, err := UnmarshalFirstTLV(buf) + if err != nil { + return Record{}, err + } + r.PCR, err = unmarshalPCR(pcr) + if err != nil { + return Record{}, err + } + + digests, err := UnmarshalFirstTLV(buf) + if err != nil { + return Record{}, err + } + r.Digests, err = unmarshalDigests(digests) + if err != nil { + return Record{}, err + } + + r.Content, err = UnmarshalFirstTLV(buf) + if err != nil { + return Record{}, err + } + return r, nil +} + +// Replay takes the digests from a Canonical Event Log and carries out the +// extend sequence for each PCR in the log. It then compares the final digests +// against a bank of PCR values to see if they match. +func (c *CEL) Replay(bank *pb.PCRs) error { + tpm2Alg := tpm2.Algorithm(bank.GetHash()) + cryptoHash, err := tpm2Alg.Hash() + if err != nil { + return err + } + replayed := make(map[uint8][]byte) + for _, record := range c.Records { + if _, ok := replayed[record.PCR]; !ok { + replayed[record.PCR] = make([]byte, cryptoHash.Size()) + } + hasher := cryptoHash.New() + digestsMap := record.Digests + digest, ok := digestsMap[cryptoHash] + if !ok { + return fmt.Errorf("the CEL record did not contain a %v digest", cryptoHash) + } + hasher.Write(replayed[record.PCR]) + hasher.Write(digest) + replayed[record.PCR] = hasher.Sum(nil) + } + + var failedReplayPcrs []uint8 + for replayPcr, replayDigest := range replayed { + bankDigest, ok := bank.Pcrs[uint32(replayPcr)] + if !ok { + return fmt.Errorf("the CEL contained record(s) for PCR%d without a matching PCR in the bank to verify", replayPcr) + } + if !bytes.Equal(bankDigest, replayDigest) { + failedReplayPcrs = append(failedReplayPcrs, replayPcr) + } + } + + if len(failedReplayPcrs) == 0 { + return nil + } + + return fmt.Errorf("CEL replay failed for these PCRs in bank %v: %v", cryptoHash, failedReplayPcrs) +} + +// VerifyDigests checks the digest generated by the given record's content to make sure they are equal to +// the digests in the digestMap. +func VerifyDigests(c Content, digestMap map[crypto.Hash][]byte) error { + for hash, digest := range digestMap { + generatedDigest, err := c.GenerateDigest(hash) + if err != nil { + return err + } + if !bytes.Equal(generatedDigest, digest) { + return fmt.Errorf("CEL record content digest verification failed for %s", hash) + } + } + return nil +} diff --git a/vendor/github.com/google/go-tpm-tools/cel/canonical_eventlog_test.go b/vendor/github.com/google/go-tpm-tools/cel/canonical_eventlog_test.go new file mode 100644 index 000000000..b8ed4b831 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/cel/canonical_eventlog_test.go @@ -0,0 +1,173 @@ +package cel + +import ( + "bytes" + "crypto" + "crypto/rand" + "io" + "reflect" + "testing" + + "github.com/google/go-tpm-tools/client" + "github.com/google/go-tpm-tools/internal/test" + pb "github.com/google/go-tpm-tools/proto/tpm" + "github.com/google/go-tpm/tpm2" +) + +func TestCELEncodingDecoding(t *testing.T) { + tpm := test.GetTPM(t) + defer client.CheckedClose(t, tpm) + + hashAlgoList := []crypto.Hash{crypto.SHA256, crypto.SHA1, crypto.SHA512} + cel := &CEL{} + + cosEvent := CosTlv{ImageDigestType, []byte("sha256:781d8dfdd92118436bd914442c8339e653b83f6bf3c1a7a98efcfb7c4fed7483")} + appendOrFatal(t, cel, tpm, test.DebugPCR, hashAlgoList, cosEvent) + + cosEvent2 := CosTlv{ImageRefType, []byte("docker.io/bazel/experimental/test:latest")} + appendOrFatal(t, cel, tpm, test.ApplicationPCR, hashAlgoList, cosEvent2) + + var buf bytes.Buffer + if err := cel.EncodeCEL(&buf); err != nil { + t.Fatal(err) + } + decodedcel, err := DecodeToCEL(&buf) + if err != nil { + t.Fatal(err) + } + if len(decodedcel.Records) != 2 { + t.Errorf("should have two records") + } + if decodedcel.Records[0].RecNum != 0 { + t.Errorf("recnum mismatch") + } + if decodedcel.Records[1].RecNum != 1 { + t.Errorf("recnum mismatch") + } + if decodedcel.Records[0].PCR != uint8(test.DebugPCR) { + t.Errorf("pcr value mismatch") + } + if decodedcel.Records[1].PCR != uint8(test.ApplicationPCR) { + t.Errorf("pcr value mismatch") + } + + if !reflect.DeepEqual(decodedcel.Records, cel.Records) { + t.Errorf("decoded CEL doesn't equal to the original one") + } +} + +func TestCELMeasureAndReplay(t *testing.T) { + tpm := test.GetTPM(t) + defer client.CheckedClose(t, tpm) + + cel := &CEL{} + measuredHashes := []crypto.Hash{crypto.SHA256, crypto.SHA1, crypto.SHA512} + + cosEvent := CosTlv{ImageRefType, []byte("docker.io/bazel/experimental/test:latest")} + someEvent2 := make([]byte, 10) + rand.Read(someEvent2) + cosEvent2 := CosTlv{ImageDigestType, someEvent2} + appendOrFatal(t, cel, tpm, test.DebugPCR, measuredHashes, cosEvent) + appendOrFatal(t, cel, tpm, test.DebugPCR, measuredHashes, cosEvent2) + + appendOrFatal(t, cel, tpm, test.ApplicationPCR, measuredHashes, cosEvent2) + appendOrFatal(t, cel, tpm, test.ApplicationPCR, measuredHashes, cosEvent) + appendOrFatal(t, cel, tpm, test.ApplicationPCR, measuredHashes, cosEvent) + + replay(t, cel, tpm, measuredHashes, + []int{test.DebugPCR, test.ApplicationPCR}, + /*shouldSucceed=*/ true) + // Supersets should pass. + replay(t, cel, tpm, measuredHashes, + []int{0, 13, 14, test.DebugPCR, 22, test.ApplicationPCR}, + /*shouldSucceed=*/ true) +} + +func TestCELReplayFailTamperedDigest(t *testing.T) { + tpm := test.GetTPM(t) + defer client.CheckedClose(t, tpm) + + cel := &CEL{} + measuredHashes := []crypto.Hash{crypto.SHA256, crypto.SHA1, crypto.SHA512} + + cosEvent := CosTlv{ImageRefType, []byte("docker.io/bazel/experimental/test:latest")} + someEvent2 := make([]byte, 10) + + rand.Read(someEvent2) + cosEvent2 := CosTlv{ImageDigestType, someEvent2} + appendOrFatal(t, cel, tpm, test.DebugPCR, measuredHashes, cosEvent) + appendOrFatal(t, cel, tpm, test.DebugPCR, measuredHashes, cosEvent2) + + appendOrFatal(t, cel, tpm, test.ApplicationPCR, measuredHashes, cosEvent2) + appendOrFatal(t, cel, tpm, test.ApplicationPCR, measuredHashes, cosEvent) + appendOrFatal(t, cel, tpm, test.ApplicationPCR, measuredHashes, cosEvent) + + modifiedRecord := cel.Records[3] + for hash := range modifiedRecord.Digests { + newDigest := make([]byte, hash.Size()) + rand.Read(newDigest) + modifiedRecord.Digests[hash] = newDigest + } + replay(t, cel, tpm, measuredHashes, + []int{test.DebugPCR, test.ApplicationPCR}, + /*shouldSucceed=*/ false) +} + +func TestCELReplayEmpty(t *testing.T) { + tpm := test.GetTPM(t) + defer client.CheckedClose(t, tpm) + + cel := &CEL{} + replay(t, cel, tpm, []crypto.Hash{crypto.SHA256, crypto.SHA1, crypto.SHA512}, + []int{test.DebugPCR, test.ApplicationPCR}, + /*shouldSucceed=*/ true) +} + +func TestCELReplayFailMissingPCRsInBank(t *testing.T) { + tpm := test.GetTPM(t) + defer client.CheckedClose(t, tpm) + + cel := &CEL{} + measuredHashes := []crypto.Hash{crypto.SHA256, crypto.SHA1, crypto.SHA512} + + someEvent := make([]byte, 10) + someEvent2 := make([]byte, 10) + rand.Read(someEvent2) + appendOrFatal(t, cel, tpm, test.DebugPCR, measuredHashes, CosTlv{ImageRefType, someEvent}) + appendOrFatal(t, cel, tpm, test.ApplicationPCR, measuredHashes, CosTlv{ImageDigestType, someEvent2}) + replay(t, cel, tpm, measuredHashes, + []int{test.DebugPCR}, + /*shouldSucceed=*/ false) + replay(t, cel, tpm, measuredHashes, + []int{test.ApplicationPCR}, + /*shouldSucceed=*/ false) +} + +func replay(t *testing.T, cel *CEL, tpm io.ReadWriteCloser, measuredHashes []crypto.Hash, pcrs []int, shouldSucceed bool) { + for _, hash := range measuredHashes { + tpm2Hash, err := tpm2.HashToAlgorithm(hash) + if err != nil { + t.Fatal(err) + } + pcrMap, err := tpm2.ReadPCRs(tpm, tpm2.PCRSelection{Hash: tpm2Hash, PCRs: pcrs}) + if err != nil { + t.Fatal(err) + } + pbPcr := &pb.PCRs{Hash: pb.HashAlgo(tpm2Hash), + Pcrs: map[uint32][]byte{}, + } + for index, val := range pcrMap { + pbPcr.Pcrs[uint32(index)] = val + } + if err := cel.Replay(pbPcr); shouldSucceed && err != nil { + t.Errorf("failed to replay CEL on %v bank: %v", + pb.HashAlgo_name[int32(pbPcr.Hash)], err) + } + } +} + +func appendOrFatal(t *testing.T, cel *CEL, tpm io.ReadWriteCloser, pcr int, hashAlgos []crypto.Hash, event Content) { + if err := cel.AppendEvent(tpm, pcr, hashAlgos, event); err != nil { + t.Fatalf("failed to append event: %v", err) + } +} diff --git a/vendor/github.com/google/go-tpm-tools/cel/cos_tlv.go b/vendor/github.com/google/go-tpm-tools/cel/cos_tlv.go new file mode 100644 index 000000000..170026026 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/cel/cos_tlv.go @@ -0,0 +1,120 @@ +package cel + +import ( + "crypto" + "fmt" + "regexp" + "strings" + "unicode/utf8" +) + +const ( + // CosEventType indicate the CELR event is a COS content + // TODO: the value needs to be reserved in the CEL spec + CosEventType uint8 = 80 +) + +// CosType represent a COS content type in a CEL record content. +type CosType uint8 + +// Type for COS nested events +const ( + ImageRefType CosType = iota + ImageDigestType + RestartPolicyType + ImageIDType + ArgType + EnvVarType +) + +// CosTlv is a specific event type created for the COS (Google Container-Optimized OS), +// used as a CEL content. +type CosTlv struct { + EventType CosType + EventContent []byte +} + +// GetTLV returns the TLV representation of the COS TLV. +func (c CosTlv) GetTLV() (TLV, error) { + data, err := TLV{uint8(c.EventType), c.EventContent}.MarshalBinary() + if err != nil { + return TLV{}, err + } + + return TLV{ + Type: CosEventType, + Value: data, + }, nil +} + +// GenerateDigest generates the digest for the given COS TLV. The whole TLV struct will +// be marshaled to bytes and feed into the hash algo. +func (c CosTlv) GenerateDigest(hashAlgo crypto.Hash) ([]byte, error) { + contentTLV, err := c.GetTLV() + if err != nil { + return nil, err + } + + b, err := contentTLV.MarshalBinary() + if err != nil { + return nil, err + } + + hash := hashAlgo.New() + if _, err = hash.Write(b); err != nil { + return nil, err + } + return hash.Sum(nil), nil +} + +// ParseToCosTlv constructs a CosTlv from a TLV. It will check for the correct COS event +// type, and unmarshal the nested event. +func (t TLV) ParseToCosTlv() (CosTlv, error) { + if !t.IsCosTlv() { + return CosTlv{}, fmt.Errorf("TLV type %v is not a COS event", t.Type) + } + nestedEvent := TLV{} + err := nestedEvent.UnmarshalBinary(t.Value) + if err != nil { + return CosTlv{}, err + } + return CosTlv{CosType(nestedEvent.Type), nestedEvent.Value}, nil +} + +// IsCosTlv check whether a TLV is a COS TLV by its Type value. +func (t TLV) IsCosTlv() bool { + return t.Type == CosEventType +} + +// FormatEnvVar takes in an environment variable name and its value, run some checks. Concats +// the name and value by '=' and returns it if valid; returns an error if the name or value +// is invalid. +func FormatEnvVar(name string, value string) (string, error) { + if !utf8.ValidString(name) { + return "", fmt.Errorf("malformed env name, contains non-utf8 character: [%s]", name) + } + if !utf8.ValidString(value) { + return "", fmt.Errorf("malformed env value, contains non-utf8 character: [%s]", value) + } + var envVarNameRegexp = regexp.MustCompile("^[a-zA-Z_][a-zA-Z0-9_]*$") + if !envVarNameRegexp.MatchString(name) { + return "", fmt.Errorf("malformed env name [%s], env name must start with an alpha character or '_', followed by a string of alphanumeric characters or '_' (%s)", name, envVarNameRegexp) + } + return name + "=" + value, nil +} + +// ParseEnvVar takes in environment variable as a string (foo=bar), parses it and returns its name +// and value, or an error if it fails the validation check. +func ParseEnvVar(envvar string) (string, string, error) { + // switch to strings.Cut when upgrading to go 1.18 + e := strings.SplitN(string(envvar), "=", 2) + if len(e) < 2 { + return "", "", fmt.Errorf("malformed env var, doesn't contain '=': [%s]", envvar) + } + + if _, err := FormatEnvVar(e[0], e[1]); err != nil { + return "", "", err + } + + return e[0], e[1], nil +} diff --git a/vendor/github.com/google/go-tpm-tools/cel/cos_tlv_test.go b/vendor/github.com/google/go-tpm-tools/cel/cos_tlv_test.go new file mode 100644 index 000000000..ea612b665 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/cel/cos_tlv_test.go @@ -0,0 +1,124 @@ +package cel + +import ( + "bytes" + "crypto" + "strings" + "testing" + + "github.com/google/go-cmp/cmp" + "github.com/google/go-tpm-tools/client" + "github.com/google/go-tpm-tools/internal/test" + pb "github.com/google/go-tpm-tools/proto/attest" +) + +func TestCosEventlog(t *testing.T) { + tpm := test.GetTPM(t) + defer client.CheckedClose(t, tpm) + + hashAlgoList := []crypto.Hash{crypto.SHA256, crypto.SHA1, crypto.SHA512} + cel := &CEL{} + + testEvents := []struct { + cosNestedEventType CosType + pcr int + eventPayload []byte + }{ + {ImageRefType, test.DebugPCR, []byte("docker.io/bazel/experimental/test:latest")}, + {ImageDigestType, test.DebugPCR, []byte("sha256:781d8dfdd92118436bd914442c8339e653b83f6bf3c1a7a98efcfb7c4fed7483")}, + {RestartPolicyType, test.DebugPCR, []byte(pb.RestartPolicy_Never.String())}, + {ImageIDType, test.DebugPCR, []byte("sha256:5DF4A1AC347DCF8CF5E9D0ABC04B04DB847D1B88D3B1CC1006F0ACB68E5A1F4B")}, + {EnvVarType, test.DebugPCR, []byte("foo=bar")}, + {EnvVarType, test.DebugPCR, []byte("bar=baz")}, + {EnvVarType, test.DebugPCR, []byte("baz=foo=bar")}, + {EnvVarType, test.DebugPCR, []byte("empty=")}, + {ArgType, test.DebugPCR, []byte("--x")}, + {ArgType, test.DebugPCR, []byte("--y")}, + } + + for _, testEvent := range testEvents { + cos := CosTlv{testEvent.cosNestedEventType, testEvent.eventPayload} + if err := cel.AppendEvent(tpm, testEvent.pcr, hashAlgoList, cos); err != nil { + t.Fatal(err.Error()) + } + } + + var buf bytes.Buffer + if err := cel.EncodeCEL(&buf); err != nil { + t.Fatal(err) + } + decodedcel, err := DecodeToCEL(&buf) + if err != nil { + t.Fatal(err) + } + + if len(decodedcel.Records) != 10 { + t.Errorf("should have ten records") + } + + for i, testEvent := range testEvents { + extractedCos, err := decodedcel.Records[i].Content.ParseToCosTlv() + if err != nil { + t.Fatal(err) + } + + want := CosTlv{testEvent.cosNestedEventType, testEvent.eventPayload} + if !cmp.Equal(extractedCos, want) { + t.Errorf("decoded COS TLV got %+v, want %+v", extractedCos, want) + } + } +} + +func TestParseEnvVar(t *testing.T) { + tests := []struct { + testName string + envVar string + envName string + envValue string + expectedErrSubstring string + }{ + {"normal case 1", "foo=bar", "foo", "bar", ""}, + {"normal case 2", "FOO=1", "FOO", "1", ""}, + {"normal case 3", "SESSION_MANAGER=\"`\\local/:@?%/tmp/.u/1,unix/.com:/tmp/.u/5\"", "SESSION_MANAGER", "\"`\\local/:@?%/tmp/.u/1,unix/.com:/tmp/.u/5\"", ""}, + {"no =", "foo", "", "", "malformed env var, doesn't contain '='"}, + {"empty", "", "", "", "malformed env var, doesn't contain '='"}, + {"empty value", "foo=", "foo", "", ""}, + {"multiple =", "foo=bar=baz=", "foo", "bar=baz=", ""}, + {"bad name", "3foo=bar=baz=", "", "", "env name must start with an alpha character or '_'"}, + {"bad name quote", "foo\"=bar=baz=", "", "", "env name must start with an alpha character or '_'"}, + {"empty name", "=bar=baz=", "", "", "env name must start with an alpha character or '_'"}, + {"non utf-8 value", string([]byte{'f', '=', 0xC0, 2, 2, '='}), "", "", "malformed env value, contains non-utf8 character"}, + {"non utf-8 name", string([]byte{'a', 0xC0, 2, 2, '='}), "", "", "malformed env name, contains non-utf8 character"}, + } + + for _, test := range tests { + t.Run(test.testName, func(t *testing.T) { + n, v, err := ParseEnvVar(test.envVar) + + if n != test.envName { + t.Errorf("envName mismatch, want [%s], got [%s]", test.envName, n) + } + if v != test.envValue { + t.Errorf("envValue mismatch, want [%s], got [%s]", test.envValue, v) + } + if test.expectedErrSubstring == "" { + if err != nil { + t.Errorf("expected no error, but got [%s]", err) + } else { + formattedEnvVar, err := FormatEnvVar(test.envName, test.envValue) + if err != nil { + t.Errorf("expected no error, but got [%s]", err) + } else if formattedEnvVar != test.envVar { + t.Errorf("formattedEnvVar mismatch, want [%s], got [%s]", test.envVar, formattedEnvVar) + } + } + } else { + if err == nil { + t.Errorf("expected error substring [%s], but got no error", test.expectedErrSubstring) + } else if !strings.Contains(err.Error(), test.expectedErrSubstring) { + t.Errorf("expected error substring [%s], but got [%v]", test.expectedErrSubstring, err) + } + } + }) + } +} diff --git a/vendor/github.com/google/go-tpm-tools/client/attest.go b/vendor/github.com/google/go-tpm-tools/client/attest.go new file mode 100644 index 000000000..46a86c958 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/client/attest.go @@ -0,0 +1,66 @@ +package client + +import ( + "fmt" + + pb "github.com/google/go-tpm-tools/proto/attest" +) + +// AttestOpts allows for customizing the functionality of Attest. +type AttestOpts struct { + // A unique, application-specific nonce used to guarantee freshness of the + // attestation. This must not be empty, and should generally be long enough + // to make brute force attacks infeasible. + // + // For security reasons, applications should not allow for attesting with + // arbitrary, externally-provided nonces. The nonce should be prefixed or + // otherwise bound (i.e. via a KDF) to application-specific data. For more + // information on why this is an issue, see this paper on robust remote + // attestation protocols: + // https://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.70.4562&rep=rep1&type=pdf + Nonce []byte + // TCG Canonical Event Log to add to the attestation. + // Currently, we only support PCR replay for PCRs orthogonal to those in the + // firmware event log, where PCRs 0-9 and 14 are often measured. If the two + // logs overlap, server-side verification using this library may fail. + CanonicalEventLog []byte +} + +// Attest generates an Attestation containing the TCG Event Log and a Quote over +// all PCR banks. The provided nonce can be used to guarantee freshness of the +// attestation. This function will return an error if the key is not a +// restricted signing key. +// +// AttestOpts is used for additional configuration of the Attestation process. +// This is primarily used to pass the attestation's nonce: +// +// attestation, err := key.Attest(client.AttestOpts{Nonce: my_nonce}) +func (k *Key) Attest(opts AttestOpts) (*pb.Attestation, error) { + if len(opts.Nonce) == 0 { + return nil, fmt.Errorf("provided nonce must not be empty") + } + sels, err := implementedPCRs(k.rw) + if err != nil { + return nil, err + } + + attestation := pb.Attestation{} + if attestation.AkPub, err = k.PublicArea().Encode(); err != nil { + return nil, fmt.Errorf("failed to encode public area: %w", err) + } + attestation.AkCert = k.CertDERBytes() + for _, sel := range sels { + quote, err := k.Quote(sel, opts.Nonce) + if err != nil { + return nil, err + } + attestation.Quotes = append(attestation.Quotes, quote) + } + if attestation.EventLog, err = GetEventLog(k.rw); err != nil { + return nil, fmt.Errorf("failed to retrieve TCG Event Log: %w", err) + } + if len(opts.CanonicalEventLog) != 0 { + attestation.CanonicalEventLog = opts.CanonicalEventLog + } + return &attestation, nil +} diff --git a/vendor/github.com/google/go-tpm-tools/client/close.go b/vendor/github.com/google/go-tpm-tools/client/close.go new file mode 100644 index 000000000..31700c33c --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/client/close.go @@ -0,0 +1,29 @@ +package client + +import ( + "io" + "testing" + + "github.com/google/go-tpm/tpm2" +) + +// CheckedClose closes the simulator and asserts that there were no leaked handles. +func CheckedClose(tb testing.TB, rwc io.ReadWriteCloser) { + for _, t := range []tpm2.HandleType{ + tpm2.HandleTypeLoadedSession, + tpm2.HandleTypeSavedSession, + tpm2.HandleTypeTransient, + } { + handles, err := Handles(rwc, t) + if err != nil { + tb.Errorf("failed to fetch handles of type %v: %v", t, err) + } + if len(handles) != 0 { + tb.Errorf("tests leaked handles: %v", handles) + } + } + + if err := rwc.Close(); err != nil { + tb.Errorf("when closing simulator: %v", err) + } +} diff --git a/vendor/github.com/google/go-tpm-tools/client/eventlog.go b/vendor/github.com/google/go-tpm-tools/client/eventlog.go new file mode 100644 index 000000000..9c74e0bba --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/client/eventlog.go @@ -0,0 +1,19 @@ +package client + +import "io" + +// GetEventLog grabs the crypto-agile TCG event log for the system. The TPM can +// override this implementation by implementing EventLogGetter. +func GetEventLog(rw io.ReadWriter) ([]byte, error) { + if elg, ok := rw.(EventLogGetter); ok { + return elg.EventLog() + } + return getRealEventLog() +} + +// EventLogGetter allows a TPM (io.ReadWriter) to specify a particular +// implementation for GetEventLog(). This is useful for testing and necessary +// for Windows Event Log support (which requires a handle to the TPM). +type EventLogGetter interface { + EventLog() ([]byte, error) +} diff --git a/vendor/github.com/google/go-tpm-tools/client/eventlog_linux.go b/vendor/github.com/google/go-tpm-tools/client/eventlog_linux.go new file mode 100644 index 000000000..357ca08f0 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/client/eventlog_linux.go @@ -0,0 +1,9 @@ +package client + +import ( + "io/ioutil" +) + +func getRealEventLog() ([]byte, error) { + return ioutil.ReadFile("/sys/kernel/security/tpm0/binary_bios_measurements") +} diff --git a/vendor/github.com/google/go-tpm-tools/client/eventlog_other.go b/vendor/github.com/google/go-tpm-tools/client/eventlog_other.go new file mode 100644 index 000000000..c6e7960c1 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/client/eventlog_other.go @@ -0,0 +1,10 @@ +//go:build !linux +// +build !linux + +package client + +import "errors" + +func getRealEventLog() ([]byte, error) { + return nil, errors.New("failed to get event log: only Linux supported") +} diff --git a/vendor/github.com/google/go-tpm-tools/client/example_test.go b/vendor/github.com/google/go-tpm-tools/client/example_test.go new file mode 100644 index 000000000..30ad1ee15 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/client/example_test.go @@ -0,0 +1,274 @@ +package client_test + +import ( + "crypto" + "crypto/ecdsa" + "crypto/rand" + "fmt" + "io" + "log" + + "github.com/google/go-tpm-tools/client" + "github.com/google/go-tpm-tools/internal" + "github.com/google/go-tpm-tools/server" + "github.com/google/go-tpm-tools/simulator" + "github.com/google/go-tpm/tpm2" +) + +var tpmHashAlg = tpm2.AlgSHA256 +var hashAlg = crypto.SHA256 + +func ExampleKey_Quote() { + // On verifier, make the nonce. + nonce := make([]byte, 8) + + if _, err := io.ReadFull(rand.Reader, nonce); err != nil { + log.Fatalf("failed to create nonce: %v", err) + } + + // On client machine, generate the TPM quote. + // TODO: use real TPM. + simulator, err := simulator.Get() + if err != nil { + log.Fatalf("failed to initialize simulator: %v", err) + } + defer simulator.Close() + + ak, err := client.AttestationKeyECC(simulator) + if err != nil { + log.Fatalf("failed to create attestation key: %v", err) + } + defer ak.Close() + + pcr7 := tpm2.PCRSelection{ + Hash: tpm2.AlgSHA256, + PCRs: []int{7}, + } + + quote, err := ak.Quote(pcr7, nonce) + if err != nil { + log.Fatalf("failed to create quote: %v", err) + } + + // On verifier, verify the quote against a stored public key/AK + // certificate's public part and the nonce passed. + if err := internal.VerifyQuote(quote, ak.PublicKey(), nonce); err != nil { + // TODO: handle verify error. + log.Fatalf("failed to verify quote: %v", err) + } + // Output: +} +func ExampleKey_Import_eK() { + // On client machine, EK should already exist. + // TODO: use real TPM. + simulator, err := simulator.Get() + if err != nil { + log.Fatalf("failed to initialize simulator: %v", err) + } + defer simulator.Close() + + ek, err := client.EndorsementKeyECC(simulator) + if err != nil { + log.Fatalf("failed to create endorsement key: %v", err) + } + + // Pass EK pub to remote server, typically via an EK cert. + // The server can then associate the EK public to the corresponding client. + + // Data to seal to EK public. + secret := []byte("secret data") + + // ek.PublicKey already verified using the manufacturer-signed EK cert. + importBlob, err := server.CreateImportBlob(ek.PublicKey(), secret, nil) + if err != nil { + log.Fatalf("failed to create import blob: %v", err) + } + + // On client, import the EK. + output, err := ek.Import(importBlob) + if err != nil { + // TODO: handle import failure. + log.Fatalf("failed to import blob: %v", err) + } + + fmt.Println(string(output)) + // TODO: use output of ek.Import. + // Output: secret data +} + +func ExampleKey_Attest() { + // On verifier, make the nonce. + nonce := make([]byte, 8) + + if _, err := io.ReadFull(rand.Reader, nonce); err != nil { + log.Fatalf("failed to create nonce: %v", err) + } + + // On client machine, generate the TPM quote. + // TODO: use real TPM. + simulator, err := simulator.Get() + if err != nil { + log.Fatalf("failed to initialize simulator: %v", err) + } + defer simulator.Close() + + ak, err := client.AttestationKeyECC(simulator) + if err != nil { + log.Fatalf("failed to create attestation key: %v", err) + } + defer ak.Close() + + attestation, err := ak.Attest(client.AttestOpts{Nonce: nonce}) + if err != nil { + log.Fatalf("failed to attest: %v", err) + } + + // TODO: establish trust in the AK (typically via an AK certificate signed + // by the manufacturer). + // On verifier, verify the Attestation message. This: + // - checks the quote(s) against a stored public key/AK + // certificate's public part and the expected nonce. + // - replays the event log against the quoted PCRs + // - extracts events into a MachineState message. + // TODO: decide which hash algorithm to use in the quotes. SHA1 is + // typically undesirable but is the only event log option on some distros. + _, err = server.VerifyAttestation(attestation, server.VerifyOpts{Nonce: nonce, TrustedAKs: []crypto.PublicKey{ak.PublicKey()}}) + if err != nil { + // TODO: handle parsing or replay error. + log.Fatalf("failed to read PCRs: %v", err) + } + fmt.Println(attestation) + // TODO: use events output of ParseMachineState. +} + +func Example_sealAndUnseal() { + // TODO: use real TPM. + simulator, err := simulator.Get() + if err != nil { + log.Fatalf("failed to initialize simulator: %v", err) + } + defer simulator.Close() + + srk, err := client.StorageRootKeyECC(simulator) + if err != nil { + log.Fatalf("failed to create storage root key: %v", err) + } + + sealedSecret := []byte("secret password") + + sel := tpm2.PCRSelection{Hash: tpm2.AlgSHA256, PCRs: []int{7}} + // Seal the data to the current value of PCR7. + sealedBlob, err := srk.Seal([]byte(sealedSecret), client.SealOpts{Current: sel}) + if err != nil { + log.Fatalf("failed to seal to SRK: %v", err) + } + + // Validate by unsealing the sealed blob. Because it is possible that a TPM can seal a secret + // properly but fail to certify it (thus we shouldn't unseal it because the creation status + // cannot be verify). This ensures we can unseal the sealed blob, and that its contents are + // equal to what we sealed. + output, err := srk.Unseal(sealedBlob, client.UnsealOpts{CertifyCurrent: sel}) + if err != nil { + // TODO: handle unseal error. + log.Fatalf("failed to unseal blob: %v", err) + } + // TODO: use unseal output. + fmt.Println(string(output)) + // Output: secret password +} + +func ExampleKey_GetSigner() { + // TODO: use real TPM. + simulator, err := simulator.Get() + if err != nil { + log.Fatalf("failed to initialize simulator: %v", err) + } + defer simulator.Close() + + exampleECCSignerTemplate := tpm2.Public{ + Type: tpm2.AlgECC, + NameAlg: tpm2.AlgSHA256, + Attributes: tpm2.FlagSign | tpm2.FlagFixedTPM | + tpm2.FlagFixedParent | tpm2.FlagSensitiveDataOrigin | tpm2.FlagUserWithAuth, + ECCParameters: &tpm2.ECCParams{ + CurveID: tpm2.CurveNISTP256, + Sign: &tpm2.SigScheme{ + Alg: tpm2.AlgECDSA, + Hash: tpmHashAlg, + }, + }, + } + key, err := client.NewKey(simulator, tpm2.HandleOwner, exampleECCSignerTemplate) + if err != nil { + log.Fatalf("failed to create signing key: %v", err) + } + defer key.Close() + + toSign := []byte("message to sign") + hash := hashAlg.New() + hash.Write(toSign) + digest := hash.Sum(nil) + + cryptoSigner, err := key.GetSigner() + if err != nil { + log.Fatalf("failed to create crypto signer: %v", err) + } + sig, err := cryptoSigner.Sign(nil, digest, hashAlg) + if err != nil { + log.Fatalf("failed to sign: %v", err) + } + + // Verifier needs to establish trust in signer.Public() (via a certificate, + // TPM2_ActivateCredential, TPM2_Certify). + if !ecdsa.VerifyASN1(cryptoSigner.Public().(*ecdsa.PublicKey), digest, sig) { + // TODO: handle signature verification failure. + log.Fatal("failed to verify digest") + } + // Output: +} + +func ExampleKey_SignData() { + // TODO: use real TPM. + simulator, err := simulator.Get() + if err != nil { + log.Fatalf("failed to initialize simulator: %v", err) + } + defer simulator.Close() + + exampleECCSignerTemplate := tpm2.Public{ + Type: tpm2.AlgECC, + NameAlg: tpm2.AlgSHA256, + Attributes: tpm2.FlagSign | tpm2.FlagFixedTPM | + tpm2.FlagFixedParent | tpm2.FlagSensitiveDataOrigin | tpm2.FlagUserWithAuth, + ECCParameters: &tpm2.ECCParams{ + CurveID: tpm2.CurveNISTP256, + Sign: &tpm2.SigScheme{ + Alg: tpm2.AlgECDSA, + Hash: tpmHashAlg, + }, + }, + } + key, err := client.NewKey(simulator, tpm2.HandleOwner, exampleECCSignerTemplate) + if err != nil { + log.Fatalf("failed to create signing key: %v", err) + } + defer key.Close() + + toSign := []byte("message to sign") + hash := hashAlg.New() + hash.Write(toSign) + digest := hash.Sum(nil) + + sig, err := key.SignData(toSign) + if err != nil { + log.Fatalf("failed to sign data: %v", err) + } + + // Verifier needs to establish trust in signer.Public() (via a certificate, + // TPM2_ActivateCredential, TPM2_Certify). + if !ecdsa.VerifyASN1(key.PublicKey().(*ecdsa.PublicKey), digest, sig) { + // TODO: handle signature verification failure. + log.Fatal("failed to verify digest") + } + // Output: +} diff --git a/vendor/github.com/google/go-tpm-tools/client/handles.go b/vendor/github.com/google/go-tpm-tools/client/handles.go new file mode 100644 index 000000000..b2bb3ea25 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/client/handles.go @@ -0,0 +1,72 @@ +package client + +import ( + "fmt" + "io" + "math" + + "github.com/google/go-tpm/tpm2" + "github.com/google/go-tpm/tpmutil" +) + +// Reserved Handles from "TCG TPM v2.0 Provisioning Guidance" - v1r1 - Table 2 +const ( + EKReservedHandle = tpmutil.Handle(0x81010001) + EKECCReservedHandle = tpmutil.Handle(0x81010002) + SRKReservedHandle = tpmutil.Handle(0x81000001) + SRKECCReservedHandle = tpmutil.Handle(0x81000002) +) + +// From "TCG EK Credential Profile", v2.3r2 Section 2.2.1.4 +const ( + // RSA 2048 EK Cert. + EKCertNVIndexRSA uint32 = 0x01c00002 + // ECC P256 EK Cert. + EKCertNVIndexECC uint32 = 0x01c0000a +) + +// Picked available handles from TPM 2.0 Handles and Localities 2.3.1 - Table 11 +// go-tpm-tools will use handles in the range from 0x81008F00 to 0x81008FFF +const ( + DefaultAKECCHandle = tpmutil.Handle(0x81008F00) + DefaultAKRSAHandle = tpmutil.Handle(0x81008F01) +) + +// GCE Attestation Key NV Indices +const ( + // RSA 2048 AK. + GceAKCertNVIndexRSA uint32 = 0x01c10000 + GceAKTemplateNVIndexRSA uint32 = 0x01c10001 + // ECC P256 AK. + GceAKCertNVIndexECC uint32 = 0x01c10002 + GceAKTemplateNVIndexECC uint32 = 0x01c10003 +) + +func isHierarchy(h tpmutil.Handle) bool { + return h == tpm2.HandleOwner || h == tpm2.HandleEndorsement || + h == tpm2.HandlePlatform || h == tpm2.HandleNull +} + +// Handles returns a slice of tpmutil.Handle objects of all handles within +// the TPM rw of type handleType. +func Handles(rw io.ReadWriter, handleType tpm2.HandleType) ([]tpmutil.Handle, error) { + // Handle type is determined by the most-significant octet (MSO) of the property. + property := uint32(handleType) << 24 + + vals, moreData, err := tpm2.GetCapability(rw, tpm2.CapabilityHandles, math.MaxUint32, property) + if err != nil { + return nil, err + } + if moreData { + return nil, fmt.Errorf("tpm2.GetCapability() should never return moreData==true for tpm2.CapabilityHandles") + } + handles := make([]tpmutil.Handle, len(vals)) + for i, v := range vals { + handle, ok := v.(tpmutil.Handle) + if !ok { + return nil, fmt.Errorf("unable to assert type tpmutil.Handle of value %#v", v) + } + handles[i] = handle + } + return handles, nil +} diff --git a/vendor/github.com/google/go-tpm-tools/client/handles_test.go b/vendor/github.com/google/go-tpm-tools/client/handles_test.go new file mode 100644 index 000000000..904e0a78a --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/client/handles_test.go @@ -0,0 +1,41 @@ +package client_test + +import ( + "reflect" + "testing" + + "github.com/google/go-tpm-tools/client" + "github.com/google/go-tpm-tools/internal/test" + "github.com/google/go-tpm/tpm2" + "github.com/google/go-tpm/tpmutil" +) + +const ( + // Maximum number of handles to keys tests can create within a simulator. + maxHandles = 3 +) + +func TestHandles(t *testing.T) { + rwc := test.GetTPM(t) + defer client.CheckedClose(t, rwc) + + expected := make([]tpmutil.Handle, 0) + for i := 0; i < maxHandles; i++ { + expected = append(expected, test.LoadRandomExternalKey(t, rwc)) + + handles, err := client.Handles(rwc, tpm2.HandleTypeTransient) + if err != nil { + t.Fatal(err) + } + if !reflect.DeepEqual(handles, expected) { + t.Errorf("Handles mismatch got: %v; want: %v", handles, expected) + } + } + + // Don't leak our handles + for _, handle := range expected { + if err := tpm2.FlushContext(rwc, handle); err != nil { + t.Error(err) + } + } +} diff --git a/vendor/github.com/google/go-tpm-tools/client/import.go b/vendor/github.com/google/go-tpm-tools/client/import.go new file mode 100644 index 000000000..72f796c36 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/client/import.go @@ -0,0 +1,83 @@ +package client + +import ( + "fmt" + + "github.com/google/go-tpm-tools/internal" + pb "github.com/google/go-tpm-tools/proto/tpm" + "github.com/google/go-tpm/tpm2" + "github.com/google/go-tpm/tpmutil" +) + +func loadHandle(k *Key, blob *pb.ImportBlob) (tpmutil.Handle, error) { + auth, err := k.session.Auth() + if err != nil { + return tpm2.HandleNull, err + } + private, err := tpm2.Import(k.rw, k.Handle(), auth, blob.PublicArea, blob.Duplicate, blob.EncryptedSeed, nil, nil) + if err != nil { + return tpm2.HandleNull, fmt.Errorf("import failed: %w", err) + } + + auth, err = k.session.Auth() + if err != nil { + return tpm2.HandleNull, err + } + handle, _, err := tpm2.LoadUsingAuth(k.rw, k.Handle(), auth, blob.PublicArea, private) + if err != nil { + return tpm2.HandleNull, fmt.Errorf("load failed: %w", err) + } + return handle, nil +} + +// Import decrypts the secret contained in an encoded import request. +// The key used must be an encryption key (signing keys cannot be used). +// The req parameter should come from server.CreateImportBlob. +func (k *Key) Import(blob *pb.ImportBlob) ([]byte, error) { + handle, err := loadHandle(k, blob) + if err != nil { + return nil, err + } + defer tpm2.FlushContext(k.rw, handle) + + unsealSession, err := newPCRSession(k.rw, internal.PCRSelection(blob.Pcrs)) + if err != nil { + return nil, err + } + defer unsealSession.Close() + + auth, err := unsealSession.Auth() + if err != nil { + return nil, err + } + out, err := tpm2.UnsealWithSession(k.rw, auth.Session, handle, "") + if err != nil { + return nil, fmt.Errorf("unseal failed: %w", err) + } + return out, nil +} + +// ImportSigningKey returns the signing key contained in an encoded import request. +// The parent key must be an encryption key (signing keys cannot be used). +// The req parameter should come from server.CreateSigningKeyImportBlob. +func (k *Key) ImportSigningKey(blob *pb.ImportBlob) (key *Key, err error) { + handle, err := loadHandle(k, blob) + if err != nil { + return nil, err + } + key = &Key{rw: k.rw, handle: handle} + + defer func() { + if err != nil { + key.Close() + } + }() + + if key.pubArea, _, _, err = tpm2.ReadPublic(k.rw, handle); err != nil { + return + } + if key.session, err = newPCRSession(k.rw, internal.PCRSelection(blob.Pcrs)); err != nil { + return + } + return key, key.finish() +} diff --git a/vendor/github.com/google/go-tpm-tools/client/keys.go b/vendor/github.com/google/go-tpm-tools/client/keys.go new file mode 100644 index 000000000..1da8b7119 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/client/keys.go @@ -0,0 +1,481 @@ +// Package client contains some high-level TPM 2.0 functions. +package client + +import ( + "bytes" + "crypto" + "crypto/subtle" + "crypto/x509" + "fmt" + "io" + + "github.com/google/go-tpm-tools/internal" + pb "github.com/google/go-tpm-tools/proto/tpm" + "github.com/google/go-tpm/tpm2" + "github.com/google/go-tpm/tpmutil" +) + +// Key wraps an active asymmetric TPM2 key. This can either be a signing key or +// an encryption key. Users of Key should be sure to call Close() when the Key +// is no longer needed, so that the underlying TPM handle can be freed. +type Key struct { + rw io.ReadWriter + handle tpmutil.Handle + pubArea tpm2.Public + pubKey crypto.PublicKey + name tpm2.Name + session session + cert *x509.Certificate +} + +// EndorsementKeyRSA generates and loads a key from DefaultEKTemplateRSA. +func EndorsementKeyRSA(rw io.ReadWriter) (*Key, error) { + ekRsa, err := NewCachedKey(rw, tpm2.HandleEndorsement, DefaultEKTemplateRSA(), EKReservedHandle) + if err != nil { + return nil, err + } + // Error ignored, because not all TPMs will have an EK. + ekRsa.cert, _ = getCertificateFromNvram(rw, EKCertNVIndexRSA) + return ekRsa, nil +} + +// EndorsementKeyECC generates and loads a key from DefaultEKTemplateECC. +func EndorsementKeyECC(rw io.ReadWriter) (*Key, error) { + ekEcc, err := NewCachedKey(rw, tpm2.HandleEndorsement, DefaultEKTemplateECC(), EKECCReservedHandle) + if err != nil { + return nil, err + } + // Error ignored, because not all TPMs will have an EK. + ekEcc.cert, _ = getCertificateFromNvram(rw, EKCertNVIndexECC) + return ekEcc, nil +} + +// StorageRootKeyRSA generates and loads a key from SRKTemplateRSA. +func StorageRootKeyRSA(rw io.ReadWriter) (*Key, error) { + return NewCachedKey(rw, tpm2.HandleOwner, SRKTemplateRSA(), SRKReservedHandle) +} + +// StorageRootKeyECC generates and loads a key from SRKTemplateECC. +func StorageRootKeyECC(rw io.ReadWriter) (*Key, error) { + return NewCachedKey(rw, tpm2.HandleOwner, SRKTemplateECC(), SRKECCReservedHandle) +} + +// AttestationKeyRSA generates and loads a key from AKTemplateRSA in the Owner hierarchy. +func AttestationKeyRSA(rw io.ReadWriter) (*Key, error) { + return NewCachedKey(rw, tpm2.HandleOwner, AKTemplateRSA(), DefaultAKRSAHandle) +} + +// AttestationKeyECC generates and loads a key from AKTemplateECC in the Owner hierarchy. +func AttestationKeyECC(rw io.ReadWriter) (*Key, error) { + return NewCachedKey(rw, tpm2.HandleOwner, AKTemplateECC(), DefaultAKECCHandle) +} + +// EndorsementKeyFromNvIndex generates and loads an endorsement key using the +// template stored at the provided nvdata index. This is useful for TPMs which +// have a preinstalled AK template. +func EndorsementKeyFromNvIndex(rw io.ReadWriter, idx uint32) (*Key, error) { + return KeyFromNvIndex(rw, tpm2.HandleEndorsement, idx) +} + +// GceAttestationKeyRSA generates and loads the GCE RSA AK. Note that this +// function will only work on a GCE VM. Unlike AttestationKeyRSA, this key uses +// the Endorsement Hierarchy and its template loaded from GceAKTemplateNVIndexRSA. +func GceAttestationKeyRSA(rw io.ReadWriter) (*Key, error) { + akRsa, err := EndorsementKeyFromNvIndex(rw, GceAKTemplateNVIndexRSA) + if err != nil { + return nil, err + } + // Error ignored, because not all GCE instances will have an AK cert. + akRsa.cert, _ = getCertificateFromNvram(rw, GceAKCertNVIndexRSA) + return akRsa, nil +} + +// GceAttestationKeyECC generates and loads the GCE ECC AK. Note that this +// function will only work on a GCE VM. Unlike AttestationKeyECC, this key uses +// the Endorsement Hierarchy and its template loaded from GceAKTemplateNVIndexECC. +func GceAttestationKeyECC(rw io.ReadWriter) (*Key, error) { + akEcc, err := EndorsementKeyFromNvIndex(rw, GceAKTemplateNVIndexECC) + if err != nil { + return nil, err + } + // Error ignored, because not all GCE instances will have an AK cert. + akEcc.cert, _ = getCertificateFromNvram(rw, GceAKCertNVIndexECC) + return akEcc, nil +} + +// KeyFromNvIndex generates and loads a key under the provided parent +// (possibly a hierarchy root tpm2.Handle{Owner|Endorsement|Platform|Null}) +// using the template stored at the provided nvdata index. +func KeyFromNvIndex(rw io.ReadWriter, parent tpmutil.Handle, idx uint32) (*Key, error) { + data, err := tpm2.NVReadEx(rw, tpmutil.Handle(idx), tpm2.HandleOwner, "", 0) + if err != nil { + return nil, fmt.Errorf("read error at index %d: %w", idx, err) + } + template, err := tpm2.DecodePublic(data) + if err != nil { + return nil, fmt.Errorf("index %d data was not a TPM key template: %w", idx, err) + } + return NewKey(rw, parent, template) +} + +// NewCachedKey is almost identical to NewKey, except that it initially tries to +// see if the a key matching the provided template is at cachedHandle. If so, +// that key is returned. If not, the key is created as in NewKey, and that key +// is persisted to the cachedHandle, overwriting any existing key there. +func NewCachedKey(rw io.ReadWriter, parent tpmutil.Handle, template tpm2.Public, cachedHandle tpmutil.Handle) (k *Key, err error) { + owner := tpm2.HandleOwner + if parent == tpm2.HandlePlatform { + owner = tpm2.HandlePlatform + } else if parent == tpm2.HandleNull { + return nil, fmt.Errorf("cannot cache objects in the null hierarchy") + } + + cachedPub, _, _, err := tpm2.ReadPublic(rw, cachedHandle) + if err == nil { + if cachedPub.MatchesTemplate(template) { + k = &Key{rw: rw, handle: cachedHandle, pubArea: cachedPub} + return k, k.finish() + } + // Kick out old cached key if it does not match + if err = tpm2.EvictControl(rw, "", owner, cachedHandle, cachedHandle); err != nil { + return nil, err + } + } + + k, err = NewKey(rw, parent, template) + if err != nil { + return nil, err + } + defer tpm2.FlushContext(rw, k.handle) + + if err = tpm2.EvictControl(rw, "", owner, k.handle, cachedHandle); err != nil { + return nil, err + } + k.handle = cachedHandle + return k, nil +} + +// NewKey generates a key from the template and loads that key into the TPM +// under the specified parent. NewKey can call many different TPM commands: +// - If parent is tpm2.Handle{Owner|Endorsement|Platform|Null} a primary key +// is created in the specified hierarchy (using CreatePrimary). +// - If parent is a valid key handle, a normal key object is created under +// that parent (using Create and Load). NOTE: Not yet supported. +// This function also assumes that the desired key: +// - Does not have its usage locked to specific PCR values +// - Usable with empty authorization sessions (i.e. doesn't need a password) +func NewKey(rw io.ReadWriter, parent tpmutil.Handle, template tpm2.Public) (k *Key, err error) { + if !isHierarchy(parent) { + // TODO add support for normal objects with Create() and Load() + return nil, fmt.Errorf("unsupported parent handle: %x", parent) + } + + handle, pubArea, _, _, _, _, err := + tpm2.CreatePrimaryEx(rw, parent, tpm2.PCRSelection{}, "", "", template) + if err != nil { + return nil, err + } + defer func() { + if err != nil { + tpm2.FlushContext(rw, handle) + } + }() + + k = &Key{rw: rw, handle: handle} + if k.pubArea, err = tpm2.DecodePublic(pubArea); err != nil { + return + } + return k, k.finish() +} + +func (k *Key) finish() error { + var err error + if k.pubKey, err = k.pubArea.Key(); err != nil { + return err + } + if k.name, err = k.pubArea.Name(); err != nil { + return err + } + // We determine the right type of session based on the auth policy + if k.session == nil { + if bytes.Equal(k.pubArea.AuthPolicy, defaultEKAuthPolicy()) { + if k.session, err = newEKSession(k.rw); err != nil { + return err + } + } else if len(k.pubArea.AuthPolicy) == 0 { + k.session = nullSession{} + } else { + return fmt.Errorf("unknown auth policy when creating key") + } + } + return nil +} + +// Handle allows this key to be used directly with other go-tpm commands. +func (k *Key) Handle() tpmutil.Handle { + return k.handle +} + +// Name is hash of this key's public area. Only the Digest field will ever be +// populated. It is useful for various TPM commands related to authorization. +// This is equivalent to k.PublicArea.Name(), except that is cannot fail. +func (k *Key) Name() tpm2.Name { + return k.name +} + +// PublicArea exposes the key's entire public area. This is useful for +// determining additional properties of the underlying TPM key. +func (k *Key) PublicArea() tpm2.Public { + return k.pubArea +} + +// PublicKey provides a go interface to the loaded key's public area. +func (k *Key) PublicKey() crypto.PublicKey { + return k.pubKey +} + +// Close should be called when the key is no longer needed. This is important to +// do as most TPMs can only have a small number of key simultaneously loaded. +func (k *Key) Close() { + if k.session != nil { + k.session.Close() + } + tpm2.FlushContext(k.rw, k.handle) +} + +// Seal seals the sensitive byte buffer to a key. This key must be an SRK (we +// currently do not support sealing to EKs). Optionally, the SealOpts struct can +// be modified to provide sealed-to PCRs. In this case, the sensitive data can +// only be unsealed if the seal-time PCRs are in the SealOpts-specified state. +// There must not be overlap in PCRs between SealOpts' Current and Target. +// During the sealing process, certification data will be created allowing +// Unseal() to validate the state of the TPM during the sealing process. +func (k *Key) Seal(sensitive []byte, opts SealOpts) (*pb.SealedBytes, error) { + var pcrs *pb.PCRs + var err error + var auth []byte + + pcrs, err = mergePCRSelAndProto(k.rw, opts.Current, opts.Target) + if err != nil { + return nil, fmt.Errorf("invalid SealOpts: %v", err) + } + if len(pcrs.GetPcrs()) > 0 { + auth = internal.PCRSessionAuth(pcrs, SessionHashAlg) + } + certifySel := FullPcrSel(CertifyHashAlgTpm) + sb, err := sealHelper(k.rw, k.Handle(), auth, sensitive, certifySel) + if err != nil { + return nil, err + } + + for pcrNum := range pcrs.GetPcrs() { + sb.Pcrs = append(sb.Pcrs, pcrNum) + } + sb.Hash = pcrs.GetHash() + sb.Srk = pb.ObjectType(k.pubArea.Type) + return sb, nil +} + +func sealHelper(rw io.ReadWriter, parentHandle tpmutil.Handle, auth []byte, sensitive []byte, certifyPCRsSel tpm2.PCRSelection) (*pb.SealedBytes, error) { + inPublic := tpm2.Public{ + Type: tpm2.AlgKeyedHash, + NameAlg: SessionHashAlgTpm, + Attributes: tpm2.FlagFixedTPM | tpm2.FlagFixedParent, + AuthPolicy: auth, + } + if auth == nil { + inPublic.Attributes |= tpm2.FlagUserWithAuth + } else { + inPublic.Attributes |= tpm2.FlagAdminWithPolicy + } + + priv, pub, creationData, _, ticket, err := tpm2.CreateKeyWithSensitive(rw, parentHandle, certifyPCRsSel, "", "", inPublic, sensitive) + if err != nil { + return nil, fmt.Errorf("failed to create key: %w", err) + } + certifiedPcr, err := ReadPCRs(rw, certifyPCRsSel) + if err != nil { + return nil, fmt.Errorf("failed to read PCRs: %w", err) + } + computedDigest := internal.PCRDigest(certifiedPcr, SessionHashAlg) + + decodedCreationData, err := tpm2.DecodeCreationData(creationData) + if err != nil { + return nil, fmt.Errorf("failed to decode creation data: %w", err) + } + + // make sure PCRs haven't being altered after sealing + if subtle.ConstantTimeCompare(computedDigest, decodedCreationData.PCRDigest) == 0 { + return nil, fmt.Errorf("PCRs have been modified after sealing") + } + + sb := &pb.SealedBytes{} + sb.CertifiedPcrs = certifiedPcr + sb.Priv = priv + sb.Pub = pub + sb.CreationData = creationData + if sb.Ticket, err = tpmutil.Pack(ticket); err != nil { + return nil, err + } + return sb, nil +} + +// Unseal attempts to reverse the process of Seal(), using the PCRs, public, and +// private data in proto.SealedBytes. Optionally, the UnsealOpts parameter can +// be used to verify the state of the TPM when the data was sealed. The +// zero-value UnsealOpts can be passed to skip certification. +func (k *Key) Unseal(in *pb.SealedBytes, opts UnsealOpts) ([]byte, error) { + if in.Srk != pb.ObjectType(k.pubArea.Type) { + return nil, fmt.Errorf("expected key of type %v, got %v", in.Srk, k.pubArea.Type) + } + sealed, _, err := tpm2.Load( + k.rw, + k.Handle(), + /*parentPassword=*/ "", + in.GetPub(), + in.GetPriv()) + if err != nil { + return nil, fmt.Errorf("failed to load sealed object: %w", err) + } + defer tpm2.FlushContext(k.rw, sealed) + + pcrs, err := mergePCRSelAndProto(k.rw, opts.CertifyCurrent, opts.CertifyExpected) + if err != nil { + return nil, fmt.Errorf("invalid UnsealOpts: %v", err) + } + if len(pcrs.GetPcrs()) > 0 { + if err := internal.CheckSubset(pcrs, in.GetCertifiedPcrs()); err != nil { + return nil, fmt.Errorf("failed to certify PCRs: %w", err) + } + + var ticket tpm2.Ticket + if _, err = tpmutil.Unpack(in.GetTicket(), &ticket); err != nil { + return nil, fmt.Errorf("ticket unpack failed: %w", err) + } + creationHash := SessionHashAlg.New() + creationHash.Write(in.GetCreationData()) + + _, _, certErr := tpm2.CertifyCreation(k.rw, "", sealed, tpm2.HandleNull, nil, creationHash.Sum(nil), tpm2.SigScheme{}, ticket) + // There is a bug in some older TPMs, where they are unable to + // CertifyCreation when using a Null signing handle (despite this + // being allowed by all versions of the TPM spec). To work around + // this bug, we use a temporary signing key and ignore the signed + // result. To reduce the cost of this workaround, we use a cached + // ECC signing key. + // We can detect this bug, as it triggers a RCInsufficient + // Unmarshaling error. + if paramErr, ok := certErr.(tpm2.ParameterError); ok && paramErr.Code == tpm2.RCInsufficient { + signer, err := AttestationKeyECC(k.rw) + if err != nil { + return nil, fmt.Errorf("failed to create fallback signing key: %w", err) + } + defer signer.Close() + _, _, certErr = tpm2.CertifyCreation(k.rw, "", sealed, signer.Handle(), nil, creationHash.Sum(nil), tpm2.SigScheme{}, ticket) + } + if certErr != nil { + return nil, fmt.Errorf("failed to certify creation: %w", certErr) + } + + // verify certify PCRs haven't been modified + decodedCreationData, err := tpm2.DecodeCreationData(in.GetCreationData()) + if err != nil { + return nil, fmt.Errorf("failed to decode creation data: %w", err) + } + if !internal.SamePCRSelection(in.GetCertifiedPcrs(), decodedCreationData.PCRSelection) { + return nil, fmt.Errorf("certify PCRs does not match the PCR selection in the creation data") + } + expectedDigest := internal.PCRDigest(in.GetCertifiedPcrs(), SessionHashAlg) + if subtle.ConstantTimeCompare(decodedCreationData.PCRDigest, expectedDigest) == 0 { + return nil, fmt.Errorf("certify PCRs digest does not match the digest in the creation data") + } + } + + sel := tpm2.PCRSelection{Hash: tpm2.Algorithm(in.GetHash())} + for _, pcr := range in.GetPcrs() { + sel.PCRs = append(sel.PCRs, int(pcr)) + } + + session, err := newPCRSession(k.rw, sel) + if err != nil { + return nil, fmt.Errorf("failed to create session: %w", err) + } + defer session.Close() + + auth, err := session.Auth() + if err != nil { + return nil, err + } + return tpm2.UnsealWithSession(k.rw, auth.Session, sealed, "") +} + +// Quote will tell TPM to compute a hash of a set of given PCR selection, together with +// some extra data (typically a nonce), sign it with the given signing key, and return +// the signature and the attestation data. This function will return an error if +// the key is not a restricted signing key. +func (k *Key) Quote(selpcr tpm2.PCRSelection, extraData []byte) (*pb.Quote, error) { + // Make sure that we have a valid signing key before trying quote + var err error + if _, err = internal.GetSigningHashAlg(k.pubArea); err != nil { + return nil, err + } + if !k.hasAttribute(tpm2.FlagRestricted) { + return nil, fmt.Errorf("unrestricted keys are insecure to use with Quote") + } + + quote := &pb.Quote{} + quote.Quote, quote.RawSig, err = tpm2.QuoteRaw(k.rw, k.Handle(), "", "", extraData, selpcr, tpm2.AlgNull) + if err != nil { + return nil, fmt.Errorf("failed to quote: %w", err) + } + quote.Pcrs, err = ReadPCRs(k.rw, selpcr) + if err != nil { + return nil, fmt.Errorf("failed to read PCRs: %w", err) + } + // Verify the quote client-side to make sure we didn't mess things up. + // NOTE: the quote still must be verified server-side as well. + if err := internal.VerifyQuote(quote, k.PublicKey(), extraData); err != nil { + return nil, fmt.Errorf("failed to verify quote: %w", err) + } + return quote, nil +} + +// Reseal is a shortcut to call Unseal() followed by Seal(). +// CertifyOpt(nillable) will be used in Unseal(), and SealOpt(nillable) +// will be used in Seal() +func (k *Key) Reseal(in *pb.SealedBytes, uOpts UnsealOpts, sOpts SealOpts) (*pb.SealedBytes, error) { + sensitive, err := k.Unseal(in, uOpts) + if err != nil { + return nil, fmt.Errorf("failed to unseal: %w", err) + } + return k.Seal(sensitive, sOpts) +} + +func (k *Key) hasAttribute(attr tpm2.KeyProp) bool { + return k.pubArea.Attributes&attr != 0 +} + +// Cert returns the parsed certificate (or nil) for the given key. +func (k *Key) Cert() *x509.Certificate { + return k.cert +} + +// CertDERBytes provides the ASN.1 DER content of the key's certificate. If the +// key does not have a certficate, returns nil. +func (k *Key) CertDERBytes() []byte { + if k.cert == nil { + return nil + } + return k.cert.Raw +} + +func getCertificateFromNvram(rw io.ReadWriter, index uint32) (*x509.Certificate, error) { + certASN1, err := tpm2.NVReadEx(rw, tpmutil.Handle(index), tpm2.HandleOwner, "", 0) + if err != nil { + return nil, fmt.Errorf("failed to read certificate from NV index %d: %w", index, err) + } + x509Cert, err := x509.ParseCertificate(certASN1) + if err != nil { + return nil, fmt.Errorf("failed to parse certificate from NV memory: %w", err) + } + return x509Cert, nil +} diff --git a/vendor/github.com/google/go-tpm-tools/client/keys_test.go b/vendor/github.com/google/go-tpm-tools/client/keys_test.go new file mode 100644 index 000000000..b97295ca9 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/client/keys_test.go @@ -0,0 +1,186 @@ +package client_test + +import ( + "io" + "reflect" + "testing" + + "github.com/google/go-tpm/tpm2" + "github.com/google/go-tpm/tpmutil" + + "github.com/google/go-tpm-tools/client" + "github.com/google/go-tpm-tools/internal/test" +) + +func TestNameMatchesPublicArea(t *testing.T) { + rwc := test.GetTPM(t) + defer client.CheckedClose(t, rwc) + ek, err := client.EndorsementKeyRSA(rwc) + if err != nil { + t.Fatal(err) + } + defer ek.Close() + + matches, err := ek.Name().MatchesPublic(ek.PublicArea()) + if err != nil { + t.Fatal(err) + } + if !matches { + t.Fatal("Returned name and computed name do not match") + } +} + +func TestCreateSigningKeysInHierarchies(t *testing.T) { + rwc := test.GetTPM(t) + defer client.CheckedClose(t, rwc) + template := client.AKTemplateRSA() + + // We are not authorized to create keys in the Platform Hierarchy + for _, hierarchy := range []tpmutil.Handle{tpm2.HandleOwner, tpm2.HandleEndorsement, tpm2.HandleNull} { + key, err := client.NewKey(rwc, hierarchy, template) + if err != nil { + t.Errorf("Hierarchy %+v: %s", hierarchy, err) + } else { + key.Close() + } + } +} + +func TestCachedRSAKeys(t *testing.T) { + rwc := test.GetTPM(t) + defer client.CheckedClose(t, rwc) + keys := []struct { + name string + getKey func(io.ReadWriter) (*client.Key, error) + }{ + {"SRK", client.StorageRootKeyRSA}, + {"EK", client.EndorsementKeyRSA}, + } + + for _, k := range keys { + t.Run(k.name, func(t *testing.T) { + // Get the key the first time and persist + srk, err := k.getKey(rwc) + if err != nil { + t.Fatal(err) + } + defer srk.Close() + + pub := srk.PublicKey() + if tpm2.FlushContext(rwc, srk.Handle()) == nil { + t.Error("Trying to flush persistent keys should fail.") + } + + // Get the cached key (should be the same) + srk, err = k.getKey(rwc) + if err != nil { + t.Fatal(err) + } + defer srk.Close() + + if !reflect.DeepEqual(srk.PublicKey(), pub) { + t.Errorf("Expected pub key: %v got: %v", pub, srk.PublicKey()) + } + + // We should still get the same key if we evict the handle + if err := tpm2.EvictControl(rwc, "", tpm2.HandleOwner, srk.Handle(), srk.Handle()); err != nil { + t.Errorf("Evicting control failed: %v", err) + } + srk, err = k.getKey(rwc) + if err != nil { + t.Fatal(err) + } + defer srk.Close() + + if !reflect.DeepEqual(srk.PublicKey(), pub) { + t.Errorf("Expected pub key: %v got: %v", pub, srk.PublicKey()) + } + }) + } +} + +func TestKeyCreation(t *testing.T) { + rwc := test.GetTPM(t) + defer client.CheckedClose(t, rwc) + + keys := []struct { + name string + getKey func(io.ReadWriter) (*client.Key, error) + }{ + {"SRK-ECC", client.StorageRootKeyECC}, + {"EK-ECC", client.EndorsementKeyECC}, + {"AK-ECC", client.AttestationKeyECC}, + {"SRK-RSA", client.StorageRootKeyRSA}, + {"EK-RSA", client.EndorsementKeyRSA}, + {"AK-RSA", client.AttestationKeyRSA}, + } + + for _, k := range keys { + t.Run(k.name, func(t *testing.T) { + key, err := k.getKey(rwc) + if err != nil { + t.Fatal(err) + } + key.Close() + }) + } +} + +func BenchmarkKeyCreation(b *testing.B) { + rwc := test.GetTPM(b) + defer client.CheckedClose(b, rwc) + + benchmarks := []struct { + name string + getKey func(io.ReadWriter) (*client.Key, error) + }{ + {"SRK-ECC-Cached", client.StorageRootKeyECC}, + {"EK-ECC-Cached", client.EndorsementKeyECC}, + {"AK-ECC-Cached", client.AttestationKeyECC}, + + {"SRK-ECC", func(rw io.ReadWriter) (*client.Key, error) { + return client.NewKey(rw, tpm2.HandleOwner, client.SRKTemplateECC()) + }}, + {"EK-ECC", func(rw io.ReadWriter) (*client.Key, error) { + return client.NewKey(rw, tpm2.HandleEndorsement, client.DefaultEKTemplateECC()) + }}, + {"AK-ECC", func(rw io.ReadWriter) (*client.Key, error) { + return client.NewKey(rw, tpm2.HandleOwner, client.AKTemplateECC()) + }}, + + {"SRK-RSA-Cached", client.StorageRootKeyRSA}, + {"EK-RSA-Cached", client.EndorsementKeyRSA}, + {"AK-RSA-Cached", client.AttestationKeyRSA}, + + {"SRK-RSA", func(rw io.ReadWriter) (*client.Key, error) { + return client.NewKey(rw, tpm2.HandleEndorsement, client.SRKTemplateRSA()) + }}, + {"EK-RSA", func(rw io.ReadWriter) (*client.Key, error) { + return client.NewKey(rw, tpm2.HandleOwner, client.DefaultEKTemplateRSA()) + }}, + {"AK-RSA", func(rw io.ReadWriter) (*client.Key, error) { + return client.NewKey(rw, tpm2.HandleOwner, client.AKTemplateRSA()) + }}, + } + + for _, bm := range benchmarks { + b.Run(bm.name, func(b *testing.B) { + // Don't count time to populate the cache + b.StopTimer() + key, err := bm.getKey(rwc) + if err != nil { + b.Fatal(err) + } + key.Close() + b.StartTimer() + + for i := 0; i < b.N; i++ { + key, err := bm.getKey(rwc) + if err != nil { + b.Fatal(err) + } + key.Close() + } + }) + } +} diff --git a/vendor/github.com/google/go-tpm-tools/client/pcr.go b/vendor/github.com/google/go-tpm-tools/client/pcr.go new file mode 100644 index 000000000..1e0b3b00f --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/client/pcr.go @@ -0,0 +1,166 @@ +package client + +import ( + "crypto" + "fmt" + "io" + "math" + + pb "github.com/google/go-tpm-tools/proto/tpm" + "github.com/google/go-tpm/tpm2" +) + +// NumPCRs is set to the spec minimum of 24, as that's all go-tpm supports. +const NumPCRs = 24 + +// We hard-code SHA256 as the policy session hash algorithms. Note that this +// differs from the PCR hash algorithm (which selects the bank of PCRs to use) +// and the Public area Name algorithm. We also chose this for compatibility with +// github.com/google/go-tpm/tpm2, as it hardcodes the nameAlg as SHA256 in +// several places. Two constants are used to avoid repeated conversions. +const ( + SessionHashAlg = crypto.SHA256 + SessionHashAlgTpm = tpm2.AlgSHA256 +) + +// CertifyHashAlgTpm is the hard-coded algorithm used in certify PCRs. +const CertifyHashAlgTpm = tpm2.AlgSHA256 + +func min(a, b int) int { + if a < b { + return a + } + return b +} + +// Get a list of selections corresponding to the TPM's implemented PCRs +func implementedPCRs(rw io.ReadWriter) ([]tpm2.PCRSelection, error) { + caps, moreData, err := tpm2.GetCapability(rw, tpm2.CapabilityPCRs, math.MaxUint32, 0) + if err != nil { + return nil, fmt.Errorf("listing implemented PCR banks: %w", err) + } + if moreData { + return nil, fmt.Errorf("extra data from GetCapability") + } + sels := make([]tpm2.PCRSelection, len(caps)) + for i, cap := range caps { + sel, ok := cap.(tpm2.PCRSelection) + if !ok { + return nil, fmt.Errorf("unexpected data from GetCapability") + } + sels[i] = sel + } + return sels, nil +} + +// ReadPCRs fetches all the PCR values specified in sel, making multiple calls +// to the TPM if necessary. +func ReadPCRs(rw io.ReadWriter, sel tpm2.PCRSelection) (*pb.PCRs, error) { + pl := pb.PCRs{ + Hash: pb.HashAlgo(sel.Hash), + Pcrs: map[uint32][]byte{}, + } + + for i := 0; i < len(sel.PCRs); i += 8 { + end := min(i+8, len(sel.PCRs)) + pcrSel := tpm2.PCRSelection{ + Hash: sel.Hash, + PCRs: sel.PCRs[i:end], + } + + pcrMap, err := tpm2.ReadPCRs(rw, pcrSel) + if err != nil { + return nil, err + } + + for pcr, val := range pcrMap { + pl.Pcrs[uint32(pcr)] = val + } + } + + return &pl, nil +} + +// ReadAllPCRs fetches all the PCR values from all implemented PCR banks. +func ReadAllPCRs(rw io.ReadWriter) ([]*pb.PCRs, error) { + sels, err := implementedPCRs(rw) + if err != nil { + return nil, err + } + + allPcrs := make([]*pb.PCRs, len(sels)) + for i, sel := range sels { + allPcrs[i], err = ReadPCRs(rw, sel) + if err != nil { + return nil, fmt.Errorf("reading bank %x PCRs: %w", sel.Hash, err) + } + } + return allPcrs, nil +} + +// SealOpts specifies the PCR values that should be used for Seal(). +type SealOpts struct { + // Current seals data to the current specified PCR selection. + Current tpm2.PCRSelection + // Target predictively seals data to the given specified PCR values. + Target *pb.PCRs +} + +// UnsealOpts specifies the options that should be used for Unseal(). +// Currently, it specifies the PCRs that need to pass certification in order to +// successfully unseal. +// CertifyHashAlgTpm is the hard-coded algorithm that must be used with +// UnsealOpts. +type UnsealOpts struct { + // CertifyCurrent certifies that a selection of current PCRs have the same + // value when sealing. + CertifyCurrent tpm2.PCRSelection + // CertifyExpected certifies that the TPM had a specific set of PCR values when sealing. + CertifyExpected *pb.PCRs +} + +// FullPcrSel will return a full PCR selection based on the total PCR number +// of the TPM with the given hash algo. +func FullPcrSel(hash tpm2.Algorithm) tpm2.PCRSelection { + sel := tpm2.PCRSelection{Hash: hash} + for i := 0; i < NumPCRs; i++ { + sel.PCRs = append(sel.PCRs, int(i)) + } + return sel +} + +func mergePCRSelAndProto(rw io.ReadWriter, sel tpm2.PCRSelection, proto *pb.PCRs) (*pb.PCRs, error) { + if proto == nil || len(proto.GetPcrs()) == 0 { + return ReadPCRs(rw, sel) + } + if len(sel.PCRs) == 0 { + return proto, nil + } + if sel.Hash != tpm2.Algorithm(proto.Hash) { + return nil, fmt.Errorf("current hash (%v) differs from target hash (%v)", + sel.Hash, tpm2.Algorithm(proto.Hash)) + } + + // At this point, both sel and proto are non-empty. + // Verify no overlap in sel and proto PCR indexes. + overlap := make([]int, 0) + targetMap := proto.GetPcrs() + for _, pcrVal := range sel.PCRs { + if _, found := targetMap[uint32(pcrVal)]; found { + overlap = append(overlap, pcrVal) + } + } + if len(overlap) != 0 { + return nil, fmt.Errorf("found PCR overlap: %v", overlap) + } + + currentPcrs, err := ReadPCRs(rw, sel) + if err != nil { + return nil, err + } + + for pcr, val := range proto.GetPcrs() { + currentPcrs.Pcrs[pcr] = val + } + return currentPcrs, nil +} diff --git a/vendor/github.com/google/go-tpm-tools/client/pcr_test.go b/vendor/github.com/google/go-tpm-tools/client/pcr_test.go new file mode 100644 index 000000000..cdbc3922e --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/client/pcr_test.go @@ -0,0 +1,127 @@ +package client_test + +import ( + "bytes" + "crypto/sha1" + "crypto/sha256" + "crypto/sha512" + "fmt" + "testing" + + "github.com/google/go-tpm-tools/client" + "github.com/google/go-tpm-tools/internal" + "github.com/google/go-tpm-tools/internal/test" + "github.com/google/go-tpm/tpm2" + "github.com/google/go-tpm/tpmutil" +) + +var extends = map[tpm2.Algorithm][]struct { + digest []byte +}{ + tpm2.AlgSHA1: { + {bytes.Repeat([]byte{0x00}, sha1.Size)}, + {bytes.Repeat([]byte{0x01}, sha1.Size)}, + {bytes.Repeat([]byte{0x02}, sha1.Size)}}, + tpm2.AlgSHA256: { + {bytes.Repeat([]byte{0x00}, sha256.Size)}, + {bytes.Repeat([]byte{0x01}, sha256.Size)}, + {bytes.Repeat([]byte{0x02}, sha256.Size)}}, + tpm2.AlgSHA384: { + {bytes.Repeat([]byte{0x00}, sha512.Size384)}, + {bytes.Repeat([]byte{0x01}, sha512.Size384)}, + {bytes.Repeat([]byte{0x02}, sha512.Size384)}}, +} + +func pcrExtend(alg tpm2.Algorithm, old, new []byte) ([]byte, error) { + hCon, err := alg.Hash() + if err != nil { + return nil, fmt.Errorf("not a valid hash type: %v", alg) + } + h := hCon.New() + h.Write(old) + h.Write(new) + return h.Sum(nil), nil +} + +func TestReadPCRs(t *testing.T) { + rwc := test.GetTPM(t) + defer client.CheckedClose(t, rwc) + + cases := []struct { + name string + hashalg tpm2.Algorithm + }{ + {"SHA1", tpm2.AlgSHA1}, + {"SHA256", tpm2.AlgSHA256}, + {"SHA384", tpm2.AlgSHA512}, + } + + for _, c := range cases { + t.Run(c.name, func(t *testing.T) { + test.SkipOnUnsupportedAlg(t, rwc, c.hashalg) + + pcrbank, err := tpm2.ReadPCR(rwc, test.DebugPCR, c.hashalg) + if err != nil { + t.Fatal(err) + } + + for _, d := range extends[c.hashalg] { + if err := tpm2.PCRExtend(rwc, tpmutil.Handle(test.DebugPCR), c.hashalg, d.digest, ""); err != nil { + t.Fatalf("failed to extend pcr for test %v", err) + } + pcrVal, err := pcrExtend(c.hashalg, pcrbank, d.digest) + if err != nil { + t.Fatalf("could not extend pcr: %v", err) + } + pcrbank = pcrVal + sel := tpm2.PCRSelection{Hash: c.hashalg, PCRs: []int{test.DebugPCR}} + proto, err := client.ReadPCRs(rwc, sel) + if err != nil { + t.Fatalf("failed to read pcrs %v", err) + } + if !bytes.Equal(proto.Pcrs[uint32(test.DebugPCR)], pcrbank) { + t.Errorf("%v not equal to expected %v", proto.Pcrs[uint32(test.DebugPCR)], pcrbank) + } + } + }) + } +} + +func TestCheckContainedPCRs(t *testing.T) { + rwc := test.GetTPM(t) + defer client.CheckedClose(t, rwc) + + sel := client.FullPcrSel(tpm2.AlgSHA256) + baseline, err := client.ReadPCRs(rwc, sel) + if err != nil { + t.Fatalf("Failed to Read PCRs: %v", err) + } + + toBeCertified, err := client.ReadPCRs(rwc, tpm2.PCRSelection{Hash: tpm2.AlgSHA256, PCRs: []int{1, 2, 3}}) + if err != nil { + t.Fatalf("failed to read pcrs %v", err) + } + if err := internal.CheckSubset(toBeCertified, baseline); err != nil { + t.Fatalf("Validation should pass: %v", err) + } + + if err := tpm2.PCRExtend(rwc, tpmutil.Handle(test.DebugPCR), tpm2.AlgSHA256, bytes.Repeat([]byte{0x00}, sha256.Size), ""); err != nil { + t.Fatalf("failed to extend pcr for test %v", err) + } + + toBeCertified, err = client.ReadPCRs(rwc, tpm2.PCRSelection{Hash: tpm2.AlgSHA256, PCRs: []int{1, 3, test.DebugPCR}}) + if err != nil { + t.Fatalf("failed to read pcrs %v", err) + } + if err := internal.CheckSubset(toBeCertified, baseline); err == nil { + t.Fatalf("validation should fail due to PCR %d changed", test.DebugPCR) + } + + toBeCertified, err = client.ReadPCRs(rwc, tpm2.PCRSelection{Hash: tpm2.AlgSHA256, PCRs: []int{}}) + if err != nil { + t.Fatalf("failed to read pcrs %v", err) + } + if err := internal.CheckSubset(toBeCertified, baseline); err != nil { + t.Fatalf("empty pcrs is always validate") + } +} diff --git a/vendor/github.com/google/go-tpm-tools/client/quote_test.go b/vendor/github.com/google/go-tpm-tools/client/quote_test.go new file mode 100644 index 000000000..55b59018b --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/client/quote_test.go @@ -0,0 +1,154 @@ +package client_test + +import ( + "bytes" + "crypto/ecdsa" + "crypto/rsa" + "fmt" + "io" + "testing" + + "github.com/google/go-attestation/attest" + "github.com/google/go-tpm-tools/client" + "github.com/google/go-tpm-tools/internal/test" + "github.com/google/go-tpm/tpm2" +) + +func TestQuote(t *testing.T) { + rwc := test.GetTPM(t) + defer client.CheckedClose(t, rwc) + + keys := []struct { + name string + getKey func(io.ReadWriter) (*client.Key, error) + }{ + {"AK-ECC", client.AttestationKeyECC}, + {"AK-RSA", client.AttestationKeyRSA}, + } + + pcrSels := []tpm2.PCRSelection{ + { + Hash: tpm2.AlgSHA256, + PCRs: []int{7}, + }, + client.FullPcrSel(tpm2.AlgSHA256), + } + + for _, key := range keys { + for _, sel := range pcrSels { + name := fmt.Sprintf("%s-%d", key.name, len(sel.PCRs)) + t.Run(name, func(t *testing.T) { + ak, err := key.getKey(rwc) + if err != nil { + t.Errorf("failed to generate AK: %v", err) + } + defer ak.Close() + + quoted, err := ak.Quote(sel, []byte("test")) + if err != nil { + t.Errorf("failed to quote: %v", err) + } + sig, err := tpm2.DecodeSignature(bytes.NewBuffer(quoted.GetRawSig())) + if err != nil { + t.Errorf("signature decoding failed: %v", err) + } + + switch pub := ak.PublicKey().(type) { + case *ecdsa.PublicKey: + hash, err := sig.ECC.HashAlg.Hash() + if err != nil { + t.Fatalf("not a valid hash type: %v", sig.ECC.HashAlg) + } + + hashCon := hash.New() + hashCon.Write(quoted.GetQuote()) + if !ecdsa.Verify(pub, hashCon.Sum(nil)[:], sig.ECC.R, sig.ECC.S) { + t.Errorf("ECC signature verification failed") + } + case *rsa.PublicKey: + hash, err := sig.RSA.HashAlg.Hash() + if err != nil { + t.Fatalf("not a valid hash type: %v", sig.RSA.HashAlg) + } + + hashCon := hash.New() + hashCon.Write(quoted.GetQuote()) + if err = rsa.VerifyPKCS1v15(pub, hash, hashCon.Sum(nil), []byte(sig.RSA.Signature)); err != nil { + t.Errorf("RSA signature verification failed: %v", err) + } + } + }) + } + } + +} + +func TestQuoteShouldFailWithNonSigningKey(t *testing.T) { + rwc := test.GetTPM(t) + defer client.CheckedClose(t, rwc) + + srk, err := client.StorageRootKeyRSA(rwc) + if err != nil { + t.Errorf("failed to generate SRK: %v", err) + } + defer srk.Close() + + selpcr := tpm2.PCRSelection{ + Hash: tpm2.AlgSHA1, + PCRs: []int{7}, + } + _, err = srk.Quote(selpcr, []byte("test")) + if err == nil { + t.Errorf("Quote with a non-signing key should fail") + } + t.Log(err) +} + +// Basic tests of Key.Attest, more advanced methods are in server package +func TestAttest(t *testing.T) { + rwc := test.GetTPM(t) + defer client.CheckedClose(t, rwc) + + keys := []struct { + name string + getKey func(io.ReadWriter) (*client.Key, error) + shouldSucceed bool + }{ + {"AK-ECC", client.AttestationKeyECC, true}, + {"AK-RSA", client.AttestationKeyRSA, true}, + {"EK-ECC", client.EndorsementKeyECC, false}, + {"EK-RSA", client.EndorsementKeyRSA, false}, + } + for _, key := range keys { + t.Run(key.name, func(t *testing.T) { + ak, err := key.getKey(rwc) + if err != nil { + t.Fatalf("failed to generate AK: %v", err) + } + defer ak.Close() + + attestation, err := ak.Attest(client.AttestOpts{Nonce: []byte("some nonce")}) + if !key.shouldSucceed { + if err == nil { + t.Error("expected failure when calling Attest") + } + return + } + if err != nil { + t.Fatalf("failed to attest: %v", err) + } + + // Basic check, make sure we got multiple banks, and fields parse + if _, err = tpm2.DecodePublic(attestation.AkPub); err != nil { + t.Errorf("failed to decode AkPub: %v", err) + } + if len(attestation.Quotes) <= 1 { + t.Error("expected multiple quotes") + } + if _, err = attest.ParseEventLog(attestation.EventLog); err != nil { + t.Errorf("failed to parse event log: %v", err) + } + }) + + } +} diff --git a/vendor/github.com/google/go-tpm-tools/client/seal_test.go b/vendor/github.com/google/go-tpm-tools/client/seal_test.go new file mode 100644 index 000000000..1f9e8d761 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/client/seal_test.go @@ -0,0 +1,460 @@ +package client_test + +import ( + "bytes" + "crypto/sha256" + "io" + "reflect" + "testing" + + "github.com/google/go-tpm/tpm2" + "github.com/google/go-tpm/tpmutil" + + "github.com/google/go-tpm-tools/client" + "github.com/google/go-tpm-tools/internal/test" + pb "github.com/google/go-tpm-tools/proto/tpm" +) + +func TestSeal(t *testing.T) { + rwc := test.GetTPM(t) + defer client.CheckedClose(t, rwc) + + keys := []struct { + name string + getSRK func(io.ReadWriter) (*client.Key, error) + }{ + {"RSA", client.StorageRootKeyRSA}, + {"ECC", client.StorageRootKeyECC}, + } + for _, key := range keys { + t.Run(key.name, func(t *testing.T) { + srk, err := key.getSRK(rwc) + if err != nil { + t.Fatalf("can't create %s srk from template: %v", key.name, err) + } + defer srk.Close() + + secret := []byte("test") + pcrToChange := test.DebugPCR + sel := tpm2.PCRSelection{Hash: tpm2.AlgSHA256, PCRs: []int{7, pcrToChange}} + sealed, err := srk.Seal(secret, client.SealOpts{Current: sel}) + if err != nil { + t.Fatalf("failed to seal: %v", err) + } + + opts := client.UnsealOpts{ + CertifyCurrent: tpm2.PCRSelection{ + Hash: tpm2.AlgSHA256, + PCRs: []int{7}, + }, + } + unseal, err := srk.Unseal(sealed, opts) + if err != nil { + t.Fatalf("failed to unseal: %v", err) + } + if !bytes.Equal(secret, unseal) { + t.Fatalf("unsealed (%v) not equal to secret (%v)", unseal, secret) + } + + extension := bytes.Repeat([]byte{0xAA}, sha256.Size) + if err = tpm2.PCRExtend(rwc, tpmutil.Handle(pcrToChange), tpm2.AlgSHA256, extension, ""); err != nil { + t.Fatalf("failed to extend pcr: %v", err) + } + + // unseal should not succeed. + if _, err = srk.Unseal(sealed, opts); err == nil { + t.Fatalf("unseal should have caused an error: %v", err) + } + }) + } +} + +func TestSelfReseal(t *testing.T) { + rwc := test.GetTPM(t) + defer client.CheckedClose(t, rwc) + + key, err := client.StorageRootKeyRSA(rwc) + if err != nil { + t.Fatalf("can't create srk from template: %v", err) + } + defer key.Close() + + secret := []byte("test") + pcrList := []int{0, 4, 7} + sOpts := client.SealOpts{ + Current: tpm2.PCRSelection{ + Hash: tpm2.AlgSHA256, + PCRs: pcrList, + }, + } + + sealed, err := key.Seal(secret, sOpts) + if err != nil { + t.Fatalf("failed to seal: %v", err) + } + + uOpts := client.UnsealOpts{ + CertifyCurrent: tpm2.PCRSelection{ + Hash: tpm2.AlgSHA256, + PCRs: []int{7}, + }, + } + unseal, err := key.Unseal(sealed, uOpts) + if err != nil { + t.Fatalf("failed to unseal: %v", err) + } + if !bytes.Equal(secret, unseal) { + t.Errorf("unsealed (%v) not equal to secret (%v)", unseal, secret) + } + + sealed, err = key.Reseal(sealed, uOpts, sOpts) + if err != nil { + t.Fatalf("failed to reseal: %v", err) + } + + unseal, err = key.Unseal(sealed, uOpts) + if err != nil { + t.Fatalf("failed to unseal after resealing: %v", err) + } + if !bytes.Equal(secret, unseal) { + t.Errorf("unsealed (%v) not equal to secret (%v)", unseal, secret) + } +} + +func computePCRValue(base []byte, extensions [][]byte) []byte { + for _, extension := range extensions { + sum := sha256.Sum256(append(base, extension...)) + base = sum[:] + } + return base +} + +func TestComputePCRValue(t *testing.T) { + rwc := test.GetTPM(t) + defer client.CheckedClose(t, rwc) + + pcrNum := test.DebugPCR + extensions := [][]byte{ + bytes.Repeat([]byte{0xAA}, sha256.Size), + bytes.Repeat([]byte{0xAB}, sha256.Size), + bytes.Repeat([]byte{0xAC}, sha256.Size), + bytes.Repeat([]byte{0xAD}, sha256.Size), + } + + pcrBase, err := tpm2.ReadPCR(rwc, pcrNum, tpm2.AlgSHA256) + if err != nil { + t.Fatalf("failed to read pcr %v", err) + } + + for _, extension := range extensions { + err := tpm2.PCRExtend(rwc, tpmutil.Handle(pcrNum), tpm2.AlgSHA256, extension, "") + if err != nil { + t.Fatalf("failed to extend pcr: %v", err) + } + } + + pcrVal, err := tpm2.ReadPCR(rwc, pcrNum, tpm2.AlgSHA256) + if err != nil { + t.Fatalf("failed to read pcr %v", err) + } + + computedValue := computePCRValue(pcrBase, extensions) + if !bytes.Equal(pcrVal, computedValue) { + t.Fatalf("pcrVal (%v) not equal to computedValue (%v)", pcrVal, computedValue) + } +} + +func TestReseal(t *testing.T) { + rwc := test.GetTPM(t) + defer client.CheckedClose(t, rwc) + + key, err := client.StorageRootKeyRSA(rwc) + if err != nil { + t.Fatalf("can't create srk from template: %v", err) + } + defer key.Close() + + secret := []byte("test") + pcrToChange := test.DebugPCR + sel := tpm2.PCRSelection{Hash: tpm2.AlgSHA256, PCRs: []int{7, pcrToChange}} + sealed, err := key.Seal(secret, client.SealOpts{Current: sel}) + if err != nil { + t.Fatalf("failed to seal: %v", err) + } + + uOpts := client.UnsealOpts{ + CertifyCurrent: sel, + } + unseal, err := key.Unseal(sealed, uOpts) + if err != nil { + t.Fatalf("failed to unseal: %v", err) + } + if !bytes.Equal(secret, unseal) { + t.Fatalf("unsealed (%v) not equal to secret (%v)", unseal, secret) + } + + // create a new set of PCRs value for modification + predictedPcrsValue, err := client.ReadPCRs(rwc, sel) + if err != nil { + t.Fatalf("failed to read PCRs value: %v", err) + } + // change pcr value to the predicted future value for resealing + extensions := [][]byte{bytes.Repeat([]byte{0xAA}, sha256.Size)} + predictedPcrsValue.GetPcrs()[uint32(pcrToChange)] = computePCRValue(predictedPcrsValue.GetPcrs()[uint32(pcrToChange)], extensions) + + sOpts := client.SealOpts{Target: predictedPcrsValue} + resealed, err := key.Reseal(sealed, uOpts, sOpts) + if err != nil { + t.Fatalf("failed to reseal: %v", err) + } + + // unseal should not succeed since pcr has not been extended. + if _, err = key.Unseal(resealed, client.UnsealOpts{}); err == nil { + t.Fatalf("unseal should have failed: %v", err) + } + + // save the current PCR value for certification before extend the PCRs + oldPcrsValue, err := client.ReadPCRs(rwc, sel) + if err != nil { + t.Fatalf("failed to read PCRs value: %v", err) + } + for _, extension := range extensions { + err = tpm2.PCRExtend(rwc, tpmutil.Handle(pcrToChange), tpm2.AlgSHA256, extension, "") + if err != nil { + t.Fatalf("failed to extend pcr: %v", err) + } + } + + // unseal should fail when certifying current PCR values, as one PCR has changed + _, err = key.Unseal(resealed, client.UnsealOpts{CertifyCurrent: sel}) + if err == nil { + t.Fatalf("unseal should fail since the certify PCRs have changed.") + } + + // certify original PCR values (PCR values at seal-time) will work + unseal, err = key.Unseal(resealed, client.UnsealOpts{CertifyExpected: oldPcrsValue}) + if err != nil { + t.Fatalf("failed to unseal: %v", err) + } + if !bytes.Equal(secret, unseal) { + t.Errorf("unsealed (%v) not equal to secret (%v)", unseal, secret) + } +} + +func TestSealResealWithEmptyPCRs(t *testing.T) { + rwc := test.GetTPM(t) + defer client.CheckedClose(t, rwc) + + key, err := client.StorageRootKeyRSA(rwc) + if err != nil { + t.Fatalf("can't create srk from template: %v", err) + } + defer key.Close() + + secret := []byte("test") + pcrToChange := test.DebugPCR + sealed, err := key.Seal(secret, client.SealOpts{}) + if err != nil { + t.Fatalf("failed to seal: %v", err) + } + opts := client.UnsealOpts{ + CertifyCurrent: tpm2.PCRSelection{ + Hash: tpm2.AlgSHA256, + PCRs: []int{pcrToChange}, + }, + } + unseal, err := key.Unseal(sealed, opts) + if err != nil { + t.Fatalf("failed to unseal: %v", err) + } + if !bytes.Equal(secret, unseal) { + t.Fatalf("unsealed (%v) not equal to secret (%v)", unseal, secret) + } + + extension := bytes.Repeat([]byte{0xAA}, sha256.Size) + if err = tpm2.PCRExtend(rwc, tpmutil.Handle(pcrToChange), tpm2.AlgSHA256, extension, ""); err != nil { + t.Fatalf("failed to extend pcr: %v", err) + } + + // unseal should fail as the PCR has changed (not as same as when sealing) + _, err = key.Unseal(sealed, opts) + if err == nil { + t.Fatalf("unseal should fail as PCR 7 changed") + } + + // reseal should succeed as UnsealOpts is empty + sealed, err = key.Reseal(sealed, client.UnsealOpts{}, client.SealOpts{}) + if err != nil { + t.Fatalf("failed to reseal: %v", err) + } + + // unseal should success as the above Reseal() "refreshes" the certify PCRs. + unseal, err = key.Unseal(sealed, opts) + if err != nil { + t.Errorf("failed to unseal: %v", err) + } + if !bytes.Equal(secret, unseal) { + t.Fatalf("unsealed (%v) not equal to secret (%v)", unseal, secret) + } +} + +func BenchmarkSeal(b *testing.B) { + rwc := test.GetTPM(b) + defer client.CheckedClose(b, rwc) + + pcrSel7 := tpm2.PCRSelection{Hash: tpm2.AlgSHA256, PCRs: []int{7}} + sOptsPCR7 := client.SealOpts{Current: pcrSel7} + uOptsPCR7 := client.UnsealOpts{CertifyCurrent: pcrSel7} + benchmarks := []struct { + name string + sOpts client.SealOpts + uOpts client.UnsealOpts + getKey func(io.ReadWriter) (*client.Key, error) + }{ + {"SRK-ECC-SealPCR7-UnsealPCR7", sOptsPCR7, uOptsPCR7, client.StorageRootKeyECC}, + {"SRK-ECC-SealEmpty-UnsealPCR7", client.SealOpts{}, uOptsPCR7, client.StorageRootKeyECC}, + {"SRK-ECC-SealPCR7-UnsealEmpty", sOptsPCR7, client.UnsealOpts{}, client.StorageRootKeyECC}, + {"SRK-ECC-SealEmpty-UnsealEmpty", client.SealOpts{}, client.UnsealOpts{}, client.StorageRootKeyECC}, + {"SRK-RSA-SealPCR7-UnsealPCR7", sOptsPCR7, uOptsPCR7, client.StorageRootKeyRSA}, + {"SRK-RSA-SealEmpty-UnsealPCR7", client.SealOpts{}, uOptsPCR7, client.StorageRootKeyRSA}, + {"SRK-RSA-SealPCR7-UnsealEmpty", sOptsPCR7, client.UnsealOpts{}, client.StorageRootKeyRSA}, + {"SRK-RSA-SealEmpty-UnsealEmpty", client.SealOpts{}, client.UnsealOpts{}, client.StorageRootKeyRSA}, + } + + for _, bm := range benchmarks { + key, err := bm.getKey(rwc) + if err != nil { + b.Fatal(err) + } + b.Run(bm.name, func(b *testing.B) { + for i := 0; i < b.N; i++ { + blob, err := key.Seal([]byte("test123"), bm.sOpts) + if err != nil { + b.Fatal(err) + } + if _, err = key.Unseal(blob, bm.uOpts); err != nil { + b.Fatal(err) + } + } + }) + } +} +func TestSealOpts(t *testing.T) { + rwc := test.GetTPM(t) + defer client.CheckedClose(t, rwc) + + emptySet := map[uint32]struct{}{} + srk, err := client.StorageRootKeyECC(rwc) + if err != nil { + t.Fatalf("failed to create SRK: %v", err) + } + + opts := []struct { + name string + current tpm2.PCRSelection + target *pb.PCRs + expectedPcrs map[uint32]struct{} + }{ + {"CurrentEmpty-TargetNil", tpm2.PCRSelection{}, nil, emptySet}, + {"CurrentEmpty7-TargetNil", tpm2.PCRSelection{}, nil, emptySet}, + {"CurrentEmpty-TargetEmpty", tpm2.PCRSelection{}, &pb.PCRs{}, emptySet}, + {"CurrentSHA1Empty-TargetSHA256Empty", + tpm2.PCRSelection{Hash: tpm2.AlgSHA1}, + &pb.PCRs{Hash: pb.HashAlgo_SHA256}, + emptySet}, + {"CurrentSHA256Empty-TargetSHA1Empty", + tpm2.PCRSelection{Hash: tpm2.AlgSHA256}, + &pb.PCRs{Hash: pb.HashAlgo_SHA1}, + emptySet}, + {"CurrentSHA2567-TargetSHA1Empty", + tpm2.PCRSelection{Hash: tpm2.AlgSHA256, PCRs: []int{7}}, + &pb.PCRs{Hash: pb.HashAlgo_SHA1}, + map[uint32]struct{}{7: {}}}, + {"Current7-TargetPCR0,4", + tpm2.PCRSelection{Hash: tpm2.AlgSHA256, PCRs: []int{0, 7}}, + &pb.PCRs{Hash: pb.HashAlgo_SHA256, + Pcrs: map[uint32][]byte{4: {0x00}}}, + map[uint32]struct{}{ + 0: {}, + 4: {}, + 7: {}, + }}, + } + + sliceToSet := func(a []uint32) map[uint32]struct{} { + ret := make(map[uint32]struct{}) + for _, val := range a { + ret[val] = struct{}{} + } + return ret + } + for _, testcase := range opts { + t.Run(testcase.name, func(t *testing.T) { + sOpts := client.SealOpts{Current: testcase.current, Target: testcase.target} + sealed, err := srk.Seal([]byte("secretzz"), sOpts) + if err != nil { + t.Errorf("error calling Seal with SealOpts: %v", err) + } + outPcrsMap := sliceToSet(sealed.Pcrs) + if !reflect.DeepEqual(outPcrsMap, testcase.expectedPcrs) { + t.Errorf("received PCRs (%v) do not match expected PCRs (%v)", + outPcrsMap, testcase.expectedPcrs) + } + }) + } + + // Run empty SealOpts. + _, err = srk.Seal([]byte("secretzz"), client.SealOpts{}) + if err != nil { + t.Errorf("error calling Seal with SealOpts: %v", err) + } +} +func TestSealAndUnsealOptsFail(t *testing.T) { + rwc := test.GetTPM(t) + defer client.CheckedClose(t, rwc) + + srk, err := client.StorageRootKeyECC(rwc) + if err != nil { + t.Fatalf("failed to create SRK: %v", err) + } + + pcrSel7 := tpm2.PCRSelection{Hash: tpm2.AlgSHA256, PCRs: []int{7}} + pcrMap7 := map[uint32][]byte{7: {0x01, 0x02}} + pbPcr7 := &pb.PCRs{Hash: pb.HashAlgo_SHA256, Pcrs: pcrMap7} + opts := []struct { + name string + current tpm2.PCRSelection + target *pb.PCRs + }{ + {"CurrentSHA256-TargetSHA1", pcrSel7, &pb.PCRs{Hash: pb.HashAlgo_SHA1, Pcrs: pcrMap7}}, + {"Current-TargetPCROverlap", pcrSel7, pbPcr7}, + {"Current-TargetPCROverlapMultiple", tpm2.PCRSelection{Hash: tpm2.AlgSHA256, PCRs: []int{0, 4, 7, 8}}, + &pb.PCRs{Hash: pb.HashAlgo_SHA256, Pcrs: map[uint32][]byte{0: {}, 4: {0x00}, 9: {0x01, 0x02}}}}, + } + + for _, testcase := range opts { + t.Run("Seal"+testcase.name, func(t *testing.T) { + sOpts := client.SealOpts{Current: testcase.current, + Target: testcase.target} + _, err := srk.Seal([]byte("secretzz"), sOpts) + if err == nil { + t.Errorf("expected failure calling SealOpts") + } + }) + } + + sealed, err := srk.Seal([]byte("secretzz"), client.SealOpts{}) + if err != nil { + t.Fatalf("failed to seal: %v", err) + } + for _, testcase := range opts { + t.Run("Unseal"+testcase.name, func(t *testing.T) { + uOpts := client.UnsealOpts{CertifyCurrent: testcase.current, + CertifyExpected: testcase.target} + _, err := srk.Unseal(sealed, uOpts) + if err == nil { + t.Errorf("expected failure calling SealOpts") + } + }) + } +} diff --git a/vendor/github.com/google/go-tpm-tools/client/session.go b/vendor/github.com/google/go-tpm-tools/client/session.go new file mode 100644 index 000000000..1803ef316 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/client/session.go @@ -0,0 +1,89 @@ +package client + +import ( + "io" + + "github.com/google/go-tpm/tpm2" + "github.com/google/go-tpm/tpmutil" +) + +type session interface { + io.Closer + Auth() (tpm2.AuthCommand, error) +} + +func startAuthSession(rw io.ReadWriter) (session tpmutil.Handle, err error) { + // This session assumes the bus is trusted, so we: + // - use nil for tpmKey, encrypted salt, and symmetric + // - use and all-zeros caller nonce, and ignore the returned nonce + // As we are creating a plain TPM session, we: + // - setup a policy session + // - don't bind the session to any particular key + session, _, err = tpm2.StartAuthSession( + rw, + /*tpmKey=*/ tpm2.HandleNull, + /*bindKey=*/ tpm2.HandleNull, + /*nonceCaller=*/ make([]byte, SessionHashAlg.Size()), + /*encryptedSalt=*/ nil, + /*sessionType=*/ tpm2.SessionPolicy, + /*symmetric=*/ tpm2.AlgNull, + /*authHash=*/ SessionHashAlgTpm) + return +} + +type pcrSession struct { + rw io.ReadWriter + session tpmutil.Handle + sel tpm2.PCRSelection +} + +func newPCRSession(rw io.ReadWriter, sel tpm2.PCRSelection) (session, error) { + if len(sel.PCRs) == 0 { + return nullSession{}, nil + } + session, err := startAuthSession(rw) + return pcrSession{rw, session, sel}, err +} + +func (p pcrSession) Auth() (auth tpm2.AuthCommand, err error) { + if err = tpm2.PolicyPCR(p.rw, p.session, nil, p.sel); err != nil { + return + } + return tpm2.AuthCommand{Session: p.session, Attributes: tpm2.AttrContinueSession}, nil +} + +func (p pcrSession) Close() error { + return tpm2.FlushContext(p.rw, p.session) +} + +type ekSession struct { + rw io.ReadWriter + session tpmutil.Handle +} + +func newEKSession(rw io.ReadWriter) (session, error) { + session, err := startAuthSession(rw) + return ekSession{rw, session}, err +} + +func (e ekSession) Auth() (auth tpm2.AuthCommand, err error) { + nullAuth := tpm2.AuthCommand{Session: tpm2.HandlePasswordSession, Attributes: tpm2.AttrContinueSession} + if _, err = tpm2.PolicySecret(e.rw, tpm2.HandleEndorsement, nullAuth, e.session, nil, nil, nil, 0); err != nil { + return + } + return tpm2.AuthCommand{Session: e.session, Attributes: tpm2.AttrContinueSession}, nil +} + +func (e ekSession) Close() error { + return tpm2.FlushContext(e.rw, e.session) +} + +type nullSession struct{} + +func (n nullSession) Auth() (auth tpm2.AuthCommand, err error) { + return tpm2.AuthCommand{Session: tpm2.HandlePasswordSession, Attributes: tpm2.AttrContinueSession}, nil +} + +func (n nullSession) Close() error { + return nil +} diff --git a/vendor/github.com/google/go-tpm-tools/client/signer.go b/vendor/github.com/google/go-tpm-tools/client/signer.go new file mode 100644 index 000000000..a2de5201d --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/client/signer.go @@ -0,0 +1,146 @@ +package client + +import ( + "crypto" + "crypto/rsa" + "encoding/asn1" + "fmt" + "io" + "math/big" + "sync" + + "github.com/google/go-tpm-tools/internal" + "github.com/google/go-tpm/tpm2" +) + +// Global mutex to protect against concurrent TPM access. +var signerMutex sync.Mutex + +type tpmSigner struct { + Key *Key + Hash crypto.Hash +} + +// Public returns the tpmSigners public key. +func (signer *tpmSigner) Public() crypto.PublicKey { + return signer.Key.PublicKey() +} + +// Sign uses the TPM key to sign the digest. +// The digest must be hashed from the same hash algorithm as the keys scheme. +// The opts hash function must also match the keys scheme (or be nil). +// Concurrent use of Sign is thread safe, but it is not safe to access the TPM +// from other sources while Sign is executing. +// For RSAPSS signatures, you cannot specify custom salt lengths. The salt +// length will be (keyBits/8) - digestSize - 2, unless that is less than the +// digestSize in which case, saltLen will be digestSize. The only normal case +// where saltLen is not digestSize is when using 1024 keyBits with SHA512. +func (signer *tpmSigner) Sign(_ io.Reader, digest []byte, opts crypto.SignerOpts) (signature []byte, err error) { + if pssOpts, ok := opts.(*rsa.PSSOptions); ok { + if signer.Key.pubArea.RSAParameters == nil { + return nil, fmt.Errorf("invalid options: PSSOptions can only be used with RSA keys") + } + if signer.Key.pubArea.RSAParameters.Sign.Alg != tpm2.AlgRSAPSS { + return nil, fmt.Errorf("invalid options: PSSOptions cannot be used with signing alg: %v", signer.Key.pubArea.RSAParameters.Sign.Alg) + } + if pssOpts.SaltLength != rsa.PSSSaltLengthAuto { + return nil, fmt.Errorf("salt length must be rsa.PSSSaltLengthAuto") + } + } + if opts != nil && opts.HashFunc() != signer.Hash { + return nil, fmt.Errorf("hash algorithm: got %v, want %v", opts.HashFunc(), signer.Hash) + } + if len(digest) != signer.Hash.Size() { + return nil, fmt.Errorf("digest length: got %d, want %d", digest, signer.Hash.Size()) + } + + signerMutex.Lock() + defer signerMutex.Unlock() + + auth, err := signer.Key.session.Auth() + if err != nil { + return nil, err + } + + sig, err := tpm2.SignWithSession(signer.Key.rw, auth.Session, signer.Key.handle, "", digest, nil, nil) + if err != nil { + return nil, err + } + return getSignature(sig) +} + +// GetSigner returns a crypto.Signer wrapping the loaded TPM Key. +// Concurrent use of one or more Signers is thread safe, but it is not safe to +// access the TPM from other sources while using a Signer. +// The returned Signer lasts the lifetime of the Key, and will no longer work +// once the Key has been closed. +func (k *Key) GetSigner() (crypto.Signer, error) { + if k.hasAttribute(tpm2.FlagRestricted) { + return nil, fmt.Errorf("restricted keys are not supported") + } + hashAlg, err := internal.GetSigningHashAlg(k.pubArea) + if err != nil { + return nil, err + } + // For crypto.Signer, Go does the hashing. Make sure the hash is supported. + hash, err := hashAlg.Hash() + if err != nil { + return nil, err + } + return &tpmSigner{k, hash}, nil +} + +// SignData signs a data buffer with a TPM loaded key. Unlike GetSigner, this +// method works with restricted and unrestricted keys. If this method is called +// on a restriced key, the TPM itself will hash the provided data, failing the +// signing operation if the data begins with TPM_GENERATED_VALUE. +func (k *Key) SignData(data []byte) ([]byte, error) { + hashAlg, err := internal.GetSigningHashAlg(k.pubArea) + if err != nil { + return nil, err + } + + var digest []byte + var ticket *tpm2.Ticket + if k.hasAttribute(tpm2.FlagRestricted) { + // Restricted keys can only sign data hashed by the TPM. We use the + // owner hierarchy for the Ticket, but any non-Null hierarchy would do. + digest, ticket, err = tpm2.Hash(k.rw, hashAlg, data, tpm2.HandleOwner) + if err != nil { + return nil, err + } + } else { + // Unrestricted keys can sign any digest, no need for TPM hashing. + hash, err := hashAlg.Hash() + if err != nil { + return nil, err + } + hasher := hash.New() + hasher.Write(data) + digest = hasher.Sum(nil) + } + + auth, err := k.session.Auth() + if err != nil { + return nil, err + } + sig, err := tpm2.SignWithSession(k.rw, auth.Session, k.handle, "", digest, ticket, nil) + if err != nil { + return nil, err + } + return getSignature(sig) +} + +func getSignature(sig *tpm2.Signature) ([]byte, error) { + switch sig.Alg { + case tpm2.AlgRSASSA: + return sig.RSA.Signature, nil + case tpm2.AlgRSAPSS: + return sig.RSA.Signature, nil + case tpm2.AlgECDSA: + sigStruct := struct{ R, S *big.Int }{sig.ECC.R, sig.ECC.S} + return asn1.Marshal(sigStruct) + default: + return nil, fmt.Errorf("unsupported signing algorithm: %v", sig.Alg) + } +} diff --git a/vendor/github.com/google/go-tpm-tools/client/signer_test.go b/vendor/github.com/google/go-tpm-tools/client/signer_test.go new file mode 100644 index 000000000..d264e9e9d --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/client/signer_test.go @@ -0,0 +1,317 @@ +package client_test + +import ( + "crypto" + "crypto/ecdsa" + "crypto/rsa" + "crypto/sha1" + "crypto/sha256" + "encoding/asn1" + "math/big" + "testing" + + "github.com/google/go-tpm-tools/client" + "github.com/google/go-tpm-tools/internal/test" + "github.com/google/go-tpm/tpm2" +) + +func templateSSA(hash tpm2.Algorithm) tpm2.Public { + template := client.AKTemplateRSA() + // Can't sign arbitrary data if restricted. + template.Attributes &= ^tpm2.FlagRestricted + template.RSAParameters.Sign.Hash = hash + return template +} + +func templatePSS(hash tpm2.Algorithm) tpm2.Public { + template := templateSSA(hash) + template.RSAParameters.Sign.Alg = tpm2.AlgRSAPSS + return template +} + +func templateECC(hash tpm2.Algorithm) tpm2.Public { + template := client.AKTemplateECC() + template.Attributes &= ^tpm2.FlagRestricted + template.ECCParameters.Sign.Hash = hash + return template +} + +// Templates that require some sort of (default) authorization +func templateAuthSSA() tpm2.Public { + template := templateSSA(tpm2.AlgSHA256) + template.AuthPolicy = client.DefaultEKTemplateRSA().AuthPolicy + template.Attributes |= tpm2.FlagAdminWithPolicy + template.Attributes &= ^tpm2.FlagUserWithAuth + return template +} + +func templateAuthECC() tpm2.Public { + template := templateECC(tpm2.AlgSHA256) + template.AuthPolicy = client.DefaultEKTemplateECC().AuthPolicy + template.Attributes |= tpm2.FlagAdminWithPolicy + template.Attributes &= ^tpm2.FlagUserWithAuth + return template +} + +func verifyRSA(pubKey crypto.PublicKey, hash crypto.Hash, digest, sig []byte) bool { + return rsa.VerifyPKCS1v15(pubKey.(*rsa.PublicKey), hash, digest, sig) == nil +} + +func verifyECC(pubKey crypto.PublicKey, _ crypto.Hash, digest, sig []byte) bool { + var sigStruct struct{ R, S *big.Int } + asn1.Unmarshal(sig, &sigStruct) + return ecdsa.Verify(pubKey.(*ecdsa.PublicKey), digest, sigStruct.R, sigStruct.S) +} + +func TestSign(t *testing.T) { + rwc := test.GetTPM(t) + defer client.CheckedClose(t, rwc) + + keys := []struct { + name string + hash crypto.Hash + template tpm2.Public + verify func(crypto.PublicKey, crypto.Hash, []byte, []byte) bool + }{ + {"RSA-SHA1", crypto.SHA1, templateSSA(tpm2.AlgSHA1), verifyRSA}, + {"RSA-SHA256", crypto.SHA256, templateSSA(tpm2.AlgSHA256), verifyRSA}, + {"RSA-SHA384", crypto.SHA384, templateSSA(tpm2.AlgSHA384), verifyRSA}, + {"RSA-SHA512", crypto.SHA512, templateSSA(tpm2.AlgSHA512), verifyRSA}, + {"ECC-SHA1", crypto.SHA1, templateECC(tpm2.AlgSHA1), verifyECC}, + {"ECC-SHA256", crypto.SHA256, templateECC(tpm2.AlgSHA256), verifyECC}, + {"ECC-SHA384", crypto.SHA384, templateECC(tpm2.AlgSHA384), verifyECC}, + {"ECC-SHA512", crypto.SHA512, templateECC(tpm2.AlgSHA512), verifyECC}, + {"Auth-RSA", crypto.SHA256, templateAuthSSA(), verifyRSA}, + {"Auth-ECC", crypto.SHA256, templateAuthECC(), verifyECC}, + } + + message := []byte("authenticated message") + // Data beginning with TPM_GENERATED_VALUE (looks like a TPM-test message) + generatedMsg := append([]byte("\xffTCG"), message...) + for _, k := range keys { + hash := k.hash.New() + hash.Write(message) + digest := hash.Sum(nil) + alg, err := tpm2.HashToAlgorithm(k.hash) + if err != nil { + t.Fatal(err) + } + + t.Run(k.name, func(t *testing.T) { + test.SkipOnUnsupportedAlg(t, rwc, alg) + + key, err := client.NewKey(rwc, tpm2.HandleEndorsement, k.template) + if err != nil { + t.Fatal(err) + } + defer key.Close() + + signer, err := key.GetSigner() + if err != nil { + t.Fatal(err) + } + sig, err := signer.Sign(nil, digest, k.hash) + if err != nil { + t.Fatal(err) + } + if !k.verify(signer.Public(), k.hash, digest, sig) { + t.Error(err) + } + }) + t.Run(k.name+"-SignData", func(t *testing.T) { + test.SkipOnUnsupportedAlg(t, rwc, alg) + + key, err := client.NewKey(rwc, tpm2.HandleEndorsement, k.template) + if err != nil { + t.Fatal(err) + } + defer key.Close() + + sig, err := key.SignData(message) + if err != nil { + t.Fatal(err) + } + if !k.verify(key.PublicKey(), k.hash, digest, sig) { + t.Error(err) + } + + // Unrestricted keys can sign data beginning with TPM_GENERATED_VALUE + if _, err = key.SignData(generatedMsg); err != nil { + t.Error(err) + } + }) + t.Run(k.name+"-SignDataRestricted", func(t *testing.T) { + test.SkipOnUnsupportedAlg(t, rwc, alg) + + restrictedTemplate := k.template + restrictedTemplate.Attributes |= tpm2.FlagRestricted + key, err := client.NewKey(rwc, tpm2.HandleEndorsement, restrictedTemplate) + if err != nil { + t.Fatal(err) + } + defer key.Close() + + sig, err := key.SignData(message) + if err != nil { + t.Fatal(err) + } + if !k.verify(key.PublicKey(), k.hash, digest, sig) { + t.Error(err) + } + + // Restricted keys cannot sign data beginning with TPM_GENERATED_VALUE + if _, err = key.SignData(generatedMsg); err == nil { + t.Error("Signing TPM_GENERATED_VALUE data should fail") + } + }) + } +} + +func TestSignIncorrectHash(t *testing.T) { + rwc := test.GetTPM(t) + defer client.CheckedClose(t, rwc) + + key, err := client.NewKey(rwc, tpm2.HandleEndorsement, templateSSA(tpm2.AlgSHA256)) + if err != nil { + t.Fatal(err) + } + defer key.Close() + + signer, err := key.GetSigner() + if err != nil { + t.Fatal(err) + } + + digestSHA1 := sha1.Sum([]byte("authenticated message")) + digestSHA256 := sha256.Sum256([]byte("authenticated message")) + + if _, err := signer.Sign(nil, digestSHA1[:], crypto.SHA1); err == nil { + t.Error("expected failure for digest and hash not matching keys sigScheme.") + } + + if _, err := signer.Sign(nil, digestSHA1[:], crypto.SHA256); err == nil { + t.Error("expected failure for correct hash, but incorrect digest.") + } + + if _, err := signer.Sign(nil, digestSHA256[:], crypto.SHA1); err == nil { + t.Error("expected failure for correct digest, but incorrect hash.") + } +} + +func TestSignPSS(t *testing.T) { + rwc := test.GetTPM(t) + defer client.CheckedClose(t, rwc) + keys := []struct { + name string + opts crypto.SignerOpts + template tpm2.Public + keyBits uint16 + saltLen int + }{ + // saltLen should be (keyBits/8) - digestSize - 2, unless that is less than + // digestSize in which case, saltLen will be digestSize. + // The only normal case where saltLen is not digestSize is when using + // 1024 keyBits with SHA512. + {"RSA-SHA1", crypto.SHA1, templatePSS(tpm2.AlgSHA1), 1024, 20}, + {"RSA-SHA256", crypto.SHA256, templatePSS(tpm2.AlgSHA256), 1024, 32}, + {"RSA-SHA384", crypto.SHA384, templatePSS(tpm2.AlgSHA384), 1024, 48}, + {"RSA-SHA512", crypto.SHA512, templatePSS(tpm2.AlgSHA512), 1024, 62}, + {"RSA-SHA512", crypto.SHA512, templatePSS(tpm2.AlgSHA512), 2048, 64}, + {"RSA-SHA1", &rsa.PSSOptions{SaltLength: rsa.PSSSaltLengthAuto, Hash: crypto.SHA1}, templatePSS(tpm2.AlgSHA1), 1024, 20}, + {"RSA-SHA256", &rsa.PSSOptions{SaltLength: rsa.PSSSaltLengthAuto, Hash: crypto.SHA256}, templatePSS(tpm2.AlgSHA256), 1024, 32}, + {"RSA-SHA384", &rsa.PSSOptions{SaltLength: rsa.PSSSaltLengthAuto, Hash: crypto.SHA384}, templatePSS(tpm2.AlgSHA384), 1024, 48}, + {"RSA-SHA512", &rsa.PSSOptions{SaltLength: rsa.PSSSaltLengthAuto, Hash: crypto.SHA512}, templatePSS(tpm2.AlgSHA512), 1024, 62}, + {"RSA-SHA512", &rsa.PSSOptions{SaltLength: rsa.PSSSaltLengthAuto, Hash: crypto.SHA512}, templatePSS(tpm2.AlgSHA512), 2048, 64}, + } + + for _, k := range keys { + t.Run(k.name, func(t *testing.T) { + alg, err := tpm2.HashToAlgorithm(k.opts.HashFunc()) + if err != nil { + t.Fatal(err) + } + test.SkipOnUnsupportedAlg(t, rwc, alg) + + k.template.RSAParameters.KeyBits = k.keyBits + + key, err := client.NewKey(rwc, tpm2.HandleEndorsement, k.template) + if err != nil { + t.Fatal(err) + } + defer key.Close() + + hash := k.opts.HashFunc().New() + hash.Write([]byte("authenticated message")) + digest := hash.Sum(nil) + + signer, err := key.GetSigner() + if err != nil { + t.Fatal(err) + } + sig, err := signer.Sign(nil, digest[:], k.opts) + if err != nil { + t.Fatal(err) + } + // Different implementations may specify different salt length. Some have "keyBytes - digestSize - 2", some have + // just "digestSize". Therefore here we just verify with default salt length. + err = rsa.VerifyPSS(signer.Public().(*rsa.PublicKey), k.opts.HashFunc(), digest[:], sig, nil) + if err != nil { + t.Error(err) + } + }) + } +} + +/// Make sure signing fails when using PSS params with a non-PSS key +func TestFailSignPSS(t *testing.T) { + rwc := test.GetTPM(t) + defer client.CheckedClose(t, rwc) + keys := []struct { + name string + template tpm2.Public + }{ + {"SSA", templateSSA(tpm2.AlgSHA256)}, + {"ECC", templateECC(tpm2.AlgSHA256)}, + } + + pssOpts := rsa.PSSOptions{SaltLength: rsa.PSSSaltLengthAuto, Hash: crypto.SHA256} + + for _, k := range keys { + t.Run(k.name, func(t *testing.T) { + key, err := client.NewKey(rwc, tpm2.HandleEndorsement, k.template) + if err != nil { + t.Fatal(err) + } + defer key.Close() + + signer, err := key.GetSigner() + if err != nil { + t.Fatal(err) + } + + // Fake SHA-256 digest + digest := make([]byte, 32) + if _, err = signer.Sign(nil, digest, &pssOpts); err == nil { + t.Error("expected failure when using PSS options") + } + }) + } +} + +// Signing keys without a signature scheme are incompatible with GetSigner +func TestFailGetSignerNullScheme(t *testing.T) { + template := templateSSA(tpm2.AlgSHA256) + template.RSAParameters.Sign = nil + + rwc := test.GetTPM(t) + defer client.CheckedClose(t, rwc) + key, err := client.NewKey(rwc, tpm2.HandleEndorsement, template) + if err != nil { + t.Fatal(err) + } + defer key.Close() + + if _, err = key.GetSigner(); err == nil { + t.Error("expected failure when calling GetSigner") + } +} diff --git a/vendor/github.com/google/go-tpm-tools/client/template.go b/vendor/github.com/google/go-tpm-tools/client/template.go new file mode 100644 index 000000000..a82632883 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/client/template.go @@ -0,0 +1,143 @@ +package client + +import ( + "crypto/sha256" + + "github.com/google/go-tpm/tpm2" + "github.com/google/go-tpm/tpmutil" +) + +// Calculations from Credential_Profile_EK_V2.0, section 2.1.5.3 - authPolicy +func defaultEKAuthPolicy() []byte { + buf, err := tpmutil.Pack(tpm2.CmdPolicySecret, tpm2.HandleEndorsement) + if err != nil { + panic(err) + } + digest1 := sha256.Sum256(append(make([]byte, 32), buf...)) + // We would normally append the policy buffer to digest1, but the + // policy buffer is empty for the default Auth Policy. + digest2 := sha256.Sum256(digest1[:]) + return digest2[:] +} + +func defaultEKAttributes() tpm2.KeyProp { + // The EK is a storage key that must use session-based authorization. + return (tpm2.FlagStorageDefault | tpm2.FlagAdminWithPolicy) & ^tpm2.FlagUserWithAuth +} + +func defaultSRKAttributes() tpm2.KeyProp { + // FlagNoDA doesn't do anything (as the AuthPolicy is nil). However, this is + // what Windows does, and we don't want to conflict. + return tpm2.FlagStorageDefault | tpm2.FlagNoDA +} + +func defaultSymScheme() *tpm2.SymScheme { + return &tpm2.SymScheme{ + Alg: tpm2.AlgAES, + KeyBits: 128, + Mode: tpm2.AlgCFB, + } +} + +func defaultRSAParams() *tpm2.RSAParams { + return &tpm2.RSAParams{ + Symmetric: defaultSymScheme(), + KeyBits: 2048, + ModulusRaw: make([]byte, 256), // public.unique must be all zeros + } +} + +func defaultECCParams() *tpm2.ECCParams { + return &tpm2.ECCParams{ + Symmetric: defaultSymScheme(), + CurveID: tpm2.CurveNISTP256, + Point: tpm2.ECPoint{ + XRaw: make([]byte, 32), + YRaw: make([]byte, 32), + }, + } +} + +// DefaultEKTemplateRSA returns the default Endorsement Key (EK) template as +// specified in Credential_Profile_EK_V2.0, section 2.1.5.1 - authPolicy. +// https://trustedcomputinggroup.org/wp-content/uploads/Credential_Profile_EK_V2.0_R14_published.pdf +func DefaultEKTemplateRSA() tpm2.Public { + return tpm2.Public{ + Type: tpm2.AlgRSA, + NameAlg: tpm2.AlgSHA256, + Attributes: defaultEKAttributes(), + AuthPolicy: defaultEKAuthPolicy(), + RSAParameters: defaultRSAParams(), + } +} + +// DefaultEKTemplateECC returns the default Endorsement Key (EK) template as +// specified in Credential_Profile_EK_V2.0, section 2.1.5.2 - authPolicy. +// https://trustedcomputinggroup.org/wp-content/uploads/Credential_Profile_EK_V2.0_R14_published.pdf +func DefaultEKTemplateECC() tpm2.Public { + return tpm2.Public{ + Type: tpm2.AlgECC, + NameAlg: tpm2.AlgSHA256, + Attributes: defaultEKAttributes(), + AuthPolicy: defaultEKAuthPolicy(), + ECCParameters: defaultECCParams(), + } +} + +// AKTemplateRSA returns a potential Attestation Key (AK) template. +// This is very similar to DefaultEKTemplateRSA, except that this will be a +// signing key instead of an encrypting key. +func AKTemplateRSA() tpm2.Public { + return tpm2.Public{ + Type: tpm2.AlgRSA, + NameAlg: tpm2.AlgSHA256, + Attributes: tpm2.FlagSignerDefault, + RSAParameters: &tpm2.RSAParams{ + Sign: &tpm2.SigScheme{ + Alg: tpm2.AlgRSASSA, + Hash: tpm2.AlgSHA256, + }, + KeyBits: 2048, + }, + } +} + +// AKTemplateECC returns a potential Attestation Key (AK) template. +// This is very similar to DefaultEKTemplateECC, except that this will be a +// signing key instead of an encrypting key. +func AKTemplateECC() tpm2.Public { + params := defaultECCParams() + params.Symmetric = nil + params.Sign = &tpm2.SigScheme{ + Alg: tpm2.AlgECDSA, + Hash: tpm2.AlgSHA256, + } + return tpm2.Public{ + Type: tpm2.AlgECC, + NameAlg: tpm2.AlgSHA256, + Attributes: tpm2.FlagSignerDefault, + ECCParameters: params, + } +} + +// SRKTemplateRSA returns a standard Storage Root Key (SRK) template. +// This is based upon the advice in the TCG's TPM v2.0 Provisioning Guidance. +func SRKTemplateRSA() tpm2.Public { + return tpm2.Public{ + Type: tpm2.AlgRSA, + NameAlg: tpm2.AlgSHA256, + Attributes: defaultSRKAttributes(), + RSAParameters: defaultRSAParams(), + } +} + +// SRKTemplateECC returns a standard Storage Root Key (SRK) template. +// This is based upon the advice in the TCG's TPM v2.0 Provisioning Guidance. +func SRKTemplateECC() tpm2.Public { + return tpm2.Public{ + Type: tpm2.AlgECC, + NameAlg: tpm2.AlgSHA256, + Attributes: defaultSRKAttributes(), + ECCParameters: defaultECCParams(), + } +} diff --git a/vendor/github.com/google/go-tpm-tools/cmd/flags.go b/vendor/github.com/google/go-tpm-tools/cmd/flags.go new file mode 100644 index 000000000..002ce2d92 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/cmd/flags.go @@ -0,0 +1,208 @@ +package cmd + +import ( + "errors" + "fmt" + "io" + "os" + "strconv" + "strings" + + "github.com/google/go-tpm-tools/client" + "github.com/google/go-tpm/tpm2" + "github.com/spf13/cobra" +) + +var ( + output string + input string + nvIndex uint32 + keyAlgo = tpm2.AlgRSA + pcrs []int +) + +type pcrsFlag struct { + value *[]int +} + +func (f *pcrsFlag) Set(val string) error { + for _, d := range strings.Split(val, ",") { + pcr, err := strconv.Atoi(d) + if err != nil { + return err + } + if pcr < 0 || pcr >= client.NumPCRs { + return errors.New("pcr out of range") + } + *f.value = append(*f.value, pcr) + } + return nil +} + +func (f *pcrsFlag) Type() string { + return "pcrs" +} + +func (f *pcrsFlag) String() string { + if len(*f.value) == 0 { + return "" + } + var b strings.Builder + fmt.Fprintf(&b, "%d", (*f.value)[0]) + for _, pcr := range (*f.value)[1:] { + fmt.Fprintf(&b, ",%d", pcr) + } + return b.String() +} + +var algos = map[tpm2.Algorithm]string{ + tpm2.AlgUnknown: "", + tpm2.AlgRSA: "rsa", + tpm2.AlgECC: "ecc", + tpm2.AlgSHA1: "sha1", + tpm2.AlgSHA256: "sha256", + tpm2.AlgSHA384: "sha384", + tpm2.AlgSHA512: "sha512", +} + +type algoFlag struct { + value *tpm2.Algorithm + allowed []tpm2.Algorithm +} + +func (f *algoFlag) Set(val string) error { + present := false + for _, algo := range f.allowed { + if algos[algo] == val { + *f.value = algo + present = true + } + } + if !present { + return errors.New("unknown algorithm") + } + return nil +} + +func (f *algoFlag) Type() string { + return "algo" +} + +func (f *algoFlag) String() string { + return algos[*f.value] +} + +// Allowed gives a string list of the permitted algorithm values for this flag. +func (f *algoFlag) Allowed() string { + out := make([]string, len(f.allowed)) + for i, a := range f.allowed { + out[i] = algos[a] + } + return strings.Join(out, ", ") +} + +// Disable the "help" subcommand (and just use the -h/--help flags). +// This should be called on all commands with subcommands. +// See https://github.com/spf13/cobra/issues/587 for why this is needed. +func hideHelp(cmd *cobra.Command) { + cmd.SetHelpCommand(&cobra.Command{Hidden: true}) +} + +// Lets this command specify an output file, for use with dataOutput(). +func addOutputFlag(cmd *cobra.Command) { + cmd.PersistentFlags().StringVar(&output, "output", "", + "output file (defaults to stdout)") +} + +// Lets this command specify an input file, for use with dataInput(). +func addInputFlag(cmd *cobra.Command) { + cmd.PersistentFlags().StringVar(&input, "input", "", + "input file (defaults to stdin)") +} + +// Lets this command specify an NVDATA index, for use with nvIndex. +func addIndexFlag(cmd *cobra.Command) { + cmd.PersistentFlags().Uint32Var(&nvIndex, "index", 0, + "NVDATA index, cannot be 0") +} + +// Lets this command specify some number of PCR arguments, check if in range. +func addPCRsFlag(cmd *cobra.Command) { + cmd.PersistentFlags().Var(&pcrsFlag{&pcrs}, "pcrs", "comma separated list of PCR numbers") +} + +// Lets this command specify the public key algorithm. +func addPublicKeyAlgoFlag(cmd *cobra.Command) { + f := algoFlag{&keyAlgo, []tpm2.Algorithm{tpm2.AlgRSA, tpm2.AlgECC}} + cmd.PersistentFlags().Var(&f, "algo", "public key algorithm: "+f.Allowed()) +} + +func addHashAlgoFlag(cmd *cobra.Command, hashAlgo *tpm2.Algorithm) { + f := algoFlag{hashAlgo, []tpm2.Algorithm{tpm2.AlgSHA1, tpm2.AlgSHA256, tpm2.AlgSHA384, tpm2.AlgSHA512}} + cmd.PersistentFlags().Var(&f, "hash-algo", "hash algorithm: "+f.Allowed()) +} + +// alwaysError implements io.ReadWriter by always returning an error +type alwaysError struct { + error +} + +func (ae alwaysError) Write([]byte) (int, error) { + return 0, ae.error +} + +func (ae alwaysError) Read(p []byte) (n int, err error) { + return 0, ae.error +} + +// Handle to output data file. If there is an issue opening the file, the Writer +// returned will return the error upon any call to Write() +func dataOutput() io.Writer { + if output == "" { + return os.Stdout + } + + file, err := os.Create(output) + if err != nil { + return alwaysError{err} + } + return file +} + +// Handle to input data file. If there is an issue opening the file, the Reader +// returned will return the error upon any call to Read() +func dataInput() io.Reader { + if input == "" { + return os.Stdin + } + + file, err := os.Open(input) + if err != nil { + return alwaysError{err} + } + return file +} + +// Load SRK based on tpm2.Algorithm set in the global flag vars. +func getSRK(rwc io.ReadWriter) (*client.Key, error) { + switch keyAlgo { + case tpm2.AlgRSA: + return client.StorageRootKeyRSA(rwc) + case tpm2.AlgECC: + return client.StorageRootKeyECC(rwc) + default: + panic("unexpected keyAlgo") + } +} + +// Load EK based on tpm2.Algorithm set in the global flag vars. +func getEK(rwc io.ReadWriter) (*client.Key, error) { + switch keyAlgo { + case tpm2.AlgRSA: + return client.EndorsementKeyRSA(rwc) + case tpm2.AlgECC: + return client.EndorsementKeyECC(rwc) + default: + panic("unexpected keyAlgo") + } +} diff --git a/vendor/github.com/google/go-tpm-tools/cmd/flush.go b/vendor/github.com/google/go-tpm-tools/cmd/flush.go new file mode 100644 index 000000000..d7fafc54c --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/cmd/flush.go @@ -0,0 +1,87 @@ +package cmd + +import ( + "fmt" + + "github.com/google/go-tpm-tools/client" + "github.com/google/go-tpm/tpm2" + "github.com/spf13/cobra" +) + +var handleNames = map[string][]tpm2.HandleType{ + "all": {tpm2.HandleTypeLoadedSession, tpm2.HandleTypeSavedSession, tpm2.HandleTypeTransient}, + "loaded": {tpm2.HandleTypeLoadedSession}, + "saved": {tpm2.HandleTypeSavedSession}, + "transient": {tpm2.HandleTypeTransient}, + "persistent": {tpm2.HandleTypePersistent}, +} + +var flushCmd = &cobra.Command{ + Use: "flush ", + Short: "Close active handles on the TPM", + Long: `Close some or all currently active handles on the TPM + +Most TPM operations require an active handle, representing some object within +the TPM. However, most TPMs also limit the number of simultaneous active handles +(usually a max of 3). This command allows for "leaked" handles (handles that +have not been properly closed) to be flushed, freeing up memory for new handles +to be used with future TPM operations. + +The TPM can also take an active handle and "persist" it to NVRAM. This frees up +memory for more transient handles. It can also allow for caching the creation of +slow keys (such as the RSA-based EK or SRK). These handles can be evicted from +NVRAM using the "persistent" argument, but are not flushed with "all", as this +can result in data loss (if the persisted key cannot be regenerated). + +Which handles are flushed depends on the argument passed: + loaded - only flush the loaded session handles + saved - only flush the saved session handles + transient - only flush the transient handles + all - flush all loaded, saved, and transient handles + persistent - only evict the persistent handles`, + ValidArgs: func() []string { + // The keys from the handleNames map are our valid arguments + keys := make([]string, len(handleNames)) + for k := range handleNames { + keys = append(keys, k) + } + return keys + }(), + Args: cobra.ExactValidArgs(1), + RunE: func(cmd *cobra.Command, args []string) error { + rwc, err := openTpm() + if err != nil { + return err + } + defer rwc.Close() + + totalHandles := 0 + for _, handleType := range handleNames[args[0]] { + handles, err := client.Handles(rwc, handleType) + if err != nil { + return fmt.Errorf("getting handles: %w", err) + } + for _, handle := range handles { + if handleType == tpm2.HandleTypePersistent { + if err = tpm2.EvictControl(rwc, "", tpm2.HandleOwner, handle, handle); err != nil { + return fmt.Errorf("evicting handle 0x%x: %w", handle, err) + } + fmt.Fprintf(debugOutput(), "Handle 0x%x evicted\n", handle) + } else { + if err = tpm2.FlushContext(rwc, handle); err != nil { + return fmt.Errorf("flushing handle 0x%x: %w", handle, err) + } + fmt.Fprintf(debugOutput(), "Handle 0x%x flushed\n", handle) + } + totalHandles++ + } + } + + fmt.Fprintf(messageOutput(), "%d handles flushed\n", totalHandles) + return nil + }, +} + +func init() { + RootCmd.AddCommand(flushCmd) +} diff --git a/vendor/github.com/google/go-tpm-tools/cmd/flush_test.go b/vendor/github.com/google/go-tpm-tools/cmd/flush_test.go new file mode 100644 index 000000000..5928b083d --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/cmd/flush_test.go @@ -0,0 +1,48 @@ +package cmd + +import ( + "testing" + + "github.com/google/go-tpm-tools/client" + "github.com/google/go-tpm-tools/internal/test" + "github.com/google/go-tpm/tpm2" +) + +func TestFlushNothing(t *testing.T) { + rwc := test.GetTPM(t) + defer client.CheckedClose(t, rwc) + ExternalTPM = rwc + + RootCmd.SetArgs([]string{"flush", "all", "--quiet"}) + if err := RootCmd.Execute(); err != nil { + t.Error(err) + } +} + +func TestFlush(t *testing.T) { + rwc := test.GetTPM(t) + defer client.CheckedClose(t, rwc) + ExternalTPM = rwc + + RootCmd.SetArgs([]string{"flush", "transient", "--quiet"}) + + // Loads then flushes 1, 2, 3 transient handles. + for numHandles := 1; numHandles <= 3; numHandles++ { + for i := 0; i < numHandles; i++ { + test.LoadRandomExternalKey(t, rwc) + } + + if err := RootCmd.Execute(); err != nil { + t.Error(err) + } + + // Ensure there are no active handles after that. + h, err := client.Handles(rwc, tpm2.HandleTypeTransient) + if err != nil { + t.Fatal(err) + } + if len(h) != 0 { + t.Errorf("TPM should be empty of transient handles; got: %d; want: 0", len(h)) + } + } +} diff --git a/vendor/github.com/google/go-tpm-tools/cmd/gotpm/main.go b/vendor/github.com/google/go-tpm-tools/cmd/gotpm/main.go new file mode 100644 index 000000000..c01681594 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/cmd/gotpm/main.go @@ -0,0 +1,13 @@ +package main + +import ( + "os" + + "github.com/google/go-tpm-tools/cmd" +) + +func main() { + if cmd.RootCmd.Execute() != nil { + os.Exit(1) + } +} diff --git a/vendor/github.com/google/go-tpm-tools/cmd/open.go b/vendor/github.com/google/go-tpm-tools/cmd/open.go new file mode 100644 index 000000000..423974523 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/cmd/open.go @@ -0,0 +1,32 @@ +package cmd + +import ( + "fmt" + "io" +) + +// ExternalTPM can be set to run tests against an TPM initialized by an +// external package (like the simulator). Setting this value will make all +// gotpm commands run against it, and will prevent the cmd package from +// closing the TPM. Setting this value and closing the TPM must be managed +// by the external package. +var ExternalTPM io.ReadWriter + +type ignoreClose struct { + io.ReadWriter +} + +func (ic ignoreClose) Close() error { + return nil +} + +func openTpm() (io.ReadWriteCloser, error) { + if ExternalTPM != nil { + return ignoreClose{ExternalTPM}, nil + } + rwc, err := openImpl() + if err != nil { + return nil, fmt.Errorf("connecting to TPM: %w", err) + } + return rwc, nil +} diff --git a/vendor/github.com/google/go-tpm-tools/cmd/open_other.go b/vendor/github.com/google/go-tpm-tools/cmd/open_other.go new file mode 100644 index 000000000..d0cf8874b --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/cmd/open_other.go @@ -0,0 +1,30 @@ +//go:build !windows +// +build !windows + +package cmd + +import ( + "io" + "os" + + "github.com/google/go-tpm/tpm2" +) + +var tpmPath string + +func init() { + RootCmd.PersistentFlags().StringVar(&tpmPath, "tpm-path", "", + "path to TPM device (defaults to /dev/tpmrm0 then /dev/tpm0)") +} + +// On Linux, we have to pass in the TPM path though a flag +func openImpl() (io.ReadWriteCloser, error) { + if tpmPath == "" { + tpm, err := tpm2.OpenTPM("/dev/tpmrm0") + if os.IsNotExist(err) { + tpm, err = tpm2.OpenTPM("/dev/tpm0") + } + return tpm, err + } + return tpm2.OpenTPM(tpmPath) +} diff --git a/vendor/github.com/google/go-tpm-tools/cmd/open_windows.go b/vendor/github.com/google/go-tpm-tools/cmd/open_windows.go new file mode 100644 index 000000000..f38c0c43d --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/cmd/open_windows.go @@ -0,0 +1,12 @@ +package cmd + +import ( + "io" + + "github.com/google/go-tpm/tpm2" +) + +// There is no need for flags on Windows, as there is no concept of a TPM path. +func openImpl() (io.ReadWriteCloser, error) { + return tpm2.OpenTPM() +} diff --git a/vendor/github.com/google/go-tpm-tools/cmd/pubkey.go b/vendor/github.com/google/go-tpm-tools/cmd/pubkey.go new file mode 100644 index 000000000..4a8b35d88 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/cmd/pubkey.go @@ -0,0 +1,100 @@ +package cmd + +import ( + "crypto" + "crypto/x509" + "encoding/pem" + "fmt" + "io" + + "github.com/google/go-tpm-tools/client" + "github.com/google/go-tpm/tpmutil" + + "github.com/google/go-tpm/tpm2" + "github.com/spf13/cobra" +) + +var hierarchyNames = map[string]tpmutil.Handle{ + "endorsement": tpm2.HandleEndorsement, + "owner": tpm2.HandleOwner, + "platform": tpm2.HandlePlatform, + "null": tpm2.HandleNull, +} + +var pubkeyCmd = &cobra.Command{ + Use: "pubkey ", + Short: "Retrieve a public key from the TPM", + Long: `Get the PEM-formatted public component of a TPM's primary key + +A TPM can create a primary asymmetric key in one of 4 hierarchies: + endorsement - used for remote attestation, privacy sensitive + owner - used for local signing/encryption, reset on TPM2_Clear + platform - rarely used + null - all keys are ephemeral, reset on every boot + +Furthermore, this key is based on a template containing parameters like +algorithms and key sizes. By default, this command uses a standard template +defined in the TPM2 spec. If --index is provided, the template is read from +NVDATA instead (and --algo is ignored).`, + ValidArgs: func() []string { + // The keys from the hierarchyNames map are our valid arguments + keys := make([]string, len(hierarchyNames)) + for k := range hierarchyNames { + keys = append(keys, k) + } + return keys + }(), + Args: cobra.ExactValidArgs(1), + RunE: func(cmd *cobra.Command, args []string) error { + rwc, err := openTpm() + if err != nil { + return err + } + defer rwc.Close() + + key, err := getKey(rwc, hierarchyNames[args[0]], keyAlgo) + if err != nil { + return err + } + defer key.Close() + + return writeKey(key.PublicKey()) + }, +} + +func init() { + RootCmd.AddCommand(pubkeyCmd) + addIndexFlag(pubkeyCmd) + addOutputFlag(pubkeyCmd) + addPublicKeyAlgoFlag(pubkeyCmd) +} + +func getKey(rw io.ReadWriter, hierarchy tpmutil.Handle, algo tpm2.Algorithm) (*client.Key, error) { + fmt.Fprintf(debugOutput(), "Using hierarchy 0x%x\n", hierarchy) + if nvIndex != 0 { + fmt.Fprintf(debugOutput(), "Reading from NVDATA index %d\n", nvIndex) + return client.KeyFromNvIndex(rw, hierarchy, nvIndex) + } + + switch hierarchy { + case tpm2.HandleEndorsement: + return getEK(rw) + case tpm2.HandleOwner: + return getSRK(rw) + default: + return nil, fmt.Errorf("there is no default key for the given hierarchy: 0x%x", hierarchy) + } +} + +func writeKey(pubKey crypto.PublicKey) error { + fmt.Fprintf(debugOutput(), "Got key: %+v\n", pubKey) + asn1Bytes, err := x509.MarshalPKIXPublicKey(pubKey) + if err != nil { + return err + } + + return pem.Encode(dataOutput(), &pem.Block{ + Type: "PUBLIC KEY", + Bytes: asn1Bytes, + }) +} diff --git a/vendor/github.com/google/go-tpm-tools/cmd/read.go b/vendor/github.com/google/go-tpm-tools/cmd/read.go new file mode 100644 index 000000000..924659926 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/cmd/read.go @@ -0,0 +1,108 @@ +package cmd + +import ( + "errors" + "fmt" + + "github.com/google/go-tpm-tools/client" + "github.com/google/go-tpm-tools/internal" + "github.com/google/go-tpm/tpm2" + "github.com/google/go-tpm/tpmutil" + "github.com/spf13/cobra" +) + +var readCmd = &cobra.Command{ + Use: "read ", + Short: "Read from the TPM", + Long: `Read from the TPM`, + Args: cobra.NoArgs, +} + +var pcrHashAlgo = tpm2.AlgUnknown + +var pcrCmd = &cobra.Command{ + Use: "pcr", + Short: "Read PCRs from the TPM", + Long: `Read PCRs from the TPM + +Based on --hash-algo and --pcrs flags, read the contents of the TPM's PCRs. + +If --hash-algo is not provided, all banks of PCRs will be read. +If --pcrs is not provided, all PCRs are read for that hash algorithm.`, + Args: cobra.NoArgs, + RunE: func(cmd *cobra.Command, args []string) error { + rwc, err := openTpm() + if err != nil { + return err + } + defer rwc.Close() + + if pcrHashAlgo != tpm2.AlgUnknown { + sel := tpm2.PCRSelection{Hash: pcrHashAlgo, PCRs: pcrs} + if len(sel.PCRs) == 0 { + sel = client.FullPcrSel(sel.Hash) + } + + fmt.Fprintf(debugOutput(), "Reading %v PCRs (%v)\n", sel.Hash, sel.PCRs) + pcrs, err := client.ReadPCRs(rwc, sel) + if err != nil { + return err + } + return internal.FormatPCRs(dataOutput(), pcrs) + } + if len(pcrs) != 0 { + return errors.New("--hash-algo must be used with --pcrs") + } + + fmt.Fprintln(debugOutput(), "Reading all PCRs") + banks, err := client.ReadAllPCRs(rwc) + if err != nil { + return err + } + + for _, bank := range banks { + if err = internal.FormatPCRs(dataOutput(), bank); err != nil { + return err + } + } + return nil + }, +} + +var nvReadCmd = &cobra.Command{ + Use: "nvdata", + Short: "Read TPM NVData", + Long: `Read NVData at a particular NVIndex + +Based on the --index flag, this reads all of the NVData present at that NVIndex. +The read is authenticated with the owner hierarchy and an empty password.`, + Args: cobra.NoArgs, + RunE: func(cmd *cobra.Command, args []string) error { + rwc, err := openTpm() + if err != nil { + return err + } + defer rwc.Close() + + data, err := tpm2.NVReadEx(rwc, tpmutil.Handle(nvIndex), tpm2.HandleOwner, "", 0) + if err != nil { + return err + } + if _, err := dataOutput().Write(data); err != nil { + return fmt.Errorf("cannot output NVData: %w", err) + } + return nil + }, +} + +func init() { + RootCmd.AddCommand(readCmd) + readCmd.AddCommand(pcrCmd) + readCmd.AddCommand(nvReadCmd) + addOutputFlag(pcrCmd) + addPCRsFlag(pcrCmd) + addHashAlgoFlag(pcrCmd, &pcrHashAlgo) + addIndexFlag(nvReadCmd) + nvReadCmd.MarkPersistentFlagRequired("index") + addOutputFlag(nvReadCmd) +} diff --git a/vendor/github.com/google/go-tpm-tools/cmd/root.go b/vendor/github.com/google/go-tpm-tools/cmd/root.go new file mode 100644 index 000000000..cfdd93cab --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/cmd/root.go @@ -0,0 +1,62 @@ +// Package cmd contains a CLI to interact with TPM. +package cmd + +import ( + "fmt" + "io" + "io/ioutil" + "os" + + "github.com/spf13/cobra" + "google.golang.org/protobuf/encoding/prototext" +) + +// RootCmd is the entrypoint for gotpm. +var RootCmd = &cobra.Command{ + Use: "gotpm", + Long: `Command line tool for the go-tpm TSS + +This tool allows performing TPM2 operations from the command line. +See the per-command documentation for more information.`, + PersistentPreRunE: func(cmd *cobra.Command, args []string) error { + if quiet && verbose { + return fmt.Errorf("cannot specify both --quiet and --verbose") + } + cmd.SilenceUsage = true + return nil + }, +} + +var ( + quiet bool + verbose bool +) + +func init() { + RootCmd.PersistentFlags().BoolVar(&quiet, "quiet", false, + "print nothing if command is successful") + RootCmd.PersistentFlags().BoolVar(&verbose, "verbose", false, + "print additional info to stdout") + hideHelp(RootCmd) +} + +func messageOutput() io.Writer { + if quiet { + return ioutil.Discard + } + return os.Stdout +} + +func debugOutput() io.Writer { + if verbose { + return os.Stdout + } + return ioutil.Discard +} + +// Default Text Marshalling options +var marshalOptions = prototext.MarshalOptions{ + Multiline: true, + EmitASCII: true, +} +var unmarshalOptions = prototext.UnmarshalOptions{} diff --git a/vendor/github.com/google/go-tpm-tools/cmd/seal.go b/vendor/github.com/google/go-tpm-tools/cmd/seal.go new file mode 100644 index 000000000..24b3cf944 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/cmd/seal.go @@ -0,0 +1,146 @@ +package cmd + +import ( + "fmt" + "io/ioutil" + + "github.com/spf13/cobra" + + "github.com/google/go-tpm-tools/client" + pb "github.com/google/go-tpm-tools/proto/tpm" + "github.com/google/go-tpm/tpm2" +) + +var sealHashAlgo = tpm2.AlgSHA256 + +var sealCmd = &cobra.Command{ + Use: "seal", + Short: "Seal some data to the TPM", + Long: `Encrypt the input data using the TPM + +TPMs support a "sealing" operation that allows some secret data to be encrypted +by a particular TPM. This data can only be decrypted by the same TPM that did +the encryption. + +Optionally (using the --pcrs flag), this decryption can be furthur restricted to +only work if certain Platform Control Registers (PCRs) are in the correct state. +This allows a key (i.e. a disk encryption key) to be bound to specific machine +state (like Secure Boot).`, + Args: cobra.NoArgs, + RunE: func(cmd *cobra.Command, args []string) error { + rwc, err := openTpm() + if err != nil { + return err + } + defer rwc.Close() + + fmt.Fprintln(debugOutput(), "Loading SRK") + srk, err := getSRK(rwc) + if err != nil { + return err + } + defer srk.Close() + + fmt.Fprintln(debugOutput(), "Reading sealed data") + secret, err := ioutil.ReadAll(dataInput()) + if err != nil { + return err + } + + fmt.Fprintf(debugOutput(), "Sealing to PCRs: %v\n", pcrs) + opts := client.SealOpts{Current: tpm2.PCRSelection{ + Hash: sealHashAlgo, + PCRs: pcrs}} + sealed, err := srk.Seal(secret, opts) + if err != nil { + return fmt.Errorf("sealing data: %w", err) + } + + fmt.Fprintln(debugOutput(), "Writing sealed data") + var output []byte + if output, err = marshalOptions.Marshal(sealed); err != nil { + return err + } + if _, err = dataOutput().Write(output); err != nil { + return err + } + fmt.Fprintf(debugOutput(), "Sealed data to PCRs: %v\n", pcrs) + return nil + }, +} + +var unsealCmd = &cobra.Command{ + Use: "unseal", + Short: "Unseal some data previously sealed to the TPM", + Long: `Decrypt the input data using the TPM + +The opposite of "gotpm seal". This takes in some sealed input and decrypts it +using the TPM. This operation will fail if used on a different TPM, or if the +Platform Control Registers (PCRs) are in the incorrect state. + +All the necessary data to decrypt the sealed input is present in the input blob. +We do not need to specify the PCRs used for unsealing. + +We do support an optional "certification" process. A list of PCRs may be +provided with --pcrs, and the unwrapping will fail if the PCR values when +sealing differ from the current PCR values. This allows for verification of the +machine state when sealing took place. +`, + Args: cobra.NoArgs, + RunE: func(cmd *cobra.Command, args []string) error { + rwc, err := openTpm() + if err != nil { + return err + } + defer rwc.Close() + + fmt.Fprintln(debugOutput(), "Reading sealed data") + data, err := ioutil.ReadAll(dataInput()) + if err != nil { + return err + } + var sealed pb.SealedBytes + if err := unmarshalOptions.Unmarshal(data, &sealed); err != nil { + return err + } + + fmt.Fprintln(debugOutput(), "Loading SRK") + keyAlgo = tpm2.Algorithm(sealed.GetSrk()) + srk, err := getSRK(rwc) + if err != nil { + return err + } + defer srk.Close() + + fmt.Fprintln(debugOutput(), "Unsealing data") + + opts := client.UnsealOpts{CertifyCurrent: tpm2.PCRSelection{ + Hash: client.CertifyHashAlgTpm, + PCRs: pcrs}} + secret, err := srk.Unseal(&sealed, opts) + if err != nil { + return fmt.Errorf("unsealing data: %w", err) + } + + fmt.Fprintln(debugOutput(), "Writing secret data") + if _, err := dataOutput().Write(secret); err != nil { + return fmt.Errorf("writing secret data: %w", err) + } + fmt.Fprintln(debugOutput(), "Unsealed data using TPM") + return nil + }, +} + +func init() { + RootCmd.AddCommand(sealCmd) + RootCmd.AddCommand(unsealCmd) + addInputFlag(sealCmd) + addInputFlag(unsealCmd) + addOutputFlag(sealCmd) + addOutputFlag(unsealCmd) + // PCRs and hash algorithm only used for sealing + addPCRsFlag(sealCmd) + addHashAlgoFlag(sealCmd, &sealHashAlgo) + addPCRsFlag(unsealCmd) + addPublicKeyAlgoFlag(sealCmd) +} diff --git a/vendor/github.com/google/go-tpm-tools/cmd/seal_test.go b/vendor/github.com/google/go-tpm-tools/cmd/seal_test.go new file mode 100644 index 000000000..89b08c9f3 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/cmd/seal_test.go @@ -0,0 +1,148 @@ +package cmd + +import ( + "bytes" + "crypto/sha256" + "io/ioutil" + "os" + "strconv" + "testing" + + "github.com/google/go-tpm-tools/client" + "github.com/google/go-tpm-tools/internal/test" + "github.com/google/go-tpm/tpm2" + "github.com/google/go-tpm/tpmutil" +) + +func makeTempFile(tb testing.TB, content []byte) string { + tb.Helper() + file, err := ioutil.TempFile("", "gotpm_test_*.txt") + if err != nil { + tb.Fatal(err) + } + defer file.Close() + if content != nil { + if _, err := file.Write(content); err != nil { + tb.Fatal(err) + } + } + return file.Name() +} + +func TestSealPlain(t *testing.T) { + rwc := test.GetTPM(t) + defer client.CheckedClose(t, rwc) + ExternalTPM = rwc + + operations := []struct { + name string + algo string + sealPCRs string + certifyPCRs string + }{ + {"RSASeal", "rsa", "", ""}, + {"ECCSeal", "ecc", "", ""}, + {"RSASealWithPCR", "rsa", "7", ""}, + {"ECCSealWithPCR", "ecc", "7", ""}, + {"RSACertifyWithPCR", "rsa", "", "7"}, + {"ECCCertifyWithPCR", "ecc", "", "7"}, + {"RSASealAndCertifyWithPCR", "rsa", "7,8", "1"}, + {"ECCSealAndCertifyWithPCR", "ecc", "7", "7,23"}, + } + for _, op := range operations { + t.Run(op.name, func(t *testing.T) { + secretIn := []byte("Hello") + secretFile1 := makeTempFile(t, secretIn) + defer os.Remove(secretFile1) + sealedFile := makeTempFile(t, nil) + defer os.Remove(sealedFile) + secretFile2 := makeTempFile(t, nil) + defer os.Remove(secretFile2) + + sealArgs := []string{"seal", "--quiet", "--input", secretFile1, "--output", sealedFile} + if op.sealPCRs != "" { + sealArgs = append(sealArgs, "--pcrs", op.sealPCRs) + } + if op.algo != "" { + sealArgs = append(sealArgs, "--algo", op.algo) + } + RootCmd.SetArgs(sealArgs) + if err := RootCmd.Execute(); err != nil { + t.Error(err) + } + pcrs = []int{} // "flush" pcrs value in last Execute() cmd + + unsealArgs := []string{"unseal", "--quiet", "--input", sealedFile, "--output", secretFile2} + if op.certifyPCRs != "" { + unsealArgs = append(unsealArgs, "--pcrs", op.certifyPCRs) + } + RootCmd.SetArgs(unsealArgs) + if err := RootCmd.Execute(); err != nil { + t.Error(err) + } + secretOut, err := ioutil.ReadFile(secretFile2) + if err != nil { + t.Fatal(err) + } + if !bytes.Equal(secretIn, secretOut) { + t.Errorf("Expected %s, got %s", secretIn, secretOut) + } + }) + } +} + +func TestUnsealFail(t *testing.T) { + rwc := test.GetTPM(t) + defer client.CheckedClose(t, rwc) + ExternalTPM = rwc + extension := bytes.Repeat([]byte{0xAA}, sha256.Size) + + sealPCR := test.DebugPCR + certPCR := test.ApplicationPCR + operations := []struct { + name string + sealPCRs string + certifyPCRs string + pcrToExtend []int + }{ + // TODO(joerichey): Add test that TPM2_Reset make unsealing fail + {"ExtendPCRAndUnseal", strconv.Itoa(sealPCR), "", []int{sealPCR}}, + {"ExtendPCRAndCertify", strconv.Itoa(sealPCR), strconv.Itoa(certPCR), []int{certPCR}}, + {"ExtendPCRAndCertify2", "", strconv.Itoa(certPCR), []int{certPCR}}, + } + for _, op := range operations { + t.Run(op.name, func(t *testing.T) { + secretIn := []byte("Hello") + secretFile := makeTempFile(t, secretIn) + defer os.Remove(secretFile) + sealedFile := makeTempFile(t, nil) + defer os.Remove(sealedFile) + + sealArgs := []string{"seal", "--quiet", "--input", secretFile, "--output", sealedFile} + if op.sealPCRs != "" { + sealArgs = append(sealArgs, "--pcrs", op.sealPCRs) + } + RootCmd.SetArgs(sealArgs) + if err := RootCmd.Execute(); err != nil { + t.Error(err) + } + pcrs = []int{} // "flush" pcrs value in last Execute() cmd + + for _, pcr := range op.pcrToExtend { + pcrHandle := tpmutil.Handle(pcr) + if err := tpm2.PCRExtend(rwc, pcrHandle, tpm2.AlgSHA256, extension, ""); err != nil { + t.Fatal(err) + } + } + + unsealArgs := []string{"unseal", "--quiet", "--input", sealedFile, "--output", secretFile} + if op.certifyPCRs != "" { + unsealArgs = append(unsealArgs, "--pcrs", op.certifyPCRs) + } + RootCmd.SetArgs(unsealArgs) + if RootCmd.Execute() == nil { + t.Error("Unsealing should have failed") + } + }) + } +} diff --git a/vendor/github.com/google/go-tpm-tools/files/PKGBUILD b/vendor/github.com/google/go-tpm-tools/files/PKGBUILD new file mode 100644 index 000000000..56ac2fd58 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/files/PKGBUILD @@ -0,0 +1,35 @@ +# Maintainer: Joe Richey +pkgname=gotpm +pkgver=0.1.2 +pkgrel=1 +pkgdesc='TPM2 command-line utility' +arch=('x86_64') +_reponame=go-tpm-tools +url="https://github.com/google/${_reponame}" +license=('APACHE') +depends=('glibc') # go-pie requires CGO, so we have to link against libc +makedepends=('go-pie') +source=("git+${url}.git#tag=v${pkgver}?signed") +validpgpkeys=('19CE40CEB581BCD81E1FB2371DD6D05AA306C53F') +sha256sums=('SKIP') + +build() { + cd ${_reponame} + go build \ + -trimpath \ + -ldflags "-extldflags $LDFLAGS" \ + ./cmd/${pkgname} +} + +package() { + cd ${_reponame} + + install -Dm755 $pkgname "${pkgdir}/usr/bin/${pkgname}" + install -Dm755 files/boot-unseal.sh "${pkgdir}/etc/${pkgname}/boot-unseal.sh" + + initcpio_name='encrypt-gotpm' + install -Dm644 files/initcpio.hooks "${pkgdir}/usr/lib/initcpio/hooks/${initcpio_name}" + install -Dm644 files/initcpio.install "${pkgdir}/usr/lib/initcpio/install/${initcpio_name}" + + install -Dm644 LICENSE "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE" +} diff --git a/vendor/github.com/google/go-tpm-tools/files/boot-unseal.sh b/vendor/github.com/google/go-tpm-tools/files/boot-unseal.sh new file mode 100755 index 000000000..c40c2d0e1 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/files/boot-unseal.sh @@ -0,0 +1,39 @@ +#!/usr/bin/ash + +key_found=0 +# Loop through all devices to find the ESP +for device in $(blkid -o device); do + part_type=$(blkid -p $device -s PART_ENTRY_TYPE -o value) + if [ "$part_type" != "c12a7328-f81f-11d2-ba4b-00a0c93ec93b" ]; then + continue + fi + + # Temporarily mount the ESP to read disk unlock keys + mkdir -p /mnt/esp + mount -t vfat -o ro $device /mnt/esp + + # Attempt to unseal each sealed keyfile on the ESP. Note that just becasue + # the key is unsealed by the TPM, does not mean it will unlock the disk. We + # write the unsealed key to the in-memory rootfs, it is not written to disk. + for f in /mnt/esp/*/disk_unlock_keys/*.sealed; do + if [ -f "$f" ]; then + if gotpm unseal --input "$f" --output "/crypto_keyfile.bin" ; then + echo "Unsealed ${f#/mnt/esp}" + key_found=1 + break + else + echo "Failed to unseal ${f#/mnt/esp}" + fi + fi + done + umount $device + + if [ $key_found -ne 0 ]; then + exit 0 + fi +done + +echo "Unable to unseal any TPM disk unlock key" +exit 1 + +# vim: set ft=sh ts=4 sw=4 et: diff --git a/vendor/github.com/google/go-tpm-tools/files/initcpio.hooks b/vendor/github.com/google/go-tpm-tools/files/initcpio.hooks new file mode 100644 index 000000000..274837958 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/files/initcpio.hooks @@ -0,0 +1,7 @@ +#!/usr/bin/ash + +run_hook() { + /etc/gotpm/boot-unseal.sh +} + +# vim: set ft=sh ts=4 sw=4 et: diff --git a/vendor/github.com/google/go-tpm-tools/files/initcpio.install b/vendor/github.com/google/go-tpm-tools/files/initcpio.install new file mode 100644 index 000000000..0dc6da863 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/files/initcpio.install @@ -0,0 +1,23 @@ +#!/bin/bash + +build() { + # Allows us to mount the ESP + add_module vfat + # Allows us to use the TPM (through either hardware interface). + add_module tpm_crb + add_module tpm_tis + + add_binary gotpm + add_file /etc/gotpm/boot-unseal.sh + + add_runscript +} + +help() { + cat < max { + max = idx + } + } + return max +} + +// FormatPCRs writes a multiline representation of the PCR values to w. +func FormatPCRs(w io.Writer, p *pb.PCRs) error { + if _, err := fmt.Fprintf(w, "%v:\n", p.Hash); err != nil { + return err + } + for idx := minPCRIndex; idx <= maxPCRIndex(p); idx++ { + if val, ok := p.GetPcrs()[idx]; ok { + if _, err := fmt.Fprintf(w, " %2d: 0x%X\n", idx, val); err != nil { + return err + } + } + } + return nil +} + +// CheckSubset verifies if the pcrs PCRs are a valid "subset" of the provided +// "superset" of PCRs. The PCR values must match (if present), and all PCRs must +// be present in the superset. This function will return an error containing the +// first missing or mismatched PCR number. +func CheckSubset(subset, superset *pb.PCRs) error { + if subset.GetHash() != superset.GetHash() { + return fmt.Errorf("PCR hash algo not matching: %v, %v", subset.GetHash(), superset.GetHash()) + } + for pcrNum, pcrVal := range subset.GetPcrs() { + if expectedVal, ok := superset.GetPcrs()[pcrNum]; ok { + if !bytes.Equal(expectedVal, pcrVal) { + return fmt.Errorf("PCR %d mismatch: expected %v, got %v", pcrNum, expectedVal, pcrVal) + } + } else { + return fmt.Errorf("PCR %d mismatch: value missing from the superset PCRs", pcrNum) + } + } + return nil +} + +// PCRSelection returns the corresponding tpm2.PCRSelection for the PCR data. +func PCRSelection(p *pb.PCRs) tpm2.PCRSelection { + sel := tpm2.PCRSelection{Hash: tpm2.Algorithm(p.GetHash())} + + for pcrNum := range p.GetPcrs() { + sel.PCRs = append(sel.PCRs, int(pcrNum)) + } + return sel +} + +// SamePCRSelection checks if the Pcrs has the same PCRSelection as the +// provided given tpm2.PCRSelection (including the hash algorithm). +func SamePCRSelection(p *pb.PCRs, sel tpm2.PCRSelection) bool { + if tpm2.Algorithm(p.GetHash()) != sel.Hash { + return false + } + if len(p.GetPcrs()) != len(sel.PCRs) { + return false + } + for _, pcr := range sel.PCRs { + if _, ok := p.Pcrs[uint32(pcr)]; !ok { + return false + } + } + return true +} + +// PCRSessionAuth calculates the authorization value for the given PCRs. +func PCRSessionAuth(p *pb.PCRs, hashAlg crypto.Hash) []byte { + // Start with all zeros, we only use a single policy command on our session. + oldDigest := make([]byte, hashAlg.Size()) + ccPolicyPCR, _ := tpmutil.Pack(tpm2.CmdPolicyPCR) + + // Extend the policy digest, see TPM2_PolicyPCR in Part 3 of the spec. + hash := hashAlg.New() + hash.Write(oldDigest) + hash.Write(ccPolicyPCR) + hash.Write(encodePCRSelection(PCRSelection(p))) + hash.Write(PCRDigest(p, hashAlg)) + newDigest := hash.Sum(nil) + return newDigest[:] +} + +// PCRDigest computes the digest of the Pcrs. Note that the digest hash +// algorithm may differ from the PCRs' hash (which denotes the PCR bank). +func PCRDigest(p *pb.PCRs, hashAlg crypto.Hash) []byte { + hash := hashAlg.New() + for i := uint32(0); i < 24; i++ { + if pcrValue, exists := p.GetPcrs()[i]; exists { + hash.Write(pcrValue) + } + } + return hash.Sum(nil) +} + +// Encode a tpm2.PCRSelection as if it were a TPML_PCR_SELECTION +func encodePCRSelection(sel tpm2.PCRSelection) []byte { + // Encode count, pcrSelections.hash and pcrSelections.sizeofSelect fields + buf, _ := tpmutil.Pack(uint32(1), sel.Hash, byte(3)) + // Encode pcrSelect bitmask + pcrBits := make([]byte, 3) + for _, pcr := range sel.PCRs { + byteNum := pcr / 8 + bytePos := 1 << uint(pcr%8) + pcrBits[byteNum] |= byte(bytePos) + } + + return append(buf, pcrBits...) +} diff --git a/vendor/github.com/google/go-tpm-tools/internal/pcrs_test.go b/vendor/github.com/google/go-tpm-tools/internal/pcrs_test.go new file mode 100644 index 000000000..bfbe8ac06 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/internal/pcrs_test.go @@ -0,0 +1,33 @@ +package internal + +import ( + "testing" + + pb "github.com/google/go-tpm-tools/proto/tpm" + "github.com/google/go-tpm/tpm2" +) + +func TestHasSamePCRSelection(t *testing.T) { + var subtests = []struct { + pcrs *pb.PCRs + pcrSel tpm2.PCRSelection + expectedRes bool + }{ + {&pb.PCRs{}, tpm2.PCRSelection{}, true}, + {&pb.PCRs{Hash: pb.HashAlgo(tpm2.AlgSHA256), Pcrs: map[uint32][]byte{1: {}}}, + tpm2.PCRSelection{Hash: tpm2.AlgSHA256, PCRs: []int{1}}, true}, + {&pb.PCRs{Hash: pb.HashAlgo(tpm2.AlgSHA256), Pcrs: map[uint32][]byte{}}, + tpm2.PCRSelection{Hash: tpm2.AlgSHA256, PCRs: []int{}}, true}, + {&pb.PCRs{Hash: pb.HashAlgo(tpm2.AlgSHA256), Pcrs: map[uint32][]byte{1: {}}}, + tpm2.PCRSelection{Hash: tpm2.AlgSHA256, PCRs: []int{4}}, false}, + {&pb.PCRs{Hash: pb.HashAlgo(tpm2.AlgSHA256), Pcrs: map[uint32][]byte{1: {}, 4: {}}}, + tpm2.PCRSelection{Hash: tpm2.AlgSHA256, PCRs: []int{4}}, false}, + {&pb.PCRs{Hash: pb.HashAlgo(tpm2.AlgSHA256), Pcrs: map[uint32][]byte{1: {}, 2: {}}}, + tpm2.PCRSelection{Hash: tpm2.AlgSHA1, PCRs: []int{1, 2}}, false}, + } + for _, subtest := range subtests { + if SamePCRSelection(subtest.pcrs, subtest.pcrSel) != subtest.expectedRes { + t.Errorf("HasSamePCRSelection result is not expected") + } + } +} diff --git a/vendor/github.com/google/go-tpm-tools/internal/public.go b/vendor/github.com/google/go-tpm-tools/internal/public.go new file mode 100644 index 000000000..729981d15 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/internal/public.go @@ -0,0 +1,35 @@ +package internal + +import ( + "fmt" + + "github.com/google/go-tpm/tpm2" +) + +// GetSigningHashAlg returns the hash algorithm used for a signing key. Returns +// an error if an algorithm isn't supported, or the key is not a signing key. +func GetSigningHashAlg(pubArea tpm2.Public) (tpm2.Algorithm, error) { + if pubArea.Attributes&tpm2.FlagSign == 0 { + return tpm2.AlgNull, fmt.Errorf("non-signing key used with signing operation") + } + + var sigScheme *tpm2.SigScheme + switch pubArea.Type { + case tpm2.AlgRSA: + sigScheme = pubArea.RSAParameters.Sign + case tpm2.AlgECC: + sigScheme = pubArea.ECCParameters.Sign + default: + return tpm2.AlgNull, fmt.Errorf("unsupported key type: %v", pubArea.Type) + } + + if sigScheme == nil { + return tpm2.AlgNull, fmt.Errorf("unsupported null signing scheme") + } + switch sigScheme.Alg { + case tpm2.AlgRSAPSS, tpm2.AlgRSASSA, tpm2.AlgECDSA: + return sigScheme.Hash, nil + default: + return tpm2.AlgNull, fmt.Errorf("unsupported signing algorithm: %v", sigScheme.Alg) + } +} diff --git a/vendor/github.com/google/go-tpm-tools/internal/quote.go b/vendor/github.com/google/go-tpm-tools/internal/quote.go new file mode 100644 index 000000000..3b1b4f07c --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/internal/quote.go @@ -0,0 +1,110 @@ +package internal + +import ( + "bytes" + "crypto" + "crypto/ecdsa" + "crypto/rsa" + "crypto/subtle" + "fmt" + + pb "github.com/google/go-tpm-tools/proto/tpm" + "github.com/google/go-tpm/tpm2" +) + +// VerifyQuote performs the following checks to validate a Quote: +// - the provided signature is generated by the trusted AK public key +// - the signature signs the provided quote data +// - the quote data starts with TPM_GENERATED_VALUE +// - the quote data is a valid TPMS_QUOTE_INFO +// - the quote data was taken over the provided PCRs +// - the provided PCR values match the quote data internal digest +// - the provided extraData matches that in the quote data +// Note that the caller must have already established trust in the provided +// public key before validating the Quote. +// +// VerifyQuote supports ECDSA and RSASSA signature verification. +func VerifyQuote(q *pb.Quote, trustedPub crypto.PublicKey, extraData []byte) error { + sig, err := tpm2.DecodeSignature(bytes.NewBuffer(q.GetRawSig())) + if err != nil { + return fmt.Errorf("signature decoding failed: %v", err) + } + + var hash crypto.Hash + switch pub := trustedPub.(type) { + case *ecdsa.PublicKey: + hash, err = sig.ECC.HashAlg.Hash() + if err != nil { + return err + } + if err = verifyECDSAQuoteSignature(pub, hash, q.GetQuote(), sig); err != nil { + return err + } + case *rsa.PublicKey: + hash, err = sig.RSA.HashAlg.Hash() + if err != nil { + return err + } + if err = verifyRSASSAQuoteSignature(pub, hash, q.GetQuote(), sig); err != nil { + return err + } + default: + return fmt.Errorf("only RSA and ECC public keys are currently supported, received type: %T", pub) + + } + + // Decode and check for magic TPMS_GENERATED_VALUE. + attestationData, err := tpm2.DecodeAttestationData(q.GetQuote()) + if err != nil { + return fmt.Errorf("decoding attestation data failed: %v", err) + } + if attestationData.Type != tpm2.TagAttestQuote { + return fmt.Errorf("expected quote tag, got: %v", attestationData.Type) + } + attestedQuoteInfo := attestationData.AttestedQuoteInfo + if attestedQuoteInfo == nil { + return fmt.Errorf("attestation data does not contain quote info") + } + if subtle.ConstantTimeCompare(attestationData.ExtraData, extraData) == 0 { + return fmt.Errorf("quote extraData %v did not match expected extraData %v", + attestationData.ExtraData, extraData) + } + return validatePCRDigest(attestedQuoteInfo, q.GetPcrs(), hash) +} + +func verifyECDSAQuoteSignature(ecdsaPub *ecdsa.PublicKey, hash crypto.Hash, quoted []byte, sig *tpm2.Signature) error { + if sig.Alg != tpm2.AlgECDSA { + return fmt.Errorf("signature scheme 0x%x is not supported, only ECDSA is supported", sig.Alg) + } + + hashConstructor := hash.New() + hashConstructor.Write(quoted) + if !ecdsa.Verify(ecdsaPub, hashConstructor.Sum(nil), sig.ECC.R, sig.ECC.S) { + return fmt.Errorf("ECC signature verification failed") + } + return nil +} + +func verifyRSASSAQuoteSignature(rsaPub *rsa.PublicKey, hash crypto.Hash, quoted []byte, sig *tpm2.Signature) error { + if sig.Alg != tpm2.AlgRSASSA { + return fmt.Errorf("signature scheme 0x%x is not supported, only RSASSA (PKCS#1 v1.5) is supported", sig.Alg) + } + + hashConstructor := hash.New() + hashConstructor.Write(quoted) + if err := rsa.VerifyPKCS1v15(rsaPub, hash, hashConstructor.Sum(nil), sig.RSA.Signature); err != nil { + return fmt.Errorf("RSASSA signature verification failed: %v", err) + } + return nil +} + +func validatePCRDigest(quoteInfo *tpm2.QuoteInfo, pcrs *pb.PCRs, hash crypto.Hash) error { + if !SamePCRSelection(pcrs, quoteInfo.PCRSelection) { + return fmt.Errorf("given PCRs and Quote do not have the same PCR selection") + } + pcrDigest := PCRDigest(pcrs, hash) + if subtle.ConstantTimeCompare(quoteInfo.PCRDigest, pcrDigest) == 0 { + return fmt.Errorf("given PCRs digest not matching") + } + return nil +} diff --git a/vendor/github.com/google/go-tpm-tools/internal/test/attestations/gce-cos-85-no-nonce.pb b/vendor/github.com/google/go-tpm-tools/internal/test/attestations/gce-cos-85-no-nonce.pb new file mode 100644 index 0000000000000000000000000000000000000000..fb69dfc6aa03b20c38491a118722ee26ef2c52db GIT binary patch literal 29596 zcmeHw2|QI>`~Sub>{?}5dM~(9US#-{!Mr?+SnU2M0d+I7dWa8{ioE|fskcJuC4QVnm z@**6><`{?g2d=;?7DTE<%!q{9810fe1DV7b>Gh+|Bg`uvb-afOrv)h3xJxQuvk}_j zR-0L$IpnU=DQ=#A1&@o>=#r3`q(9~0LU(`VJxhFWp-U0tNDL}E;Z1I(%ZD2llin6y z@?(V^DZM_K;@Ww3#QiVNyn3UCQ6#iEwB$+G>32wjGLGi%J>xT7i>0?Y^~A1Nd^8OJ z%+V8+R|Y8J0u>3W}zY^`-5>R8&cmyNk$j7kJYRENbbb6OL^H)KTBiAUOtZL%-( zP@U8}{6fK*ZjqG2d(%`+D~uW70-)mrpLGw6i^K;{=ETKhPIL!UsRSTL`lPWT9jmSB zL=@YlHv7U*4}9A45x{p5(*nErw~G@(w7Iznz&DEd?l;(21b&v~9%I$YP&S{;te(_jtN!Li|S{08-jr4KH)*0*6P_2`LYp^XE^p;M_aBuK0Ysi*QC?rS-1q zxn}a9>m|2?RMg6*v^w_eo!}viccrfcIAdC3r^|WbIJ+;jY((Gn^=KZ8&nna^quBd8 zq+s&7(v{Dy6-7j&df6ohRwYeq^7MJ+(k*j_oz(Mt66v1FX1CmIRumNgRX3tx4mP!QL;;sq?cIt@mP;ZMzStJ$RKpgWTbQqsxPqIN>mZ`w5Q)U?J7XpIw4LL;S*4F87(@8O7z#Ru7iN*H z10i);D_+{AH^w*K$T{?6f$uQ=Py*T?N$mXS0)!#xFjy;?HRuD)bIEzjS;L z8_0*4jzKy5Jw(B!zCMv+?7#956N54<(@bVGJ1^ zgHJ#_w74U6Z11aMkuKewwVbf&!(eI*Ka_yxhp7Q{46UN=wYwWVGpe;z8R<53^){w6 z-qEE}{HZpd{{1!&-EQ-cSgG!crMNXqD;Rm^%e~~ml&2@`dJ7@t!q3)Sg_+6z(dI*Z z9zQziazk&znyno8Xfi%y6?`^Y?n05+l99qevsiT-y|zs%6UXS?bDsp!Oo-gKPD>v~ z7x>#QCClxu>#XV%R)3!qCzTd0ODZqQ$Iv%9*K2pa!r<+>wpT-a=@%gb_u@M|X`Ub5 zdx~NCbx)J2mEiu~+m|;z;98AMlE*~h)#0hC^x=G>4HusW4Gn&XtBBIi(X=KcKjC6T zs~c}kImnDlq+6Un978+(x!fe*q%y;Asn)?uTS^y@YJ9mzx`3@X!s5m7a=TLz3`P|I zKW4|FCCSM8Xz=m|Fk~yJ<=o79F{8k0PIRfgn|(O{Nm^2@(uD)TnYPn{C!rQ~Pik4y zNWoUk1GX#pH;wuaUXY584*rKG{!IW#MMMWz&`9`f)V@%wSsN zbnprGgf%jMajshnQ@vL-((46>`(5Lk?HOwIgwrqUlA}Q?+Fz2M{+Fl-=-?h#sjXZ; zeyUH^({_7)8gg+^_onO-d5zxUs|RzvOdd*u9Es`Rj0q2P4eZn@S@q86mL~TJGWx$t z5@EiyUm-t3Q;EM{AEW~4;M5Xr4EBkqZkN7@dnu7~ApUv5Y~EZd>HIWb$9T!K%sr3_ z`b*`-@JrG&{t^|04*oEu`JzDiHQC+X3H2-~Pf7c6M@i?*uhjIveL(y65hN9qi{zKS zHYpuk3^V*uknrG%ee|s!kj)#VbH=gn)fyMeJVQ5@I7YNifobjfCAlbnsU&EAiHh)- zq^JI+v?%D{=;~7&yc^<=$>$w7-{~w8BQ+jasEW{z_4(?`0ksc(!92o#A+1!(KZS`; zzK@BpZA^6AORYTwF$&nVeC|Bm(KUa8usVhJk=;I;h|6KcrLJ@Tz(nhg;&8G)bxGK< z7?MFmr`V0I=73QoU;p9cCT?dD`0h^Yn+xj-R{Q6i{rA0$pvexTXHF{YI$xyXtUhzET_b=6_C9rTA!g&wUUTx3HIM!1L(I}Ut`q5(HE3bQ!n@X1^)~VB>@oL3ui`-O z%%&*5IqAR;Chr&udFxc84+gu1A{4WnIZzUZyD`hcDVF5jt{hR}6g{E2?s40j_BuQdLN$F75q3(@)bM*0EC1T&NuA2sAwHHkHi0{lwiWMp)R z565IHrhJS1l5bjAcAX7SwTs2TQxAwoFvfa4y_%m#OY))5l?OA=kD2wqb0NHQ8hi^% zhxh|@{v-f=i}Fvs#q_7%qWM#A(b6Hlf%>0%!F&&%f0l$>avQYOaET(e^~6|CuWuFQy*Xpb{3E6=pmn=JMozeu0U3-Y4> zQ>8)lr@j}24iPGAd&N8TO2##P=xMetN>absIg0mJy|izhRbEL9pDE}%6y1^3bm^KC zFw_&Am6GybW!cK!2ju@*HF;9-pD2UxZb3^(z@py4{| za1DQq2M!^&O-Tq4;@^SbZEOGzz<@9Ch#&OWj!^Q7AG@>!IGNQdOH%F9I!FVfr-1_f zpB7m~%hy**CeI}d>kUdACw*xsXLV%5GAQrbk3~(p793f1mns_fwe6=j@R=3V_ z&dm-PB`GFkZa8XBd>zBnxc8+A41J{$C`{}Pax|W?7N7=bfMOg1u;BO$4)6m|fE(!7 z-155v0ifRpz+$GSgaSvpc<8muVdiF~ za=px$`qc+M)E;Rzcd(6`r}^0#X>P#)TIXl`r5X0-m4u~<_uOmdJJBvU9>Xuz$dc>6 z+MIPpXZaBNh5Y2M>`(o4hQ!p6{cyabY8r5TPY-QRU!0DIlP5Sl^tB@eysj|3}o zcbaMW-Tt-&wy`xSDBv(~%WUkO@$TA36FCN)xMXe)wkj|8(P4ia|GDsIrys(AV3_yG z{Ws080y)ULtQ+QjDSd=~zAS2Wg#wMP^n$aEyr*(YP_sRyH1+r1n$A}*yF>mcF5#DQ z)B)r0&JfTA3N2dCO`k41aI*FSqqX2$pPe`%kY?~>_+U(8iB@KsRfSd~TPz|1!h(n( zA}AmtBp@WDvF9XQq5ZtJfU-S+9WgVuMNpEE3q)&2zo#T1fD!|U@KhueK~6$s1|gv* zG&4ccBWUp+GI|O%lpEH`)5imgLheE^-~&nNDfK-4Ja8zi2mBBg6M$qu(BZ===%HGk zp3ZI<_`!o}!bncUZhR<|ewUi(7BR*LZs3K(x?_Vej&K7LBnN^WPe4S^Xr`g512=R- z;Xp?2a9vCg+#iWRa4=DdA`sFDNu-Rpw79q>6Qvm5EB?j%Unz400oU(~mVg)_iXfl{ z5D^3vgb@S;z&RbtAR(=l_W`lT`f{GX(u`DMZFsN!#{O(Z;!}=KOr&zW&lL=hxG@t} zwCQy;itVZ*m*Gvt4X(`eOblUFP{I73lDVAn&Fpb<@A$L_KRIq*sAaoaX11BF$Ypci~|Z1cXEc070=U0*jyqzx{4{0)kBlF@gxZA@<<|s32Src$fHE<;9Mfg#+0k zqv$jf-CIj#9!BR@N*CVa*9qxx0;Es%VC4t zHJb|@4`MP9ug9n!2Ub$>zL9mM3vyt{@W`W-XB2w%CYbHv-0eZ@M>$U3n|*K-Fw_> zMI&#L3@0zNh-R(?`kz!WW}Pf}xAu%BESlHkA(ss(I1#IiC`SSM3pmmrJiz=1nRY-x^vMN~e^+DJFaU&;$12me!AlP6l45 zMvaC(cTb&y&?3dqJ#BOR?l+2xpI;@QTa)GvN-W2@Hq^RuoVHJE`5NZDnvGjR43m$4 zR!mdna_`;TZ9=&S1!DEw1KeX>)1F|WsZPzAdCd{#CaWZ`L|%CtSY>A9Xb1ytp!TYs zixl$Lb-~i1-uI~}$0 z7nsup`@KH`-A=6J_koTJ1UiasprZvYngwC`o>%T;GQ3*6cwemI_sww&>C*rGNXLbM zZzCPc7SiDXP9qTQg7R?2d>`#35MQAk=tYG8m&*M!#A|Tm3Y0Z>8djKS2e>WEPpaQ^ zwf-b95R{%(Tke7(=$%@7U`;C6Qluh}88#Y;E)Bc1!Iy0ci22IaB%RISvw3Y}q!591 z#uau4Cp}}g?>^2`mhf;$rLbMeS`j12wA)g_d2r>rIqMRrNEhe)AHraPrFPZMWt962{zhm-R zp4p*O7eC=bQ}gmSP>a;+)5?an2F8BSms3)0EjGb5WQ8w~zL)Eqrk6BaiB~W_&Q~hx z6OaT+d!Mlo@ur9zh&`Eltv8}SyGy37q>V>2{%S)W=9dt!f7-%UtBsIrwgS#V%;roS zF|Dg)&S`9yO|m599eeD+SBUph;_o0{lD=!)0z|rc^V9hV$q)4+?qm{&&Rn%x&8Tw+ zl;tI3H0+PXHSy7FHC9?g>x9Q>yZMzCFVqQb-bIvtveOK@f><-0g9knQ0O^z{Dp7JP zh2$&^&khbZh?WeE$JW>(@;!a^TO-jiilX}98_#ERv-Q#S$R{ly7E?xiVUFsvMcL5rR?$@s#*4B8X8sE`t z^3qedGH~Y80nh@7c6yKJ+-G*8|s z*v|e~f(EjpX%KBRU|;Co!zFWJa`Z{&*NAudhJNiDD}x4yQi=NVCn~gTX#Y(p06nD7 z-tPyFbIZ9|(Rq(prMhUmD3Fr%8o{mus;;e$FhKSWT@F})WkDRWq) z27aFgNULz%ZCdLvneHlns_KFI()=N(rb-luSKT!%!?Fq)8pTbc{Z!5v&mF~1;S1t9 z0uFyr>~`Yzd>`*95fOwdUlcpd0k%dC?nm~|9QK8asuDQ-0q)}e{cy*O*tHFJ)LU?; zuKELzllU6sBtVe+uafp>(AM9R`g)qG_By@ktOkSgDK1-yx81F;pM_~f3sRC~HF!&C zVTN_yWhJH$$apQSpGehFdbB=&@q{`&{+2?7shDGHPt>SfSE~H#?IRgY`Bhv~tJ6@< z@P;?9pP)vv*WYXE-n?NtULsQ7_J)h|vHpJQJicON-VhT6f+VVq;g)3^^{k24B|^AL z!Q1gfJ44+oN0y)BMofi@bbkrjboFbz505-KV0F!Y#W|E&i|nS|=m)(>iV%w~T@p(^ zp0A+or^Mfbwtxo#7V#h64Vx8xwvdUF?iG|#2zI|>_vvzcPur(%k``H^vf^VNcaub! zUsb8*?Niz~+brd8{QhM}pu+{oqCAB);ZVsQq1s4oV}WG1=87tfJB(LPSF0 zNa6GL6Enk;7kNWuZys8z?YV-uwa~F~;p`!|(LKle-UT2=(l$=l*D7|G_BW@qOB$1l ztxkPFB$fz1Lx%o?CS>B(j~! zG!K_9`Cwm|b8$jRKK;Ra&h;DStJetyD|X+$dqz#KFm}H2^8MDQpXsVv3ACRRnsg7T z7fHT0)^qRS5WTX}^fj~%ImLO`K=bXct4a}2=v{3e9uHuK0x~U|25JDQb|H0LW^s0u z7ID%^wfQB-1EOOCe7rBF2w^~~flpqZR}bP8b@)Cx!*TS(nc|PE1C!!bGa2yS9Cu3| z5}&v=rP&+z>COf+)1JP53LJ0v7TR`{Id}Y61nBV47WfBn%lZO*$G#74E}$}JxD9UP zKt+B{b#5}e{99BD{g;E<7aJBz4^?yV@pQ-fx#LY#CIsU)l2LtwWT0(|ltzkz<|q<0 zN0A_qiQ>HyU%ZI_xPU*yu1em}~9MAZ~L(@h2_{nB|A_=Ye#9Ns&bW(Q& z=tkY-c9qLHBLzfcYG%wn(fbEoJuH}Y(CY9fuEfrHTY>rZYGLEXp#Z-k5$)E`Cml z?Kk|eo^?zd=R{#}HNciKejB^OUm(JtZH-famgg=A!-KIi&W>W5G1c!xY2sI>Pg_dA zRYZhe*)})BFCfCp!@f&X7#>v;9{wNy>Jh(dF)+N)^gG7&cW{%>bxdks*ggq1%}>sR zFkq6NzQv{R*nbl+?LlyE0~7NPEy}MU3U5&U4x;b|<$sZ^KSQfFDpa%4 z$783%C8ZnhdSM>$h*{i@pWb+#Sz=AP;Pw)PmmqD9{i)?l=qcvalBQYy)KVMl_{9Wr zSuM9+RCjKkQGQ0-ao;XsF$ml6oNpt*&ii)$(=r=J4boY{x00U02KO|kW)=oxW7k#E zpElmSLd*P-o%Zn?CKA}?MY%USnC0TBPxG<-h4b_w>aI_gjN^XAX^K+njuyVzK&OCNYthHq9MUCM?v|A7f-gA9adK1HShIP5y^6}9xXtjt4 zfBieOf>c;KR-TCH$!u78#(=Z2>XuWz_L903txWX8|M^hM{ToRt}-&6rW;QB|C z`YCW(-VQiZxf>8~Uy%2&KS>mrNzT52e1BMftis>t99=O7LXlK@lSSsPpsgryb9!%l z8>w*aL@O$i>i&n4x>OP2HOL8-fTO(db)Q7IPE$%m(`D|#n%uf-kv;1*=RAA3H=gY6 z<+o4!7PyGM0M|=U|N7%J0MQU=EjI1|*H~utz>WLfi{Ap*5A+q-_lEyrKN$XpeKq{Q zqfo)Vt5CtdRjA;2g$f}qDut9lNQy~WGE<9+f&pSk#Fu~{b*}$D5q}0!wO4jg^Lq+X zSo6PhW0(c*?M4{ZmH4f*o`q-+v@k}IjoC5Zr;sR1ald*bxlkX&Je*~8%)TQoU&;>H z@4YezQPudE1I^=fS&=w>cloIHoA|2EFt>#}^?@1vaKX#B4+d2_lkKs;fBi+;l~0#7 zbEcmQP@hyt(J&aO^bof=nnpLqbRZS2RQ*=|{4ueX^YK!?DLz`u`|cPUk%vE>-!rvJ zZ0^{Rtbi-rP3-sv%3zWd94DOGp@tT!T?u|7=B}(5Fy9lDFTmc)IIQn|(o2viex2H6 zpBaKIQm)@&)BcrDE9KE_a!8I^;+s)XH7!f3L%2L(5!z!4hh$x5Fp$;R1}Q^?{_h~l zqyZU2vMe}KRuNVa+LiMR5I^F%)pdcx_uw!=7{hl7ehLBMHPW2#3oKXUI$Hg{m zPgvJ&LP6F1ixILNIvY>ihhmS^2;_w@t-hiYYG#>kq-|V_;`7{df(-pQ!9$Rz&hzuBXNmbpPGK_W4M|Hzh173Q-@jA5!Svt_{g~PG#QXQunLHlT$m+BG)6dmq zT8>xeD@RM17Be90&01pE+Xpc@9c8OtkeWwP+O(ZvK$4+>W3}8JmhQzS5rF68yQ@vn zOJ|?#x^DdZzO27jhZK}4Y)dt0F`T~+0(!9ImNRrY+2C6wdUm^7nF}N05J=FxA(!pwcRH@=x1KHJ9 z>-(BzwjZ18F5+_gPi5nnRkKZALLC(@D_kD;y;;4m*r@eAV5rx}UV3~=zTF~U=|NBj z;qC-xtA($C;kyJs1%~6q4ELU1FPTF6lQ`(qoC0PB24A~r`>3eepAR|sMvU1!;EbWH zzc=E!lVYtFf%q9^7hfIokME8UB%ec*6^oP+6b&B8UW(Ef(Z`AO&WvdC_db5YxcVqz zu$(c*SLM9C&GDYSHRJk5uSnQG7C>GFX|UBxJK(BxYqH&t>{BuAiIewI54~RV$Zpgb z-`})*k0FiMo{*OwfY7E`Cn$j^t$iXnY+mUQ% zg@*yS-op`G@qypf1kOZ**WcvjDp`GfW_7G!w*>!qoi466;uEtV6hLOSa3H7)?J1d~ z+Dn=bq!gMG->B8RC+xOLZkHe_0LsfVCisT>qm2 zc!57KXQT{3SM&8_uhzs3D&`cYFJX2SLP!{ZJr(;k8T^SfB0b{jmYukfp_`Cz@+omM z=%`a4Ct|}k--z6>xA}b6sgqDZ@MVd`GxFPwfidfc`DIRiW`_<8-E84=?V9yJ^};$) z2L=?Gh~2Jgo5)6ppGpX&jg^xZyt^6_)2>?lAbR!v$EnUjp5VL@Yz!HNyY6)6{q?#O zP|6?W(;ke&yRY+!+>(?R%%=vp)=39|10LWCCwK6B*@0_y@N1qN0UPMdF`cYmK$gy{ zwD6fUKzOAdK7YS-2nr}T`&?bqzwehmEU^Ee-3H@Iqt9)_&?!%Ws;SQ0Lt+guAfRBh z1}Uh|VP38mZMo-p&Fe(x;5`Haqv5#}Sy^F$L&M6e;;x@58qQ1Kg{z%O^u}-X0@u;F zVLhDT_@yo?US4ikGzy3H^ng2oqm6J?Pfy&|;uueS<=CpV|G5^7FQfkqcl_Mge~$Zh zp8r#M$LIS$mv`d-D0i^+{s;4p?=vTW9Zaxh9$ky_iM8&fFYr}oVby$?p#d)Xd;dYP zuJN?<=Vz5i5(&l=Y1||fn5OK66-nojR;-<2dNAM&rHM9knt4M{C_jhC@H>pn$B302 zi~{-QaE^>wO@KN%u`;Wi#R3PKae|N5d`UwC{Mg@4py2C2-r?tc@eV(M@<)pv^7s5N ze(dvKwG8pcv(-P->;Inr{e{JRKb_M3{bIhK5`SkNBkBM6{4XB5K>+=t(uA$VIvUgF zZ@h0HddhZp5*JcN83F~yBgd0+b3LU$SR8=_bZg02S2MR;8|L}CC)5fhdrUxJfSR~z zs4%Z7X?rP3IuOdDQz~%$)x7d_u;KXi*A=}IWA^!12F_PCXbKmVye+NPdhZCb+*-A( zVr+_6rL93J)M)dP@vwzgtMP7gQ)%mwYugKqfAP;2qzJq?q9>9qeV?m0(pz!|_QF6q z{GZkfxmFl>$Gb}koz#(0K3YjZ3fK{?WPJ ziwR%~s>-IIBKg;xjezWDQG+s-YkM#Dh@L1WKO0MBLM*ABp0?Q-WkRu{04~hla+~*l z&u5bWzmU-w&TpJV6 zul|Mqb~)@YFa`|3pXp!b|84&Dg(kzjkg6TcPk<>hr88Kdf1Bf`!OmCT_WzcD)g6)k z)cxE1zvTbCG8?LX_8gRZ?+G!r5uhKkmG0)f?Q+;*@>~A@8vk$eKSRUgS7oD_Tk(S5 z(3F{dN?CcESe-`@bN|M(Lx{;E^(qY&24t5%DYx@?rz z&1PE?e7EorskUQSKoKk+YAK_tyv1*QxOCBZW;Ri;MH*__@BOi%U>`5Oap=L zf#kxAS}XPuEHY}!+ez-+cNqMu_-mtF_UJf*8z}TK7)KCrb6Qc;5hdzw)vGlT{i4@s zzpw|Cb{@V6U<{apCbapEIDh)i?<;VVb8V2eK^G|KQtXlo&Wqx@m8yd{@iLIXGL^I! z=qK7rd-L9QJKVm4eZ!UkF9hPS#TFL-+1h|l59IKrcf0ZWrp+mf&lKgg>yAbP?-h;I zJBOgaSoy>JbsqJMi*YsSBs$%{x(dUTq%dF^;;&4I1q6!w;ox5(-9b4fPex zbe$h1p79n+KX$eI>Z6($Zs$FaPi{tsT_UWOm5pN~8$EKj0OZR2wz3JIwKWPl{Ounu z?90>72OuB>0^m+E(0wVRou2XAG9)B~KoDRLx?N`0;GoDhcK`Nt7?1?S0pTwc+d~^) zmrOL7cBK+siqYbfF)oGnUg+^Psn?*{(lDZQ@-z|MwBugH`BEO?7~|abV4dT~^^dWW z5<5Lm1&2@=?sVob^;IvsP6?(Z8@uRxhbr?&XqN7-Yyd7xCd9};nVvoA(BmBQNDtaQ z^!_e>2i;HIAUK@$kPNu=wPkgO=2Ho67W0rbS;L+anBAq4HlwRh;Dse)YvJg%g%0%y z6Y8nqLyvmG&7N)AMfR=8xepk>RfYjd(|Zq@bYm_izK!NJumMq%jzokyU;M904VTWB#%^~EI}p0lnk!1 zyK1(bd}ZCMrjIR(coA43~pbIwQ!<*~ibp4(;wJ3wOjgq5Rx%Dhi^&*WwfpW|9>K_X*wY zwO1YJ8QC?#3{!^!N@ef$;G(r$TET;v;kUJ;1p3ZAo9yk@v#Kq#s5=OAh5<{%EGj+n zGw21JBN1;Q-QxMImVD>U3r`D|#{3gAVh)#EON29@G`CVg`$6J5ZpVFB990FeZ^UVO z!V!Dw&dWJbi$Hggo}*5@3;S}QKn7~$lIVtzJL&Bk_6)Iaaj(RLcRzpRYg|Wv%eu7p zZUqcz_sY<@YI#TYos;#!qJ#7#O{}|>5pxB&|YtxMpRxvft$Bk z8S4@shX+gcH~De4LRwaH9`hZ?-Iea2=U1<}qyz(Mdd{i!C|c9>SKUtKPzd1x}1sumj;AAl<{=|_=+vr@|cXE$u4hD`^OouXkRc=;rqy${Z4F^ZS zZN3pGcb_XCoNV&5qtSs<1!iwz=a|VTD4?_P@uE!<523UG>NrI~YoBH9jF@TK#;C7N zaNvEJ8;dYtGGU4{}qR%DE-}^3og7ow-M2CL63Exz?}S=m5sKjG=f*hDJB85hyTJc52zX?#9e;XXb`LKiHBQ^DL_Ji+{XvoQGbuze z>GiD6C&7E8iz6;7r-rh&as5#uaEmg=(+{VB_@;~`dYBKUIL#bu5lxU^vuaw>ef`D> z3cQM>cPBdgR7J(ZJ0DWk=`b-7ib=jYwi;70G}*bX_zVU(*d-l&7s9q*YrRGLPJjSm zoQVGNsd~}9aT7^$Y&RmPB$rRC+7n`2B5GwxQ{2?!_x=j>*tOEAAAE)ULZqoGq*p+O+g9_!Kdis2uFK* z_^v|yVGooS)(#h_fP{bHFYM=m zb;4pC?aG>d25Fn7)OwanA5UL9j1v~V?eGPsULOuGbv_jMR29sCX0NH&H@$V5h5I&}x>!fBb~2&fy+G^n2_~ih7%;Km zXnHs7!wS3LgE&PQq*2Ug%Dx$0K?rFLEJ$`5-lx(kP&wf6Gxy$9i^qD#igXh zP!4EOClpc?C5Zva!0rs?hUbHEkdkt8kU_|Zp&gu@BqULiPBLh4)v`ER+(}A8LR=at z<%j^8A;lb|&{9&47;za1F-J)UX(uN%Qj+Trtv7+~4ORz<6>tRZ9F~>;1b&z`*~vRgB-7=zo3d{gn>s zJFWMZU;F>P^~xBvF_@xC$CW?Tq97)ZHm_!JUIte?PTij?jM_DDLfTdQvSQvnZOz78 ziE%wVkLtCb>hLiez<}PMiA0ChLfgkNx0_;X!^TtU%}rWv=Nfelc0W~oQf%vrNxkdM zcH=SHtyCyGC1CSM%AATD4pewiI1Jp(M0I;X*>5HSKWHZJ7uzR-SNwOZguhj~e}PK( z&szaMGAsVj9b__vr}a4ySbTa*DN;I5rad_tS^x!@~zm?mp0`e0qEK<*Z7xW9q1?3;A5PFuFWsv%b7?@c;Wb+Kw{!jqy?xV?icp<1O#y8t}y4tKLov$xa0Y zx}+6(V^@L>h3~QU*W?u$@LJb6DYIg^mqRB;V^@-uEev>e1~X-lXkif6*pOh+T`C{P z!OWuetRj-~Gu5ln@?rff7}Gw#)njpah?XUd%Ak4HuXN47E#Ch{i}zpC8~wT#`L`1J zSCvQrzs~))!D^}H#X5us#>rx&JNUIK*O65;eHIj$q4!-Xc6U-p-grE1m?%Qy=C%=W zGTpD6P~L-MhQ7fZ21FfvMr6cW+xAj*$n2wBJItiIqa-9aGm8Z3XArkiY`lEv#)+dE z1v4bU%G&po4nD;He}(UiI)TIGzn`p4?X^7LK26FU5(n;&I#92En&?0ZILLWqUB0Rx z@{$iu0Yj1^o8zwb%CHHg_dRv)PvS_j4S@lh$%|vjU5SK`)X&2X)5x(23^l~cmAoS? zAUWrg&XDTBtHh0=R}Rbf|H_mke99MqPy7BoCHa?6ZT#_a$*<09l=%B_ zpT7_H`TKC6zk0Y22&mv1$gk%BWlo4pg%>h1UJNl2GqiD=g0H?k0R<959647BcOTMP zD+wQ?_q<~8z>vq6xLGUU3UAHiX zK{g-qYpOh%K0Z*melGlNwDwcjaxgond2J7(<0mCS%?l&@_gusO&RoO4RrBHk2k`z@ zz5c4|#RdLvwBPR~QC<`9}|mW3GKX0P0>N5CzwxCn_b9uGCc>IVpSX z4R;aR_|{{C3d`4{_iV4S!GJxw&^Po!e)hED+5tGF#{wo14V^EE93JxYyjwL@KE|e7 z`F`ZXKAWM@<~Nuc|A2|zAXkk*aKdhD&zK3u#~+Kv_`-EO{K4r#{Eo7(#nLj&CQ*Q%n?k)9Sdo;Ek#)?FN>&`j=d^?0TjXn zcWmZfGM__KCb+}PmB|}g++t&S^U^63mX$kaGqJXg_su$(4q*28hplo$as1yG%NT?6 z1E=8};Q?5j3*5vH4a({(+C+hfAeIK#U%|IGrPC8wGp7MJ6nboD9(oaIFxb3R3HZbI z^!mSWw9c2~tSRUzemkKWNrk{~Ck79wCRTIv^m9ZWMjXQXiC_jeFLyhPtDQg64vmko za{-Sx7XoJoJup5(2q95~C_)Gc-bGE3;<5-)S%kC@LP{2afa}U4_rpbHwN>@KRK!dT zRUGtW5whSZ7T|VvQ6xfI3@IvxL?R^chg%>dzyMKkFhCLv0JnJlY_rM#^?$p!y@@=6 zU;!+t*{v_PeR?z@Sa$fckaiA~pzrl=I9x+vRLoC>sn5u3+)YV)3jDBSf+PgQ#H0iS zkOK&9gyxPPK^QITg2Q?F%8H11xnhN#!2`@iwm&-71BY?O&#Z`isSfx6A9su+793== z6BS1L;1Ifa#+(p!gepS0K(RpnFC^xMpu#6cjXx0^LPSU!hM>Xw_d>`Kq$I@7;lyMF z2rhgGIfMj?f3-11*=f3 zqpY};xF-0MLQ;cGY%81)2JtsF)ccK)Xp2x3fv=ljg$*X5080--@GyvwfDz(`I0B>e z^A$qlS0$j_kU}UzVm3=HYb=Z%UwUpBVYH{aY=9ri4I|`?_7cK@b1vYmCD8^q(@RxJ=%Qq;nwM@;@d_eQa^Uq8hGw5vD zA?^KMg(L*Wi_rPU$qOB5_*z~bFx@PRcewQms~P&BbbcjIqyM9MVf@$(iSwFNn9-yG zq%BWU)>4Md$Eib*R1!;dI+--=_QNK}{m(uHerFD3jJZhubsRPMI9S-u7_}y s02c4vxG1WU*N0}w;=U;qFB literal 0 HcmV?d00001 diff --git a/vendor/github.com/google/go-tpm-tools/internal/test/attestations/gce-cos-85-nonce9009.pb b/vendor/github.com/google/go-tpm-tools/internal/test/attestations/gce-cos-85-nonce9009.pb new file mode 100644 index 0000000000000000000000000000000000000000..c8b4be221cbfdbbd19e8898d663fee8e7b3cd781 GIT binary patch literal 29602 zcmeHw2|Sct`~Pi>bp{zkh)J@B8T-Dk$-ZSb#$XuxSSx$kWvP(J7E&ZdSzBn4B~ejI zk;R0dcyubH-|DWG;=Hov1S+DDy`<(B&uCt-dh5%#$44?q~0RY$n zFat1Z@C5)pJ1TvsPvWC_HMsXsAI`OG#2>e}(6j#R#84%SP8q*WG+;xBXjyPvm8GVp zDI!Ac4{%9-ymoXFnV6u}E+se2l3!4Uv7;-!mkZ6gHfj7@zf`Be+T}7(LJ}iw|#GxOR-3 z7J#JDkm_yxwdZBfrd_W@qsV5`9TI{+nLTU!H=tHt~e8tkn@KFjYMWY;;aYCPtT z&7XgC<|IP#uG}lHB*b9|=`)Z4gyi@3+@F~wG_@p(b}JC+rjKT0Kh<^LQ4tV4W;vTu zy`uFbf@_4ZwJ}LI5`n$jY9{A##WlvWi$}%V6CFPBCaZ~W#Y=S#x5)MKo>Ae*M=t9z z2kY3zz2d45PxPJAkjRNtRvI|GTt0ZwkG49?-EjqT5bYP#Td+*0+*)E5cwWjgAbKC) z^cnYKD`w>yS>a732VZWjh<-H8bEPPDF#42B$e}I)9hQlN>vYVC0^yZv*&Xv5B3ce@ zX~$<4M0O3x8hLD?wU0nj3JYrJw!jubqkZBI>>g%1ua{D8-eFK;&Bdp^(`_UZ*z<`i z)NU6X=Au{ebaC+5yTqzB{pN;v_V-X~D1wce7Qy`5B8L5bcwP3quWsqpq171$=gw>} z1cqQHRqeM13}HergO&XU1BS5tFoY7pTvM(5tL-Ak;8G`xc`0(SQbB}EWavS>!{lcuyAKbwKhCqIp8{&r? zZ2e&f6v2#fZ|{yT$0Z=&-xEti^xbOwbU7EK10a~MiMQ5nZ}d4{t)tF@Sk*UJ9X@4{VQyP~7(#(yR?S(Ytu0~Y z9_wVReXr0SIm5q`RHNiStR03Q=0=TR_76^i6}P1i?wULh?z7d z{f}NRLjE|myXVtn+?3)2?_J4p7nL!ae@9_3KXyaRM7h*}CXtqc zcS@oA0-n#0*JD53qo&ss?%P%5gCm3r^$B;mAAf9Re-ikZp03Ea_GZ=tVS~H&XAGq8 zO9duz-}R^RJ+pgO+Pyc-W*A}qaWS}6YC>iAn<9$?idzFYa^)sH&j^e4ItYJ&B)$^f z`;;449M(O0uvb9S6W|wmj_>35F!(%Hv5V2fxLU1#kjX8-Ut^#`KX(^FtUjJaA-H`A z!lIy6z@9+`_G@175BY7s{?-k~qCp^Ea3(KN2TAhWoF3`AsCBGfxWC6Uso9CS)w z1$`PU7>fmg`~wtx;{nFn@=FxS5J>M!47Q%1R_fCYbP2DHLeKT;Uzhh#)aoj}v^US! z?2#;(7dZl{q?P>HqLX}rTT_L_xn(M4o-=TGMS{3Q!jwxx#R!B|Yc#24!?@dY4| z3{p3kol-Jym%dJXBbB=+=~cma{zN*})F^-3P|2v=J&+>emnhQz5=CkRGCvo`Smp6R zqhj>-)tn=1%U%4OaYkI9>K|py3Ql?x*g%TRzeI8CFU5lVQmw*&iF+sl`6#XVoKX2? z`R#tm_1n^(Q}qz{Q%zW1tm%38kn!DPXgbI}1p>*E{7~P>QIn3{;7nfWk#1p@pvhD* zw)4A{P94`)5$G`lW6}K*MTTFBMT~+1O298xFzhj&|V-e1{z;r^Xld z>1)Ex>rl#6+lF+6I+pD*Fv}4Al;neL<$9)j&1#C{O13|uaHF^VXj?F$V7_p$$~`vQ z6W_?zYA7lG!Qw3p8?slhdDj6YBAYKG8?ENaNrehxzB^P9+lgFUXuV zsHfPTX_CyJ?SL%NT4 z@Go2z6!W0LLdbJjqHn|NKAf+#*e_7rUevfFca3huEY;3x<|uU(Qr?}%ggt|n8jg?z z*xs_+<(IXm<$f~lV6b~o_ zQ;{Q3CJ8&MKU(yp6a=?>oITA`Kh!;hxtY^l+Qyb}ucf5Qz}PhJ_-6z5)$?@@5y!6X zYy(r#BT(NW?$6v{sx5yi6$Jv76ts3!o^e#YgJ-)jRb}UY{^E+e} z?8gwEY^avQ-X~h-U+QW$S?@Y{jwz21OvUi0YJ(bq`glOTVkDp_@W^#*oA#5z>W&FG zWcnV-XqE)u=a)|9Gg5x+_TGQkU#a6 z;eV=JTmMuY(jZW~8ZEL8XckP$uAcYVE7sOkq=;-vs5~Qg$}}wnRwgMXaHB!_nEZth z=YWr}7h{?Sz;eO<6o+(wDiz{Sm5b?5rDFb5saXE`RP05KWF$l){{busg8pW{I4n|6 z6R8!1^CqGsHex~m2q_Jeq-O(201kWsI?~j~Mu3WM(%|{`fU8BVsxL3LZ9)^yq_Va|zyU9^3(=y~>M8d!Bp1pOZ+7U- zR1uWT$tRG7Ru&=Vj6@hg(^c zDs-{o>K7jRGk9m%-@!L(9~Iza*>V#OFuJ|mEz7(sza%n4vh!Xu|Djglp?Cp_#%+0C z3(eUl^yVzFuN8;4=B)G}j42qPyOAVLHMEe1KHj=M0Yp7-S08Ya=xaj-Izhk4jXHd= zdVkhHRZY)e@<@AHo0�|3PXP(7B?2Q6Ropt0{5fNrQ#3^T8a+_<%nmK=w7eNkk3q9a8LU z9U123cYAIma||xYzyRm_H!TJ~m~O9q{36$gn|Nd=7e|$^*OUGrqQL2>mq#DLfiSpV z-0tgEmw;UKUG`P0z_e~iV8Awwx6ZF?@64yF=e(eQWEZl| zBmn4vVI*S==mUk;*G`WfE!z`UdzQsc_?`b|mC z6-`c7Kn@{;K(;t>L*^MjFHK_{_TUFBOdU{klr%zzbq_Dnk&(eD08~^u8it~wB)5Q4 zGC?fN&`c;sl7pIwRs%!8yZZQh<1y&1C}xr;6%(C-PoOsugZD;S;&H)fW)y>yNv6(Yb;RC;J?~2RX*;rS1h{!7;=ysLw}y(J}t}n8~f`%SX3U=xZ&JY`B>mOwd3m;Y2EiJQy<7H#X4K) z-J6ZHZz50h$lwGGYkR~#LrqBA9=CjNTutQ~j$?)|3D%+I^rFOC-OGtMr@u_`! z%(mUV5APx)Uywn_$pErqPZS=-0Dk-JOk`whPzn?|XrTm29`sNiD6(C0sq$Rg*z}&9 z@F&M!QxH(iJ1Mus4(Iet=`-^_4l+gwlcMf~@}hVme;)bkmJWUnGC)DuwdiIu#T5m7 zSgUq(fy-Xpan##E`llh4w0tx2o`_Iq=HuS^bc!q@lQUr)k0x&S+C9#FCjEqn|G<7y z7cX;74!X!Jc-q}3mGzVE@Uv_8A{1CWCc;#pEAz^l`)cS}`Yt1#-c^=WmrSSWzV+%P z)QZPkr|ds6-6Ebf9}*O&X39QX@L}oYw#dWuk1~|Cu9r|$Rpz_GJd|MQ6VRg}5uXEh zrqz+nc5za<;&lo6E0zyA`&+JkvWyG4 z!hm@a@yaWG1j>k(z;@o45b(NMRQ&1^8DdFxXJ|?}(X*k}lk2EcM$6YQ=i6-B5^j9t z;AiCwbsn#-we4nfvoIjRz$@4*!879-?l67kgoW<}B=3mYk@=X5??S39Ok9lNz*WpH z_0usTLHh1^guctfe*8>N%r-&8d}Z@WO%dj7JO1jBR@aYPG|wIP;C^WpeLmznFt<5S zn|^^geQ@0SBhYPzN`D{dctD_|-2gg9;G9J$p8r*)Agl4E;@Jlh6~FI}>qvL(-;Z=W zDC7pxZCgh=62NJNVBIm^Zn*EGofPUTv;&=}sQ*&Fe};GsE<7RfR<8X@FIs_}Hsx`e z*FEi4gzkqP%dRbV$B}i7EIqWN5^gC{Q^fU~3>+?vJip4HV-83J$k(Kv%;mR#Yj2_y zjdvp!c7&zABP%{i4U+*gMOB0?PD>+&cU-R2xOjEMAlwtE9tfvBy5=4*PlYU3Ya3arCqe zU(UC%%sjV3j7ZNvwThW#&>U4Yb}%vxguNM&xzS=DRzqF*8Xa(<&UN&?mM6tL&fo1~ zMSU`wEOpn*ZRC7uVtW$e(l2*K_vEz8)s@`f)lRz9kdON%#OoQgcF?&2;Tf+$ZlmCE zqlg~WSFz$YbArQ@}n4kR}5GwC!|S|8Sniq|CsmKIOfiLBj4m998yhh9W28BZWXAAN-0k}4`u zA(TRM-}jIA_BV)^^bIA{I34kO(Hwju!uwz@?$EJUmXt4zpBcAL-o7@tU&vEY>bah` zksghsUct!DGtcB`$JNc-##y8#c zjzN>JfzrkM*Dvj}dThE1eRptqKZ3H0)llv=jvC0 ztizqA`VT-(>T8gb0zvM-irb$-TTf^D+fn-3D@^9&TFh>lJPuOtIJLTAYIp6oohtl;_9xqRwJEVzBx~UXxF5z;mGxmu>d%EJnZI9zkr>b~H z7Di#*Q4KS1pJ4`amKU}4uU|DEDiJHcF~h_C)UZ$A;~6jW>>+cZWyZa2wnzFHiY6=^NJg?HhQu$M&+*yjujD4)t}%Cm#)BXv3}B z^(k%mdB1|TpGN*3v;{v5wodx^q2HqDv$b5JY?rW{Qkd68$CV37oi|oGC|l%3%8Czo z-%S-~o2*jL7gSk2*(?)ey7;Co#Q7|AR*}{Y(pR!Wq&7y^ROkqyxuQzz4$GxX>#@h0 zWce#0wEpi_*qEQa&hMk1d1Rxp<09(jbld9Lla_=hI}Ub#2u2NLtRAheRqiP5X+Fj& zZAv4tFtRdfbEv=g5Q1}Nn(}#9dg8NmvX8Wd3C>Rg1UacV3)#=_|4_5*3Vh|2Z98)c z$B8VfDA|&aPKCMWUZ^M@d$`EGeAQ~<3PiYK`|Z0YGz(;mLxQ%DKY&~I7vMYaeQGn`o<@oWVoIHkceCfK~r*Pvyr}87B0_ z7}&BMr) z#SId#Q!HgpC3KflsJ8glXF|n`tJQ_~!+C0Fo6KO-eTR%nwxnm&O z7Erl0*=js0IyQe8>1Qua`8t5?_-wK5p^<}_!#MMkXEk>|v0A>v7jl>c8Mp-uH0{ zoKYk9+r*`**UveZAKEs2i%U@n|0ZDCf#Ti(Cbl1HlwU&>Num55M3EHA{~}(0hE_M| zG0i5Q4jhe=mTkQ2i+ji`VSPJkboFgki5=B6;SC5cp}JhV)5}@0BWw#LP2&RTrS|xt zbICOFI)ttCcdnmMeaYDNz%h9?6yNZQe>K?A@Aj$ZW%e#wRO66$(mr8E_q0aFrh5|- zmer0uZ@hkyk?j*FdO8A9Yg&8c9n-%YiBu5XmM+=N%%I(fBp_c=q$2hb5SB2k( zhWqh!uvAvfZt?LHxbBR2{(64rJEIRLET81q$30E6URab%N#SG6@Pd|!inRB{o7gkO zUZS{R76UV^Jjpqs?Wj7Q?Ksev;94{4uGKt^#h@iBXDO{veb5`oC33KX;uGH%am*0y}%p~jHjOKR7b99us zHCFHAbtJRDnf`cURaB=_vEh??&9;HhRVRimUVIp2u0f3(AhQcbCM(Pw8t7!kROvEr z1yHUk#9cmbJ@VSl3Le2tJ~cS`fSOOpMN#yMe+p8sDJ{C`!p`2Byt-oY}^E{!K~{0S0DJzehXYbkXPW}oBoIYVEP~a z)%5?SKn4GZdPtyAUp#&^xc>WC{255qUfjwc z;3G_HC-8>AJPzF3jxw$*30!7B3Dv#d!V*h8=*aefR;nz`>ypQjLPH!|f40d1r?$jX zGLFD*zxiIMy4I&$SU$J=ywuUVbNh8?lB#Y+5~lCehaB%g3SYRrH?-1?dWX}4E3Y#y zu3XU09epLl5T}%;WpuyNThe-e24awPPdZkm`kmsL0}?G~l4JtX{B`C8@0gmen>oi9~voA0k$?I)^lrhTi zcMxUPfR3k}6CNn5h^&Zc&wU9@#N*(Zl*&gZ)IV zyF=uT$oAV1Vf9nzqUGE4R-bwGC3w^b<%hE_Od>>@w~aP3HZH~T`|LPGjeVMIrpjcC z5zSbe6nj=$>$|s6%ys`(XO&uZI)77*GV15FSwtC4DUagkd~z(D_iLh-xK&tS9Cd_2 zpXug2B8{zy-ff-Y@{=)aPDY$$XRfK6nQwo69ruC4Fs0+tVvzN>5U}kF1gw4^0>(iI zxW5Sj<=g%8<<4QrzlDGw$pioL4z?+~z<(^e{2UGbo4EZMFy!vIe-BM*ZFYX=&K!x? z_0=s$V$_c7y*iVAl7gQy6L*}+n5yK7h~`y>2X~5BSs%_Y4O)!8SX^Yt;`JUySD)+| zeWfYaaR~DKVrF!`MN2$qYcDRht!%*;TJtzom+@94kZNq?Qmt@jTgPmZ7{L4K z!=2vsrI|cOt$)YCJQgO*Pz_*XZ4@ zt8Y`(EPd_nZok@=Zjae%{u-JW-n_lUBUR-QGyQ}?fQV+e1X2g9nQn$nYhyRvuTpWj zf%?)ly9e534xgIq&Jpu^GINM*>N#d_U@l4*lr9VfT(6#eQH=6lbtl#HN*D4q3cGJ&!Cy>AJ+{%Yz@XTtZ+NU&K2 zpD>mW@4OK^k<(b}VzDx^qTW3@?_;$F42fc0V*}a(T~D8} zEIdx`EoX@jP&=b&f3R~`&5)tVBqisk0_bF@7Dv6TGqFm)CWnCL9EopD8NQcp`F6=W zr%`WcchmMA#ypbQ;(O+*r`ivDzTvX59?2|Me40Yu(>c+8Ha?!jCW$)oa;_>#2WOQ za!Oqf-S67Xjaqd$WkO@z)qJKsGY$p_zbUbPNprg~Bz}3HfLz>XPT2jv>n;4A?c+h2 zukBLw;6Ra?#OnQL?l3XDj4m7o48;tk=H>awezf+026yPl*;TW(+8O5ucqP}09Pxeu zg##Lr<`JTN=2Wev7}*fmHoa1zgOgLLqhZEFSKd~1New!kx_JLgRfD!@QOUc~YMn(F zkmUNVT{Tm4k|=Ela-qSPe}n{EB(a)g*49+kUwJm1z|a@>ctM)bYYzjl9N7mvT`_*r zo3IxN#v}ddyjHjd2W^r$uXKwcCe~jkHB<>dpmT8azFXgcXjLQDBOTX#`?=0W0zI+o z@iy~bcYqHwz#J5n%|Su(uNiwG`Oo4;Wonmqo$C}oR7`U+f!>TlTK8DST4Ssk?Yt7W zF?-#t-TOVAH8RphMpM8L6j#-LAMj7VLq@JBhATYNNmPt@U#Pe;HPW3rb7-egRiQT5 zW2M9!tU!3WlMyORz;DMeEifcxjUwy;< zTlv*DS^87m0x4i>rdI=mj9X!wz9@SQ=+8g#kt*%I+SXv8`*B! zn?!yq|6im3ZU55>^DdM9tOv^`i+{8r72N|EZ+!Q)dtZNlBe4A&Y%=o~Y^6Y2QQiD% zjTo5=CK(+Z4kclC3oWU1T_S^v;7KqWId#>I%s1@~7XYe?I3QqM(GLQjE}P!}wEZo8 zgHtCO$n^IdDLkh$?-adFPD6Dg%T0Tez`u&VF2;R_o(p(@!VrgZ0RcDn8fG-QM3Ydx zP!ruFewpzLc|c|JjlH)MRM?aHAIaJ$ z7d&w=HdMCIcYB<2!cXMbflD2i9@o4kobg6KyM8$GJfvD)K9Pg^iO1ankSg1|$|h3L zmS_mMfa%iGTkE7 zy2U>>fOYgO-X)!&`>E*#r?VbW1LwcitnO@CDPhcJ>$9V7*l`HAy;R!%$pQ>`ZNqY{ z@X6)rHqB@=hLL{D$DL6YFV`Gny5|+V?wh_-g##+1yDZH*aOYCq9p*E#ZJ)loPvq7i zC3NYP@ecX=oaES;7ch#OdmN(lgvme9O%Tcyz?%7yX2tlWeUdaQ@QBpkn$+K#)ZaU4 z!DBJ&$D;nPYf|gDcAhj9PY3>y#x*E#o;`Niq1b+2c)6 zZ&(J9Pq$T}=7HbZ$NiCwPl@q39%t8MEFd*E|3GI)te1;C(go*=2_z8Jl*ECr*(vVL zqAm>U7P;Hyq<+71VCxGuxF!rxDO)r^ir4b!g!N`c-PVm2>OS#uxU0j!wzkZ=ZZF&o z4!rN*rq-!AhMgw5kn%`Kxksy?Zof0 zqpl?J4LeQGxDqn&yqOTU4)GG}-0#XaEtm@fj$;PSi?51!QQf}k#GLSsI4L2z{ng_D z(>kV`cBNf+E8sw@?{U3LHh1JdxZ3SaO%f_C;eV=Dp-XfA@<)s4mxoVR)sY=>5Q}Ui~ay?nU7Wkfsy);+8<&oJ$x<*1`QZS~_znQN1f96ecoj3JwcuRZZuABt# zZeoF?>h$#y6}b6S;V{5wVCdZS7)tJom1zqX}Y%x>8NW87m75ze{%EmB)@Eu*x#X}yI4u|s`J}5lhvNz;O#b^ZUSM_F# zL`xw>2t*_bY5xsFd4it&Nb2FwE+%_QmDv0!+~S90VSwK1r*rnHybxI-%t6|MYuz@r zV-n^Wt4{*#!$Ka&U7dvks~=_C8JEy*O&2EY1TH$K#u{$_TyXZy>DB1Avj*&fLU+#6 z_r7uW^0`LFN9)YRn8fxKLjgGAW>fz|OE=OiDJwHo#s;%Y9Pdk#W^N?#48VZCvdlTZ zx~pUTG4rnl(R(X(un!UrmvLc8DZg=vb(i3$FC7Kax zUJr}hUdo`3P+iHs^(<`H;o|6Xs_7BzH+cTY5qLxy=MzX&LVZ(5Qk`sj(_F_6w1_7w zF4;D{*MB?X3Iir%n7qhOK37xo_B#bFyXE}iMFj51rNM>xioW4n%gQg|fU{%j-Vfm% zyLFaZbngTUK@!Cb=Q8WXcO||^Rp8)_zaomFwi>3kdYWfiD5U7+;Vec$hl~M^KUh zeMmX_yCAVX-T^)YoDz{3YKB4v;IM(DZm5Lu^~Lym`S>G)@c!VkmZLY0DC&*z#XAy1 zl+eg8^hE=`@veBBizC*}-zU)5(H)QT$M|F2LzP@HgaF(>q7iUz7;LEHmsFdvLCQpb z9|8gA|0Oy$z)RExAAoTt;9Ni=1RsoxFWy@e7lI`Oy5N*NasJ*of{2%oOCWe8eZvY6 zA;kiVz8=+)=#O`E1COO|1d0aW-5hb?Ee8Hr9GD*xFNc;A1%q&4GX>pPf1dzHoGTu= zVMrCHWDL%JSyQgXar7DaW%UM%zXnynPww<>*G$q=?bdNv`?uFP5 zywCiJ-t7lz7m{Ad)XQE_mZeLkD^{ z3Mq+_k&%*?MQ-qe^u>g(gY7?skw|w;fIHD2hx_NCbv;=C5#vu(+T;R5a8n9!$B0Ww zgZ%jr9o=yuE_gRw08vRsPD)lr9EU@JP%Vc=qg-6ESVnIDJe-=w2TW1B!-r7mch!%xZot^q$FIVon>8Jv1nKH>*csz_ly0*#il6<05NIIkUQ-{ZhGTt>61vF>;S{2ILJZ^}+#se&M9XXGBT; zHD~S7mb7PfMoDu@O-90o*~y-z zk{6Wo@9Anc-b_jCGIz%)~0vaoM|1U+8Le*o{!p7uX&Vw zPZ~JM>9MR>)dPLQkEDg8snE@dm%8LQM2>Yock4;zN_7Z_18YZS2amL;KptzJf$!U* zz#-Jvkf2cV0a8GD+W#1Hy7Nx8#>}`OSL!bAQ|$SbB}wE+0Dv3~_)uK~&(5*vvsWMMfMZYE)DPZ&WiygLK~ zlEYoN7a-d$b(Tt^2AO;=8a*`T4WMY&3BJgey9Y}F-d^T75YKMlZqva_m(aE??d=Tt zEj&u!>t%fP0}xMM^23zttvy*sS?96lGu2})iYljx*HNl@~_$^X69@V~Rx z@Nbp8c)$s~zeTUVDthsN{~_)7XUR0>J@-dnK5uCxDyR7PVR8KBPkTVwYXGX`x&Kh5 zRO-dLDvvn%%QHKRu%vbJYVJ`jv|V9|i6Eo;1(kYJ!4aYzL`og@6lo>u1KyaQ;DfEG_`4=N$wt50Xxl zea)7Rh1Rq7kp8PZ(w{oRMYAJx*-p{HfLfzK^^O7ma`wEuiI`mB6ykyKW`|OYo$8#J zX6fK$0UV$eCA(uk@rLa*sxsLNS*}Xc&_YN^;LATomprF>Ydj0@;PSwtjdc%hcTeQP zP8d<(`)rxwh=JfToC`7-Pjp9`1!6&71H_wXQPC8#;QlM*#-Vg3GCQ^m;Hpxm!`LHV zGA(BNcWS|ZIG$er7p~U%a-B6T6YXy|RHNxpq~pZk1=SQ91fM_`^gfg&$xRM7BKmqc z;yfLL(2iJAh@(4ry}1auI_Qn_7eR@Lqr_1nXwVinM@!11#N|=4A}ASo6bh*?kKTrx+v{UHwtoC-knJF4UiWT^Yz4wx`7v%i*0;#yf+c&Mp{`B`_ddp z9{yf97d$x0<|rnlP8*IdAZ zuMlbnvzNOJsj)r*>)r)O6c-5rfI`v@;6>mAC?-8hNRQK`$2TajzD>=>>b|ze ztIw>fW7r(|KHc5Eg_L9mi?F8-(iA#x;ct1f$9%0U$@%6aUOVDp>C}9_R?jD^!lc15 zO1CAMNRweB=#6}7c^f%uf7do)Drr3Z(IZrmw;wgR?0&iO(DZThwIt=3(%0@t-N*E; z)2C1uOSHucCLc7#OdsMrkY@QrpnK0-npS1psef9tV03dT` z@q+T4!4LsNMDPh2AO^4i$XOmb7@cLdbFP*#h63HxBnQ5dZ88h@%XuJJz&j5t2@L5_ zqFN-qn`8$_7~+m!Vx9#ui#}y_DOr8-RTm$uPjlp`gH5d~QBbC~-9%O^45N(j2VF;X zH-a|AxD|x7hiTikn#Mdum+oQ#eaBO%ZV7DN)^!FwgAe`dahVBI{ImU=nh|^v4U>{7 zU~~cC@#*&n;QJn-fp?JZ%`<*EAp|Vqx>OY^l5%J|DDNP4R*>ET(2-yHW-TigAGHyGX2Ym}iaran}ZH04u;7 z@Bm{ez!m)S0)B2A?R5fiG3#A^H-bv!_gvv4kNx~NumGcI{mxqDT<7#X!7+&M=;aUH zO$h>$iqZMJ&kOBr$t%pk8G~;d))!c~@?$nN0A(Q8u=(L^>LaD7>JpNxtQ#KZWe^aP zbP!8%EZCrSo6CP<`6YG^G!zLN8j7%;gM^5Hh=>6^@{i}vH4H6);-F%%L@Gq?;UFMj zp#abeT;xzvR3u$wBy2n-R~v|ygO$CFAB0&$`7#tjhQlQY72@WBa`ABS@f(rjadUwg zf;`Y48UMC+C<6Uo8$&<=kU|mg0FWt6#83nTpia|FI*KIXi4NQ5r|Hse4-=*rFSZ!@ za)M5$pZUchj7=ws1}&U!m`xYKOG3}d~^fd z-C}wPLQ?*)#&gVwSe23a0b?)Up?_;I_eLQ;v|+Ymw4$AD%AiH_p>j3O(=2=pIj%rP zq9iYDA8EsEG-}Q@?^-si=NGF2=+n$Tl3HIxL_z=%^0lFwP-<}esd14>k%?>D4pcUF zM^%{}Ke{#4jC{L=g%5$!!ip~-LeaLDp z52Zg}XDdPMPC!Lw*zq83U)n=@F2z!%i8p18Ru?Unv7U2!pz#bGMwRYsYNVB09121$ z9FlCzh6iby_p3SYemN}?^;gULpu{Rmz2!-B;i(EnvV}~m9kUMo!mWXBoS2{WRBJ2N zkbzg|>harsl;Ur1*;bHDE@J^us$lavXT#|x)lh)@=xy6E9ctFL9)S*3N7m>06zz!s zj9>Nie6iI7%V0qnko}FOiv57m|6WsZL8aI|*VLEjxQ+72$<%PO2&LqrfRdeQD*j(J zRaq8JRk^u@epXdj#=o!rzv*hpmAt5{o5Pk5^E92%19uxC@2ZUJOb%Gyo!a=%kc~MZ zvds)u=-jJrATT}2u)MhA5ZHpG;`Opf1J%Ys)kurrE4p+wQmn<~mbG`^*RLp# z$ITVV8hXONLSjlkCfsi@j=>a$5Z<8L$dVXe&hnEsOOpC(w^WUiN}b2OJxP-#%o^}b z#w=xB>ET0}M>O7Ta(>T%uG?J4*B=RSi1a?s3NKmY8E1%8JndGn^wH@HQ1dNXI#QVI z@D*qdT_4Ntu-JNeG-O%qqx|X6#nMk&-F-zAU4~(3pSIv_EADakl}B%VOFtu8wRc#{ zV&@iRD#x-f-}z|mBAgJ~|M>CmboB_0=HTvrI+G(>qdMfW4E;CHZ+JiH>Td!6iLMq5 zTa4G}JPN|r=j7~z?8m1kwGHud#;a)gmCtGk3a-#;+Aaw`{+h;*apd;oNm3M2|7*Hy za+Zl&ORLdHhObdhTU-kV%1=eVH6HU&_%(;^9C%3fx4penR6kr{*)pmn&Ti>@izW~A z2*GvWiBT<1V?Ba)!z6oHfTS2ssegX_3%R46ceZ>&4D_uSR9vqUzPzt-Evcbb7wXmD z&3)%g>m1L^n-GvVvZRKyt-)6;mq>}M(&400pw2hZu(tXH`<2~lp755V=$yQsVTuy{ za(#6Ki6$o7v#`AT$8U10)~qGSNt5*PEGCtQSCgSt&u>(4tY`}63kLOF!JUzk$%VIb z?psnja(;iF<%z^0dU?h0;2}$C@f?~k* z2bBm>SDT9nN&ris6JhFGc-lL-*m=3SaN$F7VVP(|Xj(Sb&aN)jTr^NBSPmu;iK>H@ zhpVTntrtYv)x*uz!@|n}tRVswf|Vl?asRd)qGRviVGYr+@bL13s9Jb9+IYD+Sy+K~ z*45PuN&^~LE+{`YFE^Bzi(ANu42PTlEXfB;LPKu;S9oTDGN18G_j{hf6$K(K3E_r< z%>8dGL;GTNOjDUYV~}ac8g| z36iATezh|l{v@+!#d~11!2YDGEfyI69AdKkBDFX(l{dKw1di9r+W$r8n z#YebsHAv6@C)oeo?_QT1AWZ z{m~o}NX}MQ(=$h418VGvMpN6tMqwdqtGKjrG0J2G-ak`fn)m%}_=rUiCZlDkyV5 zUp5(p?lkYz*88I6vz}y4@al!Hgm#rnGPvDyTsld_8%?L3TS%p?V!@7AK4rd)@4q)1 z@NnRI9m*TORlLOHd#xu^u0c+C{_k33Kk#a%3*pU~>Wz`3q;I1YNE z9eJ@Js=M&mAn2Wg9Z6D9$YwCn98PS^m8kILncha}xia?fl-t)>jRIs2wTeUDuv5L5 z)|vtc_A^CW%qu_fROd$z*ic|zSSSrBXbFu{6MVvn(?J~NdK}NuAXKw3-!?tl!xX-r zDz$z&Hc?JeB!tp#>_FPkrW>c>7)Vy%_7-{c_|i8GNeRDcc6H2aOxInsR?{8)EAaNB zQ2J$C%e09@Xpf-C#RB{m@0A=VdB^NmM-cm*Qn82noap_^o@_KA<;j^pZbxgS3;lY$ zx#-7j-ZWPFke*n%t7S}iIZ#}muWDZ1`&p$q61{eLk{|U*mLx4nq>fwFM;t!9fJ$DE z`a9+#8-B}qRa7QWftLj@UV1oMT{N|c% z_*^wbdEtIX;R>7#|I6KyjMUG2Ep8qzI0p{Q__wwHw^cev-h3P*BqKKF ziw>g+4;Ho6b31l{LAUhnz;xTEAt3}Rg=UZKn+r6BzgX6EY=~b+4M5s6FVW1bo*Ir1 zb0ZMkQ+o8dsqrdCfu1cTpYY?u+n8#&z0|>{Yac8!<0#h`_qDgoOH6qjZ&7CJ_BDi2 z`ztQqdUO|WPXBIGh(>^nM|}8;B3va>Pl-`+#hG!r$&QGOFM&d#)t|ZB2t$K>DZArS zZ+G%t3S*CYXvpJPppd6`(zJZN_#1{A)5*#}ak*Dfl&< zeVPvm#BO|}drOG^-bK_W8HGK9sWhXq?v8D;nZOdC0LcQ+$p%tyz%dDA(<*F9Td}|P zvM{y}Nl{!FAta$d|DDyu8h2RCfoAnV1AW7Zufob0efIKRN%e%h#76m!_!AmQ*>+Q z39<#z=otUCdF0fz_{rJZbG$AsDIW1blE*t%72=P-G#$Lo+v2)%8&&&LXXTxl2RnEq z3k-qu6ecZg=y$4ylT^3Zh8KP3m3#=9$XEEE!0Qg$5C3iX_x{@`=)X0c`)_F1^}g#M zI=u3PME_TOA#N!2%on=+r!NHa%^=dCopP{su(I&7fk=9L*}Hl;fG!-&44%1dTu?3{ zEM6nQlQ#PE}hvp%KRc*)1>@EyFE>&2Oi64g`IUYBHDZbb3-dk zbx~9&b)6S6T#MwAT3phvNDg)9i<=-`Q(bYOWnjL_e|juUf|)u^@vLvEmGE<`G1D58 zFErMe1;dg4mbN)5TeCg2cKwRt)_se(2zv}q8I!;~9o7$idnA2)CQekWS9=@oU5s^g zsb(DKCu&n4VJffV7LiP5`}DfUXR%mEZSN`;a+J+8Y4W0~X=e(b6{Aas3P|U!n>6UU ziT_*I?eS$qq1&YGcYJ#i4<4vzehSd7(Eev!x8YsA?u5m>tCscyqN$0-qrI8r?NGfl z*G(O&3RTWg%#n|j{adaZD88WZf--yNv_bjVxp}@jZARx#8tAmCK~ z?AI+zKj=7VKn)6)15Q#OsomaQ35fL6Z`GpnQ!q9<9cQvHeHW;)cTx4zU<%O|>4da6lg zOJtkP<+4-}BzeZrF>myK^b|4^E4gaEGKGX+G=#CVy_+6U6Ra6+D^C%hS4k)u!eWo& z^CC&b(!Zt!?REW)C|)F7Wy>2GOI_c3l>|E33-kl1PDCeb@r({f+MgmuAPRqZI_@&- zKqv4qWMJ2u0>y49Mc?!?rO=x-_D?;tvYy8MgS|IONGU?)4Ejy)hdi~baN^r+m=nMB znJ*918+DglFXNpr+W-pXa(^_!{bKyDC{y)8;G0I&tc!H*2fj|94aiXWS(6Bn-WH5+ zvezG^-j`S|$L^>4cJJVx&G zDX^q641zZU5`LEamR_Nt3dqDrEJ^0J335c$&oZ^4HkAH~nr1Dx8!XTY*|>{0L^{-P$of!I z&}8SRe!>@V;&cU*GJQC#mV#)hrrBS@{}U}UQ|IBjo+;IQP-;-~hD?>8(A@hf%UIPW zLATHLmxw!g3eW|H4IE5|0#;j)wb2*UDp{he&@Ei8NDRMJvHFc-TiC@IADfm%1=mN~ zsk<8x(j(K;_r|X4xC6Z!d1W8eWL{9{`V?&DFumq9Q7nTH5_ zSHIul_&nH0TWO0yfLbk=(H{@ucJnXWeWJ1^X^h5Dw|jBJ>Rc|v^mk(@-~BT-n*q{p}i^gL>ARASvE& z{HSEH2@r|qrNKi{2nW!bUU*GS(j?p*UM1h=Bqnv_{Ae3j zd2#M__}J=~7M{>DJ!NwCul8wZJ$)M<8|5!PL`K|Yqf_Bw-M~}Yu#c)v*5&rjy%u`y zNNrt(T$#ez$}C>KCxFe&w^cMzK>R5~873$jyF|ck4hZl8Ib5H?+$rYae=7 zhqzEaoq_WWP~4iq zD-JLE+lwGrFt;r8^AoWH|&e|z#Fbp$b zByDd|(MXmkeJpvvpCZky^4%f;02GWh6($+YC_X7=QXK7vy?AQMps6W5;@L-PR@6aMBzzIq*((uwK9HG@*yL0!3qP7whJNwf)l$ilz z@nX8aLreXkV-13P=MGME)XU+-hb{Lw0^Yt{7OO=|TPMi9XSDKnXoZ=_+A1*7Vg#gF za6GXnNHL@cem2W@btw0+zZqilLG|y@!p%bT_%J|ahG7&q*-wB&Cnr=V7_%qo&-f(; zF*CeP^zYDO>Pl7(5c06UoS8uO(xjTs$CERhf@e}~popx5SwnawbV zrpxF&FN4uF-}kS@b=?gLasTMBregiK=25|Kk>yE>=M6d*6>Xa1;$icm9P3%?`FA$W zwXYad!hpZSm!cRY=1U&E*Zk(c3r<_i4=9l2Re z*WvLOR>EtQoopTwLLR?#4@uX8(&1Q+3|&#kxaWA;h!qnR9zWk@za%MVnYkhE(7Ny9 zxNdm>eH!4}@W%If{6QQN?;Je7?Qy0YPJwlfew%@FSntkuIr?*aA-~mI++OS(tJ>JM z@OXox)C=ord4|$YkIWeGbEd>+RSY^!F>8^dE_>UT+;NA;YbUkk9TCtW78cV?GL-v# z$~JMu=)qX4(#W81>M>0I0*@bIBnhIv<{sN}sU$ux;DrquTaK{5BSTDB-| zzTawvc{iwD`>Qp3Q{XAjt9+IZk=f=%C!`!~++VxroZ<18UoC4ryCR$$%Qm*^Qe+;m ze&z5}{Rx4M_tnjL;&3Gyczoi~0-LJ;wxcK;eGB!M(oQL=F zDT?K4_8lZK0)@%7Irf(viq1Ot)qNvxtOo~v;h#05k5P&v`GnuBNx2P&3EkQi zr!q&Jj)@2k8A9;%S)14%)qWkPWm?m!Ibt#CSFAN+&CbRc9Dg9o|?3e$Z1RPsNJgdUvYCh zzF1W>RL81W@e3Ym%Y3Ng1J!4)SCR`{=oh@9v*R#yJ-gS`d*#+(JV^>XeSY-S`kgX7 z$pYeBpBqh_6{dDbymqE-8Kw?=p%1W&2jTI8l7n>o@g!lRS1}Ri>CA;xozyVx%xiYh z>X0lOB8(B?@#4K%*;8U0_jR-?4@_r6TAyz?dkK5`x$E9`Bf8cr<_V9NzVp5->_M;< zT0k{+@|1J~J7-nVPB!DW8@S5v#=S|C;qmfs(Jh!hqh>}<3p=i}y~E${FmiUB;HR^1 zqhy<5F`9zMYesXOc!pLJ_luFdqN9(EsnPLk#BR#(XzAaMzX!G8gU1^!DSnC8T~3)5 zns{aWoL*dk7c$ zJ>EX!{AIm$iq?^jA2$4)qFKw>>{Q#d&YD`rC&(A&F_5y)G0;T-Pv4c8`P9900(ZEA zmczfPyTm%6)#k%aRZ33{;|`{&+QeNnR!kjd%IUnB$~-a#kN0J&$lzx?+;9&pn|;zWEgdu9-eUBjRpGhuepi8V zRR=siq^Qp3MfgyZW9sF{Iw5bmkf6M4j#4cGEbO{?CCuP9E%x@KWlI&vf0B|$F5n#_Z)!%(&k9v{2S`|JVmc8>%xuO|`R zrW;{JL^S6L-%Aa%DgR-s9Xfb?{O!D3eG8aWXeFLD-OOv6t3y{dHJlftkIF`Hn{Fyl z!Q(UT4q3G)y(De)s>iQWO-=$x2|QgV3#IdItsC&TjHKZ450o6pxGd~BbdMKLcFdQf zS7=WrE06(N+vcu4w5sR4@c6=N5?X%Up}Yzlc_u?Y$Jqi1u1?ycF$ZrI1%(JN^hfac zM_Zg4@oJSPWtr$f2WkWLm@6jpd+V+ng{&zrr%Yty;qhhmjGt1S8Hc`X*lgs8ggD<)=fbm8%}8@}UVc}nd(bXF|8BEPciCqIfy&6Q)LT`C~0Gl}7eZvDmnz9MTW zda}k6Ld9HNM5z)s+8Jw%&BRP?frz#|pWK=r49`y|9*-?q?ZQFW9UY?1J72Lpml=b{ za0Z0oLF*+=@dg`1{ZYQd%R3Ui@c6OrgheN6&);0$k3FQ zoIF&edJ#$Yw+`X)OKkMZB6?CIS7}AGmrVRc4v zKnca_Bdh9qc)ZUC3cP%r=u=Y>gbSGSG?o~?*hE;`rrlBV8__XXj-2rLH&>nr(U)cH zn0v{2e-L<^I$35!+g&KnxyDQ2J}$Hv4v!Z>jM5gvZtGvUP;{|-|1G?VUr-&pZ-so3n`uz0n?8*N*qJ+8%A?Z#HC`E5hTg^^L~~eKR?T z%k*}6X|*aG_puLT0AEAzr42Q9>rq*FyzJ{Y<=&WmFBHBBXa!mmey~<8A4|H@6LYCk zHNwGe>NafWiws_8AKxcBbonmGVlr!bN>hqyb+l?_%z9!0Q{onPksotTNa$0rw~LM{ zeDR5y)M`+STSU3kOk7Jq0jm!SXEe?~Y;!i&D2`wc}zH3!v894|bH<`U{j+jG%vnN%9Z`A|_KD1d&}uA1Sc?|nU| zt^zm!F5pLzz90`;fF#I^%z4q@iYr84;e~~J$lvx8br_QmoE_5bLaSeYBwhZ9M@8U) zqZ?p;*6#V(o)iCT`?er2PT&Z5{vV75Oy|M*`5`NOSy?pi>o&uw6W(#LM=+yh3iv$3 z0&H8nb{huSz6cAvkRP|b|4?#6AvSBNq>G1JxQ$$J<4MVw|_1zIbazqoVO1J-_yhXVC{MVe;vhh1O!k8EWo+7 z0PKG7iHyK&l4PON9Y_*$VW%N#7o9)xD-Tv+0S~1ToT|YHX_jK{7`8M8!-%UJ|D{a5|1g>@DTKlhg#fXQjxe<%kC$i%>c_vefpZvo}J`3^x- zC!iZPSHFx7l;C??@)1tWHG~t=6)KWEq|=xA|4I3P*$QwC{h_z*m*{-( zeu{1Jor~bZ0)}bsLz+L`96SCvv@kqvtW>+`&k3E+(BsZk6H4L67pVkkkV_DL_eqBR zU^DP%Nc{2mi%&v^M2HDW$tif$@t1!8U(k!6`#oXq`Al|H@>sSlSIksyELQT;?M^Jf zU!(8VO{eu!i%fdka)D2K3)?MHgzr;jKLlwayCil+r-FSWZ+5GOb+MT=?nh70RNU)F z>YwU23#bj(LEGf?!(Q9~*#CI;{r>C)uG?oi4_jVv!0XI+3LYw1VL7>Nj~Kgf?;EkO zUT4y62P}Y}T@NXWFttD`Y6|;`RSV<}hq2%tH))c(d;1dC+KFnM!D)n9CI@hJgRQip zVEeE%%tAVW?RkSoMP0wIz#L${Gq}bTn^Plytz?S>~H?R%Z%6=WB zX9dQh;3}f~-7boP2V!}_HI5J90q;WK%E}Jjg}`TP@QD}T2JvTk7GMtV_fjtK3AQE) zf~7WKYzfxo1%yH5d0QSoj=Dm?oU=o(q5$U)4md%+EkKUkz`7n_?(b{){OJ4H*qDKQ iyMpzc!7&mApIp9|{+R>o9|RmjE-<$Jj<5w|;C}!kVk%4k literal 0 HcmV?d00001 diff --git a/vendor/github.com/google/go-tpm-tools/internal/test/eventlogs/debian-10.bin b/vendor/github.com/google/go-tpm-tools/internal/test/eventlogs/debian-10.bin new file mode 100644 index 0000000000000000000000000000000000000000..e461a2930fd2a8b9d885c715847b10232e4f6a88 GIT binary patch literal 22220 zcmeHv1z1$w`tQ))seqJ7!wiiyNOyO44qYPM-5`iGf;57(bV(^7p$JGQ4blq8ok2a{ zcZTo$zjL4a|3A-t?mcV7nYGt%zw6z5ul3em?*ae-0944Ih;z(`>H~n4W`igXHnFq< zE+zpk5OQ1^AOVmBPyw_6wg6XvJHP{A3UGkbrLOCa053@06<`TD;t2pj@X&$>`Fk3D zD((`uFPf}LN#8}{%4=Kk!=DOrTv|esN(t;F19o$lb+Q6Oj{I{$fmGoDfWWECw_g=S z#bgz?5{43c)g>nAAE9zX+DsQ$V_v6B;629zEM+1v$D;o_9dgcfQHSti4&f5YlQ;kj z`M3k%eiPMePsJ}k6y|!CEp$6&Qss;I?Dni2!cC&^zlhy~v_XpsKpv2<+gZGt`b;jO zp`6HodEfPS8#)9t@jYlFGOkEEBU%5sbSqgDFc|&>7!0?NhX4-;503_TCr7w$9b&i% z#6m`63YQ5##e##wKmq`9LD)b{WCTq_1WY6+OD|`8;2jby5Fe0_1H=L127$QsuB-eU zz+ctBI3pO2=Feo|kN^n5a5w-+_vrA!aBzT;=69%mXO8yfnQ=6OYTy5zh^#5K>q)$GM3VTJ zEj3QcqxT-U9Uu}am9D)&+VfWeS}W)?(wjNJ>M6rA1oNnZ3;s{(`4K%r2>0qH3mmow zGiJu#lWx|f3BEu?K^cRO9)Evd6*p3Zu0~#X(W?KO+53-FVafK!g@-~e!i>OfT>1>{asU?UPE5@xD|B8VTd zf5-@?XUK2|Ng0_8_W>!P&9sQ5K;po^2H-#e1aNRyh)6&L$k(55JLG9XZaW+xI{%Iu zo(ReFFYPsV%VR1zYGf}Tat#XvdYTBu&%d^}?bc6SZz6aS%QDke@hDigrva~*t-yh} zcsr9~9|1(mb2bbNvA%zwlG%)!#Dt~gnC%;b(`zed9fol01lv#t0KE>~6BRi9y2Ad-*}Ec-Ov*{YdAq)3 zS>qnL>k8$gsu4CioON?>ZHVx=d~{5i@)VNi)|}aNPedxniXIDPs()Am)! zeO{uBh;IhaTc{sQ@fLtIBe#ms^;Q3kQhE{<=f&U{s zGXWWX@=X2LJj+YUQ%Q(XaR5Oeh#dK^(h4B?qRb(( zN|wbl)que;9Y-OIVJ#OdA#F+*m}R zxLvjO(_IT5#T;h0?3 zzJ(A7UeTek+jvS{wJ5)uuXJJ3d47&P;Ulz~Z7DFq$dr5Gs#~yCmArStO%T`*zrAWa zlH)nLXP(?u?IRlM6A`eYR=S?^5XClu=%;)MhEs;zDS03+G8!{793osWFA*FfMEV2% zBz4R#Bu4Xui-xW7C-mnuD;|!#j5Y?|`o{@`@Q9dq&;jZYAgR%#NT{B`g;rj?%3YN86+pp_tR;9ZI4IaLUfak15o_d=;jm^Avst<83PCi*2z+1mMEhY1A zZyAf!vA~?x9=ug(j5PhB|BdaKj66rKOGk6fzh z{5WeyTC=1`=|?Cf;xF>NE>UkCxM+>!hSL^B43}K$_)pnd6D9cv9Rv`pVZ}rXMucvy zjI~RwRkDVr#M?3J`91iq_B?2imArLHZ4rQXmL=3>QuB$kp)m5TOw?zIRTL z?UUJKi``gAPKA_l_L{H?Fw=Y3Nr>xV&y`2k@Yv+gpr%h-iD!Z%wBzY-?Se*BfQ$Hq zKIpu_G|&X+1r5o-kgGi=05Dv4Yv#UCx@2M7`#0Fumf+uZoHV2jS}Y(l3)YSk{iS*C zLcVX>amct3-E#I@x1dh;UeiH@8Jz!D>lR*!G0DLNH6^cg3#7^ktpbCB{zr5RGm!D8 zZlU>W-J&TeCHrqHmts^0g#k%4J9*5a&WHeH4@?O-4T~k>0F<5NM;LW(9hm6-a+0Qb zeZ;KklgG??=Zdn~Vu6W*%^H`V+ur8%7Li5=h(#OdhS+el#!3(Ey0lR%XGQy6JrIdY z;HbMNQ{~aHJEU+&?w0>*a2AEPmm+3O`w7k@@nqX~=3-So!{hUo58m(}uC~$1(%*$N z-6Gg{+4)fP;U`K4`l0W8T1Mob{Zsur_aD^x@UOkEGmBB|;B#KKxl1_2S%k{_PRG`0 z(r>2=Q62S*QVmmtIjSkxoJe=Gj@f4h)6_az|I(;3BA_MQTG>Shp9YbJW-Mk;!v!#= z!mZ<(hPrE4TLAa&w{r1>C>K{C{y%gDM7bbcw*hJYI0g?jZO^*w8w0%5 zJ;b4M4*Zi2BB<<;Kx+?neiHjm8RYbiCNr9B>OVT@Uue0%)Ir>+;#a_tu~SdXN?aQq zZbm5%PkO&Sd@*`)GP&oDL3}d01e%8%I$R~h7{SjCD}&z$hKM02)KeTFG#}nJB>Sq8 z`0a&es5k>TReN2PDq&w|MMfGmdEy703$LeXZb^}^+uPNekyNl2wV&ph?qIDs(#?tD zkcbYB70PuhR%hW;plT$v541Hi3&}E5a$ML^+bU-d`ipa2@F0`KBv6TVzR05UpdTGV zC_FKI`-Mltw^^lO68|kqN2~kd{GEircRQpgI*M zO;a#SqPgu(5i2B({h(yECYy`9_WMiqQkJ0YA|#i=oTip_vIkbH(i+(DS^+O|i8JfM z-`EHz(l)RgC8&hO^~VJpi{&4&VJ$tLaPU}tY1=>@{vGA*$+F_x_mwPO>UZckcn2KR zT+_m9zH*z|-8!xl2vX51;b8qy5cN$woSsxOKlrs?_8Bl!gRn$8osNC*-l|yYZ3B3b zwe*!ReL-Q7R%v2a&1E{8+PQ~c5RjP)Pwym3^#HJ@Z$+(ObJLq4xDb`>y`j&`)8#ce z<4bK?@^(IJQ3#JnJz1)Pm)y1Nep%>mOYDJ?oPAuLIt3ObF>5r|y_DyCW`lI8w z{y_26y4D}4H}ps3|A;K+00Mu?V#YsYG1Tv%l7QG?wpO<0rtX$hVjk``U{_m+djd7_ ze!3(eAc!Bt#|7fzxKu3IQ2L(O*t z)VclECb#LEBglU=57DB5OQn*!oYDowCWi|}4B_n*w{0ou7z}u>E+vT2Q}jIZO^8`KZ79@Rwq*}ya}A|a0}R9n%X$gY(z+$bTVC6GcfZRZ z{MH;25X~X-U%Dk_jPU&N#Jw5bqlw?1DrbH2)2vqi?@fXG5&rial7B(_FVz6yg`bORu}`;C-5$Sio1hww6SD{|f!mK#n>R8gT#C`@NcVO@ zQi-NM(^q_KlJ-ZPYYa{ADH5VTpv~MKP(bIgvWwj&n?X!0B_%1!ZeAAU;PLG3((CV7 zMeN)po~-Dx*)yy7sNtXj)G68W`;q!gDgJ2NFWgPLTaDU{OYg8ST5AyTJqp^+Sbb}eg=>I%)7C5Vr4=ENWlhl9LB%L>QLa#FZFaZ#o5WCK4T`I%%@zvj zL~xCpl31>2uJKwvQypHCTQoJp{@8*Wzp-$+fywqF0&eLf+Q!jIdf3YV)krJpTX6+7 z_(DNUHb`ErNeX5UUv{AkwD?AFAz;g!`99uweK97-JH%R~?MMDYXub(Y@B4J`3-~bj z`AKYdAG`cG3rvGMQ%(tBQR5_{7uMAd z+y`xIB6pX$3(!4~Pe`>MPkFPvMIzgJ6A72|9QP~IVv9eEc_VT*Ep_iVZ--?a5@a6c zBz%OCqPYXsmT##!qC2FLU&o>i?1jq_CY?!{(CwCtrQg0YN9Q=Gp5dWna@JcD*F|-a z*KY9-3EHO?JR9W}{3>&}FRjSXY&y>zm8#tX*Xxncp=5JzM((h7 zAegfZaonrOj9l0Mw<}_FdOIS}Dpa)!8GkXm*zerv$y$9s+f7&Gcc3c|(grP1SH$~< zGopg{vy}_--JbQ`OBaDdvE78>=u3jPJTMrM3ZhIbP7tNwK&9Yr!3N?2a$JjK zOy+-XfY5Psw{-n$C33AluA^BX5GOy7528P=gIl0qRbarM)W^T%@?Y}w>!L6)G1M*1 zJzOoR#3AYo^xNmaq=Dh|ParCFTWcpsln){g|LcI(ka4zI0!EERaK)>kWwRCeiQGHU z?@Vtq8}c1Bjx}dBNi<1hc$F&$U^+`-Tm(4wJ8lLV!A&$;-HBMha(p9}QCeJ$X|8}k6_({({T-H-A`xt(TVwN#(=LmJnujA;gWYK7OW6h0*+ z0eau8KO1;U3gJ4|km%mS>(gEdPzr82VNn|7RlEu#3YA{k5%3FWtKNV^dWH$^*@!C~ zdsVVBD%haI^0XU)+=Pag|4IzLi?PU3^@@}0xj50cH17-6iz3aOSDyQ4*e6)OFm!9X7V!exmO@~jns(14I_E-Evq__y9uX+Zk7kaMN~nDph`>BkrK`JhQX1H(tc9q6m8>-D;i1nOf8$r`8%n}tKcvDAPbeputQ z>6bit^4Ibt5+YBWf65ayEOLH>XUV=Q-7xnRDE2!jjzNH;0d}x;gh-KJudUDtkR)u~ z%)uZEAlbF3ARyGTb#?cENRVqc|EH}f2Bf-vjl~7z1o3k5a&qaB;&1@@`GL>_JRp8f zpdL`{!}_@S1n^C&G)3DQ zX-Dn5wp+4mpjS;asgm;8M z=cxI9y)`)$k*(tPdgR^dq`|!?v!X-ktz(ID@+VIL&Z7C;Uq`(+`)YsNgF%ox_2~K~ z2L%rFRTeb5jC`#re$I1LATs1IG;raD?~i}iWvjp!l`~yfP|jSJ>A&;AOej=gU#KX|7rd& zkqta=8F-I}x`7TRdariJ9DPRys0JAg6jX@vKv|&lFENBh1jh^j@&kE)_XH0|%>4Jf zIzxuFxvixeJ5T~jlM+!7cpu1@$CJku&hhtWLnG&ZTqh(p{>O_(f<-nFjjcoJ`KqxF z>dE0cZasx8nE7=rw@j0|;td5NJP{*FBj!O3K};Hl6BrZZVa@TxE}{O7FJDa=7=tl{ zhIikQ;%$c?J5L{D(5K?aPk7k242zF9+9GRAlm3VeuBf2dHC>2b$S}F3w5+^_lRIjX zJBZeELTPXpZE!pQ&b@Y)RI98?%obsxL$8+eEU;UwOfIQe&cv2x9`KI2 z8gt!!%`=EIcVc;{rT;qQ^+nJTw)ENes43=?Ns?I2I}?{~?5R;66*EM~JBfsCMEdVz zEims5ygX{i&1#x~m0K*o%q3jN_f0zp{sJH)7(F(0v?3mN1vrN4(r*;J2xU^Qr z?$a0u(~UUNu$gA0RcEs)>b&&#hVQ{{{$8g~zwoHw6((VY+jd3`khWKqeP`2qt6$DFHX{3lw@U_CpT)!17?_{ z8`XjIe)CqDXyCX0#{ojZQw4UBy727mLWBJb3*tZK)P(MKUx;Snop^S{wp#v_I*|DY zdDr?6(*O=CbP#c`%}xqBM5r$L!-#D;~amXbV zv6ad4Sg<$@kwYuHN4>kDW%x;W&SQ8aphIzWJxa(QPdq}j=iQQv&pg24lZ)9vX7?~X z27B(v_V<{&LyV_~2R%c%ALvpNi$+`F*5Z$5G)wC}#6Xuyh6tp2-4%TcQeWoD$MN6g ztV`#l#Bz*2c;`L<%+fB_dgDKigjaub$oTC;w)#Xnd!?PnJxPm}7KZeQ_{M!7?eD(W zf^vMxZ3k%wUl`t;&Su^=;(yv;8Q6aK9$!So)0#2&Ee86XhztYQ4~KB>avxDzJU8qv zKGJ-Uf}g2I@7p12!(lG_5Z4g^t}JNmQw_*f*XO2?ht6 zpFRV0wGQlD39O&91$AJ-UnZ5@x%F0=qDbwtW1VPhsfnT(WwK>1IxPN}J*4palk@3h z99M?BA65}0xhC|(Q103bq&=!|A{+CC#rMt4=7%p2vZ7T#X95SXxkX?JTb!~eq3&7x z*oETYw8P?WZ-+L?J6IOuQr<{F7;O}7w@&3TO~4&E6qdaE5AEq5wGX$OoEROxg~h)y-)1=RZ&Ckh!P@cYinG6v>0@}V3BeCyHWrSr z!)uPPc*g!MwR*w(`7tcBJ5Hr0etUx7Kehb8v-B`H_)Hio_W%~3c>V?3cA8T(PM8GK zhT}us1lkfk9sS}evA=HN?DFW;oP9z&%stkTUR>S%&c1d z2o^6gmYusOyq}|?R`bnhHK@CB-_iZPn~#fTyfcB_n6MixUU~%8lztgGD}3p`{T|B{ z?pdFnqx}aSYMUN1mK7$wMOeJcK_Ym9M%G`WP|B?QZpOtRE|nL~F@ep-%3R0rrMU+z zKKO&cSp5mA#8^&7&)bO6Y+bQYp>gTB#cBa-9 z)4q{T2~sH*B(Btbx{}SX__+9jsPQl8{1u*d2i~=ReNNC|ItFRYBou5H2Ut4VwkPBz8s zZG^=;{rG{Q4<{Y-FjWC}vb3ULq=+gqav3Q%8hKdf?o3M!EItQNr7-0yHV`r|b12^F z+1&-^A~>2@RCycpTA-ma?8bbYo%;OoWR=yuq?l*Z>=K`3l@Wu`;Hd#mS|OSEUc+$_ zEd2woYUS+tr0DhBLW8asN?e%=h*cSu94vx0vf7F~DmU~gR=0x3*6ls5=CAjg7fhD7 z^LteRT+4~AFC0$LHL_`M=<5)jpo3y@z86OiqrOW?Hl~G zEFQ1!|9FPyOkR3Uv)ao?y>f>d^O%)F+5Mx+*Ejrau>AL`m4}+RE$WTYjg%yrw=rohwTfeVF~`m)!P0*? zG^}Ahh66|0fNIp#;`O#-BBWPDPTNGVi{OA|tIr1(zYgFxe1(mu9kdQm^{#I@F3{e0 zB1)nz@zXW7Tc$(4gvFEB&%Ztx#2Oa&teUy+l1dsw{9t`x_>D{`wr;i!)(o4fd_L|Gk@ z_1y!kj|OD33i2di@yqfcJxyX48KIa&w->CR$P_VV%!c_IPc@*NDQmsv?rjKgT zJN_CMAcH2eeJm{giwz|ah9ICt-E9ti5 zF6p86C4i-Gpo4VFE^LE0O46BR>f4qLL$jaQaCXV$JmmYU!*D(qEmpBZvivvBh3i-oSs0F2f1C6^rF|mi^2> zVjHaMAWNWfo)FU#Si;_#BoB*6_t?asaNaDMJaoV7*q}U6FC3t2$IXe>++(ji=izDu zi^o)*Nd)(%;K_O#mWBt5+q3+5YFBjNs=iqdz$4^Xc?OHeDJ;l(qY9k)p?@@?YiT~Z zLlGgG{(OWK*EWTTO;$Av7EkB}tY^pjAuF;0|B~)b#watGYtrsG1^AT$zKA^)3*`nr z;ZuT(Uhep(q6cF*R{>$+PwQzou{z~J3OJ00j?bRL;>i+|h)Sp2)(99%y=mLc$Ukc? zR%v`^{_c9&$rz3|-2{uLh|%e~Y*`@BclLAYh9y7EqC;Y29evRGp)vcz*vxP^f zSi$;{{8uDa^h#IKuz1FiA`PWN;51RvK&Y(&;S+mA08Pb1{ixv?2EbcX(Hs6dGfn1Z zfjwklpl0+2+rygGGlN6|V$53Zsw1IUOu_b`0>&1ZZ%_pE#KeWKP`}KU`Ra%sQOp@yuFe)j-U$#p!1933}|M z)h;0Yvkw_SkA#dOTEa;C(@BA(5a; z78EJzNIQqc1Cr0RElC(xVe`HbRoO#8KOJuJ{j#r<0zgMk(tl8Q0-4mHt0N|7Q0v3N?+5J^@6>~~R zWiZhMXUVt_QoxIWWrFpLS9{``-*<1=Z}-1ANWOO7AjKro&7>4JW1UcK%Rm3z4A;lj zMeJ6?eM9~Ttbf_!isSA|PPjE-8)_Z-m{{!X$vB#-LO#50in5z7EI-2h_x79e_1@)+ zS+`pFh6)NvP_G!aJ(yn~E~ilX;B>NeJ-maSmGm9)d%zoGzY zABL`REMOkrhRb?j54ZP1wT&*v3l=XKVXruAI;DRaWiTFSbE4s)g}&py<>pJ23h(IPrP#|_+}{l*aNVOVZ`!+wyyA~UZQeR+Yn<3m6I z`mFk1pN*Xa$FS;%NT~a~kE0frAMMXc_rH&*(X@MxR)fxVBBL}c=+xc!(0qeuje z*q`QgZjY0h`NuU8}iNSIYHh|_boofC*p?u^q+U+3~!0{eHm4(h&=X!Lpb;f zOW($A;)I;BU2Q{S_e$66d5E>d?fKsX?6maW~|fW9#OGaBMi{S$%-}`9(36 z;>vPNBmqGy#hsCPY3URtSo)5eZ#lFVdq(<;UN{rCBzYKbENxSYsQ^>i^xCBN{UTxU z&iRt)2bKJqww35VYUjG>IFvTfxB0tuBH_5EqF7bSVezir;9$S4`_c+2k zNRwORFAWpL>a2#SUIoMAy-6%^sUu74Yu%k-cP_-5s5KdksDu1Lp@1jLtkI0&^K!4it`zS(}4Iog_=fy*{eF8}@Kq$~30! zEnQ1O&$W3e`AE8sQD=-HEhmN2W?seeE| zLh8qF@$d#-Bfl(1bGVkPKw~Pkz#amoFzUf z=q=|W-RZe6S&T(TUDyy|SGdUni!Yk|X^)F!YP16lu!X8S7V8i)6T$$CX+{zeW#ICW@6Oz6!zoj~V z2#aqPL4K^85JUAHtD=kL;)0US#z(}->nWm-k)t1tI?j#v7p-vb5jb1TpZJppI@V}W z3`MIGAF%J?CZ5M(tU6Z7-tb4-Jig&xao`vu^ZYJi8{2sM20yP(tpwIK6+32aobEc`K>#ZtoCl0rm-Jcfq>iEWKDZ&@ zx}`F7yHfoLk6s$PmL0#ShODY~eQ48)mBeSzAx>f!4a-lDivHm?ZZSp0D#?I-%v&`6 zJj=I-N*+yx$VMyV{nPNhmz<;mR6s%E{x;IDOmdb zITpoD{HtX7*5YdZBuI9oV}kVH2`8?^+hhZ8R%mX-SBJR(c-322?!Cp4FPvJ6#L|gT z*C)OQ&X;!axeluM+=yR|#BVz_Q?qnL`Ra}NN59(sgpzyPaSz=)EoqoY`s;ouEI;D} z1rlAOY=W^{{?51v5o5#WAxLzs-`+H0`cxjSi!s3BXS49$I>^LLowsRF$fJBev&OPQ zOO;7jlc(%Ba8?q(VGqn%MK{ogp<0J`aW$;Ae>lCX79?QnMw8XdlwYh!MRp8J|2?CMLdev?Rd^!81Zs+H#lc`Y>RI(O3H$F-H{v0S@XzZ*BFa8Z^{X+UK6zRGDShzh zMf$*MYfst&fvwjGEd9l#im)=}QOxro&33<6-zx~4`gYwiey|MchDttV%fDg&EU7j| zZnx|d1EmJA?M{#q(r8!^O|_ePyPCVl`;Dd6VCkQS*O*`RZ!DCk7E<*j>;Y((emN%u@M*|%lu=GENfe8Y9 z9qc!+)VB|mI-W))k)H8sdGBTO zS@wZXBA}JAAaMzvh`351nwBBnpY4Wz*_~P1JJ`{D z%H*@lL;2XOTHwy(B+v>*<0WL}U=_NnH7q}0>rYe#ur%as;s`3cllDsca>X%==j((q z^pL;%W1$Mc;t%p2xf?WW#Uh?ziN3aB)IB;hU|HI1y0kd0U}`?@mV?C~QcjunZKUCf ziVXQt6wH378Zpv%D%nPorL_vi?9PuK(!% zn4s#Txf|~z29ZnzmGk(#oWu{z`w{DN(nAqwJ|(kiA(z#(Hgx;|!_ucDMu{B*Qxp-V^;ZC`tTkwj-ub(0_yR_p6ld%WuQYiTKT zw-x{-(KfJ9MBjM2_Vvf3qRL%dU%?>?R>BD$NE_^qEohKq(DM8I-@CLZL-uU3fb81h z3TcCE*#Y?_lDpLQf4Pe8!T1m9yZV-{PXJ{d%r-IEnk1o zAOu+envh*=xl8}9LWC2u= zU3Q>5)mTGz)`9M%qjG&0+#tNVL3XdP1UNzde{fy1hqOZO3mhikjTpl9);Dl)ko+?Q z1bEbInowSqDo}&)a&;BMu$OPEvFO%8?=$2%29Dx+1NiP3Sa{2#*8=U+nx%~g{K91Ub-B6{`T6sgIkfPru50mP zm^4w8GKrCkLR{yv0;+?dCGgkZnVzuauO;_@YN39dkWg3Ycpo9#S?NcsR0#^=w^O7| zqA4zSr#meMe`-qr;5Th3o&U}vV`@V!YXNq0SF*IUfLyS?LIP`JvxMo(ZdA5cp82uY z+Z94OyrTT??DY>?3~o$alxGuoE%Jc8A>knb=JR7`E(39g#M-mdNLuwr*CrUW|Eu43 z?2mK*JAOfJ5eVf#>3cjrA0mZ(=PKJ$rt{Cw(2U_YGa+rHOY`l}ewx?`pgSkR!i;=>T{DTmZIT2mk8pS&XpS;#p?E9gfWXOTZS1qUzeUw7>$I7@b6< zI6ujrW+Rj*eFNcGrQFa&Y6&1w{!(Zb_hSq#v}0%~`1L&00X7h0*%7h@BEnP1PK@C{ z6GiXc?U(J~1eDLOmyBKR@~fc7zjb9$ zDbArjS}|=wL$DfLRJzB5L4;#Y$y{CD%TSc&}9jw{5&_Fa@0pvYy134KAivt zjRVDgCvia%(71t|K+x|xBms>MnwI4T+04ws&6LgJI>Uzz>}t(^oq}e`Y6i&)W;Hkc zryMeeu`z!I2P{fc*~5?Yiz5cDVo&pdgnvp)`IQa_I0X_wv%u&OF@fm6yF@^M$(j3$ z9oha!`})hS{(0}u>r@u6bYbbCF|_fRs4?B0d)W6dnk&ng+w->~ec-P^3qOwSQ1(m- z@SN{-JW;Z8_+*Bk0jF&#{ZX#}^k|{(iHp0=5iZ9-p+-2oZ zzU6>tbWnJZZ)}DGtg8GfV`cG(=K&Tnmk?WZd`=G}(lX1twCigeEMOfEi0&;~bxp)V;ClYi3wgo0SW*HupF16m>d@#(?5R0ek6ZEk%DFVzBb;zex7HMb~bL# zzJbSr;ea=e86%#q9;T)4P8xry7O%Tq?8-v&bQT6+JmZqi8vn}NE7{n34C5z&49%q(9?kh9sozMXgb*V_<1|nv*`0F=ox4p3G;g`kc=?d zxII5Zzpja%ej7>E<`ahNFhKJu-5`61KaUmi{K->ci8WrEx7;cu{MFFQjQ3qhmmqOK)zLR?sl0F3k-PW4U@xDh#;?p7==;q zLhxi=KgB(|#3lWZ$K%1$lQlyU@Oh?vR|5h@L%D)dt<5It+S8~`!uS_oTiwg^5-Ru0 z6Mp;6JpN**yPM}7H5g#)UQA~(`ox5J(U%>bffvn0w^WC0hC4CKVq+^93`?N+0s#5p zQ3ezpWvG4!`Gy^juyLFdXNLG=upn4=;f51WbU`0kXKq{W25`H`jd9pDFegZUW% z3I6#4z>k$b=-YnvnxA>`0b{;r7}I&FrE|%6Fo1j}R%XZbdKQ~u$0-46_V^;?_Hr{U zj8mwqK6M-0drKKqeDumujX@>0Zmhx zL(fPdD_NSXRp9P2JOXna9)U5I3&F&|#3V_@)ah_>aJsLQ%#fcc8$k~z#Kz-}R*l{v z#K3@I0dP`5Vz3Be2!)VipHzQd#b6n|IyJuNOrTSWMiKRvfGbq)h_372hof4SN3*w*`;^RPb z7bBlDtn;2K!q)`8y>(m7RQ1#1ZXt8YwEW7{M4DBgMjV&!0Cz`=?8eHM-bB{M_*tLI zFEqWIfz$T6^3z&l6D1EZAs7HgzA{`9eg^DoMhvJVTq2CbX0L6S#5$ULg}l>m|HSBt zJLJFU+lap!La?VXfTR%80QG46A$w$)I)VHOJGZlWkj2EscanmGh?dCk36(xAplkhg z`oM{+*$2aR))H!0oy-5Pi8@fY(v_|q(fd-$*rQj}w~6oSxfwC38J zyB44UkHDITM?eOS?GfJwe=zol6XcHugR;c%>w+*i9?BH4$uSM}1wmy%5xC^|#x_1q z&K{1wNDo00I1#E4ha5-G!QLI|VK2x8XF!$UlT&Is+j%2>kmr3_6p-GYNN*coXYdJ7 z(@^&z8gYtAnqnn~j|Viyji`d*liP;i3p(1YB4UApyDq zgy=CTf+FGJVgHEC+;FaAnOT1=vxbrei-J500xl>Bx|o0OdfMizKh5nM zUsS}j#33A0pYi3Mtsq`>Usw#Sn=-RQ1d~#06HUSHiBqOr?bv!BRhgN^JGb@t`Y_&y z$!E}_5;((z>ISw>ru{wL(9X-+*I1(a4g@~r97a4_`q~&1k0aSj^EZYiK`(0J&cSK_^#BDXlz<5z z42FJyEua9%!(pf=iJ>Sq(QslEL5_iO2*rX!zzoieDmVe9fm4N1D4o|+_z+@3+BB?{ zeZmk|@-&-E5!?a=V1^pP_2Ig?+PRw18cx2xo~H!_?7ZFh-M{NHza7$Dz|++kRVv`= zjkNc(^Ysw`)dJLUP<27Q1(g=m)pMXS!1=&`xClQ8g47I^StH zX0+nBiv0cke^rr#_kU1>FPiy6BEZgk6&1ThkxGNv%`LUhoy9gTy4kwogHUyT?4ScJKHXeNa6xlKjFxz%0AV{t4DxFte}hEL+-&Rn>0ZvL zmDDpUr{a^8X`+M9lo_wJwkq9ZRC_?}N2--Yvnhu%_}b5J?) zP7Kz7QcI~mML6?599k?UYBQ$pOfNj@v^0#_@0Ln1)bGX?SX#N-0LfFfzTbw^!Wyym zb$vb%Vcj%Za+i%lqq})jW8splu}Iadw%?-)YY3Zu+4Vri;VgM(%4h@6s^17jh=VJH zz3bDhC07F%@~Rjt^QdZL+CS27SEsWh#dD^v@5Ke)Y;`7joX^05mHxS#q6`>m+jvGn z;^!)yOJAK~yTvP!_z0 zO7@@yqR$B*ehXFUV6LnBj^iBd2lY(a{m+q49$JC%ClZ_&x*o?MVhEn9ZIZBGa*Xhe zm=k!KXqpT+{L!aV!zn>ah2jzrX(7FRomdoXype9s9yZ@6j`#%FXB|9{7m$Jsa5@wc zLO_08z+$MRtoF@O3m?T2VYnbd7@S-RBZN`YN{|$k_(uLy)&5m{XpoGo^{j|bQSam~ zr|zoEU{-P<=aeF_o51pnVr{x4q4@yReamH7q)cg>2E>PD@fryivm~PB)QwgRGw4z zh0cTwe!5XUZ?%iOT0YO+b`@flAkRxwC2F3~(2S#Yxr-wcOX!Vb$LL)Ty)XG&B$ZOJ zak~`?)&qEQH1YLi7VPKy07(*f*(z06bY~TdG3o2R{1P^=-GZs(_@D#V`a>kpxLz28 z__Q+4d+qRxD`rTmV)m_TKR9%a@aH-uOm~@k&h63A`yzVyoNTYc2~ZB5{Ja1Eah-8A zNyXAPAK`a?pS!0*Av=@K?I$Bo)7`3T?Z|-3d$wYrFItoFY)R&sP>rGS&6Y!inZrit|S zcJ{g8?B?e1FB1mWe#a(E2`5LvVB`c~aP@EnH&sxR$Rpbof{O{k1%(8K5TYpC1xbX+ zHxm9oBgJ2t@_3Vf0sW-mJ#Oo~rq}*~C0D~uBgG6V2J1ozD%)D zsD-_c!CW@=@X6-O5>sgtQ;xAGMdzxN?%%0+!YLf!OH(5^nxwU&sJ9=xZE_#x`PqDQ zCil)+^N9897YVvT7iBl$$~i+#{F%6h9eC^dA(vWj4%~3MG6%sQmn5q&;<(8-qn}QKlcxKAquvDY}nXG0fnL6laniA*}aVTpn;o)g0V?6;4zX}hJ z52N@M=8jXr`Tv=LjrfCl|D_WdqBC=9HwX4Jx5j6=z7Risp%;`U{(yzxbcudZ{dA-{ z>+1N}JrR-inbZk^%7Rh(q+OFSf9KD*S-c2#N)4B1)8>l6JMHAeqJh$D`7XZi;E`PH zBn(x-G`4T|Y=h137%1QQP~Y-6^Ih@cvbq<~Sqv_g;C`(g7P=r(Mb|og9Gv0#C-2MS z(`~8QheI+#X4XAiu!6+WI#`x{;&>arb~SLCv?$v=zUndR83TD700W92%6F@eyKTk^ z2Mh-$f0%D6Xn(bQEBgL$rhGHW6oFL36jsCFO&79Tiyw@gYN|xD$FGpJ1Zce&OAdxz za`f7iC0=K&-`AeFLv2SM2a4`R{$E~u ziXj9M2w{=$Yfq3ALXq(B@E={@-?U!lfuBNoKnOY8uh*V`nA80A;`1)9+u7$zcrF?Q z1x>)1_#CR+4^$l_BXZ z@fZK>8$Q=#yBizz>acVOCycXmZI%dU+}YpA5mU=`_T{U$XqIP^G2$9rYkb~N$0M!A z!;JXi!s@J@)fsX|_=_kub^J9Jxn~bE+5I?syCC`7mVbKI%2nXE^9dCvW}ZilE`4eiiYPVGpy69{x`ET%zv{hO_GCQz@=adWvqC(p z#OkX~G1bY22){cn5iU~s?4$)tr6bU?o>4i|+^E4DXKk;u(fKkaNUIPj7EV`W35!(j z)#w-ThA$Rid3D~dt)Hh?JU^{sKy=k8^kELw&8p}DCz+%Z)dE)6bS@`$Bu1Q*zq83t z_&(#Mo8NSeb2V%99?szQq~_pQDX+gi6FWlextpH%jp&Ls5gQlUtt!cI9iu`7-$CA$ z-80dgG=_H~y3Mja!*3c;6sn}L3v_Z!%cs&=V9L&ChVQ`&!6gG}Y5fljz zkNQVM<%jbgi^~4HsK(A7_DFvp7MU$`@=Kh;=xnE(;Z5@tkU#bA5m7nW*2#IKlBm z&zW~()xOGUT;?&>CwQCQsoZtk(dEqcUcf2rs$-JW7YUvjTI8&YVK}JkI)R5QQoi2o zktQWS)RQl3iRq%b=*-N{Wg&X_Re=&e^*!yQ{)rZ{$rf|YWzGP2yg4_XE87))YbxGn zPK^5Xi)tIUZ4xd!;rS?9Udl7z84ui{>=&_gW8ksqYq)hH9_dld@kW%qRePATtPUY5 zpUnH=d9VL`v4Pf(1q>SF@JNBCsOr5tt^cCg$vsub_sF3DMh@A3yKQ;@6sE*gsD~=&@u*snkZF+8Blh5tB_a1YC~_K5Efm&_OT*$=7F15M2^>BY=T~ywd^W>XJH~h| z?k(O3-Se~fqUT)_7U@TzNkuf&1zB~IatP52ZOvvKP1De4pQwgPTAfyGOU4b{bl@h1 z3&97e_q48VE(S;Y7`N!L`UsnCentj zwR=A$E$C1YKC@oZOI45~T~wLXa%LbY>YM@N;gwJIj4DaU3Lh=`9J!oxGk3VFNU!_E zv2v~U{pKTaPUeAy_2LACq-Y55(Rmp*l|F1`ZeV1@(fceTW3d&6xHF)w4D{`ByT$Fwu6*l*#3+kUiI zjzcNNR;TDCI+yuA^iC`Jm=C<{yZC^LHbU8C!0LARL&tJAk@bcd*^`qZdH8SP;5KPOjV;P^oec7#;LSQ;{ch@Qxg{E< zwZ1qDSD6QpAx|1^e3$pF?b&};u?#u6rrYLZIzY7Nu=!=%HM{k@3n+P$# zUN2;#9n@wl(3^Fyl1nJE)|6*XcF4g;$8QNl=I`CwA5JFr<~sRy8loip()=>cNmt1m zmr6Y7`!1s6+uw}diJt7_!z(Z5MuzhH#1P8Z@9=8jt~ds|L=h7=qT@w{q6RgY`C$Q+ zw)RnNrlrRDG%E^e9M-A>Chd2!nl7N@=@z4EHQXHTlCj)>>J^@*2WKU;9UhWW&A8=y z%8Ume8y!E}?etMz**0@k*16@ghwF;%F8pCIvY|8JapGXJUed33zVek$F{jXYC@hx_N)NpdG-r_Y*nS>e}0V@~-w zJxKRL$Ln8j&D$qs#VjmlddFVo{~^Z`iPwv_T&0u2*3@g7{0SXD%t0B#=;9UMeDXnJ zUhoqK9Nyg1L9XnV8haY8x2-k?(eVRzi(K0w_4;e}d`*`Qg*x)N$D?zs$q%Ubc@b+p zGw$g4QymL>kEBlDiRT?%@+h(nUXj}SP=7$`;AgQuOA)26h>lO%pCfV}7LrSpp(b!b zysdhP_nwoTbD~CC?d1*c!p*bjcpR%w*jQH#;&ZL54wgv9q*$IGWKs8Gx~9$-M%I$* ziT{M3?I<#_M^>(M1VRqDDycA-PdFYV&pzc5&B#8K7|2G)<4v5?(j~)P45)J_8wh9r zS_6qroXSCZCkN=6W;xvAK*z(LC?t=ST&&H47nC^o3DyPeJ%H}Q2+L=7YZj7n?R?Sk z1T-lU7x*?rA4m^i7uZdBnMw3lY$hvPSQELqjx=6LK*tjjKJ7-HTFgZX(OvSMj@2N; z3w@}1^E5X_?ue{52?g;__^yrpj5Jo&*6v7AgkPe}t1pQ#0H@Aea8~accdz*ubUX>N zz4gN<0A4*RnQ@2o?>XalDxmFv!v5DiK~abb_pHN?|I!Z zx^Txwm-!wI^8;c=&uZfi1poaLRYgN}Ji6sS;o;}G_6+>t#$5I4%9rK_#4j3bIS*aP z>9g`%yz(-UG6kK#DDG1IRw=Q30mU8vi%kOMR*n#1N2}HhD`%02Y=YvK=y-AYm#m_R zl#wGA_?WY-))Ja-TKJCEHQP9K5Zi{!=9uVs*}klt37OT~26`2{R@31vk5}D&Px}OV z8D8}ycj=SyLB}hkk99|8huYx;R}&;pC^Ya1R26OIaD2H)r19#FA5}6sUgZU@4d*0w zX7u~ht}DE+NItilxx2mM7z8#FH08H9 z4{Rphg4>9o?TF$kEGx_^y+#`^tzmxKd7nafqig`!}wNJN^cFv7XIk~D|EcqdJ^&_n_7rL zzOwCulj&bNNm%@ex5%A7PQ7XB`D*8fj`wzzsWE`Mz&AciXQlN)wmm-8*n?y;-L6z0&g}L?%d{F(WbKbB^fvD`x4Jx2d}sLtbe& z-%){iZLG10+rBxx{o?fGL^73hIXXUWSk-jxM)g)=d2uSt#m2E@_+qTbHRTk0YH!wd zQ>8j|eEg>Hqio>C4kcz@ZxXIU55}UTbgq=hQ=M}YL9gw$Skdu`SM#p)&*3xRJn(Vo z;ab*R8j@Pqai5RfFC8Xo3R7i3$7kFevTM8kl&aCUo}^AQ`8q&F>Vte&sE~i&zJXZK z>vRDNk-?37qt1S3RaGzh;@(5Y-`fz-Nz|%1D9ywT+0`1X$6vIZ-C04d7V@M#ov>6& zM8}spaePR1=NS65;bal}=F;WgBsF`ai6+a!pJQ1MN*S}D<&zNn{Y$)Kow;W||eXV=i^VN|eMCgU~hC5%f@Fb4xIEJC(nkCNxCH*RBSq9)sJcR z6H@Oe^D=)dpsKTs6N+v5DgJg)Hy2edbB8l!hvS2{@#y#-*URy8L%BCEm{3+HH|wga zS!;IC$M;F@JvAK;o-axKs!p}jCbQdeQdhRY!PIy}Wbf3LTpv1q zv}Yk*WXq99G(zEjmm$sLe$j)cI^Ki#Nm*=3r3Ngr^q2aD-$?N6l9d}pH zG^*61kjamVjTtAC;wSy-re?HJPYfYrNJ&i?I4~T_2;Uu~yYB%}!k5?MZ0RsZ=Wke- zMK~kfaG+{-|G8MdYz@_l^!2^!jN;%2v`hEws_W75{^PX7`Gm2DR+1QW__Iv5cmV|D zFnz0@nAz3XIGC#dI=)k?Qi82CW6RoC*>7CzMe4g!Gv=N`6@g`8Qm;1>^HJz{Nz531 z8G_bBu~tLJ+Z&s|Aq&Xlrzkbr7G~Bfcl}JTs|W;``h8s0;_|kDm`c zJeKh9YA1^8-^J^=-~XQeN9{KJU2>uL{9U}jz4X707izTsPPssS-}F^f4n_gQ>J$gz zJ8X3AwdQ5`v)+XPjEWy8;9w6{*gHv~^0wlkLgt0j4BH9K>;USh3YZRwkMqC# zo6Cp0nfdce(s~Ubw@ao=vLgMwTzH?hMnwltUqIAjN8tEK3UEj*{X^ACfHI&4uz)Yh z1_D0dNf8IY9i(&s8}R&yFW`LiK>{8>Jo77}T)KleGRj-!YM`|9sLG{jHf9$-;@8ZI zmGLFj580$S0Gi`^51B9i>hb@&488sl8RDSjPfp57!#kmtQyj7Y%W=Jj#K&X(Uss66 z0OfN){rIM zxL`5KE$L*7BV84H!fQVmKtx|&z`9eDOjJ3d#<^GrmHWcW_^{%UobMw4de=BBN#QSK z_@=tRg>SNamjMo-{sfQewLOx?7StGm?>86eebO5(BQ*D1+dfR@^x9r{^KbKgJ2z5;K_=)u{=KzlQ5Asc$JQc_ z>U{}Hbu95|0A(#EAjJYotpoOv@X?jWkuA9aTwn`Mfh9^H?Q}F=9^khxSfT))%<=&L zP^Yy}mWHBOKs@3IuLkCVfCRt?oCQ$l_P)ndltid#ip>mxu>%EVq!hdFQDuLUAO!S( za_6`Yp#i{(ialSKWUhP(t)}h({n^?7iPjuP{4?4Zpm4uiP5y{sAmX>A1j^qY7_L1O z9dSNo*q_&_tVU7gG~Nx4Bb%`fa%9E z6gnEijej$SqTooVf#ZSlhyVA-kPzh<{-Y#^jyf`wzZ~R$rn$c!h4VS$8+Nc^fg+SfR<~#G=@~7C^cUEj(O+54$3K+9V02}sagNzF4 zsPy9?ivlRu2?t$>!;z7BgC=GN4yz#;=4`=S5iGxOROSHUFrXB`oZnaHyE@#rII$r$rr@ay;M zn#&r=2xJ=up3vWX-Jl*B0rL2>HtB))Q0d1uiG6F60w}!z_%Q-M|7}Z96Buw}8isP# zP=Ki*9iJl|N3GaKRL*I-A%FOk6*Cw#B41y4`Iu+LN#*u!$~$g(_?<{MmnG`wSKo|P zKM$YIDF&aVc`s@OW&pr~;`Dop`*!)=fnk93(Q*Lucu@eMCOI-kfL%P{dY#9?KOZ>$ E7oXGm`Tzg` literal 0 HcmV?d00001 diff --git a/vendor/github.com/google/go-tpm-tools/internal/test/eventlogs/rhel8-uefi.bin b/vendor/github.com/google/go-tpm-tools/internal/test/eventlogs/rhel8-uefi.bin new file mode 100644 index 0000000000000000000000000000000000000000..fcca9f4388871f1a7595b6da3dada1b54016f676 GIT binary patch literal 34034 zcmeFa1z1(x)-S&4*qctJL8M`CI;6Y1ySrPF?rso78bKNfDe009DN&G6QX~yf?%u|E z-*@w#?|k?9|Ic&obMLosvzTlB_LyVMHRhjdkFV0Hdmc}nA&+yzwd#@&B=2RsVtswqAb+hI;IQ564tRSKoTGgWkUyG5AXnZ0lWd`04Hc$ z=11EZ;0tYg0IZ=$d;pN2i~{if!Re#ePZI74AH`C&sTg`lJoxOZz6SyU_q^T|EA2F9 zX;+d}Znuq8Ya|F8yxv#gD9YZbvHQm03IaS>l?xO<%W0#6g8KaA(J7Ra2+q79M?mys;_wfm-govNj zQHqsdg8-~=rUp+n=LXLnnh@@rR}R*ZLZrotcmvuv9WK#a!FC+y0JCol#NnTNIr zYp8gjy_&CX#=S_J!Fz%QSj$FYiO2lK6qK7EnCN;8P15Ggn3AXleR+# z(o*|QCaN!Jw)7p^=e3?ggz;l-gHM`Y1*sgqOYYrc#yl%bC^)f%-4{a=!6p4tW?7%vh8Fs z;84VKa45o?0whEPL_`e0O9jGh+c4u@FcvBXbEI74CoBX6APNAC3&941P?5Bekw7Re z*1m3zU`i4!2tSyg6T%7Mfk1c+el!I*!M~b+^Nmmh+CP&;Kmj0yBH#d^-D4t#A|L?9 zT3@0Ee0FxU+$BLAu{Z^$jeJku$O~YVo`^uu(2xtbki6Z6RT@)w{F-2hcRR>F<4L^h zR1uvkcdu&wBget7L}bs>dmbjbMWskg*wf&o-Cy?3?}Cs}tMwcP(_K6l(%HaVkloD# z*UlMNAX&x~T?)L-ER5>!@NwOZ-(JN zTM?j}@J&70oG&lv{$`6y#z&1@$ww=4cPPd?1oH8Vw`H+pp7E}vKFuhfP}q>6(^Eu5 zLI5BXYl79m6wr~Tz(yuUCd^g~N0K<U z_Zp^eKO=Y;&$`f2bw5QkD0D~U=Lp4H_9k*v@E?N-^wdl@C(qv_Z+?ThN$?t@`ZNJ6tzeX@U zTotes#4n2{8FIssOHFsf^HEt))a$-=g-g$Sif9;7Ltz-a2D|oAV&Ndx^k5F*8sSm5 zek7jWRuOmfhT_5M#ap8H%_>P<3qIT>%bE1f-&U#|SC6vO<7!w!=s-rq<)>%PR-}-= zu;t37e<)f-Rw5}iHaHL5C~L5{nwhSf4eERt6KMV-R-{J_ZPZ%r4WtL zu$C3JyqMqB;p{u_?FY4P7+7)!;E||eZvY?j6Qv~%o~?z~=j5`!KWj;u$9TKmja*&@ zCSR31K~>AKdaNEa9HE*-9Xaux<8A&`X!pU+_{6EEgM}bavUQ#Q+jo>NbNz&sc?~Dt1 z4;O*ied|jY!JR953=TUVnX5L{=PT9j%z95QuxI>*H*>9p#+aD%FFo{&_G(fO&v^)f z2NCx-O~>+l#t$u1dusi~!u_LyHZ;n&^X{S9ClUSBT%ic6(2-IEzY@2M5m1|BuMK}4mN^)oeEhS4ArUyss+lCigsRJ zZh{;fmL5**&c9`u-O|;W!_Cnic9g@-!_~^$(#w+rDi%-~hl(y#ZlOX8l~q%yFo4;h z|G+%#P$<|86&-q^C@5$M2*_Gs4Y1npHW)Ed>Q_g;zP^9gk+sKvqX#dz>5CK!9n87# z=rh7}Qp6X`cP^My$w3PR(?{DHHsv3Rn!N8O1D>#z_!#W^x3uy(sNci2I)7_*jA;A( zQ#qMmXWK-yo)u_bclbuJDa!n-!72L*IYrKvJ>wbhS@+qqHb1mtmhZW*xOKw!LtoU0 z)4M%%-1(l2vye%(^*)`dff+=i38o)yTNjD*`wXgNzc!}t{Hv^xN~!h@q`f{-G4U7H=Y;oOZ(C8iG_sVV(xHRYFITR&A=s} zBM1N(ZMd-@D4Z!>+_5}`ZENlN+xL`(o`Y>x&^Zh5dy4(CX}6&J>%J!{F4Ss${%y6; zXZwH9L536i|D&xIAJhTn*dXy(BmFQt&h~iOkq_=2G^#nV0asF@2}zs{x8-WQn?8&vQ7YUB z+zid3@bgs$)pefZ%o5Lbd}S$B=QlpPXnW;{`08pOlPvRP*s~i1JI&qq#O}SNVq_Tk zdZ=SU{w^>*u=}G_gTKJma)U*jau>hby4@|p5v~$+zL$FTCbIztJ;<8q?^WuUqb$+Q zT`h_9cNAlpp87bblN}gt_CNdmLMWd^HtL==msA3UA-Tp>_-YlXWAg?vljl z40U@L|56p=@{%??mTc~StlK}apMPuJc+e%Tz+)4id_dK>c6vNaGMqjP0f+eF3=(7t zPn<*e<@5=(Pj>XU%ZP!YPmHTWmxIH^QIi@ej*(hVZW@yvsU?4TsvR!DNKW0^P@_&b z&|Q_4K|`MW3g^=IQHEzq^o!0;jaC#jtX17d1?C4>Th8=LVmKsX!xO~{y~?#Y_!Q_` zNu5I-tt`UwEL5DA4m9?vxx;}H+?TwlByma9V%<-3=)D=nN05roji=x9YTa#BYnsKM zM(b+#T3w+`3VwM&ddfja?8x!PCcchtYbbp2V7G@Wv|2}zl8w zwpo|U%~SuiS+krqWWNN(eK_w~+cue$&8DmtcA`$u(|qFWhR7*9kz~3i4wEFch=jp} zP*d^3Q+BMi2QyCIo6Yu3G?8D?rq9=vryCKL9d4X82!*KW zlyS0sFN*mh5y?QRT^RbpAonvkTZ^zvHj|!X`1YoF`b{H5(XGsl2*W!fqV2N89@^{l zwDn8(-Xozh7k{Emmgxgv&EJUGz~*7FKyoK4JDg%DDA4CK`^=yIY|YQ@bDL6RRQmZ^ z4Wjf1>)z(#Kzm|uwA9?QvJU+)J$U0;%rWW`1vUByYhXy_{=kaH-0|7$>ApG1AZq6TO z<7blx)&z%y|65pP2ebZUmHrP_b?sfOTzx&M)qXm>&^V4-?Y|rFyau%wZL(u*ydU_K zY2N{$>9ptKI;=(>)e8QA8rD8Q9lrEwChmm4uCk<>Ex^Jb$krvBq|4&4dJjPDsEJhO@59#7uU7Bt$@e=f@ z&NI}satev3vc4S}_uYP?rSi!Lh#Y0zC`nr0u;zTjci-UFS2?8LmO~P1IYj@p8=05SQ)HX zAYULGDgD0{@Ib{ED!fpc{Tb?jdD%F*euO#(ze5{nsG|Z_0xSG(Lqi>r|6Zu`PiX(G z86dn2a91z&?{#T76cFjSqk-eXB8p4k`Mun3O0JAsIW`mJ_6LYevbq2K6+gSQ<7xL6 z(qyLX9atNQE?EvjB? zIjMp5%Ju@jr$1InJlzk7^wjOupz-83I4O?R8Ae`4!#MaHw=r=Vm{{}i92kp!Av!|g z5v2KS@44mLhA_msE@bPtYMi(vU%0$Jw^w2+Iowo>;womhjY2lrwa!yTJYOu|bgPiL z0WZZfmWJ`;#2ZfmQ;|v|v;9>h-11qBozwHoh~^;mXdBrZ2}O1I!XeCdD8B6}N*4E; zd(ej3?nZGVVJlkPeX#T5azcS`gsnt3fc(4g$}=2;uk-y+5hD-{qbVS1yU zlj=N}^JASxA={gZM#y`DdxWyu7RYMZf|^T5)BnZKX6oqUOM0Hz z0jc!SM68jcNF~y&8!0oU!Zu<*&mJAfC^5E}FR(y)S$s-I|}3KdKw-%2k0p>04q!t{?c< zAjjm>&8T3TaP=Bg{MFpjfD4m{Ta7?Kc(J2SN~>pr*gcE_3|h+8Dw8qwkm;|Rrl*2i zVj~^7Ab>;!JzItXqIiX0;?{sl+1kZL*U>p{-%4#m=NW zX|6>Qu+A#9>iNjJ#fIWcK4t7n^P4Qj{HHAwtvSympGju7rT=|ww*e;G-T!57gIxP|5{f6Dmu-ySY0_hT)Qd!JM$0E~C63s`RAQ}u#l`(Zg6KTYJfH{nEg(j<=b(7xtMK2RA6Yww>dOBG8~a5qSxtoWIt_E zNC7w`@5iH>pAP^K!GNF73+Q3b3w~>DBqUVKUpYEVBvhz#fMFIXhY zG&p~9^9cV0B_Yb>$iQecfzH#Kf~fTkt>e7B?MU(9f`y7v(-)*Lv5=Lhhj&EDvDEX^ ztue#pY&VNOmnnRFKR(`>zJW1g%tlOxLIfO@Y7{Y-pzUWiQW>BqUSHE_*gK75S>YEj zzKAZ=u{LE}qozLI;YVuK{Tz>~G1MtQvL@a%~Krkv1=Vdi}Jq5Hf3EWPD$w3v+XGyHWqX zP-A>CSrc_}t4O$OJPn{v0N(9=_Di2U{Cj;84b>-ZKlKR)7P)}YR0S7XO{d z2NIxZxjNZ9L$%1Shj^F-D3bP`maY&AFxd}PK|rWu@8RVQ)gV6-2tU18aWM6dhkD## zE(jkt9~ZX)DGn!CKmZIozzY%J0vmuu|3MP;i{!7T2S5;-xQmy$hqWh!4C?Q|o(_QU z|I&%3w}qtmzns<2lq08Tidb&sCu5fRWUQrDB#5M$A6o}bzl)|FM=y;dRn6o0 ztVn5>a;T)<`zgrw^oGpim~Rp|Z%ZZ=9hhvzhHdwgcGlipeq67X{y0;v+a3ojj`h^u z(4D>P?N8cO`x+`QXH)OTQY5P_cgM=I5%+~-nGk_DqYlz@f9_lBM3nm%va7RNPrnd2 zo$gVu;+hbe<6*tteF*p>Q=X=4i*lgxRo64sBiOetmej`7nE%NmP;7ddBJMI80HT=F zEVf|E%9(1^sK~gCh@XTP-XQ&$I8Wp5(T&-Ws9ZJA7h^9!%^KZ~u_!r_-8+-4B!Bn_ z;3ihcb2RR^J5c}I(+q)*)cqe1W+-rA5B6Xganv7{;^#a^2ctp{!;>eK2()@hR$kY`mJo@1!Dc*kMncMsskRcsMamL%eZB$~i#U52_p7eWs zXjK*M2lF?HZ?ep8sI04Q;pC5-LGFJ0shTK7HL-qU?0-uW6c!L5z@>8kc^xAwEtykq#cUly|Z)ieX zF^X;499S~vbIg4~a|d^(+}o?;KhheB(2qIOvYTgR)aJ4)>oo`ZA@*Uner+&hcyqt# zIf$^zb3dz&$mHN)tJGW6Z_RyzV(uGm*<)8D)REJvpaQ_K?}^XEt+74fEAl;4A<$vvmjxSxgv*XeMAlp;o(8XHxl2M zG=y*UUW#Soo%?jfw_E?zI?(wDeLnmT*8l;gbdYg>xSbUA$S_;-hZBMDr$=>Y!EpEW z$6V1RD=|}I+Bv@OXq5J9%qgE#)Lt&f`;FB}m;y${ZJG}|I>v8Bmb^#Dg1VG9w_}6@ z@g$z0;-nv^1W%rIU06Fr<_P@q8oB$u49QTdnzoJh|E*Wn}*h)NI&@ONE z7KeOOF-9US=&c%fBlCWRd=md<-nMLBT0G~t)Jv}+aE@-N&Q#ze3SQ&s3DcKXxtcSb z9Mulqx23Jx+88sV5?em{>wdk9eMf;mwc|MB_&wv)r^W1>CIXL|tb;pGmhnZ^d~BKW zr-7K1QCUVFuTBuW6kemX`Rq7czNUR8gSb$OIdDMKfx}YqDxoXLwYsQfKv_ZdX^&2F zGs$h@{vIW@RI#cG@h`k-l8jEYKVt^in_Td7CAe|P9@2${_${T3^2W3(MTy2c=LWI( zax-Ods#NQIOnCemM_BRKhZpmyI3A3*UTq>tbI%w?pxts5%D7+ULN;+19zU?OSQxoJ z%!X0>gxNKS-7^YH#Of2P3i_d~ze6|Yoo`Pn;i z4<0%)8L(iY!sGiYa%8YdtO|7d^qj*c&Q5F4TW|&Z4`MjI*ghU;f^6XNdKc+84>OAN zC7)iH(&HAaif$_DjhJ9QLyltdwyVr?hsSHC^c7v;(IA#RpB&CX3urs45Zmivt7fo+;c zR%~7Oueb(_nO{fdn-P2`W@qI*8r^b+$1@G?X*AvuER17aJa8#D3pl*<^=;dCJZo>G z<9CGN3R3X+a&5+)fkIr6#p8oFIiEacA z6C$4Qc-b*@bB1-)oX9mn$3xaR+|L6B&W^8mY3%yQST~prR^jpP$H}fUwDN&k#WEI^ zx3VsWajAWA&Is&wHkP_Zzgc?2<3nEwO*EdPOHSlv^-V{O=jw}(3vc6M>$$Ql>+tEC z+QQ>w=jHT|GMdg3YM-P79n5X3=I=(kB*~;%k$BJy=u5Z4;}a5#VkX~XlA~36T8}b* zP(PTxbFAjP9eq(fkKGk4M-Gp#*{gx5GvIq3WISQF#S=JyR7BW<1-WRmKl5Q!yfi3; z$M<7&R>^u-FTP5BLfh0rdJ&&qD8ov%Q$pNo9Lp8mdkK#pBWYtXjxRUACt zO4o1+-!F%quv+Jwn@XeB@iXX)6u?j4d*`DHo7I9eJYITexW*fEvR&?yPvgE7{%b4c zn#Ghm{VH?r9wIC*+@MAl@t*k&v}*( zD#}~LFY1wgcNt@4!+13oa985R7CzVg1g3uAHGPXaXF6J(S#v@pvVFc^qgT5v>%fRf zef!e=oaX+dd>aQmeZ@$-(mCsn*U0b<45*+kWr6av~#W+k+9bH-e~clDDhNe zn;9leB4@EBXv5>5ZlQAHbUErqW^tvV<=<*{EU`x0FiD}P<7H+Z-*JbM10J7&oR2NeH1^!B)N6P(Vhs!fNy5NfK9xHcab=ia?O-(>SDE9Kp_ z_=Zoi$pj=cdSt|#QA{Rr*mPC`Pyg7rRyB7eC3ZW%*r?~J3U{^=a!r;sC+nR$d0k~* zwQKeit5?Z;@8+RS>ycpV8?*KO!hUrC_j+>sQ>SxGtz5cm_Bu>2h)UfXiA_1 zp8tN0%5XE!Rf7rou`*@HyBJHT;Mkkidm3UJ{d+Ge#;)1-qezkAmQ&I6YQhU(oPxdl z-FWN$4rcAOb_r}>miUzvc>4E7Mzt&_a1f}P&`qAT`A%2Og!PLm=$hT>Avk8;8}Nt6 zZvzC3pJOBIhHL}W{TkcOigZ7^5T($R1?ZbPtka`@gU6FMuDm!N#-DuLn3hQ3{+%T= z1!ohD#&t=H(U#3A(32P*FEYU}`gC84e{74cm7)Km>57rQAfL^vY$X%PyQ1fXj_`Q9 z4>FuX&&h3uMPgp3?S8;dC(7xPZtNXmyFVnKQ&b=ck6%}W7-$o_%L&INdp>1*OQ!sG zkG+!S<~O#7ko+?f^eK4!`(B`6W5|9qG}~9o#22!tXmGPvHTt%rhTHr7#wYar@c6*0 z;0mH)rMcRD%NXP(m3q5!ZGZKWmjZR}U`A~g$9Q=Bdpjy32+b~~?I*>Ky77T6L^oEl z_yN;qV>h;o3c03Jc>K!PowwcCn|1ZbQL`QeUuDmFU3H7~pWkB$rX*CUYU_u`BkEqc z<1iC%#ys^(>-Ir@JYHeWv{?SlZl<}`QUDoZ438H~`S@jvF{tQ)()~0b>rIolO51OT z!3vuh)dTVU(s!=Oo4h8#AKNMSSRJdfH1Fxlz&w_Sg#{~Q?tSmJ;s|oDEqMANu|WE&)7!BR!NG4iP(iG16`%b6@uC7+V9xM{~<& zSE$DDOf~LavyZ_lJW7^!?FYicsjEicG^_LPly*Gyeq+6`rrtLvPwm$Fj$g-IU;pwBd)5h%VkSSAN zi4s|;JJbbc<+3^*u2;GZuJ+u>Pbh`QV=#Uci~B_Xj>2})oxl7;hejqFqwJ9jPZY5b zF}8Sf^)>vL*b1D88}V44pK~7vM(w-mJINEMT_nY|1($KOrzpbXF}-(z6mGjEvnO7+ zoSRgK8byNi9eB7fTKgPTm%Kep;PD{!g=E+MG(349r6O+_Mg6Y2YIY#1f8lEVOI*q_;`#2Kke3OQa@nu7V;WA2rf)VRb7)lyI1gogY7f z$CD+e5S7n)ZV@n+`_Xk;kiXMjt=UW*VgB)b`5_QvK1B$sb)o!k&Sk6T0JItSKpQbyoy-48Qk`0gNvtF?8 zHvAGNagPTtS%`*jyCl~&A`kOO|G**A&!LPP9?$P=Z?wuL?XyPqV(e`5k>9ddk?W^9nUrWBeeZ~k2`^GMep zb)`Z?`!rQgeRzIE1a5zPR%r0DP~5iN>TdWQVM&?|;|{5n?O{IgAU4Kp{-+q`ptF8U zU3$d^5TUFSLGX$Ktcw%&UY|pP;<@Q*TM|5d@rY0==SstJ?t6YkET%b_-fl09(jF_z z#`+6~we@GCT*FU)sQ2yWR3Uk7t$Px_#rXzwb`v2-$`Rr4sd@)}o-aIJI?7Rb(R|KO zFg+N}3-PXTqk&w*VTO(Ud(D54y&|)$7i+#mKJX_XfV@**He}}@!7;8mB@*tv7~rgj=STNlis08V4cbnh z@mk2|gXkD7D|$_@LyWtj3uigA8JX~Sz2vX7?leQr$p?=thXVzzxjqz}e=IB#rRtX^ z$Q|ssmd`P!%o%N0xR0o4r?HBt@3uZM?|M%A0pa1)LC~W3SoO8|+I*tF*tbg`vHN?? zh8uTR*2@kTRHAi3^3}F?8)p}HuKAyqROq^mq|&^s$%ENIMcn>o#&zN6x0-jH@MAYt z>RwjC^KaeoevEVpsSmP>r?Kk!0&9eGCZFViSIB@XII7__Zj1>+lH1MkO`tD?_*5s;3L;OX0W&YY7ob!zNreYn#1eG+CX`5-Igro|NvYkCOR zV8S*1=G?wJBN878`rH`gb#Ylrt-P@w7fnFWPC+@gA}gDw0#Dz0cbZdowQp>&aSjJZT@pJ--4uK8C%@?%diIEBdX)|01=Xg?d0 z`dHLr1fh~QAx$=OQv)!-^B-E(CijxgY4VeG&LyF~@`q%Wd35%pVoYGJS|sBn_qF*I zqwFWZo5YztmSV8&#eM=_D6)BQsxKRV%*x`}5P@(lA0Ce+zksfLbL$CB4}ql|9VZ%R z)}q~UvR;Zc)8PR1;Wd9aA#EOHe?#Az&}VB!M)56k#8-{r=CfOKg?*PJQ*x8n{HtWk zvx|YPyUlN$(xVB@sNZ_j`@F2wog2=_F~cVL&bAJJy(!iXC5Q4t{I?2PZga|QuFvb1 z4$CD(gPIKyJTW*gG_T>a$O*H$5)B8#1*-ZJEcc#$t^DSrJi5&xRN?z#c+vqLpYG=O zCBQs0GhT4#VUDq$O<-g+>-q4=%NW~|%=Wvdci{1vn`-H5v%$-K7FUT(+A;XCRODNF z5i?jZz4wYLrZBF_PgYpd2dUJZ?UX_7qtjrXjJ#^;JJ=S2AHUx_?k@F<*np>>ReBRc zO3DK3Bz|#FowX`C$NQV)-M5=FOiaN(=5!&~ag9|0cBZ*s7;owe{fvh zF3R?v~ZYs5i=a`tO?dfAQg+~V{G9x-sK1h%^q@~rx)h6^rno7}p?H@S9$&KL*V5lvsKxUV z{d226dv9s=1^({6YC;E|{U&g_)wO(S#jV*F^UD$~0=bz583nGS=k=AP&phj1o)mnb z@obE9f~Q|Cv=!4WtCID`u%U}fQ(msc@fniO>WW_d_XXRgLc>dV{ImI{_YwD`!>|zo z?rkjURPSXCF=5x)7zoP>D(Jb#Z6Ed)JcpxG^(*3~4<7c3#v#V1$@e zF);wo|8q&>PveYFm;(|TFGD9u;R#YoYIJd)%{Y$4cQh>XIOF zh=u2;PtEXTAGegEYLjHhF>V?|pul?iM8*4AF{;T1`C#rf|D>M{ZwNGL5`S`$^6i)+ zT8yST%&9DPm9^bJqX&2vJqJ&JFwd&=nZPDlp{;~QAPI^C>BJod*BKY?FTzmh+rLb;fc&dZw#6CY z@ryZl(@t^;a~B<26pCnHKigv2V5G|>Z7EW99lNPWT=NH(Y+{=jBG7Fkd$^l6J70ae zr4b@z?@61}%3N5gOigwMPk))m>>G%)NhxgZ_$o3PX$C#bzUp{56a91TV@b!aGS~7U ztB6k;!=ftQ&JAiXqCae|e49CZ`ZRNBv%N3l4S~JyIXwN+fmpog6fk*@CCP z;e6?yM?=`Vk+T~e{)kb!lGD{S=)DTIW^SO?A{Fm7{kf5yavIk$koN2#aw2rX#9@@&AxnCSUWsE(0;`1|ACk4fkmwl<%1N+2C(HD^v%HPEqn2($5>)7?3naVPmEaC zcAtH-`c%c-de*A|k3XTBGauN=z!ei637{xitQcK))4$Kzwwg5W=qqoUkPeSOO>|y# zPs|W9D^g{BUWS=L^QOl36}^PveZh%4>i3tfJ&zbhF}tH$!0+oKacnt=+?bacjzs%5 zl}!h=qOQHE>$@vFeJWzK_z6JXIs2)+6z zDmxy_P7u;)w!-7J&=Fp98~5~yoI;)&o_4>Bo4wKG+gkayV)AITFJCJO_WnHV6;jyi zSjd26`xk!ir7;=RJtfIRGzNM#9&CC70jr|s*~k?fuf%k3u=NWs$nE;Zu4r_~$8V$D z>Lz@KcLM|vkQ8qrWu0Ld7_1BY3;?Yzn)CKEu_WqRdsYW7)rceH>yb9Lx{n-Qn!T;g z$B+5=>!np#B_9BEaqzEdK77%O?ROd4AlOCcH0<$7vIk~wNPqxeT#3pX$-Gt{y$5v& zvK$hrS4%=O9hy+)?M=d~-+P>a0LS5}b5uoJlo3K5RTld>msov{vH4);i!OejvByIW zsY6mk7%h^5`|h`L(YBVe+4!No!k5RvfF6TwzgCg`qk@krw4RR@w4#p(j87=Pf8|(n zg5-;R|D^g6*VkzfY1N^er{@e1fTk(=bbY+GhA_WM8ix|~a&BAwl_;GB;>(_QPqE8E z+#rCcaUHllQRKGl=vrh6BC>sB%W6%n;77Uj z0@^n`$FNFLur253?jIaOU*m@UaQ@)b0-yoq-3mYrkb_ou@`CQA0WQ!z?0VdwAA5i& z^lxf_67(+@Xek9hC@o|J<{#e${O;h_%4{V*k3;b7LYe4!^xJ8Ecw&f%$jICPBPc}~ zfIM{X@uMfZAN?3X>DobQIzuV)0=NO}&~rA>HUJQGg$y@_v?b>sa?W2BQ1CFmX;$=V z3cVy{0RkXd&ndw;g=Sc!;e92Y3dx09C|yl5lk86C7^d;O%xNG1U3Ec_hWQZ(cR^>O zj1PvzeB(=>65^xpg@cNNI`uP&RiBXWzT2@KNSdjL`|8!3?E>xnpN*l&-;N;|fC0VT ztN?8&=i<=ua)XTy8X;h$^I5>&XKvLeyCR#l*2IO#sDuETC#*7rK1kAGF0sw0Hgu5d z*GX~kYP(;Y1@}vK6yU)e>b;F+zEdEeyw2JWk@f2N)oZ)>GimC8n@E}9N*n71=86RR zfa6!ZAi%={*89ES~~%U z;-iQE#dSLU?R7$a+!0FXb^g4U)X;iiu=-WD&>CSd=}?3I_JH0|n6$uT2PQ#MKU$8^ zv(Oog00K;jBmF3dg@6E^K}bl5=s#$}MnR9BDwa)$k#~_AU(q^KwWYW_EV4-|T|eIk)3?%(e>t7u1qD3GR&0 zUM0<)oS^GNs9`JL#ogSXZv_7+N<(eq;p+TjnF+P38>~tV6#5_5iT^o`4AXM|x!!+T zq5qUMf?fB2?%JX2mj8pj!|dLF?%H8q$Qt0cP5|M=>#U{vR*jnp7LR7$WKj&!Hv$4M zAyLFQRX5oAE~R#S$Eov9C}_#~7RwE`JLRpN5k41z0EV3RbJN2y$g^@-T@cPnJzgh1 zm-k^ZXS`opRrqcGK1KLr#zx5y4yqk!>>W11X17Pd?pO z0|FB5ayQI{I!m73Z3-m;f8v}lY*){Lvli*4wbBU!3~i{tacXHUznH-{O^<9q z@z*UlM7z7@H%(%y-_7I9wJ={6j(9sGr(E(A@BP})VJm2S0`q3o#5J^F(Ww!XixCnH z7MSINp8By}T?N6MIsom@Cg9Dlc60I`^PRU@;)(0}I|oeqD?dO`Oz^Ky5@#01?_-Rf z%so_}XYkq-0RBSP@8;O|)RO7@r8{MFa*cmn#8*RR;Y`A0kft2XQfjUZqjS7$E-S7rE74|3(e|F`Ts6B4R}M5x zKVd0-Rb=%kS{Ln?N6SiMnLP#q5@H2w)Lzc$@sAiGDO69~(~8f@U~fq^;dNQo4AAeZ z0|A0R(7SUf=yoO3CD3F_$!{Hljg+5aka9Y!}(}LzX>WJlRD1#B`3>`s!?Y zjyrX(l)Se&x*#HQ0|e-qg4B7*=p~insO$?zP%k~2qN3peKGdTmI2|Y-!XGuc^L$Kv ztkO$HTT(JVu>PGHlm*f{${(UJj79-%{jtH)Td?iFO3&CrCm^hH=HI1fet!E$kp3s9 zyblLENOD!kPp_Sfv4t~S*FIG)1qeuGqNFK9_);jbuCqF9sO}(Hzr#esUc0OLttqs|6EAdKGCzceix;}ql#3r)4i;MV`bYEM z&%nQ0raIBKD^5ZlQW%ZVRXA7iRg*pMQOBha<3q4U0q_)n!#f-%eqJ#`ByVl?vccz( zUJpCv?qnLjqwIWJ>cD5fd*4!B`&IG!{$xWo>K?BrNRh$KCHjXI(NZQFVspMkg~$;P z4^Ia3PjGPN!(}#YR&G1YFUGpaD!kZGk|gqaa2J&`evPYZ>$8ll@Gf?`P?zxQxbq-z zytEdu-=ba*8 z<>ss=0y5`XCsHAI1&qQNlE?2!&z#lkXK{zI=QlZTAS&K$m|0;ezMVmVfV!z+?}s`I zmXfOT_8rrz-gKd*y)wQ^Lj`@w7JMks0t%Tr`Hc1$BhK|JJVW%hoPF)W&dperK2`Txy*mQZjMDW46X^@eW_~0s`{$IsHg&`B?pU56e;O-4hO7~=K|Nkh-S2~M6I%J6HLqbQBIm2O(=DRmRv^HE6OH;aZ`QrbUe=U&nQ7^U zj_RSx+XQ@S-c@YwSPyjatI0fSH)r$I6>lfAJB-P~4E{fuHKe{aXwxoyRCG~c(lhg? zY}qy-VUDi|xj?`b^YhJQbNM&qkX3#u!~6FS9z9s9eaJHMBy&lAdS;&s1o(Q1h3r0* z>8pzwv-qVPxZ6r_;+sj)n)%$M9XMWZg`#hI(#O2V{IdR7sjSZA3P4rb%z2D5W=vP0Od zo%l_;*!}oh9`64Rb*mC9o2$*v; z=GVY{TBI(8!-rb<@r9(I)$R%l&IfJ3h3#*)W*#6wu{OB_!!wz2OI2rP+v)C4y8;Uu zrP=Y+8QS8Zwo6i)ywriKmD}%M#*9KZ@L7-9V1dd%?yB+~uD);O5m<<=*?r-MMjlapsa0Lms2DFW#uFJ{028;c*^B!^TX3OHU5a2Qkl z1v#v)2?Th?V*T{Hof(*z$mVEAxAA28F+v6I`Dywd6~_On?n(opY}@v2UuNu*-FV2B zeGAzVWyu~Q48{zDVVJRINm8jHOO_JKzJyAa$QlZXvM&jVLWL|P^4_DKKB?#VmS27T z%-lCW4##;N=XEaElEgrnapmDBsQ97s;sOsi!=ODKJ>Y0htS=s% zFt%YLygYGU9>`q)XQSUNl#9kSE>+A&o4zk7t6AFuGd_tdi9JJAUxJxUBo;=-+j`cM z{kCdeAABzPhBo}P`+FHE;G=3(UV-tx*L*Zhc!Q32O@Z3-GixM8w49jb0omwVhG|sO z1lE=L{@0f;9z1D#x`)`M`Z4r>0QB<3|F;PLFkjJc&#nm6v51&H6NpItn4mp#-<=Ku zJh!jYZ0fLc`gxorDqnFdmITf_%Yo_&^V&8c~|N zOsTj>|M68#l5&>dZt^A;S8-OKL+w$9AC>r?u#!-}&i;c5NjEwtqrx!U z47S3^wv)z_Zd|_r^7TYI!?BJ&ju@QUE|!?kMayQhmJHU2E+vDs(z4A@7i1wo@%x4F zqWYeLQRHvmfA!+O+DAt?GHIG$$)+Mh`DW1ojM-H1oih}N*hoj06zB-Uk%>n4pGeIZ zD|Z*trWtBIQ7VdHv>Yi$tUgx!=A3O37pwOOZypQv4P#hV3Tb*ZuE&Q^=Zccl) z5_I!MgTU*P^xaLvxn@|eJWRSEdeSK_n2zK@ZfuNxLm7?d{a}TMP{57L=|x<#ut84; z^^#}dnb7EodU+aZeFuD^;GHx5UphFcUU?^BGW9Q!n=j}yBoQc= zUuH@Q-UBT%0bglDf#Q-;^Fumw1zo@D_$(cea^snJLIKZ#%{p! z-3_BeRW#)uWqX8b$UA=@!?^;McoLdGRwxio_ini?Jun$>t-9{AF3RC3uj*u>!!@*c zx}NkTivI?sxm(7)ENMhOc8w<>2C~fX13Xg^9!-1c0mEIp`0oYt4^V` zF(bxyTMyG?4K4~fvdv`f!IJT&2nmtGgTqBqQfYKgR$E6iRc`hE1nE0X;IPNT!B~73 zO93j+?|o$)RX;D3)9vms!faq!Fa*XpuZ0|x%Vwz}u348~TeTOniriurF`ZoXj@LbF zqDB1?EZk06e*yM?ie+c&h9nvvpT-oL2O2Rw6A&DB|kn61d}0`-T@H0BHs2GFkqL~cC|avdontwGt1 z3P1p}$UT%E_829a8G2rXkkt^gWuB{*@W7m45$8&7Zge^nh{sLDtm2KSx=*C8KEmw3 zU7E?#Wp@5A&a&RB%jPRb99!Dd-+i>F=eOd0EW&DgMlW@z#c)VRAA~Cy(|CGGpgg>= z*g)_*3Mb*~i*_bPI!L@4kwWk*cvTW!!U^q#`$6a5FTrE;etG8v9)pNM;vGHI99+ED_bAT6yRi&U0#Ldos2(I2QRo@(XSEp4Pa zS?^UIYQ{~>9I_-Ug8&hBgFI{zv;;Y&?uYs3hbuJ}K!9iC&1O08!l-Nxk=WZ=mC%O= zCUe82C^u|_CMy;k(D$G~8f`v077CZF;4_U=UJ16}8sLeDy1sOS>{^TefpqQ&T+DIK zi;Kp?*zg0k`9n)ur~jAAB2xIbh;}MV=I@s~l=b7?ZJ55;0r+V}>4{Vx^`?wC4K2J_V9-O*rkr4)oW^Vq)(6% z$LX^QG8lK7>98rQAQ8s9s(0)B*~0hRcSyyQ@J5=!WAwm_NNFeX+P? z+IN6|l@>Pm-~xa1C0Od{6YZ^O9S$||$95Yk+&kGJreMUR3+{?`M#8<^f5~<>9LgF_ zu77@8>~uEIaO0IGjkqZp1Smps*b3{eHTtmZCEv=xB;t@44rVX(AWv5&h1#$zV8Q8H zcJf2G@s-tGx>^1qQ^Ae$?Iv1vm;CI$ISw*;Xbi))tK~JFdyUr(^ThmDYT16hZoAtmoJ@Lt- z(QwV3Sbx<1VCI3~k@*;6-@z9PPDEfFNIV!>0z4ZT;}1r4uv4@&DF5x>(uV9}xyzuh zjXLY2_ujMp)xn?Zlsa#S_d$S=Cb!6zrK^`NbDY@f;g}2H)6|tMOfArOK8&px-skZg z3M3oMoS0&Je1U`UCB_>aVbzR5j&Plo9oRD_ZapU&`FXf+o-bxOVYO`X^P$r$W$vzX{M}b z$FjOF5^_704zTNgSZoxs23>9-)3V}hd-&IrRLMWJ9Q*c)CITrDIb)cQX5;5ftcI zdRHOki4+PS3F&D!8H#bSXq0nryN+F-(skNX+k~>G%^mc)eDhV%$q)0lLJ-G)n#{h> z^WX}7`0psn9U(bK`?6Spq)x9jr=GU(aoqW22(TR6)@av7&rxD0U^k&BoO3?q7>5kW z(XBf%@5#okT8==0t9|e*4MT6*mU6Ink85aWxD3R^DEuV~E0VT59PP;$3dz*cPF~&n z6<=JkF2%PRxvO%Ghq<5vz!F&?(ROO?NF;Wb=@@i;OayNjeBovfYhq7QWE#6PE(igd zEXWc^Yvv89jA?cJHbtvh$g90qdZM`L&Iw*lyV|l01xjOz2p5k{QGS*&FD6N)y` zj+Q^jE5Fn~8V>9LlY(HnAL5=4SI=)K#D`!q#z{eIkg|R(I``C%C7=H{gdp zWkscku3E|uLwq0ful=q+DBJ~zi+cX6N!%E(Mc!tez&o$(o;GfhED&IHF9dA9iYdIu z+smFXO!DrgxooDP<-B#M7`ovE*=NwSa@R5&3JBInc_Tr9ptH1|_MKuO;=p$^!ZD{^4t|iR?(h?7nz{OeFMXftx237}TCVD4VBJ zJZ2p5BCjK4P0g3dSjE~|ll|zNx1-h#6xD3vhxf1*=7={o8~MX3o5cP@!?b!e_yJ&R zV~HRC`15mgu^o4S3Gy=RgXkW ze?IK*Ji8jHVhomH<_nVo+8Vz)%`{W!*Bev&nhd44&ob`2n)2)-|4X%|*=tdR^A69T zj}$4;?Lyb-Z}ozBw&$>K2@J8<4^oHxe?RB8{|8A5cXOx0C2`Lh`flyYguW(k~?SQ~@C*(5HR_*QiPg~{#Lju^1I^>3|f zNi@b~mxgj|Dh-Y1xzm=kS8>)8^;=HjX*J+xQtIB+V6&RRvct@Ji<1FpvdwY$L)Of& zC;cN&X_o;w6j+X$7rR+vHvE_Ib!A#N3b;F#e9V+?lJ$gcVJ6d^iX>{UFRvd6%wbjs z$M2mPR*C&pLweio1Aw?D7u;F$eQBPyiueOVVO*Y#5%z#zGr`>Duc zg_yF661Vdzl^+B$5oRr;#)UTThr8_WaX|ro1IP!KKwk$Yd0l_J#;BP2nd;UVGN*pQ zCm&ajYX)-}6t4|_7PadcuKj?#>*qgCT#Tm^fX08@QD%Bj{SiUArb)834lu&vi9bs9s^=&fR-nrMJd9OZFy!-U300d8z Z_HSUBf$=I>32=t_qw%gV^KW^;e*il-1lj-q literal 0 HcmV?d00001 diff --git a/vendor/github.com/google/go-tpm-tools/internal/test/eventlogs/ubuntu-1804-amd-sev.bin b/vendor/github.com/google/go-tpm-tools/internal/test/eventlogs/ubuntu-1804-amd-sev.bin new file mode 100644 index 0000000000000000000000000000000000000000..ebdb904f6bf93b483fea764f724193a938bbf244 GIT binary patch literal 26013 zcmeIbbwE_z+BdxEn4wbv83gGVQbLe!73uB)h8nu0JCzg#5d=g)2|-Xw1QkR=LfWE{ zMp97t_L#S$=REiM-t)ZY{PAub_pH6Iz1DAC>#B9FHCq4x037i1r-KW;sN;sPfvG9N zlzb4bUU1>BWY_>U`Wak+8h`*W01CjrUMB=kUvHdtOBk>C0NCl($cmBDs%Vl!smLKf z@2B;nLdE-Ag%dXuhtKqj1`*6@Ntrl)HujGzxk&dg1PZud-3{j_luvq*Dzbem{%NP$ zW_HUHiPIgfEVBmSOLyp zS@}!Z1@HyS9smNo;sXeN1qx97K*~ezyxeDVB+M!^xuK<^G_=dLTLuC+cCb;Y7DEm6 ziln;f5p~;x9%QbmX3vlf%ITbpG~`dA0EPV&uQ>II>xH4IB3&<1@`aPWTqg?h#_ z*dtKjMd4%{{+5UJg*6v_WEb~c$_T^$3rdYPE7xzjwh+CjxPL?ze^;gGmWFxx(0yT{ zB~h?dtGCk$&(r!TN=blsS8#X|iN8Vmj!*~WpAE=aG#}*w6!^yr0DgsQ+>}mvdqYO# zR<`ufv;nO-`H`g&2ml#xn98&>j6yu^x{_aBJFTAL*Rh^v(l56W;h`8w-v9+}+320R zjPDB_xH(I(`>tgbtNVkV@s7@(B(vjz!r}#P;?1I6vXSZ6|)udFVfguhaj=c>J z$9j{8gN=oaO#}?8Q_tH+m@U9b@QJviRik%Eu&^L_0GwQq6b{A5(Zj`o;<+Mx-JIaZ z=tu;`;o?GqLV}`#f}+M>iV{NbZ^b`65sr2IuhnAV0XX4UWB}MaF?Ki>7SL5UNEo>5 z;$*WxhuvYl2}$cXNS?|G}TWNATT-nq?!bTF-!)lk;`hf?}e#KS5JIq-^?W+gZ_ zarvJlCNAHIc`S{?UNw;Ky!0${xMz%hp(^84H7)@`4|e>EG0F4fv8PW|YRGiG{x~*% zelUeLi|GbIQ|#nA<-PT4Aoc!~{cKsH<13ESOs`&^b#9?;T79F>Jw|0@N#s9J5@?Y0 z`Fyg~$()d&>HDr3Yuecg*I%igV(M;`$fYcpS0Pb;AoeP?I-|HpeM*_tPy-tW3&1MS zfuDynft+R{#ihlizM>V0BflXqo*B-;ndv2{Y;M{46wZvk&5BD8rw#ox0U4Tr3JdEH z7Y~jDp8m>qa5O=-V*&9uj%ibzrYoIms${#JP$pEV_W6QHr&OqqrS!#D&z+F1Ch7AJ zsIDdQ4maKj3O9OOL-B+^-PD$o5V~AaVkj~Z`NV#P@l@DE0~^2pJF32CcLGO4 z#8oI1!j3ozYZ**=UM~uXdHr}&{gdYf4FaN=_6Q;|;{{}lY$TL7JybxtT)NZk365xM zos2tSRY6hPKtqkk%^9SP2g(y==LJ(hdAOlGth|um6H;&q^nDyEp+DY-={g`i zY++hf9$x;iGgcl>2roBhD;oq%8-?=vVn_txVnQN9a1lWv3DA%TiG3}KqKojb(Ek<8 z+;GmXm|6aeSwl$!rXU9sf(r_Q7V4i{t|#*~@y%rh?3L_~7v}a20u-^$2uQ}%XS}#) zE6J8z7MDWmri^Wb0x9UukxoHwiPNNAY}#``F(fKrjDbvBt)TZ^2Fx@ypJ!RP~WDQWQ|L5yI;t3 zW~qGU+8%A|a7*XQ`6mK1S6A2)aF&ujBrH5u-&dfZgap^9q&mNv#f@9s62@I5$KrOM z`4~ZU>hJ`SfP;_nVg0#>ugcuH4NLb)`~9V-vk_8VT->>zJdE-e%TrgkMX5sDu$QJS zx^jHFS8Y;TD*R<5{bNF=w2S9+E)XCu(R{UB;aKNDPHDi&@riiwv2d}%PtsuFf_??~ zi#@acq|luwQ`l)w*>5tccjrP^ZM+5i$d3o8v2mfthyfkY;aY>ijT{^Tju8_XF1ng% z_-|(IuZB>`PFrCj*pQ-m=VqjTQ9OlRYU0hqFFzD>(SPOdOv~!o`dXh5&g)e@aN@nC)}<%y+24M z8@|juGndX>#SKl;IOOCazpyhLc(c!^4)2-&GFfu!wbp~Ts9K>_!&q&x9Kf)tAy>7 zmYl5rJHB(ojvPL&+RK-b7b?hhV(@yETFZ2(!tj5%l3?d^A%R|^NoYSEL zFPxA2m)%`!#K~8-EO|oE$`Zc*`NO=wkY)48otww0HJ-POXeG~ zUwMoqyX>1#3u*6*6w$&ML6)}OFg(4 zV*g+5wN8Qou#gBk{Qcs!z@jj^2oDSUU-4QzaIUXj>-e9&mY$Nb+TV6tHwm3J+m(nM zHK2u$VnXn}p$b^Kw(n>|2$oZWAXT2tP~tXqC9Axrw0xHbws`XP&!}a~g(jb>)BQZ# z*q8I9kUl;{F5c8A!a=AZQKe(Wy^-ZyR(#;0;_0MILRIXl<=!WH4X)=|EtAZ+oEViQqmzBsQ=r~@rXq`yiBR`aQ+s0_ zkF**Ov(P6;7Ua3?XTkC!pTzL#5-!1HA5~|a@aE|5z$w@^>zfnP4XD$q8KCSVXm0R& z`|8-G(7|Q;O#y0JCxJJ1iIuD~?U5tP3oXLoW%?TQeCrMw1l=#zJl4t^UPnh=;bqYj z=2;_CUvr45N!1hbzTp_|c&gw8Md5PUFm8G0h^$dwWM77+b;|LhUQCJ7Dx``<)0NpG zqIdUdb&7ezmJ0FQpXEHLpJ!0Cn^w^!y{I2jolASAD!SJ}CYiNH!2FU{R8m_~xP{z} zO@5MhSNom4r)!ZlEYW)eecO{~`o_w5eRYnV5IWiJtnHBzUAZo5<#=SPN-9iCzetGh zAV2P-d^88W-i`3*#@V~@E4tK0Dwj_PJY%1hOFwFgeR}5dRFugnnbQp_v>tksCyw78 zy)cJ^&t0%{ELr(6Kr(bBZi-Zt!y3n(rf9X7BQMYBq~)%7`h$0VZoBoG(J|@U@5-^2 zRuHYV1;I#KZ-Uh9t)fPw2t!Q&LGaCgEdF`cGYtBV=I{Q4z(@a!{~-L$f5iT;*kU0# z{HrbI`e}>NGa8rz7~LW5kTzCc2$-C=mjlWJ2~K>_!Q+eo@UPBx5r}>Gd=AQ0cMm7R0 zO-Nzk)iT^p-Ov^Mh=!-I$kCntgbne^+l6I(f!6+bhg0gOaYbQnQ%~lc-d%en=KVfi z@O6^g%&U_%Udop_O=2urd7EFU+_c|0&vD&jk)Wuf?wFL0XyDAi5=UJO<3U{qD-o(# zIio*L!WedvdM5y7X1^r{?`f5Irtg4MxI)p zO0?3yG~ofo7ZhGlX1`8#;9`72!e6F3#^0wl;8f=jzI zDbW4=P5)Ncs#OV@##7p4t~{s7sXPyg9eP!ZM9#!t#$#U*R8F??A37B0S902XG{gB| zjOkMRIMMLYc1>b2JIBN&hGE>~VtTs5?7B%=Au*pPEyiul)3}coXb0{*c38E(^IF$g z3vO7n7+HqNrNC%UgH~-8PZ8sdf_VLBxMKuF%ex6vJ)6N7%h$Fc@r3)QJD5B| zbRH}|w0SorEr_TLoB433o3=1ly7+E(t9);Aq=hciVcbGJlS(qG((|lbu57Nw%nj}; ziWJXy7S6SvH=Ys}GPg}Fm)_!#7Y`7<-`u_&RU2|X)=uR}Qhp_+bQre-o^L~nruBu| z7J~NrfEW=RQVr{XtM8wG>QO)0!B=Py$aoH(SY-q4e3>?mx>h3Zk)X(Y?ZH(`C- z-be842ht48xfmp#t?*5BPb+zv^!E1z+@?Jeu58$Ao)cDWU*RnJp>gIk+oWhdu{ZuU zz5dmge!P8n42!+7SUIKS>v(VLgL!T4<7cz7Jo)J7JZVUWFUFHXiPKd$`hljA!JH2;DUd>VqS~)>uw$GPXRe zOHLz=RZ5F~e;0Q3;g!y(8HHxnLwPoYuqJPE-yrD?rMleA+)jf~lyC{|3*SO(Mx)?g zCpp(~Ya{NK&B?pHvW$4`?$~8hAPlalWFy4 z5!g8<$DqJ9fJ+8N5PYHb_BvxhNXS0lsmGBGoDkhJjcO5tq3{v`a+WeXwwrWTIN8m0 zVURi-Ix&({b?=uDF( z=jPlcKaJ3Pqe#JK670_@MaPcxontE0o^`2`O)R!NBgdSI$R)<4-x7!@*t@nrluG8o z$u>TXqa@OA5=Fq~B$W|#$CaTc0F(ad=*W%e$!B~-6{Xy$5Pr`X5*gba-m`?O_Wq8M zWMoa4^kTx1eP@{YA$~O0wvkVa$_xtVR~0U^TdMXNKE09M?1M>vbSd(IhBM+OC9LG3 zd)Q@dI17pO(7-9xtJj>kjCqLhG3jTYJG_@uw$55Rjcna@by~Il2(J!AH9qsZpY$;i zM`Q+*{&7i`GD)Frp21^7mx!LN&2qx~g+=vv8&e)C3>%8 z(i6S4ID4LwaLKREg|av7#OGR^=%lG!lt-$cwox|X8apOEq(LEd>`uUgYug!^f_{Bvft=CHukSxW>J0oJVH#!J4xo{ zrz8kKP-h}It9^;P+vF1_Jvr*m!i%NPXW>#_o1uB3S0;NydD2i9+r4^NHfWrbLd!>nJ7aJhb~j7+YO`i5^nvp|KpJ&uUI z`QxkRNYU`?(9(WPdU3ga7O^Cnh+$J=>{%8|i8Ib;iR~?Gw+ZTStQ(_DurcXR_hje3 zm08Qt)vo+#J{{J2f6c{9($n8v@1h%(V~>m{CcQ%D*z<_%AvOeoHPF_?edN-45bp3EyU_ArcFzXx0#Ib%SZ7FytR+p zqqY~DdMroAV~R=d#6%V9H!T-ml(cxE+8p09^@Ymy#l-1u%DG;Tu6qK%*<0sWU6rIk zqsg@M57-|$KWJX%NiP!>7me}gOWWn|drpB_KZ=_3(7j`vbg+V%|3Y);ZQH%;X z2;bP1&c57(v+ef27{AXg9>;x_?@10XYs+u+@0#fCUzp|S-=>LwEA_fDyjiGtq?9Sq zT)^c+I_J;`CcPg=#Z@uhy*2lsvgy0c?-b(u+*^!ax2oPZ*?nH9QS}s)KCHM7(GWQh zXW_%OX-xX?ajBkr+k^@|Ihl|9V!E@9`S zJY)JN4J_<2>EnzuqqgauGX=jq*K$Jz;=ZwdT-$B&QL(C>m}thTRIPxr$$P3nDhyoBKNKXT{|?``Q6Ech)%2}De1gZq7St! z-d-5A*Iu`qLXvw{PMu54_YqsvHN91q|KqKjF|LSuMF5cNqI=y z6Ev2`q`$6?q!YAq;Me;+f3Rh_7`w!L@TvkAV77bo ze21Xwz6d6LQ4I~VnBG8s1&IoWk-yV)A&gWv6 zgux%r_SF+Fna%F3qSlId(jLAwQ%b_5FLPj@NOxf$SlDndjU5e&dLwnFQ<`+LJggnh zvhS1u43oZmv0U&x2c_q7Mk&8Ng~YO8Nt8WYQuz3l-IGKmgT^;7=_@92i1&kd$EZH; z2}@#6owGk*u|!cxKHja!{8m#IyBd?e=G?JaF&pMG2fQRHqLVmBTk4>lboks7jL#h^ z#-~a2FzFwx`He>8t3MHDu}O;+rS4AS6|SJ4d+iph87{iXVIYP{Ul%|ahj$IfVtr7< zrACUP&d1JS^rIeIAa(-h$>BWBQB3;Am?DSyBX+9SY6w?C&quUeckE_+LFa!h&$@pq za*Xsh{y!mVx})MD_l2}|X7R$Yt-tx-HoBJLyDQvbjGQ&a z44M(c9SJ5-4o)U3Y=Xtv)Yi)(n0PwKgze}a%zcc=)TQdkT!(lrvWJY^fYwblHMiN{ z9#6oe?{tbvkR8ao;$uitliG4#UCr`b#Sr0g=CYX@3b=wjsIrf4s43g`SErPeEQJ!@e{>{qTX zSeSSYUQ`M7@n6+&Q8nXrxA%y@scjTlW?FR2oAx*}K^FCI^7EXI$x1ybn36FqJ+b#d zZ{TX!$G)Q_t~g4>a@riNZ6=uY>(ynG%t$vLs2Z2FpL}t;mUdM-Wv}LHY2fW6%eQQ5 z>M`kkUmqbWAc;LRm%=(qJbTQV$PY>d(J}9gnO%#Ghd2pf(my+OSK@ft)h$aeW$)J~ zyV75k88delsR*oyP`Hmu%tvCiBl?_}&qLjXs;AZh+K3xDDzm1WB}bP&LoT>kcv zWHH+{?>2p^Ovj6`w}s)C9c%E0kmiwPa~@kz;6r5UOXmEUV^LC#cdVDPK9M|jiqC~} z?>CG4blqxqOl?=BA-b<1x#Z54O)xWdg-;x86>}>b5gHD7e9IXB*sXUC+`DHB?%wl2 z;{@^kikO`fDL22Qe$IS@-WA?DT_xc zvzT~!lJxQCP=M;z&Kf>!L|5&TZz9Z4WVJQ-oaot}XPZ{ZPokrarwz-!GOCg;wfDGF z*LoXTaIU=wY#S3XdeMD}@6>UyxdV*$UwexPIB+363xpH$aA_=lu4N z*4GThM8{Gz+y1Od!g;{h_|4#DY;0Uy5x^AON~8>^foJrFitn|U0-k^axJT3l%w&iG zA^<cCz6Fm%J?SFrVe#2=Y&UH!iQ@+*Jf01-Hpynr5vTn=yp|A5>fpawdc z9t1A#ikvH5keRMP(B8nsrv_L`d6lVsaFilk<7+qVSOtIYr)Z1+1-l+*_-FIn^F&(R zO(h*^F%W=fuFzN!6)uvN z7(x*zb&BWtc5v)t`GUdd?VY{Jwi|2#*GG`Cgv2fy)0r>#Ym@&;KP~^*Pr)xE!VdQH z>sZ1-S?~eJ4gpwzJ5$j+d~E?fu=lp$)7V&0pjQs(%O+MVEKn10ap=guJpZlgFC%>R z4q+HYuF;t&(#fORyhc@MT?VblHy!RK8&?u6T9SLnp;M2`esXAL=Yu{3khb@@w|n-b zcg8R`ucpOknym(pcCC;}6nFV#TaLbPJrwZG8>=pYkr~e*fqC4z4-=2U|z`vHxt}K?L7yf^k{q z6$zBa40Fqy1LNwM78MsP}XS)z^0+6(kcP` zc?2tY*6p{S43C%NJm4I6EPKVI!OsCjC0!|)`7FLXABUQ?Rk#&n`tcok#R(Yu%&6ZKbb#&*7uil|t8} zXuUxnq2E4SV?M**v-uU$ZDbLV9x508rI8~lLDQu+6mVX$1+`Q^EUL>60{Vd8SIX~o zqwD#19;#LjENZqWSFf`Oge}-%3G2+w!GX()H~U2hYuv-}fN!C}A;-V7)t_~7dUCfg z@AgyFYXEs2G96Nw(Zl!X;?Vay$9_Kh@A&pjuD?ka%Urs+A?dT6ZLhZz>^j3iRJ;;m z5P-k1(~9g) zgZ}SFV83!FOEWOe*i80uvK7mrQQHA~fTqwp2oPbBPMTTYy3^twmd)Iyu{g)gc=pyX zn^x?qP`?hLNi`Ixyphc&VXU0IQsPgmD&3k=kZ8&J7FNpT5`{09-t#aybGv3V(K;pH)?*Zj6Z27Hl6adJN0_a$q1pIvU4$o4{8c-&XL#+i^$RU}?r&}zi{UCrY zthIf&9N2xN9T4B;f}J%OFCyZ!+j=T;Mut?g;>aQtP+mI-cuZssSE#1p`~;bg+f<+PirPigF2niX-4{?d|I2 zEnx5AZOw0EXa7ZUej?L%$|o0&T^}Y28m`1Gu04txo|uOK1<<2!^&w$qI5dhG??We^ z=-iWzp86zkbov^%toOYVaVStiQTPVeTbQ)8bCgNV+!#$Y_ATl%r3mX?(Nth?X%EQKi-_Fy*+Z$;MgNq>q5rTGhd?F$e z)_fvDVm5r%f}$dPC#?{IHa21+Vpc-7Fb^=;!2sVuHa^lQ!TC{IZdJ~wK+f#LVB{hM zu)m^o{|bdA&a0KQ_~4klzzabyd34lfl!Y4h!f(myGC+ZLE>4X#CuLLdX1lq znJL0~|2p)4fg|82E@mMn!Uy6N0C#b_Sh?ErJ9~Ozpj=BqmV9~bqOeG*;p1lIIXqgFC^XkW=2dxUx*TUIL5;T7e`4BSQQCR_0pKCfA4V;a zxSppil%75$*|T`*Lly*J@Ii@}sBs)*Uuc;pS`(A;y-3}LH4p49a2)0L9{8jH4t4L* z8ERa)qln6WN6VvFLsBVcy?n#X%)4VEiNzE&oksONbmbm!+tnH}iZzMvz2x~D0Bt<{ z-MmnL0BLuhy=_RNg=io>K7(@$dm%mT;wA)8-i>`KAXfjemd~;=318k(P`%8UY}Zl2 zx`gor<&C%3pg<@g+h@u%>!b^xo$AG&UVbdOU&Ap4I2pF&mi4^6fb*<8b@%$l^Ho;m z>Ly*&&m(X6{su@dgog{#)ynw`OtiE7sq>VP4`&=I_=QLvab8VfDbn-I4IYC4F=y~) zW(R#;BE3GnpHZ%PTYL9NU7LQc%E_{<;hYBaPeOm{yba3L4rykV)UT$~ zU|CWvn8l;@rp^u1QVU`%Z*uZZ2=JLAv*5{Z!hV z6~&jRNfL_j7SAv!px@9Ptx`18Jon5UB}U$JxOwNsy~j+e>Z6+>0nRH94H3-KUf6c< zhr_)(6Wk@<$M}C?q6v)8^B=Ph;pzi3!_e%i;D>rqmjpAjZH?s>Ys_8u#?O?4p@Y20 zv-7V%oUc6W5M5!abGoql^26KcEPcw!@He=vryqeE)@@J9__p0IJ;c+RuS3XS7bl$` zwk3_YDRq=w?qFDLY5Vos{LA?FVw*mTdZ|%nH<|t!|3F|Eru)>{Y>F#OEtVDA*t}$y zYpMipQzIb&sU+RICl}?1bI;KD%u^^n_5#%}$edADwiakM{VM(crK9H#ZDtM3Y9e4PVU)uaQUxBiSMEcAo-npX z2C_zIO}C10VqW{;mZFP)nyaEDjOp^-)LTv9=pE-j;Wi`S(QtKRHM7&3>E#yP!Zd9UiosjJ>2!fc;fbn3_gode5TSjpXtdZR5E4he*uCPBU^->mAA8( zG#mrbR;B&SHQLkmce5i<58uxh#@x8}8UiReh%w(cWDqRmvo)>}feX~_$d{F#y#IMZ zo5c({X|xXo$nWmhZ;)SODZ*sV_*EPx-yZ_b(p{yDY`46Gs;lbD8)30^y7S z9ah(Sb=qGLnZW$~VbbV-FgetuO*8`~LXdshYVG4rnCA#q2xWx;MC(Ck_BArst(9$f zS?=CpIniNC9eZ_U20yofK}1ZC3JOG9Wt={r7?)Tl8yLY{gs=O#;tFoR+11X+%zfH= zHA3~hijR};7fEqht@OQrc*hQh^%p!Y2v=|LtpFbW7D!tQ)RzpEG#?+*7K2&Vsz%x6 zBz|2@H=>pWda%Nm}To|Im%%MOA zUylT7$z;UJ1?kmV+fPX$>D(Dtni5=KC6Q8`ey;7UAx;(fiBMXsQ~R;w_iG$Z`~nW) z2mUV83-$+$81VjU#5}0gV+^~Jlyov9&Z^;R{?rlIR&{XAf^Gfz>^;uUz1b}q_-{{G zq~VjTndv{K^kt)sy1XN80R>D4G*_-oY8Fjn6_a)<>*6r%znFPi#dzeyXtF&jQfEF3 zxwLshr?v9L;f2CVNq%mYU-g{5H0Cfyl`WCGFpA`%V>xv3 z+Iq6H5a3|A1D=*lNvF=r!JK=;x8O=jH$#PU_wmNA_m16o)O}E(Fi7|KDm5M@@p0vw zCQoL!NoF@oamio7%*;dUb9w^qh2BZaWAF2(#IBl6D9A%W5FzTAe>jCjp>UE+h~-pmDFm}dYZ(}p+? z6euURdSY_w#ItJ)r-R;1+mc=MwT#{w61Z2_GH9iG;~{P{#T!Qn9Yy^MI*Bf8E(F(q zHRYh0l7B_9GObRin6iE_?R$Nn^qd zFSfI1-&`cI48bAuAF znJLK?=VB4^Td(37*Y)XsH4JFe>4kJbfa7N2>E-W?kaj@Y+9F&rG%rW+!7Qo#L7LU7 zQSw!n8jkRD$;Tl;_f}dFWohYRhKEAKv5Op|C`}L7r>x!LTsYxP>w8;gzzwZRJU8o# z$TcsHP<7#_-k-hZ^XQQAeeR=;IN2@Pdx!^4$1dqPL@gS3y4L0d ztO_nuC*48MB2@Yb+SnoB1TR^02IA{?z^R$Ck>kT83jaVIwBdQt zMYQ74Nled?&Sgp|(h|q(NN;_xt@m5wXAUJY&9)2YS~|?+)qEO#_skVHk$;BL0cr2x z41T<%zd#iD@}1A#!^$56t-Mf7AtXhkhB|Xx=p&(BX5apGN(iuauewzbC;Vdm9v-eb z@28p7jz06NhjndCo@y=dlX4YMAi(&MKdM;Z>|Sgwi$qiv)rjA$S}eZfRYM;vyBASU zH+|!Qf)|k)y!1uS2R5Q~I?<`DpF9OMl;uw<%EjB0+<%cytoS|kye>)h+Ek}l3Is5V zJ*(Y2kunm_;M-oTQ=G+z7pbD~?0s0wJ+Bd9y?qu6+9V_zQ%Lp$anH6xjpd;I zI*!3g4r%ViI{0{@4fG_;J1=#7_^Fyj#VsY7-jf(;`2Nw9$j_VV1J4HwG7+?o3%n1~vBpfrgzd-=kYaV8+Sio&UwkJLyBq z8}?q;pv#t~CaJ?35rP8gRBR$!YBNwk+f5;dFemd}o)l-bVR4`Ymz^ntbK2NW@qMPm z!JAy#_2EaMe2Rd$b>f(nJKsAdbV~fMLoN-2|HeOu%m9wjQ|6pvJ5SG8pLuy{<i&e4qGi1Fs_prb^%RKP?jBR-Y~hmRL#NH8U!50PrNKo#Z$ArrJ3k8-lr2Kq z34w6K;8V`Z+MeQBqv5=ZRu(6$W7+2pUVnrD$KT1FI979ZQOJ$Wz^GIvVc>p%ZBSio zZP?v~Pe{vBB`B~pBWC8BX`4Z-=_HoPug zqg9SoHo~if{lcejvC*&aFp#A+afO6#yfDS9$vXe^qUz**i%<>-phlE9vmTP)iwrGs zXK1jMKh|=b(6W?~x*#&6aImU+0SaJY)unze7;?Z*AGaQ1qdRw_L?vs9F^+oWS~-kf zo%Q*?MndL&v7+ULb#{MowdP|N!3Bz+Blsg+gXw+AXu|mTY@Dq;Jz-xHoIi^8uHJlK z;Q#f?kMAf?@GF>d1gX9d@p&R$+?)}7e=7xfftbhxVT1CpwX;Gx6BB)zv-u!x5h!9J za3s+K31j<}bHqeQS5NQ;%sv1KQX%bNV5H9WrBmPwKD_KeYmN@v{SdA&Gbxyt19<-S zfFJmP)c1mO0Ll$rv_t-=&<%W7hy|GD{c!=|=Oy%`1v`Y5m$wJP;(H?&Uo);2;2TW5 zzReT9Hb+bZ`<9Ib`QnP=vvWqdx%q?N?L7IuQfnA4vJHD`(=xfH+#|2#q;1lH+;YYuDLPU(u-p1`qvRGPEPF_h<+Qu2>ZHsiV z=R^0w&J(-^`yR?ldwKcmz|kB;dU@D>tMO}rAN|Cyl@bSG=z-h>HY#vxts(AooqJ*& zk(yCnNhk!!eh(=ta~BUCJn8R~L2?a}`@E!xM{XSI%c-5$aXa=R6!@rtlN@X9)Ls?H z=hXP1xI{=JUGhAx+AYP0=UTgCn{LJ^YW`0f*VH`gc^Veqh{-sWEz(7^~MOS}O)_<(6zpCrMMPI*H`BP!PU-_!B-y8WC zRQBJmv)`2VU#R%+X)Ri9iHHz34k#iHO)$lU-pcYPDT49y^K+n$#@FNDuHhIE&^nH^ za)xHE5pFDtUDzKJDX|g-XVRwZV*6tR6=TiUNB3o{Nq{f&J=eB~>e&yY;sMtPEU4csU;Rp2)Pla-wHi zlXly%f`@pdRPFMFQ?|3v-Kk4b_l|1*5`%+K1O5mV#%J~arx$eXj)=uE#{%*(+@rS} zhg7B3NWf*uW;60ayGJ{I^jC><$X-3$<5jY%Pfg*oXv|S>nK}x9Dd_^@3)B1AiwVcW z52>kp3xn@6h^ZW9=X}YjF%Ss_j zpWId75q4mU^lCeCvL`i{4lr##oJ2YTc0G=Zeqt`^Z53Zo5&fBa=KxQnkLyK=GywVPym}> z<>_?xMu*5|?59Vb^r{(JMQ3Wc^8)h}J6>PoCi{qg(v~4Grpb3oT*eLOdfpy-UHGRJ z@kB2kqL*2Jjv9s_U7ERWH?(vl5~dQuwv+OnYh7nT5d!$I-yV7BCEq&ZEv7D$(J3jV zbIP!yp%A;j>Gs=QGp=?h(0QMz?{q~F?Rtv$(Mj(Q+<+*K_;r3YV#^mh35%x&m5=io z9l;$u5~CV|)7>OD?f|D1|q!1-^>Ive#2C{$YBf2+H9A^-epjK8eqv1te}Or^6W zcCo636E8V6j59NP)U|m0SYnvkX+J-4DWBU?P=NYEQ#S!_UpfzqdtT;TWklpU{_}QJ zkip5BgULpI@i*h)3@PujS|aZ`-Fp>%uejn@J^L2CfP1MezRcG#m_$`}H0iBvV3_K< zXSQY7a6~L^O)dlwD8@ItK1C#cMs#-&PVeOF!amWUFSMJbJm{KsSC$i8C-@MMG_EHo zx)O?Qz~Nmk0byuYlxdh?h(0x(HR}XJbYs6y+^2)Yxl>+ojO`{kwoCVmEPYQI{2}+l z&uH)RI-7QF7}jlSH)0_4=7Mi61faQzm4M~@;+oo{I)93{_H!Rv(gv(#PCw~bypmtj zi|T>`f#x^vLW)vph)CIzC&+U6YPN4yF1iv9*mW(&cPjctdB`7U+_GUUOzW#IG2EjH z#1L*U7yv=JS^1;I=}$Q+ZMmAaH>3UI%rbUz_lPaz>oxQiAV7^-WJ6^h8J&4U+jH6w z`qz%v?qyTch&FdQpZ)k$irx+i?6fNyHIUHmmb0bM8^&A z2~m86G6`ZDd&t%4vk}%b^lMt)1cqi2n6~(G!d&2lCj>Mp^GHYZRx6(2+Jd`@+<1K# z0{Hvvhnuj|k4YY-TL0|H_Fl;MWYcA3%D#QzemV+cFnywa=rn~axU*XJom`v7S|Cf?xA3;JkXhY!%yq*{8e+MB? zR(teed8o`zTbsi>OuPsSa}52!9cVvtT^N`OC)&2~{O<)`mZRufU~!xM$l4(XzNE3+ zXMnMwkHm{#x$TgST)F4S>*NiqVvd70gJVXmD(O(*`J=TunYo2RbFuD%y^Y?RTc1*w z&ageMP#-l^MjBlbsl{ofsDjNn&G3vr&fht=|0||%Jo-NWz`#^-n&9@G>!$h-1c+{5 z5sJerZP;Fg01w0q`=g;@cwu<^casB{?{7m8MhryRQUFP|;7I>I49pG7-%KBk{d}{? zgqp3eFp+n&QtY*Fj{4-)3Z?r4Qji0J!V=`bqcM-xdYz9e3p+)B95-}o00Yl|ntU2cDHp6DY_$iS`x?V9Wdp*@z?YwJ% zp?Bz=qyKZR^6#W4Fc=)~?IHn9nB$w~8@!V6&?LiN1`fWZo|&xj-El3`+67M^-thY# zn^t(2J@$fLO(mp7htoK2mJ?BnUnTz66$8`RC($+JyMGc}+<+j2*y%4WdUe7*#6 zU(S-+vwfiCa;2JD1&WnE7#^&k@%oy1cgbAjFa~ZiVK$&;^Dnn=gyLvzV=3wFfTMc6f(KVSpWqZb3eC0 zPdAR%uiUzmVbs*Mbjy5RFY>vysUN#^^n%$D0)_oX)o@|$?2EbUMoM>!(VTWdc(@{* z(c6weP9r4$eVoSFh&1s^q&QyB1lYSWessUp>JEvo5cpplaJpM8wB~1V&!mM}5hrYi zsNr5d!fE*=#y&@@X5v1$9dP8N=upo+VuT}?az8Yj?u5|0Vx>z)S68|oRprF4BSs?y zwE~%LJu}DWSRZ?6ay=jYzf}ATN5AH(zxC;B;SY&x451kCE}d&z56y9?y2W9C$M~8k z^y4ECDp5MqX;Iz)(Li;VY!1=u%jM!T*GY$$FXf6Cwv~>pK!E|eUHj%RTKkk!I6ACH zwm+5Lz$FgPKpuJG_X5InDPYdSd@pi~sl2my(JxgB?=}tWhfw@uWau9d{rq8_qNLM> z@cR||=lCT~jSd#X-rrNd0s%&FrJXKBm5E-gt}SmCE1Sl0rn)*X#5vZk_P@wmBT@A-1lKZC%+w292_vk&j$v17l6Ah$DtLOg*Cv1fC literal 0 HcmV?d00001 diff --git a/vendor/github.com/google/go-tpm-tools/internal/test/eventlogs/ubuntu-2104-no-dbx.bin b/vendor/github.com/google/go-tpm-tools/internal/test/eventlogs/ubuntu-2104-no-dbx.bin new file mode 100644 index 0000000000000000000000000000000000000000..90d277f2f8bd6533a9836f3d25989135b8616bb0 GIT binary patch literal 33824 zcmeIb2|QH$|37~0%Zy!?Y$N+VWUa`q5VBL2!C>q$wvaVDWeFu~NcI+FE3_a>mSk%o zlx>nedN`f?5e_@G~1 zQ-6OaS+9_xaH6`USUX1A_~o>QPKs1-L!b_DQjura1lSpnlz?1tgR>@m_Cb zwof(V3G99-@HFSmWBe6Y3!iyMeN-FoP0C=yZXcyu%h~i?rv{>@rIqxu`0FZp*VRl* zo>v|enHB@Dig-O1^(3L2qJRV#PQl@eCjJTvM6>nK0p({2N){tWdB7R`hX#P%aE9o?Ed{$OhS1f3 zg0$2-l7#OG?a6&hus+-{htXWk z_QJ*f3X>BfIq;zcr~z3<^|@n-*Hy#H3-_Jon|IwgMht$Y`(t2tcubB;a{Q?Rl^TW! zco6m~JP7MmCJr_hHZ~E^t4cj#6KpaGC&4G;4LugRMuLR}!2{sr!lZC0K8_wP4iwJ` z>FHt*XQm|)mV`@+2#W}d2@8uEZ*5A6z`t((Nt<3t$ob*lLF^`lH7>0#g|k~;uHR;O9j!+ zo!M;8qK%q2)9oLB+{bV?vEgd0OIVzI2a1&}!Eew#dAJPZcgs&7^IuLb?L}$Tmpg)?8v8shfb1*ALS@h zlWBYTVQ}bVZye1PrYwTG@HY#TcNT5~@s*=CZ;PYtUT_^{dhtxdp@F7u?v+08AeE6h zk$2AxUxS#>Codu-()|6#DxEIPYo{utzc_Y;sl8SzgYw#h3W@Sv@fY#8FXeZrjw-Vm zs$t_`0a({`;3wfsprn~dacOX=Q?x>GbPCfvjxd|}dMiBG=FlM)J_}Y_bN=cT z!4KR{Ppn-GxkGI(ph6q~E<=v1TGV*&UGADY>7G|DC3L)?#E^GNbc6E*3RNPFCV;7-Ei|!BOnTE3MLXaoiVT#|z~ zMU6@6lg+_Yj;lwD7;+R8+uD1YAxCoBVrf!3ksZK%)n${tX1M;8f|S zx^ODeiqKC$&^oBWg2=~#YF}RE0b^@}M*Z?2C{PbvXQ0i)lTDcMX6}gEr=KkSYIQK~ zKJk=6{Ox9Wc?tP)9);Yf*KFK5q6z0jyuxMhf9%6wyDmTn9>YA;KvMs)7w;V1!24M* z#+!f#;dE~IVqyewSNPVMaP~AjJTOie0w==sV|*%XJsn{xI0a^dkc!v<;bx0+vOzmL z36sM~F*^yU2(*z_j?PY2!pv|+%pPK@eJ44wxTvs*6i6f@;@g{I zm`!+Kz`q4EFPwWDGwaVWt0}3$6y#tcaA9GPq5hb;9!``;-Y+)bEaQAI`RPMQ!zJ}Ik6Ay*PFVC_^;Y`OYMom6Y{iHxa2{~7;67TThEpEir z%0b*IaxC66;~#>lj%;!e3E6rmZ&qvGdr^Fb*RbFdX}7oZSSs>x8xL>BhO1HbR7w2Y zsu)$kW9;cMv$iyk_BqS=hEi|Y5brSmQSJPRG#>)gg?-!16@;Y;N=gk*j!(pgkA;gB zB(V<*7qlzDZ}`k&L!muWCa2YgvisD4UXf2*MWh*={@WL*v2mfy#DETHa4kURMh*@E z+lYw_7jv3W_z$%9TOw4l)>arfXGn4Xxkfsh9^v6b2ki3Ur!ik=!PSFLBR2qsxMp&W=JZ_9)C=As1I?D|bt@n-HiLppJv83+gSXw4kn3^42o&bC zknk1iL^|vzyhlFq#xp|uGP@Qgw5{`Jv&-GjUIYpRay*PDy(_CE>`wZSTdj^*En?f; zTgzwgs;lk@H?)F2H)y86W`_5C=y4~i82kJ{z8UhO*fgcP?W zD)LBJ$kb>@ox*srKuAKY9iOqU;z#X*z-9r)nqlqN0LA(h=?3$%k%Q&e!n=_4#QWbB z`Q|hPg=t9M6e4*<9p?NwMzB_@;@#T^!(;7SA#;iHb39QOmE{fxGT8KgP%uKalGJ_% z;x(7u4`08*zM&;2>pd)>No>dE;iNs2gz_mRTMNVMRB9~Np$=sE1jj9q5JwEEq8LQ` zZD*ciKXpii_B?es;9Y!kz7{82+5E;sf=1S$h0lu<-XiAr`-^f9P^&#@=vSNaJ8B?y z>#e5yoicNr13D#f-b~L^bl%|MIuJ#TPEsSoos%1-g_$h7Nbcv&E2p^?-^Fh zlR2CvGe+Y+MtY|_K#^8nV}#))uRozK0s0;;)l-wZ+lyv0lwUSqI$ie2KtsG+B;!S?`dnf?3-lFe2B%P#mt#+`J)CTFi<9n)r$1o2ou+Q%GJ!QYzGocb_-e0QhjX%LmydUJ2+kGhUV^t+Y<|7(`q@ESN%ugqd zr^*FfJW{3m`E6}i+QS^WNPoG=(?-FzA~n$}Ewg88Sv9Xj`fe&7jkzFli}P5Cd--gO zI85jCfK2I$ZdGxWGbIBRz^ z8>@H6YYd;-e6zp@2R7@#38|?k;Uml26GAcjdi0c zzOO)37vyp^x>r-!srNuiB*U}+S-0P@pFg#3VubRW@V1UM4`?yDt)Uo?vWN$l?;NEZ zmpp@Nfn%WLF(WFyrT2!Sc{Grq0+ZsP!GK^n{0n!O7ICVU_M0#)XkGkpTQ5YOn-Nxb ztK=m0qxz!cORS6+hsZWO(=WNjg+HmQ)2_nPB6)3)o{5+t8F%CukR_v)ZSJ_H+IXV$ z3MCVv?uELh+A2Qj<9sY48+NQH&D7>|@}e8!__R?MV6yeMuW-0?wYT70TQ%u=C$4+8 zN~^qwvWwt;4f^#9<_iJ6Gjz*B)HL=&udJiX*v6Ye`e!B^4h9wLtI-K8*j^%Ne>(3v zUsCfj^n40GtNKB{c{0^`+pzL@JrVaTyCAzG*ElG0W{Uf8OIrJ7jWR>JE~#6@9oUa% zik4O(Rm>YJOBEHn`LRMLpFeOq2k%UC+TH3221V;J6YEc?gT?%wI?Nm*5={=;u9rf~7Q_&C z^eeXx2Wsi(i3ohjj`$!S%0;J_74*b7bse6fOP!~Z#39toIVP95|1|c|@ubo7r;f-R ztx=(I)qBHn;O2nOI~;u8YirCGl^*~k&*>vZNyWGKlj$9@oa=x^B% z!XNBM_`ijVMd0vlF6Q~p#h8c&rT}_(C~K4@0*!>pxub2JT~T1*gK-|WgB@YGu#~W* zsIaKWmf6_e6vJ%714I5TPzB-q+fX^aLp4A-Svh;U!L+s=UNDY>Y5i)z^AcKzptwS9=I9H6@sv9tiA6)YY7BaBb9knD`R+v*P;A`QHw>heM6ju!9GWzhH z{qWU#argI;!Y^Z7#$QO3qm`4mPlcJY@!x-;l54Yek}KVHiXgA0iutgPnD2PcG*?v^ z*&m3|F{k0Lw`J0)o<6>mhKN3IOXQ|#;+L(<_tJZ9-%~LY2S&cr9ko~4qMV(| zIS0h49%w%2Dyb4VEEmr|($wxbQJ|}_b{c{khPuIjg5n8-eDVcR90c=1$U#}&GVaQ*Fo zM-zSmu9kT`QzcaCF9kfH`hv;}>g;x?0~Z$%Ik*+-81IBOV5p-3SBIRq;yX%C<@P1tw)0q?=!wWAJkD8R<%Q5%ukFQYRL-wu_!-=)=93Pe+@RTJ=U&MBL+HgYo10W4QH`G(ANR zZ09VBUg|n%!431Ke7_`K*N9!7_6>D2Xw+tP6E$AC7OCHiJ4iq@vmQ0tv3xGJWPTMA zN%-k#3zMtA&fTedmcygc!pO3~@x`Kcnw$*j{F|wb@|_n$%ygMHBPOevR4zJ~xoOB{ z$Yz+0XYt;mh;xf%<(}_&VFa9n(hN;eQth5611-#eQ=lCrv@l)AYAAaz1cw3mq@9-LRQTSFa_p$YN=qI18_f@wmJZ;Tbi9>T|(? z^Q=df85v%j8Lb8Z&IfPc zKK0D8U^F_nJIHZUWN-O$p^28}AuMURQa#-5Fs&&B$Z)R+I=pGOfUT+l6F+nHrEbiT zTE2x>vFDaMXRtn~eSiXVZBAJ8k0&n|u&rkY$jc-a2M#zAPn`_V(yU+0f!;=>^`t(( zVcK9z96DoH_8};S6Eq)tgPfh@+?Hhl|6qa~udMua^7 zB6DiarG$OpOPqA)|@*%7F{Qt;;jAc_ALpB9%|- zF^ob1+9GOq%E)Dh^!#-KOAdvHiu>S>oeodZH)5YkQBgam^oT#l&?>LRcW$-I!lac(s=(^ckyMrn@rXS{-+K zG6D|*1l}pl(#(6Qoz=^2!$j|2*R4_KcQyJ$X>fxmE%~Lx0#HEbm3wy{8$=>=?Iq(- zG=%U@gXDu;nS%YgzOSr~unaO2W3!JbHfac0ysbwFH_qziftdDU-ofgzh4?#WI9SYs z0|&Q|T5Kht+ySSpsv6kFSiArk=JVWNzofOT7qV-4PIDY6`QVuS&a6|5{@B>KxT3&m zFoCNK90y-9X{?>IoCe$gTd*?c24|3{MFJ|fD-7i;uD(J9EWEL&Xn*asaiZlJS5eq`1 znRT(s9z+(;@AP`)&@6n(daU+X|7Le=(HidAx9@EpUFg0M^%32e;sjp(_v9n<^;UP< zbXz`ffCy|#en1aIE(f@P|3K*wPy;P>cYUYUMKud1WyVU8G+DU#)BtM%zcRH4j#98w zWW};IoA8hK$uu)G@lcMB{6k6@aQPX&&*-4UG6cvkLwaHJZ{FK{X&b$w1oPdGlLRlc zM)vXEh~e;E91@2DS2LY6o$JJnjvCYxCLQXRI)COw5;{pk(N%@})MJPOw-e*AV=ggM zVfYF`4V92u`qe+UPluo0r|?#bFoXBG-Ig%0+KQ?E*?<*ROhr{|OS|1bDY$_;g51&+ z#jP!S@F>_nv7kVw9L`ob5ep0SVsUV=3AfIPk%C4MVIW0@(TVee4MG8)g-l^9NiM2} z0s(YcuY7y@!mKWw<@cghdg67*Z(#M>!ILGVT*H=b6#ErV*(?nxE)|*NiK?}(qX>fk zKq@*vm5RvL9k70@IO~A5QH%_@!Jfkp_8orkl?S~49Z3KH9u^aZs{nnJD_Y0W4aE)T zKgbW~fhnTg?6(x30wmC_it1N7YbP6063&~JyT_$djms(Ve0*(D9|B0*xZYXUc;3c8niv?dt3ZlgGI7 znl6|f7+L&x>HfcWbxh;^_pZKeVE zR`bms{Tr<3Ncygl@jC5?00PXYoZ|athAjr4D@tC3PU4&;)1m>6xKkD9i*cN1vw#Aw zU5JC_Bo)%5F*oG9N@7Oe220%%Ts-8kuM?KU)pdchMLn&%fY*!_TNurMW1&P~4CG-9 z7ih_8>tfuj)1VBxLe6!W?ck$H~Rw&RP$b6NMBF^@vKF4WC zlszBjP9z1Q4RP$IH}Lv1-dh)0(y? zN5rCMB;%SMA9=gr*UX7SqY4G^4jN1%>CCVo(FH7x$fvy%P~WCN4$W%|8rY5CO~`$tBl?M_TJe1Ctz5Fd7@Tdm2LT*- znm!##4)v;z{u;qT~6?d#eKSEC+1L7v89S- zZk2;gimLed*!Az@aFUmwzkaet$eq{`a?x{vy8#o#d_`cm71<4cBc6R>CQ^69gd#T& z#cyP!%NDtF#^OSNc)^4#dPwg`(*>d7w5a3vFYS-@kH~Dho=YQ+l9s!60tzfByh)6) z+~`ph3}Lu!caDzm%zS<#QZ9+*eV3q1r>hs*oJgPZM70jH;L9+cM^loDAOx*K6LaNZ zK%uZgx}W@I6x&X0MF}3mJaoWV0s;D(>Y%sj0X`i7Hwy%sUzi^=<_dlg{3A)cTd_5h zaNm;05$Pp1;y35umX3to;0T2PW%=S?8b2=IxR*JSyO4OQ+3^KVQA!8#i0e!$vyP+t zB`8qSJ{aj3#&-TDA-00X-BK6ETs}&*CDC6uv8EsRfSAiK16xX#s0DT}h>D zhs?y*AiyfF64{YJQj#v8lj21)(Fp#DX~*cf>lT3RBw^6yDwlHBQ85;STkWXwwTJODFIPo3sC_{q?NURrLd(iLdr_a!b%(ga|Qj{J>Xl&hWcxzxIakC&B=LO zlQUWD4Vi)fHYrM#DHP^7FJ==W&xK|B`uIKL(>Xq_EK>6^=(?;f0~BcDVIz|6FAFBu zNq#KlaU_8b_>%N&)O#SHQ=w_S@LKaKNpYrMDsS}EfCr}}D;1J=4|p`p#T99d@{;~0 zYaSsB5Z;!Mf!$5-fA0LnjN5+u$P9w`iF+!<-{eGV)YeVHrNiia{|1hbm!!CvxTpY#R|p(0;)rmv5_AALYd6aIIOOTGO~M*w zuUQkQ_q|fFh_PUS03sXyCKL6!FCfh4Du|v4Uq5$SMNevE;H;9ui>#_!4hB%bZNyjR zn&YH_Gr1?XB_zQg4WM)v@5L!hQL1^kAl&)}@}foFwUD99Hc!t)m`hP(4D-)~_FI(J zZa)FI33LZiOGPhaYKtT$K0nkkbz$)e1Yq!Rmb`JC>r1Ln!vxX1xQu5k^<%6F;Nv9M zenI!14F#~NJNJ)MFVu*cK!)S>q^eY&(#`;dJ-cqaj#%cCMLv!X#wT+@JB-8)gLMZ%xh!t z z_}=w0Lx8Xo_%d&MJsm^P8`U!&?awqt39< za6P3q*feE1Hgm4A7pXM`NmdYC2Dw zsWw4|OWz?QkV6v>1uAr~U_(r|J;;s+l1BJoIph0@YG2o|5ALZq!Z{X_m@!h@Gf|b! z@u>Y;ZV!rRAdC6;Wcm%)ZXwE??wcfgA;>3m$x-eD5$UL#(A|R&;2fW5LiM!|V~_L2 zxdoW5%g^h_)1=KRK68FULNV0f76=9OYuZCq^2YDKYd+&FPTsM(T$FX^0n?o7z_R~Y zhgsX2V3sj7wl(}-U#HFp?+tfm!CgW;1ru=leeofkJYXh!diK-B=1YkREYKrb7Y6*J z?sQLILrH)!NYc@yj5-RdkYX0Qyo%eC@5l?(P2Ds6e8*$U^i9($pn!wZ)fqSYR2G4h z`C;NkKqT<&jrpngHu@)yG4J~91Q0^)or0|Gsr`10I1Fzk!b6z;NPZx&J=A?fBb6d$ zy1~436`P+dsr;5uAvFpDkRGBPei$p?mvLgB$Gf$#77DgYQ?Evw20TbIaJv2VHEE@K5AS55qoat3Nf)(q37C?Gm3G z5)HFOcp%L%jS7O2M!UKr_aIY}o^_bu>nF`m?I$!~FG&vBBx8U8>s1+^DN+|F0*+Zd zc@?*WD6cSwHUsB6Y;8* z_~s%0;dtD)O|ah+_(#;AmxKU8IawMCIco^I5=(9q;(6l*sYUaT<39W_x3i2)OOkw0 zpoARp@YE5G=BtxO{a%e(k;QtNhps&rx>MEAi#V2b5BEOBD?2G2MSUNgXvcX+g7lw& z5&i+p8R&gB-z#+lj5iqNa7B&*_nOK+L4b}x_F4wAT4;H@%E9Q&rrs4rNACnD#X~Tr zq?_^A>p;CeAjsh|F63Hsd1)@W)t%|tE3!kndcl(?tg-Y1Y>uL9xNsOcpPas39?3E7 z)p6n2NlaG%JGX+8*(()y**KUIU(GDM@J&Q%vP^s5@SHsaI7AU4d!N%C@LLj(u6TBO z(cM`jM#g<`^-3~RH$zvgAr!D*WfzJqd*Vv_cr^Ff<2*q_Lq%+>3FV}A8@SWrQ1mLt zB>}Sme5Qg|pXtb@RFY-sb^*b3Fe{`r!rcKa4d2sFD`ht0S80yg+)NF2zW072CoJpg zO9-H3E6!4B$RL~}U}an`3KyzclP@lisQf&l&1!;rWAq6Mkl$SI6fgNK(&33iF$u^! zQTs@jjC#Gq_bwR>OghZ36G0mmmc;*ll5pIB7OU;OD$OoLr(j;*pxS_c_DZNun`j(L zge2QoY3$;Sn&3L85Wofjh!*@#d{RqZuu!(-XT4d(%F%L~I{fnNIDSSAgQ&P36%+_X zTsnF(IwHDC);E|X4`26lX$o$)$>r7uEM3}qRVxi`rWKy|)G0-Ao< zI|$nkdssceRHT@$4~db95o&#@d4%BQxD&+lDu6mz$JeHGcgUQPU|>(C!i=H zle5d668qNMsB4)hbxcO@I~9C`=IoCCeQf_I&itnlgQ2(S`S^j&!}e0e&trye7|yMz zWJ3VNlU&V4wfx)fQr{kxFeY3=vukL)iX|}*z$d=;(aay57?fM}qa2Z7yP3J6y&aI! zwkRtrq|=_BmnMAoEvfvM1jL-t#mkQ6TtS)_4?uwSm4rOXf`X|_t_n5Gv0MYr>aI?Y z*xDs|aDwUaqP)ZTRt(Z?AgPZ!*5ms9%bZU6H+mylc;VLC^O5 zlyTep1yYAO1`EA9jY+?J`gyitD=jKiPi*f@W2 zXWFOo?re;8=E3q*nHf=F;Py4VZgaZ0LQ*3rkf2)Ha<%MwEA#phW9BkO;paqL^HD-; z0{nQxcdSXfUNTc9OWuBDiHH4`XJRFxuXHc73pl|r4%`pSel`?HYgm-D>A%EKrF#Yu z^-6%A4g#=?myWj5QR@~4_&MZq&IpUVpf&RHPw!b=I5vSg_TCE$sIPHOKRZzFxW@EE zNW%A4&aC6rtd%>mN$VTd1eJ&NJLfi}gn>u+Hx6>0-0#}DMu16ieU}mFn>+nzhfNtL zbt`aH8Fb{@+83~LKYZFC2i-|qW~HWTk9QC6J-VJY*%yMCqCI7Ubi!E-6K2+6)zAWAX>W#hMcLROU6EElnCK}AEr0rezDX~7K=#g6 z@27_x>=PgW)@Dxb;${FhMf6j)kQZR7o;|8Q0SNOc^)rfKHHc4_=}zRZm<}S922|zIpRHv zM`A#z8)0mG^^M8nMlDXRXo3BfHsAzj-@!|t&&Ne{(lj-;;Z)V@yQU~bj0L1Kb-YDB z=XnZ7vM68k_Sb%r_Ho&a_PxN#Ku^|J^=TuY*k zDZ(UIzBe>RxEK>@X6fwU>}uxZ?COYckoL4ip^-us-~=)IJt&{$(v&pRKKb%k7dCLA zmHki-vL6h=oawwXhNsIP)~MrOx<+)OC4?~%dRSS8y3tfoURgAf7Yb<1uD^JgM; z!}J8@P^=UuEp?!Z^!lPzwb#5LO90X7RO=v~>CI$*^+%yMPo%hr{t-%Bl#Q(e_(V%@ zK@{40FJR+}@ZN)VeiASCTw=p3TfrU&aoILO=ve2qGjb z#l#LuSnokCFA|mmiBl`5P975ZKxm!Z^(mba0?gmJ-6)I`6r24K4_B3cV|=cq%k=VQ z)ng{N;|*{Lxl$-_*0|o=IbTTQV|WFt)cIRf{a$a6hvVB_HuS);2B~$|Do*6&X_vpA;>2)QUPKiBe1b#2KV(qon>JDJFLJ;kR{(&)%sKmPHo(;+Y zh*5HPjo0Gk-Q>?efcnTNkCoc1qt15o-8fARy=w0}#+ua6ozTAT#X8fLeE}SdrMuxT zX>7AE`O`vnF*M;ZI)-P^wB+qFnUAkACq>J}L4j}!()RtKjyUV-&AfW{n88@zJCd!Z zBLZz{`#TAZy_gT~X>$9gH>xwni(4*H^Y##^S<4F4U(bU8*BpnvW6O#XpU*7Wpszw_ z%uk<+?^6pF7D}XI7hO3%4h6Jb6w(OOl7}-7bKf@1_m$$YKF#2eFu0aq$rRn2%cET# zv>z&<2uNB)4sS3Cz~b?Di0h;7 za`+4p9WfLbalWf)FCG1Y^dOxcZbiB@Fkt0)`piQ% ziiV+r%T_0EEW|-v);}^Ozs;FGbkBY{X1A}0AtG=fh`X1WjkTAVqq7xK+8&8?*(0a4 z+4+x(8b*DYu?RB`i*U|&UtWHI00)NUIGD>drbJxW4U7t8qIxRNTKQFlR|MXi+(4NZ zC_#ahad8u;WUE99asJ>p69E@|>F2VTG-;j{Srds+pM=cz>K+T{uX&k2Poo^JY=l<^ z+ts#TLy6t+_8@y|^&q&=eQNx4xqPYoT;_h2yA}Zuz`(DPRMdQgVMt{3g$}wV!p-4> z6x#De!`QQrT^3kI;OZ6CGAVHo7ABn&H@YZ+Fm7{6U<}bD2OzI+A_(3Hrmt_lpt(dO z@}*8ZUchlb)A~#}SYP_Cb>E^JnBG=t1STM0>40!^gKbwzzHQn#xeIK;|LvY{@15Pi zw_xo8{M6Qm1l&-LE)Gb6U#eyJ5EHo~EuCGhtPv;&Vxq0&j|a*M=}b%nwj`z@VeGpl zM@)orasv;*Y|f&byMJ+WVAJCgD_F97t#r4au|lT1z*2@!3+Gt;hhbK zv(7G5M*6Jl7`46GM@+kx~#ix3lGbPH2*k>=W|CvkndtThsWc6UXZ?OfSxyPjhP z&csH4jkUKi5EH?^)_Oo;IXMehJ2<e37bOaLy;J`0W6x#Od=LErKfo-z@(RLBa!x5u8X9dIrg@pw%^M2uy0ydT|+pW2C zsb8|O;8$R7;NUk5wFtVqAJ94 z+xPz!(e{QQ%F$*osP9ejCqhAdzxnT8;+A~=fdYWJAe>N^(gMO?bz;jA-|Fgqdl<0P z(F%4Fs#{c5{RXPEq4_esKywuW=;)8KS9_57AN*j&`K1}J;Jm|e^K#i@pwDo`?-&M!AHy3=|Wan%&X)XE@{9CEYik|En9tPLS+FP4#Ea;H#Z z-)|Yv&D{b+f-pHN4}_B?(h9bnhjN2~H1eGke@kwNub=#7dizeYT-z+mzpb?D7;^>N zqncb`KmXS#nEl&zzNgb*T;Di(&vgX;(rs|TK$_mg)4PcJ_nCS(RsStqy>rU%WWBRz zo2`FN*E^T~3w-?#CG4+^{TI;v8f9;BHqkcssDmXK47vVPMPY)17^2yh=pXVsi1AOj zY!89`0>Ojl+;Rv0ISl{pE_bAcxhWLF0p^Nuv;xOS@5t*fSc30u{3r7JV_Wb~lhtpG z!M3(-H~+Th=SNKRjlp2Qz?3j17N54RmS>HCJ4U!BEO36@8i=g)!Ff% zwh}%6Jb!Z=<5qs?Ka)}TJIQkkJjln}S)gxc{@sMk|Iy$456kLrWy=48zqutYfgP*y zKY#Oo{J1A&wB4Wn+41=QrO)rE{y)jz+`6Cte^BP%BfdXj(Y<+G6My90UMfM^K#G^w zJB@*6$n2?`5WsYZK-TmE$IJsNRuOXQYwfpRa2^wT$>%Yd7!pDw#a{>o2+?WniPNOd z*7ZWYb7$pf)1Rv3XkZRV&;Nyl{)Mv7Z@SEOit8(|?TtOvpKU_f+l^M&?~wPDBGE_1 zB5`9WK2E&$#GASTnsUli;&o(+J}F(zjqGskxjdvUTg7vttL!=^fwht!d&pm^HeiYkKcoWpbm8xD>z~%9e_j~*5#t}~4p^1>g_(KV*}fn8_fAUg ze+3GVd4E#x{uR-J78lda|FQiXY-7wA!$0rnM1LXCy-i!Yjo1G)AJl^X7gHtwR15d- z)ckKA>{f~Azik8lwIt8Cd-y*k&A+)6|1(6tI<)C~R_ou9x%~Ha$G=%&K)U=3wrQ^) z`iPQ<4>yoay+F=sts$vUBmV9%HUwbQ4^DY1sG7DC?q1WEwmED#t#l89J}GpAKKqN` zojf8az){~{`}z*lt%DnO*YK)h*thLGypLGrOX>OJsdbJqkRHiWe1VwGL%3(e(8O)D>VV3;dz50RuCv!?Cu6f>U2rt#1vm9|2J=I;L+bd# zXB^D~eS@j;=7K6NN|K@*jZu?oyGECO_msC*j#oyxI(mZR0bx2w zG-iO@*Rh%I;J85n>z!kugKg~z%Glk7cyD`i9X%b;AeeBPNuu%T=m?@#zAr5n0x(}g z!!JRDU0A2uus=joVnqv&CyZLlCyI}ViG?&xyMj|l`;)R+ZX#IqV+Lfp531XR?6Zc5 zUTSAxtM96!>&IROuK3=VtZwvj_u6QGTxaPL5=&6poHDb(&SfQa9UmuPR-2~UFuETA=Yn1%_8I$>Iu&&wXp@?{Gw0k*262`BoZQd2)dosp zBhmRIX2i@Pcc?5KD^a|v=56~KcHITo_+b74;pp~tklUWFmC|XwzS*f<-70w#pDy~I z|NG+W;L<_4=kU*QJ8fu8Mj+E<7Y<3b(Z-K)`OE~7%-E7P-(ly8Gg`iuGtP7`Cd*Up=+&d|znLvF!MV$E~5wYg+CNBw-~+IYY9H zBjEC^w{@PT9K=g~Us${l(0}M&`Rr^xp~CG&c8?m9vT7j(L?$Qkk}~o1?FROl8xV)< z*+0l=tKz*4N&25Y)vJfuY@huZM=!BkhzJ_R8Z&?7oAVGrA|#VFKjVVyxfIx@0%5&+m8e(0L>E@|bRsNl`? z%~Wi8d6k#!1HOb6gKt=!=cuHN3r>3GN6b59=~X@;U__7GOCNU3AE&)eZp?ePUVk6dzDKYBY12K8 zI(ih!%qw5(e)P#cITz+FYtB3d0s5$PR>Wg(HE`oyj1S~aP91Q{A7YLUJbu*6OY*Qs z;bAC1?NirIfZLVG$9g6+`CVCX$O8V8CTBkbiSaLQY6T@<4Fxg84PR*pxnqClMd+RU z(%t>+YrX`WlV`Ry@_&zzsEYT;yteWUJhtGLY981Z98Oc70WM>fk8hGbN+fwgY`qsw zXYc9AIZ~r9vVKLm*D2wqEH}8Q!Q$DNAw6NS*#K+ucRr=QJk(UvQJog3;M zVRC6L<0G+|e6^b1Bm^io38^W|B%?L0dHjUNpYEmI)jO%w`^4_IIcR)%bePT>3am9L z8r6`{te3FI(HVwa^?!2vZt2CeK&C`fqP3eS&pKp2J!K5!boeGutH)Ac-Sge^VNby@ zA_5(vtrwF$jTi33M8KPMd3m*)`ZE4GV(Q2VTyX6LYNn^1hiSzpoDpXZyjx=2oXGH< z|9IVPp>~FQZNA|nxUxW0^TZ>>qQ6o2y>!$dFR;ql)YBxka=Gv+*ZL7`9q4sil^3S_ z0RQ8pLUL!>Z!H^e?rJ=Y`{;oNhvkF6k6>*r?SU5Dc`LC8U$xfNYeD4mwntQa(;kwl zYa(Tsz(pz?l+n)~YtPzLMOxtZ=`yx1_P!vd8ywyL+$pFj@nLcZxbgw-yJUn8`{&d9 zq(5!k;*_GaIB(iL#Dn?}qCY=KTT#Fmnf>O=#oB!~JO-ipM|95Y_94G&JZ1vR9y|gQ zN-rjI885u7&QuQd01`w_xr2+r(1q&SE{@e@Kp$?t%sOZ$Yl8ne#(5$5w%ZCR;RH)O zIH&ot$$g8^7ilWV9!xnSk5}-#@AxLkQFKkRy1f0s)*=V~LRGs*5975i611T5<4sy} z+a$cZ!-lCnuVJxlH_}XPWAp z%cV+{J%=G*2y$+qdg=#V8>@9b%ucT5{j}XMdE7mCS{G_>$E@+wLr#=+pL_50Yg9(vPeO5&o-9Tj!!J1Wd_nm}X0vglA+Joq75Ed-7j3WYYI9rJG}2^@Vx4}z z@|>5fdy#ffsIs=nFswnHQl!h`(Gk2B>U=rvUV)6&SjHdpd@CujGfQX>s(+e&85nql zjryb+fxvsxxXN6bJAYPU9|TZ$Ix0#TT=t$;`bVumfu##e3K9qfWS=56Ezea`Cu_fd0|B~f`g+}- zi=QXnpZ@7-QMzFUL%ZlI?M?fpumkRsI1bX_Bz>y^vL54Q*aTH(iC@z%S*G*CqppnWqxlW%rJM@zcT7*k0`Gn&|ZI-e^6k- z;$6GsmsuH2+9e9`7qP|Wqc#PPWtAU7_Fv9=D3&8~EUGb9!t%1U%Gvo6-dkV@ewu*y zGvQ>-XwmYk88i17tNF*`2BIW<6qlI*#^{6&o6`^887}X`Yc3=>o%8JVQr0f?f1C>X z4^KJ!mMGk_e%7j9q{$Iqy}LqOaqQPzjpEkzkN86X$;VPom5`8`Jx$gS`^0!Q_$@jtF3wQ%&Z%Tb1_WF!K9;bt%u1KC z#oiJcQZg&&ZKV9SX3}^Xt-TRCd#`(_XQ~8EGdbDJmUljdBb> z%`QvLWO`JJ=&E(PgSO-5!>j?NlxTHKli4F(osbTgg*U+_Lmv9wa`Aty$#yU26^&AS zG?TH9Cgf=EO07sD0~P+eAuw90b#Qd)5Y1K_LlK26djsMbA3qtljN_r7o zin4cO&7IWp8Sia-;lTi6l@zxzNtwoe`Pg39kA(8+ZJ(aY-1igZ%er!If_vs*&!yeb z%6764Gbv+FOa0T80<1>C!P~hY70d>*jY>g?3kTPgwUXl?NPr_xtOh>V$oBYy%`MtjIKPfxYcWKWVX=40^4` zB%gZgAe5rr4F(}*KEiMd2#{$g^*Qy+y~D3OrC!_72WJ8?5^s!EHuJKq?qtKXn#rKR zMNW>+&&%eS{LsrXRpu>si+S7OmnYe9r;bh<(%j~h9*EFeQq50{#TK2gs#Jj%?+NmD zG8o^b1Ymwd0Q@zjuS=aP9xdfDRD zcfV8oW7|2w6#rv%86;rrsp&4?+V7gbKP_!CIF&C3?R&1yG!JoFc3DU?WmwrAGrxLbl)-Tpt5W|T4j literal 0 HcmV?d00001 diff --git a/vendor/github.com/google/go-tpm-tools/internal/test/eventlogs/ubuntu-2104-no-secure-boot.bin b/vendor/github.com/google/go-tpm-tools/internal/test/eventlogs/ubuntu-2104-no-secure-boot.bin new file mode 100644 index 0000000000000000000000000000000000000000..c783e736ee45f6c804ab213284bd3bb4b8aa5656 GIT binary patch literal 38268 zcmeEubzBwQ_V=Od&@Bxj4TlD$JEXhw&~WGwq`Mmgkw%aZ5s;KFDFviNX(gpYKzR?S z_j#VfbMNoIpU>}p?)%3(h{K-w&YHE?ti5W_YybcNK!E=K-NpnxsNoE@pq7`Smi7cY zxr4ZW!r%e$SJxl{2mlxWY5))b`gt4`y8C%T)H&wE^L>DoR-G6h7Ln|I93Vap2H@?* z-Yu@u^P{50;@ByrG2VwLUsUfI*nQXci7JaHejNY=IKsUMW=EBX8%^dpej42~D1VsU z(Jd&-Pt2JUWJVKHPcR>SQW8rrQW9(ij%q`*xVo_{KoTGgWkVZa3vdOv13Um`00(GW z=DO_&@Pf8o0buA6PXOmnMgh40;PgrKiG)ksu2`}b6+;KHE5B{U4}T1RuluLM`|GtC zTIFQrYfS@{>T$yQAGee_3Nn|gY`!xrX?Ybsv( zfe6pjY~foe81A8e3W8w!Pu2P{S%}_yF zXbGhwdjZFbKck#3bnL(l?`!FwXq?@pvil*q>C23MSaOOzz48%9I^E`=8h1efDjisM z;eWAt=Sp(WO%__3qQexgTp`qfN(gmKtN;!Ekpz$k`vg= z*&akmjL9hg65!(G;^gJz0}M63 zNA){(w71wGh959L#7G(Vk+_`W$0|J%2B)qr=XWl7rwy|>s(Sw;ejndjfNk2dSjgJ~ zItWjv%8MuVy=R1E4XGWEu;o>;%%CzrLrvj6Nm1kpp@@ zVN`}-5mj&@xR{PD>|HgSNKyJ~MUkP8 z-)29ky-y;_qR2;Sja=HptKEAENPe|!{kbyMZjM2eVs1j&p@XP(=aV+`EWVy8n$LKd zpHAF&wL~-ioPdWbubk3$)w3m^%*hE+47Uj8;uWsRV#+k|%_YA~D;-f-mZ8&Cghzk_ zz!hqM)IbzaNmF1U5+M>~s)iy+9B_Qd2xef+aOadUHXZB%QC*#;LnHwa1^zt%`wD;$ z2X~2x1VVuB{w#Lr(}ap04iKGBsg5g3{On6>_3iSQO0H`8@4h^P_X0glh2!Vm*xPm* zq^>pKKaORcYN>b_tk+eC+s$6!KvcYyNwJH-Nym3O2nw;jdzXsEoQBwxwdsic8>7=3 zD`#ECaO(uyPzL~mF8yOw0;F~422&@^Foox+jtSCaB?defca+G5f)<-^v->RIzw58? zn+Xt*#gz;qwdYpVS$2C;5)kpRYf0h4%~ufxEut?3jZc5WHbN{E$eJ3+AzURq=-iFK z+u11Mf?8A9TRDAO^r2}v2_*091G219kKDEU<-=+bHoDw3GjJ`4@HhhW%$bT5(&yIP z+4PS^E69o@rG|#b`!Spr|2l?uRmpwoQHCVe3E0>4-Df&IZQGYH0OogOr|}aEqAgJ$ zvawqQcbKF3I^YwQyrR{&(&^N$3kCw(0Z++@OOV7;wtXl^VhFV}gg+h6Cbgk&>LkDH zmyqC>sAG~Wj+v)pEaFM==kkseLB2VLe+^v#3H036rU*6aH%IaBvlmEzH;R$gK*0!a ze~w~wGxT?n*OU-o9y};0i4y~ab~TQX@!_>JIPpQaR}EBrbR9D{8(Sx9cZd@w4hZY& zAPPQ;I@rb zO&eQROKMd!S9c$3B{Nrhu)DK^nFW|y9RhK`HYA)NJ}w?E5DzDpAk>g>@%?P_UNu2M zf&USnnL&&{d8YY$o)x7PsU^j!xj>wpPz&|1Em!wiU36Qe&YkKzT^nD{bsk8;8=+v% zDy+IQf3C*fa@^bsXk6B};PS&IR>4}vcq%}c65o5Y5c(o3oAt}ltE5S^#ie${(h3my zyxak@YL?|wwSfLGl?3YWksln3xtGE1+v~$4hZ=U~cQGUzm*~I$K>9Y(O;C=zL>Cq3 z{HlmTX{&1W@flI)RL9`NS~th)qp!DP5Vqp>V>Y@J&Lwg2F#PLelO5(hBSvi=aU*Wx zz%je5eha}Dx}-nwi8=SeRj**PDtYIa7eBBU zerv^KD93Yn$0E7oxsO<=Pej17dg)q@FN$pf;ZMsI45tE>lp+WR8I1)Q4iPSxpAZfa z>Q?}NvS;QOlEZl-MT6FOV+J!?6~06D(Iz0$e_TKSj|ikh2WUVYt~oTg5eH#FpAiK% z;uV>2&<(TpXG17$r7pSXuZ!C@sr-aa3-#VzTDww^;nn3-h*}`1Rn1e$QwmqKad&sV z%fVsc>cH;!TbJ1_AdVc)_O@3?Ih5_u7sv8=(Q+T&`t?aE znRjc`NTjYMa8jqAw9o`;@;G5K-lk9ml{1Geu(hxA7t zwRA!3Rb%aG5~TD)loE-Td0yX9N%vi}hjPQ|iXsL}zU%r=*jf`N`3LO>;ICrFL<>cP zZZ40sO0HJ2g{H*YvFQ6rovA+y>SrTwUQnM0;GSj)cbHZ$a@Q3`z5|n@-}+MFSJV+4 zp)Bx%1G9%90`fhMy+yG8%jd3zm0^a^om7b(rkF$-@q0mJ*3;i4^}vIeE#CpjDu*8T zo|fIdP!$*RSzuE^w`1^hQr}Lu^?iSv@v!H~BddF4dSF=Hqod3>#ueK33((#({dR)8AeTb-eqU z4kC=&|3B@u_@MzX7tdArd+oKLP425EC@APZ;nOh3IA?caMXEom9~f7@*pqdMI0 zlSZ>s1QxYN1R#3=CE+wJ7l;B-wv!)X)VQ?)(R&r7&GLGP*wV+3Sn|%5*C6NMTz zzkhCdm(yKD5*;8OZKxMw!_^!sJMh(|g+?VS+V4_IG%kUw=8jyIN8Q(f`;-c#{wu** z6y9D+!0Ogx>~W&;mNS-OH36fe^QI5p@E(85F)|FC?Pwd5 zfA&xHZ{L-w@ey2|tuc>LY7=l?vbjw#z+HsO|6bSDc-(Kh15pF@i*hw{gaxV@#DY+7 zqlU$23TS2>ZSdW=G9sWU+*-v&7mpT^mUbj&N7Dr`qROl5nTGn+?nMFI``>QM6Y92H zL3sc0LQuDbbbSs)_s22#t8o0Z!~Ru(mxjUtJwJtV{vBUzYUjW|c{lvZHc7PBVCToN z?^QUR-qU7AlTG}8@Agmp=ihoaUQ~%o(9p<6 zMiyat7Amd_I~rS+?0$a9{F~`c0z^pxJBEQQ;1cA(_(sgq3_b}nXnwIZvD6|WueGM6Z`Cj709NFrSwhjD^xSX^&hu!(s7 zAv@;6qcI1Mm3rGcn(#A}cgIUg?`A7my)-E4x%m4W)LqlUtM_=#>`0Gl?ggo8mvFKD zD2Vzd5zauOl^^^@Kl>DvsYy^Gn@-Qse`iHJ^_C&L=xX|Mn1PUpXtOMltJV@d?TZ=T zF9^uYg(sAWGF<@7Nz$lgEM5k41Q)`Rowp2md3yY&rvj-B3*OGBP4~kiQjZs^;HAHU zJL?PmZHYWklCzIWTJ%D6Vf_cnFaNRm_gT*r)PJ=7_8%yo+SmRA^@jh5{EygTE)eLa zEoS<|7GGsF)RNHX&eqD-!pt2^E$-oN197#5CO%ieAl9F((*MD#j;)g=#LJCZ^=H5f&Eu$5|J{V=Be1z(g&l4AOV3HVZ3}>= z)s~xkrxI~cGw>^NNOKQ$=*-Dj%z;34c~K>spScgx<+6e(A}_V`a`zYeg~#oD9_!JZ zALE=?=lJW~Wzrc9B24L6+va48txwb#p15wJlngXd-qYaqTOHqGXpA8L(KtYd1}T+E z>TpUI5+5Hd6g7gkQ`)knqGvSZyZkOmh@QGYT01)5iMP~g!0?s98x&)}jAl<8rD00M z+HOOk(X=IhkYg4bW`pJ?W%RH>ljWn&3E?QOkpnr4;YiD4x)_L4-JKae{4SMAhN?!c zd*aEgi+#ghYtJ;5PYf{-BfzziB&9VAj-*~&`nS*I5Po|ONvP)#{g(+(856uVWvzxVW!V9sS>_4K&qJ2HgiK{BA>29g%-8)%hp1|JDr9>G+ZV5T0wm)<2u*i zI>t<7g8g6F7Kc})-3;E2jXWqPA`O<&eQTT(^wRpd1Mhyzs_5+{-U4(FXLxOf`gbv9&dKwc`up*^X z!q;C=KYE=x*ppUdWImZ^flA%#f#da1_&~ZbHzRjYClJD2hB)d~WKOQ<|JNkP_~ceZ zpjD_^6*As@cCp{N@#EE63_xh1y>?QgTb!6LS{@oLWn+c$kXq2YvlWxWyQ^XYE!jYT zL>N6=ngYCdnRonZk8;Vv-okvq!DBzlQj*BgvGE6r-jN5A-pv6_4Y7ij%>F3K0a2tN9@Y+KZk)s*!Ydp)5KGd`3E~8G zHxAVI-7VQUc|cs(#vaJ>*Aq}WZth^$zjsg9p6R**$H~bp2oivLrt5+n=dUIx;7^X} zpK|$6dHU5U3?POE*uujVOf3O*l$^h_86YhTr+)%bYuH*lK`WC`OZ%^ja04dU<_Q?p zmcbRT2bRp26~}TZqu-m|Vlfgpd^OUT)gaj*nc-Eg5&(3T!MF%;>~-7-G=>{{WknhB z3Dfbdct&aQbD)LFiC?GsP#$MlbCl5|N*RcjTcfA#)>Ov@&15gi7nN4pPb;McY#-8i zNHZoG6>09jX{PWgAr8?0X8qaFTUr>$v6@)#4sMUma)5Gh(=n@ZKflst7-6XF!uCDC zfR^X$a7a&qkgoN(!jab{%fmu-x~xw+5y(wx`2{b<;X9a$z-pJ=JkKNuzomI!upP}t zhxrBPob$8V7njcaX<-Di3sqYz4hzUdtq~w&1h;&jK(Qgi7MUUZn2JmG(0jU<$&PazYGtzrY@t68L<(OArWE>O4W*(NzisP8!Gou6fP~O*K8ifu*?Yv8l6YxYlBT# zRPJ0Nd*k43#u{-g_ewvf&(6Dy-;qTtT#w;TPPX;*=ed`RWUX9HzujVNl2AMOM(lEB ziIWZ(MqdTgg4dx_JtC=}Ir;dqHlK4`-_YoxNE`af%37`7!+W){g=BTq zg^ePikXRZ(mmqA|+wjYtJpOxo5(%{@&Ohx58Ya1*;nU;?s+}-$1&RMIB%5qEMoa|OF`l0oC0tJwh{-d}E_;bAT* z{y&cD2Bq+~GzBcAxryi{UYVSRw{+S!@#92N%=W?l?>pTgtJ|vZS8ueWQd$DLl(T>SltlxSoVSVA##qLt2^zK-xPIC-KVYHjpvd;KLXLrJe z>RGV7oYf0&mI7HVIU!4nTAVlbCHL?>7_|{z`|#XeBBb0pmz^KieEALE;c%0B9>Wj`#$&)YnbH&;You-UGaa{N*Fdl8Xc8+EBY|g6fYGTbia4_<08YiMda)@JR<2~j zT1CcLc)SGM&>HEdL^Bx zqvyr%NHYj3sfX7SGZffY6MI(`apY@H@pGJ`f{>wyuZr#dzXv%qRC5J6gT#Kfp`jYj zpF%Z@D-F0VeY;(mWN3==vj%=$n)dVnTiLo=n6X=cU7_aTSDhOK7f$_)0<>Ii;pxWy z2a&7#ImE)v`7h&tfvoRYQ{OBu>N+}va8{kt0)1N!qz=^v3Ti|}kUU8Cml;AMgku4K z1VQ}2?*tD=#PUD$>I_wD3tO-o2T1aYCKaL(=q^Ygk1vlWoa=wS`l{OhM?azU{6D5$ z@#on^H8&4r=c-29XvPO?c=hjR!HlnKyJeQt5pQ%a!V@u)Bw~)UE{Iw4U<_l7JghOE z$R*VORsHJ;LlX#w@Zi_?B)D7QN6wQ+7!0Y{ienzOO@k7nuWXSuCrN(923J(jel`0P z|0%G`AnE>zK;$Hd_B^0G#`aX%g)^$Bt^%RJdU>UX~NWoQfbtjypiY zL(FFRm?{UCf{*Oat5p&+W~-uYhN$nfa?0INTtO&?yg+s^00U+FI$12kLI++i2>?)pa)beoeFME%pIk^T*Z zt6&1E(f?B{G5#(j5qlO~z=5J~nznh;7w$(LJ_{}^!P_*rH`0GDn(wOkWL~ugfx8IE zVlpX?h*>|HCbu13Q#rW`$FFQUT%#a>_);n`^?9z7=7&-$p;wBaPc%Ugv_h*UJC^jx zEHf|Q#J12|m*&dYU0OpC`XNVJcC(DM=h^H^y7m6v@LgDqXEg>4pB@&x1`<@bZDmvw z8gFl}7JG<#FSv|wjD&1!aDpR?uL-oUarFoYqZQIz#I8ph>@Uu_B7su%? z%JTA!Q!WK$z!xJyvwcicIe_ zt?xgyH%$33b-j(C`+eU`>p>d5^n9`0n@h+*&1W59F=w+ccd+w zni$g~;$Q9h=$t*k5>gOIZrM-U|HAn8WIFSfvEY+BaA51fES{*Ur!`aVI}CKnhzvv5 z4+n7W3LjCLJlE|mKGJ@WfuDMg-m^{Eg3VI)A+9X|Qd#h-M@d2UWrucRJ@Fl)?vDGa z$zl~{;@|jEBpDrOf94EVZ*swomB88=Th2C2`0q(2l%(%eD2miSJJyKBmYOPwQze6Q z(P8mN93h2gkIyHQv0WK&e^^0~<{2{xL%D5#FYRH46WPcESbWdSbbk0!KO5TfXUvcQ zcDD#j5z7-+Wz-#OAG=U&>{eL(t*y`oMF(&(9(CDkm!NcY5DljJ^;)63`7x~1+fJpXemg>Ei%map!5)VDp9w-0q+s!h z=U=dFC%MJqM2LYlTpw!2&=wfz8RqMS<;T)oOAhbD;&C7q8>3s_l|lF14+HZ8Gnd{5 zvZO%b``kxp4v4~S9>d~^mG5F0NcNVXG>?m^An{NNj|!SwkEEW~VX@Pd%_ak3@hp!< z??|vG|KKxeQ|!WIKy`SssQ3VKDRs_ap9p9BNDvm!?wn*DUUK55M)j10svMibxlX5- zi@l7lrgXfKMeX@RSiI;+cJ92$ZjPpU^*7^{pw3sjj_!Bed|b5Ro$>8PMBHHUvO}n5 z3`@va;R|=|cUUKIPJ8qn?LY9**mRMxE;H-T!{S}`6Cq=?^8T8IGUnyCGcNjZsJ*a{ z@NL$YXW9n8TX?|YgFoCGsXa!O9LdS(dKWRAttUP#yoQ6N3t^en=GQT?hQ&uu%IWQ; z)g8q>f0l}2XJ%b7`5@9MK_7%9x) zQ8qs(ccurx;s>y~t%w`Gd<)6Y#2?7m!*JWY6EK|*Y+P<_>$NWb5Ce<1)G?UB^Uh)? zsMJ2@p;CWte+v921@PAMSl?Au-mJ_qH2--^-b!9JSL*sTlr1lu=qyi{meO3#BA?A z_vA?}G8f3zs_Gkl(*9Yajl<-#1 zHzCR#SiInePR95{MUymc)>mH3xCm=vA4&o(6iShg23`P=N#J4eTt}(Ef}Cl*f)44= z7g3g0jF&@x4Bw`NG>lzGc`jWNX==^P5s~+uw6ZR15iplFKWXwJ-RCXKG&M*VMa*D} z(}KmnTt()=ZnM`3&)`l$$-P}~Uj#;3Hcq0b=3{0aUU!y<#pjY(Z0itrrPi|VpfV<`KB0Ov)esv+5wCIsP|kORSJ1I*5Z623>%a;jOQi8Op~mKU2V{*_Zjbo zJ^Aqb36i6*fk1tj21ubLGT6Tba0+bfTg(`4(WM>cbbzG~K4{M)3xyvyZ**nPJTW$Y zMCm}{l%nFx!fyZhQ$Jt}7H@DnK1tXmOjx+M>SJ7%V$XvlmpeKF#OEf1Y~cla{WtXU zjt>}nS$uz#vNS{ngID|6bFZhE_Ho^z10V`AcZZWYSo+Nr?;JG%s1^`9I)taC5aG-8 z+|WqEb{$2$&Z&qW1ER2a-~tWc*w6peM0uMp0lv*SSpZ##?oHD708&ZJ)M_9pEIth} z7fYPKFR^;e(rAHJXlPFj`{AU`wH#?SaVpPRiTd!xtUKH;nCmZ9NdLL)Jw4z|Bh&nQI2`M)kc~JNER8uu9J_k^B zf8v37U&x%?fkeA!X9t7_|8Q(x^i7m@o(o zpBVC`6_QEp)EyPU(%<)bu97{M6up*PXxQ;mnJ4o;VpRs1i&dyvUPp;f^@cyi?7Z)> zd22_zaqn*9C)1^^{BAV>&r)LZONV20&1||G{yIcAXunv8%~`Lm-$Io{i!pg!+8lyw zGVlha;-qy==LSDb^G7SYKc3<`lb4>;u5=5~EK|||kJuQFSblHeR8M!{D8K`eNyg;{H% zSpv(8C3Y?emcH-6pr*wLHXKzQs&PY;*Sm_bkZw^09aEtW{C(EV9v@iz8bHwKH5Q^y z&>BF^ySC}5Kxfy9Fo~wbPtU||i5~eoES|h}?#+Hb-sscXlz4oXA1vuf*efVBkQq%z zYc>aeHzHWP$OyyW%PlE^p;fv@hVEUHIYYg>{8k?_?;A@#5IxSfhsE1`mEr1pO>WgM z67?}<<11b&VOE=TZD$|b!#??}f;>rB{E{N4z7~;-oN!E{+e@}ZGNr{$_HvqA-`O5> z<{lZNzJBP8O8?+S(t@af&@dr&S>fh>AiM(U4?)+t|_8GkZEZ)B&u#B+({>1Yw zizvhyE3*S-valmyBZP2I3~c%4fZY-XaBsF&_3 z?VgBFhs(^Erc1xujMYE45JcoOg2mrW+Wof57*O!&{=*au)?3Dl_tzHtK?*Brl|8ZD z(n2@%OOR7zm2UGmBq79X#%Ge>x;KC)V}&cxXw@tH_y9Q#;)=;@lPdRLKN zItDC0x9B~*=!D3dO9?=ef1IQSeGZGiv1=Wg(`6vTq$AD^eHeFbe|z|S;E4SR72SpQ zS66Wb;se#UBPE@7yd_;U5Ab2>8|osF+J&w2M@c&qPkh_7VQlmhAIvTppQ9SWHBoT))pfWqH>kk#q@W> zk+I#x8r684p)uSUgZ|DiPA1f-CQ7R2m*EVbA*GiCxjYtHwqx0GEJk`6(@UJ7S|J2d>ZQ();c07GkX!uKrj zs_mYwY&OiFetL+C8Eg#>zVs44FRMdJBHwhDsI8zId3ud7^t>qgI*4$G^Xa05{i7S(An$70T zT^_18@DDgwLn1jVSy5zUBkdgK_lZBhXiCDk44ZopQI&0+35(|kPuaE`e2bCr<;6|B zN5j8Xlnn{XLEqEcwhQ;RE8&5~3pm;u&a+8-E|9$$I$C++J*)Qokyd-dnI|&;J%CT@ zOIZ9}75CTAt5{M(DuW5fxJyQbkpf=!E#a?ayxx(}I{SJfe!Kg{LHdpJIth?aFOy2b zoNY|4CI9?$BU}%A2a#Jf?+yENZ|%z_PaJPYasp|eZK!qRBO>v4$D?R!_w(UxQ&ima zVEGXdytCVoum3(@+`8HFL8y?hB+ar>i`3j&KfibY8{>`mQw+V=QSViCYS}UdTuCe3 z-Af9P4tB^FJq`(q*CvNe39$6V!-Adr*E zfq(b)g;zV5GVw>S&OzuZ*C*i7Ex0Txd$^sKYAy6RUa)xS2z#Yzvk8N{sevf&@DGe? z_2p`wGKr(1){ApQN37rQ*D}^^^uVc(Jo`}hUi{$~^On&8x^9p*owr6152JGH8}Wne zC7HzwvHAN!S~ zS%b|A58)MU)aT*#oR>x>A;+{|;U2%;4wx1ns=Se3n~iiAdbR1nxBsYGcIIizc;DiL zOt^HHe7@=P^3l1_jrh}o3RS0;M4FE^u{RS#5vRMJaY^{~?fP{Gyy)e*>h~3}{DW)0 z43W$rbaBq(s?WQg` z^JQ46BJ#)!4q<-}mcEVK*fBX%tNOa;*GoOGXCc;-k1~R8nP1YdrUr5M#@(=Qj?Eim zBC+AX)7k*{^NV6?rRAlVNPPTe3d*55S=kh2So)3|@3?g4yM}s;UOE#sC3%>vFKkhX ztAbM5^;=|j{UTxU&iT^l`;~%Pww35VUd(jRb1AQ*ZwYqlM#Aw-M6s!r!{S{#A;Er| z$(b3M>14fC?r{W^NaLHM^+t)}HC6-EuY+On-o%zTG?AsXFWe?dkG4{$87*D3(E=Xv zKG3B!SLFA&QLpe02`TF1ZjKmhQ?nNC6G@&YEPtpr=c3I}N)Pb_-q^a#G0~ zlO&ots{$Bc`46sWl6z0*FnR*cx**U~`kKfxiORlLh>nr18qPS%b7Oo(DR~R>C2(a9 zCF!rZvmbz_3alO->dD6Lv$ELNgu&gYhsPqwPoe7ET75>-fo~y4$A!X`F>SM-sG9_4 z+UcR*xe*V?rAz{CN%g=4o~v^*ii^x)XX=6VN4F>PyDkRa%8lNLuM#be&U;oL)PHhF zjU+IoUUYro`Mz9dqCXeg6pQ!=+Y)SllfZUGJM#AgZs)za!zH(}G^tbEFBcaHtT%vj zL*qKvxPi|gC&*}vH|Px&tmuxj*lai}|L&%s8kQ=q3AUC<4E$SCb;!kwhrX*RM$npGxjl4a}e9hP^!xP@S}OvA&m z0!#l9BlYL4Sn=5^#p!anqhOnL$r9&r!{VjZVG+Oksd=t9@NB$UPm52Y#%vnz<2K6a z+mnBmG_T&Sl_DP^@e{Q4y@A)vFU!$ddl6Mm_C{PW={S#=l*&P@)E**oVDm8?zzK`b zey-v6RDZir6yZ(|5@J;-6{=Zww0;xKk6V%T3_xcedup-@cdxD2t#r|1LHj6bbv87%(E zxF~iD2}V2DY2xF8?s6WI?XJ7h#hCOog>?~jg&VA}_@Wu_SKY1on!N8(PaE~vJBusN z@iu%b3G8^c>OiTMH|nKjx5wX1&Pu!z%udfs%Y%>{zbG$maI1cQkoT3wtv1F1mVV{E z)u?t^<%~}THErA)@^Y{28xTC_=X78En6j?RH@JYsH%!)j3G!GiPiU7psi+|1}> z!m75?7nZ%NxT!XG0E=%FMSi505JP>2S<%6IaY03I<0I1i8r?c&(NnB%j#(d7g>d#=g3BgP+$YR`*snl-j0koNhZ)B0%mVoCgeB zm-JX|r;ea?OWm+hUKSA)!<+Y zr)QZdvKogeV-yyjHWWgp(J{q zwb>`F1LG)i0+xPnj%9I!;0js3wS>AqF_In0h!6v0%!w!Q7FplhW!f9{)j=Kr?(
uuKlV$H|keI@mo%fG^}k=5A;X;qhD_=qU7Fk+(GwF zOBy7U-P;X?3u8BU1^{2ZM}|R>CY!sgq5ib1J8rBTK!(1RS-1ve09tC!P>7E zD*c2#|3>_?p!OOMlt%!X<}>pmRBE zBQo>}qjWhJ1QPH?8A~JEUvrv@?}q(c&P+OtY3WI6*bW~F9T zv)}M9U#Av!_P4d3F#CMvqk3fi{2t|_B+g}wSKpy;4pyPNTEp_QS9`2>4^vaYCJw){ zGij%^CszVkJXa%vp^tp#kBKS_i{H<8E$kac0B;k)HY1#{z3 zrvfbgfNH|5XFUx^Omx7HqF}mgaLHNkAy?CU!lb>Iyh&UtEdDUwaoQz5?Vf3Y3hV0< z^fa1JRn{NqB@7h@+& zJmb&c#4{s8j|XYRJlyc^D}lv}#l#37l~+ru-;(F0hv)Pt$1{8Ji3VB8eqVNkfJUPc z7O#m4_mRh_qf6wF^QFOI`{$T((mJok^2M^zy}_=dWHNy?PxB5s+y6#`}vj zI-{DKB$PK!Bj6 z_$w0DF@~PrYX4IJaDLj1ubYV_UI*+}=|58?4wtJ-QrqYQi}+DNd;$kh+M#a=MM}%A zS=^dOZiishUFcn5m&ZYa9=qDE)@Qofey`x80$tC?61t*~>$Qa7pxpkI=g(&xFC@78 zt48Jq^*z~a-a!z(pkEv`4LvMD{rre@K!od?C^1jBR!Twsm-qI3o^Vz((`X%KKtMM0 z69x&yU|OzwYA2PYvzkS62W)4$c1h?Di|GRw+QN0urBPBypKXfg2c!o+NU|w`@&wEC zZ(cpGIsSuZ=!@LYAMR^T&94_o@BlbnulfXi#&FC4>?=IuuZvWFzKDlnw)0pS>%LT^ z;Hb+BdQ3xjctk`VfFX2&5gC9ybbqzX!fz^u05^aQbmb^V==TkL03HB4R6bVFHUJQC zi3lSf+M?sHS;rspD0mq^)hoK!1z(V`U;sEXUQ>dw^Gz{HLc5Au6%z9`k=p8HM%f*X z(M)3bm{WiNy2`u&b+bJVp1jt08Ba9x$=dgxMMQf)@_Q9~wO@?ISDYX|_`Gi2lQ32m zbLQTe=>)y|Ka-Ehude=nra$Ea0-!-3B`ZJ+%DFhe8Ttd24hjKaptZqo^OQ&B*@no< zb1+dpA~FGh<{7IDfhU4=h*Na^p%oqH&3;mBe^~1lXTkZF83A}Sf$Y0H%YTRgD6Iy2 z!?Rw#zWittdn8TmcMBmMRBi>HVlIoL_uK!#2LwFMgXBS4`Se6}+ELT*P78*)D5bln zD@(b`G8*(^NHRK+FE|#XQ$yu2!eA zhOPj1wc?lRwRXEfrQinD5%9I9NL{z=p=Y7v6AlP?D~@oz+!Y)g^eamQ1bEbInpaX# zu0RdK&DB#1!&ppRm=G(T5^`2J zO0zE`6C33EJFQjvS+jx_&qFgRnt*^nlKfA8<5Llq2@hDkiKX9o*FKy%F636L!eUsk zaKpVNWng_UBXv+=RKlY;cxsCh@-L*K@wZapy6yqZKUPH3fUezjB?Ct2$YF(!9aiX` z3EKbPk^lgZ;3%$a72xXCbPWqPTSgEoH!FyVTFTbV{#x;IuMH{Gp#Cyv!`L6BIZL+0 zUo&VlA>QGiTs_&>#sCOgyVjm6Pk5wFF|*z``A&G$?AoUqumoYQTI$Ww=7x6OD{r=j zlSP?Qr&K9ipJuh@Yn=518aU?Jpd9qf%s}t)DY0W7`yc2{Wdd)gC9~pOu12z?nS%rL z(--QikNU-(ouMx~U$3`AZRHAay#9iQTE+Ql0iG*a{CCa$fA8*B5AVNs_n!{-zvXDJ z`u*SQJM@$6|Ki=RJ`Dfw_8rQ>FPpFvsWtx1m&pm`S((LY6gptqy(bU@u!mK3?-l>1 zil(TK%gH(oQbH?1*N|p){Exmj%wI}u%z%JUK~VWdXb@({7Xe3Bd}b1Go{ZIMYrc>hHHrhP@{e{+*Fv!Ri24#Sz} z^$c~5%QXm!I5bplJp3KcT{8S{-t`Y!jBd;wRHtLOO^SfL0g-`wuwm5iFzeFmx5WOq z_J8BAUwZvZyJ+XdCYRY{Y4&Qw>{%4;i?8*^yZ^GK!A!o9?oon-tOafV7gkR8upOsdfcuTGTP(S-XEp$Wy?v`ye_;) zKR9dKW-;nh2u&P`}?+T z?ts5?uoT*+C#0QfFo@)5Z|Pj{L+3%qYYcz`Q{TDJlRzvAqSs?*k4ut%RJ4Gi^oDn; zb`|s$mhiiQ06p(EyP}XI^EQ%0C(3YR-h=u>Mp^DYDFtL?`1bWAgp9+<`8Ox1jHx4` ziC%k*9al-rFAj9CmmXdChv6ZNFcNHt;E2Awn|zV`M6AN&PCOz8AelWSOAG81ZM?^^ zkP{={mUb&XAS!R@X)zI>t+05Z5)iN_xs)1baWO8%9!mDo&YuL;Ww$gHES^ra{*K-G zt*f`YDVp{jr6vtZ_Ky)vJ(~hjP!?3njZ9@00FveP!qYe(W9WY8R(Q~JSDOYjmoS6I zn)jj6rYH2*0pMnC=FZB=dbK7fh#UH!0Qz4QTO}RwGfonkR%$15e-YyI#fUQca120o zDc_IIv%|92d5gt+sRsRya|jigBj}5++u4*Fjvi@1K=bfyv||Ka*b7v6N#%x5xB42{ znm+EubWCmBzUU*9W}>JY@=ZZ!8sI^itQvlW9HI;5jzo;^TCoH9Z(Vcy`#*tSfBdVw z$Qqg_US&#umls`0;SZ&xc%YDw^nNngF~E2f$1a@xp4WXl3;@p8LNtSbglvA2r&=^M zXx<1lz*PRHZShE<&-4pDq;CTOcMe7xNJOI`49pNtZzQ7^ijR9JE3?m1tcMSz5D{jL zD8Q6nXh9EiBpXPO$+OwtQbX^`Xk!UtwRU#r(xz@dJ|MazoF+SejG%vWwJDpvOe9S+%OmOzKQU?@0R%e zJ`*V=tso%aZ0olA7klD^+%FNH?*P6F1hr`Xk4F5yT`0z8do_xM*+&|D8l-SzwmN8} zN1^5HmV|P4#e#{2qvc&{H?Wzjg$=uvn~8^qttGXUnWY6cAGaBsl^K|qjmMmak4@0r zikFQW#BBxw@o@8Sg3PI1pFh79(VY)?-@td&tj<{!`xY7Rm&`k`0b*A*IOk7ih zxvweF{tSILZ1pZnDx(( z{!i?1cnk2E@bR!g`Q?DFX9)e;*OJ`$xS>(PiHf?shN^kt}g@F?$wuu+fk;11Xqsv?}YYeF0I`DhQUj~SP+3=>|UNa zS8D3y-I2|N{VWUsnI}Y`OrGIKwr|H8+Ag1nS3E&4+#29)gW(pt$M}UL^ijXPwMu{} zehXYZW@mZ}Zt`A|vb$HXk@0XuC_10yeft@0S55H-W~+K#a=uo9vk8`egFy>dA7^*S z-!N(Q>Q3*ZVh7rIYIGXo5&TAKN<6eIAafeo!@<||t)9)aB@S7_j#HshAN$l!(!7kE z9xs3XF*E^2z5N|eX%B1TyL}U1PkPtg^E!rQfW2-APFIzPY zzfXT+`!|?`uIS)s>tyC|&E}P}`eV%Fg}z?3dCty-Wrr}g3@1gx^5s1x1|UKSS>*G3 zFUL^#i>7VQ;RzKk9kx(S?t~o|0UrNw$A>^bd8|goknH7-R(Cy$tAXNd-=@XNwtwe) zu<9m8hQg{$-F*EE(#BrxTv`6gtf`#ltHsg(81ohoCo5ZPD_iK=6@RM%|1eO0)l7$s zJZ?U0@gzGnpZAStCl3e<&Q~x18;`UA=~|O52$m%&E_OO6GyJm!a}EUH@$hG)G(X;n z0s(8`4Z~JrkKYu`y{ygbfb?vUdVEgCe3<|E;Vf_4x92_Lc;8JZEXV3h?xEnnKBJDL z{AV)#2VZ{`qKM(t2KF2~3rCux_%}4HWjBrnZVZ4w3r|W@;kT9EQa(mDN~^js?PQ{y zuTm3`B~0889d1y=sogvrE?ctN_NCti!iO_*d03HO+eNXXFmo92z~QS+a|qRnJG>R> z_0(I9MdmUOO7_19(SVxG?VpPe?Bq#p1T(U0{9kK@C2(eBTk1m#1qb0wHSMRH5mq@B>jbIV@(m1s# zORSLMd$(}Je@w}59e>6O!OTAvLWSozrXj!pn{jziHM@lE~ysD8fs(Gm4u#ODTfr?xTk1e;tv zR47xz?yeqS7|x`HzdEe3Ok;re2Lh^(IOW*Cu`f1dy?1MSY9IH2o@T83X6I=D_ML zR%1VoC->UDi@*+Lp8NKMi#yBGnH zNQ^Iy;MY+CqT0g*FaW_t`O1<-CuSs77K}#dyZU>A`=)2BzO2-456CGF1XzH8Djc(J z10nkU#~Y##Kdo3|$9tKEpG!>lgodN*oOPbPEbQi+gBsjan}*$$=@);d4m}j zU>luZRx8T?Y46J8p=#g$ky6aiCS+@pwTvxUBV?z=7AdB|3=@W!vC9%=j}WqEmpvq; z@Kh2)vZpNBvu|a6&yYN(XX$z0-}`*}eBSpDoHNdx`?{~|zQ6aie9wIt(-@_<3n&6l zD{~ehz#BK#Ck(rvKnrRWj{C(`HqFYK+XrK1#b8W#bMK^-g5#Qnht0B&*Qz99dOWNe z&-CuYZZS=*8^dSNBo|zbPvJ^9NEzy1U(PG=Vf$?N=C-05A*;WMt)OOzwSt!lg2^2# z8RJXu@y-sDtOYB1rVv1Euea1Qc0AxbE#&v;-Q_8~g@C^#zJ2aq7}HyZh9^2uz;uq4 zHz4P=746I3q<1fqd31DSw;2t}->o&~!%lVh&9Q~T5p85l4?Zl@?GaT7lcL)q2w{R5 zq0mUY8BT(a$WF64#(hyVr;KwWZ&*AX8ce)(KdKV~$e9QoD%4@%PlOxk76|h37R}3K zJ`gTk?p8mnhv~Vv2nF`!eyJDAS{8U?OS*R$kik+rN@Vrgb&}a;s@ z_t5aJK5bf(njvMHEfQUV+1Z1`2K+^=p;C47J}5bA_tI=d!%^Qsj_apgk3azON#`?* zDq)ib@`l`pb2ARJRb8g`iWuu7i!EUg6w=xc1#TikPpSEN`xQw!-8hs?rn#IQzWuFU zMD=fn8q~E41d8ire+w*37Ux2aH4Ht?K$9NXB9A!=iwEBvVr7rO7$Gdy(zFtAIL3%b zSq6$1BeN*&YD({Wj`F@CaUYfL34;L26D7jX7;$^|ZO+@eRD<;envSWv?o=>cI^Sr{ zaMMj63WUPnh*G8X+!%9|7=L86!G&pg<^=RHhM-?cdUjYGa`MsOT^1AgDOhyA_@aTrxXMsE`ezKdpo z$Njl%zZ7QvYQUglukU%MZB^ViBTZ*~Rv{h&AYUh)t58YJ8;I;bC9Jy(e4^y+ z*$)AfS6s;`5*83HB~T#NrZ&Z*l}AM`Za3Qv?UX(8v^*&vJ_(aJ)VHZ9#yb0MJG5_) z?0^?aX7;@g z{WWBF3j3pM%2pYNV#}tzrDmn_QIAcTZ)=%&j_B45O;VYSGf)!JA)BM>cfv{V@$eJL zq*d1}FF7rk{wUwoHBYk4Fs)1tjKk{^jV)I2Oa~MO9Q@I7#|t7QM+Jelyo4QZuh0dh zQ(c4t!OGcHQ8_8q%wJCGGUqVzH9`vKV3~gBZmjJ1C$!&;I!xOM&@3(`#N~r-zAS=27=&^QG>7SwinD6u(eEz9h;I zydXg!Cry~;DvNCf zoIf7#Obrng*v}HJ!9ns`O;)`lPmHtCnciTA z^}$Dz#>aNFZ%SRv8g7hK96U6`kyNvHd~2{puoni4!C4uZp{%VDgyaMQ4OR^ekcOrR zoE65{7-fYr`eBJ4*?ZpQpli#p-9bPqKgzyN%*-?x0+6gGCJpyL4G&Xgzz>Sf$c(kM z&6YP`CT-N}I`@i+(;5l{kfGVlvJK2eUy)?ku|`r^*2D*2?bl&X%_+`Ed-)*p)!Drl za*o+5WiUImguPt3Dzrs$)&!575WD=n#6$y+QhS%Cx2|qfkKW6Q^XwdcaC$>y@C95> z?V-z_LEiN=l@&FlMP(PP!sWa_xyCTP=|?ql)q#;L#_3A!M`sb!pm;{pCP2;2)>*xo zEsJ9rNs673QPqC;un4c7??LNqa0{7mm)bvrkX+d`G(ow9B@$t1VP;{4z*<|?t=7d$UfB@0a;KU3ww z7y=cSm!z)Hmz9wh^f?Lz&W?R~|2&yS#)8ckjvz+2DQ{!c^Dn?gKSIZtf`Gd5U;EP}g`9KLF zLBZolAtVZpI)M^}3mTz?;i5=z(^(^M6Ma$C2|o1k`gaoM+P=|F0eBFf( zYgmlg2LUGX^D6jB-2>tmc5GMXUg{gKYS52ZEqcjhtyIn@ES(Jn9CXXUE_gjU zEb94if2&=;k{8+42py2TQ|I|&#?}W&sPhQrrb~X^IPIxXO}#~G(CP?IupqPJQo2mz4r+C0u&qqhNWBN&;h}K))sWk*d|WFqS=kQ- zlDeFh?q0Job%}f|V*PSeWz>1Gh@&ZoL*nR25no55AygQKkGs>+@E(lGwRRm4v*Hv-v-H8noBMsy2b~>7ANB~p}{Y4{#@<)S^YD+9i4R9 z_f`eA!@UfsYUyv9lYWVLbyUlgK*rjfNG7)CNSvX`pCmMhWj;=1a?`rB;@G~-s!-~q zjXPD)Qt+~rWC)O8-en(~WjPD2inS?oT zw4K!F6qU>poK{vk)tmB!b}W5XNXbgt>(gO2QO{vLw<|^w`9L?AePgaREpKn}HYmz)I&=2*A=M&Bk1C zc0|CERr}%tN#Djo2P5YquSagV!%LVe59FZ0Y@d)GHq0nwuMqc*okYS z%6IZC1km3zLxmT2Z{z!Hk{gqUt0n2I@xIn#Vq=coS%5L|04=CJL0xFfg0TpFa+jae zD9MWib$p;RFO*;8hqj3=C{p*E$8hGYf|X z*C0ZaYlp(Z^u%E}6Y%f1FW7-!5Z^d4bFi=^oT4$`Z%9C01XwTn{sGDkC-A)mGzy6W z_vJ-wG=f+!-5|i1g5kb})$7eski))}bwIsfE#PP~3rkCT@EC0kUn}y!;oxwUAXIT+ zKUMIdAV-;5qyEWle@68bu!aoyn{7{QqZ>^1lZZLN3hTVv}d zJQ#Ch;`TPR{5SnYZuV=_OK_9b(A0WJa@d{?!B|`9hjsP zsgTcR%G@2YU89Lpn#9T%z({1OKWLW1&2##n>X$T|8LMHgkxD!FuG`K-Y&jqVOxbRt zi#6VW05C9VBO4^v5ZoepJ;!4W1E=UF;QSsqkl(KSY3SGlFphNu<6a+Xs)VHgMl_%} zz9ZH@g*Vpk?QEv1U>x7^j;I~@Kk5bt41~Zf7`O!l{~QIk!r*@d2RClH34|M;tRvw@ zBmV#j|MOV*4GjOmjeiae*Wi$ReeSD*H3$N3{oy!*@$e8P`nody5;{Q{{{~Bl0OTjI z6TIiY2cF+Mu%Qrwyclp3Y%8R>5y=1DP{lt0*-i8PjcWcHX8%Ps{0?W=$H=MIOH3 z-zNF?xaw7p189g~Xf1Qq;9Z_Ww+v%j>!hpB`Y3uZbl*ExPTCFdZ;67zoG|*2(;J3( zYn+8Sfsyw^G9f|0eEOgaiMGDlZ$e<4K!r9(@Ql**G$v#HW`atP! zw`ruAKyL4C@qBt!Vo@FbP*fNk`QPaUZRJ(eNc+`k>=Lld~KqPLwG&<%WA!RakWS; z8J*u#m!ZrQkR6v^XKv9l((`jCU!_M zc7sn~=4sT0AKwu*ohPO+_^xL*)Xha) z!F-IU;{MdjD85fuoB0HKKuZyDtXa{P~~b9K4^$* zQlncI0@$#pw?4(mRP^D6lqEx}#l$sE>SUKBZhKpr{_%?*S0xmvE+lU_mF-M38HA_r z!A~6pPLPVk@F-DSshjs5IoTx70>5~0d(**NiY}zJrP815w~p)0ycLl+zgk82;+w|P zIadllYA!g&tBv2Xm%73Xk_cP&Ys?A-JS^wj5qQUqGc2+Vo7%zb=caVZ&Q3(!CS4o~ zP&<~^?%duGa_sQ6xUhko8y=HnuPZH_wT1gudY8G(Q=GJpyyDh!!;7W>d|Z+@l}sVa1y*|*-Ks6{!O`{+1UQgH;!9#% z7o}8IWWV>L@xWAha3fOk)bpy5@c4pyiyA24q<=pbl6>a?ITdSQ_wHzT!CX?#2zFN^ zx@N?uTGr0fN`{4T*6>JTa6?|2&cc2tqQMRNJfKjPNPEI?`lAH4x^%(Eq?`8MdZF{N z3ls>MVim1n2vDHsQIZq4n^wQ%YGSG{%gJd<@81G#RU>n%+~;wfE9DW8Eu5o`-pWo7MC8fi|#Y< z)PLK-h571nVWOS((E~=G_@0%(CkKqVv~Q-K)VQ{_B>%eziAWy!pxpbxB*xpF#c}dC zZGd2bOL&m)Nq1AzWa?9CEcE$m=l$adDLt}}{uYxr@~mg6b`2i71JV{E^qv{qd>^ea zG1jG&i1KjE{ZxG@jcI%l=o}Py+XdMZs8lvJ+MJ12SLeXHi6oN{+t3c=y?;-P6Umg= z{c?7PeZJFO>AelZhb{ZR9;uQBAE2tWX=F@jpv3XWzg(r=Bmd@LXW%q4m1E_lHuJ>_ zg%Bw4x@@9Ia$q=7U#K==VY)tPcInRNGpxU5E4S&$V=mqnd_-EY_aUs$wC`BQZ}Icz z7PrduO-CCcACXMir*@`i#9Y4cn3p^~T)=zBgOa&%2=G`W@$F5h+YYxKi@AXghYIH) zsEZ8bk>UVlB!BDMMHpB}l1U0_^IA?yzC_KMnCQnnlOxn=8?D?Eku6u)C=OZKnV5!Y zENi!_DAxEoHawsFhjt_6yNKlZ)sQ?bu242uINU{I6n9;GNjRdAJ-r74*kiI&1PgZ{ z&x#g~RPJ>i*D2${4bY=%heVZL@u9GEP{1WBk*>naMvkY!OG{x$kW5MqAO9}+DfjRT z$4Iiz8JFHQr1U1`vAfu2B(9v^%U`TbH17z{tNeXo<7aYiL<;_;m{=s5u)FT?n}Adu z>YU;AV(KvUAyB&wB`r7r ztbxSa?|SQPn+Ps0!y>p;>oA{ZzJN!P<0*;78yVzsBb-^5orq;M55jX}o9+!EB?kM` zLd#!d#E4XRI6AGKd0fED4I)Fq_63rvZ1DzUgSb=9!ah#FGtZcNe#LL5ttidD`$etw zq`|)FJiDjy5CJGKCu*;j#b~;cVVPupuC-~5{!v4qv(drJ%f-3_5~{{k9PVAizIA&3 z{E}R_{P;(~j$5Q(%S*!kH;OvnXoc%Fo$ui;5ktJG&v}`#m#4@_Af!nWt29fEsbGfy z3Vq>)MY1bi&C)b!o?omQhFhKKI5K^Pnrn^i4Hsugpg;p$H!e;&JmCn*lsPx}Hp+OG z@Y2{a;dE;UoPWYdOUL`ia2dI0wYwtA)78R#$hruN_Fs0A$QU(!c^w?-uJ|kNpL~oK z^mY}ZQ+9!iHjTASP&BQ4Dk_(kHICwJ^lce0O5SL-!Ri4&ONm$BAlo;)Wf>QljD4!` z7KPT=amYJ=^^GUJ?#fumExY9ct^winCdcLQeY!N5yPh_8#svw+FhyBmQD%fk%RpnG z#QsfVY^9?6VPs#7#vY*YIMp=!L?DD=KiNPB=!QQrGq-#r7_ZXKe!^pvw0>DH6TBQx!dYHQD zQqJ`gd%T#iNa(~RU}~cA%7;!hx9KG)aAJP<^7(tZ+KTE1=cR?l{7spb>Z=wNQqLBDOlf7-#ME6}tG$(8w#Li*8A{O)iI`t0^0Yj}?hRc^1q8!I-xmf+ zyi#d$Yyfq~9X7X9s+hUe`qh0wg*#a*;%SntQz0JqyygXcIR)6cRz+_^P`Avm0y!|R7s!LLNL zj6Hb1;;v&E+8rZ%HI0Fn`PeQm0|*eOBf1>9@>KkTt?0+A2XDjy{=z-F3aiQYjq>AR z=U?rH0)gyo^~*C?;<%v^l0{dl9%mk{<%<|TvVG*#untWgyF{C}*0geJNWeD1L8C$i zXeLqgvJskZY6&20fU&tTjI5ZcqkCcYg>yWjC)=75yb2eT!y!QHb_r8Q&&(46d5^NL z-V!SuKN4@K{^I?)2fAbJb^7@X;F_ue8Q*V@zp__Q(H3{={ZS3~;+F%Y2FeRTBjjmTsEIH&8S`pL-4QZu}=$sHqc;B%=w zB(L;_2k4UcGX2b9sZ!*{PtCl&*<(T}{br env_vars = 6; +} + +message SemanticVersion { + uint32 major = 1; + uint32 minor = 2; + uint32 patch = 3; +} + +message AttestedCosState { + ContainerState container = 1; + SemanticVersion cos_version = 2; + SemanticVersion launcher_version = 3; +} + +// The verified state of a booted machine, obtained from an Attestation +message MachineState { + PlatformState platform = 1; + + SecureBootState secure_boot = 2; + + // The complete parsed TCG Event Log, including those events used to + // create the PlatformState. + repeated Event raw_events = 3; + // The hash algorithm used when verifying the Attestation. This indicates: + // - which PCR bank was used for for quote validation and event log replay + // - the hash algorithm used to calculate event digests + tpm.HashAlgo hash = 4; + + // GrubState grub = 5; + + // LinuxKernelState linux_kernel = 6; + + AttestedCosState cos = 7; +} + +// A policy dictating which values of PlatformState to allow +message PlatformPolicy { + // If PlatformState.firmware contains a scrtm_version_id, it must appear + // in this list. For use with a GCE VM, minimum_gce_firmware_version is + // often a better alternative. + repeated bytes allowed_scrtm_version_ids = 1; + // If PlatformState.firmware contains a minimum_gce_firmware_version, it must + // be greater than or equal to this value. Currently, the max version is 1. + uint32 minimum_gce_firmware_version = 2; + // The PlatformState's technology must be at least as secure as + // the specified minimum_technology (i.e. AMD_SEV_ES > AMD_SEV > NONE). + GCEConfidentialTechnology minimum_technology = 3; +} + +// A policy dictating which type of MachineStates to allow +message Policy { + PlatformPolicy platform = 1; + + // SecureBootPolicy secure_boot = 2; +} diff --git a/vendor/github.com/google/go-tpm-tools/proto/attest/attest.pb.go b/vendor/github.com/google/go-tpm-tools/proto/attest/attest.pb.go new file mode 100644 index 000000000..b22de661f --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/proto/attest/attest.pb.go @@ -0,0 +1,1613 @@ +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.27.1 +// protoc v3.19.1 +// source: attest.proto + +package attest + +import ( + tpm "github.com/google/go-tpm-tools/proto/tpm" + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +// Type of hardware technology used to protect this instance +type GCEConfidentialTechnology int32 + +const ( + GCEConfidentialTechnology_NONE GCEConfidentialTechnology = 0 + GCEConfidentialTechnology_AMD_SEV GCEConfidentialTechnology = 1 + GCEConfidentialTechnology_AMD_SEV_ES GCEConfidentialTechnology = 2 +) + +// Enum value maps for GCEConfidentialTechnology. +var ( + GCEConfidentialTechnology_name = map[int32]string{ + 0: "NONE", + 1: "AMD_SEV", + 2: "AMD_SEV_ES", + } + GCEConfidentialTechnology_value = map[string]int32{ + "NONE": 0, + "AMD_SEV": 1, + "AMD_SEV_ES": 2, + } +) + +func (x GCEConfidentialTechnology) Enum() *GCEConfidentialTechnology { + p := new(GCEConfidentialTechnology) + *p = x + return p +} + +func (x GCEConfidentialTechnology) String() string { + return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) +} + +func (GCEConfidentialTechnology) Descriptor() protoreflect.EnumDescriptor { + return file_attest_proto_enumTypes[0].Descriptor() +} + +func (GCEConfidentialTechnology) Type() protoreflect.EnumType { + return &file_attest_proto_enumTypes[0] +} + +func (x GCEConfidentialTechnology) Number() protoreflect.EnumNumber { + return protoreflect.EnumNumber(x) +} + +// Deprecated: Use GCEConfidentialTechnology.Descriptor instead. +func (GCEConfidentialTechnology) EnumDescriptor() ([]byte, []int) { + return file_attest_proto_rawDescGZIP(), []int{0} +} + +// Common, publicly-listed certificates by different vendors. +type WellKnownCertificate int32 + +const ( + WellKnownCertificate_UNKNOWN WellKnownCertificate = 0 + // Microsoft certs: + // https://go.microsoft.com/fwlink/p/?linkid=321192 + WellKnownCertificate_MS_WINDOWS_PROD_PCA_2011 WellKnownCertificate = 1 + // https://go.microsoft.com/fwlink/p/?linkid=321194 + WellKnownCertificate_MS_THIRD_PARTY_UEFI_CA_2011 WellKnownCertificate = 2 +) + +// Enum value maps for WellKnownCertificate. +var ( + WellKnownCertificate_name = map[int32]string{ + 0: "UNKNOWN", + 1: "MS_WINDOWS_PROD_PCA_2011", + 2: "MS_THIRD_PARTY_UEFI_CA_2011", + } + WellKnownCertificate_value = map[string]int32{ + "UNKNOWN": 0, + "MS_WINDOWS_PROD_PCA_2011": 1, + "MS_THIRD_PARTY_UEFI_CA_2011": 2, + } +) + +func (x WellKnownCertificate) Enum() *WellKnownCertificate { + p := new(WellKnownCertificate) + *p = x + return p +} + +func (x WellKnownCertificate) String() string { + return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) +} + +func (WellKnownCertificate) Descriptor() protoreflect.EnumDescriptor { + return file_attest_proto_enumTypes[1].Descriptor() +} + +func (WellKnownCertificate) Type() protoreflect.EnumType { + return &file_attest_proto_enumTypes[1] +} + +func (x WellKnownCertificate) Number() protoreflect.EnumNumber { + return protoreflect.EnumNumber(x) +} + +// Deprecated: Use WellKnownCertificate.Descriptor instead. +func (WellKnownCertificate) EnumDescriptor() ([]byte, []int) { + return file_attest_proto_rawDescGZIP(), []int{1} +} + +// The container's restart policy. +// See the following Kubernetes documentation for more details: +// https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy +// Note that these enum variants do not conform to the standard Protocol Buffers +// Style Guide so that RestartPolicy_name, RestartPolicy_value, and +// RestartPolicy.String() match the values used by Kubernetes and others. +type RestartPolicy int32 + +const ( + RestartPolicy_Always RestartPolicy = 0 + RestartPolicy_OnFailure RestartPolicy = 1 + RestartPolicy_Never RestartPolicy = 2 +) + +// Enum value maps for RestartPolicy. +var ( + RestartPolicy_name = map[int32]string{ + 0: "Always", + 1: "OnFailure", + 2: "Never", + } + RestartPolicy_value = map[string]int32{ + "Always": 0, + "OnFailure": 1, + "Never": 2, + } +) + +func (x RestartPolicy) Enum() *RestartPolicy { + p := new(RestartPolicy) + *p = x + return p +} + +func (x RestartPolicy) String() string { + return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) +} + +func (RestartPolicy) Descriptor() protoreflect.EnumDescriptor { + return file_attest_proto_enumTypes[2].Descriptor() +} + +func (RestartPolicy) Type() protoreflect.EnumType { + return &file_attest_proto_enumTypes[2] +} + +func (x RestartPolicy) Number() protoreflect.EnumNumber { + return protoreflect.EnumNumber(x) +} + +// Deprecated: Use RestartPolicy.Descriptor instead. +func (RestartPolicy) EnumDescriptor() ([]byte, []int) { + return file_attest_proto_rawDescGZIP(), []int{2} +} + +// Information uniquely identifying a GCE instance. Can be used to create an +// instance URL, which can then be used with GCE APIs. Formatted like: +// https://www.googleapis.com/compute/v1/projects/{project_id}/zones/{zone}/instances/{instance_name} +type GCEInstanceInfo struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Zone string `protobuf:"bytes,1,opt,name=zone,proto3" json:"zone,omitempty"` + ProjectId string `protobuf:"bytes,2,opt,name=project_id,json=projectId,proto3" json:"project_id,omitempty"` + ProjectNumber uint64 `protobuf:"varint,3,opt,name=project_number,json=projectNumber,proto3" json:"project_number,omitempty"` + InstanceName string `protobuf:"bytes,4,opt,name=instance_name,json=instanceName,proto3" json:"instance_name,omitempty"` + InstanceId uint64 `protobuf:"varint,5,opt,name=instance_id,json=instanceId,proto3" json:"instance_id,omitempty"` +} + +func (x *GCEInstanceInfo) Reset() { + *x = GCEInstanceInfo{} + if protoimpl.UnsafeEnabled { + mi := &file_attest_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *GCEInstanceInfo) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*GCEInstanceInfo) ProtoMessage() {} + +func (x *GCEInstanceInfo) ProtoReflect() protoreflect.Message { + mi := &file_attest_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use GCEInstanceInfo.ProtoReflect.Descriptor instead. +func (*GCEInstanceInfo) Descriptor() ([]byte, []int) { + return file_attest_proto_rawDescGZIP(), []int{0} +} + +func (x *GCEInstanceInfo) GetZone() string { + if x != nil { + return x.Zone + } + return "" +} + +func (x *GCEInstanceInfo) GetProjectId() string { + if x != nil { + return x.ProjectId + } + return "" +} + +func (x *GCEInstanceInfo) GetProjectNumber() uint64 { + if x != nil { + return x.ProjectNumber + } + return 0 +} + +func (x *GCEInstanceInfo) GetInstanceName() string { + if x != nil { + return x.InstanceName + } + return "" +} + +func (x *GCEInstanceInfo) GetInstanceId() uint64 { + if x != nil { + return x.InstanceId + } + return 0 +} + +type Attestation struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Attestation Key (AK) Public Area, encoded as a TPMT_PUBLIC + AkPub []byte `protobuf:"bytes,1,opt,name=ak_pub,json=akPub,proto3" json:"ak_pub,omitempty"` + // Quotes over all supported PCR banks + Quotes []*tpm.Quote `protobuf:"bytes,2,rep,name=quotes,proto3" json:"quotes,omitempty"` + // TCG Event Log, encoded in the raw binary format. + // Can be SHA-1 or crypto-agile. + EventLog []byte `protobuf:"bytes,3,opt,name=event_log,json=eventLog,proto3" json:"event_log,omitempty"` + // Optional information about a GCE instance, unused outside of GCE + InstanceInfo *GCEInstanceInfo `protobuf:"bytes,4,opt,name=instance_info,json=instanceInfo,proto3" json:"instance_info,omitempty"` + // A TCG Canonical Event Log. + CanonicalEventLog []byte `protobuf:"bytes,5,opt,name=canonical_event_log,json=canonicalEventLog,proto3" json:"canonical_event_log,omitempty"` + // Attestation Key (AK) Certificate, encoded as ASN.1 DER. + // Optional. + AkCert []byte `protobuf:"bytes,6,opt,name=ak_cert,json=akCert,proto3" json:"ak_cert,omitempty"` +} + +func (x *Attestation) Reset() { + *x = Attestation{} + if protoimpl.UnsafeEnabled { + mi := &file_attest_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *Attestation) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Attestation) ProtoMessage() {} + +func (x *Attestation) ProtoReflect() protoreflect.Message { + mi := &file_attest_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Attestation.ProtoReflect.Descriptor instead. +func (*Attestation) Descriptor() ([]byte, []int) { + return file_attest_proto_rawDescGZIP(), []int{1} +} + +func (x *Attestation) GetAkPub() []byte { + if x != nil { + return x.AkPub + } + return nil +} + +func (x *Attestation) GetQuotes() []*tpm.Quote { + if x != nil { + return x.Quotes + } + return nil +} + +func (x *Attestation) GetEventLog() []byte { + if x != nil { + return x.EventLog + } + return nil +} + +func (x *Attestation) GetInstanceInfo() *GCEInstanceInfo { + if x != nil { + return x.InstanceInfo + } + return nil +} + +func (x *Attestation) GetCanonicalEventLog() []byte { + if x != nil { + return x.CanonicalEventLog + } + return nil +} + +func (x *Attestation) GetAkCert() []byte { + if x != nil { + return x.AkCert + } + return nil +} + +// The platform/firmware state for this instance +type PlatformState struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Types that are assignable to Firmware: + // *PlatformState_ScrtmVersionId + // *PlatformState_GceVersion + Firmware isPlatformState_Firmware `protobuf_oneof:"firmware"` + // Set to NONE on non-GCE instances or non-Confidential Shielded GCE instances + Technology GCEConfidentialTechnology `protobuf:"varint,3,opt,name=technology,proto3,enum=attest.GCEConfidentialTechnology" json:"technology,omitempty"` + // Only set for GCE instances + InstanceInfo *GCEInstanceInfo `protobuf:"bytes,4,opt,name=instance_info,json=instanceInfo,proto3" json:"instance_info,omitempty"` +} + +func (x *PlatformState) Reset() { + *x = PlatformState{} + if protoimpl.UnsafeEnabled { + mi := &file_attest_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *PlatformState) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*PlatformState) ProtoMessage() {} + +func (x *PlatformState) ProtoReflect() protoreflect.Message { + mi := &file_attest_proto_msgTypes[2] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use PlatformState.ProtoReflect.Descriptor instead. +func (*PlatformState) Descriptor() ([]byte, []int) { + return file_attest_proto_rawDescGZIP(), []int{2} +} + +func (m *PlatformState) GetFirmware() isPlatformState_Firmware { + if m != nil { + return m.Firmware + } + return nil +} + +func (x *PlatformState) GetScrtmVersionId() []byte { + if x, ok := x.GetFirmware().(*PlatformState_ScrtmVersionId); ok { + return x.ScrtmVersionId + } + return nil +} + +func (x *PlatformState) GetGceVersion() uint32 { + if x, ok := x.GetFirmware().(*PlatformState_GceVersion); ok { + return x.GceVersion + } + return 0 +} + +func (x *PlatformState) GetTechnology() GCEConfidentialTechnology { + if x != nil { + return x.Technology + } + return GCEConfidentialTechnology_NONE +} + +func (x *PlatformState) GetInstanceInfo() *GCEInstanceInfo { + if x != nil { + return x.InstanceInfo + } + return nil +} + +type isPlatformState_Firmware interface { + isPlatformState_Firmware() +} + +type PlatformState_ScrtmVersionId struct { + // Raw S-CRTM version identifier (EV_S_CRTM_VERSION) + ScrtmVersionId []byte `protobuf:"bytes,1,opt,name=scrtm_version_id,json=scrtmVersionId,proto3,oneof"` +} + +type PlatformState_GceVersion struct { + // Virtual GCE firmware version (parsed from S-CRTM version id) + GceVersion uint32 `protobuf:"varint,2,opt,name=gce_version,json=gceVersion,proto3,oneof"` +} + +func (*PlatformState_ScrtmVersionId) isPlatformState_Firmware() {} + +func (*PlatformState_GceVersion) isPlatformState_Firmware() {} + +// A parsed event from the TCG event log +type Event struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // The Platform Control Register (PCR) this event was extended into. + PcrIndex uint32 `protobuf:"varint,1,opt,name=pcr_index,json=pcrIndex,proto3" json:"pcr_index,omitempty"` + // The type of this event. Note that this value is not verified, so it should + // only be used as a hint during event parsing. + UntrustedType uint32 `protobuf:"varint,2,opt,name=untrusted_type,json=untrustedType,proto3" json:"untrusted_type,omitempty"` + // The raw data associated to this event. The meaning of this data is + // specific to the type of the event. + Data []byte `protobuf:"bytes,3,opt,name=data,proto3" json:"data,omitempty"` + // The event digest actually extended into the TPM. This is often the hash of + // the data field, but in some cases it may have a type-specific calculation. + Digest []byte `protobuf:"bytes,4,opt,name=digest,proto3" json:"digest,omitempty"` + // This is true if hash(data) == digest. + DigestVerified bool `protobuf:"varint,5,opt,name=digest_verified,json=digestVerified,proto3" json:"digest_verified,omitempty"` +} + +func (x *Event) Reset() { + *x = Event{} + if protoimpl.UnsafeEnabled { + mi := &file_attest_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *Event) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Event) ProtoMessage() {} + +func (x *Event) ProtoReflect() protoreflect.Message { + mi := &file_attest_proto_msgTypes[3] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Event.ProtoReflect.Descriptor instead. +func (*Event) Descriptor() ([]byte, []int) { + return file_attest_proto_rawDescGZIP(), []int{3} +} + +func (x *Event) GetPcrIndex() uint32 { + if x != nil { + return x.PcrIndex + } + return 0 +} + +func (x *Event) GetUntrustedType() uint32 { + if x != nil { + return x.UntrustedType + } + return 0 +} + +func (x *Event) GetData() []byte { + if x != nil { + return x.Data + } + return nil +} + +func (x *Event) GetDigest() []byte { + if x != nil { + return x.Digest + } + return nil +} + +func (x *Event) GetDigestVerified() bool { + if x != nil { + return x.DigestVerified + } + return false +} + +type Certificate struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // The representation of the certificate. If the certificate matches a + // well-known certificate above, representation should contain the value in + // the enum. Otherwise, it will contain the raw DER. + // + // Types that are assignable to Representation: + // *Certificate_Der + // *Certificate_WellKnown + Representation isCertificate_Representation `protobuf_oneof:"representation"` +} + +func (x *Certificate) Reset() { + *x = Certificate{} + if protoimpl.UnsafeEnabled { + mi := &file_attest_proto_msgTypes[4] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *Certificate) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Certificate) ProtoMessage() {} + +func (x *Certificate) ProtoReflect() protoreflect.Message { + mi := &file_attest_proto_msgTypes[4] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Certificate.ProtoReflect.Descriptor instead. +func (*Certificate) Descriptor() ([]byte, []int) { + return file_attest_proto_rawDescGZIP(), []int{4} +} + +func (m *Certificate) GetRepresentation() isCertificate_Representation { + if m != nil { + return m.Representation + } + return nil +} + +func (x *Certificate) GetDer() []byte { + if x, ok := x.GetRepresentation().(*Certificate_Der); ok { + return x.Der + } + return nil +} + +func (x *Certificate) GetWellKnown() WellKnownCertificate { + if x, ok := x.GetRepresentation().(*Certificate_WellKnown); ok { + return x.WellKnown + } + return WellKnownCertificate_UNKNOWN +} + +type isCertificate_Representation interface { + isCertificate_Representation() +} + +type Certificate_Der struct { + // DER representation of the certificate. + Der []byte `protobuf:"bytes,1,opt,name=der,proto3,oneof"` +} + +type Certificate_WellKnown struct { + WellKnown WellKnownCertificate `protobuf:"varint,2,opt,name=well_known,json=wellKnown,proto3,enum=attest.WellKnownCertificate,oneof"` +} + +func (*Certificate_Der) isCertificate_Representation() {} + +func (*Certificate_WellKnown) isCertificate_Representation() {} + +// A Secure Boot database containing lists of hashes and certificates, +// as defined by section 32.4.1 Signature Database in the UEFI spec. +type Database struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Certs []*Certificate `protobuf:"bytes,1,rep,name=certs,proto3" json:"certs,omitempty"` + Hashes [][]byte `protobuf:"bytes,2,rep,name=hashes,proto3" json:"hashes,omitempty"` +} + +func (x *Database) Reset() { + *x = Database{} + if protoimpl.UnsafeEnabled { + mi := &file_attest_proto_msgTypes[5] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *Database) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Database) ProtoMessage() {} + +func (x *Database) ProtoReflect() protoreflect.Message { + mi := &file_attest_proto_msgTypes[5] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Database.ProtoReflect.Descriptor instead. +func (*Database) Descriptor() ([]byte, []int) { + return file_attest_proto_rawDescGZIP(), []int{5} +} + +func (x *Database) GetCerts() []*Certificate { + if x != nil { + return x.Certs + } + return nil +} + +func (x *Database) GetHashes() [][]byte { + if x != nil { + return x.Hashes + } + return nil +} + +// The Secure Boot state for this instance. +type SecureBootState struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Whether Secure Boot is enabled. + Enabled bool `protobuf:"varint,1,opt,name=enabled,proto3" json:"enabled,omitempty"` + // The Secure Boot signature (allowed) database. + Db *Database `protobuf:"bytes,2,opt,name=db,proto3" json:"db,omitempty"` + // The Secure Boot revoked signature (forbidden) database. + Dbx *Database `protobuf:"bytes,3,opt,name=dbx,proto3" json:"dbx,omitempty"` + // Authority events post-separator. Pre-separator authorities + // are currently not supported. + Authority *Database `protobuf:"bytes,4,opt,name=authority,proto3" json:"authority,omitempty"` +} + +func (x *SecureBootState) Reset() { + *x = SecureBootState{} + if protoimpl.UnsafeEnabled { + mi := &file_attest_proto_msgTypes[6] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *SecureBootState) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*SecureBootState) ProtoMessage() {} + +func (x *SecureBootState) ProtoReflect() protoreflect.Message { + mi := &file_attest_proto_msgTypes[6] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use SecureBootState.ProtoReflect.Descriptor instead. +func (*SecureBootState) Descriptor() ([]byte, []int) { + return file_attest_proto_rawDescGZIP(), []int{6} +} + +func (x *SecureBootState) GetEnabled() bool { + if x != nil { + return x.Enabled + } + return false +} + +func (x *SecureBootState) GetDb() *Database { + if x != nil { + return x.Db + } + return nil +} + +func (x *SecureBootState) GetDbx() *Database { + if x != nil { + return x.Dbx + } + return nil +} + +func (x *SecureBootState) GetAuthority() *Database { + if x != nil { + return x.Authority + } + return nil +} + +type ContainerState struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + ImageReference string `protobuf:"bytes,1,opt,name=image_reference,json=imageReference,proto3" json:"image_reference,omitempty"` + // Digest of the registry's image manifest, which contains a list of the + // layers comprising the image. + ImageDigest string `protobuf:"bytes,2,opt,name=image_digest,json=imageDigest,proto3" json:"image_digest,omitempty"` + RestartPolicy RestartPolicy `protobuf:"varint,3,opt,name=restart_policy,json=restartPolicy,proto3,enum=attest.RestartPolicy" json:"restart_policy,omitempty"` + // Digest of the local image configuration object, containing config items + // such as local layer digests. + ImageId string `protobuf:"bytes,4,opt,name=image_id,json=imageId,proto3" json:"image_id,omitempty"` + Args []string `protobuf:"bytes,5,rep,name=args,proto3" json:"args,omitempty"` + EnvVars map[string]string `protobuf:"bytes,6,rep,name=env_vars,json=envVars,proto3" json:"env_vars,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` +} + +func (x *ContainerState) Reset() { + *x = ContainerState{} + if protoimpl.UnsafeEnabled { + mi := &file_attest_proto_msgTypes[7] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *ContainerState) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ContainerState) ProtoMessage() {} + +func (x *ContainerState) ProtoReflect() protoreflect.Message { + mi := &file_attest_proto_msgTypes[7] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ContainerState.ProtoReflect.Descriptor instead. +func (*ContainerState) Descriptor() ([]byte, []int) { + return file_attest_proto_rawDescGZIP(), []int{7} +} + +func (x *ContainerState) GetImageReference() string { + if x != nil { + return x.ImageReference + } + return "" +} + +func (x *ContainerState) GetImageDigest() string { + if x != nil { + return x.ImageDigest + } + return "" +} + +func (x *ContainerState) GetRestartPolicy() RestartPolicy { + if x != nil { + return x.RestartPolicy + } + return RestartPolicy_Always +} + +func (x *ContainerState) GetImageId() string { + if x != nil { + return x.ImageId + } + return "" +} + +func (x *ContainerState) GetArgs() []string { + if x != nil { + return x.Args + } + return nil +} + +func (x *ContainerState) GetEnvVars() map[string]string { + if x != nil { + return x.EnvVars + } + return nil +} + +type SemanticVersion struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Major uint32 `protobuf:"varint,1,opt,name=major,proto3" json:"major,omitempty"` + Minor uint32 `protobuf:"varint,2,opt,name=minor,proto3" json:"minor,omitempty"` + Patch uint32 `protobuf:"varint,3,opt,name=patch,proto3" json:"patch,omitempty"` +} + +func (x *SemanticVersion) Reset() { + *x = SemanticVersion{} + if protoimpl.UnsafeEnabled { + mi := &file_attest_proto_msgTypes[8] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *SemanticVersion) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*SemanticVersion) ProtoMessage() {} + +func (x *SemanticVersion) ProtoReflect() protoreflect.Message { + mi := &file_attest_proto_msgTypes[8] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use SemanticVersion.ProtoReflect.Descriptor instead. +func (*SemanticVersion) Descriptor() ([]byte, []int) { + return file_attest_proto_rawDescGZIP(), []int{8} +} + +func (x *SemanticVersion) GetMajor() uint32 { + if x != nil { + return x.Major + } + return 0 +} + +func (x *SemanticVersion) GetMinor() uint32 { + if x != nil { + return x.Minor + } + return 0 +} + +func (x *SemanticVersion) GetPatch() uint32 { + if x != nil { + return x.Patch + } + return 0 +} + +type AttestedCosState struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Container *ContainerState `protobuf:"bytes,1,opt,name=container,proto3" json:"container,omitempty"` + CosVersion *SemanticVersion `protobuf:"bytes,2,opt,name=cos_version,json=cosVersion,proto3" json:"cos_version,omitempty"` + LauncherVersion *SemanticVersion `protobuf:"bytes,3,opt,name=launcher_version,json=launcherVersion,proto3" json:"launcher_version,omitempty"` +} + +func (x *AttestedCosState) Reset() { + *x = AttestedCosState{} + if protoimpl.UnsafeEnabled { + mi := &file_attest_proto_msgTypes[9] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *AttestedCosState) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*AttestedCosState) ProtoMessage() {} + +func (x *AttestedCosState) ProtoReflect() protoreflect.Message { + mi := &file_attest_proto_msgTypes[9] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use AttestedCosState.ProtoReflect.Descriptor instead. +func (*AttestedCosState) Descriptor() ([]byte, []int) { + return file_attest_proto_rawDescGZIP(), []int{9} +} + +func (x *AttestedCosState) GetContainer() *ContainerState { + if x != nil { + return x.Container + } + return nil +} + +func (x *AttestedCosState) GetCosVersion() *SemanticVersion { + if x != nil { + return x.CosVersion + } + return nil +} + +func (x *AttestedCosState) GetLauncherVersion() *SemanticVersion { + if x != nil { + return x.LauncherVersion + } + return nil +} + +// The verified state of a booted machine, obtained from an Attestation +type MachineState struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Platform *PlatformState `protobuf:"bytes,1,opt,name=platform,proto3" json:"platform,omitempty"` + SecureBoot *SecureBootState `protobuf:"bytes,2,opt,name=secure_boot,json=secureBoot,proto3" json:"secure_boot,omitempty"` + // The complete parsed TCG Event Log, including those events used to + // create the PlatformState. + RawEvents []*Event `protobuf:"bytes,3,rep,name=raw_events,json=rawEvents,proto3" json:"raw_events,omitempty"` + // The hash algorithm used when verifying the Attestation. This indicates: + // - which PCR bank was used for for quote validation and event log replay + // - the hash algorithm used to calculate event digests + Hash tpm.HashAlgo `protobuf:"varint,4,opt,name=hash,proto3,enum=tpm.HashAlgo" json:"hash,omitempty"` + Cos *AttestedCosState `protobuf:"bytes,7,opt,name=cos,proto3" json:"cos,omitempty"` +} + +func (x *MachineState) Reset() { + *x = MachineState{} + if protoimpl.UnsafeEnabled { + mi := &file_attest_proto_msgTypes[10] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *MachineState) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*MachineState) ProtoMessage() {} + +func (x *MachineState) ProtoReflect() protoreflect.Message { + mi := &file_attest_proto_msgTypes[10] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use MachineState.ProtoReflect.Descriptor instead. +func (*MachineState) Descriptor() ([]byte, []int) { + return file_attest_proto_rawDescGZIP(), []int{10} +} + +func (x *MachineState) GetPlatform() *PlatformState { + if x != nil { + return x.Platform + } + return nil +} + +func (x *MachineState) GetSecureBoot() *SecureBootState { + if x != nil { + return x.SecureBoot + } + return nil +} + +func (x *MachineState) GetRawEvents() []*Event { + if x != nil { + return x.RawEvents + } + return nil +} + +func (x *MachineState) GetHash() tpm.HashAlgo { + if x != nil { + return x.Hash + } + return tpm.HashAlgo(0) +} + +func (x *MachineState) GetCos() *AttestedCosState { + if x != nil { + return x.Cos + } + return nil +} + +// A policy dictating which values of PlatformState to allow +type PlatformPolicy struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // If PlatformState.firmware contains a scrtm_version_id, it must appear + // in this list. For use with a GCE VM, minimum_gce_firmware_version is + // often a better alternative. + AllowedScrtmVersionIds [][]byte `protobuf:"bytes,1,rep,name=allowed_scrtm_version_ids,json=allowedScrtmVersionIds,proto3" json:"allowed_scrtm_version_ids,omitempty"` + // If PlatformState.firmware contains a minimum_gce_firmware_version, it must + // be greater than or equal to this value. Currently, the max version is 1. + MinimumGceFirmwareVersion uint32 `protobuf:"varint,2,opt,name=minimum_gce_firmware_version,json=minimumGceFirmwareVersion,proto3" json:"minimum_gce_firmware_version,omitempty"` + // The PlatformState's technology must be at least as secure as + // the specified minimum_technology (i.e. AMD_SEV_ES > AMD_SEV > NONE). + MinimumTechnology GCEConfidentialTechnology `protobuf:"varint,3,opt,name=minimum_technology,json=minimumTechnology,proto3,enum=attest.GCEConfidentialTechnology" json:"minimum_technology,omitempty"` +} + +func (x *PlatformPolicy) Reset() { + *x = PlatformPolicy{} + if protoimpl.UnsafeEnabled { + mi := &file_attest_proto_msgTypes[11] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *PlatformPolicy) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*PlatformPolicy) ProtoMessage() {} + +func (x *PlatformPolicy) ProtoReflect() protoreflect.Message { + mi := &file_attest_proto_msgTypes[11] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use PlatformPolicy.ProtoReflect.Descriptor instead. +func (*PlatformPolicy) Descriptor() ([]byte, []int) { + return file_attest_proto_rawDescGZIP(), []int{11} +} + +func (x *PlatformPolicy) GetAllowedScrtmVersionIds() [][]byte { + if x != nil { + return x.AllowedScrtmVersionIds + } + return nil +} + +func (x *PlatformPolicy) GetMinimumGceFirmwareVersion() uint32 { + if x != nil { + return x.MinimumGceFirmwareVersion + } + return 0 +} + +func (x *PlatformPolicy) GetMinimumTechnology() GCEConfidentialTechnology { + if x != nil { + return x.MinimumTechnology + } + return GCEConfidentialTechnology_NONE +} + +// A policy dictating which type of MachineStates to allow +type Policy struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Platform *PlatformPolicy `protobuf:"bytes,1,opt,name=platform,proto3" json:"platform,omitempty"` +} + +func (x *Policy) Reset() { + *x = Policy{} + if protoimpl.UnsafeEnabled { + mi := &file_attest_proto_msgTypes[12] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *Policy) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Policy) ProtoMessage() {} + +func (x *Policy) ProtoReflect() protoreflect.Message { + mi := &file_attest_proto_msgTypes[12] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Policy.ProtoReflect.Descriptor instead. +func (*Policy) Descriptor() ([]byte, []int) { + return file_attest_proto_rawDescGZIP(), []int{12} +} + +func (x *Policy) GetPlatform() *PlatformPolicy { + if x != nil { + return x.Platform + } + return nil +} + +var File_attest_proto protoreflect.FileDescriptor + +var file_attest_proto_rawDesc = []byte{ + 0x0a, 0x0c, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x06, + 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x1a, 0x09, 0x74, 0x70, 0x6d, 0x2e, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x22, 0xb1, 0x01, 0x0a, 0x0f, 0x47, 0x43, 0x45, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, + 0x65, 0x49, 0x6e, 0x66, 0x6f, 0x12, 0x12, 0x0a, 0x04, 0x7a, 0x6f, 0x6e, 0x65, 0x18, 0x01, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x04, 0x7a, 0x6f, 0x6e, 0x65, 0x12, 0x1d, 0x0a, 0x0a, 0x70, 0x72, 0x6f, + 0x6a, 0x65, 0x63, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x70, + 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x49, 0x64, 0x12, 0x25, 0x0a, 0x0e, 0x70, 0x72, 0x6f, 0x6a, + 0x65, 0x63, 0x74, 0x5f, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x04, + 0x52, 0x0d, 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x4e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x12, + 0x23, 0x0a, 0x0d, 0x69, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x5f, 0x6e, 0x61, 0x6d, 0x65, + 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x69, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, + 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x69, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, + 0x5f, 0x69, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0a, 0x69, 0x6e, 0x73, 0x74, 0x61, + 0x6e, 0x63, 0x65, 0x49, 0x64, 0x22, 0xec, 0x01, 0x0a, 0x0b, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, + 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x15, 0x0a, 0x06, 0x61, 0x6b, 0x5f, 0x70, 0x75, 0x62, 0x18, + 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x05, 0x61, 0x6b, 0x50, 0x75, 0x62, 0x12, 0x22, 0x0a, 0x06, + 0x71, 0x75, 0x6f, 0x74, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0a, 0x2e, 0x74, + 0x70, 0x6d, 0x2e, 0x51, 0x75, 0x6f, 0x74, 0x65, 0x52, 0x06, 0x71, 0x75, 0x6f, 0x74, 0x65, 0x73, + 0x12, 0x1b, 0x0a, 0x09, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x5f, 0x6c, 0x6f, 0x67, 0x18, 0x03, 0x20, + 0x01, 0x28, 0x0c, 0x52, 0x08, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x4c, 0x6f, 0x67, 0x12, 0x3c, 0x0a, + 0x0d, 0x69, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x18, 0x04, + 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x47, 0x43, + 0x45, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x49, 0x6e, 0x66, 0x6f, 0x52, 0x0c, 0x69, + 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x49, 0x6e, 0x66, 0x6f, 0x12, 0x2e, 0x0a, 0x13, 0x63, + 0x61, 0x6e, 0x6f, 0x6e, 0x69, 0x63, 0x61, 0x6c, 0x5f, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x5f, 0x6c, + 0x6f, 0x67, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x11, 0x63, 0x61, 0x6e, 0x6f, 0x6e, 0x69, + 0x63, 0x61, 0x6c, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x4c, 0x6f, 0x67, 0x12, 0x17, 0x0a, 0x07, 0x61, + 0x6b, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x06, 0x61, 0x6b, + 0x43, 0x65, 0x72, 0x74, 0x22, 0xeb, 0x01, 0x0a, 0x0d, 0x50, 0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72, + 0x6d, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x2a, 0x0a, 0x10, 0x73, 0x63, 0x72, 0x74, 0x6d, 0x5f, + 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, + 0x48, 0x00, 0x52, 0x0e, 0x73, 0x63, 0x72, 0x74, 0x6d, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, + 0x49, 0x64, 0x12, 0x21, 0x0a, 0x0b, 0x67, 0x63, 0x65, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, + 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x48, 0x00, 0x52, 0x0a, 0x67, 0x63, 0x65, 0x56, 0x65, + 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x41, 0x0a, 0x0a, 0x74, 0x65, 0x63, 0x68, 0x6e, 0x6f, 0x6c, + 0x6f, 0x67, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x21, 0x2e, 0x61, 0x74, 0x74, 0x65, + 0x73, 0x74, 0x2e, 0x47, 0x43, 0x45, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, + 0x61, 0x6c, 0x54, 0x65, 0x63, 0x68, 0x6e, 0x6f, 0x6c, 0x6f, 0x67, 0x79, 0x52, 0x0a, 0x74, 0x65, + 0x63, 0x68, 0x6e, 0x6f, 0x6c, 0x6f, 0x67, 0x79, 0x12, 0x3c, 0x0a, 0x0d, 0x69, 0x6e, 0x73, 0x74, + 0x61, 0x6e, 0x63, 0x65, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x17, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x47, 0x43, 0x45, 0x49, 0x6e, 0x73, 0x74, + 0x61, 0x6e, 0x63, 0x65, 0x49, 0x6e, 0x66, 0x6f, 0x52, 0x0c, 0x69, 0x6e, 0x73, 0x74, 0x61, 0x6e, + 0x63, 0x65, 0x49, 0x6e, 0x66, 0x6f, 0x42, 0x0a, 0x0a, 0x08, 0x66, 0x69, 0x72, 0x6d, 0x77, 0x61, + 0x72, 0x65, 0x22, 0xa0, 0x01, 0x0a, 0x05, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x12, 0x1b, 0x0a, 0x09, + 0x70, 0x63, 0x72, 0x5f, 0x69, 0x6e, 0x64, 0x65, 0x78, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, 0x52, + 0x08, 0x70, 0x63, 0x72, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x12, 0x25, 0x0a, 0x0e, 0x75, 0x6e, 0x74, + 0x72, 0x75, 0x73, 0x74, 0x65, 0x64, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, + 0x0d, 0x52, 0x0d, 0x75, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x65, 0x64, 0x54, 0x79, 0x70, 0x65, + 0x12, 0x12, 0x0a, 0x04, 0x64, 0x61, 0x74, 0x61, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x04, + 0x64, 0x61, 0x74, 0x61, 0x12, 0x16, 0x0a, 0x06, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x18, 0x04, + 0x20, 0x01, 0x28, 0x0c, 0x52, 0x06, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x12, 0x27, 0x0a, 0x0f, + 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x5f, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x65, 0x64, 0x18, + 0x05, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0e, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x56, 0x65, 0x72, + 0x69, 0x66, 0x69, 0x65, 0x64, 0x22, 0x72, 0x0a, 0x0b, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, + 0x63, 0x61, 0x74, 0x65, 0x12, 0x12, 0x0a, 0x03, 0x64, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x0c, 0x48, 0x00, 0x52, 0x03, 0x64, 0x65, 0x72, 0x12, 0x3d, 0x0a, 0x0a, 0x77, 0x65, 0x6c, 0x6c, + 0x5f, 0x6b, 0x6e, 0x6f, 0x77, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x1c, 0x2e, 0x61, + 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x57, 0x65, 0x6c, 0x6c, 0x4b, 0x6e, 0x6f, 0x77, 0x6e, 0x43, + 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x48, 0x00, 0x52, 0x09, 0x77, 0x65, + 0x6c, 0x6c, 0x4b, 0x6e, 0x6f, 0x77, 0x6e, 0x42, 0x10, 0x0a, 0x0e, 0x72, 0x65, 0x70, 0x72, 0x65, + 0x73, 0x65, 0x6e, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x4d, 0x0a, 0x08, 0x44, 0x61, 0x74, + 0x61, 0x62, 0x61, 0x73, 0x65, 0x12, 0x29, 0x0a, 0x05, 0x63, 0x65, 0x72, 0x74, 0x73, 0x18, 0x01, + 0x20, 0x03, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x43, 0x65, + 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x05, 0x63, 0x65, 0x72, 0x74, 0x73, + 0x12, 0x16, 0x0a, 0x06, 0x68, 0x61, 0x73, 0x68, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0c, + 0x52, 0x06, 0x68, 0x61, 0x73, 0x68, 0x65, 0x73, 0x22, 0xa1, 0x01, 0x0a, 0x0f, 0x53, 0x65, 0x63, + 0x75, 0x72, 0x65, 0x42, 0x6f, 0x6f, 0x74, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x18, 0x0a, 0x07, + 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x65, + 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x12, 0x20, 0x0a, 0x02, 0x64, 0x62, 0x18, 0x02, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x10, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x44, 0x61, 0x74, 0x61, + 0x62, 0x61, 0x73, 0x65, 0x52, 0x02, 0x64, 0x62, 0x12, 0x22, 0x0a, 0x03, 0x64, 0x62, 0x78, 0x18, + 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x10, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x44, + 0x61, 0x74, 0x61, 0x62, 0x61, 0x73, 0x65, 0x52, 0x03, 0x64, 0x62, 0x78, 0x12, 0x2e, 0x0a, 0x09, + 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x10, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x44, 0x61, 0x74, 0x61, 0x62, 0x61, 0x73, + 0x65, 0x52, 0x09, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x22, 0xc5, 0x02, 0x0a, + 0x0e, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, + 0x27, 0x0a, 0x0f, 0x69, 0x6d, 0x61, 0x67, 0x65, 0x5f, 0x72, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, + 0x63, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x69, 0x6d, 0x61, 0x67, 0x65, 0x52, + 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x12, 0x21, 0x0a, 0x0c, 0x69, 0x6d, 0x61, 0x67, + 0x65, 0x5f, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, + 0x69, 0x6d, 0x61, 0x67, 0x65, 0x44, 0x69, 0x67, 0x65, 0x73, 0x74, 0x12, 0x3c, 0x0a, 0x0e, 0x72, + 0x65, 0x73, 0x74, 0x61, 0x72, 0x74, 0x5f, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x18, 0x03, 0x20, + 0x01, 0x28, 0x0e, 0x32, 0x15, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x52, 0x65, 0x73, + 0x74, 0x61, 0x72, 0x74, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x0d, 0x72, 0x65, 0x73, 0x74, + 0x61, 0x72, 0x74, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x19, 0x0a, 0x08, 0x69, 0x6d, 0x61, + 0x67, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x69, 0x6d, 0x61, + 0x67, 0x65, 0x49, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x61, 0x72, 0x67, 0x73, 0x18, 0x05, 0x20, 0x03, + 0x28, 0x09, 0x52, 0x04, 0x61, 0x72, 0x67, 0x73, 0x12, 0x3e, 0x0a, 0x08, 0x65, 0x6e, 0x76, 0x5f, + 0x76, 0x61, 0x72, 0x73, 0x18, 0x06, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x23, 0x2e, 0x61, 0x74, 0x74, + 0x65, 0x73, 0x74, 0x2e, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x53, 0x74, 0x61, + 0x74, 0x65, 0x2e, 0x45, 0x6e, 0x76, 0x56, 0x61, 0x72, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, + 0x07, 0x65, 0x6e, 0x76, 0x56, 0x61, 0x72, 0x73, 0x1a, 0x3a, 0x0a, 0x0c, 0x45, 0x6e, 0x76, 0x56, + 0x61, 0x72, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, + 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, + 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, + 0x3a, 0x02, 0x38, 0x01, 0x22, 0x53, 0x0a, 0x0f, 0x53, 0x65, 0x6d, 0x61, 0x6e, 0x74, 0x69, 0x63, + 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x14, 0x0a, 0x05, 0x6d, 0x61, 0x6a, 0x6f, 0x72, + 0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x05, 0x6d, 0x61, 0x6a, 0x6f, 0x72, 0x12, 0x14, 0x0a, + 0x05, 0x6d, 0x69, 0x6e, 0x6f, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x05, 0x6d, 0x69, + 0x6e, 0x6f, 0x72, 0x12, 0x14, 0x0a, 0x05, 0x70, 0x61, 0x74, 0x63, 0x68, 0x18, 0x03, 0x20, 0x01, + 0x28, 0x0d, 0x52, 0x05, 0x70, 0x61, 0x74, 0x63, 0x68, 0x22, 0xc6, 0x01, 0x0a, 0x10, 0x41, 0x74, + 0x74, 0x65, 0x73, 0x74, 0x65, 0x64, 0x43, 0x6f, 0x73, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x34, + 0x0a, 0x09, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x0b, 0x32, 0x16, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x43, 0x6f, 0x6e, 0x74, 0x61, + 0x69, 0x6e, 0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x09, 0x63, 0x6f, 0x6e, 0x74, 0x61, + 0x69, 0x6e, 0x65, 0x72, 0x12, 0x38, 0x0a, 0x0b, 0x63, 0x6f, 0x73, 0x5f, 0x76, 0x65, 0x72, 0x73, + 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x61, 0x74, 0x74, 0x65, + 0x73, 0x74, 0x2e, 0x53, 0x65, 0x6d, 0x61, 0x6e, 0x74, 0x69, 0x63, 0x56, 0x65, 0x72, 0x73, 0x69, + 0x6f, 0x6e, 0x52, 0x0a, 0x63, 0x6f, 0x73, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x42, + 0x0a, 0x10, 0x6c, 0x61, 0x75, 0x6e, 0x63, 0x68, 0x65, 0x72, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, + 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, + 0x74, 0x2e, 0x53, 0x65, 0x6d, 0x61, 0x6e, 0x74, 0x69, 0x63, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, + 0x6e, 0x52, 0x0f, 0x6c, 0x61, 0x75, 0x6e, 0x63, 0x68, 0x65, 0x72, 0x56, 0x65, 0x72, 0x73, 0x69, + 0x6f, 0x6e, 0x22, 0xf8, 0x01, 0x0a, 0x0c, 0x4d, 0x61, 0x63, 0x68, 0x69, 0x6e, 0x65, 0x53, 0x74, + 0x61, 0x74, 0x65, 0x12, 0x31, 0x0a, 0x08, 0x70, 0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x18, + 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x15, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x50, + 0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x08, 0x70, 0x6c, + 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x12, 0x38, 0x0a, 0x0b, 0x73, 0x65, 0x63, 0x75, 0x72, 0x65, + 0x5f, 0x62, 0x6f, 0x6f, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x61, 0x74, + 0x74, 0x65, 0x73, 0x74, 0x2e, 0x53, 0x65, 0x63, 0x75, 0x72, 0x65, 0x42, 0x6f, 0x6f, 0x74, 0x53, + 0x74, 0x61, 0x74, 0x65, 0x52, 0x0a, 0x73, 0x65, 0x63, 0x75, 0x72, 0x65, 0x42, 0x6f, 0x6f, 0x74, + 0x12, 0x2c, 0x0a, 0x0a, 0x72, 0x61, 0x77, 0x5f, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x73, 0x18, 0x03, + 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0d, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x45, 0x76, + 0x65, 0x6e, 0x74, 0x52, 0x09, 0x72, 0x61, 0x77, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x73, 0x12, 0x21, + 0x0a, 0x04, 0x68, 0x61, 0x73, 0x68, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x0d, 0x2e, 0x74, + 0x70, 0x6d, 0x2e, 0x48, 0x61, 0x73, 0x68, 0x41, 0x6c, 0x67, 0x6f, 0x52, 0x04, 0x68, 0x61, 0x73, + 0x68, 0x12, 0x2a, 0x0a, 0x03, 0x63, 0x6f, 0x73, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x18, + 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, 0x65, 0x64, + 0x43, 0x6f, 0x73, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x03, 0x63, 0x6f, 0x73, 0x22, 0xde, 0x01, + 0x0a, 0x0e, 0x50, 0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, + 0x12, 0x39, 0x0a, 0x19, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x65, 0x64, 0x5f, 0x73, 0x63, 0x72, 0x74, + 0x6d, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x5f, 0x69, 0x64, 0x73, 0x18, 0x01, 0x20, + 0x03, 0x28, 0x0c, 0x52, 0x16, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x65, 0x64, 0x53, 0x63, 0x72, 0x74, + 0x6d, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x49, 0x64, 0x73, 0x12, 0x3f, 0x0a, 0x1c, 0x6d, + 0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d, 0x5f, 0x67, 0x63, 0x65, 0x5f, 0x66, 0x69, 0x72, 0x6d, 0x77, + 0x61, 0x72, 0x65, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, + 0x0d, 0x52, 0x19, 0x6d, 0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d, 0x47, 0x63, 0x65, 0x46, 0x69, 0x72, + 0x6d, 0x77, 0x61, 0x72, 0x65, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x50, 0x0a, 0x12, + 0x6d, 0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d, 0x5f, 0x74, 0x65, 0x63, 0x68, 0x6e, 0x6f, 0x6c, 0x6f, + 0x67, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x21, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, + 0x74, 0x2e, 0x47, 0x43, 0x45, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, + 0x6c, 0x54, 0x65, 0x63, 0x68, 0x6e, 0x6f, 0x6c, 0x6f, 0x67, 0x79, 0x52, 0x11, 0x6d, 0x69, 0x6e, + 0x69, 0x6d, 0x75, 0x6d, 0x54, 0x65, 0x63, 0x68, 0x6e, 0x6f, 0x6c, 0x6f, 0x67, 0x79, 0x22, 0x3c, + 0x0a, 0x06, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x32, 0x0a, 0x08, 0x70, 0x6c, 0x61, 0x74, + 0x66, 0x6f, 0x72, 0x6d, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x61, 0x74, 0x74, + 0x65, 0x73, 0x74, 0x2e, 0x50, 0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x50, 0x6f, 0x6c, 0x69, + 0x63, 0x79, 0x52, 0x08, 0x70, 0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x2a, 0x42, 0x0a, 0x19, + 0x47, 0x43, 0x45, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x54, + 0x65, 0x63, 0x68, 0x6e, 0x6f, 0x6c, 0x6f, 0x67, 0x79, 0x12, 0x08, 0x0a, 0x04, 0x4e, 0x4f, 0x4e, + 0x45, 0x10, 0x00, 0x12, 0x0b, 0x0a, 0x07, 0x41, 0x4d, 0x44, 0x5f, 0x53, 0x45, 0x56, 0x10, 0x01, + 0x12, 0x0e, 0x0a, 0x0a, 0x41, 0x4d, 0x44, 0x5f, 0x53, 0x45, 0x56, 0x5f, 0x45, 0x53, 0x10, 0x02, + 0x2a, 0x62, 0x0a, 0x14, 0x57, 0x65, 0x6c, 0x6c, 0x4b, 0x6e, 0x6f, 0x77, 0x6e, 0x43, 0x65, 0x72, + 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x0b, 0x0a, 0x07, 0x55, 0x4e, 0x4b, 0x4e, + 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x1c, 0x0a, 0x18, 0x4d, 0x53, 0x5f, 0x57, 0x49, 0x4e, 0x44, + 0x4f, 0x57, 0x53, 0x5f, 0x50, 0x52, 0x4f, 0x44, 0x5f, 0x50, 0x43, 0x41, 0x5f, 0x32, 0x30, 0x31, + 0x31, 0x10, 0x01, 0x12, 0x1f, 0x0a, 0x1b, 0x4d, 0x53, 0x5f, 0x54, 0x48, 0x49, 0x52, 0x44, 0x5f, + 0x50, 0x41, 0x52, 0x54, 0x59, 0x5f, 0x55, 0x45, 0x46, 0x49, 0x5f, 0x43, 0x41, 0x5f, 0x32, 0x30, + 0x31, 0x31, 0x10, 0x02, 0x2a, 0x35, 0x0a, 0x0d, 0x52, 0x65, 0x73, 0x74, 0x61, 0x72, 0x74, 0x50, + 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x0a, 0x0a, 0x06, 0x41, 0x6c, 0x77, 0x61, 0x79, 0x73, 0x10, + 0x00, 0x12, 0x0d, 0x0a, 0x09, 0x4f, 0x6e, 0x46, 0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, 0x10, 0x01, + 0x12, 0x09, 0x0a, 0x05, 0x4e, 0x65, 0x76, 0x65, 0x72, 0x10, 0x02, 0x42, 0x2d, 0x5a, 0x2b, 0x67, + 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, + 0x2f, 0x67, 0x6f, 0x2d, 0x74, 0x70, 0x6d, 0x2d, 0x74, 0x6f, 0x6f, 0x6c, 0x73, 0x2f, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x2f, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x33, +} + +var ( + file_attest_proto_rawDescOnce sync.Once + file_attest_proto_rawDescData = file_attest_proto_rawDesc +) + +func file_attest_proto_rawDescGZIP() []byte { + file_attest_proto_rawDescOnce.Do(func() { + file_attest_proto_rawDescData = protoimpl.X.CompressGZIP(file_attest_proto_rawDescData) + }) + return file_attest_proto_rawDescData +} + +var file_attest_proto_enumTypes = make([]protoimpl.EnumInfo, 3) +var file_attest_proto_msgTypes = make([]protoimpl.MessageInfo, 14) +var file_attest_proto_goTypes = []interface{}{ + (GCEConfidentialTechnology)(0), // 0: attest.GCEConfidentialTechnology + (WellKnownCertificate)(0), // 1: attest.WellKnownCertificate + (RestartPolicy)(0), // 2: attest.RestartPolicy + (*GCEInstanceInfo)(nil), // 3: attest.GCEInstanceInfo + (*Attestation)(nil), // 4: attest.Attestation + (*PlatformState)(nil), // 5: attest.PlatformState + (*Event)(nil), // 6: attest.Event + (*Certificate)(nil), // 7: attest.Certificate + (*Database)(nil), // 8: attest.Database + (*SecureBootState)(nil), // 9: attest.SecureBootState + (*ContainerState)(nil), // 10: attest.ContainerState + (*SemanticVersion)(nil), // 11: attest.SemanticVersion + (*AttestedCosState)(nil), // 12: attest.AttestedCosState + (*MachineState)(nil), // 13: attest.MachineState + (*PlatformPolicy)(nil), // 14: attest.PlatformPolicy + (*Policy)(nil), // 15: attest.Policy + nil, // 16: attest.ContainerState.EnvVarsEntry + (*tpm.Quote)(nil), // 17: tpm.Quote + (tpm.HashAlgo)(0), // 18: tpm.HashAlgo +} +var file_attest_proto_depIdxs = []int32{ + 17, // 0: attest.Attestation.quotes:type_name -> tpm.Quote + 3, // 1: attest.Attestation.instance_info:type_name -> attest.GCEInstanceInfo + 0, // 2: attest.PlatformState.technology:type_name -> attest.GCEConfidentialTechnology + 3, // 3: attest.PlatformState.instance_info:type_name -> attest.GCEInstanceInfo + 1, // 4: attest.Certificate.well_known:type_name -> attest.WellKnownCertificate + 7, // 5: attest.Database.certs:type_name -> attest.Certificate + 8, // 6: attest.SecureBootState.db:type_name -> attest.Database + 8, // 7: attest.SecureBootState.dbx:type_name -> attest.Database + 8, // 8: attest.SecureBootState.authority:type_name -> attest.Database + 2, // 9: attest.ContainerState.restart_policy:type_name -> attest.RestartPolicy + 16, // 10: attest.ContainerState.env_vars:type_name -> attest.ContainerState.EnvVarsEntry + 10, // 11: attest.AttestedCosState.container:type_name -> attest.ContainerState + 11, // 12: attest.AttestedCosState.cos_version:type_name -> attest.SemanticVersion + 11, // 13: attest.AttestedCosState.launcher_version:type_name -> attest.SemanticVersion + 5, // 14: attest.MachineState.platform:type_name -> attest.PlatformState + 9, // 15: attest.MachineState.secure_boot:type_name -> attest.SecureBootState + 6, // 16: attest.MachineState.raw_events:type_name -> attest.Event + 18, // 17: attest.MachineState.hash:type_name -> tpm.HashAlgo + 12, // 18: attest.MachineState.cos:type_name -> attest.AttestedCosState + 0, // 19: attest.PlatformPolicy.minimum_technology:type_name -> attest.GCEConfidentialTechnology + 14, // 20: attest.Policy.platform:type_name -> attest.PlatformPolicy + 21, // [21:21] is the sub-list for method output_type + 21, // [21:21] is the sub-list for method input_type + 21, // [21:21] is the sub-list for extension type_name + 21, // [21:21] is the sub-list for extension extendee + 0, // [0:21] is the sub-list for field type_name +} + +func init() { file_attest_proto_init() } +func file_attest_proto_init() { + if File_attest_proto != nil { + return + } + if !protoimpl.UnsafeEnabled { + file_attest_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*GCEInstanceInfo); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_attest_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*Attestation); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_attest_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*PlatformState); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_attest_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*Event); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_attest_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*Certificate); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_attest_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*Database); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_attest_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*SecureBootState); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_attest_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ContainerState); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_attest_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*SemanticVersion); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_attest_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*AttestedCosState); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_attest_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*MachineState); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_attest_proto_msgTypes[11].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*PlatformPolicy); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_attest_proto_msgTypes[12].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*Policy); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + file_attest_proto_msgTypes[2].OneofWrappers = []interface{}{ + (*PlatformState_ScrtmVersionId)(nil), + (*PlatformState_GceVersion)(nil), + } + file_attest_proto_msgTypes[4].OneofWrappers = []interface{}{ + (*Certificate_Der)(nil), + (*Certificate_WellKnown)(nil), + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_attest_proto_rawDesc, + NumEnums: 3, + NumMessages: 14, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_attest_proto_goTypes, + DependencyIndexes: file_attest_proto_depIdxs, + EnumInfos: file_attest_proto_enumTypes, + MessageInfos: file_attest_proto_msgTypes, + }.Build() + File_attest_proto = out.File + file_attest_proto_rawDesc = nil + file_attest_proto_goTypes = nil + file_attest_proto_depIdxs = nil +} diff --git a/vendor/github.com/google/go-tpm-tools/proto/doc.go b/vendor/github.com/google/go-tpm-tools/proto/doc.go new file mode 100644 index 000000000..836b3a494 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/proto/doc.go @@ -0,0 +1,22 @@ +// Package proto contains protocol buffers that are exchanged between the client +// and server. +// +// Generating Protocol Buffer Code +// +// Anytime the Protocol Buffer definitions change, the generated Go code must be +// regenerated. This can be done with "go generate". Just run: +// go generate ./... +// +// Upstream documentation: +// https://developers.google.com/protocol-buffers/docs/reference/go-generated +// +// Code Generation Dependencies +// +// To generate the Go code, your system must have "protoc" installed. See: +// https://github.com/protocolbuffers/protobuf#protocol-compiler-installation +// +// The "protoc-gen-go" tool must also be installed. To install it, run: +// go install google.golang.org/protobuf/cmd/protoc-gen-go +package proto + +//go:generate protoc --go_out=. --go_opt=module=github.com/google/go-tpm-tools/proto tpm.proto attest.proto diff --git a/vendor/github.com/google/go-tpm-tools/proto/tpm.proto b/vendor/github.com/google/go-tpm-tools/proto/tpm.proto new file mode 100644 index 000000000..2692d6a10 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/proto/tpm.proto @@ -0,0 +1,54 @@ +syntax = "proto3"; + +package tpm; +option go_package = "github.com/google/go-tpm-tools/proto/tpm"; + +// Enum values come from TCG Algorithm Registry - v1.27 - Table 3 +enum ObjectType { + OBJECT_INVALID = 0x0000; + RSA = 0x0001; + ECC = 0x0023; +} + +enum HashAlgo { + HASH_INVALID = 0x0000; + SHA1 = 0x0004; + SHA256 = 0x000B; + SHA384 = 0x000C; + SHA512 = 0x000D; +} + +// SealedBytes stores the result of a TPM2_Seal. The private portion (priv) has +// already been encrypted and is no longer sensitive. The hash algorithm is +// assumed to be SHA256. +message SealedBytes { + bytes priv = 1; + bytes pub = 2; + repeated uint32 pcrs = 3; + HashAlgo hash = 4; + ObjectType srk = 5; + PCRs certified_pcrs = 6; + bytes creation_data = 7; + bytes ticket = 8; +} + +message ImportBlob { + bytes duplicate = 1; + bytes encrypted_seed = 2; + bytes public_area = 3; + PCRs pcrs = 4; +} + +message Quote { + // TPM2 quote, encoded as a TPMS_ATTEST + bytes quote = 1; + // TPM2 signature, encoded as a TPMT_SIGNATURE + bytes raw_sig = 2; + // PCR values of the bank being quoted + PCRs pcrs = 3; +} + +message PCRs { + HashAlgo hash = 1; + map pcrs = 2; +} diff --git a/vendor/github.com/google/go-tpm-tools/proto/tpm/tpm.pb.go b/vendor/github.com/google/go-tpm-tools/proto/tpm/tpm.pb.go new file mode 100644 index 000000000..4bbf46f0a --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/proto/tpm/tpm.pb.go @@ -0,0 +1,595 @@ +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.27.1 +// protoc v3.19.1 +// source: tpm.proto + +package tpm + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +// Enum values come from TCG Algorithm Registry - v1.27 - Table 3 +type ObjectType int32 + +const ( + ObjectType_OBJECT_INVALID ObjectType = 0 + ObjectType_RSA ObjectType = 1 + ObjectType_ECC ObjectType = 35 +) + +// Enum value maps for ObjectType. +var ( + ObjectType_name = map[int32]string{ + 0: "OBJECT_INVALID", + 1: "RSA", + 35: "ECC", + } + ObjectType_value = map[string]int32{ + "OBJECT_INVALID": 0, + "RSA": 1, + "ECC": 35, + } +) + +func (x ObjectType) Enum() *ObjectType { + p := new(ObjectType) + *p = x + return p +} + +func (x ObjectType) String() string { + return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) +} + +func (ObjectType) Descriptor() protoreflect.EnumDescriptor { + return file_tpm_proto_enumTypes[0].Descriptor() +} + +func (ObjectType) Type() protoreflect.EnumType { + return &file_tpm_proto_enumTypes[0] +} + +func (x ObjectType) Number() protoreflect.EnumNumber { + return protoreflect.EnumNumber(x) +} + +// Deprecated: Use ObjectType.Descriptor instead. +func (ObjectType) EnumDescriptor() ([]byte, []int) { + return file_tpm_proto_rawDescGZIP(), []int{0} +} + +type HashAlgo int32 + +const ( + HashAlgo_HASH_INVALID HashAlgo = 0 + HashAlgo_SHA1 HashAlgo = 4 + HashAlgo_SHA256 HashAlgo = 11 + HashAlgo_SHA384 HashAlgo = 12 + HashAlgo_SHA512 HashAlgo = 13 +) + +// Enum value maps for HashAlgo. +var ( + HashAlgo_name = map[int32]string{ + 0: "HASH_INVALID", + 4: "SHA1", + 11: "SHA256", + 12: "SHA384", + 13: "SHA512", + } + HashAlgo_value = map[string]int32{ + "HASH_INVALID": 0, + "SHA1": 4, + "SHA256": 11, + "SHA384": 12, + "SHA512": 13, + } +) + +func (x HashAlgo) Enum() *HashAlgo { + p := new(HashAlgo) + *p = x + return p +} + +func (x HashAlgo) String() string { + return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) +} + +func (HashAlgo) Descriptor() protoreflect.EnumDescriptor { + return file_tpm_proto_enumTypes[1].Descriptor() +} + +func (HashAlgo) Type() protoreflect.EnumType { + return &file_tpm_proto_enumTypes[1] +} + +func (x HashAlgo) Number() protoreflect.EnumNumber { + return protoreflect.EnumNumber(x) +} + +// Deprecated: Use HashAlgo.Descriptor instead. +func (HashAlgo) EnumDescriptor() ([]byte, []int) { + return file_tpm_proto_rawDescGZIP(), []int{1} +} + +// SealedBytes stores the result of a TPM2_Seal. The private portion (priv) has +// already been encrypted and is no longer sensitive. The hash algorithm is +// assumed to be SHA256. +type SealedBytes struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Priv []byte `protobuf:"bytes,1,opt,name=priv,proto3" json:"priv,omitempty"` + Pub []byte `protobuf:"bytes,2,opt,name=pub,proto3" json:"pub,omitempty"` + Pcrs []uint32 `protobuf:"varint,3,rep,packed,name=pcrs,proto3" json:"pcrs,omitempty"` + Hash HashAlgo `protobuf:"varint,4,opt,name=hash,proto3,enum=tpm.HashAlgo" json:"hash,omitempty"` + Srk ObjectType `protobuf:"varint,5,opt,name=srk,proto3,enum=tpm.ObjectType" json:"srk,omitempty"` + CertifiedPcrs *PCRs `protobuf:"bytes,6,opt,name=certified_pcrs,json=certifiedPcrs,proto3" json:"certified_pcrs,omitempty"` + CreationData []byte `protobuf:"bytes,7,opt,name=creation_data,json=creationData,proto3" json:"creation_data,omitempty"` + Ticket []byte `protobuf:"bytes,8,opt,name=ticket,proto3" json:"ticket,omitempty"` +} + +func (x *SealedBytes) Reset() { + *x = SealedBytes{} + if protoimpl.UnsafeEnabled { + mi := &file_tpm_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *SealedBytes) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*SealedBytes) ProtoMessage() {} + +func (x *SealedBytes) ProtoReflect() protoreflect.Message { + mi := &file_tpm_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use SealedBytes.ProtoReflect.Descriptor instead. +func (*SealedBytes) Descriptor() ([]byte, []int) { + return file_tpm_proto_rawDescGZIP(), []int{0} +} + +func (x *SealedBytes) GetPriv() []byte { + if x != nil { + return x.Priv + } + return nil +} + +func (x *SealedBytes) GetPub() []byte { + if x != nil { + return x.Pub + } + return nil +} + +func (x *SealedBytes) GetPcrs() []uint32 { + if x != nil { + return x.Pcrs + } + return nil +} + +func (x *SealedBytes) GetHash() HashAlgo { + if x != nil { + return x.Hash + } + return HashAlgo_HASH_INVALID +} + +func (x *SealedBytes) GetSrk() ObjectType { + if x != nil { + return x.Srk + } + return ObjectType_OBJECT_INVALID +} + +func (x *SealedBytes) GetCertifiedPcrs() *PCRs { + if x != nil { + return x.CertifiedPcrs + } + return nil +} + +func (x *SealedBytes) GetCreationData() []byte { + if x != nil { + return x.CreationData + } + return nil +} + +func (x *SealedBytes) GetTicket() []byte { + if x != nil { + return x.Ticket + } + return nil +} + +type ImportBlob struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Duplicate []byte `protobuf:"bytes,1,opt,name=duplicate,proto3" json:"duplicate,omitempty"` + EncryptedSeed []byte `protobuf:"bytes,2,opt,name=encrypted_seed,json=encryptedSeed,proto3" json:"encrypted_seed,omitempty"` + PublicArea []byte `protobuf:"bytes,3,opt,name=public_area,json=publicArea,proto3" json:"public_area,omitempty"` + Pcrs *PCRs `protobuf:"bytes,4,opt,name=pcrs,proto3" json:"pcrs,omitempty"` +} + +func (x *ImportBlob) Reset() { + *x = ImportBlob{} + if protoimpl.UnsafeEnabled { + mi := &file_tpm_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *ImportBlob) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ImportBlob) ProtoMessage() {} + +func (x *ImportBlob) ProtoReflect() protoreflect.Message { + mi := &file_tpm_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ImportBlob.ProtoReflect.Descriptor instead. +func (*ImportBlob) Descriptor() ([]byte, []int) { + return file_tpm_proto_rawDescGZIP(), []int{1} +} + +func (x *ImportBlob) GetDuplicate() []byte { + if x != nil { + return x.Duplicate + } + return nil +} + +func (x *ImportBlob) GetEncryptedSeed() []byte { + if x != nil { + return x.EncryptedSeed + } + return nil +} + +func (x *ImportBlob) GetPublicArea() []byte { + if x != nil { + return x.PublicArea + } + return nil +} + +func (x *ImportBlob) GetPcrs() *PCRs { + if x != nil { + return x.Pcrs + } + return nil +} + +type Quote struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // TPM2 quote, encoded as a TPMS_ATTEST + Quote []byte `protobuf:"bytes,1,opt,name=quote,proto3" json:"quote,omitempty"` + // TPM2 signature, encoded as a TPMT_SIGNATURE + RawSig []byte `protobuf:"bytes,2,opt,name=raw_sig,json=rawSig,proto3" json:"raw_sig,omitempty"` + // PCR values of the bank being quoted + Pcrs *PCRs `protobuf:"bytes,3,opt,name=pcrs,proto3" json:"pcrs,omitempty"` +} + +func (x *Quote) Reset() { + *x = Quote{} + if protoimpl.UnsafeEnabled { + mi := &file_tpm_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *Quote) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Quote) ProtoMessage() {} + +func (x *Quote) ProtoReflect() protoreflect.Message { + mi := &file_tpm_proto_msgTypes[2] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Quote.ProtoReflect.Descriptor instead. +func (*Quote) Descriptor() ([]byte, []int) { + return file_tpm_proto_rawDescGZIP(), []int{2} +} + +func (x *Quote) GetQuote() []byte { + if x != nil { + return x.Quote + } + return nil +} + +func (x *Quote) GetRawSig() []byte { + if x != nil { + return x.RawSig + } + return nil +} + +func (x *Quote) GetPcrs() *PCRs { + if x != nil { + return x.Pcrs + } + return nil +} + +type PCRs struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Hash HashAlgo `protobuf:"varint,1,opt,name=hash,proto3,enum=tpm.HashAlgo" json:"hash,omitempty"` + Pcrs map[uint32][]byte `protobuf:"bytes,2,rep,name=pcrs,proto3" json:"pcrs,omitempty" protobuf_key:"varint,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` +} + +func (x *PCRs) Reset() { + *x = PCRs{} + if protoimpl.UnsafeEnabled { + mi := &file_tpm_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *PCRs) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*PCRs) ProtoMessage() {} + +func (x *PCRs) ProtoReflect() protoreflect.Message { + mi := &file_tpm_proto_msgTypes[3] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use PCRs.ProtoReflect.Descriptor instead. +func (*PCRs) Descriptor() ([]byte, []int) { + return file_tpm_proto_rawDescGZIP(), []int{3} +} + +func (x *PCRs) GetHash() HashAlgo { + if x != nil { + return x.Hash + } + return HashAlgo_HASH_INVALID +} + +func (x *PCRs) GetPcrs() map[uint32][]byte { + if x != nil { + return x.Pcrs + } + return nil +} + +var File_tpm_proto protoreflect.FileDescriptor + +var file_tpm_proto_rawDesc = []byte{ + 0x0a, 0x09, 0x74, 0x70, 0x6d, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x03, 0x74, 0x70, 0x6d, + 0x22, 0xfc, 0x01, 0x0a, 0x0b, 0x53, 0x65, 0x61, 0x6c, 0x65, 0x64, 0x42, 0x79, 0x74, 0x65, 0x73, + 0x12, 0x12, 0x0a, 0x04, 0x70, 0x72, 0x69, 0x76, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x04, + 0x70, 0x72, 0x69, 0x76, 0x12, 0x10, 0x0a, 0x03, 0x70, 0x75, 0x62, 0x18, 0x02, 0x20, 0x01, 0x28, + 0x0c, 0x52, 0x03, 0x70, 0x75, 0x62, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x63, 0x72, 0x73, 0x18, 0x03, + 0x20, 0x03, 0x28, 0x0d, 0x52, 0x04, 0x70, 0x63, 0x72, 0x73, 0x12, 0x21, 0x0a, 0x04, 0x68, 0x61, + 0x73, 0x68, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x0d, 0x2e, 0x74, 0x70, 0x6d, 0x2e, 0x48, + 0x61, 0x73, 0x68, 0x41, 0x6c, 0x67, 0x6f, 0x52, 0x04, 0x68, 0x61, 0x73, 0x68, 0x12, 0x21, 0x0a, + 0x03, 0x73, 0x72, 0x6b, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x0f, 0x2e, 0x74, 0x70, 0x6d, + 0x2e, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x54, 0x79, 0x70, 0x65, 0x52, 0x03, 0x73, 0x72, 0x6b, + 0x12, 0x30, 0x0a, 0x0e, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x65, 0x64, 0x5f, 0x70, 0x63, + 0x72, 0x73, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x09, 0x2e, 0x74, 0x70, 0x6d, 0x2e, 0x50, + 0x43, 0x52, 0x73, 0x52, 0x0d, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x65, 0x64, 0x50, 0x63, + 0x72, 0x73, 0x12, 0x23, 0x0a, 0x0d, 0x63, 0x72, 0x65, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x64, + 0x61, 0x74, 0x61, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0c, 0x63, 0x72, 0x65, 0x61, 0x74, + 0x69, 0x6f, 0x6e, 0x44, 0x61, 0x74, 0x61, 0x12, 0x16, 0x0a, 0x06, 0x74, 0x69, 0x63, 0x6b, 0x65, + 0x74, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x06, 0x74, 0x69, 0x63, 0x6b, 0x65, 0x74, 0x22, + 0x91, 0x01, 0x0a, 0x0a, 0x49, 0x6d, 0x70, 0x6f, 0x72, 0x74, 0x42, 0x6c, 0x6f, 0x62, 0x12, 0x1c, + 0x0a, 0x09, 0x64, 0x75, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x0c, 0x52, 0x09, 0x64, 0x75, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x25, 0x0a, 0x0e, + 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x65, 0x64, 0x5f, 0x73, 0x65, 0x65, 0x64, 0x18, 0x02, + 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0d, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x65, 0x64, 0x53, + 0x65, 0x65, 0x64, 0x12, 0x1f, 0x0a, 0x0b, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x5f, 0x61, 0x72, + 0x65, 0x61, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0a, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, + 0x41, 0x72, 0x65, 0x61, 0x12, 0x1d, 0x0a, 0x04, 0x70, 0x63, 0x72, 0x73, 0x18, 0x04, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x09, 0x2e, 0x74, 0x70, 0x6d, 0x2e, 0x50, 0x43, 0x52, 0x73, 0x52, 0x04, 0x70, + 0x63, 0x72, 0x73, 0x22, 0x55, 0x0a, 0x05, 0x51, 0x75, 0x6f, 0x74, 0x65, 0x12, 0x14, 0x0a, 0x05, + 0x71, 0x75, 0x6f, 0x74, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x05, 0x71, 0x75, 0x6f, + 0x74, 0x65, 0x12, 0x17, 0x0a, 0x07, 0x72, 0x61, 0x77, 0x5f, 0x73, 0x69, 0x67, 0x18, 0x02, 0x20, + 0x01, 0x28, 0x0c, 0x52, 0x06, 0x72, 0x61, 0x77, 0x53, 0x69, 0x67, 0x12, 0x1d, 0x0a, 0x04, 0x70, + 0x63, 0x72, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x09, 0x2e, 0x74, 0x70, 0x6d, 0x2e, + 0x50, 0x43, 0x52, 0x73, 0x52, 0x04, 0x70, 0x63, 0x72, 0x73, 0x22, 0x8b, 0x01, 0x0a, 0x04, 0x50, + 0x43, 0x52, 0x73, 0x12, 0x21, 0x0a, 0x04, 0x68, 0x61, 0x73, 0x68, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x0e, 0x32, 0x0d, 0x2e, 0x74, 0x70, 0x6d, 0x2e, 0x48, 0x61, 0x73, 0x68, 0x41, 0x6c, 0x67, 0x6f, + 0x52, 0x04, 0x68, 0x61, 0x73, 0x68, 0x12, 0x27, 0x0a, 0x04, 0x70, 0x63, 0x72, 0x73, 0x18, 0x02, + 0x20, 0x03, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x74, 0x70, 0x6d, 0x2e, 0x50, 0x43, 0x52, 0x73, 0x2e, + 0x50, 0x63, 0x72, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x70, 0x63, 0x72, 0x73, 0x1a, + 0x37, 0x0a, 0x09, 0x50, 0x63, 0x72, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, + 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, + 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x05, 0x76, + 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x2a, 0x32, 0x0a, 0x0a, 0x4f, 0x62, 0x6a, 0x65, + 0x63, 0x74, 0x54, 0x79, 0x70, 0x65, 0x12, 0x12, 0x0a, 0x0e, 0x4f, 0x42, 0x4a, 0x45, 0x43, 0x54, + 0x5f, 0x49, 0x4e, 0x56, 0x41, 0x4c, 0x49, 0x44, 0x10, 0x00, 0x12, 0x07, 0x0a, 0x03, 0x52, 0x53, + 0x41, 0x10, 0x01, 0x12, 0x07, 0x0a, 0x03, 0x45, 0x43, 0x43, 0x10, 0x23, 0x2a, 0x4a, 0x0a, 0x08, + 0x48, 0x61, 0x73, 0x68, 0x41, 0x6c, 0x67, 0x6f, 0x12, 0x10, 0x0a, 0x0c, 0x48, 0x41, 0x53, 0x48, + 0x5f, 0x49, 0x4e, 0x56, 0x41, 0x4c, 0x49, 0x44, 0x10, 0x00, 0x12, 0x08, 0x0a, 0x04, 0x53, 0x48, + 0x41, 0x31, 0x10, 0x04, 0x12, 0x0a, 0x0a, 0x06, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36, 0x10, 0x0b, + 0x12, 0x0a, 0x0a, 0x06, 0x53, 0x48, 0x41, 0x33, 0x38, 0x34, 0x10, 0x0c, 0x12, 0x0a, 0x0a, 0x06, + 0x53, 0x48, 0x41, 0x35, 0x31, 0x32, 0x10, 0x0d, 0x42, 0x2a, 0x5a, 0x28, 0x67, 0x69, 0x74, 0x68, + 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x67, 0x6f, + 0x2d, 0x74, 0x70, 0x6d, 0x2d, 0x74, 0x6f, 0x6f, 0x6c, 0x73, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x2f, 0x74, 0x70, 0x6d, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, +} + +var ( + file_tpm_proto_rawDescOnce sync.Once + file_tpm_proto_rawDescData = file_tpm_proto_rawDesc +) + +func file_tpm_proto_rawDescGZIP() []byte { + file_tpm_proto_rawDescOnce.Do(func() { + file_tpm_proto_rawDescData = protoimpl.X.CompressGZIP(file_tpm_proto_rawDescData) + }) + return file_tpm_proto_rawDescData +} + +var file_tpm_proto_enumTypes = make([]protoimpl.EnumInfo, 2) +var file_tpm_proto_msgTypes = make([]protoimpl.MessageInfo, 5) +var file_tpm_proto_goTypes = []interface{}{ + (ObjectType)(0), // 0: tpm.ObjectType + (HashAlgo)(0), // 1: tpm.HashAlgo + (*SealedBytes)(nil), // 2: tpm.SealedBytes + (*ImportBlob)(nil), // 3: tpm.ImportBlob + (*Quote)(nil), // 4: tpm.Quote + (*PCRs)(nil), // 5: tpm.PCRs + nil, // 6: tpm.PCRs.PcrsEntry +} +var file_tpm_proto_depIdxs = []int32{ + 1, // 0: tpm.SealedBytes.hash:type_name -> tpm.HashAlgo + 0, // 1: tpm.SealedBytes.srk:type_name -> tpm.ObjectType + 5, // 2: tpm.SealedBytes.certified_pcrs:type_name -> tpm.PCRs + 5, // 3: tpm.ImportBlob.pcrs:type_name -> tpm.PCRs + 5, // 4: tpm.Quote.pcrs:type_name -> tpm.PCRs + 1, // 5: tpm.PCRs.hash:type_name -> tpm.HashAlgo + 6, // 6: tpm.PCRs.pcrs:type_name -> tpm.PCRs.PcrsEntry + 7, // [7:7] is the sub-list for method output_type + 7, // [7:7] is the sub-list for method input_type + 7, // [7:7] is the sub-list for extension type_name + 7, // [7:7] is the sub-list for extension extendee + 0, // [0:7] is the sub-list for field type_name +} + +func init() { file_tpm_proto_init() } +func file_tpm_proto_init() { + if File_tpm_proto != nil { + return + } + if !protoimpl.UnsafeEnabled { + file_tpm_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*SealedBytes); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_tpm_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ImportBlob); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_tpm_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*Quote); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_tpm_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*PCRs); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_tpm_proto_rawDesc, + NumEnums: 2, + NumMessages: 5, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_tpm_proto_goTypes, + DependencyIndexes: file_tpm_proto_depIdxs, + EnumInfos: file_tpm_proto_enumTypes, + MessageInfos: file_tpm_proto_msgTypes, + }.Build() + File_tpm_proto = out.File + file_tpm_proto_rawDesc = nil + file_tpm_proto_goTypes = nil + file_tpm_proto_depIdxs = nil +} diff --git a/vendor/github.com/google/go-tpm-tools/server/ca-certs/tpm_ek_intermediate_2.crt b/vendor/github.com/google/go-tpm-tools/server/ca-certs/tpm_ek_intermediate_2.crt new file mode 100644 index 0000000000000000000000000000000000000000..ef9699dfe1ac4854b039a9fd03f5a42fedace712 GIT binary patch literal 1560 zcmXqLViPfFV*ay$nTe5!NkAhpue`I)FKz$5<3B$#3$HQYW#iOp^Jx3d%gD&h%3#pA z&yd@IlZ`o)g-w_#G}utsKoG>?5ax1D%*jm4FUreIG!!!s0SU4T^ZMqO=9MI7<|%|_ zrk2ALa|v^~=jW&Aq$>FMI2-aA@PHI^3$r@s!x#u`L}_{=;ZB?Y`5C)FNF2T_XcS3ta;fT?4ZaLjx;Q3o9ctT?2C~0|NzbD?=Rx zL#u#t0|R4^Vz)?t6DtENLkj~1abBP%10y3NAYot;CBbiGh$3LnxRcgij4%j;c+nr5 z7mBO4;Ak8Y;F#nK@m&+65^{_&vNA9?G4eAQ zG%<29H8C!7J-luv)2FG&F5wA8rHNQPg87>@*BI~fd;Ms=ZJ5CQ%=J;8!TL>=pKH}0ykuZoes{~?Umt}# zuI>w|4qLyAIliKlpOcNt-kL(afXKV`^9y6_b2>pk#iO- zjEI}3V7O;@ga71P^)pLP)GgsDf4XvQqVBcn`3|9ii_{y;GYW;gxWCWO5YxW(`u2fd zQyaNu4f%2FqC_V-u4%s%dYg%vk%4h>6C*D$L^uujfUzLU&&c?ng$0=U*$f0gd{q`s z19mpn^hQ<=Mgt*`h%iV6hXEUqVq#=4kOhhHv52vV2%jz76|spcaIpqo>dtBNcFXb# zPBxGSNh`BR7>G59q<(qwY}L2FQI|UAtOySM&d|s4eW`&j8;3R6^SlxH{CC^Yomn z@j`|=1-DN6EmO(ZyiP@B?ty1>(`^1+Ran=0N?BEq?LgUvOBPp_3yA4YDr|Andbp%x zcl{;ljm(~pIX3Z~U}rX8CACbRW$~^<`jcf_`16bB)8T;M!(mu4#lkekvCiJ#fQ4;$?r?@CP?K73 z-=-h$etEvU7@Z|YBZyD$9l#(b*TK8N! u=}S*;wpdiktfsg;rZ?h2ula5VuABVo|p?In8jR-k~9F-WmbSyh0;<3WGyv1u7CKg;Q{5aU$4$%m}*OOpjVS_8y$1Dl^r z_#V%3JgCjBcM>GFZnC1;k2N+72OeI0>3=(~pSeD;8Od8DQW{=pPZuh=yN=KbGTD05 zRKgcElDNqLU;34g5ym~Td9Wuv+P0L`j7p~y?qzI~DH`o{{+g;(84v54X&OHp>{^R7 zx;0A$l$W)=&4`7vGS`ZHl;@O}hl=vl&@tN@>+XaMYe;BoiFBB^40hG$Txm*8yXRH$ z)+|$5zlC@44QuyL!)557HIk55;=x5^z5mTGdCn&^GQc|!#TIRDE2d< ziafF+GuCv!cqd`Oru1l2@VB=5LAo=#NdsYQA<1dC9-J1CRbDdp>FS6f`7ye=e$yI1 zZfAiAq=$VU-#6cq-&&ria7VQx_P=Fnls;pDqw~&ktu^gls*wDa{!tsUkS*r>|a7GnAe-YG5!oGBX5DJVi9;V}4B4u}TWjZ4#1gu~ZSsEzYa0ZJ0Bi;@9S7<5nq zS{e=%B?KpNpaF6t0Zj?OqEt~TjOE{_ZmfKz_oe+(;^wgmJ0rb%4QNTq+9-9Pdg{Lo z|NbW%iwTG6o~i3k(=fI7saaZY9m!Y}UCV`!mkB!CbGbuq=sYW%Eob}sC;Sp8LTit3 z6?<}jZP|LB>iM|kCa0i2MvG`y&}d*39a1_#=VcvuvFmg~MLcB?YN*RGI>_q`IQNv+ zhQXYNH{zekUT?EzfV}oLo}qIrXro> zYe>87=eq4Kx*i)2S=(RfzSy$l*j+fmAWB z9ru$S6tYJ0TvJ0cQ+lL>%M(KEd+IGg!+rtGP+;Yx8OqK*$M zYt$P*>nM;f;T 0 { + if err := hasAllowedVersion(state, allowedVersions); err != nil { + return err + } + } + + minGceVersion := policy.GetMinimumGceFirmwareVersion() + gceVersion := state.GetGceVersion() + if minGceVersion > gceVersion { + return fmt.Errorf("expected GCE Version %d or later, got %d", minGceVersion, gceVersion) + } + minTech := policy.GetMinimumTechnology() + tech := state.GetTechnology() + if minTech > tech { + return fmt.Errorf("expected a GCE Confidential Technology of %d or later, got %d", minTech, tech) + } + return nil +} + +func hasAllowedVersion(state *pb.PlatformState, allowedVersions [][]byte) error { + firmware := state.GetFirmware() + + // We want the version check to work even for a GCE VM. + var version []byte + if scrtm, ok := firmware.(*pb.PlatformState_ScrtmVersionId); ok { + version = scrtm.ScrtmVersionId + } else if gce, ok := firmware.(*pb.PlatformState_GceVersion); ok { + version = ConvertGCEFirmwareVersionToSCRTMVersion(gce.GceVersion) + } else { + return errors.New("missing SCRTM version in PlatformState") + } + for _, allowed := range allowedVersions { + if bytes.Equal(version, allowed) { + return nil + } + } + return fmt.Errorf("provided SCRTM version (%x) not allowed", version) +} diff --git a/vendor/github.com/google/go-tpm-tools/server/policy_constants.go b/vendor/github.com/google/go-tpm-tools/server/policy_constants.go new file mode 100644 index 000000000..39d58c200 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/server/policy_constants.go @@ -0,0 +1,167 @@ +package server + +import ( + "bytes" + _ "embed" // Necessary to use go:embed + "errors" + "fmt" + "log" + "strconv" + + "github.com/google/certificate-transparency-go/x509" + pb "github.com/google/go-tpm-tools/proto/attest" +) + +// Expected Firmware/PCR0 Event Types. +// +// Taken from TCG PC Client Platform Firmware Profile Specification, +// Table 14 Events. +const ( + NoAction uint32 = 0x00000003 + Separator uint32 = 0x00000004 + SCRTMVersion uint32 = 0x00000008 + NonhostInfo uint32 = 0x00000011 +) + +var ( + // GCENonHostInfoSignature identifies the GCE Non-Host info event, which + // indicates if memory encryption is enabled. This event is 32-bytes consisting + // of the below signature (16 bytes), followed by a byte indicating whether + // it is confidential, followed by 15 reserved bytes. + GCENonHostInfoSignature = []byte("GCE NonHostInfo\x00") + // GceVirtualFirmwarePrefix is the little-endian UCS-2 encoded string + // "GCE Virtual Firmware v" without a null terminator. All GCE firmware + // versions are UCS-2 encoded, start with this prefix, contain the firmware + // version encoded as an integer, and end with a null terminator. + GceVirtualFirmwarePrefix = []byte{0x47, 0x00, 0x43, 0x00, + 0x45, 0x00, 0x20, 0x00, 0x56, 0x00, 0x69, 0x00, 0x72, 0x00, + 0x74, 0x00, 0x75, 0x00, 0x61, 0x00, 0x6c, 0x00, 0x20, 0x00, + 0x46, 0x00, 0x69, 0x00, 0x72, 0x00, 0x6d, 0x00, 0x77, 0x00, + 0x61, 0x00, 0x72, 0x00, 0x65, 0x00, 0x20, 0x00, 0x76, 0x00} +) + +// Standard Secure Boot certificates (DER encoded) +var ( + //go:embed secure-boot/GcePk.crt + GceDefaultPKCert []byte + //go:embed secure-boot/MicCorKEKCA2011_2011-06-24.crt + MicrosoftKEKCA2011Cert []byte + //go:embed secure-boot/MicWinProPCA2011_2011-10-19.crt + WindowsProductionPCA2011Cert []byte + //go:embed secure-boot/MicCorUEFCA2011_2011-06-27.crt + MicrosoftUEFICA2011Cert []byte +) + +// Revoked Signing certificates (DER encoded) +var ( + //go:embed secure-boot/canonical-boothole.crt + RevokedCanonicalBootholeCert []byte + //go:embed secure-boot/debian-boothole.crt + RevokedDebianBootholeCert []byte + //go:embed secure-boot/cisco-boothole.crt + RevokedCiscoCert []byte +) + +// Known Privacy CA certs. +var ( + //go:embed ca-certs/tpm_ek_root_1.cer + gceEKRootCA []byte + //go:embed ca-certs/tpm_ek_intermediate_2.crt + gceEKIntermediateCA2 []byte +) + +// CertPools corresponding to the known CA certs for GCE. +var ( + GceEKRoots *x509.CertPool + GceEKIntermediates *x509.CertPool +) + +func init() { + var err error + GceEKRoots, err = getPool([][]byte{gceEKRootCA}) + if err != nil { + log.Panicf("failed to create the root cert pool: %v", err) + } + GceEKIntermediates, err = getPool([][]byte{gceEKIntermediateCA2}) + if err != nil { + log.Panicf("failed to create the intermediate cert pool: %v", err) + } +} +func getPool(certs [][]byte) (*x509.CertPool, error) { + pool := x509.NewCertPool() + for _, certBytes := range certs { + cert, err := x509.ParseCertificate(certBytes) + if err != nil { + return nil, fmt.Errorf("failed to parse cert: %w", err) + } + pool.AddCert(cert) + } + return pool, nil +} + +// ConvertSCRTMVersionToGCEFirmwareVersion attempts to parse the Firmware +// Version of a GCE VM from the bytes of the version string of the SCRTM. This +// data should come from a valid and verified EV_S_CRTM_VERSION event. +func ConvertSCRTMVersionToGCEFirmwareVersion(version []byte) (uint32, error) { + prefixLen := len(GceVirtualFirmwarePrefix) + if (len(version) <= prefixLen) || (len(version)%2 != 0) { + return 0, fmt.Errorf("length of GCE version (%d) is invalid", len(version)) + } + if !bytes.Equal(version[:prefixLen], GceVirtualFirmwarePrefix) { + return 0, errors.New("prefix for GCE version is missing") + } + asciiVersion := []byte{} + for i, b := range version[prefixLen:] { + // Skip the UCS-2 null bytes and the null terminator + if b == '\x00' { + continue + } + // All odd bytes in our UCS-2 string should be Null + if i%2 != 0 { + return 0, errors.New("invalid UCS-2 in the version string") + } + asciiVersion = append(asciiVersion, b) + } + + versionNum, err := strconv.Atoi(string(asciiVersion)) + if err != nil { + return 0, fmt.Errorf("when parsing GCE firmware version: %w", err) + } + return uint32(versionNum), nil +} + +// ConvertGCEFirmwareVersionToSCRTMVersion creates the corresponding SCRTM +// version string from a numerical GCE firmware version. The returned string +// is UCS2 encoded with a null terminator. A version of 0 corresponds to an +// empty string (representing old GCE VMs that just used an empty string). +func ConvertGCEFirmwareVersionToSCRTMVersion(version uint32) []byte { + if version == 0 { + return []byte{} + } + versionString := GceVirtualFirmwarePrefix + for _, b := range []byte(strconv.Itoa(int(version))) { + // Convert ACSII to little-endian UCS-2 + versionString = append(versionString, b, 0) + } + // Add the null terminator + return append(versionString, 0, 0) +} + +// ParseGCENonHostInfo attempts to parse the Confidential VM +// technology used by a GCE VM from the GCE Non-Host info event. This data +// should come from a valid and verified EV_NONHOST_INFO event. +func ParseGCENonHostInfo(nonHostInfo []byte) (pb.GCEConfidentialTechnology, error) { + prefixLen := len(GCENonHostInfoSignature) + if len(nonHostInfo) < (prefixLen + 1) { + return pb.GCEConfidentialTechnology_NONE, fmt.Errorf("length of GCE Non-Host info (%d) is too short", len(nonHostInfo)) + } + + if !bytes.Equal(nonHostInfo[:prefixLen], GCENonHostInfoSignature) { + return pb.GCEConfidentialTechnology_NONE, errors.New("prefix for GCE Non-Host info is missing") + } + tech := nonHostInfo[prefixLen] + if tech > byte(pb.GCEConfidentialTechnology_AMD_SEV_ES) { + return pb.GCEConfidentialTechnology_NONE, fmt.Errorf("unknown GCE Confidential Technology: %d", tech) + } + return pb.GCEConfidentialTechnology(tech), nil +} diff --git a/vendor/github.com/google/go-tpm-tools/server/policy_constants_test.go b/vendor/github.com/google/go-tpm-tools/server/policy_constants_test.go new file mode 100644 index 000000000..37dca1883 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/server/policy_constants_test.go @@ -0,0 +1,56 @@ +package server + +import ( + "testing" + + pb "github.com/google/go-tpm-tools/proto/attest" +) + +func getGceMemoryEncryptionNonhostEvent(memoryEncrypted bool) []byte { + event := make([]byte, 32) + copy(event[:], []byte(GCENonHostInfoSignature)) + // event[15] is a null byte. + if memoryEncrypted { + event[16] = 0x01 + } + // Last 15 bytes are reserved. + return event +} + +func TestParseGCENonHostInfo(t *testing.T) { + nonconfidentialEvent := getGceMemoryEncryptionNonhostEvent( /*memoryEncrypted=*/ false) + + // Empty events should return NONCONFIDENTIAL. + confTech, err := ParseGCENonHostInfo([]byte{}) + if err == nil { + t.Error("expected error on incorrect size!") + } + if confTech != pb.GCEConfidentialTechnology_NONE { + t.Errorf("expected ConfidentialTechnology %v, received %v", pb.GCEConfidentialTechnology_NONE, confTech) + } + + confTech, err = ParseGCENonHostInfo(nonconfidentialEvent) + if err != nil { + t.Errorf("failed to parse GCE confidential tech: %v", err) + } + if confTech != pb.GCEConfidentialTechnology_NONE { + t.Errorf("expected ConfidentialTechnology %v, received %v", pb.GCEConfidentialTechnology_NONE, confTech) + } + + sevEvent := getGceMemoryEncryptionNonhostEvent( /*memoryEncrypted=*/ true) + confTech, err = ParseGCENonHostInfo(sevEvent) + if err != nil { + t.Errorf("failed to parse GCE confidential tech: %v", err) + } + if confTech != pb.GCEConfidentialTechnology_AMD_SEV { + t.Errorf("expected ConfidentialTechnology %v, received %v", pb.GCEConfidentialTechnology_AMD_SEV, confTech) + } +} + +func TestParseGCENonHostInfoUnknownType(t *testing.T) { + nonconfidentialEvent := getGceMemoryEncryptionNonhostEvent( /*memoryEncrypted=*/ false) + nonconfidentialEvent[16] = 0x99 + if _, err := ParseGCENonHostInfo(nonconfidentialEvent); err == nil { + t.Errorf("expected error parsing GCE confidential nonhost event") + } +} diff --git a/vendor/github.com/google/go-tpm-tools/server/policy_test.go b/vendor/github.com/google/go-tpm-tools/server/policy_test.go new file mode 100644 index 000000000..1db85a405 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/server/policy_test.go @@ -0,0 +1,153 @@ +package server + +import ( + "testing" + + pb "github.com/google/go-tpm-tools/proto/attest" +) + +var defaultGcePolicy = pb.Policy{ + Platform: &pb.PlatformPolicy{ + MinimumGceFirmwareVersion: 1, + MinimumTechnology: pb.GCEConfidentialTechnology_NONE, + }, +} + +func TestNilPolicyAlwaysPasses(t *testing.T) { + subtests := []struct { + name string + state *pb.MachineState + }{ + {"NilState", nil}, + {"PlatformState", &pb.MachineState{ + Platform: &pb.PlatformState{ + Firmware: &pb.PlatformState_GceVersion{GceVersion: 1}, + Technology: pb.GCEConfidentialTechnology_AMD_SEV, + }, + }}, + } + for _, subtest := range subtests { + t.Run(subtest.name, func(t *testing.T) { + if err := EvaluatePolicy(subtest.state, nil); err != nil { + t.Errorf("nil policy should always succeed: %v", err) + } + }) + } +} + +func TestGCEFirmwareVersionSimple(t *testing.T) { + zero := ConvertGCEFirmwareVersionToSCRTMVersion(0) + if len(zero) != 0 { + t.Errorf("expected empty SCRTM version, got %x", zero) + } + ver, err := ConvertSCRTMVersionToGCEFirmwareVersion( + ConvertGCEFirmwareVersionToSCRTMVersion(23), + ) + if ver != 23 { + t.Errorf("convert functions aren't inverses, got %d: %v", ver, err) + } +} + +func TestEvaluatePolicy(t *testing.T) { + tests := []struct { + name string + log eventLog + policy *pb.Policy + }{ + {"Debian10-SHA1", Debian10GCE, &defaultGcePolicy}, + {"RHEL8-CryptoAgile", Rhel8GCE, &defaultGcePolicy}, + {"Ubuntu1804AmdSev-CryptoAgile", UbuntuAmdSevGCE, &defaultGcePolicy}, + // TODO: add the tests below back once go-attestation has releases: + // https://github.com/google/go-attestation/pull/222/ + // {"Ubuntu2104NoDbx-CryptoAgile", Ubuntu2104NoDbxGCE, &defaultGcePolicy}, + // {"Ubuntu2104NoSecureBoot-CryptoAgile", Ubuntu2104NoSecureBootGCE, &defaultGcePolicy}, + } + + for _, test := range tests { + t.Run(test.name, func(t *testing.T) { + machineState, err := parsePCClientEventLog(test.log.RawLog, test.log.Banks[0]) + if err != nil { + t.Fatalf("failed to get machine state: %v", err) + } + if err := EvaluatePolicy(machineState, test.policy); err != nil { + t.Errorf("failed to apply policy: %v", err) + } + }) + } +} + +func TestEvaluatePolicySCRTM(t *testing.T) { + archLinuxWorkstationSCRTMPolicy := pb.Policy{ + Platform: &pb.PlatformPolicy{ + AllowedScrtmVersionIds: [][]byte{{0x1e, 0xfb, 0x6b, 0x54, 0x0c, 0x1d, 0x55, 0x40, 0xa4, 0xad, + 0x4e, 0xf4, 0xbf, 0x17, 0xb8, 0x3a}}, + }, + } + machineState, err := parsePCClientEventLog(ArchLinuxWorkstation.RawLog, ArchLinuxWorkstation.Banks[0]) + if err != nil { + gErr := err.(*GroupedError) + if !gErr.containsOnlySubstring(archLinuxBadSecureBoot) { + t.Fatalf("failed to get machine state: %v", err) + } + } + if err := EvaluatePolicy(machineState, &archLinuxWorkstationSCRTMPolicy); err != nil { + t.Errorf("failed to apply policy: %v", err) + } +} + +func TestEvaluatePolicyFailure(t *testing.T) { + badGcePolicyVersion := pb.Policy{ + Platform: &pb.PlatformPolicy{ + MinimumGceFirmwareVersion: 2, + MinimumTechnology: pb.GCEConfidentialTechnology_NONE, + }, + } + badGcePolicySEVES := pb.Policy{ + Platform: &pb.PlatformPolicy{ + MinimumGceFirmwareVersion: 0, + MinimumTechnology: pb.GCEConfidentialTechnology_AMD_SEV_ES, + }, + } + badGcePolicySEV := pb.Policy{ + Platform: &pb.PlatformPolicy{ + MinimumGceFirmwareVersion: 0, + MinimumTechnology: pb.GCEConfidentialTechnology_AMD_SEV_ES, + }, + } + badPhysicalPolicy := pb.Policy{ + Platform: &pb.PlatformPolicy{ + AllowedScrtmVersionIds: [][]byte{{0x00}}, + }, + } + tests := []struct { + name string + log eventLog + policy *pb.Policy + // This field handles known issues with event log parsing or bad event + // logs. + // An empty string will not attempt to pattern match the error result. + errorSubstr string + }{ + {"Debian10-SHA1", Debian10GCE, &badGcePolicyVersion, ""}, + {"Debian10-SHA1", Debian10GCE, &badGcePolicySEV, ""}, + {"Ubuntu1804AmdSev-CryptoAgile", UbuntuAmdSevGCE, &badGcePolicySEVES, + ""}, + {"ArchLinuxWorkstation-CryptoAgile", ArchLinuxWorkstation, + &badPhysicalPolicy, archLinuxBadSecureBoot}, + } + + for _, test := range tests { + t.Run(test.name, func(t *testing.T) { + machineState, err := parsePCClientEventLog(test.log.RawLog, test.log.Banks[0]) + if err != nil { + gErr := err.(*GroupedError) + if test.errorSubstr != "" && !gErr.containsOnlySubstring(test.errorSubstr) { + t.Fatalf("failed to get machine state: %v", err) + } + } + if err := EvaluatePolicy(machineState, test.policy); err == nil { + t.Errorf("expected policy failure; got success") + } + }) + } +} diff --git a/vendor/github.com/google/go-tpm-tools/server/secure-boot/GcePk.crt b/vendor/github.com/google/go-tpm-tools/server/secure-boot/GcePk.crt new file mode 100644 index 0000000000000000000000000000000000000000..a46640a555f2de3b5db50d32dae97e3460eff614 GIT binary patch literal 762 zcmXqLV)|y##CUH3GZP~d6DPw}FOe7N&9Scxc-c6$+C196^D;7WvoaV681fnLurY_S zF!QkHrIr_D8_0?C8d?}w7#SKFni?9KMuEAOMg~wW79CBDO321CvNA9?G4eA2t>NBUV>dC*bNIBo+kpISc*~fl~O7EC*a86%A`$VU6nTq_AYj2g#-)|_c5ODB)gYxfv z)?tsiuDidQYq0)G>`Lb3&P9JLA5L4?e%O{-ZPVpNId4u(zkcqP#H&qHZ8o#8v!7$? zI)BS5P@uzJb%VFvnY%x4-447uQEZm%LiW8Kk3I@*`M8;3()P#c&(`*2-BGufy>rDc z=b+f$_xHlIZV5*wa8_PkSrgv-H*i9t`P};2C)@L;eh8ZFJnxQ&jqKSymh*)czi{Vu z+hKNR(&niv&Urm{Q;zUvVrFDuTpVl=Xdnv=X<0rNF&2>-0WHiz^x5^VeKoXXBT6g}m|4&gaHI@kBCscnipyjAds-l80_rEg})eqc6K zHv4hfpgG;jN?tojQ9MCs*H^ut8hNME3L-Sx()%-8av0PjRObYUu)ZwVk&qYC>b0ID zx8GHIS+vO?HD4K<#)rFA^eP_+Up%p<=4QQxyP$KUWVUfY_~YVv%j(ZSUCajjoU+}I~iMpQxhX2!;u$TyY{aQSKFX=_|@~@;Z-h7vFyCJyq=b5 zJ=?(lCinH5`kjxXl8tHv#r^pnb1%0Lo!ocq>w}h!vu5i&|GItRHO_~R4zR3PV<2R91&S9_(-|4 zw_y7cS>HG7p3eCtcIf)S(^p;`(SJJgok}H`B=nQM3VkEpIuxws!gliCC zV&ReFVhCm^Wk_OhW^gp%2I=Hy0U6U~zz^aGGcx{XVKra|QU>xM0c92m1F;4X*R&w# zhjkHx`>*-UQx4^@wo=MkVGsjSAkPwN5Nr^*z<+^nn|DS@Nr9EVesWQcUM?&x>m}#s z>K9~Zf<*NTitQ<3X)E3>+FDvQfnk;IlCr2*mD_ikX9ZRZqL6?=D`>xf9< zxfXsxa&bKCwcE!oWS;ZzHroC=_L9NZ17COSs$gHN{crYdldzUIO{dm5sus-2e)(?# z|Mh9|PoGbb-=xLU>-}FtQ=t0$^_ry@%XYG!sC>&mVbYvK|L*74oX7zgh@9nG?To0`c7HO3KZNRe1+$`~ySEjVd zjf}U~n9k=+;kkT1N2zk{#t(a#7r7;@Ji>lRvFYRAPcJHs687I%vs6jM`_#c3-mh!z z!%a6m^Do`9A%R&bc-_QG*=w^Md87gG}>Bg0aT9G~N^oLSyHOAfTxvz78VGlrx*5UXc@ zJE@j?Q}KQtu47)Vi3^U3=}x=+ReQm2U(eZ&4HIm3hWvfD=i=NWOC-AL9lK&8n=_1d z_qd;YSGY&fe^yt`e;51Sexprl9_vcCzB}n7=OtP9q-mCHMY%7}hP~hTFNkO^jv05GgVcV&l|i zV`O1$G8biJVFk+>C?mv}Sj1RFejLo+USA&U^;y+i)^DL&HNQeZgMlnCMr8Rw(!y)^ zJ9F-BDwxxA)!#7hs?v-u=_>}3a5F@hSa{^P7=jr}8Il;B85|9`K|1+aSb!Oz&43@o z5oTok&%$cJ45SR?K?2Gw5(Z)oBCcsc&JXJ%1ovO_o2MMgVQr<9wZb3jRSyFfRa;I52$! z6E`qT#{<)hfi4gknCbzQ8YHlB0KUE;q>3&%(?GnJZl9qB1|>ijLOt&-U~UZJ4t)3%5Ajph!hU}{4&C1 znHYD|s@Sznw;Gxq+4{H0eq!GFSt?fgW59%;n?qZiG-MR^Zdw;8a`eEO=~ESDCfw%# zQ$BBM@x+c(d-n$IWDVfGA3kqE;#=OQxvDoE_{AMgoLlU5$anoLAz6-){=LWd?9{gP z)Rs5;lckvHKl?QI|H^}7P`p3e|O3K zJ97OESKmr}(H9ZR*1wn5vqAak@s=BJUmY}VS{vpqq5CmoD*M^8kH{0YRa-%tSY$V?b_=s>rUTrh+NQeajH+!L?x*b*&bVWK9^-r zHq16L-S}%;@Cu#AH%nLxPt4u1>xHyS+7tH>zP_;f&GW@(Y-+oZVK+f}tA1R6Kx^-@ z-lllRgN1MfA-&c}SF>PgInqRZZ2P+zbh(mdgZ#grWnDhht= h@@Z?I^6kMoCf9eVhqf)Q%M>eRpEUdHvOST_5de>mHUaBvrw&v?L?HD6^ze z!N|bSz(7u%*U-?=z|hjr!o<+TC`z2y$PB_Y1#t};TWI1`Jp&zxQ&ka84bRL=$uBQf z2q?-=DNP3XNFl)45#&rmgC<5L{yk8AUeRmzWhZyaSqGceJiYuzeP_GO zznv$QIrCSzO+1)4&BpQa>BaW3Oj*8fGUZh@V$A;kbr$8C@<4LS`TK{29vzBSf2Uqy z&>gMCnXS|roFJxiAVW5I*Bj5za}#@7GdPP~Vrv(LXy2{;E_&WHHb+J~=G>k+%H8>S zTh(rw2_N>qroL{ck+tI_orlNImcLjP;`cpmjt1Nyo%}2yW7-V(K^$R5#{Vp=2FyUpKprHZ z%pzeR)*y2ATiEIT7mH$&GA`OqnGk*b+$@PB24Nrt@+|%az6Rb4JQujPxn`7<6jrfX!Z2UKJb#l`{j zA}cF9BO{BSfscU~jBmiyW(T#Ryu2Kn6~N4Z&+HQ9ga*v5%uT=m6!}wA7`U|ZP~N8Z zmUeq=g81{a?FEF3|EFLizEK78Zu;`nWUQnsi*c*pB~ z$qyde8m4Y&eEMn4S+OPaZC7lZeaPv;gqHXa+5erdcFDR=$lp-x=Q!VCe*DvgTAKtX z7I!IXd^mTn*fQR3bxgvW`^*9>E_1&8@@-n{w)()1Ge@>ec3(c~3GG&F?i{ z{8lQ-ntpk5c$}uR<%xH?56?bvEsnl$>0H%nG07&khzoIZ8#kw~&oTY9=c&EQBhy7( zrEK3M!e(Bn(7DJe{rW-&EB)G3mq&^vrrU323H zMVl`&2aoQYFqyBzb#mLwjS4gO%{YB@>XO)`YYUP&6!w-1l-JsRcHKFD`ux-34f)0^ NSsC%f_kI=F#?@mywa1mBFB~#gN;8lZ`o)g-w{r-N{hI zKnTR);NkWx&Pi3sPgC$s%rg`)-~)-W^RT<*m!{_=78{Bih=N48c=((X^YZgDlM{0k zd`eRE3{4D-KoZP6+NcshbBaq+ixiwwi%K%nfa*(96&y=TGV+TuODYZI#CZ*k3``7- z3=NGf4J@L>c}+lEAOLd>>WOhBPB%e4#m&PVoSIx(l&avApI>6AZJ-HpsS=t?krXKe zXQt<6=A|1nF)ASk9V06Pa}y&!15licsfm%1;bi>mq<-!VDNSqkoqUw^*!$9axvr~; zQrfW=U$&pyIctaW4(I9RtNrVF3f#E=)aM?{ebo@hcxii@T>CxV+zXD=S1eu6lkES! z=1|a?1%@kkcgD_?bIT7c-dUFU=K8@uir0>@Klk6ObnnTEXx-aWO(dsZ)9_aGIkj81 za+!F2)X(&1F%_=10=XN+Bh>_thCi@BdcO7WW5lt!wJ{tbfVKx|}Ef z@XOxC=k_goeAZ@bgwDJ}%rXf|=9d2*nGR|$Ne%pOY_iHp^yk!yKe}IUb+y(s&HZhz zlf87s{hCnj20fb%$q&z3cyzuHVdHMv^Y;pShBUw3P0_nk1f`jn85tNCH!d(}oNK@X z3|3iTM#ldvOa=@F@*tini-ds~8;3Rq&kwTYoY)J2c*DpJQV$!y7n%N-9^2NBWaRKbCoYcz*Wm-YJhcFU9JLNwbP_ zpLW?|m*}K)L@UPcsO;iL4}vzm{?e^|$HFr9cgMo8)Oc-wwf}4t0z$8QVvQajb6u}G zd%^#{_wJmFUv`^Mnv_{qXJS2xHQjH6>f1eW@%>w_opSj90a&Pu=70 zNAD3aethh!#I~E??{40*(C~6pOl+;)ey%4^UTlf1wcgURSbD3%;+=La`8|pZhb;kr CZGF-J literal 0 HcmV?d00001 diff --git a/vendor/github.com/google/go-tpm-tools/server/secure-boot/cisco-boothole.crt b/vendor/github.com/google/go-tpm-tools/server/secure-boot/cisco-boothole.crt new file mode 100644 index 0000000000000000000000000000000000000000..8524be328412c2b211ec99bdb33af1697864b790 GIT binary patch literal 1164 zcmXqLV(BnwVlG&~%*4pV#K|jT8MAy+Rlp$wUN%mxHjlRNyo`+8tPBQ@h5`nBY|No7 z+`{Z3`8k=niFt;620S1UE@4*Z%;MyHLs1T>U=KHv2WlkDQXY24ypqJC)M7(v z14*zYJVGdz1eYcOt!QFYLUuSKD+6;ABR>OBoQtW6k&$7CZ`%dMMcR_{CvYt*pJ5my z6@K8gaIf9u#80Vp7oT+~o#j~CE#W^`|A)6+#>DqNfrq}=r+<-jTi*HCiT~k}bKY5+ z=?*8--}JwHaPQBDM{8X_Tv`#nyPJD)S8?d$@XLP=9qE4+@TI@-s62XJG-xKAV9MFkoecL3|DaHXy~s$Y4;%#-Yu|$jZvj$jDM;P+;Hy z;~OxwnPild6jIpY z9*}FG12=)OO#x~GP-${mF_Ix5z4^(-1qSjUHz~777>G59Jdi%VYS-~wf*dco@&`y0!j`)2+xA_FiO=V@ zJ^k*ggy5UDuLak>a;s0__r6q`x$Csk`R$o(A=f1S^)#(nqx3HEUf;dx36g$~{GamA zKbtWB1n1#z@-Zr$C(hS1mTbHs5wH&ELqD6P?QAe*BPjN^8r>eUBET@a;-V_^YV% z!|}m&7xQyP@g^##%uev%{FeGTEc#UQsXvWh_}qW|>b#=;?Xq}JsNAK$#rjh^OV?Z% a{rYx-$R5$?TRkZ}YR9*I**bsLj_Uv$xu*93 literal 0 HcmV?d00001 diff --git a/vendor/github.com/google/go-tpm-tools/server/secure-boot/dbxupdate-2014-08-11.bin b/vendor/github.com/google/go-tpm-tools/server/secure-boot/dbxupdate-2014-08-11.bin new file mode 100644 index 0000000000000000000000000000000000000000..e79929f7ed1fb13d39a4f87eeceeb0f9376e22ec GIT binary patch literal 4011 zcmd6pc|4TcAIE2x8DlWEl1#QT8lG9~b)!K_B1^O}n2E8Corx@SMVnhB6^f7$vZPS5 zwh`e9ZC6Cr8WgUC-!t8NyIsF~fA^2y>%Lz1c|EUZ=6lZPe9w8#`JDH2o(sWIcyTGn zZx;>={)0`5UhKHOz1RKyw&QuU!#cZJR{@^L2N)De#sOHAFeBCs%7PTFJ{1DP#6qP1=C?>JRVh??H+6W(g{Y8;nyZm445H0ii`n- zQE)p13J#pYL9hakws#J2XZyGXa(u{QfT*BQ2rp#KVtR9YnB+CUYC#DaFJ-}Y z_2&d|4h9nF9DiSqzjGiPY(WIp3+mzcwSQVqFgGzL(2WQbfJ_F~$Y9A-GI&ua6e@+f z7Ywxk%GVHxPWnfNC<34bL&V_WMwWCk0BHO&;B~(b*q-gf`Y9z5zJX!f=Q^W zyR(lQOAr7&sN%Pi2`&em2gO0aax{zwg+iXpJ+&E0kv)BH)#O-R3B`TMoEbko+99l(5I>H_l)BR7{IA94>5Yn`dAYBOX+7!#Z(;ehQexTK=TG%T2o{=hw=}eVvMFrjw){n!B$YS5!Wd{ARJtI3y`4 z(=JrHnOh`&;mXAb%L}3LCfn?Cnx9>~qI|5)%A4sT%2`vv`Jc^nMgEO3YDa*t9y`iP|KC&!qlSaQC(aC1wlq7ge)K( zCF$~+-jeZMcC(vA$G&HF1!0eG9(Mw41Of%b4q!WAmSLJ<9J|FmFwj?DQ!^waM8o?x zuWPt+yfuA2*&N>hO;>*}P0%x-`$1FFjRcl<59~khzdk6$X1jEKdp-TuD0QuII;2sBU35D>i#ne+TPM}qGQY&3T z)4iHTCKHC%`?;PPJ)Ii=G&1VaiW$%je-U7T@4 zWh~J#sO2V$y{=o1iBeMqws^>OOTctCd07&+O7)Ry{bnJf%0pofA`DKwXF@wZYUK~` zBb?>idJ7ccCrw<$v;6C+GfDUe@zm7)A|-_CxiVkAfu7^@oJ-FqH|18=>?j+}Ukstj ze?UpprPmZX6)I%d^;RV7HvrLel6ziZ3B`3W9ZSn*IVM(D0>3=u_9 zOKZM1qwM5Js?YX23$ZKVJ(AI`l3zO&FHwFpK@H>9k*)-iaTp|H+b?89JEPl=egPtU z*<=CH3I7Of3;;cWTj6-h?|k_Nm;_sQwm*|#G8$j z7QSm@-F2>E3^y+Fjdkwu#V{fEDXHIRXbIBL91!~oK`AH#{8mH0A>p55Y30`jk}!nG z8Z^WP5(II9&>==3P{FN_LkQBu0=TanKmu?O2Y&#b$w6y+Uxb5rP1nv#N_Hy@^c6jF zf&GFO3J5#E2H2HhnPCxY{wt6`aQ!#%zR=FspTi7t{R$<}x}a}C(}G?VkPje%H=yzBOPvg3i6$Xcr6iSIA@#ahG)x^SPyTh-v2Uj8= za^K-jC#Kae_HrV;aABQwCa-9_lJ#(dj=Otgk;xy0a<-IZgeU+bDKUwETKP0Wb{o1-0BK~vA zraDG(AGJK|Xgg~qdeu-tcy=8xZl`XECib3W9A_b3FNWS(iL&{M&xG7>9)88a~I?g@cz!trgwVHrD_j8kE5v05EL#?D(kS8reuKWVy z!~WuX_B*vZC^0pc$UJBxxXo(8BQp?v{$D`HzdVV5dzSy^U=E%o5j-fwp}wy!BIfCi ztt!Fs1A!>jfuyI6{xZpz^L2s!?$9uG@fwfj_{Y^hUk=qM?c@ix9_Q1_pPG8k89Ivk z?V8n$qf13j3?(r($ayu_9ZPsHB^p00t5Nd#s-)66+UvDwfR(!e)0>c2Z*z&PZKegW%^e*d&qdtxd#&&x4#xcx}fs^~?lHS{yFPp*im9^vOYU6OnOX&Z zCfD`T!eqc>(**VOF3tW@Pl$|%cF)WEmq%IW5VxNpMYHy-MA#~ZjdiOgYU&p6glnAL zVmZep+9nFyHlbs$=?3pg+1vktsh;zb!IsP)m1aEbJ+r1c+dmVZ6b4^Zm2RxtVU=iD zkY_ZfeTKgNB<#y48v=ko)hVAs_P{9?)r|EYhfal>N8NbFCf8tL3kf-ER<>KpXIsDZ zE;T%v%djv~NMxm>m+PlBzt8%VHs6(q^Ixz0VgPPJ>)3ZhNZHfi?BN0*xzk6$wJ#UBBpLYhW$brR&FyW*5>t)%L2RQOosjo7_i? zOkGkYHnZ!0_VMJq%mHQLoI4LgZ^h4@gwqC>>l^Y?OtIO_4EqKL@9$fuKNhXHC8o!H zcZ?E9ns{d;a&WocVLoXU|7_+SdfB{_idaVP=7Aj!j~vkzh&Z(%_iN|;mg{X28Zzg_ z*TQo0*Su6I3h7Hfz!7c{eqU;JL9wP~PvYoueV3|KguI8}i8|$L@tNVbSwb5!^us(= z4p%o{^=kLWtZ!`8 zzkFgt&pV%7MmT@tr@pF1aaPd&skf3b+l`m&PtOmDvb(5;@!!daxKmz~b_l;-r?Rg1 O=B8~OXZ>?N?)VSM+ZQ_k literal 0 HcmV?d00001 diff --git a/vendor/github.com/google/go-tpm-tools/server/secure-boot/dbxupdate_x64-2020-10-12.bin b/vendor/github.com/google/go-tpm-tools/server/secure-boot/dbxupdate_x64-2020-10-12.bin new file mode 100644 index 0000000000000000000000000000000000000000..aa7b71627b0132d1fde03861cd54e87b9872d111 GIT binary patch literal 15281 zcmd6t1yodR*Y_E^yOc(eh8aQ{N$KteVQ3h-M7l#d1nCf@l?LgQQb0nH20=QP?~#Bm^cgq=cLNy&f)If5(6P)Ta1|cJp@WRc}-y{p+D(Q>P_;nNdYYTr}0>Xh?2o8eafU(d~bWqVrkae^m zBw(WJ1ttl$o`t)uowJPx%o#!m#=ky@L4u(PwQ_}EZt!4Fl!Hb zX_%V}%+12X4t@n2nC1FB3JJr1d7fTLR*7C(lAZ?)fq-c#@OZ#rUN9d-kPpl!Xb4|I z;7i`Wmf+xs{}mU(V6NXTGXLYEo}IH5%-fw_NA|t~y%N-yUe?Fb*238adc6RLfEfRL zeef>;B?Lr(1V4_A90CF%Euu_`GU-h)+`QlT4?tex4Jky&O8X zthcd1E8wzH!@ubS-oMv8xbyOY-RAZo*9X5_w==sPK7xj4-0aKC-K$kc3@(HZ-%Z^VD;zcSX=e$8kpH?NDjEqM508-0T?jiLzaX!G5SZ@T;w@B4FnJK^gA3`g zeDUHD8{$c$d7a9Kqm40UV6AI_4pkYf2$s*kpDz<3W$WSLBFxS0?d{Fw^mlY~S;CyS zT^#ISF7DixZjRh=f8g;B4`XS`>mW9}{)ZEMmy?H&3w|1Gj*ba`W;8Sm5C~NptOC%-((zIds$qsY^U>Bcw1 zF;B!8Lg3?V;n%^vM=2%IPQfYsIUDjFlg)!TPVkZLJ@k_kr?#s3Fq_$EYHcsKb*V;^ zNKFe_UF|DjHj%d<-ze5ieZ=3Y4;U#nqvdIONtH3SME`PhUzM=%%so?tu=>j8IP0x` zjd49D{-M8C;*2TU6AzA#;l=q@%p3+|=R3_QlY5-CscfI5;aa!_*TOfywGi6^`)$-O z2}A+BEO2nr|BAkdfQ7DO7lnl9pV<9FBI&hl?cA*B)h*mSeCbsz+#H}DE{+zKPmOTDM6l(ZuIL`#hQXUVSEQi%)WpjKwX-b;GT3PKvEvp1m zFUcRFt7lm~(+C_2S4*Ie82`z=l6Mu-wYNPseynBxKp025WtHjjC))SvKGF)J)mzc= zE=|QWD!bJiPk)g2%yy4VZ}o9+JlVe;i?SPk82haPpR=6{ILpO@d z&}Kdiys;aXSK?{fF_{FPbe%M}`d}2X|IGftryI5#^151*$>piT_RmCu*>t*%PpNb- z*l^>Ou2@(JAD+$nm%R0AK^yYjBS=hs+VgV>7T`$maJpOeBcDdP5W$A2?i?jr`Y}eS z)XRMDOUxUGuDYXn5x0sXM@ldC1E%e4$dUqr4+BXy@M2>`Bg1yq#$QQqRB?u-Jho>y z^q2Xe`8;@tle%qLa|wy)Tb5Y2dF={sLs8UQ=nd?fpDO)}yF(&X1?#x+`bi^Um+@Tf zLXDp`dzaV8n8OZIr4CqQ6Yook1XJ0}eU~#YGsqK;skl=Uj*Pxlbzj<1 z3h$ej_hIxfgnYd`-16ly@0_bFVI)<0-94wY^XQ%)|BFpE&-z+(6h^J;Bww1DY)Lw@ z2yK@ai+KD5{A;sy)$qjp$hfv&PxbC3PgrLzBm~q4-)3F#A{iW<`Tv1B{O*e>LIg9jS80YQ`NID<)a4f(mvo{s!wP z4i9;X?PYAEI*{vU*G}$A#c_mnkx|&q{9dDjq2^A)`yIJ^iL=P`Y}U=WmnANy9P{_* zQsPD?6Qj5%VtKwJtHiY46I_}X{Rxf5*!jRn0m>C93aG`8Xv_9OC2symBjKrq!eY`W zRPeU1=@#k!CG7D*r?HP8xGk<9>N>1Qb(kkI{o^cGBA@p(?(0h!9X?srVgSchu-Z@3 zl>jZ8PVTA&e)mVXbWGgIa@BUW!bJ^f3pWk7IW_y=yqdB`$w?KaUcI#0UR;mG#5h0EI{8l{w4trvx7* za0n_rJilZ9&hPLq{*TxBtFsCFBdyCxK}f;G*ZCL|7e~R}5lRoUhG*S>S{qyp8JMSy zqlG(!0!((zVdLUUTR6j6JaKxFCFBp6e4Rxa|La0&d6M1L{UE4c9L_YdG%# zrI+;du!XtVdHDXyzV2>*<#fnjOK{--jhFwePk%iW4la%s)Y8)pN-qVk z9w6*s*595o0zCZ#qSvysafbJI@NM%ycQwOi*$)zMYOO*lJBC*utSL?A(Z;;9xXErJ zc-%DJlGQBTES=$9p%#eiav$d+&}qQwbC4-$vdNk@auLtzjbuhyNe!;0+L?ck=4d{o zye-<~3GIEDj(dxj-R^An1;fk$#wWE`jEn1KMw}ng_-?12i=u}H#aEGX0Z!J(Yr1g|Tbx1(vDx54#Zh23{Kd`-K8-(@@7uLHSUo_rPx;7@- zpwE%pgFe<$Eqg_C3w#g7f5kOt^nY&ba`GLrK|^zYb0imuRi! z%9x;h^cE>PPDuOZG=?n|f%rVx$5bM!-+4SZ9~_(mD7t^O7EITz#oyIE3JN;*U%d`C z3ObnMceft#O$vmEN=HruZ(W?Vw3O-Ppw8Dl4Akn+nE9h1u#jgf48_BKQDyiQ$4&ix zBJaoXFaMU;tCF7J^sv>PP@u-$YJ?izdCX^M35fq+JwQTC0XiLP6Sm^J{>$JBrq5lE zRxj++^LPCA8Gp4(0C;NmOGS&tYwkWVMf7bxM*PZfvR!C zca%_x;DyMiqW7rrH1blR*kSTE>xJJ+6~BBM8+(f?&28t98!#KT~53`o5~Ks{;xOHZEu*Lo5K*AtiDdV+;V zEoA&G*-yO(@Ls`^e~&|ONHDZvj&@FP6~X@%8SrrknzWreycwkdQ~lb2B&51_ZXTX+ z1^G2mxGwGCV-GMryt)?z^T9_P0(=6ze1?<+JYXTAUkC0&gm}S*;CufviTjtyzh*Ev zxEPYo9u{s;cL){u#_wHD{BJkW@_Ycl#edq>%_QmW-}e^a8hO*&B4=s63tIlgiKS@fk8!AkMCl0B=9#E{Ky!uImw z#h2A8*)Nl2dTp^dMKSI=YkE@`J$(tE)qjL2$XnO>uoued$ctK8))T&VC>0^`WYI=xu*8$)Sr zW+M1J7dIv~MTzh|1`OFXXH7WeqV1)4M%3HyT2ZN zcQ$2wC;CD0k=)LSbOrU(TqGBX0{*XKKA-#R{;tl0;cx2EukjWQ!F4lzT~wq0$`rqw zYfLaY{P1C5&-)neF&-X`5Z+RU7zs3db*OCm+0oQYbzp7g=PpGw> zo23O8yx4`y!{0*zPz3#77T~C*mpj)#My{`gS-QLY+x}ms8hqY5_?`%J8yiOUUX#`m zdruy$36BOEdQ>Gae0uVi3}KOh*pa|OV1d8ygbX5Q|IfahVs7sgW1_hRRuh{q;+?ERwn( zn}|eup+-?gEm+Tm?O(C}0(Y5d+S52*2V#fRG7~4_$JFg(}ca+vq zN?>*9jz&;ixxpTGtMIVlj@5iC{8nr8O9qZ_lFPF)0^@FGe79fU9U_=Ng&ye|y$*eS z5qyj<_w7gYH2dikMVt=p5JO#k=57KMaN2KvCx!kPZhQUIwsSTZ;ZGm& z9$HjNykjIXK6HMsz)dN4NxdJ1w-}e*Y(^3luW=$xelO-l)yxJ+K-GNgg`yzpOPQe5 znmlLi4`pp6DCbwyL-^jap9=fLm0cWaieg_psMU~#d z^v7$`7A8;IGxar1RQ);jd@bcR>~_zEL?+RxS7%%s^tbB3_al7D{%eqbT^fL{MF*AeSJ??4 zm|o|Se~JjuAKgAi5a4_LwO910ip`Z-w+|mV7^i#~bXg-cNMrIhheK-PnD1O9f_1d<-_{jL-KJsi0cK;q(I{|z7 zhxpDwSXE(Dzlx&V%WmDoMv6P+ecj6H$r6?2lHc#9NV7OH{@yEK_y=&W1l7;mK|1k} zFOy1XZ@g8bDc0O{dLa>4X09ShmkiCr2J$D|p+!HQp3fu`xUt;+u#O_jH)#}(aoa&8 z?NOyO)wmy!@1LJ5h*%xs#HxAD1`FhJkHizVI^$5qJh1V#4|q;hBYfWLQ9D0 z%R5|y(>1{icn@Z#MCG46bzn7Q$3_S8z2#Z=@rteT^?LQ4LdQ>zt1+7hg?#s-c|173 z>}laz19|=P)SCxsg$B|u&&`+!^Ox?eE9(!NVmG5kvU=K9WVix(t)$+Q5Lu#|)A`1NoUdWC1kxuCd*>E8+|N+n^X6`N9t!m>#_vd1ZcT zdh`~^zp>n9ISpvl`fA15`RIywpor~bM4maxPjW5}p06VtPC%Y@U`MlFRJb6PV{Xs6 z%-sJ#^v6o;Pa>$N@!=+En4%1jPdxvGZ#Tm$5id@GYs>TD#U$1;GZXVtqnN^Enp^3y zGLR>PReqk>y;KE@cpL}i2W76l31UxyJs$KJXE-8{uzd>TDO81VjHCxjG1{gi)X?~7 z#U_Lv*o>!sYryBaRsKF17s#_enYbgxmHhLrS*KDj9y6w6?uwEh>`LaG+aVET_e2QD zbGanhM3kPnYtTKTq^lsHacR&S;NdF2^`dO5gwE z7bg#4cVAbX$1WuHUTzfAf_W7^D`HvL;ecbB@LRv3lf#F*47R;g9BXWbOF-WB zFcCJ%s1TrCbpJuc?Tm{dLV9n46B66)wfWAGOG{56AM!zDy#5qZdORni_if}@wt?iB z*cKtaK8*dnu7IAI4UmtSkvI67)^HME^E?&D-omDG#xKe_;eLu0g&RY^fouzqkAGYk zJ@E;f8l%D;I>NHAu{R}psP42CbzU`t-x(xN4dknLsv#Q8#O`}(&$(=fg!Uli;Wl7l zUdGIC0$Anm3=4pKAJ(f%InS!O56RCN8=5H3<5COmbI@%Uled_}@J97q0Qmum?y|al zwqRFr&B_9K*}gMu*B3cb2WHX!ha8eXMmJp95zVAit7R9ooeOV z-g!&oeXIWDGd{mB#yc6Y-Tv>Qv^hXt=tB?7<6|YWG+vG-?=>QnEr}1ML6(YT=qJN< zNa&QvK%VC$6}K>Fj<~Q}cJm_I%9`bB)Zb6)^#(ETqj=Un90a{3oHiRNO0Pa56W==B zt=6yElCx*QroVIHddl!u|uP&Se`QcrDRP;kR6ui}) zMQwgGW&ZL^bEAX_)C|se9U%X51D%hc(?KsHgEs{u?{=d@F%)CXG>NA6E*sm}wu=Ig z&!e>5)1&B3t>^lRZH-YUQ)*N|*Ql5CUFq?QFMVU?-9Y}ML5(h^4EkD}<@s_r0XTn* z*!w;kL$U!utx=D`CNYAZe5lDqa}qNWYz)@|E4D|41hgZ4!)+N{$rx+bXB>k#0_{VO zy7H;Qkf$EBxN&8knVLSKb)OpgtQCfjcz|q5_1g~6Dz6y7@wuo@0a9y zM^BLA+-!t1qVVewLVVuwg%Yeu9!}7fh2F>E*L_~&{S40`zAtPTOhe`2c-8>4-$wJ+ zNecfYT1uyHiM5knu4x-E_n=3_!VBL{KXr1dJfQ)bMFV-{O$Phd z2UZ{nx)Pn;j(Lf?l0)6Bz2r0tfogquuCGl%-udTG93zli?88)L!l|;#!qH;-sHj!6 zycqNm{oAvxwLm@xsakp3PjWDHLHy9Iq3NPMe_Z7&^9v9+^rA>`{&{ounAJx&*c zh9OIJN*$KuZP^DfBD3Mw7?o$Qw)7DEX zH~@Lu{rfzF9n{uC;?W;dKJOE!l4W(u*7po@J{nZWD$JJ#@~cV^LmhHgd9m0;_m`Y2 zR4OYwTonvAFFBt=@=i=K-vIefJvhSk!MjoLX6%^3Xw-StI@>ZGUyb5-Lba}779DnnI3WMYmW~X<@R`=;OsTzgtbYU9 zg@Y=t->lKZh4Z{zzTp_iFN}(=bm6bp)}cmDx#j7P@j#JTd>ZRUD{4I)>sOmLQH_XaMG9W8!Ul^Pm~{};BeeDT~Xdz z83HS=r&aaG^~s7N#G8T^k}tkv_Mrw|MM=)fcL6!<;j^<=sC>JgtwrI~9veXW!DTOo zJ#X&NRXqE!Xu54j)Af0u4bmG+np8$=qg&eK0^}cS9W0Q2(;VL@-DZWfOKp;iP7$0c zj6U0P)9fuaNXG&4dByLL?@f!pzLG*}4TzW4V#;9;Fm-Fda=r>;o^c{Xh=(b+t~bY* z!zWz1bhj>a_uV8FDUQ_NjFlnZ8|$Opun*rBh?aGsnEt+F%hKX6Ig(vE zwLmvYWTxqdkRO9o`IRkg+nCDq6(YH5D-Zzfqns+Trp82d zTzx<>#ldn!e z_>zrP2>kb$a)R(1ad__EvY!P+?!pWl6-d<26JlF~O1ayTlz=?8=Vu%mm(RshM;^DG z8q@~s#RCoO`FXKgdL7i}J>5)!Jg&xUBCIckNWsgbEFwh8f#YYceet22*5`U8B2u2U zXF#5ys4(k|26*5(`6wl!T?!kQf<_jQC-nx`a})hkxVMem$V8hl z#t!3~vOh@yf2Bb#=1#@KK;RQr5?l@QCRU1N#tE(h!y|I*8F}%#lpx9ktR_y+a)CTm zViH-|wEG4LOPSBDR}ZK+b(X5Nf3W{>yX<0(Aew0g@-(sf-IvYpV|hpSY0WZ(&-mu? zk0{penbhftvgb#YA?#l|ilm5xCDX%2P>5_ReswTkL)(uzl)lMdp5E>1rt9d-%mCWwoOm1` z>~ibv){5*+G25A4@O;O-a(i>&jgQ@$7 zG7*WTPHMCloNu;(`nkHv-D~*~^hadt(+*!ee|K`ijX}FGo2Vz`l5bBZur!nlknK{` z+zo*Khzs5M(p+Hpu0YbJ&B`xKR7{#-&7@ssVQWZ0GLVx6q5hP>9&j>fs!c6l!vU4P z0tsKyfb|GMKN)aK(R7#{wR z4dq`vW0l0hY?S1ViQGoW*Y|BYnQ&*j^BuxG21v&0maJj|_1$5edT&f%o+cGG2=#;9 z6_sV3MB@eOo-YXrWK-k45f?WFfl2i-nOM(xKTjRdAHB^a;UA-#jIX@LY9QbCqN25} zn6x|&u>3-1PqL=c(t*5w;txhwhC!#qyHs8bCRP~2>rFicwdosrvY-;&+0W7zRrwy?at_A ztHRVvt($8n=b{MprzIVxUOlDkU5>ogxxdC6=9$c+c;XS<4+BTO_y|GJH|ysl`FlM#1XZ3&nFuj&?kSqwkm&z3 zrcxPo;tfJM{0g*h>ppo(&H74nTYLY?!25Zqjr5a@;F}Mw7&uacc?aSV^v$X5GyE5> zBXGaf2YQ@el+dfJt;R-?khIazjxNZ_rKke!JAHo3qqo#MI#B%5g}gP%(`3F+8XVgIa~?`Gmr-NxP(>d}t^@l8i_YE%Guw;ouC|4wpd zMrJzIK($9aDJ|O6&P1b0qT~zfVfu~`An!wAMaU3UR$u2nU3RjYI>%z=s*4r)gx^n} z_JNXsC&IkKCp5Hpkhd*zvQxuGY*0LTiLBz0#)7LZbG5gvQ~WK2{>Z0(?{&q{JeD~9 zDn$@Sb^VvzTSY?3ilfevTSr=H5QO?FP+{~X7LN$EUmbPIuuk)!%$LF@V+fssDP^L$ zi#ifB(EpIiR{3|g94F48Sr?=RD*K7-Gniaoi?DIB)gxFY_z?D2w2F_=-2|S@(Imqy z53VEdY@zj&V*|OkLk@O_7vUg;d3YR(!YroV&5h>_-6WRsw|FpkGUjX#6ZMmztOxz{ z2MG0We98>2-3Wp5=kbHa;Zle*%9gF8& z3xUs|Ce7%4Y%~xiRM{7Axzqfk;?hfHWQ$v*-23&=gguZ?b@BP`Z;_rJC%pYM%S7Kg zAR>z6bZGcpv`uk(o8Pf0kWXJ%PgS1^df)rt>M^TMG;s_a^@e`7hOU1T2d+LG@s%IoufpV15EtL_G1JR1juLCsCmsg zoXnJEbiOi^$}UhrU5=IS-H-Q5!465d5=58}JY~uo0n?Zb3I)9Ld}6tL;Ba@HUhmQ! z)!E@qENPx6HPC*}_r@rRBG$UeCOjY7)v$&ri#TQJ&USlr+27zB|g_XK=5Nbp+b464{9El2grC zG2oulaan_xx6%hK7cF*sGS3Cs94Nr2d+on;}6gLElxt9+3$*HyE z*Q{3&<}I(@5Z&3H(<7Yv=~+YF?ZU?TCAj|d^0e>;i7|3U`FKCj{|;%BvoV(EZ2s}} z7s2jwM&270N6BXn{$4-s*~K;8MDVBM%vxmQvr6Zjt@CXcS`?Tv%6Z_JO=-XNUg|hj zpA3S&_1w=e=uQnFJ#I8}D?fQz6AN>8duZE+mn3N1DMeu)1N5g?-RNkSu!N>^onp`- z_AQoBKJ@L8s%LW%y6GDAKsG{s(#J_Oh&y2#cXXa~c}No_!B7?ISQ@j$(dL`hjdKz; z4YWUyV^z{Dv`$rEBc&NYfo4xRF3Jp>bmmLENj3OpjS*qKI>LuURI`KU(N_}n(z&%* zGMyZAYw}0XLRq(<+mO01!u)FV@vd_V14n1HpW%2wOvmmDM&3=Q18kqPq!BW?uV2D| z{!EY*N_UTOiN@^&xDcX5j*py&qA|67f768PTXnQ0$pYl(vWVU~%EwQiw`I7*2 zJ-_)SE>DAU==9-LL?X&0W{O?q;ZQo}x0+|t4nOWA%tMxtpVx;*maj|?XtH2FZLC;H zA3A=SKDgf2o3=<|=Y0yazm!xNUamHVdmgOw%D>}BC24d2zI(<`jv<3E*<7vyg!*S$ zqbX{)b*}_`e-PjP6fGf*kptC2ueq|Xw}y3-8s&{#vSYNqDa$?{?Cb>E-wcP5 z1o}SV99Anl=E>OQnVf$Hd$?&qI#3{fAu@I{1mr(o#fA4^wyGF81l>QG!K9Fz^=*Cc zZM&)PM(!$`&KjYA-w!RZRrsa3Ej<)lXu$RE*7Tl8vPh>P#9N|Id##?Yug$+f5L$F>BuqS#*uPP zxjy8&x@87u|z60xyjCl$5Qnl}~rnUEo#6~q>Giwx*04u^8%qzqauKwcXY^pVe`yI1@e b^3v$IYcqE0MuT@t#Y*|a*OA^l?S%gW_`RYA literal 0 HcmV?d00001 diff --git a/vendor/github.com/google/go-tpm-tools/server/secure-boot/dbxupdate_x64-2021-04-29.bin b/vendor/github.com/google/go-tpm-tools/server/secure-boot/dbxupdate_x64-2021-04-29.bin new file mode 100644 index 0000000000000000000000000000000000000000..7c282d1c1ddb1b0010c2a2a453d196baf2e9fd0b GIT binary patch literal 13501 zcmd6sbyOVBm-ZRlT@qY_!=MQoG`K^6;O-3W?h**@1h?P>cZc8>APEWX7BmE1^3(73 z?7sWQd-j~=a2Trl(@)>7zV+0tny*N3hzF#r4kVLbi^dxDugQ!Tq}c_b56#_jw3 zwOI)`2z?V41meH~V<4g!hDn3W;NW3F2rytYL=>hl>9AiIAS6(35b6~;2mu)!1otx+ z4i*Fpi^ugSM-yG?|8%ddh3IcLq4}fmk4r#kj|zbS9B5z^L^ut2L_AmxH4Z#5&YuP{ z9;&91v!#{2g$u-<0~?I_=O7XulB$`h9mL+0gB(oy=Ljkufr6EZ6T}%}?m{UJadLn- z8M#mkON#0!Tp(f%#B$NkEM&&1F*FtoO{6LK^c==CYT`5W&l z_DVd1mPks26v`SUS8W~hhYiP&DvMHKb7X-nhNh7ucW3{f%V#K~H)jhuH6cy!7==nq z9R|!pve-?=1ng96>Z7AVq#}ej@52;}y=J1&khd#|8eeKlHjFA6mn*m5jl(l-8_eDl zVH_O^UJrKAzVy$IOjkvJ5%!Vd`(x|0awwW%Sa^lVp zOx^V5EuSo6+vHJNTkNrt{z0apVC6rjao}aZQiYOWaSlc>{hxP)hDZ7DcckQC_V*-n zrc`z{b8>-Ds#=*qI0*lCLwE!{3{FlyK3)!HZeA`hm* za}4jS^pU4#qmf8bQFE{k(ouTtice0bB;Qg*PLrR^q;27H+kNXCkwM?LZJ4E4XgYrA zFMGQ;Uu8ye|Em|T$w))s1KFJ z-VdI4$r$PXSjx2T95YUpx@Z(0W_iO?LH>*K#g*sxc57eKb2{y=cM>Qj*$m#|rwg#! zyjgo#>T4{dZlMhcu``$r%pk(EbmWQf%wyOx^euKVGv`My+~aR*2u(+QWXMm z`QwR?&dAHj%?ak_;N<(`iM)Sr^89K3U$E`}$qoB=8lt)?HJ{Zy>)YGD(e#pl)kDJg zD!b{zv{i$3V7GtZ-?IM3gwqFyNC|Ttt>gtkV(j3>N=R)+Cd>9kQ~W&2>RLB^X$6>c zS^5l7Im5I>#eXgR0G}Yr@`zp3%9Te)i4uBid-VgP7Cky*}9+aU5JUzXquU+odh|$o&g0_K7*`l$7;zZUM?-xa`dILPWWvB$|MCF@Fx;aZ{3pYcG*=a0_0z)X znpb>Jqk$~IPiKWr{wpIsCN1 z0Ac>y;FQ&bv>a#CzTOP@qWhw`)dQ)3`9AX-_v?^@pphz3I)^Nq-TOGKg%pa-?Iemi zCiED&2L?uL?_Uc(MbmCA2*aL-SaAtiz4yxyKU*yCxgN>y+$t%2SeyE<7oQ-coFf&B zeav;gLwMl+6+VSMLE(xoYS}Rc@WUZ@F>LL8 zjoVv&D;wkVA;(E#$BfZ&uS5j`Nh}tBi))*WVzl4EBq*J`3Y3)5-YScVc&@N2p<2_s z*{dF=Sb0}t{R&5zlI*Qi!w;mm0mFZI&TI5l){2CC(eiK}cG5NpeRk58+Ox9uXFFW} zE5ovWq+Y6^le^O$Pfo+G#flJ#6a-=F z4s|~;c(8nGxSd*44F!IB?&sH$>g5wQhY#$MTsEZAL0;sn$6rTzruA82HWiRkBBWl8 z;8(#c^q+O(W4qdL=aMv}8=mRb3}`Cy&Txiwz2^u5^*;`??#Ch-9GLchz#aeF+WW87 z`(H}&$669T2n6FxG?EBMf`cpi@>+aI=u#E*wTSedHo z`%`cBx$`^JXN3Jd^2!M!6=kBoc@xDMD(L?I36*>$V&bQxr$OY7Y zvEt~$fW3<^CVx7uL{_M}WmhNiw$xBTlp?__2NlR)um=}hXWh&vU^y|+e%pYPiEV-&dCL3Zu|8SF=ycE_mYNyb8Gqo6qww zlGBCt=b;+9Igr=7Ng_T@&es6F2>i&b9iw|_%VY9=+RTtxa{0Y&=zKdy zI}9)N&!&O=l*s|ZrC+Psi79KB?*rFh0n_)e97DW&LN*r8lhI8(AkR3suUaq2pBK%t zcxYd0=yNQ1z1n(@W9F)Rx`iJiD*@!=ZniP4=D9>-go)5CIltA-psdi-(Jwa&$;>1> z6`#ukd2C3<-sHiZB3QuXJRmn9ZEY%mIS~>&}ho`O$R52aA!~W<`_` zxXFbk`HU?llCBys*=WkXCZGd(=Jd&DVr&WbyaruzeHiq}w(nQvydVz}H|#cXAggpf zAkXFyZxL4f%UOk@j`0JATKqBY(&3?m=U(ZZ*$BthkZ5h#?Iy&FO_8<3ClXun`I#H zcp3+pp_cJeFL-5KPMdl=j7{l|b%AHOyZ)tX^v=W;$OnBBn5e%*7N5vY?VAoC&(szj z7uvzb)PgX7ef?b1zyioe%}Z;aBsW~dRDVc9vo^A*nD>gXfA=cUl*ox{KwGi}$j8Ly zM^0{|k|LEmn~gFYsT|GdR*tje zelF^?tLG?XpWoyG`F@m+3Mtph#cv58s2iG|+`LW7d&NSrTS(ZV7sVCPdkf?TiF!(F zkC*~U85&ASae#?zDdNSa zS{TG9ut1*kA_+Y|dl5IkM{?^n($t*cVa&%%Y-AIc%QuFx9}UWHvF8j%3sS1i2!wYo z5301PcciQtP${3?I$l!wPRg{h1NG&?EQ{vM+P^=RgE6-cV(?0%Q&kh3w+=X^!tsVX zIVeCr@@)EYBeaiu93dMed42q@8^N(QBuzcUOJYewdTr?j$bUNEfk!;G*T{INhr?Lg z|Dn!ax)cOXW&L%AswvDKtY`*N-Qw;bmeP-*u1y z@;OgT4mFATlIqz`P|cBQC5mk}hf6K+z{p=q%>;dxMwX0tvOCYYlHMv;{#RBJ! z~b}zxOiRlmd1STVKvHjHm)Ndo3 zwo`*aHi6L4z?GCjgdS3ILLvydHRW)77sBs9y#(^;D^xI-K7LmQiif=KV7nX=UZ4un zjKtshKNZJFszHAW$;(r04bZoNGaZoKoEW##F>5rKxvP^j^^IJfova)Z^S zxQKVp_zst7gAom1_q{G}asi3hal=I+Q2*4uS}AiWK58eYK)2_kB6pfRd{wF$CyQW> zjHUvwGSqyE(JSw|Pkj8k<%GZGhvC{mUcU+q_gY-rN83wO^-LP5`8rrD@U%#i)j_*q z*hKk>21CNGq%j1?;L`|F#jlPXO{jQUmoGMc-k0Dwke1$1Z}h*QS|_JMzhEU(a`~=& zGR4;pjK5#CJjBp>`OO5~Sh0eQ7s?kza1^oGzN*N2|NcnX7}WfJ5+*#{bpA4_68{D* zTGmR&>#f;AJCnvrn;51$^V_9(puYE~QFW6EED%KlvVL=``*g)jaQ{nLO+&#Ryi=C_ z0Z$;m1H-4+i3zV6xC5i&QQvxzulduSAfBq&N87-9jSle+$dlGDjhqhSPL|Xs#^O2N zGpEF3Z6HxWzNj-;u-f`L69ReR3Hs5G2NEyFHfdVu`+piN>1y*oH~*FdzB)d*{C{fAJl)KdjaH^ z#spWpF*j;z;lpR0a<8Q>dLfzx+MV9?0p$3K6|Mb19#-?g5sQg%Bl4q5Vz(Q7$#|I& z<6`NZ2_HO%9+2mc|M`29!9PD;-Zv4Ag;;-8erI(UEW43hIqNzXRWQnnvOj+I%VrK;STKd>K5%U<2qksd1nLKt)_rm%-lr%p`SwG9*NUur?}&+` zFB(6-6yM@?agzg(k5xNfBDhkW*eu><O_sE7VRw1M=ytJQ*cL zzanQWTjX(Cq~F+(ZiyS$9M(&ajy>_=GxY}YIfb8LU(N}SJcz-x`o)N=(PcCH={q%` z*gpi&&)Z=`z28}I+|HLyF@XDW1#8!|z5R%c*r~FzD^;2O zE~L@=aqRPClcn3B&40+kZ7Z83jR_y9kK9Hbxw}iEK>6^Jz*xn)#xFIK#rAlu++lFJ z=V?w%5s*h=_$dtrLe3LV|S|~Ar_23^G_P(B)3!__(LmrD!&#vS>kSB?YCn%kB-o#@l^`Pl6Cf(9l zu2R2dzIM9nW(>obZwB&Y(ONxs&0nLr#*WAhQu%*zf5AK>T7Rimt0~Bw8&L{1ekq9J z!;Y8rPk(@dBwI170=dJ&K&==&4?<~XJ!(FOi9mgN^pLvjuoDy98tV@m`_0Q&KYWof zf^;JI9*E586(6L4JmXlQx?%x%o*;fG#7Y-G%LX2Xy24v0a&&6 zligpa5w*+aU9)kednR`!eRs**-9ypYpOy;LXPu0V33Q;D-dU9-7P6c_0DtNHBH!NZ z|MYv$7>KZf7|3%FGY#k{cV~h>jwQAvym${%iw0%k2P(pcu#B-LQ_vgP>}(iwWpm9+vH zt=d7l_o2Xec-dyjC~H^X5*Tnf${?tylRsdMBGtB%KOM8xwD!3wL-Af5o52wrl`KfF zq#~?smrsedYFp#c9zvJA!mBd%(}4VQvjwYeo!`-7-aI&Q0#wg;3Ns<0*{CPlht^>p z*2UaF{)L^D?lP;S+X~6Z*u}On zuHs1{1pkjiYj``UoyTGt*GEwG75}!aqun zl>Z3qZ0~c&@bo0SdpcwlViA!}C^~&PiJ~H(2Wyq60pYud5+DyGd z1ck(@*7e#YmUf1pi~6%NK-GsLsDpOeO*Khn>u8|j4iNtX8CVl5cw3uYjI7h(y!9PW zUoI}-$>V$Fp8oeH;S@Hh3`Vm*RL$P z=+GB>a&1Cf2JyygmrbMmwVWYcnp1iZSG{tJbD+M|1BpqkNaHR1p(h?5$Ck=h9X56% zEWN680-@fU0nS<=uelY^e?6v3-QhM~&2e=Y5vguUr{;2u;uW-TkujT`0_3&guBjcV zhV0@F-5+anUJ@slpMZmnP32tw6|CKSk;^-m;u zS>guM(B!cD8yVJwI%yksZE>U4mufy&0OL2S+a7!J1+I@{8Ao;5c?9DV=S&V!x=Y{y z1RP%Xode3>%s=4e9`-(cp^zn}$49?)D698WWMF$-p(5hK9RzoJ0@Sy3p1CAt>`>iR zKYGx1{}5~;o}L;=Z2UmQk`%}_7z5>Rc5Qnz!f(USuj>6>Zf=Vx71r0HBk=Ir$jHZ* zq@)rRf%iePe@#9~}r=<6RAQR}LsdmBC4DZ`!4P`a}SEhdfEt(@H)Kt4h@S z+AlqHoQk`s2YkI+5g_ilNLH0{An()*3G&%bNJ~viAsMW4iNPmFnBAXj)Qc0XGyg={ z83g1#h)l7mB1-FPo##p~4w4obOdVgN_^0!DX^|VtJ$HrLPw)s1E*#=&3!mvyu@D*( zPFN-=_f=VPd`(~FZfO@o1GRqfs6QMjAO3tulpP zs|GY)(9Y%c-F}*qo`kBe;!G}X1~$DKf7m8P;2Tn|I@P*;F4vqJ&cQOoB)Vr^13quO znRVf@jKB-p+@@!o(i>~@nnlCXF%jsEIv{5h&Kor-K9v+dwJTO2st-VM?3Vxgd~F*-%bW zo(=fgXZ#S$s1b=9MM1i$6*_|v+3THOHiZI}KdHeDM-mCUJMn`WC+7h?$=Q{Xf|$nq zKkvOyyNf(R*Ma(}MZ_o)62=&3Zx;tuSSsQ&T<^raRySrC83WvmXab?~A+>a%6=$B} zxJ}O*;j1D+s}yVh;JA#_Eis(lIu$qj22ekpfpY8Mt?1V(xy5qniy+Hg@nVNr-J-RQ zabX|%q+BN`UOlfYTVtm-vYcc@R4)E9m*^>ltw^a2MEK0|dl(D{kk71Ea$B&um@iH3 z>M#(?%u|40iI(m=ig8Os4SM(R0%|>;MVB)QCNmh~^ZV?YZnAQ0!@EJLdFKpoZ!;B* zpW{jj)X$z-YGT)SA*4UuUE!|{g)0ydyexw+^ep^_@Wqc>xeUm^pM8nd{sgU?^C~VY zzrURO$zdPAWDy1(RY60zb-^ABkT3k=(bV6Or_S>k`Km>mt+%N126xZ965pEVpaGm@ z3bj93Mmsw)|5dDsFEb@KIT!NevbMaa*}3NPS?&>)bA7ZeP`^@OGqPJsG4+Q|T^E;{ zjC7MtGo0Jr}LM&z~-Jp*P^98tphn6L>}(Of83&Y!2B?20;OL9%CCA~ zrE2#i`Qe{88aS0*e5{U!*gJV!wqeA-(Crcc2g^iN8A~ix8oz47M$fT4rhUOzuIuh?oQF4`!Pd zHS=wdmKba7uhs@Y>#}ShZO|4Ty?Prd1!{Ai!W4QDeMSQexEfh^5MBbUX z4p=JfdEqpy>qw5@c^+)cYWnH^D6&OZ4|l^x$G2a!s(}Jl&eRz#OnF5Llq45G{jWTRcj%lA z^1*Yb4`Fd|GsuZn6{o`~$XC@R;x^Z>p!O@4VL#LdhnKC+4XQFAXEm0urVO8dOc~l} z>r4KDXXSng)L)LT2rW|@N52Ww=q0L zUkzbeUn0Cqre=XR(roVUY3ZFDGiwJqoAX&}{f%tDLVyb2O zsV`FSLiy)^Y=_={iKwC z&Y60^IrF6i;=N^rKbR+cD=>aB4CMD7-iG!fw<_q^1iZSKM<$Y5@NE6+Zn-5hCH0U= zVGgw(KMF1~moY*qQL-M~z+Q%FW6Y0Rfh8cU5{RNdS!w98O5B@z-}_O$jeVYWciC_ zqiYV@zMQSg@8)gXWej4Hfc$x^-J)Y`vVdW}5=&<>YBJT2DvNJ)VmiM36M`zfU!eB? zhY<_~m2zLW+l!r=48qrEr-Z;!uO_g*Ml7poYv{U%0QD&dk={HLCqVg{WY2Dm8&mrPc!E)saEpx%GPbgwHuX>YR6PMbAEM zaBnGJEt@cTiS%< zDU$o;f(WlHAg{}G&)pH_wcjS5MMrjHEv5vs$y1?lN#2tx*?58($q(ey7b;X%*yRWV!YBI=%w!a7OUp~O?pwbC`C{Z!f0d43YRqy0*U5X!%OqDdqYY8Me0-ly zNO8AGq4sk+=8$bcIeITb)CRwByUu24nmM&TxEir=lDsN-qsCYZ)E`Zk6G4b;wC&Qk zHRsV7`8jto@yx|^N|J@fXhnZ@9BTh({wSs?Xx+B@MjqKMF`7V8MUE9lCWaDb6@AtQ8?0Sxn z_n`RW@Xp9WJTu=NC;T)GmftI9J-S+7l6PIcPNcTA!D;bJG@yM2G}k84>OT@&(c;97zv0b(%Pnt?NqYwC-@J{eRLeZj^Q=G&1e9>?eJSd^|+n1sq{6Az9!xXHu9d|`$g0)9K;uS^*U1!B4Qha{bm<`lV z*FIE4*pzO_p-Mz9)G*l#ZKIYa{$h84nbN&YaXTIev{sJ3QHCOQ?zVrTuMqNDk!xP zAC6q!v}iGH6a~r;bs|qb(DLL8J^4}xH|<}4Q+RcOWP9?vdHzfDGiqucsPF4x{N?SV@md!2= zQ`XPV3%R{Q-e$YE!9B&se9pybyRx*WU7M9y&U59h&4t3Db$jeGm{>C#gBiU)<~^v^ZF4K_5G;rHw( zC^xS#*<%ZSu*R|ZY2OFr@+)10k znSZhFYrU=Al|@+{kxcsfwkM8h+;jSOGssru&>x2xg5S#a_v}t(VrFDuTx@AzZXn3U znb79J*!IJTk&%UknTbWfKol6fvZ^e620UzB+H8z0j7{cT%!~%yAYp!x8ukX{zy-!D zFmM?e!ljoa_-MZTRGS?$`SzKd`4aY-9_fYorKiu-@ArN3 zqSLlc(5cvFZ^xWTOOrC}H9&a(<` z`SMxw=k3|Sm-gzf%_>!MP1&_eV_JLP_79cezpD6byeuZ|`84&@bBzn%Z_JR2vz)gz zwPEk)TSE2$W$BvpFLHCqwNH;Jy8W54#Op5muCkX|f9@*Xc4NA}p6lpa(LMayD{uGi Vug_n*X!}uLFZay{!zOGK2LKf_J{bT2 literal 0 HcmV?d00001 diff --git a/vendor/github.com/google/go-tpm-tools/server/verify.go b/vendor/github.com/google/go-tpm-tools/server/verify.go new file mode 100644 index 000000000..050638f6c --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/server/verify.go @@ -0,0 +1,214 @@ +package server + +import ( + "crypto" + "errors" + "fmt" + + // Rather than crypto/x509 as ct allows disabling critical extension checks. + "github.com/google/certificate-transparency-go/x509" + "github.com/google/go-tpm-tools/internal" + pb "github.com/google/go-tpm-tools/proto/attest" + tpmpb "github.com/google/go-tpm-tools/proto/tpm" + "github.com/google/go-tpm/tpm2" + "google.golang.org/protobuf/proto" +) + +// The hash algorithms we support, in their preferred order of use. +var supportedHashAlgs = []tpm2.Algorithm{ + tpm2.AlgSHA512, tpm2.AlgSHA384, tpm2.AlgSHA256, tpm2.AlgSHA1, +} + +// VerifyOpts allows for customizing the functionality of VerifyAttestation. +type VerifyOpts struct { + // The nonce used when calling client.Attest + Nonce []byte + // Trusted public keys that can be used to directly verify the key used for + // attestation. This option should be used if you already know the AK, as + // it provides the highest level of assurance. + TrustedAKs []crypto.PublicKey + // Allow attestations to be verified using SHA-1. This defaults to false + // because SHA-1 is a weak hash algorithm with known collision attacks. + // However, setting this to true may be necessary if the client only + // supports the legacy event log format. This is the case on older Linux + // distributions (such as Debian 10). + AllowSHA1 bool + // A collection of trusted root CAs that are used to sign AK certificates. + // The TrustedAKs are used first, followed by TrustRootCerts and + // IntermediateCerts. + // Adding a specific TPM manufacturer's root and intermediate CAs means all + // TPMs signed by that CA will be trusted. + TrustedRootCerts *x509.CertPool + IntermediateCerts *x509.CertPool +} + +// VerifyAttestation performs the following checks on an Attestation: +// - the AK used to generate the attestation is trusted (based on VerifyOpts) +// - the provided signature is generated by the trusted AK public key +// - the signature signs the provided quote data +// - the quote data starts with TPM_GENERATED_VALUE +// - the quote data is a valid TPMS_QUOTE_INFO +// - the quote data was taken over the provided PCRs +// - the provided PCR values match the quote data internal digest +// - the provided opts.Nonce matches that in the quote data +// - the provided eventlog matches the provided PCR values +// +// After this, the eventlog is parsed and the corresponding MachineState is +// returned. This design prevents unverified MachineStates from being used. +func VerifyAttestation(attestation *pb.Attestation, opts VerifyOpts) (*pb.MachineState, error) { + // Verify the AK + akPubArea, err := tpm2.DecodePublic(attestation.GetAkPub()) + if err != nil { + return nil, fmt.Errorf("failed to decode AK public area: %w", err) + } + akPubKey, err := akPubArea.Key() + if err != nil { + return nil, fmt.Errorf("failed to get AK public key: %w", err) + } + if err := checkAKTrusted(akPubKey, attestation.GetAkCert(), opts); err != nil { + return nil, fmt.Errorf("failed to validate AK: %w", err) + } + + // Verify the signing hash algorithm + signHashAlg, err := internal.GetSigningHashAlg(akPubArea) + if err != nil { + return nil, fmt.Errorf("bad AK public area: %w", err) + } + if err = checkHashAlgSupported(signHashAlg, opts); err != nil { + return nil, fmt.Errorf("in AK public area: %w", err) + } + + // Attempt to replay the log against our PCRs in order of hash preference + var lastErr error + for _, quote := range supportedQuotes(attestation.GetQuotes()) { + // Verify the Quote + if err = internal.VerifyQuote(quote, akPubKey, opts.Nonce); err != nil { + lastErr = fmt.Errorf("failed to verify quote: %w", err) + continue + } + + // Parse event logs and replay the events against the provided PCRs + pcrs := quote.GetPcrs() + state, err := parsePCClientEventLog(attestation.GetEventLog(), pcrs) + if err != nil { + lastErr = fmt.Errorf("failed to validate the PCClient event log: %w", err) + continue + } + + celState, err := parseCanonicalEventLog(attestation.GetCanonicalEventLog(), pcrs) + if err != nil { + lastErr = fmt.Errorf("failed to validate the Canonical event log: %w", err) + continue + } + + proto.Merge(celState, state) + + // Verify the PCR hash algorithm. We have this check here (instead of at + // the start of the loop) so that the user gets a "SHA-1 not supported" + // error only if allowing SHA-1 support would actually allow the log + // to be verified. This makes debugging failed verifications easier. + pcrHashAlg := tpm2.Algorithm(pcrs.GetHash()) + if err = checkHashAlgSupported(pcrHashAlg, opts); err != nil { + lastErr = fmt.Errorf("when verifying PCRs: %w", err) + continue + } + + return celState, nil + } + + if lastErr != nil { + return nil, lastErr + } + return nil, fmt.Errorf("attestation does not contain a supported quote") +} + +func pubKeysEqual(k1 crypto.PublicKey, k2 crypto.PublicKey) bool { + // Common interface for all the standard public key types, see: + // https://pkg.go.dev/crypto@go1.18beta1#PublicKey + type publicKey interface { + Equal(crypto.PublicKey) bool + } + if key, ok := k1.(publicKey); ok { + return key.Equal(k2) + } + return false +} + +// Checks if the provided AK public key can be trusted +func checkAKTrusted(ak crypto.PublicKey, akCertBytes []byte, opts VerifyOpts) error { + checkPub := len(opts.TrustedAKs) > 0 + checkCert := opts.TrustedRootCerts != nil && len(opts.TrustedRootCerts.Subjects()) > 0 + if !checkPub && !checkCert { + return fmt.Errorf("no trust mechanism provided, either use TrustedAKs or TrustedRootCerts") + } + if checkPub && checkCert { + return fmt.Errorf("multiple trust mechanisms provided, only use one of TrustedAKs or TrustedRootCerts") + } + + // Check against known AKs + if checkPub { + for _, trusted := range opts.TrustedAKs { + if pubKeysEqual(ak, trusted) { + return nil + } + } + return fmt.Errorf("public key is not trusted") + } + + // Check if the AK Cert chains to a trusted root + if len(akCertBytes) == 0 { + return errors.New("no certificate provided in attestation") + } + akCert, err := x509.ParseCertificate(akCertBytes) + if err != nil { + return fmt.Errorf("failed to parse certificate: %w", err) + } + if !pubKeysEqual(ak, akCert.PublicKey) { + return fmt.Errorf("mismatch between public key and certificate") + } + + x509Opts := x509.VerifyOptions{ + Roots: opts.TrustedRootCerts, + Intermediates: opts.IntermediateCerts, + // x509 (both ct and crypto) marks the SAN extension unhandled if SAN + // does not parse any of DNSNames, EmailAddresses, IPAddresses, or URIs. + // https://cs.opensource.google/go/go/+/master:src/crypto/x509/parser.go;l=668-678 + DisableCriticalExtensionChecks: true, + // The default key usage (ExtKeyUsageServerAuth) is not appropriate for + // an Attestation Key: ExtKeyUsage of + // - https://oidref.com/2.23.133.8.1 + // - https://oidref.com/2.23.133.8.3 + // https://pkg.go.dev/crypto/x509#VerifyOptions + KeyUsages: []x509.ExtKeyUsage{x509.ExtKeyUsage(x509.ExtKeyUsageAny)}, + } + if _, err := akCert.Verify(x509Opts); err != nil { + return fmt.Errorf("failed to verify certificate against trusted roots: %v", err) + } + return nil +} + +func checkHashAlgSupported(hash tpm2.Algorithm, opts VerifyOpts) error { + if hash == tpm2.AlgSHA1 && !opts.AllowSHA1 { + return fmt.Errorf("SHA-1 is not allowed for verification (set VerifyOpts.AllowSHA1 to true to allow)") + } + for _, alg := range supportedHashAlgs { + if hash == alg { + return nil + } + } + return fmt.Errorf("unsupported hash algorithm: %v", hash) +} + +// Retrieve the supported quotes in order of hash preference +func supportedQuotes(quotes []*tpmpb.Quote) []*tpmpb.Quote { + out := make([]*tpmpb.Quote, 0, len(quotes)) + for _, alg := range supportedHashAlgs { + for _, quote := range quotes { + if tpm2.Algorithm(quote.GetPcrs().GetHash()) == alg { + out = append(out, quote) + break + } + } + } + return out +} diff --git a/vendor/github.com/google/go-tpm-tools/server/verify_test.go b/vendor/github.com/google/go-tpm-tools/server/verify_test.go new file mode 100644 index 000000000..6937a7169 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/server/verify_test.go @@ -0,0 +1,553 @@ +package server + +import ( + "bytes" + "crypto" + "crypto/rand" + "crypto/rsa" + "crypto/sha256" + "fmt" + "io" + "strings" + "testing" + + "github.com/google/certificate-transparency-go/x509" + "github.com/google/go-cmp/cmp" + "github.com/google/go-tpm-tools/cel" + "github.com/google/go-tpm-tools/client" + "github.com/google/go-tpm-tools/internal" + "github.com/google/go-tpm-tools/internal/test" + attestpb "github.com/google/go-tpm-tools/proto/attest" + "github.com/google/go-tpm/tpm2" + "github.com/google/go-tpm/tpmutil" + "google.golang.org/protobuf/proto" + "google.golang.org/protobuf/testing/protocmp" +) + +func getDigestHash(input string) []byte { + inputDigestHash := sha256.New() + inputDigestHash.Write([]byte(input)) + return inputDigestHash.Sum(nil) +} + +func extendPCRsRandomly(rwc io.ReadWriteCloser, selpcr tpm2.PCRSelection) error { + var pcrExtendValue []byte + if selpcr.Hash == tpm2.AlgSHA256 { + pcrExtendValue = make([]byte, 32) + } else if selpcr.Hash == tpm2.AlgSHA1 { + pcrExtendValue = make([]byte, 20) + } + + for _, v := range selpcr.PCRs { + _, err := rand.Read(pcrExtendValue) + if err != nil { + return fmt.Errorf("random bytes read fail %v", err) + } + err = tpm2.PCRExtend(rwc, tpmutil.Handle(v), selpcr.Hash, pcrExtendValue, "") + if err != nil { + return fmt.Errorf("PCR extend fail %v", err) + } + } + return nil +} + +func TestVerifyHappyCases(t *testing.T) { + rwc := test.GetTPM(t) + defer client.CheckedClose(t, rwc) + + onePCR := []int{test.DebugPCR} + twoPCR := append(onePCR, test.ApplicationPCR) + dupePCR := append(twoPCR, twoPCR...) + + subtests := []struct { + name string + getKey func(io.ReadWriter) (*client.Key, error) + pcrHashAlgo tpm2.Algorithm + quotePCRList []int + extraData []byte + }{ + {"AK-RSA_SHA1_2PCRs_nonce", client.AttestationKeyRSA, tpm2.AlgSHA1, twoPCR, getDigestHash("test")}, + {"AK-RSA_SHA1_1PCR_nonce", client.AttestationKeyRSA, tpm2.AlgSHA1, onePCR, getDigestHash("t")}, + {"AK-RSA_SHA1_1PCR_no-nonce", client.AttestationKeyRSA, tpm2.AlgSHA1, onePCR, nil}, + {"AK-RSA_SHA256_2PCRs_nonce", client.AttestationKeyRSA, tpm2.AlgSHA256, twoPCR, getDigestHash("test")}, + {"AK-RSA_SHA256_2PCR_empty-nonce", client.AttestationKeyRSA, tpm2.AlgSHA256, twoPCR, []byte{}}, + {"AK-RSA_SHA256_dupePCrSel_nonce", client.AttestationKeyRSA, tpm2.AlgSHA256, dupePCR, getDigestHash("")}, + + {"AK-ECC_SHA1_2PCRs_nonce", client.AttestationKeyECC, tpm2.AlgSHA1, twoPCR, getDigestHash("test")}, + {"AK-ECC_SHA1_1PCR_nonce", client.AttestationKeyECC, tpm2.AlgSHA1, onePCR, getDigestHash("t")}, + {"AK-ECC_SHA1_1PCR_no-nonce", client.AttestationKeyECC, tpm2.AlgSHA1, onePCR, nil}, + {"AK-ECC_SHA256_2PCRs_nonce", client.AttestationKeyECC, tpm2.AlgSHA256, twoPCR, getDigestHash("test")}, + {"AK-ECC_SHA256_2PCR_empty-nonce", client.AttestationKeyECC, tpm2.AlgSHA256, twoPCR, []byte{}}, + {"AK-ECC_SHA256_dupePCrSel_nonce", client.AttestationKeyECC, tpm2.AlgSHA256, dupePCR, getDigestHash("")}, + } + for _, subtest := range subtests { + t.Run(subtest.name, func(t *testing.T) { + ak, err := subtest.getKey(rwc) + if err != nil { + t.Errorf("failed to generate AK: %v", err) + } + defer ak.Close() + + selpcr := tpm2.PCRSelection{ + Hash: subtest.pcrHashAlgo, + PCRs: subtest.quotePCRList, + } + err = extendPCRsRandomly(rwc, selpcr) + if err != nil { + t.Fatalf("failed to extend test PCRs: %v", err) + } + quote, err := ak.Quote(selpcr, subtest.extraData) + if err != nil { + t.Fatalf("failed to quote: %v", err) + } + err = internal.VerifyQuote(quote, ak.PublicKey(), subtest.extraData) + if err != nil { + t.Fatalf("failed to verify: %v", err) + } + }) + } +} + +func TestVerifyPCRChanged(t *testing.T) { + rwc := test.GetTPM(t) + defer client.CheckedClose(t, rwc) + + ak, err := client.AttestationKeyRSA(rwc) + if err != nil { + t.Errorf("failed to generate AK: %v", err) + } + defer ak.Close() + + selpcr := tpm2.PCRSelection{ + Hash: tpm2.AlgSHA256, + PCRs: []int{test.DebugPCR}, + } + err = extendPCRsRandomly(rwc, selpcr) + if err != nil { + t.Errorf("failed to extend test PCRs: %v", err) + } + nonce := getDigestHash("test") + quote, err := ak.Quote(selpcr, nonce) + if err != nil { + t.Error(err) + } + + // change the PCR value + err = extendPCRsRandomly(rwc, selpcr) + if err != nil { + t.Errorf("failed to extend test PCRs: %v", err) + } + + quote.Pcrs, err = client.ReadPCRs(rwc, selpcr) + if err != nil { + t.Errorf("failed to read PCRs: %v", err) + } + err = internal.VerifyQuote(quote, ak.PublicKey(), nonce) + if err == nil { + t.Errorf("Verify should fail as Verify read a modified PCR") + } +} + +func TestVerifyUsingDifferentPCR(t *testing.T) { + rwc := test.GetTPM(t) + defer client.CheckedClose(t, rwc) + + ak, err := client.AttestationKeyRSA(rwc) + if err != nil { + t.Errorf("failed to generate AK: %v", err) + } + defer ak.Close() + + err = extendPCRsRandomly(rwc, tpm2.PCRSelection{ + Hash: tpm2.AlgSHA256, + PCRs: []int{test.DebugPCR, test.ApplicationPCR}, + }) + if err != nil { + t.Errorf("failed to extend test PCRs: %v", err) + } + + nonce := getDigestHash("test") + quote, err := ak.Quote(tpm2.PCRSelection{ + Hash: tpm2.AlgSHA256, + PCRs: []int{test.DebugPCR}, + }, nonce) + if err != nil { + t.Error(err) + } + + quote.Pcrs, err = client.ReadPCRs(rwc, tpm2.PCRSelection{ + Hash: tpm2.AlgSHA256, + PCRs: []int{test.ApplicationPCR}, + }) + if err != nil { + t.Errorf("failed to read PCRs: %v", err) + } + err = internal.VerifyQuote(quote, ak.PublicKey(), nonce) + if err == nil { + t.Errorf("Verify should fail as Verify read a different PCR") + } +} + +func TestVerifyBasicAttestation(t *testing.T) { + rwc := test.GetTPM(t) + defer client.CheckedClose(t, rwc) + + ak, err := client.AttestationKeyRSA(rwc) + if err != nil { + t.Fatalf("failed to generate AK: %v", err) + } + defer ak.Close() + + nonce := []byte("super secret nonce") + attestation, err := ak.Attest(client.AttestOpts{Nonce: nonce}) + if err != nil { + t.Fatalf("failed to attest: %v", err) + } + + if _, err := VerifyAttestation(attestation, VerifyOpts{ + Nonce: nonce, + TrustedAKs: []crypto.PublicKey{ak.PublicKey()}, + }); err != nil { + t.Errorf("failed to verify: %v", err) + } + + if _, err := VerifyAttestation(attestation, VerifyOpts{ + Nonce: append(nonce, 0), + TrustedAKs: []crypto.PublicKey{ak.PublicKey()}, + }); err == nil { + t.Error("using the wrong nonce should make verification fail") + } + + if _, err := VerifyAttestation(attestation, VerifyOpts{ + Nonce: nonce, + }); err == nil { + t.Error("using no trusted AKs should make verification fail") + } + + priv, err := rsa.GenerateKey(rand.Reader, 2048) + if err != nil { + t.Fatal(err) + } + if _, err := VerifyAttestation(attestation, VerifyOpts{ + Nonce: nonce, + TrustedAKs: []crypto.PublicKey{priv.Public()}, + }); err == nil { + t.Error("using a random trusted AKs should make verification fail") + } +} + +func TestVerifySHA1Attestation(t *testing.T) { + rwc := test.GetTPM(t) + defer client.CheckedClose(t, rwc) + + ak, err := client.AttestationKeyRSA(rwc) + if err != nil { + t.Fatalf("failed to generate AK: %v", err) + } + defer ak.Close() + + nonce := []byte("super secret nonce") + attestation, err := ak.Attest(client.AttestOpts{Nonce: nonce}) + if err != nil { + t.Fatalf("failed to attest: %v", err) + } + + // We should get a SHA-256 state, even if we allow SHA-1 + opts := VerifyOpts{ + Nonce: nonce, + TrustedAKs: []crypto.PublicKey{ak.PublicKey()}, + AllowSHA1: true, + } + state, err := VerifyAttestation(attestation, opts) + if err != nil { + t.Errorf("failed to verify: %v", err) + } + h := tpm2.Algorithm(state.GetHash()) + if h != tpm2.AlgSHA256 { + t.Errorf("expected SHA-256 state, got: %v", h) + } + + // Now we mess up the SHA-256 state to force SHA-1 fallback + for _, quote := range attestation.GetQuotes() { + if tpm2.Algorithm(quote.GetPcrs().GetHash()) == tpm2.AlgSHA256 { + quote.Quote = nil + } + } + state, err = VerifyAttestation(attestation, opts) + if err != nil { + t.Errorf("failed to verify: %v", err) + } + h = tpm2.Algorithm(state.GetHash()) + if h != tpm2.AlgSHA1 { + t.Errorf("expected SHA-1 state, got: %v", h) + } + + // SHA-1 fallback can then be disabled + opts.AllowSHA1 = false + if _, err = VerifyAttestation(attestation, opts); err == nil { + t.Error("expected attestation to fail with only SHA-1") + } +} + +func TestVerifyAttestationWithCEL(t *testing.T) { + rwc := test.GetTPM(t) + defer client.CheckedClose(t, rwc) + + ak, err := client.AttestationKeyRSA(rwc) + if err != nil { + t.Fatalf("failed to generate AK: %v", err) + } + defer ak.Close() + + coscel := &cel.CEL{} + testEvents := []struct { + cosNestedEventType cel.CosType + pcr int + eventPayload []byte + }{ + {cel.ImageRefType, test.DebugPCR, []byte("docker.io/bazel/experimental/test:latest")}, + {cel.ImageDigestType, test.DebugPCR, []byte("sha256:781d8dfdd92118436bd914442c8339e653b83f6bf3c1a7a98efcfb7c4fed7483")}, + {cel.RestartPolicyType, test.DebugPCR, []byte(attestpb.RestartPolicy_Never.String())}, + {cel.ImageIDType, test.DebugPCR, []byte("sha256:5DF4A1AC347DCF8CF5E9D0ABC04B04DB847D1B88D3B1CC1006F0ACB68E5A1F4B")}, + {cel.EnvVarType, test.DebugPCR, []byte("foo=bar")}, + {cel.EnvVarType, test.DebugPCR, []byte("bar=baz")}, + {cel.EnvVarType, test.DebugPCR, []byte("baz=foo=bar")}, + {cel.EnvVarType, test.DebugPCR, []byte("empty=")}, + {cel.ArgType, test.DebugPCR, []byte("--x")}, + {cel.ArgType, test.DebugPCR, []byte("--y")}, + } + hashAlgoList := []crypto.Hash{crypto.SHA256, crypto.SHA1, crypto.SHA512} + for _, testEvent := range testEvents { + cos := cel.CosTlv{EventType: testEvent.cosNestedEventType, EventContent: testEvent.eventPayload} + if err := coscel.AppendEvent(rwc, testEvent.pcr, hashAlgoList, cos); err != nil { + t.Fatal(err) + } + } + + var buf bytes.Buffer + if err := coscel.EncodeCEL(&buf); err != nil { + t.Fatal(err) + } + + nonce := []byte("super secret nonce") + attestation, err := ak.Attest(client.AttestOpts{Nonce: nonce, CanonicalEventLog: buf.Bytes()}) + if err != nil { + t.Fatalf("failed to attest: %v", err) + } + + opts := VerifyOpts{ + Nonce: nonce, + TrustedAKs: []crypto.PublicKey{ak.PublicKey()}, + } + state, err := VerifyAttestation(attestation, opts) + if err != nil { + t.Fatalf("failed to verify: %v", err) + } + + expectedEnvVars := make(map[string]string) + expectedEnvVars["foo"] = "bar" + expectedEnvVars["bar"] = "baz" + expectedEnvVars["baz"] = "foo=bar" + expectedEnvVars["empty"] = "" + + want := attestpb.ContainerState{ + ImageReference: string(testEvents[0].eventPayload), + ImageDigest: string(testEvents[1].eventPayload), + RestartPolicy: attestpb.RestartPolicy_Never, + ImageId: string(testEvents[3].eventPayload), + EnvVars: expectedEnvVars, + Args: []string{string(testEvents[8].eventPayload), string(testEvents[9].eventPayload)}, + } + if diff := cmp.Diff(state.Cos.Container, &want, protocmp.Transform()); diff != "" { + t.Errorf("unexpected difference:\n%v", diff) + } +} + +func TestVerifyFailWithTamperedCELContent(t *testing.T) { + rwc := test.GetTPM(t) + defer client.CheckedClose(t, rwc) + + ak, err := client.AttestationKeyRSA(rwc) + if err != nil { + t.Fatalf("failed to generate AK: %v", err) + } + defer ak.Close() + + c := &cel.CEL{} + measuredHashes := []crypto.Hash{crypto.SHA256, crypto.SHA1, crypto.SHA512} + + cosEvent := cel.CosTlv{EventType: cel.ImageRefType, EventContent: []byte("docker.io/bazel/experimental/test:latest")} + cosEvent2 := cel.CosTlv{EventType: cel.ImageDigestType, EventContent: []byte("sha256:781d8dfdd92118436bd914442c8339e653b83f6bf3c1a7a98efcfb7c4fed7483")} + if err := c.AppendEvent(rwc, test.DebugPCR, measuredHashes, cosEvent); err != nil { + t.Fatalf("failed to append event: %v", err) + } + if err := c.AppendEvent(rwc, test.DebugPCR, measuredHashes, cosEvent2); err != nil { + t.Fatalf("failed to append event: %v", err) + } + + // modify the first record content, but not the record digest + modifiedRecord := cel.CosTlv{EventType: cel.ImageDigestType, EventContent: []byte("sha256:000000000000000000000000000000000000000000000000000000000000000")} + modifiedTLV, err := modifiedRecord.GetTLV() + if err != nil { + t.Fatal(err) + } + c.Records[0].Content = modifiedTLV + + var buf bytes.Buffer + if err := c.EncodeCEL(&buf); err != nil { + t.Fatal(err) + } + + nonce := []byte("super secret nonce") + attestation, err := ak.Attest(client.AttestOpts{Nonce: nonce, CanonicalEventLog: buf.Bytes()}) + if err != nil { + t.Fatalf("failed to attest: %v", err) + } + + opts := VerifyOpts{ + Nonce: nonce, + TrustedAKs: []crypto.PublicKey{ak.PublicKey()}, + } + if _, err := VerifyAttestation(attestation, opts); err == nil { + t.Fatalf("VerifyAttestation should fail due to modified content") + } else if !strings.Contains(err.Error(), "CEL record content digest verification failed") { + t.Fatalf("expect to get digest verification failed error, but got %v", err) + } +} + +func TestVerifyAttestationWithCerts(t *testing.T) { + tests := []struct { + name string + attestation []byte + nonce []byte + }{ + { + "no-nonce", + test.COS85NoNonce, + nil, + }, + { + "nonce-9009", + test.COS85Nonce9009, + []byte{0x90, 0x09}, + }, + } + for _, test := range tests { + t.Run(test.name, func(t *testing.T) { + attestBytes := test.attestation + att := &attestpb.Attestation{} + if err := proto.Unmarshal(attestBytes, att); err != nil { + t.Fatalf("failed to unmarshal attestation: %v", err) + } + + if _, err := VerifyAttestation(att, VerifyOpts{ + Nonce: test.nonce, + TrustedRootCerts: GceEKRoots, + IntermediateCerts: GceEKIntermediates, + }); err != nil { + t.Errorf("failed to VerifyAttestation with AKCert: %v", err) + } + }) + } +} + +func TestVerifyFailWithCertsAndPubkey(t *testing.T) { + att := &attestpb.Attestation{} + if err := proto.Unmarshal(test.COS85NoNonce, att); err != nil { + t.Fatalf("failed to unmarshal attestation: %v", err) + } + + priv, err := rsa.GenerateKey(rand.Reader, 2048) + if err != nil { + t.Fatal(err) + } + opts := VerifyOpts{ + Nonce: nil, + TrustedRootCerts: GceEKRoots, + IntermediateCerts: GceEKIntermediates, + TrustedAKs: []crypto.PublicKey{priv.Public()}, + } + if _, err := VerifyAttestation(att, opts); err == nil { + t.Error("Verified attestation even with multiple trust methods") + } +} + +func TestVerifyAttestationEmptyRootsIntermediates(t *testing.T) { + attestBytes := test.COS85NoNonce + att := &attestpb.Attestation{} + if err := proto.Unmarshal(attestBytes, att); err != nil { + t.Fatalf("failed to unmarshal attestation: %v", err) + } + + if _, err := VerifyAttestation(att, VerifyOpts{ + TrustedRootCerts: x509.NewCertPool(), + IntermediateCerts: x509.NewCertPool(), + }); err == nil { + t.Error("expected error when calling VerifyAttestation with empty roots and intermediates") + } + + if _, err := VerifyAttestation(att, VerifyOpts{}); err == nil { + t.Error("expected error when calling VerifyAttestation with empty VerifyOpts") + } +} + +func TestVerifyAttestationMissingRoots(t *testing.T) { + attestBytes := test.COS85NoNonce + att := &attestpb.Attestation{} + if err := proto.Unmarshal(attestBytes, att); err != nil { + t.Fatalf("failed to unmarshal attestation: %v", err) + } + + if _, err := VerifyAttestation(att, VerifyOpts{ + IntermediateCerts: GceEKIntermediates, + }); err == nil { + t.Error("expected error when calling VerifyAttestation with empty roots and intermediates") + } +} + +func TestVerifyAttestationMissingIntermediates(t *testing.T) { + attestBytes := test.COS85NoNonce + att := &attestpb.Attestation{} + if err := proto.Unmarshal(attestBytes, att); err != nil { + t.Fatalf("failed to unmarshal attestation: %v", err) + } + + if _, err := VerifyAttestation(att, VerifyOpts{ + TrustedRootCerts: GceEKRoots, + }); err == nil { + t.Error("expected error when calling VerifyAttestation with empty roots and intermediates") + } +} + +func TestVerifyMismatchedAKPubAndAKCert(t *testing.T) { + // Make sure that we fail verification if the AKPub and AKCert don't match + rwc := test.GetTPM(t) + defer client.CheckedClose(t, rwc) + + ak, err := client.AttestationKeyRSA(rwc) + if err != nil { + t.Fatalf("failed to generate AK: %v", err) + } + defer ak.Close() + + nonce := []byte{0x90, 0x09} + badAtt, err := ak.Attest(client.AttestOpts{Nonce: nonce}) + if err != nil { + t.Fatalf("failed to attest: %v", err) + } + // Copy "good" certificate into "bad" attestation + goodAtt := &attestpb.Attestation{} + if err := proto.Unmarshal(test.COS85Nonce9009, goodAtt); err != nil { + t.Fatalf("failed to unmarshal attestation: %v", err) + } + badAtt.AkCert = goodAtt.GetAkCert() + + opts := VerifyOpts{ + Nonce: nonce, + TrustedRootCerts: GceEKRoots, + IntermediateCerts: GceEKIntermediates, + } + if _, err := VerifyAttestation(badAtt, opts); err == nil { + t.Error("expected error when calling VerifyAttestation with mismatched public key and cert") + } +} diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/CONTRIBUTING.md b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/CONTRIBUTING.md new file mode 100644 index 000000000..e7ae53660 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/CONTRIBUTING.md @@ -0,0 +1,42 @@ +# Guidelines for reporting bugs: +Non-security-critical bugs can be filed on the Issues tracker: + +https://github.com/Microsoft/ms-tpm-20-ref/issues + +Security sensitive bugs should be reported to secure@microsoft.com + +# Guideline for submitting changes: + +This repository tracks official TPM Library Specification releases and errata from +the Trusted Computing Group: + +https://trustedcomputinggroup.org/tpm-library-specification/ + +All changes to core TPM logic, particularly changes to files in +TPMCmd/tpm and its subdirectories, must be approved by TCG voting +members.  Github pull requests may be used to propose changes, but changes +will not be incorporated without TCG member approval. + +Other changes (e.g. new files or changes to TPMCmd/Platform or TPMCmd/Simulator), +particularly to support new platforms, scenarios, build environments or +crypto-libraries, will be considered if they are expected to be widely useful. + +Contributors that wish to be involved in +the future evolution of the TPM specification and reference implementation +should consider joining the Trusted Computing Group.  Information about +membership and liaison programs is available at https://trustedcomputinggroup.org/membership/ + +# Contributing + +This project welcomes contributions and suggestions. Most contributions require you to +agree to a Contributor License Agreement (CLA) declaring that you have the right to, +and actually do, grant us the rights to use your contribution. For details, visit +https://cla.microsoft.com. + +When you submit a pull request, a CLA-bot will automatically determine whether you need +to provide a CLA and decorate the PR appropriately (e.g., label, comment). Simply follow the +instructions provided by the bot. You will only need to do this once across all repositories using our CLA. + +This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/). +For more information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) +or contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments. diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/LICENSE b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/LICENSE new file mode 100644 index 000000000..3dea085cf --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/LICENSE @@ -0,0 +1,17 @@ +Microsoft Reference Implementation for TPM 2.0 + +The copyright in this software is being made available under the BSD License, included below. This software may be subject to other third party and contributor rights, including patent rights, and no such rights are granted under this license. + +Copyright (c) Microsoft Corporation + +All rights reserved. + +BSD License + +Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: + +Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. + +Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/README.md b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/README.md new file mode 100644 index 000000000..bacd4bd88 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/README.md @@ -0,0 +1,49 @@ +# MS TPM 2.0 Reference Implementation # + +[![Build Status](https://travis-ci.org/Microsoft/ms-tpm-20-ref.svg?branch=master)](https://travis-ci.org/Microsoft/ms-tpm-20-ref) + +This is the official TCG reference implementation of the [TPM 2.0 Specification](https://trustedcomputinggroup.org/tpm-library-specification). The project contains complete source code of the reference implementation with a Microsoft Visual Studio solution and Linux autotools build scripts. + +See the definition of the `SPEC_VERSION`, `SPEC_YEAR` and `SPEC_DAY_OF_YEAR` values in the [TpmTypes.h](TPMCmd/tpm/include/TpmTypes.h) header for the exact revision/date of the TPM 2.0 specification, which the given source tree snapshot corresponds to. + +## Visual Studio build ## + +Before building the Visual Studio solution: + +1. Uncomment and update the definitions of the following macros in the [VendorString.h](TPMCmd/tpm/include/VendorString.h) header: + - MANUFACTURER + - VENDOR_STRING_1 + - FIRMWARE_V1 and FIRMWARE_V2 + +2. Setup the underlying cryptographic library: + +### OpenSSL library ### + +1. Create `TPMCmd/lib` folder and place a static OpenSSL library (`libeay32.lib` or `libcrypto.lib`) there. This may be either complete static library, or import library accompanying the corresponding DLL. In the latter case you'll need to copy the OpenSSL DLL into the standard Windows search path, so that it is available when you run the simulator executable (e.g. copy it into the same folder where simulator.exe is located). + + If you use `libcrypto.lib`, you'll need to either update `Linker|Input|Additional Dependencies` property of the Tpm project in the simulator solution or, alternatively, rename `libcrypto.lib` to `libeay32.lib`. + + Recommended version of OpenSSL is 1.0.2d or higher. + +2. Create `TPMCmd/OsslInclude/openssl` folder and copy there the contents of the `openssl/include/openssl` folder of the OpenSSL source tree used to build the static library used on the step 2). + +3. Build the solution with either Debug or Release as the active configuration. + +### Wolfcrypt library (wolfSSL) ### + +1. WolfSSL is included as a submodule. Initialize and update the submodule to fetch the project and checkout the appropriate commit. + + > git submodule init + > git submodule update + + The current commit will point the minimum recommended version of wolfSSL. Moving to a more recent tag or commit should also be supported but might not be tested. + +2. Build the solution with either WolfDebug or WolfRelease as the active configuration, either from inside the Visual Studio or with the following command line: + + > msbuild TPMCmd\simulator.sln /p:Configuration=WolfDebug + +## Linux build + +Follows the common `./bootstrap && ./configure && make` convention. + +Note that autotools scripts require the following prerequisite packages: `autoconf-archive`, `pkg-config`. Their absence is not automatically detected. The build also requires `libssl-dev` package to be installed. diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/Samples/Google/Clock.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/Samples/Google/Clock.c new file mode 100644 index 000000000..bb8e4bba0 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/Samples/Google/Clock.c @@ -0,0 +1,174 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD + * License, included below. This software may be subject to other third party + * and contributor rights, including patent rights, and no such rights are + * granted under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS + * IS"" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, + * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR + * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; + * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR + * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF + * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +//** Description +// +// This file contains the routines that are used by the simulator to mimic +// a hardware clock on a TPM. +// +// In this implementation, all the time values are measured in millisecond. +// However, the precision of the clock functions may be implementation +// dependent. + +#ifdef _WIN32 +#include +#include +#else +#include +#endif + +#include "PlatformData.h" +#include "Platform_fp.h" + +unsigned int s_adjustRate; +bool s_timerReset; + +clock64_t s_realTimePrevious; +clock64_t s_tpmTime; +clock64_t s_lastSystemTime; +clock64_t s_lastReportedTime; + +void _plat__TimerReset() { + s_lastSystemTime = 0; + s_tpmTime = 0; + s_adjustRate = CLOCK_NOMINAL; + s_timerReset = true; + return; +} + +static clock64_t _plat__RealTime() { +#ifdef _WIN32 // On Windows we might be using msvcrt, which only has _ftime. + struct _timeb sysTime; + _ftime_s(&sysTime); + return (clock64_t)(sysTime.time) * 1000 + sysTime.millitm; +#else + struct timespec systime; + clock_gettime(CLOCK_MONOTONIC, &systime); + return (clock64_t)systime.tv_sec * 1000 + (systime.tv_nsec / 1000000); +#endif +} + +uint64_t _plat__TimerRead() { + clock64_t timeDiff; + clock64_t adjustedTimeDiff; + clock64_t timeNow; + clock64_t readjustedTimeDiff; + + // This produces a timeNow that is basically locked to the system clock. + timeNow = _plat__RealTime(); + + // if this hasn't been initialized, initialize it + if (s_lastSystemTime == 0) { + s_lastSystemTime = timeNow; + s_lastReportedTime = 0; + s_realTimePrevious = 0; + } + // The system time can bounce around and that's OK as long as we don't allow + // time to go backwards. When the time does appear to go backwards, set + // lastSystemTime to be the new value and then update the reported time. + if (timeNow < s_lastReportedTime) s_lastSystemTime = timeNow; + s_lastReportedTime = s_lastReportedTime + timeNow - s_lastSystemTime; + s_lastSystemTime = timeNow; + timeNow = s_lastReportedTime; + + // The code above produces a timeNow that is similar to the value returned + // by Clock(). The difference is that timeNow does not max out, and it is + // at a ms. rate rather than at a CLOCKS_PER_SEC rate. The code below + // uses that value and does the rate adjustment on the time value. + // If there is no difference in time, then skip all the computations + if (s_realTimePrevious >= timeNow) return s_tpmTime; + // Compute the amount of time since the last update of the system clock + timeDiff = timeNow - s_realTimePrevious; + + // Do the time rate adjustment and conversion from CLOCKS_PER_SEC to mSec + adjustedTimeDiff = (timeDiff * CLOCK_NOMINAL) / ((uint64_t)s_adjustRate); + + // update the TPM time with the adjusted timeDiff + s_tpmTime += (clock64_t)adjustedTimeDiff; + + // Might have some rounding error that would loose CLOCKS. See what is not + // being used. As mentioned above, this could result in putting back more than + // is taken out. Here, we are trying to recreate timeDiff. + readjustedTimeDiff = + (adjustedTimeDiff * (uint64_t)s_adjustRate) / CLOCK_NOMINAL; + + // adjusted is now converted back to being the amount we should advance the + // previous sampled time. It should always be less than or equal to timeDiff. + // That is, we could not have use more time than we started with. + s_realTimePrevious = s_realTimePrevious + readjustedTimeDiff; + + return s_tpmTime; +} + +bool _plat__TimerWasReset() { + bool retVal = s_timerReset; + s_timerReset = false; + return retVal; +} + +void _plat__ClockAdjustRate(int adjust) { + // We expect the caller should only use a fixed set of constant values to + // adjust the rate + switch (adjust) { + case CLOCK_ADJUST_COARSE: + s_adjustRate += CLOCK_ADJUST_COARSE; + break; + case -CLOCK_ADJUST_COARSE: + s_adjustRate -= CLOCK_ADJUST_COARSE; + break; + case CLOCK_ADJUST_MEDIUM: + s_adjustRate += CLOCK_ADJUST_MEDIUM; + break; + case -CLOCK_ADJUST_MEDIUM: + s_adjustRate -= CLOCK_ADJUST_MEDIUM; + break; + case CLOCK_ADJUST_FINE: + s_adjustRate += CLOCK_ADJUST_FINE; + break; + case -CLOCK_ADJUST_FINE: + s_adjustRate -= CLOCK_ADJUST_FINE; + break; + default: + // ignore any other values; + break; + } + + if (s_adjustRate > (CLOCK_NOMINAL + CLOCK_ADJUST_LIMIT)) + s_adjustRate = CLOCK_NOMINAL + CLOCK_ADJUST_LIMIT; + if (s_adjustRate < (CLOCK_NOMINAL - CLOCK_ADJUST_LIMIT)) + s_adjustRate = CLOCK_NOMINAL - CLOCK_ADJUST_LIMIT; + + return; +} diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/Samples/Google/Entropy.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/Samples/Google/Entropy.c new file mode 100644 index 000000000..ecaba7950 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/Samples/Google/Entropy.c @@ -0,0 +1,11 @@ +#include + +#include "Platform_fp.h" + +// We get entropy from OpenSSL which gets its entropy from the OS. +int32_t _plat__GetEntropy(uint8_t *entropy, uint32_t amount) { + if (RAND_bytes(entropy, amount) != 1) { + return -1; + } + return amount; +} diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/Samples/Google/NVMem.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/Samples/Google/NVMem.c new file mode 100644 index 000000000..baac11b82 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/Samples/Google/NVMem.c @@ -0,0 +1,81 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD + * License, included below. This software may be subject to other third party + * and contributor rights, including patent rights, and no such rights are + * granted under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS + * IS"" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, + * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR + * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; + * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR + * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF + * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +//** Description +// +// This file contains the NV read and write access methods. This +// implementation uses RAM/file and does not manage the RAM/file as NV +// blocks. The implementation may become more sophisticated over time. +// + +#include +#include + +#include "PlatformData.h" +#include "Platform_fp.h" + +unsigned char s_NV[NV_MEMORY_SIZE]; + +void _plat__NvMemoryRead(unsigned int start, unsigned int size, void *data) { + assert(start + size <= NV_MEMORY_SIZE); + memcpy(data, &s_NV[start], size); + return; +} + +int _plat__NvIsDifferent(unsigned int start, unsigned int size, void *data) { + return (memcmp(&s_NV[start], data, size) != 0); +} + +bool _plat__NvMemoryWrite(unsigned int start, unsigned int size, void *data) { + if (start + size <= NV_MEMORY_SIZE) { + memcpy(&s_NV[start], data, size); + return true; + } + return false; +} + +void _plat__NvMemoryClear(unsigned int start, unsigned int size) { + assert(start + size <= NV_MEMORY_SIZE); + // In this implementation, assume that the erase value for NV is all 1s + memset(&s_NV[start], 0xff, size); +} + +void _plat__NvMemoryMove(unsigned int sourceOffset, unsigned int destOffset, + unsigned int size) { + assert(sourceOffset + size <= NV_MEMORY_SIZE); + assert(destOffset + size <= NV_MEMORY_SIZE); + memmove(&s_NV[destOffset], &s_NV[sourceOffset], size); + return; +} diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/Samples/Google/Platform.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/Samples/Google/Platform.h new file mode 100644 index 000000000..b71713a7a --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/Samples/Google/Platform.h @@ -0,0 +1,71 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD + * License, included below. This software may be subject to other third party + * and contributor rights, including patent rights, and no such rights are + * granted under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS + * IS"" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, + * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR + * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; + * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR + * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF + * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +// External interface to the vTPM + +#ifndef _PLATFORM_H_ +#define _PLATFORM_H_ + +#ifdef __cplusplus +extern "C" { +#endif + +#include +#include + +//***_plat__RunCommand() +// This version of RunCommand will set up a jum_buf and call ExecuteCommand(). +// If the command executes without failing, it will return and RunCommand will +// return. If there is a failure in the command, then _plat__Fail() is called +// and it will longjump back to RunCommand which will call ExecuteCommand again. +// However, this time, the TPM will be in failure mode so ExecuteCommand will +// simply build a failure response and return. +void _plat__RunCommand(uint32_t requestSize, // IN: command buffer size + unsigned char *request, // IN: command buffer + uint32_t *responseSize, // IN/OUT: response buffer size + unsigned char **response // IN/OUT: response buffer +); + +//*** _plat_Reset() +// Reset the TPM. This should always be called before _plat__RunCommand. The +// first time this function is called, the TPM will be manufactured. Pass true +// for forceManufacture to perfrom a manufacturer reset. +void _plat__Reset(bool forceManufacture); + +#ifdef __cplusplus +} +#endif + +#endif // _PLATFORM_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/Samples/Google/PlatformData.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/Samples/Google/PlatformData.h new file mode 100644 index 000000000..4d9a276d5 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/Samples/Google/PlatformData.h @@ -0,0 +1,86 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD + * License, included below. This software may be subject to other third party + * and contributor rights, including patent rights, and no such rights are + * granted under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS + * IS"" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, + * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR + * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; + * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR + * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF + * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +// This file contains the instance data for the Platform module. It is collected +// in this file so that the state of the module is easier to manage. + +#ifndef _PLATFORM_DATA_H_ +#define _PLATFORM_DATA_H_ + +#include +#include + +#include "TpmProfile.h" // For NV_MEMORY_SIZE + +typedef uint64_t clock64_t; +// This is the value returned the last time that the system clock was read. This +// is only relevant for a simulator or virtual TPM. +extern clock64_t s_realTimePrevious; + +// These values are used to try to synthesize a long lived version of clock(). +extern clock64_t s_lastSystemTime; +extern clock64_t s_lastReportedTime; + +// This is the rate adjusted value that is the equivalent of what would be read +// from a hardware register that produced rate adjusted time. +extern clock64_t s_tpmTime; + +// This value indicates that the timer was reset +extern bool s_timerReset; +// This variable records the timer adjustment factor. +extern unsigned int s_adjustRate; + +// CLOCK_NOMINAL is the number of hardware ticks per mS. A value of 300000 means +// that the nominal clock rate used to drive the hardware clock is 30 MHz. The +// adjustment rates are used to determine the conversion of the hardware ticks +// to internal hardware clock value. In practice, we would expect that there +// would be a hardware register with accumulated mS. It would be incremented by +// the output of a prescaler. The prescaler would divide the ticks from the +// clock by some value that would compensate for the difference between clock +// time and real time. The code in Clock does the emulation of this function. +#define CLOCK_NOMINAL 30000 +// A 1% change in rate is 300 counts +#define CLOCK_ADJUST_COARSE 300 +// A 0.1% change in rate is 30 counts +#define CLOCK_ADJUST_MEDIUM 30 +// A minimum change in rate is 1 count +#define CLOCK_ADJUST_FINE 1 +// The clock tolerance is +/-15% (4500 counts) +// Allow some guard band (16.7%) +#define CLOCK_ADJUST_LIMIT 5000 + +extern unsigned char s_NV[NV_MEMORY_SIZE]; + +#endif // _PLATFORM_DATA_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/Samples/Google/Platform_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/Samples/Google/Platform_fp.h new file mode 100644 index 000000000..e8d63d242 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/Samples/Google/Platform_fp.h @@ -0,0 +1,197 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD + * License, included below. This software may be subject to other third party + * and contributor rights, including patent rights, and no such rights are + * granted under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS + * IS"" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, + * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR + * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; + * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR + * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF + * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +// Platform functions used by libtpm + +#ifndef _PLATFORM_FP_H_ +#define _PLATFORM_FP_H_ + +#include +#include + +//***_plat__IsCanceled() +// We opt to not support cancellation, so always return false. +// Return values: +// true(1) if cancel flag is set +// false(0) if cancel flag is not set +static inline int _plat__IsCanceled() { return false; } + +//***_plat__TimerReset() +// This function sets current system clock time as t0 for counting TPM time. +// This function is called at a power on event to reset the clock. When the +// clock is reset, the indication that the clock was stopped is also set. +void _plat__TimerReset(); + +//***_plat__TimerRead() +// This function provides access to the tick timer of the platform. The TPM code +// uses this value to drive the TPM Clock. +// +// The tick timer is supposed to run when power is applied to the device. This +// timer should not be reset by time events including _TPM_Init. It should only +// be reset when TPM power is re-applied. +// +// If the TPM is run in a protected environment, that environment may provide +// the tick time to the TPM as long as the time provided by the environment is +// not allowed to go backwards. If the time provided by the system can go +// backwards during a power discontinuity, then the _plat__Signal_PowerOn should +// call _plat__TimerReset(). +uint64_t _plat__TimerRead(); + +//*** _plat__TimerWasReset() +// This function is used to interrogate the flag indicating if the tick timer +// has been reset. +// +// If the resetFlag parameter is SET, then the flag will be CLEAR before the +// function returns. +bool _plat__TimerWasReset(); + +//*** _plat__TimerWasStopped() +// As we have CLOCK_STOPS=NO, we will only stop our timer on resets. +static inline bool _plat__TimerWasStopped() { return _plat__TimerWasReset(); } + +//***_plat__ClockAdjustRate() +// Adjust the clock rate +// IN: the adjust number. It could be positive or negative +void _plat__ClockAdjustRate(int adjust); + +//*** _plat__GetEntropy() +// This function is used to get available hardware entropy. In a hardware +// implementation of this function, there would be no call to the system +// to get entropy. +// Return values: +// < 0 hardware failure of the entropy generator, this is sticky +// >= 0 the returned amount of entropy (bytes) +int32_t _plat__GetEntropy(uint8_t *entropy, // output buffer + uint32_t amount // amount requested +); + +//***_plat__LocalityGet() +// We do not support non-zero localities, so just always return 0. +static inline uint8_t _plat__LocalityGet() { return 0; } + +//***_plat__NVEnable() +// As we just hold the NV data in memory, always return success. +// Return values: +// 0 if success +// > 0 if receive recoverable error +// < 0 if unrecoverable error +static inline int _plat__NVEnable(void *platParameter) { + (void)(platParameter); + return 0; +}; + +//***_plat__IsNvAvailable() +// Our NV Data is always available and has no write limits. +// Return values: +// 0 NV is available +// 1 NV is not available due to write failure +// 2 NV is not available due to rate limit +static inline int _plat__IsNvAvailable() { return 0; } + +//***_plat__NvMemoryRead() +// Function: Read a chunk of NV memory +void _plat__NvMemoryRead(unsigned int startOffset, // IN: read start + unsigned int size, // IN: size of bytes to read + void *data // OUT: data buffer +); + +//*** _plat__NvIsDifferent() +// This function checks to see if the NV is different from the test value. This +// is so that NV will not be written if it has not changed. +// Return Type: int +// TRUE(1) the NV location is different from the test value +// FALSE(0) the NV location is the same as the test value +int _plat__NvIsDifferent(unsigned int startOffset, // IN: read start + unsigned int size, // IN: size of bytes to read + void *data // IN: data buffer +); + +//***_plat__NvMemoryWrite() +// This function is used to update NV memory. The "write" is to a memory copy of +// NV. At the end of the current command, any changes are written to +// the actual NV memory. +// NOTE: A useful optimization would be for this code to compare the current +// contents of NV with the local copy and note the blocks that have changed. +// Then only write those blocks when _plat__NvCommit() is called. +bool _plat__NvMemoryWrite(unsigned int startOffset, // IN: write start + unsigned int size, // IN: size of bytes to write + void *data // OUT: data buffer +); + +//***_plat__NvMemoryClear() +// Function is used to set a range of NV memory bytes to an implementation- +// dependent value. The value represents the erase state of the memory. +void _plat__NvMemoryClear(unsigned int start, // IN: clear start + unsigned int size // IN: number of bytes to clear +); + +//***_plat__NvMemoryMove() +// Function: Move a chunk of NV memory from source to destination +// This function should ensure that if there overlap, the original data is +// copied before it is written +void _plat__NvMemoryMove(unsigned int sourceOffset, // IN: source offset + unsigned int destOffset, // IN: destination offset + unsigned int size // IN: size of data being moved +); + +//***_plat__NvCommit() +// Our NV Data is just in memory, so "committing" it is a no-op. +// Return values: +// 0 NV write success +// != 0 NV write fail +static inline int _plat__NvCommit() { return 0; } + +//*** _plat__WasPowerLost() +// Test whether power was lost before a _TPM_Init. As we use in-memory NV Data, +// there's no reason to to not do the power-loss activities on every _TPM_Init. +// Return values: +// true(1) power was lost +// false(0) power was not lost +static inline int _plat__WasPowerLost() { return true; } + +//** From PPPlat.c + +//***_plat__PhysicalPresenceAsserted() +// Our vTPM has no way to assert physical presence, so we always return true. +// Return values: +// true(1) if physical presence is signaled +// false(0) if physical presence is not signaled +static inline int _plat__PhysicalPresenceAsserted() { return true; } + +//***_plat__Fail() +// This is the platform depended failure exit for the TPM. +_Noreturn void _plat__Fail(); + +#endif // _PLATFORM_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/Samples/Google/Run.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/Samples/Google/Run.c new file mode 100644 index 000000000..044dc043d --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/Samples/Google/Run.c @@ -0,0 +1,78 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD + * License, included below. This software may be subject to other third party + * and contributor rights, including patent rights, and no such rights are + * granted under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS + * IS"" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, + * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR + * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; + * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR + * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF + * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +//**Introduction +// This module provides the platform specific entry and fail processing. The +// _plat__RunCommand() function is used to call to ExecuteCommand() in the TPM +// code. This function does whatever processing is necessary to set up the +// platform in anticipation of the call to the TPM including settup for error +// processing. +// +// The _plat__Fail() function is called when there is a failure in the TPM. The +// TPM code will have set the flag to indicate that the TPM is in failure mode. +// This call will then recursively call ExecuteCommand in order to build the +// failure mode response. When ExecuteCommand() returns to _plat__Fail(), the +// platform will do some platform specif operation to return to the environment +// in which the TPM is executing. For a simulator, setjmp/longjmp is used. For +// an OS, a system exit to the OS would be appropriate. + +#include + +#include "CompilerDependencies.h" +#include "ExecCommand_fp.h" +#include "Manufacture_fp.h" +#include "Platform.h" +#include "Platform_fp.h" +#include "_TPM_Init_fp.h" + +jmp_buf s_jumpBuffer; + +void _plat__RunCommand(uint32_t requestSize, unsigned char *request, + uint32_t *responseSize, unsigned char **response) { + setjmp(s_jumpBuffer); + ExecuteCommand(requestSize, request, responseSize, response); +} + +_Noreturn void _plat__Fail(void) { longjmp(&s_jumpBuffer[0], 1); } + +void _plat__Reset(bool forceManufacture) { + // We ignore errors, as we don't care if the TPM has been Manufactured before. + if (forceManufacture) { + TPM_TearDown(); + } + TPM_Manufacture(0); + _plat__TimerReset(); + _TPM_Init(); +} diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/Makefile.am b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/Makefile.am new file mode 100644 index 000000000..1df7a5e2c --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/Makefile.am @@ -0,0 +1,62 @@ +## The copyright in this software is being made available under the BSD License, +## included below. This software may be subject to other third party and +## contributor rights, including patent rights, and no such rights are granted +## under this license. +## +## Copyright (c) Intel Corporation +## +## All rights reserved. +## +## BSD License +## +## Redistribution and use in source and binary forms, with or without modification, +## are permitted provided that the following conditions are met: +## +## Redistributions of source code must retain the above copyright notice, this list +## of conditions and the following disclaimer. +## +## Redistributions in binary form must reproduce the above copyright notice, this +## list of conditions and the following disclaimer in the documentation and/or +## other materials provided with the distribution. +## +## THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" +## AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +## IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +## DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR +## ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +## (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +## LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON +## ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +## (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +## SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +include src.mk + +PLATFORM_INC = -I $(srcdir)/Platform/include \ + -I $(srcdir)/Platform/include/prototypes +SIMULATOR_INC = -I $(srcdir)/Simulator/include \ + -I $(srcdir)/Simulator/include/prototypes +TPM_INC = -I $(srcdir)/tpm/include \ + -I $(srcdir)/tpm/include/prototypes + +libplatform = Platform/src/libplatform.a +libtpm = tpm/src/libtpm.a +tpm2_simulator = Simulator/src/tpm2-simulator + +bin_PROGRAMS = $(tpm2_simulator) +noinst_LIBRARIES = $(libplatform) $(libtpm) + +Platform_src_libplatform_a_CFLAGS = $(EXTRA_CFLAGS) $(PLATFORM_INC) $(TPM_INC) +Platform_src_libplatform_a_SOURCES = $(PLATFORM_C) $(PLATFORM_H) + +Simulator_src_tpm2_simulator_CFLAGS = $(EXTRA_CFLAGS) $(PLATFORM_INC) \ + $(TPM_INC) $(SIMULATOR_INC) $(LIBCRYPTO_CFLAGS) $(PTHREAD_CFLAGS) +# the weird / duplicate static library is necessary for dealing with the +# circular dependency beetween libplatform and libtpm +Simulator_src_tpm2_simulator_LDADD = $(libplatform) $(libtpm) \ + $(libplatform) $(LIBCRYPTO_LIBS) $(PTHREAD_LIBS) @ADDITIONAL_LIBS@ +Simulator_src_tpm2_simulator_SOURCES = $(SIMULATOR_C) $(SIMULATOR_H) + +tpm_src_libtpm_a_CFLAGS = $(EXTRA_CFLAGS) $(PLATFORM_INC) $(TPM_INC) \ + $(LIBCRYPTO_CFLAGS) +tpm_src_libtpm_a_SOURCES = $(TPM_C) $(TPM_H) $(PLATFORM_H) diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/configure.ac b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/configure.ac new file mode 100644 index 000000000..58a74b416 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/configure.ac @@ -0,0 +1,89 @@ +dnl The copyright in this software is being made available under the BSD License, +dnl included below. This software may be subject to other third party and +dnl contributor rights, including patent rights, and no such rights are granted +dnl under this license. +dnl +dnl Copyright (c) Intel Corporation +dnl +dnl All rights reserved. +dnl +dnl BSD License +dnl +dnl Redistribution and use in source and binary forms, with or without modification, +dnl are permitted provided that the following conditions are met: +dnl +dnl Redistributions of source code must retain the above copyright notice, this list +dnl of conditions and the following disclaimer. +dnl +dnl Redistributions in binary form must reproduce the above copyright notice, this +dnl list of conditions and the following disclaimer in the documentation and/or +dnl other materials provided with the distribution. +dnl +dnl THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" +dnl AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +dnl IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +dnl DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR +dnl ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +dnl (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +dnl LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON +dnl ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +dnl (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +dnl SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +AC_INIT([ms-tpm-20-ref], + [0.1], + [https://github.com/microsoft/ms-tpm-20-ref/issues], + [], + [https://github.com/microsoft/ms-tpm-20-ref]) +AC_CONFIG_MACRO_DIR([.]) +AC_PROG_CC +AC_PROG_LN_S +AC_PROG_RANLIB +AM_INIT_AUTOMAKE([foreign subdir-objects]) +AC_CONFIG_FILES([Makefile]) +AC_SUBST([DISTCHECK_CONFIGURE_FLAGS],[$ac_configure_args]) + +dnl By enabling this feature tpm simulator gets seeds derived from hardware parameters. +dnl It is enabled only for linux devices. +dnl Note that the seeds are not derived from secure hardware source. + +AC_ARG_ENABLE(usedeviceid, + AS_HELP_STRING([--enable-usedeviceid], + [tpm simulator get seeds derived from hardware parameters. Seeds are not derived from secure hardware source.])) + +PKG_CHECK_MODULES([LIBCRYPTO], [libcrypto]) +AS_IF([test "x$enable_usedeviceid" = "xyes"], [ + PKG_CHECK_MODULES([LIBUDEV], [libudev]) + [ADDITIONAL_LIBS="-ludev"] +]) +AX_PTHREAD([], [AC_MSG_ERROR([requires pthread])]) + +AC_DEFINE([HASH_LIB], [Ossl], [Crypto lib for hash algorithms]) +AC_DEFINE([SYM_LIB], [Ossl], [Crypto lib for symmetric encryption algorithms]) +AC_DEFINE([MATH_LIB], [Ossl], [Crypto lib for bignum operations]) + +ADD_COMPILER_FLAG([-std=gnu11]) +ADD_COMPILER_FLAG([-Werror]) +ADD_COMPILER_FLAG([-Wall]) +ADD_COMPILER_FLAG([-Wformat-security]) +ADD_COMPILER_FLAG([-fstack-protector-all]) +ADD_COMPILER_FLAG([-fPIC]) +ADD_COMPILER_FLAG([-Wno-error=empty-body]) +ADD_COMPILER_FLAG([-Wno-error=expansion-to-defined]) +ADD_COMPILER_FLAG([-Wno-error=parentheses]) +ADD_COMPILER_FLAG([-Wno-error=pointer-to-int-cast]) +ADD_COMPILER_FLAG([-Wno-error=missing-braces]) +ADD_COMPILER_FLAG([-Wno-error=unused-result]) + +AS_IF([test "x$enable_usedeviceid" = "xyes"], [ + ADD_COMPILER_FLAG([-DNDEBUG]) + ADD_COMPILER_FLAG([-g]) + ADD_COMPILER_FLAG([-DUSE_PLATFORM_EPS]) + AC_SUBST(ADDITIONAL_LIBS) +]) +ADD_LINK_FLAG([-Wl,--no-undefined]) +ADD_LINK_FLAG([-Wl,-z,noexecstack]) +ADD_LINK_FLAG([-Wl,-z,now]) +ADD_LINK_FLAG([-Wl,-z,relro]) + +AC_OUTPUT diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/flags.m4 b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/flags.m4 new file mode 100644 index 000000000..286c10bfa --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/flags.m4 @@ -0,0 +1,84 @@ +dnl The copyright in this software is being made available under the BSD License, +dnl included below. This software may be subject to other third party and +dnl contributor rights, including patent rights, and no such rights are granted +dnl under this license. +dnl +dnl Copyright (c) Intel Corporation +dnl +dnl All rights reserved. +dnl +dnl BSD License +dnl +dnl Redistribution and use in source and binary forms, with or without modification, +dnl are permitted provided that the following conditions are met: +dnl +dnl Redistributions of source code must retain the above copyright notice, this list +dnl of conditions and the following disclaimer. +dnl +dnl Redistributions in binary form must reproduce the above copyright notice, this +dnl list of conditions and the following disclaimer in the documentation and/or +dnl other materials provided with the distribution. +dnl +dnl THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" +dnl AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +dnl IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +dnl DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR +dnl ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +dnl (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +dnl LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON +dnl ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +dnl (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +dnl SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +dnl ADD_COMPILER_FLAG: +dnl A macro to add a CFLAG to the EXTRA_CFLAGS variable. This macro will +dnl check to be sure the compiler supprts the flag. Flags can be made +dnl mandatory (configure will fail). +dnl $1: C compiler flag to add to EXTRA_CFLAGS. +dnl $2: Set to "required" to cause configure failure if flag not supported.. +AC_DEFUN([ADD_COMPILER_FLAG],[ + AX_CHECK_COMPILE_FLAG([$1],[ + EXTRA_CFLAGS="$EXTRA_CFLAGS $1" + AC_SUBST([EXTRA_CFLAGS])],[ + AS_IF([test x$2 != xrequired],[ + AC_MSG_WARN([Optional CFLAG "$1" not supported by your compiler, continuing.])],[ + AC_MSG_ERROR([Required CFLAG "$1" not supported by your compiler, aborting.])] + )],[ + -Wall -Werror] + )] +) +dnl ADD_PREPROC_FLAG: +dnl Add the provided preprocessor flag to the EXTRA_CFLAGS variable. This +dnl macro will check to be sure the preprocessor supports the flag. +dnl The flag can be made mandatory by provideing the string 'required' as +dnl the second parameter. +dnl $1: Preprocessor flag to add to EXTRA_CFLAGS. +dnl $2: Set to "required" t ocause configure failure if preprocesor flag +dnl is not supported. +AC_DEFUN([ADD_PREPROC_FLAG],[ + AX_CHECK_PREPROC_FLAG([$1],[ + EXTRA_CFLAGS="$EXTRA_CFLAGS $1" + AC_SUBST([EXTRA_CFLAGS])],[ + AS_IF([test x$2 != xrequired],[ + AC_MSG_WARN([Optional preprocessor flag "$1" not supported by your compiler, continuing.])],[ + AC_MSG_ERROR([Required preprocessor flag "$1" not supported by your compiler, aborting.])] + )],[ + -Wall -Werror] + )] +) +dnl ADD_LINK_FLAG: +dnl A macro to add a LDLAG to the EXTRA_LDFLAGS variable. This macro will +dnl check to be sure the linker supprts the flag. Flags can be made +dnl mandatory (configure will fail). +dnl $1: linker flag to add to EXTRA_LDFLAGS. +dnl $2: Set to "required" to cause configure failure if flag not supported. +AC_DEFUN([ADD_LINK_FLAG],[ + AX_CHECK_LINK_FLAG([$1],[ + EXTRA_LDFLAGS="$EXTRA_LDFLAGS $1" + AC_SUBST([EXTRA_LDFLAGS])],[ + AS_IF([test x$2 != xrequired],[ + AC_MSG_WARN([Optional LDFLAG "$1" not supported by your linker, continuing.])],[ + AC_MSG_ERROR([Required LDFLAG "$1" not supported by your linker, aborting.])] + )] + )] +) diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/BaseTypes.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/BaseTypes.h new file mode 100644 index 000000000..afcfef974 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/BaseTypes.h @@ -0,0 +1,60 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.2 Feb 22, 2019 + * Date: Mar 20, 2019 Time: 08:27:26PM + */ + +#ifndef _BASE_TYPES_H_ +#define _BASE_TYPES_H_ + +// NULL definition +#ifndef NULL +#define NULL (0) +#endif + +typedef uint8_t UINT8; +typedef uint8_t BYTE; +typedef int8_t INT8; +typedef int BOOL; +typedef uint16_t UINT16; +typedef int16_t INT16; +typedef uint32_t UINT32; +typedef int32_t INT32; +typedef uint64_t UINT64; +typedef int64_t INT64; + + +#endif // _BASE_TYPES_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/BnValues.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/BnValues.h new file mode 100644 index 000000000..bb3fe3fa9 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/BnValues.h @@ -0,0 +1,320 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +//** Introduction + +// This file contains the definitions needed for defining the internal BIGNUM +// structure. + +// A BIGNUM is a pointer to a structure. The structure has three fields. The +// last field is and array (d) of crypt_uword_t. Each word is in machine format +// (big- or little-endian) with the words in ascending significance (i.e. words +// in little-endian order). This is the order that seems to be used in every +// big number library in the worlds, so... +// +// The first field in the structure (allocated) is the number of words in 'd'. +// This is the upper limit on the size of the number that can be held in the +// structure. This differs from libraries like OpenSSL as this is not intended +// to deal with numbers of arbitrary size; just numbers that are needed to deal +// with the algorithms that are defined in the TPM implementation. +// +// The second field in the structure (size) is the number of significant words +// in 'n'. When this number is zero, the number is zero. The word at used-1 should +// never be zero. All words between d[size] and d[allocated-1] should be zero. + +//** Defines + +#ifndef _BN_NUMBERS_H +#define _BN_NUMBERS_H + +#if RADIX_BITS == 64 +# define RADIX_LOG2 6 +#elif RADIX_BITS == 32 +#define RADIX_LOG2 5 +#else +# error "Unsupported radix" +#endif + +#define RADIX_MOD(x) ((x) & ((1 << RADIX_LOG2) - 1)) +#define RADIX_DIV(x) ((x) >> RADIX_LOG2) +#define RADIX_MASK ((((crypt_uword_t)1) << RADIX_LOG2) - 1) + +#define BITS_TO_CRYPT_WORDS(bits) RADIX_DIV((bits) + (RADIX_BITS - 1)) +#define BYTES_TO_CRYPT_WORDS(bytes) BITS_TO_CRYPT_WORDS(bytes * 8) +#define SIZE_IN_CRYPT_WORDS(thing) BYTES_TO_CRYPT_WORDS(sizeof(thing)) + +#if RADIX_BITS == 64 +#define SWAP_CRYPT_WORD(x) REVERSE_ENDIAN_64(x) + typedef uint64_t crypt_uword_t; + typedef int64_t crypt_word_t; +# define TO_CRYPT_WORD_64 BIG_ENDIAN_BYTES_TO_UINT64 +# define TO_CRYPT_WORD_32(a, b, c, d) TO_CRYPT_WORD_64(0, 0, 0, 0, a, b, c, d) +#elif RADIX_BITS == 32 +# define SWAP_CRYPT_WORD(x) REVERSE_ENDIAN_32((x)) + typedef uint32_t crypt_uword_t; + typedef int32_t crypt_word_t; +# define TO_CRYPT_WORD_64(a, b, c, d, e, f, g, h) \ + BIG_ENDIAN_BYTES_TO_UINT32(e, f, g, h), \ + BIG_ENDIAN_BYTES_TO_UINT32(a, b, c, d) +#endif + +#define MAX_CRYPT_UWORD (~((crypt_uword_t)0)) +#define MAX_CRYPT_WORD ((crypt_word_t)(MAX_CRYPT_UWORD >> 1)) +#define MIN_CRYPT_WORD (~MAX_CRYPT_WORD) + +#define LARGEST_NUMBER (MAX((ALG_RSA * MAX_RSA_KEY_BYTES), \ + MAX((ALG_ECC * MAX_ECC_KEY_BYTES), MAX_DIGEST_SIZE))) +#define LARGEST_NUMBER_BITS (LARGEST_NUMBER * 8) + +#define MAX_ECC_PARAMETER_BYTES (MAX_ECC_KEY_BYTES * ALG_ECC) + +// These are the basic big number formats. This is convertible to the library- +// specific format without to much difficulty. For the math performed using +// these numbers, the value is always positive. +#define BN_STRUCT_DEF(count) struct { \ + crypt_uword_t allocated; \ + crypt_uword_t size; \ + crypt_uword_t d[count]; \ + } + +typedef BN_STRUCT_DEF(1) bignum_t; +#ifndef bigNum +typedef bignum_t *bigNum; +typedef const bignum_t *bigConst; +#endif + +extern const bignum_t BnConstZero; + +// The Functions to access the properties of a big number. +// Get number of allocated words +#define BnGetAllocated(x) (unsigned)((x)->allocated) + +// Get number of words used +#define BnGetSize(x) ((x)->size) + +// Get a pointer to the data array +#define BnGetArray(x) ((crypt_uword_t *)&((x)->d[0])) + +// Get the nth word of a BIGNUM (zero-based) +#define BnGetWord(x, i) (crypt_uword_t)((x)->d[i]) + +// Some things that are done often. + +// Test to see if a bignum_t is equal to zero +#define BnEqualZero(bn) (BnGetSize(bn) == 0) + +// Test to see if a bignum_t is equal to a word type +#define BnEqualWord(bn, word) \ + ((BnGetSize(bn) == 1) && (BnGetWord(bn, 0) == (crypt_uword_t)word)) + +// Determine if a BIGNUM is even. A zero is even. Although the +// indication that a number is zero is that it's size is zero, +// all words of the number are 0 so this test works on zero. +#define BnIsEven(n) ((BnGetWord(n, 0) & 1) == 0) + +// The macros below are used to define BIGNUM values of the required +// size. The values are allocated on the stack so they can be +// treated like simple local values. + +// This will call the initialization function for a defined bignum_t. +// This sets the allocated and used fields and clears the words of 'n'. +#define BN_INIT(name) \ + (bigNum)BnInit((bigNum)&(name), \ + BYTES_TO_CRYPT_WORDS(sizeof(name.d))) + +// In some cases, a function will need the address of the structure +// associated with a variable. The structure for a BIGNUM variable +// of 'name' is 'name_'. Generally, when the structure is created, it +// is initialized and a parameter is created with a pointer to the +// structure. The pointer has the 'name' and the structure it points +// to is 'name_' +#define BN_ADDRESS(name) (bigNum)&name##_ + +#define BN_STRUCT_ALLOCATION(bits) (BITS_TO_CRYPT_WORDS(bits) + 1) + +// Create a structure of the correct size. +#define BN_STRUCT(bits) \ + BN_STRUCT_DEF(BN_STRUCT_ALLOCATION(bits)) + +// Define a BIGNUM type with a specific allocation +#define BN_TYPE(name, bits) \ + typedef BN_STRUCT(bits) bn_##name##_t + +// This creates a local BIGNUM variable of a specific size and +// initializes it from a TPM2B input parameter. +#define BN_INITIALIZED(name, bits, initializer) \ + BN_STRUCT(bits) name##_; \ + bigNum name = BnFrom2B(BN_INIT(name##_), \ + (const TPM2B *)initializer) + +// Create a local variable that can hold a number with 'bits' +#define BN_VAR(name, bits) \ + BN_STRUCT(bits) _##name; \ + bigNum name = BN_INIT(_##name) + +// Create a type that can hold the largest number defined by the +// implementation. +#define BN_MAX(name) BN_VAR(name, LARGEST_NUMBER_BITS) +#define BN_MAX_INITIALIZED(name, initializer) \ + BN_INITIALIZED(name, LARGEST_NUMBER_BITS, initializer) + +// A word size value is useful +#define BN_WORD(name) BN_VAR(name, RADIX_BITS) + +// This is used to created a word-size BIGNUM and initialize it with +// an input parameter to a function. +#define BN_WORD_INITIALIZED(name, initial) \ + BN_STRUCT(RADIX_BITS) name##_; \ + bigNum name = BnInitializeWord((bigNum)&name##_, \ + BN_STRUCT_ALLOCATION(RADIX_BITS), initial) + +// ECC-Specific Values + +// This is the format for a point. It is always in affine format. The Z value is +// carried as part of the point, primarily to simplify the interface to the support +// library. Rather than have the interface layer have to create space for the +// point each time it is used... +// The x, y, and z values are pointers to bigNum values and not in-line versions of +// the numbers. This is a relic of the days when there was no standard TPM format +// for the numbers +typedef struct _bn_point_t +{ + bigNum x; + bigNum y; + bigNum z; +} bn_point_t; + +typedef bn_point_t *bigPoint; +typedef const bn_point_t *pointConst; + +typedef struct constant_point_t +{ + bigConst x; + bigConst y; + bigConst z; +} constant_point_t; + +#define ECC_BITS (MAX_ECC_KEY_BYTES * 8) +BN_TYPE(ecc, ECC_BITS); +#define ECC_NUM(name) BN_VAR(name, ECC_BITS) +#define ECC_INITIALIZED(name, initializer) \ + BN_INITIALIZED(name, ECC_BITS, initializer) + +#define POINT_INSTANCE(name, bits) \ + BN_STRUCT (bits) name##_x = \ + {BITS_TO_CRYPT_WORDS ( bits ), 0,{0}}; \ + BN_STRUCT ( bits ) name##_y = \ + {BITS_TO_CRYPT_WORDS ( bits ), 0,{0}}; \ + BN_STRUCT ( bits ) name##_z = \ + {BITS_TO_CRYPT_WORDS ( bits ), 0,{0}}; \ + bn_point_t name##_ + +#define POINT_INITIALIZER(name) \ + BnInitializePoint(&name##_, (bigNum)&name##_x, \ + (bigNum)&name##_y, (bigNum)&name##_z) + +#define POINT_INITIALIZED(name, initValue) \ + POINT_INSTANCE(name, MAX_ECC_KEY_BITS); \ + bigPoint name = BnPointFrom2B( \ + POINT_INITIALIZER(name), \ + initValue) + +#define POINT_VAR(name, bits) \ + POINT_INSTANCE (name, bits); \ + bigPoint name = POINT_INITIALIZER(name) + +#define POINT(name) POINT_VAR(name, MAX_ECC_KEY_BITS) + +// Structure for the curve parameters. This is an analog to the +// TPMS_ALGORITHM_DETAIL_ECC +typedef struct +{ + bigConst prime; // a prime number + bigConst order; // the order of the curve + bigConst h; // cofactor + bigConst a; // linear coefficient + bigConst b; // constant term + constant_point_t base; // base point +} ECC_CURVE_DATA; + +// Access macros for the ECC_CURVE structure. The parameter 'C' is a pointer +// to an ECC_CURVE_DATA structure. In some libraries, the curve structure contains +// a pointer to an ECC_CURVE_DATA structure as well as some other bits. For those +// cases, the AccessCurveData macro is used in the code to first get the pointer +// to the ECC_CURVE_DATA for access. In some cases, the macro does noting. +#define CurveGetPrime(C) ((C)->prime) +#define CurveGetOrder(C) ((C)->order) +#define CurveGetCofactor(C) ((C)->h) +#define CurveGet_a(C) ((C)->a) +#define CurveGet_b(C) ((C)->b) +#define CurveGetG(C) ((pointConst)&((C)->base)) +#define CurveGetGx(C) ((C)->base.x) +#define CurveGetGy(C) ((C)->base.y) + + +// Convert bytes in initializers according to the endianess of the system. +// This is used for CryptEccData.c. +#define BIG_ENDIAN_BYTES_TO_UINT32(a, b, c, d) \ + ( ((UINT32)(a) << 24) \ + + ((UINT32)(b) << 16) \ + + ((UINT32)(c) << 8) \ + + ((UINT32)(d)) \ + ) + +#define BIG_ENDIAN_BYTES_TO_UINT64(a, b, c, d, e, f, g, h) \ + ( ((UINT64)(a) << 56) \ + + ((UINT64)(b) << 48) \ + + ((UINT64)(c) << 40) \ + + ((UINT64)(d) << 32) \ + + ((UINT64)(e) << 24) \ + + ((UINT64)(f) << 16) \ + + ((UINT64)(g) << 8) \ + + ((UINT64)(h)) \ + ) + +#ifndef RADIX_BYTES +# if RADIX_BITS == 32 +# define RADIX_BYTES 4 +# elif RADIX_BITS == 64 +# define RADIX_BYTES 8 +# else +# error "RADIX_BITS must either be 32 or 64" +# endif +#endif + +// Add implementation dependent definitions for other ECC Values and for linkages. +#include LIB_INCLUDE(MATH_LIB, Math) + + +#endif // _BN_NUMBERS_H \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Capabilities.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Capabilities.h new file mode 100644 index 000000000..54f620c20 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Capabilities.h @@ -0,0 +1,49 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#ifndef _CAPABILITIES_H +#define _CAPABILITIES_H + +#define MAX_CAP_DATA (MAX_CAP_BUFFER - sizeof(TPM_CAP)-sizeof(UINT32)) +#define MAX_CAP_ALGS (MAX_CAP_DATA / sizeof(TPMS_ALG_PROPERTY)) +#define MAX_CAP_HANDLES (MAX_CAP_DATA / sizeof(TPM_HANDLE)) +#define MAX_CAP_CC (MAX_CAP_DATA / sizeof(TPM_CC)) +#define MAX_TPM_PROPERTIES (MAX_CAP_DATA / sizeof(TPMS_TAGGED_PROPERTY)) +#define MAX_PCR_PROPERTIES (MAX_CAP_DATA / sizeof(TPMS_TAGGED_PCR_SELECT)) +#define MAX_ECC_CURVES (MAX_CAP_DATA / sizeof(TPM_ECC_CURVE)) +#define MAX_TAGGED_POLICIES (MAX_CAP_DATA / sizeof(TPMS_TAGGED_POLICY)) + +#define MAX_AC_CAPABILITIES (MAX_CAP_DATA / sizeof(TPMS_AC_OUTPUT)) + +#endif diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CommandAttributeData.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CommandAttributeData.h new file mode 100644 index 000000000..8c3e5e433 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CommandAttributeData.h @@ -0,0 +1,916 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 3.0 June 16, 2017 + * Date: Oct 9, 2018 Time: 07:25:18PM + */ +// This file should only be included by CommandCodeAttibutes.c +#ifdef _COMMAND_CODE_ATTRIBUTES_ + +#include "CommandAttributes.h" + +#if COMPRESSED_LISTS +# define PAD_LIST 0 +#else +# define PAD_LIST 1 +#endif + + +// This is the command code attribute array for GetCapability. +// Both this array and s_commandAttributes provides command code attributes, +// but tuned for different purpose +const TPMA_CC s_ccAttr [] = { +#if (PAD_LIST || CC_NV_UndefineSpaceSpecial) + TPMA_CC_INITIALIZER(0x011F, 0, 1, 0, 0, 2, 0, 0, 0), +#endif +#if (PAD_LIST || CC_EvictControl) + TPMA_CC_INITIALIZER(0x0120, 0, 1, 0, 0, 2, 0, 0, 0), +#endif +#if (PAD_LIST || CC_HierarchyControl) + TPMA_CC_INITIALIZER(0x0121, 0, 1, 1, 0, 1, 0, 0, 0), +#endif +#if (PAD_LIST || CC_NV_UndefineSpace) + TPMA_CC_INITIALIZER(0x0122, 0, 1, 0, 0, 2, 0, 0, 0), +#endif +#if (PAD_LIST ) + TPMA_CC_INITIALIZER(0x0123, 0, 0, 0, 0, 0, 0, 0, 0), +#endif +#if (PAD_LIST || CC_ChangeEPS) + TPMA_CC_INITIALIZER(0x0124, 0, 1, 1, 0, 1, 0, 0, 0), +#endif +#if (PAD_LIST || CC_ChangePPS) + TPMA_CC_INITIALIZER(0x0125, 0, 1, 1, 0, 1, 0, 0, 0), +#endif +#if (PAD_LIST || CC_Clear) + TPMA_CC_INITIALIZER(0x0126, 0, 1, 1, 0, 1, 0, 0, 0), +#endif +#if (PAD_LIST || CC_ClearControl) + TPMA_CC_INITIALIZER(0x0127, 0, 1, 0, 0, 1, 0, 0, 0), +#endif +#if (PAD_LIST || CC_ClockSet) + TPMA_CC_INITIALIZER(0x0128, 0, 1, 0, 0, 1, 0, 0, 0), +#endif +#if (PAD_LIST || CC_HierarchyChangeAuth) + TPMA_CC_INITIALIZER(0x0129, 0, 1, 0, 0, 1, 0, 0, 0), +#endif +#if (PAD_LIST || CC_NV_DefineSpace) + TPMA_CC_INITIALIZER(0x012A, 0, 1, 0, 0, 1, 0, 0, 0), +#endif +#if (PAD_LIST || CC_PCR_Allocate) + TPMA_CC_INITIALIZER(0x012B, 0, 1, 0, 0, 1, 0, 0, 0), +#endif +#if (PAD_LIST || CC_PCR_SetAuthPolicy) + TPMA_CC_INITIALIZER(0x012C, 0, 1, 0, 0, 1, 0, 0, 0), +#endif +#if (PAD_LIST || CC_PP_Commands) + TPMA_CC_INITIALIZER(0x012D, 0, 1, 0, 0, 1, 0, 0, 0), +#endif +#if (PAD_LIST || CC_SetPrimaryPolicy) + TPMA_CC_INITIALIZER(0x012E, 0, 1, 0, 0, 1, 0, 0, 0), +#endif +#if (PAD_LIST || CC_FieldUpgradeStart) + TPMA_CC_INITIALIZER(0x012F, 0, 0, 0, 0, 2, 0, 0, 0), +#endif +#if (PAD_LIST || CC_ClockRateAdjust) + TPMA_CC_INITIALIZER(0x0130, 0, 0, 0, 0, 1, 0, 0, 0), +#endif +#if (PAD_LIST || CC_CreatePrimary) + TPMA_CC_INITIALIZER(0x0131, 0, 0, 0, 0, 1, 1, 0, 0), +#endif +#if (PAD_LIST || CC_NV_GlobalWriteLock) + TPMA_CC_INITIALIZER(0x0132, 0, 1, 0, 0, 1, 0, 0, 0), +#endif +#if (PAD_LIST || CC_GetCommandAuditDigest) + TPMA_CC_INITIALIZER(0x0133, 0, 1, 0, 0, 2, 0, 0, 0), +#endif +#if (PAD_LIST || CC_NV_Increment) + TPMA_CC_INITIALIZER(0x0134, 0, 1, 0, 0, 2, 0, 0, 0), +#endif +#if (PAD_LIST || CC_NV_SetBits) + TPMA_CC_INITIALIZER(0x0135, 0, 1, 0, 0, 2, 0, 0, 0), +#endif +#if (PAD_LIST || CC_NV_Extend) + TPMA_CC_INITIALIZER(0x0136, 0, 1, 0, 0, 2, 0, 0, 0), +#endif +#if (PAD_LIST || CC_NV_Write) + TPMA_CC_INITIALIZER(0x0137, 0, 1, 0, 0, 2, 0, 0, 0), +#endif +#if (PAD_LIST || CC_NV_WriteLock) + TPMA_CC_INITIALIZER(0x0138, 0, 1, 0, 0, 2, 0, 0, 0), +#endif +#if (PAD_LIST || CC_DictionaryAttackLockReset) + TPMA_CC_INITIALIZER(0x0139, 0, 1, 0, 0, 1, 0, 0, 0), +#endif +#if (PAD_LIST || CC_DictionaryAttackParameters) + TPMA_CC_INITIALIZER(0x013A, 0, 1, 0, 0, 1, 0, 0, 0), +#endif +#if (PAD_LIST || CC_NV_ChangeAuth) + TPMA_CC_INITIALIZER(0x013B, 0, 1, 0, 0, 1, 0, 0, 0), +#endif +#if (PAD_LIST || CC_PCR_Event) + TPMA_CC_INITIALIZER(0x013C, 0, 1, 0, 0, 1, 0, 0, 0), +#endif +#if (PAD_LIST || CC_PCR_Reset) + TPMA_CC_INITIALIZER(0x013D, 0, 1, 0, 0, 1, 0, 0, 0), +#endif +#if (PAD_LIST || CC_SequenceComplete) + TPMA_CC_INITIALIZER(0x013E, 0, 0, 0, 1, 1, 0, 0, 0), +#endif +#if (PAD_LIST || CC_SetAlgorithmSet) + TPMA_CC_INITIALIZER(0x013F, 0, 1, 0, 0, 1, 0, 0, 0), +#endif +#if (PAD_LIST || CC_SetCommandCodeAuditStatus) + TPMA_CC_INITIALIZER(0x0140, 0, 1, 0, 0, 1, 0, 0, 0), +#endif +#if (PAD_LIST || CC_FieldUpgradeData) + TPMA_CC_INITIALIZER(0x0141, 0, 1, 0, 0, 0, 0, 0, 0), +#endif +#if (PAD_LIST || CC_IncrementalSelfTest) + TPMA_CC_INITIALIZER(0x0142, 0, 1, 0, 0, 0, 0, 0, 0), +#endif +#if (PAD_LIST || CC_SelfTest) + TPMA_CC_INITIALIZER(0x0143, 0, 1, 0, 0, 0, 0, 0, 0), +#endif +#if (PAD_LIST || CC_Startup) + TPMA_CC_INITIALIZER(0x0144, 0, 1, 0, 0, 0, 0, 0, 0), +#endif +#if (PAD_LIST || CC_Shutdown) + TPMA_CC_INITIALIZER(0x0145, 0, 1, 0, 0, 0, 0, 0, 0), +#endif +#if (PAD_LIST || CC_StirRandom) + TPMA_CC_INITIALIZER(0x0146, 0, 1, 0, 0, 0, 0, 0, 0), +#endif +#if (PAD_LIST || CC_ActivateCredential) + TPMA_CC_INITIALIZER(0x0147, 0, 0, 0, 0, 2, 0, 0, 0), +#endif +#if (PAD_LIST || CC_Certify) + TPMA_CC_INITIALIZER(0x0148, 0, 0, 0, 0, 2, 0, 0, 0), +#endif +#if (PAD_LIST || CC_PolicyNV) + TPMA_CC_INITIALIZER(0x0149, 0, 0, 0, 0, 3, 0, 0, 0), +#endif +#if (PAD_LIST || CC_CertifyCreation) + TPMA_CC_INITIALIZER(0x014A, 0, 0, 0, 0, 2, 0, 0, 0), +#endif +#if (PAD_LIST || CC_Duplicate) + TPMA_CC_INITIALIZER(0x014B, 0, 0, 0, 0, 2, 0, 0, 0), +#endif +#if (PAD_LIST || CC_GetTime) + TPMA_CC_INITIALIZER(0x014C, 0, 0, 0, 0, 2, 0, 0, 0), +#endif +#if (PAD_LIST || CC_GetSessionAuditDigest) + TPMA_CC_INITIALIZER(0x014D, 0, 0, 0, 0, 3, 0, 0, 0), +#endif +#if (PAD_LIST || CC_NV_Read) + TPMA_CC_INITIALIZER(0x014E, 0, 0, 0, 0, 2, 0, 0, 0), +#endif +#if (PAD_LIST || CC_NV_ReadLock) + TPMA_CC_INITIALIZER(0x014F, 0, 1, 0, 0, 2, 0, 0, 0), +#endif +#if (PAD_LIST || CC_ObjectChangeAuth) + TPMA_CC_INITIALIZER(0x0150, 0, 0, 0, 0, 2, 0, 0, 0), +#endif +#if (PAD_LIST || CC_PolicySecret) + TPMA_CC_INITIALIZER(0x0151, 0, 0, 0, 0, 2, 0, 0, 0), +#endif +#if (PAD_LIST || CC_Rewrap) + TPMA_CC_INITIALIZER(0x0152, 0, 0, 0, 0, 2, 0, 0, 0), +#endif +#if (PAD_LIST || CC_Create) + TPMA_CC_INITIALIZER(0x0153, 0, 0, 0, 0, 1, 0, 0, 0), +#endif +#if (PAD_LIST || CC_ECDH_ZGen) + TPMA_CC_INITIALIZER(0x0154, 0, 0, 0, 0, 1, 0, 0, 0), +#endif +#if (PAD_LIST || (CC_HMAC || CC_MAC)) + TPMA_CC_INITIALIZER(0x0155, 0, 0, 0, 0, 1, 0, 0, 0), +#endif +#if (PAD_LIST || CC_Import) + TPMA_CC_INITIALIZER(0x0156, 0, 0, 0, 0, 1, 0, 0, 0), +#endif +#if (PAD_LIST || CC_Load) + TPMA_CC_INITIALIZER(0x0157, 0, 0, 0, 0, 1, 1, 0, 0), +#endif +#if (PAD_LIST || CC_Quote) + TPMA_CC_INITIALIZER(0x0158, 0, 0, 0, 0, 1, 0, 0, 0), +#endif +#if (PAD_LIST || CC_RSA_Decrypt) + TPMA_CC_INITIALIZER(0x0159, 0, 0, 0, 0, 1, 0, 0, 0), +#endif +#if (PAD_LIST ) + TPMA_CC_INITIALIZER(0x015A, 0, 0, 0, 0, 0, 0, 0, 0), +#endif +#if (PAD_LIST || (CC_HMAC_Start || CC_MAC_Start)) + TPMA_CC_INITIALIZER(0x015B, 0, 0, 0, 0, 1, 1, 0, 0), +#endif +#if (PAD_LIST || CC_SequenceUpdate) + TPMA_CC_INITIALIZER(0x015C, 0, 0, 0, 0, 1, 0, 0, 0), +#endif +#if (PAD_LIST || CC_Sign) + TPMA_CC_INITIALIZER(0x015D, 0, 0, 0, 0, 1, 0, 0, 0), +#endif +#if (PAD_LIST || CC_Unseal) + TPMA_CC_INITIALIZER(0x015E, 0, 0, 0, 0, 1, 0, 0, 0), +#endif +#if (PAD_LIST ) + TPMA_CC_INITIALIZER(0x015F, 0, 0, 0, 0, 0, 0, 0, 0), +#endif +#if (PAD_LIST || CC_PolicySigned) + TPMA_CC_INITIALIZER(0x0160, 0, 0, 0, 0, 2, 0, 0, 0), +#endif +#if (PAD_LIST || CC_ContextLoad) + TPMA_CC_INITIALIZER(0x0161, 0, 0, 0, 0, 0, 1, 0, 0), +#endif +#if (PAD_LIST || CC_ContextSave) + TPMA_CC_INITIALIZER(0x0162, 0, 0, 0, 0, 1, 0, 0, 0), +#endif +#if (PAD_LIST || CC_ECDH_KeyGen) + TPMA_CC_INITIALIZER(0x0163, 0, 0, 0, 0, 1, 0, 0, 0), +#endif +#if (PAD_LIST || CC_EncryptDecrypt) + TPMA_CC_INITIALIZER(0x0164, 0, 0, 0, 0, 1, 0, 0, 0), +#endif +#if (PAD_LIST || CC_FlushContext) + TPMA_CC_INITIALIZER(0x0165, 0, 0, 0, 0, 0, 0, 0, 0), +#endif +#if (PAD_LIST ) + TPMA_CC_INITIALIZER(0x0166, 0, 0, 0, 0, 0, 0, 0, 0), +#endif +#if (PAD_LIST || CC_LoadExternal) + TPMA_CC_INITIALIZER(0x0167, 0, 0, 0, 0, 0, 1, 0, 0), +#endif +#if (PAD_LIST || CC_MakeCredential) + TPMA_CC_INITIALIZER(0x0168, 0, 0, 0, 0, 1, 0, 0, 0), +#endif +#if (PAD_LIST || CC_NV_ReadPublic) + TPMA_CC_INITIALIZER(0x0169, 0, 0, 0, 0, 1, 0, 0, 0), +#endif +#if (PAD_LIST || CC_PolicyAuthorize) + TPMA_CC_INITIALIZER(0x016A, 0, 0, 0, 0, 1, 0, 0, 0), +#endif +#if (PAD_LIST || CC_PolicyAuthValue) + TPMA_CC_INITIALIZER(0x016B, 0, 0, 0, 0, 1, 0, 0, 0), +#endif +#if (PAD_LIST || CC_PolicyCommandCode) + TPMA_CC_INITIALIZER(0x016C, 0, 0, 0, 0, 1, 0, 0, 0), +#endif +#if (PAD_LIST || CC_PolicyCounterTimer) + TPMA_CC_INITIALIZER(0x016D, 0, 0, 0, 0, 1, 0, 0, 0), +#endif +#if (PAD_LIST || CC_PolicyCpHash) + TPMA_CC_INITIALIZER(0x016E, 0, 0, 0, 0, 1, 0, 0, 0), +#endif +#if (PAD_LIST || CC_PolicyLocality) + TPMA_CC_INITIALIZER(0x016F, 0, 0, 0, 0, 1, 0, 0, 0), +#endif +#if (PAD_LIST || CC_PolicyNameHash) + TPMA_CC_INITIALIZER(0x0170, 0, 0, 0, 0, 1, 0, 0, 0), +#endif +#if (PAD_LIST || CC_PolicyOR) + TPMA_CC_INITIALIZER(0x0171, 0, 0, 0, 0, 1, 0, 0, 0), +#endif +#if (PAD_LIST || CC_PolicyTicket) + TPMA_CC_INITIALIZER(0x0172, 0, 0, 0, 0, 1, 0, 0, 0), +#endif +#if (PAD_LIST || CC_ReadPublic) + TPMA_CC_INITIALIZER(0x0173, 0, 0, 0, 0, 1, 0, 0, 0), +#endif +#if (PAD_LIST || CC_RSA_Encrypt) + TPMA_CC_INITIALIZER(0x0174, 0, 0, 0, 0, 1, 0, 0, 0), +#endif +#if (PAD_LIST ) + TPMA_CC_INITIALIZER(0x0175, 0, 0, 0, 0, 0, 0, 0, 0), +#endif +#if (PAD_LIST || CC_StartAuthSession) + TPMA_CC_INITIALIZER(0x0176, 0, 0, 0, 0, 2, 1, 0, 0), +#endif +#if (PAD_LIST || CC_VerifySignature) + TPMA_CC_INITIALIZER(0x0177, 0, 0, 0, 0, 1, 0, 0, 0), +#endif +#if (PAD_LIST || CC_ECC_Parameters) + TPMA_CC_INITIALIZER(0x0178, 0, 0, 0, 0, 0, 0, 0, 0), +#endif +#if (PAD_LIST || CC_FirmwareRead) + TPMA_CC_INITIALIZER(0x0179, 0, 0, 0, 0, 0, 0, 0, 0), +#endif +#if (PAD_LIST || CC_GetCapability) + TPMA_CC_INITIALIZER(0x017A, 0, 0, 0, 0, 0, 0, 0, 0), +#endif +#if (PAD_LIST || CC_GetRandom) + TPMA_CC_INITIALIZER(0x017B, 0, 0, 0, 0, 0, 0, 0, 0), +#endif +#if (PAD_LIST || CC_GetTestResult) + TPMA_CC_INITIALIZER(0x017C, 0, 0, 0, 0, 0, 0, 0, 0), +#endif +#if (PAD_LIST || CC_Hash) + TPMA_CC_INITIALIZER(0x017D, 0, 0, 0, 0, 0, 0, 0, 0), +#endif +#if (PAD_LIST || CC_PCR_Read) + TPMA_CC_INITIALIZER(0x017E, 0, 0, 0, 0, 0, 0, 0, 0), +#endif +#if (PAD_LIST || CC_PolicyPCR) + TPMA_CC_INITIALIZER(0x017F, 0, 0, 0, 0, 1, 0, 0, 0), +#endif +#if (PAD_LIST || CC_PolicyRestart) + TPMA_CC_INITIALIZER(0x0180, 0, 0, 0, 0, 1, 0, 0, 0), +#endif +#if (PAD_LIST || CC_ReadClock) + TPMA_CC_INITIALIZER(0x0181, 0, 0, 0, 0, 0, 0, 0, 0), +#endif +#if (PAD_LIST || CC_PCR_Extend) + TPMA_CC_INITIALIZER(0x0182, 0, 1, 0, 0, 1, 0, 0, 0), +#endif +#if (PAD_LIST || CC_PCR_SetAuthValue) + TPMA_CC_INITIALIZER(0x0183, 0, 0, 0, 0, 1, 0, 0, 0), +#endif +#if (PAD_LIST || CC_NV_Certify) + TPMA_CC_INITIALIZER(0x0184, 0, 0, 0, 0, 3, 0, 0, 0), +#endif +#if (PAD_LIST || CC_EventSequenceComplete) + TPMA_CC_INITIALIZER(0x0185, 0, 1, 0, 1, 2, 0, 0, 0), +#endif +#if (PAD_LIST || CC_HashSequenceStart) + TPMA_CC_INITIALIZER(0x0186, 0, 0, 0, 0, 0, 1, 0, 0), +#endif +#if (PAD_LIST || CC_PolicyPhysicalPresence) + TPMA_CC_INITIALIZER(0x0187, 0, 0, 0, 0, 1, 0, 0, 0), +#endif +#if (PAD_LIST || CC_PolicyDuplicationSelect) + TPMA_CC_INITIALIZER(0x0188, 0, 0, 0, 0, 1, 0, 0, 0), +#endif +#if (PAD_LIST || CC_PolicyGetDigest) + TPMA_CC_INITIALIZER(0x0189, 0, 0, 0, 0, 1, 0, 0, 0), +#endif +#if (PAD_LIST || CC_TestParms) + TPMA_CC_INITIALIZER(0x018A, 0, 0, 0, 0, 0, 0, 0, 0), +#endif +#if (PAD_LIST || CC_Commit) + TPMA_CC_INITIALIZER(0x018B, 0, 0, 0, 0, 1, 0, 0, 0), +#endif +#if (PAD_LIST || CC_PolicyPassword) + TPMA_CC_INITIALIZER(0x018C, 0, 0, 0, 0, 1, 0, 0, 0), +#endif +#if (PAD_LIST || CC_ZGen_2Phase) + TPMA_CC_INITIALIZER(0x018D, 0, 0, 0, 0, 1, 0, 0, 0), +#endif +#if (PAD_LIST || CC_EC_Ephemeral) + TPMA_CC_INITIALIZER(0x018E, 0, 0, 0, 0, 0, 0, 0, 0), +#endif +#if (PAD_LIST || CC_PolicyNvWritten) + TPMA_CC_INITIALIZER(0x018F, 0, 0, 0, 0, 1, 0, 0, 0), +#endif +#if (PAD_LIST || CC_PolicyTemplate) + TPMA_CC_INITIALIZER(0x0190, 0, 0, 0, 0, 1, 0, 0, 0), +#endif +#if (PAD_LIST || CC_CreateLoaded) + TPMA_CC_INITIALIZER(0x0191, 0, 0, 0, 0, 1, 1, 0, 0), +#endif +#if (PAD_LIST || CC_PolicyAuthorizeNV) + TPMA_CC_INITIALIZER(0x0192, 0, 0, 0, 0, 3, 0, 0, 0), +#endif +#if (PAD_LIST || CC_EncryptDecrypt2) + TPMA_CC_INITIALIZER(0x0193, 0, 0, 0, 0, 1, 0, 0, 0), +#endif +#if (PAD_LIST || CC_AC_GetCapability) + TPMA_CC_INITIALIZER(0x0194, 0, 0, 0, 0, 1, 0, 0, 0), +#endif +#if (PAD_LIST || CC_AC_Send) + TPMA_CC_INITIALIZER(0x0195, 0, 0, 0, 0, 3, 0, 0, 0), +#endif +#if (PAD_LIST || CC_Policy_AC_SendSelect) + TPMA_CC_INITIALIZER(0x0196, 0, 0, 0, 0, 1, 0, 0, 0), +#endif +#if (PAD_LIST || CC_CertifyX509) + TPMA_CC_INITIALIZER(0x0197, 0, 0, 0, 0, 2, 0, 0, 0), +#endif +#if (PAD_LIST || CC_Vendor_TCG_Test) + TPMA_CC_INITIALIZER(0x0000, 0, 0, 0, 0, 0, 0, 1, 0), +#endif + TPMA_ZERO_INITIALIZER() +}; + + + +// This is the command code attribute structure. +const COMMAND_ATTRIBUTES s_commandAttributes [] = { +#if (PAD_LIST || CC_NV_UndefineSpaceSpecial) + (COMMAND_ATTRIBUTES)(CC_NV_UndefineSpaceSpecial * // 0x011F + (IS_IMPLEMENTED+HANDLE_1_ADMIN+HANDLE_2_USER+PP_COMMAND)), +#endif +#if (PAD_LIST || CC_EvictControl) + (COMMAND_ATTRIBUTES)(CC_EvictControl * // 0x0120 + (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), +#endif +#if (PAD_LIST || CC_HierarchyControl) + (COMMAND_ATTRIBUTES)(CC_HierarchyControl * // 0x0121 + (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), +#endif +#if (PAD_LIST || CC_NV_UndefineSpace) + (COMMAND_ATTRIBUTES)(CC_NV_UndefineSpace * // 0x0122 + (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), +#endif +#if (PAD_LIST ) + (COMMAND_ATTRIBUTES)(0), // 0x0123 +#endif +#if (PAD_LIST || CC_ChangeEPS) + (COMMAND_ATTRIBUTES)(CC_ChangeEPS * // 0x0124 + (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), +#endif +#if (PAD_LIST || CC_ChangePPS) + (COMMAND_ATTRIBUTES)(CC_ChangePPS * // 0x0125 + (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), +#endif +#if (PAD_LIST || CC_Clear) + (COMMAND_ATTRIBUTES)(CC_Clear * // 0x0126 + (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), +#endif +#if (PAD_LIST || CC_ClearControl) + (COMMAND_ATTRIBUTES)(CC_ClearControl * // 0x0127 + (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), +#endif +#if (PAD_LIST || CC_ClockSet) + (COMMAND_ATTRIBUTES)(CC_ClockSet * // 0x0128 + (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), +#endif +#if (PAD_LIST || CC_HierarchyChangeAuth) + (COMMAND_ATTRIBUTES)(CC_HierarchyChangeAuth * // 0x0129 + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+PP_COMMAND)), +#endif +#if (PAD_LIST || CC_NV_DefineSpace) + (COMMAND_ATTRIBUTES)(CC_NV_DefineSpace * // 0x012A + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+PP_COMMAND)), +#endif +#if (PAD_LIST || CC_PCR_Allocate) + (COMMAND_ATTRIBUTES)(CC_PCR_Allocate * // 0x012B + (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), +#endif +#if (PAD_LIST || CC_PCR_SetAuthPolicy) + (COMMAND_ATTRIBUTES)(CC_PCR_SetAuthPolicy * // 0x012C + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+PP_COMMAND)), +#endif +#if (PAD_LIST || CC_PP_Commands) + (COMMAND_ATTRIBUTES)(CC_PP_Commands * // 0x012D + (IS_IMPLEMENTED+HANDLE_1_USER+PP_REQUIRED)), +#endif +#if (PAD_LIST || CC_SetPrimaryPolicy) + (COMMAND_ATTRIBUTES)(CC_SetPrimaryPolicy * // 0x012E + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+PP_COMMAND)), +#endif +#if (PAD_LIST || CC_FieldUpgradeStart) + (COMMAND_ATTRIBUTES)(CC_FieldUpgradeStart * // 0x012F + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_ADMIN+PP_COMMAND)), +#endif +#if (PAD_LIST || CC_ClockRateAdjust) + (COMMAND_ATTRIBUTES)(CC_ClockRateAdjust * // 0x0130 + (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), +#endif +#if (PAD_LIST || CC_CreatePrimary) + (COMMAND_ATTRIBUTES)(CC_CreatePrimary * // 0x0131 + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+PP_COMMAND+ENCRYPT_2+R_HANDLE)), +#endif +#if (PAD_LIST || CC_NV_GlobalWriteLock) + (COMMAND_ATTRIBUTES)(CC_NV_GlobalWriteLock * // 0x0132 + (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), +#endif +#if (PAD_LIST || CC_GetCommandAuditDigest) + (COMMAND_ATTRIBUTES)(CC_GetCommandAuditDigest * // 0x0133 + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+HANDLE_2_USER+ENCRYPT_2)), +#endif +#if (PAD_LIST || CC_NV_Increment) + (COMMAND_ATTRIBUTES)(CC_NV_Increment * // 0x0134 + (IS_IMPLEMENTED+HANDLE_1_USER)), +#endif +#if (PAD_LIST || CC_NV_SetBits) + (COMMAND_ATTRIBUTES)(CC_NV_SetBits * // 0x0135 + (IS_IMPLEMENTED+HANDLE_1_USER)), +#endif +#if (PAD_LIST || CC_NV_Extend) + (COMMAND_ATTRIBUTES)(CC_NV_Extend * // 0x0136 + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER)), +#endif +#if (PAD_LIST || CC_NV_Write) + (COMMAND_ATTRIBUTES)(CC_NV_Write * // 0x0137 + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER)), +#endif +#if (PAD_LIST || CC_NV_WriteLock) + (COMMAND_ATTRIBUTES)(CC_NV_WriteLock * // 0x0138 + (IS_IMPLEMENTED+HANDLE_1_USER)), +#endif +#if (PAD_LIST || CC_DictionaryAttackLockReset) + (COMMAND_ATTRIBUTES)(CC_DictionaryAttackLockReset * // 0x0139 + (IS_IMPLEMENTED+HANDLE_1_USER)), +#endif +#if (PAD_LIST || CC_DictionaryAttackParameters) + (COMMAND_ATTRIBUTES)(CC_DictionaryAttackParameters * // 0x013A + (IS_IMPLEMENTED+HANDLE_1_USER)), +#endif +#if (PAD_LIST || CC_NV_ChangeAuth) + (COMMAND_ATTRIBUTES)(CC_NV_ChangeAuth * // 0x013B + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_ADMIN)), +#endif +#if (PAD_LIST || CC_PCR_Event) + (COMMAND_ATTRIBUTES)(CC_PCR_Event * // 0x013C + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER)), +#endif +#if (PAD_LIST || CC_PCR_Reset) + (COMMAND_ATTRIBUTES)(CC_PCR_Reset * // 0x013D + (IS_IMPLEMENTED+HANDLE_1_USER)), +#endif +#if (PAD_LIST || CC_SequenceComplete) + (COMMAND_ATTRIBUTES)(CC_SequenceComplete * // 0x013E + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), +#endif +#if (PAD_LIST || CC_SetAlgorithmSet) + (COMMAND_ATTRIBUTES)(CC_SetAlgorithmSet * // 0x013F + (IS_IMPLEMENTED+HANDLE_1_USER)), +#endif +#if (PAD_LIST || CC_SetCommandCodeAuditStatus) + (COMMAND_ATTRIBUTES)(CC_SetCommandCodeAuditStatus * // 0x0140 + (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), +#endif +#if (PAD_LIST || CC_FieldUpgradeData) + (COMMAND_ATTRIBUTES)(CC_FieldUpgradeData * // 0x0141 + (IS_IMPLEMENTED+DECRYPT_2)), +#endif +#if (PAD_LIST || CC_IncrementalSelfTest) + (COMMAND_ATTRIBUTES)(CC_IncrementalSelfTest * // 0x0142 + (IS_IMPLEMENTED)), +#endif +#if (PAD_LIST || CC_SelfTest) + (COMMAND_ATTRIBUTES)(CC_SelfTest * // 0x0143 + (IS_IMPLEMENTED)), +#endif +#if (PAD_LIST || CC_Startup) + (COMMAND_ATTRIBUTES)(CC_Startup * // 0x0144 + (IS_IMPLEMENTED+NO_SESSIONS)), +#endif +#if (PAD_LIST || CC_Shutdown) + (COMMAND_ATTRIBUTES)(CC_Shutdown * // 0x0145 + (IS_IMPLEMENTED)), +#endif +#if (PAD_LIST || CC_StirRandom) + (COMMAND_ATTRIBUTES)(CC_StirRandom * // 0x0146 + (IS_IMPLEMENTED+DECRYPT_2)), +#endif +#if (PAD_LIST || CC_ActivateCredential) + (COMMAND_ATTRIBUTES)(CC_ActivateCredential * // 0x0147 + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_ADMIN+HANDLE_2_USER+ENCRYPT_2)), +#endif +#if (PAD_LIST || CC_Certify) + (COMMAND_ATTRIBUTES)(CC_Certify * // 0x0148 + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_ADMIN+HANDLE_2_USER+ENCRYPT_2)), +#endif +#if (PAD_LIST || CC_PolicyNV) + (COMMAND_ATTRIBUTES)(CC_PolicyNV * // 0x0149 + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ALLOW_TRIAL)), +#endif +#if (PAD_LIST || CC_CertifyCreation) + (COMMAND_ATTRIBUTES)(CC_CertifyCreation * // 0x014A + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), +#endif +#if (PAD_LIST || CC_Duplicate) + (COMMAND_ATTRIBUTES)(CC_Duplicate * // 0x014B + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_DUP+ENCRYPT_2)), +#endif +#if (PAD_LIST || CC_GetTime) + (COMMAND_ATTRIBUTES)(CC_GetTime * // 0x014C + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+HANDLE_2_USER+ENCRYPT_2)), +#endif +#if (PAD_LIST || CC_GetSessionAuditDigest) + (COMMAND_ATTRIBUTES)(CC_GetSessionAuditDigest * // 0x014D + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+HANDLE_2_USER+ENCRYPT_2)), +#endif +#if (PAD_LIST || CC_NV_Read) + (COMMAND_ATTRIBUTES)(CC_NV_Read * // 0x014E + (IS_IMPLEMENTED+HANDLE_1_USER+ENCRYPT_2)), +#endif +#if (PAD_LIST || CC_NV_ReadLock) + (COMMAND_ATTRIBUTES)(CC_NV_ReadLock * // 0x014F + (IS_IMPLEMENTED+HANDLE_1_USER)), +#endif +#if (PAD_LIST || CC_ObjectChangeAuth) + (COMMAND_ATTRIBUTES)(CC_ObjectChangeAuth * // 0x0150 + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_ADMIN+ENCRYPT_2)), +#endif +#if (PAD_LIST || CC_PolicySecret) + (COMMAND_ATTRIBUTES)(CC_PolicySecret * // 0x0151 + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ALLOW_TRIAL+ENCRYPT_2)), +#endif +#if (PAD_LIST || CC_Rewrap) + (COMMAND_ATTRIBUTES)(CC_Rewrap * // 0x0152 + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), +#endif +#if (PAD_LIST || CC_Create) + (COMMAND_ATTRIBUTES)(CC_Create * // 0x0153 + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), +#endif +#if (PAD_LIST || CC_ECDH_ZGen) + (COMMAND_ATTRIBUTES)(CC_ECDH_ZGen * // 0x0154 + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), +#endif +#if (PAD_LIST || (CC_HMAC || CC_MAC)) + (COMMAND_ATTRIBUTES)((CC_HMAC || CC_MAC) * // 0x0155 + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), +#endif +#if (PAD_LIST || CC_Import) + (COMMAND_ATTRIBUTES)(CC_Import * // 0x0156 + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), +#endif +#if (PAD_LIST || CC_Load) + (COMMAND_ATTRIBUTES)(CC_Load * // 0x0157 + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2+R_HANDLE)), +#endif +#if (PAD_LIST || CC_Quote) + (COMMAND_ATTRIBUTES)(CC_Quote * // 0x0158 + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), +#endif +#if (PAD_LIST || CC_RSA_Decrypt) + (COMMAND_ATTRIBUTES)(CC_RSA_Decrypt * // 0x0159 + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), +#endif +#if (PAD_LIST ) + (COMMAND_ATTRIBUTES)(0), // 0x015A +#endif +#if (PAD_LIST || (CC_HMAC_Start || CC_MAC_Start)) + (COMMAND_ATTRIBUTES)((CC_HMAC_Start || CC_MAC_Start) * // 0x015B + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+R_HANDLE)), +#endif +#if (PAD_LIST || CC_SequenceUpdate) + (COMMAND_ATTRIBUTES)(CC_SequenceUpdate * // 0x015C + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER)), +#endif +#if (PAD_LIST || CC_Sign) + (COMMAND_ATTRIBUTES)(CC_Sign * // 0x015D + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER)), +#endif +#if (PAD_LIST || CC_Unseal) + (COMMAND_ATTRIBUTES)(CC_Unseal * // 0x015E + (IS_IMPLEMENTED+HANDLE_1_USER+ENCRYPT_2)), +#endif +#if (PAD_LIST ) + (COMMAND_ATTRIBUTES)(0), // 0x015F +#endif +#if (PAD_LIST || CC_PolicySigned) + (COMMAND_ATTRIBUTES)(CC_PolicySigned * // 0x0160 + (IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL+ENCRYPT_2)), +#endif +#if (PAD_LIST || CC_ContextLoad) + (COMMAND_ATTRIBUTES)(CC_ContextLoad * // 0x0161 + (IS_IMPLEMENTED+NO_SESSIONS+R_HANDLE)), +#endif +#if (PAD_LIST || CC_ContextSave) + (COMMAND_ATTRIBUTES)(CC_ContextSave * // 0x0162 + (IS_IMPLEMENTED+NO_SESSIONS)), +#endif +#if (PAD_LIST || CC_ECDH_KeyGen) + (COMMAND_ATTRIBUTES)(CC_ECDH_KeyGen * // 0x0163 + (IS_IMPLEMENTED+ENCRYPT_2)), +#endif +#if (PAD_LIST || CC_EncryptDecrypt) + (COMMAND_ATTRIBUTES)(CC_EncryptDecrypt * // 0x0164 + (IS_IMPLEMENTED+HANDLE_1_USER+ENCRYPT_2)), +#endif +#if (PAD_LIST || CC_FlushContext) + (COMMAND_ATTRIBUTES)(CC_FlushContext * // 0x0165 + (IS_IMPLEMENTED+NO_SESSIONS)), +#endif +#if (PAD_LIST ) + (COMMAND_ATTRIBUTES)(0), // 0x0166 +#endif +#if (PAD_LIST || CC_LoadExternal) + (COMMAND_ATTRIBUTES)(CC_LoadExternal * // 0x0167 + (IS_IMPLEMENTED+DECRYPT_2+ENCRYPT_2+R_HANDLE)), +#endif +#if (PAD_LIST || CC_MakeCredential) + (COMMAND_ATTRIBUTES)(CC_MakeCredential * // 0x0168 + (IS_IMPLEMENTED+DECRYPT_2+ENCRYPT_2)), +#endif +#if (PAD_LIST || CC_NV_ReadPublic) + (COMMAND_ATTRIBUTES)(CC_NV_ReadPublic * // 0x0169 + (IS_IMPLEMENTED+ENCRYPT_2)), +#endif +#if (PAD_LIST || CC_PolicyAuthorize) + (COMMAND_ATTRIBUTES)(CC_PolicyAuthorize * // 0x016A + (IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL)), +#endif +#if (PAD_LIST || CC_PolicyAuthValue) + (COMMAND_ATTRIBUTES)(CC_PolicyAuthValue * // 0x016B + (IS_IMPLEMENTED+ALLOW_TRIAL)), +#endif +#if (PAD_LIST || CC_PolicyCommandCode) + (COMMAND_ATTRIBUTES)(CC_PolicyCommandCode * // 0x016C + (IS_IMPLEMENTED+ALLOW_TRIAL)), +#endif +#if (PAD_LIST || CC_PolicyCounterTimer) + (COMMAND_ATTRIBUTES)(CC_PolicyCounterTimer * // 0x016D + (IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL)), +#endif +#if (PAD_LIST || CC_PolicyCpHash) + (COMMAND_ATTRIBUTES)(CC_PolicyCpHash * // 0x016E + (IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL)), +#endif +#if (PAD_LIST || CC_PolicyLocality) + (COMMAND_ATTRIBUTES)(CC_PolicyLocality * // 0x016F + (IS_IMPLEMENTED+ALLOW_TRIAL)), +#endif +#if (PAD_LIST || CC_PolicyNameHash) + (COMMAND_ATTRIBUTES)(CC_PolicyNameHash * // 0x0170 + (IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL)), +#endif +#if (PAD_LIST || CC_PolicyOR) + (COMMAND_ATTRIBUTES)(CC_PolicyOR * // 0x0171 + (IS_IMPLEMENTED+ALLOW_TRIAL)), +#endif +#if (PAD_LIST || CC_PolicyTicket) + (COMMAND_ATTRIBUTES)(CC_PolicyTicket * // 0x0172 + (IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL)), +#endif +#if (PAD_LIST || CC_ReadPublic) + (COMMAND_ATTRIBUTES)(CC_ReadPublic * // 0x0173 + (IS_IMPLEMENTED+ENCRYPT_2)), +#endif +#if (PAD_LIST || CC_RSA_Encrypt) + (COMMAND_ATTRIBUTES)(CC_RSA_Encrypt * // 0x0174 + (IS_IMPLEMENTED+DECRYPT_2+ENCRYPT_2)), +#endif +#if (PAD_LIST ) + (COMMAND_ATTRIBUTES)(0), // 0x0175 +#endif +#if (PAD_LIST || CC_StartAuthSession) + (COMMAND_ATTRIBUTES)(CC_StartAuthSession * // 0x0176 + (IS_IMPLEMENTED+DECRYPT_2+ENCRYPT_2+R_HANDLE)), +#endif +#if (PAD_LIST || CC_VerifySignature) + (COMMAND_ATTRIBUTES)(CC_VerifySignature * // 0x0177 + (IS_IMPLEMENTED+DECRYPT_2)), +#endif +#if (PAD_LIST || CC_ECC_Parameters) + (COMMAND_ATTRIBUTES)(CC_ECC_Parameters * // 0x0178 + (IS_IMPLEMENTED)), +#endif +#if (PAD_LIST || CC_FirmwareRead) + (COMMAND_ATTRIBUTES)(CC_FirmwareRead * // 0x0179 + (IS_IMPLEMENTED+ENCRYPT_2)), +#endif +#if (PAD_LIST || CC_GetCapability) + (COMMAND_ATTRIBUTES)(CC_GetCapability * // 0x017A + (IS_IMPLEMENTED)), +#endif +#if (PAD_LIST || CC_GetRandom) + (COMMAND_ATTRIBUTES)(CC_GetRandom * // 0x017B + (IS_IMPLEMENTED+ENCRYPT_2)), +#endif +#if (PAD_LIST || CC_GetTestResult) + (COMMAND_ATTRIBUTES)(CC_GetTestResult * // 0x017C + (IS_IMPLEMENTED+ENCRYPT_2)), +#endif +#if (PAD_LIST || CC_Hash) + (COMMAND_ATTRIBUTES)(CC_Hash * // 0x017D + (IS_IMPLEMENTED+DECRYPT_2+ENCRYPT_2)), +#endif +#if (PAD_LIST || CC_PCR_Read) + (COMMAND_ATTRIBUTES)(CC_PCR_Read * // 0x017E + (IS_IMPLEMENTED)), +#endif +#if (PAD_LIST || CC_PolicyPCR) + (COMMAND_ATTRIBUTES)(CC_PolicyPCR * // 0x017F + (IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL)), +#endif +#if (PAD_LIST || CC_PolicyRestart) + (COMMAND_ATTRIBUTES)(CC_PolicyRestart * // 0x0180 + (IS_IMPLEMENTED+ALLOW_TRIAL)), +#endif +#if (PAD_LIST || CC_ReadClock) + (COMMAND_ATTRIBUTES)(CC_ReadClock * // 0x0181 + (IS_IMPLEMENTED)), +#endif +#if (PAD_LIST || CC_PCR_Extend) + (COMMAND_ATTRIBUTES)(CC_PCR_Extend * // 0x0182 + (IS_IMPLEMENTED+HANDLE_1_USER)), +#endif +#if (PAD_LIST || CC_PCR_SetAuthValue) + (COMMAND_ATTRIBUTES)(CC_PCR_SetAuthValue * // 0x0183 + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER)), +#endif +#if (PAD_LIST || CC_NV_Certify) + (COMMAND_ATTRIBUTES)(CC_NV_Certify * // 0x0184 + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+HANDLE_2_USER+ENCRYPT_2)), +#endif +#if (PAD_LIST || CC_EventSequenceComplete) + (COMMAND_ATTRIBUTES)(CC_EventSequenceComplete * // 0x0185 + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+HANDLE_2_USER)), +#endif +#if (PAD_LIST || CC_HashSequenceStart) + (COMMAND_ATTRIBUTES)(CC_HashSequenceStart * // 0x0186 + (IS_IMPLEMENTED+DECRYPT_2+R_HANDLE)), +#endif +#if (PAD_LIST || CC_PolicyPhysicalPresence) + (COMMAND_ATTRIBUTES)(CC_PolicyPhysicalPresence * // 0x0187 + (IS_IMPLEMENTED+ALLOW_TRIAL)), +#endif +#if (PAD_LIST || CC_PolicyDuplicationSelect) + (COMMAND_ATTRIBUTES)(CC_PolicyDuplicationSelect * // 0x0188 + (IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL)), +#endif +#if (PAD_LIST || CC_PolicyGetDigest) + (COMMAND_ATTRIBUTES)(CC_PolicyGetDigest * // 0x0189 + (IS_IMPLEMENTED+ALLOW_TRIAL+ENCRYPT_2)), +#endif +#if (PAD_LIST || CC_TestParms) + (COMMAND_ATTRIBUTES)(CC_TestParms * // 0x018A + (IS_IMPLEMENTED)), +#endif +#if (PAD_LIST || CC_Commit) + (COMMAND_ATTRIBUTES)(CC_Commit * // 0x018B + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), +#endif +#if (PAD_LIST || CC_PolicyPassword) + (COMMAND_ATTRIBUTES)(CC_PolicyPassword * // 0x018C + (IS_IMPLEMENTED+ALLOW_TRIAL)), +#endif +#if (PAD_LIST || CC_ZGen_2Phase) + (COMMAND_ATTRIBUTES)(CC_ZGen_2Phase * // 0x018D + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), +#endif +#if (PAD_LIST || CC_EC_Ephemeral) + (COMMAND_ATTRIBUTES)(CC_EC_Ephemeral * // 0x018E + (IS_IMPLEMENTED+ENCRYPT_2)), +#endif +#if (PAD_LIST || CC_PolicyNvWritten) + (COMMAND_ATTRIBUTES)(CC_PolicyNvWritten * // 0x018F + (IS_IMPLEMENTED+ALLOW_TRIAL)), +#endif +#if (PAD_LIST || CC_PolicyTemplate) + (COMMAND_ATTRIBUTES)(CC_PolicyTemplate * // 0x0190 + (IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL)), +#endif +#if (PAD_LIST || CC_CreateLoaded) + (COMMAND_ATTRIBUTES)(CC_CreateLoaded * // 0x0191 + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+PP_COMMAND+ENCRYPT_2+R_HANDLE)), +#endif +#if (PAD_LIST || CC_PolicyAuthorizeNV) + (COMMAND_ATTRIBUTES)(CC_PolicyAuthorizeNV * // 0x0192 + (IS_IMPLEMENTED+HANDLE_1_USER+ALLOW_TRIAL)), +#endif +#if (PAD_LIST || CC_EncryptDecrypt2) + (COMMAND_ATTRIBUTES)(CC_EncryptDecrypt2 * // 0x0193 + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), +#endif +#if (PAD_LIST || CC_AC_GetCapability) + (COMMAND_ATTRIBUTES)(CC_AC_GetCapability * // 0x0194 + (IS_IMPLEMENTED)), +#endif +#if (PAD_LIST || CC_AC_Send) + (COMMAND_ATTRIBUTES)(CC_AC_Send * // 0x0195 + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_DUP+HANDLE_2_USER)), +#endif +#if (PAD_LIST || CC_Policy_AC_SendSelect) + (COMMAND_ATTRIBUTES)(CC_Policy_AC_SendSelect * // 0x0196 + (IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL)), +#endif +#if (PAD_LIST || CC_CertifyX509) + (COMMAND_ATTRIBUTES)(CC_CertifyX509 * // 0x0197 + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_ADMIN+HANDLE_2_USER+ENCRYPT_2)), +#endif +#if (PAD_LIST || CC_Vendor_TCG_Test) + (COMMAND_ATTRIBUTES)(CC_Vendor_TCG_Test * // 0x0000 + (IS_IMPLEMENTED+DECRYPT_2+ENCRYPT_2)), +#endif + 0 +}; + + + +#endif // _COMMAND_CODE_ATTRIBUTES_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CommandAttributes.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CommandAttributes.h new file mode 100644 index 000000000..eec0469fc --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CommandAttributes.h @@ -0,0 +1,66 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 3.0 June 16, 2017 + * Date: Aug 14, 2017 Time: 02:53:08PM + */ +// The attributes defined in this file are produced by the parser that +// creates the structure definitions from Part 3. The attributes are defined +// in that parser and should track the attributes being tested in +// CommandCodeAttributes.c. Generally, when an attribute is added to this list, +// new code will be needed in CommandCodeAttributes.c to test it. + +#ifndef COMMAND_ATTRIBUTES_H +#define COMMAND_ATTRIBUTES_H + +typedef UINT16 COMMAND_ATTRIBUTES; +#define NOT_IMPLEMENTED (COMMAND_ATTRIBUTES)(0) +#define ENCRYPT_2 ((COMMAND_ATTRIBUTES)1 << 0) +#define ENCRYPT_4 ((COMMAND_ATTRIBUTES)1 << 1) +#define DECRYPT_2 ((COMMAND_ATTRIBUTES)1 << 2) +#define DECRYPT_4 ((COMMAND_ATTRIBUTES)1 << 3) +#define HANDLE_1_USER ((COMMAND_ATTRIBUTES)1 << 4) +#define HANDLE_1_ADMIN ((COMMAND_ATTRIBUTES)1 << 5) +#define HANDLE_1_DUP ((COMMAND_ATTRIBUTES)1 << 6) +#define HANDLE_2_USER ((COMMAND_ATTRIBUTES)1 << 7) +#define PP_COMMAND ((COMMAND_ATTRIBUTES)1 << 8) +#define IS_IMPLEMENTED ((COMMAND_ATTRIBUTES)1 << 9) +#define NO_SESSIONS ((COMMAND_ATTRIBUTES)1 << 10) +#define NV_COMMAND ((COMMAND_ATTRIBUTES)1 << 11) +#define PP_REQUIRED ((COMMAND_ATTRIBUTES)1 << 12) +#define R_HANDLE ((COMMAND_ATTRIBUTES)1 << 13) +#define ALLOW_TRIAL ((COMMAND_ATTRIBUTES)1 << 14) + +#endif // COMMAND_ATTRIBUTES_H diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CommandDispatchData.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CommandDispatchData.h new file mode 100644 index 000000000..2c2461544 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CommandDispatchData.h @@ -0,0 +1,5167 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Apr 2, 2019 Time: 11:00:48AM + */ + +// This file should only be included by CommandCodeAttibutes.c +#ifdef _COMMAND_TABLE_DISPATCH_ + + +// Define the stop value +#define END_OF_LIST 0xff +#define ADD_FLAG 0x80 + +// These macros provide some variability in how the data is encoded. They also make +// the lines a little sorter. ;-) +# define UNMARSHAL_DISPATCH(name) (UNMARSHAL_t)name##_Unmarshal +# define MARSHAL_DISPATCH(name) (MARSHAL_t)name##_Marshal +# define _UNMARSHAL_T_ UNMARSHAL_t +# define _MARSHAL_T_ MARSHAL_t + + +// The UnmarshalArray contains the dispatch functions for the unmarshaling code. +// The defines in this array are used to make it easier to cross reference the +// unmarshaling values in the types array of each command + +const _UNMARSHAL_T_ UnmarshalArray[] = { +#define TPMI_DH_CONTEXT_H_UNMARSHAL 0 + UNMARSHAL_DISPATCH(TPMI_DH_CONTEXT), +#define TPMI_RH_AC_H_UNMARSHAL (TPMI_DH_CONTEXT_H_UNMARSHAL + 1) + UNMARSHAL_DISPATCH(TPMI_RH_AC), +#define TPMI_RH_CLEAR_H_UNMARSHAL (TPMI_RH_AC_H_UNMARSHAL + 1) + UNMARSHAL_DISPATCH(TPMI_RH_CLEAR), +#define TPMI_RH_HIERARCHY_AUTH_H_UNMARSHAL (TPMI_RH_CLEAR_H_UNMARSHAL + 1) + UNMARSHAL_DISPATCH(TPMI_RH_HIERARCHY_AUTH), +#define TPMI_RH_LOCKOUT_H_UNMARSHAL (TPMI_RH_HIERARCHY_AUTH_H_UNMARSHAL + 1) + UNMARSHAL_DISPATCH(TPMI_RH_LOCKOUT), +#define TPMI_RH_NV_AUTH_H_UNMARSHAL (TPMI_RH_LOCKOUT_H_UNMARSHAL + 1) + UNMARSHAL_DISPATCH(TPMI_RH_NV_AUTH), +#define TPMI_RH_NV_INDEX_H_UNMARSHAL (TPMI_RH_NV_AUTH_H_UNMARSHAL + 1) + UNMARSHAL_DISPATCH(TPMI_RH_NV_INDEX), +#define TPMI_RH_PLATFORM_H_UNMARSHAL (TPMI_RH_NV_INDEX_H_UNMARSHAL + 1) + UNMARSHAL_DISPATCH(TPMI_RH_PLATFORM), +#define TPMI_RH_PROVISION_H_UNMARSHAL (TPMI_RH_PLATFORM_H_UNMARSHAL + 1) + UNMARSHAL_DISPATCH(TPMI_RH_PROVISION), +#define TPMI_SH_HMAC_H_UNMARSHAL (TPMI_RH_PROVISION_H_UNMARSHAL + 1) + UNMARSHAL_DISPATCH(TPMI_SH_HMAC), +#define TPMI_SH_POLICY_H_UNMARSHAL (TPMI_SH_HMAC_H_UNMARSHAL + 1) + UNMARSHAL_DISPATCH(TPMI_SH_POLICY), +// HANDLE_FIRST_FLAG_TYPE is the first handle that needs a flag when called. +#define HANDLE_FIRST_FLAG_TYPE (TPMI_SH_POLICY_H_UNMARSHAL + 1) +#define TPMI_DH_ENTITY_H_UNMARSHAL (TPMI_SH_POLICY_H_UNMARSHAL + 1) + UNMARSHAL_DISPATCH(TPMI_DH_ENTITY), +#define TPMI_DH_OBJECT_H_UNMARSHAL (TPMI_DH_ENTITY_H_UNMARSHAL + 1) + UNMARSHAL_DISPATCH(TPMI_DH_OBJECT), +#define TPMI_DH_PARENT_H_UNMARSHAL (TPMI_DH_OBJECT_H_UNMARSHAL + 1) + UNMARSHAL_DISPATCH(TPMI_DH_PARENT), +#define TPMI_DH_PCR_H_UNMARSHAL (TPMI_DH_PARENT_H_UNMARSHAL + 1) + UNMARSHAL_DISPATCH(TPMI_DH_PCR), +#define TPMI_RH_ENDORSEMENT_H_UNMARSHAL (TPMI_DH_PCR_H_UNMARSHAL + 1) + UNMARSHAL_DISPATCH(TPMI_RH_ENDORSEMENT), +#define TPMI_RH_HIERARCHY_H_UNMARSHAL (TPMI_RH_ENDORSEMENT_H_UNMARSHAL + 1) + UNMARSHAL_DISPATCH(TPMI_RH_HIERARCHY), +// PARAMETER_FIRST_TYPE marks the end of the handle list. +#define PARAMETER_FIRST_TYPE (TPMI_RH_HIERARCHY_H_UNMARSHAL + 1) +#define TPM2B_DATA_P_UNMARSHAL (TPMI_RH_HIERARCHY_H_UNMARSHAL + 1) + UNMARSHAL_DISPATCH(TPM2B_DATA), +#define TPM2B_DIGEST_P_UNMARSHAL (TPM2B_DATA_P_UNMARSHAL + 1) + UNMARSHAL_DISPATCH(TPM2B_DIGEST), +#define TPM2B_ECC_PARAMETER_P_UNMARSHAL (TPM2B_DIGEST_P_UNMARSHAL + 1) + UNMARSHAL_DISPATCH(TPM2B_ECC_PARAMETER), +#define TPM2B_ECC_POINT_P_UNMARSHAL (TPM2B_ECC_PARAMETER_P_UNMARSHAL + 1) + UNMARSHAL_DISPATCH(TPM2B_ECC_POINT), +#define TPM2B_ENCRYPTED_SECRET_P_UNMARSHAL (TPM2B_ECC_POINT_P_UNMARSHAL + 1) + UNMARSHAL_DISPATCH(TPM2B_ENCRYPTED_SECRET), +#define TPM2B_EVENT_P_UNMARSHAL (TPM2B_ENCRYPTED_SECRET_P_UNMARSHAL + 1) + UNMARSHAL_DISPATCH(TPM2B_EVENT), +#define TPM2B_ID_OBJECT_P_UNMARSHAL (TPM2B_EVENT_P_UNMARSHAL + 1) + UNMARSHAL_DISPATCH(TPM2B_ID_OBJECT), +#define TPM2B_IV_P_UNMARSHAL (TPM2B_ID_OBJECT_P_UNMARSHAL + 1) + UNMARSHAL_DISPATCH(TPM2B_IV), +#define TPM2B_MAX_BUFFER_P_UNMARSHAL (TPM2B_IV_P_UNMARSHAL + 1) + UNMARSHAL_DISPATCH(TPM2B_MAX_BUFFER), +#define TPM2B_MAX_NV_BUFFER_P_UNMARSHAL (TPM2B_MAX_BUFFER_P_UNMARSHAL + 1) + UNMARSHAL_DISPATCH(TPM2B_MAX_NV_BUFFER), +#define TPM2B_NAME_P_UNMARSHAL (TPM2B_MAX_NV_BUFFER_P_UNMARSHAL + 1) + UNMARSHAL_DISPATCH(TPM2B_NAME), +#define TPM2B_NV_PUBLIC_P_UNMARSHAL (TPM2B_NAME_P_UNMARSHAL + 1) + UNMARSHAL_DISPATCH(TPM2B_NV_PUBLIC), +#define TPM2B_PRIVATE_P_UNMARSHAL (TPM2B_NV_PUBLIC_P_UNMARSHAL + 1) + UNMARSHAL_DISPATCH(TPM2B_PRIVATE), +#define TPM2B_PUBLIC_KEY_RSA_P_UNMARSHAL (TPM2B_PRIVATE_P_UNMARSHAL + 1) + UNMARSHAL_DISPATCH(TPM2B_PUBLIC_KEY_RSA), +#define TPM2B_SENSITIVE_P_UNMARSHAL (TPM2B_PUBLIC_KEY_RSA_P_UNMARSHAL + 1) + UNMARSHAL_DISPATCH(TPM2B_SENSITIVE), +#define TPM2B_SENSITIVE_CREATE_P_UNMARSHAL (TPM2B_SENSITIVE_P_UNMARSHAL + 1) + UNMARSHAL_DISPATCH(TPM2B_SENSITIVE_CREATE), +#define TPM2B_SENSITIVE_DATA_P_UNMARSHAL (TPM2B_SENSITIVE_CREATE_P_UNMARSHAL + 1) + UNMARSHAL_DISPATCH(TPM2B_SENSITIVE_DATA), +#define TPM2B_TEMPLATE_P_UNMARSHAL (TPM2B_SENSITIVE_DATA_P_UNMARSHAL + 1) + UNMARSHAL_DISPATCH(TPM2B_TEMPLATE), +#define TPM2B_TIMEOUT_P_UNMARSHAL (TPM2B_TEMPLATE_P_UNMARSHAL + 1) + UNMARSHAL_DISPATCH(TPM2B_TIMEOUT), +#define TPMI_DH_CONTEXT_P_UNMARSHAL (TPM2B_TIMEOUT_P_UNMARSHAL + 1) + UNMARSHAL_DISPATCH(TPMI_DH_CONTEXT), +#define TPMI_DH_PERSISTENT_P_UNMARSHAL (TPMI_DH_CONTEXT_P_UNMARSHAL + 1) + UNMARSHAL_DISPATCH(TPMI_DH_PERSISTENT), +#define TPMI_ECC_CURVE_P_UNMARSHAL (TPMI_DH_PERSISTENT_P_UNMARSHAL + 1) + UNMARSHAL_DISPATCH(TPMI_ECC_CURVE), +#define TPMI_YES_NO_P_UNMARSHAL (TPMI_ECC_CURVE_P_UNMARSHAL + 1) + UNMARSHAL_DISPATCH(TPMI_YES_NO), +#define TPML_ALG_P_UNMARSHAL (TPMI_YES_NO_P_UNMARSHAL + 1) + UNMARSHAL_DISPATCH(TPML_ALG), +#define TPML_CC_P_UNMARSHAL (TPML_ALG_P_UNMARSHAL + 1) + UNMARSHAL_DISPATCH(TPML_CC), +#define TPML_DIGEST_P_UNMARSHAL (TPML_CC_P_UNMARSHAL + 1) + UNMARSHAL_DISPATCH(TPML_DIGEST), +#define TPML_DIGEST_VALUES_P_UNMARSHAL (TPML_DIGEST_P_UNMARSHAL + 1) + UNMARSHAL_DISPATCH(TPML_DIGEST_VALUES), +#define TPML_PCR_SELECTION_P_UNMARSHAL (TPML_DIGEST_VALUES_P_UNMARSHAL + 1) + UNMARSHAL_DISPATCH(TPML_PCR_SELECTION), +#define TPMS_CONTEXT_P_UNMARSHAL (TPML_PCR_SELECTION_P_UNMARSHAL + 1) + UNMARSHAL_DISPATCH(TPMS_CONTEXT), +#define TPMT_PUBLIC_PARMS_P_UNMARSHAL (TPMS_CONTEXT_P_UNMARSHAL + 1) + UNMARSHAL_DISPATCH(TPMT_PUBLIC_PARMS), +#define TPMT_TK_AUTH_P_UNMARSHAL (TPMT_PUBLIC_PARMS_P_UNMARSHAL + 1) + UNMARSHAL_DISPATCH(TPMT_TK_AUTH), +#define TPMT_TK_CREATION_P_UNMARSHAL (TPMT_TK_AUTH_P_UNMARSHAL + 1) + UNMARSHAL_DISPATCH(TPMT_TK_CREATION), +#define TPMT_TK_HASHCHECK_P_UNMARSHAL (TPMT_TK_CREATION_P_UNMARSHAL + 1) + UNMARSHAL_DISPATCH(TPMT_TK_HASHCHECK), +#define TPMT_TK_VERIFIED_P_UNMARSHAL (TPMT_TK_HASHCHECK_P_UNMARSHAL + 1) + UNMARSHAL_DISPATCH(TPMT_TK_VERIFIED), +#define TPM_AT_P_UNMARSHAL (TPMT_TK_VERIFIED_P_UNMARSHAL + 1) + UNMARSHAL_DISPATCH(TPM_AT), +#define TPM_CAP_P_UNMARSHAL (TPM_AT_P_UNMARSHAL + 1) + UNMARSHAL_DISPATCH(TPM_CAP), +#define TPM_CLOCK_ADJUST_P_UNMARSHAL (TPM_CAP_P_UNMARSHAL + 1) + UNMARSHAL_DISPATCH(TPM_CLOCK_ADJUST), +#define TPM_EO_P_UNMARSHAL (TPM_CLOCK_ADJUST_P_UNMARSHAL + 1) + UNMARSHAL_DISPATCH(TPM_EO), +#define TPM_SE_P_UNMARSHAL (TPM_EO_P_UNMARSHAL + 1) + UNMARSHAL_DISPATCH(TPM_SE), +#define TPM_SU_P_UNMARSHAL (TPM_SE_P_UNMARSHAL + 1) + UNMARSHAL_DISPATCH(TPM_SU), +#define UINT16_P_UNMARSHAL (TPM_SU_P_UNMARSHAL + 1) + UNMARSHAL_DISPATCH(UINT16), +#define UINT32_P_UNMARSHAL (UINT16_P_UNMARSHAL + 1) + UNMARSHAL_DISPATCH(UINT32), +#define UINT64_P_UNMARSHAL (UINT32_P_UNMARSHAL + 1) + UNMARSHAL_DISPATCH(UINT64), +#define UINT8_P_UNMARSHAL (UINT64_P_UNMARSHAL + 1) + UNMARSHAL_DISPATCH(UINT8), +// PARAMETER_FIRST_FLAG_TYPE is the first parameter to need a flag. +#define PARAMETER_FIRST_FLAG_TYPE (UINT8_P_UNMARSHAL + 1) +#define TPM2B_PUBLIC_P_UNMARSHAL (UINT8_P_UNMARSHAL + 1) + UNMARSHAL_DISPATCH(TPM2B_PUBLIC), +#define TPMI_ALG_CIPHER_MODE_P_UNMARSHAL (TPM2B_PUBLIC_P_UNMARSHAL + 1) + UNMARSHAL_DISPATCH(TPMI_ALG_CIPHER_MODE), +#define TPMI_ALG_HASH_P_UNMARSHAL (TPMI_ALG_CIPHER_MODE_P_UNMARSHAL + 1) + UNMARSHAL_DISPATCH(TPMI_ALG_HASH), +#define TPMI_ALG_MAC_SCHEME_P_UNMARSHAL (TPMI_ALG_HASH_P_UNMARSHAL + 1) + UNMARSHAL_DISPATCH(TPMI_ALG_MAC_SCHEME), +#define TPMI_DH_PCR_P_UNMARSHAL (TPMI_ALG_MAC_SCHEME_P_UNMARSHAL + 1) + UNMARSHAL_DISPATCH(TPMI_DH_PCR), +#define TPMI_ECC_KEY_EXCHANGE_P_UNMARSHAL (TPMI_DH_PCR_P_UNMARSHAL + 1) + UNMARSHAL_DISPATCH(TPMI_ECC_KEY_EXCHANGE), +#define TPMI_RH_ENABLES_P_UNMARSHAL (TPMI_ECC_KEY_EXCHANGE_P_UNMARSHAL + 1) + UNMARSHAL_DISPATCH(TPMI_RH_ENABLES), +#define TPMI_RH_HIERARCHY_P_UNMARSHAL (TPMI_RH_ENABLES_P_UNMARSHAL + 1) + UNMARSHAL_DISPATCH(TPMI_RH_HIERARCHY), +#define TPMT_RSA_DECRYPT_P_UNMARSHAL (TPMI_RH_HIERARCHY_P_UNMARSHAL + 1) + UNMARSHAL_DISPATCH(TPMT_RSA_DECRYPT), +#define TPMT_SIGNATURE_P_UNMARSHAL (TPMT_RSA_DECRYPT_P_UNMARSHAL + 1) + UNMARSHAL_DISPATCH(TPMT_SIGNATURE), +#define TPMT_SIG_SCHEME_P_UNMARSHAL (TPMT_SIGNATURE_P_UNMARSHAL + 1) + UNMARSHAL_DISPATCH(TPMT_SIG_SCHEME), +#define TPMT_SYM_DEF_P_UNMARSHAL (TPMT_SIG_SCHEME_P_UNMARSHAL + 1) + UNMARSHAL_DISPATCH(TPMT_SYM_DEF), +#define TPMT_SYM_DEF_OBJECT_P_UNMARSHAL (TPMT_SYM_DEF_P_UNMARSHAL + 1) + UNMARSHAL_DISPATCH(TPMT_SYM_DEF_OBJECT) +// PARAMETER_LAST_TYPE is the end of the command parameter list. +#define PARAMETER_LAST_TYPE (TPMT_SYM_DEF_OBJECT_P_UNMARSHAL) +}; + +// The MarshalArray contains the dispatch functions for the marshaling code. +// The defines in this array are used to make it easier to cross reference the +// marshaling values in the types array of each command +const _MARSHAL_T_ MarshalArray[] = { + +#define UINT32_H_MARSHAL 0 + MARSHAL_DISPATCH(UINT32), +// RESPONSE_PARAMETER_FIRST_TYPE marks the end of the response handles. +#define RESPONSE_PARAMETER_FIRST_TYPE (UINT32_H_MARSHAL + 1) +#define TPM2B_ATTEST_P_MARSHAL (UINT32_H_MARSHAL + 1) + MARSHAL_DISPATCH(TPM2B_ATTEST), +#define TPM2B_CREATION_DATA_P_MARSHAL (TPM2B_ATTEST_P_MARSHAL + 1) + MARSHAL_DISPATCH(TPM2B_CREATION_DATA), +#define TPM2B_DATA_P_MARSHAL (TPM2B_CREATION_DATA_P_MARSHAL + 1) + MARSHAL_DISPATCH(TPM2B_DATA), +#define TPM2B_DIGEST_P_MARSHAL (TPM2B_DATA_P_MARSHAL + 1) + MARSHAL_DISPATCH(TPM2B_DIGEST), +#define TPM2B_ECC_POINT_P_MARSHAL (TPM2B_DIGEST_P_MARSHAL + 1) + MARSHAL_DISPATCH(TPM2B_ECC_POINT), +#define TPM2B_ENCRYPTED_SECRET_P_MARSHAL (TPM2B_ECC_POINT_P_MARSHAL + 1) + MARSHAL_DISPATCH(TPM2B_ENCRYPTED_SECRET), +#define TPM2B_ID_OBJECT_P_MARSHAL (TPM2B_ENCRYPTED_SECRET_P_MARSHAL + 1) + MARSHAL_DISPATCH(TPM2B_ID_OBJECT), +#define TPM2B_IV_P_MARSHAL (TPM2B_ID_OBJECT_P_MARSHAL + 1) + MARSHAL_DISPATCH(TPM2B_IV), +#define TPM2B_MAX_BUFFER_P_MARSHAL (TPM2B_IV_P_MARSHAL + 1) + MARSHAL_DISPATCH(TPM2B_MAX_BUFFER), +#define TPM2B_MAX_NV_BUFFER_P_MARSHAL (TPM2B_MAX_BUFFER_P_MARSHAL + 1) + MARSHAL_DISPATCH(TPM2B_MAX_NV_BUFFER), +#define TPM2B_NAME_P_MARSHAL (TPM2B_MAX_NV_BUFFER_P_MARSHAL + 1) + MARSHAL_DISPATCH(TPM2B_NAME), +#define TPM2B_NV_PUBLIC_P_MARSHAL (TPM2B_NAME_P_MARSHAL + 1) + MARSHAL_DISPATCH(TPM2B_NV_PUBLIC), +#define TPM2B_PRIVATE_P_MARSHAL (TPM2B_NV_PUBLIC_P_MARSHAL + 1) + MARSHAL_DISPATCH(TPM2B_PRIVATE), +#define TPM2B_PUBLIC_P_MARSHAL (TPM2B_PRIVATE_P_MARSHAL + 1) + MARSHAL_DISPATCH(TPM2B_PUBLIC), +#define TPM2B_PUBLIC_KEY_RSA_P_MARSHAL (TPM2B_PUBLIC_P_MARSHAL + 1) + MARSHAL_DISPATCH(TPM2B_PUBLIC_KEY_RSA), +#define TPM2B_SENSITIVE_DATA_P_MARSHAL (TPM2B_PUBLIC_KEY_RSA_P_MARSHAL + 1) + MARSHAL_DISPATCH(TPM2B_SENSITIVE_DATA), +#define TPM2B_TIMEOUT_P_MARSHAL (TPM2B_SENSITIVE_DATA_P_MARSHAL + 1) + MARSHAL_DISPATCH(TPM2B_TIMEOUT), +#define UINT8_P_MARSHAL (TPM2B_TIMEOUT_P_MARSHAL + 1) + MARSHAL_DISPATCH(UINT8), +#define TPML_AC_CAPABILITIES_P_MARSHAL (UINT8_P_MARSHAL + 1) + MARSHAL_DISPATCH(TPML_AC_CAPABILITIES), +#define TPML_ALG_P_MARSHAL (TPML_AC_CAPABILITIES_P_MARSHAL + 1) + MARSHAL_DISPATCH(TPML_ALG), +#define TPML_DIGEST_P_MARSHAL (TPML_ALG_P_MARSHAL + 1) + MARSHAL_DISPATCH(TPML_DIGEST), +#define TPML_DIGEST_VALUES_P_MARSHAL (TPML_DIGEST_P_MARSHAL + 1) + MARSHAL_DISPATCH(TPML_DIGEST_VALUES), +#define TPML_PCR_SELECTION_P_MARSHAL (TPML_DIGEST_VALUES_P_MARSHAL + 1) + MARSHAL_DISPATCH(TPML_PCR_SELECTION), +#define TPMS_AC_OUTPUT_P_MARSHAL (TPML_PCR_SELECTION_P_MARSHAL + 1) + MARSHAL_DISPATCH(TPMS_AC_OUTPUT), +#define TPMS_ALGORITHM_DETAIL_ECC_P_MARSHAL (TPMS_AC_OUTPUT_P_MARSHAL + 1) + MARSHAL_DISPATCH(TPMS_ALGORITHM_DETAIL_ECC), +#define TPMS_CAPABILITY_DATA_P_MARSHAL \ + (TPMS_ALGORITHM_DETAIL_ECC_P_MARSHAL + 1) + MARSHAL_DISPATCH(TPMS_CAPABILITY_DATA), +#define TPMS_CONTEXT_P_MARSHAL (TPMS_CAPABILITY_DATA_P_MARSHAL + 1) + MARSHAL_DISPATCH(TPMS_CONTEXT), +#define TPMS_TIME_INFO_P_MARSHAL (TPMS_CONTEXT_P_MARSHAL + 1) + MARSHAL_DISPATCH(TPMS_TIME_INFO), +#define TPMT_HA_P_MARSHAL (TPMS_TIME_INFO_P_MARSHAL + 1) + MARSHAL_DISPATCH(TPMT_HA), +#define TPMT_SIGNATURE_P_MARSHAL (TPMT_HA_P_MARSHAL + 1) + MARSHAL_DISPATCH(TPMT_SIGNATURE), +#define TPMT_TK_AUTH_P_MARSHAL (TPMT_SIGNATURE_P_MARSHAL + 1) + MARSHAL_DISPATCH(TPMT_TK_AUTH), +#define TPMT_TK_CREATION_P_MARSHAL (TPMT_TK_AUTH_P_MARSHAL + 1) + MARSHAL_DISPATCH(TPMT_TK_CREATION), +#define TPMT_TK_HASHCHECK_P_MARSHAL (TPMT_TK_CREATION_P_MARSHAL + 1) + MARSHAL_DISPATCH(TPMT_TK_HASHCHECK), +#define TPMT_TK_VERIFIED_P_MARSHAL (TPMT_TK_HASHCHECK_P_MARSHAL + 1) + MARSHAL_DISPATCH(TPMT_TK_VERIFIED), +#define UINT32_P_MARSHAL (TPMT_TK_VERIFIED_P_MARSHAL + 1) + MARSHAL_DISPATCH(UINT32), +#define UINT16_P_MARSHAL (UINT32_P_MARSHAL + 1) + MARSHAL_DISPATCH(UINT16) +// RESPONSE_PARAMETER_LAST_TYPE is the end of the response parameter list. +#define RESPONSE_PARAMETER_LAST_TYPE (UINT16_P_MARSHAL) +}; + +// This list of aliases allows the types in the _COMMAND_DESCRIPTOR_T to match the +// types in the command/response templates of part 3. +#define INT32_P_UNMARSHAL UINT32_P_UNMARSHAL +#define TPM2B_AUTH_P_UNMARSHAL TPM2B_DIGEST_P_UNMARSHAL +#define TPM2B_NONCE_P_UNMARSHAL TPM2B_DIGEST_P_UNMARSHAL +#define TPM2B_OPERAND_P_UNMARSHAL TPM2B_DIGEST_P_UNMARSHAL +#define TPMA_LOCALITY_P_UNMARSHAL UINT8_P_UNMARSHAL +#define TPM_CC_P_UNMARSHAL UINT32_P_UNMARSHAL +#define TPMI_DH_CONTEXT_H_MARSHAL UINT32_H_MARSHAL +#define TPMI_DH_OBJECT_H_MARSHAL UINT32_H_MARSHAL +#define TPMI_SH_AUTH_SESSION_H_MARSHAL UINT32_H_MARSHAL +#define TPM_HANDLE_H_MARSHAL UINT32_H_MARSHAL +#define TPM2B_NONCE_P_MARSHAL TPM2B_DIGEST_P_MARSHAL +#define TPMI_YES_NO_P_MARSHAL UINT8_P_MARSHAL +#define TPM_RC_P_MARSHAL UINT32_P_MARSHAL + + +#if CC_Startup + +#include "Startup_fp.h" + +typedef TPM_RC (Startup_Entry)( + Startup_In *in +); + +typedef const struct { + Startup_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + BYTE types[3]; +} Startup_COMMAND_DESCRIPTOR_t; + +Startup_COMMAND_DESCRIPTOR_t _StartupData = { + /* entry */ &TPM2_Startup, + /* inSize */ (UINT16)(sizeof(Startup_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(Startup_COMMAND_DESCRIPTOR_t, types), + /* offsets */ // No parameter offsets; + /* types */ {TPM_SU_P_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} +}; + +#define _StartupDataAddress (&_StartupData) +#else +#define _StartupDataAddress 0 +#endif // CC_Startup + +#if CC_Shutdown + +#include "Shutdown_fp.h" + +typedef TPM_RC (Shutdown_Entry)( + Shutdown_In *in +); + +typedef const struct { + Shutdown_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + BYTE types[3]; +} Shutdown_COMMAND_DESCRIPTOR_t; + +Shutdown_COMMAND_DESCRIPTOR_t _ShutdownData = { + /* entry */ &TPM2_Shutdown, + /* inSize */ (UINT16)(sizeof(Shutdown_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(Shutdown_COMMAND_DESCRIPTOR_t, types), + /* offsets */ // No parameter offsets; + /* types */ {TPM_SU_P_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} +}; + +#define _ShutdownDataAddress (&_ShutdownData) +#else +#define _ShutdownDataAddress 0 +#endif // CC_Shutdown + +#if CC_SelfTest + +#include "SelfTest_fp.h" + +typedef TPM_RC (SelfTest_Entry)( + SelfTest_In *in +); + +typedef const struct { + SelfTest_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + BYTE types[3]; +} SelfTest_COMMAND_DESCRIPTOR_t; + +SelfTest_COMMAND_DESCRIPTOR_t _SelfTestData = { + /* entry */ &TPM2_SelfTest, + /* inSize */ (UINT16)(sizeof(SelfTest_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(SelfTest_COMMAND_DESCRIPTOR_t, types), + /* offsets */ // No parameter offsets; + /* types */ {TPMI_YES_NO_P_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} +}; + +#define _SelfTestDataAddress (&_SelfTestData) +#else +#define _SelfTestDataAddress 0 +#endif // CC_SelfTest + +#if CC_IncrementalSelfTest + +#include "IncrementalSelfTest_fp.h" + +typedef TPM_RC (IncrementalSelfTest_Entry)( + IncrementalSelfTest_In *in, + IncrementalSelfTest_Out *out +); + +typedef const struct { + IncrementalSelfTest_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + BYTE types[4]; +} IncrementalSelfTest_COMMAND_DESCRIPTOR_t; + +IncrementalSelfTest_COMMAND_DESCRIPTOR_t _IncrementalSelfTestData = { + /* entry */ &TPM2_IncrementalSelfTest, + /* inSize */ (UINT16)(sizeof(IncrementalSelfTest_In)), + /* outSize */ (UINT16)(sizeof(IncrementalSelfTest_Out)), + /* offsetOfTypes */ offsetof(IncrementalSelfTest_COMMAND_DESCRIPTOR_t, types), + /* offsets */ // No parameter offsets; + /* types */ {TPML_ALG_P_UNMARSHAL, + END_OF_LIST, + TPML_ALG_P_MARSHAL, + END_OF_LIST} +}; + +#define _IncrementalSelfTestDataAddress (&_IncrementalSelfTestData) +#else +#define _IncrementalSelfTestDataAddress 0 +#endif // CC_IncrementalSelfTest + +#if CC_GetTestResult + +#include "GetTestResult_fp.h" + +typedef TPM_RC (GetTestResult_Entry)( + GetTestResult_Out *out +); + +typedef const struct { + GetTestResult_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[1]; + BYTE types[4]; +} GetTestResult_COMMAND_DESCRIPTOR_t; + +GetTestResult_COMMAND_DESCRIPTOR_t _GetTestResultData = { + /* entry */ &TPM2_GetTestResult, + /* inSize */ 0, + /* outSize */ (UINT16)(sizeof(GetTestResult_Out)), + /* offsetOfTypes */ offsetof(GetTestResult_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(GetTestResult_Out, testResult))}, + /* types */ {END_OF_LIST, + TPM2B_MAX_BUFFER_P_MARSHAL, + TPM_RC_P_MARSHAL, + END_OF_LIST} +}; + +#define _GetTestResultDataAddress (&_GetTestResultData) +#else +#define _GetTestResultDataAddress 0 +#endif // CC_GetTestResult + +#if CC_StartAuthSession + +#include "StartAuthSession_fp.h" + +typedef TPM_RC (StartAuthSession_Entry)( + StartAuthSession_In *in, + StartAuthSession_Out *out +); + +typedef const struct { + StartAuthSession_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[7]; + BYTE types[11]; +} StartAuthSession_COMMAND_DESCRIPTOR_t; + +StartAuthSession_COMMAND_DESCRIPTOR_t _StartAuthSessionData = { + /* entry */ &TPM2_StartAuthSession, + /* inSize */ (UINT16)(sizeof(StartAuthSession_In)), + /* outSize */ (UINT16)(sizeof(StartAuthSession_Out)), + /* offsetOfTypes */ offsetof(StartAuthSession_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(StartAuthSession_In, bind)), + (UINT16)(offsetof(StartAuthSession_In, nonceCaller)), + (UINT16)(offsetof(StartAuthSession_In, encryptedSalt)), + (UINT16)(offsetof(StartAuthSession_In, sessionType)), + (UINT16)(offsetof(StartAuthSession_In, symmetric)), + (UINT16)(offsetof(StartAuthSession_In, authHash)), + (UINT16)(offsetof(StartAuthSession_Out, nonceTPM))}, + /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL + ADD_FLAG, + TPMI_DH_ENTITY_H_UNMARSHAL + ADD_FLAG, + TPM2B_NONCE_P_UNMARSHAL, + TPM2B_ENCRYPTED_SECRET_P_UNMARSHAL, + TPM_SE_P_UNMARSHAL, + TPMT_SYM_DEF_P_UNMARSHAL + ADD_FLAG, + TPMI_ALG_HASH_P_UNMARSHAL, + END_OF_LIST, + TPMI_SH_AUTH_SESSION_H_MARSHAL, + TPM2B_NONCE_P_MARSHAL, + END_OF_LIST} +}; + +#define _StartAuthSessionDataAddress (&_StartAuthSessionData) +#else +#define _StartAuthSessionDataAddress 0 +#endif // CC_StartAuthSession + +#if CC_PolicyRestart + +#include "PolicyRestart_fp.h" + +typedef TPM_RC (PolicyRestart_Entry)( + PolicyRestart_In *in +); + +typedef const struct { + PolicyRestart_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + BYTE types[3]; +} PolicyRestart_COMMAND_DESCRIPTOR_t; + +PolicyRestart_COMMAND_DESCRIPTOR_t _PolicyRestartData = { + /* entry */ &TPM2_PolicyRestart, + /* inSize */ (UINT16)(sizeof(PolicyRestart_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(PolicyRestart_COMMAND_DESCRIPTOR_t, types), + /* offsets */ // No parameter offsets; + /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} +}; + +#define _PolicyRestartDataAddress (&_PolicyRestartData) +#else +#define _PolicyRestartDataAddress 0 +#endif // CC_PolicyRestart + +#if CC_Create + +#include "Create_fp.h" + +typedef TPM_RC (Create_Entry)( + Create_In *in, + Create_Out *out +); + +typedef const struct { + Create_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[8]; + BYTE types[12]; +} Create_COMMAND_DESCRIPTOR_t; + +Create_COMMAND_DESCRIPTOR_t _CreateData = { + /* entry */ &TPM2_Create, + /* inSize */ (UINT16)(sizeof(Create_In)), + /* outSize */ (UINT16)(sizeof(Create_Out)), + /* offsetOfTypes */ offsetof(Create_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(Create_In, inSensitive)), + (UINT16)(offsetof(Create_In, inPublic)), + (UINT16)(offsetof(Create_In, outsideInfo)), + (UINT16)(offsetof(Create_In, creationPCR)), + (UINT16)(offsetof(Create_Out, outPublic)), + (UINT16)(offsetof(Create_Out, creationData)), + (UINT16)(offsetof(Create_Out, creationHash)), + (UINT16)(offsetof(Create_Out, creationTicket))}, + /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, + TPM2B_SENSITIVE_CREATE_P_UNMARSHAL, + TPM2B_PUBLIC_P_UNMARSHAL, + TPM2B_DATA_P_UNMARSHAL, + TPML_PCR_SELECTION_P_UNMARSHAL, + END_OF_LIST, + TPM2B_PRIVATE_P_MARSHAL, + TPM2B_PUBLIC_P_MARSHAL, + TPM2B_CREATION_DATA_P_MARSHAL, + TPM2B_DIGEST_P_MARSHAL, + TPMT_TK_CREATION_P_MARSHAL, + END_OF_LIST} +}; + +#define _CreateDataAddress (&_CreateData) +#else +#define _CreateDataAddress 0 +#endif // CC_Create + +#if CC_Load + +#include "Load_fp.h" + +typedef TPM_RC (Load_Entry)( + Load_In *in, + Load_Out *out +); + +typedef const struct { + Load_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[3]; + BYTE types[7]; +} Load_COMMAND_DESCRIPTOR_t; + +Load_COMMAND_DESCRIPTOR_t _LoadData = { + /* entry */ &TPM2_Load, + /* inSize */ (UINT16)(sizeof(Load_In)), + /* outSize */ (UINT16)(sizeof(Load_Out)), + /* offsetOfTypes */ offsetof(Load_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(Load_In, inPrivate)), + (UINT16)(offsetof(Load_In, inPublic)), + (UINT16)(offsetof(Load_Out, name))}, + /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, + TPM2B_PRIVATE_P_UNMARSHAL, + TPM2B_PUBLIC_P_UNMARSHAL, + END_OF_LIST, + TPM_HANDLE_H_MARSHAL, + TPM2B_NAME_P_MARSHAL, + END_OF_LIST} +}; + +#define _LoadDataAddress (&_LoadData) +#else +#define _LoadDataAddress 0 +#endif // CC_Load + +#if CC_LoadExternal + +#include "LoadExternal_fp.h" + +typedef TPM_RC (LoadExternal_Entry)( + LoadExternal_In *in, + LoadExternal_Out *out +); + +typedef const struct { + LoadExternal_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[3]; + BYTE types[7]; +} LoadExternal_COMMAND_DESCRIPTOR_t; + +LoadExternal_COMMAND_DESCRIPTOR_t _LoadExternalData = { + /* entry */ &TPM2_LoadExternal, + /* inSize */ (UINT16)(sizeof(LoadExternal_In)), + /* outSize */ (UINT16)(sizeof(LoadExternal_Out)), + /* offsetOfTypes */ offsetof(LoadExternal_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(LoadExternal_In, inPublic)), + (UINT16)(offsetof(LoadExternal_In, hierarchy)), + (UINT16)(offsetof(LoadExternal_Out, name))}, + /* types */ {TPM2B_SENSITIVE_P_UNMARSHAL, + TPM2B_PUBLIC_P_UNMARSHAL + ADD_FLAG, + TPMI_RH_HIERARCHY_P_UNMARSHAL + ADD_FLAG, + END_OF_LIST, + TPM_HANDLE_H_MARSHAL, + TPM2B_NAME_P_MARSHAL, + END_OF_LIST} +}; + +#define _LoadExternalDataAddress (&_LoadExternalData) +#else +#define _LoadExternalDataAddress 0 +#endif // CC_LoadExternal + +#if CC_ReadPublic + +#include "ReadPublic_fp.h" + +typedef TPM_RC (ReadPublic_Entry)( + ReadPublic_In *in, + ReadPublic_Out *out +); + +typedef const struct { + ReadPublic_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[2]; + BYTE types[6]; +} ReadPublic_COMMAND_DESCRIPTOR_t; + +ReadPublic_COMMAND_DESCRIPTOR_t _ReadPublicData = { + /* entry */ &TPM2_ReadPublic, + /* inSize */ (UINT16)(sizeof(ReadPublic_In)), + /* outSize */ (UINT16)(sizeof(ReadPublic_Out)), + /* offsetOfTypes */ offsetof(ReadPublic_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(ReadPublic_Out, name)), + (UINT16)(offsetof(ReadPublic_Out, qualifiedName))}, + /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, + END_OF_LIST, + TPM2B_PUBLIC_P_MARSHAL, + TPM2B_NAME_P_MARSHAL, + TPM2B_NAME_P_MARSHAL, + END_OF_LIST} +}; + +#define _ReadPublicDataAddress (&_ReadPublicData) +#else +#define _ReadPublicDataAddress 0 +#endif // CC_ReadPublic + +#if CC_ActivateCredential + +#include "ActivateCredential_fp.h" + +typedef TPM_RC (ActivateCredential_Entry)( + ActivateCredential_In *in, + ActivateCredential_Out *out +); + +typedef const struct { + ActivateCredential_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[3]; + BYTE types[7]; +} ActivateCredential_COMMAND_DESCRIPTOR_t; + +ActivateCredential_COMMAND_DESCRIPTOR_t _ActivateCredentialData = { + /* entry */ &TPM2_ActivateCredential, + /* inSize */ (UINT16)(sizeof(ActivateCredential_In)), + /* outSize */ (UINT16)(sizeof(ActivateCredential_Out)), + /* offsetOfTypes */ offsetof(ActivateCredential_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(ActivateCredential_In, keyHandle)), + (UINT16)(offsetof(ActivateCredential_In, credentialBlob)), + (UINT16)(offsetof(ActivateCredential_In, secret))}, + /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, + TPMI_DH_OBJECT_H_UNMARSHAL, + TPM2B_ID_OBJECT_P_UNMARSHAL, + TPM2B_ENCRYPTED_SECRET_P_UNMARSHAL, + END_OF_LIST, + TPM2B_DIGEST_P_MARSHAL, + END_OF_LIST} +}; + +#define _ActivateCredentialDataAddress (&_ActivateCredentialData) +#else +#define _ActivateCredentialDataAddress 0 +#endif // CC_ActivateCredential + +#if CC_MakeCredential + +#include "MakeCredential_fp.h" + +typedef TPM_RC (MakeCredential_Entry)( + MakeCredential_In *in, + MakeCredential_Out *out +); + +typedef const struct { + MakeCredential_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[3]; + BYTE types[7]; +} MakeCredential_COMMAND_DESCRIPTOR_t; + +MakeCredential_COMMAND_DESCRIPTOR_t _MakeCredentialData = { + /* entry */ &TPM2_MakeCredential, + /* inSize */ (UINT16)(sizeof(MakeCredential_In)), + /* outSize */ (UINT16)(sizeof(MakeCredential_Out)), + /* offsetOfTypes */ offsetof(MakeCredential_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(MakeCredential_In, credential)), + (UINT16)(offsetof(MakeCredential_In, objectName)), + (UINT16)(offsetof(MakeCredential_Out, secret))}, + /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, + TPM2B_DIGEST_P_UNMARSHAL, + TPM2B_NAME_P_UNMARSHAL, + END_OF_LIST, + TPM2B_ID_OBJECT_P_MARSHAL, + TPM2B_ENCRYPTED_SECRET_P_MARSHAL, + END_OF_LIST} +}; + +#define _MakeCredentialDataAddress (&_MakeCredentialData) +#else +#define _MakeCredentialDataAddress 0 +#endif // CC_MakeCredential + +#if CC_Unseal + +#include "Unseal_fp.h" + +typedef TPM_RC (Unseal_Entry)( + Unseal_In *in, + Unseal_Out *out +); + +typedef const struct { + Unseal_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + BYTE types[4]; +} Unseal_COMMAND_DESCRIPTOR_t; + +Unseal_COMMAND_DESCRIPTOR_t _UnsealData = { + /* entry */ &TPM2_Unseal, + /* inSize */ (UINT16)(sizeof(Unseal_In)), + /* outSize */ (UINT16)(sizeof(Unseal_Out)), + /* offsetOfTypes */ offsetof(Unseal_COMMAND_DESCRIPTOR_t, types), + /* offsets */ // No parameter offsets; + /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, + END_OF_LIST, + TPM2B_SENSITIVE_DATA_P_MARSHAL, + END_OF_LIST} +}; + +#define _UnsealDataAddress (&_UnsealData) +#else +#define _UnsealDataAddress 0 +#endif // CC_Unseal + +#if CC_ObjectChangeAuth + +#include "ObjectChangeAuth_fp.h" + +typedef TPM_RC (ObjectChangeAuth_Entry)( + ObjectChangeAuth_In *in, + ObjectChangeAuth_Out *out +); + +typedef const struct { + ObjectChangeAuth_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[2]; + BYTE types[6]; +} ObjectChangeAuth_COMMAND_DESCRIPTOR_t; + +ObjectChangeAuth_COMMAND_DESCRIPTOR_t _ObjectChangeAuthData = { + /* entry */ &TPM2_ObjectChangeAuth, + /* inSize */ (UINT16)(sizeof(ObjectChangeAuth_In)), + /* outSize */ (UINT16)(sizeof(ObjectChangeAuth_Out)), + /* offsetOfTypes */ offsetof(ObjectChangeAuth_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(ObjectChangeAuth_In, parentHandle)), + (UINT16)(offsetof(ObjectChangeAuth_In, newAuth))}, + /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, + TPMI_DH_OBJECT_H_UNMARSHAL, + TPM2B_AUTH_P_UNMARSHAL, + END_OF_LIST, + TPM2B_PRIVATE_P_MARSHAL, + END_OF_LIST} +}; + +#define _ObjectChangeAuthDataAddress (&_ObjectChangeAuthData) +#else +#define _ObjectChangeAuthDataAddress 0 +#endif // CC_ObjectChangeAuth + +#if CC_CreateLoaded + +#include "CreateLoaded_fp.h" + +typedef TPM_RC (CreateLoaded_Entry)( + CreateLoaded_In *in, + CreateLoaded_Out *out +); + +typedef const struct { + CreateLoaded_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[5]; + BYTE types[9]; +} CreateLoaded_COMMAND_DESCRIPTOR_t; + +CreateLoaded_COMMAND_DESCRIPTOR_t _CreateLoadedData = { + /* entry */ &TPM2_CreateLoaded, + /* inSize */ (UINT16)(sizeof(CreateLoaded_In)), + /* outSize */ (UINT16)(sizeof(CreateLoaded_Out)), + /* offsetOfTypes */ offsetof(CreateLoaded_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(CreateLoaded_In, inSensitive)), + (UINT16)(offsetof(CreateLoaded_In, inPublic)), + (UINT16)(offsetof(CreateLoaded_Out, outPrivate)), + (UINT16)(offsetof(CreateLoaded_Out, outPublic)), + (UINT16)(offsetof(CreateLoaded_Out, name))}, + /* types */ {TPMI_DH_PARENT_H_UNMARSHAL + ADD_FLAG, + TPM2B_SENSITIVE_CREATE_P_UNMARSHAL, + TPM2B_TEMPLATE_P_UNMARSHAL, + END_OF_LIST, + TPM_HANDLE_H_MARSHAL, + TPM2B_PRIVATE_P_MARSHAL, + TPM2B_PUBLIC_P_MARSHAL, + TPM2B_NAME_P_MARSHAL, + END_OF_LIST} +}; + +#define _CreateLoadedDataAddress (&_CreateLoadedData) +#else +#define _CreateLoadedDataAddress 0 +#endif // CC_CreateLoaded + +#if CC_Duplicate + +#include "Duplicate_fp.h" + +typedef TPM_RC (Duplicate_Entry)( + Duplicate_In *in, + Duplicate_Out *out +); + +typedef const struct { + Duplicate_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[5]; + BYTE types[9]; +} Duplicate_COMMAND_DESCRIPTOR_t; + +Duplicate_COMMAND_DESCRIPTOR_t _DuplicateData = { + /* entry */ &TPM2_Duplicate, + /* inSize */ (UINT16)(sizeof(Duplicate_In)), + /* outSize */ (UINT16)(sizeof(Duplicate_Out)), + /* offsetOfTypes */ offsetof(Duplicate_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(Duplicate_In, newParentHandle)), + (UINT16)(offsetof(Duplicate_In, encryptionKeyIn)), + (UINT16)(offsetof(Duplicate_In, symmetricAlg)), + (UINT16)(offsetof(Duplicate_Out, duplicate)), + (UINT16)(offsetof(Duplicate_Out, outSymSeed))}, + /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, + TPMI_DH_OBJECT_H_UNMARSHAL + ADD_FLAG, + TPM2B_DATA_P_UNMARSHAL, + TPMT_SYM_DEF_OBJECT_P_UNMARSHAL + ADD_FLAG, + END_OF_LIST, + TPM2B_DATA_P_MARSHAL, + TPM2B_PRIVATE_P_MARSHAL, + TPM2B_ENCRYPTED_SECRET_P_MARSHAL, + END_OF_LIST} +}; + +#define _DuplicateDataAddress (&_DuplicateData) +#else +#define _DuplicateDataAddress 0 +#endif // CC_Duplicate + +#if CC_Rewrap + +#include "Rewrap_fp.h" + +typedef TPM_RC (Rewrap_Entry)( + Rewrap_In *in, + Rewrap_Out *out +); + +typedef const struct { + Rewrap_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[5]; + BYTE types[9]; +} Rewrap_COMMAND_DESCRIPTOR_t; + +Rewrap_COMMAND_DESCRIPTOR_t _RewrapData = { + /* entry */ &TPM2_Rewrap, + /* inSize */ (UINT16)(sizeof(Rewrap_In)), + /* outSize */ (UINT16)(sizeof(Rewrap_Out)), + /* offsetOfTypes */ offsetof(Rewrap_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(Rewrap_In, newParent)), + (UINT16)(offsetof(Rewrap_In, inDuplicate)), + (UINT16)(offsetof(Rewrap_In, name)), + (UINT16)(offsetof(Rewrap_In, inSymSeed)), + (UINT16)(offsetof(Rewrap_Out, outSymSeed))}, + /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL + ADD_FLAG, + TPMI_DH_OBJECT_H_UNMARSHAL + ADD_FLAG, + TPM2B_PRIVATE_P_UNMARSHAL, + TPM2B_NAME_P_UNMARSHAL, + TPM2B_ENCRYPTED_SECRET_P_UNMARSHAL, + END_OF_LIST, + TPM2B_PRIVATE_P_MARSHAL, + TPM2B_ENCRYPTED_SECRET_P_MARSHAL, + END_OF_LIST} +}; + +#define _RewrapDataAddress (&_RewrapData) +#else +#define _RewrapDataAddress 0 +#endif // CC_Rewrap + +#if CC_Import + +#include "Import_fp.h" + +typedef TPM_RC (Import_Entry)( + Import_In *in, + Import_Out *out +); + +typedef const struct { + Import_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[5]; + BYTE types[9]; +} Import_COMMAND_DESCRIPTOR_t; + +Import_COMMAND_DESCRIPTOR_t _ImportData = { + /* entry */ &TPM2_Import, + /* inSize */ (UINT16)(sizeof(Import_In)), + /* outSize */ (UINT16)(sizeof(Import_Out)), + /* offsetOfTypes */ offsetof(Import_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(Import_In, encryptionKey)), + (UINT16)(offsetof(Import_In, objectPublic)), + (UINT16)(offsetof(Import_In, duplicate)), + (UINT16)(offsetof(Import_In, inSymSeed)), + (UINT16)(offsetof(Import_In, symmetricAlg))}, + /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, + TPM2B_DATA_P_UNMARSHAL, + TPM2B_PUBLIC_P_UNMARSHAL, + TPM2B_PRIVATE_P_UNMARSHAL, + TPM2B_ENCRYPTED_SECRET_P_UNMARSHAL, + TPMT_SYM_DEF_OBJECT_P_UNMARSHAL + ADD_FLAG, + END_OF_LIST, + TPM2B_PRIVATE_P_MARSHAL, + END_OF_LIST} +}; + +#define _ImportDataAddress (&_ImportData) +#else +#define _ImportDataAddress 0 +#endif // CC_Import + +#if CC_RSA_Encrypt + +#include "RSA_Encrypt_fp.h" + +typedef TPM_RC (RSA_Encrypt_Entry)( + RSA_Encrypt_In *in, + RSA_Encrypt_Out *out +); + +typedef const struct { + RSA_Encrypt_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[3]; + BYTE types[7]; +} RSA_Encrypt_COMMAND_DESCRIPTOR_t; + +RSA_Encrypt_COMMAND_DESCRIPTOR_t _RSA_EncryptData = { + /* entry */ &TPM2_RSA_Encrypt, + /* inSize */ (UINT16)(sizeof(RSA_Encrypt_In)), + /* outSize */ (UINT16)(sizeof(RSA_Encrypt_Out)), + /* offsetOfTypes */ offsetof(RSA_Encrypt_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(RSA_Encrypt_In, message)), + (UINT16)(offsetof(RSA_Encrypt_In, inScheme)), + (UINT16)(offsetof(RSA_Encrypt_In, label))}, + /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, + TPM2B_PUBLIC_KEY_RSA_P_UNMARSHAL, + TPMT_RSA_DECRYPT_P_UNMARSHAL + ADD_FLAG, + TPM2B_DATA_P_UNMARSHAL, + END_OF_LIST, + TPM2B_PUBLIC_KEY_RSA_P_MARSHAL, + END_OF_LIST} +}; + +#define _RSA_EncryptDataAddress (&_RSA_EncryptData) +#else +#define _RSA_EncryptDataAddress 0 +#endif // CC_RSA_Encrypt + +#if CC_RSA_Decrypt + +#include "RSA_Decrypt_fp.h" + +typedef TPM_RC (RSA_Decrypt_Entry)( + RSA_Decrypt_In *in, + RSA_Decrypt_Out *out +); + +typedef const struct { + RSA_Decrypt_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[3]; + BYTE types[7]; +} RSA_Decrypt_COMMAND_DESCRIPTOR_t; + +RSA_Decrypt_COMMAND_DESCRIPTOR_t _RSA_DecryptData = { + /* entry */ &TPM2_RSA_Decrypt, + /* inSize */ (UINT16)(sizeof(RSA_Decrypt_In)), + /* outSize */ (UINT16)(sizeof(RSA_Decrypt_Out)), + /* offsetOfTypes */ offsetof(RSA_Decrypt_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(RSA_Decrypt_In, cipherText)), + (UINT16)(offsetof(RSA_Decrypt_In, inScheme)), + (UINT16)(offsetof(RSA_Decrypt_In, label))}, + /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, + TPM2B_PUBLIC_KEY_RSA_P_UNMARSHAL, + TPMT_RSA_DECRYPT_P_UNMARSHAL + ADD_FLAG, + TPM2B_DATA_P_UNMARSHAL, + END_OF_LIST, + TPM2B_PUBLIC_KEY_RSA_P_MARSHAL, + END_OF_LIST} +}; + +#define _RSA_DecryptDataAddress (&_RSA_DecryptData) +#else +#define _RSA_DecryptDataAddress 0 +#endif // CC_RSA_Decrypt + +#if CC_ECDH_KeyGen + +#include "ECDH_KeyGen_fp.h" + +typedef TPM_RC (ECDH_KeyGen_Entry)( + ECDH_KeyGen_In *in, + ECDH_KeyGen_Out *out +); + +typedef const struct { + ECDH_KeyGen_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[1]; + BYTE types[5]; +} ECDH_KeyGen_COMMAND_DESCRIPTOR_t; + +ECDH_KeyGen_COMMAND_DESCRIPTOR_t _ECDH_KeyGenData = { + /* entry */ &TPM2_ECDH_KeyGen, + /* inSize */ (UINT16)(sizeof(ECDH_KeyGen_In)), + /* outSize */ (UINT16)(sizeof(ECDH_KeyGen_Out)), + /* offsetOfTypes */ offsetof(ECDH_KeyGen_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(ECDH_KeyGen_Out, pubPoint))}, + /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, + END_OF_LIST, + TPM2B_ECC_POINT_P_MARSHAL, + TPM2B_ECC_POINT_P_MARSHAL, + END_OF_LIST} +}; + +#define _ECDH_KeyGenDataAddress (&_ECDH_KeyGenData) +#else +#define _ECDH_KeyGenDataAddress 0 +#endif // CC_ECDH_KeyGen + +#if CC_ECDH_ZGen + +#include "ECDH_ZGen_fp.h" + +typedef TPM_RC (ECDH_ZGen_Entry)( + ECDH_ZGen_In *in, + ECDH_ZGen_Out *out +); + +typedef const struct { + ECDH_ZGen_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[1]; + BYTE types[5]; +} ECDH_ZGen_COMMAND_DESCRIPTOR_t; + +ECDH_ZGen_COMMAND_DESCRIPTOR_t _ECDH_ZGenData = { + /* entry */ &TPM2_ECDH_ZGen, + /* inSize */ (UINT16)(sizeof(ECDH_ZGen_In)), + /* outSize */ (UINT16)(sizeof(ECDH_ZGen_Out)), + /* offsetOfTypes */ offsetof(ECDH_ZGen_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(ECDH_ZGen_In, inPoint))}, + /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, + TPM2B_ECC_POINT_P_UNMARSHAL, + END_OF_LIST, + TPM2B_ECC_POINT_P_MARSHAL, + END_OF_LIST} +}; + +#define _ECDH_ZGenDataAddress (&_ECDH_ZGenData) +#else +#define _ECDH_ZGenDataAddress 0 +#endif // CC_ECDH_ZGen + +#if CC_ECC_Parameters + +#include "ECC_Parameters_fp.h" + +typedef TPM_RC (ECC_Parameters_Entry)( + ECC_Parameters_In *in, + ECC_Parameters_Out *out +); + +typedef const struct { + ECC_Parameters_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + BYTE types[4]; +} ECC_Parameters_COMMAND_DESCRIPTOR_t; + +ECC_Parameters_COMMAND_DESCRIPTOR_t _ECC_ParametersData = { + /* entry */ &TPM2_ECC_Parameters, + /* inSize */ (UINT16)(sizeof(ECC_Parameters_In)), + /* outSize */ (UINT16)(sizeof(ECC_Parameters_Out)), + /* offsetOfTypes */ offsetof(ECC_Parameters_COMMAND_DESCRIPTOR_t, types), + /* offsets */ // No parameter offsets; + /* types */ {TPMI_ECC_CURVE_P_UNMARSHAL, + END_OF_LIST, + TPMS_ALGORITHM_DETAIL_ECC_P_MARSHAL, + END_OF_LIST} +}; + +#define _ECC_ParametersDataAddress (&_ECC_ParametersData) +#else +#define _ECC_ParametersDataAddress 0 +#endif // CC_ECC_Parameters + +#if CC_ZGen_2Phase + +#include "ZGen_2Phase_fp.h" + +typedef TPM_RC (ZGen_2Phase_Entry)( + ZGen_2Phase_In *in, + ZGen_2Phase_Out *out +); + +typedef const struct { + ZGen_2Phase_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[5]; + BYTE types[9]; +} ZGen_2Phase_COMMAND_DESCRIPTOR_t; + +ZGen_2Phase_COMMAND_DESCRIPTOR_t _ZGen_2PhaseData = { + /* entry */ &TPM2_ZGen_2Phase, + /* inSize */ (UINT16)(sizeof(ZGen_2Phase_In)), + /* outSize */ (UINT16)(sizeof(ZGen_2Phase_Out)), + /* offsetOfTypes */ offsetof(ZGen_2Phase_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(ZGen_2Phase_In, inQsB)), + (UINT16)(offsetof(ZGen_2Phase_In, inQeB)), + (UINT16)(offsetof(ZGen_2Phase_In, inScheme)), + (UINT16)(offsetof(ZGen_2Phase_In, counter)), + (UINT16)(offsetof(ZGen_2Phase_Out, outZ2))}, + /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, + TPM2B_ECC_POINT_P_UNMARSHAL, + TPM2B_ECC_POINT_P_UNMARSHAL, + TPMI_ECC_KEY_EXCHANGE_P_UNMARSHAL, + UINT16_P_UNMARSHAL, + END_OF_LIST, + TPM2B_ECC_POINT_P_MARSHAL, + TPM2B_ECC_POINT_P_MARSHAL, + END_OF_LIST} +}; + +#define _ZGen_2PhaseDataAddress (&_ZGen_2PhaseData) +#else +#define _ZGen_2PhaseDataAddress 0 +#endif // CC_ZGen_2Phase + +#if CC_EncryptDecrypt + +#include "EncryptDecrypt_fp.h" + +typedef TPM_RC (EncryptDecrypt_Entry)( + EncryptDecrypt_In *in, + EncryptDecrypt_Out *out +); + +typedef const struct { + EncryptDecrypt_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[5]; + BYTE types[9]; +} EncryptDecrypt_COMMAND_DESCRIPTOR_t; + +EncryptDecrypt_COMMAND_DESCRIPTOR_t _EncryptDecryptData = { + /* entry */ &TPM2_EncryptDecrypt, + /* inSize */ (UINT16)(sizeof(EncryptDecrypt_In)), + /* outSize */ (UINT16)(sizeof(EncryptDecrypt_Out)), + /* offsetOfTypes */ offsetof(EncryptDecrypt_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(EncryptDecrypt_In, decrypt)), + (UINT16)(offsetof(EncryptDecrypt_In, mode)), + (UINT16)(offsetof(EncryptDecrypt_In, ivIn)), + (UINT16)(offsetof(EncryptDecrypt_In, inData)), + (UINT16)(offsetof(EncryptDecrypt_Out, ivOut))}, + /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, + TPMI_YES_NO_P_UNMARSHAL, + TPMI_ALG_CIPHER_MODE_P_UNMARSHAL + ADD_FLAG, + TPM2B_IV_P_UNMARSHAL, + TPM2B_MAX_BUFFER_P_UNMARSHAL, + END_OF_LIST, + TPM2B_MAX_BUFFER_P_MARSHAL, + TPM2B_IV_P_MARSHAL, + END_OF_LIST} +}; + +#define _EncryptDecryptDataAddress (&_EncryptDecryptData) +#else +#define _EncryptDecryptDataAddress 0 +#endif // CC_EncryptDecrypt + +#if CC_EncryptDecrypt2 + +#include "EncryptDecrypt2_fp.h" + +typedef TPM_RC (EncryptDecrypt2_Entry)( + EncryptDecrypt2_In *in, + EncryptDecrypt2_Out *out +); + +typedef const struct { + EncryptDecrypt2_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[5]; + BYTE types[9]; +} EncryptDecrypt2_COMMAND_DESCRIPTOR_t; + +EncryptDecrypt2_COMMAND_DESCRIPTOR_t _EncryptDecrypt2Data = { + /* entry */ &TPM2_EncryptDecrypt2, + /* inSize */ (UINT16)(sizeof(EncryptDecrypt2_In)), + /* outSize */ (UINT16)(sizeof(EncryptDecrypt2_Out)), + /* offsetOfTypes */ offsetof(EncryptDecrypt2_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(EncryptDecrypt2_In, inData)), + (UINT16)(offsetof(EncryptDecrypt2_In, decrypt)), + (UINT16)(offsetof(EncryptDecrypt2_In, mode)), + (UINT16)(offsetof(EncryptDecrypt2_In, ivIn)), + (UINT16)(offsetof(EncryptDecrypt2_Out, ivOut))}, + /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, + TPM2B_MAX_BUFFER_P_UNMARSHAL, + TPMI_YES_NO_P_UNMARSHAL, + TPMI_ALG_CIPHER_MODE_P_UNMARSHAL + ADD_FLAG, + TPM2B_IV_P_UNMARSHAL, + END_OF_LIST, + TPM2B_MAX_BUFFER_P_MARSHAL, + TPM2B_IV_P_MARSHAL, + END_OF_LIST} +}; + +#define _EncryptDecrypt2DataAddress (&_EncryptDecrypt2Data) +#else +#define _EncryptDecrypt2DataAddress 0 +#endif // CC_EncryptDecrypt2 + +#if CC_Hash + +#include "Hash_fp.h" + +typedef TPM_RC (Hash_Entry)( + Hash_In *in, + Hash_Out *out +); + +typedef const struct { + Hash_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[3]; + BYTE types[7]; +} Hash_COMMAND_DESCRIPTOR_t; + +Hash_COMMAND_DESCRIPTOR_t _HashData = { + /* entry */ &TPM2_Hash, + /* inSize */ (UINT16)(sizeof(Hash_In)), + /* outSize */ (UINT16)(sizeof(Hash_Out)), + /* offsetOfTypes */ offsetof(Hash_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(Hash_In, hashAlg)), + (UINT16)(offsetof(Hash_In, hierarchy)), + (UINT16)(offsetof(Hash_Out, validation))}, + /* types */ {TPM2B_MAX_BUFFER_P_UNMARSHAL, + TPMI_ALG_HASH_P_UNMARSHAL, + TPMI_RH_HIERARCHY_P_UNMARSHAL + ADD_FLAG, + END_OF_LIST, + TPM2B_DIGEST_P_MARSHAL, + TPMT_TK_HASHCHECK_P_MARSHAL, + END_OF_LIST} +}; + +#define _HashDataAddress (&_HashData) +#else +#define _HashDataAddress 0 +#endif // CC_Hash + +#if CC_HMAC + +#include "HMAC_fp.h" + +typedef TPM_RC (HMAC_Entry)( + HMAC_In *in, + HMAC_Out *out +); + +typedef const struct { + HMAC_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[2]; + BYTE types[6]; +} HMAC_COMMAND_DESCRIPTOR_t; + +HMAC_COMMAND_DESCRIPTOR_t _HMACData = { + /* entry */ &TPM2_HMAC, + /* inSize */ (UINT16)(sizeof(HMAC_In)), + /* outSize */ (UINT16)(sizeof(HMAC_Out)), + /* offsetOfTypes */ offsetof(HMAC_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(HMAC_In, buffer)), + (UINT16)(offsetof(HMAC_In, hashAlg))}, + /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, + TPM2B_MAX_BUFFER_P_UNMARSHAL, + TPMI_ALG_HASH_P_UNMARSHAL + ADD_FLAG, + END_OF_LIST, + TPM2B_DIGEST_P_MARSHAL, + END_OF_LIST} +}; + +#define _HMACDataAddress (&_HMACData) +#else +#define _HMACDataAddress 0 +#endif // CC_HMAC + +#if CC_MAC + +#include "MAC_fp.h" + +typedef TPM_RC (MAC_Entry)( + MAC_In *in, + MAC_Out *out +); + +typedef const struct { + MAC_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[2]; + BYTE types[6]; +} MAC_COMMAND_DESCRIPTOR_t; + +MAC_COMMAND_DESCRIPTOR_t _MACData = { + /* entry */ &TPM2_MAC, + /* inSize */ (UINT16)(sizeof(MAC_In)), + /* outSize */ (UINT16)(sizeof(MAC_Out)), + /* offsetOfTypes */ offsetof(MAC_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(MAC_In, buffer)), + (UINT16)(offsetof(MAC_In, inScheme))}, + /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, + TPM2B_MAX_BUFFER_P_UNMARSHAL, + TPMI_ALG_MAC_SCHEME_P_UNMARSHAL + ADD_FLAG, + END_OF_LIST, + TPM2B_DIGEST_P_MARSHAL, + END_OF_LIST} +}; + +#define _MACDataAddress (&_MACData) +#else +#define _MACDataAddress 0 +#endif // CC_MAC + +#if CC_GetRandom + +#include "GetRandom_fp.h" + +typedef TPM_RC (GetRandom_Entry)( + GetRandom_In *in, + GetRandom_Out *out +); + +typedef const struct { + GetRandom_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + BYTE types[4]; +} GetRandom_COMMAND_DESCRIPTOR_t; + +GetRandom_COMMAND_DESCRIPTOR_t _GetRandomData = { + /* entry */ &TPM2_GetRandom, + /* inSize */ (UINT16)(sizeof(GetRandom_In)), + /* outSize */ (UINT16)(sizeof(GetRandom_Out)), + /* offsetOfTypes */ offsetof(GetRandom_COMMAND_DESCRIPTOR_t, types), + /* offsets */ // No parameter offsets; + /* types */ {UINT16_P_UNMARSHAL, + END_OF_LIST, + TPM2B_DIGEST_P_MARSHAL, + END_OF_LIST} +}; + +#define _GetRandomDataAddress (&_GetRandomData) +#else +#define _GetRandomDataAddress 0 +#endif // CC_GetRandom + +#if CC_StirRandom + +#include "StirRandom_fp.h" + +typedef TPM_RC (StirRandom_Entry)( + StirRandom_In *in +); + +typedef const struct { + StirRandom_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + BYTE types[3]; +} StirRandom_COMMAND_DESCRIPTOR_t; + +StirRandom_COMMAND_DESCRIPTOR_t _StirRandomData = { + /* entry */ &TPM2_StirRandom, + /* inSize */ (UINT16)(sizeof(StirRandom_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(StirRandom_COMMAND_DESCRIPTOR_t, types), + /* offsets */ // No parameter offsets; + /* types */ {TPM2B_SENSITIVE_DATA_P_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} +}; + +#define _StirRandomDataAddress (&_StirRandomData) +#else +#define _StirRandomDataAddress 0 +#endif // CC_StirRandom + +#if CC_HMAC_Start + +#include "HMAC_Start_fp.h" + +typedef TPM_RC (HMAC_Start_Entry)( + HMAC_Start_In *in, + HMAC_Start_Out *out +); + +typedef const struct { + HMAC_Start_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[2]; + BYTE types[6]; +} HMAC_Start_COMMAND_DESCRIPTOR_t; + +HMAC_Start_COMMAND_DESCRIPTOR_t _HMAC_StartData = { + /* entry */ &TPM2_HMAC_Start, + /* inSize */ (UINT16)(sizeof(HMAC_Start_In)), + /* outSize */ (UINT16)(sizeof(HMAC_Start_Out)), + /* offsetOfTypes */ offsetof(HMAC_Start_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(HMAC_Start_In, auth)), + (UINT16)(offsetof(HMAC_Start_In, hashAlg))}, + /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, + TPM2B_AUTH_P_UNMARSHAL, + TPMI_ALG_HASH_P_UNMARSHAL + ADD_FLAG, + END_OF_LIST, + TPMI_DH_OBJECT_H_MARSHAL, + END_OF_LIST} +}; + +#define _HMAC_StartDataAddress (&_HMAC_StartData) +#else +#define _HMAC_StartDataAddress 0 +#endif // CC_HMAC_Start + +#if CC_MAC_Start + +#include "MAC_Start_fp.h" + +typedef TPM_RC (MAC_Start_Entry)( + MAC_Start_In *in, + MAC_Start_Out *out +); + +typedef const struct { + MAC_Start_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[2]; + BYTE types[6]; +} MAC_Start_COMMAND_DESCRIPTOR_t; + +MAC_Start_COMMAND_DESCRIPTOR_t _MAC_StartData = { + /* entry */ &TPM2_MAC_Start, + /* inSize */ (UINT16)(sizeof(MAC_Start_In)), + /* outSize */ (UINT16)(sizeof(MAC_Start_Out)), + /* offsetOfTypes */ offsetof(MAC_Start_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(MAC_Start_In, auth)), + (UINT16)(offsetof(MAC_Start_In, inScheme))}, + /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, + TPM2B_AUTH_P_UNMARSHAL, + TPMI_ALG_MAC_SCHEME_P_UNMARSHAL + ADD_FLAG, + END_OF_LIST, + TPMI_DH_OBJECT_H_MARSHAL, + END_OF_LIST} +}; + +#define _MAC_StartDataAddress (&_MAC_StartData) +#else +#define _MAC_StartDataAddress 0 +#endif // CC_MAC_Start + +#if CC_HashSequenceStart + +#include "HashSequenceStart_fp.h" + +typedef TPM_RC (HashSequenceStart_Entry)( + HashSequenceStart_In *in, + HashSequenceStart_Out *out +); + +typedef const struct { + HashSequenceStart_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[1]; + BYTE types[5]; +} HashSequenceStart_COMMAND_DESCRIPTOR_t; + +HashSequenceStart_COMMAND_DESCRIPTOR_t _HashSequenceStartData = { + /* entry */ &TPM2_HashSequenceStart, + /* inSize */ (UINT16)(sizeof(HashSequenceStart_In)), + /* outSize */ (UINT16)(sizeof(HashSequenceStart_Out)), + /* offsetOfTypes */ offsetof(HashSequenceStart_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(HashSequenceStart_In, hashAlg))}, + /* types */ {TPM2B_AUTH_P_UNMARSHAL, + TPMI_ALG_HASH_P_UNMARSHAL + ADD_FLAG, + END_OF_LIST, + TPMI_DH_OBJECT_H_MARSHAL, + END_OF_LIST} +}; + +#define _HashSequenceStartDataAddress (&_HashSequenceStartData) +#else +#define _HashSequenceStartDataAddress 0 +#endif // CC_HashSequenceStart + +#if CC_SequenceUpdate + +#include "SequenceUpdate_fp.h" + +typedef TPM_RC (SequenceUpdate_Entry)( + SequenceUpdate_In *in +); + +typedef const struct { + SequenceUpdate_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[1]; + BYTE types[4]; +} SequenceUpdate_COMMAND_DESCRIPTOR_t; + +SequenceUpdate_COMMAND_DESCRIPTOR_t _SequenceUpdateData = { + /* entry */ &TPM2_SequenceUpdate, + /* inSize */ (UINT16)(sizeof(SequenceUpdate_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(SequenceUpdate_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(SequenceUpdate_In, buffer))}, + /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, + TPM2B_MAX_BUFFER_P_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} +}; + +#define _SequenceUpdateDataAddress (&_SequenceUpdateData) +#else +#define _SequenceUpdateDataAddress 0 +#endif // CC_SequenceUpdate + +#if CC_SequenceComplete + +#include "SequenceComplete_fp.h" + +typedef TPM_RC (SequenceComplete_Entry)( + SequenceComplete_In *in, + SequenceComplete_Out *out +); + +typedef const struct { + SequenceComplete_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[3]; + BYTE types[7]; +} SequenceComplete_COMMAND_DESCRIPTOR_t; + +SequenceComplete_COMMAND_DESCRIPTOR_t _SequenceCompleteData = { + /* entry */ &TPM2_SequenceComplete, + /* inSize */ (UINT16)(sizeof(SequenceComplete_In)), + /* outSize */ (UINT16)(sizeof(SequenceComplete_Out)), + /* offsetOfTypes */ offsetof(SequenceComplete_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(SequenceComplete_In, buffer)), + (UINT16)(offsetof(SequenceComplete_In, hierarchy)), + (UINT16)(offsetof(SequenceComplete_Out, validation))}, + /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, + TPM2B_MAX_BUFFER_P_UNMARSHAL, + TPMI_RH_HIERARCHY_P_UNMARSHAL + ADD_FLAG, + END_OF_LIST, + TPM2B_DIGEST_P_MARSHAL, + TPMT_TK_HASHCHECK_P_MARSHAL, + END_OF_LIST} +}; + +#define _SequenceCompleteDataAddress (&_SequenceCompleteData) +#else +#define _SequenceCompleteDataAddress 0 +#endif // CC_SequenceComplete + +#if CC_EventSequenceComplete + +#include "EventSequenceComplete_fp.h" + +typedef TPM_RC (EventSequenceComplete_Entry)( + EventSequenceComplete_In *in, + EventSequenceComplete_Out *out +); + +typedef const struct { + EventSequenceComplete_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[2]; + BYTE types[6]; +} EventSequenceComplete_COMMAND_DESCRIPTOR_t; + +EventSequenceComplete_COMMAND_DESCRIPTOR_t _EventSequenceCompleteData = { + /* entry */ &TPM2_EventSequenceComplete, + /* inSize */ (UINT16)(sizeof(EventSequenceComplete_In)), + /* outSize */ (UINT16)(sizeof(EventSequenceComplete_Out)), + /* offsetOfTypes */ offsetof(EventSequenceComplete_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(EventSequenceComplete_In, sequenceHandle)), + (UINT16)(offsetof(EventSequenceComplete_In, buffer))}, + /* types */ {TPMI_DH_PCR_H_UNMARSHAL + ADD_FLAG, + TPMI_DH_OBJECT_H_UNMARSHAL, + TPM2B_MAX_BUFFER_P_UNMARSHAL, + END_OF_LIST, + TPML_DIGEST_VALUES_P_MARSHAL, + END_OF_LIST} +}; + +#define _EventSequenceCompleteDataAddress (&_EventSequenceCompleteData) +#else +#define _EventSequenceCompleteDataAddress 0 +#endif // CC_EventSequenceComplete + +#if CC_Certify + +#include "Certify_fp.h" + +typedef TPM_RC (Certify_Entry)( + Certify_In *in, + Certify_Out *out +); + +typedef const struct { + Certify_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[4]; + BYTE types[8]; +} Certify_COMMAND_DESCRIPTOR_t; + +Certify_COMMAND_DESCRIPTOR_t _CertifyData = { + /* entry */ &TPM2_Certify, + /* inSize */ (UINT16)(sizeof(Certify_In)), + /* outSize */ (UINT16)(sizeof(Certify_Out)), + /* offsetOfTypes */ offsetof(Certify_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(Certify_In, signHandle)), + (UINT16)(offsetof(Certify_In, qualifyingData)), + (UINT16)(offsetof(Certify_In, inScheme)), + (UINT16)(offsetof(Certify_Out, signature))}, + /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, + TPMI_DH_OBJECT_H_UNMARSHAL + ADD_FLAG, + TPM2B_DATA_P_UNMARSHAL, + TPMT_SIG_SCHEME_P_UNMARSHAL + ADD_FLAG, + END_OF_LIST, + TPM2B_ATTEST_P_MARSHAL, + TPMT_SIGNATURE_P_MARSHAL, + END_OF_LIST} +}; + +#define _CertifyDataAddress (&_CertifyData) +#else +#define _CertifyDataAddress 0 +#endif // CC_Certify + +#if CC_CertifyCreation + +#include "CertifyCreation_fp.h" + +typedef TPM_RC (CertifyCreation_Entry)( + CertifyCreation_In *in, + CertifyCreation_Out *out +); + +typedef const struct { + CertifyCreation_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[6]; + BYTE types[10]; +} CertifyCreation_COMMAND_DESCRIPTOR_t; + +CertifyCreation_COMMAND_DESCRIPTOR_t _CertifyCreationData = { + /* entry */ &TPM2_CertifyCreation, + /* inSize */ (UINT16)(sizeof(CertifyCreation_In)), + /* outSize */ (UINT16)(sizeof(CertifyCreation_Out)), + /* offsetOfTypes */ offsetof(CertifyCreation_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(CertifyCreation_In, objectHandle)), + (UINT16)(offsetof(CertifyCreation_In, qualifyingData)), + (UINT16)(offsetof(CertifyCreation_In, creationHash)), + (UINT16)(offsetof(CertifyCreation_In, inScheme)), + (UINT16)(offsetof(CertifyCreation_In, creationTicket)), + (UINT16)(offsetof(CertifyCreation_Out, signature))}, + /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL + ADD_FLAG, + TPMI_DH_OBJECT_H_UNMARSHAL, + TPM2B_DATA_P_UNMARSHAL, + TPM2B_DIGEST_P_UNMARSHAL, + TPMT_SIG_SCHEME_P_UNMARSHAL + ADD_FLAG, + TPMT_TK_CREATION_P_UNMARSHAL, + END_OF_LIST, + TPM2B_ATTEST_P_MARSHAL, + TPMT_SIGNATURE_P_MARSHAL, + END_OF_LIST} +}; + +#define _CertifyCreationDataAddress (&_CertifyCreationData) +#else +#define _CertifyCreationDataAddress 0 +#endif // CC_CertifyCreation + +#if CC_Quote + +#include "Quote_fp.h" + +typedef TPM_RC (Quote_Entry)( + Quote_In *in, + Quote_Out *out +); + +typedef const struct { + Quote_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[4]; + BYTE types[8]; +} Quote_COMMAND_DESCRIPTOR_t; + +Quote_COMMAND_DESCRIPTOR_t _QuoteData = { + /* entry */ &TPM2_Quote, + /* inSize */ (UINT16)(sizeof(Quote_In)), + /* outSize */ (UINT16)(sizeof(Quote_Out)), + /* offsetOfTypes */ offsetof(Quote_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(Quote_In, qualifyingData)), + (UINT16)(offsetof(Quote_In, inScheme)), + (UINT16)(offsetof(Quote_In, PCRselect)), + (UINT16)(offsetof(Quote_Out, signature))}, + /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL + ADD_FLAG, + TPM2B_DATA_P_UNMARSHAL, + TPMT_SIG_SCHEME_P_UNMARSHAL + ADD_FLAG, + TPML_PCR_SELECTION_P_UNMARSHAL, + END_OF_LIST, + TPM2B_ATTEST_P_MARSHAL, + TPMT_SIGNATURE_P_MARSHAL, + END_OF_LIST} +}; + +#define _QuoteDataAddress (&_QuoteData) +#else +#define _QuoteDataAddress 0 +#endif // CC_Quote + +#if CC_GetSessionAuditDigest + +#include "GetSessionAuditDigest_fp.h" + +typedef TPM_RC (GetSessionAuditDigest_Entry)( + GetSessionAuditDigest_In *in, + GetSessionAuditDigest_Out *out +); + +typedef const struct { + GetSessionAuditDigest_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[5]; + BYTE types[9]; +} GetSessionAuditDigest_COMMAND_DESCRIPTOR_t; + +GetSessionAuditDigest_COMMAND_DESCRIPTOR_t _GetSessionAuditDigestData = { + /* entry */ &TPM2_GetSessionAuditDigest, + /* inSize */ (UINT16)(sizeof(GetSessionAuditDigest_In)), + /* outSize */ (UINT16)(sizeof(GetSessionAuditDigest_Out)), + /* offsetOfTypes */ offsetof(GetSessionAuditDigest_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(GetSessionAuditDigest_In, signHandle)), + (UINT16)(offsetof(GetSessionAuditDigest_In, sessionHandle)), + (UINT16)(offsetof(GetSessionAuditDigest_In, qualifyingData)), + (UINT16)(offsetof(GetSessionAuditDigest_In, inScheme)), + (UINT16)(offsetof(GetSessionAuditDigest_Out, signature))}, + /* types */ {TPMI_RH_ENDORSEMENT_H_UNMARSHAL, + TPMI_DH_OBJECT_H_UNMARSHAL + ADD_FLAG, + TPMI_SH_HMAC_H_UNMARSHAL, + TPM2B_DATA_P_UNMARSHAL, + TPMT_SIG_SCHEME_P_UNMARSHAL + ADD_FLAG, + END_OF_LIST, + TPM2B_ATTEST_P_MARSHAL, + TPMT_SIGNATURE_P_MARSHAL, + END_OF_LIST} +}; + +#define _GetSessionAuditDigestDataAddress (&_GetSessionAuditDigestData) +#else +#define _GetSessionAuditDigestDataAddress 0 +#endif // CC_GetSessionAuditDigest + +#if CC_GetCommandAuditDigest + +#include "GetCommandAuditDigest_fp.h" + +typedef TPM_RC (GetCommandAuditDigest_Entry)( + GetCommandAuditDigest_In *in, + GetCommandAuditDigest_Out *out +); + +typedef const struct { + GetCommandAuditDigest_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[4]; + BYTE types[8]; +} GetCommandAuditDigest_COMMAND_DESCRIPTOR_t; + +GetCommandAuditDigest_COMMAND_DESCRIPTOR_t _GetCommandAuditDigestData = { + /* entry */ &TPM2_GetCommandAuditDigest, + /* inSize */ (UINT16)(sizeof(GetCommandAuditDigest_In)), + /* outSize */ (UINT16)(sizeof(GetCommandAuditDigest_Out)), + /* offsetOfTypes */ offsetof(GetCommandAuditDigest_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(GetCommandAuditDigest_In, signHandle)), + (UINT16)(offsetof(GetCommandAuditDigest_In, qualifyingData)), + (UINT16)(offsetof(GetCommandAuditDigest_In, inScheme)), + (UINT16)(offsetof(GetCommandAuditDigest_Out, signature))}, + /* types */ {TPMI_RH_ENDORSEMENT_H_UNMARSHAL, + TPMI_DH_OBJECT_H_UNMARSHAL + ADD_FLAG, + TPM2B_DATA_P_UNMARSHAL, + TPMT_SIG_SCHEME_P_UNMARSHAL + ADD_FLAG, + END_OF_LIST, + TPM2B_ATTEST_P_MARSHAL, + TPMT_SIGNATURE_P_MARSHAL, + END_OF_LIST} +}; + +#define _GetCommandAuditDigestDataAddress (&_GetCommandAuditDigestData) +#else +#define _GetCommandAuditDigestDataAddress 0 +#endif // CC_GetCommandAuditDigest + +#if CC_GetTime + +#include "GetTime_fp.h" + +typedef TPM_RC (GetTime_Entry)( + GetTime_In *in, + GetTime_Out *out +); + +typedef const struct { + GetTime_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[4]; + BYTE types[8]; +} GetTime_COMMAND_DESCRIPTOR_t; + +GetTime_COMMAND_DESCRIPTOR_t _GetTimeData = { + /* entry */ &TPM2_GetTime, + /* inSize */ (UINT16)(sizeof(GetTime_In)), + /* outSize */ (UINT16)(sizeof(GetTime_Out)), + /* offsetOfTypes */ offsetof(GetTime_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(GetTime_In, signHandle)), + (UINT16)(offsetof(GetTime_In, qualifyingData)), + (UINT16)(offsetof(GetTime_In, inScheme)), + (UINT16)(offsetof(GetTime_Out, signature))}, + /* types */ {TPMI_RH_ENDORSEMENT_H_UNMARSHAL, + TPMI_DH_OBJECT_H_UNMARSHAL + ADD_FLAG, + TPM2B_DATA_P_UNMARSHAL, + TPMT_SIG_SCHEME_P_UNMARSHAL + ADD_FLAG, + END_OF_LIST, + TPM2B_ATTEST_P_MARSHAL, + TPMT_SIGNATURE_P_MARSHAL, + END_OF_LIST} +}; + +#define _GetTimeDataAddress (&_GetTimeData) +#else +#define _GetTimeDataAddress 0 +#endif // CC_GetTime + +#if CC_CertifyX509 + +#include "CertifyX509_fp.h" + +typedef TPM_RC (CertifyX509_Entry)( + CertifyX509_In *in, + CertifyX509_Out *out +); + +typedef const struct { + CertifyX509_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[6]; + BYTE types[10]; +} CertifyX509_COMMAND_DESCRIPTOR_t; + +CertifyX509_COMMAND_DESCRIPTOR_t _CertifyX509Data = { + /* entry */ &TPM2_CertifyX509, + /* inSize */ (UINT16)(sizeof(CertifyX509_In)), + /* outSize */ (UINT16)(sizeof(CertifyX509_Out)), + /* offsetOfTypes */ offsetof(CertifyX509_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(CertifyX509_In, signHandle)), + (UINT16)(offsetof(CertifyX509_In, qualifyingData)), + (UINT16)(offsetof(CertifyX509_In, inScheme)), + (UINT16)(offsetof(CertifyX509_In, partialCertificate)), + (UINT16)(offsetof(CertifyX509_Out, tbsDigest)), + (UINT16)(offsetof(CertifyX509_Out, signature))}, + /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, + TPMI_DH_OBJECT_H_UNMARSHAL + ADD_FLAG, + TPM2B_DATA_P_UNMARSHAL, + TPMT_SIG_SCHEME_P_UNMARSHAL + ADD_FLAG, + TPM2B_MAX_BUFFER_P_UNMARSHAL, + END_OF_LIST, + TPM2B_MAX_BUFFER_P_MARSHAL, + TPM2B_DIGEST_P_MARSHAL, + TPMT_SIGNATURE_P_MARSHAL, + END_OF_LIST} +}; + +#define _CertifyX509DataAddress (&_CertifyX509Data) +#else +#define _CertifyX509DataAddress 0 +#endif // CC_CertifyX509 + +#if CC_Commit + +#include "Commit_fp.h" + +typedef TPM_RC (Commit_Entry)( + Commit_In *in, + Commit_Out *out +); + +typedef const struct { + Commit_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[6]; + BYTE types[10]; +} Commit_COMMAND_DESCRIPTOR_t; + +Commit_COMMAND_DESCRIPTOR_t _CommitData = { + /* entry */ &TPM2_Commit, + /* inSize */ (UINT16)(sizeof(Commit_In)), + /* outSize */ (UINT16)(sizeof(Commit_Out)), + /* offsetOfTypes */ offsetof(Commit_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(Commit_In, P1)), + (UINT16)(offsetof(Commit_In, s2)), + (UINT16)(offsetof(Commit_In, y2)), + (UINT16)(offsetof(Commit_Out, L)), + (UINT16)(offsetof(Commit_Out, E)), + (UINT16)(offsetof(Commit_Out, counter))}, + /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, + TPM2B_ECC_POINT_P_UNMARSHAL, + TPM2B_SENSITIVE_DATA_P_UNMARSHAL, + TPM2B_ECC_PARAMETER_P_UNMARSHAL, + END_OF_LIST, + TPM2B_ECC_POINT_P_MARSHAL, + TPM2B_ECC_POINT_P_MARSHAL, + TPM2B_ECC_POINT_P_MARSHAL, + UINT16_P_MARSHAL, + END_OF_LIST} +}; + +#define _CommitDataAddress (&_CommitData) +#else +#define _CommitDataAddress 0 +#endif // CC_Commit + +#if CC_EC_Ephemeral + +#include "EC_Ephemeral_fp.h" + +typedef TPM_RC (EC_Ephemeral_Entry)( + EC_Ephemeral_In *in, + EC_Ephemeral_Out *out +); + +typedef const struct { + EC_Ephemeral_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[1]; + BYTE types[5]; +} EC_Ephemeral_COMMAND_DESCRIPTOR_t; + +EC_Ephemeral_COMMAND_DESCRIPTOR_t _EC_EphemeralData = { + /* entry */ &TPM2_EC_Ephemeral, + /* inSize */ (UINT16)(sizeof(EC_Ephemeral_In)), + /* outSize */ (UINT16)(sizeof(EC_Ephemeral_Out)), + /* offsetOfTypes */ offsetof(EC_Ephemeral_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(EC_Ephemeral_Out, counter))}, + /* types */ {TPMI_ECC_CURVE_P_UNMARSHAL, + END_OF_LIST, + TPM2B_ECC_POINT_P_MARSHAL, + UINT16_P_MARSHAL, + END_OF_LIST} +}; + +#define _EC_EphemeralDataAddress (&_EC_EphemeralData) +#else +#define _EC_EphemeralDataAddress 0 +#endif // CC_EC_Ephemeral + +#if CC_VerifySignature + +#include "VerifySignature_fp.h" + +typedef TPM_RC (VerifySignature_Entry)( + VerifySignature_In *in, + VerifySignature_Out *out +); + +typedef const struct { + VerifySignature_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[2]; + BYTE types[6]; +} VerifySignature_COMMAND_DESCRIPTOR_t; + +VerifySignature_COMMAND_DESCRIPTOR_t _VerifySignatureData = { + /* entry */ &TPM2_VerifySignature, + /* inSize */ (UINT16)(sizeof(VerifySignature_In)), + /* outSize */ (UINT16)(sizeof(VerifySignature_Out)), + /* offsetOfTypes */ offsetof(VerifySignature_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(VerifySignature_In, digest)), + (UINT16)(offsetof(VerifySignature_In, signature))}, + /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, + TPM2B_DIGEST_P_UNMARSHAL, + TPMT_SIGNATURE_P_UNMARSHAL, + END_OF_LIST, + TPMT_TK_VERIFIED_P_MARSHAL, + END_OF_LIST} +}; + +#define _VerifySignatureDataAddress (&_VerifySignatureData) +#else +#define _VerifySignatureDataAddress 0 +#endif // CC_VerifySignature + +#if CC_Sign + +#include "Sign_fp.h" + +typedef TPM_RC (Sign_Entry)( + Sign_In *in, + Sign_Out *out +); + +typedef const struct { + Sign_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[3]; + BYTE types[7]; +} Sign_COMMAND_DESCRIPTOR_t; + +Sign_COMMAND_DESCRIPTOR_t _SignData = { + /* entry */ &TPM2_Sign, + /* inSize */ (UINT16)(sizeof(Sign_In)), + /* outSize */ (UINT16)(sizeof(Sign_Out)), + /* offsetOfTypes */ offsetof(Sign_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(Sign_In, digest)), + (UINT16)(offsetof(Sign_In, inScheme)), + (UINT16)(offsetof(Sign_In, validation))}, + /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, + TPM2B_DIGEST_P_UNMARSHAL, + TPMT_SIG_SCHEME_P_UNMARSHAL + ADD_FLAG, + TPMT_TK_HASHCHECK_P_UNMARSHAL, + END_OF_LIST, + TPMT_SIGNATURE_P_MARSHAL, + END_OF_LIST} +}; + +#define _SignDataAddress (&_SignData) +#else +#define _SignDataAddress 0 +#endif // CC_Sign + +#if CC_SetCommandCodeAuditStatus + +#include "SetCommandCodeAuditStatus_fp.h" + +typedef TPM_RC (SetCommandCodeAuditStatus_Entry)( + SetCommandCodeAuditStatus_In *in +); + +typedef const struct { + SetCommandCodeAuditStatus_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[3]; + BYTE types[6]; +} SetCommandCodeAuditStatus_COMMAND_DESCRIPTOR_t; + +SetCommandCodeAuditStatus_COMMAND_DESCRIPTOR_t _SetCommandCodeAuditStatusData = { + /* entry */ &TPM2_SetCommandCodeAuditStatus, + /* inSize */ (UINT16)(sizeof(SetCommandCodeAuditStatus_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(SetCommandCodeAuditStatus_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(SetCommandCodeAuditStatus_In, auditAlg)), + (UINT16)(offsetof(SetCommandCodeAuditStatus_In, setList)), + (UINT16)(offsetof(SetCommandCodeAuditStatus_In, clearList))}, + /* types */ {TPMI_RH_PROVISION_H_UNMARSHAL, + TPMI_ALG_HASH_P_UNMARSHAL + ADD_FLAG, + TPML_CC_P_UNMARSHAL, + TPML_CC_P_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} +}; + +#define _SetCommandCodeAuditStatusDataAddress (&_SetCommandCodeAuditStatusData) +#else +#define _SetCommandCodeAuditStatusDataAddress 0 +#endif // CC_SetCommandCodeAuditStatus + +#if CC_PCR_Extend + +#include "PCR_Extend_fp.h" + +typedef TPM_RC (PCR_Extend_Entry)( + PCR_Extend_In *in +); + +typedef const struct { + PCR_Extend_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[1]; + BYTE types[4]; +} PCR_Extend_COMMAND_DESCRIPTOR_t; + +PCR_Extend_COMMAND_DESCRIPTOR_t _PCR_ExtendData = { + /* entry */ &TPM2_PCR_Extend, + /* inSize */ (UINT16)(sizeof(PCR_Extend_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(PCR_Extend_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(PCR_Extend_In, digests))}, + /* types */ {TPMI_DH_PCR_H_UNMARSHAL + ADD_FLAG, + TPML_DIGEST_VALUES_P_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} +}; + +#define _PCR_ExtendDataAddress (&_PCR_ExtendData) +#else +#define _PCR_ExtendDataAddress 0 +#endif // CC_PCR_Extend + +#if CC_PCR_Event + +#include "PCR_Event_fp.h" + +typedef TPM_RC (PCR_Event_Entry)( + PCR_Event_In *in, + PCR_Event_Out *out +); + +typedef const struct { + PCR_Event_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[1]; + BYTE types[5]; +} PCR_Event_COMMAND_DESCRIPTOR_t; + +PCR_Event_COMMAND_DESCRIPTOR_t _PCR_EventData = { + /* entry */ &TPM2_PCR_Event, + /* inSize */ (UINT16)(sizeof(PCR_Event_In)), + /* outSize */ (UINT16)(sizeof(PCR_Event_Out)), + /* offsetOfTypes */ offsetof(PCR_Event_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(PCR_Event_In, eventData))}, + /* types */ {TPMI_DH_PCR_H_UNMARSHAL + ADD_FLAG, + TPM2B_EVENT_P_UNMARSHAL, + END_OF_LIST, + TPML_DIGEST_VALUES_P_MARSHAL, + END_OF_LIST} +}; + +#define _PCR_EventDataAddress (&_PCR_EventData) +#else +#define _PCR_EventDataAddress 0 +#endif // CC_PCR_Event + +#if CC_PCR_Read + +#include "PCR_Read_fp.h" + +typedef TPM_RC (PCR_Read_Entry)( + PCR_Read_In *in, + PCR_Read_Out *out +); + +typedef const struct { + PCR_Read_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[2]; + BYTE types[6]; +} PCR_Read_COMMAND_DESCRIPTOR_t; + +PCR_Read_COMMAND_DESCRIPTOR_t _PCR_ReadData = { + /* entry */ &TPM2_PCR_Read, + /* inSize */ (UINT16)(sizeof(PCR_Read_In)), + /* outSize */ (UINT16)(sizeof(PCR_Read_Out)), + /* offsetOfTypes */ offsetof(PCR_Read_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(PCR_Read_Out, pcrSelectionOut)), + (UINT16)(offsetof(PCR_Read_Out, pcrValues))}, + /* types */ {TPML_PCR_SELECTION_P_UNMARSHAL, + END_OF_LIST, + UINT32_P_MARSHAL, + TPML_PCR_SELECTION_P_MARSHAL, + TPML_DIGEST_P_MARSHAL, + END_OF_LIST} +}; + +#define _PCR_ReadDataAddress (&_PCR_ReadData) +#else +#define _PCR_ReadDataAddress 0 +#endif // CC_PCR_Read + +#if CC_PCR_Allocate + +#include "PCR_Allocate_fp.h" + +typedef TPM_RC (PCR_Allocate_Entry)( + PCR_Allocate_In *in, + PCR_Allocate_Out *out +); + +typedef const struct { + PCR_Allocate_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[4]; + BYTE types[8]; +} PCR_Allocate_COMMAND_DESCRIPTOR_t; + +PCR_Allocate_COMMAND_DESCRIPTOR_t _PCR_AllocateData = { + /* entry */ &TPM2_PCR_Allocate, + /* inSize */ (UINT16)(sizeof(PCR_Allocate_In)), + /* outSize */ (UINT16)(sizeof(PCR_Allocate_Out)), + /* offsetOfTypes */ offsetof(PCR_Allocate_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(PCR_Allocate_In, pcrAllocation)), + (UINT16)(offsetof(PCR_Allocate_Out, maxPCR)), + (UINT16)(offsetof(PCR_Allocate_Out, sizeNeeded)), + (UINT16)(offsetof(PCR_Allocate_Out, sizeAvailable))}, + /* types */ {TPMI_RH_PLATFORM_H_UNMARSHAL, + TPML_PCR_SELECTION_P_UNMARSHAL, + END_OF_LIST, + TPMI_YES_NO_P_MARSHAL, + UINT32_P_MARSHAL, + UINT32_P_MARSHAL, + UINT32_P_MARSHAL, + END_OF_LIST} +}; + +#define _PCR_AllocateDataAddress (&_PCR_AllocateData) +#else +#define _PCR_AllocateDataAddress 0 +#endif // CC_PCR_Allocate + +#if CC_PCR_SetAuthPolicy + +#include "PCR_SetAuthPolicy_fp.h" + +typedef TPM_RC (PCR_SetAuthPolicy_Entry)( + PCR_SetAuthPolicy_In *in +); + +typedef const struct { + PCR_SetAuthPolicy_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[3]; + BYTE types[6]; +} PCR_SetAuthPolicy_COMMAND_DESCRIPTOR_t; + +PCR_SetAuthPolicy_COMMAND_DESCRIPTOR_t _PCR_SetAuthPolicyData = { + /* entry */ &TPM2_PCR_SetAuthPolicy, + /* inSize */ (UINT16)(sizeof(PCR_SetAuthPolicy_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(PCR_SetAuthPolicy_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(PCR_SetAuthPolicy_In, authPolicy)), + (UINT16)(offsetof(PCR_SetAuthPolicy_In, hashAlg)), + (UINT16)(offsetof(PCR_SetAuthPolicy_In, pcrNum))}, + /* types */ {TPMI_RH_PLATFORM_H_UNMARSHAL, + TPM2B_DIGEST_P_UNMARSHAL, + TPMI_ALG_HASH_P_UNMARSHAL + ADD_FLAG, + TPMI_DH_PCR_P_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} +}; + +#define _PCR_SetAuthPolicyDataAddress (&_PCR_SetAuthPolicyData) +#else +#define _PCR_SetAuthPolicyDataAddress 0 +#endif // CC_PCR_SetAuthPolicy + +#if CC_PCR_SetAuthValue + +#include "PCR_SetAuthValue_fp.h" + +typedef TPM_RC (PCR_SetAuthValue_Entry)( + PCR_SetAuthValue_In *in +); + +typedef const struct { + PCR_SetAuthValue_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[1]; + BYTE types[4]; +} PCR_SetAuthValue_COMMAND_DESCRIPTOR_t; + +PCR_SetAuthValue_COMMAND_DESCRIPTOR_t _PCR_SetAuthValueData = { + /* entry */ &TPM2_PCR_SetAuthValue, + /* inSize */ (UINT16)(sizeof(PCR_SetAuthValue_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(PCR_SetAuthValue_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(PCR_SetAuthValue_In, auth))}, + /* types */ {TPMI_DH_PCR_H_UNMARSHAL, + TPM2B_DIGEST_P_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} +}; + +#define _PCR_SetAuthValueDataAddress (&_PCR_SetAuthValueData) +#else +#define _PCR_SetAuthValueDataAddress 0 +#endif // CC_PCR_SetAuthValue + +#if CC_PCR_Reset + +#include "PCR_Reset_fp.h" + +typedef TPM_RC (PCR_Reset_Entry)( + PCR_Reset_In *in +); + +typedef const struct { + PCR_Reset_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + BYTE types[3]; +} PCR_Reset_COMMAND_DESCRIPTOR_t; + +PCR_Reset_COMMAND_DESCRIPTOR_t _PCR_ResetData = { + /* entry */ &TPM2_PCR_Reset, + /* inSize */ (UINT16)(sizeof(PCR_Reset_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(PCR_Reset_COMMAND_DESCRIPTOR_t, types), + /* offsets */ // No parameter offsets; + /* types */ {TPMI_DH_PCR_H_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} +}; + +#define _PCR_ResetDataAddress (&_PCR_ResetData) +#else +#define _PCR_ResetDataAddress 0 +#endif // CC_PCR_Reset + +#if CC_PolicySigned + +#include "PolicySigned_fp.h" + +typedef TPM_RC (PolicySigned_Entry)( + PolicySigned_In *in, + PolicySigned_Out *out +); + +typedef const struct { + PolicySigned_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[7]; + BYTE types[11]; +} PolicySigned_COMMAND_DESCRIPTOR_t; + +PolicySigned_COMMAND_DESCRIPTOR_t _PolicySignedData = { + /* entry */ &TPM2_PolicySigned, + /* inSize */ (UINT16)(sizeof(PolicySigned_In)), + /* outSize */ (UINT16)(sizeof(PolicySigned_Out)), + /* offsetOfTypes */ offsetof(PolicySigned_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(PolicySigned_In, policySession)), + (UINT16)(offsetof(PolicySigned_In, nonceTPM)), + (UINT16)(offsetof(PolicySigned_In, cpHashA)), + (UINT16)(offsetof(PolicySigned_In, policyRef)), + (UINT16)(offsetof(PolicySigned_In, expiration)), + (UINT16)(offsetof(PolicySigned_In, auth)), + (UINT16)(offsetof(PolicySigned_Out, policyTicket))}, + /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, + TPMI_SH_POLICY_H_UNMARSHAL, + TPM2B_NONCE_P_UNMARSHAL, + TPM2B_DIGEST_P_UNMARSHAL, + TPM2B_NONCE_P_UNMARSHAL, + INT32_P_UNMARSHAL, + TPMT_SIGNATURE_P_UNMARSHAL, + END_OF_LIST, + TPM2B_TIMEOUT_P_MARSHAL, + TPMT_TK_AUTH_P_MARSHAL, + END_OF_LIST} +}; + +#define _PolicySignedDataAddress (&_PolicySignedData) +#else +#define _PolicySignedDataAddress 0 +#endif // CC_PolicySigned + +#if CC_PolicySecret + +#include "PolicySecret_fp.h" + +typedef TPM_RC (PolicySecret_Entry)( + PolicySecret_In *in, + PolicySecret_Out *out +); + +typedef const struct { + PolicySecret_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[6]; + BYTE types[10]; +} PolicySecret_COMMAND_DESCRIPTOR_t; + +PolicySecret_COMMAND_DESCRIPTOR_t _PolicySecretData = { + /* entry */ &TPM2_PolicySecret, + /* inSize */ (UINT16)(sizeof(PolicySecret_In)), + /* outSize */ (UINT16)(sizeof(PolicySecret_Out)), + /* offsetOfTypes */ offsetof(PolicySecret_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(PolicySecret_In, policySession)), + (UINT16)(offsetof(PolicySecret_In, nonceTPM)), + (UINT16)(offsetof(PolicySecret_In, cpHashA)), + (UINT16)(offsetof(PolicySecret_In, policyRef)), + (UINT16)(offsetof(PolicySecret_In, expiration)), + (UINT16)(offsetof(PolicySecret_Out, policyTicket))}, + /* types */ {TPMI_DH_ENTITY_H_UNMARSHAL, + TPMI_SH_POLICY_H_UNMARSHAL, + TPM2B_NONCE_P_UNMARSHAL, + TPM2B_DIGEST_P_UNMARSHAL, + TPM2B_NONCE_P_UNMARSHAL, + INT32_P_UNMARSHAL, + END_OF_LIST, + TPM2B_TIMEOUT_P_MARSHAL, + TPMT_TK_AUTH_P_MARSHAL, + END_OF_LIST} +}; + +#define _PolicySecretDataAddress (&_PolicySecretData) +#else +#define _PolicySecretDataAddress 0 +#endif // CC_PolicySecret + +#if CC_PolicyTicket + +#include "PolicyTicket_fp.h" + +typedef TPM_RC (PolicyTicket_Entry)( + PolicyTicket_In *in +); + +typedef const struct { + PolicyTicket_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[5]; + BYTE types[8]; +} PolicyTicket_COMMAND_DESCRIPTOR_t; + +PolicyTicket_COMMAND_DESCRIPTOR_t _PolicyTicketData = { + /* entry */ &TPM2_PolicyTicket, + /* inSize */ (UINT16)(sizeof(PolicyTicket_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(PolicyTicket_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(PolicyTicket_In, timeout)), + (UINT16)(offsetof(PolicyTicket_In, cpHashA)), + (UINT16)(offsetof(PolicyTicket_In, policyRef)), + (UINT16)(offsetof(PolicyTicket_In, authName)), + (UINT16)(offsetof(PolicyTicket_In, ticket))}, + /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, + TPM2B_TIMEOUT_P_UNMARSHAL, + TPM2B_DIGEST_P_UNMARSHAL, + TPM2B_NONCE_P_UNMARSHAL, + TPM2B_NAME_P_UNMARSHAL, + TPMT_TK_AUTH_P_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} +}; + +#define _PolicyTicketDataAddress (&_PolicyTicketData) +#else +#define _PolicyTicketDataAddress 0 +#endif // CC_PolicyTicket + +#if CC_PolicyOR + +#include "PolicyOR_fp.h" + +typedef TPM_RC (PolicyOR_Entry)( + PolicyOR_In *in +); + +typedef const struct { + PolicyOR_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[1]; + BYTE types[4]; +} PolicyOR_COMMAND_DESCRIPTOR_t; + +PolicyOR_COMMAND_DESCRIPTOR_t _PolicyORData = { + /* entry */ &TPM2_PolicyOR, + /* inSize */ (UINT16)(sizeof(PolicyOR_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(PolicyOR_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(PolicyOR_In, pHashList))}, + /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, + TPML_DIGEST_P_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} +}; + +#define _PolicyORDataAddress (&_PolicyORData) +#else +#define _PolicyORDataAddress 0 +#endif // CC_PolicyOR + +#if CC_PolicyPCR + +#include "PolicyPCR_fp.h" + +typedef TPM_RC (PolicyPCR_Entry)( + PolicyPCR_In *in +); + +typedef const struct { + PolicyPCR_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[2]; + BYTE types[5]; +} PolicyPCR_COMMAND_DESCRIPTOR_t; + +PolicyPCR_COMMAND_DESCRIPTOR_t _PolicyPCRData = { + /* entry */ &TPM2_PolicyPCR, + /* inSize */ (UINT16)(sizeof(PolicyPCR_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(PolicyPCR_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(PolicyPCR_In, pcrDigest)), + (UINT16)(offsetof(PolicyPCR_In, pcrs))}, + /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, + TPM2B_DIGEST_P_UNMARSHAL, + TPML_PCR_SELECTION_P_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} +}; + +#define _PolicyPCRDataAddress (&_PolicyPCRData) +#else +#define _PolicyPCRDataAddress 0 +#endif // CC_PolicyPCR + +#if CC_PolicyLocality + +#include "PolicyLocality_fp.h" + +typedef TPM_RC (PolicyLocality_Entry)( + PolicyLocality_In *in +); + +typedef const struct { + PolicyLocality_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[1]; + BYTE types[4]; +} PolicyLocality_COMMAND_DESCRIPTOR_t; + +PolicyLocality_COMMAND_DESCRIPTOR_t _PolicyLocalityData = { + /* entry */ &TPM2_PolicyLocality, + /* inSize */ (UINT16)(sizeof(PolicyLocality_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(PolicyLocality_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(PolicyLocality_In, locality))}, + /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, + TPMA_LOCALITY_P_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} +}; + +#define _PolicyLocalityDataAddress (&_PolicyLocalityData) +#else +#define _PolicyLocalityDataAddress 0 +#endif // CC_PolicyLocality + +#if CC_PolicyNV + +#include "PolicyNV_fp.h" + +typedef TPM_RC (PolicyNV_Entry)( + PolicyNV_In *in +); + +typedef const struct { + PolicyNV_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[5]; + BYTE types[8]; +} PolicyNV_COMMAND_DESCRIPTOR_t; + +PolicyNV_COMMAND_DESCRIPTOR_t _PolicyNVData = { + /* entry */ &TPM2_PolicyNV, + /* inSize */ (UINT16)(sizeof(PolicyNV_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(PolicyNV_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(PolicyNV_In, nvIndex)), + (UINT16)(offsetof(PolicyNV_In, policySession)), + (UINT16)(offsetof(PolicyNV_In, operandB)), + (UINT16)(offsetof(PolicyNV_In, offset)), + (UINT16)(offsetof(PolicyNV_In, operation))}, + /* types */ {TPMI_RH_NV_AUTH_H_UNMARSHAL, + TPMI_RH_NV_INDEX_H_UNMARSHAL, + TPMI_SH_POLICY_H_UNMARSHAL, + TPM2B_OPERAND_P_UNMARSHAL, + UINT16_P_UNMARSHAL, + TPM_EO_P_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} +}; + +#define _PolicyNVDataAddress (&_PolicyNVData) +#else +#define _PolicyNVDataAddress 0 +#endif // CC_PolicyNV + +#if CC_PolicyCounterTimer + +#include "PolicyCounterTimer_fp.h" + +typedef TPM_RC (PolicyCounterTimer_Entry)( + PolicyCounterTimer_In *in +); + +typedef const struct { + PolicyCounterTimer_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[3]; + BYTE types[6]; +} PolicyCounterTimer_COMMAND_DESCRIPTOR_t; + +PolicyCounterTimer_COMMAND_DESCRIPTOR_t _PolicyCounterTimerData = { + /* entry */ &TPM2_PolicyCounterTimer, + /* inSize */ (UINT16)(sizeof(PolicyCounterTimer_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(PolicyCounterTimer_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(PolicyCounterTimer_In, operandB)), + (UINT16)(offsetof(PolicyCounterTimer_In, offset)), + (UINT16)(offsetof(PolicyCounterTimer_In, operation))}, + /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, + TPM2B_OPERAND_P_UNMARSHAL, + UINT16_P_UNMARSHAL, + TPM_EO_P_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} +}; + +#define _PolicyCounterTimerDataAddress (&_PolicyCounterTimerData) +#else +#define _PolicyCounterTimerDataAddress 0 +#endif // CC_PolicyCounterTimer + +#if CC_PolicyCommandCode + +#include "PolicyCommandCode_fp.h" + +typedef TPM_RC (PolicyCommandCode_Entry)( + PolicyCommandCode_In *in +); + +typedef const struct { + PolicyCommandCode_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[1]; + BYTE types[4]; +} PolicyCommandCode_COMMAND_DESCRIPTOR_t; + +PolicyCommandCode_COMMAND_DESCRIPTOR_t _PolicyCommandCodeData = { + /* entry */ &TPM2_PolicyCommandCode, + /* inSize */ (UINT16)(sizeof(PolicyCommandCode_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(PolicyCommandCode_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(PolicyCommandCode_In, code))}, + /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, + TPM_CC_P_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} +}; + +#define _PolicyCommandCodeDataAddress (&_PolicyCommandCodeData) +#else +#define _PolicyCommandCodeDataAddress 0 +#endif // CC_PolicyCommandCode + +#if CC_PolicyPhysicalPresence + +#include "PolicyPhysicalPresence_fp.h" + +typedef TPM_RC (PolicyPhysicalPresence_Entry)( + PolicyPhysicalPresence_In *in +); + +typedef const struct { + PolicyPhysicalPresence_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + BYTE types[3]; +} PolicyPhysicalPresence_COMMAND_DESCRIPTOR_t; + +PolicyPhysicalPresence_COMMAND_DESCRIPTOR_t _PolicyPhysicalPresenceData = { + /* entry */ &TPM2_PolicyPhysicalPresence, + /* inSize */ (UINT16)(sizeof(PolicyPhysicalPresence_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(PolicyPhysicalPresence_COMMAND_DESCRIPTOR_t, types), + /* offsets */ // No parameter offsets; + /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} +}; + +#define _PolicyPhysicalPresenceDataAddress (&_PolicyPhysicalPresenceData) +#else +#define _PolicyPhysicalPresenceDataAddress 0 +#endif // CC_PolicyPhysicalPresence + +#if CC_PolicyCpHash + +#include "PolicyCpHash_fp.h" + +typedef TPM_RC (PolicyCpHash_Entry)( + PolicyCpHash_In *in +); + +typedef const struct { + PolicyCpHash_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[1]; + BYTE types[4]; +} PolicyCpHash_COMMAND_DESCRIPTOR_t; + +PolicyCpHash_COMMAND_DESCRIPTOR_t _PolicyCpHashData = { + /* entry */ &TPM2_PolicyCpHash, + /* inSize */ (UINT16)(sizeof(PolicyCpHash_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(PolicyCpHash_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(PolicyCpHash_In, cpHashA))}, + /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, + TPM2B_DIGEST_P_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} +}; + +#define _PolicyCpHashDataAddress (&_PolicyCpHashData) +#else +#define _PolicyCpHashDataAddress 0 +#endif // CC_PolicyCpHash + +#if CC_PolicyNameHash + +#include "PolicyNameHash_fp.h" + +typedef TPM_RC (PolicyNameHash_Entry)( + PolicyNameHash_In *in +); + +typedef const struct { + PolicyNameHash_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[1]; + BYTE types[4]; +} PolicyNameHash_COMMAND_DESCRIPTOR_t; + +PolicyNameHash_COMMAND_DESCRIPTOR_t _PolicyNameHashData = { + /* entry */ &TPM2_PolicyNameHash, + /* inSize */ (UINT16)(sizeof(PolicyNameHash_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(PolicyNameHash_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(PolicyNameHash_In, nameHash))}, + /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, + TPM2B_DIGEST_P_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} +}; + +#define _PolicyNameHashDataAddress (&_PolicyNameHashData) +#else +#define _PolicyNameHashDataAddress 0 +#endif // CC_PolicyNameHash + +#if CC_PolicyDuplicationSelect + +#include "PolicyDuplicationSelect_fp.h" + +typedef TPM_RC (PolicyDuplicationSelect_Entry)( + PolicyDuplicationSelect_In *in +); + +typedef const struct { + PolicyDuplicationSelect_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[3]; + BYTE types[6]; +} PolicyDuplicationSelect_COMMAND_DESCRIPTOR_t; + +PolicyDuplicationSelect_COMMAND_DESCRIPTOR_t _PolicyDuplicationSelectData = { + /* entry */ &TPM2_PolicyDuplicationSelect, + /* inSize */ (UINT16)(sizeof(PolicyDuplicationSelect_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(PolicyDuplicationSelect_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(PolicyDuplicationSelect_In, objectName)), + (UINT16)(offsetof(PolicyDuplicationSelect_In, newParentName)), + (UINT16)(offsetof(PolicyDuplicationSelect_In, includeObject))}, + /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, + TPM2B_NAME_P_UNMARSHAL, + TPM2B_NAME_P_UNMARSHAL, + TPMI_YES_NO_P_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} +}; + +#define _PolicyDuplicationSelectDataAddress (&_PolicyDuplicationSelectData) +#else +#define _PolicyDuplicationSelectDataAddress 0 +#endif // CC_PolicyDuplicationSelect + +#if CC_PolicyAuthorize + +#include "PolicyAuthorize_fp.h" + +typedef TPM_RC (PolicyAuthorize_Entry)( + PolicyAuthorize_In *in +); + +typedef const struct { + PolicyAuthorize_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[4]; + BYTE types[7]; +} PolicyAuthorize_COMMAND_DESCRIPTOR_t; + +PolicyAuthorize_COMMAND_DESCRIPTOR_t _PolicyAuthorizeData = { + /* entry */ &TPM2_PolicyAuthorize, + /* inSize */ (UINT16)(sizeof(PolicyAuthorize_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(PolicyAuthorize_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(PolicyAuthorize_In, approvedPolicy)), + (UINT16)(offsetof(PolicyAuthorize_In, policyRef)), + (UINT16)(offsetof(PolicyAuthorize_In, keySign)), + (UINT16)(offsetof(PolicyAuthorize_In, checkTicket))}, + /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, + TPM2B_DIGEST_P_UNMARSHAL, + TPM2B_NONCE_P_UNMARSHAL, + TPM2B_NAME_P_UNMARSHAL, + TPMT_TK_VERIFIED_P_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} +}; + +#define _PolicyAuthorizeDataAddress (&_PolicyAuthorizeData) +#else +#define _PolicyAuthorizeDataAddress 0 +#endif // CC_PolicyAuthorize + +#if CC_PolicyAuthValue + +#include "PolicyAuthValue_fp.h" + +typedef TPM_RC (PolicyAuthValue_Entry)( + PolicyAuthValue_In *in +); + +typedef const struct { + PolicyAuthValue_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + BYTE types[3]; +} PolicyAuthValue_COMMAND_DESCRIPTOR_t; + +PolicyAuthValue_COMMAND_DESCRIPTOR_t _PolicyAuthValueData = { + /* entry */ &TPM2_PolicyAuthValue, + /* inSize */ (UINT16)(sizeof(PolicyAuthValue_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(PolicyAuthValue_COMMAND_DESCRIPTOR_t, types), + /* offsets */ // No parameter offsets; + /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} +}; + +#define _PolicyAuthValueDataAddress (&_PolicyAuthValueData) +#else +#define _PolicyAuthValueDataAddress 0 +#endif // CC_PolicyAuthValue + +#if CC_PolicyPassword + +#include "PolicyPassword_fp.h" + +typedef TPM_RC (PolicyPassword_Entry)( + PolicyPassword_In *in +); + +typedef const struct { + PolicyPassword_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + BYTE types[3]; +} PolicyPassword_COMMAND_DESCRIPTOR_t; + +PolicyPassword_COMMAND_DESCRIPTOR_t _PolicyPasswordData = { + /* entry */ &TPM2_PolicyPassword, + /* inSize */ (UINT16)(sizeof(PolicyPassword_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(PolicyPassword_COMMAND_DESCRIPTOR_t, types), + /* offsets */ // No parameter offsets; + /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} +}; + +#define _PolicyPasswordDataAddress (&_PolicyPasswordData) +#else +#define _PolicyPasswordDataAddress 0 +#endif // CC_PolicyPassword + +#if CC_PolicyGetDigest + +#include "PolicyGetDigest_fp.h" + +typedef TPM_RC (PolicyGetDigest_Entry)( + PolicyGetDigest_In *in, + PolicyGetDigest_Out *out +); + +typedef const struct { + PolicyGetDigest_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + BYTE types[4]; +} PolicyGetDigest_COMMAND_DESCRIPTOR_t; + +PolicyGetDigest_COMMAND_DESCRIPTOR_t _PolicyGetDigestData = { + /* entry */ &TPM2_PolicyGetDigest, + /* inSize */ (UINT16)(sizeof(PolicyGetDigest_In)), + /* outSize */ (UINT16)(sizeof(PolicyGetDigest_Out)), + /* offsetOfTypes */ offsetof(PolicyGetDigest_COMMAND_DESCRIPTOR_t, types), + /* offsets */ // No parameter offsets; + /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, + END_OF_LIST, + TPM2B_DIGEST_P_MARSHAL, + END_OF_LIST} +}; + +#define _PolicyGetDigestDataAddress (&_PolicyGetDigestData) +#else +#define _PolicyGetDigestDataAddress 0 +#endif // CC_PolicyGetDigest + +#if CC_PolicyNvWritten + +#include "PolicyNvWritten_fp.h" + +typedef TPM_RC (PolicyNvWritten_Entry)( + PolicyNvWritten_In *in +); + +typedef const struct { + PolicyNvWritten_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[1]; + BYTE types[4]; +} PolicyNvWritten_COMMAND_DESCRIPTOR_t; + +PolicyNvWritten_COMMAND_DESCRIPTOR_t _PolicyNvWrittenData = { + /* entry */ &TPM2_PolicyNvWritten, + /* inSize */ (UINT16)(sizeof(PolicyNvWritten_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(PolicyNvWritten_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(PolicyNvWritten_In, writtenSet))}, + /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, + TPMI_YES_NO_P_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} +}; + +#define _PolicyNvWrittenDataAddress (&_PolicyNvWrittenData) +#else +#define _PolicyNvWrittenDataAddress 0 +#endif // CC_PolicyNvWritten + +#if CC_PolicyTemplate + +#include "PolicyTemplate_fp.h" + +typedef TPM_RC (PolicyTemplate_Entry)( + PolicyTemplate_In *in +); + +typedef const struct { + PolicyTemplate_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[1]; + BYTE types[4]; +} PolicyTemplate_COMMAND_DESCRIPTOR_t; + +PolicyTemplate_COMMAND_DESCRIPTOR_t _PolicyTemplateData = { + /* entry */ &TPM2_PolicyTemplate, + /* inSize */ (UINT16)(sizeof(PolicyTemplate_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(PolicyTemplate_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(PolicyTemplate_In, templateHash))}, + /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, + TPM2B_DIGEST_P_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} +}; + +#define _PolicyTemplateDataAddress (&_PolicyTemplateData) +#else +#define _PolicyTemplateDataAddress 0 +#endif // CC_PolicyTemplate + +#if CC_PolicyAuthorizeNV + +#include "PolicyAuthorizeNV_fp.h" + +typedef TPM_RC (PolicyAuthorizeNV_Entry)( + PolicyAuthorizeNV_In *in +); + +typedef const struct { + PolicyAuthorizeNV_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[2]; + BYTE types[5]; +} PolicyAuthorizeNV_COMMAND_DESCRIPTOR_t; + +PolicyAuthorizeNV_COMMAND_DESCRIPTOR_t _PolicyAuthorizeNVData = { + /* entry */ &TPM2_PolicyAuthorizeNV, + /* inSize */ (UINT16)(sizeof(PolicyAuthorizeNV_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(PolicyAuthorizeNV_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(PolicyAuthorizeNV_In, nvIndex)), + (UINT16)(offsetof(PolicyAuthorizeNV_In, policySession))}, + /* types */ {TPMI_RH_NV_AUTH_H_UNMARSHAL, + TPMI_RH_NV_INDEX_H_UNMARSHAL, + TPMI_SH_POLICY_H_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} +}; + +#define _PolicyAuthorizeNVDataAddress (&_PolicyAuthorizeNVData) +#else +#define _PolicyAuthorizeNVDataAddress 0 +#endif // CC_PolicyAuthorizeNV + +#if CC_CreatePrimary + +#include "CreatePrimary_fp.h" + +typedef TPM_RC (CreatePrimary_Entry)( + CreatePrimary_In *in, + CreatePrimary_Out *out +); + +typedef const struct { + CreatePrimary_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[9]; + BYTE types[13]; +} CreatePrimary_COMMAND_DESCRIPTOR_t; + +CreatePrimary_COMMAND_DESCRIPTOR_t _CreatePrimaryData = { + /* entry */ &TPM2_CreatePrimary, + /* inSize */ (UINT16)(sizeof(CreatePrimary_In)), + /* outSize */ (UINT16)(sizeof(CreatePrimary_Out)), + /* offsetOfTypes */ offsetof(CreatePrimary_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(CreatePrimary_In, inSensitive)), + (UINT16)(offsetof(CreatePrimary_In, inPublic)), + (UINT16)(offsetof(CreatePrimary_In, outsideInfo)), + (UINT16)(offsetof(CreatePrimary_In, creationPCR)), + (UINT16)(offsetof(CreatePrimary_Out, outPublic)), + (UINT16)(offsetof(CreatePrimary_Out, creationData)), + (UINT16)(offsetof(CreatePrimary_Out, creationHash)), + (UINT16)(offsetof(CreatePrimary_Out, creationTicket)), + (UINT16)(offsetof(CreatePrimary_Out, name))}, + /* types */ {TPMI_RH_HIERARCHY_H_UNMARSHAL + ADD_FLAG, + TPM2B_SENSITIVE_CREATE_P_UNMARSHAL, + TPM2B_PUBLIC_P_UNMARSHAL, + TPM2B_DATA_P_UNMARSHAL, + TPML_PCR_SELECTION_P_UNMARSHAL, + END_OF_LIST, + TPM_HANDLE_H_MARSHAL, + TPM2B_PUBLIC_P_MARSHAL, + TPM2B_CREATION_DATA_P_MARSHAL, + TPM2B_DIGEST_P_MARSHAL, + TPMT_TK_CREATION_P_MARSHAL, + TPM2B_NAME_P_MARSHAL, + END_OF_LIST} +}; + +#define _CreatePrimaryDataAddress (&_CreatePrimaryData) +#else +#define _CreatePrimaryDataAddress 0 +#endif // CC_CreatePrimary + +#if CC_HierarchyControl + +#include "HierarchyControl_fp.h" + +typedef TPM_RC (HierarchyControl_Entry)( + HierarchyControl_In *in +); + +typedef const struct { + HierarchyControl_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[2]; + BYTE types[5]; +} HierarchyControl_COMMAND_DESCRIPTOR_t; + +HierarchyControl_COMMAND_DESCRIPTOR_t _HierarchyControlData = { + /* entry */ &TPM2_HierarchyControl, + /* inSize */ (UINT16)(sizeof(HierarchyControl_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(HierarchyControl_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(HierarchyControl_In, enable)), + (UINT16)(offsetof(HierarchyControl_In, state))}, + /* types */ {TPMI_RH_HIERARCHY_H_UNMARSHAL, + TPMI_RH_ENABLES_P_UNMARSHAL, + TPMI_YES_NO_P_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} +}; + +#define _HierarchyControlDataAddress (&_HierarchyControlData) +#else +#define _HierarchyControlDataAddress 0 +#endif // CC_HierarchyControl + +#if CC_SetPrimaryPolicy + +#include "SetPrimaryPolicy_fp.h" + +typedef TPM_RC (SetPrimaryPolicy_Entry)( + SetPrimaryPolicy_In *in +); + +typedef const struct { + SetPrimaryPolicy_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[2]; + BYTE types[5]; +} SetPrimaryPolicy_COMMAND_DESCRIPTOR_t; + +SetPrimaryPolicy_COMMAND_DESCRIPTOR_t _SetPrimaryPolicyData = { + /* entry */ &TPM2_SetPrimaryPolicy, + /* inSize */ (UINT16)(sizeof(SetPrimaryPolicy_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(SetPrimaryPolicy_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(SetPrimaryPolicy_In, authPolicy)), + (UINT16)(offsetof(SetPrimaryPolicy_In, hashAlg))}, + /* types */ {TPMI_RH_HIERARCHY_AUTH_H_UNMARSHAL, + TPM2B_DIGEST_P_UNMARSHAL, + TPMI_ALG_HASH_P_UNMARSHAL + ADD_FLAG, + END_OF_LIST, + END_OF_LIST} +}; + +#define _SetPrimaryPolicyDataAddress (&_SetPrimaryPolicyData) +#else +#define _SetPrimaryPolicyDataAddress 0 +#endif // CC_SetPrimaryPolicy + +#if CC_ChangePPS + +#include "ChangePPS_fp.h" + +typedef TPM_RC (ChangePPS_Entry)( + ChangePPS_In *in +); + +typedef const struct { + ChangePPS_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + BYTE types[3]; +} ChangePPS_COMMAND_DESCRIPTOR_t; + +ChangePPS_COMMAND_DESCRIPTOR_t _ChangePPSData = { + /* entry */ &TPM2_ChangePPS, + /* inSize */ (UINT16)(sizeof(ChangePPS_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(ChangePPS_COMMAND_DESCRIPTOR_t, types), + /* offsets */ // No parameter offsets; + /* types */ {TPMI_RH_PLATFORM_H_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} +}; + +#define _ChangePPSDataAddress (&_ChangePPSData) +#else +#define _ChangePPSDataAddress 0 +#endif // CC_ChangePPS + +#if CC_ChangeEPS + +#include "ChangeEPS_fp.h" + +typedef TPM_RC (ChangeEPS_Entry)( + ChangeEPS_In *in +); + +typedef const struct { + ChangeEPS_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + BYTE types[3]; +} ChangeEPS_COMMAND_DESCRIPTOR_t; + +ChangeEPS_COMMAND_DESCRIPTOR_t _ChangeEPSData = { + /* entry */ &TPM2_ChangeEPS, + /* inSize */ (UINT16)(sizeof(ChangeEPS_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(ChangeEPS_COMMAND_DESCRIPTOR_t, types), + /* offsets */ // No parameter offsets; + /* types */ {TPMI_RH_PLATFORM_H_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} +}; + +#define _ChangeEPSDataAddress (&_ChangeEPSData) +#else +#define _ChangeEPSDataAddress 0 +#endif // CC_ChangeEPS + +#if CC_Clear + +#include "Clear_fp.h" + +typedef TPM_RC (Clear_Entry)( + Clear_In *in +); + +typedef const struct { + Clear_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + BYTE types[3]; +} Clear_COMMAND_DESCRIPTOR_t; + +Clear_COMMAND_DESCRIPTOR_t _ClearData = { + /* entry */ &TPM2_Clear, + /* inSize */ (UINT16)(sizeof(Clear_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(Clear_COMMAND_DESCRIPTOR_t, types), + /* offsets */ // No parameter offsets; + /* types */ {TPMI_RH_CLEAR_H_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} +}; + +#define _ClearDataAddress (&_ClearData) +#else +#define _ClearDataAddress 0 +#endif // CC_Clear + +#if CC_ClearControl + +#include "ClearControl_fp.h" + +typedef TPM_RC (ClearControl_Entry)( + ClearControl_In *in +); + +typedef const struct { + ClearControl_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[1]; + BYTE types[4]; +} ClearControl_COMMAND_DESCRIPTOR_t; + +ClearControl_COMMAND_DESCRIPTOR_t _ClearControlData = { + /* entry */ &TPM2_ClearControl, + /* inSize */ (UINT16)(sizeof(ClearControl_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(ClearControl_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(ClearControl_In, disable))}, + /* types */ {TPMI_RH_CLEAR_H_UNMARSHAL, + TPMI_YES_NO_P_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} +}; + +#define _ClearControlDataAddress (&_ClearControlData) +#else +#define _ClearControlDataAddress 0 +#endif // CC_ClearControl + +#if CC_HierarchyChangeAuth + +#include "HierarchyChangeAuth_fp.h" + +typedef TPM_RC (HierarchyChangeAuth_Entry)( + HierarchyChangeAuth_In *in +); + +typedef const struct { + HierarchyChangeAuth_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[1]; + BYTE types[4]; +} HierarchyChangeAuth_COMMAND_DESCRIPTOR_t; + +HierarchyChangeAuth_COMMAND_DESCRIPTOR_t _HierarchyChangeAuthData = { + /* entry */ &TPM2_HierarchyChangeAuth, + /* inSize */ (UINT16)(sizeof(HierarchyChangeAuth_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(HierarchyChangeAuth_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(HierarchyChangeAuth_In, newAuth))}, + /* types */ {TPMI_RH_HIERARCHY_AUTH_H_UNMARSHAL, + TPM2B_AUTH_P_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} +}; + +#define _HierarchyChangeAuthDataAddress (&_HierarchyChangeAuthData) +#else +#define _HierarchyChangeAuthDataAddress 0 +#endif // CC_HierarchyChangeAuth + +#if CC_DictionaryAttackLockReset + +#include "DictionaryAttackLockReset_fp.h" + +typedef TPM_RC (DictionaryAttackLockReset_Entry)( + DictionaryAttackLockReset_In *in +); + +typedef const struct { + DictionaryAttackLockReset_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + BYTE types[3]; +} DictionaryAttackLockReset_COMMAND_DESCRIPTOR_t; + +DictionaryAttackLockReset_COMMAND_DESCRIPTOR_t _DictionaryAttackLockResetData = { + /* entry */ &TPM2_DictionaryAttackLockReset, + /* inSize */ (UINT16)(sizeof(DictionaryAttackLockReset_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(DictionaryAttackLockReset_COMMAND_DESCRIPTOR_t, types), + /* offsets */ // No parameter offsets; + /* types */ {TPMI_RH_LOCKOUT_H_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} +}; + +#define _DictionaryAttackLockResetDataAddress (&_DictionaryAttackLockResetData) +#else +#define _DictionaryAttackLockResetDataAddress 0 +#endif // CC_DictionaryAttackLockReset + +#if CC_DictionaryAttackParameters + +#include "DictionaryAttackParameters_fp.h" + +typedef TPM_RC (DictionaryAttackParameters_Entry)( + DictionaryAttackParameters_In *in +); + +typedef const struct { + DictionaryAttackParameters_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[3]; + BYTE types[6]; +} DictionaryAttackParameters_COMMAND_DESCRIPTOR_t; + +DictionaryAttackParameters_COMMAND_DESCRIPTOR_t _DictionaryAttackParametersData = { + /* entry */ &TPM2_DictionaryAttackParameters, + /* inSize */ (UINT16)(sizeof(DictionaryAttackParameters_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(DictionaryAttackParameters_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(DictionaryAttackParameters_In, newMaxTries)), + (UINT16)(offsetof(DictionaryAttackParameters_In, newRecoveryTime)), + (UINT16)(offsetof(DictionaryAttackParameters_In, lockoutRecovery))}, + /* types */ {TPMI_RH_LOCKOUT_H_UNMARSHAL, + UINT32_P_UNMARSHAL, + UINT32_P_UNMARSHAL, + UINT32_P_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} +}; + +#define _DictionaryAttackParametersDataAddress (&_DictionaryAttackParametersData) +#else +#define _DictionaryAttackParametersDataAddress 0 +#endif // CC_DictionaryAttackParameters + +#if CC_PP_Commands + +#include "PP_Commands_fp.h" + +typedef TPM_RC (PP_Commands_Entry)( + PP_Commands_In *in +); + +typedef const struct { + PP_Commands_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[2]; + BYTE types[5]; +} PP_Commands_COMMAND_DESCRIPTOR_t; + +PP_Commands_COMMAND_DESCRIPTOR_t _PP_CommandsData = { + /* entry */ &TPM2_PP_Commands, + /* inSize */ (UINT16)(sizeof(PP_Commands_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(PP_Commands_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(PP_Commands_In, setList)), + (UINT16)(offsetof(PP_Commands_In, clearList))}, + /* types */ {TPMI_RH_PLATFORM_H_UNMARSHAL, + TPML_CC_P_UNMARSHAL, + TPML_CC_P_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} +}; + +#define _PP_CommandsDataAddress (&_PP_CommandsData) +#else +#define _PP_CommandsDataAddress 0 +#endif // CC_PP_Commands + +#if CC_SetAlgorithmSet + +#include "SetAlgorithmSet_fp.h" + +typedef TPM_RC (SetAlgorithmSet_Entry)( + SetAlgorithmSet_In *in +); + +typedef const struct { + SetAlgorithmSet_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[1]; + BYTE types[4]; +} SetAlgorithmSet_COMMAND_DESCRIPTOR_t; + +SetAlgorithmSet_COMMAND_DESCRIPTOR_t _SetAlgorithmSetData = { + /* entry */ &TPM2_SetAlgorithmSet, + /* inSize */ (UINT16)(sizeof(SetAlgorithmSet_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(SetAlgorithmSet_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(SetAlgorithmSet_In, algorithmSet))}, + /* types */ {TPMI_RH_PLATFORM_H_UNMARSHAL, + UINT32_P_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} +}; + +#define _SetAlgorithmSetDataAddress (&_SetAlgorithmSetData) +#else +#define _SetAlgorithmSetDataAddress 0 +#endif // CC_SetAlgorithmSet + +#if CC_FieldUpgradeStart + +#include "FieldUpgradeStart_fp.h" + +typedef TPM_RC (FieldUpgradeStart_Entry)( + FieldUpgradeStart_In *in +); + +typedef const struct { + FieldUpgradeStart_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[3]; + BYTE types[6]; +} FieldUpgradeStart_COMMAND_DESCRIPTOR_t; + +FieldUpgradeStart_COMMAND_DESCRIPTOR_t _FieldUpgradeStartData = { + /* entry */ &TPM2_FieldUpgradeStart, + /* inSize */ (UINT16)(sizeof(FieldUpgradeStart_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(FieldUpgradeStart_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(FieldUpgradeStart_In, keyHandle)), + (UINT16)(offsetof(FieldUpgradeStart_In, fuDigest)), + (UINT16)(offsetof(FieldUpgradeStart_In, manifestSignature))}, + /* types */ {TPMI_RH_PLATFORM_H_UNMARSHAL, + TPMI_DH_OBJECT_H_UNMARSHAL, + TPM2B_DIGEST_P_UNMARSHAL, + TPMT_SIGNATURE_P_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} +}; + +#define _FieldUpgradeStartDataAddress (&_FieldUpgradeStartData) +#else +#define _FieldUpgradeStartDataAddress 0 +#endif // CC_FieldUpgradeStart + +#if CC_FieldUpgradeData + +#include "FieldUpgradeData_fp.h" + +typedef TPM_RC (FieldUpgradeData_Entry)( + FieldUpgradeData_In *in, + FieldUpgradeData_Out *out +); + +typedef const struct { + FieldUpgradeData_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[1]; + BYTE types[5]; +} FieldUpgradeData_COMMAND_DESCRIPTOR_t; + +FieldUpgradeData_COMMAND_DESCRIPTOR_t _FieldUpgradeDataData = { + /* entry */ &TPM2_FieldUpgradeData, + /* inSize */ (UINT16)(sizeof(FieldUpgradeData_In)), + /* outSize */ (UINT16)(sizeof(FieldUpgradeData_Out)), + /* offsetOfTypes */ offsetof(FieldUpgradeData_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(FieldUpgradeData_Out, firstDigest))}, + /* types */ {TPM2B_MAX_BUFFER_P_UNMARSHAL, + END_OF_LIST, + TPMT_HA_P_MARSHAL, + TPMT_HA_P_MARSHAL, + END_OF_LIST} +}; + +#define _FieldUpgradeDataDataAddress (&_FieldUpgradeDataData) +#else +#define _FieldUpgradeDataDataAddress 0 +#endif // CC_FieldUpgradeData + +#if CC_FirmwareRead + +#include "FirmwareRead_fp.h" + +typedef TPM_RC (FirmwareRead_Entry)( + FirmwareRead_In *in, + FirmwareRead_Out *out +); + +typedef const struct { + FirmwareRead_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + BYTE types[4]; +} FirmwareRead_COMMAND_DESCRIPTOR_t; + +FirmwareRead_COMMAND_DESCRIPTOR_t _FirmwareReadData = { + /* entry */ &TPM2_FirmwareRead, + /* inSize */ (UINT16)(sizeof(FirmwareRead_In)), + /* outSize */ (UINT16)(sizeof(FirmwareRead_Out)), + /* offsetOfTypes */ offsetof(FirmwareRead_COMMAND_DESCRIPTOR_t, types), + /* offsets */ // No parameter offsets; + /* types */ {UINT32_P_UNMARSHAL, + END_OF_LIST, + TPM2B_MAX_BUFFER_P_MARSHAL, + END_OF_LIST} +}; + +#define _FirmwareReadDataAddress (&_FirmwareReadData) +#else +#define _FirmwareReadDataAddress 0 +#endif // CC_FirmwareRead + +#if CC_ContextSave + +#include "ContextSave_fp.h" + +typedef TPM_RC (ContextSave_Entry)( + ContextSave_In *in, + ContextSave_Out *out +); + +typedef const struct { + ContextSave_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + BYTE types[4]; +} ContextSave_COMMAND_DESCRIPTOR_t; + +ContextSave_COMMAND_DESCRIPTOR_t _ContextSaveData = { + /* entry */ &TPM2_ContextSave, + /* inSize */ (UINT16)(sizeof(ContextSave_In)), + /* outSize */ (UINT16)(sizeof(ContextSave_Out)), + /* offsetOfTypes */ offsetof(ContextSave_COMMAND_DESCRIPTOR_t, types), + /* offsets */ // No parameter offsets; + /* types */ {TPMI_DH_CONTEXT_H_UNMARSHAL, + END_OF_LIST, + TPMS_CONTEXT_P_MARSHAL, + END_OF_LIST} +}; + +#define _ContextSaveDataAddress (&_ContextSaveData) +#else +#define _ContextSaveDataAddress 0 +#endif // CC_ContextSave + +#if CC_ContextLoad + +#include "ContextLoad_fp.h" + +typedef TPM_RC (ContextLoad_Entry)( + ContextLoad_In *in, + ContextLoad_Out *out +); + +typedef const struct { + ContextLoad_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + BYTE types[4]; +} ContextLoad_COMMAND_DESCRIPTOR_t; + +ContextLoad_COMMAND_DESCRIPTOR_t _ContextLoadData = { + /* entry */ &TPM2_ContextLoad, + /* inSize */ (UINT16)(sizeof(ContextLoad_In)), + /* outSize */ (UINT16)(sizeof(ContextLoad_Out)), + /* offsetOfTypes */ offsetof(ContextLoad_COMMAND_DESCRIPTOR_t, types), + /* offsets */ // No parameter offsets; + /* types */ {TPMS_CONTEXT_P_UNMARSHAL, + END_OF_LIST, + TPMI_DH_CONTEXT_H_MARSHAL, + END_OF_LIST} +}; + +#define _ContextLoadDataAddress (&_ContextLoadData) +#else +#define _ContextLoadDataAddress 0 +#endif // CC_ContextLoad + +#if CC_FlushContext + +#include "FlushContext_fp.h" + +typedef TPM_RC (FlushContext_Entry)( + FlushContext_In *in +); + +typedef const struct { + FlushContext_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + BYTE types[3]; +} FlushContext_COMMAND_DESCRIPTOR_t; + +FlushContext_COMMAND_DESCRIPTOR_t _FlushContextData = { + /* entry */ &TPM2_FlushContext, + /* inSize */ (UINT16)(sizeof(FlushContext_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(FlushContext_COMMAND_DESCRIPTOR_t, types), + /* offsets */ // No parameter offsets; + /* types */ {TPMI_DH_CONTEXT_P_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} +}; + +#define _FlushContextDataAddress (&_FlushContextData) +#else +#define _FlushContextDataAddress 0 +#endif // CC_FlushContext + +#if CC_EvictControl + +#include "EvictControl_fp.h" + +typedef TPM_RC (EvictControl_Entry)( + EvictControl_In *in +); + +typedef const struct { + EvictControl_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[2]; + BYTE types[5]; +} EvictControl_COMMAND_DESCRIPTOR_t; + +EvictControl_COMMAND_DESCRIPTOR_t _EvictControlData = { + /* entry */ &TPM2_EvictControl, + /* inSize */ (UINT16)(sizeof(EvictControl_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(EvictControl_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(EvictControl_In, objectHandle)), + (UINT16)(offsetof(EvictControl_In, persistentHandle))}, + /* types */ {TPMI_RH_PROVISION_H_UNMARSHAL, + TPMI_DH_OBJECT_H_UNMARSHAL, + TPMI_DH_PERSISTENT_P_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} +}; + +#define _EvictControlDataAddress (&_EvictControlData) +#else +#define _EvictControlDataAddress 0 +#endif // CC_EvictControl + +#if CC_ReadClock + +#include "ReadClock_fp.h" + +typedef TPM_RC (ReadClock_Entry)( + ReadClock_Out *out +); + +typedef const struct { + ReadClock_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + BYTE types[3]; +} ReadClock_COMMAND_DESCRIPTOR_t; + +ReadClock_COMMAND_DESCRIPTOR_t _ReadClockData = { + /* entry */ &TPM2_ReadClock, + /* inSize */ 0, + /* outSize */ (UINT16)(sizeof(ReadClock_Out)), + /* offsetOfTypes */ offsetof(ReadClock_COMMAND_DESCRIPTOR_t, types), + /* offsets */ // No parameter offsets; + /* types */ {END_OF_LIST, + TPMS_TIME_INFO_P_MARSHAL, + END_OF_LIST} +}; + +#define _ReadClockDataAddress (&_ReadClockData) +#else +#define _ReadClockDataAddress 0 +#endif // CC_ReadClock + +#if CC_ClockSet + +#include "ClockSet_fp.h" + +typedef TPM_RC (ClockSet_Entry)( + ClockSet_In *in +); + +typedef const struct { + ClockSet_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[1]; + BYTE types[4]; +} ClockSet_COMMAND_DESCRIPTOR_t; + +ClockSet_COMMAND_DESCRIPTOR_t _ClockSetData = { + /* entry */ &TPM2_ClockSet, + /* inSize */ (UINT16)(sizeof(ClockSet_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(ClockSet_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(ClockSet_In, newTime))}, + /* types */ {TPMI_RH_PROVISION_H_UNMARSHAL, + UINT64_P_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} +}; + +#define _ClockSetDataAddress (&_ClockSetData) +#else +#define _ClockSetDataAddress 0 +#endif // CC_ClockSet + +#if CC_ClockRateAdjust + +#include "ClockRateAdjust_fp.h" + +typedef TPM_RC (ClockRateAdjust_Entry)( + ClockRateAdjust_In *in +); + +typedef const struct { + ClockRateAdjust_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[1]; + BYTE types[4]; +} ClockRateAdjust_COMMAND_DESCRIPTOR_t; + +ClockRateAdjust_COMMAND_DESCRIPTOR_t _ClockRateAdjustData = { + /* entry */ &TPM2_ClockRateAdjust, + /* inSize */ (UINT16)(sizeof(ClockRateAdjust_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(ClockRateAdjust_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(ClockRateAdjust_In, rateAdjust))}, + /* types */ {TPMI_RH_PROVISION_H_UNMARSHAL, + TPM_CLOCK_ADJUST_P_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} +}; + +#define _ClockRateAdjustDataAddress (&_ClockRateAdjustData) +#else +#define _ClockRateAdjustDataAddress 0 +#endif // CC_ClockRateAdjust + +#if CC_GetCapability + +#include "GetCapability_fp.h" + +typedef TPM_RC (GetCapability_Entry)( + GetCapability_In *in, + GetCapability_Out *out +); + +typedef const struct { + GetCapability_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[3]; + BYTE types[7]; +} GetCapability_COMMAND_DESCRIPTOR_t; + +GetCapability_COMMAND_DESCRIPTOR_t _GetCapabilityData = { + /* entry */ &TPM2_GetCapability, + /* inSize */ (UINT16)(sizeof(GetCapability_In)), + /* outSize */ (UINT16)(sizeof(GetCapability_Out)), + /* offsetOfTypes */ offsetof(GetCapability_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(GetCapability_In, property)), + (UINT16)(offsetof(GetCapability_In, propertyCount)), + (UINT16)(offsetof(GetCapability_Out, capabilityData))}, + /* types */ {TPM_CAP_P_UNMARSHAL, + UINT32_P_UNMARSHAL, + UINT32_P_UNMARSHAL, + END_OF_LIST, + TPMI_YES_NO_P_MARSHAL, + TPMS_CAPABILITY_DATA_P_MARSHAL, + END_OF_LIST} +}; + +#define _GetCapabilityDataAddress (&_GetCapabilityData) +#else +#define _GetCapabilityDataAddress 0 +#endif // CC_GetCapability + +#if CC_TestParms + +#include "TestParms_fp.h" + +typedef TPM_RC (TestParms_Entry)( + TestParms_In *in +); + +typedef const struct { + TestParms_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + BYTE types[3]; +} TestParms_COMMAND_DESCRIPTOR_t; + +TestParms_COMMAND_DESCRIPTOR_t _TestParmsData = { + /* entry */ &TPM2_TestParms, + /* inSize */ (UINT16)(sizeof(TestParms_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(TestParms_COMMAND_DESCRIPTOR_t, types), + /* offsets */ // No parameter offsets; + /* types */ {TPMT_PUBLIC_PARMS_P_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} +}; + +#define _TestParmsDataAddress (&_TestParmsData) +#else +#define _TestParmsDataAddress 0 +#endif // CC_TestParms + +#if CC_NV_DefineSpace + +#include "NV_DefineSpace_fp.h" + +typedef TPM_RC (NV_DefineSpace_Entry)( + NV_DefineSpace_In *in +); + +typedef const struct { + NV_DefineSpace_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[2]; + BYTE types[5]; +} NV_DefineSpace_COMMAND_DESCRIPTOR_t; + +NV_DefineSpace_COMMAND_DESCRIPTOR_t _NV_DefineSpaceData = { + /* entry */ &TPM2_NV_DefineSpace, + /* inSize */ (UINT16)(sizeof(NV_DefineSpace_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(NV_DefineSpace_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(NV_DefineSpace_In, auth)), + (UINT16)(offsetof(NV_DefineSpace_In, publicInfo))}, + /* types */ {TPMI_RH_PROVISION_H_UNMARSHAL, + TPM2B_AUTH_P_UNMARSHAL, + TPM2B_NV_PUBLIC_P_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} +}; + +#define _NV_DefineSpaceDataAddress (&_NV_DefineSpaceData) +#else +#define _NV_DefineSpaceDataAddress 0 +#endif // CC_NV_DefineSpace + +#if CC_NV_UndefineSpace + +#include "NV_UndefineSpace_fp.h" + +typedef TPM_RC (NV_UndefineSpace_Entry)( + NV_UndefineSpace_In *in +); + +typedef const struct { + NV_UndefineSpace_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[1]; + BYTE types[4]; +} NV_UndefineSpace_COMMAND_DESCRIPTOR_t; + +NV_UndefineSpace_COMMAND_DESCRIPTOR_t _NV_UndefineSpaceData = { + /* entry */ &TPM2_NV_UndefineSpace, + /* inSize */ (UINT16)(sizeof(NV_UndefineSpace_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(NV_UndefineSpace_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(NV_UndefineSpace_In, nvIndex))}, + /* types */ {TPMI_RH_PROVISION_H_UNMARSHAL, + TPMI_RH_NV_INDEX_H_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} +}; + +#define _NV_UndefineSpaceDataAddress (&_NV_UndefineSpaceData) +#else +#define _NV_UndefineSpaceDataAddress 0 +#endif // CC_NV_UndefineSpace + +#if CC_NV_UndefineSpaceSpecial + +#include "NV_UndefineSpaceSpecial_fp.h" + +typedef TPM_RC (NV_UndefineSpaceSpecial_Entry)( + NV_UndefineSpaceSpecial_In *in +); + +typedef const struct { + NV_UndefineSpaceSpecial_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[1]; + BYTE types[4]; +} NV_UndefineSpaceSpecial_COMMAND_DESCRIPTOR_t; + +NV_UndefineSpaceSpecial_COMMAND_DESCRIPTOR_t _NV_UndefineSpaceSpecialData = { + /* entry */ &TPM2_NV_UndefineSpaceSpecial, + /* inSize */ (UINT16)(sizeof(NV_UndefineSpaceSpecial_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(NV_UndefineSpaceSpecial_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(NV_UndefineSpaceSpecial_In, platform))}, + /* types */ {TPMI_RH_NV_INDEX_H_UNMARSHAL, + TPMI_RH_PLATFORM_H_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} +}; + +#define _NV_UndefineSpaceSpecialDataAddress (&_NV_UndefineSpaceSpecialData) +#else +#define _NV_UndefineSpaceSpecialDataAddress 0 +#endif // CC_NV_UndefineSpaceSpecial + +#if CC_NV_ReadPublic + +#include "NV_ReadPublic_fp.h" + +typedef TPM_RC (NV_ReadPublic_Entry)( + NV_ReadPublic_In *in, + NV_ReadPublic_Out *out +); + +typedef const struct { + NV_ReadPublic_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[1]; + BYTE types[5]; +} NV_ReadPublic_COMMAND_DESCRIPTOR_t; + +NV_ReadPublic_COMMAND_DESCRIPTOR_t _NV_ReadPublicData = { + /* entry */ &TPM2_NV_ReadPublic, + /* inSize */ (UINT16)(sizeof(NV_ReadPublic_In)), + /* outSize */ (UINT16)(sizeof(NV_ReadPublic_Out)), + /* offsetOfTypes */ offsetof(NV_ReadPublic_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(NV_ReadPublic_Out, nvName))}, + /* types */ {TPMI_RH_NV_INDEX_H_UNMARSHAL, + END_OF_LIST, + TPM2B_NV_PUBLIC_P_MARSHAL, + TPM2B_NAME_P_MARSHAL, + END_OF_LIST} +}; + +#define _NV_ReadPublicDataAddress (&_NV_ReadPublicData) +#else +#define _NV_ReadPublicDataAddress 0 +#endif // CC_NV_ReadPublic + +#if CC_NV_Write + +#include "NV_Write_fp.h" + +typedef TPM_RC (NV_Write_Entry)( + NV_Write_In *in +); + +typedef const struct { + NV_Write_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[3]; + BYTE types[6]; +} NV_Write_COMMAND_DESCRIPTOR_t; + +NV_Write_COMMAND_DESCRIPTOR_t _NV_WriteData = { + /* entry */ &TPM2_NV_Write, + /* inSize */ (UINT16)(sizeof(NV_Write_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(NV_Write_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(NV_Write_In, nvIndex)), + (UINT16)(offsetof(NV_Write_In, data)), + (UINT16)(offsetof(NV_Write_In, offset))}, + /* types */ {TPMI_RH_NV_AUTH_H_UNMARSHAL, + TPMI_RH_NV_INDEX_H_UNMARSHAL, + TPM2B_MAX_NV_BUFFER_P_UNMARSHAL, + UINT16_P_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} +}; + +#define _NV_WriteDataAddress (&_NV_WriteData) +#else +#define _NV_WriteDataAddress 0 +#endif // CC_NV_Write + +#if CC_NV_Increment + +#include "NV_Increment_fp.h" + +typedef TPM_RC (NV_Increment_Entry)( + NV_Increment_In *in +); + +typedef const struct { + NV_Increment_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[1]; + BYTE types[4]; +} NV_Increment_COMMAND_DESCRIPTOR_t; + +NV_Increment_COMMAND_DESCRIPTOR_t _NV_IncrementData = { + /* entry */ &TPM2_NV_Increment, + /* inSize */ (UINT16)(sizeof(NV_Increment_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(NV_Increment_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(NV_Increment_In, nvIndex))}, + /* types */ {TPMI_RH_NV_AUTH_H_UNMARSHAL, + TPMI_RH_NV_INDEX_H_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} +}; + +#define _NV_IncrementDataAddress (&_NV_IncrementData) +#else +#define _NV_IncrementDataAddress 0 +#endif // CC_NV_Increment + +#if CC_NV_Extend + +#include "NV_Extend_fp.h" + +typedef TPM_RC (NV_Extend_Entry)( + NV_Extend_In *in +); + +typedef const struct { + NV_Extend_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[2]; + BYTE types[5]; +} NV_Extend_COMMAND_DESCRIPTOR_t; + +NV_Extend_COMMAND_DESCRIPTOR_t _NV_ExtendData = { + /* entry */ &TPM2_NV_Extend, + /* inSize */ (UINT16)(sizeof(NV_Extend_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(NV_Extend_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(NV_Extend_In, nvIndex)), + (UINT16)(offsetof(NV_Extend_In, data))}, + /* types */ {TPMI_RH_NV_AUTH_H_UNMARSHAL, + TPMI_RH_NV_INDEX_H_UNMARSHAL, + TPM2B_MAX_NV_BUFFER_P_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} +}; + +#define _NV_ExtendDataAddress (&_NV_ExtendData) +#else +#define _NV_ExtendDataAddress 0 +#endif // CC_NV_Extend + +#if CC_NV_SetBits + +#include "NV_SetBits_fp.h" + +typedef TPM_RC (NV_SetBits_Entry)( + NV_SetBits_In *in +); + +typedef const struct { + NV_SetBits_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[2]; + BYTE types[5]; +} NV_SetBits_COMMAND_DESCRIPTOR_t; + +NV_SetBits_COMMAND_DESCRIPTOR_t _NV_SetBitsData = { + /* entry */ &TPM2_NV_SetBits, + /* inSize */ (UINT16)(sizeof(NV_SetBits_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(NV_SetBits_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(NV_SetBits_In, nvIndex)), + (UINT16)(offsetof(NV_SetBits_In, bits))}, + /* types */ {TPMI_RH_NV_AUTH_H_UNMARSHAL, + TPMI_RH_NV_INDEX_H_UNMARSHAL, + UINT64_P_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} +}; + +#define _NV_SetBitsDataAddress (&_NV_SetBitsData) +#else +#define _NV_SetBitsDataAddress 0 +#endif // CC_NV_SetBits + +#if CC_NV_WriteLock + +#include "NV_WriteLock_fp.h" + +typedef TPM_RC (NV_WriteLock_Entry)( + NV_WriteLock_In *in +); + +typedef const struct { + NV_WriteLock_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[1]; + BYTE types[4]; +} NV_WriteLock_COMMAND_DESCRIPTOR_t; + +NV_WriteLock_COMMAND_DESCRIPTOR_t _NV_WriteLockData = { + /* entry */ &TPM2_NV_WriteLock, + /* inSize */ (UINT16)(sizeof(NV_WriteLock_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(NV_WriteLock_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(NV_WriteLock_In, nvIndex))}, + /* types */ {TPMI_RH_NV_AUTH_H_UNMARSHAL, + TPMI_RH_NV_INDEX_H_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} +}; + +#define _NV_WriteLockDataAddress (&_NV_WriteLockData) +#else +#define _NV_WriteLockDataAddress 0 +#endif // CC_NV_WriteLock + +#if CC_NV_GlobalWriteLock + +#include "NV_GlobalWriteLock_fp.h" + +typedef TPM_RC (NV_GlobalWriteLock_Entry)( + NV_GlobalWriteLock_In *in +); + +typedef const struct { + NV_GlobalWriteLock_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + BYTE types[3]; +} NV_GlobalWriteLock_COMMAND_DESCRIPTOR_t; + +NV_GlobalWriteLock_COMMAND_DESCRIPTOR_t _NV_GlobalWriteLockData = { + /* entry */ &TPM2_NV_GlobalWriteLock, + /* inSize */ (UINT16)(sizeof(NV_GlobalWriteLock_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(NV_GlobalWriteLock_COMMAND_DESCRIPTOR_t, types), + /* offsets */ // No parameter offsets; + /* types */ {TPMI_RH_PROVISION_H_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} +}; + +#define _NV_GlobalWriteLockDataAddress (&_NV_GlobalWriteLockData) +#else +#define _NV_GlobalWriteLockDataAddress 0 +#endif // CC_NV_GlobalWriteLock + +#if CC_NV_Read + +#include "NV_Read_fp.h" + +typedef TPM_RC (NV_Read_Entry)( + NV_Read_In *in, + NV_Read_Out *out +); + +typedef const struct { + NV_Read_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[3]; + BYTE types[7]; +} NV_Read_COMMAND_DESCRIPTOR_t; + +NV_Read_COMMAND_DESCRIPTOR_t _NV_ReadData = { + /* entry */ &TPM2_NV_Read, + /* inSize */ (UINT16)(sizeof(NV_Read_In)), + /* outSize */ (UINT16)(sizeof(NV_Read_Out)), + /* offsetOfTypes */ offsetof(NV_Read_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(NV_Read_In, nvIndex)), + (UINT16)(offsetof(NV_Read_In, size)), + (UINT16)(offsetof(NV_Read_In, offset))}, + /* types */ {TPMI_RH_NV_AUTH_H_UNMARSHAL, + TPMI_RH_NV_INDEX_H_UNMARSHAL, + UINT16_P_UNMARSHAL, + UINT16_P_UNMARSHAL, + END_OF_LIST, + TPM2B_MAX_NV_BUFFER_P_MARSHAL, + END_OF_LIST} +}; + +#define _NV_ReadDataAddress (&_NV_ReadData) +#else +#define _NV_ReadDataAddress 0 +#endif // CC_NV_Read + +#if CC_NV_ReadLock + +#include "NV_ReadLock_fp.h" + +typedef TPM_RC (NV_ReadLock_Entry)( + NV_ReadLock_In *in +); + +typedef const struct { + NV_ReadLock_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[1]; + BYTE types[4]; +} NV_ReadLock_COMMAND_DESCRIPTOR_t; + +NV_ReadLock_COMMAND_DESCRIPTOR_t _NV_ReadLockData = { + /* entry */ &TPM2_NV_ReadLock, + /* inSize */ (UINT16)(sizeof(NV_ReadLock_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(NV_ReadLock_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(NV_ReadLock_In, nvIndex))}, + /* types */ {TPMI_RH_NV_AUTH_H_UNMARSHAL, + TPMI_RH_NV_INDEX_H_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} +}; + +#define _NV_ReadLockDataAddress (&_NV_ReadLockData) +#else +#define _NV_ReadLockDataAddress 0 +#endif // CC_NV_ReadLock + +#if CC_NV_ChangeAuth + +#include "NV_ChangeAuth_fp.h" + +typedef TPM_RC (NV_ChangeAuth_Entry)( + NV_ChangeAuth_In *in +); + +typedef const struct { + NV_ChangeAuth_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[1]; + BYTE types[4]; +} NV_ChangeAuth_COMMAND_DESCRIPTOR_t; + +NV_ChangeAuth_COMMAND_DESCRIPTOR_t _NV_ChangeAuthData = { + /* entry */ &TPM2_NV_ChangeAuth, + /* inSize */ (UINT16)(sizeof(NV_ChangeAuth_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(NV_ChangeAuth_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(NV_ChangeAuth_In, newAuth))}, + /* types */ {TPMI_RH_NV_INDEX_H_UNMARSHAL, + TPM2B_AUTH_P_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} +}; + +#define _NV_ChangeAuthDataAddress (&_NV_ChangeAuthData) +#else +#define _NV_ChangeAuthDataAddress 0 +#endif // CC_NV_ChangeAuth + +#if CC_NV_Certify + +#include "NV_Certify_fp.h" + +typedef TPM_RC (NV_Certify_Entry)( + NV_Certify_In *in, + NV_Certify_Out *out +); + +typedef const struct { + NV_Certify_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[7]; + BYTE types[11]; +} NV_Certify_COMMAND_DESCRIPTOR_t; + +NV_Certify_COMMAND_DESCRIPTOR_t _NV_CertifyData = { + /* entry */ &TPM2_NV_Certify, + /* inSize */ (UINT16)(sizeof(NV_Certify_In)), + /* outSize */ (UINT16)(sizeof(NV_Certify_Out)), + /* offsetOfTypes */ offsetof(NV_Certify_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(NV_Certify_In, authHandle)), + (UINT16)(offsetof(NV_Certify_In, nvIndex)), + (UINT16)(offsetof(NV_Certify_In, qualifyingData)), + (UINT16)(offsetof(NV_Certify_In, inScheme)), + (UINT16)(offsetof(NV_Certify_In, size)), + (UINT16)(offsetof(NV_Certify_In, offset)), + (UINT16)(offsetof(NV_Certify_Out, signature))}, + /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL + ADD_FLAG, + TPMI_RH_NV_AUTH_H_UNMARSHAL, + TPMI_RH_NV_INDEX_H_UNMARSHAL, + TPM2B_DATA_P_UNMARSHAL, + TPMT_SIG_SCHEME_P_UNMARSHAL + ADD_FLAG, + UINT16_P_UNMARSHAL, + UINT16_P_UNMARSHAL, + END_OF_LIST, + TPM2B_ATTEST_P_MARSHAL, + TPMT_SIGNATURE_P_MARSHAL, + END_OF_LIST} +}; + +#define _NV_CertifyDataAddress (&_NV_CertifyData) +#else +#define _NV_CertifyDataAddress 0 +#endif // CC_NV_Certify + +#if CC_AC_GetCapability + +#include "AC_GetCapability_fp.h" + +typedef TPM_RC (AC_GetCapability_Entry)( + AC_GetCapability_In *in, + AC_GetCapability_Out *out +); + +typedef const struct { + AC_GetCapability_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[3]; + BYTE types[7]; +} AC_GetCapability_COMMAND_DESCRIPTOR_t; + +AC_GetCapability_COMMAND_DESCRIPTOR_t _AC_GetCapabilityData = { + /* entry */ &TPM2_AC_GetCapability, + /* inSize */ (UINT16)(sizeof(AC_GetCapability_In)), + /* outSize */ (UINT16)(sizeof(AC_GetCapability_Out)), + /* offsetOfTypes */ offsetof(AC_GetCapability_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(AC_GetCapability_In, capability)), + (UINT16)(offsetof(AC_GetCapability_In, count)), + (UINT16)(offsetof(AC_GetCapability_Out, capabilitiesData))}, + /* types */ {TPMI_RH_AC_H_UNMARSHAL, + TPM_AT_P_UNMARSHAL, + UINT32_P_UNMARSHAL, + END_OF_LIST, + TPMI_YES_NO_P_MARSHAL, + TPML_AC_CAPABILITIES_P_MARSHAL, + END_OF_LIST} +}; + +#define _AC_GetCapabilityDataAddress (&_AC_GetCapabilityData) +#else +#define _AC_GetCapabilityDataAddress 0 +#endif // CC_AC_GetCapability + +#if CC_AC_Send + +#include "AC_Send_fp.h" + +typedef TPM_RC (AC_Send_Entry)( + AC_Send_In *in, + AC_Send_Out *out +); + +typedef const struct { + AC_Send_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[3]; + BYTE types[7]; +} AC_Send_COMMAND_DESCRIPTOR_t; + +AC_Send_COMMAND_DESCRIPTOR_t _AC_SendData = { + /* entry */ &TPM2_AC_Send, + /* inSize */ (UINT16)(sizeof(AC_Send_In)), + /* outSize */ (UINT16)(sizeof(AC_Send_Out)), + /* offsetOfTypes */ offsetof(AC_Send_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(AC_Send_In, authHandle)), + (UINT16)(offsetof(AC_Send_In, ac)), + (UINT16)(offsetof(AC_Send_In, acDataIn))}, + /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, + TPMI_RH_NV_AUTH_H_UNMARSHAL, + TPMI_RH_AC_H_UNMARSHAL, + TPM2B_MAX_BUFFER_P_UNMARSHAL, + END_OF_LIST, + TPMS_AC_OUTPUT_P_MARSHAL, + END_OF_LIST} +}; + +#define _AC_SendDataAddress (&_AC_SendData) +#else +#define _AC_SendDataAddress 0 +#endif // CC_AC_Send + +#if CC_Policy_AC_SendSelect + +#include "Policy_AC_SendSelect_fp.h" + +typedef TPM_RC (Policy_AC_SendSelect_Entry)( + Policy_AC_SendSelect_In *in +); + +typedef const struct { + Policy_AC_SendSelect_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[4]; + BYTE types[7]; +} Policy_AC_SendSelect_COMMAND_DESCRIPTOR_t; + +Policy_AC_SendSelect_COMMAND_DESCRIPTOR_t _Policy_AC_SendSelectData = { + /* entry */ &TPM2_Policy_AC_SendSelect, + /* inSize */ (UINT16)(sizeof(Policy_AC_SendSelect_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(Policy_AC_SendSelect_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(Policy_AC_SendSelect_In, objectName)), + (UINT16)(offsetof(Policy_AC_SendSelect_In, authHandleName)), + (UINT16)(offsetof(Policy_AC_SendSelect_In, acName)), + (UINT16)(offsetof(Policy_AC_SendSelect_In, includeObject))}, + /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, + TPM2B_NAME_P_UNMARSHAL, + TPM2B_NAME_P_UNMARSHAL, + TPM2B_NAME_P_UNMARSHAL, + TPMI_YES_NO_P_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} +}; + +#define _Policy_AC_SendSelectDataAddress (&_Policy_AC_SendSelectData) +#else +#define _Policy_AC_SendSelectDataAddress 0 +#endif // CC_Policy_AC_SendSelect + +#if CC_Vendor_TCG_Test + +#include "Vendor_TCG_Test_fp.h" + +typedef TPM_RC (Vendor_TCG_Test_Entry)( + Vendor_TCG_Test_In *in, + Vendor_TCG_Test_Out *out +); + +typedef const struct { + Vendor_TCG_Test_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + BYTE types[4]; +} Vendor_TCG_Test_COMMAND_DESCRIPTOR_t; + +Vendor_TCG_Test_COMMAND_DESCRIPTOR_t _Vendor_TCG_TestData = { + /* entry */ &TPM2_Vendor_TCG_Test, + /* inSize */ (UINT16)(sizeof(Vendor_TCG_Test_In)), + /* outSize */ (UINT16)(sizeof(Vendor_TCG_Test_Out)), + /* offsetOfTypes */ offsetof(Vendor_TCG_Test_COMMAND_DESCRIPTOR_t, types), + /* offsets */ // No parameter offsets; + /* types */ {TPM2B_DATA_P_UNMARSHAL, + END_OF_LIST, + TPM2B_DATA_P_MARSHAL, + END_OF_LIST} +}; + +#define _Vendor_TCG_TestDataAddress (&_Vendor_TCG_TestData) +#else +#define _Vendor_TCG_TestDataAddress 0 +#endif // CC_Vendor_TCG_Test + +COMMAND_DESCRIPTOR_t *s_CommandDataArray[] = { +#if (PAD_LIST || CC_NV_UndefineSpaceSpecial) + (COMMAND_DESCRIPTOR_t *)_NV_UndefineSpaceSpecialDataAddress, +#endif // CC_NV_UndefineSpaceSpecial +#if (PAD_LIST || CC_EvictControl) + (COMMAND_DESCRIPTOR_t *)_EvictControlDataAddress, +#endif // CC_EvictControl +#if (PAD_LIST || CC_HierarchyControl) + (COMMAND_DESCRIPTOR_t *)_HierarchyControlDataAddress, +#endif // CC_HierarchyControl +#if (PAD_LIST || CC_NV_UndefineSpace) + (COMMAND_DESCRIPTOR_t *)_NV_UndefineSpaceDataAddress, +#endif // CC_NV_UndefineSpace +#if (PAD_LIST) + (COMMAND_DESCRIPTOR_t *)0, +#endif // +#if (PAD_LIST || CC_ChangeEPS) + (COMMAND_DESCRIPTOR_t *)_ChangeEPSDataAddress, +#endif // CC_ChangeEPS +#if (PAD_LIST || CC_ChangePPS) + (COMMAND_DESCRIPTOR_t *)_ChangePPSDataAddress, +#endif // CC_ChangePPS +#if (PAD_LIST || CC_Clear) + (COMMAND_DESCRIPTOR_t *)_ClearDataAddress, +#endif // CC_Clear +#if (PAD_LIST || CC_ClearControl) + (COMMAND_DESCRIPTOR_t *)_ClearControlDataAddress, +#endif // CC_ClearControl +#if (PAD_LIST || CC_ClockSet) + (COMMAND_DESCRIPTOR_t *)_ClockSetDataAddress, +#endif // CC_ClockSet +#if (PAD_LIST || CC_HierarchyChangeAuth) + (COMMAND_DESCRIPTOR_t *)_HierarchyChangeAuthDataAddress, +#endif // CC_HierarchyChangeAuth +#if (PAD_LIST || CC_NV_DefineSpace) + (COMMAND_DESCRIPTOR_t *)_NV_DefineSpaceDataAddress, +#endif // CC_NV_DefineSpace +#if (PAD_LIST || CC_PCR_Allocate) + (COMMAND_DESCRIPTOR_t *)_PCR_AllocateDataAddress, +#endif // CC_PCR_Allocate +#if (PAD_LIST || CC_PCR_SetAuthPolicy) + (COMMAND_DESCRIPTOR_t *)_PCR_SetAuthPolicyDataAddress, +#endif // CC_PCR_SetAuthPolicy +#if (PAD_LIST || CC_PP_Commands) + (COMMAND_DESCRIPTOR_t *)_PP_CommandsDataAddress, +#endif // CC_PP_Commands +#if (PAD_LIST || CC_SetPrimaryPolicy) + (COMMAND_DESCRIPTOR_t *)_SetPrimaryPolicyDataAddress, +#endif // CC_SetPrimaryPolicy +#if (PAD_LIST || CC_FieldUpgradeStart) + (COMMAND_DESCRIPTOR_t *)_FieldUpgradeStartDataAddress, +#endif // CC_FieldUpgradeStart +#if (PAD_LIST || CC_ClockRateAdjust) + (COMMAND_DESCRIPTOR_t *)_ClockRateAdjustDataAddress, +#endif // CC_ClockRateAdjust +#if (PAD_LIST || CC_CreatePrimary) + (COMMAND_DESCRIPTOR_t *)_CreatePrimaryDataAddress, +#endif // CC_CreatePrimary +#if (PAD_LIST || CC_NV_GlobalWriteLock) + (COMMAND_DESCRIPTOR_t *)_NV_GlobalWriteLockDataAddress, +#endif // CC_NV_GlobalWriteLock +#if (PAD_LIST || CC_GetCommandAuditDigest) + (COMMAND_DESCRIPTOR_t *)_GetCommandAuditDigestDataAddress, +#endif // CC_GetCommandAuditDigest +#if (PAD_LIST || CC_NV_Increment) + (COMMAND_DESCRIPTOR_t *)_NV_IncrementDataAddress, +#endif // CC_NV_Increment +#if (PAD_LIST || CC_NV_SetBits) + (COMMAND_DESCRIPTOR_t *)_NV_SetBitsDataAddress, +#endif // CC_NV_SetBits +#if (PAD_LIST || CC_NV_Extend) + (COMMAND_DESCRIPTOR_t *)_NV_ExtendDataAddress, +#endif // CC_NV_Extend +#if (PAD_LIST || CC_NV_Write) + (COMMAND_DESCRIPTOR_t *)_NV_WriteDataAddress, +#endif // CC_NV_Write +#if (PAD_LIST || CC_NV_WriteLock) + (COMMAND_DESCRIPTOR_t *)_NV_WriteLockDataAddress, +#endif // CC_NV_WriteLock +#if (PAD_LIST || CC_DictionaryAttackLockReset) + (COMMAND_DESCRIPTOR_t *)_DictionaryAttackLockResetDataAddress, +#endif // CC_DictionaryAttackLockReset +#if (PAD_LIST || CC_DictionaryAttackParameters) + (COMMAND_DESCRIPTOR_t *)_DictionaryAttackParametersDataAddress, +#endif // CC_DictionaryAttackParameters +#if (PAD_LIST || CC_NV_ChangeAuth) + (COMMAND_DESCRIPTOR_t *)_NV_ChangeAuthDataAddress, +#endif // CC_NV_ChangeAuth +#if (PAD_LIST || CC_PCR_Event) + (COMMAND_DESCRIPTOR_t *)_PCR_EventDataAddress, +#endif // CC_PCR_Event +#if (PAD_LIST || CC_PCR_Reset) + (COMMAND_DESCRIPTOR_t *)_PCR_ResetDataAddress, +#endif // CC_PCR_Reset +#if (PAD_LIST || CC_SequenceComplete) + (COMMAND_DESCRIPTOR_t *)_SequenceCompleteDataAddress, +#endif // CC_SequenceComplete +#if (PAD_LIST || CC_SetAlgorithmSet) + (COMMAND_DESCRIPTOR_t *)_SetAlgorithmSetDataAddress, +#endif // CC_SetAlgorithmSet +#if (PAD_LIST || CC_SetCommandCodeAuditStatus) + (COMMAND_DESCRIPTOR_t *)_SetCommandCodeAuditStatusDataAddress, +#endif // CC_SetCommandCodeAuditStatus +#if (PAD_LIST || CC_FieldUpgradeData) + (COMMAND_DESCRIPTOR_t *)_FieldUpgradeDataDataAddress, +#endif // CC_FieldUpgradeData +#if (PAD_LIST || CC_IncrementalSelfTest) + (COMMAND_DESCRIPTOR_t *)_IncrementalSelfTestDataAddress, +#endif // CC_IncrementalSelfTest +#if (PAD_LIST || CC_SelfTest) + (COMMAND_DESCRIPTOR_t *)_SelfTestDataAddress, +#endif // CC_SelfTest +#if (PAD_LIST || CC_Startup) + (COMMAND_DESCRIPTOR_t *)_StartupDataAddress, +#endif // CC_Startup +#if (PAD_LIST || CC_Shutdown) + (COMMAND_DESCRIPTOR_t *)_ShutdownDataAddress, +#endif // CC_Shutdown +#if (PAD_LIST || CC_StirRandom) + (COMMAND_DESCRIPTOR_t *)_StirRandomDataAddress, +#endif // CC_StirRandom +#if (PAD_LIST || CC_ActivateCredential) + (COMMAND_DESCRIPTOR_t *)_ActivateCredentialDataAddress, +#endif // CC_ActivateCredential +#if (PAD_LIST || CC_Certify) + (COMMAND_DESCRIPTOR_t *)_CertifyDataAddress, +#endif // CC_Certify +#if (PAD_LIST || CC_PolicyNV) + (COMMAND_DESCRIPTOR_t *)_PolicyNVDataAddress, +#endif // CC_PolicyNV +#if (PAD_LIST || CC_CertifyCreation) + (COMMAND_DESCRIPTOR_t *)_CertifyCreationDataAddress, +#endif // CC_CertifyCreation +#if (PAD_LIST || CC_Duplicate) + (COMMAND_DESCRIPTOR_t *)_DuplicateDataAddress, +#endif // CC_Duplicate +#if (PAD_LIST || CC_GetTime) + (COMMAND_DESCRIPTOR_t *)_GetTimeDataAddress, +#endif // CC_GetTime +#if (PAD_LIST || CC_GetSessionAuditDigest) + (COMMAND_DESCRIPTOR_t *)_GetSessionAuditDigestDataAddress, +#endif // CC_GetSessionAuditDigest +#if (PAD_LIST || CC_NV_Read) + (COMMAND_DESCRIPTOR_t *)_NV_ReadDataAddress, +#endif // CC_NV_Read +#if (PAD_LIST || CC_NV_ReadLock) + (COMMAND_DESCRIPTOR_t *)_NV_ReadLockDataAddress, +#endif // CC_NV_ReadLock +#if (PAD_LIST || CC_ObjectChangeAuth) + (COMMAND_DESCRIPTOR_t *)_ObjectChangeAuthDataAddress, +#endif // CC_ObjectChangeAuth +#if (PAD_LIST || CC_PolicySecret) + (COMMAND_DESCRIPTOR_t *)_PolicySecretDataAddress, +#endif // CC_PolicySecret +#if (PAD_LIST || CC_Rewrap) + (COMMAND_DESCRIPTOR_t *)_RewrapDataAddress, +#endif // CC_Rewrap +#if (PAD_LIST || CC_Create) + (COMMAND_DESCRIPTOR_t *)_CreateDataAddress, +#endif // CC_Create +#if (PAD_LIST || CC_ECDH_ZGen) + (COMMAND_DESCRIPTOR_t *)_ECDH_ZGenDataAddress, +#endif // CC_ECDH_ZGen +#if (PAD_LIST || (CC_HMAC || CC_MAC)) +# if CC_HMAC + (COMMAND_DESCRIPTOR_t *)_HMACDataAddress, +# endif +# if CC_MAC + (COMMAND_DESCRIPTOR_t *)_MACDataAddress, +# endif +# if (CC_HMAC || CC_MAC) > 1 +# error "More than one aliased command defined" +# endif +#endif // CC_HMAC CC_MAC +#if (PAD_LIST || CC_Import) + (COMMAND_DESCRIPTOR_t *)_ImportDataAddress, +#endif // CC_Import +#if (PAD_LIST || CC_Load) + (COMMAND_DESCRIPTOR_t *)_LoadDataAddress, +#endif // CC_Load +#if (PAD_LIST || CC_Quote) + (COMMAND_DESCRIPTOR_t *)_QuoteDataAddress, +#endif // CC_Quote +#if (PAD_LIST || CC_RSA_Decrypt) + (COMMAND_DESCRIPTOR_t *)_RSA_DecryptDataAddress, +#endif // CC_RSA_Decrypt +#if (PAD_LIST) + (COMMAND_DESCRIPTOR_t *)0, +#endif // +#if (PAD_LIST || (CC_HMAC_Start || CC_MAC_Start)) +# if CC_HMAC_Start + (COMMAND_DESCRIPTOR_t *)_HMAC_StartDataAddress, +# endif +# if CC_MAC_Start + (COMMAND_DESCRIPTOR_t *)_MAC_StartDataAddress, +# endif +# if (CC_HMAC_Start || CC_MAC_Start) > 1 +# error "More than one aliased command defined" +# endif +#endif // CC_HMAC_Start CC_MAC_Start +#if (PAD_LIST || CC_SequenceUpdate) + (COMMAND_DESCRIPTOR_t *)_SequenceUpdateDataAddress, +#endif // CC_SequenceUpdate +#if (PAD_LIST || CC_Sign) + (COMMAND_DESCRIPTOR_t *)_SignDataAddress, +#endif // CC_Sign +#if (PAD_LIST || CC_Unseal) + (COMMAND_DESCRIPTOR_t *)_UnsealDataAddress, +#endif // CC_Unseal +#if (PAD_LIST) + (COMMAND_DESCRIPTOR_t *)0, +#endif // +#if (PAD_LIST || CC_PolicySigned) + (COMMAND_DESCRIPTOR_t *)_PolicySignedDataAddress, +#endif // CC_PolicySigned +#if (PAD_LIST || CC_ContextLoad) + (COMMAND_DESCRIPTOR_t *)_ContextLoadDataAddress, +#endif // CC_ContextLoad +#if (PAD_LIST || CC_ContextSave) + (COMMAND_DESCRIPTOR_t *)_ContextSaveDataAddress, +#endif // CC_ContextSave +#if (PAD_LIST || CC_ECDH_KeyGen) + (COMMAND_DESCRIPTOR_t *)_ECDH_KeyGenDataAddress, +#endif // CC_ECDH_KeyGen +#if (PAD_LIST || CC_EncryptDecrypt) + (COMMAND_DESCRIPTOR_t *)_EncryptDecryptDataAddress, +#endif // CC_EncryptDecrypt +#if (PAD_LIST || CC_FlushContext) + (COMMAND_DESCRIPTOR_t *)_FlushContextDataAddress, +#endif // CC_FlushContext +#if (PAD_LIST) + (COMMAND_DESCRIPTOR_t *)0, +#endif // +#if (PAD_LIST || CC_LoadExternal) + (COMMAND_DESCRIPTOR_t *)_LoadExternalDataAddress, +#endif // CC_LoadExternal +#if (PAD_LIST || CC_MakeCredential) + (COMMAND_DESCRIPTOR_t *)_MakeCredentialDataAddress, +#endif // CC_MakeCredential +#if (PAD_LIST || CC_NV_ReadPublic) + (COMMAND_DESCRIPTOR_t *)_NV_ReadPublicDataAddress, +#endif // CC_NV_ReadPublic +#if (PAD_LIST || CC_PolicyAuthorize) + (COMMAND_DESCRIPTOR_t *)_PolicyAuthorizeDataAddress, +#endif // CC_PolicyAuthorize +#if (PAD_LIST || CC_PolicyAuthValue) + (COMMAND_DESCRIPTOR_t *)_PolicyAuthValueDataAddress, +#endif // CC_PolicyAuthValue +#if (PAD_LIST || CC_PolicyCommandCode) + (COMMAND_DESCRIPTOR_t *)_PolicyCommandCodeDataAddress, +#endif // CC_PolicyCommandCode +#if (PAD_LIST || CC_PolicyCounterTimer) + (COMMAND_DESCRIPTOR_t *)_PolicyCounterTimerDataAddress, +#endif // CC_PolicyCounterTimer +#if (PAD_LIST || CC_PolicyCpHash) + (COMMAND_DESCRIPTOR_t *)_PolicyCpHashDataAddress, +#endif // CC_PolicyCpHash +#if (PAD_LIST || CC_PolicyLocality) + (COMMAND_DESCRIPTOR_t *)_PolicyLocalityDataAddress, +#endif // CC_PolicyLocality +#if (PAD_LIST || CC_PolicyNameHash) + (COMMAND_DESCRIPTOR_t *)_PolicyNameHashDataAddress, +#endif // CC_PolicyNameHash +#if (PAD_LIST || CC_PolicyOR) + (COMMAND_DESCRIPTOR_t *)_PolicyORDataAddress, +#endif // CC_PolicyOR +#if (PAD_LIST || CC_PolicyTicket) + (COMMAND_DESCRIPTOR_t *)_PolicyTicketDataAddress, +#endif // CC_PolicyTicket +#if (PAD_LIST || CC_ReadPublic) + (COMMAND_DESCRIPTOR_t *)_ReadPublicDataAddress, +#endif // CC_ReadPublic +#if (PAD_LIST || CC_RSA_Encrypt) + (COMMAND_DESCRIPTOR_t *)_RSA_EncryptDataAddress, +#endif // CC_RSA_Encrypt +#if (PAD_LIST) + (COMMAND_DESCRIPTOR_t *)0, +#endif // +#if (PAD_LIST || CC_StartAuthSession) + (COMMAND_DESCRIPTOR_t *)_StartAuthSessionDataAddress, +#endif // CC_StartAuthSession +#if (PAD_LIST || CC_VerifySignature) + (COMMAND_DESCRIPTOR_t *)_VerifySignatureDataAddress, +#endif // CC_VerifySignature +#if (PAD_LIST || CC_ECC_Parameters) + (COMMAND_DESCRIPTOR_t *)_ECC_ParametersDataAddress, +#endif // CC_ECC_Parameters +#if (PAD_LIST || CC_FirmwareRead) + (COMMAND_DESCRIPTOR_t *)_FirmwareReadDataAddress, +#endif // CC_FirmwareRead +#if (PAD_LIST || CC_GetCapability) + (COMMAND_DESCRIPTOR_t *)_GetCapabilityDataAddress, +#endif // CC_GetCapability +#if (PAD_LIST || CC_GetRandom) + (COMMAND_DESCRIPTOR_t *)_GetRandomDataAddress, +#endif // CC_GetRandom +#if (PAD_LIST || CC_GetTestResult) + (COMMAND_DESCRIPTOR_t *)_GetTestResultDataAddress, +#endif // CC_GetTestResult +#if (PAD_LIST || CC_Hash) + (COMMAND_DESCRIPTOR_t *)_HashDataAddress, +#endif // CC_Hash +#if (PAD_LIST || CC_PCR_Read) + (COMMAND_DESCRIPTOR_t *)_PCR_ReadDataAddress, +#endif // CC_PCR_Read +#if (PAD_LIST || CC_PolicyPCR) + (COMMAND_DESCRIPTOR_t *)_PolicyPCRDataAddress, +#endif // CC_PolicyPCR +#if (PAD_LIST || CC_PolicyRestart) + (COMMAND_DESCRIPTOR_t *)_PolicyRestartDataAddress, +#endif // CC_PolicyRestart +#if (PAD_LIST || CC_ReadClock) + (COMMAND_DESCRIPTOR_t *)_ReadClockDataAddress, +#endif // CC_ReadClock +#if (PAD_LIST || CC_PCR_Extend) + (COMMAND_DESCRIPTOR_t *)_PCR_ExtendDataAddress, +#endif // CC_PCR_Extend +#if (PAD_LIST || CC_PCR_SetAuthValue) + (COMMAND_DESCRIPTOR_t *)_PCR_SetAuthValueDataAddress, +#endif // CC_PCR_SetAuthValue +#if (PAD_LIST || CC_NV_Certify) + (COMMAND_DESCRIPTOR_t *)_NV_CertifyDataAddress, +#endif // CC_NV_Certify +#if (PAD_LIST || CC_EventSequenceComplete) + (COMMAND_DESCRIPTOR_t *)_EventSequenceCompleteDataAddress, +#endif // CC_EventSequenceComplete +#if (PAD_LIST || CC_HashSequenceStart) + (COMMAND_DESCRIPTOR_t *)_HashSequenceStartDataAddress, +#endif // CC_HashSequenceStart +#if (PAD_LIST || CC_PolicyPhysicalPresence) + (COMMAND_DESCRIPTOR_t *)_PolicyPhysicalPresenceDataAddress, +#endif // CC_PolicyPhysicalPresence +#if (PAD_LIST || CC_PolicyDuplicationSelect) + (COMMAND_DESCRIPTOR_t *)_PolicyDuplicationSelectDataAddress, +#endif // CC_PolicyDuplicationSelect +#if (PAD_LIST || CC_PolicyGetDigest) + (COMMAND_DESCRIPTOR_t *)_PolicyGetDigestDataAddress, +#endif // CC_PolicyGetDigest +#if (PAD_LIST || CC_TestParms) + (COMMAND_DESCRIPTOR_t *)_TestParmsDataAddress, +#endif // CC_TestParms +#if (PAD_LIST || CC_Commit) + (COMMAND_DESCRIPTOR_t *)_CommitDataAddress, +#endif // CC_Commit +#if (PAD_LIST || CC_PolicyPassword) + (COMMAND_DESCRIPTOR_t *)_PolicyPasswordDataAddress, +#endif // CC_PolicyPassword +#if (PAD_LIST || CC_ZGen_2Phase) + (COMMAND_DESCRIPTOR_t *)_ZGen_2PhaseDataAddress, +#endif // CC_ZGen_2Phase +#if (PAD_LIST || CC_EC_Ephemeral) + (COMMAND_DESCRIPTOR_t *)_EC_EphemeralDataAddress, +#endif // CC_EC_Ephemeral +#if (PAD_LIST || CC_PolicyNvWritten) + (COMMAND_DESCRIPTOR_t *)_PolicyNvWrittenDataAddress, +#endif // CC_PolicyNvWritten +#if (PAD_LIST || CC_PolicyTemplate) + (COMMAND_DESCRIPTOR_t *)_PolicyTemplateDataAddress, +#endif // CC_PolicyTemplate +#if (PAD_LIST || CC_CreateLoaded) + (COMMAND_DESCRIPTOR_t *)_CreateLoadedDataAddress, +#endif // CC_CreateLoaded +#if (PAD_LIST || CC_PolicyAuthorizeNV) + (COMMAND_DESCRIPTOR_t *)_PolicyAuthorizeNVDataAddress, +#endif // CC_PolicyAuthorizeNV +#if (PAD_LIST || CC_EncryptDecrypt2) + (COMMAND_DESCRIPTOR_t *)_EncryptDecrypt2DataAddress, +#endif // CC_EncryptDecrypt2 +#if (PAD_LIST || CC_AC_GetCapability) + (COMMAND_DESCRIPTOR_t *)_AC_GetCapabilityDataAddress, +#endif // CC_AC_GetCapability +#if (PAD_LIST || CC_AC_Send) + (COMMAND_DESCRIPTOR_t *)_AC_SendDataAddress, +#endif // CC_AC_Send +#if (PAD_LIST || CC_Policy_AC_SendSelect) + (COMMAND_DESCRIPTOR_t *)_Policy_AC_SendSelectDataAddress, +#endif // CC_Policy_AC_SendSelect +#if (PAD_LIST || CC_CertifyX509) + (COMMAND_DESCRIPTOR_t *)_CertifyX509DataAddress, +#endif // CC_CertifyX509 +#if (PAD_LIST || CC_Vendor_TCG_Test) + (COMMAND_DESCRIPTOR_t *)_Vendor_TCG_TestDataAddress, +#endif // CC_Vendor_TCG_Test + 0 +}; + + +#endif // _COMMAND_TABLE_DISPATCH_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CommandDispatcher.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CommandDispatcher.h new file mode 100644 index 000000000..78c3f855a --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CommandDispatcher.h @@ -0,0 +1,2051 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmDispatch; Version 4.0 July 8,2017 + * Date: Oct 27, 2018 Time: 06:49:39PM + */ + +// This macro is added just so that the code is only excessively long. +#define EXIT_IF_ERROR_PLUS(x) \ + if(TPM_RC_SUCCESS != result) { result += (x); goto Exit; } +#if CC_Startup +case TPM_CC_Startup: { + Startup_In *in = (Startup_In *) + MemoryGetInBuffer(sizeof(Startup_In)); + result = TPM_SU_Unmarshal(&in->startupType, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_Startup_startupType); + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_Startup (in); +break; +} +#endif // CC_Startup +#if CC_Shutdown +case TPM_CC_Shutdown: { + Shutdown_In *in = (Shutdown_In *) + MemoryGetInBuffer(sizeof(Shutdown_In)); + result = TPM_SU_Unmarshal(&in->shutdownType, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_Shutdown_shutdownType); + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_Shutdown (in); +break; +} +#endif // CC_Shutdown +#if CC_SelfTest +case TPM_CC_SelfTest: { + SelfTest_In *in = (SelfTest_In *) + MemoryGetInBuffer(sizeof(SelfTest_In)); + result = TPMI_YES_NO_Unmarshal(&in->fullTest, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_SelfTest_fullTest); + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_SelfTest (in); +break; +} +#endif // CC_SelfTest +#if CC_IncrementalSelfTest +case TPM_CC_IncrementalSelfTest: { + IncrementalSelfTest_In *in = (IncrementalSelfTest_In *) + MemoryGetInBuffer(sizeof(IncrementalSelfTest_In)); + IncrementalSelfTest_Out *out = (IncrementalSelfTest_Out *) + MemoryGetOutBuffer(sizeof(IncrementalSelfTest_Out)); + result = TPML_ALG_Unmarshal(&in->toTest, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_IncrementalSelfTest_toTest); + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_IncrementalSelfTest (in, out); + rSize = sizeof(IncrementalSelfTest_Out); + *respParmSize += TPML_ALG_Marshal(&out->toDoList, + responseBuffer, &rSize); +break; +} +#endif // CC_IncrementalSelfTest +#if CC_GetTestResult +case TPM_CC_GetTestResult: { + GetTestResult_Out *out = (GetTestResult_Out *) + MemoryGetOutBuffer(sizeof(GetTestResult_Out)); + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_GetTestResult (out); + rSize = sizeof(GetTestResult_Out); + *respParmSize += TPM2B_MAX_BUFFER_Marshal(&out->outData, + responseBuffer, &rSize); + *respParmSize += TPM_RC_Marshal(&out->testResult, + responseBuffer, &rSize); +break; +} +#endif // CC_GetTestResult +#if CC_StartAuthSession +case TPM_CC_StartAuthSession: { + StartAuthSession_In *in = (StartAuthSession_In *) + MemoryGetInBuffer(sizeof(StartAuthSession_In)); + StartAuthSession_Out *out = (StartAuthSession_Out *) + MemoryGetOutBuffer(sizeof(StartAuthSession_Out)); + in->tpmKey = handles[0]; + in->bind = handles[1]; + result = TPM2B_NONCE_Unmarshal(&in->nonceCaller, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_StartAuthSession_nonceCaller); + result = TPM2B_ENCRYPTED_SECRET_Unmarshal(&in->encryptedSalt, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_StartAuthSession_encryptedSalt); + result = TPM_SE_Unmarshal(&in->sessionType, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_StartAuthSession_sessionType); + result = TPMT_SYM_DEF_Unmarshal(&in->symmetric, paramBuffer, paramBufferSize, TRUE); + ERROR_IF_EXIT_PLUS(RC_StartAuthSession_symmetric); + result = TPMI_ALG_HASH_Unmarshal(&in->authHash, paramBuffer, paramBufferSize, FALSE); + ERROR_IF_EXIT_PLUS(RC_StartAuthSession_authHash); + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_StartAuthSession (in, out); + rSize = sizeof(StartAuthSession_Out); + if(TPM_RC_SUCCESS != result) goto Exit; +; command->handles[command->handleNum++] = out->sessionHandle; + *respParmSize += TPM2B_NONCE_Marshal(&out->nonceTPM, + responseBuffer, &rSize); +break; +} +#endif // CC_StartAuthSession +#if CC_PolicyRestart +case TPM_CC_PolicyRestart: { + PolicyRestart_In *in = (PolicyRestart_In *) + MemoryGetInBuffer(sizeof(PolicyRestart_In)); + in->sessionHandle = handles[0]; + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_PolicyRestart (in); +break; +} +#endif // CC_PolicyRestart +#if CC_Create +case TPM_CC_Create: { + Create_In *in = (Create_In *) + MemoryGetInBuffer(sizeof(Create_In)); + Create_Out *out = (Create_Out *) + MemoryGetOutBuffer(sizeof(Create_Out)); + in->parentHandle = handles[0]; + result = TPM2B_SENSITIVE_CREATE_Unmarshal(&in->inSensitive, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_Create_inSensitive); + result = TPM2B_PUBLIC_Unmarshal(&in->inPublic, paramBuffer, paramBufferSize, FALSE); + ERROR_IF_EXIT_PLUS(RC_Create_inPublic); + result = TPM2B_DATA_Unmarshal(&in->outsideInfo, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_Create_outsideInfo); + result = TPML_PCR_SELECTION_Unmarshal(&in->creationPCR, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_Create_creationPCR); + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_Create (in, out); + rSize = sizeof(Create_Out); + *respParmSize += TPM2B_PRIVATE_Marshal(&out->outPrivate, + responseBuffer, &rSize); + *respParmSize += TPM2B_PUBLIC_Marshal(&out->outPublic, + responseBuffer, &rSize); + *respParmSize += TPM2B_CREATION_DATA_Marshal(&out->creationData, + responseBuffer, &rSize); + *respParmSize += TPM2B_DIGEST_Marshal(&out->creationHash, + responseBuffer, &rSize); + *respParmSize += TPMT_TK_CREATION_Marshal(&out->creationTicket, + responseBuffer, &rSize); +break; +} +#endif // CC_Create +#if CC_Load +case TPM_CC_Load: { + Load_In *in = (Load_In *) + MemoryGetInBuffer(sizeof(Load_In)); + Load_Out *out = (Load_Out *) + MemoryGetOutBuffer(sizeof(Load_Out)); + in->parentHandle = handles[0]; + result = TPM2B_PRIVATE_Unmarshal(&in->inPrivate, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_Load_inPrivate); + result = TPM2B_PUBLIC_Unmarshal(&in->inPublic, paramBuffer, paramBufferSize, FALSE); + ERROR_IF_EXIT_PLUS(RC_Load_inPublic); + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_Load (in, out); + rSize = sizeof(Load_Out); + if(TPM_RC_SUCCESS != result) goto Exit; +; command->handles[command->handleNum++] = out->objectHandle; + *respParmSize += TPM2B_NAME_Marshal(&out->name, + responseBuffer, &rSize); +break; +} +#endif // CC_Load +#if CC_LoadExternal +case TPM_CC_LoadExternal: { + LoadExternal_In *in = (LoadExternal_In *) + MemoryGetInBuffer(sizeof(LoadExternal_In)); + LoadExternal_Out *out = (LoadExternal_Out *) + MemoryGetOutBuffer(sizeof(LoadExternal_Out)); + result = TPM2B_SENSITIVE_Unmarshal(&in->inPrivate, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_LoadExternal_inPrivate); + result = TPM2B_PUBLIC_Unmarshal(&in->inPublic, paramBuffer, paramBufferSize, TRUE); + ERROR_IF_EXIT_PLUS(RC_LoadExternal_inPublic); + result = TPMI_RH_HIERARCHY_Unmarshal(&in->hierarchy, paramBuffer, paramBufferSize, TRUE); + ERROR_IF_EXIT_PLUS(RC_LoadExternal_hierarchy); + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_LoadExternal (in, out); + rSize = sizeof(LoadExternal_Out); + if(TPM_RC_SUCCESS != result) goto Exit; +; command->handles[command->handleNum++] = out->objectHandle; + *respParmSize += TPM2B_NAME_Marshal(&out->name, + responseBuffer, &rSize); +break; +} +#endif // CC_LoadExternal +#if CC_ReadPublic +case TPM_CC_ReadPublic: { + ReadPublic_In *in = (ReadPublic_In *) + MemoryGetInBuffer(sizeof(ReadPublic_In)); + ReadPublic_Out *out = (ReadPublic_Out *) + MemoryGetOutBuffer(sizeof(ReadPublic_Out)); + in->objectHandle = handles[0]; + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_ReadPublic (in, out); + rSize = sizeof(ReadPublic_Out); + *respParmSize += TPM2B_PUBLIC_Marshal(&out->outPublic, + responseBuffer, &rSize); + *respParmSize += TPM2B_NAME_Marshal(&out->name, + responseBuffer, &rSize); + *respParmSize += TPM2B_NAME_Marshal(&out->qualifiedName, + responseBuffer, &rSize); +break; +} +#endif // CC_ReadPublic +#if CC_ActivateCredential +case TPM_CC_ActivateCredential: { + ActivateCredential_In *in = (ActivateCredential_In *) + MemoryGetInBuffer(sizeof(ActivateCredential_In)); + ActivateCredential_Out *out = (ActivateCredential_Out *) + MemoryGetOutBuffer(sizeof(ActivateCredential_Out)); + in->activateHandle = handles[0]; + in->keyHandle = handles[1]; + result = TPM2B_ID_OBJECT_Unmarshal(&in->credentialBlob, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_ActivateCredential_credentialBlob); + result = TPM2B_ENCRYPTED_SECRET_Unmarshal(&in->secret, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_ActivateCredential_secret); + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_ActivateCredential (in, out); + rSize = sizeof(ActivateCredential_Out); + *respParmSize += TPM2B_DIGEST_Marshal(&out->certInfo, + responseBuffer, &rSize); +break; +} +#endif // CC_ActivateCredential +#if CC_MakeCredential +case TPM_CC_MakeCredential: { + MakeCredential_In *in = (MakeCredential_In *) + MemoryGetInBuffer(sizeof(MakeCredential_In)); + MakeCredential_Out *out = (MakeCredential_Out *) + MemoryGetOutBuffer(sizeof(MakeCredential_Out)); + in->handle = handles[0]; + result = TPM2B_DIGEST_Unmarshal(&in->credential, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_MakeCredential_credential); + result = TPM2B_NAME_Unmarshal(&in->objectName, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_MakeCredential_objectName); + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_MakeCredential (in, out); + rSize = sizeof(MakeCredential_Out); + *respParmSize += TPM2B_ID_OBJECT_Marshal(&out->credentialBlob, + responseBuffer, &rSize); + *respParmSize += TPM2B_ENCRYPTED_SECRET_Marshal(&out->secret, + responseBuffer, &rSize); +break; +} +#endif // CC_MakeCredential +#if CC_Unseal +case TPM_CC_Unseal: { + Unseal_In *in = (Unseal_In *) + MemoryGetInBuffer(sizeof(Unseal_In)); + Unseal_Out *out = (Unseal_Out *) + MemoryGetOutBuffer(sizeof(Unseal_Out)); + in->itemHandle = handles[0]; + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_Unseal (in, out); + rSize = sizeof(Unseal_Out); + *respParmSize += TPM2B_SENSITIVE_DATA_Marshal(&out->outData, + responseBuffer, &rSize); +break; +} +#endif // CC_Unseal +#if CC_ObjectChangeAuth +case TPM_CC_ObjectChangeAuth: { + ObjectChangeAuth_In *in = (ObjectChangeAuth_In *) + MemoryGetInBuffer(sizeof(ObjectChangeAuth_In)); + ObjectChangeAuth_Out *out = (ObjectChangeAuth_Out *) + MemoryGetOutBuffer(sizeof(ObjectChangeAuth_Out)); + in->objectHandle = handles[0]; + in->parentHandle = handles[1]; + result = TPM2B_AUTH_Unmarshal(&in->newAuth, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_ObjectChangeAuth_newAuth); + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_ObjectChangeAuth (in, out); + rSize = sizeof(ObjectChangeAuth_Out); + *respParmSize += TPM2B_PRIVATE_Marshal(&out->outPrivate, + responseBuffer, &rSize); +break; +} +#endif // CC_ObjectChangeAuth +#if CC_CreateLoaded +case TPM_CC_CreateLoaded: { + CreateLoaded_In *in = (CreateLoaded_In *) + MemoryGetInBuffer(sizeof(CreateLoaded_In)); + CreateLoaded_Out *out = (CreateLoaded_Out *) + MemoryGetOutBuffer(sizeof(CreateLoaded_Out)); + in->parentHandle = handles[0]; + result = TPM2B_SENSITIVE_CREATE_Unmarshal(&in->inSensitive, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_CreateLoaded_inSensitive); + result = TPM2B_TEMPLATE_Unmarshal(&in->inPublic, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_CreateLoaded_inPublic); + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_CreateLoaded (in, out); + rSize = sizeof(CreateLoaded_Out); + if(TPM_RC_SUCCESS != result) goto Exit; +; command->handles[command->handleNum++] = out->objectHandle; + *respParmSize += TPM2B_PRIVATE_Marshal(&out->outPrivate, + responseBuffer, &rSize); + *respParmSize += TPM2B_PUBLIC_Marshal(&out->outPublic, + responseBuffer, &rSize); + *respParmSize += TPM2B_NAME_Marshal(&out->name, + responseBuffer, &rSize); +break; +} +#endif // CC_CreateLoaded +#if CC_Duplicate +case TPM_CC_Duplicate: { + Duplicate_In *in = (Duplicate_In *) + MemoryGetInBuffer(sizeof(Duplicate_In)); + Duplicate_Out *out = (Duplicate_Out *) + MemoryGetOutBuffer(sizeof(Duplicate_Out)); + in->objectHandle = handles[0]; + in->newParentHandle = handles[1]; + result = TPM2B_DATA_Unmarshal(&in->encryptionKeyIn, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_Duplicate_encryptionKeyIn); + result = TPMT_SYM_DEF_OBJECT_Unmarshal(&in->symmetricAlg, paramBuffer, paramBufferSize, TRUE); + ERROR_IF_EXIT_PLUS(RC_Duplicate_symmetricAlg); + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_Duplicate (in, out); + rSize = sizeof(Duplicate_Out); + *respParmSize += TPM2B_DATA_Marshal(&out->encryptionKeyOut, + responseBuffer, &rSize); + *respParmSize += TPM2B_PRIVATE_Marshal(&out->duplicate, + responseBuffer, &rSize); + *respParmSize += TPM2B_ENCRYPTED_SECRET_Marshal(&out->outSymSeed, + responseBuffer, &rSize); +break; +} +#endif // CC_Duplicate +#if CC_Rewrap +case TPM_CC_Rewrap: { + Rewrap_In *in = (Rewrap_In *) + MemoryGetInBuffer(sizeof(Rewrap_In)); + Rewrap_Out *out = (Rewrap_Out *) + MemoryGetOutBuffer(sizeof(Rewrap_Out)); + in->oldParent = handles[0]; + in->newParent = handles[1]; + result = TPM2B_PRIVATE_Unmarshal(&in->inDuplicate, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_Rewrap_inDuplicate); + result = TPM2B_NAME_Unmarshal(&in->name, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_Rewrap_name); + result = TPM2B_ENCRYPTED_SECRET_Unmarshal(&in->inSymSeed, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_Rewrap_inSymSeed); + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_Rewrap (in, out); + rSize = sizeof(Rewrap_Out); + *respParmSize += TPM2B_PRIVATE_Marshal(&out->outDuplicate, + responseBuffer, &rSize); + *respParmSize += TPM2B_ENCRYPTED_SECRET_Marshal(&out->outSymSeed, + responseBuffer, &rSize); +break; +} +#endif // CC_Rewrap +#if CC_Import +case TPM_CC_Import: { + Import_In *in = (Import_In *) + MemoryGetInBuffer(sizeof(Import_In)); + Import_Out *out = (Import_Out *) + MemoryGetOutBuffer(sizeof(Import_Out)); + in->parentHandle = handles[0]; + result = TPM2B_DATA_Unmarshal(&in->encryptionKey, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_Import_encryptionKey); + result = TPM2B_PUBLIC_Unmarshal(&in->objectPublic, paramBuffer, paramBufferSize, FALSE); + ERROR_IF_EXIT_PLUS(RC_Import_objectPublic); + result = TPM2B_PRIVATE_Unmarshal(&in->duplicate, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_Import_duplicate); + result = TPM2B_ENCRYPTED_SECRET_Unmarshal(&in->inSymSeed, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_Import_inSymSeed); + result = TPMT_SYM_DEF_OBJECT_Unmarshal(&in->symmetricAlg, paramBuffer, paramBufferSize, TRUE); + ERROR_IF_EXIT_PLUS(RC_Import_symmetricAlg); + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_Import (in, out); + rSize = sizeof(Import_Out); + *respParmSize += TPM2B_PRIVATE_Marshal(&out->outPrivate, + responseBuffer, &rSize); +break; +} +#endif // CC_Import +#if CC_RSA_Encrypt +case TPM_CC_RSA_Encrypt: { + RSA_Encrypt_In *in = (RSA_Encrypt_In *) + MemoryGetInBuffer(sizeof(RSA_Encrypt_In)); + RSA_Encrypt_Out *out = (RSA_Encrypt_Out *) + MemoryGetOutBuffer(sizeof(RSA_Encrypt_Out)); + in->keyHandle = handles[0]; + result = TPM2B_PUBLIC_KEY_RSA_Unmarshal(&in->message, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_RSA_Encrypt_message); + result = TPMT_RSA_DECRYPT_Unmarshal(&in->inScheme, paramBuffer, paramBufferSize, TRUE); + ERROR_IF_EXIT_PLUS(RC_RSA_Encrypt_inScheme); + result = TPM2B_DATA_Unmarshal(&in->label, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_RSA_Encrypt_label); + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_RSA_Encrypt (in, out); + rSize = sizeof(RSA_Encrypt_Out); + *respParmSize += TPM2B_PUBLIC_KEY_RSA_Marshal(&out->outData, + responseBuffer, &rSize); +break; +} +#endif // CC_RSA_Encrypt +#if CC_RSA_Decrypt +case TPM_CC_RSA_Decrypt: { + RSA_Decrypt_In *in = (RSA_Decrypt_In *) + MemoryGetInBuffer(sizeof(RSA_Decrypt_In)); + RSA_Decrypt_Out *out = (RSA_Decrypt_Out *) + MemoryGetOutBuffer(sizeof(RSA_Decrypt_Out)); + in->keyHandle = handles[0]; + result = TPM2B_PUBLIC_KEY_RSA_Unmarshal(&in->cipherText, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_RSA_Decrypt_cipherText); + result = TPMT_RSA_DECRYPT_Unmarshal(&in->inScheme, paramBuffer, paramBufferSize, TRUE); + ERROR_IF_EXIT_PLUS(RC_RSA_Decrypt_inScheme); + result = TPM2B_DATA_Unmarshal(&in->label, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_RSA_Decrypt_label); + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_RSA_Decrypt (in, out); + rSize = sizeof(RSA_Decrypt_Out); + *respParmSize += TPM2B_PUBLIC_KEY_RSA_Marshal(&out->message, + responseBuffer, &rSize); +break; +} +#endif // CC_RSA_Decrypt +#if CC_ECDH_KeyGen +case TPM_CC_ECDH_KeyGen: { + ECDH_KeyGen_In *in = (ECDH_KeyGen_In *) + MemoryGetInBuffer(sizeof(ECDH_KeyGen_In)); + ECDH_KeyGen_Out *out = (ECDH_KeyGen_Out *) + MemoryGetOutBuffer(sizeof(ECDH_KeyGen_Out)); + in->keyHandle = handles[0]; + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_ECDH_KeyGen (in, out); + rSize = sizeof(ECDH_KeyGen_Out); + *respParmSize += TPM2B_ECC_POINT_Marshal(&out->zPoint, + responseBuffer, &rSize); + *respParmSize += TPM2B_ECC_POINT_Marshal(&out->pubPoint, + responseBuffer, &rSize); +break; +} +#endif // CC_ECDH_KeyGen +#if CC_ECDH_ZGen +case TPM_CC_ECDH_ZGen: { + ECDH_ZGen_In *in = (ECDH_ZGen_In *) + MemoryGetInBuffer(sizeof(ECDH_ZGen_In)); + ECDH_ZGen_Out *out = (ECDH_ZGen_Out *) + MemoryGetOutBuffer(sizeof(ECDH_ZGen_Out)); + in->keyHandle = handles[0]; + result = TPM2B_ECC_POINT_Unmarshal(&in->inPoint, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_ECDH_ZGen_inPoint); + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_ECDH_ZGen (in, out); + rSize = sizeof(ECDH_ZGen_Out); + *respParmSize += TPM2B_ECC_POINT_Marshal(&out->outPoint, + responseBuffer, &rSize); +break; +} +#endif // CC_ECDH_ZGen +#if CC_ECC_Parameters +case TPM_CC_ECC_Parameters: { + ECC_Parameters_In *in = (ECC_Parameters_In *) + MemoryGetInBuffer(sizeof(ECC_Parameters_In)); + ECC_Parameters_Out *out = (ECC_Parameters_Out *) + MemoryGetOutBuffer(sizeof(ECC_Parameters_Out)); + result = TPMI_ECC_CURVE_Unmarshal(&in->curveID, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_ECC_Parameters_curveID); + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_ECC_Parameters (in, out); + rSize = sizeof(ECC_Parameters_Out); + *respParmSize += TPMS_ALGORITHM_DETAIL_ECC_Marshal(&out->parameters, + responseBuffer, &rSize); +break; +} +#endif // CC_ECC_Parameters +#if CC_ZGen_2Phase +case TPM_CC_ZGen_2Phase: { + ZGen_2Phase_In *in = (ZGen_2Phase_In *) + MemoryGetInBuffer(sizeof(ZGen_2Phase_In)); + ZGen_2Phase_Out *out = (ZGen_2Phase_Out *) + MemoryGetOutBuffer(sizeof(ZGen_2Phase_Out)); + in->keyA = handles[0]; + result = TPM2B_ECC_POINT_Unmarshal(&in->inQsB, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_ZGen_2Phase_inQsB); + result = TPM2B_ECC_POINT_Unmarshal(&in->inQeB, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_ZGen_2Phase_inQeB); + result = TPMI_ECC_KEY_EXCHANGE_Unmarshal(&in->inScheme, paramBuffer, paramBufferSize, FALSE); + ERROR_IF_EXIT_PLUS(RC_ZGen_2Phase_inScheme); + result = UINT16_Unmarshal(&in->counter, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_ZGen_2Phase_counter); + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_ZGen_2Phase (in, out); + rSize = sizeof(ZGen_2Phase_Out); + *respParmSize += TPM2B_ECC_POINT_Marshal(&out->outZ1, + responseBuffer, &rSize); + *respParmSize += TPM2B_ECC_POINT_Marshal(&out->outZ2, + responseBuffer, &rSize); +break; +} +#endif // CC_ZGen_2Phase +#if CC_EncryptDecrypt +case TPM_CC_EncryptDecrypt: { + EncryptDecrypt_In *in = (EncryptDecrypt_In *) + MemoryGetInBuffer(sizeof(EncryptDecrypt_In)); + EncryptDecrypt_Out *out = (EncryptDecrypt_Out *) + MemoryGetOutBuffer(sizeof(EncryptDecrypt_Out)); + in->keyHandle = handles[0]; + result = TPMI_YES_NO_Unmarshal(&in->decrypt, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_EncryptDecrypt_decrypt); + result = TPMI_ALG_CIPHER_MODE_Unmarshal(&in->mode, paramBuffer, paramBufferSize, TRUE); + ERROR_IF_EXIT_PLUS(RC_EncryptDecrypt_mode); + result = TPM2B_IV_Unmarshal(&in->ivIn, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_EncryptDecrypt_ivIn); + result = TPM2B_MAX_BUFFER_Unmarshal(&in->inData, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_EncryptDecrypt_inData); + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_EncryptDecrypt (in, out); + rSize = sizeof(EncryptDecrypt_Out); + *respParmSize += TPM2B_MAX_BUFFER_Marshal(&out->outData, + responseBuffer, &rSize); + *respParmSize += TPM2B_IV_Marshal(&out->ivOut, + responseBuffer, &rSize); +break; +} +#endif // CC_EncryptDecrypt +#if CC_EncryptDecrypt2 +case TPM_CC_EncryptDecrypt2: { + EncryptDecrypt2_In *in = (EncryptDecrypt2_In *) + MemoryGetInBuffer(sizeof(EncryptDecrypt2_In)); + EncryptDecrypt2_Out *out = (EncryptDecrypt2_Out *) + MemoryGetOutBuffer(sizeof(EncryptDecrypt2_Out)); + in->keyHandle = handles[0]; + result = TPM2B_MAX_BUFFER_Unmarshal(&in->inData, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_EncryptDecrypt2_inData); + result = TPMI_YES_NO_Unmarshal(&in->decrypt, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_EncryptDecrypt2_decrypt); + result = TPMI_ALG_CIPHER_MODE_Unmarshal(&in->mode, paramBuffer, paramBufferSize, TRUE); + ERROR_IF_EXIT_PLUS(RC_EncryptDecrypt2_mode); + result = TPM2B_IV_Unmarshal(&in->ivIn, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_EncryptDecrypt2_ivIn); + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_EncryptDecrypt2 (in, out); + rSize = sizeof(EncryptDecrypt2_Out); + *respParmSize += TPM2B_MAX_BUFFER_Marshal(&out->outData, + responseBuffer, &rSize); + *respParmSize += TPM2B_IV_Marshal(&out->ivOut, + responseBuffer, &rSize); +break; +} +#endif // CC_EncryptDecrypt2 +#if CC_Hash +case TPM_CC_Hash: { + Hash_In *in = (Hash_In *) + MemoryGetInBuffer(sizeof(Hash_In)); + Hash_Out *out = (Hash_Out *) + MemoryGetOutBuffer(sizeof(Hash_Out)); + result = TPM2B_MAX_BUFFER_Unmarshal(&in->data, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_Hash_data); + result = TPMI_ALG_HASH_Unmarshal(&in->hashAlg, paramBuffer, paramBufferSize, FALSE); + ERROR_IF_EXIT_PLUS(RC_Hash_hashAlg); + result = TPMI_RH_HIERARCHY_Unmarshal(&in->hierarchy, paramBuffer, paramBufferSize, TRUE); + ERROR_IF_EXIT_PLUS(RC_Hash_hierarchy); + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_Hash (in, out); + rSize = sizeof(Hash_Out); + *respParmSize += TPM2B_DIGEST_Marshal(&out->outHash, + responseBuffer, &rSize); + *respParmSize += TPMT_TK_HASHCHECK_Marshal(&out->validation, + responseBuffer, &rSize); +break; +} +#endif // CC_Hash +#if CC_HMAC +case TPM_CC_HMAC: { + HMAC_In *in = (HMAC_In *) + MemoryGetInBuffer(sizeof(HMAC_In)); + HMAC_Out *out = (HMAC_Out *) + MemoryGetOutBuffer(sizeof(HMAC_Out)); + in->handle = handles[0]; + result = TPM2B_MAX_BUFFER_Unmarshal(&in->buffer, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_HMAC_buffer); + result = TPMI_ALG_HASH_Unmarshal(&in->hashAlg, paramBuffer, paramBufferSize, TRUE); + ERROR_IF_EXIT_PLUS(RC_HMAC_hashAlg); + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_HMAC (in, out); + rSize = sizeof(HMAC_Out); + *respParmSize += TPM2B_DIGEST_Marshal(&out->outHMAC, + responseBuffer, &rSize); +break; +} +#endif // CC_HMAC +#if CC_MAC +case TPM_CC_MAC: { + MAC_In *in = (MAC_In *) + MemoryGetInBuffer(sizeof(MAC_In)); + MAC_Out *out = (MAC_Out *) + MemoryGetOutBuffer(sizeof(MAC_Out)); + in->handle = handles[0]; + result = TPM2B_MAX_BUFFER_Unmarshal(&in->buffer, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_MAC_buffer); + result = TPMI_ALG_MAC_SCHEME_Unmarshal(&in->inScheme, paramBuffer, paramBufferSize, TRUE); + ERROR_IF_EXIT_PLUS(RC_MAC_inScheme); + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_MAC (in, out); + rSize = sizeof(MAC_Out); + *respParmSize += TPM2B_DIGEST_Marshal(&out->outMAC, + responseBuffer, &rSize); +break; +} +#endif // CC_MAC +#if CC_GetRandom +case TPM_CC_GetRandom: { + GetRandom_In *in = (GetRandom_In *) + MemoryGetInBuffer(sizeof(GetRandom_In)); + GetRandom_Out *out = (GetRandom_Out *) + MemoryGetOutBuffer(sizeof(GetRandom_Out)); + result = UINT16_Unmarshal(&in->bytesRequested, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_GetRandom_bytesRequested); + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_GetRandom (in, out); + rSize = sizeof(GetRandom_Out); + *respParmSize += TPM2B_DIGEST_Marshal(&out->randomBytes, + responseBuffer, &rSize); +break; +} +#endif // CC_GetRandom +#if CC_StirRandom +case TPM_CC_StirRandom: { + StirRandom_In *in = (StirRandom_In *) + MemoryGetInBuffer(sizeof(StirRandom_In)); + result = TPM2B_SENSITIVE_DATA_Unmarshal(&in->inData, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_StirRandom_inData); + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_StirRandom (in); +break; +} +#endif // CC_StirRandom +#if CC_HMAC_Start +case TPM_CC_HMAC_Start: { + HMAC_Start_In *in = (HMAC_Start_In *) + MemoryGetInBuffer(sizeof(HMAC_Start_In)); + HMAC_Start_Out *out = (HMAC_Start_Out *) + MemoryGetOutBuffer(sizeof(HMAC_Start_Out)); + in->handle = handles[0]; + result = TPM2B_AUTH_Unmarshal(&in->auth, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_HMAC_Start_auth); + result = TPMI_ALG_HASH_Unmarshal(&in->hashAlg, paramBuffer, paramBufferSize, TRUE); + ERROR_IF_EXIT_PLUS(RC_HMAC_Start_hashAlg); + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_HMAC_Start (in, out); + rSize = sizeof(HMAC_Start_Out); + if(TPM_RC_SUCCESS != result) goto Exit; +; command->handles[command->handleNum++] = out->sequenceHandle; +break; +} +#endif // CC_HMAC_Start +#if CC_MAC_Start +case TPM_CC_MAC_Start: { + MAC_Start_In *in = (MAC_Start_In *) + MemoryGetInBuffer(sizeof(MAC_Start_In)); + MAC_Start_Out *out = (MAC_Start_Out *) + MemoryGetOutBuffer(sizeof(MAC_Start_Out)); + in->handle = handles[0]; + result = TPM2B_AUTH_Unmarshal(&in->auth, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_MAC_Start_auth); + result = TPMI_ALG_MAC_SCHEME_Unmarshal(&in->inScheme, paramBuffer, paramBufferSize, TRUE); + ERROR_IF_EXIT_PLUS(RC_MAC_Start_inScheme); + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_MAC_Start (in, out); + rSize = sizeof(MAC_Start_Out); + if(TPM_RC_SUCCESS != result) goto Exit; +; command->handles[command->handleNum++] = out->sequenceHandle; +break; +} +#endif // CC_MAC_Start +#if CC_HashSequenceStart +case TPM_CC_HashSequenceStart: { + HashSequenceStart_In *in = (HashSequenceStart_In *) + MemoryGetInBuffer(sizeof(HashSequenceStart_In)); + HashSequenceStart_Out *out = (HashSequenceStart_Out *) + MemoryGetOutBuffer(sizeof(HashSequenceStart_Out)); + result = TPM2B_AUTH_Unmarshal(&in->auth, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_HashSequenceStart_auth); + result = TPMI_ALG_HASH_Unmarshal(&in->hashAlg, paramBuffer, paramBufferSize, TRUE); + ERROR_IF_EXIT_PLUS(RC_HashSequenceStart_hashAlg); + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_HashSequenceStart (in, out); + rSize = sizeof(HashSequenceStart_Out); + if(TPM_RC_SUCCESS != result) goto Exit; +; command->handles[command->handleNum++] = out->sequenceHandle; +break; +} +#endif // CC_HashSequenceStart +#if CC_SequenceUpdate +case TPM_CC_SequenceUpdate: { + SequenceUpdate_In *in = (SequenceUpdate_In *) + MemoryGetInBuffer(sizeof(SequenceUpdate_In)); + in->sequenceHandle = handles[0]; + result = TPM2B_MAX_BUFFER_Unmarshal(&in->buffer, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_SequenceUpdate_buffer); + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_SequenceUpdate (in); +break; +} +#endif // CC_SequenceUpdate +#if CC_SequenceComplete +case TPM_CC_SequenceComplete: { + SequenceComplete_In *in = (SequenceComplete_In *) + MemoryGetInBuffer(sizeof(SequenceComplete_In)); + SequenceComplete_Out *out = (SequenceComplete_Out *) + MemoryGetOutBuffer(sizeof(SequenceComplete_Out)); + in->sequenceHandle = handles[0]; + result = TPM2B_MAX_BUFFER_Unmarshal(&in->buffer, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_SequenceComplete_buffer); + result = TPMI_RH_HIERARCHY_Unmarshal(&in->hierarchy, paramBuffer, paramBufferSize, TRUE); + ERROR_IF_EXIT_PLUS(RC_SequenceComplete_hierarchy); + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_SequenceComplete (in, out); + rSize = sizeof(SequenceComplete_Out); + *respParmSize += TPM2B_DIGEST_Marshal(&out->result, + responseBuffer, &rSize); + *respParmSize += TPMT_TK_HASHCHECK_Marshal(&out->validation, + responseBuffer, &rSize); +break; +} +#endif // CC_SequenceComplete +#if CC_EventSequenceComplete +case TPM_CC_EventSequenceComplete: { + EventSequenceComplete_In *in = (EventSequenceComplete_In *) + MemoryGetInBuffer(sizeof(EventSequenceComplete_In)); + EventSequenceComplete_Out *out = (EventSequenceComplete_Out *) + MemoryGetOutBuffer(sizeof(EventSequenceComplete_Out)); + in->pcrHandle = handles[0]; + in->sequenceHandle = handles[1]; + result = TPM2B_MAX_BUFFER_Unmarshal(&in->buffer, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_EventSequenceComplete_buffer); + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_EventSequenceComplete (in, out); + rSize = sizeof(EventSequenceComplete_Out); + *respParmSize += TPML_DIGEST_VALUES_Marshal(&out->results, + responseBuffer, &rSize); +break; +} +#endif // CC_EventSequenceComplete +#if CC_Certify +case TPM_CC_Certify: { + Certify_In *in = (Certify_In *) + MemoryGetInBuffer(sizeof(Certify_In)); + Certify_Out *out = (Certify_Out *) + MemoryGetOutBuffer(sizeof(Certify_Out)); + in->objectHandle = handles[0]; + in->signHandle = handles[1]; + result = TPM2B_DATA_Unmarshal(&in->qualifyingData, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_Certify_qualifyingData); + result = TPMT_SIG_SCHEME_Unmarshal(&in->inScheme, paramBuffer, paramBufferSize, TRUE); + ERROR_IF_EXIT_PLUS(RC_Certify_inScheme); + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_Certify (in, out); + rSize = sizeof(Certify_Out); + *respParmSize += TPM2B_ATTEST_Marshal(&out->certifyInfo, + responseBuffer, &rSize); + *respParmSize += TPMT_SIGNATURE_Marshal(&out->signature, + responseBuffer, &rSize); +break; +} +#endif // CC_Certify +#if CC_CertifyCreation +case TPM_CC_CertifyCreation: { + CertifyCreation_In *in = (CertifyCreation_In *) + MemoryGetInBuffer(sizeof(CertifyCreation_In)); + CertifyCreation_Out *out = (CertifyCreation_Out *) + MemoryGetOutBuffer(sizeof(CertifyCreation_Out)); + in->signHandle = handles[0]; + in->objectHandle = handles[1]; + result = TPM2B_DATA_Unmarshal(&in->qualifyingData, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_CertifyCreation_qualifyingData); + result = TPM2B_DIGEST_Unmarshal(&in->creationHash, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_CertifyCreation_creationHash); + result = TPMT_SIG_SCHEME_Unmarshal(&in->inScheme, paramBuffer, paramBufferSize, TRUE); + ERROR_IF_EXIT_PLUS(RC_CertifyCreation_inScheme); + result = TPMT_TK_CREATION_Unmarshal(&in->creationTicket, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_CertifyCreation_creationTicket); + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_CertifyCreation (in, out); + rSize = sizeof(CertifyCreation_Out); + *respParmSize += TPM2B_ATTEST_Marshal(&out->certifyInfo, + responseBuffer, &rSize); + *respParmSize += TPMT_SIGNATURE_Marshal(&out->signature, + responseBuffer, &rSize); +break; +} +#endif // CC_CertifyCreation +#if CC_Quote +case TPM_CC_Quote: { + Quote_In *in = (Quote_In *) + MemoryGetInBuffer(sizeof(Quote_In)); + Quote_Out *out = (Quote_Out *) + MemoryGetOutBuffer(sizeof(Quote_Out)); + in->signHandle = handles[0]; + result = TPM2B_DATA_Unmarshal(&in->qualifyingData, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_Quote_qualifyingData); + result = TPMT_SIG_SCHEME_Unmarshal(&in->inScheme, paramBuffer, paramBufferSize, TRUE); + ERROR_IF_EXIT_PLUS(RC_Quote_inScheme); + result = TPML_PCR_SELECTION_Unmarshal(&in->PCRselect, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_Quote_PCRselect); + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_Quote (in, out); + rSize = sizeof(Quote_Out); + *respParmSize += TPM2B_ATTEST_Marshal(&out->quoted, + responseBuffer, &rSize); + *respParmSize += TPMT_SIGNATURE_Marshal(&out->signature, + responseBuffer, &rSize); +break; +} +#endif // CC_Quote +#if CC_GetSessionAuditDigest +case TPM_CC_GetSessionAuditDigest: { + GetSessionAuditDigest_In *in = (GetSessionAuditDigest_In *) + MemoryGetInBuffer(sizeof(GetSessionAuditDigest_In)); + GetSessionAuditDigest_Out *out = (GetSessionAuditDigest_Out *) + MemoryGetOutBuffer(sizeof(GetSessionAuditDigest_Out)); + in->privacyAdminHandle = handles[0]; + in->signHandle = handles[1]; + in->sessionHandle = handles[2]; + result = TPM2B_DATA_Unmarshal(&in->qualifyingData, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_GetSessionAuditDigest_qualifyingData); + result = TPMT_SIG_SCHEME_Unmarshal(&in->inScheme, paramBuffer, paramBufferSize, TRUE); + ERROR_IF_EXIT_PLUS(RC_GetSessionAuditDigest_inScheme); + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_GetSessionAuditDigest (in, out); + rSize = sizeof(GetSessionAuditDigest_Out); + *respParmSize += TPM2B_ATTEST_Marshal(&out->auditInfo, + responseBuffer, &rSize); + *respParmSize += TPMT_SIGNATURE_Marshal(&out->signature, + responseBuffer, &rSize); +break; +} +#endif // CC_GetSessionAuditDigest +#if CC_GetCommandAuditDigest +case TPM_CC_GetCommandAuditDigest: { + GetCommandAuditDigest_In *in = (GetCommandAuditDigest_In *) + MemoryGetInBuffer(sizeof(GetCommandAuditDigest_In)); + GetCommandAuditDigest_Out *out = (GetCommandAuditDigest_Out *) + MemoryGetOutBuffer(sizeof(GetCommandAuditDigest_Out)); + in->privacyHandle = handles[0]; + in->signHandle = handles[1]; + result = TPM2B_DATA_Unmarshal(&in->qualifyingData, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_GetCommandAuditDigest_qualifyingData); + result = TPMT_SIG_SCHEME_Unmarshal(&in->inScheme, paramBuffer, paramBufferSize, TRUE); + ERROR_IF_EXIT_PLUS(RC_GetCommandAuditDigest_inScheme); + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_GetCommandAuditDigest (in, out); + rSize = sizeof(GetCommandAuditDigest_Out); + *respParmSize += TPM2B_ATTEST_Marshal(&out->auditInfo, + responseBuffer, &rSize); + *respParmSize += TPMT_SIGNATURE_Marshal(&out->signature, + responseBuffer, &rSize); +break; +} +#endif // CC_GetCommandAuditDigest +#if CC_GetTime +case TPM_CC_GetTime: { + GetTime_In *in = (GetTime_In *) + MemoryGetInBuffer(sizeof(GetTime_In)); + GetTime_Out *out = (GetTime_Out *) + MemoryGetOutBuffer(sizeof(GetTime_Out)); + in->privacyAdminHandle = handles[0]; + in->signHandle = handles[1]; + result = TPM2B_DATA_Unmarshal(&in->qualifyingData, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_GetTime_qualifyingData); + result = TPMT_SIG_SCHEME_Unmarshal(&in->inScheme, paramBuffer, paramBufferSize, TRUE); + ERROR_IF_EXIT_PLUS(RC_GetTime_inScheme); + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_GetTime (in, out); + rSize = sizeof(GetTime_Out); + *respParmSize += TPM2B_ATTEST_Marshal(&out->timeInfo, + responseBuffer, &rSize); + *respParmSize += TPMT_SIGNATURE_Marshal(&out->signature, + responseBuffer, &rSize); +break; +} +#endif // CC_GetTime +#if CC_CertifyX509 +case TPM_CC_CertifyX509: { + CertifyX509_In *in = (CertifyX509_In *) + MemoryGetInBuffer(sizeof(CertifyX509_In)); + CertifyX509_Out *out = (CertifyX509_Out *) + MemoryGetOutBuffer(sizeof(CertifyX509_Out)); + in->objectHandle = handles[0]; + in->signHandle = handles[1]; + result = TPM2B_DATA_Unmarshal(&in->qualifyingData, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_CertifyX509_qualifyingData); + result = TPMT_SIG_SCHEME_Unmarshal(&in->inScheme, paramBuffer, paramBufferSize, TRUE); + ERROR_IF_EXIT_PLUS(RC_CertifyX509_inScheme); + result = TPM2B_MAX_BUFFER_Unmarshal(&in->partialCertificate, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_CertifyX509_partialCertificate); + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_CertifyX509 (in, out); + rSize = sizeof(CertifyX509_Out); + *respParmSize += TPM2B_MAX_BUFFER_Marshal(&out->addedToCertificate, + responseBuffer, &rSize); + *respParmSize += TPM2B_DIGEST_Marshal(&out->tbsDigest, + responseBuffer, &rSize); + *respParmSize += TPMT_SIGNATURE_Marshal(&out->signature, + responseBuffer, &rSize); +break; +} +#endif // CC_CertifyX509 +#if CC_Commit +case TPM_CC_Commit: { + Commit_In *in = (Commit_In *) + MemoryGetInBuffer(sizeof(Commit_In)); + Commit_Out *out = (Commit_Out *) + MemoryGetOutBuffer(sizeof(Commit_Out)); + in->signHandle = handles[0]; + result = TPM2B_ECC_POINT_Unmarshal(&in->P1, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_Commit_P1); + result = TPM2B_SENSITIVE_DATA_Unmarshal(&in->s2, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_Commit_s2); + result = TPM2B_ECC_PARAMETER_Unmarshal(&in->y2, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_Commit_y2); + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_Commit (in, out); + rSize = sizeof(Commit_Out); + *respParmSize += TPM2B_ECC_POINT_Marshal(&out->K, + responseBuffer, &rSize); + *respParmSize += TPM2B_ECC_POINT_Marshal(&out->L, + responseBuffer, &rSize); + *respParmSize += TPM2B_ECC_POINT_Marshal(&out->E, + responseBuffer, &rSize); + *respParmSize += UINT16_Marshal(&out->counter, + responseBuffer, &rSize); +break; +} +#endif // CC_Commit +#if CC_EC_Ephemeral +case TPM_CC_EC_Ephemeral: { + EC_Ephemeral_In *in = (EC_Ephemeral_In *) + MemoryGetInBuffer(sizeof(EC_Ephemeral_In)); + EC_Ephemeral_Out *out = (EC_Ephemeral_Out *) + MemoryGetOutBuffer(sizeof(EC_Ephemeral_Out)); + result = TPMI_ECC_CURVE_Unmarshal(&in->curveID, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_EC_Ephemeral_curveID); + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_EC_Ephemeral (in, out); + rSize = sizeof(EC_Ephemeral_Out); + *respParmSize += TPM2B_ECC_POINT_Marshal(&out->Q, + responseBuffer, &rSize); + *respParmSize += UINT16_Marshal(&out->counter, + responseBuffer, &rSize); +break; +} +#endif // CC_EC_Ephemeral +#if CC_VerifySignature +case TPM_CC_VerifySignature: { + VerifySignature_In *in = (VerifySignature_In *) + MemoryGetInBuffer(sizeof(VerifySignature_In)); + VerifySignature_Out *out = (VerifySignature_Out *) + MemoryGetOutBuffer(sizeof(VerifySignature_Out)); + in->keyHandle = handles[0]; + result = TPM2B_DIGEST_Unmarshal(&in->digest, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_VerifySignature_digest); + result = TPMT_SIGNATURE_Unmarshal(&in->signature, paramBuffer, paramBufferSize, FALSE); + ERROR_IF_EXIT_PLUS(RC_VerifySignature_signature); + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_VerifySignature (in, out); + rSize = sizeof(VerifySignature_Out); + *respParmSize += TPMT_TK_VERIFIED_Marshal(&out->validation, + responseBuffer, &rSize); +break; +} +#endif // CC_VerifySignature +#if CC_Sign +case TPM_CC_Sign: { + Sign_In *in = (Sign_In *) + MemoryGetInBuffer(sizeof(Sign_In)); + Sign_Out *out = (Sign_Out *) + MemoryGetOutBuffer(sizeof(Sign_Out)); + in->keyHandle = handles[0]; + result = TPM2B_DIGEST_Unmarshal(&in->digest, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_Sign_digest); + result = TPMT_SIG_SCHEME_Unmarshal(&in->inScheme, paramBuffer, paramBufferSize, TRUE); + ERROR_IF_EXIT_PLUS(RC_Sign_inScheme); + result = TPMT_TK_HASHCHECK_Unmarshal(&in->validation, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_Sign_validation); + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_Sign (in, out); + rSize = sizeof(Sign_Out); + *respParmSize += TPMT_SIGNATURE_Marshal(&out->signature, + responseBuffer, &rSize); +break; +} +#endif // CC_Sign +#if CC_SetCommandCodeAuditStatus +case TPM_CC_SetCommandCodeAuditStatus: { + SetCommandCodeAuditStatus_In *in = (SetCommandCodeAuditStatus_In *) + MemoryGetInBuffer(sizeof(SetCommandCodeAuditStatus_In)); + in->auth = handles[0]; + result = TPMI_ALG_HASH_Unmarshal(&in->auditAlg, paramBuffer, paramBufferSize, TRUE); + ERROR_IF_EXIT_PLUS(RC_SetCommandCodeAuditStatus_auditAlg); + result = TPML_CC_Unmarshal(&in->setList, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_SetCommandCodeAuditStatus_setList); + result = TPML_CC_Unmarshal(&in->clearList, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_SetCommandCodeAuditStatus_clearList); + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_SetCommandCodeAuditStatus (in); +break; +} +#endif // CC_SetCommandCodeAuditStatus +#if CC_PCR_Extend +case TPM_CC_PCR_Extend: { + PCR_Extend_In *in = (PCR_Extend_In *) + MemoryGetInBuffer(sizeof(PCR_Extend_In)); + in->pcrHandle = handles[0]; + result = TPML_DIGEST_VALUES_Unmarshal(&in->digests, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_PCR_Extend_digests); + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_PCR_Extend (in); +break; +} +#endif // CC_PCR_Extend +#if CC_PCR_Event +case TPM_CC_PCR_Event: { + PCR_Event_In *in = (PCR_Event_In *) + MemoryGetInBuffer(sizeof(PCR_Event_In)); + PCR_Event_Out *out = (PCR_Event_Out *) + MemoryGetOutBuffer(sizeof(PCR_Event_Out)); + in->pcrHandle = handles[0]; + result = TPM2B_EVENT_Unmarshal(&in->eventData, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_PCR_Event_eventData); + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_PCR_Event (in, out); + rSize = sizeof(PCR_Event_Out); + *respParmSize += TPML_DIGEST_VALUES_Marshal(&out->digests, + responseBuffer, &rSize); +break; +} +#endif // CC_PCR_Event +#if CC_PCR_Read +case TPM_CC_PCR_Read: { + PCR_Read_In *in = (PCR_Read_In *) + MemoryGetInBuffer(sizeof(PCR_Read_In)); + PCR_Read_Out *out = (PCR_Read_Out *) + MemoryGetOutBuffer(sizeof(PCR_Read_Out)); + result = TPML_PCR_SELECTION_Unmarshal(&in->pcrSelectionIn, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_PCR_Read_pcrSelectionIn); + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_PCR_Read (in, out); + rSize = sizeof(PCR_Read_Out); + *respParmSize += UINT32_Marshal(&out->pcrUpdateCounter, + responseBuffer, &rSize); + *respParmSize += TPML_PCR_SELECTION_Marshal(&out->pcrSelectionOut, + responseBuffer, &rSize); + *respParmSize += TPML_DIGEST_Marshal(&out->pcrValues, + responseBuffer, &rSize); +break; +} +#endif // CC_PCR_Read +#if CC_PCR_Allocate +case TPM_CC_PCR_Allocate: { + PCR_Allocate_In *in = (PCR_Allocate_In *) + MemoryGetInBuffer(sizeof(PCR_Allocate_In)); + PCR_Allocate_Out *out = (PCR_Allocate_Out *) + MemoryGetOutBuffer(sizeof(PCR_Allocate_Out)); + in->authHandle = handles[0]; + result = TPML_PCR_SELECTION_Unmarshal(&in->pcrAllocation, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_PCR_Allocate_pcrAllocation); + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_PCR_Allocate (in, out); + rSize = sizeof(PCR_Allocate_Out); + *respParmSize += TPMI_YES_NO_Marshal(&out->allocationSuccess, + responseBuffer, &rSize); + *respParmSize += UINT32_Marshal(&out->maxPCR, + responseBuffer, &rSize); + *respParmSize += UINT32_Marshal(&out->sizeNeeded, + responseBuffer, &rSize); + *respParmSize += UINT32_Marshal(&out->sizeAvailable, + responseBuffer, &rSize); +break; +} +#endif // CC_PCR_Allocate +#if CC_PCR_SetAuthPolicy +case TPM_CC_PCR_SetAuthPolicy: { + PCR_SetAuthPolicy_In *in = (PCR_SetAuthPolicy_In *) + MemoryGetInBuffer(sizeof(PCR_SetAuthPolicy_In)); + in->authHandle = handles[0]; + result = TPM2B_DIGEST_Unmarshal(&in->authPolicy, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_PCR_SetAuthPolicy_authPolicy); + result = TPMI_ALG_HASH_Unmarshal(&in->hashAlg, paramBuffer, paramBufferSize, TRUE); + ERROR_IF_EXIT_PLUS(RC_PCR_SetAuthPolicy_hashAlg); + result = TPMI_DH_PCR_Unmarshal(&in->pcrNum, paramBuffer, paramBufferSize, FALSE); + ERROR_IF_EXIT_PLUS(RC_PCR_SetAuthPolicy_pcrNum); + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_PCR_SetAuthPolicy (in); +break; +} +#endif // CC_PCR_SetAuthPolicy +#if CC_PCR_SetAuthValue +case TPM_CC_PCR_SetAuthValue: { + PCR_SetAuthValue_In *in = (PCR_SetAuthValue_In *) + MemoryGetInBuffer(sizeof(PCR_SetAuthValue_In)); + in->pcrHandle = handles[0]; + result = TPM2B_DIGEST_Unmarshal(&in->auth, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_PCR_SetAuthValue_auth); + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_PCR_SetAuthValue (in); +break; +} +#endif // CC_PCR_SetAuthValue +#if CC_PCR_Reset +case TPM_CC_PCR_Reset: { + PCR_Reset_In *in = (PCR_Reset_In *) + MemoryGetInBuffer(sizeof(PCR_Reset_In)); + in->pcrHandle = handles[0]; + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_PCR_Reset (in); +break; +} +#endif // CC_PCR_Reset +#if CC_PolicySigned +case TPM_CC_PolicySigned: { + PolicySigned_In *in = (PolicySigned_In *) + MemoryGetInBuffer(sizeof(PolicySigned_In)); + PolicySigned_Out *out = (PolicySigned_Out *) + MemoryGetOutBuffer(sizeof(PolicySigned_Out)); + in->authObject = handles[0]; + in->policySession = handles[1]; + result = TPM2B_NONCE_Unmarshal(&in->nonceTPM, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_PolicySigned_nonceTPM); + result = TPM2B_DIGEST_Unmarshal(&in->cpHashA, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_PolicySigned_cpHashA); + result = TPM2B_NONCE_Unmarshal(&in->policyRef, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_PolicySigned_policyRef); + result = INT32_Unmarshal(&in->expiration, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_PolicySigned_expiration); + result = TPMT_SIGNATURE_Unmarshal(&in->auth, paramBuffer, paramBufferSize, FALSE); + ERROR_IF_EXIT_PLUS(RC_PolicySigned_auth); + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_PolicySigned (in, out); + rSize = sizeof(PolicySigned_Out); + *respParmSize += TPM2B_TIMEOUT_Marshal(&out->timeout, + responseBuffer, &rSize); + *respParmSize += TPMT_TK_AUTH_Marshal(&out->policyTicket, + responseBuffer, &rSize); +break; +} +#endif // CC_PolicySigned +#if CC_PolicySecret +case TPM_CC_PolicySecret: { + PolicySecret_In *in = (PolicySecret_In *) + MemoryGetInBuffer(sizeof(PolicySecret_In)); + PolicySecret_Out *out = (PolicySecret_Out *) + MemoryGetOutBuffer(sizeof(PolicySecret_Out)); + in->authHandle = handles[0]; + in->policySession = handles[1]; + result = TPM2B_NONCE_Unmarshal(&in->nonceTPM, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_PolicySecret_nonceTPM); + result = TPM2B_DIGEST_Unmarshal(&in->cpHashA, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_PolicySecret_cpHashA); + result = TPM2B_NONCE_Unmarshal(&in->policyRef, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_PolicySecret_policyRef); + result = INT32_Unmarshal(&in->expiration, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_PolicySecret_expiration); + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_PolicySecret (in, out); + rSize = sizeof(PolicySecret_Out); + *respParmSize += TPM2B_TIMEOUT_Marshal(&out->timeout, + responseBuffer, &rSize); + *respParmSize += TPMT_TK_AUTH_Marshal(&out->policyTicket, + responseBuffer, &rSize); +break; +} +#endif // CC_PolicySecret +#if CC_PolicyTicket +case TPM_CC_PolicyTicket: { + PolicyTicket_In *in = (PolicyTicket_In *) + MemoryGetInBuffer(sizeof(PolicyTicket_In)); + in->policySession = handles[0]; + result = TPM2B_TIMEOUT_Unmarshal(&in->timeout, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_PolicyTicket_timeout); + result = TPM2B_DIGEST_Unmarshal(&in->cpHashA, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_PolicyTicket_cpHashA); + result = TPM2B_NONCE_Unmarshal(&in->policyRef, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_PolicyTicket_policyRef); + result = TPM2B_NAME_Unmarshal(&in->authName, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_PolicyTicket_authName); + result = TPMT_TK_AUTH_Unmarshal(&in->ticket, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_PolicyTicket_ticket); + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_PolicyTicket (in); +break; +} +#endif // CC_PolicyTicket +#if CC_PolicyOR +case TPM_CC_PolicyOR: { + PolicyOR_In *in = (PolicyOR_In *) + MemoryGetInBuffer(sizeof(PolicyOR_In)); + in->policySession = handles[0]; + result = TPML_DIGEST_Unmarshal(&in->pHashList, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_PolicyOR_pHashList); + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_PolicyOR (in); +break; +} +#endif // CC_PolicyOR +#if CC_PolicyPCR +case TPM_CC_PolicyPCR: { + PolicyPCR_In *in = (PolicyPCR_In *) + MemoryGetInBuffer(sizeof(PolicyPCR_In)); + in->policySession = handles[0]; + result = TPM2B_DIGEST_Unmarshal(&in->pcrDigest, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_PolicyPCR_pcrDigest); + result = TPML_PCR_SELECTION_Unmarshal(&in->pcrs, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_PolicyPCR_pcrs); + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_PolicyPCR (in); +break; +} +#endif // CC_PolicyPCR +#if CC_PolicyLocality +case TPM_CC_PolicyLocality: { + PolicyLocality_In *in = (PolicyLocality_In *) + MemoryGetInBuffer(sizeof(PolicyLocality_In)); + in->policySession = handles[0]; + result = TPMA_LOCALITY_Unmarshal(&in->locality, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_PolicyLocality_locality); + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_PolicyLocality (in); +break; +} +#endif // CC_PolicyLocality +#if CC_PolicyNV +case TPM_CC_PolicyNV: { + PolicyNV_In *in = (PolicyNV_In *) + MemoryGetInBuffer(sizeof(PolicyNV_In)); + in->authHandle = handles[0]; + in->nvIndex = handles[1]; + in->policySession = handles[2]; + result = TPM2B_OPERAND_Unmarshal(&in->operandB, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_PolicyNV_operandB); + result = UINT16_Unmarshal(&in->offset, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_PolicyNV_offset); + result = TPM_EO_Unmarshal(&in->operation, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_PolicyNV_operation); + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_PolicyNV (in); +break; +} +#endif // CC_PolicyNV +#if CC_PolicyCounterTimer +case TPM_CC_PolicyCounterTimer: { + PolicyCounterTimer_In *in = (PolicyCounterTimer_In *) + MemoryGetInBuffer(sizeof(PolicyCounterTimer_In)); + in->policySession = handles[0]; + result = TPM2B_OPERAND_Unmarshal(&in->operandB, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_PolicyCounterTimer_operandB); + result = UINT16_Unmarshal(&in->offset, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_PolicyCounterTimer_offset); + result = TPM_EO_Unmarshal(&in->operation, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_PolicyCounterTimer_operation); + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_PolicyCounterTimer (in); +break; +} +#endif // CC_PolicyCounterTimer +#if CC_PolicyCommandCode +case TPM_CC_PolicyCommandCode: { + PolicyCommandCode_In *in = (PolicyCommandCode_In *) + MemoryGetInBuffer(sizeof(PolicyCommandCode_In)); + in->policySession = handles[0]; + result = TPM_CC_Unmarshal(&in->code, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_PolicyCommandCode_code); + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_PolicyCommandCode (in); +break; +} +#endif // CC_PolicyCommandCode +#if CC_PolicyPhysicalPresence +case TPM_CC_PolicyPhysicalPresence: { + PolicyPhysicalPresence_In *in = (PolicyPhysicalPresence_In *) + MemoryGetInBuffer(sizeof(PolicyPhysicalPresence_In)); + in->policySession = handles[0]; + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_PolicyPhysicalPresence (in); +break; +} +#endif // CC_PolicyPhysicalPresence +#if CC_PolicyCpHash +case TPM_CC_PolicyCpHash: { + PolicyCpHash_In *in = (PolicyCpHash_In *) + MemoryGetInBuffer(sizeof(PolicyCpHash_In)); + in->policySession = handles[0]; + result = TPM2B_DIGEST_Unmarshal(&in->cpHashA, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_PolicyCpHash_cpHashA); + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_PolicyCpHash (in); +break; +} +#endif // CC_PolicyCpHash +#if CC_PolicyNameHash +case TPM_CC_PolicyNameHash: { + PolicyNameHash_In *in = (PolicyNameHash_In *) + MemoryGetInBuffer(sizeof(PolicyNameHash_In)); + in->policySession = handles[0]; + result = TPM2B_DIGEST_Unmarshal(&in->nameHash, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_PolicyNameHash_nameHash); + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_PolicyNameHash (in); +break; +} +#endif // CC_PolicyNameHash +#if CC_PolicyDuplicationSelect +case TPM_CC_PolicyDuplicationSelect: { + PolicyDuplicationSelect_In *in = (PolicyDuplicationSelect_In *) + MemoryGetInBuffer(sizeof(PolicyDuplicationSelect_In)); + in->policySession = handles[0]; + result = TPM2B_NAME_Unmarshal(&in->objectName, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_PolicyDuplicationSelect_objectName); + result = TPM2B_NAME_Unmarshal(&in->newParentName, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_PolicyDuplicationSelect_newParentName); + result = TPMI_YES_NO_Unmarshal(&in->includeObject, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_PolicyDuplicationSelect_includeObject); + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_PolicyDuplicationSelect (in); +break; +} +#endif // CC_PolicyDuplicationSelect +#if CC_PolicyAuthorize +case TPM_CC_PolicyAuthorize: { + PolicyAuthorize_In *in = (PolicyAuthorize_In *) + MemoryGetInBuffer(sizeof(PolicyAuthorize_In)); + in->policySession = handles[0]; + result = TPM2B_DIGEST_Unmarshal(&in->approvedPolicy, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_PolicyAuthorize_approvedPolicy); + result = TPM2B_NONCE_Unmarshal(&in->policyRef, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_PolicyAuthorize_policyRef); + result = TPM2B_NAME_Unmarshal(&in->keySign, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_PolicyAuthorize_keySign); + result = TPMT_TK_VERIFIED_Unmarshal(&in->checkTicket, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_PolicyAuthorize_checkTicket); + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_PolicyAuthorize (in); +break; +} +#endif // CC_PolicyAuthorize +#if CC_PolicyAuthValue +case TPM_CC_PolicyAuthValue: { + PolicyAuthValue_In *in = (PolicyAuthValue_In *) + MemoryGetInBuffer(sizeof(PolicyAuthValue_In)); + in->policySession = handles[0]; + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_PolicyAuthValue (in); +break; +} +#endif // CC_PolicyAuthValue +#if CC_PolicyPassword +case TPM_CC_PolicyPassword: { + PolicyPassword_In *in = (PolicyPassword_In *) + MemoryGetInBuffer(sizeof(PolicyPassword_In)); + in->policySession = handles[0]; + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_PolicyPassword (in); +break; +} +#endif // CC_PolicyPassword +#if CC_PolicyGetDigest +case TPM_CC_PolicyGetDigest: { + PolicyGetDigest_In *in = (PolicyGetDigest_In *) + MemoryGetInBuffer(sizeof(PolicyGetDigest_In)); + PolicyGetDigest_Out *out = (PolicyGetDigest_Out *) + MemoryGetOutBuffer(sizeof(PolicyGetDigest_Out)); + in->policySession = handles[0]; + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_PolicyGetDigest (in, out); + rSize = sizeof(PolicyGetDigest_Out); + *respParmSize += TPM2B_DIGEST_Marshal(&out->policyDigest, + responseBuffer, &rSize); +break; +} +#endif // CC_PolicyGetDigest +#if CC_PolicyNvWritten +case TPM_CC_PolicyNvWritten: { + PolicyNvWritten_In *in = (PolicyNvWritten_In *) + MemoryGetInBuffer(sizeof(PolicyNvWritten_In)); + in->policySession = handles[0]; + result = TPMI_YES_NO_Unmarshal(&in->writtenSet, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_PolicyNvWritten_writtenSet); + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_PolicyNvWritten (in); +break; +} +#endif // CC_PolicyNvWritten +#if CC_PolicyTemplate +case TPM_CC_PolicyTemplate: { + PolicyTemplate_In *in = (PolicyTemplate_In *) + MemoryGetInBuffer(sizeof(PolicyTemplate_In)); + in->policySession = handles[0]; + result = TPM2B_DIGEST_Unmarshal(&in->templateHash, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_PolicyTemplate_templateHash); + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_PolicyTemplate (in); +break; +} +#endif // CC_PolicyTemplate +#if CC_PolicyAuthorizeNV +case TPM_CC_PolicyAuthorizeNV: { + PolicyAuthorizeNV_In *in = (PolicyAuthorizeNV_In *) + MemoryGetInBuffer(sizeof(PolicyAuthorizeNV_In)); + in->authHandle = handles[0]; + in->nvIndex = handles[1]; + in->policySession = handles[2]; + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_PolicyAuthorizeNV (in); +break; +} +#endif // CC_PolicyAuthorizeNV +#if CC_CreatePrimary +case TPM_CC_CreatePrimary: { + CreatePrimary_In *in = (CreatePrimary_In *) + MemoryGetInBuffer(sizeof(CreatePrimary_In)); + CreatePrimary_Out *out = (CreatePrimary_Out *) + MemoryGetOutBuffer(sizeof(CreatePrimary_Out)); + in->primaryHandle = handles[0]; + result = TPM2B_SENSITIVE_CREATE_Unmarshal(&in->inSensitive, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_CreatePrimary_inSensitive); + result = TPM2B_PUBLIC_Unmarshal(&in->inPublic, paramBuffer, paramBufferSize, FALSE); + ERROR_IF_EXIT_PLUS(RC_CreatePrimary_inPublic); + result = TPM2B_DATA_Unmarshal(&in->outsideInfo, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_CreatePrimary_outsideInfo); + result = TPML_PCR_SELECTION_Unmarshal(&in->creationPCR, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_CreatePrimary_creationPCR); + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_CreatePrimary (in, out); + rSize = sizeof(CreatePrimary_Out); + if(TPM_RC_SUCCESS != result) goto Exit; +; command->handles[command->handleNum++] = out->objectHandle; + *respParmSize += TPM2B_PUBLIC_Marshal(&out->outPublic, + responseBuffer, &rSize); + *respParmSize += TPM2B_CREATION_DATA_Marshal(&out->creationData, + responseBuffer, &rSize); + *respParmSize += TPM2B_DIGEST_Marshal(&out->creationHash, + responseBuffer, &rSize); + *respParmSize += TPMT_TK_CREATION_Marshal(&out->creationTicket, + responseBuffer, &rSize); + *respParmSize += TPM2B_NAME_Marshal(&out->name, + responseBuffer, &rSize); +break; +} +#endif // CC_CreatePrimary +#if CC_HierarchyControl +case TPM_CC_HierarchyControl: { + HierarchyControl_In *in = (HierarchyControl_In *) + MemoryGetInBuffer(sizeof(HierarchyControl_In)); + in->authHandle = handles[0]; + result = TPMI_RH_ENABLES_Unmarshal(&in->enable, paramBuffer, paramBufferSize, FALSE); + ERROR_IF_EXIT_PLUS(RC_HierarchyControl_enable); + result = TPMI_YES_NO_Unmarshal(&in->state, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_HierarchyControl_state); + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_HierarchyControl (in); +break; +} +#endif // CC_HierarchyControl +#if CC_SetPrimaryPolicy +case TPM_CC_SetPrimaryPolicy: { + SetPrimaryPolicy_In *in = (SetPrimaryPolicy_In *) + MemoryGetInBuffer(sizeof(SetPrimaryPolicy_In)); + in->authHandle = handles[0]; + result = TPM2B_DIGEST_Unmarshal(&in->authPolicy, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_SetPrimaryPolicy_authPolicy); + result = TPMI_ALG_HASH_Unmarshal(&in->hashAlg, paramBuffer, paramBufferSize, TRUE); + ERROR_IF_EXIT_PLUS(RC_SetPrimaryPolicy_hashAlg); + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_SetPrimaryPolicy (in); +break; +} +#endif // CC_SetPrimaryPolicy +#if CC_ChangePPS +case TPM_CC_ChangePPS: { + ChangePPS_In *in = (ChangePPS_In *) + MemoryGetInBuffer(sizeof(ChangePPS_In)); + in->authHandle = handles[0]; + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_ChangePPS (in); +break; +} +#endif // CC_ChangePPS +#if CC_ChangeEPS +case TPM_CC_ChangeEPS: { + ChangeEPS_In *in = (ChangeEPS_In *) + MemoryGetInBuffer(sizeof(ChangeEPS_In)); + in->authHandle = handles[0]; + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_ChangeEPS (in); +break; +} +#endif // CC_ChangeEPS +#if CC_Clear +case TPM_CC_Clear: { + Clear_In *in = (Clear_In *) + MemoryGetInBuffer(sizeof(Clear_In)); + in->authHandle = handles[0]; + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_Clear (in); +break; +} +#endif // CC_Clear +#if CC_ClearControl +case TPM_CC_ClearControl: { + ClearControl_In *in = (ClearControl_In *) + MemoryGetInBuffer(sizeof(ClearControl_In)); + in->auth = handles[0]; + result = TPMI_YES_NO_Unmarshal(&in->disable, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_ClearControl_disable); + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_ClearControl (in); +break; +} +#endif // CC_ClearControl +#if CC_HierarchyChangeAuth +case TPM_CC_HierarchyChangeAuth: { + HierarchyChangeAuth_In *in = (HierarchyChangeAuth_In *) + MemoryGetInBuffer(sizeof(HierarchyChangeAuth_In)); + in->authHandle = handles[0]; + result = TPM2B_AUTH_Unmarshal(&in->newAuth, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_HierarchyChangeAuth_newAuth); + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_HierarchyChangeAuth (in); +break; +} +#endif // CC_HierarchyChangeAuth +#if CC_DictionaryAttackLockReset +case TPM_CC_DictionaryAttackLockReset: { + DictionaryAttackLockReset_In *in = (DictionaryAttackLockReset_In *) + MemoryGetInBuffer(sizeof(DictionaryAttackLockReset_In)); + in->lockHandle = handles[0]; + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_DictionaryAttackLockReset (in); +break; +} +#endif // CC_DictionaryAttackLockReset +#if CC_DictionaryAttackParameters +case TPM_CC_DictionaryAttackParameters: { + DictionaryAttackParameters_In *in = (DictionaryAttackParameters_In *) + MemoryGetInBuffer(sizeof(DictionaryAttackParameters_In)); + in->lockHandle = handles[0]; + result = UINT32_Unmarshal(&in->newMaxTries, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_DictionaryAttackParameters_newMaxTries); + result = UINT32_Unmarshal(&in->newRecoveryTime, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_DictionaryAttackParameters_newRecoveryTime); + result = UINT32_Unmarshal(&in->lockoutRecovery, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_DictionaryAttackParameters_lockoutRecovery); + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_DictionaryAttackParameters (in); +break; +} +#endif // CC_DictionaryAttackParameters +#if CC_PP_Commands +case TPM_CC_PP_Commands: { + PP_Commands_In *in = (PP_Commands_In *) + MemoryGetInBuffer(sizeof(PP_Commands_In)); + in->auth = handles[0]; + result = TPML_CC_Unmarshal(&in->setList, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_PP_Commands_setList); + result = TPML_CC_Unmarshal(&in->clearList, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_PP_Commands_clearList); + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_PP_Commands (in); +break; +} +#endif // CC_PP_Commands +#if CC_SetAlgorithmSet +case TPM_CC_SetAlgorithmSet: { + SetAlgorithmSet_In *in = (SetAlgorithmSet_In *) + MemoryGetInBuffer(sizeof(SetAlgorithmSet_In)); + in->authHandle = handles[0]; + result = UINT32_Unmarshal(&in->algorithmSet, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_SetAlgorithmSet_algorithmSet); + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_SetAlgorithmSet (in); +break; +} +#endif // CC_SetAlgorithmSet +#if CC_FieldUpgradeStart +case TPM_CC_FieldUpgradeStart: { + FieldUpgradeStart_In *in = (FieldUpgradeStart_In *) + MemoryGetInBuffer(sizeof(FieldUpgradeStart_In)); + in->authorization = handles[0]; + in->keyHandle = handles[1]; + result = TPM2B_DIGEST_Unmarshal(&in->fuDigest, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_FieldUpgradeStart_fuDigest); + result = TPMT_SIGNATURE_Unmarshal(&in->manifestSignature, paramBuffer, paramBufferSize, FALSE); + ERROR_IF_EXIT_PLUS(RC_FieldUpgradeStart_manifestSignature); + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_FieldUpgradeStart (in); +break; +} +#endif // CC_FieldUpgradeStart +#if CC_FieldUpgradeData +case TPM_CC_FieldUpgradeData: { + FieldUpgradeData_In *in = (FieldUpgradeData_In *) + MemoryGetInBuffer(sizeof(FieldUpgradeData_In)); + FieldUpgradeData_Out *out = (FieldUpgradeData_Out *) + MemoryGetOutBuffer(sizeof(FieldUpgradeData_Out)); + result = TPM2B_MAX_BUFFER_Unmarshal(&in->fuData, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_FieldUpgradeData_fuData); + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_FieldUpgradeData (in, out); + rSize = sizeof(FieldUpgradeData_Out); + *respParmSize += TPMT_HA_Marshal(&out->nextDigest, + responseBuffer, &rSize); + *respParmSize += TPMT_HA_Marshal(&out->firstDigest, + responseBuffer, &rSize); +break; +} +#endif // CC_FieldUpgradeData +#if CC_FirmwareRead +case TPM_CC_FirmwareRead: { + FirmwareRead_In *in = (FirmwareRead_In *) + MemoryGetInBuffer(sizeof(FirmwareRead_In)); + FirmwareRead_Out *out = (FirmwareRead_Out *) + MemoryGetOutBuffer(sizeof(FirmwareRead_Out)); + result = UINT32_Unmarshal(&in->sequenceNumber, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_FirmwareRead_sequenceNumber); + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_FirmwareRead (in, out); + rSize = sizeof(FirmwareRead_Out); + *respParmSize += TPM2B_MAX_BUFFER_Marshal(&out->fuData, + responseBuffer, &rSize); +break; +} +#endif // CC_FirmwareRead +#if CC_ContextSave +case TPM_CC_ContextSave: { + ContextSave_In *in = (ContextSave_In *) + MemoryGetInBuffer(sizeof(ContextSave_In)); + ContextSave_Out *out = (ContextSave_Out *) + MemoryGetOutBuffer(sizeof(ContextSave_Out)); + in->saveHandle = handles[0]; + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_ContextSave (in, out); + rSize = sizeof(ContextSave_Out); + *respParmSize += TPMS_CONTEXT_Marshal(&out->context, + responseBuffer, &rSize); +break; +} +#endif // CC_ContextSave +#if CC_ContextLoad +case TPM_CC_ContextLoad: { + ContextLoad_In *in = (ContextLoad_In *) + MemoryGetInBuffer(sizeof(ContextLoad_In)); + ContextLoad_Out *out = (ContextLoad_Out *) + MemoryGetOutBuffer(sizeof(ContextLoad_Out)); + result = TPMS_CONTEXT_Unmarshal(&in->context, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_ContextLoad_context); + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_ContextLoad (in, out); + rSize = sizeof(ContextLoad_Out); + if(TPM_RC_SUCCESS != result) goto Exit; +; command->handles[command->handleNum++] = out->loadedHandle; +break; +} +#endif // CC_ContextLoad +#if CC_FlushContext +case TPM_CC_FlushContext: { + FlushContext_In *in = (FlushContext_In *) + MemoryGetInBuffer(sizeof(FlushContext_In)); + result = TPMI_DH_CONTEXT_Unmarshal(&in->flushHandle, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_FlushContext_flushHandle); + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_FlushContext (in); +break; +} +#endif // CC_FlushContext +#if CC_EvictControl +case TPM_CC_EvictControl: { + EvictControl_In *in = (EvictControl_In *) + MemoryGetInBuffer(sizeof(EvictControl_In)); + in->auth = handles[0]; + in->objectHandle = handles[1]; + result = TPMI_DH_PERSISTENT_Unmarshal(&in->persistentHandle, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_EvictControl_persistentHandle); + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_EvictControl (in); +break; +} +#endif // CC_EvictControl +#if CC_ReadClock +case TPM_CC_ReadClock: { + ReadClock_Out *out = (ReadClock_Out *) + MemoryGetOutBuffer(sizeof(ReadClock_Out)); + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_ReadClock (out); + rSize = sizeof(ReadClock_Out); + *respParmSize += TPMS_TIME_INFO_Marshal(&out->currentTime, + responseBuffer, &rSize); +break; +} +#endif // CC_ReadClock +#if CC_ClockSet +case TPM_CC_ClockSet: { + ClockSet_In *in = (ClockSet_In *) + MemoryGetInBuffer(sizeof(ClockSet_In)); + in->auth = handles[0]; + result = UINT64_Unmarshal(&in->newTime, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_ClockSet_newTime); + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_ClockSet (in); +break; +} +#endif // CC_ClockSet +#if CC_ClockRateAdjust +case TPM_CC_ClockRateAdjust: { + ClockRateAdjust_In *in = (ClockRateAdjust_In *) + MemoryGetInBuffer(sizeof(ClockRateAdjust_In)); + in->auth = handles[0]; + result = TPM_CLOCK_ADJUST_Unmarshal(&in->rateAdjust, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_ClockRateAdjust_rateAdjust); + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_ClockRateAdjust (in); +break; +} +#endif // CC_ClockRateAdjust +#if CC_GetCapability +case TPM_CC_GetCapability: { + GetCapability_In *in = (GetCapability_In *) + MemoryGetInBuffer(sizeof(GetCapability_In)); + GetCapability_Out *out = (GetCapability_Out *) + MemoryGetOutBuffer(sizeof(GetCapability_Out)); + result = TPM_CAP_Unmarshal(&in->capability, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_GetCapability_capability); + result = UINT32_Unmarshal(&in->property, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_GetCapability_property); + result = UINT32_Unmarshal(&in->propertyCount, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_GetCapability_propertyCount); + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_GetCapability (in, out); + rSize = sizeof(GetCapability_Out); + *respParmSize += TPMI_YES_NO_Marshal(&out->moreData, + responseBuffer, &rSize); + *respParmSize += TPMS_CAPABILITY_DATA_Marshal(&out->capabilityData, + responseBuffer, &rSize); +break; +} +#endif // CC_GetCapability +#if CC_TestParms +case TPM_CC_TestParms: { + TestParms_In *in = (TestParms_In *) + MemoryGetInBuffer(sizeof(TestParms_In)); + result = TPMT_PUBLIC_PARMS_Unmarshal(&in->parameters, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_TestParms_parameters); + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_TestParms (in); +break; +} +#endif // CC_TestParms +#if CC_NV_DefineSpace +case TPM_CC_NV_DefineSpace: { + NV_DefineSpace_In *in = (NV_DefineSpace_In *) + MemoryGetInBuffer(sizeof(NV_DefineSpace_In)); + in->authHandle = handles[0]; + result = TPM2B_AUTH_Unmarshal(&in->auth, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_NV_DefineSpace_auth); + result = TPM2B_NV_PUBLIC_Unmarshal(&in->publicInfo, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_NV_DefineSpace_publicInfo); + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_NV_DefineSpace (in); +break; +} +#endif // CC_NV_DefineSpace +#if CC_NV_UndefineSpace +case TPM_CC_NV_UndefineSpace: { + NV_UndefineSpace_In *in = (NV_UndefineSpace_In *) + MemoryGetInBuffer(sizeof(NV_UndefineSpace_In)); + in->authHandle = handles[0]; + in->nvIndex = handles[1]; + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_NV_UndefineSpace (in); +break; +} +#endif // CC_NV_UndefineSpace +#if CC_NV_UndefineSpaceSpecial +case TPM_CC_NV_UndefineSpaceSpecial: { + NV_UndefineSpaceSpecial_In *in = (NV_UndefineSpaceSpecial_In *) + MemoryGetInBuffer(sizeof(NV_UndefineSpaceSpecial_In)); + in->nvIndex = handles[0]; + in->platform = handles[1]; + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_NV_UndefineSpaceSpecial (in); +break; +} +#endif // CC_NV_UndefineSpaceSpecial +#if CC_NV_ReadPublic +case TPM_CC_NV_ReadPublic: { + NV_ReadPublic_In *in = (NV_ReadPublic_In *) + MemoryGetInBuffer(sizeof(NV_ReadPublic_In)); + NV_ReadPublic_Out *out = (NV_ReadPublic_Out *) + MemoryGetOutBuffer(sizeof(NV_ReadPublic_Out)); + in->nvIndex = handles[0]; + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_NV_ReadPublic (in, out); + rSize = sizeof(NV_ReadPublic_Out); + *respParmSize += TPM2B_NV_PUBLIC_Marshal(&out->nvPublic, + responseBuffer, &rSize); + *respParmSize += TPM2B_NAME_Marshal(&out->nvName, + responseBuffer, &rSize); +break; +} +#endif // CC_NV_ReadPublic +#if CC_NV_Write +case TPM_CC_NV_Write: { + NV_Write_In *in = (NV_Write_In *) + MemoryGetInBuffer(sizeof(NV_Write_In)); + in->authHandle = handles[0]; + in->nvIndex = handles[1]; + result = TPM2B_MAX_NV_BUFFER_Unmarshal(&in->data, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_NV_Write_data); + result = UINT16_Unmarshal(&in->offset, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_NV_Write_offset); + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_NV_Write (in); +break; +} +#endif // CC_NV_Write +#if CC_NV_Increment +case TPM_CC_NV_Increment: { + NV_Increment_In *in = (NV_Increment_In *) + MemoryGetInBuffer(sizeof(NV_Increment_In)); + in->authHandle = handles[0]; + in->nvIndex = handles[1]; + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_NV_Increment (in); +break; +} +#endif // CC_NV_Increment +#if CC_NV_Extend +case TPM_CC_NV_Extend: { + NV_Extend_In *in = (NV_Extend_In *) + MemoryGetInBuffer(sizeof(NV_Extend_In)); + in->authHandle = handles[0]; + in->nvIndex = handles[1]; + result = TPM2B_MAX_NV_BUFFER_Unmarshal(&in->data, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_NV_Extend_data); + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_NV_Extend (in); +break; +} +#endif // CC_NV_Extend +#if CC_NV_SetBits +case TPM_CC_NV_SetBits: { + NV_SetBits_In *in = (NV_SetBits_In *) + MemoryGetInBuffer(sizeof(NV_SetBits_In)); + in->authHandle = handles[0]; + in->nvIndex = handles[1]; + result = UINT64_Unmarshal(&in->bits, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_NV_SetBits_bits); + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_NV_SetBits (in); +break; +} +#endif // CC_NV_SetBits +#if CC_NV_WriteLock +case TPM_CC_NV_WriteLock: { + NV_WriteLock_In *in = (NV_WriteLock_In *) + MemoryGetInBuffer(sizeof(NV_WriteLock_In)); + in->authHandle = handles[0]; + in->nvIndex = handles[1]; + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_NV_WriteLock (in); +break; +} +#endif // CC_NV_WriteLock +#if CC_NV_GlobalWriteLock +case TPM_CC_NV_GlobalWriteLock: { + NV_GlobalWriteLock_In *in = (NV_GlobalWriteLock_In *) + MemoryGetInBuffer(sizeof(NV_GlobalWriteLock_In)); + in->authHandle = handles[0]; + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_NV_GlobalWriteLock (in); +break; +} +#endif // CC_NV_GlobalWriteLock +#if CC_NV_Read +case TPM_CC_NV_Read: { + NV_Read_In *in = (NV_Read_In *) + MemoryGetInBuffer(sizeof(NV_Read_In)); + NV_Read_Out *out = (NV_Read_Out *) + MemoryGetOutBuffer(sizeof(NV_Read_Out)); + in->authHandle = handles[0]; + in->nvIndex = handles[1]; + result = UINT16_Unmarshal(&in->size, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_NV_Read_size); + result = UINT16_Unmarshal(&in->offset, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_NV_Read_offset); + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_NV_Read (in, out); + rSize = sizeof(NV_Read_Out); + *respParmSize += TPM2B_MAX_NV_BUFFER_Marshal(&out->data, + responseBuffer, &rSize); +break; +} +#endif // CC_NV_Read +#if CC_NV_ReadLock +case TPM_CC_NV_ReadLock: { + NV_ReadLock_In *in = (NV_ReadLock_In *) + MemoryGetInBuffer(sizeof(NV_ReadLock_In)); + in->authHandle = handles[0]; + in->nvIndex = handles[1]; + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_NV_ReadLock (in); +break; +} +#endif // CC_NV_ReadLock +#if CC_NV_ChangeAuth +case TPM_CC_NV_ChangeAuth: { + NV_ChangeAuth_In *in = (NV_ChangeAuth_In *) + MemoryGetInBuffer(sizeof(NV_ChangeAuth_In)); + in->nvIndex = handles[0]; + result = TPM2B_AUTH_Unmarshal(&in->newAuth, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_NV_ChangeAuth_newAuth); + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_NV_ChangeAuth (in); +break; +} +#endif // CC_NV_ChangeAuth +#if CC_NV_Certify +case TPM_CC_NV_Certify: { + NV_Certify_In *in = (NV_Certify_In *) + MemoryGetInBuffer(sizeof(NV_Certify_In)); + NV_Certify_Out *out = (NV_Certify_Out *) + MemoryGetOutBuffer(sizeof(NV_Certify_Out)); + in->signHandle = handles[0]; + in->authHandle = handles[1]; + in->nvIndex = handles[2]; + result = TPM2B_DATA_Unmarshal(&in->qualifyingData, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_NV_Certify_qualifyingData); + result = TPMT_SIG_SCHEME_Unmarshal(&in->inScheme, paramBuffer, paramBufferSize, TRUE); + ERROR_IF_EXIT_PLUS(RC_NV_Certify_inScheme); + result = UINT16_Unmarshal(&in->size, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_NV_Certify_size); + result = UINT16_Unmarshal(&in->offset, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_NV_Certify_offset); + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_NV_Certify (in, out); + rSize = sizeof(NV_Certify_Out); + *respParmSize += TPM2B_ATTEST_Marshal(&out->certifyInfo, + responseBuffer, &rSize); + *respParmSize += TPMT_SIGNATURE_Marshal(&out->signature, + responseBuffer, &rSize); +break; +} +#endif // CC_NV_Certify +#if CC_AC_GetCapability +case TPM_CC_AC_GetCapability: { + AC_GetCapability_In *in = (AC_GetCapability_In *) + MemoryGetInBuffer(sizeof(AC_GetCapability_In)); + AC_GetCapability_Out *out = (AC_GetCapability_Out *) + MemoryGetOutBuffer(sizeof(AC_GetCapability_Out)); + in->ac = handles[0]; + result = TPM_AT_Unmarshal(&in->capability, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_AC_GetCapability_capability); + result = UINT32_Unmarshal(&in->count, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_AC_GetCapability_count); + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_AC_GetCapability (in, out); + rSize = sizeof(AC_GetCapability_Out); + *respParmSize += TPMI_YES_NO_Marshal(&out->moreData, + responseBuffer, &rSize); + *respParmSize += TPML_AC_CAPABILITIES_Marshal(&out->capabilitiesData, + responseBuffer, &rSize); +break; +} +#endif // CC_AC_GetCapability +#if CC_AC_Send +case TPM_CC_AC_Send: { + AC_Send_In *in = (AC_Send_In *) + MemoryGetInBuffer(sizeof(AC_Send_In)); + AC_Send_Out *out = (AC_Send_Out *) + MemoryGetOutBuffer(sizeof(AC_Send_Out)); + in->sendObject = handles[0]; + in->authHandle = handles[1]; + in->ac = handles[2]; + result = TPM2B_MAX_BUFFER_Unmarshal(&in->acDataIn, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_AC_Send_acDataIn); + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_AC_Send (in, out); + rSize = sizeof(AC_Send_Out); + *respParmSize += TPMS_AC_OUTPUT_Marshal(&out->acDataOut, + responseBuffer, &rSize); +break; +} +#endif // CC_AC_Send +#if CC_Policy_AC_SendSelect +case TPM_CC_Policy_AC_SendSelect: { + Policy_AC_SendSelect_In *in = (Policy_AC_SendSelect_In *) + MemoryGetInBuffer(sizeof(Policy_AC_SendSelect_In)); + in->policySession = handles[0]; + result = TPM2B_NAME_Unmarshal(&in->objectName, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_Policy_AC_SendSelect_objectName); + result = TPM2B_NAME_Unmarshal(&in->authHandleName, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_Policy_AC_SendSelect_authHandleName); + result = TPM2B_NAME_Unmarshal(&in->acName, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_Policy_AC_SendSelect_acName); + result = TPMI_YES_NO_Unmarshal(&in->includeObject, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_Policy_AC_SendSelect_includeObject); + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_Policy_AC_SendSelect (in); +break; +} +#endif // CC_Policy_AC_SendSelect +#if CC_Vendor_TCG_Test +case TPM_CC_Vendor_TCG_Test: { + Vendor_TCG_Test_In *in = (Vendor_TCG_Test_In *) + MemoryGetInBuffer(sizeof(Vendor_TCG_Test_In)); + Vendor_TCG_Test_Out *out = (Vendor_TCG_Test_Out *) + MemoryGetOutBuffer(sizeof(Vendor_TCG_Test_Out)); + result = TPM2B_DATA_Unmarshal(&in->inputData, paramBuffer, paramBufferSize); + ERROR_IF_EXIT_PLUS(RC_Vendor_TCG_Test_inputData); + if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } +result = TPM2_Vendor_TCG_Test (in, out); + rSize = sizeof(Vendor_TCG_Test_Out); + *respParmSize += TPM2B_DATA_Marshal(&out->outputData, + responseBuffer, &rSize); +break; +} +#endif // CC_Vendor_TCG_Test diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Commands.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Commands.h new file mode 100644 index 000000000..f72c71e1a --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Commands.h @@ -0,0 +1,451 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.1 Dec 8, 2018 + * Date: Jan 28, 2019 Time: 01:24:09AM + */ + +#ifndef _COMMANDS_H_ +#define _COMMANDS_H_ + + +// Start-up +#ifdef TPM_CC_Startup +#include "Startup_fp.h" +#endif +#ifdef TPM_CC_Shutdown +#include "Shutdown_fp.h" +#endif + +// Testing +#ifdef TPM_CC_SelfTest +#include "SelfTest_fp.h" +#endif +#ifdef TPM_CC_IncrementalSelfTest +#include "IncrementalSelfTest_fp.h" +#endif +#ifdef TPM_CC_GetTestResult +#include "GetTestResult_fp.h" +#endif + +// Session Commands +#ifdef TPM_CC_StartAuthSession +#include "StartAuthSession_fp.h" +#endif +#ifdef TPM_CC_PolicyRestart +#include "PolicyRestart_fp.h" +#endif + +// Object Commands +#ifdef TPM_CC_Create +#include "Create_fp.h" +#endif +#ifdef TPM_CC_Load +#include "Load_fp.h" +#endif +#ifdef TPM_CC_LoadExternal +#include "LoadExternal_fp.h" +#endif +#ifdef TPM_CC_ReadPublic +#include "ReadPublic_fp.h" +#endif +#ifdef TPM_CC_ActivateCredential +#include "ActivateCredential_fp.h" +#endif +#ifdef TPM_CC_MakeCredential +#include "MakeCredential_fp.h" +#endif +#ifdef TPM_CC_Unseal +#include "Unseal_fp.h" +#endif +#ifdef TPM_CC_ObjectChangeAuth +#include "ObjectChangeAuth_fp.h" +#endif +#ifdef TPM_CC_CreateLoaded +#include "CreateLoaded_fp.h" +#endif + +// Duplication Commands +#ifdef TPM_CC_Duplicate +#include "Duplicate_fp.h" +#endif +#ifdef TPM_CC_Rewrap +#include "Rewrap_fp.h" +#endif +#ifdef TPM_CC_Import +#include "Import_fp.h" +#endif + +// Asymmetric Primitives +#ifdef TPM_CC_RSA_Encrypt +#include "RSA_Encrypt_fp.h" +#endif +#ifdef TPM_CC_RSA_Decrypt +#include "RSA_Decrypt_fp.h" +#endif +#ifdef TPM_CC_ECDH_KeyGen +#include "ECDH_KeyGen_fp.h" +#endif +#ifdef TPM_CC_ECDH_ZGen +#include "ECDH_ZGen_fp.h" +#endif +#ifdef TPM_CC_ECC_Parameters +#include "ECC_Parameters_fp.h" +#endif +#ifdef TPM_CC_ZGen_2Phase +#include "ZGen_2Phase_fp.h" +#endif + +// Symmetric Primitives +#ifdef TPM_CC_EncryptDecrypt +#include "EncryptDecrypt_fp.h" +#endif +#ifdef TPM_CC_EncryptDecrypt2 +#include "EncryptDecrypt2_fp.h" +#endif +#ifdef TPM_CC_Hash +#include "Hash_fp.h" +#endif +#ifdef TPM_CC_HMAC +#include "HMAC_fp.h" +#endif +#ifdef TPM_CC_MAC +#include "MAC_fp.h" +#endif + +// Random Number Generator +#ifdef TPM_CC_GetRandom +#include "GetRandom_fp.h" +#endif +#ifdef TPM_CC_StirRandom +#include "StirRandom_fp.h" +#endif + +// Hash/HMAC/Event Sequences +#ifdef TPM_CC_HMAC_Start +#include "HMAC_Start_fp.h" +#endif +#ifdef TPM_CC_MAC_Start +#include "MAC_Start_fp.h" +#endif +#ifdef TPM_CC_HashSequenceStart +#include "HashSequenceStart_fp.h" +#endif +#ifdef TPM_CC_SequenceUpdate +#include "SequenceUpdate_fp.h" +#endif +#ifdef TPM_CC_SequenceComplete +#include "SequenceComplete_fp.h" +#endif +#ifdef TPM_CC_EventSequenceComplete +#include "EventSequenceComplete_fp.h" +#endif + +// Attestation Commands +#ifdef TPM_CC_Certify +#include "Certify_fp.h" +#endif +#ifdef TPM_CC_CertifyCreation +#include "CertifyCreation_fp.h" +#endif +#ifdef TPM_CC_Quote +#include "Quote_fp.h" +#endif +#ifdef TPM_CC_GetSessionAuditDigest +#include "GetSessionAuditDigest_fp.h" +#endif +#ifdef TPM_CC_GetCommandAuditDigest +#include "GetCommandAuditDigest_fp.h" +#endif +#ifdef TPM_CC_GetTime +#include "GetTime_fp.h" +#endif +#ifdef TPM_CC_CertifyX509 +#include "CertifyX509_fp.h" +#endif + +// Ephemeral EC Keys +#ifdef TPM_CC_Commit +#include "Commit_fp.h" +#endif +#ifdef TPM_CC_EC_Ephemeral +#include "EC_Ephemeral_fp.h" +#endif + +// Signing and Signature Verification +#ifdef TPM_CC_VerifySignature +#include "VerifySignature_fp.h" +#endif +#ifdef TPM_CC_Sign +#include "Sign_fp.h" +#endif + +// Command Audit +#ifdef TPM_CC_SetCommandCodeAuditStatus +#include "SetCommandCodeAuditStatus_fp.h" +#endif + +// Integrity Collection (PCR) +#ifdef TPM_CC_PCR_Extend +#include "PCR_Extend_fp.h" +#endif +#ifdef TPM_CC_PCR_Event +#include "PCR_Event_fp.h" +#endif +#ifdef TPM_CC_PCR_Read +#include "PCR_Read_fp.h" +#endif +#ifdef TPM_CC_PCR_Allocate +#include "PCR_Allocate_fp.h" +#endif +#ifdef TPM_CC_PCR_SetAuthPolicy +#include "PCR_SetAuthPolicy_fp.h" +#endif +#ifdef TPM_CC_PCR_SetAuthValue +#include "PCR_SetAuthValue_fp.h" +#endif +#ifdef TPM_CC_PCR_Reset +#include "PCR_Reset_fp.h" +#endif + +// Enhanced Authorization (EA) Commands +#ifdef TPM_CC_PolicySigned +#include "PolicySigned_fp.h" +#endif +#ifdef TPM_CC_PolicySecret +#include "PolicySecret_fp.h" +#endif +#ifdef TPM_CC_PolicyTicket +#include "PolicyTicket_fp.h" +#endif +#ifdef TPM_CC_PolicyOR +#include "PolicyOR_fp.h" +#endif +#ifdef TPM_CC_PolicyPCR +#include "PolicyPCR_fp.h" +#endif +#ifdef TPM_CC_PolicyLocality +#include "PolicyLocality_fp.h" +#endif +#ifdef TPM_CC_PolicyNV +#include "PolicyNV_fp.h" +#endif +#ifdef TPM_CC_PolicyCounterTimer +#include "PolicyCounterTimer_fp.h" +#endif +#ifdef TPM_CC_PolicyCommandCode +#include "PolicyCommandCode_fp.h" +#endif +#ifdef TPM_CC_PolicyPhysicalPresence +#include "PolicyPhysicalPresence_fp.h" +#endif +#ifdef TPM_CC_PolicyCpHash +#include "PolicyCpHash_fp.h" +#endif +#ifdef TPM_CC_PolicyNameHash +#include "PolicyNameHash_fp.h" +#endif +#ifdef TPM_CC_PolicyDuplicationSelect +#include "PolicyDuplicationSelect_fp.h" +#endif +#ifdef TPM_CC_PolicyAuthorize +#include "PolicyAuthorize_fp.h" +#endif +#ifdef TPM_CC_PolicyAuthValue +#include "PolicyAuthValue_fp.h" +#endif +#ifdef TPM_CC_PolicyPassword +#include "PolicyPassword_fp.h" +#endif +#ifdef TPM_CC_PolicyGetDigest +#include "PolicyGetDigest_fp.h" +#endif +#ifdef TPM_CC_PolicyNvWritten +#include "PolicyNvWritten_fp.h" +#endif +#ifdef TPM_CC_PolicyTemplate +#include "PolicyTemplate_fp.h" +#endif +#ifdef TPM_CC_PolicyAuthorizeNV +#include "PolicyAuthorizeNV_fp.h" +#endif + +// Hierarchy Commands +#ifdef TPM_CC_CreatePrimary +#include "CreatePrimary_fp.h" +#endif +#ifdef TPM_CC_HierarchyControl +#include "HierarchyControl_fp.h" +#endif +#ifdef TPM_CC_SetPrimaryPolicy +#include "SetPrimaryPolicy_fp.h" +#endif +#ifdef TPM_CC_ChangePPS +#include "ChangePPS_fp.h" +#endif +#ifdef TPM_CC_ChangeEPS +#include "ChangeEPS_fp.h" +#endif +#ifdef TPM_CC_Clear +#include "Clear_fp.h" +#endif +#ifdef TPM_CC_ClearControl +#include "ClearControl_fp.h" +#endif +#ifdef TPM_CC_HierarchyChangeAuth +#include "HierarchyChangeAuth_fp.h" +#endif + +// Dictionary Attack Functions +#ifdef TPM_CC_DictionaryAttackLockReset +#include "DictionaryAttackLockReset_fp.h" +#endif +#ifdef TPM_CC_DictionaryAttackParameters +#include "DictionaryAttackParameters_fp.h" +#endif + +// Miscellaneous Management Functions +#ifdef TPM_CC_PP_Commands +#include "PP_Commands_fp.h" +#endif +#ifdef TPM_CC_SetAlgorithmSet +#include "SetAlgorithmSet_fp.h" +#endif + +// Field Upgrade +#ifdef TPM_CC_FieldUpgradeStart +#include "FieldUpgradeStart_fp.h" +#endif +#ifdef TPM_CC_FieldUpgradeData +#include "FieldUpgradeData_fp.h" +#endif +#ifdef TPM_CC_FirmwareRead +#include "FirmwareRead_fp.h" +#endif + +// Context Management +#ifdef TPM_CC_ContextSave +#include "ContextSave_fp.h" +#endif +#ifdef TPM_CC_ContextLoad +#include "ContextLoad_fp.h" +#endif +#ifdef TPM_CC_FlushContext +#include "FlushContext_fp.h" +#endif +#ifdef TPM_CC_EvictControl +#include "EvictControl_fp.h" +#endif + +// Clocks and Timers +#ifdef TPM_CC_ReadClock +#include "ReadClock_fp.h" +#endif +#ifdef TPM_CC_ClockSet +#include "ClockSet_fp.h" +#endif +#ifdef TPM_CC_ClockRateAdjust +#include "ClockRateAdjust_fp.h" +#endif + +// Capability Commands +#ifdef TPM_CC_GetCapability +#include "GetCapability_fp.h" +#endif +#ifdef TPM_CC_TestParms +#include "TestParms_fp.h" +#endif + +// Non-volatile Storage +#ifdef TPM_CC_NV_DefineSpace +#include "NV_DefineSpace_fp.h" +#endif +#ifdef TPM_CC_NV_UndefineSpace +#include "NV_UndefineSpace_fp.h" +#endif +#ifdef TPM_CC_NV_UndefineSpaceSpecial +#include "NV_UndefineSpaceSpecial_fp.h" +#endif +#ifdef TPM_CC_NV_ReadPublic +#include "NV_ReadPublic_fp.h" +#endif +#ifdef TPM_CC_NV_Write +#include "NV_Write_fp.h" +#endif +#ifdef TPM_CC_NV_Increment +#include "NV_Increment_fp.h" +#endif +#ifdef TPM_CC_NV_Extend +#include "NV_Extend_fp.h" +#endif +#ifdef TPM_CC_NV_SetBits +#include "NV_SetBits_fp.h" +#endif +#ifdef TPM_CC_NV_WriteLock +#include "NV_WriteLock_fp.h" +#endif +#ifdef TPM_CC_NV_GlobalWriteLock +#include "NV_GlobalWriteLock_fp.h" +#endif +#ifdef TPM_CC_NV_Read +#include "NV_Read_fp.h" +#endif +#ifdef TPM_CC_NV_ReadLock +#include "NV_ReadLock_fp.h" +#endif +#ifdef TPM_CC_NV_ChangeAuth +#include "NV_ChangeAuth_fp.h" +#endif +#ifdef TPM_CC_NV_Certify +#include "NV_Certify_fp.h" +#endif + +// Attached Components +#ifdef TPM_CC_AC_GetCapability +#include "AC_GetCapability_fp.h" +#endif +#ifdef TPM_CC_AC_Send +#include "AC_Send_fp.h" +#endif +#ifdef TPM_CC_Policy_AC_SendSelect +#include "Policy_AC_SendSelect_fp.h" +#endif + +// Vendor Specific +#ifdef TPM_CC_Vendor_TCG_Test +#include "Vendor_TCG_Test_fp.h" +#endif + +#endif diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CompilerDependencies.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CompilerDependencies.h new file mode 100644 index 000000000..2931952f0 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CompilerDependencies.h @@ -0,0 +1,132 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +// This file contains the build switches. This contains switches for multiple +// versions of the crypto-library so some may not apply to your environment. +// + +#ifndef _COMPILER_DEPENDENCIES_H_ +#define _COMPILER_DEPENDENCIES_H_ + +#ifdef GCC +# undef _MSC_VER +# undef WIN32 +#endif + +#ifdef _MSC_VER +// These definitions are for the Microsoft compiler + +// Endian conversion for aligned structures +# define REVERSE_ENDIAN_16(_Number) _byteswap_ushort(_Number) +# define REVERSE_ENDIAN_32(_Number) _byteswap_ulong(_Number) +# define REVERSE_ENDIAN_64(_Number) _byteswap_uint64(_Number) + +// Avoid compiler warning for in line of stdio (or not) +//#define _NO_CRT_STDIO_INLINE + +// This macro is used to handle LIB_EXPORT of function and variable names in lieu +// of a .def file. Visual Studio requires that functions be explicitly exported and +// imported. +# define LIB_EXPORT __declspec(dllexport) // VS compatible version +# define LIB_IMPORT __declspec(dllimport) + +// This is defined to indicate a function that does not return. Microsoft compilers +// do not support the _Noretrun function parameter. +# define NORETURN __declspec(noreturn) +# if _MSC_VER >= 1400 // SAL processing when needed +# include +# endif + +# ifdef _WIN64 +# define _INTPTR 2 +# else +# define _INTPTR 1 +# endif + + +#define NOT_REFERENCED(x) (x) + +// Lower the compiler error warning for system include +// files. They tend not to be that clean and there is no +// reason to sort through all the spurious errors that they +// generate when the normal error level is set to /Wall +# define _REDUCE_WARNING_LEVEL_(n) \ +__pragma(warning(push, n)) +// Restore the compiler warning level +# define _NORMAL_WARNING_LEVEL_ \ +__pragma(warning(pop)) +# include +#endif + +#ifndef _MSC_VER +#ifndef WINAPI +# define WINAPI +#endif +# define __pragma(x) +# define REVERSE_ENDIAN_16(_Number) __builtin_bswap16(_Number) +# define REVERSE_ENDIAN_32(_Number) __builtin_bswap32(_Number) +# define REVERSE_ENDIAN_64(_Number) __builtin_bswap64(_Number) +#endif + +#if defined(__GNUC__) +# define NORETURN __attribute__((noreturn)) +# include +#endif + +// Things that are not defined should be defined as NULL +#ifndef NORETURN +# define NORETURN +#endif +#ifndef LIB_EXPORT +# define LIB_EXPORT +#endif +#ifndef LIB_IMPORT +# define LIB_IMPORT +#endif +#ifndef _REDUCE_WARNING_LEVEL_ +# define _REDUCE_WARNING_LEVEL_(n) +#endif +#ifndef _NORMAL_WARNING_LEVEL_ +# define _NORMAL_WARNING_LEVEL_ +#endif +#ifndef NOT_REFERENCED +# define NOT_REFERENCED(x) (x = x) +#endif + +#ifdef _POSIX_ +typedef int SOCKET; +#endif + + +#endif // _COMPILER_DEPENDENCIES_H_ \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CryptEcc.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CryptEcc.h new file mode 100644 index 000000000..f05e781ad --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CryptEcc.h @@ -0,0 +1,71 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +//** Introduction +// This file contains structure definitions used for ECC. The +// structures in this file are only used internally. The ECC-related structures +// that cross the TPM interface are defined in TpmTypes.h +// + +#ifndef _CRYPT_ECC_H +#define _CRYPT_ECC_H + +//** Structures + +// This is used to define the macro that may or may not be in the data set for the +// curve (CryptEccData.c). If there is a mismatch, the compiler will warn that there +// is to much/not enough initialization data in the curve. The macro is used because +// not all versions of the CryptEccData.c need the curve name. +#ifdef NAMED_CURVES +#define CURVE_NAME(a) , a +#define CURVE_NAME_DEF const char *name; +#else +# define CURVE_NAME(a) +# define CURVE_NAME_DEF +#endif + +typedef struct ECC_CURVE +{ + const TPM_ECC_CURVE curveId; + const UINT16 keySizeBits; + const TPMT_KDF_SCHEME kdf; + const TPMT_ECC_SCHEME sign; + const ECC_CURVE_DATA *curveData; // the address of the curve data + const BYTE *OID; + CURVE_NAME_DEF +} ECC_CURVE; + +extern const ECC_CURVE eccCurves[ECC_CURVE_COUNT]; + +#endif diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CryptHash.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CryptHash.h new file mode 100644 index 000000000..de6eb5148 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CryptHash.h @@ -0,0 +1,303 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +//** Introduction +// This header contains the hash structure definitions used in the TPM code +// to define the amount of space to be reserved for the hash state. This allows +// the TPM code to not have to import all of the symbols used by the hash +// computations. This lets the build environment of the TPM code not to have +// include the header files associated with the CryptoEngine code. + +#ifndef _CRYPT_HASH_H +#define _CRYPT_HASH_H + +//** Hash-related Structures + +union SMAC_STATES; + +// These definitions add the high-level methods for processing state that may be +// an SMAC +typedef void(* SMAC_DATA_METHOD)( + union SMAC_STATES *state, + UINT32 size, + const BYTE *buffer + ); + +typedef UINT16(* SMAC_END_METHOD)( + union SMAC_STATES *state, + UINT32 size, + BYTE *buffer + ); + +typedef struct sequenceMethods { + SMAC_DATA_METHOD data; + SMAC_END_METHOD end; +} SMAC_METHODS; + +#define SMAC_IMPLEMENTED (CC_MAC || CC_MAC_Start) + +// These definitions are here because the SMAC state is in the union of hash states. +typedef struct tpmCmacState { + TPM_ALG_ID symAlg; + UINT16 keySizeBits; + INT16 bcount; // current count of bytes accumulated in IV + TPM2B_IV iv; // IV buffer + TPM2B_SYM_KEY symKey; +} tpmCmacState_t; + +typedef union SMAC_STATES { +#if ALG_CMAC + tpmCmacState_t cmac; +#endif + UINT64 pad; +} SMAC_STATES; + +typedef struct SMAC_STATE { + SMAC_METHODS smacMethods; + SMAC_STATES state; +} SMAC_STATE; + + +typedef union +{ +#if ALG_SHA1 + tpmHashStateSHA1_t Sha1; +#endif +#if ALG_SHA256 + tpmHashStateSHA256_t Sha256; +#endif +#if ALG_SHA384 + tpmHashStateSHA384_t Sha384; +#endif +#if ALG_SHA512 + tpmHashStateSHA512_t Sha512; +#endif + +// Additions for symmetric block cipher MAC +#if SMAC_IMPLEMENTED + SMAC_STATE smac; +#endif + // to force structure alignment to be no worse than HASH_ALIGNMENT +#if HASH_ALIGNMENT == 4 + uint32_t align; +#else + uint64_t align; +#endif +} ANY_HASH_STATE; + +typedef ANY_HASH_STATE *PANY_HASH_STATE; +typedef const ANY_HASH_STATE *PCANY_HASH_STATE; + +#define ALIGNED_SIZE(x, b) ((((x) + (b) - 1) / (b)) * (b)) +// MAX_HASH_STATE_SIZE will change with each implementation. It is assumed that +// a hash state will not be larger than twice the block size plus some +// overhead (in this case, 16 bytes). The overall size needs to be as +// large as any of the hash contexts. The structure needs to start on an +// alignment boundary and be an even multiple of the alignment +#define MAX_HASH_STATE_SIZE ((2 * MAX_HASH_BLOCK_SIZE) + 16) +#define MAX_HASH_STATE_SIZE_ALIGNED \ + ALIGNED_SIZE(MAX_HASH_STATE_SIZE, HASH_ALIGNMENT) + +// This is an aligned byte array that will hold any of the hash contexts. +typedef ANY_HASH_STATE ALIGNED_HASH_STATE; + +// The header associated with the hash library is expected to define the methods +// which include the calling sequence. When not compiling CryptHash.c, the methods +// are not defined so we need placeholder functions for the structures + +#ifndef HASH_START_METHOD_DEF +# define HASH_START_METHOD_DEF void (HASH_START_METHOD)(void) +#endif +#ifndef HASH_DATA_METHOD_DEF +# define HASH_DATA_METHOD_DEF void (HASH_DATA_METHOD)(void) +#endif +#ifndef HASH_END_METHOD_DEF +# define HASH_END_METHOD_DEF void (HASH_END_METHOD)(void) +#endif +#ifndef HASH_STATE_COPY_METHOD_DEF +# define HASH_STATE_COPY_METHOD_DEF void (HASH_STATE_COPY_METHOD)(void) +#endif +#ifndef HASH_STATE_EXPORT_METHOD_DEF +# define HASH_STATE_EXPORT_METHOD_DEF void (HASH_STATE_EXPORT_METHOD)(void) +#endif +#ifndef HASH_STATE_IMPORT_METHOD_DEF +# define HASH_STATE_IMPORT_METHOD_DEF void (HASH_STATE_IMPORT_METHOD)(void) +#endif + +// Define the prototypical function call for each of the methods. This defines the +// order in which the parameters are passed to the underlying function. +typedef HASH_START_METHOD_DEF; +typedef HASH_DATA_METHOD_DEF; +typedef HASH_END_METHOD_DEF; +typedef HASH_STATE_COPY_METHOD_DEF; +typedef HASH_STATE_EXPORT_METHOD_DEF; +typedef HASH_STATE_IMPORT_METHOD_DEF; + + +typedef struct _HASH_METHODS +{ + HASH_START_METHOD *start; + HASH_DATA_METHOD *data; + HASH_END_METHOD *end; + HASH_STATE_COPY_METHOD *copy; // Copy a hash block + HASH_STATE_EXPORT_METHOD *copyOut; // Copy a hash block from a hash + // context + HASH_STATE_IMPORT_METHOD *copyIn; // Copy a hash block to a proper hash + // context +} HASH_METHODS, *PHASH_METHODS; + +#if ALG_SHA1 + TPM2B_TYPE(SHA1_DIGEST, SHA1_DIGEST_SIZE); +#endif +#if ALG_SHA256 + TPM2B_TYPE(SHA256_DIGEST, SHA256_DIGEST_SIZE); +#endif +#if ALG_SHA384 + TPM2B_TYPE(SHA384_DIGEST, SHA384_DIGEST_SIZE); +#endif +#if ALG_SHA512 + TPM2B_TYPE(SHA512_DIGEST, SHA512_DIGEST_SIZE); +#endif +#if ALG_SM3_256 + TPM2B_TYPE(SM3_256_DIGEST, SM3_256_DIGEST_SIZE); +#endif + +// When the TPM implements RSA, the hash-dependent OID pointers are part of the +// HASH_DEF. These macros conditionally add the OID reference to the HASH_DEF and the +// HASH_DEF_TEMPLATE. +#if ALG_RSA +#define PKCS1_HASH_REF const BYTE *PKCS1; +#define PKCS1_OID(NAME) , OID_PKCS1_##NAME +#else +#define PKCS1_HASH_REF +#define PKCS1_OID(NAME) +#endif + +// When the TPM implements ECC, the hash-dependent OID pointers are part of the +// HASH_DEF. These macros conditionally add the OID reference to the HASH_DEF and the +// HASH_DEF_TEMPLATE. +#if ALG_ECDSA +#define ECDSA_HASH_REF const BYTE *ECDSA; +#define ECDSA_OID(NAME) , OID_ECDSA_##NAME +#else +#define ECDSA_HASH_REF +#define ECDSA_OID(NAME) +#endif + +typedef const struct HASH_DEF +{ + HASH_METHODS method; + uint16_t blockSize; + uint16_t digestSize; + uint16_t contextSize; + uint16_t hashAlg; + const BYTE *OID; + PKCS1_HASH_REF // PKCS1 OID + ECDSA_HASH_REF // ECDSA OID +} HASH_DEF, *PHASH_DEF; + +// Macro to fill in the HASH_DEF for an algorithm. For SHA1, the instance would be: +// HASH_DEF_TEMPLATE(Sha1, SHA1) +// This handles the difference in capitalization for the various pieces. +#define HASH_DEF_TEMPLATE(HASH, Hash) \ + HASH_DEF Hash##_Def= { \ + {(HASH_START_METHOD *)&tpmHashStart_##HASH, \ + (HASH_DATA_METHOD *)&tpmHashData_##HASH, \ + (HASH_END_METHOD *)&tpmHashEnd_##HASH, \ + (HASH_STATE_COPY_METHOD *)&tpmHashStateCopy_##HASH, \ + (HASH_STATE_EXPORT_METHOD *)&tpmHashStateExport_##HASH, \ + (HASH_STATE_IMPORT_METHOD *)&tpmHashStateImport_##HASH, \ + }, \ + HASH##_BLOCK_SIZE, /*block size */ \ + HASH##_DIGEST_SIZE, /*data size */ \ + sizeof(tpmHashState##HASH##_t), \ + TPM_ALG_##HASH, OID_##HASH \ + PKCS1_OID(HASH) ECDSA_OID(HASH)}; + +// These definitions are for the types that can be in a hash state structure. +// These types are used in the cryptographic utilities. This is a define rather than +// an enum so that the size of this field can be explicit. +typedef BYTE HASH_STATE_TYPE; +#define HASH_STATE_EMPTY ((HASH_STATE_TYPE) 0) +#define HASH_STATE_HASH ((HASH_STATE_TYPE) 1) +#define HASH_STATE_HMAC ((HASH_STATE_TYPE) 2) +#if CC_MAC || CC_MAC_Start +#define HASH_STATE_SMAC ((HASH_STATE_TYPE) 3) +#endif + + +// This is the structure that is used for passing a context into the hashing +// functions. It should be the same size as the function context used within +// the hashing functions. This is checked when the hash function is initialized. +// This version uses a new layout for the contexts and a different definition. The +// state buffer is an array of HASH_UNIT values so that a decent compiler will put +// the structure on a HASH_UNIT boundary. If the structure is not properly aligned, +// the code that manipulates the structure will copy to a properly aligned +// structure before it is used and copy the result back. This just makes things +// slower. +// NOTE: This version of the state had the pointer to the update method in the +// state. This is to allow the SMAC functions to use the same structure without +// having to replicate the entire HASH_DEF structure. +typedef struct _HASH_STATE +{ + HASH_STATE_TYPE type; // type of the context + TPM_ALG_ID hashAlg; + PHASH_DEF def; + ANY_HASH_STATE state; +} HASH_STATE, *PHASH_STATE; +typedef const HASH_STATE *PCHASH_STATE; + + +//** HMAC State Structures + +// An HMAC_STATE structure contains an opaque HMAC stack state. A caller would +// use this structure when performing incremental HMAC operations. This structure +// contains a hash state and an HMAC key and allows slightly better stack +// optimization than adding an HMAC key to each hash state. +typedef struct hmacState +{ + HASH_STATE hashState; // the hash state + TPM2B_HASH_BLOCK hmacKey; // the HMAC key +} HMAC_STATE, *PHMAC_STATE; + +// This is for the external hash state. This implementation assumes that the size +// of the exported hash state is no larger than the internal hash state. +typedef struct +{ + BYTE buffer[sizeof(HASH_STATE)]; +} EXPORT_HASH_STATE, *PEXPORT_HASH_STATE; + +typedef const EXPORT_HASH_STATE *PCEXPORT_HASH_STATE; + +#endif // _CRYPT_HASH_H diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CryptRand.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CryptRand.h new file mode 100644 index 000000000..60a8a0435 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CryptRand.h @@ -0,0 +1,199 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +//** Introduction +// This file contains constant definition shared by CryptUtil and the parts +// of the Crypto Engine. +// + +#ifndef _CRYPT_RAND_H +#define _CRYPT_RAND_H + + +//** DRBG Structures and Defines + +// Values and structures for the random number generator. These values are defined +// in this header file so that the size of the RNG state can be known to TPM.lib. +// This allows the allocation of some space in NV memory for the state to +// be stored on an orderly shutdown. + +// The DRBG based on a symmetric block cipher is defined by three values, +// 1) the key size +// 2) the block size (the IV size) +// 3) the symmetric algorithm + +#define DRBG_KEY_SIZE_BITS AES_MAX_KEY_SIZE_BITS +#define DRBG_IV_SIZE_BITS (AES_MAX_BLOCK_SIZE * 8) +#define DRBG_ALGORITHM TPM_ALG_AES + + +typedef tpmKeyScheduleAES DRBG_KEY_SCHEDULE; +#define DRBG_ENCRYPT_SETUP(key, keySizeInBits, schedule) \ + TpmCryptSetEncryptKeyAES(key, keySizeInBits, schedule) +#define DRBG_ENCRYPT(keySchedule, in, out) \ + TpmCryptEncryptAES(SWIZZLE(keySchedule, in, out)) + +#if ((DRBG_KEY_SIZE_BITS % RADIX_BITS) != 0) \ + || ((DRBG_IV_SIZE_BITS % RADIX_BITS) != 0) +#error "Key size and IV for DRBG must be even multiples of the radix" +#endif +#if (DRBG_KEY_SIZE_BITS % DRBG_IV_SIZE_BITS) != 0 +#error "Key size for DRBG must be even multiple of the cypher block size" +#endif + +// Derived values +#define DRBG_MAX_REQUESTS_PER_RESEED (1 << 48) +#define DRBG_MAX_REQEST_SIZE (1 << 32) + +#define pDRBG_KEY(seed) ((DRBG_KEY *)&(((BYTE *)(seed))[0])) +#define pDRBG_IV(seed) ((DRBG_IV *)&(((BYTE *)(seed))[DRBG_KEY_SIZE_BYTES])) + +#define DRBG_KEY_SIZE_WORDS (BITS_TO_CRYPT_WORDS(DRBG_KEY_SIZE_BITS)) +#define DRBG_KEY_SIZE_BYTES (DRBG_KEY_SIZE_WORDS * RADIX_BYTES) + +#define DRBG_IV_SIZE_WORDS (BITS_TO_CRYPT_WORDS(DRBG_IV_SIZE_BITS)) +#define DRBG_IV_SIZE_BYTES (DRBG_IV_SIZE_WORDS * RADIX_BYTES) + +#define DRBG_SEED_SIZE_WORDS (DRBG_KEY_SIZE_WORDS + DRBG_IV_SIZE_WORDS) +#define DRBG_SEED_SIZE_BYTES (DRBG_KEY_SIZE_BYTES + DRBG_IV_SIZE_BYTES) + + +typedef union +{ + BYTE bytes[DRBG_KEY_SIZE_BYTES]; + crypt_uword_t words[DRBG_KEY_SIZE_WORDS]; +} DRBG_KEY; + +typedef union +{ + BYTE bytes[DRBG_IV_SIZE_BYTES]; + crypt_uword_t words[DRBG_IV_SIZE_WORDS]; +} DRBG_IV; + +typedef union +{ + BYTE bytes[DRBG_SEED_SIZE_BYTES]; + crypt_uword_t words[DRBG_SEED_SIZE_WORDS]; +} DRBG_SEED; + +#define CTR_DRBG_MAX_REQUESTS_PER_RESEED ((UINT64)1 << 20) +#define CTR_DRBG_MAX_BYTES_PER_REQUEST (1 << 16) + +# define CTR_DRBG_MIN_ENTROPY_INPUT_LENGTH DRBG_SEED_SIZE_BYTES +# define CTR_DRBG_MAX_ENTROPY_INPUT_LENGTH DRBG_SEED_SIZE_BYTES +# define CTR_DRBG_MAX_ADDITIONAL_INPUT_LENGTH DRBG_SEED_SIZE_BYTES + +#define TESTING (1 << 0) +#define ENTROPY (1 << 1) +#define TESTED (1 << 2) + +#define IsTestStateSet(BIT) ((g_cryptoSelfTestState.rng & BIT) != 0) +#define SetTestStateBit(BIT) (g_cryptoSelfTestState.rng |= BIT) +#define ClearTestStateBit(BIT) (g_cryptoSelfTestState.rng &= ~BIT) + +#define IsSelfTest() IsTestStateSet(TESTING) +#define SetSelfTest() SetTestStateBit(TESTING) +#define ClearSelfTest() ClearTestStateBit(TESTING) + +#define IsEntropyBad() IsTestStateSet(ENTROPY) +#define SetEntropyBad() SetTestStateBit(ENTROPY) +#define ClearEntropyBad() ClearTestStateBit(ENTROPY) + +#define IsDrbgTested() IsTestStateSet(TESTED) +#define SetDrbgTested() SetTestStateBit(TESTED) +#define ClearDrbgTested() ClearTestStateBit(TESTED) + +typedef struct +{ + UINT64 reseedCounter; + UINT32 magic; + DRBG_SEED seed; // contains the key and IV for the counter mode DRBG + UINT32 lastValue[4]; // used when the TPM does continuous self-test + // for FIPS compliance of DRBG +} DRBG_STATE, *pDRBG_STATE; +#define DRBG_MAGIC ((UINT32) 0x47425244) // "DRBG" backwards so that it displays + +typedef struct +{ + UINT64 counter; + UINT32 magic; + UINT32 limit; + TPM2B *seed; + const TPM2B *label; + TPM2B *context; + TPM_ALG_ID hash; + TPM_ALG_ID kdf; + UINT16 digestSize; + TPM2B_DIGEST residual; +} KDF_STATE, *pKDR_STATE; +#define KDF_MAGIC ((UINT32) 0x4048444a) // "KDF " backwards + +// Make sure that any other structures added to this union start with a 64-bit +// counter and a 32-bit magic number +typedef union +{ + DRBG_STATE drbg; + KDF_STATE kdf; +} RAND_STATE; + +// This is the state used when the library uses a random number generator. +// A special function is installed for the library to call. That function +// picks up the state from this location and uses it for the generation +// of the random number. +extern RAND_STATE *s_random; + +// When instrumenting RSA key sieve +#if RSA_INSTRUMENT +#define PRIME_INDEX(x) ((x) == 512 ? 0 : (x) == 1024 ? 1 : 2) +# define INSTRUMENT_SET(a, b) ((a) = (b)) +# define INSTRUMENT_ADD(a, b) (a) = (a) + (b) +# define INSTRUMENT_INC(a) (a) = (a) + 1 + +extern UINT32 PrimeIndex; +extern UINT32 failedAtIteration[10]; +extern UINT32 PrimeCounts[3]; +extern UINT32 MillerRabinTrials[3]; +extern UINT32 totalFieldsSieved[3]; +extern UINT32 bitsInFieldAfterSieve[3]; +extern UINT32 emptyFieldsSieved[3]; +extern UINT32 noPrimeFields[3]; +extern UINT32 primesChecked[3]; +extern UINT16 lastSievePrime; +#else +# define INSTRUMENT_SET(a, b) +# define INSTRUMENT_ADD(a, b) +# define INSTRUMENT_INC(a) +#endif + +#endif // _CRYPT_RAND_H diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CryptRsa.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CryptRsa.h new file mode 100644 index 000000000..5d0aebdae --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CryptRsa.h @@ -0,0 +1,69 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +// This file contains the RSA-related structures and defines. + +#ifndef _CRYPT_RSA_H +#define _CRYPT_RSA_H + +// These values are used in the bigNum representation of various RSA values. +BN_TYPE(rsa, MAX_RSA_KEY_BITS); +#define BN_RSA(name) BN_VAR(name, MAX_RSA_KEY_BITS) +#define BN_RSA_INITIALIZED(name, initializer) \ + BN_INITIALIZED(name, MAX_RSA_KEY_BITS, initializer) + +#define BN_PRIME(name) BN_VAR(name, (MAX_RSA_KEY_BITS / 2)) +BN_TYPE(prime, (MAX_RSA_KEY_BITS / 2)); +#define BN_PRIME_INITIALIZED(name, initializer) \ + BN_INITIALIZED(name, MAX_RSA_KEY_BITS / 2, initializer) + +#if !CRT_FORMAT_RSA +# error This verson only works with CRT formatted data +#endif // !CRT_FORMAT_RSA + +typedef struct privateExponent +{ + bigNum P; + bigNum Q; + bigNum dP; + bigNum dQ; + bigNum qInv; + bn_prime_t entries[5]; +} privateExponent; + +#define NEW_PRIVATE_EXPONENT(X) \ + privateExponent _##X; \ + privateExponent *X = RsaInitializeExponent(&(_##X)) + +#endif // _CRYPT_RSA_H diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CryptSym.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CryptSym.h new file mode 100644 index 000000000..efbd24195 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CryptSym.h @@ -0,0 +1,143 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +//** Introduction +// +// This file contains the implementation of the symmetric block cipher modes +// allowed for a TPM. These functions only use the single block encryption functions +// of the selected symmetric cryptographic library. + +//** Includes, Defines, and Typedefs +#ifndef CRYPT_SYM_H +#define CRYPT_SYM_H + +typedef union tpmCryptKeySchedule_t { +#if ALG_AES + tpmKeyScheduleAES AES; +#endif +#if ALG_SM4 + tpmKeyScheduleSM4 SM4; +#endif +#if ALG_CAMELLIA + tpmKeyScheduleCAMELLIA CAMELLIA; +#endif + +#if ALG_TDES + tpmKeyScheduleTDES TDES[3]; +#endif +#if SYMMETRIC_ALIGNMENT == 8 + uint64_t alignment; +#else + uint32_t alignment; +#endif +} tpmCryptKeySchedule_t; + + +// Each block cipher within a library is expected to conform to the same calling +// conventions with three parameters ('keySchedule', 'in', and 'out') in the same +// order. That means that all algorithms would use the same order of the same +// parameters. The code is written assuming the ('keySchedule', 'in', and 'out') +// order. However, if the library uses a different order, the order can be changed +// with a SWIZZLE macro that puts the parameters in the correct order. +// Note that all algorithms have to use the same order and number of parameters +// because the code to build the calling list is common for each call to encrypt +// or decrypt with the algorithm chosen by setting a function pointer to select +// the algorithm that is used. + +# define ENCRYPT(keySchedule, in, out) \ + encrypt(SWIZZLE(keySchedule, in, out)) + +# define DECRYPT(keySchedule, in, out) \ + decrypt(SWIZZLE(keySchedule, in, out)) + + +// Note that the macros rely on 'encrypt' as local values in the +// functions that use these macros. Those parameters are set by the macro that +// set the key schedule to be used for the call. + + +#define ENCRYPT_CASE(ALG) \ + case TPM_ALG_##ALG: \ + TpmCryptSetEncryptKey##ALG(key, keySizeInBits, &keySchedule.ALG); \ + encrypt = (TpmCryptSetSymKeyCall_t)TpmCryptEncrypt##ALG; \ + break; +#define DECRYPT_CASE(ALG) \ + case TPM_ALG_##ALG: \ + TpmCryptSetDecryptKey##ALG(key, keySizeInBits, &keySchedule.ALG); \ + decrypt = (TpmCryptSetSymKeyCall_t)TpmCryptDecrypt##ALG; \ + break; + +#if ALG_AES +#define ENCRYPT_CASE_AES ENCRYPT_CASE(AES) +#define DECRYPT_CASE_AES DECRYPT_CASE(AES) +#else +#define ENCRYPT_CASE_AES +#define DECRYPT_CASE_AES +#endif +#if ALG_SM4 +#define ENCRYPT_CASE_SM4 ENCRYPT_CASE(SM4) +#define DECRYPT_CASE_SM4 DECRYPT_CASE(SM4) +#else +#define ENCRYPT_CASE_SM4 +#define DECRYPT_CASE_SM4 +#endif +#if ALG_CAMELLIA +#define ENCRYPT_CASE_CAMELLIA ENCRYPT_CASE(CAMELLIA) +#define DECRYPT_CASE_CAMELLIA DECRYPT_CASE(CAMELLIA) +#else +#define ENCRYPT_CASE_CAMELLIA +#define DECRYPT_CASE_CAMELLIA +#endif +#if ALG_TDES +#define ENCRYPT_CASE_TDES ENCRYPT_CASE(TDES) +#define DECRYPT_CASE_TDES DECRYPT_CASE(TDES) +#else +#define ENCRYPT_CASE_TDES +#define DECRYPT_CASE_TDES +#endif + +// For each algorithm the case will either be defined or null. +#define SELECT(direction) \ + switch(algorithm) \ + { \ + direction##_CASE_AES \ + direction##_CASE_SM4 \ + direction##_CASE_CAMELLIA \ + direction##_CASE_TDES \ + default: \ + FAIL(FATAL_ERROR_INTERNAL); \ + } + + +#endif // CRYPT_SYM_H \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CryptTest.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CryptTest.h new file mode 100644 index 000000000..4b0d16074 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CryptTest.h @@ -0,0 +1,70 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +// This file contains constant definitions used for self-test. + +#ifndef _CRYPT_TEST_H +#define _CRYPT_TEST_H + +// This is the definition of a bit array with one bit per algorithm. +// NOTE: Since bit numbering starts at zero, when ALG_LAST_VALUE is a multiple of 8, +// ALGORITHM_VECTOR will need to have byte for the single bit in the last byte. So, +// for example, when ALG_LAST_VECTOR is 8, ALGORITHM_VECTOR will need 2 bytes. +#define ALGORITHM_VECTOR_BYTES ((ALG_LAST_VALUE + 8) / 8) +typedef BYTE ALGORITHM_VECTOR[ALGORITHM_VECTOR_BYTES]; + +#ifdef TEST_SELF_TEST +LIB_EXPORT extern ALGORITHM_VECTOR LibToTest; +#endif + +// This structure is used to contain self-test tracking information for the +// cryptographic modules. Each of the major modules is given a 32-bit value in +// which it may maintain its own self test information. The convention for this +// state is that when all of the bits in this structure are 0, all functions need +// to be tested. +typedef struct +{ + UINT32 rng; + UINT32 hash; + UINT32 sym; +#if ALG_RSA + UINT32 rsa; +#endif +#if ALG_ECC + UINT32 ecc; +#endif +} CRYPTO_SELF_TEST_STATE; + + +#endif // _CRYPT_TEST_H diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/EccTestData.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/EccTestData.h new file mode 100644 index 000000000..f5680a75c --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/EccTestData.h @@ -0,0 +1,158 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +// This file contains the parameter data for ECC testing. + +#ifdef SELF_TEST_DATA + +TPM2B_TYPE(EC_TEST, 32); +const TPM_ECC_CURVE c_testCurve = 00003; + +// The "static" key + +const TPM2B_EC_TEST c_ecTestKey_ds = {{32, { + 0xdf,0x8d,0xa4,0xa3,0x88,0xf6,0x76,0x96,0x89,0xfc,0x2f,0x2d,0xa1,0xb4,0x39,0x7a, + 0x78,0xc4,0x7f,0x71,0x8c,0xa6,0x91,0x85,0xc0,0xbf,0xf3,0x54,0x20,0x91,0x2f,0x73}}}; + +const TPM2B_EC_TEST c_ecTestKey_QsX = {{32, { + 0x17,0xad,0x2f,0xcb,0x18,0xd4,0xdb,0x3f,0x2c,0x53,0x13,0x82,0x42,0x97,0xff,0x8d, + 0x99,0x50,0x16,0x02,0x35,0xa7,0x06,0xae,0x1f,0xda,0xe2,0x9c,0x12,0x77,0xc0,0xf9}}}; + +const TPM2B_EC_TEST c_ecTestKey_QsY = {{32, { + 0xa6,0xca,0xf2,0x18,0x45,0x96,0x6e,0x58,0xe6,0x72,0x34,0x12,0x89,0xcd,0xaa,0xad, + 0xcb,0x68,0xb2,0x51,0xdc,0x5e,0xd1,0x6d,0x38,0x20,0x35,0x57,0xb2,0xfd,0xc7,0x52}}}; + +// The "ephemeral" key + +const TPM2B_EC_TEST c_ecTestKey_de = {{32, { + 0xb6,0xb5,0x33,0x5c,0xd1,0xee,0x52,0x07,0x99,0xea,0x2e,0x8f,0x8b,0x19,0x18,0x07, + 0xc1,0xf8,0xdf,0xdd,0xb8,0x77,0x00,0xc7,0xd6,0x53,0x21,0xed,0x02,0x53,0xee,0xac}}}; + +const TPM2B_EC_TEST c_ecTestKey_QeX = {{32, { + 0xa5,0x1e,0x80,0xd1,0x76,0x3e,0x8b,0x96,0xce,0xcc,0x21,0x82,0xc9,0xa2,0xa2,0xed, + 0x47,0x21,0x89,0x53,0x44,0xe9,0xc7,0x92,0xe7,0x31,0x48,0x38,0xe6,0xea,0x93,0x47}}}; + +const TPM2B_EC_TEST c_ecTestKey_QeY = {{32, { + 0x30,0xe6,0x4f,0x97,0x03,0xa1,0xcb,0x3b,0x32,0x2a,0x70,0x39,0x94,0xeb,0x4e,0xea, + 0x55,0x88,0x81,0x3f,0xb5,0x00,0xb8,0x54,0x25,0xab,0xd4,0xda,0xfd,0x53,0x7a,0x18}}}; + +// ECDH test results +const TPM2B_EC_TEST c_ecTestEcdh_X = {{32, { + 0x64,0x02,0x68,0x92,0x78,0xdb,0x33,0x52,0xed,0x3b,0xfa,0x3b,0x74,0xa3,0x3d,0x2c, + 0x2f,0x9c,0x59,0x03,0x07,0xf8,0x22,0x90,0xed,0xe3,0x45,0xf8,0x2a,0x0a,0xd8,0x1d}}}; + +const TPM2B_EC_TEST c_ecTestEcdh_Y = {{32, { + 0x58,0x94,0x05,0x82,0xbe,0x5f,0x33,0x02,0x25,0x90,0x3a,0x33,0x90,0x89,0xe3,0xe5, + 0x10,0x4a,0xbc,0x78,0xa5,0xc5,0x07,0x64,0xaf,0x91,0xbc,0xe6,0xff,0x85,0x11,0x40}}}; + +TPM2B_TYPE(TEST_VALUE, 64); +const TPM2B_TEST_VALUE c_ecTestValue = {{64, { + 0x78,0xd5,0xd4,0x56,0x43,0x61,0xdb,0x97,0xa4,0x32,0xc4,0x0b,0x06,0xa9,0xa8,0xa0, + 0xf4,0x45,0x7f,0x13,0xd8,0x13,0x81,0x0b,0xe5,0x76,0xbe,0xaa,0xb6,0x3f,0x8d,0x4d, + 0x23,0x65,0xcc,0xa7,0xc9,0x19,0x10,0xce,0x69,0xcb,0x0c,0xc7,0x11,0x8d,0xc3,0xff, + 0x62,0x69,0xa2,0xbe,0x46,0x90,0xe7,0x7d,0x81,0x77,0x94,0x65,0x1c,0x3e,0xc1,0x3e}}}; + +#if ALG_SHA1_VALUE == DEFAULT_TEST_HASH + +const TPM2B_EC_TEST c_TestEcDsa_r = {{32, { + 0x57,0xf3,0x36,0xb7,0xec,0xc2,0xdd,0x76,0x0e,0xe2,0x81,0x21,0x49,0xc5,0x66,0x11, + 0x4b,0x8a,0x4f,0x17,0x62,0x82,0xcc,0x06,0xf6,0x64,0x78,0xef,0x6b,0x7c,0xf2,0x6c}}}; +const TPM2B_EC_TEST c_TestEcDsa_s = {{32, { + 0x1b,0xed,0x23,0x72,0x8f,0x17,0x5f,0x47,0x2e,0xa7,0x97,0x2c,0x51,0x57,0x20,0x70, + 0x6f,0x89,0x74,0x8a,0xa8,0xf4,0x26,0xf4,0x96,0xa1,0xb8,0x3e,0xe5,0x35,0xc5,0x94}}}; + +const TPM2B_EC_TEST c_TestEcSchnorr_r = {{32,{ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x1b,0x08,0x9f,0xde, + 0xef,0x62,0xe3,0xf1,0x14,0xcb,0x54,0x28,0x13,0x76,0xfc,0x6d,0x69,0x22,0xb5,0x3e}}}; +const TPM2B_EC_TEST c_TestEcSchnorr_s = {{32,{ + 0xd9,0xd3,0x20,0xfb,0x4d,0x16,0xf2,0xe6,0xe2,0x45,0x07,0x45,0x1c,0x92,0x92,0x92, + 0xa9,0x6b,0x48,0xf8,0xd1,0x98,0x29,0x4d,0xd3,0x8f,0x56,0xf2,0xbb,0x2e,0x22,0x3b}}}; + +#endif // SHA1 + +#if ALG_SHA256_VALUE == DEFAULT_TEST_HASH + +const TPM2B_EC_TEST c_TestEcDsa_r = {{32, { + 0x04,0x7d,0x54,0xeb,0x04,0x6f,0x56,0xec,0xa2,0x6c,0x38,0x8c,0xeb,0x43,0x0b,0x71, + 0xf8,0xf2,0xf4,0xa5,0xe0,0x1d,0x3c,0xa2,0x39,0x31,0xe4,0xe7,0x36,0x3b,0xb5,0x5f}}}; +const TPM2B_EC_TEST c_TestEcDsa_s = {{32, { + 0x8f,0xd0,0x12,0xd9,0x24,0x75,0xf6,0xc4,0x3b,0xb5,0x46,0x75,0x3a,0x41,0x8d,0x80, + 0x23,0x99,0x38,0xd7,0xe2,0x40,0xca,0x9a,0x19,0x2a,0xfc,0x54,0x75,0xd3,0x4a,0x6e}}}; + +const TPM2B_EC_TEST c_TestEcSchnorr_r = {{32, { + 0xf7,0xb9,0x15,0x4c,0x34,0xf6,0x41,0x19,0xa3,0xd2,0xf1,0xbd,0xf4,0x13,0x6a,0x4f, + 0x63,0xb8,0x4d,0xb5,0xc8,0xcd,0xde,0x85,0x95,0xa5,0x39,0x0a,0x14,0x49,0x3d,0x2f}}}; +const TPM2B_EC_TEST c_TestEcSchnorr_s = {{32,{ + 0xfe,0xbe,0x17,0xaa,0x31,0x22,0x9f,0xd0,0xd2,0xf5,0x25,0x04,0x92,0xb0,0xaa,0x4e, + 0xcc,0x1c,0xb6,0x79,0xd6,0x42,0xb3,0x4e,0x3f,0xbb,0xfe,0x5f,0xd0,0xd0,0x8b,0xc3}}}; + +#endif // SHA256 + +#if ALG_SHA384_VALUE == DEFAULT_TEST_HASH + +const TPM2B_EC_TEST c_TestEcDsa_r = {{32, { + 0xf5,0x74,0x6d,0xd6,0xc6,0x56,0x86,0xbb,0xba,0x1c,0xba,0x75,0x65,0xee,0x64,0x31, + 0xce,0x04,0xe3,0x9f,0x24,0x3f,0xbd,0xfe,0x04,0xcd,0xab,0x7e,0xfe,0xad,0xcb,0x82}}}; +const TPM2B_EC_TEST c_TestEcDsa_s = {{32, { + 0xc2,0x4f,0x32,0xa1,0x06,0xc0,0x85,0x4f,0xc6,0xd8,0x31,0x66,0x91,0x9f,0x79,0xcd, + 0x5b,0xe5,0x7b,0x94,0xa1,0x91,0x38,0xac,0xd4,0x20,0xa2,0x10,0xf0,0xd5,0x9d,0xbf}}}; + +const TPM2B_EC_TEST c_TestEcSchnorr_r = {{32, { + 0x1e,0xb8,0xe1,0xbf,0xa1,0x9e,0x39,0x1e,0x58,0xa2,0xe6,0x59,0xd0,0x1a,0x6a,0x03, + 0x6a,0x1f,0x1c,0x4f,0x36,0x19,0xc1,0xec,0x30,0xa4,0x85,0x1b,0xe9,0x74,0x35,0x66}}}; +const TPM2B_EC_TEST c_TestEcSchnorr_s = {{32,{ + 0xb9,0xe6,0xe3,0x7e,0xcb,0xb9,0xea,0xf1,0xcc,0xf4,0x48,0x44,0x4a,0xda,0xc8,0xd7, + 0x87,0xb4,0xba,0x40,0xfe,0x5b,0x68,0x11,0x14,0xcf,0xa0,0x0e,0x85,0x46,0x99,0x01}}}; + +#endif // SHA384 + +#if ALG_SHA512_VALUE == DEFAULT_TEST_HASH + +const TPM2B_EC_TEST c_TestEcDsa_r = {{32, { + 0xc9,0x71,0xa6,0xb4,0xaf,0x46,0x26,0x8c,0x27,0x00,0x06,0x3b,0x00,0x0f,0xa3,0x17, + 0x72,0x48,0x40,0x49,0x4d,0x51,0x4f,0xa4,0xcb,0x7e,0x86,0xe9,0xe7,0xb4,0x79,0xb2}}}; +const TPM2B_EC_TEST c_TestEcDsa_s = {{32,{ + 0x87,0xbc,0xc0,0xed,0x74,0x60,0x9e,0xfa,0x4e,0xe8,0x16,0xf3,0xf9,0x6b,0x26,0x07, + 0x3c,0x74,0x31,0x7e,0xf0,0x62,0x46,0xdc,0xd6,0x45,0x22,0x47,0x3e,0x0c,0xa0,0x02}}}; + +const TPM2B_EC_TEST c_TestEcSchnorr_r = {{32,{ + 0xcc,0x07,0xad,0x65,0x91,0xdd,0xa0,0x10,0x23,0xae,0x53,0xec,0xdf,0xf1,0x50,0x90, + 0x16,0x96,0xf4,0x45,0x09,0x73,0x9c,0x84,0xb5,0x5c,0x5f,0x08,0x51,0xcb,0x60,0x01}}}; +const TPM2B_EC_TEST c_TestEcSchnorr_s = {{32,{ + 0x55,0x20,0x21,0x54,0xe2,0x49,0x07,0x47,0x71,0xf4,0x99,0x15,0x54,0xf3,0xab,0x14, + 0xdb,0x8e,0xda,0x79,0xb6,0x02,0x0e,0xe3,0x5e,0x6f,0x2c,0xb6,0x05,0xbd,0x14,0x10}}}; + +#endif // SHA512 + +#endif // SELF_TEST_DATA diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Global.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Global.h new file mode 100644 index 000000000..09bf6fc41 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Global.h @@ -0,0 +1,1439 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +//** Description + +// This file contains internal global type definitions and data declarations that +// are need between subsystems. The instantiation of global data is in Global.c. +// The initialization of global data is in the subsystem that is the primary owner +// of the data. +// +// The first part of this file has the typedefs for structures and other defines +// used in many portions of the code. After the typedef section, is a section that +// defines global values that are only present in RAM. The next three sections +// define the structures for the NV data areas: persistent, orderly, and state +// save. Additional sections define the data that is used in specific modules. That +// data is private to the module but is collected here to simplify the management +// of the instance data. +// All the data is instanced in Global.c. +#if !defined _TPM_H_ +#error "Should only be instanced in TPM.h" +#endif + + +//** Includes + +#ifndef GLOBAL_H +#define GLOBAL_H + +#ifdef GLOBAL_C +#define EXTERN +#define INITIALIZER(_value_) = _value_ +#else +#define EXTERN extern +#define INITIALIZER(_value_) +#endif + +_REDUCE_WARNING_LEVEL_(2) +#include +#include +_NORMAL_WARNING_LEVEL_ + +#if SIMULATION +#undef CONTEXT_SLOT +# define CONTEXT_SLOT UINT8 +#endif +#include "Capabilities.h" +#include "TpmTypes.h" +#include "CommandAttributes.h" +#include "CryptTest.h" +#include "BnValues.h" +#include "CryptHash.h" +#include "CryptSym.h" +#include "CryptRand.h" +#include "CryptEcc.h" +#include "CryptRsa.h" +#include "CryptTest.h" +#include "TpmError.h" +#include "NV.h" + +//** Defines and Types + +//*** Size Types +// These types are used to differentiate the two different size values used. +// +// NUMBYTES is used when a size is a number of bytes (usually a TPM2B) +typedef UINT16 NUMBYTES; + +//*** Other Types +// An AUTH_VALUE is a BYTE array containing a digest (TPMU_HA) +typedef BYTE AUTH_VALUE[sizeof(TPMU_HA)]; + +// A TIME_INFO is a BYTE array that can contain a TPMS_TIME_INFO +typedef BYTE TIME_INFO[sizeof(TPMS_TIME_INFO)]; + +// A NAME is a BYTE array that can contain a TPMU_NAME +typedef BYTE NAME[sizeof(TPMU_NAME)]; + +// Definition for a PROOF value +TPM2B_TYPE(PROOF, PROOF_SIZE); + +// Definition for a Primary Seed value +TPM2B_TYPE(SEED, PRIMARY_SEED_SIZE); + + +// A CLOCK_NONCE is used to tag the time value in the authorization session and +// in the ticket computation so that the ticket expires when there is a time +// discontinuity. When the clock stops during normal operation, the nonce is +// 64-bit value kept in RAM but it is a 32-bit counter when the clock only stops +// during power events. +#if CLOCK_STOPS +typedef UINT64 CLOCK_NONCE; +#else +typedef UINT32 CLOCK_NONCE; +#endif + +//** Loaded Object Structures +//*** Description +// The structures in this section define the object layout as it exists in TPM +// memory. +// +// Two types of objects are defined: an ordinary object such as a key, and a +// sequence object that may be a hash, HMAC, or event. +// +//*** OBJECT_ATTRIBUTES +// An OBJECT_ATTRIBUTES structure contains the variable attributes of an object. +// These properties are not part of the public properties but are used by the +// TPM in managing the object. An OBJECT_ATTRIBUTES is used in the definition of +// the OBJECT data type. + +typedef struct +{ + unsigned publicOnly : 1; //0) SET if only the public portion of + // an object is loaded + unsigned epsHierarchy : 1; //1) SET if the object belongs to EPS + // Hierarchy + unsigned ppsHierarchy : 1; //2) SET if the object belongs to PPS + // Hierarchy + unsigned spsHierarchy : 1; //3) SET f the object belongs to SPS + // Hierarchy + unsigned evict : 1; //4) SET if the object is a platform or + // owner evict object. Platform- + // evict object belongs to PPS + // hierarchy, owner-evict object + // belongs to SPS or EPS hierarchy. + // This bit is also used to mark a + // completed sequence object so it + // will be flush when the + // SequenceComplete command succeeds. + unsigned primary : 1; //5) SET for a primary object + unsigned temporary : 1; //6) SET for a temporary object + unsigned stClear : 1; //7) SET for an stClear object + unsigned hmacSeq : 1; //8) SET for an HMAC or MAC sequence + // object + unsigned hashSeq : 1; //9) SET for a hash sequence object + unsigned eventSeq : 1; //10) SET for an event sequence object + unsigned ticketSafe : 1; //11) SET if a ticket is safe to create + // for hash sequence object + unsigned firstBlock : 1; //12) SET if the first block of hash + // data has been received. It + // works with ticketSafe bit + unsigned isParent : 1; //13) SET if the key has the proper + // attributes to be a parent key +// unsigned privateExp : 1; //14) SET when the private exponent +// // of an RSA key has been validated. + unsigned not_used_14 : 1; + unsigned occupied : 1; //15) SET when the slot is occupied. + unsigned derivation : 1; //16) SET when the key is a derivation + // parent + unsigned external : 1; //17) SET when the object is loaded with + // TPM2_LoadExternal(); +} OBJECT_ATTRIBUTES; + +#if ALG_RSA +// There is an overload of the sensitive.rsa.t.size field of a TPMT_SENSITIVE when an +// RSA key is loaded. When the sensitive->sensitive contains an RSA key with all of +// the CRT values, then the MSB of the size field will be set to indicate that the +// buffer contains all 5 of the CRT private key values. +#define RSA_prime_flag 0x8000 +#endif + + +//*** OBJECT Structure +// An OBJECT structure holds the object public, sensitive, and meta-data +// associated. This structure is implementation dependent. For this +// implementation, the structure is not optimized for space but rather +// for clarity of the reference implementation. Other implementations +// may choose to overlap portions of the structure that are not used +// simultaneously. These changes would necessitate changes to the source +// code but those changes would be compatible with the reference +// implementation. + +typedef struct OBJECT +{ + // The attributes field is required to be first followed by the publicArea. + // This allows the overlay of the object structure and a sequence structure + OBJECT_ATTRIBUTES attributes; // object attributes + TPMT_PUBLIC publicArea; // public area of an object + TPMT_SENSITIVE sensitive; // sensitive area of an object + TPM2B_NAME qualifiedName; // object qualified name + TPMI_DH_OBJECT evictHandle; // if the object is an evict object, + // the original handle is kept here. + // The 'working' handle will be the + // handle of an object slot. + TPM2B_NAME name; // Name of the object name. Kept here + // to avoid repeatedly computing it. +} OBJECT; + +//*** HASH_OBJECT Structure +// This structure holds a hash sequence object or an event sequence object. +// +// The first four components of this structure are manually set to be the same as +// the first four components of the object structure. This prevents the object +// from being inadvertently misused as sequence objects occupy the same memory as +// a regular object. A debug check is present to make sure that the offsets are +// what they are supposed to be. +// NOTE: In a future version, this will probably be renamed as SEQUENCE_OBJECT +typedef struct HASH_OBJECT +{ + OBJECT_ATTRIBUTES attributes; // The attributes of the HASH object + TPMI_ALG_PUBLIC type; // algorithm + TPMI_ALG_HASH nameAlg; // name algorithm + TPMA_OBJECT objectAttributes; // object attributes + + // The data below is unique to a sequence object + TPM2B_AUTH auth; // authorization for use of sequence + union + { + HASH_STATE hashState[HASH_COUNT]; + HMAC_STATE hmacState; + } state; +} HASH_OBJECT; + +typedef BYTE HASH_OBJECT_BUFFER[sizeof(HASH_OBJECT)]; + +//*** ANY_OBJECT +// This is the union for holding either a sequence object or a regular object. +// for ContextSave and ContextLoad +typedef union ANY_OBJECT +{ + OBJECT entity; + HASH_OBJECT hash; +} ANY_OBJECT; + +typedef BYTE ANY_OBJECT_BUFFER[sizeof(ANY_OBJECT)]; + +//**AUTH_DUP Types +// These values are used in the authorization processing. + +typedef UINT32 AUTH_ROLE; +#define AUTH_NONE ((AUTH_ROLE)(0)) +#define AUTH_USER ((AUTH_ROLE)(1)) +#define AUTH_ADMIN ((AUTH_ROLE)(2)) +#define AUTH_DUP ((AUTH_ROLE)(3)) + +//** Active Session Context +//*** Description +// The structures in this section define the internal structure of a session +// context. +// +//*** SESSION_ATTRIBUTES +// The attributes in the SESSION_ATTRIBUTES structure track the various properties +// of the session. It maintains most of the tracking state information for the +// policy session. It is used within the SESSION structure. + +typedef struct SESSION_ATTRIBUTES +{ + unsigned isPolicy : 1; //1) SET if the session may only be used + // for policy + unsigned isAudit : 1; //2) SET if the session is used for audit + unsigned isBound : 1; //3) SET if the session is bound to with an + // entity. This attribute will be CLEAR + // if either isPolicy or isAudit is SET. + unsigned isCpHashDefined : 1; //3) SET if the cpHash has been defined + // This attribute is not SET unless + // 'isPolicy' is SET. + unsigned isAuthValueNeeded : 1; //5) SET if the authValue is required for + // computing the session HMAC. This + // attribute is not SET unless 'isPolicy' + // is SET. + unsigned isPasswordNeeded : 1; //6) SET if a password authValue is required + // for authorization This attribute is not + // SET unless 'isPolicy' is SET. + unsigned isPPRequired : 1; //7) SET if physical presence is required to + // be asserted when the authorization is + // checked. This attribute is not SET + // unless 'isPolicy' is SET. + unsigned isTrialPolicy : 1; //8) SET if the policy session is created + // for trial of the policy's policyHash + // generation. This attribute is not SET + // unless 'isPolicy' is SET. + unsigned isDaBound : 1; //9) SET if the bind entity had noDA CLEAR. + // If this is SET, then an authorization + // failure using this session will count + // against lockout even if the object + // being authorized is exempt from DA. + unsigned isLockoutBound : 1; //10) SET if the session is bound to + // lockoutAuth. + unsigned includeAuth : 1; //11) This attribute is SET when the + // authValue of an object is to be + // included in the computation of the + // HMAC key for the command and response + // computations. (was 'requestWasBound') + unsigned checkNvWritten : 1; //12) SET if the TPMA_NV_WRITTEN attribute + // needs to be checked when the policy is + // used for authorization for NV access. + // If this is SET for any other type, the + // policy will fail. + unsigned nvWrittenState : 1; //13) SET if TPMA_NV_WRITTEN is required to + // be SET. Used when 'checkNvWritten' is + // SET + unsigned isTemplateSet : 1; //14) SET if the templateHash needs to be + // checked for Create, CreatePrimary, or + // CreateLoaded. +} SESSION_ATTRIBUTES; + +//*** SESSION Structure +// The SESSION structure contains all the context of a session except for the +// associated contextID. +// +// Note: The contextID of a session is only relevant when the session context +// is stored off the TPM. + +typedef struct SESSION +{ + SESSION_ATTRIBUTES attributes; // session attributes + UINT32 pcrCounter; // PCR counter value when PCR is + // included (policy session) + // If no PCR is included, this + // value is 0. + UINT64 startTime; // The value in g_time when the session + // was started (policy session) + UINT64 timeout; // The timeout relative to g_time + // There is no timeout if this value + // is 0. + CLOCK_NONCE epoch; // The g_clockEpoch value when the + // session was started. If g_clockEpoch + // does not match this value when the + // timeout is used, then + // then the command will fail. + TPM_CC commandCode; // command code (policy session) + TPM_ALG_ID authHashAlg; // session hash algorithm + TPMA_LOCALITY commandLocality; // command locality (policy session) + TPMT_SYM_DEF symmetric; // session symmetric algorithm (if any) + TPM2B_AUTH sessionKey; // session secret value used for + // this session + TPM2B_NONCE nonceTPM; // last TPM-generated nonce for + // generating HMAC and encryption keys + union + { + TPM2B_NAME boundEntity; // value used to track the entity to + // which the session is bound + + TPM2B_DIGEST cpHash; // the required cpHash value for the + // command being authorized + TPM2B_DIGEST nameHash; // the required nameHash + TPM2B_DIGEST templateHash; // the required template for creation + } u1; + + union + { + TPM2B_DIGEST auditDigest; // audit session digest + TPM2B_DIGEST policyDigest; // policyHash + } u2; // audit log and policyHash may + // share space to save memory +} SESSION; + +#define EXPIRES_ON_RESET INT32_MIN +#define TIMEOUT_ON_RESET UINT64_MAX +#define EXPIRES_ON_RESTART (INT32_MIN + 1) +#define TIMEOUT_ON_RESTART (UINT64_MAX - 1) + +typedef BYTE SESSION_BUF[sizeof(SESSION)]; + +//********************************************************************************* +//** PCR +//********************************************************************************* +//***PCR_SAVE Structure +// The PCR_SAVE structure type contains the PCR data that are saved across power +// cycles. Only the static PCR are required to be saved across power cycles. The +// DRTM and resettable PCR are not saved. The number of static and resettable PCR +// is determined by the platform-specific specification to which the TPM is built. + +typedef struct PCR_SAVE +{ +#if ALG_SHA1 + BYTE sha1[NUM_STATIC_PCR][SHA1_DIGEST_SIZE]; +#endif +#if ALG_SHA256 + BYTE sha256[NUM_STATIC_PCR][SHA256_DIGEST_SIZE]; +#endif +#if ALG_SHA384 + BYTE sha384[NUM_STATIC_PCR][SHA384_DIGEST_SIZE]; +#endif +#if ALG_SHA512 + BYTE sha512[NUM_STATIC_PCR][SHA512_DIGEST_SIZE]; +#endif +#if ALG_SM3_256 + BYTE sm3_256[NUM_STATIC_PCR][SM3_256_DIGEST_SIZE]; +#endif + + // This counter increments whenever the PCR are updated. + // NOTE: A platform-specific specification may designate + // certain PCR changes as not causing this counter + // to increment. + UINT32 pcrCounter; +} PCR_SAVE; + +//***PCR_POLICY +#if defined NUM_POLICY_PCR_GROUP && NUM_POLICY_PCR_GROUP > 0 +// This structure holds the PCR policies, one for each group of PCR controlled +// by policy. +typedef struct PCR_POLICY +{ + TPMI_ALG_HASH hashAlg[NUM_POLICY_PCR_GROUP]; + TPM2B_DIGEST a; + TPM2B_DIGEST policy[NUM_POLICY_PCR_GROUP]; +} PCR_POLICY; +#endif + +//***PCR_AUTHVALUE +// This structure holds the PCR policies, one for each group of PCR controlled +// by policy. +typedef struct PCR_AUTH_VALUE +{ + TPM2B_DIGEST auth[NUM_AUTHVALUE_PCR_GROUP]; +} PCR_AUTHVALUE; + + + +//**STARTUP_TYPE +// This enumeration is the possible startup types. The type is determined +// by the combination of TPM2_ShutDown and TPM2_Startup. +typedef enum +{ + SU_RESET, + SU_RESTART, + SU_RESUME +} STARTUP_TYPE; + +//**NV + +//***NV_INDEX +// The NV_INDEX structure defines the internal format for an NV index. +// The 'indexData' size varies according to the type of the index. +// In this implementation, all of the index is manipulated as a unit. +typedef struct NV_INDEX +{ + TPMS_NV_PUBLIC publicArea; + TPM2B_AUTH authValue; +} NV_INDEX; + +//*** NV_REF +// An NV_REF is an opaque value returned by the NV subsystem. It is used to +// reference and NV Index in a relatively efficient way. Rather than having to +// continually search for an Index, its reference value may be used. In this +// implementation, an NV_REF is a byte pointer that points to the copy of the +// NV memory that is kept in RAM. +typedef UINT32 NV_REF; + +typedef BYTE *NV_RAM_REF; +//***NV_PIN +// This structure deals with the possible endianess differences between the +// canonical form of the TPMS_NV_PIN_COUNTER_PARAMETERS structure and the internal +// value. The structures allow the data in a PIN index to be read as an 8-octet +// value using NvReadUINT64Data(). That function will byte swap all the values on a +// little endian system. This will put the bytes with the 4-octet values in the +// correct order but will swap the pinLimit and pinCount values. When written, the +// PIN index is simply handled as a normal index with the octets in canonical order. +#if BIG_ENDIAN_TPM +typedef struct +{ + UINT32 pinCount; + UINT32 pinLimit; +} PIN_DATA; +#else +typedef struct +{ + UINT32 pinLimit; + UINT32 pinCount; +} PIN_DATA; +#endif + +typedef union +{ + UINT64 intVal; + PIN_DATA pin; +} NV_PIN; + +//**COMMIT_INDEX_MASK +// This is the define for the mask value that is used when manipulating +// the bits in the commit bit array. The commit counter is a 64-bit +// value and the low order bits are used to index the commitArray. +// This mask value is applied to the commit counter to extract the +// bit number in the array. +#if ALG_ECC + +#define COMMIT_INDEX_MASK ((UINT16)((sizeof(gr.commitArray)*8)-1)) + +#endif + +//***************************************************************************** +//***************************************************************************** +//** RAM Global Values +//***************************************************************************** +//***************************************************************************** +//*** Description +// The values in this section are only extant in RAM or ROM as constant values. + +//*** Crypto Self-Test Values +EXTERN ALGORITHM_VECTOR g_implementedAlgorithms; +EXTERN ALGORITHM_VECTOR g_toTest; + +//*** g_rcIndex[] +// This array is used to contain the array of values that are added to a return +// code when it is a parameter-, handle-, or session-related error. +// This is an implementation choice and the same result can be achieved by using +// a macro. +#define g_rcIndexInitializer { TPM_RC_1, TPM_RC_2, TPM_RC_3, TPM_RC_4, \ + TPM_RC_5, TPM_RC_6, TPM_RC_7, TPM_RC_8, \ + TPM_RC_9, TPM_RC_A, TPM_RC_B, TPM_RC_C, \ + TPM_RC_D, TPM_RC_E, TPM_RC_F } +EXTERN const UINT16 g_rcIndex[15] INITIALIZER(g_rcIndexInitializer); + +//*** g_exclusiveAuditSession +// This location holds the session handle for the current exclusive audit +// session. If there is no exclusive audit session, the location is set to +// TPM_RH_UNASSIGNED. +EXTERN TPM_HANDLE g_exclusiveAuditSession; + +//*** g_time +// This is the value in which we keep the current command time. This is initialized +// at the start of each command. The time is the accumulated time since the last +// time that the TPM's timer was last powered up. Clock is the accumulated time +// since the last time that the TPM was cleared. g_time is in mS. +EXTERN UINT64 g_time; + +//*** g_timeEpoch +// This value contains the current clock Epoch. It changes when there is a clock +// discontinuity. It may be necessary to place this in NV should the timer be able +// to run across a power down of the TPM but not in all cases (e.g. dead battery). +// If the nonce is placed in NV, it should go in gp because it should be changing +// slowly. +#if CLOCK_STOPS +EXTERN CLOCK_NONCE g_timeEpoch; +#else +#define g_timeEpoch gp.timeEpoch +#endif + + +//*** g_phEnable +// This is the platform hierarchy control and determines if the platform hierarchy +// is available. This value is SET on each TPM2_Startup(). The default value is +// SET. +EXTERN BOOL g_phEnable; + +//*** g_pcrReConfig +// This value is SET if a TPM2_PCR_Allocate command successfully executed since +// the last TPM2_Startup(). If so, then the next shutdown is required to be +// Shutdown(CLEAR). +EXTERN BOOL g_pcrReConfig; + +//*** g_DRTMHandle +// This location indicates the sequence object handle that holds the DRTM +// sequence data. When not used, it is set to TPM_RH_UNASSIGNED. A sequence +// DRTM sequence is started on either _TPM_Init or _TPM_Hash_Start. +EXTERN TPMI_DH_OBJECT g_DRTMHandle; + +//*** g_DrtmPreStartup +// This value indicates that an H-CRTM occurred after _TPM_Init but before +// TPM2_Startup(). The define for PRE_STARTUP_FLAG is used to add the +// g_DrtmPreStartup value to gp_orderlyState at shutdown. This hack is to avoid +// adding another NV variable. +EXTERN BOOL g_DrtmPreStartup; + +//*** g_StartupLocality3 +// This value indicates that a TPM2_Startup() occurred at locality 3. Otherwise, it +// at locality 0. The define for STARTUP_LOCALITY_3 is to +// indicate that the startup was not at locality 0. This hack is to avoid +// adding another NV variable. +EXTERN BOOL g_StartupLocality3; + +//***TPM_SU_NONE +// Part 2 defines the two shutdown/startup types that may be used in +// TPM2_Shutdown() and TPM2_Starup(). This additional define is +// used by the TPM to indicate that no shutdown was received. +// NOTE: This is a reserved value. +#define SU_NONE_VALUE (0xFFFF) +#define TPM_SU_NONE (TPM_SU)(SU_NONE_VALUE) + +//*** TPM_SU_DA_USED +// As with TPM_SU_NONE, this value is added to allow indication that the shutdown +// was not orderly and that a DA=protected object was reference during the previous +// cycle. +#define SU_DA_USED_VALUE (SU_NONE_VALUE - 1) +#define TPM_SU_DA_USED (TPM_SU)(SU_DA_USED_VALUE) + + + +//*** Startup Flags +// These flags are included in gp.orderlyState. These are hacks and are being +// used to avoid having to change the layout of gp. The PRE_STARTUP_FLAG indicates +// that a _TPM_Hash_Start/_Data/_End sequence was received after _TPM_Init but +// before TPM2_StartUp(). STARTUP_LOCALITY_3 indicates that the last TPM2_Startup() +// was received at locality 3. These flags are only relevant if after a +// TPM2_Shutdown(STATE). +#define PRE_STARTUP_FLAG 0x8000 +#define STARTUP_LOCALITY_3 0x4000 + +#if USE_DA_USED +//*** g_daUsed +// This location indicates if a DA-protected value is accessed during a boot +// cycle. If none has, then there is no need to increment 'failedTries' on the +// next non-orderly startup. This bit is merged with gp.orderlyState when that +// gp.orderly is set to SU_NONE_VALUE +EXTERN BOOL g_daUsed; +#endif + +//*** g_updateNV +// This flag indicates if NV should be updated at the end of a command. +// This flag is set to UT_NONE at the beginning of each command in ExecuteCommand(). +// This flag is checked in ExecuteCommand() after the detailed actions of a command +// complete. If the command execution was successful and this flag is not UT_NONE, +// any pending NV writes will be committed to NV. +// UT_ORDERLY causes any RAM data to be written to the orderly space for staging +// the write to NV. +typedef BYTE UPDATE_TYPE; +#define UT_NONE (UPDATE_TYPE)0 +#define UT_NV (UPDATE_TYPE)1 +#define UT_ORDERLY (UPDATE_TYPE)(UT_NV + 2) +EXTERN UPDATE_TYPE g_updateNV; + +//*** g_powerWasLost +// This flag is used to indicate if the power was lost. It is SET in _TPM__Init. +// This flag is cleared by TPM2_Startup() after all power-lost activities are +// completed. +// Note: When power is applied, this value can come up as anything. However, +// _plat__WasPowerLost() will provide the proper indication in that case. So, when +// power is actually lost, we get the correct answer. When power was not lost, but +// the power-lost processing has not been completed before the next _TPM_Init(), +// then the TPM still does the correct thing. +EXTERN BOOL g_powerWasLost; + +//*** g_clearOrderly +// This flag indicates if the execution of a command should cause the orderly +// state to be cleared. This flag is set to FALSE at the beginning of each +// command in ExecuteCommand() and is checked in ExecuteCommand() after the +// detailed actions of a command complete but before the check of +// 'g_updateNV'. If this flag is TRUE, and the orderly state is not +// SU_NONE_VALUE, then the orderly state in NV memory will be changed to +// SU_NONE_VALUE or SU_DA_USED_VALUE. +EXTERN BOOL g_clearOrderly; + +//*** g_prevOrderlyState +// This location indicates how the TPM was shut down before the most recent +// TPM2_Startup(). This value, along with the startup type, determines if +// the TPM should do a TPM Reset, TPM Restart, or TPM Resume. +EXTERN TPM_SU g_prevOrderlyState; + +//*** g_nvOk +// This value indicates if the NV integrity check was successful or not. If not and +// the failure was severe, then the TPM would have been put into failure mode after +// it had been re-manufactured. If the NV failure was in the area where the state-save +// data is kept, then this variable will have a value of FALSE indicating that +// a TPM2_Startup(CLEAR) is required. +EXTERN BOOL g_nvOk; +// NV availability is sampled as the start of each command and stored here +// so that its value remains consistent during the command execution +EXTERN TPM_RC g_NvStatus; + +#ifdef VENDOR_PERMANENT +//*** g_platformUnique +// This location contains the unique value(s) used to identify the TPM. It is +// loaded on every _TPM2_Startup() +// The first value is used to seed the RNG. The second value is used as a vendor +// authValue. The value used by the RNG would be the value derived from the +// chip unique value (such as fused) with a dependency on the authorities of the +// code in the TPM boot path. The second would be derived from the chip unique value +// with a dependency on the details of the code in the boot path. That is, the +// first value depends on the various signers of the code and the second depends on +// what was signed. The TPM vendor should not be able to know the first value but +// they are expected to know the second. +EXTERN TPM2B_AUTH g_platformUniqueAuthorities; // Reserved for RNG + +EXTERN TPM2B_AUTH g_platformUniqueDetails; // referenced by VENDOR_PERMANENT +#endif + +//********************************************************************************* +//********************************************************************************* +//** Persistent Global Values +//********************************************************************************* +//********************************************************************************* +//*** Description +// The values in this section are global values that are persistent across power +// events. The lifetime of the values determines the structure in which the value +// is placed. + +//********************************************************************************* +//*** PERSISTENT_DATA +//********************************************************************************* +// This structure holds the persistent values that only change as a consequence +// of a specific Protected Capability and are not affected by TPM power events +// (TPM2_Startup() or TPM2_Shutdown(). +typedef struct +{ +//********************************************************************************* +// Hierarchy +//********************************************************************************* +// The values in this section are related to the hierarchies. + + BOOL disableClear; // TRUE if TPM2_Clear() using + // lockoutAuth is disabled + + // Hierarchy authPolicies + TPMI_ALG_HASH ownerAlg; + TPMI_ALG_HASH endorsementAlg; + TPMI_ALG_HASH lockoutAlg; + TPM2B_DIGEST ownerPolicy; + TPM2B_DIGEST endorsementPolicy; + TPM2B_DIGEST lockoutPolicy; + + // Hierarchy authValues + TPM2B_AUTH ownerAuth; + TPM2B_AUTH endorsementAuth; + TPM2B_AUTH lockoutAuth; + + // Primary Seeds + TPM2B_SEED EPSeed; + TPM2B_SEED SPSeed; + TPM2B_SEED PPSeed; + // Note there is a nullSeed in the state_reset memory. + + // Hierarchy proofs + TPM2B_PROOF phProof; + TPM2B_PROOF shProof; + TPM2B_PROOF ehProof; + // Note there is a nullProof in the state_reset memory. + +//********************************************************************************* +// Reset Events +//********************************************************************************* +// A count that increments at each TPM reset and never get reset during the life +// time of TPM. The value of this counter is initialized to 1 during TPM +// manufacture process. It is used to invalidate all saved contexts after a TPM +// Reset. + UINT64 totalResetCount; + +// This counter increments on each TPM Reset. The counter is reset by +// TPM2_Clear(). + UINT32 resetCount; + +//********************************************************************************* +// PCR +//********************************************************************************* +// This structure hold the policies for those PCR that have an update policy. +// This implementation only supports a single group of PCR controlled by +// policy. If more are required, then this structure would be changed to +// an array. +#if defined NUM_POLICY_PCR_GROUP && NUM_POLICY_PCR_GROUP > 0 + PCR_POLICY pcrPolicies; +#endif + +// This structure indicates the allocation of PCR. The structure contains a +// list of PCR allocations for each implemented algorithm. If no PCR are +// allocated for an algorithm, a list entry still exists but the bit map +// will contain no SET bits. + TPML_PCR_SELECTION pcrAllocated; + +//********************************************************************************* +// Physical Presence +//********************************************************************************* +// The PP_LIST type contains a bit map of the commands that require physical +// to be asserted when the authorization is evaluated. Physical presence will be +// checked if the corresponding bit in the array is SET and if the authorization +// handle is TPM_RH_PLATFORM. +// +// These bits may be changed with TPM2_PP_Commands(). + BYTE ppList[(COMMAND_COUNT + 7) / 8]; + +//********************************************************************************* +// Dictionary attack values +//********************************************************************************* +// These values are used for dictionary attack tracking and control. + UINT32 failedTries; // the current count of unexpired + // authorization failures + + UINT32 maxTries; // number of unexpired authorization + // failures before the TPM is in + // lockout + + UINT32 recoveryTime; // time between authorization failures + // before failedTries is decremented + + UINT32 lockoutRecovery; // time that must expire between + // authorization failures associated + // with lockoutAuth + + BOOL lockOutAuthEnabled; // TRUE if use of lockoutAuth is + // allowed + +//***************************************************************************** +// Orderly State +//***************************************************************************** +// The orderly state for current cycle + TPM_SU orderlyState; + +//***************************************************************************** +// Command audit values. +//***************************************************************************** + BYTE auditCommands[((COMMAND_COUNT + 1) + 7) / 8]; + TPMI_ALG_HASH auditHashAlg; + UINT64 auditCounter; + +//***************************************************************************** +// Algorithm selection +//***************************************************************************** +// +// The 'algorithmSet' value indicates the collection of algorithms that are +// currently in used on the TPM. The interpretation of value is vendor dependent. + UINT32 algorithmSet; + +//***************************************************************************** +// Firmware version +//***************************************************************************** +// The firmwareV1 and firmwareV2 values are instanced in TimeStamp.c. This is +// a scheme used in development to allow determination of the linker build time +// of the TPM. An actual implementation would implement these values in a way that +// is consistent with vendor needs. The values are maintained in RAM for simplified +// access with a master version in NV. These values are modified in a +// vendor-specific way. + +// g_firmwareV1 contains the more significant 32-bits of the vendor version number. +// In the reference implementation, if this value is printed as a hex +// value, it will have the format of YYYYMMDD + UINT32 firmwareV1; + +// g_firmwareV1 contains the less significant 32-bits of the vendor version number. +// In the reference implementation, if this value is printed as a hex +// value, it will have the format of 00 HH MM SS + UINT32 firmwareV2; +//***************************************************************************** +// Timer Epoch +//***************************************************************************** +// timeEpoch contains a nonce that has a vendor=specific size (should not be +// less than 8 bytes. This nonce changes when the clock epoch changes. The clock +// epoch changes when there is a discontinuity in the timing of the TPM. +#if !CLOCK_STOPS + CLOCK_NONCE timeEpoch; +#endif + +} PERSISTENT_DATA; + +EXTERN PERSISTENT_DATA gp; + +//********************************************************************************* +//********************************************************************************* +//*** ORDERLY_DATA +//********************************************************************************* +//********************************************************************************* +// The data in this structure is saved to NV on each TPM2_Shutdown(). +typedef struct orderly_data +{ +//***************************************************************************** +// TIME +//***************************************************************************** + +// Clock has two parts. One is the state save part and one is the NV part. The +// state save version is updated on each command. When the clock rolls over, the +// NV version is updated. When the TPM starts up, if the TPM was shutdown in and +// orderly way, then the sClock value is used to initialize the clock. If the +// TPM shutdown was not orderly, then the persistent value is used and the safe +// attribute is clear. + + UINT64 clock; // The orderly version of clock + TPMI_YES_NO clockSafe; // Indicates if the clock value is + // safe. + + // In many implementations, the quality of the entropy available is not that + // high. To compensate, the current value of the drbgState can be saved and + // restored on each power cycle. This prevents the internal state from reverting + // to the initial state on each power cycle and starting with a limited amount + // of entropy. By keeping the old state and adding entropy, the entropy will + // accumulate. + DRBG_STATE drbgState; + +// These values allow the accumulation of self-healing time across orderly shutdown +// of the TPM. +#if ACCUMULATE_SELF_HEAL_TIMER + UINT64 selfHealTimer; // current value of s_selfHealTimer + UINT64 lockoutTimer; // current value of s_lockoutTimer + UINT64 time; // current value of g_time at shutdown +#endif // ACCUMULATE_SELF_HEAL_TIMER + +} ORDERLY_DATA; + +#if ACCUMULATE_SELF_HEAL_TIMER +#define s_selfHealTimer go.selfHealTimer +#define s_lockoutTimer go.lockoutTimer +#endif // ACCUMULATE_SELF_HEAL_TIMER + +# define drbgDefault go.drbgState + +EXTERN ORDERLY_DATA go; + +//********************************************************************************* +//********************************************************************************* +//*** STATE_CLEAR_DATA +//********************************************************************************* +//********************************************************************************* +// This structure contains the data that is saved on Shutdown(STATE) +// and restored on Startup(STATE). The values are set to their default +// settings on any Startup(Clear). In other words, the data is only persistent +// across TPM Resume. +// +// If the comments associated with a parameter indicate a default reset value, the +// value is applied on each Startup(CLEAR). + +typedef struct state_clear_data +{ +//***************************************************************************** +// Hierarchy Control +//***************************************************************************** + BOOL shEnable; // default reset is SET + BOOL ehEnable; // default reset is SET + BOOL phEnableNV; // default reset is SET + TPMI_ALG_HASH platformAlg; // default reset is TPM_ALG_NULL + TPM2B_DIGEST platformPolicy; // default reset is an Empty Buffer + TPM2B_AUTH platformAuth; // default reset is an Empty Buffer + +//***************************************************************************** +// PCR +//***************************************************************************** +// The set of PCR to be saved on Shutdown(STATE) + PCR_SAVE pcrSave; // default reset is 0...0 + +// This structure hold the authorization values for those PCR that have an +// update authorization. +// This implementation only supports a single group of PCR controlled by +// authorization. If more are required, then this structure would be changed to +// an array. + PCR_AUTHVALUE pcrAuthValues; +} STATE_CLEAR_DATA; + +EXTERN STATE_CLEAR_DATA gc; + +//********************************************************************************* +//********************************************************************************* +//*** State Reset Data +//********************************************************************************* +//********************************************************************************* +// This structure contains data is that is saved on Shutdown(STATE) and restored on +// the subsequent Startup(ANY). That is, the data is preserved across TPM Resume +// and TPM Restart. +// +// If a default value is specified in the comments this value is applied on +// TPM Reset. + +typedef struct state_reset_data +{ +//***************************************************************************** +// Hierarchy Control +//***************************************************************************** + TPM2B_PROOF nullProof; // The proof value associated with + // the TPM_RH_NULL hierarchy. The + // default reset value is from the RNG. + + TPM2B_SEED nullSeed; // The seed value for the TPM_RN_NULL + // hierarchy. The default reset value + // is from the RNG. + +//***************************************************************************** +// Context +//***************************************************************************** +// The 'clearCount' counter is incremented each time the TPM successfully executes +// a TPM Resume. The counter is included in each saved context that has 'stClear' +// SET (including descendants of keys that have 'stClear' SET). This prevents these +// objects from being loaded after a TPM Resume. +// If 'clearCount' is at its maximum value when the TPM receives a Shutdown(STATE), +// the TPM will return TPM_RC_RANGE and the TPM will only accept Shutdown(CLEAR). + UINT32 clearCount; // The default reset value is 0. + + UINT64 objectContextID; // This is the context ID for a saved + // object context. The default reset + // value is 0. +#ifndef NDEBUG +#undef CONTEXT_SLOT +#define CONTEXT_SLOT BYTE +#endif + + CONTEXT_SLOT contextArray[MAX_ACTIVE_SESSIONS]; // This array contains + // contains the values used to track + // the version numbers of saved + // contexts (see + // Session.c in for details). The + // default reset value is {0}. + + CONTEXT_COUNTER contextCounter; // This is the value from which the + // 'contextID' is derived. The + // default reset value is {0}. + +//***************************************************************************** +// Command Audit +//***************************************************************************** +// When an audited command completes, ExecuteCommand() checks the return +// value. If it is TPM_RC_SUCCESS, and the command is an audited command, the +// TPM will extend the cpHash and rpHash for the command to this value. If this +// digest was the Zero Digest before the cpHash was extended, the audit counter +// is incremented. + + TPM2B_DIGEST commandAuditDigest; // This value is set to an Empty Digest + // by TPM2_GetCommandAuditDigest() or a + // TPM Reset. + +//***************************************************************************** +// Boot counter +//***************************************************************************** + + UINT32 restartCount; // This counter counts TPM Restarts. + // The default reset value is 0. + +//********************************************************************************* +// PCR +//********************************************************************************* +// This counter increments whenever the PCR are updated. This counter is preserved +// across TPM Resume even though the PCR are not preserved. This is because +// sessions remain active across TPM Restart and the count value in the session +// is compared to this counter so this counter must have values that are unique +// as long as the sessions are active. +// NOTE: A platform-specific specification may designate that certain PCR changes +// do not increment this counter to increment. + UINT32 pcrCounter; // The default reset value is 0. + +#if ALG_ECC + +//***************************************************************************** +// ECDAA +//***************************************************************************** + UINT64 commitCounter; // This counter increments each time + // TPM2_Commit() returns + // TPM_RC_SUCCESS. The default reset + // value is 0. + + TPM2B_NONCE commitNonce; // This random value is used to compute + // the commit values. The default reset + // value is from the RNG. + +// This implementation relies on the number of bits in g_commitArray being a +// power of 2 (8, 16, 32, 64, etc.) and no greater than 64K. + BYTE commitArray[16]; // The default reset value is {0}. + +#endif // ALG_ECC +} STATE_RESET_DATA; + +EXTERN STATE_RESET_DATA gr; + +//** NV Layout +// The NV data organization is +// 1) a PERSISTENT_DATA structure +// 2) a STATE_RESET_DATA structure +// 3) a STATE_CLEAR_DATA structure +// 4) an ORDERLY_DATA structure +// 5) the user defined NV index space +#define NV_PERSISTENT_DATA (0) +#define NV_STATE_RESET_DATA (NV_PERSISTENT_DATA + sizeof(PERSISTENT_DATA)) +#define NV_STATE_CLEAR_DATA (NV_STATE_RESET_DATA + sizeof(STATE_RESET_DATA)) +#define NV_ORDERLY_DATA (NV_STATE_CLEAR_DATA + sizeof(STATE_CLEAR_DATA)) +#define NV_INDEX_RAM_DATA (NV_ORDERLY_DATA + sizeof(ORDERLY_DATA)) +#define NV_USER_DYNAMIC (NV_INDEX_RAM_DATA + sizeof(s_indexOrderlyRam)) +#define NV_USER_DYNAMIC_END NV_MEMORY_SIZE + +//** Global Macro Definitions +// The NV_READ_PERSISTENT and NV_WRITE_PERSISTENT macros are used to access members +// of the PERSISTENT_DATA structure in NV. +#define NV_READ_PERSISTENT(to, from) \ + NvRead(&to, offsetof(PERSISTENT_DATA, from), sizeof(to)) + +#define NV_WRITE_PERSISTENT(to, from) \ + NvWrite(offsetof(PERSISTENT_DATA, to), sizeof(gp.to), &from) + +#define CLEAR_PERSISTENT(item) \ + NvClearPersistent(offsetof(PERSISTENT_DATA, item), sizeof(gp.item)) + +#define NV_SYNC_PERSISTENT(item) NV_WRITE_PERSISTENT(item, gp.item) + +// At the start of command processing, the index of the command is determined. This +// index value is used to access the various data tables that contain per-command +// information. There are multiple options for how the per-command tables can be +// implemented. This is resolved in GetClosestCommandIndex(). +typedef UINT16 COMMAND_INDEX; +#define UNIMPLEMENTED_COMMAND_INDEX ((COMMAND_INDEX)(~0)) + +typedef struct _COMMAND_FLAGS_ +{ + unsigned trialPolicy : 1; //1) If SET, one of the handles references a + // trial policy and authorization may be + // skipped. This is only allowed for a policy + // command. +} COMMAND_FLAGS; + +// This structure is used to avoid having to manage a large number of +// parameters being passed through various levels of the command input processing. +// +typedef struct _COMMAND_ +{ + TPM_ST tag; // the parsed command tag + TPM_CC code; // the parsed command code + COMMAND_INDEX index; // the computed command index + UINT32 handleNum; // the number of entity handles in the + // handle area of the command + TPM_HANDLE handles[MAX_HANDLE_NUM]; // the parsed handle values + UINT32 sessionNum; // the number of sessions found + INT32 parameterSize; // starts out with the parsed command size + // and is reduced and values are + // unmarshaled. Just before calling the + // command actions, this should be zero. + // After the command actions, this number + // should grow as values are marshaled + // in to the response buffer. + INT32 authSize; // this is initialized with the parsed size + // of authorizationSize field and should + // be zero when the authorizations are + // parsed. + BYTE *parameterBuffer; // input to ExecuteCommand + BYTE *responseBuffer; // input to ExecuteCommand +#if ALG_SHA1 + TPM2B_SHA1_DIGEST sha1CpHash; + TPM2B_SHA1_DIGEST sha1RpHash; +#endif +#if ALG_SHA256 + TPM2B_SHA256_DIGEST sha256CpHash; + TPM2B_SHA256_DIGEST sha256RpHash; +#endif +#if ALG_SHA384 + TPM2B_SHA384_DIGEST sha384CpHash; + TPM2B_SHA384_DIGEST sha384RpHash; +#endif +#if ALG_SHA512 + TPM2B_SHA512_DIGEST sha512CpHash; + TPM2B_SHA512_DIGEST sha512RpHash; +#endif +#if ALG_SM3_256 + TPM2B_SM3_256_DIGEST sm3_256CpHash; + TPM2B_SM3_256_DIGEST sm3_256RpHash; +#endif +} COMMAND; + +// Global sting constants for consistency in KDF function calls. +// These string constants are shared across functions to make sure that they +// are all using consistent sting values. + +#define STRING_INITIALIZER(value) {{sizeof(value), {value}}} +#define TPM2B_STRING(name, value) \ +typedef union name##_ { \ + struct { \ + UINT16 size; \ + BYTE buffer[sizeof(value)]; \ + } t; \ + TPM2B b; \ + } TPM2B_##name##_; \ +EXTERN const TPM2B_##name##_ name##_ INITIALIZER(STRING_INITIALIZER(value)); \ +EXTERN const TPM2B *name INITIALIZER(&name##_.b) + +TPM2B_STRING(PRIMARY_OBJECT_CREATION, "Primary Object Creation"); +TPM2B_STRING(CFB_KEY, "CFB"); +TPM2B_STRING(CONTEXT_KEY, "CONTEXT"); +TPM2B_STRING(INTEGRITY_KEY, "INTEGRITY"); +TPM2B_STRING(SECRET_KEY, "SECRET"); +TPM2B_STRING(SESSION_KEY, "ATH"); +TPM2B_STRING(STORAGE_KEY, "STORAGE"); +TPM2B_STRING(XOR_KEY, "XOR"); +TPM2B_STRING(COMMIT_STRING, "ECDAA Commit"); +TPM2B_STRING(DUPLICATE_STRING, "DUPLICATE"); +TPM2B_STRING(IDENTITY_STRING, "IDENTITY"); +TPM2B_STRING(OBFUSCATE_STRING, "OBFUSCATE"); +#if SELF_TEST +TPM2B_STRING(OAEP_TEST_STRING, "OAEP Test Value"); +#endif // SELF_TEST + +//***************************************************************************** +//** From CryptTest.c +//***************************************************************************** +// This structure contains the self-test state values for the cryptographic modules. +EXTERN CRYPTO_SELF_TEST_STATE g_cryptoSelfTestState; + +//***************************************************************************** +//** From Manufacture.c +//***************************************************************************** +EXTERN BOOL g_manufactured INITIALIZER(FALSE); + +// This value indicates if a TPM2_Startup commands has been +// receive since the power on event. This flag is maintained in power +// simulation module because this is the only place that may reliably set this +// flag to FALSE. +EXTERN BOOL g_initialized; + +//** Private data + +//***************************************************************************** +//*** From SessionProcess.c +//***************************************************************************** +#if defined SESSION_PROCESS_C || defined GLOBAL_C || defined MANUFACTURE_C +// The following arrays are used to save command sessions information so that the +// command handle/session buffer does not have to be preserved for the duration of +// the command. These arrays are indexed by the session index in accordance with +// the order of sessions in the session area of the command. +// +// Array of the authorization session handles +EXTERN TPM_HANDLE s_sessionHandles[MAX_SESSION_NUM]; + +// Array of authorization session attributes +EXTERN TPMA_SESSION s_attributes[MAX_SESSION_NUM]; + +// Array of handles authorized by the corresponding authorization sessions; +// and if none, then TPM_RH_UNASSIGNED value is used +EXTERN TPM_HANDLE s_associatedHandles[MAX_SESSION_NUM]; + +// Array of nonces provided by the caller for the corresponding sessions +EXTERN TPM2B_NONCE s_nonceCaller[MAX_SESSION_NUM]; + +// Array of authorization values (HMAC's or passwords) for the corresponding +// sessions +EXTERN TPM2B_AUTH s_inputAuthValues[MAX_SESSION_NUM]; + +// Array of pointers to the SESSION structures for the sessions in a command +EXTERN SESSION *s_usedSessions[MAX_SESSION_NUM]; + +// Special value to indicate an undefined session index +#define UNDEFINED_INDEX (0xFFFF) + +// Index of the session used for encryption of a response parameter +EXTERN UINT32 s_encryptSessionIndex; + +// Index of the session used for decryption of a command parameter +EXTERN UINT32 s_decryptSessionIndex; + +// Index of a session used for audit +EXTERN UINT32 s_auditSessionIndex; + +// The cpHash for command audit +#ifdef TPM_CC_GetCommandAuditDigest +EXTERN TPM2B_DIGEST s_cpHashForCommandAudit; +#endif + +// Flag indicating if NV update is pending for the lockOutAuthEnabled or +// failedTries DA parameter +EXTERN BOOL s_DAPendingOnNV; + +#endif // SESSION_PROCESS_C + +//***************************************************************************** +//*** From DA.c +//***************************************************************************** +#if defined DA_C || defined GLOBAL_C || defined MANUFACTURE_C +// This variable holds the accumulated time since the last time +// that 'failedTries' was decremented. This value is in millisecond. +#if !ACCUMULATE_SELF_HEAL_TIMER +EXTERN UINT64 s_selfHealTimer; + +// This variable holds the accumulated time that the lockoutAuth has been +// blocked. +EXTERN UINT64 s_lockoutTimer; +#endif // ACCUMULATE_SELF_HEAL_TIMER + +#endif // DA_C + +//***************************************************************************** +//*** From NV.c +//***************************************************************************** +#if defined NV_C || defined GLOBAL_C +// This marks the end of the NV area. This is a run-time variable as it might +// not be compile-time constant. +EXTERN NV_REF s_evictNvEnd; + +// This space is used to hold the index data for an orderly Index. It also contains +// the attributes for the index. +EXTERN BYTE s_indexOrderlyRam[RAM_INDEX_SPACE]; // The orderly NV Index data + +// This value contains the current max counter value. It is written to the end of +// allocatable NV space each time an index is deleted or added. This value is +// initialized on Startup. The indices are searched and the maximum of all the +// current counter indices and this value is the initial value for this. +EXTERN UINT64 s_maxCounter; + +// This is space used for the NV Index cache. As with a persistent object, the +// contents of a referenced index are copied into the cache so that the +// NV Index memory scanning and data copying can be reduced. +// Only code that operates on NV Index data should use this cache directly. When +// that action code runs, s_lastNvIndex will contain the index header information. +// It will have been loaded when the handles were verified. +// NOTE: An NV index handle can appear in many commands that do not operate on the +// NV data (e.g. TPM2_StartAuthSession). However, only one NV Index at a time is +// ever directly referenced by any command. If that changes, then the NV Index +// caching needs to be changed to accommodate that. Currently, the code will verify +// that only one NV Index is referenced by the handles of the command. +EXTERN NV_INDEX s_cachedNvIndex; +EXTERN NV_REF s_cachedNvRef; +EXTERN BYTE *s_cachedNvRamRef; + +// Initial NV Index/evict object iterator value +#define NV_REF_INIT (NV_REF)0xFFFFFFFF + +#endif + +//***************************************************************************** +//*** From Object.c +//***************************************************************************** +#if defined OBJECT_C || defined GLOBAL_C +// This type is the container for an object. + +EXTERN OBJECT s_objects[MAX_LOADED_OBJECTS]; + +#endif // OBJECT_C + +//***************************************************************************** +//*** From PCR.c +//***************************************************************************** +#if defined PCR_C || defined GLOBAL_C +typedef struct +{ +#if ALG_SHA1 + // SHA1 PCR + BYTE sha1Pcr[SHA1_DIGEST_SIZE]; +#endif +#if ALG_SHA256 + // SHA256 PCR + BYTE sha256Pcr[SHA256_DIGEST_SIZE]; +#endif +#if ALG_SHA384 + // SHA384 PCR + BYTE sha384Pcr[SHA384_DIGEST_SIZE]; +#endif +#if ALG_SHA512 + // SHA512 PCR + BYTE sha512Pcr[SHA512_DIGEST_SIZE]; +#endif +#if ALG_SM3_256 + // SHA256 PCR + BYTE sm3_256Pcr[SM3_256_DIGEST_SIZE]; +#endif +} PCR; + +typedef struct +{ + unsigned int stateSave : 1; // if the PCR value should be + // saved in state save + unsigned int resetLocality : 5; // The locality that the PCR + // can be reset + unsigned int extendLocality : 5; // The locality that the PCR + // can be extend +} PCR_Attributes; + +EXTERN PCR s_pcrs[IMPLEMENTATION_PCR]; + +#endif // PCR_C + +//***************************************************************************** +//*** From Session.c +//***************************************************************************** +#if defined SESSION_C || defined GLOBAL_C +// Container for HMAC or policy session tracking information +typedef struct +{ + BOOL occupied; + SESSION session; // session structure +} SESSION_SLOT; + +EXTERN SESSION_SLOT s_sessions[MAX_LOADED_SESSIONS]; + +// The index in contextArray that has the value of the oldest saved session +// context. When no context is saved, this will have a value that is greater +// than or equal to MAX_ACTIVE_SESSIONS. +EXTERN UINT32 s_oldestSavedSession; + +// The number of available session slot openings. When this is 1, +// a session can't be created or loaded if the GAP is maxed out. +// The exception is that the oldest saved session context can always +// be loaded (assuming that there is a space in memory to put it) +EXTERN int s_freeSessionSlots; + +#endif // SESSION_C + +//***************************************************************************** +//*** From IoBuffers.c +//***************************************************************************** +#if defined IO_BUFFER_C || defined GLOBAL_C +// Each command function is allowed a structure for the inputs to the function and +// a structure for the outputs. The command dispatch code unmarshals the input butter +// to the command action input structure starting at the first byte of +// s_actionIoBuffer. The value of s_actionIoAllocation is the number of UINT64 values +// allocated. It is used to set the pointer for the response structure. The command +// dispatch code will marshal the response values into the final output buffer. +EXTERN UINT64 s_actionIoBuffer[768]; // action I/O buffer +EXTERN UINT32 s_actionIoAllocation; // number of UIN64 allocated for the + // action input structure +#endif // IO_BUFFER_C + +//***************************************************************************** +//*** From TPMFail.c +//***************************************************************************** +// This value holds the address of the string containing the name of the function +// in which the failure occurred. This address value isn't useful for anything +// other than helping the vendor to know in which file the failure occurred. +EXTERN BOOL g_inFailureMode; // Indicates that the TPM is in failure mode +#if SIMULATION +EXTERN BOOL g_forceFailureMode; // flag to force failure mode during test +#endif + +typedef void(FailFunction)(const char *function, int line, int code); + +#if defined TPM_FAIL_C || defined GLOBAL_C +EXTERN UINT32 s_failFunction; +EXTERN UINT32 s_failLine; // the line in the file at which + // the error was signaled +EXTERN UINT32 s_failCode; // the error code used + +EXTERN FailFunction *LibFailCallback; + +#endif // TPM_FAIL_C + +//***************************************************************************** +//*** From CommandCodeAttributes.c +//***************************************************************************** +// This array is instanced in CommandCodeAttributes.c when it includes +// CommandCodeAttributes.h. Don't change the extern to EXTERN. +extern const TPMA_CC s_ccAttr[]; +extern const COMMAND_ATTRIBUTES s_commandAttributes[]; + +#endif // GLOBAL_H diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/GpMacros.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/GpMacros.h new file mode 100644 index 000000000..22f1b5a7e --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/GpMacros.h @@ -0,0 +1,332 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +//** Introduction +// This file is a collection of miscellaneous macros. + +#ifndef GP_MACROS_H +#define GP_MACROS_H + +#ifndef NULL +#define NULL 0 +#endif + +#include "swap.h" +#include "VendorString.h" + + +//** For Self-test +// These macros are used in CryptUtil to invoke the incremental self test. +#if SELF_TEST +# define TEST(alg) if(TEST_BIT(alg, g_toTest)) CryptTestAlgorithm(alg, NULL) + +// Use of TPM_ALG_NULL is reserved for RSAEP/RSADP testing. If someone is wanting +// to test a hash with that value, don't do it. +# define TEST_HASH(alg) \ + if(TEST_BIT(alg, g_toTest) \ + && (alg != ALG_NULL_VALUE)) \ + CryptTestAlgorithm(alg, NULL) +#else +# define TEST(alg) +# define TEST_HASH(alg) +#endif // SELF_TEST + +//** For Failures +#if defined _POSIX_ +# define FUNCTION_NAME 0 +#else +# define FUNCTION_NAME __FUNCTION__ +#endif + +#if !FAIL_TRACE +# define FAIL(errorCode) (TpmFail(errorCode)) +# define LOG_FAILURE(errorCode) (TpmLogFailure(errorCode)) +#else +# define FAIL(errorCode) TpmFail(FUNCTION_NAME, __LINE__, errorCode) +# define LOG_FAILURE(errorCode) TpmLogFailure(FUNCTION_NAME, __LINE__, errorCode) +#endif + +// If implementation is using longjmp, then the call to TpmFail() does not return +// and the compiler will complain about unreachable code that comes after. To allow +// for not having longjmp, TpmFail() will return and the subsequent code will be +// executed. This macro accounts for the difference. +#ifndef NO_LONGJMP +# define FAIL_RETURN(returnCode) +# define TPM_FAIL_RETURN NORETURN void +#else +# define FAIL_RETURN(returnCode) return (returnCode) +# define TPM_FAIL_RETURN void +#endif + +// This macro tests that a condition is TRUE and puts the TPM into failure mode +// if it is not. If longjmp is being used, then the FAIL(FATAL_ERROR_) macro makes +// a call from which there is no return. Otherwise, it returns and the function +// will exit with the appropriate return code. +#define REQUIRE(condition, errorCode, returnCode) \ + { \ + if(!!(condition)) \ + { \ + FAIL(FATAL_ERROR_errorCode); \ + FAIL_RETURN(returnCode); \ + } \ + } + +#define PARAMETER_CHECK(condition, returnCode) \ + REQUIRE((condition), PARAMETER, returnCode) + +#if (defined EMPTY_ASSERT) && (EMPTY_ASSERT != NO) +# define pAssert(a) ((void)0) +#else +# define pAssert(a) {if(!(a)) FAIL(FATAL_ERROR_PARAMETER);} +#endif + +//** Derived from Vendor-specific values +// Values derived from vendor specific settings in TpmProfile.h +#define PCR_SELECT_MIN ((PLATFORM_PCR+7)/8) +#define PCR_SELECT_MAX ((IMPLEMENTATION_PCR+7)/8) +#define MAX_ORDERLY_COUNT ((1 << ORDERLY_BITS) - 1) + +//** Compile-time Checks +// In some cases, the relationship between two values may be dependent +// on things that change based on various selections like the chosen cryptographic +// libraries. It is possible that these selections will result in incompatible +// settings. These are often detectable by the compiler but it isn't always +// possible to do the check in the preprocessor code. For example, when the +// check requires use of "sizeof" then the preprocessor can't do the comparison. +// For these cases, we include a special macro that, depending on the compiler +// will generate a warning to indicate if the check always passes or always fails +// because it involves fixed constants. To run these checks, define COMPILER_CHECKS +// in TpmBuildSwitches.h +#if COMPILER_CHECKS +# define cAssert pAssert +#else +# define cAssert(value) +#endif + +// This is used commonly in the "Crypt" code as a way to keep listings from +// getting too long. This is not to save paper but to allow one to see more +// useful stuff on the screen at any given time. +#define ERROR_RETURN(returnCode) \ + { \ + retVal = returnCode; \ + goto Exit; \ + } + +#ifndef MAX +# define MAX(a, b) ((a) > (b) ? (a) : (b)) +#endif +#ifndef MIN +# define MIN(a, b) ((a) < (b) ? (a) : (b)) +#endif +#ifndef IsOdd +# define IsOdd(a) (((a) & 1) != 0) +#endif + +#ifndef BITS_TO_BYTES +# define BITS_TO_BYTES(bits) (((bits) + 7) >> 3) +#endif + +// These are defined for use when the size of the vector being checked is known +// at compile time. +#define TEST_BIT(bit, vector) TestBit((bit), (BYTE *)&(vector), sizeof(vector)) +#define SET_BIT(bit, vector) SetBit((bit), (BYTE *)&(vector), sizeof(vector)) +#define CLEAR_BIT(bit, vector) ClearBit((bit), (BYTE *)&(vector), sizeof(vector)) + + +// The following definitions are used if they have not already been defined. The +// defaults for these settings are compatible with ISO/IEC 9899:2011 (E) +#ifndef LIB_EXPORT +# define LIB_EXPORT +# define LIB_IMPORT +#endif +#ifndef NORETURN +# define NORETURN _Noreturn +#endif +#ifndef NOT_REFERENCED +# define NOT_REFERENCED(x = x) ((void) (x)) +#endif + +#define STD_RESPONSE_HEADER (sizeof(TPM_ST) + sizeof(UINT32) + sizeof(TPM_RC)) + +#define JOIN(x, y) x##y +#define JOIN3(x, y, z) x##y##z +#define CONCAT(x, y) JOIN(x, y) +#define CONCAT3(x, y, z) JOIN3(x,y,z) + +// If CONTEXT_INTEGRITY_HASH_ALG is defined, then the vendor is using the old style +// table. Otherwise, pick the "strongest" implemented hash algorithm as the context +// hash. +#ifndef CONTEXT_HASH_ALGORITHM +# if defined ALG_SHA512 && ALG_SHA512 == YES +# define CONTEXT_HASH_ALGORITHM SHA512 +# elif defined ALG_SHA384 && ALG_SHA384 == YES +# define CONTEXT_HASH_ALGORITHM SHA384 +# elif defined ALG_SHA256 && ALG_SHA256 == YES +# define CONTEXT_HASH_ALGORITHM SHA256 +# elif defined ALG_SM3_256 && ALG_SM3_256 == YES +# define CONTEXT_HASH_ALGORITHM SM3_256 +# elif defined ALG_SHA1 && ALG_SHA1 == YES +# define CONTEXT_HASH_ALGORITHM SHA1 +# endif +# define CONTEXT_INTEGRITY_HASH_ALG CONCAT(TPM_ALG_, CONTEXT_HASH_ALGORITHM) +#endif + +#ifndef CONTEXT_INTEGRITY_HASH_SIZE +#define CONTEXT_INTEGRITY_HASH_SIZE CONCAT(CONTEXT_HASH_ALGORITHM, _DIGEST_SIZE) +#endif +#if ALG_RSA +#define RSA_SECURITY_STRENGTH (MAX_RSA_KEY_BITS >= 15360 ? 256 : \ + (MAX_RSA_KEY_BITS >= 7680 ? 192 : \ + (MAX_RSA_KEY_BITS >= 3072 ? 128 : \ + (MAX_RSA_KEY_BITS >= 2048 ? 112 : \ + (MAX_RSA_KEY_BITS >= 1024 ? 80 : 0))))) +#else +#define RSA_SECURITY_STRENGTH 0 +#endif // ALG_RSA + +#if ALG_ECC +#define ECC_SECURITY_STRENGTH (MAX_ECC_KEY_BITS >= 521 ? 256 : \ + (MAX_ECC_KEY_BITS >= 384 ? 192 : \ + (MAX_ECC_KEY_BITS >= 256 ? 128 : 0))) +#else +#define ECC_SECURITY_STRENGTH 0 +#endif // ALG_ECC + +#define MAX_ASYM_SECURITY_STRENGTH \ + MAX(RSA_SECURITY_STRENGTH, ECC_SECURITY_STRENGTH) + +#define MAX_HASH_SECURITY_STRENGTH ((CONTEXT_INTEGRITY_HASH_SIZE * 8) / 2) + +// Unless some algorithm is broken... +#define MAX_SYM_SECURITY_STRENGTH MAX_SYM_KEY_BITS + +#define MAX_SECURITY_STRENGTH_BITS \ + MAX(MAX_ASYM_SECURITY_STRENGTH, \ + MAX(MAX_SYM_SECURITY_STRENGTH, \ + MAX_HASH_SECURITY_STRENGTH)) + +// This is the size that was used before the 1.38 errata requiring that P1.14.4 be +// followed +#define PROOF_SIZE CONTEXT_INTEGRITY_HASH_SIZE + +// As required by P1.14.4 +#define COMPLIANT_PROOF_SIZE \ + (MAX(CONTEXT_INTEGRITY_HASH_SIZE, (2 * MAX_SYM_KEY_BYTES))) + +// As required by P1.14.3.1 +#define COMPLIANT_PRIMARY_SEED_SIZE \ + BITS_TO_BYTES(MAX_SECURITY_STRENGTH_BITS * 2) + +// This is the pre-errata version +#ifndef PRIMARY_SEED_SIZE +# define PRIMARY_SEED_SIZE PROOF_SIZE +#endif + +#if USE_SPEC_COMPLIANT_PROOFS +# undef PROOF_SIZE +# define PROOF_SIZE COMPLIANT_PROOF_SIZE +# undef PRIMARY_SEED_SIZE +# define PRIMARY_SEED_SIZE COMPLIANT_PRIMARY_SEED_SIZE +#endif // USE_SPEC_COMPLIANT_PROOFS + +#if !SKIP_PROOF_ERRORS +# if PROOF_SIZE < COMPLIANT_PROOF_SIZE +# error "PROOF_SIZE is not compliant with TPM specification" +# endif +# if PRIMARY_SEED_SIZE < COMPLIANT_PRIMARY_SEED_SIZE +# error Non-compliant PRIMARY_SEED_SIZE +# endif +#endif // !SKIP_PROOF_ERRORS + +// If CONTEXT_ENCRYPT_ALG is defined, then the vendor is using the old style table +#if defined CONTEXT_ENCRYPT_ALG +# undef CONTEXT_ENCRYPT_ALGORITHM +# if CONTEXT_ENCRYPT_ALG == ALG_AES_VALUE +# define CONTEXT_ENCRYPT_ALGORITHM AES +# elif CONTEXT_ENCRYPT_ALG == ALG_SM4_VALUE +# define CONTEXT_ENCRYPT_ALGORITHM SM4 +# elif CONTEXT_ENCRYPT_ALG == ALG_CAMELLIA_VALUE +# define CONTEXT_ENCRYPT_ALGORITHM CAMELLIA +# elif CONTEXT_ENCRYPT_ALG == ALG_TDES_VALUE +# error Are you kidding? +# else +# error Unknown value for CONTEXT_ENCRYPT_ALG +# endif // CONTEXT_ENCRYPT_ALG == ALG_AES_VALUE +#else +# define CONTEXT_ENCRYPT_ALG \ + CONCAT3(ALG_, CONTEXT_ENCRYPT_ALGORITHM, _VALUE) +#endif // CONTEXT_ENCRYPT_ALG +#define CONTEXT_ENCRYPT_KEY_BITS \ + CONCAT(CONTEXT_ENCRYPT_ALGORITHM, _MAX_KEY_SIZE_BITS) +#define CONTEXT_ENCRYPT_KEY_BYTES ((CONTEXT_ENCRYPT_KEY_BITS+7)/8) + +// This is updated to follow the requirement of P2 that the label not be larger +// than 32 bytes. +#ifndef LABEL_MAX_BUFFER +#define LABEL_MAX_BUFFER MIN(32, MAX(MAX_ECC_KEY_BYTES, MAX_DIGEST_SIZE)) +#endif + +// This bit is used to indicate that an authorization ticket expires on TPM Reset +// and TPM Restart. It is added to the timeout value returned by TPM2_PoliySigned() +// and TPM2_PolicySecret() and used by TPM2_PolicyTicket(). The timeout value is +// relative to Time (g_time). Time is reset whenever the TPM loses power and cannot +// be moved forward by the user (as can Clock). 'g_time' is a 64-bit value expressing +// time in ms. Stealing the MSb for a flag means that the TPM needs to be reset +// at least once every 292,471,208 years rather than once every 584,942,417 years. +#define EXPIRATION_BIT ((UINT64)1 << 63) + +// Check for consistency of the bit ordering of bit fields +#if BIG_ENDIAN_TPM && MOST_SIGNIFICANT_BIT_0 && USE_BIT_FIELD_STRUCTURES +# error "Settings not consistent" +#endif + +// These macros are used to handle the variation in handling of bit fields. If +#if USE_BIT_FIELD_STRUCTURES // The default, old version, with bit fields +# define IS_ATTRIBUTE(a, type, b) ((a.b) != 0) +# define SET_ATTRIBUTE(a, type, b) (a.b = SET) +# define CLEAR_ATTRIBUTE(a, type, b) (a.b = CLEAR) +# define GET_ATTRIBUTE(a, type, b) (a.b) +# define TPMA_ZERO_INITIALIZER() {0} +#else +# define IS_ATTRIBUTE(a, type, b) ((a & type##_##b) != 0) +# define SET_ATTRIBUTE(a, type, b) (a |= type##_##b) +# define CLEAR_ATTRIBUTE(a, type, b) (a &= ~type##_##b) +# define GET_ATTRIBUTE(a, type, b) \ + (type)((a & type##_##b) >> type##_##b##_SHIFT) +# define TPMA_ZERO_INITIALIZER() (0) +#endif + +#define VERIFY(_X) if(!(_X)) goto Error + +#endif // GP_MACROS_H \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/HandleProcess.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/HandleProcess.h new file mode 100644 index 000000000..51e740ff4 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/HandleProcess.h @@ -0,0 +1,1008 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmDispatch; Version 4.0 July 8,2017 + * Date: Oct 9, 2018 Time: 07:25:19PM + */ +#if CC_Startup +case TPM_CC_Startup: + break; +#endif // CC_Startup +#if CC_Shutdown +case TPM_CC_Shutdown: + break; +#endif // CC_Shutdown +#if CC_SelfTest +case TPM_CC_SelfTest: + break; +#endif // CC_SelfTest +#if CC_IncrementalSelfTest +case TPM_CC_IncrementalSelfTest: + break; +#endif // CC_IncrementalSelfTest +#if CC_GetTestResult +case TPM_CC_GetTestResult: + break; +#endif // CC_GetTestResult +#if CC_StartAuthSession +case TPM_CC_StartAuthSession: + *handleCount = 2; + result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, + bufferRemainingSize, TRUE); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; + result = TPMI_DH_ENTITY_Unmarshal(&handles[1], handleBufferStart, + bufferRemainingSize, TRUE); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; + break; +#endif // CC_StartAuthSession +#if CC_PolicyRestart +case TPM_CC_PolicyRestart: + *handleCount = 1; + result = TPMI_SH_POLICY_Unmarshal(&handles[0], handleBufferStart, + bufferRemainingSize); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; + break; +#endif // CC_PolicyRestart +#if CC_Create +case TPM_CC_Create: + *handleCount = 1; + result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, + bufferRemainingSize, FALSE); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; + break; +#endif // CC_Create +#if CC_Load +case TPM_CC_Load: + *handleCount = 1; + result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, + bufferRemainingSize, FALSE); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; + break; +#endif // CC_Load +#if CC_LoadExternal +case TPM_CC_LoadExternal: + break; +#endif // CC_LoadExternal +#if CC_ReadPublic +case TPM_CC_ReadPublic: + *handleCount = 1; + result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, + bufferRemainingSize, FALSE); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; + break; +#endif // CC_ReadPublic +#if CC_ActivateCredential +case TPM_CC_ActivateCredential: + *handleCount = 2; + result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, + bufferRemainingSize, FALSE); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; + result = TPMI_DH_OBJECT_Unmarshal(&handles[1], handleBufferStart, + bufferRemainingSize, FALSE); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; + break; +#endif // CC_ActivateCredential +#if CC_MakeCredential +case TPM_CC_MakeCredential: + *handleCount = 1; + result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, + bufferRemainingSize, FALSE); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; + break; +#endif // CC_MakeCredential +#if CC_Unseal +case TPM_CC_Unseal: + *handleCount = 1; + result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, + bufferRemainingSize, FALSE); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; + break; +#endif // CC_Unseal +#if CC_ObjectChangeAuth +case TPM_CC_ObjectChangeAuth: + *handleCount = 2; + result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, + bufferRemainingSize, FALSE); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; + result = TPMI_DH_OBJECT_Unmarshal(&handles[1], handleBufferStart, + bufferRemainingSize, FALSE); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; + break; +#endif // CC_ObjectChangeAuth +#if CC_CreateLoaded +case TPM_CC_CreateLoaded: + *handleCount = 1; + result = TPMI_DH_PARENT_Unmarshal(&handles[0], handleBufferStart, + bufferRemainingSize, TRUE); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; + break; +#endif // CC_CreateLoaded +#if CC_Duplicate +case TPM_CC_Duplicate: + *handleCount = 2; + result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, + bufferRemainingSize, FALSE); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; + result = TPMI_DH_OBJECT_Unmarshal(&handles[1], handleBufferStart, + bufferRemainingSize, TRUE); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; + break; +#endif // CC_Duplicate +#if CC_Rewrap +case TPM_CC_Rewrap: + *handleCount = 2; + result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, + bufferRemainingSize, TRUE); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; + result = TPMI_DH_OBJECT_Unmarshal(&handles[1], handleBufferStart, + bufferRemainingSize, TRUE); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; + break; +#endif // CC_Rewrap +#if CC_Import +case TPM_CC_Import: + *handleCount = 1; + result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, + bufferRemainingSize, FALSE); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; + break; +#endif // CC_Import +#if CC_RSA_Encrypt +case TPM_CC_RSA_Encrypt: + *handleCount = 1; + result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, + bufferRemainingSize, FALSE); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; + break; +#endif // CC_RSA_Encrypt +#if CC_RSA_Decrypt +case TPM_CC_RSA_Decrypt: + *handleCount = 1; + result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, + bufferRemainingSize, FALSE); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; + break; +#endif // CC_RSA_Decrypt +#if CC_ECDH_KeyGen +case TPM_CC_ECDH_KeyGen: + *handleCount = 1; + result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, + bufferRemainingSize, FALSE); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; + break; +#endif // CC_ECDH_KeyGen +#if CC_ECDH_ZGen +case TPM_CC_ECDH_ZGen: + *handleCount = 1; + result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, + bufferRemainingSize, FALSE); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; + break; +#endif // CC_ECDH_ZGen +#if CC_ECC_Parameters +case TPM_CC_ECC_Parameters: + break; +#endif // CC_ECC_Parameters +#if CC_ZGen_2Phase +case TPM_CC_ZGen_2Phase: + *handleCount = 1; + result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, + bufferRemainingSize, FALSE); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; + break; +#endif // CC_ZGen_2Phase +#if CC_EncryptDecrypt +case TPM_CC_EncryptDecrypt: + *handleCount = 1; + result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, + bufferRemainingSize, FALSE); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; + break; +#endif // CC_EncryptDecrypt +#if CC_EncryptDecrypt2 +case TPM_CC_EncryptDecrypt2: + *handleCount = 1; + result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, + bufferRemainingSize, FALSE); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; + break; +#endif // CC_EncryptDecrypt2 +#if CC_Hash +case TPM_CC_Hash: + break; +#endif // CC_Hash +#if CC_HMAC +case TPM_CC_HMAC: + *handleCount = 1; + result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, + bufferRemainingSize, FALSE); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; + break; +#endif // CC_HMAC +#if CC_MAC +case TPM_CC_MAC: + *handleCount = 1; + result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, + bufferRemainingSize, FALSE); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; + break; +#endif // CC_MAC +#if CC_GetRandom +case TPM_CC_GetRandom: + break; +#endif // CC_GetRandom +#if CC_StirRandom +case TPM_CC_StirRandom: + break; +#endif // CC_StirRandom +#if CC_HMAC_Start +case TPM_CC_HMAC_Start: + *handleCount = 1; + result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, + bufferRemainingSize, FALSE); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; + break; +#endif // CC_HMAC_Start +#if CC_MAC_Start +case TPM_CC_MAC_Start: + *handleCount = 1; + result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, + bufferRemainingSize, FALSE); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; + break; +#endif // CC_MAC_Start +#if CC_HashSequenceStart +case TPM_CC_HashSequenceStart: + break; +#endif // CC_HashSequenceStart +#if CC_SequenceUpdate +case TPM_CC_SequenceUpdate: + *handleCount = 1; + result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, + bufferRemainingSize, FALSE); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; + break; +#endif // CC_SequenceUpdate +#if CC_SequenceComplete +case TPM_CC_SequenceComplete: + *handleCount = 1; + result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, + bufferRemainingSize, FALSE); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; + break; +#endif // CC_SequenceComplete +#if CC_EventSequenceComplete +case TPM_CC_EventSequenceComplete: + *handleCount = 2; + result = TPMI_DH_PCR_Unmarshal(&handles[0], handleBufferStart, + bufferRemainingSize, TRUE); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; + result = TPMI_DH_OBJECT_Unmarshal(&handles[1], handleBufferStart, + bufferRemainingSize, FALSE); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; + break; +#endif // CC_EventSequenceComplete +#if CC_Certify +case TPM_CC_Certify: + *handleCount = 2; + result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, + bufferRemainingSize, FALSE); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; + result = TPMI_DH_OBJECT_Unmarshal(&handles[1], handleBufferStart, + bufferRemainingSize, TRUE); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; + break; +#endif // CC_Certify +#if CC_CertifyCreation +case TPM_CC_CertifyCreation: + *handleCount = 2; + result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, + bufferRemainingSize, TRUE); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; + result = TPMI_DH_OBJECT_Unmarshal(&handles[1], handleBufferStart, + bufferRemainingSize, FALSE); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; + break; +#endif // CC_CertifyCreation +#if CC_Quote +case TPM_CC_Quote: + *handleCount = 1; + result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, + bufferRemainingSize, TRUE); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; + break; +#endif // CC_Quote +#if CC_GetSessionAuditDigest +case TPM_CC_GetSessionAuditDigest: + *handleCount = 3; + result = TPMI_RH_ENDORSEMENT_Unmarshal(&handles[0], handleBufferStart, + bufferRemainingSize, FALSE); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; + result = TPMI_DH_OBJECT_Unmarshal(&handles[1], handleBufferStart, + bufferRemainingSize, TRUE); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; + result = TPMI_SH_HMAC_Unmarshal(&handles[2], handleBufferStart, + bufferRemainingSize); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_3; + break; +#endif // CC_GetSessionAuditDigest +#if CC_GetCommandAuditDigest +case TPM_CC_GetCommandAuditDigest: + *handleCount = 2; + result = TPMI_RH_ENDORSEMENT_Unmarshal(&handles[0], handleBufferStart, + bufferRemainingSize, FALSE); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; + result = TPMI_DH_OBJECT_Unmarshal(&handles[1], handleBufferStart, + bufferRemainingSize, TRUE); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; + break; +#endif // CC_GetCommandAuditDigest +#if CC_GetTime +case TPM_CC_GetTime: + *handleCount = 2; + result = TPMI_RH_ENDORSEMENT_Unmarshal(&handles[0], handleBufferStart, + bufferRemainingSize, FALSE); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; + result = TPMI_DH_OBJECT_Unmarshal(&handles[1], handleBufferStart, + bufferRemainingSize, TRUE); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; + break; +#endif // CC_GetTime +#if CC_CertifyX509 +case TPM_CC_CertifyX509: + *handleCount = 2; + result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, + bufferRemainingSize, FALSE); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; + result = TPMI_DH_OBJECT_Unmarshal(&handles[1], handleBufferStart, + bufferRemainingSize, TRUE); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; + break; +#endif // CC_CertifyX509 +#if CC_Commit +case TPM_CC_Commit: + *handleCount = 1; + result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, + bufferRemainingSize, FALSE); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; + break; +#endif // CC_Commit +#if CC_EC_Ephemeral +case TPM_CC_EC_Ephemeral: + break; +#endif // CC_EC_Ephemeral +#if CC_VerifySignature +case TPM_CC_VerifySignature: + *handleCount = 1; + result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, + bufferRemainingSize, FALSE); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; + break; +#endif // CC_VerifySignature +#if CC_Sign +case TPM_CC_Sign: + *handleCount = 1; + result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, + bufferRemainingSize, FALSE); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; + break; +#endif // CC_Sign +#if CC_SetCommandCodeAuditStatus +case TPM_CC_SetCommandCodeAuditStatus: + *handleCount = 1; + result = TPMI_RH_PROVISION_Unmarshal(&handles[0], handleBufferStart, + bufferRemainingSize); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; + break; +#endif // CC_SetCommandCodeAuditStatus +#if CC_PCR_Extend +case TPM_CC_PCR_Extend: + *handleCount = 1; + result = TPMI_DH_PCR_Unmarshal(&handles[0], handleBufferStart, + bufferRemainingSize, TRUE); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; + break; +#endif // CC_PCR_Extend +#if CC_PCR_Event +case TPM_CC_PCR_Event: + *handleCount = 1; + result = TPMI_DH_PCR_Unmarshal(&handles[0], handleBufferStart, + bufferRemainingSize, TRUE); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; + break; +#endif // CC_PCR_Event +#if CC_PCR_Read +case TPM_CC_PCR_Read: + break; +#endif // CC_PCR_Read +#if CC_PCR_Allocate +case TPM_CC_PCR_Allocate: + *handleCount = 1; + result = TPMI_RH_PLATFORM_Unmarshal(&handles[0], handleBufferStart, + bufferRemainingSize); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; + break; +#endif // CC_PCR_Allocate +#if CC_PCR_SetAuthPolicy +case TPM_CC_PCR_SetAuthPolicy: + *handleCount = 1; + result = TPMI_RH_PLATFORM_Unmarshal(&handles[0], handleBufferStart, + bufferRemainingSize); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; + break; +#endif // CC_PCR_SetAuthPolicy +#if CC_PCR_SetAuthValue +case TPM_CC_PCR_SetAuthValue: + *handleCount = 1; + result = TPMI_DH_PCR_Unmarshal(&handles[0], handleBufferStart, + bufferRemainingSize, FALSE); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; + break; +#endif // CC_PCR_SetAuthValue +#if CC_PCR_Reset +case TPM_CC_PCR_Reset: + *handleCount = 1; + result = TPMI_DH_PCR_Unmarshal(&handles[0], handleBufferStart, + bufferRemainingSize, FALSE); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; + break; +#endif // CC_PCR_Reset +#if CC_PolicySigned +case TPM_CC_PolicySigned: + *handleCount = 2; + result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, + bufferRemainingSize, FALSE); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; + result = TPMI_SH_POLICY_Unmarshal(&handles[1], handleBufferStart, + bufferRemainingSize); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; + break; +#endif // CC_PolicySigned +#if CC_PolicySecret +case TPM_CC_PolicySecret: + *handleCount = 2; + result = TPMI_DH_ENTITY_Unmarshal(&handles[0], handleBufferStart, + bufferRemainingSize, FALSE); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; + result = TPMI_SH_POLICY_Unmarshal(&handles[1], handleBufferStart, + bufferRemainingSize); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; + break; +#endif // CC_PolicySecret +#if CC_PolicyTicket +case TPM_CC_PolicyTicket: + *handleCount = 1; + result = TPMI_SH_POLICY_Unmarshal(&handles[0], handleBufferStart, + bufferRemainingSize); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; + break; +#endif // CC_PolicyTicket +#if CC_PolicyOR +case TPM_CC_PolicyOR: + *handleCount = 1; + result = TPMI_SH_POLICY_Unmarshal(&handles[0], handleBufferStart, + bufferRemainingSize); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; + break; +#endif // CC_PolicyOR +#if CC_PolicyPCR +case TPM_CC_PolicyPCR: + *handleCount = 1; + result = TPMI_SH_POLICY_Unmarshal(&handles[0], handleBufferStart, + bufferRemainingSize); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; + break; +#endif // CC_PolicyPCR +#if CC_PolicyLocality +case TPM_CC_PolicyLocality: + *handleCount = 1; + result = TPMI_SH_POLICY_Unmarshal(&handles[0], handleBufferStart, + bufferRemainingSize); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; + break; +#endif // CC_PolicyLocality +#if CC_PolicyNV +case TPM_CC_PolicyNV: + *handleCount = 3; + result = TPMI_RH_NV_AUTH_Unmarshal(&handles[0], handleBufferStart, + bufferRemainingSize); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; + result = TPMI_RH_NV_INDEX_Unmarshal(&handles[1], handleBufferStart, + bufferRemainingSize); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; + result = TPMI_SH_POLICY_Unmarshal(&handles[2], handleBufferStart, + bufferRemainingSize); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_3; + break; +#endif // CC_PolicyNV +#if CC_PolicyCounterTimer +case TPM_CC_PolicyCounterTimer: + *handleCount = 1; + result = TPMI_SH_POLICY_Unmarshal(&handles[0], handleBufferStart, + bufferRemainingSize); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; + break; +#endif // CC_PolicyCounterTimer +#if CC_PolicyCommandCode +case TPM_CC_PolicyCommandCode: + *handleCount = 1; + result = TPMI_SH_POLICY_Unmarshal(&handles[0], handleBufferStart, + bufferRemainingSize); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; + break; +#endif // CC_PolicyCommandCode +#if CC_PolicyPhysicalPresence +case TPM_CC_PolicyPhysicalPresence: + *handleCount = 1; + result = TPMI_SH_POLICY_Unmarshal(&handles[0], handleBufferStart, + bufferRemainingSize); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; + break; +#endif // CC_PolicyPhysicalPresence +#if CC_PolicyCpHash +case TPM_CC_PolicyCpHash: + *handleCount = 1; + result = TPMI_SH_POLICY_Unmarshal(&handles[0], handleBufferStart, + bufferRemainingSize); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; + break; +#endif // CC_PolicyCpHash +#if CC_PolicyNameHash +case TPM_CC_PolicyNameHash: + *handleCount = 1; + result = TPMI_SH_POLICY_Unmarshal(&handles[0], handleBufferStart, + bufferRemainingSize); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; + break; +#endif // CC_PolicyNameHash +#if CC_PolicyDuplicationSelect +case TPM_CC_PolicyDuplicationSelect: + *handleCount = 1; + result = TPMI_SH_POLICY_Unmarshal(&handles[0], handleBufferStart, + bufferRemainingSize); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; + break; +#endif // CC_PolicyDuplicationSelect +#if CC_PolicyAuthorize +case TPM_CC_PolicyAuthorize: + *handleCount = 1; + result = TPMI_SH_POLICY_Unmarshal(&handles[0], handleBufferStart, + bufferRemainingSize); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; + break; +#endif // CC_PolicyAuthorize +#if CC_PolicyAuthValue +case TPM_CC_PolicyAuthValue: + *handleCount = 1; + result = TPMI_SH_POLICY_Unmarshal(&handles[0], handleBufferStart, + bufferRemainingSize); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; + break; +#endif // CC_PolicyAuthValue +#if CC_PolicyPassword +case TPM_CC_PolicyPassword: + *handleCount = 1; + result = TPMI_SH_POLICY_Unmarshal(&handles[0], handleBufferStart, + bufferRemainingSize); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; + break; +#endif // CC_PolicyPassword +#if CC_PolicyGetDigest +case TPM_CC_PolicyGetDigest: + *handleCount = 1; + result = TPMI_SH_POLICY_Unmarshal(&handles[0], handleBufferStart, + bufferRemainingSize); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; + break; +#endif // CC_PolicyGetDigest +#if CC_PolicyNvWritten +case TPM_CC_PolicyNvWritten: + *handleCount = 1; + result = TPMI_SH_POLICY_Unmarshal(&handles[0], handleBufferStart, + bufferRemainingSize); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; + break; +#endif // CC_PolicyNvWritten +#if CC_PolicyTemplate +case TPM_CC_PolicyTemplate: + *handleCount = 1; + result = TPMI_SH_POLICY_Unmarshal(&handles[0], handleBufferStart, + bufferRemainingSize); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; + break; +#endif // CC_PolicyTemplate +#if CC_PolicyAuthorizeNV +case TPM_CC_PolicyAuthorizeNV: + *handleCount = 3; + result = TPMI_RH_NV_AUTH_Unmarshal(&handles[0], handleBufferStart, + bufferRemainingSize); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; + result = TPMI_RH_NV_INDEX_Unmarshal(&handles[1], handleBufferStart, + bufferRemainingSize); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; + result = TPMI_SH_POLICY_Unmarshal(&handles[2], handleBufferStart, + bufferRemainingSize); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_3; + break; +#endif // CC_PolicyAuthorizeNV +#if CC_CreatePrimary +case TPM_CC_CreatePrimary: + *handleCount = 1; + result = TPMI_RH_HIERARCHY_Unmarshal(&handles[0], handleBufferStart, + bufferRemainingSize, TRUE); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; + break; +#endif // CC_CreatePrimary +#if CC_HierarchyControl +case TPM_CC_HierarchyControl: + *handleCount = 1; + result = TPMI_RH_HIERARCHY_Unmarshal(&handles[0], handleBufferStart, + bufferRemainingSize, FALSE); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; + break; +#endif // CC_HierarchyControl +#if CC_SetPrimaryPolicy +case TPM_CC_SetPrimaryPolicy: + *handleCount = 1; + result = TPMI_RH_HIERARCHY_AUTH_Unmarshal(&handles[0], handleBufferStart, + bufferRemainingSize); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; + break; +#endif // CC_SetPrimaryPolicy +#if CC_ChangePPS +case TPM_CC_ChangePPS: + *handleCount = 1; + result = TPMI_RH_PLATFORM_Unmarshal(&handles[0], handleBufferStart, + bufferRemainingSize); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; + break; +#endif // CC_ChangePPS +#if CC_ChangeEPS +case TPM_CC_ChangeEPS: + *handleCount = 1; + result = TPMI_RH_PLATFORM_Unmarshal(&handles[0], handleBufferStart, + bufferRemainingSize); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; + break; +#endif // CC_ChangeEPS +#if CC_Clear +case TPM_CC_Clear: + *handleCount = 1; + result = TPMI_RH_CLEAR_Unmarshal(&handles[0], handleBufferStart, + bufferRemainingSize); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; + break; +#endif // CC_Clear +#if CC_ClearControl +case TPM_CC_ClearControl: + *handleCount = 1; + result = TPMI_RH_CLEAR_Unmarshal(&handles[0], handleBufferStart, + bufferRemainingSize); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; + break; +#endif // CC_ClearControl +#if CC_HierarchyChangeAuth +case TPM_CC_HierarchyChangeAuth: + *handleCount = 1; + result = TPMI_RH_HIERARCHY_AUTH_Unmarshal(&handles[0], handleBufferStart, + bufferRemainingSize); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; + break; +#endif // CC_HierarchyChangeAuth +#if CC_DictionaryAttackLockReset +case TPM_CC_DictionaryAttackLockReset: + *handleCount = 1; + result = TPMI_RH_LOCKOUT_Unmarshal(&handles[0], handleBufferStart, + bufferRemainingSize); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; + break; +#endif // CC_DictionaryAttackLockReset +#if CC_DictionaryAttackParameters +case TPM_CC_DictionaryAttackParameters: + *handleCount = 1; + result = TPMI_RH_LOCKOUT_Unmarshal(&handles[0], handleBufferStart, + bufferRemainingSize); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; + break; +#endif // CC_DictionaryAttackParameters +#if CC_PP_Commands +case TPM_CC_PP_Commands: + *handleCount = 1; + result = TPMI_RH_PLATFORM_Unmarshal(&handles[0], handleBufferStart, + bufferRemainingSize); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; + break; +#endif // CC_PP_Commands +#if CC_SetAlgorithmSet +case TPM_CC_SetAlgorithmSet: + *handleCount = 1; + result = TPMI_RH_PLATFORM_Unmarshal(&handles[0], handleBufferStart, + bufferRemainingSize); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; + break; +#endif // CC_SetAlgorithmSet +#if CC_FieldUpgradeStart +case TPM_CC_FieldUpgradeStart: + *handleCount = 2; + result = TPMI_RH_PLATFORM_Unmarshal(&handles[0], handleBufferStart, + bufferRemainingSize); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; + result = TPMI_DH_OBJECT_Unmarshal(&handles[1], handleBufferStart, + bufferRemainingSize, FALSE); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; + break; +#endif // CC_FieldUpgradeStart +#if CC_FieldUpgradeData +case TPM_CC_FieldUpgradeData: + break; +#endif // CC_FieldUpgradeData +#if CC_FirmwareRead +case TPM_CC_FirmwareRead: + break; +#endif // CC_FirmwareRead +#if CC_ContextSave +case TPM_CC_ContextSave: + *handleCount = 1; + result = TPMI_DH_CONTEXT_Unmarshal(&handles[0], handleBufferStart, + bufferRemainingSize); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; + break; +#endif // CC_ContextSave +#if CC_ContextLoad +case TPM_CC_ContextLoad: + break; +#endif // CC_ContextLoad +#if CC_FlushContext +case TPM_CC_FlushContext: + break; +#endif // CC_FlushContext +#if CC_EvictControl +case TPM_CC_EvictControl: + *handleCount = 2; + result = TPMI_RH_PROVISION_Unmarshal(&handles[0], handleBufferStart, + bufferRemainingSize); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; + result = TPMI_DH_OBJECT_Unmarshal(&handles[1], handleBufferStart, + bufferRemainingSize, FALSE); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; + break; +#endif // CC_EvictControl +#if CC_ReadClock +case TPM_CC_ReadClock: + break; +#endif // CC_ReadClock +#if CC_ClockSet +case TPM_CC_ClockSet: + *handleCount = 1; + result = TPMI_RH_PROVISION_Unmarshal(&handles[0], handleBufferStart, + bufferRemainingSize); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; + break; +#endif // CC_ClockSet +#if CC_ClockRateAdjust +case TPM_CC_ClockRateAdjust: + *handleCount = 1; + result = TPMI_RH_PROVISION_Unmarshal(&handles[0], handleBufferStart, + bufferRemainingSize); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; + break; +#endif // CC_ClockRateAdjust +#if CC_GetCapability +case TPM_CC_GetCapability: + break; +#endif // CC_GetCapability +#if CC_TestParms +case TPM_CC_TestParms: + break; +#endif // CC_TestParms +#if CC_NV_DefineSpace +case TPM_CC_NV_DefineSpace: + *handleCount = 1; + result = TPMI_RH_PROVISION_Unmarshal(&handles[0], handleBufferStart, + bufferRemainingSize); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; + break; +#endif // CC_NV_DefineSpace +#if CC_NV_UndefineSpace +case TPM_CC_NV_UndefineSpace: + *handleCount = 2; + result = TPMI_RH_PROVISION_Unmarshal(&handles[0], handleBufferStart, + bufferRemainingSize); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; + result = TPMI_RH_NV_INDEX_Unmarshal(&handles[1], handleBufferStart, + bufferRemainingSize); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; + break; +#endif // CC_NV_UndefineSpace +#if CC_NV_UndefineSpaceSpecial +case TPM_CC_NV_UndefineSpaceSpecial: + *handleCount = 2; + result = TPMI_RH_NV_INDEX_Unmarshal(&handles[0], handleBufferStart, + bufferRemainingSize); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; + result = TPMI_RH_PLATFORM_Unmarshal(&handles[1], handleBufferStart, + bufferRemainingSize); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; + break; +#endif // CC_NV_UndefineSpaceSpecial +#if CC_NV_ReadPublic +case TPM_CC_NV_ReadPublic: + *handleCount = 1; + result = TPMI_RH_NV_INDEX_Unmarshal(&handles[0], handleBufferStart, + bufferRemainingSize); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; + break; +#endif // CC_NV_ReadPublic +#if CC_NV_Write +case TPM_CC_NV_Write: + *handleCount = 2; + result = TPMI_RH_NV_AUTH_Unmarshal(&handles[0], handleBufferStart, + bufferRemainingSize); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; + result = TPMI_RH_NV_INDEX_Unmarshal(&handles[1], handleBufferStart, + bufferRemainingSize); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; + break; +#endif // CC_NV_Write +#if CC_NV_Increment +case TPM_CC_NV_Increment: + *handleCount = 2; + result = TPMI_RH_NV_AUTH_Unmarshal(&handles[0], handleBufferStart, + bufferRemainingSize); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; + result = TPMI_RH_NV_INDEX_Unmarshal(&handles[1], handleBufferStart, + bufferRemainingSize); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; + break; +#endif // CC_NV_Increment +#if CC_NV_Extend +case TPM_CC_NV_Extend: + *handleCount = 2; + result = TPMI_RH_NV_AUTH_Unmarshal(&handles[0], handleBufferStart, + bufferRemainingSize); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; + result = TPMI_RH_NV_INDEX_Unmarshal(&handles[1], handleBufferStart, + bufferRemainingSize); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; + break; +#endif // CC_NV_Extend +#if CC_NV_SetBits +case TPM_CC_NV_SetBits: + *handleCount = 2; + result = TPMI_RH_NV_AUTH_Unmarshal(&handles[0], handleBufferStart, + bufferRemainingSize); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; + result = TPMI_RH_NV_INDEX_Unmarshal(&handles[1], handleBufferStart, + bufferRemainingSize); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; + break; +#endif // CC_NV_SetBits +#if CC_NV_WriteLock +case TPM_CC_NV_WriteLock: + *handleCount = 2; + result = TPMI_RH_NV_AUTH_Unmarshal(&handles[0], handleBufferStart, + bufferRemainingSize); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; + result = TPMI_RH_NV_INDEX_Unmarshal(&handles[1], handleBufferStart, + bufferRemainingSize); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; + break; +#endif // CC_NV_WriteLock +#if CC_NV_GlobalWriteLock +case TPM_CC_NV_GlobalWriteLock: + *handleCount = 1; + result = TPMI_RH_PROVISION_Unmarshal(&handles[0], handleBufferStart, + bufferRemainingSize); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; + break; +#endif // CC_NV_GlobalWriteLock +#if CC_NV_Read +case TPM_CC_NV_Read: + *handleCount = 2; + result = TPMI_RH_NV_AUTH_Unmarshal(&handles[0], handleBufferStart, + bufferRemainingSize); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; + result = TPMI_RH_NV_INDEX_Unmarshal(&handles[1], handleBufferStart, + bufferRemainingSize); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; + break; +#endif // CC_NV_Read +#if CC_NV_ReadLock +case TPM_CC_NV_ReadLock: + *handleCount = 2; + result = TPMI_RH_NV_AUTH_Unmarshal(&handles[0], handleBufferStart, + bufferRemainingSize); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; + result = TPMI_RH_NV_INDEX_Unmarshal(&handles[1], handleBufferStart, + bufferRemainingSize); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; + break; +#endif // CC_NV_ReadLock +#if CC_NV_ChangeAuth +case TPM_CC_NV_ChangeAuth: + *handleCount = 1; + result = TPMI_RH_NV_INDEX_Unmarshal(&handles[0], handleBufferStart, + bufferRemainingSize); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; + break; +#endif // CC_NV_ChangeAuth +#if CC_NV_Certify +case TPM_CC_NV_Certify: + *handleCount = 3; + result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, + bufferRemainingSize, TRUE); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; + result = TPMI_RH_NV_AUTH_Unmarshal(&handles[1], handleBufferStart, + bufferRemainingSize); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; + result = TPMI_RH_NV_INDEX_Unmarshal(&handles[2], handleBufferStart, + bufferRemainingSize); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_3; + break; +#endif // CC_NV_Certify +#if CC_AC_GetCapability +case TPM_CC_AC_GetCapability: + *handleCount = 1; + result = TPMI_RH_AC_Unmarshal(&handles[0], handleBufferStart, + bufferRemainingSize); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; + break; +#endif // CC_AC_GetCapability +#if CC_AC_Send +case TPM_CC_AC_Send: + *handleCount = 3; + result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, + bufferRemainingSize, FALSE); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; + result = TPMI_RH_NV_AUTH_Unmarshal(&handles[1], handleBufferStart, + bufferRemainingSize); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; + result = TPMI_RH_AC_Unmarshal(&handles[2], handleBufferStart, + bufferRemainingSize); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_3; + break; +#endif // CC_AC_Send +#if CC_Policy_AC_SendSelect +case TPM_CC_Policy_AC_SendSelect: + *handleCount = 1; + result = TPMI_SH_POLICY_Unmarshal(&handles[0], handleBufferStart, + bufferRemainingSize); + if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; + break; +#endif // CC_Policy_AC_SendSelect +#if CC_Vendor_TCG_Test +case TPM_CC_Vendor_TCG_Test: + break; +#endif // CC_Vendor_TCG_Test diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/HashTestData.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/HashTestData.h new file mode 100644 index 000000000..8bd471a3f --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/HashTestData.h @@ -0,0 +1,104 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +// +// Hash Test Vectors +// + +TPM2B_TYPE(HASH_TEST_KEY, 128); // Twice the largest digest size +TPM2B_HASH_TEST_KEY c_hashTestKey = {{128, { + 0xa0,0xed,0x5c,0x9a,0xd2,0x4a,0x21,0x40,0x1a,0xd0,0x81,0x47,0x39,0x63,0xf9,0x50, + 0xdc,0x59,0x47,0x11,0x40,0x13,0x99,0x92,0xc0,0x72,0xa4,0x0f,0xe2,0x33,0xe4,0x63, + 0x9b,0xb6,0x76,0xc3,0x1e,0x6f,0x13,0xee,0xcc,0x99,0x71,0xa5,0xc0,0xcf,0x9a,0x40, + 0xcf,0xdb,0x66,0x70,0x05,0x63,0x54,0x12,0x25,0xf4,0xe0,0x1b,0x23,0x35,0xe3,0x70, + 0x7d,0x19,0x5f,0x00,0xe4,0xf1,0x61,0x73,0x05,0xd8,0x58,0x7f,0x60,0x61,0x84,0x36, + 0xec,0xbe,0x96,0x1b,0x69,0x00,0xf0,0x9a,0x6e,0xe3,0x26,0x73,0x0d,0x17,0x5b,0x33, + 0x41,0x44,0x9d,0x90,0xab,0xd9,0x6b,0x7d,0x48,0x99,0x25,0x93,0x29,0x14,0x2b,0xce, + 0x93,0x8d,0x8c,0xaf,0x31,0x0e,0x9c,0x57,0xd8,0x5b,0x57,0x20,0x1b,0x9f,0x2d,0xa5 + }}}; + +TPM2B_TYPE(HASH_TEST_DATA, 256); // Twice the largest block size +TPM2B_HASH_TEST_DATA c_hashTestData = {{256, { + 0x88,0xac,0xc3,0xe5,0x5f,0x66,0x9d,0x18,0x80,0xc9,0x7a,0x9c,0xa4,0x08,0x90,0x98, + 0x0f,0x3a,0x53,0x92,0x4c,0x67,0x4e,0xb7,0x37,0xec,0x67,0x87,0xb6,0xbe,0x10,0xca, + 0x11,0x5b,0x4a,0x0b,0x45,0xc3,0x32,0x68,0x48,0x69,0xce,0x25,0x1b,0xc8,0xaf,0x44, + 0x79,0x22,0x83,0xc8,0xfb,0xe2,0x63,0x94,0xa2,0x3c,0x59,0x3e,0x3e,0xc6,0x64,0x2c, + 0x1f,0x8c,0x11,0x93,0x24,0xa3,0x17,0xc5,0x2f,0x37,0xcf,0x95,0x97,0x8e,0x63,0x39, + 0x68,0xd5,0xca,0xba,0x18,0x37,0x69,0x6e,0x4f,0x19,0xfd,0x8a,0xc0,0x8d,0x87,0x3a, + 0xbc,0x31,0x42,0x04,0x05,0xef,0xb5,0x02,0xef,0x1e,0x92,0x4b,0xb7,0x73,0x2c,0x8c, + 0xeb,0x23,0x13,0x81,0x34,0xb9,0xb5,0xc1,0x17,0x37,0x39,0xf8,0x3e,0xe4,0x4c,0x06, + 0xa8,0x81,0x52,0x2f,0xef,0xc9,0x9c,0x69,0x89,0xbc,0x85,0x9c,0x30,0x16,0x02,0xca, + 0xe3,0x61,0xd4,0x0f,0xed,0x34,0x1b,0xca,0xc1,0x1b,0xd1,0xfa,0xc1,0xa2,0xe0,0xdf, + 0x52,0x2f,0x0b,0x4b,0x9f,0x0e,0x45,0x54,0xb9,0x17,0xb6,0xaf,0xd6,0xd5,0xca,0x90, + 0x29,0x57,0x7b,0x70,0x50,0x94,0x5c,0x8e,0xf6,0x4e,0x21,0x8b,0xc6,0x8b,0xa6,0xbc, + 0xb9,0x64,0xd4,0x4d,0xf3,0x68,0xd8,0xac,0xde,0xd8,0xd8,0xb5,0x6d,0xcd,0x93,0xeb, + 0x28,0xa4,0xe2,0x5c,0x44,0xef,0xf0,0xe1,0x6f,0x38,0x1a,0x3c,0xe6,0xef,0xa2,0x9d, + 0xb9,0xa8,0x05,0x2a,0x95,0xec,0x5f,0xdb,0xb0,0x25,0x67,0x9c,0x86,0x7a,0x8e,0xea, + 0x51,0xcc,0xc3,0xd3,0xff,0x6e,0xf0,0xed,0xa3,0xae,0xf9,0x5d,0x33,0x70,0xf2,0x11 + }}}; + +#if ALG_SHA1 == YES +TPM2B_TYPE(SHA1, 20); +TPM2B_SHA1 c_SHA1_digest = {{20, { + 0xee,0x2c,0xef,0x93,0x76,0xbd,0xf8,0x91,0xbc,0xe6,0xe5,0x57,0x53,0x77,0x01,0xb5, + 0x70,0x95,0xe5,0x40 + }}}; +#endif + +#if ALG_SHA256 == YES +TPM2B_TYPE(SHA256, 32); +TPM2B_SHA256 c_SHA256_digest = {{32, { + 0x64,0xe8,0xe0,0xc3,0xa9,0xa4,0x51,0x49,0x10,0x55,0x8d,0x31,0x71,0xe5,0x2f,0x69, + 0x3a,0xdc,0xc7,0x11,0x32,0x44,0x61,0xbd,0x34,0x39,0x57,0xb0,0xa8,0x75,0x86,0x1b + }}}; +#endif + +#if ALG_SHA384 == YES +TPM2B_TYPE(SHA384, 48); +TPM2B_SHA384 c_SHA384_digest = {{48, { + 0x37,0x75,0x29,0xb5,0x20,0x15,0x6e,0xa3,0x7e,0xa3,0x0d,0xcd,0x80,0xa8,0xa3,0x3d, + 0xeb,0xe8,0xad,0x4e,0x1c,0x77,0x94,0x5a,0xaf,0x6c,0xd0,0xc1,0xfa,0x43,0x3f,0xc7, + 0xb8,0xf1,0x01,0xc0,0x60,0xbf,0xf2,0x87,0xe8,0x71,0x9e,0x51,0x97,0xa0,0x09,0x8d + }}}; +#endif + +#if ALG_SHA512 == YES +TPM2B_TYPE(SHA512, 64); +TPM2B_SHA512 c_SHA512_digest = {{64, { + 0xe2,0x7b,0x10,0x3d,0x5e,0x48,0x58,0x44,0x67,0xac,0xa3,0x81,0x8c,0x1d,0xc5,0x71, + 0x66,0x92,0x8a,0x89,0xaa,0xd4,0x35,0x51,0x60,0x37,0x31,0xd7,0xba,0xe7,0x93,0x0b, + 0x16,0x4d,0xb3,0xc8,0x34,0x98,0x3c,0xd3,0x53,0xde,0x5e,0xe8,0x0c,0xbc,0xaf,0xc9, + 0x24,0x2c,0xcc,0xed,0xdb,0xde,0xba,0x1f,0x14,0x14,0x5a,0x95,0x80,0xde,0x66,0xbd + }}}; +#endif diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/InternalRoutines.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/InternalRoutines.h new file mode 100644 index 000000000..11bab88c0 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/InternalRoutines.h @@ -0,0 +1,127 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#ifndef INTERNAL_ROUTINES_H +#define INTERNAL_ROUTINES_H + +#if !defined _LIB_SUPPORT_H_ && !defined _TPM_H_ +#error "Should not be called" +#endif + +// DRTM functions +#include "_TPM_Hash_Start_fp.h" +#include "_TPM_Hash_Data_fp.h" +#include "_TPM_Hash_End_fp.h" + +// Internal subsystem functions +#include "Object_fp.h" +#include "Context_spt_fp.h" +#include "Object_spt_fp.h" +#include "Entity_fp.h" +#include "Session_fp.h" +#include "Hierarchy_fp.h" +#include "NvReserved_fp.h" +#include "NvDynamic_fp.h" +#include "NV_spt_fp.h" +#include "PCR_fp.h" +#include "DA_fp.h" +#include "TpmFail_fp.h" +#include "SessionProcess_fp.h" + +// Internal support functions +#include "CommandCodeAttributes_fp.h" +#include "Marshal_fp.h" +#include "Time_fp.h" +#include "Locality_fp.h" +#include "PP_fp.h" +#include "CommandAudit_fp.h" +#include "Manufacture_fp.h" +#include "Handle_fp.h" +#include "Power_fp.h" +#include "Response_fp.h" +#include "CommandDispatcher_fp.h" + +#ifdef CC_AC_Send +# include "AC_spt_fp.h" +#endif // CC_AC_Send + +// Miscellaneous +#include "Bits_fp.h" +#include "AlgorithmCap_fp.h" +#include "PropertyCap_fp.h" +#include "IoBuffers_fp.h" +#include "Memory_fp.h" +#include "ResponseCodeProcessing_fp.h" + +// Internal cryptographic functions +#include "BnConvert_fp.h" +#include "BnMath_fp.h" +#include "BnMemory_fp.h" +#include "Ticket_fp.h" +#include "CryptUtil_fp.h" +#include "CryptHash_fp.h" +#include "CryptSym_fp.h" +#include "CryptDes_fp.h" +#include "CryptPrime_fp.h" +#include "CryptRand_fp.h" +#include "CryptSelfTest_fp.h" +#include "MathOnByteBuffers_fp.h" +#include "CryptSym_fp.h" +#include "AlgorithmTests_fp.h" + +#if ALG_RSA +#include "CryptRsa_fp.h" +#include "CryptPrimeSieve_fp.h" +#endif + +#if ALG_ECC +#include "CryptEccMain_fp.h" +#include "CryptEccSignature_fp.h" +#include "CryptEccKeyExchange_fp.h" +#endif + +#if CC_MAC || CC_MAC_Start +# include "CryptSmac_fp.h" +# if ALG_CMAC +# include "CryptCmac_fp.h" +# endif +#endif + +// Support library +#include "SupportLibraryFunctionPrototypes_fp.h" + +// Linkage to platform functions +#include "Platform_fp.h" + +#endif diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/KdfTestData.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/KdfTestData.h new file mode 100644 index 000000000..bf27cfc84 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/KdfTestData.h @@ -0,0 +1,83 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +// +// Hash Test Vectors +// + +#define TEST_KDF_KEY_SIZE 20 + +TPM2B_TYPE(KDF_TEST_KEY, TEST_KDF_KEY_SIZE); +TPM2B_KDF_TEST_KEY c_kdfTestKeyIn = {{TEST_KDF_KEY_SIZE, { + 0x27, 0x1F, 0xA0, 0x8B, 0xBD, 0xC5, 0x06, 0x0E, 0xC3, 0xDF, + 0xA9, 0x28, 0xFF, 0x9B, 0x73, 0x12, 0x3A, 0x12, 0xDA, 0x0C }}}; + +TPM2B_TYPE(KDF_TEST_LABEL, 17); +TPM2B_KDF_TEST_LABEL c_kdfTestLabel = {{17, { + 0x4B, 0x44, 0x46, 0x53, 0x45, 0x4C, 0x46, 0x54, + 0x45, 0x53, 0x54, 0x4C, 0x41, 0x42, 0x45, 0x4C, 0x00 }}}; + +TPM2B_TYPE(KDF_TEST_CONTEXT, 8); +TPM2B_KDF_TEST_CONTEXT c_kdfTestContextU = {{8, { + 0xCE, 0x24, 0x4F, 0x39, 0x5D, 0xCA, 0x73, 0x91 }}}; + +TPM2B_KDF_TEST_CONTEXT c_kdfTestContextV = {{8, { + 0xDA, 0x50, 0x40, 0x31, 0xDD, 0xF1, 0x2E, 0x83 }}}; + + +#if ALG_SHA512 == ALG_YES + TPM2B_KDF_TEST_KEY c_kdfTestKeyOut = {{20, { + 0x8b, 0xe2, 0xc1, 0xb8, 0x5b, 0x78, 0x56, 0x9b, 0x9f, 0xa7, + 0x59, 0xf5, 0x85, 0x7c, 0x56, 0xd6, 0x84, 0x81, 0x0f, 0xd3 }}}; + #define KDF_TEST_ALG TPM_ALG_SHA512 + +#elif ALG_SHA384 == ALG_YES + TPM2B_KDF_TEST_KEY c_kdfTestKeyOut = {{20, { + 0x1d, 0xce, 0x70, 0xc9, 0x11, 0x3e, 0xb2, 0xdb, 0xa4, 0x7b, + 0xd9, 0xcf, 0xc7, 0x2b, 0xf4, 0x6f, 0x45, 0xb0, 0x93, 0x12 }}}; + #define KDF_TEST_ALG TPM_ALG_SHA384 + +#elif ALG_SHA256 == ALG_YES + TPM2B_KDF_TEST_KEY c_kdfTestKeyOut = {{20, { + 0xbb, 0x02, 0x59, 0xe1, 0xc8, 0xba, 0x60, 0x7e, 0x6a, 0x2c, + 0xd7, 0x04, 0xb6, 0x9a, 0x90, 0x2e, 0x9a, 0xde, 0x84, 0xc4 }}}; + #define KDF_TEST_ALG TPM_ALG_SHA256 + +#elif ALG_SHA1 == ALG_YES + TPM2B_KDF_TEST_KEY c_kdfTestKeyOut = {{20, { + 0x55, 0xb5, 0xa7, 0x18, 0x4a, 0xa0, 0x74, 0x23, 0xc4, 0x7d, + 0xae, 0x76, 0x6c, 0x26, 0xa2, 0x37, 0x7d, 0x7c, 0xf8, 0x51 }}}; + #define KDF_TEST_ALG TPM_ALG_SHA1 +#endif diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/LibSupport.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/LibSupport.h new file mode 100644 index 000000000..96473928e --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/LibSupport.h @@ -0,0 +1,69 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +// This header file is used to select the library code that gets included in the +// TPM build. + +#ifndef _LIB_SUPPORT_H_ +#define _LIB_SUPPORT_H_ + +//********************* +#ifndef RADIX_BITS +# if defined(__x86_64__) || defined(__x86_64) \ + || defined(__amd64__) || defined(__amd64) || defined(_WIN64) || defined(_M_X64) \ + || defined(_M_ARM64) || defined(__aarch64__) +# define RADIX_BITS 64 +# elif defined(__i386__) || defined(__i386) || defined(i386) \ + || defined(_WIN32) || defined(_M_IX86) \ + || defined(_M_ARM) || defined(__arm__) || defined(__thumb__) +# define RADIX_BITS 32 +# else +# error Unable to determine RADIX_BITS from compiler environment +# endif +#endif // RADIX_BITS + +// These macros use the selected libraries to the proper include files. +#define LIB_QUOTE(_STRING_) #_STRING_ +#define LIB_INCLUDE2(_LIB_, _TYPE_) LIB_QUOTE(_LIB_/TpmTo##_LIB_##_TYPE_.h) +#define LIB_INCLUDE(_LIB_, _TYPE_) LIB_INCLUDE2(_LIB_, _TYPE_) + +// Include the options for hashing and symmetric. Defer the load of the math package +// Until the bignum parameters are defined. +#include LIB_INCLUDE(SYM_LIB, Sym) +#include LIB_INCLUDE(HASH_LIB, Hash) + +#undef MIN +#undef MAX + +#endif // _LIB_SUPPORT_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ltc/LtcSettings.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ltc/LtcSettings.h new file mode 100644 index 000000000..0e31d344d --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ltc/LtcSettings.h @@ -0,0 +1,84 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +//** Introduction +// +// This header file contains some defines that are necessary to get LTC to compile +// correctly +// +#ifndef _LTC_SETTINGS_H_ +#define _LTC_SETTINGS_H_ + +#if (defined HASH_LIB_LTC) || (defined SYM_LIB_LTC) || (defined MATH_LIB_LTC) + +#if ALG_AES +# define LTC_RIJNDAEL +#endif +#if ALG_TDES +# define LTC_DES +#endif + +#define _Bool int + +// LibTomCrypt types +typedef unsigned long long ulong64; + +/* default no functions m for LTC */ +#define LTC_MUTEX_GLOBAL(x) +#define LTC_MUTEX_PROTO(x) +#define LTC_MUTEX_TYPE(x) +#define LTC_MUTEX_INIT(x) +#define LTC_MUTEX_LOCK(x) +#define LTC_MUTEX_UNLOCK(x) + +#ifndef XMEM_NEQ +#define XMEM_NEQ +#endif + +#define LTC_SHA512 +#define LTC_SHA384 +#define LTC_SHA256 +#define LTC_SHA1 + +// Define these function calls as needed +#define CryptLibStartup() LtcLibStartup() + +_REDUCE_WARNING_LEVEL_(0) +#include "tomcrypt.h" +_NORMAL_WARNING_LEVEL_ + +#endif + +#endif // diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ltc/TpmToLtcHash.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ltc/TpmToLtcHash.h new file mode 100644 index 000000000..6f429852c --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ltc/TpmToLtcHash.h @@ -0,0 +1,172 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +//** Introduction +// This header defines the interface between the hashing code and the LIbTomCrypt +// hash functions. + +#ifndef HASH_LIB_DEFINED +#define HASH_LIB_DEFINED + +#define HASH_LIB_LTC + +// Avoid pulling in the MPA math if not doing asymmetric with LTC +#if !(defined MATH_LIB_LTC) +# define LTC_NO_ASYMMETRIC +#endif + +#include "LtcSettings.h" + +//*************************************************************** +//******** Linking to the TomCrypt HASH code ******************** +//*************************************************************** +// These defines need to be known in all parts of the TPM so that the structure +// sizes can be properly computed when needed. +#define tpmHashStateSHA1_t struct sha1_state +#define tpmHashStateSHA256_t struct sha256_state +#define tpmHashStateSHA512_t struct sha512_state +#define tpmHashStateSHA384_t struct sha512_state + +// The following defines are only needed by CryptHash.c +#ifdef _CRYPT_HASH_C_ + +// Define the interface between CryptHash.c to the functions provided by the +// library. For each method, define the calling parameters of the method and then +// define how the method is invoked in CryptHash.c. +// +// All hashes are required to have the same calling sequence. If they don't, create +// a simple adaptation function that converts from the "standard" form of the call +// to the form used by the specific hash (and then send a nasty letter to the +// person who wrote the hash function for the library). +// +// The macro that calls the method also defines how the +// parameters get swizzled between the default form (in CryptHash.c)and the +// library form. +// +// Initialize the hash context +#define HASH_START_METHOD_DEF \ + void (HASH_START_METHOD)(PANY_HASH_STATE state) +#define HASH_START(hashState) \ + ((hashState)->def->method.start)(&(hashState)->state) + +// Add data to the hash +#define HASH_DATA_METHOD_DEF \ + void (HASH_DATA_METHOD)(PANY_HASH_STATE state, \ + const BYTE *buffer, \ + size_t size) +#define HASH_DATA(hashState, dInSize, dIn) \ + ((hashState)->def->method.data)(&(hashState)->state, dIn, dInSize) + +// Finalize the hash and get the digest +#define HASH_END_METHOD_DEF \ + void (HASH_END_METHOD)(PANY_HASH_STATE \ + state, \ + BYTE *buffer) +#define HASH_END(hashState, buffer) \ + ((hashState)->def->method.end)(&(hashState)->state, buffer) + +// Copy the hash context +// Note: For import, export, and copy, memcpy() is used since there is no +// reformatting necessary between the internal and external forms +#define HASH_STATE_COPY_METHOD_DEF \ + void (HASH_STATE_COPY_METHOD)(PANY_HASH_STATE to, \ + PCANY_HASH_STATE from, \ + size_t size) +#define HASH_STATE_COPY(hashStateOut, hashStateIn) \ + ((hashStateIn)->def->method.copy) \ + (&(hashStateOut)->state, \ + &(hashStateIn)->state, \ + (hashStateIn)->def->contextSize) + +// Copy (with reformatting when necessary) an internal hash structure to an +// external blob +#define HASH_STATE_EXPORT_METHOD_DEF \ + void (HASH_STATE_EXPORT_METHOD)(BYTE *to, \ + PANY_HASH_STATE from, \ + size_t size) +#define HASH_STATE_EXPORT(to, hashStateFrom) \ + ((hashStateFrom)->def->method.copyOut) \ + (&(((BYTE *)(to))[offsetof(HASH_STATE, state)]), \ + &(hashStateFrom)->state, \ + (hashStateFrom)->def->contextSize) + +// Copy from an external blob to an internal formate (with reformatting when +// necessary +#define HASH_STATE_IMPORT_METHOD_DEF \ + void (HASH_STATE_IMPORT_METHOD)(PANY_HASH_STATE to, \ + const BYTE *from, \ + size_t size) +#define HASH_STATE_IMPORT(hashStateTo, from) \ + ((hashStateTo)->def->method.copyIn) \ + (&(hashStateTo)->state, \ + &(((const BYTE *)(from))[offsetof(HASH_STATE, state)]),\ + (hashStateTo)->def->contextSize) + +// Internal External +// Designation Designation +#define tpmHashStart_SHA1 sha1_init +#define tpmHashData_SHA1 sha1_process +#define tpmHashEnd_SHA1 sha1_done +#define tpmHashStateCopy_SHA1 memcpy +#define tpmHashStateExport_SHA1 memcpy +#define tpmHashStateImport_SHA1 memcpy +#define tpmHashStart_SHA256 sha256_init +#define tpmHashData_SHA256 sha256_process +#define tpmHashEnd_SHA256 sha256_done +#define tpmHashStateCopy_SHA256 memcpy +#define tpmHashStateExport_SHA256 memcpy +#define tpmHashStateImport_SHA256 memcpy +#define tpmHashStart_SHA384 sha384_init +#define tpmHashData_SHA384 sha384_process +#define tpmHashEnd_SHA384 sha384_done +#define tpmHashStateCopy_SHA384 memcpy +#define tpmHashStateExport_SHA384 memcpy +#define tpmHashStateImport_SHA384 memcpy +#define tpmHashStart_SHA512 sha512_init +#define tpmHashData_SHA512 sha512_process +#define tpmHashEnd_SHA512 sha512_done +#define tpmHashStateCopy_SHA512 memcpy +#define tpmHashStateExport_SHA512 memcpy +#define tpmHashStateImport_SHA512 memcpy + +#endif // _CRYPT_HASH_C_ + +// No special processing to initialize the LTC hash library +#define LibHashInit() + +// No special processing at the end of the simulation (i.e., no statistics to print) +#define HashLibSimulationEnd() + +#endif // HASH_LIB_DEFINED diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ltc/TpmToLtcMath.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ltc/TpmToLtcMath.h new file mode 100644 index 000000000..93ede548d --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ltc/TpmToLtcMath.h @@ -0,0 +1,89 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +//** Introduction +// This file contains the structure definitions used for linking from the TPM +// code to the MPA and LTC math libraries. + +#ifndef MATH_LIB_DEFINED +#define MATH_LIB_DEFINED + +#define MATH_LIB_LTC + +_REDUCE_WARNING_LEVEL_(2) +#include "LtcSettings.h" +#include "mpalib.h" +#include "mpa.h" +#include "tomcrypt_mpa.h" +_NORMAL_WARNING_LEVEL_ + + +#if RADIX_BITS != 32 +#error "The mpa library used with LibTomCrypt only works for 32-bit words" +#endif + +// These macros handle entering and leaving a scope +// from which an MPA or LibTomCrypt function may be called. +// Many of these functions require a scratch pool from which +// they will allocate scratch variables (rather than using their +// own stack). +extern mpa_scratch_mem external_mem_pool; + +#define MPA_ENTER(vars, bits) \ + mpa_word_t POOL_ [ \ + mpa_scratch_mem_size_in_U32(vars, bits)]; \ + mpa_scratch_mem pool_save = external_mem_pool; \ + mpa_scratch_mem POOL = LtcPoolInit(POOL_, vars, bits) + +#define MPA_LEAVE() init_mpa_tomcrypt(pool_save) + +typedef ECC_CURVE_DATA bnCurve_t; + +typedef bnCurve_t *bigCurve; + +#define AccessCurveData(E) (E) + +// Include the support functions for the routines that are used by LTC thunk. +#include "TpmToLtcSupport_fp.h" + +#define CURVE_INITIALIZED(name, initializer) \ + bnCurve_t *name = (ECC_CURVE_DATA *)GetCurveData(initializer) + +#define CURVE_FREE(E) + +// This definition would change if there were something to report +#define MathLibSimulationEnd() + +#endif // MATH_LIB_DEFINED diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ltc/TpmToLtcSym.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ltc/TpmToLtcSym.h new file mode 100644 index 000000000..68de231a8 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ltc/TpmToLtcSym.h @@ -0,0 +1,110 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +//** Introduction +// +// This header file is used to "splice" the TPM to the LTC symmetric cipher code. + +#ifndef SYM_LIB_DEFINED +#define SYM_LIB_DEFINED + +#define SYM_LIB_LTC + +// Avoid pulling in the MPA math if not doing asymmetric with LTC +#if !(defined MATH_LIB_LTC) +# define LTC_NO_ASYMMETRIC +#endif + +#include "LtcSettings.h" + +//*************************************************************** +//******** Linking to the TomCrypt AES code ********************* +//*************************************************************** + +#if ALG_SM4 +#error "SM4 is not available" +#endif + +#if ALG_CAMELLIA +#error "Camellia is not available" +#endif + +// Define the order of parameters to the functions that do block encryption and +// decryption. +typedef void(*TpmCryptSetSymKeyCall_t)( + const void *in, + void *out, + void *keySchedule + ); + +// Macro to put the parameters in the order required by the library +#define SWIZZLE(keySchedule, in, out) \ + (const void *)(in), (void *)(out), (void *)(keySchedule) + +// Macros to set up the encryption/decryption key schedules +// +// AES: +# define TpmCryptSetEncryptKeyAES(key, keySizeInBits, schedule) \ + aes_setup((key), BITS_TO_BYTES(keySizeInBits), 0, (symmetric_key *)(schedule)) +# define TpmCryptSetDecryptKeyAES(key, keySizeInBits, schedule) \ + aes_setup((key), BITS_TO_BYTES(keySizeInBits), 0, (symmetric_key *)(schedule)) + +// TDES: +# define TpmCryptSetEncryptKeyTDES(key, keySizeInBits, schedule) \ + TDES_setup((key), (keySizeInBits), (symmetric_key *)(schedule)) +# define TpmCryptSetDecryptKeyTDES(key, keySizeInBits, schedule) \ + TDES_setup((key), (keySizeInBits), (symmetric_key *)(schedule)) + + +// Macros to alias encrypt and decrypt function calls to library-specific values +// sparingly. These should be used sparingly. Currently, they are only used by +// CryptRand.c in the AES version of the DRBG. +#define TpmCryptEncryptAES aes_ecb_encrypt +#define TpmCryptDecryptAES aes_ecb_decrypt +#define tpmKeyScheduleAES struct rijndael_key +// +#define TpmCryptEncryptTDES des3_ecb_encrypt +#define TpmCryptDecryptTDES des3_ecb_decrypt +#define tpmKeyScheduleTDES struct des3_key + +typedef union tpmCryptKeySchedule_t tpmCryptKeySchedule_t; + +#include "TpmToLtcDesSupport_fp.h" + +// This is used to trigger printing of simulation statistics + +#define SymLibSimulationEnd() + +#endif // SYM_LIB_DEFINED diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/MinMax.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/MinMax.h new file mode 100644 index 000000000..720065055 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/MinMax.h @@ -0,0 +1,46 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#ifndef _MIN_MAX_H_ +#define _MIN_MAX_H_ + +#ifndef MAX +#define MAX(a, b) ((a) > (b) ? (a) : (b)) +#endif +#ifndef MIN +#define MIN(a, b) ((a) < (b) ? (a) : (b)) +#endif + +#endif // _MIN_MAX_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/NV.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/NV.h new file mode 100644 index 000000000..88564f73c --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/NV.h @@ -0,0 +1,165 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +//** Index Type Definitions + +// These definitions allow the same code to be used pre and post 1.21. The main +// action is to redefine the index type values from the bit values. +// Use TPM_NT_ORDINARY to indicate if the TPM_NT type is defined + +#ifndef _NV_H_ +#define _NV_H_ + + +#ifdef TPM_NT_ORDINARY +// If TPM_NT_ORDINARY is defined, then the TPM_NT field is present in a TPMA_NV +# define GET_TPM_NT(attributes) GET_ATTRIBUTE(attributes, TPMA_NV, TPM_NT) +#else +// If TPM_NT_ORDINARY is not defined, then need to synthesize it from the +// attributes +# define GetNv_TPM_NV(attributes) \ + ( IS_ATTRIBUTE(attributes, TPMA_NV, COUNTER) \ + + (IS_ATTRIBUTE(attributes, TPMA_NV, BITS) << 1) \ + + (IS_ATTRIBUTE(attributes, TPMA_NV, EXTEND) << 2) \ + ) +# define TPM_NT_ORDINARY (0) +# define TPM_NT_COUNTER (1) +# define TPM_NT_BITS (2) +# define TPM_NT_EXTEND (4) +#endif + + +//** Attribute Macros +// These macros are used to isolate the differences in the way that the index type +// changed in version 1.21 of the specification +# define IsNvOrdinaryIndex(attributes) \ + (GET_TPM_NT(attributes) == TPM_NT_ORDINARY) + +# define IsNvCounterIndex(attributes) \ + (GET_TPM_NT(attributes) == TPM_NT_COUNTER) + +# define IsNvBitsIndex(attributes) \ + (GET_TPM_NT(attributes) == TPM_NT_BITS) + +# define IsNvExtendIndex(attributes) \ + (GET_TPM_NT(attributes) == TPM_NT_EXTEND) + +#ifdef TPM_NT_PIN_PASS +# define IsNvPinPassIndex(attributes) \ + (GET_TPM_NT(attributes) == TPM_NT_PIN_PASS) +#endif + +#ifdef TPM_NT_PIN_FAIL +# define IsNvPinFailIndex(attributes) \ + (GET_TPM_NT(attributes) == TPM_NT_PIN_FAIL) +#endif + +typedef struct { + UINT32 size; + TPM_HANDLE handle; +} NV_ENTRY_HEADER; + +#define NV_EVICT_OBJECT_SIZE \ + (sizeof(UINT32) + sizeof(TPM_HANDLE) + sizeof(OBJECT)) + +#define NV_INDEX_COUNTER_SIZE \ + (sizeof(UINT32) + sizeof(NV_INDEX) + sizeof(UINT64)) + +#define NV_RAM_INDEX_COUNTER_SIZE \ + (sizeof(NV_RAM_HEADER) + sizeof(UINT64)) + +typedef struct { + UINT32 size; + TPM_HANDLE handle; + TPMA_NV attributes; +} NV_RAM_HEADER; + +// Defines the end-of-list marker for NV. The list terminator is +// a UINT32 of zero, followed by the current value of s_maxCounter which is a +// 64-bit value. The structure is defined as an array of 3 UINT32 values so that +// there is no padding between the UINT32 list end marker and the UINT64 maxCounter +// value. +typedef UINT32 NV_LIST_TERMINATOR[3]; + +//** Orderly RAM Values +// The following defines are for accessing orderly RAM values. + +// This is the initialize for the RAM reference iterator. +#define NV_RAM_REF_INIT 0 +// This is the starting address of the RAM space used for orderly data +#define RAM_ORDERLY_START \ + (&s_indexOrderlyRam[0]) +// This is the offset within NV that is used to save the orderly data on an +// orderly shutdown. +#define NV_ORDERLY_START \ + (NV_INDEX_RAM_DATA) +// This is the end of the orderly RAM space. It is actually the first byte after the +// last byte of orderly RAM data +#define RAM_ORDERLY_END \ + (RAM_ORDERLY_START + sizeof(s_indexOrderlyRam)) +// This is the end of the orderly space in NV memory. As with RAM_ORDERLY_END, it is +// actually the offset of the first byte after the end of the NV orderly data. +#define NV_ORDERLY_END \ + (NV_ORDERLY_START + sizeof(s_indexOrderlyRam)) + +// Macro to check that an orderly RAM address is with range. +#define ORDERLY_RAM_ADDRESS_OK(start, offset) \ + ((start >= RAM_ORDERLY_START) && ((start + offset - 1) < RAM_ORDERLY_END)) + + +#define RETURN_IF_NV_IS_NOT_AVAILABLE \ +{ \ + if(g_NvStatus != TPM_RC_SUCCESS) \ + return g_NvStatus; \ +} + +// Routinely have to clear the orderly flag and fail if the +// NV is not available so that it can be cleared. +#define RETURN_IF_ORDERLY \ +{ \ + if(NvClearOrderly() != TPM_RC_SUCCESS) \ + return g_NvStatus; \ +} + +#define NV_IS_AVAILABLE (g_NvStatus == TPM_RC_SUCCESS) + +#define IS_ORDERLY(value) (value < SU_DA_USED_VALUE) + +#define NV_IS_ORDERLY (IS_ORDERLY(gp.orderlyState)) + +// Macro to set the NV UPDATE_TYPE. This deals with the fact that the update is +// possibly a combination of UT_NV and UT_ORDERLY. +#define SET_NV_UPDATE(type) g_updateNV |= (type) + +#endif // _NV_H_ \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/OIDs.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/OIDs.h new file mode 100644 index 000000000..312ae69ff --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/OIDs.h @@ -0,0 +1,275 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#ifndef _OIDS_H_ +#define _OIDS_H_ + +// All the OIDs in this file are defined as DER-encoded values with a leading tag +// 0x06 (ASN1_OBJECT_IDENTIFIER), followed by a single length byte. This allows the +// OID size to be determined by looking at octet[1] of the OID (total size is +// OID[1] + 2). + +#define MAKE_OID(NAME) \ + EXTERN const BYTE OID##NAME[] INITIALIZER({OID##NAME##_VALUE}) + + +// These macros allow OIDs to be defined (or not) depending on whether the associated +// hash algorithm is implemented. +// NOTE: When one of these macros is used, the NAME needs '_" on each side. The +// exception is when the macro is used for the hash OID when only a single '_' is +// used. +#if ALG_SHA1 +#define SHA1_OID(NAME) MAKE_OID(NAME##SHA1) +#else +#define SHA1_OID(NAME) +#endif +#if ALG_SHA256 +#define SHA256_OID(NAME) MAKE_OID(NAME##SHA256) +#else +#define SHA256_OID(NAME) +#endif +#if ALG_SHA384 +#define SHA384_OID(NAME) MAKE_OID(NAME##SHA384) +#else +#define SHA#84_OID(NAME) +#endif +#if ALG_SHA512 +#define SHA512_OID(NAME) MAKE_OID(NAME##SHA512) +#else +#define SHA512_OID(NAME) +#endif +#if ALG_SM3_256 +#define SM3_256_OID(NAME) MAKE_OID(NAME##SM2_256) +#else +#define SM3_256_OID(NAME) +#endif +#if ALG_SHA3_256 +#define SHA3_256_OID(NAME) MAKE_OID(NAME##SHA3_256) +#else +#define SHA3_256_OID(NAME) +#endif +#if ALG_SHA3_384 +#define SHA3_384_OID(NAME) MAKE_OID(NAME##SHA3_384) +#else +#define SHA3_384_OID(NAME) +#endif +#if ALG_SHA3_512 +#define SSHA3_512_OID(NAME) MAKE_OID(NAME##SHA3_512) +#else +#define SHA3_512_OID(NAME) +#endif + +// These are encoded to take one additional byte of algorithm selector +#define NIST_HASH 0x06, 0x09, 0x60, 0x86, 0x48, 1, 101, 3, 4, 2 +#define NIST_SIG 0x06, 0x09, 0x60, 0x86, 0x48, 1, 101, 3, 4, 3 + +// These hash OIDs used in a lot of places. +#define OID_SHA1_VALUE 0x06, 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A +SHA1_OID(_); // Expands to + // MAKE_OID(_SHA1) + // which expands to: + // extern BYTE OID_SHA1[] + // or + // const BYTE OID_SHA1[] = {OID_SHA1_VALUE} + // which is: + // const BYTE OID_SHA1[] = {0x06, 0x05, 0x2B, 0x0E, + // 0x03, 0x02, 0x1A} + + +#define OID_SHA256_VALUE NIST_HASH, 1 +SHA256_OID(_); + +#define OID_SHA384_VALUE NIST_HASH, 2 +SHA384_OID(_); + +#define OID_SHA512_VALUE NIST_HASH, 3 +SHA512_OID(_); + +#define OID_SM3_256_VALUE 0x06, 0x08, 0x2A, 0x81, 0x1C, 0xCF, 0x55, 0x01, \ + 0x83, 0x11 +SM3_256_OID(_); // (1.2.156.10197.1.401) + +#define OID_SHA3_256_VALUE NIST_HASH, 8 +SHA3_256_OID(_); + +#define OID_SHA3_384_VALUE NIST_HASH, 9 +SHA3_384_OID(_); + +#define OID_SHA3_512_VALUE NIST_HASH, 10 +SHA3_512_OID(_); + + +// These are used for RSA-PSS +#if ALG_RSA + +#define OID_MGF1_VALUE 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, \ + 0x01, 0x01, 0x08 +MAKE_OID(_MGF1); + +#define OID_RSAPSS_VALUE 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, \ + 0x01, 0x01, 0x0A +MAKE_OID(_RSAPSS); + +// This is the OID to designate the public part of an RSA key. +#define OID_PKCS1_PUB_VALUE 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, \ + 0x01, 0x01, 0x01 +MAKE_OID(_PKCS1_PUB); + +// These are used for RSA PKCS1 signature Algorithms +#define OID_PKCS1_SHA1_VALUE 0x06,0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, \ + 0x0D, 0x01, 0x01, 0x05 +SHA1_OID(_PKCS1_); // (1.2.840.113549.1.1.5) + +#define OID_PKCS1_SHA256_VALUE 0x06,0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, \ + 0x0D, 0x01, 0x01, 0x0B +SHA256_OID(_PKCS1_); // (1.2.840.113549.1.1.11) + +#define OID_PKCS1_SHA384_VALUE 0x06,0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, \ + 0x0D, 0x01, 0x01, 0x0C +SHA384_OID(_PKCS1_); // (1.2.840.113549.1.1.12) + +#define OID_PKCS1_SHA512_VALUE 0x06,0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, \ + 0x0D, 0x01, 0x01, 0x0D +SHA512_OID(_PKCS1_); //(1.2.840.113549.1.1.13) + +#define OID_PKCS1_SM3_256_VALUE 0x06, 0x08, 0x2A, 0x81, 0x1C, 0xCF, 0x55, \ + 0x01, 0x83, 0x78 +SM3_256_OID(_PKCS1_); // 1.2.156.10197.1.504 + +#define OID_PKCS1_SHA3_256_VALUE NIST_SIG, 14 +SHA3_256_OID(_PKCS1_); +#define OID_PKCS1_SHA3_384_VALUE NIST_SIG, 15 +SHA3_256_OID(_PKCS1_); +#define OID_PKCS1_SHA3_512_VALUE NIST_SIG, 16 +SHA3_512_OID(_PKCS1_); + + +#endif // ALG_RSA + +#if ALG_ECDSA + +#define OID_ECDSA_SHA1_VALUE 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, \ + 0x01 +SHA1_OID(_ECDSA_); // (1.2.840.10045.4.1) SHA1 digest signed by an ECDSA key. + +#define OID_ECDSA_SHA256_VALUE 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, \ + 0x03, 0x02 +SHA256_OID(_ECDSA_); // (1.2.840.10045.4.3.2) SHA256 digest signed by an ECDSA key. + +#define OID_ECDSA_SHA384_VALUE 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, \ + 0x03, 0x03 +SHA384_OID(_ECDSA_); // (1.2.840.10045.4.3.3) SHA384 digest signed by an ECDSA key. + +#define OID_ECDSA_SHA512_VALUE 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, \ + 0x03, 0x04 +SHA512_OID(_ECDSA_); // (1.2.840.10045.4.3.4) SHA512 digest signed by an ECDSA key. + +#define OID_ECDSA_SM3_256_VALUE 0x00 +SM3_256_OID(_ECDSA_); + +#define OID_ECDSA_SHA3_256_VALUE NIST_SIG, 10 +SHA3_256_OID(_ECDSA_); +#define OID_ECDSA_SHA3_384_VALUE NIST_SIG, 11 +SHA3_384_OID(_ECDSA_); +#define OID_ECDSA_SHA3_512_VALUE NIST_SIG, 12 +SHA3_512_OID(_ECDSA_); + + + +#endif // ALG_ECDSA + +#if ALG_ECC + +#define OID_ECC_PUBLIC_VALUE 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, \ + 0x01 +MAKE_OID(_ECC_PUBLIC); + + +#define OID_ECC_NIST_P192_VALUE 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, \ + 0x01, 0x01 +#if ECC_NIST_P192 +MAKE_OID(_ECC_NIST_P192); // (1.2.840.10045.3.1.1) 'nistP192' +#endif // ECC_NIST_P192 + +#define OID_ECC_NIST_P224_VALUE 0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x21 +#if ECC_NIST_P224 +MAKE_OID(_ECC_NIST_P224); // (1.3.132.0.33) 'nistP224' +#endif // ECC_NIST_P224 + +#define OID_ECC_NIST_P256_VALUE 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, \ + 0x01, 0x07 +#if ECC_NIST_P256 +MAKE_OID(_ECC_NIST_P256); // (1.2.840.10045.3.1.7) 'nistP256' +#endif // ECC_NIST_P256 + +#define OID_ECC_NIST_P384_VALUE 0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x22 +#if ECC_NIST_P384 +MAKE_OID(_ECC_NIST_P384); // (1.3.132.0.34) 'nistP384' +#endif // ECC_NIST_P384 + +#define OID_ECC_NIST_P521_VALUE 0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x23 +#if ECC_NIST_P521 +MAKE_OID(_ECC_NIST_P521); // (1.3.132.0.35) 'nistP521' +#endif // ECC_NIST_P521 + +// No OIDs defined for these anonymous curves +#define OID_ECC_BN_P256_VALUE 0x00 +#if ECC_BN_P256 +MAKE_OID(_ECC_BN_P256); +#endif // ECC_BN_P256 + +#define OID_ECC_BN_P638_VALUE 0x00 +#if ECC_BN_P638 +MAKE_OID(_ECC_BN_P638); +#endif // ECC_BN_P638 + +#define OID_ECC_SM2_P256_VALUE 0x06, 0x08, 0x2A, 0x81, 0x1C, 0xCF, 0x55, 0x01, \ + 0x82, 0x2D +#if ECC_SM2_P256 +MAKE_OID(_ECC_SM2_P256); // Don't know where I found this OID. It needs checking +#endif // ECC_SM2_P256 + +#if ECC_BN_P256 +#define OID_ECC_BN_P256 NULL +#endif // ECC_BN_P256 + +#endif // ALG_ECC + +#undef MAKE_OID + + +#define OID_SIZE(OID) (OID[1] + 2) + +#endif // !_OIDS_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ossl/TpmToOsslHash.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ossl/TpmToOsslHash.h new file mode 100644 index 000000000..56f414464 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ossl/TpmToOsslHash.h @@ -0,0 +1,180 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +//** Introduction +// +// This header file is used to 'splice' the OpenSSL hash code into the TPM code. +// +#ifndef HASH_LIB_DEFINED +#define HASH_LIB_DEFINED + +#define HASH_LIB_OSSL + +#include +#include +#include + + +//*************************************************************** +//** Links to the OpenSSL HASH code +//*************************************************************** + +// Redefine the internal name used for each of the hash state structures to the +// name used by the library. +// These defines need to be known in all parts of the TPM so that the structure +// sizes can be properly computed when needed. + +#define tpmHashStateSHA1_t SHA_CTX +#define tpmHashStateSHA256_t SHA256_CTX +#define tpmHashStateSHA384_t SHA512_CTX +#define tpmHashStateSHA512_t SHA512_CTX + +#if ALG_SM3_256 +# error "The version of OpenSSL used by this code does not support SM3" +#endif + +// The defines below are only needed when compiling CryptHash.c or CryptSmac.c. +// This isolation is primarily to avoid name space collision. However, if there +// is a real collision, it will likely show up when the linker tries to put things +// together. + +#ifdef _CRYPT_HASH_C_ + +typedef BYTE *PBYTE; +typedef const BYTE *PCBYTE; + +// Define the interface between CryptHash.c to the functions provided by the +// library. For each method, define the calling parameters of the method and then +// define how the method is invoked in CryptHash.c. +// +// All hashes are required to have the same calling sequence. If they don't, create +// a simple adaptation function that converts from the "standard" form of the call +// to the form used by the specific hash (and then send a nasty letter to the +// person who wrote the hash function for the library). +// +// The macro that calls the method also defines how the +// parameters get swizzled between the default form (in CryptHash.c)and the +// library form. +// +// Initialize the hash context +#define HASH_START_METHOD_DEF void (HASH_START_METHOD)(PANY_HASH_STATE state) +#define HASH_START(hashState) \ + ((hashState)->def->method.start)(&(hashState)->state); + +// Add data to the hash +#define HASH_DATA_METHOD_DEF \ + void (HASH_DATA_METHOD)(PANY_HASH_STATE state, \ + PCBYTE buffer, \ + size_t size) +#define HASH_DATA(hashState, dInSize, dIn) \ + ((hashState)->def->method.data)(&(hashState)->state, dIn, dInSize) + +// Finalize the hash and get the digest +#define HASH_END_METHOD_DEF \ + void (HASH_END_METHOD)(BYTE *buffer, PANY_HASH_STATE state) +#define HASH_END(hashState, buffer) \ + ((hashState)->def->method.end)(buffer, &(hashState)->state) + +// Copy the hash context +// Note: For import, export, and copy, memcpy() is used since there is no +// reformatting necessary between the internal and external forms. +#define HASH_STATE_COPY_METHOD_DEF \ + void (HASH_STATE_COPY_METHOD)(PANY_HASH_STATE to, \ + PCANY_HASH_STATE from, \ + size_t size) +#define HASH_STATE_COPY(hashStateOut, hashStateIn) \ + ((hashStateIn)->def->method.copy)(&(hashStateOut)->state, \ + &(hashStateIn)->state, \ + (hashStateIn)->def->contextSize) + +// Copy (with reformatting when necessary) an internal hash structure to an +// external blob +#define HASH_STATE_EXPORT_METHOD_DEF \ + void (HASH_STATE_EXPORT_METHOD)(BYTE *to, \ + PCANY_HASH_STATE from, \ + size_t size) +#define HASH_STATE_EXPORT(to, hashStateFrom) \ + ((hashStateFrom)->def->method.copyOut) \ + (&(((BYTE *)(to))[offsetof(HASH_STATE, state)]), \ + &(hashStateFrom)->state, \ + (hashStateFrom)->def->contextSize) + +// Copy from an external blob to an internal formate (with reformatting when +// necessary +#define HASH_STATE_IMPORT_METHOD_DEF \ + void (HASH_STATE_IMPORT_METHOD)(PANY_HASH_STATE to, \ + const BYTE *from, \ + size_t size) +#define HASH_STATE_IMPORT(hashStateTo, from) \ + ((hashStateTo)->def->method.copyIn) \ + (&(hashStateTo)->state, \ + &(((const BYTE *)(from))[offsetof(HASH_STATE, state)]),\ + (hashStateTo)->def->contextSize) + + +// Function aliases. The code in CryptHash.c uses the internal designation for the +// functions. These need to be translated to the function names of the library. +#define tpmHashStart_SHA1 SHA1_Init // external name of the + // initialization method +#define tpmHashData_SHA1 SHA1_Update +#define tpmHashEnd_SHA1 SHA1_Final +#define tpmHashStateCopy_SHA1 memcpy +#define tpmHashStateExport_SHA1 memcpy +#define tpmHashStateImport_SHA1 memcpy +#define tpmHashStart_SHA256 SHA256_Init +#define tpmHashData_SHA256 SHA256_Update +#define tpmHashEnd_SHA256 SHA256_Final +#define tpmHashStateCopy_SHA256 memcpy +#define tpmHashStateExport_SHA256 memcpy +#define tpmHashStateImport_SHA256 memcpy +#define tpmHashStart_SHA384 SHA384_Init +#define tpmHashData_SHA384 SHA384_Update +#define tpmHashEnd_SHA384 SHA384_Final +#define tpmHashStateCopy_SHA384 memcpy +#define tpmHashStateExport_SHA384 memcpy +#define tpmHashStateImport_SHA384 memcpy +#define tpmHashStart_SHA512 SHA512_Init +#define tpmHashData_SHA512 SHA512_Update +#define tpmHashEnd_SHA512 SHA512_Final +#define tpmHashStateCopy_SHA512 memcpy +#define tpmHashStateExport_SHA512 memcpy +#define tpmHashStateImport_SHA512 memcpy + +#endif // _CRYPT_HASH_C_ + +#define LibHashInit() +// This definition would change if there were something to report +#define HashLibSimulationEnd() + +#endif // HASH_LIB_DEFINED diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ossl/TpmToOsslMath.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ossl/TpmToOsslMath.h new file mode 100644 index 000000000..39cb472fd --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ossl/TpmToOsslMath.h @@ -0,0 +1,127 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +//** Introduction +// This file contains the structure definitions used for ECC in the LibTomCrypt +// version of the code. These definitions would change, based on the library. +// The ECC-related structures that cross the TPM interface are defined +// in TpmTypes.h +// + +#ifndef MATH_LIB_DEFINED +#define MATH_LIB_DEFINED + +#define MATH_LIB_OSSL + +#include +#include +#if 0 // OPENSSL_VERSION_NUMBER >= 0x10200000L + // Check the bignum_st definition in crypto/bn/bn_lcl.h and either update the + // version check or provide the new definition for this version. +# error Untested OpenSSL version +#elif OPENSSL_VERSION_NUMBER >= 0x10100000L + // from crypto/bn/bn_lcl.h + struct bignum_st { + BN_ULONG *d; /* Pointer to an array of 'BN_BITS2' bit + * chunks. */ + int top; /* Index of last used d +1. */ + /* The next are internal book keeping for bn_expand. */ + int dmax; /* Size of the d array. */ + int neg; /* one if the number is negative */ + int flags; + }; +#endif // OPENSSL_VERSION_NUMBER +#include + +//** Macros and Defines + +// Make sure that the library is using the correct size for a crypt word +#if defined THIRTY_TWO_BIT && (RADIX_BITS != 32) \ + || ((defined SIXTY_FOUR_BIT_LONG || defined SIXTY_FOUR_BIT) \ + && (RADIX_BITS != 64)) +# error Ossl library is using different radix +#endif + +// Allocate a local BIGNUM value. For the allocation, a bigNum structure is created +// as is a local BIGNUM. The bigNum is initialized and then the BIGNUM is +// set to reference the local value. +#define BIG_VAR(name, bits) \ + BN_VAR(name##Bn, (bits)); \ + BIGNUM _##name; \ + BIGNUM *name = BigInitialized(&_##name, \ + BnInit(name##Bn, \ + BYTES_TO_CRYPT_WORDS(sizeof(_##name##Bn.d)))) + +// Allocate a BIGNUM and initialize with the values in a bigNum initializer +#define BIG_INITIALIZED(name, initializer) \ + BIGNUM _##name; \ + BIGNUM *name = BigInitialized(&_##name, initializer) + + +typedef struct +{ + const ECC_CURVE_DATA *C; // the TPM curve values + EC_GROUP *G; // group parameters + BN_CTX *CTX; // the context for the math (this might not be + // the context in which the curve was created>; +} OSSL_CURVE_DATA; + +typedef OSSL_CURVE_DATA *bigCurve; + +#define AccessCurveData(E) ((E)->C) + + +#include "TpmToOsslSupport_fp.h" + +// Start and end a context within which the OpenSSL memory management works +#define OSSL_ENTER() BN_CTX *CTX = OsslContextEnter() +#define OSSL_LEAVE() OsslContextLeave(CTX) + +// Start and end a context that spans multiple ECC functions. This is used so that +// the group for the curve can persist across multiple frames. +#define CURVE_INITIALIZED(name, initializer) \ + OSSL_CURVE_DATA _##name; \ + bigCurve name = BnCurveInitialize(&_##name, initializer) +#define CURVE_FREE(name) BnCurveFree(name) + +// Start and end a local stack frame within the context of the curve frame +#define ECC_ENTER() BN_CTX *CTX = OsslPushContext(E->CTX) +#define ECC_LEAVE() OsslPopContext(CTX) + +#define BN_NEW() BnNewVariable(CTX) + +// This definition would change if there were something to report +#define MathLibSimulationEnd() + +#endif // MATH_LIB_DEFINED diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ossl/TpmToOsslSym.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ossl/TpmToOsslSym.h new file mode 100644 index 000000000..e65365d7a --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ossl/TpmToOsslSym.h @@ -0,0 +1,120 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +//** Introduction +// +// This header file is used to 'splice' the OpenSSL library into the TPM code. +// +// The support required of a library are a hash module, a block cipher module and +// portions of a big number library. + +#ifndef SYM_LIB_DEFINED +#define SYM_LIB_DEFINED + +#define SYM_LIB_OSSL + +#include +#include +#include +#include + +//*************************************************************** +//** Links to the OpenSSL AES code +//*************************************************************** + +#if ALG_SM4 +#error "SM4 is not available" +#endif + +#if ALG_CAMELLIA +#error "Camellia is not available" +#endif + +// Define the order of parameters to the library functions that do block encryption +// and decryption. +typedef void(*TpmCryptSetSymKeyCall_t)( + const BYTE *in, + BYTE *out, + void *keySchedule + ); + +// The Crypt functions that call the block encryption function use the parameters +// in the order: +// 1) keySchedule +// 2) in buffer +// 3) out buffer +// Since open SSL uses the order in encryptoCall_t above, need to swizzle the +// values to the order required by the library. +#define SWIZZLE(keySchedule, in, out) \ + (const BYTE *)(in), (BYTE *)(out), (void *)(keySchedule) + +// Macros to set up the encryption/decryption key schedules +// +// AES: +#define TpmCryptSetEncryptKeyAES(key, keySizeInBits, schedule) \ + AES_set_encrypt_key((key), (keySizeInBits), (tpmKeyScheduleAES *)(schedule)) +#define TpmCryptSetDecryptKeyAES(key, keySizeInBits, schedule) \ + AES_set_decrypt_key((key), (keySizeInBits), (tpmKeyScheduleAES *)(schedule)) + +// TDES: +#define TpmCryptSetEncryptKeyTDES(key, keySizeInBits, schedule) \ + TDES_set_encrypt_key((key), (keySizeInBits), (tpmKeyScheduleTDES *)(schedule)) +#define TpmCryptSetDecryptKeyTDES(key, keySizeInBits, schedule) \ + TDES_set_encrypt_key((key), (keySizeInBits), (tpmKeyScheduleTDES *)(schedule)) + +// Macros to alias encryption calls to specific algorithms. This should be used +// sparingly. Currently, only used by CryptRand.c +// +// When using these calls, to call the AES block encryption code, the caller +// should use: +// TpmCryptEncryptAES(SWIZZLE(keySchedule, in, out)); +#define TpmCryptEncryptAES AES_encrypt +#define TpmCryptDecryptAES AES_decrypt +#define tpmKeyScheduleAES AES_KEY + + +#define TpmCryptEncryptTDES TDES_encrypt +#define TpmCryptDecryptTDES TDES_decrypt +#define tpmKeyScheduleTDES DES_key_schedule + +typedef union tpmCryptKeySchedule_t tpmCryptKeySchedule_t; + +#if ALG_TDES +#include "TpmToOsslDesSupport_fp.h" +#endif + +// This definition would change if there were something to report +#define SymLibSimulationEnd() + +#endif // SYM_LIB_DEFINED diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/PRNG_TestVectors.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/PRNG_TestVectors.h new file mode 100644 index 000000000..96c7f5b48 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/PRNG_TestVectors.h @@ -0,0 +1,140 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#ifndef _MSBN_DRBG_TEST_VECTORS_H +#define _MSBN_DRBG_TEST_VECTORS_H + +//#if DRBG_ALGORITHM == TPM_ALG_AES && DRBG_KEY_BITS == 256 +#if DRBG_KEY_SIZE_BITS == 256 + +/*(NIST test vector) +[AES-256 no df] +[PredictionResistance = False] +[EntropyInputLen = 384] +[NonceLen = 128] +[PersonalizationStringLen = 0] +[AdditionalInputLen = 0] + +COUNT = 0 +EntropyInput = 0d15aa80 b16c3a10 906cfedb 795dae0b 5b81041c 5c5bfacb + 373d4440 d9120f7e 3d6cf909 86cf52d8 5d3e947d 8c061f91 +Nonce = 06caef5f b538e08e 1f3b0452 03f8f4b2 +PersonalizationString = +AdditionalInput = + INTERMEDIATE Key = be5df629 34cc1230 166a6773 345bbd6b + 4c8869cf 8aec1c3b 1aa98bca 37cacf61 + INTERMEDIATE V = 3182dd1e 7638ec70 014e93bd 813e524c + INTERMEDIATE ReturnedBits = 28e0ebb8 21016650 8c8f65f2 207bd0a3 +EntropyInputReseed = 6ee793a3 3955d72a d12fd80a 8a3fcf95 ed3b4dac 5795fe25 + cf869f7c 27573bbc 56f1acae 13a65042 b340093c 464a7a22 +AdditionalInputReseed = +AdditionalInput = +ReturnedBits = 946f5182 d54510b9 461248f5 71ca06c9 +*/ + + +// Entropy is the size of the state. The state is the size of the key +// plus the IV. The IV is a block. If Key = 256 and Block = 128 then State = 384 +# define DRBG_TEST_INITIATE_ENTROPY \ + 0x0d, 0x15, 0xaa, 0x80, 0xb1, 0x6c, 0x3a, 0x10, \ + 0x90, 0x6c, 0xfe, 0xdb, 0x79, 0x5d, 0xae, 0x0b, \ + 0x5b, 0x81, 0x04, 0x1c, 0x5c, 0x5b, 0xfa, 0xcb, \ + 0x37, 0x3d, 0x44, 0x40, 0xd9, 0x12, 0x0f, 0x7e, \ + 0x3d, 0x6c, 0xf9, 0x09, 0x86, 0xcf, 0x52, 0xd8, \ + 0x5d, 0x3e, 0x94, 0x7d, 0x8c, 0x06, 0x1f, 0x91 + +# define DRBG_TEST_RESEED_ENTROPY \ + 0x6e, 0xe7, 0x93, 0xa3, 0x39, 0x55, 0xd7, 0x2a, \ + 0xd1, 0x2f, 0xd8, 0x0a, 0x8a, 0x3f, 0xcf, 0x95, \ + 0xed, 0x3b, 0x4d, 0xac, 0x57, 0x95, 0xfe, 0x25, \ + 0xcf, 0x86, 0x9f, 0x7c, 0x27, 0x57, 0x3b, 0xbc, \ + 0x56, 0xf1, 0xac, 0xae, 0x13, 0xa6, 0x50, 0x42, \ + 0xb3, 0x40, 0x09, 0x3c, 0x46, 0x4a, 0x7a, 0x22 + +# define DRBG_TEST_GENERATED_INTERM \ + 0x28, 0xe0, 0xeb, 0xb8, 0x21, 0x01, 0x66, 0x50, \ + 0x8c, 0x8f, 0x65, 0xf2, 0x20, 0x7b, 0xd0, 0xa3 + + +# define DRBG_TEST_GENERATED \ + 0x94, 0x6f, 0x51, 0x82, 0xd5, 0x45, 0x10, 0xb9, \ + 0x46, 0x12, 0x48, 0xf5, 0x71, 0xca, 0x06, 0xc9 +#elif DRBG_KEY_SIZE_BITS == 128 +/*(NIST test vector) +[AES-128 no df] +[PredictionResistance = False] +[EntropyInputLen = 256] +[NonceLen = 64] +[PersonalizationStringLen = 0] +[AdditionalInputLen = 0] + +COUNT = 0 +EntropyInput = 8fc11bdb5aabb7e093b61428e0907303cb459f3b600dad870955f22da80a44f8 +Nonce = be1f73885ddd15aa +PersonalizationString = +AdditionalInput = + INTERMEDIATE Key = b134ecc836df6dbd624900af118dd7e6 + INTERMEDIATE V = 01bb09e86dabd75c9f26dbf6f9531368 + INTERMEDIATE ReturnedBits = dc3cf6bf5bd341135f2c6811a1071c87 +EntropyInputReseed = + 0cd53cd5eccd5a10d7ea266111259b05574fc6ddd8bed8bd72378cf82f1dba2a +AdditionalInputReseed = +AdditionalInput = +ReturnedBits = b61850decfd7106d44769a8e6e8c1ad4 +*/ + +# define DRBG_TEST_INITIATE_ENTROPY \ + 0x8f, 0xc1, 0x1b, 0xdb, 0x5a, 0xab, 0xb7, 0xe0, \ + 0x93, 0xb6, 0x14, 0x28, 0xe0, 0x90, 0x73, 0x03, \ + 0xcb, 0x45, 0x9f, 0x3b, 0x60, 0x0d, 0xad, 0x87, \ + 0x09, 0x55, 0xf2, 0x2d, 0xa8, 0x0a, 0x44, 0xf8 + +# define DRBG_TEST_RESEED_ENTROPY \ + 0x0c, 0xd5, 0x3c, 0xd5, 0xec, 0xcd, 0x5a, 0x10, \ + 0xd7, 0xea, 0x26, 0x61, 0x11, 0x25, 0x9b, 0x05, \ + 0x57, 0x4f, 0xc6, 0xdd, 0xd8, 0xbe, 0xd8, 0xbd, \ + 0x72, 0x37, 0x8c, 0xf8, 0x2f, 0x1d, 0xba, 0x2a + +#define DRBG_TEST_GENERATED_INTERM \ + 0xdc, 0x3c, 0xf6, 0xbf, 0x5b, 0xd3, 0x41, 0x13, \ + 0x5f, 0x2c, 0x68, 0x11, 0xa1, 0x07, 0x1c, 0x87 + +# define DRBG_TEST_GENERATED \ + 0xb6, 0x18, 0x50, 0xde, 0xcf, 0xd7, 0x10, 0x6d, \ + 0x44, 0x76, 0x9a, 0x8e, 0x6e, 0x8c, 0x1a, 0xd4 + +#endif + + +#endif // _MSBN_DRBG_TEST_VECTORS_H \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/RsaTestData.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/RsaTestData.h new file mode 100644 index 000000000..9721daa35 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/RsaTestData.h @@ -0,0 +1,423 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +// +// RSA Test Vectors + +#define RSA_TEST_KEY_SIZE 256 + +typedef struct +{ + UINT16 size; + BYTE buffer[RSA_TEST_KEY_SIZE]; +} TPM2B_RSA_TEST_KEY; + +typedef TPM2B_RSA_TEST_KEY TPM2B_RSA_TEST_VALUE; + +typedef struct +{ + UINT16 size; + BYTE buffer[RSA_TEST_KEY_SIZE / 2]; +} TPM2B_RSA_TEST_PRIME; + +const TPM2B_RSA_TEST_KEY c_rsaPublicModulus = {256, { + 0x91,0x12,0xf5,0x07,0x9d,0x5f,0x6b,0x1c,0x90,0xf6,0xcc,0x87,0xde,0x3a,0x7a,0x15, + 0xdc,0x54,0x07,0x6c,0x26,0x8f,0x25,0xef,0x7e,0x66,0xc0,0xe3,0x82,0x12,0x2f,0xab, + 0x52,0x82,0x1e,0x85,0xbc,0x53,0xba,0x2b,0x01,0xad,0x01,0xc7,0x8d,0x46,0x4f,0x7d, + 0xdd,0x7e,0xdc,0xb0,0xad,0xf6,0x0c,0xa1,0x62,0x92,0x97,0x8a,0x3e,0x6f,0x7e,0x3e, + 0xf6,0x9a,0xcc,0xf9,0xa9,0x86,0x77,0xb6,0x85,0x43,0x42,0x04,0x13,0x65,0xe2,0xad, + 0x36,0xc9,0xbf,0xc1,0x97,0x84,0x6f,0xee,0x7c,0xda,0x58,0xd2,0xae,0x07,0x00,0xaf, + 0xc5,0x5f,0x4d,0x3a,0x98,0xb0,0xed,0x27,0x7c,0xc2,0xce,0x26,0x5d,0x87,0xe1,0xe3, + 0xa9,0x69,0x88,0x4f,0x8c,0x08,0x31,0x18,0xae,0x93,0x16,0xe3,0x74,0xde,0xd3,0xf6, + 0x16,0xaf,0xa3,0xac,0x37,0x91,0x8d,0x10,0xc6,0x6b,0x64,0x14,0x3a,0xd9,0xfc,0xe4, + 0xa0,0xf2,0xd1,0x01,0x37,0x4f,0x4a,0xeb,0xe5,0xec,0x98,0xc5,0xd9,0x4b,0x30,0xd2, + 0x80,0x2a,0x5a,0x18,0x5a,0x7d,0xd4,0x3d,0xb7,0x62,0x98,0xce,0x6d,0xa2,0x02,0x6e, + 0x45,0xaa,0x95,0x73,0xe0,0xaa,0x75,0x57,0xb1,0x3d,0x1b,0x05,0x75,0x23,0x6b,0x20, + 0x69,0x9e,0x14,0xb0,0x7f,0xac,0xae,0xd2,0xc7,0x48,0x3b,0xe4,0x56,0x11,0x34,0x1e, + 0x05,0x1a,0x30,0x20,0xef,0x68,0x93,0x6b,0x9d,0x7e,0xdd,0xba,0x96,0x50,0xcc,0x1c, + 0x81,0xb4,0x59,0xb9,0x74,0x36,0xd9,0x97,0xdc,0x8f,0x17,0x82,0x72,0xb3,0x59,0xf6, + 0x23,0xfa,0x84,0xf7,0x6d,0xf2,0x05,0xff,0xf1,0xb9,0xcc,0xe9,0xa2,0x82,0x01,0xfb}}; + +const TPM2B_RSA_TEST_PRIME c_rsaPrivatePrime = {RSA_TEST_KEY_SIZE / 2, { + 0xb7,0xa0,0x90,0xc7,0x92,0x09,0xde,0x71,0x03,0x37,0x4a,0xb5,0x2f,0xda,0x61,0xb8, + 0x09,0x1b,0xba,0x99,0x70,0x45,0xc1,0x0b,0x15,0x12,0x71,0x8a,0xb3,0x2a,0x4d,0x5a, + 0x41,0x9b,0x73,0x89,0x80,0x0a,0x8f,0x18,0x4c,0x8b,0xa2,0x5b,0xda,0xbd,0x43,0xbe, + 0xdc,0x76,0x4d,0x71,0x0f,0xb9,0xfc,0x7a,0x09,0xfe,0x4f,0xac,0x63,0xd9,0x2e,0x50, + 0x3a,0xa1,0x37,0xc6,0xf2,0xa1,0x89,0x12,0xe7,0x72,0x64,0x2b,0xba,0xc1,0x1f,0xca, + 0x9d,0xb7,0xaa,0x3a,0xa9,0xd3,0xa6,0x6f,0x73,0x02,0xbb,0x85,0x5d,0x9a,0xb9,0x5c, + 0x08,0x83,0x22,0x20,0x49,0x91,0x5f,0x4b,0x86,0xbc,0x3f,0x76,0x43,0x08,0x97,0xbf, + 0x82,0x55,0x36,0x2d,0x8b,0x6e,0x9e,0xfb,0xc1,0x67,0x6a,0x43,0xa2,0x46,0x81,0x71}}; + +const BYTE c_RsaTestValue[RSA_TEST_KEY_SIZE] = { + 0x2a,0x24,0x3a,0xbb,0x50,0x1d,0xd4,0x2a,0xf9,0x18,0x32,0x34,0xa2,0x0f,0xea,0x5c, + 0x91,0x77,0xe9,0xe1,0x09,0x83,0xdc,0x5f,0x71,0x64,0x5b,0xeb,0x57,0x79,0xa0,0x41, + 0xc9,0xe4,0x5a,0x0b,0xf4,0x9f,0xdb,0x84,0x04,0xa6,0x48,0x24,0xf6,0x3f,0x66,0x1f, + 0xa8,0x04,0x5c,0xf0,0x7a,0x6b,0x4a,0x9c,0x7e,0x21,0xb6,0xda,0x6b,0x65,0x9c,0x3a, + 0x68,0x50,0x13,0x1e,0xa4,0xb7,0xca,0xec,0xd3,0xcc,0xb2,0x9b,0x8c,0x87,0xa4,0x6a, + 0xba,0xc2,0x06,0x3f,0x40,0x48,0x7b,0xa8,0xb8,0x2c,0x03,0x14,0x33,0xf3,0x1d,0xe9, + 0xbd,0x6f,0x54,0x66,0xb4,0x69,0x5e,0xbc,0x80,0x7c,0xe9,0x6a,0x43,0x7f,0xb8,0x6a, + 0xa0,0x5f,0x5d,0x7a,0x20,0xfd,0x7a,0x39,0xe1,0xea,0x0e,0x94,0x91,0x28,0x63,0x7a, + 0xac,0xc9,0xa5,0x3a,0x6d,0x31,0x7b,0x7c,0x54,0x56,0x99,0x56,0xbb,0xb7,0xa1,0x2d, + 0xd2,0x5c,0x91,0x5f,0x1c,0xd3,0x06,0x7f,0x34,0x53,0x2f,0x4c,0xd1,0x8b,0xd2,0x9e, + 0xdc,0xc3,0x94,0x0a,0xe1,0x0f,0xa5,0x15,0x46,0x2a,0x8e,0x10,0xc2,0xfe,0xb7,0x5e, + 0x2d,0x0d,0xd1,0x25,0xfc,0xe4,0xf7,0x02,0x19,0xfe,0xb6,0xe4,0x95,0x9c,0x17,0x4a, + 0x9b,0xdb,0xab,0xc7,0x79,0xe3,0x5e,0x40,0xd0,0x56,0x6d,0x25,0x0a,0x72,0x65,0x80, + 0x92,0x9a,0xa8,0x07,0x70,0x32,0x14,0xfb,0xfe,0x08,0xeb,0x13,0xb4,0x07,0x68,0xb4, + 0x58,0x39,0xbe,0x8e,0x78,0x3a,0x59,0x3f,0x9c,0x4c,0xe9,0xa8,0x64,0x68,0xf7,0xb9, + 0x6e,0x20,0xf5,0xcb,0xca,0x47,0xf2,0x17,0xaa,0x8b,0xbc,0x13,0x14,0x84,0xf6,0xab}; + +const TPM2B_RSA_TEST_VALUE c_RsaepKvt = {RSA_TEST_KEY_SIZE, { + 0x73,0xbd,0x65,0x49,0xda,0x7b,0xb8,0x50,0x9e,0x87,0xf0,0x0a,0x8a,0x9a,0x07,0xb6, + 0x00,0x82,0x10,0x14,0x60,0xd8,0x01,0xfc,0xc5,0x18,0xea,0x49,0x5f,0x13,0xcf,0x65, + 0x66,0x30,0x6c,0x60,0x3f,0x24,0x3c,0xfb,0xe2,0x31,0x16,0x99,0x7e,0x31,0x98,0xab, + 0x93,0xb8,0x07,0x53,0xcc,0xdb,0x7f,0x44,0xd9,0xee,0x5d,0xe8,0x5f,0x97,0x5f,0xe8, + 0x1f,0x88,0x52,0x24,0x7b,0xac,0x62,0x95,0xb7,0x7d,0xf5,0xf8,0x9f,0x5a,0xa8,0x24, + 0x9a,0x76,0x71,0x2a,0x35,0x2a,0xa1,0x08,0xbb,0x95,0xe3,0x64,0xdc,0xdb,0xc2,0x33, + 0xa9,0x5f,0xbe,0x4c,0xc4,0xcc,0x28,0xc9,0x25,0xff,0xee,0x17,0x15,0x9a,0x50,0x90, + 0x0e,0x15,0xb4,0xea,0x6a,0x09,0xe6,0xff,0xa4,0xee,0xc7,0x7e,0xce,0xa9,0x73,0xe4, + 0xa0,0x56,0xbd,0x53,0x2a,0xe4,0xc0,0x2b,0xa8,0x9b,0x09,0x30,0x72,0x62,0x0f,0xf9, + 0xf6,0xa1,0x52,0xd2,0x8a,0x37,0xee,0xa5,0xc8,0x47,0xe1,0x99,0x21,0x47,0xeb,0xdd, + 0x37,0xaa,0xe4,0xbd,0x55,0x46,0x5a,0x5a,0x5d,0xfb,0x7b,0xfc,0xff,0xbf,0x26,0x71, + 0xf6,0x1e,0xad,0xbc,0xbf,0x33,0xca,0xe1,0x92,0x8f,0x2a,0x89,0x6c,0x45,0x24,0xd1, + 0xa6,0x52,0x56,0x24,0x5e,0x90,0x47,0xe5,0xcb,0x12,0xb0,0x32,0xf9,0xa6,0xbb,0xea, + 0x37,0xa9,0xbd,0xef,0x23,0xef,0x63,0x07,0x6c,0xc4,0x4e,0x64,0x3c,0xc6,0x11,0x84, + 0x7d,0x65,0xd6,0x5d,0x7a,0x17,0x58,0xa5,0xf7,0x74,0x3b,0x42,0xe3,0xd2,0xda,0x5f, + 0x6f,0xe0,0x1e,0x4b,0xcf,0x46,0xe2,0xdf,0x3e,0x41,0x8e,0x0e,0xb0,0x3f,0x8b,0x65}}; + +#define OAEP_TEST_LABEL "OAEP Test Value" + +#if ALG_SHA1_VALUE == DEFAULT_TEST_HASH + +const TPM2B_RSA_TEST_VALUE c_OaepKvt = {RSA_TEST_KEY_SIZE, { + 0x32,0x68,0x84,0x0b,0x9c,0xc9,0x25,0x26,0xd9,0xc0,0xd0,0xb1,0xde,0x60,0x55,0xae, + 0x33,0xe5,0xcf,0x6c,0x85,0xbe,0x0d,0x71,0x11,0xe1,0x45,0x60,0xbb,0x42,0x3d,0xf3, + 0xb1,0x18,0x84,0x7b,0xc6,0x5d,0xce,0x1d,0x5f,0x9a,0x97,0xcf,0xb1,0x97,0x9a,0x85, + 0x7c,0xa7,0xa1,0x63,0x23,0xb6,0x74,0x0f,0x1a,0xee,0x29,0x51,0xeb,0x50,0x8f,0x3c, + 0x8e,0x4e,0x31,0x38,0xdc,0x11,0xfc,0x9a,0x4e,0xaf,0x93,0xc9,0x7f,0x6e,0x35,0xf3, + 0xc9,0xe4,0x89,0x14,0x53,0xe2,0xc2,0x1a,0xf7,0x6b,0x9b,0xf0,0x7a,0xa4,0x69,0x52, + 0xe0,0x24,0x8f,0xea,0x31,0xa7,0x5c,0x43,0xb0,0x65,0xc9,0xfe,0xba,0xfe,0x80,0x9e, + 0xa5,0xc0,0xf5,0x8d,0xce,0x41,0xf9,0x83,0x0d,0x8e,0x0f,0xef,0x3d,0x1f,0x6a,0xcc, + 0x8a,0x3d,0x3b,0xdf,0x22,0x38,0xd7,0x34,0x58,0x7b,0x55,0xc9,0xf6,0xbc,0x7c,0x4c, + 0x3f,0xd7,0xde,0x4e,0x30,0xa9,0x69,0xf3,0x5f,0x56,0x8f,0xc2,0xe7,0x75,0x79,0xb8, + 0xa5,0xc8,0x0d,0xc0,0xcd,0xb6,0xc9,0x63,0xad,0x7c,0xe4,0x8f,0x39,0x60,0x4d,0x7d, + 0xdb,0x34,0x49,0x2a,0x47,0xde,0xc0,0x42,0x4a,0x19,0x94,0x2e,0x50,0x21,0x03,0x47, + 0xff,0x73,0xb3,0xb7,0x89,0xcc,0x7b,0x2c,0xeb,0x03,0xa7,0x9a,0x06,0xfd,0xed,0x19, + 0xbb,0x82,0xa0,0x13,0xe9,0xfa,0xac,0x06,0x5f,0xc5,0xa9,0x2b,0xda,0x88,0x23,0xa2, + 0x5d,0xc2,0x7f,0xda,0xc8,0x5a,0x94,0x31,0xc1,0x21,0xd7,0x1e,0x6b,0xd7,0x89,0xb1, + 0x93,0x80,0xab,0xd1,0x37,0xf2,0x6f,0x50,0xcd,0x2a,0xea,0xb1,0xc4,0xcd,0xcb,0xb5}}; + +const TPM2B_RSA_TEST_VALUE c_RsaesKvt = {RSA_TEST_KEY_SIZE, { + 0x29,0xa4,0x2f,0xbb,0x8a,0x14,0x05,0x1e,0x3c,0x72,0x76,0x77,0x38,0xe7,0x73,0xe3, + 0x6e,0x24,0x4b,0x38,0xd2,0x1a,0xcf,0x23,0x58,0x78,0x36,0x82,0x23,0x6e,0x6b,0xef, + 0x2c,0x3d,0xf2,0xe8,0xd6,0xc6,0x87,0x8e,0x78,0x9b,0x27,0x39,0xc0,0xd6,0xef,0x4d, + 0x0b,0xfc,0x51,0x27,0x18,0xf3,0x51,0x5e,0x4d,0x96,0x3a,0xe2,0x15,0xe2,0x7e,0x42, + 0xf4,0x16,0xd5,0xc6,0x52,0x5d,0x17,0x44,0x76,0x09,0x7a,0xcf,0xe3,0x30,0xe3,0x84, + 0xf6,0x6f,0x3a,0x33,0xfb,0x32,0x0d,0x1d,0xe7,0x7c,0x80,0x82,0x4f,0xed,0xda,0x87, + 0x11,0x9c,0xc3,0x7e,0x85,0xbd,0x18,0x58,0x08,0x2b,0x23,0x37,0xe7,0x9d,0xd0,0xd1, + 0x79,0xe2,0x05,0xbd,0xf5,0x4f,0x0e,0x0f,0xdb,0x4a,0x74,0xeb,0x09,0x01,0xb3,0xca, + 0xbd,0xa6,0x7b,0x09,0xb1,0x13,0x77,0x30,0x4d,0x87,0x41,0x06,0x57,0x2e,0x5f,0x36, + 0x6e,0xfc,0x35,0x69,0xfe,0x0a,0x24,0x6c,0x98,0x8c,0xda,0x97,0xf4,0xfb,0xc7,0x83, + 0x2d,0x3e,0x7d,0xc0,0x5c,0x34,0xfd,0x11,0x2a,0x12,0xa7,0xae,0x4a,0xde,0xc8,0x4e, + 0xcf,0xf4,0x85,0x63,0x77,0xc6,0x33,0x34,0xe0,0x27,0xe4,0x9e,0x91,0x0b,0x4b,0x85, + 0xf0,0xb0,0x79,0xaa,0x7c,0xc6,0xff,0x3b,0xbc,0x04,0x73,0xb8,0x95,0xd7,0x31,0x54, + 0x3b,0x56,0xec,0x52,0x15,0xd7,0x3e,0x62,0xf5,0x82,0x99,0x3e,0x2a,0xc0,0x4b,0x2e, + 0x06,0x57,0x6d,0x3f,0x3e,0x77,0x1f,0x2b,0x2d,0xc5,0xb9,0x3b,0x68,0x56,0x73,0x70, + 0x32,0x6b,0x6b,0x65,0x25,0x76,0x45,0x6c,0x45,0xf1,0x6c,0x59,0xfc,0x94,0xa7,0x15}}; + +const TPM2B_RSA_TEST_VALUE c_RsapssKvt = {RSA_TEST_KEY_SIZE, { + 0x01,0xfe,0xd5,0x83,0x0b,0x15,0xba,0x90,0x2c,0xdf,0xf7,0x26,0xb7,0x8f,0xb1,0xd7, + 0x0b,0xfd,0x83,0xf9,0x95,0xd5,0xd7,0xb5,0xc5,0xc5,0x4a,0xde,0xd5,0xe6,0x20,0x78, + 0xca,0x73,0x77,0x3d,0x61,0x36,0x48,0xae,0x3e,0x8f,0xee,0x43,0x29,0x96,0xdf,0x3f, + 0x1c,0x97,0x5a,0xbe,0xe5,0xa2,0x7e,0x5b,0xd0,0xc0,0x29,0x39,0x83,0x81,0x77,0x24, + 0x43,0xdb,0x3c,0x64,0x4d,0xf0,0x23,0xe4,0xae,0x0f,0x78,0x31,0x8c,0xda,0x0c,0xec, + 0xf1,0xdf,0x09,0xf2,0x14,0x6a,0x4d,0xaf,0x36,0x81,0x6e,0xbd,0xbe,0x36,0x79,0x88, + 0x98,0xb6,0x6f,0x5a,0xad,0xcf,0x7c,0xee,0xe0,0xdd,0x00,0xbe,0x59,0x97,0x88,0x00, + 0x34,0xc0,0x8b,0x48,0x42,0x05,0x04,0x5a,0xb7,0x85,0x38,0xa0,0x35,0xd7,0x3b,0x51, + 0xb8,0x7b,0x81,0x83,0xee,0xff,0x76,0x6f,0x50,0x39,0x4d,0xab,0x89,0x63,0x07,0x6d, + 0xf5,0xe5,0x01,0x10,0x56,0xfe,0x93,0x06,0x8f,0xd3,0xc9,0x41,0xab,0xc9,0xdf,0x6e, + 0x59,0xa8,0xc3,0x1d,0xbf,0x96,0x4a,0x59,0x80,0x3c,0x90,0x3a,0x59,0x56,0x4c,0x6d, + 0x44,0x6d,0xeb,0xdc,0x73,0xcd,0xc1,0xec,0xb8,0x41,0xbf,0x89,0x8c,0x03,0x69,0x4c, + 0xaf,0x3f,0xc1,0xc5,0xc7,0xe7,0x7d,0xa7,0x83,0x39,0x70,0xa2,0x6b,0x83,0xbc,0xbe, + 0xf5,0xbf,0x1c,0xee,0x6e,0xa3,0x22,0x1e,0x25,0x2f,0x16,0x68,0x69,0x5a,0x1d,0xfa, + 0x2c,0x3a,0x0f,0x67,0xe1,0x77,0x12,0xe8,0x3d,0xba,0xaa,0xef,0x96,0x9c,0x1f,0x64, + 0x32,0xf4,0xa7,0xb3,0x3f,0x7d,0x61,0xbb,0x9a,0x27,0xad,0xfb,0x2f,0x33,0xc4,0x70}}; + +const TPM2B_RSA_TEST_VALUE c_RsassaKvt = {RSA_TEST_KEY_SIZE, { + 0x67,0x4e,0xdd,0xc2,0xd2,0x6d,0xe0,0x03,0xc4,0xc2,0x41,0xd3,0xd4,0x61,0x30,0xd0, + 0xe1,0x68,0x31,0x4a,0xda,0xd9,0xc2,0x5d,0xaa,0xa2,0x7b,0xfb,0x44,0x02,0xf5,0xd6, + 0xd8,0x2e,0xcd,0x13,0x36,0xc9,0x4b,0xdb,0x1a,0x4b,0x66,0x1b,0x4f,0x9c,0xb7,0x17, + 0xac,0x53,0x37,0x4f,0x21,0xbd,0x0c,0x66,0xac,0x06,0x65,0x52,0x9f,0x04,0xf6,0xa5, + 0x22,0x5b,0xf7,0xe6,0x0d,0x3c,0x9f,0x41,0x19,0x09,0x88,0x7c,0x41,0x4c,0x2f,0x9c, + 0x8b,0x3c,0xdd,0x7c,0x28,0x78,0x24,0xd2,0x09,0xa6,0x5b,0xf7,0x3c,0x88,0x7e,0x73, + 0x5a,0x2d,0x36,0x02,0x4f,0x65,0xb0,0xcb,0xc8,0xdc,0xac,0xa2,0xda,0x8b,0x84,0x91, + 0x71,0xe4,0x30,0x8b,0xb6,0x12,0xf2,0xf0,0xd0,0xa0,0x38,0xcf,0x75,0xb7,0x20,0xcb, + 0x35,0x51,0x52,0x6b,0xc4,0xf4,0x21,0x95,0xc2,0xf7,0x9a,0x13,0xc1,0x1a,0x7b,0x8f, + 0x77,0xda,0x19,0x48,0xbb,0x6d,0x14,0x5d,0xba,0x65,0xb4,0x9e,0x43,0x42,0x58,0x98, + 0x0b,0x91,0x46,0xd8,0x4c,0xf3,0x4c,0xaf,0x2e,0x02,0xa6,0xb2,0x49,0x12,0x62,0x43, + 0x4e,0xa8,0xac,0xbf,0xfd,0xfa,0x37,0x24,0xea,0x69,0x1c,0xf5,0xae,0xfa,0x08,0x82, + 0x30,0xc3,0xc0,0xf8,0x9a,0x89,0x33,0xe1,0x40,0x6d,0x18,0x5c,0x7b,0x90,0x48,0xbf, + 0x37,0xdb,0xea,0xfb,0x0e,0xd4,0x2e,0x11,0xfa,0xa9,0x86,0xff,0x00,0x0b,0x7b,0xca, + 0x09,0x64,0x6a,0x8f,0x0c,0x0e,0x09,0x14,0x36,0x4a,0x74,0x31,0x18,0x5b,0x18,0xeb, + 0xea,0x83,0xc3,0x66,0x68,0xa6,0x7d,0x43,0x06,0x0f,0x99,0x60,0xce,0x65,0x08,0xf6}}; + +#endif // SHA1 + +#if ALG_SHA256_VALUE == DEFAULT_TEST_HASH + +const TPM2B_RSA_TEST_VALUE c_OaepKvt = {RSA_TEST_KEY_SIZE, { + 0x33,0x20,0x6e,0x21,0xc3,0xf6,0xcd,0xf8,0xd7,0x5d,0x9f,0xe9,0x05,0x14,0x8c,0x7c, + 0xbb,0x69,0x24,0x9e,0x52,0x8f,0xaf,0x84,0x73,0x21,0x2c,0x85,0xa5,0x30,0x4d,0xb6, + 0xb8,0xfa,0x15,0x9b,0xc7,0x8f,0xc9,0x7a,0x72,0x4b,0x85,0xa4,0x1c,0xc5,0xd8,0xe4, + 0x92,0xb3,0xec,0xd9,0xa8,0xca,0x5e,0x74,0x73,0x89,0x7f,0xb4,0xac,0x7e,0x68,0x12, + 0xb2,0x53,0x27,0x4b,0xbf,0xd0,0x71,0x69,0x46,0x9f,0xef,0xf4,0x70,0x60,0xf8,0xd7, + 0xae,0xc7,0x5a,0x27,0x38,0x25,0x2d,0x25,0xab,0x96,0x56,0x66,0x3a,0x23,0x40,0xa8, + 0xdb,0xbc,0x86,0xe8,0xf3,0xd2,0x58,0x0b,0x44,0xfc,0x94,0x1e,0xb7,0x5d,0xb4,0x57, + 0xb5,0xf3,0x56,0xee,0x9b,0xcf,0x97,0x91,0x29,0x36,0xe3,0x06,0x13,0xa2,0xea,0xd6, + 0xd6,0x0b,0x86,0x0b,0x1a,0x27,0xe6,0x22,0xc4,0x7b,0xff,0xde,0x0f,0xbf,0x79,0xc8, + 0x1b,0xed,0xf1,0x27,0x62,0xb5,0x8b,0xf9,0xd9,0x76,0x90,0xf6,0xcc,0x83,0x0f,0xce, + 0xce,0x2e,0x63,0x7a,0x9b,0xf4,0x48,0x5b,0xd7,0x81,0x2c,0x3a,0xdb,0x59,0x0d,0x4d, + 0x9e,0x46,0xe9,0x9e,0x92,0x22,0x27,0x1c,0xb0,0x67,0x8a,0xe6,0x8a,0x16,0x8a,0xdf, + 0x95,0x76,0x24,0x82,0xad,0xf1,0xbc,0x97,0xbf,0xd3,0x5e,0x6e,0x14,0x0c,0x5b,0x25, + 0xfe,0x58,0xfa,0x64,0xe5,0x14,0x46,0xb7,0x58,0xc6,0x3f,0x7f,0x42,0xd2,0x8e,0x45, + 0x13,0x41,0x85,0x12,0x2e,0x96,0x19,0xd0,0x5e,0x7d,0x34,0x06,0x32,0x2b,0xc8,0xd9, + 0x0d,0x6c,0x06,0x36,0xa0,0xff,0x47,0x57,0x2c,0x25,0xbc,0x8a,0xa5,0xe2,0xc7,0xe3}}; + +const TPM2B_RSA_TEST_VALUE c_RsaesKvt = {RSA_TEST_KEY_SIZE, { + 0x39,0xfc,0x10,0x5d,0xf4,0x45,0x3d,0x94,0x53,0x06,0x89,0x24,0xe7,0xe8,0xfd,0x03, + 0xac,0xfd,0xbd,0xb2,0x28,0xd3,0x4a,0x52,0xc5,0xd4,0xdb,0x17,0xd4,0x24,0x05,0xc4, + 0xeb,0x6a,0xce,0x1d,0xbb,0x37,0xcb,0x09,0xd8,0x6c,0x83,0x19,0x93,0xd4,0xe2,0x88, + 0x88,0x9b,0xaf,0x92,0x16,0xc4,0x15,0xbd,0x49,0x13,0x22,0xb7,0x84,0xcf,0x23,0xf2, + 0x6f,0x0c,0x3e,0x8f,0xde,0x04,0x09,0x31,0x2d,0x99,0xdf,0xe6,0x74,0x70,0x30,0xde, + 0x8c,0xad,0x32,0x86,0xe2,0x7c,0x12,0x90,0x21,0xf3,0x86,0xb7,0xe2,0x64,0xca,0x98, + 0xcc,0x64,0x4b,0xef,0x57,0x4f,0x5a,0x16,0x6e,0xd7,0x2f,0x5b,0xf6,0x07,0xad,0x33, + 0xb4,0x8f,0x3b,0x3a,0x8b,0xd9,0x06,0x2b,0xed,0x3c,0x3c,0x76,0xf6,0x21,0x31,0xe3, + 0xfb,0x2c,0x45,0x61,0x42,0xba,0xe0,0xc3,0x72,0x63,0xd0,0x6b,0x8f,0x36,0x26,0xfb, + 0x9e,0x89,0x0e,0x44,0x9a,0xc1,0x84,0x5e,0x84,0x8d,0xb6,0xea,0xf1,0x0d,0x66,0xc7, + 0xdb,0x44,0xbd,0x19,0x7c,0x05,0xbe,0xc4,0xab,0x88,0x32,0xbe,0xc7,0x63,0x31,0xe6, + 0x38,0xd4,0xe5,0xb8,0x4b,0xf5,0x0e,0x55,0x9a,0x3a,0xe6,0x0a,0xec,0xee,0xe2,0xa8, + 0x88,0x04,0xf2,0xb8,0xaa,0x5a,0xd8,0x97,0x5d,0xa0,0xa8,0x42,0xfb,0xd9,0xde,0x80, + 0xae,0x4c,0xb3,0xa1,0x90,0x47,0x57,0x03,0x10,0x78,0xa6,0x8f,0x11,0xba,0x4b,0xce, + 0x2d,0x56,0xa4,0xe1,0xbd,0xf8,0xa0,0xa4,0xd5,0x48,0x3c,0x63,0x20,0x00,0x38,0xa0, + 0xd1,0xe6,0x12,0xe9,0x1d,0xd8,0x49,0xe3,0xd5,0x24,0xb5,0xc5,0x3a,0x1f,0xb0,0xd4}}; + +const TPM2B_RSA_TEST_VALUE c_RsapssKvt = {RSA_TEST_KEY_SIZE, { + 0x74,0x89,0x29,0x3e,0x1b,0xac,0xc6,0x85,0xca,0xf0,0x63,0x43,0x30,0x7d,0x1c,0x9b, + 0x2f,0xbd,0x4d,0x69,0x39,0x5e,0x85,0xe2,0xef,0x86,0x0a,0xc6,0x6b,0xa6,0x08,0x19, + 0x6c,0x56,0x38,0x24,0x55,0x92,0x84,0x9b,0x1b,0x8b,0x04,0xcf,0x24,0x14,0x24,0x13, + 0x0e,0x8b,0x82,0x6f,0x96,0xc8,0x9a,0x68,0xfc,0x4c,0x02,0xf0,0xdc,0xcd,0x36,0x25, + 0x31,0xd5,0x82,0xcf,0xc9,0x69,0x72,0xf6,0x1d,0xab,0x68,0x20,0x2e,0x2d,0x19,0x49, + 0xf0,0x2e,0xad,0xd2,0xda,0xaf,0xff,0xb6,0x92,0x83,0x5b,0x8a,0x06,0x2d,0x0c,0x32, + 0x11,0x32,0x3b,0x77,0x17,0xf6,0x50,0xfb,0xf8,0x57,0xc9,0xc7,0x9b,0x9e,0xc6,0xd1, + 0xa9,0x55,0xf0,0x22,0x35,0xda,0xca,0x3c,0x8e,0xc6,0x9a,0xd8,0x25,0xc8,0x5e,0x93, + 0x0d,0xaa,0xa7,0x06,0xaf,0x11,0x29,0x99,0xe7,0x7c,0xee,0x49,0x82,0x30,0xba,0x2c, + 0xe2,0x40,0x8f,0x0a,0xa6,0x7b,0x24,0x75,0xc5,0xcd,0x03,0x12,0xf4,0xb2,0x4b,0x3a, + 0xd1,0x91,0x3c,0x20,0x0e,0x58,0x2b,0x31,0xf8,0x8b,0xee,0xbc,0x1f,0x95,0x35,0x58, + 0x6a,0x73,0xee,0x99,0xb0,0x01,0x42,0x4f,0x66,0xc0,0x66,0xbb,0x35,0x86,0xeb,0xd9, + 0x7b,0x55,0x77,0x2d,0x54,0x78,0x19,0x49,0xe8,0xcc,0xfd,0xb1,0xcb,0x49,0xc9,0xea, + 0x20,0xab,0xed,0xb5,0xed,0xfe,0xb2,0xb5,0xa8,0xcf,0x05,0x06,0xd5,0x7d,0x2b,0xbb, + 0x0b,0x65,0x6b,0x2b,0x6d,0x55,0x95,0x85,0x44,0x8b,0x12,0x05,0xf3,0x4b,0xd4,0x8e, + 0x3d,0x68,0x2d,0x29,0x9c,0x05,0x79,0xd6,0xfc,0x72,0x90,0x6a,0xab,0x46,0x38,0x81}}; + +const TPM2B_RSA_TEST_VALUE c_RsassaKvt = {RSA_TEST_KEY_SIZE, { + 0x8a,0xb1,0x0a,0xb5,0xe4,0x02,0xf7,0xdd,0x45,0x2a,0xcc,0x2b,0x6b,0x8c,0x0e,0x9a, + 0x92,0x4f,0x9b,0xc5,0xe4,0x8b,0x82,0xb9,0xb0,0xd9,0x87,0x8c,0xcb,0xf0,0xb0,0x59, + 0xa5,0x92,0x21,0xa0,0xa7,0x61,0x5c,0xed,0xa8,0x6e,0x22,0x29,0x46,0xc7,0x86,0x37, + 0x4b,0x1b,0x1e,0x94,0x93,0xc8,0x4c,0x17,0x7a,0xae,0x59,0x91,0xf8,0x83,0x84,0xc4, + 0x8c,0x38,0xc2,0x35,0x0e,0x7e,0x50,0x67,0x76,0xe7,0xd3,0xec,0x6f,0x0d,0xa0,0x5c, + 0x2f,0x0a,0x80,0x28,0xd3,0xc5,0x7d,0x2d,0x1a,0x0b,0x96,0xd6,0xe5,0x98,0x05,0x8c, + 0x4d,0xa0,0x1f,0x8c,0xb6,0xfb,0xb1,0xcf,0xe9,0xcb,0x38,0x27,0x60,0x64,0x17,0xca, + 0xf4,0x8b,0x61,0xb7,0x1d,0xb6,0x20,0x9d,0x40,0x2a,0x1c,0xfd,0x55,0x40,0x4b,0x95, + 0x39,0x52,0x18,0x3b,0xab,0x44,0xe8,0x83,0x4b,0x7c,0x47,0xfb,0xed,0x06,0x9c,0xcd, + 0x4f,0xba,0x81,0xd6,0xb7,0x31,0xcf,0x5c,0x23,0xf8,0x25,0xab,0x95,0x77,0x0a,0x8f, + 0x46,0xef,0xfb,0x59,0xb8,0x04,0xd7,0x1e,0xf5,0xaf,0x6a,0x1a,0x26,0x9b,0xae,0xf4, + 0xf5,0x7f,0x84,0x6f,0x3c,0xed,0xf8,0x24,0x0b,0x43,0xd1,0xba,0x74,0x89,0x4e,0x39, + 0xfe,0xab,0xa5,0x16,0xa5,0x28,0xee,0x96,0x84,0x3e,0x16,0x6d,0x5f,0x4e,0x0b,0x7d, + 0x94,0x16,0x1b,0x8c,0xf9,0xaa,0x9b,0xc0,0x49,0x02,0x4c,0x3e,0x62,0xff,0xfe,0xa2, + 0x20,0x33,0x5e,0xa6,0xdd,0xda,0x15,0x2d,0xb7,0xcd,0xda,0xff,0xb1,0x0b,0x45,0x7b, + 0xd3,0xa0,0x42,0x29,0xab,0xa9,0x73,0xe9,0xa4,0xd9,0x8d,0xac,0xa1,0x88,0x2c,0x2d}}; + +#endif // SHA256 + +#if ALG_SHA384_VALUE == DEFAULT_TEST_HASH + +const TPM2B_RSA_TEST_VALUE c_OaepKvt = {RSA_TEST_KEY_SIZE, { + 0x0f,0x3c,0x42,0x4d,0x8c,0x91,0x96,0x05,0x3c,0xfd,0x59,0x3b,0x7f,0x29,0xbc,0x03, + 0x67,0xc1,0xff,0x74,0xe7,0x09,0xf4,0x13,0x45,0xbe,0x13,0x1d,0xc9,0x86,0x94,0xfe, + 0xed,0xa6,0xe8,0x3a,0xcb,0x89,0x4d,0xec,0x86,0x63,0x4c,0xdb,0xf1,0x95,0xee,0xc1, + 0x46,0xc5,0x3b,0xd8,0xf8,0xa2,0x41,0x6a,0x60,0x8b,0x9e,0x5e,0x7f,0x20,0x16,0xe3, + 0x69,0xb6,0x2d,0x92,0xfc,0x60,0xa2,0x74,0x88,0xd5,0xc7,0xa6,0xd1,0xff,0xe3,0x45, + 0x02,0x51,0x39,0xd9,0xf3,0x56,0x0b,0x91,0x80,0xe0,0x6c,0xa8,0xc3,0x78,0xef,0x34, + 0x22,0x8c,0xf5,0xfb,0x47,0x98,0x5d,0x57,0x8e,0x3a,0xb9,0xff,0x92,0x04,0xc7,0xc2, + 0x6e,0xfa,0x14,0xc1,0xb9,0x68,0x15,0x5c,0x12,0xe8,0xa8,0xbe,0xea,0xe8,0x8d,0x9b, + 0x48,0x28,0x35,0xdb,0x4b,0x52,0xc1,0x2d,0x85,0x47,0x83,0xd0,0xe9,0xae,0x90,0x6e, + 0x65,0xd4,0x34,0x7f,0x81,0xce,0x69,0xf0,0x96,0x62,0xf7,0xec,0x41,0xd5,0xc2,0xe3, + 0x4b,0xba,0x9c,0x8a,0x02,0xce,0xf0,0x5d,0x14,0xf7,0x09,0x42,0x8e,0x4a,0x27,0xfe, + 0x3e,0x66,0x42,0x99,0x03,0xe1,0x69,0xbd,0xdb,0x7f,0x9b,0x70,0xeb,0x4e,0x9c,0xac, + 0x45,0x67,0x91,0x9f,0x75,0x10,0xc6,0xfc,0x14,0xe1,0x28,0xc1,0x0e,0xe0,0x7e,0xc0, + 0x5c,0x1d,0xee,0xe8,0xff,0x45,0x79,0x51,0x86,0x08,0xe6,0x39,0xac,0xb5,0xfd,0xb8, + 0xf1,0xdd,0x2e,0xf4,0xb2,0x1a,0x69,0x0d,0xd9,0x98,0x8e,0xdb,0x85,0x61,0x70,0x20, + 0x82,0x91,0x26,0x87,0x80,0xc4,0x6a,0xd8,0x3b,0x91,0x4d,0xd3,0x33,0x84,0xad,0xb7}}; + +const TPM2B_RSA_TEST_VALUE c_RsaesKvt = {RSA_TEST_KEY_SIZE, { + 0x44,0xd5,0x9f,0xbc,0x48,0x03,0x3d,0x9f,0x22,0x91,0x2a,0xab,0x3c,0x31,0x71,0xab, + 0x86,0x3f,0x0f,0x6f,0x59,0x5b,0x93,0x27,0xbc,0xbc,0xcd,0x29,0x38,0x43,0x2a,0x3b, + 0x3b,0xd2,0xb3,0x45,0x40,0xba,0x15,0xb4,0x45,0xe3,0x56,0xab,0xff,0xb3,0x20,0x26, + 0x39,0xcc,0x48,0xc5,0x5d,0x41,0x0d,0x2f,0x57,0x7f,0x9d,0x16,0x2e,0x26,0x57,0xc7, + 0x6b,0xf3,0x36,0x54,0xbd,0xb6,0x1d,0x46,0x4e,0x13,0x50,0xd7,0x61,0x9d,0x8d,0x7b, + 0xeb,0x21,0x9f,0x79,0xf3,0xfd,0xe0,0x1b,0xa8,0xed,0x6d,0x29,0x33,0x0d,0x65,0x94, + 0x24,0x1e,0x62,0x88,0x6b,0x2b,0x4e,0x39,0xf5,0x80,0x39,0xca,0x76,0x95,0xbc,0x7c, + 0x27,0x1d,0xdd,0x3a,0x11,0xf1,0x3e,0x54,0x03,0xb7,0x43,0x91,0x99,0x33,0xfe,0x9d, + 0x14,0x2c,0x87,0x9a,0x95,0x18,0x1f,0x02,0x04,0x6a,0xe2,0xb7,0x81,0x14,0x13,0x45, + 0x16,0xfb,0xe4,0xb7,0x8f,0xab,0x2b,0xd7,0x60,0x34,0x8a,0x55,0xbc,0x01,0x8c,0x49, + 0x02,0x29,0xf1,0x9c,0x94,0x98,0x44,0xd0,0x94,0xcb,0xd4,0x85,0x4c,0x3b,0x77,0x72, + 0x99,0xd5,0x4b,0xc6,0x3b,0xe4,0xd2,0xc8,0xe9,0x6a,0x23,0x18,0x3b,0x3b,0x5e,0x32, + 0xec,0x70,0x84,0x5d,0xbb,0x6a,0x8f,0x0c,0x5f,0x55,0xa5,0x30,0x34,0x48,0xbb,0xc2, + 0xdf,0x12,0xb9,0x81,0xad,0x36,0x3f,0xf0,0x24,0x16,0x48,0x04,0x4a,0x7f,0xfd,0x9f, + 0x4c,0xea,0xfe,0x1d,0x83,0xd0,0x81,0xad,0x25,0x6c,0x5f,0x45,0x36,0x91,0xf0,0xd5, + 0x8b,0x53,0x0a,0xdf,0xec,0x9f,0x04,0x58,0xc4,0x35,0xa0,0x78,0x1f,0x68,0xe0,0x22}}; + +const TPM2B_RSA_TEST_VALUE c_RsapssKvt = {RSA_TEST_KEY_SIZE, { + 0x3f,0x3a,0x82,0x6d,0x42,0xe3,0x8b,0x4f,0x45,0x9c,0xda,0x6c,0xbe,0xbe,0xcd,0x00, + 0x98,0xfb,0xbe,0x59,0x30,0xc6,0x3c,0xaa,0xb3,0x06,0x27,0xb5,0xda,0xfa,0xb2,0xc3, + 0x43,0xb7,0xbd,0xe9,0xd3,0x23,0xed,0x80,0xce,0x74,0xb3,0xb8,0x77,0x8d,0xe6,0x8d, + 0x3c,0xe5,0xf5,0xd7,0x80,0xcf,0x38,0x55,0x76,0xd7,0x87,0xa8,0xd6,0x3a,0xcf,0xfd, + 0xd8,0x91,0x65,0xab,0x43,0x66,0x50,0xb7,0x9a,0x13,0x6b,0x45,0x80,0x76,0x86,0x22, + 0x27,0x72,0xf7,0xbb,0x65,0x22,0x5c,0x55,0x60,0xd8,0x84,0x9f,0xf2,0x61,0x52,0xac, + 0xf2,0x4f,0x5b,0x7b,0x21,0xe1,0xf5,0x4b,0x8f,0x01,0xf2,0x4b,0xcf,0xd3,0xfb,0x74, + 0x5e,0x6e,0x96,0xb4,0xa8,0x0f,0x01,0x9b,0x26,0x54,0x0a,0x70,0x55,0x26,0xb7,0x0b, + 0xe8,0x01,0x68,0x66,0x0d,0x6f,0xb5,0xfc,0x66,0xbd,0x9e,0x44,0xed,0x6a,0x1e,0x3c, + 0x3b,0x61,0x5d,0xe8,0xdb,0x99,0x5b,0x67,0xbf,0x94,0xfb,0xe6,0x8c,0x4b,0x07,0xcb, + 0x43,0x3a,0x0d,0xb1,0x1b,0x10,0x66,0x81,0xe2,0x0d,0xe7,0xd1,0xca,0x85,0xa7,0x50, + 0x82,0x2d,0xbf,0xed,0xcf,0x43,0x6d,0xdb,0x2c,0x7b,0x73,0x20,0xfe,0x73,0x3f,0x19, + 0xc6,0xdb,0x69,0xb8,0xc3,0xd3,0xf4,0xe5,0x64,0xf8,0x36,0x8e,0xd5,0xd8,0x09,0x2a, + 0x5f,0x26,0x70,0xa1,0xd9,0x5b,0x14,0xf8,0x22,0xe9,0x9d,0x22,0x51,0xf4,0x52,0xc1, + 0x6f,0x53,0xf5,0xca,0x0d,0xda,0x39,0x8c,0x29,0x42,0xe8,0x58,0x89,0xbb,0xd1,0x2e, + 0xc5,0xdb,0x86,0x8d,0xaf,0xec,0x58,0x36,0x8d,0x8d,0x57,0x23,0xd5,0xdd,0xb9,0x24}}; + +const TPM2B_RSA_TEST_VALUE c_RsassaKvt = {RSA_TEST_KEY_SIZE, { + 0x39,0x10,0x58,0x7d,0x6d,0xa8,0xd5,0x90,0x07,0xd6,0x2b,0x13,0xe9,0xd8,0x93,0x7e, + 0xf3,0x5d,0x71,0xe0,0xf0,0x33,0x3a,0x4a,0x22,0xf3,0xe6,0x95,0xd3,0x8e,0x8c,0x41, + 0xe7,0xb3,0x13,0xde,0x4a,0x45,0xd3,0xd1,0xfb,0xb1,0x3f,0x9b,0x39,0xa5,0x50,0x58, + 0xef,0xb6,0x3a,0x43,0xdd,0x54,0xab,0xda,0x9d,0x32,0x49,0xe4,0x57,0x96,0xe5,0x1b, + 0x1d,0x8f,0x33,0x8e,0x07,0x67,0x56,0x14,0xc1,0x18,0x78,0xa2,0x52,0xe6,0x2e,0x07, + 0x81,0xbe,0xd8,0xca,0x76,0x63,0x68,0xc5,0x47,0xa2,0x92,0x5e,0x4c,0xfd,0x14,0xc7, + 0x46,0x14,0xbe,0xc7,0x85,0xef,0xe6,0xb8,0x46,0xcb,0x3a,0x67,0x66,0x89,0xc6,0xee, + 0x9d,0x64,0xf5,0x0d,0x09,0x80,0x9a,0x6f,0x0e,0xeb,0xe4,0xb9,0xe9,0xab,0x90,0x4f, + 0xe7,0x5a,0xc8,0xca,0xf6,0x16,0x0a,0x82,0xbd,0xb7,0x76,0x59,0x08,0x2d,0xd9,0x40, + 0x5d,0xaa,0xa5,0xef,0xfb,0xe3,0x81,0x2c,0x2c,0x5c,0xa8,0x16,0xbd,0x63,0x20,0xc2, + 0x4d,0x3b,0x51,0xaa,0x62,0x1f,0x06,0xe5,0xbb,0x78,0x44,0x04,0x0c,0x5c,0xe1,0x1b, + 0x6b,0x9d,0x21,0x10,0xaf,0x48,0x48,0x98,0x97,0x77,0xc2,0x73,0xb4,0x98,0x64,0xcc, + 0x94,0x2c,0x29,0x28,0x45,0x36,0xd1,0xc5,0xd0,0x2f,0x97,0x27,0x92,0x65,0x22,0xbb, + 0x63,0x79,0xea,0xf5,0xff,0x77,0x0f,0x4b,0x56,0x8a,0x9f,0xad,0x1a,0x97,0x67,0x39, + 0x69,0xb8,0x4c,0x6c,0xc2,0x56,0xc5,0x7a,0xa8,0x14,0x5a,0x24,0x7a,0xa4,0x6e,0x55, + 0xb2,0x86,0x1d,0xf4,0x62,0x5a,0x2d,0x87,0x6d,0xde,0x99,0x78,0x2d,0xef,0xd7,0xdc}}; + +#endif // SHA384 + +#if ALG_SHA512_VALUE == DEFAULT_TEST_HASH + +const TPM2B_RSA_TEST_VALUE c_OaepKvt = {RSA_TEST_KEY_SIZE, { + 0x48,0x45,0xa7,0x70,0xb2,0x41,0xb7,0x48,0x5e,0x79,0x8c,0xdf,0x1c,0xc6,0x7e,0xbb, + 0x11,0x80,0x82,0x52,0xbf,0x40,0x3d,0x90,0x03,0x6e,0x20,0x3a,0xb9,0x65,0xc8,0x51, + 0x4c,0xbd,0x9c,0xa9,0x43,0x89,0xd0,0x57,0x0c,0xa3,0x69,0x22,0x7e,0x82,0x2a,0x1c, + 0x1d,0x5a,0x80,0x84,0x81,0xbb,0x5e,0x5e,0xd0,0xc1,0x66,0x9a,0xac,0x00,0xba,0x14, + 0xa2,0xe9,0xd0,0x3a,0x89,0x5a,0x63,0xe2,0xec,0x92,0x05,0xf4,0x47,0x66,0x12,0x7f, + 0xdb,0xa7,0x3c,0x5b,0x67,0xe1,0x55,0xca,0x0a,0x27,0xbf,0x39,0x89,0x11,0x05,0xba, + 0x9b,0x5a,0x9b,0x65,0x44,0xad,0x78,0xcf,0x8f,0x94,0xf6,0x9a,0xb4,0x52,0x39,0x0e, + 0x00,0xba,0xbc,0xe0,0xbd,0x6f,0x81,0x2d,0x76,0x42,0x66,0x70,0x07,0x77,0xbf,0x09, + 0x88,0x2a,0x0c,0xb1,0x56,0x3e,0xee,0xfd,0xdc,0xb6,0x3c,0x0d,0xc5,0xa4,0x0d,0x10, + 0x32,0x80,0x3e,0x1e,0xfe,0x36,0x8f,0xb5,0x42,0xc1,0x21,0x7b,0xdf,0xdf,0x4a,0xd2, + 0x68,0x0c,0x01,0x9f,0x4a,0xfd,0xd4,0xec,0xf7,0x49,0x06,0xab,0xed,0xc6,0xd5,0x1b, + 0x63,0x76,0x38,0xc8,0x6c,0xc7,0x4f,0xcb,0x29,0x8a,0x0e,0x6f,0x33,0xaf,0x69,0x31, + 0x8e,0xa7,0xdd,0x9a,0x36,0xde,0x9b,0xf1,0x0b,0xfb,0x20,0xa0,0x6d,0x33,0x31,0xc9, + 0x9e,0xb4,0x2e,0xc5,0x40,0x0e,0x60,0x71,0x36,0x75,0x05,0xf9,0x37,0xe0,0xca,0x8e, + 0x8f,0x56,0xe0,0xea,0x9b,0xeb,0x17,0xf3,0xca,0x40,0xc3,0x48,0x01,0xba,0xdc,0xc6, + 0x4b,0x2b,0x5b,0x7b,0x5c,0x81,0xa6,0xbb,0xc7,0x43,0xc0,0xbe,0xc0,0x30,0x7b,0x55}}; + +const TPM2B_RSA_TEST_VALUE c_RsaesKvt = {RSA_TEST_KEY_SIZE, { + 0x74,0x83,0xfa,0x52,0x65,0x50,0x68,0xd0,0x82,0x05,0x72,0x70,0x78,0x1c,0xac,0x10, + 0x23,0xc5,0x07,0xf8,0x93,0xd2,0xeb,0x65,0x87,0xbb,0x47,0xc2,0xfb,0x30,0x9e,0x61, + 0x4c,0xac,0x04,0x57,0x5a,0x7c,0xeb,0x29,0x08,0x84,0x86,0x89,0x1e,0x8f,0x07,0x32, + 0xa3,0x8b,0x70,0xe7,0xa2,0x9f,0x9c,0x42,0x71,0x3d,0x23,0x59,0x82,0x5e,0x8a,0xde, + 0xd6,0xfb,0xd8,0xc5,0x8b,0xc0,0xdb,0x10,0x38,0x87,0xd3,0xbf,0x04,0xb0,0x66,0xb9, + 0x85,0x81,0x54,0x4c,0x69,0xdc,0xba,0x78,0xf3,0x4a,0xdb,0x25,0xa2,0xf2,0x34,0x55, + 0xdd,0xaa,0xa5,0xc4,0xed,0x55,0x06,0x0e,0x2a,0x30,0x77,0xab,0x82,0x79,0xf0,0xcd, + 0x9d,0x6f,0x09,0xa0,0xc8,0x82,0xc9,0xe0,0x61,0xda,0x40,0xcd,0x17,0x59,0xc0,0xef, + 0x95,0x6d,0xa3,0x6d,0x1c,0x2b,0xee,0x24,0xef,0xd8,0x4a,0x55,0x6c,0xd6,0x26,0x42, + 0x32,0x17,0xfd,0x6a,0xb3,0x4f,0xde,0x07,0x2f,0x10,0xd4,0xac,0x14,0xea,0x89,0x68, + 0xcc,0xd3,0x07,0xb7,0xcf,0xba,0x39,0x20,0x63,0x20,0x7b,0x44,0x8b,0x48,0x60,0x5d, + 0x3a,0x2a,0x0a,0xe9,0x68,0xab,0x15,0x46,0x27,0x64,0xb5,0x82,0x06,0x29,0xe7,0x25, + 0xca,0x46,0x48,0x6e,0x2a,0x34,0x57,0x4b,0x81,0x75,0xae,0xb6,0xfd,0x6f,0x51,0x5f, + 0x04,0x59,0xc7,0x15,0x1f,0xe0,0x68,0xf7,0x36,0x2d,0xdf,0xc8,0x9d,0x05,0x27,0x2d, + 0x3f,0x2b,0x59,0x5d,0xcb,0xf3,0xc4,0x92,0x6e,0x00,0xa8,0x8d,0xd0,0x69,0xe5,0x59, + 0xda,0xba,0x4f,0x38,0xf5,0xa0,0x8b,0xf1,0x73,0xe9,0x0d,0xee,0x64,0xe5,0xa2,0xd8}}; + +const TPM2B_RSA_TEST_VALUE c_RsapssKvt = {RSA_TEST_KEY_SIZE, { + 0x1b,0xca,0x8b,0x18,0x15,0x3b,0x95,0x5b,0x0a,0x89,0x10,0x03,0x7f,0x7c,0xa0,0xc9, + 0x66,0x57,0x86,0x6a,0xc9,0xeb,0x82,0x71,0xf3,0x8d,0x6f,0xa9,0xa4,0x2d,0xd0,0x22, + 0xdf,0xe9,0xc6,0x71,0x5b,0xf4,0x27,0x38,0x5b,0x2c,0x8a,0x54,0xcc,0x85,0x11,0x69, + 0x6d,0x6f,0x42,0xe7,0x22,0xcb,0xd6,0xad,0x1a,0xc5,0xab,0x6a,0xa5,0xfc,0xa5,0x70, + 0x72,0x4a,0x62,0x25,0xd0,0xa2,0x16,0x61,0xab,0xac,0x31,0xa0,0x46,0x24,0x4f,0xdd, + 0x9a,0x36,0x55,0xb6,0x00,0x9e,0x23,0x50,0x0d,0x53,0x01,0xb3,0x46,0x56,0xb2,0x1d, + 0x33,0x5b,0xca,0x41,0x7f,0x65,0x7e,0x00,0x5c,0x12,0xff,0x0a,0x70,0x5d,0x8c,0x69, + 0x4a,0x02,0xee,0x72,0x30,0xa7,0x5c,0xa4,0xbb,0xbe,0x03,0x0c,0xe4,0x5f,0x33,0xb6, + 0x78,0x91,0x9d,0xd8,0xec,0x34,0x03,0x2e,0x63,0x32,0xc7,0x2a,0x36,0x50,0xd5,0x8b, + 0x0e,0x7f,0x54,0x4e,0xf4,0x29,0x11,0x1b,0xcd,0x0f,0x37,0xa5,0xbc,0x61,0x83,0x50, + 0xfa,0x18,0x75,0xd9,0xfe,0xa7,0xe8,0x9b,0xc1,0x4f,0x96,0x37,0x81,0x71,0xdf,0x71, + 0x8b,0x89,0x81,0xf4,0x95,0xb5,0x29,0x66,0x41,0x0c,0x73,0xd7,0x0b,0x21,0xb4,0xfb, + 0xf9,0x63,0x2f,0xe9,0x7b,0x38,0xaa,0x20,0xc3,0x96,0xcc,0xb7,0xb2,0x24,0xa1,0xe0, + 0x59,0x9c,0x10,0x9e,0x5a,0xf7,0xe3,0x02,0xe6,0x23,0xe2,0x44,0x21,0x3f,0x6e,0x5e, + 0x79,0xb2,0x93,0x7d,0xce,0xed,0xe2,0xe1,0xab,0x98,0x07,0xa7,0xbd,0xbc,0xd8,0xf7, + 0x06,0xeb,0xc5,0xa6,0x37,0x18,0x11,0x88,0xf7,0x63,0x39,0xb9,0x57,0x29,0xdc,0x03}}; + +const TPM2B_RSA_TEST_VALUE c_RsassaKvt = {RSA_TEST_KEY_SIZE, { + 0x05,0x55,0x00,0x62,0x01,0xc6,0x04,0x31,0x55,0x73,0x3f,0x2a,0xf9,0xd4,0x0f,0xc1, + 0x2b,0xeb,0xd8,0xc8,0xdb,0xb2,0xab,0x6c,0x26,0xde,0x2d,0x89,0xc2,0x2d,0x36,0x62, + 0xc8,0x22,0x5d,0x58,0x03,0xb1,0x46,0x14,0xa5,0xd4,0xbc,0x25,0x6b,0x7f,0x8f,0x14, + 0x7e,0x03,0x2f,0x3d,0xb8,0x39,0xa5,0x79,0x13,0x7e,0x22,0x2a,0xb9,0x3e,0x8f,0xaa, + 0x01,0x7c,0x03,0x12,0x21,0x6c,0x2a,0xb4,0x39,0x98,0x6d,0xff,0x08,0x6c,0x59,0x2d, + 0xdc,0xc6,0xf1,0x77,0x62,0x10,0xa6,0xcc,0xe2,0x71,0x8e,0x97,0x00,0x87,0x5b,0x0e, + 0x20,0x00,0x3f,0x18,0x63,0x83,0xf0,0xe4,0x0a,0x64,0x8c,0xe9,0x8c,0x91,0xe7,0x89, + 0x04,0x64,0x2c,0x8b,0x41,0xc8,0xac,0xf6,0x5a,0x75,0xe6,0xa5,0x76,0x43,0xcb,0xa5, + 0x33,0x8b,0x07,0xc9,0x73,0x0f,0x45,0xa4,0xc3,0xac,0xc1,0xc3,0xe6,0xe7,0x21,0x66, + 0x1c,0xba,0xbf,0xea,0x3e,0x39,0xfa,0xb2,0xe2,0x8f,0xfe,0x9c,0xb4,0x85,0x89,0x33, + 0x2a,0x0c,0xc8,0x5d,0x58,0xe1,0x89,0x12,0xe9,0x4d,0x42,0xb3,0x1f,0x99,0x0c,0x3e, + 0xd8,0xb2,0xeb,0xf5,0x88,0xfb,0xe1,0x4b,0x8e,0xdc,0xd3,0xa8,0xda,0xbe,0x04,0x45, + 0xbf,0x56,0xc6,0x54,0x70,0x00,0xb8,0x66,0x46,0x3a,0xa3,0x1e,0xb6,0xeb,0x1a,0xa0, + 0x0b,0xd3,0x9a,0x9a,0x52,0xda,0x60,0x69,0xb7,0xef,0x93,0x47,0x38,0xab,0x1a,0xa0, + 0x22,0x6e,0x76,0x06,0xb6,0x74,0xaf,0x74,0x8f,0x51,0xc0,0x89,0x5a,0x4b,0xbe,0x6a, + 0x91,0x18,0x25,0x7d,0xa6,0x77,0xe6,0xfd,0xc2,0x62,0x36,0x07,0xc6,0xef,0x79,0xc9}}; + +#endif // SHA512 + diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/SelfTest.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/SelfTest.h new file mode 100644 index 000000000..4b9fc478f --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/SelfTest.h @@ -0,0 +1,105 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +//** Introduction +// This file contains the structure definitions for the self-test. It also contains +// macros for use when the self-test is implemented. +#ifndef _SELF_TEST_H_ +#define _SELF_TEST_H_ + +//** Defines + +// Was typing this a lot +#define SELF_TEST_FAILURE FAIL(FATAL_ERROR_SELF_TEST) + +// Use the definition of key sizes to set algorithm values for key size. +#define AES_ENTRIES (AES_128 + AES_192 + AES_256) +#define SM4_ENTRIES (SM4_128) +#define CAMELLIA_ENTRIES (CAMELLIA_128 + CAMELLIA_192 + CAMELLIA_256) +#define TDES_ENTRIES (TDES_128 + TDES_192) + +#define NUM_SYMS (AES_ENTRIES + SM4_ENTRIES + CAMELLIA_ENTRIES + TDES_ENTRIES) + +typedef UINT32 SYM_INDEX; + +// These two defines deal with the fact that the TPM_ALG_ID table does not delimit +// the symmetric mode values with a TPM_SYM_MODE_FIRST and TPM_SYM_MODE_LAST +#define TPM_SYM_MODE_FIRST ALG_CTR_VALUE +#define TPM_SYM_MODE_LAST ALG_ECB_VALUE + +#define NUM_SYM_MODES (TPM_SYM_MODE_LAST - TPM_SYM_MODE_FIRST + 1) + +// Define a type to hold a bit vector for the modes. +#if NUM_SYM_MODES <= 0 +#error "No symmetric modes implemented" +#elif NUM_SYM_MODES <= 8 +typedef BYTE SYM_MODES; +#elif NUM_SYM_MODES <= 16 +typedef UINT16 SYM_MODES; +#elif NUM_SYM_MODES <= 32 +typedef UINT32 SYM_MODES; +#else +#error "Too many symmetric modes" +#endif + +typedef struct SYMMETRIC_TEST_VECTOR { + const TPM_ALG_ID alg; // the algorithm + const UINT16 keyBits; // bits in the key + const BYTE *key; // The test key + const UINT32 ivSize; // block size of the algorithm + const UINT32 dataInOutSize; // size to encrypt/decrypt + const BYTE *dataIn; // data to encrypt + const BYTE *dataOut[NUM_SYM_MODES];// data to decrypt +} SYMMETRIC_TEST_VECTOR; + +#if ALG_SHA512 +# define DEFAULT_TEST_HASH ALG_SHA512_VALUE +# define DEFAULT_TEST_DIGEST_SIZE SHA512_DIGEST_SIZE +# define DEFAULT_TEST_HASH_BLOCK_SIZE SHA512_BLOCK_SIZE +#elif ALG_SHA384 +# define DEFAULT_TEST_HASH ALG_SHA384_VALUE +# define DEFAULT_TEST_DIGEST_SIZE SHA384_DIGEST_SIZE +# define DEFAULT_TEST_HASH_BLOCK_SIZE SHA384_BLOCK_SIZE +#elif ALG_SHA256 +# define DEFAULT_TEST_HASH ALG_SHA256_VALUE +# define DEFAULT_TEST_DIGEST_SIZE SHA256_DIGEST_SIZE +# define DEFAULT_TEST_HASH_BLOCK_SIZE SHA256_BLOCK_SIZE +#elif ALG_SHA1 +# define DEFAULT_TEST_HASH ALG_SHA1_VALUE +# define DEFAULT_TEST_DIGEST_SIZE SHA1_DIGEST_SIZE +# define DEFAULT_TEST_HASH_BLOCK_SIZE SHA1_BLOCK_SIZE +#endif + + +#endif // _SELF_TEST_H_ \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/SupportLibraryFunctionPrototypes_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/SupportLibraryFunctionPrototypes_fp.h new file mode 100644 index 000000000..3cdd2c816 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/SupportLibraryFunctionPrototypes_fp.h @@ -0,0 +1,137 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +//** Introduction +// This file contains the function prototypes for the functions that need to be +// present in the selected math library. For each function listed, there should +// be a small stub function. That stub provides the interface between the TPM +// code and the support library. In most cases, the stub function will only need +// to do a format conversion between the TPM big number and the support library +// big number. The TPM big number format was chosen to make this relatively +// simple and fast. +// +// Arithmetic operations return a BOOL to indicate if the operation completed +// successfully or not. + +#ifndef SUPPORT_LIBRARY_FUNCTION_PROTOTYPES_H +#define SUPPORT_LIBRARY_FUNCTION_PROTOTYPES_H + +//** SupportLibInit() +// This function is called by CryptInit() so that necessary initializations can be +// performed on the cryptographic library. +LIB_EXPORT +int SupportLibInit(void); + +//** MathLibraryCompatibililtyCheck() +// This function is only used during development to make sure that the library +// that is being referenced is using the same size of data structures as the TPM. +void +MathLibraryCompatibilityCheck( + void + ); + +//** BnModMult() +// Does 'op1' * 'op2' and divide by 'modulus' returning the remainder of the divide. +LIB_EXPORT BOOL +BnModMult(bigNum result, bigConst op1, bigConst op2, bigConst modulus); + +//** BnMult() +// Multiplies two numbers and returns the result +LIB_EXPORT BOOL +BnMult(bigNum result, bigConst multiplicand, bigConst multiplier); + +//** BnDiv() +// This function divides two bigNum values. The function returns FALSE if there is +// an error in the operation. +LIB_EXPORT BOOL +BnDiv(bigNum quotient, bigNum remainder, + bigConst dividend, bigConst divisor); +//** BnMod() +#define BnMod(a, b) BnDiv(NULL, (a), (a), (b)) + +//** BnGcd() +// Get the greatest common divisor of two numbers. This function is only needed +// when the TPM implements RSA. +LIB_EXPORT BOOL +BnGcd(bigNum gcd, bigConst number1, bigConst number2); + +//** BnModExp() +// Do modular exponentiation using bigNum values. This function is only needed +// when the TPM implements RSA. +LIB_EXPORT BOOL +BnModExp(bigNum result, bigConst number, + bigConst exponent, bigConst modulus); +//** BnModInverse() +// Modular multiplicative inverse. This function is only needed +// when the TPM implements RSA. +LIB_EXPORT BOOL BnModInverse(bigNum result, bigConst number, + bigConst modulus); + +//** BnEccModMult() +// This function does a point multiply of the form R = [d]S. A return of FALSE +// indicates that the result was the point at infinity. This function is only needed +// if the TPM supports ECC. +LIB_EXPORT BOOL +BnEccModMult(bigPoint R, pointConst S, bigConst d, bigCurve E); + +//** BnEccModMult2() +// This function does a point multiply of the form R = [d]S + [u]Q. A return of +// FALSE indicates that the result was the point at infinity. This function is only +// needed if the TPM supports ECC. +LIB_EXPORT BOOL +BnEccModMult2(bigPoint R, pointConst S, bigConst d, + pointConst Q, bigConst u, bigCurve E); + +//** BnEccAdd() +// This function does a point add R = S + Q. A return of FALSE +// indicates that the result was the point at infinity. This function is only needed +// if the TPM supports ECC. +LIB_EXPORT BOOL +BnEccAdd(bigPoint R, pointConst S, pointConst Q, bigCurve E); + +//** BnCurveInitialize() +// This function is used to initialize the pointers of a bnCurve_t structure. The +// structure is a set of pointers to bigNum values. The curve-dependent values are +// set by a different function. This function is only needed +// if the TPM supports ECC. +LIB_EXPORT bigCurve +BnCurveInitialize(bigCurve E, TPM_ECC_CURVE curveId); + +//*** BnCurveFree() +// This function will free the allocated components of the curve and end the +// frame in which the curve data exists +LIB_EXPORT void +BnCurveFree(bigCurve E); + +#endif \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/SymmetricTest.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/SymmetricTest.h new file mode 100644 index 000000000..bf052152b --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/SymmetricTest.h @@ -0,0 +1,76 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +//** Introduction + +// This file contains the structures and data definitions for the symmetric tests. +// This file references the header file that contains the actual test vectors. This +// organization was chosen so that the program that is used to generate the test +// vector values does not have to also re-generate this data. +#ifndef SELF_TEST_DATA +#error "This file may only be included in AlgorithmTests.c" +#endif + +#ifndef _SYMMETRIC_TEST_H +#define _SYMMETRIC_TEST_H +#include "SymmetricTestData.h" + + +//** Symmetric Test Structures + +const SYMMETRIC_TEST_VECTOR c_symTestValues[NUM_SYMS + 1] = { +#if ALG_AES && AES_128 + {ALG_AES_VALUE, 128, key_AES128, 16, sizeof(dataIn_AES128), dataIn_AES128, + {dataOut_AES128_CTR, dataOut_AES128_OFB, dataOut_AES128_CBC, + dataOut_AES128_CFB, dataOut_AES128_ECB}}, +#endif +#if ALG_AES && AES_192 + {ALG_AES_VALUE, 192, key_AES192, 16, sizeof(dataIn_AES192), dataIn_AES192, + {dataOut_AES192_CTR, dataOut_AES192_OFB, dataOut_AES192_CBC, + dataOut_AES192_CFB, dataOut_AES192_ECB}}, +#endif +#if ALG_AES && AES_256 + {ALG_AES_VALUE, 256, key_AES256, 16, sizeof(dataIn_AES256), dataIn_AES256, + {dataOut_AES256_CTR, dataOut_AES256_OFB, dataOut_AES256_CBC, + dataOut_AES256_CFB, dataOut_AES256_ECB}}, +#endif +#if ALG_SM4 && SM4_128 + {ALG_SM4_VALUE, 128, key_SM4128, 16, sizeof(dataIn_SM4128), dataIn_SM4128, + {dataOut_SM4128_CTR, dataOut_SM4128_OFB, dataOut_SM4128_CBC, + dataOut_SM4128_CFB, dataOut_AES128_ECB}}, +#endif + {0} +}; + +#endif // _SYMMETRIC_TEST_H diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/SymmetricTestData.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/SymmetricTestData.h new file mode 100644 index 000000000..e171c07ac --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/SymmetricTestData.h @@ -0,0 +1,178 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +// This is a vector for testing either encrypt or decrypt. The premise for decrypt +// is that the IV for decryption is the same as the IV for encryption. However, +// the ivOut value may be different for encryption and decryption. We will encrypt +// at least two blocks. This means that the chaining value will be used for each +// of the schemes (if any) and that implicitly checks that the chaining value +// is handled properly. + + +#if AES_128 + +const BYTE key_AES128 [] = { + 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, + 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c}; + +const BYTE dataIn_AES128 [] = { + 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, + 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, + 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, + 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51}; + + +const BYTE dataOut_AES128_ECB [] = { + 0x3a, 0xd7, 0x7b, 0xb4, 0x0d, 0x7a, 0x36, 0x60, + 0xa8, 0x9e, 0xca, 0xf3, 0x24, 0x66, 0xef, 0x97, + 0xf5, 0xd3, 0xd5, 0x85, 0x03, 0xb9, 0x69, 0x9d, + 0xe7, 0x85, 0x89, 0x5a, 0x96, 0xfd, 0xba, 0xaf}; + +const BYTE dataOut_AES128_CBC [] = { + 0x76, 0x49, 0xab, 0xac, 0x81, 0x19, 0xb2, 0x46, + 0xce, 0xe9, 0x8e, 0x9b, 0x12, 0xe9, 0x19, 0x7d, + 0x50, 0x86, 0xcb, 0x9b, 0x50, 0x72, 0x19, 0xee, + 0x95, 0xdb, 0x11, 0x3a, 0x91, 0x76, 0x78, 0xb2}; + +const BYTE dataOut_AES128_CFB [] = { + 0x3b, 0x3f, 0xd9, 0x2e, 0xb7, 0x2d, 0xad, 0x20, + 0x33, 0x34, 0x49, 0xf8, 0xe8, 0x3c, 0xfb, 0x4a, + 0xc8, 0xa6, 0x45, 0x37, 0xa0, 0xb3, 0xa9, 0x3f, + 0xcd, 0xe3, 0xcd, 0xad, 0x9f, 0x1c, 0xe5, 0x8b}; + +const BYTE dataOut_AES128_OFB [] = { + 0x3b, 0x3f, 0xd9, 0x2e, 0xb7, 0x2d, 0xad, 0x20, + 0x33, 0x34, 0x49, 0xf8, 0xe8, 0x3c, 0xfb, 0x4a, + 0x77, 0x89, 0x50, 0x8d, 0x16, 0x91, 0x8f, 0x03, + 0xf5, 0x3c, 0x52, 0xda, 0xc5, 0x4e, 0xd8, 0x25}; + + +const BYTE dataOut_AES128_CTR [] = { + 0x87, 0x4d, 0x61, 0x91, 0xb6, 0x20, 0xe3, 0x26, + 0x1b, 0xef, 0x68, 0x64, 0x99, 0x0d, 0xb6, 0xce, + 0x98, 0x06, 0xf6, 0x6b, 0x79, 0x70, 0xfd, 0xff, + 0x86, 0x17, 0x18, 0x7b, 0xb9, 0xff, 0xfd, 0xff}; +#endif + +#if AES_192 + +const BYTE key_AES192 [] = { + 0x8e, 0x73, 0xb0, 0xf7, 0xda, 0x0e, 0x64, 0x52, + 0xc8, 0x10, 0xf3, 0x2b, 0x80, 0x90, 0x79, 0xe5, + 0x62, 0xf8, 0xea, 0xd2, 0x52, 0x2c, 0x6b, 0x7b}; + +const BYTE dataIn_AES192 [] = { + 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, + 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, + 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, + 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51}; + +const BYTE dataOut_AES192_ECB [] = { + 0xbd, 0x33, 0x4f, 0x1d, 0x6e, 0x45, 0xf2, 0x5f, + 0xf7, 0x12, 0xa2, 0x14, 0x57, 0x1f, 0xa5, 0xcc, + 0x97, 0x41, 0x04, 0x84, 0x6d, 0x0a, 0xd3, 0xad, + 0x77, 0x34, 0xec, 0xb3, 0xec, 0xee, 0x4e, 0xef}; + +const BYTE dataOut_AES192_CBC [] = { + 0x4f, 0x02, 0x1d, 0xb2, 0x43, 0xbc, 0x63, 0x3d, + 0x71, 0x78, 0x18, 0x3a, 0x9f, 0xa0, 0x71, 0xe8, + 0xb4, 0xd9, 0xad, 0xa9, 0xad, 0x7d, 0xed, 0xf4, + 0xe5, 0xe7, 0x38, 0x76, 0x3f, 0x69, 0x14, 0x5a}; + +const BYTE dataOut_AES192_CFB [] = { + 0xcd, 0xc8, 0x0d, 0x6f, 0xdd, 0xf1, 0x8c, 0xab, + 0x34, 0xc2, 0x59, 0x09, 0xc9, 0x9a, 0x41, 0x74, + 0x67, 0xce, 0x7f, 0x7f, 0x81, 0x17, 0x36, 0x21, + 0x96, 0x1a, 0x2b, 0x70, 0x17, 0x1d, 0x3d, 0x7a}; + +const BYTE dataOut_AES192_OFB [] = { + 0xcd, 0xc8, 0x0d, 0x6f, 0xdd, 0xf1, 0x8c, 0xab, + 0x34, 0xc2, 0x59, 0x09, 0xc9, 0x9a, 0x41, 0x74, + 0xfc, 0xc2, 0x8b, 0x8d, 0x4c, 0x63, 0x83, 0x7c, + 0x09, 0xe8, 0x17, 0x00, 0xc1, 0x10, 0x04, 0x01}; + +const BYTE dataOut_AES192_CTR [] = { + 0x1a, 0xbc, 0x93, 0x24, 0x17, 0x52, 0x1c, 0xa2, + 0x4f, 0x2b, 0x04, 0x59, 0xfe, 0x7e, 0x6e, 0x0b, + 0x09, 0x03, 0x39, 0xec, 0x0a, 0xa6, 0xfa, 0xef, + 0xd5, 0xcc, 0xc2, 0xc6, 0xf4, 0xce, 0x8e, 0x94}; +#endif + +#if AES_256 + +const BYTE key_AES256 [] = { + 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe, + 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81, + 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7, + 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4}; + +const BYTE dataIn_AES256 [] = { + 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, + 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, + 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, + 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51}; + +const BYTE dataOut_AES256_ECB [] = { + 0xf3, 0xee, 0xd1, 0xbd, 0xb5, 0xd2, 0xa0, 0x3c, + 0x06, 0x4b, 0x5a, 0x7e, 0x3d, 0xb1, 0x81, 0xf8, + 0x59, 0x1c, 0xcb, 0x10, 0xd4, 0x10, 0xed, 0x26, + 0xdc, 0x5b, 0xa7, 0x4a, 0x31, 0x36, 0x28, 0x70}; + +const BYTE dataOut_AES256_CBC [] = { + 0xf5, 0x8c, 0x4c, 0x04, 0xd6, 0xe5, 0xf1, 0xba, + 0x77, 0x9e, 0xab, 0xfb, 0x5f, 0x7b, 0xfb, 0xd6, + 0x9c, 0xfc, 0x4e, 0x96, 0x7e, 0xdb, 0x80, 0x8d, + 0x67, 0x9f, 0x77, 0x7b, 0xc6, 0x70, 0x2c, 0x7d}; + +const BYTE dataOut_AES256_CFB [] = { + 0xdc, 0x7e, 0x84, 0xbf, 0xda, 0x79, 0x16, 0x4b, + 0x7e, 0xcd, 0x84, 0x86, 0x98, 0x5d, 0x38, 0x60, + 0x39, 0xff, 0xed, 0x14, 0x3b, 0x28, 0xb1, 0xc8, + 0x32, 0x11, 0x3c, 0x63, 0x31, 0xe5, 0x40, 0x7b}; + +const BYTE dataOut_AES256_OFB [] = { + 0xdc, 0x7e, 0x84, 0xbf, 0xda, 0x79, 0x16, 0x4b, + 0x7e, 0xcd, 0x84, 0x86, 0x98, 0x5d, 0x38, 0x60, + 0x4f, 0xeb, 0xdc, 0x67, 0x40, 0xd2, 0x0b, 0x3a, + 0xc8, 0x8f, 0x6a, 0xd8, 0x2a, 0x4f, 0xb0, 0x8d}; + +const BYTE dataOut_AES256_CTR [] = { + 0x60, 0x1e, 0xc3, 0x13, 0x77, 0x57, 0x89, 0xa5, + 0xb7, 0xa7, 0xf5, 0x04, 0xbb, 0xf3, 0xd2, 0x28, + 0xf4, 0x43, 0xe3, 0xca, 0x4d, 0x62, 0xb5, 0x9a, + 0xca, 0x84, 0xe9, 0x90, 0xca, 0xca, 0xf5, 0xc5}; +#endif + + + diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/TPMB.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/TPMB.h new file mode 100644 index 000000000..d815632ca --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/TPMB.h @@ -0,0 +1,73 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +// +// This file contains extra TPM2B structures +// + +#ifndef _TPMB_H +#define _TPMB_H + +// TPM2B Types +typedef struct { + UINT16 size; + BYTE buffer[1]; +} TPM2B, *P2B; +typedef const TPM2B *PC2B; + +// This macro helps avoid having to type in the structure in order to create +// a new TPM2B type that is used in a function. +#define TPM2B_TYPE(name, bytes) \ + typedef union { \ + struct { \ + UINT16 size; \ + BYTE buffer[(bytes)]; \ + } t; \ + TPM2B b; \ + } TPM2B_##name + +// This macro defines a TPM2B with a constant character value. This macro +// sets the size of the string to the size minus the terminating zero byte. +// This lets the user of the label add their terminating 0. This method +// is chosen so that existing code that provides a label will continue +// to work correctly. + +// Macro to instance and initialize a TPM2B value +#define TPM2B_INIT(TYPE, name) \ + TPM2B_##TYPE name = {sizeof(name.t.buffer), {0}} + +#define TPM2B_BYTE_VALUE(bytes) TPM2B_TYPE(bytes##_BYTE_VALUE, bytes) + + +#endif diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Tpm.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Tpm.h new file mode 100644 index 000000000..e1b45c2cc --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Tpm.h @@ -0,0 +1,55 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +// Root header file for building any TPM.lib code + +#ifndef _TPM_H_ +#define _TPM_H_ + +#include "TpmBuildSwitches.h" +#include "BaseTypes.h" +#include "TPMB.h" +#include "MinMax.h" + +#include "TpmProfile.h" +#include "TpmAlgorithmDefines.h" +#include "LibSupport.h" // Types from the library. These need to come before + // Global.h because some of the structures in + // that file depend on the structures used by the + // cryptographic libraries. +#include "GpMacros.h" // Define additional macros +#include "Global.h" // Define other TPM types +#include "InternalRoutines.h" // Function prototypes + +#endif // _TPM_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/TpmASN1.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/TpmASN1.h new file mode 100644 index 000000000..eafeed4a7 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/TpmASN1.h @@ -0,0 +1,127 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +//** Introduction +// This file contains the macro and structure definitions for the X509 commands and +// functions. + +#ifndef _TPMASN1_H_ +#define _TPMASN1_H_ + +//** Includes + +#include "Tpm.h" +#include "OIDs.h" + +//** Defined Constants +//*** ASN.1 Universal Types (Class 00b) +#define ASN1_EOC 0x00 +#define ASN1_BOOLEAN 0x01 +#define ASN1_INTEGER 0x02 +#define ASN1_BITSTRING 0x03 +#define ASN1_OCTET_STRING 0x04 +#define ASN1_NULL 0x05 +#define ASN1_OBJECT_IDENTIFIER 0x06 +#define ASN1_OBJECT_DESCRIPTOR 0x07 +#define ASN1_EXTERNAL 0x08 +#define ASN1_REAL 0x09 +#define ASN1_ENUMERATED 0x0A +#define ASN1_EMBEDDED 0x0B +#define ASN1_UTF8String 0x0C +#define ASN1_RELATIVE_OID 0x0D +#define ASN1_SEQUENCE 0x10 // Primitive + Constructed + 0x10 +#define ASN1_SET 0x11 // Primitive + Constructed + 0x11 +#define ASN1_NumericString 0x12 +#define ASN1_PrintableString 0x13 +#define ASN1_T61String 0x14 +#define ASN1_VideoString 0x15 +#define ASN1_IA5String 0x16 +#define ASN1_UTCTime 0x17 +#define ASN1_GeneralizeTime 0x18 +#define ASN1_VisibleString 0x1A +#define ASN1_GeneralString 0x1B +#define ASN1_UniversalString 0x1C +#define ASN1_CHARACTER STRING 0x1D +#define ASN1_BMPString 0x1E +#define ASN1_CONSTRUCTED 0x20 + +#define ASN1_APPLICAIION_SPECIFIC 0xA0 + +#define ASN1_CONSTRUCTED_SEQUENCE (ASN1_SEQUENCE + ASN1_CONSTRUCTED) + +#define MAX_DEPTH 10 // maximum push depth for marshaling context. + +//** Macros + +//*** Unmarshaling Macros +#ifndef VERIFY +#define VERIFY(_X_) {if(!(_X_)) goto Error; } +#endif +// Checks the validity of the size making sure that there is no wrap around +#define CHECK_SIZE(context, length) \ + VERIFY( (((length) + (context)->offset) >= (context)->offset) \ + && (((length) + (context)->offset) <= (context)->size)) +#define NEXT_OCTET(context) ((context)->buffer[(context)->offset++]) +#define PEEK_NEXT(context) ((context)->buffer[(context)->offset]) + +//*** Marshaling Macros + +// Marshaling works in reverse order. The offset is set to the top of the buffer and, +// as the buffer is filled, 'offset' counts down to zero. When the full thing is +// encoded it can be moved to the top of the buffer. This happens when the last +// context is closed. + +#define CHECK_SPACE(context, length) VERIFY(context->offset > length) + +//** Structures + +typedef struct ASN1UnmarshalContext { + BYTE *buffer; // pointer to the buffer + INT16 size; // size of the buffer (a negative number indicates + // a parsing failure). + INT16 offset; // current offset into the buffer (a negative number + // indicates a parsing failure). Not used + BYTE tag; // The last unmarshaled tag +} ASN1UnmarshalContext; + +typedef struct ASN1MarshalContext { + BYTE *buffer; // pointer to the start of the buffer + INT16 offset; // place on the top where the last entry was added + // items are added from the bottom up. + INT16 end; // the end offset of the current value + INT16 depth; // how many pushed end values. + INT16 ends[MAX_DEPTH]; +} ASN1MarshalContext; + +#endif // _TPMASN1_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/TpmAlgorithmDefines.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/TpmAlgorithmDefines.h new file mode 100644 index 000000000..5954a8447 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/TpmAlgorithmDefines.h @@ -0,0 +1,423 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Apr 7, 2019 Time: 06:58:55PM + */ + +#ifndef _TPM_ALGORITHM_DEFINES_H_ +#define _TPM_ALGORITHM_DEFINES_H_ + +// Table 2:3 - Definition of Base Types +// Base Types are in BaseTypes.h + +#define ECC_CURVES \ + {TPM_ECC_BN_P256, TPM_ECC_BN_P638, TPM_ECC_NIST_P192, \ + TPM_ECC_NIST_P224, TPM_ECC_NIST_P256, TPM_ECC_NIST_P384, \ + TPM_ECC_NIST_P521, TPM_ECC_SM2_P256} +#define ECC_CURVE_COUNT \ + (ECC_BN_P256 + ECC_BN_P638 + ECC_NIST_P192 + ECC_NIST_P224 + \ + ECC_NIST_P256 + ECC_NIST_P384 + ECC_NIST_P521 + ECC_SM2_P256) +#define MAX_ECC_KEY_BITS \ + MAX(ECC_BN_P256 * 256, MAX(ECC_BN_P638 * 638, \ + MAX(ECC_NIST_P192 * 192, MAX(ECC_NIST_P224 * 224, \ + MAX(ECC_NIST_P256 * 256, MAX(ECC_NIST_P384 * 384, \ + MAX(ECC_NIST_P521 * 521, MAX(ECC_SM2_P256 * 256, \ + 0)))))))) +#define MAX_ECC_KEY_BYTES BITS_TO_BYTES(MAX_ECC_KEY_BITS) + + +// Table 0:6 - Defines for PLATFORM Values +#define PLATFORM_FAMILY TPM_SPEC_FAMILY +#define PLATFORM_LEVEL TPM_SPEC_LEVEL +#define PLATFORM_VERSION TPM_SPEC_VERSION +#define PLATFORM_YEAR TPM_SPEC_YEAR +#define PLATFORM_DAY_OF_YEAR TPM_SPEC_DAY_OF_YEAR + +// Table 1:12 - Defines for SHA1 Hash Values +#define SHA1_DIGEST_SIZE 20 +#define SHA1_BLOCK_SIZE 64 + + +// Table 1:13 - Defines for SHA256 Hash Values +#define SHA256_DIGEST_SIZE 32 +#define SHA256_BLOCK_SIZE 64 + + +// Table 1:14 - Defines for SHA384 Hash Values +#define SHA384_DIGEST_SIZE 48 +#define SHA384_BLOCK_SIZE 128 + + +// Table 1:15 - Defines for SHA512 Hash Values +#define SHA512_DIGEST_SIZE 64 +#define SHA512_BLOCK_SIZE 128 + + +// Table 1:16 - Defines for SM3_256 Hash Values +#define SM3_256_DIGEST_SIZE 32 +#define SM3_256_BLOCK_SIZE 64 + + +// Table 1:16 - Defines for SHA3_256 Hash Values +#define SHA3_256_DIGEST_SIZE 32 +#define SHA3_256_BLOCK_SIZE 136 + + +// Table 1:16 - Defines for SHA3_384 Hash Values +#define SHA3_384_DIGEST_SIZE 48 +#define SHA3_384_BLOCK_SIZE 104 + + +// Table 1:16 - Defines for SHA3_512 Hash Values +#define SHA3_512_DIGEST_SIZE 64 +#define SHA3_512_BLOCK_SIZE 72 + + +// Table 1:00 - Defines for RSA Asymmetric Cipher Algorithm Constants +#define RSA_KEY_SIZES_BITS \ + (1024 * RSA_1024), (2048 * RSA_2048), (3072 * RSA_3072), \ + (4096 * RSA_4096) +#if RSA_4096 +# define RSA_MAX_KEY_SIZE_BITS 4096 +#elif RSA_3072 +# define RSA_MAX_KEY_SIZE_BITS 3072 +#elif RSA_2048 +# define RSA_MAX_KEY_SIZE_BITS 2048 +#elif RSA_1024 +# define RSA_MAX_KEY_SIZE_BITS 1024 +#else +# define RSA_MAX_KEY_SIZE_BITS 0 +#endif +#define MAX_RSA_KEY_BITS RSA_MAX_KEY_SIZE_BITS +#define MAX_RSA_KEY_BYTES ((RSA_MAX_KEY_SIZE_BITS + 7) / 8) + + +// Table 1:17 - Defines for AES Symmetric Cipher Algorithm Constants +#define AES_KEY_SIZES_BITS \ + (128 * AES_128), (192 * AES_192), (256 * AES_256) +#if AES_256 +# define AES_MAX_KEY_SIZE_BITS 256 +#elif AES_192 +# define AES_MAX_KEY_SIZE_BITS 192 +#elif AES_128 +# define AES_MAX_KEY_SIZE_BITS 128 +#else +# define AES_MAX_KEY_SIZE_BITS 0 +#endif +#define MAX_AES_KEY_BITS AES_MAX_KEY_SIZE_BITS +#define MAX_AES_KEY_BYTES ((AES_MAX_KEY_SIZE_BITS + 7) / 8) +#define AES_128_BLOCK_SIZE_BYTES (AES_128 * 16) +#define AES_192_BLOCK_SIZE_BYTES (AES_192 * 16) +#define AES_256_BLOCK_SIZE_BYTES (AES_256 * 16) +#define AES_BLOCK_SIZES \ + AES_128_BLOCK_SIZE_BYTES, AES_192_BLOCK_SIZE_BYTES, \ + AES_256_BLOCK_SIZE_BYTES +#if ALG_AES +# define AES_MAX_BLOCK_SIZE 16 +#else +# define AES_MAX_BLOCK_SIZE 0 +#endif +#define MAX_AES_BLOCK_SIZE_BYTES AES_MAX_BLOCK_SIZE + + +// Table 1:18 - Defines for SM4 Symmetric Cipher Algorithm Constants +#define SM4_KEY_SIZES_BITS (128 * SM4_128) +#if SM4_128 +# define SM4_MAX_KEY_SIZE_BITS 128 +#else +# define SM4_MAX_KEY_SIZE_BITS 0 +#endif +#define MAX_SM4_KEY_BITS SM4_MAX_KEY_SIZE_BITS +#define MAX_SM4_KEY_BYTES ((SM4_MAX_KEY_SIZE_BITS + 7) / 8) +#define SM4_128_BLOCK_SIZE_BYTES (SM4_128 * 16) +#define SM4_BLOCK_SIZES SM4_128_BLOCK_SIZE_BYTES +#if ALG_SM4 +# define SM4_MAX_BLOCK_SIZE 16 +#else +# define SM4_MAX_BLOCK_SIZE 0 +#endif +#define MAX_SM4_BLOCK_SIZE_BYTES SM4_MAX_BLOCK_SIZE + + +// Table 1:19 - Defines for CAMELLIA Symmetric Cipher Algorithm Constants +#define CAMELLIA_KEY_SIZES_BITS \ + (128 * CAMELLIA_128), (192 * CAMELLIA_192), (256 * CAMELLIA_256) +#if CAMELLIA_256 +# define CAMELLIA_MAX_KEY_SIZE_BITS 256 +#elif CAMELLIA_192 +# define CAMELLIA_MAX_KEY_SIZE_BITS 192 +#elif CAMELLIA_128 +# define CAMELLIA_MAX_KEY_SIZE_BITS 128 +#else +# define CAMELLIA_MAX_KEY_SIZE_BITS 0 +#endif +#define MAX_CAMELLIA_KEY_BITS CAMELLIA_MAX_KEY_SIZE_BITS +#define MAX_CAMELLIA_KEY_BYTES ((CAMELLIA_MAX_KEY_SIZE_BITS + 7) / 8) +#define CAMELLIA_128_BLOCK_SIZE_BYTES (CAMELLIA_128 * 16) +#define CAMELLIA_192_BLOCK_SIZE_BYTES (CAMELLIA_192 * 16) +#define CAMELLIA_256_BLOCK_SIZE_BYTES (CAMELLIA_256 * 16) +#define CAMELLIA_BLOCK_SIZES \ + CAMELLIA_128_BLOCK_SIZE_BYTES, CAMELLIA_192_BLOCK_SIZE_BYTES, \ + CAMELLIA_256_BLOCK_SIZE_BYTES +#if ALG_CAMELLIA +# define CAMELLIA_MAX_BLOCK_SIZE 16 +#else +# define CAMELLIA_MAX_BLOCK_SIZE 0 +#endif +#define MAX_CAMELLIA_BLOCK_SIZE_BYTES CAMELLIA_MAX_BLOCK_SIZE + + +// Table 1:17 - Defines for TDES Symmetric Cipher Algorithm Constants +#define TDES_KEY_SIZES_BITS (128 * TDES_128), (192 * TDES_192) +#if TDES_192 +# define TDES_MAX_KEY_SIZE_BITS 192 +#elif TDES_128 +# define TDES_MAX_KEY_SIZE_BITS 128 +#else +# define TDES_MAX_KEY_SIZE_BITS 0 +#endif +#define MAX_TDES_KEY_BITS TDES_MAX_KEY_SIZE_BITS +#define MAX_TDES_KEY_BYTES ((TDES_MAX_KEY_SIZE_BITS + 7) / 8) +#define TDES_128_BLOCK_SIZE_BYTES (TDES_128 * 8) +#define TDES_192_BLOCK_SIZE_BYTES (TDES_192 * 8) +#define TDES_BLOCK_SIZES \ + TDES_128_BLOCK_SIZE_BYTES, TDES_192_BLOCK_SIZE_BYTES +#if ALG_TDES +# define TDES_MAX_BLOCK_SIZE 8 +#else +# define TDES_MAX_BLOCK_SIZE 0 +#endif +#define MAX_TDES_BLOCK_SIZE_BYTES TDES_MAX_BLOCK_SIZE + + +// Additional values for benefit of code +#define TPM_CC_FIRST 0x0000011F +#define TPM_CC_LAST 0x00000197 + + +#if COMPRESSED_LISTS +#define ADD_FILL 0 +#else +#define ADD_FILL 1 +#endif + +// Size the array of library commands based on whether or not +// the array is packed (only defined commands) or dense +// (having entries for unimplemented commands) +#define LIBRARY_COMMAND_ARRAY_SIZE (0 \ + + (ADD_FILL || CC_NV_UndefineSpaceSpecial) /* 0x0000011F */ \ + + (ADD_FILL || CC_EvictControl) /* 0x00000120 */ \ + + (ADD_FILL || CC_HierarchyControl) /* 0x00000121 */ \ + + (ADD_FILL || CC_NV_UndefineSpace) /* 0x00000122 */ \ + + ADD_FILL /* 0x00000123 */ \ + + (ADD_FILL || CC_ChangeEPS) /* 0x00000124 */ \ + + (ADD_FILL || CC_ChangePPS) /* 0x00000125 */ \ + + (ADD_FILL || CC_Clear) /* 0x00000126 */ \ + + (ADD_FILL || CC_ClearControl) /* 0x00000127 */ \ + + (ADD_FILL || CC_ClockSet) /* 0x00000128 */ \ + + (ADD_FILL || CC_HierarchyChangeAuth) /* 0x00000129 */ \ + + (ADD_FILL || CC_NV_DefineSpace) /* 0x0000012A */ \ + + (ADD_FILL || CC_PCR_Allocate) /* 0x0000012B */ \ + + (ADD_FILL || CC_PCR_SetAuthPolicy) /* 0x0000012C */ \ + + (ADD_FILL || CC_PP_Commands) /* 0x0000012D */ \ + + (ADD_FILL || CC_SetPrimaryPolicy) /* 0x0000012E */ \ + + (ADD_FILL || CC_FieldUpgradeStart) /* 0x0000012F */ \ + + (ADD_FILL || CC_ClockRateAdjust) /* 0x00000130 */ \ + + (ADD_FILL || CC_CreatePrimary) /* 0x00000131 */ \ + + (ADD_FILL || CC_NV_GlobalWriteLock) /* 0x00000132 */ \ + + (ADD_FILL || CC_GetCommandAuditDigest) /* 0x00000133 */ \ + + (ADD_FILL || CC_NV_Increment) /* 0x00000134 */ \ + + (ADD_FILL || CC_NV_SetBits) /* 0x00000135 */ \ + + (ADD_FILL || CC_NV_Extend) /* 0x00000136 */ \ + + (ADD_FILL || CC_NV_Write) /* 0x00000137 */ \ + + (ADD_FILL || CC_NV_WriteLock) /* 0x00000138 */ \ + + (ADD_FILL || CC_DictionaryAttackLockReset) /* 0x00000139 */ \ + + (ADD_FILL || CC_DictionaryAttackParameters) /* 0x0000013A */ \ + + (ADD_FILL || CC_NV_ChangeAuth) /* 0x0000013B */ \ + + (ADD_FILL || CC_PCR_Event) /* 0x0000013C */ \ + + (ADD_FILL || CC_PCR_Reset) /* 0x0000013D */ \ + + (ADD_FILL || CC_SequenceComplete) /* 0x0000013E */ \ + + (ADD_FILL || CC_SetAlgorithmSet) /* 0x0000013F */ \ + + (ADD_FILL || CC_SetCommandCodeAuditStatus) /* 0x00000140 */ \ + + (ADD_FILL || CC_FieldUpgradeData) /* 0x00000141 */ \ + + (ADD_FILL || CC_IncrementalSelfTest) /* 0x00000142 */ \ + + (ADD_FILL || CC_SelfTest) /* 0x00000143 */ \ + + (ADD_FILL || CC_Startup) /* 0x00000144 */ \ + + (ADD_FILL || CC_Shutdown) /* 0x00000145 */ \ + + (ADD_FILL || CC_StirRandom) /* 0x00000146 */ \ + + (ADD_FILL || CC_ActivateCredential) /* 0x00000147 */ \ + + (ADD_FILL || CC_Certify) /* 0x00000148 */ \ + + (ADD_FILL || CC_PolicyNV) /* 0x00000149 */ \ + + (ADD_FILL || CC_CertifyCreation) /* 0x0000014A */ \ + + (ADD_FILL || CC_Duplicate) /* 0x0000014B */ \ + + (ADD_FILL || CC_GetTime) /* 0x0000014C */ \ + + (ADD_FILL || CC_GetSessionAuditDigest) /* 0x0000014D */ \ + + (ADD_FILL || CC_NV_Read) /* 0x0000014E */ \ + + (ADD_FILL || CC_NV_ReadLock) /* 0x0000014F */ \ + + (ADD_FILL || CC_ObjectChangeAuth) /* 0x00000150 */ \ + + (ADD_FILL || CC_PolicySecret) /* 0x00000151 */ \ + + (ADD_FILL || CC_Rewrap) /* 0x00000152 */ \ + + (ADD_FILL || CC_Create) /* 0x00000153 */ \ + + (ADD_FILL || CC_ECDH_ZGen) /* 0x00000154 */ \ + + (ADD_FILL || CC_HMAC || CC_MAC) /* 0x00000155 */ \ + + (ADD_FILL || CC_Import) /* 0x00000156 */ \ + + (ADD_FILL || CC_Load) /* 0x00000157 */ \ + + (ADD_FILL || CC_Quote) /* 0x00000158 */ \ + + (ADD_FILL || CC_RSA_Decrypt) /* 0x00000159 */ \ + + ADD_FILL /* 0x0000015A */ \ + + (ADD_FILL || CC_HMAC_Start || CC_MAC_Start) /* 0x0000015B */ \ + + (ADD_FILL || CC_SequenceUpdate) /* 0x0000015C */ \ + + (ADD_FILL || CC_Sign) /* 0x0000015D */ \ + + (ADD_FILL || CC_Unseal) /* 0x0000015E */ \ + + ADD_FILL /* 0x0000015F */ \ + + (ADD_FILL || CC_PolicySigned) /* 0x00000160 */ \ + + (ADD_FILL || CC_ContextLoad) /* 0x00000161 */ \ + + (ADD_FILL || CC_ContextSave) /* 0x00000162 */ \ + + (ADD_FILL || CC_ECDH_KeyGen) /* 0x00000163 */ \ + + (ADD_FILL || CC_EncryptDecrypt) /* 0x00000164 */ \ + + (ADD_FILL || CC_FlushContext) /* 0x00000165 */ \ + + ADD_FILL /* 0x00000166 */ \ + + (ADD_FILL || CC_LoadExternal) /* 0x00000167 */ \ + + (ADD_FILL || CC_MakeCredential) /* 0x00000168 */ \ + + (ADD_FILL || CC_NV_ReadPublic) /* 0x00000169 */ \ + + (ADD_FILL || CC_PolicyAuthorize) /* 0x0000016A */ \ + + (ADD_FILL || CC_PolicyAuthValue) /* 0x0000016B */ \ + + (ADD_FILL || CC_PolicyCommandCode) /* 0x0000016C */ \ + + (ADD_FILL || CC_PolicyCounterTimer) /* 0x0000016D */ \ + + (ADD_FILL || CC_PolicyCpHash) /* 0x0000016E */ \ + + (ADD_FILL || CC_PolicyLocality) /* 0x0000016F */ \ + + (ADD_FILL || CC_PolicyNameHash) /* 0x00000170 */ \ + + (ADD_FILL || CC_PolicyOR) /* 0x00000171 */ \ + + (ADD_FILL || CC_PolicyTicket) /* 0x00000172 */ \ + + (ADD_FILL || CC_ReadPublic) /* 0x00000173 */ \ + + (ADD_FILL || CC_RSA_Encrypt) /* 0x00000174 */ \ + + ADD_FILL /* 0x00000175 */ \ + + (ADD_FILL || CC_StartAuthSession) /* 0x00000176 */ \ + + (ADD_FILL || CC_VerifySignature) /* 0x00000177 */ \ + + (ADD_FILL || CC_ECC_Parameters) /* 0x00000178 */ \ + + (ADD_FILL || CC_FirmwareRead) /* 0x00000179 */ \ + + (ADD_FILL || CC_GetCapability) /* 0x0000017A */ \ + + (ADD_FILL || CC_GetRandom) /* 0x0000017B */ \ + + (ADD_FILL || CC_GetTestResult) /* 0x0000017C */ \ + + (ADD_FILL || CC_Hash) /* 0x0000017D */ \ + + (ADD_FILL || CC_PCR_Read) /* 0x0000017E */ \ + + (ADD_FILL || CC_PolicyPCR) /* 0x0000017F */ \ + + (ADD_FILL || CC_PolicyRestart) /* 0x00000180 */ \ + + (ADD_FILL || CC_ReadClock) /* 0x00000181 */ \ + + (ADD_FILL || CC_PCR_Extend) /* 0x00000182 */ \ + + (ADD_FILL || CC_PCR_SetAuthValue) /* 0x00000183 */ \ + + (ADD_FILL || CC_NV_Certify) /* 0x00000184 */ \ + + (ADD_FILL || CC_EventSequenceComplete) /* 0x00000185 */ \ + + (ADD_FILL || CC_HashSequenceStart) /* 0x00000186 */ \ + + (ADD_FILL || CC_PolicyPhysicalPresence) /* 0x00000187 */ \ + + (ADD_FILL || CC_PolicyDuplicationSelect) /* 0x00000188 */ \ + + (ADD_FILL || CC_PolicyGetDigest) /* 0x00000189 */ \ + + (ADD_FILL || CC_TestParms) /* 0x0000018A */ \ + + (ADD_FILL || CC_Commit) /* 0x0000018B */ \ + + (ADD_FILL || CC_PolicyPassword) /* 0x0000018C */ \ + + (ADD_FILL || CC_ZGen_2Phase) /* 0x0000018D */ \ + + (ADD_FILL || CC_EC_Ephemeral) /* 0x0000018E */ \ + + (ADD_FILL || CC_PolicyNvWritten) /* 0x0000018F */ \ + + (ADD_FILL || CC_PolicyTemplate) /* 0x00000190 */ \ + + (ADD_FILL || CC_CreateLoaded) /* 0x00000191 */ \ + + (ADD_FILL || CC_PolicyAuthorizeNV) /* 0x00000192 */ \ + + (ADD_FILL || CC_EncryptDecrypt2) /* 0x00000193 */ \ + + (ADD_FILL || CC_AC_GetCapability) /* 0x00000194 */ \ + + (ADD_FILL || CC_AC_Send) /* 0x00000195 */ \ + + (ADD_FILL || CC_Policy_AC_SendSelect) /* 0x00000196 */ \ + + (ADD_FILL || CC_CertifyX509) /* 0x00000197 */ \ + ) + +#define VENDOR_COMMAND_ARRAY_SIZE (0 + CC_Vendor_TCG_Test) + +#define COMMAND_COUNT (LIBRARY_COMMAND_ARRAY_SIZE + VENDOR_COMMAND_ARRAY_SIZE) + +#define HASH_COUNT \ + (ALG_SHA1 + ALG_SHA256 + ALG_SHA384 + ALG_SHA3_256 + \ + ALG_SHA3_384 + ALG_SHA3_512 + ALG_SHA512 + ALG_SM3_256) + +#define MAX_HASH_BLOCK_SIZE \ + (MAX(ALG_SHA1 * SHA1_BLOCK_SIZE, \ + MAX(ALG_SHA256 * SHA256_BLOCK_SIZE, \ + MAX(ALG_SHA384 * SHA384_BLOCK_SIZE, \ + MAX(ALG_SHA3_256 * SHA3_256_BLOCK_SIZE, \ + MAX(ALG_SHA3_384 * SHA3_384_BLOCK_SIZE, \ + MAX(ALG_SHA3_512 * SHA3_512_BLOCK_SIZE, \ + MAX(ALG_SHA512 * SHA512_BLOCK_SIZE, \ + MAX(ALG_SM3_256 * SM3_256_BLOCK_SIZE, \ + 0))))))))) + +#define MAX_DIGEST_SIZE \ + (MAX(ALG_SHA1 * SHA1_DIGEST_SIZE, \ + MAX(ALG_SHA256 * SHA256_DIGEST_SIZE, \ + MAX(ALG_SHA384 * SHA384_DIGEST_SIZE, \ + MAX(ALG_SHA3_256 * SHA3_256_DIGEST_SIZE, \ + MAX(ALG_SHA3_384 * SHA3_384_DIGEST_SIZE, \ + MAX(ALG_SHA3_512 * SHA3_512_DIGEST_SIZE, \ + MAX(ALG_SHA512 * SHA512_DIGEST_SIZE, \ + MAX(ALG_SM3_256 * SM3_256_DIGEST_SIZE, \ + 0))))))))) + + +#if MAX_DIGEST_SIZE == 0 || MAX_HASH_BLOCK_SIZE == 0 +#error "Hash data not valid" +#endif + +// Define the 2B structure that would hold any hash block +TPM2B_TYPE(MAX_HASH_BLOCK, MAX_HASH_BLOCK_SIZE); + +// Following typedef is for some old code +typedef TPM2B_MAX_HASH_BLOCK TPM2B_HASH_BLOCK; + +/* Additional symmetric constants */ +#define MAX_SYM_KEY_BITS \ + (MAX(AES_MAX_KEY_SIZE_BITS, MAX(CAMELLIA_MAX_KEY_SIZE_BITS, \ + MAX(SM4_MAX_KEY_SIZE_BITS, MAX(TDES_MAX_KEY_SIZE_BITS, \ + 0))))) + +#define MAX_SYM_KEY_BYTES ((MAX_SYM_KEY_BITS + 7) / 8) + +#define MAX_SYM_BLOCK_SIZE \ + (MAX(AES_MAX_BLOCK_SIZE, MAX(CAMELLIA_MAX_BLOCK_SIZE, \ + MAX(SM4_MAX_BLOCK_SIZE, MAX(TDES_MAX_BLOCK_SIZE, \ + 0))))) + +#if MAX_SYM_KEY_BITS == 0 || MAX_SYM_BLOCK_SIZE == 0 +# error Bad size for MAX_SYM_KEY_BITS or MAX_SYM_BLOCK +#endif + + +#endif // _TPM_ALGORITHM_DEFINES_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/TpmBuildSwitches.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/TpmBuildSwitches.h new file mode 100644 index 000000000..7ab437684 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/TpmBuildSwitches.h @@ -0,0 +1,341 @@ + +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +// This file contains the build switches. This contains switches for multiple +// versions of the crypto-library so some may not apply to your environment. +// +// The switches are guarded so that they can either be set on the command line or +// set here. If the switch is listed on the command line (-DSOME_SWITCH) with NO +// setting, then the switch will be set to YES. If the switch setting is not on the +// command line or if the setting is other than YES or NO, then the switch will be set +// to the default value. The default can either be YES or NO as indicated on each line +// where the default is selected. +// +// A caution. Do not try to test these macros by inserting #defines in this file. For +// some curious reason, a variable set on the command line with no setting will have a +// value of 1. An #if SOME_VARIABLE will work if the variable is not defined or is +// defined on the command line with no initial setting. However, a +// "#define SOME_VARIABLE" is a null string and when used in "#if SOME_VARIABLE" will +// not be a proper expression If you want to test various switches, either use the +// command line or change the default. +// +#ifndef _TPM_BUILD_SWITCHES_H_ +#define _TPM_BUILD_SWITCHES_H_ + +#undef YES +#define YES 1 +#undef NO +#define NO 0 + +// Allow the command line to specify a "profile" file +#ifdef PROFILE +# define PROFILE_QUOTE(a) #a +# define PROFILE_INCLUDE(a) PROFILE_QUOTE(a) +# include PROFILE_INCLUDE(PROFILE) +#endif + +// Need an unambiguous definition for DEBUG. Don't change this +#ifndef DEBUG +# ifdef NDEBUG +# define DEBUG NO +# else +# define DEBUG YES +# endif +#elif (DEBUG != NO) && (DEBUG != YES) +# undef DEBUG +# define DEBUG YES // Default: Either YES or NO +#endif + +#include "CompilerDependencies.h" + +// This definition is required for the re-factored code +#if (!defined USE_BN_ECC_DATA) \ + || ((USE_BN_ECC_DATA != NO) && (USE_BN_ECC_DATA != YES)) +# undef USE_BN_ECC_DATA +# define USE_BN_ECC_DATA YES // Default: Either YES or NO +#endif + +// The SIMULATION switch allows certain other macros to be enabled. The things that +// can be enabled in a simulation include key caching, reproducible "random" +// sequences, instrumentation of the RSA key generation process, and certain other +// debug code. SIMULATION Needs to be defined as either YES or NO. This grouping of +// macros will make sure that it is set correctly. A simulated TPM would include a +// Virtual TPM. The interfaces for a Virtual TPM should be modified from the standard +// ones in the Simulator project. +// +// If SIMULATION is in the compile parameters without modifiers, +// make SIMULATION == YES +#if !(defined SIMULATION) || ((SIMULATION != NO) && (SIMULATION != YES)) +# undef SIMULATION +# define SIMULATION YES // Default: Either YES or NO +#endif + +// Define this to run the function that checks the compatibility between the +// chosen big number math library and the TPM code. Not all ports use this. +#if !(defined LIBRARY_COMPATABILITY_CHECK) \ + || ((LIBRARY_COMPATABILITY_CHECK != NO) \ + && (LIBRARY_COMPATABILITY_CHECK != YES)) +# undef LIBRARY_COMPATABILITY_CHECK +# define LIBRARY_COMPATABILITY_CHECK YES // Default: Either YES or NO +#endif + +#if !(defined FIPS_COMPLIANT) || ((FIPS_COMPLIANT != NO) && (FIPS_COMPLIANT != YES)) +# undef FIPS_COMPLIANT +# define FIPS_COMPLIANT YES // Default: Either YES or NO +#endif + +// Definition to allow alternate behavior for non-orderly startup. If there is a +// chance that the TPM could not update 'failedTries' +#if !(defined USE_DA_USED) || ((USE_DA_USED != NO) && (USE_DA_USED != YES)) +# undef USE_DA_USED +# define USE_DA_USED YES // Default: Either YES or NO +#endif + +// Define TABLE_DRIVEN_DISPATCH to use tables rather than case statements +// for command dispatch and handle unmarshaling +#if !(defined TABLE_DRIVEN_DISPATCH) \ + || ((TABLE_DRIVEN_DISPATCH != NO) && (TABLE_DRIVEN_DISPATCH != YES)) +# undef TABLE_DRIVEN_DISPATCH +# define TABLE_DRIVEN_DISPATCH YES // Default: Either YES or NO +#endif + +// This switch is used to enable the self-test capability in AlgorithmTests.c +#if !(defined SELF_TEST) || ((SELF_TEST != NO) && (SELF_TEST != YES)) +# undef SELF_TEST +# define SELF_TEST YES // Default: Either YES or NO +#endif + +// Enable the generation of RSA primes using a sieve. +#if !(defined RSA_KEY_SIEVE) || ((RSA_KEY_SIEVE != NO) && (RSA_KEY_SIEVE != YES)) +# undef RSA_KEY_SIEVE +# define RSA_KEY_SIEVE YES // Default: Either YES or NO +#endif + +// Enable the instrumentation of the sieve process. This is used to tune the sieve +// variables. +#if RSA_KEY_SIEVE && SIMULATION +# if !(defined RSA_INSTRUMENT) \ + || ((RSA_INSTRUMENT != NO) && (RSA_INSTRUMENT != YES)) +# undef RSA_INSTRUMENT +# define RSA_INSTRUMENT NO // Default: Either YES or NO +# endif +#endif + +// This switch enables the RNG state save and restore +#if !(defined _DRBG_STATE_SAVE) \ + || ((_DRBG_STATE_SAVE != NO) && (_DRBG_STATE_SAVE != YES)) +# undef _DRBG_STATE_SAVE +# define _DRBG_STATE_SAVE YES // Default: Either YES or NO +#endif + +// Switch added to support packed lists that leave out space associated with +// unimplemented commands. Comment this out to use linear lists. +// Note: if vendor specific commands are present, the associated list is always +// in compressed form. +#if !(defined COMPRESSED_LISTS) \ + || ((COMPRESSED_LISTS != NO) && (COMPRESSED_LISTS != YES)) +# undef COMPRESSED_LISTS +# define COMPRESSED_LISTS YES // Default: Either YES or NO +#endif + +// This switch indicates where clock epoch value should be stored. If this value +// defined, then it is assumed that the timer will change at any time so the +// nonce should be a random number kept in RAM. When it is not defined, then the +// timer only stops during power outages. +#if !(defined CLOCK_STOPS) || ((CLOCK_STOPS != NO) && (CLOCK_STOPS != YES)) +# undef CLOCK_STOPS +# define CLOCK_STOPS NO // Default: Either YES or NO +#endif + +// This switch allows use of #defines in place of pass-through marshaling or +// unmarshaling code. A pass-through function just calls another function to do +// the required function and does no parameter checking of its own. The +// table-driven dispatcher calls directly to the lowest level +// marshaling/unmarshaling code and by-passes any pass-through functions. +#if (defined USE_MARSHALING_DEFINES) && (USE_MARSHALING_DEFINES != NO) +# undef USE_MARSHALING_DEFINES +# define USE_MARSHALING_DEFINES YES +#else +# define USE_MARSHALING_DEFINES YES // Default: Either YES or NO +#endif + +//********************************** +// The switches in this group can only be enabled when doing debug during simulation +#if SIMULATION && DEBUG +// Enables use of the key cache. Default is YES +# if !(defined USE_RSA_KEY_CACHE) \ + || ((USE_RSA_KEY_CACHE != NO) && (USE_RSA_KEY_CACHE != YES)) +# undef USE_RSA_KEY_CACHE +# define USE_RSA_KEY_CACHE YES // Default: Either YES or NO +# endif + +// Enables use of a file to store the key cache values so that the TPM will start +// faster during debug. Default for this is YES +# if USE_RSA_KEY_CACHE +# if !(defined USE_KEY_CACHE_FILE) \ + || ((USE_KEY_CACHE_FILE != NO) && (USE_KEY_CACHE_FILE != YES)) +# undef USE_KEY_CACHE_FILE +# define USE_KEY_CACHE_FILE YES // Default: Either YES or NO +# endif +# else +# undef USE_KEY_CACHE_FILE +# define USE_KEY_CACHE_FILE NO +# endif // USE_RSA_KEY_CACHE + +// This provides fixed seeding of the RNG when doing debug on a simulator. This +// should allow consistent results on test runs as long as the input parameters +// to the functions remains the same. There is no default value. +# if !(defined USE_DEBUG_RNG) || ((USE_DEBUG_RNG != NO) && (USE_DEBUG_RNG != YES)) +# undef USE_DEBUG_RNG +# define USE_DEBUG_RNG YES // Default: Either YES or NO +# endif + +// Don't change these. They are the settings needed when not doing a simulation and +// not doing debug. Can't use the key cache except during debug. Otherwise, all of the +// key values end up being the same +#else +# define USE_RSA_KEY_CACHE NO +# define USE_RSA_KEY_CACHE_FILE NO +# define USE_DEBUG_RNG NO +#endif // DEBUG && SIMULATION + +#if DEBUG + +// In some cases, the relationship between two values may be dependent +// on things that change based on various selections like the chosen cryptographic +// libraries. It is possible that these selections will result in incompatible +// settings. These are often detectable by the compiler but it isn't always +// possible to do the check in the preprocessor code. For example, when the +// check requires use of 'sizeof()' then the preprocessor can't do the comparison. +// For these cases, we include a special macro that, depending on the compiler +// will generate a warning to indicate if the check always passes or always fails +// because it involves fixed constants. To run these checks, define COMPILER_CHECKS. +# if !(defined COMPILER_CHECKS) \ + || ((COMPILER_CHECKS != NO) && (COMPILER_CHECKS != YES)) +# undef COMPILER_CHECKS +# define COMPILER_CHECKS NO // Default: Either YES or NO +# endif + +// Some of the values (such as sizes) are the result of different options set in +// TpmProfile.h. The combination might not be consistent. A function is defined +// (TpmSizeChecks()) that is used to verify the sizes at run time. To enable the +// function, define this parameter. +# if !(defined RUNTIME_SIZE_CHECKS) \ + || ((RUNTIME_SIZE_CHECKS != NO) && (RUNTIME_SIZE_CHECKS != YES)) +# undef RUNTIME_SIZE_CHECKS +# define RUNTIME_SIZE_CHECKS NO // Default: Either YES or NO +# endif + +// If doing debug, can set the DRBG to print out the intermediate test values. +// Before enabling this, make sure that the dbgDumpMemBlock() function +// has been added someplace (preferably, somewhere in CryptRand.c) +# if !(defined DRBG_DEBUG_PRINT) \ + || ((DRBG_DEBUG_PRINT != NO) && (DRBG_DEBUG_PRINT != YES)) +# undef DRBG_DEBUG_PRINT +# define DRBG_DEBUG_PRINT NO // Default: Either YES or NO +# endif + +// If an assertion event it not going to produce any trace information (function and +// line number) then make FAIL_TRACE == NO +# if !(defined FAIL_TRACE) || ((FAIL_TRACE != NO) && (FAIL_TRACE != YES)) +# undef FAIL_TRACE +# define FAIL_TRACE YES // Default: Either YES or NO +# endif + +#endif // DEBUG + +// Indicate if the implementation is going to give lockout time credit for time up to +// the last orderly shutdown. +#if !(defined ACCUMULATE_SELF_HEAL_TIMER) \ + || ((ACCUMULATE_SELF_HEAL_TIMER != NO) && (ACCUMULATE_SELF_HEAL_TIMER != YES)) +# undef ACCUMULATE_SELF_HEAL_TIMER +# define ACCUMULATE_SELF_HEAL_TIMER YES // Default: Either YES or NO +#endif + +// Indicates if the implementation is to compute the sizes of the proof and primary +// seed size values based on the implemented algorithms. +#if !(defined USE_SPEC_COMPLIANT_PROOFS) \ + || ((USE_SPEC_COMPLIANT_PROOFS != NO) && (USE_SPEC_COMPLIANT_PROOFS != YES)) +# undef USE_SPEC_COMPLIANT_PROOFS +# define USE_SPEC_COMPLIANT_PROOFS YES // Default: Either YES or NO +#endif + +// Comment this out to allow compile to continue even though the chosen proof values +// do not match the compliant values. This is written so that someone would +// have to proactively ignore errors. +#if !(defined SKIP_PROOF_ERRORS) \ + || ((SKIP_PROOF_ERRORS != NO) && (SKIP_PROOF_ERRORS != YES)) +# undef SKIP_PROOF_ERRORS +# define SKIP_PROOF_ERRORS NO // Default: Either YES or NO +#endif + +// This define is used to eliminate the use of bit-fields. It can be enabled for big- +// or little-endian machines. For big-endian architectures that numbers bits in +// registers from left to right (MSb0) this must be enabled. Little-endian machines +// number from right to left with the least significant bit having assigned a bit +// number of 0. These are LSb0 machines (they are also little-endian so they are also +// least-significant byte 0 (LSB0) machines. Big-endian (MSB0) machines may number in +// either direction (MSb0 or LSb0). For an MSB0+MSb0 machine this value is required to +// be 'NO' +#if !(defined USE_BIT_FIELD_STRUCTURES) \ + || ((USE_BIT_FIELD_STRUCTURES != NO) && (USE_BIT_FIELD_STRUCTURES != YES)) +# undef USE_BIT_FIELD_STRUCTURES +# define USE_BIT_FIELD_STRUCTURES DEBUG // Default: Either YES or NO +#endif + +// This define is used to enable any runtime checks of the interface between the +// cryptographic library (e.g., OpenSSL) and the thunking layer. +#if !(defined LIBRARY_COMPATIBILITY_CHECK) \ + || ((LIBRARY_COMPATIBILITY_CHECK != NO) && (LIBRARY_COMPATIBILITY_CHECK != YES)) +# undef LIBRARY_COMPATIBILITY_CHECK +# define LIBRARY_COMPATIBILITY_CHECK NO // Default: Either YES or NO +#endif + +// This define is used to control the debug for the CertifyX509 command. +#if !(defined CERTIFYX509_DEBUG) \ + || ((CERTIFYX509_DEBUG != NO) && (CERTIFYX509_DEBUG != YES)) +# undef CERTIFYX509_DEBUG +# define CERTIFYX509_DEBUG YES // Default: Either YES or NO +#endif + +// Change these definitions to turn all algorithms or commands ON or OFF. That is, +// to turn all algorithms on, set ALG_NO to YES. This is mostly useful as a debug +// feature. +#define ALG_YES YES +#define ALG_NO NO +#define CC_YES YES +#define CC_NO NO + +#endif // _TPM_BUILD_SWITCHES_H_ \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/TpmError.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/TpmError.h new file mode 100644 index 000000000..e90dbcae4 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/TpmError.h @@ -0,0 +1,56 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#ifndef _TPM_ERROR_H +#define _TPM_ERROR_H + +#define FATAL_ERROR_ALLOCATION (1) +#define FATAL_ERROR_DIVIDE_ZERO (2) +#define FATAL_ERROR_INTERNAL (3) +#define FATAL_ERROR_PARAMETER (4) +#define FATAL_ERROR_ENTROPY (5) +#define FATAL_ERROR_SELF_TEST (6) +#define FATAL_ERROR_CRYPTO (7) +#define FATAL_ERROR_NV_UNRECOVERABLE (8) +#define FATAL_ERROR_REMANUFACTURED (9) // indicates that the TPM has + // been re-manufactured after an + // unrecoverable NV error +#define FATAL_ERROR_DRBG (10) +#define FATAL_ERROR_MOVE_SIZE (11) +#define FATAL_ERROR_COUNTER_OVERFLOW (12) +#define FATAL_ERROR_SUBTRACT (13) +#define FATAL_ERROR_MATHLIBRARY (14) +#define FATAL_ERROR_FORCED (666) + +#endif // _TPM_ERROR_H diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/TpmProfile.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/TpmProfile.h new file mode 100644 index 000000000..7329f79ba --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/TpmProfile.h @@ -0,0 +1,789 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Apr 10, 2019 Time: 03:21:33PM + */ + +#ifndef _TPM_PROFILE_H_ +#define _TPM_PROFILE_H_ + +// Table 2:4 - Defines for Logic Values +#undef TRUE +#define TRUE 1 +#undef FALSE +#define FALSE 0 +#undef YES +#define YES 1 +#undef NO +#define NO 0 +#undef SET +#define SET 1 +#undef CLEAR +#define CLEAR 0 + +// Table 0:1 - Defines for Processor Values +#ifndef BIG_ENDIAN_TPM +#define BIG_ENDIAN_TPM NO +#endif +#ifndef LITTLE_ENDIAN_TPM +#define LITTLE_ENDIAN_TPM !BIG_ENDIAN_TPM +#endif +#ifndef MOST_SIGNIFICANT_BIT_0 +#define MOST_SIGNIFICANT_BIT_0 NO +#endif +#ifndef LEAST_SIGNIFICANT_BIT_0 +#define LEAST_SIGNIFICANT_BIT_0 !MOST_SIGNIFICANT_BIT_0 +#endif +#ifndef AUTO_ALIGN +#define AUTO_ALIGN NO +#endif + +// Table 0:4 - Defines for Implemented Curves +#ifndef ECC_NIST_P192 +#define ECC_NIST_P192 NO +#endif +#ifndef ECC_NIST_P224 +#define ECC_NIST_P224 NO +#endif +#ifndef ECC_NIST_P256 +#define ECC_NIST_P256 YES +#endif +#ifndef ECC_NIST_P384 +#define ECC_NIST_P384 YES +#endif +#ifndef ECC_NIST_P521 +#define ECC_NIST_P521 NO +#endif +#ifndef ECC_BN_P256 +#define ECC_BN_P256 YES +#endif +#ifndef ECC_BN_P638 +#define ECC_BN_P638 NO +#endif +#ifndef ECC_SM2_P256 +#define ECC_SM2_P256 NO +#endif + +// Table 0:7 - Defines for Implementation Values +#ifndef FIELD_UPGRADE_IMPLEMENTED +#define FIELD_UPGRADE_IMPLEMENTED NO +#endif +#ifndef HASH_ALIGNMENT +#define HASH_ALIGNMENT 4 +#endif +#ifndef SYMMETRIC_ALIGNMENT +#define SYMMETRIC_ALIGNMENT 4 +#endif +#ifndef HASH_LIB +#define HASH_LIB Ossl +#endif +#ifndef SYM_LIB +#define SYM_LIB Ossl +#endif +#ifndef MATH_LIB +#define MATH_LIB Ossl +#endif +#ifndef BSIZE +#define BSIZE UINT16 +#endif +#ifndef IMPLEMENTATION_PCR +#define IMPLEMENTATION_PCR 24 +#endif +#ifndef PCR_SELECT_MAX +#define PCR_SELECT_MAX ((IMPLEMENTATION_PCR+7)/8) +#endif +#ifndef PLATFORM_PCR +#define PLATFORM_PCR 24 +#endif +#ifndef PCR_SELECT_MIN +#define PCR_SELECT_MIN ((PLATFORM_PCR+7)/8) +#endif +#ifndef DRTM_PCR +#define DRTM_PCR 17 +#endif +#ifndef HCRTM_PCR +#define HCRTM_PCR 0 +#endif +#ifndef NUM_LOCALITIES +#define NUM_LOCALITIES 5 +#endif +#ifndef MAX_HANDLE_NUM +#define MAX_HANDLE_NUM 3 +#endif +#ifndef MAX_ACTIVE_SESSIONS +#define MAX_ACTIVE_SESSIONS 64 +#endif +#ifndef CONTEXT_SLOT +#define CONTEXT_SLOT UINT16 +#endif +#ifndef CONTEXT_COUNTER +#define CONTEXT_COUNTER UINT64 +#endif +#ifndef MAX_LOADED_SESSIONS +#define MAX_LOADED_SESSIONS 3 +#endif +#ifndef MAX_SESSION_NUM +#define MAX_SESSION_NUM 3 +#endif +#ifndef MAX_LOADED_OBJECTS +#define MAX_LOADED_OBJECTS 3 +#endif +#ifndef MIN_EVICT_OBJECTS +#define MIN_EVICT_OBJECTS 2 +#endif +#ifndef NUM_POLICY_PCR_GROUP +#define NUM_POLICY_PCR_GROUP 1 +#endif +#ifndef NUM_AUTHVALUE_PCR_GROUP +#define NUM_AUTHVALUE_PCR_GROUP 1 +#endif +#ifndef MAX_CONTEXT_SIZE +#define MAX_CONTEXT_SIZE 1264 +#endif +#ifndef MAX_DIGEST_BUFFER +#define MAX_DIGEST_BUFFER 1024 +#endif +#ifndef MAX_NV_INDEX_SIZE +#define MAX_NV_INDEX_SIZE 2048 +#endif +#ifndef MAX_NV_BUFFER_SIZE +#define MAX_NV_BUFFER_SIZE 1024 +#endif +#ifndef MAX_CAP_BUFFER +#define MAX_CAP_BUFFER 1024 +#endif +#ifndef NV_MEMORY_SIZE +#define NV_MEMORY_SIZE 16384 +#endif +#ifndef MIN_COUNTER_INDICES +#define MIN_COUNTER_INDICES 8 +#endif +#ifndef NUM_STATIC_PCR +#define NUM_STATIC_PCR 16 +#endif +#ifndef MAX_ALG_LIST_SIZE +#define MAX_ALG_LIST_SIZE 64 +#endif +#ifndef PRIMARY_SEED_SIZE +#define PRIMARY_SEED_SIZE 32 +#endif +#ifndef CONTEXT_ENCRYPT_ALGORITHM +#define CONTEXT_ENCRYPT_ALGORITHM AES +#endif +#ifndef NV_CLOCK_UPDATE_INTERVAL +#define NV_CLOCK_UPDATE_INTERVAL 12 +#endif +#ifndef NUM_POLICY_PCR +#define NUM_POLICY_PCR 1 +#endif +#ifndef MAX_COMMAND_SIZE +#define MAX_COMMAND_SIZE 4096 +#endif +#ifndef MAX_RESPONSE_SIZE +#define MAX_RESPONSE_SIZE 4096 +#endif +#ifndef ORDERLY_BITS +#define ORDERLY_BITS 8 +#endif +#ifndef MAX_SYM_DATA +#define MAX_SYM_DATA 128 +#endif +#ifndef MAX_RNG_ENTROPY_SIZE +#define MAX_RNG_ENTROPY_SIZE 64 +#endif +#ifndef RAM_INDEX_SPACE +#define RAM_INDEX_SPACE 512 +#endif +#ifndef RSA_DEFAULT_PUBLIC_EXPONENT +#define RSA_DEFAULT_PUBLIC_EXPONENT 0x00010001 +#endif +#ifndef ENABLE_PCR_NO_INCREMENT +#define ENABLE_PCR_NO_INCREMENT YES +#endif +#ifndef CRT_FORMAT_RSA +#define CRT_FORMAT_RSA YES +#endif +#ifndef VENDOR_COMMAND_COUNT +#define VENDOR_COMMAND_COUNT 0 +#endif +#ifndef MAX_VENDOR_BUFFER_SIZE +#define MAX_VENDOR_BUFFER_SIZE 1024 +#endif +#ifndef TPM_MAX_DERIVATION_BITS +#define TPM_MAX_DERIVATION_BITS 8192 +#endif +#ifndef RSA_MAX_PRIME +#define RSA_MAX_PRIME (MAX_RSA_KEY_BYTES/2) +#endif +#ifndef RSA_PRIVATE_SIZE +#define RSA_PRIVATE_SIZE (RSA_MAX_PRIME*5) +#endif +#ifndef SIZE_OF_X509_SERIAL_NUMBER +#define SIZE_OF_X509_SERIAL_NUMBER 20 +#endif +#ifndef PRIVATE_VENDOR_SPECIFIC_BYTES +#define PRIVATE_VENDOR_SPECIFIC_BYTES RSA_PRIVATE_SIZE +#endif + +// Table 0:2 - Defines for Implemented Algorithms +#ifndef ALG_AES +#define ALG_AES ALG_YES +#endif +#ifndef ALG_CAMELLIA +#define ALG_CAMELLIA ALG_NO /* Not specified by vendor */ +#endif +#ifndef ALG_CBC +#define ALG_CBC ALG_YES +#endif +#ifndef ALG_CFB +#define ALG_CFB ALG_YES +#endif +#ifndef ALG_CMAC +#define ALG_CMAC ALG_YES +#endif +#ifndef ALG_CTR +#define ALG_CTR ALG_YES +#endif +#ifndef ALG_ECB +#define ALG_ECB ALG_YES +#endif +#ifndef ALG_ECC +#define ALG_ECC ALG_YES +#endif +#ifndef ALG_ECDAA +#define ALG_ECDAA (ALG_YES && ALG_ECC) +#endif +#ifndef ALG_ECDH +#define ALG_ECDH (ALG_YES && ALG_ECC) +#endif +#ifndef ALG_ECDSA +#define ALG_ECDSA (ALG_YES && ALG_ECC) +#endif +#ifndef ALG_ECMQV +#define ALG_ECMQV (ALG_NO && ALG_ECC) +#endif +#ifndef ALG_ECSCHNORR +#define ALG_ECSCHNORR (ALG_YES && ALG_ECC) +#endif +#ifndef ALG_HMAC +#define ALG_HMAC ALG_YES +#endif +#ifndef ALG_KDF1_SP800_108 +#define ALG_KDF1_SP800_108 ALG_YES +#endif +#ifndef ALG_KDF1_SP800_56A +#define ALG_KDF1_SP800_56A (ALG_YES && ALG_ECC) +#endif +#ifndef ALG_KDF2 +#define ALG_KDF2 ALG_NO +#endif +#ifndef ALG_KEYEDHASH +#define ALG_KEYEDHASH ALG_YES +#endif +#ifndef ALG_MGF1 +#define ALG_MGF1 ALG_YES +#endif +#ifndef ALG_OAEP +#define ALG_OAEP (ALG_YES && ALG_RSA) +#endif +#ifndef ALG_OFB +#define ALG_OFB ALG_YES +#endif +#ifndef ALG_RSA +#define ALG_RSA ALG_YES +#endif +#ifndef ALG_RSAES +#define ALG_RSAES (ALG_YES && ALG_RSA) +#endif +#ifndef ALG_RSAPSS +#define ALG_RSAPSS (ALG_YES && ALG_RSA) +#endif +#ifndef ALG_RSASSA +#define ALG_RSASSA (ALG_YES && ALG_RSA) +#endif +#ifndef ALG_SHA +#define ALG_SHA ALG_NO /* Not specified by vendor */ +#endif +#ifndef ALG_SHA1 +#define ALG_SHA1 ALG_YES +#endif +#ifndef ALG_SHA256 +#define ALG_SHA256 ALG_YES +#endif +#ifndef ALG_SHA384 +#define ALG_SHA384 ALG_YES +#endif +#ifndef ALG_SHA3_256 +#define ALG_SHA3_256 ALG_NO /* Not specified by vendor */ +#endif +#ifndef ALG_SHA3_384 +#define ALG_SHA3_384 ALG_NO /* Not specified by vendor */ +#endif +#ifndef ALG_SHA3_512 +#define ALG_SHA3_512 ALG_NO /* Not specified by vendor */ +#endif +#ifndef ALG_SHA512 +#define ALG_SHA512 ALG_NO +#endif +#ifndef ALG_SM2 +#define ALG_SM2 (ALG_NO && ALG_ECC) +#endif +#ifndef ALG_SM3_256 +#define ALG_SM3_256 ALG_NO +#endif +#ifndef ALG_SM4 +#define ALG_SM4 ALG_NO +#endif +#ifndef ALG_SYMCIPHER +#define ALG_SYMCIPHER ALG_YES +#endif +#ifndef ALG_TDES +#define ALG_TDES ALG_NO +#endif +#ifndef ALG_XOR +#define ALG_XOR ALG_YES +#endif + +// Table 1:00 - Defines for RSA Asymmetric Cipher Algorithm Constants +#ifndef RSA_1024 +#define RSA_1024 (ALG_RSA & YES) +#endif +#ifndef RSA_2048 +#define RSA_2048 (ALG_RSA & YES) +#endif +#ifndef RSA_3072 +#define RSA_3072 (ALG_RSA & NO) +#endif +#ifndef RSA_4096 +#define RSA_4096 (ALG_RSA & NO) +#endif + +// Table 1:17 - Defines for AES Symmetric Cipher Algorithm Constants +#ifndef AES_128 +#define AES_128 (ALG_AES & YES) +#endif +#ifndef AES_192 +#define AES_192 (ALG_AES & NO) +#endif +#ifndef AES_256 +#define AES_256 (ALG_AES & YES) +#endif + +// Table 1:18 - Defines for SM4 Symmetric Cipher Algorithm Constants +#ifndef SM4_128 +#define SM4_128 (ALG_SM4 & YES) +#endif + +// Table 1:19 - Defines for CAMELLIA Symmetric Cipher Algorithm Constants +#ifndef CAMELLIA_128 +#define CAMELLIA_128 (ALG_CAMELLIA & YES) +#endif +#ifndef CAMELLIA_192 +#define CAMELLIA_192 (ALG_CAMELLIA & NO) +#endif +#ifndef CAMELLIA_256 +#define CAMELLIA_256 (ALG_CAMELLIA & NO) +#endif + +// Table 1:17 - Defines for TDES Symmetric Cipher Algorithm Constants +#ifndef TDES_128 +#define TDES_128 (ALG_TDES & YES) +#endif +#ifndef TDES_192 +#define TDES_192 (ALG_TDES & YES) +#endif + +// Table 0:5 - Defines for Implemented Commands +#ifndef CC_AC_GetCapability +#define CC_AC_GetCapability CC_YES +#endif +#ifndef CC_AC_Send +#define CC_AC_Send CC_YES +#endif +#ifndef CC_ActivateCredential +#define CC_ActivateCredential CC_YES +#endif +#ifndef CC_Certify +#define CC_Certify CC_YES +#endif +#ifndef CC_CertifyCreation +#define CC_CertifyCreation CC_YES +#endif +#ifndef CC_CertifyX509 +#define CC_CertifyX509 CC_YES +#endif +#ifndef CC_ChangeEPS +#define CC_ChangeEPS CC_YES +#endif +#ifndef CC_ChangePPS +#define CC_ChangePPS CC_YES +#endif +#ifndef CC_Clear +#define CC_Clear CC_YES +#endif +#ifndef CC_ClearControl +#define CC_ClearControl CC_YES +#endif +#ifndef CC_ClockRateAdjust +#define CC_ClockRateAdjust CC_YES +#endif +#ifndef CC_ClockSet +#define CC_ClockSet CC_YES +#endif +#ifndef CC_Commit +#define CC_Commit (CC_YES && ALG_ECC) +#endif +#ifndef CC_ContextLoad +#define CC_ContextLoad CC_YES +#endif +#ifndef CC_ContextSave +#define CC_ContextSave CC_YES +#endif +#ifndef CC_Create +#define CC_Create CC_YES +#endif +#ifndef CC_CreateLoaded +#define CC_CreateLoaded CC_YES +#endif +#ifndef CC_CreatePrimary +#define CC_CreatePrimary CC_YES +#endif +#ifndef CC_DictionaryAttackLockReset +#define CC_DictionaryAttackLockReset CC_YES +#endif +#ifndef CC_DictionaryAttackParameters +#define CC_DictionaryAttackParameters CC_YES +#endif +#ifndef CC_Duplicate +#define CC_Duplicate CC_YES +#endif +#ifndef CC_ECC_Parameters +#define CC_ECC_Parameters (CC_YES && ALG_ECC) +#endif +#ifndef CC_ECDH_KeyGen +#define CC_ECDH_KeyGen (CC_YES && ALG_ECC) +#endif +#ifndef CC_ECDH_ZGen +#define CC_ECDH_ZGen (CC_YES && ALG_ECC) +#endif +#ifndef CC_EC_Ephemeral +#define CC_EC_Ephemeral (CC_YES && ALG_ECC) +#endif +#ifndef CC_EncryptDecrypt +#define CC_EncryptDecrypt CC_YES +#endif +#ifndef CC_EncryptDecrypt2 +#define CC_EncryptDecrypt2 CC_YES +#endif +#ifndef CC_EventSequenceComplete +#define CC_EventSequenceComplete CC_YES +#endif +#ifndef CC_EvictControl +#define CC_EvictControl CC_YES +#endif +#ifndef CC_FieldUpgradeData +#define CC_FieldUpgradeData CC_NO +#endif +#ifndef CC_FieldUpgradeStart +#define CC_FieldUpgradeStart CC_NO +#endif +#ifndef CC_FirmwareRead +#define CC_FirmwareRead CC_NO +#endif +#ifndef CC_FlushContext +#define CC_FlushContext CC_YES +#endif +#ifndef CC_GetCapability +#define CC_GetCapability CC_YES +#endif +#ifndef CC_GetCommandAuditDigest +#define CC_GetCommandAuditDigest CC_YES +#endif +#ifndef CC_GetRandom +#define CC_GetRandom CC_YES +#endif +#ifndef CC_GetSessionAuditDigest +#define CC_GetSessionAuditDigest CC_YES +#endif +#ifndef CC_GetTestResult +#define CC_GetTestResult CC_YES +#endif +#ifndef CC_GetTime +#define CC_GetTime CC_YES +#endif +#ifndef CC_HMAC +#define CC_HMAC (CC_YES && !ALG_CMAC) +#endif +#ifndef CC_HMAC_Start +#define CC_HMAC_Start (CC_YES && !ALG_CMAC) +#endif +#ifndef CC_Hash +#define CC_Hash CC_YES +#endif +#ifndef CC_HashSequenceStart +#define CC_HashSequenceStart CC_YES +#endif +#ifndef CC_HierarchyChangeAuth +#define CC_HierarchyChangeAuth CC_YES +#endif +#ifndef CC_HierarchyControl +#define CC_HierarchyControl CC_YES +#endif +#ifndef CC_Import +#define CC_Import CC_YES +#endif +#ifndef CC_IncrementalSelfTest +#define CC_IncrementalSelfTest CC_YES +#endif +#ifndef CC_Load +#define CC_Load CC_YES +#endif +#ifndef CC_LoadExternal +#define CC_LoadExternal CC_YES +#endif +#ifndef CC_MAC +#define CC_MAC (CC_YES && ALG_CMAC) +#endif +#ifndef CC_MAC_Start +#define CC_MAC_Start (CC_YES && ALG_CMAC) +#endif +#ifndef CC_MakeCredential +#define CC_MakeCredential CC_YES +#endif +#ifndef CC_NV_Certify +#define CC_NV_Certify CC_YES +#endif +#ifndef CC_NV_ChangeAuth +#define CC_NV_ChangeAuth CC_YES +#endif +#ifndef CC_NV_DefineSpace +#define CC_NV_DefineSpace CC_YES +#endif +#ifndef CC_NV_Extend +#define CC_NV_Extend CC_YES +#endif +#ifndef CC_NV_GlobalWriteLock +#define CC_NV_GlobalWriteLock CC_YES +#endif +#ifndef CC_NV_Increment +#define CC_NV_Increment CC_YES +#endif +#ifndef CC_NV_Read +#define CC_NV_Read CC_YES +#endif +#ifndef CC_NV_ReadLock +#define CC_NV_ReadLock CC_YES +#endif +#ifndef CC_NV_ReadPublic +#define CC_NV_ReadPublic CC_YES +#endif +#ifndef CC_NV_SetBits +#define CC_NV_SetBits CC_YES +#endif +#ifndef CC_NV_UndefineSpace +#define CC_NV_UndefineSpace CC_YES +#endif +#ifndef CC_NV_UndefineSpaceSpecial +#define CC_NV_UndefineSpaceSpecial CC_YES +#endif +#ifndef CC_NV_Write +#define CC_NV_Write CC_YES +#endif +#ifndef CC_NV_WriteLock +#define CC_NV_WriteLock CC_YES +#endif +#ifndef CC_ObjectChangeAuth +#define CC_ObjectChangeAuth CC_YES +#endif +#ifndef CC_PCR_Allocate +#define CC_PCR_Allocate CC_YES +#endif +#ifndef CC_PCR_Event +#define CC_PCR_Event CC_YES +#endif +#ifndef CC_PCR_Extend +#define CC_PCR_Extend CC_YES +#endif +#ifndef CC_PCR_Read +#define CC_PCR_Read CC_YES +#endif +#ifndef CC_PCR_Reset +#define CC_PCR_Reset CC_YES +#endif +#ifndef CC_PCR_SetAuthPolicy +#define CC_PCR_SetAuthPolicy CC_YES +#endif +#ifndef CC_PCR_SetAuthValue +#define CC_PCR_SetAuthValue CC_YES +#endif +#ifndef CC_PP_Commands +#define CC_PP_Commands CC_YES +#endif +#ifndef CC_PolicyAuthValue +#define CC_PolicyAuthValue CC_YES +#endif +#ifndef CC_PolicyAuthorize +#define CC_PolicyAuthorize CC_YES +#endif +#ifndef CC_PolicyAuthorizeNV +#define CC_PolicyAuthorizeNV CC_YES +#endif +#ifndef CC_PolicyCommandCode +#define CC_PolicyCommandCode CC_YES +#endif +#ifndef CC_PolicyCounterTimer +#define CC_PolicyCounterTimer CC_YES +#endif +#ifndef CC_PolicyCpHash +#define CC_PolicyCpHash CC_YES +#endif +#ifndef CC_PolicyDuplicationSelect +#define CC_PolicyDuplicationSelect CC_YES +#endif +#ifndef CC_PolicyGetDigest +#define CC_PolicyGetDigest CC_YES +#endif +#ifndef CC_PolicyLocality +#define CC_PolicyLocality CC_YES +#endif +#ifndef CC_PolicyNV +#define CC_PolicyNV CC_YES +#endif +#ifndef CC_PolicyNameHash +#define CC_PolicyNameHash CC_YES +#endif +#ifndef CC_PolicyNvWritten +#define CC_PolicyNvWritten CC_YES +#endif +#ifndef CC_PolicyOR +#define CC_PolicyOR CC_YES +#endif +#ifndef CC_PolicyPCR +#define CC_PolicyPCR CC_YES +#endif +#ifndef CC_PolicyPassword +#define CC_PolicyPassword CC_YES +#endif +#ifndef CC_PolicyPhysicalPresence +#define CC_PolicyPhysicalPresence CC_YES +#endif +#ifndef CC_PolicyRestart +#define CC_PolicyRestart CC_YES +#endif +#ifndef CC_PolicySecret +#define CC_PolicySecret CC_YES +#endif +#ifndef CC_PolicySigned +#define CC_PolicySigned CC_YES +#endif +#ifndef CC_PolicyTemplate +#define CC_PolicyTemplate CC_YES +#endif +#ifndef CC_PolicyTicket +#define CC_PolicyTicket CC_YES +#endif +#ifndef CC_Policy_AC_SendSelect +#define CC_Policy_AC_SendSelect CC_YES +#endif +#ifndef CC_Quote +#define CC_Quote CC_YES +#endif +#ifndef CC_RSA_Decrypt +#define CC_RSA_Decrypt (CC_YES && ALG_RSA) +#endif +#ifndef CC_RSA_Encrypt +#define CC_RSA_Encrypt (CC_YES && ALG_RSA) +#endif +#ifndef CC_ReadClock +#define CC_ReadClock CC_YES +#endif +#ifndef CC_ReadPublic +#define CC_ReadPublic CC_YES +#endif +#ifndef CC_Rewrap +#define CC_Rewrap CC_YES +#endif +#ifndef CC_SelfTest +#define CC_SelfTest CC_YES +#endif +#ifndef CC_SequenceComplete +#define CC_SequenceComplete CC_YES +#endif +#ifndef CC_SequenceUpdate +#define CC_SequenceUpdate CC_YES +#endif +#ifndef CC_SetAlgorithmSet +#define CC_SetAlgorithmSet CC_YES +#endif +#ifndef CC_SetCommandCodeAuditStatus +#define CC_SetCommandCodeAuditStatus CC_YES +#endif +#ifndef CC_SetPrimaryPolicy +#define CC_SetPrimaryPolicy CC_YES +#endif +#ifndef CC_Shutdown +#define CC_Shutdown CC_YES +#endif +#ifndef CC_Sign +#define CC_Sign CC_YES +#endif +#ifndef CC_StartAuthSession +#define CC_StartAuthSession CC_YES +#endif +#ifndef CC_Startup +#define CC_Startup CC_YES +#endif +#ifndef CC_StirRandom +#define CC_StirRandom CC_YES +#endif +#ifndef CC_TestParms +#define CC_TestParms CC_YES +#endif +#ifndef CC_Unseal +#define CC_Unseal CC_YES +#endif +#ifndef CC_Vendor_TCG_Test +#define CC_Vendor_TCG_Test CC_YES +#endif +#ifndef CC_VerifySignature +#define CC_VerifySignature CC_YES +#endif +#ifndef CC_ZGen_2Phase +#define CC_ZGen_2Phase (CC_YES && ALG_ECC) +#endif + + +#endif // _TPM_PROFILE_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/TpmTypes.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/TpmTypes.h new file mode 100644 index 000000000..aefcdf280 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/TpmTypes.h @@ -0,0 +1,2374 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Apr 10, 2019 Time: 03:21:33PM + */ + +#ifndef _TPM_TYPES_H_ +#define _TPM_TYPES_H_ + +// Table 1:2 - Definition of TPM_ALG_ID Constants +typedef UINT16 TPM_ALG_ID; +#define TYPE_OF_TPM_ALG_ID UINT16 +#define ALG_ERROR_VALUE 0x0000 +#define TPM_ALG_ERROR (TPM_ALG_ID)(ALG_ERROR_VALUE) +#define ALG_RSA_VALUE 0x0001 +#define TPM_ALG_RSA (TPM_ALG_ID)(ALG_RSA_VALUE) +#define ALG_TDES_VALUE 0x0003 +#define TPM_ALG_TDES (TPM_ALG_ID)(ALG_TDES_VALUE) +#define ALG_SHA_VALUE 0x0004 +#define TPM_ALG_SHA (TPM_ALG_ID)(ALG_SHA_VALUE) +#define ALG_SHA1_VALUE 0x0004 +#define TPM_ALG_SHA1 (TPM_ALG_ID)(ALG_SHA1_VALUE) +#define ALG_HMAC_VALUE 0x0005 +#define TPM_ALG_HMAC (TPM_ALG_ID)(ALG_HMAC_VALUE) +#define ALG_AES_VALUE 0x0006 +#define TPM_ALG_AES (TPM_ALG_ID)(ALG_AES_VALUE) +#define ALG_MGF1_VALUE 0x0007 +#define TPM_ALG_MGF1 (TPM_ALG_ID)(ALG_MGF1_VALUE) +#define ALG_KEYEDHASH_VALUE 0x0008 +#define TPM_ALG_KEYEDHASH (TPM_ALG_ID)(ALG_KEYEDHASH_VALUE) +#define ALG_XOR_VALUE 0x000A +#define TPM_ALG_XOR (TPM_ALG_ID)(ALG_XOR_VALUE) +#define ALG_SHA256_VALUE 0x000B +#define TPM_ALG_SHA256 (TPM_ALG_ID)(ALG_SHA256_VALUE) +#define ALG_SHA384_VALUE 0x000C +#define TPM_ALG_SHA384 (TPM_ALG_ID)(ALG_SHA384_VALUE) +#define ALG_SHA512_VALUE 0x000D +#define TPM_ALG_SHA512 (TPM_ALG_ID)(ALG_SHA512_VALUE) +#define ALG_NULL_VALUE 0x0010 +#define TPM_ALG_NULL (TPM_ALG_ID)(ALG_NULL_VALUE) +#define ALG_SM3_256_VALUE 0x0012 +#define TPM_ALG_SM3_256 (TPM_ALG_ID)(ALG_SM3_256_VALUE) +#define ALG_SM4_VALUE 0x0013 +#define TPM_ALG_SM4 (TPM_ALG_ID)(ALG_SM4_VALUE) +#define ALG_RSASSA_VALUE 0x0014 +#define TPM_ALG_RSASSA (TPM_ALG_ID)(ALG_RSASSA_VALUE) +#define ALG_RSAES_VALUE 0x0015 +#define TPM_ALG_RSAES (TPM_ALG_ID)(ALG_RSAES_VALUE) +#define ALG_RSAPSS_VALUE 0x0016 +#define TPM_ALG_RSAPSS (TPM_ALG_ID)(ALG_RSAPSS_VALUE) +#define ALG_OAEP_VALUE 0x0017 +#define TPM_ALG_OAEP (TPM_ALG_ID)(ALG_OAEP_VALUE) +#define ALG_ECDSA_VALUE 0x0018 +#define TPM_ALG_ECDSA (TPM_ALG_ID)(ALG_ECDSA_VALUE) +#define ALG_ECDH_VALUE 0x0019 +#define TPM_ALG_ECDH (TPM_ALG_ID)(ALG_ECDH_VALUE) +#define ALG_ECDAA_VALUE 0x001A +#define TPM_ALG_ECDAA (TPM_ALG_ID)(ALG_ECDAA_VALUE) +#define ALG_SM2_VALUE 0x001B +#define TPM_ALG_SM2 (TPM_ALG_ID)(ALG_SM2_VALUE) +#define ALG_ECSCHNORR_VALUE 0x001C +#define TPM_ALG_ECSCHNORR (TPM_ALG_ID)(ALG_ECSCHNORR_VALUE) +#define ALG_ECMQV_VALUE 0x001D +#define TPM_ALG_ECMQV (TPM_ALG_ID)(ALG_ECMQV_VALUE) +#define ALG_KDF1_SP800_56A_VALUE 0x0020 +#define TPM_ALG_KDF1_SP800_56A (TPM_ALG_ID)(ALG_KDF1_SP800_56A_VALUE) +#define ALG_KDF2_VALUE 0x0021 +#define TPM_ALG_KDF2 (TPM_ALG_ID)(ALG_KDF2_VALUE) +#define ALG_KDF1_SP800_108_VALUE 0x0022 +#define TPM_ALG_KDF1_SP800_108 (TPM_ALG_ID)(ALG_KDF1_SP800_108_VALUE) +#define ALG_ECC_VALUE 0x0023 +#define TPM_ALG_ECC (TPM_ALG_ID)(ALG_ECC_VALUE) +#define ALG_SYMCIPHER_VALUE 0x0025 +#define TPM_ALG_SYMCIPHER (TPM_ALG_ID)(ALG_SYMCIPHER_VALUE) +#define ALG_CAMELLIA_VALUE 0x0026 +#define TPM_ALG_CAMELLIA (TPM_ALG_ID)(ALG_CAMELLIA_VALUE) +#define ALG_SHA3_256_VALUE 0x0027 +#define TPM_ALG_SHA3_256 (TPM_ALG_ID)(ALG_SHA3_256_VALUE) +#define ALG_SHA3_384_VALUE 0x0028 +#define TPM_ALG_SHA3_384 (TPM_ALG_ID)(ALG_SHA3_384_VALUE) +#define ALG_SHA3_512_VALUE 0x0029 +#define TPM_ALG_SHA3_512 (TPM_ALG_ID)(ALG_SHA3_512_VALUE) +#define ALG_CMAC_VALUE 0x003F +#define TPM_ALG_CMAC (TPM_ALG_ID)(ALG_CMAC_VALUE) +#define ALG_CTR_VALUE 0x0040 +#define TPM_ALG_CTR (TPM_ALG_ID)(ALG_CTR_VALUE) +#define ALG_OFB_VALUE 0x0041 +#define TPM_ALG_OFB (TPM_ALG_ID)(ALG_OFB_VALUE) +#define ALG_CBC_VALUE 0x0042 +#define TPM_ALG_CBC (TPM_ALG_ID)(ALG_CBC_VALUE) +#define ALG_CFB_VALUE 0x0043 +#define TPM_ALG_CFB (TPM_ALG_ID)(ALG_CFB_VALUE) +#define ALG_ECB_VALUE 0x0044 +#define TPM_ALG_ECB (TPM_ALG_ID)(ALG_ECB_VALUE) +// Values derived from Table 1:2 +#define ALG_FIRST_VALUE 0x0001 +#define TPM_ALG_FIRST (TPM_ALG_ID)(ALG_FIRST_VALUE) +#define ALG_LAST_VALUE 0x0044 +#define TPM_ALG_LAST (TPM_ALG_ID)(ALG_LAST_VALUE) + +// Table 1:3 - Definition of TPM_ECC_CURVE Constants +typedef UINT16 TPM_ECC_CURVE; +#define TYPE_OF_TPM_ECC_CURVE UINT16 +#define TPM_ECC_NONE (TPM_ECC_CURVE)(0x0000) +#define TPM_ECC_NIST_P192 (TPM_ECC_CURVE)(0x0001) +#define TPM_ECC_NIST_P224 (TPM_ECC_CURVE)(0x0002) +#define TPM_ECC_NIST_P256 (TPM_ECC_CURVE)(0x0003) +#define TPM_ECC_NIST_P384 (TPM_ECC_CURVE)(0x0004) +#define TPM_ECC_NIST_P521 (TPM_ECC_CURVE)(0x0005) +#define TPM_ECC_BN_P256 (TPM_ECC_CURVE)(0x0010) +#define TPM_ECC_BN_P638 (TPM_ECC_CURVE)(0x0011) +#define TPM_ECC_SM2_P256 (TPM_ECC_CURVE)(0x0020) + +// Table 2:12 - Definition of TPM_CC Constants +typedef UINT32 TPM_CC; +#define TYPE_OF_TPM_CC UINT32 +#define TPM_CC_NV_UndefineSpaceSpecial (TPM_CC)(0x0000011F) +#define TPM_CC_EvictControl (TPM_CC)(0x00000120) +#define TPM_CC_HierarchyControl (TPM_CC)(0x00000121) +#define TPM_CC_NV_UndefineSpace (TPM_CC)(0x00000122) +#define TPM_CC_ChangeEPS (TPM_CC)(0x00000124) +#define TPM_CC_ChangePPS (TPM_CC)(0x00000125) +#define TPM_CC_Clear (TPM_CC)(0x00000126) +#define TPM_CC_ClearControl (TPM_CC)(0x00000127) +#define TPM_CC_ClockSet (TPM_CC)(0x00000128) +#define TPM_CC_HierarchyChangeAuth (TPM_CC)(0x00000129) +#define TPM_CC_NV_DefineSpace (TPM_CC)(0x0000012A) +#define TPM_CC_PCR_Allocate (TPM_CC)(0x0000012B) +#define TPM_CC_PCR_SetAuthPolicy (TPM_CC)(0x0000012C) +#define TPM_CC_PP_Commands (TPM_CC)(0x0000012D) +#define TPM_CC_SetPrimaryPolicy (TPM_CC)(0x0000012E) +#define TPM_CC_FieldUpgradeStart (TPM_CC)(0x0000012F) +#define TPM_CC_ClockRateAdjust (TPM_CC)(0x00000130) +#define TPM_CC_CreatePrimary (TPM_CC)(0x00000131) +#define TPM_CC_NV_GlobalWriteLock (TPM_CC)(0x00000132) +#define TPM_CC_GetCommandAuditDigest (TPM_CC)(0x00000133) +#define TPM_CC_NV_Increment (TPM_CC)(0x00000134) +#define TPM_CC_NV_SetBits (TPM_CC)(0x00000135) +#define TPM_CC_NV_Extend (TPM_CC)(0x00000136) +#define TPM_CC_NV_Write (TPM_CC)(0x00000137) +#define TPM_CC_NV_WriteLock (TPM_CC)(0x00000138) +#define TPM_CC_DictionaryAttackLockReset (TPM_CC)(0x00000139) +#define TPM_CC_DictionaryAttackParameters (TPM_CC)(0x0000013A) +#define TPM_CC_NV_ChangeAuth (TPM_CC)(0x0000013B) +#define TPM_CC_PCR_Event (TPM_CC)(0x0000013C) +#define TPM_CC_PCR_Reset (TPM_CC)(0x0000013D) +#define TPM_CC_SequenceComplete (TPM_CC)(0x0000013E) +#define TPM_CC_SetAlgorithmSet (TPM_CC)(0x0000013F) +#define TPM_CC_SetCommandCodeAuditStatus (TPM_CC)(0x00000140) +#define TPM_CC_FieldUpgradeData (TPM_CC)(0x00000141) +#define TPM_CC_IncrementalSelfTest (TPM_CC)(0x00000142) +#define TPM_CC_SelfTest (TPM_CC)(0x00000143) +#define TPM_CC_Startup (TPM_CC)(0x00000144) +#define TPM_CC_Shutdown (TPM_CC)(0x00000145) +#define TPM_CC_StirRandom (TPM_CC)(0x00000146) +#define TPM_CC_ActivateCredential (TPM_CC)(0x00000147) +#define TPM_CC_Certify (TPM_CC)(0x00000148) +#define TPM_CC_PolicyNV (TPM_CC)(0x00000149) +#define TPM_CC_CertifyCreation (TPM_CC)(0x0000014A) +#define TPM_CC_Duplicate (TPM_CC)(0x0000014B) +#define TPM_CC_GetTime (TPM_CC)(0x0000014C) +#define TPM_CC_GetSessionAuditDigest (TPM_CC)(0x0000014D) +#define TPM_CC_NV_Read (TPM_CC)(0x0000014E) +#define TPM_CC_NV_ReadLock (TPM_CC)(0x0000014F) +#define TPM_CC_ObjectChangeAuth (TPM_CC)(0x00000150) +#define TPM_CC_PolicySecret (TPM_CC)(0x00000151) +#define TPM_CC_Rewrap (TPM_CC)(0x00000152) +#define TPM_CC_Create (TPM_CC)(0x00000153) +#define TPM_CC_ECDH_ZGen (TPM_CC)(0x00000154) +#define TPM_CC_HMAC (TPM_CC)(0x00000155) +#define TPM_CC_MAC (TPM_CC)(0x00000155) +#define TPM_CC_Import (TPM_CC)(0x00000156) +#define TPM_CC_Load (TPM_CC)(0x00000157) +#define TPM_CC_Quote (TPM_CC)(0x00000158) +#define TPM_CC_RSA_Decrypt (TPM_CC)(0x00000159) +#define TPM_CC_HMAC_Start (TPM_CC)(0x0000015B) +#define TPM_CC_MAC_Start (TPM_CC)(0x0000015B) +#define TPM_CC_SequenceUpdate (TPM_CC)(0x0000015C) +#define TPM_CC_Sign (TPM_CC)(0x0000015D) +#define TPM_CC_Unseal (TPM_CC)(0x0000015E) +#define TPM_CC_PolicySigned (TPM_CC)(0x00000160) +#define TPM_CC_ContextLoad (TPM_CC)(0x00000161) +#define TPM_CC_ContextSave (TPM_CC)(0x00000162) +#define TPM_CC_ECDH_KeyGen (TPM_CC)(0x00000163) +#define TPM_CC_EncryptDecrypt (TPM_CC)(0x00000164) +#define TPM_CC_FlushContext (TPM_CC)(0x00000165) +#define TPM_CC_LoadExternal (TPM_CC)(0x00000167) +#define TPM_CC_MakeCredential (TPM_CC)(0x00000168) +#define TPM_CC_NV_ReadPublic (TPM_CC)(0x00000169) +#define TPM_CC_PolicyAuthorize (TPM_CC)(0x0000016A) +#define TPM_CC_PolicyAuthValue (TPM_CC)(0x0000016B) +#define TPM_CC_PolicyCommandCode (TPM_CC)(0x0000016C) +#define TPM_CC_PolicyCounterTimer (TPM_CC)(0x0000016D) +#define TPM_CC_PolicyCpHash (TPM_CC)(0x0000016E) +#define TPM_CC_PolicyLocality (TPM_CC)(0x0000016F) +#define TPM_CC_PolicyNameHash (TPM_CC)(0x00000170) +#define TPM_CC_PolicyOR (TPM_CC)(0x00000171) +#define TPM_CC_PolicyTicket (TPM_CC)(0x00000172) +#define TPM_CC_ReadPublic (TPM_CC)(0x00000173) +#define TPM_CC_RSA_Encrypt (TPM_CC)(0x00000174) +#define TPM_CC_StartAuthSession (TPM_CC)(0x00000176) +#define TPM_CC_VerifySignature (TPM_CC)(0x00000177) +#define TPM_CC_ECC_Parameters (TPM_CC)(0x00000178) +#define TPM_CC_FirmwareRead (TPM_CC)(0x00000179) +#define TPM_CC_GetCapability (TPM_CC)(0x0000017A) +#define TPM_CC_GetRandom (TPM_CC)(0x0000017B) +#define TPM_CC_GetTestResult (TPM_CC)(0x0000017C) +#define TPM_CC_Hash (TPM_CC)(0x0000017D) +#define TPM_CC_PCR_Read (TPM_CC)(0x0000017E) +#define TPM_CC_PolicyPCR (TPM_CC)(0x0000017F) +#define TPM_CC_PolicyRestart (TPM_CC)(0x00000180) +#define TPM_CC_ReadClock (TPM_CC)(0x00000181) +#define TPM_CC_PCR_Extend (TPM_CC)(0x00000182) +#define TPM_CC_PCR_SetAuthValue (TPM_CC)(0x00000183) +#define TPM_CC_NV_Certify (TPM_CC)(0x00000184) +#define TPM_CC_EventSequenceComplete (TPM_CC)(0x00000185) +#define TPM_CC_HashSequenceStart (TPM_CC)(0x00000186) +#define TPM_CC_PolicyPhysicalPresence (TPM_CC)(0x00000187) +#define TPM_CC_PolicyDuplicationSelect (TPM_CC)(0x00000188) +#define TPM_CC_PolicyGetDigest (TPM_CC)(0x00000189) +#define TPM_CC_TestParms (TPM_CC)(0x0000018A) +#define TPM_CC_Commit (TPM_CC)(0x0000018B) +#define TPM_CC_PolicyPassword (TPM_CC)(0x0000018C) +#define TPM_CC_ZGen_2Phase (TPM_CC)(0x0000018D) +#define TPM_CC_EC_Ephemeral (TPM_CC)(0x0000018E) +#define TPM_CC_PolicyNvWritten (TPM_CC)(0x0000018F) +#define TPM_CC_PolicyTemplate (TPM_CC)(0x00000190) +#define TPM_CC_CreateLoaded (TPM_CC)(0x00000191) +#define TPM_CC_PolicyAuthorizeNV (TPM_CC)(0x00000192) +#define TPM_CC_EncryptDecrypt2 (TPM_CC)(0x00000193) +#define TPM_CC_AC_GetCapability (TPM_CC)(0x00000194) +#define TPM_CC_AC_Send (TPM_CC)(0x00000195) +#define TPM_CC_Policy_AC_SendSelect (TPM_CC)(0x00000196) +#define TPM_CC_CertifyX509 (TPM_CC)(0x00000197) +#define CC_VEND 0x20000000 +#define TPM_CC_Vendor_TCG_Test (TPM_CC)(0x20000000) + +// Table 2:5 - Definition of Types for Documentation Clarity +typedef UINT32 TPM_ALGORITHM_ID; +#define TYPE_OF_TPM_ALGORITHM_ID UINT32 +typedef UINT32 TPM_MODIFIER_INDICATOR; +#define TYPE_OF_TPM_MODIFIER_INDICATOR UINT32 +typedef UINT32 TPM_AUTHORIZATION_SIZE; +#define TYPE_OF_TPM_AUTHORIZATION_SIZE UINT32 +typedef UINT32 TPM_PARAMETER_SIZE; +#define TYPE_OF_TPM_PARAMETER_SIZE UINT32 +typedef UINT16 TPM_KEY_SIZE; +#define TYPE_OF_TPM_KEY_SIZE UINT16 +typedef UINT16 TPM_KEY_BITS; +#define TYPE_OF_TPM_KEY_BITS UINT16 + +// Table 2:6 - Definition of TPM_SPEC Constants +typedef UINT32 TPM_SPEC; +#define TYPE_OF_TPM_SPEC UINT32 +#define SPEC_FAMILY 0x322E3000 +#define TPM_SPEC_FAMILY (TPM_SPEC)(SPEC_FAMILY) +#define SPEC_LEVEL 00 +#define TPM_SPEC_LEVEL (TPM_SPEC)(SPEC_LEVEL) +#define SPEC_VERSION 154 +#define TPM_SPEC_VERSION (TPM_SPEC)(SPEC_VERSION) +#define SPEC_YEAR 2019 +#define TPM_SPEC_YEAR (TPM_SPEC)(SPEC_YEAR) +#define SPEC_DAY_OF_YEAR 81 +#define TPM_SPEC_DAY_OF_YEAR (TPM_SPEC)(SPEC_DAY_OF_YEAR) + +// Table 2:7 - Definition of TPM_GENERATED Constants +typedef UINT32 TPM_GENERATED; +#define TYPE_OF_TPM_GENERATED UINT32 +#define TPM_GENERATED_VALUE (TPM_GENERATED)(0xFF544347) + +// Table 2:16 - Definition of TPM_RC Constants +typedef UINT32 TPM_RC; +#define TYPE_OF_TPM_RC UINT32 +#define TPM_RC_SUCCESS (TPM_RC)(0x000) +#define TPM_RC_BAD_TAG (TPM_RC)(0x01E) +#define RC_VER1 (TPM_RC)(0x100) +#define TPM_RC_INITIALIZE (TPM_RC)(RC_VER1+0x000) +#define TPM_RC_FAILURE (TPM_RC)(RC_VER1+0x001) +#define TPM_RC_SEQUENCE (TPM_RC)(RC_VER1+0x003) +#define TPM_RC_PRIVATE (TPM_RC)(RC_VER1+0x00B) +#define TPM_RC_HMAC (TPM_RC)(RC_VER1+0x019) +#define TPM_RC_DISABLED (TPM_RC)(RC_VER1+0x020) +#define TPM_RC_EXCLUSIVE (TPM_RC)(RC_VER1+0x021) +#define TPM_RC_AUTH_TYPE (TPM_RC)(RC_VER1+0x024) +#define TPM_RC_AUTH_MISSING (TPM_RC)(RC_VER1+0x025) +#define TPM_RC_POLICY (TPM_RC)(RC_VER1+0x026) +#define TPM_RC_PCR (TPM_RC)(RC_VER1+0x027) +#define TPM_RC_PCR_CHANGED (TPM_RC)(RC_VER1+0x028) +#define TPM_RC_UPGRADE (TPM_RC)(RC_VER1+0x02D) +#define TPM_RC_TOO_MANY_CONTEXTS (TPM_RC)(RC_VER1+0x02E) +#define TPM_RC_AUTH_UNAVAILABLE (TPM_RC)(RC_VER1+0x02F) +#define TPM_RC_REBOOT (TPM_RC)(RC_VER1+0x030) +#define TPM_RC_UNBALANCED (TPM_RC)(RC_VER1+0x031) +#define TPM_RC_COMMAND_SIZE (TPM_RC)(RC_VER1+0x042) +#define TPM_RC_COMMAND_CODE (TPM_RC)(RC_VER1+0x043) +#define TPM_RC_AUTHSIZE (TPM_RC)(RC_VER1+0x044) +#define TPM_RC_AUTH_CONTEXT (TPM_RC)(RC_VER1+0x045) +#define TPM_RC_NV_RANGE (TPM_RC)(RC_VER1+0x046) +#define TPM_RC_NV_SIZE (TPM_RC)(RC_VER1+0x047) +#define TPM_RC_NV_LOCKED (TPM_RC)(RC_VER1+0x048) +#define TPM_RC_NV_AUTHORIZATION (TPM_RC)(RC_VER1+0x049) +#define TPM_RC_NV_UNINITIALIZED (TPM_RC)(RC_VER1+0x04A) +#define TPM_RC_NV_SPACE (TPM_RC)(RC_VER1+0x04B) +#define TPM_RC_NV_DEFINED (TPM_RC)(RC_VER1+0x04C) +#define TPM_RC_BAD_CONTEXT (TPM_RC)(RC_VER1+0x050) +#define TPM_RC_CPHASH (TPM_RC)(RC_VER1+0x051) +#define TPM_RC_PARENT (TPM_RC)(RC_VER1+0x052) +#define TPM_RC_NEEDS_TEST (TPM_RC)(RC_VER1+0x053) +#define TPM_RC_NO_RESULT (TPM_RC)(RC_VER1+0x054) +#define TPM_RC_SENSITIVE (TPM_RC)(RC_VER1+0x055) +#define RC_MAX_FM0 (TPM_RC)(RC_VER1+0x07F) +#define RC_FMT1 (TPM_RC)(0x080) +#define TPM_RC_ASYMMETRIC (TPM_RC)(RC_FMT1+0x001) +#define TPM_RCS_ASYMMETRIC (TPM_RC)(RC_FMT1+0x001) +#define TPM_RC_ATTRIBUTES (TPM_RC)(RC_FMT1+0x002) +#define TPM_RCS_ATTRIBUTES (TPM_RC)(RC_FMT1+0x002) +#define TPM_RC_HASH (TPM_RC)(RC_FMT1+0x003) +#define TPM_RCS_HASH (TPM_RC)(RC_FMT1+0x003) +#define TPM_RC_VALUE (TPM_RC)(RC_FMT1+0x004) +#define TPM_RCS_VALUE (TPM_RC)(RC_FMT1+0x004) +#define TPM_RC_HIERARCHY (TPM_RC)(RC_FMT1+0x005) +#define TPM_RCS_HIERARCHY (TPM_RC)(RC_FMT1+0x005) +#define TPM_RC_KEY_SIZE (TPM_RC)(RC_FMT1+0x007) +#define TPM_RCS_KEY_SIZE (TPM_RC)(RC_FMT1+0x007) +#define TPM_RC_MGF (TPM_RC)(RC_FMT1+0x008) +#define TPM_RCS_MGF (TPM_RC)(RC_FMT1+0x008) +#define TPM_RC_MODE (TPM_RC)(RC_FMT1+0x009) +#define TPM_RCS_MODE (TPM_RC)(RC_FMT1+0x009) +#define TPM_RC_TYPE (TPM_RC)(RC_FMT1+0x00A) +#define TPM_RCS_TYPE (TPM_RC)(RC_FMT1+0x00A) +#define TPM_RC_HANDLE (TPM_RC)(RC_FMT1+0x00B) +#define TPM_RCS_HANDLE (TPM_RC)(RC_FMT1+0x00B) +#define TPM_RC_KDF (TPM_RC)(RC_FMT1+0x00C) +#define TPM_RCS_KDF (TPM_RC)(RC_FMT1+0x00C) +#define TPM_RC_RANGE (TPM_RC)(RC_FMT1+0x00D) +#define TPM_RCS_RANGE (TPM_RC)(RC_FMT1+0x00D) +#define TPM_RC_AUTH_FAIL (TPM_RC)(RC_FMT1+0x00E) +#define TPM_RCS_AUTH_FAIL (TPM_RC)(RC_FMT1+0x00E) +#define TPM_RC_NONCE (TPM_RC)(RC_FMT1+0x00F) +#define TPM_RCS_NONCE (TPM_RC)(RC_FMT1+0x00F) +#define TPM_RC_PP (TPM_RC)(RC_FMT1+0x010) +#define TPM_RCS_PP (TPM_RC)(RC_FMT1+0x010) +#define TPM_RC_SCHEME (TPM_RC)(RC_FMT1+0x012) +#define TPM_RCS_SCHEME (TPM_RC)(RC_FMT1+0x012) +#define TPM_RC_SIZE (TPM_RC)(RC_FMT1+0x015) +#define TPM_RCS_SIZE (TPM_RC)(RC_FMT1+0x015) +#define TPM_RC_SYMMETRIC (TPM_RC)(RC_FMT1+0x016) +#define TPM_RCS_SYMMETRIC (TPM_RC)(RC_FMT1+0x016) +#define TPM_RC_TAG (TPM_RC)(RC_FMT1+0x017) +#define TPM_RCS_TAG (TPM_RC)(RC_FMT1+0x017) +#define TPM_RC_SELECTOR (TPM_RC)(RC_FMT1+0x018) +#define TPM_RCS_SELECTOR (TPM_RC)(RC_FMT1+0x018) +#define TPM_RC_INSUFFICIENT (TPM_RC)(RC_FMT1+0x01A) +#define TPM_RCS_INSUFFICIENT (TPM_RC)(RC_FMT1+0x01A) +#define TPM_RC_SIGNATURE (TPM_RC)(RC_FMT1+0x01B) +#define TPM_RCS_SIGNATURE (TPM_RC)(RC_FMT1+0x01B) +#define TPM_RC_KEY (TPM_RC)(RC_FMT1+0x01C) +#define TPM_RCS_KEY (TPM_RC)(RC_FMT1+0x01C) +#define TPM_RC_POLICY_FAIL (TPM_RC)(RC_FMT1+0x01D) +#define TPM_RCS_POLICY_FAIL (TPM_RC)(RC_FMT1+0x01D) +#define TPM_RC_INTEGRITY (TPM_RC)(RC_FMT1+0x01F) +#define TPM_RCS_INTEGRITY (TPM_RC)(RC_FMT1+0x01F) +#define TPM_RC_TICKET (TPM_RC)(RC_FMT1+0x020) +#define TPM_RCS_TICKET (TPM_RC)(RC_FMT1+0x020) +#define TPM_RC_RESERVED_BITS (TPM_RC)(RC_FMT1+0x021) +#define TPM_RCS_RESERVED_BITS (TPM_RC)(RC_FMT1+0x021) +#define TPM_RC_BAD_AUTH (TPM_RC)(RC_FMT1+0x022) +#define TPM_RCS_BAD_AUTH (TPM_RC)(RC_FMT1+0x022) +#define TPM_RC_EXPIRED (TPM_RC)(RC_FMT1+0x023) +#define TPM_RCS_EXPIRED (TPM_RC)(RC_FMT1+0x023) +#define TPM_RC_POLICY_CC (TPM_RC)(RC_FMT1+0x024) +#define TPM_RCS_POLICY_CC (TPM_RC)(RC_FMT1+0x024) +#define TPM_RC_BINDING (TPM_RC)(RC_FMT1+0x025) +#define TPM_RCS_BINDING (TPM_RC)(RC_FMT1+0x025) +#define TPM_RC_CURVE (TPM_RC)(RC_FMT1+0x026) +#define TPM_RCS_CURVE (TPM_RC)(RC_FMT1+0x026) +#define TPM_RC_ECC_POINT (TPM_RC)(RC_FMT1+0x027) +#define TPM_RCS_ECC_POINT (TPM_RC)(RC_FMT1+0x027) +#define RC_WARN (TPM_RC)(0x900) +#define TPM_RC_CONTEXT_GAP (TPM_RC)(RC_WARN+0x001) +#define TPM_RC_OBJECT_MEMORY (TPM_RC)(RC_WARN+0x002) +#define TPM_RC_SESSION_MEMORY (TPM_RC)(RC_WARN+0x003) +#define TPM_RC_MEMORY (TPM_RC)(RC_WARN+0x004) +#define TPM_RC_SESSION_HANDLES (TPM_RC)(RC_WARN+0x005) +#define TPM_RC_OBJECT_HANDLES (TPM_RC)(RC_WARN+0x006) +#define TPM_RC_LOCALITY (TPM_RC)(RC_WARN+0x007) +#define TPM_RC_YIELDED (TPM_RC)(RC_WARN+0x008) +#define TPM_RC_CANCELED (TPM_RC)(RC_WARN+0x009) +#define TPM_RC_TESTING (TPM_RC)(RC_WARN+0x00A) +#define TPM_RC_REFERENCE_H0 (TPM_RC)(RC_WARN+0x010) +#define TPM_RC_REFERENCE_H1 (TPM_RC)(RC_WARN+0x011) +#define TPM_RC_REFERENCE_H2 (TPM_RC)(RC_WARN+0x012) +#define TPM_RC_REFERENCE_H3 (TPM_RC)(RC_WARN+0x013) +#define TPM_RC_REFERENCE_H4 (TPM_RC)(RC_WARN+0x014) +#define TPM_RC_REFERENCE_H5 (TPM_RC)(RC_WARN+0x015) +#define TPM_RC_REFERENCE_H6 (TPM_RC)(RC_WARN+0x016) +#define TPM_RC_REFERENCE_S0 (TPM_RC)(RC_WARN+0x018) +#define TPM_RC_REFERENCE_S1 (TPM_RC)(RC_WARN+0x019) +#define TPM_RC_REFERENCE_S2 (TPM_RC)(RC_WARN+0x01A) +#define TPM_RC_REFERENCE_S3 (TPM_RC)(RC_WARN+0x01B) +#define TPM_RC_REFERENCE_S4 (TPM_RC)(RC_WARN+0x01C) +#define TPM_RC_REFERENCE_S5 (TPM_RC)(RC_WARN+0x01D) +#define TPM_RC_REFERENCE_S6 (TPM_RC)(RC_WARN+0x01E) +#define TPM_RC_NV_RATE (TPM_RC)(RC_WARN+0x020) +#define TPM_RC_LOCKOUT (TPM_RC)(RC_WARN+0x021) +#define TPM_RC_RETRY (TPM_RC)(RC_WARN+0x022) +#define TPM_RC_NV_UNAVAILABLE (TPM_RC)(RC_WARN+0x023) +#define TPM_RC_NOT_USED (TPM_RC)(RC_WARN+0x7F) +#define TPM_RC_H (TPM_RC)(0x000) +#define TPM_RC_P (TPM_RC)(0x040) +#define TPM_RC_S (TPM_RC)(0x800) +#define TPM_RC_1 (TPM_RC)(0x100) +#define TPM_RC_2 (TPM_RC)(0x200) +#define TPM_RC_3 (TPM_RC)(0x300) +#define TPM_RC_4 (TPM_RC)(0x400) +#define TPM_RC_5 (TPM_RC)(0x500) +#define TPM_RC_6 (TPM_RC)(0x600) +#define TPM_RC_7 (TPM_RC)(0x700) +#define TPM_RC_8 (TPM_RC)(0x800) +#define TPM_RC_9 (TPM_RC)(0x900) +#define TPM_RC_A (TPM_RC)(0xA00) +#define TPM_RC_B (TPM_RC)(0xB00) +#define TPM_RC_C (TPM_RC)(0xC00) +#define TPM_RC_D (TPM_RC)(0xD00) +#define TPM_RC_E (TPM_RC)(0xE00) +#define TPM_RC_F (TPM_RC)(0xF00) +#define TPM_RC_N_MASK (TPM_RC)(0xF00) + +// Table 2:17 - Definition of TPM_CLOCK_ADJUST Constants +typedef INT8 TPM_CLOCK_ADJUST; +#define TYPE_OF_TPM_CLOCK_ADJUST UINT8 +#define TPM_CLOCK_COARSE_SLOWER (TPM_CLOCK_ADJUST)(-3) +#define TPM_CLOCK_MEDIUM_SLOWER (TPM_CLOCK_ADJUST)(-2) +#define TPM_CLOCK_FINE_SLOWER (TPM_CLOCK_ADJUST)(-1) +#define TPM_CLOCK_NO_CHANGE (TPM_CLOCK_ADJUST)(0) +#define TPM_CLOCK_FINE_FASTER (TPM_CLOCK_ADJUST)(1) +#define TPM_CLOCK_MEDIUM_FASTER (TPM_CLOCK_ADJUST)(2) +#define TPM_CLOCK_COARSE_FASTER (TPM_CLOCK_ADJUST)(3) + +// Table 2:18 - Definition of TPM_EO Constants +typedef UINT16 TPM_EO; +#define TYPE_OF_TPM_EO UINT16 +#define TPM_EO_EQ (TPM_EO)(0x0000) +#define TPM_EO_NEQ (TPM_EO)(0x0001) +#define TPM_EO_SIGNED_GT (TPM_EO)(0x0002) +#define TPM_EO_UNSIGNED_GT (TPM_EO)(0x0003) +#define TPM_EO_SIGNED_LT (TPM_EO)(0x0004) +#define TPM_EO_UNSIGNED_LT (TPM_EO)(0x0005) +#define TPM_EO_SIGNED_GE (TPM_EO)(0x0006) +#define TPM_EO_UNSIGNED_GE (TPM_EO)(0x0007) +#define TPM_EO_SIGNED_LE (TPM_EO)(0x0008) +#define TPM_EO_UNSIGNED_LE (TPM_EO)(0x0009) +#define TPM_EO_BITSET (TPM_EO)(0x000A) +#define TPM_EO_BITCLEAR (TPM_EO)(0x000B) + +// Table 2:19 - Definition of TPM_ST Constants +typedef UINT16 TPM_ST; +#define TYPE_OF_TPM_ST UINT16 +#define TPM_ST_RSP_COMMAND (TPM_ST)(0x00C4) +#define TPM_ST_NULL (TPM_ST)(0x8000) +#define TPM_ST_NO_SESSIONS (TPM_ST)(0x8001) +#define TPM_ST_SESSIONS (TPM_ST)(0x8002) +#define TPM_ST_ATTEST_NV (TPM_ST)(0x8014) +#define TPM_ST_ATTEST_COMMAND_AUDIT (TPM_ST)(0x8015) +#define TPM_ST_ATTEST_SESSION_AUDIT (TPM_ST)(0x8016) +#define TPM_ST_ATTEST_CERTIFY (TPM_ST)(0x8017) +#define TPM_ST_ATTEST_QUOTE (TPM_ST)(0x8018) +#define TPM_ST_ATTEST_TIME (TPM_ST)(0x8019) +#define TPM_ST_ATTEST_CREATION (TPM_ST)(0x801A) +#define TPM_ST_ATTEST_NV_DIGEST (TPM_ST)(0x801C) +#define TPM_ST_CREATION (TPM_ST)(0x8021) +#define TPM_ST_VERIFIED (TPM_ST)(0x8022) +#define TPM_ST_AUTH_SECRET (TPM_ST)(0x8023) +#define TPM_ST_HASHCHECK (TPM_ST)(0x8024) +#define TPM_ST_AUTH_SIGNED (TPM_ST)(0x8025) +#define TPM_ST_FU_MANIFEST (TPM_ST)(0x8029) + +// Table 2:20 - Definition of TPM_SU Constants +typedef UINT16 TPM_SU; +#define TYPE_OF_TPM_SU UINT16 +#define TPM_SU_CLEAR (TPM_SU)(0x0000) +#define TPM_SU_STATE (TPM_SU)(0x0001) + +// Table 2:21 - Definition of TPM_SE Constants +typedef UINT8 TPM_SE; +#define TYPE_OF_TPM_SE UINT8 +#define TPM_SE_HMAC (TPM_SE)(0x00) +#define TPM_SE_POLICY (TPM_SE)(0x01) +#define TPM_SE_TRIAL (TPM_SE)(0x03) + +// Table 2:22 - Definition of TPM_CAP Constants +typedef UINT32 TPM_CAP; +#define TYPE_OF_TPM_CAP UINT32 +#define TPM_CAP_FIRST (TPM_CAP)(0x00000000) +#define TPM_CAP_ALGS (TPM_CAP)(0x00000000) +#define TPM_CAP_HANDLES (TPM_CAP)(0x00000001) +#define TPM_CAP_COMMANDS (TPM_CAP)(0x00000002) +#define TPM_CAP_PP_COMMANDS (TPM_CAP)(0x00000003) +#define TPM_CAP_AUDIT_COMMANDS (TPM_CAP)(0x00000004) +#define TPM_CAP_PCRS (TPM_CAP)(0x00000005) +#define TPM_CAP_TPM_PROPERTIES (TPM_CAP)(0x00000006) +#define TPM_CAP_PCR_PROPERTIES (TPM_CAP)(0x00000007) +#define TPM_CAP_ECC_CURVES (TPM_CAP)(0x00000008) +#define TPM_CAP_AUTH_POLICIES (TPM_CAP)(0x00000009) +#define TPM_CAP_LAST (TPM_CAP)(0x00000009) +#define TPM_CAP_VENDOR_PROPERTY (TPM_CAP)(0x00000100) + +// Table 2:23 - Definition of TPM_PT Constants +typedef UINT32 TPM_PT; +#define TYPE_OF_TPM_PT UINT32 +#define TPM_PT_NONE (TPM_PT)(0x00000000) +#define PT_GROUP (TPM_PT)(0x00000100) +#define PT_FIXED (TPM_PT)(PT_GROUP*1) +#define TPM_PT_FAMILY_INDICATOR (TPM_PT)(PT_FIXED+0) +#define TPM_PT_LEVEL (TPM_PT)(PT_FIXED+1) +#define TPM_PT_REVISION (TPM_PT)(PT_FIXED+2) +#define TPM_PT_DAY_OF_YEAR (TPM_PT)(PT_FIXED+3) +#define TPM_PT_YEAR (TPM_PT)(PT_FIXED+4) +#define TPM_PT_MANUFACTURER (TPM_PT)(PT_FIXED+5) +#define TPM_PT_VENDOR_STRING_1 (TPM_PT)(PT_FIXED+6) +#define TPM_PT_VENDOR_STRING_2 (TPM_PT)(PT_FIXED+7) +#define TPM_PT_VENDOR_STRING_3 (TPM_PT)(PT_FIXED+8) +#define TPM_PT_VENDOR_STRING_4 (TPM_PT)(PT_FIXED+9) +#define TPM_PT_VENDOR_TPM_TYPE (TPM_PT)(PT_FIXED+10) +#define TPM_PT_FIRMWARE_VERSION_1 (TPM_PT)(PT_FIXED+11) +#define TPM_PT_FIRMWARE_VERSION_2 (TPM_PT)(PT_FIXED+12) +#define TPM_PT_INPUT_BUFFER (TPM_PT)(PT_FIXED+13) +#define TPM_PT_HR_TRANSIENT_MIN (TPM_PT)(PT_FIXED+14) +#define TPM_PT_HR_PERSISTENT_MIN (TPM_PT)(PT_FIXED+15) +#define TPM_PT_HR_LOADED_MIN (TPM_PT)(PT_FIXED+16) +#define TPM_PT_ACTIVE_SESSIONS_MAX (TPM_PT)(PT_FIXED+17) +#define TPM_PT_PCR_COUNT (TPM_PT)(PT_FIXED+18) +#define TPM_PT_PCR_SELECT_MIN (TPM_PT)(PT_FIXED+19) +#define TPM_PT_CONTEXT_GAP_MAX (TPM_PT)(PT_FIXED+20) +#define TPM_PT_NV_COUNTERS_MAX (TPM_PT)(PT_FIXED+22) +#define TPM_PT_NV_INDEX_MAX (TPM_PT)(PT_FIXED+23) +#define TPM_PT_MEMORY (TPM_PT)(PT_FIXED+24) +#define TPM_PT_CLOCK_UPDATE (TPM_PT)(PT_FIXED+25) +#define TPM_PT_CONTEXT_HASH (TPM_PT)(PT_FIXED+26) +#define TPM_PT_CONTEXT_SYM (TPM_PT)(PT_FIXED+27) +#define TPM_PT_CONTEXT_SYM_SIZE (TPM_PT)(PT_FIXED+28) +#define TPM_PT_ORDERLY_COUNT (TPM_PT)(PT_FIXED+29) +#define TPM_PT_MAX_COMMAND_SIZE (TPM_PT)(PT_FIXED+30) +#define TPM_PT_MAX_RESPONSE_SIZE (TPM_PT)(PT_FIXED+31) +#define TPM_PT_MAX_DIGEST (TPM_PT)(PT_FIXED+32) +#define TPM_PT_MAX_OBJECT_CONTEXT (TPM_PT)(PT_FIXED+33) +#define TPM_PT_MAX_SESSION_CONTEXT (TPM_PT)(PT_FIXED+34) +#define TPM_PT_PS_FAMILY_INDICATOR (TPM_PT)(PT_FIXED+35) +#define TPM_PT_PS_LEVEL (TPM_PT)(PT_FIXED+36) +#define TPM_PT_PS_REVISION (TPM_PT)(PT_FIXED+37) +#define TPM_PT_PS_DAY_OF_YEAR (TPM_PT)(PT_FIXED+38) +#define TPM_PT_PS_YEAR (TPM_PT)(PT_FIXED+39) +#define TPM_PT_SPLIT_MAX (TPM_PT)(PT_FIXED+40) +#define TPM_PT_TOTAL_COMMANDS (TPM_PT)(PT_FIXED+41) +#define TPM_PT_LIBRARY_COMMANDS (TPM_PT)(PT_FIXED+42) +#define TPM_PT_VENDOR_COMMANDS (TPM_PT)(PT_FIXED+43) +#define TPM_PT_NV_BUFFER_MAX (TPM_PT)(PT_FIXED+44) +#define TPM_PT_MODES (TPM_PT)(PT_FIXED+45) +#define TPM_PT_MAX_CAP_BUFFER (TPM_PT)(PT_FIXED+46) +#define PT_VAR (TPM_PT)(PT_GROUP*2) +#define TPM_PT_PERMANENT (TPM_PT)(PT_VAR+0) +#define TPM_PT_STARTUP_CLEAR (TPM_PT)(PT_VAR+1) +#define TPM_PT_HR_NV_INDEX (TPM_PT)(PT_VAR+2) +#define TPM_PT_HR_LOADED (TPM_PT)(PT_VAR+3) +#define TPM_PT_HR_LOADED_AVAIL (TPM_PT)(PT_VAR+4) +#define TPM_PT_HR_ACTIVE (TPM_PT)(PT_VAR+5) +#define TPM_PT_HR_ACTIVE_AVAIL (TPM_PT)(PT_VAR+6) +#define TPM_PT_HR_TRANSIENT_AVAIL (TPM_PT)(PT_VAR+7) +#define TPM_PT_HR_PERSISTENT (TPM_PT)(PT_VAR+8) +#define TPM_PT_HR_PERSISTENT_AVAIL (TPM_PT)(PT_VAR+9) +#define TPM_PT_NV_COUNTERS (TPM_PT)(PT_VAR+10) +#define TPM_PT_NV_COUNTERS_AVAIL (TPM_PT)(PT_VAR+11) +#define TPM_PT_ALGORITHM_SET (TPM_PT)(PT_VAR+12) +#define TPM_PT_LOADED_CURVES (TPM_PT)(PT_VAR+13) +#define TPM_PT_LOCKOUT_COUNTER (TPM_PT)(PT_VAR+14) +#define TPM_PT_MAX_AUTH_FAIL (TPM_PT)(PT_VAR+15) +#define TPM_PT_LOCKOUT_INTERVAL (TPM_PT)(PT_VAR+16) +#define TPM_PT_LOCKOUT_RECOVERY (TPM_PT)(PT_VAR+17) +#define TPM_PT_NV_WRITE_RECOVERY (TPM_PT)(PT_VAR+18) +#define TPM_PT_AUDIT_COUNTER_0 (TPM_PT)(PT_VAR+19) +#define TPM_PT_AUDIT_COUNTER_1 (TPM_PT)(PT_VAR+20) + +// Table 2:24 - Definition of TPM_PT_PCR Constants +typedef UINT32 TPM_PT_PCR; +#define TYPE_OF_TPM_PT_PCR UINT32 +#define TPM_PT_PCR_FIRST (TPM_PT_PCR)(0x00000000) +#define TPM_PT_PCR_SAVE (TPM_PT_PCR)(0x00000000) +#define TPM_PT_PCR_EXTEND_L0 (TPM_PT_PCR)(0x00000001) +#define TPM_PT_PCR_RESET_L0 (TPM_PT_PCR)(0x00000002) +#define TPM_PT_PCR_EXTEND_L1 (TPM_PT_PCR)(0x00000003) +#define TPM_PT_PCR_RESET_L1 (TPM_PT_PCR)(0x00000004) +#define TPM_PT_PCR_EXTEND_L2 (TPM_PT_PCR)(0x00000005) +#define TPM_PT_PCR_RESET_L2 (TPM_PT_PCR)(0x00000006) +#define TPM_PT_PCR_EXTEND_L3 (TPM_PT_PCR)(0x00000007) +#define TPM_PT_PCR_RESET_L3 (TPM_PT_PCR)(0x00000008) +#define TPM_PT_PCR_EXTEND_L4 (TPM_PT_PCR)(0x00000009) +#define TPM_PT_PCR_RESET_L4 (TPM_PT_PCR)(0x0000000A) +#define TPM_PT_PCR_NO_INCREMENT (TPM_PT_PCR)(0x00000011) +#define TPM_PT_PCR_DRTM_RESET (TPM_PT_PCR)(0x00000012) +#define TPM_PT_PCR_POLICY (TPM_PT_PCR)(0x00000013) +#define TPM_PT_PCR_AUTH (TPM_PT_PCR)(0x00000014) +#define TPM_PT_PCR_LAST (TPM_PT_PCR)(0x00000014) + +// Table 2:25 - Definition of TPM_PS Constants +typedef UINT32 TPM_PS; +#define TYPE_OF_TPM_PS UINT32 +#define TPM_PS_MAIN (TPM_PS)(0x00000000) +#define TPM_PS_PC (TPM_PS)(0x00000001) +#define TPM_PS_PDA (TPM_PS)(0x00000002) +#define TPM_PS_CELL_PHONE (TPM_PS)(0x00000003) +#define TPM_PS_SERVER (TPM_PS)(0x00000004) +#define TPM_PS_PERIPHERAL (TPM_PS)(0x00000005) +#define TPM_PS_TSS (TPM_PS)(0x00000006) +#define TPM_PS_STORAGE (TPM_PS)(0x00000007) +#define TPM_PS_AUTHENTICATION (TPM_PS)(0x00000008) +#define TPM_PS_EMBEDDED (TPM_PS)(0x00000009) +#define TPM_PS_HARDCOPY (TPM_PS)(0x0000000A) +#define TPM_PS_INFRASTRUCTURE (TPM_PS)(0x0000000B) +#define TPM_PS_VIRTUALIZATION (TPM_PS)(0x0000000C) +#define TPM_PS_TNC (TPM_PS)(0x0000000D) +#define TPM_PS_MULTI_TENANT (TPM_PS)(0x0000000E) +#define TPM_PS_TC (TPM_PS)(0x0000000F) + +// Table 2:26 - Definition of Types for Handles +typedef UINT32 TPM_HANDLE; +#define TYPE_OF_TPM_HANDLE UINT32 + +// Table 2:27 - Definition of TPM_HT Constants +typedef UINT8 TPM_HT; +#define TYPE_OF_TPM_HT UINT8 +#define TPM_HT_PCR (TPM_HT)(0x00) +#define TPM_HT_NV_INDEX (TPM_HT)(0x01) +#define TPM_HT_HMAC_SESSION (TPM_HT)(0x02) +#define TPM_HT_LOADED_SESSION (TPM_HT)(0x02) +#define TPM_HT_POLICY_SESSION (TPM_HT)(0x03) +#define TPM_HT_SAVED_SESSION (TPM_HT)(0x03) +#define TPM_HT_PERMANENT (TPM_HT)(0x40) +#define TPM_HT_TRANSIENT (TPM_HT)(0x80) +#define TPM_HT_PERSISTENT (TPM_HT)(0x81) +#define TPM_HT_AC (TPM_HT)(0x90) + +// Table 2:28 - Definition of TPM_RH Constants +typedef TPM_HANDLE TPM_RH; +#define TPM_RH_FIRST (TPM_RH)(0x40000000) +#define TPM_RH_SRK (TPM_RH)(0x40000000) +#define TPM_RH_OWNER (TPM_RH)(0x40000001) +#define TPM_RH_REVOKE (TPM_RH)(0x40000002) +#define TPM_RH_TRANSPORT (TPM_RH)(0x40000003) +#define TPM_RH_OPERATOR (TPM_RH)(0x40000004) +#define TPM_RH_ADMIN (TPM_RH)(0x40000005) +#define TPM_RH_EK (TPM_RH)(0x40000006) +#define TPM_RH_NULL (TPM_RH)(0x40000007) +#define TPM_RH_UNASSIGNED (TPM_RH)(0x40000008) +#define TPM_RS_PW (TPM_RH)(0x40000009) +#define TPM_RH_LOCKOUT (TPM_RH)(0x4000000A) +#define TPM_RH_ENDORSEMENT (TPM_RH)(0x4000000B) +#define TPM_RH_PLATFORM (TPM_RH)(0x4000000C) +#define TPM_RH_PLATFORM_NV (TPM_RH)(0x4000000D) +#define TPM_RH_AUTH_00 (TPM_RH)(0x40000010) +#define TPM_RH_AUTH_FF (TPM_RH)(0x4000010F) +#define TPM_RH_LAST (TPM_RH)(0x4000010F) + +// Table 2:29 - Definition of TPM_HC Constants +typedef TPM_HANDLE TPM_HC; +#define HR_HANDLE_MASK (TPM_HC)(0x00FFFFFF) +#define HR_RANGE_MASK (TPM_HC)(0xFF000000) +#define HR_SHIFT (TPM_HC)(24) +#define HR_PCR (TPM_HC)((TPM_HT_PCR< +#include +#include + + +//*************************************************************** +//** Links to the wolfcrypt HASH code +//*************************************************************** + +// Redefine the internal name used for each of the hash state structures to the +// name used by the library. +// These defines need to be known in all parts of the TPM so that the structure +// sizes can be properly computed when needed. + +#define tpmHashStateSHA1_t wc_Sha +#define tpmHashStateSHA256_t wc_Sha256 +#define tpmHashStateSHA384_t wc_Sha512 +#define tpmHashStateSHA512_t wc_Sha512 + +#if ALG_SM3 +# error "The version of WolfCrypt used by this code does not support SM3" +#endif + +// The defines below are only needed when compiling CryptHash.c or CryptSmac.c. +// This isolation is primarily to avoid name space collision. However, if there +// is a real collision, it will likely show up when the linker tries to put things +// together. + +#ifdef _CRYPT_HASH_C_ + +typedef BYTE *PBYTE; +typedef const BYTE *PCBYTE; + +// Define the interface between CryptHash.c to the functions provided by the +// library. For each method, define the calling parameters of the method and then +// define how the method is invoked in CryptHash.c. +// +// All hashes are required to have the same calling sequence. If they don't, create +// a simple adaptation function that converts from the "standard" form of the call +// to the form used by the specific hash (and then send a nasty letter to the +// person who wrote the hash function for the library). +// +// The macro that calls the method also defines how the +// parameters get swizzled between the default form (in CryptHash.c)and the +// library form. +// +// Initialize the hash context +#define HASH_START_METHOD_DEF void (HASH_START_METHOD)(PANY_HASH_STATE state) +#define HASH_START(hashState) \ + ((hashState)->def->method.start)(&(hashState)->state); + +// Add data to the hash +#define HASH_DATA_METHOD_DEF \ + void (HASH_DATA_METHOD)(PANY_HASH_STATE state, \ + PCBYTE buffer, \ + size_t size) +#define HASH_DATA(hashState, dInSize, dIn) \ + ((hashState)->def->method.data)(&(hashState)->state, dIn, dInSize) + +// Finalize the hash and get the digest +#define HASH_END_METHOD_DEF \ + void (HASH_END_METHOD)(PANY_HASH_STATE state, BYTE *buffer) +#define HASH_END(hashState, buffer) \ + ((hashState)->def->method.end)(&(hashState)->state, buffer) + +// Copy the hash context +// Note: For import, export, and copy, memcpy() is used since there is no +// reformatting necessary between the internal and external forms. +#define HASH_STATE_COPY_METHOD_DEF \ + void (HASH_STATE_COPY_METHOD)(PANY_HASH_STATE to, \ + PCANY_HASH_STATE from, \ + size_t size) +#define HASH_STATE_COPY(hashStateOut, hashStateIn) \ + ((hashStateIn)->def->method.copy)(&(hashStateOut)->state, \ + &(hashStateIn)->state, \ + (hashStateIn)->def->contextSize) + +// Copy (with reformatting when necessary) an internal hash structure to an +// external blob +#define HASH_STATE_EXPORT_METHOD_DEF \ + void (HASH_STATE_EXPORT_METHOD)(BYTE *to, \ + PCANY_HASH_STATE from, \ + size_t size) +#define HASH_STATE_EXPORT(to, hashStateFrom) \ + ((hashStateFrom)->def->method.copyOut) \ + (&(((BYTE *)(to))[offsetof(HASH_STATE, state)]), \ + &(hashStateFrom)->state, \ + (hashStateFrom)->def->contextSize) + +// Copy from an external blob to an internal formate (with reformatting when +// necessary +#define HASH_STATE_IMPORT_METHOD_DEF \ + void (HASH_STATE_IMPORT_METHOD)(PANY_HASH_STATE to, \ + const BYTE *from, \ + size_t size) +#define HASH_STATE_IMPORT(hashStateTo, from) \ + ((hashStateTo)->def->method.copyIn) \ + (&(hashStateTo)->state, \ + &(((const BYTE *)(from))[offsetof(HASH_STATE, state)]),\ + (hashStateTo)->def->contextSize) + + +// Function aliases. The code in CryptHash.c uses the internal designation for the +// functions. These need to be translated to the function names of the library. +// Internal External +// Designation Designation +#define tpmHashStart_SHA1 wc_InitSha // external name of the + // initialization method +#define tpmHashData_SHA1 wc_ShaUpdate +#define tpmHashEnd_SHA1 wc_ShaFinal +#define tpmHashStateCopy_SHA1 memcpy +#define tpmHashStateExport_SHA1 memcpy +#define tpmHashStateImport_SHA1 memcpy +#define tpmHashStart_SHA256 wc_InitSha256 +#define tpmHashData_SHA256 wc_Sha256Update +#define tpmHashEnd_SHA256 wc_Sha256Final +#define tpmHashStateCopy_SHA256 memcpy +#define tpmHashStateExport_SHA256 memcpy +#define tpmHashStateImport_SHA256 memcpy +#define tpmHashStart_SHA384 wc_InitSha384 +#define tpmHashData_SHA384 wc_Sha384Update +#define tpmHashEnd_SHA384 wc_Sha384Final +#define tpmHashStateCopy_SHA384 memcpy +#define tpmHashStateExport_SHA384 memcpy +#define tpmHashStateImport_SHA384 memcpy +#define tpmHashStart_SHA512 wc_InitSha512 +#define tpmHashData_SHA512 wc_Sha512Update +#define tpmHashEnd_SHA512 wc_Sha512Final +#define tpmHashStateCopy_SHA512 memcpy +#define tpmHashStateExport_SHA512 memcpy +#define tpmHashStateImport_SHA512 memcpy + +#endif // _CRYPT_HASH_C_ + +#define LibHashInit() +// This definition would change if there were something to report +#define HashLibSimulationEnd() + +#endif // HASH_LIB_DEFINED diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Wolf/TpmToWolfMath.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Wolf/TpmToWolfMath.h new file mode 100644 index 000000000..18b48b931 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Wolf/TpmToWolfMath.h @@ -0,0 +1,91 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +//** Introduction +// This file contains the structure definitions used for ECC in the LibTomCrypt +// version of the code. These definitions would change, based on the library. +// The ECC-related structures that cross the TPM interface are defined +// in TpmTypes.h +// + +#ifndef MATH_LIB_DEFINED +#define MATH_LIB_DEFINED + +#define MATH_LIB_WOLF + +#if ALG_ECC +#define HAVE_ECC +#endif + +#include +#include + +#define MP_VAR(name) \ + mp_int _##name; \ + mp_int *name = MpInitialize(&_##name); + +// Allocate a mp_int and initialize with the values in a mp_int* initializer +#define MP_INITIALIZED(name, initializer) \ + MP_VAR(name); \ + BnToWolf(name, initializer); + +#define POINT_CREATE(name, initializer) \ + ecc_point *name = EcPointInitialized(initializer); + +#define POINT_DELETE(name) \ + wc_ecc_del_point(name); \ + name = NULL; + +typedef ECC_CURVE_DATA bnCurve_t; + +typedef bnCurve_t *bigCurve; + +#define AccessCurveData(E) (E) + +#define CURVE_INITIALIZED(name, initializer) \ + bnCurve_t *name = (ECC_CURVE_DATA *)GetCurveData(initializer) + +#define CURVE_FREE(E) + +#include "TpmToWolfSupport_fp.h" + +#define WOLF_ENTER() + +#define WOLF_LEAVE() + +// This definition would change if there were something to report +#define MathLibSimulationEnd() + +#endif // MATH_LIB_DEFINED diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Wolf/TpmToWolfSym.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Wolf/TpmToWolfSym.h new file mode 100644 index 000000000..54e01e3ed --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Wolf/TpmToWolfSym.h @@ -0,0 +1,115 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +//** Introduction +// +// This header file is used to 'splice' the wolfcrypt library into the TPM code. + +#ifndef SYM_LIB_DEFINED +#define SYM_LIB_DEFINED + +#define SYM_LIB_WOLF + +#include +#include + +//*************************************************************** +//** Links to the wolfCrypt AES code +//*************************************************************** + +#if ALG_SM4 +#error "SM4 is not available" +#endif + +#if ALG_CAMELLIA +#error "Camellia is not available" +#endif + +// Define the order of parameters to the library functions that do block encryption +// and decryption. +typedef void(*TpmCryptSetSymKeyCall_t)( + void *keySchedule, + BYTE *out, + const BYTE *in + ); + +// The Crypt functions that call the block encryption function use the parameters +// in the order: +// 1) keySchedule +// 2) in buffer +// 3) out buffer +// Since wolfcrypt uses the order in encryptoCall_t above, need to swizzle the +// values to the order required by the library. +#define SWIZZLE(keySchedule, in, out) \ + (void *)(keySchedule), (BYTE *)(out), (const BYTE *)(in) + +// Macros to set up the encryption/decryption key schedules +// +// AES: +#define TpmCryptSetEncryptKeyAES(key, keySizeInBits, schedule) \ + wc_AesSetKeyDirect((tpmKeyScheduleAES *)(schedule), key, BITS_TO_BYTES(keySizeInBits), 0, AES_ENCRYPTION) +#define TpmCryptSetDecryptKeyAES(key, keySizeInBits, schedule) \ + wc_AesSetKeyDirect((tpmKeyScheduleAES *)(schedule), key, BITS_TO_BYTES(keySizeInBits), 0, AES_DECRYPTION) + +// TDES: +#define TpmCryptSetEncryptKeyTDES(key, keySizeInBits, schedule) \ + TDES_setup_encrypt_key((key), (keySizeInBits), (tpmKeyScheduleTDES *)(schedule)) +#define TpmCryptSetDecryptKeyTDES(key, keySizeInBits, schedule) \ + TDES_setup_decrypt_key((key), (keySizeInBits), (tpmKeyScheduleTDES *)(schedule)) + +// Macros to alias encryption calls to specific algorithms. This should be used +// sparingly. Currently, only used by CryptRand.c +// +// When using these calls, to call the AES block encryption code, the caller +// should use: +// TpmCryptEncryptAES(SWIZZLE(keySchedule, in, out)); +#define TpmCryptEncryptAES wc_AesEncryptDirect +#define TpmCryptDecryptAES wc_AesDecryptDirect +#define tpmKeyScheduleAES Aes + +#define TpmCryptEncryptTDES TDES_encrypt +#define TpmCryptDecryptTDES TDES_decrypt +#define tpmKeyScheduleTDES Des3 + +typedef union tpmCryptKeySchedule_t tpmCryptKeySchedule_t; + +#if ALG_TDES +#include "TpmToWolfDesSupport_fp.h" +#endif + +// This definition would change if there were something to report +#define SymLibSimulationEnd() + +#endif // SYM_LIB_DEFINED diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Wolf/user_settings.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Wolf/user_settings.h new file mode 100644 index 000000000..168fcb38c --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Wolf/user_settings.h @@ -0,0 +1,106 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + + +/* TPM specific preprocessor flags for wolfcrypt */ + + +#ifndef WOLF_CRYPT_USER_SETTINGS_H +#define WOLF_CRYPT_USER_SETTINGS_H + +/* Remove the automatic setting of the default I/O functions EmbedSend() + and EmbedReceive(). */ +#define WOLFSSL_USER_IO + +/* Avoid naming conflicts */ +#define NO_OLD_WC_NAMES + +/* Use stack based fast math for all big integer math */ +#define USE_FAST_MATH +#define TFM_TIMING_RESISTANT + +/* Expose direct encryption functions */ +#define WOLFSSL_AES_DIRECT + +/* Enable/Disable algorithm support based on TPM implementation header */ +#if ALG_SHA256 + #define WOLFSSL_SHA256 +#endif +#if ALG_SHA384 || ALG_SHA512 + #define WOLFSSL_SHA384 + #define WOLFSSL_SHA512 +#endif +#if ALG_TDES + #define WOLFSSL_DES_ECB +#endif +#if ALG_RSA + /* Turn on RSA key generation functionality */ + #define WOLFSSL_KEY_GEN +#endif +#if ALG_ECC || defined(WOLFSSL_LIB) + #define HAVE_ECC + + /* Expose additional ECC primitives */ + #define WOLFSSL_PUBLIC_ECC_ADD_DBL + #define ECC_TIMING_RESISTANT + + /* Enables Shamir calc method */ + #define ECC_SHAMIR + + /* The TPM only needs low level ECC crypto */ + #define NO_ECC_SIGN + #define NO_ECC_VERIFY + #define NO_ECC_SECP + + #undef ECC_BN_P256 + #undef ECC_SM2_P256 + #undef ECC_BN_P638 + #define ECC_BN_P256 NO + #define ECC_SM2_P256 NO + #define ECC_BN_P638 NO + +#endif + +/* Disable explicit RSA. The TPM support for RSA is dependent only on TFM */ +#define NO_RSA +#define NO_RC4 +#define NO_ASN + +/* Enable debug wolf library check */ +//#define LIBRARY_COMPATIBILITY_CHECK + +#define WOLFSSL_ + +#endif // WOLF_CRYPT_USER_SETTINGS_H diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/X509.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/X509.h new file mode 100644 index 000000000..ef3332c2d --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/X509.h @@ -0,0 +1,134 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +//** Introduction +// This file contains the macro and structure definitions for the X509 commands and +// functions. + +#ifndef _X509_H_ +#define _X509_H_ + +//** Includes + +#include "Tpm.h" +#include "TpmASN1.h" + +//** Defined Constants + +//*** X509 Application-specific types +#define X509_SELECTION 0xA0 +#define X509_ISSUER_UNIQUE_ID 0xA1 +#define X509_SUBJECT_UNIQUE_ID 0xA2 +#define X509_EXTENSIONS 0xA3 + +// These defines give the order in which values appear in the TBScertificate +// of an x.509 certificate. These values are used to index into an array of +// +#define ENCODED_SIZE_REF 0 +#define VERSION_REF (ENCODED_SIZE_REF + 1) +#define SERIAL_NUMBER_REF (VERSION_REF + 1) +#define SIGNATURE_REF (SERIAL_NUMBER_REF + 1) +#define ISSUER_REF (SIGNATURE_REF + 1) +#define VALIDITY_REF (ISSUER_REF + 1) +#define SUBJECT_KEY_REF (VALIDITY_REF + 1) +#define SUBJECT_PUBLIC_KEY_REF (SUBJECT_KEY_REF + 1) +#define EXTENSIONS_REF (SUBJECT_PUBLIC_KEY_REF + 1) +#define REF_COUNT (EXTENSIONS_REF + 1) + +#undef MAKE_OID +#ifdef _X509_SPT_ +# define MAKE_OID(NAME) \ + const BYTE OID##NAME[] = {OID##NAME##_VALUE} +#else +# define MAKE_OID(NAME) \ + extern const BYTE OID##NAME[] +#endif + + +//** Structures + + +// Used to access the fields of a TBSsignature some of which are in the in_CertifyX509 +// structure and some of which are in the out_CertifyX509 structure. +typedef struct stringRef +{ + BYTE *buf; + INT16 len; +} stringRef; + + +typedef union x509KeyUsageUnion { + TPMA_X509_KEY_USAGE x509; + UINT32 integer; +} x509KeyUsageUnion; + + +//** Global X509 Constants +// These values are instanced by X509_spt.c and referenced by other X509-related +// files. + + +// This is the DER-encoded value for the Key Usage OID (2.5.29.15). This is the +// full OID, not just the numeric value +#define OID_KEY_USAGE_EXTENSTION_VALUE 0x06, 0x03, 0x55, 0x1D, 0x0F +MAKE_OID(_KEY_USAGE_EXTENSTION); + +// This is the DER-encoded value for the TCG-defined TPMA_OBJECT OID +// (2.23.133.10.1.1.1) +#define OID_TCG_TPMA_OBJECT_VALUE 0x06, 0x07, 0x67, 0x81, 0x05, 0x0a, 0x01, \ + 0x01, 0x01 +MAKE_OID(_TCG_TPMA_OBJECT); + +#ifdef _X509_SPT_ +const x509KeyUsageUnion keyUsageSign = { TPMA_X509_KEY_USAGE_INITIALIZER( + /* digitalsignature */ 1, /* nonrepudiation */ 0, + /* keyencipherment */ 0, /* dataencipherment */ 0, + /* keyagreement */ 0, /* keycertsign */ 1, + /* crlsign */ 1, /* encipheronly */ 0, + /* decipheronly */ 0, /* bits_at_9 */ 0) }; + +const x509KeyUsageUnion keyUsageDecrypt = { TPMA_X509_KEY_USAGE_INITIALIZER( + /* digitalsignature */ 0, /* nonrepudiation */ 0, + /* keyencipherment */ 1, /* dataencipherment */ 1, + /* keyagreement */ 1, /* keycertsign */ 0, + /* crlsign */ 0, /* encipheronly */ 1, + /* decipheronly */ 1, /* bits_at_9 */ 0) }; +#else +extern x509KeyUsageUnion keyUsageSign; +extern x509KeyUsageUnion keyUsageDecrypt; +#endif + +#undef MAKE_OID + +#endif // _X509_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/AC_GetCapability_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/AC_GetCapability_fp.h new file mode 100644 index 000000000..c5998a7df --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/AC_GetCapability_fp.h @@ -0,0 +1,71 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_AC_GetCapability // Command must be enabled + +#ifndef _AC_Get_Capability_FP_H_ +#define _AC_Get_Capability_FP_H_ + +// Input structure definition +typedef struct { + TPMI_RH_AC ac; + TPM_AT capability; + UINT32 count; +} AC_GetCapability_In; + +// Output structure definition +typedef struct { + TPMI_YES_NO moreData; + TPML_AC_CAPABILITIES capabilitiesData; +} AC_GetCapability_Out; + +// Response code modifiers +#define RC_AC_GetCapability_ac (TPM_RC_H + TPM_RC_1) +#define RC_AC_GetCapability_capability (TPM_RC_P + TPM_RC_1) +#define RC_AC_GetCapability_count (TPM_RC_P + TPM_RC_2) + +// Function prototype +TPM_RC +TPM2_AC_GetCapability( + AC_GetCapability_In *in, + AC_GetCapability_Out *out +); + +#endif // _AC_Get_Capability_FP_H_ +#endif // CC_AC_GetCapability diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/AC_Send_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/AC_Send_fp.h new file mode 100644 index 000000000..9b7d71caf --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/AC_Send_fp.h @@ -0,0 +1,72 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_AC_Send // Command must be enabled + +#ifndef _AC_Send_FP_H_ +#define _AC_Send_FP_H_ + +// Input structure definition +typedef struct { + TPMI_DH_OBJECT sendObject; + TPMI_RH_NV_AUTH authHandle; + TPMI_RH_AC ac; + TPM2B_MAX_BUFFER acDataIn; +} AC_Send_In; + +// Output structure definition +typedef struct { + TPMS_AC_OUTPUT acDataOut; +} AC_Send_Out; + +// Response code modifiers +#define RC_AC_Send_sendObject (TPM_RC_H + TPM_RC_1) +#define RC_AC_Send_authHandle (TPM_RC_H + TPM_RC_2) +#define RC_AC_Send_ac (TPM_RC_H + TPM_RC_3) +#define RC_AC_Send_acDataIn (TPM_RC_P + TPM_RC_1) + +// Function prototype +TPM_RC +TPM2_AC_Send( + AC_Send_In *in, + AC_Send_Out *out +); + +#endif // _AC_Send_FP_H_ +#endif // CC_AC_Send diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/AC_spt_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/AC_spt_fp.h new file mode 100644 index 000000000..280eb8edd --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/AC_spt_fp.h @@ -0,0 +1,80 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Mar 28, 2019 Time: 08:25:18PM + */ + +#ifndef _AC_SPT_FP_H_ +#define _AC_SPT_FP_H_ + +//*** AcToCapabilities() +// This function returns a pointer to a list of AC capabilities. +TPML_AC_CAPABILITIES * +AcToCapabilities( + TPMI_RH_AC component // IN: component +); + +//*** AcIsAccessible() +// Function to determine if an AC handle references an actual AC +// Return Type: BOOL +BOOL +AcIsAccessible( + TPM_HANDLE acHandle +); + +//*** AcCapabilitiesGet() +// This function returns a list of capabilities associated with an AC +// Return Type: TPMI_YES_NO +// YES if there are more handles available +// NO all the available handles has been returned +TPMI_YES_NO +AcCapabilitiesGet( + TPMI_RH_AC component, // IN: the component + TPM_AT type, // IN: start capability type + TPML_AC_CAPABILITIES *capabilityList // OUT: list of handle +); + +//*** AcSendObject() +// Stub to handle sending of an AC object +// Return Type: TPM_RC +TPM_RC +AcSendObject( + TPM_HANDLE acHandle, // IN: Handle of AC receiving object + OBJECT *object, // IN: object structure to send + TPMS_AC_OUTPUT *acDataOut // OUT: results of operation +); + +#endif // _AC_SPT_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ActivateCredential_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ActivateCredential_fp.h new file mode 100644 index 000000000..0779c7205 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ActivateCredential_fp.h @@ -0,0 +1,72 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_ActivateCredential // Command must be enabled + +#ifndef _Activate_Credential_FP_H_ +#define _Activate_Credential_FP_H_ + +// Input structure definition +typedef struct { + TPMI_DH_OBJECT activateHandle; + TPMI_DH_OBJECT keyHandle; + TPM2B_ID_OBJECT credentialBlob; + TPM2B_ENCRYPTED_SECRET secret; +} ActivateCredential_In; + +// Output structure definition +typedef struct { + TPM2B_DIGEST certInfo; +} ActivateCredential_Out; + +// Response code modifiers +#define RC_ActivateCredential_activateHandle (TPM_RC_H + TPM_RC_1) +#define RC_ActivateCredential_keyHandle (TPM_RC_H + TPM_RC_2) +#define RC_ActivateCredential_credentialBlob (TPM_RC_P + TPM_RC_1) +#define RC_ActivateCredential_secret (TPM_RC_P + TPM_RC_2) + +// Function prototype +TPM_RC +TPM2_ActivateCredential( + ActivateCredential_In *in, + ActivateCredential_Out *out +); + +#endif // _Activate_Credential_FP_H_ +#endif // CC_ActivateCredential diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/AlgorithmCap_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/AlgorithmCap_fp.h new file mode 100644 index 000000000..32c99a1c6 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/AlgorithmCap_fp.h @@ -0,0 +1,64 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Mar 28, 2019 Time: 08:25:19PM + */ + +#ifndef _ALGORITHM_CAP_FP_H_ +#define _ALGORITHM_CAP_FP_H_ + +//** AlgorithmCapGetImplemented() +// This function is used by TPM2_GetCapability() to return a list of the +// implemented algorithms. +// Return Type: TPMI_YES_NO +// YES more algorithms to report +// NO no more algorithms to report +TPMI_YES_NO +AlgorithmCapGetImplemented( + TPM_ALG_ID algID, // IN: the starting algorithm ID + UINT32 count, // IN: count of returned algorithms + TPML_ALG_PROPERTY *algList // OUT: algorithm list +); + +//** AlgorithmGetImplementedVector() +// This function returns the bit vector of the implemented algorithms. +LIB_EXPORT +void +AlgorithmGetImplementedVector( + ALGORITHM_VECTOR *implemented // OUT: the implemented bits are SET +); + +#endif // _ALGORITHM_CAP_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/AlgorithmTests_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/AlgorithmTests_fp.h new file mode 100644 index 000000000..fbe539d6f --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/AlgorithmTests_fp.h @@ -0,0 +1,72 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Mar 28, 2019 Time: 08:25:18PM + */ + +#ifndef _ALGORITHM_TESTS_FP_H_ +#define _ALGORITHM_TESTS_FP_H_ + +#if SELF_TEST + +//*** TestAlgorithm() +// Dispatches to the correct test function for the algorithm or gets a list of +// testable algorithms. +// +// If 'toTest' is not NULL, then the test decisions are based on the algorithm +// selections in 'toTest'. Otherwise, 'g_toTest' is used. When bits are clear in +// 'g_toTest' they will also be cleared 'toTest'. +// +// If there doesn't happen to be a test for the algorithm, its associated bit is +// quietly cleared. +// +// If 'alg' is zero (TPM_ALG_ERROR), then the toTest vector is cleared of any bits +// for which there is no test (i.e. no tests are actually run but the vector is +// cleared). +// +// Note: 'toTest' will only ever have bits set for implemented algorithms but 'alg' +// can be anything. +// Return Type: TPM_RC +// TPM_RC_CANCELED test was canceled +LIB_EXPORT +TPM_RC +TestAlgorithm( + TPM_ALG_ID alg, + ALGORITHM_VECTOR *toTest +); +#endif // SELF_TESTS + +#endif // _ALGORITHM_TESTS_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Attest_spt_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Attest_spt_fp.h new file mode 100644 index 000000000..dbf634480 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Attest_spt_fp.h @@ -0,0 +1,88 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Mar 28, 2019 Time: 08:25:18PM + */ + +#ifndef _ATTEST_SPT_FP_H_ +#define _ATTEST_SPT_FP_H_ + +//***FillInAttestInfo() +// Fill in common fields of TPMS_ATTEST structure. +void +FillInAttestInfo( + TPMI_DH_OBJECT signHandle, // IN: handle of signing object + TPMT_SIG_SCHEME *scheme, // IN/OUT: scheme to be used for signing + TPM2B_DATA *data, // IN: qualifying data + TPMS_ATTEST *attest // OUT: attest structure +); + +//***SignAttestInfo() +// Sign a TPMS_ATTEST structure. If signHandle is TPM_RH_NULL, a null signature +// is returned. +// +// Return Type: TPM_RC +// TPM_RC_ATTRIBUTES 'signHandle' references not a signing key +// TPM_RC_SCHEME 'scheme' is not compatible with 'signHandle' type +// TPM_RC_VALUE digest generated for the given 'scheme' is greater than +// the modulus of 'signHandle' (for an RSA key); +// invalid commit status or failed to generate "r" value +// (for an ECC key) +TPM_RC +SignAttestInfo( + OBJECT *signKey, // IN: sign object + TPMT_SIG_SCHEME *scheme, // IN: sign scheme + TPMS_ATTEST *certifyInfo, // IN: the data to be signed + TPM2B_DATA *qualifyingData, // IN: extra data for the signing + // process + TPM2B_ATTEST *attest, // OUT: marshaled attest blob to be + // signed + TPMT_SIGNATURE *signature // OUT: signature +); + +//*** IsSigningObject() +// Checks to see if the object is OK for signing. This is here rather than in +// Object_spt.c because all the attestation commands use this file but not +// Object_spt.c. +// Return Type: BOOL +// TRUE(1) object may sign +// FALSE(0) object may not sign +BOOL +IsSigningObject( + OBJECT *object // IN: +); + +#endif // _ATTEST_SPT_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Bits_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Bits_fp.h new file mode 100644 index 000000000..5baaa5d9e --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Bits_fp.h @@ -0,0 +1,73 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Mar 28, 2019 Time: 08:25:19PM + */ + +#ifndef _BITS_FP_H_ +#define _BITS_FP_H_ + +//*** TestBit() +// This function is used to check the setting of a bit in an array of bits. +// Return Type: BOOL +// TRUE(1) bit is set +// FALSE(0) bit is not set +BOOL +TestBit( + unsigned int bitNum, // IN: number of the bit in 'bArray' + BYTE *bArray, // IN: array containing the bits + unsigned int bytesInArray // IN: size in bytes of 'bArray' +); + +//*** SetBit() +// This function will set the indicated bit in 'bArray'. +void +SetBit( + unsigned int bitNum, // IN: number of the bit in 'bArray' + BYTE *bArray, // IN: array containing the bits + unsigned int bytesInArray // IN: size in bytes of 'bArray' +); + +//*** ClearBit() +// This function will clear the indicated bit in 'bArray'. +void +ClearBit( + unsigned int bitNum, // IN: number of the bit in 'bArray'. + BYTE *bArray, // IN: array containing the bits + unsigned int bytesInArray // IN: size in bytes of 'bArray' +); + +#endif // _BITS_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/BnConvert_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/BnConvert_fp.h new file mode 100644 index 000000000..35733f48d --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/BnConvert_fp.h @@ -0,0 +1,130 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Mar 28, 2019 Time: 08:25:18PM + */ + +#ifndef _BN_CONVERT_FP_H_ +#define _BN_CONVERT_FP_H_ + +//*** BnFromBytes() +// This function will convert a big-endian byte array to the internal number +// format. If bn is NULL, then the output is NULL. If bytes is null or the +// required size is 0, then the output is set to zero +LIB_EXPORT bigNum +BnFromBytes( + bigNum bn, + const BYTE *bytes, + NUMBYTES nBytes +); + +//*** BnFrom2B() +// Convert an TPM2B to a BIG_NUM. +// If the input value does not exist, or the output does not exist, or the input +// will not fit into the output the function returns NULL +LIB_EXPORT bigNum +BnFrom2B( + bigNum bn, // OUT: + const TPM2B *a2B // IN: number to convert +); + +//*** BnFromHex() +// Convert a hex string into a bigNum. This is primarily used in debugging. +LIB_EXPORT bigNum +BnFromHex( + bigNum bn, // OUT: + const char *hex // IN: +); + +//*** BnToBytes() +// This function converts a BIG_NUM to a byte array. It converts the bigNum to a +// big-endian byte string and sets 'size' to the normalized value. If 'size' is an +// input 0, then the receiving buffer is guaranteed to be large enough for the result +// and the size will be set to the size required for bigNum (leading zeros +// suppressed). +// +// The conversion for a little-endian machine simply requires that all significant +// bytes of the bigNum be reversed. For a big-endian machine, rather than +// unpack each word individually, the bigNum is converted to little-endian words, +// copied, and then converted back to big-endian. +LIB_EXPORT BOOL +BnToBytes( + bigConst bn, + BYTE *buffer, + NUMBYTES *size // This the number of bytes that are + // available in the buffer. The result + // should be this big. +); + +//*** BnTo2B() +// Function to convert a BIG_NUM to TPM2B. +// The TPM2B size is set to the requested 'size' which may require padding. +// If 'size' is non-zero and less than required by the value in 'bn' then an error +// is returned. If 'size' is zero, then the TPM2B is assumed to be large enough +// for the data and a2b->size will be adjusted accordingly. +LIB_EXPORT BOOL +BnTo2B( + bigConst bn, // IN: + TPM2B *a2B, // OUT: + NUMBYTES size // IN: the desired size +); +#if ALG_ECC + +//*** BnPointFrom2B() +// Function to create a BIG_POINT structure from a 2B point. +// A point is going to be two ECC values in the same buffer. The values are going +// to be the size of the modulus. They are in modular form. +LIB_EXPORT bn_point_t * +BnPointFrom2B( + bigPoint ecP, // OUT: the preallocated point structure + TPMS_ECC_POINT *p // IN: the number to convert +); + +//*** BnPointTo2B() +// This function converts a BIG_POINT into a TPMS_ECC_POINT. A TPMS_ECC_POINT +// contains two TPM2B_ECC_PARAMETER values. The maximum size of the parameters +// is dependent on the maximum EC key size used in an implementation. +// The presumption is that the TPMS_ECC_POINT is large enough to hold 2 TPM2B +// values, each as large as a MAX_ECC_PARAMETER_BYTES +LIB_EXPORT BOOL +BnPointTo2B( + TPMS_ECC_POINT *p, // OUT: the converted 2B structure + bigPoint ecP, // IN: the values to be converted + bigCurve E // IN: curve descriptor for the point +); +#endif // ALG_ECC + +#endif // _BN_CONVERT_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/BnMath_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/BnMath_fp.h new file mode 100644 index 000000000..0b9107caa --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/BnMath_fp.h @@ -0,0 +1,238 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Mar 28, 2019 Time: 08:25:18PM + */ + +#ifndef _BN_MATH_FP_H_ +#define _BN_MATH_FP_H_ + +//*** BnAdd() +// This function adds two bigNum values. This function always returns TRUE. +LIB_EXPORT BOOL +BnAdd( + bigNum result, + bigConst op1, + bigConst op2 +); + +//*** BnAddWord() +// This function adds a word value to a bigNum. This function always returns TRUE. +LIB_EXPORT BOOL +BnAddWord( + bigNum result, + bigConst op, + crypt_uword_t word +); + +//*** BnSub() +// This function does subtraction of two bigNum values and returns result = op1 - op2 +// when op1 is greater than op2. If op2 is greater than op1, then a fault is +// generated. This function always returns TRUE. +LIB_EXPORT BOOL +BnSub( + bigNum result, + bigConst op1, + bigConst op2 +); + +//*** BnSubWord() +// This function subtracts a word value from a bigNum. This function always +// returns TRUE. +LIB_EXPORT BOOL +BnSubWord( + bigNum result, + bigConst op, + crypt_uword_t word +); + +//*** BnUnsignedCmp() +// This function performs a comparison of op1 to op2. The compare is approximately +// constant time if the size of the values used in the compare is consistent +// across calls (from the same line in the calling code). +// Return Type: int +// < 0 op1 is less than op2 +// 0 op1 is equal to op2 +// > 0 op1 is greater than op2 +LIB_EXPORT int +BnUnsignedCmp( + bigConst op1, + bigConst op2 +); + +//*** BnUnsignedCmpWord() +// Compare a bigNum to a crypt_uword_t. +// Return Type: int +// -1 op1 is less that word +// 0 op1 is equal to word +// 1 op1 is greater than word +LIB_EXPORT int +BnUnsignedCmpWord( + bigConst op1, + crypt_uword_t word +); + +//*** BnModWord() +// This function does modular division of a big number when the modulus is a +// word value. +LIB_EXPORT crypt_word_t +BnModWord( + bigConst numerator, + crypt_word_t modulus +); + +//*** Msb() +// This function returns the bit number of the most significant bit of a +// crypt_uword_t. The number for the least significant bit of any bigNum value is 0. +// The maximum return value is RADIX_BITS - 1, +// Return Type: int +// -1 the word was zero +// n the bit number of the most significant bit in the word +LIB_EXPORT int +Msb( + crypt_uword_t word +); + +//*** BnMsb() +// This function returns the number of the MSb of a bigNum value. +// Return Type: int +// -1 the word was zero or 'bn' was NULL +// n the bit number of the most significant bit in the word +LIB_EXPORT int +BnMsb( + bigConst bn +); + +//*** BnSizeInBits() +// This function returns the number of bits required to hold a number. It is one +// greater than the Msb. +// +LIB_EXPORT unsigned +BnSizeInBits( + bigConst n +); + +//*** BnSetWord() +// Change the value of a bignum_t to a word value. +LIB_EXPORT bigNum +BnSetWord( + bigNum n, + crypt_uword_t w +); + +//*** BnSetBit() +// This function will SET a bit in a bigNum. Bit 0 is the least-significant bit in +// the 0th digit_t. The function always return TRUE +LIB_EXPORT BOOL +BnSetBit( + bigNum bn, // IN/OUT: big number to modify + unsigned int bitNum // IN: Bit number to SET +); + +//*** BnTestBit() +// This function is used to check to see if a bit is SET in a bignum_t. The 0th bit +// is the LSb of d[0]. +// Return Type: BOOL +// TRUE(1) the bit is set +// FALSE(0) the bit is not set or the number is out of range +LIB_EXPORT BOOL +BnTestBit( + bigNum bn, // IN: number to check + unsigned int bitNum // IN: bit to test +); + +//***BnMaskBits() +// This function is used to mask off high order bits of a big number. +// The returned value will have no more than 'maskBit' bits +// set. +// Note: There is a requirement that unused words of a bignum_t are set to zero. +// Return Type: BOOL +// TRUE(1) result masked +// FALSE(0) the input was not as large as the mask +LIB_EXPORT BOOL +BnMaskBits( + bigNum bn, // IN/OUT: number to mask + crypt_uword_t maskBit // IN: the bit number for the mask. +); + +//*** BnShiftRight() +// This function will shift a bigNum to the right by the shiftAmount. +// This function always returns TRUE. +LIB_EXPORT BOOL +BnShiftRight( + bigNum result, + bigConst toShift, + uint32_t shiftAmount +); + +//*** BnGetRandomBits() +// This function gets random bits for use in various places. To make sure that the +// number is generated in a portable format, it is created as a TPM2B and then +// converted to the internal format. +// +// One consequence of the generation scheme is that, if the number of bits requested +// is not a multiple of 8, then the high-order bits are set to zero. This would come +// into play when generating a 521-bit ECC key. A 66-byte (528-bit) value is +// generated an the high order 7 bits are masked off (CLEAR). +// Return Type: BOOL +// TRUE(1) success +// FALSE(0) failure +LIB_EXPORT BOOL +BnGetRandomBits( + bigNum n, + size_t bits, + RAND_STATE *rand +); + +//*** BnGenerateRandomInRange() +// This function is used to generate a random number r in the range 1 <= r < limit. +// The function gets a random number of bits that is the size of limit. There is some +// some probability that the returned number is going to be greater than or equal +// to the limit. If it is, try again. There is no more than 50% chance that the +// next number is also greater, so try again. We keep trying until we get a +// value that meets the criteria. Since limit is very often a number with a LOT of +// high order ones, this rarely would need a second try. +// Return Type: BOOL +// TRUE(1) success +// FALSE(0) failure ('limit' is too small) +LIB_EXPORT BOOL +BnGenerateRandomInRange( + bigNum dest, + bigConst limit, + RAND_STATE *rand +); + +#endif // _BN_MATH_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/BnMemory_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/BnMemory_fp.h new file mode 100644 index 000000000..68abe86c3 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/BnMemory_fp.h @@ -0,0 +1,110 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Mar 28, 2019 Time: 08:25:18PM + */ + +#ifndef _BN_MEMORY_FP_H_ +#define _BN_MEMORY_FP_H_ + +//*** BnSetTop() +// This function is used when the size of a bignum_t is changed. It +// makes sure that the unused words are set to zero and that any significant +// words of zeros are eliminated from the used size indicator. +LIB_EXPORT bigNum +BnSetTop( + bigNum bn, // IN/OUT: number to clean + crypt_uword_t top // IN: the new top +); + +//*** BnClearTop() +// This function will make sure that all unused words are zero. +LIB_EXPORT bigNum +BnClearTop( + bigNum bn +); + +//*** BnInitializeWord() +// This function is used to initialize an allocated bigNum with a word value. The +// bigNum does not have to be allocated with a single word. +LIB_EXPORT bigNum +BnInitializeWord( + bigNum bn, // IN: + crypt_uword_t allocated, // IN: + crypt_uword_t word // IN: +); + +//*** BnInit() +// This function initializes a stack allocated bignum_t. It initializes +// 'allocated' and 'size' and zeros the words of 'd'. +LIB_EXPORT bigNum +BnInit( + bigNum bn, + crypt_uword_t allocated +); + +//*** BnCopy() +// Function to copy a bignum_t. If the output is NULL, then +// nothing happens. If the input is NULL, the output is set +// to zero. +LIB_EXPORT BOOL +BnCopy( + bigNum out, + bigConst in +); +#if ALG_ECC + +//*** BnPointCopy() +// Function to copy a bn point. +LIB_EXPORT BOOL +BnPointCopy( + bigPoint pOut, + pointConst pIn +); + +//*** BnInitializePoint() +// This function is used to initialize a point structure with the addresses +// of the coordinates. +LIB_EXPORT bn_point_t * +BnInitializePoint( + bigPoint p, // OUT: structure to receive pointers + bigNum x, // IN: x coordinate + bigNum y, // IN: y coordinate + bigNum z // IN: x coordinate +); +#endif // ALG_ECC + +#endif // _BN_MEMORY_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CertifyCreation_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CertifyCreation_fp.h new file mode 100644 index 000000000..d40105c94 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CertifyCreation_fp.h @@ -0,0 +1,77 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_CertifyCreation // Command must be enabled + +#ifndef _Certify_Creation_FP_H_ +#define _Certify_Creation_FP_H_ + +// Input structure definition +typedef struct { + TPMI_DH_OBJECT signHandle; + TPMI_DH_OBJECT objectHandle; + TPM2B_DATA qualifyingData; + TPM2B_DIGEST creationHash; + TPMT_SIG_SCHEME inScheme; + TPMT_TK_CREATION creationTicket; +} CertifyCreation_In; + +// Output structure definition +typedef struct { + TPM2B_ATTEST certifyInfo; + TPMT_SIGNATURE signature; +} CertifyCreation_Out; + +// Response code modifiers +#define RC_CertifyCreation_signHandle (TPM_RC_H + TPM_RC_1) +#define RC_CertifyCreation_objectHandle (TPM_RC_H + TPM_RC_2) +#define RC_CertifyCreation_qualifyingData (TPM_RC_P + TPM_RC_1) +#define RC_CertifyCreation_creationHash (TPM_RC_P + TPM_RC_2) +#define RC_CertifyCreation_inScheme (TPM_RC_P + TPM_RC_3) +#define RC_CertifyCreation_creationTicket (TPM_RC_P + TPM_RC_4) + +// Function prototype +TPM_RC +TPM2_CertifyCreation( + CertifyCreation_In *in, + CertifyCreation_Out *out +); + +#endif // _Certify_Creation_FP_H_ +#endif // CC_CertifyCreation diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CertifyX509_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CertifyX509_fp.h new file mode 100644 index 000000000..53aed310e --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CertifyX509_fp.h @@ -0,0 +1,76 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Apr 2, 2019 Time: 11:00:48AM + */ + +#if CC_CertifyX509 // Command must be enabled + +#ifndef _Certify_X509_FP_H_ +#define _Certify_X509_FP_H_ + +// Input structure definition +typedef struct { + TPMI_DH_OBJECT objectHandle; + TPMI_DH_OBJECT signHandle; + TPM2B_DATA qualifyingData; + TPMT_SIG_SCHEME inScheme; + TPM2B_MAX_BUFFER partialCertificate; +} CertifyX509_In; + +// Output structure definition +typedef struct { + TPM2B_MAX_BUFFER addedToCertificate; + TPM2B_DIGEST tbsDigest; + TPMT_SIGNATURE signature; +} CertifyX509_Out; + +// Response code modifiers +#define RC_CertifyX509_objectHandle (TPM_RC_H + TPM_RC_1) +#define RC_CertifyX509_signHandle (TPM_RC_H + TPM_RC_2) +#define RC_CertifyX509_qualifyingData (TPM_RC_P + TPM_RC_1) +#define RC_CertifyX509_inScheme (TPM_RC_P + TPM_RC_2) +#define RC_CertifyX509_partialCertificate (TPM_RC_P + TPM_RC_3) + +// Function prototype +TPM_RC +TPM2_CertifyX509( + CertifyX509_In *in, + CertifyX509_Out *out +); + +#endif // _Certify_X509_FP_H_ +#endif // CC_CertifyX509 diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Certify_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Certify_fp.h new file mode 100644 index 000000000..64cdba21b --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Certify_fp.h @@ -0,0 +1,73 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_Certify // Command must be enabled + +#ifndef _Certify_FP_H_ +#define _Certify_FP_H_ + +// Input structure definition +typedef struct { + TPMI_DH_OBJECT objectHandle; + TPMI_DH_OBJECT signHandle; + TPM2B_DATA qualifyingData; + TPMT_SIG_SCHEME inScheme; +} Certify_In; + +// Output structure definition +typedef struct { + TPM2B_ATTEST certifyInfo; + TPMT_SIGNATURE signature; +} Certify_Out; + +// Response code modifiers +#define RC_Certify_objectHandle (TPM_RC_H + TPM_RC_1) +#define RC_Certify_signHandle (TPM_RC_H + TPM_RC_2) +#define RC_Certify_qualifyingData (TPM_RC_P + TPM_RC_1) +#define RC_Certify_inScheme (TPM_RC_P + TPM_RC_2) + +// Function prototype +TPM_RC +TPM2_Certify( + Certify_In *in, + Certify_Out *out +); + +#endif // _Certify_FP_H_ +#endif // CC_Certify diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ChangeEPS_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ChangeEPS_fp.h new file mode 100644 index 000000000..60dfc174c --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ChangeEPS_fp.h @@ -0,0 +1,60 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_ChangeEPS // Command must be enabled + +#ifndef _Change_EPS_FP_H_ +#define _Change_EPS_FP_H_ + +// Input structure definition +typedef struct { + TPMI_RH_PLATFORM authHandle; +} ChangeEPS_In; + +// Response code modifiers +#define RC_ChangeEPS_authHandle (TPM_RC_H + TPM_RC_1) + +// Function prototype +TPM_RC +TPM2_ChangeEPS( + ChangeEPS_In *in +); + +#endif // _Change_EPS_FP_H_ +#endif // CC_ChangeEPS diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ChangePPS_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ChangePPS_fp.h new file mode 100644 index 000000000..e4e70180e --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ChangePPS_fp.h @@ -0,0 +1,60 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_ChangePPS // Command must be enabled + +#ifndef _Change_PPS_FP_H_ +#define _Change_PPS_FP_H_ + +// Input structure definition +typedef struct { + TPMI_RH_PLATFORM authHandle; +} ChangePPS_In; + +// Response code modifiers +#define RC_ChangePPS_authHandle (TPM_RC_H + TPM_RC_1) + +// Function prototype +TPM_RC +TPM2_ChangePPS( + ChangePPS_In *in +); + +#endif // _Change_PPS_FP_H_ +#endif // CC_ChangePPS diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ClearControl_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ClearControl_fp.h new file mode 100644 index 000000000..5a10c680b --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ClearControl_fp.h @@ -0,0 +1,62 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_ClearControl // Command must be enabled + +#ifndef _Clear_Control_FP_H_ +#define _Clear_Control_FP_H_ + +// Input structure definition +typedef struct { + TPMI_RH_CLEAR auth; + TPMI_YES_NO disable; +} ClearControl_In; + +// Response code modifiers +#define RC_ClearControl_auth (TPM_RC_H + TPM_RC_1) +#define RC_ClearControl_disable (TPM_RC_P + TPM_RC_1) + +// Function prototype +TPM_RC +TPM2_ClearControl( + ClearControl_In *in +); + +#endif // _Clear_Control_FP_H_ +#endif // CC_ClearControl diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Clear_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Clear_fp.h new file mode 100644 index 000000000..cc9692126 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Clear_fp.h @@ -0,0 +1,60 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_Clear // Command must be enabled + +#ifndef _Clear_FP_H_ +#define _Clear_FP_H_ + +// Input structure definition +typedef struct { + TPMI_RH_CLEAR authHandle; +} Clear_In; + +// Response code modifiers +#define RC_Clear_authHandle (TPM_RC_H + TPM_RC_1) + +// Function prototype +TPM_RC +TPM2_Clear( + Clear_In *in +); + +#endif // _Clear_FP_H_ +#endif // CC_Clear diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ClockRateAdjust_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ClockRateAdjust_fp.h new file mode 100644 index 000000000..f8a6376e1 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ClockRateAdjust_fp.h @@ -0,0 +1,62 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_ClockRateAdjust // Command must be enabled + +#ifndef _Clock_Rate_Adjust_FP_H_ +#define _Clock_Rate_Adjust_FP_H_ + +// Input structure definition +typedef struct { + TPMI_RH_PROVISION auth; + TPM_CLOCK_ADJUST rateAdjust; +} ClockRateAdjust_In; + +// Response code modifiers +#define RC_ClockRateAdjust_auth (TPM_RC_H + TPM_RC_1) +#define RC_ClockRateAdjust_rateAdjust (TPM_RC_P + TPM_RC_1) + +// Function prototype +TPM_RC +TPM2_ClockRateAdjust( + ClockRateAdjust_In *in +); + +#endif // _Clock_Rate_Adjust_FP_H_ +#endif // CC_ClockRateAdjust diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ClockSet_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ClockSet_fp.h new file mode 100644 index 000000000..f2915a96d --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ClockSet_fp.h @@ -0,0 +1,62 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_ClockSet // Command must be enabled + +#ifndef _Clock_Set_FP_H_ +#define _Clock_Set_FP_H_ + +// Input structure definition +typedef struct { + TPMI_RH_PROVISION auth; + UINT64 newTime; +} ClockSet_In; + +// Response code modifiers +#define RC_ClockSet_auth (TPM_RC_H + TPM_RC_1) +#define RC_ClockSet_newTime (TPM_RC_P + TPM_RC_1) + +// Function prototype +TPM_RC +TPM2_ClockSet( + ClockSet_In *in +); + +#endif // _Clock_Set_FP_H_ +#endif // CC_ClockSet diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CommandAudit_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CommandAudit_fp.h new file mode 100644 index 000000000..a9bfa78a8 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CommandAudit_fp.h @@ -0,0 +1,131 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Apr 2, 2019 Time: 04:23:27PM + */ + +#ifndef _COMMAND_AUDIT_FP_H_ +#define _COMMAND_AUDIT_FP_H_ + +//*** CommandAuditPreInstall_Init() +// This function initializes the command audit list. This function simulates +// the behavior of manufacturing. A function is used instead of a structure +// definition because this is easier than figuring out the initialization value +// for a bit array. +// +// This function would not be implemented outside of a manufacturing or +// simulation environment. +void +CommandAuditPreInstall_Init( + void +); + +//*** CommandAuditStartup() +// This function clears the command audit digest on a TPM Reset. +BOOL +CommandAuditStartup( + STARTUP_TYPE type // IN: start up type +); + +//*** CommandAuditSet() +// This function will SET the audit flag for a command. This function +// will not SET the audit flag for a command that is not implemented. This +// ensures that the audit status is not SET when TPM2_GetCapability() is +// used to read the list of audited commands. +// +// This function is only used by TPM2_SetCommandCodeAuditStatus(). +// +// The actions in TPM2_SetCommandCodeAuditStatus() are expected to cause the +// changes to be saved to NV after it is setting and clearing bits. +// Return Type: BOOL +// TRUE(1) command code audit status was changed +// FALSE(0) command code audit status was not changed +BOOL +CommandAuditSet( + TPM_CC commandCode // IN: command code +); + +//*** CommandAuditClear() +// This function will CLEAR the audit flag for a command. It will not CLEAR the +// audit flag for TPM_CC_SetCommandCodeAuditStatus(). +// +// This function is only used by TPM2_SetCommandCodeAuditStatus(). +// +// The actions in TPM2_SetCommandCodeAuditStatus() are expected to cause the +// changes to be saved to NV after it is setting and clearing bits. +// Return Type: BOOL +// TRUE(1) command code audit status was changed +// FALSE(0) command code audit status was not changed +BOOL +CommandAuditClear( + TPM_CC commandCode // IN: command code +); + +//*** CommandAuditIsRequired() +// This function indicates if the audit flag is SET for a command. +// Return Type: BOOL +// TRUE(1) command is audited +// FALSE(0) command is not audited +BOOL +CommandAuditIsRequired( + COMMAND_INDEX commandIndex // IN: command index +); + +//*** CommandAuditCapGetCCList() +// This function returns a list of commands that have their audit bit SET. +// +// The list starts at the input commandCode. +// Return Type: TPMI_YES_NO +// YES if there are more command code available +// NO all the available command code has been returned +TPMI_YES_NO +CommandAuditCapGetCCList( + TPM_CC commandCode, // IN: start command code + UINT32 count, // IN: count of returned TPM_CC + TPML_CC *commandList // OUT: list of TPM_CC +); + +//*** CommandAuditGetDigest +// This command is used to create a digest of the commands being audited. The +// commands are processed in ascending numeric order with a list of TPM_CC being +// added to a hash. This operates as if all the audited command codes were +// concatenated and then hashed. +void +CommandAuditGetDigest( + TPM2B_DIGEST *digest // OUT: command digest +); + +#endif // _COMMAND_AUDIT_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CommandCodeAttributes_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CommandCodeAttributes_fp.h new file mode 100644 index 000000000..0e40485a2 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CommandCodeAttributes_fp.h @@ -0,0 +1,182 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Mar 28, 2019 Time: 08:25:19PM + */ + +#ifndef _COMMAND_CODE_ATTRIBUTES_FP_H_ +#define _COMMAND_CODE_ATTRIBUTES_FP_H_ + +//*** GetClosestCommandIndex() +// This function returns the command index for the command with a value that is +// equal to or greater than the input value +// Return Type: COMMAND_INDEX +// UNIMPLEMENTED_COMMAND_INDEX command is not implemented +// other index of a command +COMMAND_INDEX +GetClosestCommandIndex( + TPM_CC commandCode // IN: the command code to start at +); + +//*** CommandCodeToComandIndex() +// This function returns the index in the various attributes arrays of the +// command. +// Return Type: COMMAND_INDEX +// UNIMPLEMENTED_COMMAND_INDEX command is not implemented +// other index of the command +COMMAND_INDEX +CommandCodeToCommandIndex( + TPM_CC commandCode // IN: the command code to look up +); + +//*** GetNextCommandIndex() +// This function returns the index of the next implemented command. +// Return Type: COMMAND_INDEX +// UNIMPLEMENTED_COMMAND_INDEX no more implemented commands +// other the index of the next implemented command +COMMAND_INDEX +GetNextCommandIndex( + COMMAND_INDEX commandIndex // IN: the starting index +); + +//*** GetCommandCode() +// This function returns the commandCode associated with the command index +TPM_CC +GetCommandCode( + COMMAND_INDEX commandIndex // IN: the command index +); + +//*** CommandAuthRole() +// +// This function returns the authorization role required of a handle. +// +// Return Type: AUTH_ROLE +// AUTH_NONE no authorization is required +// AUTH_USER user role authorization is required +// AUTH_ADMIN admin role authorization is required +// AUTH_DUP duplication role authorization is required +AUTH_ROLE +CommandAuthRole( + COMMAND_INDEX commandIndex, // IN: command index + UINT32 handleIndex // IN: handle index (zero based) +); + +//*** EncryptSize() +// This function returns the size of the decrypt size field. This function returns +// 0 if encryption is not allowed +// Return Type: int +// 0 encryption not allowed +// 2 size field is two bytes +// 4 size field is four bytes +int +EncryptSize( + COMMAND_INDEX commandIndex // IN: command index +); + +//*** DecryptSize() +// This function returns the size of the decrypt size field. This function returns +// 0 if decryption is not allowed +// Return Type: int +// 0 encryption not allowed +// 2 size field is two bytes +// 4 size field is four bytes +int +DecryptSize( + COMMAND_INDEX commandIndex // IN: command index +); + +//*** IsSessionAllowed() +// +// This function indicates if the command is allowed to have sessions. +// +// This function must not be called if the command is not known to be implemented. +// +// Return Type: BOOL +// TRUE(1) session is allowed with this command +// FALSE(0) session is not allowed with this command +BOOL +IsSessionAllowed( + COMMAND_INDEX commandIndex // IN: the command to be checked +); + +//*** IsHandleInResponse() +// This function determines if a command has a handle in the response +BOOL +IsHandleInResponse( + COMMAND_INDEX commandIndex +); + +//*** IsWriteOperation() +// Checks to see if an operation will write to an NV Index and is subject to being +// blocked by read-lock +BOOL +IsWriteOperation( + COMMAND_INDEX commandIndex // IN: Command to check +); + +//*** IsReadOperation() +// Checks to see if an operation will write to an NV Index and is +// subject to being blocked by write-lock. +BOOL +IsReadOperation( + COMMAND_INDEX commandIndex // IN: Command to check +); + +//*** CommandCapGetCCList() +// This function returns a list of implemented commands and command attributes +// starting from the command in 'commandCode'. +// Return Type: TPMI_YES_NO +// YES more command attributes are available +// NO no more command attributes are available +TPMI_YES_NO +CommandCapGetCCList( + TPM_CC commandCode, // IN: start command code + UINT32 count, // IN: maximum count for number of entries in + // 'commandList' + TPML_CCA *commandList // OUT: list of TPMA_CC +); + +//*** IsVendorCommand() +// Function indicates if a command index references a vendor command. +// Return Type: BOOL +// TRUE(1) command is a vendor command +// FALSE(0) command is not a vendor command +BOOL +IsVendorCommand( + COMMAND_INDEX commandIndex // IN: command index to check +); + +#endif // _COMMAND_CODE_ATTRIBUTES_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CommandDispatcher_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CommandDispatcher_fp.h new file mode 100644 index 000000000..3c0e70f8e --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CommandDispatcher_fp.h @@ -0,0 +1,58 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Mar 28, 2019 Time: 08:25:19PM + */ + +#ifndef _COMMAND_DISPATCHER_FP_H_ +#define _COMMAND_DISPATCHER_FP_H_ + +//*** ParseHandleBuffer() +// This is the table-driven version of the handle buffer unmarshaling code +TPM_RC +ParseHandleBuffer( + COMMAND *command +); + +//*** CommandDispatcher() +// Function to unmarshal the command parameters, call the selected action code, and +// marshal the response parameters. +TPM_RC +CommandDispatcher( + COMMAND *command +); + +#endif // _COMMAND_DISPATCHER_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Commit_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Commit_fp.h new file mode 100644 index 000000000..6bf6e9a3b --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Commit_fp.h @@ -0,0 +1,75 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_Commit // Command must be enabled + +#ifndef _Commit_FP_H_ +#define _Commit_FP_H_ + +// Input structure definition +typedef struct { + TPMI_DH_OBJECT signHandle; + TPM2B_ECC_POINT P1; + TPM2B_SENSITIVE_DATA s2; + TPM2B_ECC_PARAMETER y2; +} Commit_In; + +// Output structure definition +typedef struct { + TPM2B_ECC_POINT K; + TPM2B_ECC_POINT L; + TPM2B_ECC_POINT E; + UINT16 counter; +} Commit_Out; + +// Response code modifiers +#define RC_Commit_signHandle (TPM_RC_H + TPM_RC_1) +#define RC_Commit_P1 (TPM_RC_P + TPM_RC_1) +#define RC_Commit_s2 (TPM_RC_P + TPM_RC_2) +#define RC_Commit_y2 (TPM_RC_P + TPM_RC_3) + +// Function prototype +TPM_RC +TPM2_Commit( + Commit_In *in, + Commit_Out *out +); + +#endif // _Commit_FP_H_ +#endif // CC_Commit diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ContextLoad_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ContextLoad_fp.h new file mode 100644 index 000000000..a2c4ab437 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ContextLoad_fp.h @@ -0,0 +1,66 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_ContextLoad // Command must be enabled + +#ifndef _Context_Load_FP_H_ +#define _Context_Load_FP_H_ + +// Input structure definition +typedef struct { + TPMS_CONTEXT context; +} ContextLoad_In; + +// Output structure definition +typedef struct { + TPMI_DH_CONTEXT loadedHandle; +} ContextLoad_Out; + +// Response code modifiers +#define RC_ContextLoad_context (TPM_RC_P + TPM_RC_1) + +// Function prototype +TPM_RC +TPM2_ContextLoad( + ContextLoad_In *in, + ContextLoad_Out *out +); + +#endif // _Context_Load_FP_H_ +#endif // CC_ContextLoad diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ContextSave_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ContextSave_fp.h new file mode 100644 index 000000000..816c36b94 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ContextSave_fp.h @@ -0,0 +1,66 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_ContextSave // Command must be enabled + +#ifndef _Context_Save_FP_H_ +#define _Context_Save_FP_H_ + +// Input structure definition +typedef struct { + TPMI_DH_CONTEXT saveHandle; +} ContextSave_In; + +// Output structure definition +typedef struct { + TPMS_CONTEXT context; +} ContextSave_Out; + +// Response code modifiers +#define RC_ContextSave_saveHandle (TPM_RC_H + TPM_RC_1) + +// Function prototype +TPM_RC +TPM2_ContextSave( + ContextSave_In *in, + ContextSave_Out *out +); + +#endif // _Context_Save_FP_H_ +#endif // CC_ContextSave diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Context_spt_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Context_spt_fp.h new file mode 100644 index 000000000..3b52073c3 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Context_spt_fp.h @@ -0,0 +1,96 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Mar 28, 2019 Time: 08:25:18PM + */ + +#ifndef _CONTEXT_SPT_FP_H_ +#define _CONTEXT_SPT_FP_H_ + +//*** ComputeContextProtectionKey() +// This function retrieves the symmetric protection key for context encryption +// It is used by TPM2_ConextSave and TPM2_ContextLoad to create the symmetric +// encryption key and iv +// Return Type: void +void +ComputeContextProtectionKey( + TPMS_CONTEXT *contextBlob, // IN: context blob + TPM2B_SYM_KEY *symKey, // OUT: the symmetric key + TPM2B_IV *iv // OUT: the IV. +); + +//*** ComputeContextIntegrity() +// Generate the integrity hash for a context +// It is used by TPM2_ContextSave to create an integrity hash +// and by TPM2_ContextLoad to compare an integrity hash +// Return Type: void +void +ComputeContextIntegrity( + TPMS_CONTEXT *contextBlob, // IN: context blob + TPM2B_DIGEST *integrity // OUT: integrity +); + +//*** SequenceDataExport(); +// This function is used scan through the sequence object and +// either modify the hash state data for export (contextSave) or to +// import it into the internal format (contextLoad). +// This function should only be called after the sequence object has been copied +// to the context buffer (contextSave) or from the context buffer into the sequence +// object. The presumption is that the context buffer version of the data is the +// same size as the internal representation so nothing outsize of the hash context +// area gets modified. +void +SequenceDataExport( + HASH_OBJECT *object, // IN: an internal hash object + HASH_OBJECT_BUFFER *exportObject // OUT: a sequence context in a buffer +); + +//*** SequenceDataImport(); +// This function is used scan through the sequence object and +// either modify the hash state data for export (contextSave) or to +// import it into the internal format (contextLoad). +// This function should only be called after the sequence object has been copied +// to the context buffer (contextSave) or from the context buffer into the sequence +// object. The presumption is that the context buffer version of the data is the +// same size as the internal representation so nothing outsize of the hash context +// area gets modified. +void +SequenceDataImport( + HASH_OBJECT *object, // IN/OUT: an internal hash object + HASH_OBJECT_BUFFER *exportObject // IN/OUT: a sequence context in a buffer +); + +#endif // _CONTEXT_SPT_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CreateLoaded_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CreateLoaded_fp.h new file mode 100644 index 000000000..7569df429 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CreateLoaded_fp.h @@ -0,0 +1,73 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_CreateLoaded // Command must be enabled + +#ifndef _Create_Loaded_FP_H_ +#define _Create_Loaded_FP_H_ + +// Input structure definition +typedef struct { + TPMI_DH_PARENT parentHandle; + TPM2B_SENSITIVE_CREATE inSensitive; + TPM2B_TEMPLATE inPublic; +} CreateLoaded_In; + +// Output structure definition +typedef struct { + TPM_HANDLE objectHandle; + TPM2B_PRIVATE outPrivate; + TPM2B_PUBLIC outPublic; + TPM2B_NAME name; +} CreateLoaded_Out; + +// Response code modifiers +#define RC_CreateLoaded_parentHandle (TPM_RC_H + TPM_RC_1) +#define RC_CreateLoaded_inSensitive (TPM_RC_P + TPM_RC_1) +#define RC_CreateLoaded_inPublic (TPM_RC_P + TPM_RC_2) + +// Function prototype +TPM_RC +TPM2_CreateLoaded( + CreateLoaded_In *in, + CreateLoaded_Out *out +); + +#endif // _Create_Loaded_FP_H_ +#endif // CC_CreateLoaded diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CreatePrimary_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CreatePrimary_fp.h new file mode 100644 index 000000000..e42cfc754 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CreatePrimary_fp.h @@ -0,0 +1,79 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_CreatePrimary // Command must be enabled + +#ifndef _Create_Primary_FP_H_ +#define _Create_Primary_FP_H_ + +// Input structure definition +typedef struct { + TPMI_RH_HIERARCHY primaryHandle; + TPM2B_SENSITIVE_CREATE inSensitive; + TPM2B_PUBLIC inPublic; + TPM2B_DATA outsideInfo; + TPML_PCR_SELECTION creationPCR; +} CreatePrimary_In; + +// Output structure definition +typedef struct { + TPM_HANDLE objectHandle; + TPM2B_PUBLIC outPublic; + TPM2B_CREATION_DATA creationData; + TPM2B_DIGEST creationHash; + TPMT_TK_CREATION creationTicket; + TPM2B_NAME name; +} CreatePrimary_Out; + +// Response code modifiers +#define RC_CreatePrimary_primaryHandle (TPM_RC_H + TPM_RC_1) +#define RC_CreatePrimary_inSensitive (TPM_RC_P + TPM_RC_1) +#define RC_CreatePrimary_inPublic (TPM_RC_P + TPM_RC_2) +#define RC_CreatePrimary_outsideInfo (TPM_RC_P + TPM_RC_3) +#define RC_CreatePrimary_creationPCR (TPM_RC_P + TPM_RC_4) + +// Function prototype +TPM_RC +TPM2_CreatePrimary( + CreatePrimary_In *in, + CreatePrimary_Out *out +); + +#endif // _Create_Primary_FP_H_ +#endif // CC_CreatePrimary diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Create_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Create_fp.h new file mode 100644 index 000000000..3b1e2a773 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Create_fp.h @@ -0,0 +1,78 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_Create // Command must be enabled + +#ifndef _Create_FP_H_ +#define _Create_FP_H_ + +// Input structure definition +typedef struct { + TPMI_DH_OBJECT parentHandle; + TPM2B_SENSITIVE_CREATE inSensitive; + TPM2B_PUBLIC inPublic; + TPM2B_DATA outsideInfo; + TPML_PCR_SELECTION creationPCR; +} Create_In; + +// Output structure definition +typedef struct { + TPM2B_PRIVATE outPrivate; + TPM2B_PUBLIC outPublic; + TPM2B_CREATION_DATA creationData; + TPM2B_DIGEST creationHash; + TPMT_TK_CREATION creationTicket; +} Create_Out; + +// Response code modifiers +#define RC_Create_parentHandle (TPM_RC_H + TPM_RC_1) +#define RC_Create_inSensitive (TPM_RC_P + TPM_RC_1) +#define RC_Create_inPublic (TPM_RC_P + TPM_RC_2) +#define RC_Create_outsideInfo (TPM_RC_P + TPM_RC_3) +#define RC_Create_creationPCR (TPM_RC_P + TPM_RC_4) + +// Function prototype +TPM_RC +TPM2_Create( + Create_In *in, + Create_Out *out +); + +#endif // _Create_FP_H_ +#endif // CC_Create diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptCmac_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptCmac_fp.h new file mode 100644 index 000000000..be781014a --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptCmac_fp.h @@ -0,0 +1,84 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Mar 28, 2019 Time: 08:25:18PM + */ + +#ifndef _CRYPT_CMAC_FP_H_ +#define _CRYPT_CMAC_FP_H_ + +#if ALG_CMAC + +//*** CryptCmacStart() +// This is the function to start the CMAC sequence operation. It initializes the +// dispatch functions for the data and end operations for CMAC and initializes the +// parameters that are used for the processing of data, including the key, key size +// and block cipher algorithm. +UINT16 +CryptCmacStart( + SMAC_STATE *state, + TPMU_PUBLIC_PARMS *keyParms, + TPM_ALG_ID macAlg, + TPM2B *key +); + +//*** CryptCmacData() +// This function is used to add data to the CMAC sequence computation. The function +// will XOR new data into the IV. If the buffer is full, and there is additional +// input data, the data is encrypted into the IV buffer, the new data is then +// XOR into the IV. When the data runs out, the function returns without encrypting +// even if the buffer is full. The last data block of a sequence will not be +// encrypted until the call to CryptCmacEnd(). This is to allow the proper subkey +// to be computed and applied before the last block is encrypted. +void +CryptCmacData( + SMAC_STATES *state, + UINT32 size, + const BYTE *buffer +); + +//*** CryptCmacEnd() +// This is the completion function for the CMAC. It does padding, if needed, and +// selects the subkey to be applied before the last block is encrypted. +UINT16 +CryptCmacEnd( + SMAC_STATES *state, + UINT32 outSize, + BYTE *outBuffer +); +#endif + +#endif // _CRYPT_CMAC_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptDes_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptDes_fp.h new file mode 100644 index 000000000..4f4513483 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptDes_fp.h @@ -0,0 +1,76 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Mar 28, 2019 Time: 08:25:18PM + */ + +#ifndef _CRYPT_DES_FP_H_ +#define _CRYPT_DES_FP_H_ + +#if ALG_TDES + +//*** CryptSetOddByteParity() +// This function sets the per byte parity of a 64-bit value. The least-significant +// bit is of each byte is replaced with the odd parity of the other 7 bits in the +// byte. With odd parity, no byte will ever be 0x00. +UINT64 +CryptSetOddByteParity( + UINT64 k +); + +//*** CryptDesValidateKey() +// Function to check to see if the input key is a valid DES key where the definition +// of valid is that none of the elements are on the list of weak, semi-weak, or +// possibly weak keys; and that for two keys, K1!=K2, and for three keys that +// K1!=K2 and K2!=K3. +BOOL +CryptDesValidateKey( + TPM2B_SYM_KEY *desKey // IN: key to validate +); + +//*** CryptGenerateKeyDes() +// This function is used to create a DES key of the appropriate size. The key will +// have odd parity in the bytes. +TPM_RC +CryptGenerateKeyDes( + TPMT_PUBLIC *publicArea, // IN/OUT: The public area template + // for the new key. + TPMT_SENSITIVE *sensitive, // OUT: sensitive area + RAND_STATE *rand // IN: the "entropy" source for +); +#endif + +#endif // _CRYPT_DES_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptEccKeyExchange_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptEccKeyExchange_fp.h new file mode 100644 index 000000000..f566dacff --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptEccKeyExchange_fp.h @@ -0,0 +1,88 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Mar 28, 2019 Time: 08:25:18PM + */ + +#ifndef _CRYPT_ECC_KEY_EXCHANGE_FP_H_ +#define _CRYPT_ECC_KEY_EXCHANGE_FP_H_ + +#if CC_ZGen_2Phase == YES + +//*** CryptEcc2PhaseKeyExchange() +// This function is the dispatch routine for the EC key exchange functions that use +// two ephemeral and two static keys. +// Return Type: TPM_RC +// TPM_RC_SCHEME scheme is not defined +LIB_EXPORT TPM_RC +CryptEcc2PhaseKeyExchange( + TPMS_ECC_POINT *outZ1, // OUT: a computed point + TPMS_ECC_POINT *outZ2, // OUT: and optional second point + TPM_ECC_CURVE curveId, // IN: the curve for the computations + TPM_ALG_ID scheme, // IN: the key exchange scheme + TPM2B_ECC_PARAMETER *dsA, // IN: static private TPM key + TPM2B_ECC_PARAMETER *deA, // IN: ephemeral private TPM key + TPMS_ECC_POINT *QsB, // IN: static public party B key + TPMS_ECC_POINT *QeB // IN: ephemeral public party B key +); +#if ALG_SM2 + +//*** SM2KeyExchange() +// This function performs the key exchange defined in SM2. +// The first step is to compute +// 'tA' = ('dsA' + 'deA' avf(Xe,A)) mod 'n' +// Then, compute the 'Z' value from +// 'outZ' = ('h' 'tA' mod 'n') ('QsA' + [avf('QeB.x')]('QeB')). +// The function will compute the ephemeral public key from the ephemeral +// private key. +// All points are required to be on the curve of 'inQsA'. The function will fail +// catastrophically if this is not the case +// Return Type: TPM_RC +// TPM_RC_NO_RESULT the value for dsA does not give a valid point on the +// curve +LIB_EXPORT TPM_RC +SM2KeyExchange( + TPMS_ECC_POINT *outZ, // OUT: the computed point + TPM_ECC_CURVE curveId, // IN: the curve for the computations + TPM2B_ECC_PARAMETER *dsAIn, // IN: static private TPM key + TPM2B_ECC_PARAMETER *deAIn, // IN: ephemeral private TPM key + TPMS_ECC_POINT *QsBIn, // IN: static public party B key + TPMS_ECC_POINT *QeBIn // IN: ephemeral public party B key +); +#endif +#endif // CC_ZGen_2Phase + +#endif // _CRYPT_ECC_KEY_EXCHANGE_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptEccMain_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptEccMain_fp.h new file mode 100644 index 000000000..96864b4b0 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptEccMain_fp.h @@ -0,0 +1,374 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Apr 2, 2019 Time: 03:18:00PM + */ + +#ifndef _CRYPT_ECC_MAIN_FP_H_ +#define _CRYPT_ECC_MAIN_FP_H_ + +#if ALG_ECC + +//** Functions +#if SIMULATION +void +EccSimulationEnd( + void +); +#endif // SIMULATION + +//*** CryptEccInit() +// This function is called at _TPM_Init +BOOL +CryptEccInit( + void +); + +//*** CryptEccStartup() +// This function is called at TPM2_Startup(). +BOOL +CryptEccStartup( + void +); + +//*** ClearPoint2B(generic) +// Initialize the size values of a TPMS_ECC_POINT structure. +void +ClearPoint2B( + TPMS_ECC_POINT *p // IN: the point +); + +//*** CryptEccGetParametersByCurveId() +// This function returns a pointer to the curve data that is associated with +// the indicated curveId. +// If there is no curve with the indicated ID, the function returns NULL. This +// function is in this module so that it can be called by GetCurve data. +// Return Type: const ECC_CURVE_DATA +// NULL curve with the indicated TPM_ECC_CURVE is not implemented +// != NULL pointer to the curve data +LIB_EXPORT const ECC_CURVE * +CryptEccGetParametersByCurveId( + TPM_ECC_CURVE curveId // IN: the curveID +); + +//*** CryptEccGetKeySizeForCurve() +// This function returns the key size in bits of the indicated curve. +LIB_EXPORT UINT16 +CryptEccGetKeySizeForCurve( + TPM_ECC_CURVE curveId // IN: the curve +); + +//*** GetCurveData() +// This function returns the a pointer for the parameter data +// associated with a curve. +const ECC_CURVE_DATA * +GetCurveData( + TPM_ECC_CURVE curveId // IN: the curveID +); + +//***CryptEccGetOID() +const BYTE * +CryptEccGetOID( + TPM_ECC_CURVE curveId +); + +//*** CryptEccGetCurveByIndex() +// This function returns the number of the 'i'-th implemented curve. The normal +// use would be to call this function with 'i' starting at 0. When the 'i' is greater +// than or equal to the number of implemented curves, TPM_ECC_NONE is returned. +LIB_EXPORT TPM_ECC_CURVE +CryptEccGetCurveByIndex( + UINT16 i +); + +//*** CryptEccGetParameter() +// This function returns an ECC curve parameter. The parameter is +// selected by a single character designator from the set of ""PNABXYH"". +// Return Type: BOOL +// TRUE(1) curve exists and parameter returned +// FALSE(0) curve does not exist or parameter selector +LIB_EXPORT BOOL +CryptEccGetParameter( + TPM2B_ECC_PARAMETER *out, // OUT: place to put parameter + char p, // IN: the parameter selector + TPM_ECC_CURVE curveId // IN: the curve id +); + +//*** CryptCapGetECCCurve() +// This function returns the list of implemented ECC curves. +// Return Type: TPMI_YES_NO +// YES if no more ECC curve is available +// NO if there are more ECC curves not reported +TPMI_YES_NO +CryptCapGetECCCurve( + TPM_ECC_CURVE curveID, // IN: the starting ECC curve + UINT32 maxCount, // IN: count of returned curves + TPML_ECC_CURVE *curveList // OUT: ECC curve list +); + +//*** CryptGetCurveSignScheme() +// This function will return a pointer to the scheme of the curve. +const TPMT_ECC_SCHEME * +CryptGetCurveSignScheme( + TPM_ECC_CURVE curveId // IN: The curve selector +); + +//*** CryptGenerateR() +// This function computes the commit random value for a split signing scheme. +// +// If 'c' is NULL, it indicates that 'r' is being generated +// for TPM2_Commit. +// If 'c' is not NULL, the TPM will validate that the 'gr.commitArray' +// bit associated with the input value of 'c' is SET. If not, the TPM +// returns FALSE and no 'r' value is generated. +// Return Type: BOOL +// TRUE(1) r value computed +// FALSE(0) no r value computed +BOOL +CryptGenerateR( + TPM2B_ECC_PARAMETER *r, // OUT: the generated random value + UINT16 *c, // IN/OUT: count value. + TPMI_ECC_CURVE curveID, // IN: the curve for the value + TPM2B_NAME *name // IN: optional name of a key to + // associate with 'r' +); + +//*** CryptCommit() +// This function is called when the count value is committed. The 'gr.commitArray' +// value associated with the current count value is SET and g_commitCounter is +// incremented. The low-order 16 bits of old value of the counter is returned. +UINT16 +CryptCommit( + void +); + +//*** CryptEndCommit() +// This function is called when the signing operation using the committed value +// is completed. It clears the gr.commitArray bit associated with the count +// value so that it can't be used again. +void +CryptEndCommit( + UINT16 c // IN: the counter value of the commitment +); + +//*** CryptEccGetParameters() +// This function returns the ECC parameter details of the given curve. +// Return Type: BOOL +// TRUE(1) success +// FALSE(0) unsupported ECC curve ID +BOOL +CryptEccGetParameters( + TPM_ECC_CURVE curveId, // IN: ECC curve ID + TPMS_ALGORITHM_DETAIL_ECC *parameters // OUT: ECC parameters +); + +//*** BnGetCurvePrime() +// This function is used to get just the prime modulus associated with a curve. +const bignum_t * +BnGetCurvePrime( + TPM_ECC_CURVE curveId +); + +//*** BnGetCurveOrder() +// This function is used to get just the curve order +const bignum_t * +BnGetCurveOrder( + TPM_ECC_CURVE curveId +); + +//*** BnIsOnCurve() +// This function checks if a point is on the curve. +BOOL +BnIsOnCurve( + pointConst Q, + const ECC_CURVE_DATA *C +); + +//*** BnIsValidPrivateEcc() +// Checks that 0 < 'x' < 'q' +BOOL +BnIsValidPrivateEcc( + bigConst x, // IN: private key to check + bigCurve E // IN: the curve to check +); + +LIB_EXPORT BOOL +CryptEccIsValidPrivateKey( + TPM2B_ECC_PARAMETER *d, + TPM_ECC_CURVE curveId +); + +//*** BnPointMul() +// This function does a point multiply of the form 'R' = ['d']'S' + ['u']'Q' where the +// parameters are bigNum values. If 'S' is NULL and d is not NULL, then it computes +// 'R' = ['d']'G' + ['u']'Q' or just 'R' = ['d']'G' if 'u' and 'Q' are NULL. +// If 'skipChecks' is TRUE, then the function will not verify that the inputs are +// correct for the domain. This would be the case when the values were created by the +// CryptoEngine code. +// It will return TPM_RC_NO_RESULT if the resulting point is the point at infinity. +// Return Type: TPM_RC +// TPM_RC_NO_RESULT result of multiplication is a point at infinity +// TPM_RC_ECC_POINT 'S' or 'Q' is not on the curve +// TPM_RC_VALUE 'd' or 'u' is not < n +TPM_RC +BnPointMult( + bigPoint R, // OUT: computed point + pointConst S, // IN: optional point to multiply by 'd' + bigConst d, // IN: scalar for [d]S or [d]G + pointConst Q, // IN: optional second point + bigConst u, // IN: optional second scalar + bigCurve E // IN: curve parameters +); + +//***BnEccGetPrivate() +// This function gets random values that are the size of the key plus 64 bits. The +// value is reduced (mod ('q' - 1)) and incremented by 1 ('q' is the order of the +// curve. This produces a value ('d') such that 1 <= 'd' < 'q'. This is the method +// of FIPS 186-4 Section B.4.1 ""Key Pair Generation Using Extra Random Bits"". +// Return Type: BOOL +// TRUE(1) success +// FALSE(0) failure generating private key +BOOL +BnEccGetPrivate( + bigNum dOut, // OUT: the qualified random value + const ECC_CURVE_DATA *C, // IN: curve for which the private key + // needs to be appropriate + RAND_STATE *rand // IN: state for DRBG +); + +//*** BnEccGenerateKeyPair() +// This function gets a private scalar from the source of random bits and does +// the point multiply to get the public key. +BOOL +BnEccGenerateKeyPair( + bigNum bnD, // OUT: private scalar + bn_point_t *ecQ, // OUT: public point + bigCurve E, // IN: curve for the point + RAND_STATE *rand // IN: DRBG state to use +); + +//***CryptEccNewKeyPair(***) +// This function creates an ephemeral ECC. It is ephemeral in that +// is expected that the private part of the key will be discarded +LIB_EXPORT TPM_RC +CryptEccNewKeyPair( + TPMS_ECC_POINT *Qout, // OUT: the public point + TPM2B_ECC_PARAMETER *dOut, // OUT: the private scalar + TPM_ECC_CURVE curveId // IN: the curve for the key +); + +//*** CryptEccPointMultiply() +// This function computes 'R' := ['dIn']'G' + ['uIn']'QIn'. Where 'dIn' and +// 'uIn' are scalars, 'G' and 'QIn' are points on the specified curve and 'G' is the +// default generator of the curve. +// +// The 'xOut' and 'yOut' parameters are optional and may be set to NULL if not +// used. +// +// It is not necessary to provide 'uIn' if 'QIn' is specified but one of 'uIn' and +// 'dIn' must be provided. If 'dIn' and 'QIn' are specified but 'uIn' is not +// provided, then 'R' = ['dIn']'QIn'. +// +// If the multiply produces the point at infinity, the TPM_RC_NO_RESULT is returned. +// +// The sizes of 'xOut' and yOut' will be set to be the size of the degree of +// the curve +// +// It is a fatal error if 'dIn' and 'uIn' are both unspecified (NULL) or if 'Qin' +// or 'Rout' is unspecified. +// +// Return Type: TPM_RC +// TPM_RC_ECC_POINT the point 'Pin' or 'Qin' is not on the curve +// TPM_RC_NO_RESULT the product point is at infinity +// TPM_RC_CURVE bad curve +// TPM_RC_VALUE 'dIn' or 'uIn' out of range +// +LIB_EXPORT TPM_RC +CryptEccPointMultiply( + TPMS_ECC_POINT *Rout, // OUT: the product point R + TPM_ECC_CURVE curveId, // IN: the curve to use + TPMS_ECC_POINT *Pin, // IN: first point (can be null) + TPM2B_ECC_PARAMETER *dIn, // IN: scalar value for [dIn]Qin + // the Pin + TPMS_ECC_POINT *Qin, // IN: point Q + TPM2B_ECC_PARAMETER *uIn // IN: scalar value for the multiplier + // of Q +); + +//*** CryptEccIsPointOnCurve() +// This function is used to test if a point is on a defined curve. It does this +// by checking that 'y'^2 mod 'p' = 'x'^3 + 'a'*'x' + 'b' mod 'p'. +// +// It is a fatal error if 'Q' is not specified (is NULL). +// Return Type: BOOL +// TRUE(1) point is on curve +// FALSE(0) point is not on curve or curve is not supported +LIB_EXPORT BOOL +CryptEccIsPointOnCurve( + TPM_ECC_CURVE curveId, // IN: the curve selector + TPMS_ECC_POINT *Qin // IN: the point. +); + +//*** CryptEccGenerateKey() +// This function generates an ECC key pair based on the input parameters. +// This routine uses KDFa to produce candidate numbers. The method is according +// to FIPS 186-3, section B.1.2 "Key Pair Generation by Testing Candidates." +// According to the method in FIPS 186-3, the resulting private value 'd' should be +// 1 <= 'd' < 'n' where 'n' is the order of the base point. +// +// It is a fatal error if 'Qout', 'dOut', is not provided (is NULL). +// +// If the curve is not supported +// If 'seed' is not provided, then a random number will be used for the key +// Return Type: TPM_RC +// TPM_RC_CURVE curve is not supported +// TPM_RC_NO_RESULT could not verify key with signature (FIPS only) +LIB_EXPORT TPM_RC +CryptEccGenerateKey( + TPMT_PUBLIC *publicArea, // IN/OUT: The public area template for + // the new key. The public key + // area will be replaced computed + // ECC public key + TPMT_SENSITIVE *sensitive, // OUT: the sensitive area will be + // updated to contain the private + // ECC key and the symmetric + // encryption key + RAND_STATE *rand // IN: if not NULL, the deterministic + // RNG state +); +#endif // ALG_ECC + +#endif // _CRYPT_ECC_MAIN_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptEccSignature_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptEccSignature_fp.h new file mode 100644 index 000000000..ede9e4f83 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptEccSignature_fp.h @@ -0,0 +1,139 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Mar 28, 2019 Time: 08:25:18PM + */ + +#ifndef _CRYPT_ECC_SIGNATURE_FP_H_ +#define _CRYPT_ECC_SIGNATURE_FP_H_ + +#if ALG_ECC + +//*** BnSignEcdsa() +// This function implements the ECDSA signing algorithm. The method is described +// in the comments below. +TPM_RC +BnSignEcdsa( + bigNum bnR, // OUT: 'r' component of the signature + bigNum bnS, // OUT: 's' component of the signature + bigCurve E, // IN: the curve used in the signature + // process + bigNum bnD, // IN: private signing key + const TPM2B_DIGEST *digest, // IN: the digest to sign + RAND_STATE *rand // IN: used in debug of signing +); + +//*** CryptEccSign() +// This function is the dispatch function for the various ECC-based +// signing schemes. +// There is a bit of ugliness to the parameter passing. In order to test this, +// we sometime would like to use a deterministic RNG so that we can get the same +// signatures during testing. The easiest way to do this for most schemes is to +// pass in a deterministic RNG and let it return canned values during testing. +// There is a competing need for a canned parameter to use in ECDAA. To accommodate +// both needs with minimal fuss, a special type of RAND_STATE is defined to carry +// the address of the commit value. The setup and handling of this is not very +// different for the caller than what was in previous versions of the code. +// Return Type: TPM_RC +// TPM_RC_SCHEME 'scheme' is not supported +LIB_EXPORT TPM_RC +CryptEccSign( + TPMT_SIGNATURE *signature, // OUT: signature + OBJECT *signKey, // IN: ECC key to sign the hash + const TPM2B_DIGEST *digest, // IN: digest to sign + TPMT_ECC_SCHEME *scheme, // IN: signing scheme + RAND_STATE *rand +); +#if ALG_ECDSA + +//*** BnValidateSignatureEcdsa() +// This function validates an ECDSA signature. rIn and sIn should have been checked +// to make sure that they are in the range 0 < 'v' < 'n' +// Return Type: TPM_RC +// TPM_RC_SIGNATURE signature not valid +TPM_RC +BnValidateSignatureEcdsa( + bigNum bnR, // IN: 'r' component of the signature + bigNum bnS, // IN: 's' component of the signature + bigCurve E, // IN: the curve used in the signature + // process + bn_point_t *ecQ, // IN: the public point of the key + const TPM2B_DIGEST *digest // IN: the digest that was signed +); +#endif // ALG_ECDSA + +//*** CryptEccValidateSignature() +// This function validates an EcDsa or EcSchnorr signature. +// The point 'Qin' needs to have been validated to be on the curve of 'curveId'. +// Return Type: TPM_RC +// TPM_RC_SIGNATURE not a valid signature +LIB_EXPORT TPM_RC +CryptEccValidateSignature( + TPMT_SIGNATURE *signature, // IN: signature to be verified + OBJECT *signKey, // IN: ECC key signed the hash + const TPM2B_DIGEST *digest // IN: digest that was signed +); + +//***CryptEccCommitCompute() +// This function performs the point multiply operations required by TPM2_Commit. +// +// If 'B' or 'M' is provided, they must be on the curve defined by 'curveId'. This +// routine does not check that they are on the curve and results are unpredictable +// if they are not. +// +// It is a fatal error if 'r' is NULL. If 'B' is not NULL, then it is a +// fatal error if 'd' is NULL or if 'K' and 'L' are both NULL. +// If 'M' is not NULL, then it is a fatal error if 'E' is NULL. +// +// Return Type: TPM_RC +// TPM_RC_NO_RESULT if 'K', 'L' or 'E' was computed to be the point +// at infinity +// TPM_RC_CANCELED a cancel indication was asserted during this +// function +LIB_EXPORT TPM_RC +CryptEccCommitCompute( + TPMS_ECC_POINT *K, // OUT: [d]B or [r]Q + TPMS_ECC_POINT *L, // OUT: [r]B + TPMS_ECC_POINT *E, // OUT: [r]M + TPM_ECC_CURVE curveId, // IN: the curve for the computations + TPMS_ECC_POINT *M, // IN: M (optional) + TPMS_ECC_POINT *B, // IN: B (optional) + TPM2B_ECC_PARAMETER *d, // IN: d (optional) + TPM2B_ECC_PARAMETER *r // IN: the computed r value (required) +); +#endif // ALG_ECC + +#endif // _CRYPT_ECC_SIGNATURE_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptHash_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptHash_fp.h new file mode 100644 index 000000000..218d9ca72 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptHash_fp.h @@ -0,0 +1,408 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Apr 2, 2019 Time: 03:18:00PM + */ + +#ifndef _CRYPT_HASH_FP_H_ +#define _CRYPT_HASH_FP_H_ + +//*** CryptHashInit() +// This function is called by _TPM_Init do perform the initialization operations for +// the library. +BOOL +CryptHashInit( + void +); + +//*** CryptHashStartup() +// This function is called by TPM2_Startup() in case there is work to do at startup. +// Currently, this is a placeholder. +BOOL +CryptHashStartup( + void +); + +//*** CryptGetHashDef() +// This function accesses the hash descriptor associated with a hash a +// algorithm. The function returns a pointer to a 'null' descriptor if hashAlg is +// TPM_ALG_NULL or not a defined algorithm. +PHASH_DEF +CryptGetHashDef( + TPM_ALG_ID hashAlg +); + +//*** CryptHashIsValidAlg() +// This function tests to see if an algorithm ID is a valid hash algorithm. If +// flag is true, then TPM_ALG_NULL is a valid hash. +// Return Type: BOOL +// TRUE(1) hashAlg is a valid, implemented hash on this TPM +// FALSE(0) hashAlg is not valid for this TPM +BOOL +CryptHashIsValidAlg( + TPM_ALG_ID hashAlg, // IN: the algorithm to check + BOOL flag // IN: TRUE if TPM_ALG_NULL is to be treated + // as a valid hash +); + +//*** CryptHashGetAlgByIndex() +// This function is used to iterate through the hashes. TPM_ALG_NULL +// is returned for all indexes that are not valid hashes. +// If the TPM implements 3 hashes, then an 'index' value of 0 will +// return the first implemented hash and an 'index' of 2 will return the +// last. All other index values will return TPM_ALG_NULL. +// +// Return Type: TPM_ALG_ID +// TPM_ALG_xxx a hash algorithm +// TPM_ALG_NULL this can be used as a stop value +LIB_EXPORT TPM_ALG_ID +CryptHashGetAlgByIndex( + UINT32 index // IN: the index +); + +//*** CryptHashGetDigestSize() +// Returns the size of the digest produced by the hash. If 'hashAlg' is not a hash +// algorithm, the TPM will FAIL. +// Return Type: UINT16 +// 0 TPM_ALG_NULL +// > 0 the digest size +// +LIB_EXPORT UINT16 +CryptHashGetDigestSize( + TPM_ALG_ID hashAlg // IN: hash algorithm to look up +); + +//*** CryptHashGetBlockSize() +// Returns the size of the block used by the hash. If 'hashAlg' is not a hash +// algorithm, the TPM will FAIL. +// Return Type: UINT16 +// 0 TPM_ALG_NULL +// > 0 the digest size +// +LIB_EXPORT UINT16 +CryptHashGetBlockSize( + TPM_ALG_ID hashAlg // IN: hash algorithm to look up +); + +//*** CryptHashGetOid() +// This function returns a pointer to DER=encoded OID for a hash algorithm. All OIDs +// are full OID values including the Tag (0x06) and length byte. +LIB_EXPORT const BYTE * +CryptHashGetOid( + TPM_ALG_ID hashAlg +); + +//*** CryptHashGetContextAlg() +// This function returns the hash algorithm associated with a hash context. +TPM_ALG_ID +CryptHashGetContextAlg( + PHASH_STATE state // IN: the context to check +); + +//*** CryptHashCopyState +// This function is used to clone a HASH_STATE. +LIB_EXPORT void +CryptHashCopyState( + HASH_STATE *out, // OUT: destination of the state + const HASH_STATE *in // IN: source of the state +); + +//*** CryptHashExportState() +// This function is used to export a hash or HMAC hash state. This function +// would be called when preparing to context save a sequence object. +void +CryptHashExportState( + PCHASH_STATE internalFmt, // IN: the hash state formatted for use by + // library + PEXPORT_HASH_STATE externalFmt // OUT: the exported hash state +); + +//*** CryptHashImportState() +// This function is used to import the hash state. This function +// would be called to import a hash state when the context of a sequence object +// was being loaded. +void +CryptHashImportState( + PHASH_STATE internalFmt, // OUT: the hash state formatted for use by + // the library + PCEXPORT_HASH_STATE externalFmt // IN: the exported hash state +); + +//*** CryptHashStart() +// Functions starts a hash stack +// Start a hash stack and returns the digest size. As a side effect, the +// value of 'stateSize' in hashState is updated to indicate the number of bytes +// of state that were saved. This function calls GetHashServer() and that function +// will put the TPM into failure mode if the hash algorithm is not supported. +// +// This function does not use the sequence parameter. If it is necessary to import +// or export context, this will start the sequence in a local state +// and export the state to the input buffer. Will need to add a flag to the state +// structure to indicate that it needs to be imported before it can be used. +// (BLEH). +// Return Type: UINT16 +// 0 hash is TPM_ALG_NULL +// >0 digest size +LIB_EXPORT UINT16 +CryptHashStart( + PHASH_STATE hashState, // OUT: the running hash state + TPM_ALG_ID hashAlg // IN: hash algorithm +); + +//*** CryptDigestUpdate() +// Add data to a hash or HMAC, SMAC stack. +// +void +CryptDigestUpdate( + PHASH_STATE hashState, // IN: the hash context information + UINT32 dataSize, // IN: the size of data to be added + const BYTE *data // IN: data to be hashed +); + +//*** CryptHashEnd() +// Complete a hash or HMAC computation. This function will place the smaller of +// 'digestSize' or the size of the digest in 'dOut'. The number of bytes in the +// placed in the buffer is returned. If there is a failure, the returned value +// is <= 0. +// Return Type: UINT16 +// 0 no data returned +// > 0 the number of bytes in the digest or dOutSize, whichever is smaller +LIB_EXPORT UINT16 +CryptHashEnd( + PHASH_STATE hashState, // IN: the state of hash stack + UINT32 dOutSize, // IN: size of digest buffer + BYTE *dOut // OUT: hash digest +); + +//*** CryptHashBlock() +// Start a hash, hash a single block, update 'digest' and return the size of +// the results. +// +// The 'digestSize' parameter can be smaller than the digest. If so, only the more +// significant bytes are returned. +// Return Type: UINT16 +// >= 0 number of bytes placed in 'dOut' +LIB_EXPORT UINT16 +CryptHashBlock( + TPM_ALG_ID hashAlg, // IN: The hash algorithm + UINT32 dataSize, // IN: size of buffer to hash + const BYTE *data, // IN: the buffer to hash + UINT32 dOutSize, // IN: size of the digest buffer + BYTE *dOut // OUT: digest buffer +); + +//*** CryptDigestUpdate2B() +// This function updates a digest (hash or HMAC) with a TPM2B. +// +// This function can be used for both HMAC and hash functions so the +// 'digestState' is void so that either state type can be passed. +LIB_EXPORT void +CryptDigestUpdate2B( + PHASH_STATE state, // IN: the digest state + const TPM2B *bIn // IN: 2B containing the data +); + +//*** CryptHashEnd2B() +// This function is the same as CryptCompleteHash() but the digest is +// placed in a TPM2B. This is the most common use and this is provided +// for specification clarity. 'digest.size' should be set to indicate the number of +// bytes to place in the buffer +// Return Type: UINT16 +// >=0 the number of bytes placed in 'digest.buffer' +LIB_EXPORT UINT16 +CryptHashEnd2B( + PHASH_STATE state, // IN: the hash state + P2B digest // IN: the size of the buffer Out: requested + // number of bytes +); + +//*** CryptDigestUpdateInt() +// This function is used to include an integer value to a hash stack. The function +// marshals the integer into its canonical form before calling CryptDigestUpdate(). +LIB_EXPORT void +CryptDigestUpdateInt( + void *state, // IN: the state of hash stack + UINT32 intSize, // IN: the size of 'intValue' in bytes + UINT64 intValue // IN: integer value to be hashed +); + +//*** CryptHmacStart() +// This function is used to start an HMAC using a temp +// hash context. The function does the initialization +// of the hash with the HMAC key XOR iPad and updates the +// HMAC key XOR oPad. +// +// The function returns the number of bytes in a digest produced by 'hashAlg'. +// Return Type: UINT16 +// >= 0 number of bytes in digest produced by 'hashAlg' (may be zero) +// +LIB_EXPORT UINT16 +CryptHmacStart( + PHMAC_STATE state, // IN/OUT: the state buffer + TPM_ALG_ID hashAlg, // IN: the algorithm to use + UINT16 keySize, // IN: the size of the HMAC key + const BYTE *key // IN: the HMAC key +); + +//*** CryptHmacEnd() +// This function is called to complete an HMAC. It will finish the current +// digest, and start a new digest. It will then add the oPadKey and the +// completed digest and return the results in dOut. It will not return more +// than dOutSize bytes. +// Return Type: UINT16 +// >= 0 number of bytes in 'dOut' (may be zero) +LIB_EXPORT UINT16 +CryptHmacEnd( + PHMAC_STATE state, // IN: the hash state buffer + UINT32 dOutSize, // IN: size of digest buffer + BYTE *dOut // OUT: hash digest +); + +//*** CryptHmacStart2B() +// This function starts an HMAC and returns the size of the digest +// that will be produced. +// +// This function is provided to support the most common use of starting an HMAC +// with a TPM2B key. +// +// The caller must provide a block of memory in which the hash sequence state +// is kept. The caller should not alter the contents of this buffer until the +// hash sequence is completed or abandoned. +// +// Return Type: UINT16 +// > 0 the digest size of the algorithm +// = 0 the hashAlg was TPM_ALG_NULL +LIB_EXPORT UINT16 +CryptHmacStart2B( + PHMAC_STATE hmacState, // OUT: the state of HMAC stack. It will be used + // in HMAC update and completion + TPMI_ALG_HASH hashAlg, // IN: hash algorithm + P2B key // IN: HMAC key +); + +//*** CryptHmacEnd2B() +// This function is the same as CryptHmacEnd() but the HMAC result +// is returned in a TPM2B which is the most common use. +// Return Type: UINT16 +// >=0 the number of bytes placed in 'digest' +LIB_EXPORT UINT16 +CryptHmacEnd2B( + PHMAC_STATE hmacState, // IN: the state of HMAC stack + P2B digest // OUT: HMAC +); + +//** Mask and Key Generation Functions +//*** CryptMGF1() +// This function performs MGF1 using the selected hash. MGF1 is +// T(n) = T(n-1) || H(seed || counter). +// This function returns the length of the mask produced which +// could be zero if the digest algorithm is not supported +// Return Type: UINT16 +// 0 hash algorithm was TPM_ALG_NULL +// > 0 should be the same as 'mSize' +LIB_EXPORT UINT16 +CryptMGF1( + UINT32 mSize, // IN: length of the mask to be produced + BYTE *mask, // OUT: buffer to receive the mask + TPM_ALG_ID hashAlg, // IN: hash to use + UINT32 seedSize, // IN: size of the seed + BYTE *seed // IN: seed size +); + +//*** CryptKDFa() +// This function performs the key generation according to Part 1 of the +// TPM specification. +// +// This function returns the number of bytes generated which may be zero. +// +// The 'key' and 'keyStream' pointers are not allowed to be NULL. The other +// pointer values may be NULL. The value of 'sizeInBits' must be no larger +// than (2^18)-1 = 256K bits (32385 bytes). +// +// The 'once' parameter is set to allow incremental generation of a large +// value. If this flag is TRUE, 'sizeInBits' will be used in the HMAC computation +// but only one iteration of the KDF is performed. This would be used for +// XOR obfuscation so that the mask value can be generated in digest-sized +// chunks rather than having to be generated all at once in an arbitrarily +// large buffer and then XORed into the result. If 'once' is TRUE, then +// 'sizeInBits' must be a multiple of 8. +// +// Any error in the processing of this command is considered fatal. +// Return Type: UINT16 +// 0 hash algorithm is not supported or is TPM_ALG_NULL +// > 0 the number of bytes in the 'keyStream' buffer +LIB_EXPORT UINT16 +CryptKDFa( + TPM_ALG_ID hashAlg, // IN: hash algorithm used in HMAC + const TPM2B *key, // IN: HMAC key + const TPM2B *label, // IN: a label for the KDF + const TPM2B *contextU, // IN: context U + const TPM2B *contextV, // IN: context V + UINT32 sizeInBits, // IN: size of generated key in bits + BYTE *keyStream, // OUT: key buffer + UINT32 *counterInOut, // IN/OUT: caller may provide the iteration + // counter for incremental operations to + // avoid large intermediate buffers. + UINT16 blocks // IN: If non-zero, this is the maximum number + // of blocks to be returned, regardless + // of sizeInBits +); + +//*** CryptKDFe() +// This function implements KDFe() as defined in TPM specification part 1. +// +// This function returns the number of bytes generated which may be zero. +// +// The 'Z' and 'keyStream' pointers are not allowed to be NULL. The other +// pointer values may be NULL. The value of 'sizeInBits' must be no larger +// than (2^18)-1 = 256K bits (32385 bytes). +// Any error in the processing of this command is considered fatal. +// Return Type: UINT16 +// 0 hash algorithm is not supported or is TPM_ALG_NULL +// > 0 the number of bytes in the 'keyStream' buffer +// +LIB_EXPORT UINT16 +CryptKDFe( + TPM_ALG_ID hashAlg, // IN: hash algorithm used in HMAC + TPM2B *Z, // IN: Z + const TPM2B *label, // IN: a label value for the KDF + TPM2B *partyUInfo, // IN: PartyUInfo + TPM2B *partyVInfo, // IN: PartyVInfo + UINT32 sizeInBits, // IN: size of generated key in bits + BYTE *keyStream // OUT: key buffer +); + +#endif // _CRYPT_HASH_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptPrimeSieve_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptPrimeSieve_fp.h new file mode 100644 index 000000000..55a0712d7 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptPrimeSieve_fp.h @@ -0,0 +1,158 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Apr 2, 2019 Time: 04:06:42PM + */ + +#ifndef _CRYPT_PRIME_SIEVE_FP_H_ +#define _CRYPT_PRIME_SIEVE_FP_H_ + +#if RSA_KEY_SIEVE + +//*** RsaAdjustPrimeLimit() +// This used during the sieve process. The iterator for getting the +// next prime (RsaNextPrime()) will return primes until it hits the +// limit (primeLimit) set up by this function. This causes the sieve +// process to stop when an appropriate number of primes have been +// sieved. +LIB_EXPORT void +RsaAdjustPrimeLimit( + uint32_t requestedPrimes +); + +//*** RsaNextPrime() +// This the iterator used during the sieve process. The input is the +// last prime returned (or any starting point) and the output is the +// next higher prime. The function returns 0 when the primeLimit is +// reached. +LIB_EXPORT uint32_t +RsaNextPrime( + uint32_t lastPrime +); + +//*** FindNthSetBit() +// This function finds the nth SET bit in a bit array. The 'n' parameter is +// between 1 and the number of bits in the array (always a multiple of 8). +// If called when the array does not have n bits set, it will return -1 +// Return Type: unsigned int +// <0 no bit is set or no bit with the requested number is set +// >=0 the number of the bit in the array that is the nth set +LIB_EXPORT int +FindNthSetBit( + const UINT16 aSize, // IN: the size of the array to check + const BYTE *a, // IN: the array to check + const UINT32 n // IN, the number of the SET bit +); + +//*** PrimeSieve() +// This function does a prime sieve over the input 'field' which has as its +// starting address the value in bnN. Since this initializes the Sieve +// using a precomputed field with the bits associated with 3, 5 and 7 already +// turned off, the value of pnN may need to be adjusted by a few counts to allow +// the precomputed field to be used without modification. +// +// To get better performance, one could address the issue of developing the +// composite numbers. When the size of the prime gets large, the time for doing +// the divisions goes up, noticeably. It could be better to develop larger composite +// numbers even if they need to be bigNum's themselves. The object would be to +// reduce the number of times that the large prime is divided into a few large +// divides and then use smaller divides to get to the final 16 bit (or smaller) +// remainders. +LIB_EXPORT UINT32 +PrimeSieve( + bigNum bnN, // IN/OUT: number to sieve + UINT32 fieldSize, // IN: size of the field area in bytes + BYTE *field // IN: field +); +#ifdef SIEVE_DEBUG + +//***SetFieldSize() +// Function to set the field size used for prime generation. Used for tuning. +LIB_EXPORT uint32_t +SetFieldSize( + uint32_t newFieldSize +); +#endif // SIEVE_DEBUG + +//*** PrimeSelectWithSieve() +// This function will sieve the field around the input prime candidate. If the +// sieve field is not empty, one of the one bits in the field is chosen for testing +// with Miller-Rabin. If the value is prime, 'pnP' is updated with this value +// and the function returns success. If this value is not prime, another +// pseudo-random candidate is chosen and tested. This process repeats until +// all values in the field have been checked. If all bits in the field have +// been checked and none is prime, the function returns FALSE and a new random +// value needs to be chosen. +// Return Type: TPM_RC +// TPM_RC_FAILURE TPM in failure mode, probably due to entropy source +// TPM_RC_SUCCESS candidate is probably prime +// TPM_RC_NO_RESULT candidate is not prime and couldn't find and alternative +// in the field +LIB_EXPORT TPM_RC +PrimeSelectWithSieve( + bigNum candidate, // IN/OUT: The candidate to filter + UINT32 e, // IN: the exponent + RAND_STATE *rand // IN: the random number generator state +); +#if RSA_INSTRUMENT + +char * +PrintTuple( + UINT32 *i +); + +void +RsaSimulationEnd( + void +); + +LIB_EXPORT void +GetSieveStats( + uint32_t *trials, + uint32_t *emptyFields, + uint32_t *averageBits +); + +#endif +#endif // RSA_KEY_SIEVE +#if !RSA_INSTRUMENT +void +RsaSimulationEnd( + void +); +#endif + +#endif // _CRYPT_PRIME_SIEVE_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptPrime_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptPrime_fp.h new file mode 100644 index 000000000..019bdbc17 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptPrime_fp.h @@ -0,0 +1,137 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Apr 2, 2019 Time: 03:18:00PM + */ + +#ifndef _CRYPT_PRIME_FP_H_ +#define _CRYPT_PRIME_FP_H_ + +//*** IsPrimeInt() +// This will do a test of a word of up to 32-bits in size. +BOOL +IsPrimeInt( + uint32_t n +); + +//*** BnIsProbablyPrime() +// This function is used when the key sieve is not implemented. This function +// Will try to eliminate some of the obvious things before going on +// to perform MillerRabin as a final verification of primeness. +BOOL +BnIsProbablyPrime( + bigNum prime, // IN: + RAND_STATE *rand // IN: the random state just + // in case Miller-Rabin is required +); + +//*** MillerRabinRounds() +// Function returns the number of Miller-Rabin rounds necessary to give an +// error probability equal to the security strength of the prime. These values +// are from FIPS 186-3. +UINT32 +MillerRabinRounds( + UINT32 bits // IN: Number of bits in the RSA prime +); + +//*** MillerRabin() +// This function performs a Miller-Rabin test from FIPS 186-3. It does +// 'iterations' trials on the number. In all likelihood, if the number +// is not prime, the first test fails. +// Return Type: BOOL +// TRUE(1) probably prime +// FALSE(0) composite +BOOL +MillerRabin( + bigNum bnW, + RAND_STATE *rand +); +#if ALG_RSA + +//*** RsaCheckPrime() +// This will check to see if a number is prime and appropriate for an +// RSA prime. +// +// This has different functionality based on whether we are using key +// sieving or not. If not, the number checked to see if it is divisible by +// the public exponent, then the number is adjusted either up or down +// in order to make it a better candidate. It is then checked for being +// probably prime. +// +// If sieving is used, the number is used to root a sieving process. +// +TPM_RC +RsaCheckPrime( + bigNum prime, + UINT32 exponent, + RAND_STATE *rand +); + +//*** AdjustPrimeCandiate() +// This function adjusts the candidate prime so that it is odd and > root(2)/2. +// This allows the product of these two numbers to be .5, which, in fixed point +// notation means that the most significant bit is 1. +// For this routine, the root(2)/2 (0.7071067811865475) approximated with 0xB505 +// which is, in fixed point, 0.7071075439453125 or an error of 0.000108%. Just setting +// the upper two bits would give a value > 0.75 which is an error of > 6%. Given the +// amount of time all the other computations take, reducing the error is not much of +// a cost, but it isn't totally required either. +// +// The code maps the most significant crypt_uword_t in 'prime' so that a 32-/64-bit +// value of 0 to 0xB5050...0 and a value of 0xff...f to 0xff...f. It also sets the LSb +// of 'prime' to make sure that the number is odd. +// +// This code has been fixed so that it will work with a RADIX_SIZE == 64. +// +// The function also puts the number on a field boundary. +LIB_EXPORT void +RsaAdjustPrimeCandidate( + bigNum prime +); + +//***BnGeneratePrimeForRSA() +// Function to generate a prime of the desired size with the proper attributes +// for an RSA prime. +TPM_RC +BnGeneratePrimeForRSA( + bigNum prime, + UINT32 bits, + UINT32 exponent, + RAND_STATE *rand +); +#endif // ALG_RSA + +#endif // _CRYPT_PRIME_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptRand_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptRand_fp.h new file mode 100644 index 000000000..34e9cc6ec --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptRand_fp.h @@ -0,0 +1,204 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Apr 2, 2019 Time: 03:18:00PM + */ + +#ifndef _CRYPT_RAND_FP_H_ +#define _CRYPT_RAND_FP_H_ + +//*** DRBG_GetEntropy() +// Even though this implementation never fails, it may get blocked +// indefinitely long in the call to get entropy from the platform +// (DRBG_GetEntropy32()). +// This function is only used during instantiation of the DRBG for +// manufacturing and on each start-up after an non-orderly shutdown. +// Return Type: BOOL +// TRUE(1) requested entropy returned +// FALSE(0) entropy Failure +BOOL +DRBG_GetEntropy( + UINT32 requiredEntropy, // IN: requested number of bytes of full + // entropy + BYTE *entropy // OUT: buffer to return collected entropy +); + +//*** IncrementIv() +// This function increments the IV value by 1. It is used by EncryptDRBG(). +void +IncrementIv( + DRBG_IV *iv +); + +//*** DRBG_Reseed() +// This function is used when reseeding of the DRBG is required. If +// entropy is provided, it is used in lieu of using hardware entropy. +// Note: the provided entropy must be the required size. +// Return Type: BOOL +// TRUE(1) reseed succeeded +// FALSE(0) reseed failed, probably due to the entropy generation +BOOL +DRBG_Reseed( + DRBG_STATE *drbgState, // IN: the state to update + DRBG_SEED *providedEntropy, // IN: entropy + DRBG_SEED *additionalData // IN: +); + +//*** DRBG_SelfTest() +// This is run when the DRBG is instantiated and at startup +// Return Type: BOOL +// TRUE(1) test OK +// FALSE(0) test failed +BOOL +DRBG_SelfTest( + void +); + +//*** CryptRandomStir() +// This function is used to cause a reseed. A DRBG_SEED amount of entropy is +// collected from the hardware and then additional data is added. +// Return Type: TPM_RC +// TPM_RC_NO_RESULT failure of the entropy generator +LIB_EXPORT TPM_RC +CryptRandomStir( + UINT16 additionalDataSize, + BYTE *additionalData +); + +//*** CryptRandomGenerate() +// Generate a 'randomSize' number or random bytes. +LIB_EXPORT UINT16 +CryptRandomGenerate( + UINT16 randomSize, + BYTE *buffer +); + +//**** DRBG_InstantiateSeededKdf() +// This function is used to instantiate a KDF-based RNG. This is used for derivations. +// This function always returns TRUE. +LIB_EXPORT BOOL +DRBG_InstantiateSeededKdf( + KDF_STATE *state, // OUT: buffer to hold the state + TPM_ALG_ID hashAlg, // IN: hash algorithm + TPM_ALG_ID kdf, // IN: the KDF to use + TPM2B *seed, // IN: the seed to use + const TPM2B *label, // IN: a label for the generation process. + TPM2B *context, // IN: the context value + UINT32 limit // IN: Maximum number of bits from the KDF +); + +//**** DRBG_AdditionalData() +// Function to reseed the DRBG with additional entropy. This is normally called +// before computing the protection value of a primary key in the Endorsement +// hierarchy. +LIB_EXPORT void +DRBG_AdditionalData( + DRBG_STATE *drbgState, // IN:OUT state to update + TPM2B *additionalData // IN: value to incorporate +); + +//**** DRBG_InstantiateSeeded() +// This function is used to instantiate a random number generator from seed values. +// The nominal use of this generator is to create sequences of pseudo-random +// numbers from a seed value. This function always returns TRUE. +LIB_EXPORT TPM_RC +DRBG_InstantiateSeeded( + DRBG_STATE *drbgState, // IN/OUT: buffer to hold the state + const TPM2B *seed, // IN: the seed to use + const TPM2B *purpose, // IN: a label for the generation process. + const TPM2B *name, // IN: name of the object + const TPM2B *additional // IN: additional data +); + +//**** CryptRandStartup() +// This function is called when TPM_Startup is executed. This function always returns +// TRUE. +LIB_EXPORT BOOL +CryptRandStartup( + void +); + +//**** CryptRandInit() +// This function is called when _TPM_Init is being processed. +// Return Type: BOOL +// TRUE(1) success +// FALSE(0) failure +LIB_EXPORT BOOL +CryptRandInit( + void +); + +//*** DRBG_Generate() +// This function generates a random sequence according SP800-90A. +// If 'random' is not NULL, then 'randomSize' bytes of random values are generated. +// If 'random' is NULL or 'randomSize' is zero, then the function returns +// TRUE without generating any bits or updating the reseed counter. +// This function returns 0 if a reseed is required. Otherwise, it returns the +// number of bytes produced which could be less than the number requested if the +// request is too large. +LIB_EXPORT UINT16 +DRBG_Generate( + RAND_STATE *state, + BYTE *random, // OUT: buffer to receive the random values + UINT16 randomSize // IN: the number of bytes to generate +); + +//*** DRBG_Instantiate() +// This is CTR_DRBG_Instantiate_algorithm() from [SP 800-90A 10.2.1.3.1]. +// This is called when a the TPM DRBG is to be instantiated. This is +// called to instantiate a DRBG used by the TPM for normal +// operations. +// Return Type: BOOL +// TRUE(1) instantiation succeeded +// FALSE(0) instantiation failed +LIB_EXPORT BOOL +DRBG_Instantiate( + DRBG_STATE *drbgState, // OUT: the instantiated value + UINT16 pSize, // IN: Size of personalization string + BYTE *personalization // IN: The personalization string +); + +//*** DRBG_Uninstantiate() +// This is Uninstantiate_function() from [SP 800-90A 9.4]. +// +// Return Type: TPM_RC +// TPM_RC_VALUE not a valid state +LIB_EXPORT TPM_RC +DRBG_Uninstantiate( + DRBG_STATE *drbgState // IN/OUT: working state to erase +); + +#endif // _CRYPT_RAND_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptRsa_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptRsa_fp.h new file mode 100644 index 000000000..8af477f6c --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptRsa_fp.h @@ -0,0 +1,210 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Apr 2, 2019 Time: 03:18:00PM + */ + +#ifndef _CRYPT_RSA_FP_H_ +#define _CRYPT_RSA_FP_H_ + +#if ALG_RSA + +//*** CryptRsaInit() +// Function called at _TPM_Init(). +BOOL +CryptRsaInit( + void +); + +//*** CryptRsaStartup() +// Function called at TPM2_Startup() +BOOL +CryptRsaStartup( + void +); + +//*** CryptRsaPssSaltSize() +// This function computes the salt size used in PSS. It is broken out so that +// the X509 code can get the same value that is used by the encoding function in this +// module. +INT16 +CryptRsaPssSaltSize( + INT16 hashSize, + INT16 outSize +); + +//*** MakeDerTag() +// Construct the DER value that is used in RSASSA +// Return Type: INT16 +// > 0 size of value +// <= 0 no hash exists +INT16 +MakeDerTag( + TPM_ALG_ID hashAlg, + INT16 sizeOfBuffer, + BYTE *buffer +); + +//*** CryptRsaSelectScheme() +// This function is used by TPM2_RSA_Decrypt and TPM2_RSA_Encrypt. It sets up +// the rules to select a scheme between input and object default. +// This function assume the RSA object is loaded. +// If a default scheme is defined in object, the default scheme should be chosen, +// otherwise, the input scheme should be chosen. +// In the case that both the object and 'scheme' are not TPM_ALG_NULL, then +// if the schemes are the same, the input scheme will be chosen. +// if the scheme are not compatible, a NULL pointer will be returned. +// +// The return pointer may point to a TPM_ALG_NULL scheme. +TPMT_RSA_DECRYPT* +CryptRsaSelectScheme( + TPMI_DH_OBJECT rsaHandle, // IN: handle of an RSA key + TPMT_RSA_DECRYPT *scheme // IN: a sign or decrypt scheme +); + +//*** CryptRsaLoadPrivateExponent() +// This function is called to generate the private exponent of an RSA key. +// Return Type: TPM_RC +// TPM_RC_BINDING public and private parts of 'rsaKey' are not matched +TPM_RC +CryptRsaLoadPrivateExponent( + TPMT_PUBLIC *publicArea, + TPMT_SENSITIVE *sensitive +); + +//*** CryptRsaEncrypt() +// This is the entry point for encryption using RSA. Encryption is +// use of the public exponent. The padding parameter determines what +// padding will be used. +// +// The 'cOutSize' parameter must be at least as large as the size of the key. +// +// If the padding is RSA_PAD_NONE, 'dIn' is treated as a number. It must be +// lower in value than the key modulus. +// NOTE: If dIn has fewer bytes than cOut, then we don't add low-order zeros to +// dIn to make it the size of the RSA key for the call to RSAEP. This is +// because the high order bytes of dIn might have a numeric value that is +// greater than the value of the key modulus. If this had low-order zeros +// added, it would have a numeric value larger than the modulus even though +// it started out with a lower numeric value. +// +// Return Type: TPM_RC +// TPM_RC_VALUE 'cOutSize' is too small (must be the size +// of the modulus) +// TPM_RC_SCHEME 'padType' is not a supported scheme +// +LIB_EXPORT TPM_RC +CryptRsaEncrypt( + TPM2B_PUBLIC_KEY_RSA *cOut, // OUT: the encrypted data + TPM2B *dIn, // IN: the data to encrypt + OBJECT *key, // IN: the key used for encryption + TPMT_RSA_DECRYPT *scheme, // IN: the type of padding and hash + // if needed + const TPM2B *label, // IN: in case it is needed + RAND_STATE *rand // IN: random number generator + // state (mostly for testing) +); + +//*** CryptRsaDecrypt() +// This is the entry point for decryption using RSA. Decryption is +// use of the private exponent. The 'padType' parameter determines what +// padding was used. +// +// Return Type: TPM_RC +// TPM_RC_SIZE 'cInSize' is not the same as the size of the public +// modulus of 'key'; or numeric value of the encrypted +// data is greater than the modulus +// TPM_RC_VALUE 'dOutSize' is not large enough for the result +// TPM_RC_SCHEME 'padType' is not supported +// +LIB_EXPORT TPM_RC +CryptRsaDecrypt( + TPM2B *dOut, // OUT: the decrypted data + TPM2B *cIn, // IN: the data to decrypt + OBJECT *key, // IN: the key to use for decryption + TPMT_RSA_DECRYPT *scheme, // IN: the padding scheme + const TPM2B *label // IN: in case it is needed for the scheme +); + +//*** CryptRsaSign() +// This function is used to generate an RSA signature of the type indicated in +// 'scheme'. +// +// Return Type: TPM_RC +// TPM_RC_SCHEME 'scheme' or 'hashAlg' are not supported +// TPM_RC_VALUE 'hInSize' does not match 'hashAlg' (for RSASSA) +// +LIB_EXPORT TPM_RC +CryptRsaSign( + TPMT_SIGNATURE *sigOut, + OBJECT *key, // IN: key to use + TPM2B_DIGEST *hIn, // IN: the digest to sign + RAND_STATE *rand // IN: the random number generator + // to use (mostly for testing) +); + +//*** CryptRsaValidateSignature() +// This function is used to validate an RSA signature. If the signature is valid +// TPM_RC_SUCCESS is returned. If the signature is not valid, TPM_RC_SIGNATURE is +// returned. Other return codes indicate either parameter problems or fatal errors. +// +// Return Type: TPM_RC +// TPM_RC_SIGNATURE the signature does not check +// TPM_RC_SCHEME unsupported scheme or hash algorithm +// +LIB_EXPORT TPM_RC +CryptRsaValidateSignature( + TPMT_SIGNATURE *sig, // IN: signature + OBJECT *key, // IN: public modulus + TPM2B_DIGEST *digest // IN: The digest being validated +); + +//*** CryptRsaGenerateKey() +// Generate an RSA key from a provided seed +// Return Type: TPM_RC +// TPM_RC_CANCELED operation was canceled +// TPM_RC_RANGE public exponent is not supported +// TPM_RC_VALUE could not find a prime using the provided parameters +LIB_EXPORT TPM_RC +CryptRsaGenerateKey( + TPMT_PUBLIC *publicArea, + TPMT_SENSITIVE *sensitive, + RAND_STATE *rand // IN: if not NULL, the deterministic + // RNG state +); +#endif // ALG_RSA + +#endif // _CRYPT_RSA_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptSelfTest_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptSelfTest_fp.h new file mode 100644 index 000000000..49c537537 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptSelfTest_fp.h @@ -0,0 +1,108 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Mar 28, 2019 Time: 08:25:19PM + */ + +#ifndef _CRYPT_SELF_TEST_FP_H_ +#define _CRYPT_SELF_TEST_FP_H_ + +//*** CryptSelfTest() +// This function is called to start/complete a full self-test. +// If 'fullTest' is NO, then only the untested algorithms will be run. If +// 'fullTest' is YES, then 'g_untestedDecryptionAlgorithms' is reinitialized and then +// all tests are run. +// This implementation of the reference design does not support processing outside +// the framework of a TPM command. As a consequence, this command does not +// complete until all tests are done. Since this can take a long time, the TPM +// will check after each test to see if the command is canceled. If so, then the +// TPM will returned TPM_RC_CANCELLED. To continue with the self-tests, call +// TPM2_SelfTest(fullTest == No) and the TPM will complete the testing. +// Return Type: TPM_RC +// TPM_RC_CANCELED if the command is canceled +LIB_EXPORT +TPM_RC +CryptSelfTest( + TPMI_YES_NO fullTest // IN: if full test is required +); + +//*** CryptIncrementalSelfTest() +// This function is used to perform an incremental self-test. This implementation +// will perform the toTest values before returning. That is, it assumes that the +// TPM cannot perform background tasks between commands. +// +// This command may be canceled. If it is, then there is no return result. +// However, this command can be run again and the incremental progress will not +// be lost. +// Return Type: TPM_RC +// TPM_RC_CANCELED processing of this command was canceled +// TPM_RC_TESTING if toTest list is not empty +// TPM_RC_VALUE an algorithm in the toTest list is not implemented +TPM_RC +CryptIncrementalSelfTest( + TPML_ALG *toTest, // IN: list of algorithms to be tested + TPML_ALG *toDoList // OUT: list of algorithms needing test +); + +//*** CryptInitializeToTest() +// This function will initialize the data structures for testing all the +// algorithms. This should not be called unless CryptAlgsSetImplemented() has +// been called +void +CryptInitializeToTest( + void +); + +//*** CryptTestAlgorithm() +// Only point of contact with the actual self tests. If a self-test fails, there +// is no return and the TPM goes into failure mode. +// The call to TestAlgorithm uses an algorithm selector and a bit vector. When the +// test is run, the corresponding bit in 'toTest' and in 'g_toTest' is CLEAR. If +// 'toTest' is NULL, then only the bit in 'g_toTest' is CLEAR. +// There is a special case for the call to TestAlgorithm(). When 'alg' is +// ALG_ERROR, TestAlgorithm() will CLEAR any bit in 'toTest' for which it has +// no test. This allows the knowledge about which algorithms have test to be +// accessed through the interface that provides the test. +// Return Type: TPM_RC +// TPM_RC_CANCELED test was canceled +LIB_EXPORT +TPM_RC +CryptTestAlgorithm( + TPM_ALG_ID alg, + ALGORITHM_VECTOR *toTest +); + +#endif // _CRYPT_SELF_TEST_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptSmac_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptSmac_fp.h new file mode 100644 index 000000000..1c1f6aff5 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptSmac_fp.h @@ -0,0 +1,84 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Mar 28, 2019 Time: 08:25:19PM + */ + +#ifndef _CRYPT_SMAC_FP_H_ +#define _CRYPT_SMAC_FP_H_ + +#if SMAC_IMPLEMENTED + +//*** CryptSmacStart() +// Function to start an SMAC. +UINT16 +CryptSmacStart( + HASH_STATE *state, + TPMU_PUBLIC_PARMS *keyParameters, + TPM_ALG_ID macAlg, // IN: the type of MAC + TPM2B *key +); + +//*** CryptMacStart() +// Function to start either an HMAC or an SMAC. Cannot reuse the CryptHmacStart +// function because of the difference in number of parameters. +UINT16 +CryptMacStart( + HMAC_STATE *state, + TPMU_PUBLIC_PARMS *keyParameters, + TPM_ALG_ID macAlg, // IN: the type of MAC + TPM2B *key +); + +//*** CryptMacEnd() +// Dispatch to the MAC end function using a size and buffer pointer. +UINT16 +CryptMacEnd( + HMAC_STATE *state, + UINT32 size, + BYTE *buffer +); + +//*** CryptMacEnd2B() +// Dispatch to the MAC end function using a 2B. +UINT16 +CryptMacEnd2B ( + HMAC_STATE *state, + TPM2B *data +); +#endif // SMAC_IMPLEMENTED + +#endif // _CRYPT_SMAC_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptSym_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptSym_fp.h new file mode 100644 index 000000000..d02634e65 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptSym_fp.h @@ -0,0 +1,126 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Apr 2, 2019 Time: 03:18:00PM + */ + +#ifndef _CRYPT_SYM_FP_H_ +#define _CRYPT_SYM_FP_H_ + +//** Initialization and Data Access Functions +// +//*** CryptSymInit() +// This function is called to do _TPM_Init processing +BOOL +CryptSymInit( + void +); + +//*** CryptSymStartup() +// This function is called to do TPM2_Startup() processing +BOOL +CryptSymStartup( + void +); + +//*** CryptGetSymmetricBlockSize() +// This function returns the block size of the algorithm. The table of bit sizes has +// an entry for each allowed key size. The entry for a key size is 0 if the TPM does +// not implement that key size. The key size table is delimited with a negative number +// (-1). After the delimiter is a list of block sizes with each entry corresponding +// to the key bit size. For most symmetric algorithms, the block size is the same +// regardless of the key size but this arrangement allows them to be different. +// Return Type: INT16 +// <= 0 cipher not supported +// > 0 the cipher block size in bytes +LIB_EXPORT INT16 +CryptGetSymmetricBlockSize( + TPM_ALG_ID symmetricAlg, // IN: the symmetric algorithm + UINT16 keySizeInBits // IN: the key size +); + +//** Symmetric Encryption +// This function performs symmetric encryption based on the mode. +// Return Type: TPM_RC +// TPM_RC_SIZE 'dSize' is not a multiple of the block size for an +// algorithm that requires it +// TPM_RC_FAILURE Fatal error +LIB_EXPORT TPM_RC +CryptSymmetricEncrypt( + BYTE *dOut, // OUT: + TPM_ALG_ID algorithm, // IN: the symmetric algorithm + UINT16 keySizeInBits, // IN: key size in bits + const BYTE *key, // IN: key buffer. The size of this buffer + // in bytes is (keySizeInBits + 7) / 8 + TPM2B_IV *ivInOut, // IN/OUT: IV for decryption. + TPM_ALG_ID mode, // IN: Mode to use + INT32 dSize, // IN: data size (may need to be a + // multiple of the blockSize) + const BYTE *dIn // IN: data buffer +); + +//*** CryptSymmetricDecrypt() +// This function performs symmetric decryption based on the mode. +// Return Type: TPM_RC +// TPM_RC_FAILURE A fatal error +// TPM_RCS_SIZE 'dSize' is not a multiple of the block size for an +// algorithm that requires it +LIB_EXPORT TPM_RC +CryptSymmetricDecrypt( + BYTE *dOut, // OUT: decrypted data + TPM_ALG_ID algorithm, // IN: the symmetric algorithm + UINT16 keySizeInBits, // IN: key size in bits + const BYTE *key, // IN: key buffer. The size of this buffer + // in bytes is (keySizeInBits + 7) / 8 + TPM2B_IV *ivInOut, // IN/OUT: IV for decryption. + TPM_ALG_ID mode, // IN: Mode to use + INT32 dSize, // IN: data size (may need to be a + // multiple of the blockSize) + const BYTE *dIn // IN: data buffer +); + +//*** CryptSymKeyValidate() +// Validate that a provided symmetric key meets the requirements of the TPM +// Return Type: TPM_RC +// TPM_RC_KEY_SIZE Key size specifiers do not match +// TPM_RC_KEY Key is not allowed +TPM_RC +CryptSymKeyValidate( + TPMT_SYM_DEF_OBJECT *symDef, + TPM2B_SYM_KEY *key +); + +#endif // _CRYPT_SYM_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptUtil_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptUtil_fp.h new file mode 100644 index 000000000..c7367a26d --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptUtil_fp.h @@ -0,0 +1,488 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Mar 28, 2019 Time: 08:25:19PM + */ + +#ifndef _CRYPT_UTIL_FP_H_ +#define _CRYPT_UTIL_FP_H_ + +//*** CryptIsSchemeAnonymous() +// This function is used to test a scheme to see if it is an anonymous scheme +// The only anonymous scheme is ECDAA. ECDAA can be used to do things +// like U-Prove. +BOOL +CryptIsSchemeAnonymous( + TPM_ALG_ID scheme // IN: the scheme algorithm to test +); + +//*** ParmDecryptSym() +// This function performs parameter decryption using symmetric block cipher. +void +ParmDecryptSym( + TPM_ALG_ID symAlg, // IN: the symmetric algorithm + TPM_ALG_ID hash, // IN: hash algorithm for KDFa + UINT16 keySizeInBits, // IN: the key size in bits + TPM2B *key, // IN: KDF HMAC key + TPM2B *nonceCaller, // IN: nonce caller + TPM2B *nonceTpm, // IN: nonce TPM + UINT32 dataSize, // IN: size of parameter buffer + BYTE *data // OUT: buffer to be decrypted +); + +//*** ParmEncryptSym() +// This function performs parameter encryption using symmetric block cipher. +void +ParmEncryptSym( + TPM_ALG_ID symAlg, // IN: symmetric algorithm + TPM_ALG_ID hash, // IN: hash algorithm for KDFa + UINT16 keySizeInBits, // IN: symmetric key size in bits + TPM2B *key, // IN: KDF HMAC key + TPM2B *nonceCaller, // IN: nonce caller + TPM2B *nonceTpm, // IN: nonce TPM + UINT32 dataSize, // IN: size of parameter buffer + BYTE *data // OUT: buffer to be encrypted +); + +//*** CryptXORObfuscation() +// This function implements XOR obfuscation. It should not be called if the +// hash algorithm is not implemented. The only return value from this function +// is TPM_RC_SUCCESS. +void +CryptXORObfuscation( + TPM_ALG_ID hash, // IN: hash algorithm for KDF + TPM2B *key, // IN: KDF key + TPM2B *contextU, // IN: contextU + TPM2B *contextV, // IN: contextV + UINT32 dataSize, // IN: size of data buffer + BYTE *data // IN/OUT: data to be XORed in place +); + +//*** CryptInit() +// This function is called when the TPM receives a _TPM_Init indication. +// +// NOTE: The hash algorithms do not have to be tested, they just need to be +// available. They have to be tested before the TPM can accept HMAC authorization +// or return any result that relies on a hash algorithm. +// Return Type: BOOL +// TRUE(1) initializations succeeded +// FALSE(0) initialization failed and caller should place the TPM into +// Failure Mode +BOOL +CryptInit( + void +); + +//*** CryptStartup() +// This function is called by TPM2_Startup() to initialize the functions in +// this cryptographic library and in the provided CryptoLibrary. This function +// and CryptUtilInit() are both provided so that the implementation may move the +// initialization around to get the best interaction. +// Return Type: BOOL +// TRUE(1) startup succeeded +// FALSE(0) startup failed and caller should place the TPM into +// Failure Mode +BOOL +CryptStartup( + STARTUP_TYPE type // IN: the startup type +); + +//**************************************************************************** +//** Algorithm-Independent Functions +//**************************************************************************** +//*** Introduction +// These functions are used generically when a function of a general type +// (e.g., symmetric encryption) is required. The functions will modify the +// parameters as required to interface to the indicated algorithms. +// +//*** CryptIsAsymAlgorithm() +// This function indicates if an algorithm is an asymmetric algorithm. +// Return Type: BOOL +// TRUE(1) if it is an asymmetric algorithm +// FALSE(0) if it is not an asymmetric algorithm +BOOL +CryptIsAsymAlgorithm( + TPM_ALG_ID algID // IN: algorithm ID +); + +//*** CryptSecretEncrypt() +// This function creates a secret value and its associated secret structure using +// an asymmetric algorithm. +// +// This function is used by TPM2_Rewrap() TPM2_MakeCredential(), +// and TPM2_Duplicate(). +// Return Type: TPM_RC +// TPM_RC_ATTRIBUTES 'keyHandle' does not reference a valid decryption key +// TPM_RC_KEY invalid ECC key (public point is not on the curve) +// TPM_RC_SCHEME RSA key with an unsupported padding scheme +// TPM_RC_VALUE numeric value of the data to be decrypted is greater +// than the RSA key modulus +TPM_RC +CryptSecretEncrypt( + OBJECT *encryptKey, // IN: encryption key object + const TPM2B *label, // IN: a null-terminated string as L + TPM2B_DATA *data, // OUT: secret value + TPM2B_ENCRYPTED_SECRET *secret // OUT: secret structure +); + +//*** CryptSecretDecrypt() +// Decrypt a secret value by asymmetric (or symmetric) algorithm +// This function is used for ActivateCredential and Import for asymmetric +// decryption, and StartAuthSession for both asymmetric and symmetric +// decryption process +// +// Return Type: TPM_RC +// TPM_RC_ATTRIBUTES RSA key is not a decryption key +// TPM_RC_BINDING Invalid RSA key (public and private parts are not +// cryptographically bound. +// TPM_RC_ECC_POINT ECC point in the secret is not on the curve +// TPM_RC_INSUFFICIENT failed to retrieve ECC point from the secret +// TPM_RC_NO_RESULT multiplication resulted in ECC point at infinity +// TPM_RC_SIZE data to decrypt is not of the same size as RSA key +// TPM_RC_VALUE For RSA key, numeric value of the encrypted data is +// greater than the modulus, or the recovered data is +// larger than the output buffer. +// For keyedHash or symmetric key, the secret is +// larger than the size of the digest produced by +// the name algorithm. +// TPM_RC_FAILURE internal error +TPM_RC +CryptSecretDecrypt( + OBJECT *decryptKey, // IN: decrypt key + TPM2B_NONCE *nonceCaller, // IN: nonceCaller. It is needed for + // symmetric decryption. For + // asymmetric decryption, this + // parameter is NULL + const TPM2B *label, // IN: a value for L + TPM2B_ENCRYPTED_SECRET *secret, // IN: input secret + TPM2B_DATA *data // OUT: decrypted secret value +); + +//*** CryptParameterEncryption() +// This function does in-place encryption of a response parameter. +void +CryptParameterEncryption( + TPM_HANDLE handle, // IN: encrypt session handle + TPM2B *nonceCaller, // IN: nonce caller + UINT16 leadingSizeInByte, // IN: the size of the leading size field in + // bytes + TPM2B_AUTH *extraKey, // IN: additional key material other than + // sessionAuth + BYTE *buffer // IN/OUT: parameter buffer to be encrypted +); + +//*** CryptParameterDecryption() +// This function does in-place decryption of a command parameter. +// Return Type: TPM_RC +// TPM_RC_SIZE The number of bytes in the input buffer is less than +// the number of bytes to be decrypted. +TPM_RC +CryptParameterDecryption( + TPM_HANDLE handle, // IN: encrypted session handle + TPM2B *nonceCaller, // IN: nonce caller + UINT32 bufferSize, // IN: size of parameter buffer + UINT16 leadingSizeInByte, // IN: the size of the leading size field in + // byte + TPM2B_AUTH *extraKey, // IN: the authValue + BYTE *buffer // IN/OUT: parameter buffer to be decrypted +); + +//*** CryptComputeSymmetricUnique() +// This function computes the unique field in public area for symmetric objects. +void +CryptComputeSymmetricUnique( + TPMT_PUBLIC *publicArea, // IN: the object's public area + TPMT_SENSITIVE *sensitive, // IN: the associated sensitive area + TPM2B_DIGEST *unique // OUT: unique buffer +); + +//*** CryptCreateObject() +// This function creates an object. +// For an asymmetric key, it will create a key pair and, for a parent key, a seed +// value for child protections. +// +// For an symmetric object, (TPM_ALG_SYMCIPHER or TPM_ALG_KEYEDHASH), it will +// create a secret key if the caller did not provide one. It will create a random +// secret seed value that is hashed with the secret value to create the public +// unique value. +// +// 'publicArea', 'sensitive', and 'sensitiveCreate' are the only required parameters +// and are the only ones that are used by TPM2_Create(). The other parameters +// are optional and are used when the generated Object needs to be deterministic. +// This is the case for both Primary Objects and Derived Objects. +// +// When a seed value is provided, a RAND_STATE will be populated and used for +// all operations in the object generation that require a random number. In the +// simplest case, TPM2_CreatePrimary() will use 'seed', 'label' and 'context' with +// context being the hash of the template. If the Primary Object is in +// the Endorsement hierarchy, it will also populate 'proof' with ehProof. +// +// For derived keys, 'seed' will be the secret value from the parent, 'label' and +// 'context' will be set according to the parameters of TPM2_CreateLoaded() and +// 'hashAlg' will be set which causes the RAND_STATE to be a KDF generator. +// +// Return Type: TPM_RC +// TPM_RC_KEY a provided key is not an allowed value +// TPM_RC_KEY_SIZE key size in the public area does not match the size +// in the sensitive creation area for a symmetric key +// TPM_RC_NO_RESULT unable to get random values (only in derivation) +// TPM_RC_RANGE for an RSA key, the exponent is not supported +// TPM_RC_SIZE sensitive data size is larger than allowed for the +// scheme for a keyed hash object +// TPM_RC_VALUE exponent is not prime or could not find a prime using +// the provided parameters for an RSA key; +// unsupported name algorithm for an ECC key +TPM_RC +CryptCreateObject( + OBJECT *object, // IN: new object structure pointer + TPMS_SENSITIVE_CREATE *sensitiveCreate, // IN: sensitive creation + RAND_STATE *rand // IN: the random number generator + // to use +); + +//*** CryptGetSignHashAlg() +// Get the hash algorithm of signature from a TPMT_SIGNATURE structure. +// It assumes the signature is not NULL +// This is a function for easy access +TPMI_ALG_HASH +CryptGetSignHashAlg( + TPMT_SIGNATURE *auth // IN: signature +); + +//*** CryptIsSplitSign() +// This function us used to determine if the signing operation is a split +// signing operation that required a TPM2_Commit(). +// +BOOL +CryptIsSplitSign( + TPM_ALG_ID scheme // IN: the algorithm selector +); + +//*** CryptIsAsymSignScheme() +// This function indicates if a scheme algorithm is a sign algorithm. +BOOL +CryptIsAsymSignScheme( + TPMI_ALG_PUBLIC publicType, // IN: Type of the object + TPMI_ALG_ASYM_SCHEME scheme // IN: the scheme +); + +//*** CryptIsAsymDecryptScheme() +// This function indicate if a scheme algorithm is a decrypt algorithm. +BOOL +CryptIsAsymDecryptScheme( + TPMI_ALG_PUBLIC publicType, // IN: Type of the object + TPMI_ALG_ASYM_SCHEME scheme // IN: the scheme +); + +//*** CryptSelectSignScheme() +// This function is used by the attestation and signing commands. It implements +// the rules for selecting the signature scheme to use in signing. This function +// requires that the signing key either be TPM_RH_NULL or be loaded. +// +// If a default scheme is defined in object, the default scheme should be chosen, +// otherwise, the input scheme should be chosen. +// In the case that both object and input scheme has a non-NULL scheme +// algorithm, if the schemes are compatible, the input scheme will be chosen. +// +// This function should not be called if 'signObject->publicArea.type' == +// ALG_SYMCIPHER. +// +// Return Type: BOOL +// TRUE(1) scheme selected +// FALSE(0) both 'scheme' and key's default scheme are empty; or +// 'scheme' is empty while key's default scheme requires +// explicit input scheme (split signing); or +// non-empty default key scheme differs from 'scheme' +BOOL +CryptSelectSignScheme( + OBJECT *signObject, // IN: signing key + TPMT_SIG_SCHEME *scheme // IN/OUT: signing scheme +); + +//*** CryptSign() +// Sign a digest with asymmetric key or HMAC. +// This function is called by attestation commands and the generic TPM2_Sign +// command. +// This function checks the key scheme and digest size. It does not +// check if the sign operation is allowed for restricted key. It should be +// checked before the function is called. +// The function will assert if the key is not a signing key. +// +// Return Type: TPM_RC +// TPM_RC_SCHEME 'signScheme' is not compatible with the signing key type +// TPM_RC_VALUE 'digest' value is greater than the modulus of +// 'signHandle' or size of 'hashData' does not match hash +// algorithm in'signScheme' (for an RSA key); +// invalid commit status or failed to generate "r" value +// (for an ECC key) +TPM_RC +CryptSign( + OBJECT *signKey, // IN: signing key + TPMT_SIG_SCHEME *signScheme, // IN: sign scheme. + TPM2B_DIGEST *digest, // IN: The digest being signed + TPMT_SIGNATURE *signature // OUT: signature +); + +//*** CryptValidateSignature() +// This function is used to verify a signature. It is called by +// TPM2_VerifySignature() and TPM2_PolicySigned. +// +// Since this operation only requires use of a public key, no consistency +// checks are necessary for the key to signature type because a caller can load +// any public key that they like with any scheme that they like. This routine +// simply makes sure that the signature is correct, whatever the type. +// +// Return Type: TPM_RC +// TPM_RC_SIGNATURE the signature is not genuine +// TPM_RC_SCHEME the scheme is not supported +// TPM_RC_HANDLE an HMAC key was selected but the +// private part of the key is not loaded +TPM_RC +CryptValidateSignature( + TPMI_DH_OBJECT keyHandle, // IN: The handle of sign key + TPM2B_DIGEST *digest, // IN: The digest being validated + TPMT_SIGNATURE *signature // IN: signature +); + +//*** CryptGetTestResult +// This function returns the results of a self-test function. +// Note: the behavior in this function is NOT the correct behavior for a real +// TPM implementation. An artificial behavior is placed here due to the +// limitation of a software simulation environment. For the correct behavior, +// consult the part 3 specification for TPM2_GetTestResult(). +TPM_RC +CryptGetTestResult( + TPM2B_MAX_BUFFER *outData // OUT: test result data +); + +//*** CryptIsUniqueSizeValid() +// This function validates that the unique values are consistent. +// NOTE: This is not a comprehensive test of the public key. +// Return Type: BOOL +// TRUE(1) sizes are consistent +// FALSE(0) sizes are not consistent +BOOL +CryptIsUniqueSizeValid( + TPMT_PUBLIC *publicArea // IN: the public area to check +); + +//*** CryptIsSensitiveSizeValid() +// This function is used by TPM2_LoadExternal() to validate that the sensitive area +// contains a 'sensitive' value that is consistent with the values in the public +// area. +BOOL +CryptIsSensitiveSizeValid( + TPMT_PUBLIC *publicArea, // IN: the object's public part + TPMT_SENSITIVE *sensitiveArea // IN: the object's sensitive part +); + +//*** CryptValidateKeys() +// This function is used to verify that the key material of and object is valid. +// For a 'publicOnly' object, the key is verified for size and, if it is an ECC +// key, it is verified to be on the specified curve. For a key with a sensitive +// area, the binding between the public and private parts of the key are verified. +// If the nameAlg of the key is TPM_ALG_NULL, then the size of the sensitive area +// is verified but the public portion is not verified, unless the key is an RSA key. +// For an RSA key, the reason for loading the sensitive area is to use it. The +// only way to use a private RSA key is to compute the private exponent. To compute +// the private exponent, the public modulus is used. +// Return Type: TPM_RC +// TPM_RC_BINDING the public and private parts are not cryptographically +// bound +// TPM_RC_HASH cannot have a publicOnly key with nameAlg of TPM_ALG_NULL +// TPM_RC_KEY the public unique is not valid +// TPM_RC_KEY_SIZE the private area key is not valid +// TPM_RC_TYPE the types of the sensitive and private parts do not match +TPM_RC +CryptValidateKeys( + TPMT_PUBLIC *publicArea, + TPMT_SENSITIVE *sensitive, + TPM_RC blamePublic, + TPM_RC blameSensitive +); + +//*** CryptAlgSetImplemented() +// This function initializes the bit vector with one bit for each implemented +// algorithm. This function is called from _TPM_Init(). The vector of implemented +// algorithms should be generated by the part 2 parser so that the +// 'g_implementedAlgorithms' vector can be a constant. That's not how it is now +void +CryptAlgsSetImplemented( + void +); + +//*** CryptSelectMac() +// This function is used to set the MAC scheme based on the key parameters and +// the input scheme. +// Return Type: TPM_RC +// TPM_RC_SCHEME the scheme is not a valid mac scheme +// TPM_RC_TYPE the input key is not a type that supports a mac +// TPM_RC_VALUE the input scheme and the key scheme are not compatible +TPM_RC +CryptSelectMac( + TPMT_PUBLIC *publicArea, + TPMI_ALG_MAC_SCHEME *inMac +); + +//*** CryptMacIsValidForKey() +// Check to see if the key type is compatible with the mac type +BOOL +CryptMacIsValidForKey( + TPM_ALG_ID keyType, + TPM_ALG_ID macAlg, + BOOL flag +); + +//*** CryptSmacIsValidAlg() +// This function is used to test if an algorithm is a supported SMAC algorithm. It +// needs to be updated as new algorithms are added. +BOOL +CryptSmacIsValidAlg( + TPM_ALG_ID alg, + BOOL FLAG // IN: Indicates if TPM_ALG_NULL is valid +); + +//*** CryptSymModeIsValid() +// Function checks to see if an algorithm ID is a valid, symmetric block cipher +// mode for the TPM. If 'flag' is SET, them TPM_ALG_NULL is a valid mode. +// not include the modes used for SMAC +BOOL +CryptSymModeIsValid( + TPM_ALG_ID mode, + BOOL flag +); + +#endif // _CRYPT_UTIL_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/DA_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/DA_fp.h new file mode 100644 index 000000000..88b50282e --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/DA_fp.h @@ -0,0 +1,88 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Apr 2, 2019 Time: 04:23:27PM + */ + +#ifndef _DA_FP_H_ +#define _DA_FP_H_ + +//*** DAPreInstall_Init() +// This function initializes the DA parameters to their manufacturer-default +// values. The default values are determined by a platform-specific specification. +// +// This function should not be called outside of a manufacturing or simulation +// environment. +// +// The DA parameters will be restored to these initial values by TPM2_Clear(). +void +DAPreInstall_Init( + void +); + +//*** DAStartup() +// This function is called by TPM2_Startup() to initialize the DA parameters. +// In the case of Startup(CLEAR), use of lockoutAuth will be enabled if the +// lockout recovery time is 0. Otherwise, lockoutAuth will not be enabled until +// the TPM has been continuously powered for the lockoutRecovery time. +// +// This function requires that NV be available and not rate limiting. +BOOL +DAStartup( + STARTUP_TYPE type // IN: startup type +); + +//*** DARegisterFailure() +// This function is called when a authorization failure occurs on an entity +// that is subject to dictionary-attack protection. When a DA failure is +// triggered, register the failure by resetting the relevant self-healing +// timer to the current time. +void +DARegisterFailure( + TPM_HANDLE handle // IN: handle for failure +); + +//*** DASelfHeal() +// This function is called to check if sufficient time has passed to allow +// decrement of failedTries or to re-enable use of lockoutAuth. +// +// This function should be called when the time interval is updated. +void +DASelfHeal( + void +); + +#endif // _DA_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/DictionaryAttackLockReset_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/DictionaryAttackLockReset_fp.h new file mode 100644 index 000000000..e8be2fc9c --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/DictionaryAttackLockReset_fp.h @@ -0,0 +1,60 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_DictionaryAttackLockReset // Command must be enabled + +#ifndef _Dictionary_Attack_Lock_Reset_FP_H_ +#define _Dictionary_Attack_Lock_Reset_FP_H_ + +// Input structure definition +typedef struct { + TPMI_RH_LOCKOUT lockHandle; +} DictionaryAttackLockReset_In; + +// Response code modifiers +#define RC_DictionaryAttackLockReset_lockHandle (TPM_RC_H + TPM_RC_1) + +// Function prototype +TPM_RC +TPM2_DictionaryAttackLockReset( + DictionaryAttackLockReset_In *in +); + +#endif // _Dictionary_Attack_Lock_Reset_FP_H_ +#endif // CC_DictionaryAttackLockReset diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/DictionaryAttackParameters_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/DictionaryAttackParameters_fp.h new file mode 100644 index 000000000..787a9e22f --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/DictionaryAttackParameters_fp.h @@ -0,0 +1,66 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_DictionaryAttackParameters // Command must be enabled + +#ifndef _Dictionary_Attack_Parameters_FP_H_ +#define _Dictionary_Attack_Parameters_FP_H_ + +// Input structure definition +typedef struct { + TPMI_RH_LOCKOUT lockHandle; + UINT32 newMaxTries; + UINT32 newRecoveryTime; + UINT32 lockoutRecovery; +} DictionaryAttackParameters_In; + +// Response code modifiers +#define RC_DictionaryAttackParameters_lockHandle (TPM_RC_H + TPM_RC_1) +#define RC_DictionaryAttackParameters_newMaxTries (TPM_RC_P + TPM_RC_1) +#define RC_DictionaryAttackParameters_newRecoveryTime (TPM_RC_P + TPM_RC_2) +#define RC_DictionaryAttackParameters_lockoutRecovery (TPM_RC_P + TPM_RC_3) + +// Function prototype +TPM_RC +TPM2_DictionaryAttackParameters( + DictionaryAttackParameters_In *in +); + +#endif // _Dictionary_Attack_Parameters_FP_H_ +#endif // CC_DictionaryAttackParameters diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Duplicate_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Duplicate_fp.h new file mode 100644 index 000000000..74f064c6e --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Duplicate_fp.h @@ -0,0 +1,74 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_Duplicate // Command must be enabled + +#ifndef _Duplicate_FP_H_ +#define _Duplicate_FP_H_ + +// Input structure definition +typedef struct { + TPMI_DH_OBJECT objectHandle; + TPMI_DH_OBJECT newParentHandle; + TPM2B_DATA encryptionKeyIn; + TPMT_SYM_DEF_OBJECT symmetricAlg; +} Duplicate_In; + +// Output structure definition +typedef struct { + TPM2B_DATA encryptionKeyOut; + TPM2B_PRIVATE duplicate; + TPM2B_ENCRYPTED_SECRET outSymSeed; +} Duplicate_Out; + +// Response code modifiers +#define RC_Duplicate_objectHandle (TPM_RC_H + TPM_RC_1) +#define RC_Duplicate_newParentHandle (TPM_RC_H + TPM_RC_2) +#define RC_Duplicate_encryptionKeyIn (TPM_RC_P + TPM_RC_1) +#define RC_Duplicate_symmetricAlg (TPM_RC_P + TPM_RC_2) + +// Function prototype +TPM_RC +TPM2_Duplicate( + Duplicate_In *in, + Duplicate_Out *out +); + +#endif // _Duplicate_FP_H_ +#endif // CC_Duplicate diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ECC_Parameters_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ECC_Parameters_fp.h new file mode 100644 index 000000000..c38b14cb3 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ECC_Parameters_fp.h @@ -0,0 +1,66 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_ECC_Parameters // Command must be enabled + +#ifndef _ECC_Parameters_FP_H_ +#define _ECC_Parameters_FP_H_ + +// Input structure definition +typedef struct { + TPMI_ECC_CURVE curveID; +} ECC_Parameters_In; + +// Output structure definition +typedef struct { + TPMS_ALGORITHM_DETAIL_ECC parameters; +} ECC_Parameters_Out; + +// Response code modifiers +#define RC_ECC_Parameters_curveID (TPM_RC_P + TPM_RC_1) + +// Function prototype +TPM_RC +TPM2_ECC_Parameters( + ECC_Parameters_In *in, + ECC_Parameters_Out *out +); + +#endif // _ECC_Parameters_FP_H_ +#endif // CC_ECC_Parameters diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ECDH_KeyGen_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ECDH_KeyGen_fp.h new file mode 100644 index 000000000..f86e16f93 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ECDH_KeyGen_fp.h @@ -0,0 +1,67 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_ECDH_KeyGen // Command must be enabled + +#ifndef _ECDH_Key_Gen_FP_H_ +#define _ECDH_Key_Gen_FP_H_ + +// Input structure definition +typedef struct { + TPMI_DH_OBJECT keyHandle; +} ECDH_KeyGen_In; + +// Output structure definition +typedef struct { + TPM2B_ECC_POINT zPoint; + TPM2B_ECC_POINT pubPoint; +} ECDH_KeyGen_Out; + +// Response code modifiers +#define RC_ECDH_KeyGen_keyHandle (TPM_RC_H + TPM_RC_1) + +// Function prototype +TPM_RC +TPM2_ECDH_KeyGen( + ECDH_KeyGen_In *in, + ECDH_KeyGen_Out *out +); + +#endif // _ECDH_Key_Gen_FP_H_ +#endif // CC_ECDH_KeyGen diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ECDH_ZGen_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ECDH_ZGen_fp.h new file mode 100644 index 000000000..ba77f5f31 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ECDH_ZGen_fp.h @@ -0,0 +1,68 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_ECDH_ZGen // Command must be enabled + +#ifndef _ECDH_ZGen_FP_H_ +#define _ECDH_ZGen_FP_H_ + +// Input structure definition +typedef struct { + TPMI_DH_OBJECT keyHandle; + TPM2B_ECC_POINT inPoint; +} ECDH_ZGen_In; + +// Output structure definition +typedef struct { + TPM2B_ECC_POINT outPoint; +} ECDH_ZGen_Out; + +// Response code modifiers +#define RC_ECDH_ZGen_keyHandle (TPM_RC_H + TPM_RC_1) +#define RC_ECDH_ZGen_inPoint (TPM_RC_P + TPM_RC_1) + +// Function prototype +TPM_RC +TPM2_ECDH_ZGen( + ECDH_ZGen_In *in, + ECDH_ZGen_Out *out +); + +#endif // _ECDH_ZGen_FP_H_ +#endif // CC_ECDH_ZGen diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/EC_Ephemeral_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/EC_Ephemeral_fp.h new file mode 100644 index 000000000..7b0ba0fec --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/EC_Ephemeral_fp.h @@ -0,0 +1,67 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_EC_Ephemeral // Command must be enabled + +#ifndef _EC_Ephemeral_FP_H_ +#define _EC_Ephemeral_FP_H_ + +// Input structure definition +typedef struct { + TPMI_ECC_CURVE curveID; +} EC_Ephemeral_In; + +// Output structure definition +typedef struct { + TPM2B_ECC_POINT Q; + UINT16 counter; +} EC_Ephemeral_Out; + +// Response code modifiers +#define RC_EC_Ephemeral_curveID (TPM_RC_P + TPM_RC_1) + +// Function prototype +TPM_RC +TPM2_EC_Ephemeral( + EC_Ephemeral_In *in, + EC_Ephemeral_Out *out +); + +#endif // _EC_Ephemeral_FP_H_ +#endif // CC_EC_Ephemeral diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/EncryptDecrypt2_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/EncryptDecrypt2_fp.h new file mode 100644 index 000000000..20e717ede --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/EncryptDecrypt2_fp.h @@ -0,0 +1,75 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_EncryptDecrypt2 // Command must be enabled + +#ifndef _Encrypt_Decrypt2_FP_H_ +#define _Encrypt_Decrypt2_FP_H_ + +// Input structure definition +typedef struct { + TPMI_DH_OBJECT keyHandle; + TPM2B_MAX_BUFFER inData; + TPMI_YES_NO decrypt; + TPMI_ALG_CIPHER_MODE mode; + TPM2B_IV ivIn; +} EncryptDecrypt2_In; + +// Output structure definition +typedef struct { + TPM2B_MAX_BUFFER outData; + TPM2B_IV ivOut; +} EncryptDecrypt2_Out; + +// Response code modifiers +#define RC_EncryptDecrypt2_keyHandle (TPM_RC_H + TPM_RC_1) +#define RC_EncryptDecrypt2_inData (TPM_RC_P + TPM_RC_1) +#define RC_EncryptDecrypt2_decrypt (TPM_RC_P + TPM_RC_2) +#define RC_EncryptDecrypt2_mode (TPM_RC_P + TPM_RC_3) +#define RC_EncryptDecrypt2_ivIn (TPM_RC_P + TPM_RC_4) + +// Function prototype +TPM_RC +TPM2_EncryptDecrypt2( + EncryptDecrypt2_In *in, + EncryptDecrypt2_Out *out +); + +#endif // _Encrypt_Decrypt2_FP_H_ +#endif // CC_EncryptDecrypt2 diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/EncryptDecrypt_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/EncryptDecrypt_fp.h new file mode 100644 index 000000000..689d2688e --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/EncryptDecrypt_fp.h @@ -0,0 +1,75 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_EncryptDecrypt // Command must be enabled + +#ifndef _Encrypt_Decrypt_FP_H_ +#define _Encrypt_Decrypt_FP_H_ + +// Input structure definition +typedef struct { + TPMI_DH_OBJECT keyHandle; + TPMI_YES_NO decrypt; + TPMI_ALG_CIPHER_MODE mode; + TPM2B_IV ivIn; + TPM2B_MAX_BUFFER inData; +} EncryptDecrypt_In; + +// Output structure definition +typedef struct { + TPM2B_MAX_BUFFER outData; + TPM2B_IV ivOut; +} EncryptDecrypt_Out; + +// Response code modifiers +#define RC_EncryptDecrypt_keyHandle (TPM_RC_H + TPM_RC_1) +#define RC_EncryptDecrypt_decrypt (TPM_RC_P + TPM_RC_1) +#define RC_EncryptDecrypt_mode (TPM_RC_P + TPM_RC_2) +#define RC_EncryptDecrypt_ivIn (TPM_RC_P + TPM_RC_3) +#define RC_EncryptDecrypt_inData (TPM_RC_P + TPM_RC_4) + +// Function prototype +TPM_RC +TPM2_EncryptDecrypt( + EncryptDecrypt_In *in, + EncryptDecrypt_Out *out +); + +#endif // _Encrypt_Decrypt_FP_H_ +#endif // CC_EncryptDecrypt diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/EncryptDecrypt_spt_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/EncryptDecrypt_spt_fp.h new file mode 100644 index 000000000..b1e7c39ef --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/EncryptDecrypt_spt_fp.h @@ -0,0 +1,64 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Mar 28, 2019 Time: 08:25:18PM + */ + +#ifndef _ENCRYPT_DECRYPT_SPT_FP_H_ +#define _ENCRYPT_DECRYPT_SPT_FP_H_ + +#if CC_EncryptDecrypt2 + +// Return Type: TPM_RC +// TPM_RC_KEY is not a symmetric decryption key with both +// public and private portions loaded +// TPM_RC_SIZE 'IvIn' size is incompatible with the block cipher mode; +// or 'inData' size is not an even multiple of the block +// size for CBC or ECB mode +// TPM_RC_VALUE 'keyHandle' is restricted and the argument 'mode' does +// not match the key's mode +TPM_RC +EncryptDecryptShared( + TPMI_DH_OBJECT keyHandleIn, + TPMI_YES_NO decryptIn, + TPMI_ALG_SYM_MODE modeIn, + TPM2B_IV *ivIn, + TPM2B_MAX_BUFFER *inData, + EncryptDecrypt_Out *out +); +#endif // CC_EncryptDecrypt + +#endif // _ENCRYPT_DECRYPT_SPT_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Entity_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Entity_fp.h new file mode 100644 index 000000000..4bb2a1b55 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Entity_fp.h @@ -0,0 +1,108 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Mar 28, 2019 Time: 08:25:19PM + */ + +#ifndef _ENTITY_FP_H_ +#define _ENTITY_FP_H_ + +//** Functions +//*** EntityGetLoadStatus() +// This function will check that all the handles access loaded entities. +// Return Type: TPM_RC +// TPM_RC_HANDLE handle type does not match +// TPM_RC_REFERENCE_Hx entity is not present +// TPM_RC_HIERARCHY entity belongs to a disabled hierarchy +// TPM_RC_OBJECT_MEMORY handle is an evict object but there is no +// space to load it to RAM +TPM_RC +EntityGetLoadStatus( + COMMAND *command // IN/OUT: command parsing structure +); + +//*** EntityGetAuthValue() +// This function is used to access the 'authValue' associated with a handle. +// This function assumes that the handle references an entity that is accessible +// and the handle is not for a persistent objects. That is EntityGetLoadStatus() +// should have been called. Also, the accessibility of the authValue should have +// been verified by IsAuthValueAvailable(). +// +// This function copies the authorization value of the entity to 'auth'. +// Return Type: UINT16 +// count number of bytes in the authValue with 0's stripped +UINT16 +EntityGetAuthValue( + TPMI_DH_ENTITY handle, // IN: handle of entity + TPM2B_AUTH *auth // OUT: authValue of the entity +); + +//*** EntityGetAuthPolicy() +// This function is used to access the 'authPolicy' associated with a handle. +// This function assumes that the handle references an entity that is accessible +// and the handle is not for a persistent objects. That is EntityGetLoadStatus() +// should have been called. Also, the accessibility of the authPolicy should have +// been verified by IsAuthPolicyAvailable(). +// +// This function copies the authorization policy of the entity to 'authPolicy'. +// +// The return value is the hash algorithm for the policy. +TPMI_ALG_HASH +EntityGetAuthPolicy( + TPMI_DH_ENTITY handle, // IN: handle of entity + TPM2B_DIGEST *authPolicy // OUT: authPolicy of the entity +); + +//*** EntityGetName() +// This function returns the Name associated with a handle. +TPM2B_NAME * +EntityGetName( + TPMI_DH_ENTITY handle, // IN: handle of entity + TPM2B_NAME *name // OUT: name of entity +); + +//*** EntityGetHierarchy() +// This function returns the hierarchy handle associated with an entity. +// 1. A handle that is a hierarchy handle is associated with itself. +// 2. An NV index belongs to TPM_RH_PLATFORM if TPMA_NV_PLATFORMCREATE, +// is SET, otherwise it belongs to TPM_RH_OWNER +// 3. An object handle belongs to its hierarchy. +TPMI_RH_HIERARCHY +EntityGetHierarchy( + TPMI_DH_ENTITY handle // IN :handle of entity +); + +#endif // _ENTITY_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/EventSequenceComplete_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/EventSequenceComplete_fp.h new file mode 100644 index 000000000..ec346f370 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/EventSequenceComplete_fp.h @@ -0,0 +1,70 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_EventSequenceComplete // Command must be enabled + +#ifndef _Event_Sequence_Complete_FP_H_ +#define _Event_Sequence_Complete_FP_H_ + +// Input structure definition +typedef struct { + TPMI_DH_PCR pcrHandle; + TPMI_DH_OBJECT sequenceHandle; + TPM2B_MAX_BUFFER buffer; +} EventSequenceComplete_In; + +// Output structure definition +typedef struct { + TPML_DIGEST_VALUES results; +} EventSequenceComplete_Out; + +// Response code modifiers +#define RC_EventSequenceComplete_pcrHandle (TPM_RC_H + TPM_RC_1) +#define RC_EventSequenceComplete_sequenceHandle (TPM_RC_H + TPM_RC_2) +#define RC_EventSequenceComplete_buffer (TPM_RC_P + TPM_RC_1) + +// Function prototype +TPM_RC +TPM2_EventSequenceComplete( + EventSequenceComplete_In *in, + EventSequenceComplete_Out *out +); + +#endif // _Event_Sequence_Complete_FP_H_ +#endif // CC_EventSequenceComplete diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/EvictControl_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/EvictControl_fp.h new file mode 100644 index 000000000..340eb8c97 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/EvictControl_fp.h @@ -0,0 +1,64 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_EvictControl // Command must be enabled + +#ifndef _Evict_Control_FP_H_ +#define _Evict_Control_FP_H_ + +// Input structure definition +typedef struct { + TPMI_RH_PROVISION auth; + TPMI_DH_OBJECT objectHandle; + TPMI_DH_PERSISTENT persistentHandle; +} EvictControl_In; + +// Response code modifiers +#define RC_EvictControl_auth (TPM_RC_H + TPM_RC_1) +#define RC_EvictControl_objectHandle (TPM_RC_H + TPM_RC_2) +#define RC_EvictControl_persistentHandle (TPM_RC_P + TPM_RC_1) + +// Function prototype +TPM_RC +TPM2_EvictControl( + EvictControl_In *in +); + +#endif // _Evict_Control_FP_H_ +#endif // CC_EvictControl diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ExecCommand_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ExecCommand_fp.h new file mode 100644 index 000000000..7d2e5fdaf --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ExecCommand_fp.h @@ -0,0 +1,88 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Mar 28, 2019 Time: 08:25:19PM + */ + +#ifndef _EXEC_COMMAND_FP_H_ +#define _EXEC_COMMAND_FP_H_ + +//** ExecuteCommand() +// +// The function performs the following steps. +// +// a) Parses the command header from input buffer. +// b) Calls ParseHandleBuffer() to parse the handle area of the command. +// c) Validates that each of the handles references a loaded entity. +// d) Calls ParseSessionBuffer () to: +// 1) unmarshal and parse the session area; +// 2) check the authorizations; and +// 3) when necessary, decrypt a parameter. +// e) Calls CommandDispatcher() to: +// 1) unmarshal the command parameters from the command buffer; +// 2) call the routine that performs the command actions; and +// 3) marshal the responses into the response buffer. +// f) If any error occurs in any of the steps above create the error response +// and return. +// g) Calls BuildResponseSessions() to: +// 1) when necessary, encrypt a parameter +// 2) build the response authorization sessions +// 3) update the audit sessions and nonces +// h) Calls BuildResponseHeader() to complete the construction of the response. +// +// 'responseSize' is set by the caller to the maximum number of bytes available in +// the output buffer. ExecuteCommand will adjust the value and return the number +// of bytes placed in the buffer. +// +// 'response' is also set by the caller to indicate the buffer into which +// ExecuteCommand is to place the response. +// +// 'request' and 'response' may point to the same buffer +// +// Note: As of February, 2016, the failure processing has been moved to the +// platform-specific code. When the TPM code encounters an unrecoverable failure, it +// will SET g_inFailureMode and call _plat__Fail(). That function should not return +// but may call ExecuteCommand(). +// +LIB_EXPORT void +ExecuteCommand( + uint32_t requestSize, // IN: command buffer size + unsigned char *request, // IN: command buffer + uint32_t *responseSize, // IN/OUT: response buffer size + unsigned char **response // IN/OUT: response buffer +); + +#endif // _EXEC_COMMAND_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/FieldUpgradeData_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/FieldUpgradeData_fp.h new file mode 100644 index 000000000..dba27ce31 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/FieldUpgradeData_fp.h @@ -0,0 +1,67 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_FieldUpgradeData // Command must be enabled + +#ifndef _Field_Upgrade_Data_FP_H_ +#define _Field_Upgrade_Data_FP_H_ + +// Input structure definition +typedef struct { + TPM2B_MAX_BUFFER fuData; +} FieldUpgradeData_In; + +// Output structure definition +typedef struct { + TPMT_HA nextDigest; + TPMT_HA firstDigest; +} FieldUpgradeData_Out; + +// Response code modifiers +#define RC_FieldUpgradeData_fuData (TPM_RC_P + TPM_RC_1) + +// Function prototype +TPM_RC +TPM2_FieldUpgradeData( + FieldUpgradeData_In *in, + FieldUpgradeData_Out *out +); + +#endif // _Field_Upgrade_Data_FP_H_ +#endif // CC_FieldUpgradeData diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/FieldUpgradeStart_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/FieldUpgradeStart_fp.h new file mode 100644 index 000000000..0047e3558 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/FieldUpgradeStart_fp.h @@ -0,0 +1,66 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_FieldUpgradeStart // Command must be enabled + +#ifndef _Field_Upgrade_Start_FP_H_ +#define _Field_Upgrade_Start_FP_H_ + +// Input structure definition +typedef struct { + TPMI_RH_PLATFORM authorization; + TPMI_DH_OBJECT keyHandle; + TPM2B_DIGEST fuDigest; + TPMT_SIGNATURE manifestSignature; +} FieldUpgradeStart_In; + +// Response code modifiers +#define RC_FieldUpgradeStart_authorization (TPM_RC_H + TPM_RC_1) +#define RC_FieldUpgradeStart_keyHandle (TPM_RC_H + TPM_RC_2) +#define RC_FieldUpgradeStart_fuDigest (TPM_RC_P + TPM_RC_1) +#define RC_FieldUpgradeStart_manifestSignature (TPM_RC_P + TPM_RC_2) + +// Function prototype +TPM_RC +TPM2_FieldUpgradeStart( + FieldUpgradeStart_In *in +); + +#endif // _Field_Upgrade_Start_FP_H_ +#endif // CC_FieldUpgradeStart diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/FirmwareRead_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/FirmwareRead_fp.h new file mode 100644 index 000000000..bc991ffa5 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/FirmwareRead_fp.h @@ -0,0 +1,66 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_FirmwareRead // Command must be enabled + +#ifndef _Firmware_Read_FP_H_ +#define _Firmware_Read_FP_H_ + +// Input structure definition +typedef struct { + UINT32 sequenceNumber; +} FirmwareRead_In; + +// Output structure definition +typedef struct { + TPM2B_MAX_BUFFER fuData; +} FirmwareRead_Out; + +// Response code modifiers +#define RC_FirmwareRead_sequenceNumber (TPM_RC_P + TPM_RC_1) + +// Function prototype +TPM_RC +TPM2_FirmwareRead( + FirmwareRead_In *in, + FirmwareRead_Out *out +); + +#endif // _Firmware_Read_FP_H_ +#endif // CC_FirmwareRead diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/FlushContext_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/FlushContext_fp.h new file mode 100644 index 000000000..8b0c7ffe8 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/FlushContext_fp.h @@ -0,0 +1,60 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_FlushContext // Command must be enabled + +#ifndef _Flush_Context_FP_H_ +#define _Flush_Context_FP_H_ + +// Input structure definition +typedef struct { + TPMI_DH_CONTEXT flushHandle; +} FlushContext_In; + +// Response code modifiers +#define RC_FlushContext_flushHandle (TPM_RC_P + TPM_RC_1) + +// Function prototype +TPM_RC +TPM2_FlushContext( + FlushContext_In *in +); + +#endif // _Flush_Context_FP_H_ +#endif // CC_FlushContext diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/GetCapability_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/GetCapability_fp.h new file mode 100644 index 000000000..83ad53cfa --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/GetCapability_fp.h @@ -0,0 +1,71 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_GetCapability // Command must be enabled + +#ifndef _Get_Capability_FP_H_ +#define _Get_Capability_FP_H_ + +// Input structure definition +typedef struct { + TPM_CAP capability; + UINT32 property; + UINT32 propertyCount; +} GetCapability_In; + +// Output structure definition +typedef struct { + TPMI_YES_NO moreData; + TPMS_CAPABILITY_DATA capabilityData; +} GetCapability_Out; + +// Response code modifiers +#define RC_GetCapability_capability (TPM_RC_P + TPM_RC_1) +#define RC_GetCapability_property (TPM_RC_P + TPM_RC_2) +#define RC_GetCapability_propertyCount (TPM_RC_P + TPM_RC_3) + +// Function prototype +TPM_RC +TPM2_GetCapability( + GetCapability_In *in, + GetCapability_Out *out +); + +#endif // _Get_Capability_FP_H_ +#endif // CC_GetCapability diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/GetCommandAuditDigest_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/GetCommandAuditDigest_fp.h new file mode 100644 index 000000000..193250e9a --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/GetCommandAuditDigest_fp.h @@ -0,0 +1,73 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_GetCommandAuditDigest // Command must be enabled + +#ifndef _Get_Command_Audit_Digest_FP_H_ +#define _Get_Command_Audit_Digest_FP_H_ + +// Input structure definition +typedef struct { + TPMI_RH_ENDORSEMENT privacyHandle; + TPMI_DH_OBJECT signHandle; + TPM2B_DATA qualifyingData; + TPMT_SIG_SCHEME inScheme; +} GetCommandAuditDigest_In; + +// Output structure definition +typedef struct { + TPM2B_ATTEST auditInfo; + TPMT_SIGNATURE signature; +} GetCommandAuditDigest_Out; + +// Response code modifiers +#define RC_GetCommandAuditDigest_privacyHandle (TPM_RC_H + TPM_RC_1) +#define RC_GetCommandAuditDigest_signHandle (TPM_RC_H + TPM_RC_2) +#define RC_GetCommandAuditDigest_qualifyingData (TPM_RC_P + TPM_RC_1) +#define RC_GetCommandAuditDigest_inScheme (TPM_RC_P + TPM_RC_2) + +// Function prototype +TPM_RC +TPM2_GetCommandAuditDigest( + GetCommandAuditDigest_In *in, + GetCommandAuditDigest_Out *out +); + +#endif // _Get_Command_Audit_Digest_FP_H_ +#endif // CC_GetCommandAuditDigest diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/GetRandom_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/GetRandom_fp.h new file mode 100644 index 000000000..1d82cef61 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/GetRandom_fp.h @@ -0,0 +1,66 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_GetRandom // Command must be enabled + +#ifndef _Get_Random_FP_H_ +#define _Get_Random_FP_H_ + +// Input structure definition +typedef struct { + UINT16 bytesRequested; +} GetRandom_In; + +// Output structure definition +typedef struct { + TPM2B_DIGEST randomBytes; +} GetRandom_Out; + +// Response code modifiers +#define RC_GetRandom_bytesRequested (TPM_RC_P + TPM_RC_1) + +// Function prototype +TPM_RC +TPM2_GetRandom( + GetRandom_In *in, + GetRandom_Out *out +); + +#endif // _Get_Random_FP_H_ +#endif // CC_GetRandom diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/GetSessionAuditDigest_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/GetSessionAuditDigest_fp.h new file mode 100644 index 000000000..e3ef9f651 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/GetSessionAuditDigest_fp.h @@ -0,0 +1,75 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_GetSessionAuditDigest // Command must be enabled + +#ifndef _Get_Session_Audit_Digest_FP_H_ +#define _Get_Session_Audit_Digest_FP_H_ + +// Input structure definition +typedef struct { + TPMI_RH_ENDORSEMENT privacyAdminHandle; + TPMI_DH_OBJECT signHandle; + TPMI_SH_HMAC sessionHandle; + TPM2B_DATA qualifyingData; + TPMT_SIG_SCHEME inScheme; +} GetSessionAuditDigest_In; + +// Output structure definition +typedef struct { + TPM2B_ATTEST auditInfo; + TPMT_SIGNATURE signature; +} GetSessionAuditDigest_Out; + +// Response code modifiers +#define RC_GetSessionAuditDigest_privacyAdminHandle (TPM_RC_H + TPM_RC_1) +#define RC_GetSessionAuditDigest_signHandle (TPM_RC_H + TPM_RC_2) +#define RC_GetSessionAuditDigest_sessionHandle (TPM_RC_H + TPM_RC_3) +#define RC_GetSessionAuditDigest_qualifyingData (TPM_RC_P + TPM_RC_1) +#define RC_GetSessionAuditDigest_inScheme (TPM_RC_P + TPM_RC_2) + +// Function prototype +TPM_RC +TPM2_GetSessionAuditDigest( + GetSessionAuditDigest_In *in, + GetSessionAuditDigest_Out *out +); + +#endif // _Get_Session_Audit_Digest_FP_H_ +#endif // CC_GetSessionAuditDigest diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/GetTestResult_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/GetTestResult_fp.h new file mode 100644 index 000000000..22fdc00db --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/GetTestResult_fp.h @@ -0,0 +1,59 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_GetTestResult // Command must be enabled + +#ifndef _Get_Test_Result_FP_H_ +#define _Get_Test_Result_FP_H_ + +// Output structure definition +typedef struct { + TPM2B_MAX_BUFFER outData; + TPM_RC testResult; +} GetTestResult_Out; + + +// Function prototype +TPM_RC +TPM2_GetTestResult( + GetTestResult_Out *out +); + +#endif // _Get_Test_Result_FP_H_ +#endif // CC_GetTestResult diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/GetTime_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/GetTime_fp.h new file mode 100644 index 000000000..2ef55ac5f --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/GetTime_fp.h @@ -0,0 +1,73 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_GetTime // Command must be enabled + +#ifndef _Get_Time_FP_H_ +#define _Get_Time_FP_H_ + +// Input structure definition +typedef struct { + TPMI_RH_ENDORSEMENT privacyAdminHandle; + TPMI_DH_OBJECT signHandle; + TPM2B_DATA qualifyingData; + TPMT_SIG_SCHEME inScheme; +} GetTime_In; + +// Output structure definition +typedef struct { + TPM2B_ATTEST timeInfo; + TPMT_SIGNATURE signature; +} GetTime_Out; + +// Response code modifiers +#define RC_GetTime_privacyAdminHandle (TPM_RC_H + TPM_RC_1) +#define RC_GetTime_signHandle (TPM_RC_H + TPM_RC_2) +#define RC_GetTime_qualifyingData (TPM_RC_P + TPM_RC_1) +#define RC_GetTime_inScheme (TPM_RC_P + TPM_RC_2) + +// Function prototype +TPM_RC +TPM2_GetTime( + GetTime_In *in, + GetTime_Out *out +); + +#endif // _Get_Time_FP_H_ +#endif // CC_GetTime diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/HMAC_Start_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/HMAC_Start_fp.h new file mode 100644 index 000000000..79f4a96cb --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/HMAC_Start_fp.h @@ -0,0 +1,70 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_HMAC_Start // Command must be enabled + +#ifndef _HMAC_Start_FP_H_ +#define _HMAC_Start_FP_H_ + +// Input structure definition +typedef struct { + TPMI_DH_OBJECT handle; + TPM2B_AUTH auth; + TPMI_ALG_HASH hashAlg; +} HMAC_Start_In; + +// Output structure definition +typedef struct { + TPMI_DH_OBJECT sequenceHandle; +} HMAC_Start_Out; + +// Response code modifiers +#define RC_HMAC_Start_handle (TPM_RC_H + TPM_RC_1) +#define RC_HMAC_Start_auth (TPM_RC_P + TPM_RC_1) +#define RC_HMAC_Start_hashAlg (TPM_RC_P + TPM_RC_2) + +// Function prototype +TPM_RC +TPM2_HMAC_Start( + HMAC_Start_In *in, + HMAC_Start_Out *out +); + +#endif // _HMAC_Start_FP_H_ +#endif // CC_HMAC_Start diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/HMAC_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/HMAC_fp.h new file mode 100644 index 000000000..63a6d0fbd --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/HMAC_fp.h @@ -0,0 +1,70 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_HMAC // Command must be enabled + +#ifndef _HMAC_FP_H_ +#define _HMAC_FP_H_ + +// Input structure definition +typedef struct { + TPMI_DH_OBJECT handle; + TPM2B_MAX_BUFFER buffer; + TPMI_ALG_HASH hashAlg; +} HMAC_In; + +// Output structure definition +typedef struct { + TPM2B_DIGEST outHMAC; +} HMAC_Out; + +// Response code modifiers +#define RC_HMAC_handle (TPM_RC_H + TPM_RC_1) +#define RC_HMAC_buffer (TPM_RC_P + TPM_RC_1) +#define RC_HMAC_hashAlg (TPM_RC_P + TPM_RC_2) + +// Function prototype +TPM_RC +TPM2_HMAC( + HMAC_In *in, + HMAC_Out *out +); + +#endif // _HMAC_FP_H_ +#endif // CC_HMAC diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Handle_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Handle_fp.h new file mode 100644 index 000000000..8ada3d356 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Handle_fp.h @@ -0,0 +1,87 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Mar 28, 2019 Time: 08:25:19PM + */ + +#ifndef _HANDLE_FP_H_ +#define _HANDLE_FP_H_ + +//*** HandleGetType() +// This function returns the type of a handle which is the MSO of the handle. +TPM_HT +HandleGetType( + TPM_HANDLE handle // IN: a handle to be checked +); + +//*** NextPermanentHandle() +// This function returns the permanent handle that is equal to the input value or +// is the next higher value. If there is no handle with the input value and there +// is no next higher value, it returns 0: +TPM_HANDLE +NextPermanentHandle( + TPM_HANDLE inHandle // IN: the handle to check +); + +//*** PermanentCapGetHandles() +// This function returns a list of the permanent handles of PCR, started from +// 'handle'. If 'handle' is larger than the largest permanent handle, an empty list +// will be returned with 'more' set to NO. +// Return Type: TPMI_YES_NO +// YES if there are more handles available +// NO all the available handles has been returned +TPMI_YES_NO +PermanentCapGetHandles( + TPM_HANDLE handle, // IN: start handle + UINT32 count, // IN: count of returned handles + TPML_HANDLE *handleList // OUT: list of handle +); + +//*** PermanentHandleGetPolicy() +// This function returns a list of the permanent handles of PCR, started from +// 'handle'. If 'handle' is larger than the largest permanent handle, an empty list +// will be returned with 'more' set to NO. +// Return Type: TPMI_YES_NO +// YES if there are more handles available +// NO all the available handles has been returned +TPMI_YES_NO +PermanentHandleGetPolicy( + TPM_HANDLE handle, // IN: start handle + UINT32 count, // IN: max count of returned handles + TPML_TAGGED_POLICY *policyList // OUT: list of handle +); + +#endif // _HANDLE_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/HashSequenceStart_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/HashSequenceStart_fp.h new file mode 100644 index 000000000..a3abb2219 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/HashSequenceStart_fp.h @@ -0,0 +1,68 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_HashSequenceStart // Command must be enabled + +#ifndef _Hash_Sequence_Start_FP_H_ +#define _Hash_Sequence_Start_FP_H_ + +// Input structure definition +typedef struct { + TPM2B_AUTH auth; + TPMI_ALG_HASH hashAlg; +} HashSequenceStart_In; + +// Output structure definition +typedef struct { + TPMI_DH_OBJECT sequenceHandle; +} HashSequenceStart_Out; + +// Response code modifiers +#define RC_HashSequenceStart_auth (TPM_RC_P + TPM_RC_1) +#define RC_HashSequenceStart_hashAlg (TPM_RC_P + TPM_RC_2) + +// Function prototype +TPM_RC +TPM2_HashSequenceStart( + HashSequenceStart_In *in, + HashSequenceStart_Out *out +); + +#endif // _Hash_Sequence_Start_FP_H_ +#endif // CC_HashSequenceStart diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Hash_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Hash_fp.h new file mode 100644 index 000000000..c59a4ab6f --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Hash_fp.h @@ -0,0 +1,71 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_Hash // Command must be enabled + +#ifndef _Hash_FP_H_ +#define _Hash_FP_H_ + +// Input structure definition +typedef struct { + TPM2B_MAX_BUFFER data; + TPMI_ALG_HASH hashAlg; + TPMI_RH_HIERARCHY hierarchy; +} Hash_In; + +// Output structure definition +typedef struct { + TPM2B_DIGEST outHash; + TPMT_TK_HASHCHECK validation; +} Hash_Out; + +// Response code modifiers +#define RC_Hash_data (TPM_RC_P + TPM_RC_1) +#define RC_Hash_hashAlg (TPM_RC_P + TPM_RC_2) +#define RC_Hash_hierarchy (TPM_RC_P + TPM_RC_3) + +// Function prototype +TPM_RC +TPM2_Hash( + Hash_In *in, + Hash_Out *out +); + +#endif // _Hash_FP_H_ +#endif // CC_Hash diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/HierarchyChangeAuth_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/HierarchyChangeAuth_fp.h new file mode 100644 index 000000000..2538a7053 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/HierarchyChangeAuth_fp.h @@ -0,0 +1,62 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_HierarchyChangeAuth // Command must be enabled + +#ifndef _Hierarchy_Change_Auth_FP_H_ +#define _Hierarchy_Change_Auth_FP_H_ + +// Input structure definition +typedef struct { + TPMI_RH_HIERARCHY_AUTH authHandle; + TPM2B_AUTH newAuth; +} HierarchyChangeAuth_In; + +// Response code modifiers +#define RC_HierarchyChangeAuth_authHandle (TPM_RC_H + TPM_RC_1) +#define RC_HierarchyChangeAuth_newAuth (TPM_RC_P + TPM_RC_1) + +// Function prototype +TPM_RC +TPM2_HierarchyChangeAuth( + HierarchyChangeAuth_In *in +); + +#endif // _Hierarchy_Change_Auth_FP_H_ +#endif // CC_HierarchyChangeAuth diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/HierarchyControl_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/HierarchyControl_fp.h new file mode 100644 index 000000000..8431ff51d --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/HierarchyControl_fp.h @@ -0,0 +1,64 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_HierarchyControl // Command must be enabled + +#ifndef _Hierarchy_Control_FP_H_ +#define _Hierarchy_Control_FP_H_ + +// Input structure definition +typedef struct { + TPMI_RH_HIERARCHY authHandle; + TPMI_RH_ENABLES enable; + TPMI_YES_NO state; +} HierarchyControl_In; + +// Response code modifiers +#define RC_HierarchyControl_authHandle (TPM_RC_H + TPM_RC_1) +#define RC_HierarchyControl_enable (TPM_RC_P + TPM_RC_1) +#define RC_HierarchyControl_state (TPM_RC_P + TPM_RC_2) + +// Function prototype +TPM_RC +TPM2_HierarchyControl( + HierarchyControl_In *in +); + +#endif // _Hierarchy_Control_FP_H_ +#endif // CC_HierarchyControl diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Hierarchy_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Hierarchy_fp.h new file mode 100644 index 000000000..dc55a9439 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Hierarchy_fp.h @@ -0,0 +1,87 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Apr 2, 2019 Time: 04:23:27PM + */ + +#ifndef _HIERARCHY_FP_H_ +#define _HIERARCHY_FP_H_ + +//*** HierarchyPreInstall() +// This function performs the initialization functions for the hierarchy +// when the TPM is simulated. This function should not be called if the +// TPM is not in a manufacturing mode at the manufacturer, or in a simulated +// environment. +void +HierarchyPreInstall_Init( + void +); + +//*** HierarchyStartup() +// This function is called at TPM2_Startup() to initialize the hierarchy +// related values. +BOOL +HierarchyStartup( + STARTUP_TYPE type // IN: start up type +); + +//*** HierarchyGetProof() +// This function finds the proof value associated with a hierarchy.It returns a +// pointer to the proof value. +TPM2B_PROOF * +HierarchyGetProof( + TPMI_RH_HIERARCHY hierarchy // IN: hierarchy constant +); + +//*** HierarchyGetPrimarySeed() +// This function returns the primary seed of a hierarchy. +TPM2B_SEED * +HierarchyGetPrimarySeed( + TPMI_RH_HIERARCHY hierarchy // IN: hierarchy +); + +//*** HierarchyIsEnabled() +// This function checks to see if a hierarchy is enabled. +// NOTE: The TPM_RH_NULL hierarchy is always enabled. +// Return Type: BOOL +// TRUE(1) hierarchy is enabled +// FALSE(0) hierarchy is disabled +BOOL +HierarchyIsEnabled( + TPMI_RH_HIERARCHY hierarchy // IN: hierarchy +); + +#endif // _HIERARCHY_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Import_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Import_fp.h new file mode 100644 index 000000000..d997754f9 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Import_fp.h @@ -0,0 +1,76 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_Import // Command must be enabled + +#ifndef _Import_FP_H_ +#define _Import_FP_H_ + +// Input structure definition +typedef struct { + TPMI_DH_OBJECT parentHandle; + TPM2B_DATA encryptionKey; + TPM2B_PUBLIC objectPublic; + TPM2B_PRIVATE duplicate; + TPM2B_ENCRYPTED_SECRET inSymSeed; + TPMT_SYM_DEF_OBJECT symmetricAlg; +} Import_In; + +// Output structure definition +typedef struct { + TPM2B_PRIVATE outPrivate; +} Import_Out; + +// Response code modifiers +#define RC_Import_parentHandle (TPM_RC_H + TPM_RC_1) +#define RC_Import_encryptionKey (TPM_RC_P + TPM_RC_1) +#define RC_Import_objectPublic (TPM_RC_P + TPM_RC_2) +#define RC_Import_duplicate (TPM_RC_P + TPM_RC_3) +#define RC_Import_inSymSeed (TPM_RC_P + TPM_RC_4) +#define RC_Import_symmetricAlg (TPM_RC_P + TPM_RC_5) + +// Function prototype +TPM_RC +TPM2_Import( + Import_In *in, + Import_Out *out +); + +#endif // _Import_FP_H_ +#endif // CC_Import diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/IncrementalSelfTest_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/IncrementalSelfTest_fp.h new file mode 100644 index 000000000..cd384cb50 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/IncrementalSelfTest_fp.h @@ -0,0 +1,66 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_IncrementalSelfTest // Command must be enabled + +#ifndef _Incremental_Self_Test_FP_H_ +#define _Incremental_Self_Test_FP_H_ + +// Input structure definition +typedef struct { + TPML_ALG toTest; +} IncrementalSelfTest_In; + +// Output structure definition +typedef struct { + TPML_ALG toDoList; +} IncrementalSelfTest_Out; + +// Response code modifiers +#define RC_IncrementalSelfTest_toTest (TPM_RC_P + TPM_RC_1) + +// Function prototype +TPM_RC +TPM2_IncrementalSelfTest( + IncrementalSelfTest_In *in, + IncrementalSelfTest_Out *out +); + +#endif // _Incremental_Self_Test_FP_H_ +#endif // CC_IncrementalSelfTest diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/IoBuffers_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/IoBuffers_fp.h new file mode 100644 index 000000000..dd74dad60 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/IoBuffers_fp.h @@ -0,0 +1,87 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Mar 28, 2019 Time: 08:25:19PM + */ + +#ifndef _IO_BUFFERS_FP_H_ +#define _IO_BUFFERS_FP_H_ + +//*** MemoryIoBufferAllocationReset() +// This function is used to reset the allocation of buffers. +void +MemoryIoBufferAllocationReset( + void +); + +//*** MemoryIoBufferZero() +// Function zeros the action I/O buffer at the end of a command. Calling this is +// not mandatory for proper functionality. +void +MemoryIoBufferZero( + void +); + +//*** MemoryGetInBuffer() +// This function returns the address of the buffer into which the +// command parameters will be unmarshaled in preparation for calling +// the command actions. +BYTE * +MemoryGetInBuffer( + UINT32 size // Size, in bytes, required for the input + // unmarshaling +); + +//*** MemoryGetOutBuffer() +// This function returns the address of the buffer into which the command +// action code places its output values. +BYTE * +MemoryGetOutBuffer( + UINT32 size // required size of the buffer +); + +//*** IsLabelProperlyFormatted() +// This function checks that a label is a null-terminated string. +// NOTE: this function is here because there was no better place for it. +// Return Type: BOOL +// TRUE(1) string is null terminated +// FALSE(0) string is not null terminated +BOOL +IsLabelProperlyFormatted( + TPM2B *x +); + +#endif // _IO_BUFFERS_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/LoadExternal_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/LoadExternal_fp.h new file mode 100644 index 000000000..d1691bac4 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/LoadExternal_fp.h @@ -0,0 +1,71 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_LoadExternal // Command must be enabled + +#ifndef _Load_External_FP_H_ +#define _Load_External_FP_H_ + +// Input structure definition +typedef struct { + TPM2B_SENSITIVE inPrivate; + TPM2B_PUBLIC inPublic; + TPMI_RH_HIERARCHY hierarchy; +} LoadExternal_In; + +// Output structure definition +typedef struct { + TPM_HANDLE objectHandle; + TPM2B_NAME name; +} LoadExternal_Out; + +// Response code modifiers +#define RC_LoadExternal_inPrivate (TPM_RC_P + TPM_RC_1) +#define RC_LoadExternal_inPublic (TPM_RC_P + TPM_RC_2) +#define RC_LoadExternal_hierarchy (TPM_RC_P + TPM_RC_3) + +// Function prototype +TPM_RC +TPM2_LoadExternal( + LoadExternal_In *in, + LoadExternal_Out *out +); + +#endif // _Load_External_FP_H_ +#endif // CC_LoadExternal diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Load_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Load_fp.h new file mode 100644 index 000000000..3a61c5394 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Load_fp.h @@ -0,0 +1,71 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_Load // Command must be enabled + +#ifndef _Load_FP_H_ +#define _Load_FP_H_ + +// Input structure definition +typedef struct { + TPMI_DH_OBJECT parentHandle; + TPM2B_PRIVATE inPrivate; + TPM2B_PUBLIC inPublic; +} Load_In; + +// Output structure definition +typedef struct { + TPM_HANDLE objectHandle; + TPM2B_NAME name; +} Load_Out; + +// Response code modifiers +#define RC_Load_parentHandle (TPM_RC_H + TPM_RC_1) +#define RC_Load_inPrivate (TPM_RC_P + TPM_RC_1) +#define RC_Load_inPublic (TPM_RC_P + TPM_RC_2) + +// Function prototype +TPM_RC +TPM2_Load( + Load_In *in, + Load_Out *out +); + +#endif // _Load_FP_H_ +#endif // CC_Load diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Locality_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Locality_fp.h new file mode 100644 index 000000000..c3298b1db --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Locality_fp.h @@ -0,0 +1,53 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Mar 28, 2019 Time: 08:25:19PM + */ + +#ifndef _LOCALITY_FP_H_ +#define _LOCALITY_FP_H_ + +//** LocalityGetAttributes() +// This function will convert a locality expressed as an integer into +// TPMA_LOCALITY form. +// +// The function returns the locality attribute. +TPMA_LOCALITY +LocalityGetAttributes( + UINT8 locality // IN: locality value +); + +#endif // _LOCALITY_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/MAC_Start_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/MAC_Start_fp.h new file mode 100644 index 000000000..aeec79cc0 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/MAC_Start_fp.h @@ -0,0 +1,70 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_MAC_Start // Command must be enabled + +#ifndef _MAC_Start_FP_H_ +#define _MAC_Start_FP_H_ + +// Input structure definition +typedef struct { + TPMI_DH_OBJECT handle; + TPM2B_AUTH auth; + TPMI_ALG_MAC_SCHEME inScheme; +} MAC_Start_In; + +// Output structure definition +typedef struct { + TPMI_DH_OBJECT sequenceHandle; +} MAC_Start_Out; + +// Response code modifiers +#define RC_MAC_Start_handle (TPM_RC_H + TPM_RC_1) +#define RC_MAC_Start_auth (TPM_RC_P + TPM_RC_1) +#define RC_MAC_Start_inScheme (TPM_RC_P + TPM_RC_2) + +// Function prototype +TPM_RC +TPM2_MAC_Start( + MAC_Start_In *in, + MAC_Start_Out *out +); + +#endif // _MAC_Start_FP_H_ +#endif // CC_MAC_Start diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/MAC_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/MAC_fp.h new file mode 100644 index 000000000..fe9bf102e --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/MAC_fp.h @@ -0,0 +1,70 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_MAC // Command must be enabled + +#ifndef _MAC_FP_H_ +#define _MAC_FP_H_ + +// Input structure definition +typedef struct { + TPMI_DH_OBJECT handle; + TPM2B_MAX_BUFFER buffer; + TPMI_ALG_MAC_SCHEME inScheme; +} MAC_In; + +// Output structure definition +typedef struct { + TPM2B_DIGEST outMAC; +} MAC_Out; + +// Response code modifiers +#define RC_MAC_handle (TPM_RC_H + TPM_RC_1) +#define RC_MAC_buffer (TPM_RC_P + TPM_RC_1) +#define RC_MAC_inScheme (TPM_RC_P + TPM_RC_2) + +// Function prototype +TPM_RC +TPM2_MAC( + MAC_In *in, + MAC_Out *out +); + +#endif // _MAC_FP_H_ +#endif // CC_MAC diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/MakeCredential_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/MakeCredential_fp.h new file mode 100644 index 000000000..f34b5b2ac --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/MakeCredential_fp.h @@ -0,0 +1,71 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_MakeCredential // Command must be enabled + +#ifndef _Make_Credential_FP_H_ +#define _Make_Credential_FP_H_ + +// Input structure definition +typedef struct { + TPMI_DH_OBJECT handle; + TPM2B_DIGEST credential; + TPM2B_NAME objectName; +} MakeCredential_In; + +// Output structure definition +typedef struct { + TPM2B_ID_OBJECT credentialBlob; + TPM2B_ENCRYPTED_SECRET secret; +} MakeCredential_Out; + +// Response code modifiers +#define RC_MakeCredential_handle (TPM_RC_H + TPM_RC_1) +#define RC_MakeCredential_credential (TPM_RC_P + TPM_RC_1) +#define RC_MakeCredential_objectName (TPM_RC_P + TPM_RC_2) + +// Function prototype +TPM_RC +TPM2_MakeCredential( + MakeCredential_In *in, + MakeCredential_Out *out +); + +#endif // _Make_Credential_FP_H_ +#endif // CC_MakeCredential diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Manufacture_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Manufacture_fp.h new file mode 100644 index 000000000..d3fd77ffc --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Manufacture_fp.h @@ -0,0 +1,79 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Mar 28, 2019 Time: 08:25:19PM + */ + +#ifndef _MANUFACTURE_FP_H_ +#define _MANUFACTURE_FP_H_ + +//*** TPM_Manufacture() +// This function initializes the TPM values in preparation for the TPM's first +// use. This function will fail if previously called. The TPM can be re-manufactured +// by calling TPM_Teardown() first and then calling this function again. +// Return Type: int +// 0 success +// 1 manufacturing process previously performed +LIB_EXPORT int +TPM_Manufacture( + int firstTime // IN: indicates if this is the first call from + // main() +); + +//*** TPM_TearDown() +// This function prepares the TPM for re-manufacture. It should not be implemented +// in anything other than a simulated TPM. +// +// In this implementation, all that is needs is to stop the cryptographic units +// and set a flag to indicate that the TPM can be re-manufactured. This should +// be all that is necessary to start the manufacturing process again. +// Return Type: int +// 0 success +// 1 TPM not previously manufactured +LIB_EXPORT int +TPM_TearDown( + void +); + +//*** TpmEndSimulation() +// This function is called at the end of the simulation run. It is used to provoke +// printing of any statistics that might be needed. +LIB_EXPORT void +TpmEndSimulation( + void +); + +#endif // _MANUFACTURE_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Marshal_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Marshal_fp.h new file mode 100644 index 000000000..c0328a92a --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Marshal_fp.h @@ -0,0 +1,2408 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmMarshal; Version 4.1 Dec 10, 2018 + * Date: Apr 2, 2019 Time: 11:00:48AM + */ + +#ifndef _MARSHAL_FP_H_ +#define _MARSHAL_FP_H_ + +// Table 2:3 - Definition of Base Types +// UINT8 definition from table 2:3 +TPM_RC +UINT8_Unmarshal(UINT8 *target, BYTE **buffer, INT32 *size); +UINT16 +UINT8_Marshal(UINT8 *source, BYTE **buffer, INT32 *size); + +// BYTE definition from table 2:3 +#if !USE_MARSHALING_DEFINES +TPM_RC +BYTE_Unmarshal(BYTE *target, BYTE **buffer, INT32 *size); +#else +#define BYTE_Unmarshal(target, buffer, size) \ + UINT8_Unmarshal((UINT8 *)(target), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES +#if !USE_MARSHALING_DEFINES +UINT16 +BYTE_Marshal(BYTE *source, BYTE **buffer, INT32 *size); +#else +#define BYTE_Marshal(source, buffer, size) \ + UINT8_Marshal((UINT8 *)(source), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES + +// INT8 definition from table 2:3 +#if !USE_MARSHALING_DEFINES +TPM_RC +INT8_Unmarshal(INT8 *target, BYTE **buffer, INT32 *size); +#else +#define INT8_Unmarshal(target, buffer, size) \ + UINT8_Unmarshal((UINT8 *)(target), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES +#if !USE_MARSHALING_DEFINES +UINT16 +INT8_Marshal(INT8 *source, BYTE **buffer, INT32 *size); +#else +#define INT8_Marshal(source, buffer, size) \ + UINT8_Marshal((UINT8 *)(source), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES + +// UINT16 definition from table 2:3 +TPM_RC +UINT16_Unmarshal(UINT16 *target, BYTE **buffer, INT32 *size); +UINT16 +UINT16_Marshal(UINT16 *source, BYTE **buffer, INT32 *size); + +// INT16 definition from table 2:3 +#if !USE_MARSHALING_DEFINES +TPM_RC +INT16_Unmarshal(INT16 *target, BYTE **buffer, INT32 *size); +#else +#define INT16_Unmarshal(target, buffer, size) \ + UINT16_Unmarshal((UINT16 *)(target), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES +#if !USE_MARSHALING_DEFINES +UINT16 +INT16_Marshal(INT16 *source, BYTE **buffer, INT32 *size); +#else +#define INT16_Marshal(source, buffer, size) \ + UINT16_Marshal((UINT16 *)(source), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES + +// UINT32 definition from table 2:3 +TPM_RC +UINT32_Unmarshal(UINT32 *target, BYTE **buffer, INT32 *size); +UINT16 +UINT32_Marshal(UINT32 *source, BYTE **buffer, INT32 *size); + +// INT32 definition from table 2:3 +#if !USE_MARSHALING_DEFINES +TPM_RC +INT32_Unmarshal(INT32 *target, BYTE **buffer, INT32 *size); +#else +#define INT32_Unmarshal(target, buffer, size) \ + UINT32_Unmarshal((UINT32 *)(target), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES +#if !USE_MARSHALING_DEFINES +UINT16 +INT32_Marshal(INT32 *source, BYTE **buffer, INT32 *size); +#else +#define INT32_Marshal(source, buffer, size) \ + UINT32_Marshal((UINT32 *)(source), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES + +// UINT64 definition from table 2:3 +TPM_RC +UINT64_Unmarshal(UINT64 *target, BYTE **buffer, INT32 *size); +UINT16 +UINT64_Marshal(UINT64 *source, BYTE **buffer, INT32 *size); + +// INT64 definition from table 2:3 +#if !USE_MARSHALING_DEFINES +TPM_RC +INT64_Unmarshal(INT64 *target, BYTE **buffer, INT32 *size); +#else +#define INT64_Unmarshal(target, buffer, size) \ + UINT64_Unmarshal((UINT64 *)(target), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES +#if !USE_MARSHALING_DEFINES +UINT16 +INT64_Marshal(INT64 *source, BYTE **buffer, INT32 *size); +#else +#define INT64_Marshal(source, buffer, size) \ + UINT64_Marshal((UINT64 *)(source), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES + +// Table 2:4 - Defines for Logic Values +// Table 2:5 - Definition of Types for Documentation Clarity +#if !USE_MARSHALING_DEFINES +TPM_RC +TPM_ALGORITHM_ID_Unmarshal(TPM_ALGORITHM_ID *target, BYTE **buffer, INT32 *size); +#else +#define TPM_ALGORITHM_ID_Unmarshal(target, buffer, size) \ + UINT32_Unmarshal((UINT32 *)(target), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES +#if !USE_MARSHALING_DEFINES +UINT16 +TPM_ALGORITHM_ID_Marshal(TPM_ALGORITHM_ID *source, BYTE **buffer, INT32 *size); +#else +#define TPM_ALGORITHM_ID_Marshal(source, buffer, size) \ + UINT32_Marshal((UINT32 *)(source), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES +#if !USE_MARSHALING_DEFINES +TPM_RC +TPM_MODIFIER_INDICATOR_Unmarshal(TPM_MODIFIER_INDICATOR *target, + BYTE **buffer, INT32 *size); +#else +#define TPM_MODIFIER_INDICATOR_Unmarshal(target, buffer, size) \ + UINT32_Unmarshal((UINT32 *)(target), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES +#if !USE_MARSHALING_DEFINES +UINT16 +TPM_MODIFIER_INDICATOR_Marshal(TPM_MODIFIER_INDICATOR *source, + BYTE **buffer, INT32 *size); +#else +#define TPM_MODIFIER_INDICATOR_Marshal(source, buffer, size) \ + UINT32_Marshal((UINT32 *)(source), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES +#if !USE_MARSHALING_DEFINES +TPM_RC +TPM_AUTHORIZATION_SIZE_Unmarshal(TPM_AUTHORIZATION_SIZE *target, + BYTE **buffer, INT32 *size); +#else +#define TPM_AUTHORIZATION_SIZE_Unmarshal(target, buffer, size) \ + UINT32_Unmarshal((UINT32 *)(target), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES +#if !USE_MARSHALING_DEFINES +UINT16 +TPM_AUTHORIZATION_SIZE_Marshal(TPM_AUTHORIZATION_SIZE *source, + BYTE **buffer, INT32 *size); +#else +#define TPM_AUTHORIZATION_SIZE_Marshal(source, buffer, size) \ + UINT32_Marshal((UINT32 *)(source), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES +#if !USE_MARSHALING_DEFINES +TPM_RC +TPM_PARAMETER_SIZE_Unmarshal(TPM_PARAMETER_SIZE *target, + BYTE **buffer, INT32 *size); +#else +#define TPM_PARAMETER_SIZE_Unmarshal(target, buffer, size) \ + UINT32_Unmarshal((UINT32 *)(target), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES +#if !USE_MARSHALING_DEFINES +UINT16 +TPM_PARAMETER_SIZE_Marshal(TPM_PARAMETER_SIZE *source, BYTE **buffer, INT32 *size); +#else +#define TPM_PARAMETER_SIZE_Marshal(source, buffer, size) \ + UINT32_Marshal((UINT32 *)(source), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES +#if !USE_MARSHALING_DEFINES +TPM_RC +TPM_KEY_SIZE_Unmarshal(TPM_KEY_SIZE *target, BYTE **buffer, INT32 *size); +#else +#define TPM_KEY_SIZE_Unmarshal(target, buffer, size) \ + UINT16_Unmarshal((UINT16 *)(target), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES +#if !USE_MARSHALING_DEFINES +UINT16 +TPM_KEY_SIZE_Marshal(TPM_KEY_SIZE *source, BYTE **buffer, INT32 *size); +#else +#define TPM_KEY_SIZE_Marshal(source, buffer, size) \ + UINT16_Marshal((UINT16 *)(source), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES +#if !USE_MARSHALING_DEFINES +TPM_RC +TPM_KEY_BITS_Unmarshal(TPM_KEY_BITS *target, BYTE **buffer, INT32 *size); +#else +#define TPM_KEY_BITS_Unmarshal(target, buffer, size) \ + UINT16_Unmarshal((UINT16 *)(target), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES +#if !USE_MARSHALING_DEFINES +UINT16 +TPM_KEY_BITS_Marshal(TPM_KEY_BITS *source, BYTE **buffer, INT32 *size); +#else +#define TPM_KEY_BITS_Marshal(source, buffer, size) \ + UINT16_Marshal((UINT16 *)(source), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES + +// Table 2:6 - Definition of TPM_SPEC Constants +// Table 2:7 - Definition of TPM_GENERATED Constants +#if !USE_MARSHALING_DEFINES +UINT16 +TPM_GENERATED_Marshal(TPM_GENERATED *source, BYTE **buffer, INT32 *size); +#else +#define TPM_GENERATED_Marshal(source, buffer, size) \ + UINT32_Marshal((UINT32 *)(source), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES + +// Table 2:9 - Definition of TPM_ALG_ID Constants +#if !USE_MARSHALING_DEFINES +TPM_RC +TPM_ALG_ID_Unmarshal(TPM_ALG_ID *target, BYTE **buffer, INT32 *size); +#else +#define TPM_ALG_ID_Unmarshal(target, buffer, size) \ + UINT16_Unmarshal((UINT16 *)(target), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES +#if !USE_MARSHALING_DEFINES +UINT16 +TPM_ALG_ID_Marshal(TPM_ALG_ID *source, BYTE **buffer, INT32 *size); +#else +#define TPM_ALG_ID_Marshal(source, buffer, size) \ + UINT16_Marshal((UINT16 *)(source), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES + +// Table 2:10 - Definition of TPM_ECC_CURVE Constants +#if ALG_ECC +TPM_RC +TPM_ECC_CURVE_Unmarshal(TPM_ECC_CURVE *target, BYTE **buffer, INT32 *size); +#if !USE_MARSHALING_DEFINES +UINT16 +TPM_ECC_CURVE_Marshal(TPM_ECC_CURVE *source, BYTE **buffer, INT32 *size); +#else +#define TPM_ECC_CURVE_Marshal(source, buffer, size) \ + UINT16_Marshal((UINT16 *)(source), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES +#endif // ALG_ECC + +// Table 2:12 - Definition of TPM_CC Constants +#if !USE_MARSHALING_DEFINES +TPM_RC +TPM_CC_Unmarshal(TPM_CC *target, BYTE **buffer, INT32 *size); +#else +#define TPM_CC_Unmarshal(target, buffer, size) \ + UINT32_Unmarshal((UINT32 *)(target), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES +#if !USE_MARSHALING_DEFINES +UINT16 +TPM_CC_Marshal(TPM_CC *source, BYTE **buffer, INT32 *size); +#else +#define TPM_CC_Marshal(source, buffer, size) \ + UINT32_Marshal((UINT32 *)(source), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES + +// Table 2:16 - Definition of TPM_RC Constants +#if !USE_MARSHALING_DEFINES +UINT16 +TPM_RC_Marshal(TPM_RC *source, BYTE **buffer, INT32 *size); +#else +#define TPM_RC_Marshal(source, buffer, size) \ + UINT32_Marshal((UINT32 *)(source), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES + +// Table 2:17 - Definition of TPM_CLOCK_ADJUST Constants +TPM_RC +TPM_CLOCK_ADJUST_Unmarshal(TPM_CLOCK_ADJUST *target, BYTE **buffer, INT32 *size); + +// Table 2:18 - Definition of TPM_EO Constants +TPM_RC +TPM_EO_Unmarshal(TPM_EO *target, BYTE **buffer, INT32 *size); +#if !USE_MARSHALING_DEFINES +UINT16 +TPM_EO_Marshal(TPM_EO *source, BYTE **buffer, INT32 *size); +#else +#define TPM_EO_Marshal(source, buffer, size) \ + UINT16_Marshal((UINT16 *)(source), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES + +// Table 2:19 - Definition of TPM_ST Constants +#if !USE_MARSHALING_DEFINES +TPM_RC +TPM_ST_Unmarshal(TPM_ST *target, BYTE **buffer, INT32 *size); +#else +#define TPM_ST_Unmarshal(target, buffer, size) \ + UINT16_Unmarshal((UINT16 *)(target), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES +#if !USE_MARSHALING_DEFINES +UINT16 +TPM_ST_Marshal(TPM_ST *source, BYTE **buffer, INT32 *size); +#else +#define TPM_ST_Marshal(source, buffer, size) \ + UINT16_Marshal((UINT16 *)(source), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES + +// Table 2:20 - Definition of TPM_SU Constants +TPM_RC +TPM_SU_Unmarshal(TPM_SU *target, BYTE **buffer, INT32 *size); + +// Table 2:21 - Definition of TPM_SE Constants +TPM_RC +TPM_SE_Unmarshal(TPM_SE *target, BYTE **buffer, INT32 *size); + +// Table 2:22 - Definition of TPM_CAP Constants +TPM_RC +TPM_CAP_Unmarshal(TPM_CAP *target, BYTE **buffer, INT32 *size); +#if !USE_MARSHALING_DEFINES +UINT16 +TPM_CAP_Marshal(TPM_CAP *source, BYTE **buffer, INT32 *size); +#else +#define TPM_CAP_Marshal(source, buffer, size) \ + UINT32_Marshal((UINT32 *)(source), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES + +// Table 2:23 - Definition of TPM_PT Constants +#if !USE_MARSHALING_DEFINES +TPM_RC +TPM_PT_Unmarshal(TPM_PT *target, BYTE **buffer, INT32 *size); +#else +#define TPM_PT_Unmarshal(target, buffer, size) \ + UINT32_Unmarshal((UINT32 *)(target), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES +#if !USE_MARSHALING_DEFINES +UINT16 +TPM_PT_Marshal(TPM_PT *source, BYTE **buffer, INT32 *size); +#else +#define TPM_PT_Marshal(source, buffer, size) \ + UINT32_Marshal((UINT32 *)(source), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES + +// Table 2:24 - Definition of TPM_PT_PCR Constants +#if !USE_MARSHALING_DEFINES +TPM_RC +TPM_PT_PCR_Unmarshal(TPM_PT_PCR *target, BYTE **buffer, INT32 *size); +#else +#define TPM_PT_PCR_Unmarshal(target, buffer, size) \ + UINT32_Unmarshal((UINT32 *)(target), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES +#if !USE_MARSHALING_DEFINES +UINT16 +TPM_PT_PCR_Marshal(TPM_PT_PCR *source, BYTE **buffer, INT32 *size); +#else +#define TPM_PT_PCR_Marshal(source, buffer, size) \ + UINT32_Marshal((UINT32 *)(source), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES + +// Table 2:25 - Definition of TPM_PS Constants +#if !USE_MARSHALING_DEFINES +UINT16 +TPM_PS_Marshal(TPM_PS *source, BYTE **buffer, INT32 *size); +#else +#define TPM_PS_Marshal(source, buffer, size) \ + UINT32_Marshal((UINT32 *)(source), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES + +// Table 2:26 - Definition of Types for Handles +#if !USE_MARSHALING_DEFINES +TPM_RC +TPM_HANDLE_Unmarshal(TPM_HANDLE *target, BYTE **buffer, INT32 *size); +#else +#define TPM_HANDLE_Unmarshal(target, buffer, size) \ + UINT32_Unmarshal((UINT32 *)(target), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES +#if !USE_MARSHALING_DEFINES +UINT16 +TPM_HANDLE_Marshal(TPM_HANDLE *source, BYTE **buffer, INT32 *size); +#else +#define TPM_HANDLE_Marshal(source, buffer, size) \ + UINT32_Marshal((UINT32 *)(source), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES + +// Table 2:27 - Definition of TPM_HT Constants +#if !USE_MARSHALING_DEFINES +TPM_RC +TPM_HT_Unmarshal(TPM_HT *target, BYTE **buffer, INT32 *size); +#else +#define TPM_HT_Unmarshal(target, buffer, size) \ + UINT8_Unmarshal((UINT8 *)(target), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES +#if !USE_MARSHALING_DEFINES +UINT16 +TPM_HT_Marshal(TPM_HT *source, BYTE **buffer, INT32 *size); +#else +#define TPM_HT_Marshal(source, buffer, size) \ + UINT8_Marshal((UINT8 *)(source), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES + +// Table 2:28 - Definition of TPM_RH Constants +#if !USE_MARSHALING_DEFINES +TPM_RC +TPM_RH_Unmarshal(TPM_RH *target, BYTE **buffer, INT32 *size); +#else +#define TPM_RH_Unmarshal(target, buffer, size) \ + TPM_HANDLE_Unmarshal((TPM_HANDLE *)(target), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES +#if !USE_MARSHALING_DEFINES +UINT16 +TPM_RH_Marshal(TPM_RH *source, BYTE **buffer, INT32 *size); +#else +#define TPM_RH_Marshal(source, buffer, size) \ + TPM_HANDLE_Marshal((TPM_HANDLE *)(source), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES + +// Table 2:29 - Definition of TPM_HC Constants +#if !USE_MARSHALING_DEFINES +TPM_RC +TPM_HC_Unmarshal(TPM_HC *target, BYTE **buffer, INT32 *size); +#else +#define TPM_HC_Unmarshal(target, buffer, size) \ + TPM_HANDLE_Unmarshal((TPM_HANDLE *)(target), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES +#if !USE_MARSHALING_DEFINES +UINT16 +TPM_HC_Marshal(TPM_HC *source, BYTE **buffer, INT32 *size); +#else +#define TPM_HC_Marshal(source, buffer, size) \ + TPM_HANDLE_Marshal((TPM_HANDLE *)(source), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES + +// Table 2:30 - Definition of TPMA_ALGORITHM Bits +TPM_RC +TPMA_ALGORITHM_Unmarshal(TPMA_ALGORITHM *target, BYTE **buffer, INT32 *size); + +#if !USE_MARSHALING_DEFINES +UINT16 +TPMA_ALGORITHM_Marshal(TPMA_ALGORITHM *source, BYTE **buffer, INT32 *size); +#else +#define TPMA_ALGORITHM_Marshal(source, buffer, size) \ + UINT32_Marshal((UINT32 *)(source), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES + +// Table 2:31 - Definition of TPMA_OBJECT Bits +TPM_RC +TPMA_OBJECT_Unmarshal(TPMA_OBJECT *target, BYTE **buffer, INT32 *size); + +#if !USE_MARSHALING_DEFINES +UINT16 +TPMA_OBJECT_Marshal(TPMA_OBJECT *source, BYTE **buffer, INT32 *size); +#else +#define TPMA_OBJECT_Marshal(source, buffer, size) \ + UINT32_Marshal((UINT32 *)(source), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES + +// Table 2:32 - Definition of TPMA_SESSION Bits +TPM_RC +TPMA_SESSION_Unmarshal(TPMA_SESSION *target, BYTE **buffer, INT32 *size); + +#if !USE_MARSHALING_DEFINES +UINT16 +TPMA_SESSION_Marshal(TPMA_SESSION *source, BYTE **buffer, INT32 *size); +#else +#define TPMA_SESSION_Marshal(source, buffer, size) \ + UINT8_Marshal((UINT8 *)(source), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES + +// Table 2:33 - Definition of TPMA_LOCALITY Bits +#if !USE_MARSHALING_DEFINES +TPM_RC +TPMA_LOCALITY_Unmarshal(TPMA_LOCALITY *target, BYTE **buffer, INT32 *size); +#else +#define TPMA_LOCALITY_Unmarshal(target, buffer, size) \ + UINT8_Unmarshal((UINT8 *)(target), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES + +#if !USE_MARSHALING_DEFINES +UINT16 +TPMA_LOCALITY_Marshal(TPMA_LOCALITY *source, BYTE **buffer, INT32 *size); +#else +#define TPMA_LOCALITY_Marshal(source, buffer, size) \ + UINT8_Marshal((UINT8 *)(source), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES + +// Table 2:34 - Definition of TPMA_PERMANENT Bits +#if !USE_MARSHALING_DEFINES +UINT16 +TPMA_PERMANENT_Marshal(TPMA_PERMANENT *source, BYTE **buffer, INT32 *size); +#else +#define TPMA_PERMANENT_Marshal(source, buffer, size) \ + UINT32_Marshal((UINT32 *)(source), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES + +// Table 2:35 - Definition of TPMA_STARTUP_CLEAR Bits +#if !USE_MARSHALING_DEFINES +UINT16 +TPMA_STARTUP_CLEAR_Marshal(TPMA_STARTUP_CLEAR *source, BYTE **buffer, INT32 *size); +#else +#define TPMA_STARTUP_CLEAR_Marshal(source, buffer, size) \ + UINT32_Marshal((UINT32 *)(source), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES + +// Table 2:36 - Definition of TPMA_MEMORY Bits +#if !USE_MARSHALING_DEFINES +UINT16 +TPMA_MEMORY_Marshal(TPMA_MEMORY *source, BYTE **buffer, INT32 *size); +#else +#define TPMA_MEMORY_Marshal(source, buffer, size) \ + UINT32_Marshal((UINT32 *)(source), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES + +// Table 2:37 - Definition of TPMA_CC Bits +#if !USE_MARSHALING_DEFINES +UINT16 +TPMA_CC_Marshal(TPMA_CC *source, BYTE **buffer, INT32 *size); +#else +#define TPMA_CC_Marshal(source, buffer, size) \ + TPM_CC_Marshal((TPM_CC *)(source), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES + +// Table 2:38 - Definition of TPMA_MODES Bits +#if !USE_MARSHALING_DEFINES +UINT16 +TPMA_MODES_Marshal(TPMA_MODES *source, BYTE **buffer, INT32 *size); +#else +#define TPMA_MODES_Marshal(source, buffer, size) \ + UINT32_Marshal((UINT32 *)(source), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES + +// Table 2:39 - Definition of TPMA_X509_KEY_USAGE Bits +#if !USE_MARSHALING_DEFINES +UINT16 +TPMA_X509_KEY_USAGE_Marshal(TPMA_X509_KEY_USAGE *source, + BYTE **buffer, INT32 *size); +#else +#define TPMA_X509_KEY_USAGE_Marshal(source, buffer, size) \ + UINT32_Marshal((UINT32 *)(source), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES + +// Table 2:40 - Definition of TPMI_YES_NO Type +TPM_RC +TPMI_YES_NO_Unmarshal(TPMI_YES_NO *target, BYTE **buffer, INT32 *size); +#if !USE_MARSHALING_DEFINES +UINT16 +TPMI_YES_NO_Marshal(TPMI_YES_NO *source, BYTE **buffer, INT32 *size); +#else +#define TPMI_YES_NO_Marshal(source, buffer, size) \ + BYTE_Marshal((BYTE *)(source), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES + +// Table 2:41 - Definition of TPMI_DH_OBJECT Type +TPM_RC +TPMI_DH_OBJECT_Unmarshal(TPMI_DH_OBJECT *target, + BYTE **buffer, INT32 *size, BOOL flag); +#if !USE_MARSHALING_DEFINES +UINT16 +TPMI_DH_OBJECT_Marshal(TPMI_DH_OBJECT *source, BYTE **buffer, INT32 *size); +#else +#define TPMI_DH_OBJECT_Marshal(source, buffer, size) \ + TPM_HANDLE_Marshal((TPM_HANDLE *)(source), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES + +// Table 2:42 - Definition of TPMI_DH_PARENT Type +TPM_RC +TPMI_DH_PARENT_Unmarshal(TPMI_DH_PARENT *target, + BYTE **buffer, INT32 *size, BOOL flag); +#if !USE_MARSHALING_DEFINES +UINT16 +TPMI_DH_PARENT_Marshal(TPMI_DH_PARENT *source, BYTE **buffer, INT32 *size); +#else +#define TPMI_DH_PARENT_Marshal(source, buffer, size) \ + TPM_HANDLE_Marshal((TPM_HANDLE *)(source), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES + +// Table 2:43 - Definition of TPMI_DH_PERSISTENT Type +TPM_RC +TPMI_DH_PERSISTENT_Unmarshal(TPMI_DH_PERSISTENT *target, + BYTE **buffer, INT32 *size); +#if !USE_MARSHALING_DEFINES +UINT16 +TPMI_DH_PERSISTENT_Marshal(TPMI_DH_PERSISTENT *source, BYTE **buffer, INT32 *size); +#else +#define TPMI_DH_PERSISTENT_Marshal(source, buffer, size) \ + TPM_HANDLE_Marshal((TPM_HANDLE *)(source), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES + +// Table 2:44 - Definition of TPMI_DH_ENTITY Type +TPM_RC +TPMI_DH_ENTITY_Unmarshal(TPMI_DH_ENTITY *target, + BYTE **buffer, INT32 *size, BOOL flag); + +// Table 2:45 - Definition of TPMI_DH_PCR Type +TPM_RC +TPMI_DH_PCR_Unmarshal(TPMI_DH_PCR *target, BYTE **buffer, INT32 *size, BOOL flag); + +// Table 2:46 - Definition of TPMI_SH_AUTH_SESSION Type +TPM_RC +TPMI_SH_AUTH_SESSION_Unmarshal(TPMI_SH_AUTH_SESSION *target, + BYTE **buffer, INT32 *size, BOOL flag); +#if !USE_MARSHALING_DEFINES +UINT16 +TPMI_SH_AUTH_SESSION_Marshal(TPMI_SH_AUTH_SESSION *source, + BYTE **buffer, INT32 *size); +#else +#define TPMI_SH_AUTH_SESSION_Marshal(source, buffer, size) \ + TPM_HANDLE_Marshal((TPM_HANDLE *)(source), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES + +// Table 2:47 - Definition of TPMI_SH_HMAC Type +TPM_RC +TPMI_SH_HMAC_Unmarshal(TPMI_SH_HMAC *target, BYTE **buffer, INT32 *size); +#if !USE_MARSHALING_DEFINES +UINT16 +TPMI_SH_HMAC_Marshal(TPMI_SH_HMAC *source, BYTE **buffer, INT32 *size); +#else +#define TPMI_SH_HMAC_Marshal(source, buffer, size) \ + TPM_HANDLE_Marshal((TPM_HANDLE *)(source), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES + +// Table 2:48 - Definition of TPMI_SH_POLICY Type +TPM_RC +TPMI_SH_POLICY_Unmarshal(TPMI_SH_POLICY *target, BYTE **buffer, INT32 *size); +#if !USE_MARSHALING_DEFINES +UINT16 +TPMI_SH_POLICY_Marshal(TPMI_SH_POLICY *source, BYTE **buffer, INT32 *size); +#else +#define TPMI_SH_POLICY_Marshal(source, buffer, size) \ + TPM_HANDLE_Marshal((TPM_HANDLE *)(source), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES + +// Table 2:49 - Definition of TPMI_DH_CONTEXT Type +TPM_RC +TPMI_DH_CONTEXT_Unmarshal(TPMI_DH_CONTEXT *target, BYTE **buffer, INT32 *size); +#if !USE_MARSHALING_DEFINES +UINT16 +TPMI_DH_CONTEXT_Marshal(TPMI_DH_CONTEXT *source, BYTE **buffer, INT32 *size); +#else +#define TPMI_DH_CONTEXT_Marshal(source, buffer, size) \ + TPM_HANDLE_Marshal((TPM_HANDLE *)(source), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES + +// Table 2:50 - Definition of TPMI_DH_SAVED Type +TPM_RC +TPMI_DH_SAVED_Unmarshal(TPMI_DH_SAVED *target, BYTE **buffer, INT32 *size); +#if !USE_MARSHALING_DEFINES +UINT16 +TPMI_DH_SAVED_Marshal(TPMI_DH_SAVED *source, BYTE **buffer, INT32 *size); +#else +#define TPMI_DH_SAVED_Marshal(source, buffer, size) \ + TPM_HANDLE_Marshal((TPM_HANDLE *)(source), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES + +// Table 2:51 - Definition of TPMI_RH_HIERARCHY Type +TPM_RC +TPMI_RH_HIERARCHY_Unmarshal(TPMI_RH_HIERARCHY *target, + BYTE **buffer, INT32 *size, BOOL flag); +#if !USE_MARSHALING_DEFINES +UINT16 +TPMI_RH_HIERARCHY_Marshal(TPMI_RH_HIERARCHY *source, BYTE **buffer, INT32 *size); +#else +#define TPMI_RH_HIERARCHY_Marshal(source, buffer, size) \ + TPM_HANDLE_Marshal((TPM_HANDLE *)(source), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES + +// Table 2:52 - Definition of TPMI_RH_ENABLES Type +TPM_RC +TPMI_RH_ENABLES_Unmarshal(TPMI_RH_ENABLES *target, + BYTE **buffer, INT32 *size, BOOL flag); +#if !USE_MARSHALING_DEFINES +UINT16 +TPMI_RH_ENABLES_Marshal(TPMI_RH_ENABLES *source, BYTE **buffer, INT32 *size); +#else +#define TPMI_RH_ENABLES_Marshal(source, buffer, size) \ + TPM_HANDLE_Marshal((TPM_HANDLE *)(source), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES + +// Table 2:53 - Definition of TPMI_RH_HIERARCHY_AUTH Type +TPM_RC +TPMI_RH_HIERARCHY_AUTH_Unmarshal(TPMI_RH_HIERARCHY_AUTH *target, + BYTE **buffer, INT32 *size); + +// Table 2:54 - Definition of TPMI_RH_PLATFORM Type +TPM_RC +TPMI_RH_PLATFORM_Unmarshal(TPMI_RH_PLATFORM *target, BYTE **buffer, INT32 *size); + +// Table 2:55 - Definition of TPMI_RH_OWNER Type +TPM_RC +TPMI_RH_OWNER_Unmarshal(TPMI_RH_OWNER *target, + BYTE **buffer, INT32 *size, BOOL flag); + +// Table 2:56 - Definition of TPMI_RH_ENDORSEMENT Type +TPM_RC +TPMI_RH_ENDORSEMENT_Unmarshal(TPMI_RH_ENDORSEMENT *target, + BYTE **buffer, INT32 *size, BOOL flag); + +// Table 2:57 - Definition of TPMI_RH_PROVISION Type +TPM_RC +TPMI_RH_PROVISION_Unmarshal(TPMI_RH_PROVISION *target, BYTE **buffer, INT32 *size); + +// Table 2:58 - Definition of TPMI_RH_CLEAR Type +TPM_RC +TPMI_RH_CLEAR_Unmarshal(TPMI_RH_CLEAR *target, BYTE **buffer, INT32 *size); + +// Table 2:59 - Definition of TPMI_RH_NV_AUTH Type +TPM_RC +TPMI_RH_NV_AUTH_Unmarshal(TPMI_RH_NV_AUTH *target, BYTE **buffer, INT32 *size); + +// Table 2:60 - Definition of TPMI_RH_LOCKOUT Type +TPM_RC +TPMI_RH_LOCKOUT_Unmarshal(TPMI_RH_LOCKOUT *target, BYTE **buffer, INT32 *size); + +// Table 2:61 - Definition of TPMI_RH_NV_INDEX Type +TPM_RC +TPMI_RH_NV_INDEX_Unmarshal(TPMI_RH_NV_INDEX *target, BYTE **buffer, INT32 *size); +#if !USE_MARSHALING_DEFINES +UINT16 +TPMI_RH_NV_INDEX_Marshal(TPMI_RH_NV_INDEX *source, BYTE **buffer, INT32 *size); +#else +#define TPMI_RH_NV_INDEX_Marshal(source, buffer, size) \ + TPM_HANDLE_Marshal((TPM_HANDLE *)(source), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES + +// Table 2:62 - Definition of TPMI_RH_AC Type +TPM_RC +TPMI_RH_AC_Unmarshal(TPMI_RH_AC *target, BYTE **buffer, INT32 *size); + +// Table 2:63 - Definition of TPMI_ALG_HASH Type +TPM_RC +TPMI_ALG_HASH_Unmarshal(TPMI_ALG_HASH *target, + BYTE **buffer, INT32 *size, BOOL flag); +#if !USE_MARSHALING_DEFINES +UINT16 +TPMI_ALG_HASH_Marshal(TPMI_ALG_HASH *source, BYTE **buffer, INT32 *size); +#else +#define TPMI_ALG_HASH_Marshal(source, buffer, size) \ + TPM_ALG_ID_Marshal((TPM_ALG_ID *)(source), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES + +// Table 2:64 - Definition of TPMI_ALG_ASYM Type +TPM_RC +TPMI_ALG_ASYM_Unmarshal(TPMI_ALG_ASYM *target, + BYTE **buffer, INT32 *size, BOOL flag); +#if !USE_MARSHALING_DEFINES +UINT16 +TPMI_ALG_ASYM_Marshal(TPMI_ALG_ASYM *source, BYTE **buffer, INT32 *size); +#else +#define TPMI_ALG_ASYM_Marshal(source, buffer, size) \ + TPM_ALG_ID_Marshal((TPM_ALG_ID *)(source), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES + +// Table 2:65 - Definition of TPMI_ALG_SYM Type +TPM_RC +TPMI_ALG_SYM_Unmarshal(TPMI_ALG_SYM *target, BYTE **buffer, INT32 *size, BOOL flag); +#if !USE_MARSHALING_DEFINES +UINT16 +TPMI_ALG_SYM_Marshal(TPMI_ALG_SYM *source, BYTE **buffer, INT32 *size); +#else +#define TPMI_ALG_SYM_Marshal(source, buffer, size) \ + TPM_ALG_ID_Marshal((TPM_ALG_ID *)(source), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES + +// Table 2:66 - Definition of TPMI_ALG_SYM_OBJECT Type +TPM_RC +TPMI_ALG_SYM_OBJECT_Unmarshal(TPMI_ALG_SYM_OBJECT *target, + BYTE **buffer, INT32 *size, BOOL flag); +#if !USE_MARSHALING_DEFINES +UINT16 +TPMI_ALG_SYM_OBJECT_Marshal(TPMI_ALG_SYM_OBJECT *source, + BYTE **buffer, INT32 *size); +#else +#define TPMI_ALG_SYM_OBJECT_Marshal(source, buffer, size) \ + TPM_ALG_ID_Marshal((TPM_ALG_ID *)(source), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES + +// Table 2:67 - Definition of TPMI_ALG_SYM_MODE Type +TPM_RC +TPMI_ALG_SYM_MODE_Unmarshal(TPMI_ALG_SYM_MODE *target, + BYTE **buffer, INT32 *size, BOOL flag); +#if !USE_MARSHALING_DEFINES +UINT16 +TPMI_ALG_SYM_MODE_Marshal(TPMI_ALG_SYM_MODE *source, BYTE **buffer, INT32 *size); +#else +#define TPMI_ALG_SYM_MODE_Marshal(source, buffer, size) \ + TPM_ALG_ID_Marshal((TPM_ALG_ID *)(source), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES + +// Table 2:68 - Definition of TPMI_ALG_KDF Type +TPM_RC +TPMI_ALG_KDF_Unmarshal(TPMI_ALG_KDF *target, BYTE **buffer, INT32 *size, BOOL flag); +#if !USE_MARSHALING_DEFINES +UINT16 +TPMI_ALG_KDF_Marshal(TPMI_ALG_KDF *source, BYTE **buffer, INT32 *size); +#else +#define TPMI_ALG_KDF_Marshal(source, buffer, size) \ + TPM_ALG_ID_Marshal((TPM_ALG_ID *)(source), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES + +// Table 2:69 - Definition of TPMI_ALG_SIG_SCHEME Type +TPM_RC +TPMI_ALG_SIG_SCHEME_Unmarshal(TPMI_ALG_SIG_SCHEME *target, + BYTE **buffer, INT32 *size, BOOL flag); +#if !USE_MARSHALING_DEFINES +UINT16 +TPMI_ALG_SIG_SCHEME_Marshal(TPMI_ALG_SIG_SCHEME *source, + BYTE **buffer, INT32 *size); +#else +#define TPMI_ALG_SIG_SCHEME_Marshal(source, buffer, size) \ + TPM_ALG_ID_Marshal((TPM_ALG_ID *)(source), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES + +// Table 2:70 - Definition of TPMI_ECC_KEY_EXCHANGE Type +#if ALG_ECC +TPM_RC +TPMI_ECC_KEY_EXCHANGE_Unmarshal(TPMI_ECC_KEY_EXCHANGE *target, + BYTE **buffer, INT32 *size, BOOL flag); +#if !USE_MARSHALING_DEFINES +UINT16 +TPMI_ECC_KEY_EXCHANGE_Marshal(TPMI_ECC_KEY_EXCHANGE *source, + BYTE **buffer, INT32 *size); +#else +#define TPMI_ECC_KEY_EXCHANGE_Marshal(source, buffer, size) \ + TPM_ALG_ID_Marshal((TPM_ALG_ID *)(source), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES +#endif // ALG_ECC + +// Table 2:71 - Definition of TPMI_ST_COMMAND_TAG Type +TPM_RC +TPMI_ST_COMMAND_TAG_Unmarshal(TPMI_ST_COMMAND_TAG *target, + BYTE **buffer, INT32 *size); +#if !USE_MARSHALING_DEFINES +UINT16 +TPMI_ST_COMMAND_TAG_Marshal(TPMI_ST_COMMAND_TAG *source, + BYTE **buffer, INT32 *size); +#else +#define TPMI_ST_COMMAND_TAG_Marshal(source, buffer, size) \ + TPM_ST_Marshal((TPM_ST *)(source), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES + +// Table 2:72 - Definition of TPMI_ALG_MAC_SCHEME Type +TPM_RC +TPMI_ALG_MAC_SCHEME_Unmarshal(TPMI_ALG_MAC_SCHEME *target, + BYTE **buffer, INT32 *size, BOOL flag); +#if !USE_MARSHALING_DEFINES +UINT16 +TPMI_ALG_MAC_SCHEME_Marshal(TPMI_ALG_MAC_SCHEME *source, + BYTE **buffer, INT32 *size); +#else +#define TPMI_ALG_MAC_SCHEME_Marshal(source, buffer, size) \ + TPM_ALG_ID_Marshal((TPM_ALG_ID *)(source), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES + +// Table 2:73 - Definition of TPMI_ALG_CIPHER_MODE Type +TPM_RC +TPMI_ALG_CIPHER_MODE_Unmarshal(TPMI_ALG_CIPHER_MODE *target, + BYTE **buffer, INT32 *size, BOOL flag); +#if !USE_MARSHALING_DEFINES +UINT16 +TPMI_ALG_CIPHER_MODE_Marshal(TPMI_ALG_CIPHER_MODE *source, + BYTE **buffer, INT32 *size); +#else +#define TPMI_ALG_CIPHER_MODE_Marshal(source, buffer, size) \ + TPM_ALG_ID_Marshal((TPM_ALG_ID *)(source), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES + +// Table 2:74 - Definition of TPMS_EMPTY Structure +TPM_RC +TPMS_EMPTY_Unmarshal(TPMS_EMPTY *target, BYTE **buffer, INT32 *size); +UINT16 +TPMS_EMPTY_Marshal(TPMS_EMPTY *source, BYTE **buffer, INT32 *size); + +// Table 2:75 - Definition of TPMS_ALGORITHM_DESCRIPTION Structure +UINT16 +TPMS_ALGORITHM_DESCRIPTION_Marshal(TPMS_ALGORITHM_DESCRIPTION *source, + BYTE **buffer, INT32 *size); + +// Table 2:76 - Definition of TPMU_HA Union +TPM_RC +TPMU_HA_Unmarshal(TPMU_HA *target, BYTE **buffer, INT32 *size, UINT32 selector); +UINT16 +TPMU_HA_Marshal(TPMU_HA *source, BYTE **buffer, INT32 *size, UINT32 selector); + +// Table 2:77 - Definition of TPMT_HA Structure +TPM_RC +TPMT_HA_Unmarshal(TPMT_HA *target, BYTE **buffer, INT32 *size, BOOL flag); +UINT16 +TPMT_HA_Marshal(TPMT_HA *source, BYTE **buffer, INT32 *size); + +// Table 2:78 - Definition of TPM2B_DIGEST Structure +TPM_RC +TPM2B_DIGEST_Unmarshal(TPM2B_DIGEST *target, BYTE **buffer, INT32 *size); +UINT16 +TPM2B_DIGEST_Marshal(TPM2B_DIGEST *source, BYTE **buffer, INT32 *size); + +// Table 2:79 - Definition of TPM2B_DATA Structure +TPM_RC +TPM2B_DATA_Unmarshal(TPM2B_DATA *target, BYTE **buffer, INT32 *size); +UINT16 +TPM2B_DATA_Marshal(TPM2B_DATA *source, BYTE **buffer, INT32 *size); + +// Table 2:80 - Definition of Types for TPM2B_NONCE +#if !USE_MARSHALING_DEFINES +TPM_RC +TPM2B_NONCE_Unmarshal(TPM2B_NONCE *target, BYTE **buffer, INT32 *size); +#else +#define TPM2B_NONCE_Unmarshal(target, buffer, size) \ + TPM2B_DIGEST_Unmarshal((TPM2B_DIGEST *)(target), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES +#if !USE_MARSHALING_DEFINES +UINT16 +TPM2B_NONCE_Marshal(TPM2B_NONCE *source, BYTE **buffer, INT32 *size); +#else +#define TPM2B_NONCE_Marshal(source, buffer, size) \ + TPM2B_DIGEST_Marshal((TPM2B_DIGEST *)(source), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES + +// Table 2:81 - Definition of Types for TPM2B_AUTH +#if !USE_MARSHALING_DEFINES +TPM_RC +TPM2B_AUTH_Unmarshal(TPM2B_AUTH *target, BYTE **buffer, INT32 *size); +#else +#define TPM2B_AUTH_Unmarshal(target, buffer, size) \ + TPM2B_DIGEST_Unmarshal((TPM2B_DIGEST *)(target), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES +#if !USE_MARSHALING_DEFINES +UINT16 +TPM2B_AUTH_Marshal(TPM2B_AUTH *source, BYTE **buffer, INT32 *size); +#else +#define TPM2B_AUTH_Marshal(source, buffer, size) \ + TPM2B_DIGEST_Marshal((TPM2B_DIGEST *)(source), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES + +// Table 2:82 - Definition of Types for TPM2B_OPERAND +#if !USE_MARSHALING_DEFINES +TPM_RC +TPM2B_OPERAND_Unmarshal(TPM2B_OPERAND *target, BYTE **buffer, INT32 *size); +#else +#define TPM2B_OPERAND_Unmarshal(target, buffer, size) \ + TPM2B_DIGEST_Unmarshal((TPM2B_DIGEST *)(target), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES +#if !USE_MARSHALING_DEFINES +UINT16 +TPM2B_OPERAND_Marshal(TPM2B_OPERAND *source, BYTE **buffer, INT32 *size); +#else +#define TPM2B_OPERAND_Marshal(source, buffer, size) \ + TPM2B_DIGEST_Marshal((TPM2B_DIGEST *)(source), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES + +// Table 2:83 - Definition of TPM2B_EVENT Structure +TPM_RC +TPM2B_EVENT_Unmarshal(TPM2B_EVENT *target, BYTE **buffer, INT32 *size); +UINT16 +TPM2B_EVENT_Marshal(TPM2B_EVENT *source, BYTE **buffer, INT32 *size); + +// Table 2:84 - Definition of TPM2B_MAX_BUFFER Structure +TPM_RC +TPM2B_MAX_BUFFER_Unmarshal(TPM2B_MAX_BUFFER *target, BYTE **buffer, INT32 *size); +UINT16 +TPM2B_MAX_BUFFER_Marshal(TPM2B_MAX_BUFFER *source, BYTE **buffer, INT32 *size); + +// Table 2:85 - Definition of TPM2B_MAX_NV_BUFFER Structure +TPM_RC +TPM2B_MAX_NV_BUFFER_Unmarshal(TPM2B_MAX_NV_BUFFER *target, + BYTE **buffer, INT32 *size); +UINT16 +TPM2B_MAX_NV_BUFFER_Marshal(TPM2B_MAX_NV_BUFFER *source, + BYTE **buffer, INT32 *size); + +// Table 2:86 - Definition of TPM2B_TIMEOUT Structure +TPM_RC +TPM2B_TIMEOUT_Unmarshal(TPM2B_TIMEOUT *target, BYTE **buffer, INT32 *size); +UINT16 +TPM2B_TIMEOUT_Marshal(TPM2B_TIMEOUT *source, BYTE **buffer, INT32 *size); + +// Table 2:87 - Definition of TPM2B_IV Structure +TPM_RC +TPM2B_IV_Unmarshal(TPM2B_IV *target, BYTE **buffer, INT32 *size); +UINT16 +TPM2B_IV_Marshal(TPM2B_IV *source, BYTE **buffer, INT32 *size); + +// Table 2:88 - Definition of TPMU_NAME Union +// Table 2:89 - Definition of TPM2B_NAME Structure +TPM_RC +TPM2B_NAME_Unmarshal(TPM2B_NAME *target, BYTE **buffer, INT32 *size); +UINT16 +TPM2B_NAME_Marshal(TPM2B_NAME *source, BYTE **buffer, INT32 *size); + +// Table 2:90 - Definition of TPMS_PCR_SELECT Structure +TPM_RC +TPMS_PCR_SELECT_Unmarshal(TPMS_PCR_SELECT *target, BYTE **buffer, INT32 *size); +UINT16 +TPMS_PCR_SELECT_Marshal(TPMS_PCR_SELECT *source, BYTE **buffer, INT32 *size); + +// Table 2:91 - Definition of TPMS_PCR_SELECTION Structure +TPM_RC +TPMS_PCR_SELECTION_Unmarshal(TPMS_PCR_SELECTION *target, + BYTE **buffer, INT32 *size); +UINT16 +TPMS_PCR_SELECTION_Marshal(TPMS_PCR_SELECTION *source, BYTE **buffer, INT32 *size); + +// Table 2:94 - Definition of TPMT_TK_CREATION Structure +TPM_RC +TPMT_TK_CREATION_Unmarshal(TPMT_TK_CREATION *target, BYTE **buffer, INT32 *size); +UINT16 +TPMT_TK_CREATION_Marshal(TPMT_TK_CREATION *source, BYTE **buffer, INT32 *size); + +// Table 2:95 - Definition of TPMT_TK_VERIFIED Structure +TPM_RC +TPMT_TK_VERIFIED_Unmarshal(TPMT_TK_VERIFIED *target, BYTE **buffer, INT32 *size); +UINT16 +TPMT_TK_VERIFIED_Marshal(TPMT_TK_VERIFIED *source, BYTE **buffer, INT32 *size); + +// Table 2:96 - Definition of TPMT_TK_AUTH Structure +TPM_RC +TPMT_TK_AUTH_Unmarshal(TPMT_TK_AUTH *target, BYTE **buffer, INT32 *size); +UINT16 +TPMT_TK_AUTH_Marshal(TPMT_TK_AUTH *source, BYTE **buffer, INT32 *size); + +// Table 2:97 - Definition of TPMT_TK_HASHCHECK Structure +TPM_RC +TPMT_TK_HASHCHECK_Unmarshal(TPMT_TK_HASHCHECK *target, BYTE **buffer, INT32 *size); +UINT16 +TPMT_TK_HASHCHECK_Marshal(TPMT_TK_HASHCHECK *source, BYTE **buffer, INT32 *size); + +// Table 2:98 - Definition of TPMS_ALG_PROPERTY Structure +UINT16 +TPMS_ALG_PROPERTY_Marshal(TPMS_ALG_PROPERTY *source, BYTE **buffer, INT32 *size); + +// Table 2:99 - Definition of TPMS_TAGGED_PROPERTY Structure +UINT16 +TPMS_TAGGED_PROPERTY_Marshal(TPMS_TAGGED_PROPERTY *source, + BYTE **buffer, INT32 *size); + +// Table 2:100 - Definition of TPMS_TAGGED_PCR_SELECT Structure +UINT16 +TPMS_TAGGED_PCR_SELECT_Marshal(TPMS_TAGGED_PCR_SELECT *source, + BYTE **buffer, INT32 *size); + +// Table 2:101 - Definition of TPMS_TAGGED_POLICY Structure +UINT16 +TPMS_TAGGED_POLICY_Marshal(TPMS_TAGGED_POLICY *source, BYTE **buffer, INT32 *size); + +// Table 2:102 - Definition of TPML_CC Structure +TPM_RC +TPML_CC_Unmarshal(TPML_CC *target, BYTE **buffer, INT32 *size); +UINT16 +TPML_CC_Marshal(TPML_CC *source, BYTE **buffer, INT32 *size); + +// Table 2:103 - Definition of TPML_CCA Structure +UINT16 +TPML_CCA_Marshal(TPML_CCA *source, BYTE **buffer, INT32 *size); + +// Table 2:104 - Definition of TPML_ALG Structure +TPM_RC +TPML_ALG_Unmarshal(TPML_ALG *target, BYTE **buffer, INT32 *size); +UINT16 +TPML_ALG_Marshal(TPML_ALG *source, BYTE **buffer, INT32 *size); + +// Table 2:105 - Definition of TPML_HANDLE Structure +UINT16 +TPML_HANDLE_Marshal(TPML_HANDLE *source, BYTE **buffer, INT32 *size); + +// Table 2:106 - Definition of TPML_DIGEST Structure +TPM_RC +TPML_DIGEST_Unmarshal(TPML_DIGEST *target, BYTE **buffer, INT32 *size); +UINT16 +TPML_DIGEST_Marshal(TPML_DIGEST *source, BYTE **buffer, INT32 *size); + +// Table 2:107 - Definition of TPML_DIGEST_VALUES Structure +TPM_RC +TPML_DIGEST_VALUES_Unmarshal(TPML_DIGEST_VALUES *target, + BYTE **buffer, INT32 *size); +UINT16 +TPML_DIGEST_VALUES_Marshal(TPML_DIGEST_VALUES *source, BYTE **buffer, INT32 *size); + +// Table 2:108 - Definition of TPML_PCR_SELECTION Structure +TPM_RC +TPML_PCR_SELECTION_Unmarshal(TPML_PCR_SELECTION *target, + BYTE **buffer, INT32 *size); +UINT16 +TPML_PCR_SELECTION_Marshal(TPML_PCR_SELECTION *source, BYTE **buffer, INT32 *size); + +// Table 2:109 - Definition of TPML_ALG_PROPERTY Structure +UINT16 +TPML_ALG_PROPERTY_Marshal(TPML_ALG_PROPERTY *source, BYTE **buffer, INT32 *size); + +// Table 2:110 - Definition of TPML_TAGGED_TPM_PROPERTY Structure +UINT16 +TPML_TAGGED_TPM_PROPERTY_Marshal(TPML_TAGGED_TPM_PROPERTY *source, + BYTE **buffer, INT32 *size); + +// Table 2:111 - Definition of TPML_TAGGED_PCR_PROPERTY Structure +UINT16 +TPML_TAGGED_PCR_PROPERTY_Marshal(TPML_TAGGED_PCR_PROPERTY *source, + BYTE **buffer, INT32 *size); + +// Table 2:112 - Definition of TPML_ECC_CURVE Structure +#if ALG_ECC +UINT16 +TPML_ECC_CURVE_Marshal(TPML_ECC_CURVE *source, BYTE **buffer, INT32 *size); +#endif // ALG_ECC + +// Table 2:113 - Definition of TPML_TAGGED_POLICY Structure +UINT16 +TPML_TAGGED_POLICY_Marshal(TPML_TAGGED_POLICY *source, BYTE **buffer, INT32 *size); + +// Table 2:114 - Definition of TPMU_CAPABILITIES Union +UINT16 +TPMU_CAPABILITIES_Marshal(TPMU_CAPABILITIES *source, + BYTE **buffer, INT32 *size, UINT32 selector); + +// Table 2:115 - Definition of TPMS_CAPABILITY_DATA Structure +UINT16 +TPMS_CAPABILITY_DATA_Marshal(TPMS_CAPABILITY_DATA *source, + BYTE **buffer, INT32 *size); + +// Table 2:116 - Definition of TPMS_CLOCK_INFO Structure +TPM_RC +TPMS_CLOCK_INFO_Unmarshal(TPMS_CLOCK_INFO *target, BYTE **buffer, INT32 *size); +UINT16 +TPMS_CLOCK_INFO_Marshal(TPMS_CLOCK_INFO *source, BYTE **buffer, INT32 *size); + +// Table 2:117 - Definition of TPMS_TIME_INFO Structure +TPM_RC +TPMS_TIME_INFO_Unmarshal(TPMS_TIME_INFO *target, BYTE **buffer, INT32 *size); +UINT16 +TPMS_TIME_INFO_Marshal(TPMS_TIME_INFO *source, BYTE **buffer, INT32 *size); + +// Table 2:118 - Definition of TPMS_TIME_ATTEST_INFO Structure +UINT16 +TPMS_TIME_ATTEST_INFO_Marshal(TPMS_TIME_ATTEST_INFO *source, + BYTE **buffer, INT32 *size); + +// Table 2:119 - Definition of TPMS_CERTIFY_INFO Structure +UINT16 +TPMS_CERTIFY_INFO_Marshal(TPMS_CERTIFY_INFO *source, BYTE **buffer, INT32 *size); + +// Table 2:120 - Definition of TPMS_QUOTE_INFO Structure +UINT16 +TPMS_QUOTE_INFO_Marshal(TPMS_QUOTE_INFO *source, BYTE **buffer, INT32 *size); + +// Table 2:121 - Definition of TPMS_COMMAND_AUDIT_INFO Structure +UINT16 +TPMS_COMMAND_AUDIT_INFO_Marshal(TPMS_COMMAND_AUDIT_INFO *source, + BYTE **buffer, INT32 *size); + +// Table 2:122 - Definition of TPMS_SESSION_AUDIT_INFO Structure +UINT16 +TPMS_SESSION_AUDIT_INFO_Marshal(TPMS_SESSION_AUDIT_INFO *source, + BYTE **buffer, INT32 *size); + +// Table 2:123 - Definition of TPMS_CREATION_INFO Structure +UINT16 +TPMS_CREATION_INFO_Marshal(TPMS_CREATION_INFO *source, BYTE **buffer, INT32 *size); + +// Table 2:124 - Definition of TPMS_NV_CERTIFY_INFO Structure +UINT16 +TPMS_NV_CERTIFY_INFO_Marshal(TPMS_NV_CERTIFY_INFO *source, + BYTE **buffer, INT32 *size); + +// Table 2:125 - Definition of TPMS_NV_DIGEST_CERTIFY_INFO Structure +UINT16 +TPMS_NV_DIGEST_CERTIFY_INFO_Marshal(TPMS_NV_DIGEST_CERTIFY_INFO *source, + BYTE **buffer, INT32 *size); + +// Table 2:126 - Definition of TPMI_ST_ATTEST Type +#if !USE_MARSHALING_DEFINES +UINT16 +TPMI_ST_ATTEST_Marshal(TPMI_ST_ATTEST *source, BYTE **buffer, INT32 *size); +#else +#define TPMI_ST_ATTEST_Marshal(source, buffer, size) \ + TPM_ST_Marshal((TPM_ST *)(source), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES + +// Table 2:127 - Definition of TPMU_ATTEST Union +UINT16 +TPMU_ATTEST_Marshal(TPMU_ATTEST *source, + BYTE **buffer, INT32 *size, UINT32 selector); + +// Table 2:128 - Definition of TPMS_ATTEST Structure +UINT16 +TPMS_ATTEST_Marshal(TPMS_ATTEST *source, BYTE **buffer, INT32 *size); + +// Table 2:129 - Definition of TPM2B_ATTEST Structure +UINT16 +TPM2B_ATTEST_Marshal(TPM2B_ATTEST *source, BYTE **buffer, INT32 *size); + +// Table 2:130 - Definition of TPMS_AUTH_COMMAND Structure +TPM_RC +TPMS_AUTH_COMMAND_Unmarshal(TPMS_AUTH_COMMAND *target, BYTE **buffer, INT32 *size); + +// Table 2:131 - Definition of TPMS_AUTH_RESPONSE Structure +UINT16 +TPMS_AUTH_RESPONSE_Marshal(TPMS_AUTH_RESPONSE *source, BYTE **buffer, INT32 *size); + +// Table 2:132 - Definition of TPMI_TDES_KEY_BITS Type +#if ALG_TDES +TPM_RC +TPMI_TDES_KEY_BITS_Unmarshal(TPMI_TDES_KEY_BITS *target, + BYTE **buffer, INT32 *size); +#if !USE_MARSHALING_DEFINES +UINT16 +TPMI_TDES_KEY_BITS_Marshal(TPMI_TDES_KEY_BITS *source, BYTE **buffer, INT32 *size); +#else +#define TPMI_TDES_KEY_BITS_Marshal(source, buffer, size) \ + TPM_KEY_BITS_Marshal((TPM_KEY_BITS *)(source), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES +#endif // ALG_TDES + +// Table 2:132 - Definition of TPMI_AES_KEY_BITS Type +#if ALG_AES +TPM_RC +TPMI_AES_KEY_BITS_Unmarshal(TPMI_AES_KEY_BITS *target, BYTE **buffer, INT32 *size); +#if !USE_MARSHALING_DEFINES +UINT16 +TPMI_AES_KEY_BITS_Marshal(TPMI_AES_KEY_BITS *source, BYTE **buffer, INT32 *size); +#else +#define TPMI_AES_KEY_BITS_Marshal(source, buffer, size) \ + TPM_KEY_BITS_Marshal((TPM_KEY_BITS *)(source), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES +#endif // ALG_AES + +// Table 2:132 - Definition of TPMI_SM4_KEY_BITS Type +#if ALG_SM4 +TPM_RC +TPMI_SM4_KEY_BITS_Unmarshal(TPMI_SM4_KEY_BITS *target, BYTE **buffer, INT32 *size); +#if !USE_MARSHALING_DEFINES +UINT16 +TPMI_SM4_KEY_BITS_Marshal(TPMI_SM4_KEY_BITS *source, BYTE **buffer, INT32 *size); +#else +#define TPMI_SM4_KEY_BITS_Marshal(source, buffer, size) \ + TPM_KEY_BITS_Marshal((TPM_KEY_BITS *)(source), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES +#endif // ALG_SM4 + +// Table 2:132 - Definition of TPMI_CAMELLIA_KEY_BITS Type +#if ALG_CAMELLIA +TPM_RC +TPMI_CAMELLIA_KEY_BITS_Unmarshal(TPMI_CAMELLIA_KEY_BITS *target, + BYTE **buffer, INT32 *size); +#if !USE_MARSHALING_DEFINES +UINT16 +TPMI_CAMELLIA_KEY_BITS_Marshal(TPMI_CAMELLIA_KEY_BITS *source, + BYTE **buffer, INT32 *size); +#else +#define TPMI_CAMELLIA_KEY_BITS_Marshal(source, buffer, size) \ + TPM_KEY_BITS_Marshal((TPM_KEY_BITS *)(source), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES +#endif // ALG_CAMELLIA + +// Table 2:133 - Definition of TPMU_SYM_KEY_BITS Union +TPM_RC +TPMU_SYM_KEY_BITS_Unmarshal(TPMU_SYM_KEY_BITS *target, + BYTE **buffer, INT32 *size, UINT32 selector); +UINT16 +TPMU_SYM_KEY_BITS_Marshal(TPMU_SYM_KEY_BITS *source, + BYTE **buffer, INT32 *size, UINT32 selector); + +// Table 2:134 - Definition of TPMU_SYM_MODE Union +TPM_RC +TPMU_SYM_MODE_Unmarshal(TPMU_SYM_MODE *target, + BYTE **buffer, INT32 *size, UINT32 selector); +UINT16 +TPMU_SYM_MODE_Marshal(TPMU_SYM_MODE *source, + BYTE **buffer, INT32 *size, UINT32 selector); + +// Table 2:136 - Definition of TPMT_SYM_DEF Structure +TPM_RC +TPMT_SYM_DEF_Unmarshal(TPMT_SYM_DEF *target, BYTE **buffer, INT32 *size, BOOL flag); +UINT16 +TPMT_SYM_DEF_Marshal(TPMT_SYM_DEF *source, BYTE **buffer, INT32 *size); + +// Table 2:137 - Definition of TPMT_SYM_DEF_OBJECT Structure +TPM_RC +TPMT_SYM_DEF_OBJECT_Unmarshal(TPMT_SYM_DEF_OBJECT *target, + BYTE **buffer, INT32 *size, BOOL flag); +UINT16 +TPMT_SYM_DEF_OBJECT_Marshal(TPMT_SYM_DEF_OBJECT *source, + BYTE **buffer, INT32 *size); + +// Table 2:138 - Definition of TPM2B_SYM_KEY Structure +TPM_RC +TPM2B_SYM_KEY_Unmarshal(TPM2B_SYM_KEY *target, BYTE **buffer, INT32 *size); +UINT16 +TPM2B_SYM_KEY_Marshal(TPM2B_SYM_KEY *source, BYTE **buffer, INT32 *size); + +// Table 2:139 - Definition of TPMS_SYMCIPHER_PARMS Structure +TPM_RC +TPMS_SYMCIPHER_PARMS_Unmarshal(TPMS_SYMCIPHER_PARMS *target, + BYTE **buffer, INT32 *size); +UINT16 +TPMS_SYMCIPHER_PARMS_Marshal(TPMS_SYMCIPHER_PARMS *source, + BYTE **buffer, INT32 *size); + +// Table 2:140 - Definition of TPM2B_LABEL Structure +TPM_RC +TPM2B_LABEL_Unmarshal(TPM2B_LABEL *target, BYTE **buffer, INT32 *size); +UINT16 +TPM2B_LABEL_Marshal(TPM2B_LABEL *source, BYTE **buffer, INT32 *size); + +// Table 2:141 - Definition of TPMS_DERIVE Structure +TPM_RC +TPMS_DERIVE_Unmarshal(TPMS_DERIVE *target, BYTE **buffer, INT32 *size); +UINT16 +TPMS_DERIVE_Marshal(TPMS_DERIVE *source, BYTE **buffer, INT32 *size); + +// Table 2:142 - Definition of TPM2B_DERIVE Structure +TPM_RC +TPM2B_DERIVE_Unmarshal(TPM2B_DERIVE *target, BYTE **buffer, INT32 *size); +UINT16 +TPM2B_DERIVE_Marshal(TPM2B_DERIVE *source, BYTE **buffer, INT32 *size); + +// Table 2:143 - Definition of TPMU_SENSITIVE_CREATE Union +// Table 2:144 - Definition of TPM2B_SENSITIVE_DATA Structure +TPM_RC +TPM2B_SENSITIVE_DATA_Unmarshal(TPM2B_SENSITIVE_DATA *target, + BYTE **buffer, INT32 *size); +UINT16 +TPM2B_SENSITIVE_DATA_Marshal(TPM2B_SENSITIVE_DATA *source, + BYTE **buffer, INT32 *size); + +// Table 2:145 - Definition of TPMS_SENSITIVE_CREATE Structure +TPM_RC +TPMS_SENSITIVE_CREATE_Unmarshal(TPMS_SENSITIVE_CREATE *target, + BYTE **buffer, INT32 *size); + +// Table 2:146 - Definition of TPM2B_SENSITIVE_CREATE Structure +TPM_RC +TPM2B_SENSITIVE_CREATE_Unmarshal(TPM2B_SENSITIVE_CREATE *target, + BYTE **buffer, INT32 *size); + +// Table 2:147 - Definition of TPMS_SCHEME_HASH Structure +TPM_RC +TPMS_SCHEME_HASH_Unmarshal(TPMS_SCHEME_HASH *target, BYTE **buffer, INT32 *size); +UINT16 +TPMS_SCHEME_HASH_Marshal(TPMS_SCHEME_HASH *source, BYTE **buffer, INT32 *size); + +// Table 2:148 - Definition of TPMS_SCHEME_ECDAA Structure +#if ALG_ECC +TPM_RC +TPMS_SCHEME_ECDAA_Unmarshal(TPMS_SCHEME_ECDAA *target, BYTE **buffer, INT32 *size); +UINT16 +TPMS_SCHEME_ECDAA_Marshal(TPMS_SCHEME_ECDAA *source, BYTE **buffer, INT32 *size); +#endif // ALG_ECC + +// Table 2:149 - Definition of TPMI_ALG_KEYEDHASH_SCHEME Type +TPM_RC +TPMI_ALG_KEYEDHASH_SCHEME_Unmarshal(TPMI_ALG_KEYEDHASH_SCHEME *target, + BYTE **buffer, INT32 *size, BOOL flag); +#if !USE_MARSHALING_DEFINES +UINT16 +TPMI_ALG_KEYEDHASH_SCHEME_Marshal(TPMI_ALG_KEYEDHASH_SCHEME *source, + BYTE **buffer, INT32 *size); +#else +#define TPMI_ALG_KEYEDHASH_SCHEME_Marshal(source, buffer, size) \ + TPM_ALG_ID_Marshal((TPM_ALG_ID *)(source), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES + +// Table 2:150 - Definition of Types for HMAC_SIG_SCHEME +#if !USE_MARSHALING_DEFINES +TPM_RC +TPMS_SCHEME_HMAC_Unmarshal(TPMS_SCHEME_HMAC *target, BYTE **buffer, INT32 *size); +#else +#define TPMS_SCHEME_HMAC_Unmarshal(target, buffer, size) \ + TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)(target), \ + (buffer), \ + (size)) +#endif // !USE_MARSHALING_DEFINES +#if !USE_MARSHALING_DEFINES +UINT16 +TPMS_SCHEME_HMAC_Marshal(TPMS_SCHEME_HMAC *source, BYTE **buffer, INT32 *size); +#else +#define TPMS_SCHEME_HMAC_Marshal(source, buffer, size) \ + TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)(source), \ + (buffer), \ + (size)) +#endif // !USE_MARSHALING_DEFINES + +// Table 2:151 - Definition of TPMS_SCHEME_XOR Structure +TPM_RC +TPMS_SCHEME_XOR_Unmarshal(TPMS_SCHEME_XOR *target, BYTE **buffer, INT32 *size); +UINT16 +TPMS_SCHEME_XOR_Marshal(TPMS_SCHEME_XOR *source, BYTE **buffer, INT32 *size); + +// Table 2:152 - Definition of TPMU_SCHEME_KEYEDHASH Union +TPM_RC +TPMU_SCHEME_KEYEDHASH_Unmarshal(TPMU_SCHEME_KEYEDHASH *target, + BYTE **buffer, INT32 *size, UINT32 selector); +UINT16 +TPMU_SCHEME_KEYEDHASH_Marshal(TPMU_SCHEME_KEYEDHASH *source, + BYTE **buffer, INT32 *size, UINT32 selector); + +// Table 2:153 - Definition of TPMT_KEYEDHASH_SCHEME Structure +TPM_RC +TPMT_KEYEDHASH_SCHEME_Unmarshal(TPMT_KEYEDHASH_SCHEME *target, + BYTE **buffer, INT32 *size, BOOL flag); +UINT16 +TPMT_KEYEDHASH_SCHEME_Marshal(TPMT_KEYEDHASH_SCHEME *source, + BYTE **buffer, INT32 *size); + +// Table 2:154 - Definition of Types for RSA Signature Schemes +#if ALG_RSA +#if !USE_MARSHALING_DEFINES +TPM_RC +TPMS_SIG_SCHEME_RSASSA_Unmarshal(TPMS_SIG_SCHEME_RSASSA *target, + BYTE **buffer, INT32 *size); +#else +#define TPMS_SIG_SCHEME_RSASSA_Unmarshal(target, buffer, size) \ + TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)(target), \ + (buffer), \ + (size)) +#endif // !USE_MARSHALING_DEFINES +#if !USE_MARSHALING_DEFINES +UINT16 +TPMS_SIG_SCHEME_RSASSA_Marshal(TPMS_SIG_SCHEME_RSASSA *source, + BYTE **buffer, INT32 *size); +#else +#define TPMS_SIG_SCHEME_RSASSA_Marshal(source, buffer, size) \ + TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)(source), \ + (buffer), \ + (size)) +#endif // !USE_MARSHALING_DEFINES +#if !USE_MARSHALING_DEFINES +TPM_RC +TPMS_SIG_SCHEME_RSAPSS_Unmarshal(TPMS_SIG_SCHEME_RSAPSS *target, + BYTE **buffer, INT32 *size); +#else +#define TPMS_SIG_SCHEME_RSAPSS_Unmarshal(target, buffer, size) \ + TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)(target), \ + (buffer), \ + (size)) +#endif // !USE_MARSHALING_DEFINES +#if !USE_MARSHALING_DEFINES +UINT16 +TPMS_SIG_SCHEME_RSAPSS_Marshal(TPMS_SIG_SCHEME_RSAPSS *source, + BYTE **buffer, INT32 *size); +#else +#define TPMS_SIG_SCHEME_RSAPSS_Marshal(source, buffer, size) \ + TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)(source), \ + (buffer), \ + (size)) +#endif // !USE_MARSHALING_DEFINES +#endif // ALG_RSA + +// Table 2:155 - Definition of Types for ECC Signature Schemes +#if ALG_ECC +#if !USE_MARSHALING_DEFINES +TPM_RC +TPMS_SIG_SCHEME_ECDSA_Unmarshal(TPMS_SIG_SCHEME_ECDSA *target, + BYTE **buffer, INT32 *size); +#else +#define TPMS_SIG_SCHEME_ECDSA_Unmarshal(target, buffer, size) \ + TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)(target), \ + (buffer), \ + (size)) +#endif // !USE_MARSHALING_DEFINES +#if !USE_MARSHALING_DEFINES +UINT16 +TPMS_SIG_SCHEME_ECDSA_Marshal(TPMS_SIG_SCHEME_ECDSA *source, + BYTE **buffer, INT32 *size); +#else +#define TPMS_SIG_SCHEME_ECDSA_Marshal(source, buffer, size) \ + TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)(source), \ + (buffer), \ + (size)) +#endif // !USE_MARSHALING_DEFINES +#if !USE_MARSHALING_DEFINES +TPM_RC +TPMS_SIG_SCHEME_SM2_Unmarshal(TPMS_SIG_SCHEME_SM2 *target, + BYTE **buffer, INT32 *size); +#else +#define TPMS_SIG_SCHEME_SM2_Unmarshal(target, buffer, size) \ + TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)(target), \ + (buffer), \ + (size)) +#endif // !USE_MARSHALING_DEFINES +#if !USE_MARSHALING_DEFINES +UINT16 +TPMS_SIG_SCHEME_SM2_Marshal(TPMS_SIG_SCHEME_SM2 *source, + BYTE **buffer, INT32 *size); +#else +#define TPMS_SIG_SCHEME_SM2_Marshal(source, buffer, size) \ + TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)(source), \ + (buffer), \ + (size)) +#endif // !USE_MARSHALING_DEFINES +#if !USE_MARSHALING_DEFINES +TPM_RC +TPMS_SIG_SCHEME_ECSCHNORR_Unmarshal(TPMS_SIG_SCHEME_ECSCHNORR *target, + BYTE **buffer, INT32 *size); +#else +#define TPMS_SIG_SCHEME_ECSCHNORR_Unmarshal(target, buffer, size) \ + TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)(target), \ + (buffer), \ + (size)) +#endif // !USE_MARSHALING_DEFINES +#if !USE_MARSHALING_DEFINES +UINT16 +TPMS_SIG_SCHEME_ECSCHNORR_Marshal(TPMS_SIG_SCHEME_ECSCHNORR *source, + BYTE **buffer, INT32 *size); +#else +#define TPMS_SIG_SCHEME_ECSCHNORR_Marshal(source, buffer, size) \ + TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)(source), \ + (buffer), \ + (size)) +#endif // !USE_MARSHALING_DEFINES +#if !USE_MARSHALING_DEFINES +TPM_RC +TPMS_SIG_SCHEME_ECDAA_Unmarshal(TPMS_SIG_SCHEME_ECDAA *target, + BYTE **buffer, INT32 *size); +#else +#define TPMS_SIG_SCHEME_ECDAA_Unmarshal(target, buffer, size) \ + TPMS_SCHEME_ECDAA_Unmarshal((TPMS_SCHEME_ECDAA *)(target), \ + (buffer), \ + (size)) +#endif // !USE_MARSHALING_DEFINES +#if !USE_MARSHALING_DEFINES +UINT16 +TPMS_SIG_SCHEME_ECDAA_Marshal(TPMS_SIG_SCHEME_ECDAA *source, + BYTE **buffer, INT32 *size); +#else +#define TPMS_SIG_SCHEME_ECDAA_Marshal(source, buffer, size) \ + TPMS_SCHEME_ECDAA_Marshal((TPMS_SCHEME_ECDAA *)(source), \ + (buffer), \ + (size)) +#endif // !USE_MARSHALING_DEFINES +#endif // ALG_ECC + +// Table 2:156 - Definition of TPMU_SIG_SCHEME Union +TPM_RC +TPMU_SIG_SCHEME_Unmarshal(TPMU_SIG_SCHEME *target, + BYTE **buffer, INT32 *size, UINT32 selector); +UINT16 +TPMU_SIG_SCHEME_Marshal(TPMU_SIG_SCHEME *source, + BYTE **buffer, INT32 *size, UINT32 selector); + +// Table 2:157 - Definition of TPMT_SIG_SCHEME Structure +TPM_RC +TPMT_SIG_SCHEME_Unmarshal(TPMT_SIG_SCHEME *target, + BYTE **buffer, INT32 *size, BOOL flag); +UINT16 +TPMT_SIG_SCHEME_Marshal(TPMT_SIG_SCHEME *source, BYTE **buffer, INT32 *size); + +// Table 2:158 - Definition of Types for Encryption Schemes +#if ALG_RSA +#if !USE_MARSHALING_DEFINES +TPM_RC +TPMS_ENC_SCHEME_OAEP_Unmarshal(TPMS_ENC_SCHEME_OAEP *target, + BYTE **buffer, INT32 *size); +#else +#define TPMS_ENC_SCHEME_OAEP_Unmarshal(target, buffer, size) \ + TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)(target), \ + (buffer), \ + (size)) +#endif // !USE_MARSHALING_DEFINES +#if !USE_MARSHALING_DEFINES +UINT16 +TPMS_ENC_SCHEME_OAEP_Marshal(TPMS_ENC_SCHEME_OAEP *source, + BYTE **buffer, INT32 *size); +#else +#define TPMS_ENC_SCHEME_OAEP_Marshal(source, buffer, size) \ + TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)(source), \ + (buffer), \ + (size)) +#endif // !USE_MARSHALING_DEFINES +#if !USE_MARSHALING_DEFINES +TPM_RC +TPMS_ENC_SCHEME_RSAES_Unmarshal(TPMS_ENC_SCHEME_RSAES *target, + BYTE **buffer, INT32 *size); +#else +#define TPMS_ENC_SCHEME_RSAES_Unmarshal(target, buffer, size) \ + TPMS_EMPTY_Unmarshal((TPMS_EMPTY *)(target), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES +#if !USE_MARSHALING_DEFINES +UINT16 +TPMS_ENC_SCHEME_RSAES_Marshal(TPMS_ENC_SCHEME_RSAES *source, + BYTE **buffer, INT32 *size); +#else +#define TPMS_ENC_SCHEME_RSAES_Marshal(source, buffer, size) \ + TPMS_EMPTY_Marshal((TPMS_EMPTY *)(source), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES +#endif // ALG_RSA + +// Table 2:159 - Definition of Types for ECC Key Exchange +#if ALG_ECC +#if !USE_MARSHALING_DEFINES +TPM_RC +TPMS_KEY_SCHEME_ECDH_Unmarshal(TPMS_KEY_SCHEME_ECDH *target, + BYTE **buffer, INT32 *size); +#else +#define TPMS_KEY_SCHEME_ECDH_Unmarshal(target, buffer, size) \ + TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)(target), \ + (buffer), \ + (size)) +#endif // !USE_MARSHALING_DEFINES +#if !USE_MARSHALING_DEFINES +UINT16 +TPMS_KEY_SCHEME_ECDH_Marshal(TPMS_KEY_SCHEME_ECDH *source, + BYTE **buffer, INT32 *size); +#else +#define TPMS_KEY_SCHEME_ECDH_Marshal(source, buffer, size) \ + TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)(source), \ + (buffer), \ + (size)) +#endif // !USE_MARSHALING_DEFINES +#if !USE_MARSHALING_DEFINES +TPM_RC +TPMS_KEY_SCHEME_ECMQV_Unmarshal(TPMS_KEY_SCHEME_ECMQV *target, + BYTE **buffer, INT32 *size); +#else +#define TPMS_KEY_SCHEME_ECMQV_Unmarshal(target, buffer, size) \ + TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)(target), \ + (buffer), \ + (size)) +#endif // !USE_MARSHALING_DEFINES +#if !USE_MARSHALING_DEFINES +UINT16 +TPMS_KEY_SCHEME_ECMQV_Marshal(TPMS_KEY_SCHEME_ECMQV *source, + BYTE **buffer, INT32 *size); +#else +#define TPMS_KEY_SCHEME_ECMQV_Marshal(source, buffer, size) \ + TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)(source), \ + (buffer), \ + (size)) +#endif // !USE_MARSHALING_DEFINES +#endif // ALG_ECC + +// Table 2:160 - Definition of Types for KDF Schemes +#if !USE_MARSHALING_DEFINES +TPM_RC +TPMS_SCHEME_MGF1_Unmarshal(TPMS_SCHEME_MGF1 *target, BYTE **buffer, INT32 *size); +#else +#define TPMS_SCHEME_MGF1_Unmarshal(target, buffer, size) \ + TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)(target), \ + (buffer), \ + (size)) +#endif // !USE_MARSHALING_DEFINES +#if !USE_MARSHALING_DEFINES +UINT16 +TPMS_SCHEME_MGF1_Marshal(TPMS_SCHEME_MGF1 *source, BYTE **buffer, INT32 *size); +#else +#define TPMS_SCHEME_MGF1_Marshal(source, buffer, size) \ + TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)(source), \ + (buffer), \ + (size)) +#endif // !USE_MARSHALING_DEFINES +#if !USE_MARSHALING_DEFINES +TPM_RC +TPMS_SCHEME_KDF1_SP800_56A_Unmarshal(TPMS_SCHEME_KDF1_SP800_56A *target, + BYTE **buffer, INT32 *size); +#else +#define TPMS_SCHEME_KDF1_SP800_56A_Unmarshal(target, buffer, size) \ + TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)(target), \ + (buffer), \ + (size)) +#endif // !USE_MARSHALING_DEFINES +#if !USE_MARSHALING_DEFINES +UINT16 +TPMS_SCHEME_KDF1_SP800_56A_Marshal(TPMS_SCHEME_KDF1_SP800_56A *source, + BYTE **buffer, INT32 *size); +#else +#define TPMS_SCHEME_KDF1_SP800_56A_Marshal(source, buffer, size) \ + TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)(source), \ + (buffer), \ + (size)) +#endif // !USE_MARSHALING_DEFINES +#if !USE_MARSHALING_DEFINES +TPM_RC +TPMS_SCHEME_KDF2_Unmarshal(TPMS_SCHEME_KDF2 *target, BYTE **buffer, INT32 *size); +#else +#define TPMS_SCHEME_KDF2_Unmarshal(target, buffer, size) \ + TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)(target), \ + (buffer), \ + (size)) +#endif // !USE_MARSHALING_DEFINES +#if !USE_MARSHALING_DEFINES +UINT16 +TPMS_SCHEME_KDF2_Marshal(TPMS_SCHEME_KDF2 *source, BYTE **buffer, INT32 *size); +#else +#define TPMS_SCHEME_KDF2_Marshal(source, buffer, size) \ + TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)(source), \ + (buffer), \ + (size)) +#endif // !USE_MARSHALING_DEFINES +#if !USE_MARSHALING_DEFINES +TPM_RC +TPMS_SCHEME_KDF1_SP800_108_Unmarshal(TPMS_SCHEME_KDF1_SP800_108 *target, + BYTE **buffer, INT32 *size); +#else +#define TPMS_SCHEME_KDF1_SP800_108_Unmarshal(target, buffer, size) \ + TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)(target), \ + (buffer), \ + (size)) +#endif // !USE_MARSHALING_DEFINES +#if !USE_MARSHALING_DEFINES +UINT16 +TPMS_SCHEME_KDF1_SP800_108_Marshal(TPMS_SCHEME_KDF1_SP800_108 *source, + BYTE **buffer, INT32 *size); +#else +#define TPMS_SCHEME_KDF1_SP800_108_Marshal(source, buffer, size) \ + TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)(source), \ + (buffer), \ + (size)) +#endif // !USE_MARSHALING_DEFINES + +// Table 2:161 - Definition of TPMU_KDF_SCHEME Union +TPM_RC +TPMU_KDF_SCHEME_Unmarshal(TPMU_KDF_SCHEME *target, + BYTE **buffer, INT32 *size, UINT32 selector); +UINT16 +TPMU_KDF_SCHEME_Marshal(TPMU_KDF_SCHEME *source, + BYTE **buffer, INT32 *size, UINT32 selector); + +// Table 2:162 - Definition of TPMT_KDF_SCHEME Structure +TPM_RC +TPMT_KDF_SCHEME_Unmarshal(TPMT_KDF_SCHEME *target, + BYTE **buffer, INT32 *size, BOOL flag); +UINT16 +TPMT_KDF_SCHEME_Marshal(TPMT_KDF_SCHEME *source, BYTE **buffer, INT32 *size); + +// Table 2:163 - Definition of TPMI_ALG_ASYM_SCHEME Type +TPM_RC +TPMI_ALG_ASYM_SCHEME_Unmarshal(TPMI_ALG_ASYM_SCHEME *target, + BYTE **buffer, INT32 *size, BOOL flag); +#if !USE_MARSHALING_DEFINES +UINT16 +TPMI_ALG_ASYM_SCHEME_Marshal(TPMI_ALG_ASYM_SCHEME *source, + BYTE **buffer, INT32 *size); +#else +#define TPMI_ALG_ASYM_SCHEME_Marshal(source, buffer, size) \ + TPM_ALG_ID_Marshal((TPM_ALG_ID *)(source), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES + +// Table 2:164 - Definition of TPMU_ASYM_SCHEME Union +TPM_RC +TPMU_ASYM_SCHEME_Unmarshal(TPMU_ASYM_SCHEME *target, + BYTE **buffer, INT32 *size, UINT32 selector); +UINT16 +TPMU_ASYM_SCHEME_Marshal(TPMU_ASYM_SCHEME *source, + BYTE **buffer, INT32 *size, UINT32 selector); + +// Table 2:165 - Definition of TPMT_ASYM_SCHEME Structure +// Table 2:166 - Definition of TPMI_ALG_RSA_SCHEME Type +#if ALG_RSA +TPM_RC +TPMI_ALG_RSA_SCHEME_Unmarshal(TPMI_ALG_RSA_SCHEME *target, + BYTE **buffer, INT32 *size, BOOL flag); +#if !USE_MARSHALING_DEFINES +UINT16 +TPMI_ALG_RSA_SCHEME_Marshal(TPMI_ALG_RSA_SCHEME *source, + BYTE **buffer, INT32 *size); +#else +#define TPMI_ALG_RSA_SCHEME_Marshal(source, buffer, size) \ + TPM_ALG_ID_Marshal((TPM_ALG_ID *)(source), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES +#endif // ALG_RSA + +// Table 2:167 - Definition of TPMT_RSA_SCHEME Structure +#if ALG_RSA +TPM_RC +TPMT_RSA_SCHEME_Unmarshal(TPMT_RSA_SCHEME *target, + BYTE **buffer, INT32 *size, BOOL flag); +UINT16 +TPMT_RSA_SCHEME_Marshal(TPMT_RSA_SCHEME *source, BYTE **buffer, INT32 *size); +#endif // ALG_RSA + +// Table 2:168 - Definition of TPMI_ALG_RSA_DECRYPT Type +#if ALG_RSA +TPM_RC +TPMI_ALG_RSA_DECRYPT_Unmarshal(TPMI_ALG_RSA_DECRYPT *target, + BYTE **buffer, INT32 *size, BOOL flag); +#if !USE_MARSHALING_DEFINES +UINT16 +TPMI_ALG_RSA_DECRYPT_Marshal(TPMI_ALG_RSA_DECRYPT *source, + BYTE **buffer, INT32 *size); +#else +#define TPMI_ALG_RSA_DECRYPT_Marshal(source, buffer, size) \ + TPM_ALG_ID_Marshal((TPM_ALG_ID *)(source), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES +#endif // ALG_RSA + +// Table 2:169 - Definition of TPMT_RSA_DECRYPT Structure +#if ALG_RSA +TPM_RC +TPMT_RSA_DECRYPT_Unmarshal(TPMT_RSA_DECRYPT *target, + BYTE **buffer, INT32 *size, BOOL flag); +UINT16 +TPMT_RSA_DECRYPT_Marshal(TPMT_RSA_DECRYPT *source, BYTE **buffer, INT32 *size); +#endif // ALG_RSA + +// Table 2:170 - Definition of TPM2B_PUBLIC_KEY_RSA Structure +#if ALG_RSA +TPM_RC +TPM2B_PUBLIC_KEY_RSA_Unmarshal(TPM2B_PUBLIC_KEY_RSA *target, + BYTE **buffer, INT32 *size); +UINT16 +TPM2B_PUBLIC_KEY_RSA_Marshal(TPM2B_PUBLIC_KEY_RSA *source, + BYTE **buffer, INT32 *size); +#endif // ALG_RSA + +// Table 2:171 - Definition of TPMI_RSA_KEY_BITS Type +#if ALG_RSA +TPM_RC +TPMI_RSA_KEY_BITS_Unmarshal(TPMI_RSA_KEY_BITS *target, BYTE **buffer, INT32 *size); +#if !USE_MARSHALING_DEFINES +UINT16 +TPMI_RSA_KEY_BITS_Marshal(TPMI_RSA_KEY_BITS *source, BYTE **buffer, INT32 *size); +#else +#define TPMI_RSA_KEY_BITS_Marshal(source, buffer, size) \ + TPM_KEY_BITS_Marshal((TPM_KEY_BITS *)(source), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES +#endif // ALG_RSA + +// Table 2:172 - Definition of TPM2B_PRIVATE_KEY_RSA Structure +#if ALG_RSA +TPM_RC +TPM2B_PRIVATE_KEY_RSA_Unmarshal(TPM2B_PRIVATE_KEY_RSA *target, + BYTE **buffer, INT32 *size); +UINT16 +TPM2B_PRIVATE_KEY_RSA_Marshal(TPM2B_PRIVATE_KEY_RSA *source, + BYTE **buffer, INT32 *size); +#endif // ALG_RSA + +// Table 2:173 - Definition of TPM2B_ECC_PARAMETER Structure +TPM_RC +TPM2B_ECC_PARAMETER_Unmarshal(TPM2B_ECC_PARAMETER *target, + BYTE **buffer, INT32 *size); +UINT16 +TPM2B_ECC_PARAMETER_Marshal(TPM2B_ECC_PARAMETER *source, + BYTE **buffer, INT32 *size); + +// Table 2:174 - Definition of TPMS_ECC_POINT Structure +#if ALG_ECC +TPM_RC +TPMS_ECC_POINT_Unmarshal(TPMS_ECC_POINT *target, BYTE **buffer, INT32 *size); +UINT16 +TPMS_ECC_POINT_Marshal(TPMS_ECC_POINT *source, BYTE **buffer, INT32 *size); +#endif // ALG_ECC + +// Table 2:175 - Definition of TPM2B_ECC_POINT Structure +#if ALG_ECC +TPM_RC +TPM2B_ECC_POINT_Unmarshal(TPM2B_ECC_POINT *target, BYTE **buffer, INT32 *size); +UINT16 +TPM2B_ECC_POINT_Marshal(TPM2B_ECC_POINT *source, BYTE **buffer, INT32 *size); +#endif // ALG_ECC + +// Table 2:176 - Definition of TPMI_ALG_ECC_SCHEME Type +#if ALG_ECC +TPM_RC +TPMI_ALG_ECC_SCHEME_Unmarshal(TPMI_ALG_ECC_SCHEME *target, + BYTE **buffer, INT32 *size, BOOL flag); +#if !USE_MARSHALING_DEFINES +UINT16 +TPMI_ALG_ECC_SCHEME_Marshal(TPMI_ALG_ECC_SCHEME *source, + BYTE **buffer, INT32 *size); +#else +#define TPMI_ALG_ECC_SCHEME_Marshal(source, buffer, size) \ + TPM_ALG_ID_Marshal((TPM_ALG_ID *)(source), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES +#endif // ALG_ECC + +// Table 2:177 - Definition of TPMI_ECC_CURVE Type +#if ALG_ECC +TPM_RC +TPMI_ECC_CURVE_Unmarshal(TPMI_ECC_CURVE *target, BYTE **buffer, INT32 *size); +#if !USE_MARSHALING_DEFINES +UINT16 +TPMI_ECC_CURVE_Marshal(TPMI_ECC_CURVE *source, BYTE **buffer, INT32 *size); +#else +#define TPMI_ECC_CURVE_Marshal(source, buffer, size) \ + TPM_ECC_CURVE_Marshal((TPM_ECC_CURVE *)(source), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES +#endif // ALG_ECC + +// Table 2:178 - Definition of TPMT_ECC_SCHEME Structure +#if ALG_ECC +TPM_RC +TPMT_ECC_SCHEME_Unmarshal(TPMT_ECC_SCHEME *target, + BYTE **buffer, INT32 *size, BOOL flag); +UINT16 +TPMT_ECC_SCHEME_Marshal(TPMT_ECC_SCHEME *source, BYTE **buffer, INT32 *size); +#endif // ALG_ECC + +// Table 2:179 - Definition of TPMS_ALGORITHM_DETAIL_ECC Structure +#if ALG_ECC +UINT16 +TPMS_ALGORITHM_DETAIL_ECC_Marshal(TPMS_ALGORITHM_DETAIL_ECC *source, + BYTE **buffer, INT32 *size); +#endif // ALG_ECC + +// Table 2:180 - Definition of TPMS_SIGNATURE_RSA Structure +#if ALG_RSA +TPM_RC +TPMS_SIGNATURE_RSA_Unmarshal(TPMS_SIGNATURE_RSA *target, + BYTE **buffer, INT32 *size); +UINT16 +TPMS_SIGNATURE_RSA_Marshal(TPMS_SIGNATURE_RSA *source, BYTE **buffer, INT32 *size); +#endif // ALG_RSA + +// Table 2:181 - Definition of Types for Signature +#if ALG_RSA +#if !USE_MARSHALING_DEFINES +TPM_RC +TPMS_SIGNATURE_RSASSA_Unmarshal(TPMS_SIGNATURE_RSASSA *target, + BYTE **buffer, INT32 *size); +#else +#define TPMS_SIGNATURE_RSASSA_Unmarshal(target, buffer, size) \ + TPMS_SIGNATURE_RSA_Unmarshal((TPMS_SIGNATURE_RSA *)(target), \ + (buffer), \ + (size)) +#endif // !USE_MARSHALING_DEFINES +#if !USE_MARSHALING_DEFINES +UINT16 +TPMS_SIGNATURE_RSASSA_Marshal(TPMS_SIGNATURE_RSASSA *source, + BYTE **buffer, INT32 *size); +#else +#define TPMS_SIGNATURE_RSASSA_Marshal(source, buffer, size) \ + TPMS_SIGNATURE_RSA_Marshal((TPMS_SIGNATURE_RSA *)(source), \ + (buffer), \ + (size)) +#endif // !USE_MARSHALING_DEFINES +#if !USE_MARSHALING_DEFINES +TPM_RC +TPMS_SIGNATURE_RSAPSS_Unmarshal(TPMS_SIGNATURE_RSAPSS *target, + BYTE **buffer, INT32 *size); +#else +#define TPMS_SIGNATURE_RSAPSS_Unmarshal(target, buffer, size) \ + TPMS_SIGNATURE_RSA_Unmarshal((TPMS_SIGNATURE_RSA *)(target), \ + (buffer), \ + (size)) +#endif // !USE_MARSHALING_DEFINES +#if !USE_MARSHALING_DEFINES +UINT16 +TPMS_SIGNATURE_RSAPSS_Marshal(TPMS_SIGNATURE_RSAPSS *source, + BYTE **buffer, INT32 *size); +#else +#define TPMS_SIGNATURE_RSAPSS_Marshal(source, buffer, size) \ + TPMS_SIGNATURE_RSA_Marshal((TPMS_SIGNATURE_RSA *)(source), \ + (buffer), \ + (size)) +#endif // !USE_MARSHALING_DEFINES +#endif // ALG_RSA + +// Table 2:182 - Definition of TPMS_SIGNATURE_ECC Structure +#if ALG_ECC +TPM_RC +TPMS_SIGNATURE_ECC_Unmarshal(TPMS_SIGNATURE_ECC *target, + BYTE **buffer, INT32 *size); +UINT16 +TPMS_SIGNATURE_ECC_Marshal(TPMS_SIGNATURE_ECC *source, BYTE **buffer, INT32 *size); +#endif // ALG_ECC + +// Table 2:183 - Definition of Types for TPMS_SIGNATURE_ECC +#if ALG_ECC +#if !USE_MARSHALING_DEFINES +TPM_RC +TPMS_SIGNATURE_ECDAA_Unmarshal(TPMS_SIGNATURE_ECDAA *target, + BYTE **buffer, INT32 *size); +#else +#define TPMS_SIGNATURE_ECDAA_Unmarshal(target, buffer, size) \ + TPMS_SIGNATURE_ECC_Unmarshal((TPMS_SIGNATURE_ECC *)(target), \ + (buffer), \ + (size)) +#endif // !USE_MARSHALING_DEFINES +#if !USE_MARSHALING_DEFINES +UINT16 +TPMS_SIGNATURE_ECDAA_Marshal(TPMS_SIGNATURE_ECDAA *source, + BYTE **buffer, INT32 *size); +#else +#define TPMS_SIGNATURE_ECDAA_Marshal(source, buffer, size) \ + TPMS_SIGNATURE_ECC_Marshal((TPMS_SIGNATURE_ECC *)(source), \ + (buffer), \ + (size)) +#endif // !USE_MARSHALING_DEFINES +#if !USE_MARSHALING_DEFINES +TPM_RC +TPMS_SIGNATURE_ECDSA_Unmarshal(TPMS_SIGNATURE_ECDSA *target, + BYTE **buffer, INT32 *size); +#else +#define TPMS_SIGNATURE_ECDSA_Unmarshal(target, buffer, size) \ + TPMS_SIGNATURE_ECC_Unmarshal((TPMS_SIGNATURE_ECC *)(target), \ + (buffer), \ + (size)) +#endif // !USE_MARSHALING_DEFINES +#if !USE_MARSHALING_DEFINES +UINT16 +TPMS_SIGNATURE_ECDSA_Marshal(TPMS_SIGNATURE_ECDSA *source, + BYTE **buffer, INT32 *size); +#else +#define TPMS_SIGNATURE_ECDSA_Marshal(source, buffer, size) \ + TPMS_SIGNATURE_ECC_Marshal((TPMS_SIGNATURE_ECC *)(source), \ + (buffer), \ + (size)) +#endif // !USE_MARSHALING_DEFINES +#if !USE_MARSHALING_DEFINES +TPM_RC +TPMS_SIGNATURE_SM2_Unmarshal(TPMS_SIGNATURE_SM2 *target, + BYTE **buffer, INT32 *size); +#else +#define TPMS_SIGNATURE_SM2_Unmarshal(target, buffer, size) \ + TPMS_SIGNATURE_ECC_Unmarshal((TPMS_SIGNATURE_ECC *)(target), \ + (buffer), \ + (size)) +#endif // !USE_MARSHALING_DEFINES +#if !USE_MARSHALING_DEFINES +UINT16 +TPMS_SIGNATURE_SM2_Marshal(TPMS_SIGNATURE_SM2 *source, BYTE **buffer, INT32 *size); +#else +#define TPMS_SIGNATURE_SM2_Marshal(source, buffer, size) \ + TPMS_SIGNATURE_ECC_Marshal((TPMS_SIGNATURE_ECC *)(source), \ + (buffer), \ + (size)) +#endif // !USE_MARSHALING_DEFINES +#if !USE_MARSHALING_DEFINES +TPM_RC +TPMS_SIGNATURE_ECSCHNORR_Unmarshal(TPMS_SIGNATURE_ECSCHNORR *target, + BYTE **buffer, INT32 *size); +#else +#define TPMS_SIGNATURE_ECSCHNORR_Unmarshal(target, buffer, size) \ + TPMS_SIGNATURE_ECC_Unmarshal((TPMS_SIGNATURE_ECC *)(target), \ + (buffer), \ + (size)) +#endif // !USE_MARSHALING_DEFINES +#if !USE_MARSHALING_DEFINES +UINT16 +TPMS_SIGNATURE_ECSCHNORR_Marshal(TPMS_SIGNATURE_ECSCHNORR *source, + BYTE **buffer, INT32 *size); +#else +#define TPMS_SIGNATURE_ECSCHNORR_Marshal(source, buffer, size) \ + TPMS_SIGNATURE_ECC_Marshal((TPMS_SIGNATURE_ECC *)(source), \ + (buffer), \ + (size)) +#endif // !USE_MARSHALING_DEFINES +#endif // ALG_ECC + +// Table 2:184 - Definition of TPMU_SIGNATURE Union +TPM_RC +TPMU_SIGNATURE_Unmarshal(TPMU_SIGNATURE *target, + BYTE **buffer, INT32 *size, UINT32 selector); +UINT16 +TPMU_SIGNATURE_Marshal(TPMU_SIGNATURE *source, + BYTE **buffer, INT32 *size, UINT32 selector); + +// Table 2:185 - Definition of TPMT_SIGNATURE Structure +TPM_RC +TPMT_SIGNATURE_Unmarshal(TPMT_SIGNATURE *target, + BYTE **buffer, INT32 *size, BOOL flag); +UINT16 +TPMT_SIGNATURE_Marshal(TPMT_SIGNATURE *source, BYTE **buffer, INT32 *size); + +// Table 2:186 - Definition of TPMU_ENCRYPTED_SECRET Union +TPM_RC +TPMU_ENCRYPTED_SECRET_Unmarshal(TPMU_ENCRYPTED_SECRET *target, + BYTE **buffer, INT32 *size, UINT32 selector); +UINT16 +TPMU_ENCRYPTED_SECRET_Marshal(TPMU_ENCRYPTED_SECRET *source, + BYTE **buffer, INT32 *size, UINT32 selector); + +// Table 2:187 - Definition of TPM2B_ENCRYPTED_SECRET Structure +TPM_RC +TPM2B_ENCRYPTED_SECRET_Unmarshal(TPM2B_ENCRYPTED_SECRET *target, + BYTE **buffer, INT32 *size); +UINT16 +TPM2B_ENCRYPTED_SECRET_Marshal(TPM2B_ENCRYPTED_SECRET *source, + BYTE **buffer, INT32 *size); + +// Table 2:188 - Definition of TPMI_ALG_PUBLIC Type +TPM_RC +TPMI_ALG_PUBLIC_Unmarshal(TPMI_ALG_PUBLIC *target, BYTE **buffer, INT32 *size); +#if !USE_MARSHALING_DEFINES +UINT16 +TPMI_ALG_PUBLIC_Marshal(TPMI_ALG_PUBLIC *source, BYTE **buffer, INT32 *size); +#else +#define TPMI_ALG_PUBLIC_Marshal(source, buffer, size) \ + TPM_ALG_ID_Marshal((TPM_ALG_ID *)(source), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES + +// Table 2:189 - Definition of TPMU_PUBLIC_ID Union +TPM_RC +TPMU_PUBLIC_ID_Unmarshal(TPMU_PUBLIC_ID *target, + BYTE **buffer, INT32 *size, UINT32 selector); +UINT16 +TPMU_PUBLIC_ID_Marshal(TPMU_PUBLIC_ID *source, + BYTE **buffer, INT32 *size, UINT32 selector); + +// Table 2:190 - Definition of TPMS_KEYEDHASH_PARMS Structure +TPM_RC +TPMS_KEYEDHASH_PARMS_Unmarshal(TPMS_KEYEDHASH_PARMS *target, + BYTE **buffer, INT32 *size); +UINT16 +TPMS_KEYEDHASH_PARMS_Marshal(TPMS_KEYEDHASH_PARMS *source, + BYTE **buffer, INT32 *size); + +// Table 2:191 - Definition of TPMS_ASYM_PARMS Structure +// Table 2:192 - Definition of TPMS_RSA_PARMS Structure +#if ALG_RSA +TPM_RC +TPMS_RSA_PARMS_Unmarshal(TPMS_RSA_PARMS *target, BYTE **buffer, INT32 *size); +UINT16 +TPMS_RSA_PARMS_Marshal(TPMS_RSA_PARMS *source, BYTE **buffer, INT32 *size); +#endif // ALG_RSA + +// Table 2:193 - Definition of TPMS_ECC_PARMS Structure +#if ALG_ECC +TPM_RC +TPMS_ECC_PARMS_Unmarshal(TPMS_ECC_PARMS *target, BYTE **buffer, INT32 *size); +UINT16 +TPMS_ECC_PARMS_Marshal(TPMS_ECC_PARMS *source, BYTE **buffer, INT32 *size); +#endif // ALG_ECC + +// Table 2:194 - Definition of TPMU_PUBLIC_PARMS Union +TPM_RC +TPMU_PUBLIC_PARMS_Unmarshal(TPMU_PUBLIC_PARMS *target, + BYTE **buffer, INT32 *size, UINT32 selector); +UINT16 +TPMU_PUBLIC_PARMS_Marshal(TPMU_PUBLIC_PARMS *source, + BYTE **buffer, INT32 *size, UINT32 selector); + +// Table 2:195 - Definition of TPMT_PUBLIC_PARMS Structure +TPM_RC +TPMT_PUBLIC_PARMS_Unmarshal(TPMT_PUBLIC_PARMS *target, BYTE **buffer, INT32 *size); +UINT16 +TPMT_PUBLIC_PARMS_Marshal(TPMT_PUBLIC_PARMS *source, BYTE **buffer, INT32 *size); + +// Table 2:196 - Definition of TPMT_PUBLIC Structure +TPM_RC +TPMT_PUBLIC_Unmarshal(TPMT_PUBLIC *target, BYTE **buffer, INT32 *size, BOOL flag); +UINT16 +TPMT_PUBLIC_Marshal(TPMT_PUBLIC *source, BYTE **buffer, INT32 *size); + +// Table 2:197 - Definition of TPM2B_PUBLIC Structure +TPM_RC +TPM2B_PUBLIC_Unmarshal(TPM2B_PUBLIC *target, BYTE **buffer, INT32 *size, BOOL flag); +UINT16 +TPM2B_PUBLIC_Marshal(TPM2B_PUBLIC *source, BYTE **buffer, INT32 *size); + +// Table 2:198 - Definition of TPM2B_TEMPLATE Structure +TPM_RC +TPM2B_TEMPLATE_Unmarshal(TPM2B_TEMPLATE *target, BYTE **buffer, INT32 *size); +UINT16 +TPM2B_TEMPLATE_Marshal(TPM2B_TEMPLATE *source, BYTE **buffer, INT32 *size); + +// Table 2:199 - Definition of TPM2B_PRIVATE_VENDOR_SPECIFIC Structure +TPM_RC +TPM2B_PRIVATE_VENDOR_SPECIFIC_Unmarshal(TPM2B_PRIVATE_VENDOR_SPECIFIC *target, + BYTE **buffer, INT32 *size); +UINT16 +TPM2B_PRIVATE_VENDOR_SPECIFIC_Marshal(TPM2B_PRIVATE_VENDOR_SPECIFIC *source, + BYTE **buffer, INT32 *size); + +// Table 2:200 - Definition of TPMU_SENSITIVE_COMPOSITE Union +TPM_RC +TPMU_SENSITIVE_COMPOSITE_Unmarshal(TPMU_SENSITIVE_COMPOSITE *target, + BYTE **buffer, INT32 *size, UINT32 selector); +UINT16 +TPMU_SENSITIVE_COMPOSITE_Marshal(TPMU_SENSITIVE_COMPOSITE *source, + BYTE **buffer, INT32 *size, UINT32 selector); + +// Table 2:201 - Definition of TPMT_SENSITIVE Structure +TPM_RC +TPMT_SENSITIVE_Unmarshal(TPMT_SENSITIVE *target, BYTE **buffer, INT32 *size); +UINT16 +TPMT_SENSITIVE_Marshal(TPMT_SENSITIVE *source, BYTE **buffer, INT32 *size); + +// Table 2:202 - Definition of TPM2B_SENSITIVE Structure +TPM_RC +TPM2B_SENSITIVE_Unmarshal(TPM2B_SENSITIVE *target, BYTE **buffer, INT32 *size); +UINT16 +TPM2B_SENSITIVE_Marshal(TPM2B_SENSITIVE *source, BYTE **buffer, INT32 *size); + +// Table 2:203 - Definition of _PRIVATE Structure +// Table 2:204 - Definition of TPM2B_PRIVATE Structure +TPM_RC +TPM2B_PRIVATE_Unmarshal(TPM2B_PRIVATE *target, BYTE **buffer, INT32 *size); +UINT16 +TPM2B_PRIVATE_Marshal(TPM2B_PRIVATE *source, BYTE **buffer, INT32 *size); + +// Table 2:205 - Definition of TPMS_ID_OBJECT Structure +// Table 2:206 - Definition of TPM2B_ID_OBJECT Structure +TPM_RC +TPM2B_ID_OBJECT_Unmarshal(TPM2B_ID_OBJECT *target, BYTE **buffer, INT32 *size); +UINT16 +TPM2B_ID_OBJECT_Marshal(TPM2B_ID_OBJECT *source, BYTE **buffer, INT32 *size); + +// Table 2:207 - Definition of TPM_NV_INDEX Bits +#if !USE_MARSHALING_DEFINES +UINT16 +TPM_NV_INDEX_Marshal(TPM_NV_INDEX *source, BYTE **buffer, INT32 *size); +#else +#define TPM_NV_INDEX_Marshal(source, buffer, size) \ + UINT32_Marshal((UINT32 *)(source), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES + +// Table 2:208 - Definition of TPM_NT Constants +// Table 2:209 - Definition of TPMS_NV_PIN_COUNTER_PARAMETERS Structure +TPM_RC +TPMS_NV_PIN_COUNTER_PARAMETERS_Unmarshal(TPMS_NV_PIN_COUNTER_PARAMETERS *target, + BYTE **buffer, INT32 *size); +UINT16 +TPMS_NV_PIN_COUNTER_PARAMETERS_Marshal(TPMS_NV_PIN_COUNTER_PARAMETERS *source, + BYTE **buffer, INT32 *size); + +// Table 2:210 - Definition of TPMA_NV Bits +TPM_RC +TPMA_NV_Unmarshal(TPMA_NV *target, BYTE **buffer, INT32 *size); + +#if !USE_MARSHALING_DEFINES +UINT16 +TPMA_NV_Marshal(TPMA_NV *source, BYTE **buffer, INT32 *size); +#else +#define TPMA_NV_Marshal(source, buffer, size) \ + UINT32_Marshal((UINT32 *)(source), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES + +// Table 2:211 - Definition of TPMS_NV_PUBLIC Structure +TPM_RC +TPMS_NV_PUBLIC_Unmarshal(TPMS_NV_PUBLIC *target, BYTE **buffer, INT32 *size); +UINT16 +TPMS_NV_PUBLIC_Marshal(TPMS_NV_PUBLIC *source, BYTE **buffer, INT32 *size); + +// Table 2:212 - Definition of TPM2B_NV_PUBLIC Structure +TPM_RC +TPM2B_NV_PUBLIC_Unmarshal(TPM2B_NV_PUBLIC *target, BYTE **buffer, INT32 *size); +UINT16 +TPM2B_NV_PUBLIC_Marshal(TPM2B_NV_PUBLIC *source, BYTE **buffer, INT32 *size); + +// Table 2:213 - Definition of TPM2B_CONTEXT_SENSITIVE Structure +TPM_RC +TPM2B_CONTEXT_SENSITIVE_Unmarshal(TPM2B_CONTEXT_SENSITIVE *target, + BYTE **buffer, INT32 *size); +UINT16 +TPM2B_CONTEXT_SENSITIVE_Marshal(TPM2B_CONTEXT_SENSITIVE *source, + BYTE **buffer, INT32 *size); + +// Table 2:214 - Definition of TPMS_CONTEXT_DATA Structure +TPM_RC +TPMS_CONTEXT_DATA_Unmarshal(TPMS_CONTEXT_DATA *target, BYTE **buffer, INT32 *size); +UINT16 +TPMS_CONTEXT_DATA_Marshal(TPMS_CONTEXT_DATA *source, BYTE **buffer, INT32 *size); + +// Table 2:215 - Definition of TPM2B_CONTEXT_DATA Structure +TPM_RC +TPM2B_CONTEXT_DATA_Unmarshal(TPM2B_CONTEXT_DATA *target, + BYTE **buffer, INT32 *size); +UINT16 +TPM2B_CONTEXT_DATA_Marshal(TPM2B_CONTEXT_DATA *source, BYTE **buffer, INT32 *size); + +// Table 2:216 - Definition of TPMS_CONTEXT Structure +TPM_RC +TPMS_CONTEXT_Unmarshal(TPMS_CONTEXT *target, BYTE **buffer, INT32 *size); +UINT16 +TPMS_CONTEXT_Marshal(TPMS_CONTEXT *source, BYTE **buffer, INT32 *size); + +// Table 2:218 - Definition of TPMS_CREATION_DATA Structure +UINT16 +TPMS_CREATION_DATA_Marshal(TPMS_CREATION_DATA *source, BYTE **buffer, INT32 *size); + +// Table 2:219 - Definition of TPM2B_CREATION_DATA Structure +UINT16 +TPM2B_CREATION_DATA_Marshal(TPM2B_CREATION_DATA *source, + BYTE **buffer, INT32 *size); + +// Table 2:220 - Definition of TPM_AT Constants +TPM_RC +TPM_AT_Unmarshal(TPM_AT *target, BYTE **buffer, INT32 *size); +#if !USE_MARSHALING_DEFINES +UINT16 +TPM_AT_Marshal(TPM_AT *source, BYTE **buffer, INT32 *size); +#else +#define TPM_AT_Marshal(source, buffer, size) \ + UINT32_Marshal((UINT32 *)(source), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES + +// Table 2:221 - Definition of TPM_AE Constants +#if !USE_MARSHALING_DEFINES +UINT16 +TPM_AE_Marshal(TPM_AE *source, BYTE **buffer, INT32 *size); +#else +#define TPM_AE_Marshal(source, buffer, size) \ + UINT32_Marshal((UINT32 *)(source), (buffer), (size)) +#endif // !USE_MARSHALING_DEFINES + +// Table 2:222 - Definition of TPMS_AC_OUTPUT Structure +UINT16 +TPMS_AC_OUTPUT_Marshal(TPMS_AC_OUTPUT *source, BYTE **buffer, INT32 *size); + +// Table 2:223 - Definition of TPML_AC_CAPABILITIES Structure +UINT16 +TPML_AC_CAPABILITIES_Marshal(TPML_AC_CAPABILITIES *source, + BYTE **buffer, INT32 *size); + +// Array Marshal/Unmarshal for BYTE +TPM_RC +BYTE_Array_Unmarshal(BYTE *target, BYTE **buffer, INT32 *size, INT32 count); +UINT16 +BYTE_Array_Marshal(BYTE *source, BYTE **buffer, INT32 *size, INT32 count); + +// Array Marshal/Unmarshal for TPM2B_DIGEST +TPM_RC +TPM2B_DIGEST_Array_Unmarshal(TPM2B_DIGEST *target, + BYTE **buffer, INT32 *size, INT32 count); +UINT16 +TPM2B_DIGEST_Array_Marshal(TPM2B_DIGEST *source, + BYTE **buffer, INT32 *size, INT32 count); + +// Array Marshal for TPMA_CC +UINT16 +TPMA_CC_Array_Marshal(TPMA_CC *source, BYTE **buffer, INT32 *size, INT32 count); + +// Array Marshal for TPMS_AC_OUTPUT +UINT16 +TPMS_AC_OUTPUT_Array_Marshal(TPMS_AC_OUTPUT *source, + BYTE **buffer, INT32 *size, INT32 count); + +// Array Marshal for TPMS_ALG_PROPERTY +UINT16 +TPMS_ALG_PROPERTY_Array_Marshal(TPMS_ALG_PROPERTY *source, + BYTE **buffer, INT32 *size, INT32 count); + +// Array Marshal/Unmarshal for TPMS_PCR_SELECTION +TPM_RC +TPMS_PCR_SELECTION_Array_Unmarshal(TPMS_PCR_SELECTION *target, + BYTE **buffer, INT32 *size, INT32 count); +UINT16 +TPMS_PCR_SELECTION_Array_Marshal(TPMS_PCR_SELECTION *source, + BYTE **buffer, INT32 *size, INT32 count); + +// Array Marshal for TPMS_TAGGED_PCR_SELECT +UINT16 +TPMS_TAGGED_PCR_SELECT_Array_Marshal(TPMS_TAGGED_PCR_SELECT *source, + BYTE **buffer, INT32 *size, INT32 count); + +// Array Marshal for TPMS_TAGGED_POLICY +UINT16 +TPMS_TAGGED_POLICY_Array_Marshal(TPMS_TAGGED_POLICY *source, + BYTE **buffer, INT32 *size, INT32 count); + +// Array Marshal for TPMS_TAGGED_PROPERTY +UINT16 +TPMS_TAGGED_PROPERTY_Array_Marshal(TPMS_TAGGED_PROPERTY *source, + BYTE **buffer, INT32 *size, INT32 count); + +// Array Marshal/Unmarshal for TPMT_HA +TPM_RC +TPMT_HA_Array_Unmarshal(TPMT_HA *target, + BYTE **buffer, INT32 *size, BOOL flag, INT32 count); +UINT16 +TPMT_HA_Array_Marshal(TPMT_HA *source, BYTE **buffer, INT32 *size, INT32 count); + +// Array Marshal/Unmarshal for TPM_ALG_ID +TPM_RC +TPM_ALG_ID_Array_Unmarshal(TPM_ALG_ID *target, + BYTE **buffer, INT32 *size, INT32 count); +UINT16 +TPM_ALG_ID_Array_Marshal(TPM_ALG_ID *source, + BYTE **buffer, INT32 *size, INT32 count); + +// Array Marshal/Unmarshal for TPM_CC +TPM_RC +TPM_CC_Array_Unmarshal(TPM_CC *target, BYTE **buffer, INT32 *size, INT32 count); +UINT16 +TPM_CC_Array_Marshal(TPM_CC *source, BYTE **buffer, INT32 *size, INT32 count); + +// Array Marshal/Unmarshal for TPM_ECC_CURVE +#if ALG_ECC +TPM_RC +TPM_ECC_CURVE_Array_Unmarshal(TPM_ECC_CURVE *target, + BYTE **buffer, INT32 *size, INT32 count); +UINT16 +TPM_ECC_CURVE_Array_Marshal(TPM_ECC_CURVE *source, + BYTE **buffer, INT32 *size, INT32 count); +#endif // ALG_ECC + +// Array Marshal/Unmarshal for TPM_HANDLE +TPM_RC +TPM_HANDLE_Array_Unmarshal(TPM_HANDLE *target, + BYTE **buffer, INT32 *size, INT32 count); +UINT16 +TPM_HANDLE_Array_Marshal(TPM_HANDLE *source, + BYTE **buffer, INT32 *size, INT32 count); +#endif // _MARSHAL_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/MathOnByteBuffers_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/MathOnByteBuffers_fp.h new file mode 100644 index 000000000..57e58b3e0 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/MathOnByteBuffers_fp.h @@ -0,0 +1,147 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Mar 28, 2019 Time: 08:25:19PM + */ + +#ifndef _MATH_ON_BYTE_BUFFERS_FP_H_ +#define _MATH_ON_BYTE_BUFFERS_FP_H_ + +//*** UnsignedCmpB +// This function compare two unsigned values. The values are byte-aligned, +// big-endian numbers (e.g, a hash). +// Return Type: int +// 1 if (a > b) +// 0 if (a = b) +// -1 if (a < b) +LIB_EXPORT int +UnsignedCompareB( + UINT32 aSize, // IN: size of a + const BYTE *a, // IN: a + UINT32 bSize, // IN: size of b + const BYTE *b // IN: b +); + +//***SignedCompareB() +// Compare two signed integers: +// Return Type: int +// 1 if a > b +// 0 if a = b +// -1 if a < b +int +SignedCompareB( + const UINT32 aSize, // IN: size of a + const BYTE *a, // IN: a buffer + const UINT32 bSize, // IN: size of b + const BYTE *b // IN: b buffer +); + +//*** ModExpB +// This function is used to do modular exponentiation in support of RSA. +// The most typical uses are: 'c' = 'm'^'e' mod 'n' (RSA encrypt) and +// 'm' = 'c'^'d' mod 'n' (RSA decrypt). When doing decryption, the 'e' parameter +// of the function will contain the private exponent 'd' instead of the public +// exponent 'e'. +// +// If the results will not fit in the provided buffer, +// an error is returned (CRYPT_ERROR_UNDERFLOW). If the results is smaller +// than the buffer, the results is de-normalized. +// +// This version is intended for use with RSA and requires that 'm' be +// less than 'n'. +// +// Return Type: TPM_RC +// TPM_RC_SIZE number to exponentiate is larger than the modulus +// TPM_RC_NO_RESULT result will not fit into the provided buffer +// +TPM_RC +ModExpB( + UINT32 cSize, // IN: the size of the output buffer. It will + // need to be the same size as the modulus + BYTE *c, // OUT: the buffer to receive the results + // (c->size must be set to the maximum size + // for the returned value) + const UINT32 mSize, + const BYTE *m, // IN: number to exponentiate + const UINT32 eSize, + const BYTE *e, // IN: power + const UINT32 nSize, + const BYTE *n // IN: modulus +); + +//*** DivideB() +// Divide an integer ('n') by an integer ('d') producing a quotient ('q') and +// a remainder ('r'). If 'q' or 'r' is not needed, then the pointer to them +// may be set to NULL. +// +// Return Type: TPM_RC +// TPM_RC_NO_RESULT 'q' or 'r' is too small to receive the result +// +LIB_EXPORT TPM_RC +DivideB( + const TPM2B *n, // IN: numerator + const TPM2B *d, // IN: denominator + TPM2B *q, // OUT: quotient + TPM2B *r // OUT: remainder +); + +//*** AdjustNumberB() +// Remove/add leading zeros from a number in a TPM2B. Will try to make the number +// by adding or removing leading zeros. If the number is larger than the requested +// size, it will make the number as small as possible. Setting 'requestedSize' to +// zero is equivalent to requesting that the number be normalized. +UINT16 +AdjustNumberB( + TPM2B *num, + UINT16 requestedSize +); + +//*** ShiftLeft() +// This function shifts a byte buffer (a TPM2B) one byte to the left. That is, +// the most significant bit of the most significant byte is lost. +TPM2B * +ShiftLeft( + TPM2B *value // IN/OUT: value to shift and shifted value out +); + +//*** IsNumeric() +// Verifies that all the characters are simple numeric (0-9) +BOOL +IsNumeric( + TPM2B *value +); + +#endif // _MATH_ON_BYTE_BUFFERS_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Memory_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Memory_fp.h new file mode 100644 index 000000000..42f4c5845 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Memory_fp.h @@ -0,0 +1,179 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Apr 7, 2019 Time: 06:58:58PM + */ + +#ifndef _MEMORY_FP_H_ +#define _MEMORY_FP_H_ + +//*** MemoryCopy() +// This is an alias for memmove. This is used in place of memcpy because +// some of the moves may overlap and rather than try to make sure that +// memmove is used when necessary, it is always used. +void +MemoryCopy( + void *dest, + const void *src, + int sSize +); + +//*** MemoryEqual() +// This function indicates if two buffers have the same values in the indicated +// number of bytes. +// Return Type: BOOL +// TRUE(1) all octets are the same +// FALSE(0) all octets are not the same +BOOL +MemoryEqual( + const void *buffer1, // IN: compare buffer1 + const void *buffer2, // IN: compare buffer2 + unsigned int size // IN: size of bytes being compared +); + +//*** MemoryCopy2B() +// This function copies a TPM2B. This can be used when the TPM2B types are +// the same or different. +// +// This function returns the number of octets in the data buffer of the TPM2B. +LIB_EXPORT INT16 +MemoryCopy2B( + TPM2B *dest, // OUT: receiving TPM2B + const TPM2B *source, // IN: source TPM2B + unsigned int dSize // IN: size of the receiving buffer +); + +//*** MemoryConcat2B() +// This function will concatenate the buffer contents of a TPM2B to an +// the buffer contents of another TPM2B and adjust the size accordingly +// ('a' := ('a' | 'b')). +void +MemoryConcat2B( + TPM2B *aInOut, // IN/OUT: destination 2B + TPM2B *bIn, // IN: second 2B + unsigned int aMaxSize // IN: The size of aInOut.buffer (max values for + // aInOut.size) +); + +//*** MemoryEqual2B() +// This function will compare two TPM2B structures. To be equal, they +// need to be the same size and the buffer contexts need to be the same +// in all octets. +// Return Type: BOOL +// TRUE(1) size and buffer contents are the same +// FALSE(0) size or buffer contents are not the same +BOOL +MemoryEqual2B( + const TPM2B *aIn, // IN: compare value + const TPM2B *bIn // IN: compare value +); + +//*** MemorySet() +// This function will set all the octets in the specified memory range to +// the specified octet value. +// Note: A previous version had an additional parameter (dSize) that was +// intended to make sure that the destination would not be overrun. The +// problem is that, in use, all that was happening was that the value of +// size was used for dSize so there was no benefit in the extra parameter. +void +MemorySet( + void *dest, + int value, + size_t size +); + +//*** MemoryPad2B() +// Function to pad a TPM2B with zeros and adjust the size. +void +MemoryPad2B( + TPM2B *b, + UINT16 newSize +); + +//*** Uint16ToByteArray() +// Function to write an integer to a byte array +void +Uint16ToByteArray( + UINT16 i, + BYTE *a +); + +//*** Uint32ToByteArray() +// Function to write an integer to a byte array +void +Uint32ToByteArray( + UINT32 i, + BYTE *a +); + +//*** Uint64ToByteArray() +// Function to write an integer to a byte array +void +Uint64ToByteArray( + UINT64 i, + BYTE *a +); + +//*** ByteArrayToUint8() +// Function to write a UINT8 to a byte array. This is included for completeness +// and to allow certain macro expansions +UINT8 +ByteArrayToUint8( + BYTE *a +); + +//*** ByteArrayToUint16() +// Function to write an integer to a byte array +UINT16 +ByteArrayToUint16( + BYTE *a +); + +//*** ByteArrayToUint32() +// Function to write an integer to a byte array +UINT32 +ByteArrayToUint32( + BYTE *a +); + +//*** ByteArrayToUint64() +// Function to write an integer to a byte array +UINT64 +ByteArrayToUint64( + BYTE *a +); + +#endif // _MEMORY_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_Certify_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_Certify_fp.h new file mode 100644 index 000000000..764e15e1a --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_Certify_fp.h @@ -0,0 +1,79 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_NV_Certify // Command must be enabled + +#ifndef _NV_Certify_FP_H_ +#define _NV_Certify_FP_H_ + +// Input structure definition +typedef struct { + TPMI_DH_OBJECT signHandle; + TPMI_RH_NV_AUTH authHandle; + TPMI_RH_NV_INDEX nvIndex; + TPM2B_DATA qualifyingData; + TPMT_SIG_SCHEME inScheme; + UINT16 size; + UINT16 offset; +} NV_Certify_In; + +// Output structure definition +typedef struct { + TPM2B_ATTEST certifyInfo; + TPMT_SIGNATURE signature; +} NV_Certify_Out; + +// Response code modifiers +#define RC_NV_Certify_signHandle (TPM_RC_H + TPM_RC_1) +#define RC_NV_Certify_authHandle (TPM_RC_H + TPM_RC_2) +#define RC_NV_Certify_nvIndex (TPM_RC_H + TPM_RC_3) +#define RC_NV_Certify_qualifyingData (TPM_RC_P + TPM_RC_1) +#define RC_NV_Certify_inScheme (TPM_RC_P + TPM_RC_2) +#define RC_NV_Certify_size (TPM_RC_P + TPM_RC_3) +#define RC_NV_Certify_offset (TPM_RC_P + TPM_RC_4) + +// Function prototype +TPM_RC +TPM2_NV_Certify( + NV_Certify_In *in, + NV_Certify_Out *out +); + +#endif // _NV_Certify_FP_H_ +#endif // CC_NV_Certify diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_ChangeAuth_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_ChangeAuth_fp.h new file mode 100644 index 000000000..d0620d416 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_ChangeAuth_fp.h @@ -0,0 +1,62 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_NV_ChangeAuth // Command must be enabled + +#ifndef _NV_Change_Auth_FP_H_ +#define _NV_Change_Auth_FP_H_ + +// Input structure definition +typedef struct { + TPMI_RH_NV_INDEX nvIndex; + TPM2B_AUTH newAuth; +} NV_ChangeAuth_In; + +// Response code modifiers +#define RC_NV_ChangeAuth_nvIndex (TPM_RC_H + TPM_RC_1) +#define RC_NV_ChangeAuth_newAuth (TPM_RC_P + TPM_RC_1) + +// Function prototype +TPM_RC +TPM2_NV_ChangeAuth( + NV_ChangeAuth_In *in +); + +#endif // _NV_Change_Auth_FP_H_ +#endif // CC_NV_ChangeAuth diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_DefineSpace_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_DefineSpace_fp.h new file mode 100644 index 000000000..742702fdd --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_DefineSpace_fp.h @@ -0,0 +1,64 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_NV_DefineSpace // Command must be enabled + +#ifndef _NV_Define_Space_FP_H_ +#define _NV_Define_Space_FP_H_ + +// Input structure definition +typedef struct { + TPMI_RH_PROVISION authHandle; + TPM2B_AUTH auth; + TPM2B_NV_PUBLIC publicInfo; +} NV_DefineSpace_In; + +// Response code modifiers +#define RC_NV_DefineSpace_authHandle (TPM_RC_H + TPM_RC_1) +#define RC_NV_DefineSpace_auth (TPM_RC_P + TPM_RC_1) +#define RC_NV_DefineSpace_publicInfo (TPM_RC_P + TPM_RC_2) + +// Function prototype +TPM_RC +TPM2_NV_DefineSpace( + NV_DefineSpace_In *in +); + +#endif // _NV_Define_Space_FP_H_ +#endif // CC_NV_DefineSpace diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_Extend_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_Extend_fp.h new file mode 100644 index 000000000..6913fcd99 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_Extend_fp.h @@ -0,0 +1,64 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_NV_Extend // Command must be enabled + +#ifndef _NV_Extend_FP_H_ +#define _NV_Extend_FP_H_ + +// Input structure definition +typedef struct { + TPMI_RH_NV_AUTH authHandle; + TPMI_RH_NV_INDEX nvIndex; + TPM2B_MAX_NV_BUFFER data; +} NV_Extend_In; + +// Response code modifiers +#define RC_NV_Extend_authHandle (TPM_RC_H + TPM_RC_1) +#define RC_NV_Extend_nvIndex (TPM_RC_H + TPM_RC_2) +#define RC_NV_Extend_data (TPM_RC_P + TPM_RC_1) + +// Function prototype +TPM_RC +TPM2_NV_Extend( + NV_Extend_In *in +); + +#endif // _NV_Extend_FP_H_ +#endif // CC_NV_Extend diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_GlobalWriteLock_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_GlobalWriteLock_fp.h new file mode 100644 index 000000000..cd11e9320 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_GlobalWriteLock_fp.h @@ -0,0 +1,60 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_NV_GlobalWriteLock // Command must be enabled + +#ifndef _NV_Global_Write_Lock_FP_H_ +#define _NV_Global_Write_Lock_FP_H_ + +// Input structure definition +typedef struct { + TPMI_RH_PROVISION authHandle; +} NV_GlobalWriteLock_In; + +// Response code modifiers +#define RC_NV_GlobalWriteLock_authHandle (TPM_RC_H + TPM_RC_1) + +// Function prototype +TPM_RC +TPM2_NV_GlobalWriteLock( + NV_GlobalWriteLock_In *in +); + +#endif // _NV_Global_Write_Lock_FP_H_ +#endif // CC_NV_GlobalWriteLock diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_Increment_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_Increment_fp.h new file mode 100644 index 000000000..51441befc --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_Increment_fp.h @@ -0,0 +1,62 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_NV_Increment // Command must be enabled + +#ifndef _NV_Increment_FP_H_ +#define _NV_Increment_FP_H_ + +// Input structure definition +typedef struct { + TPMI_RH_NV_AUTH authHandle; + TPMI_RH_NV_INDEX nvIndex; +} NV_Increment_In; + +// Response code modifiers +#define RC_NV_Increment_authHandle (TPM_RC_H + TPM_RC_1) +#define RC_NV_Increment_nvIndex (TPM_RC_H + TPM_RC_2) + +// Function prototype +TPM_RC +TPM2_NV_Increment( + NV_Increment_In *in +); + +#endif // _NV_Increment_FP_H_ +#endif // CC_NV_Increment diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_ReadLock_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_ReadLock_fp.h new file mode 100644 index 000000000..8687f6ac4 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_ReadLock_fp.h @@ -0,0 +1,62 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_NV_ReadLock // Command must be enabled + +#ifndef _NV_Read_Lock_FP_H_ +#define _NV_Read_Lock_FP_H_ + +// Input structure definition +typedef struct { + TPMI_RH_NV_AUTH authHandle; + TPMI_RH_NV_INDEX nvIndex; +} NV_ReadLock_In; + +// Response code modifiers +#define RC_NV_ReadLock_authHandle (TPM_RC_H + TPM_RC_1) +#define RC_NV_ReadLock_nvIndex (TPM_RC_H + TPM_RC_2) + +// Function prototype +TPM_RC +TPM2_NV_ReadLock( + NV_ReadLock_In *in +); + +#endif // _NV_Read_Lock_FP_H_ +#endif // CC_NV_ReadLock diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_ReadPublic_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_ReadPublic_fp.h new file mode 100644 index 000000000..90e439677 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_ReadPublic_fp.h @@ -0,0 +1,67 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_NV_ReadPublic // Command must be enabled + +#ifndef _NV_Read_Public_FP_H_ +#define _NV_Read_Public_FP_H_ + +// Input structure definition +typedef struct { + TPMI_RH_NV_INDEX nvIndex; +} NV_ReadPublic_In; + +// Output structure definition +typedef struct { + TPM2B_NV_PUBLIC nvPublic; + TPM2B_NAME nvName; +} NV_ReadPublic_Out; + +// Response code modifiers +#define RC_NV_ReadPublic_nvIndex (TPM_RC_H + TPM_RC_1) + +// Function prototype +TPM_RC +TPM2_NV_ReadPublic( + NV_ReadPublic_In *in, + NV_ReadPublic_Out *out +); + +#endif // _NV_Read_Public_FP_H_ +#endif // CC_NV_ReadPublic diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_Read_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_Read_fp.h new file mode 100644 index 000000000..384eecff0 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_Read_fp.h @@ -0,0 +1,72 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_NV_Read // Command must be enabled + +#ifndef _NV_Read_FP_H_ +#define _NV_Read_FP_H_ + +// Input structure definition +typedef struct { + TPMI_RH_NV_AUTH authHandle; + TPMI_RH_NV_INDEX nvIndex; + UINT16 size; + UINT16 offset; +} NV_Read_In; + +// Output structure definition +typedef struct { + TPM2B_MAX_NV_BUFFER data; +} NV_Read_Out; + +// Response code modifiers +#define RC_NV_Read_authHandle (TPM_RC_H + TPM_RC_1) +#define RC_NV_Read_nvIndex (TPM_RC_H + TPM_RC_2) +#define RC_NV_Read_size (TPM_RC_P + TPM_RC_1) +#define RC_NV_Read_offset (TPM_RC_P + TPM_RC_2) + +// Function prototype +TPM_RC +TPM2_NV_Read( + NV_Read_In *in, + NV_Read_Out *out +); + +#endif // _NV_Read_FP_H_ +#endif // CC_NV_Read diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_SetBits_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_SetBits_fp.h new file mode 100644 index 000000000..fee30fbea --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_SetBits_fp.h @@ -0,0 +1,64 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_NV_SetBits // Command must be enabled + +#ifndef _NV_Set_Bits_FP_H_ +#define _NV_Set_Bits_FP_H_ + +// Input structure definition +typedef struct { + TPMI_RH_NV_AUTH authHandle; + TPMI_RH_NV_INDEX nvIndex; + UINT64 bits; +} NV_SetBits_In; + +// Response code modifiers +#define RC_NV_SetBits_authHandle (TPM_RC_H + TPM_RC_1) +#define RC_NV_SetBits_nvIndex (TPM_RC_H + TPM_RC_2) +#define RC_NV_SetBits_bits (TPM_RC_P + TPM_RC_1) + +// Function prototype +TPM_RC +TPM2_NV_SetBits( + NV_SetBits_In *in +); + +#endif // _NV_Set_Bits_FP_H_ +#endif // CC_NV_SetBits diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_UndefineSpaceSpecial_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_UndefineSpaceSpecial_fp.h new file mode 100644 index 000000000..d99b64033 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_UndefineSpaceSpecial_fp.h @@ -0,0 +1,62 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_NV_UndefineSpaceSpecial // Command must be enabled + +#ifndef _NV_Undefine_Space_Special_FP_H_ +#define _NV_Undefine_Space_Special_FP_H_ + +// Input structure definition +typedef struct { + TPMI_RH_NV_INDEX nvIndex; + TPMI_RH_PLATFORM platform; +} NV_UndefineSpaceSpecial_In; + +// Response code modifiers +#define RC_NV_UndefineSpaceSpecial_nvIndex (TPM_RC_H + TPM_RC_1) +#define RC_NV_UndefineSpaceSpecial_platform (TPM_RC_H + TPM_RC_2) + +// Function prototype +TPM_RC +TPM2_NV_UndefineSpaceSpecial( + NV_UndefineSpaceSpecial_In *in +); + +#endif // _NV_Undefine_Space_Special_FP_H_ +#endif // CC_NV_UndefineSpaceSpecial diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_UndefineSpace_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_UndefineSpace_fp.h new file mode 100644 index 000000000..217d17c84 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_UndefineSpace_fp.h @@ -0,0 +1,62 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_NV_UndefineSpace // Command must be enabled + +#ifndef _NV_Undefine_Space_FP_H_ +#define _NV_Undefine_Space_FP_H_ + +// Input structure definition +typedef struct { + TPMI_RH_PROVISION authHandle; + TPMI_RH_NV_INDEX nvIndex; +} NV_UndefineSpace_In; + +// Response code modifiers +#define RC_NV_UndefineSpace_authHandle (TPM_RC_H + TPM_RC_1) +#define RC_NV_UndefineSpace_nvIndex (TPM_RC_H + TPM_RC_2) + +// Function prototype +TPM_RC +TPM2_NV_UndefineSpace( + NV_UndefineSpace_In *in +); + +#endif // _NV_Undefine_Space_FP_H_ +#endif // CC_NV_UndefineSpace diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_WriteLock_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_WriteLock_fp.h new file mode 100644 index 000000000..af640c838 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_WriteLock_fp.h @@ -0,0 +1,62 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_NV_WriteLock // Command must be enabled + +#ifndef _NV_Write_Lock_FP_H_ +#define _NV_Write_Lock_FP_H_ + +// Input structure definition +typedef struct { + TPMI_RH_NV_AUTH authHandle; + TPMI_RH_NV_INDEX nvIndex; +} NV_WriteLock_In; + +// Response code modifiers +#define RC_NV_WriteLock_authHandle (TPM_RC_H + TPM_RC_1) +#define RC_NV_WriteLock_nvIndex (TPM_RC_H + TPM_RC_2) + +// Function prototype +TPM_RC +TPM2_NV_WriteLock( + NV_WriteLock_In *in +); + +#endif // _NV_Write_Lock_FP_H_ +#endif // CC_NV_WriteLock diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_Write_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_Write_fp.h new file mode 100644 index 000000000..c4bfb28d8 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_Write_fp.h @@ -0,0 +1,66 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_NV_Write // Command must be enabled + +#ifndef _NV_Write_FP_H_ +#define _NV_Write_FP_H_ + +// Input structure definition +typedef struct { + TPMI_RH_NV_AUTH authHandle; + TPMI_RH_NV_INDEX nvIndex; + TPM2B_MAX_NV_BUFFER data; + UINT16 offset; +} NV_Write_In; + +// Response code modifiers +#define RC_NV_Write_authHandle (TPM_RC_H + TPM_RC_1) +#define RC_NV_Write_nvIndex (TPM_RC_H + TPM_RC_2) +#define RC_NV_Write_data (TPM_RC_P + TPM_RC_1) +#define RC_NV_Write_offset (TPM_RC_P + TPM_RC_2) + +// Function prototype +TPM_RC +TPM2_NV_Write( + NV_Write_In *in +); + +#endif // _NV_Write_FP_H_ +#endif // CC_NV_Write diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_spt_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_spt_fp.h new file mode 100644 index 000000000..0844f2dad --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_spt_fp.h @@ -0,0 +1,93 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Mar 28, 2019 Time: 08:25:18PM + */ + +#ifndef _NV_SPT_FP_H_ +#define _NV_SPT_FP_H_ + +//*** NvReadAccessChecks() +// Common routine for validating a read +// Used by TPM2_NV_Read, TPM2_NV_ReadLock and TPM2_PolicyNV +// Return Type: TPM_RC +// TPM_RC_NV_AUTHORIZATION autHandle is not allowed to authorize read +// of the index +// TPM_RC_NV_LOCKED Read locked +// TPM_RC_NV_UNINITIALIZED Try to read an uninitialized index +// +TPM_RC +NvReadAccessChecks( + TPM_HANDLE authHandle, // IN: the handle that provided the + // authorization + TPM_HANDLE nvHandle, // IN: the handle of the NV index to be read + TPMA_NV attributes // IN: the attributes of 'nvHandle' +); + +//*** NvWriteAccessChecks() +// Common routine for validating a write +// Used by TPM2_NV_Write, TPM2_NV_Increment, TPM2_SetBits, and TPM2_NV_WriteLock +// Return Type: TPM_RC +// TPM_RC_NV_AUTHORIZATION Authorization fails +// TPM_RC_NV_LOCKED Write locked +// +TPM_RC +NvWriteAccessChecks( + TPM_HANDLE authHandle, // IN: the handle that provided the + // authorization + TPM_HANDLE nvHandle, // IN: the handle of the NV index to be written + TPMA_NV attributes // IN: the attributes of 'nvHandle' +); + +//*** NvClearOrderly() +// This function is used to cause gp.orderlyState to be cleared to the +// non-orderly state. +TPM_RC +NvClearOrderly( + void +); + +//*** NvIsPinPassIndex() +// Function to check to see if an NV index is a PIN Pass Index +// Return Type: BOOL +// TRUE(1) is pin pass +// FALSE(0) is not pin pass +BOOL +NvIsPinPassIndex( + TPM_HANDLE index // IN: Handle to check +); + +#endif // _NV_SPT_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NvDynamic_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NvDynamic_fp.h new file mode 100644 index 000000000..8c9b34e9b --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NvDynamic_fp.h @@ -0,0 +1,474 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Apr 7, 2019 Time: 06:58:58PM + */ + +#ifndef _NV_DYNAMIC_FP_H_ +#define _NV_DYNAMIC_FP_H_ + +//*** NvWriteNvListEnd() +// Function to write the list terminator. +NV_REF +NvWriteNvListEnd( + NV_REF end +); + +//*** NvUpdateIndexOrderlyData() +// This function is used to cause an update of the orderly data to the NV backing +// store. +void +NvUpdateIndexOrderlyData( + void +); + +//*** NvReadIndex() +// This function is used to read the NV Index NV_INDEX. This is used so that the +// index information can be compressed and only this function would be needed +// to decompress it. Mostly, compression would only be able to save the space +// needed by the policy. +void +NvReadNvIndexInfo( + NV_REF ref, // IN: points to NV where index is located + NV_INDEX *nvIndex // OUT: place to receive index data +); + +//*** NvReadObject() +// This function is used to read a persistent object. This is used so that the +// object information can be compressed and only this function would be needed +// to uncompress it. +void +NvReadObject( + NV_REF ref, // IN: points to NV where index is located + OBJECT *object // OUT: place to receive the object data +); + +//*** NvIndexIsDefined() +// See if an index is already defined +BOOL +NvIndexIsDefined( + TPM_HANDLE nvHandle // IN: Index to look for +); + +//*** NvIsPlatformPersistentHandle() +// This function indicates if a handle references a persistent object in the +// range belonging to the platform. +// Return Type: BOOL +// TRUE(1) handle references a platform persistent object +// and may reference an owner persistent object either +// FALSE(0) handle does not reference platform persistent object +BOOL +NvIsPlatformPersistentHandle( + TPM_HANDLE handle // IN: handle +); + +//*** NvIsOwnerPersistentHandle() +// This function indicates if a handle references a persistent object in the +// range belonging to the owner. +// Return Type: BOOL +// TRUE(1) handle is owner persistent handle +// FALSE(0) handle is not owner persistent handle and may not be +// a persistent handle at all +BOOL +NvIsOwnerPersistentHandle( + TPM_HANDLE handle // IN: handle +); + +//*** NvIndexIsAccessible() +// +// This function validates that a handle references a defined NV Index and +// that the Index is currently accessible. +// Return Type: TPM_RC +// TPM_RC_HANDLE the handle points to an undefined NV Index +// If shEnable is CLEAR, this would include an index +// created using ownerAuth. If phEnableNV is CLEAR, +// this would include and index created using +// platformAuth +// TPM_RC_NV_READLOCKED Index is present but locked for reading and command +// does not write to the index +// TPM_RC_NV_WRITELOCKED Index is present but locked for writing and command +// writes to the index +TPM_RC +NvIndexIsAccessible( + TPMI_RH_NV_INDEX handle // IN: handle +); + +//*** NvGetEvictObject() +// This function is used to dereference an evict object handle and get a pointer +// to the object. +// Return Type: TPM_RC +// TPM_RC_HANDLE the handle does not point to an existing +// persistent object +TPM_RC +NvGetEvictObject( + TPM_HANDLE handle, // IN: handle + OBJECT *object // OUT: object data +); + +//*** NvIndexCacheInit() +// Function to initialize the Index cache +void +NvIndexCacheInit( + void +); + +//*** NvGetIndexData() +// This function is used to access the data in an NV Index. The data is returned +// as a byte sequence. +// +// This function requires that the NV Index be defined, and that the +// required data is within the data range. It also requires that TPMA_NV_WRITTEN +// of the Index is SET. +void +NvGetIndexData( + NV_INDEX *nvIndex, // IN: the in RAM index descriptor + NV_REF locator, // IN: where the data is located + UINT32 offset, // IN: offset of NV data + UINT16 size, // IN: number of octets of NV data to read + void *data // OUT: data buffer +); + +//*** NvHashIndexData() +// This function adds Index data to a hash. It does this in parts to avoid large stack +// buffers. +void +NvHashIndexData( + HASH_STATE *hashState, // IN: Initialized hash state + NV_INDEX *nvIndex, // IN: Index + NV_REF locator, // IN: where the data is located + UINT32 offset, // IN: starting offset + UINT16 size // IN: amount to hash +); + +//*** NvGetUINT64Data() +// Get data in integer format of a bit or counter NV Index. +// +// This function requires that the NV Index is defined and that the NV Index +// previously has been written. +UINT64 +NvGetUINT64Data( + NV_INDEX *nvIndex, // IN: the in RAM index descriptor + NV_REF locator // IN: where index exists in NV +); + +//*** NvWriteIndexAttributes() +// This function is used to write just the attributes of an index. +// Return type: TPM_RC +// TPM_RC_NV_RATE NV is rate limiting so retry +// TPM_RC_NV_UNAVAILABLE NV is not available +TPM_RC +NvWriteIndexAttributes( + TPM_HANDLE handle, + NV_REF locator, // IN: location of the index + TPMA_NV attributes // IN: attributes to write +); + +//*** NvWriteIndexAuth() +// This function is used to write the authValue of an index. It is used by +// TPM2_NV_ChangeAuth() +// Return type: TPM_RC +// TPM_RC_NV_RATE NV is rate limiting so retry +// TPM_RC_NV_UNAVAILABLE NV is not available +TPM_RC +NvWriteIndexAuth( + NV_REF locator, // IN: location of the index + TPM2B_AUTH *authValue // IN: the authValue to write +); + +//*** NvGetIndexInfo() +// This function loads the nvIndex Info into the NV cache and returns a pointer +// to the NV_INDEX. If the returned value is zero, the index was not found. +// The 'locator' parameter, if not NULL, will be set to the offset in NV of the +// Index (the location of the handle of the Index). +// +// This function will set the index cache. If the index is orderly, the attributes +// from RAM are substituted for the attributes in the cached index +NV_INDEX * +NvGetIndexInfo( + TPM_HANDLE nvHandle, // IN: the index handle + NV_REF *locator // OUT: location of the index +); + +//*** NvWriteIndexData() +// This function is used to write NV index data. It is intended to be used to +// update the data associated with the default index. +// +// This function requires that the NV Index is defined, and the data is +// within the defined data range for the index. +// +// Index data is only written due to a command that modifies the data in a single +// index. There is no case where changes are made to multiple indexes data at the +// same time. Multiple attributes may be change but not multiple index data. This +// is important because we will normally be handling the index for which we have +// the cached pointer values. +// Return type: TPM_RC +// TPM_RC_NV_RATE NV is rate limiting so retry +// TPM_RC_NV_UNAVAILABLE NV is not available +TPM_RC +NvWriteIndexData( + NV_INDEX *nvIndex, // IN: the description of the index + UINT32 offset, // IN: offset of NV data + UINT32 size, // IN: size of NV data + void *data // IN: data buffer +); + +//*** NvWriteUINT64Data() +// This function to write back a UINT64 value. The various UINT64 values (bits, +// counters, and PINs) are kept in canonical format but manipulate in native +// format. This takes a native format value converts it and saves it back as +// in canonical format. +// +// This function will return the value from NV or RAM depending on the type of the +// index (orderly or not) +// +TPM_RC +NvWriteUINT64Data( + NV_INDEX *nvIndex, // IN: the description of the index + UINT64 intValue // IN: the value to write +); + +//*** NvGetIndexName() +// This function computes the Name of an index +// The 'name' buffer receives the bytes of the Name and the return value +// is the number of octets in the Name. +// +// This function requires that the NV Index is defined. +TPM2B_NAME * +NvGetIndexName( + NV_INDEX *nvIndex, // IN: the index over which the name is to be + // computed + TPM2B_NAME *name // OUT: name of the index +); + +//*** NvGetNameByIndexHandle() +// This function is used to compute the Name of an NV Index referenced by handle. +// +// The 'name' buffer receives the bytes of the Name and the return value +// is the number of octets in the Name. +// +// This function requires that the NV Index is defined. +TPM2B_NAME * +NvGetNameByIndexHandle( + TPMI_RH_NV_INDEX handle, // IN: handle of the index + TPM2B_NAME *name // OUT: name of the index +); + +//*** NvDefineIndex() +// This function is used to assign NV memory to an NV Index. +// +// Return Type: TPM_RC +// TPM_RC_NV_SPACE insufficient NV space +TPM_RC +NvDefineIndex( + TPMS_NV_PUBLIC *publicArea, // IN: A template for an area to create. + TPM2B_AUTH *authValue // IN: The initial authorization value +); + +//*** NvAddEvictObject() +// This function is used to assign NV memory to a persistent object. +// Return Type: TPM_RC +// TPM_RC_NV_HANDLE the requested handle is already in use +// TPM_RC_NV_SPACE insufficient NV space +TPM_RC +NvAddEvictObject( + TPMI_DH_OBJECT evictHandle, // IN: new evict handle + OBJECT *object // IN: object to be added +); + +//*** NvDeleteIndex() +// This function is used to delete an NV Index. +// Return Type: TPM_RC +// TPM_RC_NV_UNAVAILABLE NV is not accessible +// TPM_RC_NV_RATE NV is rate limiting +TPM_RC +NvDeleteIndex( + NV_INDEX *nvIndex, // IN: an in RAM index descriptor + NV_REF entityAddr // IN: location in NV +); + +TPM_RC +NvDeleteEvict( + TPM_HANDLE handle // IN: handle of entity to be deleted +); + +//*** NvFlushHierarchy() +// This function will delete persistent objects belonging to the indicated hierarchy. +// If the storage hierarchy is selected, the function will also delete any +// NV Index defined using ownerAuth. +// Return Type: TPM_RC +// TPM_RC_NV_RATE NV is unavailable because of rate limit +// TPM_RC_NV_UNAVAILABLE NV is inaccessible +TPM_RC +NvFlushHierarchy( + TPMI_RH_HIERARCHY hierarchy // IN: hierarchy to be flushed. +); + +//*** NvSetGlobalLock() +// This function is used to SET the TPMA_NV_WRITELOCKED attribute for all +// NV indexes that have TPMA_NV_GLOBALLOCK SET. This function is use by +// TPM2_NV_GlobalWriteLock(). +// Return Type: TPM_RC +// TPM_RC_NV_RATE NV is unavailable because of rate limit +// TPM_RC_NV_UNAVAILABLE NV is inaccessible +TPM_RC +NvSetGlobalLock( + void +); + +//*** NvCapGetPersistent() +// This function is used to get a list of handles of the persistent objects, +// starting at 'handle'. +// +// 'Handle' must be in valid persistent object handle range, but does not +// have to reference an existing persistent object. +// Return Type: TPMI_YES_NO +// YES if there are more handles available +// NO all the available handles has been returned +TPMI_YES_NO +NvCapGetPersistent( + TPMI_DH_OBJECT handle, // IN: start handle + UINT32 count, // IN: maximum number of returned handles + TPML_HANDLE *handleList // OUT: list of handle +); + +//*** NvCapGetIndex() +// This function returns a list of handles of NV indexes, starting from 'handle'. +// 'Handle' must be in the range of NV indexes, but does not have to reference +// an existing NV Index. +// Return Type: TPMI_YES_NO +// YES if there are more handles to report +// NO all the available handles has been reported +TPMI_YES_NO +NvCapGetIndex( + TPMI_DH_OBJECT handle, // IN: start handle + UINT32 count, // IN: max number of returned handles + TPML_HANDLE *handleList // OUT: list of handle +); + +//*** NvCapGetIndexNumber() +// This function returns the count of NV Indexes currently defined. +UINT32 +NvCapGetIndexNumber( + void +); + +//*** NvCapGetPersistentNumber() +// Function returns the count of persistent objects currently in NV memory. +UINT32 +NvCapGetPersistentNumber( + void +); + +//*** NvCapGetPersistentAvail() +// This function returns an estimate of the number of additional persistent +// objects that could be loaded into NV memory. +UINT32 +NvCapGetPersistentAvail( + void +); + +//*** NvCapGetCounterNumber() +// Get the number of defined NV Indexes that are counter indexes. +UINT32 +NvCapGetCounterNumber( + void +); + +//*** NvEntityStartup() +// This function is called at TPM_Startup(). If the startup completes +// a TPM Resume cycle, no action is taken. If the startup is a TPM Reset +// or a TPM Restart, then this function will: +// 1. clear read/write lock; +// 2. reset NV Index data that has TPMA_NV_CLEAR_STCLEAR SET; and +// 3. set the lower bits in orderly counters to 1 for a non-orderly startup +// +// It is a prerequisite that NV be available for writing before this +// function is called. +BOOL +NvEntityStartup( + STARTUP_TYPE type // IN: start up type +); + +//*** NvCapGetCounterAvail() +// This function returns an estimate of the number of additional counter type +// NV indexes that can be defined. +UINT32 +NvCapGetCounterAvail( + void +); + +//*** NvFindHandle() +// this function returns the offset in NV memory of the entity associated +// with the input handle. A value of zero indicates that handle does not +// exist reference an existing persistent object or defined NV Index. +NV_REF +NvFindHandle( + TPM_HANDLE handle +); + +//*** NvReadMaxCount() +// This function returns the max NV counter value. +// +UINT64 +NvReadMaxCount( + void +); + +//*** NvUpdateMaxCount() +// This function updates the max counter value to NV memory. This is just staging +// for the actual write that will occur when the NV index memory is modified. +// +void +NvUpdateMaxCount( + UINT64 count +); + +//*** NvSetMaxCount() +// This function is used at NV initialization time to set the initial value of +// the maximum counter. +void +NvSetMaxCount( + UINT64 value +); + +//*** NvGetMaxCount() +// Function to get the NV max counter value from the end-of-list marker +UINT64 +NvGetMaxCount( + void +); + +#endif // _NV_DYNAMIC_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NvReserved_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NvReserved_fp.h new file mode 100644 index 000000000..5d912abea --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NvReserved_fp.h @@ -0,0 +1,130 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Apr 2, 2019 Time: 04:23:27PM + */ + +#ifndef _NV_RESERVED_FP_H_ +#define _NV_RESERVED_FP_H_ + +//*** NvCheckState() +// Function to check the NV state by accessing the platform-specific function +// to get the NV state. The result state is registered in s_NvIsAvailable +// that will be reported by NvIsAvailable. +// +// This function is called at the beginning of ExecuteCommand before any potential +// check of g_NvStatus. +void +NvCheckState( + void +); + +//*** NvCommit +// This is a wrapper for the platform function to commit pending NV writes. +BOOL +NvCommit( + void +); + +//*** NvPowerOn() +// This function is called at _TPM_Init to initialize the NV environment. +// Return Type: BOOL +// TRUE(1) all NV was initialized +// FALSE(0) the NV containing saved state had an error and +// TPM2_Startup(CLEAR) is required +BOOL +NvPowerOn( + void +); + +//*** NvManufacture() +// This function initializes the NV system at pre-install time. +// +// This function should only be called in a manufacturing environment or in a +// simulation. +// +// The layout of NV memory space is an implementation choice. +void +NvManufacture( + void +); + +//*** NvRead() +// This function is used to move reserved data from NV memory to RAM. +void +NvRead( + void *outBuffer, // OUT: buffer to receive data + UINT32 nvOffset, // IN: offset in NV of value + UINT32 size // IN: size of the value to read +); + +//*** NvWrite() +// This function is used to post reserved data for writing to NV memory. Before +// the TPM completes the operation, the value will be written. +BOOL +NvWrite( + UINT32 nvOffset, // IN: location in NV to receive data + UINT32 size, // IN: size of the data to move + void *inBuffer // IN: location containing data to write +); + +//*** NvUpdatePersistent() +// This function is used to update a value in the PERSISTENT_DATA structure and +// commits the value to NV. +void +NvUpdatePersistent( + UINT32 offset, // IN: location in PERMANENT_DATA to be updated + UINT32 size, // IN: size of the value + void *buffer // IN: the new data +); + +//*** NvClearPersistent() +// This function is used to clear a persistent data entry and commit it to NV +void +NvClearPersistent( + UINT32 offset, // IN: the offset in the PERMANENT_DATA + // structure to be cleared (zeroed) + UINT32 size // IN: number of bytes to clear +); + +//*** NvReadPersistent() +// This function reads persistent data to the RAM copy of the 'gp' structure. +void +NvReadPersistent( + void +); + +#endif // _NV_RESERVED_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ObjectChangeAuth_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ObjectChangeAuth_fp.h new file mode 100644 index 000000000..6e8b6f8ca --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ObjectChangeAuth_fp.h @@ -0,0 +1,70 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_ObjectChangeAuth // Command must be enabled + +#ifndef _Object_Change_Auth_FP_H_ +#define _Object_Change_Auth_FP_H_ + +// Input structure definition +typedef struct { + TPMI_DH_OBJECT objectHandle; + TPMI_DH_OBJECT parentHandle; + TPM2B_AUTH newAuth; +} ObjectChangeAuth_In; + +// Output structure definition +typedef struct { + TPM2B_PRIVATE outPrivate; +} ObjectChangeAuth_Out; + +// Response code modifiers +#define RC_ObjectChangeAuth_objectHandle (TPM_RC_H + TPM_RC_1) +#define RC_ObjectChangeAuth_parentHandle (TPM_RC_H + TPM_RC_2) +#define RC_ObjectChangeAuth_newAuth (TPM_RC_P + TPM_RC_1) + +// Function prototype +TPM_RC +TPM2_ObjectChangeAuth( + ObjectChangeAuth_In *in, + ObjectChangeAuth_Out *out +); + +#endif // _Object_Change_Auth_FP_H_ +#endif // CC_ObjectChangeAuth diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Object_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Object_fp.h new file mode 100644 index 000000000..9574ab6c7 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Object_fp.h @@ -0,0 +1,355 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Apr 2, 2019 Time: 04:23:27PM + */ + +#ifndef _OBJECT_FP_H_ +#define _OBJECT_FP_H_ + +//*** ObjectFlush() +// This function marks an object slot as available. +// Since there is no checking of the input parameters, it should be used +// judiciously. +// Note: This could be converted to a macro. +void +ObjectFlush( + OBJECT *object +); + +//*** ObjectSetInUse() +// This access function sets the occupied attribute of an object slot. +void +ObjectSetInUse( + OBJECT *object +); + +//*** ObjectStartup() +// This function is called at TPM2_Startup() to initialize the object subsystem. +BOOL +ObjectStartup( + void +); + +//*** ObjectCleanupEvict() +// +// In this implementation, a persistent object is moved from NV into an object slot +// for processing. It is flushed after command execution. This function is called +// from ExecuteCommand(). +void +ObjectCleanupEvict( + void +); + +//*** IsObjectPresent() +// This function checks to see if a transient handle references a loaded +// object. This routine should not be called if the handle is not a +// transient handle. The function validates that the handle is in the +// implementation-dependent allowed in range for loaded transient objects. +// Return Type: BOOL +// TRUE(1) handle references a loaded object +// FALSE(0) handle is not an object handle, or it does not +// reference to a loaded object +BOOL +IsObjectPresent( + TPMI_DH_OBJECT handle // IN: handle to be checked +); + +//*** ObjectIsSequence() +// This function is used to check if the object is a sequence object. This function +// should not be called if the handle does not reference a loaded object. +// Return Type: BOOL +// TRUE(1) object is an HMAC, hash, or event sequence object +// FALSE(0) object is not an HMAC, hash, or event sequence object +BOOL +ObjectIsSequence( + OBJECT *object // IN: handle to be checked +); + +//*** HandleToObject() +// This function is used to find the object structure associated with a handle. +// +// This function requires that 'handle' references a loaded object or a permanent +// handle. +OBJECT* +HandleToObject( + TPMI_DH_OBJECT handle // IN: handle of the object +); + +//*** GetQualifiedName() +// This function returns the Qualified Name of the object. In this implementation, +// the Qualified Name is computed when the object is loaded and is saved in the +// internal representation of the object. The alternative would be to retain the +// Name of the parent and compute the QN when needed. This would take the same +// amount of space so it is not recommended that the alternate be used. +// +// This function requires that 'handle' references a loaded object. +void +GetQualifiedName( + TPMI_DH_OBJECT handle, // IN: handle of the object + TPM2B_NAME *qualifiedName // OUT: qualified name of the object +); + +//*** ObjectGetHierarchy() +// This function returns the handle for the hierarchy of an object. +TPMI_RH_HIERARCHY +ObjectGetHierarchy( + OBJECT *object // IN :object +); + +//*** GetHeriarchy() +// This function returns the handle of the hierarchy to which a handle belongs. +// This function is similar to ObjectGetHierarchy() but this routine takes +// a handle but ObjectGetHierarchy() takes an pointer to an object. +// +// This function requires that 'handle' references a loaded object. +TPMI_RH_HIERARCHY +GetHeriarchy( + TPMI_DH_OBJECT handle // IN :object handle +); + +//*** FindEmptyObjectSlot() +// This function finds an open object slot, if any. It will clear the attributes +// but will not set the occupied attribute. This is so that a slot may be used +// and discarded if everything does not go as planned. +// Return Type: OBJECT * +// NULL no open slot found +// != NULL pointer to available slot +OBJECT * +FindEmptyObjectSlot( + TPMI_DH_OBJECT *handle // OUT: (optional) +); + +//*** ObjectAllocateSlot() +// This function is used to allocate a slot in internal object array. +OBJECT * +ObjectAllocateSlot( + TPMI_DH_OBJECT *handle // OUT: handle of allocated object +); + +//*** ObjectSetLoadedAttributes() +// This function sets the internal attributes for a loaded object. It is called to +// finalize the OBJECT attributes (not the TPMA_OBJECT attributes) for a loaded +// object. +void +ObjectSetLoadedAttributes( + OBJECT *object, // IN: object attributes to finalize + TPM_HANDLE parentHandle // IN: the parent handle +); + +//*** ObjectLoad() +// Common function to load an object. A loaded object has its public area validated +// (unless its 'nameAlg' is TPM_ALG_NULL). If a sensitive part is loaded, it is +// verified to be correct and if both public and sensitive parts are loaded, then +// the cryptographic binding between the objects is validated. This function does +// not cause the allocated slot to be marked as in use. +TPM_RC +ObjectLoad( + OBJECT *object, // IN: pointer to object slot + // object + OBJECT *parent, // IN: (optional) the parent object + TPMT_PUBLIC *publicArea, // IN: public area to be installed in the object + TPMT_SENSITIVE *sensitive, // IN: (optional) sensitive area to be + // installed in the object + TPM_RC blamePublic, // IN: parameter number to associate with the + // publicArea errors + TPM_RC blameSensitive,// IN: parameter number to associate with the + // sensitive area errors + TPM2B_NAME *name // IN: (optional) +); + +#if CC_HMAC_Start || CC_MAC_Start +//*** ObjectCreateHMACSequence() +// This function creates an internal HMAC sequence object. +// Return Type: TPM_RC +// TPM_RC_OBJECT_MEMORY if there is no free slot for an object +TPM_RC +ObjectCreateHMACSequence( + TPMI_ALG_HASH hashAlg, // IN: hash algorithm + OBJECT *keyObject, // IN: the object containing the HMAC key + TPM2B_AUTH *auth, // IN: authValue + TPMI_DH_OBJECT *newHandle // OUT: HMAC sequence object handle +); +#endif + +//*** ObjectCreateHashSequence() +// This function creates a hash sequence object. +// Return Type: TPM_RC +// TPM_RC_OBJECT_MEMORY if there is no free slot for an object +TPM_RC +ObjectCreateHashSequence( + TPMI_ALG_HASH hashAlg, // IN: hash algorithm + TPM2B_AUTH *auth, // IN: authValue + TPMI_DH_OBJECT *newHandle // OUT: sequence object handle +); + +//*** ObjectCreateEventSequence() +// This function creates an event sequence object. +// Return Type: TPM_RC +// TPM_RC_OBJECT_MEMORY if there is no free slot for an object +TPM_RC +ObjectCreateEventSequence( + TPM2B_AUTH *auth, // IN: authValue + TPMI_DH_OBJECT *newHandle // OUT: sequence object handle +); + +//*** ObjectTerminateEvent() +// This function is called to close out the event sequence and clean up the hash +// context states. +void +ObjectTerminateEvent( + void +); + +//*** ObjectContextLoad() +// This function loads an object from a saved object context. +// Return Type: OBJECT * +// NULL if there is no free slot for an object +// != NULL points to the loaded object +OBJECT * +ObjectContextLoad( + ANY_OBJECT_BUFFER *object, // IN: pointer to object structure in saved + // context + TPMI_DH_OBJECT *handle // OUT: object handle +); + +//*** FlushObject() +// This function frees an object slot. +// +// This function requires that the object is loaded. +void +FlushObject( + TPMI_DH_OBJECT handle // IN: handle to be freed +); + +//*** ObjectFlushHierarchy() +// This function is called to flush all the loaded transient objects associated +// with a hierarchy when the hierarchy is disabled. +void +ObjectFlushHierarchy( + TPMI_RH_HIERARCHY hierarchy // IN: hierarchy to be flush +); + +//*** ObjectLoadEvict() +// This function loads a persistent object into a transient object slot. +// +// This function requires that 'handle' is associated with a persistent object. +// Return Type: TPM_RC +// TPM_RC_HANDLE the persistent object does not exist +// or the associated hierarchy is disabled. +// TPM_RC_OBJECT_MEMORY no object slot +TPM_RC +ObjectLoadEvict( + TPM_HANDLE *handle, // IN:OUT: evict object handle. If success, it + // will be replace by the loaded object handle + COMMAND_INDEX commandIndex // IN: the command being processed +); + +//*** ObjectComputeName() +// This does the name computation from a public area (can be marshaled or not). +TPM2B_NAME * +ObjectComputeName( + UINT32 size, // IN: the size of the area to digest + BYTE *publicArea, // IN: the public area to digest + TPM_ALG_ID nameAlg, // IN: the hash algorithm to use + TPM2B_NAME *name // OUT: Computed name +); + +//*** PublicMarshalAndComputeName() +// This function computes the Name of an object from its public area. +TPM2B_NAME * +PublicMarshalAndComputeName( + TPMT_PUBLIC *publicArea, // IN: public area of an object + TPM2B_NAME *name // OUT: name of the object +); + +//*** ComputeQualifiedName() +// This function computes the qualified name of an object. +void +ComputeQualifiedName( + TPM_HANDLE parentHandle, // IN: parent's handle + TPM_ALG_ID nameAlg, // IN: name hash + TPM2B_NAME *name, // IN: name of the object + TPM2B_NAME *qualifiedName // OUT: qualified name of the object +); + +//*** ObjectIsStorage() +// This function determines if an object has the attributes associated +// with a parent. A parent is an asymmetric or symmetric block cipher key +// that has its 'restricted' and 'decrypt' attributes SET, and 'sign' CLEAR. +// Return Type: BOOL +// TRUE(1) object is a storage key +// FALSE(0) object is not a storage key +BOOL +ObjectIsStorage( + TPMI_DH_OBJECT handle // IN: object handle +); + +//*** ObjectCapGetLoaded() +// This function returns a a list of handles of loaded object, starting from +// 'handle'. 'Handle' must be in the range of valid transient object handles, +// but does not have to be the handle of a loaded transient object. +// Return Type: TPMI_YES_NO +// YES if there are more handles available +// NO all the available handles has been returned +TPMI_YES_NO +ObjectCapGetLoaded( + TPMI_DH_OBJECT handle, // IN: start handle + UINT32 count, // IN: count of returned handles + TPML_HANDLE *handleList // OUT: list of handle +); + +//*** ObjectCapGetTransientAvail() +// This function returns an estimate of the number of additional transient +// objects that could be loaded into the TPM. +UINT32 +ObjectCapGetTransientAvail( + void +); + +//*** ObjectGetPublicAttributes() +// Returns the attributes associated with an object handles. +TPMA_OBJECT +ObjectGetPublicAttributes( + TPM_HANDLE handle +); + +OBJECT_ATTRIBUTES +ObjectGetProperties( + TPM_HANDLE handle +); + +#endif // _OBJECT_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Object_spt_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Object_spt_fp.h new file mode 100644 index 000000000..3dbd2e3ec --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Object_spt_fp.h @@ -0,0 +1,393 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Mar 28, 2019 Time: 08:25:18PM + */ + +#ifndef _OBJECT_SPT_FP_H_ +#define _OBJECT_SPT_FP_H_ + +//*** AdjustAuthSize() +// This function will validate that the input authValue is no larger than the +// digestSize for the nameAlg. It will then pad with zeros to the size of the +// digest. +BOOL +AdjustAuthSize( + TPM2B_AUTH *auth, // IN/OUT: value to adjust + TPMI_ALG_HASH nameAlg // IN: +); + +//*** AreAttributesForParent() +// This function is called by create, load, and import functions. +// Note: The 'isParent' attribute is SET when an object is loaded and it has +// attributes that are suitable for a parent object. +// Return Type: BOOL +// TRUE(1) properties are those of a parent +// FALSE(0) properties are not those of a parent +BOOL +ObjectIsParent( + OBJECT *parentObject // IN: parent handle +); + +//*** CreateChecks() +// Attribute checks that are unique to creation. +// Return Type: TPM_RC +// TPM_RC_ATTRIBUTES sensitiveDataOrigin is not consistent with the +// object type +// other returns from PublicAttributesValidation() +TPM_RC +CreateChecks( + OBJECT *parentObject, + TPMT_PUBLIC *publicArea, + UINT16 sensitiveDataSize +); + +//*** SchemeChecks +// This function is called by TPM2_LoadExternal() and PublicAttributesValidation(). +// This function validates the schemes in the public area of an object. +// Return Type: TPM_RC +// TPM_RC_HASH non-duplicable storage key and its parent have different +// name algorithm +// TPM_RC_KDF incorrect KDF specified for decrypting keyed hash object +// TPM_RC_KEY invalid key size values in an asymmetric key public area +// TPM_RCS_SCHEME inconsistent attributes 'decrypt', 'sign', 'restricted' +// and key's scheme ID; or hash algorithm is inconsistent +// with the scheme ID for keyed hash object +// TPM_RC_SYMMETRIC a storage key with no symmetric algorithm specified; or +// non-storage key with symmetric algorithm different from +// ALG_NULL +TPM_RC +SchemeChecks( + OBJECT *parentObject, // IN: parent (null if primary seed) + TPMT_PUBLIC *publicArea // IN: public area of the object +); + +//*** PublicAttributesValidation() +// This function validates the values in the public area of an object. +// This function is used in the processing of TPM2_Create, TPM2_CreatePrimary, +// TPM2_CreateLoaded(), TPM2_Load(), TPM2_Import(), and TPM2_LoadExternal(). +// For TPM2_Import() this is only used if the new parent has fixedTPM SET. For +// TPM2_LoadExternal(), this is not used for a public-only key +// Return Type: TPM_RC +// TPM_RC_ATTRIBUTES 'fixedTPM', 'fixedParent', or 'encryptedDuplication' +// attributes are inconsistent between themselves or with +// those of the parent object; +// inconsistent 'restricted', 'decrypt' and 'sign' +// attributes; +// attempt to inject sensitive data for an asymmetric key; +// attempt to create a symmetric cipher key that is not +// a decryption key +// TPM_RC_HASH nameAlg is TPM_ALG_NULL +// TPM_RC_SIZE 'authPolicy' size does not match digest size of the name +// algorithm in 'publicArea' +// other returns from SchemeChecks() +TPM_RC +PublicAttributesValidation( + OBJECT *parentObject, // IN: input parent object + TPMT_PUBLIC *publicArea // IN: public area of the object +); + +//*** FillInCreationData() +// Fill in creation data for an object. +// Return Type: void +void +FillInCreationData( + TPMI_DH_OBJECT parentHandle, // IN: handle of parent + TPMI_ALG_HASH nameHashAlg, // IN: name hash algorithm + TPML_PCR_SELECTION *creationPCR, // IN: PCR selection + TPM2B_DATA *outsideData, // IN: outside data + TPM2B_CREATION_DATA *outCreation, // OUT: creation data for output + TPM2B_DIGEST *creationDigest // OUT: creation digest +); + +//*** GetSeedForKDF() +// Get a seed for KDF. The KDF for encryption and HMAC key use the same seed. +const TPM2B * +GetSeedForKDF( + OBJECT *protector // IN: the protector handle +); + +//*** ProduceOuterWrap() +// This function produce outer wrap for a buffer containing the sensitive data. +// It requires the sensitive data being marshaled to the outerBuffer, with the +// leading bytes reserved for integrity hash. If iv is used, iv space should +// be reserved at the beginning of the buffer. It assumes the sensitive data +// starts at address (outerBuffer + integrity size @). +// This function performs: +// 1. Add IV before sensitive area if required +// 2. encrypt sensitive data, if iv is required, encrypt by iv. otherwise, +// encrypted by a NULL iv +// 3. add HMAC integrity at the beginning of the buffer +// It returns the total size of blob with outer wrap +UINT16 +ProduceOuterWrap( + OBJECT *protector, // IN: The handle of the object that provides + // protection. For object, it is parent + // handle. For credential, it is the handle + // of encrypt object. + TPM2B *name, // IN: the name of the object + TPM_ALG_ID hashAlg, // IN: hash algorithm for outer wrap + TPM2B *seed, // IN: an external seed may be provided for + // duplication blob. For non duplication + // blob, this parameter should be NULL + BOOL useIV, // IN: indicate if an IV is used + UINT16 dataSize, // IN: the size of sensitive data, excluding the + // leading integrity buffer size or the + // optional iv size + BYTE *outerBuffer // IN/OUT: outer buffer with sensitive data in + // it +); + +//*** UnwrapOuter() +// This function remove the outer wrap of a blob containing sensitive data +// This function performs: +// 1. check integrity of outer blob +// 2. decrypt outer blob +// +// Return Type: TPM_RC +// TPM_RCS_INSUFFICIENT error during sensitive data unmarshaling +// TPM_RCS_INTEGRITY sensitive data integrity is broken +// TPM_RCS_SIZE error during sensitive data unmarshaling +// TPM_RCS_VALUE IV size for CFB does not match the encryption +// algorithm block size +TPM_RC +UnwrapOuter( + OBJECT *protector, // IN: The object that provides + // protection. For object, it is parent + // handle. For credential, it is the + // encrypt object. + TPM2B *name, // IN: the name of the object + TPM_ALG_ID hashAlg, // IN: hash algorithm for outer wrap + TPM2B *seed, // IN: an external seed may be provided for + // duplication blob. For non duplication + // blob, this parameter should be NULL. + BOOL useIV, // IN: indicates if an IV is used + UINT16 dataSize, // IN: size of sensitive data in outerBuffer, + // including the leading integrity buffer + // size, and an optional iv area + BYTE *outerBuffer // IN/OUT: sensitive data +); + +//*** SensitiveToPrivate() +// This function prepare the private blob for off the chip storage +// The operations in this function: +// 1. marshal TPM2B_SENSITIVE structure into the buffer of TPM2B_PRIVATE +// 2. apply encryption to the sensitive area. +// 3. apply outer integrity computation. +void +SensitiveToPrivate( + TPMT_SENSITIVE *sensitive, // IN: sensitive structure + TPM2B_NAME *name, // IN: the name of the object + OBJECT *parent, // IN: The parent object + TPM_ALG_ID nameAlg, // IN: hash algorithm in public area. This + // parameter is used when parentHandle is + // NULL, in which case the object is + // temporary. + TPM2B_PRIVATE *outPrivate // OUT: output private structure +); + +//*** PrivateToSensitive() +// Unwrap a input private area. Check the integrity, decrypt and retrieve data +// to a sensitive structure. +// The operations in this function: +// 1. check the integrity HMAC of the input private area +// 2. decrypt the private buffer +// 3. unmarshal TPMT_SENSITIVE structure into the buffer of TPMT_SENSITIVE +// Return Type: TPM_RC +// TPM_RCS_INTEGRITY if the private area integrity is bad +// TPM_RC_SENSITIVE unmarshal errors while unmarshaling TPMS_ENCRYPT +// from input private +// TPM_RCS_SIZE error during sensitive data unmarshaling +// TPM_RCS_VALUE outer wrapper does not have an iV of the correct +// size +TPM_RC +PrivateToSensitive( + TPM2B *inPrivate, // IN: input private structure + TPM2B *name, // IN: the name of the object + OBJECT *parent, // IN: parent object + TPM_ALG_ID nameAlg, // IN: hash algorithm in public area. It is + // passed separately because we only pass + // name, rather than the whole public area + // of the object. This parameter is used in + // the following two cases: 1. primary + // objects. 2. duplication blob with inner + // wrap. In other cases, this parameter + // will be ignored + TPMT_SENSITIVE *sensitive // OUT: sensitive structure +); + +//*** SensitiveToDuplicate() +// This function prepare the duplication blob from the sensitive area. +// The operations in this function: +// 1. marshal TPMT_SENSITIVE structure into the buffer of TPM2B_PRIVATE +// 2. apply inner wrap to the sensitive area if required +// 3. apply outer wrap if required +void +SensitiveToDuplicate( + TPMT_SENSITIVE *sensitive, // IN: sensitive structure + TPM2B *name, // IN: the name of the object + OBJECT *parent, // IN: The new parent object + TPM_ALG_ID nameAlg, // IN: hash algorithm in public area. It + // is passed separately because we + // only pass name, rather than the + // whole public area of the object. + TPM2B *seed, // IN: the external seed. If external + // seed is provided with size of 0, + // no outer wrap should be applied + // to duplication blob. + TPMT_SYM_DEF_OBJECT *symDef, // IN: Symmetric key definition. If the + // symmetric key algorithm is NULL, + // no inner wrap should be applied. + TPM2B_DATA *innerSymKey, // IN/OUT: a symmetric key may be + // provided to encrypt the inner + // wrap of a duplication blob. May + // be generated here if needed. + TPM2B_PRIVATE *outPrivate // OUT: output private structure +); + +//*** DuplicateToSensitive() +// Unwrap a duplication blob. Check the integrity, decrypt and retrieve data +// to a sensitive structure. +// The operations in this function: +// 1. check the integrity HMAC of the input private area +// 2. decrypt the private buffer +// 3. unmarshal TPMT_SENSITIVE structure into the buffer of TPMT_SENSITIVE +// +// Return Type: TPM_RC +// TPM_RC_INSUFFICIENT unmarshaling sensitive data from 'inPrivate' failed +// TPM_RC_INTEGRITY 'inPrivate' data integrity is broken +// TPM_RC_SIZE unmarshaling sensitive data from 'inPrivate' failed +TPM_RC +DuplicateToSensitive( + TPM2B *inPrivate, // IN: input private structure + TPM2B *name, // IN: the name of the object + OBJECT *parent, // IN: the parent + TPM_ALG_ID nameAlg, // IN: hash algorithm in public area. + TPM2B *seed, // IN: an external seed may be provided. + // If external seed is provided with + // size of 0, no outer wrap is + // applied + TPMT_SYM_DEF_OBJECT *symDef, // IN: Symmetric key definition. If the + // symmetric key algorithm is NULL, + // no inner wrap is applied + TPM2B *innerSymKey, // IN: a symmetric key may be provided + // to decrypt the inner wrap of a + // duplication blob. + TPMT_SENSITIVE *sensitive // OUT: sensitive structure +); + +//*** SecretToCredential() +// This function prepare the credential blob from a secret (a TPM2B_DIGEST) +// The operations in this function: +// 1. marshal TPM2B_DIGEST structure into the buffer of TPM2B_ID_OBJECT +// 2. encrypt the private buffer, excluding the leading integrity HMAC area +// 3. compute integrity HMAC and append to the beginning of the buffer. +// 4. Set the total size of TPM2B_ID_OBJECT buffer +void +SecretToCredential( + TPM2B_DIGEST *secret, // IN: secret information + TPM2B *name, // IN: the name of the object + TPM2B *seed, // IN: an external seed. + OBJECT *protector, // IN: the protector + TPM2B_ID_OBJECT *outIDObject // OUT: output credential +); + +//*** CredentialToSecret() +// Unwrap a credential. Check the integrity, decrypt and retrieve data +// to a TPM2B_DIGEST structure. +// The operations in this function: +// 1. check the integrity HMAC of the input credential area +// 2. decrypt the credential buffer +// 3. unmarshal TPM2B_DIGEST structure into the buffer of TPM2B_DIGEST +// +// Return Type: TPM_RC +// TPM_RC_INSUFFICIENT error during credential unmarshaling +// TPM_RC_INTEGRITY credential integrity is broken +// TPM_RC_SIZE error during credential unmarshaling +// TPM_RC_VALUE IV size does not match the encryption algorithm +// block size +TPM_RC +CredentialToSecret( + TPM2B *inIDObject, // IN: input credential blob + TPM2B *name, // IN: the name of the object + TPM2B *seed, // IN: an external seed. + OBJECT *protector, // IN: the protector + TPM2B_DIGEST *secret // OUT: secret information +); + +//*** MemoryRemoveTrailingZeros() +// This function is used to adjust the length of an authorization value. +// It adjusts the size of the TPM2B so that it does not include octets +// at the end of the buffer that contain zero. +// The function returns the number of non-zero octets in the buffer. +UINT16 +MemoryRemoveTrailingZeros( + TPM2B_AUTH *auth // IN/OUT: value to adjust +); + +//*** SetLabelAndContext() +// This function sets the label and context for a derived key. It is possible +// that 'label' or 'context' can end up being an Empty Buffer. +TPM_RC +SetLabelAndContext( + TPMS_DERIVE *labelContext, // IN/OUT: the recovered label and + // context + TPM2B_SENSITIVE_DATA *sensitive // IN: the sensitive data +); + +//*** UnmarshalToPublic() +// Support function to unmarshal the template. This is used because the +// Input may be a TPMT_TEMPLATE and that structure does not have the same +// size as a TPMT_PUBLIC because of the difference between the 'unique' and +// 'seed' fields. +// If 'derive' is not NULL, then the 'seed' field is assumed to contain +// a 'label' and 'context' that are unmarshaled into 'derive'. +TPM_RC +UnmarshalToPublic( + TPMT_PUBLIC *tOut, // OUT: output + TPM2B_TEMPLATE *tIn, // IN: + BOOL derivation, // IN: indicates if this is for a derivation + TPMS_DERIVE *labelContext// OUT: label and context if derivation +); + +//*** ObjectSetExternal() +// Set the external attributes for an object. +void +ObjectSetExternal( + OBJECT *object +); + +#endif // _OBJECT_SPT_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_Allocate_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_Allocate_fp.h new file mode 100644 index 000000000..0af3dae51 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_Allocate_fp.h @@ -0,0 +1,71 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_PCR_Allocate // Command must be enabled + +#ifndef _PCR_Allocate_FP_H_ +#define _PCR_Allocate_FP_H_ + +// Input structure definition +typedef struct { + TPMI_RH_PLATFORM authHandle; + TPML_PCR_SELECTION pcrAllocation; +} PCR_Allocate_In; + +// Output structure definition +typedef struct { + TPMI_YES_NO allocationSuccess; + UINT32 maxPCR; + UINT32 sizeNeeded; + UINT32 sizeAvailable; +} PCR_Allocate_Out; + +// Response code modifiers +#define RC_PCR_Allocate_authHandle (TPM_RC_H + TPM_RC_1) +#define RC_PCR_Allocate_pcrAllocation (TPM_RC_P + TPM_RC_1) + +// Function prototype +TPM_RC +TPM2_PCR_Allocate( + PCR_Allocate_In *in, + PCR_Allocate_Out *out +); + +#endif // _PCR_Allocate_FP_H_ +#endif // CC_PCR_Allocate diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_Event_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_Event_fp.h new file mode 100644 index 000000000..33e3fc341 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_Event_fp.h @@ -0,0 +1,68 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_PCR_Event // Command must be enabled + +#ifndef _PCR_Event_FP_H_ +#define _PCR_Event_FP_H_ + +// Input structure definition +typedef struct { + TPMI_DH_PCR pcrHandle; + TPM2B_EVENT eventData; +} PCR_Event_In; + +// Output structure definition +typedef struct { + TPML_DIGEST_VALUES digests; +} PCR_Event_Out; + +// Response code modifiers +#define RC_PCR_Event_pcrHandle (TPM_RC_H + TPM_RC_1) +#define RC_PCR_Event_eventData (TPM_RC_P + TPM_RC_1) + +// Function prototype +TPM_RC +TPM2_PCR_Event( + PCR_Event_In *in, + PCR_Event_Out *out +); + +#endif // _PCR_Event_FP_H_ +#endif // CC_PCR_Event diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_Extend_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_Extend_fp.h new file mode 100644 index 000000000..cc9e6a924 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_Extend_fp.h @@ -0,0 +1,62 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_PCR_Extend // Command must be enabled + +#ifndef _PCR_Extend_FP_H_ +#define _PCR_Extend_FP_H_ + +// Input structure definition +typedef struct { + TPMI_DH_PCR pcrHandle; + TPML_DIGEST_VALUES digests; +} PCR_Extend_In; + +// Response code modifiers +#define RC_PCR_Extend_pcrHandle (TPM_RC_H + TPM_RC_1) +#define RC_PCR_Extend_digests (TPM_RC_P + TPM_RC_1) + +// Function prototype +TPM_RC +TPM2_PCR_Extend( + PCR_Extend_In *in +); + +#endif // _PCR_Extend_FP_H_ +#endif // CC_PCR_Extend diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_Read_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_Read_fp.h new file mode 100644 index 000000000..5a72fab5f --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_Read_fp.h @@ -0,0 +1,68 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_PCR_Read // Command must be enabled + +#ifndef _PCR_Read_FP_H_ +#define _PCR_Read_FP_H_ + +// Input structure definition +typedef struct { + TPML_PCR_SELECTION pcrSelectionIn; +} PCR_Read_In; + +// Output structure definition +typedef struct { + UINT32 pcrUpdateCounter; + TPML_PCR_SELECTION pcrSelectionOut; + TPML_DIGEST pcrValues; +} PCR_Read_Out; + +// Response code modifiers +#define RC_PCR_Read_pcrSelectionIn (TPM_RC_P + TPM_RC_1) + +// Function prototype +TPM_RC +TPM2_PCR_Read( + PCR_Read_In *in, + PCR_Read_Out *out +); + +#endif // _PCR_Read_FP_H_ +#endif // CC_PCR_Read diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_Reset_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_Reset_fp.h new file mode 100644 index 000000000..e47433f57 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_Reset_fp.h @@ -0,0 +1,60 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_PCR_Reset // Command must be enabled + +#ifndef _PCR_Reset_FP_H_ +#define _PCR_Reset_FP_H_ + +// Input structure definition +typedef struct { + TPMI_DH_PCR pcrHandle; +} PCR_Reset_In; + +// Response code modifiers +#define RC_PCR_Reset_pcrHandle (TPM_RC_H + TPM_RC_1) + +// Function prototype +TPM_RC +TPM2_PCR_Reset( + PCR_Reset_In *in +); + +#endif // _PCR_Reset_FP_H_ +#endif // CC_PCR_Reset diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_SetAuthPolicy_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_SetAuthPolicy_fp.h new file mode 100644 index 000000000..8cf671c45 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_SetAuthPolicy_fp.h @@ -0,0 +1,66 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_PCR_SetAuthPolicy // Command must be enabled + +#ifndef _PCR_Set_Auth_Policy_FP_H_ +#define _PCR_Set_Auth_Policy_FP_H_ + +// Input structure definition +typedef struct { + TPMI_RH_PLATFORM authHandle; + TPM2B_DIGEST authPolicy; + TPMI_ALG_HASH hashAlg; + TPMI_DH_PCR pcrNum; +} PCR_SetAuthPolicy_In; + +// Response code modifiers +#define RC_PCR_SetAuthPolicy_authHandle (TPM_RC_H + TPM_RC_1) +#define RC_PCR_SetAuthPolicy_authPolicy (TPM_RC_P + TPM_RC_1) +#define RC_PCR_SetAuthPolicy_hashAlg (TPM_RC_P + TPM_RC_2) +#define RC_PCR_SetAuthPolicy_pcrNum (TPM_RC_P + TPM_RC_3) + +// Function prototype +TPM_RC +TPM2_PCR_SetAuthPolicy( + PCR_SetAuthPolicy_In *in +); + +#endif // _PCR_Set_Auth_Policy_FP_H_ +#endif // CC_PCR_SetAuthPolicy diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_SetAuthValue_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_SetAuthValue_fp.h new file mode 100644 index 000000000..30d3db5d4 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_SetAuthValue_fp.h @@ -0,0 +1,62 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_PCR_SetAuthValue // Command must be enabled + +#ifndef _PCR_Set_Auth_Value_FP_H_ +#define _PCR_Set_Auth_Value_FP_H_ + +// Input structure definition +typedef struct { + TPMI_DH_PCR pcrHandle; + TPM2B_DIGEST auth; +} PCR_SetAuthValue_In; + +// Response code modifiers +#define RC_PCR_SetAuthValue_pcrHandle (TPM_RC_H + TPM_RC_1) +#define RC_PCR_SetAuthValue_auth (TPM_RC_P + TPM_RC_1) + +// Function prototype +TPM_RC +TPM2_PCR_SetAuthValue( + PCR_SetAuthValue_In *in +); + +#endif // _PCR_Set_Auth_Value_FP_H_ +#endif // CC_PCR_SetAuthValue diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_fp.h new file mode 100644 index 000000000..002607bf1 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_fp.h @@ -0,0 +1,318 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Apr 2, 2019 Time: 04:23:27PM + */ + +#ifndef _PCR_FP_H_ +#define _PCR_FP_H_ + +//*** PCRBelongsAuthGroup() +// This function indicates if a PCR belongs to a group that requires an authValue +// in order to modify the PCR. If it does, 'groupIndex' is set to value of +// the group index. This feature of PCR is decided by the platform specification. +// Return Type: BOOL +// TRUE(1) PCR belongs an authorization group +// FALSE(0) PCR does not belong an authorization group +BOOL +PCRBelongsAuthGroup( + TPMI_DH_PCR handle, // IN: handle of PCR + UINT32 *groupIndex // OUT: group index if PCR belongs a + // group that allows authValue. If PCR + // does not belong to an authorization + // group, the value in this parameter is + // invalid +); + +//*** PCRBelongsPolicyGroup() +// This function indicates if a PCR belongs to a group that requires a policy +// authorization in order to modify the PCR. If it does, 'groupIndex' is set +// to value of the group index. This feature of PCR is decided by the platform +// specification. +// Return Type: BOOL +// TRUE(1) PCR belongs a policy group +// FALSE(0) PCR does not belong a policy group +BOOL +PCRBelongsPolicyGroup( + TPMI_DH_PCR handle, // IN: handle of PCR + UINT32 *groupIndex // OUT: group index if PCR belongs a group that + // allows policy. If PCR does not belong to + // a policy group, the value in this + // parameter is invalid +); + +//*** PCRPolicyIsAvailable() +// This function indicates if a policy is available for a PCR. +// Return Type: BOOL +// TRUE(1) the PCR should be authorized by policy +// FALSE(0) the PCR does not allow policy +BOOL +PCRPolicyIsAvailable( + TPMI_DH_PCR handle // IN: PCR handle +); + +//*** PCRGetAuthValue() +// This function is used to access the authValue of a PCR. If PCR does not +// belong to an authValue group, an EmptyAuth will be returned. +TPM2B_AUTH * +PCRGetAuthValue( + TPMI_DH_PCR handle // IN: PCR handle +); + +//*** PCRGetAuthPolicy() +// This function is used to access the authorization policy of a PCR. It sets +// 'policy' to the authorization policy and returns the hash algorithm for policy +// If the PCR does not allow a policy, TPM_ALG_NULL is returned. +TPMI_ALG_HASH +PCRGetAuthPolicy( + TPMI_DH_PCR handle, // IN: PCR handle + TPM2B_DIGEST *policy // OUT: policy of PCR +); + +//*** PCRSimStart() +// This function is used to initialize the policies when a TPM is manufactured. +// This function would only be called in a manufacturing environment or in +// a TPM simulator. +void +PCRSimStart( + void +); + +//*** PcrIsAllocated() +// This function indicates if a PCR number for the particular hash algorithm +// is allocated. +// Return Type: BOOL +// TRUE(1) PCR is allocated +// FALSE(0) PCR is not allocated +BOOL +PcrIsAllocated( + UINT32 pcr, // IN: The number of the PCR + TPMI_ALG_HASH hashAlg // IN: The PCR algorithm +); + +//*** PcrDrtm() +// This function does the DRTM and H-CRTM processing it is called from +// _TPM_Hash_End. +void +PcrDrtm( + const TPMI_DH_PCR pcrHandle, // IN: the index of the PCR to be + // modified + const TPMI_ALG_HASH hash, // IN: the bank identifier + const TPM2B_DIGEST *digest // IN: the digest to modify the PCR +); + +//*** PCR_ClearAuth() +// This function is used to reset the PCR authorization values. It is called +// on TPM2_Startup(CLEAR) and TPM2_Clear(). +void +PCR_ClearAuth( + void +); + +//*** PCRStartup() +// This function initializes the PCR subsystem at TPM2_Startup(). +BOOL +PCRStartup( + STARTUP_TYPE type, // IN: startup type + BYTE locality // IN: startup locality +); + +//*** PCRStateSave() +// This function is used to save the PCR values that will be restored on TPM Resume. +void +PCRStateSave( + TPM_SU type // IN: startup type +); + +//*** PCRIsStateSaved() +// This function indicates if the selected PCR is a PCR that is state saved +// on TPM2_Shutdown(STATE). The return value is based on PCR attributes. +// Return Type: BOOL +// TRUE(1) PCR is state saved +// FALSE(0) PCR is not state saved +BOOL +PCRIsStateSaved( + TPMI_DH_PCR handle // IN: PCR handle to be extended +); + +//*** PCRIsResetAllowed() +// This function indicates if a PCR may be reset by the current command locality. +// The return value is based on PCR attributes, and not the PCR allocation. +// Return Type: BOOL +// TRUE(1) TPM2_PCR_Reset is allowed +// FALSE(0) TPM2_PCR_Reset is not allowed +BOOL +PCRIsResetAllowed( + TPMI_DH_PCR handle // IN: PCR handle to be extended +); + +//*** PCRChanged() +// This function checks a PCR handle to see if the attributes for the PCR are set +// so that any change to the PCR causes an increment of the pcrCounter. If it does, +// then the function increments the counter. Will also bump the counter if the +// handle is zero which means that PCR 0 can not be in the TCB group. Bump on zero +// is used by TPM2_Clear(). +void +PCRChanged( + TPM_HANDLE pcrHandle // IN: the handle of the PCR that changed. +); + +//*** PCRIsExtendAllowed() +// This function indicates a PCR may be extended at the current command locality. +// The return value is based on PCR attributes, and not the PCR allocation. +// Return Type: BOOL +// TRUE(1) extend is allowed +// FALSE(0) extend is not allowed +BOOL +PCRIsExtendAllowed( + TPMI_DH_PCR handle // IN: PCR handle to be extended +); + +//*** PCRExtend() +// This function is used to extend a PCR in a specific bank. +void +PCRExtend( + TPMI_DH_PCR handle, // IN: PCR handle to be extended + TPMI_ALG_HASH hash, // IN: hash algorithm of PCR + UINT32 size, // IN: size of data to be extended + BYTE *data // IN: data to be extended +); + +//*** PCRComputeCurrentDigest() +// This function computes the digest of the selected PCR. +// +// As a side-effect, 'selection' is modified so that only the implemented PCR +// will have their bits still set. +void +PCRComputeCurrentDigest( + TPMI_ALG_HASH hashAlg, // IN: hash algorithm to compute digest + TPML_PCR_SELECTION *selection, // IN/OUT: PCR selection (filtered on + // output) + TPM2B_DIGEST *digest // OUT: digest +); + +//*** PCRRead() +// This function is used to read a list of selected PCR. If the requested PCR +// number exceeds the maximum number that can be output, the 'selection' is +// adjusted to reflect the actual output PCR. +void +PCRRead( + TPML_PCR_SELECTION *selection, // IN/OUT: PCR selection (filtered on + // output) + TPML_DIGEST *digest, // OUT: digest + UINT32 *pcrCounter // OUT: the current value of PCR generation + // number +); + +//*** PcrWrite() +// This function is used by _TPM_Hash_End to set a PCR to the computed hash +// of the H-CRTM event. +void +PcrWrite( + TPMI_DH_PCR handle, // IN: PCR handle to be extended + TPMI_ALG_HASH hash, // IN: hash algorithm of PCR + TPM2B_DIGEST *digest // IN: the new value +); + +//*** PCRAllocate() +// This function is used to change the PCR allocation. +// Return Type: TPM_RC +// TPM_RC_NO_RESULT allocate failed +// TPM_RC_PCR improper allocation +TPM_RC +PCRAllocate( + TPML_PCR_SELECTION *allocate, // IN: required allocation + UINT32 *maxPCR, // OUT: Maximum number of PCR + UINT32 *sizeNeeded, // OUT: required space + UINT32 *sizeAvailable // OUT: available space +); + +//*** PCRSetValue() +// This function is used to set the designated PCR in all banks to an initial value. +// The initial value is signed and will be sign extended into the entire PCR. +// +void +PCRSetValue( + TPM_HANDLE handle, // IN: the handle of the PCR to set + INT8 initialValue // IN: the value to set +); + +//*** PCRResetDynamics +// This function is used to reset a dynamic PCR to 0. This function is used in +// DRTM sequence. +void +PCRResetDynamics( + void +); + +//*** PCRCapGetAllocation() +// This function is used to get the current allocation of PCR banks. +// Return Type: TPMI_YES_NO +// YES if the return count is 0 +// NO if the return count is not 0 +TPMI_YES_NO +PCRCapGetAllocation( + UINT32 count, // IN: count of return + TPML_PCR_SELECTION *pcrSelection // OUT: PCR allocation list +); + +//*** PCRCapGetProperties() +// This function returns a list of PCR properties starting at 'property'. +// Return Type: TPMI_YES_NO +// YES if no more property is available +// NO if there are more properties not reported +TPMI_YES_NO +PCRCapGetProperties( + TPM_PT_PCR property, // IN: the starting PCR property + UINT32 count, // IN: count of returned properties + TPML_TAGGED_PCR_PROPERTY *select // OUT: PCR select +); + +//*** PCRCapGetHandles() +// This function is used to get a list of handles of PCR, started from 'handle'. +// If 'handle' exceeds the maximum PCR handle range, an empty list will be +// returned and the return value will be NO. +// Return Type: TPMI_YES_NO +// YES if there are more handles available +// NO all the available handles has been returned +TPMI_YES_NO +PCRCapGetHandles( + TPMI_DH_PCR handle, // IN: start handle + UINT32 count, // IN: count of returned handles + TPML_HANDLE *handleList // OUT: list of handle +); + +#endif // _PCR_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PP_Commands_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PP_Commands_fp.h new file mode 100644 index 000000000..3b67af02c --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PP_Commands_fp.h @@ -0,0 +1,64 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_PP_Commands // Command must be enabled + +#ifndef _PP_Commands_FP_H_ +#define _PP_Commands_FP_H_ + +// Input structure definition +typedef struct { + TPMI_RH_PLATFORM auth; + TPML_CC setList; + TPML_CC clearList; +} PP_Commands_In; + +// Response code modifiers +#define RC_PP_Commands_auth (TPM_RC_H + TPM_RC_1) +#define RC_PP_Commands_setList (TPM_RC_P + TPM_RC_1) +#define RC_PP_Commands_clearList (TPM_RC_P + TPM_RC_2) + +// Function prototype +TPM_RC +TPM2_PP_Commands( + PP_Commands_In *in +); + +#endif // _PP_Commands_FP_H_ +#endif // CC_PP_Commands diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PP_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PP_fp.h new file mode 100644 index 000000000..9cf046c35 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PP_fp.h @@ -0,0 +1,98 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Mar 28, 2019 Time: 08:25:19PM + */ + +#ifndef _PP_FP_H_ +#define _PP_FP_H_ + +//*** PhysicalPresencePreInstall_Init() +// This function is used to initialize the array of commands that always require +// confirmation with physical presence. The array is an array of bits that +// has a correspondence with the command code. +// +// This command should only ever be executable in a manufacturing setting or in +// a simulation. +// +// When set, these cannot be cleared. +// +void +PhysicalPresencePreInstall_Init( + void +); + +//*** PhysicalPresenceCommandSet() +// This function is used to set the indicator that a command requires +// PP confirmation. +void +PhysicalPresenceCommandSet( + TPM_CC commandCode // IN: command code +); + +//*** PhysicalPresenceCommandClear() +// This function is used to clear the indicator that a command requires PP +// confirmation. +void +PhysicalPresenceCommandClear( + TPM_CC commandCode // IN: command code +); + +//*** PhysicalPresenceIsRequired() +// This function indicates if PP confirmation is required for a command. +// Return Type: BOOL +// TRUE(1) physical presence is required +// FALSE(0) physical presence is not required +BOOL +PhysicalPresenceIsRequired( + COMMAND_INDEX commandIndex // IN: command index +); + +//*** PhysicalPresenceCapGetCCList() +// This function returns a list of commands that require PP confirmation. The +// list starts from the first implemented command that has a command code that +// the same or greater than 'commandCode'. +// Return Type: TPMI_YES_NO +// YES if there are more command codes available +// NO all the available command codes have been returned +TPMI_YES_NO +PhysicalPresenceCapGetCCList( + TPM_CC commandCode, // IN: start command code + UINT32 count, // IN: count of returned TPM_CC + TPML_CC *commandList // OUT: list of TPM_CC +); + +#endif // _PP_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyAuthValue_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyAuthValue_fp.h new file mode 100644 index 000000000..c78db8f2e --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyAuthValue_fp.h @@ -0,0 +1,60 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_PolicyAuthValue // Command must be enabled + +#ifndef _Policy_Auth_Value_FP_H_ +#define _Policy_Auth_Value_FP_H_ + +// Input structure definition +typedef struct { + TPMI_SH_POLICY policySession; +} PolicyAuthValue_In; + +// Response code modifiers +#define RC_PolicyAuthValue_policySession (TPM_RC_H + TPM_RC_1) + +// Function prototype +TPM_RC +TPM2_PolicyAuthValue( + PolicyAuthValue_In *in +); + +#endif // _Policy_Auth_Value_FP_H_ +#endif // CC_PolicyAuthValue diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyAuthorizeNV_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyAuthorizeNV_fp.h new file mode 100644 index 000000000..77b2fa4c7 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyAuthorizeNV_fp.h @@ -0,0 +1,64 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_PolicyAuthorizeNV // Command must be enabled + +#ifndef _Policy_Authorize_NV_FP_H_ +#define _Policy_Authorize_NV_FP_H_ + +// Input structure definition +typedef struct { + TPMI_RH_NV_AUTH authHandle; + TPMI_RH_NV_INDEX nvIndex; + TPMI_SH_POLICY policySession; +} PolicyAuthorizeNV_In; + +// Response code modifiers +#define RC_PolicyAuthorizeNV_authHandle (TPM_RC_H + TPM_RC_1) +#define RC_PolicyAuthorizeNV_nvIndex (TPM_RC_H + TPM_RC_2) +#define RC_PolicyAuthorizeNV_policySession (TPM_RC_H + TPM_RC_3) + +// Function prototype +TPM_RC +TPM2_PolicyAuthorizeNV( + PolicyAuthorizeNV_In *in +); + +#endif // _Policy_Authorize_NV_FP_H_ +#endif // CC_PolicyAuthorizeNV diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyAuthorize_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyAuthorize_fp.h new file mode 100644 index 000000000..3f3a9ffd3 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyAuthorize_fp.h @@ -0,0 +1,68 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_PolicyAuthorize // Command must be enabled + +#ifndef _Policy_Authorize_FP_H_ +#define _Policy_Authorize_FP_H_ + +// Input structure definition +typedef struct { + TPMI_SH_POLICY policySession; + TPM2B_DIGEST approvedPolicy; + TPM2B_NONCE policyRef; + TPM2B_NAME keySign; + TPMT_TK_VERIFIED checkTicket; +} PolicyAuthorize_In; + +// Response code modifiers +#define RC_PolicyAuthorize_policySession (TPM_RC_H + TPM_RC_1) +#define RC_PolicyAuthorize_approvedPolicy (TPM_RC_P + TPM_RC_1) +#define RC_PolicyAuthorize_policyRef (TPM_RC_P + TPM_RC_2) +#define RC_PolicyAuthorize_keySign (TPM_RC_P + TPM_RC_3) +#define RC_PolicyAuthorize_checkTicket (TPM_RC_P + TPM_RC_4) + +// Function prototype +TPM_RC +TPM2_PolicyAuthorize( + PolicyAuthorize_In *in +); + +#endif // _Policy_Authorize_FP_H_ +#endif // CC_PolicyAuthorize diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyCommandCode_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyCommandCode_fp.h new file mode 100644 index 000000000..565fb6455 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyCommandCode_fp.h @@ -0,0 +1,62 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_PolicyCommandCode // Command must be enabled + +#ifndef _Policy_Command_Code_FP_H_ +#define _Policy_Command_Code_FP_H_ + +// Input structure definition +typedef struct { + TPMI_SH_POLICY policySession; + TPM_CC code; +} PolicyCommandCode_In; + +// Response code modifiers +#define RC_PolicyCommandCode_policySession (TPM_RC_H + TPM_RC_1) +#define RC_PolicyCommandCode_code (TPM_RC_P + TPM_RC_1) + +// Function prototype +TPM_RC +TPM2_PolicyCommandCode( + PolicyCommandCode_In *in +); + +#endif // _Policy_Command_Code_FP_H_ +#endif // CC_PolicyCommandCode diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyCounterTimer_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyCounterTimer_fp.h new file mode 100644 index 000000000..060a07105 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyCounterTimer_fp.h @@ -0,0 +1,66 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_PolicyCounterTimer // Command must be enabled + +#ifndef _Policy_Counter_Timer_FP_H_ +#define _Policy_Counter_Timer_FP_H_ + +// Input structure definition +typedef struct { + TPMI_SH_POLICY policySession; + TPM2B_OPERAND operandB; + UINT16 offset; + TPM_EO operation; +} PolicyCounterTimer_In; + +// Response code modifiers +#define RC_PolicyCounterTimer_policySession (TPM_RC_H + TPM_RC_1) +#define RC_PolicyCounterTimer_operandB (TPM_RC_P + TPM_RC_1) +#define RC_PolicyCounterTimer_offset (TPM_RC_P + TPM_RC_2) +#define RC_PolicyCounterTimer_operation (TPM_RC_P + TPM_RC_3) + +// Function prototype +TPM_RC +TPM2_PolicyCounterTimer( + PolicyCounterTimer_In *in +); + +#endif // _Policy_Counter_Timer_FP_H_ +#endif // CC_PolicyCounterTimer diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyCpHash_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyCpHash_fp.h new file mode 100644 index 000000000..788fb429e --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyCpHash_fp.h @@ -0,0 +1,62 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_PolicyCpHash // Command must be enabled + +#ifndef _Policy_Cp_Hash_FP_H_ +#define _Policy_Cp_Hash_FP_H_ + +// Input structure definition +typedef struct { + TPMI_SH_POLICY policySession; + TPM2B_DIGEST cpHashA; +} PolicyCpHash_In; + +// Response code modifiers +#define RC_PolicyCpHash_policySession (TPM_RC_H + TPM_RC_1) +#define RC_PolicyCpHash_cpHashA (TPM_RC_P + TPM_RC_1) + +// Function prototype +TPM_RC +TPM2_PolicyCpHash( + PolicyCpHash_In *in +); + +#endif // _Policy_Cp_Hash_FP_H_ +#endif // CC_PolicyCpHash diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyDuplicationSelect_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyDuplicationSelect_fp.h new file mode 100644 index 000000000..17e161c29 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyDuplicationSelect_fp.h @@ -0,0 +1,66 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_PolicyDuplicationSelect // Command must be enabled + +#ifndef _Policy_Duplication_Select_FP_H_ +#define _Policy_Duplication_Select_FP_H_ + +// Input structure definition +typedef struct { + TPMI_SH_POLICY policySession; + TPM2B_NAME objectName; + TPM2B_NAME newParentName; + TPMI_YES_NO includeObject; +} PolicyDuplicationSelect_In; + +// Response code modifiers +#define RC_PolicyDuplicationSelect_policySession (TPM_RC_H + TPM_RC_1) +#define RC_PolicyDuplicationSelect_objectName (TPM_RC_P + TPM_RC_1) +#define RC_PolicyDuplicationSelect_newParentName (TPM_RC_P + TPM_RC_2) +#define RC_PolicyDuplicationSelect_includeObject (TPM_RC_P + TPM_RC_3) + +// Function prototype +TPM_RC +TPM2_PolicyDuplicationSelect( + PolicyDuplicationSelect_In *in +); + +#endif // _Policy_Duplication_Select_FP_H_ +#endif // CC_PolicyDuplicationSelect diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyGetDigest_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyGetDigest_fp.h new file mode 100644 index 000000000..848bd2fe7 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyGetDigest_fp.h @@ -0,0 +1,66 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_PolicyGetDigest // Command must be enabled + +#ifndef _Policy_Get_Digest_FP_H_ +#define _Policy_Get_Digest_FP_H_ + +// Input structure definition +typedef struct { + TPMI_SH_POLICY policySession; +} PolicyGetDigest_In; + +// Output structure definition +typedef struct { + TPM2B_DIGEST policyDigest; +} PolicyGetDigest_Out; + +// Response code modifiers +#define RC_PolicyGetDigest_policySession (TPM_RC_H + TPM_RC_1) + +// Function prototype +TPM_RC +TPM2_PolicyGetDigest( + PolicyGetDigest_In *in, + PolicyGetDigest_Out *out +); + +#endif // _Policy_Get_Digest_FP_H_ +#endif // CC_PolicyGetDigest diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyLocality_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyLocality_fp.h new file mode 100644 index 000000000..ef45ed684 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyLocality_fp.h @@ -0,0 +1,62 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_PolicyLocality // Command must be enabled + +#ifndef _Policy_Locality_FP_H_ +#define _Policy_Locality_FP_H_ + +// Input structure definition +typedef struct { + TPMI_SH_POLICY policySession; + TPMA_LOCALITY locality; +} PolicyLocality_In; + +// Response code modifiers +#define RC_PolicyLocality_policySession (TPM_RC_H + TPM_RC_1) +#define RC_PolicyLocality_locality (TPM_RC_P + TPM_RC_1) + +// Function prototype +TPM_RC +TPM2_PolicyLocality( + PolicyLocality_In *in +); + +#endif // _Policy_Locality_FP_H_ +#endif // CC_PolicyLocality diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyNV_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyNV_fp.h new file mode 100644 index 000000000..b16beda8f --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyNV_fp.h @@ -0,0 +1,70 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_PolicyNV // Command must be enabled + +#ifndef _Policy_NV_FP_H_ +#define _Policy_NV_FP_H_ + +// Input structure definition +typedef struct { + TPMI_RH_NV_AUTH authHandle; + TPMI_RH_NV_INDEX nvIndex; + TPMI_SH_POLICY policySession; + TPM2B_OPERAND operandB; + UINT16 offset; + TPM_EO operation; +} PolicyNV_In; + +// Response code modifiers +#define RC_PolicyNV_authHandle (TPM_RC_H + TPM_RC_1) +#define RC_PolicyNV_nvIndex (TPM_RC_H + TPM_RC_2) +#define RC_PolicyNV_policySession (TPM_RC_H + TPM_RC_3) +#define RC_PolicyNV_operandB (TPM_RC_P + TPM_RC_1) +#define RC_PolicyNV_offset (TPM_RC_P + TPM_RC_2) +#define RC_PolicyNV_operation (TPM_RC_P + TPM_RC_3) + +// Function prototype +TPM_RC +TPM2_PolicyNV( + PolicyNV_In *in +); + +#endif // _Policy_NV_FP_H_ +#endif // CC_PolicyNV diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyNameHash_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyNameHash_fp.h new file mode 100644 index 000000000..3e3ae8d8c --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyNameHash_fp.h @@ -0,0 +1,62 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_PolicyNameHash // Command must be enabled + +#ifndef _Policy_Name_Hash_FP_H_ +#define _Policy_Name_Hash_FP_H_ + +// Input structure definition +typedef struct { + TPMI_SH_POLICY policySession; + TPM2B_DIGEST nameHash; +} PolicyNameHash_In; + +// Response code modifiers +#define RC_PolicyNameHash_policySession (TPM_RC_H + TPM_RC_1) +#define RC_PolicyNameHash_nameHash (TPM_RC_P + TPM_RC_1) + +// Function prototype +TPM_RC +TPM2_PolicyNameHash( + PolicyNameHash_In *in +); + +#endif // _Policy_Name_Hash_FP_H_ +#endif // CC_PolicyNameHash diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyNvWritten_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyNvWritten_fp.h new file mode 100644 index 000000000..2f5ba18f4 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyNvWritten_fp.h @@ -0,0 +1,62 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_PolicyNvWritten // Command must be enabled + +#ifndef _Policy_Nv_Written_FP_H_ +#define _Policy_Nv_Written_FP_H_ + +// Input structure definition +typedef struct { + TPMI_SH_POLICY policySession; + TPMI_YES_NO writtenSet; +} PolicyNvWritten_In; + +// Response code modifiers +#define RC_PolicyNvWritten_policySession (TPM_RC_H + TPM_RC_1) +#define RC_PolicyNvWritten_writtenSet (TPM_RC_P + TPM_RC_1) + +// Function prototype +TPM_RC +TPM2_PolicyNvWritten( + PolicyNvWritten_In *in +); + +#endif // _Policy_Nv_Written_FP_H_ +#endif // CC_PolicyNvWritten diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyOR_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyOR_fp.h new file mode 100644 index 000000000..9db3808c2 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyOR_fp.h @@ -0,0 +1,62 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_PolicyOR // Command must be enabled + +#ifndef _Policy_OR_FP_H_ +#define _Policy_OR_FP_H_ + +// Input structure definition +typedef struct { + TPMI_SH_POLICY policySession; + TPML_DIGEST pHashList; +} PolicyOR_In; + +// Response code modifiers +#define RC_PolicyOR_policySession (TPM_RC_H + TPM_RC_1) +#define RC_PolicyOR_pHashList (TPM_RC_P + TPM_RC_1) + +// Function prototype +TPM_RC +TPM2_PolicyOR( + PolicyOR_In *in +); + +#endif // _Policy_OR_FP_H_ +#endif // CC_PolicyOR diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyPCR_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyPCR_fp.h new file mode 100644 index 000000000..c5f2940f7 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyPCR_fp.h @@ -0,0 +1,64 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_PolicyPCR // Command must be enabled + +#ifndef _Policy_PCR_FP_H_ +#define _Policy_PCR_FP_H_ + +// Input structure definition +typedef struct { + TPMI_SH_POLICY policySession; + TPM2B_DIGEST pcrDigest; + TPML_PCR_SELECTION pcrs; +} PolicyPCR_In; + +// Response code modifiers +#define RC_PolicyPCR_policySession (TPM_RC_H + TPM_RC_1) +#define RC_PolicyPCR_pcrDigest (TPM_RC_P + TPM_RC_1) +#define RC_PolicyPCR_pcrs (TPM_RC_P + TPM_RC_2) + +// Function prototype +TPM_RC +TPM2_PolicyPCR( + PolicyPCR_In *in +); + +#endif // _Policy_PCR_FP_H_ +#endif // CC_PolicyPCR diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyPassword_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyPassword_fp.h new file mode 100644 index 000000000..712d051e3 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyPassword_fp.h @@ -0,0 +1,60 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_PolicyPassword // Command must be enabled + +#ifndef _Policy_Password_FP_H_ +#define _Policy_Password_FP_H_ + +// Input structure definition +typedef struct { + TPMI_SH_POLICY policySession; +} PolicyPassword_In; + +// Response code modifiers +#define RC_PolicyPassword_policySession (TPM_RC_H + TPM_RC_1) + +// Function prototype +TPM_RC +TPM2_PolicyPassword( + PolicyPassword_In *in +); + +#endif // _Policy_Password_FP_H_ +#endif // CC_PolicyPassword diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyPhysicalPresence_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyPhysicalPresence_fp.h new file mode 100644 index 000000000..54d5b4004 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyPhysicalPresence_fp.h @@ -0,0 +1,60 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_PolicyPhysicalPresence // Command must be enabled + +#ifndef _Policy_Physical_Presence_FP_H_ +#define _Policy_Physical_Presence_FP_H_ + +// Input structure definition +typedef struct { + TPMI_SH_POLICY policySession; +} PolicyPhysicalPresence_In; + +// Response code modifiers +#define RC_PolicyPhysicalPresence_policySession (TPM_RC_H + TPM_RC_1) + +// Function prototype +TPM_RC +TPM2_PolicyPhysicalPresence( + PolicyPhysicalPresence_In *in +); + +#endif // _Policy_Physical_Presence_FP_H_ +#endif // CC_PolicyPhysicalPresence diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyRestart_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyRestart_fp.h new file mode 100644 index 000000000..5716be52a --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyRestart_fp.h @@ -0,0 +1,60 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_PolicyRestart // Command must be enabled + +#ifndef _Policy_Restart_FP_H_ +#define _Policy_Restart_FP_H_ + +// Input structure definition +typedef struct { + TPMI_SH_POLICY sessionHandle; +} PolicyRestart_In; + +// Response code modifiers +#define RC_PolicyRestart_sessionHandle (TPM_RC_H + TPM_RC_1) + +// Function prototype +TPM_RC +TPM2_PolicyRestart( + PolicyRestart_In *in +); + +#endif // _Policy_Restart_FP_H_ +#endif // CC_PolicyRestart diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicySecret_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicySecret_fp.h new file mode 100644 index 000000000..fb944da09 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicySecret_fp.h @@ -0,0 +1,77 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_PolicySecret // Command must be enabled + +#ifndef _Policy_Secret_FP_H_ +#define _Policy_Secret_FP_H_ + +// Input structure definition +typedef struct { + TPMI_DH_ENTITY authHandle; + TPMI_SH_POLICY policySession; + TPM2B_NONCE nonceTPM; + TPM2B_DIGEST cpHashA; + TPM2B_NONCE policyRef; + INT32 expiration; +} PolicySecret_In; + +// Output structure definition +typedef struct { + TPM2B_TIMEOUT timeout; + TPMT_TK_AUTH policyTicket; +} PolicySecret_Out; + +// Response code modifiers +#define RC_PolicySecret_authHandle (TPM_RC_H + TPM_RC_1) +#define RC_PolicySecret_policySession (TPM_RC_H + TPM_RC_2) +#define RC_PolicySecret_nonceTPM (TPM_RC_P + TPM_RC_1) +#define RC_PolicySecret_cpHashA (TPM_RC_P + TPM_RC_2) +#define RC_PolicySecret_policyRef (TPM_RC_P + TPM_RC_3) +#define RC_PolicySecret_expiration (TPM_RC_P + TPM_RC_4) + +// Function prototype +TPM_RC +TPM2_PolicySecret( + PolicySecret_In *in, + PolicySecret_Out *out +); + +#endif // _Policy_Secret_FP_H_ +#endif // CC_PolicySecret diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicySigned_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicySigned_fp.h new file mode 100644 index 000000000..f25ca6ee9 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicySigned_fp.h @@ -0,0 +1,79 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_PolicySigned // Command must be enabled + +#ifndef _Policy_Signed_FP_H_ +#define _Policy_Signed_FP_H_ + +// Input structure definition +typedef struct { + TPMI_DH_OBJECT authObject; + TPMI_SH_POLICY policySession; + TPM2B_NONCE nonceTPM; + TPM2B_DIGEST cpHashA; + TPM2B_NONCE policyRef; + INT32 expiration; + TPMT_SIGNATURE auth; +} PolicySigned_In; + +// Output structure definition +typedef struct { + TPM2B_TIMEOUT timeout; + TPMT_TK_AUTH policyTicket; +} PolicySigned_Out; + +// Response code modifiers +#define RC_PolicySigned_authObject (TPM_RC_H + TPM_RC_1) +#define RC_PolicySigned_policySession (TPM_RC_H + TPM_RC_2) +#define RC_PolicySigned_nonceTPM (TPM_RC_P + TPM_RC_1) +#define RC_PolicySigned_cpHashA (TPM_RC_P + TPM_RC_2) +#define RC_PolicySigned_policyRef (TPM_RC_P + TPM_RC_3) +#define RC_PolicySigned_expiration (TPM_RC_P + TPM_RC_4) +#define RC_PolicySigned_auth (TPM_RC_P + TPM_RC_5) + +// Function prototype +TPM_RC +TPM2_PolicySigned( + PolicySigned_In *in, + PolicySigned_Out *out +); + +#endif // _Policy_Signed_FP_H_ +#endif // CC_PolicySigned diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyTemplate_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyTemplate_fp.h new file mode 100644 index 000000000..2e724d78c --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyTemplate_fp.h @@ -0,0 +1,62 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_PolicyTemplate // Command must be enabled + +#ifndef _Policy_Template_FP_H_ +#define _Policy_Template_FP_H_ + +// Input structure definition +typedef struct { + TPMI_SH_POLICY policySession; + TPM2B_DIGEST templateHash; +} PolicyTemplate_In; + +// Response code modifiers +#define RC_PolicyTemplate_policySession (TPM_RC_H + TPM_RC_1) +#define RC_PolicyTemplate_templateHash (TPM_RC_P + TPM_RC_1) + +// Function prototype +TPM_RC +TPM2_PolicyTemplate( + PolicyTemplate_In *in +); + +#endif // _Policy_Template_FP_H_ +#endif // CC_PolicyTemplate diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyTicket_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyTicket_fp.h new file mode 100644 index 000000000..74dfccb5a --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyTicket_fp.h @@ -0,0 +1,70 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_PolicyTicket // Command must be enabled + +#ifndef _Policy_Ticket_FP_H_ +#define _Policy_Ticket_FP_H_ + +// Input structure definition +typedef struct { + TPMI_SH_POLICY policySession; + TPM2B_TIMEOUT timeout; + TPM2B_DIGEST cpHashA; + TPM2B_NONCE policyRef; + TPM2B_NAME authName; + TPMT_TK_AUTH ticket; +} PolicyTicket_In; + +// Response code modifiers +#define RC_PolicyTicket_policySession (TPM_RC_H + TPM_RC_1) +#define RC_PolicyTicket_timeout (TPM_RC_P + TPM_RC_1) +#define RC_PolicyTicket_cpHashA (TPM_RC_P + TPM_RC_2) +#define RC_PolicyTicket_policyRef (TPM_RC_P + TPM_RC_3) +#define RC_PolicyTicket_authName (TPM_RC_P + TPM_RC_4) +#define RC_PolicyTicket_ticket (TPM_RC_P + TPM_RC_5) + +// Function prototype +TPM_RC +TPM2_PolicyTicket( + PolicyTicket_In *in +); + +#endif // _Policy_Ticket_FP_H_ +#endif // CC_PolicyTicket diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Policy_AC_SendSelect_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Policy_AC_SendSelect_fp.h new file mode 100644 index 000000000..316ee7a3b --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Policy_AC_SendSelect_fp.h @@ -0,0 +1,68 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_Policy_AC_SendSelect // Command must be enabled + +#ifndef _Policy_AC_Send_Select_FP_H_ +#define _Policy_AC_Send_Select_FP_H_ + +// Input structure definition +typedef struct { + TPMI_SH_POLICY policySession; + TPM2B_NAME objectName; + TPM2B_NAME authHandleName; + TPM2B_NAME acName; + TPMI_YES_NO includeObject; +} Policy_AC_SendSelect_In; + +// Response code modifiers +#define RC_Policy_AC_SendSelect_policySession (TPM_RC_H + TPM_RC_1) +#define RC_Policy_AC_SendSelect_objectName (TPM_RC_P + TPM_RC_1) +#define RC_Policy_AC_SendSelect_authHandleName (TPM_RC_P + TPM_RC_2) +#define RC_Policy_AC_SendSelect_acName (TPM_RC_P + TPM_RC_3) +#define RC_Policy_AC_SendSelect_includeObject (TPM_RC_P + TPM_RC_4) + +// Function prototype +TPM_RC +TPM2_Policy_AC_SendSelect( + Policy_AC_SendSelect_In *in +); + +#endif // _Policy_AC_Send_Select_FP_H_ +#endif // CC_Policy_AC_SendSelect diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Policy_spt_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Policy_spt_fp.h new file mode 100644 index 000000000..21717a68d --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Policy_spt_fp.h @@ -0,0 +1,102 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Mar 28, 2019 Time: 08:25:18PM + */ + +#ifndef _POLICY_SPT_FP_H_ +#define _POLICY_SPT_FP_H_ + +//** Functions +//*** PolicyParameterChecks() +// This function validates the common parameters of TPM2_PolicySiged() +// and TPM2_PolicySecret(). The common parameters are 'nonceTPM', +// 'expiration', and 'cpHashA'. +TPM_RC +PolicyParameterChecks( + SESSION *session, + UINT64 authTimeout, + TPM2B_DIGEST *cpHashA, + TPM2B_NONCE *nonce, + TPM_RC blameNonce, + TPM_RC blameCpHash, + TPM_RC blameExpiration +); + +//*** PolicyContextUpdate() +// Update policy hash +// Update the policyDigest in policy session by extending policyRef and +// objectName to it. This will also update the cpHash if it is present. +// Return Type: void +void +PolicyContextUpdate( + TPM_CC commandCode, // IN: command code + TPM2B_NAME *name, // IN: name of entity + TPM2B_NONCE *ref, // IN: the reference data + TPM2B_DIGEST *cpHash, // IN: the cpHash (optional) + UINT64 policyTimeout, // IN: the timeout value for the policy + SESSION *session // IN/OUT: policy session to be updated +); + +//*** ComputeAuthTimeout() +// This function is used to determine what the authorization timeout value for +// the session should be. +UINT64 +ComputeAuthTimeout( + SESSION *session, // IN: the session containing the time + // values + INT32 expiration, // IN: either the number of seconds from + // the start of the session or the + // time in g_timer; + TPM2B_NONCE *nonce // IN: indicator of the time base +); + +//*** PolicyDigestClear() +// Function to reset the policyDigest of a session +void +PolicyDigestClear( + SESSION *session +); + +BOOL +PolicySptCheckCondition( + TPM_EO operation, + BYTE *opA, + BYTE *opB, + UINT16 size +); + +#endif // _POLICY_SPT_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Power_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Power_fp.h new file mode 100644 index 000000000..e6941a062 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Power_fp.h @@ -0,0 +1,69 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Apr 2, 2019 Time: 11:00:49AM + */ + +#ifndef _POWER_FP_H_ +#define _POWER_FP_H_ + +//*** TPMInit() +// This function is used to process a power on event. +void +TPMInit( + void +); + +//*** TPMRegisterStartup() +// This function registers the fact that the TPM has been initialized +// (a TPM2_Startup() has completed successfully). +BOOL +TPMRegisterStartup( + void +); + +//*** TPMIsStarted() +// Indicates if the TPM has been initialized (a TPM2_Startup() has completed +// successfully after a _TPM_Init). +// Return Type: BOOL +// TRUE(1) TPM has been initialized +// FALSE(0) TPM has not been initialized +BOOL +TPMIsStarted( + void +); + +#endif // _POWER_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PropertyCap_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PropertyCap_fp.h new file mode 100644 index 000000000..20e6ff8f5 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PropertyCap_fp.h @@ -0,0 +1,59 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Mar 28, 2019 Time: 08:25:19PM + */ + +#ifndef _PROPERTY_CAP_FP_H_ +#define _PROPERTY_CAP_FP_H_ + +//*** TPMCapGetProperties() +// This function is used to get the TPM_PT values. The search of properties will +// start at 'property' and continue until 'propertyList' has as many values as +// will fit, or the last property has been reported, or the list has as many +// values as requested in 'count'. +// Return Type: TPMI_YES_NO +// YES more properties are available +// NO no more properties to be reported +TPMI_YES_NO +TPMCapGetProperties( + TPM_PT property, // IN: the starting TPM property + UINT32 count, // IN: maximum number of returned + // properties + TPML_TAGGED_TPM_PROPERTY *propertyList // OUT: property list +); + +#endif // _PROPERTY_CAP_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Quote_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Quote_fp.h new file mode 100644 index 000000000..3d9e49c2e --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Quote_fp.h @@ -0,0 +1,73 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_Quote // Command must be enabled + +#ifndef _Quote_FP_H_ +#define _Quote_FP_H_ + +// Input structure definition +typedef struct { + TPMI_DH_OBJECT signHandle; + TPM2B_DATA qualifyingData; + TPMT_SIG_SCHEME inScheme; + TPML_PCR_SELECTION PCRselect; +} Quote_In; + +// Output structure definition +typedef struct { + TPM2B_ATTEST quoted; + TPMT_SIGNATURE signature; +} Quote_Out; + +// Response code modifiers +#define RC_Quote_signHandle (TPM_RC_H + TPM_RC_1) +#define RC_Quote_qualifyingData (TPM_RC_P + TPM_RC_1) +#define RC_Quote_inScheme (TPM_RC_P + TPM_RC_2) +#define RC_Quote_PCRselect (TPM_RC_P + TPM_RC_3) + +// Function prototype +TPM_RC +TPM2_Quote( + Quote_In *in, + Quote_Out *out +); + +#endif // _Quote_FP_H_ +#endif // CC_Quote diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/RSA_Decrypt_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/RSA_Decrypt_fp.h new file mode 100644 index 000000000..edcc718f9 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/RSA_Decrypt_fp.h @@ -0,0 +1,72 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_RSA_Decrypt // Command must be enabled + +#ifndef _RSA_Decrypt_FP_H_ +#define _RSA_Decrypt_FP_H_ + +// Input structure definition +typedef struct { + TPMI_DH_OBJECT keyHandle; + TPM2B_PUBLIC_KEY_RSA cipherText; + TPMT_RSA_DECRYPT inScheme; + TPM2B_DATA label; +} RSA_Decrypt_In; + +// Output structure definition +typedef struct { + TPM2B_PUBLIC_KEY_RSA message; +} RSA_Decrypt_Out; + +// Response code modifiers +#define RC_RSA_Decrypt_keyHandle (TPM_RC_H + TPM_RC_1) +#define RC_RSA_Decrypt_cipherText (TPM_RC_P + TPM_RC_1) +#define RC_RSA_Decrypt_inScheme (TPM_RC_P + TPM_RC_2) +#define RC_RSA_Decrypt_label (TPM_RC_P + TPM_RC_3) + +// Function prototype +TPM_RC +TPM2_RSA_Decrypt( + RSA_Decrypt_In *in, + RSA_Decrypt_Out *out +); + +#endif // _RSA_Decrypt_FP_H_ +#endif // CC_RSA_Decrypt diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/RSA_Encrypt_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/RSA_Encrypt_fp.h new file mode 100644 index 000000000..807cc8a9a --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/RSA_Encrypt_fp.h @@ -0,0 +1,72 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_RSA_Encrypt // Command must be enabled + +#ifndef _RSA_Encrypt_FP_H_ +#define _RSA_Encrypt_FP_H_ + +// Input structure definition +typedef struct { + TPMI_DH_OBJECT keyHandle; + TPM2B_PUBLIC_KEY_RSA message; + TPMT_RSA_DECRYPT inScheme; + TPM2B_DATA label; +} RSA_Encrypt_In; + +// Output structure definition +typedef struct { + TPM2B_PUBLIC_KEY_RSA outData; +} RSA_Encrypt_Out; + +// Response code modifiers +#define RC_RSA_Encrypt_keyHandle (TPM_RC_H + TPM_RC_1) +#define RC_RSA_Encrypt_message (TPM_RC_P + TPM_RC_1) +#define RC_RSA_Encrypt_inScheme (TPM_RC_P + TPM_RC_2) +#define RC_RSA_Encrypt_label (TPM_RC_P + TPM_RC_3) + +// Function prototype +TPM_RC +TPM2_RSA_Encrypt( + RSA_Encrypt_In *in, + RSA_Encrypt_Out *out +); + +#endif // _RSA_Encrypt_FP_H_ +#endif // CC_RSA_Encrypt diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ReadClock_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ReadClock_fp.h new file mode 100644 index 000000000..101f7c187 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ReadClock_fp.h @@ -0,0 +1,58 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_ReadClock // Command must be enabled + +#ifndef _Read_Clock_FP_H_ +#define _Read_Clock_FP_H_ + +// Output structure definition +typedef struct { + TPMS_TIME_INFO currentTime; +} ReadClock_Out; + + +// Function prototype +TPM_RC +TPM2_ReadClock( + ReadClock_Out *out +); + +#endif // _Read_Clock_FP_H_ +#endif // CC_ReadClock diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ReadPublic_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ReadPublic_fp.h new file mode 100644 index 000000000..8d3a9930b --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ReadPublic_fp.h @@ -0,0 +1,68 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_ReadPublic // Command must be enabled + +#ifndef _Read_Public_FP_H_ +#define _Read_Public_FP_H_ + +// Input structure definition +typedef struct { + TPMI_DH_OBJECT objectHandle; +} ReadPublic_In; + +// Output structure definition +typedef struct { + TPM2B_PUBLIC outPublic; + TPM2B_NAME name; + TPM2B_NAME qualifiedName; +} ReadPublic_Out; + +// Response code modifiers +#define RC_ReadPublic_objectHandle (TPM_RC_H + TPM_RC_1) + +// Function prototype +TPM_RC +TPM2_ReadPublic( + ReadPublic_In *in, + ReadPublic_Out *out +); + +#endif // _Read_Public_FP_H_ +#endif // CC_ReadPublic diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ResponseCodeProcessing_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ResponseCodeProcessing_fp.h new file mode 100644 index 000000000..1beb94983 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ResponseCodeProcessing_fp.h @@ -0,0 +1,52 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Mar 28, 2019 Time: 08:25:19PM + */ + +#ifndef _RESPONSE_CODE_PROCESSING_FP_H_ +#define _RESPONSE_CODE_PROCESSING_FP_H_ + +//** RcSafeAddToResult() +// Adds a modifier to a response code as long as the response code allows a modifier +// and no modifier has already been added. +TPM_RC +RcSafeAddToResult( + TPM_RC responseCode, + TPM_RC modifier +); + +#endif // _RESPONSE_CODE_PROCESSING_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Response_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Response_fp.h new file mode 100644 index 000000000..551c2e13b --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Response_fp.h @@ -0,0 +1,53 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Mar 28, 2019 Time: 08:25:19PM + */ + +#ifndef _RESPONSE_FP_H_ +#define _RESPONSE_FP_H_ + +//** BuildResponseHeader() +// Adds the response header to the response. It will update command->parameterSize +// to indicate the total size of the response. +void +BuildResponseHeader( + COMMAND *command, // IN: main control structure + BYTE *buffer, // OUT: the output buffer + TPM_RC result // IN: the response code +); + +#endif // _RESPONSE_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Rewrap_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Rewrap_fp.h new file mode 100644 index 000000000..03942d3b6 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Rewrap_fp.h @@ -0,0 +1,75 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_Rewrap // Command must be enabled + +#ifndef _Rewrap_FP_H_ +#define _Rewrap_FP_H_ + +// Input structure definition +typedef struct { + TPMI_DH_OBJECT oldParent; + TPMI_DH_OBJECT newParent; + TPM2B_PRIVATE inDuplicate; + TPM2B_NAME name; + TPM2B_ENCRYPTED_SECRET inSymSeed; +} Rewrap_In; + +// Output structure definition +typedef struct { + TPM2B_PRIVATE outDuplicate; + TPM2B_ENCRYPTED_SECRET outSymSeed; +} Rewrap_Out; + +// Response code modifiers +#define RC_Rewrap_oldParent (TPM_RC_H + TPM_RC_1) +#define RC_Rewrap_newParent (TPM_RC_H + TPM_RC_2) +#define RC_Rewrap_inDuplicate (TPM_RC_P + TPM_RC_1) +#define RC_Rewrap_name (TPM_RC_P + TPM_RC_2) +#define RC_Rewrap_inSymSeed (TPM_RC_P + TPM_RC_3) + +// Function prototype +TPM_RC +TPM2_Rewrap( + Rewrap_In *in, + Rewrap_Out *out +); + +#endif // _Rewrap_FP_H_ +#endif // CC_Rewrap diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/RsaKeyCache_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/RsaKeyCache_fp.h new file mode 100644 index 000000000..9d21ac99e --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/RsaKeyCache_fp.h @@ -0,0 +1,65 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Mar 28, 2019 Time: 08:25:19PM + */ + +#ifndef _RSA_KEY_CACHE_FP_H_ +#define _RSA_KEY_CACHE_FP_H_ + +#if USE_RSA_KEY_CACHE + +//*** RsaKeyCacheControl() +// Used to enable and disable the RSA key cache. +LIB_EXPORT void +RsaKeyCacheControl( + int state +); + +//*** GetCachedRsaKey() +// Return Type: BOOL +// TRUE(1) key loaded +// FALSE(0) key not loaded +BOOL +GetCachedRsaKey( + TPMT_PUBLIC *publicArea, + TPMT_SENSITIVE *sensitive, + RAND_STATE *rand // IN: if not NULL, the deterministic + // RNG state +); +#endif // defined SIMULATION && defined USE_RSA_KEY_CACHE + +#endif // _RSA_KEY_CACHE_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/SelfTest_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/SelfTest_fp.h new file mode 100644 index 000000000..9557e1bf5 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/SelfTest_fp.h @@ -0,0 +1,60 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_SelfTest // Command must be enabled + +#ifndef _Self_Test_FP_H_ +#define _Self_Test_FP_H_ + +// Input structure definition +typedef struct { + TPMI_YES_NO fullTest; +} SelfTest_In; + +// Response code modifiers +#define RC_SelfTest_fullTest (TPM_RC_P + TPM_RC_1) + +// Function prototype +TPM_RC +TPM2_SelfTest( + SelfTest_In *in +); + +#endif // _Self_Test_FP_H_ +#endif // CC_SelfTest diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/SequenceComplete_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/SequenceComplete_fp.h new file mode 100644 index 000000000..48d73e72a --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/SequenceComplete_fp.h @@ -0,0 +1,71 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_SequenceComplete // Command must be enabled + +#ifndef _Sequence_Complete_FP_H_ +#define _Sequence_Complete_FP_H_ + +// Input structure definition +typedef struct { + TPMI_DH_OBJECT sequenceHandle; + TPM2B_MAX_BUFFER buffer; + TPMI_RH_HIERARCHY hierarchy; +} SequenceComplete_In; + +// Output structure definition +typedef struct { + TPM2B_DIGEST result; + TPMT_TK_HASHCHECK validation; +} SequenceComplete_Out; + +// Response code modifiers +#define RC_SequenceComplete_sequenceHandle (TPM_RC_H + TPM_RC_1) +#define RC_SequenceComplete_buffer (TPM_RC_P + TPM_RC_1) +#define RC_SequenceComplete_hierarchy (TPM_RC_P + TPM_RC_2) + +// Function prototype +TPM_RC +TPM2_SequenceComplete( + SequenceComplete_In *in, + SequenceComplete_Out *out +); + +#endif // _Sequence_Complete_FP_H_ +#endif // CC_SequenceComplete diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/SequenceUpdate_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/SequenceUpdate_fp.h new file mode 100644 index 000000000..6a31cc6e7 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/SequenceUpdate_fp.h @@ -0,0 +1,62 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_SequenceUpdate // Command must be enabled + +#ifndef _Sequence_Update_FP_H_ +#define _Sequence_Update_FP_H_ + +// Input structure definition +typedef struct { + TPMI_DH_OBJECT sequenceHandle; + TPM2B_MAX_BUFFER buffer; +} SequenceUpdate_In; + +// Response code modifiers +#define RC_SequenceUpdate_sequenceHandle (TPM_RC_H + TPM_RC_1) +#define RC_SequenceUpdate_buffer (TPM_RC_P + TPM_RC_1) + +// Function prototype +TPM_RC +TPM2_SequenceUpdate( + SequenceUpdate_In *in +); + +#endif // _Sequence_Update_FP_H_ +#endif // CC_SequenceUpdate diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/SessionProcess_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/SessionProcess_fp.h new file mode 100644 index 000000000..afaa64dab --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/SessionProcess_fp.h @@ -0,0 +1,123 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Mar 28, 2019 Time: 08:25:19PM + */ + +#ifndef _SESSION_PROCESS_FP_H_ +#define _SESSION_PROCESS_FP_H_ + +//*** IsDAExempted() +// This function indicates if a handle is exempted from DA logic. +// A handle is exempted if it is +// 1. a primary seed handle, +// 2. an object with noDA bit SET, +// 3. an NV Index with TPMA_NV_NO_DA bit SET, or +// 4. a PCR handle. +// +// Return Type: BOOL +// TRUE(1) handle is exempted from DA logic +// FALSE(0) handle is not exempted from DA logic +BOOL +IsDAExempted( + TPM_HANDLE handle // IN: entity handle +); + +//*** ClearCpRpHashes() +void +ClearCpRpHashes( + COMMAND *command +); + +//*** CompareNameHash() +// This function computes the name hash and compares it to the nameHash in the +// session data. +BOOL +CompareNameHash( + COMMAND *command, // IN: main parsing structure + SESSION *session // IN: session structure with nameHash +); + +//*** ParseSessionBuffer() +// This function is the entry function for command session processing. +// It iterates sessions in session area and reports if the required authorization +// has been properly provided. It also processes audit session and passes the +// information of encryption sessions to parameter encryption module. +// +// Return Type: TPM_RC +// various parsing failure or authorization failure +// +TPM_RC +ParseSessionBuffer( + COMMAND *command // IN: the structure that contains +); + +//*** CheckAuthNoSession() +// Function to process a command with no session associated. +// The function makes sure all the handles in the command require no authorization. +// +// Return Type: TPM_RC +// TPM_RC_AUTH_MISSING failure - one or more handles require +// authorization +TPM_RC +CheckAuthNoSession( + COMMAND *command // IN: command parsing structure +); + +//*** BuildResponseSession() +// Function to build Session buffer in a response. The authorization data is added +// to the end of command->responseBuffer. The size of the authorization area is +// accumulated in command->authSize. +// When this is called, command->responseBuffer is pointing at the next location +// in the response buffer to be filled. This is where the authorization sessions +// will go, if any. command->parameterSize is the number of bytes that have been +// marshaled as parameters in the output buffer. +void +BuildResponseSession( + COMMAND *command // IN: structure that has relevant command + // information +); + +//*** SessionRemoveAssociationToHandle() +// This function deals with the case where an entity associated with an authorization +// is deleted during command processing. The primary use of this is to support +// UndefineSpaceSpecial(). +void +SessionRemoveAssociationToHandle( + TPM_HANDLE handle +); + +#endif // _SESSION_PROCESS_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Session_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Session_fp.h new file mode 100644 index 000000000..3c8227a2c --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Session_fp.h @@ -0,0 +1,287 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Apr 2, 2019 Time: 04:06:42PM + */ + +#ifndef _SESSION_FP_H_ +#define _SESSION_FP_H_ + +//** Startup Function -- SessionStartup() +// This function initializes the session subsystem on TPM2_Startup(). +BOOL +SessionStartup( + STARTUP_TYPE type +); + +//*** SessionIsLoaded() +// This function test a session handle references a loaded session. The handle +// must have previously been checked to make sure that it is a valid handle for +// an authorization session. +// NOTE: A PWAP authorization does not have a session. +// +// Return Type: BOOL +// TRUE(1) session is loaded +// FALSE(0) session is not loaded +// +BOOL +SessionIsLoaded( + TPM_HANDLE handle // IN: session handle +); + +//*** SessionIsSaved() +// This function test a session handle references a saved session. The handle +// must have previously been checked to make sure that it is a valid handle for +// an authorization session. +// NOTE: An password authorization does not have a session. +// +// This function requires that the handle be a valid session handle. +// +// Return Type: BOOL +// TRUE(1) session is saved +// FALSE(0) session is not saved +// +BOOL +SessionIsSaved( + TPM_HANDLE handle // IN: session handle +); + +//*** SequenceNumberForSavedContextIsValid() +// This function validates that the sequence number and handle value within a +// saved context are valid. +BOOL +SequenceNumberForSavedContextIsValid( + TPMS_CONTEXT *context // IN: pointer to a context structure to be + // validated +); + +//*** SessionPCRValueIsCurrent() +// +// This function is used to check if PCR values have been updated since the +// last time they were checked in a policy session. +// +// This function requires the session is loaded. +// Return Type: BOOL +// TRUE(1) PCR value is current +// FALSE(0) PCR value is not current +BOOL +SessionPCRValueIsCurrent( + SESSION *session // IN: session structure +); + +//*** SessionGet() +// This function returns a pointer to the session object associated with a +// session handle. +// +// The function requires that the session is loaded. +SESSION * +SessionGet( + TPM_HANDLE handle // IN: session handle +); + +//*** SessionCreate() +// +// This function does the detailed work for starting an authorization session. +// This is done in a support routine rather than in the action code because +// the session management may differ in implementations. This implementation +// uses a fixed memory allocation to hold sessions and a fixed allocation +// to hold the contextID for the saved contexts. +// +// Return Type: TPM_RC +// TPM_RC_CONTEXT_GAP need to recycle sessions +// TPM_RC_SESSION_HANDLE active session space is full +// TPM_RC_SESSION_MEMORY loaded session space is full +TPM_RC +SessionCreate( + TPM_SE sessionType, // IN: the session type + TPMI_ALG_HASH authHash, // IN: the hash algorithm + TPM2B_NONCE *nonceCaller, // IN: initial nonceCaller + TPMT_SYM_DEF *symmetric, // IN: the symmetric algorithm + TPMI_DH_ENTITY bind, // IN: the bind object + TPM2B_DATA *seed, // IN: seed data + TPM_HANDLE *sessionHandle, // OUT: the session handle + TPM2B_NONCE *nonceTpm // OUT: the session nonce +); + +//*** SessionContextSave() +// This function is called when a session context is to be saved. The +// contextID of the saved session is returned. If no contextID can be +// assigned, then the routine returns TPM_RC_CONTEXT_GAP. +// If the function completes normally, the session slot will be freed. +// +// This function requires that 'handle' references a loaded session. +// Otherwise, it should not be called at the first place. +// +// Return Type: TPM_RC +// TPM_RC_CONTEXT_GAP a contextID could not be assigned. +// TPM_RC_TOO_MANY_CONTEXTSthe counter maxed out +// +TPM_RC +SessionContextSave( + TPM_HANDLE handle, // IN: session handle + CONTEXT_COUNTER *contextID // OUT: assigned contextID +); + +//*** SessionContextLoad() +// This function is used to load a session from saved context. The session +// handle must be for a saved context. +// +// If the gap is at a maximum, then the only session that can be loaded is +// the oldest session, otherwise TPM_RC_CONTEXT_GAP is returned. +/// +// This function requires that 'handle' references a valid saved session. +// +// Return Type: TPM_RC +// TPM_RC_SESSION_MEMORY no free session slots +// TPM_RC_CONTEXT_GAP the gap count is maximum and this +// is not the oldest saved context +// +TPM_RC +SessionContextLoad( + SESSION_BUF *session, // IN: session structure from saved context + TPM_HANDLE *handle // IN/OUT: session handle +); + +//*** SessionFlush() +// This function is used to flush a session referenced by its handle. If the +// session associated with 'handle' is loaded, the session array entry is +// marked as available. +// +// This function requires that 'handle' be a valid active session. +// +void +SessionFlush( + TPM_HANDLE handle // IN: loaded or saved session handle +); + +//*** SessionComputeBoundEntity() +// This function computes the binding value for a session. The binding value +// for a reserved handle is the handle itself. For all the other entities, +// the authValue at the time of binding is included to prevent squatting. +// For those values, the Name and the authValue are concatenated +// into the bind buffer. If they will not both fit, the will be overlapped +// by XORing bytes. If XOR is required, the bind value will be full. +void +SessionComputeBoundEntity( + TPMI_DH_ENTITY entityHandle, // IN: handle of entity + TPM2B_NAME *bind // OUT: binding value +); + +//*** SessionSetStartTime() +// This function is used to initialize the session timing +void +SessionSetStartTime( + SESSION *session // IN: the session to update +); + +//*** SessionResetPolicyData() +// This function is used to reset the policy data without changing the nonce +// or the start time of the session. +void +SessionResetPolicyData( + SESSION *session // IN: the session to reset +); + +//*** SessionCapGetLoaded() +// This function returns a list of handles of loaded session, started +// from input 'handle' +// +// 'Handle' must be in valid loaded session handle range, but does not +// have to point to a loaded session. +// Return Type: TPMI_YES_NO +// YES if there are more handles available +// NO all the available handles has been returned +TPMI_YES_NO +SessionCapGetLoaded( + TPMI_SH_POLICY handle, // IN: start handle + UINT32 count, // IN: count of returned handles + TPML_HANDLE *handleList // OUT: list of handle +); + +//*** SessionCapGetSaved() +// This function returns a list of handles for saved session, starting at +// 'handle'. +// +// 'Handle' must be in a valid handle range, but does not have to point to a +// saved session +// +// Return Type: TPMI_YES_NO +// YES if there are more handles available +// NO all the available handles has been returned +TPMI_YES_NO +SessionCapGetSaved( + TPMI_SH_HMAC handle, // IN: start handle + UINT32 count, // IN: count of returned handles + TPML_HANDLE *handleList // OUT: list of handle +); + +//*** SessionCapGetLoadedNumber() +// This function return the number of authorization sessions currently +// loaded into TPM RAM. +UINT32 +SessionCapGetLoadedNumber( + void +); + +//*** SessionCapGetLoadedAvail() +// This function returns the number of additional authorization sessions, of +// any type, that could be loaded into TPM RAM. +// NOTE: In other implementations, this number may just be an estimate. The only +// requirement for the estimate is, if it is one or more, then at least one +// session must be loadable. +UINT32 +SessionCapGetLoadedAvail( + void +); + +//*** SessionCapGetActiveNumber() +// This function returns the number of active authorization sessions currently +// being tracked by the TPM. +UINT32 +SessionCapGetActiveNumber( + void +); + +//*** SessionCapGetActiveAvail() +// This function returns the number of additional authorization sessions, of any +// type, that could be created. This not the number of slots for sessions, but +// the number of additional sessions that the TPM is capable of tracking. +UINT32 +SessionCapGetActiveAvail( + void +); + +#endif // _SESSION_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/SetAlgorithmSet_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/SetAlgorithmSet_fp.h new file mode 100644 index 000000000..ac1e3bdc1 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/SetAlgorithmSet_fp.h @@ -0,0 +1,62 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_SetAlgorithmSet // Command must be enabled + +#ifndef _Set_Algorithm_Set_FP_H_ +#define _Set_Algorithm_Set_FP_H_ + +// Input structure definition +typedef struct { + TPMI_RH_PLATFORM authHandle; + UINT32 algorithmSet; +} SetAlgorithmSet_In; + +// Response code modifiers +#define RC_SetAlgorithmSet_authHandle (TPM_RC_H + TPM_RC_1) +#define RC_SetAlgorithmSet_algorithmSet (TPM_RC_P + TPM_RC_1) + +// Function prototype +TPM_RC +TPM2_SetAlgorithmSet( + SetAlgorithmSet_In *in +); + +#endif // _Set_Algorithm_Set_FP_H_ +#endif // CC_SetAlgorithmSet diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/SetCommandCodeAuditStatus_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/SetCommandCodeAuditStatus_fp.h new file mode 100644 index 000000000..916aec6b4 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/SetCommandCodeAuditStatus_fp.h @@ -0,0 +1,66 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_SetCommandCodeAuditStatus // Command must be enabled + +#ifndef _Set_Command_Code_Audit_Status_FP_H_ +#define _Set_Command_Code_Audit_Status_FP_H_ + +// Input structure definition +typedef struct { + TPMI_RH_PROVISION auth; + TPMI_ALG_HASH auditAlg; + TPML_CC setList; + TPML_CC clearList; +} SetCommandCodeAuditStatus_In; + +// Response code modifiers +#define RC_SetCommandCodeAuditStatus_auth (TPM_RC_H + TPM_RC_1) +#define RC_SetCommandCodeAuditStatus_auditAlg (TPM_RC_P + TPM_RC_1) +#define RC_SetCommandCodeAuditStatus_setList (TPM_RC_P + TPM_RC_2) +#define RC_SetCommandCodeAuditStatus_clearList (TPM_RC_P + TPM_RC_3) + +// Function prototype +TPM_RC +TPM2_SetCommandCodeAuditStatus( + SetCommandCodeAuditStatus_In *in +); + +#endif // _Set_Command_Code_Audit_Status_FP_H_ +#endif // CC_SetCommandCodeAuditStatus diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/SetPrimaryPolicy_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/SetPrimaryPolicy_fp.h new file mode 100644 index 000000000..c0d23e0a4 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/SetPrimaryPolicy_fp.h @@ -0,0 +1,64 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_SetPrimaryPolicy // Command must be enabled + +#ifndef _Set_Primary_Policy_FP_H_ +#define _Set_Primary_Policy_FP_H_ + +// Input structure definition +typedef struct { + TPMI_RH_HIERARCHY_AUTH authHandle; + TPM2B_DIGEST authPolicy; + TPMI_ALG_HASH hashAlg; +} SetPrimaryPolicy_In; + +// Response code modifiers +#define RC_SetPrimaryPolicy_authHandle (TPM_RC_H + TPM_RC_1) +#define RC_SetPrimaryPolicy_authPolicy (TPM_RC_P + TPM_RC_1) +#define RC_SetPrimaryPolicy_hashAlg (TPM_RC_P + TPM_RC_2) + +// Function prototype +TPM_RC +TPM2_SetPrimaryPolicy( + SetPrimaryPolicy_In *in +); + +#endif // _Set_Primary_Policy_FP_H_ +#endif // CC_SetPrimaryPolicy diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Shutdown_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Shutdown_fp.h new file mode 100644 index 000000000..4bb93d716 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Shutdown_fp.h @@ -0,0 +1,60 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_Shutdown // Command must be enabled + +#ifndef _Shutdown_FP_H_ +#define _Shutdown_FP_H_ + +// Input structure definition +typedef struct { + TPM_SU shutdownType; +} Shutdown_In; + +// Response code modifiers +#define RC_Shutdown_shutdownType (TPM_RC_P + TPM_RC_1) + +// Function prototype +TPM_RC +TPM2_Shutdown( + Shutdown_In *in +); + +#endif // _Shutdown_FP_H_ +#endif // CC_Shutdown diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Sign_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Sign_fp.h new file mode 100644 index 000000000..0acab7ddd --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Sign_fp.h @@ -0,0 +1,72 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_Sign // Command must be enabled + +#ifndef _Sign_FP_H_ +#define _Sign_FP_H_ + +// Input structure definition +typedef struct { + TPMI_DH_OBJECT keyHandle; + TPM2B_DIGEST digest; + TPMT_SIG_SCHEME inScheme; + TPMT_TK_HASHCHECK validation; +} Sign_In; + +// Output structure definition +typedef struct { + TPMT_SIGNATURE signature; +} Sign_Out; + +// Response code modifiers +#define RC_Sign_keyHandle (TPM_RC_H + TPM_RC_1) +#define RC_Sign_digest (TPM_RC_P + TPM_RC_1) +#define RC_Sign_inScheme (TPM_RC_P + TPM_RC_2) +#define RC_Sign_validation (TPM_RC_P + TPM_RC_3) + +// Function prototype +TPM_RC +TPM2_Sign( + Sign_In *in, + Sign_Out *out +); + +#endif // _Sign_FP_H_ +#endif // CC_Sign diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/StartAuthSession_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/StartAuthSession_fp.h new file mode 100644 index 000000000..b1c9c778f --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/StartAuthSession_fp.h @@ -0,0 +1,79 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_StartAuthSession // Command must be enabled + +#ifndef _Start_Auth_Session_FP_H_ +#define _Start_Auth_Session_FP_H_ + +// Input structure definition +typedef struct { + TPMI_DH_OBJECT tpmKey; + TPMI_DH_ENTITY bind; + TPM2B_NONCE nonceCaller; + TPM2B_ENCRYPTED_SECRET encryptedSalt; + TPM_SE sessionType; + TPMT_SYM_DEF symmetric; + TPMI_ALG_HASH authHash; +} StartAuthSession_In; + +// Output structure definition +typedef struct { + TPMI_SH_AUTH_SESSION sessionHandle; + TPM2B_NONCE nonceTPM; +} StartAuthSession_Out; + +// Response code modifiers +#define RC_StartAuthSession_tpmKey (TPM_RC_H + TPM_RC_1) +#define RC_StartAuthSession_bind (TPM_RC_H + TPM_RC_2) +#define RC_StartAuthSession_nonceCaller (TPM_RC_P + TPM_RC_1) +#define RC_StartAuthSession_encryptedSalt (TPM_RC_P + TPM_RC_2) +#define RC_StartAuthSession_sessionType (TPM_RC_P + TPM_RC_3) +#define RC_StartAuthSession_symmetric (TPM_RC_P + TPM_RC_4) +#define RC_StartAuthSession_authHash (TPM_RC_P + TPM_RC_5) + +// Function prototype +TPM_RC +TPM2_StartAuthSession( + StartAuthSession_In *in, + StartAuthSession_Out *out +); + +#endif // _Start_Auth_Session_FP_H_ +#endif // CC_StartAuthSession diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Startup_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Startup_fp.h new file mode 100644 index 000000000..96f03e584 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Startup_fp.h @@ -0,0 +1,60 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_Startup // Command must be enabled + +#ifndef _Startup_FP_H_ +#define _Startup_FP_H_ + +// Input structure definition +typedef struct { + TPM_SU startupType; +} Startup_In; + +// Response code modifiers +#define RC_Startup_startupType (TPM_RC_P + TPM_RC_1) + +// Function prototype +TPM_RC +TPM2_Startup( + Startup_In *in +); + +#endif // _Startup_FP_H_ +#endif // CC_Startup diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/StirRandom_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/StirRandom_fp.h new file mode 100644 index 000000000..33b610a38 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/StirRandom_fp.h @@ -0,0 +1,60 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_StirRandom // Command must be enabled + +#ifndef _Stir_Random_FP_H_ +#define _Stir_Random_FP_H_ + +// Input structure definition +typedef struct { + TPM2B_SENSITIVE_DATA inData; +} StirRandom_In; + +// Response code modifiers +#define RC_StirRandom_inData (TPM_RC_P + TPM_RC_1) + +// Function prototype +TPM_RC +TPM2_StirRandom( + StirRandom_In *in +); + +#endif // _Stir_Random_FP_H_ +#endif // CC_StirRandom diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TestParms_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TestParms_fp.h new file mode 100644 index 000000000..78a66b82d --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TestParms_fp.h @@ -0,0 +1,60 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_TestParms // Command must be enabled + +#ifndef _Test_Parms_FP_H_ +#define _Test_Parms_FP_H_ + +// Input structure definition +typedef struct { + TPMT_PUBLIC_PARMS parameters; +} TestParms_In; + +// Response code modifiers +#define RC_TestParms_parameters (TPM_RC_P + TPM_RC_1) + +// Function prototype +TPM_RC +TPM2_TestParms( + TestParms_In *in +); + +#endif // _Test_Parms_FP_H_ +#endif // CC_TestParms diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Ticket_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Ticket_fp.h new file mode 100644 index 000000000..c18de287d --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Ticket_fp.h @@ -0,0 +1,101 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Mar 28, 2019 Time: 08:25:19PM + */ + +#ifndef _TICKET_FP_H_ +#define _TICKET_FP_H_ + +//*** TicketIsSafe() +// This function indicates if producing a ticket is safe. +// It checks if the leading bytes of an input buffer is TPM_GENERATED_VALUE +// or its substring of canonical form. If so, it is not safe to produce ticket +// for an input buffer claiming to be TPM generated buffer +// Return Type: BOOL +// TRUE(1) safe to produce ticket +// FALSE(0) not safe to produce ticket +BOOL +TicketIsSafe( + TPM2B *buffer +); + +//*** TicketComputeVerified() +// This function creates a TPMT_TK_VERIFIED ticket. +void +TicketComputeVerified( + TPMI_RH_HIERARCHY hierarchy, // IN: hierarchy constant for ticket + TPM2B_DIGEST *digest, // IN: digest + TPM2B_NAME *keyName, // IN: name of key that signed the values + TPMT_TK_VERIFIED *ticket // OUT: verified ticket +); + +//*** TicketComputeAuth() +// This function creates a TPMT_TK_AUTH ticket. +void +TicketComputeAuth( + TPM_ST type, // IN: the type of ticket. + TPMI_RH_HIERARCHY hierarchy, // IN: hierarchy constant for ticket + UINT64 timeout, // IN: timeout + BOOL expiresOnReset,// IN: flag to indicate if ticket expires on + // TPM Reset + TPM2B_DIGEST *cpHashA, // IN: input cpHashA + TPM2B_NONCE *policyRef, // IN: input policyRef + TPM2B_NAME *entityName, // IN: name of entity + TPMT_TK_AUTH *ticket // OUT: Created ticket +); + +//*** TicketComputeHashCheck() +// This function creates a TPMT_TK_HASHCHECK ticket. +void +TicketComputeHashCheck( + TPMI_RH_HIERARCHY hierarchy, // IN: hierarchy constant for ticket + TPM_ALG_ID hashAlg, // IN: the hash algorithm for 'digest' + TPM2B_DIGEST *digest, // IN: input digest + TPMT_TK_HASHCHECK *ticket // OUT: Created ticket +); + +//*** TicketComputeCreation() +// This function creates a TPMT_TK_CREATION ticket. +void +TicketComputeCreation( + TPMI_RH_HIERARCHY hierarchy, // IN: hierarchy for ticket + TPM2B_NAME *name, // IN: object name + TPM2B_DIGEST *creation, // IN: creation hash + TPMT_TK_CREATION *ticket // OUT: created ticket +); + +#endif // _TICKET_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Time_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Time_fp.h new file mode 100644 index 000000000..81c2ea953 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Time_fp.h @@ -0,0 +1,139 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Apr 2, 2019 Time: 04:23:27PM + */ + +#ifndef _TIME_FP_H_ +#define _TIME_FP_H_ + +//*** TimePowerOn() +// This function initialize time info at _TPM_Init(). +// +// This function is called at _TPM_Init() so that the TPM time can start counting +// as soon as the TPM comes out of reset and doesn't have to wait until +// TPM2_Startup() in order to begin the new time epoch. This could be significant +// for systems that could get powered up but not run any TPM commands for some +// period of time. +// +void +TimePowerOn( + void +); + +//*** TimeStartup() +// This function updates the resetCount and restartCount components of +// TPMS_CLOCK_INFO structure at TPM2_Startup(). +// +// This function will deal with the deferred creation of a new epoch. +// TimeUpdateToCurrent() will not start a new epoch even if one is due when +// TPM_Startup() has not been run. This is because the state of NV is not known +// until startup completes. When Startup is done, then it will create the epoch +// nonce to complete the initializations by calling this function. +BOOL +TimeStartup( + STARTUP_TYPE type // IN: start up type +); + +//*** TimeClockUpdate() +// This function updates go.clock. If 'newTime' requires an update of NV, then +// NV is checked for availability. If it is not available or is rate limiting, then +// go.clock is not updated and the function returns an error. If 'newTime' would +// not cause an NV write, then go.clock is updated. If an NV write occurs, then +// go.safe is SET. +void +TimeClockUpdate( + UINT64 newTime // IN: New time value in mS. +); + +//*** TimeUpdate() +// This function is used to update the time and clock values. If the TPM +// has run TPM2_Startup(), this function is called at the start of each command. +// If the TPM has not run TPM2_Startup(), this is called from TPM2_Startup() to +// get the clock values initialized. It is not called on command entry because, in +// this implementation, the go structure is not read from NV until TPM2_Startup(). +// The reason for this is that the initialization code (_TPM_Init()) may run before +// NV is accessible. +void +TimeUpdate( + void +); + +//*** TimeUpdateToCurrent() +// This function updates the 'Time' and 'Clock' in the global +// TPMS_TIME_INFO structure. +// +// In this implementation, 'Time' and 'Clock' are updated at the beginning +// of each command and the values are unchanged for the duration of the +// command. +// +// Because 'Clock' updates may require a write to NV memory, 'Time' and 'Clock' +// are not allowed to advance if NV is not available. When clock is not advancing, +// any function that uses 'Clock' will fail and return TPM_RC_NV_UNAVAILABLE or +// TPM_RC_NV_RATE. +// +// This implementation does not do rate limiting. If the implementation does do +// rate limiting, then the 'Clock' update should not be inhibited even when doing +// rate limiting. +void +TimeUpdateToCurrent( + void +); + +//*** TimeSetAdjustRate() +// This function is used to perform rate adjustment on 'Time' and 'Clock'. +void +TimeSetAdjustRate( + TPM_CLOCK_ADJUST adjust // IN: adjust constant +); + +//*** TimeGetMarshaled() +// This function is used to access TPMS_TIME_INFO in canonical form. +// The function collects the time information and marshals it into 'dataBuffer' +// and returns the marshaled size +UINT16 +TimeGetMarshaled( + TIME_INFO *dataBuffer // OUT: result buffer +); + +//*** TimeFillInfo +// This function gathers information to fill in a TPMS_CLOCK_INFO structure. +void +TimeFillInfo( + TPMS_CLOCK_INFO *clockInfo +); + +#endif // _TIME_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmASN1_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmASN1_fp.h new file mode 100644 index 000000000..9f78d7bb0 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmASN1_fp.h @@ -0,0 +1,234 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Apr 2, 2019 Time: 11:00:49AM + */ + +#ifndef _TPM_ASN1_FP_H_ +#define _TPM_ASN1_FP_H_ + +//*** ASN1UnmarshalContextInitialize() +// Function does standard initialization of a context. +// Return Type: BOOL +// TRUE(1) success +// FALSE(0) failure +BOOL +ASN1UnmarshalContextInitialize( + ASN1UnmarshalContext *ctx, + INT16 size, + BYTE *buffer +); + +//***ASN1DecodeLength() +// This function extracts the length of an element from 'buffer' starting at 'offset'. +// Return Type: UINT16 +// >=0 the extracted length +// <0 an error +INT16 +ASN1DecodeLength( + ASN1UnmarshalContext *ctx +); + +//***ASN1NextTag() +// This function extracts the next type from 'buffer' starting at 'offset'. +// It advances 'offset' as it parses the type and the length of the type. It returns +// the length of the type. On return, the 'length' octets starting at 'offset' are the +// octets of the type. +// Return Type: UINT +// >=0 the number of octets in 'type' +// <0 an error +INT16 +ASN1NextTag( + ASN1UnmarshalContext *ctx +); + +//*** ASN1GetBitStringValue() +// Try to parse a bit string of up to 32 bits from a value that is expected to be +// a bit string. +// If there is a general parsing error, the context->size is set to -1. +// Return Type: BOOL +// TRUE(1) success +// FALSE(0) failure +BOOL +ASN1GetBitStringValue( + ASN1UnmarshalContext *ctx, + UINT32 *val +); + +//*** ASN1InitialializeMarshalContext() +// This creates a structure for handling marshaling of an ASN.1 formatted data +// structure. +void +ASN1InitialializeMarshalContext( + ASN1MarshalContext *ctx, + INT16 length, + BYTE *buffer +); + +//*** ASN1StartMarshalContext() +// This starts a new constructed element. It is constructed on 'top' of the value +// that was previously placed in the structure. +void +ASN1StartMarshalContext( + ASN1MarshalContext *ctx +); + +//*** ASN1EndMarshalContext() +// This function restores the end pointer for an encapsulating structure. +// Return Type: INT16 +// > 0 the size of the encapsulated structure that was just ended +// <= 0 an error +INT16 +ASN1EndMarshalContext( + ASN1MarshalContext *ctx +); + +//***ASN1EndEncapsulation() +// This function puts a tag and length in the buffer. In this function, an embedded +// BIT_STRING is assumed to be a collection of octets. To indicate that all bits +// are used, a byte of zero is prepended. If a raw bit-string is needed, a new +// function like ASN1PushInteger() would be needed. +// Return Type: INT16 +// > 0 number of octets in the encapsulation +// == 0 failure +UINT16 +ASN1EndEncapsulation( + ASN1MarshalContext *ctx, + BYTE tag +); + +//*** ASN1PushByte() +BOOL +ASN1PushByte( + ASN1MarshalContext *ctx, + BYTE b +); + +//*** ASN1PushBytes() +// Push some raw bytes onto the buffer. 'count' cannot be zero. +// Return Type: IN16 +// > 0 count bytes +// == 0 failure unless count was zero +INT16 +ASN1PushBytes( + ASN1MarshalContext *ctx, + INT16 count, + const BYTE *buffer +); + +//*** ASN1PushNull() +// Return Type: IN16 +// > 0 count bytes +// == 0 failure unless count was zero +INT16 +ASN1PushNull( + ASN1MarshalContext *ctx +); + +//*** ASN1PushLength() +// Push a length value. This will only handle length values that fit in an INT16. +// Return Type: UINT16 +// > 0 number of bytes added +// == 0 failure +INT16 +ASN1PushLength( + ASN1MarshalContext *ctx, + INT16 len +); + +//*** ASN1PushTagAndLength() +// Return Type: INT16 +// > 0 number of bytes added +// == 0 failure +INT16 +ASN1PushTagAndLength( + ASN1MarshalContext *ctx, + BYTE tag, + INT16 length +); + +//*** ASN1PushTaggedOctetString() +// This function will push a random octet string. +// Return Type: INT16 +// > 0 number of bytes added +// == 0 failure +INT16 +ASN1PushTaggedOctetString( + ASN1MarshalContext *ctx, + INT16 size, + const BYTE *string, + BYTE tag +); + +//*** ASN1PushUINT() +// This function pushes an native-endian integer value. This just changes a +// native-endian integer into a big-endian byte string and calls ASN1PushInteger(). +// That function will remove leading zeros and make sure that the number is positive. +// Return Type: IN16 +// > 0 count bytes +// == 0 failure unless count was zero +INT16 +ASN1PushUINT( + ASN1MarshalContext *ctx, + UINT32 integer +); + +//*** ASN1PushInteger +// Push a big-endian integer on the end of the buffer +// Return Type: UINT16 +// > 0 the number of bytes marshaled for the integer +// == 0 failure +INT16 +ASN1PushInteger( + ASN1MarshalContext *ctx, // IN/OUT: buffer context + INT16 iLen, // IN: octets of the integer + BYTE *integer // IN: big-endian integer +); + +//*** ASN1PushOID() +// This function is used to add an OID. An OID is 0x06 followed by a byte of size +// followed by size bytes. This is used to avoid having to do anything special in the +// definition of an OID. +// Return Type: UINT16 +// > 0 the number of bytes marshaled for the integer +// == 0 failure +INT16 +ASN1PushOID( + ASN1MarshalContext *ctx, + const BYTE *OID +); + +#endif // _TPM_ASN1_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmFail_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmFail_fp.h new file mode 100644 index 000000000..998d16b12 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmFail_fp.h @@ -0,0 +1,98 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Apr 2, 2019 Time: 03:18:00PM + */ + +#ifndef _TPM_FAIL_FP_H_ +#define _TPM_FAIL_FP_H_ + +//*** SetForceFailureMode() +// This function is called by the simulator to enable failure mode testing. +#if SIMULATION +LIB_EXPORT void +SetForceFailureMode( + void +); +#endif + +//*** TpmLogFailure() +// This function saves the failure values when the code will continue to operate. It +// if similar to TpmFail() but returns to the caller. The assumption is that the +// caller will propagate a failure back up the stack. +void +TpmLogFailure( +#if FAIL_TRACE + const char *function, + int line, +#endif + int code +); + +//*** TpmFail() +// This function is called by TPM.lib when a failure occurs. It will set up the +// failure values to be returned on TPM2_GetTestResult(). +NORETURN void +TpmFail( +#if FAIL_TRACE + const char *function, + int line, +#endif + int code +); + +//*** TpmFailureMode( +// This function is called by the interface code when the platform is in failure +// mode. +void +TpmFailureMode( + unsigned int inRequestSize, // IN: command buffer size + unsigned char *inRequest, // IN: command buffer + unsigned int *outResponseSize, // OUT: response buffer size + unsigned char **outResponse // OUT: response buffer +); + +//*** UnmarshalFail() +// This is a stub that is used to catch an attempt to unmarshal an entry +// that is not defined. Don't ever expect this to be called but... +void +UnmarshalFail( + void *type, + BYTE **buffer, + INT32 *size +); + +#endif // _TPM_FAIL_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmSizeChecks_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmSizeChecks_fp.h new file mode 100644 index 000000000..236f9d0d0 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmSizeChecks_fp.h @@ -0,0 +1,56 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Mar 28, 2019 Time: 08:25:19PM + */ + +#ifndef _TPM_SIZE_CHECKS_FP_H_ +#define _TPM_SIZE_CHECKS_FP_H_ + +#if RUNTIME_SIZE_CHECKS + +//** TpmSizeChecks() +// This function is used during the development process to make sure that the +// vendor-specific values result in a consistent implementation. When possible, +// the code contains #if to do compile-time checks. However, in some cases, the +// values require the use of "sizeof()" and that can't be used in an #if. +void +TpmSizeChecks( + void +); +#endif // RUNTIME_SIZE_CHECKS + +#endif // _TPM_SIZE_CHECKS_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToLtcDesSupport_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToLtcDesSupport_fp.h new file mode 100644 index 000000000..53aef9517 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToLtcDesSupport_fp.h @@ -0,0 +1,58 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/*(Auto) + Automatically Generated by TpmPrototypes version 2.2 February 10, 2016 + Date: Sep 9, 2016 Time: 01:03:57 PM +*/ + +#ifndef _TPMTOLTCDESSUPPORT_FP_H_ +#define _TPMTOLTCDESSUPPORT_FP_H_ + +#if SYM_LIB == LTC && defined TPM_ALG_TDES +//** TDES_setup +// This function calls the LTC function to generate a TDES key schedule. If the +// key is one DES key (8 bytes), then it is replicated two more times to create a +// 24-byte TDES key. If the key is two key (16 bytes), then the first DES key is +// replicated to the third key position. +void TDES_setup( + const BYTE *key, + UINT32 keyBits, + symmetric_key *skey + ); +#endif + + +#endif // _TPMTOLTCDESSUPPORT_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToLtcMath_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToLtcMath_fp.h new file mode 100644 index 000000000..2e6577cd4 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToLtcMath_fp.h @@ -0,0 +1,150 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/*(Auto) + Automatically Generated by TpmPrototypes version 2.2 February 10, 2016 + Date: Mar 23, 2017 Time: 03:31:51 PM +*/ + +#ifndef _TPMTOLTCMATH_FP_H_ +#define _TPMTOLTCMATH_FP_H_ + +#if MATH_LIB == LTC +//*** BnModMult() +// Does multiply and divide returning the remainder of the divide. +LIB_EXPORT BOOL +BnModMult( + bigNum result, + bigConst op1, + bigConst op2, + bigConst modulus + ); + +//*** BnMult() +// Multiplies two numbers +LIB_EXPORT BOOL +BnMult( + bigNum result, + bigConst multiplicand, + bigConst multiplier + ); + +//*** BnDiv() +// This function divides two BIGNUM values. The function always returns TRUE. +LIB_EXPORT BOOL +BnDiv( + bigNum quotient, + bigNum remainder, + bigConst dividend, + bigConst divisor + ); + +#ifdef TPM_ALG_RSA +//*** BnGcd() +// Get the greatest common divisor of two numbers +LIB_EXPORT BOOL +BnGcd( + bigNum gcd, // OUT: the common divisor + bigConst number1, // IN: + bigConst number2 // IN: + ); + +//***BnModExp() +// Do modular exponentiation using BIGNUM values. The conversion from a bignum_t +// to a BIGNUM is trivial as they are based on the same structure +LIB_EXPORT BOOL +BnModExp( + bigNum result, // OUT: the result + bigConst number, // IN: number to exponentiate + bigConst exponent, // IN: + bigConst modulus // IN: + ); + +//*** BnModInverse() +// Modular multiplicative inverse +LIB_EXPORT BOOL +BnModInverse( + bigNum result, + bigConst number, + bigConst modulus + ); +#endif // TPM_ALG_RSA + +#ifdef TPM_ALG_ECC +//*** BnEccModMult() +// This function does a point multiply of the form R = [d]S +// return type: BOOL +// FALSE failure in operation; treat as result being point at infinity +LIB_EXPORT BOOL +BnEccModMult( + bigPoint R, // OUT: computed point + pointConst S, // IN: point to multiply by 'd' + bigConst d, // IN: scalar for [d]S + bigCurve E + ); + +//*** BnEccModMult2() +// This function does a point multiply of the form R = [d]S + [u]Q +// return type: BOOL +// FALSE failure in operation; treat as result being point at infinity +LIB_EXPORT BOOL +BnEccModMult2( + bigPoint R, // OUT: computed point + pointConst S, // IN: first point (optional) + bigConst d, // IN: scalar for [d]S or [d]G + pointConst Q, // IN: second point + bigConst u, // IN: second scalar + bigCurve E // IN: curve + ); + +//*** BnEccAdd() +// This function does addition of two points. Since this is not implemented +// in LibTomCrypt() will try to trick it by doing multiply with scalar of 1. +// I have no idea if this will work and it's not needed unless MQV or the SM2 +// variant is enabled. +// return type: BOOL +// FALSE failure in operation; treat as result being point at infinity +LIB_EXPORT BOOL +BnEccAdd( + bigPoint R, // OUT: computed point + pointConst S, // IN: point to multiply by 'd' + pointConst Q, // IN: second point + bigCurve E // IN: curve + ); +#endif // TPM_ALG_ECC +#endif // MATH_LIB == LTC + + +#endif // _TPMTOLTCMATH_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToLtcSupport_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToLtcSupport_fp.h new file mode 100644 index 000000000..f0d482c70 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToLtcSupport_fp.h @@ -0,0 +1,73 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/*(Auto) + Automatically Generated by TpmPrototypes version 2.2 February 10, 2016 + Date: Sep 9, 2016 Time: 01:03:57 PM +*/ + +#ifndef _TPMTOLTCSUPPORT_FP_H_ +#define _TPMTOLTCSUPPORT_FP_H_ + +#if MATH_LIB == LTC +//*** LtcRand() +// This is a stub function that is called from the LibTomCrypt or libmpa code +// to get a random number. In turn, this will call the random RandGenerate +// function that was passed in LibraryInit(). This function will pass the pointer +// to the current rand state along with the random byte request. +uint32_t LtcRand( + void *buf, + size_t blen + ); + +//*** SupportLibInit() +// This does any initialization required by the support library. +LIB_EXPORT int +SupportLibInit( + void + ); + +//*** LtcPoolInit() +// Function to initialize a pool. **** +LIB_EXPORT mpa_scratch_mem +LtcPoolInit( + mpa_word_t *poolAddress, + int vars, + int bits + ); +#endif // MATH_LIB == LTC + + +#endif // _TPMTOLTCSUPPORT_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToOsslDesSupport_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToOsslDesSupport_fp.h new file mode 100644 index 000000000..e8d45f23b --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToOsslDesSupport_fp.h @@ -0,0 +1,78 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Apr 2, 2019 Time: 03:18:00PM + */ + +#ifndef _TPM_TO_OSSL_DES_SUPPORT_FP_H_ +#define _TPM_TO_OSSL_DES_SUPPORT_FP_H_ + +#if (defined SYM_LIB_OSSL) && ALG_TDES + +//**Functions +//*** TDES_set_encyrpt_key() +// This function makes creation of a TDES key look like the creation of a key for +// any of the other OpenSSL block ciphers. It will create three key schedules, +// one for each of the DES keys. If there are only two keys, then the third schedule +// is a copy of the first. +void +TDES_set_encrypt_key( + const BYTE *key, + UINT16 keySizeInBits, + tpmKeyScheduleTDES *keySchedule +); + +//*** TDES_encyrpt() +// The TPM code uses one key schedule. For TDES, the schedule contains three +// schedules. OpenSSL wants the schedules referenced separately. This function +// does that. +void TDES_encrypt( + const BYTE *in, + BYTE *out, + tpmKeyScheduleTDES *ks +); + +//*** TDES_decrypt() +// As with TDES_encypt() this function bridges between the TPM single schedule +// model and the OpenSSL three schedule model. +void TDES_decrypt( + const BYTE *in, + BYTE *out, + tpmKeyScheduleTDES *ks +); +#endif // SYM_LIB_OSSL + +#endif // _TPM_TO_OSSL_DES_SUPPORT_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToOsslMath_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToOsslMath_fp.h new file mode 100644 index 000000000..81cbc972f --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToOsslMath_fp.h @@ -0,0 +1,223 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Apr 2, 2019 Time: 03:18:00PM + */ + +#ifndef _TPM_TO_OSSL_MATH_FP_H_ +#define _TPM_TO_OSSL_MATH_FP_H_ + +#ifdef MATH_LIB_OSSL + +//*** OsslToTpmBn() +// This function converts an OpenSSL BIGNUM to a TPM bignum. In this implementation +// it is assumed that OpenSSL uses a different control structure but the same data +// layout -- an array of native-endian words in little-endian order. +// Return Type: BOOL +// TRUE(1) success +// FALSE(0) failure because value will not fit or OpenSSL variable doesn't +// exist +BOOL +OsslToTpmBn( + bigNum bn, + BIGNUM *osslBn +); + +//*** BigInitialized() +// This function initializes an OSSL BIGNUM from a TPM bigConst. Do not use this for +// values that are passed to OpenSLL when they are not declared as const in the +// function prototype. Instead, use BnNewVariable(). +BIGNUM * +BigInitialized( + BIGNUM *toInit, + bigConst initializer +); +#if LIBRARY_COMPATIBILITY_CHECK + +//*** MathLibraryCompatibilityCheck() +void +MathLibraryCompatibilityCheck( + void +); +#endif + +//*** BnModMult() +// This function does a modular multiply. It first does a multiply and then a divide +// and returns the remainder of the divide. +// Return Type: BOOL +// TRUE(1) success +// FALSE(0) failure in operation +LIB_EXPORT BOOL +BnModMult( + bigNum result, + bigConst op1, + bigConst op2, + bigConst modulus +); + +//*** BnMult() +// Multiplies two numbers +// Return Type: BOOL +// TRUE(1) success +// FALSE(0) failure in operation +LIB_EXPORT BOOL +BnMult( + bigNum result, + bigConst multiplicand, + bigConst multiplier +); + +//*** BnDiv() +// This function divides two bigNum values. The function returns FALSE if +// there is an error in the operation. +// Return Type: BOOL +// TRUE(1) success +// FALSE(0) failure in operation +LIB_EXPORT BOOL +BnDiv( + bigNum quotient, + bigNum remainder, + bigConst dividend, + bigConst divisor +); + +#if ALG_RSA +//*** BnGcd() +// Get the greatest common divisor of two numbers +// Return Type: BOOL +// TRUE(1) success +// FALSE(0) failure in operation +LIB_EXPORT BOOL +BnGcd( + bigNum gcd, // OUT: the common divisor + bigConst number1, // IN: + bigConst number2 // IN: +); + +//***BnModExp() +// Do modular exponentiation using bigNum values. The conversion from a bignum_t to +// a bigNum is trivial as they are based on the same structure +// Return Type: BOOL +// TRUE(1) success +// FALSE(0) failure in operation +LIB_EXPORT BOOL +BnModExp( + bigNum result, // OUT: the result + bigConst number, // IN: number to exponentiate + bigConst exponent, // IN: + bigConst modulus // IN: +); + +//*** BnModInverse() +// Modular multiplicative inverse +// Return Type: BOOL +// TRUE(1) success +// FALSE(0) failure in operation +LIB_EXPORT BOOL +BnModInverse( + bigNum result, + bigConst number, + bigConst modulus +); +#endif // ALG_RSA +#if ALG_ECC + +//*** BnCurveInitialize() +// This function initializes the OpenSSL curve information structure. This +// structure points to the TPM-defined values for the curve, to the context for the +// number values in the frame, and to the OpenSSL-defined group values. +// Return Type: bigCurve * +// NULL the TPM_ECC_CURVE is not valid or there was a problem in +// in initializing the curve data +// non-NULL points to 'E' +LIB_EXPORT bigCurve +BnCurveInitialize( + bigCurve E, // IN: curve structure to initialize + TPM_ECC_CURVE curveId // IN: curve identifier +); + +//*** BnCurveFree() +// This function will free the allocated components of the curve and end the +// frame in which the curve data exists +LIB_EXPORT void +BnCurveFree( + bigCurve E +); + +//*** BnEccModMult() +// This function does a point multiply of the form R = [d]S +// Return Type: BOOL +// TRUE(1) success +// FALSE(0) failure in operation; treat as result being point at infinity +LIB_EXPORT BOOL +BnEccModMult( + bigPoint R, // OUT: computed point + pointConst S, // IN: point to multiply by 'd' (optional) + bigConst d, // IN: scalar for [d]S + bigCurve E +); + +//*** BnEccModMult2() +// This function does a point multiply of the form R = [d]G + [u]Q +// Return Type: BOOL +// TRUE(1) success +// FALSE(0) failure in operation; treat as result being point at infinity +LIB_EXPORT BOOL +BnEccModMult2( + bigPoint R, // OUT: computed point + pointConst S, // IN: optional point + bigConst d, // IN: scalar for [d]S or [d]G + pointConst Q, // IN: second point + bigConst u, // IN: second scalar + bigCurve E // IN: curve +); + +//** BnEccAdd() +// This function does addition of two points. +// Return Type: BOOL +// TRUE(1) success +// FALSE(0) failure in operation; treat as result being point at infinity +LIB_EXPORT BOOL +BnEccAdd( + bigPoint R, // OUT: computed point + pointConst S, // IN: point to multiply by 'd' + pointConst Q, // IN: second point + bigCurve E // IN: curve +); +#endif // ALG_ECC +#endif // MATHLIB OSSL + +#endif // _TPM_TO_OSSL_MATH_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToOsslSupport_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToOsslSupport_fp.h new file mode 100644 index 000000000..b787cce0c --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToOsslSupport_fp.h @@ -0,0 +1,84 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Mar 28, 2019 Time: 08:25:19PM + */ + +#ifndef _TPM_TO_OSSL_SUPPORT_FP_H_ +#define _TPM_TO_OSSL_SUPPORT_FP_H_ + +#ifdef MATH_LIB_OSSL + +//*** SupportLibInit() +// This does any initialization required by the support library. +LIB_EXPORT int +SupportLibInit( + void +); + +//*** OsslContextEnter() +// This function is used to initialize an OpenSSL context at the start of a function +// that will call to an OpenSSL math function. +BN_CTX * +OsslContextEnter( + void +); + +//*** OsslContextLeave() +// This is the companion function to OsslContextEnter(). +void +OsslContextLeave( + BN_CTX *CTX +); + +//*** OsslPushContext() +// This function is used to create a frame in a context. All values allocated within +// this context after the frame is started will be automatically freed when the +// context (OsslPopContext() +BN_CTX * +OsslPushContext( + BN_CTX *CTX +); + +//*** OsslPopContext() +// This is the companion function to OsslPushContext(). +void +OsslPopContext( + BN_CTX *CTX +); +#endif // MATH_LIB_OSSL + +#endif // _TPM_TO_OSSL_SUPPORT_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToWolfDesSupport_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToWolfDesSupport_fp.h new file mode 100644 index 000000000..e7b8ff794 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToWolfDesSupport_fp.h @@ -0,0 +1,90 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/*(Auto) + Automatically Generated by TpmPrototypes version 2.2 February 10, 2016 + Date: Sep 9, 2016 Time: 01:03:57 PM +*/ + +#ifndef _TPMTOWOLFDESSUPPORT_FP_H_ +#define _TPMTOWOLFDESSUPPORT_FP_H_ + +#if SYM_LIB == WOLF && defined TPM_ALG_TDES +//**Functions + +//** TDES_setup +// This function calls the wolfcrypt function to generate a TDES key schedule. If the +// If the key is two key (16 bytes), then the first DES key is replicated to the third +// key position. +int TDES_setup( + const BYTE *key, + UINT32 keyBits, + tpmKeyScheduleTDES *skey, + int dir + ); + +//** TDES_setup_encrypt_key +// This function calls into TDES_setup(), specifically for an encryption key. +int TDES_setup_encrypt_key( + const BYTE *key, + UINT32 keyBits, + tpmKeyScheduleTDES *skey + ); + +//** TDES_setup_decrypt_key +// This function calls into TDES_setup(), specifically for an decryption key. +int TDES_setup_decrypt_key( + const BYTE *key, + UINT32 keyBits, + tpmKeyScheduleTDES *skey + ); + +//*** TDES_encyrpt() +void TDES_encrypt( + const BYTE *in, + BYTE *out, + tpmKeyScheduleTDES *ks + ); + +//*** TDES_decrypt() +void TDES_decrypt( + const BYTE *in, + BYTE *out, + tpmKeyScheduleTDES *ks + ); +#endif // SYM_LIB == WOLF + + +#endif // _TPMTOWOLFDESSUPPORT_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToWolfMath_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToWolfMath_fp.h new file mode 100644 index 000000000..2ee6c0445 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToWolfMath_fp.h @@ -0,0 +1,209 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/*(Auto) + Automatically Generated by TpmPrototypes version 2.2 February 10, 2016 + Date: Sep 9, 2016 Time: 01:03:57 PM +*/ + +#ifndef _TPMTOWOLFMATH_FP_H_ +#define _TPMTOWOLFMATH_FP_H_ + +#if MATH_LIB == WOLF +//**Functions + +//*** BnFromWolf() +// This function converts a wolfcrypt mp_int to a TPM bignum. In this implementation +// it is assumed that wolfcrypt used the same format for a big number as does the +// TPM -- an array of native-endian words in little-endian order. +void +BnFromWolf( + bigNum bn, + mp_int *wolfBn + ); + +//*** BnToWolf() +// This function converts a TPM bignum to a wolfcrypt mp_init, and has the same +// assumptions as made by BnFromWolf() +void +BnToWolf( + mp_int *toInit, + bigConst initializer + ); + +//*** MpInitialize() +// This function initializes an wolfcrypt mp_int. +mp_int * +MpInitialize( + mp_int *toInit + ); + +//** MathLibraryCompatibililtyCheck() +// This function is only used during development to make sure that the library +// that is being referenced is using the same size of data structures as the TPM. +void +MathLibraryCompatibilityCheck( + void + ); + +//*** BnModMult() +// Does multiply and divide returning the remainder of the divide. +LIB_EXPORT BOOL +BnModMult( + bigNum result, + bigConst op1, + bigConst op2, + bigConst modulus + ); + +//*** BnMult() +// Multiplies two numbers +LIB_EXPORT BOOL +BnMult( + bigNum result, + bigConst multiplicand, + bigConst multiplier + ); + +//*** BnDiv() +// This function divides two bigNum values. The function returns FALSE if +// there is an error in the operation. +LIB_EXPORT BOOL +BnDiv( + bigNum quotient, + bigNum remainder, + bigConst dividend, + bigConst divisor + ); + +#ifdef TPM_ALG_RSA +//*** BnGcd() +// Get the greatest common divisor of two numbers +LIB_EXPORT BOOL +BnGcd( + bigNum gcd, // OUT: the common divisor + bigConst number1, // IN: + bigConst number2 // IN: + ); + +//***BnModExp() +// Do modular exponentiation using bigNum values. The conversion from a mp_int to +// a bigNum is trivial as they are based on the same structure +LIB_EXPORT BOOL +BnModExp( + bigNum result, // OUT: the result + bigConst number, // IN: number to exponentiate + bigConst exponent, // IN: + bigConst modulus // IN: + ); + +//*** BnModInverse() +// Modular multiplicative inverse +LIB_EXPORT BOOL +BnModInverse( + bigNum result, + bigConst number, + bigConst modulus + ); +#endif // TPM_ALG_RSA + +#ifdef TPM_ALG_ECC + +//*** PointFromWolf() +// Function to copy the point result from a wolf ecc_point to a bigNum +void +PointFromWolf( + bigPoint pOut, // OUT: resulting point + ecc_point *pIn // IN: the point to return + ); + +//*** PointToWolf() +// Function to copy the point result from a bigNum to a wolf ecc_point +void +PointToWolf( + ecc_point *pOut, // OUT: resulting point + pointConst pIn // IN: the point to return + ); + +//*** EcPointInitialized() +// Allocate and initialize a point. +static ecc_point * +EcPointInitialized( + pointConst initializer + ); + +//*** BnEccModMult() +// This function does a point multiply of the form R = [d]S +// return type: BOOL +// FALSE failure in operation; treat as result being point at infinity +LIB_EXPORT BOOL +BnEccModMult( + bigPoint R, // OUT: computed point + pointConst S, // IN: point to multiply by 'd' (optional) + bigConst d, // IN: scalar for [d]S + bigCurve E + ); + +//*** BnEccModMult2() +// This function does a point multiply of the form R = [d]G + [u]Q +// return type: BOOL +// FALSE failure in operation; treat as result being point at infinity +LIB_EXPORT BOOL +BnEccModMult2( + bigPoint R, // OUT: computed point + pointConst S, // IN: optional point + bigConst d, // IN: scalar for [d]S or [d]G + pointConst Q, // IN: second point + bigConst u, // IN: second scalar + bigCurve E // IN: curve + ); + +//** BnEccAdd() +// This function does addition of two points. +// return type: BOOL +// FALSE failure in operation; treat as result being point at infinity +LIB_EXPORT BOOL +BnEccAdd( + bigPoint R, // OUT: computed point + pointConst S, // IN: point to multiply by 'd' + pointConst Q, // IN: second point + bigCurve E // IN: curve + ); +#endif // TPM_ALG_ECC + +#endif // MATH_LIB == WOLF + + +#endif // _TPMTOWOLFMATH_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToWolfSupport_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToWolfSupport_fp.h new file mode 100644 index 000000000..ee0887a33 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToWolfSupport_fp.h @@ -0,0 +1,56 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/*(Auto) + Automatically Generated by TpmPrototypes version 2.2 February 10, 2016 + Date: Sep 9, 2016 Time: 01:03:57 PM +*/ + +#ifndef _TPMTOWOLFSUPPORT_FP_H_ +#define _TPMTOWOLFSUPPORT_FP_H_ + +#ifdef MATH_LIB_WOLF +//**Functions + +//*** SupportLibInit() +// This does any initialization required by the support library. +LIB_EXPORT int +SupportLibInit( + void + ); +#endif // MATH_LIB == WOLF + + +#endif // _TPMTOWOLFSUPPORT_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Unseal_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Unseal_fp.h new file mode 100644 index 000000000..c32ff2278 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Unseal_fp.h @@ -0,0 +1,66 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_Unseal // Command must be enabled + +#ifndef _Unseal_FP_H_ +#define _Unseal_FP_H_ + +// Input structure definition +typedef struct { + TPMI_DH_OBJECT itemHandle; +} Unseal_In; + +// Output structure definition +typedef struct { + TPM2B_SENSITIVE_DATA outData; +} Unseal_Out; + +// Response code modifiers +#define RC_Unseal_itemHandle (TPM_RC_H + TPM_RC_1) + +// Function prototype +TPM_RC +TPM2_Unseal( + Unseal_In *in, + Unseal_Out *out +); + +#endif // _Unseal_FP_H_ +#endif // CC_Unseal diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Vendor_TCG_Test_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Vendor_TCG_Test_fp.h new file mode 100644 index 000000000..105d71766 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Vendor_TCG_Test_fp.h @@ -0,0 +1,66 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_Vendor_TCG_Test // Command must be enabled + +#ifndef _Vendor_TCG_Test_FP_H_ +#define _Vendor_TCG_Test_FP_H_ + +// Input structure definition +typedef struct { + TPM2B_DATA inputData; +} Vendor_TCG_Test_In; + +// Output structure definition +typedef struct { + TPM2B_DATA outputData; +} Vendor_TCG_Test_Out; + +// Response code modifiers +#define RC_Vendor_TCG_Test_inputData (TPM_RC_P + TPM_RC_1) + +// Function prototype +TPM_RC +TPM2_Vendor_TCG_Test( + Vendor_TCG_Test_In *in, + Vendor_TCG_Test_Out *out +); + +#endif // _Vendor_TCG_Test_FP_H_ +#endif // CC_Vendor_TCG_Test diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/VerifySignature_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/VerifySignature_fp.h new file mode 100644 index 000000000..44961907a --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/VerifySignature_fp.h @@ -0,0 +1,70 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_VerifySignature // Command must be enabled + +#ifndef _Verify_Signature_FP_H_ +#define _Verify_Signature_FP_H_ + +// Input structure definition +typedef struct { + TPMI_DH_OBJECT keyHandle; + TPM2B_DIGEST digest; + TPMT_SIGNATURE signature; +} VerifySignature_In; + +// Output structure definition +typedef struct { + TPMT_TK_VERIFIED validation; +} VerifySignature_Out; + +// Response code modifiers +#define RC_VerifySignature_keyHandle (TPM_RC_H + TPM_RC_1) +#define RC_VerifySignature_digest (TPM_RC_P + TPM_RC_1) +#define RC_VerifySignature_signature (TPM_RC_P + TPM_RC_2) + +// Function prototype +TPM_RC +TPM2_VerifySignature( + VerifySignature_In *in, + VerifySignature_Out *out +); + +#endif // _Verify_Signature_FP_H_ +#endif // CC_VerifySignature diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/X509_ECC_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/X509_ECC_fp.h new file mode 100644 index 000000000..b994b1208 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/X509_ECC_fp.h @@ -0,0 +1,79 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Apr 2, 2019 Time: 11:00:49AM + */ + +#ifndef _X509_ECC_FP_H_ +#define _X509_ECC_FP_H_ + +//*** X509PushPoint() +// This seems like it might be used more than once so... +// Return Type: INT16 +// > 0 number of bytes added +// == 0 failure +INT16 +X509PushPoint( + ASN1MarshalContext *ctx, + TPMS_ECC_POINT *p +); + +//*** X509AddSigningAlgorithmECC() +// This creates the singing algorithm data. +// Return Type: INT16 +// > 0 number of bytes added +// == 0 failure +INT16 +X509AddSigningAlgorithmECC( + OBJECT *signKey, + TPMT_SIG_SCHEME *scheme, + ASN1MarshalContext *ctx +); + +//*** X509AddPublicECC() +// This function will add the publicKey description to the DER data. If ctx is +// NULL, then no data is transferred and this function will indicate if the TPM +// has the values for DER-encoding of the public key. +// Return Type: INT16 +// > 0 number of bytes added +// == 0 failure +INT16 +X509AddPublicECC( + OBJECT *object, + ASN1MarshalContext *ctx +); + +#endif // _X509_ECC_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/X509_RSA_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/X509_RSA_fp.h new file mode 100644 index 000000000..8fb05e672 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/X509_RSA_fp.h @@ -0,0 +1,71 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Apr 2, 2019 Time: 11:00:49AM + */ + +#ifndef _X509_RSA_FP_H_ +#define _X509_RSA_FP_H_ + +#if ALG_RSA + +//*** X509AddSigningAlgorithmRSA() +// This creates the singing algorithm data. +// Return Type: INT16 +// > 0 number of bytes added +// == 0 failure +INT16 +X509AddSigningAlgorithmRSA( + OBJECT *signKey, + TPMT_SIG_SCHEME *scheme, + ASN1MarshalContext *ctx +); + +//*** X509AddPublicRSA() +// This function will add the publicKey description to the DER data. If fillPtr is +// NULL, then no data is transferred and this function will indicate if the TPM +// has the values for DER-encoding of the public key. +// Return Type: INT16 +// > 0 number of bytes added +// == 0 failure +INT16 +X509AddPublicRSA( + OBJECT *object, + ASN1MarshalContext *ctx +); +#endif // ALG_RSA + +#endif // _X509_RSA_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/X509_spt_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/X509_spt_fp.h new file mode 100644 index 000000000..1670e78b4 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/X509_spt_fp.h @@ -0,0 +1,118 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Apr 2, 2019 Time: 11:00:49AM + */ + +#ifndef _X509_SPT_FP_H_ +#define _X509_SPT_FP_H_ + +//*** X509FindExtensionOID() +// This will search a list of X508 extensions to find an extension with the +// requested OID. If the extension is found, the output context ('ctx') is set up +// to point to the OID in the extension. +// Return Type: BOOL +// TRUE(1) success +// FALSE(0) failure (could be catastrophic) +BOOL +X509FindExtensionByOID( + ASN1UnmarshalContext *ctxIn, // IN: the context to search + ASN1UnmarshalContext *ctx, // OUT: the extension context + const BYTE *OID // IN: oid to search for +); + +//*** X509GetExtensionBits() +// This function will extract a bit field from an extension. If the extension doesn't +// contain a bit string, it will fail. +// Return Type: BOOL +// TRUE(1) success +// FALSE(0) failure +UINT32 +X509GetExtensionBits( + ASN1UnmarshalContext *ctx, + UINT32 *value +); + +//***X509ProcessExtensions() +// This function is used to process the TPMA_OBJECT and KeyUsage extensions. It is not +// in the CertifyX509.c code because it makes the code harder to follow. +// Return Type: TPM_RC +// TPM_RCS_ATTRIBUTES the attributes of object are not consistent with +// the extension setting +// TPM_RC_VALUE problem parsing the extensions +TPM_RC +X509ProcessExtensions( + OBJECT *object, // IN: The object with the attributes to + // check + stringRef *extension // IN: The start and length of the extensions +); + +//*** X509AddSigningAlgorithm() +// This creates the singing algorithm data. +// Return Type: INT16 +// > 0 number of octets added +// <= 0 failure +INT16 +X509AddSigningAlgorithm( + ASN1MarshalContext *ctx, + OBJECT *signKey, + TPMT_SIG_SCHEME *scheme +); + +//*** X509AddPublicKey() +// This function will add the publicKey description to the DER data. If fillPtr is +// NULL, then no data is transferred and this function will indicate if the TPM +// has the values for DER-encoding of the public key. +// Return Type: INT16 +// > 0 number of octets added +// == 0 failure +INT16 +X509AddPublicKey( + ASN1MarshalContext *ctx, + OBJECT *object +); + +//*** X509PushAlgorithmIdentifierSequence() +// Return Type: INT16 +// > 0 number of bytes added +// == 0 failure +INT16 +X509PushAlgorithmIdentifierSequence( + ASN1MarshalContext *ctx, + const BYTE *OID +); + +#endif // _X509_SPT_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ZGen_2Phase_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ZGen_2Phase_fp.h new file mode 100644 index 000000000..1fc708632 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ZGen_2Phase_fp.h @@ -0,0 +1,75 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Mar 28, 2019 Time: 08:25:17PM + */ + +#if CC_ZGen_2Phase // Command must be enabled + +#ifndef _ZGen_2Phase_FP_H_ +#define _ZGen_2Phase_FP_H_ + +// Input structure definition +typedef struct { + TPMI_DH_OBJECT keyA; + TPM2B_ECC_POINT inQsB; + TPM2B_ECC_POINT inQeB; + TPMI_ECC_KEY_EXCHANGE inScheme; + UINT16 counter; +} ZGen_2Phase_In; + +// Output structure definition +typedef struct { + TPM2B_ECC_POINT outZ1; + TPM2B_ECC_POINT outZ2; +} ZGen_2Phase_Out; + +// Response code modifiers +#define RC_ZGen_2Phase_keyA (TPM_RC_H + TPM_RC_1) +#define RC_ZGen_2Phase_inQsB (TPM_RC_P + TPM_RC_1) +#define RC_ZGen_2Phase_inQeB (TPM_RC_P + TPM_RC_2) +#define RC_ZGen_2Phase_inScheme (TPM_RC_P + TPM_RC_3) +#define RC_ZGen_2Phase_counter (TPM_RC_P + TPM_RC_4) + +// Function prototype +TPM_RC +TPM2_ZGen_2Phase( + ZGen_2Phase_In *in, + ZGen_2Phase_Out *out +); + +#endif // _ZGen_2Phase_FP_H_ +#endif // CC_ZGen_2Phase diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/_TPM_Hash_Data_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/_TPM_Hash_Data_fp.h new file mode 100644 index 000000000..8ac5c2074 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/_TPM_Hash_Data_fp.h @@ -0,0 +1,50 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Mar 28, 2019 Time: 08:25:19PM + */ + +#ifndef __TPM_HASH_DATA_FP_H_ +#define __TPM_HASH_DATA_FP_H_ + +// This function is called to process a _TPM_Hash_Data indication. +LIB_EXPORT void +_TPM_Hash_Data( + uint32_t dataSize, // IN: size of data to be extend + unsigned char *data // IN: data buffer +); + +#endif // __TPM_HASH_DATA_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/_TPM_Hash_End_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/_TPM_Hash_End_fp.h new file mode 100644 index 000000000..45ee7dff0 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/_TPM_Hash_End_fp.h @@ -0,0 +1,49 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Mar 28, 2019 Time: 08:25:19PM + */ + +#ifndef __TPM_HASH_END_FP_H_ +#define __TPM_HASH_END_FP_H_ + +// This function is called to process a _TPM_Hash_End indication. +LIB_EXPORT void +_TPM_Hash_End( + void +); + +#endif // __TPM_HASH_END_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/_TPM_Hash_Start_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/_TPM_Hash_Start_fp.h new file mode 100644 index 000000000..5ae53fb4f --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/_TPM_Hash_Start_fp.h @@ -0,0 +1,49 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Mar 28, 2019 Time: 08:25:19PM + */ + +#ifndef __TPM_HASH_START_FP_H_ +#define __TPM_HASH_START_FP_H_ + +// This function is called to process a _TPM_Hash_Start indication. +LIB_EXPORT void +_TPM_Hash_Start( + void +); + +#endif // __TPM_HASH_START_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/_TPM_Init_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/_TPM_Init_fp.h new file mode 100644 index 000000000..aabb43a2e --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/_TPM_Init_fp.h @@ -0,0 +1,49 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Mar 28, 2019 Time: 08:25:19PM + */ + +#ifndef __TPM_INIT_FP_H_ +#define __TPM_INIT_FP_H_ + +// This function is used to process a _TPM_Init indication. +LIB_EXPORT void +_TPM_Init( + void +); + +#endif // __TPM_INIT_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/swap.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/swap.h new file mode 100644 index 000000000..01216f740 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/swap.h @@ -0,0 +1,106 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#ifndef _SWAP_H +#define _SWAP_H + +#if LITTLE_ENDIAN_TPM +#define TO_BIG_ENDIAN_UINT16(i) REVERSE_ENDIAN_16(i) +#define FROM_BIG_ENDIAN_UINT16(i) REVERSE_ENDIAN_16(i) +#define TO_BIG_ENDIAN_UINT32(i) REVERSE_ENDIAN_32(i) +#define FROM_BIG_ENDIAN_UINT32(i) REVERSE_ENDIAN_32(i) +#define TO_BIG_ENDIAN_UINT64(i) REVERSE_ENDIAN_64(i) +#define FROM_BIG_ENDIAN_UINT64(i) REVERSE_ENDIAN_64(i) +#else +#define TO_BIG_ENDIAN_UINT16(i) (i) +#define FROM_BIG_ENDIAN_UINT16(i) (i) +#define TO_BIG_ENDIAN_UINT32(i) (i) +#define FROM_BIG_ENDIAN_UINT32(i) (i) +#define TO_BIG_ENDIAN_UINT64(i) (i) +#define FROM_BIG_ENDIAN_UINT64(i) (i) +#endif + +#if AUTO_ALIGN == NO + +// The aggregation macros for machines that do not allow unaligned access or for +// little-endian machines. + +// Aggregate bytes into an UINT + +#define BYTE_ARRAY_TO_UINT8(b) (uint8_t)((b)[0]) +#define BYTE_ARRAY_TO_UINT16(b) ByteArrayToUint16((BYTE *)(b)) +#define BYTE_ARRAY_TO_UINT32(b) ByteArrayToUint32((BYTE *)(b)) +#define BYTE_ARRAY_TO_UINT64(b) ByteArrayToUint64((BYTE *)(b)) +#define UINT8_TO_BYTE_ARRAY(i, b) ((b)[0] = (uint8_t)(i)) +#define UINT16_TO_BYTE_ARRAY(i, b) Uint16ToByteArray((i), (BYTE *)(b)) +#define UINT32_TO_BYTE_ARRAY(i, b) Uint32ToByteArray((i), (BYTE *)(b)) +#define UINT64_TO_BYTE_ARRAY(i, b) Uint64ToByteArray((i), (BYTE *)(b)) + + +#else // AUTO_ALIGN + +#if BIG_ENDIAN_TPM +// the big-endian macros for machines that allow unaligned memory access +// Aggregate a byte array into a UINT +#define BYTE_ARRAY_TO_UINT8(b) *((uint8_t *)(b)) +#define BYTE_ARRAY_TO_UINT16(b) *((uint16_t *)(b)) +#define BYTE_ARRAY_TO_UINT32(b) *((uint32_t *)(b)) +#define BYTE_ARRAY_TO_UINT64(b) *((uint64_t *)(b)) + +// Disaggregate a UINT into a byte array + +#define UINT8_TO_BYTE_ARRAY(i, b) {*((uint8_t *)(b)) = (i);} +#define UINT16_TO_BYTE_ARRAY(i, b) {*((uint16_t *)(b)) = (i);} +#define UINT32_TO_BYTE_ARRAY(i, b) {*((uint32_t *)(b)) = (i);} +#define UINT64_TO_BYTE_ARRAY(i, b) {*((uint64_t *)(b)) = (i);} +#else +// the little endian macros for machines that allow unaligned memory access +// the big-endian macros for machines that allow unaligned memory access +// Aggregate a byte array into a UINT +#define BYTE_ARRAY_TO_UINT8(b) *((uint8_t *)(b)) +#define BYTE_ARRAY_TO_UINT16(b) REVERSE_ENDIAN_16(*((uint16_t *)(b))) +#define BYTE_ARRAY_TO_UINT32(b) REVERSE_ENDIAN_32(*((uint32_t *)(b))) +#define BYTE_ARRAY_TO_UINT64(b) REVERSE_ENDIAN_64(*((uint64_t *)(b))) + +// Disaggregate a UINT into a byte array + +#define UINT8_TO_BYTE_ARRAY(i, b) {*((uint8_t *)(b)) = (i);} +#define UINT16_TO_BYTE_ARRAY(i, b) {*((uint16_t *)(b)) = REVERSE_ENDIAN_16(i);} +#define UINT32_TO_BYTE_ARRAY(i, b) {*((uint32_t *)(b)) = REVERSE_ENDIAN_32(i);} +#define UINT64_TO_BYTE_ARRAY(i, b) {*((uint64_t *)(b)) = REVERSE_ENDIAN_64(i);} +#endif // BIG_ENDIAN_TPM + +#endif // AUTO_ALIGN == NO + +#endif // _SWAP_H diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/X509/TpmASN1.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/X509/TpmASN1.c new file mode 100644 index 000000000..f275c5801 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/X509/TpmASN1.c @@ -0,0 +1,514 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +//** Includes +#include "Tpm.h" + +#define _OIDS_ +#include "OIDs.h" + +#include "TpmASN1.h" +#include "TpmASN1_fp.h" + +//** Unmarshaling Functions + +//*** ASN1UnmarshalContextInitialize() +// Function does standard initialization of a context. +// Return Type: BOOL +// TRUE(1) success +// FALSE(0) failure +BOOL +ASN1UnmarshalContextInitialize( + ASN1UnmarshalContext *ctx, + INT16 size, + BYTE *buffer +) +{ + VERIFY(buffer != NULL); + VERIFY(size > 0); + ctx->buffer = buffer; + ctx->size = size; + ctx->offset = 0; + ctx->tag = 0xFF; + return TRUE; +Error: + return FALSE; +} + +//***ASN1DecodeLength() +// This function extracts the length of an element from 'buffer' starting at 'offset'. +// Return Type: UINT16 +// >=0 the extracted length +// <0 an error +INT16 +ASN1DecodeLength( + ASN1UnmarshalContext *ctx +) +{ + BYTE first; // Next octet in buffer + INT16 value; +// + VERIFY(ctx->offset < ctx->size); + first = NEXT_OCTET(ctx); + // If the number of octets of the entity is larger than 127, then the first octet + // is the number of octets in the length specifier. + if(first >= 0x80) + { + // Make sure that this length field is contained with the structure being + // parsed + CHECK_SIZE(ctx, (first & 0x7F)); + if(first == 0x82) + { + // Two octets of size + // get the next value + value = (INT16)NEXT_OCTET(ctx); + // Make sure that the result will fit in an INT16 + VERIFY(value < 0x0080); + // Shift up and add next octet + value = (value << 8) + NEXT_OCTET(ctx); + } + else if(first == 0x81) + value = NEXT_OCTET(ctx); + // Sizes larger than will fit in a INT16 are an error + else + goto Error; + } + else + value = first; + // Make sure that the size defined something within the current context + CHECK_SIZE(ctx, value); + return value; +Error: + ctx->size = -1; // Makes everything fail from now on. + return -1; +} + +//***ASN1NextTag() +// This function extracts the next type from 'buffer' starting at 'offset'. +// It advances 'offset' as it parses the type and the length of the type. It returns +// the length of the type. On return, the 'length' octets starting at 'offset' are the +// octets of the type. +// Return Type: UINT +// >=0 the number of octets in 'type' +// <0 an error +INT16 +ASN1NextTag( + ASN1UnmarshalContext *ctx +) +{ + // A tag to get? + VERIFY(ctx->offset < ctx->size); + // Get it + ctx->tag = NEXT_OCTET(ctx); + // Make sure that it is not an extended tag + VERIFY((ctx->tag & 0x1F) != 0x1F); + // Get the length field and return that + return ASN1DecodeLength(ctx); + +Error: + // Attempt to read beyond the end of the context or an illegal tag + ctx->size = -1; // Persistent failure + ctx->tag = 0xFF; + return -1; +} + + +//*** ASN1GetBitStringValue() +// Try to parse a bit string of up to 32 bits from a value that is expected to be +// a bit string. +// If there is a general parsing error, the context->size is set to -1. +// Return Type: BOOL +// TRUE(1) success +// FALSE(0) failure +BOOL +ASN1GetBitStringValue( + ASN1UnmarshalContext *ctx, + UINT32 *val +) +{ + int shift; + INT16 length; + UINT32 value = 0; +// + + VERIFY((length = ASN1NextTag(ctx)) >= 1); + VERIFY(ctx->tag == ASN1_BITSTRING); + // Get the shift value for the bit field (how many bits to loop off of the end) + shift = NEXT_OCTET(ctx); + length--; + // the shift count has to make sense + VERIFY((shift < 8) && ((length > 0) || (shift == 0))); + // if there are any bytes left + for(; length > 0; length--) + { + if(length > 1) + { + // for all but the last octet, just shift and add the new octet + VERIFY((value & 0xFF000000) == 0); // can't loose significant bits + value = (value << 8) + NEXT_OCTET(ctx); + } + else + { + // for the last octet, just shift the accumulated value enough to + // accept the significant bits in the last octet and shift the last + // octet down + VERIFY(((value & (0xFF000000 << (8 - shift)))) == 0); + value = (value << (8 - shift)) + (NEXT_OCTET(ctx) >> shift); + } + } + *val = value; + return TRUE; +Error: + ctx->size = -1; + return FALSE; +} + +//******************************************************************* +//** Marshaling Functions +//******************************************************************* + +//*** Introduction +// Marshaling of an ASN.1 structure is accomplished from the bottom up. That is, +// the things that will be at the end of the structure are added last. To manage the +// collecting of the relative sizes, start a context for the outermost container, if +// there is one, and then placing items in from the bottom up. If the bottom-most +// item is also within a structure, create a nested context by calling +// ASN1StartMarshalingContext(). +// +// The context control structure contains a 'buffer' pointer, an 'offset', an 'end' +// and a stack. 'offset' is the offset from the start of the buffer of the last added +// byte. When 'offset' reaches 0, the buffer is full. 'offset' is a signed value so +// that, when it becomes negative, there is an overflow. Only two functions are +// allowed to move bytes into the buffer: ASN1PushByte() and ASN1PushBytes(). These +// functions make sure that no data is written beyond the end of the buffer. +// +// When a new context is started, the current value of 'end' is pushed +// on the stack and 'end' is set to 'offset. As bytes are added, offset gets smaller. +// At any time, the count of bytes in the current context is simply 'end' - 'offset'. +// +// Since starting a new context involves setting 'end' = 'offset', the number of bytes +// in the context starts at 0. The nominal way of ending a context is to use +// 'end' - 'offset' to set the length value, and then a tag is added to the buffer. +// Then the previous 'end' value is popped meaning that the context just ended +// becomes a member of the now current context. +// +// The nominal strategy for building a completed ASN.1 structure is to push everything +// into the buffer and then move everything to the start of the buffer. The move is +// simple as the size of the move is the initial 'end' value minus the final 'offset' +// value. The destination is 'buffer' and the source is 'buffer' + 'offset'. As Skippy +// would say "Easy peasy, Joe." +// +// It is not necessary to provide a buffer into which the data is placed. If no buffer +// is provided, then the marshaling process will return values needed for marshaling. +// On strategy for filling the buffer would be to execute the process for building +// the structure without using a buffer. This would return the overall size of the +// structure. Then that amount of data could be allocated for the buffer and the fill +// process executed again with the data going into the buffer. At the end, the data +// would be in its final resting place. + +//*** ASN1InitialializeMarshalContext() +// This creates a structure for handling marshaling of an ASN.1 formatted data +// structure. +void +ASN1InitialializeMarshalContext( + ASN1MarshalContext *ctx, + INT16 length, + BYTE *buffer +) +{ + ctx->buffer = buffer; + if(buffer) + ctx->offset = length; + else + ctx->offset = INT16_MAX; + ctx->end = ctx->offset; + ctx->depth = -1; +} + +//*** ASN1StartMarshalContext() +// This starts a new constructed element. It is constructed on 'top' of the value +// that was previously placed in the structure. +void +ASN1StartMarshalContext( + ASN1MarshalContext *ctx +) +{ + pAssert((ctx->depth + 1) < MAX_DEPTH); + ctx->depth++; + ctx->ends[ctx->depth] = ctx->end; + ctx->end = ctx->offset; +} + +//*** ASN1EndMarshalContext() +// This function restores the end pointer for an encapsulating structure. +// Return Type: INT16 +// > 0 the size of the encapsulated structure that was just ended +// <= 0 an error +INT16 +ASN1EndMarshalContext( + ASN1MarshalContext *ctx +) +{ + INT16 length; + pAssert(ctx->depth >= 0); + length = ctx->end - ctx->offset; + ctx->end = ctx->ends[ctx->depth--]; + if((ctx->depth == -1) && (ctx->buffer)) + { + MemoryCopy(ctx->buffer, ctx->buffer + ctx->offset, ctx->end - ctx->offset); + } + return length; +} + + +//***ASN1EndEncapsulation() +// This function puts a tag and length in the buffer. In this function, an embedded +// BIT_STRING is assumed to be a collection of octets. To indicate that all bits +// are used, a byte of zero is prepended. If a raw bit-string is needed, a new +// function like ASN1PushInteger() would be needed. +// Return Type: INT16 +// > 0 number of octets in the encapsulation +// == 0 failure +UINT16 +ASN1EndEncapsulation( + ASN1MarshalContext *ctx, + BYTE tag +) +{ + // only add a leading zero for an encapsulated BIT STRING + if (tag == ASN1_BITSTRING) + ASN1PushByte(ctx, 0); + ASN1PushTagAndLength(ctx, tag, ctx->end - ctx->offset); + return ASN1EndMarshalContext(ctx); +} + +//*** ASN1PushByte() +BOOL +ASN1PushByte( + ASN1MarshalContext *ctx, + BYTE b +) +{ + if(ctx->offset > 0) + { + ctx->offset -= 1; + if(ctx->buffer) + ctx->buffer[ctx->offset] = b; + return TRUE; + } + ctx->offset = -1; + return FALSE; +} + +//*** ASN1PushBytes() +// Push some raw bytes onto the buffer. 'count' cannot be zero. +// Return Type: IN16 +// > 0 count bytes +// == 0 failure unless count was zero +INT16 +ASN1PushBytes( + ASN1MarshalContext *ctx, + INT16 count, + const BYTE *buffer +) +{ + // make sure that count is not negative which would mess up the math; and that + // if there is a count, there is a buffer + VERIFY((count >= 0) && ((buffer != NULL) || (count == 0))); + // back up the offset to determine where the new octets will get pushed + ctx->offset -= count; + // can't go negative + VERIFY(ctx->offset >= 0); + // if there are buffers, move the data, otherwise, assume that this is just a + // test. + if(count && buffer && ctx->buffer) + MemoryCopy(&ctx->buffer[ctx->offset], buffer, count); + return count; +Error: + ctx->offset = -1; + return 0; +} + +//*** ASN1PushNull() +// Return Type: IN16 +// > 0 count bytes +// == 0 failure unless count was zero +INT16 +ASN1PushNull( + ASN1MarshalContext *ctx +) +{ + ASN1PushByte(ctx, 0); + ASN1PushByte(ctx, ASN1_NULL); + return (ctx->offset >= 0) ? 2 : 0; +} + +//*** ASN1PushLength() +// Push a length value. This will only handle length values that fit in an INT16. +// Return Type: UINT16 +// > 0 number of bytes added +// == 0 failure +INT16 +ASN1PushLength( + ASN1MarshalContext *ctx, + INT16 len +) +{ + UINT16 start = ctx->offset; + VERIFY(len >= 0); + if(len <= 127) + ASN1PushByte(ctx, (BYTE)len); + else + { + ASN1PushByte(ctx, (BYTE)(len & 0xFF)); + len >>= 8; + if(len == 0) + ASN1PushByte(ctx, 0x81); + else + { + ASN1PushByte(ctx, (BYTE)(len)); + ASN1PushByte(ctx, 0x82); + } + } + goto Exit; +Error: + ctx->offset = -1; +Exit: + return (ctx->offset > 0) ? start - ctx->offset : 0; +} + +//*** ASN1PushTagAndLength() +// Return Type: INT16 +// > 0 number of bytes added +// == 0 failure +INT16 +ASN1PushTagAndLength( + ASN1MarshalContext *ctx, + BYTE tag, + INT16 length +) +{ + INT16 bytes; + bytes = ASN1PushLength(ctx, length); + bytes += (INT16)ASN1PushByte(ctx, tag); + return (ctx->offset < 0) ? 0 : bytes; +} + + +//*** ASN1PushTaggedOctetString() +// This function will push a random octet string. +// Return Type: INT16 +// > 0 number of bytes added +// == 0 failure +INT16 +ASN1PushTaggedOctetString( + ASN1MarshalContext *ctx, + INT16 size, + const BYTE *string, + BYTE tag +) +{ + ASN1PushBytes(ctx, size, string); + // PushTagAndLenght just tells how many octets it added so the total size of this + // element is the sum of those octets and input size. + size += ASN1PushTagAndLength(ctx, tag, size); + return size; +} + +//*** ASN1PushUINT() +// This function pushes an native-endian integer value. This just changes a +// native-endian integer into a big-endian byte string and calls ASN1PushInteger(). +// That function will remove leading zeros and make sure that the number is positive. +// Return Type: IN16 +// > 0 count bytes +// == 0 failure unless count was zero +INT16 +ASN1PushUINT( + ASN1MarshalContext *ctx, + UINT32 integer +) +{ + BYTE marshaled[4]; + UINT32_TO_BYTE_ARRAY(integer, marshaled); + return ASN1PushInteger(ctx, 4, marshaled); +} + +//*** ASN1PushInteger +// Push a big-endian integer on the end of the buffer +// Return Type: UINT16 +// > 0 the number of bytes marshaled for the integer +// == 0 failure +INT16 +ASN1PushInteger( + ASN1MarshalContext *ctx, // IN/OUT: buffer context + INT16 iLen, // IN: octets of the integer + BYTE *integer // IN: big-endian integer +) +{ + // no leading 0's + while((*integer == 0) && (--iLen > 0)) + integer++; + // Move the bytes to the buffer + ASN1PushBytes(ctx, iLen, integer); + // if needed, add a leading byte of 0 to make the number positive + if(*integer & 0x80) + iLen += (INT16)ASN1PushByte(ctx, 0); + // PushTagAndLenght just tells how many octets it added so the total size of this + // element is the sum of those octets and the adjusted input size. + iLen += ASN1PushTagAndLength(ctx, ASN1_INTEGER, iLen); + return iLen; +} + +//*** ASN1PushOID() +// This function is used to add an OID. An OID is 0x06 followed by a byte of size +// followed by size bytes. This is used to avoid having to do anything special in the +// definition of an OID. +// Return Type: UINT16 +// > 0 the number of bytes marshaled for the integer +// == 0 failure +INT16 +ASN1PushOID( + ASN1MarshalContext *ctx, + const BYTE *OID +) +{ + if((*OID == ASN1_OBJECT_IDENTIFIER) && ((OID[1] & 0x80) == 0)) + { + return ASN1PushBytes(ctx, OID[1] + 2, OID); + } + ctx->offset = -1; + return 0; +} + + diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/X509/X509_ECC.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/X509/X509_ECC.c new file mode 100644 index 000000000..29a8d5940 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/X509/X509_ECC.c @@ -0,0 +1,146 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +//** Includes +#include "Tpm.h" +#include "X509.h" +#include "OIDs.h" +#include "TpmASN1_fp.h" +#include "X509_spt_fp.h" +#include "CryptHash_fp.h" + +//** Functions + +//*** X509PushPoint() +// This seems like it might be used more than once so... +// Return Type: INT16 +// > 0 number of bytes added +// == 0 failure +INT16 +X509PushPoint( + ASN1MarshalContext *ctx, + TPMS_ECC_POINT *p +) +{ + // Push a bit string containing the public key. For now, push the x, and y + // coordinates of the public point, bottom up + ASN1StartMarshalContext(ctx); // BIT STRING + { + ASN1PushBytes(ctx, p->y.t.size, p->y.t.buffer); + ASN1PushBytes(ctx, p->x.t.size, p->x.t.buffer); + ASN1PushByte(ctx, 0x04); + } + return ASN1EndEncapsulation(ctx, ASN1_BITSTRING); // Ends BIT STRING +} + +//*** X509AddSigningAlgorithmECC() +// This creates the singing algorithm data. +// Return Type: INT16 +// > 0 number of bytes added +// == 0 failure +INT16 +X509AddSigningAlgorithmECC( + OBJECT *signKey, + TPMT_SIG_SCHEME *scheme, + ASN1MarshalContext *ctx +) +{ + PHASH_DEF hashDef = CryptGetHashDef(scheme->details.any.hashAlg); +// + NOT_REFERENCED(signKey); + // If the desired hashAlg definition wasn't found... + if(hashDef->hashAlg != scheme->details.any.hashAlg) + return 0; + + switch(scheme->scheme) + { + case ALG_ECDSA_VALUE: + // Make sure that we have an OID for this hash and ECC + if((hashDef->ECDSA)[0] != ASN1_OBJECT_IDENTIFIER) + break; + // if this is just an implementation check, indicate that this + // combination is supported + if(!ctx) + return 1; + ASN1StartMarshalContext(ctx); + ASN1PushOID(ctx, hashDef->ECDSA); + return ASN1EndEncapsulation(ctx, ASN1_CONSTRUCTED_SEQUENCE); + default: + break; + } + return 0; +} + + +//*** X509AddPublicECC() +// This function will add the publicKey description to the DER data. If ctx is +// NULL, then no data is transferred and this function will indicate if the TPM +// has the values for DER-encoding of the public key. +// Return Type: INT16 +// > 0 number of bytes added +// == 0 failure +INT16 +X509AddPublicECC( + OBJECT *object, + ASN1MarshalContext *ctx +) +{ + const BYTE *curveOid = + CryptEccGetOID(object->publicArea.parameters.eccDetail.curveID); + if((curveOid == NULL) || (*curveOid != ASN1_OBJECT_IDENTIFIER)) + return 0; +// +// +// SEQUENCE (2 elem) 1st +// SEQUENCE (2 elem) 2nd +// OBJECT IDENTIFIER 1.2.840.10045.2.1 ecPublicKey (ANSI X9.62 public key type) +// OBJECT IDENTIFIER 1.2.840.10045.3.1.7 prime256v1 (ANSI X9.62 named curve) +// BIT STRING (520 bit) 000001001010000111010101010111001001101101000100000010... +// + // If this is a check to see if the key can be encoded, it can. + // Need to mark the end sequence + if(ctx == NULL) + return 1; + ASN1StartMarshalContext(ctx); // SEQUENCE (2 elem) 1st + { + X509PushPoint(ctx, &object->publicArea.unique.ecc); // BIT STRING + ASN1StartMarshalContext(ctx); // SEQUENCE (2 elem) 2nd + { + ASN1PushOID(ctx, curveOid); // curve dependent + ASN1PushOID(ctx, OID_ECC_PUBLIC); // (1.2.840.10045.2.1) + } + ASN1EndEncapsulation(ctx, ASN1_CONSTRUCTED_SEQUENCE); // Ends SEQUENCE 2nd + } + return ASN1EndEncapsulation(ctx, ASN1_CONSTRUCTED_SEQUENCE); // Ends SEQUENCE 1st +} \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/X509/X509_RSA.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/X509/X509_RSA.c new file mode 100644 index 000000000..77b827bdf --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/X509/X509_RSA.c @@ -0,0 +1,234 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +//** Includes +#include "Tpm.h" +#include "X509.h" +#include "TpmASN1_fp.h" +#include "X509_spt_fp.h" +#include "CryptHash_fp.h" +#include "CryptRsa_fp.h" + +//** Functions + +#if ALG_RSA + +//*** X509AddSigningAlgorithmRSA() +// This creates the singing algorithm data. +// Return Type: INT16 +// > 0 number of bytes added +// == 0 failure +INT16 +X509AddSigningAlgorithmRSA( + OBJECT *signKey, + TPMT_SIG_SCHEME *scheme, + ASN1MarshalContext *ctx +) +{ + TPM_ALG_ID hashAlg = scheme->details.any.hashAlg; + PHASH_DEF hashDef = CryptGetHashDef(hashAlg); +// + NOT_REFERENCED(signKey); + // return failure if hash isn't implemented + if(hashDef->hashAlg != hashAlg) + return 0; + switch(scheme->scheme) + { + case ALG_RSASSA_VALUE: + { + // if the hash is implemented but there is no PKCS1 OID defined + // then this is not a valid signing combination. + if(hashDef->PKCS1[0] != ASN1_OBJECT_IDENTIFIER) + break; + if(ctx == NULL) + return 1; + ASN1StartMarshalContext(ctx); + ASN1PushOID(ctx, hashDef->PKCS1); + return ASN1EndEncapsulation(ctx, ASN1_CONSTRUCTED_SEQUENCE); + } + case ALG_RSAPSS_VALUE: + // leave if this is just an implementation check + if(ctx == NULL) + return 1; + // In the case of SHA1, everything is default and RFC4055 says that + // implementations that do signature generation MUST omit the parameter + // when defaults are used. )-: + if(hashDef->hashAlg == ALG_SHA1_VALUE) + { + return X509PushAlgorithmIdentifierSequence(ctx, OID_RSAPSS); + } + else + { + // Going to build something that looks like: + // SEQUENCE (2 elem) + // OBJECT IDENTIFIER 1.2.840.113549.1.1.10 rsaPSS (PKCS #1) + // SEQUENCE (3 elem) + // [0] (1 elem) + // SEQUENCE (2 elem) + // OBJECT IDENTIFIER 2.16.840.1.101.3.4.2.1 sha-256 + // NULL + // [1] (1 elem) + // SEQUENCE (2 elem) + // OBJECT IDENTIFIER 1.2.840.113549.1.1.8 pkcs1-MGF + // SEQUENCE (2 elem) + // OBJECT IDENTIFIER 2.16.840.1.101.3.4.2.1 sha-256 + // NULL + // [2] (1 elem) salt length + // INTEGER 32 + + // The indentation is just to keep track of where we are in the + // structure + ASN1StartMarshalContext(ctx); // SEQUENCE (2 elements) + { + ASN1StartMarshalContext(ctx); // SEQUENCE (3 elements) + { + // [2] (1 elem) salt length + // INTEGER 32 + ASN1StartMarshalContext(ctx); + { + INT16 saltSize = + CryptRsaPssSaltSize((INT16)hashDef->digestSize, + (INT16)signKey->publicArea.unique.rsa.t.size); + ASN1PushUINT(ctx, saltSize); + } + ASN1EndEncapsulation(ctx, ASN1_APPLICAIION_SPECIFIC + 2); + + // Add the mask generation algorithm + // [1] (1 elem) + // SEQUENCE (2 elem) 1st + // OBJECT IDENTIFIER 1.2.840.113549.1.1.8 pkcs1-MGF + // SEQUENCE (2 elem) 2nd + // OBJECT IDENTIFIER 2.16.840.1.101.3.4.2.1 sha-256 + // NULL + ASN1StartMarshalContext(ctx); // mask context [1] (1 elem) + { + ASN1StartMarshalContext(ctx); // SEQUENCE (2 elem) 1st + // Handle the 2nd Sequence (sequence (object, null)) + { + X509PushAlgorithmIdentifierSequence(ctx, + hashDef->OID); + // add the pkcs1-MGF OID + ASN1PushOID(ctx, OID_MGF1); + } + // End outer sequence + ASN1EndEncapsulation(ctx, ASN1_CONSTRUCTED_SEQUENCE); + } + // End the [1] + ASN1EndEncapsulation(ctx, ASN1_APPLICAIION_SPECIFIC + 1); + + // Add the hash algorithm + // [0] (1 elem) + // SEQUENCE (2 elem) (done by + // X509PushAlgorithmIdentifierSequence) + // OBJECT IDENTIFIER 2.16.840.1.101.3.4.2.1 sha-256 (NIST) + // NULL + ASN1StartMarshalContext(ctx); // [0] (1 elem) + { + X509PushAlgorithmIdentifierSequence(ctx, hashDef->OID); + } + ASN1EndEncapsulation(ctx, (ASN1_APPLICAIION_SPECIFIC + 0)); + } + // SEQUENCE (3 elements) end + ASN1EndEncapsulation(ctx, ASN1_CONSTRUCTED_SEQUENCE); + + // RSA PSS OID + // OBJECT IDENTIFIER 1.2.840.113549.1.1.10 rsaPSS (PKCS #1) + ASN1PushOID(ctx, OID_RSAPSS); + } + // End Sequence (2 elements) + return ASN1EndEncapsulation(ctx, ASN1_CONSTRUCTED_SEQUENCE); + } + default: + break; + } + return 0; +} + +//*** X509AddPublicRSA() +// This function will add the publicKey description to the DER data. If fillPtr is +// NULL, then no data is transferred and this function will indicate if the TPM +// has the values for DER-encoding of the public key. +// Return Type: INT16 +// > 0 number of bytes added +// == 0 failure +INT16 +X509AddPublicRSA( + OBJECT *object, + ASN1MarshalContext *ctx +) +{ + UINT32 exp = object->publicArea.parameters.rsaDetail.exponent; +// +/* + SEQUENCE (2 elem) 1st + SEQUENCE (2 elem) 2nd + OBJECT IDENTIFIER 1.2.840.113549.1.1.1 rsaEncryption (PKCS #1) + NULL + BIT STRING (1 elem) + SEQUENCE (2 elem) 3rd + INTEGER (2048 bit) 2197304513741227955725834199357401… + INTEGER 65537 +*/ + // If this is a check to see if the key can be encoded, it can. + // Need to mark the end sequence + if(ctx == NULL) + return 1; + ASN1StartMarshalContext(ctx); // SEQUENCE (2 elem) 1st + ASN1StartMarshalContext(ctx); // BIT STRING + ASN1StartMarshalContext(ctx); // SEQUENCE *(2 elem) 3rd + + // Get public exponent in big-endian byte order. + if(exp == 0) + exp = RSA_DEFAULT_PUBLIC_EXPONENT; + + // Push a 4 byte integer. This might get reduced if there are leading zeros or + // extended if the high order byte is negative. + ASN1PushUINT(ctx, exp); + // Push the public key as an integer + ASN1PushInteger(ctx, object->publicArea.unique.rsa.t.size, + object->publicArea.unique.rsa.t.buffer); + // Embed this in a SEQUENCE tag and length in for the key, exponent sequence + ASN1EndEncapsulation(ctx, ASN1_CONSTRUCTED_SEQUENCE); // SEQUENCE (3rd) + + // Embed this in a BIT STRING + ASN1EndEncapsulation(ctx, ASN1_BITSTRING); + + // Now add the formatted SEQUENCE for the RSA public key OID. This is a + // fully constructed value so it doesn't need to have a context started + X509PushAlgorithmIdentifierSequence(ctx, OID_PKCS1_PUB); + + return ASN1EndEncapsulation(ctx, ASN1_CONSTRUCTED_SEQUENCE); +} + +#endif // ALG_RSA \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/X509/X509_spt.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/X509/X509_spt.c new file mode 100644 index 000000000..77fd96ba9 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/X509/X509_spt.c @@ -0,0 +1,295 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +//** Includes +#include "Tpm.h" +#include "TpmASN1.h" +#include "TpmASN1_fp.h" +#define _X509_SPT_ +#include "X509.h" +#include "X509_spt_fp.h" +#if ALG_RSA +# include "X509_RSA_fp.h" +#endif // ALG_RSA +#if ALG_ECC +# include "X509_ECC_fp.h" +#endif // ALG_ECC +#if ALG_SM2 +//# include "X509_SM2_fp.h" +#endif // ALG_RSA + + + +//** Unmarshaling Functions + +//*** X509FindExtensionOID() +// This will search a list of X508 extensions to find an extension with the +// requested OID. If the extension is found, the output context ('ctx') is set up +// to point to the OID in the extension. +// Return Type: BOOL +// TRUE(1) success +// FALSE(0) failure (could be catastrophic) +BOOL +X509FindExtensionByOID( + ASN1UnmarshalContext *ctxIn, // IN: the context to search + ASN1UnmarshalContext *ctx, // OUT: the extension context + const BYTE *OID // IN: oid to search for +) +{ + INT16 length; +// + pAssert(ctxIn != NULL); + // Make the search non-destructive of the input if ctx provided. Otherwise, use + // the provided context. + if (ctx == NULL) + ctx = ctxIn; + else if(ctx != ctxIn) + *ctx = *ctxIn; + for(;ctx->size > ctx->offset; ctx->offset += length) + { + VERIFY((length = ASN1NextTag(ctx)) >= 0); + // If this is not a constructed sequence, then it doesn't belong + // in the extensions. + VERIFY(ctx->tag == ASN1_CONSTRUCTED_SEQUENCE); + // Make sure that this entry could hold the OID + if (length >= OID_SIZE(OID)) + { + // See if this is a match for the provided object identifier. + if (MemoryEqual(OID, &(ctx->buffer[ctx->offset]), OID_SIZE(OID))) + { + // Return with ' ctx' set to point to the start of the OID with the size + // set to be the size of the SEQUENCE + ctx->buffer += ctx->offset; + ctx->offset = 0; + ctx->size = length; + return TRUE; + } + } + } + VERIFY(ctx->offset == ctx->size); + return FALSE; +Error: + ctxIn->size = -1; + ctx->size = -1; + return FALSE; +} + +//*** X509GetExtensionBits() +// This function will extract a bit field from an extension. If the extension doesn't +// contain a bit string, it will fail. +// Return Type: BOOL +// TRUE(1) success +// FALSE(0) failure +UINT32 +X509GetExtensionBits( + ASN1UnmarshalContext *ctx, + UINT32 *value +) +{ + INT16 length; +// + while (((length = ASN1NextTag(ctx)) > 0) && (ctx->size > ctx->offset)) + { + // Since this is an extension, the extension value will be in an OCTET STRING + if (ctx->tag == ASN1_OCTET_STRING) + { + return ASN1GetBitStringValue(ctx, value); + } + ctx->offset += length; + } + ctx->size = -1; + return FALSE; +} + +//***X509ProcessExtensions() +// This function is used to process the TPMA_OBJECT and KeyUsage extensions. It is not +// in the CertifyX509.c code because it makes the code harder to follow. +// Return Type: TPM_RC +// TPM_RCS_ATTRIBUTES the attributes of object are not consistent with +// the extension setting +// TPM_RC_VALUE problem parsing the extensions +TPM_RC +X509ProcessExtensions( + OBJECT *object, // IN: The object with the attributes to + // check + stringRef *extension // IN: The start and length of the extensions +) +{ + ASN1UnmarshalContext ctx; + ASN1UnmarshalContext extensionCtx; + INT16 length; + UINT32 value; +// + if(!ASN1UnmarshalContextInitialize(&ctx, extension->len, extension->buf) + || ((length = ASN1NextTag(&ctx)) < 0) + || (ctx.tag != X509_EXTENSIONS)) + return TPM_RCS_VALUE; + if( ((length = ASN1NextTag(&ctx)) < 0) + || (ctx.tag != (ASN1_CONSTRUCTED_SEQUENCE))) + return TPM_RCS_VALUE; + + // Get the extension for the TPMA_OBJECT if there is one + if(X509FindExtensionByOID(&ctx, &extensionCtx, OID_TCG_TPMA_OBJECT) && + X509GetExtensionBits(&extensionCtx, &value)) + { + // If an keyAttributes extension was found, it must be exactly the same as the + // attributes of the object. + // This cast will work because we know that a TPMA_OBJECT is in a UINT32. + // Set RUNTIME_SIZE_CHECKS to YES to force a check to verify this assumption + // during debug. Doing this is lot easier than having to revisit the code + // any time a new attribute is added. + // NOTE: MemoryEqual() is used to avoid type-punned pointer warning/error. + if(!MemoryEqual(&value, &object->publicArea.objectAttributes, sizeof(value))) + return TPM_RCS_ATTRIBUTES; + } + // Make sure the failure to find the value wasn't because of a fatal error + else if(extensionCtx.size < 0) + return TPM_RCS_VALUE; + + // Get the keyUsage extension. This one is required + if(X509FindExtensionByOID(&ctx, &extensionCtx, OID_KEY_USAGE_EXTENSTION) && + X509GetExtensionBits(&extensionCtx, &value)) + { + x509KeyUsageUnion keyUsage; + TPMA_OBJECT attributes = object->publicArea.objectAttributes; + // + keyUsage.integer = value; + // For KeyUsage: + // the 'sign' attribute is SET if Key Usage includes signing + if( ( (keyUsageSign.integer & keyUsage.integer) != 0 + && !IS_ATTRIBUTE(attributes, TPMA_OBJECT, sign)) + // OR the 'decrypt' attribute is Set if Key Usage includes decryption uses + || ( (keyUsageDecrypt.integer & keyUsage.integer) != 0 + && !IS_ATTRIBUTE(attributes, TPMA_OBJECT, decrypt)) + // OR that 'fixedTPM' is SET if Key Usage is non-repudiation + || ( IS_ATTRIBUTE(keyUsage.x509, TPMA_X509_KEY_USAGE, nonrepudiation) + && !IS_ATTRIBUTE(attributes, TPMA_OBJECT, fixedTPM)) + // OR that 'restricted' is SET if Key Usage is key agreement + || ( IS_ATTRIBUTE(keyUsage.x509, TPMA_X509_KEY_USAGE, keyAgreement) + && !IS_ATTRIBUTE(attributes, TPMA_OBJECT, restricted)) + ) + return TPM_RCS_ATTRIBUTES; + } + else + // The KeyUsage extension is required + return TPM_RCS_VALUE; + + return TPM_RC_SUCCESS; +} + +//** Marshaling Functions + +//*** X509AddSigningAlgorithm() +// This creates the singing algorithm data. +// Return Type: INT16 +// > 0 number of octets added +// <= 0 failure +INT16 +X509AddSigningAlgorithm( + ASN1MarshalContext *ctx, + OBJECT *signKey, + TPMT_SIG_SCHEME *scheme +) +{ + switch(signKey->publicArea.type) + { +#if ALG_RSA + case ALG_RSA_VALUE: + return X509AddSigningAlgorithmRSA(signKey, scheme, ctx); +#endif // ALG_RSA +#if ALG_ECC + case ALG_ECC_VALUE: + return X509AddSigningAlgorithmECC(signKey, scheme, ctx); +#endif // ALG_ECC +#if ALG_SM2 + case ALG_SM2: + return X509AddSigningAlgorithmSM2(signKey, scheme,ctx); +#endif // ALG_SM2 + default: + break; + } + return 0; +} + +//*** X509AddPublicKey() +// This function will add the publicKey description to the DER data. If fillPtr is +// NULL, then no data is transferred and this function will indicate if the TPM +// has the values for DER-encoding of the public key. +// Return Type: INT16 +// > 0 number of octets added +// == 0 failure +INT16 +X509AddPublicKey( + ASN1MarshalContext *ctx, + OBJECT *object +) +{ + switch(object->publicArea.type) + { +#if ALG_RSA + case ALG_RSA_VALUE: + return X509AddPublicRSA(object, ctx); +#endif +#if ALG_ECC + case ALG_ECC_VALUE: + return X509AddPublicECC(object, ctx); +#endif +#if ALG_SM2 + case ALG_SM2_VALUE: + break; +#endif + default: + break; + } + return FALSE; +} + + +//*** X509PushAlgorithmIdentifierSequence() +// Return Type: INT16 +// > 0 number of bytes added +// == 0 failure +INT16 +X509PushAlgorithmIdentifierSequence( + ASN1MarshalContext *ctx, + const BYTE *OID + ) +{ + ASN1StartMarshalContext(ctx); // hash algorithm + ASN1PushNull(ctx); + ASN1PushOID(ctx, OID); + return ASN1EndEncapsulation(ctx, ASN1_CONSTRUCTED_SEQUENCE); +} + + diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Asymmetric/ECC_Parameters.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Asymmetric/ECC_Parameters.c new file mode 100644 index 000000000..c03476879 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Asymmetric/ECC_Parameters.c @@ -0,0 +1,61 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "ECC_Parameters_fp.h" + +#if CC_ECC_Parameters // Conditional expansion of this file + +/*(See part 3 specification) +// This command returns the parameters of an ECC curve identified by its TCG +// assigned curveID +*/ +// Return Type: TPM_RC +// TPM_RC_VALUE Unsupported ECC curve ID +TPM_RC +TPM2_ECC_Parameters( + ECC_Parameters_In *in, // IN: input parameter list + ECC_Parameters_Out *out // OUT: output parameter list + ) +{ +// Command Output + + // Get ECC curve parameters + if(CryptEccGetParameters(in->curveID, &out->parameters)) + return TPM_RC_SUCCESS; + else + return TPM_RCS_VALUE + RC_ECC_Parameters_curveID; +} + +#endif // CC_ECC_Parameters \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Asymmetric/ECDH_KeyGen.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Asymmetric/ECDH_KeyGen.c new file mode 100644 index 000000000..9c7ac3341 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Asymmetric/ECDH_KeyGen.c @@ -0,0 +1,92 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "ECDH_KeyGen_fp.h" + +#if CC_ECDH_KeyGen // Conditional expansion of this file + +/*(See part 3 specification) +// This command uses the TPM to generate an ephemeral public key and the product +// of the ephemeral private key and the public portion of an ECC key. +*/ +// Return Type: TPM_RC +// TPM_RC_KEY 'keyHandle' does not reference an ECC key +TPM_RC +TPM2_ECDH_KeyGen( + ECDH_KeyGen_In *in, // IN: input parameter list + ECDH_KeyGen_Out *out // OUT: output parameter list + ) +{ + OBJECT *eccKey; + TPM2B_ECC_PARAMETER sensitive; + TPM_RC result; + +// Input Validation + + eccKey = HandleToObject(in->keyHandle); + + // Referenced key must be an ECC key + if(eccKey->publicArea.type != TPM_ALG_ECC) + return TPM_RCS_KEY + RC_ECDH_KeyGen_keyHandle; + +// Command Output + do + { + TPMT_PUBLIC *keyPublic = &eccKey->publicArea; + // Create ephemeral ECC key + result = CryptEccNewKeyPair(&out->pubPoint.point, &sensitive, + keyPublic->parameters.eccDetail.curveID); + if(result == TPM_RC_SUCCESS) + { + // Compute Z + result = CryptEccPointMultiply(&out->zPoint.point, + keyPublic->parameters.eccDetail.curveID, + &keyPublic->unique.ecc, + &sensitive, + NULL, NULL); + // The point in the key is not on the curve. Indicate + // that the key is bad. + if(result == TPM_RC_ECC_POINT) + return TPM_RCS_KEY + RC_ECDH_KeyGen_keyHandle; + // The other possible error from CryptEccPointMultiply is + // TPM_RC_NO_RESULT indicating that the multiplication resulted in + // the point at infinity, so get a new random key and start over + // BTW, this never happens. + } + } while(result == TPM_RC_NO_RESULT); + return result; +} + +#endif // CC_ECDH_KeyGen \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Asymmetric/ECDH_ZGen.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Asymmetric/ECDH_ZGen.c new file mode 100644 index 000000000..f2a6135b1 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Asymmetric/ECDH_ZGen.c @@ -0,0 +1,86 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "ECDH_ZGen_fp.h" + +#if CC_ECDH_ZGen // Conditional expansion of this file + +/*(See part 3 specification) +// This command uses the TPM to recover the Z value from a public point +*/ +// Return Type: TPM_RC +// TPM_RC_ATTRIBUTES key referenced by 'keyA' is restricted or +// not a decrypt key +// TPM_RC_KEY key referenced by 'keyA' is not an ECC key +// TPM_RC_NO_RESULT multiplying 'inPoint' resulted in a +// point at infinity +// TPM_RC_SCHEME the scheme of the key referenced by 'keyA' +// is not TPM_ALG_NULL, TPM_ALG_ECDH, +TPM_RC +TPM2_ECDH_ZGen( + ECDH_ZGen_In *in, // IN: input parameter list + ECDH_ZGen_Out *out // OUT: output parameter list + ) +{ + TPM_RC result; + OBJECT *eccKey; + +// Input Validation + eccKey = HandleToObject(in->keyHandle); + + // Selected key must be a non-restricted, decrypt ECC key + if(eccKey->publicArea.type != TPM_ALG_ECC) + return TPM_RCS_KEY + RC_ECDH_ZGen_keyHandle; + // Selected key needs to be unrestricted with the 'decrypt' attribute + if(IS_ATTRIBUTE(eccKey->publicArea.objectAttributes, TPMA_OBJECT, restricted) + || !IS_ATTRIBUTE(eccKey->publicArea.objectAttributes, TPMA_OBJECT, decrypt)) + return TPM_RCS_ATTRIBUTES + RC_ECDH_ZGen_keyHandle; + // Make sure the scheme allows this use + if(eccKey->publicArea.parameters.eccDetail.scheme.scheme != TPM_ALG_ECDH + && eccKey->publicArea.parameters.eccDetail.scheme.scheme != TPM_ALG_NULL) + return TPM_RCS_SCHEME + RC_ECDH_ZGen_keyHandle; +// Command Output + // Compute Z. TPM_RC_ECC_POINT or TPM_RC_NO_RESULT may be returned here. + result = CryptEccPointMultiply(&out->outPoint.point, + eccKey->publicArea.parameters.eccDetail.curveID, + &in->inPoint.point, + &eccKey->sensitive.sensitive.ecc, + NULL, NULL); + if(result != TPM_RC_SUCCESS) + return RcSafeAddToResult(result, RC_ECDH_ZGen_inPoint); + return result; +} + +#endif // CC_ECDH_ZGen \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Asymmetric/EC_Ephemeral.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Asymmetric/EC_Ephemeral.c new file mode 100644 index 000000000..6125e586b --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Asymmetric/EC_Ephemeral.c @@ -0,0 +1,73 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "EC_Ephemeral_fp.h" + +#if CC_EC_Ephemeral // Conditional expansion of this file + +/*(See part 3 specification) +// This command creates an ephemeral key using the commit mechanism +*/ +// Return Type: TPM_RC +// TPM_RC_NO_RESULT the TPM is not able to generate an 'r' value +TPM_RC +TPM2_EC_Ephemeral( + EC_Ephemeral_In *in, // IN: input parameter list + EC_Ephemeral_Out *out // OUT: output parameter list + ) +{ + TPM2B_ECC_PARAMETER r; + TPM_RC result; +// + do + { + // Get the random value that will be used in the point multiplications + // Note: this does not commit the count. + if(!CryptGenerateR(&r, NULL, in->curveID, NULL)) + return TPM_RC_NO_RESULT; + // do a point multiply + result = CryptEccPointMultiply(&out->Q.point, in->curveID, NULL, &r, + NULL, NULL); + // commit the count value if either the r value results in the point at + // infinity or if the value is good. The commit on the r value for infinity + // is so that the r value will be skipped. + if((result == TPM_RC_SUCCESS) || (result == TPM_RC_NO_RESULT)) + out->counter = CryptCommit(); + } while(result == TPM_RC_NO_RESULT); + + return TPM_RC_SUCCESS; +} + +#endif // CC_EC_Ephemeral \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Asymmetric/RSA_Decrypt.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Asymmetric/RSA_Decrypt.c new file mode 100644 index 000000000..0e41fa4e0 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Asymmetric/RSA_Decrypt.c @@ -0,0 +1,106 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "RSA_Decrypt_fp.h" + +#if CC_RSA_Decrypt // Conditional expansion of this file + +/*(See part 3 specification) +// decrypts the provided data block and removes the padding if applicable +*/ +// Return Type: TPM_RC +// TPM_RC_ATTRIBUTES 'decrypt' is not SET or if 'restricted' is SET in +// the key referenced by 'keyHandle' +// TPM_RC_BINDING The public an private parts of the key are not +// properly bound +// TPM_RC_KEY 'keyHandle' does not reference an unrestricted +// decrypt key +// TPM_RC_SCHEME incorrect input scheme, or the chosen +// 'scheme' is not a valid RSA decrypt scheme +// TPM_RC_SIZE 'cipherText' is not the size of the modulus +// of key referenced by 'keyHandle' +// TPM_RC_VALUE 'label' is not a null terminated string or the value +// of 'cipherText' is greater that the modulus of +// 'keyHandle' or the encoding of the data is not +// valid + +TPM_RC +TPM2_RSA_Decrypt( + RSA_Decrypt_In *in, // IN: input parameter list + RSA_Decrypt_Out *out // OUT: output parameter list + ) +{ + TPM_RC result; + OBJECT *rsaKey; + TPMT_RSA_DECRYPT *scheme; + +// Input Validation + + rsaKey = HandleToObject(in->keyHandle); + + // The selected key must be an RSA key + if(rsaKey->publicArea.type != TPM_ALG_RSA) + return TPM_RCS_KEY + RC_RSA_Decrypt_keyHandle; + + // The selected key must be an unrestricted decryption key + if(IS_ATTRIBUTE(rsaKey->publicArea.objectAttributes, TPMA_OBJECT, restricted) + || !IS_ATTRIBUTE(rsaKey->publicArea.objectAttributes, TPMA_OBJECT, decrypt)) + return TPM_RCS_ATTRIBUTES + RC_RSA_Decrypt_keyHandle; + + // NOTE: Proper operation of this command requires that the sensitive area + // of the key is loaded. This is assured because authorization is required + // to use the sensitive area of the key. In order to check the authorization, + // the sensitive area has to be loaded, even if authorization is with policy. + + // If label is present, make sure that it is a NULL-terminated string + if(!IsLabelProperlyFormatted(&in->label.b)) + return TPM_RCS_VALUE + RC_RSA_Decrypt_label; +// Command Output + // Select a scheme for decrypt. + scheme = CryptRsaSelectScheme(in->keyHandle, &in->inScheme); + if(scheme == NULL) + return TPM_RCS_SCHEME + RC_RSA_Decrypt_inScheme; + + // Decryption. TPM_RC_VALUE, TPM_RC_SIZE, and TPM_RC_KEY error may be + // returned by CryptRsaDecrypt. + // NOTE: CryptRsaDecrypt can also return TPM_RC_ATTRIBUTES or TPM_RC_BINDING + // when the key is not a decryption key but that was checked above. + out->message.t.size = sizeof(out->message.t.buffer); + result = CryptRsaDecrypt(&out->message.b, &in->cipherText.b, rsaKey, + scheme, &in->label.b); + return result; +} + +#endif // CC_RSA_Decrypt \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Asymmetric/RSA_Encrypt.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Asymmetric/RSA_Encrypt.c new file mode 100644 index 000000000..3ba397c90 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Asymmetric/RSA_Encrypt.c @@ -0,0 +1,90 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "RSA_Encrypt_fp.h" + +#if CC_RSA_Encrypt // Conditional expansion of this file + +/*(See part 3 specification) +// This command performs the padding and encryption of a data block +*/ +// Return Type: TPM_RC +// TPM_RC_ATTRIBUTES 'decrypt' attribute is not SET in key referenced +// by 'keyHandle' +// TPM_RC_KEY 'keyHandle' does not reference an RSA key +// TPM_RC_SCHEME incorrect input scheme, or the chosen +// scheme is not a valid RSA decrypt scheme +// TPM_RC_VALUE the numeric value of 'message' is greater than +// the public modulus of the key referenced by +// 'keyHandle', or 'label' is not a null-terminated +// string +TPM_RC +TPM2_RSA_Encrypt( + RSA_Encrypt_In *in, // IN: input parameter list + RSA_Encrypt_Out *out // OUT: output parameter list + ) +{ + TPM_RC result; + OBJECT *rsaKey; + TPMT_RSA_DECRYPT *scheme; +// Input Validation + rsaKey = HandleToObject(in->keyHandle); + + // selected key must be an RSA key + if(rsaKey->publicArea.type != TPM_ALG_RSA) + return TPM_RCS_KEY + RC_RSA_Encrypt_keyHandle; + // selected key must have the decryption attribute + if(!IS_ATTRIBUTE(rsaKey->publicArea.objectAttributes, TPMA_OBJECT, decrypt)) + return TPM_RCS_ATTRIBUTES + RC_RSA_Encrypt_keyHandle; + + // Is there a label? + if(!IsLabelProperlyFormatted(&in->label.b)) + return TPM_RCS_VALUE + RC_RSA_Encrypt_label; +// Command Output + // Select a scheme for encryption + scheme = CryptRsaSelectScheme(in->keyHandle, &in->inScheme); + if(scheme == NULL) + return TPM_RCS_SCHEME + RC_RSA_Encrypt_inScheme; + + // Encryption. TPM_RC_VALUE, or TPM_RC_SCHEME errors my be returned buy + // CryptEncyptRSA. + out->outData.t.size = sizeof(out->outData.t.buffer); + + result = CryptRsaEncrypt(&out->outData, &in->message.b, rsaKey, scheme, + &in->label.b, NULL); + return result; +} + +#endif // CC_RSA_Encrypt \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Asymmetric/ZGen_2Phase.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Asymmetric/ZGen_2Phase.c new file mode 100644 index 000000000..955ba0b56 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Asymmetric/ZGen_2Phase.c @@ -0,0 +1,121 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "ZGen_2Phase_fp.h" + +#if CC_ZGen_2Phase // Conditional expansion of this file + +// This command uses the TPM to recover one or two Z values in a two phase key +// exchange protocol +// Return Type: TPM_RC +// TPM_RC_ATTRIBUTES key referenced by 'keyA' is restricted or +// not a decrypt key +// TPM_RC_ECC_POINT 'inQsB' or 'inQeB' is not on the curve of +// the key reference by 'keyA' +// TPM_RC_KEY key referenced by 'keyA' is not an ECC key +// TPM_RC_SCHEME the scheme of the key referenced by 'keyA' +// is not TPM_ALG_NULL, TPM_ALG_ECDH, +// ALG_ECMQV or TPM_ALG_SM2 +TPM_RC +TPM2_ZGen_2Phase( + ZGen_2Phase_In *in, // IN: input parameter list + ZGen_2Phase_Out *out // OUT: output parameter list + ) +{ + TPM_RC result; + OBJECT *eccKey; + TPM2B_ECC_PARAMETER r; + TPM_ALG_ID scheme; + +// Input Validation + + eccKey = HandleToObject(in->keyA); + + // keyA must be an ECC key + if(eccKey->publicArea.type != TPM_ALG_ECC) + return TPM_RCS_KEY + RC_ZGen_2Phase_keyA; + + // keyA must not be restricted and must be a decrypt key + if(IS_ATTRIBUTE(eccKey->publicArea.objectAttributes, TPMA_OBJECT, restricted) + || !IS_ATTRIBUTE(eccKey->publicArea.objectAttributes, TPMA_OBJECT, decrypt)) + return TPM_RCS_ATTRIBUTES + RC_ZGen_2Phase_keyA; + + // if the scheme of keyA is TPM_ALG_NULL, then use the input scheme; otherwise + // the input scheme must be the same as the scheme of keyA + scheme = eccKey->publicArea.parameters.asymDetail.scheme.scheme; + if(scheme != TPM_ALG_NULL) + { + if(scheme != in->inScheme) + return TPM_RCS_SCHEME + RC_ZGen_2Phase_inScheme; + } + else + scheme = in->inScheme; + if(scheme == TPM_ALG_NULL) + return TPM_RCS_SCHEME + RC_ZGen_2Phase_inScheme; + + // Input points must be on the curve of keyA + if(!CryptEccIsPointOnCurve(eccKey->publicArea.parameters.eccDetail.curveID, + &in->inQsB.point)) + return TPM_RCS_ECC_POINT + RC_ZGen_2Phase_inQsB; + + if(!CryptEccIsPointOnCurve(eccKey->publicArea.parameters.eccDetail.curveID, + &in->inQeB.point)) + return TPM_RCS_ECC_POINT + RC_ZGen_2Phase_inQeB; + + if(!CryptGenerateR(&r, &in->counter, + eccKey->publicArea.parameters.eccDetail.curveID, + NULL)) + return TPM_RCS_VALUE + RC_ZGen_2Phase_counter; + +// Command Output + + result = + CryptEcc2PhaseKeyExchange(&out->outZ1.point, + &out->outZ2.point, + eccKey->publicArea.parameters.eccDetail.curveID, + scheme, + &eccKey->sensitive.sensitive.ecc, + &r, + &in->inQsB.point, + &in->inQeB.point); + if(result == TPM_RC_SCHEME) + return TPM_RCS_SCHEME + RC_ZGen_2Phase_inScheme; + + if(result == TPM_RC_SUCCESS) + CryptEndCommit(in->counter); + + return result; +} +#endif // CC_ZGen_2Phase \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/AttachedComponent/AC_GetCapability.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/AttachedComponent/AC_GetCapability.c new file mode 100644 index 000000000..18106eaaf --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/AttachedComponent/AC_GetCapability.c @@ -0,0 +1,56 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "AC_GetCapability_fp.h" +#include "AC_spt_fp.h" + +#if CC_AC_GetCapability // Conditional expansion of this file + +/*(See part 3 specification) +// This command returns various information regarding Attached Components +*/ +TPM_RC +TPM2_AC_GetCapability( + AC_GetCapability_In *in, // IN: input parameter list + AC_GetCapability_Out *out // OUT: output parameter list + ) +{ +// Command Output + out->moreData = AcCapabilitiesGet(in->ac, in->count, &out->capabilitiesData); + + return TPM_RC_SUCCESS; +} + +#endif // CC_AC_GetCapability \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/AttachedComponent/AC_Send.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/AttachedComponent/AC_Send.c new file mode 100644 index 000000000..1477c7f24 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/AttachedComponent/AC_Send.c @@ -0,0 +1,102 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "AC_Send_fp.h" +#include "AC_spt_fp.h" + + +#if CC_AC_Send // Conditional expansion of this file + +/*(See part 3 specification) +// Duplicate a loaded object +*/ +// Return Type: TPM_RC +// TPM_RC_ATTRIBUTES key to duplicate has 'fixedParent' SET +// TPM_RC_HASH for an RSA key, the nameAlg digest size for the +// newParent is not compatible with the key size +// TPM_RC_HIERARCHY 'encryptedDuplication' is SET and 'newParentHandle' +// specifies Null Hierarchy +// TPM_RC_KEY 'newParentHandle' references invalid ECC key (public +// point not on the curve) +// TPM_RC_SIZE input encryption key size does not match the +// size specified in symmetric algorithm +// TPM_RC_SYMMETRIC 'encryptedDuplication' is SET but no symmetric +// algorithm is provided +// TPM_RC_TYPE 'newParentHandle' is neither a storage key nor +// TPM_RH_NULL; or the object has a NULL nameAlg +// TPM_RC_VALUE for an RSA newParent, the sizes of the digest and +// the encryption key are too large to be OAEP encoded +TPM_RC +TPM2_AC_Send( + AC_Send_In *in, // IN: input parameter list + AC_Send_Out *out // OUT: output parameter list +) +{ + NV_REF locator; + TPM_HANDLE nvAlias = ((in->ac - AC_FIRST) + NV_AC_FIRST); + NV_INDEX *nvIndex = NvGetIndexInfo(nvAlias, &locator); + OBJECT *object = HandleToObject(in->sendObject); + TPM_RC result; +// Input validation + // If there is an NV alias, then the index must allow the authorization provided + if(nvIndex != NULL) + { + // Common access checks, NvWriteAccessCheck() may return + // TPM_RC_NV_AUTHORIZATION or TPM_RC_NV_LOCKED + result = NvWriteAccessChecks(in->authHandle, nvAlias, + nvIndex->publicArea.attributes); + if(result != TPM_RC_SUCCESS) + return result; + } + // If 'ac' did not have an alias then the authorization had to be with either + // platform or owner authorization. The type of TPMI_RH_NV_AUTH only allows + // owner or platform or an NV index. If it was a valid index, it would have had + // an alias and be processed above, so only success here is if this is a + // permanent handle. + else if(HandleGetType(in->authHandle) != TPM_HT_PERMANENT) + return TPM_RCS_HANDLE + RC_AC_Send_authHandle; + // Make sure that the object to be duplicated has the right attributes + if(IS_ATTRIBUTE(object->publicArea.objectAttributes, + TPMA_OBJECT, encryptedDuplication) + || IS_ATTRIBUTE(object->publicArea.objectAttributes, TPMA_OBJECT, + fixedParent) + || IS_ATTRIBUTE(object->publicArea.objectAttributes, TPMA_OBJECT, fixedTPM)) + return TPM_RCS_ATTRIBUTES + RC_AC_Send_sendObject; +// Command output + // Do the implementation dependent send + return AcSendObject(in->ac, object, &out->acDataOut); +} + +#endif // TPM_CC_AC_Send \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/AttachedComponent/AC_spt.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/AttachedComponent/AC_spt.c new file mode 100644 index 000000000..b938bee30 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/AttachedComponent/AC_spt.c @@ -0,0 +1,149 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +//** Includes +#include "Tpm.h" +#include "AC_spt_fp.h" + + +#if 1 // This is the simulated AC data. + +typedef struct { + TPMI_RH_AC ac; + TPML_AC_CAPABILITIES *acData; + +} acCapabilities; + + +TPML_AC_CAPABILITIES acData0001 = {1, + {{TPM_AT_PV1, 0x01234567}}}; + +acCapabilities ac[1] = { {0x0001, &acData0001} }; + +#define NUM_AC (sizeof(ac) / sizeof(acCapabilities)) + +#endif // 1 The simulated AC data + +//*** AcToCapabilities() +// This function returns a pointer to a list of AC capabilities. +TPML_AC_CAPABILITIES * +AcToCapabilities( + TPMI_RH_AC component // IN: component +) +{ + UINT32 index; +// + for(index = 0; index < NUM_AC; index++) + { + if(ac[index].ac == component) + return ac[index].acData; + } + return NULL; +} + +//*** AcIsAccessible() +// Function to determine if an AC handle references an actual AC +// Return Type: BOOL +BOOL +AcIsAccessible( + TPM_HANDLE acHandle + ) +{ + // In this implementation, the AC exists if there are some capabilities to go + // with the handle + return AcToCapabilities(acHandle) != NULL; +} + +//*** AcCapabilitiesGet() +// This function returns a list of capabilities associated with an AC +// Return Type: TPMI_YES_NO +// YES if there are more handles available +// NO all the available handles has been returned +TPMI_YES_NO +AcCapabilitiesGet( + TPMI_RH_AC component, // IN: the component + TPM_AT type, // IN: start capability type + TPML_AC_CAPABILITIES *capabilityList // OUT: list of handle +) +{ + TPMI_YES_NO more = NO; + UINT32 i; + TPML_AC_CAPABILITIES *capabilities = AcToCapabilities(component); + + pAssert(HandleGetType(component) == TPM_HT_AC); + + // Initialize output handle list + capabilityList->count = 0; + + if(capabilities != NULL) + { + // Find the first capability less than or equal to type + for(i = 0; i < capabilities->count; i++) + { + if(capabilities->acCapabilities[i].tag >= type) + { + // copy the capabilities until we run out or fill the list + for(; (capabilityList->count < MAX_AC_CAPABILITIES) + && (i < capabilities->count); i++) + { + capabilityList->acCapabilities[capabilityList->count] + = capabilities->acCapabilities[i]; + capabilityList->count++; + } + more = i < capabilities->count; + } + } + } + return more; +} + + +//*** AcSendObject() +// Stub to handle sending of an AC object +// Return Type: TPM_RC +TPM_RC +AcSendObject( + TPM_HANDLE acHandle, // IN: Handle of AC receiving object + OBJECT *object, // IN: object structure to send + TPMS_AC_OUTPUT *acDataOut // OUT: results of operation +) +{ + NOT_REFERENCED(object); + NOT_REFERENCED(acHandle); + acDataOut->tag = TPM_AT_ERROR; // indicate that the response contains an + // error code + acDataOut->data = TPM_AE_NONE; // but there is no error. + + return TPM_RC_SUCCESS; +} diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/AttachedComponent/Policy_AC_SendSelect.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/AttachedComponent/Policy_AC_SendSelect.c new file mode 100644 index 000000000..8973e1911 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/AttachedComponent/Policy_AC_SendSelect.c @@ -0,0 +1,115 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "Policy_AC_SendSelect_fp.h" + +#if CC_Policy_AC_SendSelect // Conditional expansion of this file + +/*(See part 3 specification) +// allows qualification of attached component and object to be sent. +*/ +// Return Type: TPM_RC +// TPM_RC_COMMAND_CODE 'commandCode' of 'policySession; is not empty +// TPM_RC_CPHASH 'cpHash' of 'policySession' is not empty +TPM_RC +TPM2_Policy_AC_SendSelect( + Policy_AC_SendSelect_In *in // IN: input parameter list + ) +{ + SESSION *session; + HASH_STATE hashState; + TPM_CC commandCode = TPM_CC_Policy_AC_SendSelect; + +// Input Validation + + // Get pointer to the session structure + session = SessionGet(in->policySession); + + // cpHash in session context must be empty + if(session->u1.cpHash.t.size != 0) + return TPM_RC_CPHASH; + // commandCode in session context must be empty + if(session->commandCode != 0) + return TPM_RC_COMMAND_CODE; +// Internal Data Update + // Update name hash + session->u1.cpHash.t.size = CryptHashStart(&hashState, session->authHashAlg); + + // add objectName + CryptDigestUpdate2B(&hashState, &in->objectName.b); + + // add authHandleName + CryptDigestUpdate2B(&hashState, &in->authHandleName.b); + + // add ac name + CryptDigestUpdate2B(&hashState, &in->acName.b); + + // complete hash + CryptHashEnd2B(&hashState, &session->u1.cpHash.b); + + // update policy hash + // Old policyDigest size should be the same as the new policyDigest size since + // they are using the same hash algorithm + session->u2.policyDigest.t.size + = CryptHashStart(&hashState, session->authHashAlg); +// add old policy + CryptDigestUpdate2B(&hashState, &session->u2.policyDigest.b); + + // add command code + CryptDigestUpdateInt(&hashState, sizeof(TPM_CC), commandCode); + + // add objectName + if(in->includeObject == YES) + CryptDigestUpdate2B(&hashState, &in->objectName.b); + + // add authHandleName + CryptDigestUpdate2B(&hashState, &in->authHandleName.b); + + // add acName + CryptDigestUpdate2B(&hashState, &in->acName.b); + + // add includeObject + CryptDigestUpdateInt(&hashState, sizeof(TPMI_YES_NO), in->includeObject); + + // complete digest + CryptHashEnd2B(&hashState, &session->u2.policyDigest.b); + + // set commandCode in session context + session->commandCode = TPM_CC_AC_Send; + + return TPM_RC_SUCCESS; +} + +#endif // CC_PolicyDuplicationSelect \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/Attest_spt.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/Attest_spt.c new file mode 100644 index 000000000..2715c38f7 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/Attest_spt.c @@ -0,0 +1,198 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +//** Includes +#include "Tpm.h" +#include "Attest_spt_fp.h" + +//** Functions + +//***FillInAttestInfo() +// Fill in common fields of TPMS_ATTEST structure. +void +FillInAttestInfo( + TPMI_DH_OBJECT signHandle, // IN: handle of signing object + TPMT_SIG_SCHEME *scheme, // IN/OUT: scheme to be used for signing + TPM2B_DATA *data, // IN: qualifying data + TPMS_ATTEST *attest // OUT: attest structure + ) +{ + OBJECT *signObject = HandleToObject(signHandle); + + // Magic number + attest->magic = TPM_GENERATED_VALUE; + + if(signObject == NULL) + { + // The name for a null handle is TPM_RH_NULL + // This is defined because UINT32_TO_BYTE_ARRAY does a cast. If the + // size of the cast is smaller than a constant, the compiler warns + // about the truncation of a constant value. + TPM_HANDLE nullHandle = TPM_RH_NULL; + attest->qualifiedSigner.t.size = sizeof(TPM_HANDLE); + UINT32_TO_BYTE_ARRAY(nullHandle, attest->qualifiedSigner.t.name); + } + else + { + // Certifying object qualified name + // if the scheme is anonymous, this is an empty buffer + if(CryptIsSchemeAnonymous(scheme->scheme)) + attest->qualifiedSigner.t.size = 0; + else + attest->qualifiedSigner = signObject->qualifiedName; + } + // current clock in plain text + TimeFillInfo(&attest->clockInfo); + + // Firmware version in plain text + attest->firmwareVersion = ((UINT64)gp.firmwareV1 << (sizeof(UINT32) * 8)); + attest->firmwareVersion += gp.firmwareV2; + + // Check the hierarchy of sign object. For NULL sign handle, the hierarchy + // will be TPM_RH_NULL + if((signObject == NULL) + || (!signObject->attributes.epsHierarchy + && !signObject->attributes.ppsHierarchy)) + { + // For signing key that is not in platform or endorsement hierarchy, + // obfuscate the reset, restart and firmware version information + UINT64 obfuscation[2]; + CryptKDFa(CONTEXT_INTEGRITY_HASH_ALG, &gp.shProof.b, OBFUSCATE_STRING, + &attest->qualifiedSigner.b, NULL, 128, + (BYTE *)&obfuscation[0], NULL, FALSE); + // Obfuscate data + attest->firmwareVersion += obfuscation[0]; + attest->clockInfo.resetCount += (UINT32)(obfuscation[1] >> 32); + attest->clockInfo.restartCount += (UINT32)obfuscation[1]; + } + // External data + if(CryptIsSchemeAnonymous(scheme->scheme)) + attest->extraData.t.size = 0; + else + { + // If we move the data to the attestation structure, then it is not + // used in the signing operation except as part of the signed data + attest->extraData = *data; + data->t.size = 0; + } +} + +//***SignAttestInfo() +// Sign a TPMS_ATTEST structure. If signHandle is TPM_RH_NULL, a null signature +// is returned. +// +// Return Type: TPM_RC +// TPM_RC_ATTRIBUTES 'signHandle' references not a signing key +// TPM_RC_SCHEME 'scheme' is not compatible with 'signHandle' type +// TPM_RC_VALUE digest generated for the given 'scheme' is greater than +// the modulus of 'signHandle' (for an RSA key); +// invalid commit status or failed to generate "r" value +// (for an ECC key) +TPM_RC +SignAttestInfo( + OBJECT *signKey, // IN: sign object + TPMT_SIG_SCHEME *scheme, // IN: sign scheme + TPMS_ATTEST *certifyInfo, // IN: the data to be signed + TPM2B_DATA *qualifyingData, // IN: extra data for the signing + // process + TPM2B_ATTEST *attest, // OUT: marshaled attest blob to be + // signed + TPMT_SIGNATURE *signature // OUT: signature + ) +{ + BYTE *buffer; + HASH_STATE hashState; + TPM2B_DIGEST digest; + TPM_RC result; + + // Marshal TPMS_ATTEST structure for hash + buffer = attest->t.attestationData; + attest->t.size = TPMS_ATTEST_Marshal(certifyInfo, &buffer, NULL); + + if(signKey == NULL) + { + signature->sigAlg = TPM_ALG_NULL; + result = TPM_RC_SUCCESS; + } + else + { + TPMI_ALG_HASH hashAlg; + // Compute hash + hashAlg = scheme->details.any.hashAlg; + // need to set the receive buffer to get something put in it + digest.t.size = sizeof(digest.t.buffer); + digest.t.size = CryptHashBlock(hashAlg, attest->t.size, + attest->t.attestationData, + digest.t.size, digest.t.buffer); + // If there is qualifying data, need to rehash the data + // hash(qualifyingData || hash(attestationData)) + if(qualifyingData->t.size != 0) + { + CryptHashStart(&hashState, hashAlg); + CryptDigestUpdate2B(&hashState, &qualifyingData->b); + CryptDigestUpdate2B(&hashState, &digest.b); + CryptHashEnd2B(&hashState, &digest.b); + } + // Sign the hash. A TPM_RC_VALUE, TPM_RC_SCHEME, or + // TPM_RC_ATTRIBUTES error may be returned at this point + result = CryptSign(signKey, scheme, &digest, signature); + + // Since the clock is used in an attestation, the state in NV is no longer + // "orderly" with respect to the data in RAM if the signature is valid + if(result == TPM_RC_SUCCESS) + { + // Command uses the clock so need to clear the orderly state if it is + // set. + result = NvClearOrderly(); + } + } + return result; +} + +//*** IsSigningObject() +// Checks to see if the object is OK for signing. This is here rather than in +// Object_spt.c because all the attestation commands use this file but not +// Object_spt.c. +// Return Type: BOOL +// TRUE(1) object may sign +// FALSE(0) object may not sign +BOOL +IsSigningObject( + OBJECT *object // IN: + ) +{ + return ((object == NULL) + || ((IS_ATTRIBUTE(object->publicArea.objectAttributes, TPMA_OBJECT, sign) + && object->publicArea.type != TPM_ALG_SYMCIPHER))); +} \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/Certify.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/Certify.c new file mode 100644 index 000000000..0bdc22361 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/Certify.c @@ -0,0 +1,94 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "Attest_spt_fp.h" +#include "Certify_fp.h" + +#if CC_Certify // Conditional expansion of this file + +/*(See part 3 specification) +// prove an object with a specific Name is loaded in the TPM +*/ +// Return Type: TPM_RC +// TPM_RC_KEY key referenced by 'signHandle' is not a signing key +// TPM_RC_SCHEME 'inScheme' is not compatible with 'signHandle' +// TPM_RC_VALUE digest generated for 'inScheme' is greater or has larger +// size than the modulus of 'signHandle', or the buffer for +// the result in 'signature' is too small (for an RSA key); +// invalid commit status (for an ECC key with a split scheme) +TPM_RC +TPM2_Certify( + Certify_In *in, // IN: input parameter list + Certify_Out *out // OUT: output parameter list + ) +{ + TPMS_ATTEST certifyInfo; + OBJECT *signObject = HandleToObject(in->signHandle); + OBJECT *certifiedObject = HandleToObject(in->objectHandle); +// Input validation + if(!IsSigningObject(signObject)) + return TPM_RCS_KEY + RC_Certify_signHandle; + if(!CryptSelectSignScheme(signObject, &in->inScheme)) + return TPM_RCS_SCHEME + RC_Certify_inScheme; + +// Command Output + // Filling in attest information + // Common fields + FillInAttestInfo(in->signHandle, &in->inScheme, &in->qualifyingData, + &certifyInfo); + + // Certify specific fields + certifyInfo.type = TPM_ST_ATTEST_CERTIFY; + // NOTE: the certified object is not allowed to be TPM_ALG_NULL so + // 'certifiedObject' will never be NULL + certifyInfo.attested.certify.name = certifiedObject->name; + + // When using an anonymous signing scheme, need to set the qualified Name to the + // empty buffer to avoid correlation between keys + if(CryptIsSchemeAnonymous(in->inScheme.scheme)) + certifyInfo.attested.certify.qualifiedName.t.size = 0; + else + certifyInfo.attested.certify.qualifiedName = certifiedObject->qualifiedName; + + + // Sign attestation structure. A NULL signature will be returned if + // signHandle is TPM_RH_NULL. A TPM_RC_NV_UNAVAILABLE, TPM_RC_NV_RATE, + // TPM_RC_VALUE, TPM_RC_SCHEME or TPM_RC_ATTRIBUTES error may be returned + // by SignAttestInfo() + return SignAttestInfo(signObject, &in->inScheme, &certifyInfo, + &in->qualifyingData, &out->certifyInfo, &out->signature); +} + +#endif // CC_Certify \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/CertifyCreation.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/CertifyCreation.c new file mode 100644 index 000000000..2cb7f1837 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/CertifyCreation.c @@ -0,0 +1,98 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "Attest_spt_fp.h" +#include "CertifyCreation_fp.h" + +#if CC_CertifyCreation // Conditional expansion of this file + +/*(See part 3 specification) +// Prove the association between an object and its creation data +*/ +// Return Type: TPM_RC +// TPM_RC_KEY key referenced by 'signHandle' is not a signing key +// TPM_RC_SCHEME 'inScheme' is not compatible with 'signHandle' +// TPM_RC_TICKET 'creationTicket' does not match 'objectHandle' +// TPM_RC_VALUE digest generated for 'inScheme' is greater or has larger +// size than the modulus of 'signHandle', or the buffer for +// the result in 'signature' is too small (for an RSA key); +// invalid commit status (for an ECC key with a split scheme). +TPM_RC +TPM2_CertifyCreation( + CertifyCreation_In *in, // IN: input parameter list + CertifyCreation_Out *out // OUT: output parameter list + ) +{ + TPMT_TK_CREATION ticket; + TPMS_ATTEST certifyInfo; + OBJECT *certified = HandleToObject(in->objectHandle); + OBJECT *signObject = HandleToObject(in->signHandle); +// Input Validation + if(!IsSigningObject(signObject)) + return TPM_RCS_KEY + RC_CertifyCreation_signHandle; + if(!CryptSelectSignScheme(signObject, &in->inScheme)) + return TPM_RCS_SCHEME + RC_CertifyCreation_inScheme; + + // CertifyCreation specific input validation + // Re-compute ticket + TicketComputeCreation(in->creationTicket.hierarchy, &certified->name, + &in->creationHash, &ticket); + // Compare ticket + if(!MemoryEqual2B(&ticket.digest.b, &in->creationTicket.digest.b)) + return TPM_RCS_TICKET + RC_CertifyCreation_creationTicket; + +// Command Output + // Common fields + FillInAttestInfo(in->signHandle, &in->inScheme, &in->qualifyingData, + &certifyInfo); + + // CertifyCreation specific fields + // Attestation type + certifyInfo.type = TPM_ST_ATTEST_CREATION; + certifyInfo.attested.creation.objectName = certified->name; + + // Copy the creationHash + certifyInfo.attested.creation.creationHash = in->creationHash; + + // Sign attestation structure. A NULL signature will be returned if + // signObject is TPM_RH_NULL. A TPM_RC_NV_UNAVAILABLE, TPM_RC_NV_RATE, + // TPM_RC_VALUE, TPM_RC_SCHEME or TPM_RC_ATTRIBUTES error may be returned at + // this point + return SignAttestInfo(signObject, &in->inScheme, &certifyInfo, + &in->qualifyingData, &out->certifyInfo, + &out->signature); +} + +#endif // CC_CertifyCreation \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/CertifyX509.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/CertifyX509.c new file mode 100644 index 000000000..961ed47d7 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/CertifyX509.c @@ -0,0 +1,276 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "CertifyX509_fp.h" +#include "X509.h" +#include "TpmASN1_fp.h" +#include "X509_spt_fp.h" +#include "Attest_spt_fp.h" + +#if CC_CertifyX509 // Conditional expansion of this file + +/*(See part 3 specification) +// Certify +*/ +// return type: TPM_RC +// TPM_RC_ATTRIBUTES the attributes of 'objectHandle' are not compatible +// with the KeyUsage or TPMA_OBJECT values in the +// extensions fields +// TPM_RC_BINDING the public and private portions of the key are not +// properly bound. +// TPM_RC_HASH the hash algorithm in the scheme is not supported +// TPM_RC_KEY 'signHandle' does not reference a signing key; +// TPM_RC_SCHEME the scheme is not compatible with sign key type, +// or input scheme is not compatible with default +// scheme, or the chosen scheme is not a valid +// sign scheme +// TPM_RC_VALUE most likely a problem with the format of +// 'partialCertificate' +TPM_RC +TPM2_CertifyX509( + CertifyX509_In *in, // IN: input parameter list + CertifyX509_Out *out // OUT: output parameter list +) +{ + TPM_RC result; + OBJECT *signKey = HandleToObject(in->signHandle); + OBJECT *object = HandleToObject(in->objectHandle); + HASH_STATE hash; + INT16 length; // length for a tagged element + ASN1UnmarshalContext ctx; + ASN1MarshalContext ctxOut; + // certTBS holds an array of pointers and lengths. Each entry references the + // corresponding value in a TBSCertificate structure. For example, the 1th + // element references the version number + stringRef certTBS[REF_COUNT] = {{0}}; +#define ALLOWED_SEQUENCES (SUBJECT_PUBLIC_KEY_REF - SIGNATURE_REF) + stringRef partial[ALLOWED_SEQUENCES] = {{0}}; + INT16 countOfSequences = 0; + INT16 i; + // +#if CERTIFYX509_DEBUG + DebugFileOpen(); + DebugDumpBuffer(in->partialCertificate.t.size, in->partialCertificate.t.buffer, + "partialCertificate"); +#endif + + // Input Validation + // signing key must be able to sign + if(!IsSigningObject(signKey)) + return TPM_RCS_KEY + RC_CertifyX509_signHandle; + // Pick a scheme for sign. If the input sign scheme is not compatible with + // the default scheme, return an error. + if(!CryptSelectSignScheme(signKey, &in->inScheme)) + return TPM_RCS_SCHEME + RC_CertifyX509_inScheme; + // Make sure that the public Key encoding is known + if(X509AddPublicKey(NULL, object) == 0) + return TPM_RCS_ASYMMETRIC + RC_CertifyX509_objectHandle; + // Unbundle 'partialCertificate'. + // Initialize the unmarshaling context + if(!ASN1UnmarshalContextInitialize(&ctx, in->partialCertificate.t.size, + in->partialCertificate.t.buffer)) + return TPM_RCS_VALUE + RC_CertifyX509_partialCertificate; + // Make sure that this is a constructed SEQUENCE + length = ASN1NextTag(&ctx); + // Must be a constructed SEQUENCE that uses all of the input parameter + if((ctx.tag != (ASN1_CONSTRUCTED_SEQUENCE)) + || ((ctx.offset + length) != in->partialCertificate.t.size)) + return TPM_RCS_SIZE + RC_CertifyX509_partialCertificate; + + // This scans through the contents of the outermost SEQUENCE. This would be the + // 'issuer', 'validity', 'subject', 'issuerUniqueID' (optional), + // 'subjectUniqueID' (optional), and 'extensions.' + while(ctx.offset < ctx.size) + { + INT16 startOfElement = ctx.offset; + // + // Read the next tag and length field. + length = ASN1NextTag(&ctx); + if(length < 0) + break; + if(ctx.tag == ASN1_CONSTRUCTED_SEQUENCE) + { + partial[countOfSequences].buf = &ctx.buffer[startOfElement]; + ctx.offset += length; + partial[countOfSequences].len = (INT16)ctx.offset - startOfElement; + if(++countOfSequences > ALLOWED_SEQUENCES) + break; + } + else if(ctx.tag == X509_EXTENSIONS) + { + if(certTBS[EXTENSIONS_REF].len != 0) + return TPM_RCS_VALUE + RC_CertifyX509_partialCertificate; + certTBS[EXTENSIONS_REF].buf = &ctx.buffer[startOfElement]; + ctx.offset += length; + certTBS[EXTENSIONS_REF].len = + (INT16)ctx.offset - startOfElement; + } + else + return TPM_RCS_VALUE + RC_CertifyX509_partialCertificate; + } + // Make sure that we used all of the data and found at least the required + // number of elements. + if((ctx.offset != ctx.size) || (countOfSequences < 3) + || (countOfSequences > 4) + || (certTBS[EXTENSIONS_REF].buf == NULL)) + return TPM_RCS_VALUE + RC_CertifyX509_partialCertificate; + // Now that we know how many sequences there were, we can put them where they + // belong + for(i = 0; i < countOfSequences; i++) + certTBS[SUBJECT_KEY_REF - i] = partial[countOfSequences - 1 - i]; + + // If only three SEQUENCES, then the TPM needs to produce the signature algorithm. + // See if it can + if((countOfSequences == 3) && + (X509AddSigningAlgorithm(NULL, signKey, &in->inScheme) == 0)) + return TPM_RCS_SCHEME + RC_CertifyX509_signHandle; + + // Process the extensions + result = X509ProcessExtensions(object, &certTBS[EXTENSIONS_REF]); + if(result != TPM_RC_SUCCESS) + // If the extension has the TPMA_OBJECT extension and the attributes don't + // match, then the error code will be TPM_RCS_ATTRIBUTES. Otherwise, the error + // indicates a malformed partialCertificate. + return result + ((result == TPM_RCS_ATTRIBUTES) + ? RC_CertifyX509_objectHandle + : RC_CertifyX509_partialCertificate); +// Command Output +// Create the addedToCertificate values + + // Build the addedToCertificate from the bottom up. + // Initialize the context structure + ASN1InitialializeMarshalContext(&ctxOut, sizeof(out->addedToCertificate.t.buffer), + out->addedToCertificate.t.buffer); + // Place a marker for the overall context + ASN1StartMarshalContext(&ctxOut); // SEQUENCE for addedToCertificate + + // Add the subject public key descriptor + certTBS[SUBJECT_PUBLIC_KEY_REF].len = X509AddPublicKey(&ctxOut, object); + certTBS[SUBJECT_PUBLIC_KEY_REF].buf = ctxOut.buffer + ctxOut.offset; + // If the caller didn't provide the algorithm identifier, create it + if(certTBS[SIGNATURE_REF].len == 0) + { + certTBS[SIGNATURE_REF].len = X509AddSigningAlgorithm(&ctxOut, signKey, + &in->inScheme); + certTBS[SIGNATURE_REF].buf = ctxOut.buffer + ctxOut.offset; + } + // Create the serial number value. Use the out->tbsDigest as scratch. + { + TPM2B *digest = &out->tbsDigest.b; + // + digest->size = (INT16)CryptHashStart(&hash, signKey->publicArea.nameAlg); + pAssert(digest->size != 0); + + // The serial number size is the smaller of the digest and the vendor-defined + // value + digest->size = MIN(digest->size, SIZE_OF_X509_SERIAL_NUMBER); + // Add all the parts of the certificate other than the serial number + // and version number + for(i = SIGNATURE_REF; i < REF_COUNT; i++) + CryptDigestUpdate(&hash, certTBS[i].len, certTBS[i].buf); + // throw in the Name of the signing key... + CryptDigestUpdate2B(&hash, &signKey->name.b); + // ...and the Name of the signed key. + CryptDigestUpdate2B(&hash, &object->name.b); + // Done + CryptHashEnd2B(&hash, digest); + } + + // Add the serial number + certTBS[SERIAL_NUMBER_REF].len = + ASN1PushInteger(&ctxOut, out->tbsDigest.t.size, out->tbsDigest.t.buffer); + certTBS[SERIAL_NUMBER_REF].buf = ctxOut.buffer + ctxOut.offset; + + // Add the static version number + ASN1StartMarshalContext(&ctxOut); + ASN1PushUINT(&ctxOut, 2); + certTBS[VERSION_REF].len = + ASN1EndEncapsulation(&ctxOut, ASN1_APPLICAIION_SPECIFIC); + certTBS[VERSION_REF].buf = ctxOut.buffer + ctxOut.offset; + + // Create a fake tag and length for the TBS in the space used for + // 'addedToCertificate' + { + for(length = 0, i = 0; i < REF_COUNT; i++) + length += certTBS[i].len; + // Put a fake tag and length into the buffer for use in the tbsDigest + certTBS[ENCODED_SIZE_REF].len = + ASN1PushTagAndLength(&ctxOut, ASN1_CONSTRUCTED_SEQUENCE, length); + certTBS[ENCODED_SIZE_REF].buf = ctxOut.buffer + ctxOut.offset; + // Restore the buffer pointer to add back the number of octets used for the + // tag and length + ctxOut.offset += certTBS[ENCODED_SIZE_REF].len; + } + // sanity check + if(ctxOut.offset < 0) + return TPM_RC_FAILURE; + // Create the tbsDigest to sign + out->tbsDigest.t.size = CryptHashStart(&hash, in->inScheme.details.any.hashAlg); + for(i = 0; i < REF_COUNT; i++) + CryptDigestUpdate(&hash, certTBS[i].len, certTBS[i].buf); + CryptHashEnd2B(&hash, &out->tbsDigest.b); + +#if CERTIFYX509_DEBUG + { + BYTE fullTBS[4096]; + BYTE *fill = fullTBS; + int j; + for (j = 0; j < REF_COUNT; j++) + { + MemoryCopy(fill, certTBS[j].buf, certTBS[j].len); + fill += certTBS[j].len; + } + DebugDumpBuffer((int)(fill - &fullTBS[0]), fullTBS, "\nfull TBS"); + } +#endif + +// Finish up the processing of addedToCertificate + // Create the actual tag and length for the addedToCertificate structure + out->addedToCertificate.t.size = + ASN1EndEncapsulation(&ctxOut, ASN1_CONSTRUCTED_SEQUENCE); + // Now move all the addedToContext to the start of the buffer + MemoryCopy(out->addedToCertificate.t.buffer, ctxOut.buffer + ctxOut.offset, + out->addedToCertificate.t.size); +#if CERTIFYX509_DEBUG + DebugDumpBuffer(out->addedToCertificate.t.size, out->addedToCertificate.t.buffer, + "\naddedToCertificate"); +#endif + // only thing missing is the signature + result = CryptSign(signKey, &in->inScheme, &out->tbsDigest, &out->signature); + + return result; +} + +#endif // CC_CertifyX509 diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/GetCommandAuditDigest.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/GetCommandAuditDigest.c new file mode 100644 index 000000000..5ecc90153 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/GetCommandAuditDigest.c @@ -0,0 +1,99 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "Attest_spt_fp.h" +#include "GetCommandAuditDigest_fp.h" + +#if CC_GetCommandAuditDigest // Conditional expansion of this file + +/*(See part 3 specification) +// Get current value of command audit log +*/ +// Return Type: TPM_RC +// TPM_RC_KEY key referenced by 'signHandle' is not a signing key +// TPM_RC_SCHEME 'inScheme' is incompatible with 'signHandle' type; or +// both 'scheme' and key's default scheme are empty; or +// 'scheme' is empty while key's default scheme requires +// explicit input scheme (split signing); or +// non-empty default key scheme differs from 'scheme' +// TPM_RC_VALUE digest generated for the given 'scheme' is greater than +// the modulus of 'signHandle' (for an RSA key); +// invalid commit status or failed to generate "r" value +// (for an ECC key) +TPM_RC +TPM2_GetCommandAuditDigest( + GetCommandAuditDigest_In *in, // IN: input parameter list + GetCommandAuditDigest_Out *out // OUT: output parameter list + ) +{ + TPM_RC result; + TPMS_ATTEST auditInfo; + OBJECT *signObject = HandleToObject(in->signHandle); +// Input validation + if(!IsSigningObject(signObject)) + return TPM_RCS_KEY + RC_GetCommandAuditDigest_signHandle; + if(!CryptSelectSignScheme(signObject, &in->inScheme)) + return TPM_RCS_SCHEME + RC_GetCommandAuditDigest_inScheme; + +// Command Output + // Fill in attest information common fields + FillInAttestInfo(in->signHandle, &in->inScheme, &in->qualifyingData, + &auditInfo); + + // CommandAuditDigest specific fields + auditInfo.type = TPM_ST_ATTEST_COMMAND_AUDIT; + auditInfo.attested.commandAudit.digestAlg = gp.auditHashAlg; + auditInfo.attested.commandAudit.auditCounter = gp.auditCounter; + + // Copy command audit log + auditInfo.attested.commandAudit.auditDigest = gr.commandAuditDigest; + CommandAuditGetDigest(&auditInfo.attested.commandAudit.commandDigest); + + // Sign attestation structure. A NULL signature will be returned if + // signHandle is TPM_RH_NULL. A TPM_RC_NV_UNAVAILABLE, TPM_RC_NV_RATE, + // TPM_RC_VALUE, TPM_RC_SCHEME or TPM_RC_ATTRIBUTES error may be returned at + // this point + result = SignAttestInfo(signObject, &in->inScheme, &auditInfo, + &in->qualifyingData, &out->auditInfo, + &out->signature); + // Internal Data Update + if(result == TPM_RC_SUCCESS && in->signHandle != TPM_RH_NULL) + // Reset log + gr.commandAuditDigest.t.size = 0; + + return result; +} + +#endif // CC_GetCommandAuditDigest \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/GetSessionAuditDigest.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/GetSessionAuditDigest.c new file mode 100644 index 000000000..e9ed0470d --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/GetSessionAuditDigest.c @@ -0,0 +1,95 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "Attest_spt_fp.h" +#include "GetSessionAuditDigest_fp.h" + +#if CC_GetSessionAuditDigest // Conditional expansion of this file + +/*(See part 3 specification) +// Get audit session digest +*/ +// Return Type: TPM_RC +// TPM_RC_KEY key referenced by 'signHandle' is not a signing key +// TPM_RC_SCHEME 'inScheme' is incompatible with 'signHandle' type; or +// both 'scheme' and key's default scheme are empty; or +// 'scheme' is empty while key's default scheme requires +// explicit input scheme (split signing); or +// non-empty default key scheme differs from 'scheme' +// TPM_RC_TYPE 'sessionHandle' does not reference an audit session +// TPM_RC_VALUE digest generated for the given 'scheme' is greater than +// the modulus of 'signHandle' (for an RSA key); +// invalid commit status or failed to generate "r" value +// (for an ECC key) +TPM_RC +TPM2_GetSessionAuditDigest( + GetSessionAuditDigest_In *in, // IN: input parameter list + GetSessionAuditDigest_Out *out // OUT: output parameter list + ) +{ + SESSION *session = SessionGet(in->sessionHandle); + TPMS_ATTEST auditInfo; + OBJECT *signObject = HandleToObject(in->signHandle); +// Input Validation + if(!IsSigningObject(signObject)) + return TPM_RCS_KEY + RC_GetSessionAuditDigest_signHandle; + if(!CryptSelectSignScheme(signObject, &in->inScheme)) + return TPM_RCS_SCHEME + RC_GetSessionAuditDigest_inScheme; + + // session must be an audit session + if(session->attributes.isAudit == CLEAR) + return TPM_RCS_TYPE + RC_GetSessionAuditDigest_sessionHandle; + +// Command Output + // Fill in attest information common fields + FillInAttestInfo(in->signHandle, &in->inScheme, &in->qualifyingData, + &auditInfo); + + // SessionAuditDigest specific fields + auditInfo.type = TPM_ST_ATTEST_SESSION_AUDIT; + auditInfo.attested.sessionAudit.sessionDigest = session->u2.auditDigest; + + // Exclusive audit session + auditInfo.attested.sessionAudit.exclusiveSession + = (g_exclusiveAuditSession == in->sessionHandle); + + // Sign attestation structure. A NULL signature will be returned if + // signObject is NULL. + return SignAttestInfo(signObject, &in->inScheme, &auditInfo, + &in->qualifyingData, &out->auditInfo, + &out->signature); +} + +#endif // CC_GetSessionAuditDigest \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/GetTime.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/GetTime.c new file mode 100644 index 000000000..fe24c7e6a --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/GetTime.c @@ -0,0 +1,88 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "Attest_spt_fp.h" +#include "GetTime_fp.h" + +#if CC_GetTime // Conditional expansion of this file + +/*(See part 3 specification) +// Applies a time stamp to the passed blob (qualifyingData). +*/ +// Return Type: TPM_RC +// TPM_RC_KEY key referenced by 'signHandle' is not a signing key +// TPM_RC_SCHEME 'inScheme' is incompatible with 'signHandle' type; or +// both 'scheme' and key's default scheme are empty; or +// 'scheme' is empty while key's default scheme requires +// explicit input scheme (split signing); or +// non-empty default key scheme differs from 'scheme' +// TPM_RC_VALUE digest generated for the given 'scheme' is greater than +// the modulus of 'signHandle' (for an RSA key); +// invalid commit status or failed to generate "r" value +// (for an ECC key) +TPM_RC +TPM2_GetTime( + GetTime_In *in, // IN: input parameter list + GetTime_Out *out // OUT: output parameter list + ) +{ + TPMS_ATTEST timeInfo; + OBJECT *signObject = HandleToObject(in->signHandle); +// Input Validation + if(!IsSigningObject(signObject)) + return TPM_RCS_KEY + RC_GetTime_signHandle; + if(!CryptSelectSignScheme(signObject, &in->inScheme)) + return TPM_RCS_SCHEME + RC_GetTime_inScheme; + +// Command Output + // Fill in attest common fields + FillInAttestInfo(in->signHandle, &in->inScheme, &in->qualifyingData, &timeInfo); + + // GetClock specific fields + timeInfo.type = TPM_ST_ATTEST_TIME; + timeInfo.attested.time.time.time = g_time; + TimeFillInfo(&timeInfo.attested.time.time.clockInfo); + + // Firmware version in plain text + timeInfo.attested.time.firmwareVersion + = (((UINT64)gp.firmwareV1) << 32) + gp.firmwareV2; + + // Sign attestation structure. A NULL signature will be returned if + // signObject is NULL. + return SignAttestInfo(signObject, &in->inScheme, &timeInfo, &in->qualifyingData, + &out->timeInfo, &out->signature); +} + +#endif // CC_GetTime \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/Quote.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/Quote.c new file mode 100644 index 000000000..f22e3cde2 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/Quote.c @@ -0,0 +1,98 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "Attest_spt_fp.h" +#include "Quote_fp.h" + +#if CC_Quote // Conditional expansion of this file + +/*(See part 3 specification) +// quote PCR values +*/ +// Return Type: TPM_RC +// TPM_RC_KEY 'signHandle' does not reference a signing key; +// TPM_RC_SCHEME the scheme is not compatible with sign key type, +// or input scheme is not compatible with default +// scheme, or the chosen scheme is not a valid +// sign scheme +TPM_RC +TPM2_Quote( + Quote_In *in, // IN: input parameter list + Quote_Out *out // OUT: output parameter list + ) +{ + TPMI_ALG_HASH hashAlg; + TPMS_ATTEST quoted; + OBJECT *signObject = HandleToObject(in->signHandle); +// Input Validation + if(!IsSigningObject(signObject)) + return TPM_RCS_KEY + RC_Quote_signHandle; + if(!CryptSelectSignScheme(signObject, &in->inScheme)) + return TPM_RCS_SCHEME + RC_Quote_inScheme; + +// Command Output + + // Filling in attest information + // Common fields + // FillInAttestInfo may return TPM_RC_SCHEME or TPM_RC_KEY + FillInAttestInfo(in->signHandle, &in->inScheme, &in->qualifyingData, "ed); + + // Quote specific fields + // Attestation type + quoted.type = TPM_ST_ATTEST_QUOTE; + + // Get hash algorithm in sign scheme. This hash algorithm is used to + // compute PCR digest. If there is no algorithm, then the PCR cannot + // be digested and this command returns TPM_RC_SCHEME + hashAlg = in->inScheme.details.any.hashAlg; + + if(hashAlg == TPM_ALG_NULL) + return TPM_RCS_SCHEME + RC_Quote_inScheme; + + // Compute PCR digest + PCRComputeCurrentDigest(hashAlg, &in->PCRselect, + "ed.attested.quote.pcrDigest); + + // Copy PCR select. "PCRselect" is modified in PCRComputeCurrentDigest + // function + quoted.attested.quote.pcrSelect = in->PCRselect; + + // Sign attestation structure. A NULL signature will be returned if + // signObject is NULL. + return SignAttestInfo(signObject, &in->inScheme, "ed, &in->qualifyingData, + &out->quoted, &out->signature); +} + +#endif // CC_Quote \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Capability/GetCapability.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Capability/GetCapability.c new file mode 100644 index 000000000..a3c5cf7e4 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Capability/GetCapability.c @@ -0,0 +1,180 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "GetCapability_fp.h" + +#if CC_GetCapability // Conditional expansion of this file + +/*(See part 3 specification) +// This command returns various information regarding the TPM and its current +// state +*/ +// Return Type: TPM_RC +// TPM_RC_HANDLE value of 'property' is in an unsupported handle range +// for the TPM_CAP_HANDLES 'capability' value +// TPM_RC_VALUE invalid 'capability'; or 'property' is not 0 for the +// TPM_CAP_PCRS 'capability' value +TPM_RC +TPM2_GetCapability( + GetCapability_In *in, // IN: input parameter list + GetCapability_Out *out // OUT: output parameter list + ) +{ + TPMU_CAPABILITIES *data = &out->capabilityData.data; +// Command Output + + // Set output capability type the same as input type + out->capabilityData.capability = in->capability; + + switch(in->capability) + { + case TPM_CAP_ALGS: + out->moreData = AlgorithmCapGetImplemented((TPM_ALG_ID)in->property, + in->propertyCount, + &data->algorithms); + break; + case TPM_CAP_HANDLES: + switch(HandleGetType((TPM_HANDLE)in->property)) + { + case TPM_HT_TRANSIENT: + // Get list of handles of loaded transient objects + out->moreData = ObjectCapGetLoaded((TPM_HANDLE)in->property, + in->propertyCount, + &data->handles); + break; + case TPM_HT_PERSISTENT: + // Get list of handles of persistent objects + out->moreData = NvCapGetPersistent((TPM_HANDLE)in->property, + in->propertyCount, + &data->handles); + break; + case TPM_HT_NV_INDEX: + // Get list of defined NV index + out->moreData = NvCapGetIndex((TPM_HANDLE)in->property, + in->propertyCount, + &data->handles); + break; + case TPM_HT_LOADED_SESSION: + // Get list of handles of loaded sessions + out->moreData = SessionCapGetLoaded((TPM_HANDLE)in->property, + in->propertyCount, + &data->handles); + break; +#ifdef TPM_HT_SAVED_SESSION + case TPM_HT_SAVED_SESSION: +#else + case TPM_HT_ACTIVE_SESSION: +#endif + // Get list of handles of + out->moreData = SessionCapGetSaved((TPM_HANDLE)in->property, + in->propertyCount, + &data->handles); + break; + case TPM_HT_PCR: + // Get list of handles of PCR + out->moreData = PCRCapGetHandles((TPM_HANDLE)in->property, + in->propertyCount, + &data->handles); + break; + case TPM_HT_PERMANENT: + // Get list of permanent handles + out->moreData = PermanentCapGetHandles((TPM_HANDLE)in->property, + in->propertyCount, + &data->handles); + break; + default: + // Unsupported input handle type + return TPM_RCS_HANDLE + RC_GetCapability_property; + break; + } + break; + case TPM_CAP_COMMANDS: + out->moreData = CommandCapGetCCList((TPM_CC)in->property, + in->propertyCount, + &data->command); + break; + case TPM_CAP_PP_COMMANDS: + out->moreData = PhysicalPresenceCapGetCCList((TPM_CC)in->property, + in->propertyCount, + &data->ppCommands); + break; + case TPM_CAP_AUDIT_COMMANDS: + out->moreData = CommandAuditCapGetCCList((TPM_CC)in->property, + in->propertyCount, + &data->auditCommands); + break; + case TPM_CAP_PCRS: + // Input property must be 0 + if(in->property != 0) + return TPM_RCS_VALUE + RC_GetCapability_property; + out->moreData = PCRCapGetAllocation(in->propertyCount, + &data->assignedPCR); + break; + case TPM_CAP_PCR_PROPERTIES: + out->moreData = PCRCapGetProperties((TPM_PT_PCR)in->property, + in->propertyCount, + &data->pcrProperties); + break; + case TPM_CAP_TPM_PROPERTIES: + out->moreData = TPMCapGetProperties((TPM_PT)in->property, + in->propertyCount, + &data->tpmProperties); + break; +#if ALG_ECC + case TPM_CAP_ECC_CURVES: + out->moreData = CryptCapGetECCCurve((TPM_ECC_CURVE)in->property, + in->propertyCount, + &data->eccCurves); + break; +#endif // ALG_ECC + case TPM_CAP_AUTH_POLICIES: + if(HandleGetType((TPM_HANDLE)in->property) != TPM_HT_PERMANENT) + return TPM_RCS_VALUE + RC_GetCapability_property; + out->moreData = PermanentHandleGetPolicy((TPM_HANDLE)in->property, + in->propertyCount, + &data->authPolicies); + break; + case TPM_CAP_VENDOR_PROPERTY: + // vendor property is not implemented + default: + // Unsupported TPM_CAP value + return TPM_RCS_VALUE + RC_GetCapability_capability; + break; + } + + return TPM_RC_SUCCESS; +} + +#endif // CC_GetCapability \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Capability/TestParms.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Capability/TestParms.c new file mode 100644 index 000000000..3e5435e4a --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Capability/TestParms.c @@ -0,0 +1,56 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "TestParms_fp.h" + +#if CC_TestParms // Conditional expansion of this file + +/*(See part 3 specification) +// TestParms +*/ +TPM_RC +TPM2_TestParms( + TestParms_In *in // IN: input parameter list + ) +{ + // Input parameter is not reference in command action + NOT_REFERENCED(in); + + // The parameters are tested at unmarshal process. We do nothing in command + // action + return TPM_RC_SUCCESS; +} + +#endif // CC_TestParms \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/ClockTimer/ClockRateAdjust.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/ClockTimer/ClockRateAdjust.c new file mode 100644 index 000000000..59148af03 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/ClockTimer/ClockRateAdjust.c @@ -0,0 +1,55 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "ClockRateAdjust_fp.h" + +#if CC_ClockRateAdjust // Conditional expansion of this file + +/*(See part 3 specification) +// adjusts the rate of advance of Clock and Timer to provide a better +// approximation to real time. +*/ +TPM_RC +TPM2_ClockRateAdjust( + ClockRateAdjust_In *in // IN: input parameter list + ) +{ +// Internal Data Update + TimeSetAdjustRate(in->rateAdjust); + + return TPM_RC_SUCCESS; +} + +#endif // CC_ClockRateAdjust \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/ClockTimer/ClockSet.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/ClockTimer/ClockSet.c new file mode 100644 index 000000000..9e0a8d34d --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/ClockTimer/ClockSet.c @@ -0,0 +1,66 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "ClockSet_fp.h" + +#if CC_ClockSet // Conditional expansion of this file + +// Read the current TPMS_TIMER_INFO structure settings +// Return Type: TPM_RC +// TPM_RC_NV_RATE NV is unavailable because of rate limit +// TPM_RC_NV_UNAVAILABLE NV is inaccessible +// TPM_RC_VALUE invalid new clock + +TPM_RC +TPM2_ClockSet( + ClockSet_In *in // IN: input parameter list + ) +{ +// Input Validation + // new time can not be bigger than 0xFFFF000000000000 or smaller than + // current clock + if(in->newTime > 0xFFFF000000000000ULL + || in->newTime < go.clock) + return TPM_RCS_VALUE + RC_ClockSet_newTime; + +// Internal Data Update + // Can't modify the clock if NV is not available. + RETURN_IF_NV_IS_NOT_AVAILABLE; + + TimeClockUpdate(in->newTime); + return TPM_RC_SUCCESS; +} + +#endif // CC_ClockSet \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/ClockTimer/ReadClock.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/ClockTimer/ReadClock.c new file mode 100644 index 000000000..f405d057e --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/ClockTimer/ReadClock.c @@ -0,0 +1,56 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "ReadClock_fp.h" + +#if CC_ReadClock // Conditional expansion of this file + +/*(See part 3 specification) +// read the current TPMS_TIMER_INFO structure settings +*/ +TPM_RC +TPM2_ReadClock( + ReadClock_Out *out // OUT: output parameter list + ) +{ +// Command Output + + out->currentTime.time = g_time; + TimeFillInfo(&out->currentTime.clockInfo); + + return TPM_RC_SUCCESS; +} + +#endif // CC_ReadClock \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/CommandAudit/SetCommandCodeAuditStatus.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/CommandAudit/SetCommandCodeAuditStatus.c new file mode 100644 index 000000000..b7f52e8c1 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/CommandAudit/SetCommandCodeAuditStatus.c @@ -0,0 +1,103 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "SetCommandCodeAuditStatus_fp.h" + +#if CC_SetCommandCodeAuditStatus // Conditional expansion of this file + +/*(See part 3 specification) +// change the audit status of a command or to set the hash algorithm used for +// the audit digest. +*/ +TPM_RC +TPM2_SetCommandCodeAuditStatus( + SetCommandCodeAuditStatus_In *in // IN: input parameter list + ) +{ + + // The command needs NV update. Check if NV is available. + // A TPM_RC_NV_UNAVAILABLE or TPM_RC_NV_RATE error may be returned at + // this point + RETURN_IF_NV_IS_NOT_AVAILABLE; + +// Internal Data Update + + // Update hash algorithm + if(in->auditAlg != TPM_ALG_NULL && in->auditAlg != gp.auditHashAlg) + { + // Can't change the algorithm and command list at the same time + if(in->setList.count != 0 || in->clearList.count != 0) + return TPM_RCS_VALUE + RC_SetCommandCodeAuditStatus_auditAlg; + + // Change the hash algorithm for audit + gp.auditHashAlg = in->auditAlg; + + // Set the digest size to a unique value that indicates that the digest + // algorithm has been changed. The size will be cleared to zero in the + // command audit processing on exit. + gr.commandAuditDigest.t.size = 1; + + // Save the change of command audit data (this sets g_updateNV so that NV + // will be updated on exit.) + NV_SYNC_PERSISTENT(auditHashAlg); + } + else + { + UINT32 i; + BOOL changed = FALSE; + + // Process set list + for(i = 0; i < in->setList.count; i++) + + // If change is made in CommandAuditSet, set changed flag + if(CommandAuditSet(in->setList.commandCodes[i])) + changed = TRUE; + + // Process clear list + for(i = 0; i < in->clearList.count; i++) + // If change is made in CommandAuditClear, set changed flag + if(CommandAuditClear(in->clearList.commandCodes[i])) + changed = TRUE; + + // if change was made to command list, update NV + if(changed) + // this sets g_updateNV so that NV will be updated on exit. + NV_SYNC_PERSISTENT(auditCommands); + } + + return TPM_RC_SUCCESS; +} + +#endif // CC_SetCommandCodeAuditStatus \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Context/ContextLoad.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Context/ContextLoad.c new file mode 100644 index 000000000..4977f9827 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Context/ContextLoad.c @@ -0,0 +1,193 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "ContextLoad_fp.h" + +#if CC_ContextLoad // Conditional expansion of this file + +#include "Context_spt_fp.h" + +/*(See part 3 specification) +// Load context +*/ + +// Return Type: TPM_RC +// TPM_RC_CONTEXT_GAP there is only one available slot and this is not +// the oldest saved session context +// TPM_RC_HANDLE context.savedHandle' does not reference a saved +// session +// TPM_RC_HIERARCHY 'context.hierarchy' is disabled +// TPM_RC_INTEGRITY 'context' integrity check fail +// TPM_RC_OBJECT_MEMORY no free slot for an object +// TPM_RC_SESSION_MEMORY no free session slots +// TPM_RC_SIZE incorrect context blob size +TPM_RC +TPM2_ContextLoad( + ContextLoad_In *in, // IN: input parameter list + ContextLoad_Out *out // OUT: output parameter list + ) +{ + TPM_RC result; + TPM2B_DIGEST integrityToCompare; + TPM2B_DIGEST integrity; + BYTE *buffer; // defined to save some typing + INT32 size; // defined to save some typing + TPM_HT handleType; + TPM2B_SYM_KEY symKey; + TPM2B_IV iv; + +// Input Validation + +// See discussion about the context format in TPM2_ContextSave Detailed Actions + + // IF this is a session context, make sure that the sequence number is + // consistent with the version in the slot + + // Check context blob size + handleType = HandleGetType(in->context.savedHandle); + + // Get integrity from context blob + buffer = in->context.contextBlob.t.buffer; + size = (INT32)in->context.contextBlob.t.size; + result = TPM2B_DIGEST_Unmarshal(&integrity, &buffer, &size); + if(result != TPM_RC_SUCCESS) + return result; + + // the size of the integrity value has to match the size of digest produced + // by the integrity hash + if(integrity.t.size != CryptHashGetDigestSize(CONTEXT_INTEGRITY_HASH_ALG)) + return TPM_RCS_SIZE + RC_ContextLoad_context; + + // Make sure that the context blob has enough space for the fingerprint. This + // is elastic pants to go with the belt and suspenders we already have to make + // sure that the context is complete and untampered. + if((unsigned)size < sizeof(in->context.sequence)) + return TPM_RCS_SIZE + RC_ContextLoad_context; + + // After unmarshaling the integrity value, 'buffer' is pointing at the first + // byte of the integrity protected and encrypted buffer and 'size' is the number + // of integrity protected and encrypted bytes. + + // Compute context integrity + ComputeContextIntegrity(&in->context, &integrityToCompare); + + // Compare integrity + if(!MemoryEqual2B(&integrity.b, &integrityToCompare.b)) + return TPM_RCS_INTEGRITY + RC_ContextLoad_context; + // Compute context encryption key + ComputeContextProtectionKey(&in->context, &symKey, &iv); + + // Decrypt context data in place + CryptSymmetricDecrypt(buffer, CONTEXT_ENCRYPT_ALG, CONTEXT_ENCRYPT_KEY_BITS, + symKey.t.buffer, &iv, ALG_CFB_VALUE, size, buffer); + // See if the fingerprint value matches. If not, it is symptomatic of either + // a broken TPM or that the TPM is under attack so go into failure mode. + if(!MemoryEqual(buffer, &in->context.sequence, sizeof(in->context.sequence))) + FAIL(FATAL_ERROR_INTERNAL); + + // step over fingerprint + buffer += sizeof(in->context.sequence); + + // set the remaining size of the context + size -= sizeof(in->context.sequence); + + // Perform object or session specific input check + switch(handleType) + { + case TPM_HT_TRANSIENT: + { + OBJECT *outObject; + + if(size > (INT32)sizeof(OBJECT)) + FAIL(FATAL_ERROR_INTERNAL); + + // Discard any changes to the handle that the TRM might have made + in->context.savedHandle = TRANSIENT_FIRST; + + // If hierarchy is disabled, no object context can be loaded in this + // hierarchy + if(!HierarchyIsEnabled(in->context.hierarchy)) + return TPM_RCS_HIERARCHY + RC_ContextLoad_context; + + // Restore object. If there is no empty space, indicate as much + outObject = ObjectContextLoad((ANY_OBJECT_BUFFER *)buffer, + &out->loadedHandle); + if(outObject == NULL) + return TPM_RC_OBJECT_MEMORY; + + break; + } + case TPM_HT_POLICY_SESSION: + case TPM_HT_HMAC_SESSION: + { + if(size != sizeof(SESSION)) + FAIL(FATAL_ERROR_INTERNAL); + + // This command may cause the orderlyState to be cleared due to + // the update of state reset data. If this is the case, check if NV is + // available first + RETURN_IF_ORDERLY; + + // Check if input handle points to a valid saved session and that the + // sequence number makes sense + if(!SequenceNumberForSavedContextIsValid(&in->context)) + return TPM_RCS_HANDLE + RC_ContextLoad_context; + + // Restore session. A TPM_RC_SESSION_MEMORY, TPM_RC_CONTEXT_GAP error + // may be returned at this point + result = SessionContextLoad((SESSION_BUF *)buffer, + &in->context.savedHandle); + if(result != TPM_RC_SUCCESS) + return result; + + out->loadedHandle = in->context.savedHandle; + + // orderly state should be cleared because of the update of state + // reset and state clear data + g_clearOrderly = TRUE; + + break; + } + default: + // Context blob may only have an object handle or a session handle. + // All the other handle type should be filtered out at unmarshal + FAIL(FATAL_ERROR_INTERNAL); + break; + } + + return TPM_RC_SUCCESS; +} + +#endif // CC_ContextLoad \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Context/ContextSave.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Context/ContextSave.c new file mode 100644 index 000000000..ff3c4cdf8 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Context/ContextSave.c @@ -0,0 +1,232 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "ContextSave_fp.h" + +#if CC_ContextSave // Conditional expansion of this file + +#include "Context_spt_fp.h" + +/*(See part 3 specification) + Save context +*/ +// Return Type: TPM_RC +// TPM_RC_CONTEXT_GAP a contextID could not be assigned for a session +// context save +// TPM_RC_TOO_MANY_CONTEXTS no more contexts can be saved as the counter has +// maxed out +TPM_RC +TPM2_ContextSave( + ContextSave_In *in, // IN: input parameter list + ContextSave_Out *out // OUT: output parameter list + ) +{ + TPM_RC result = TPM_RC_SUCCESS; + UINT16 fingerprintSize; // The size of fingerprint in context + // blob. + UINT64 contextID = 0; // session context ID + TPM2B_SYM_KEY symKey; + TPM2B_IV iv; + + TPM2B_DIGEST integrity; + UINT16 integritySize; + BYTE *buffer; + + // This command may cause the orderlyState to be cleared due to + // the update of state reset data. If the state is orderly and + // cannot be changed, exit early. + RETURN_IF_ORDERLY; + +// Internal Data Update + +// This implementation does not do things in quite the same way as described in +// Part 2 of the specification. In Part 2, it indicates that the +// TPMS_CONTEXT_DATA contains two TPM2B values. That is not how this is +// implemented. Rather, the size field of the TPM2B_CONTEXT_DATA is used to +// determine the amount of data in the encrypted data. That part is not +// independently sized. This makes the actual size 2 bytes smaller than +// calculated using Part 2. Since this is opaque to the caller, it is not +// necessary to fix. The actual size is returned by TPM2_GetCapabilties(). + + // Initialize output handle. At the end of command action, the output + // handle of an object will be replaced, while the output handle + // for a session will be the same as input + out->context.savedHandle = in->saveHandle; + + // Get the size of fingerprint in context blob. The sequence value in + // TPMS_CONTEXT structure is used as the fingerprint + fingerprintSize = sizeof(out->context.sequence); + + // Compute the integrity size at the beginning of context blob + integritySize = sizeof(integrity.t.size) + + CryptHashGetDigestSize(CONTEXT_INTEGRITY_HASH_ALG); + +// Perform object or session specific context save + switch(HandleGetType(in->saveHandle)) + { + case TPM_HT_TRANSIENT: + { + OBJECT *object = HandleToObject(in->saveHandle); + ANY_OBJECT_BUFFER *outObject; + UINT16 objectSize = ObjectIsSequence(object) + ? sizeof(HASH_OBJECT) : sizeof(OBJECT); + + outObject = (ANY_OBJECT_BUFFER *)(out->context.contextBlob.t.buffer + + integritySize + fingerprintSize); + + // Set size of the context data. The contents of context blob is vendor + // defined. In this implementation, the size is size of integrity + // plus fingerprint plus the whole internal OBJECT structure + out->context.contextBlob.t.size = integritySize + + fingerprintSize + objectSize; +#if ALG_RSA + // For an RSA key, make sure that the key has had the private exponent + // computed before saving. + if(object->publicArea.type == TPM_ALG_RSA && + !(object->attributes.publicOnly)) + CryptRsaLoadPrivateExponent(&object->publicArea, &object->sensitive); +#endif + // Make sure things fit + pAssert(out->context.contextBlob.t.size + <= sizeof(out->context.contextBlob.t.buffer)); + // Copy the whole internal OBJECT structure to context blob + MemoryCopy(outObject, object, objectSize); + + // Increment object context ID + gr.objectContextID++; + // If object context ID overflows, TPM should be put in failure mode + if(gr.objectContextID == 0) + FAIL(FATAL_ERROR_INTERNAL); + + // Fill in other return values for an object. + out->context.sequence = gr.objectContextID; + // For regular object, savedHandle is 0x80000000. For sequence object, + // savedHandle is 0x80000001. For object with stClear, savedHandle + // is 0x80000002 + if(ObjectIsSequence(object)) + { + out->context.savedHandle = 0x80000001; + SequenceDataExport((HASH_OBJECT *)object, + (HASH_OBJECT_BUFFER *)outObject); + } + else + out->context.savedHandle = (object->attributes.stClear == SET) + ? 0x80000002 : 0x80000000; +// Get object hierarchy + out->context.hierarchy = ObjectGetHierarchy(object); + + break; + } + case TPM_HT_HMAC_SESSION: + case TPM_HT_POLICY_SESSION: + { + SESSION *session = SessionGet(in->saveHandle); + + // Set size of the context data. The contents of context blob is vendor + // defined. In this implementation, the size of context blob is the + // size of a internal session structure plus the size of + // fingerprint plus the size of integrity + out->context.contextBlob.t.size = integritySize + + fingerprintSize + sizeof(*session); + + // Make sure things fit + pAssert(out->context.contextBlob.t.size + < sizeof(out->context.contextBlob.t.buffer)); + + // Copy the whole internal SESSION structure to context blob. + // Save space for fingerprint at the beginning of the buffer + // This is done before anything else so that the actual context + // can be reclaimed after this call + pAssert(sizeof(*session) <= sizeof(out->context.contextBlob.t.buffer) + - integritySize - fingerprintSize); + MemoryCopy(out->context.contextBlob.t.buffer + integritySize + + fingerprintSize, session, sizeof(*session)); + // Fill in the other return parameters for a session + // Get a context ID and set the session tracking values appropriately + // TPM_RC_CONTEXT_GAP is a possible error. + // SessionContextSave() will flush the in-memory context + // so no additional errors may occur after this call. + result = SessionContextSave(out->context.savedHandle, &contextID); + if(result != TPM_RC_SUCCESS) + return result; + // sequence number is the current session contextID + out->context.sequence = contextID; + + // use TPM_RH_NULL as hierarchy for session context + out->context.hierarchy = TPM_RH_NULL; + + break; + } + default: + // SaveContext may only take an object handle or a session handle. + // All the other handle type should be filtered out at unmarshal + FAIL(FATAL_ERROR_INTERNAL); + break; + } + + // Save fingerprint at the beginning of encrypted area of context blob. + // Reserve the integrity space + pAssert(sizeof(out->context.sequence) <= + sizeof(out->context.contextBlob.t.buffer) - integritySize); + MemoryCopy(out->context.contextBlob.t.buffer + integritySize, + &out->context.sequence, sizeof(out->context.sequence)); + + // Compute context encryption key + ComputeContextProtectionKey(&out->context, &symKey, &iv); + + // Encrypt context blob + CryptSymmetricEncrypt(out->context.contextBlob.t.buffer + integritySize, + CONTEXT_ENCRYPT_ALG, CONTEXT_ENCRYPT_KEY_BITS, + symKey.t.buffer, &iv, ALG_CFB_VALUE, + out->context.contextBlob.t.size - integritySize, + out->context.contextBlob.t.buffer + integritySize); + + // Compute integrity hash for the object + // In this implementation, the same routine is used for both sessions + // and objects. + ComputeContextIntegrity(&out->context, &integrity); + + // add integrity at the beginning of context blob + buffer = out->context.contextBlob.t.buffer; + TPM2B_DIGEST_Marshal(&integrity, &buffer, NULL); + + // orderly state should be cleared because of the update of state reset and + // state clear data + g_clearOrderly = TRUE; + + return result; +} + +#endif // CC_ContextSave \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Context/Context_spt.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Context/Context_spt.c new file mode 100644 index 000000000..7a5fea817 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Context/Context_spt.c @@ -0,0 +1,244 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +//** Includes + +#include "Tpm.h" +#include "Context_spt_fp.h" + +//** Functions + +//*** ComputeContextProtectionKey() +// This function retrieves the symmetric protection key for context encryption +// It is used by TPM2_ConextSave and TPM2_ContextLoad to create the symmetric +// encryption key and iv +/*(See part 1 specification) + KDFa is used to generate the symmetric encryption key and IV. The parameters + of the call are: + Symkey = KDFa(hashAlg, hProof, vendorString, sequence, handle, bits) + where + hashAlg a vendor-defined hash algorithm + hProof the hierarchy proof as selected by the hierarchy parameter + of the TPMS_CONTEXT + vendorString a value used to differentiate the uses of the KDF + sequence the sequence parameter of the TPMS_CONTEXT + handle the handle parameter of the TPMS_CONTEXT + bits the number of bits needed for a symmetric key and IV for + the context encryption +*/ +// Return Type: void +void +ComputeContextProtectionKey( + TPMS_CONTEXT *contextBlob, // IN: context blob + TPM2B_SYM_KEY *symKey, // OUT: the symmetric key + TPM2B_IV *iv // OUT: the IV. + ) +{ + UINT16 symKeyBits; // number of bits in the parent's + // symmetric key + TPM2B_PROOF *proof = NULL; // the proof value to use. Is null for + // everything but a primary object in + // the Endorsement Hierarchy + + BYTE kdfResult[sizeof(TPMU_HA) * 2];// Value produced by the KDF + + TPM2B_DATA sequence2B, handle2B; + + // Get proof value + proof = HierarchyGetProof(contextBlob->hierarchy); + + // Get sequence value in 2B format + sequence2B.t.size = sizeof(contextBlob->sequence); + cAssert(sizeof(contextBlob->sequence) <= sizeof(sequence2B.t.buffer)); + MemoryCopy(sequence2B.t.buffer, &contextBlob->sequence, + sizeof(contextBlob->sequence)); + + // Get handle value in 2B format + handle2B.t.size = sizeof(contextBlob->savedHandle); + cAssert(sizeof(contextBlob->savedHandle) <= sizeof(handle2B.t.buffer)); + MemoryCopy(handle2B.t.buffer, &contextBlob->savedHandle, + sizeof(contextBlob->savedHandle)); + + // Get the symmetric encryption key size + symKey->t.size = CONTEXT_ENCRYPT_KEY_BYTES; + symKeyBits = CONTEXT_ENCRYPT_KEY_BITS; + // Get the size of the IV for the algorithm + iv->t.size = CryptGetSymmetricBlockSize(CONTEXT_ENCRYPT_ALG, symKeyBits); + + // KDFa to generate symmetric key and IV value + CryptKDFa(CONTEXT_INTEGRITY_HASH_ALG, &proof->b, CONTEXT_KEY, &sequence2B.b, + &handle2B.b, (symKey->t.size + iv->t.size) * 8, kdfResult, NULL, + FALSE); + + // Copy part of the returned value as the key + pAssert(symKey->t.size <= sizeof(symKey->t.buffer)); + MemoryCopy(symKey->t.buffer, kdfResult, symKey->t.size); + + // Copy the rest as the IV + pAssert(iv->t.size <= sizeof(iv->t.buffer)); + MemoryCopy(iv->t.buffer, &kdfResult[symKey->t.size], iv->t.size); + + return; +} + +//*** ComputeContextIntegrity() +// Generate the integrity hash for a context +// It is used by TPM2_ContextSave to create an integrity hash +// and by TPM2_ContextLoad to compare an integrity hash +/*(See part 1 specification) + The HMAC integrity computation for a saved context is: + HMACvendorAlg(hProof, resetValue {|| clearCount} || sequence || handle || + encContext) + where + HMACvendorAlg HMAC using a vendor-defined hash algorithm + hProof the hierarchy proof as selected by the hierarchy + parameter of the TPMS_CONTEXT + resetValue either a counter value that increments on each TPM Reset + and is not reset over the lifetime of the TPM or a random + value that changes on each TPM Reset and has the size of + the digest produced by vendorAlg + clearCount a counter value that is incremented on each TPM Reset + or TPM Restart. This value is only included if the handle + value is 0x80000002. + sequence the sequence parameter of the TPMS_CONTEXT + handle the handle parameter of the TPMS_CONTEXT + encContext the encrypted context blob +*/ +// Return Type: void +void +ComputeContextIntegrity( + TPMS_CONTEXT *contextBlob, // IN: context blob + TPM2B_DIGEST *integrity // OUT: integrity + ) +{ + HMAC_STATE hmacState; + TPM2B_PROOF *proof; + UINT16 integritySize; + + // Get proof value + proof = HierarchyGetProof(contextBlob->hierarchy); + + // Start HMAC + integrity->t.size = CryptHmacStart2B(&hmacState, CONTEXT_INTEGRITY_HASH_ALG, + &proof->b); + + // Compute integrity size at the beginning of context blob + integritySize = sizeof(integrity->t.size) + integrity->t.size; + + // Adding total reset counter so that the context cannot be + // used after a TPM Reset + CryptDigestUpdateInt(&hmacState.hashState, sizeof(gp.totalResetCount), + gp.totalResetCount); + + // If this is a ST_CLEAR object, add the clear count + // so that this contest cannot be loaded after a TPM Restart + if(contextBlob->savedHandle == 0x80000002) + CryptDigestUpdateInt(&hmacState.hashState, sizeof(gr.clearCount), + gr.clearCount); + + // Adding sequence number to the HMAC to make sure that it doesn't + // get changed + CryptDigestUpdateInt(&hmacState.hashState, sizeof(contextBlob->sequence), + contextBlob->sequence); + + // Protect the handle + CryptDigestUpdateInt(&hmacState.hashState, sizeof(contextBlob->savedHandle), + contextBlob->savedHandle); + + // Adding sensitive contextData, skip the leading integrity area + CryptDigestUpdate(&hmacState.hashState, + contextBlob->contextBlob.t.size - integritySize, + contextBlob->contextBlob.t.buffer + integritySize); + + // Complete HMAC + CryptHmacEnd2B(&hmacState, &integrity->b); + + return; +} + +//*** SequenceDataExport(); +// This function is used scan through the sequence object and +// either modify the hash state data for export (contextSave) or to +// import it into the internal format (contextLoad). +// This function should only be called after the sequence object has been copied +// to the context buffer (contextSave) or from the context buffer into the sequence +// object. The presumption is that the context buffer version of the data is the +// same size as the internal representation so nothing outsize of the hash context +// area gets modified. +void +SequenceDataExport( + HASH_OBJECT *object, // IN: an internal hash object + HASH_OBJECT_BUFFER *exportObject // OUT: a sequence context in a buffer + ) +{ + // If the hash object is not an event, then only one hash context is needed + int count = (object->attributes.eventSeq) ? HASH_COUNT : 1; + + for(count--; count >= 0; count--) + { + HASH_STATE *hash = &object->state.hashState[count]; + size_t offset = (BYTE *)hash - (BYTE *)object; + BYTE *exportHash = &((BYTE *)exportObject)[offset]; + + CryptHashExportState(hash, (EXPORT_HASH_STATE *)exportHash); + } +} + +//*** SequenceDataImport(); +// This function is used scan through the sequence object and +// either modify the hash state data for export (contextSave) or to +// import it into the internal format (contextLoad). +// This function should only be called after the sequence object has been copied +// to the context buffer (contextSave) or from the context buffer into the sequence +// object. The presumption is that the context buffer version of the data is the +// same size as the internal representation so nothing outsize of the hash context +// area gets modified. +void +SequenceDataImport( + HASH_OBJECT *object, // IN/OUT: an internal hash object + HASH_OBJECT_BUFFER *exportObject // IN/OUT: a sequence context in a buffer + ) +{ + // If the hash object is not an event, then only one hash context is needed + int count = (object->attributes.eventSeq) ? HASH_COUNT : 1; + + for(count--; count >= 0; count--) + { + HASH_STATE *hash = &object->state.hashState[count]; + size_t offset = (BYTE *)hash - (BYTE *)object; + BYTE *importHash = &((BYTE *)exportObject)[offset]; +// + CryptHashImportState(hash, (EXPORT_HASH_STATE *)importHash); + } +} \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Context/EvictControl.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Context/EvictControl.c new file mode 100644 index 000000000..e4ed13489 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Context/EvictControl.c @@ -0,0 +1,131 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "EvictControl_fp.h" + +#if CC_EvictControl // Conditional expansion of this file + +/*(See part 3 specification) +// Make a transient object persistent or evict a persistent object +*/ +// Return Type: TPM_RC +// TPM_RC_ATTRIBUTES an object with 'temporary', 'stClear' or 'publicOnly' +// attribute SET cannot be made persistent +// TPM_RC_HIERARCHY 'auth' cannot authorize the operation in the hierarchy +// of 'evictObject' +// TPM_RC_HANDLE 'evictHandle' of the persistent object to be evicted is +// not the same as the 'persistentHandle' argument +// TPM_RC_NV_HANDLE 'persistentHandle' is unavailable +// TPM_RC_NV_SPACE no space in NV to make 'evictHandle' persistent +// TPM_RC_RANGE 'persistentHandle' is not in the range corresponding to +// the hierarchy of 'evictObject' +TPM_RC +TPM2_EvictControl( + EvictControl_In *in // IN: input parameter list + ) +{ + TPM_RC result; + OBJECT *evictObject; + +// Input Validation + + // Get internal object pointer + evictObject = HandleToObject(in->objectHandle); + + // Temporary, stClear or public only objects can not be made persistent + if(evictObject->attributes.temporary == SET + || evictObject->attributes.stClear == SET + || evictObject->attributes.publicOnly == SET) + return TPM_RCS_ATTRIBUTES + RC_EvictControl_objectHandle; + + // If objectHandle refers to a persistent object, it should be the same as + // input persistentHandle + if(evictObject->attributes.evict == SET + && evictObject->evictHandle != in->persistentHandle) + return TPM_RCS_HANDLE + RC_EvictControl_objectHandle; + + // Additional authorization validation + if(in->auth == TPM_RH_PLATFORM) + { + // To make persistent + if(evictObject->attributes.evict == CLEAR) + { + // PlatformAuth can not set evict object in storage or endorsement + // hierarchy + if(evictObject->attributes.ppsHierarchy == CLEAR) + return TPM_RCS_HIERARCHY + RC_EvictControl_objectHandle; + // Platform cannot use a handle outside of platform persistent range. + if(!NvIsPlatformPersistentHandle(in->persistentHandle)) + return TPM_RCS_RANGE + RC_EvictControl_persistentHandle; + } + // PlatformAuth can delete any persistent object + } + else if(in->auth == TPM_RH_OWNER) + { + // OwnerAuth can not set or clear evict object in platform hierarchy + if(evictObject->attributes.ppsHierarchy == SET) + return TPM_RCS_HIERARCHY + RC_EvictControl_objectHandle; + + // Owner cannot use a handle outside of owner persistent range. + if(evictObject->attributes.evict == CLEAR + && !NvIsOwnerPersistentHandle(in->persistentHandle)) + return TPM_RCS_RANGE + RC_EvictControl_persistentHandle; + } + else + { + // Other authorization is not allowed in this command and should have been + // filtered out in unmarshal process + FAIL(FATAL_ERROR_INTERNAL); + } +// Internal Data Update + // Change evict state + if(evictObject->attributes.evict == CLEAR) + { + // Make object persistent + if(NvFindHandle(in->persistentHandle) != 0) + return TPM_RC_NV_DEFINED; + // A TPM_RC_NV_HANDLE or TPM_RC_NV_SPACE error may be returned at this + // point + result = NvAddEvictObject(in->persistentHandle, evictObject); + } + else + { + // Delete the persistent object in NV + result = NvDeleteEvict(evictObject->evictHandle); + } + return result; +} + +#endif // CC_EvictControl \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Context/FlushContext.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Context/FlushContext.c new file mode 100644 index 000000000..87982850b --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Context/FlushContext.c @@ -0,0 +1,86 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "FlushContext_fp.h" + +#if CC_FlushContext // Conditional expansion of this file + +/*(See part 3 specification) +// Flush a specific object or session +*/ +// Return Type: TPM_RC +// TPM_RC_HANDLE 'flushHandle' does not reference a loaded object or session +TPM_RC +TPM2_FlushContext( + FlushContext_In *in // IN: input parameter list + ) +{ +// Internal Data Update + + // Call object or session specific routine to flush + switch(HandleGetType(in->flushHandle)) + { + case TPM_HT_TRANSIENT: + if(!IsObjectPresent(in->flushHandle)) + return TPM_RCS_HANDLE + RC_FlushContext_flushHandle; + // Flush object + FlushObject(in->flushHandle); + break; + case TPM_HT_HMAC_SESSION: + case TPM_HT_POLICY_SESSION: + if(!SessionIsLoaded(in->flushHandle) + && !SessionIsSaved(in->flushHandle) + ) + return TPM_RCS_HANDLE + RC_FlushContext_flushHandle; + + // If the session to be flushed is the exclusive audit session, then + // indicate that there is no exclusive audit session any longer. + if(in->flushHandle == g_exclusiveAuditSession) + g_exclusiveAuditSession = TPM_RH_UNASSIGNED; + + // Flush session + SessionFlush(in->flushHandle); + break; + default: + // This command only takes object or session handle. Other handles + // should be filtered out at handle unmarshal + FAIL(FATAL_ERROR_INTERNAL); + break; + } + + return TPM_RC_SUCCESS; +} + +#endif // CC_FlushContext \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/DA/DictionaryAttackLockReset.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/DA/DictionaryAttackLockReset.c new file mode 100644 index 000000000..78ceafc27 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/DA/DictionaryAttackLockReset.c @@ -0,0 +1,67 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "DictionaryAttackLockReset_fp.h" + +#if CC_DictionaryAttackLockReset // Conditional expansion of this file + +/*(See part 3 specification) +// This command cancels the effect of a TPM lockout due to a number of +// successive authorization failures. If this command is properly authorized, +// the lockout counter is set to 0. +*/ +TPM_RC +TPM2_DictionaryAttackLockReset( + DictionaryAttackLockReset_In *in // IN: input parameter list + ) +{ + // Input parameter is not reference in command action + NOT_REFERENCED(in); + + // The command needs NV update. + RETURN_IF_NV_IS_NOT_AVAILABLE; + +// Internal Data Update + + // Set failed tries to 0 + gp.failedTries = 0; + + // Record the changes to NV + NV_SYNC_PERSISTENT(failedTries); + + return TPM_RC_SUCCESS; +} + +#endif // CC_DictionaryAttackLockReset \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/DA/DictionaryAttackParameters.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/DA/DictionaryAttackParameters.c new file mode 100644 index 000000000..e5f98da37 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/DA/DictionaryAttackParameters.c @@ -0,0 +1,76 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "DictionaryAttackParameters_fp.h" + +#if CC_DictionaryAttackParameters // Conditional expansion of this file + +/*(See part 3 specification) +// change the lockout parameters +*/ +TPM_RC +TPM2_DictionaryAttackParameters( + DictionaryAttackParameters_In *in // IN: input parameter list + ) +{ + // The command needs NV update. + RETURN_IF_NV_IS_NOT_AVAILABLE; + +// Internal Data Update + + // Set dictionary attack parameters + gp.maxTries = in->newMaxTries; + gp.recoveryTime = in->newRecoveryTime; + gp.lockoutRecovery = in->lockoutRecovery; + +#if 0 // Errata eliminates this code + // This functionality has been disabled. The preferred implementation is now + // to leave failedTries unchanged when the parameters are changed. This could + // have the effect of putting the TPM into DA lockout if in->newMaxTries is + // not greater than the current value of gp.failedTries. + // Set failed tries to 0 + gp.failedTries = 0; +#endif + + // Record the changes to NV + NV_SYNC_PERSISTENT(failedTries); + NV_SYNC_PERSISTENT(maxTries); + NV_SYNC_PERSISTENT(recoveryTime); + NV_SYNC_PERSISTENT(lockoutRecovery); + + return TPM_RC_SUCCESS; +} + +#endif // CC_DictionaryAttackParameters \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Duplication/Duplicate.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Duplication/Duplicate.c new file mode 100644 index 000000000..9e9164f5d --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Duplication/Duplicate.c @@ -0,0 +1,160 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "Duplicate_fp.h" + +#if CC_Duplicate // Conditional expansion of this file + +#include "Object_spt_fp.h" + +/*(See part 3 specification) +// Duplicate a loaded object +*/ +// Return Type: TPM_RC +// TPM_RC_ATTRIBUTES key to duplicate has 'fixedParent' SET +// TPM_RC_HASH for an RSA key, the nameAlg digest size for the +// newParent is not compatible with the key size +// TPM_RC_HIERARCHY 'encryptedDuplication' is SET and 'newParentHandle' +// specifies Null Hierarchy +// TPM_RC_KEY 'newParentHandle' references invalid ECC key (public +// point not on the curve) +// TPM_RC_SIZE input encryption key size does not match the +// size specified in symmetric algorithm +// TPM_RC_SYMMETRIC 'encryptedDuplication' is SET but no symmetric +// algorithm is provided +// TPM_RC_TYPE 'newParentHandle' is neither a storage key nor +// TPM_RH_NULL; or the object has a NULL nameAlg +// TPM_RC_VALUE for an RSA newParent, the sizes of the digest and +// the encryption key are too large to be OAEP encoded +TPM_RC +TPM2_Duplicate( + Duplicate_In *in, // IN: input parameter list + Duplicate_Out *out // OUT: output parameter list + ) +{ + TPM_RC result = TPM_RC_SUCCESS; + TPMT_SENSITIVE sensitive; + + UINT16 innerKeySize = 0; // encrypt key size for inner wrap + + OBJECT *object; + OBJECT *newParent; + TPM2B_DATA data; + +// Input Validation + + // Get duplicate object pointer + object = HandleToObject(in->objectHandle); + // Get new parent + newParent = HandleToObject(in->newParentHandle); + + // duplicate key must have fixParent bit CLEAR. + if(IS_ATTRIBUTE(object->publicArea.objectAttributes, TPMA_OBJECT, fixedParent)) + return TPM_RCS_ATTRIBUTES + RC_Duplicate_objectHandle; + + // Do not duplicate object with NULL nameAlg + if(object->publicArea.nameAlg == TPM_ALG_NULL) + return TPM_RCS_TYPE + RC_Duplicate_objectHandle; + + // new parent key must be a storage object or TPM_RH_NULL + if(in->newParentHandle != TPM_RH_NULL + && !ObjectIsStorage(in->newParentHandle)) + return TPM_RCS_TYPE + RC_Duplicate_newParentHandle; + + // If the duplicated object has encryptedDuplication SET, then there must be + // an inner wrapper and the new parent may not be TPM_RH_NULL + if(IS_ATTRIBUTE(object->publicArea.objectAttributes, TPMA_OBJECT, + encryptedDuplication)) + { + if(in->symmetricAlg.algorithm == TPM_ALG_NULL) + return TPM_RCS_SYMMETRIC + RC_Duplicate_symmetricAlg; + if(in->newParentHandle == TPM_RH_NULL) + return TPM_RCS_HIERARCHY + RC_Duplicate_newParentHandle; + } + + if(in->symmetricAlg.algorithm == TPM_ALG_NULL) + { + // if algorithm is TPM_ALG_NULL, input key size must be 0 + if(in->encryptionKeyIn.t.size != 0) + return TPM_RCS_SIZE + RC_Duplicate_encryptionKeyIn; + } + else + { + // Get inner wrap key size + innerKeySize = in->symmetricAlg.keyBits.sym; + + // If provided the input symmetric key must match the size of the algorithm + if(in->encryptionKeyIn.t.size != 0 + && in->encryptionKeyIn.t.size != (innerKeySize + 7) / 8) + return TPM_RCS_SIZE + RC_Duplicate_encryptionKeyIn; + } + +// Command Output + + if(in->newParentHandle != TPM_RH_NULL) + { + // Make encrypt key and its associated secret structure. A TPM_RC_KEY + // error may be returned at this point + out->outSymSeed.t.size = sizeof(out->outSymSeed.t.secret); + result = CryptSecretEncrypt(newParent, DUPLICATE_STRING, &data, + &out->outSymSeed); + if(result != TPM_RC_SUCCESS) + return result; + } + else + { + // Do not apply outer wrapper + data.t.size = 0; + out->outSymSeed.t.size = 0; + } + + // Copy sensitive area + sensitive = object->sensitive; + + // Prepare output private data from sensitive. + // Note: If there is no encryption key, one will be provided by + // SensitiveToDuplicate(). This is why the assignment of encryptionKeyIn to + // encryptionKeyOut will work properly and is not conditional. + SensitiveToDuplicate(&sensitive, &object->name.b, newParent, + object->publicArea.nameAlg, &data.b, + &in->symmetricAlg, &in->encryptionKeyIn, + &out->duplicate); + + out->encryptionKeyOut = in->encryptionKeyIn; + + return TPM_RC_SUCCESS; +} + +#endif // CC_Duplicate \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Duplication/Import.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Duplication/Import.c new file mode 100644 index 000000000..2ed53ccb6 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Duplication/Import.c @@ -0,0 +1,209 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "Import_fp.h" + +#if CC_Import // Conditional expansion of this file + +#include "Object_spt_fp.h" + +/*(See part 3 specification) +// This command allows an asymmetrically encrypted blob, containing a duplicated +// object to be re-encrypted using the group symmetric key associated with the +// parent. +*/ +// Return Type: TPM_RC +// TPM_RC_ATTRIBUTES 'FixedTPM' and 'fixedParent' of 'objectPublic' are not +// both CLEAR; or 'inSymSeed' is nonempty and +// 'parentHandle' does not reference a decryption key; or +// 'objectPublic' and 'parentHandle' have incompatible +// or inconsistent attributes; or +// encrytpedDuplication is SET in 'objectPublic' but the +// inner or outer wrapper is missing. +// Note that if the TPM provides parameter values, the +// parameter number will indicate 'symmetricKey' (missing +// inner wrapper) or 'inSymSeed' (missing outer wrapper) +// TPM_RC_BINDING 'duplicate' and 'objectPublic' are not +// cryptographically bound +// TPM_RC_ECC_POINT 'inSymSeed' is nonempty and ECC point in 'inSymSeed' +// is not on the curve +// TPM_RC_HASH 'objectPublic' does not have a valid nameAlg +// TPM_RC_INSUFFICIENT 'inSymSeed' is nonempty and failed to retrieve ECC +// point from the secret; or unmarshaling sensitive value +// from 'duplicate' failed the result of 'inSymSeed' +// decryption +// TPM_RC_INTEGRITY 'duplicate' integrity is broken +// TPM_RC_KDF 'objectPublic' representing decrypting keyed hash +// object specifies invalid KDF +// TPM_RC_KEY inconsistent parameters of 'objectPublic'; or +// 'inSymSeed' is nonempty and 'parentHandle' does not +// reference a key of supported type; or +// invalid key size in 'objectPublic' representing an +// asymmetric key +// TPM_RC_NO_RESULT 'inSymSeed' is nonempty and multiplication resulted in +// ECC point at infinity +// TPM_RC_OBJECT_MEMORY no available object slot +// TPM_RC_SCHEME inconsistent attributes 'decrypt', 'sign', +// 'restricted' and key's scheme ID in 'objectPublic'; +// or hash algorithm is inconsistent with the scheme ID +// for keyed hash object +// TPM_RC_SIZE 'authPolicy' size does not match digest size of the +// name algorithm in 'objectPublic'; or +// 'symmetricAlg' and 'encryptionKey' have different +// sizes; or +// 'inSymSeed' is nonempty and it size is not +// consistent with the type of 'parentHandle'; or +// unmarshaling sensitive value from 'duplicate' failed +// TPM_RC_SYMMETRIC 'objectPublic' is either a storage key with no +// symmetric algorithm or a non-storage key with +// symmetric algorithm different from TPM_ALG_NULL +// TPM_RC_TYPE unsupported type of 'objectPublic'; or +// 'parentHandle' is not a storage key; or +// only the public portion of 'parentHandle' is loaded; +// or 'objectPublic' and 'duplicate' are of different +// types +// TPM_RC_VALUE nonempty 'inSymSeed' and its numeric value is +// greater than the modulus of the key referenced by +// 'parentHandle' or 'inSymSeed' is larger than the +// size of the digest produced by the name algorithm of +// the symmetric key referenced by 'parentHandle' +TPM_RC +TPM2_Import( + Import_In *in, // IN: input parameter list + Import_Out *out // OUT: output parameter list + ) +{ + TPM_RC result = TPM_RC_SUCCESS; + OBJECT *parentObject; + TPM2B_DATA data; // symmetric key + TPMT_SENSITIVE sensitive; + TPM2B_NAME name; + TPMA_OBJECT attributes; + UINT16 innerKeySize = 0; // encrypt key size for inner + // wrapper + +// Input Validation + // to save typing + attributes = in->objectPublic.publicArea.objectAttributes; + // FixedTPM and fixedParent must be CLEAR + if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, fixedTPM) + || IS_ATTRIBUTE(attributes, TPMA_OBJECT, fixedParent)) + return TPM_RCS_ATTRIBUTES + RC_Import_objectPublic; + + // Get parent pointer + parentObject = HandleToObject(in->parentHandle); + + if(!ObjectIsParent(parentObject)) + return TPM_RCS_TYPE + RC_Import_parentHandle; + + if(in->symmetricAlg.algorithm != TPM_ALG_NULL) + { + // Get inner wrap key size + innerKeySize = in->symmetricAlg.keyBits.sym; + // Input symmetric key must match the size of algorithm. + if(in->encryptionKey.t.size != (innerKeySize + 7) / 8) + return TPM_RCS_SIZE + RC_Import_encryptionKey; + } + else + { + // If input symmetric algorithm is NULL, input symmetric key size must + // be 0 as well + if(in->encryptionKey.t.size != 0) + return TPM_RCS_SIZE + RC_Import_encryptionKey; + // If encryptedDuplication is SET, then the object must have an inner + // wrapper + if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, encryptedDuplication)) + return TPM_RCS_ATTRIBUTES + RC_Import_encryptionKey; + } + // See if there is an outer wrapper + if(in->inSymSeed.t.size != 0) + { + // in->inParentHandle is a parent, but in order to decrypt an outer wrapper, + // it must be able to do key exchange and a symmetric key can't do that. + if(parentObject->publicArea.type == TPM_ALG_SYMCIPHER) + return TPM_RCS_TYPE + RC_Import_parentHandle; + + // Decrypt input secret data via asymmetric decryption. TPM_RC_ATTRIBUTES, + // TPM_RC_ECC_POINT, TPM_RC_INSUFFICIENT, TPM_RC_KEY, TPM_RC_NO_RESULT, + // TPM_RC_SIZE, TPM_RC_VALUE may be returned at this point + result = CryptSecretDecrypt(parentObject, NULL, DUPLICATE_STRING, + &in->inSymSeed, &data); + pAssert(result != TPM_RC_BINDING); + if(result != TPM_RC_SUCCESS) + return RcSafeAddToResult(result, RC_Import_inSymSeed); + } + else + { + // If encrytpedDuplication is set, then the object must have an outer + // wrapper + if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, encryptedDuplication)) + return TPM_RCS_ATTRIBUTES + RC_Import_inSymSeed; + data.t.size = 0; + } + // Compute name of object + PublicMarshalAndComputeName(&(in->objectPublic.publicArea), &name); + if(name.t.size == 0) + return TPM_RCS_HASH + RC_Import_objectPublic; + + // Retrieve sensitive from private. + // TPM_RC_INSUFFICIENT, TPM_RC_INTEGRITY, TPM_RC_SIZE may be returned here. + result = DuplicateToSensitive(&in->duplicate.b, &name.b, parentObject, + in->objectPublic.publicArea.nameAlg, + &data.b, &in->symmetricAlg, + &in->encryptionKey.b, &sensitive); + if(result != TPM_RC_SUCCESS) + return RcSafeAddToResult(result, RC_Import_duplicate); + + // If the parent of this object has fixedTPM SET, then validate this + // object as if it were being loaded so that validation can be skipped + // when it is actually loaded. + if(IS_ATTRIBUTE(parentObject->publicArea.objectAttributes, TPMA_OBJECT, fixedTPM)) + { + result = ObjectLoad(NULL, NULL, &in->objectPublic.publicArea, + &sensitive, RC_Import_objectPublic, RC_Import_duplicate, + NULL); + } +// Command output + if(result == TPM_RC_SUCCESS) + { + // Prepare output private data from sensitive + SensitiveToPrivate(&sensitive, &name, parentObject, + in->objectPublic.publicArea.nameAlg, + &out->outPrivate); + } + return result; +} + +#endif // CC_Import \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Duplication/Rewrap.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Duplication/Rewrap.c new file mode 100644 index 000000000..ed29e4e1d --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Duplication/Rewrap.c @@ -0,0 +1,160 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "Rewrap_fp.h" + +#if CC_Rewrap // Conditional expansion of this file + +#include "Object_spt_fp.h" + +/*(See part 3 specification) +// This command allows the TPM to serve in the role as an MA. +*/ +// Return Type: TPM_RC +// TPM_RC_ATTRIBUTES 'newParent' is not a decryption key +// TPM_RC_HANDLE 'oldParent' does not consistent with inSymSeed +// TPM_RC_INTEGRITY the integrity check of 'inDuplicate' failed +// TPM_RC_KEY for an ECC key, the public key is not on the curve +// of the curve ID +// TPM_RC_KEY_SIZE the decrypted input symmetric key size +// does not matches the symmetric algorithm +// key size of 'oldParent' +// TPM_RC_TYPE 'oldParent' is not a storage key, or 'newParent +// is not a storage key +// TPM_RC_VALUE for an 'oldParent; RSA key, the data to be decrypted +// is greater than the public exponent +// Unmarshal errors errors during unmarshaling the input +// encrypted buffer to a ECC public key, or +// unmarshal the private buffer to sensitive +TPM_RC +TPM2_Rewrap( + Rewrap_In *in, // IN: input parameter list + Rewrap_Out *out // OUT: output parameter list + ) +{ + TPM_RC result = TPM_RC_SUCCESS; + TPM2B_DATA data; // symmetric key + UINT16 hashSize = 0; + TPM2B_PRIVATE privateBlob; // A temporary private blob + // to transit between old + // and new wrappers +// Input Validation + if((in->inSymSeed.t.size == 0 && in->oldParent != TPM_RH_NULL) + || (in->inSymSeed.t.size != 0 && in->oldParent == TPM_RH_NULL)) + return TPM_RCS_HANDLE + RC_Rewrap_oldParent; + if(in->oldParent != TPM_RH_NULL) + { + OBJECT *oldParent = HandleToObject(in->oldParent); + + // old parent key must be a storage object + if(!ObjectIsStorage(in->oldParent)) + return TPM_RCS_TYPE + RC_Rewrap_oldParent; + // Decrypt input secret data via asymmetric decryption. A + // TPM_RC_VALUE, TPM_RC_KEY or unmarshal errors may be returned at this + // point + result = CryptSecretDecrypt(oldParent, NULL, DUPLICATE_STRING, + &in->inSymSeed, &data); + if(result != TPM_RC_SUCCESS) + return TPM_RCS_VALUE + RC_Rewrap_inSymSeed; + // Unwrap Outer + result = UnwrapOuter(oldParent, &in->name.b, + oldParent->publicArea.nameAlg, &data.b, + FALSE, + in->inDuplicate.t.size, in->inDuplicate.t.buffer); + if(result != TPM_RC_SUCCESS) + return RcSafeAddToResult(result, RC_Rewrap_inDuplicate); + // Copy unwrapped data to temporary variable, remove the integrity field + hashSize = sizeof(UINT16) + + CryptHashGetDigestSize(oldParent->publicArea.nameAlg); + privateBlob.t.size = in->inDuplicate.t.size - hashSize; + pAssert(privateBlob.t.size <= sizeof(privateBlob.t.buffer)); + MemoryCopy(privateBlob.t.buffer, in->inDuplicate.t.buffer + hashSize, + privateBlob.t.size); + } + else + { + // No outer wrap from input blob. Direct copy. + privateBlob = in->inDuplicate; + } + if(in->newParent != TPM_RH_NULL) + { + OBJECT *newParent; + newParent = HandleToObject(in->newParent); + + // New parent must be a storage object + if(!ObjectIsStorage(in->newParent)) + return TPM_RCS_TYPE + RC_Rewrap_newParent; + // Make new encrypt key and its associated secret structure. A + // TPM_RC_VALUE error may be returned at this point if RSA algorithm is + // enabled in TPM + out->outSymSeed.t.size = sizeof(out->outSymSeed.t.secret); + result = CryptSecretEncrypt(newParent, DUPLICATE_STRING, &data, + &out->outSymSeed); + if(result != TPM_RC_SUCCESS) + return result; + // Copy temporary variable to output, reserve the space for integrity + hashSize = sizeof(UINT16) + + CryptHashGetDigestSize(newParent->publicArea.nameAlg); + // Make sure that everything fits into the output buffer + // Note: this is mostly only an issue if there was no outer wrapper on + // 'inDuplicate'. It could be as large as a TPM2B_PRIVATE buffer. If we add + // a digest for an outer wrapper, it won't fit anymore. + if((privateBlob.t.size + hashSize) > sizeof(out->outDuplicate.t.buffer)) + return TPM_RCS_VALUE + RC_Rewrap_inDuplicate; +// Command output + out->outDuplicate.t.size = privateBlob.t.size; + pAssert(privateBlob.t.size + <= sizeof(out->outDuplicate.t.buffer) - hashSize); + MemoryCopy(out->outDuplicate.t.buffer + hashSize, privateBlob.t.buffer, + privateBlob.t.size); + // Produce outer wrapper for output + out->outDuplicate.t.size = ProduceOuterWrap(newParent, &in->name.b, + newParent->publicArea.nameAlg, + &data.b, + FALSE, + out->outDuplicate.t.size, + out->outDuplicate.t.buffer); + } + else // New parent is a null key so there is no seed + { + out->outSymSeed.t.size = 0; + + // Copy privateBlob directly + out->outDuplicate = privateBlob; + } + return TPM_RC_SUCCESS; +} + +#endif // CC_Rewrap \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyAuthValue.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyAuthValue.c new file mode 100644 index 000000000..8f395d842 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyAuthValue.c @@ -0,0 +1,81 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "PolicyAuthValue_fp.h" + +#if CC_PolicyAuthValue // Conditional expansion of this file + +#include "Policy_spt_fp.h" + +/*(See part 3 specification) +// allows a policy to be bound to the authorization value of the authorized +// object +*/ +TPM_RC +TPM2_PolicyAuthValue( + PolicyAuthValue_In *in // IN: input parameter list + ) +{ + SESSION *session; + TPM_CC commandCode = TPM_CC_PolicyAuthValue; + HASH_STATE hashState; + +// Internal Data Update + + // Get pointer to the session structure + session = SessionGet(in->policySession); + + // Update policy hash + // policyDigestnew = hash(policyDigestold || TPM_CC_PolicyAuthValue) + // Start hash + CryptHashStart(&hashState, session->authHashAlg); + + // add old digest + CryptDigestUpdate2B(&hashState, &session->u2.policyDigest.b); + + // add commandCode + CryptDigestUpdateInt(&hashState, sizeof(TPM_CC), commandCode); + + // complete the hash and get the results + CryptHashEnd2B(&hashState, &session->u2.policyDigest.b); + + // update isAuthValueNeeded bit in the session context + session->attributes.isAuthValueNeeded = SET; + session->attributes.isPasswordNeeded = CLEAR; + + return TPM_RC_SUCCESS; +} + +#endif // CC_PolicyAuthValue \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyAuthorize.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyAuthorize.c new file mode 100644 index 000000000..a3b35aba6 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyAuthorize.c @@ -0,0 +1,125 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "PolicyAuthorize_fp.h" + +#if CC_PolicyAuthorize // Conditional expansion of this file + +#include "Policy_spt_fp.h" + +/*(See part 3 specification) +// Change policy by a signature from authority +*/ +// Return Type: TPM_RC +// TPM_RC_HASH hash algorithm in 'keyName' is not supported +// TPM_RC_SIZE 'keyName' is not the correct size for its hash algorithm +// TPM_RC_VALUE the current policyDigest of 'policySession' does not +// match 'approvedPolicy'; or 'checkTicket' doesn't match +// the provided values +TPM_RC +TPM2_PolicyAuthorize( + PolicyAuthorize_In *in // IN: input parameter list + ) +{ + SESSION *session; + TPM2B_DIGEST authHash; + HASH_STATE hashState; + TPMT_TK_VERIFIED ticket; + TPM_ALG_ID hashAlg; + UINT16 digestSize; + +// Input Validation + + // Get pointer to the session structure + session = SessionGet(in->policySession); + + // Extract from the Name of the key, the algorithm used to compute it's Name + hashAlg = BYTE_ARRAY_TO_UINT16(in->keySign.t.name); + + // 'keySign' parameter needs to use a supported hash algorithm, otherwise + // can't tell how large the digest should be + if(!CryptHashIsValidAlg(hashAlg, FALSE)) + return TPM_RCS_HASH + RC_PolicyAuthorize_keySign; + + digestSize = CryptHashGetDigestSize(hashAlg); + if(digestSize != (in->keySign.t.size - 2)) + return TPM_RCS_SIZE + RC_PolicyAuthorize_keySign; + + //If this is a trial policy, skip all validations + if(session->attributes.isTrialPolicy == CLEAR) + { + // Check that "approvedPolicy" matches the current value of the + // policyDigest in policy session + if(!MemoryEqual2B(&session->u2.policyDigest.b, + &in->approvedPolicy.b)) + return TPM_RCS_VALUE + RC_PolicyAuthorize_approvedPolicy; + + // Validate ticket TPMT_TK_VERIFIED + // Compute aHash. The authorizing object sign a digest + // aHash := hash(approvedPolicy || policyRef). + // Start hash + authHash.t.size = CryptHashStart(&hashState, hashAlg); + + // add approvedPolicy + CryptDigestUpdate2B(&hashState, &in->approvedPolicy.b); + + // add policyRef + CryptDigestUpdate2B(&hashState, &in->policyRef.b); + + // complete hash + CryptHashEnd2B(&hashState, &authHash.b); + + // re-compute TPMT_TK_VERIFIED + TicketComputeVerified(in->checkTicket.hierarchy, &authHash, + &in->keySign, &ticket); + + // Compare ticket digest. If not match, return error + if(!MemoryEqual2B(&in->checkTicket.digest.b, &ticket.digest.b)) + return TPM_RCS_VALUE + RC_PolicyAuthorize_checkTicket; + } + +// Internal Data Update + + // Set policyDigest to zero digest + PolicyDigestClear(session); + + // Update policyDigest + PolicyContextUpdate(TPM_CC_PolicyAuthorize, &in->keySign, &in->policyRef, + NULL, 0, session); + + return TPM_RC_SUCCESS; +} + +#endif // CC_PolicyAuthorize \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyAuthorizeNV.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyAuthorizeNV.c new file mode 100644 index 000000000..019548a40 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyAuthorizeNV.c @@ -0,0 +1,117 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" + +#if CC_PolicyAuthorizeNV // Conditional expansion of this file +#include "PolicyAuthorizeNV_fp.h" +#include "Policy_spt_fp.h" + +/*(See part 3 specification) +// Change policy by a signature from authority +*/ +// Return Type: TPM_RC +// TPM_RC_HASH hash algorithm in 'keyName' is not supported or is not +// the same as the hash algorithm of the policy session +// TPM_RC_SIZE 'keyName' is not the correct size for its hash algorithm +// TPM_RC_VALUE the current policyDigest of 'policySession' does not +// match 'approvedPolicy'; or 'checkTicket' doesn't match +// the provided values +TPM_RC +TPM2_PolicyAuthorizeNV( + PolicyAuthorizeNV_In *in + ) +{ + SESSION *session; + TPM_RC result; + NV_REF locator; + NV_INDEX *nvIndex = NvGetIndexInfo(in->nvIndex, &locator); + TPM2B_NAME name; + TPMT_HA policyInNv; + BYTE nvTemp[sizeof(TPMT_HA)]; + BYTE *buffer = nvTemp; + INT32 size; + +// Input Validation + // Get pointer to the session structure + session = SessionGet(in->policySession); + + // Skip checks if this is a trial policy + if(!session->attributes.isTrialPolicy) + { + // Check the authorizations for reading + // Common read access checks. NvReadAccessChecks() returns + // TPM_RC_NV_AUTHORIZATION, TPM_RC_NV_LOCKED, or TPM_RC_NV_UNINITIALIZED + // error may be returned at this point + result = NvReadAccessChecks(in->authHandle, in->nvIndex, + nvIndex->publicArea.attributes); + if(result != TPM_RC_SUCCESS) + return result; + + // Read the contents of the index into a temp buffer + size = MIN(nvIndex->publicArea.dataSize, sizeof(TPMT_HA)); + NvGetIndexData(nvIndex, locator, 0, (UINT16)size, nvTemp); + + // Unmarshal the contents of the buffer into the internal format of a + // TPMT_HA so that the hash and digest elements can be accessed from the + // structure rather than the byte array that is in the Index (written by + // user of the Index). + result = TPMT_HA_Unmarshal(&policyInNv, &buffer, &size, FALSE); + if(result != TPM_RC_SUCCESS) + return result; + + // Verify that the hash is the same + if(policyInNv.hashAlg != session->authHashAlg) + return TPM_RC_HASH; + + // See if the contents of the digest in the Index matches the value + // in the policy + if(!MemoryEqual(&policyInNv.digest, &session->u2.policyDigest.t.buffer, + session->u2.policyDigest.t.size)) + return TPM_RC_VALUE; + } + +// Internal Data Update + + // Set policyDigest to zero digest + PolicyDigestClear(session); + + // Update policyDigest + PolicyContextUpdate(TPM_CC_PolicyAuthorizeNV, EntityGetName(in->nvIndex, &name), + NULL, NULL, 0, session); + + return TPM_RC_SUCCESS; +} + +#endif // CC_PolicyAuthorize \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyCommandCode.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyCommandCode.c new file mode 100644 index 000000000..dcd7f54dd --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyCommandCode.c @@ -0,0 +1,90 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "PolicyCommandCode_fp.h" + +#if CC_PolicyCommandCode // Conditional expansion of this file + +/*(See part 3 specification) +// Add a Command Code restriction to the policyDigest +*/ +// Return Type: TPM_RC +// TPM_RC_VALUE 'commandCode' of 'policySession' previously set to +// a different value + +TPM_RC +TPM2_PolicyCommandCode( + PolicyCommandCode_In *in // IN: input parameter list + ) +{ + SESSION *session; + TPM_CC commandCode = TPM_CC_PolicyCommandCode; + HASH_STATE hashState; + +// Input validation + + // Get pointer to the session structure + session = SessionGet(in->policySession); + + if(session->commandCode != 0 && session->commandCode != in->code) + return TPM_RCS_VALUE + RC_PolicyCommandCode_code; + if(CommandCodeToCommandIndex(in->code) == UNIMPLEMENTED_COMMAND_INDEX) + return TPM_RCS_POLICY_CC + RC_PolicyCommandCode_code; + +// Internal Data Update + // Update policy hash + // policyDigestnew = hash(policyDigestold || TPM_CC_PolicyCommandCode || code) + // Start hash + CryptHashStart(&hashState, session->authHashAlg); + + // add old digest + CryptDigestUpdate2B(&hashState, &session->u2.policyDigest.b); + + // add commandCode + CryptDigestUpdateInt(&hashState, sizeof(TPM_CC), commandCode); + + // add input commandCode + CryptDigestUpdateInt(&hashState, sizeof(TPM_CC), in->code); + + // complete the hash and get the results + CryptHashEnd2B(&hashState, &session->u2.policyDigest.b); + + // update commandCode value in session context + session->commandCode = in->code; + + return TPM_RC_SUCCESS; +} + +#endif // CC_PolicyCommandCode \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyCounterTimer.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyCounterTimer.c new file mode 100644 index 000000000..1c447071f --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyCounterTimer.c @@ -0,0 +1,129 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "PolicyCounterTimer_fp.h" + +#if CC_PolicyCounterTimer // Conditional expansion of this file + +#include "Policy_spt_fp.h" + +/*(See part 3 specification) +// Add a conditional gating of a policy based on the contents of the +// TPMS_TIME_INFO structure. +*/ +// Return Type: TPM_RC +// TPM_RC_POLICY the comparison of the selected portion of the +// TPMS_TIME_INFO with 'operandB' failed +// TPM_RC_RANGE 'offset' + 'size' exceed size of TPMS_TIME_INFO +// structure +TPM_RC +TPM2_PolicyCounterTimer( + PolicyCounterTimer_In *in // IN: input parameter list + ) +{ + SESSION *session; + TIME_INFO infoData; // data buffer of TPMS_TIME_INFO + BYTE *pInfoData = (BYTE *)&infoData; + UINT16 infoDataSize; + TPM_CC commandCode = TPM_CC_PolicyCounterTimer; + HASH_STATE hashState; + TPM2B_DIGEST argHash; + +// Input Validation + // Get a marshaled time structure + infoDataSize = TimeGetMarshaled(&infoData); + // Make sure that the referenced stays within the bounds of the structure. + // NOTE: the offset checks are made even for a trial policy because the policy + // will not make any sense if the references are out of bounds of the timer + // structure. + if(in->offset > infoDataSize) + return TPM_RCS_VALUE + RC_PolicyCounterTimer_offset; + if((UINT32)in->offset + (UINT32)in->operandB.t.size > infoDataSize) + return TPM_RCS_RANGE; + // Get pointer to the session structure + session = SessionGet(in->policySession); + + //If this is a trial policy, skip the check to see if the condition is met. + if(session->attributes.isTrialPolicy == CLEAR) + { + // If the command is going to use any part of the counter or timer, need + // to verify that time is advancing. + // The time and clock vales are the first two 64-bit values in the clock + if(in->offset < sizeof(UINT64) + sizeof(UINT64)) + { + // Using Clock or Time so see if clock is running. Clock doesn't + // run while NV is unavailable. + // TPM_RC_NV_UNAVAILABLE or TPM_RC_NV_RATE error may be returned here. + RETURN_IF_NV_IS_NOT_AVAILABLE; + } + // offset to the starting position + pInfoData = (BYTE *)infoData; + // Check to see if the condition is valid + if(!PolicySptCheckCondition(in->operation, pInfoData + in->offset, + in->operandB.t.buffer, in->operandB.t.size)) + return TPM_RC_POLICY; + } +// Internal Data Update + // Start argument list hash + argHash.t.size = CryptHashStart(&hashState, session->authHashAlg); + // add operandB + CryptDigestUpdate2B(&hashState, &in->operandB.b); + // add offset + CryptDigestUpdateInt(&hashState, sizeof(UINT16), in->offset); + // add operation + CryptDigestUpdateInt(&hashState, sizeof(TPM_EO), in->operation); + // complete argument hash + CryptHashEnd2B(&hashState, &argHash.b); + + // update policyDigest + // start hash + CryptHashStart(&hashState, session->authHashAlg); + + // add old digest + CryptDigestUpdate2B(&hashState, &session->u2.policyDigest.b); + + // add commandCode + CryptDigestUpdateInt(&hashState, sizeof(TPM_CC), commandCode); + + // add argument digest + CryptDigestUpdate2B(&hashState, &argHash.b); + + // complete the digest + CryptHashEnd2B(&hashState, &session->u2.policyDigest.b); + + return TPM_RC_SUCCESS; +} + +#endif // CC_PolicyCounterTimer \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyCpHash.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyCpHash.c new file mode 100644 index 000000000..cdcfcb7ee --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyCpHash.c @@ -0,0 +1,103 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "PolicyCpHash_fp.h" + +#if CC_PolicyCpHash // Conditional expansion of this file + +/*(See part 3 specification) +// Add a cpHash restriction to the policyDigest +*/ +// Return Type: TPM_RC +// TPM_RC_CPHASH cpHash of 'policySession' has previously been set +// to a different value +// TPM_RC_SIZE 'cpHashA' is not the size of a digest produced +// by the hash algorithm associated with +// 'policySession' +TPM_RC +TPM2_PolicyCpHash( + PolicyCpHash_In *in // IN: input parameter list + ) +{ + SESSION *session; + TPM_CC commandCode = TPM_CC_PolicyCpHash; + HASH_STATE hashState; + +// Input Validation + + // Get pointer to the session structure + session = SessionGet(in->policySession); + + // A valid cpHash must have the same size as session hash digest + // NOTE: the size of the digest can't be zero because TPM_ALG_NULL + // can't be used for the authHashAlg. + if(in->cpHashA.t.size != CryptHashGetDigestSize(session->authHashAlg)) + return TPM_RCS_SIZE + RC_PolicyCpHash_cpHashA; + + // error if the cpHash in session context is not empty and is not the same + // as the input or is not a cpHash + if((session->u1.cpHash.t.size != 0) + && (!session->attributes.isCpHashDefined + || !MemoryEqual2B(&in->cpHashA.b, &session->u1.cpHash.b))) + return TPM_RC_CPHASH; + + +// Internal Data Update + + // Update policy hash + // policyDigestnew = hash(policyDigestold || TPM_CC_PolicyCpHash || cpHashA) + // Start hash + CryptHashStart(&hashState, session->authHashAlg); + + // add old digest + CryptDigestUpdate2B(&hashState, &session->u2.policyDigest.b); + + // add commandCode + CryptDigestUpdateInt(&hashState, sizeof(TPM_CC), commandCode); + + // add cpHashA + CryptDigestUpdate2B(&hashState, &in->cpHashA.b); + + // complete the digest and get the results + CryptHashEnd2B(&hashState, &session->u2.policyDigest.b); + + // update cpHash in session context + session->u1.cpHash = in->cpHashA; + session->attributes.isCpHashDefined = SET; + + return TPM_RC_SUCCESS; +} + +#endif // CC_PolicyCpHash \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyDuplicationSelect.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyDuplicationSelect.c new file mode 100644 index 000000000..6eec4a773 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyDuplicationSelect.c @@ -0,0 +1,113 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "PolicyDuplicationSelect_fp.h" + +#if CC_PolicyDuplicationSelect // Conditional expansion of this file + +/*(See part 3 specification) +// allows qualification of duplication so that it a specific new parent may be +// selected or a new parent selected for a specific object. +*/ +// Return Type: TPM_RC +// TPM_RC_COMMAND_CODE 'commandCode' of 'policySession; is not empty +// TPM_RC_CPHASH 'cpHash' of 'policySession' is not empty +TPM_RC +TPM2_PolicyDuplicationSelect( + PolicyDuplicationSelect_In *in // IN: input parameter list + ) +{ + SESSION *session; + HASH_STATE hashState; + TPM_CC commandCode = TPM_CC_PolicyDuplicationSelect; + +// Input Validation + + // Get pointer to the session structure + session = SessionGet(in->policySession); + + // cpHash in session context must be empty + if(session->u1.cpHash.t.size != 0) + return TPM_RC_CPHASH; + + // commandCode in session context must be empty + if(session->commandCode != 0) + return TPM_RC_COMMAND_CODE; + +// Internal Data Update + + // Update name hash + session->u1.cpHash.t.size = CryptHashStart(&hashState, session->authHashAlg); + + // add objectName + CryptDigestUpdate2B(&hashState, &in->objectName.b); + + // add new parent name + CryptDigestUpdate2B(&hashState, &in->newParentName.b); + + // complete hash + CryptHashEnd2B(&hashState, &session->u1.cpHash.b); + + // update policy hash + // Old policyDigest size should be the same as the new policyDigest size since + // they are using the same hash algorithm + session->u2.policyDigest.t.size + = CryptHashStart(&hashState, session->authHashAlg); +// add old policy + CryptDigestUpdate2B(&hashState, &session->u2.policyDigest.b); + + // add command code + CryptDigestUpdateInt(&hashState, sizeof(TPM_CC), commandCode); + + // add objectName + if(in->includeObject == YES) + CryptDigestUpdate2B(&hashState, &in->objectName.b); + + // add new parent name + CryptDigestUpdate2B(&hashState, &in->newParentName.b); + + // add includeObject + CryptDigestUpdateInt(&hashState, sizeof(TPMI_YES_NO), in->includeObject); + + // complete digest + CryptHashEnd2B(&hashState, &session->u2.policyDigest.b); + + // set commandCode in session context + session->commandCode = TPM_CC_Duplicate; + + return TPM_RC_SUCCESS; +} + +#endif // CC_PolicyDuplicationSelect \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyGetDigest.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyGetDigest.c new file mode 100644 index 000000000..decadfc03 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyGetDigest.c @@ -0,0 +1,61 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "PolicyGetDigest_fp.h" + +#if CC_PolicyGetDigest // Conditional expansion of this file + +/*(See part 3 specification) +// returns the current policyDigest of the session +*/ +TPM_RC +TPM2_PolicyGetDigest( + PolicyGetDigest_In *in, // IN: input parameter list + PolicyGetDigest_Out *out // OUT: output parameter list + ) +{ + SESSION *session; + +// Command Output + + // Get pointer to the session structure + session = SessionGet(in->policySession); + + out->policyDigest = session->u2.policyDigest; + + return TPM_RC_SUCCESS; +} + +#endif // CC_PolicyGetDigest \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyLocality.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyLocality.c new file mode 100644 index 000000000..cff6c77a8 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyLocality.c @@ -0,0 +1,138 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "PolicyLocality_fp.h" + + +#if CC_PolicyLocality // Conditional expansion of this file + +// Return Type: TPM_RC +// TPM_RC_RANGE all the locality values selected by +// 'locality' have been disabled +// by previous TPM2_PolicyLocality() calls. +TPM_RC +TPM2_PolicyLocality( + PolicyLocality_In *in // IN: input parameter list + ) +{ + SESSION *session; + BYTE marshalBuffer[sizeof(TPMA_LOCALITY)]; + BYTE prevSetting[sizeof(TPMA_LOCALITY)]; + UINT32 marshalSize; + BYTE *buffer; + TPM_CC commandCode = TPM_CC_PolicyLocality; + HASH_STATE hashState; + +// Input Validation + + // Get pointer to the session structure + session = SessionGet(in->policySession); + + // Get new locality setting in canonical form + marshalBuffer[0] = 0; // Code analysis says that this is not initialized + buffer = marshalBuffer; + marshalSize = TPMA_LOCALITY_Marshal(&in->locality, &buffer, NULL); + + // Its an error if the locality parameter is zero + if(marshalBuffer[0] == 0) + return TPM_RCS_RANGE + RC_PolicyLocality_locality; + + // Get existing locality setting in canonical form + prevSetting[0] = 0; // Code analysis says that this is not initialized + buffer = prevSetting; + TPMA_LOCALITY_Marshal(&session->commandLocality, &buffer, NULL); + + // If the locality has previously been set + if(prevSetting[0] != 0 + // then the current locality setting and the requested have to be the same + // type (that is, either both normal or both extended + && ((prevSetting[0] < 32) != (marshalBuffer[0] < 32))) + return TPM_RCS_RANGE + RC_PolicyLocality_locality; + + // See if the input is a regular or extended locality + if(marshalBuffer[0] < 32) + { + // if there was no previous setting, start with all normal localities + // enabled + if(prevSetting[0] == 0) + prevSetting[0] = 0x1F; + + // AND the new setting with the previous setting and store it in prevSetting + prevSetting[0] &= marshalBuffer[0]; + + // The result setting can not be 0 + if(prevSetting[0] == 0) + return TPM_RCS_RANGE + RC_PolicyLocality_locality; + } + else + { + // for extended locality + // if the locality has already been set, then it must match the + if(prevSetting[0] != 0 && prevSetting[0] != marshalBuffer[0]) + return TPM_RCS_RANGE + RC_PolicyLocality_locality; + + // Setting is OK + prevSetting[0] = marshalBuffer[0]; + } + +// Internal Data Update + + // Update policy hash + // policyDigestnew = hash(policyDigestold || TPM_CC_PolicyLocality || locality) + // Start hash + CryptHashStart(&hashState, session->authHashAlg); + + // add old digest + CryptDigestUpdate2B(&hashState, &session->u2.policyDigest.b); + + // add commandCode + CryptDigestUpdateInt(&hashState, sizeof(TPM_CC), commandCode); + + // add input locality + CryptDigestUpdate(&hashState, marshalSize, marshalBuffer); + + // complete the digest + CryptHashEnd2B(&hashState, &session->u2.policyDigest.b); + + // update session locality by unmarshal function. The function must succeed + // because both input and existing locality setting have been validated. + buffer = prevSetting; + TPMA_LOCALITY_Unmarshal(&session->commandLocality, &buffer, + (INT32 *)&marshalSize); + + return TPM_RC_SUCCESS; +} + +#endif // CC_PolicyLocality \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyNV.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyNV.c new file mode 100644 index 000000000..65e7a91f0 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyNV.c @@ -0,0 +1,143 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "PolicyNV_fp.h" + +#if CC_PolicyNV // Conditional expansion of this file + +#include "Policy_spt_fp.h" + +/*(See part 3 specification) +// Do comparison to NV location +*/ +// Return Type: TPM_RC +// TPM_RC_AUTH_TYPE NV index authorization type is not correct +// TPM_RC_NV_LOCKED NV index read locked +// TPM_RC_NV_UNINITIALIZED the NV index has not been initialized +// TPM_RC_POLICY the comparison to the NV contents failed +// TPM_RC_SIZE the size of 'nvIndex' data starting at 'offset' +// is less than the size of 'operandB' +// TPM_RC_VALUE 'offset' is too large +TPM_RC +TPM2_PolicyNV( + PolicyNV_In *in // IN: input parameter list + ) +{ + TPM_RC result; + SESSION *session; + NV_REF locator; + NV_INDEX *nvIndex; + BYTE nvBuffer[sizeof(in->operandB.t.buffer)]; + TPM2B_NAME nvName; + TPM_CC commandCode = TPM_CC_PolicyNV; + HASH_STATE hashState; + TPM2B_DIGEST argHash; + +// Input Validation + + // Get pointer to the session structure + session = SessionGet(in->policySession); + + //If this is a trial policy, skip all validations and the operation + if(session->attributes.isTrialPolicy == CLEAR) + { + // No need to access the actual NV index information for a trial policy. + nvIndex = NvGetIndexInfo(in->nvIndex, &locator); + + // Common read access checks. NvReadAccessChecks() may return + // TPM_RC_NV_AUTHORIZATION, TPM_RC_NV_LOCKED, or TPM_RC_NV_UNINITIALIZED + result = NvReadAccessChecks(in->authHandle, + in->nvIndex, + nvIndex->publicArea.attributes); + if(result != TPM_RC_SUCCESS) + return result; + + // Make sure that offset is withing range + if(in->offset > nvIndex->publicArea.dataSize) + return TPM_RCS_VALUE + RC_PolicyNV_offset; + + // Valid NV data size should not be smaller than input operandB size + if((nvIndex->publicArea.dataSize - in->offset) < in->operandB.t.size) + return TPM_RCS_SIZE + RC_PolicyNV_operandB; + + + // Get NV data. The size of NV data equals the input operand B size + NvGetIndexData(nvIndex, locator, in->offset, in->operandB.t.size, nvBuffer); + + // Check to see if the condition is valid + if(!PolicySptCheckCondition(in->operation, nvBuffer, + in->operandB.t.buffer, in->operandB.t.size)) + return TPM_RC_POLICY; + } +// Internal Data Update + + // Start argument hash + argHash.t.size = CryptHashStart(&hashState, session->authHashAlg); + + // add operandB + CryptDigestUpdate2B(&hashState, &in->operandB.b); + + // add offset + CryptDigestUpdateInt(&hashState, sizeof(UINT16), in->offset); + + // add operation + CryptDigestUpdateInt(&hashState, sizeof(TPM_EO), in->operation); + + // complete argument digest + CryptHashEnd2B(&hashState, &argHash.b); + + // Update policyDigest + // Start digest + CryptHashStart(&hashState, session->authHashAlg); + + // add old digest + CryptDigestUpdate2B(&hashState, &session->u2.policyDigest.b); + + // add commandCode + CryptDigestUpdateInt(&hashState, sizeof(TPM_CC), commandCode); + + // add argument digest + CryptDigestUpdate2B(&hashState, &argHash.b); + + // Adding nvName + CryptDigestUpdate2B(&hashState, &EntityGetName(in->nvIndex, &nvName)->b); + + // complete the digest + CryptHashEnd2B(&hashState, &session->u2.policyDigest.b); + + return TPM_RC_SUCCESS; +} + +#endif // CC_PolicyNV \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyNameHash.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyNameHash.c new file mode 100644 index 000000000..fc9e28e4d --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyNameHash.c @@ -0,0 +1,99 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "PolicyNameHash_fp.h" + +#if CC_PolicyNameHash // Conditional expansion of this file + +/*(See part 3 specification) +// Add a nameHash restriction to the policyDigest +*/ +// Return Type: TPM_RC +// TPM_RC_CPHASH 'nameHash' has been previously set to a different value +// TPM_RC_SIZE 'nameHash' is not the size of the digest produced by the +// hash algorithm associated with 'policySession' +TPM_RC +TPM2_PolicyNameHash( + PolicyNameHash_In *in // IN: input parameter list + ) +{ + SESSION *session; + TPM_CC commandCode = TPM_CC_PolicyNameHash; + HASH_STATE hashState; + +// Input Validation + + // Get pointer to the session structure + session = SessionGet(in->policySession); + + // A valid nameHash must have the same size as session hash digest + // Since the authHashAlg for a session cannot be TPM_ALG_NULL, the digest size + // is always non-zero. + if(in->nameHash.t.size != CryptHashGetDigestSize(session->authHashAlg)) + return TPM_RCS_SIZE + RC_PolicyNameHash_nameHash; + + // u1 in the policy session context cannot otherwise be occupied + if(session->u1.cpHash.b.size != 0 + || session->attributes.isBound + || session->attributes.isCpHashDefined + || session->attributes.isTemplateSet) + return TPM_RC_CPHASH; + +// Internal Data Update + + // Update policy hash + // policyDigestnew = hash(policyDigestold || TPM_CC_PolicyNameHash || nameHash) + // Start hash + CryptHashStart(&hashState, session->authHashAlg); + + // add old digest + CryptDigestUpdate2B(&hashState, &session->u2.policyDigest.b); + + // add commandCode + CryptDigestUpdateInt(&hashState, sizeof(TPM_CC), commandCode); + + // add nameHash + CryptDigestUpdate2B(&hashState, &in->nameHash.b); + + // complete the digest + CryptHashEnd2B(&hashState, &session->u2.policyDigest.b); + + // update nameHash in session context + session->u1.cpHash = in->nameHash; + + return TPM_RC_SUCCESS; +} + +#endif // CC_PolicyNameHash \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyNvWritten.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyNvWritten.c new file mode 100644 index 000000000..d71af6c0a --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyNvWritten.c @@ -0,0 +1,95 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "PolicyNvWritten_fp.h" + +#if CC_PolicyNvWritten // Conditional expansion of this file + +// Make an NV Index policy dependent on the state of the TPMA_NV_WRITTEN +// attribute of the index. +// Return Type: TPM_RC +// TPM_RC_VALUE a conflicting request for the attribute has +// already been processed +TPM_RC +TPM2_PolicyNvWritten( + PolicyNvWritten_In *in // IN: input parameter list + ) +{ + SESSION *session; + TPM_CC commandCode = TPM_CC_PolicyNvWritten; + HASH_STATE hashState; + +// Input Validation + + // Get pointer to the session structure + session = SessionGet(in->policySession); + + // If already set is this a duplicate (the same setting)? If it + // is a conflicting setting, it is an error + if(session->attributes.checkNvWritten == SET) + { + if(((session->attributes.nvWrittenState == SET) + != (in->writtenSet == YES))) + return TPM_RCS_VALUE + RC_PolicyNvWritten_writtenSet; + } + +// Internal Data Update + + // Set session attributes so that the NV Index needs to be checked + session->attributes.checkNvWritten = SET; + session->attributes.nvWrittenState = (in->writtenSet == YES); + + // Update policy hash + // policyDigestnew = hash(policyDigestold || TPM_CC_PolicyNvWritten + // || writtenSet) + // Start hash + CryptHashStart(&hashState, session->authHashAlg); + + // add old digest + CryptDigestUpdate2B(&hashState, &session->u2.policyDigest.b); + + // add commandCode + CryptDigestUpdateInt(&hashState, sizeof(TPM_CC), commandCode); + + // add the byte of writtenState + CryptDigestUpdateInt(&hashState, sizeof(TPMI_YES_NO), in->writtenSet); + + // complete the digest + CryptHashEnd2B(&hashState, &session->u2.policyDigest.b); + + return TPM_RC_SUCCESS; +} + +#endif // CC_PolicyNvWritten \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyOR.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyOR.c new file mode 100644 index 000000000..8d0553628 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyOR.c @@ -0,0 +1,99 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "PolicyOR_fp.h" + +#if CC_PolicyOR // Conditional expansion of this file + +#include "Policy_spt_fp.h" + +/*(See part 3 specification) +// PolicyOR command +*/ +// Return Type: TPM_RC +// TPM_RC_VALUE no digest in 'pHashList' matched the current +// value of policyDigest for 'policySession' +TPM_RC +TPM2_PolicyOR( + PolicyOR_In *in // IN: input parameter list + ) +{ + SESSION *session; + UINT32 i; + +// Input Validation and Update + + // Get pointer to the session structure + session = SessionGet(in->policySession); + + // Compare and Update Internal Session policy if match + for(i = 0; i < in->pHashList.count; i++) + { + if(session->attributes.isTrialPolicy == SET + || (MemoryEqual2B(&session->u2.policyDigest.b, + &in->pHashList.digests[i].b))) + { + // Found a match + HASH_STATE hashState; + TPM_CC commandCode = TPM_CC_PolicyOR; + + // Start hash + session->u2.policyDigest.t.size + = CryptHashStart(&hashState, session->authHashAlg); + // Set policyDigest to 0 string and add it to hash + MemorySet(session->u2.policyDigest.t.buffer, 0, + session->u2.policyDigest.t.size); + CryptDigestUpdate2B(&hashState, &session->u2.policyDigest.b); + + // add command code + CryptDigestUpdateInt(&hashState, sizeof(TPM_CC), commandCode); + + // Add each of the hashes in the list + for(i = 0; i < in->pHashList.count; i++) + { + // Extend policyDigest + CryptDigestUpdate2B(&hashState, &in->pHashList.digests[i].b); + } + // Complete digest + CryptHashEnd2B(&hashState, &session->u2.policyDigest.b); + + return TPM_RC_SUCCESS; + } + } + // None of the values in the list matched the current policyDigest + return TPM_RCS_VALUE + RC_PolicyOR_pHashList; +} + +#endif // CC_PolicyOR \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyPCR.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyPCR.c new file mode 100644 index 000000000..53248f202 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyPCR.c @@ -0,0 +1,125 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "PolicyPCR_fp.h" + +#if CC_PolicyPCR // Conditional expansion of this file + +/*(See part 3 specification) +// Add a PCR gate for a policy session +*/ +// Return Type: TPM_RC +// TPM_RC_VALUE if provided, 'pcrDigest' does not match the +// current PCR settings +// TPM_RC_PCR_CHANGED a previous TPM2_PolicyPCR() set +// pcrCounter and it has changed +TPM_RC +TPM2_PolicyPCR( + PolicyPCR_In *in // IN: input parameter list + ) +{ + SESSION *session; + TPM2B_DIGEST pcrDigest; + BYTE pcrs[sizeof(TPML_PCR_SELECTION)]; + UINT32 pcrSize; + BYTE *buffer; + TPM_CC commandCode = TPM_CC_PolicyPCR; + HASH_STATE hashState; + +// Input Validation + + // Get pointer to the session structure + session = SessionGet(in->policySession); + + // Compute current PCR digest + PCRComputeCurrentDigest(session->authHashAlg, &in->pcrs, &pcrDigest); + + // Do validation for non trial session + if(session->attributes.isTrialPolicy == CLEAR) + { + // Make sure that this is not going to invalidate a previous PCR check + if(session->pcrCounter != 0 && session->pcrCounter != gr.pcrCounter) + return TPM_RC_PCR_CHANGED; + + // If the caller specified the PCR digest and it does not + // match the current PCR settings, return an error.. + if(in->pcrDigest.t.size != 0) + { + if(!MemoryEqual2B(&in->pcrDigest.b, &pcrDigest.b)) + return TPM_RCS_VALUE + RC_PolicyPCR_pcrDigest; + } + } + else + { + // For trial session, just use the input PCR digest if one provided + // Note: It can't be too big because it is a TPM2B_DIGEST and the size + // would have been checked during unmarshaling + if(in->pcrDigest.t.size != 0) + pcrDigest = in->pcrDigest; + } +// Internal Data Update + // Update policy hash + // policyDigestnew = hash( policyDigestold || TPM_CC_PolicyPCR + // || PCRS || pcrDigest) + // Start hash + CryptHashStart(&hashState, session->authHashAlg); + + // add old digest + CryptDigestUpdate2B(&hashState, &session->u2.policyDigest.b); + + // add commandCode + CryptDigestUpdateInt(&hashState, sizeof(TPM_CC), commandCode); + + // add PCRS + buffer = pcrs; + pcrSize = TPML_PCR_SELECTION_Marshal(&in->pcrs, &buffer, NULL); + CryptDigestUpdate(&hashState, pcrSize, pcrs); + + // add PCR digest + CryptDigestUpdate2B(&hashState, &pcrDigest.b); + + // complete the hash and get the results + CryptHashEnd2B(&hashState, &session->u2.policyDigest.b); + + // update pcrCounter in session context for non trial session + if(session->attributes.isTrialPolicy == CLEAR) + { + session->pcrCounter = gr.pcrCounter; + } + + return TPM_RC_SUCCESS; +} + +#endif // CC_PolicyPCR \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyPassword.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyPassword.c new file mode 100644 index 000000000..310df5e31 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyPassword.c @@ -0,0 +1,81 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "PolicyPassword_fp.h" + +#if CC_PolicyPassword // Conditional expansion of this file + +#include "Policy_spt_fp.h" + +/*(See part 3 specification) +// allows a policy to be bound to the authorization value of the authorized +// object +*/ +TPM_RC +TPM2_PolicyPassword( + PolicyPassword_In *in // IN: input parameter list + ) +{ + SESSION *session; + TPM_CC commandCode = TPM_CC_PolicyAuthValue; + HASH_STATE hashState; + +// Internal Data Update + + // Get pointer to the session structure + session = SessionGet(in->policySession); + + // Update policy hash + // policyDigestnew = hash(policyDigestold || TPM_CC_PolicyAuthValue) + // Start hash + CryptHashStart(&hashState, session->authHashAlg); + + // add old digest + CryptDigestUpdate2B(&hashState, &session->u2.policyDigest.b); + + // add commandCode + CryptDigestUpdateInt(&hashState, sizeof(TPM_CC), commandCode); + + // complete the digest + CryptHashEnd2B(&hashState, &session->u2.policyDigest.b); + + // Update isPasswordNeeded bit + session->attributes.isPasswordNeeded = SET; + session->attributes.isAuthValueNeeded = CLEAR; + + return TPM_RC_SUCCESS; +} + +#endif // CC_PolicyPassword \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyPhysicalPresence.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyPhysicalPresence.c new file mode 100644 index 000000000..23af572cd --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyPhysicalPresence.c @@ -0,0 +1,78 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "PolicyPhysicalPresence_fp.h" + +#if CC_PolicyPhysicalPresence // Conditional expansion of this file + +/*(See part 3 specification) +// indicate that physical presence will need to be asserted at the time the +// authorization is performed +*/ +TPM_RC +TPM2_PolicyPhysicalPresence( + PolicyPhysicalPresence_In *in // IN: input parameter list + ) +{ + SESSION *session; + TPM_CC commandCode = TPM_CC_PolicyPhysicalPresence; + HASH_STATE hashState; + +// Internal Data Update + + // Get pointer to the session structure + session = SessionGet(in->policySession); + + // Update policy hash + // policyDigestnew = hash(policyDigestold || TPM_CC_PolicyPhysicalPresence) + // Start hash + CryptHashStart(&hashState, session->authHashAlg); + + // add old digest + CryptDigestUpdate2B(&hashState, &session->u2.policyDigest.b); + + // add commandCode + CryptDigestUpdateInt(&hashState, sizeof(TPM_CC), commandCode); + + // complete the digest + CryptHashEnd2B(&hashState, &session->u2.policyDigest.b); + + // update session attribute + session->attributes.isPPRequired = SET; + + return TPM_RC_SUCCESS; +} + +#endif // CC_PolicyPhysicalPresence \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicySecret.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicySecret.c new file mode 100644 index 000000000..da6583eda --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicySecret.c @@ -0,0 +1,128 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "PolicySecret_fp.h" + +#if CC_PolicySecret // Conditional expansion of this file + +#include "Policy_spt_fp.h" +#include "NV_spt_fp.h" + +/*(See part 3 specification) +// Add a secret-based authorization to the policy evaluation +*/ +// Return Type: TPM_RC +// TPM_RC_CPHASH cpHash for policy was previously set to a +// value that is not the same as 'cpHashA' +// TPM_RC_EXPIRED 'expiration' indicates a time in the past +// TPM_RC_NONCE 'nonceTPM' does not match the nonce associated +// with 'policySession' +// TPM_RC_SIZE 'cpHashA' is not the size of a digest for the +// hash associated with 'policySession' +TPM_RC +TPM2_PolicySecret( + PolicySecret_In *in, // IN: input parameter list + PolicySecret_Out *out // OUT: output parameter list + ) +{ + TPM_RC result; + SESSION *session; + TPM2B_NAME entityName; + UINT64 authTimeout = 0; +// Input Validation + // Get pointer to the session structure + session = SessionGet(in->policySession); + + //Only do input validation if this is not a trial policy session + if(session->attributes.isTrialPolicy == CLEAR) + { + authTimeout = ComputeAuthTimeout(session, in->expiration, &in->nonceTPM); + + result = PolicyParameterChecks(session, authTimeout, + &in->cpHashA, &in->nonceTPM, + RC_PolicySecret_nonceTPM, + RC_PolicySecret_cpHashA, + RC_PolicySecret_expiration); + if(result != TPM_RC_SUCCESS) + return result; + } +// Internal Data Update + // Update policy context with input policyRef and name of authorizing key + // This value is computed even for trial sessions. Possibly update the cpHash + PolicyContextUpdate(TPM_CC_PolicySecret, + EntityGetName(in->authHandle, &entityName), &in->policyRef, + &in->cpHashA, authTimeout, session); +// Command Output + // Create ticket and timeout buffer if in->expiration < 0 and this is not + // a trial session. + // NOTE: PolicyParameterChecks() makes sure that nonceTPM is present + // when expiration is non-zero. + if(in->expiration < 0 + && session->attributes.isTrialPolicy == CLEAR + && !NvIsPinPassIndex(in->authHandle)) + { + BOOL expiresOnReset = (in->nonceTPM.t.size == 0); + // Compute policy ticket + authTimeout &= ~EXPIRATION_BIT; + TicketComputeAuth(TPM_ST_AUTH_SECRET, EntityGetHierarchy(in->authHandle), + authTimeout, expiresOnReset, &in->cpHashA, &in->policyRef, + &entityName, &out->policyTicket); + // Generate timeout buffer. The format of output timeout buffer is + // TPM-specific. + // Note: In this implementation, the timeout buffer value is computed after + // the ticket is produced so, when the ticket is checked, the expiration + // flag needs to be extracted before the ticket is checked. + out->timeout.t.size = sizeof(authTimeout); + // In the Windows compatible version, the least-significant bit of the + // timeout value is used as a flag to indicate if the authorization expires + // on reset. The flag is the MSb. + if(expiresOnReset) + authTimeout |= EXPIRATION_BIT; + UINT64_TO_BYTE_ARRAY(authTimeout, out->timeout.t.buffer); + } + else + { + // timeout buffer is null + out->timeout.t.size = 0; + + // authorization ticket is null + out->policyTicket.tag = TPM_ST_AUTH_SECRET; + out->policyTicket.hierarchy = TPM_RH_NULL; + out->policyTicket.digest.t.size = 0; + } + return TPM_RC_SUCCESS; +} + +#endif // CC_PolicySecret \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicySigned.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicySigned.c new file mode 100644 index 000000000..1928da6d9 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicySigned.c @@ -0,0 +1,180 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "Policy_spt_fp.h" +#include "PolicySigned_fp.h" + +#if CC_PolicySigned // Conditional expansion of this file + +/*(See part 3 specification) +// Include an asymmetrically signed authorization to the policy evaluation +*/ +// Return Type: TPM_RC +// TPM_RC_CPHASH cpHash was previously set to a different value +// TPM_RC_EXPIRED 'expiration' indicates a time in the past or +// 'expiration' is non-zero but no nonceTPM is present +// TPM_RC_NONCE 'nonceTPM' is not the nonce associated with the +// 'policySession' +// TPM_RC_SCHEME the signing scheme of 'auth' is not supported by the +// TPM +// TPM_RC_SIGNATURE the signature is not genuine +// TPM_RC_SIZE input cpHash has wrong size +TPM_RC +TPM2_PolicySigned( + PolicySigned_In *in, // IN: input parameter list + PolicySigned_Out *out // OUT: output parameter list + ) +{ + TPM_RC result = TPM_RC_SUCCESS; + SESSION *session; + TPM2B_NAME entityName; + TPM2B_DIGEST authHash; + HASH_STATE hashState; + UINT64 authTimeout = 0; +// Input Validation + // Set up local pointers + session = SessionGet(in->policySession); // the session structure + + // Only do input validation if this is not a trial policy session + if(session->attributes.isTrialPolicy == CLEAR) + { + authTimeout = ComputeAuthTimeout(session, in->expiration, &in->nonceTPM); + + result = PolicyParameterChecks(session, authTimeout, + &in->cpHashA, &in->nonceTPM, + RC_PolicySigned_nonceTPM, + RC_PolicySigned_cpHashA, + RC_PolicySigned_expiration); + if(result != TPM_RC_SUCCESS) + return result; + // Re-compute the digest being signed + /*(See part 3 specification) + // The digest is computed as: + // aHash := hash ( nonceTPM | expiration | cpHashA | policyRef) + // where: + // hash() the hash associated with the signed authorization + // nonceTPM the nonceTPM value from the TPM2_StartAuthSession . + // response If the authorization is not limited to this + // session, the size of this value is zero. + // expiration time limit on authorization set by authorizing object. + // This 32-bit value is set to zero if the expiration + // time is not being set. + // cpHashA hash of the command parameters for the command being + // approved using the hash algorithm of the PSAP session. + // Set to NULLauth if the authorization is not limited + // to a specific command. + // policyRef hash of an opaque value determined by the authorizing + // object. Set to the NULLdigest if no hash is present. + */ + // Start hash + authHash.t.size = CryptHashStart(&hashState, + CryptGetSignHashAlg(&in->auth)); + // If there is no digest size, then we don't have a verification function + // for this algorithm (e.g. TPM_ALG_ECDAA) so indicate that it is a + // bad scheme. + if(authHash.t.size == 0) + return TPM_RCS_SCHEME + RC_PolicySigned_auth; + + // nonceTPM + CryptDigestUpdate2B(&hashState, &in->nonceTPM.b); + + // expiration + CryptDigestUpdateInt(&hashState, sizeof(UINT32), in->expiration); + + // cpHashA + CryptDigestUpdate2B(&hashState, &in->cpHashA.b); + + // policyRef + CryptDigestUpdate2B(&hashState, &in->policyRef.b); + + // Complete digest + CryptHashEnd2B(&hashState, &authHash.b); + + // Validate Signature. A TPM_RC_SCHEME, TPM_RC_HANDLE or TPM_RC_SIGNATURE + // error may be returned at this point + result = CryptValidateSignature(in->authObject, &authHash, &in->auth); + if(result != TPM_RC_SUCCESS) + return RcSafeAddToResult(result, RC_PolicySigned_auth); + } +// Internal Data Update + // Update policy with input policyRef and name of authorization key + // These values are updated even if the session is a trial session + PolicyContextUpdate(TPM_CC_PolicySigned, + EntityGetName(in->authObject, &entityName), + &in->policyRef, + &in->cpHashA, authTimeout, session); +// Command Output + // Create ticket and timeout buffer if in->expiration < 0 and this is not + // a trial session. + // NOTE: PolicyParameterChecks() makes sure that nonceTPM is present + // when expiration is non-zero. + if(in->expiration < 0 + && session->attributes.isTrialPolicy == CLEAR) + { + BOOL expiresOnReset = (in->nonceTPM.t.size == 0); + // Compute policy ticket + authTimeout &= ~EXPIRATION_BIT; + + TicketComputeAuth(TPM_ST_AUTH_SIGNED, EntityGetHierarchy(in->authObject), + authTimeout, expiresOnReset, &in->cpHashA, &in->policyRef, + &entityName, &out->policyTicket); + // Generate timeout buffer. The format of output timeout buffer is + // TPM-specific. + // Note: In this implementation, the timeout buffer value is computed after + // the ticket is produced so, when the ticket is checked, the expiration + // flag needs to be extracted before the ticket is checked. + // In the Windows compatible version, the least-significant bit of the + // timeout value is used as a flag to indicate if the authorization expires + // on reset. The flag is the MSb. + out->timeout.t.size = sizeof(authTimeout); + if(expiresOnReset) + authTimeout |= EXPIRATION_BIT; + UINT64_TO_BYTE_ARRAY(authTimeout, out->timeout.t.buffer); + } + else + { + // Generate a null ticket. + // timeout buffer is null + out->timeout.t.size = 0; + + // authorization ticket is null + out->policyTicket.tag = TPM_ST_AUTH_SIGNED; + out->policyTicket.hierarchy = TPM_RH_NULL; + out->policyTicket.digest.t.size = 0; + } + return TPM_RC_SUCCESS; +} + +#endif // CC_PolicySigned \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyTemplate.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyTemplate.c new file mode 100644 index 000000000..38be244e0 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyTemplate.c @@ -0,0 +1,103 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "PolicyTemplate_fp.h" + +#if CC_PolicyTemplate // Conditional expansion of this file + +/*(See part 3 specification) +// Add a cpHash restriction to the policyDigest +*/ +// Return Type: TPM_RC +// TPM_RC_CPHASH cpHash of 'policySession' has previously been set +// to a different value +// TPM_RC_SIZE 'templateHash' is not the size of a digest produced +// by the hash algorithm associated with +// 'policySession' +TPM_RC +TPM2_PolicyTemplate( + PolicyTemplate_In *in // IN: input parameter list + ) +{ + SESSION *session; + TPM_CC commandCode = TPM_CC_PolicyTemplate; + HASH_STATE hashState; + +// Input Validation + + // Get pointer to the session structure + session = SessionGet(in->policySession); + + // If the template is set, make sure that it is the same as the input value + if(session->attributes.isTemplateSet) + { + if(!MemoryEqual2B(&in->templateHash.b, &session->u1.cpHash.b)) + return TPM_RCS_VALUE + RC_PolicyTemplate_templateHash; + } + // error if cpHash contains something that is not a template + else if(session->u1.templateHash.t.size != 0) + return TPM_RC_CPHASH; + + // A valid templateHash must have the same size as session hash digest + if(in->templateHash.t.size != CryptHashGetDigestSize(session->authHashAlg)) + return TPM_RCS_SIZE + RC_PolicyTemplate_templateHash; + +// Internal Data Update + // Update policy hash + // policyDigestnew = hash(policyDigestold || TPM_CC_PolicyCpHash + // || cpHashA.buffer) + // Start hash + CryptHashStart(&hashState, session->authHashAlg); + + // add old digest + CryptDigestUpdate2B(&hashState, &session->u2.policyDigest.b); + + // add commandCode + CryptDigestUpdateInt(&hashState, sizeof(TPM_CC), commandCode); + + // add cpHashA + CryptDigestUpdate2B(&hashState, &in->templateHash.b); + + // complete the digest and get the results + CryptHashEnd2B(&hashState, &session->u2.policyDigest.b); + + // update cpHash in session context + session->u1.templateHash = in->templateHash; + session->attributes.isTemplateSet = SET; + + return TPM_RC_SUCCESS; +} + +#endif // CC_PolicyTemplateHash \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyTicket.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyTicket.c new file mode 100644 index 000000000..b19aec4e0 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyTicket.c @@ -0,0 +1,128 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "PolicyTicket_fp.h" + +#if CC_PolicyTicket // Conditional expansion of this file + +#include "Policy_spt_fp.h" + +/*(See part 3 specification) +// Include ticket to the policy evaluation +*/ +// Return Type: TPM_RC +// TPM_RC_CPHASH policy's cpHash was previously set to a different +// value +// TPM_RC_EXPIRED 'timeout' value in the ticket is in the past and the +// ticket has expired +// TPM_RC_SIZE 'timeout' or 'cpHash' has invalid size for the +// TPM_RC_TICKET 'ticket' is not valid +TPM_RC +TPM2_PolicyTicket( + PolicyTicket_In *in // IN: input parameter list + ) +{ + TPM_RC result; + SESSION *session; + UINT64 authTimeout; + TPMT_TK_AUTH ticketToCompare; + TPM_CC commandCode = TPM_CC_PolicySecret; + BOOL expiresOnReset; + +// Input Validation + + // Get pointer to the session structure + session = SessionGet(in->policySession); + + // NOTE: A trial policy session is not allowed to use this command. + // A ticket is used in place of a previously given authorization. Since + // a trial policy doesn't actually authenticate, the validated + // ticket is not necessary and, in place of using a ticket, one + // should use the intended authorization for which the ticket + // would be a substitute. + if(session->attributes.isTrialPolicy) + return TPM_RCS_ATTRIBUTES + RC_PolicyTicket_policySession; + // Restore timeout data. The format of timeout buffer is TPM-specific. + // In this implementation, the most significant bit of the timeout value is + // used as the flag to indicate that the ticket expires on TPM Reset or + // TPM Restart. The flag has to be removed before the parameters and ticket + // are checked. + if(in->timeout.t.size != sizeof(UINT64)) + return TPM_RCS_SIZE + RC_PolicyTicket_timeout; + authTimeout = BYTE_ARRAY_TO_UINT64(in->timeout.t.buffer); + + // extract the flag + expiresOnReset = (authTimeout & EXPIRATION_BIT) != 0; + authTimeout &= ~EXPIRATION_BIT; + + // Do the normal checks on the cpHashA and timeout values + result = PolicyParameterChecks(session, authTimeout, + &in->cpHashA, + NULL, // no nonce + 0, // no bad nonce return + RC_PolicyTicket_cpHashA, + RC_PolicyTicket_timeout); + if(result != TPM_RC_SUCCESS) + return result; + // Validate Ticket + // Re-generate policy ticket by input parameters + TicketComputeAuth(in->ticket.tag, in->ticket.hierarchy, + authTimeout, expiresOnReset, &in->cpHashA, &in->policyRef, + &in->authName, &ticketToCompare); + // Compare generated digest with input ticket digest + if(!MemoryEqual2B(&in->ticket.digest.b, &ticketToCompare.digest.b)) + return TPM_RCS_TICKET + RC_PolicyTicket_ticket; + +// Internal Data Update + + // Is this ticket to take the place of a TPM2_PolicySigned() or + // a TPM2_PolicySecret()? + if(in->ticket.tag == TPM_ST_AUTH_SIGNED) + commandCode = TPM_CC_PolicySigned; + else if(in->ticket.tag == TPM_ST_AUTH_SECRET) + commandCode = TPM_CC_PolicySecret; + else + // There could only be two possible tag values. Any other value should + // be caught by the ticket validation process. + FAIL(FATAL_ERROR_INTERNAL); + + // Update policy context + PolicyContextUpdate(commandCode, &in->authName, &in->policyRef, + &in->cpHashA, authTimeout, session); + + return TPM_RC_SUCCESS; +} + +#endif // CC_PolicyTicket \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/Policy_spt.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/Policy_spt.c new file mode 100644 index 000000000..255dc7ead --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/Policy_spt.c @@ -0,0 +1,290 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +//** Includes +#include "Tpm.h" +#include "Policy_spt_fp.h" +#include "PolicySigned_fp.h" +#include "PolicySecret_fp.h" +#include "PolicyTicket_fp.h" + +//** Functions +//*** PolicyParameterChecks() +// This function validates the common parameters of TPM2_PolicySiged() +// and TPM2_PolicySecret(). The common parameters are 'nonceTPM', +// 'expiration', and 'cpHashA'. +TPM_RC +PolicyParameterChecks( + SESSION *session, + UINT64 authTimeout, + TPM2B_DIGEST *cpHashA, + TPM2B_NONCE *nonce, + TPM_RC blameNonce, + TPM_RC blameCpHash, + TPM_RC blameExpiration + ) +{ + // Validate that input nonceTPM is correct if present + if(nonce != NULL && nonce->t.size != 0) + { + if(!MemoryEqual2B(&nonce->b, &session->nonceTPM.b)) + return TPM_RCS_NONCE + blameNonce; + } + // If authTimeout is set (expiration != 0... + if(authTimeout != 0) + { + // Validate input expiration. + // Cannot compare time if clock stop advancing. A TPM_RC_NV_UNAVAILABLE + // or TPM_RC_NV_RATE error may be returned here. + RETURN_IF_NV_IS_NOT_AVAILABLE; + + // if the time has already passed or the time epoch has changed then the + // time value is no longer good. + if((authTimeout < g_time) + || (session->epoch != g_timeEpoch)) + return TPM_RCS_EXPIRED + blameExpiration; + } + // If the cpHash is present, then check it + if(cpHashA != NULL && cpHashA->t.size != 0) + { + // The cpHash input has to have the correct size + if(cpHashA->t.size != session->u2.policyDigest.t.size) + return TPM_RCS_SIZE + blameCpHash; + + // If the cpHash has already been set, then this input value + // must match the current value. + if(session->u1.cpHash.b.size != 0 + && !MemoryEqual2B(&cpHashA->b, &session->u1.cpHash.b)) + return TPM_RC_CPHASH; + } + return TPM_RC_SUCCESS; +} + +//*** PolicyContextUpdate() +// Update policy hash +// Update the policyDigest in policy session by extending policyRef and +// objectName to it. This will also update the cpHash if it is present. +// Return Type: void +void +PolicyContextUpdate( + TPM_CC commandCode, // IN: command code + TPM2B_NAME *name, // IN: name of entity + TPM2B_NONCE *ref, // IN: the reference data + TPM2B_DIGEST *cpHash, // IN: the cpHash (optional) + UINT64 policyTimeout, // IN: the timeout value for the policy + SESSION *session // IN/OUT: policy session to be updated + ) +{ + HASH_STATE hashState; + + // Start hash + CryptHashStart(&hashState, session->authHashAlg); + + + // policyDigest size should always be the digest size of session hash algorithm. + pAssert(session->u2.policyDigest.t.size + == CryptHashGetDigestSize(session->authHashAlg)); + + // add old digest + CryptDigestUpdate2B(&hashState, &session->u2.policyDigest.b); + + // add commandCode + CryptDigestUpdateInt(&hashState, sizeof(commandCode), commandCode); + + // add name if applicable + if(name != NULL) + CryptDigestUpdate2B(&hashState, &name->b); + + // Complete the digest and get the results + CryptHashEnd2B(&hashState, &session->u2.policyDigest.b); + + // If the policy reference is not null, do a second update to the digest. + if(ref != NULL) + { + + // Start second hash computation + CryptHashStart(&hashState, session->authHashAlg); + + // add policyDigest + CryptDigestUpdate2B(&hashState, &session->u2.policyDigest.b); + + // add policyRef + CryptDigestUpdate2B(&hashState, &ref->b); + + // Complete second digest + CryptHashEnd2B(&hashState, &session->u2.policyDigest.b); + } + // Deal with the cpHash. If the cpHash value is present + // then it would have already been checked to make sure that + // it is compatible with the current value so all we need + // to do here is copy it and set the isCpHashDefined attribute + if(cpHash != NULL && cpHash->t.size != 0) + { + session->u1.cpHash = *cpHash; + session->attributes.isCpHashDefined = SET; + } + + // update the timeout if it is specified + if(policyTimeout != 0) + { + // If the timeout has not been set, then set it to the new value + // than the current timeout then set it to the new value + if(session->timeout == 0 || session->timeout > policyTimeout) + session->timeout = policyTimeout; + } + return; +} +//*** ComputeAuthTimeout() +// This function is used to determine what the authorization timeout value for +// the session should be. +UINT64 +ComputeAuthTimeout( + SESSION *session, // IN: the session containing the time + // values + INT32 expiration, // IN: either the number of seconds from + // the start of the session or the + // time in g_timer; + TPM2B_NONCE *nonce // IN: indicator of the time base + ) +{ + UINT64 policyTime; + // If no expiration, policy time is 0 + if(expiration == 0) + policyTime = 0; + else + { + if(expiration < 0) + expiration = -expiration; + if(nonce->t.size == 0) + // The input time is absolute Time (not Clock), but it is expressed + // in seconds. To make sure that we don't time out too early, take the + // current value of milliseconds in g_time and add that to the input + // seconds value. + policyTime = (((UINT64)expiration) * 1000) + g_time % 1000; + else + // The policy timeout is the absolute value of the expiration in seconds + // added to the start time of the policy. + policyTime = session->startTime + (((UINT64)expiration) * 1000); + + } + return policyTime; +} + +//*** PolicyDigestClear() +// Function to reset the policyDigest of a session +void +PolicyDigestClear( + SESSION *session + ) +{ + session->u2.policyDigest.t.size = CryptHashGetDigestSize(session->authHashAlg); + MemorySet(session->u2.policyDigest.t.buffer, 0, + session->u2.policyDigest.t.size); +} + +BOOL +PolicySptCheckCondition( + TPM_EO operation, + BYTE *opA, + BYTE *opB, + UINT16 size + ) +{ + // Arithmetic Comparison + switch(operation) + { + case TPM_EO_EQ: + // compare A = B + return (UnsignedCompareB(size, opA, size, opB) == 0); + break; + case TPM_EO_NEQ: + // compare A != B + return (UnsignedCompareB(size, opA, size, opB) != 0); + break; + case TPM_EO_SIGNED_GT: + // compare A > B signed + return (SignedCompareB(size, opA, size, opB) > 0); + break; + case TPM_EO_UNSIGNED_GT: + // compare A > B unsigned + return (UnsignedCompareB(size, opA, size, opB) > 0); + break; + case TPM_EO_SIGNED_LT: + // compare A < B signed + return (SignedCompareB(size, opA, size, opB) < 0); + break; + case TPM_EO_UNSIGNED_LT: + // compare A < B unsigned + return (UnsignedCompareB(size, opA, size, opB) < 0); + break; + case TPM_EO_SIGNED_GE: + // compare A >= B signed + return (SignedCompareB(size, opA, size, opB) >= 0); + break; + case TPM_EO_UNSIGNED_GE: + // compare A >= B unsigned + return (UnsignedCompareB(size, opA, size, opB) >= 0); + break; + case TPM_EO_SIGNED_LE: + // compare A <= B signed + return (SignedCompareB(size, opA, size, opB) <= 0); + break; + case TPM_EO_UNSIGNED_LE: + // compare A <= B unsigned + return (UnsignedCompareB(size, opA, size, opB) <= 0); + break; + case TPM_EO_BITSET: + // All bits SET in B are SET in A. ((A&B)=B) + { + UINT32 i; + for(i = 0; i < size; i++) + if((opA[i] & opB[i]) != opB[i]) + return FALSE; + } + break; + case TPM_EO_BITCLEAR: + // All bits SET in B are CLEAR in A. ((A&B)=0) + { + UINT32 i; + for(i = 0; i < size; i++) + if((opA[i] & opB[i]) != 0) + return FALSE; + } + break; + default: + FAIL(FATAL_ERROR_INTERNAL); + break; + } + return TRUE; +} diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Ecdaa/Commit.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Ecdaa/Commit.c new file mode 100644 index 000000000..40203c2cf --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Ecdaa/Commit.c @@ -0,0 +1,169 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "Commit_fp.h" + +#if CC_Commit // Conditional expansion of this file + +/*(See part 3 specification) +// This command performs the point multiply operations for anonymous signing +// scheme. +*/ +// Return Type: TPM_RC +// TPM_RC_ATTRIBUTES 'keyHandle' references a restricted key that is not a +// signing key +// TPM_RC_ECC_POINT either 'P1' or the point derived from 's2' is not on +// the curve of 'keyHandle' +// TPM_RC_HASH invalid name algorithm in 'keyHandle' +// TPM_RC_KEY 'keyHandle' does not reference an ECC key +// TPM_RC_SCHEME the scheme of 'keyHandle' is not an anonymous scheme +// TPM_RC_NO_RESULT 'K', 'L' or 'E' was a point at infinity; or +// failed to generate "r" value +// TPM_RC_SIZE 's2' is empty but 'y2' is not or 's2' provided but +// 'y2' is not +TPM_RC +TPM2_Commit( + Commit_In *in, // IN: input parameter list + Commit_Out *out // OUT: output parameter list + ) +{ + OBJECT *eccKey; + TPMS_ECC_POINT P2; + TPMS_ECC_POINT *pP2 = NULL; + TPMS_ECC_POINT *pP1 = NULL; + TPM2B_ECC_PARAMETER r; + TPM2B_ECC_PARAMETER p; + TPM_RC result; + TPMS_ECC_PARMS *parms; + +// Input Validation + + eccKey = HandleToObject(in->signHandle); + parms = &eccKey->publicArea.parameters.eccDetail; + + // Input key must be an ECC key + if(eccKey->publicArea.type != TPM_ALG_ECC) + return TPM_RCS_KEY + RC_Commit_signHandle; + + // This command may only be used with a sign-only key using an anonymous + // scheme. + // NOTE: a sign + decrypt key has no scheme so it will not be an anonymous one + // and an unrestricted sign key might no have a signing scheme but it can't + // be use in Commit() + if(!CryptIsSchemeAnonymous(parms->scheme.scheme)) + return TPM_RCS_SCHEME + RC_Commit_signHandle; + +// Make sure that both parts of P2 are present if either is present + if((in->s2.t.size == 0) != (in->y2.t.size == 0)) + return TPM_RCS_SIZE + RC_Commit_y2; + + // Get prime modulus for the curve. This is needed later but getting this now + // allows confirmation that the curve exists. + if(!CryptEccGetParameter(&p, 'p', parms->curveID)) + return TPM_RCS_KEY + RC_Commit_signHandle; + + // Get the random value that will be used in the point multiplications + // Note: this does not commit the count. + if(!CryptGenerateR(&r, NULL, parms->curveID, &eccKey->name)) + return TPM_RC_NO_RESULT; + + // Set up P2 if s2 and Y2 are provided + if(in->s2.t.size != 0) + { + TPM2B_DIGEST x2; + + pP2 = &P2; + + // copy y2 for P2 + P2.y = in->y2; + + // Compute x2 HnameAlg(s2) mod p + // do the hash operation on s2 with the size of curve 'p' + x2.t.size = CryptHashBlock(eccKey->publicArea.nameAlg, + in->s2.t.size, + in->s2.t.buffer, + sizeof(x2.t.buffer), + x2.t.buffer); + + // If there were error returns in the hash routine, indicate a problem + // with the hash algorithm selection + if(x2.t.size == 0) + return TPM_RCS_HASH + RC_Commit_signHandle; + // The size of the remainder will be same as the size of p. DivideB() will + // pad the results (leading zeros) if necessary to make the size the same + P2.x.t.size = p.t.size; + // set p2.x = hash(s2) mod p + if(DivideB(&x2.b, &p.b, NULL, &P2.x.b) != TPM_RC_SUCCESS) + return TPM_RC_NO_RESULT; + + if(!CryptEccIsPointOnCurve(parms->curveID, pP2)) + return TPM_RCS_ECC_POINT + RC_Commit_s2; + + if(eccKey->attributes.publicOnly == SET) + return TPM_RCS_KEY + RC_Commit_signHandle; + } + // If there is a P1, make sure that it is on the curve + // NOTE: an "empty" point has two UINT16 values which are the size values + // for each of the coordinates. + if(in->P1.size > 4) + { + pP1 = &in->P1.point; + if(!CryptEccIsPointOnCurve(parms->curveID, pP1)) + return TPM_RCS_ECC_POINT + RC_Commit_P1; + } + + // Pass the parameters to CryptCommit. + // The work is not done in-line because it does several point multiplies + // with the same curve. It saves work by not having to reload the curve + // parameters multiple times. + result = CryptEccCommitCompute(&out->K.point, + &out->L.point, + &out->E.point, + parms->curveID, + pP1, + pP2, + &eccKey->sensitive.sensitive.ecc, + &r); + if(result != TPM_RC_SUCCESS) + return result; + + // The commit computation was successful so complete the commit by setting + // the bit + out->counter = CryptCommit(); + + return TPM_RC_SUCCESS; +} + +#endif // CC_Commit \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/FieldUpgrade/FieldUpgradeData.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/FieldUpgrade/FieldUpgradeData.c new file mode 100644 index 000000000..18f537da8 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/FieldUpgrade/FieldUpgradeData.c @@ -0,0 +1,53 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "FieldUpgradeData_fp.h" +#if CC_FieldUpgradeData // Conditional expansion of this file + +/*(See part 3 specification) +// FieldUpgradeData +*/ +TPM_RC +TPM2_FieldUpgradeData( + FieldUpgradeData_In *in, // IN: input parameter list + FieldUpgradeData_Out *out // OUT: output parameter list + ) +{ + // Not implemented + UNUSED_PARAMETER(in); + UNUSED_PARAMETER(out); + return TPM_RC_SUCCESS; +} +#endif \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/FieldUpgrade/FieldUpgradeStart.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/FieldUpgrade/FieldUpgradeStart.c new file mode 100644 index 000000000..f4f89b14a --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/FieldUpgrade/FieldUpgradeStart.c @@ -0,0 +1,51 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "FieldUpgradeStart_fp.h" +#if CC_FieldUpgradeStart // Conditional expansion of this file + +/*(See part 3 specification) +// FieldUpgradeStart +*/ +TPM_RC +TPM2_FieldUpgradeStart( + FieldUpgradeStart_In *in // IN: input parameter list + ) +{ + // Not implemented + UNUSED_PARAMETER(in); + return TPM_RC_SUCCESS; +} +#endif \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/FieldUpgrade/FirmwareRead.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/FieldUpgrade/FirmwareRead.c new file mode 100644 index 000000000..810483dba --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/FieldUpgrade/FirmwareRead.c @@ -0,0 +1,55 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "FirmwareRead_fp.h" + +#if CC_FirmwareRead // Conditional expansion of this file + +/*(See part 3 specification) +// FirmwareRead +*/ +TPM_RC +TPM2_FirmwareRead( + FirmwareRead_In *in, // IN: input parameter list + FirmwareRead_Out *out // OUT: output parameter list + ) +{ + // Not implemented + UNUSED_PARAMETER(in); + UNUSED_PARAMETER(out); + return TPM_RC_SUCCESS; +} + +#endif // CC_FirmwareRead \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/HashHMAC/EventSequenceComplete.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/HashHMAC/EventSequenceComplete.c new file mode 100644 index 000000000..5a1e79017 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/HashHMAC/EventSequenceComplete.c @@ -0,0 +1,109 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "EventSequenceComplete_fp.h" + +#if CC_EventSequenceComplete // Conditional expansion of this file + +/*(See part 3 specification) + Complete an event sequence and flush the object. +*/ +// Return Type: TPM_RC +// TPM_RC_LOCALITY PCR extension is not allowed at the current locality +// TPM_RC_MODE input handle is not a valid event sequence object +TPM_RC +TPM2_EventSequenceComplete( + EventSequenceComplete_In *in, // IN: input parameter list + EventSequenceComplete_Out *out // OUT: output parameter list + ) +{ + HASH_OBJECT *hashObject; + UINT32 i; + TPM_ALG_ID hashAlg; +// Input validation + // get the event sequence object pointer + hashObject = (HASH_OBJECT *)HandleToObject(in->sequenceHandle); + + // input handle must reference an event sequence object + if(hashObject->attributes.eventSeq != SET) + return TPM_RCS_MODE + RC_EventSequenceComplete_sequenceHandle; + + // see if a PCR extend is requested in call + if(in->pcrHandle != TPM_RH_NULL) + { + // see if extend of the PCR is allowed at the locality of the command, + if(!PCRIsExtendAllowed(in->pcrHandle)) + return TPM_RC_LOCALITY; + // if an extend is going to take place, then check to see if there has + // been an orderly shutdown. If so, and the selected PCR is one of the + // state saved PCR, then the orderly state has to change. The orderly state + // does not change for PCR that are not preserved. + // NOTE: This doesn't just check for Shutdown(STATE) because the orderly + // state will have to change if this is a state-saved PCR regardless + // of the current state. This is because a subsequent Shutdown(STATE) will + // check to see if there was an orderly shutdown and not do anything if + // there was. So, this must indicate that a future Shutdown(STATE) has + // something to do. + if(PCRIsStateSaved(in->pcrHandle)) + RETURN_IF_ORDERLY; + } +// Command Output + out->results.count = 0; + + for(i = 0; i < HASH_COUNT; i++) + { + hashAlg = CryptHashGetAlgByIndex(i); + // Update last piece of data + CryptDigestUpdate2B(&hashObject->state.hashState[i], &in->buffer.b); + // Complete hash + out->results.digests[out->results.count].hashAlg = hashAlg; + CryptHashEnd(&hashObject->state.hashState[i], + CryptHashGetDigestSize(hashAlg), + (BYTE *)&out->results.digests[out->results.count].digest); + // Extend PCR + if(in->pcrHandle != TPM_RH_NULL) + PCRExtend(in->pcrHandle, hashAlg, + CryptHashGetDigestSize(hashAlg), + (BYTE *)&out->results.digests[out->results.count].digest); + out->results.count++; + } +// Internal Data Update + // mark sequence object as evict so it will be flushed on the way out + hashObject->attributes.evict = SET; + + return TPM_RC_SUCCESS; +} + +#endif // CC_EventSequenceComplete \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/HashHMAC/HMAC_Start.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/HashHMAC/HMAC_Start.c new file mode 100644 index 000000000..518348dd9 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/HashHMAC/HMAC_Start.c @@ -0,0 +1,105 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "HMAC_Start_fp.h" + +#if CC_HMAC_Start // Conditional expansion of this file + +/*(See part 3 specification) +// Initialize a HMAC sequence and create a sequence object +*/ +// Return Type: TPM_RC +// TPM_RC_ATTRIBUTES key referenced by 'handle' is not a signing key +// or is restricted +// TPM_RC_OBJECT_MEMORY no space to create an internal object +// TPM_RC_KEY key referenced by 'handle' is not an HMAC key +// TPM_RC_VALUE 'hashAlg' is not compatible with the hash algorithm +// of the scheme of the object referenced by 'handle' +TPM_RC +TPM2_HMAC_Start( + HMAC_Start_In *in, // IN: input parameter list + HMAC_Start_Out *out // OUT: output parameter list + ) +{ + OBJECT *keyObject; + TPMT_PUBLIC *publicArea; + TPM_ALG_ID hashAlg; + +// Input Validation + + // Get HMAC key object and public area pointers + keyObject = HandleToObject(in->handle); + publicArea = &keyObject->publicArea; + + // Make sure that the key is an HMAC key + if(publicArea->type != TPM_ALG_KEYEDHASH) + return TPM_RCS_TYPE + RC_HMAC_Start_handle; + + // and that it is unrestricted + if(IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, restricted)) + return TPM_RCS_ATTRIBUTES + RC_HMAC_Start_handle; + + // and that it is a signing key + if(!IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, sign)) + return TPM_RCS_KEY + RC_HMAC_Start_handle; + + // See if the key has a default + if(publicArea->parameters.keyedHashDetail.scheme.scheme == TPM_ALG_NULL) + // it doesn't so use the input value + hashAlg = in->hashAlg; + else + { + // key has a default so use it + hashAlg + = publicArea->parameters.keyedHashDetail.scheme.details.hmac.hashAlg; + // and verify that the input was either the TPM_ALG_NULL or the default + if(in->hashAlg != TPM_ALG_NULL && in->hashAlg != hashAlg) + hashAlg = TPM_ALG_NULL; + } + // if we ended up without a hash algorithm then return an error + if(hashAlg == TPM_ALG_NULL) + return TPM_RCS_VALUE + RC_HMAC_Start_hashAlg; + +// Internal Data Update + + // Create a HMAC sequence object. A TPM_RC_OBJECT_MEMORY error may be + // returned at this point + return ObjectCreateHMACSequence(hashAlg, + keyObject, + &in->auth, + &out->sequenceHandle); +} + +#endif // CC_HMAC_Start \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/HashHMAC/HashSequenceStart.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/HashHMAC/HashSequenceStart.c new file mode 100644 index 000000000..296363231 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/HashHMAC/HashSequenceStart.c @@ -0,0 +1,63 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "HashSequenceStart_fp.h" + +#if CC_HashSequenceStart // Conditional expansion of this file + +/*(See part 3 specification) +// Start a hash or an event sequence +*/ +// Return Type: TPM_RC +// TPM_RC_OBJECT_MEMORY no space to create an internal object +TPM_RC +TPM2_HashSequenceStart( + HashSequenceStart_In *in, // IN: input parameter list + HashSequenceStart_Out *out // OUT: output parameter list + ) +{ +// Internal Data Update + + if(in->hashAlg == TPM_ALG_NULL) + // Start a event sequence. A TPM_RC_OBJECT_MEMORY error may be + // returned at this point + return ObjectCreateEventSequence(&in->auth, &out->sequenceHandle); + + // Start a hash sequence. A TPM_RC_OBJECT_MEMORY error may be + // returned at this point + return ObjectCreateHashSequence(in->hashAlg, &in->auth, &out->sequenceHandle); +} + +#endif // CC_HashSequenceStart \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/HashHMAC/MAC_Start.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/HashHMAC/MAC_Start.c new file mode 100644 index 000000000..42abe1fee --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/HashHMAC/MAC_Start.c @@ -0,0 +1,92 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "MAC_Start_fp.h" + +#if CC_MAC_Start // Conditional expansion of this file + +/*(See part 3 specification) +// Initialize a HMAC sequence and create a sequence object +*/ +// Return Type: TPM_RC +// TPM_RC_ATTRIBUTES key referenced by 'handle' is not a signing key +// or is restricted +// TPM_RC_OBJECT_MEMORY no space to create an internal object +// TPM_RC_KEY key referenced by 'handle' is not an HMAC key +// TPM_RC_VALUE 'hashAlg' is not compatible with the hash algorithm +// of the scheme of the object referenced by 'handle' +TPM_RC +TPM2_MAC_Start( + MAC_Start_In *in, // IN: input parameter list + MAC_Start_Out *out // OUT: output parameter list + ) +{ + OBJECT *keyObject; + TPMT_PUBLIC *publicArea; + TPM_RC result; + +// Input Validation + + // Get HMAC key object and public area pointers + keyObject = HandleToObject(in->handle); + publicArea = &keyObject->publicArea; + + // Make sure that the key can do what is required + result = CryptSelectMac(publicArea, &in->inScheme); + // If the key is not able to do a MAC, indicate that the handle selects an + // object that can't do a MAC + if(result == TPM_RCS_TYPE) + return TPM_RCS_TYPE + RC_MAC_Start_handle; + // If there is another error type, indicate that the scheme and key are not + // compatible + if(result != TPM_RC_SUCCESS) + return RcSafeAddToResult(result, RC_MAC_Start_inScheme); + // Make sure that the key is not restricted + if(IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, restricted)) + return TPM_RCS_ATTRIBUTES + RC_MAC_Start_handle; + // and that it is a signing key + if(!IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, sign)) + return TPM_RCS_KEY + RC_MAC_Start_handle; + +// Internal Data Update + // Create a HMAC sequence object. A TPM_RC_OBJECT_MEMORY error may be + // returned at this point + return ObjectCreateHMACSequence(in->inScheme, + keyObject, + &in->auth, + &out->sequenceHandle); +} + +#endif // CC_MAC_Start \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/HashHMAC/SequenceComplete.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/HashHMAC/SequenceComplete.c new file mode 100644 index 000000000..d342ed85e --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/HashHMAC/SequenceComplete.c @@ -0,0 +1,131 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "SequenceComplete_fp.h" + +#if CC_SequenceComplete // Conditional expansion of this file + +/*(See part 3 specification) +// Complete a sequence and flush the object. +*/ +// Return Type: TPM_RC +// TPM_RC_MODE 'sequenceHandle' does not reference a hash or HMAC +// sequence object +TPM_RC +TPM2_SequenceComplete( + SequenceComplete_In *in, // IN: input parameter list + SequenceComplete_Out *out // OUT: output parameter list + ) +{ + HASH_OBJECT *hashObject; +// Input validation + // Get hash object pointer + hashObject = (HASH_OBJECT *)HandleToObject(in->sequenceHandle); + + // input handle must be a hash or HMAC sequence object. + if(hashObject->attributes.hashSeq == CLEAR + && hashObject->attributes.hmacSeq == CLEAR) + return TPM_RCS_MODE + RC_SequenceComplete_sequenceHandle; +// Command Output + if(hashObject->attributes.hashSeq == SET) // sequence object for hash + { + // Get the hash algorithm before the algorithm is lost in CryptHashEnd + TPM_ALG_ID hashAlg = hashObject->state.hashState[0].hashAlg; + + // Update last piece of the data + CryptDigestUpdate2B(&hashObject->state.hashState[0], &in->buffer.b); + + // Complete hash + out->result.t.size = CryptHashEnd(&hashObject->state.hashState[0], + sizeof(out->result.t.buffer), + out->result.t.buffer); + // Check if the first block of the sequence has been received + if(hashObject->attributes.firstBlock == CLEAR) + { + // If not, then this is the first block so see if it is 'safe' + // to sign. + if(TicketIsSafe(&in->buffer.b)) + hashObject->attributes.ticketSafe = SET; + } + // Output ticket + out->validation.tag = TPM_ST_HASHCHECK; + out->validation.hierarchy = in->hierarchy; + + if(in->hierarchy == TPM_RH_NULL) + { + // Ticket is not required + out->validation.digest.t.size = 0; + } + else if(hashObject->attributes.ticketSafe == CLEAR) + { + // Ticket is not safe to generate + out->validation.hierarchy = TPM_RH_NULL; + out->validation.digest.t.size = 0; + } + else + { + // Compute ticket + TicketComputeHashCheck(out->validation.hierarchy, hashAlg, + &out->result, &out->validation); + } + } + else + { + // Update last piece of data + CryptDigestUpdate2B(&hashObject->state.hmacState.hashState, &in->buffer.b); +#if !SMAC_IMPLEMENTED + // Complete HMAC + out->result.t.size = CryptHmacEnd(&(hashObject->state.hmacState), + sizeof(out->result.t.buffer), + out->result.t.buffer); +#else + // Complete the MAC + out->result.t.size = CryptMacEnd(&hashObject->state.hmacState, + sizeof(out->result.t.buffer), + out->result.t.buffer); +#endif + // No ticket is generated for HMAC sequence + out->validation.tag = TPM_ST_HASHCHECK; + out->validation.hierarchy = TPM_RH_NULL; + out->validation.digest.t.size = 0; + } +// Internal Data Update + // mark sequence object as evict so it will be flushed on the way out + hashObject->attributes.evict = SET; + + return TPM_RC_SUCCESS; +} + +#endif // CC_SequenceComplete \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/HashHMAC/SequenceUpdate.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/HashHMAC/SequenceUpdate.c new file mode 100644 index 000000000..a02264704 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/HashHMAC/SequenceUpdate.c @@ -0,0 +1,106 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "SequenceUpdate_fp.h" + +#if CC_SequenceUpdate // Conditional expansion of this file + +/*(See part 3 specification) +// This function is used to add data to a sequence object. +*/ +// Return Type: TPM_RC +// TPM_RC_MODE 'sequenceHandle' does not reference a hash or HMAC +// sequence object +TPM_RC +TPM2_SequenceUpdate( + SequenceUpdate_In *in // IN: input parameter list + ) +{ + OBJECT *object; + HASH_OBJECT *hashObject; + +// Input Validation + + // Get sequence object pointer + object = HandleToObject(in->sequenceHandle); + hashObject = (HASH_OBJECT *)object; + + // Check that referenced object is a sequence object. + if(!ObjectIsSequence(object)) + return TPM_RCS_MODE + RC_SequenceUpdate_sequenceHandle; + +// Internal Data Update + + if(object->attributes.eventSeq == SET) + { + // Update event sequence object + UINT32 i; + for(i = 0; i < HASH_COUNT; i++) + { + // Update sequence object + CryptDigestUpdate2B(&hashObject->state.hashState[i], &in->buffer.b); + } + } + else + { + // Update hash/HMAC sequence object + if(hashObject->attributes.hashSeq == SET) + { + // Is this the first block of the sequence + if(hashObject->attributes.firstBlock == CLEAR) + { + // If so, indicate that first block was received + hashObject->attributes.firstBlock = SET; + + // Check the first block to see if the first block can contain + // the TPM_GENERATED_VALUE. If it does, it is not safe for + // a ticket. + if(TicketIsSafe(&in->buffer.b)) + hashObject->attributes.ticketSafe = SET; + } + // Update sequence object hash/HMAC stack + CryptDigestUpdate2B(&hashObject->state.hashState[0], &in->buffer.b); + } + else if(object->attributes.hmacSeq == SET) + { + // Update sequence object HMAC stack + CryptDigestUpdate2B(&hashObject->state.hmacState.hashState, + &in->buffer.b); + } + } + return TPM_RC_SUCCESS; +} + +#endif // CC_SequenceUpdate \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/ChangeEPS.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/ChangeEPS.c new file mode 100644 index 000000000..2735e1118 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/ChangeEPS.c @@ -0,0 +1,95 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "ChangeEPS_fp.h" + +#if CC_ChangeEPS // Conditional expansion of this file + +/*(See part 3 specification) +// Reset current EPS value +*/ +TPM_RC +TPM2_ChangeEPS( + ChangeEPS_In *in // IN: input parameter list + ) +{ + // The command needs NV update. Check if NV is available. + // A TPM_RC_NV_UNAVAILABLE or TPM_RC_NV_RATE error may be returned at + // this point + RETURN_IF_NV_IS_NOT_AVAILABLE; + + // Input parameter is not reference in command action + NOT_REFERENCED(in); + +// Internal Data Update + + // Reset endorsement hierarchy seed from RNG + CryptRandomGenerate(sizeof(gp.EPSeed.t.buffer), gp.EPSeed.t.buffer); + + // Create new ehProof value from RNG + CryptRandomGenerate(sizeof(gp.ehProof.t.buffer), gp.ehProof.t.buffer); + + // Enable endorsement hierarchy + gc.ehEnable = TRUE; + + // set authValue buffer to zeros + MemorySet(gp.endorsementAuth.t.buffer, 0, gp.endorsementAuth.t.size); + // Set endorsement authValue to null + gp.endorsementAuth.t.size = 0; + + // Set endorsement authPolicy to null + gp.endorsementAlg = TPM_ALG_NULL; + gp.endorsementPolicy.t.size = 0; + + // Flush loaded object in endorsement hierarchy + ObjectFlushHierarchy(TPM_RH_ENDORSEMENT); + + // Flush evict object of endorsement hierarchy stored in NV + NvFlushHierarchy(TPM_RH_ENDORSEMENT); + + // Save hierarchy changes to NV + NV_SYNC_PERSISTENT(EPSeed); + NV_SYNC_PERSISTENT(ehProof); + NV_SYNC_PERSISTENT(endorsementAuth); + NV_SYNC_PERSISTENT(endorsementAlg); + NV_SYNC_PERSISTENT(endorsementPolicy); + + // orderly state should be cleared because of the update to state clear data + g_clearOrderly = TRUE; + + return TPM_RC_SUCCESS; +} + +#endif // CC_ChangeEPS \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/ChangePPS.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/ChangePPS.c new file mode 100644 index 000000000..5637a8847 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/ChangePPS.c @@ -0,0 +1,96 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "ChangePPS_fp.h" + +#if CC_ChangePPS // Conditional expansion of this file + +/*(See part 3 specification) +// Reset current PPS value +*/ +TPM_RC +TPM2_ChangePPS( + ChangePPS_In *in // IN: input parameter list + ) +{ + UINT32 i; + + // Check if NV is available. A TPM_RC_NV_UNAVAILABLE or TPM_RC_NV_RATE + // error may be returned at this point + RETURN_IF_NV_IS_NOT_AVAILABLE; + + // Input parameter is not reference in command action + NOT_REFERENCED(in); + +// Internal Data Update + + // Reset platform hierarchy seed from RNG + CryptRandomGenerate(sizeof(gp.PPSeed.t.buffer), gp.PPSeed.t.buffer); + + // Create a new phProof value from RNG to prevent the saved platform + // hierarchy contexts being loaded + CryptRandomGenerate(sizeof(gp.phProof.t.buffer), gp.phProof.t.buffer); + + // Set platform authPolicy to null + gc.platformAlg = TPM_ALG_NULL; + gc.platformPolicy.t.size = 0; + + // Flush loaded object in platform hierarchy + ObjectFlushHierarchy(TPM_RH_PLATFORM); + + // Flush platform evict object and index in NV + NvFlushHierarchy(TPM_RH_PLATFORM); + + // Save hierarchy changes to NV + NV_SYNC_PERSISTENT(PPSeed); + NV_SYNC_PERSISTENT(phProof); + + // Re-initialize PCR policies +#if defined NUM_POLICY_PCR_GROUP && NUM_POLICY_PCR_GROUP > 0 + for(i = 0; i < NUM_POLICY_PCR_GROUP; i++) + { + gp.pcrPolicies.hashAlg[i] = TPM_ALG_NULL; + gp.pcrPolicies.policy[i].t.size = 0; + } + NV_SYNC_PERSISTENT(pcrPolicies); +#endif + + // orderly state should be cleared because of the update to state clear data + g_clearOrderly = TRUE; + + return TPM_RC_SUCCESS; +} + +#endif // CC_ChangePPS \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/Clear.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/Clear.c new file mode 100644 index 000000000..b38932a85 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/Clear.c @@ -0,0 +1,125 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "Clear_fp.h" + +#if CC_Clear // Conditional expansion of this file + +/*(See part 3 specification) +// Clear owner +*/ +// Return Type: TPM_RC +// TPM_RC_DISABLED Clear command has been disabled +TPM_RC +TPM2_Clear( + Clear_In *in // IN: input parameter list + ) +{ + // Input parameter is not reference in command action + NOT_REFERENCED(in); + + // The command needs NV update. Check if NV is available. + // A TPM_RC_NV_UNAVAILABLE or TPM_RC_NV_RATE error may be returned at + // this point + RETURN_IF_NV_IS_NOT_AVAILABLE; + +// Input Validation + + // If Clear command is disabled, return an error + if(gp.disableClear) + return TPM_RC_DISABLED; + +// Internal Data Update + + // Reset storage hierarchy seed from RNG + CryptRandomGenerate(sizeof(gp.SPSeed.t.buffer), gp.SPSeed.t.buffer); + + // Create new shProof and ehProof value from RNG + CryptRandomGenerate(sizeof(gp.shProof.t.buffer), gp.shProof.t.buffer); + CryptRandomGenerate(sizeof(gp.ehProof.t.buffer), gp.ehProof.t.buffer); + + // Enable storage and endorsement hierarchy + gc.shEnable = gc.ehEnable = TRUE; + + // set the authValue buffers to zero + MemorySet(&gp.ownerAuth, 0, sizeof(gp.ownerAuth)); + MemorySet(&gp.endorsementAuth, 0, sizeof(gp.endorsementAuth)); + MemorySet(&gp.lockoutAuth, 0, sizeof(gp.lockoutAuth)); + + // Set storage, endorsement, and lockout authPolicy to null + gp.ownerAlg = gp.endorsementAlg = gp.lockoutAlg = TPM_ALG_NULL; + MemorySet(&gp.ownerPolicy, 0, sizeof(gp.ownerPolicy)); + MemorySet(&gp.endorsementPolicy, 0, sizeof(gp.endorsementPolicy)); + MemorySet(&gp.lockoutPolicy, 0, sizeof(gp.lockoutPolicy)); + + // Flush loaded object in storage and endorsement hierarchy + ObjectFlushHierarchy(TPM_RH_OWNER); + ObjectFlushHierarchy(TPM_RH_ENDORSEMENT); + + // Flush owner and endorsement object and owner index in NV + NvFlushHierarchy(TPM_RH_OWNER); + NvFlushHierarchy(TPM_RH_ENDORSEMENT); + + // Initialize dictionary attack parameters + DAPreInstall_Init(); + + // Reset clock + go.clock = 0; + go.clockSafe = YES; + NvWrite(NV_ORDERLY_DATA, sizeof(ORDERLY_DATA), &go); + + // Reset counters + gp.resetCount = gr.restartCount = gr.clearCount = 0; + gp.auditCounter = 0; + + // Save persistent data changes to NV + // Note: since there are so many changes to the persistent data structure, the + // entire PERSISTENT_DATA structure is written as a unit + NvWrite(NV_PERSISTENT_DATA, sizeof(PERSISTENT_DATA), &gp); + + // Reset the PCR authValues (this does not change the PCRs) + PCR_ClearAuth(); + + // Bump the PCR counter + PCRChanged(0); + + + // orderly state should be cleared because of the update to state clear data + g_clearOrderly = TRUE; + + return TPM_RC_SUCCESS; +} + +#endif // CC_Clear \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/ClearControl.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/ClearControl.c new file mode 100644 index 000000000..4bf2407e7 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/ClearControl.c @@ -0,0 +1,72 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "ClearControl_fp.h" + +#if CC_ClearControl // Conditional expansion of this file + +/*(See part 3 specification) +// Enable or disable the execution of TPM2_Clear command +*/ +// Return Type: TPM_RC +// TPM_RC_AUTH_FAIL authorization is not properly given +TPM_RC +TPM2_ClearControl( + ClearControl_In *in // IN: input parameter list + ) +{ + // The command needs NV update. + RETURN_IF_NV_IS_NOT_AVAILABLE; + +// Input Validation + + // LockoutAuth may be used to set disableLockoutClear to TRUE but not to FALSE + if(in->auth == TPM_RH_LOCKOUT && in->disable == NO) + return TPM_RC_AUTH_FAIL; + +// Internal Data Update + + if(in->disable == YES) + gp.disableClear = TRUE; + else + gp.disableClear = FALSE; + + // Record the change to NV + NV_SYNC_PERSISTENT(disableClear); + + return TPM_RC_SUCCESS; +} + +#endif // CC_ClearControl \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/CreatePrimary.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/CreatePrimary.c new file mode 100644 index 000000000..b0c3c6d8c --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/CreatePrimary.c @@ -0,0 +1,143 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "CreatePrimary_fp.h" + +#if CC_CreatePrimary // Conditional expansion of this file + +/*(See part 3 specification) +// Creates a primary or temporary object from a primary seed. +*/ +// Return Type: TPM_RC +// TPM_RC_ATTRIBUTES sensitiveDataOrigin is CLEAR when sensitive.data is an +// Empty Buffer 'fixedTPM', 'fixedParent', or +// 'encryptedDuplication' attributes are inconsistent +// between themselves or with those of the parent object; +// inconsistent 'restricted', 'decrypt' and 'sign' +// attributes +// attempt to inject sensitive data for an asymmetric +// key; +// TPM_RC_KDF incorrect KDF specified for decrypting keyed hash +// object +// TPM_RC_KEY a provided symmetric key value is not allowed +// TPM_RC_OBJECT_MEMORY there is no free slot for the object +// TPM_RC_SCHEME inconsistent attributes 'decrypt', 'sign', +// 'restricted' and key's scheme ID; or hash algorithm is +// inconsistent with the scheme ID for keyed hash object +// TPM_RC_SIZE size of public authorization policy or sensitive +// authorization value does not match digest size of the +// name algorithm; or sensitive data size for the keyed +// hash object is larger than is allowed for the scheme +// TPM_RC_SYMMETRIC a storage key with no symmetric algorithm specified; +// or non-storage key with symmetric algorithm different +// from TPM_ALG_NULL +// TPM_RC_TYPE unknown object type +TPM_RC +TPM2_CreatePrimary( + CreatePrimary_In *in, // IN: input parameter list + CreatePrimary_Out *out // OUT: output parameter list + ) +{ + TPM_RC result = TPM_RC_SUCCESS; + TPMT_PUBLIC *publicArea; + DRBG_STATE rand; + OBJECT *newObject; + TPM2B_NAME name; + +// Input Validation + // Will need a place to put the result + newObject = FindEmptyObjectSlot(&out->objectHandle); + if(newObject == NULL) + return TPM_RC_OBJECT_MEMORY; + // Get the address of the public area in the new object + // (this is just to save typing) + publicArea = &newObject->publicArea; + + *publicArea = in->inPublic.publicArea; + + // Check attributes in input public area. CreateChecks() checks the things that + // are unique to creation and then validates the attributes and values that are + // common to create and load. + result = CreateChecks(NULL, publicArea, + in->inSensitive.sensitive.data.t.size); + if(result != TPM_RC_SUCCESS) + return RcSafeAddToResult(result, RC_CreatePrimary_inPublic); + // Validate the sensitive area values + if(!AdjustAuthSize(&in->inSensitive.sensitive.userAuth, + publicArea->nameAlg)) + return TPM_RCS_SIZE + RC_CreatePrimary_inSensitive; +// Command output + // Compute the name using out->name as a scratch area (this is not the value + // that ultimately will be returned, then instantiate the state that will be + // used as a random number generator during the object creation. + // The caller does not know the seed values so the actual name does not have + // to be over the input, it can be over the unmarshaled structure. + result = DRBG_InstantiateSeeded(&rand, + &HierarchyGetPrimarySeed(in->primaryHandle)->b, + PRIMARY_OBJECT_CREATION, + (TPM2B *)PublicMarshalAndComputeName(publicArea, &name), + &in->inSensitive.sensitive.data.b); + if(result == TPM_RC_SUCCESS) + { + newObject->attributes.primary = SET; + if(in->primaryHandle == TPM_RH_ENDORSEMENT) + newObject->attributes.epsHierarchy = SET; + + // Create the primary object. + result = CryptCreateObject(newObject, &in->inSensitive.sensitive, + (RAND_STATE *)&rand); + } + if(result != TPM_RC_SUCCESS) + return result; + + // Set the publicArea and name from the computed values + out->outPublic.publicArea = newObject->publicArea; + out->name = newObject->name; + + // Fill in creation data + FillInCreationData(in->primaryHandle, publicArea->nameAlg, + &in->creationPCR, &in->outsideInfo, &out->creationData, + &out->creationHash); + + // Compute creation ticket + TicketComputeCreation(EntityGetHierarchy(in->primaryHandle), &out->name, + &out->creationHash, &out->creationTicket); + + // Set the remaining attributes for a loaded object + ObjectSetLoadedAttributes(newObject, in->primaryHandle); + return result; +} + +#endif // CC_CreatePrimary \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/HierarchyChangeAuth.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/HierarchyChangeAuth.c new file mode 100644 index 000000000..db398f531 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/HierarchyChangeAuth.c @@ -0,0 +1,91 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "HierarchyChangeAuth_fp.h" + +#if CC_HierarchyChangeAuth // Conditional expansion of this file + +#include "Object_spt_fp.h" + +/*(See part 3 specification) +// Set a hierarchy authValue +*/ +// Return Type: TPM_RC +// TPM_RC_SIZE 'newAuth' size is greater than that of integrity hash +// digest +TPM_RC +TPM2_HierarchyChangeAuth( + HierarchyChangeAuth_In *in // IN: input parameter list + ) +{ + // The command needs NV update. + RETURN_IF_NV_IS_NOT_AVAILABLE; + + // Make sure that the authorization value is a reasonable size (not larger than + // the size of the digest produced by the integrity hash. The integrity + // hash is assumed to produce the longest digest of any hash implemented + // on the TPM. This will also remove trailing zeros from the authValue. + if(MemoryRemoveTrailingZeros(&in->newAuth) > CONTEXT_INTEGRITY_HASH_SIZE) + return TPM_RCS_SIZE + RC_HierarchyChangeAuth_newAuth; + + // Set hierarchy authValue + switch(in->authHandle) + { + case TPM_RH_OWNER: + gp.ownerAuth = in->newAuth; + NV_SYNC_PERSISTENT(ownerAuth); + break; + case TPM_RH_ENDORSEMENT: + gp.endorsementAuth = in->newAuth; + NV_SYNC_PERSISTENT(endorsementAuth); + break; + case TPM_RH_PLATFORM: + gc.platformAuth = in->newAuth; + // orderly state should be cleared + g_clearOrderly = TRUE; + break; + case TPM_RH_LOCKOUT: + gp.lockoutAuth = in->newAuth; + NV_SYNC_PERSISTENT(lockoutAuth); + break; + default: + FAIL(FATAL_ERROR_INTERNAL); + break; + } + + return TPM_RC_SUCCESS; +} + +#endif // CC_HierarchyChangeAuth \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/HierarchyControl.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/HierarchyControl.c new file mode 100644 index 000000000..5e1b527d4 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/HierarchyControl.c @@ -0,0 +1,144 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "HierarchyControl_fp.h" + +#if CC_HierarchyControl // Conditional expansion of this file + +/*(See part 3 specification) +// Enable or disable use of a hierarchy +*/ +// Return Type: TPM_RC +// TPM_RC_AUTH_TYPE 'authHandle' is not applicable to 'hierarchy' in its +// current state +TPM_RC +TPM2_HierarchyControl( + HierarchyControl_In *in // IN: input parameter list + ) +{ + BOOL select = (in->state == YES); + BOOL *selected = NULL; + +// Input Validation + switch(in->enable) + { + // Platform hierarchy has to be disabled by PlatformAuth + // If the platform hierarchy has already been disabled, only a reboot + // can enable it again + case TPM_RH_PLATFORM: + case TPM_RH_PLATFORM_NV: + if(in->authHandle != TPM_RH_PLATFORM) + return TPM_RC_AUTH_TYPE; + break; + + // ShEnable may be disabled if PlatformAuth/PlatformPolicy or + // OwnerAuth/OwnerPolicy is provided. If ShEnable is disabled, then it + // may only be enabled if PlatformAuth/PlatformPolicy is provided. + case TPM_RH_OWNER: + if(in->authHandle != TPM_RH_PLATFORM + && in->authHandle != TPM_RH_OWNER) + return TPM_RC_AUTH_TYPE; + if(gc.shEnable == FALSE && in->state == YES + && in->authHandle != TPM_RH_PLATFORM) + return TPM_RC_AUTH_TYPE; + break; + + // EhEnable may be disabled if either PlatformAuth/PlatformPolicy or + // EndosementAuth/EndorsementPolicy is provided. If EhEnable is disabled, + // then it may only be enabled if PlatformAuth/PlatformPolicy is + // provided. + case TPM_RH_ENDORSEMENT: + if(in->authHandle != TPM_RH_PLATFORM + && in->authHandle != TPM_RH_ENDORSEMENT) + return TPM_RC_AUTH_TYPE; + if(gc.ehEnable == FALSE && in->state == YES + && in->authHandle != TPM_RH_PLATFORM) + return TPM_RC_AUTH_TYPE; + break; + default: + FAIL(FATAL_ERROR_INTERNAL); + break; + } + +// Internal Data Update + + // Enable or disable the selected hierarchy + // Note: the authorization processing for this command may keep these + // command actions from being executed. For example, if phEnable is + // CLEAR, then platformAuth cannot be used for authorization. This + // means that would not be possible to use platformAuth to change the + // state of phEnable from CLEAR to SET. + // If it is decided that platformPolicy can still be used when phEnable + // is CLEAR, then this code could SET phEnable when proper platform + // policy is provided. + switch(in->enable) + { + case TPM_RH_OWNER: + selected = &gc.shEnable; + break; + case TPM_RH_ENDORSEMENT: + selected = &gc.ehEnable; + break; + case TPM_RH_PLATFORM: + selected = &g_phEnable; + break; + case TPM_RH_PLATFORM_NV: + selected = &gc.phEnableNV; + break; + default: + FAIL(FATAL_ERROR_INTERNAL); + break; + } + if(selected != NULL && *selected != select) + { + // Before changing the internal state, make sure that NV is available. + // Only need to update NV if changing the orderly state + RETURN_IF_ORDERLY; + + // state is changing and NV is available so modify + *selected = select; + // If a hierarchy was just disabled, flush it + if(select == CLEAR && in->enable != TPM_RH_PLATFORM_NV) + // Flush hierarchy + ObjectFlushHierarchy(in->enable); + + // orderly state should be cleared because of the update to state clear data + // This gets processed in ExecuteCommand() on the way out. + g_clearOrderly = TRUE; + } + return TPM_RC_SUCCESS; +} + +#endif // CC_HierarchyControl \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/SetPrimaryPolicy.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/SetPrimaryPolicy.c new file mode 100644 index 000000000..e51fe1501 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/SetPrimaryPolicy.c @@ -0,0 +1,102 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "SetPrimaryPolicy_fp.h" + +#if CC_SetPrimaryPolicy // Conditional expansion of this file + +/*(See part 3 specification) +// Set a hierarchy policy +*/ +// Return Type: TPM_RC +// TPM_RC_SIZE size of input authPolicy is not consistent with +// input hash algorithm +TPM_RC +TPM2_SetPrimaryPolicy( + SetPrimaryPolicy_In *in // IN: input parameter list + ) +{ +// Input Validation + + // Check the authPolicy consistent with hash algorithm. If the policy size is + // zero, then the algorithm is required to be TPM_ALG_NULL + if(in->authPolicy.t.size != CryptHashGetDigestSize(in->hashAlg)) + return TPM_RCS_SIZE + RC_SetPrimaryPolicy_authPolicy; + + // The command need NV update for OWNER and ENDORSEMENT hierarchy, and + // might need orderlyState update for PLATFROM hierarchy. + // Check if NV is available. A TPM_RC_NV_UNAVAILABLE or TPM_RC_NV_RATE + // error may be returned at this point + RETURN_IF_NV_IS_NOT_AVAILABLE; + +// Internal Data Update + + // Set hierarchy policy + switch(in->authHandle) + { + case TPM_RH_OWNER: + gp.ownerAlg = in->hashAlg; + gp.ownerPolicy = in->authPolicy; + NV_SYNC_PERSISTENT(ownerAlg); + NV_SYNC_PERSISTENT(ownerPolicy); + break; + case TPM_RH_ENDORSEMENT: + gp.endorsementAlg = in->hashAlg; + gp.endorsementPolicy = in->authPolicy; + NV_SYNC_PERSISTENT(endorsementAlg); + NV_SYNC_PERSISTENT(endorsementPolicy); + break; + case TPM_RH_PLATFORM: + gc.platformAlg = in->hashAlg; + gc.platformPolicy = in->authPolicy; + // need to update orderly state + g_clearOrderly = TRUE; + break; + case TPM_RH_LOCKOUT: + gp.lockoutAlg = in->hashAlg; + gp.lockoutPolicy = in->authPolicy; + NV_SYNC_PERSISTENT(lockoutAlg); + NV_SYNC_PERSISTENT(lockoutPolicy); + break; + + default: + FAIL(FATAL_ERROR_INTERNAL); + break; + } + + return TPM_RC_SUCCESS; +} + +#endif // CC_SetPrimaryPolicy \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Misc/PP_Commands.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Misc/PP_Commands.c new file mode 100644 index 000000000..6365bf7a9 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Misc/PP_Commands.c @@ -0,0 +1,80 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "PP_Commands_fp.h" + +#if CC_PP_Commands // Conditional expansion of this file + +/*(See part 3 specification) +// This command is used to determine which commands require assertion of +// Physical Presence in addition to platformAuth/platformPolicy. +*/ +TPM_RC +TPM2_PP_Commands( + PP_Commands_In *in // IN: input parameter list + ) +{ + UINT32 i; + + // The command needs NV update. Check if NV is available. + // A TPM_RC_NV_UNAVAILABLE or TPM_RC_NV_RATE error may be returned at + // this point + RETURN_IF_NV_IS_NOT_AVAILABLE; + +// Internal Data Update + + // Process set list + for(i = 0; i < in->setList.count; i++) + // If command is implemented, set it as PP required. If the input + // command is not a PP command, it will be ignored at + // PhysicalPresenceCommandSet(). + // Note: PhysicalPresenceCommandSet() checks if the command is implemented. + PhysicalPresenceCommandSet(in->setList.commandCodes[i]); + + // Process clear list + for(i = 0; i < in->clearList.count; i++) + // If command is implemented, clear it as PP required. If the input + // command is not a PP command, it will be ignored at + // PhysicalPresenceCommandClear(). If the input command is + // TPM2_PP_Commands, it will be ignored as well + PhysicalPresenceCommandClear(in->clearList.commandCodes[i]); + + // Save the change of PP list + NV_SYNC_PERSISTENT(ppList); + + return TPM_RC_SUCCESS; +} + +#endif // CC_PP_Commands \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Misc/SetAlgorithmSet.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Misc/SetAlgorithmSet.c new file mode 100644 index 000000000..5df8ebe5c --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Misc/SetAlgorithmSet.c @@ -0,0 +1,62 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "SetAlgorithmSet_fp.h" + +#if CC_SetAlgorithmSet // Conditional expansion of this file + +/*(See part 3 specification) +// This command allows the platform to change the algorithm set setting of the TPM +*/ +TPM_RC +TPM2_SetAlgorithmSet( + SetAlgorithmSet_In *in // IN: input parameter list + ) +{ + // The command needs NV update. Check if NV is available. + // A TPM_RC_NV_UNAVAILABLE or TPM_RC_NV_RATE error may be returned at + // this point + RETURN_IF_NV_IS_NOT_AVAILABLE; + +// Internal Data Update + gp.algorithmSet = in->algorithmSet; + + // Write the algorithm set changes to NV + NV_SYNC_PERSISTENT(algorithmSet); + + return TPM_RC_SUCCESS; +} + +#endif // CC_SetAlgorithmSet \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_Certify.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_Certify.c new file mode 100644 index 000000000..6bd424766 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_Certify.c @@ -0,0 +1,141 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "Attest_spt_fp.h" +#include "NV_Certify_fp.h" + +#if CC_NV_Certify // Conditional expansion of this file + +/*(See part 3 specification) +// certify the contents of an NV index or portion of an NV index +*/ +// Return Type: TPM_RC +// TPM_RC_NV_AUTHORIZATION the authorization was valid but the +// authorizing entity ('authHandle') +// is not allowed to read from the Index +// referenced by 'nvIndex' +// TPM_RC_KEY 'signHandle' does not reference a signing +// key +// TPM_RC_NV_LOCKED Index referenced by 'nvIndex' is locked +// for reading +// TPM_RC_NV_RANGE 'offset' plus 'size' extends outside of the +// data range of the Index referenced by +// 'nvIndex' +// TPM_RC_NV_UNINITIALIZED Index referenced by 'nvIndex' has not been +// written +// TPM_RC_SCHEME 'inScheme' is not an allowed value for the +// key definition +TPM_RC +TPM2_NV_Certify( + NV_Certify_In *in, // IN: input parameter list + NV_Certify_Out *out // OUT: output parameter list + ) +{ + TPM_RC result; + NV_REF locator; + NV_INDEX *nvIndex = NvGetIndexInfo(in->nvIndex, &locator); + TPMS_ATTEST certifyInfo; + OBJECT *signObject = HandleToObject(in->signHandle); +// Input Validation + if(!IsSigningObject(signObject)) + return TPM_RCS_KEY + RC_NV_Certify_signHandle; + if(!CryptSelectSignScheme(signObject, &in->inScheme)) + return TPM_RCS_SCHEME + RC_NV_Certify_inScheme; + + // Common access checks, NvWriteAccessCheck() may return TPM_RC_NV_AUTHORIZATION + // or TPM_RC_NV_LOCKED + result = NvReadAccessChecks(in->authHandle, in->nvIndex, + nvIndex->publicArea.attributes); + if(result != TPM_RC_SUCCESS) + return result; + + // make sure that the selection is within the range of the Index (cast to avoid + // any wrap issues with addition) + if((UINT32)in->size + (UINT32)in->offset > (UINT32)nvIndex->publicArea.dataSize) + return TPM_RC_NV_RANGE; + // Make sure the data will fit the return buffer. + // NOTE: This check may be modified if the output buffer will not hold the + // maximum sized NV buffer as part of the certified data. The difference in + // size could be substantial if the signature scheme was produced a large + // signature (e.g., RSA 4096). + if(in->size > MAX_NV_BUFFER_SIZE) + return TPM_RCS_VALUE + RC_NV_Certify_size; + +// Command Output + + // Fill in attest information common fields + FillInAttestInfo(in->signHandle, &in->inScheme, &in->qualifyingData, + &certifyInfo); + + // Get the name of the index + NvGetIndexName(nvIndex, &certifyInfo.attested.nv.indexName); + + // See if this is old format or new format + if ((in->size != 0) || (in->offset != 0)) + { + // NV certify specific fields + // Attestation type + certifyInfo.type = TPM_ST_ATTEST_NV; + + // Set the return size + certifyInfo.attested.nv.nvContents.t.size = in->size; + + // Set the offset + certifyInfo.attested.nv.offset = in->offset; + + // Perform the read + NvGetIndexData(nvIndex, locator, in->offset, in->size, + certifyInfo.attested.nv.nvContents.t.buffer); + } + else + { + HASH_STATE hashState; + // This is to sign a digest of the data + certifyInfo.type = TPM_ST_ATTEST_NV_DIGEST; + // Initialize the hash before calling the function to add the Index data to + // the hash. + certifyInfo.attested.nvDigest.nvDigest.t.size = + CryptHashStart(&hashState, in->inScheme.details.any.hashAlg); + NvHashIndexData(&hashState, nvIndex, locator, 0, + nvIndex->publicArea.dataSize); + CryptHashEnd2B(&hashState, &certifyInfo.attested.nvDigest.nvDigest.b); + } + // Sign attestation structure. A NULL signature will be returned if + // signObject is NULL. + return SignAttestInfo(signObject, &in->inScheme, &certifyInfo, + &in->qualifyingData, &out->certifyInfo, &out->signature); +} + +#endif // CC_NV_Certify \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_ChangeAuth.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_ChangeAuth.c new file mode 100644 index 000000000..5cb2a69e6 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_ChangeAuth.c @@ -0,0 +1,68 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "NV_ChangeAuth_fp.h" + +#if CC_NV_ChangeAuth // Conditional expansion of this file + +/*(See part 3 specification) +// change authorization value of a NV index +*/ +// Return Type: TPM_RC +// TPM_RC_SIZE 'newAuth' size is larger than the digest +// size of the Name algorithm for the Index +// referenced by 'nvIndex +TPM_RC +TPM2_NV_ChangeAuth( + NV_ChangeAuth_In *in // IN: input parameter list + ) +{ + NV_REF locator; + NV_INDEX *nvIndex = NvGetIndexInfo(in->nvIndex, &locator); + +// Input Validation + + // Remove trailing zeros and make sure that the result is not larger than the + // digest of the nameAlg. + if(MemoryRemoveTrailingZeros(&in->newAuth) + > CryptHashGetDigestSize(nvIndex->publicArea.nameAlg)) + return TPM_RCS_SIZE + RC_NV_ChangeAuth_newAuth; + +// Internal Data Update + // Change authValue + return NvWriteIndexAuth(locator, &in->newAuth); +} + +#endif // CC_NV_ChangeAuth \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_DefineSpace.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_DefineSpace.c new file mode 100644 index 000000000..45e1dc107 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_DefineSpace.c @@ -0,0 +1,226 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "NV_DefineSpace_fp.h" + +#if CC_NV_DefineSpace // Conditional expansion of this file + +/*(See part 3 specification) +// Define a NV index space +*/ +// Return Type: TPM_RC +// TPM_RC_HIERARCHY for authorizations using TPM_RH_PLATFORM +// phEnable_NV is clear preventing access to NV +// data in the platform hierarchy. +// TPM_RC_ATTRIBUTES attributes of the index are not consistent +// TPM_RC_NV_DEFINED index already exists +// TPM_RC_NV_SPACE insufficient space for the index +// TPM_RC_SIZE 'auth->size' or 'publicInfo->authPolicy.size' is +// larger than the digest size of +// 'publicInfo->nameAlg'; or 'publicInfo->dataSize' +// is not consistent with 'publicInfo->attributes' +// (this includes the case when the index is +// larger than a MAX_NV_BUFFER_SIZE but the +// TPMA_NV_WRITEALL attribute is SET) +TPM_RC +TPM2_NV_DefineSpace( + NV_DefineSpace_In *in // IN: input parameter list + ) +{ + TPMA_NV attributes = in->publicInfo.nvPublic.attributes; + UINT16 nameSize; + + nameSize = CryptHashGetDigestSize(in->publicInfo.nvPublic.nameAlg); + +// Input Validation + + // Checks not specific to type + + // If the UndefineSpaceSpecial command is not implemented, then can't have + // an index that can only be deleted with policy +#if CC_NV_UndefineSpaceSpecial == NO + if(IS_ATTRIBUTE(attributes, TPMA_NV, POLICY_DELETE)) + return TPM_RCS_ATTRIBUTES + RC_NV_DefineSpace_publicInfo; +#endif + + // check that the authPolicy consistent with hash algorithm + + if(in->publicInfo.nvPublic.authPolicy.t.size != 0 + && in->publicInfo.nvPublic.authPolicy.t.size != nameSize) + return TPM_RCS_SIZE + RC_NV_DefineSpace_publicInfo; + + // make sure that the authValue is not too large + if(MemoryRemoveTrailingZeros(&in->auth) + > CryptHashGetDigestSize(in->publicInfo.nvPublic.nameAlg)) + return TPM_RCS_SIZE + RC_NV_DefineSpace_auth; + + // If an index is being created by the owner and shEnable is + // clear, then we would not reach this point because ownerAuth + // can't be given when shEnable is CLEAR. However, if phEnable + // is SET but phEnableNV is CLEAR, we have to check here + if(in->authHandle == TPM_RH_PLATFORM && gc.phEnableNV == CLEAR) + return TPM_RCS_HIERARCHY + RC_NV_DefineSpace_authHandle; + + // Attribute checks + // Eliminate the unsupported types + switch(GET_TPM_NT(attributes)) + { +#if CC_NV_Increment == YES + case TPM_NT_COUNTER: +#endif +#if CC_NV_SetBits == YES + case TPM_NT_BITS: +#endif +#if CC_NV_Extend == YES + case TPM_NT_EXTEND: +#endif +#if CC_PolicySecret == YES && defined TPM_NT_PIN_PASS + case TPM_NT_PIN_PASS: + case TPM_NT_PIN_FAIL: +#endif + case TPM_NT_ORDINARY: + break; + default: + return TPM_RCS_ATTRIBUTES + RC_NV_DefineSpace_publicInfo; + break; + } + // Check that the sizes are OK based on the type + switch(GET_TPM_NT(attributes)) + { + case TPM_NT_ORDINARY: + // Can't exceed the allowed size for the implementation + if(in->publicInfo.nvPublic.dataSize > MAX_NV_INDEX_SIZE) + return TPM_RCS_SIZE + RC_NV_DefineSpace_publicInfo; + break; + case TPM_NT_EXTEND: + if(in->publicInfo.nvPublic.dataSize != nameSize) + return TPM_RCS_SIZE + RC_NV_DefineSpace_publicInfo; + break; + default: + // Everything else needs a size of 8 + if(in->publicInfo.nvPublic.dataSize != 8) + return TPM_RCS_SIZE + RC_NV_DefineSpace_publicInfo; + break; + } + // Handle other specifics + switch(GET_TPM_NT(attributes)) + { + case TPM_NT_COUNTER: + // Counter can't have TPMA_NV_CLEAR_STCLEAR SET (don't clear counters) + if(IS_ATTRIBUTE(attributes, TPMA_NV, CLEAR_STCLEAR)) + return TPM_RCS_ATTRIBUTES + RC_NV_DefineSpace_publicInfo; + break; +#ifdef TPM_NT_PIN_FAIL + case TPM_NT_PIN_FAIL: + // NV_NO_DA must be SET and AUTHWRITE must be CLEAR + // NOTE: As with a PIN_PASS index, the authValue of the index is not + // available until the index is written. If AUTHWRITE is the only way to + // write then index, it could never be written. Rather than go through + // all of the other possible ways to write the Index, it is simply + // prohibited to write the index with the authValue. Other checks + // below will insure that there seems to be a way to write the index + // (i.e., with platform authorization , owner authorization, + // or with policyAuth.) + // It is not allowed to create a PIN Index that can't be modified. + if(!IS_ATTRIBUTE(attributes, TPMA_NV, NO_DA)) + return TPM_RCS_ATTRIBUTES + RC_NV_DefineSpace_publicInfo; +#endif +#ifdef TPM_NT_PIN_PASS + case TPM_NT_PIN_PASS: + // AUTHWRITE must be CLEAR (see note above to TPM_NT_PIN_FAIL) + if(IS_ATTRIBUTE(attributes, TPMA_NV, AUTHWRITE) + || IS_ATTRIBUTE(attributes, TPMA_NV, GLOBALLOCK) + || IS_ATTRIBUTE(attributes, TPMA_NV, WRITEDEFINE)) + return TPM_RCS_ATTRIBUTES + RC_NV_DefineSpace_publicInfo; +#endif // this comes before break because PIN_FAIL falls through + break; + default: + break; + } + + // Locks may not be SET and written cannot be SET + if(IS_ATTRIBUTE(attributes, TPMA_NV, WRITTEN) + || IS_ATTRIBUTE(attributes, TPMA_NV, WRITELOCKED) + || IS_ATTRIBUTE(attributes, TPMA_NV, READLOCKED)) + return TPM_RCS_ATTRIBUTES + RC_NV_DefineSpace_publicInfo; + + // There must be a way to read the index. + if(!IS_ATTRIBUTE(attributes, TPMA_NV, OWNERREAD) + && !IS_ATTRIBUTE(attributes, TPMA_NV, PPREAD) + && !IS_ATTRIBUTE(attributes, TPMA_NV, AUTHREAD) + && !IS_ATTRIBUTE(attributes, TPMA_NV, POLICYREAD)) + return TPM_RCS_ATTRIBUTES + RC_NV_DefineSpace_publicInfo; + + // There must be a way to write the index + if(!IS_ATTRIBUTE(attributes, TPMA_NV, OWNERWRITE) + && !IS_ATTRIBUTE(attributes, TPMA_NV, PPWRITE) + && !IS_ATTRIBUTE(attributes, TPMA_NV, AUTHWRITE) + && !IS_ATTRIBUTE(attributes, TPMA_NV, POLICYWRITE)) + return TPM_RCS_ATTRIBUTES + RC_NV_DefineSpace_publicInfo; + + // An index with TPMA_NV_CLEAR_STCLEAR can't have TPMA_NV_WRITEDEFINE SET + if(IS_ATTRIBUTE(attributes, TPMA_NV, CLEAR_STCLEAR) + && IS_ATTRIBUTE(attributes, TPMA_NV, WRITEDEFINE)) + return TPM_RCS_ATTRIBUTES + RC_NV_DefineSpace_publicInfo; + + // Make sure that the creator of the index can delete the index + if((IS_ATTRIBUTE(attributes, TPMA_NV, PLATFORMCREATE) + && in->authHandle == TPM_RH_OWNER) + || (!IS_ATTRIBUTE(attributes, TPMA_NV, PLATFORMCREATE) + && in->authHandle == TPM_RH_PLATFORM)) + return TPM_RCS_ATTRIBUTES + RC_NV_DefineSpace_authHandle; + + // If TPMA_NV_POLICY_DELETE is SET, then the index must be defined by + // the platform + if(IS_ATTRIBUTE(attributes, TPMA_NV, POLICY_DELETE) + && TPM_RH_PLATFORM != in->authHandle) + return TPM_RCS_ATTRIBUTES + RC_NV_DefineSpace_publicInfo; + + // Make sure that the TPMA_NV_WRITEALL is not set if the index size is larger + // than the allowed NV buffer size. + if(in->publicInfo.nvPublic.dataSize > MAX_NV_BUFFER_SIZE + && IS_ATTRIBUTE(attributes, TPMA_NV, WRITEALL)) + return TPM_RCS_SIZE + RC_NV_DefineSpace_publicInfo; + + // And finally, see if the index is already defined. + if(NvIndexIsDefined(in->publicInfo.nvPublic.nvIndex)) + return TPM_RC_NV_DEFINED; + +// Internal Data Update + // define the space. A TPM_RC_NV_SPACE error may be returned at this point + return NvDefineIndex(&in->publicInfo.nvPublic, &in->auth); +} + +#endif // CC_NV_DefineSpace \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_Extend.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_Extend.c new file mode 100644 index 000000000..682d8d89f --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_Extend.c @@ -0,0 +1,109 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "NV_Extend_fp.h" + +#if CC_NV_Extend // Conditional expansion of this file + +/*(See part 3 specification) +// Write to a NV index +*/ +// Return Type: TPM_RC +// TPM_RC_ATTRIBUTES the TPMA_NV_EXTEND attribute is not SET in +// the Index referenced by 'nvIndex' +// TPM_RC_NV_AUTHORIZATION the authorization was valid but the +// authorizing entity ('authHandle') +// is not allowed to write to the Index +// referenced by 'nvIndex' +// TPM_RC_NV_LOCKED the Index referenced by 'nvIndex' is locked +// for writing +TPM_RC +TPM2_NV_Extend( + NV_Extend_In *in // IN: input parameter list + ) +{ + TPM_RC result; + NV_REF locator; + NV_INDEX *nvIndex = NvGetIndexInfo(in->nvIndex, &locator); + + TPM2B_DIGEST oldDigest; + TPM2B_DIGEST newDigest; + HASH_STATE hashState; + +// Input Validation + + // Common access checks, NvWriteAccessCheck() may return TPM_RC_NV_AUTHORIZATION + // or TPM_RC_NV_LOCKED + result = NvWriteAccessChecks(in->authHandle, + in->nvIndex, + nvIndex->publicArea.attributes); + if(result != TPM_RC_SUCCESS) + return result; + + // Make sure that this is an extend index + if(!IsNvExtendIndex(nvIndex->publicArea.attributes)) + return TPM_RCS_ATTRIBUTES + RC_NV_Extend_nvIndex; + +// Internal Data Update + + // Perform the write. + oldDigest.t.size = CryptHashGetDigestSize(nvIndex->publicArea.nameAlg); + pAssert(oldDigest.t.size <= sizeof(oldDigest.t.buffer)); + if(IS_ATTRIBUTE(nvIndex->publicArea.attributes, TPMA_NV, WRITTEN)) + { + NvGetIndexData(nvIndex, locator, 0, oldDigest.t.size, oldDigest.t.buffer); + } + else + { + MemorySet(oldDigest.t.buffer, 0, oldDigest.t.size); + } + // Start hash + newDigest.t.size = CryptHashStart(&hashState, nvIndex->publicArea.nameAlg); + + // Adding old digest + CryptDigestUpdate2B(&hashState, &oldDigest.b); + + // Adding new data + CryptDigestUpdate2B(&hashState, &in->data.b); + + // Complete hash + CryptHashEnd2B(&hashState, &newDigest.b); + + // Write extended hash back. + // Note, this routine will SET the TPMA_NV_WRITTEN attribute if necessary + return NvWriteIndexData(nvIndex, 0, newDigest.t.size, newDigest.t.buffer); +} + +#endif // CC_NV_Extend \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_GlobalWriteLock.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_GlobalWriteLock.c new file mode 100644 index 000000000..53f983d8f --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_GlobalWriteLock.c @@ -0,0 +1,57 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "NV_GlobalWriteLock_fp.h" + +#if CC_NV_GlobalWriteLock // Conditional expansion of this file + +/*(See part 3 specification) +// Set global write lock for NV index +*/ +TPM_RC +TPM2_NV_GlobalWriteLock( + NV_GlobalWriteLock_In *in // IN: input parameter list + ) +{ + // Input parameter (the authorization handle) is not reference in command action. + NOT_REFERENCED(in); + +// Internal Data Update + + // Implementation dependent method of setting the global lock + return NvSetGlobalLock(); +} + +#endif // CC_NV_GlobalWriteLock \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_Increment.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_Increment.c new file mode 100644 index 000000000..a42d11715 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_Increment.c @@ -0,0 +1,102 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "NV_Increment_fp.h" + +#if CC_NV_Increment // Conditional expansion of this file + +/*(See part 3 specification) +// Increment a NV counter +*/ +// Return Type: TPM_RC +// TPM_RC_ATTRIBUTES NV index is not a counter +// TPM_RC_NV_AUTHORIZATION authorization failure +// TPM_RC_NV_LOCKED Index is write locked +TPM_RC +TPM2_NV_Increment( + NV_Increment_In *in // IN: input parameter list + ) +{ + TPM_RC result; + NV_REF locator; + NV_INDEX *nvIndex = NvGetIndexInfo(in->nvIndex, &locator); + UINT64 countValue; + +// Input Validation + + // Common access checks, NvWriteAccessCheck() may return TPM_RC_NV_AUTHORIZATION + // or TPM_RC_NV_LOCKED + result = NvWriteAccessChecks(in->authHandle, + in->nvIndex, + nvIndex->publicArea.attributes); + if(result != TPM_RC_SUCCESS) + return result; + + // Make sure that this is a counter + if(!IsNvCounterIndex(nvIndex->publicArea.attributes)) + return TPM_RCS_ATTRIBUTES + RC_NV_Increment_nvIndex; + +// Internal Data Update + + // If counter index is not been written, initialize it + if(!IS_ATTRIBUTE(nvIndex->publicArea.attributes, TPMA_NV, WRITTEN)) + countValue = NvReadMaxCount(); + else + // Read NV data in native format for TPM CPU. + countValue = NvGetUINT64Data(nvIndex, locator); + + // Do the increment + countValue++; + + // Write NV data back. A TPM_RC_NV_UNAVAILABLE or TPM_RC_NV_RATE error may + // be returned at this point. If necessary, this function will set the + // TPMA_NV_WRITTEN attribute + result = NvWriteUINT64Data(nvIndex, countValue); + if(result == TPM_RC_SUCCESS) + { + // If a counter just rolled over, then force the NV update. + // Note, if this is an orderly counter, then the write-back needs to be + // forced, for other counters, the write-back will happen anyway + if(IS_ATTRIBUTE(nvIndex->publicArea.attributes, TPMA_NV, ORDERLY) + && (countValue & MAX_ORDERLY_COUNT) == 0 ) + { + // Need to force an NV update of orderly data + SET_NV_UPDATE(UT_ORDERLY); + } + } + return result; +} + +#endif // CC_NV_Increment \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_Read.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_Read.c new file mode 100644 index 000000000..745a7c666 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_Read.c @@ -0,0 +1,97 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "NV_Read_fp.h" + +#if CC_NV_Read // Conditional expansion of this file + +/*(See part 3 specification) +// Read of an NV index +*/ +// Return Type: TPM_RC +// TPM_RC_NV_AUTHORIZATION the authorization was valid but the +// authorizing entity ('authHandle') +// is not allowed to read from the Index +// referenced by 'nvIndex' +// TPM_RC_NV_LOCKED the Index referenced by 'nvIndex' is +// read locked +// TPM_RC_NV_RANGE read range defined by 'size' and 'offset' +// is outside the range of the Index referenced +// by 'nvIndex' +// TPM_RC_NV_UNINITIALIZED the Index referenced by 'nvIndex' has +// not been initialized (written) +// TPM_RC_VALUE the read size is larger than the +// MAX_NV_BUFFER_SIZE +TPM_RC +TPM2_NV_Read( + NV_Read_In *in, // IN: input parameter list + NV_Read_Out *out // OUT: output parameter list + ) +{ + NV_REF locator; + NV_INDEX *nvIndex = NvGetIndexInfo(in->nvIndex, &locator); + TPM_RC result; + +// Input Validation + // Common read access checks. NvReadAccessChecks() may return + // TPM_RC_NV_AUTHORIZATION, TPM_RC_NV_LOCKED, or TPM_RC_NV_UNINITIALIZED + result = NvReadAccessChecks(in->authHandle, in->nvIndex, + nvIndex->publicArea.attributes); + if(result != TPM_RC_SUCCESS) + return result; + + // Make sure the data will fit the return buffer + if(in->size > MAX_NV_BUFFER_SIZE) + return TPM_RCS_VALUE + RC_NV_Read_size; + + // Verify that the offset is not too large + if(in->offset > nvIndex->publicArea.dataSize) + return TPM_RCS_VALUE + RC_NV_Read_offset; + + // Make sure that the selection is within the range of the Index + if(in->size > (nvIndex->publicArea.dataSize - in->offset)) + return TPM_RC_NV_RANGE; + +// Command Output + // Set the return size + out->data.t.size = in->size; + + // Perform the read + NvGetIndexData(nvIndex, locator, in->offset, in->size, out->data.t.buffer); + + return TPM_RC_SUCCESS; +} + +#endif // CC_NV_Read \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_ReadLock.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_ReadLock.c new file mode 100644 index 000000000..776300f36 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_ReadLock.c @@ -0,0 +1,93 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "NV_ReadLock_fp.h" + +#if CC_NV_ReadLock // Conditional expansion of this file + +/*(See part 3 specification) +// Set read lock on a NV index +*/ +// Return Type: TPM_RC +// TPM_RC_ATTRIBUTES TPMA_NV_READ_STCLEAR is not SET so +// Index referenced by 'nvIndex' may not be +// write locked +// TPM_RC_NV_AUTHORIZATION the authorization was valid but the +// authorizing entity ('authHandle') +// is not allowed to read from the Index +// referenced by 'nvIndex' +TPM_RC +TPM2_NV_ReadLock( + NV_ReadLock_In *in // IN: input parameter list + ) +{ + TPM_RC result; + NV_REF locator; + // The referenced index has been checked multiple times before this is called + // so it must be present and will be loaded into cache + NV_INDEX *nvIndex = NvGetIndexInfo(in->nvIndex, &locator); + TPMA_NV nvAttributes = nvIndex->publicArea.attributes; + +// Input Validation + // Common read access checks. NvReadAccessChecks() may return + // TPM_RC_NV_AUTHORIZATION, TPM_RC_NV_LOCKED, or TPM_RC_NV_UNINITIALIZED + result = NvReadAccessChecks(in->authHandle, + in->nvIndex, + nvAttributes); + if(result == TPM_RC_NV_AUTHORIZATION) + return TPM_RC_NV_AUTHORIZATION; + // Index is already locked for write + else if(result == TPM_RC_NV_LOCKED) + return TPM_RC_SUCCESS; + + // If NvReadAccessChecks return TPM_RC_NV_UNINITALIZED, then continue. + // It is not an error to read lock an uninitialized Index. + + // if TPMA_NV_READ_STCLEAR is not set, the index can not be read-locked + if(!IS_ATTRIBUTE(nvAttributes, TPMA_NV, READ_STCLEAR)) + return TPM_RCS_ATTRIBUTES + RC_NV_ReadLock_nvIndex; + +// Internal Data Update + + // Set the READLOCK attribute + SET_ATTRIBUTE(nvAttributes, TPMA_NV, READLOCKED); + + // Write NV info back + return NvWriteIndexAttributes(nvIndex->publicArea.nvIndex, + locator, + nvAttributes); +} + +#endif // CC_NV_ReadLock \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_ReadPublic.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_ReadPublic.c new file mode 100644 index 000000000..4f9ce320c --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_ReadPublic.c @@ -0,0 +1,62 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "NV_ReadPublic_fp.h" + +#if CC_NV_ReadPublic // Conditional expansion of this file + +/*(See part 3 specification) +// Read the public information of a NV index +*/ +TPM_RC +TPM2_NV_ReadPublic( + NV_ReadPublic_In *in, // IN: input parameter list + NV_ReadPublic_Out *out // OUT: output parameter list + ) +{ + NV_INDEX *nvIndex = NvGetIndexInfo(in->nvIndex, NULL); + +// Command Output + + // Copy index public data to output + out->nvPublic.nvPublic = nvIndex->publicArea; + + // Compute NV name + NvGetIndexName(nvIndex, &out->nvName); + + return TPM_RC_SUCCESS; +} + +#endif // CC_NV_ReadPublic \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_SetBits.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_SetBits.c new file mode 100644 index 000000000..045872f9f --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_SetBits.c @@ -0,0 +1,91 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "NV_SetBits_fp.h" + +#if CC_NV_SetBits // Conditional expansion of this file + +/*(See part 3 specification) +// Set bits in a NV index +*/ +// Return Type: TPM_RC +// TPM_RC_ATTRIBUTES the TPMA_NV_BITS attribute is not SET in the +// Index referenced by 'nvIndex' +// TPM_RC_NV_AUTHORIZATION the authorization was valid but the +// authorizing entity ('authHandle') +// is not allowed to write to the Index +// referenced by 'nvIndex' +// TPM_RC_NV_LOCKED the Index referenced by 'nvIndex' is locked +// for writing +TPM_RC +TPM2_NV_SetBits( + NV_SetBits_In *in // IN: input parameter list + ) +{ + TPM_RC result; + NV_REF locator; + NV_INDEX *nvIndex = NvGetIndexInfo(in->nvIndex, &locator); + UINT64 oldValue; + UINT64 newValue; + +// Input Validation + + // Common access checks, NvWriteAccessCheck() may return TPM_RC_NV_AUTHORIZATION + // or TPM_RC_NV_LOCKED + result = NvWriteAccessChecks(in->authHandle, + in->nvIndex, + nvIndex->publicArea.attributes); + if(result != TPM_RC_SUCCESS) + return result; + + // Make sure that this is a bit field + if(!IsNvBitsIndex(nvIndex->publicArea.attributes)) + return TPM_RCS_ATTRIBUTES + RC_NV_SetBits_nvIndex; + + // If index is not been written, initialize it + if(!IS_ATTRIBUTE(nvIndex->publicArea.attributes, TPMA_NV, WRITTEN)) + oldValue = 0; + else + // Read index data + oldValue = NvGetUINT64Data(nvIndex, locator); + + // Figure out what the new value is going to be + newValue = oldValue | in->bits; + +// Internal Data Update + return NvWriteUINT64Data(nvIndex, newValue); +} + +#endif // CC_NV_SetBits \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_UndefineSpace.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_UndefineSpace.c new file mode 100644 index 000000000..bfe3fa866 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_UndefineSpace.c @@ -0,0 +1,76 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "NV_UndefineSpace_fp.h" + +#if CC_NV_UndefineSpace // Conditional expansion of this file + +/*(See part 3 specification) +// Delete an NV Index +*/ +// Return Type: TPM_RC +// TPM_RC_ATTRIBUTES TPMA_NV_POLICY_DELETE is SET in the Index +// referenced by 'nvIndex' so this command may +// not be used to delete this Index (see +// TPM2_NV_UndefineSpaceSpecial()) +// TPM_RC_NV_AUTHORIZATION attempt to use ownerAuth to delete an index +// created by the platform +// +TPM_RC +TPM2_NV_UndefineSpace( + NV_UndefineSpace_In *in // IN: input parameter list + ) +{ + NV_REF locator; + NV_INDEX *nvIndex = NvGetIndexInfo(in->nvIndex, &locator); + +// Input Validation + // This command can't be used to delete an index with TPMA_NV_POLICY_DELETE SET + if(IS_ATTRIBUTE(nvIndex->publicArea.attributes, TPMA_NV, POLICY_DELETE)) + return TPM_RCS_ATTRIBUTES + RC_NV_UndefineSpace_nvIndex; + + // The owner may only delete an index that was defined with ownerAuth. The + // platform may delete an index that was created with either authorization. + if(in->authHandle == TPM_RH_OWNER + && IS_ATTRIBUTE(nvIndex->publicArea.attributes, TPMA_NV, PLATFORMCREATE)) + return TPM_RC_NV_AUTHORIZATION; + +// Internal Data Update + + // Call implementation dependent internal routine to delete NV index + return NvDeleteIndex(nvIndex, locator); +} + +#endif // CC_NV_UndefineSpace \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_UndefineSpaceSpecial.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_UndefineSpaceSpecial.c new file mode 100644 index 000000000..b672a8cfe --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_UndefineSpaceSpecial.c @@ -0,0 +1,71 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "NV_UndefineSpaceSpecial_fp.h" +#include "SessionProcess_fp.h" + +#if CC_NV_UndefineSpaceSpecial // Conditional expansion of this file + +/*(See part 3 specification) +// Delete a NV index that requires policy to delete. +*/ +// Return Type: TPM_RC +// TPM_RC_ATTRIBUTES TPMA_NV_POLICY_DELETE is not SET in the +// Index referenced by 'nvIndex' +TPM_RC +TPM2_NV_UndefineSpaceSpecial( + NV_UndefineSpaceSpecial_In *in // IN: input parameter list + ) +{ + TPM_RC result; + NV_REF locator; + NV_INDEX *nvIndex = NvGetIndexInfo(in->nvIndex, &locator); +// Input Validation + // This operation only applies when the TPMA_NV_POLICY_DELETE attribute is SET + if(!IS_ATTRIBUTE(nvIndex->publicArea.attributes, TPMA_NV, POLICY_DELETE)) + return TPM_RCS_ATTRIBUTES + RC_NV_UndefineSpaceSpecial_nvIndex; +// Internal Data Update + // Call implementation dependent internal routine to delete NV index + result = NvDeleteIndex(nvIndex, locator); + + // If we just removed the index providing the authorization, make sure that the + // authorization session computation is modified so that it doesn't try to + // access the authValue of the just deleted index + if(result == TPM_RC_SUCCESS) + SessionRemoveAssociationToHandle(in->nvIndex); + return result; +} + +#endif // CC_NV_UndefineSpaceSpecial \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_Write.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_Write.c new file mode 100644 index 000000000..673868ad4 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_Write.c @@ -0,0 +1,109 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "NV_Write_fp.h" + +#if CC_NV_Write // Conditional expansion of this file + +/*(See part 3 specification) +// Write to a NV index +*/ +// Return Type: TPM_RC +// TPM_RC_ATTRIBUTES Index referenced by 'nvIndex' has either +// TPMA_NV_BITS, TPMA_NV_COUNTER, or +// TPMA_NV_EVENT attribute SET +// TPM_RC_NV_AUTHORIZATION the authorization was valid but the +// authorizing entity ('authHandle') +// is not allowed to write to the Index +// referenced by 'nvIndex' +// TPM_RC_NV_LOCKED Index referenced by 'nvIndex' is write +// locked +// TPM_RC_NV_RANGE if TPMA_NV_WRITEALL is SET then the write +// is not the size of the Index referenced by +// 'nvIndex'; otherwise, the write extends +// beyond the limits of the Index +// +TPM_RC +TPM2_NV_Write( + NV_Write_In *in // IN: input parameter list + ) +{ + NV_INDEX *nvIndex = NvGetIndexInfo(in->nvIndex, NULL); + TPMA_NV attributes = nvIndex->publicArea.attributes; + TPM_RC result; + +// Input Validation + + // Common access checks, NvWriteAccessCheck() may return TPM_RC_NV_AUTHORIZATION + // or TPM_RC_NV_LOCKED + result = NvWriteAccessChecks(in->authHandle, + in->nvIndex, + attributes); + if(result != TPM_RC_SUCCESS) + return result; + + // Bits index, extend index or counter index may not be updated by + // TPM2_NV_Write + if(IsNvCounterIndex(attributes) + || IsNvBitsIndex(attributes) + || IsNvExtendIndex(attributes)) + return TPM_RC_ATTRIBUTES; + + // Make sure that the offset is not too large + if(in->offset > nvIndex->publicArea.dataSize) + return TPM_RCS_VALUE + RC_NV_Write_offset; + + // Make sure that the selection is within the range of the Index + if(in->data.t.size > (nvIndex->publicArea.dataSize - in->offset)) + return TPM_RC_NV_RANGE; + + // If this index requires a full sized write, make sure that input range is + // full sized. + // Note: if the requested size is the same as the Index data size, then offset + // will have to be zero. Otherwise, the range check above would have failed. + if(IS_ATTRIBUTE(attributes, TPMA_NV, WRITEALL) + && in->data.t.size < nvIndex->publicArea.dataSize) + return TPM_RC_NV_RANGE; + +// Internal Data Update + + // Perform the write. This called routine will SET the TPMA_NV_WRITTEN + // attribute if it has not already been SET. If NV isn't available, an error + // will be returned. + return NvWriteIndexData(nvIndex, in->offset, in->data.t.size, + in->data.t.buffer); +} + +#endif // CC_NV_Write \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_WriteLock.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_WriteLock.c new file mode 100644 index 000000000..ec8d201de --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_WriteLock.c @@ -0,0 +1,91 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "NV_WriteLock_fp.h" + +#if CC_NV_WriteLock // Conditional expansion of this file + +/*(See part 3 specification) +// Set write lock on a NV index +*/ +// Return Type: TPM_RC +// TPM_RC_ATTRIBUTES neither TPMA_NV_WRITEDEFINE nor +// TPMA_NV_WRITE_STCLEAR is SET in Index +// referenced by 'nvIndex' +// TPM_RC_NV_AUTHORIZATION the authorization was valid but the +// authorizing entity ('authHandle') +// is not allowed to write to the Index +// referenced by 'nvIndex' +// +TPM_RC +TPM2_NV_WriteLock( + NV_WriteLock_In *in // IN: input parameter list + ) +{ + TPM_RC result; + NV_REF locator; + NV_INDEX *nvIndex = NvGetIndexInfo(in->nvIndex, &locator); + TPMA_NV nvAttributes = nvIndex->publicArea.attributes; + +// Input Validation: + + // Common access checks, NvWriteAccessCheck() may return TPM_RC_NV_AUTHORIZATION + // or TPM_RC_NV_LOCKED + result = NvWriteAccessChecks(in->authHandle, in->nvIndex, nvAttributes); + if(result != TPM_RC_SUCCESS) + { + if(result == TPM_RC_NV_AUTHORIZATION) + return result; + // If write access failed because the index is already locked, then it is + // no error. + return TPM_RC_SUCCESS; + } + // if neither TPMA_NV_WRITEDEFINE nor TPMA_NV_WRITE_STCLEAR is set, the index + // can not be write-locked + if(!IS_ATTRIBUTE(nvAttributes, TPMA_NV, WRITEDEFINE) + && !IS_ATTRIBUTE(nvAttributes, TPMA_NV, WRITE_STCLEAR)) + return TPM_RCS_ATTRIBUTES + RC_NV_WriteLock_nvIndex; +// Internal Data Update + // Set the WRITELOCK attribute. + // Note: if TPMA_NV_WRITELOCKED were already SET, then the write access check + // above would have failed and this code isn't executed. + SET_ATTRIBUTE(nvAttributes, TPMA_NV, WRITELOCKED); + + // Write index info back + return NvWriteIndexAttributes(nvIndex->publicArea.nvIndex, locator, + nvAttributes); +} + +#endif // CC_NV_WriteLock \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_spt.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_spt.c new file mode 100644 index 000000000..605c343e3 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_spt.c @@ -0,0 +1,163 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +//** Includes +#include "Tpm.h" +#include "NV_spt_fp.h" + +//** Functions + +//*** NvReadAccessChecks() +// Common routine for validating a read +// Used by TPM2_NV_Read, TPM2_NV_ReadLock and TPM2_PolicyNV +// Return Type: TPM_RC +// TPM_RC_NV_AUTHORIZATION autHandle is not allowed to authorize read +// of the index +// TPM_RC_NV_LOCKED Read locked +// TPM_RC_NV_UNINITIALIZED Try to read an uninitialized index +// +TPM_RC +NvReadAccessChecks( + TPM_HANDLE authHandle, // IN: the handle that provided the + // authorization + TPM_HANDLE nvHandle, // IN: the handle of the NV index to be read + TPMA_NV attributes // IN: the attributes of 'nvHandle' + ) +{ + // If data is read locked, returns an error + if(IS_ATTRIBUTE(attributes, TPMA_NV, READLOCKED)) + return TPM_RC_NV_LOCKED; + // If the authorization was provided by the owner or platform, then check + // that the attributes allow the read. If the authorization handle + // is the same as the index, then the checks were made when the authorization + // was checked.. + if(authHandle == TPM_RH_OWNER) + { + // If Owner provided authorization then ONWERWRITE must be SET + if(!IS_ATTRIBUTE(attributes, TPMA_NV, OWNERREAD)) + return TPM_RC_NV_AUTHORIZATION; + } + else if(authHandle == TPM_RH_PLATFORM) + { + // If Platform provided authorization then PPWRITE must be SET + if(!IS_ATTRIBUTE(attributes, TPMA_NV, PPREAD)) + return TPM_RC_NV_AUTHORIZATION; + } + // If neither Owner nor Platform provided authorization, make sure that it was + // provided by this index. + else if(authHandle != nvHandle) + return TPM_RC_NV_AUTHORIZATION; + +// If the index has not been written, then the value cannot be read +// NOTE: This has to come after other access checks to make sure that +// the proper authorization is given to TPM2_NV_ReadLock() + if(!IS_ATTRIBUTE(attributes, TPMA_NV, WRITTEN)) + return TPM_RC_NV_UNINITIALIZED; + + return TPM_RC_SUCCESS; +} + +//*** NvWriteAccessChecks() +// Common routine for validating a write +// Used by TPM2_NV_Write, TPM2_NV_Increment, TPM2_SetBits, and TPM2_NV_WriteLock +// Return Type: TPM_RC +// TPM_RC_NV_AUTHORIZATION Authorization fails +// TPM_RC_NV_LOCKED Write locked +// +TPM_RC +NvWriteAccessChecks( + TPM_HANDLE authHandle, // IN: the handle that provided the + // authorization + TPM_HANDLE nvHandle, // IN: the handle of the NV index to be written + TPMA_NV attributes // IN: the attributes of 'nvHandle' + ) +{ + // If data is write locked, returns an error + if(IS_ATTRIBUTE(attributes, TPMA_NV, WRITELOCKED)) + return TPM_RC_NV_LOCKED; + // If the authorization was provided by the owner or platform, then check + // that the attributes allow the write. If the authorization handle + // is the same as the index, then the checks were made when the authorization + // was checked.. + if(authHandle == TPM_RH_OWNER) + { + // If Owner provided authorization then ONWERWRITE must be SET + if(!IS_ATTRIBUTE(attributes, TPMA_NV, OWNERWRITE)) + return TPM_RC_NV_AUTHORIZATION; + } + else if(authHandle == TPM_RH_PLATFORM) + { + // If Platform provided authorization then PPWRITE must be SET + if(!IS_ATTRIBUTE(attributes, TPMA_NV, PPWRITE)) + return TPM_RC_NV_AUTHORIZATION; + } + // If neither Owner nor Platform provided authorization, make sure that it was + // provided by this index. + else if(authHandle != nvHandle) + return TPM_RC_NV_AUTHORIZATION; + return TPM_RC_SUCCESS; +} + +//*** NvClearOrderly() +// This function is used to cause gp.orderlyState to be cleared to the +// non-orderly state. +TPM_RC +NvClearOrderly( + void + ) +{ + if(gp.orderlyState < SU_DA_USED_VALUE) + RETURN_IF_NV_IS_NOT_AVAILABLE; + g_clearOrderly = TRUE; + return TPM_RC_SUCCESS; +} + +//*** NvIsPinPassIndex() +// Function to check to see if an NV index is a PIN Pass Index +// Return Type: BOOL +// TRUE(1) is pin pass +// FALSE(0) is not pin pass +BOOL +NvIsPinPassIndex( + TPM_HANDLE index // IN: Handle to check + ) +{ + if(HandleGetType(index) == TPM_HT_NV_INDEX) + { + NV_INDEX *nvIndex = NvGetIndexInfo(index, NULL); + + return IsNvPinPassIndex(nvIndex->publicArea.attributes); + } + return FALSE; +} diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/ActivateCredential.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/ActivateCredential.c new file mode 100644 index 000000000..ae644ce02 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/ActivateCredential.c @@ -0,0 +1,107 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "ActivateCredential_fp.h" + +#if CC_ActivateCredential // Conditional expansion of this file + +#include "Object_spt_fp.h" + +/*(See part 3 specification) +// Activate Credential with an object +*/ +// Return Type: TPM_RC +// TPM_RC_ATTRIBUTES 'keyHandle' does not reference a decryption key +// TPM_RC_ECC_POINT 'secret' is invalid (when 'keyHandle' is an ECC key) +// TPM_RC_INSUFFICIENT 'secret' is invalid (when 'keyHandle' is an ECC key) +// TPM_RC_INTEGRITY 'credentialBlob' fails integrity test +// TPM_RC_NO_RESULT 'secret' is invalid (when 'keyHandle' is an ECC key) +// TPM_RC_SIZE 'secret' size is invalid or the 'credentialBlob' +// does not unmarshal correctly +// TPM_RC_TYPE 'keyHandle' does not reference an asymmetric key. +// TPM_RC_VALUE 'secret' is invalid (when 'keyHandle' is an RSA key) +TPM_RC +TPM2_ActivateCredential( + ActivateCredential_In *in, // IN: input parameter list + ActivateCredential_Out *out // OUT: output parameter list + ) +{ + TPM_RC result = TPM_RC_SUCCESS; + OBJECT *object; // decrypt key + OBJECT *activateObject; // key associated with credential + TPM2B_DATA data; // credential data + +// Input Validation + + // Get decrypt key pointer + object = HandleToObject(in->keyHandle); + + // Get certificated object pointer + activateObject = HandleToObject(in->activateHandle); + + // input decrypt key must be an asymmetric, restricted decryption key + if(!CryptIsAsymAlgorithm(object->publicArea.type) + || !IS_ATTRIBUTE(object->publicArea.objectAttributes, TPMA_OBJECT, decrypt) + || !IS_ATTRIBUTE(object->publicArea.objectAttributes, + TPMA_OBJECT, restricted)) + return TPM_RCS_TYPE + RC_ActivateCredential_keyHandle; + +// Command output + + // Decrypt input credential data via asymmetric decryption. A + // TPM_RC_VALUE, TPM_RC_KEY or unmarshal errors may be returned at this + // point + result = CryptSecretDecrypt(object, NULL, IDENTITY_STRING, &in->secret, &data); + if(result != TPM_RC_SUCCESS) + { + if(result == TPM_RC_KEY) + return TPM_RC_FAILURE; + return RcSafeAddToResult(result, RC_ActivateCredential_secret); + } + + // Retrieve secret data. A TPM_RC_INTEGRITY error or unmarshal + // errors may be returned at this point + result = CredentialToSecret(&in->credentialBlob.b, + &activateObject->name.b, + &data.b, + object, + &out->certInfo); + if(result != TPM_RC_SUCCESS) + return RcSafeAddToResult(result, RC_ActivateCredential_credentialBlob); + + return TPM_RC_SUCCESS; +} + +#endif // CC_ActivateCredential \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/Create.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/Create.c new file mode 100644 index 000000000..392ec7863 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/Create.c @@ -0,0 +1,155 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "Object_spt_fp.h" +#include "Create_fp.h" + +#if CC_Create // Conditional expansion of this file + +/*(See part 3 specification) +// Create a regular object +*/ +// Return Type: TPM_RC +// TPM_RC_ATTRIBUTES 'sensitiveDataOrigin' is CLEAR when 'sensitive.data' +// is an Empty Buffer, or is SET when 'sensitive.data' is +// not empty; +// 'fixedTPM', 'fixedParent', or 'encryptedDuplication' +// attributes are inconsistent between themselves or with +// those of the parent object; +// inconsistent 'restricted', 'decrypt' and 'sign' +// attributes; +// attempt to inject sensitive data for an asymmetric +// key; +// TPM_RC_HASH non-duplicable storage key and its parent have +// different name algorithm +// TPM_RC_KDF incorrect KDF specified for decrypting keyed hash +// object +// TPM_RC_KEY invalid key size values in an asymmetric key public +// area or a provided symmetric key has a value that is +// not allowed +// TPM_RC_KEY_SIZE key size in public area for symmetric key differs from +// the size in the sensitive creation area; may also be +// returned if the TPM does not allow the key size to be +// used for a Storage Key +// TPM_RC_OBJECT_MEMORY a free slot is not available as scratch memory for +// object creation +// TPM_RC_RANGE the exponent value of an RSA key is not supported. +// TPM_RC_SCHEME inconsistent attributes 'decrypt', 'sign', or +// 'restricted' and key's scheme ID; or hash algorithm is +// inconsistent with the scheme ID for keyed hash object +// TPM_RC_SIZE size of public authPolicy or sensitive authValue does +// not match digest size of the name algorithm +// sensitive data size for the keyed hash object is +// larger than is allowed for the scheme +// TPM_RC_SYMMETRIC a storage key with no symmetric algorithm specified; +// or non-storage key with symmetric algorithm different +// from ALG_NULL +// TPM_RC_TYPE unknown object type; +// 'parentHandle' does not reference a restricted +// decryption key in the storage hierarchy with both +// public and sensitive portion loaded +// TPM_RC_VALUE exponent is not prime or could not find a prime using +// the provided parameters for an RSA key; +// unsupported name algorithm for an ECC key +// TPM_RC_OBJECT_MEMORY there is no free slot for the object +TPM_RC +TPM2_Create( + Create_In *in, // IN: input parameter list + Create_Out *out // OUT: output parameter list + ) +{ + TPM_RC result = TPM_RC_SUCCESS; + OBJECT *parentObject; + OBJECT *newObject; + TPMT_PUBLIC *publicArea; + +// Input Validation + parentObject = HandleToObject(in->parentHandle); + pAssert(parentObject != NULL); + + // Does parent have the proper attributes? + if(!ObjectIsParent(parentObject)) + return TPM_RCS_TYPE + RC_Create_parentHandle; + + // Get a slot for the creation + newObject = FindEmptyObjectSlot(NULL); + if(newObject == NULL) + return TPM_RC_OBJECT_MEMORY; + // If the TPM2B_PUBLIC was passed as a structure, marshal it into is canonical + // form for processing + + // to save typing. + publicArea = &newObject->publicArea; + + // Copy the input structure to the allocated structure + *publicArea = in->inPublic.publicArea; + + // Check attributes in input public area. CreateChecks() checks the things that + // are unique to creation and then validates the attributes and values that are + // common to create and load. + result = CreateChecks(parentObject, publicArea, + in->inSensitive.sensitive.data.t.size); + if(result != TPM_RC_SUCCESS) + return RcSafeAddToResult(result, RC_Create_inPublic); + // Clean up the authValue if necessary + if(!AdjustAuthSize(&in->inSensitive.sensitive.userAuth, publicArea->nameAlg)) + return TPM_RCS_SIZE + RC_Create_inSensitive; + +// Command Output + // Create the object using the default TPM random-number generator + result = CryptCreateObject(newObject, &in->inSensitive.sensitive, NULL); + if(result != TPM_RC_SUCCESS) + return result; + // Fill in creation data + FillInCreationData(in->parentHandle, publicArea->nameAlg, + &in->creationPCR, &in->outsideInfo, + &out->creationData, &out->creationHash); + + // Compute creation ticket + TicketComputeCreation(EntityGetHierarchy(in->parentHandle), &newObject->name, + &out->creationHash, &out->creationTicket); + + // Prepare output private data from sensitive + SensitiveToPrivate(&newObject->sensitive, &newObject->name, parentObject, + publicArea->nameAlg, + &out->outPrivate); + + // Finish by copying the remaining return values + out->outPublic.publicArea = newObject->publicArea; + + return TPM_RC_SUCCESS; +} + +#endif // CC_Create \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/CreateLoaded.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/CreateLoaded.c new file mode 100644 index 000000000..d58a3cd78 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/CreateLoaded.c @@ -0,0 +1,221 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "CreateLoaded_fp.h" + +#if CC_CreateLoaded // Conditional expansion of this file + +/*(See part 3 of specification) + * Create and load any type of key, including a temporary key. + * The input template is an marshaled public area rather than an unmarshaled one as + * used in Create and CreatePrimary. This is so that the label and context that + * could be in the template can be processed without changing the formats for the + * calls to Create and CreatePrimary. +*/ +// Return Type: TPM_RC +// TPM_RC_ATTRIBUTES 'sensitiveDataOrigin' is CLEAR when 'sensitive.data' +// is an Empty Buffer; +// 'fixedTPM', 'fixedParent', or 'encryptedDuplication' +// attributes are inconsistent between themselves or with +// those of the parent object; +// inconsistent 'restricted', 'decrypt' and 'sign' +// attributes; +// attempt to inject sensitive data for an asymmetric +// key; +// attempt to create a symmetric cipher key that is not +// a decryption key +// TPM_RC_KDF incorrect KDF specified for decrypting keyed hash +// object +// TPM_RC_KEY the value of a provided symmetric key is not allowed +// TPM_RC_OBJECT_MEMORY there is no free slot for the object +// TPM_RC_SCHEME inconsistent attributes 'decrypt', 'sign', +// 'restricted' and key's scheme ID; or hash algorithm is +// inconsistent with the scheme ID for keyed hash object +// TPM_RC_SIZE size of public authorization policy or sensitive +// authorization value does not match digest size of the +// name algorithm sensitive data size for the keyed hash +// object is larger than is allowed for the scheme +// TPM_RC_SYMMETRIC a storage key with no symmetric algorithm specified; +// or non-storage key with symmetric algorithm different +// from TPM_ALG_NULL +// TPM_RC_TYPE cannot create the object of the indicated type +// (usually only occurs if trying to derive an RSA key). +TPM_RC +TPM2_CreateLoaded( + CreateLoaded_In *in, // IN: input parameter list + CreateLoaded_Out *out // OUT: output parameter list + ) +{ + TPM_RC result = TPM_RC_SUCCESS; + OBJECT *parent = HandleToObject(in->parentHandle); + OBJECT *newObject; + BOOL derivation; + TPMT_PUBLIC *publicArea; + RAND_STATE randState; + RAND_STATE *rand = &randState; + TPMS_DERIVE labelContext; + +// Input Validation + + // How the public area is unmarshaled is determined by the parent, so + // see if parent is a derivation parent + derivation = (parent != NULL && parent->attributes.derivation); + + // If the parent is an object, then make sure that it is either a parent or + // derivation parent + if(parent != NULL && !parent->attributes.isParent && !derivation) + return TPM_RCS_TYPE + RC_CreateLoaded_parentHandle; + + // Get a spot in which to create the newObject + newObject = FindEmptyObjectSlot(&out->objectHandle); + if(newObject == NULL) + return TPM_RC_OBJECT_MEMORY; + + // Do this to save typing + publicArea = &newObject->publicArea; + + // Unmarshal the template into the object space. TPM2_Create() and + // TPM2_CreatePrimary() have the publicArea unmarshaled by CommandDispatcher. + // This command is different because of an unfortunate property of the + // unique field of an ECC key. It is a structure rather than a single TPM2B. If + // if had been a TPM2B, then the label and context could be within a TPM2B and + // unmarshaled like other public areas. Since it is not, this command needs its + // on template that is a TPM2B that is unmarshaled as a BYTE array with a + // its own unmarshal function. + result = UnmarshalToPublic(publicArea, &in->inPublic, derivation, + &labelContext); + if(result != TPM_RC_SUCCESS) + return result + RC_CreateLoaded_inPublic; + + // Validate that the authorization size is appropriate + if(!AdjustAuthSize(&in->inSensitive.sensitive.userAuth, publicArea->nameAlg)) + return TPM_RCS_SIZE + RC_CreateLoaded_inSensitive; + + // Command output + if(derivation) + { + TPMT_KEYEDHASH_SCHEME *scheme; + scheme = &parent->publicArea.parameters.keyedHashDetail.scheme; + + // SP800-108 is the only KDF supported by this implementation and there is + // no default hash algorithm. + pAssert(scheme->details.xor.hashAlg != TPM_ALG_NULL + && scheme->details.xor.kdf == TPM_ALG_KDF1_SP800_108); + // Don't derive RSA keys + if(publicArea->type == ALG_RSA_VALUE) + return TPM_RCS_TYPE + RC_CreateLoaded_inPublic; + // sensitiveDataOrigin has to be CLEAR in a derived object. Since this + // is specific to a derived object, it is checked here. + if(IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, + sensitiveDataOrigin)) + return TPM_RCS_ATTRIBUTES; + // Check the reset of the attributes + result = PublicAttributesValidation(parent, publicArea); + if(result != TPM_RC_SUCCESS) + return RcSafeAddToResult(result, RC_CreateLoaded_inPublic); + // Process the template and sensitive areas to get the actual 'label' and + // 'context' values to be used for this derivation. + result = SetLabelAndContext(&labelContext, &in->inSensitive.sensitive.data); + if(result != TPM_RC_SUCCESS) + return result; + // Set up the KDF for object generation + DRBG_InstantiateSeededKdf((KDF_STATE *)rand, + scheme->details.xor.hashAlg, + scheme->details.xor.kdf, + &parent->sensitive.sensitive.bits.b, + &labelContext.label.b, + &labelContext.context.b, + TPM_MAX_DERIVATION_BITS); + // Clear the sensitive size so that the creation functions will not try + // to use this value. + in->inSensitive.sensitive.data.t.size = 0; + } + else + { + // Check attributes in input public area. CreateChecks() checks the things + // that are unique to creation and then validates the attributes and values + // that are common to create and load. + result = CreateChecks(parent, publicArea, + in->inSensitive.sensitive.data.t.size); + if(result != TPM_RC_SUCCESS) + return RcSafeAddToResult(result, RC_CreateLoaded_inPublic); + // Creating a primary object + if(parent == NULL) + { + TPM2B_NAME name; + newObject->attributes.primary = SET; + if(in->parentHandle == TPM_RH_ENDORSEMENT) + newObject->attributes.epsHierarchy = SET; + // If so, use the primary seed and the digest of the template + // to seed the DRBG + result = DRBG_InstantiateSeeded((DRBG_STATE *)rand, + &HierarchyGetPrimarySeed(in->parentHandle)->b, + PRIMARY_OBJECT_CREATION, + (TPM2B *)PublicMarshalAndComputeName(publicArea, + &name), + &in->inSensitive.sensitive.data.b); + if(result != TPM_RC_SUCCESS) + return result; + } + else + { + // This is an ordinary object so use the normal random number generator + rand = NULL; + } + } +// Internal data update + // Create the object + result = CryptCreateObject(newObject, &in->inSensitive.sensitive, rand); + if(result != TPM_RC_SUCCESS) + return result; + // if this is not a Primary key and not a derived key, then return the sensitive + // area + if(parent != NULL && !derivation) + // Prepare output private data from sensitive + SensitiveToPrivate(&newObject->sensitive, &newObject->name, + parent, newObject->publicArea.nameAlg, + &out->outPrivate); + else + out->outPrivate.t.size = 0; + // Set the remaining return values + out->outPublic.publicArea = newObject->publicArea; + out->name = newObject->name; + // Set the remaining attributes for a loaded object + ObjectSetLoadedAttributes(newObject, in->parentHandle); + + return result; +} + +#endif // CC_CreateLoaded \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/Load.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/Load.c new file mode 100644 index 000000000..86cea9685 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/Load.c @@ -0,0 +1,121 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "Load_fp.h" + +#if CC_Load // Conditional expansion of this file + +#include "Object_spt_fp.h" + +/*(See part 3 specification) +// Load an ordinary or temporary object +*/ +// Return Type: TPM_RC +// TPM_RC_ATTRIBUTES 'inPulblic' attributes are not allowed with selected +// parent +// TPM_RC_BINDING 'inPrivate' and 'inPublic' are not +// cryptographically bound +// TPM_RC_HASH incorrect hash selection for signing key or +// the 'nameAlg' for 'inPubic is not valid +// TPM_RC_INTEGRITY HMAC on 'inPrivate' was not valid +// TPM_RC_KDF KDF selection not allowed +// TPM_RC_KEY the size of the object's 'unique' field is not +// consistent with the indicated size in the object's +// parameters +// TPM_RC_OBJECT_MEMORY no available object slot +// TPM_RC_SCHEME the signing scheme is not valid for the key +// TPM_RC_SENSITIVE the 'inPrivate' did not unmarshal correctly +// TPM_RC_SIZE 'inPrivate' missing, or 'authPolicy' size for +// 'inPublic' or is not valid +// TPM_RC_SYMMETRIC symmetric algorithm not provided when required +// TPM_RC_TYPE 'parentHandle' is not a storage key, or the object +// to load is a storage key but its parameters do not +// match the parameters of the parent. +// TPM_RC_VALUE decryption failure +TPM_RC +TPM2_Load( + Load_In *in, // IN: input parameter list + Load_Out *out // OUT: output parameter list + ) +{ + TPM_RC result = TPM_RC_SUCCESS; + TPMT_SENSITIVE sensitive; + OBJECT *parentObject; + OBJECT *newObject; + +// Input Validation + // Don't get invested in loading if there is no place to put it. + newObject = FindEmptyObjectSlot(&out->objectHandle); + if(newObject == NULL) + return TPM_RC_OBJECT_MEMORY; + + if(in->inPrivate.t.size == 0) + return TPM_RCS_SIZE + RC_Load_inPrivate; + + parentObject = HandleToObject(in->parentHandle); + pAssert(parentObject != NULL); + // Is the object that is being used as the parent actually a parent. + if(!ObjectIsParent(parentObject)) + return TPM_RCS_TYPE + RC_Load_parentHandle; + + // Compute the name of object. If there isn't one, it is because the nameAlg is + // not valid. + PublicMarshalAndComputeName(&in->inPublic.publicArea, &out->name); + if(out->name.t.size == 0) + return TPM_RCS_HASH + RC_Load_inPublic; + + // Retrieve sensitive data. + result = PrivateToSensitive(&in->inPrivate.b, &out->name.b, parentObject, + in->inPublic.publicArea.nameAlg, + &sensitive); + if(result != TPM_RC_SUCCESS) + return RcSafeAddToResult(result, RC_Load_inPrivate); + +// Internal Data Update + // Load and validate object + result = ObjectLoad(newObject, parentObject, + &in->inPublic.publicArea, &sensitive, + RC_Load_inPublic, RC_Load_inPrivate, + &out->name); + if(result == TPM_RC_SUCCESS) + { + // Set the common OBJECT attributes for a loaded object. + ObjectSetLoadedAttributes(newObject, in->parentHandle); + } + return result; + +} + +#endif // CC_Load \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/LoadExternal.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/LoadExternal.c new file mode 100644 index 000000000..61d59b2b1 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/LoadExternal.c @@ -0,0 +1,132 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "LoadExternal_fp.h" + +#if CC_LoadExternal // Conditional expansion of this file + +#include "Object_spt_fp.h" + +/*(See part 3 specification) +// to load an object that is not a Protected Object into the public portion +// of an object into the TPM. The command allows loading of a public area or +// both a public and sensitive area +*/ +// Return Type: TPM_RC +// TPM_RC_ATTRIBUTES 'fixedParent", 'fixedTPM', and 'restricted' must +// be CLEAR if sensitive portion of an object is loaded +// TPM_RC_BINDING the 'inPublic' and 'inPrivate' structures are not +// cryptographically bound +// TPM_RC_HASH incorrect hash selection for signing key +// TPM_RC_HIERARCHY 'hierarchy' is turned off, or only NULL hierarchy +// is allowed when loading public and private parts +// of an object +// TPM_RC_KDF incorrect KDF selection for decrypting +// keyedHash object +// TPM_RC_KEY the size of the object's 'unique' field is not +// consistent with the indicated size in the object's +// parameters +// TPM_RC_OBJECT_MEMORY if there is no free slot for an object +// TPM_RC_ECC_POINT for a public-only ECC key, the ECC point is not +// on the curve +// TPM_RC_SCHEME the signing scheme is not valid for the key +// TPM_RC_SIZE 'authPolicy' is not zero and is not the size of a +// digest produced by the object's 'nameAlg' +// TPM_RH_NULL hierarchy +// TPM_RC_SYMMETRIC symmetric algorithm not provided when required +// TPM_RC_TYPE 'inPublic' and 'inPrivate' are not the same type +TPM_RC +TPM2_LoadExternal( + LoadExternal_In *in, // IN: input parameter list + LoadExternal_Out *out // OUT: output parameter list + ) +{ + TPM_RC result; + OBJECT *object; + TPMT_SENSITIVE *sensitive = NULL; + +// Input Validation + // Don't get invested in loading if there is no place to put it. + object = FindEmptyObjectSlot(&out->objectHandle); + if(object == NULL) + return TPM_RC_OBJECT_MEMORY; + + + // If the hierarchy to be associated with this object is turned off, the object + // cannot be loaded. + if(!HierarchyIsEnabled(in->hierarchy)) + return TPM_RCS_HIERARCHY + RC_LoadExternal_hierarchy; + + // For loading an object with both public and sensitive + if(in->inPrivate.size != 0) + { + // An external object with a sensitive area can only be loaded in the + // NULL hierarchy + if(in->hierarchy != TPM_RH_NULL) + return TPM_RCS_HIERARCHY + RC_LoadExternal_hierarchy; + // An external object with a sensitive area must have fixedTPM == CLEAR + // fixedParent == CLEAR so that it does not appear to be a key created by + // this TPM. + if(IS_ATTRIBUTE(in->inPublic.publicArea.objectAttributes, TPMA_OBJECT, + fixedTPM) + || IS_ATTRIBUTE(in->inPublic.publicArea.objectAttributes, TPMA_OBJECT, + fixedParent) + || IS_ATTRIBUTE(in->inPublic.publicArea.objectAttributes, TPMA_OBJECT, + restricted)) + return TPM_RCS_ATTRIBUTES + RC_LoadExternal_inPublic; + + // Have sensitive point to something other than NULL so that object + // initialization will load the sensitive part too + sensitive = &in->inPrivate.sensitiveArea; + } + + // Need the name to initialize the object structure + PublicMarshalAndComputeName(&in->inPublic.publicArea, &out->name); + + // Load and validate key + result = ObjectLoad(object, NULL, + &in->inPublic.publicArea, sensitive, + RC_LoadExternal_inPublic, RC_LoadExternal_inPrivate, + &out->name); + if(result == TPM_RC_SUCCESS) + { + object->attributes.external = SET; + // Set the common OBJECT attributes for a loaded object. + ObjectSetLoadedAttributes(object, in->hierarchy); + } + return result; +} + +#endif // CC_LoadExternal \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/MakeCredential.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/MakeCredential.c new file mode 100644 index 000000000..44e5e99ab --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/MakeCredential.c @@ -0,0 +1,96 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "MakeCredential_fp.h" + +#if CC_MakeCredential // Conditional expansion of this file + +#include "Object_spt_fp.h" + +/*(See part 3 specification) +// Make Credential with an object +*/ +// Return Type: TPM_RC +// TPM_RC_KEY 'handle' referenced an ECC key that has a unique +// field that is not a point on the curve of the key +// TPM_RC_SIZE 'credential' is larger than the digest size of +// Name algorithm of 'handle' +// TPM_RC_TYPE 'handle' does not reference an asymmetric +// decryption key +TPM_RC +TPM2_MakeCredential( + MakeCredential_In *in, // IN: input parameter list + MakeCredential_Out *out // OUT: output parameter list + ) +{ + TPM_RC result = TPM_RC_SUCCESS; + + OBJECT *object; + TPM2B_DATA data; + +// Input Validation + + // Get object pointer + object = HandleToObject(in->handle); + + // input key must be an asymmetric, restricted decryption key + // NOTE: Needs to be restricted to have a symmetric value. + if(!CryptIsAsymAlgorithm(object->publicArea.type) + || !IS_ATTRIBUTE(object->publicArea.objectAttributes, TPMA_OBJECT, decrypt) + || !IS_ATTRIBUTE(object->publicArea.objectAttributes, + TPMA_OBJECT, restricted)) + return TPM_RCS_TYPE + RC_MakeCredential_handle; + + // The credential information may not be larger than the digest size used for + // the Name of the key associated with handle. + if(in->credential.t.size > CryptHashGetDigestSize(object->publicArea.nameAlg)) + return TPM_RCS_SIZE + RC_MakeCredential_credential; + +// Command Output + + // Make encrypt key and its associated secret structure. + out->secret.t.size = sizeof(out->secret.t.secret); + result = CryptSecretEncrypt(object, IDENTITY_STRING, &data, &out->secret); + if(result != TPM_RC_SUCCESS) + return result; + + // Prepare output credential data from secret + SecretToCredential(&in->credential, &in->objectName.b, &data.b, + object, &out->credentialBlob); + + return TPM_RC_SUCCESS; +} + +#endif // CC_MakeCredential \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/ObjectChangeAuth.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/ObjectChangeAuth.c new file mode 100644 index 000000000..d339b83fd --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/ObjectChangeAuth.c @@ -0,0 +1,93 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "ObjectChangeAuth_fp.h" + +#if CC_ObjectChangeAuth // Conditional expansion of this file + +#include "Object_spt_fp.h" + +/*(See part 3 specification) +// Create an object +*/ +// Return Type: TPM_RC +// TPM_RC_SIZE 'newAuth' is larger than the size of the digest +// of the Name algorithm of 'objectHandle' +// TPM_RC_TYPE the key referenced by 'parentHandle' is not the +// parent of the object referenced by 'objectHandle'; +// or 'objectHandle' is a sequence object. +TPM_RC +TPM2_ObjectChangeAuth( + ObjectChangeAuth_In *in, // IN: input parameter list + ObjectChangeAuth_Out *out // OUT: output parameter list + ) +{ + TPMT_SENSITIVE sensitive; + + OBJECT *object = HandleToObject(in->objectHandle); + TPM2B_NAME QNCompare; + +// Input Validation + + // Can not change authorization on sequence object + if(ObjectIsSequence(object)) + return TPM_RCS_TYPE + RC_ObjectChangeAuth_objectHandle; + + // Make sure that the authorization value is consistent with the nameAlg + if(!AdjustAuthSize(&in->newAuth, object->publicArea.nameAlg)) + return TPM_RCS_SIZE + RC_ObjectChangeAuth_newAuth; + + // Parent handle should be the parent of object handle. In this + // implementation we verify this by checking the QN of object. Other + // implementation may choose different method to verify this attribute. + ComputeQualifiedName(in->parentHandle, + object->publicArea.nameAlg, + &object->name, &QNCompare); + if(!MemoryEqual2B(&object->qualifiedName.b, &QNCompare.b)) + return TPM_RCS_TYPE + RC_ObjectChangeAuth_parentHandle; + +// Command Output + // Prepare the sensitive area with the new authorization value + sensitive = object->sensitive; + sensitive.authValue = in->newAuth; + + // Protect the sensitive area + SensitiveToPrivate(&sensitive, &object->name, HandleToObject(in->parentHandle), + object->publicArea.nameAlg, + &out->outPrivate); + return TPM_RC_SUCCESS; +} + +#endif // CC_ObjectChangeAuth \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/Object_spt.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/Object_spt.c new file mode 100644 index 000000000..3de47904b --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/Object_spt.c @@ -0,0 +1,1584 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +//** Includes +#include "Tpm.h" +#include "Object_spt_fp.h" + +//** Local Functions + +//*** GetIV2BSize() +// Get the size of TPM2B_IV in canonical form that will be append to the start of +// the sensitive data. It includes both size of size field and size of iv data +static UINT16 +GetIV2BSize( + OBJECT *protector // IN: the protector handle + ) +{ + TPM_ALG_ID symAlg; + UINT16 keyBits; + + // Determine the symmetric algorithm and size of key + if(protector == NULL) + { + // Use the context encryption algorithm and key size + symAlg = CONTEXT_ENCRYPT_ALG; + keyBits = CONTEXT_ENCRYPT_KEY_BITS; + } + else + { + symAlg = protector->publicArea.parameters.asymDetail.symmetric.algorithm; + keyBits = protector->publicArea.parameters.asymDetail.symmetric.keyBits.sym; + } + + // The IV size is a UINT16 size field plus the block size of the symmetric + // algorithm + return sizeof(UINT16) + CryptGetSymmetricBlockSize(symAlg, keyBits); +} + +//*** ComputeProtectionKeyParms() +// This function retrieves the symmetric protection key parameters for +// the sensitive data +// The parameters retrieved from this function include encryption algorithm, +// key size in bit, and a TPM2B_SYM_KEY containing the key material as well as +// the key size in bytes +// This function is used for any action that requires encrypting or decrypting of +// the sensitive area of an object or a credential blob +// +/*(See part 1 specification) + KDF for generating the protection key material: + KDFa(hashAlg, seed, "STORAGE", Name, NULL , bits) +where + hashAlg for a Primary Object, an algorithm chosen by the TPM vendor + for derivations from Primary Seeds. For all other objects, + the nameAlg of the object's parent. + seed for a Primary Object in the Platform Hierarchy, the PPS. + For Primary Objects in either Storage or Endorsement Hierarchy, + the SPS. For Temporary Objects, the context encryption seed. + For all other objects, the symmetric seed value in the + sensitive area of the object's parent. + STORAGE label to differentiate use of KDFa() (see 4.7) + Name the Name of the object being encrypted + bits the number of bits required for a symmetric key and IV +*/ +// Return Type: void +static void +ComputeProtectionKeyParms( + OBJECT *protector, // IN: the protector object + TPM_ALG_ID hashAlg, // IN: hash algorithm for KDFa + TPM2B *name, // IN: name of the object + TPM2B *seedIn, // IN: optional seed for duplication blob. + // For non duplication blob, this + // parameter should be NULL + TPM_ALG_ID *symAlg, // OUT: the symmetric algorithm + UINT16 *keyBits, // OUT: the symmetric key size in bits + TPM2B_SYM_KEY *symKey // OUT: the symmetric key + ) +{ + const TPM2B *seed = seedIn; + + // Determine the algorithms for the KDF and the encryption/decryption + // For TPM_RH_NULL, using context settings + if(protector == NULL) + { + // Use the context encryption algorithm and key size + *symAlg = CONTEXT_ENCRYPT_ALG; + symKey->t.size = CONTEXT_ENCRYPT_KEY_BYTES; + *keyBits = CONTEXT_ENCRYPT_KEY_BITS; + } + else + { + TPMT_SYM_DEF_OBJECT *symDef; + symDef = &protector->publicArea.parameters.asymDetail.symmetric; + *symAlg = symDef->algorithm; + *keyBits = symDef->keyBits.sym; + symKey->t.size = (*keyBits + 7) / 8; + } + // Get seed for KDF + if(seed == NULL) + seed = GetSeedForKDF(protector); + // KDFa to generate symmetric key and IV value + CryptKDFa(hashAlg, seed, STORAGE_KEY, name, NULL, + symKey->t.size * 8, symKey->t.buffer, NULL, FALSE); + return; +} + +//*** ComputeOuterIntegrity() +// The sensitive area parameter is a buffer that holds a space for +// the integrity value and the marshaled sensitive area. The caller should +// skip over the area set aside for the integrity value +// and compute the hash of the remainder of the object. +// The size field of sensitive is in unmarshaled form and the +// sensitive area contents is an array of bytes. +/*(See part 1 specification) + KDFa(hashAlg, seed, "INTEGRITY", NULL, NULL , bits) (38) +where + hashAlg for a Primary Object, the nameAlg of the object. For all other + objects the nameAlg of the object's parent. + seed for a Primary Object in the Platform Hierarchy, the PPS. For + Primary Objects in either Storage or Endorsement Hierarchy, + the SPS. For a Temporary Object, the context encryption key. + For all other objects, the symmetric seed value in the sensitive + area of the object's parent. + "INTEGRITY" a value used to differentiate the uses of the KDF. + bits the number of bits in the digest produced by hashAlg. +Key is then used in the integrity computation. + HMACnameAlg(HMACkey, encSensitive || Name ) +where + HMACnameAlg() the HMAC function using nameAlg of the object's parent + HMACkey value derived from the parent symmetric protection value + encSensitive symmetrically encrypted sensitive area + Name the Name of the object being protected +*/ +// Return Type: void +static void +ComputeOuterIntegrity( + TPM2B *name, // IN: the name of the object + OBJECT *protector, // IN: the object that + // provides protection. For an object, + // it is a parent. For a credential, it + // is the encrypt object. For + // a Temporary Object, it is NULL + TPMI_ALG_HASH hashAlg, // IN: algorithm to use for integrity + TPM2B *seedIn, // IN: an external seed may be provided for + // duplication blob. For non duplication + // blob, this parameter should be NULL + UINT32 sensitiveSize, // IN: size of the marshaled sensitive data + BYTE *sensitiveData, // IN: sensitive area + TPM2B_DIGEST *integrity // OUT: integrity + ) +{ + HMAC_STATE hmacState; + TPM2B_DIGEST hmacKey; + const TPM2B *seed = seedIn; +// + // Get seed for KDF + if(seed == NULL) + seed = GetSeedForKDF(protector); + // Determine the HMAC key bits + hmacKey.t.size = CryptHashGetDigestSize(hashAlg); + + // KDFa to generate HMAC key + CryptKDFa(hashAlg, seed, INTEGRITY_KEY, NULL, NULL, + hmacKey.t.size * 8, hmacKey.t.buffer, NULL, FALSE); + // Start HMAC and get the size of the digest which will become the integrity + integrity->t.size = CryptHmacStart2B(&hmacState, hashAlg, &hmacKey.b); + + // Adding the marshaled sensitive area to the integrity value + CryptDigestUpdate(&hmacState.hashState, sensitiveSize, sensitiveData); + + // Adding name + CryptDigestUpdate2B(&hmacState.hashState, name); + + // Compute HMAC + CryptHmacEnd2B(&hmacState, &integrity->b); + + return; +} + +//*** ComputeInnerIntegrity() +// This function computes the integrity of an inner wrap +static void +ComputeInnerIntegrity( + TPM_ALG_ID hashAlg, // IN: hash algorithm for inner wrap + TPM2B *name, // IN: the name of the object + UINT16 dataSize, // IN: the size of sensitive data + BYTE *sensitiveData, // IN: sensitive data + TPM2B_DIGEST *integrity // OUT: inner integrity + ) +{ + HASH_STATE hashState; +// + // Start hash and get the size of the digest which will become the integrity + integrity->t.size = CryptHashStart(&hashState, hashAlg); + + // Adding the marshaled sensitive area to the integrity value + CryptDigestUpdate(&hashState, dataSize, sensitiveData); + + // Adding name + CryptDigestUpdate2B(&hashState, name); + + // Compute hash + CryptHashEnd2B(&hashState, &integrity->b); + + return; +} + +//*** ProduceInnerIntegrity() +// This function produces an inner integrity for regular private, credential or +// duplication blob +// It requires the sensitive data being marshaled to the innerBuffer, with the +// leading bytes reserved for integrity hash. It assume the sensitive data +// starts at address (innerBuffer + integrity size). +// This function integrity at the beginning of the inner buffer +// It returns the total size of buffer with the inner wrap +static UINT16 +ProduceInnerIntegrity( + TPM2B *name, // IN: the name of the object + TPM_ALG_ID hashAlg, // IN: hash algorithm for inner wrap + UINT16 dataSize, // IN: the size of sensitive data, excluding the + // leading integrity buffer size + BYTE *innerBuffer // IN/OUT: inner buffer with sensitive data in + // it. At input, the leading bytes of this + // buffer is reserved for integrity + ) +{ + BYTE *sensitiveData; // pointer to the sensitive data + TPM2B_DIGEST integrity; + UINT16 integritySize; + BYTE *buffer; // Auxiliary buffer pointer +// + // sensitiveData points to the beginning of sensitive data in innerBuffer + integritySize = sizeof(UINT16) + CryptHashGetDigestSize(hashAlg); + sensitiveData = innerBuffer + integritySize; + + ComputeInnerIntegrity(hashAlg, name, dataSize, sensitiveData, &integrity); + + // Add integrity at the beginning of inner buffer + buffer = innerBuffer; + TPM2B_DIGEST_Marshal(&integrity, &buffer, NULL); + + return dataSize + integritySize; +} + +//*** CheckInnerIntegrity() +// This function check integrity of inner blob +// Return Type: TPM_RC +// TPM_RC_INTEGRITY if the outer blob integrity is bad +// unmarshal errors unmarshal errors while unmarshaling integrity +static TPM_RC +CheckInnerIntegrity( + TPM2B *name, // IN: the name of the object + TPM_ALG_ID hashAlg, // IN: hash algorithm for inner wrap + UINT16 dataSize, // IN: the size of sensitive data, including the + // leading integrity buffer size + BYTE *innerBuffer // IN/OUT: inner buffer with sensitive data in + // it + ) +{ + TPM_RC result; + TPM2B_DIGEST integrity; + TPM2B_DIGEST integrityToCompare; + BYTE *buffer; // Auxiliary buffer pointer + INT32 size; +// + // Unmarshal integrity + buffer = innerBuffer; + size = (INT32)dataSize; + result = TPM2B_DIGEST_Unmarshal(&integrity, &buffer, &size); + if(result == TPM_RC_SUCCESS) + { + // Compute integrity to compare + ComputeInnerIntegrity(hashAlg, name, (UINT16)size, buffer, + &integrityToCompare); + // Compare outer blob integrity + if(!MemoryEqual2B(&integrity.b, &integrityToCompare.b)) + result = TPM_RC_INTEGRITY; + } + return result; +} + +//** Public Functions + +//*** AdjustAuthSize() +// This function will validate that the input authValue is no larger than the +// digestSize for the nameAlg. It will then pad with zeros to the size of the +// digest. +BOOL +AdjustAuthSize( + TPM2B_AUTH *auth, // IN/OUT: value to adjust + TPMI_ALG_HASH nameAlg // IN: + ) +{ + UINT16 digestSize; +// + // If there is no nameAlg, then this is a LoadExternal and the authVale can + // be any size up to the maximum allowed by the + digestSize = (nameAlg == TPM_ALG_NULL) ? sizeof(TPMU_HA) + : CryptHashGetDigestSize(nameAlg); + if(digestSize < MemoryRemoveTrailingZeros(auth)) + return FALSE; + else if(digestSize > auth->t.size) + MemoryPad2B(&auth->b, digestSize); + auth->t.size = digestSize; + + return TRUE; +} + +//*** AreAttributesForParent() +// This function is called by create, load, and import functions. +// Note: The 'isParent' attribute is SET when an object is loaded and it has +// attributes that are suitable for a parent object. +// Return Type: BOOL +// TRUE(1) properties are those of a parent +// FALSE(0) properties are not those of a parent +BOOL +ObjectIsParent( + OBJECT *parentObject // IN: parent handle + ) +{ + return parentObject->attributes.isParent; +} + +//*** CreateChecks() +// Attribute checks that are unique to creation. +// Return Type: TPM_RC +// TPM_RC_ATTRIBUTES sensitiveDataOrigin is not consistent with the +// object type +// other returns from PublicAttributesValidation() +TPM_RC +CreateChecks( + OBJECT *parentObject, + TPMT_PUBLIC *publicArea, + UINT16 sensitiveDataSize + ) +{ + TPMA_OBJECT attributes = publicArea->objectAttributes; + TPM_RC result = TPM_RC_SUCCESS; +// + // If the caller indicates that they have provided the data, then make sure that + // they have provided some data. + if((!IS_ATTRIBUTE(attributes, TPMA_OBJECT, sensitiveDataOrigin)) + && (sensitiveDataSize == 0)) + return TPM_RCS_ATTRIBUTES; + // For an ordinary object, data can only be provided when sensitiveDataOrigin + // is CLEAR + if((parentObject != NULL) + && (IS_ATTRIBUTE(attributes, TPMA_OBJECT, sensitiveDataOrigin)) + && (sensitiveDataSize != 0)) + return TPM_RCS_ATTRIBUTES; + switch(publicArea->type) + { + case ALG_KEYEDHASH_VALUE: + // if this is a data object (sign == decrypt == CLEAR) then the + // TPM cannot be the data source. + if(!IS_ATTRIBUTE(attributes, TPMA_OBJECT, sign) + && !IS_ATTRIBUTE(attributes, TPMA_OBJECT, decrypt) + && IS_ATTRIBUTE(attributes, TPMA_OBJECT, sensitiveDataOrigin)) + result = TPM_RC_ATTRIBUTES; + // comment out the next line in order to prevent a fixedTPM derivation + // parent +// break; + case ALG_SYMCIPHER_VALUE: + // A restricted key symmetric key (SYMCIPHER and KEYEDHASH) + // must have sensitiveDataOrigin SET unless it has fixedParent and + // fixedTPM CLEAR. + if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, restricted)) + if(!IS_ATTRIBUTE(attributes, TPMA_OBJECT, sensitiveDataOrigin)) + if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, fixedParent) + || IS_ATTRIBUTE(attributes, TPMA_OBJECT, fixedTPM)) + result = TPM_RCS_ATTRIBUTES; + break; + default: // Asymmetric keys cannot have the sensitive portion provided + if(!IS_ATTRIBUTE(attributes, TPMA_OBJECT, sensitiveDataOrigin)) + result = TPM_RCS_ATTRIBUTES; + break; + } + if(TPM_RC_SUCCESS == result) + { + result = PublicAttributesValidation(parentObject, publicArea); + } + return result; +} +//*** SchemeChecks +// This function is called by TPM2_LoadExternal() and PublicAttributesValidation(). +// This function validates the schemes in the public area of an object. +// Return Type: TPM_RC +// TPM_RC_HASH non-duplicable storage key and its parent have different +// name algorithm +// TPM_RC_KDF incorrect KDF specified for decrypting keyed hash object +// TPM_RC_KEY invalid key size values in an asymmetric key public area +// TPM_RCS_SCHEME inconsistent attributes 'decrypt', 'sign', 'restricted' +// and key's scheme ID; or hash algorithm is inconsistent +// with the scheme ID for keyed hash object +// TPM_RC_SYMMETRIC a storage key with no symmetric algorithm specified; or +// non-storage key with symmetric algorithm different from +// ALG_NULL +TPM_RC +SchemeChecks( + OBJECT *parentObject, // IN: parent (null if primary seed) + TPMT_PUBLIC *publicArea // IN: public area of the object + ) +{ + TPMT_SYM_DEF_OBJECT *symAlgs = NULL; + TPM_ALG_ID scheme = TPM_ALG_NULL; + TPMA_OBJECT attributes = publicArea->objectAttributes; + TPMU_PUBLIC_PARMS *parms = &publicArea->parameters; +// + switch(publicArea->type) + { + case ALG_SYMCIPHER_VALUE: + symAlgs = &parms->symDetail.sym; + // If this is a decrypt key, then only the block cipher modes (not + // SMAC) are valid. TPM_ALG_NULL is OK too. If this is a 'sign' key, + // then any mode that got through the unmarshaling is OK. + if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, decrypt) + && !CryptSymModeIsValid(symAlgs->mode.sym, TRUE)) + return TPM_RCS_SCHEME; + break; + case ALG_KEYEDHASH_VALUE: + scheme = parms->keyedHashDetail.scheme.scheme; + // if both sign and decrypt + if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, sign) + == IS_ATTRIBUTE(attributes, TPMA_OBJECT, decrypt)) + { + // if both sign and decrypt are set or clear, then need + // ALG_NULL as scheme + if(scheme != TPM_ALG_NULL) + return TPM_RCS_SCHEME; + } + else if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, sign) + && scheme != TPM_ALG_HMAC) + return TPM_RCS_SCHEME; + else if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, decrypt)) + { + if(scheme != TPM_ALG_XOR) + return TPM_RCS_SCHEME; + // If this is a derivation parent, then the KDF needs to be + // SP800-108 for this implementation. This is the only derivation + // supported by this implementation. Other implementations could + // support additional schemes. There is no default. + if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, restricted)) + { + if(parms->keyedHashDetail.scheme.details.xor.kdf + != TPM_ALG_KDF1_SP800_108) + return TPM_RCS_SCHEME; + // Must select a digest. + if(CryptHashGetDigestSize( + parms->keyedHashDetail.scheme.details.xor.hashAlg) == 0) + return TPM_RCS_HASH; + } + } + break; + default: // handling for asymmetric + scheme = parms->asymDetail.scheme.scheme; + symAlgs = &parms->asymDetail.symmetric; + // if the key is both sign and decrypt, then the scheme must be + // ALG_NULL because there is no way to specify both a sign and a + // decrypt scheme in the key. + if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, sign) + == IS_ATTRIBUTE(attributes, TPMA_OBJECT, decrypt)) + { + // scheme must be TPM_ALG_NULL + if(scheme != TPM_ALG_NULL) + return TPM_RCS_SCHEME; + } + else if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, sign)) + { + // If this is a signing key, see if it has a signing scheme + if(CryptIsAsymSignScheme(publicArea->type, scheme)) + { + // if proper signing scheme then it needs a proper hash + if(parms->asymDetail.scheme.details.anySig.hashAlg + == TPM_ALG_NULL) + return TPM_RCS_SCHEME; + } + else + { + // signing key that does not have a proper signing scheme. + // This is OK if the key is not restricted and its scheme + // is TPM_ALG_NULL + if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, restricted) + || scheme != TPM_ALG_NULL) + return TPM_RCS_SCHEME; + } + } + else if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, decrypt)) + { + if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, restricted)) + { + // for a restricted decryption key (a parent), scheme + // is required to be TPM_ALG_NULL + if(scheme != TPM_ALG_NULL) + return TPM_RCS_SCHEME; + } + else + { + // For an unrestricted decryption key, the scheme has to + // be a valid scheme or TPM_ALG_NULL + if(scheme != TPM_ALG_NULL && + !CryptIsAsymDecryptScheme(publicArea->type, scheme)) + return TPM_RCS_SCHEME; + } + } + if(!IS_ATTRIBUTE(attributes, TPMA_OBJECT, restricted) + || !IS_ATTRIBUTE(attributes, TPMA_OBJECT, decrypt)) + { + // For an asymmetric key that is not a parent, the symmetric + // algorithms must be TPM_ALG_NULL + if(symAlgs->algorithm != TPM_ALG_NULL) + return TPM_RCS_SYMMETRIC; + } + // Special checks for an ECC key +#if ALG_ECC + if(publicArea->type == TPM_ALG_ECC) + { + TPM_ECC_CURVE curveID; + const TPMT_ECC_SCHEME *curveScheme; + + curveID = publicArea->parameters.eccDetail.curveID; + curveScheme = CryptGetCurveSignScheme(curveID); + // The curveId must be valid or the unmarshaling is busted. + pAssert(curveScheme != NULL); + + // If the curveID requires a specific scheme, then the key must + // select the same scheme + if(curveScheme->scheme != TPM_ALG_NULL) + { + TPMS_ECC_PARMS *ecc = &publicArea->parameters.eccDetail; + if(scheme != curveScheme->scheme) + return TPM_RCS_SCHEME; + // The scheme can allow any hash, or not... + if(curveScheme->details.anySig.hashAlg != TPM_ALG_NULL + && (ecc->scheme.details.anySig.hashAlg + != curveScheme->details.anySig.hashAlg)) + return TPM_RCS_SCHEME; + } + // For now, the KDF must be TPM_ALG_NULL + if(publicArea->parameters.eccDetail.kdf.scheme != TPM_ALG_NULL) + return TPM_RCS_KDF; + } +#endif + break; + } + // If this is a restricted decryption key with symmetric algorithms, then it + // is an ordinary parent (not a derivation parent). It needs to specific + // symmetric algorithms other than TPM_ALG_NULL + if(symAlgs != NULL + && IS_ATTRIBUTE(attributes, TPMA_OBJECT, restricted) + && IS_ATTRIBUTE(attributes, TPMA_OBJECT, decrypt)) + { + if(symAlgs->algorithm == TPM_ALG_NULL) + return TPM_RCS_SYMMETRIC; +#if 0 //?? +// This next check is under investigation. Need to see if it will break Windows +// before it is enabled. If it does not, then it should be default because a +// the mode used with a parent is always CFB and Part 2 indicates as much. + if(symAlgs->mode.sym != TPM_ALG_CFB) + return TPM_RCS_MODE; +#endif + // If this parent is not duplicable, then the symmetric algorithms + // (encryption and hash) must match those of its parent + if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, fixedParent) + && (parentObject != NULL)) + { + if(publicArea->nameAlg != parentObject->publicArea.nameAlg) + return TPM_RCS_HASH; + if(!MemoryEqual(symAlgs, &parentObject->publicArea.parameters, + sizeof(TPMT_SYM_DEF_OBJECT))) + return TPM_RCS_SYMMETRIC; + } + } + return TPM_RC_SUCCESS; +} + +//*** PublicAttributesValidation() +// This function validates the values in the public area of an object. +// This function is used in the processing of TPM2_Create, TPM2_CreatePrimary, +// TPM2_CreateLoaded(), TPM2_Load(), TPM2_Import(), and TPM2_LoadExternal(). +// For TPM2_Import() this is only used if the new parent has fixedTPM SET. For +// TPM2_LoadExternal(), this is not used for a public-only key +// Return Type: TPM_RC +// TPM_RC_ATTRIBUTES 'fixedTPM', 'fixedParent', or 'encryptedDuplication' +// attributes are inconsistent between themselves or with +// those of the parent object; +// inconsistent 'restricted', 'decrypt' and 'sign' +// attributes; +// attempt to inject sensitive data for an asymmetric key; +// attempt to create a symmetric cipher key that is not +// a decryption key +// TPM_RC_HASH nameAlg is TPM_ALG_NULL +// TPM_RC_SIZE 'authPolicy' size does not match digest size of the name +// algorithm in 'publicArea' +// other returns from SchemeChecks() +TPM_RC +PublicAttributesValidation( + OBJECT *parentObject, // IN: input parent object + TPMT_PUBLIC *publicArea // IN: public area of the object + ) +{ + TPMA_OBJECT attributes = publicArea->objectAttributes; + TPMA_OBJECT parentAttributes = TPMA_ZERO_INITIALIZER(); +// + if(parentObject != NULL) + parentAttributes = parentObject->publicArea.objectAttributes; + if(publicArea->nameAlg == TPM_ALG_NULL) + return TPM_RCS_HASH; + // If there is an authPolicy, it needs to be the size of the digest produced + // by the nameAlg of the object + if((publicArea->authPolicy.t.size != 0 + && (publicArea->authPolicy.t.size + != CryptHashGetDigestSize(publicArea->nameAlg)))) + return TPM_RCS_SIZE; + // If the parent is fixedTPM (including a Primary Object) the object must have + // the same value for fixedTPM and fixedParent + if(parentObject == NULL + || IS_ATTRIBUTE(parentAttributes, TPMA_OBJECT, fixedTPM)) + { + if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, fixedParent) + != IS_ATTRIBUTE(attributes, TPMA_OBJECT, fixedTPM)) + return TPM_RCS_ATTRIBUTES; + } + else + { + // The parent is not fixedTPM so the object can't be fixedTPM + if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, fixedTPM)) + return TPM_RCS_ATTRIBUTES; + } + // See if sign and decrypt are the same + if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, sign) + == IS_ATTRIBUTE(attributes, TPMA_OBJECT, decrypt)) + { + // a restricted key cannot have both SET or both CLEAR + if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, restricted)) + return TPM_RC_ATTRIBUTES; + // only a data object may have both sign and decrypt CLEAR + // BTW, since we know that decrypt==sign, no need to check both + if(publicArea->type != TPM_ALG_KEYEDHASH + && !IS_ATTRIBUTE(attributes, TPMA_OBJECT, sign)) + return TPM_RC_ATTRIBUTES; + } + // If the object can't be duplicated (directly or indirectly) then there + // is no justification for having encryptedDuplication SET + if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, fixedTPM) + && IS_ATTRIBUTE(attributes, TPMA_OBJECT, encryptedDuplication)) + return TPM_RCS_ATTRIBUTES; + // If a parent object has fixedTPM CLEAR, the child must have the + // same encryptedDuplication value as its parent. + // Primary objects are considered to have a fixedTPM parent (the seeds). + if(parentObject != NULL + && !IS_ATTRIBUTE(parentAttributes, TPMA_OBJECT, fixedTPM)) + { + if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, encryptedDuplication) + != IS_ATTRIBUTE(parentAttributes, TPMA_OBJECT, encryptedDuplication)) + return TPM_RCS_ATTRIBUTES; + } + // Special checks for derived objects + if((parentObject != NULL) && (parentObject->attributes.derivation == SET)) + { + // A derived object has the same settings for fixedTPM as its parent + if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, fixedTPM) + != IS_ATTRIBUTE(parentAttributes, TPMA_OBJECT, fixedTPM)) + return TPM_RCS_ATTRIBUTES; + // A derived object is required to be fixedParent + if(!IS_ATTRIBUTE(attributes, TPMA_OBJECT, fixedParent)) + return TPM_RCS_ATTRIBUTES; + } + return SchemeChecks(parentObject, publicArea); +} + +//*** FillInCreationData() +// Fill in creation data for an object. +// Return Type: void +void +FillInCreationData( + TPMI_DH_OBJECT parentHandle, // IN: handle of parent + TPMI_ALG_HASH nameHashAlg, // IN: name hash algorithm + TPML_PCR_SELECTION *creationPCR, // IN: PCR selection + TPM2B_DATA *outsideData, // IN: outside data + TPM2B_CREATION_DATA *outCreation, // OUT: creation data for output + TPM2B_DIGEST *creationDigest // OUT: creation digest + ) +{ + BYTE creationBuffer[sizeof(TPMS_CREATION_DATA)]; + BYTE *buffer; + HASH_STATE hashState; +// + // Fill in TPMS_CREATION_DATA in outCreation + + // Compute PCR digest + PCRComputeCurrentDigest(nameHashAlg, creationPCR, + &outCreation->creationData.pcrDigest); + + // Put back PCR selection list + outCreation->creationData.pcrSelect = *creationPCR; + + // Get locality + outCreation->creationData.locality + = LocalityGetAttributes(_plat__LocalityGet()); + outCreation->creationData.parentNameAlg = TPM_ALG_NULL; + + // If the parent is either a primary seed or TPM_ALG_NULL, then the Name + // and QN of the parent are the parent's handle. + if(HandleGetType(parentHandle) == TPM_HT_PERMANENT) + { + buffer = &outCreation->creationData.parentName.t.name[0]; + outCreation->creationData.parentName.t.size = + TPM_HANDLE_Marshal(&parentHandle, &buffer, NULL); + // For a primary or temporary object, the parent name (a handle) and the + // parent's QN are the same + outCreation->creationData.parentQualifiedName + = outCreation->creationData.parentName; + } + else // Regular object + { + OBJECT *parentObject = HandleToObject(parentHandle); +// + // Set name algorithm + outCreation->creationData.parentNameAlg = parentObject->publicArea.nameAlg; + + // Copy parent name + outCreation->creationData.parentName = parentObject->name; + + // Copy parent qualified name + outCreation->creationData.parentQualifiedName = parentObject->qualifiedName; + } + // Copy outside information + outCreation->creationData.outsideInfo = *outsideData; + + // Marshal creation data to canonical form + buffer = creationBuffer; + outCreation->size = TPMS_CREATION_DATA_Marshal(&outCreation->creationData, + &buffer, NULL); + // Compute hash for creation field in public template + creationDigest->t.size = CryptHashStart(&hashState, nameHashAlg); + CryptDigestUpdate(&hashState, outCreation->size, creationBuffer); + CryptHashEnd2B(&hashState, &creationDigest->b); + + return; +} + +//*** GetSeedForKDF() +// Get a seed for KDF. The KDF for encryption and HMAC key use the same seed. +const TPM2B * +GetSeedForKDF( + OBJECT *protector // IN: the protector handle + ) +{ + // Get seed for encryption key. Use input seed if provided. + // Otherwise, using protector object's seedValue. TPM_RH_NULL is the only + // exception that we may not have a loaded object as protector. In such a + // case, use nullProof as seed. + if(protector == NULL) + return &gr.nullProof.b; + else + return &protector->sensitive.seedValue.b; +} + +//*** ProduceOuterWrap() +// This function produce outer wrap for a buffer containing the sensitive data. +// It requires the sensitive data being marshaled to the outerBuffer, with the +// leading bytes reserved for integrity hash. If iv is used, iv space should +// be reserved at the beginning of the buffer. It assumes the sensitive data +// starts at address (outerBuffer + integrity size {+ iv size}). +// This function performs: +// 1. Add IV before sensitive area if required +// 2. encrypt sensitive data, if iv is required, encrypt by iv. otherwise, +// encrypted by a NULL iv +// 3. add HMAC integrity at the beginning of the buffer +// It returns the total size of blob with outer wrap +UINT16 +ProduceOuterWrap( + OBJECT *protector, // IN: The handle of the object that provides + // protection. For object, it is parent + // handle. For credential, it is the handle + // of encrypt object. + TPM2B *name, // IN: the name of the object + TPM_ALG_ID hashAlg, // IN: hash algorithm for outer wrap + TPM2B *seed, // IN: an external seed may be provided for + // duplication blob. For non duplication + // blob, this parameter should be NULL + BOOL useIV, // IN: indicate if an IV is used + UINT16 dataSize, // IN: the size of sensitive data, excluding the + // leading integrity buffer size or the + // optional iv size + BYTE *outerBuffer // IN/OUT: outer buffer with sensitive data in + // it + ) +{ + TPM_ALG_ID symAlg; + UINT16 keyBits; + TPM2B_SYM_KEY symKey; + TPM2B_IV ivRNG; // IV from RNG + TPM2B_IV *iv = NULL; + UINT16 ivSize = 0; // size of iv area, including the size field + BYTE *sensitiveData; // pointer to the sensitive data + TPM2B_DIGEST integrity; + UINT16 integritySize; + BYTE *buffer; // Auxiliary buffer pointer +// + // Compute the beginning of sensitive data. The outer integrity should + // always exist if this function is called to make an outer wrap + integritySize = sizeof(UINT16) + CryptHashGetDigestSize(hashAlg); + sensitiveData = outerBuffer + integritySize; + + // If iv is used, adjust the pointer of sensitive data and add iv before it + if(useIV) + { + ivSize = GetIV2BSize(protector); + + // Generate IV from RNG. The iv data size should be the total IV area + // size minus the size of size field + ivRNG.t.size = ivSize - sizeof(UINT16); + CryptRandomGenerate(ivRNG.t.size, ivRNG.t.buffer); + + // Marshal IV to buffer + buffer = sensitiveData; + TPM2B_IV_Marshal(&ivRNG, &buffer, NULL); + + // adjust sensitive data starting after IV area + sensitiveData += ivSize; + + // Use iv for encryption + iv = &ivRNG; + } + // Compute symmetric key parameters for outer buffer encryption + ComputeProtectionKeyParms(protector, hashAlg, name, seed, + &symAlg, &keyBits, &symKey); + // Encrypt inner buffer in place + CryptSymmetricEncrypt(sensitiveData, symAlg, keyBits, + symKey.t.buffer, iv, TPM_ALG_CFB, dataSize, + sensitiveData); + // Compute outer integrity. Integrity computation includes the optional IV + // area + ComputeOuterIntegrity(name, protector, hashAlg, seed, dataSize + ivSize, + outerBuffer + integritySize, &integrity); + // Add integrity at the beginning of outer buffer + buffer = outerBuffer; + TPM2B_DIGEST_Marshal(&integrity, &buffer, NULL); + + // return the total size in outer wrap + return dataSize + integritySize + ivSize; +} + +//*** UnwrapOuter() +// This function remove the outer wrap of a blob containing sensitive data +// This function performs: +// 1. check integrity of outer blob +// 2. decrypt outer blob +// +// Return Type: TPM_RC +// TPM_RCS_INSUFFICIENT error during sensitive data unmarshaling +// TPM_RCS_INTEGRITY sensitive data integrity is broken +// TPM_RCS_SIZE error during sensitive data unmarshaling +// TPM_RCS_VALUE IV size for CFB does not match the encryption +// algorithm block size +TPM_RC +UnwrapOuter( + OBJECT *protector, // IN: The object that provides + // protection. For object, it is parent + // handle. For credential, it is the + // encrypt object. + TPM2B *name, // IN: the name of the object + TPM_ALG_ID hashAlg, // IN: hash algorithm for outer wrap + TPM2B *seed, // IN: an external seed may be provided for + // duplication blob. For non duplication + // blob, this parameter should be NULL. + BOOL useIV, // IN: indicates if an IV is used + UINT16 dataSize, // IN: size of sensitive data in outerBuffer, + // including the leading integrity buffer + // size, and an optional iv area + BYTE *outerBuffer // IN/OUT: sensitive data + ) +{ + TPM_RC result; + TPM_ALG_ID symAlg = TPM_ALG_NULL; + TPM2B_SYM_KEY symKey; + UINT16 keyBits = 0; + TPM2B_IV ivIn; // input IV retrieved from input buffer + TPM2B_IV *iv = NULL; + BYTE *sensitiveData; // pointer to the sensitive data + TPM2B_DIGEST integrityToCompare; + TPM2B_DIGEST integrity; + INT32 size; +// + // Unmarshal integrity + sensitiveData = outerBuffer; + size = (INT32)dataSize; + result = TPM2B_DIGEST_Unmarshal(&integrity, &sensitiveData, &size); + if(result == TPM_RC_SUCCESS) + { + // Compute integrity to compare + ComputeOuterIntegrity(name, protector, hashAlg, seed, + (UINT16)size, sensitiveData, + &integrityToCompare); + // Compare outer blob integrity + if(!MemoryEqual2B(&integrity.b, &integrityToCompare.b)) + return TPM_RCS_INTEGRITY; + // Get the symmetric algorithm parameters used for encryption + ComputeProtectionKeyParms(protector, hashAlg, name, seed, + &symAlg, &keyBits, &symKey); + // Retrieve IV if it is used + if(useIV) + { + result = TPM2B_IV_Unmarshal(&ivIn, &sensitiveData, &size); + if(result == TPM_RC_SUCCESS) + { + // The input iv size for CFB must match the encryption algorithm + // block size + if(ivIn.t.size != CryptGetSymmetricBlockSize(symAlg, keyBits)) + result = TPM_RC_VALUE; + else + iv = &ivIn; + } + } + } + // If no errors, decrypt private in place. Since this function uses CFB, + // CryptSymmetricDecrypt() will not return any errors. It may fail but it will + // not return an error. + if(result == TPM_RC_SUCCESS) + CryptSymmetricDecrypt(sensitiveData, symAlg, keyBits, + symKey.t.buffer, iv, TPM_ALG_CFB, + (UINT16)size, sensitiveData); + return result; +} + +//*** MarshalSensitive() +// This function is used to marshal a sensitive area. Among other things, it +// adjusts the size of the authValue to be no smaller than the digest of +// 'nameAlg'. It will also make sure that the RSA sensitive contains the right number +// of values. +// Returns the size of the marshaled area. +static UINT16 +MarshalSensitive( + OBJECT *parent, // IN: the object parent (optional) + BYTE *buffer, // OUT: receiving buffer + TPMT_SENSITIVE *sensitive, // IN: the sensitive area to marshal + TPMI_ALG_HASH nameAlg // IN: + ) +{ + BYTE *sizeField = buffer; // saved so that size can be + // marshaled after it is known + UINT16 retVal; +// + // Pad the authValue if needed + MemoryPad2B(&sensitive->authValue.b, CryptHashGetDigestSize(nameAlg)); + buffer += 2; + + // Marshal the structure +#if ALG_RSA + // If the sensitive size is the special case for a prime in the type + if((sensitive->sensitive.rsa.t.size & RSA_prime_flag) > 0) + { + UINT16 sizeSave = sensitive->sensitive.rsa.t.size; + // + // Turn off the flag that indicates that the sensitive->sensitive contains + // the CRT form of the exponent. + sensitive->sensitive.rsa.t.size &= ~(RSA_prime_flag); + // If the parent isn't fixedTPM, then truncate the sensitive data to be + // the size of the prime. Otherwise, leave it at the current size which + // is the full CRT size. + if(parent == NULL + || !IS_ATTRIBUTE(parent->publicArea.objectAttributes, + TPMA_OBJECT, fixedTPM)) + sensitive->sensitive.rsa.t.size /= 5; + retVal = TPMT_SENSITIVE_Marshal(sensitive, &buffer, NULL); + // Restore the flag and the size. + sensitive->sensitive.rsa.t.size = sizeSave; + } + else +#endif + retVal = TPMT_SENSITIVE_Marshal(sensitive, &buffer, NULL); + + // Marshal the size + retVal = (UINT16)(retVal + UINT16_Marshal(&retVal, &sizeField, NULL)); + + return retVal; +} + +//*** SensitiveToPrivate() +// This function prepare the private blob for off the chip storage +// The operations in this function: +// 1. marshal TPM2B_SENSITIVE structure into the buffer of TPM2B_PRIVATE +// 2. apply encryption to the sensitive area. +// 3. apply outer integrity computation. +void +SensitiveToPrivate( + TPMT_SENSITIVE *sensitive, // IN: sensitive structure + TPM2B_NAME *name, // IN: the name of the object + OBJECT *parent, // IN: The parent object + TPM_ALG_ID nameAlg, // IN: hash algorithm in public area. This + // parameter is used when parentHandle is + // NULL, in which case the object is + // temporary. + TPM2B_PRIVATE *outPrivate // OUT: output private structure + ) +{ + BYTE *sensitiveData; // pointer to the sensitive data + UINT16 dataSize; // data blob size + TPMI_ALG_HASH hashAlg; // hash algorithm for integrity + UINT16 integritySize; + UINT16 ivSize; +// + pAssert(name != NULL && name->t.size != 0); + + // Find the hash algorithm for integrity computation + if(parent == NULL) + { + // For Temporary Object, using self name algorithm + hashAlg = nameAlg; + } + else + { + // Otherwise, using parent's name algorithm + hashAlg = parent->publicArea.nameAlg; + } + // Starting of sensitive data without wrappers + sensitiveData = outPrivate->t.buffer; + + // Compute the integrity size + integritySize = sizeof(UINT16) + CryptHashGetDigestSize(hashAlg); + + // Reserve space for integrity + sensitiveData += integritySize; + + // Get iv size + ivSize = GetIV2BSize(parent); + + // Reserve space for iv + sensitiveData += ivSize; + + // Marshal the sensitive area including authValue size adjustments. + dataSize = MarshalSensitive(parent, sensitiveData, sensitive, nameAlg); + + //Produce outer wrap, including encryption and HMAC + outPrivate->t.size = ProduceOuterWrap(parent, &name->b, hashAlg, NULL, + TRUE, dataSize, outPrivate->t.buffer); + return; +} + +//*** PrivateToSensitive() +// Unwrap a input private area. Check the integrity, decrypt and retrieve data +// to a sensitive structure. +// The operations in this function: +// 1. check the integrity HMAC of the input private area +// 2. decrypt the private buffer +// 3. unmarshal TPMT_SENSITIVE structure into the buffer of TPMT_SENSITIVE +// Return Type: TPM_RC +// TPM_RCS_INTEGRITY if the private area integrity is bad +// TPM_RC_SENSITIVE unmarshal errors while unmarshaling TPMS_ENCRYPT +// from input private +// TPM_RCS_SIZE error during sensitive data unmarshaling +// TPM_RCS_VALUE outer wrapper does not have an iV of the correct +// size +TPM_RC +PrivateToSensitive( + TPM2B *inPrivate, // IN: input private structure + TPM2B *name, // IN: the name of the object + OBJECT *parent, // IN: parent object + TPM_ALG_ID nameAlg, // IN: hash algorithm in public area. It is + // passed separately because we only pass + // name, rather than the whole public area + // of the object. This parameter is used in + // the following two cases: 1. primary + // objects. 2. duplication blob with inner + // wrap. In other cases, this parameter + // will be ignored + TPMT_SENSITIVE *sensitive // OUT: sensitive structure + ) +{ + TPM_RC result; + BYTE *buffer; + INT32 size; + BYTE *sensitiveData; // pointer to the sensitive data + UINT16 dataSize; + UINT16 dataSizeInput; + TPMI_ALG_HASH hashAlg; // hash algorithm for integrity + UINT16 integritySize; + UINT16 ivSize; +// + // Make sure that name is provided + pAssert(name != NULL && name->size != 0); + + // Find the hash algorithm for integrity computation + // For Temporary Object (parent == NULL) use self name algorithm; + // Otherwise, using parent's name algorithm + hashAlg = (parent == NULL) ? nameAlg : parent->publicArea.nameAlg; + + // unwrap outer + result = UnwrapOuter(parent, name, hashAlg, NULL, TRUE, + inPrivate->size, inPrivate->buffer); + if(result != TPM_RC_SUCCESS) + return result; + // Compute the inner integrity size. + integritySize = sizeof(UINT16) + CryptHashGetDigestSize(hashAlg); + + // Get iv size + ivSize = GetIV2BSize(parent); + + // The starting of sensitive data and data size without outer wrapper + sensitiveData = inPrivate->buffer + integritySize + ivSize; + dataSize = inPrivate->size - integritySize - ivSize; + + // Unmarshal input data size + buffer = sensitiveData; + size = (INT32)dataSize; + result = UINT16_Unmarshal(&dataSizeInput, &buffer, &size); + if(result == TPM_RC_SUCCESS) + { + if((dataSizeInput + sizeof(UINT16)) != dataSize) + result = TPM_RC_SENSITIVE; + else + { + // Unmarshal sensitive buffer to sensitive structure + result = TPMT_SENSITIVE_Unmarshal(sensitive, &buffer, &size); + if(result != TPM_RC_SUCCESS || size != 0) + { + result = TPM_RC_SENSITIVE; + } + } + } + return result; +} + +//*** SensitiveToDuplicate() +// This function prepare the duplication blob from the sensitive area. +// The operations in this function: +// 1. marshal TPMT_SENSITIVE structure into the buffer of TPM2B_PRIVATE +// 2. apply inner wrap to the sensitive area if required +// 3. apply outer wrap if required +void +SensitiveToDuplicate( + TPMT_SENSITIVE *sensitive, // IN: sensitive structure + TPM2B *name, // IN: the name of the object + OBJECT *parent, // IN: The new parent object + TPM_ALG_ID nameAlg, // IN: hash algorithm in public area. It + // is passed separately because we + // only pass name, rather than the + // whole public area of the object. + TPM2B *seed, // IN: the external seed. If external + // seed is provided with size of 0, + // no outer wrap should be applied + // to duplication blob. + TPMT_SYM_DEF_OBJECT *symDef, // IN: Symmetric key definition. If the + // symmetric key algorithm is NULL, + // no inner wrap should be applied. + TPM2B_DATA *innerSymKey, // IN/OUT: a symmetric key may be + // provided to encrypt the inner + // wrap of a duplication blob. May + // be generated here if needed. + TPM2B_PRIVATE *outPrivate // OUT: output private structure + ) +{ + BYTE *sensitiveData; // pointer to the sensitive data + TPMI_ALG_HASH outerHash = TPM_ALG_NULL;// The hash algorithm for outer wrap + TPMI_ALG_HASH innerHash = TPM_ALG_NULL;// The hash algorithm for inner wrap + UINT16 dataSize; // data blob size + BOOL doInnerWrap = FALSE; + BOOL doOuterWrap = FALSE; +// + // Make sure that name is provided + pAssert(name != NULL && name->size != 0); + + // Make sure symDef and innerSymKey are not NULL + pAssert(symDef != NULL && innerSymKey != NULL); + + // Starting of sensitive data without wrappers + sensitiveData = outPrivate->t.buffer; + + // Find out if inner wrap is required + if(symDef->algorithm != TPM_ALG_NULL) + { + doInnerWrap = TRUE; + + // Use self nameAlg as inner hash algorithm + innerHash = nameAlg; + + // Adjust sensitive data pointer + sensitiveData += sizeof(UINT16) + CryptHashGetDigestSize(innerHash); + } + // Find out if outer wrap is required + if(seed->size != 0) + { + doOuterWrap = TRUE; + + // Use parent nameAlg as outer hash algorithm + outerHash = parent->publicArea.nameAlg; + + // Adjust sensitive data pointer + sensitiveData += sizeof(UINT16) + CryptHashGetDigestSize(outerHash); + } + // Marshal sensitive area + dataSize = MarshalSensitive(NULL, sensitiveData, sensitive, nameAlg); + + // Apply inner wrap for duplication blob. It includes both integrity and + // encryption + if(doInnerWrap) + { + BYTE *innerBuffer = NULL; + BOOL symKeyInput = TRUE; + innerBuffer = outPrivate->t.buffer; + // Skip outer integrity space + if(doOuterWrap) + innerBuffer += sizeof(UINT16) + CryptHashGetDigestSize(outerHash); + dataSize = ProduceInnerIntegrity(name, innerHash, dataSize, + innerBuffer); + // Generate inner encryption key if needed + if(innerSymKey->t.size == 0) + { + innerSymKey->t.size = (symDef->keyBits.sym + 7) / 8; + CryptRandomGenerate(innerSymKey->t.size, innerSymKey->t.buffer); + + // TPM generates symmetric encryption. Set the flag to FALSE + symKeyInput = FALSE; + } + else + { + // assume the input key size should matches the symmetric definition + pAssert(innerSymKey->t.size == (symDef->keyBits.sym + 7) / 8); + } + + // Encrypt inner buffer in place + CryptSymmetricEncrypt(innerBuffer, symDef->algorithm, + symDef->keyBits.sym, innerSymKey->t.buffer, NULL, + TPM_ALG_CFB, dataSize, innerBuffer); + + // If the symmetric encryption key is imported, clear the buffer for + // output + if(symKeyInput) + innerSymKey->t.size = 0; + } + // Apply outer wrap for duplication blob. It includes both integrity and + // encryption + if(doOuterWrap) + { + dataSize = ProduceOuterWrap(parent, name, outerHash, seed, FALSE, + dataSize, outPrivate->t.buffer); + } + // Data size for output + outPrivate->t.size = dataSize; + + return; +} + +//*** DuplicateToSensitive() +// Unwrap a duplication blob. Check the integrity, decrypt and retrieve data +// to a sensitive structure. +// The operations in this function: +// 1. check the integrity HMAC of the input private area +// 2. decrypt the private buffer +// 3. unmarshal TPMT_SENSITIVE structure into the buffer of TPMT_SENSITIVE +// +// Return Type: TPM_RC +// TPM_RC_INSUFFICIENT unmarshaling sensitive data from 'inPrivate' failed +// TPM_RC_INTEGRITY 'inPrivate' data integrity is broken +// TPM_RC_SIZE unmarshaling sensitive data from 'inPrivate' failed +TPM_RC +DuplicateToSensitive( + TPM2B *inPrivate, // IN: input private structure + TPM2B *name, // IN: the name of the object + OBJECT *parent, // IN: the parent + TPM_ALG_ID nameAlg, // IN: hash algorithm in public area. + TPM2B *seed, // IN: an external seed may be provided. + // If external seed is provided with + // size of 0, no outer wrap is + // applied + TPMT_SYM_DEF_OBJECT *symDef, // IN: Symmetric key definition. If the + // symmetric key algorithm is NULL, + // no inner wrap is applied + TPM2B *innerSymKey, // IN: a symmetric key may be provided + // to decrypt the inner wrap of a + // duplication blob. + TPMT_SENSITIVE *sensitive // OUT: sensitive structure + ) +{ + TPM_RC result; + BYTE *buffer; + INT32 size; + BYTE *sensitiveData; // pointer to the sensitive data + UINT16 dataSize; + UINT16 dataSizeInput; +// + // Make sure that name is provided + pAssert(name != NULL && name->size != 0); + + // Make sure symDef and innerSymKey are not NULL + pAssert(symDef != NULL && innerSymKey != NULL); + + // Starting of sensitive data + sensitiveData = inPrivate->buffer; + dataSize = inPrivate->size; + + // Find out if outer wrap is applied + if(seed->size != 0) + { + // Use parent nameAlg as outer hash algorithm + TPMI_ALG_HASH outerHash = parent->publicArea.nameAlg; + + result = UnwrapOuter(parent, name, outerHash, seed, FALSE, + dataSize, sensitiveData); + if(result != TPM_RC_SUCCESS) + return result; + // Adjust sensitive data pointer and size + sensitiveData += sizeof(UINT16) + CryptHashGetDigestSize(outerHash); + dataSize -= sizeof(UINT16) + CryptHashGetDigestSize(outerHash); + } + // Find out if inner wrap is applied + if(symDef->algorithm != TPM_ALG_NULL) + { + // assume the input key size matches the symmetric definition + pAssert(innerSymKey->size == (symDef->keyBits.sym + 7) / 8); + + // Decrypt inner buffer in place + CryptSymmetricDecrypt(sensitiveData, symDef->algorithm, + symDef->keyBits.sym, innerSymKey->buffer, NULL, + TPM_ALG_CFB, dataSize, sensitiveData); + // Check inner integrity + result = CheckInnerIntegrity(name, nameAlg, dataSize, sensitiveData); + if(result != TPM_RC_SUCCESS) + return result; + // Adjust sensitive data pointer and size + sensitiveData += sizeof(UINT16) + CryptHashGetDigestSize(nameAlg); + dataSize -= sizeof(UINT16) + CryptHashGetDigestSize(nameAlg); + } + // Unmarshal input data size + buffer = sensitiveData; + size = (INT32)dataSize; + result = UINT16_Unmarshal(&dataSizeInput, &buffer, &size); + if(result == TPM_RC_SUCCESS) + { + if((dataSizeInput + sizeof(UINT16)) != dataSize) + result = TPM_RC_SIZE; + else + { + // Unmarshal sensitive buffer to sensitive structure + result = TPMT_SENSITIVE_Unmarshal(sensitive, &buffer, &size); + + // if the results is OK make sure that all the data was unmarshaled + if(result == TPM_RC_SUCCESS && size != 0) + result = TPM_RC_SIZE; + } + } + return result; +} + +//*** SecretToCredential() +// This function prepare the credential blob from a secret (a TPM2B_DIGEST) +// The operations in this function: +// 1. marshal TPM2B_DIGEST structure into the buffer of TPM2B_ID_OBJECT +// 2. encrypt the private buffer, excluding the leading integrity HMAC area +// 3. compute integrity HMAC and append to the beginning of the buffer. +// 4. Set the total size of TPM2B_ID_OBJECT buffer +void +SecretToCredential( + TPM2B_DIGEST *secret, // IN: secret information + TPM2B *name, // IN: the name of the object + TPM2B *seed, // IN: an external seed. + OBJECT *protector, // IN: the protector + TPM2B_ID_OBJECT *outIDObject // OUT: output credential + ) +{ + BYTE *buffer; // Auxiliary buffer pointer + BYTE *sensitiveData; // pointer to the sensitive data + TPMI_ALG_HASH outerHash; // The hash algorithm for outer wrap + UINT16 dataSize; // data blob size +// + pAssert(secret != NULL && outIDObject != NULL); + + // use protector's name algorithm as outer hash ???? + outerHash = protector->publicArea.nameAlg; + + // Marshal secret area to credential buffer, leave space for integrity + sensitiveData = outIDObject->t.credential + + sizeof(UINT16) + CryptHashGetDigestSize(outerHash); +// Marshal secret area + buffer = sensitiveData; + dataSize = TPM2B_DIGEST_Marshal(secret, &buffer, NULL); + + // Apply outer wrap + outIDObject->t.size = ProduceOuterWrap(protector, name, outerHash, seed, FALSE, + dataSize, outIDObject->t.credential); + return; +} + +//*** CredentialToSecret() +// Unwrap a credential. Check the integrity, decrypt and retrieve data +// to a TPM2B_DIGEST structure. +// The operations in this function: +// 1. check the integrity HMAC of the input credential area +// 2. decrypt the credential buffer +// 3. unmarshal TPM2B_DIGEST structure into the buffer of TPM2B_DIGEST +// +// Return Type: TPM_RC +// TPM_RC_INSUFFICIENT error during credential unmarshaling +// TPM_RC_INTEGRITY credential integrity is broken +// TPM_RC_SIZE error during credential unmarshaling +// TPM_RC_VALUE IV size does not match the encryption algorithm +// block size +TPM_RC +CredentialToSecret( + TPM2B *inIDObject, // IN: input credential blob + TPM2B *name, // IN: the name of the object + TPM2B *seed, // IN: an external seed. + OBJECT *protector, // IN: the protector + TPM2B_DIGEST *secret // OUT: secret information + ) +{ + TPM_RC result; + BYTE *buffer; + INT32 size; + TPMI_ALG_HASH outerHash; // The hash algorithm for outer wrap + BYTE *sensitiveData; // pointer to the sensitive data + UINT16 dataSize; +// + // use protector's name algorithm as outer hash + outerHash = protector->publicArea.nameAlg; + + // Unwrap outer, a TPM_RC_INTEGRITY error may be returned at this point + result = UnwrapOuter(protector, name, outerHash, seed, FALSE, + inIDObject->size, inIDObject->buffer); + if(result == TPM_RC_SUCCESS) + { + // Compute the beginning of sensitive data + sensitiveData = inIDObject->buffer + + sizeof(UINT16) + CryptHashGetDigestSize(outerHash); + dataSize = inIDObject->size + - (sizeof(UINT16) + CryptHashGetDigestSize(outerHash)); + // Unmarshal secret buffer to TPM2B_DIGEST structure + buffer = sensitiveData; + size = (INT32)dataSize; + result = TPM2B_DIGEST_Unmarshal(secret, &buffer, &size); + + // If there were no other unmarshaling errors, make sure that the + // expected amount of data was recovered + if(result == TPM_RC_SUCCESS && size != 0) + return TPM_RC_SIZE; + } + return result; +} + +//*** MemoryRemoveTrailingZeros() +// This function is used to adjust the length of an authorization value. +// It adjusts the size of the TPM2B so that it does not include octets +// at the end of the buffer that contain zero. +// The function returns the number of non-zero octets in the buffer. +UINT16 +MemoryRemoveTrailingZeros( + TPM2B_AUTH *auth // IN/OUT: value to adjust + ) +{ + while((auth->t.size > 0) && (auth->t.buffer[auth->t.size - 1] == 0)) + auth->t.size--; + return auth->t.size; +} + +//*** SetLabelAndContext() +// This function sets the label and context for a derived key. It is possible +// that 'label' or 'context' can end up being an Empty Buffer. +TPM_RC +SetLabelAndContext( + TPMS_DERIVE *labelContext, // IN/OUT: the recovered label and + // context + TPM2B_SENSITIVE_DATA *sensitive // IN: the sensitive data + ) +{ + TPMS_DERIVE sensitiveValue; + TPM_RC result; + INT32 size; + BYTE *buff; +// + // Unmarshal a TPMS_DERIVE from the TPM2B_SENSITIVE_DATA buffer + // If there is something to unmarshal... + if(sensitive->t.size != 0) + { + size = sensitive->t.size; + buff = sensitive->t.buffer; + result = TPMS_DERIVE_Unmarshal(&sensitiveValue, &buff, &size); + if(result != TPM_RC_SUCCESS) + return result; + // If there was a label in the public area leave it there, otherwise, copy + // the new value + if(labelContext->label.t.size == 0) + MemoryCopy2B(&labelContext->label.b, &sensitiveValue.label.b, + sizeof(labelContext->label.t.buffer)); + // if there was a context string in publicArea, it overrides + if(labelContext->context.t.size == 0) + MemoryCopy2B(&labelContext->context.b, &sensitiveValue.context.b, + sizeof(labelContext->label.t.buffer)); + } + return TPM_RC_SUCCESS; +} + +//*** UnmarshalToPublic() +// Support function to unmarshal the template. This is used because the +// Input may be a TPMT_TEMPLATE and that structure does not have the same +// size as a TPMT_PUBLIC because of the difference between the 'unique' and +// 'seed' fields. +// If 'derive' is not NULL, then the 'seed' field is assumed to contain +// a 'label' and 'context' that are unmarshaled into 'derive'. +TPM_RC +UnmarshalToPublic( + TPMT_PUBLIC *tOut, // OUT: output + TPM2B_TEMPLATE *tIn, // IN: + BOOL derivation, // IN: indicates if this is for a derivation + TPMS_DERIVE *labelContext// OUT: label and context if derivation + ) +{ + BYTE *buffer = tIn->t.buffer; + INT32 size = tIn->t.size; + TPM_RC result; +// + // make sure that tOut is zeroed so that there are no remnants from previous + // uses + MemorySet(tOut, 0, sizeof(TPMT_PUBLIC)); + // Unmarshal the components of the TPMT_PUBLIC up to the unique field + result = TPMI_ALG_PUBLIC_Unmarshal(&tOut->type, &buffer, &size); + if(result != TPM_RC_SUCCESS) + return result; + result = TPMI_ALG_HASH_Unmarshal(&tOut->nameAlg, &buffer, &size, FALSE); + if(result != TPM_RC_SUCCESS) + return result; + result = TPMA_OBJECT_Unmarshal(&tOut->objectAttributes, &buffer, &size); + if(result != TPM_RC_SUCCESS) + return result; + result = TPM2B_DIGEST_Unmarshal(&tOut->authPolicy, &buffer, &size); + if(result != TPM_RC_SUCCESS) + return result; + result = TPMU_PUBLIC_PARMS_Unmarshal(&tOut->parameters, &buffer, &size, + tOut->type); + if(result != TPM_RC_SUCCESS) + return result; + // Now unmarshal a TPMS_DERIVE if this is for derivation + if(derivation) + result = TPMS_DERIVE_Unmarshal(labelContext, &buffer, &size); + else + // otherwise, unmarshal a TPMU_PUBLIC_ID + result = TPMU_PUBLIC_ID_Unmarshal(&tOut->unique, &buffer, &size, + tOut->type); + // Make sure the template was used up + if((result == TPM_RC_SUCCESS) && (size != 0)) + result = TPM_RC_SIZE; + return result; +} + + +//*** ObjectSetExternal() +// Set the external attributes for an object. +void +ObjectSetExternal( + OBJECT *object + ) +{ + object->attributes.external = SET; +} \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/ReadPublic.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/ReadPublic.c new file mode 100644 index 000000000..a8e9ea27e --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/ReadPublic.c @@ -0,0 +1,67 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "ReadPublic_fp.h" + +#if CC_ReadPublic // Conditional expansion of this file + +/*(See part 3 specification) +// read public area of a loaded object +*/ +// Return Type: TPM_RC +// TPM_RC_SEQUENCE can not read the public area of a sequence +// object +TPM_RC +TPM2_ReadPublic( + ReadPublic_In *in, // IN: input parameter list + ReadPublic_Out *out // OUT: output parameter list + ) +{ + OBJECT *object = HandleToObject(in->objectHandle); + +// Input Validation + // Can not read public area of a sequence object + if(ObjectIsSequence(object)) + return TPM_RC_SEQUENCE; + +// Command Output + out->outPublic.publicArea = object->publicArea; + out->name = object->name; + out->qualifiedName = object->qualifiedName; + + return TPM_RC_SUCCESS; +} + +#endif // CC_ReadPublic \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/Unseal.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/Unseal.c new file mode 100644 index 000000000..f7a9d6edf --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/Unseal.c @@ -0,0 +1,70 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "Unseal_fp.h" + +#if CC_Unseal // Conditional expansion of this file + +/*(See part 3 specification) +// return data in a sealed data blob +*/ +// Return Type: TPM_RC +// TPM_RC_ATTRIBUTES 'itemHandle' has wrong attributes +// TPM_RC_TYPE 'itemHandle' is not a KEYEDHASH data object +TPM_RC +TPM2_Unseal( + Unseal_In *in, + Unseal_Out *out + ) +{ + OBJECT *object; +// Input Validation + // Get pointer to loaded object + object = HandleToObject(in->itemHandle); + + // Input handle must be a data object + if(object->publicArea.type != TPM_ALG_KEYEDHASH) + return TPM_RCS_TYPE + RC_Unseal_itemHandle; + if(IS_ATTRIBUTE(object->publicArea.objectAttributes, TPMA_OBJECT, decrypt) + || IS_ATTRIBUTE(object->publicArea.objectAttributes, TPMA_OBJECT, sign) + || IS_ATTRIBUTE(object->publicArea.objectAttributes, TPMA_OBJECT, restricted)) + return TPM_RCS_ATTRIBUTES + RC_Unseal_itemHandle; +// Command Output + // Copy data + out->outData = object->sensitive.sensitive.bits; + return TPM_RC_SUCCESS; +} + +#endif // CC_Unseal \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/PCR/PCR_Allocate.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/PCR/PCR_Allocate.c new file mode 100644 index 000000000..e9cfacb7f --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/PCR/PCR_Allocate.c @@ -0,0 +1,83 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "PCR_Allocate_fp.h" + +#if CC_PCR_Allocate // Conditional expansion of this file + +/*(See part 3 specification) +// Allocate PCR banks +*/ +// Return Type: TPM_RC +// TPM_RC_PCR the allocation did not have required PCR +// TPM_RC_NV_UNAVAILABLE NV is not accessible +// TPM_RC_NV_RATE NV is in a rate-limiting mode +TPM_RC +TPM2_PCR_Allocate( + PCR_Allocate_In *in, // IN: input parameter list + PCR_Allocate_Out *out // OUT: output parameter list + ) +{ + TPM_RC result; + + // The command needs NV update. Check if NV is available. + // A TPM_RC_NV_UNAVAILABLE or TPM_RC_NV_RATE error may be returned at + // this point. + // Note: These codes are not listed in the return values above because it is + // an implementation choice to check in this routine rather than in a common + // function that is called before these actions are called. These return values + // are described in the Response Code section of Part 3. + RETURN_IF_NV_IS_NOT_AVAILABLE; + +// Command Output + + // Call PCR Allocation function. + result = PCRAllocate(&in->pcrAllocation, &out->maxPCR, + &out->sizeNeeded, &out->sizeAvailable); + if(result == TPM_RC_PCR) + return result; + + // + out->allocationSuccess = (result == TPM_RC_SUCCESS); + + // if re-configuration succeeds, set the flag to indicate PCR configuration is + // going to be changed in next boot + if(out->allocationSuccess == YES) + g_pcrReConfig = TRUE; + + return TPM_RC_SUCCESS; +} + +#endif // CC_PCR_Allocate \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/PCR/PCR_Event.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/PCR/PCR_Event.c new file mode 100644 index 000000000..0cf39aa3a --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/PCR/PCR_Event.c @@ -0,0 +1,92 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "PCR_Event_fp.h" + +#if CC_PCR_Event // Conditional expansion of this file + +/*(See part 3 specification) +// Update PCR +*/ +// Return Type: TPM_RC +// TPM_RC_LOCALITY current command locality is not allowed to +// extend the PCR referenced by 'pcrHandle' +TPM_RC +TPM2_PCR_Event( + PCR_Event_In *in, // IN: input parameter list + PCR_Event_Out *out // OUT: output parameter list + ) +{ + HASH_STATE hashState; + UINT32 i; + UINT16 size; + +// Input Validation + + // If a PCR extend is required + if(in->pcrHandle != TPM_RH_NULL) + { + // If the PCR is not allow to extend, return error + if(!PCRIsExtendAllowed(in->pcrHandle)) + return TPM_RC_LOCALITY; + + // If PCR is state saved and we need to update orderlyState, check NV + // availability + if(PCRIsStateSaved(in->pcrHandle)) + RETURN_IF_ORDERLY; + } + +// Internal Data Update + + out->digests.count = HASH_COUNT; + + // Iterate supported PCR bank algorithms to extend + for(i = 0; i < HASH_COUNT; i++) + { + TPM_ALG_ID hash = CryptHashGetAlgByIndex(i); + out->digests.digests[i].hashAlg = hash; + size = CryptHashStart(&hashState, hash); + CryptDigestUpdate2B(&hashState, &in->eventData.b); + CryptHashEnd(&hashState, size, + (BYTE *)&out->digests.digests[i].digest); + if(in->pcrHandle != TPM_RH_NULL) + PCRExtend(in->pcrHandle, hash, size, + (BYTE *)&out->digests.digests[i].digest); + } + + return TPM_RC_SUCCESS; +} + +#endif // CC_PCR_Event \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/PCR/PCR_Extend.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/PCR/PCR_Extend.c new file mode 100644 index 000000000..d789e7408 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/PCR/PCR_Extend.c @@ -0,0 +1,89 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "PCR_Extend_fp.h" + +#if CC_PCR_Extend // Conditional expansion of this file + +/*(See part 3 specification) +// Update PCR +*/ +// Return Type: TPM_RC +// TPM_RC_LOCALITY current command locality is not allowed to +// extend the PCR referenced by 'pcrHandle' +TPM_RC +TPM2_PCR_Extend( + PCR_Extend_In *in // IN: input parameter list + ) +{ + UINT32 i; + +// Input Validation + + // NOTE: This function assumes that the unmarshaling function for 'digests' will + // have validated that all of the indicated hash algorithms are valid. If the + // hash algorithms are correct, the unmarshaling code will unmarshal a digest + // of the size indicated by the hash algorithm. If the overall size is not + // consistent, the unmarshaling code will run out of input data or have input + // data left over. In either case, it will cause an unmarshaling error and this + // function will not be called. + + // For NULL handle, do nothing and return success + if(in->pcrHandle == TPM_RH_NULL) + return TPM_RC_SUCCESS; + + // Check if the extend operation is allowed by the current command locality + if(!PCRIsExtendAllowed(in->pcrHandle)) + return TPM_RC_LOCALITY; + + // If PCR is state saved and we need to update orderlyState, check NV + // availability + if(PCRIsStateSaved(in->pcrHandle)) + RETURN_IF_ORDERLY; + +// Internal Data Update + + // Iterate input digest list to extend + for(i = 0; i < in->digests.count; i++) + { + PCRExtend(in->pcrHandle, in->digests.digests[i].hashAlg, + CryptHashGetDigestSize(in->digests.digests[i].hashAlg), + (BYTE *)&in->digests.digests[i].digest); + } + + return TPM_RC_SUCCESS; +} + +#endif // CC_PCR_Extend \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/PCR/PCR_Read.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/PCR/PCR_Read.c new file mode 100644 index 000000000..f4dd6bf71 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/PCR/PCR_Read.c @@ -0,0 +1,60 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "PCR_Read_fp.h" + +#if CC_PCR_Read // Conditional expansion of this file + +/*(See part 3 specification) +// Read a set of PCR +*/ +TPM_RC +TPM2_PCR_Read( + PCR_Read_In *in, // IN: input parameter list + PCR_Read_Out *out // OUT: output parameter list + ) +{ +// Command Output + + // Call PCR read function. input pcrSelectionIn parameter could be changed + // to reflect the actual PCR being returned + PCRRead(&in->pcrSelectionIn, &out->pcrValues, &out->pcrUpdateCounter); + + out->pcrSelectionOut = in->pcrSelectionIn; + + return TPM_RC_SUCCESS; +} + +#endif // CC_PCR_Read \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/PCR/PCR_Reset.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/PCR/PCR_Reset.c new file mode 100644 index 000000000..de2daab58 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/PCR/PCR_Reset.c @@ -0,0 +1,74 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "PCR_Reset_fp.h" + +#if CC_PCR_Reset // Conditional expansion of this file + +/*(See part 3 specification) +// Reset PCR +*/ +// Return Type: TPM_RC +// TPM_RC_LOCALITY current command locality is not allowed to +// reset the PCR referenced by 'pcrHandle' +TPM_RC +TPM2_PCR_Reset( + PCR_Reset_In *in // IN: input parameter list + ) +{ +// Input Validation + + // Check if the reset operation is allowed by the current command locality + if(!PCRIsResetAllowed(in->pcrHandle)) + return TPM_RC_LOCALITY; + + // If PCR is state saved and we need to update orderlyState, check NV + // availability + if(PCRIsStateSaved(in->pcrHandle)) + RETURN_IF_ORDERLY; + +// Internal Data Update + + // Reset selected PCR in all banks to 0 + PCRSetValue(in->pcrHandle, 0); + + // Indicate that the PCR changed so that pcrCounter will be incremented if + // necessary. + PCRChanged(in->pcrHandle); + + return TPM_RC_SUCCESS; +} + +#endif // CC_PCR_Reset \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/PCR/PCR_SetAuthPolicy.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/PCR/PCR_SetAuthPolicy.c new file mode 100644 index 000000000..b749de4be --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/PCR/PCR_SetAuthPolicy.c @@ -0,0 +1,82 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "PCR_SetAuthPolicy_fp.h" + +#if CC_PCR_SetAuthPolicy // Conditional expansion of this file + +/*(See part 3 specification) +// Set authPolicy to a group of PCR +*/ +// Return Type: TPM_RC +// TPM_RC_SIZE size of 'authPolicy' is not the size of a digest +// produced by 'policyDigest' +// TPM_RC_VALUE PCR referenced by 'pcrNum' is not a member +// of a PCR policy group +TPM_RC +TPM2_PCR_SetAuthPolicy( + PCR_SetAuthPolicy_In *in // IN: input parameter list + ) +{ + UINT32 groupIndex; + + // The command needs NV update. Check if NV is available. + // A TPM_RC_NV_UNAVAILABLE or TPM_RC_NV_RATE error may be returned at + // this point + RETURN_IF_NV_IS_NOT_AVAILABLE; + +// Input Validation: + + // Check the authPolicy consistent with hash algorithm + if(in->authPolicy.t.size != CryptHashGetDigestSize(in->hashAlg)) + return TPM_RCS_SIZE + RC_PCR_SetAuthPolicy_authPolicy; + + // If PCR does not belong to a policy group, return TPM_RC_VALUE + if(!PCRBelongsPolicyGroup(in->pcrNum, &groupIndex)) + return TPM_RCS_VALUE + RC_PCR_SetAuthPolicy_pcrNum; + +// Internal Data Update + + // Set PCR policy + gp.pcrPolicies.hashAlg[groupIndex] = in->hashAlg; + gp.pcrPolicies.policy[groupIndex] = in->authPolicy; + + // Save new policy to NV + NV_SYNC_PERSISTENT(pcrPolicies); + + return TPM_RC_SUCCESS; +} + +#endif // CC_PCR_SetAuthPolicy \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/PCR/PCR_SetAuthValue.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/PCR/PCR_SetAuthValue.c new file mode 100644 index 000000000..cee6d156a --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/PCR/PCR_SetAuthValue.c @@ -0,0 +1,73 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "PCR_SetAuthValue_fp.h" + +#if CC_PCR_SetAuthValue // Conditional expansion of this file + +/*(See part 3 specification) +// Set authValue to a group of PCR +*/ +// Return Type: TPM_RC +// TPM_RC_VALUE PCR referenced by 'pcrHandle' is not a member +// of a PCR authorization group +TPM_RC +TPM2_PCR_SetAuthValue( + PCR_SetAuthValue_In *in // IN: input parameter list + ) +{ + UINT32 groupIndex; +// Input Validation: + + // If PCR does not belong to an auth group, return TPM_RC_VALUE + if(!PCRBelongsAuthGroup(in->pcrHandle, &groupIndex)) + return TPM_RC_VALUE; + + // The command may cause the orderlyState to be cleared due to the update of + // state clear data. If this is the case, Check if NV is available. + // A TPM_RC_NV_UNAVAILABLE or TPM_RC_NV_RATE error may be returned at + // this point + RETURN_IF_ORDERLY; + +// Internal Data Update + + // Set PCR authValue + MemoryRemoveTrailingZeros(&in->auth); + gc.pcrAuthValues.auth[groupIndex] = in->auth; + + return TPM_RC_SUCCESS; +} + +#endif // CC_PCR_SetAuthValue \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Random/GetRandom.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Random/GetRandom.c new file mode 100644 index 000000000..9e69818ee --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Random/GetRandom.c @@ -0,0 +1,63 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "GetRandom_fp.h" + +#if CC_GetRandom // Conditional expansion of this file + +/*(See part 3 specification) +// random number generator +*/ +TPM_RC +TPM2_GetRandom( + GetRandom_In *in, // IN: input parameter list + GetRandom_Out *out // OUT: output parameter list + ) +{ +// Command Output + + // if the requested bytes exceed the output buffer size, generates the + // maximum bytes that the output buffer allows + if(in->bytesRequested > sizeof(TPMU_HA)) + out->randomBytes.t.size = sizeof(TPMU_HA); + else + out->randomBytes.t.size = in->bytesRequested; + + CryptRandomGenerate(out->randomBytes.t.size, out->randomBytes.t.buffer); + + return TPM_RC_SUCCESS; +} + +#endif // CC_GetRandom \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Random/StirRandom.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Random/StirRandom.c new file mode 100644 index 000000000..befa55b32 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Random/StirRandom.c @@ -0,0 +1,54 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "StirRandom_fp.h" + +#if CC_StirRandom // Conditional expansion of this file + +/*(See part 3 specification) +// add entropy to the RNG state +*/ +TPM_RC +TPM2_StirRandom( + StirRandom_In *in // IN: input parameter list + ) +{ +// Internal Data Update + CryptRandomStir(in->inData.t.size, in->inData.t.buffer); + + return TPM_RC_SUCCESS; +} + +#endif // CC_StirRandom \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Session/PolicyRestart.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Session/PolicyRestart.c new file mode 100644 index 000000000..f4af4458c --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Session/PolicyRestart.c @@ -0,0 +1,54 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "PolicyRestart_fp.h" + +#if CC_PolicyRestart // Conditional expansion of this file + +/*(See part 3 specification) +// Restore a policy session to its initial state +*/ +TPM_RC +TPM2_PolicyRestart( + PolicyRestart_In *in // IN: input parameter list + ) +{ + // Initialize policy session data + SessionResetPolicyData(SessionGet(in->sessionHandle)); + + return TPM_RC_SUCCESS; +} + +#endif // CC_PolicyRestart \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Session/StartAuthSession.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Session/StartAuthSession.c new file mode 100644 index 000000000..56eca7fe0 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Session/StartAuthSession.c @@ -0,0 +1,165 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "StartAuthSession_fp.h" + +#if CC_StartAuthSession // Conditional expansion of this file + +/*(See part 3 specification) +// Start an authorization session +*/ +// Return Type: TPM_RC +// TPM_RC_ATTRIBUTES 'tpmKey' does not reference a decrypt key +// TPM_RC_CONTEXT_GAP the difference between the most recently created +// active context and the oldest active context is at +// the limits of the TPM +// TPM_RC_HANDLE input decrypt key handle only has public portion +// loaded +// TPM_RC_MODE 'symmetric' specifies a block cipher but the mode +// is not TPM_ALG_CFB. +// TPM_RC_SESSION_HANDLES no session handle is available +// TPM_RC_SESSION_MEMORY no more slots for loading a session +// TPM_RC_SIZE nonce less than 16 octets or greater than the size +// of the digest produced by 'authHash' +// TPM_RC_VALUE secret size does not match decrypt key type; or the +// recovered secret is larger than the digest size of +// the nameAlg of 'tpmKey'; or, for an RSA decrypt key, +// if 'encryptedSecret' is greater than the +// public modulus of 'tpmKey'. +TPM_RC +TPM2_StartAuthSession( + StartAuthSession_In *in, // IN: input parameter buffer + StartAuthSession_Out *out // OUT: output parameter buffer + ) +{ + TPM_RC result = TPM_RC_SUCCESS; + OBJECT *tpmKey; // TPM key for decrypt salt + TPM2B_DATA salt; + +// Input Validation + + // Check input nonce size. IT should be at least 16 bytes but not larger + // than the digest size of session hash. + if(in->nonceCaller.t.size < 16 + || in->nonceCaller.t.size > CryptHashGetDigestSize(in->authHash)) + return TPM_RCS_SIZE + RC_StartAuthSession_nonceCaller; + + // If an decrypt key is passed in, check its validation + if(in->tpmKey != TPM_RH_NULL) + { + // Get pointer to loaded decrypt key + tpmKey = HandleToObject(in->tpmKey); + + // key must be asymmetric with its sensitive area loaded. Since this + // command does not require authorization, the presence of the sensitive + // area was not already checked as it is with most other commands that + // use the sensitive are so check it here + if(!CryptIsAsymAlgorithm(tpmKey->publicArea.type)) + return TPM_RCS_KEY + RC_StartAuthSession_tpmKey; + // secret size cannot be 0 + if(in->encryptedSalt.t.size == 0) + return TPM_RCS_VALUE + RC_StartAuthSession_encryptedSalt; + // Decrypting salt requires accessing the private portion of a key. + // Therefore, tmpKey can not be a key with only public portion loaded + if(tpmKey->attributes.publicOnly) + return TPM_RCS_HANDLE + RC_StartAuthSession_tpmKey; + // HMAC session input handle check. + // tpmKey should be a decryption key + if(!IS_ATTRIBUTE(tpmKey->publicArea.objectAttributes, TPMA_OBJECT, decrypt)) + return TPM_RCS_ATTRIBUTES + RC_StartAuthSession_tpmKey; + // Secret Decryption. A TPM_RC_VALUE, TPM_RC_KEY or Unmarshal errors + // may be returned at this point + result = CryptSecretDecrypt(tpmKey, &in->nonceCaller, SECRET_KEY, + &in->encryptedSalt, &salt); + if(result != TPM_RC_SUCCESS) + return TPM_RCS_VALUE + RC_StartAuthSession_encryptedSalt; + } + else + { + // secret size must be 0 + if(in->encryptedSalt.t.size != 0) + return TPM_RCS_VALUE + RC_StartAuthSession_encryptedSalt; + salt.t.size = 0; + } + switch(HandleGetType(in->bind)) + { + case TPM_HT_TRANSIENT: + { + OBJECT *object = HandleToObject(in->bind); + // If the bind handle references a transient object, make sure that we + // can get to the authorization value. Also, make sure that the object + // has a proper Name (nameAlg != TPM_ALG_NULL). If it doesn't, then + // it might be possible to bind to an object where the authValue is + // known. This does not create a real issue in that, if you know the + // authorization value, you can actually bind to the object. However, + // there is a potential + if(object->attributes.publicOnly == SET) + return TPM_RCS_HANDLE + RC_StartAuthSession_bind; + break; + } + case TPM_HT_NV_INDEX: + // a PIN index can't be a bind object + { + NV_INDEX *nvIndex = NvGetIndexInfo(in->bind, NULL); + if(IsNvPinPassIndex(nvIndex->publicArea.attributes) + || IsNvPinFailIndex(nvIndex->publicArea.attributes)) + return TPM_RCS_HANDLE + RC_StartAuthSession_bind; + break; + } + default: + break; + } + // If 'symmetric' is a symmetric block cipher (not TPM_ALG_NULL or TPM_ALG_XOR) + // then the mode must be CFB. + if(in->symmetric.algorithm != TPM_ALG_NULL + && in->symmetric.algorithm != TPM_ALG_XOR + && in->symmetric.mode.sym != TPM_ALG_CFB) + return TPM_RCS_MODE + RC_StartAuthSession_symmetric; + +// Internal Data Update and command output + + // Create internal session structure. TPM_RC_CONTEXT_GAP, TPM_RC_NO_HANDLES + // or TPM_RC_SESSION_MEMORY errors may be returned at this point. + // + // The detailed actions for creating the session context are not shown here + // as the details are implementation dependent + // SessionCreate sets the output handle and nonceTPM + result = SessionCreate(in->sessionType, in->authHash, &in->nonceCaller, + &in->symmetric, in->bind, &salt, &out->sessionHandle, + &out->nonceTPM); + return result; +} + +#endif // CC_StartAuthSession \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Signature/Sign.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Signature/Sign.c new file mode 100644 index 000000000..286ac853a --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Signature/Sign.c @@ -0,0 +1,112 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "Sign_fp.h" + +#if CC_Sign // Conditional expansion of this file + +#include "Attest_spt_fp.h" + +/*(See part 3 specification) +// sign an externally provided hash using an asymmetric signing key +*/ +// Return Type: TPM_RC +// TPM_RC_BINDING The public and private portions of the key are not +// properly bound. +// TPM_RC_KEY 'signHandle' does not reference a signing key; +// TPM_RC_SCHEME the scheme is not compatible with sign key type, +// or input scheme is not compatible with default +// scheme, or the chosen scheme is not a valid +// sign scheme +// TPM_RC_TICKET 'validation' is not a valid ticket +// TPM_RC_VALUE the value to sign is larger than allowed for the +// type of 'keyHandle' + +TPM_RC +TPM2_Sign( + Sign_In *in, // IN: input parameter list + Sign_Out *out // OUT: output parameter list + ) +{ + TPM_RC result; + TPMT_TK_HASHCHECK ticket; + OBJECT *signObject = HandleToObject(in->keyHandle); +// +// Input Validation + if(!IsSigningObject(signObject)) + return TPM_RCS_KEY + RC_Sign_keyHandle; + + // A key that will be used for x.509 signatures can't be used in TPM2_Sign(). + if(IS_ATTRIBUTE(signObject->publicArea.objectAttributes, TPMA_OBJECT, x509sign)) + return TPM_RCS_ATTRIBUTES + RC_Sign_keyHandle; + + // pick a scheme for sign. If the input sign scheme is not compatible with + // the default scheme, return an error. + if(!CryptSelectSignScheme(signObject, &in->inScheme)) + return TPM_RCS_SCHEME + RC_Sign_inScheme; + + // If validation is provided, or the key is restricted, check the ticket + if(in->validation.digest.t.size != 0 + || IS_ATTRIBUTE(signObject->publicArea.objectAttributes, + TPMA_OBJECT, restricted)) + { + // Compute and compare ticket + TicketComputeHashCheck(in->validation.hierarchy, + in->inScheme.details.any.hashAlg, + &in->digest, &ticket); + + if(!MemoryEqual2B(&in->validation.digest.b, &ticket.digest.b)) + return TPM_RCS_TICKET + RC_Sign_validation; + } + else + // If we don't have a ticket, at least verify that the provided 'digest' + // is the size of the scheme hashAlg digest. + // NOTE: this does not guarantee that the 'digest' is actually produced using + // the indicated hash algorithm, but at least it might be. + { + if(in->digest.t.size + != CryptHashGetDigestSize(in->inScheme.details.any.hashAlg)) + return TPM_RCS_SIZE + RC_Sign_digest; + } + +// Command Output + // Sign the hash. A TPM_RC_VALUE or TPM_RC_SCHEME + // error may be returned at this point + result = CryptSign(signObject, &in->inScheme, &in->digest, &out->signature); + + return result; +} + +#endif // CC_Sign \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Signature/VerifySignature.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Signature/VerifySignature.c new file mode 100644 index 000000000..52e7d3013 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Signature/VerifySignature.c @@ -0,0 +1,93 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "VerifySignature_fp.h" + +#if CC_VerifySignature // Conditional expansion of this file + +/*(See part 3 specification) +// This command uses loaded key to validate an asymmetric signature on a message +// with the message digest passed to the TPM. +*/ +// Return Type: TPM_RC +// TPM_RC_ATTRIBUTES 'keyHandle' does not reference a signing key +// TPM_RC_SIGNATURE signature is not genuine +// TPM_RC_SCHEME CryptValidateSignature() +// TPM_RC_HANDLE the input handle is references an HMAC key but +// the private portion is not loaded +TPM_RC +TPM2_VerifySignature( + VerifySignature_In *in, // IN: input parameter list + VerifySignature_Out *out // OUT: output parameter list + ) +{ + TPM_RC result; + OBJECT *signObject = HandleToObject(in->keyHandle); + TPMI_RH_HIERARCHY hierarchy; + +// Input Validation + // The object to validate the signature must be a signing key. + if(!IS_ATTRIBUTE(signObject->publicArea.objectAttributes, TPMA_OBJECT, sign)) + return TPM_RCS_ATTRIBUTES + RC_VerifySignature_keyHandle; + + // Validate Signature. TPM_RC_SCHEME, TPM_RC_HANDLE or TPM_RC_SIGNATURE + // error may be returned by CryptCVerifySignatrue() + result = CryptValidateSignature(in->keyHandle, &in->digest, &in->signature); + if(result != TPM_RC_SUCCESS) + return RcSafeAddToResult(result, RC_VerifySignature_signature); + +// Command Output + + hierarchy = GetHeriarchy(in->keyHandle); + if(hierarchy == TPM_RH_NULL + || signObject->publicArea.nameAlg == TPM_ALG_NULL) + { + // produce empty ticket if hierarchy is TPM_RH_NULL or nameAlg is + // ALG_NULL + out->validation.tag = TPM_ST_VERIFIED; + out->validation.hierarchy = TPM_RH_NULL; + out->validation.digest.t.size = 0; + } + else + { + // Compute ticket + TicketComputeVerified(hierarchy, &in->digest, &signObject->name, + &out->validation); + } + + return TPM_RC_SUCCESS; +} + +#endif // CC_VerifySignature \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Startup/Shutdown.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Startup/Shutdown.c new file mode 100644 index 000000000..faa4b9e9e --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Startup/Shutdown.c @@ -0,0 +1,101 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "Shutdown_fp.h" + +#if CC_Shutdown // Conditional expansion of this file + +/*(See part 3 specification) +// Shut down TPM for power off +*/ +// Return Type: TPM_RC +// TPM_RC_TYPE if PCR bank has been re-configured, a +// CLEAR StateSave is required +TPM_RC +TPM2_Shutdown( + Shutdown_In *in // IN: input parameter list + ) +{ + // The command needs NV update. Check if NV is available. + // A TPM_RC_NV_UNAVAILABLE or TPM_RC_NV_RATE error may be returned at + // this point + RETURN_IF_NV_IS_NOT_AVAILABLE; + +// Input Validation + + // If PCR bank has been reconfigured, a CLEAR state save is required + if(g_pcrReConfig && in->shutdownType == TPM_SU_STATE) + return TPM_RCS_TYPE + RC_Shutdown_shutdownType; + +// Internal Data Update + + gp.orderlyState = in->shutdownType; + + // PCR private date state save + PCRStateSave(in->shutdownType); + + // Save RAM backed NV index data + NvUpdateIndexOrderlyData(); + +#if ACCUMULATE_SELF_HEAL_TIMER + // Save the current time value + go.time = g_time; +#endif + + // Save all orderly data + NvWrite(NV_ORDERLY_DATA, sizeof(ORDERLY_DATA), &go); + + if(in->shutdownType == TPM_SU_STATE) + { + // Save STATE_RESET and STATE_CLEAR data + NvWrite(NV_STATE_CLEAR_DATA, sizeof(STATE_CLEAR_DATA), &gc); + NvWrite(NV_STATE_RESET_DATA, sizeof(STATE_RESET_DATA), &gr); + + // Save the startup flags for resume + if(g_DrtmPreStartup) + gp.orderlyState = TPM_SU_STATE | PRE_STARTUP_FLAG; + else if(g_StartupLocality3) + gp.orderlyState = TPM_SU_STATE | STARTUP_LOCALITY_3; + } + // only two shutdown options. + else if(in->shutdownType != TPM_SU_CLEAR) + return TPM_RCS_VALUE + RC_Shutdown_shutdownType; + + NV_SYNC_PERSISTENT(orderlyState); + + return TPM_RC_SUCCESS; +} + +#endif // CC_Shutdown \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Startup/Startup.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Startup/Startup.c new file mode 100644 index 000000000..1039e95aa --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Startup/Startup.c @@ -0,0 +1,244 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "Startup_fp.h" + +#if CC_Startup // Conditional expansion of this file + +/*(See part 3 specification) +// Initialize TPM because a system-wide reset +*/ +// Return Type: TPM_RC +// TPM_RC_LOCALITY a Startup(STATE) does not have the same H-CRTM +// state as the previous Startup() or the locality +// of the startup is not 0 pr 3 +// TPM_RC_NV_UNINITIALIZED the saved state cannot be recovered and a +// Startup(CLEAR) is required. +// TPM_RC_VALUE start up type is not compatible with previous +// shutdown sequence + +TPM_RC +TPM2_Startup( + Startup_In *in // IN: input parameter list + ) +{ + STARTUP_TYPE startup; + BYTE locality = _plat__LocalityGet(); + BOOL OK = TRUE; +// + // The command needs NV update. + RETURN_IF_NV_IS_NOT_AVAILABLE; + + // Get the flags for the current startup locality and the H-CRTM. + // Rather than generalizing the locality setting, this code takes advantage + // of the fact that the PC Client specification only allows Startup() + // from locality 0 and 3. To generalize this probably would require a + // redo of the NV space and since this is a feature that is hardly ever used + // outside of the PC Client, this code just support the PC Client needs. + +// Input Validation + // Check that the locality is a supported value + if(locality != 0 && locality != 3) + return TPM_RC_LOCALITY; + // If there was a H-CRTM, then treat the locality as being 3 + // regardless of what the Startup() was. This is done to preserve the + // H-CRTM PCR so that they don't get overwritten with the normal + // PCR startup initialization. This basically means that g_StartupLocality3 + // and g_DrtmPreStartup can't both be SET at the same time. + if(g_DrtmPreStartup) + locality = 0; + g_StartupLocality3 = (locality == 3); + +#if USE_DA_USED + // If there was no orderly shutdown, then their might have been a write to + // failedTries that didn't get recorded but only if g_daUsed was SET in the + // shutdown state + g_daUsed = (gp.orderlyState == SU_DA_USED_VALUE); + if(g_daUsed) + gp.orderlyState = SU_NONE_VALUE; +#endif + + g_prevOrderlyState = gp.orderlyState; + + // If there was a proper shutdown, then the startup modifiers are in the + // orderlyState. Turn them off in the copy. + if(IS_ORDERLY(g_prevOrderlyState)) + g_prevOrderlyState &= ~(PRE_STARTUP_FLAG | STARTUP_LOCALITY_3); + // If this is a Resume, + if(in->startupType == TPM_SU_STATE) + { + // then there must have been a prior TPM2_ShutdownState(STATE) + if(g_prevOrderlyState != TPM_SU_STATE) + return TPM_RCS_VALUE + RC_Startup_startupType; + // and the part of NV used for state save must have been recovered + // correctly. + // NOTE: if this fails, then the caller will need to do Startup(CLEAR). The + // code for Startup(Clear) cannot fail if the NV can't be read correctly + // because that would prevent the TPM from ever getting unstuck. + if(g_nvOk == FALSE) + return TPM_RC_NV_UNINITIALIZED; + // For Resume, the H-CRTM has to be the same as the previous boot + if(g_DrtmPreStartup != ((gp.orderlyState & PRE_STARTUP_FLAG) != 0)) + return TPM_RCS_VALUE + RC_Startup_startupType; + if(g_StartupLocality3 != ((gp.orderlyState & STARTUP_LOCALITY_3) != 0)) + return TPM_RC_LOCALITY; + } + // Clean up the gp state + gp.orderlyState = g_prevOrderlyState; + +// Internal Date Update + if((gp.orderlyState == TPM_SU_STATE) && (g_nvOk == TRUE)) + { + // Always read the data that is only cleared on a Reset because this is not + // a reset + NvRead(&gr, NV_STATE_RESET_DATA, sizeof(gr)); + if(in->startupType == TPM_SU_STATE) + { + // If this is a startup STATE (a Resume) need to read the data + // that is cleared on a startup CLEAR because this is not a Reset + // or Restart. + NvRead(&gc, NV_STATE_CLEAR_DATA, sizeof(gc)); + startup = SU_RESUME; + } + else + startup = SU_RESTART; + } + else + // Will do a TPM reset if Shutdown(CLEAR) and Startup(CLEAR) or no shutdown + // or there was a failure reading the NV data. + startup = SU_RESET; + // Startup for cryptographic library. Don't do this until after the orderly + // state has been read in from NV. + OK = OK && CryptStartup(startup); + + // When the cryptographic library has been started, indicate that a TPM2_Startup + // command has been received. + OK = OK && TPMRegisterStartup(); + +#ifdef VENDOR_PERMANENT + // Read the platform unique value that is used as VENDOR_PERMANENT + // authorization value + g_platformUniqueDetails.t.size + = (UINT16)_plat__GetUnique(1, sizeof(g_platformUniqueDetails.t.buffer), + g_platformUniqueDetails.t.buffer); +#endif + +// Start up subsystems + // Start set the safe flag + OK = OK && TimeStartup(startup); + + // Start dictionary attack subsystem + OK = OK && DAStartup(startup); + + // Enable hierarchies + OK = OK && HierarchyStartup(startup); + + // Restore/Initialize PCR + OK = OK && PCRStartup(startup, locality); + + // Restore/Initialize command audit information + OK = OK && CommandAuditStartup(startup); + +//// The following code was moved from Time.c where it made no sense + if(OK) + { + switch(startup) + { + case SU_RESUME: + // Resume sequence + gr.restartCount++; + break; + case SU_RESTART: + // Hibernate sequence + gr.clearCount++; + gr.restartCount++; + break; + default: + // Reset object context ID to 0 + gr.objectContextID = 0; + // Reset clearCount to 0 + gr.clearCount = 0; + + // Reset sequence + // Increase resetCount + gp.resetCount++; + + // Write resetCount to NV + NV_SYNC_PERSISTENT(resetCount); + + gp.totalResetCount++; + // We do not expect the total reset counter overflow during the life + // time of TPM. if it ever happens, TPM will be put to failure mode + // and there is no way to recover it. + // The reason that there is no recovery is that we don't increment + // the NV totalResetCount when incrementing would make it 0. When the + // TPM starts up again, the old value of totalResetCount will be read + // and we will get right back to here with the increment failing. + if(gp.totalResetCount == 0) + FAIL(FATAL_ERROR_INTERNAL); + + // Write total reset counter to NV + NV_SYNC_PERSISTENT(totalResetCount); + + // Reset restartCount + gr.restartCount = 0; + + break; + } + } + // Initialize session table + OK = OK && SessionStartup(startup); + + // Initialize object table + OK = OK && ObjectStartup(); + + // Initialize index/evict data. This function clears read/write locks + // in NV index + OK = OK && NvEntityStartup(startup); + + // Initialize the orderly shut down flag for this cycle to SU_NONE_VALUE. + gp.orderlyState = SU_NONE_VALUE; + + OK = OK && NV_SYNC_PERSISTENT(orderlyState); + + // This can be reset after the first completion of a TPM2_Startup() after + // a power loss. It can probably be reset earlier but this is an OK place. + if(OK) + g_powerWasLost = FALSE; + + return (OK) ? TPM_RC_SUCCESS : TPM_RC_FAILURE; +} + +#endif // CC_Startup \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Symmetric/EncryptDecrypt.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Symmetric/EncryptDecrypt.c new file mode 100644 index 000000000..16fd4bb89 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Symmetric/EncryptDecrypt.c @@ -0,0 +1,163 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "EncryptDecrypt_fp.h" +#if CC_EncryptDecrypt2 +#include "EncryptDecrypt_spt_fp.h" +#endif + +#if CC_EncryptDecrypt // Conditional expansion of this file + +/*(See part 3 specification) +// symmetric encryption or decryption +*/ +// Return Type: TPM_RC +// TPM_RC_KEY is not a symmetric decryption key with both +// public and private portions loaded +// TPM_RC_SIZE 'IvIn' size is incompatible with the block cipher mode; +// or 'inData' size is not an even multiple of the block +// size for CBC or ECB mode +// TPM_RC_VALUE 'keyHandle' is restricted and the argument 'mode' does +// not match the key's mode +TPM_RC +TPM2_EncryptDecrypt( + EncryptDecrypt_In *in, // IN: input parameter list + EncryptDecrypt_Out *out // OUT: output parameter list + ) +{ +#if CC_EncryptDecrypt2 + return EncryptDecryptShared(in->keyHandle, in->decrypt, in->mode, + &in->ivIn, &in->inData, out); +#else + OBJECT *symKey; + UINT16 keySize; + UINT16 blockSize; + BYTE *key; + TPM_ALG_ID alg; + TPM_ALG_ID mode; + TPM_RC result; + BOOL OK; + TPMA_OBJECT attributes; + +// Input Validation + symKey = HandleToObject(in->keyHandle); + mode = symKey->publicArea.parameters.symDetail.sym.mode.sym; + attributes = symKey->publicArea.objectAttributes; + + // The input key should be a symmetric key + if(symKey->publicArea.type != TPM_ALG_SYMCIPHER) + return TPM_RCS_KEY + RC_EncryptDecrypt_keyHandle; + // The key must be unrestricted and allow the selected operation + OK = IS_ATTRIBUTE(attributes, TPMA_OBJECT, restricted) + if(YES == in->decrypt) + OK = OK && IS_ATTRIBUTE(attributes, TPMA_OBJECT, decrypt); + else + OK = OK && IS_ATTRIBUTE(attributes, TPMA_OBJECT, sign); + if(!OK) + return TPM_RCS_ATTRIBUTES + RC_EncryptDecrypt_keyHandle; + + // If the key mode is not TPM_ALG_NULL... + // or TPM_ALG_NULL + if(mode != TPM_ALG_NULL) + { + // then the input mode has to be TPM_ALG_NULL or the same as the key + if((in->mode != TPM_ALG_NULL) && (in->mode != mode)) + return TPM_RCS_MODE + RC_EncryptDecrypt_mode; + } + else + { + // if the key mode is null, then the input can't be null + if(in->mode == TPM_ALG_NULL) + return TPM_RCS_MODE + RC_EncryptDecrypt_mode; + mode = in->mode; + } + // The input iv for ECB mode should be an Empty Buffer. All the other modes + // should have an iv size same as encryption block size + keySize = symKey->publicArea.parameters.symDetail.sym.keyBits.sym; + alg = symKey->publicArea.parameters.symDetail.sym.algorithm; + blockSize = CryptGetSymmetricBlockSize(alg, keySize); + + // reverify the algorithm. This is mainly to keep static analysis tools happy + if(blockSize == 0) + return TPM_RCS_KEY + RC_EncryptDecrypt_keyHandle; + + // Note: When an algorithm is not supported by a TPM, the TPM_ALG_xxx for that + // algorithm is not defined. However, it is assumed that the ALG_xxx_VALUE for + // the algorithm is always defined. Both have the same numeric value. + // ALG_xxx_VALUE is used here so that the code does not get cluttered with + // #ifdef's. Having this check does not mean that the algorithm is supported. + // If it was not supported the unmarshaling code would have rejected it before + // this function were called. This means that, depending on the implementation, + // the check could be redundant but it doesn't hurt. + if(((mode == ALG_ECB_VALUE) && (in->ivIn.t.size != 0)) + || ((mode != ALG_ECB_VALUE) && (in->ivIn.t.size != blockSize))) + return TPM_RCS_SIZE + RC_EncryptDecrypt_ivIn; + + // The input data size of CBC mode or ECB mode must be an even multiple of + // the symmetric algorithm's block size + if(((mode == ALG_CBC_VALUE) || (mode == ALG_ECB_VALUE)) + && ((in->inData.t.size % blockSize) != 0)) + return TPM_RCS_SIZE + RC_EncryptDecrypt_inData; + + // Copy IV + // Note: This is copied here so that the calls to the encrypt/decrypt functions + // will modify the output buffer, not the input buffer + out->ivOut = in->ivIn; + +// Command Output + key = symKey->sensitive.sensitive.sym.t.buffer; + // For symmetric encryption, the cipher data size is the same as plain data + // size. + out->outData.t.size = in->inData.t.size; + if(in->decrypt == YES) + { + // Decrypt data to output + result = CryptSymmetricDecrypt(out->outData.t.buffer, alg, keySize, key, + &(out->ivOut), mode, in->inData.t.size, + in->inData.t.buffer); + } + else + { + // Encrypt data to output + result = CryptSymmetricEncrypt(out->outData.t.buffer, alg, keySize, key, + &(out->ivOut), mode, in->inData.t.size, + in->inData.t.buffer); + } + return result; +#endif // CC_EncryptDecrypt2 + +} + +#endif // CC_EncryptDecrypt \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Symmetric/EncryptDecrypt2.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Symmetric/EncryptDecrypt2.c new file mode 100644 index 000000000..4623c8999 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Symmetric/EncryptDecrypt2.c @@ -0,0 +1,83 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "EncryptDecrypt2_fp.h" +#include "EncryptDecrypt_fp.h" +#include "EncryptDecrypt_spt_fp.h" + +#if CC_EncryptDecrypt2 // Conditional expansion of this file + +/*(See part 3 specification) +// symmetric encryption or decryption using modified parameter list +*/ +// Return Type: TPM_RC +// TPM_RC_KEY is not a symmetric decryption key with both +// public and private portions loaded +// TPM_RC_SIZE 'IvIn' size is incompatible with the block cipher mode; +// or 'inData' size is not an even multiple of the block +// size for CBC or ECB mode +// TPM_RC_VALUE 'keyHandle' is restricted and the argument 'mode' does +// not match the key's mode +TPM_RC +TPM2_EncryptDecrypt2( + EncryptDecrypt2_In *in, // IN: input parameter list + EncryptDecrypt2_Out *out // OUT: output parameter list + ) +{ + TPM_RC result; + // EncryptDecyrptShared() performs the operations as shown in + // TPM2_EncrypDecrypt + result = EncryptDecryptShared(in->keyHandle, in->decrypt, in->mode, + &in->ivIn, &in->inData, + (EncryptDecrypt_Out *)out); + // Handle response code swizzle. + switch(result) + { + case TPM_RCS_MODE + RC_EncryptDecrypt_mode: + result = TPM_RCS_MODE + RC_EncryptDecrypt2_mode; + break; + case TPM_RCS_SIZE + RC_EncryptDecrypt_ivIn: + result = TPM_RCS_SIZE + RC_EncryptDecrypt2_ivIn; + break; + case TPM_RCS_SIZE + RC_EncryptDecrypt_inData: + result = TPM_RCS_SIZE + RC_EncryptDecrypt2_inData; + break; + default: + break; + } + return result; +} + +#endif // CC_EncryptDecrypt2 \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Symmetric/EncryptDecrypt_spt.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Symmetric/EncryptDecrypt_spt.c new file mode 100644 index 000000000..593986648 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Symmetric/EncryptDecrypt_spt.c @@ -0,0 +1,163 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "EncryptDecrypt_fp.h" +#include "EncryptDecrypt_spt_fp.h" + +#if CC_EncryptDecrypt2 + +/*(See part 3 specification) +// symmetric encryption or decryption +*/ +// Return Type: TPM_RC +// TPM_RC_KEY is not a symmetric decryption key with both +// public and private portions loaded +// TPM_RC_SIZE 'IvIn' size is incompatible with the block cipher mode; +// or 'inData' size is not an even multiple of the block +// size for CBC or ECB mode +// TPM_RC_VALUE 'keyHandle' is restricted and the argument 'mode' does +// not match the key's mode +TPM_RC +EncryptDecryptShared( + TPMI_DH_OBJECT keyHandleIn, + TPMI_YES_NO decryptIn, + TPMI_ALG_SYM_MODE modeIn, + TPM2B_IV *ivIn, + TPM2B_MAX_BUFFER *inData, + EncryptDecrypt_Out *out + ) +{ + OBJECT *symKey; + UINT16 keySize; + UINT16 blockSize; + BYTE *key; + TPM_ALG_ID alg; + TPM_ALG_ID mode; + TPM_RC result; + BOOL OK; +// Input Validation + symKey = HandleToObject(keyHandleIn); + mode = symKey->publicArea.parameters.symDetail.sym.mode.sym; + + // The input key should be a symmetric key + if(symKey->publicArea.type != TPM_ALG_SYMCIPHER) + return TPM_RCS_KEY + RC_EncryptDecrypt_keyHandle; + // The key must be unrestricted and allow the selected operation + OK = !IS_ATTRIBUTE(symKey->publicArea.objectAttributes, + TPMA_OBJECT, restricted); + if(YES == decryptIn) + OK = OK && IS_ATTRIBUTE(symKey->publicArea.objectAttributes, + TPMA_OBJECT, decrypt); + else + OK = OK && IS_ATTRIBUTE(symKey->publicArea.objectAttributes, + TPMA_OBJECT, sign); + if(!OK) + return TPM_RCS_ATTRIBUTES + RC_EncryptDecrypt_keyHandle; + + // Make sure that key is an encrypt/decrypt key and not SMAC + if(!CryptSymModeIsValid(mode, TRUE)) + return TPM_RCS_MODE + RC_EncryptDecrypt_keyHandle; + + // If the key mode is not TPM_ALG_NULL... + // or TPM_ALG_NULL + if(mode != TPM_ALG_NULL) + { + // then the input mode has to be TPM_ALG_NULL or the same as the key + if((modeIn != TPM_ALG_NULL) && (modeIn != mode)) + return TPM_RCS_MODE + RC_EncryptDecrypt_mode; + } + else + { + // if the key mode is null, then the input can't be null + if(modeIn == TPM_ALG_NULL) + return TPM_RCS_MODE + RC_EncryptDecrypt_mode; + mode = modeIn; + } + // The input iv for ECB mode should be an Empty Buffer. All the other modes + // should have an iv size same as encryption block size + keySize = symKey->publicArea.parameters.symDetail.sym.keyBits.sym; + alg = symKey->publicArea.parameters.symDetail.sym.algorithm; + blockSize = CryptGetSymmetricBlockSize(alg, keySize); + + // reverify the algorithm. This is mainly to keep static analysis tools happy + if(blockSize == 0) + return TPM_RCS_KEY + RC_EncryptDecrypt_keyHandle; + + // Note: When an algorithm is not supported by a TPM, the TPM_ALG_xxx for that + // algorithm is not defined. However, it is assumed that the ALG_xxx_VALUE for + // the algorithm is always defined. Both have the same numeric value. + // ALG_xxx_VALUE is used here so that the code does not get cluttered with + // #ifdef's. Having this check does not mean that the algorithm is supported. + // If it was not supported the unmarshaling code would have rejected it before + // this function were called. This means that, depending on the implementation, + // the check could be redundant but it doesn't hurt. + if(((mode == ALG_ECB_VALUE) && (ivIn->t.size != 0)) + || ((mode != ALG_ECB_VALUE) && (ivIn->t.size != blockSize))) + return TPM_RCS_SIZE + RC_EncryptDecrypt_ivIn; + + // The input data size of CBC mode or ECB mode must be an even multiple of + // the symmetric algorithm's block size + if(((mode == ALG_CBC_VALUE) || (mode == ALG_ECB_VALUE)) + && ((inData->t.size % blockSize) != 0)) + return TPM_RCS_SIZE + RC_EncryptDecrypt_inData; + + // Copy IV + // Note: This is copied here so that the calls to the encrypt/decrypt functions + // will modify the output buffer, not the input buffer + out->ivOut = *ivIn; + +// Command Output + key = symKey->sensitive.sensitive.sym.t.buffer; + // For symmetric encryption, the cipher data size is the same as plain data + // size. + out->outData.t.size = inData->t.size; + if(decryptIn == YES) + { + // Decrypt data to output + result = CryptSymmetricDecrypt(out->outData.t.buffer, alg, keySize, key, + &(out->ivOut), mode, inData->t.size, + inData->t.buffer); + } + else + { + // Encrypt data to output + result = CryptSymmetricEncrypt(out->outData.t.buffer, alg, keySize, key, + &(out->ivOut), mode, inData->t.size, + inData->t.buffer); + } + return result; +} + +#endif // CC_EncryptDecrypt \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Symmetric/HMAC.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Symmetric/HMAC.c new file mode 100644 index 000000000..29ec971d4 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Symmetric/HMAC.c @@ -0,0 +1,108 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "HMAC_fp.h" + +#if CC_HMAC // Conditional expansion of this file + +/*(See part 3 specification) +// Compute HMAC on a data buffer +*/ +// Return Type: TPM_RC +// TPM_RC_ATTRIBUTES key referenced by 'handle' is a restricted key +// TPM_RC_KEY 'handle' does not reference a signing key +// TPM_RC_TYPE key referenced by 'handle' is not an HMAC key +// TPM_RC_VALUE 'hashAlg' is not compatible with the hash algorithm +// of the scheme of the object referenced by 'handle' +TPM_RC +TPM2_HMAC( + HMAC_In *in, // IN: input parameter list + HMAC_Out *out // OUT: output parameter list + ) +{ + HMAC_STATE hmacState; + OBJECT *hmacObject; + TPMI_ALG_HASH hashAlg; + TPMT_PUBLIC *publicArea; + +// Input Validation + + // Get HMAC key object and public area pointers + hmacObject = HandleToObject(in->handle); + publicArea = &hmacObject->publicArea; + // Make sure that the key is an HMAC key + if(publicArea->type != TPM_ALG_KEYEDHASH) + return TPM_RCS_TYPE + RC_HMAC_handle; + + // and that it is unrestricted + if(IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, restricted)) + return TPM_RCS_ATTRIBUTES + RC_HMAC_handle; + + // and that it is a signing key + if(!IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, sign)) + return TPM_RCS_KEY + RC_HMAC_handle; + + // See if the key has a default + if(publicArea->parameters.keyedHashDetail.scheme.scheme == TPM_ALG_NULL) + // it doesn't so use the input value + hashAlg = in->hashAlg; + else + { + // key has a default so use it + hashAlg + = publicArea->parameters.keyedHashDetail.scheme.details.hmac.hashAlg; + // and verify that the input was either the TPM_ALG_NULL or the default + if(in->hashAlg != TPM_ALG_NULL && in->hashAlg != hashAlg) + hashAlg = TPM_ALG_NULL; + } + // if we ended up without a hash algorithm then return an error + if(hashAlg == TPM_ALG_NULL) + return TPM_RCS_VALUE + RC_HMAC_hashAlg; + +// Command Output + + // Start HMAC stack + out->outHMAC.t.size = CryptHmacStart2B(&hmacState, hashAlg, + &hmacObject->sensitive.sensitive.bits.b); + // Adding HMAC data + CryptDigestUpdate2B(&hmacState.hashState, &in->buffer.b); + + // Complete HMAC + CryptHmacEnd2B(&hmacState, &out->outHMAC.b); + + return TPM_RC_SUCCESS; +} + +#endif // CC_HMAC \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Symmetric/Hash.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Symmetric/Hash.c new file mode 100644 index 000000000..9736185b3 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Symmetric/Hash.c @@ -0,0 +1,88 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "Hash_fp.h" + +#if CC_Hash // Conditional expansion of this file + +/*(See part 3 specification) +// Hash a data buffer +*/ +TPM_RC +TPM2_Hash( + Hash_In *in, // IN: input parameter list + Hash_Out *out // OUT: output parameter list + ) +{ + HASH_STATE hashState; + +// Command Output + + // Output hash + // Start hash stack + out->outHash.t.size = CryptHashStart(&hashState, in->hashAlg); + // Adding hash data + CryptDigestUpdate2B(&hashState, &in->data.b); + // Complete hash + CryptHashEnd2B(&hashState, &out->outHash.b); + + // Output ticket + out->validation.tag = TPM_ST_HASHCHECK; + out->validation.hierarchy = in->hierarchy; + + if(in->hierarchy == TPM_RH_NULL) + { + // Ticket is not required + out->validation.hierarchy = TPM_RH_NULL; + out->validation.digest.t.size = 0; + } + else if(in->data.t.size >= sizeof(TPM_GENERATED) + && !TicketIsSafe(&in->data.b)) + { + // Ticket is not safe + out->validation.hierarchy = TPM_RH_NULL; + out->validation.digest.t.size = 0; + } + else + { + // Compute ticket + TicketComputeHashCheck(in->hierarchy, in->hashAlg, + &out->outHash, &out->validation); + } + + return TPM_RC_SUCCESS; +} + +#endif // CC_Hash \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Symmetric/MAC.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Symmetric/MAC.c new file mode 100644 index 000000000..219406c8e --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Symmetric/MAC.c @@ -0,0 +1,94 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "MAC_fp.h" + +#if CC_MAC // Conditional expansion of this file + +/*(See part 3 specification) +// Compute MAC on a data buffer +*/ +// Return Type: TPM_RC +// TPM_RC_ATTRIBUTES key referenced by 'handle' is a restricted key +// TPM_RC_KEY 'handle' does not reference a signing key +// TPM_RC_TYPE key referenced by 'handle' is not an HMAC key +// TPM_RC_VALUE 'hashAlg' is not compatible with the hash algorithm +// of the scheme of the object referenced by 'handle' +TPM_RC +TPM2_MAC( + MAC_In *in, // IN: input parameter list + MAC_Out *out // OUT: output parameter list + ) +{ + OBJECT *keyObject; + HMAC_STATE state; + TPMT_PUBLIC *publicArea; + TPM_RC result; + +// Input Validation + // Get MAC key object and public area pointers + keyObject = HandleToObject(in->handle); + publicArea = &keyObject->publicArea; + + // If the key is not able to do a MAC, indicate that the handle selects an + // object that can't do a MAC + result = CryptSelectMac(publicArea, &in->inScheme); + if(result == TPM_RCS_TYPE) + return TPM_RCS_TYPE + RC_MAC_handle; + // If there is another error type, indicate that the scheme and key are not + // compatible + if(result != TPM_RC_SUCCESS) + return RcSafeAddToResult(result, RC_MAC_inScheme); + // Make sure that the key is not restricted + if(IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, restricted)) + return TPM_RCS_ATTRIBUTES + RC_MAC_handle; + // and that it is a signing key + if(!IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, sign)) + return TPM_RCS_KEY + RC_MAC_handle; +// Command Output + out->outMAC.t.size = CryptMacStart(&state, &publicArea->parameters, + in->inScheme, + &keyObject->sensitive.sensitive.any.b); + // If the mac can't start, treat it as a fatal error + if(out->outMAC.t.size == 0) + return TPM_RC_FAILURE; + CryptDigestUpdate2B(&state.hashState, &in->buffer.b); + // If the MAC result is not what was expected, it is a fatal error + if(CryptHmacEnd2B(&state, &out->outMAC.b) != out->outMAC.t.size) + return TPM_RC_FAILURE; + return TPM_RC_SUCCESS; +} + +#endif // CC_MAC \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Testing/GetTestResult.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Testing/GetTestResult.c new file mode 100644 index 000000000..3ded75a36 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Testing/GetTestResult.c @@ -0,0 +1,61 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "GetTestResult_fp.h" + +#if CC_GetTestResult // Conditional expansion of this file + +/*(See part 3 specification) +// returns manufacturer-specific information regarding the results of a self- +// test and an indication of the test status. +*/ + +// In the reference implementation, this function is only reachable if the TPM is +// not in failure mode meaning that all tests that have been run have completed +// successfully. There is not test data and the test result is TPM_RC_SUCCESS. +TPM_RC +TPM2_GetTestResult( + GetTestResult_Out *out // OUT: output parameter list + ) +{ +// Command Output + + // Call incremental self test function in crypt module + out->testResult = CryptGetTestResult(&out->outData); + + return TPM_RC_SUCCESS; +} + +#endif // CC_GetTestResult \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Testing/IncrementalSelfTest.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Testing/IncrementalSelfTest.c new file mode 100644 index 000000000..2b62e7a67 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Testing/IncrementalSelfTest.c @@ -0,0 +1,65 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "IncrementalSelfTest_fp.h" + +#if CC_IncrementalSelfTest // Conditional expansion of this file + +/*(See part 3 specification) +// perform a test of selected algorithms +*/ +// Return Type: TPM_RC +// TPM_RC_CANCELED the command was canceled (some tests may have +// completed) +// TPM_RC_VALUE an algorithm in the toTest list is not implemented +TPM_RC +TPM2_IncrementalSelfTest( + IncrementalSelfTest_In *in, // IN: input parameter list + IncrementalSelfTest_Out *out // OUT: output parameter list + ) +{ + TPM_RC result; +// Command Output + + // Call incremental self test function in crypt module. If this function + // returns TPM_RC_VALUE, it means that an algorithm on the 'toTest' list is + // not implemented. + result = CryptIncrementalSelfTest(&in->toTest, &out->toDoList); + if(result == TPM_RC_VALUE) + return TPM_RCS_VALUE + RC_IncrementalSelfTest_toTest; + return result; +} + +#endif // CC_IncrementalSelfTest \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Testing/SelfTest.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Testing/SelfTest.c new file mode 100644 index 000000000..f5e0106f1 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Testing/SelfTest.c @@ -0,0 +1,58 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "SelfTest_fp.h" + +#if CC_SelfTest // Conditional expansion of this file + +/*(See part 3 specification) +// perform a test of TPM capabilities +*/ +// Return Type: TPM_RC +// TPM_RC_CANCELED the command was canceled (some incremental +// process may have been made) +// TPM_RC_TESTING self test in process +TPM_RC +TPM2_SelfTest( + SelfTest_In *in // IN: input parameter list + ) +{ +// Command Output + + // Call self test function in crypt module + return CryptSelfTest(in->fullTest); +} + +#endif // CC_SelfTest \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Vendor/Vendor_TCG_Test.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Vendor/Vendor_TCG_Test.c new file mode 100644 index 000000000..c06d50813 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Vendor/Vendor_TCG_Test.c @@ -0,0 +1,50 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" + +#if CC_Vendor_TCG_Test // Conditional expansion of this file +#include "Vendor_TCG_Test_fp.h" + +TPM_RC +TPM2_Vendor_TCG_Test( + Vendor_TCG_Test_In *in, // IN: input parameter list + Vendor_TCG_Test_Out *out // OUT: output parameter list + ) +{ + out->outputData = in->inputData; + return TPM_RC_SUCCESS; +} + +#endif // CC_Vendor_TCG_Test \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/AlgorithmTests.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/AlgorithmTests.c new file mode 100644 index 000000000..9d203e5f4 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/AlgorithmTests.c @@ -0,0 +1,963 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +//** Introduction +// This file contains the code to perform the various self-test functions. +// +// NOTE: In this implementation, large local variables are made static to minimize +// stack usage, which is critical for stack-constrained platforms. + +//** Includes and Defines +#include "Tpm.h" + +#define SELF_TEST_DATA + +#if SELF_TEST + +// These includes pull in the data structures. They contain data definitions for the +// various tests. +#include "SelfTest.h" +#include "SymmetricTest.h" +#include "RsaTestData.h" +#include "EccTestData.h" +#include "HashTestData.h" +#include "KdfTestData.h" + +#define TEST_DEFAULT_TEST_HASH(vector) \ + if(TEST_BIT(DEFAULT_TEST_HASH, g_toTest)) \ + TestHash(DEFAULT_TEST_HASH, vector); + +// Make sure that the algorithm has been tested +#define CLEAR_BOTH(alg) { CLEAR_BIT(alg, *toTest); \ + if(toTest != &g_toTest) \ + CLEAR_BIT(alg, g_toTest); } + +#define SET_BOTH(alg) { SET_BIT(alg, *toTest); \ + if(toTest != &g_toTest) \ + SET_BIT(alg, g_toTest); } + +#define TEST_BOTH(alg) ((toTest != &g_toTest) \ + ? TEST_BIT(alg, *toTest) || TEST_BIT(alg, g_toTest) \ + : TEST_BIT(alg, *toTest)) + +// Can only cancel if doing a list. +#define CHECK_CANCELED \ + if(_plat__IsCanceled() && toTest != &g_toTest) \ + return TPM_RC_CANCELED; + +//** Hash Tests + +//*** Description +// The hash test does a known-value HMAC using the specified hash algorithm. + +//*** TestHash() +// The hash test function. +static TPM_RC +TestHash( + TPM_ALG_ID hashAlg, + ALGORITHM_VECTOR *toTest + ) +{ + static TPM2B_DIGEST computed; // value computed + static HMAC_STATE state; + UINT16 digestSize; + const TPM2B *testDigest = NULL; +// TPM2B_TYPE(HMAC_BLOCK, DEFAULT_TEST_HASH_BLOCK_SIZE); + + pAssert(hashAlg != ALG_NULL_VALUE); + switch(hashAlg) + { +#if ALG_SHA1 + case ALG_SHA1_VALUE: + testDigest = &c_SHA1_digest.b; + break; +#endif +#if ALG_SHA256 + case ALG_SHA256_VALUE: + testDigest = &c_SHA256_digest.b; + break; +#endif +#if ALG_SHA384 + case ALG_SHA384_VALUE: + testDigest = &c_SHA384_digest.b; + break; +#endif +#if ALG_SHA512 + case ALG_SHA512_VALUE: + testDigest = &c_SHA512_digest.b; + break; +#endif +#if ALG_SM3_256 + case ALG_SM3_256_VALUE: + testDigest = &c_SM3_256_digest.b; + break; +#endif + default: + FAIL(FATAL_ERROR_INTERNAL); + } + // Clear the to-test bits + CLEAR_BOTH(hashAlg); + + // Set the HMAC key to twice the digest size + digestSize = CryptHashGetDigestSize(hashAlg); + CryptHmacStart(&state, hashAlg, digestSize * 2, + (BYTE *)c_hashTestKey.t.buffer); + CryptDigestUpdate(&state.hashState, 2 * CryptHashGetBlockSize(hashAlg), + (BYTE *)c_hashTestData.t.buffer); + computed.t.size = digestSize; + CryptHmacEnd(&state, digestSize, computed.t.buffer); + if((testDigest->size != computed.t.size) + || (memcmp(testDigest->buffer, computed.t.buffer, computed.b.size) != 0)) + SELF_TEST_FAILURE; + return TPM_RC_SUCCESS; +} + +//** Symmetric Test Functions + +//*** MakeIv() +// Internal function to make the appropriate IV depending on the mode. +static UINT32 +MakeIv( + TPM_ALG_ID mode, // IN: symmetric mode + UINT32 size, // IN: block size of the algorithm + BYTE *iv // OUT: IV to fill in + ) +{ + BYTE i; + + if(mode == ALG_ECB_VALUE) + return 0; + if(mode == ALG_CTR_VALUE) + { + // The test uses an IV that has 0xff in the last byte + for(i = 1; i <= size; i++) + *iv++ = 0xff - (BYTE)(size - i); + } + else + { + for(i = 0; i < size; i++) + *iv++ = i; + } + return size; +} + +//*** TestSymmetricAlgorithm() +// Function to test a specific algorithm, key size, and mode. +static void +TestSymmetricAlgorithm( + const SYMMETRIC_TEST_VECTOR *test, // + TPM_ALG_ID mode // + ) +{ + static BYTE encrypted[MAX_SYM_BLOCK_SIZE * 2]; + static BYTE decrypted[MAX_SYM_BLOCK_SIZE * 2]; + static TPM2B_IV iv; +// + // Get the appropriate IV + iv.t.size = (UINT16)MakeIv(mode, test->ivSize, iv.t.buffer); + + // Encrypt known data + CryptSymmetricEncrypt(encrypted, test->alg, test->keyBits, test->key, &iv, + mode, test->dataInOutSize, test->dataIn); + // Check that it matches the expected value + if(!MemoryEqual(encrypted, test->dataOut[mode - ALG_CTR_VALUE], + test->dataInOutSize)) + SELF_TEST_FAILURE; + // Reinitialize the iv for decryption + MakeIv(mode, test->ivSize, iv.t.buffer); + CryptSymmetricDecrypt(decrypted, test->alg, test->keyBits, test->key, &iv, + mode, test->dataInOutSize, + test->dataOut[mode - ALG_CTR_VALUE]); + // Make sure that it matches what we started with + if(!MemoryEqual(decrypted, test->dataIn, test->dataInOutSize)) + SELF_TEST_FAILURE; +} + +//*** AllSymsAreDone() +// Checks if both symmetric algorithms have been tested. This is put here +// so that addition of a symmetric algorithm will be relatively easy to handle +// Return Type: BOOL +// TRUE(1) all symmetric algorithms tested +// FALSE(0) not all symmetric algorithms tested +static BOOL +AllSymsAreDone( + ALGORITHM_VECTOR *toTest + ) +{ + return (!TEST_BOTH(ALG_AES_VALUE) && !TEST_BOTH(ALG_SM4_VALUE)); +} + +//*** AllModesAreDone() +// Checks if all the modes have been tested +// Return Type: BOOL +// TRUE(1) all modes tested +// FALSE(0) all modes not tested +static BOOL +AllModesAreDone( + ALGORITHM_VECTOR *toTest + ) +{ + TPM_ALG_ID alg; + for(alg = TPM_SYM_MODE_FIRST; alg <= TPM_SYM_MODE_LAST; alg++) + if(TEST_BOTH(alg)) + return FALSE; + return TRUE; +} + +//*** TestSymmetric() +// If 'alg' is a symmetric block cipher, then all of the modes that are selected are +// tested. If 'alg' is a mode, then all algorithms of that mode are tested. +static TPM_RC +TestSymmetric( + TPM_ALG_ID alg, + ALGORITHM_VECTOR *toTest + ) +{ + SYM_INDEX index; + TPM_ALG_ID mode; +// + if(!TEST_BIT(alg, *toTest)) + return TPM_RC_SUCCESS; + if(alg == ALG_AES_VALUE || alg == ALG_SM4_VALUE || alg == ALG_CAMELLIA_VALUE) + { + // Will test the algorithm for all modes and key sizes + CLEAR_BOTH(alg); + + // A test this algorithm for all modes + for(index = 0; index < NUM_SYMS; index++) + { + if(c_symTestValues[index].alg == alg) + { + for(mode = TPM_SYM_MODE_FIRST; + mode <= TPM_SYM_MODE_LAST; + mode++) + { + if(TEST_BIT(mode, *toTest)) + TestSymmetricAlgorithm(&c_symTestValues[index], mode); + } + } + } + // if all the symmetric tests are done + if(AllSymsAreDone(toTest)) + { + // all symmetric algorithms tested so no modes should be set + for(alg = TPM_SYM_MODE_FIRST; alg <= TPM_SYM_MODE_LAST; alg++) + CLEAR_BOTH(alg); + } + } + else if(TPM_SYM_MODE_FIRST <= alg && alg <= TPM_SYM_MODE_LAST) + { + // Test this mode for all key sizes and algorithms + for(index = 0; index < NUM_SYMS; index++) + { + // The mode testing only comes into play when doing self tests + // by command. When doing self tests by command, the block ciphers are + // tested first. That means that all of their modes would have been + // tested for all key sizes. If there is no block cipher left to + // test, then clear this mode bit. + if(!TEST_BIT(ALG_AES_VALUE, *toTest) + && !TEST_BIT(ALG_SM4_VALUE, *toTest)) + { + CLEAR_BOTH(alg); + } + else + { + for(index = 0; index < NUM_SYMS; index++) + { + if(TEST_BIT(c_symTestValues[index].alg, *toTest)) + TestSymmetricAlgorithm(&c_symTestValues[index], alg); + } + // have tested this mode for all algorithms + CLEAR_BOTH(alg); + } + } + if(AllModesAreDone(toTest)) + { + CLEAR_BOTH(ALG_AES_VALUE); + CLEAR_BOTH(ALG_SM4_VALUE); + } + } + else + pAssert(alg == 0 && alg != 0); + return TPM_RC_SUCCESS; +} + +//** RSA Tests +#if ALG_RSA + +//*** Introduction +// The tests are for public key only operations and for private key operations. +// Signature verification and encryption are public key operations. They are tested +// by using a KVT. For signature verification, this means that a known good +// signature is checked by CryptRsaValidateSignature(). If it fails, then the +// TPM enters failure mode. For encryption, the TPM encrypts known values using +// the selected scheme and checks that the returned value matches the expected +// value. +// +// For private key operations, a full scheme check is used. For a signing key, a +// known key is used to sign a known message. Then that signature is verified. +// since the signature may involve use of random values, the signature will be +// different each time and we can't always check that the signature matches a +// known value. The same technique is used for decryption (RSADP/RSAEP). +// +// When an operation uses the public key and the verification has not been +// tested, the TPM will do a KVT. +// +// The test for the signing algorithm is built into the call for the algorithm + +//*** RsaKeyInitialize() +// The test key is defined by a public modulus and a private prime. The TPM's RSA +// code computes the second prime and the private exponent. +static void +RsaKeyInitialize( + OBJECT *testObject + ) +{ + MemoryCopy2B(&testObject->publicArea.unique.rsa.b, (P2B)&c_rsaPublicModulus, + sizeof(c_rsaPublicModulus)); + MemoryCopy2B(&testObject->sensitive.sensitive.rsa.b, (P2B)&c_rsaPrivatePrime, + sizeof(testObject->sensitive.sensitive.rsa.t.buffer)); + testObject->publicArea.parameters.rsaDetail.keyBits = RSA_TEST_KEY_SIZE * 8; + // Use the default exponent + testObject->publicArea.parameters.rsaDetail.exponent = 0; +} + +//*** TestRsaEncryptDecrypt() +// These tests are for a public key encryption that uses a random value. +static TPM_RC +TestRsaEncryptDecrypt( + TPM_ALG_ID scheme, // IN: the scheme + ALGORITHM_VECTOR *toTest // + ) +{ + static TPM2B_PUBLIC_KEY_RSA testInput; + static TPM2B_PUBLIC_KEY_RSA testOutput; + static OBJECT testObject; + const TPM2B_RSA_TEST_KEY *kvtValue = NULL; + TPM_RC result = TPM_RC_SUCCESS; + const TPM2B *testLabel = NULL; + TPMT_RSA_DECRYPT rsaScheme; +// + // Don't need to initialize much of the test object + RsaKeyInitialize(&testObject); + rsaScheme.scheme = scheme; + rsaScheme.details.anySig.hashAlg = DEFAULT_TEST_HASH; + CLEAR_BOTH(scheme); + CLEAR_BOTH(ALG_NULL_VALUE); + if(scheme == ALG_NULL_VALUE) + { + // This is an encryption scheme using the private key without any encoding. + memcpy(testInput.t.buffer, c_RsaTestValue, sizeof(c_RsaTestValue)); + testInput.t.size = sizeof(c_RsaTestValue); + if(TPM_RC_SUCCESS != CryptRsaEncrypt(&testOutput, &testInput.b, + &testObject, &rsaScheme, NULL, NULL)) + SELF_TEST_FAILURE; + if(!MemoryEqual(testOutput.t.buffer, c_RsaepKvt.buffer, c_RsaepKvt.size)) + SELF_TEST_FAILURE; + MemoryCopy2B(&testInput.b, &testOutput.b, sizeof(testInput.t.buffer)); + if(TPM_RC_SUCCESS != CryptRsaDecrypt(&testOutput.b, &testInput.b, + &testObject, &rsaScheme, NULL)) + SELF_TEST_FAILURE; + if(!MemoryEqual(testOutput.t.buffer, c_RsaTestValue, + sizeof(c_RsaTestValue))) + SELF_TEST_FAILURE; + } + else + { + // ALG_RSAES_VALUE: + // This is an decryption scheme using padding according to + // PKCS#1v2.1, 7.2. This padding uses random bits. To test a public + // key encryption that uses random data, encrypt a value and then + // decrypt the value and see that we get the encrypted data back. + // The hash is not used by this encryption so it can be TMP_ALG_NULL + + // ALG_OAEP_VALUE: + // This is also an decryption scheme and it also uses a + // pseudo-random + // value. However, this also uses a hash algorithm. So, we may need + // to test that algorithm before use. + if(scheme == ALG_OAEP_VALUE) + { + TEST_DEFAULT_TEST_HASH(toTest); + kvtValue = &c_OaepKvt; + testLabel = OAEP_TEST_STRING; + } + else if(scheme == ALG_RSAES_VALUE) + { + kvtValue = &c_RsaesKvt; + testLabel = NULL; + } + else + SELF_TEST_FAILURE; + // Only use a digest-size portion of the test value + memcpy(testInput.t.buffer, c_RsaTestValue, DEFAULT_TEST_DIGEST_SIZE); + testInput.t.size = DEFAULT_TEST_DIGEST_SIZE; + + // See if the encryption works + if(TPM_RC_SUCCESS != CryptRsaEncrypt(&testOutput, &testInput.b, + &testObject, &rsaScheme, testLabel, + NULL)) + SELF_TEST_FAILURE; + MemoryCopy2B(&testInput.b, &testOutput.b, sizeof(testInput.t.buffer)); + // see if we can decrypt this value and get the original data back + if(TPM_RC_SUCCESS != CryptRsaDecrypt(&testOutput.b, &testInput.b, + &testObject, &rsaScheme, testLabel)) + SELF_TEST_FAILURE; + // See if the results compare + if(testOutput.t.size != DEFAULT_TEST_DIGEST_SIZE + || !MemoryEqual(testOutput.t.buffer, c_RsaTestValue, + DEFAULT_TEST_DIGEST_SIZE)) + SELF_TEST_FAILURE; + // Now check that the decryption works on a known value + MemoryCopy2B(&testInput.b, (P2B)kvtValue, + sizeof(testInput.t.buffer)); + if(TPM_RC_SUCCESS != CryptRsaDecrypt(&testOutput.b, &testInput.b, + &testObject, &rsaScheme, testLabel)) + SELF_TEST_FAILURE; + if(testOutput.t.size != DEFAULT_TEST_DIGEST_SIZE + || !MemoryEqual(testOutput.t.buffer, c_RsaTestValue, + DEFAULT_TEST_DIGEST_SIZE)) + SELF_TEST_FAILURE; + } + return result; +} + +//*** TestRsaSignAndVerify() +// This function does the testing of the RSA sign and verification functions. This +// test does a KVT. +static TPM_RC +TestRsaSignAndVerify( + TPM_ALG_ID scheme, + ALGORITHM_VECTOR *toTest + ) +{ + TPM_RC result = TPM_RC_SUCCESS; + static OBJECT testObject; + static TPM2B_DIGEST testDigest; + static TPMT_SIGNATURE testSig; + + // Do a sign and signature verification. + // RSASSA: + // This is a signing scheme according to PKCS#1-v2.1 8.2. It does not + // use random data so there is a KVT for the signing operation. On + // first use of the scheme for signing, use the TPM's RSA key to + // sign a portion of c_RsaTestData and compare the results to c_RsassaKvt. Then + // decrypt the data to see that it matches the starting value. This verifies + // the signature with a KVT + + // Clear the bits indicating that the function has not been checked. This is to + // prevent looping + CLEAR_BOTH(scheme); + CLEAR_BOTH(ALG_NULL_VALUE); + CLEAR_BOTH(ALG_RSA_VALUE); + + RsaKeyInitialize(&testObject); + memcpy(testDigest.t.buffer, (BYTE *)c_RsaTestValue, DEFAULT_TEST_DIGEST_SIZE); + testDigest.t.size = DEFAULT_TEST_DIGEST_SIZE; + testSig.sigAlg = scheme; + testSig.signature.rsapss.hash = DEFAULT_TEST_HASH; + + // RSAPSS: + // This is a signing scheme a according to PKCS#1-v2.2 8.1 it uses + // random data in the signature so there is no KVT for the signing + // operation. To test signing, the TPM will use the TPM's RSA key + // to sign a portion of c_RsaTestValue and then it will verify the + // signature. For verification, c_RsapssKvt is verified before the + // user signature blob is verified. The worst case for testing of this + // algorithm is two private and one public key operation. + + // The process is to sign known data. If RSASSA is being done, verify that the + // signature matches the precomputed value. For both, use the signed value and + // see that the verification says that it is a good signature. Then + // if testing RSAPSS, do a verify of a known good signature. This ensures that + // the validation function works. + + if(TPM_RC_SUCCESS != CryptRsaSign(&testSig, &testObject, &testDigest, NULL)) + SELF_TEST_FAILURE; + // For RSASSA, make sure the results is what we are looking for + if(testSig.sigAlg == ALG_RSASSA_VALUE) + { + if(testSig.signature.rsassa.sig.t.size != RSA_TEST_KEY_SIZE + || !MemoryEqual(c_RsassaKvt.buffer, + testSig.signature.rsassa.sig.t.buffer, + RSA_TEST_KEY_SIZE)) + SELF_TEST_FAILURE; + } + // See if the TPM will validate its own signatures + if(TPM_RC_SUCCESS != CryptRsaValidateSignature(&testSig, &testObject, + &testDigest)) + SELF_TEST_FAILURE; + // If this is RSAPSS, check the verification with known signature + // Have to copy because CrytpRsaValidateSignature() eats the signature + if(ALG_RSAPSS_VALUE == scheme) + { + MemoryCopy2B(&testSig.signature.rsapss.sig.b, (P2B)&c_RsapssKvt, + sizeof(testSig.signature.rsapss.sig.t.buffer)); + if(TPM_RC_SUCCESS != CryptRsaValidateSignature(&testSig, &testObject, + &testDigest)) + SELF_TEST_FAILURE; + } + return result; +} + +//*** TestRSA() +// Function uses the provided vector to indicate which tests to run. It will clear +// the vector after each test is run and also clear g_toTest +static TPM_RC +TestRsa( + TPM_ALG_ID alg, + ALGORITHM_VECTOR *toTest + ) +{ + TPM_RC result = TPM_RC_SUCCESS; +// + switch(alg) + { + case ALG_NULL_VALUE: + // This is the RSAEP/RSADP function. If we are processing a list, don't + // need to test these now because any other test will validate + // RSAEP/RSADP. Can tell this is list of test by checking to see if + // 'toTest' is pointing at g_toTest. If so, this is an isolated test + // an need to go ahead and do the test; + if((toTest == &g_toTest) + || (!TEST_BIT(ALG_RSASSA_VALUE, *toTest) + && !TEST_BIT(ALG_RSAES_VALUE, *toTest) + && !TEST_BIT(ALG_RSAPSS_VALUE, *toTest) + && !TEST_BIT(ALG_OAEP_VALUE, *toTest))) + // Not running a list of tests or no other tests on the list + // so run the test now + result = TestRsaEncryptDecrypt(alg, toTest); + // if not running the test now, leave the bit on, just in case things + // get interrupted + break; + case ALG_OAEP_VALUE: + case ALG_RSAES_VALUE: + result = TestRsaEncryptDecrypt(alg, toTest); + break; + case ALG_RSAPSS_VALUE: + case ALG_RSASSA_VALUE: + result = TestRsaSignAndVerify(alg, toTest); + break; + default: + SELF_TEST_FAILURE; + } + return result; +} + +#endif // ALG_RSA + +//** ECC Tests + +#if ALG_ECC + +//*** LoadEccParameter() +// This function is mostly for readability and type checking +static void +LoadEccParameter( + TPM2B_ECC_PARAMETER *to, // target + const TPM2B_EC_TEST *from // source + ) +{ + MemoryCopy2B(&to->b, &from->b, sizeof(to->t.buffer)); +} + +//*** LoadEccPoint() +static void +LoadEccPoint( + TPMS_ECC_POINT *point, // target + const TPM2B_EC_TEST *x, // source + const TPM2B_EC_TEST *y + ) +{ + MemoryCopy2B(&point->x.b, (TPM2B *)x, sizeof(point->x.t.buffer)); + MemoryCopy2B(&point->y.b, (TPM2B *)y, sizeof(point->y.t.buffer)); +} + +//*** TestECDH() +// This test does a KVT on a point multiply. +static TPM_RC +TestECDH( + TPM_ALG_ID scheme, // IN: for consistency + ALGORITHM_VECTOR *toTest // IN/OUT: modified after test is run + ) +{ + static TPMS_ECC_POINT Z; + static TPMS_ECC_POINT Qe; + static TPM2B_ECC_PARAMETER ds; + TPM_RC result = TPM_RC_SUCCESS; +// + NOT_REFERENCED(scheme); + CLEAR_BOTH(ALG_ECDH_VALUE); + LoadEccParameter(&ds, &c_ecTestKey_ds); + LoadEccPoint(&Qe, &c_ecTestKey_QeX, &c_ecTestKey_QeY); + if(TPM_RC_SUCCESS != CryptEccPointMultiply(&Z, c_testCurve, &Qe, &ds, + NULL, NULL)) + SELF_TEST_FAILURE; + if(!MemoryEqual2B(&c_ecTestEcdh_X.b, &Z.x.b) + || !MemoryEqual2B(&c_ecTestEcdh_Y.b, &Z.y.b)) + SELF_TEST_FAILURE; + return result; +} + +//*** TestEccSignAndVerify() +static TPM_RC +TestEccSignAndVerify( + TPM_ALG_ID scheme, + ALGORITHM_VECTOR *toTest + ) +{ + static OBJECT testObject; + static TPMT_SIGNATURE testSig; + static TPMT_ECC_SCHEME eccScheme; + + testSig.sigAlg = scheme; + testSig.signature.ecdsa.hash = DEFAULT_TEST_HASH; + + eccScheme.scheme = scheme; + eccScheme.details.anySig.hashAlg = DEFAULT_TEST_HASH; + + CLEAR_BOTH(scheme); + CLEAR_BOTH(ALG_ECDH_VALUE); + + // ECC signature verification testing uses a KVT. + switch(scheme) + { + case ALG_ECDSA_VALUE: + LoadEccParameter(&testSig.signature.ecdsa.signatureR, &c_TestEcDsa_r); + LoadEccParameter(&testSig.signature.ecdsa.signatureS, &c_TestEcDsa_s); + break; + case ALG_ECSCHNORR_VALUE: + LoadEccParameter(&testSig.signature.ecschnorr.signatureR, + &c_TestEcSchnorr_r); + LoadEccParameter(&testSig.signature.ecschnorr.signatureS, + &c_TestEcSchnorr_s); + break; + case ALG_SM2_VALUE: + // don't have a test for SM2 + return TPM_RC_SUCCESS; + default: + SELF_TEST_FAILURE; + break; + } + TEST_DEFAULT_TEST_HASH(toTest); + + // Have to copy the key. This is because the size used in the test vectors + // is the size of the ECC parameter for the test key while the size of a point + // is TPM dependent + MemoryCopy2B(&testObject.sensitive.sensitive.ecc.b, &c_ecTestKey_ds.b, + sizeof(testObject.sensitive.sensitive.ecc.t.buffer)); + LoadEccPoint(&testObject.publicArea.unique.ecc, &c_ecTestKey_QsX, + &c_ecTestKey_QsY); + testObject.publicArea.parameters.eccDetail.curveID = c_testCurve; + + if(TPM_RC_SUCCESS != CryptEccValidateSignature(&testSig, &testObject, + (TPM2B_DIGEST *)&c_ecTestValue.b)) + { + SELF_TEST_FAILURE; + } + CHECK_CANCELED; + + // Now sign and verify some data + if(TPM_RC_SUCCESS != CryptEccSign(&testSig, &testObject, + (TPM2B_DIGEST *)&c_ecTestValue, + &eccScheme, NULL)) + SELF_TEST_FAILURE; + + CHECK_CANCELED; + + if(TPM_RC_SUCCESS != CryptEccValidateSignature(&testSig, &testObject, + (TPM2B_DIGEST *)&c_ecTestValue)) + SELF_TEST_FAILURE; + + CHECK_CANCELED; + + return TPM_RC_SUCCESS; +} + +//*** TestKDFa() +static TPM_RC +TestKDFa( + ALGORITHM_VECTOR *toTest + ) +{ + static TPM2B_KDF_TEST_KEY keyOut; + UINT32 counter = 0; +// + CLEAR_BOTH(ALG_KDF1_SP800_108_VALUE); + + keyOut.t.size = CryptKDFa(KDF_TEST_ALG, &c_kdfTestKeyIn.b, &c_kdfTestLabel.b, + &c_kdfTestContextU.b, &c_kdfTestContextV.b, + TEST_KDF_KEY_SIZE * 8, keyOut.t.buffer, + &counter, FALSE); + if ( keyOut.t.size != TEST_KDF_KEY_SIZE + || !MemoryEqual(keyOut.t.buffer, c_kdfTestKeyOut.t.buffer, + TEST_KDF_KEY_SIZE)) + SELF_TEST_FAILURE; + + return TPM_RC_SUCCESS; +} + +//*** TestEcc() +static TPM_RC +TestEcc( + TPM_ALG_ID alg, + ALGORITHM_VECTOR *toTest + ) +{ + TPM_RC result = TPM_RC_SUCCESS; + NOT_REFERENCED(toTest); + switch(alg) + { + case ALG_ECC_VALUE: + case ALG_ECDH_VALUE: + // If this is in a loop then see if another test is going to deal with + // this. + // If toTest is not a self-test list + if((toTest == &g_toTest) + // or this is the only ECC test in the list + || !(TEST_BIT(ALG_ECDSA_VALUE, *toTest) + || TEST_BIT(ALG_ECSCHNORR, *toTest) + || TEST_BIT(ALG_SM2_VALUE, *toTest))) + { + result = TestECDH(alg, toTest); + } + break; + case ALG_ECDSA_VALUE: + case ALG_ECSCHNORR_VALUE: + case ALG_SM2_VALUE: + result = TestEccSignAndVerify(alg, toTest); + break; + default: + SELF_TEST_FAILURE; + break; + } + return result; +} + +#endif // ALG_ECC + +//*** TestAlgorithm() +// Dispatches to the correct test function for the algorithm or gets a list of +// testable algorithms. +// +// If 'toTest' is not NULL, then the test decisions are based on the algorithm +// selections in 'toTest'. Otherwise, 'g_toTest' is used. When bits are clear in +// 'g_toTest' they will also be cleared 'toTest'. +// +// If there doesn't happen to be a test for the algorithm, its associated bit is +// quietly cleared. +// +// If 'alg' is zero (TPM_ALG_ERROR), then the toTest vector is cleared of any bits +// for which there is no test (i.e. no tests are actually run but the vector is +// cleared). +// +// Note: 'toTest' will only ever have bits set for implemented algorithms but 'alg' +// can be anything. +// Return Type: TPM_RC +// TPM_RC_CANCELED test was canceled +LIB_EXPORT +TPM_RC +TestAlgorithm( + TPM_ALG_ID alg, + ALGORITHM_VECTOR *toTest + ) +{ + TPM_ALG_ID first = (alg == ALG_ERROR_VALUE) ? ALG_FIRST_VALUE : alg; + TPM_ALG_ID last = (alg == ALG_ERROR_VALUE) ? ALG_LAST_VALUE : alg; + BOOL doTest = (alg != ALG_ERROR_VALUE); + TPM_RC result = TPM_RC_SUCCESS; + + if(toTest == NULL) + toTest = &g_toTest; + + // This is kind of strange. This function will either run a test of the selected + // algorithm or just clear a bit if there is no test for the algorithm. So, + // either this loop will be executed once for the selected algorithm or once for + // each of the possible algorithms. If it is executed more than once ('alg' == + // ALG_ERROR), then no test will be run but bits will be cleared for + // unimplemented algorithms. This was done this way so that there is only one + // case statement with all of the algorithms. It was easier to have one case + // statement than to have multiple ones to manage whenever an algorithm ID is + // added. + for(alg = first; (alg <= last); alg++) + { + // if 'alg' was TPM_ALG_ERROR, then we will be cycling through + // values, some of which may not be implemented. If the bit in toTest + // happens to be set, then we could either generated an assert, or just + // silently CLEAR it. Decided to just clear. + if(!TEST_BIT(alg, g_implementedAlgorithms)) + { + CLEAR_BIT(alg, *toTest); + continue; + } + // Process whatever is left. + // NOTE: since this switch will only be called if the algorithm is + // implemented, it is not necessary to modify this list except to comment + // out the algorithms for which there is no test + switch(alg) + { + // Symmetric block ciphers +#if ALG_AES + case ALG_AES_VALUE: +#endif // ALG_AES +#if ALG_SM4 + // if SM4 is implemented, its test is like other block ciphers but there + // aren't any test vectors for it yet +// case ALG_SM4_VALUE: +#endif // ALG_SM4 +#if ALG_CAMELLIA + // no test vectors for camellia +// case ALG_CAMELLIA_VALUE: +#endif + // Symmetric modes +#if !ALG_CFB +# error CFB is required in all TPM implementations +#endif // !ALG_CFB + case ALG_CFB_VALUE: + if(doTest) + result = TestSymmetric(alg, toTest); + break; +#if ALG_CTR + case ALG_CTR_VALUE: +#endif // ALG_CRT +#if ALG_OFB + case ALG_OFB_VALUE: +#endif // ALG_OFB +#if ALG_CBC + case ALG_CBC_VALUE: +#endif // ALG_CBC +#if ALG_ECB + case ALG_ECB_VALUE: +#endif + if(doTest) + result = TestSymmetric(alg, toTest); + else + // If doing the initialization of g_toTest vector, only need + // to test one of the modes for the symmetric algorithms. If + // initializing for a SelfTest(FULL_TEST), allow all the modes. + if(toTest == &g_toTest) + CLEAR_BIT(alg, *toTest); + break; +#if !ALG_HMAC +# error HMAC is required in all TPM implementations +#endif + case ALG_HMAC_VALUE: + // Clear the bit that indicates that HMAC is required because + // HMAC is used as the basic test for all hash algorithms. + CLEAR_BOTH(alg); + // Testing HMAC means test the default hash + if(doTest) + TestHash(DEFAULT_TEST_HASH, toTest); + else + // If not testing, then indicate that the hash needs to be + // tested because this uses HMAC + SET_BOTH(DEFAULT_TEST_HASH); + break; +#if ALG_SHA1 + case ALG_SHA1_VALUE: +#endif // ALG_SHA1 +#if ALG_SHA256 + case ALG_SHA256_VALUE: +#endif // ALG_SHA256 +#if ALG_SHA384 + case ALG_SHA384_VALUE: +#endif // ALG_SHA384 +#if ALG_SHA512 + case ALG_SHA512_VALUE: +#endif // ALG_SHA512 + // if SM3 is implemented its test is like any other hash, but there + // aren't any test vectors yet. +#if ALG_SM3_256 +// case ALG_SM3_256_VALUE: +#endif // ALG_SM3_256 + if(doTest) + result = TestHash(alg, toTest); + break; + // RSA-dependent +#if ALG_RSA + case ALG_RSA_VALUE: + CLEAR_BOTH(alg); + if(doTest) + result = TestRsa(ALG_NULL_VALUE, toTest); + else + SET_BOTH(ALG_NULL_VALUE); + break; + case ALG_RSASSA_VALUE: + case ALG_RSAES_VALUE: + case ALG_RSAPSS_VALUE: + case ALG_OAEP_VALUE: + case ALG_NULL_VALUE: // used or RSADP + if(doTest) + result = TestRsa(alg, toTest); + break; +#endif // ALG_RSA +#if ALG_KDF1_SP800_108 + case ALG_KDF1_SP800_108_VALUE: + if(doTest) + result = TestKDFa(toTest); + break; +#endif // ALG_KDF1_SP800_108 +#if ALG_ECC + // ECC dependent but no tests + // case ALG_ECDAA_VALUE: + // case ALG_ECMQV_VALUE: + // case ALG_KDF1_SP800_56a_VALUE: + // case ALG_KDF2_VALUE: + // case ALG_MGF1_VALUE: + case ALG_ECC_VALUE: + CLEAR_BOTH(alg); + if(doTest) + result = TestEcc(ALG_ECDH_VALUE, toTest); + else + SET_BOTH(ALG_ECDH_VALUE); + break; + case ALG_ECDSA_VALUE: + case ALG_ECDH_VALUE: + case ALG_ECSCHNORR_VALUE: +// case ALG_SM2_VALUE: + if(doTest) + result = TestEcc(alg, toTest); + break; +#endif // ALG_ECC + default: + CLEAR_BIT(alg, *toTest); + break; + } + if(result != TPM_RC_SUCCESS) + break; + } + return result; +} + +#endif // SELF_TESTS \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/BnConvert.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/BnConvert.c new file mode 100644 index 000000000..f729cfe6f --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/BnConvert.c @@ -0,0 +1,295 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +//** Introduction +// This file contains the basic conversion functions that will convert TPM2B +// to/from the internal format. The internal format is a bigNum, +// + +//** Includes + +#include "Tpm.h" + +//** Functions + +//*** BnFromBytes() +// This function will convert a big-endian byte array to the internal number +// format. If bn is NULL, then the output is NULL. If bytes is null or the +// required size is 0, then the output is set to zero +LIB_EXPORT bigNum +BnFromBytes( + bigNum bn, + const BYTE *bytes, + NUMBYTES nBytes + ) +{ + const BYTE *pFrom; // 'p' points to the least significant bytes of source + BYTE *pTo; // points to least significant bytes of destination + crypt_uword_t size; +// + + size = (bytes != NULL) ? BYTES_TO_CRYPT_WORDS(nBytes) : 0; + + // If nothing in, nothing out + if(bn == NULL) + return NULL; + + // make sure things fit + pAssert(BnGetAllocated(bn) >= size); + + if(size > 0) + { + // Clear the topmost word in case it is not filled with data + bn->d[size - 1] = 0; + // Moving the input bytes from the end of the list (LSB) end + pFrom = bytes + nBytes - 1; + // To the LS0 of the LSW of the bigNum. + pTo = (BYTE *)bn->d; + for(; nBytes != 0; nBytes--) + *pTo++ = *pFrom--; + // For a little-endian machine, the conversion is a straight byte + // reversal. For a big-endian machine, we have to put the words in + // big-endian byte order +#if BIG_ENDIAN_TPM + { + crypt_word_t t; + for(t = (crypt_word_t)size - 1; t >= 0; t--) + bn->d[t] = SWAP_CRYPT_WORD(bn->d[t]); + } +#endif + } + BnSetTop(bn, size); + return bn; +} + +//*** BnFrom2B() +// Convert an TPM2B to a BIG_NUM. +// If the input value does not exist, or the output does not exist, or the input +// will not fit into the output the function returns NULL +LIB_EXPORT bigNum +BnFrom2B( + bigNum bn, // OUT: + const TPM2B *a2B // IN: number to convert + ) +{ + if(a2B != NULL) + return BnFromBytes(bn, a2B->buffer, a2B->size); + // Make sure that the number has an initialized value rather than whatever + // was there before + BnSetTop(bn, 0); // Function accepts NULL + return NULL; +} + +//*** BnFromHex() +// Convert a hex string into a bigNum. This is primarily used in debugging. +LIB_EXPORT bigNum +BnFromHex( + bigNum bn, // OUT: + const char *hex // IN: + ) +{ +#define FromHex(a) ((a) - (((a) > 'a') ? ('a' + 10) \ + : ((a) > 'A') ? ('A' - 10) : '0')) + unsigned i; + unsigned wordCount; + const char *p; + BYTE *d = (BYTE *)&(bn->d[0]); +// + pAssert(bn && hex); + i = (unsigned)strlen(hex); + wordCount = BYTES_TO_CRYPT_WORDS((i + 1) / 2); + if((i == 0) || (wordCount >= BnGetAllocated(bn))) + BnSetWord(bn, 0); + else + { + bn->d[wordCount - 1] = 0; + p = hex + i - 1; + for(;i > 1; i -= 2) + { + BYTE a; + a = FromHex(*p); + p--; + *d++ = a + (FromHex(*p) << 4); + p--; + } + if(i == 1) + *d = FromHex(*p); + } +#if !BIG_ENDIAN_TPM + for(i = 0; i < wordCount; i++) + bn->d[i] = SWAP_CRYPT_WORD(bn->d[i]); +#endif // BIG_ENDIAN_TPM + BnSetTop(bn, wordCount); + return bn; +} + +//*** BnToBytes() +// This function converts a BIG_NUM to a byte array. It converts the bigNum to a +// big-endian byte string and sets 'size' to the normalized value. If 'size' is an +// input 0, then the receiving buffer is guaranteed to be large enough for the result +// and the size will be set to the size required for bigNum (leading zeros +// suppressed). +// +// The conversion for a little-endian machine simply requires that all significant +// bytes of the bigNum be reversed. For a big-endian machine, rather than +// unpack each word individually, the bigNum is converted to little-endian words, +// copied, and then converted back to big-endian. +LIB_EXPORT BOOL +BnToBytes( + bigConst bn, + BYTE *buffer, + NUMBYTES *size // This the number of bytes that are + // available in the buffer. The result + // should be this big. + ) +{ + crypt_uword_t requiredSize; + BYTE *pFrom; + BYTE *pTo; + crypt_uword_t count; +// + // validate inputs + pAssert(bn && buffer && size); + + requiredSize = (BnSizeInBits(bn) + 7) / 8; + if(requiredSize == 0) + { + // If the input value is 0, return a byte of zero + *size = 1; + *buffer = 0; + } + else + { +#if BIG_ENDIAN_TPM + // Copy the constant input value into a modifiable value + BN_VAR(bnL, LARGEST_NUMBER_BITS * 2); + BnCopy(bnL, bn); + // byte swap the words in the local value to make them little-endian + for(count = 0; count < bnL->size; count++) + bnL->d[count] = SWAP_CRYPT_WORD(bnL->d[count]); + bn = (bigConst)bnL; +#endif + if(*size == 0) + *size = (NUMBYTES)requiredSize; + pAssert(requiredSize <= *size); + // Byte swap the number (not words but the whole value) + count = *size; + // Start from the least significant word and offset to the most significant + // byte which is in some high word + pFrom = (BYTE *)(&bn->d[0]) + requiredSize - 1; + pTo = buffer; + + // If the number of output bytes is larger than the number bytes required + // for the input number, pad with zeros + for(count = *size; count > requiredSize; count--) + *pTo++ = 0; + // Move the most significant byte at the end of the BigNum to the next most + // significant byte position of the 2B and repeat for all significant bytes. + for(; requiredSize > 0; requiredSize--) + *pTo++ = *pFrom--; + } + return TRUE; +} + +//*** BnTo2B() +// Function to convert a BIG_NUM to TPM2B. +// The TPM2B size is set to the requested 'size' which may require padding. +// If 'size' is non-zero and less than required by the value in 'bn' then an error +// is returned. If 'size' is zero, then the TPM2B is assumed to be large enough +// for the data and a2b->size will be adjusted accordingly. +LIB_EXPORT BOOL +BnTo2B( + bigConst bn, // IN: + TPM2B *a2B, // OUT: + NUMBYTES size // IN: the desired size + ) +{ + // Set the output size + if(bn && a2B) + { + a2B->size = size; + return BnToBytes(bn, a2B->buffer, &a2B->size); + } + return FALSE; +} + +#if ALG_ECC + +//*** BnPointFrom2B() +// Function to create a BIG_POINT structure from a 2B point. +// A point is going to be two ECC values in the same buffer. The values are going +// to be the size of the modulus. They are in modular form. +LIB_EXPORT bn_point_t * +BnPointFrom2B( + bigPoint ecP, // OUT: the preallocated point structure + TPMS_ECC_POINT *p // IN: the number to convert + ) +{ + if(p == NULL) + return NULL; + + if(NULL != ecP) + { + BnFrom2B(ecP->x, &p->x.b); + BnFrom2B(ecP->y, &p->y.b); + BnSetWord(ecP->z, 1); + } + return ecP; +} + +//*** BnPointTo2B() +// This function converts a BIG_POINT into a TPMS_ECC_POINT. A TPMS_ECC_POINT +// contains two TPM2B_ECC_PARAMETER values. The maximum size of the parameters +// is dependent on the maximum EC key size used in an implementation. +// The presumption is that the TPMS_ECC_POINT is large enough to hold 2 TPM2B +// values, each as large as a MAX_ECC_PARAMETER_BYTES +LIB_EXPORT BOOL +BnPointTo2B( + TPMS_ECC_POINT *p, // OUT: the converted 2B structure + bigPoint ecP, // IN: the values to be converted + bigCurve E // IN: curve descriptor for the point + ) +{ + UINT16 size; +// + pAssert(p && ecP && E); + pAssert(BnEqualWord(ecP->z, 1)); + // BnMsb is the bit number of the MSB. This is one less than the number of bits + size = (UINT16)BITS_TO_BYTES(BnSizeInBits(CurveGetOrder(AccessCurveData(E)))); + BnTo2B(ecP->x, &p->x.b, size); + BnTo2B(ecP->y, &p->y.b, size); + return TRUE; +} + +#endif // ALG_ECC \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/BnMath.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/BnMath.c new file mode 100644 index 000000000..84d3e9eeb --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/BnMath.c @@ -0,0 +1,597 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +//** Introduction +// The simulator code uses the canonical form whenever possible in order to make +// the code in Part 3 more accessible. The canonical data formats are simple and +// not well suited for complex big number computations. When operating on big +// numbers, the data format is changed for easier manipulation. The format is native +// words in little-endian format. As the magnitude of the number decreases, the +// length of the array containing the number decreases but the starting address +// doesn't change. +// +// The functions in this file perform simple operations on these big numbers. Only +// the more complex operations are passed to the underlying support library. +// Although the support library would have most of these functions, the interface +// code to convert the format for the values is greater than the size of the +// code to implement the functions here. So, rather than incur the overhead of +// conversion, they are done here. +// +// If an implementer would prefer, the underlying library can be used simply by +// making code substitutions here. +// +// NOTE: There is an intention to continue to augment these functions so that there +// would be no need to use an external big number library. +// +// Many of these functions have no error returns and will always return TRUE. This +// is to allow them to be used in "guarded" sequences. That is: +// OK = OK || BnSomething(s); +// where the BnSomething function should not be called if OK isn't true. + +//** Includes +#include "Tpm.h" + +// A constant value of zero as a stand in for NULL bigNum values +const bignum_t BnConstZero = {1, 0, {0}}; + +//** Functions + +//*** AddSame() +// Adds two values that are the same size. This function allows 'result' to be +// the same as either of the addends. This is a nice function to put into assembly +// because handling the carry for multi-precision stuff is not as easy in C +// (unless there is a REALLY smart compiler). It would be nice if there were idioms +// in a language that a compiler could recognize what is going on and optimize +// loops like this. +// Return Type: int +// 0 no carry out +// 1 carry out +static BOOL +AddSame( + crypt_uword_t *result, + const crypt_uword_t *op1, + const crypt_uword_t *op2, + int count + ) +{ + int carry = 0; + int i; + + for(i = 0; i < count; i++) + { + crypt_uword_t a = op1[i]; + crypt_uword_t sum = a + op2[i]; + result[i] = sum + carry; + // generate a carry if the sum is less than either of the inputs + // propagate a carry if there was a carry and the sum + carry is zero + // do this using bit operations rather than logical operations so that + // the time is about the same. + // propagate term | generate term + carry = ((result[i] == 0) & carry) | (sum < a); + } + return carry; +} + +//*** CarryProp() +// Propagate a carry +static int +CarryProp( + crypt_uword_t *result, + const crypt_uword_t *op, + int count, + int carry + ) +{ + for(; count; count--) + carry = ((*result++ = *op++ + carry) == 0) & carry; + return carry; +} + +static void +CarryResolve( + bigNum result, + int stop, + int carry + ) +{ + if(carry) + { + pAssert((unsigned)stop < result->allocated); + result->d[stop++] = 1; + } + BnSetTop(result, stop); +} + +//*** BnAdd() +// This function adds two bigNum values. This function always returns TRUE. +LIB_EXPORT BOOL +BnAdd( + bigNum result, + bigConst op1, + bigConst op2 + ) +{ + crypt_uword_t stop; + int carry; + const bignum_t *n1 = op1; + const bignum_t *n2 = op2; + +// + if(n2->size > n1->size) + { + n1 = op2; + n2 = op1; + } + pAssert(result->allocated >= n1->size); + stop = MIN(n1->size, n2->allocated); + carry = (int)AddSame(result->d, n1->d, n2->d, (int)stop); + if(n1->size > stop) + carry = CarryProp(&result->d[stop], &n1->d[stop], (int)(n1->size - stop), carry); + CarryResolve(result, (int)n1->size, carry); + return TRUE; +} + +//*** BnAddWord() +// This function adds a word value to a bigNum. This function always returns TRUE. +LIB_EXPORT BOOL +BnAddWord( + bigNum result, + bigConst op, + crypt_uword_t word + ) +{ + int carry; +// + carry = (result->d[0] = op->d[0] + word) < word; + carry = CarryProp(&result->d[1], &op->d[1], (int)(op->size - 1), carry); + CarryResolve(result, (int)op->size, carry); + return TRUE; +} + +//*** SubSame() +// This function subtracts two values that have the same size. +static int +SubSame( + crypt_uword_t *result, + const crypt_uword_t *op1, + const crypt_uword_t *op2, + int count + ) +{ + int borrow = 0; + int i; + for(i = 0; i < count; i++) + { + crypt_uword_t a = op1[i]; + crypt_uword_t diff = a - op2[i]; + result[i] = diff - borrow; + // generate | propagate + borrow = (diff > a) | ((diff == 0) & borrow); + } + return borrow; +} + +//*** BorrowProp() +// This propagates a borrow. If borrow is true when the end +// of the array is reached, then it means that op2 was larger than +// op1 and we don't handle that case so an assert is generated. +// This design choice was made because our only bigNum computations +// are on large positive numbers (primes) or on fields. +// Propagate a borrow. +static int +BorrowProp( + crypt_uword_t *result, + const crypt_uword_t *op, + int size, + int borrow + ) +{ + for(; size > 0; size--) + borrow = ((*result++ = *op++ - borrow) == MAX_CRYPT_UWORD) && borrow; + return borrow; +} + +//*** BnSub() +// This function does subtraction of two bigNum values and returns result = op1 - op2 +// when op1 is greater than op2. If op2 is greater than op1, then a fault is +// generated. This function always returns TRUE. +LIB_EXPORT BOOL +BnSub( + bigNum result, + bigConst op1, + bigConst op2 + ) +{ + int borrow; + int stop = (int)MIN(op1->size, op2->allocated); +// + // Make sure that op2 is not obviously larger than op1 + pAssert(op1->size >= op2->size); + borrow = SubSame(result->d, op1->d, op2->d, stop); + if(op1->size > (crypt_uword_t)stop) + borrow = BorrowProp(&result->d[stop], &op1->d[stop], (int)(op1->size - stop), + borrow); + pAssert(!borrow); + BnSetTop(result, op1->size); + return TRUE; +} + +//*** BnSubWord() +// This function subtracts a word value from a bigNum. This function always +// returns TRUE. +LIB_EXPORT BOOL +BnSubWord( + bigNum result, + bigConst op, + crypt_uword_t word + ) +{ + int borrow; +// + pAssert(op->size > 1 || word <= op->d[0]); + borrow = word > op->d[0]; + result->d[0] = op->d[0] - word; + borrow = BorrowProp(&result->d[1], &op->d[1], (int)(op->size - 1), borrow); + pAssert(!borrow); + BnSetTop(result, op->size); + return TRUE; +} + +//*** BnUnsignedCmp() +// This function performs a comparison of op1 to op2. The compare is approximately +// constant time if the size of the values used in the compare is consistent +// across calls (from the same line in the calling code). +// Return Type: int +// < 0 op1 is less than op2 +// 0 op1 is equal to op2 +// > 0 op1 is greater than op2 +LIB_EXPORT int +BnUnsignedCmp( + bigConst op1, + bigConst op2 + ) +{ + int retVal; + int diff; + int i; +// + pAssert((op1 != NULL) && (op2 != NULL)); + retVal = (int)(op1->size - op2->size); + if(retVal == 0) + { + for(i = (int)(op1->size - 1); i >= 0; i--) + { + diff = (op1->d[i] < op2->d[i]) ? -1 : (op1->d[i] != op2->d[i]); + retVal = retVal == 0 ? diff : retVal; + } + } + else + retVal = (retVal < 0) ? -1 : 1; + return retVal; +} + +//*** BnUnsignedCmpWord() +// Compare a bigNum to a crypt_uword_t. +// Return Type: int +// -1 op1 is less that word +// 0 op1 is equal to word +// 1 op1 is greater than word +LIB_EXPORT int +BnUnsignedCmpWord( + bigConst op1, + crypt_uword_t word + ) +{ + if(op1->size > 1) + return 1; + else if(op1->size == 1) + return (op1->d[0] < word) ? -1 : (op1->d[0] > word); + else // op1 is zero + // equal if word is zero + return (word == 0) ? 0 : -1; +} + +//*** BnModWord() +// This function does modular division of a big number when the modulus is a +// word value. +LIB_EXPORT crypt_word_t +BnModWord( + bigConst numerator, + crypt_word_t modulus + ) +{ + BN_MAX(remainder); + BN_VAR(mod, RADIX_BITS); +// + mod->d[0] = modulus; + mod->size = (modulus != 0); + BnDiv(NULL, remainder, numerator, mod); + return remainder->d[0]; +} + +//*** Msb() +// This function returns the bit number of the most significant bit of a +// crypt_uword_t. The number for the least significant bit of any bigNum value is 0. +// The maximum return value is RADIX_BITS - 1, +// Return Type: int +// -1 the word was zero +// n the bit number of the most significant bit in the word +LIB_EXPORT int +Msb( + crypt_uword_t word + ) +{ + int retVal = -1; +// +#if RADIX_BITS == 64 + if(word & 0xffffffff00000000) { retVal += 32; word >>= 32; } +#endif + if(word & 0xffff0000) { retVal += 16; word >>= 16; } + if(word & 0x0000ff00) { retVal += 8; word >>= 8; } + if(word & 0x000000f0) { retVal += 4; word >>= 4; } + if(word & 0x0000000c) { retVal += 2; word >>= 2; } + if(word & 0x00000002) { retVal += 1; word >>= 1; } + return retVal + (int)word; +} + +//*** BnMsb() +// This function returns the number of the MSb of a bigNum value. +// Return Type: int +// -1 the word was zero or 'bn' was NULL +// n the bit number of the most significant bit in the word +LIB_EXPORT int +BnMsb( + bigConst bn + ) +{ + // If the value is NULL, or the size is zero then treat as zero and return -1 + if(bn != NULL && bn->size > 0) + { + int retVal = Msb(bn->d[bn->size - 1]); + retVal += (int)(bn->size - 1) * RADIX_BITS; + return retVal; + } + else + return -1; +} + +//*** BnSizeInBits() +// This function returns the number of bits required to hold a number. It is one +// greater than the Msb. +// +LIB_EXPORT unsigned +BnSizeInBits( + bigConst n + ) +{ + int bits = BnMsb(n) + 1; +// + return bits < 0? 0 : (unsigned)bits; +} + +//*** BnSetWord() +// Change the value of a bignum_t to a word value. +LIB_EXPORT bigNum +BnSetWord( + bigNum n, + crypt_uword_t w + ) +{ + if(n != NULL) + { + pAssert(n->allocated > 1); + n->d[0] = w; + BnSetTop(n, (w != 0) ? 1 : 0); + } + return n; +} + +//*** BnSetBit() +// This function will SET a bit in a bigNum. Bit 0 is the least-significant bit in +// the 0th digit_t. The function always return TRUE +LIB_EXPORT BOOL +BnSetBit( + bigNum bn, // IN/OUT: big number to modify + unsigned int bitNum // IN: Bit number to SET + ) +{ + crypt_uword_t offset = bitNum / RADIX_BITS; + pAssert(bn->allocated * RADIX_BITS >= bitNum); + // Grow the number if necessary to set the bit. + while(bn->size <= offset) + bn->d[bn->size++] = 0; + bn->d[offset] |= ((crypt_uword_t)1 << RADIX_MOD(bitNum)); + return TRUE; +} + +//*** BnTestBit() +// This function is used to check to see if a bit is SET in a bignum_t. The 0th bit +// is the LSb of d[0]. +// Return Type: BOOL +// TRUE(1) the bit is set +// FALSE(0) the bit is not set or the number is out of range +LIB_EXPORT BOOL +BnTestBit( + bigNum bn, // IN: number to check + unsigned int bitNum // IN: bit to test + ) +{ + crypt_uword_t offset = RADIX_DIV(bitNum); +// + if(bn->size > offset) + return ((bn->d[offset] & (((crypt_uword_t)1) << RADIX_MOD(bitNum))) != 0); + else + return FALSE; +} + +//***BnMaskBits() +// This function is used to mask off high order bits of a big number. +// The returned value will have no more than 'maskBit' bits +// set. +// Note: There is a requirement that unused words of a bignum_t are set to zero. +// Return Type: BOOL +// TRUE(1) result masked +// FALSE(0) the input was not as large as the mask +LIB_EXPORT BOOL +BnMaskBits( + bigNum bn, // IN/OUT: number to mask + crypt_uword_t maskBit // IN: the bit number for the mask. + ) +{ + crypt_uword_t finalSize; + BOOL retVal; + + finalSize = BITS_TO_CRYPT_WORDS(maskBit); + retVal = (finalSize <= bn->allocated); + if(retVal && (finalSize > 0)) + { + crypt_uword_t mask; + mask = ~((crypt_uword_t)0) >> RADIX_MOD(maskBit); + bn->d[finalSize - 1] &= mask; + } + BnSetTop(bn, finalSize); + return retVal; +} + +//*** BnShiftRight() +// This function will shift a bigNum to the right by the shiftAmount. +// This function always returns TRUE. +LIB_EXPORT BOOL +BnShiftRight( + bigNum result, + bigConst toShift, + uint32_t shiftAmount + ) +{ + uint32_t offset = (shiftAmount >> RADIX_LOG2); + uint32_t i; + uint32_t shiftIn; + crypt_uword_t finalSize; +// + shiftAmount = shiftAmount & RADIX_MASK; + shiftIn = RADIX_BITS - shiftAmount; + + // The end size is toShift->size - offset less one additional + // word if the shiftAmount would make the upper word == 0 + if(toShift->size > offset) + { + finalSize = toShift->size - offset; + finalSize -= (toShift->d[toShift->size - 1] >> shiftAmount) == 0 ? 1 : 0; + } + else + finalSize = 0; + + pAssert(finalSize <= result->allocated); + if(finalSize != 0) + { + for(i = 0; i < finalSize; i++) + { + result->d[i] = (toShift->d[i + offset] >> shiftAmount) + | (toShift->d[i + offset + 1] << shiftIn); + } + if(offset == 0) + result->d[i] = toShift->d[i] >> shiftAmount; + } + BnSetTop(result, finalSize); + return TRUE; +} + +//*** BnGetRandomBits() +// This function gets random bits for use in various places. To make sure that the +// number is generated in a portable format, it is created as a TPM2B and then +// converted to the internal format. +// +// One consequence of the generation scheme is that, if the number of bits requested +// is not a multiple of 8, then the high-order bits are set to zero. This would come +// into play when generating a 521-bit ECC key. A 66-byte (528-bit) value is +// generated an the high order 7 bits are masked off (CLEAR). +// Return Type: BOOL +// TRUE(1) success +// FALSE(0) failure +LIB_EXPORT BOOL +BnGetRandomBits( + bigNum n, + size_t bits, + RAND_STATE *rand +) +{ + // Since this could be used for ECC key generation using the extra bits method, + // make sure that the value is large enough + TPM2B_TYPE(LARGEST, LARGEST_NUMBER + 8); + TPM2B_LARGEST large; +// + large.b.size = (UINT16)BITS_TO_BYTES(bits); + if(DRBG_Generate(rand, large.t.buffer, large.t.size) == large.t.size) + { + if(BnFrom2B(n, &large.b) != NULL) + { + if(BnMaskBits(n, bits)) + return TRUE; + } + } + return FALSE; +} + +//*** BnGenerateRandomInRange() +// This function is used to generate a random number r in the range 1 <= r < limit. +// The function gets a random number of bits that is the size of limit. There is some +// some probability that the returned number is going to be greater than or equal +// to the limit. If it is, try again. There is no more than 50% chance that the +// next number is also greater, so try again. We keep trying until we get a +// value that meets the criteria. Since limit is very often a number with a LOT of +// high order ones, this rarely would need a second try. +// Return Type: BOOL +// TRUE(1) success +// FALSE(0) failure ('limit' is too small) +LIB_EXPORT BOOL +BnGenerateRandomInRange( + bigNum dest, + bigConst limit, + RAND_STATE *rand + ) +{ + size_t bits = BnSizeInBits(limit); +// + if(bits < 2) + { + BnSetWord(dest, 0); + return FALSE; + } + else + { + while(BnGetRandomBits(dest, bits, rand) + && (BnEqualZero(dest) || (BnUnsignedCmp(dest, limit) >= 0))); + } + return !g_inFailureMode; +} \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/BnMemory.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/BnMemory.c new file mode 100644 index 000000000..ec70a476f --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/BnMemory.c @@ -0,0 +1,187 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +//** Introduction +// This file contains the memory setup functions used by the bigNum functions +// in CryptoEngine + +//** Includes +#include "Tpm.h" + +//** Functions + +//*** BnSetTop() +// This function is used when the size of a bignum_t is changed. It +// makes sure that the unused words are set to zero and that any significant +// words of zeros are eliminated from the used size indicator. +LIB_EXPORT bigNum +BnSetTop( + bigNum bn, // IN/OUT: number to clean + crypt_uword_t top // IN: the new top + ) +{ + if(bn != NULL) + { + pAssert(top <= bn->allocated); + // If forcing the size to be decreased, make sure that the words being + // discarded are being set to 0 + while(bn->size > top) + bn->d[--bn->size] = 0; + bn->size = top; + // Now make sure that the words that are left are 'normalized' (no high-order + // words of zero. + while((bn->size > 0) && (bn->d[bn->size - 1] == 0)) + bn->size -= 1; + } + return bn; +} + +//*** BnClearTop() +// This function will make sure that all unused words are zero. +LIB_EXPORT bigNum +BnClearTop( + bigNum bn + ) +{ + crypt_uword_t i; +// + if(bn != NULL) + { + for(i = bn->size; i < bn->allocated; i++) + bn->d[i] = 0; + while((bn->size > 0) && (bn->d[bn->size] == 0)) + bn->size -= 1; + } + return bn; +} + +//*** BnInitializeWord() +// This function is used to initialize an allocated bigNum with a word value. The +// bigNum does not have to be allocated with a single word. +LIB_EXPORT bigNum +BnInitializeWord( + bigNum bn, // IN: + crypt_uword_t allocated, // IN: + crypt_uword_t word // IN: + ) +{ + bn->allocated = allocated; + bn->size = (word != 0); + bn->d[0] = word; + while(allocated > 1) + bn->d[--allocated] = 0; + return bn; +} + +//*** BnInit() +// This function initializes a stack allocated bignum_t. It initializes +// 'allocated' and 'size' and zeros the words of 'd'. +LIB_EXPORT bigNum +BnInit( + bigNum bn, + crypt_uword_t allocated + ) +{ + if(bn != NULL) + { + bn->allocated = allocated; + bn->size = 0; + while(allocated != 0) + bn->d[--allocated] = 0; + } + return bn; +} + +//*** BnCopy() +// Function to copy a bignum_t. If the output is NULL, then +// nothing happens. If the input is NULL, the output is set +// to zero. +LIB_EXPORT BOOL +BnCopy( + bigNum out, + bigConst in + ) +{ + if(in == out) + BnSetTop(out, BnGetSize(out)); + else if(out != NULL) + { + if(in != NULL) + { + unsigned int i; + pAssert(BnGetAllocated(out) >= BnGetSize(in)); + for(i = 0; i < BnGetSize(in); i++) + out->d[i] = in->d[i]; + BnSetTop(out, BnGetSize(in)); + } + else + BnSetTop(out, 0); + } + return TRUE; +} + +#if ALG_ECC + +//*** BnPointCopy() +// Function to copy a bn point. +LIB_EXPORT BOOL +BnPointCopy( + bigPoint pOut, + pointConst pIn + ) +{ + return BnCopy(pOut->x, pIn->x) + && BnCopy(pOut->y, pIn->y) + && BnCopy(pOut->z, pIn->z); +} + +//*** BnInitializePoint() +// This function is used to initialize a point structure with the addresses +// of the coordinates. +LIB_EXPORT bn_point_t * +BnInitializePoint( + bigPoint p, // OUT: structure to receive pointers + bigNum x, // IN: x coordinate + bigNum y, // IN: y coordinate + bigNum z // IN: x coordinate + ) +{ + p->x = x; + p->y = y; + p->z = z; + BnSetWord(z, 1); + return p; +} + +#endif // ALG_ECC \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptCmac.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptCmac.c new file mode 100644 index 000000000..7440d5f6b --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptCmac.c @@ -0,0 +1,176 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +//** Introduction +// +// This file contains the implementation of the message authentication codes based +// on a symmetric block cipher. These functions only use the single block +// encryption functions of the selected symmetric cryptographic library. + +//** Includes, Defines, and Typedefs +#define _CRYPT_HASH_C_ +#include "Tpm.h" +#include "CryptSym.h" + +#if ALG_CMAC + +//** Functions + +//*** CryptCmacStart() +// This is the function to start the CMAC sequence operation. It initializes the +// dispatch functions for the data and end operations for CMAC and initializes the +// parameters that are used for the processing of data, including the key, key size +// and block cipher algorithm. +UINT16 +CryptCmacStart( + SMAC_STATE *state, + TPMU_PUBLIC_PARMS *keyParms, + TPM_ALG_ID macAlg, + TPM2B *key +) +{ + tpmCmacState_t *cState = &state->state.cmac; + TPMT_SYM_DEF_OBJECT *def = &keyParms->symDetail.sym; +// + if(macAlg != TPM_ALG_CMAC) + return 0; + // set up the encryption algorithm and parameters + cState->symAlg = def->algorithm; + cState->keySizeBits = def->keyBits.sym; + cState->iv.t.size = CryptGetSymmetricBlockSize(def->algorithm, + def->keyBits.sym); + MemoryCopy2B(&cState->symKey.b, key, sizeof(cState->symKey.t.buffer)); + + // Set up the dispatch methods for the CMAC + state->smacMethods.data = CryptCmacData; + state->smacMethods.end = CryptCmacEnd; + return cState->iv.t.size; +} + + +//*** CryptCmacData() +// This function is used to add data to the CMAC sequence computation. The function +// will XOR new data into the IV. If the buffer is full, and there is additional +// input data, the data is encrypted into the IV buffer, the new data is then +// XOR into the IV. When the data runs out, the function returns without encrypting +// even if the buffer is full. The last data block of a sequence will not be +// encrypted until the call to CryptCmacEnd(). This is to allow the proper subkey +// to be computed and applied before the last block is encrypted. +void +CryptCmacData( + SMAC_STATES *state, + UINT32 size, + const BYTE *buffer +) +{ + tpmCmacState_t *cmacState = &state->cmac; + TPM_ALG_ID algorithm = cmacState->symAlg; + BYTE *key = cmacState->symKey.t.buffer; + UINT16 keySizeInBits = cmacState->keySizeBits; + tpmCryptKeySchedule_t keySchedule; + TpmCryptSetSymKeyCall_t encrypt; +// + SELECT(ENCRYPT); + while(size > 0) + { + if(cmacState->bcount == cmacState->iv.t.size) + { + ENCRYPT(&keySchedule, cmacState->iv.t.buffer, cmacState->iv.t.buffer); + cmacState->bcount = 0; + } + for(;(size > 0) && (cmacState->bcount < cmacState->iv.t.size); + size--, cmacState->bcount++) + { + cmacState->iv.t.buffer[cmacState->bcount] ^= *buffer++; + } + } +} + +//*** CryptCmacEnd() +// This is the completion function for the CMAC. It does padding, if needed, and +// selects the subkey to be applied before the last block is encrypted. +UINT16 +CryptCmacEnd( + SMAC_STATES *state, + UINT32 outSize, + BYTE *outBuffer +) +{ + tpmCmacState_t *cState = &state->cmac; + // Need to set algorithm, key, and keySizeInBits in the local context so that + // the SELECT and ENCRYPT macros will work here + TPM_ALG_ID algorithm = cState->symAlg; + BYTE *key = cState->symKey.t.buffer; + UINT16 keySizeInBits = cState->keySizeBits; + tpmCryptKeySchedule_t keySchedule; + TpmCryptSetSymKeyCall_t encrypt; + TPM2B_IV subkey = {{0, {0}}}; + BOOL xorVal; + UINT16 i; + + subkey.t.size = cState->iv.t.size; + // Encrypt a block of zero + SELECT(ENCRYPT); + ENCRYPT(&keySchedule, subkey.t.buffer, subkey.t.buffer); + + // shift left by 1 and XOR with 0x0...87 if the MSb was 0 + xorVal = ((subkey.t.buffer[0] & 0x80) == 0) ? 0 : 0x87; + ShiftLeft(&subkey.b); + subkey.t.buffer[subkey.t.size - 1] ^= xorVal; + // this is a sanity check to make sure that the algorithm is working properly. + // remove this check when debug is done + pAssert(cState->bcount <= cState->iv.t.size); + // If the buffer is full then no need to compute subkey 2. + if(cState->bcount < cState->iv.t.size) + { + //Pad the data + cState->iv.t.buffer[cState->bcount++] ^= 0x80; + // The rest of the data is a pad of zero which would simply be XORed + // with the iv value so nothing to do... + // Now compute K2 + xorVal = ((subkey.t.buffer[0] & 0x80) == 0) ? 0 : 0x87; + ShiftLeft(&subkey.b); + subkey.t.buffer[subkey.t.size - 1] ^= xorVal; + } + // XOR the subkey into the IV + for(i = 0; i < subkey.t.size; i++) + cState->iv.t.buffer[i] ^= subkey.t.buffer[i]; + ENCRYPT(&keySchedule, cState->iv.t.buffer, cState->iv.t.buffer); + i = (UINT16)MIN(cState->iv.t.size, outSize); + MemoryCopy(outBuffer, cState->iv.t.buffer, i); + + return i; +} +#endif + diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptDes.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptDes.c new file mode 100644 index 000000000..dd0b6f6ed --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptDes.c @@ -0,0 +1,188 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +//** Introduction +// +// This file contains the extra functions required for TDES. + +//** Includes, Defines, and Typedefs +#include "Tpm.h" + +#if ALG_TDES + + +#define DES_NUM_WEAK 64 +const UINT64 DesWeakKeys[DES_NUM_WEAK] = { + 0x0101010101010101ULL, 0xFEFEFEFEFEFEFEFEULL, + 0xE0E0E0E0F1F1F1F1ULL, 0x1F1F1F1F0E0E0E0EULL, + 0x011F011F010E010EULL, 0x1F011F010E010E01ULL, + 0x01E001E001F101F1ULL, 0xE001E001F101F101ULL, + 0x01FE01FE01FE01FEULL, 0xFE01FE01FE01FE01ULL, + 0x1FE01FE00EF10EF1ULL, 0xE01FE01FF10EF10EULL, + 0x1FFE1FFE0EFE0EFEULL, 0xFE1FFE1FFE0EFE0EULL, + 0xE0FEE0FEF1FEF1FEULL, 0xFEE0FEE0FEF1FEF1ULL, + 0x01011F1F01010E0EULL, 0x1F1F01010E0E0101ULL, + 0xE0E01F1FF1F10E0EULL, 0x0101E0E00101F1F1ULL, + 0x1F1FE0E00E0EF1F1ULL, 0xE0E0FEFEF1F1FEFEULL, + 0x0101FEFE0101FEFEULL, 0x1F1FFEFE0E0EFEFEULL, + 0xE0FE011FF1FE010EULL, 0x011F1F01010E0E01ULL, + 0x1FE001FE0EF101FEULL, 0xE0FE1F01F1FE0E01ULL, + 0x011FE0FE010EF1FEULL, 0x1FE0E01F0EF1F10EULL, + 0xE0FEFEE0F1FEFEF1ULL, 0x011FFEE0010EFEF1ULL, + 0x1FE0FE010EF1FE01ULL, 0xFE0101FEFE0101FEULL, + 0x01E01FFE01F10EFEULL, 0x1FFE01E00EFE01F1ULL, + 0xFE011FE0FE010EF1ULL, 0xFE01E01FFE01F10EULL, + 0x1FFEE0010EFEF101ULL, 0xFE1F01E0FE0E01F1ULL, + 0x01E0E00101F1F101ULL, 0x1FFEFE1F0EFEFE0EULL, + 0xFE1FE001FE0EF101ULL, 0x01E0FE1F01F1FE0EULL, + 0xE00101E0F10101F1ULL, 0xFE1F1FFEFE0E0EFEULL, + 0x01FE1FE001FE0EF1ULL, 0xE0011FFEF1010EFEULL, + 0xFEE0011FFEF1010EULL, 0x01FEE01F01FEF10EULL, + 0xE001FE1FF101FE0EULL, 0xFEE01F01FEF10E01ULL, + 0x01FEFE0101FEFE01ULL, 0xE01F01FEF10E01FEULL, + 0xFEE0E0FEFEF1F1FEULL, 0x1F01011F0E01010EULL, + 0xE01F1FE0F10E0EF1ULL, 0xFEFE0101FEFE0101ULL, + 0x1F01E0FE0E01F1FEULL, 0xE01FFE01F10EFE01ULL, + 0xFEFE1F1FFEFE0E0EULL, 0x1F01FEE00E01FEF1ULL, + 0xE0E00101F1F10101ULL, 0xFEFEE0E0FEFEF1F1ULL}; + + +//*** CryptSetOddByteParity() +// This function sets the per byte parity of a 64-bit value. The least-significant +// bit is of each byte is replaced with the odd parity of the other 7 bits in the +// byte. With odd parity, no byte will ever be 0x00. +UINT64 +CryptSetOddByteParity( + UINT64 k + ) +{ +#define PMASK 0x0101010101010101ULL + UINT64 out; + k |= PMASK; // set the parity bit + out = k; + k ^= k >> 4; + k ^= k >> 2; + k ^= k >> 1; + k &= PMASK; // odd parity extracted + out ^= k; // out is now even parity because parity bit was already set + out ^= PMASK; // out is now even parity + return out; +} + + +//*** CryptDesIsWeakKey() +// Check to see if a DES key is on the list of weak, semi-weak, or possibly weak +// keys. +// Return Type: BOOL +// TRUE(1) DES key is weak +// FALSE(0) DES key is not weak +static BOOL +CryptDesIsWeakKey( + UINT64 k + ) +{ + int i; +// + for(i = 0; i < DES_NUM_WEAK; i++) + { + if(k == DesWeakKeys[i]) + return TRUE; + } + return FALSE; +} + +//*** CryptDesValidateKey() +// Function to check to see if the input key is a valid DES key where the definition +// of valid is that none of the elements are on the list of weak, semi-weak, or +// possibly weak keys; and that for two keys, K1!=K2, and for three keys that +// K1!=K2 and K2!=K3. +BOOL +CryptDesValidateKey( + TPM2B_SYM_KEY *desKey // IN: key to validate + ) +{ + UINT64 k[3]; + int i; + int keys = (desKey->t.size + 7) / 8; + BYTE *pk = desKey->t.buffer; + BOOL ok; +// + // Note: 'keys' is the number of keys, not the maximum index for 'k' + ok = ((keys == 2) || (keys == 3)) && ((desKey->t.size % 8) == 0); + for(i = 0; ok && i < keys; pk += 8, i++) + { + k[i] = CryptSetOddByteParity(BYTE_ARRAY_TO_UINT64(pk)); + ok = !CryptDesIsWeakKey(k[i]); + } + ok = ok && k[0] != k[1]; + if(keys == 3) + ok = ok && k[1] != k[2]; + return ok; +} + +//*** CryptGenerateKeyDes() +// This function is used to create a DES key of the appropriate size. The key will +// have odd parity in the bytes. +TPM_RC +CryptGenerateKeyDes( + TPMT_PUBLIC *publicArea, // IN/OUT: The public area template + // for the new key. + TPMT_SENSITIVE *sensitive, // OUT: sensitive area + RAND_STATE *rand // IN: the "entropy" source for + ) +{ + + // Assume that the publicArea key size has been validated and is a supported + // number of bits. + sensitive->sensitive.sym.t.size = + BITS_TO_BYTES(publicArea->parameters.symDetail.sym.keyBits.sym); + do + { + BYTE *pK = sensitive->sensitive.sym.t.buffer; + int i = (sensitive->sensitive.sym.t.size + 7) / 8; +// Use the random number generator to generate the required number of bits + if(DRBG_Generate(rand, pK, sensitive->sensitive.sym.t.size) == 0) + return TPM_RC_NO_RESULT; + for(; i > 0; pK += 8, i--) + { + UINT64 k = BYTE_ARRAY_TO_UINT64(pK); + k = CryptSetOddByteParity(k); + UINT64_TO_BYTE_ARRAY(k, pK); + } + } while(!CryptDesValidateKey(&sensitive->sensitive.sym)); + return TPM_RC_SUCCESS; +} + +#endif +//*** diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptEccData.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptEccData.c new file mode 100644 index 000000000..06fb85e90 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptEccData.c @@ -0,0 +1,657 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmStructures; Version 4.1 Dec 8, 2018 + * Date: Jan 28, 2019 Time: 01:24:09AM + */ + +#include "Tpm.h" +#include "OIDs.h" + + +// This file contains the ECC curve data. The format of the data depends on the +// setting of USE_BN_ECC_DATA. If it is defined, then the TPM's BigNum format is +// used. Otherwise, it is kept in TPM2B format. The purpose of having the data in +// BigNum format is so that it does not have to be reformatted before being used +// by the crypto library. + +#if ALG_ECC + +#if USE_BN_ECC_DATA +# define TO_ECC_64 TO_CRYPT_WORD_64 +# define TO_ECC_56(a, b, c, d, e, f, g) TO_ECC_64(0, a, b, c, d, e, f, g) +# define TO_ECC_48(a, b, c, d, e, f) TO_ECC_64(0, 0, a, b, c, d, e, f) +# define TO_ECC_40(a, b, c, d, e) TO_ECC_64(0, 0, 0, a, b, c, d, e) +# if RADIX_BITS > 32 +# define TO_ECC_32(a, b, c, d) TO_ECC_64(0, 0, 0, 0, a, b, c, d) +# define TO_ECC_24(a, b, c) TO_ECC_64(0, 0, 0, 0, 0, a, b, c) +# define TO_ECC_16(a, b) TO_ECC_64(0, 0, 0, 0, 0, 0, a, b) +# define TO_ECC_8(a) TO_ECC_64(0, 0, 0, 0, 0, 0, 0, a) +# else // RADIX_BITS == 32 +# define TO_ECC_32 BIG_ENDIAN_BYTES_TO_UINT32 +# define TO_ECC_24(a, b, c) TO_ECC_32(0, a, b, c) +# define TO_ECC_16(a, b) TO_ECC_32(0, 0, a, b) +# define TO_ECC_8(a) TO_ECC_32(0, 0, 0, a) +# endif +#else // TPM2B_ +# define TO_ECC_64(a, b, c, d, e, f, g, h) a, b, c, d, e, f, g, h +# define TO_ECC_56(a, b, c, d, e, f, g) a, b, c, d, e, f, g +# define TO_ECC_48(a, b, c, d, e, f) a, b, c, d, e, f +# define TO_ECC_40(a, b, c, d, e) a, b, c, d, e +# define TO_ECC_32(a, b, c, d) a, b, c, d +# define TO_ECC_24(a, b, c) a, b, c +# define TO_ECC_16(a, b) a, b +# define TO_ECC_8(a) a +#endif + +#if USE_BN_ECC_DATA +#define BN_MIN_ALLOC(bytes) \ + (BYTES_TO_CRYPT_WORDS(bytes) == 0) ? 1 : BYTES_TO_CRYPT_WORDS(bytes) +# define ECC_CONST(NAME, bytes, initializer) \ + const struct { \ + crypt_uword_t allocate, size, d[BN_MIN_ALLOC(bytes)]; \ + } NAME = {BN_MIN_ALLOC(bytes), BYTES_TO_CRYPT_WORDS(bytes),{initializer}} + +ECC_CONST(ECC_ZERO, 0, 0); + +#else +# define ECC_CONST(NAME, bytes, initializer) \ + const TPM2B_##bytes##_BYTE_VALUE NAME = {bytes, {initializer}} + +// Have to special case ECC_ZERO +TPM2B_BYTE_VALUE(1); +TPM2B_1_BYTE_VALUE ECC_ZERO = {1, {0}}; + + +#endif + +ECC_CONST(ECC_ONE, 1, 1); + +#if !USE_BN_ECC_DATA +TPM2B_BYTE_VALUE(24); +#define TO_ECC_192(a, b, c) a, b, c +TPM2B_BYTE_VALUE(28); +#define TO_ECC_224(a, b, c, d) a, b, c, d +TPM2B_BYTE_VALUE(32); +#define TO_ECC_256(a, b, c, d) a, b, c, d +TPM2B_BYTE_VALUE(48); +#define TO_ECC_384(a, b, c, d, e, f) a, b, c, d, e, f +TPM2B_BYTE_VALUE(66); +#define TO_ECC_528(a, b, c, d, e, f, g, h, i) a, b, c, d, e, f, g, h, i +TPM2B_BYTE_VALUE(80); +#define TO_ECC_640(a, b, c, d, e, f, g, h, i, j) a, b, c, d, e, f, g, h, i, j +#else +#define TO_ECC_192(a, b, c) c, b, a +#define TO_ECC_224(a, b, c, d) d, c, b, a +#define TO_ECC_256(a, b, c, d) d, c, b, a +#define TO_ECC_384(a, b, c, d, e, f) f, e, d, c, b, a +#define TO_ECC_528(a, b, c, d, e, f, g, h, i) i, h, g, f, e, d, c, b, a +#define TO_ECC_640(a, b, c, d, e, f, g, h, i, j) j, i, h, g, f, e, d, c, b, a +#endif // !USE_BN_ECC_DATA + +#if ECC_NIST_P192 +ECC_CONST(NIST_P192_p, 24, TO_ECC_192( + TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE), + TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF))); +ECC_CONST(NIST_P192_a, 24, TO_ECC_192( + TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE), + TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC))); +ECC_CONST(NIST_P192_b, 24, TO_ECC_192( + TO_ECC_64(0x64, 0x21, 0x05, 0x19, 0xE5, 0x9C, 0x80, 0xE7), + TO_ECC_64(0x0F, 0xA7, 0xE9, 0xAB, 0x72, 0x24, 0x30, 0x49), + TO_ECC_64(0xFE, 0xB8, 0xDE, 0xEC, 0xC1, 0x46, 0xB9, 0xB1))); +ECC_CONST(NIST_P192_gX, 24, TO_ECC_192( + TO_ECC_64(0x18, 0x8D, 0xA8, 0x0E, 0xB0, 0x30, 0x90, 0xF6), + TO_ECC_64(0x7C, 0xBF, 0x20, 0xEB, 0x43, 0xA1, 0x88, 0x00), + TO_ECC_64(0xF4, 0xFF, 0x0A, 0xFD, 0x82, 0xFF, 0x10, 0x12))); +ECC_CONST(NIST_P192_gY, 24, TO_ECC_192( + TO_ECC_64(0x07, 0x19, 0x2B, 0x95, 0xFF, 0xC8, 0xDA, 0x78), + TO_ECC_64(0x63, 0x10, 0x11, 0xED, 0x6B, 0x24, 0xCD, 0xD5), + TO_ECC_64(0x73, 0xF9, 0x77, 0xA1, 0x1E, 0x79, 0x48, 0x11))); +ECC_CONST(NIST_P192_n, 24, TO_ECC_192( + TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0x99, 0xDE, 0xF8, 0x36), + TO_ECC_64(0x14, 0x6B, 0xC9, 0xB1, 0xB4, 0xD2, 0x28, 0x31))); +#define NIST_P192_h ECC_ONE +#define NIST_P192_gZ ECC_ONE + +#if USE_BN_ECC_DATA + const ECC_CURVE_DATA NIST_P192 = { + (bigNum)&NIST_P192_p, (bigNum)&NIST_P192_n, (bigNum)&NIST_P192_h, + (bigNum)&NIST_P192_a, (bigNum)&NIST_P192_b, + {(bigNum)&NIST_P192_gX, (bigNum)&NIST_P192_gY, (bigNum)&NIST_P192_gZ}}; + +#else + const ECC_CURVE_DATA NIST_P192 = { + &NIST_P192_p.b, &NIST_P192_n.b, &NIST_P192_h.b, + &NIST_P192_a.b, &NIST_P192_b.b, + {&NIST_P192_gX.b, &NIST_P192_gY.b, &NIST_P192_gZ.b}}; + +#endif // USE_BN_ECC_DATA + +#endif // ECC_NIST_P192 + + +#if ECC_NIST_P224 +ECC_CONST(NIST_P224_p, 28, TO_ECC_224( + TO_ECC_32(0xFF, 0xFF, 0xFF, 0xFF), + TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00), + TO_ECC_64(0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01))); +ECC_CONST(NIST_P224_a, 28, TO_ECC_224( + TO_ECC_32(0xFF, 0xFF, 0xFF, 0xFF), + TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF), + TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE))); +ECC_CONST(NIST_P224_b, 28, TO_ECC_224( + TO_ECC_32(0xB4, 0x05, 0x0A, 0x85), + TO_ECC_64(0x0C, 0x04, 0xB3, 0xAB, 0xF5, 0x41, 0x32, 0x56), + TO_ECC_64(0x50, 0x44, 0xB0, 0xB7, 0xD7, 0xBF, 0xD8, 0xBA), + TO_ECC_64(0x27, 0x0B, 0x39, 0x43, 0x23, 0x55, 0xFF, 0xB4))); +ECC_CONST(NIST_P224_gX, 28, TO_ECC_224( + TO_ECC_32(0xB7, 0x0E, 0x0C, 0xBD), + TO_ECC_64(0x6B, 0xB4, 0xBF, 0x7F, 0x32, 0x13, 0x90, 0xB9), + TO_ECC_64(0x4A, 0x03, 0xC1, 0xD3, 0x56, 0xC2, 0x11, 0x22), + TO_ECC_64(0x34, 0x32, 0x80, 0xD6, 0x11, 0x5C, 0x1D, 0x21))); +ECC_CONST(NIST_P224_gY, 28, TO_ECC_224( + TO_ECC_32(0xBD, 0x37, 0x63, 0x88), + TO_ECC_64(0xB5, 0xF7, 0x23, 0xFB, 0x4C, 0x22, 0xDF, 0xE6), + TO_ECC_64(0xCD, 0x43, 0x75, 0xA0, 0x5A, 0x07, 0x47, 0x64), + TO_ECC_64(0x44, 0xD5, 0x81, 0x99, 0x85, 0x00, 0x7E, 0x34))); +ECC_CONST(NIST_P224_n, 28, TO_ECC_224( + TO_ECC_32(0xFF, 0xFF, 0xFF, 0xFF), + TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + TO_ECC_64(0xFF, 0xFF, 0x16, 0xA2, 0xE0, 0xB8, 0xF0, 0x3E), + TO_ECC_64(0x13, 0xDD, 0x29, 0x45, 0x5C, 0x5C, 0x2A, 0x3D))); +#define NIST_P224_h ECC_ONE +#define NIST_P224_gZ ECC_ONE + +#if USE_BN_ECC_DATA + const ECC_CURVE_DATA NIST_P224 = { + (bigNum)&NIST_P224_p, (bigNum)&NIST_P224_n, (bigNum)&NIST_P224_h, + (bigNum)&NIST_P224_a, (bigNum)&NIST_P224_b, + {(bigNum)&NIST_P224_gX, (bigNum)&NIST_P224_gY, (bigNum)&NIST_P224_gZ}}; + +#else + const ECC_CURVE_DATA NIST_P224 = { + &NIST_P224_p.b, &NIST_P224_n.b, &NIST_P224_h.b, + &NIST_P224_a.b, &NIST_P224_b.b, + {&NIST_P224_gX.b, &NIST_P224_gY.b, &NIST_P224_gZ.b}}; + +#endif // USE_BN_ECC_DATA + +#endif // ECC_NIST_P224 + + +#if ECC_NIST_P256 +ECC_CONST(NIST_P256_p, 32, TO_ECC_256( + TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x01), + TO_ECC_64(0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), + TO_ECC_64(0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF), + TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF))); +ECC_CONST(NIST_P256_a, 32, TO_ECC_256( + TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x01), + TO_ECC_64(0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), + TO_ECC_64(0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF), + TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC))); +ECC_CONST(NIST_P256_b, 32, TO_ECC_256( + TO_ECC_64(0x5A, 0xC6, 0x35, 0xD8, 0xAA, 0x3A, 0x93, 0xE7), + TO_ECC_64(0xB3, 0xEB, 0xBD, 0x55, 0x76, 0x98, 0x86, 0xBC), + TO_ECC_64(0x65, 0x1D, 0x06, 0xB0, 0xCC, 0x53, 0xB0, 0xF6), + TO_ECC_64(0x3B, 0xCE, 0x3C, 0x3E, 0x27, 0xD2, 0x60, 0x4B))); +ECC_CONST(NIST_P256_gX, 32, TO_ECC_256( + TO_ECC_64(0x6B, 0x17, 0xD1, 0xF2, 0xE1, 0x2C, 0x42, 0x47), + TO_ECC_64(0xF8, 0xBC, 0xE6, 0xE5, 0x63, 0xA4, 0x40, 0xF2), + TO_ECC_64(0x77, 0x03, 0x7D, 0x81, 0x2D, 0xEB, 0x33, 0xA0), + TO_ECC_64(0xF4, 0xA1, 0x39, 0x45, 0xD8, 0x98, 0xC2, 0x96))); +ECC_CONST(NIST_P256_gY, 32, TO_ECC_256( + TO_ECC_64(0x4F, 0xE3, 0x42, 0xE2, 0xFE, 0x1A, 0x7F, 0x9B), + TO_ECC_64(0x8E, 0xE7, 0xEB, 0x4A, 0x7C, 0x0F, 0x9E, 0x16), + TO_ECC_64(0x2B, 0xCE, 0x33, 0x57, 0x6B, 0x31, 0x5E, 0xCE), + TO_ECC_64(0xCB, 0xB6, 0x40, 0x68, 0x37, 0xBF, 0x51, 0xF5))); +ECC_CONST(NIST_P256_n, 32, TO_ECC_256( + TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00), + TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + TO_ECC_64(0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84), + TO_ECC_64(0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51))); +#define NIST_P256_h ECC_ONE +#define NIST_P256_gZ ECC_ONE + +#if USE_BN_ECC_DATA + const ECC_CURVE_DATA NIST_P256 = { + (bigNum)&NIST_P256_p, (bigNum)&NIST_P256_n, (bigNum)&NIST_P256_h, + (bigNum)&NIST_P256_a, (bigNum)&NIST_P256_b, + {(bigNum)&NIST_P256_gX, (bigNum)&NIST_P256_gY, (bigNum)&NIST_P256_gZ}}; + +#else + const ECC_CURVE_DATA NIST_P256 = { + &NIST_P256_p.b, &NIST_P256_n.b, &NIST_P256_h.b, + &NIST_P256_a.b, &NIST_P256_b.b, + {&NIST_P256_gX.b, &NIST_P256_gY.b, &NIST_P256_gZ.b}}; + +#endif // USE_BN_ECC_DATA + +#endif // ECC_NIST_P256 + + +#if ECC_NIST_P384 +ECC_CONST(NIST_P384_p, 48, TO_ECC_384( + TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE), + TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00), + TO_ECC_64(0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF))); +ECC_CONST(NIST_P384_a, 48, TO_ECC_384( + TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE), + TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00), + TO_ECC_64(0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFC))); +ECC_CONST(NIST_P384_b, 48, TO_ECC_384( + TO_ECC_64(0xB3, 0x31, 0x2F, 0xA7, 0xE2, 0x3E, 0xE7, 0xE4), + TO_ECC_64(0x98, 0x8E, 0x05, 0x6B, 0xE3, 0xF8, 0x2D, 0x19), + TO_ECC_64(0x18, 0x1D, 0x9C, 0x6E, 0xFE, 0x81, 0x41, 0x12), + TO_ECC_64(0x03, 0x14, 0x08, 0x8F, 0x50, 0x13, 0x87, 0x5A), + TO_ECC_64(0xC6, 0x56, 0x39, 0x8D, 0x8A, 0x2E, 0xD1, 0x9D), + TO_ECC_64(0x2A, 0x85, 0xC8, 0xED, 0xD3, 0xEC, 0x2A, 0xEF))); +ECC_CONST(NIST_P384_gX, 48, TO_ECC_384( + TO_ECC_64(0xAA, 0x87, 0xCA, 0x22, 0xBE, 0x8B, 0x05, 0x37), + TO_ECC_64(0x8E, 0xB1, 0xC7, 0x1E, 0xF3, 0x20, 0xAD, 0x74), + TO_ECC_64(0x6E, 0x1D, 0x3B, 0x62, 0x8B, 0xA7, 0x9B, 0x98), + TO_ECC_64(0x59, 0xF7, 0x41, 0xE0, 0x82, 0x54, 0x2A, 0x38), + TO_ECC_64(0x55, 0x02, 0xF2, 0x5D, 0xBF, 0x55, 0x29, 0x6C), + TO_ECC_64(0x3A, 0x54, 0x5E, 0x38, 0x72, 0x76, 0x0A, 0xB7))); +ECC_CONST(NIST_P384_gY, 48, TO_ECC_384( + TO_ECC_64(0x36, 0x17, 0xDE, 0x4A, 0x96, 0x26, 0x2C, 0x6F), + TO_ECC_64(0x5D, 0x9E, 0x98, 0xBF, 0x92, 0x92, 0xDC, 0x29), + TO_ECC_64(0xF8, 0xF4, 0x1D, 0xBD, 0x28, 0x9A, 0x14, 0x7C), + TO_ECC_64(0xE9, 0xDA, 0x31, 0x13, 0xB5, 0xF0, 0xB8, 0xC0), + TO_ECC_64(0x0A, 0x60, 0xB1, 0xCE, 0x1D, 0x7E, 0x81, 0x9D), + TO_ECC_64(0x7A, 0x43, 0x1D, 0x7C, 0x90, 0xEA, 0x0E, 0x5F))); +ECC_CONST(NIST_P384_n, 48, TO_ECC_384( + TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + TO_ECC_64(0xC7, 0x63, 0x4D, 0x81, 0xF4, 0x37, 0x2D, 0xDF), + TO_ECC_64(0x58, 0x1A, 0x0D, 0xB2, 0x48, 0xB0, 0xA7, 0x7A), + TO_ECC_64(0xEC, 0xEC, 0x19, 0x6A, 0xCC, 0xC5, 0x29, 0x73))); +#define NIST_P384_h ECC_ONE +#define NIST_P384_gZ ECC_ONE + +#if USE_BN_ECC_DATA + const ECC_CURVE_DATA NIST_P384 = { + (bigNum)&NIST_P384_p, (bigNum)&NIST_P384_n, (bigNum)&NIST_P384_h, + (bigNum)&NIST_P384_a, (bigNum)&NIST_P384_b, + {(bigNum)&NIST_P384_gX, (bigNum)&NIST_P384_gY, (bigNum)&NIST_P384_gZ}}; + +#else + const ECC_CURVE_DATA NIST_P384 = { + &NIST_P384_p.b, &NIST_P384_n.b, &NIST_P384_h.b, + &NIST_P384_a.b, &NIST_P384_b.b, + {&NIST_P384_gX.b, &NIST_P384_gY.b, &NIST_P384_gZ.b}}; + +#endif // USE_BN_ECC_DATA + +#endif // ECC_NIST_P384 + + +#if ECC_NIST_P521 +ECC_CONST(NIST_P521_p, 66, TO_ECC_528( + TO_ECC_16(0x01, 0xFF), + TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF))); +ECC_CONST(NIST_P521_a, 66, TO_ECC_528( + TO_ECC_16(0x01, 0xFF), + TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC))); +ECC_CONST(NIST_P521_b, 66, TO_ECC_528( + TO_ECC_16(0x00, 0x51), + TO_ECC_64(0x95, 0x3E, 0xB9, 0x61, 0x8E, 0x1C, 0x9A, 0x1F), + TO_ECC_64(0x92, 0x9A, 0x21, 0xA0, 0xB6, 0x85, 0x40, 0xEE), + TO_ECC_64(0xA2, 0xDA, 0x72, 0x5B, 0x99, 0xB3, 0x15, 0xF3), + TO_ECC_64(0xB8, 0xB4, 0x89, 0x91, 0x8E, 0xF1, 0x09, 0xE1), + TO_ECC_64(0x56, 0x19, 0x39, 0x51, 0xEC, 0x7E, 0x93, 0x7B), + TO_ECC_64(0x16, 0x52, 0xC0, 0xBD, 0x3B, 0xB1, 0xBF, 0x07), + TO_ECC_64(0x35, 0x73, 0xDF, 0x88, 0x3D, 0x2C, 0x34, 0xF1), + TO_ECC_64(0xEF, 0x45, 0x1F, 0xD4, 0x6B, 0x50, 0x3F, 0x00))); +ECC_CONST(NIST_P521_gX, 66, TO_ECC_528( + TO_ECC_16(0x00, 0xC6), + TO_ECC_64(0x85, 0x8E, 0x06, 0xB7, 0x04, 0x04, 0xE9, 0xCD), + TO_ECC_64(0x9E, 0x3E, 0xCB, 0x66, 0x23, 0x95, 0xB4, 0x42), + TO_ECC_64(0x9C, 0x64, 0x81, 0x39, 0x05, 0x3F, 0xB5, 0x21), + TO_ECC_64(0xF8, 0x28, 0xAF, 0x60, 0x6B, 0x4D, 0x3D, 0xBA), + TO_ECC_64(0xA1, 0x4B, 0x5E, 0x77, 0xEF, 0xE7, 0x59, 0x28), + TO_ECC_64(0xFE, 0x1D, 0xC1, 0x27, 0xA2, 0xFF, 0xA8, 0xDE), + TO_ECC_64(0x33, 0x48, 0xB3, 0xC1, 0x85, 0x6A, 0x42, 0x9B), + TO_ECC_64(0xF9, 0x7E, 0x7E, 0x31, 0xC2, 0xE5, 0xBD, 0x66))); +ECC_CONST(NIST_P521_gY, 66, TO_ECC_528( + TO_ECC_16(0x01, 0x18), + TO_ECC_64(0x39, 0x29, 0x6A, 0x78, 0x9A, 0x3B, 0xC0, 0x04), + TO_ECC_64(0x5C, 0x8A, 0x5F, 0xB4, 0x2C, 0x7D, 0x1B, 0xD9), + TO_ECC_64(0x98, 0xF5, 0x44, 0x49, 0x57, 0x9B, 0x44, 0x68), + TO_ECC_64(0x17, 0xAF, 0xBD, 0x17, 0x27, 0x3E, 0x66, 0x2C), + TO_ECC_64(0x97, 0xEE, 0x72, 0x99, 0x5E, 0xF4, 0x26, 0x40), + TO_ECC_64(0xC5, 0x50, 0xB9, 0x01, 0x3F, 0xAD, 0x07, 0x61), + TO_ECC_64(0x35, 0x3C, 0x70, 0x86, 0xA2, 0x72, 0xC2, 0x40), + TO_ECC_64(0x88, 0xBE, 0x94, 0x76, 0x9F, 0xD1, 0x66, 0x50))); +ECC_CONST(NIST_P521_n, 66, TO_ECC_528( + TO_ECC_16(0x01, 0xFF), + TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFA), + TO_ECC_64(0x51, 0x86, 0x87, 0x83, 0xBF, 0x2F, 0x96, 0x6B), + TO_ECC_64(0x7F, 0xCC, 0x01, 0x48, 0xF7, 0x09, 0xA5, 0xD0), + TO_ECC_64(0x3B, 0xB5, 0xC9, 0xB8, 0x89, 0x9C, 0x47, 0xAE), + TO_ECC_64(0xBB, 0x6F, 0xB7, 0x1E, 0x91, 0x38, 0x64, 0x09))); +#define NIST_P521_h ECC_ONE +#define NIST_P521_gZ ECC_ONE + +#if USE_BN_ECC_DATA + const ECC_CURVE_DATA NIST_P521 = { + (bigNum)&NIST_P521_p, (bigNum)&NIST_P521_n, (bigNum)&NIST_P521_h, + (bigNum)&NIST_P521_a, (bigNum)&NIST_P521_b, + {(bigNum)&NIST_P521_gX, (bigNum)&NIST_P521_gY, (bigNum)&NIST_P521_gZ}}; + +#else + const ECC_CURVE_DATA NIST_P521 = { + &NIST_P521_p.b, &NIST_P521_n.b, &NIST_P521_h.b, + &NIST_P521_a.b, &NIST_P521_b.b, + {&NIST_P521_gX.b, &NIST_P521_gY.b, &NIST_P521_gZ.b}}; + +#endif // USE_BN_ECC_DATA + +#endif // ECC_NIST_P521 + + +#if ECC_BN_P256 +ECC_CONST(BN_P256_p, 32, TO_ECC_256( + TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC, 0xF0, 0xCD), + TO_ECC_64(0x46, 0xE5, 0xF2, 0x5E, 0xEE, 0x71, 0xA4, 0x9F), + TO_ECC_64(0x0C, 0xDC, 0x65, 0xFB, 0x12, 0x98, 0x0A, 0x82), + TO_ECC_64(0xD3, 0x29, 0x2D, 0xDB, 0xAE, 0xD3, 0x30, 0x13))); +#define BN_P256_a ECC_ZERO +ECC_CONST(BN_P256_b, 1, TO_ECC_8(3)); +#define BN_P256_gX ECC_ONE +ECC_CONST(BN_P256_gY, 1, TO_ECC_8(2)); +ECC_CONST(BN_P256_n, 32, TO_ECC_256( + TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC, 0xF0, 0xCD), + TO_ECC_64(0x46, 0xE5, 0xF2, 0x5E, 0xEE, 0x71, 0xA4, 0x9E), + TO_ECC_64(0x0C, 0xDC, 0x65, 0xFB, 0x12, 0x99, 0x92, 0x1A), + TO_ECC_64(0xF6, 0x2D, 0x53, 0x6C, 0xD1, 0x0B, 0x50, 0x0D))); +#define BN_P256_h ECC_ONE +#define BN_P256_gZ ECC_ONE + +#if USE_BN_ECC_DATA + const ECC_CURVE_DATA BN_P256 = { + (bigNum)&BN_P256_p, (bigNum)&BN_P256_n, (bigNum)&BN_P256_h, + (bigNum)&BN_P256_a, (bigNum)&BN_P256_b, + {(bigNum)&BN_P256_gX, (bigNum)&BN_P256_gY, (bigNum)&BN_P256_gZ}}; + +#else + const ECC_CURVE_DATA BN_P256 = { + &BN_P256_p.b, &BN_P256_n.b, &BN_P256_h.b, + &BN_P256_a.b, &BN_P256_b.b, + {&BN_P256_gX.b, &BN_P256_gY.b, &BN_P256_gZ.b}}; + +#endif // USE_BN_ECC_DATA + +#endif // ECC_BN_P256 + + +#if ECC_BN_P638 +ECC_CONST(BN_P638_p, 80, TO_ECC_640( + TO_ECC_64(0x23, 0xFF, 0xFF, 0xFD, 0xC0, 0x00, 0x00, 0x0D), + TO_ECC_64(0x7F, 0xFF, 0xFF, 0xB8, 0x00, 0x00, 0x01, 0xD3), + TO_ECC_64(0xFF, 0xFF, 0xF9, 0x42, 0xD0, 0x00, 0x16, 0x5E), + TO_ECC_64(0x3F, 0xFF, 0x94, 0x87, 0x00, 0x00, 0xD5, 0x2F), + TO_ECC_64(0xFF, 0xFD, 0xD0, 0xE0, 0x00, 0x08, 0xDE, 0x55), + TO_ECC_64(0xC0, 0x00, 0x86, 0x52, 0x00, 0x21, 0xE5, 0x5B), + TO_ECC_64(0xFF, 0xFF, 0xF5, 0x1F, 0xFF, 0xF4, 0xEB, 0x80), + TO_ECC_64(0x00, 0x00, 0x00, 0x4C, 0x80, 0x01, 0x5A, 0xCD), + TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xEC, 0xE0), + TO_ECC_64(0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x67))); +#define BN_P638_a ECC_ZERO +ECC_CONST(BN_P638_b, 2, TO_ECC_16(0x01,0x01)); +ECC_CONST(BN_P638_gX, 80, TO_ECC_640( + TO_ECC_64(0x23, 0xFF, 0xFF, 0xFD, 0xC0, 0x00, 0x00, 0x0D), + TO_ECC_64(0x7F, 0xFF, 0xFF, 0xB8, 0x00, 0x00, 0x01, 0xD3), + TO_ECC_64(0xFF, 0xFF, 0xF9, 0x42, 0xD0, 0x00, 0x16, 0x5E), + TO_ECC_64(0x3F, 0xFF, 0x94, 0x87, 0x00, 0x00, 0xD5, 0x2F), + TO_ECC_64(0xFF, 0xFD, 0xD0, 0xE0, 0x00, 0x08, 0xDE, 0x55), + TO_ECC_64(0xC0, 0x00, 0x86, 0x52, 0x00, 0x21, 0xE5, 0x5B), + TO_ECC_64(0xFF, 0xFF, 0xF5, 0x1F, 0xFF, 0xF4, 0xEB, 0x80), + TO_ECC_64(0x00, 0x00, 0x00, 0x4C, 0x80, 0x01, 0x5A, 0xCD), + TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xEC, 0xE0), + TO_ECC_64(0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x66))); +ECC_CONST(BN_P638_gY, 1, TO_ECC_8(0x10)); +ECC_CONST(BN_P638_n, 80, TO_ECC_640( + TO_ECC_64(0x23, 0xFF, 0xFF, 0xFD, 0xC0, 0x00, 0x00, 0x0D), + TO_ECC_64(0x7F, 0xFF, 0xFF, 0xB8, 0x00, 0x00, 0x01, 0xD3), + TO_ECC_64(0xFF, 0xFF, 0xF9, 0x42, 0xD0, 0x00, 0x16, 0x5E), + TO_ECC_64(0x3F, 0xFF, 0x94, 0x87, 0x00, 0x00, 0xD5, 0x2F), + TO_ECC_64(0xFF, 0xFD, 0xD0, 0xE0, 0x00, 0x08, 0xDE, 0x55), + TO_ECC_64(0x60, 0x00, 0x86, 0x55, 0x00, 0x21, 0xE5, 0x55), + TO_ECC_64(0xFF, 0xFF, 0xF5, 0x4F, 0xFF, 0xF4, 0xEA, 0xC0), + TO_ECC_64(0x00, 0x00, 0x00, 0x49, 0x80, 0x01, 0x54, 0xD9), + TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xED, 0xA0), + TO_ECC_64(0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x61))); +#define BN_P638_h ECC_ONE +#define BN_P638_gZ ECC_ONE + +#if USE_BN_ECC_DATA + const ECC_CURVE_DATA BN_P638 = { + (bigNum)&BN_P638_p, (bigNum)&BN_P638_n, (bigNum)&BN_P638_h, + (bigNum)&BN_P638_a, (bigNum)&BN_P638_b, + {(bigNum)&BN_P638_gX, (bigNum)&BN_P638_gY, (bigNum)&BN_P638_gZ}}; + +#else + const ECC_CURVE_DATA BN_P638 = { + &BN_P638_p.b, &BN_P638_n.b, &BN_P638_h.b, + &BN_P638_a.b, &BN_P638_b.b, + {&BN_P638_gX.b, &BN_P638_gY.b, &BN_P638_gZ.b}}; + +#endif // USE_BN_ECC_DATA + +#endif // ECC_BN_P638 + + +#if ECC_SM2_P256 +ECC_CONST(SM2_P256_p, 32, TO_ECC_256( + TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF), + TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00), + TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF))); +ECC_CONST(SM2_P256_a, 32, TO_ECC_256( + TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF), + TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00), + TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC))); +ECC_CONST(SM2_P256_b, 32, TO_ECC_256( + TO_ECC_64(0x28, 0xE9, 0xFA, 0x9E, 0x9D, 0x9F, 0x5E, 0x34), + TO_ECC_64(0x4D, 0x5A, 0x9E, 0x4B, 0xCF, 0x65, 0x09, 0xA7), + TO_ECC_64(0xF3, 0x97, 0x89, 0xF5, 0x15, 0xAB, 0x8F, 0x92), + TO_ECC_64(0xDD, 0xBC, 0xBD, 0x41, 0x4D, 0x94, 0x0E, 0x93))); +ECC_CONST(SM2_P256_gX, 32, TO_ECC_256( + TO_ECC_64(0x32, 0xC4, 0xAE, 0x2C, 0x1F, 0x19, 0x81, 0x19), + TO_ECC_64(0x5F, 0x99, 0x04, 0x46, 0x6A, 0x39, 0xC9, 0x94), + TO_ECC_64(0x8F, 0xE3, 0x0B, 0xBF, 0xF2, 0x66, 0x0B, 0xE1), + TO_ECC_64(0x71, 0x5A, 0x45, 0x89, 0x33, 0x4C, 0x74, 0xC7))); +ECC_CONST(SM2_P256_gY, 32, TO_ECC_256( + TO_ECC_64(0xBC, 0x37, 0x36, 0xA2, 0xF4, 0xF6, 0x77, 0x9C), + TO_ECC_64(0x59, 0xBD, 0xCE, 0xE3, 0x6B, 0x69, 0x21, 0x53), + TO_ECC_64(0xD0, 0xA9, 0x87, 0x7C, 0xC6, 0x2A, 0x47, 0x40), + TO_ECC_64(0x02, 0xDF, 0x32, 0xE5, 0x21, 0x39, 0xF0, 0xA0))); +ECC_CONST(SM2_P256_n, 32, TO_ECC_256( + TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF), + TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + TO_ECC_64(0x72, 0x03, 0xDF, 0x6B, 0x21, 0xC6, 0x05, 0x2B), + TO_ECC_64(0x53, 0xBB, 0xF4, 0x09, 0x39, 0xD5, 0x41, 0x23))); +#define SM2_P256_h ECC_ONE +#define SM2_P256_gZ ECC_ONE + +#if USE_BN_ECC_DATA + const ECC_CURVE_DATA SM2_P256 = { + (bigNum)&SM2_P256_p, (bigNum)&SM2_P256_n, (bigNum)&SM2_P256_h, + (bigNum)&SM2_P256_a, (bigNum)&SM2_P256_b, + {(bigNum)&SM2_P256_gX, (bigNum)&SM2_P256_gY, (bigNum)&SM2_P256_gZ}}; + +#else + const ECC_CURVE_DATA SM2_P256 = { + &SM2_P256_p.b, &SM2_P256_n.b, &SM2_P256_h.b, + &SM2_P256_a.b, &SM2_P256_b.b, + {&SM2_P256_gX.b, &SM2_P256_gY.b, &SM2_P256_gZ.b}}; + +#endif // USE_BN_ECC_DATA + +#endif // ECC_SM2_P256 + + +#define comma +const ECC_CURVE eccCurves[] = { +#if ECC_NIST_P192 + comma + {TPM_ECC_NIST_P192, + 192, + {ALG_KDF1_SP800_56A_VALUE, {{ALG_SHA256_VALUE}}}, + {ALG_NULL_VALUE, {{ALG_NULL_VALUE}}}, + &NIST_P192, + OID_ECC_NIST_P192 + CURVE_NAME("NIST_P192")} +# undef comma +# define comma , +#endif // ECC_NIST_P192 +#if ECC_NIST_P224 + comma + {TPM_ECC_NIST_P224, + 224, + {ALG_KDF1_SP800_56A_VALUE, {{ALG_SHA256_VALUE}}}, + {ALG_NULL_VALUE, {{ALG_NULL_VALUE}}}, + &NIST_P224, + OID_ECC_NIST_P224 + CURVE_NAME("NIST_P224")} +# undef comma +# define comma , +#endif // ECC_NIST_P224 +#if ECC_NIST_P256 + comma + {TPM_ECC_NIST_P256, + 256, + {ALG_KDF1_SP800_56A_VALUE, {{ALG_SHA256_VALUE}}}, + {ALG_NULL_VALUE, {{ALG_NULL_VALUE}}}, + &NIST_P256, + OID_ECC_NIST_P256 + CURVE_NAME("NIST_P256")} +# undef comma +# define comma , +#endif // ECC_NIST_P256 +#if ECC_NIST_P384 + comma + {TPM_ECC_NIST_P384, + 384, + {ALG_KDF1_SP800_56A_VALUE, {{ALG_SHA384_VALUE}}}, + {ALG_NULL_VALUE, {{ALG_NULL_VALUE}}}, + &NIST_P384, + OID_ECC_NIST_P384 + CURVE_NAME("NIST_P384")} +# undef comma +# define comma , +#endif // ECC_NIST_P384 +#if ECC_NIST_P521 + comma + {TPM_ECC_NIST_P521, + 521, + {ALG_KDF1_SP800_56A_VALUE, {{ALG_SHA512_VALUE}}}, + {ALG_NULL_VALUE, {{ALG_NULL_VALUE}}}, + &NIST_P521, + OID_ECC_NIST_P521 + CURVE_NAME("NIST_P521")} +# undef comma +# define comma , +#endif // ECC_NIST_P521 +#if ECC_BN_P256 + comma + {TPM_ECC_BN_P256, + 256, + {ALG_NULL_VALUE, {{ALG_NULL_VALUE}}}, + {ALG_NULL_VALUE, {{ALG_NULL_VALUE}}}, + &BN_P256, + OID_ECC_BN_P256 + CURVE_NAME("BN_P256")} +# undef comma +# define comma , +#endif // ECC_BN_P256 +#if ECC_BN_P638 + comma + {TPM_ECC_BN_P638, + 638, + {ALG_NULL_VALUE, {{ALG_NULL_VALUE}}}, + {ALG_NULL_VALUE, {{ALG_NULL_VALUE}}}, + &BN_P638, + OID_ECC_BN_P638 + CURVE_NAME("BN_P638")} +# undef comma +# define comma , +#endif // ECC_BN_P638 +#if ECC_SM2_P256 + comma + {TPM_ECC_SM2_P256, + 256, + {ALG_KDF1_SP800_56A_VALUE, {{ALG_SM3_256_VALUE}}}, + {ALG_NULL_VALUE, {{ALG_NULL_VALUE}}}, + &SM2_P256, + OID_ECC_SM2_P256 + CURVE_NAME("SM2_P256")} +# undef comma +# define comma , +#endif // ECC_SM2_P256 +}; +#endif // TPM_ALG_ECC diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptEccKeyExchange.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptEccKeyExchange.c new file mode 100644 index 000000000..5e141cf3d --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptEccKeyExchange.c @@ -0,0 +1,383 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +//** Introduction +// This file contains the functions that are used for the two-phase, ECC, +// key-exchange protocols + + +#include "Tpm.h" + +#if CC_ZGen_2Phase == YES + +//** Functions + +#if ALG_ECMQV + +//*** avf1() +// This function does the associated value computation required by MQV key +// exchange. +// Process: +// 1. Convert 'xQ' to an integer 'xqi' using the convention specified in Appendix C.3. +// 2. Calculate +// xqm = xqi mod 2^ceil(f/2) (where f = ceil(log2(n)). +// 3. Calculate the associate value function +// avf(Q) = xqm + 2ceil(f / 2) +// Always returns TRUE(1). +static BOOL +avf1( + bigNum bnX, // IN/OUT: the reduced value + bigNum bnN // IN: the order of the curve + ) +{ +// compute f = 2^(ceil(ceil(log2(n)) / 2)) + int f = (BnSizeInBits(bnN) + 1) / 2; +// x' = 2^f + (x mod 2^f) + BnMaskBits(bnX, f); // This is mod 2*2^f but it doesn't matter because + // the next operation will SET the extra bit anyway + BnSetBit(bnX, f); + return TRUE; +} + +//*** C_2_2_MQV() +// This function performs the key exchange defined in SP800-56A +// 6.1.1.4 Full MQV, C(2, 2, ECC MQV). +// +// CAUTION: Implementation of this function may require use of essential claims in +// patents not owned by TCG members. +// +// Points 'QsB' and 'QeB' are required to be on the curve of 'inQsA'. The function +// will fail, possibly catastrophically, if this is not the case. +// Return Type: TPM_RC +// TPM_RC_NO_RESULT the value for dsA does not give a valid point on the +// curve +static TPM_RC +C_2_2_MQV( + TPMS_ECC_POINT *outZ, // OUT: the computed point + TPM_ECC_CURVE curveId, // IN: the curve for the computations + TPM2B_ECC_PARAMETER *dsA, // IN: static private TPM key + TPM2B_ECC_PARAMETER *deA, // IN: ephemeral private TPM key + TPMS_ECC_POINT *QsB, // IN: static public party B key + TPMS_ECC_POINT *QeB // IN: ephemeral public party B key + ) +{ + CURVE_INITIALIZED(E, curveId); + const ECC_CURVE_DATA *C; + POINT(pQeA); + POINT_INITIALIZED(pQeB, QeB); + POINT_INITIALIZED(pQsB, QsB); + ECC_NUM(bnTa); + ECC_INITIALIZED(bnDeA, deA); + ECC_INITIALIZED(bnDsA, dsA); + ECC_NUM(bnN); + ECC_NUM(bnXeB); + TPM_RC retVal; +// + // Parameter checks + if(E == NULL) + ERROR_RETURN(TPM_RC_VALUE); + pAssert(outZ != NULL && pQeB != NULL && pQsB != NULL && deA != NULL + && dsA != NULL); + C = AccessCurveData(E); +// Process: +// 1. implicitsigA = (de,A + avf(Qe,A)ds,A ) mod n. +// 2. P = h(implicitsigA)(Qe,B + avf(Qe,B)Qs,B). +// 3. If P = O, output an error indicator. +// 4. Z=xP, where xP is the x-coordinate of P. + + // Compute the public ephemeral key pQeA = [de,A]G + if((retVal = BnPointMult(pQeA, CurveGetG(C), bnDeA, NULL, NULL, E)) + != TPM_RC_SUCCESS) + goto Exit; + +// 1. implicitsigA = (de,A + avf(Qe,A)ds,A ) mod n. +// tA := (ds,A + de,A avf(Xe,A)) mod n (3) +// Compute 'tA' = ('deA' + 'dsA' avf('XeA')) mod n + // Ta = avf(XeA); + BnCopy(bnTa, pQeA->x); + avf1(bnTa, bnN); + // do Ta = ds,A * Ta mod n = dsA * avf(XeA) mod n + BnModMult(bnTa, bnDsA, bnTa, bnN); + // now Ta = deA + Ta mod n = deA + dsA * avf(XeA) mod n + BnAdd(bnTa, bnTa, bnDeA); + BnMod(bnTa, bnN); + +// 2. P = h(implicitsigA)(Qe,B + avf(Qe,B)Qs,B). +// Put this in because almost every case of h is == 1 so skip the call when + // not necessary. + if(!BnEqualWord(CurveGetCofactor(C), 1)) + // Cofactor is not 1 so compute Ta := Ta * h mod n + BnModMult(bnTa, bnTa, CurveGetCofactor(C), CurveGetOrder(C)); + + // Now that 'tA' is (h * 'tA' mod n) + // 'outZ' = (tA)(Qe,B + avf(Qe,B)Qs,B). + + // first, compute XeB = avf(XeB) + avf1(bnXeB, bnN); + + // QsB := [XeB]QsB + BnPointMult(pQsB, pQsB, bnXeB, NULL, NULL, E); + BnEccAdd(pQeB, pQeB, pQsB, E); + + // QeB := [tA]QeB = [tA](QsB + [Xe,B]QeB) and check for at infinity + // If the result is not the point at infinity, return QeB + BnPointMult(pQeB, pQeB, bnTa, NULL, NULL, E); + if(BnEqualZero(pQeB->z)) + ERROR_RETURN(TPM_RC_NO_RESULT); + // Convert BIGNUM E to TPM2B E + BnPointTo2B(outZ, pQeB, E); + +Exit: + CURVE_FREE(E); + return retVal; +} + +#endif // ALG_ECMQV + +//*** C_2_2_ECDH() +// This function performs the two phase key exchange defined in SP800-56A, +// 6.1.1.2 Full Unified Model, C(2, 2, ECC CDH). +// +static TPM_RC +C_2_2_ECDH( + TPMS_ECC_POINT *outZs, // OUT: Zs + TPMS_ECC_POINT *outZe, // OUT: Ze + TPM_ECC_CURVE curveId, // IN: the curve for the computations + TPM2B_ECC_PARAMETER *dsA, // IN: static private TPM key + TPM2B_ECC_PARAMETER *deA, // IN: ephemeral private TPM key + TPMS_ECC_POINT *QsB, // IN: static public party B key + TPMS_ECC_POINT *QeB // IN: ephemeral public party B key + ) +{ + CURVE_INITIALIZED(E, curveId); + ECC_INITIALIZED(bnAs, dsA); + ECC_INITIALIZED(bnAe, deA); + POINT_INITIALIZED(ecBs, QsB); + POINT_INITIALIZED(ecBe, QeB); + POINT(ecZ); + TPM_RC retVal; +// + // Parameter checks + if(E == NULL) + ERROR_RETURN(TPM_RC_CURVE); + pAssert(outZs != NULL && dsA != NULL && deA != NULL && QsB != NULL + && QeB != NULL); + + // Do the point multiply for the Zs value ([dsA]QsB) + retVal = BnPointMult(ecZ, ecBs, bnAs, NULL, NULL, E); + if(retVal == TPM_RC_SUCCESS) + { + // Convert the Zs value. + BnPointTo2B(outZs, ecZ, E); + // Do the point multiply for the Ze value ([deA]QeB) + retVal = BnPointMult(ecZ, ecBe, bnAe, NULL, NULL, E); + if(retVal == TPM_RC_SUCCESS) + BnPointTo2B(outZe, ecZ, E); + } +Exit: + CURVE_FREE(E); + return retVal; +} + +//*** CryptEcc2PhaseKeyExchange() +// This function is the dispatch routine for the EC key exchange functions that use +// two ephemeral and two static keys. +// Return Type: TPM_RC +// TPM_RC_SCHEME scheme is not defined +LIB_EXPORT TPM_RC +CryptEcc2PhaseKeyExchange( + TPMS_ECC_POINT *outZ1, // OUT: a computed point + TPMS_ECC_POINT *outZ2, // OUT: and optional second point + TPM_ECC_CURVE curveId, // IN: the curve for the computations + TPM_ALG_ID scheme, // IN: the key exchange scheme + TPM2B_ECC_PARAMETER *dsA, // IN: static private TPM key + TPM2B_ECC_PARAMETER *deA, // IN: ephemeral private TPM key + TPMS_ECC_POINT *QsB, // IN: static public party B key + TPMS_ECC_POINT *QeB // IN: ephemeral public party B key + ) +{ + pAssert(outZ1 != NULL + && dsA != NULL && deA != NULL + && QsB != NULL && QeB != NULL); + + // Initialize the output points so that they are empty until one of the + // functions decides otherwise + outZ1->x.b.size = 0; + outZ1->y.b.size = 0; + if(outZ2 != NULL) + { + outZ2->x.b.size = 0; + outZ2->y.b.size = 0; + } + switch(scheme) + { + case ALG_ECDH_VALUE: + return C_2_2_ECDH(outZ1, outZ2, curveId, dsA, deA, QsB, QeB); + break; +#if ALG_ECMQV + case ALG_ECMQV_VALUE: + return C_2_2_MQV(outZ1, curveId, dsA, deA, QsB, QeB); + break; +#endif +#if ALG_SM2 + case ALG_SM2_VALUE: + return SM2KeyExchange(outZ1, curveId, dsA, deA, QsB, QeB); + break; +#endif + default: + return TPM_RC_SCHEME; + } +} + +#if ALG_SM2 + +//*** ComputeWForSM2() +// Compute the value for w used by SM2 +static UINT32 +ComputeWForSM2( + bigCurve E + ) +{ + // w := ceil(ceil(log2(n)) / 2) - 1 + return (BnMsb(CurveGetOrder(AccessCurveData(E))) / 2 - 1); +} + +//*** avfSm2() +// This function does the associated value computation required by SM2 key +// exchange. This is different from the avf() in the international standards +// because it returns a value that is half the size of the value returned by the +// standard avf(). For example, if 'n' is 15, 'Ws' ('w' in the standard) is 2 but +// the 'W' here is 1. This means that an input value of 14 (1110b) would return a +// value of 110b with the standard but 10b with the scheme in SM2. +static bigNum +avfSm2( + bigNum bn, // IN/OUT: the reduced value + UINT32 w // IN: the value of w + ) +{ + // a) set w := ceil(ceil(log2(n)) / 2) - 1 + // b) set x' := 2^w + ( x & (2^w - 1)) + // This is just like the avf for MQV where x' = 2^w + (x mod 2^w) + + BnMaskBits(bn, w); // as with avf1, this is too big by a factor of 2 but + // it doesn't matter because we SET the extra bit + // anyway + BnSetBit(bn, w); + return bn; +} + +//*** SM2KeyExchange() +// This function performs the key exchange defined in SM2. +// The first step is to compute +// 'tA' = ('dsA' + 'deA' avf(Xe,A)) mod 'n' +// Then, compute the 'Z' value from +// 'outZ' = ('h' 'tA' mod 'n') ('QsA' + [avf('QeB.x')]('QeB')). +// The function will compute the ephemeral public key from the ephemeral +// private key. +// All points are required to be on the curve of 'inQsA'. The function will fail +// catastrophically if this is not the case +// Return Type: TPM_RC +// TPM_RC_NO_RESULT the value for dsA does not give a valid point on the +// curve +LIB_EXPORT TPM_RC +SM2KeyExchange( + TPMS_ECC_POINT *outZ, // OUT: the computed point + TPM_ECC_CURVE curveId, // IN: the curve for the computations + TPM2B_ECC_PARAMETER *dsAIn, // IN: static private TPM key + TPM2B_ECC_PARAMETER *deAIn, // IN: ephemeral private TPM key + TPMS_ECC_POINT *QsBIn, // IN: static public party B key + TPMS_ECC_POINT *QeBIn // IN: ephemeral public party B key + ) +{ + CURVE_INITIALIZED(E, curveId); + const ECC_CURVE_DATA *C; + ECC_INITIALIZED(dsA, dsAIn); + ECC_INITIALIZED(deA, deAIn); + POINT_INITIALIZED(QsB, QsBIn); + POINT_INITIALIZED(QeB, QeBIn); + BN_WORD_INITIALIZED(One, 1); + POINT(QeA); + ECC_NUM(XeB); + POINT(Z); + ECC_NUM(Ta); + UINT32 w; + TPM_RC retVal = TPM_RC_NO_RESULT; +// + // Parameter checks + if(E == NULL) + ERROR_RETURN(TPM_RC_CURVE); + C = AccessCurveData(E); + pAssert(outZ != NULL && dsA != NULL && deA != NULL && QsB != NULL + && QeB != NULL); + + // Compute the value for w + w = ComputeWForSM2(E); + + // Compute the public ephemeral key pQeA = [de,A]G + if(!BnEccModMult(QeA, CurveGetG(C), deA, E)) + goto Exit; + + // tA := (ds,A + de,A avf(Xe,A)) mod n (3) + // Compute 'tA' = ('dsA' + 'deA' avf('XeA')) mod n + // Ta = avf(XeA); + // do Ta = de,A * Ta = deA * avf(XeA) + BnMult(Ta, deA, avfSm2(QeA->x, w)); + // now Ta = dsA + Ta = dsA + deA * avf(XeA) + BnAdd(Ta, dsA, Ta); + BnMod(Ta, CurveGetOrder(C)); + + // outZ = [h tA mod n] (Qs,B + [avf(Xe,B)](Qe,B)) (4) + // Put this in because almost every case of h is == 1 so skip the call when + // not necessary. + if(!BnEqualWord(CurveGetCofactor(C), 1)) + // Cofactor is not 1 so compute Ta := Ta * h mod n + BnModMult(Ta, Ta, CurveGetCofactor(C), CurveGetOrder(C)); + // Now that 'tA' is (h * 'tA' mod n) + // 'outZ' = ['tA'](QsB + [avf(QeB.x)](QeB)). + BnCopy(XeB, QeB->x); + if(!BnEccModMult2(Z, QsB, One, QeB, avfSm2(XeB, w), E)) + goto Exit; + // QeB := [tA]QeB = [tA](QsB + [Xe,B]QeB) and check for at infinity + if(!BnEccModMult(Z, Z, Ta, E)) + goto Exit; + // Convert BIGNUM E to TPM2B E + BnPointTo2B(outZ, Z, E); + retVal = TPM_RC_SUCCESS; +Exit: + CURVE_FREE(E); + return retVal; +} +#endif + +#endif // CC_ZGen_2Phase \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptEccMain.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptEccMain.c new file mode 100644 index 000000000..79bebfa57 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptEccMain.c @@ -0,0 +1,820 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +//** Includes and Defines +#include "Tpm.h" + +#if ALG_ECC + +// This version requires that the new format for ECC data be used +#if !USE_BN_ECC_DATA +#error "Need to SET USE_BN_ECC_DATA to YES in Implementaion.h" +#endif + +//** Functions + +#if SIMULATION +void +EccSimulationEnd( + void + ) +{ +#if SIMULATION +// put things to be printed at the end of the simulation here +#endif +} +#endif // SIMULATION + +//*** CryptEccInit() +// This function is called at _TPM_Init +BOOL +CryptEccInit( + void + ) +{ + return TRUE; +} + +//*** CryptEccStartup() +// This function is called at TPM2_Startup(). +BOOL +CryptEccStartup( + void + ) +{ + return TRUE; +} + +//*** ClearPoint2B(generic) +// Initialize the size values of a TPMS_ECC_POINT structure. +void +ClearPoint2B( + TPMS_ECC_POINT *p // IN: the point + ) +{ + if(p != NULL) + { + p->x.t.size = 0; + p->y.t.size = 0; + } +} + +//*** CryptEccGetParametersByCurveId() +// This function returns a pointer to the curve data that is associated with +// the indicated curveId. +// If there is no curve with the indicated ID, the function returns NULL. This +// function is in this module so that it can be called by GetCurve data. +// Return Type: const ECC_CURVE_DATA +// NULL curve with the indicated TPM_ECC_CURVE is not implemented +// != NULL pointer to the curve data +LIB_EXPORT const ECC_CURVE * +CryptEccGetParametersByCurveId( + TPM_ECC_CURVE curveId // IN: the curveID + ) +{ + int i; + for(i = 0; i < ECC_CURVE_COUNT; i++) + { + if(eccCurves[i].curveId == curveId) + return &eccCurves[i]; + } + return NULL; +} + +//*** CryptEccGetKeySizeForCurve() +// This function returns the key size in bits of the indicated curve. +LIB_EXPORT UINT16 +CryptEccGetKeySizeForCurve( + TPM_ECC_CURVE curveId // IN: the curve + ) +{ + const ECC_CURVE *curve = CryptEccGetParametersByCurveId(curveId); + UINT16 keySizeInBits; +// + keySizeInBits = (curve != NULL) ? curve->keySizeBits : 0; + return keySizeInBits; +} + +//*** GetCurveData() +// This function returns the a pointer for the parameter data +// associated with a curve. +const ECC_CURVE_DATA * +GetCurveData( + TPM_ECC_CURVE curveId // IN: the curveID + ) +{ + const ECC_CURVE *curve = CryptEccGetParametersByCurveId(curveId); + return (curve != NULL) ? curve->curveData : NULL; +} + +//***CryptEccGetOID() +const BYTE * +CryptEccGetOID( + TPM_ECC_CURVE curveId +) +{ + const ECC_CURVE *curve = CryptEccGetParametersByCurveId(curveId); + return (curve != NULL) ? curve->OID : NULL; +} + +//*** CryptEccGetCurveByIndex() +// This function returns the number of the 'i'-th implemented curve. The normal +// use would be to call this function with 'i' starting at 0. When the 'i' is greater +// than or equal to the number of implemented curves, TPM_ECC_NONE is returned. +LIB_EXPORT TPM_ECC_CURVE +CryptEccGetCurveByIndex( + UINT16 i + ) +{ + if(i >= ECC_CURVE_COUNT) + return TPM_ECC_NONE; + return eccCurves[i].curveId; +} + +//*** CryptEccGetParameter() +// This function returns an ECC curve parameter. The parameter is +// selected by a single character designator from the set of ""PNABXYH"". +// Return Type: BOOL +// TRUE(1) curve exists and parameter returned +// FALSE(0) curve does not exist or parameter selector +LIB_EXPORT BOOL +CryptEccGetParameter( + TPM2B_ECC_PARAMETER *out, // OUT: place to put parameter + char p, // IN: the parameter selector + TPM_ECC_CURVE curveId // IN: the curve id + ) +{ + const ECC_CURVE_DATA *curve = GetCurveData(curveId); + bigConst parameter = NULL; + + if(curve != NULL) + { + switch(p) + { + case 'p': + parameter = CurveGetPrime(curve); + break; + case 'n': + parameter = CurveGetOrder(curve); + break; + case 'a': + parameter = CurveGet_a(curve); + break; + case 'b': + parameter = CurveGet_b(curve); + break; + case 'x': + parameter = CurveGetGx(curve); + break; + case 'y': + parameter = CurveGetGy(curve); + break; + case 'h': + parameter = CurveGetCofactor(curve); + break; + default: + FAIL(FATAL_ERROR_INTERNAL); + break; + } + } + // If not debugging and we get here with parameter still NULL, had better + // not try to convert so just return FALSE instead. + return (parameter != NULL) ? BnTo2B(parameter, &out->b, 0) : 0; +} + +//*** CryptCapGetECCCurve() +// This function returns the list of implemented ECC curves. +// Return Type: TPMI_YES_NO +// YES if no more ECC curve is available +// NO if there are more ECC curves not reported +TPMI_YES_NO +CryptCapGetECCCurve( + TPM_ECC_CURVE curveID, // IN: the starting ECC curve + UINT32 maxCount, // IN: count of returned curves + TPML_ECC_CURVE *curveList // OUT: ECC curve list + ) +{ + TPMI_YES_NO more = NO; + UINT16 i; + UINT32 count = ECC_CURVE_COUNT; + TPM_ECC_CURVE curve; + + // Initialize output property list + curveList->count = 0; + + // The maximum count of curves we may return is MAX_ECC_CURVES + if(maxCount > MAX_ECC_CURVES) maxCount = MAX_ECC_CURVES; + + // Scan the eccCurveValues array + for(i = 0; i < count; i++) + { + curve = CryptEccGetCurveByIndex(i); + // If curveID is less than the starting curveID, skip it + if(curve < curveID) + continue; + if(curveList->count < maxCount) + { + // If we have not filled up the return list, add more curves to + // it + curveList->eccCurves[curveList->count] = curve; + curveList->count++; + } + else + { + // If the return list is full but we still have curves + // available, report this and stop iterating + more = YES; + break; + } + } + return more; +} + +//*** CryptGetCurveSignScheme() +// This function will return a pointer to the scheme of the curve. +const TPMT_ECC_SCHEME * +CryptGetCurveSignScheme( + TPM_ECC_CURVE curveId // IN: The curve selector + ) +{ + const ECC_CURVE *curve = CryptEccGetParametersByCurveId(curveId); + + if(curve != NULL) + return &(curve->sign); + else + return NULL; +} + +//*** CryptGenerateR() +// This function computes the commit random value for a split signing scheme. +// +// If 'c' is NULL, it indicates that 'r' is being generated +// for TPM2_Commit. +// If 'c' is not NULL, the TPM will validate that the 'gr.commitArray' +// bit associated with the input value of 'c' is SET. If not, the TPM +// returns FALSE and no 'r' value is generated. +// Return Type: BOOL +// TRUE(1) r value computed +// FALSE(0) no r value computed +BOOL +CryptGenerateR( + TPM2B_ECC_PARAMETER *r, // OUT: the generated random value + UINT16 *c, // IN/OUT: count value. + TPMI_ECC_CURVE curveID, // IN: the curve for the value + TPM2B_NAME *name // IN: optional name of a key to + // associate with 'r' + ) +{ + // This holds the marshaled g_commitCounter. + TPM2B_TYPE(8B, 8); + TPM2B_8B cntr = {{8,{0}}}; + UINT32 iterations; + TPM2B_ECC_PARAMETER n; + UINT64 currentCount = gr.commitCounter; + UINT16 t1; +// + if(!CryptEccGetParameter(&n, 'n', curveID)) + return FALSE; + + // If this is the commit phase, use the current value of the commit counter + if(c != NULL) + { + // if the array bit is not set, can't use the value. + if(!TEST_BIT((*c & COMMIT_INDEX_MASK), gr.commitArray)) + return FALSE; + + // If it is the sign phase, figure out what the counter value was + // when the commitment was made. + // + // When gr.commitArray has less than 64K bits, the extra + // bits of 'c' are used as a check to make sure that the + // signing operation is not using an out of range count value + t1 = (UINT16)currentCount; + + // If the lower bits of c are greater or equal to the lower bits of t1 + // then the upper bits of t1 must be one more than the upper bits + // of c + if((*c & COMMIT_INDEX_MASK) >= (t1 & COMMIT_INDEX_MASK)) + // Since the counter is behind, reduce the current count + currentCount = currentCount - (COMMIT_INDEX_MASK + 1); + + t1 = (UINT16)currentCount; + if((t1 & ~COMMIT_INDEX_MASK) != (*c & ~COMMIT_INDEX_MASK)) + return FALSE; + // set the counter to the value that was + // present when the commitment was made + currentCount = (currentCount & 0xffffffffffff0000) | *c; + } + // Marshal the count value to a TPM2B buffer for the KDF + cntr.t.size = sizeof(currentCount); + UINT64_TO_BYTE_ARRAY(currentCount, cntr.t.buffer); + + // Now can do the KDF to create the random value for the signing operation + // During the creation process, we may generate an r that does not meet the + // requirements of the random value. + // want to generate a new r. + r->t.size = n.t.size; + + for(iterations = 1; iterations < 1000000;) + { + int i; + CryptKDFa(CONTEXT_INTEGRITY_HASH_ALG, &gr.commitNonce.b, COMMIT_STRING, + &name->b, &cntr.b, n.t.size * 8, r->t.buffer, &iterations, FALSE); + + // "random" value must be less than the prime + if(UnsignedCompareB(r->b.size, r->b.buffer, n.t.size, n.t.buffer) >= 0) + continue; + + // in this implementation it is required that at least bit + // in the upper half of the number be set + for(i = n.t.size / 2; i >= 0; i--) + if(r->b.buffer[i] != 0) + return TRUE; + } + return FALSE; +} + +//*** CryptCommit() +// This function is called when the count value is committed. The 'gr.commitArray' +// value associated with the current count value is SET and g_commitCounter is +// incremented. The low-order 16 bits of old value of the counter is returned. +UINT16 +CryptCommit( + void + ) +{ + UINT16 oldCount = (UINT16)gr.commitCounter; + gr.commitCounter++; + SET_BIT(oldCount & COMMIT_INDEX_MASK, gr.commitArray); + return oldCount; +} + +//*** CryptEndCommit() +// This function is called when the signing operation using the committed value +// is completed. It clears the gr.commitArray bit associated with the count +// value so that it can't be used again. +void +CryptEndCommit( + UINT16 c // IN: the counter value of the commitment + ) +{ + ClearBit((c & COMMIT_INDEX_MASK), gr.commitArray, sizeof(gr.commitArray)); +} + +//*** CryptEccGetParameters() +// This function returns the ECC parameter details of the given curve. +// Return Type: BOOL +// TRUE(1) success +// FALSE(0) unsupported ECC curve ID +BOOL +CryptEccGetParameters( + TPM_ECC_CURVE curveId, // IN: ECC curve ID + TPMS_ALGORITHM_DETAIL_ECC *parameters // OUT: ECC parameters + ) +{ + const ECC_CURVE *curve = CryptEccGetParametersByCurveId(curveId); + const ECC_CURVE_DATA *data; + BOOL found = curve != NULL; + + if(found) + { + data = curve->curveData; + parameters->curveID = curve->curveId; + parameters->keySize = curve->keySizeBits; + parameters->kdf = curve->kdf; + parameters->sign = curve->sign; +// BnTo2B(data->prime, ¶meters->p.b, 0); + BnTo2B(data->prime, ¶meters->p.b, parameters->p.t.size); + BnTo2B(data->a, ¶meters->a.b, 0); + BnTo2B(data->b, ¶meters->b.b, 0); + BnTo2B(data->base.x, ¶meters->gX.b, parameters->p.t.size); + BnTo2B(data->base.y, ¶meters->gY.b, parameters->p.t.size); +// BnTo2B(data->base.x, ¶meters->gX.b, 0); +// BnTo2B(data->base.y, ¶meters->gY.b, 0); + BnTo2B(data->order, ¶meters->n.b, 0); + BnTo2B(data->h, ¶meters->h.b, 0); + } + return found; +} + +//*** BnGetCurvePrime() +// This function is used to get just the prime modulus associated with a curve. +const bignum_t * +BnGetCurvePrime( + TPM_ECC_CURVE curveId + ) +{ + const ECC_CURVE_DATA *C = GetCurveData(curveId); + return (C != NULL) ? CurveGetPrime(C) : NULL; +} + +//*** BnGetCurveOrder() +// This function is used to get just the curve order +const bignum_t * +BnGetCurveOrder( + TPM_ECC_CURVE curveId + ) +{ + const ECC_CURVE_DATA *C = GetCurveData(curveId); + return (C != NULL) ? CurveGetOrder(C) : NULL; +} + +//*** BnIsOnCurve() +// This function checks if a point is on the curve. +BOOL +BnIsOnCurve( + pointConst Q, + const ECC_CURVE_DATA *C + ) +{ + BN_VAR(right, (MAX_ECC_KEY_BITS * 3)); + BN_VAR(left, (MAX_ECC_KEY_BITS * 2)); + bigConst prime = CurveGetPrime(C); +// + // Show that point is on the curve y^2 = x^3 + ax + b; + // Or y^2 = x(x^2 + a) + b + // y^2 + BnMult(left, Q->y, Q->y); + + BnMod(left, prime); +// x^2 + BnMult(right, Q->x, Q->x); + + // x^2 + a + BnAdd(right, right, CurveGet_a(C)); + +// BnMod(right, CurveGetPrime(C)); + // x(x^2 + a) + BnMult(right, right, Q->x); + + // x(x^2 + a) + b + BnAdd(right, right, CurveGet_b(C)); + + BnMod(right, prime); + if(BnUnsignedCmp(left, right) == 0) + return TRUE; + else + return FALSE; +} + +//*** BnIsValidPrivateEcc() +// Checks that 0 < 'x' < 'q' +BOOL +BnIsValidPrivateEcc( + bigConst x, // IN: private key to check + bigCurve E // IN: the curve to check + ) +{ + BOOL retVal; + retVal = (!BnEqualZero(x) + && (BnUnsignedCmp(x, CurveGetOrder(AccessCurveData(E))) < 0)); + return retVal; +} + +LIB_EXPORT BOOL +CryptEccIsValidPrivateKey( + TPM2B_ECC_PARAMETER *d, + TPM_ECC_CURVE curveId + ) +{ + BN_INITIALIZED(bnD, MAX_ECC_PARAMETER_BYTES * 8, d); + return !BnEqualZero(bnD) && (BnUnsignedCmp(bnD, BnGetCurveOrder(curveId)) < 0); +} + +//*** BnPointMul() +// This function does a point multiply of the form 'R' = ['d']'S' + ['u']'Q' where the +// parameters are bigNum values. If 'S' is NULL and d is not NULL, then it computes +// 'R' = ['d']'G' + ['u']'Q' or just 'R' = ['d']'G' if 'u' and 'Q' are NULL. +// If 'skipChecks' is TRUE, then the function will not verify that the inputs are +// correct for the domain. This would be the case when the values were created by the +// CryptoEngine code. +// It will return TPM_RC_NO_RESULT if the resulting point is the point at infinity. +// Return Type: TPM_RC +// TPM_RC_NO_RESULT result of multiplication is a point at infinity +// TPM_RC_ECC_POINT 'S' or 'Q' is not on the curve +// TPM_RC_VALUE 'd' or 'u' is not < n +TPM_RC +BnPointMult( + bigPoint R, // OUT: computed point + pointConst S, // IN: optional point to multiply by 'd' + bigConst d, // IN: scalar for [d]S or [d]G + pointConst Q, // IN: optional second point + bigConst u, // IN: optional second scalar + bigCurve E // IN: curve parameters + ) +{ + BOOL OK; +// + TEST(TPM_ALG_ECDH); + + // Need one scalar + OK = (d != NULL || u != NULL); + + // If S is present, then d has to be present. If S is not + // present, then d may or may not be present + OK = OK && (((S == NULL) == (d == NULL)) || (d != NULL)); + + // either both u and Q have to be provided or neither can be provided (don't + // know what to do if only one is provided. + OK = OK && ((u == NULL) == (Q == NULL)); + + OK = OK && (E != NULL); + if(!OK) + return TPM_RC_VALUE; + + + OK = (S == NULL) || BnIsOnCurve(S, AccessCurveData(E)); + OK = OK && ((Q == NULL) || BnIsOnCurve(Q, AccessCurveData(E))); + if(!OK) + return TPM_RC_ECC_POINT; + + if((d != NULL) && (S == NULL)) + S = CurveGetG(AccessCurveData(E)); + // If only one scalar, don't need Shamir's trick + if((d == NULL) || (u == NULL)) + { + if(d == NULL) + OK = BnEccModMult(R, Q, u, E); + else + OK = BnEccModMult(R, S, d, E); + } + else + { + OK = BnEccModMult2(R, S, d, Q, u, E); + } + return (OK ? TPM_RC_SUCCESS : TPM_RC_NO_RESULT); +} + +//***BnEccGetPrivate() +// This function gets random values that are the size of the key plus 64 bits. The +// value is reduced (mod ('q' - 1)) and incremented by 1 ('q' is the order of the +// curve. This produces a value ('d') such that 1 <= 'd' < 'q'. This is the method +// of FIPS 186-4 Section B.4.1 ""Key Pair Generation Using Extra Random Bits"". +// Return Type: BOOL +// TRUE(1) success +// FALSE(0) failure generating private key +BOOL +BnEccGetPrivate( + bigNum dOut, // OUT: the qualified random value + const ECC_CURVE_DATA *C, // IN: curve for which the private key + // needs to be appropriate + RAND_STATE *rand // IN: state for DRBG + ) +{ + bigConst order = CurveGetOrder(C); + BOOL OK; + UINT32 orderBits = BnSizeInBits(order); + UINT32 orderBytes = BITS_TO_BYTES(orderBits); + BN_VAR(bnExtraBits, MAX_ECC_KEY_BITS + 64); + BN_VAR(nMinus1, MAX_ECC_KEY_BITS); +// + OK = BnGetRandomBits(bnExtraBits, (orderBytes * 8) + 64, rand); + OK = OK && BnSubWord(nMinus1, order, 1); + OK = OK && BnMod(bnExtraBits, nMinus1); + OK = OK && BnAddWord(dOut, bnExtraBits, 1); + return OK && !g_inFailureMode; +} + +//*** BnEccGenerateKeyPair() +// This function gets a private scalar from the source of random bits and does +// the point multiply to get the public key. +BOOL +BnEccGenerateKeyPair( + bigNum bnD, // OUT: private scalar + bn_point_t *ecQ, // OUT: public point + bigCurve E, // IN: curve for the point + RAND_STATE *rand // IN: DRBG state to use + ) +{ + BOOL OK = FALSE; + // Get a private scalar + OK = BnEccGetPrivate(bnD, AccessCurveData(E), rand); + + // Do a point multiply + OK = OK && BnEccModMult(ecQ, NULL, bnD, E); + if(!OK) + BnSetWord(ecQ->z, 0); + else + BnSetWord(ecQ->z, 1); + return OK; +} + +//***CryptEccNewKeyPair(***) +// This function creates an ephemeral ECC. It is ephemeral in that +// is expected that the private part of the key will be discarded +LIB_EXPORT TPM_RC +CryptEccNewKeyPair( + TPMS_ECC_POINT *Qout, // OUT: the public point + TPM2B_ECC_PARAMETER *dOut, // OUT: the private scalar + TPM_ECC_CURVE curveId // IN: the curve for the key + ) +{ + CURVE_INITIALIZED(E, curveId); + POINT(ecQ); + ECC_NUM(bnD); + BOOL OK; + + if(E == NULL) + return TPM_RC_CURVE; + + TEST(TPM_ALG_ECDH); + OK = BnEccGenerateKeyPair(bnD, ecQ, E, NULL); + if(OK) + { + BnPointTo2B(Qout, ecQ, E); + BnTo2B(bnD, &dOut->b, Qout->x.t.size); + } + else + { + Qout->x.t.size = Qout->y.t.size = dOut->t.size = 0; + } + CURVE_FREE(E); + return OK ? TPM_RC_SUCCESS : TPM_RC_NO_RESULT; +} + +//*** CryptEccPointMultiply() +// This function computes 'R' := ['dIn']'G' + ['uIn']'QIn'. Where 'dIn' and +// 'uIn' are scalars, 'G' and 'QIn' are points on the specified curve and 'G' is the +// default generator of the curve. +// +// The 'xOut' and 'yOut' parameters are optional and may be set to NULL if not +// used. +// +// It is not necessary to provide 'uIn' if 'QIn' is specified but one of 'uIn' and +// 'dIn' must be provided. If 'dIn' and 'QIn' are specified but 'uIn' is not +// provided, then 'R' = ['dIn']'QIn'. +// +// If the multiply produces the point at infinity, the TPM_RC_NO_RESULT is returned. +// +// The sizes of 'xOut' and yOut' will be set to be the size of the degree of +// the curve +// +// It is a fatal error if 'dIn' and 'uIn' are both unspecified (NULL) or if 'Qin' +// or 'Rout' is unspecified. +// +// Return Type: TPM_RC +// TPM_RC_ECC_POINT the point 'Pin' or 'Qin' is not on the curve +// TPM_RC_NO_RESULT the product point is at infinity +// TPM_RC_CURVE bad curve +// TPM_RC_VALUE 'dIn' or 'uIn' out of range +// +LIB_EXPORT TPM_RC +CryptEccPointMultiply( + TPMS_ECC_POINT *Rout, // OUT: the product point R + TPM_ECC_CURVE curveId, // IN: the curve to use + TPMS_ECC_POINT *Pin, // IN: first point (can be null) + TPM2B_ECC_PARAMETER *dIn, // IN: scalar value for [dIn]Qin + // the Pin + TPMS_ECC_POINT *Qin, // IN: point Q + TPM2B_ECC_PARAMETER *uIn // IN: scalar value for the multiplier + // of Q + ) +{ + CURVE_INITIALIZED(E, curveId); + POINT_INITIALIZED(ecP, Pin); + ECC_INITIALIZED(bnD, dIn); // If dIn is null, then bnD is null + ECC_INITIALIZED(bnU, uIn); + POINT_INITIALIZED(ecQ, Qin); + POINT(ecR); + TPM_RC retVal; +// + retVal = BnPointMult(ecR, ecP, bnD, ecQ, bnU, E); + + if(retVal == TPM_RC_SUCCESS) + BnPointTo2B(Rout, ecR, E); + else + ClearPoint2B(Rout); + CURVE_FREE(E); + return retVal; +} + +//*** CryptEccIsPointOnCurve() +// This function is used to test if a point is on a defined curve. It does this +// by checking that 'y'^2 mod 'p' = 'x'^3 + 'a'*'x' + 'b' mod 'p'. +// +// It is a fatal error if 'Q' is not specified (is NULL). +// Return Type: BOOL +// TRUE(1) point is on curve +// FALSE(0) point is not on curve or curve is not supported +LIB_EXPORT BOOL +CryptEccIsPointOnCurve( + TPM_ECC_CURVE curveId, // IN: the curve selector + TPMS_ECC_POINT *Qin // IN: the point. + ) +{ + const ECC_CURVE_DATA *C = GetCurveData(curveId); + POINT_INITIALIZED(ecQ, Qin); + BOOL OK; +// + pAssert(Qin != NULL); + OK = (C != NULL && (BnIsOnCurve(ecQ, C))); + return OK; +} + +//*** CryptEccGenerateKey() +// This function generates an ECC key pair based on the input parameters. +// This routine uses KDFa to produce candidate numbers. The method is according +// to FIPS 186-3, section B.1.2 "Key Pair Generation by Testing Candidates." +// According to the method in FIPS 186-3, the resulting private value 'd' should be +// 1 <= 'd' < 'n' where 'n' is the order of the base point. +// +// It is a fatal error if 'Qout', 'dOut', is not provided (is NULL). +// +// If the curve is not supported +// If 'seed' is not provided, then a random number will be used for the key +// Return Type: TPM_RC +// TPM_RC_CURVE curve is not supported +// TPM_RC_NO_RESULT could not verify key with signature (FIPS only) +LIB_EXPORT TPM_RC +CryptEccGenerateKey( + TPMT_PUBLIC *publicArea, // IN/OUT: The public area template for + // the new key. The public key + // area will be replaced computed + // ECC public key + TPMT_SENSITIVE *sensitive, // OUT: the sensitive area will be + // updated to contain the private + // ECC key and the symmetric + // encryption key + RAND_STATE *rand // IN: if not NULL, the deterministic + // RNG state + ) +{ + CURVE_INITIALIZED(E, publicArea->parameters.eccDetail.curveID); + ECC_NUM(bnD); + POINT(ecQ); + BOOL OK; + TPM_RC retVal; +// + TEST(TPM_ALG_ECDSA); // ECDSA is used to verify each key + + // Validate parameters + if(E == NULL) + ERROR_RETURN(TPM_RC_CURVE); + + publicArea->unique.ecc.x.t.size = 0; + publicArea->unique.ecc.y.t.size = 0; + sensitive->sensitive.ecc.t.size = 0; + + OK = BnEccGenerateKeyPair(bnD, ecQ, E, rand); + if(OK) + { + BnPointTo2B(&publicArea->unique.ecc, ecQ, E); + BnTo2B(bnD, &sensitive->sensitive.ecc.b, publicArea->unique.ecc.x.t.size); + } +#if FIPS_COMPLIANT + // See if PWCT is required + if(OK && IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, sign)) + { + ECC_NUM(bnT); + ECC_NUM(bnS); + TPM2B_DIGEST digest; +// + TEST(TPM_ALG_ECDSA); + digest.t.size = MIN(sensitive->sensitive.ecc.t.size, sizeof(digest.t.buffer)); + // Get a random value to sign using the built in DRBG state + DRBG_Generate(NULL, digest.t.buffer, digest.t.size); + if(g_inFailureMode) + return TPM_RC_FAILURE; + BnSignEcdsa(bnT, bnS, E, bnD, &digest, NULL); + // and make sure that we can validate the signature + OK = BnValidateSignatureEcdsa(bnT, bnS, E, ecQ, &digest) == TPM_RC_SUCCESS; + } +#endif + retVal = (OK) ? TPM_RC_SUCCESS : TPM_RC_NO_RESULT; +Exit: + CURVE_FREE(E); + return retVal; +} + +#endif // ALG_ECC \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptEccSignature.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptEccSignature.c new file mode 100644 index 000000000..42a198224 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptEccSignature.c @@ -0,0 +1,931 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +//** Includes and Defines +#include "Tpm.h" +#include "CryptEccSignature_fp.h" + +#if ALG_ECC + +//** Utility Functions + +//*** EcdsaDigest() +// Function to adjust the digest so that it is no larger than the order of the +// curve. This is used for ECDSA sign and verification. +static bigNum +EcdsaDigest( + bigNum bnD, // OUT: the adjusted digest + const TPM2B_DIGEST *digest, // IN: digest to adjust + bigConst max // IN: value that indicates the maximum + // number of bits in the results + ) +{ + int bitsInMax = BnSizeInBits(max); + int shift; +// + if(digest == NULL) + BnSetWord(bnD, 0); + else + { + BnFromBytes(bnD, digest->t.buffer, + (NUMBYTES)MIN(digest->t.size, BITS_TO_BYTES(bitsInMax))); + shift = BnSizeInBits(bnD) - bitsInMax; + if(shift > 0) + BnShiftRight(bnD, bnD, shift); + } + return bnD; +} + +//*** BnSchnorrSign() +// This contains the Schnorr signature computation. It is used by both ECDSA and +// Schnorr signing. The result is computed as: ['s' = 'k' + 'r' * 'd' (mod 'n')] +// where +// 1) 's' is the signature +// 2) 'k' is a random value +// 3) 'r' is the value to sign +// 4) 'd' is the private EC key +// 5) 'n' is the order of the curve +// Return Type: TPM_RC +// TPM_RC_NO_RESULT the result of the operation was zero or 'r' (mod 'n') +// is zero +static TPM_RC +BnSchnorrSign( + bigNum bnS, // OUT: 's' component of the signature + bigConst bnK, // IN: a random value + bigNum bnR, // IN: the signature 'r' value + bigConst bnD, // IN: the private key + bigConst bnN // IN: the order of the curve + ) +{ + // Need a local temp value to store the intermediate computation because product + // size can be larger than will fit in bnS. + BN_VAR(bnT1, MAX_ECC_PARAMETER_BYTES * 2 * 8); +// + // Reduce bnR without changing the input value + BnDiv(NULL, bnT1, bnR, bnN); + if(BnEqualZero(bnT1)) + return TPM_RC_NO_RESULT; + // compute s = (k + r * d)(mod n) + // r * d + BnMult(bnT1, bnT1, bnD); + // k * r * d + BnAdd(bnT1, bnT1, bnK); + // k + r * d (mod n) + BnDiv(NULL, bnS, bnT1, bnN); + return (BnEqualZero(bnS)) ? TPM_RC_NO_RESULT : TPM_RC_SUCCESS; +} + +//** Signing Functions + +//*** BnSignEcdsa() +// This function implements the ECDSA signing algorithm. The method is described +// in the comments below. +TPM_RC +BnSignEcdsa( + bigNum bnR, // OUT: 'r' component of the signature + bigNum bnS, // OUT: 's' component of the signature + bigCurve E, // IN: the curve used in the signature + // process + bigNum bnD, // IN: private signing key + const TPM2B_DIGEST *digest, // IN: the digest to sign + RAND_STATE *rand // IN: used in debug of signing + ) +{ + ECC_NUM(bnK); + ECC_NUM(bnIk); + BN_VAR(bnE, MAX(MAX_ECC_KEY_BYTES, MAX_DIGEST_SIZE) * 8); + POINT(ecR); + bigConst order = CurveGetOrder(AccessCurveData(E)); + TPM_RC retVal = TPM_RC_SUCCESS; + INT32 tries = 10; + BOOL OK = FALSE; +// + pAssert(digest != NULL); + // The algorithm as described in "Suite B Implementer's Guide to FIPS + // 186-3(ECDSA)" + // 1. Use one of the routines in Appendix A.2 to generate (k, k^-1), a + // per-message secret number and its inverse modulo n. Since n is prime, + // the output will be invalid only if there is a failure in the RBG. + // 2. Compute the elliptic curve point R = [k]G = (xR, yR) using EC scalar + // multiplication (see [Routines]), where G is the base point included in + // the set of domain parameters. + // 3. Compute r = xR mod n. If r = 0, then return to Step 1. 1. + // 4. Use the selected hash function to compute H = Hash(M). + // 5. Convert the bit string H to an integer e as described in Appendix B.2. + // 6. Compute s = (k^-1 * (e + d * r)) mod q. If s = 0, return to Step 1.2. + // 7. Return (r, s). + // In the code below, q is n (that it, the order of the curve is p) + + do // This implements the loop at step 6. If s is zero, start over. + { + for(; tries > 0; tries--) + { + // Step 1 and 2 -- generate an ephemeral key and the modular inverse + // of the private key. + if(!BnEccGenerateKeyPair(bnK, ecR, E, rand)) + continue; + // x coordinate is mod p. Make it mod q + BnMod(ecR->x, order); + // Make sure that it is not zero; + if(BnEqualZero(ecR->x)) + continue; + // write the modular reduced version of r as part of the signature + BnCopy(bnR, ecR->x); + // Make sure that a modular inverse exists and try again if not + OK = (BnModInverse(bnIk, bnK, order)); + if(OK) + break; + } + if(!OK) + goto Exit; + + EcdsaDigest(bnE, digest, order); + + // now have inverse of K (bnIk), e (bnE), r (bnR), d (bnD) and + // CurveGetOrder(E) + // Compute s = k^-1 (e + r*d)(mod q) + // first do s = r*d mod q + BnModMult(bnS, bnR, bnD, order); + // s = e + s = e + r * d + BnAdd(bnS, bnE, bnS); + // s = k^(-1)s (mod n) = k^(-1)(e + r * d)(mod n) + BnModMult(bnS, bnIk, bnS, order); + + // If S is zero, try again + } while(BnEqualZero(bnS)); +Exit: + return retVal; +} + +#if ALG_ECDAA + +//*** BnSignEcdaa() +// +// This function performs 's' = 'r' + 'T' * 'd' mod 'q' where +// 1) 'r is a random, or pseudo-random value created in the commit phase +// 2) 'nonceK' is a TPM-generated, random value 0 < 'nonceK' < 'n' +// 3) 'T' is mod 'q' of "Hash"('nonceK' || 'digest'), and +// 4) 'd' is a private key. +// +// The signature is the tuple ('nonceK', 's') +// +// Regrettably, the parameters in this function kind of collide with the parameter +// names used in ECSCHNORR making for a lot of confusion. +// Return Type: TPM_RC +// TPM_RC_SCHEME unsupported hash algorithm +// TPM_RC_NO_RESULT cannot get values from random number generator +static TPM_RC +BnSignEcdaa( + TPM2B_ECC_PARAMETER *nonceK, // OUT: 'nonce' component of the signature + bigNum bnS, // OUT: 's' component of the signature + bigCurve E, // IN: the curve used in signing + bigNum bnD, // IN: the private key + const TPM2B_DIGEST *digest, // IN: the value to sign (mod 'q') + TPMT_ECC_SCHEME *scheme, // IN: signing scheme (contains the + // commit count value). + OBJECT *eccKey, // IN: The signing key + RAND_STATE *rand // IN: a random number state + ) +{ + TPM_RC retVal; + TPM2B_ECC_PARAMETER r; + HASH_STATE state; + TPM2B_DIGEST T; + BN_MAX(bnT); +// + NOT_REFERENCED(rand); + if(!CryptGenerateR(&r, &scheme->details.ecdaa.count, + eccKey->publicArea.parameters.eccDetail.curveID, + &eccKey->name)) + retVal = TPM_RC_VALUE; + else + { + // This allocation is here because 'r' doesn't have a value until + // CrypGenerateR() is done. + ECC_INITIALIZED(bnR, &r); + do + { + // generate nonceK such that 0 < nonceK < n + // use bnT as a temp. + if(!BnEccGetPrivate(bnT, AccessCurveData(E), rand)) + { + retVal = TPM_RC_NO_RESULT; + break; + } + BnTo2B(bnT, &nonceK->b, 0); + + T.t.size = CryptHashStart(&state, scheme->details.ecdaa.hashAlg); + if(T.t.size == 0) + { + retVal = TPM_RC_SCHEME; + } + else + { + CryptDigestUpdate2B(&state, &nonceK->b); + CryptDigestUpdate2B(&state, &digest->b); + CryptHashEnd2B(&state, &T.b); + BnFrom2B(bnT, &T.b); + // Watch out for the name collisions in this call!! + retVal = BnSchnorrSign(bnS, bnR, bnT, bnD, + AccessCurveData(E)->order); + } + } while(retVal == TPM_RC_NO_RESULT); + // Because the rule is that internal state is not modified if the command + // fails, only end the commit if the command succeeds. + // NOTE that if the result of the Schnorr computation was zero + // it will probably not be worthwhile to run the same command again because + // the result will still be zero. This means that the Commit command will + // need to be run again to get a new commit value for the signature. + if(retVal == TPM_RC_SUCCESS) + CryptEndCommit(scheme->details.ecdaa.count); + } + return retVal; +} +#endif // ALG_ECDAA + +#if ALG_ECSCHNORR + +//*** SchnorrReduce() +// Function to reduce a hash result if it's magnitude is too large. The size of +// 'number' is set so that it has no more bytes of significance than 'reference' +// value. If the resulting number can have more bits of significance than +// 'reference'. +static void +SchnorrReduce( + TPM2B *number, // IN/OUT: Value to reduce + bigConst reference // IN: the reference value + ) +{ + UINT16 maxBytes = (UINT16)BITS_TO_BYTES(BnSizeInBits(reference)); + if(number->size > maxBytes) + number->size = maxBytes; +} + +//*** SchnorrEcc() +// This function is used to perform a modified Schnorr signature. +// +// This function will generate a random value 'k' and compute +// a) ('xR', 'yR') = ['k']'G' +// b) 'r' = "Hash"('xR' || 'P')(mod 'q') +// c) 'rT' = truncated 'r' +// d) 's'= 'k' + 'rT' * 'ds' (mod 'q') +// e) return the tuple 'rT', 's' +// +// Return Type: TPM_RC +// TPM_RC_NO_RESULT failure in the Schnorr sign process +// TPM_RC_SCHEME hashAlg can't produce zero-length digest +static TPM_RC +BnSignEcSchnorr( + bigNum bnR, // OUT: 'r' component of the signature + bigNum bnS, // OUT: 's' component of the signature + bigCurve E, // IN: the curve used in signing + bigNum bnD, // IN: the signing key + const TPM2B_DIGEST *digest, // IN: the digest to sign + TPM_ALG_ID hashAlg, // IN: signing scheme (contains a hash) + RAND_STATE *rand // IN: non-NULL when testing + ) +{ + HASH_STATE hashState; + UINT16 digestSize = CryptHashGetDigestSize(hashAlg); + TPM2B_TYPE(T, MAX(MAX_DIGEST_SIZE, MAX_ECC_KEY_BYTES)); + TPM2B_T T2b; + TPM2B *e = &T2b.b; + TPM_RC retVal = TPM_RC_NO_RESULT; + const ECC_CURVE_DATA *C; + bigConst order; + bigConst prime; + ECC_NUM(bnK); + POINT(ecR); +// + // Parameter checks + if(E == NULL) + ERROR_RETURN(TPM_RC_VALUE); + C = AccessCurveData(E); + order = CurveGetOrder(C); + prime = CurveGetOrder(C); + + // If the digest does not produce a hash, then null the signature and return + // a failure. + if(digestSize == 0) + { + BnSetWord(bnR, 0); + BnSetWord(bnS, 0); + ERROR_RETURN(TPM_RC_SCHEME); + } + do + { + // Generate a random key pair + if(!BnEccGenerateKeyPair(bnK, ecR, E, rand)) + break; + // Convert R.x to a string + BnTo2B(ecR->x, e, (NUMBYTES)BITS_TO_BYTES(BnSizeInBits(prime))); + + // f) compute r = Hash(e || P) (mod n) + CryptHashStart(&hashState, hashAlg); + CryptDigestUpdate2B(&hashState, e); + CryptDigestUpdate2B(&hashState, &digest->b); + e->size = CryptHashEnd(&hashState, digestSize, e->buffer); + // Reduce the hash size if it is larger than the curve order + SchnorrReduce(e, order); + // Convert hash to number + BnFrom2B(bnR, e); + // Do the Schnorr computation + retVal = BnSchnorrSign(bnS, bnK, bnR, bnD, CurveGetOrder(C)); + } while(retVal == TPM_RC_NO_RESULT); +Exit: + return retVal; +} + +#endif // ALG_ECSCHNORR + +#if ALG_SM2 +#ifdef _SM2_SIGN_DEBUG + +//*** BnHexEqual() +// This function compares a bignum value to a hex string. +// Return Type: BOOL +// TRUE(1) values equal +// FALSE(0) values not equal +static BOOL +BnHexEqual( + bigNum bn, //IN: big number value + const char *c //IN: character string number + ) +{ + ECC_NUM(bnC); + BnFromHex(bnC, c); + return (BnUnsignedCmp(bn, bnC) == 0); +} +#endif // _SM2_SIGN_DEBUG + +//*** BnSignEcSm2() +// This function signs a digest using the method defined in SM2 Part 2. The method +// in the standard will add a header to the message to be signed that is a hash of +// the values that define the key. This then hashed with the message to produce a +// digest ('e'). This function signs 'e'. +// Return Type: TPM_RC +// TPM_RC_VALUE bad curve +static TPM_RC +BnSignEcSm2( + bigNum bnR, // OUT: 'r' component of the signature + bigNum bnS, // OUT: 's' component of the signature + bigCurve E, // IN: the curve used in signing + bigNum bnD, // IN: the private key + const TPM2B_DIGEST *digest, // IN: the digest to sign + RAND_STATE *rand // IN: random number generator (mostly for + // debug) + ) +{ + BN_MAX_INITIALIZED(bnE, digest); // Don't know how big digest might be + ECC_NUM(bnN); + ECC_NUM(bnK); + ECC_NUM(bnT); // temp + POINT(Q1); + bigConst order = (E != NULL) + ? CurveGetOrder(AccessCurveData(E)) : NULL; +// +#ifdef _SM2_SIGN_DEBUG + BnFromHex(bnE, "B524F552CD82B8B028476E005C377FB1" + "9A87E6FC682D48BB5D42E3D9B9EFFE76"); + BnFromHex(bnD, "128B2FA8BD433C6C068C8D803DFF7979" + "2A519A55171B1B650C23661D15897263"); +#endif + // A3: Use random number generator to generate random number 1 <= k <= n-1; + // NOTE: Ax: numbers are from the SM2 standard +loop: + { + // Get a random number 0 < k < n + BnGenerateRandomInRange(bnK, order, rand); +#ifdef _SM2_SIGN_DEBUG + BnFromHex(bnK, "6CB28D99385C175C94F94E934817663F" + "C176D925DD72B727260DBAAE1FB2F96F"); +#endif + // A4: Figure out the point of elliptic curve (x1, y1)=[k]G, and according + // to details specified in 4.2.7 in Part 1 of this document, transform the + // data type of x1 into an integer; + if(!BnEccModMult(Q1, NULL, bnK, E)) + goto loop; + // A5: Figure out 'r' = ('e' + 'x1') mod 'n', + BnAdd(bnR, bnE, Q1->x); + BnMod(bnR, order); +#ifdef _SM2_SIGN_DEBUG + pAssert(BnHexEqual(bnR, "40F1EC59F793D9F49E09DCEF49130D41" + "94F79FB1EED2CAA55BACDB49C4E755D1")); +#endif + // if r=0 or r+k=n, return to A3; + if(BnEqualZero(bnR)) + goto loop; + BnAdd(bnT, bnK, bnR); + if(BnUnsignedCmp(bnT, bnN) == 0) + goto loop; + // A6: Figure out s = ((1 + dA)^-1 (k - r dA)) mod n, + // if s=0, return to A3; + // compute t = (1+dA)^-1 + BnAddWord(bnT, bnD, 1); + BnModInverse(bnT, bnT, order); +#ifdef _SM2_SIGN_DEBUG + pAssert(BnHexEqual(bnT, "79BFCF3052C80DA7B939E0C6914A18CB" + "B2D96D8555256E83122743A7D4F5F956")); +#endif + // compute s = t * (k - r * dA) mod n + BnModMult(bnS, bnR, bnD, order); + // k - r * dA mod n = k + n - ((r * dA) mod n) + BnSub(bnS, order, bnS); + BnAdd(bnS, bnK, bnS); + BnModMult(bnS, bnS, bnT, order); +#ifdef _SM2_SIGN_DEBUG + pAssert(BnHexEqual(bnS, "6FC6DAC32C5D5CF10C77DFB20F7C2EB6" + "67A457872FB09EC56327A67EC7DEEBE7")); +#endif + if(BnEqualZero(bnS)) + goto loop; + } + // A7: According to details specified in 4.2.1 in Part 1 of this document, + // transform the data type of r, s into bit strings, signature of message M + // is (r, s). + // This is handled by the common return code +#ifdef _SM2_SIGN_DEBUG + pAssert(BnHexEqual(bnR, "40F1EC59F793D9F49E09DCEF49130D41" + "94F79FB1EED2CAA55BACDB49C4E755D1")); + pAssert(BnHexEqual(bnS, "6FC6DAC32C5D5CF10C77DFB20F7C2EB6" + "67A457872FB09EC56327A67EC7DEEBE7")); +#endif + return TPM_RC_SUCCESS; +} +#endif // ALG_SM2 + +//*** CryptEccSign() +// This function is the dispatch function for the various ECC-based +// signing schemes. +// There is a bit of ugliness to the parameter passing. In order to test this, +// we sometime would like to use a deterministic RNG so that we can get the same +// signatures during testing. The easiest way to do this for most schemes is to +// pass in a deterministic RNG and let it return canned values during testing. +// There is a competing need for a canned parameter to use in ECDAA. To accommodate +// both needs with minimal fuss, a special type of RAND_STATE is defined to carry +// the address of the commit value. The setup and handling of this is not very +// different for the caller than what was in previous versions of the code. +// Return Type: TPM_RC +// TPM_RC_SCHEME 'scheme' is not supported +LIB_EXPORT TPM_RC +CryptEccSign( + TPMT_SIGNATURE *signature, // OUT: signature + OBJECT *signKey, // IN: ECC key to sign the hash + const TPM2B_DIGEST *digest, // IN: digest to sign + TPMT_ECC_SCHEME *scheme, // IN: signing scheme + RAND_STATE *rand + ) +{ + CURVE_INITIALIZED(E, signKey->publicArea.parameters.eccDetail.curveID); + ECC_INITIALIZED(bnD, &signKey->sensitive.sensitive.ecc.b); + ECC_NUM(bnR); + ECC_NUM(bnS); + const ECC_CURVE_DATA *C; + TPM_RC retVal = TPM_RC_SCHEME; +// + NOT_REFERENCED(scheme); + if(E == NULL) + ERROR_RETURN(TPM_RC_VALUE); + C = AccessCurveData(E); + signature->signature.ecdaa.signatureR.t.size + = sizeof(signature->signature.ecdaa.signatureR.t.buffer); + signature->signature.ecdaa.signatureS.t.size + = sizeof(signature->signature.ecdaa.signatureS.t.buffer); + TEST(signature->sigAlg); + switch(signature->sigAlg) + { + case ALG_ECDSA_VALUE: + retVal = BnSignEcdsa(bnR, bnS, E, bnD, digest, rand); + break; +#if ALG_ECDAA + case ALG_ECDAA_VALUE: + retVal = BnSignEcdaa(&signature->signature.ecdaa.signatureR, bnS, E, + bnD, digest, scheme, signKey, rand); + bnR = NULL; + break; +#endif +#if ALG_ECSCHNORR + case ALG_ECSCHNORR_VALUE: + retVal = BnSignEcSchnorr(bnR, bnS, E, bnD, digest, + signature->signature.ecschnorr.hash, + rand); + break; +#endif +#if ALG_SM2 + case ALG_SM2_VALUE: + retVal = BnSignEcSm2(bnR, bnS, E, bnD, digest, rand); + break; +#endif + default: + break; + } + // If signature generation worked, convert the results. + if(retVal == TPM_RC_SUCCESS) + { + NUMBYTES orderBytes = + (NUMBYTES)BITS_TO_BYTES(BnSizeInBits(CurveGetOrder(C))); + if(bnR != NULL) + BnTo2B(bnR, &signature->signature.ecdaa.signatureR.b, orderBytes); + if(bnS != NULL) + BnTo2B(bnS, &signature->signature.ecdaa.signatureS.b, orderBytes); + } +Exit: + CURVE_FREE(E); + return retVal; +} + +//********************* Signature Validation ******************** + +#if ALG_ECDSA + +//*** BnValidateSignatureEcdsa() +// This function validates an ECDSA signature. rIn and sIn should have been checked +// to make sure that they are in the range 0 < 'v' < 'n' +// Return Type: TPM_RC +// TPM_RC_SIGNATURE signature not valid +TPM_RC +BnValidateSignatureEcdsa( + bigNum bnR, // IN: 'r' component of the signature + bigNum bnS, // IN: 's' component of the signature + bigCurve E, // IN: the curve used in the signature + // process + bn_point_t *ecQ, // IN: the public point of the key + const TPM2B_DIGEST *digest // IN: the digest that was signed + ) +{ + // Make sure that the allocation for the digest is big enough for a maximum + // digest + BN_VAR(bnE, MAX(MAX_ECC_KEY_BYTES, MAX_DIGEST_SIZE) * 8); + POINT(ecR); + ECC_NUM(bnU1); + ECC_NUM(bnU2); + ECC_NUM(bnW); + bigConst order = CurveGetOrder(AccessCurveData(E)); + TPM_RC retVal = TPM_RC_SIGNATURE; +// + // Get adjusted digest + EcdsaDigest(bnE, digest, order); + // 1. If r and s are not both integers in the interval [1, n - 1], output + // INVALID. + // bnR and bnS were validated by the caller + // 2. Use the selected hash function to compute H0 = Hash(M0). + // This is an input parameter + // 3. Convert the bit string H0 to an integer e as described in Appendix B.2. + // Done at entry + // 4. Compute w = (s')^-1 mod n, using the routine in Appendix B.1. + if(!BnModInverse(bnW, bnS, order)) + goto Exit; + // 5. Compute u1 = (e' * w) mod n, and compute u2 = (r' * w) mod n. + BnModMult(bnU1, bnE, bnW, order); + BnModMult(bnU2, bnR, bnW, order); + // 6. Compute the elliptic curve point R = (xR, yR) = u1G+u2Q, using EC + // scalar multiplication and EC addition (see [Routines]). If R is equal to + // the point at infinity O, output INVALID. + if(BnPointMult(ecR, CurveGetG(AccessCurveData(E)), bnU1, ecQ, bnU2, E) + != TPM_RC_SUCCESS) + goto Exit; + // 7. Compute v = Rx mod n. + BnMod(ecR->x, order); + // 8. Compare v and r0. If v = r0, output VALID; otherwise, output INVALID + if(BnUnsignedCmp(ecR->x, bnR) != 0) + goto Exit; + + retVal = TPM_RC_SUCCESS; +Exit: + return retVal; +} + +#endif // ALG_ECDSA + +#if ALG_SM2 + +//*** BnValidateSignatureEcSm2() +// This function is used to validate an SM2 signature. +// Return Type: TPM_RC +// TPM_RC_SIGNATURE signature not valid +static TPM_RC +BnValidateSignatureEcSm2( + bigNum bnR, // IN: 'r' component of the signature + bigNum bnS, // IN: 's' component of the signature + bigCurve E, // IN: the curve used in the signature + // process + bigPoint ecQ, // IN: the public point of the key + const TPM2B_DIGEST *digest // IN: the digest that was signed + ) +{ + POINT(P); + ECC_NUM(bnRp); + ECC_NUM(bnT); + BN_MAX_INITIALIZED(bnE, digest); + BOOL OK; + bigConst order = CurveGetOrder(AccessCurveData(E)); + +#ifdef _SM2_SIGN_DEBUG + // Make sure that the input signature is the test signature + pAssert(BnHexEqual(bnR, + "40F1EC59F793D9F49E09DCEF49130D41" + "94F79FB1EED2CAA55BACDB49C4E755D1")); + pAssert(BnHexEqual(bnS, + "6FC6DAC32C5D5CF10C77DFB20F7C2EB6" + "67A457872FB09EC56327A67EC7DEEBE7")); +#endif + // b) compute t := (r + s) mod n + BnAdd(bnT, bnR, bnS); + BnMod(bnT, order); +#ifdef _SM2_SIGN_DEBUG + pAssert(BnHexEqual(bnT, + "2B75F07ED7ECE7CCC1C8986B991F441A" + "D324D6D619FE06DD63ED32E0C997C801")); +#endif + // c) verify that t > 0 + OK = !BnEqualZero(bnT); + if(!OK) + // set T to a value that should allow rest of the computations to run + // without trouble + BnCopy(bnT, bnS); + // d) compute (x, y) := [s]G + [t]Q + OK = BnEccModMult2(P, NULL, bnS, ecQ, bnT, E); +#ifdef _SM2_SIGN_DEBUG + pAssert(OK && BnHexEqual(P->x, + "110FCDA57615705D5E7B9324AC4B856D" + "23E6D9188B2AE47759514657CE25D112")); +#endif + // e) compute r' := (e + x) mod n (the x coordinate is in bnT) + OK = OK && BnAdd(bnRp, bnE, P->x); + OK = OK && BnMod(bnRp, order); + + // f) verify that r' = r + OK = OK && (BnUnsignedCmp(bnR, bnRp) == 0); + + if(!OK) + return TPM_RC_SIGNATURE; + else + return TPM_RC_SUCCESS; +} + +#endif // ALG_SM2 + +#if ALG_ECSCHNORR + +//*** BnValidateSignatureEcSchnorr() +// This function is used to validate an EC Schnorr signature. +// Return Type: TPM_RC +// TPM_RC_SIGNATURE signature not valid +static TPM_RC +BnValidateSignatureEcSchnorr( + bigNum bnR, // IN: 'r' component of the signature + bigNum bnS, // IN: 's' component of the signature + TPM_ALG_ID hashAlg, // IN: hash algorithm of the signature + bigCurve E, // IN: the curve used in the signature + // process + bigPoint ecQ, // IN: the public point of the key + const TPM2B_DIGEST *digest // IN: the digest that was signed + ) +{ + BN_MAX(bnRn); + POINT(ecE); + BN_MAX(bnEx); + const ECC_CURVE_DATA *C = AccessCurveData(E); + bigConst order = CurveGetOrder(C); + UINT16 digestSize = CryptHashGetDigestSize(hashAlg); + HASH_STATE hashState; + TPM2B_TYPE(BUFFER, MAX(MAX_ECC_PARAMETER_BYTES, MAX_DIGEST_SIZE)); + TPM2B_BUFFER Ex2 = {{sizeof(Ex2.t.buffer),{ 0 }}}; + BOOL OK; +// + // E = [s]G - [r]Q + BnMod(bnR, order); + // Make -r = n - r + BnSub(bnRn, order, bnR); + // E = [s]G + [-r]Q + OK = BnPointMult(ecE, CurveGetG(C), bnS, ecQ, bnRn, E) == TPM_RC_SUCCESS; +// // reduce the x portion of E mod q +// OK = OK && BnMod(ecE->x, order); + // Convert to byte string + OK = OK && BnTo2B(ecE->x, &Ex2.b, + (NUMBYTES)(BITS_TO_BYTES(BnSizeInBits(order)))); + if(OK) + { +// Ex = h(pE.x || digest) + CryptHashStart(&hashState, hashAlg); + CryptDigestUpdate(&hashState, Ex2.t.size, Ex2.t.buffer); + CryptDigestUpdate(&hashState, digest->t.size, digest->t.buffer); + Ex2.t.size = CryptHashEnd(&hashState, digestSize, Ex2.t.buffer); + SchnorrReduce(&Ex2.b, order); + BnFrom2B(bnEx, &Ex2.b); + // see if Ex matches R + OK = BnUnsignedCmp(bnEx, bnR) == 0; + } + return (OK) ? TPM_RC_SUCCESS : TPM_RC_SIGNATURE; +} +#endif // ALG_ECSCHNORR + +//*** CryptEccValidateSignature() +// This function validates an EcDsa or EcSchnorr signature. +// The point 'Qin' needs to have been validated to be on the curve of 'curveId'. +// Return Type: TPM_RC +// TPM_RC_SIGNATURE not a valid signature +LIB_EXPORT TPM_RC +CryptEccValidateSignature( + TPMT_SIGNATURE *signature, // IN: signature to be verified + OBJECT *signKey, // IN: ECC key signed the hash + const TPM2B_DIGEST *digest // IN: digest that was signed + ) +{ + CURVE_INITIALIZED(E, signKey->publicArea.parameters.eccDetail.curveID); + ECC_NUM(bnR); + ECC_NUM(bnS); + POINT_INITIALIZED(ecQ, &signKey->publicArea.unique.ecc); + bigConst order; + TPM_RC retVal; + + if(E == NULL) + ERROR_RETURN(TPM_RC_VALUE); + + order = CurveGetOrder(AccessCurveData(E)); + +// // Make sure that the scheme is valid + switch(signature->sigAlg) + { + case ALG_ECDSA_VALUE: +#if ALG_ECSCHNORR + case ALG_ECSCHNORR_VALUE: +#endif +#if ALG_SM2 + case ALG_SM2_VALUE: +#endif + break; + default: + ERROR_RETURN(TPM_RC_SCHEME); + break; + } + // Can convert r and s after determining that the scheme is an ECC scheme. If + // this conversion doesn't work, it means that the unmarshaling code for + // an ECC signature is broken. + BnFrom2B(bnR, &signature->signature.ecdsa.signatureR.b); + BnFrom2B(bnS, &signature->signature.ecdsa.signatureS.b); + + // r and s have to be greater than 0 but less than the curve order + if(BnEqualZero(bnR) || BnEqualZero(bnS)) + ERROR_RETURN(TPM_RC_SIGNATURE); + if((BnUnsignedCmp(bnS, order) >= 0) + || (BnUnsignedCmp(bnR, order) >= 0)) + ERROR_RETURN(TPM_RC_SIGNATURE); + + switch(signature->sigAlg) + { + case ALG_ECDSA_VALUE: + retVal = BnValidateSignatureEcdsa(bnR, bnS, E, ecQ, digest); + break; + +#if ALG_ECSCHNORR + case ALG_ECSCHNORR_VALUE: + retVal = BnValidateSignatureEcSchnorr(bnR, bnS, + signature->signature.any.hashAlg, + E, ecQ, digest); + break; +#endif +#if ALG_SM2 + case ALG_SM2_VALUE: + retVal = BnValidateSignatureEcSm2(bnR, bnS, E, ecQ, digest); + break; +#endif + default: + FAIL(FATAL_ERROR_INTERNAL); + } +Exit: + CURVE_FREE(E); + return retVal; +} + +//***CryptEccCommitCompute() +// This function performs the point multiply operations required by TPM2_Commit. +// +// If 'B' or 'M' is provided, they must be on the curve defined by 'curveId'. This +// routine does not check that they are on the curve and results are unpredictable +// if they are not. +// +// It is a fatal error if 'r' is NULL. If 'B' is not NULL, then it is a +// fatal error if 'd' is NULL or if 'K' and 'L' are both NULL. +// If 'M' is not NULL, then it is a fatal error if 'E' is NULL. +// +// Return Type: TPM_RC +// TPM_RC_NO_RESULT if 'K', 'L' or 'E' was computed to be the point +// at infinity +// TPM_RC_CANCELED a cancel indication was asserted during this +// function +LIB_EXPORT TPM_RC +CryptEccCommitCompute( + TPMS_ECC_POINT *K, // OUT: [d]B or [r]Q + TPMS_ECC_POINT *L, // OUT: [r]B + TPMS_ECC_POINT *E, // OUT: [r]M + TPM_ECC_CURVE curveId, // IN: the curve for the computations + TPMS_ECC_POINT *M, // IN: M (optional) + TPMS_ECC_POINT *B, // IN: B (optional) + TPM2B_ECC_PARAMETER *d, // IN: d (optional) + TPM2B_ECC_PARAMETER *r // IN: the computed r value (required) + ) +{ + CURVE_INITIALIZED(curve, curveId); // Normally initialize E as the curve, but + // E means something else in this function + ECC_INITIALIZED(bnR, r); + TPM_RC retVal = TPM_RC_SUCCESS; +// + // Validate that the required parameters are provided. + // Note: E has to be provided if computing E := [r]Q or E := [r]M. Will do + // E := [r]Q if both M and B are NULL. + pAssert(r != NULL && E != NULL); + + // Initialize the output points in case they are not computed + ClearPoint2B(K); + ClearPoint2B(L); + ClearPoint2B(E); + + // Sizes of the r parameter may not be zero + pAssert(r->t.size > 0); + + // If B is provided, compute K=[d]B and L=[r]B + if(B != NULL) + { + ECC_INITIALIZED(bnD, d); + POINT_INITIALIZED(pB, B); + POINT(pK); + POINT(pL); +// + pAssert(d != NULL && K != NULL && L != NULL); + + if(!BnIsOnCurve(pB, AccessCurveData(curve))) + ERROR_RETURN(TPM_RC_VALUE); + // do the math for K = [d]B + if((retVal = BnPointMult(pK, pB, bnD, NULL, NULL, curve)) != TPM_RC_SUCCESS) + goto Exit; + // Convert BN K to TPM2B K + BnPointTo2B(K, pK, curve); + // compute L= [r]B after checking for cancel + if(_plat__IsCanceled()) + ERROR_RETURN(TPM_RC_CANCELED); + // compute L = [r]B + if(!BnIsValidPrivateEcc(bnR, curve)) + ERROR_RETURN(TPM_RC_VALUE); + if((retVal = BnPointMult(pL, pB, bnR, NULL, NULL, curve)) != TPM_RC_SUCCESS) + goto Exit; + // Convert BN L to TPM2B L + BnPointTo2B(L, pL, curve); + } + if((M != NULL) || (B == NULL)) + { + POINT_INITIALIZED(pM, M); + POINT(pE); +// + // Make sure that a place was provided for the result + pAssert(E != NULL); + + // if this is the third point multiply, check for cancel first + if((B != NULL) && _plat__IsCanceled()) + ERROR_RETURN(TPM_RC_CANCELED); + + // If M provided, then pM will not be NULL and will compute E = [r]M. + // However, if M was not provided, then pM will be NULL and E = [r]G + // will be computed + if((retVal = BnPointMult(pE, pM, bnR, NULL, NULL, curve)) != TPM_RC_SUCCESS) + goto Exit; + // Convert E to 2B format + BnPointTo2B(E, pE, curve); + } +Exit: + CURVE_FREE(curve); + return retVal; +} + +#endif // ALG_ECC \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptHash.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptHash.c new file mode 100644 index 000000000..3f6ac63a2 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptHash.c @@ -0,0 +1,938 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +//** Description +// +// This file contains implementation of cryptographic functions for hashing. +// +//** Includes, Defines, and Types + +#define _CRYPT_HASH_C_ +#include "Tpm.h" +#include "CryptHash_fp.h" +#include "CryptHash.h" +#include "OIDs.h" + +#define HASH_TABLE_SIZE (HASH_COUNT + 1) + + +#if ALG_SHA1 +HASH_DEF_TEMPLATE(SHA1, Sha1); +#endif +#if ALG_SHA256 +HASH_DEF_TEMPLATE(SHA256, Sha256); +#endif +#if ALG_SHA384 +HASH_DEF_TEMPLATE(SHA384, Sha384); +#endif +#if ALG_SHA512 +HASH_DEF_TEMPLATE(SHA512, Sha512); +#endif +#if ALG_SM3_256 +HASH_DEF_TEMPLATE(SM3_256, Sm3_256); +#endif +HASH_DEF NULL_Def = {{0}}; + +PHASH_DEF HashDefArray[] = { +#if ALG_SHA1 + &Sha1_Def, +#endif +#if ALG_SHA256 + &Sha256_Def, +#endif +#if ALG_SHA384 + &Sha384_Def, +#endif +#if ALG_SHA512 + &Sha512_Def, +#endif +#if ALG_SM3_256 + &Sm3_256_Def, +#endif + &NULL_Def +}; + + +//** Obligatory Initialization Functions + +//*** CryptHashInit() +// This function is called by _TPM_Init do perform the initialization operations for +// the library. +BOOL +CryptHashInit( + void + ) +{ + LibHashInit(); + return TRUE; +} + +//*** CryptHashStartup() +// This function is called by TPM2_Startup(). It checks that the size of the +// HashDefArray is consistent with the HASH_COUNT. +BOOL +CryptHashStartup( + void + ) +{ + int i = sizeof(HashDefArray) / sizeof(PHASH_DEF) - 1; + return (i == HASH_COUNT); +} + +//** Hash Information Access Functions +//*** Introduction +// These functions provide access to the hash algorithm description information. + +//*** CryptGetHashDef() +// This function accesses the hash descriptor associated with a hash a +// algorithm. The function returns a pointer to a 'null' descriptor if hashAlg is +// TPM_ALG_NULL or not a defined algorithm. +PHASH_DEF +CryptGetHashDef( + TPM_ALG_ID hashAlg + ) +{ + size_t i; +#define HASHES (sizeof(HashDefArray) / sizeof(PHASH_DEF)) + for(i = 0; i < HASHES; i++) + { + PHASH_DEF p = HashDefArray[i]; + if(p->hashAlg == hashAlg) + return p; + } + return &NULL_Def; +} + +//*** CryptHashIsValidAlg() +// This function tests to see if an algorithm ID is a valid hash algorithm. If +// flag is true, then TPM_ALG_NULL is a valid hash. +// Return Type: BOOL +// TRUE(1) hashAlg is a valid, implemented hash on this TPM +// FALSE(0) hashAlg is not valid for this TPM +BOOL +CryptHashIsValidAlg( + TPM_ALG_ID hashAlg, // IN: the algorithm to check + BOOL flag // IN: TRUE if TPM_ALG_NULL is to be treated + // as a valid hash + ) +{ + if(hashAlg == TPM_ALG_NULL) + return flag; + return CryptGetHashDef(hashAlg) != &NULL_Def; +} + +//*** CryptHashGetAlgByIndex() +// This function is used to iterate through the hashes. TPM_ALG_NULL +// is returned for all indexes that are not valid hashes. +// If the TPM implements 3 hashes, then an 'index' value of 0 will +// return the first implemented hash and an 'index' of 2 will return the +// last. All other index values will return TPM_ALG_NULL. +// +// Return Type: TPM_ALG_ID +// TPM_ALG_xxx a hash algorithm +// TPM_ALG_NULL this can be used as a stop value +LIB_EXPORT TPM_ALG_ID +CryptHashGetAlgByIndex( + UINT32 index // IN: the index + ) +{ + TPM_ALG_ID hashAlg; + if(index >= HASH_COUNT) + hashAlg = TPM_ALG_NULL; + else + hashAlg = HashDefArray[index]->hashAlg; + return hashAlg; +} + +//*** CryptHashGetDigestSize() +// Returns the size of the digest produced by the hash. If 'hashAlg' is not a hash +// algorithm, the TPM will FAIL. +// Return Type: UINT16 +// 0 TPM_ALG_NULL +// > 0 the digest size +// +LIB_EXPORT UINT16 +CryptHashGetDigestSize( + TPM_ALG_ID hashAlg // IN: hash algorithm to look up + ) +{ + return CryptGetHashDef(hashAlg)->digestSize; +} + +//*** CryptHashGetBlockSize() +// Returns the size of the block used by the hash. If 'hashAlg' is not a hash +// algorithm, the TPM will FAIL. +// Return Type: UINT16 +// 0 TPM_ALG_NULL +// > 0 the digest size +// +LIB_EXPORT UINT16 +CryptHashGetBlockSize( + TPM_ALG_ID hashAlg // IN: hash algorithm to look up + ) +{ + return CryptGetHashDef(hashAlg)->blockSize; +} + +//*** CryptHashGetOid() +// This function returns a pointer to DER=encoded OID for a hash algorithm. All OIDs +// are full OID values including the Tag (0x06) and length byte. +LIB_EXPORT const BYTE * +CryptHashGetOid( + TPM_ALG_ID hashAlg +) +{ + return CryptGetHashDef(hashAlg)->OID; +} + +//*** CryptHashGetContextAlg() +// This function returns the hash algorithm associated with a hash context. +TPM_ALG_ID +CryptHashGetContextAlg( + PHASH_STATE state // IN: the context to check + ) +{ + return state->hashAlg; +} + +//** State Import and Export + +//*** CryptHashCopyState +// This function is used to clone a HASH_STATE. +LIB_EXPORT void +CryptHashCopyState( + HASH_STATE *out, // OUT: destination of the state + const HASH_STATE *in // IN: source of the state + ) +{ + pAssert(out->type == in->type); + out->hashAlg = in->hashAlg; + out->def = in->def; + if(in->hashAlg != TPM_ALG_NULL) + { + HASH_STATE_COPY(out, in); + } + if(in->type == HASH_STATE_HMAC) + { + const HMAC_STATE *hIn = (HMAC_STATE *)in; + HMAC_STATE *hOut = (HMAC_STATE *)out; + hOut->hmacKey = hIn->hmacKey; + } + return; +} + +//*** CryptHashExportState() +// This function is used to export a hash or HMAC hash state. This function +// would be called when preparing to context save a sequence object. +void +CryptHashExportState( + PCHASH_STATE internalFmt, // IN: the hash state formatted for use by + // library + PEXPORT_HASH_STATE externalFmt // OUT: the exported hash state + ) +{ + BYTE *outBuf = (BYTE *)externalFmt; +// + cAssert(sizeof(HASH_STATE) <= sizeof(EXPORT_HASH_STATE)); + // the following #define is used to move data from an aligned internal data + // structure to a byte buffer (external format data. +#define CopyToOffset(value) \ + memcpy(&outBuf[offsetof(HASH_STATE,value)], &internalFmt->value, \ + sizeof(internalFmt->value)) + // Copy the hashAlg + CopyToOffset(hashAlg); + CopyToOffset(type); +#ifdef HASH_STATE_SMAC + if(internalFmt->type == HASH_STATE_SMAC) + { + memcpy(outBuf, internalFmt, sizeof(HASH_STATE)); + return; + + } +#endif + if(internalFmt->type == HASH_STATE_HMAC) + { + HMAC_STATE *from = (HMAC_STATE *)internalFmt; + memcpy(&outBuf[offsetof(HMAC_STATE, hmacKey)], &from->hmacKey, + sizeof(from->hmacKey)); + } + if(internalFmt->hashAlg != TPM_ALG_NULL) + HASH_STATE_EXPORT(externalFmt, internalFmt); +} + +//*** CryptHashImportState() +// This function is used to import the hash state. This function +// would be called to import a hash state when the context of a sequence object +// was being loaded. +void +CryptHashImportState( + PHASH_STATE internalFmt, // OUT: the hash state formatted for use by + // the library + PCEXPORT_HASH_STATE externalFmt // IN: the exported hash state + ) +{ + BYTE *inBuf = (BYTE *)externalFmt; +// +#define CopyFromOffset(value) \ + memcpy(&internalFmt->value, &inBuf[offsetof(HASH_STATE,value)], \ + sizeof(internalFmt->value)) + + // Copy the hashAlg of the byte-aligned input structure to the structure-aligned + // internal structure. + CopyFromOffset(hashAlg); + CopyFromOffset(type); + if(internalFmt->hashAlg != TPM_ALG_NULL) + { +#ifdef HASH_STATE_SMAC + if(internalFmt->type == HASH_STATE_SMAC) + { + memcpy(internalFmt, inBuf, sizeof(HASH_STATE)); + return; + } +#endif + internalFmt->def = CryptGetHashDef(internalFmt->hashAlg); + HASH_STATE_IMPORT(internalFmt, inBuf); + if(internalFmt->type == HASH_STATE_HMAC) + { + HMAC_STATE *to = (HMAC_STATE *)internalFmt; + memcpy(&to->hmacKey, &inBuf[offsetof(HMAC_STATE, hmacKey)], + sizeof(to->hmacKey)); + } + } +} + +//** State Modification Functions + +//***HashEnd() +// Local function to complete a hash that uses the hashDef instead of an algorithm +// ID. This function is used to complete the hash and only return a partial digest. +// The return value is the size of the data copied. +static UINT16 +HashEnd( + PHASH_STATE hashState, // IN: the hash state + UINT32 dOutSize, // IN: the size of receive buffer + PBYTE dOut // OUT: the receive buffer + ) +{ + BYTE temp[MAX_DIGEST_SIZE]; + if((hashState->hashAlg == TPM_ALG_NULL) + || (hashState->type != HASH_STATE_HASH)) + dOutSize = 0; + if(dOutSize > 0) + { + hashState->def = CryptGetHashDef(hashState->hashAlg); + // Set the final size + dOutSize = MIN(dOutSize, hashState->def->digestSize); + // Complete into the temp buffer and then copy + HASH_END(hashState, temp); + // Don't want any other functions calling the HASH_END method + // directly. +#undef HASH_END + memcpy(dOut, &temp, dOutSize); + } + hashState->type = HASH_STATE_EMPTY; + return (UINT16)dOutSize; +} + +//*** CryptHashStart() +// Functions starts a hash stack +// Start a hash stack and returns the digest size. As a side effect, the +// value of 'stateSize' in hashState is updated to indicate the number of bytes +// of state that were saved. This function calls GetHashServer() and that function +// will put the TPM into failure mode if the hash algorithm is not supported. +// +// This function does not use the sequence parameter. If it is necessary to import +// or export context, this will start the sequence in a local state +// and export the state to the input buffer. Will need to add a flag to the state +// structure to indicate that it needs to be imported before it can be used. +// (BLEH). +// Return Type: UINT16 +// 0 hash is TPM_ALG_NULL +// >0 digest size +LIB_EXPORT UINT16 +CryptHashStart( + PHASH_STATE hashState, // OUT: the running hash state + TPM_ALG_ID hashAlg // IN: hash algorithm + ) +{ + UINT16 retVal; + + TEST(hashAlg); + + hashState->hashAlg = hashAlg; + if(hashAlg == TPM_ALG_NULL) + { + retVal = 0; + } + else + { + hashState->def = CryptGetHashDef(hashAlg); + HASH_START(hashState); + retVal = hashState->def->digestSize; + } +#undef HASH_START + hashState->type = HASH_STATE_HASH; + return retVal; +} + +//*** CryptDigestUpdate() +// Add data to a hash or HMAC, SMAC stack. +// +void +CryptDigestUpdate( + PHASH_STATE hashState, // IN: the hash context information + UINT32 dataSize, // IN: the size of data to be added + const BYTE *data // IN: data to be hashed + ) +{ + if(hashState->hashAlg != TPM_ALG_NULL) + { + if((hashState->type == HASH_STATE_HASH) + || (hashState->type == HASH_STATE_HMAC)) + HASH_DATA(hashState, dataSize, (BYTE *)data); +#if SMAC_IMPLEMENTED + else if(hashState->type == HASH_STATE_SMAC) + (hashState->state.smac.smacMethods.data)(&hashState->state.smac.state, + dataSize, data); +#endif // SMAC_IMPLEMENTED + else + FAIL(FATAL_ERROR_INTERNAL); + } + return; +} + +//*** CryptHashEnd() +// Complete a hash or HMAC computation. This function will place the smaller of +// 'digestSize' or the size of the digest in 'dOut'. The number of bytes in the +// placed in the buffer is returned. If there is a failure, the returned value +// is <= 0. +// Return Type: UINT16 +// 0 no data returned +// > 0 the number of bytes in the digest or dOutSize, whichever is smaller +LIB_EXPORT UINT16 +CryptHashEnd( + PHASH_STATE hashState, // IN: the state of hash stack + UINT32 dOutSize, // IN: size of digest buffer + BYTE *dOut // OUT: hash digest + ) +{ + pAssert(hashState->type == HASH_STATE_HASH); + return HashEnd(hashState, dOutSize, dOut); +} + +//*** CryptHashBlock() +// Start a hash, hash a single block, update 'digest' and return the size of +// the results. +// +// The 'digestSize' parameter can be smaller than the digest. If so, only the more +// significant bytes are returned. +// Return Type: UINT16 +// >= 0 number of bytes placed in 'dOut' +LIB_EXPORT UINT16 +CryptHashBlock( + TPM_ALG_ID hashAlg, // IN: The hash algorithm + UINT32 dataSize, // IN: size of buffer to hash + const BYTE *data, // IN: the buffer to hash + UINT32 dOutSize, // IN: size of the digest buffer + BYTE *dOut // OUT: digest buffer + ) +{ + HASH_STATE state; + CryptHashStart(&state, hashAlg); + CryptDigestUpdate(&state, dataSize, data); + return HashEnd(&state, dOutSize, dOut); +} + +//*** CryptDigestUpdate2B() +// This function updates a digest (hash or HMAC) with a TPM2B. +// +// This function can be used for both HMAC and hash functions so the +// 'digestState' is void so that either state type can be passed. +LIB_EXPORT void +CryptDigestUpdate2B( + PHASH_STATE state, // IN: the digest state + const TPM2B *bIn // IN: 2B containing the data + ) +{ + // Only compute the digest if a pointer to the 2B is provided. + // In CryptDigestUpdate(), if size is zero or buffer is NULL, then no change + // to the digest occurs. This function should not provide a buffer if bIn is + // not provided. + pAssert(bIn != NULL); + CryptDigestUpdate(state, bIn->size, bIn->buffer); + return; +} + +//*** CryptHashEnd2B() +// This function is the same as CryptCompleteHash() but the digest is +// placed in a TPM2B. This is the most common use and this is provided +// for specification clarity. 'digest.size' should be set to indicate the number of +// bytes to place in the buffer +// Return Type: UINT16 +// >=0 the number of bytes placed in 'digest.buffer' +LIB_EXPORT UINT16 +CryptHashEnd2B( + PHASH_STATE state, // IN: the hash state + P2B digest // IN: the size of the buffer Out: requested + // number of bytes + ) +{ + return CryptHashEnd(state, digest->size, digest->buffer); +} + +//*** CryptDigestUpdateInt() +// This function is used to include an integer value to a hash stack. The function +// marshals the integer into its canonical form before calling CryptDigestUpdate(). +LIB_EXPORT void +CryptDigestUpdateInt( + void *state, // IN: the state of hash stack + UINT32 intSize, // IN: the size of 'intValue' in bytes + UINT64 intValue // IN: integer value to be hashed + ) +{ +#if LITTLE_ENDIAN_TPM + intValue = REVERSE_ENDIAN_64(intValue); +#endif + CryptDigestUpdate(state, intSize, &((BYTE *)&intValue)[8 - intSize]); +} + +//** HMAC Functions + +//*** CryptHmacStart() +// This function is used to start an HMAC using a temp +// hash context. The function does the initialization +// of the hash with the HMAC key XOR iPad and updates the +// HMAC key XOR oPad. +// +// The function returns the number of bytes in a digest produced by 'hashAlg'. +// Return Type: UINT16 +// >= 0 number of bytes in digest produced by 'hashAlg' (may be zero) +// +LIB_EXPORT UINT16 +CryptHmacStart( + PHMAC_STATE state, // IN/OUT: the state buffer + TPM_ALG_ID hashAlg, // IN: the algorithm to use + UINT16 keySize, // IN: the size of the HMAC key + const BYTE *key // IN: the HMAC key + ) +{ + PHASH_DEF hashDef; + BYTE * pb; + UINT32 i; +// + hashDef = CryptGetHashDef(hashAlg); + if(hashDef->digestSize != 0) + { + // If the HMAC key is larger than the hash block size, it has to be reduced + // to fit. The reduction is a digest of the hashKey. + if(keySize > hashDef->blockSize) + { + // if the key is too big, reduce it to a digest of itself + state->hmacKey.t.size = CryptHashBlock(hashAlg, keySize, key, + hashDef->digestSize, + state->hmacKey.t.buffer); + } + else + { + memcpy(state->hmacKey.t.buffer, key, keySize); + state->hmacKey.t.size = keySize; + } + // XOR the key with iPad (0x36) + pb = state->hmacKey.t.buffer; + for(i = state->hmacKey.t.size; i > 0; i--) + *pb++ ^= 0x36; + + // if the keySize is smaller than a block, fill the rest with 0x36 + for(i = hashDef->blockSize - state->hmacKey.t.size; i > 0; i--) + *pb++ = 0x36; + + // Increase the oPadSize to a full block + state->hmacKey.t.size = hashDef->blockSize; + + // Start a new hash with the HMAC key + // This will go in the caller's state structure and may be a sequence or not + CryptHashStart((PHASH_STATE)state, hashAlg); + CryptDigestUpdate((PHASH_STATE)state, state->hmacKey.t.size, + state->hmacKey.t.buffer); + // XOR the key block with 0x5c ^ 0x36 + for(pb = state->hmacKey.t.buffer, i = hashDef->blockSize; i > 0; i--) + *pb++ ^= (0x5c ^ 0x36); + } + // Set the hash algorithm + state->hashState.hashAlg = hashAlg; + // Set the hash state type + state->hashState.type = HASH_STATE_HMAC; + + return hashDef->digestSize; +} + +//*** CryptHmacEnd() +// This function is called to complete an HMAC. It will finish the current +// digest, and start a new digest. It will then add the oPadKey and the +// completed digest and return the results in dOut. It will not return more +// than dOutSize bytes. +// Return Type: UINT16 +// >= 0 number of bytes in 'dOut' (may be zero) +LIB_EXPORT UINT16 +CryptHmacEnd( + PHMAC_STATE state, // IN: the hash state buffer + UINT32 dOutSize, // IN: size of digest buffer + BYTE *dOut // OUT: hash digest + ) +{ + BYTE temp[MAX_DIGEST_SIZE]; + PHASH_STATE hState = (PHASH_STATE)&state->hashState; + +#if SMAC_IMPLEMENTED + if(hState->type == HASH_STATE_SMAC) + return (state->hashState.state.smac.smacMethods.end) + (&state->hashState.state.smac.state, + dOutSize, + dOut); +#endif + pAssert(hState->type == HASH_STATE_HMAC); + hState->def = CryptGetHashDef(hState->hashAlg); + // Change the state type for completion processing + hState->type = HASH_STATE_HASH; + if(hState->hashAlg == TPM_ALG_NULL) + dOutSize = 0; + else + { + + // Complete the current hash + HashEnd(hState, hState->def->digestSize, temp); + // Do another hash starting with the oPad + CryptHashStart(hState, hState->hashAlg); + CryptDigestUpdate(hState, state->hmacKey.t.size, state->hmacKey.t.buffer); + CryptDigestUpdate(hState, hState->def->digestSize, temp); + } + return HashEnd(hState, dOutSize, dOut); +} + +//*** CryptHmacStart2B() +// This function starts an HMAC and returns the size of the digest +// that will be produced. +// +// This function is provided to support the most common use of starting an HMAC +// with a TPM2B key. +// +// The caller must provide a block of memory in which the hash sequence state +// is kept. The caller should not alter the contents of this buffer until the +// hash sequence is completed or abandoned. +// +// Return Type: UINT16 +// > 0 the digest size of the algorithm +// = 0 the hashAlg was TPM_ALG_NULL +LIB_EXPORT UINT16 +CryptHmacStart2B( + PHMAC_STATE hmacState, // OUT: the state of HMAC stack. It will be used + // in HMAC update and completion + TPMI_ALG_HASH hashAlg, // IN: hash algorithm + P2B key // IN: HMAC key + ) +{ + return CryptHmacStart(hmacState, hashAlg, key->size, key->buffer); +} + +//*** CryptHmacEnd2B() +// This function is the same as CryptHmacEnd() but the HMAC result +// is returned in a TPM2B which is the most common use. +// Return Type: UINT16 +// >=0 the number of bytes placed in 'digest' +LIB_EXPORT UINT16 +CryptHmacEnd2B( + PHMAC_STATE hmacState, // IN: the state of HMAC stack + P2B digest // OUT: HMAC + ) +{ + return CryptHmacEnd(hmacState, digest->size, digest->buffer); +} + +//** Mask and Key Generation Functions +//*** CryptMGF1() +// This function performs MGF1 using the selected hash. MGF1 is +// T(n) = T(n-1) || H(seed || counter). +// This function returns the length of the mask produced which +// could be zero if the digest algorithm is not supported +// Return Type: UINT16 +// 0 hash algorithm was TPM_ALG_NULL +// > 0 should be the same as 'mSize' +LIB_EXPORT UINT16 +CryptMGF1( + UINT32 mSize, // IN: length of the mask to be produced + BYTE *mask, // OUT: buffer to receive the mask + TPM_ALG_ID hashAlg, // IN: hash to use + UINT32 seedSize, // IN: size of the seed + BYTE *seed // IN: seed size + ) +{ + HASH_STATE hashState; + PHASH_DEF hDef = CryptGetHashDef(hashAlg); + UINT32 remaining; + UINT32 counter = 0; + BYTE swappedCounter[4]; + + // If there is no digest to compute return + if((hashAlg == TPM_ALG_NULL) || (mSize == 0)) + return 0; + + for(remaining = mSize; ; remaining -= hDef->digestSize) + { + // Because the system may be either Endian... + UINT32_TO_BYTE_ARRAY(counter, swappedCounter); + + // Start the hash and include the seed and counter + CryptHashStart(&hashState, hashAlg); + CryptDigestUpdate(&hashState, seedSize, seed); + CryptDigestUpdate(&hashState, 4, swappedCounter); + + // Handling the completion depends on how much space remains in the mask + // buffer. If it can hold the entire digest, put it there. If not + // put the digest in a temp buffer and only copy the amount that + // will fit into the mask buffer. + HashEnd(&hashState, remaining, mask); + if(remaining <= hDef->digestSize) + break; + mask = &mask[hDef->digestSize]; + counter++; + } + return (UINT16)mSize; +} + +//*** CryptKDFa() +// This function performs the key generation according to Part 1 of the +// TPM specification. +// +// This function returns the number of bytes generated which may be zero. +// +// The 'key' and 'keyStream' pointers are not allowed to be NULL. The other +// pointer values may be NULL. The value of 'sizeInBits' must be no larger +// than (2^18)-1 = 256K bits (32385 bytes). +// +// The 'once' parameter is set to allow incremental generation of a large +// value. If this flag is TRUE, 'sizeInBits' will be used in the HMAC computation +// but only one iteration of the KDF is performed. This would be used for +// XOR obfuscation so that the mask value can be generated in digest-sized +// chunks rather than having to be generated all at once in an arbitrarily +// large buffer and then XORed into the result. If 'once' is TRUE, then +// 'sizeInBits' must be a multiple of 8. +// +// Any error in the processing of this command is considered fatal. +// Return Type: UINT16 +// 0 hash algorithm is not supported or is TPM_ALG_NULL +// > 0 the number of bytes in the 'keyStream' buffer +LIB_EXPORT UINT16 +CryptKDFa( + TPM_ALG_ID hashAlg, // IN: hash algorithm used in HMAC + const TPM2B *key, // IN: HMAC key + const TPM2B *label, // IN: a label for the KDF + const TPM2B *contextU, // IN: context U + const TPM2B *contextV, // IN: context V + UINT32 sizeInBits, // IN: size of generated key in bits + BYTE *keyStream, // OUT: key buffer + UINT32 *counterInOut, // IN/OUT: caller may provide the iteration + // counter for incremental operations to + // avoid large intermediate buffers. + UINT16 blocks // IN: If non-zero, this is the maximum number + // of blocks to be returned, regardless + // of sizeInBits + ) +{ + UINT32 counter = 0; // counter value + INT16 bytes; // number of bytes to produce + UINT16 generated; // number of bytes generated + BYTE *stream = keyStream; + HMAC_STATE hState; + UINT16 digestSize = CryptHashGetDigestSize(hashAlg); + + pAssert(key != NULL && keyStream != NULL); + + TEST(TPM_ALG_KDF1_SP800_108); + + if(digestSize == 0) + return 0; + + if(counterInOut != NULL) + counter = *counterInOut; + + // If the size of the request is larger than the numbers will handle, + // it is a fatal error. + pAssert(((sizeInBits + 7) / 8) <= INT16_MAX); + + // The number of bytes to be generated is the smaller of the sizeInBits bytes or + // the number of requested blocks. The number of blocks is the smaller of the + // number requested or the number allowed by sizeInBits. A partial block is + // a full block. + bytes = (blocks > 0) ? blocks * digestSize : (UINT16)BITS_TO_BYTES(sizeInBits); + generated = bytes; + + // Generate required bytes + for(; bytes > 0; bytes -= digestSize) + { + counter++; + // Start HMAC + if(CryptHmacStart(&hState, hashAlg, key->size, key->buffer) == 0) + return 0; + // Adding counter + CryptDigestUpdateInt(&hState.hashState, 4, counter); + + // Adding label + if(label != NULL) + HASH_DATA(&hState.hashState, label->size, (BYTE *)label->buffer); + // Add a null. SP108 is not very clear about when the 0 is needed but to + // make this like the previous version that did not add an 0x00 after + // a null-terminated string, this version will only add a null byte + // if the label parameter did not end in a null byte, or if no label + // is present. + if((label == NULL) + || (label->size == 0) + || (label->buffer[label->size - 1] != 0)) + CryptDigestUpdateInt(&hState.hashState, 1, 0); + // Adding contextU + if(contextU != NULL) + HASH_DATA(&hState.hashState, contextU->size, contextU->buffer); + // Adding contextV + if(contextV != NULL) + HASH_DATA(&hState.hashState, contextV->size, contextV->buffer); + // Adding size in bits + CryptDigestUpdateInt(&hState.hashState, 4, sizeInBits); + + // Complete and put the data in the buffer + CryptHmacEnd(&hState, bytes, stream); + stream = &stream[digestSize]; + } + // Masking in the KDF is disabled. If the calling function wants something + // less than even number of bytes, then the caller should do the masking + // because there is no universal way to do it here + if(counterInOut != NULL) + *counterInOut = counter; + return generated; +} + +//*** CryptKDFe() +// This function implements KDFe() as defined in TPM specification part 1. +// +// This function returns the number of bytes generated which may be zero. +// +// The 'Z' and 'keyStream' pointers are not allowed to be NULL. The other +// pointer values may be NULL. The value of 'sizeInBits' must be no larger +// than (2^18)-1 = 256K bits (32385 bytes). +// Any error in the processing of this command is considered fatal. +// Return Type: UINT16 +// 0 hash algorithm is not supported or is TPM_ALG_NULL +// > 0 the number of bytes in the 'keyStream' buffer +// +LIB_EXPORT UINT16 +CryptKDFe( + TPM_ALG_ID hashAlg, // IN: hash algorithm used in HMAC + TPM2B *Z, // IN: Z + const TPM2B *label, // IN: a label value for the KDF + TPM2B *partyUInfo, // IN: PartyUInfo + TPM2B *partyVInfo, // IN: PartyVInfo + UINT32 sizeInBits, // IN: size of generated key in bits + BYTE *keyStream // OUT: key buffer + ) +{ + HASH_STATE hashState; + PHASH_DEF hashDef = CryptGetHashDef(hashAlg); + + UINT32 counter = 0; // counter value + UINT16 hLen; + BYTE *stream = keyStream; + INT16 bytes; // number of bytes to generate + + pAssert(keyStream != NULL && Z != NULL && ((sizeInBits + 7) / 8) < INT16_MAX); +// + hLen = hashDef->digestSize; + bytes = (INT16)((sizeInBits + 7) / 8); + if(hashAlg == TPM_ALG_NULL || bytes == 0) + return 0; + + // Generate required bytes + //The inner loop of that KDF uses: + // Hash[i] := H(counter | Z | OtherInfo) (5) + // Where: + // Hash[i] the hash generated on the i-th iteration of the loop. + // H() an approved hash function + // counter a 32-bit counter that is initialized to 1 and incremented + // on each iteration + // Z the X coordinate of the product of a public ECC key and a + // different private ECC key. + // OtherInfo a collection of qualifying data for the KDF defined below. + // In this specification, OtherInfo will be constructed by: + // OtherInfo := Use | PartyUInfo | PartyVInfo + for(; bytes > 0; stream = &stream[hLen], bytes = bytes - hLen) + { + if(bytes < hLen) + hLen = bytes; + counter++; + // Do the hash + CryptHashStart(&hashState, hashAlg); + // Add counter + CryptDigestUpdateInt(&hashState, 4, counter); + + // Add Z + if(Z != NULL) + CryptDigestUpdate2B(&hashState, Z); + // Add label + if(label != NULL) + CryptDigestUpdate2B(&hashState, label); + // Add a null. SP108 is not very clear about when the 0 is needed but to + // make this like the previous version that did not add an 0x00 after + // a null-terminated string, this version will only add a null byte + // if the label parameter did not end in a null byte, or if no label + // is present. + if((label == NULL) + || (label->size == 0) + || (label->buffer[label->size - 1] != 0)) + CryptDigestUpdateInt(&hashState, 1, 0); + // Add PartyUInfo + if(partyUInfo != NULL) + CryptDigestUpdate2B(&hashState, partyUInfo); + + // Add PartyVInfo + if(partyVInfo != NULL) + CryptDigestUpdate2B(&hashState, partyVInfo); + + // Compute Hash. hLen was changed to be the smaller of bytes or hLen + // at the start of each iteration. + CryptHashEnd(&hashState, hLen, stream); + } + + // Mask off bits if the required bits is not a multiple of byte size + if((sizeInBits % 8) != 0) + keyStream[0] &= ((1 << (sizeInBits % 8)) - 1); + + return (UINT16)((sizeInBits + 7) / 8); +} \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptPrime.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptPrime.c new file mode 100644 index 000000000..14af46216 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptPrime.c @@ -0,0 +1,385 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +//** Introduction +// This file contains the code for prime validation. + +#include "Tpm.h" +#include "CryptPrime_fp.h" + +//#define CPRI_PRIME +//#include "PrimeTable.h" + +#include "CryptPrimeSieve_fp.h" + +extern const uint32_t s_LastPrimeInTable; +extern const uint32_t s_PrimeTableSize; +extern const uint32_t s_PrimesInTable; +extern const unsigned char s_PrimeTable[]; +extern bigConst s_CompositeOfSmallPrimes; + +//** Functions + +//*** Root2() +// This finds ceil(sqrt(n)) to use as a stopping point for searching the prime +// table. +static uint32_t +Root2( + uint32_t n + ) +{ + int32_t last = (int32_t)(n >> 2); + int32_t next = (int32_t)(n >> 1); + int32_t diff; + int32_t stop = 10; +// + // get a starting point + for(; next != 0; last >>= 1, next >>= 2); + last++; + do + { + next = (last + (n / last)) >> 1; + diff = next - last; + last = next; + if(stop-- == 0) + FAIL(FATAL_ERROR_INTERNAL); + } while(diff < -1 || diff > 1); + if((n / next) > (unsigned)next) + next++; + pAssert(next != 0); + pAssert(((n / next) <= (unsigned)next) && (n / (next + 1) < (unsigned)next)); + return next; +} + +//*** IsPrimeInt() +// This will do a test of a word of up to 32-bits in size. +BOOL +IsPrimeInt( + uint32_t n + ) +{ + uint32_t i; + uint32_t stop; + if(n < 3 || ((n & 1) == 0)) + return (n == 2); + if(n <= s_LastPrimeInTable) + { + n >>= 1; + return ((s_PrimeTable[n >> 3] >> (n & 7)) & 1); + } + // Need to search + stop = Root2(n) >> 1; + // starting at 1 is equivalent to staring at (1 << 1) + 1 = 3 + for(i = 1; i < stop; i++) + { + if((s_PrimeTable[i >> 3] >> (i & 7)) & 1) + // see if this prime evenly divides the number + if((n % ((i << 1) + 1)) == 0) + return FALSE; + } + return TRUE; +} + +//*** BnIsProbablyPrime() +// This function is used when the key sieve is not implemented. This function +// Will try to eliminate some of the obvious things before going on +// to perform MillerRabin as a final verification of primeness. +BOOL +BnIsProbablyPrime( + bigNum prime, // IN: + RAND_STATE *rand // IN: the random state just + // in case Miller-Rabin is required + ) +{ +#if RADIX_BITS > 32 + if(BnUnsignedCmpWord(prime, UINT32_MAX) <= 0) +#else + if(BnGetSize(prime) == 1) +#endif + return IsPrimeInt((uint32_t)prime->d[0]); + + if(BnIsEven(prime)) + return FALSE; + if(BnUnsignedCmpWord(prime, s_LastPrimeInTable) <= 0) + { + crypt_uword_t temp = prime->d[0] >> 1; + return ((s_PrimeTable[temp >> 3] >> (temp & 7)) & 1); + } + { + BN_VAR(n, LARGEST_NUMBER_BITS); + BnGcd(n, prime, s_CompositeOfSmallPrimes); + if(!BnEqualWord(n, 1)) + return FALSE; + } + return MillerRabin(prime, rand); +} + +//*** MillerRabinRounds() +// Function returns the number of Miller-Rabin rounds necessary to give an +// error probability equal to the security strength of the prime. These values +// are from FIPS 186-3. +UINT32 +MillerRabinRounds( + UINT32 bits // IN: Number of bits in the RSA prime + ) +{ + if(bits < 511) return 8; // don't really expect this + if(bits < 1536) return 5; // for 512 and 1K primes + return 4; // for 3K public modulus and greater +} + +//*** MillerRabin() +// This function performs a Miller-Rabin test from FIPS 186-3. It does +// 'iterations' trials on the number. In all likelihood, if the number +// is not prime, the first test fails. +// Return Type: BOOL +// TRUE(1) probably prime +// FALSE(0) composite +BOOL +MillerRabin( + bigNum bnW, + RAND_STATE *rand + ) +{ + BN_MAX(bnWm1); + BN_PRIME(bnM); + BN_PRIME(bnB); + BN_PRIME(bnZ); + BOOL ret = FALSE; // Assumed composite for easy exit + unsigned int a; + unsigned int j; + int wLen; + int i; + int iterations = MillerRabinRounds(BnSizeInBits(bnW)); +// + INSTRUMENT_INC(MillerRabinTrials[PrimeIndex]); + + pAssert(bnW->size > 1); + // Let a be the largest integer such that 2^a divides w1. + BnSubWord(bnWm1, bnW, 1); + pAssert(bnWm1->size != 0); + + // Since w is odd (w-1) is even so start at bit number 1 rather than 0 + // Get the number of bits in bnWm1 so that it doesn't have to be recomputed + // on each iteration. + i = (int)(bnWm1->size * RADIX_BITS); + // Now find the largest power of 2 that divides w1 + for(a = 1; + (a < (bnWm1->size * RADIX_BITS)) && + (BnTestBit(bnWm1, a) == 0); + a++); + // 2. m = (w1) / 2^a + BnShiftRight(bnM, bnWm1, a); + // 3. wlen = len (w). + wLen = BnSizeInBits(bnW); + // 4. For i = 1 to iterations do + for(i = 0; i < iterations; i++) + { + // 4.1 Obtain a string b of wlen bits from an RBG. + // Ensure that 1 < b < w1. + // 4.2 If ((b <= 1) or (b >= w1)), then go to step 4.1. + while(BnGetRandomBits(bnB, wLen, rand) && ((BnUnsignedCmpWord(bnB, 1) <= 0) + || (BnUnsignedCmp(bnB, bnWm1) >= 0))); + if(g_inFailureMode) + return FALSE; + + // 4.3 z = b^m mod w. + // if ModExp fails, then say this is not + // prime and bail out. + BnModExp(bnZ, bnB, bnM, bnW); + + // 4.4 If ((z == 1) or (z = w == 1)), then go to step 4.7. + if((BnUnsignedCmpWord(bnZ, 1) == 0) + || (BnUnsignedCmp(bnZ, bnWm1) == 0)) + goto step4point7; + // 4.5 For j = 1 to a 1 do. + for(j = 1; j < a; j++) + { + // 4.5.1 z = z^2 mod w. + BnModMult(bnZ, bnZ, bnZ, bnW); + // 4.5.2 If (z = w1), then go to step 4.7. + if(BnUnsignedCmp(bnZ, bnWm1) == 0) + goto step4point7; + // 4.5.3 If (z = 1), then go to step 4.6. + if(BnEqualWord(bnZ, 1)) + goto step4point6; + } + // 4.6 Return COMPOSITE. +step4point6: + INSTRUMENT_INC(failedAtIteration[i]); + goto end; + // 4.7 Continue. Comment: Increment i for the do-loop in step 4. +step4point7: + continue; + } + // 5. Return PROBABLY PRIME + ret = TRUE; +end: + return ret; +} + +#if ALG_RSA + +//*** RsaCheckPrime() +// This will check to see if a number is prime and appropriate for an +// RSA prime. +// +// This has different functionality based on whether we are using key +// sieving or not. If not, the number checked to see if it is divisible by +// the public exponent, then the number is adjusted either up or down +// in order to make it a better candidate. It is then checked for being +// probably prime. +// +// If sieving is used, the number is used to root a sieving process. +// +TPM_RC +RsaCheckPrime( + bigNum prime, + UINT32 exponent, + RAND_STATE *rand + ) +{ +#if !RSA_KEY_SIEVE + TPM_RC retVal = TPM_RC_SUCCESS; + UINT32 modE = BnModWord(prime, exponent); + + NOT_REFERENCED(rand); + + if(modE == 0) + // evenly divisible so add two keeping the number odd + BnAddWord(prime, prime, 2); + // want 0 != (p - 1) mod e + // which is 1 != p mod e + else if(modE == 1) + // subtract 2 keeping number odd and insuring that + // 0 != (p - 1) mod e + BnSubWord(prime, prime, 2); + + if(BnIsProbablyPrime(prime, rand) == 0) + ERROR_RETURN(g_inFailureMode ? TPM_RC_FAILURE : TPM_RC_VALUE); +Exit: + return retVal; +#else + return PrimeSelectWithSieve(prime, exponent, rand); +#endif +} + +//*** AdjustPrimeCandiate() +// For this math, we assume that the RSA numbers are fixed-point numbers with +// the decimal point to the "left" of the most significant bit. This approach helps +// make it clear what is happening with the MSb of the values. +// The two RSA primes have to be large enough so that their product will be a number +// with the necessary number of significant bits. For example, we want to be able +// to multiply two 1024-bit numbers to produce a number with 2028 significant bits. If +// we accept any 1024-bit prime that has its MSb set, then it is possible to produce a +// product that does not have the MSb SET. For example, if we use tiny keys of 16 bits +// and have two 8-bit 'primes' of 0x80, then the public key would be 0x4000 which is +// only 15-bits. So, what we need to do is made sure that each of the primes is large +// enough so that the product of the primes is twice as large as each prime. A little +// arithmetic will show that the only way to do this is to make sure that each of the +// primes is no less than root(2)/2. That's what this functions does. +// This function adjusts the candidate prime so that it is odd and >= root(2)/2. +// This allows the product of these two numbers to be .5, which, in fixed point +// notation means that the most significant bit is 1. +// For this routine, the root(2)/2 (0.7071067811865475) approximated with 0xB505 +// which is, in fixed point, 0.7071075439453125 or an error of 0.000108%. Just setting +// the upper two bits would give a value > 0.75 which is an error of > 6%. Given the +// amount of time all the other computations take, reducing the error is not much of +// a cost, but it isn't totally required either. +// +// This function can be replaced with a function that just sets the two most +// significant bits of each prime candidate without introducing any computational +// issues. +// +// +LIB_EXPORT void +RsaAdjustPrimeCandidate( + bigNum prime + ) +{ + UINT32 msw; + UINT32 adjusted; + + // If the radix is 32, the compiler should turn this into a simple assignment + msw = prime->d[prime->size - 1] >> ((RADIX_BITS == 64) ? 32 : 0); + // Multiplying 0xff...f by 0x4AFB gives 0xff..f - 0xB5050...0 + adjusted = (msw >> 16) * 0x4AFB; + adjusted += ((msw & 0xFFFF) * 0x4AFB) >> 16; + adjusted += 0xB5050000UL; +#if RADIX_BITS == 64 + // Save the low-order 32 bits + prime->d[prime->size - 1] &= 0xFFFFFFFFUL; + // replace the upper 32-bits + prime->d[prime->size -1] |= ((crypt_uword_t)adjusted << 32); +#else + prime->d[prime->size - 1] = (crypt_uword_t)adjusted; +#endif + // make sure the number is odd + prime->d[0] |= 1; +} + +//***BnGeneratePrimeForRSA() +// Function to generate a prime of the desired size with the proper attributes +// for an RSA prime. +TPM_RC +BnGeneratePrimeForRSA( + bigNum prime, // IN/OUT: points to the BN that will get the + // random value + UINT32 bits, // IN: number of bits to get + UINT32 exponent, // IN: the exponent + RAND_STATE *rand // IN: the random state + ) +{ + BOOL found = FALSE; +// + // Make sure that the prime is large enough + pAssert(prime->allocated >= BITS_TO_CRYPT_WORDS(bits)); + // Only try to handle specific sizes of keys in order to save overhead + pAssert((bits % 32) == 0); + prime->size = BITS_TO_CRYPT_WORDS(bits); + while(!found) + { +// The change below is to make sure that all keys that are generated from the same +// seed value will be the same regardless of the endianess or word size of the CPU. +// DRBG_Generate(rand, (BYTE *)prime->d, (UINT16)BITS_TO_BYTES(bits));// old +// if(g_inFailureMode) // old + if(!BnGetRandomBits(prime, bits, rand)) // new + return TPM_RC_FAILURE; + RsaAdjustPrimeCandidate(prime); + found = RsaCheckPrime(prime, exponent, rand) == TPM_RC_SUCCESS; + } + return TPM_RC_SUCCESS; +} + +#endif // ALG_RSA \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptPrimeSieve.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptPrimeSieve.c new file mode 100644 index 000000000..6c9c0c174 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptPrimeSieve.c @@ -0,0 +1,571 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +//** Includes and defines + +#include "Tpm.h" + +#if RSA_KEY_SIEVE + +#include "CryptPrimeSieve_fp.h" + +// This determines the number of bits in the largest sieve field. +#define MAX_FIELD_SIZE 2048 + +extern const uint32_t s_LastPrimeInTable; +extern const uint32_t s_PrimeTableSize; +extern const uint32_t s_PrimesInTable; +extern const unsigned char s_PrimeTable[]; + +// This table is set of prime markers. Each entry is the prime value +// for the ((n + 1) * 1024) prime. That is, the entry in s_PrimeMarkers[1] +// is the value for the 2,048th prime. This is used in the PrimeSieve +// to adjust the limit for the prime search. When processing smaller +// prime candidates, fewer primes are checked directly before going to +// Miller-Rabin. As the prime grows, it is worth spending more time eliminating +// primes as, a) the density is lower, and b) the cost of Miller-Rabin is +// higher. +const uint32_t s_PrimeMarkersCount = 6; +const uint32_t s_PrimeMarkers[] = { + 8167, 17881, 28183, 38891, 49871, 60961 }; +uint32_t primeLimit; + +//** Functions + +//*** RsaAdjustPrimeLimit() +// This used during the sieve process. The iterator for getting the +// next prime (RsaNextPrime()) will return primes until it hits the +// limit (primeLimit) set up by this function. This causes the sieve +// process to stop when an appropriate number of primes have been +// sieved. +LIB_EXPORT void +RsaAdjustPrimeLimit( + uint32_t requestedPrimes + ) +{ + if(requestedPrimes == 0 || requestedPrimes > s_PrimesInTable) + requestedPrimes = s_PrimesInTable; + requestedPrimes = (requestedPrimes - 1) / 1024; + if(requestedPrimes < s_PrimeMarkersCount) + primeLimit = s_PrimeMarkers[requestedPrimes]; + else + primeLimit = s_LastPrimeInTable; + primeLimit >>= 1; + +} + +//*** RsaNextPrime() +// This the iterator used during the sieve process. The input is the +// last prime returned (or any starting point) and the output is the +// next higher prime. The function returns 0 when the primeLimit is +// reached. +LIB_EXPORT uint32_t +RsaNextPrime( + uint32_t lastPrime + ) +{ + if(lastPrime == 0) + return 0; + lastPrime >>= 1; + for(lastPrime += 1; lastPrime <= primeLimit; lastPrime++) + { + if(((s_PrimeTable[lastPrime >> 3] >> (lastPrime & 0x7)) & 1) == 1) + return ((lastPrime << 1) + 1); + } + return 0; +} + +// This table contains a previously sieved table. It has +// the bits for 3, 5, and 7 removed. Because of the +// factors, it needs to be aligned to 105 and has +// a repeat of 105. +const BYTE seedValues[] = { + 0x16, 0x29, 0xcb, 0xa4, 0x65, 0xda, 0x30, 0x6c, + 0x99, 0x96, 0x4c, 0x53, 0xa2, 0x2d, 0x52, 0x96, + 0x49, 0xcb, 0xb4, 0x61, 0xd8, 0x32, 0x2d, 0x99, + 0xa6, 0x44, 0x5b, 0xa4, 0x2c, 0x93, 0x96, 0x69, + 0xc3, 0xb0, 0x65, 0x5a, 0x32, 0x4d, 0x89, 0xb6, + 0x48, 0x59, 0x26, 0x2d, 0xd3, 0x86, 0x61, 0xcb, + 0xb4, 0x64, 0x9a, 0x12, 0x6d, 0x91, 0xb2, 0x4c, + 0x5a, 0xa6, 0x0d, 0xc3, 0x96, 0x69, 0xc9, 0x34, + 0x25, 0xda, 0x22, 0x65, 0x99, 0xb4, 0x4c, 0x1b, + 0x86, 0x2d, 0xd3, 0x92, 0x69, 0x4a, 0xb4, 0x45, + 0xca, 0x32, 0x69, 0x99, 0x36, 0x0c, 0x5b, 0xa6, + 0x25, 0xd3, 0x94, 0x68, 0x8b, 0x94, 0x65, 0xd2, + 0x32, 0x6d, 0x18, 0xb6, 0x4c, 0x4b, 0xa6, 0x29, + 0xd1}; + +#define USE_NIBBLE + +#ifndef USE_NIBBLE +static const BYTE bitsInByte[256] = { + 0x00, 0x01, 0x01, 0x02, 0x01, 0x02, 0x02, 0x03, + 0x01, 0x02, 0x02, 0x03, 0x02, 0x03, 0x03, 0x04, + 0x01, 0x02, 0x02, 0x03, 0x02, 0x03, 0x03, 0x04, + 0x02, 0x03, 0x03, 0x04, 0x03, 0x04, 0x04, 0x05, + 0x01, 0x02, 0x02, 0x03, 0x02, 0x03, 0x03, 0x04, + 0x02, 0x03, 0x03, 0x04, 0x03, 0x04, 0x04, 0x05, + 0x02, 0x03, 0x03, 0x04, 0x03, 0x04, 0x04, 0x05, + 0x03, 0x04, 0x04, 0x05, 0x04, 0x05, 0x05, 0x06, + 0x01, 0x02, 0x02, 0x03, 0x02, 0x03, 0x03, 0x04, + 0x02, 0x03, 0x03, 0x04, 0x03, 0x04, 0x04, 0x05, + 0x02, 0x03, 0x03, 0x04, 0x03, 0x04, 0x04, 0x05, + 0x03, 0x04, 0x04, 0x05, 0x04, 0x05, 0x05, 0x06, + 0x02, 0x03, 0x03, 0x04, 0x03, 0x04, 0x04, 0x05, + 0x03, 0x04, 0x04, 0x05, 0x04, 0x05, 0x05, 0x06, + 0x03, 0x04, 0x04, 0x05, 0x04, 0x05, 0x05, 0x06, + 0x04, 0x05, 0x05, 0x06, 0x05, 0x06, 0x06, 0x07, + 0x01, 0x02, 0x02, 0x03, 0x02, 0x03, 0x03, 0x04, + 0x02, 0x03, 0x03, 0x04, 0x03, 0x04, 0x04, 0x05, + 0x02, 0x03, 0x03, 0x04, 0x03, 0x04, 0x04, 0x05, + 0x03, 0x04, 0x04, 0x05, 0x04, 0x05, 0x05, 0x06, + 0x02, 0x03, 0x03, 0x04, 0x03, 0x04, 0x04, 0x05, + 0x03, 0x04, 0x04, 0x05, 0x04, 0x05, 0x05, 0x06, + 0x03, 0x04, 0x04, 0x05, 0x04, 0x05, 0x05, 0x06, + 0x04, 0x05, 0x05, 0x06, 0x05, 0x06, 0x06, 0x07, + 0x02, 0x03, 0x03, 0x04, 0x03, 0x04, 0x04, 0x05, + 0x03, 0x04, 0x04, 0x05, 0x04, 0x05, 0x05, 0x06, + 0x03, 0x04, 0x04, 0x05, 0x04, 0x05, 0x05, 0x06, + 0x04, 0x05, 0x05, 0x06, 0x05, 0x06, 0x06, 0x07, + 0x03, 0x04, 0x04, 0x05, 0x04, 0x05, 0x05, 0x06, + 0x04, 0x05, 0x05, 0x06, 0x05, 0x06, 0x06, 0x07, + 0x04, 0x05, 0x05, 0x06, 0x05, 0x06, 0x06, 0x07, + 0x05, 0x06, 0x06, 0x07, 0x06, 0x07, 0x07, 0x08 +}; +#define BitsInByte(x) bitsInByte[(unsigned char)x] +#else +const BYTE bitsInNibble[16] = { + 0x00, 0x01, 0x01, 0x02, 0x01, 0x02, 0x02, 0x03, + 0x01, 0x02, 0x02, 0x03, 0x02, 0x03, 0x03, 0x04}; +#define BitsInByte(x) \ + (bitsInNibble[(unsigned char)(x) & 0xf] \ + + bitsInNibble[((unsigned char)(x) >> 4) & 0xf]) +#endif + +//*** BitsInArry() +// This function counts the number of bits set in an array of bytes. +static int +BitsInArray( + const unsigned char *a, // IN: A pointer to an array of bytes + unsigned int aSize // IN: the number of bytes to sum + ) +{ + int j = 0; + for(; aSize; a++, aSize--) + j += BitsInByte(*a); + return j; +} + +//*** FindNthSetBit() +// This function finds the nth SET bit in a bit array. The 'n' parameter is +// between 1 and the number of bits in the array (always a multiple of 8). +// If called when the array does not have n bits set, it will return -1 +// Return Type: unsigned int +// <0 no bit is set or no bit with the requested number is set +// >=0 the number of the bit in the array that is the nth set +LIB_EXPORT int +FindNthSetBit( + const UINT16 aSize, // IN: the size of the array to check + const BYTE *a, // IN: the array to check + const UINT32 n // IN, the number of the SET bit + ) +{ + UINT16 i; + int retValue; + UINT32 sum = 0; + BYTE sel; + + //find the bit + for(i = 0; (i < (int)aSize) && (sum < n); i++) + sum += BitsInByte(a[i]); + i--; + // The chosen bit is in the byte that was just accessed + // Compute the offset to the start of that byte + retValue = i * 8 - 1; + sel = a[i]; + // Subtract the bits in the last byte added. + sum -= BitsInByte(sel); + // Now process the byte, one bit at a time. + for(; (sel != 0) && (sum != n); retValue++, sel = sel >> 1) + sum += (sel & 1) != 0; + return (sum == n) ? retValue : -1; +} + +typedef struct +{ + UINT16 prime; + UINT16 count; +} SIEVE_MARKS; + +const SIEVE_MARKS sieveMarks[5] = { + {31, 7}, {73, 5}, {241, 4}, {1621, 3}, {UINT16_MAX, 2}}; + + +//*** PrimeSieve() +// This function does a prime sieve over the input 'field' which has as its +// starting address the value in bnN. Since this initializes the Sieve +// using a precomputed field with the bits associated with 3, 5 and 7 already +// turned off, the value of pnN may need to be adjusted by a few counts to allow +// the precomputed field to be used without modification. +// +// To get better performance, one could address the issue of developing the +// composite numbers. When the size of the prime gets large, the time for doing +// the divisions goes up, noticeably. It could be better to develop larger composite +// numbers even if they need to be bigNum's themselves. The object would be to +// reduce the number of times that the large prime is divided into a few large +// divides and then use smaller divides to get to the final 16 bit (or smaller) +// remainders. +LIB_EXPORT UINT32 +PrimeSieve( + bigNum bnN, // IN/OUT: number to sieve + UINT32 fieldSize, // IN: size of the field area in bytes + BYTE *field // IN: field + ) +{ + UINT32 i; + UINT32 j; + UINT32 fieldBits = fieldSize * 8; + UINT32 r; + BYTE *pField; + INT32 iter; + UINT32 adjust; + UINT32 mark = 0; + UINT32 count = sieveMarks[0].count; + UINT32 stop = sieveMarks[0].prime; + UINT32 composite; + UINT32 pList[8]; + UINT32 next; + + pAssert(field != NULL && bnN != NULL); + + // If the remainder is odd, then subtracting the value will give an even number, + // but we want an odd number, so subtract the 105+rem. Otherwise, just subtract + // the even remainder. + adjust = (UINT32)BnModWord(bnN, 105); + if(adjust & 1) + adjust += 105; + + // Adjust the input number so that it points to the first number in a + // aligned field. + BnSubWord(bnN, bnN, adjust); +// pAssert(BnModWord(bnN, 105) == 0); + pField = field; + for(i = fieldSize; i >= sizeof(seedValues); + pField += sizeof(seedValues), i -= sizeof(seedValues)) + { + memcpy(pField, seedValues, sizeof(seedValues)); + } + if(i != 0) + memcpy(pField, seedValues, i); + + // Cycle through the primes, clearing bits + // Have already done 3, 5, and 7 + iter = 7; + +#define NEXT_PRIME(iter) (iter = RsaNextPrime(iter)) + // Get the next N primes where N is determined by the mark in the sieveMarks + while((composite = NEXT_PRIME(iter)) != 0) + { + next = 0; + i = count; + pList[i--] = composite; + for(; i > 0; i--) + { + next = NEXT_PRIME(iter); + pList[i] = next; + if(next != 0) + composite *= next; + } + // Get the remainder when dividing the base field address + // by the composite + composite = (UINT32)BnModWord(bnN, composite); + // 'composite' is divisible by the composite components. for each of the + // composite components, divide 'composite'. That remainder (r) is used to + // pick a starting point for clearing the array. The stride is equal to the + // composite component. Note, the field only contains odd numbers. If the + // field were expanded to contain all numbers, then half of the bits would + // have already been cleared. We can save the trouble of clearing them a + // second time by having a stride of 2*next. Or we can take all of the even + // numbers out of the field and use a stride of 'next' + for(i = count; i > 0; i--) + { + next = pList[i]; + if(next == 0) + goto done; + r = composite % next; + // these computations deal with the fact that we have picked a field-sized + // range that is aligned to a 105 count boundary. The problem is, this field + // only contains odd numbers. If we take our prime guess and walk through all + // the numbers using that prime as the 'stride', then every other 'stride' is + // going to be an even number. So, we are actually counting by 2 * the stride + // We want the count to start on an odd number at the start of our field. That + // is, we want to assume that we have counted up to the edge of the field by + // the 'stride' and now we are going to start flipping bits in the field as we + // continue to count up by 'stride'. If we take the base of our field and + // divide by the stride, we find out how much we find out how short the last + // count was from reaching the edge of the bit field. Say we get a quotient of + // 3 and remainder of 1. This means that after 3 strides, we are 1 short of + // the start of the field and the next stride will either land within the + // field or step completely over it. The confounding factor is that our field + // only contains odd numbers and our stride is actually 2 * stride. If the + // quoitent is even, then that means that when we add 2 * stride, we are going + // to hit another even number. So, we have to know if we need to back off + // by 1 stride before we start couting by 2 * stride. + // We can tell from the remainder whether we are on an even or odd + // stride when we hit the beginning of the table. If we are on an odd stride + // (r & 1), we would start half a stride in (next - r)/2. If we are on an + // even stride, we need 0.5 strides (next - r/2) because the table only has + // odd numbers. If the remainder happens to be zero, then the start of the + // table is on stride so no adjustment is necessary. + if(r & 1) j = (next - r) / 2; + else if(r == 0) j = 0; + else j = next - (r / 2); + for(; j < fieldBits; j += next) + ClearBit(j, field, fieldSize); + } + if(next >= stop) + { + mark++; + count = sieveMarks[mark].count; + stop = sieveMarks[mark].prime; + } + } +done: + INSTRUMENT_INC(totalFieldsSieved[PrimeIndex]); + i = BitsInArray(field, fieldSize); + INSTRUMENT_ADD(bitsInFieldAfterSieve[PrimeIndex], i); + INSTRUMENT_ADD(emptyFieldsSieved[PrimeIndex], (i == 0)); + return i; +} + + + +#ifdef SIEVE_DEBUG +static uint32_t fieldSize = 210; + +//***SetFieldSize() +// Function to set the field size used for prime generation. Used for tuning. +LIB_EXPORT uint32_t +SetFieldSize( + uint32_t newFieldSize + ) +{ + if(newFieldSize == 0 || newFieldSize > MAX_FIELD_SIZE) + fieldSize = MAX_FIELD_SIZE; + else + fieldSize = newFieldSize; + return fieldSize; +} +#endif // SIEVE_DEBUG + +//*** PrimeSelectWithSieve() +// This function will sieve the field around the input prime candidate. If the +// sieve field is not empty, one of the one bits in the field is chosen for testing +// with Miller-Rabin. If the value is prime, 'pnP' is updated with this value +// and the function returns success. If this value is not prime, another +// pseudo-random candidate is chosen and tested. This process repeats until +// all values in the field have been checked. If all bits in the field have +// been checked and none is prime, the function returns FALSE and a new random +// value needs to be chosen. +// Return Type: TPM_RC +// TPM_RC_FAILURE TPM in failure mode, probably due to entropy source +// TPM_RC_SUCCESS candidate is probably prime +// TPM_RC_NO_RESULT candidate is not prime and couldn't find and alternative +// in the field +LIB_EXPORT TPM_RC +PrimeSelectWithSieve( + bigNum candidate, // IN/OUT: The candidate to filter + UINT32 e, // IN: the exponent + RAND_STATE *rand // IN: the random number generator state + ) +{ + BYTE field[MAX_FIELD_SIZE]; + UINT32 first; + UINT32 ones; + INT32 chosen; + BN_PRIME(test); + UINT32 modE; +#ifndef SIEVE_DEBUG + UINT32 fieldSize = MAX_FIELD_SIZE; +#endif + UINT32 primeSize; +// + // Adjust the field size and prime table list to fit the size of the prime + // being tested. This is done to try to optimize the trade-off between the + // dividing done for sieving and the time for Miller-Rabin. When the size + // of the prime is large, the cost of Miller-Rabin is fairly high, as is the + // cost of the sieving. However, the time for Miller-Rabin goes up considerably + // faster than the cost of dividing by a number of primes. + primeSize = BnSizeInBits(candidate); + + if(primeSize <= 512) + { + RsaAdjustPrimeLimit(1024); // Use just the first 1024 primes + } + else if(primeSize <= 1024) + { + RsaAdjustPrimeLimit(4096); // Use just the first 4K primes + } + else + { + RsaAdjustPrimeLimit(0); // Use all available + } + + // Save the low-order word to use as a search generator and make sure that + // it has some interesting range to it + first = (UINT32)(candidate->d[0] | 0x80000000); + + // Sieve the field + ones = PrimeSieve(candidate, fieldSize, field); + pAssert(ones > 0 && ones < (fieldSize * 8)); + for(; ones > 0; ones--) + { + // Decide which bit to look at and find its offset + chosen = FindNthSetBit((UINT16)fieldSize, field, ((first % ones) + 1)); + + if((chosen < 0) || (chosen >= (INT32)(fieldSize * 8))) + FAIL(FATAL_ERROR_INTERNAL); + + // Set this as the trial prime + BnAddWord(test, candidate, (crypt_uword_t)(chosen * 2)); + + // The exponent might not have been one of the tested primes so + // make sure that it isn't divisible and make sure that 0 != (p-1) mod e + // Note: This is the same as 1 != p mod e + modE = (UINT32)BnModWord(test, e); + if((modE != 0) && (modE != 1) && MillerRabin(test, rand)) + { + BnCopy(candidate, test); + return TPM_RC_SUCCESS; + } + // Clear the bit just tested + ClearBit(chosen, field, fieldSize); + } + // Ran out of bits and couldn't find a prime in this field + INSTRUMENT_INC(noPrimeFields[PrimeIndex]); + return (g_inFailureMode ? TPM_RC_FAILURE : TPM_RC_NO_RESULT); +} + +#if RSA_INSTRUMENT +static char a[256]; + +//*** PrintTuple() +char * +PrintTuple( + UINT32 *i + ) +{ + sprintf(a, "{%d, %d, %d}", i[0], i[1], i[2]); + return a; +} + +#define CLEAR_VALUE(x) memset(x, 0, sizeof(x)) + +//*** RsaSimulationEnd() +void +RsaSimulationEnd( + void + ) +{ + int i; + UINT32 averages[3]; + UINT32 nonFirst = 0; + if((PrimeCounts[0] + PrimeCounts[1] + PrimeCounts[2]) != 0) + { + printf("Primes generated = %s\n", PrintTuple(PrimeCounts)); + printf("Fields sieved = %s\n", PrintTuple(totalFieldsSieved)); + printf("Fields with no primes = %s\n", PrintTuple(noPrimeFields)); + printf("Primes checked with Miller-Rabin = %s\n", + PrintTuple(MillerRabinTrials)); + for(i = 0; i < 3; i++) + averages[i] = (totalFieldsSieved[i] + != 0 ? bitsInFieldAfterSieve[i] / totalFieldsSieved[i] + : 0); + printf("Average candidates in field %s\n", PrintTuple(averages)); + for(i = 1; i < (sizeof(failedAtIteration) / sizeof(failedAtIteration[0])); + i++) + nonFirst += failedAtIteration[i]; + printf("Miller-Rabin failures not in first round = %d\n", nonFirst); + + } + CLEAR_VALUE(PrimeCounts); + CLEAR_VALUE(totalFieldsSieved); + CLEAR_VALUE(noPrimeFields); + CLEAR_VALUE(MillerRabinTrials); + CLEAR_VALUE(bitsInFieldAfterSieve); +} + +//*** GetSieveStats() +LIB_EXPORT void +GetSieveStats( + uint32_t *trials, + uint32_t *emptyFields, + uint32_t *averageBits + ) +{ + uint32_t totalBits; + uint32_t fields; + *trials = MillerRabinTrials[0] + MillerRabinTrials[1] + MillerRabinTrials[2]; + *emptyFields = noPrimeFields[0] + noPrimeFields[1] + noPrimeFields[2]; + fields = totalFieldsSieved[0] + totalFieldsSieved[1] + + totalFieldsSieved[2]; + totalBits = bitsInFieldAfterSieve[0] + bitsInFieldAfterSieve[1] + + bitsInFieldAfterSieve[2]; + if(fields != 0) + *averageBits = totalBits / fields; + else + *averageBits = 0; + CLEAR_VALUE(PrimeCounts); + CLEAR_VALUE(totalFieldsSieved); + CLEAR_VALUE(noPrimeFields); + CLEAR_VALUE(MillerRabinTrials); + CLEAR_VALUE(bitsInFieldAfterSieve); + +} +#endif + +#endif // RSA_KEY_SIEVE + +#if !RSA_INSTRUMENT + +//*** RsaSimulationEnd() +// Stub for call when not doing instrumentation. +void +RsaSimulationEnd( + void + ) +{ + return; +} +#endif \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptRand.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptRand.c new file mode 100644 index 000000000..c41eb41af --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptRand.c @@ -0,0 +1,950 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +//** Introduction +// This file implements a DRBG with a behavior according to SP800-90A using +// a block cypher. This is also compliant to ISO/IEC 18031:2011(E) C.3.2. +// +// A state structure is created for use by TPM.lib and functions +// within the CryptoEngine my use their own state structures when they need to have +// deterministic values. +// +// A debug mode is available that allows the random numbers generated for TPM.lib +// to be repeated during runs of the simulator. The switch for it is in +// TpmBuildSwitches.h. It is USE_DEBUG_RNG. +// +// +// This is the implementation layer of CTR DRGB mechanism as defined in SP800-90A +// and the functions are organized as closely as practical to the organization in +// SP800-90A. It is intended to be compiled as a separate module that is linked +// with a secure application so that both reside inside the same boundary +// [SP 800-90A 8.5]. The secure application in particular manages the accesses +// protected storage for the state of the DRBG instantiations, and supplies the +// implementation functions here with a valid pointer to the working state of the +// given instantiations (as a DRBG_STATE structure). +// +// This DRBG mechanism implementation does not support prediction resistance. Thus +// 'prediction_resistance_flag' is omitted from Instantiate_function(), +// Reseed_function(), Generate_function() argument lists [SP 800-90A 9.1, 9.2, +// 9.3], as well as from the working state data structure DRBG_STATE [SP 800-90A +// 9.1]. +// +// This DRBG mechanism implementation always uses the highest security strength of +// available in the block ciphers. Thus 'requested_security_strength' parameter is +// omitted from Instantiate_function() and Generate_function() argument lists +// [SP 800-90A 9.1, 9.2, 9.3], as well as from the working state data structure +// DRBG_STATE [SP 800-90A 9.1]. +// +// Internal functions (ones without Crypt prefix) expect validated arguments and +// therefore use assertions instead of runtime parameter checks and mostly return +// void instead of a status value. + +#include "Tpm.h" + +// Pull in the test vector definitions and define the space +#include "PRNG_TestVectors.h" + +const BYTE DRBG_NistTestVector_Entropy[] = {DRBG_TEST_INITIATE_ENTROPY}; +const BYTE DRBG_NistTestVector_GeneratedInterm[] = + {DRBG_TEST_GENERATED_INTERM}; + +const BYTE DRBG_NistTestVector_EntropyReseed[] = + {DRBG_TEST_RESEED_ENTROPY}; +const BYTE DRBG_NistTestVector_Generated[] = {DRBG_TEST_GENERATED}; + +//** Derivation Functions +//*** Description +// The functions in this section are used to reduce the personalization input values +// to make them usable as input for reseeding and instantiation. The overall +// behavior is intended to produce the same results as described in SP800-90A, +// section 10.4.2 "Derivation Function Using a Block Cipher Algorithm +// (Block_Cipher_df)." The code is broken into several subroutines to deal with the +// fact that the data used for personalization may come in several separate blocks +// such as a Template hash and a proof value and a primary seed. + +//*** Derivation Function Defines and Structures + +#define DF_COUNT (DRBG_KEY_SIZE_WORDS / DRBG_IV_SIZE_WORDS + 1) +#if DRBG_KEY_SIZE_BITS != 128 && DRBG_KEY_SIZE_BITS != 256 +# error "CryptRand.c only written for AES with 128- or 256-bit keys." +#endif + +typedef struct +{ + DRBG_KEY_SCHEDULE keySchedule; + DRBG_IV iv[DF_COUNT]; + DRBG_IV out1; + DRBG_IV buf; + int contents; +} DF_STATE, *PDF_STATE; + +//*** DfCompute() +// This function does the incremental update of the derivation function state. It +// encrypts the 'iv' value and XOR's the results into each of the blocks of the +// output. This is equivalent to processing all of input data for each output block. +static void +DfCompute( + PDF_STATE dfState + ) +{ + int i; + int iv; + crypt_uword_t *pIv; + crypt_uword_t temp[DRBG_IV_SIZE_WORDS] = {0}; +// + for(iv = 0; iv < DF_COUNT; iv++) + { + pIv = (crypt_uword_t *)&dfState->iv[iv].words[0]; + for(i = 0; i < DRBG_IV_SIZE_WORDS; i++) + { + temp[i] ^= pIv[i] ^ dfState->buf.words[i]; + } + DRBG_ENCRYPT(&dfState->keySchedule, &temp, pIv); + } + for(i = 0; i < DRBG_IV_SIZE_WORDS; i++) + dfState->buf.words[i] = 0; + dfState->contents = 0; +} + +//*** DfStart() +// This initializes the output blocks with an encrypted counter value and +// initializes the key schedule. +static void +DfStart( + PDF_STATE dfState, + uint32_t inputLength + ) +{ + BYTE init[8]; + int i; + UINT32 drbgSeedSize = sizeof(DRBG_SEED); + + const BYTE dfKey[DRBG_KEY_SIZE_BYTES] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f + #if DRBG_KEY_SIZE_BYTES > 16 + ,0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f + #endif + }; + memset(dfState, 0, sizeof(DF_STATE)); + DRBG_ENCRYPT_SETUP(&dfKey[0], DRBG_KEY_SIZE_BITS, &dfState->keySchedule); + // Create the first chaining values + for(i = 0; i < DF_COUNT; i++) + ((BYTE *)&dfState->iv[i])[3] = (BYTE)i; + DfCompute(dfState); + // initialize the first 64 bits of the IV in a way that doesn't depend + // on the size of the words used. + UINT32_TO_BYTE_ARRAY(inputLength, init); + UINT32_TO_BYTE_ARRAY(drbgSeedSize, &init[4]); + memcpy(&dfState->iv[0], init, 8); + dfState->contents = 4; +} + +//*** DfUpdate() +// This updates the state with the input data. A byte at a time is moved into the +// state buffer until it is full and then that block is encrypted by DfCompute(). +static void +DfUpdate( + PDF_STATE dfState, + int size, + const BYTE *data + ) +{ + while(size > 0) + { + int toFill = DRBG_IV_SIZE_BYTES - dfState->contents; + if(size < toFill) + toFill = size; + // Copy as many bytes as there are or until the state buffer is full + memcpy(&dfState->buf.bytes[dfState->contents], data, toFill); + // Reduce the size left by the amount copied + size -= toFill; + // Advance the data pointer by the amount copied + data += toFill; + // increase the buffer contents count by the amount copied + dfState->contents += toFill; + pAssert(dfState->contents <= DRBG_IV_SIZE_BYTES); + // If we have a full buffer, do a computation pass. + if(dfState->contents == DRBG_IV_SIZE_BYTES) + DfCompute(dfState); + } +} + +//*** DfEnd() +// This function is called to get the result of the derivation function computation. +// If the buffer is not full, it is padded with zeros. The output buffer is +// structured to be the same as a DRBG_SEED value so that the function can return +// a pointer to the DRBG_SEED value in the DF_STATE structure. +static DRBG_SEED * +DfEnd( + PDF_STATE dfState + ) +{ + // Since DfCompute is always called when a buffer is full, there is always + // space in the buffer for the terminator + dfState->buf.bytes[dfState->contents++] = 0x80; + // If the buffer is not full, pad with zeros + while(dfState->contents < DRBG_IV_SIZE_BYTES) + dfState->buf.bytes[dfState->contents++] = 0; + // Do a final state update + DfCompute(dfState); + return (DRBG_SEED *)&dfState->iv; +} + +//*** DfBuffer() +// Function to take an input buffer and do the derivation function to produce a +// DRBG_SEED value that can be used in DRBG_Reseed(); +static DRBG_SEED * +DfBuffer( + DRBG_SEED *output, // OUT: receives the result + int size, // IN: size of the buffer to add + BYTE *buf // IN: address of the buffer + ) +{ + DF_STATE dfState; + if(size == 0 || buf == NULL) + return NULL; + // Initialize the derivation function + DfStart(&dfState, size); + DfUpdate(&dfState, size, buf); + DfEnd(&dfState); + memcpy(output, &dfState.iv[0], sizeof(DRBG_SEED)); + return output; +} + +//*** DRBG_GetEntropy() +// Even though this implementation never fails, it may get blocked +// indefinitely long in the call to get entropy from the platform +// (DRBG_GetEntropy32()). +// This function is only used during instantiation of the DRBG for +// manufacturing and on each start-up after an non-orderly shutdown. +// Return Type: BOOL +// TRUE(1) requested entropy returned +// FALSE(0) entropy Failure +BOOL +DRBG_GetEntropy( + UINT32 requiredEntropy, // IN: requested number of bytes of full + // entropy + BYTE *entropy // OUT: buffer to return collected entropy + ) +{ +#if !USE_DEBUG_RNG + + UINT32 obtainedEntropy; + INT32 returnedEntropy; + +// If in debug mode, always use the self-test values for initialization + if(IsSelfTest()) + { +#endif + // If doing simulated DRBG, then check to see if the + // entropyFailure condition is being tested + if(!IsEntropyBad()) + { + // In self-test, the caller should be asking for exactly the seed + // size of entropy. + pAssert(requiredEntropy == sizeof(DRBG_NistTestVector_Entropy)); + memcpy(entropy, DRBG_NistTestVector_Entropy, + sizeof(DRBG_NistTestVector_Entropy)); + } +#if !USE_DEBUG_RNG + } + else if(!IsEntropyBad()) + { + // Collect entropy + // Note: In debug mode, the only "entropy" value ever returned + // is the value of the self-test vector. + for(returnedEntropy = 1, obtainedEntropy = 0; + obtainedEntropy < requiredEntropy && !IsEntropyBad(); + obtainedEntropy += returnedEntropy) + { + returnedEntropy = _plat__GetEntropy(&entropy[obtainedEntropy], + requiredEntropy - obtainedEntropy); + if(returnedEntropy <= 0) + SetEntropyBad(); + } + } +#endif + return !IsEntropyBad(); +} + +//*** IncrementIv() +// This function increments the IV value by 1. It is used by EncryptDRBG(). +void +IncrementIv( + DRBG_IV *iv + ) +{ + BYTE *ivP = ((BYTE *)iv) + DRBG_IV_SIZE_BYTES; + while((--ivP >= (BYTE *)iv) && ((*ivP = ((*ivP + 1) & 0xFF)) == 0)); +} + +//*** EncryptDRBG() +// This does the encryption operation for the DRBG. It will encrypt +// the input state counter (IV) using the state key. Into the output +// buffer for as many times as it takes to generate the required +// number of bytes. +static BOOL +EncryptDRBG( + BYTE *dOut, + UINT32 dOutBytes, + DRBG_KEY_SCHEDULE *keySchedule, + DRBG_IV *iv, + UINT32 *lastValue // Points to the last output value + ) +{ +#if FIPS_COMPLIANT +// For FIPS compliance, the DRBG has to do a continuous self-test to make sure that +// no two consecutive values are the same. This overhead is not incurred if the TPM +// is not required to be FIPS compliant +// + UINT32 temp[DRBG_IV_SIZE_BYTES / sizeof(UINT32)]; + int i; + BYTE *p; + + for(; dOutBytes > 0;) + { + // Increment the IV before each encryption (this is what makes this + // different from normal counter-mode encryption + IncrementIv(iv); + DRBG_ENCRYPT(keySchedule, iv, temp); +// Expect a 16 byte block +#if DRBG_IV_SIZE_BITS != 128 +#error "Unsuppored IV size in DRBG" +#endif + if((lastValue[0] == temp[0]) + && (lastValue[1] == temp[1]) + && (lastValue[2] == temp[2]) + && (lastValue[3] == temp[3]) + ) + { + LOG_FAILURE(FATAL_ERROR_ENTROPY); + return FALSE; + } + lastValue[0] = temp[0]; + lastValue[1] = temp[1]; + lastValue[2] = temp[2]; + lastValue[3] = temp[3]; + i = MIN(dOutBytes, DRBG_IV_SIZE_BYTES); + dOutBytes -= i; + for(p = (BYTE *)temp; i > 0; i--) + *dOut++ = *p++; + } +#else // version without continuous self-test + NOT_REFERENCED(lastValue); + for(; dOutBytes >= DRBG_IV_SIZE_BYTES; + dOut = &dOut[DRBG_IV_SIZE_BYTES], dOutBytes -= DRBG_IV_SIZE_BYTES) + { + // Increment the IV + IncrementIv(iv); + DRBG_ENCRYPT(keySchedule, iv, dOut); + } + // If there is a partial, generate into a block-sized + // temp buffer and copy to the output. + if(dOutBytes != 0) + { + BYTE temp[DRBG_IV_SIZE_BYTES]; + // Increment the IV + IncrementIv(iv); + DRBG_ENCRYPT(keySchedule, iv, temp); + memcpy(dOut, temp, dOutBytes); + } +#endif + return TRUE; +} + +//*** DRBG_Update() +// This function performs the state update function. +// According to SP800-90A, a temp value is created by doing CTR mode +// encryption of 'providedData' and replacing the key and IV with +// these values. The one difference is that, with counter mode, the +// IV is incremented after each block is encrypted and in this +// operation, the counter is incremented before each block is +// encrypted. This function implements an 'optimized' version +// of the algorithm in that it does the update of the drbgState->seed +// in place and then 'providedData' is XORed into drbgState->seed +// to complete the encryption of 'providedData'. This works because +// the IV is the last thing that gets encrypted. +// +static BOOL +DRBG_Update( + DRBG_STATE *drbgState, // IN:OUT state to update + DRBG_KEY_SCHEDULE *keySchedule, // IN: the key schedule (optional) + DRBG_SEED *providedData // IN: additional data + ) +{ + UINT32 i; + BYTE *temp = (BYTE *)&drbgState->seed; + DRBG_KEY *key = pDRBG_KEY(&drbgState->seed); + DRBG_IV *iv = pDRBG_IV(&drbgState->seed); + DRBG_KEY_SCHEDULE localKeySchedule; +// + pAssert(drbgState->magic == DRBG_MAGIC); + + // If an key schedule was not provided, make one + if(keySchedule == NULL) + { + if(DRBG_ENCRYPT_SETUP((BYTE *)key, + DRBG_KEY_SIZE_BITS, &localKeySchedule) != 0) + { + LOG_FAILURE(FATAL_ERROR_INTERNAL); + return FALSE; + } + keySchedule = &localKeySchedule; + } + // Encrypt the temp value + + EncryptDRBG(temp, sizeof(DRBG_SEED), keySchedule, iv, + drbgState->lastValue); + if(providedData != NULL) + { + BYTE *pP = (BYTE *)providedData; + for(i = DRBG_SEED_SIZE_BYTES; i != 0; i--) + *temp++ ^= *pP++; + } + // Since temp points to the input key and IV, we are done and + // don't need to copy the resulting 'temp' to drbgState->seed + return TRUE; +} + +//*** DRBG_Reseed() +// This function is used when reseeding of the DRBG is required. If +// entropy is provided, it is used in lieu of using hardware entropy. +// Note: the provided entropy must be the required size. +// Return Type: BOOL +// TRUE(1) reseed succeeded +// FALSE(0) reseed failed, probably due to the entropy generation +BOOL +DRBG_Reseed( + DRBG_STATE *drbgState, // IN: the state to update + DRBG_SEED *providedEntropy, // IN: entropy + DRBG_SEED *additionalData // IN: + ) +{ + DRBG_SEED seed; + + pAssert((drbgState != NULL) && (drbgState->magic == DRBG_MAGIC)); + + if(providedEntropy == NULL) + { + providedEntropy = &seed; + if(!DRBG_GetEntropy(sizeof(DRBG_SEED), (BYTE *)providedEntropy)) + return FALSE; + } + if(additionalData != NULL) + { + unsigned int i; + + // XOR the provided data into the provided entropy + for(i = 0; i < sizeof(DRBG_SEED); i++) + ((BYTE *)providedEntropy)[i] ^= ((BYTE *)additionalData)[i]; + } + DRBG_Update(drbgState, NULL, providedEntropy); + + drbgState->reseedCounter = 1; + + return TRUE; +} + +//*** DRBG_SelfTest() +// This is run when the DRBG is instantiated and at startup +// Return Type: BOOL +// TRUE(1) test OK +// FALSE(0) test failed +BOOL +DRBG_SelfTest( + void + ) +{ + BYTE buf[sizeof(DRBG_NistTestVector_Generated)]; + DRBG_SEED seed; + UINT32 i; + BYTE *p; + DRBG_STATE testState; +// + pAssert(!IsSelfTest()); + + SetSelfTest(); + SetDrbgTested(); + // Do an instantiate + if(!DRBG_Instantiate(&testState, 0, NULL)) + return FALSE; +#if DRBG_DEBUG_PRINT + dbgDumpMemBlock(pDRBG_KEY(&testState), DRBG_KEY_SIZE_BYTES, + "Key after Instantiate"); + dbgDumpMemBlock(pDRBG_IV(&testState), DRBG_IV_SIZE_BYTES, + "Value after Instantiate"); +#endif + if(DRBG_Generate((RAND_STATE *)&testState, buf, sizeof(buf)) == 0) + return FALSE; +#if DRBG_DEBUG_PRINT + dbgDumpMemBlock(pDRBG_KEY(&testState.seed), DRBG_KEY_SIZE_BYTES, + "Key after 1st Generate"); + dbgDumpMemBlock(pDRBG_IV(&testState.seed), DRBG_IV_SIZE_BYTES, + "Value after 1st Generate"); +#endif + if(memcmp(buf, DRBG_NistTestVector_GeneratedInterm, sizeof(buf)) != 0) + return FALSE; + memcpy(seed.bytes, DRBG_NistTestVector_EntropyReseed, sizeof(seed)); + DRBG_Reseed(&testState, &seed, NULL); +#if DRBG_DEBUG_PRINT + dbgDumpMemBlock((BYTE *)pDRBG_KEY(&testState.seed), DRBG_KEY_SIZE_BYTES, + "Key after 2nd Generate"); + dbgDumpMemBlock((BYTE *)pDRBG_IV(&testState.seed), DRBG_IV_SIZE_BYTES, + "Value after 2nd Generate"); + dbgDumpMemBlock(buf, sizeof(buf), "2nd Generated"); +#endif + if(DRBG_Generate((RAND_STATE *)&testState, buf, sizeof(buf)) == 0) + return FALSE; + if(memcmp(buf, DRBG_NistTestVector_Generated, sizeof(buf)) != 0) + return FALSE; + ClearSelfTest(); + + DRBG_Uninstantiate(&testState); + for(p = (BYTE *)&testState, i = 0; i < sizeof(DRBG_STATE); i++) + { + if(*p++) + return FALSE; + } + // Simulate hardware failure to make sure that we get an error when + // trying to instantiate + SetEntropyBad(); + if(DRBG_Instantiate(&testState, 0, NULL)) + return FALSE; + ClearEntropyBad(); + + return TRUE; +} + +//** Public Interface +//*** Description +// The functions in this section are the interface to the RNG. These +// are the functions that are used by TPM.lib. + +//*** CryptRandomStir() +// This function is used to cause a reseed. A DRBG_SEED amount of entropy is +// collected from the hardware and then additional data is added. +// Return Type: TPM_RC +// TPM_RC_NO_RESULT failure of the entropy generator +LIB_EXPORT TPM_RC +CryptRandomStir( + UINT16 additionalDataSize, + BYTE *additionalData + ) +{ +#if !USE_DEBUG_RNG + DRBG_SEED tmpBuf; + DRBG_SEED dfResult; +// + // All reseed with outside data starts with a buffer full of entropy + if(!DRBG_GetEntropy(sizeof(tmpBuf), (BYTE *)&tmpBuf)) + return TPM_RC_NO_RESULT; + + DRBG_Reseed(&drbgDefault, &tmpBuf, + DfBuffer(&dfResult, additionalDataSize, additionalData)); + drbgDefault.reseedCounter = 1; + + return TPM_RC_SUCCESS; + +#else + // If doing debug, use the input data as the initial setting for the RNG state + // so that the test can be reset at any time. + // Note: If this is called with a data size of 0 or less, nothing happens. The + // presumption is that, in a debug environment, the caller will have specific + // values for initialization, so this check is just a simple way to prevent + // inadvertent programming errors from screwing things up. This doesn't use an + // pAssert() because the non-debug version of this function will accept these + // parameters as meaning that there is no additionalData and only hardware + // entropy is used. + if((additionalDataSize > 0) && (additionalData != NULL)) + { + memset(drbgDefault.seed.bytes, 0, sizeof(drbgDefault.seed.bytes)); + memcpy(drbgDefault.seed.bytes, additionalData, + MIN(additionalDataSize, sizeof(drbgDefault.seed.bytes))); + } + drbgDefault.reseedCounter = 1; + + return TPM_RC_SUCCESS; +#endif +} + +//*** CryptRandomGenerate() +// Generate a 'randomSize' number or random bytes. +LIB_EXPORT UINT16 +CryptRandomGenerate( + UINT16 randomSize, + BYTE *buffer + ) +{ + return DRBG_Generate((RAND_STATE *)&drbgDefault, buffer, randomSize); +} + + + +//*** DRBG_InstantiateSeededKdf() +// This function is used to instantiate a KDF-based RNG. This is used for derivations. +// This function always returns TRUE. +LIB_EXPORT BOOL +DRBG_InstantiateSeededKdf( + KDF_STATE *state, // OUT: buffer to hold the state + TPM_ALG_ID hashAlg, // IN: hash algorithm + TPM_ALG_ID kdf, // IN: the KDF to use + TPM2B *seed, // IN: the seed to use + const TPM2B *label, // IN: a label for the generation process. + TPM2B *context, // IN: the context value + UINT32 limit // IN: Maximum number of bits from the KDF + ) +{ + state->magic = KDF_MAGIC; + state->limit = limit; + state->seed = seed; + state->hash = hashAlg; + state->kdf = kdf; + state->label = label; + state->context = context; + state->digestSize = CryptHashGetDigestSize(hashAlg); + state->counter = 0; + state->residual.t.size = 0; + return TRUE; +} + +//*** DRBG_AdditionalData() +// Function to reseed the DRBG with additional entropy. This is normally called +// before computing the protection value of a primary key in the Endorsement +// hierarchy. +LIB_EXPORT void +DRBG_AdditionalData( + DRBG_STATE *drbgState, // IN:OUT state to update + TPM2B *additionalData // IN: value to incorporate + ) +{ + DRBG_SEED dfResult; + if(drbgState->magic == DRBG_MAGIC) + { + DfBuffer(&dfResult, additionalData->size, additionalData->buffer); + DRBG_Reseed(drbgState, &dfResult, NULL); + } +} + + +//*** DRBG_InstantiateSeeded() +// This function is used to instantiate a random number generator from seed values. +// The nominal use of this generator is to create sequences of pseudo-random +// numbers from a seed value. +// Return Type: TPM_RC +// TPM_RC_FAILURE DRBG self-test failure +LIB_EXPORT TPM_RC +DRBG_InstantiateSeeded( + DRBG_STATE *drbgState, // IN/OUT: buffer to hold the state + const TPM2B *seed, // IN: the seed to use + const TPM2B *purpose, // IN: a label for the generation process. + const TPM2B *name, // IN: name of the object + const TPM2B *additional // IN: additional data + ) +{ + DF_STATE dfState; + int totalInputSize; + // DRBG should have been tested, but... + if(!IsDrbgTested() && !DRBG_SelfTest()) + { + LOG_FAILURE(FATAL_ERROR_SELF_TEST); + return TPM_RC_FAILURE; + } + // Initialize the DRBG state + memset(drbgState, 0, sizeof(DRBG_STATE)); + drbgState->magic = DRBG_MAGIC; + + // Size all of the values + totalInputSize = (seed != NULL) ? seed->size : 0; + totalInputSize += (purpose != NULL) ? purpose->size : 0; + totalInputSize += (name != NULL) ? name->size : 0; + totalInputSize += (additional != NULL) ? additional->size : 0; + + // Initialize the derivation + DfStart(&dfState, totalInputSize); + + // Run all the input strings through the derivation function + if(seed != NULL) + DfUpdate(&dfState, seed->size, seed->buffer); + if(purpose != NULL) + DfUpdate(&dfState, purpose->size, purpose->buffer); + if(name != NULL) + DfUpdate(&dfState, name->size, name->buffer); + if(additional != NULL) + DfUpdate(&dfState, additional->size, additional->buffer); + + // Used the derivation function output as the "entropy" input. This is not + // how it is described in SP800-90A but this is the equivalent function + DRBG_Reseed(((DRBG_STATE *)drbgState), DfEnd(&dfState), NULL); + + return TPM_RC_SUCCESS; +} + +//*** CryptRandStartup() +// This function is called when TPM_Startup is executed. This function always returns +// TRUE. +LIB_EXPORT BOOL +CryptRandStartup( + void + ) +{ +#if ! _DRBG_STATE_SAVE + // If not saved in NV, re-instantiate on each startup + DRBG_Instantiate(&drbgDefault, 0, NULL); +#else + // If the running state is saved in NV, NV has to be loaded before it can + // be updated + if(go.drbgState.magic == DRBG_MAGIC) + DRBG_Reseed(&go.drbgState, NULL, NULL); + else + DRBG_Instantiate(&go.drbgState, 0, NULL); +#endif + return TRUE; +} + +//**** CryptRandInit() +// This function is called when _TPM_Init is being processed. +// Return Type: BOOL +// TRUE(1) success +// FALSE(0) failure +LIB_EXPORT BOOL +CryptRandInit( + void + ) +{ +#if !USE_DEBUG_RNG + _plat__GetEntropy(NULL, 0); +#endif + return DRBG_SelfTest(); +} + +//*** DRBG_Generate() +// This function generates a random sequence according SP800-90A. +// If 'random' is not NULL, then 'randomSize' bytes of random values are generated. +// If 'random' is NULL or 'randomSize' is zero, then the function returns +// zero without generating any bits or updating the reseed counter. +// This function returns the number of bytes produced which could be less than the +// number requested if the request is too large ("too large" is implementation +// dependent.) +LIB_EXPORT UINT16 +DRBG_Generate( + RAND_STATE *state, + BYTE *random, // OUT: buffer to receive the random values + UINT16 randomSize // IN: the number of bytes to generate + ) +{ + if(state == NULL) + state = (RAND_STATE *)&drbgDefault; + if(random == NULL) + return 0; + + // If the caller used a KDF state, generate a sequence from the KDF not to + // exceed the limit. + if(state->kdf.magic == KDF_MAGIC) + { + KDF_STATE *kdf = (KDF_STATE *)state; + UINT32 counter = (UINT32)kdf->counter; + INT32 bytesLeft = randomSize; +// + // If the number of bytes to be returned would put the generator + // over the limit, then return 0 + if((((kdf->counter * kdf->digestSize) + randomSize) * 8) > kdf->limit) + return 0; + // Process partial and full blocks until all requested bytes provided + while(bytesLeft > 0) + { + // If there is any residual data in the buffer, copy it to the output + // buffer + if(kdf->residual.t.size > 0) + { + INT32 size; +// + // Don't use more of the residual than will fit or more than are + // available + size = MIN(kdf->residual.t.size, bytesLeft); + + // Copy some or all of the residual to the output. The residual is + // at the end of the buffer. The residual might be a full buffer. + MemoryCopy(random, + &kdf->residual.t.buffer + [kdf->digestSize - kdf->residual.t.size], size); + + // Advance the buffer pointer + random += size; + + // Reduce the number of bytes left to get + bytesLeft -= size; + + // And reduce the residual size appropriately + kdf->residual.t.size -= (UINT16)size; + } + else + { + UINT16 blocks = (UINT16)(bytesLeft / kdf->digestSize); +// + // Get the number of required full blocks + if(blocks > 0) + { + UINT16 size = blocks * kdf->digestSize; +// Get some number of full blocks and put them in the return buffer + CryptKDFa(kdf->hash, kdf->seed, kdf->label, kdf->context, NULL, + kdf->limit, random, &counter, blocks); + + // reduce the size remaining to be moved and advance the pointer + bytesLeft -= size; + random += size; + } + else + { + // Fill the residual buffer with a full block and then loop to + // top to get part of it copied to the output. + kdf->residual.t.size = CryptKDFa(kdf->hash, kdf->seed, + kdf->label, kdf->context, NULL, + kdf->limit, + kdf->residual.t.buffer, + &counter, 1); + } + } + } + kdf->counter = counter; + return randomSize; + } + else if(state->drbg.magic == DRBG_MAGIC) + { + DRBG_STATE *drbgState = (DRBG_STATE *)state; + DRBG_KEY_SCHEDULE keySchedule; + DRBG_SEED *seed = &drbgState->seed; + + if(drbgState->reseedCounter >= CTR_DRBG_MAX_REQUESTS_PER_RESEED) + { + if(drbgState == &drbgDefault) + { + DRBG_Reseed(drbgState, NULL, NULL); + if(IsEntropyBad() && !IsSelfTest()) + return 0; + } + else + { + // If this is a PRNG then the only way to get + // here is if the SW has run away. + LOG_FAILURE(FATAL_ERROR_INTERNAL); + return 0; + } + } + // if the allowed number of bytes in a request is larger than the + // less than the number of bytes that can be requested, then check +#if UINT16_MAX >= CTR_DRBG_MAX_BYTES_PER_REQUEST + if(randomSize > CTR_DRBG_MAX_BYTES_PER_REQUEST) + randomSize = CTR_DRBG_MAX_BYTES_PER_REQUEST; +#endif + // Create encryption schedule + if(DRBG_ENCRYPT_SETUP((BYTE *)pDRBG_KEY(seed), + DRBG_KEY_SIZE_BITS, &keySchedule) != 0) + { + LOG_FAILURE(FATAL_ERROR_INTERNAL); + return 0; + } + // Generate the random data + EncryptDRBG(random, randomSize, &keySchedule, pDRBG_IV(seed), + drbgState->lastValue); + // Do a key update + DRBG_Update(drbgState, &keySchedule, NULL); + + // Increment the reseed counter + drbgState->reseedCounter += 1; + } + else + { + LOG_FAILURE(FATAL_ERROR_INTERNAL); + return FALSE; + } + return randomSize; +} + +//*** DRBG_Instantiate() +// This is CTR_DRBG_Instantiate_algorithm() from [SP 800-90A 10.2.1.3.1]. +// This is called when a the TPM DRBG is to be instantiated. This is +// called to instantiate a DRBG used by the TPM for normal +// operations. +// Return Type: BOOL +// TRUE(1) instantiation succeeded +// FALSE(0) instantiation failed +LIB_EXPORT BOOL +DRBG_Instantiate( + DRBG_STATE *drbgState, // OUT: the instantiated value + UINT16 pSize, // IN: Size of personalization string + BYTE *personalization // IN: The personalization string + ) +{ + DRBG_SEED seed; + DRBG_SEED dfResult; +// + pAssert((pSize == 0) || (pSize <= sizeof(seed)) || (personalization != NULL)); + // If the DRBG has not been tested, test when doing an instantiation. Since + // Instantiation is called during self test, make sure we don't get stuck in a + // loop. + if(!IsDrbgTested() && !IsSelfTest() && !DRBG_SelfTest()) + return FALSE; + // If doing a self test, DRBG_GetEntropy will return the NIST + // test vector value. + if(!DRBG_GetEntropy(sizeof(seed), (BYTE *)&seed)) + return FALSE; + // set everything to zero + memset(drbgState, 0, sizeof(DRBG_STATE)); + drbgState->magic = DRBG_MAGIC; + + // Steps 1, 2, 3, 6, 7 of SP 800-90A 10.2.1.3.1 are exactly what + // reseeding does. So, do a reduction on the personalization value (if any) + // and do a reseed. + DRBG_Reseed(drbgState, &seed, DfBuffer(&dfResult, pSize, personalization)); + + return TRUE; +} + +//*** DRBG_Uninstantiate() +// This is Uninstantiate_function() from [SP 800-90A 9.4]. +// +// Return Type: TPM_RC +// TPM_RC_VALUE not a valid state +LIB_EXPORT TPM_RC +DRBG_Uninstantiate( + DRBG_STATE *drbgState // IN/OUT: working state to erase + ) +{ + if((drbgState == NULL) || (drbgState->magic != DRBG_MAGIC)) + return TPM_RC_VALUE; + memset(drbgState, 0, sizeof(DRBG_STATE)); + return TPM_RC_SUCCESS; +} diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptRsa.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptRsa.c new file mode 100644 index 000000000..dc0ceed57 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptRsa.c @@ -0,0 +1,1489 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +//** Introduction +// +// This file contains implementation of cryptographic primitives for RSA. +// Vendors may replace the implementation in this file with their own library +// functions. + +//** Includes +// Need this define to get the 'private' defines for this function +#define CRYPT_RSA_C +#include "Tpm.h" + +#if ALG_RSA + +//** Obligatory Initialization Functions + +//*** CryptRsaInit() +// Function called at _TPM_Init(). +BOOL +CryptRsaInit( + void + ) +{ + return TRUE; +} + +//*** CryptRsaStartup() +// Function called at TPM2_Startup() +BOOL +CryptRsaStartup( + void + ) +{ + return TRUE; +} + +//** Internal Functions + +//*** RsaInitializeExponent() +// This function initializes the bignum data structure that holds the private +// exponent. This function returns the pointer to the private exponent value so that +// it can be used in an initializer for a data declaration. +static privateExponent * +RsaInitializeExponent( + privateExponent *Z + ) +{ + bigNum *bn = (bigNum *)&Z->P; + int i; +// + for(i = 0; i < 5; i++) + { + bn[i] = (bigNum)&Z->entries[i]; + BnInit(bn[i], BYTES_TO_CRYPT_WORDS(sizeof(Z->entries[0].d))); + } + return Z; +} + +//*** MakePgreaterThanQ() +// This function swaps the pointers for P and Q if Q happens to be larger than Q. +static void +MakePgreaterThanQ( + privateExponent *Z +) +{ + if(BnUnsignedCmp(Z->P, Z->Q) < 0) + { + bigNum bnT = Z->P; + Z->P = Z->Q; + Z->Q = bnT; + } +} + +//*** PackExponent() +// This function takes the bignum private exponent and converts it into TPM2B form. +// In this form, the size field contains the overall size of the packed data. The +// buffer contains 5, equal sized values in P, Q, dP, dQ, qInv order. For example, if +// a key has a 2Kb public key, then the packed private key will contain 5, 1Kb values. +// This form makes it relatively easy to load and save the values without changing +// the normal unmarshaling to do anything more than allow a larger TPM2B for the +// private key. Also, when exporting the value, all that is needed is to change the +// size field of the private key in order to save just the P value. +// Return Type: BOOL +// TRUE(1) success +// FALSE(0) failure // The data is too big to fit +static BOOL +PackExponent( + TPM2B_PRIVATE_KEY_RSA *packed, + privateExponent *Z +) +{ + int i; + UINT16 primeSize = (UINT16)BITS_TO_BYTES(BnMsb(Z->P)); + UINT16 pS = primeSize; +// + pAssert((primeSize * 5) <= sizeof(packed->t.buffer)); + packed->t.size = (primeSize * 5) + RSA_prime_flag; + for(i = 0; i < 5; i++) + if(!BnToBytes((bigNum)&Z->entries[i], &packed->t.buffer[primeSize * i], &pS)) + return FALSE; + if(pS != primeSize) + return FALSE; + return TRUE; +} + +//*** UnpackExponent() +// This function unpacks the private exponent from its TPM2B form into its bignum +// form. +// Return Type: BOOL +// TRUE(1) success +// FALSE(0) TPM2B is not the correct size +static BOOL +UnpackExponent( + TPM2B_PRIVATE_KEY_RSA *b, + privateExponent *Z +) +{ + UINT16 primeSize = b->t.size & ~RSA_prime_flag; + int i; + bigNum *bn = &Z->P; +// + VERIFY(b->t.size & RSA_prime_flag); + RsaInitializeExponent(Z); + VERIFY((primeSize % 5) == 0); + primeSize /= 5; + for(i = 0; i < 5; i++) + VERIFY(BnFromBytes(bn[i], &b->t.buffer[primeSize * i], primeSize) + != NULL); + MakePgreaterThanQ(Z); + return TRUE; +Error: + return FALSE; + } + +//*** ComputePrivateExponent() +// This function computes the private exponent from the primes. +// Return Type: BOOL +// TRUE(1) success +// FALSE(0) failure +static BOOL +ComputePrivateExponent( + bigNum pubExp, // IN: the public exponent + privateExponent *Z // IN/OUT: on input, has primes P and Q. On + // output, has P, Q, dP, dQ, and pInv + ) +{ + BOOL pOK; + BOOL qOK; + BN_PRIME(pT); +// + // make p the larger value so that m2 is always less than p + MakePgreaterThanQ(Z); + + //dP = (1/e) mod (p-1) + pOK = BnSubWord(pT, Z->P, 1); + pOK = pOK && BnModInverse(Z->dP, pubExp, pT); + //dQ = (1/e) mod (q-1) + qOK = BnSubWord(pT, Z->Q, 1); + qOK = qOK && BnModInverse(Z->dQ, pubExp, pT); + // qInv = (1/q) mod p + if(pOK && qOK) + pOK = qOK = BnModInverse(Z->qInv, Z->Q, Z->P); + if(!pOK) + BnSetWord(Z->P, 0); + if(!qOK) + BnSetWord(Z->Q, 0); + return pOK && qOK; +} + +//*** RsaPrivateKeyOp() +// This function is called to do the exponentiation with the private key. Compile +// options allow use of the simple (but slow) private exponent, or the more complex +// but faster CRT method. +// Return Type: BOOL +// TRUE(1) success +// FALSE(0) failure +static BOOL +RsaPrivateKeyOp( + bigNum inOut, // IN/OUT: number to be exponentiated + privateExponent *Z + ) +{ + BN_RSA(M1); + BN_RSA(M2); + BN_RSA(M); + BN_RSA(H); +// + MakePgreaterThanQ(Z); + // m1 = cdP mod p + VERIFY(BnModExp(M1, inOut, Z->dP, Z->P)); + // m2 = cdQ mod q + VERIFY(BnModExp(M2, inOut, Z->dQ, Z->Q)); + // h = qInv * (m1 - m2) mod p = qInv * (m1 + P - m2) mod P because Q < P + // so m2 < P + VERIFY(BnSub(H, Z->P, M2)); + VERIFY(BnAdd(H, H, M1)); + VERIFY(BnModMult(H, H, Z->qInv, Z->P)); + // m = m2 + h * q + VERIFY(BnMult(M, H, Z->Q)); + VERIFY(BnAdd(inOut, M2, M)); + return TRUE; +Error: + return FALSE; +} + +//*** RSAEP() +// This function performs the RSAEP operation defined in PKCS#1v2.1. It is +// an exponentiation of a value ('m') with the public exponent ('e'), modulo +// the public ('n'). +// +// Return Type: TPM_RC +// TPM_RC_VALUE number to exponentiate is larger than the modulus +// +static TPM_RC +RSAEP( + TPM2B *dInOut, // IN: size of the encrypted block and the size of + // the encrypted value. It must be the size of + // the modulus. + // OUT: the encrypted data. Will receive the + // decrypted value + OBJECT *key // IN: the key to use + ) +{ + TPM2B_TYPE(4BYTES, 4); + TPM2B_4BYTES e2B; + UINT32 e = key->publicArea.parameters.rsaDetail.exponent; +// + if(e == 0) + e = RSA_DEFAULT_PUBLIC_EXPONENT; + UINT32_TO_BYTE_ARRAY(e, e2B.t.buffer); + e2B.t.size = 4; + return ModExpB(dInOut->size, dInOut->buffer, dInOut->size, dInOut->buffer, + e2B.t.size, e2B.t.buffer, key->publicArea.unique.rsa.t.size, + key->publicArea.unique.rsa.t.buffer); +} + +//*** RSADP() +// This function performs the RSADP operation defined in PKCS#1v2.1. It is +// an exponentiation of a value ('c') with the private exponent ('d'), modulo +// the public modulus ('n'). The decryption is in place. +// +// This function also checks the size of the private key. If the size indicates +// that only a prime value is present, the key is converted to being a private +// exponent. +// +// Return Type: TPM_RC +// TPM_RC_SIZE the value to decrypt is larger than the modulus +// +static TPM_RC +RSADP( + TPM2B *inOut, // IN/OUT: the value to encrypt + OBJECT *key // IN: the key + ) +{ + BN_RSA_INITIALIZED(bnM, inOut); + NEW_PRIVATE_EXPONENT(Z); + if(UnsignedCompareB(inOut->size, inOut->buffer, + key->publicArea.unique.rsa.t.size, + key->publicArea.unique.rsa.t.buffer) >= 0) + return TPM_RC_SIZE; + // private key operation requires that private exponent be loaded + // During self-test, this might not be the case so load it up if it hasn't + // already done + // been done + if((key->sensitive.sensitive.rsa.t.size & RSA_prime_flag) == 0) + { + if(CryptRsaLoadPrivateExponent(&key->publicArea, &key->sensitive) + != TPM_RC_SUCCESS) + return TPM_RC_BINDING; + } + VERIFY(UnpackExponent(&key->sensitive.sensitive.rsa, Z)); + VERIFY(RsaPrivateKeyOp(bnM, Z)); + VERIFY(BnTo2B(bnM, inOut, inOut->size)); + return TPM_RC_SUCCESS; +Error: + return TPM_RC_FAILURE; +} + +//*** OaepEncode() +// This function performs OAEP padding. The size of the buffer to receive the +// OAEP padded data must equal the size of the modulus +// +// Return Type: TPM_RC +// TPM_RC_VALUE 'hashAlg' is not valid or message size is too large +// +static TPM_RC +OaepEncode( + TPM2B *padded, // OUT: the pad data + TPM_ALG_ID hashAlg, // IN: algorithm to use for padding + const TPM2B *label, // IN: null-terminated string (may be NULL) + TPM2B *message, // IN: the message being padded + RAND_STATE *rand // IN: the random number generator to use + ) +{ + INT32 padLen; + INT32 dbSize; + INT32 i; + BYTE mySeed[MAX_DIGEST_SIZE]; + BYTE *seed = mySeed; + UINT16 hLen = CryptHashGetDigestSize(hashAlg); + BYTE mask[MAX_RSA_KEY_BYTES]; + BYTE *pp; + BYTE *pm; + TPM_RC retVal = TPM_RC_SUCCESS; + + pAssert(padded != NULL && message != NULL); + + // A value of zero is not allowed because the KDF can't produce a result + // if the digest size is zero. + if(hLen == 0) + return TPM_RC_VALUE; + + // Basic size checks + // make sure digest isn't too big for key size + if(padded->size < (2 * hLen) + 2) + ERROR_RETURN(TPM_RC_HASH); + + // and that message will fit messageSize <= k - 2hLen - 2 + if(message->size > (padded->size - (2 * hLen) - 2)) + ERROR_RETURN(TPM_RC_VALUE); + + // Hash L even if it is null + // Offset into padded leaving room for masked seed and byte of zero + pp = &padded->buffer[hLen + 1]; + if(CryptHashBlock(hashAlg, label->size, (BYTE *)label->buffer, + hLen, pp) != hLen) + ERROR_RETURN(TPM_RC_FAILURE); + + // concatenate PS of k mLen 2hLen 2 + padLen = padded->size - message->size - (2 * hLen) - 2; + MemorySet(&pp[hLen], 0, padLen); + pp[hLen + padLen] = 0x01; + padLen += 1; + memcpy(&pp[hLen + padLen], message->buffer, message->size); + + // The total size of db = hLen + pad + mSize; + dbSize = hLen + padLen + message->size; + + // If testing, then use the provided seed. Otherwise, use values + // from the RNG + CryptRandomGenerate(hLen, mySeed); + DRBG_Generate(rand, mySeed, (UINT16)hLen); + if(g_inFailureMode) + ERROR_RETURN(TPM_RC_FAILURE); + // mask = MGF1 (seed, nSize hLen 1) + CryptMGF1(dbSize, mask, hashAlg, hLen, seed); + + // Create the masked db + pm = mask; + for(i = dbSize; i > 0; i--) + *pp++ ^= *pm++; + pp = &padded->buffer[hLen + 1]; + + // Run the masked data through MGF1 + if(CryptMGF1(hLen, &padded->buffer[1], hashAlg, dbSize, pp) != (unsigned)hLen) + ERROR_RETURN(TPM_RC_VALUE); +// Now XOR the seed to create masked seed + pp = &padded->buffer[1]; + pm = seed; + for(i = hLen; i > 0; i--) + *pp++ ^= *pm++; + // Set the first byte to zero + padded->buffer[0] = 0x00; +Exit: + return retVal; +} + +//*** OaepDecode() +// This function performs OAEP padding checking. The size of the buffer to receive +// the recovered data. If the padding is not valid, the 'dSize' size is set to zero +// and the function returns TPM_RC_VALUE. +// +// The 'dSize' parameter is used as an input to indicate the size available in the +// buffer. + +// If insufficient space is available, the size is not changed and the return code +// is TPM_RC_VALUE. +// +// Return Type: TPM_RC +// TPM_RC_VALUE the value to decode was larger than the modulus, or +// the padding is wrong or the buffer to receive the +// results is too small +// +// +static TPM_RC +OaepDecode( + TPM2B *dataOut, // OUT: the recovered data + TPM_ALG_ID hashAlg, // IN: algorithm to use for padding + const TPM2B *label, // IN: null-terminated string (may be NULL) + TPM2B *padded // IN: the padded data + ) +{ + UINT32 i; + BYTE seedMask[MAX_DIGEST_SIZE]; + UINT32 hLen = CryptHashGetDigestSize(hashAlg); + + BYTE mask[MAX_RSA_KEY_BYTES]; + BYTE *pp; + BYTE *pm; + TPM_RC retVal = TPM_RC_SUCCESS; + + // Strange size (anything smaller can't be an OAEP padded block) + // Also check for no leading 0 + if((padded->size < (unsigned)((2 * hLen) + 2)) || (padded->buffer[0] != 0)) + ERROR_RETURN(TPM_RC_VALUE); +// Use the hash size to determine what to put through MGF1 in order +// to recover the seedMask + CryptMGF1(hLen, seedMask, hashAlg, padded->size - hLen - 1, + &padded->buffer[hLen + 1]); + + // Recover the seed into seedMask + pAssert(hLen <= sizeof(seedMask)); + pp = &padded->buffer[1]; + pm = seedMask; + for(i = hLen; i > 0; i--) + *pm++ ^= *pp++; + + // Use the seed to generate the data mask + CryptMGF1(padded->size - hLen - 1, mask, hashAlg, hLen, seedMask); + + // Use the mask generated from seed to recover the padded data + pp = &padded->buffer[hLen + 1]; + pm = mask; + for(i = (padded->size - hLen - 1); i > 0; i--) + *pm++ ^= *pp++; + + // Make sure that the recovered data has the hash of the label + // Put trial value in the seed mask + if((CryptHashBlock(hashAlg, label->size, (BYTE *)label->buffer, + hLen, seedMask)) != hLen) + FAIL(FATAL_ERROR_INTERNAL); + if(memcmp(seedMask, mask, hLen) != 0) + ERROR_RETURN(TPM_RC_VALUE); + + // find the start of the data + pm = &mask[hLen]; + for(i = (UINT32)padded->size - (2 * hLen) - 1; i > 0; i--) + { + if(*pm++ != 0) + break; + } + // If we ran out of data or didn't end with 0x01, then return an error + if(i == 0 || pm[-1] != 0x01) + ERROR_RETURN(TPM_RC_VALUE); + + // pm should be pointing at the first part of the data + // and i is one greater than the number of bytes to move + i--; + if(i > dataOut->size) + // Special exit to preserve the size of the output buffer + return TPM_RC_VALUE; + memcpy(dataOut->buffer, pm, i); + dataOut->size = (UINT16)i; +Exit: + if(retVal != TPM_RC_SUCCESS) + dataOut->size = 0; + return retVal; +} + +//*** PKCS1v1_5Encode() +// This function performs the encoding for RSAES-PKCS1-V1_5-ENCRYPT as defined in +// PKCS#1V2.1 +// Return Type: TPM_RC +// TPM_RC_VALUE message size is too large +// +static TPM_RC +RSAES_PKCS1v1_5Encode( + TPM2B *padded, // OUT: the pad data + TPM2B *message, // IN: the message being padded + RAND_STATE *rand + ) +{ + UINT32 ps = padded->size - message->size - 3; +// + if(message->size > padded->size - 11) + return TPM_RC_VALUE; + // move the message to the end of the buffer + memcpy(&padded->buffer[padded->size - message->size], message->buffer, + message->size); + // Set the first byte to 0x00 and the second to 0x02 + padded->buffer[0] = 0; + padded->buffer[1] = 2; + + // Fill with random bytes + DRBG_Generate(rand, &padded->buffer[2], (UINT16)ps); + if(g_inFailureMode) + return TPM_RC_FAILURE; + + // Set the delimiter for the random field to 0 + padded->buffer[2 + ps] = 0; + + // Now, the only messy part. Make sure that all the 'ps' bytes are non-zero + // In this implementation, use the value of the current index + for(ps++; ps > 1; ps--) + { + if(padded->buffer[ps] == 0) + padded->buffer[ps] = 0x55; // In the < 0.5% of the cases that the + // random value is 0, just pick a value to + // put into the spot. + } + return TPM_RC_SUCCESS; +} + +//*** RSAES_Decode() +// This function performs the decoding for RSAES-PKCS1-V1_5-ENCRYPT as defined in +// PKCS#1V2.1 +// +// Return Type: TPM_RC +// TPM_RC_FAIL decoding error or results would no fit into provided buffer +// +static TPM_RC +RSAES_Decode( + TPM2B *message, // OUT: the recovered message + TPM2B *coded // IN: the encoded message + ) +{ + BOOL fail = FALSE; + UINT16 pSize; + + fail = (coded->size < 11); + fail = (coded->buffer[0] != 0x00) | fail; + fail = (coded->buffer[1] != 0x02) | fail; + for(pSize = 2; pSize < coded->size; pSize++) + { + if(coded->buffer[pSize] == 0) + break; + } + pSize++; + + // Make sure that pSize has not gone over the end and that there are at least 8 + // bytes of pad data. + fail = (pSize > coded->size) | fail; + fail = ((pSize - 2) < 8) | fail; + if((message->size < (UINT16)(coded->size - pSize)) || fail) + return TPM_RC_VALUE; + message->size = coded->size - pSize; + memcpy(message->buffer, &coded->buffer[pSize], coded->size - pSize); + return TPM_RC_SUCCESS; +} + +//*** CryptRsaPssSaltSize() +// This function computes the salt size used in PSS. It is broken out so that +// the X509 code can get the same value that is used by the encoding function in this +// module. +INT16 +CryptRsaPssSaltSize( + INT16 hashSize, + INT16 outSize +) +{ + INT16 saltSize; +// + // (Mask Length) = (outSize - hashSize - 1); + // Max saltSize is (Mask Length) - 1 + saltSize = (outSize - hashSize - 1) - 1; + // Use the maximum salt size allowed by FIPS 186-4 + if(saltSize > hashSize) + saltSize = hashSize; + else if(saltSize < 0) + saltSize = 0; + return saltSize; +} + +//*** PssEncode() +// This function creates an encoded block of data that is the size of modulus. +// The function uses the maximum salt size that will fit in the encoded block. +// +// Returns TPM_RC_SUCCESS or goes into failure mode. +static TPM_RC +PssEncode( + TPM2B *out, // OUT: the encoded buffer + TPM_ALG_ID hashAlg, // IN: hash algorithm for the encoding + TPM2B *digest, // IN: the digest + RAND_STATE *rand // IN: random number source + ) +{ + UINT32 hLen = CryptHashGetDigestSize(hashAlg); + BYTE salt[MAX_RSA_KEY_BYTES - 1]; + UINT16 saltSize; + BYTE *ps = salt; + BYTE *pOut; + UINT16 mLen; + HASH_STATE hashState; + + // These are fatal errors indicating bad TPM firmware + pAssert(out != NULL && hLen > 0 && digest != NULL); + + // Get the size of the mask + mLen = (UINT16)(out->size - hLen - 1); + + // Set the salt size + saltSize = CryptRsaPssSaltSize((INT16)hLen, (INT16)out->size); + +//using eOut for scratch space + // Set the first 8 bytes to zero + pOut = out->buffer; + memset(pOut, 0, 8); + + // Get set the salt + DRBG_Generate(rand, salt, saltSize); + if(g_inFailureMode) + return TPM_RC_FAILURE; + + // Create the hash of the pad || input hash || salt + CryptHashStart(&hashState, hashAlg); + CryptDigestUpdate(&hashState, 8, pOut); + CryptDigestUpdate2B(&hashState, digest); + CryptDigestUpdate(&hashState, saltSize, salt); + CryptHashEnd(&hashState, hLen, &pOut[out->size - hLen - 1]); + + // Create a mask + if(CryptMGF1(mLen, pOut, hashAlg, hLen, &pOut[mLen]) != mLen) + FAIL(FATAL_ERROR_INTERNAL); + + // Since this implementation uses key sizes that are all even multiples of + // 8, just need to make sure that the most significant bit is CLEAR + *pOut &= 0x7f; + + // Before we mess up the pOut value, set the last byte to 0xbc + pOut[out->size - 1] = 0xbc; + + // XOR a byte of 0x01 at the position just before where the salt will be XOR'ed + pOut = &pOut[mLen - saltSize - 1]; + *pOut++ ^= 0x01; + + // XOR the salt data into the buffer + for(; saltSize > 0; saltSize--) + *pOut++ ^= *ps++; + + // and we are done + return TPM_RC_SUCCESS; +} + +//*** PssDecode() +// This function checks that the PSS encoded block was built from the +// provided digest. If the check is successful, TPM_RC_SUCCESS is returned. +// Any other value indicates an error. +// +// This implementation of PSS decoding is intended for the reference TPM +// implementation and is not at all generalized. It is used to check +// signatures over hashes and assumptions are made about the sizes of values. +// Those assumptions are enforce by this implementation. +// This implementation does allow for a variable size salt value to have been +// used by the creator of the signature. +// +// Return Type: TPM_RC +// TPM_RC_SCHEME 'hashAlg' is not a supported hash algorithm +// TPM_RC_VALUE decode operation failed +// +static TPM_RC +PssDecode( + TPM_ALG_ID hashAlg, // IN: hash algorithm to use for the encoding + TPM2B *dIn, // In: the digest to compare + TPM2B *eIn // IN: the encoded data + ) +{ + UINT32 hLen = CryptHashGetDigestSize(hashAlg); + BYTE mask[MAX_RSA_KEY_BYTES]; + BYTE *pm = mask; + BYTE *pe; + BYTE pad[8] = {0}; + UINT32 i; + UINT32 mLen; + BYTE fail; + TPM_RC retVal = TPM_RC_SUCCESS; + HASH_STATE hashState; + + // These errors are indicative of failures due to programmer error + pAssert(dIn != NULL && eIn != NULL); + pe = eIn->buffer; + + // check the hash scheme + if(hLen == 0) + ERROR_RETURN(TPM_RC_SCHEME); + + // most significant bit must be zero + fail = pe[0] & 0x80; + + // last byte must be 0xbc + fail |= pe[eIn->size - 1] ^ 0xbc; + + // Use the hLen bytes at the end of the buffer to generate a mask + // Doesn't start at the end which is a flag byte + mLen = eIn->size - hLen - 1; + CryptMGF1(mLen, mask, hashAlg, hLen, &pe[mLen]); + + // Clear the MSO of the mask to make it consistent with the encoding. + mask[0] &= 0x7F; + + pAssert(mLen <= sizeof(mask)); + // XOR the data into the mask to recover the salt. This sequence + // advances eIn so that it will end up pointing to the seed data + // which is the hash of the signature data + for(i = mLen; i > 0; i--) + *pm++ ^= *pe++; + + // Find the first byte of 0x01 after a string of all 0x00 + for(pm = mask, i = mLen; i > 0; i--) + { + if(*pm == 0x01) + break; + else + fail |= *pm++; + } + // i should not be zero + fail |= (i == 0); + + // if we have failed, will continue using the entire mask as the salt value so + // that the timing attacks will not disclose anything (I don't think that this + // is a problem for TPM applications but, usually, we don't fail so this + // doesn't cost anything). + if(fail) + { + i = mLen; + pm = mask; + } + else + { + pm++; + i--; + } + // i contains the salt size and pm points to the salt. Going to use the input + // hash and the seed to recreate the hash in the lower portion of eIn. + CryptHashStart(&hashState, hashAlg); + + // add the pad of 8 zeros + CryptDigestUpdate(&hashState, 8, pad); + + // add the provided digest value + CryptDigestUpdate(&hashState, dIn->size, dIn->buffer); + + // and the salt + CryptDigestUpdate(&hashState, i, pm); + + // get the result + fail |= (CryptHashEnd(&hashState, hLen, mask) != hLen); + + // Compare all bytes + for(pm = mask; hLen > 0; hLen--) + // don't use fail = because that could skip the increment and compare + // operations after the first failure and that gives away timing + // information. + fail |= *pm++ ^ *pe++; + + retVal = (fail != 0) ? TPM_RC_VALUE : TPM_RC_SUCCESS; +Exit: + return retVal; +} + +//*** MakeDerTag() +// Construct the DER value that is used in RSASSA +// Return Type: INT16 +// > 0 size of value +// <= 0 no hash exists +INT16 +MakeDerTag( + TPM_ALG_ID hashAlg, + INT16 sizeOfBuffer, + BYTE *buffer +) +{ +// 0x30, 0x31, // SEQUENCE (2 elements) 1st +// 0x30, 0x0D, // SEQUENCE (2 elements) +// 0x06, 0x09, // HASH OID +// 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, +// 0x05, 0x00, // NULL +// 0x04, 0x20 // OCTET STRING + HASH_DEF *info = CryptGetHashDef(hashAlg); + INT16 oidSize; + // If no OID, can't do encode + VERIFY(info != NULL); + oidSize = 2 + (info->OID)[1]; + // make sure this fits in the buffer + VERIFY(sizeOfBuffer >= (oidSize + 8)); + *buffer++ = 0x30; // 1st SEQUENCE + // Size of the 1st SEQUENCE is 6 bytes + size of the hash OID + size of the + // digest size + *buffer++ = (BYTE)(6 + oidSize + info->digestSize); // + *buffer++ = 0x30; // 2nd SEQUENCE + // size is 4 bytes of overhead plus the side of the OID + *buffer++ = (BYTE)(2 + oidSize); + MemoryCopy(buffer, info->OID, oidSize); + buffer += oidSize; + *buffer++ = 0x05; // Add a NULL + *buffer++ = 0x00; + + *buffer++ = 0x04; + *buffer++ = (BYTE)(info->digestSize); + return oidSize + 8; +Error: + return 0; + +} + +//*** RSASSA_Encode() +// Encode a message using PKCS1v1.5 method. +// +// Return Type: TPM_RC +// TPM_RC_SCHEME 'hashAlg' is not a supported hash algorithm +// TPM_RC_SIZE 'eOutSize' is not large enough +// TPM_RC_VALUE 'hInSize' does not match the digest size of hashAlg +static TPM_RC +RSASSA_Encode( + TPM2B *pOut, // IN:OUT on in, the size of the public key + // on out, the encoded area + TPM_ALG_ID hashAlg, // IN: hash algorithm for PKCS1v1_5 + TPM2B *hIn // IN: digest value to encode + ) +{ + BYTE DER[20]; + BYTE *der = DER; + INT32 derSize = MakeDerTag(hashAlg, sizeof(DER), DER); + BYTE *eOut; + INT32 fillSize; + TPM_RC retVal = TPM_RC_SUCCESS; + + // Can't use this scheme if the algorithm doesn't have a DER string defined. + if(derSize == 0) + ERROR_RETURN(TPM_RC_SCHEME); + + // If the digest size of 'hashAl' doesn't match the input digest size, then + // the DER will misidentify the digest so return an error + if(CryptHashGetDigestSize(hashAlg) != hIn->size) + ERROR_RETURN(TPM_RC_VALUE); + fillSize = pOut->size - derSize - hIn->size - 3; + eOut = pOut->buffer; + + // Make sure that this combination will fit in the provided space + if(fillSize < 8) + ERROR_RETURN(TPM_RC_SIZE); + + // Start filling + *eOut++ = 0; // initial byte of zero + *eOut++ = 1; // byte of 0x01 + for(; fillSize > 0; fillSize--) + *eOut++ = 0xff; // bunch of 0xff + *eOut++ = 0; // another 0 + for(; derSize > 0; derSize--) + *eOut++ = *der++; // copy the DER + der = hIn->buffer; + for(fillSize = hIn->size; fillSize > 0; fillSize--) + *eOut++ = *der++; // copy the hash +Exit: + return retVal; +} + +//*** RSASSA_Decode() +// This function performs the RSASSA decoding of a signature. +// +// Return Type: TPM_RC +// TPM_RC_VALUE decode unsuccessful +// TPM_RC_SCHEME 'haslAlg' is not supported +// +static TPM_RC +RSASSA_Decode( + TPM_ALG_ID hashAlg, // IN: hash algorithm to use for the encoding + TPM2B *hIn, // In: the digest to compare + TPM2B *eIn // IN: the encoded data + ) +{ + BYTE fail; + BYTE DER[20]; + BYTE *der = DER; + INT32 derSize = MakeDerTag(hashAlg, sizeof(DER), DER); + BYTE *pe; + INT32 hashSize = CryptHashGetDigestSize(hashAlg); + INT32 fillSize; + TPM_RC retVal; + BYTE *digest; + UINT16 digestSize; + + pAssert(hIn != NULL && eIn != NULL); + pe = eIn->buffer; + + // Can't use this scheme if the algorithm doesn't have a DER string + // defined or if the provided hash isn't the right size + if(derSize == 0 || (unsigned)hashSize != hIn->size) + ERROR_RETURN(TPM_RC_SCHEME); + + // Make sure that this combination will fit in the provided space + // Since no data movement takes place, can just walk though this + // and accept nearly random values. This can only be called from + // CryptValidateSignature() so eInSize is known to be in range. + fillSize = eIn->size - derSize - hashSize - 3; + + // Start checking (fail will become non-zero if any of the bytes do not have + // the expected value. + fail = *pe++; // initial byte of zero + fail |= *pe++ ^ 1; // byte of 0x01 + for(; fillSize > 0; fillSize--) + fail |= *pe++ ^ 0xff; // bunch of 0xff + fail |= *pe++; // another 0 + for(; derSize > 0; derSize--) + fail |= *pe++ ^ *der++; // match the DER + digestSize = hIn->size; + digest = hIn->buffer; + for(; digestSize > 0; digestSize--) + fail |= *pe++ ^ *digest++; // match the hash + retVal = (fail != 0) ? TPM_RC_VALUE : TPM_RC_SUCCESS; +Exit: + return retVal; +} + +//** Externally Accessible Functions + +//*** CryptRsaSelectScheme() +// This function is used by TPM2_RSA_Decrypt and TPM2_RSA_Encrypt. It sets up +// the rules to select a scheme between input and object default. +// This function assume the RSA object is loaded. +// If a default scheme is defined in object, the default scheme should be chosen, +// otherwise, the input scheme should be chosen. +// In the case that both the object and 'scheme' are not TPM_ALG_NULL, then +// if the schemes are the same, the input scheme will be chosen. +// if the scheme are not compatible, a NULL pointer will be returned. +// +// The return pointer may point to a TPM_ALG_NULL scheme. +TPMT_RSA_DECRYPT* +CryptRsaSelectScheme( + TPMI_DH_OBJECT rsaHandle, // IN: handle of an RSA key + TPMT_RSA_DECRYPT *scheme // IN: a sign or decrypt scheme + ) +{ + OBJECT *rsaObject; + TPMT_ASYM_SCHEME *keyScheme; + TPMT_RSA_DECRYPT *retVal = NULL; + + // Get sign object pointer + rsaObject = HandleToObject(rsaHandle); + keyScheme = &rsaObject->publicArea.parameters.asymDetail.scheme; + + // if the default scheme of the object is TPM_ALG_NULL, then select the + // input scheme + if(keyScheme->scheme == TPM_ALG_NULL) + { + retVal = scheme; + } + // if the object scheme is not TPM_ALG_NULL and the input scheme is + // TPM_ALG_NULL, then select the default scheme of the object. + else if(scheme->scheme == TPM_ALG_NULL) + { + // if input scheme is NULL + retVal = (TPMT_RSA_DECRYPT *)keyScheme; + } + // get here if both the object scheme and the input scheme are + // not TPM_ALG_NULL. Need to insure that they are the same. + // IMPLEMENTATION NOTE: This could cause problems if future versions have + // schemes that have more values than just a hash algorithm. A new function + // (IsSchemeSame()) might be needed then. + else if(keyScheme->scheme == scheme->scheme + && keyScheme->details.anySig.hashAlg == scheme->details.anySig.hashAlg) + { + retVal = scheme; + } + // two different, incompatible schemes specified will return NULL + return retVal; +} + +//*** CryptRsaLoadPrivateExponent() +// This function is called to generate the private exponent of an RSA key. +// Return Type: TPM_RC +// TPM_RC_BINDING public and private parts of 'rsaKey' are not matched +TPM_RC +CryptRsaLoadPrivateExponent( + TPMT_PUBLIC *publicArea, + TPMT_SENSITIVE *sensitive + ) +{ +// + if((sensitive->sensitive.rsa.t.size & RSA_prime_flag) == 0) + { + if((sensitive->sensitive.rsa.t.size * 2) == publicArea->unique.rsa.t.size) + { + NEW_PRIVATE_EXPONENT(Z); + BN_RSA_INITIALIZED(bnN, &publicArea->unique.rsa); + BN_RSA(bnQr); + BN_VAR(bnE, RADIX_BITS); + + TEST(ALG_NULL_VALUE); + + VERIFY((sensitive->sensitive.rsa.t.size * 2) + == publicArea->unique.rsa.t.size); + // Initialize the exponent + BnSetWord(bnE, publicArea->parameters.rsaDetail.exponent); + if(BnEqualZero(bnE)) + BnSetWord(bnE, RSA_DEFAULT_PUBLIC_EXPONENT); + // Convert first prime to 2B + VERIFY(BnFrom2B(Z->P, &sensitive->sensitive.rsa.b) != NULL); + + // Find the second prime by division. This uses 'bQ' rather than Z->Q + // because the division could make the quotient larger than a prime during + // some intermediate step. + VERIFY(BnDiv(Z->Q, bnQr, bnN, Z->P)); + VERIFY(BnEqualZero(bnQr)); + // Compute the private exponent and return it if found + VERIFY(ComputePrivateExponent(bnE, Z)); + VERIFY(PackExponent(&sensitive->sensitive.rsa, Z)); + } + else + VERIFY(((sensitive->sensitive.rsa.t.size / 5) * 2) + == publicArea->unique.rsa.t.size); + sensitive->sensitive.rsa.t.size |= RSA_prime_flag; + } + return TPM_RC_SUCCESS; +Error: + return TPM_RC_BINDING; +} + +//*** CryptRsaEncrypt() +// This is the entry point for encryption using RSA. Encryption is +// use of the public exponent. The padding parameter determines what +// padding will be used. +// +// The 'cOutSize' parameter must be at least as large as the size of the key. +// +// If the padding is RSA_PAD_NONE, 'dIn' is treated as a number. It must be +// lower in value than the key modulus. +// NOTE: If dIn has fewer bytes than cOut, then we don't add low-order zeros to +// dIn to make it the size of the RSA key for the call to RSAEP. This is +// because the high order bytes of dIn might have a numeric value that is +// greater than the value of the key modulus. If this had low-order zeros +// added, it would have a numeric value larger than the modulus even though +// it started out with a lower numeric value. +// +// Return Type: TPM_RC +// TPM_RC_VALUE 'cOutSize' is too small (must be the size +// of the modulus) +// TPM_RC_SCHEME 'padType' is not a supported scheme +// +LIB_EXPORT TPM_RC +CryptRsaEncrypt( + TPM2B_PUBLIC_KEY_RSA *cOut, // OUT: the encrypted data + TPM2B *dIn, // IN: the data to encrypt + OBJECT *key, // IN: the key used for encryption + TPMT_RSA_DECRYPT *scheme, // IN: the type of padding and hash + // if needed + const TPM2B *label, // IN: in case it is needed + RAND_STATE *rand // IN: random number generator + // state (mostly for testing) + ) +{ + TPM_RC retVal = TPM_RC_SUCCESS; + TPM2B_PUBLIC_KEY_RSA dataIn; +// + // if the input and output buffers are the same, copy the input to a scratch + // buffer so that things don't get messed up. + if(dIn == &cOut->b) + { + MemoryCopy2B(&dataIn.b, dIn, sizeof(dataIn.t.buffer)); + dIn = &dataIn.b; + } + // All encryption schemes return the same size of data + cOut->t.size = key->publicArea.unique.rsa.t.size; + TEST(scheme->scheme); + + switch(scheme->scheme) + { + case ALG_NULL_VALUE: // 'raw' encryption + { + INT32 i; + INT32 dSize = dIn->size; + // dIn can have more bytes than cOut as long as the extra bytes + // are zero. Note: the more significant bytes of a number in a byte + // buffer are the bytes at the start of the array. + for(i = 0; (i < dSize) && (dIn->buffer[i] == 0); i++); + dSize -= i; + if(dSize > cOut->t.size) + ERROR_RETURN(TPM_RC_VALUE); + // Pad cOut with zeros if dIn is smaller + memset(cOut->t.buffer, 0, cOut->t.size - dSize); + // And copy the rest of the value + memcpy(&cOut->t.buffer[cOut->t.size - dSize], &dIn->buffer[i], dSize); + + // If the size of dIn is the same as cOut dIn could be larger than + // the modulus. If it is, then RSAEP() will catch it. + } + break; + case ALG_RSAES_VALUE: + retVal = RSAES_PKCS1v1_5Encode(&cOut->b, dIn, rand); + break; + case ALG_OAEP_VALUE: + retVal = OaepEncode(&cOut->b, scheme->details.oaep.hashAlg, label, dIn, + rand); + break; + default: + ERROR_RETURN(TPM_RC_SCHEME); + break; + } + // All the schemes that do padding will come here for the encryption step + // Check that the Encoding worked + if(retVal == TPM_RC_SUCCESS) + // Padding OK so do the encryption + retVal = RSAEP(&cOut->b, key); +Exit: + return retVal; +} + +//*** CryptRsaDecrypt() +// This is the entry point for decryption using RSA. Decryption is +// use of the private exponent. The 'padType' parameter determines what +// padding was used. +// +// Return Type: TPM_RC +// TPM_RC_SIZE 'cInSize' is not the same as the size of the public +// modulus of 'key'; or numeric value of the encrypted +// data is greater than the modulus +// TPM_RC_VALUE 'dOutSize' is not large enough for the result +// TPM_RC_SCHEME 'padType' is not supported +// +LIB_EXPORT TPM_RC +CryptRsaDecrypt( + TPM2B *dOut, // OUT: the decrypted data + TPM2B *cIn, // IN: the data to decrypt + OBJECT *key, // IN: the key to use for decryption + TPMT_RSA_DECRYPT *scheme, // IN: the padding scheme + const TPM2B *label // IN: in case it is needed for the scheme + ) +{ + TPM_RC retVal; + + // Make sure that the necessary parameters are provided + pAssert(cIn != NULL && dOut != NULL && key != NULL); + + // Size is checked to make sure that the encrypted value is the right size + if(cIn->size != key->publicArea.unique.rsa.t.size) + ERROR_RETURN(TPM_RC_SIZE); + + TEST(scheme->scheme); + + // For others that do padding, do the decryption in place and then + // go handle the decoding. + retVal = RSADP(cIn, key); + if(retVal == TPM_RC_SUCCESS) + { + // Remove padding + switch(scheme->scheme) + { + case ALG_NULL_VALUE: + if(dOut->size < cIn->size) + return TPM_RC_VALUE; + MemoryCopy2B(dOut, cIn, dOut->size); + break; + case ALG_RSAES_VALUE: + retVal = RSAES_Decode(dOut, cIn); + break; + case ALG_OAEP_VALUE: + retVal = OaepDecode(dOut, scheme->details.oaep.hashAlg, label, cIn); + break; + default: + retVal = TPM_RC_SCHEME; + break; + } + } +Exit: + return retVal; +} + +//*** CryptRsaSign() +// This function is used to generate an RSA signature of the type indicated in +// 'scheme'. +// +// Return Type: TPM_RC +// TPM_RC_SCHEME 'scheme' or 'hashAlg' are not supported +// TPM_RC_VALUE 'hInSize' does not match 'hashAlg' (for RSASSA) +// +LIB_EXPORT TPM_RC +CryptRsaSign( + TPMT_SIGNATURE *sigOut, + OBJECT *key, // IN: key to use + TPM2B_DIGEST *hIn, // IN: the digest to sign + RAND_STATE *rand // IN: the random number generator + // to use (mostly for testing) + ) +{ + TPM_RC retVal = TPM_RC_SUCCESS; + UINT16 modSize; + + // parameter checks + pAssert(sigOut != NULL && key != NULL && hIn != NULL); + + modSize = key->publicArea.unique.rsa.t.size; + + // for all non-null signatures, the size is the size of the key modulus + sigOut->signature.rsapss.sig.t.size = modSize; + + TEST(sigOut->sigAlg); + + switch(sigOut->sigAlg) + { + case ALG_NULL_VALUE: + sigOut->signature.rsapss.sig.t.size = 0; + return TPM_RC_SUCCESS; + case ALG_RSAPSS_VALUE: + retVal = PssEncode(&sigOut->signature.rsapss.sig.b, + sigOut->signature.rsapss.hash, &hIn->b, rand); + break; + case ALG_RSASSA_VALUE: + retVal = RSASSA_Encode(&sigOut->signature.rsassa.sig.b, + sigOut->signature.rsassa.hash, &hIn->b); + break; + default: + retVal = TPM_RC_SCHEME; + } + if(retVal == TPM_RC_SUCCESS) + { + // Do the encryption using the private key + retVal = RSADP(&sigOut->signature.rsapss.sig.b, key); + } + return retVal; +} + +//*** CryptRsaValidateSignature() +// This function is used to validate an RSA signature. If the signature is valid +// TPM_RC_SUCCESS is returned. If the signature is not valid, TPM_RC_SIGNATURE is +// returned. Other return codes indicate either parameter problems or fatal errors. +// +// Return Type: TPM_RC +// TPM_RC_SIGNATURE the signature does not check +// TPM_RC_SCHEME unsupported scheme or hash algorithm +// +LIB_EXPORT TPM_RC +CryptRsaValidateSignature( + TPMT_SIGNATURE *sig, // IN: signature + OBJECT *key, // IN: public modulus + TPM2B_DIGEST *digest // IN: The digest being validated + ) +{ + TPM_RC retVal; +// + // Fatal programming errors + pAssert(key != NULL && sig != NULL && digest != NULL); + switch(sig->sigAlg) + { + case ALG_RSAPSS_VALUE: + case ALG_RSASSA_VALUE: + break; + default: + return TPM_RC_SCHEME; + } + + // Errors that might be caused by calling parameters + if(sig->signature.rsassa.sig.t.size != key->publicArea.unique.rsa.t.size) + ERROR_RETURN(TPM_RC_SIGNATURE); + + TEST(sig->sigAlg); + + // Decrypt the block + retVal = RSAEP(&sig->signature.rsassa.sig.b, key); + if(retVal == TPM_RC_SUCCESS) + { + switch(sig->sigAlg) + { + case ALG_RSAPSS_VALUE: + retVal = PssDecode(sig->signature.any.hashAlg, &digest->b, + &sig->signature.rsassa.sig.b); + break; + case ALG_RSASSA_VALUE: + retVal = RSASSA_Decode(sig->signature.any.hashAlg, &digest->b, + &sig->signature.rsassa.sig.b); + break; + default: + return TPM_RC_SCHEME; + } + } +Exit: + return (retVal != TPM_RC_SUCCESS) ? TPM_RC_SIGNATURE : TPM_RC_SUCCESS; +} + +#if SIMULATION && USE_RSA_KEY_CACHE +extern int s_rsaKeyCacheEnabled; +int GetCachedRsaKey(TPMT_PUBLIC *publicArea, TPMT_SENSITIVE *sensitive, + RAND_STATE *rand); +#define GET_CACHED_KEY(publicArea, sensitive, rand) \ + (s_rsaKeyCacheEnabled && GetCachedRsaKey(publicArea, sensitive, rand)) +#else +#define GET_CACHED_KEY(key, rand) +#endif + +//*** CryptRsaGenerateKey() +// Generate an RSA key from a provided seed +/*(See part 1 specification) +// The formulation is: +// KDFa(hash, seed, label, Name, Counter, bits) +// Where: +// hash the nameAlg from the public template +// seed a seed (will be a primary seed for a primary key) +// label a distinguishing label including vendor ID and +// vendor-assigned part number for the TPM. +// Name the nameAlg from the template and the hash of the template +// using nameAlg. +// Counter a 32-bit integer that is incremented each time the KDF is +// called in order to produce a specific key. This value +// can be a 32-bit integer in host format and does not need +// to be put in canonical form. +// bits the number of bits needed for the key. +// The following process is implemented to find a RSA key pair: +// 1. pick a random number with enough bits from KDFa as a prime candidate +// 2. set the first two significant bits and the least significant bit of the +// prime candidate +// 3. check if the number is a prime. if not, pick another random number +// 4. Make sure the difference between the two primes are more than 2^104. +// Otherwise, restart the process for the second prime +// 5. If the counter has reached its maximum but we still can not find a valid +// RSA key pair, return an internal error. This is an artificial bound. +// Other implementation may choose a smaller number to indicate how many +// times they are willing to try. +*/ +// Return Type: TPM_RC +// TPM_RC_CANCELED operation was canceled +// TPM_RC_RANGE public exponent is not supported +// TPM_RC_VALUE could not find a prime using the provided parameters +LIB_EXPORT TPM_RC +CryptRsaGenerateKey( + TPMT_PUBLIC *publicArea, + TPMT_SENSITIVE *sensitive, + RAND_STATE *rand // IN: if not NULL, the deterministic + // RNG state + ) +{ + UINT32 i; + BN_RSA(bnD); + BN_RSA(bnN); + BN_WORD(bnPubExp); + UINT32 e = publicArea->parameters.rsaDetail.exponent; + int keySizeInBits; + TPM_RC retVal = TPM_RC_NO_RESULT; + NEW_PRIVATE_EXPONENT(Z); +// + +// Need to make sure that the caller did not specify an exponent that is +// not supported + e = publicArea->parameters.rsaDetail.exponent; + if(e == 0) + e = RSA_DEFAULT_PUBLIC_EXPONENT; + else + { + if(e < 65537) + ERROR_RETURN(TPM_RC_RANGE); + // Check that e is prime + if(!IsPrimeInt(e)) + ERROR_RETURN(TPM_RC_RANGE); + } + BnSetWord(bnPubExp, e); + + // check for supported key size. + keySizeInBits = publicArea->parameters.rsaDetail.keyBits; + if(((keySizeInBits % 1024) != 0) + || (keySizeInBits > MAX_RSA_KEY_BITS) // this might be redundant, but... + || (keySizeInBits == 0)) + ERROR_RETURN(TPM_RC_VALUE); + + // Set the prime size for instrumentation purposes + INSTRUMENT_SET(PrimeIndex, PRIME_INDEX(keySizeInBits / 2)); + +#if SIMULATION && USE_RSA_KEY_CACHE + if(GET_CACHED_KEY(publicArea, sensitive, rand)) + return TPM_RC_SUCCESS; +#endif + + // Make sure that key generation has been tested + TEST(ALG_NULL_VALUE); + + + // The prime is computed in P. When a new prime is found, Q is checked to + // see if it is zero. If so, P is copied to Q and a new P is found. + // When both P and Q are non-zero, the modulus and + // private exponent are computed and a trial encryption/decryption is + // performed. If the encrypt/decrypt fails, assume that at least one of the + // primes is composite. Since we don't know which one, set Q to zero and start + // over and find a new pair of primes. + + for(i = 1; (retVal == TPM_RC_NO_RESULT) && (i != 100); i++) + { + if(_plat__IsCanceled()) + ERROR_RETURN(TPM_RC_CANCELED); + + if(BnGeneratePrimeForRSA(Z->P, keySizeInBits / 2, e, rand) == TPM_RC_FAILURE) + { + retVal = TPM_RC_FAILURE; + goto Exit; + } + + INSTRUMENT_INC(PrimeCounts[PrimeIndex]); + + // If this is the second prime, make sure that it differs from the + // first prime by at least 2^100 + if(BnEqualZero(Z->Q)) + { + // copy p to q and compute another prime in p + BnCopy(Z->Q, Z->P); + continue; + } + // Make sure that the difference is at least 100 bits. Need to do it this + // way because the big numbers are only positive values + if(BnUnsignedCmp(Z->P, Z->Q) < 0) + BnSub(bnD, Z->Q, Z->P); + else + BnSub(bnD, Z->P, Z->Q); + if(BnMsb(bnD) < 100) + continue; + + //Form the public modulus and set the unique value + BnMult(bnN, Z->P, Z->Q); + BnTo2B(bnN, &publicArea->unique.rsa.b, + (NUMBYTES)BITS_TO_BYTES(keySizeInBits)); + // Make sure everything came out right. The MSb of the values must be one + if(((publicArea->unique.rsa.t.buffer[0] & 0x80) == 0) + || (publicArea->unique.rsa.t.size + != (NUMBYTES)BITS_TO_BYTES(keySizeInBits))) + FAIL(FATAL_ERROR_INTERNAL); + + + // Make sure that we can form the private exponent values + if(ComputePrivateExponent(bnPubExp, Z) != TRUE) + { + // If ComputePrivateExponent could not find an inverse for + // Q, then copy P and recompute P. This might + // cause both to be recomputed if P is also zero + if(BnEqualZero(Z->Q)) + BnCopy(Z->Q, Z->P); + continue; + } + + // Pack the private exponent into the sensitive area + PackExponent(&sensitive->sensitive.rsa, Z); + // Make sure everything came out right. The MSb of the values must be one + if(((publicArea->unique.rsa.t.buffer[0] & 0x80) == 0) + || ((sensitive->sensitive.rsa.t.buffer[0] & 0x80) == 0)) + FAIL(FATAL_ERROR_INTERNAL); + + retVal = TPM_RC_SUCCESS; + // Do a trial encryption decryption if this is a signing key + if(IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, sign)) + { + BN_RSA(temp1); + BN_RSA(temp2); + BnGenerateRandomInRange(temp1, bnN, rand); + + // Encrypt with public exponent... + BnModExp(temp2, temp1, bnPubExp, bnN); + // ... then decrypt with private exponent + RsaPrivateKeyOp(temp2, Z); + + // If the starting and ending values are not the same, + // start over )-; + if(BnUnsignedCmp(temp2, temp1) != 0) + { + BnSetWord(Z->Q, 0); + retVal = TPM_RC_NO_RESULT; + } + } + } +Exit: + return retVal; +} + +#endif // ALG_RSA \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptSelfTest.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptSelfTest.c new file mode 100644 index 000000000..33b312e64 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptSelfTest.c @@ -0,0 +1,222 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +//** Introduction +// The functions in this file are designed to support self-test of cryptographic +// functions in the TPM. The TPM allows the user to decide whether to run self-test +// on a demand basis or to run all the self-tests before proceeding. +// +// The self-tests are controlled by a set of bit vectors. The +// 'g_untestedDecryptionAlgorithms' vector has a bit for each decryption algorithm +// that needs to be tested and 'g_untestedEncryptionAlgorithms' has a bit for +// each encryption algorithm that needs to be tested. Before an algorithm +// is used, the appropriate vector is checked (indexed using the algorithm ID). +// If the bit is 1, then the test function should be called. +// +// For more information, see TpmSelfTests.txt + +#include "Tpm.h" + +//** Functions + +//*** RunSelfTest() +// Local function to run self-test +static TPM_RC +CryptRunSelfTests( + ALGORITHM_VECTOR *toTest // IN: the vector of the algorithms to test + ) +{ + TPM_ALG_ID alg; + + // For each of the algorithms that are in the toTestVecor, need to run a + // test + for(alg = TPM_ALG_FIRST; alg <= TPM_ALG_LAST; alg++) + { + if(TEST_BIT(alg, *toTest)) + { + TPM_RC result = CryptTestAlgorithm(alg, toTest); + if(result != TPM_RC_SUCCESS) + return result; + } + } + return TPM_RC_SUCCESS; +} + +//*** CryptSelfTest() +// This function is called to start/complete a full self-test. +// If 'fullTest' is NO, then only the untested algorithms will be run. If +// 'fullTest' is YES, then 'g_untestedDecryptionAlgorithms' is reinitialized and then +// all tests are run. +// This implementation of the reference design does not support processing outside +// the framework of a TPM command. As a consequence, this command does not +// complete until all tests are done. Since this can take a long time, the TPM +// will check after each test to see if the command is canceled. If so, then the +// TPM will returned TPM_RC_CANCELLED. To continue with the self-tests, call +// TPM2_SelfTest(fullTest == No) and the TPM will complete the testing. +// Return Type: TPM_RC +// TPM_RC_CANCELED if the command is canceled +LIB_EXPORT +TPM_RC +CryptSelfTest( + TPMI_YES_NO fullTest // IN: if full test is required + ) +{ +#if SIMULATION + if(g_forceFailureMode) + FAIL(FATAL_ERROR_FORCED); +#endif + + // If the caller requested a full test, then reset the to test vector so that + // all the tests will be run + if(fullTest == YES) + { + MemoryCopy(g_toTest, + g_implementedAlgorithms, + sizeof(g_toTest)); + } + return CryptRunSelfTests(&g_toTest); +} + +//*** CryptIncrementalSelfTest() +// This function is used to perform an incremental self-test. This implementation +// will perform the toTest values before returning. That is, it assumes that the +// TPM cannot perform background tasks between commands. +// +// This command may be canceled. If it is, then there is no return result. +// However, this command can be run again and the incremental progress will not +// be lost. +// Return Type: TPM_RC +// TPM_RC_CANCELED processing of this command was canceled +// TPM_RC_TESTING if toTest list is not empty +// TPM_RC_VALUE an algorithm in the toTest list is not implemented +TPM_RC +CryptIncrementalSelfTest( + TPML_ALG *toTest, // IN: list of algorithms to be tested + TPML_ALG *toDoList // OUT: list of algorithms needing test + ) +{ + ALGORITHM_VECTOR toTestVector = {0}; + TPM_ALG_ID alg; + UINT32 i; + + pAssert(toTest != NULL && toDoList != NULL); + if(toTest->count > 0) + { + // Transcribe the toTest list into the toTestVector + for(i = 0; i < toTest->count; i++) + { + alg = toTest->algorithms[i]; + + // make sure that the algorithm value is not out of range + if((alg > TPM_ALG_LAST) || !TEST_BIT(alg, g_implementedAlgorithms)) + return TPM_RC_VALUE; + SET_BIT(alg, toTestVector); + } + // Run the test + if(CryptRunSelfTests(&toTestVector) == TPM_RC_CANCELED) + return TPM_RC_CANCELED; + } + // Fill in the toDoList with the algorithms that are still untested + toDoList->count = 0; + + for(alg = TPM_ALG_FIRST; + toDoList->count < MAX_ALG_LIST_SIZE && alg <= TPM_ALG_LAST; + alg++) + { + if(TEST_BIT(alg, g_toTest)) + toDoList->algorithms[toDoList->count++] = alg; + } + return TPM_RC_SUCCESS; +} + +//*** CryptInitializeToTest() +// This function will initialize the data structures for testing all the +// algorithms. This should not be called unless CryptAlgsSetImplemented() has +// been called +void +CryptInitializeToTest( + void + ) +{ + // Indicate that nothing has been tested + memset(&g_cryptoSelfTestState, 0, sizeof(g_cryptoSelfTestState)); + + // Copy the implemented algorithm vector + MemoryCopy(g_toTest, g_implementedAlgorithms, sizeof(g_toTest)); + + // Setting the algorithm to null causes the test function to just clear + // out any algorithms for which there is no test. + CryptTestAlgorithm(TPM_ALG_ERROR, &g_toTest); + + return; +} + +//*** CryptTestAlgorithm() +// Only point of contact with the actual self tests. If a self-test fails, there +// is no return and the TPM goes into failure mode. +// The call to TestAlgorithm uses an algorithm selector and a bit vector. When the +// test is run, the corresponding bit in 'toTest' and in 'g_toTest' is CLEAR. If +// 'toTest' is NULL, then only the bit in 'g_toTest' is CLEAR. +// There is a special case for the call to TestAlgorithm(). When 'alg' is +// ALG_ERROR, TestAlgorithm() will CLEAR any bit in 'toTest' for which it has +// no test. This allows the knowledge about which algorithms have test to be +// accessed through the interface that provides the test. +// Return Type: TPM_RC +// TPM_RC_CANCELED test was canceled +LIB_EXPORT +TPM_RC +CryptTestAlgorithm( + TPM_ALG_ID alg, + ALGORITHM_VECTOR *toTest + ) +{ + TPM_RC result; +#if SELF_TEST + result = TestAlgorithm(alg, toTest); +#else + // If this is an attempt to determine the algorithms for which there is a + // self test, pretend that all of them do. We do that by not clearing any + // of the algorithm bits. When/if this function is called to run tests, it + // will over report. This can be changed so that any call to check on which + // algorithms have tests, 'toTest' can be cleared. + if(alg != TPM_ALG_ERROR) + { + CLEAR_BIT(alg, g_toTest); + if(toTest != NULL) + CLEAR_BIT(alg, *toTest); + } + result = TPM_RC_SUCCESS; +#endif + return result; +} \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptSmac.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptSmac.c new file mode 100644 index 000000000..cd584cf22 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptSmac.c @@ -0,0 +1,132 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +//** Introduction +// +// This file contains the implementation of the message authentication codes based +// on a symmetric block cipher. These functions only use the single block +// encryption functions of the selected symmetric cryptographic library. + +//** Includes, Defines, and Typedefs +#define _CRYPT_HASH_C_ +#include "Tpm.h" + +#if SMAC_IMPLEMENTED + +//*** CryptSmacStart() +// Function to start an SMAC. +UINT16 +CryptSmacStart( + HASH_STATE *state, + TPMU_PUBLIC_PARMS *keyParameters, + TPM_ALG_ID macAlg, // IN: the type of MAC + TPM2B *key +) +{ + UINT16 retVal = 0; +// + // Make sure that the key size is correct. This should have been checked + // at key load, but... + if(BITS_TO_BYTES(keyParameters->symDetail.sym.keyBits.sym) == key->size) + { + switch(macAlg) + { +#if ALG_CMAC + case ALG_CMAC_VALUE: + retVal = CryptCmacStart(&state->state.smac, keyParameters, + macAlg, key); + break; +#endif + default: + break; + } + } + state->type = (retVal != 0) ? HASH_STATE_SMAC : HASH_STATE_EMPTY; + return retVal; +} + +//*** CryptMacStart() +// Function to start either an HMAC or an SMAC. Cannot reuse the CryptHmacStart +// function because of the difference in number of parameters. +UINT16 +CryptMacStart( + HMAC_STATE *state, + TPMU_PUBLIC_PARMS *keyParameters, + TPM_ALG_ID macAlg, // IN: the type of MAC + TPM2B *key +) +{ + MemorySet(state, 0, sizeof(HMAC_STATE)); + if(CryptHashIsValidAlg(macAlg, FALSE)) + { + return CryptHmacStart(state, macAlg, key->size, key->buffer); + } + else if(CryptSmacIsValidAlg(macAlg, FALSE)) + { + return CryptSmacStart(&state->hashState, keyParameters, macAlg, key); + } + else + return 0; +} + +//*** CryptMacEnd() +// Dispatch to the MAC end function using a size and buffer pointer. +UINT16 +CryptMacEnd( + HMAC_STATE *state, + UINT32 size, + BYTE *buffer +) +{ + UINT16 retVal = 0; + if(state->hashState.type == HASH_STATE_SMAC) + retVal = (state->hashState.state.smac.smacMethods.end)( + &state->hashState.state.smac.state, size, buffer); + else if(state->hashState.type == HASH_STATE_HMAC) + retVal = CryptHmacEnd(state, size, buffer); + state->hashState.type = HASH_STATE_EMPTY; + return retVal; +} + +//*** CryptMacEnd2B() +// Dispatch to the MAC end function using a 2B. +UINT16 +CryptMacEnd2B ( + HMAC_STATE *state, + TPM2B *data +) +{ + return CryptMacEnd(state, data->size, data->buffer); +} +#endif // SMAC_IMPLEMENTED diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptSym.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptSym.c new file mode 100644 index 000000000..824c1fce5 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptSym.c @@ -0,0 +1,478 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +//** Introduction +// +// This file contains the implementation of the symmetric block cipher modes +// allowed for a TPM. These functions only use the single block encryption functions +// of the selected symmetric crypto library. + +//** Includes, Defines, and Typedefs +#include "Tpm.h" + +#include "CryptSym.h" + +#define KEY_BLOCK_SIZES(ALG, alg) \ +static const INT16 alg##KeyBlockSizes[] = { \ + ALG##_KEY_SIZES_BITS, -1, ALG##_BLOCK_SIZES }; + +#if ALG_AES + KEY_BLOCK_SIZES(AES, aes); +#endif // ALG_AES +#if ALG_SM4 + KEY_BLOCK_SIZES(SM4, sm4); +#endif +#if ALG_CAMELLIA + KEY_BLOCK_SIZES(CAMELLIA, camellia); +#endif +#if ALG_TDES + KEY_BLOCK_SIZES(TDES, tdes); +#endif + +//** Initialization and Data Access Functions +// +//*** CryptSymInit() +// This function is called to do _TPM_Init processing +BOOL +CryptSymInit( + void + ) +{ + return TRUE; +} + +//*** CryptSymStartup() +// This function is called to do TPM2_Startup() processing +BOOL +CryptSymStartup( + void + ) +{ + return TRUE; +} + +//*** CryptGetSymmetricBlockSize() +// This function returns the block size of the algorithm. The table of bit sizes has +// an entry for each allowed key size. The entry for a key size is 0 if the TPM does +// not implement that key size. The key size table is delimited with a negative number +// (-1). After the delimiter is a list of block sizes with each entry corresponding +// to the key bit size. For most symmetric algorithms, the block size is the same +// regardless of the key size but this arrangement allows them to be different. +// Return Type: INT16 +// <= 0 cipher not supported +// > 0 the cipher block size in bytes +LIB_EXPORT INT16 +CryptGetSymmetricBlockSize( + TPM_ALG_ID symmetricAlg, // IN: the symmetric algorithm + UINT16 keySizeInBits // IN: the key size + ) +{ + const INT16 *sizes; + INT16 i; +#define ALG_CASE(SYM, sym) case ALG_##SYM##_VALUE: sizes = sym##KeyBlockSizes; break + switch(symmetricAlg) + { +#if ALG_AES + ALG_CASE(AES, aes); +#endif +#if ALG_SM4 + ALG_CASE(SM4, sm4); +#endif +#if ALG_CAMELLIA + ALG_CASE(CAMELLIA, camellia); +#endif +#if ALG_TDES + ALG_CASE(TDES, tdes); +#endif + default: + return 0; + } + // Find the index of the indicated keySizeInBits + for(i = 0; *sizes >= 0; i++, sizes++) + { + if(*sizes == keySizeInBits) + break; + } + // If sizes is pointing at the end of the list of key sizes, then the desired + // key size was not found so set the block size to zero. + if(*sizes++ < 0) + return 0; + // Advance until the end of the list is found + while(*sizes++ >= 0); + // sizes is pointing to the first entry in the list of block sizes. Use the + // ith index to find the block size for the corresponding key size. + return sizes[i]; +} + +//** Symmetric Encryption +// This function performs symmetric encryption based on the mode. +// Return Type: TPM_RC +// TPM_RC_SIZE 'dSize' is not a multiple of the block size for an +// algorithm that requires it +// TPM_RC_FAILURE Fatal error +LIB_EXPORT TPM_RC +CryptSymmetricEncrypt( + BYTE *dOut, // OUT: + TPM_ALG_ID algorithm, // IN: the symmetric algorithm + UINT16 keySizeInBits, // IN: key size in bits + const BYTE *key, // IN: key buffer. The size of this buffer + // in bytes is (keySizeInBits + 7) / 8 + TPM2B_IV *ivInOut, // IN/OUT: IV for decryption. + TPM_ALG_ID mode, // IN: Mode to use + INT32 dSize, // IN: data size (may need to be a + // multiple of the blockSize) + const BYTE *dIn // IN: data buffer + ) +{ + BYTE *pIv; + int i; + BYTE tmp[MAX_SYM_BLOCK_SIZE]; + BYTE *pT; + tpmCryptKeySchedule_t keySchedule; + INT16 blockSize; + TpmCryptSetSymKeyCall_t encrypt; + BYTE *iv; + BYTE defaultIv[MAX_SYM_BLOCK_SIZE] = {0}; +// + pAssert(dOut != NULL && key != NULL && dIn != NULL); + if(dSize == 0) + return TPM_RC_SUCCESS; + + TEST(algorithm); + blockSize = CryptGetSymmetricBlockSize(algorithm, keySizeInBits); + if(blockSize == 0) + return TPM_RC_FAILURE; + // If the iv is provided, then it is expected to be block sized. In some cases, + // the caller is providing an array of 0's that is equal to [MAX_SYM_BLOCK_SIZE] + // with no knowledge of the actual block size. This function will set it. + if((ivInOut != NULL) && (mode != ALG_ECB_VALUE)) + { + ivInOut->t.size = blockSize; + iv = ivInOut->t.buffer; + } + else + iv = defaultIv; + pIv = iv; + + // Create encrypt key schedule and set the encryption function pointer. + + SELECT(ENCRYPT); + + switch(mode) + { +#if ALG_CTR + case ALG_CTR_VALUE: + for(; dSize > 0; dSize -= blockSize) + { + // Encrypt the current value of the IV(counter) + ENCRYPT(&keySchedule, iv, tmp); + + //increment the counter (counter is big-endian so start at end) + for(i = blockSize - 1; i >= 0; i--) + if((iv[i] += 1) != 0) + break; + // XOR the encrypted counter value with input and put into output + pT = tmp; + for(i = (dSize < blockSize) ? dSize : blockSize; i > 0; i--) + *dOut++ = *dIn++ ^ *pT++; + } + break; +#endif +#if ALG_OFB + case ALG_OFB_VALUE: + // This is written so that dIn and dOut may be the same + for(; dSize > 0; dSize -= blockSize) + { + // Encrypt the current value of the "IV" + ENCRYPT(&keySchedule, iv, iv); + + // XOR the encrypted IV into dIn to create the cipher text (dOut) + pIv = iv; + for(i = (dSize < blockSize) ? dSize : blockSize; i > 0; i--) + *dOut++ = (*pIv++ ^ *dIn++); + } + break; +#endif +#if ALG_CBC + case ALG_CBC_VALUE: + // For CBC the data size must be an even multiple of the + // cipher block size + if((dSize % blockSize) != 0) + return TPM_RC_SIZE; + // XOR the data block into the IV, encrypt the IV into the IV + // and then copy the IV to the output + for(; dSize > 0; dSize -= blockSize) + { + pIv = iv; + for(i = blockSize; i > 0; i--) + *pIv++ ^= *dIn++; + ENCRYPT(&keySchedule, iv, iv); + pIv = iv; + for(i = blockSize; i > 0; i--) + *dOut++ = *pIv++; + } + break; +#endif + // CFB is not optional + case ALG_CFB_VALUE: + // Encrypt the IV into the IV, XOR in the data, and copy to output + for(; dSize > 0; dSize -= blockSize) + { + // Encrypt the current value of the IV + ENCRYPT(&keySchedule, iv, iv); + pIv = iv; + for(i = (int)(dSize < blockSize) ? dSize : blockSize; i > 0; i--) + // XOR the data into the IV to create the cipher text + // and put into the output + *dOut++ = *pIv++ ^= *dIn++; + } + // If the inner loop (i loop) was smaller than blockSize, then dSize + // would have been smaller than blockSize and it is now negative. If + // it is negative, then it indicates how many bytes are needed to pad + // out the IV for the next round. + for(; dSize < 0; dSize++) + *pIv++ = 0; + break; +#if ALG_ECB + case ALG_ECB_VALUE: + // For ECB the data size must be an even multiple of the + // cipher block size + if((dSize % blockSize) != 0) + return TPM_RC_SIZE; + // Encrypt the input block to the output block + for(; dSize > 0; dSize -= blockSize) + { + ENCRYPT(&keySchedule, dIn, dOut); + dIn = &dIn[blockSize]; + dOut = &dOut[blockSize]; + } + break; +#endif + default: + return TPM_RC_FAILURE; + } + return TPM_RC_SUCCESS; +} + +//*** CryptSymmetricDecrypt() +// This function performs symmetric decryption based on the mode. +// Return Type: TPM_RC +// TPM_RC_FAILURE A fatal error +// TPM_RCS_SIZE 'dSize' is not a multiple of the block size for an +// algorithm that requires it +LIB_EXPORT TPM_RC +CryptSymmetricDecrypt( + BYTE *dOut, // OUT: decrypted data + TPM_ALG_ID algorithm, // IN: the symmetric algorithm + UINT16 keySizeInBits, // IN: key size in bits + const BYTE *key, // IN: key buffer. The size of this buffer + // in bytes is (keySizeInBits + 7) / 8 + TPM2B_IV *ivInOut, // IN/OUT: IV for decryption. + TPM_ALG_ID mode, // IN: Mode to use + INT32 dSize, // IN: data size (may need to be a + // multiple of the blockSize) + const BYTE *dIn // IN: data buffer + ) +{ + BYTE *pIv; + int i; + BYTE tmp[MAX_SYM_BLOCK_SIZE]; + BYTE *pT; + tpmCryptKeySchedule_t keySchedule; + INT16 blockSize; + BYTE *iv; + TpmCryptSetSymKeyCall_t encrypt; + TpmCryptSetSymKeyCall_t decrypt; + BYTE defaultIv[MAX_SYM_BLOCK_SIZE] = {0}; + + // These are used but the compiler can't tell because they are initialized + // in case statements and it can't tell if they are always initialized + // when needed, so... Comment these out if the compiler can tell or doesn't + // care that these are initialized before use. + encrypt = NULL; + decrypt = NULL; + + pAssert(dOut != NULL && key != NULL && dIn != NULL); + if(dSize == 0) + return TPM_RC_SUCCESS; + + TEST(algorithm); + blockSize = CryptGetSymmetricBlockSize(algorithm, keySizeInBits); + if(blockSize == 0) + return TPM_RC_FAILURE; + // If the iv is provided, then it is expected to be block sized. In some cases, + // the caller is providing an array of 0's that is equal to [MAX_SYM_BLOCK_SIZE] + // with no knowledge of the actual block size. This function will set it. + if((ivInOut != NULL) && (mode != ALG_ECB_VALUE)) + { + ivInOut->t.size = blockSize; + iv = ivInOut->t.buffer; + } + else + iv = defaultIv; + + pIv = iv; + // Use the mode to select the key schedule to create. Encrypt always uses the + // encryption schedule. Depending on the mode, decryption might use either + // the decryption or encryption schedule. + switch(mode) + { +#if ALG_CBC || ALG_ECB + case ALG_CBC_VALUE: // decrypt = decrypt + case ALG_ECB_VALUE: + // For ECB and CBC, the data size must be an even multiple of the + // cipher block size + if((dSize % blockSize) != 0) + return TPM_RC_SIZE; + SELECT(DECRYPT); + break; +#endif + default: + // For the remaining stream ciphers, use encryption to decrypt + SELECT(ENCRYPT); + break; + } + // Now do the mode-dependent decryption + switch(mode) + { +#if ALG_CBC + case ALG_CBC_VALUE: + // Copy the input data to a temp buffer, decrypt the buffer into the + // output, XOR in the IV, and copy the temp buffer to the IV and repeat. + for(; dSize > 0; dSize -= blockSize) + { + pT = tmp; + for(i = blockSize; i > 0; i--) + *pT++ = *dIn++; + DECRYPT(&keySchedule, tmp, dOut); + pIv = iv; + pT = tmp; + for(i = blockSize; i > 0; i--) + { + *dOut++ ^= *pIv; + *pIv++ = *pT++; + } + } + break; +#endif + case ALG_CFB_VALUE: + for(; dSize > 0; dSize -= blockSize) + { + // Encrypt the IV into the temp buffer + ENCRYPT(&keySchedule, iv, tmp); + pT = tmp; + pIv = iv; + for(i = (dSize < blockSize) ? dSize : blockSize; i > 0; i--) + // Copy the current cipher text to IV, XOR + // with the temp buffer and put into the output + *dOut++ = *pT++ ^ (*pIv++ = *dIn++); + } + // If the inner loop (i loop) was smaller than blockSize, then dSize + // would have been smaller than blockSize and it is now negative + // If it is negative, then it indicates how may fill bytes + // are needed to pad out the IV for the next round. + for(; dSize < 0; dSize++) + *pIv++ = 0; + + break; +#if ALG_CTR + case ALG_CTR_VALUE: + for(; dSize > 0; dSize -= blockSize) + { + // Encrypt the current value of the IV(counter) + ENCRYPT(&keySchedule, iv, tmp); + + //increment the counter (counter is big-endian so start at end) + for(i = blockSize - 1; i >= 0; i--) + if((iv[i] += 1) != 0) + break; + // XOR the encrypted counter value with input and put into output + pT = tmp; + for(i = (dSize < blockSize) ? dSize : blockSize; i > 0; i--) + *dOut++ = *dIn++ ^ *pT++; + } + break; +#endif +#if ALG_ECB + case ALG_ECB_VALUE: + for(; dSize > 0; dSize -= blockSize) + { + DECRYPT(&keySchedule, dIn, dOut); + dIn = &dIn[blockSize]; + dOut = &dOut[blockSize]; + } + break; +#endif +#if ALG_OFB + case ALG_OFB_VALUE: + // This is written so that dIn and dOut may be the same + for(; dSize > 0; dSize -= blockSize) + { + // Encrypt the current value of the "IV" + ENCRYPT(&keySchedule, iv, iv); + + // XOR the encrypted IV into dIn to create the cipher text (dOut) + pIv = iv; + for(i = (dSize < blockSize) ? dSize : blockSize; i > 0; i--) + *dOut++ = (*pIv++ ^ *dIn++); + } + break; +#endif + default: + return TPM_RC_FAILURE; + } + return TPM_RC_SUCCESS; +} + +//*** CryptSymKeyValidate() +// Validate that a provided symmetric key meets the requirements of the TPM +// Return Type: TPM_RC +// TPM_RC_KEY_SIZE Key size specifiers do not match +// TPM_RC_KEY Key is not allowed +TPM_RC +CryptSymKeyValidate( + TPMT_SYM_DEF_OBJECT *symDef, + TPM2B_SYM_KEY *key + ) +{ + if(key->t.size != BITS_TO_BYTES(symDef->keyBits.sym)) + return TPM_RCS_KEY_SIZE; +#if ALG_TDES + if(symDef->algorithm == TPM_ALG_TDES && !CryptDesValidateKey(key)) + return TPM_RCS_KEY; +#endif // ALG_TDES + return TPM_RC_SUCCESS; +} + + diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptUtil.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptUtil.c new file mode 100644 index 000000000..fdea4f6da --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptUtil.c @@ -0,0 +1,1901 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +//** Introduction +// +// This module contains the interfaces to the CryptoEngine and provides +// miscellaneous cryptographic functions in support of the TPM. +// + +//** Includes +#include "Tpm.h" + +//****************************************************************************/ +//** Hash/HMAC Functions +//****************************************************************************/ + +//*** CryptHmacSign() +// Sign a digest using an HMAC key. This an HMAC of a digest, not an HMAC of a +// message. +// Return Type: TPM_RC +// TPM_RC_HASH not a valid hash +static TPM_RC +CryptHmacSign( + TPMT_SIGNATURE *signature, // OUT: signature + OBJECT *signKey, // IN: HMAC key sign the hash + TPM2B_DIGEST *hashData // IN: hash to be signed + ) +{ + HMAC_STATE hmacState; + UINT32 digestSize; + + digestSize = CryptHmacStart2B(&hmacState, signature->signature.any.hashAlg, + &signKey->sensitive.sensitive.bits.b); + CryptDigestUpdate2B(&hmacState.hashState, &hashData->b); + CryptHmacEnd(&hmacState, digestSize, + (BYTE *)&signature->signature.hmac.digest); + return TPM_RC_SUCCESS; +} + +//*** CryptHMACVerifySignature() +// This function will verify a signature signed by a HMAC key. +// Note that a caller needs to prepare 'signature' with the signature algorithm +// (TPM_ALG_HMAC) and the hash algorithm to use. This function then builds a +// signature of that type. +// Return Type: TPM_RC +// TPM_RC_SCHEME not the proper scheme for this key type +// TPM_RC_SIGNATURE if invalid input or signature is not genuine +static TPM_RC +CryptHMACVerifySignature( + OBJECT *signKey, // IN: HMAC key signed the hash + TPM2B_DIGEST *hashData, // IN: digest being verified + TPMT_SIGNATURE *signature // IN: signature to be verified + ) +{ + TPMT_SIGNATURE test; + TPMT_KEYEDHASH_SCHEME *keyScheme = + &signKey->publicArea.parameters.keyedHashDetail.scheme; +// + if((signature->sigAlg != ALG_HMAC_VALUE) + || (signature->signature.hmac.hashAlg == ALG_NULL_VALUE)) + return TPM_RC_SCHEME; + // This check is not really needed for verification purposes. However, it does + // prevent someone from trying to validate a signature using a weaker hash + // algorithm than otherwise allowed by the key. That is, a key with a scheme + // other than TMP_ALG_NULL can only be used to validate signatures that have + // a matching scheme. + if((keyScheme->scheme != ALG_NULL_VALUE) + && ((keyScheme->scheme != signature->sigAlg) + || (keyScheme->details.hmac.hashAlg + != signature->signature.any.hashAlg))) + return TPM_RC_SIGNATURE; + test.sigAlg = signature->sigAlg; + test.signature.hmac.hashAlg = signature->signature.hmac.hashAlg; + + CryptHmacSign(&test, signKey, hashData); + + // Compare digest + if(!MemoryEqual(&test.signature.hmac.digest, + &signature->signature.hmac.digest, + CryptHashGetDigestSize(signature->signature.any.hashAlg))) + return TPM_RC_SIGNATURE; + + return TPM_RC_SUCCESS; +} + +//*** CryptGenerateKeyedHash() +// This function creates a keyedHash object. +// Return type: TPM_RC +// TPM_RC_NO_RESULT cannot get values from random number generator +// TPM_RC_SIZE sensitive data size is larger than allowed for +// the scheme +static TPM_RC +CryptGenerateKeyedHash( + TPMT_PUBLIC *publicArea, // IN/OUT: the public area template + // for the new key. + TPMT_SENSITIVE *sensitive, // OUT: sensitive area + TPMS_SENSITIVE_CREATE *sensitiveCreate, // IN: sensitive creation data + RAND_STATE *rand // IN: "entropy" source + ) +{ + TPMT_KEYEDHASH_SCHEME *scheme; + TPM_ALG_ID hashAlg; + UINT16 hashBlockSize; + UINT16 digestSize; + + scheme = &publicArea->parameters.keyedHashDetail.scheme; + + if(publicArea->type != ALG_KEYEDHASH_VALUE) + return TPM_RC_FAILURE; + + // Pick the limiting hash algorithm + if(scheme->scheme == ALG_NULL_VALUE) + hashAlg = publicArea->nameAlg; + else if(scheme->scheme == ALG_XOR_VALUE) + hashAlg = scheme->details.xor.hashAlg; + else + hashAlg = scheme->details.hmac.hashAlg; + hashBlockSize = CryptHashGetBlockSize(hashAlg); + digestSize = CryptHashGetDigestSize(hashAlg); + + // if this is a signing or a decryption key, then the limit + // for the data size is the block size of the hash. This limit + // is set because larger values have lower entropy because of the + // HMAC function. The lower limit is 1/2 the size of the digest + // + //If the user provided the key, check that it is a proper size + if(sensitiveCreate->data.t.size != 0) + { + if(IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, decrypt) + || IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, sign)) + { + if(sensitiveCreate->data.t.size > hashBlockSize) + return TPM_RC_SIZE; +#if 0 // May make this a FIPS-mode requirement + if(sensitiveCreate->data.t.size < (digestSize / 2)) + return TPM_RC_SIZE; +#endif + } + // If this is a data blob, then anything that will get past the unmarshaling + // is OK + MemoryCopy2B(&sensitive->sensitive.bits.b, &sensitiveCreate->data.b, + sizeof(sensitive->sensitive.bits.t.buffer)); + } + else + { + // The TPM is going to generate the data so set the size to be the + // size of the digest of the algorithm + sensitive->sensitive.bits.t.size = + DRBG_Generate(rand, sensitive->sensitive.bits.t.buffer, digestSize); + if(sensitive->sensitive.bits.t.size == 0) + return (g_inFailureMode) ? TPM_RC_FAILURE : TPM_RC_NO_RESULT; + } + return TPM_RC_SUCCESS; +} + +//*** CryptIsSchemeAnonymous() +// This function is used to test a scheme to see if it is an anonymous scheme +// The only anonymous scheme is ECDAA. ECDAA can be used to do things +// like U-Prove. +BOOL +CryptIsSchemeAnonymous( + TPM_ALG_ID scheme // IN: the scheme algorithm to test + ) +{ + return scheme == ALG_ECDAA_VALUE; +} + +//**** ************************************************************************ +//** Symmetric Functions +//**** ************************************************************************ + +//*** ParmDecryptSym() +// This function performs parameter decryption using symmetric block cipher. +/*(See Part 1 specification) +// Symmetric parameter decryption +// When parameter decryption uses a symmetric block cipher, a decryption +// key and IV will be generated from: +// KDFa(hash, sessionAuth, "CFB", nonceNewer, nonceOlder, bits) (24) +// Where: +// hash the hash function associated with the session +// sessionAuth the sessionAuth associated with the session +// nonceNewer nonceCaller for a command +// nonceOlder nonceTPM for a command +// bits the number of bits required for the symmetric key +// plus an IV +*/ +void +ParmDecryptSym( + TPM_ALG_ID symAlg, // IN: the symmetric algorithm + TPM_ALG_ID hash, // IN: hash algorithm for KDFa + UINT16 keySizeInBits, // IN: the key size in bits + TPM2B *key, // IN: KDF HMAC key + TPM2B *nonceCaller, // IN: nonce caller + TPM2B *nonceTpm, // IN: nonce TPM + UINT32 dataSize, // IN: size of parameter buffer + BYTE *data // OUT: buffer to be decrypted + ) +{ + // KDF output buffer + // It contains parameters for the CFB encryption + // From MSB to LSB, they are the key and iv + BYTE symParmString[MAX_SYM_KEY_BYTES + MAX_SYM_BLOCK_SIZE]; + // Symmetric key size in byte + UINT16 keySize = (keySizeInBits + 7) / 8; + TPM2B_IV iv; + + iv.t.size = CryptGetSymmetricBlockSize(symAlg, keySizeInBits); + // If there is decryption to do... + if(iv.t.size > 0) + { + // Generate key and iv + CryptKDFa(hash, key, CFB_KEY, nonceCaller, nonceTpm, + keySizeInBits + (iv.t.size * 8), symParmString, NULL, FALSE); + MemoryCopy(iv.t.buffer, &symParmString[keySize], iv.t.size); + + CryptSymmetricDecrypt(data, symAlg, keySizeInBits, symParmString, + &iv, ALG_CFB_VALUE, dataSize, data); + } + return; +} + +//*** ParmEncryptSym() +// This function performs parameter encryption using symmetric block cipher. +/*(See part 1 specification) +// When parameter decryption uses a symmetric block cipher, an encryption +// key and IV will be generated from: +// KDFa(hash, sessionAuth, "CFB", nonceNewer, nonceOlder, bits) (24) +// Where: +// hash the hash function associated with the session +// sessionAuth the sessionAuth associated with the session +// nonceNewer nonceTPM for a response +// nonceOlder nonceCaller for a response +// bits the number of bits required for the symmetric key +// plus an IV +*/ +void +ParmEncryptSym( + TPM_ALG_ID symAlg, // IN: symmetric algorithm + TPM_ALG_ID hash, // IN: hash algorithm for KDFa + UINT16 keySizeInBits, // IN: symmetric key size in bits + TPM2B *key, // IN: KDF HMAC key + TPM2B *nonceCaller, // IN: nonce caller + TPM2B *nonceTpm, // IN: nonce TPM + UINT32 dataSize, // IN: size of parameter buffer + BYTE *data // OUT: buffer to be encrypted + ) +{ + // KDF output buffer + // It contains parameters for the CFB encryption + BYTE symParmString[MAX_SYM_KEY_BYTES + MAX_SYM_BLOCK_SIZE]; + + // Symmetric key size in bytes + UINT16 keySize = (keySizeInBits + 7) / 8; + + TPM2B_IV iv; + + iv.t.size = CryptGetSymmetricBlockSize(symAlg, keySizeInBits); + // See if there is any encryption to do + if(iv.t.size > 0) + { + // Generate key and iv + CryptKDFa(hash, key, CFB_KEY, nonceTpm, nonceCaller, + keySizeInBits + (iv.t.size * 8), symParmString, NULL, FALSE); + MemoryCopy(iv.t.buffer, &symParmString[keySize], iv.t.size); + + CryptSymmetricEncrypt(data, symAlg, keySizeInBits, symParmString, &iv, + ALG_CFB_VALUE, dataSize, data); + } + return; +} + +//*** CryptGenerateKeySymmetric() +// This function generates a symmetric cipher key. The derivation process is +// determined by the type of the provided 'rand' +// Return type: TPM_RC +// TPM_RC_NO_RESULT cannot get a random value +// TPM_RC_KEY_SIZE key size in the public area does not match the size +// in the sensitive creation area +// TPM_RC_KEY provided key value is not allowed +static TPM_RC +CryptGenerateKeySymmetric( + TPMT_PUBLIC *publicArea, // IN/OUT: The public area template + // for the new key. + TPMT_SENSITIVE *sensitive, // OUT: sensitive area + TPMS_SENSITIVE_CREATE *sensitiveCreate, // IN: sensitive creation data + RAND_STATE *rand // IN: the "entropy" source for + ) +{ + UINT16 keyBits = publicArea->parameters.symDetail.sym.keyBits.sym; + TPM_RC result; +// + // only do multiples of RADIX_BITS + if((keyBits % RADIX_BITS) != 0) + return TPM_RC_KEY_SIZE; + // If this is not a new key, then the provided key data must be the right size + if(sensitiveCreate->data.t.size != 0) + { + result = CryptSymKeyValidate(&publicArea->parameters.symDetail.sym, + (TPM2B_SYM_KEY *)&sensitiveCreate->data); + if(result == TPM_RC_SUCCESS) + MemoryCopy2B(&sensitive->sensitive.sym.b, &sensitiveCreate->data.b, + sizeof(sensitive->sensitive.sym.t.buffer)); + } +#if ALG_TDES + else if(publicArea->parameters.symDetail.sym.algorithm == ALG_TDES_VALUE) + { + result = CryptGenerateKeyDes(publicArea, sensitive, rand); + } +#endif + else + { + sensitive->sensitive.sym.t.size = + DRBG_Generate(rand, sensitive->sensitive.sym.t.buffer, + BITS_TO_BYTES(keyBits)); + if(g_inFailureMode) + result = TPM_RC_FAILURE; + else if(sensitive->sensitive.sym.t.size == 0) + result = TPM_RC_NO_RESULT; + else + result = TPM_RC_SUCCESS; + } + return result; +} + +//*** CryptXORObfuscation() +// This function implements XOR obfuscation. It should not be called if the +// hash algorithm is not implemented. The only return value from this function +// is TPM_RC_SUCCESS. +void +CryptXORObfuscation( + TPM_ALG_ID hash, // IN: hash algorithm for KDF + TPM2B *key, // IN: KDF key + TPM2B *contextU, // IN: contextU + TPM2B *contextV, // IN: contextV + UINT32 dataSize, // IN: size of data buffer + BYTE *data // IN/OUT: data to be XORed in place + ) +{ + BYTE mask[MAX_DIGEST_SIZE]; // Allocate a digest sized buffer + BYTE *pm; + UINT32 i; + UINT32 counter = 0; + UINT16 hLen = CryptHashGetDigestSize(hash); + UINT32 requestSize = dataSize * 8; + INT32 remainBytes = (INT32)dataSize; + + pAssert((key != NULL) && (data != NULL) && (hLen != 0)); + + // Call KDFa to generate XOR mask + for(; remainBytes > 0; remainBytes -= hLen) + { + // Make a call to KDFa to get next iteration + CryptKDFa(hash, key, XOR_KEY, contextU, contextV, + requestSize, mask, &counter, TRUE); + + // XOR next piece of the data + pm = mask; + for(i = hLen < remainBytes ? hLen : remainBytes; i > 0; i--) + *data++ ^= *pm++; + } + return; +} + +//**************************************************************************** +//** Initialization and shut down +//**************************************************************************** + +//*** CryptInit() +// This function is called when the TPM receives a _TPM_Init indication. +// +// NOTE: The hash algorithms do not have to be tested, they just need to be +// available. They have to be tested before the TPM can accept HMAC authorization +// or return any result that relies on a hash algorithm. +// Return Type: BOOL +// TRUE(1) initializations succeeded +// FALSE(0) initialization failed and caller should place the TPM into +// Failure Mode +BOOL +CryptInit( + void + ) +{ + BOOL ok; + // Initialize the vector of implemented algorithms + AlgorithmGetImplementedVector(&g_implementedAlgorithms); + + // Indicate that all test are necessary + CryptInitializeToTest(); + + // Do any library initializations that are necessary. If any fails, + // the caller should go into failure mode; + ok = SupportLibInit(); + ok = ok && CryptSymInit(); + ok = ok && CryptRandInit(); + ok = ok && CryptHashInit(); +#if ALG_RSA + ok = ok && CryptRsaInit(); +#endif // ALG_RSA +#if ALG_ECC + ok = ok && CryptEccInit(); +#endif // ALG_ECC + return ok; +} + +//*** CryptStartup() +// This function is called by TPM2_Startup() to initialize the functions in +// this cryptographic library and in the provided CryptoLibrary. This function +// and CryptUtilInit() are both provided so that the implementation may move the +// initialization around to get the best interaction. +// Return Type: BOOL +// TRUE(1) startup succeeded +// FALSE(0) startup failed and caller should place the TPM into +// Failure Mode +BOOL +CryptStartup( + STARTUP_TYPE type // IN: the startup type + ) +{ + BOOL OK; + NOT_REFERENCED(type); + + OK = CryptSymStartup() && CryptRandStartup() && CryptHashStartup() +#if ALG_RSA + && CryptRsaStartup() +#endif // ALG_RSA +#if ALG_ECC + && CryptEccStartup() +#endif // ALG_ECC + ; +#if ALG_ECC + // Don't directly check for SU_RESET because that is the default + if(OK && (type != SU_RESTART) && (type != SU_RESUME)) + { + // If the shutdown was orderly, then the values recovered from NV will + // be OK to use. + // Get a new random commit nonce + gr.commitNonce.t.size = sizeof(gr.commitNonce.t.buffer); + CryptRandomGenerate(gr.commitNonce.t.size, gr.commitNonce.t.buffer); + // Reset the counter and commit array + gr.commitCounter = 0; + MemorySet(gr.commitArray, 0, sizeof(gr.commitArray)); + } +#endif // ALG_ECC + return OK; +} + +//**************************************************************************** +//** Algorithm-Independent Functions +//**************************************************************************** +//*** Introduction +// These functions are used generically when a function of a general type +// (e.g., symmetric encryption) is required. The functions will modify the +// parameters as required to interface to the indicated algorithms. +// +//*** CryptIsAsymAlgorithm() +// This function indicates if an algorithm is an asymmetric algorithm. +// Return Type: BOOL +// TRUE(1) if it is an asymmetric algorithm +// FALSE(0) if it is not an asymmetric algorithm +BOOL +CryptIsAsymAlgorithm( + TPM_ALG_ID algID // IN: algorithm ID + ) +{ + switch(algID) + { +#if ALG_RSA + case ALG_RSA_VALUE: +#endif +#if ALG_ECC + case ALG_ECC_VALUE: +#endif + return TRUE; + break; + default: + break; + } + return FALSE; +} + +//*** CryptSecretEncrypt() +// This function creates a secret value and its associated secret structure using +// an asymmetric algorithm. +// +// This function is used by TPM2_Rewrap() TPM2_MakeCredential(), +// and TPM2_Duplicate(). +// Return Type: TPM_RC +// TPM_RC_ATTRIBUTES 'keyHandle' does not reference a valid decryption key +// TPM_RC_KEY invalid ECC key (public point is not on the curve) +// TPM_RC_SCHEME RSA key with an unsupported padding scheme +// TPM_RC_VALUE numeric value of the data to be decrypted is greater +// than the RSA key modulus +TPM_RC +CryptSecretEncrypt( + OBJECT *encryptKey, // IN: encryption key object + const TPM2B *label, // IN: a null-terminated string as L + TPM2B_DATA *data, // OUT: secret value + TPM2B_ENCRYPTED_SECRET *secret // OUT: secret structure + ) +{ + TPMT_RSA_DECRYPT scheme; + TPM_RC result = TPM_RC_SUCCESS; +// + if(data == NULL || secret == NULL) + return TPM_RC_FAILURE; + + // The output secret value has the size of the digest produced by the nameAlg. + data->t.size = CryptHashGetDigestSize(encryptKey->publicArea.nameAlg); + // The encryption scheme is OAEP using the nameAlg of the encrypt key. + scheme.scheme = ALG_OAEP_VALUE; + scheme.details.anySig.hashAlg = encryptKey->publicArea.nameAlg; + + if(!IS_ATTRIBUTE(encryptKey->publicArea.objectAttributes, TPMA_OBJECT, decrypt)) + return TPM_RC_ATTRIBUTES; + switch(encryptKey->publicArea.type) + { +#if ALG_RSA + case ALG_RSA_VALUE: + { + // Create secret data from RNG + CryptRandomGenerate(data->t.size, data->t.buffer); + + // Encrypt the data by RSA OAEP into encrypted secret + result = CryptRsaEncrypt((TPM2B_PUBLIC_KEY_RSA *)secret, &data->b, + encryptKey, &scheme, label, NULL); + } + break; +#endif // ALG_RSA + +#if ALG_ECC + case ALG_ECC_VALUE: + { + TPMS_ECC_POINT eccPublic; + TPM2B_ECC_PARAMETER eccPrivate; + TPMS_ECC_POINT eccSecret; + BYTE *buffer = secret->t.secret; + + // Need to make sure that the public point of the key is on the + // curve defined by the key. + if(!CryptEccIsPointOnCurve( + encryptKey->publicArea.parameters.eccDetail.curveID, + &encryptKey->publicArea.unique.ecc)) + result = TPM_RC_KEY; + else + { + // Call crypto engine to create an auxiliary ECC key + // We assume crypt engine initialization should always success. + // Otherwise, TPM should go to failure mode. + + CryptEccNewKeyPair(&eccPublic, &eccPrivate, + encryptKey->publicArea.parameters.eccDetail.curveID); + // Marshal ECC public to secret structure. This will be used by the + // recipient to decrypt the secret with their private key. + secret->t.size = TPMS_ECC_POINT_Marshal(&eccPublic, &buffer, NULL); + + // Compute ECDH shared secret which is R = [d]Q where d is the + // private part of the ephemeral key and Q is the public part of a + // TPM key. TPM_RC_KEY error return from CryptComputeECDHSecret + // because the auxiliary ECC key is just created according to the + // parameters of input ECC encrypt key. + if(CryptEccPointMultiply(&eccSecret, + encryptKey->publicArea.parameters.eccDetail.curveID, + &encryptKey->publicArea.unique.ecc, &eccPrivate, + NULL, NULL) + != TPM_RC_SUCCESS) + result = TPM_RC_KEY; + else + { + // The secret value is computed from Z using KDFe as: + // secret := KDFe(HashID, Z, Use, PartyUInfo, PartyVInfo, bits) + // Where: + // HashID the nameAlg of the decrypt key + // Z the x coordinate (Px) of the product (P) of the point + // (Q) of the secret and the private x coordinate (de,V) + // of the decryption key + // Use a null-terminated string containing "SECRET" + // PartyUInfo the x coordinate of the point in the secret + // (Qe,U ) + // PartyVInfo the x coordinate of the public key (Qs,V ) + // bits the number of bits in the digest of HashID + // Retrieve seed from KDFe + CryptKDFe(encryptKey->publicArea.nameAlg, &eccSecret.x.b, + label, &eccPublic.x.b, + &encryptKey->publicArea.unique.ecc.x.b, + data->t.size * 8, data->t.buffer); + } + } + } + break; +#endif // ALG_ECC + default: + FAIL(FATAL_ERROR_INTERNAL); + break; + } + return result; +} + +//*** CryptSecretDecrypt() +// Decrypt a secret value by asymmetric (or symmetric) algorithm +// This function is used for ActivateCredential and Import for asymmetric +// decryption, and StartAuthSession for both asymmetric and symmetric +// decryption process +// +// Return Type: TPM_RC +// TPM_RC_ATTRIBUTES RSA key is not a decryption key +// TPM_RC_BINDING Invalid RSA key (public and private parts are not +// cryptographically bound. +// TPM_RC_ECC_POINT ECC point in the secret is not on the curve +// TPM_RC_INSUFFICIENT failed to retrieve ECC point from the secret +// TPM_RC_NO_RESULT multiplication resulted in ECC point at infinity +// TPM_RC_SIZE data to decrypt is not of the same size as RSA key +// TPM_RC_VALUE For RSA key, numeric value of the encrypted data is +// greater than the modulus, or the recovered data is +// larger than the output buffer. +// For keyedHash or symmetric key, the secret is +// larger than the size of the digest produced by +// the name algorithm. +// TPM_RC_FAILURE internal error +TPM_RC +CryptSecretDecrypt( + OBJECT *decryptKey, // IN: decrypt key + TPM2B_NONCE *nonceCaller, // IN: nonceCaller. It is needed for + // symmetric decryption. For + // asymmetric decryption, this + // parameter is NULL + const TPM2B *label, // IN: a value for L + TPM2B_ENCRYPTED_SECRET *secret, // IN: input secret + TPM2B_DATA *data // OUT: decrypted secret value + ) +{ + TPM_RC result = TPM_RC_SUCCESS; + + // Decryption for secret + switch(decryptKey->publicArea.type) + { +#if ALG_RSA + case ALG_RSA_VALUE: + { + TPMT_RSA_DECRYPT scheme; + TPMT_RSA_SCHEME *keyScheme + = &decryptKey->publicArea.parameters.rsaDetail.scheme; + UINT16 digestSize; + + scheme = *(TPMT_RSA_DECRYPT *)keyScheme; + // If the key scheme is ALG_NULL_VALUE, set the scheme to OAEP and + // set the algorithm to the name algorithm. + if(scheme.scheme == ALG_NULL_VALUE) + { + // Use OAEP scheme + scheme.scheme = ALG_OAEP_VALUE; + scheme.details.oaep.hashAlg = decryptKey->publicArea.nameAlg; + } + // use the digestSize as an indicator of whether or not the scheme + // is using a supported hash algorithm. + // Note: depending on the scheme used for encryption, a hashAlg might + // not be needed. However, the return value has to have some upper + // limit on the size. In this case, it is the size of the digest of the + // hash algorithm. It is checked after the decryption is done but, there + // is no point in doing the decryption if the size is going to be + // 'wrong' anyway. + digestSize = CryptHashGetDigestSize(scheme.details.oaep.hashAlg); + if(scheme.scheme != ALG_OAEP_VALUE || digestSize == 0) + return TPM_RC_SCHEME; + + // Set the output buffer capacity + data->t.size = sizeof(data->t.buffer); + + // Decrypt seed by RSA OAEP + result = CryptRsaDecrypt(&data->b, &secret->b, + decryptKey, &scheme, label); + if((result == TPM_RC_SUCCESS) && (data->t.size > digestSize)) + result = TPM_RC_VALUE; + } + break; +#endif // ALG_RSA +#if ALG_ECC + case ALG_ECC_VALUE: + { + TPMS_ECC_POINT eccPublic; + TPMS_ECC_POINT eccSecret; + BYTE *buffer = secret->t.secret; + INT32 size = secret->t.size; + + // Retrieve ECC point from secret buffer + result = TPMS_ECC_POINT_Unmarshal(&eccPublic, &buffer, &size); + if(result == TPM_RC_SUCCESS) + { + result = CryptEccPointMultiply(&eccSecret, + decryptKey->publicArea.parameters.eccDetail.curveID, + &eccPublic, &decryptKey->sensitive.sensitive.ecc, + NULL, NULL); + if(result == TPM_RC_SUCCESS) + { + // Set the size of the "recovered" secret value to be the size + // of the digest produced by the nameAlg. + data->t.size = + CryptHashGetDigestSize(decryptKey->publicArea.nameAlg); + + // The secret value is computed from Z using KDFe as: + // secret := KDFe(HashID, Z, Use, PartyUInfo, PartyVInfo, bits) + // Where: + // HashID -- the nameAlg of the decrypt key + // Z -- the x coordinate (Px) of the product (P) of the point + // (Q) of the secret and the private x coordinate (de,V) + // of the decryption key + // Use -- a null-terminated string containing "SECRET" + // PartyUInfo -- the x coordinate of the point in the secret + // (Qe,U ) + // PartyVInfo -- the x coordinate of the public key (Qs,V ) + // bits -- the number of bits in the digest of HashID + // Retrieve seed from KDFe + CryptKDFe(decryptKey->publicArea.nameAlg, &eccSecret.x.b, label, + &eccPublic.x.b, + &decryptKey->publicArea.unique.ecc.x.b, + data->t.size * 8, data->t.buffer); + } + } + } + break; +#endif // ALG_ECC +#if !ALG_KEYEDHASH +# error "KEYEDHASH support is required" +#endif + case ALG_KEYEDHASH_VALUE: + // The seed size can not be bigger than the digest size of nameAlg + if(secret->t.size > + CryptHashGetDigestSize(decryptKey->publicArea.nameAlg)) + result = TPM_RC_VALUE; + else + { + // Retrieve seed by XOR Obfuscation: + // seed = XOR(secret, hash, key, nonceCaller, nullNonce) + // where: + // secret the secret parameter from the TPM2_StartAuthHMAC + // command that contains the seed value + // hash nameAlg of tpmKey + // key the key or data value in the object referenced by + // entityHandle in the TPM2_StartAuthHMAC command + // nonceCaller the parameter from the TPM2_StartAuthHMAC command + // nullNonce a zero-length nonce + // XOR Obfuscation in place + CryptXORObfuscation(decryptKey->publicArea.nameAlg, + &decryptKey->sensitive.sensitive.bits.b, + &nonceCaller->b, NULL, + secret->t.size, secret->t.secret); + // Copy decrypted seed + MemoryCopy2B(&data->b, &secret->b, sizeof(data->t.buffer)); + } + break; + case ALG_SYMCIPHER_VALUE: + { + TPM2B_IV iv = {{0}}; + TPMT_SYM_DEF_OBJECT *symDef; + // The seed size can not be bigger than the digest size of nameAlg + if(secret->t.size > + CryptHashGetDigestSize(decryptKey->publicArea.nameAlg)) + result = TPM_RC_VALUE; + else + { + symDef = &decryptKey->publicArea.parameters.symDetail.sym; + iv.t.size = CryptGetSymmetricBlockSize(symDef->algorithm, + symDef->keyBits.sym); + if(iv.t.size == 0) + return TPM_RC_FAILURE; + if(nonceCaller->t.size >= iv.t.size) + { + MemoryCopy(iv.t.buffer, nonceCaller->t.buffer, iv.t.size); + } + else + { + if(nonceCaller->t.size > sizeof(iv.t.buffer)) + return TPM_RC_FAILURE; + MemoryCopy(iv.b.buffer, nonceCaller->t.buffer, + nonceCaller->t.size); + } + // make sure secret will fit + if(secret->t.size > data->t.size) + return TPM_RC_FAILURE; + data->t.size = secret->t.size; + // CFB decrypt, using nonceCaller as iv + CryptSymmetricDecrypt(data->t.buffer, symDef->algorithm, + symDef->keyBits.sym, + decryptKey->sensitive.sensitive.sym.t.buffer, + &iv, ALG_CFB_VALUE, secret->t.size, + secret->t.secret); + } + } + break; + default: + FAIL(FATAL_ERROR_INTERNAL); + break; + } + return result; +} + +//*** CryptParameterEncryption() +// This function does in-place encryption of a response parameter. +void +CryptParameterEncryption( + TPM_HANDLE handle, // IN: encrypt session handle + TPM2B *nonceCaller, // IN: nonce caller + UINT16 leadingSizeInByte, // IN: the size of the leading size field in + // bytes + TPM2B_AUTH *extraKey, // IN: additional key material other than + // sessionAuth + BYTE *buffer // IN/OUT: parameter buffer to be encrypted + ) +{ + SESSION *session = SessionGet(handle); // encrypt session + TPM2B_TYPE(TEMP_KEY, (sizeof(extraKey->t.buffer) + + sizeof(session->sessionKey.t.buffer))); + TPM2B_TEMP_KEY key; // encryption key + UINT32 cipherSize = 0; // size of cipher text +// + // Retrieve encrypted data size. + if(leadingSizeInByte == 2) + { + // Extract the first two bytes as the size field as the data size + // encrypt + cipherSize = (UINT32)BYTE_ARRAY_TO_UINT16(buffer); + // advance the buffer + buffer = &buffer[2]; + } +#ifdef TPM4B + else if(leadingSizeInByte == 4) + { + // use the first four bytes to indicate the number of bytes to encrypt + cipherSize = BYTE_ARRAY_TO_UINT32(buffer); + //advance pointer + buffer = &buffer[4]; + } +#endif + else + { + FAIL(FATAL_ERROR_INTERNAL); + } + + // Compute encryption key by concatenating sessionKey with extra key + MemoryCopy2B(&key.b, &session->sessionKey.b, sizeof(key.t.buffer)); + MemoryConcat2B(&key.b, &extraKey->b, sizeof(key.t.buffer)); + + if(session->symmetric.algorithm == ALG_XOR_VALUE) + + // XOR parameter encryption formulation: + // XOR(parameter, hash, sessionAuth, nonceNewer, nonceOlder) + CryptXORObfuscation(session->authHashAlg, &(key.b), + &(session->nonceTPM.b), + nonceCaller, cipherSize, buffer); + else + ParmEncryptSym(session->symmetric.algorithm, session->authHashAlg, + session->symmetric.keyBits.aes, &(key.b), + nonceCaller, &(session->nonceTPM.b), + cipherSize, buffer); + return; +} + +//*** CryptParameterDecryption() +// This function does in-place decryption of a command parameter. +// Return Type: TPM_RC +// TPM_RC_SIZE The number of bytes in the input buffer is less than +// the number of bytes to be decrypted. +TPM_RC +CryptParameterDecryption( + TPM_HANDLE handle, // IN: encrypted session handle + TPM2B *nonceCaller, // IN: nonce caller + UINT32 bufferSize, // IN: size of parameter buffer + UINT16 leadingSizeInByte, // IN: the size of the leading size field in + // byte + TPM2B_AUTH *extraKey, // IN: the authValue + BYTE *buffer // IN/OUT: parameter buffer to be decrypted + ) +{ + SESSION *session = SessionGet(handle); // encrypt session + // The HMAC key is going to be the concatenation of the session key and any + // additional key material (like the authValue). The size of both of these + // is the size of the buffer which can contain a TPMT_HA. + TPM2B_TYPE(HMAC_KEY, (sizeof(extraKey->t.buffer) + + sizeof(session->sessionKey.t.buffer))); + TPM2B_HMAC_KEY key; // decryption key + UINT32 cipherSize = 0; // size of cipher text +// + // Retrieve encrypted data size. + if(leadingSizeInByte == 2) + { + // The first two bytes of the buffer are the size of the + // data to be decrypted + cipherSize = (UINT32)BYTE_ARRAY_TO_UINT16(buffer); + buffer = &buffer[2]; // advance the buffer + } +#ifdef TPM4B + else if(leadingSizeInByte == 4) + { + // the leading size is four bytes so get the four byte size field + cipherSize = BYTE_ARRAY_TO_UINT32(buffer); + buffer = &buffer[4]; //advance pointer + } +#endif + else + { + FAIL(FATAL_ERROR_INTERNAL); + } + if(cipherSize > bufferSize) + return TPM_RC_SIZE; + + // Compute decryption key by concatenating sessionAuth with extra input key + MemoryCopy2B(&key.b, &session->sessionKey.b, sizeof(key.t.buffer)); + MemoryConcat2B(&key.b, &extraKey->b, sizeof(key.t.buffer)); + + if(session->symmetric.algorithm == ALG_XOR_VALUE) + // XOR parameter decryption formulation: + // XOR(parameter, hash, sessionAuth, nonceNewer, nonceOlder) + // Call XOR obfuscation function + CryptXORObfuscation(session->authHashAlg, &key.b, nonceCaller, + &(session->nonceTPM.b), cipherSize, buffer); + else + // Assume that it is one of the symmetric block ciphers. + ParmDecryptSym(session->symmetric.algorithm, session->authHashAlg, + session->symmetric.keyBits.sym, + &key.b, nonceCaller, &session->nonceTPM.b, + cipherSize, buffer); + + return TPM_RC_SUCCESS; +} + +//*** CryptComputeSymmetricUnique() +// This function computes the unique field in public area for symmetric objects. +void +CryptComputeSymmetricUnique( + TPMT_PUBLIC *publicArea, // IN: the object's public area + TPMT_SENSITIVE *sensitive, // IN: the associated sensitive area + TPM2B_DIGEST *unique // OUT: unique buffer + ) +{ + // For parents (symmetric and derivation), use an HMAC to compute + // the 'unique' field + if(IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, restricted) + && IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, decrypt)) + { + // Unique field is HMAC(sensitive->seedValue, sensitive->sensitive) + HMAC_STATE hmacState; + unique->b.size = CryptHmacStart2B(&hmacState, publicArea->nameAlg, + &sensitive->seedValue.b); + CryptDigestUpdate2B(&hmacState.hashState, + &sensitive->sensitive.any.b); + CryptHmacEnd2B(&hmacState, &unique->b); + } + else + { + HASH_STATE hashState; + // Unique := Hash(sensitive->seedValue || sensitive->sensitive) + unique->t.size = CryptHashStart(&hashState, publicArea->nameAlg); + CryptDigestUpdate2B(&hashState, &sensitive->seedValue.b); + CryptDigestUpdate2B(&hashState, &sensitive->sensitive.any.b); + CryptHashEnd2B(&hashState, &unique->b); + } + return; +} + +//*** CryptCreateObject() +// This function creates an object. +// For an asymmetric key, it will create a key pair and, for a parent key, a seed +// value for child protections. +// +// For an symmetric object, (TPM_ALG_SYMCIPHER or TPM_ALG_KEYEDHASH), it will +// create a secret key if the caller did not provide one. It will create a random +// secret seed value that is hashed with the secret value to create the public +// unique value. +// +// 'publicArea', 'sensitive', and 'sensitiveCreate' are the only required parameters +// and are the only ones that are used by TPM2_Create(). The other parameters +// are optional and are used when the generated Object needs to be deterministic. +// This is the case for both Primary Objects and Derived Objects. +// +// When a seed value is provided, a RAND_STATE will be populated and used for +// all operations in the object generation that require a random number. In the +// simplest case, TPM2_CreatePrimary() will use 'seed', 'label' and 'context' with +// context being the hash of the template. If the Primary Object is in +// the Endorsement hierarchy, it will also populate 'proof' with ehProof. +// +// For derived keys, 'seed' will be the secret value from the parent, 'label' and +// 'context' will be set according to the parameters of TPM2_CreateLoaded() and +// 'hashAlg' will be set which causes the RAND_STATE to be a KDF generator. +// +// Return Type: TPM_RC +// TPM_RC_KEY a provided key is not an allowed value +// TPM_RC_KEY_SIZE key size in the public area does not match the size +// in the sensitive creation area for a symmetric key +// TPM_RC_NO_RESULT unable to get random values (only in derivation) +// TPM_RC_RANGE for an RSA key, the exponent is not supported +// TPM_RC_SIZE sensitive data size is larger than allowed for the +// scheme for a keyed hash object +// TPM_RC_VALUE exponent is not prime or could not find a prime using +// the provided parameters for an RSA key; +// unsupported name algorithm for an ECC key +TPM_RC +CryptCreateObject( + OBJECT *object, // IN: new object structure pointer + TPMS_SENSITIVE_CREATE *sensitiveCreate, // IN: sensitive creation + RAND_STATE *rand // IN: the random number generator + // to use + ) +{ + TPMT_PUBLIC *publicArea = &object->publicArea; + TPMT_SENSITIVE *sensitive = &object->sensitive; + TPM_RC result = TPM_RC_SUCCESS; +// + // Set the sensitive type for the object + sensitive->sensitiveType = publicArea->type; + + // For all objects, copy the initial authorization data + sensitive->authValue = sensitiveCreate->userAuth; + + // If the TPM is the source of the data, set the size of the provided data to + // zero so that there's no confusion about what to do. + if(IS_ATTRIBUTE(publicArea->objectAttributes, + TPMA_OBJECT, sensitiveDataOrigin)) + sensitiveCreate->data.t.size = 0; + + // Generate the key and unique fields for the asymmetric keys and just the + // sensitive value for symmetric object + switch(publicArea->type) + { +#if ALG_RSA + // Create RSA key + case ALG_RSA_VALUE: + // RSA uses full object so that it has a place to put the private + // exponent + result = CryptRsaGenerateKey(publicArea, sensitive, rand); + break; +#endif // ALG_RSA + +#if ALG_ECC + // Create ECC key + case ALG_ECC_VALUE: + result = CryptEccGenerateKey(publicArea, sensitive, rand); + break; +#endif // ALG_ECC + case ALG_SYMCIPHER_VALUE: + result = CryptGenerateKeySymmetric(publicArea, sensitive, + sensitiveCreate, rand); + break; + case ALG_KEYEDHASH_VALUE: + result = CryptGenerateKeyedHash(publicArea, sensitive, + sensitiveCreate, rand); + break; + default: + FAIL(FATAL_ERROR_INTERNAL); + break; + } + if(result != TPM_RC_SUCCESS) + return result; +// Create the sensitive seed value + // If this is a primary key in the endorsement hierarchy, stir the DRBG state + // This implementation uses both shProof and ehProof to make sure that there + // is no leakage of either. + if(object->attributes.primary && object->attributes.epsHierarchy) + { + DRBG_AdditionalData((DRBG_STATE *)rand, &gp.shProof.b); + DRBG_AdditionalData((DRBG_STATE *)rand, &gp.ehProof.b); + } + // Generate a seedValue that is the size of the digest produced by nameAlg + sensitive->seedValue.t.size = + DRBG_Generate(rand, sensitive->seedValue.t.buffer, + CryptHashGetDigestSize(publicArea->nameAlg)); + if(g_inFailureMode) + return TPM_RC_FAILURE; + else if(sensitive->seedValue.t.size == 0) + return TPM_RC_NO_RESULT; + // For symmetric objects, need to compute the unique value for the public area + if(publicArea->type == ALG_SYMCIPHER_VALUE + || publicArea->type == ALG_KEYEDHASH_VALUE) + { + CryptComputeSymmetricUnique(publicArea, sensitive, &publicArea->unique.sym); + } + else + { + // if this is an asymmetric key and it isn't a parent, then + // get rid of the seed. + if(IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, sign) + || !IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, restricted)) + memset(&sensitive->seedValue, 0, sizeof(sensitive->seedValue)); + } + // Compute the name + PublicMarshalAndComputeName(publicArea, &object->name); + return result; +} + +//*** CryptGetSignHashAlg() +// Get the hash algorithm of signature from a TPMT_SIGNATURE structure. +// It assumes the signature is not NULL +// This is a function for easy access +TPMI_ALG_HASH +CryptGetSignHashAlg( + TPMT_SIGNATURE *auth // IN: signature + ) +{ + if(auth->sigAlg == ALG_NULL_VALUE) + FAIL(FATAL_ERROR_INTERNAL); + + // Get authHash algorithm based on signing scheme + switch(auth->sigAlg) + { +#if ALG_RSA + // If RSA is supported, both RSASSA and RSAPSS are required +# if !defined ALG_RSASSA_VALUE || !defined ALG_RSAPSS_VALUE +# error "RSASSA and RSAPSS are required for RSA" +# endif + case ALG_RSASSA_VALUE: + return auth->signature.rsassa.hash; + case ALG_RSAPSS_VALUE: + return auth->signature.rsapss.hash; +#endif // ALG_RSA + +#if ALG_ECC + // If ECC is defined, ECDSA is mandatory +# if !ALG_ECDSA +# error "ECDSA is requried for ECC" +# endif + case ALG_ECDSA_VALUE: + // SM2 and ECSCHNORR are optional + +# if ALG_SM2 + case ALG_SM2_VALUE: +# endif +# if ALG_ECSCHNORR + case ALG_ECSCHNORR_VALUE: +# endif + //all ECC signatures look the same + return auth->signature.ecdsa.hash; + +# if ALG_ECDAA + // Don't know how to verify an ECDAA signature + case ALG_ECDAA_VALUE: + break; +# endif + +#endif // ALG_ECC + + case ALG_HMAC_VALUE: + return auth->signature.hmac.hashAlg; + + default: + break; + } + return ALG_NULL_VALUE; +} + +//*** CryptIsSplitSign() +// This function us used to determine if the signing operation is a split +// signing operation that required a TPM2_Commit(). +// +BOOL +CryptIsSplitSign( + TPM_ALG_ID scheme // IN: the algorithm selector + ) +{ + switch(scheme) + { +# if ALG_ECDAA + case ALG_ECDAA_VALUE: + return TRUE; + break; +# endif // ALG_ECDAA + default: + return FALSE; + break; + } +} + +//*** CryptIsAsymSignScheme() +// This function indicates if a scheme algorithm is a sign algorithm. +BOOL +CryptIsAsymSignScheme( + TPMI_ALG_PUBLIC publicType, // IN: Type of the object + TPMI_ALG_ASYM_SCHEME scheme // IN: the scheme + ) +{ + BOOL isSignScheme = TRUE; + + switch(publicType) + { +#if ALG_RSA + case ALG_RSA_VALUE: + switch(scheme) + { +# if !ALG_RSASSA || !ALG_RSAPSS +# error "RSASSA and PSAPSS required if RSA used." +# endif + case ALG_RSASSA_VALUE: + case ALG_RSAPSS_VALUE: + break; + default: + isSignScheme = FALSE; + break; + } + break; +#endif // ALG_RSA + +#if ALG_ECC + // If ECC is implemented ECDSA is required + case ALG_ECC_VALUE: + switch(scheme) + { + // Support for ECDSA is required for ECC + case ALG_ECDSA_VALUE: +#if ALG_ECDAA // ECDAA is optional + case ALG_ECDAA_VALUE: +#endif +#if ALG_ECSCHNORR // Schnorr is also optional + case ALG_ECSCHNORR_VALUE: +#endif +#if ALG_SM2 // SM2 is optional + case ALG_SM2_VALUE: +#endif + break; + default: + isSignScheme = FALSE; + break; + } + break; +#endif // ALG_ECC + default: + isSignScheme = FALSE; + break; + } + return isSignScheme; +} + +//*** CryptIsAsymDecryptScheme() +// This function indicate if a scheme algorithm is a decrypt algorithm. +BOOL +CryptIsAsymDecryptScheme( + TPMI_ALG_PUBLIC publicType, // IN: Type of the object + TPMI_ALG_ASYM_SCHEME scheme // IN: the scheme + ) +{ + BOOL isDecryptScheme = TRUE; + + switch(publicType) + { +#if ALG_RSA + case ALG_RSA_VALUE: + switch(scheme) + { + case ALG_RSAES_VALUE: + case ALG_OAEP_VALUE: + break; + default: + isDecryptScheme = FALSE; + break; + } + break; +#endif // ALG_RSA + +#if ALG_ECC + // If ECC is implemented ECDH is required + case ALG_ECC_VALUE: + switch(scheme) + { +#if !ALG_ECDH +# error "ECDH is required for ECC" +#endif + case ALG_ECDH_VALUE: +#if ALG_SM2 + case ALG_SM2_VALUE: +#endif +#if ALG_ECMQV + case ALG_ECMQV_VALUE: +#endif + break; + default: + isDecryptScheme = FALSE; + break; + } + break; +#endif // ALG_ECC + default: + isDecryptScheme = FALSE; + break; + } + return isDecryptScheme; +} + +//*** CryptSelectSignScheme() +// This function is used by the attestation and signing commands. It implements +// the rules for selecting the signature scheme to use in signing. This function +// requires that the signing key either be TPM_RH_NULL or be loaded. +// +// If a default scheme is defined in object, the default scheme should be chosen, +// otherwise, the input scheme should be chosen. +// In the case that both object and input scheme has a non-NULL scheme +// algorithm, if the schemes are compatible, the input scheme will be chosen. +// +// This function should not be called if 'signObject->publicArea.type' == +// ALG_SYMCIPHER. +// +// Return Type: BOOL +// TRUE(1) scheme selected +// FALSE(0) both 'scheme' and key's default scheme are empty; or +// 'scheme' is empty while key's default scheme requires +// explicit input scheme (split signing); or +// non-empty default key scheme differs from 'scheme' +BOOL +CryptSelectSignScheme( + OBJECT *signObject, // IN: signing key + TPMT_SIG_SCHEME *scheme // IN/OUT: signing scheme + ) +{ + TPMT_SIG_SCHEME *objectScheme; + TPMT_PUBLIC *publicArea; + BOOL OK; + + // If the signHandle is TPM_RH_NULL, then the NULL scheme is used, regardless + // of the setting of scheme + if(signObject == NULL) + { + OK = TRUE; + scheme->scheme = ALG_NULL_VALUE; + scheme->details.any.hashAlg = ALG_NULL_VALUE; + } + else + { + // assignment to save typing. + publicArea = &signObject->publicArea; + + // A symmetric cipher can be used to encrypt and decrypt but it can't + // be used for signing + if(publicArea->type == ALG_SYMCIPHER_VALUE) + return FALSE; + // Point to the scheme object + if(CryptIsAsymAlgorithm(publicArea->type)) + objectScheme = + (TPMT_SIG_SCHEME *)&publicArea->parameters.asymDetail.scheme; + else + objectScheme = + (TPMT_SIG_SCHEME *)&publicArea->parameters.keyedHashDetail.scheme; + + // If the object doesn't have a default scheme, then use the + // input scheme. + if(objectScheme->scheme == ALG_NULL_VALUE) + { + // Input and default can't both be NULL + OK = (scheme->scheme != ALG_NULL_VALUE); + // Assume that the scheme is compatible with the key. If not, + // an error will be generated in the signing operation. + } + else if(scheme->scheme == ALG_NULL_VALUE) + { + // input scheme is NULL so use default + + // First, check to see if the default requires that the caller + // provided scheme data + OK = !CryptIsSplitSign(objectScheme->scheme); + if(OK) + { + // The object has a scheme and the input is TPM_ALG_NULL so copy + // the object scheme as the final scheme. It is better to use a + // structure copy than a copy of the individual fields. + *scheme = *objectScheme; + } + } + else + { + // Both input and object have scheme selectors + // If the scheme and the hash are not the same then... + // NOTE: the reason that there is no copy here is that the input + // might contain extra data for a split signing scheme and that + // data is not in the object so, it has to be preserved. + OK = (objectScheme->scheme == scheme->scheme) + && (objectScheme->details.any.hashAlg + == scheme->details.any.hashAlg); + } + } + return OK; +} + +//*** CryptSign() +// Sign a digest with asymmetric key or HMAC. +// This function is called by attestation commands and the generic TPM2_Sign +// command. +// This function checks the key scheme and digest size. It does not +// check if the sign operation is allowed for restricted key. It should be +// checked before the function is called. +// The function will assert if the key is not a signing key. +// +// Return Type: TPM_RC +// TPM_RC_SCHEME 'signScheme' is not compatible with the signing key type +// TPM_RC_VALUE 'digest' value is greater than the modulus of +// 'signHandle' or size of 'hashData' does not match hash +// algorithm in'signScheme' (for an RSA key); +// invalid commit status or failed to generate "r" value +// (for an ECC key) +TPM_RC +CryptSign( + OBJECT *signKey, // IN: signing key + TPMT_SIG_SCHEME *signScheme, // IN: sign scheme. + TPM2B_DIGEST *digest, // IN: The digest being signed + TPMT_SIGNATURE *signature // OUT: signature + ) +{ + TPM_RC result = TPM_RC_SCHEME; + + // Initialize signature scheme + signature->sigAlg = signScheme->scheme; + + // If the signature algorithm is TPM_ALG_NULL or the signing key is NULL, + // then we are done + if((signature->sigAlg == ALG_NULL_VALUE) || (signKey == NULL)) + return TPM_RC_SUCCESS; + + // Initialize signature hash + // Note: need to do the check for TPM_ALG_NULL first because the null scheme + // doesn't have a hashAlg member. + signature->signature.any.hashAlg = signScheme->details.any.hashAlg; + + // perform sign operation based on different key type + switch(signKey->publicArea.type) + { +#if ALG_RSA + case ALG_RSA_VALUE: + result = CryptRsaSign(signature, signKey, digest, NULL); + break; +#endif // ALG_RSA +#if ALG_ECC + case ALG_ECC_VALUE: + // The reason that signScheme is passed to CryptEccSign but not to the + // other signing methods is that the signing for ECC may be split and + // need the 'r' value that is in the scheme but not in the signature. + result = CryptEccSign(signature, signKey, digest, + (TPMT_ECC_SCHEME *)signScheme, NULL); + break; +#endif // ALG_ECC + case ALG_KEYEDHASH_VALUE: + result = CryptHmacSign(signature, signKey, digest); + break; + default: + FAIL(FATAL_ERROR_INTERNAL); + break; + } + return result; +} + +//*** CryptValidateSignature() +// This function is used to verify a signature. It is called by +// TPM2_VerifySignature() and TPM2_PolicySigned. +// +// Since this operation only requires use of a public key, no consistency +// checks are necessary for the key to signature type because a caller can load +// any public key that they like with any scheme that they like. This routine +// simply makes sure that the signature is correct, whatever the type. +// +// Return Type: TPM_RC +// TPM_RC_SIGNATURE the signature is not genuine +// TPM_RC_SCHEME the scheme is not supported +// TPM_RC_HANDLE an HMAC key was selected but the +// private part of the key is not loaded +TPM_RC +CryptValidateSignature( + TPMI_DH_OBJECT keyHandle, // IN: The handle of sign key + TPM2B_DIGEST *digest, // IN: The digest being validated + TPMT_SIGNATURE *signature // IN: signature + ) +{ + // NOTE: HandleToObject will either return a pointer to a loaded object or + // will assert. It will never return a non-valid value. This makes it save + // to initialize 'publicArea' with the return value from HandleToObject() + // without checking it first. + OBJECT *signObject = HandleToObject(keyHandle); + TPMT_PUBLIC *publicArea = &signObject->publicArea; + TPM_RC result = TPM_RC_SCHEME; + + // The input unmarshaling should prevent any input signature from being + // a NULL signature, but just in case + if(signature->sigAlg == ALG_NULL_VALUE) + return TPM_RC_SIGNATURE; + + switch(publicArea->type) + { +#if ALG_RSA + case ALG_RSA_VALUE: + { + // + // Call RSA code to verify signature + result = CryptRsaValidateSignature(signature, signObject, digest); + break; + } +#endif // ALG_RSA + +#if ALG_ECC + case ALG_ECC_VALUE: + result = CryptEccValidateSignature(signature, signObject, digest); + break; +#endif // ALG_ECC + + case ALG_KEYEDHASH_VALUE: + if(signObject->attributes.publicOnly) + result = TPM_RCS_HANDLE; + else + result = CryptHMACVerifySignature(signObject, digest, signature); + break; + default: + break; + } + return result; +} + +//*** CryptGetTestResult +// This function returns the results of a self-test function. +// Note: the behavior in this function is NOT the correct behavior for a real +// TPM implementation. An artificial behavior is placed here due to the +// limitation of a software simulation environment. For the correct behavior, +// consult the part 3 specification for TPM2_GetTestResult(). +TPM_RC +CryptGetTestResult( + TPM2B_MAX_BUFFER *outData // OUT: test result data + ) +{ + outData->t.size = 0; + return TPM_RC_SUCCESS; +} + +//*** CryptValidateKeys() +// This function is used to verify that the key material of and object is valid. +// For a 'publicOnly' object, the key is verified for size and, if it is an ECC +// key, it is verified to be on the specified curve. For a key with a sensitive +// area, the binding between the public and private parts of the key are verified. +// If the nameAlg of the key is TPM_ALG_NULL, then the size of the sensitive area +// is verified but the public portion is not verified, unless the key is an RSA key. +// For an RSA key, the reason for loading the sensitive area is to use it. The +// only way to use a private RSA key is to compute the private exponent. To compute +// the private exponent, the public modulus is used. +// Return Type: TPM_RC +// TPM_RC_BINDING the public and private parts are not cryptographically +// bound +// TPM_RC_HASH cannot have a publicOnly key with nameAlg of TPM_ALG_NULL +// TPM_RC_KEY the public unique is not valid +// TPM_RC_KEY_SIZE the private area key is not valid +// TPM_RC_TYPE the types of the sensitive and private parts do not match +TPM_RC +CryptValidateKeys( + TPMT_PUBLIC *publicArea, + TPMT_SENSITIVE *sensitive, + TPM_RC blamePublic, + TPM_RC blameSensitive + ) +{ + TPM_RC result; + UINT16 keySizeInBytes; + UINT16 digestSize = CryptHashGetDigestSize(publicArea->nameAlg); + TPMU_PUBLIC_PARMS *params = &publicArea->parameters; + TPMU_PUBLIC_ID *unique = &publicArea->unique; + + if(sensitive != NULL) + { + // Make sure that the types of the public and sensitive are compatible + if(publicArea->type != sensitive->sensitiveType) + return TPM_RCS_TYPE + blameSensitive; + // Make sure that the authValue is not bigger than allowed + // If there is no name algorithm, then the size just needs to be less than + // the maximum size of the buffer used for authorization. That size check + // was made during unmarshaling of the sensitive area + if((sensitive->authValue.t.size) > digestSize && (digestSize > 0)) + return TPM_RCS_SIZE + blameSensitive; + } + switch(publicArea->type) + { +#if ALG_RSA + case ALG_RSA_VALUE: + keySizeInBytes = BITS_TO_BYTES(params->rsaDetail.keyBits); + + // Regardless of whether there is a sensitive area, the public modulus + // needs to have the correct size. Otherwise, it can't be used for + // any public key operation nor can it be used to compute the private + // exponent. + // NOTE: This implementation only supports key sizes that are multiples + // of 1024 bits which means that the MSb of the 0th byte will always be + // SET in any prime and in the public modulus. + if((unique->rsa.t.size != keySizeInBytes) + || (unique->rsa.t.buffer[0] < 0x80)) + return TPM_RCS_KEY + blamePublic; + if(params->rsaDetail.exponent != 0 + && params->rsaDetail.exponent < 7) + return TPM_RCS_VALUE + blamePublic; + if(sensitive != NULL) + { + // If there is a sensitive area, it has to be the correct size + // including having the correct high order bit SET. + if(((sensitive->sensitive.rsa.t.size * 2) != keySizeInBytes) + || (sensitive->sensitive.rsa.t.buffer[0] < 0x80)) + return TPM_RCS_KEY_SIZE + blameSensitive; + } + break; +#endif +#if ALG_ECC + case ALG_ECC_VALUE: + { + TPMI_ECC_CURVE curveId; + curveId = params->eccDetail.curveID; + keySizeInBytes = BITS_TO_BYTES(CryptEccGetKeySizeForCurve(curveId)); + if(sensitive == NULL) + { + // Validate the public key size + if(unique->ecc.x.t.size != keySizeInBytes + || unique->ecc.y.t.size != keySizeInBytes) + return TPM_RCS_KEY + blamePublic; + if(publicArea->nameAlg != ALG_NULL_VALUE) + { + if(!CryptEccIsPointOnCurve(curveId, &unique->ecc)) + return TPM_RCS_ECC_POINT + blamePublic; + } + } + else + { + // If the nameAlg is TPM_ALG_NULL, then only verify that the + // private part of the key is OK. + if(!CryptEccIsValidPrivateKey(&sensitive->sensitive.ecc, + curveId)) + return TPM_RCS_KEY_SIZE; + if(publicArea->nameAlg != ALG_NULL_VALUE) + { + // Full key load, verify that the public point belongs to the + // private key. + TPMS_ECC_POINT toCompare; + result = CryptEccPointMultiply(&toCompare, curveId, NULL, + &sensitive->sensitive.ecc, + NULL, NULL); + if(result != TPM_RC_SUCCESS) + return TPM_RCS_BINDING; + else + { + // Make sure that the private key generated the public key. + // The input values and the values produced by the point + // multiply may not be the same size so adjust the computed + // value to match the size of the input value by adding or + // removing zeros. + AdjustNumberB(&toCompare.x.b, unique->ecc.x.t.size); + AdjustNumberB(&toCompare.y.b, unique->ecc.y.t.size); + if(!MemoryEqual2B(&unique->ecc.x.b, &toCompare.x.b) + || !MemoryEqual2B(&unique->ecc.y.b, &toCompare.y.b)) + return TPM_RCS_BINDING; + } + } + } + break; + } +#endif + default: + // Checks for SYMCIPHER and KEYEDHASH are largely the same + // If public area has a nameAlg, then validate the public area size + // and if there is also a sensitive area, validate the binding + + // For consistency, if the object is public-only just make sure that + // the unique field is consistent with the name algorithm + if(sensitive == NULL) + { + if(unique->sym.t.size != digestSize) + return TPM_RCS_KEY + blamePublic; + } + else + { + // Make sure that the key size in the sensitive area is consistent. + if(publicArea->type == ALG_SYMCIPHER_VALUE) + { + result = CryptSymKeyValidate(¶ms->symDetail.sym, + &sensitive->sensitive.sym); + if(result != TPM_RC_SUCCESS) + return result + blameSensitive; + } + else + { + // For a keyed hash object, the key has to be less than the + // smaller of the block size of the hash used in the scheme or + // 128 bytes. The worst case value is limited by the + // unmarshaling code so the only thing left to be checked is + // that it does not exceed the block size of the hash. + // by the hash algorithm of the scheme. + TPMT_KEYEDHASH_SCHEME *scheme; + UINT16 maxSize; + scheme = ¶ms->keyedHashDetail.scheme; + if(scheme->scheme == ALG_XOR_VALUE) + { + maxSize = CryptHashGetBlockSize(scheme->details.xor.hashAlg); + } + else if(scheme->scheme == ALG_HMAC_VALUE) + { + maxSize = CryptHashGetBlockSize(scheme->details.hmac.hashAlg); + } + else if(scheme->scheme == ALG_NULL_VALUE) + { + // Not signing or xor so must be a data block + maxSize = 128; + } + else + return TPM_RCS_SCHEME + blamePublic; + if(sensitive->sensitive.bits.t.size > maxSize) + return TPM_RCS_KEY_SIZE + blameSensitive; + } + // If there is a nameAlg, check the binding + if(publicArea->nameAlg != ALG_NULL_VALUE) + { + TPM2B_DIGEST compare; + if(sensitive->seedValue.t.size != digestSize) + return TPM_RCS_KEY_SIZE + blameSensitive; + + CryptComputeSymmetricUnique(publicArea, sensitive, &compare); + if(!MemoryEqual2B(&unique->sym.b, &compare.b)) + return TPM_RC_BINDING; + } + } + break; + } + // For a parent, need to check that the seedValue is the correct size for + // protections. It should be at least half the size of the nameAlg + if(IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, restricted) + && IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, decrypt) + && sensitive != NULL + && publicArea->nameAlg != ALG_NULL_VALUE) + { + if((sensitive->seedValue.t.size < (digestSize / 2)) + || (sensitive->seedValue.t.size > digestSize)) + return TPM_RCS_SIZE + blameSensitive; + } + return TPM_RC_SUCCESS; +} + +//*** CryptSelectMac() +// This function is used to set the MAC scheme based on the key parameters and +// the input scheme. +// Return Type: TPM_RC +// TPM_RC_SCHEME the scheme is not a valid mac scheme +// TPM_RC_TYPE the input key is not a type that supports a mac +// TPM_RC_VALUE the input scheme and the key scheme are not compatible +TPM_RC +CryptSelectMac( + TPMT_PUBLIC *publicArea, + TPMI_ALG_MAC_SCHEME *inMac +) +{ + TPM_ALG_ID macAlg = ALG_NULL_VALUE; + switch(publicArea->type) + { + case ALG_KEYEDHASH_VALUE: + { + // Local value to keep lines from getting too long + TPMT_KEYEDHASH_SCHEME *scheme; + scheme = &publicArea->parameters.keyedHashDetail.scheme; + // Expect that the scheme is either HMAC or NULL + if(scheme->scheme != ALG_NULL_VALUE) + macAlg = scheme->details.hmac.hashAlg; + break; + } + case ALG_SYMCIPHER_VALUE: + { + TPMT_SYM_DEF_OBJECT *scheme; + scheme = &publicArea->parameters.symDetail.sym; + // Expect that the scheme is either valid symmetric cipher or NULL + if(scheme->algorithm != ALG_NULL_VALUE) + macAlg = scheme->mode.sym; + break; + } + default: + return TPM_RCS_TYPE; + } + // If the input value is not TPM_ALG_NULL ... + if(*inMac != ALG_NULL_VALUE) + { + // ... then either the scheme in the key must be TPM_ALG_NULL or the input + // value must match + if((macAlg != ALG_NULL_VALUE) && (*inMac != macAlg)) + return TPM_RCS_VALUE; + } + else + { + // Since the input value is TPM_ALG_NULL, then the key value can't be + // TPM_ALG_NULL + if(macAlg == ALG_NULL_VALUE) + return TPM_RCS_VALUE; + *inMac = macAlg; + } + if(!CryptMacIsValidForKey(publicArea->type, *inMac, FALSE)) + return TPM_RCS_SCHEME; + return TPM_RC_SUCCESS; +} + +//*** CryptMacIsValidForKey() +// Check to see if the key type is compatible with the mac type +BOOL +CryptMacIsValidForKey( + TPM_ALG_ID keyType, + TPM_ALG_ID macAlg, + BOOL flag +) +{ + switch(keyType) + { + case ALG_KEYEDHASH_VALUE: + return CryptHashIsValidAlg(macAlg, flag); + break; + case ALG_SYMCIPHER_VALUE: + return CryptSmacIsValidAlg(macAlg, flag); + break; + default: + break; + } + return FALSE; +} + +//*** CryptSmacIsValidAlg() +// This function is used to test if an algorithm is a supported SMAC algorithm. It +// needs to be updated as new algorithms are added. +BOOL +CryptSmacIsValidAlg( + TPM_ALG_ID alg, + BOOL FLAG // IN: Indicates if TPM_ALG_NULL is valid +) +{ + switch (alg) + { +#if ALG_CMAC + case ALG_CMAC_VALUE: + return TRUE; + break; +#endif + case ALG_NULL_VALUE: + return FLAG; + break; + default: + return FALSE; + } +} + +//*** CryptSymModeIsValid() +// Function checks to see if an algorithm ID is a valid, symmetric block cipher +// mode for the TPM. If 'flag' is SET, them TPM_ALG_NULL is a valid mode. +// not include the modes used for SMAC +BOOL +CryptSymModeIsValid( + TPM_ALG_ID mode, + BOOL flag +) +{ + switch(mode) + { +#if ALG_CTR + case ALG_CTR_VALUE: +#endif // ALG_CTR +#if ALG_OFB + case ALG_OFB_VALUE: +#endif // ALG_OFB +#if ALG_CBC + case ALG_CBC_VALUE: +#endif // ALG_CBC +#if ALG_CFB + case ALG_CFB_VALUE: +#endif // ALG_CFB +#if ALG_ECB + case ALG_ECB_VALUE: +#endif // ALG_ECB + return TRUE; + case ALG_NULL_VALUE: + return flag; + break; + default: + break; + } + return FALSE; +} + + + diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/PrimeData.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/PrimeData.c new file mode 100644 index 000000000..00072188d --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/PrimeData.c @@ -0,0 +1,422 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" + +// This table is the product of all of the primes up to 1000. +// Checking to see if there is a GCD between a prime candidate +// and this number will eliminate many prime candidates from +// consideration before running Miller-Rabin on the result. + +const BN_STRUCT(43 * RADIX_BITS) s_CompositeOfSmallPrimes_ = +{44, 44, +{ 0x2ED42696, 0x2BBFA177, 0x4820594F, 0xF73F4841, +0xBFAC313A, 0xCAC3EB81, 0xF6F26BF8, 0x7FAB5061, +0x59746FB7, 0xF71377F6, 0x3B19855B, 0xCBD03132, +0xBB92EF1B, 0x3AC3152C, 0xE87C8273, 0xC0AE0E69, +0x74A9E295, 0x448CCE86, 0x63CA1907, 0x8A0BF944, +0xF8CC3BE0, 0xC26F0AF5, 0xC501C02F, 0x6579441A, +0xD1099CDA, 0x6BC76A00, 0xC81A3228, 0xBFB1AB25, +0x70FA3841, 0x51B3D076, 0xCC2359ED, 0xD9EE0769, +0x75E47AF0, 0xD45FF31E, 0x52CCE4F6, 0x04DBC891, +0x96658ED2, 0x1753EFE5, 0x3AE4A5A6, 0x8FD4A97F, +0x8B15E7EB, 0x0243C3E1, 0xE0F0C31D, 0x0000000B } +}; + +bigConst s_CompositeOfSmallPrimes = (const bigNum)&s_CompositeOfSmallPrimes_; + +// This table contains a bit for each of the odd values between 1 and 2^16 + 1. +// This table allows fast checking of the primes in that range. +// Don't change the size of this table unless you are prepared to do redo +// IsPrimeInt(). + +const uint32_t s_LastPrimeInTable = 65537; +const uint32_t s_PrimeTableSize = 4097; +const uint32_t s_PrimesInTable = 6542; +const unsigned char s_PrimeTable[] = { + 0x6e, 0xcb, 0xb4, 0x64, 0x9a, 0x12, 0x6d, 0x81, 0x32, 0x4c, 0x4a, 0x86, + 0x0d, 0x82, 0x96, 0x21, 0xc9, 0x34, 0x04, 0x5a, 0x20, 0x61, 0x89, 0xa4, + 0x44, 0x11, 0x86, 0x29, 0xd1, 0x82, 0x28, 0x4a, 0x30, 0x40, 0x42, 0x32, + 0x21, 0x99, 0x34, 0x08, 0x4b, 0x06, 0x25, 0x42, 0x84, 0x48, 0x8a, 0x14, + 0x05, 0x42, 0x30, 0x6c, 0x08, 0xb4, 0x40, 0x0b, 0xa0, 0x08, 0x51, 0x12, + 0x28, 0x89, 0x04, 0x65, 0x98, 0x30, 0x4c, 0x80, 0x96, 0x44, 0x12, 0x80, + 0x21, 0x42, 0x12, 0x41, 0xc9, 0x04, 0x21, 0xc0, 0x32, 0x2d, 0x98, 0x00, + 0x00, 0x49, 0x04, 0x08, 0x81, 0x96, 0x68, 0x82, 0xb0, 0x25, 0x08, 0x22, + 0x48, 0x89, 0xa2, 0x40, 0x59, 0x26, 0x04, 0x90, 0x06, 0x40, 0x43, 0x30, + 0x44, 0x92, 0x00, 0x69, 0x10, 0x82, 0x08, 0x08, 0xa4, 0x0d, 0x41, 0x12, + 0x60, 0xc0, 0x00, 0x24, 0xd2, 0x22, 0x61, 0x08, 0x84, 0x04, 0x1b, 0x82, + 0x01, 0xd3, 0x10, 0x01, 0x02, 0xa0, 0x44, 0xc0, 0x22, 0x60, 0x91, 0x14, + 0x0c, 0x40, 0xa6, 0x04, 0xd2, 0x94, 0x20, 0x09, 0x94, 0x20, 0x52, 0x00, + 0x08, 0x10, 0xa2, 0x4c, 0x00, 0x82, 0x01, 0x51, 0x10, 0x08, 0x8b, 0xa4, + 0x25, 0x9a, 0x30, 0x44, 0x81, 0x10, 0x4c, 0x03, 0x02, 0x25, 0x52, 0x80, + 0x08, 0x49, 0x84, 0x20, 0x50, 0x32, 0x00, 0x18, 0xa2, 0x40, 0x11, 0x24, + 0x28, 0x01, 0x84, 0x01, 0x01, 0xa0, 0x41, 0x0a, 0x12, 0x45, 0x00, 0x36, + 0x08, 0x00, 0x26, 0x29, 0x83, 0x82, 0x61, 0xc0, 0x80, 0x04, 0x10, 0x10, + 0x6d, 0x00, 0x22, 0x48, 0x58, 0x26, 0x0c, 0xc2, 0x10, 0x48, 0x89, 0x24, + 0x20, 0x58, 0x20, 0x45, 0x88, 0x24, 0x00, 0x19, 0x02, 0x25, 0xc0, 0x10, + 0x68, 0x08, 0x14, 0x01, 0xca, 0x32, 0x28, 0x80, 0x00, 0x04, 0x4b, 0x26, + 0x00, 0x13, 0x90, 0x60, 0x82, 0x80, 0x25, 0xd0, 0x00, 0x01, 0x10, 0x32, + 0x0c, 0x43, 0x86, 0x21, 0x11, 0x00, 0x08, 0x43, 0x24, 0x04, 0x48, 0x10, + 0x0c, 0x90, 0x92, 0x00, 0x43, 0x20, 0x2d, 0x00, 0x06, 0x09, 0x88, 0x24, + 0x40, 0xc0, 0x32, 0x09, 0x09, 0x82, 0x00, 0x53, 0x80, 0x08, 0x80, 0x96, + 0x41, 0x81, 0x00, 0x40, 0x48, 0x10, 0x48, 0x08, 0x96, 0x48, 0x58, 0x20, + 0x29, 0xc3, 0x80, 0x20, 0x02, 0x94, 0x60, 0x92, 0x00, 0x20, 0x81, 0x22, + 0x44, 0x10, 0xa0, 0x05, 0x40, 0x90, 0x01, 0x49, 0x20, 0x04, 0x0a, 0x00, + 0x24, 0x89, 0x34, 0x48, 0x13, 0x80, 0x2c, 0xc0, 0x82, 0x29, 0x00, 0x24, + 0x45, 0x08, 0x00, 0x08, 0x98, 0x36, 0x04, 0x52, 0x84, 0x04, 0xd0, 0x04, + 0x00, 0x8a, 0x90, 0x44, 0x82, 0x32, 0x65, 0x18, 0x90, 0x00, 0x0a, 0x02, + 0x01, 0x40, 0x02, 0x28, 0x40, 0xa4, 0x04, 0x92, 0x30, 0x04, 0x11, 0x86, + 0x08, 0x42, 0x00, 0x2c, 0x52, 0x04, 0x08, 0xc9, 0x84, 0x60, 0x48, 0x12, + 0x09, 0x99, 0x24, 0x44, 0x00, 0x24, 0x00, 0x03, 0x14, 0x21, 0x00, 0x10, + 0x01, 0x1a, 0x32, 0x05, 0x88, 0x20, 0x40, 0x40, 0x06, 0x09, 0xc3, 0x84, + 0x40, 0x01, 0x30, 0x60, 0x18, 0x02, 0x68, 0x11, 0x90, 0x0c, 0x02, 0xa2, + 0x04, 0x00, 0x86, 0x29, 0x89, 0x14, 0x24, 0x82, 0x02, 0x41, 0x08, 0x80, + 0x04, 0x19, 0x80, 0x08, 0x10, 0x12, 0x68, 0x42, 0xa4, 0x04, 0x00, 0x02, + 0x61, 0x10, 0x06, 0x0c, 0x10, 0x00, 0x01, 0x12, 0x10, 0x20, 0x03, 0x94, + 0x21, 0x42, 0x12, 0x65, 0x18, 0x94, 0x0c, 0x0a, 0x04, 0x28, 0x01, 0x14, + 0x29, 0x0a, 0xa4, 0x40, 0xd0, 0x00, 0x40, 0x01, 0x90, 0x04, 0x41, 0x20, + 0x2d, 0x40, 0x82, 0x48, 0xc1, 0x20, 0x00, 0x10, 0x30, 0x01, 0x08, 0x24, + 0x04, 0x59, 0x84, 0x24, 0x00, 0x02, 0x29, 0x82, 0x00, 0x61, 0x58, 0x02, + 0x48, 0x81, 0x16, 0x48, 0x10, 0x00, 0x21, 0x11, 0x06, 0x00, 0xca, 0xa0, + 0x40, 0x02, 0x00, 0x04, 0x91, 0xb0, 0x00, 0x42, 0x04, 0x0c, 0x81, 0x06, + 0x09, 0x48, 0x14, 0x25, 0x92, 0x20, 0x25, 0x11, 0xa0, 0x00, 0x0a, 0x86, + 0x0c, 0xc1, 0x02, 0x48, 0x00, 0x20, 0x45, 0x08, 0x32, 0x00, 0x98, 0x06, + 0x04, 0x13, 0x22, 0x00, 0x82, 0x04, 0x48, 0x81, 0x14, 0x44, 0x82, 0x12, + 0x24, 0x18, 0x10, 0x40, 0x43, 0x80, 0x28, 0xd0, 0x04, 0x20, 0x81, 0x24, + 0x64, 0xd8, 0x00, 0x2c, 0x09, 0x12, 0x08, 0x41, 0xa2, 0x00, 0x00, 0x02, + 0x41, 0xca, 0x20, 0x41, 0xc0, 0x10, 0x01, 0x18, 0xa4, 0x04, 0x18, 0xa4, + 0x20, 0x12, 0x94, 0x20, 0x83, 0xa0, 0x40, 0x02, 0x32, 0x44, 0x80, 0x04, + 0x00, 0x18, 0x00, 0x0c, 0x40, 0x86, 0x60, 0x8a, 0x00, 0x64, 0x88, 0x12, + 0x05, 0x01, 0x82, 0x00, 0x4a, 0xa2, 0x01, 0xc1, 0x10, 0x61, 0x09, 0x04, + 0x01, 0x88, 0x00, 0x60, 0x01, 0xb4, 0x40, 0x08, 0x06, 0x01, 0x03, 0x80, + 0x08, 0x40, 0x94, 0x04, 0x8a, 0x20, 0x29, 0x80, 0x02, 0x0c, 0x52, 0x02, + 0x01, 0x42, 0x84, 0x00, 0x80, 0x84, 0x64, 0x02, 0x32, 0x48, 0x00, 0x30, + 0x44, 0x40, 0x22, 0x21, 0x00, 0x02, 0x08, 0xc3, 0xa0, 0x04, 0xd0, 0x20, + 0x40, 0x18, 0x16, 0x40, 0x40, 0x00, 0x28, 0x52, 0x90, 0x08, 0x82, 0x14, + 0x01, 0x18, 0x10, 0x08, 0x09, 0x82, 0x40, 0x0a, 0xa0, 0x20, 0x93, 0x80, + 0x08, 0xc0, 0x00, 0x20, 0x52, 0x00, 0x05, 0x01, 0x10, 0x40, 0x11, 0x06, + 0x0c, 0x82, 0x00, 0x00, 0x4b, 0x90, 0x44, 0x9a, 0x00, 0x28, 0x80, 0x90, + 0x04, 0x4a, 0x06, 0x09, 0x43, 0x02, 0x28, 0x00, 0x34, 0x01, 0x18, 0x00, + 0x65, 0x09, 0x80, 0x44, 0x03, 0x00, 0x24, 0x02, 0x82, 0x61, 0x48, 0x14, + 0x41, 0x00, 0x12, 0x28, 0x00, 0x34, 0x08, 0x51, 0x04, 0x05, 0x12, 0x90, + 0x28, 0x89, 0x84, 0x60, 0x12, 0x10, 0x49, 0x10, 0x26, 0x40, 0x49, 0x82, + 0x00, 0x91, 0x10, 0x01, 0x0a, 0x24, 0x40, 0x88, 0x10, 0x4c, 0x10, 0x04, + 0x00, 0x50, 0xa2, 0x2c, 0x40, 0x90, 0x48, 0x0a, 0xb0, 0x01, 0x50, 0x12, + 0x08, 0x00, 0xa4, 0x04, 0x09, 0xa0, 0x28, 0x92, 0x02, 0x00, 0x43, 0x10, + 0x21, 0x02, 0x20, 0x41, 0x81, 0x32, 0x00, 0x08, 0x04, 0x0c, 0x52, 0x00, + 0x21, 0x49, 0x84, 0x20, 0x10, 0x02, 0x01, 0x81, 0x10, 0x48, 0x40, 0x22, + 0x01, 0x01, 0x84, 0x69, 0xc1, 0x30, 0x01, 0xc8, 0x02, 0x44, 0x88, 0x00, + 0x0c, 0x01, 0x02, 0x2d, 0xc0, 0x12, 0x61, 0x00, 0xa0, 0x00, 0xc0, 0x30, + 0x40, 0x01, 0x12, 0x08, 0x0b, 0x20, 0x00, 0x80, 0x94, 0x40, 0x01, 0x84, + 0x40, 0x00, 0x32, 0x00, 0x10, 0x84, 0x00, 0x0b, 0x24, 0x00, 0x01, 0x06, + 0x29, 0x8a, 0x84, 0x41, 0x80, 0x10, 0x08, 0x08, 0x94, 0x4c, 0x03, 0x80, + 0x01, 0x40, 0x96, 0x40, 0x41, 0x20, 0x20, 0x50, 0x22, 0x25, 0x89, 0xa2, + 0x40, 0x40, 0xa4, 0x20, 0x02, 0x86, 0x28, 0x01, 0x20, 0x21, 0x4a, 0x10, + 0x08, 0x00, 0x14, 0x08, 0x40, 0x04, 0x25, 0x42, 0x02, 0x21, 0x43, 0x10, + 0x04, 0x92, 0x00, 0x21, 0x11, 0xa0, 0x4c, 0x18, 0x22, 0x09, 0x03, 0x84, + 0x41, 0x89, 0x10, 0x04, 0x82, 0x22, 0x24, 0x01, 0x14, 0x08, 0x08, 0x84, + 0x08, 0xc1, 0x00, 0x09, 0x42, 0xb0, 0x41, 0x8a, 0x02, 0x00, 0x80, 0x36, + 0x04, 0x49, 0xa0, 0x24, 0x91, 0x00, 0x00, 0x02, 0x94, 0x41, 0x92, 0x02, + 0x01, 0x08, 0x06, 0x08, 0x09, 0x00, 0x01, 0xd0, 0x16, 0x28, 0x89, 0x80, + 0x60, 0x00, 0x00, 0x68, 0x01, 0x90, 0x0c, 0x50, 0x20, 0x01, 0x40, 0x80, + 0x40, 0x42, 0x30, 0x41, 0x00, 0x20, 0x25, 0x81, 0x06, 0x40, 0x49, 0x00, + 0x08, 0x01, 0x12, 0x49, 0x00, 0xa0, 0x20, 0x18, 0x30, 0x05, 0x01, 0xa6, + 0x00, 0x10, 0x24, 0x28, 0x00, 0x02, 0x20, 0xc8, 0x20, 0x00, 0x88, 0x12, + 0x0c, 0x90, 0x92, 0x00, 0x02, 0x26, 0x01, 0x42, 0x16, 0x49, 0x00, 0x04, + 0x24, 0x42, 0x02, 0x01, 0x88, 0x80, 0x0c, 0x1a, 0x80, 0x08, 0x10, 0x00, + 0x60, 0x02, 0x94, 0x44, 0x88, 0x00, 0x69, 0x11, 0x30, 0x08, 0x12, 0xa0, + 0x24, 0x13, 0x84, 0x00, 0x82, 0x00, 0x65, 0xc0, 0x10, 0x28, 0x00, 0x30, + 0x04, 0x03, 0x20, 0x01, 0x11, 0x06, 0x01, 0xc8, 0x80, 0x00, 0xc2, 0x20, + 0x08, 0x10, 0x82, 0x0c, 0x13, 0x02, 0x0c, 0x52, 0x06, 0x40, 0x00, 0xb0, + 0x61, 0x40, 0x10, 0x01, 0x98, 0x86, 0x04, 0x10, 0x84, 0x08, 0x92, 0x14, + 0x60, 0x41, 0x80, 0x41, 0x1a, 0x10, 0x04, 0x81, 0x22, 0x40, 0x41, 0x20, + 0x29, 0x52, 0x00, 0x41, 0x08, 0x34, 0x60, 0x10, 0x00, 0x28, 0x01, 0x10, + 0x40, 0x00, 0x84, 0x08, 0x42, 0x90, 0x20, 0x48, 0x04, 0x04, 0x52, 0x02, + 0x00, 0x08, 0x20, 0x04, 0x00, 0x82, 0x0d, 0x00, 0x82, 0x40, 0x02, 0x10, + 0x05, 0x48, 0x20, 0x40, 0x99, 0x00, 0x00, 0x01, 0x06, 0x24, 0xc0, 0x00, + 0x68, 0x82, 0x04, 0x21, 0x12, 0x10, 0x44, 0x08, 0x04, 0x00, 0x40, 0xa6, + 0x20, 0xd0, 0x16, 0x09, 0xc9, 0x24, 0x41, 0x02, 0x20, 0x0c, 0x09, 0x92, + 0x40, 0x12, 0x00, 0x00, 0x40, 0x00, 0x09, 0x43, 0x84, 0x20, 0x98, 0x02, + 0x01, 0x11, 0x24, 0x00, 0x43, 0x24, 0x00, 0x03, 0x90, 0x08, 0x41, 0x30, + 0x24, 0x58, 0x20, 0x4c, 0x80, 0x82, 0x08, 0x10, 0x24, 0x25, 0x81, 0x06, + 0x41, 0x09, 0x10, 0x20, 0x18, 0x10, 0x44, 0x80, 0x10, 0x00, 0x4a, 0x24, + 0x0d, 0x01, 0x94, 0x28, 0x80, 0x30, 0x00, 0xc0, 0x02, 0x60, 0x10, 0x84, + 0x0c, 0x02, 0x00, 0x09, 0x02, 0x82, 0x01, 0x08, 0x10, 0x04, 0xc2, 0x20, + 0x68, 0x09, 0x06, 0x04, 0x18, 0x00, 0x00, 0x11, 0x90, 0x08, 0x0b, 0x10, + 0x21, 0x82, 0x02, 0x0c, 0x10, 0xb6, 0x08, 0x00, 0x26, 0x00, 0x41, 0x02, + 0x01, 0x4a, 0x24, 0x21, 0x1a, 0x20, 0x24, 0x80, 0x00, 0x44, 0x02, 0x00, + 0x2d, 0x40, 0x02, 0x00, 0x8b, 0x94, 0x20, 0x10, 0x00, 0x20, 0x90, 0xa6, + 0x40, 0x13, 0x00, 0x2c, 0x11, 0x86, 0x61, 0x01, 0x80, 0x41, 0x10, 0x02, + 0x04, 0x81, 0x30, 0x48, 0x48, 0x20, 0x28, 0x50, 0x80, 0x21, 0x8a, 0x10, + 0x04, 0x08, 0x10, 0x09, 0x10, 0x10, 0x48, 0x42, 0xa0, 0x0c, 0x82, 0x92, + 0x60, 0xc0, 0x20, 0x05, 0xd2, 0x20, 0x40, 0x01, 0x00, 0x04, 0x08, 0x82, + 0x2d, 0x82, 0x02, 0x00, 0x48, 0x80, 0x41, 0x48, 0x10, 0x00, 0x91, 0x04, + 0x04, 0x03, 0x84, 0x00, 0xc2, 0x04, 0x68, 0x00, 0x00, 0x64, 0xc0, 0x22, + 0x40, 0x08, 0x32, 0x44, 0x09, 0x86, 0x00, 0x91, 0x02, 0x28, 0x01, 0x00, + 0x64, 0x48, 0x00, 0x24, 0x10, 0x90, 0x00, 0x43, 0x00, 0x21, 0x52, 0x86, + 0x41, 0x8b, 0x90, 0x20, 0x40, 0x20, 0x08, 0x88, 0x04, 0x44, 0x13, 0x20, + 0x00, 0x02, 0x84, 0x60, 0x81, 0x90, 0x24, 0x40, 0x30, 0x00, 0x08, 0x10, + 0x08, 0x08, 0x02, 0x01, 0x10, 0x04, 0x20, 0x43, 0xb4, 0x40, 0x90, 0x12, + 0x68, 0x01, 0x80, 0x4c, 0x18, 0x00, 0x08, 0xc0, 0x12, 0x49, 0x40, 0x10, + 0x24, 0x1a, 0x00, 0x41, 0x89, 0x24, 0x4c, 0x10, 0x00, 0x04, 0x52, 0x10, + 0x09, 0x4a, 0x20, 0x41, 0x48, 0x22, 0x69, 0x11, 0x14, 0x08, 0x10, 0x06, + 0x24, 0x80, 0x84, 0x28, 0x00, 0x10, 0x00, 0x40, 0x10, 0x01, 0x08, 0x26, + 0x08, 0x48, 0x06, 0x28, 0x00, 0x14, 0x01, 0x42, 0x84, 0x04, 0x0a, 0x20, + 0x00, 0x01, 0x82, 0x08, 0x00, 0x82, 0x24, 0x12, 0x04, 0x40, 0x40, 0xa0, + 0x40, 0x90, 0x10, 0x04, 0x90, 0x22, 0x40, 0x10, 0x20, 0x2c, 0x80, 0x10, + 0x28, 0x43, 0x00, 0x04, 0x58, 0x00, 0x01, 0x81, 0x10, 0x48, 0x09, 0x20, + 0x21, 0x83, 0x04, 0x00, 0x42, 0xa4, 0x44, 0x00, 0x00, 0x6c, 0x10, 0xa0, + 0x44, 0x48, 0x80, 0x00, 0x83, 0x80, 0x48, 0xc9, 0x00, 0x00, 0x00, 0x02, + 0x05, 0x10, 0xb0, 0x04, 0x13, 0x04, 0x29, 0x10, 0x92, 0x40, 0x08, 0x04, + 0x44, 0x82, 0x22, 0x00, 0x19, 0x20, 0x00, 0x19, 0x20, 0x01, 0x81, 0x90, + 0x60, 0x8a, 0x00, 0x41, 0xc0, 0x02, 0x45, 0x10, 0x04, 0x00, 0x02, 0xa2, + 0x09, 0x40, 0x10, 0x21, 0x49, 0x20, 0x01, 0x42, 0x30, 0x2c, 0x00, 0x14, + 0x44, 0x01, 0x22, 0x04, 0x02, 0x92, 0x08, 0x89, 0x04, 0x21, 0x80, 0x10, + 0x05, 0x01, 0x20, 0x40, 0x41, 0x80, 0x04, 0x00, 0x12, 0x09, 0x40, 0xb0, + 0x64, 0x58, 0x32, 0x01, 0x08, 0x90, 0x00, 0x41, 0x04, 0x09, 0xc1, 0x80, + 0x61, 0x08, 0x90, 0x00, 0x9a, 0x00, 0x24, 0x01, 0x12, 0x08, 0x02, 0x26, + 0x05, 0x82, 0x06, 0x08, 0x08, 0x00, 0x20, 0x48, 0x20, 0x00, 0x18, 0x24, + 0x48, 0x03, 0x02, 0x00, 0x11, 0x00, 0x09, 0x00, 0x84, 0x01, 0x4a, 0x10, + 0x01, 0x98, 0x00, 0x04, 0x18, 0x86, 0x00, 0xc0, 0x00, 0x20, 0x81, 0x80, + 0x04, 0x10, 0x30, 0x05, 0x00, 0xb4, 0x0c, 0x4a, 0x82, 0x29, 0x91, 0x02, + 0x28, 0x00, 0x20, 0x44, 0xc0, 0x00, 0x2c, 0x91, 0x80, 0x40, 0x01, 0xa2, + 0x00, 0x12, 0x04, 0x09, 0xc3, 0x20, 0x00, 0x08, 0x02, 0x0c, 0x10, 0x22, + 0x04, 0x00, 0x00, 0x2c, 0x11, 0x86, 0x00, 0xc0, 0x00, 0x00, 0x12, 0x32, + 0x40, 0x89, 0x80, 0x40, 0x40, 0x02, 0x05, 0x50, 0x86, 0x60, 0x82, 0xa4, + 0x60, 0x0a, 0x12, 0x4d, 0x80, 0x90, 0x08, 0x12, 0x80, 0x09, 0x02, 0x14, + 0x48, 0x01, 0x24, 0x20, 0x8a, 0x00, 0x44, 0x90, 0x04, 0x04, 0x01, 0x02, + 0x00, 0xd1, 0x12, 0x00, 0x0a, 0x04, 0x40, 0x00, 0x32, 0x21, 0x81, 0x24, + 0x08, 0x19, 0x84, 0x20, 0x02, 0x04, 0x08, 0x89, 0x80, 0x24, 0x02, 0x02, + 0x68, 0x18, 0x82, 0x44, 0x42, 0x00, 0x21, 0x40, 0x00, 0x28, 0x01, 0x80, + 0x45, 0x82, 0x20, 0x40, 0x11, 0x80, 0x0c, 0x02, 0x00, 0x24, 0x40, 0x90, + 0x01, 0x40, 0x20, 0x20, 0x50, 0x20, 0x28, 0x19, 0x00, 0x40, 0x09, 0x20, + 0x08, 0x80, 0x04, 0x60, 0x40, 0x80, 0x20, 0x08, 0x30, 0x49, 0x09, 0x34, + 0x00, 0x11, 0x24, 0x24, 0x82, 0x00, 0x41, 0xc2, 0x00, 0x04, 0x92, 0x02, + 0x24, 0x80, 0x00, 0x0c, 0x02, 0xa0, 0x00, 0x01, 0x06, 0x60, 0x41, 0x04, + 0x21, 0xd0, 0x00, 0x01, 0x01, 0x00, 0x48, 0x12, 0x84, 0x04, 0x91, 0x12, + 0x08, 0x00, 0x24, 0x44, 0x00, 0x12, 0x41, 0x18, 0x26, 0x0c, 0x41, 0x80, + 0x00, 0x52, 0x04, 0x20, 0x09, 0x00, 0x24, 0x90, 0x20, 0x48, 0x18, 0x02, + 0x00, 0x03, 0xa2, 0x09, 0xd0, 0x14, 0x00, 0x8a, 0x84, 0x25, 0x4a, 0x00, + 0x20, 0x98, 0x14, 0x40, 0x00, 0xa2, 0x05, 0x00, 0x00, 0x00, 0x40, 0x14, + 0x01, 0x58, 0x20, 0x2c, 0x80, 0x84, 0x00, 0x09, 0x20, 0x20, 0x91, 0x02, + 0x08, 0x02, 0xb0, 0x41, 0x08, 0x30, 0x00, 0x09, 0x10, 0x00, 0x18, 0x02, + 0x21, 0x02, 0x02, 0x00, 0x00, 0x24, 0x44, 0x08, 0x12, 0x60, 0x00, 0xb2, + 0x44, 0x12, 0x02, 0x0c, 0xc0, 0x80, 0x40, 0xc8, 0x20, 0x04, 0x50, 0x20, + 0x05, 0x00, 0xb0, 0x04, 0x0b, 0x04, 0x29, 0x53, 0x00, 0x61, 0x48, 0x30, + 0x00, 0x82, 0x20, 0x29, 0x00, 0x16, 0x00, 0x53, 0x22, 0x20, 0x43, 0x10, + 0x48, 0x00, 0x80, 0x04, 0xd2, 0x00, 0x40, 0x00, 0xa2, 0x44, 0x03, 0x80, + 0x29, 0x00, 0x04, 0x08, 0xc0, 0x04, 0x64, 0x40, 0x30, 0x28, 0x09, 0x84, + 0x44, 0x50, 0x80, 0x21, 0x02, 0x92, 0x00, 0xc0, 0x10, 0x60, 0x88, 0x22, + 0x08, 0x80, 0x00, 0x00, 0x18, 0x84, 0x04, 0x83, 0x96, 0x00, 0x81, 0x20, + 0x05, 0x02, 0x00, 0x45, 0x88, 0x84, 0x00, 0x51, 0x20, 0x20, 0x51, 0x86, + 0x41, 0x4b, 0x94, 0x00, 0x80, 0x00, 0x08, 0x11, 0x20, 0x4c, 0x58, 0x80, + 0x04, 0x03, 0x06, 0x20, 0x89, 0x00, 0x05, 0x08, 0x22, 0x05, 0x90, 0x00, + 0x40, 0x00, 0x82, 0x09, 0x50, 0x00, 0x00, 0x00, 0xa0, 0x41, 0xc2, 0x20, + 0x08, 0x00, 0x16, 0x08, 0x40, 0x26, 0x21, 0xd0, 0x90, 0x08, 0x81, 0x90, + 0x41, 0x00, 0x02, 0x44, 0x08, 0x10, 0x0c, 0x0a, 0x86, 0x09, 0x90, 0x04, + 0x00, 0xc8, 0xa0, 0x04, 0x08, 0x30, 0x20, 0x89, 0x84, 0x00, 0x11, 0x22, + 0x2c, 0x40, 0x00, 0x08, 0x02, 0xb0, 0x01, 0x48, 0x02, 0x01, 0x09, 0x20, + 0x04, 0x03, 0x04, 0x00, 0x80, 0x02, 0x60, 0x42, 0x30, 0x21, 0x4a, 0x10, + 0x44, 0x09, 0x02, 0x00, 0x01, 0x24, 0x00, 0x12, 0x82, 0x21, 0x80, 0xa4, + 0x20, 0x10, 0x02, 0x04, 0x91, 0xa0, 0x40, 0x18, 0x04, 0x00, 0x02, 0x06, + 0x69, 0x09, 0x00, 0x05, 0x58, 0x02, 0x01, 0x00, 0x00, 0x48, 0x00, 0x00, + 0x00, 0x03, 0x92, 0x20, 0x00, 0x34, 0x01, 0xc8, 0x20, 0x48, 0x08, 0x30, + 0x08, 0x42, 0x80, 0x20, 0x91, 0x90, 0x68, 0x01, 0x04, 0x40, 0x12, 0x02, + 0x61, 0x00, 0x12, 0x08, 0x01, 0xa0, 0x00, 0x11, 0x04, 0x21, 0x48, 0x04, + 0x24, 0x92, 0x00, 0x0c, 0x01, 0x84, 0x04, 0x00, 0x00, 0x01, 0x12, 0x96, + 0x40, 0x01, 0xa0, 0x41, 0x88, 0x22, 0x28, 0x88, 0x00, 0x44, 0x42, 0x80, + 0x24, 0x12, 0x14, 0x01, 0x42, 0x90, 0x60, 0x1a, 0x10, 0x04, 0x81, 0x10, + 0x48, 0x08, 0x06, 0x29, 0x83, 0x02, 0x40, 0x02, 0x24, 0x64, 0x80, 0x10, + 0x05, 0x80, 0x10, 0x40, 0x02, 0x02, 0x08, 0x42, 0x84, 0x01, 0x09, 0x20, + 0x04, 0x50, 0x00, 0x60, 0x11, 0x30, 0x40, 0x13, 0x02, 0x04, 0x81, 0x00, + 0x09, 0x08, 0x20, 0x45, 0x4a, 0x10, 0x61, 0x90, 0x26, 0x0c, 0x08, 0x02, + 0x21, 0x91, 0x00, 0x60, 0x02, 0x04, 0x00, 0x02, 0x00, 0x0c, 0x08, 0x06, + 0x08, 0x48, 0x84, 0x08, 0x11, 0x02, 0x00, 0x80, 0xa4, 0x00, 0x5a, 0x20, + 0x00, 0x88, 0x04, 0x04, 0x02, 0x00, 0x09, 0x00, 0x14, 0x08, 0x49, 0x14, + 0x20, 0xc8, 0x00, 0x04, 0x91, 0xa0, 0x40, 0x59, 0x80, 0x00, 0x12, 0x10, + 0x00, 0x80, 0x80, 0x65, 0x00, 0x00, 0x04, 0x00, 0x80, 0x40, 0x19, 0x00, + 0x21, 0x03, 0x84, 0x60, 0xc0, 0x04, 0x24, 0x1a, 0x12, 0x61, 0x80, 0x80, + 0x08, 0x02, 0x04, 0x09, 0x42, 0x12, 0x20, 0x08, 0x34, 0x04, 0x90, 0x20, + 0x01, 0x01, 0xa0, 0x00, 0x0b, 0x00, 0x08, 0x91, 0x92, 0x40, 0x02, 0x34, + 0x40, 0x88, 0x10, 0x61, 0x19, 0x02, 0x00, 0x40, 0x04, 0x25, 0xc0, 0x80, + 0x68, 0x08, 0x04, 0x21, 0x80, 0x22, 0x04, 0x00, 0xa0, 0x0c, 0x01, 0x84, + 0x20, 0x41, 0x00, 0x08, 0x8a, 0x00, 0x20, 0x8a, 0x00, 0x48, 0x88, 0x04, + 0x04, 0x11, 0x82, 0x08, 0x40, 0x86, 0x09, 0x49, 0xa4, 0x40, 0x00, 0x10, + 0x01, 0x01, 0xa2, 0x04, 0x50, 0x80, 0x0c, 0x80, 0x00, 0x48, 0x82, 0xa0, + 0x01, 0x18, 0x12, 0x41, 0x01, 0x04, 0x48, 0x41, 0x00, 0x24, 0x01, 0x00, + 0x00, 0x88, 0x14, 0x00, 0x02, 0x00, 0x68, 0x01, 0x20, 0x08, 0x4a, 0x22, + 0x08, 0x83, 0x80, 0x00, 0x89, 0x04, 0x01, 0xc2, 0x00, 0x00, 0x00, 0x34, + 0x04, 0x00, 0x82, 0x28, 0x02, 0x02, 0x41, 0x4a, 0x90, 0x05, 0x82, 0x02, + 0x09, 0x80, 0x24, 0x04, 0x41, 0x00, 0x01, 0x92, 0x80, 0x28, 0x01, 0x14, + 0x00, 0x50, 0x20, 0x4c, 0x10, 0xb0, 0x04, 0x43, 0xa4, 0x21, 0x90, 0x04, + 0x01, 0x02, 0x00, 0x44, 0x48, 0x00, 0x64, 0x08, 0x06, 0x00, 0x42, 0x20, + 0x08, 0x02, 0x92, 0x01, 0x4a, 0x00, 0x20, 0x50, 0x32, 0x25, 0x90, 0x22, + 0x04, 0x09, 0x00, 0x08, 0x11, 0x80, 0x21, 0x01, 0x10, 0x05, 0x00, 0x32, + 0x08, 0x88, 0x94, 0x08, 0x08, 0x24, 0x0d, 0xc1, 0x80, 0x40, 0x0b, 0x20, + 0x40, 0x18, 0x12, 0x04, 0x00, 0x22, 0x40, 0x10, 0x26, 0x05, 0xc1, 0x82, + 0x00, 0x01, 0x30, 0x24, 0x02, 0x22, 0x41, 0x08, 0x24, 0x48, 0x1a, 0x00, + 0x25, 0xd2, 0x12, 0x28, 0x42, 0x00, 0x04, 0x40, 0x30, 0x41, 0x00, 0x02, + 0x00, 0x13, 0x20, 0x24, 0xd1, 0x84, 0x08, 0x89, 0x80, 0x04, 0x52, 0x00, + 0x44, 0x18, 0xa4, 0x00, 0x00, 0x06, 0x20, 0x91, 0x10, 0x09, 0x42, 0x20, + 0x24, 0x40, 0x30, 0x28, 0x00, 0x84, 0x40, 0x40, 0x80, 0x08, 0x10, 0x04, + 0x09, 0x08, 0x04, 0x40, 0x08, 0x22, 0x00, 0x19, 0x02, 0x00, 0x00, 0x80, + 0x2c, 0x02, 0x02, 0x21, 0x01, 0x90, 0x20, 0x40, 0x00, 0x0c, 0x00, 0x34, + 0x48, 0x58, 0x20, 0x01, 0x43, 0x04, 0x20, 0x80, 0x14, 0x00, 0x90, 0x00, + 0x6d, 0x11, 0x00, 0x00, 0x40, 0x20, 0x00, 0x03, 0x10, 0x40, 0x88, 0x30, + 0x05, 0x4a, 0x00, 0x65, 0x10, 0x24, 0x08, 0x18, 0x84, 0x28, 0x03, 0x80, + 0x20, 0x42, 0xb0, 0x40, 0x00, 0x10, 0x69, 0x19, 0x04, 0x00, 0x00, 0x80, + 0x04, 0xc2, 0x04, 0x00, 0x01, 0x00, 0x05, 0x00, 0x22, 0x25, 0x08, 0x96, + 0x04, 0x02, 0x22, 0x00, 0xd0, 0x10, 0x29, 0x01, 0xa0, 0x60, 0x08, 0x10, + 0x04, 0x01, 0x16, 0x44, 0x10, 0x02, 0x28, 0x02, 0x82, 0x48, 0x40, 0x84, + 0x20, 0x90, 0x22, 0x28, 0x80, 0x04, 0x00, 0x40, 0x04, 0x24, 0x00, 0x80, + 0x29, 0x03, 0x10, 0x60, 0x48, 0x00, 0x00, 0x81, 0xa0, 0x00, 0x51, 0x20, + 0x0c, 0xd1, 0x00, 0x01, 0x41, 0x20, 0x04, 0x92, 0x00, 0x00, 0x10, 0x92, + 0x00, 0x42, 0x04, 0x05, 0x01, 0x86, 0x40, 0x80, 0x10, 0x20, 0x52, 0x20, + 0x21, 0x00, 0x10, 0x48, 0x0a, 0x02, 0x00, 0xd0, 0x12, 0x41, 0x48, 0x80, + 0x04, 0x00, 0x00, 0x48, 0x09, 0x22, 0x04, 0x00, 0x24, 0x00, 0x43, 0x10, + 0x60, 0x0a, 0x00, 0x44, 0x12, 0x20, 0x2c, 0x08, 0x20, 0x44, 0x00, 0x84, + 0x09, 0x40, 0x06, 0x08, 0xc1, 0x00, 0x40, 0x80, 0x20, 0x00, 0x98, 0x12, + 0x48, 0x10, 0xa2, 0x20, 0x00, 0x84, 0x48, 0xc0, 0x10, 0x20, 0x90, 0x12, + 0x08, 0x98, 0x82, 0x00, 0x0a, 0xa0, 0x04, 0x03, 0x00, 0x28, 0xc3, 0x00, + 0x44, 0x42, 0x10, 0x04, 0x08, 0x04, 0x40, 0x00, 0x00, 0x05, 0x10, 0x00, + 0x21, 0x03, 0x80, 0x04, 0x88, 0x12, 0x69, 0x10, 0x00, 0x04, 0x08, 0x04, + 0x04, 0x02, 0x84, 0x48, 0x49, 0x04, 0x20, 0x18, 0x02, 0x64, 0x80, 0x30, + 0x08, 0x01, 0x02, 0x00, 0x52, 0x12, 0x49, 0x08, 0x20, 0x41, 0x88, 0x10, + 0x48, 0x08, 0x34, 0x00, 0x01, 0x86, 0x05, 0xd0, 0x00, 0x00, 0x83, 0x84, + 0x21, 0x40, 0x02, 0x41, 0x10, 0x80, 0x48, 0x40, 0xa2, 0x20, 0x51, 0x00, + 0x00, 0x49, 0x00, 0x01, 0x90, 0x20, 0x40, 0x18, 0x02, 0x40, 0x02, 0x22, + 0x05, 0x40, 0x80, 0x08, 0x82, 0x10, 0x20, 0x18, 0x00, 0x05, 0x01, 0x82, + 0x40, 0x58, 0x00, 0x04, 0x81, 0x90, 0x29, 0x01, 0xa0, 0x64, 0x00, 0x22, + 0x40, 0x01, 0xa2, 0x00, 0x18, 0x04, 0x0d, 0x00, 0x00, 0x60, 0x80, 0x94, + 0x60, 0x82, 0x10, 0x0d, 0x80, 0x30, 0x0c, 0x12, 0x20, 0x00, 0x00, 0x12, + 0x40, 0xc0, 0x20, 0x21, 0x58, 0x02, 0x41, 0x10, 0x80, 0x44, 0x03, 0x02, + 0x04, 0x13, 0x90, 0x29, 0x08, 0x00, 0x44, 0xc0, 0x00, 0x21, 0x00, 0x26, + 0x00, 0x1a, 0x80, 0x01, 0x13, 0x14, 0x20, 0x0a, 0x14, 0x20, 0x00, 0x32, + 0x61, 0x08, 0x00, 0x40, 0x42, 0x20, 0x09, 0x80, 0x06, 0x01, 0x81, 0x80, + 0x60, 0x42, 0x00, 0x68, 0x90, 0x82, 0x08, 0x42, 0x80, 0x04, 0x02, 0x80, + 0x09, 0x0b, 0x04, 0x00, 0x98, 0x00, 0x0c, 0x81, 0x06, 0x44, 0x48, 0x84, + 0x28, 0x03, 0x92, 0x00, 0x01, 0x80, 0x40, 0x0a, 0x00, 0x0c, 0x81, 0x02, + 0x08, 0x51, 0x04, 0x28, 0x90, 0x02, 0x20, 0x09, 0x10, 0x60, 0x00, 0x00, + 0x09, 0x81, 0xa0, 0x0c, 0x00, 0xa4, 0x09, 0x00, 0x02, 0x28, 0x80, 0x20, + 0x00, 0x02, 0x02, 0x04, 0x81, 0x14, 0x04, 0x00, 0x04, 0x09, 0x11, 0x12, + 0x60, 0x40, 0x20, 0x01, 0x48, 0x30, 0x40, 0x11, 0x00, 0x08, 0x0a, 0x86, + 0x00, 0x00, 0x04, 0x60, 0x81, 0x04, 0x01, 0xd0, 0x02, 0x41, 0x18, 0x90, + 0x00, 0x0a, 0x20, 0x00, 0xc1, 0x06, 0x01, 0x08, 0x80, 0x64, 0xca, 0x10, + 0x04, 0x99, 0x80, 0x48, 0x01, 0x82, 0x20, 0x50, 0x90, 0x48, 0x80, 0x84, + 0x20, 0x90, 0x22, 0x00, 0x19, 0x00, 0x04, 0x18, 0x20, 0x24, 0x10, 0x86, + 0x40, 0xc2, 0x00, 0x24, 0x12, 0x10, 0x44, 0x00, 0x16, 0x08, 0x10, 0x24, + 0x00, 0x12, 0x06, 0x01, 0x08, 0x90, 0x00, 0x12, 0x02, 0x4d, 0x10, 0x80, + 0x40, 0x50, 0x22, 0x00, 0x43, 0x10, 0x01, 0x00, 0x30, 0x21, 0x0a, 0x00, + 0x00, 0x01, 0x14, 0x00, 0x10, 0x84, 0x04, 0xc1, 0x10, 0x29, 0x0a, 0x00, + 0x01, 0x8a, 0x00, 0x20, 0x01, 0x12, 0x0c, 0x49, 0x20, 0x04, 0x81, 0x00, + 0x48, 0x01, 0x04, 0x60, 0x80, 0x12, 0x0c, 0x08, 0x10, 0x48, 0x4a, 0x04, + 0x28, 0x10, 0x00, 0x28, 0x40, 0x84, 0x45, 0x50, 0x10, 0x60, 0x10, 0x06, + 0x44, 0x01, 0x80, 0x09, 0x00, 0x86, 0x01, 0x42, 0xa0, 0x00, 0x90, 0x00, + 0x05, 0x90, 0x22, 0x40, 0x41, 0x00, 0x08, 0x80, 0x02, 0x08, 0xc0, 0x00, + 0x01, 0x58, 0x30, 0x49, 0x09, 0x14, 0x00, 0x41, 0x02, 0x0c, 0x02, 0x80, + 0x40, 0x89, 0x00, 0x24, 0x08, 0x10, 0x05, 0x90, 0x32, 0x40, 0x0a, 0x82, + 0x08, 0x00, 0x12, 0x61, 0x00, 0x04, 0x21, 0x00, 0x22, 0x04, 0x10, 0x24, + 0x08, 0x0a, 0x04, 0x01, 0x10, 0x00, 0x20, 0x40, 0x84, 0x04, 0x88, 0x22, + 0x20, 0x90, 0x12, 0x00, 0x53, 0x06, 0x24, 0x01, 0x04, 0x40, 0x0b, 0x14, + 0x60, 0x82, 0x02, 0x0d, 0x10, 0x90, 0x0c, 0x08, 0x20, 0x09, 0x00, 0x14, + 0x09, 0x80, 0x80, 0x24, 0x82, 0x00, 0x40, 0x01, 0x02, 0x44, 0x01, 0x20, + 0x0c, 0x40, 0x84, 0x40, 0x0a, 0x10, 0x41, 0x00, 0x30, 0x05, 0x09, 0x80, + 0x44, 0x08, 0x20, 0x20, 0x02, 0x00, 0x49, 0x43, 0x20, 0x21, 0x00, 0x20, + 0x00, 0x01, 0xb6, 0x08, 0x40, 0x04, 0x08, 0x02, 0x80, 0x01, 0x41, 0x80, + 0x40, 0x08, 0x10, 0x24, 0x00, 0x20, 0x04, 0x12, 0x86, 0x09, 0xc0, 0x12, + 0x21, 0x81, 0x14, 0x04, 0x00, 0x02, 0x20, 0x89, 0xb4, 0x44, 0x12, 0x80, + 0x00, 0xd1, 0x00, 0x69, 0x40, 0x80, 0x00, 0x42, 0x12, 0x00, 0x18, 0x04, + 0x00, 0x49, 0x06, 0x21, 0x02, 0x04, 0x28, 0x02, 0x84, 0x01, 0xc0, 0x10, + 0x68, 0x00, 0x20, 0x08, 0x40, 0x00, 0x08, 0x91, 0x10, 0x01, 0x81, 0x24, + 0x04, 0xd2, 0x10, 0x4c, 0x88, 0x86, 0x00, 0x10, 0x80, 0x0c, 0x02, 0x14, + 0x00, 0x8a, 0x90, 0x40, 0x18, 0x20, 0x21, 0x80, 0xa4, 0x00, 0x58, 0x24, + 0x20, 0x10, 0x10, 0x60, 0xc1, 0x30, 0x41, 0x48, 0x02, 0x48, 0x09, 0x00, + 0x40, 0x09, 0x02, 0x05, 0x11, 0x82, 0x20, 0x4a, 0x20, 0x24, 0x18, 0x02, + 0x0c, 0x10, 0x22, 0x0c, 0x0a, 0x04, 0x00, 0x03, 0x06, 0x48, 0x48, 0x04, + 0x04, 0x02, 0x00, 0x21, 0x80, 0x84, 0x00, 0x18, 0x00, 0x0c, 0x02, 0x12, + 0x01, 0x00, 0x14, 0x05, 0x82, 0x10, 0x41, 0x89, 0x12, 0x08, 0x40, 0xa4, + 0x21, 0x01, 0x84, 0x48, 0x02, 0x10, 0x60, 0x40, 0x02, 0x28, 0x00, 0x14, + 0x08, 0x40, 0xa0, 0x20, 0x51, 0x12, 0x00, 0xc2, 0x00, 0x01, 0x1a, 0x30, + 0x40, 0x89, 0x12, 0x4c, 0x02, 0x80, 0x00, 0x00, 0x14, 0x01, 0x01, 0xa0, + 0x21, 0x18, 0x22, 0x21, 0x18, 0x06, 0x40, 0x01, 0x80, 0x00, 0x90, 0x04, + 0x48, 0x02, 0x30, 0x04, 0x08, 0x00, 0x05, 0x88, 0x24, 0x08, 0x48, 0x04, + 0x24, 0x02, 0x06, 0x00, 0x80, 0x00, 0x00, 0x00, 0x10, 0x65, 0x11, 0x90, + 0x00, 0x0a, 0x82, 0x04, 0xc3, 0x04, 0x60, 0x48, 0x24, 0x04, 0x92, 0x02, + 0x44, 0x88, 0x80, 0x40, 0x18, 0x06, 0x29, 0x80, 0x10, 0x01, 0x00, 0x00, + 0x44, 0xc8, 0x10, 0x21, 0x89, 0x30, 0x00, 0x4b, 0xa0, 0x01, 0x10, 0x14, + 0x00, 0x02, 0x94, 0x40, 0x00, 0x20, 0x65, 0x00, 0xa2, 0x0c, 0x40, 0x22, + 0x20, 0x81, 0x12, 0x20, 0x82, 0x04, 0x01, 0x10, 0x00, 0x08, 0x88, 0x00, + 0x00, 0x11, 0x80, 0x04, 0x42, 0x80, 0x40, 0x41, 0x14, 0x00, 0x40, 0x32, + 0x2c, 0x80, 0x24, 0x04, 0x19, 0x00, 0x00, 0x91, 0x00, 0x20, 0x83, 0x00, + 0x05, 0x40, 0x20, 0x09, 0x01, 0x84, 0x40, 0x40, 0x20, 0x20, 0x11, 0x00, + 0x40, 0x41, 0x90, 0x20, 0x00, 0x00, 0x40, 0x90, 0x92, 0x48, 0x18, 0x06, + 0x08, 0x81, 0x80, 0x48, 0x01, 0x34, 0x24, 0x10, 0x20, 0x04, 0x00, 0x20, + 0x04, 0x18, 0x06, 0x2d, 0x90, 0x10, 0x01, 0x00, 0x90, 0x00, 0x0a, 0x22, + 0x01, 0x00, 0x22, 0x00, 0x11, 0x84, 0x01, 0x01, 0x00, 0x20, 0x88, 0x00, + 0x44, 0x00, 0x22, 0x01, 0x00, 0xa6, 0x40, 0x02, 0x06, 0x20, 0x11, 0x00, + 0x01, 0xc8, 0xa0, 0x04, 0x8a, 0x00, 0x28, 0x19, 0x80, 0x00, 0x52, 0xa0, + 0x24, 0x12, 0x12, 0x09, 0x08, 0x24, 0x01, 0x48, 0x00, 0x04, 0x00, 0x24, + 0x40, 0x02, 0x84, 0x08, 0x00, 0x04, 0x48, 0x40, 0x90, 0x60, 0x0a, 0x22, + 0x01, 0x88, 0x14, 0x08, 0x01, 0x02, 0x08, 0xd3, 0x00, 0x20, 0xc0, 0x90, + 0x24, 0x10, 0x00, 0x00, 0x01, 0xb0, 0x08, 0x0a, 0xa0, 0x00, 0x80, 0x00, + 0x01, 0x09, 0x00, 0x20, 0x52, 0x02, 0x25, 0x00, 0x24, 0x04, 0x02, 0x84, + 0x24, 0x10, 0x92, 0x40, 0x02, 0xa0, 0x40, 0x00, 0x22, 0x08, 0x11, 0x04, + 0x08, 0x01, 0x22, 0x00, 0x42, 0x14, 0x00, 0x09, 0x90, 0x21, 0x00, 0x30, + 0x6c, 0x00, 0x00, 0x0c, 0x00, 0x22, 0x09, 0x90, 0x10, 0x28, 0x40, 0x00, + 0x20, 0xc0, 0x20, 0x00, 0x90, 0x00, 0x40, 0x01, 0x82, 0x05, 0x12, 0x12, + 0x09, 0xc1, 0x04, 0x61, 0x80, 0x02, 0x28, 0x81, 0x24, 0x00, 0x49, 0x04, + 0x08, 0x10, 0x86, 0x29, 0x41, 0x80, 0x21, 0x0a, 0x30, 0x49, 0x88, 0x90, + 0x00, 0x41, 0x04, 0x29, 0x81, 0x80, 0x41, 0x09, 0x00, 0x40, 0x12, 0x10, + 0x40, 0x00, 0x10, 0x40, 0x48, 0x02, 0x05, 0x80, 0x02, 0x21, 0x40, 0x20, + 0x00, 0x58, 0x20, 0x60, 0x00, 0x90, 0x48, 0x00, 0x80, 0x28, 0xc0, 0x80, + 0x48, 0x00, 0x00, 0x44, 0x80, 0x02, 0x00, 0x09, 0x06, 0x00, 0x12, 0x02, + 0x01, 0x00, 0x10, 0x08, 0x83, 0x10, 0x45, 0x12, 0x00, 0x2c, 0x08, 0x04, + 0x44, 0x00, 0x20, 0x20, 0xc0, 0x10, 0x20, 0x01, 0x00, 0x05, 0xc8, 0x20, + 0x04, 0x98, 0x10, 0x08, 0x10, 0x00, 0x24, 0x02, 0x16, 0x40, 0x88, 0x00, + 0x61, 0x88, 0x12, 0x24, 0x80, 0xa6, 0x00, 0x42, 0x00, 0x08, 0x10, 0x06, + 0x48, 0x40, 0xa0, 0x00, 0x50, 0x20, 0x04, 0x81, 0xa4, 0x40, 0x18, 0x00, + 0x08, 0x10, 0x80, 0x01, 0x01}; + +#if RSA_KEY_SIEVE && SIMULATION && RSA_INSTRUMENT +UINT32 PrimeIndex = 0; +UINT32 failedAtIteration[10] = {0}; +UINT32 PrimeCounts[3] = {0}; +UINT32 MillerRabinTrials[3] = {0}; +UINT32 totalFieldsSieved[3] = {0}; +UINT32 bitsInFieldAfterSieve[3] = {0}; +UINT32 emptyFieldsSieved[3] = {0}; +UINT32 noPrimeFields[3] = {0}; +UINT32 primesChecked[3] = {0}; +UINT16 lastSievePrime = 0; +#endif \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/RsaKeyCache.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/RsaKeyCache.c new file mode 100644 index 000000000..ba8dec83d --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/RsaKeyCache.c @@ -0,0 +1,255 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +//** Introduction +// This file contains the functions to implement the RSA key cache that can be used +// to speed up simulation. +// +// Only one key is created for each supported key size and it is returned whenever +// a key of that size is requested. +// +// If desired, the key cache can be populated from a file. This allows multiple +// TPM to run with the same RSA keys. Also, when doing simulation, the DRBG will +// use preset sequences so it is not too hard to repeat sequences for debug or +// profile or stress. +// +// When the key cache is enabled, a call to CryptRsaGenerateKey() will call the +// GetCachedRsaKey(). If the cache is enabled and populated, then the cached key +// of the requested size is returned. If a key of the requested size is not +// available, the no key is loaded and the requested key will need to be generated. +// If the cache is not populated, the TPM will open a file that has the appropriate +// name for the type of keys required (CRT or no-CRT). If the file is the right +// size, it is used. If the file doesn't exist or the file does not have the correct +// size, the TMP will populate the cache with new keys of the required size and +// write the cache data to the file so that they will be available the next time. +// +// Currently, if two simulations are being run with TPM's that have different RSA +// key sizes (e.g,, one with 1024 and 2048 and another with 2048 and 3072, then the +// files will not match for the both of them and they will both try to overwrite +// the other's cache file. I may try to do something about this if necessary. + +//** Includes, Types, Locals, and Defines + +#include "Tpm.h" + +#if USE_RSA_KEY_CACHE + +#include +#include "RsaKeyCache_fp.h" + +#if CRT_FORMAT_RSA == YES +#define CACHE_FILE_NAME "RsaKeyCacheCrt.data" +#else +#define CACHE_FILE_NAME "RsaKeyCacheNoCrt.data" +#endif + +typedef struct _RSA_KEY_CACHE_ +{ + TPM2B_PUBLIC_KEY_RSA publicModulus; + TPM2B_PRIVATE_KEY_RSA privateExponent; +} RSA_KEY_CACHE; + +// Determine the number of RSA key sizes for the cache +TPMI_RSA_KEY_BITS SupportedRsaKeySizes[] = { +#if RSA_1024 + 1024, +#endif +#if RSA_2048 + 2048, +#endif +#if RSA_3072 + 3072, +#endif +#if RSA_4096 + 4096, +#endif + 0 +}; + +#define RSA_KEY_CACHE_ENTRIES (RSA_1024 + RSA_2048 + RSA_3072 + RSA_4096) + +// The key cache holds one entry for each of the supported key sizes +RSA_KEY_CACHE s_rsaKeyCache[RSA_KEY_CACHE_ENTRIES]; +// Indicates if the key cache is loaded. It can be loaded and enabled or disabled. +BOOL s_keyCacheLoaded = 0; + +// Indicates if the key cache is enabled +int s_rsaKeyCacheEnabled = FALSE; + +//*** RsaKeyCacheControl() +// Used to enable and disable the RSA key cache. +LIB_EXPORT void +RsaKeyCacheControl( + int state + ) +{ + s_rsaKeyCacheEnabled = state; +} + +//*** InitializeKeyCache() +// This will initialize the key cache and attempt to write it to a file for later +// use. +// Return Type: BOOL +// TRUE(1) success +// FALSE(0) failure +static BOOL +InitializeKeyCache( + TPMT_PUBLIC *publicArea, + TPMT_SENSITIVE *sensitive, + RAND_STATE *rand // IN: if not NULL, the deterministic + // RNG state + ) +{ + int index; + TPM_KEY_BITS keySave = publicArea->parameters.rsaDetail.keyBits; + BOOL OK = TRUE; +// + s_rsaKeyCacheEnabled = FALSE; + for(index = 0; OK && index < RSA_KEY_CACHE_ENTRIES; index++) + { + publicArea->parameters.rsaDetail.keyBits + = SupportedRsaKeySizes[index]; + OK = (CryptRsaGenerateKey(publicArea, sensitive, rand) == TPM_RC_SUCCESS); + if(OK) + { + s_rsaKeyCache[index].publicModulus = publicArea->unique.rsa; + s_rsaKeyCache[index].privateExponent = sensitive->sensitive.rsa; + } + } + publicArea->parameters.rsaDetail.keyBits = keySave; + s_keyCacheLoaded = OK; +#if SIMULATION && USE_RSA_KEY_CACHE && USE_KEY_CACHE_FILE + if(OK) + { + FILE *cacheFile; + const char *fn = CACHE_FILE_NAME; + +#if defined _MSC_VER + if(fopen_s(&cacheFile, fn, "w+b") != 0) +#else + cacheFile = fopen(fn, "w+b"); + if(NULL == cacheFile) +#endif + { + printf("Can't open %s for write.\n", fn); + } + else + { + fseek(cacheFile, 0, SEEK_SET); + if(fwrite(s_rsaKeyCache, 1, sizeof(s_rsaKeyCache), cacheFile) + != sizeof(s_rsaKeyCache)) + { + printf("Error writing cache to %s.", fn); + } + } + if(cacheFile) + fclose(cacheFile); + } +#endif + return s_keyCacheLoaded; +} + +//*** KeyCacheLoaded() +// Checks that key cache is loaded. +// Return Type: BOOL +// TRUE(1) cache loaded +// FALSE(0) cache not loaded +static BOOL +KeyCacheLoaded( + TPMT_PUBLIC *publicArea, + TPMT_SENSITIVE *sensitive, + RAND_STATE *rand // IN: if not NULL, the deterministic + // RNG state + ) +{ +#if SIMULATION && USE_RSA_KEY_CACHE && USE_KEY_CACHE_FILE + if(!s_keyCacheLoaded) + { + FILE *cacheFile; + const char * fn = CACHE_FILE_NAME; +#if defined _MSC_VER && 1 + if(fopen_s(&cacheFile, fn, "r+b") == 0) +#else + cacheFile = fopen(fn, "r+b"); + if(NULL != cacheFile) +#endif + { + fseek(cacheFile, 0L, SEEK_END); + if(ftell(cacheFile) == sizeof(s_rsaKeyCache)) + { + fseek(cacheFile, 0L, SEEK_SET); + s_keyCacheLoaded = ( + fread(&s_rsaKeyCache, 1, sizeof(s_rsaKeyCache), cacheFile) + == sizeof(s_rsaKeyCache)); + } + fclose(cacheFile); + } + } +#endif + if(!s_keyCacheLoaded) + s_rsaKeyCacheEnabled = InitializeKeyCache(publicArea, sensitive, rand); + return s_keyCacheLoaded; +} + +//*** GetCachedRsaKey() +// Return Type: BOOL +// TRUE(1) key loaded +// FALSE(0) key not loaded +BOOL +GetCachedRsaKey( + TPMT_PUBLIC *publicArea, + TPMT_SENSITIVE *sensitive, + RAND_STATE *rand // IN: if not NULL, the deterministic + // RNG state + ) +{ + int keyBits = publicArea->parameters.rsaDetail.keyBits; + int index; +// + if(KeyCacheLoaded(publicArea, sensitive, rand)) + { + for(index = 0; index < RSA_KEY_CACHE_ENTRIES; index++) + { + if((s_rsaKeyCache[index].publicModulus.t.size * 8) == keyBits) + { + publicArea->unique.rsa = s_rsaKeyCache[index].publicModulus; + sensitive->sensitive.rsa = s_rsaKeyCache[index].privateExponent; + return TRUE; + } + } + return FALSE; + } + return s_keyCacheLoaded; +} +#endif // defined SIMULATION && defined USE_RSA_KEY_CACHE diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/Ticket.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/Ticket.c new file mode 100644 index 000000000..bd65948a6 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/Ticket.c @@ -0,0 +1,277 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +//** Introduction +/* + This clause contains the functions used for ticket computations. +*/ + +//** Includes +#include "Tpm.h" + +//** Functions + +//*** TicketIsSafe() +// This function indicates if producing a ticket is safe. +// It checks if the leading bytes of an input buffer is TPM_GENERATED_VALUE +// or its substring of canonical form. If so, it is not safe to produce ticket +// for an input buffer claiming to be TPM generated buffer +// Return Type: BOOL +// TRUE(1) safe to produce ticket +// FALSE(0) not safe to produce ticket +BOOL +TicketIsSafe( + TPM2B *buffer + ) +{ + TPM_GENERATED valueToCompare = TPM_GENERATED_VALUE; + BYTE bufferToCompare[sizeof(valueToCompare)]; + BYTE *marshalBuffer; +// + // If the buffer size is less than the size of TPM_GENERATED_VALUE, assume + // it is not safe to generate a ticket + if(buffer->size < sizeof(valueToCompare)) + return FALSE; + marshalBuffer = bufferToCompare; + TPM_GENERATED_Marshal(&valueToCompare, &marshalBuffer, NULL); + if(MemoryEqual(buffer->buffer, bufferToCompare, sizeof(valueToCompare))) + return FALSE; + else + return TRUE; +} + +//*** TicketComputeVerified() +// This function creates a TPMT_TK_VERIFIED ticket. +/*(See part 2 specification) +// The ticket is computed as: +// HMAC(proof, (TPM_ST_VERIFIED | digest | keyName)) +// Where: +// HMAC() an HMAC using the hash of proof +// proof a TPM secret value associated with the hierarchy +// associated with keyName +// TPM_ST_VERIFIED a value to differentiate the tickets +// digest the signed digest +// keyName the Name of the key that signed digest +*/ +void +TicketComputeVerified( + TPMI_RH_HIERARCHY hierarchy, // IN: hierarchy constant for ticket + TPM2B_DIGEST *digest, // IN: digest + TPM2B_NAME *keyName, // IN: name of key that signed the values + TPMT_TK_VERIFIED *ticket // OUT: verified ticket + ) +{ + TPM2B_PROOF *proof; + HMAC_STATE hmacState; +// + // Fill in ticket fields + ticket->tag = TPM_ST_VERIFIED; + ticket->hierarchy = hierarchy; + proof = HierarchyGetProof(hierarchy); + + // Start HMAC using the proof value of the hierarchy as the HMAC key + ticket->digest.t.size = CryptHmacStart2B(&hmacState, CONTEXT_INTEGRITY_HASH_ALG, + &proof->b); + // TPM_ST_VERIFIED + CryptDigestUpdateInt(&hmacState, sizeof(TPM_ST), ticket->tag); + // digest + CryptDigestUpdate2B(&hmacState.hashState, &digest->b); + // key name + CryptDigestUpdate2B(&hmacState.hashState, &keyName->b); + // done + CryptHmacEnd2B(&hmacState, &ticket->digest.b); + + return; +} + +//*** TicketComputeAuth() +// This function creates a TPMT_TK_AUTH ticket. +/*(See part 2 specification) +// The ticket is computed as: +// HMAC(proof, (type || timeout || timeEpoch || cpHash +// || policyRef || keyName)) +// where: +// HMAC() an HMAC using the hash of proof +// proof a TPM secret value associated with the hierarchy of the key +// associated with keyName. +// type a value to differentiate the tickets. It could be either +// TPM_ST_AUTH_SECRET or TPM_ST_AUTH_SIGNED +// timeout TPM-specific value indicating when the authorization expires +// timeEpoch TPM-specific value indicating the epoch for the timeout +// cpHash optional hash (digest only) of the authorized command +// policyRef optional reference to a policy value +// keyName name of the key that signed the authorization +*/ +void +TicketComputeAuth( + TPM_ST type, // IN: the type of ticket. + TPMI_RH_HIERARCHY hierarchy, // IN: hierarchy constant for ticket + UINT64 timeout, // IN: timeout + BOOL expiresOnReset,// IN: flag to indicate if ticket expires on + // TPM Reset + TPM2B_DIGEST *cpHashA, // IN: input cpHashA + TPM2B_NONCE *policyRef, // IN: input policyRef + TPM2B_NAME *entityName, // IN: name of entity + TPMT_TK_AUTH *ticket // OUT: Created ticket + ) +{ + TPM2B_PROOF *proof; + HMAC_STATE hmacState; +// + // Get proper proof + proof = HierarchyGetProof(hierarchy); + + // Fill in ticket fields + ticket->tag = type; + ticket->hierarchy = hierarchy; + + // Start HMAC with hierarchy proof as the HMAC key + ticket->digest.t.size = CryptHmacStart2B(&hmacState, CONTEXT_INTEGRITY_HASH_ALG, + &proof->b); + // TPM_ST_AUTH_SECRET or TPM_ST_AUTH_SIGNED, + CryptDigestUpdateInt(&hmacState, sizeof(UINT16), ticket->tag); + // cpHash + CryptDigestUpdate2B(&hmacState.hashState, &cpHashA->b); + // policyRef + CryptDigestUpdate2B(&hmacState.hashState, &policyRef->b); + // keyName + CryptDigestUpdate2B(&hmacState.hashState, &entityName->b); + // timeout + CryptDigestUpdateInt(&hmacState, sizeof(timeout), timeout); + if(timeout != 0) + { + // epoch + CryptDigestUpdateInt(&hmacState.hashState, sizeof(CLOCK_NONCE), + g_timeEpoch); + // reset count + if(expiresOnReset) + CryptDigestUpdateInt(&hmacState.hashState, sizeof(gp.totalResetCount), + gp.totalResetCount); + } + // done + CryptHmacEnd2B(&hmacState, &ticket->digest.b); + + return; +} + +//*** TicketComputeHashCheck() +// This function creates a TPMT_TK_HASHCHECK ticket. +/*(See part 2 specification) +// The ticket is computed as: +// HMAC(proof, (TPM_ST_HASHCHECK || digest )) +// where: +// HMAC() an HMAC using the hash of proof +// proof a TPM secret value associated with the hierarchy +// TPM_ST_HASHCHECK +// a value to differentiate the tickets +// digest the digest of the data +*/ +void +TicketComputeHashCheck( + TPMI_RH_HIERARCHY hierarchy, // IN: hierarchy constant for ticket + TPM_ALG_ID hashAlg, // IN: the hash algorithm for 'digest' + TPM2B_DIGEST *digest, // IN: input digest + TPMT_TK_HASHCHECK *ticket // OUT: Created ticket + ) +{ + TPM2B_PROOF *proof; + HMAC_STATE hmacState; +// + // Get proper proof + proof = HierarchyGetProof(hierarchy); + + // Fill in ticket fields + ticket->tag = TPM_ST_HASHCHECK; + ticket->hierarchy = hierarchy; + + // Start HMAC using hierarchy proof as HMAC key + ticket->digest.t.size = CryptHmacStart2B(&hmacState, CONTEXT_INTEGRITY_HASH_ALG, + &proof->b); + // TPM_ST_HASHCHECK + CryptDigestUpdateInt(&hmacState, sizeof(TPM_ST), ticket->tag); + // hash algorithm + CryptDigestUpdateInt(&hmacState, sizeof(hashAlg), hashAlg); + // digest + CryptDigestUpdate2B(&hmacState.hashState, &digest->b); + // done + CryptHmacEnd2B(&hmacState, &ticket->digest.b); + + return; +} + +//*** TicketComputeCreation() +// This function creates a TPMT_TK_CREATION ticket. +/*(See part 2 specification) +// The ticket is computed as: +// HMAC(proof, (TPM_ST_CREATION || Name || hash(TPMS_CREATION_DATA))) +// Where: +// HMAC() an HMAC using the hash of proof +// proof a TPM secret value associated with the hierarchy associated with Name +// TPM_ST_VERIFIED a value to differentiate the tickets +// Name the Name of the object to which the creation data is to be associated +// TPMS_CREATION_DATA the creation data structure associated with Name +*/ +void +TicketComputeCreation( + TPMI_RH_HIERARCHY hierarchy, // IN: hierarchy for ticket + TPM2B_NAME *name, // IN: object name + TPM2B_DIGEST *creation, // IN: creation hash + TPMT_TK_CREATION *ticket // OUT: created ticket + ) +{ + TPM2B_PROOF *proof; + HMAC_STATE hmacState; + + // Get proper proof + proof = HierarchyGetProof(hierarchy); + + // Fill in ticket fields + ticket->tag = TPM_ST_CREATION; + ticket->hierarchy = hierarchy; + + // Start HMAC using hierarchy proof as HMAC key + ticket->digest.t.size = CryptHmacStart2B(&hmacState, CONTEXT_INTEGRITY_HASH_ALG, + &proof->b); + // TPM_ST_CREATION + CryptDigestUpdateInt(&hmacState, sizeof(TPM_ST), ticket->tag); + // name if provided + if(name != NULL) + CryptDigestUpdate2B(&hmacState.hashState, &name->b); + // creation hash + CryptDigestUpdate2B(&hmacState.hashState, &creation->b); + // Done + CryptHmacEnd2B(&hmacState, &ticket->digest.b); + + return; +} \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/ltc/TpmToLtcDesSupport.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/ltc/TpmToLtcDesSupport.c new file mode 100644 index 000000000..69a0b01a1 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/ltc/TpmToLtcDesSupport.c @@ -0,0 +1,75 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +//** Introduction +// +// The functions in this file are used for initialization of the interface to the +// LibTomCrypt and MpaLib libraries. This is not used if only the LTC hash and +// symmetric functions are used. + +//** Defines and Includes + +#include "Tpm.h" + +#if (defined SYM_LIB_LTC) && ALG_TDES + +//** TDES_setup +// This function calls the LTC function to generate a TDES key schedule. If the +// key is one DES key (8 bytes), then it is replicated two more times to create a +// 24-byte TDES key. If the key is two key (16 bytes), then the first DES key is +// replicated to the third key position. +void TDES_setup( + const BYTE *key, + UINT32 keyBits, + symmetric_key *skey + ) +{ + BYTE k[24]; + BYTE *kp; + + // If this is two-key, make it three key by replicating K1 + if(keyBits == 128) + { + memcpy(k, key, 16); + memcpy(&k[16], key, 8); + kp = k; + } + else + kp = (BYTE *)key; + + des3_setup(kp, 24, 0, skey); +} + +#endif // MATH_LIB_LTC && ALG_TDES diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/ltc/TpmToLtcMath.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/ltc/TpmToLtcMath.c new file mode 100644 index 000000000..bb1a0e62a --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/ltc/TpmToLtcMath.c @@ -0,0 +1,286 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +//** Introduction +// +// This file contains the math functions that are not implemented in the BnMath +// library (yet). These math functions will call the ST MPA library or the +// LibTomCrypt library to execute the operations. Since the TPM internal big number +// format is identical to the MPA format, no reformatting is required. + +//** Includes +#include "Tpm.h" + +#ifdef MATH_LIB_LTC + +#if defined ECC_NIST_P256 && ECC_NIST_P256 == YES && ECC_CURVE_COUNT > 1 +#error "LibTomCrypt only supports P256" +#endif + +//** Functions + +//*** BnModMult() +// Does multiply and divide returning the remainder of the divide. +LIB_EXPORT BOOL +BnModMult( + bigNum result, + bigConst op1, + bigConst op2, + bigConst modulus + ) +{ + BN_VAR(temp, LARGEST_NUMBER_BITS * 2); + // mpa_mul does not allocate from the pool if the result is not the same as + // op1 or op2. since this is assured by the stack allocation of 'temp', the + // pool pointer can be NULL + pAssert(BnGetAllocated(result) >= BnGetSize(modulus)); + mpa_mul((mpanum)temp, (const mpanum)op1, (const mpanum)op2, + NULL); + return BnDiv(NULL, result, temp, modulus); +} + +//*** BnMult() +// Multiplies two numbers +LIB_EXPORT BOOL +BnMult( + bigNum result, + bigConst multiplicand, + bigConst multiplier + ) +{ + // Make sure that the mpa_mul function does not allocate anything + // from the POOL by eliminating the reason for doing it. + BN_VAR(tempResult, LARGEST_NUMBER_BITS * 2); + if(result != multiplicand && result != multiplier) + tempResult = result; + mpa_mul((mpanum)tempResult, (const mpanum)multiplicand, + (const mpanum)multiplier, + NULL); + BnCopy(result, tempResult); + return TRUE; +} + +//*** BnDiv() +// This function divides two BIGNUM values. The function always returns TRUE. +LIB_EXPORT BOOL +BnDiv( + bigNum quotient, + bigNum remainder, + bigConst dividend, + bigConst divisor + ) +{ + MPA_ENTER(10, LARGEST_NUMBER_BITS); + pAssert(!BnEqualZero(divisor)); + if(BnGetSize(dividend) < BnGetSize(divisor)) + { + if(quotient) + BnSetWord(quotient, 0); + if(remainder) + BnCopy(remainder, dividend); + } + else + { + pAssert((quotient == NULL) + || (quotient->allocated >= + (unsigned)(dividend->size - divisor->size))); + pAssert((remainder == NULL) + || (remainder->allocated >= divisor->size)); + mpa_div((mpanum)quotient, (mpanum)remainder, + (const mpanum)dividend, (const mpanum)divisor, POOL); + } + MPA_LEAVE(); + return TRUE; +} + +#ifdef TPM_ALG_RSA +//*** BnGcd() +// Get the greatest common divisor of two numbers +LIB_EXPORT BOOL +BnGcd( + bigNum gcd, // OUT: the common divisor + bigConst number1, // IN: + bigConst number2 // IN: + ) +{ + MPA_ENTER(20, LARGEST_NUMBER_BITS); +// + mpa_gcd((mpanum)gcd, (mpanum)number1, (mpanum)number2, POOL); + MPA_LEAVE(); + return TRUE; +} + +//***BnModExp() +// Do modular exponentiation using BIGNUM values. The conversion from a bignum_t +// to a BIGNUM is trivial as they are based on the same structure +LIB_EXPORT BOOL +BnModExp( + bigNum result, // OUT: the result + bigConst number, // IN: number to exponentiate + bigConst exponent, // IN: + bigConst modulus // IN: + ) +{ + MPA_ENTER(20, LARGEST_NUMBER_BITS); + BN_VAR(bnR, MAX_RSA_KEY_BITS); + BN_VAR(bnR2, MAX_RSA_KEY_BITS); + mpa_word_t n_inv; + mpa_word_t ffmCtx[mpa_fmm_context_size_in_U32(MAX_RSA_KEY_BITS)]; +// + mpa_init_static_fmm_context((mpa_fmm_context_base *)ffmCtx, + BYTES_TO_CRYPT_WORDS(sizeof(ffmCtx))); + // Generate modular form + if(mpa_compute_fmm_context((const mpanum)modulus, (mpanum)bnR, + (mpanum)bnR2, &n_inv, POOL) != 0) + FAIL(FATAL_ERROR_INTERNAL); + // Do exponentiation + mpa_exp_mod((mpanum)result, (const mpanum)number, (const mpanum)exponent, + (const mpanum)modulus, (const mpanum)bnR, (const mpanum)bnR2, + n_inv, POOL); + MPA_LEAVE(); + return TRUE; +} + +//*** BnModInverse() +// Modular multiplicative inverse +LIB_EXPORT BOOL +BnModInverse( + bigNum result, + bigConst number, + bigConst modulus + ) +{ + BOOL retVal; + MPA_ENTER(10, LARGEST_NUMBER_BITS); + retVal = (mpa_inv_mod((mpanum)result, (const mpanum)number, + (const mpanum)modulus, POOL) == 0); + MPA_LEAVE(); + return retVal; +} +#endif // TPM_ALG_RSA + +#ifdef TPM_ALG_ECC + + +//*** BnEccModMult() +// This function does a point multiply of the form R = [d]S +// return type: BOOL +// FALSE failure in operation; treat as result being point at infinity +LIB_EXPORT BOOL +BnEccModMult( + bigPoint R, // OUT: computed point + pointConst S, // IN: point to multiply by 'd' + bigConst d, // IN: scalar for [d]S + bigCurve E + ) +{ + MPA_ENTER(30, MAX_ECC_KEY_BITS * 2); + // The point multiply in LTC seems to need a large reciprocal for + // intermediate results + POINT_VAR(result, MAX_ECC_KEY_BITS * 4); + BOOL OK; +// + (POOL); // Avoid compiler warning + if(S == NULL) + S = CurveGetG(AccessCurveData(E)); + OK = (ltc_ecc_mulmod((mpanum)d, (ecc_point *)S, + (ecc_point *)result, (void *)CurveGetPrime(E), 1) + == CRYPT_OK); + OK = OK && !BnEqualZero(result->z); + if(OK) + BnPointCopy(R, result); + + MPA_LEAVE(); + return OK ? TPM_RC_SUCCESS : TPM_RC_NO_RESULT; +} + +//*** BnEccModMult2() +// This function does a point multiply of the form R = [d]S + [u]Q +// return type: BOOL +// FALSE failure in operation; treat as result being point at infinity +LIB_EXPORT BOOL +BnEccModMult2( + bigPoint R, // OUT: computed point + pointConst S, // IN: first point (optional) + bigConst d, // IN: scalar for [d]S or [d]G + pointConst Q, // IN: second point + bigConst u, // IN: second scalar + bigCurve E // IN: curve + ) +{ + MPA_ENTER(80, MAX_ECC_KEY_BITS); + BOOL OK; + // The point multiply in LTC seems to need a large reciprocal for + // intermediate results + POINT_VAR(result, MAX_ECC_KEY_BITS * 4); +// + (POOL); // Avoid compiler warning + if(S == NULL) + S = CurveGetG(AccessCurveData(E)); + + OK = (ltc_ecc_mul2add((ecc_point *)S, (mpanum)d, (ecc_point *)Q, (mpanum)u, + (ecc_point *)result, (mpanum)CurveGetPrime(E)) + == CRYPT_OK); + OK = OK && !BnEqualZero(result->z); + + if(OK) + BnPointCopy(R, result); + + MPA_LEAVE(); + return OK ? TPM_RC_SUCCESS : TPM_RC_NO_RESULT; +} + +//*** BnEccAdd() +// This function does addition of two points. Since this is not implemented +// in LibTomCrypt() will try to trick it by doing multiply with scalar of 1. +// I have no idea if this will work and it's not needed unless MQV or the SM2 +// variant is enabled. +// return type: BOOL +// FALSE failure in operation; treat as result being point at infinity +LIB_EXPORT BOOL +BnEccAdd( + bigPoint R, // OUT: computed point + pointConst S, // IN: point to multiply by 'd' + pointConst Q, // IN: second point + bigCurve E // IN: curve + ) +{ + BN_WORD_INITIALIZED(one, 1); + return BnEccModMult2(R, S, one, Q, one, E); +} + +#endif // TPM_ALG_ECC + +#endif // MATH_LIB_LTC diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/ltc/TpmToLtcSupport.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/ltc/TpmToLtcSupport.c new file mode 100644 index 000000000..0dcb79ebe --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/ltc/TpmToLtcSupport.c @@ -0,0 +1,96 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +//** Introduction +// +// The functions in this file are used for initialization of the interface to the +// LibTomCrypt and MpsLib libraries. This is not used if only the LTC hash and +// symmetric functions are used. + +//** Defines and Includes + +#include "Tpm.h" + +#if defined(HASH_LIB_LTC) || defined(MATH_LIB_LTC) || defined(SYM_LIB_LTC) + +// This state is used because there is no way to pass the random number state +// to LibTomCrypt. I do not think that this is currently an issue because... +// Heck, just put in an assert and see what happens. +static void *s_randState; + +//*** LtcRand() +// This is a stub function that is called from the LibTomCrypt or libmpa code +// to get a random number. In turn, this will call the random RandGenerate +// function that was passed in LibraryInit(). This function will pass the pointer +// to the current rand state along with the random byte request. +uint32_t LtcRand( + void *buf, + size_t blen + ) +{ + pAssert(1); + DRBG_Generate(s_randState, buf, (uint16_t)blen); + return 0; +} + +//*** SupportLibInit() +// This does any initialization required by the support library. +LIB_EXPORT int +SupportLibInit( + void + ) +{ + mpa_set_random_generator(LtcRand); + s_randState = NULL; + external_mem_pool = NULL; + return 1; +} + +//*** LtcPoolInit() +// Function to initialize a pool. **** +LIB_EXPORT mpa_scratch_mem +LtcPoolInit( + mpa_word_t *poolAddress, + int vars, + int bits + ) +{ + mpa_scratch_mem pool = (mpa_scratch_mem)poolAddress; + mpa_init_scratch_mem(pool, vars, bits); + init_mpa_tomcrypt(pool); + return pool; +} + +#endif // HASH_LIB_LTC || MATH_LIB_LTC || SYM_LIB_LTC diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/ossl/TpmToOsslDesSupport.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/ossl/TpmToOsslDesSupport.c new file mode 100644 index 000000000..68c28ab96 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/ossl/TpmToOsslDesSupport.c @@ -0,0 +1,100 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +//** Introduction +// +// The functions in this file are used for initialization of the interface to the +// OpenSSL library. + +//** Defines and Includes + +#include "Tpm.h" + +#if (defined SYM_LIB_OSSL) && ALG_TDES + +//**Functions +//*** TDES_set_encyrpt_key() +// This function makes creation of a TDES key look like the creation of a key for +// any of the other OpenSSL block ciphers. It will create three key schedules, +// one for each of the DES keys. If there are only two keys, then the third schedule +// is a copy of the first. +void +TDES_set_encrypt_key( + const BYTE *key, + UINT16 keySizeInBits, + tpmKeyScheduleTDES *keySchedule + ) +{ + DES_set_key_unchecked((const_DES_cblock *)key, &keySchedule[0]); + DES_set_key_unchecked((const_DES_cblock *)&key[8], &keySchedule[1]); + // If is two-key, copy the schedule for K1 into K3, otherwise, compute the + // the schedule for K3 + if(keySizeInBits == 128) + keySchedule[2] = keySchedule[0]; + else + DES_set_key_unchecked((const_DES_cblock *)&key[16], + &keySchedule[2]); +} + + +//*** TDES_encyrpt() +// The TPM code uses one key schedule. For TDES, the schedule contains three +// schedules. OpenSSL wants the schedules referenced separately. This function +// does that. +void TDES_encrypt( + const BYTE *in, + BYTE *out, + tpmKeyScheduleTDES *ks + ) +{ + DES_ecb3_encrypt((const_DES_cblock *)in, (DES_cblock *)out, + &ks[0], &ks[1], &ks[2], + DES_ENCRYPT); +} + +//*** TDES_decrypt() +// As with TDES_encypt() this function bridges between the TPM single schedule +// model and the OpenSSL three schedule model. +void TDES_decrypt( + const BYTE *in, + BYTE *out, + tpmKeyScheduleTDES *ks + ) +{ + DES_ecb3_encrypt((const_DES_cblock *)in, (DES_cblock *)out, + &ks[0], &ks[1], &ks[2], + DES_DECRYPT); +} + +#endif // SYM_LIB_OSSL diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/ossl/TpmToOsslMath.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/ossl/TpmToOsslMath.c new file mode 100644 index 000000000..042709ec2 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/ossl/TpmToOsslMath.c @@ -0,0 +1,638 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +//** Introduction +// The functions in this file provide the low-level interface between the TPM code +// and the big number and elliptic curve math routines in OpenSSL. +// +// Most math on big numbers require a context. The context contains the memory in +// which OpenSSL creates and manages the big number values. When a OpenSSL math +// function will be called that modifies a BIGNUM value, that value must be created in +// an OpenSSL context. The first line of code in such a function must be: +// OSSL_ENTER(); and the last operation before returning must be OSSL_LEAVE(). +// OpenSSL variables can then be created with BnNewVariable(). Constant values to be +// used by OpenSSL are created from the bigNum values passed to the functions in this +// file. Space for the BIGNUM control block is allocated in the stack of the +// function and then it is initialized by calling BigInitialized(). That function +// sets up the values in the BIGNUM structure and sets the data pointer to point to +// the data in the bignum_t. This is only used when the value is known to be a +// constant in the called function. +// +// Because the allocations of constants is on the local stack and the +// OSSL_ENTER()/OSSL_LEAVE() pair flushes everything created in OpenSSL memory, there +// should be no chance of a memory leak. + +//** Includes and Defines +#include "Tpm.h" + +#ifdef MATH_LIB_OSSL +#include "TpmToOsslMath_fp.h" + +//** Functions + +//*** OsslToTpmBn() +// This function converts an OpenSSL BIGNUM to a TPM bignum. In this implementation +// it is assumed that OpenSSL uses a different control structure but the same data +// layout -- an array of native-endian words in little-endian order. +// Return Type: BOOL +// TRUE(1) success +// FALSE(0) failure because value will not fit or OpenSSL variable doesn't +// exist +BOOL +OsslToTpmBn( + bigNum bn, + BIGNUM *osslBn + ) +{ + VERIFY(osslBn != NULL); + // If the bn is NULL, it means that an output value pointer was NULL meaning that + // the results is simply to be discarded. + if(bn != NULL) + { + int i; + // + VERIFY((unsigned)osslBn->top <= BnGetAllocated(bn)); + for(i = 0; i < osslBn->top; i++) + bn->d[i] = osslBn->d[i]; + BnSetTop(bn, osslBn->top); + } + return TRUE; +Error: + return FALSE; +} + +//*** BigInitialized() +// This function initializes an OSSL BIGNUM from a TPM bigConst. Do not use this for +// values that are passed to OpenSLL when they are not declared as const in the +// function prototype. Instead, use BnNewVariable(). +BIGNUM * +BigInitialized( + BIGNUM *toInit, + bigConst initializer + ) +{ + if(initializer == NULL) + FAIL(FATAL_ERROR_PARAMETER); + if(toInit == NULL || initializer == NULL) + return NULL; + toInit->d = (BN_ULONG *)&initializer->d[0]; + toInit->dmax = (int)initializer->allocated; + toInit->top = (int)initializer->size; + toInit->neg = 0; + toInit->flags = 0; + return toInit; +} + +#ifndef OSSL_DEBUG +# define BIGNUM_PRINT(label, bn, eol) +# define DEBUG_PRINT(x) +#else +# define DEBUG_PRINT(x) printf("%s", x) +# define BIGNUM_PRINT(label, bn, eol) BIGNUM_print((label), (bn), (eol)) + +//*** BIGNUM_print() +static void +BIGNUM_print( + const char *label, + const BIGNUM *a, + BOOL eol + ) +{ + BN_ULONG *d; + int i; + int notZero = FALSE; + + if(label != NULL) + printf("%s", label); + if(a == NULL) + { + printf("NULL"); + goto done; + } + if (a->neg) + printf("-"); + for(i = a->top, d = &a->d[i - 1]; i > 0; i--) + { + int j; + BN_ULONG l = *d--; + for(j = BN_BITS2 - 8; j >= 0; j -= 8) + { + BYTE b = (BYTE)((l >> j) & 0xFF); + notZero = notZero || (b != 0); + if(notZero) + printf("%02x", b); + } + if(!notZero) + printf("0"); + } +done: + if(eol) + printf("\n"); + return; +} +#endif + +//*** BnNewVariable() +// This function allocates a new variable in the provided context. If the context +// does not exist or the allocation fails, it is a catastrophic failure. +static BIGNUM * +BnNewVariable( + BN_CTX *CTX +) +{ + BIGNUM *new; +// + // This check is intended to protect against calling this function without + // having initialized the CTX. + if((CTX == NULL) || ((new = BN_CTX_get(CTX)) == NULL)) + FAIL(FATAL_ERROR_ALLOCATION); + return new; +} + +#if LIBRARY_COMPATIBILITY_CHECK + +//*** MathLibraryCompatibilityCheck() +void +MathLibraryCompatibilityCheck( + void + ) +{ + OSSL_ENTER(); + BIGNUM *osslTemp = BnNewVariable(CTX); + crypt_uword_t i; + BYTE test[] = {0x1F, 0x1E, 0x1D, 0x1C, 0x1B, 0x1A, 0x19, 0x18, + 0x17, 0x16, 0x15, 0x14, 0x13, 0x12, 0x11, 0x10, + 0x0F, 0x0E, 0x0D, 0x0C, 0x0B, 0x0A, 0x09, 0x08, + 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00}; + BN_VAR(tpmTemp, sizeof(test) * 8); // allocate some space for a test value +// + // Convert the test data to a bigNum + BnFromBytes(tpmTemp, test, sizeof(test)); + // Convert the test data to an OpenSSL BIGNUM + BN_bin2bn(test, sizeof(test), osslTemp); + // Make sure the values are consistent + VERIFY(osslTemp->top == (int)tpmTemp->size); + for(i = 0; i < tpmTemp->size; i++) + VERIFY(osslTemp->d[i] == tpmTemp->d[i]); + OSSL_LEAVE(); + return; +Error: + FAIL(FATAL_ERROR_MATHLIBRARY); +} +#endif + +//*** BnModMult() +// This function does a modular multiply. It first does a multiply and then a divide +// and returns the remainder of the divide. +// Return Type: BOOL +// TRUE(1) success +// FALSE(0) failure in operation +LIB_EXPORT BOOL +BnModMult( + bigNum result, + bigConst op1, + bigConst op2, + bigConst modulus + ) +{ + OSSL_ENTER(); + BOOL OK = TRUE; + BIGNUM *bnResult = BN_NEW(); + BIGNUM *bnTemp = BN_NEW(); + BIG_INITIALIZED(bnOp1, op1); + BIG_INITIALIZED(bnOp2, op2); + BIG_INITIALIZED(bnMod, modulus); +// + VERIFY(BN_mul(bnTemp, bnOp1, bnOp2, CTX)); + VERIFY(BN_div(NULL, bnResult, bnTemp, bnMod, CTX)); + VERIFY(OsslToTpmBn(result, bnResult)); + goto Exit; +Error: + OK = FALSE; +Exit: + OSSL_LEAVE(); + return OK; +} + +//*** BnMult() +// Multiplies two numbers +// Return Type: BOOL +// TRUE(1) success +// FALSE(0) failure in operation +LIB_EXPORT BOOL +BnMult( + bigNum result, + bigConst multiplicand, + bigConst multiplier + ) +{ + OSSL_ENTER(); + BIGNUM *bnTemp = BN_NEW(); + BOOL OK = TRUE; + BIG_INITIALIZED(bnA, multiplicand); + BIG_INITIALIZED(bnB, multiplier); +// + VERIFY(BN_mul(bnTemp, bnA, bnB, CTX)); + VERIFY(OsslToTpmBn(result, bnTemp)); + goto Exit; +Error: + OK = FALSE; +Exit: + OSSL_LEAVE(); + return OK; +} + +//*** BnDiv() +// This function divides two bigNum values. The function returns FALSE if +// there is an error in the operation. +// Return Type: BOOL +// TRUE(1) success +// FALSE(0) failure in operation +LIB_EXPORT BOOL +BnDiv( + bigNum quotient, + bigNum remainder, + bigConst dividend, + bigConst divisor + ) +{ + OSSL_ENTER(); + BIGNUM *bnQ = BN_NEW(); + BIGNUM *bnR = BN_NEW(); + BOOL OK = TRUE; + BIG_INITIALIZED(bnDend, dividend); + BIG_INITIALIZED(bnSor, divisor); +// + if(BnEqualZero(divisor)) + FAIL(FATAL_ERROR_DIVIDE_ZERO); + VERIFY(BN_div(bnQ, bnR, bnDend, bnSor, CTX)); + VERIFY(OsslToTpmBn(quotient, bnQ)); + VERIFY(OsslToTpmBn(remainder, bnR)); + DEBUG_PRINT("In BnDiv:\n"); + BIGNUM_PRINT(" bnDividend: ", bnDend, TRUE); + BIGNUM_PRINT(" bnDivisor: ", bnSor, TRUE); + BIGNUM_PRINT(" bnQuotient: ", bnQ, TRUE); + BIGNUM_PRINT(" bnRemainder: ", bnR, TRUE); + goto Exit; +Error: + OK = FALSE; +Exit: + OSSL_LEAVE(); + return OK; +} + +#if ALG_RSA +//*** BnGcd() +// Get the greatest common divisor of two numbers +// Return Type: BOOL +// TRUE(1) success +// FALSE(0) failure in operation +LIB_EXPORT BOOL +BnGcd( + bigNum gcd, // OUT: the common divisor + bigConst number1, // IN: + bigConst number2 // IN: + ) +{ + OSSL_ENTER(); + BIGNUM *bnGcd = BN_NEW(); + BOOL OK = TRUE; + BIG_INITIALIZED(bn1, number1); + BIG_INITIALIZED(bn2, number2); +// + VERIFY(BN_gcd(bnGcd, bn1, bn2, CTX)); + VERIFY(OsslToTpmBn(gcd, bnGcd)); + goto Exit; +Error: + OK = FALSE; +Exit: + OSSL_LEAVE(); + return OK; +} + +//***BnModExp() +// Do modular exponentiation using bigNum values. The conversion from a bignum_t to +// a bigNum is trivial as they are based on the same structure +// Return Type: BOOL +// TRUE(1) success +// FALSE(0) failure in operation +LIB_EXPORT BOOL +BnModExp( + bigNum result, // OUT: the result + bigConst number, // IN: number to exponentiate + bigConst exponent, // IN: + bigConst modulus // IN: + ) +{ + OSSL_ENTER(); + BIGNUM *bnResult = BN_NEW(); + BOOL OK = TRUE; + BIG_INITIALIZED(bnN, number); + BIG_INITIALIZED(bnE, exponent); + BIG_INITIALIZED(bnM, modulus); +// + VERIFY(BN_mod_exp(bnResult, bnN, bnE, bnM, CTX)); + VERIFY(OsslToTpmBn(result, bnResult)); + goto Exit; +Error: + OK = FALSE; +Exit: + OSSL_LEAVE(); + return OK; +} + +//*** BnModInverse() +// Modular multiplicative inverse +// Return Type: BOOL +// TRUE(1) success +// FALSE(0) failure in operation +LIB_EXPORT BOOL +BnModInverse( + bigNum result, + bigConst number, + bigConst modulus + ) +{ + OSSL_ENTER(); + BIGNUM *bnResult = BN_NEW(); + BOOL OK = TRUE; + BIG_INITIALIZED(bnN, number); + BIG_INITIALIZED(bnM, modulus); +// + VERIFY(BN_mod_inverse(bnResult, bnN, bnM, CTX) != NULL); + VERIFY(OsslToTpmBn(result, bnResult)); + goto Exit; +Error: + OK = FALSE; +Exit: + OSSL_LEAVE(); + return OK; +} +#endif // ALG_RSA + +#if ALG_ECC + +//*** PointFromOssl() +// Function to copy the point result from an OSSL function to a bigNum +// Return Type: BOOL +// TRUE(1) success +// FALSE(0) failure in operation +static BOOL +PointFromOssl( + bigPoint pOut, // OUT: resulting point + EC_POINT *pIn, // IN: the point to return + bigCurve E // IN: the curve + ) +{ + BIGNUM *x = NULL; + BIGNUM *y = NULL; + BOOL OK; + BN_CTX_start(E->CTX); +// + x = BN_CTX_get(E->CTX); + y = BN_CTX_get(E->CTX); + + if(y == NULL) + FAIL(FATAL_ERROR_ALLOCATION); + // If this returns false, then the point is at infinity + OK = EC_POINT_get_affine_coordinates_GFp(E->G, pIn, x, y, E->CTX); + if(OK) + { + OsslToTpmBn(pOut->x, x); + OsslToTpmBn(pOut->y, y); + BnSetWord(pOut->z, 1); + } + else + BnSetWord(pOut->z, 0); + BN_CTX_end(E->CTX); + return OK; +} + +//*** EcPointInitialized() +// Allocate and initialize a point. +static EC_POINT * +EcPointInitialized( + pointConst initializer, + bigCurve E + ) +{ + EC_POINT *P = NULL; + + if(initializer != NULL) + { + BIG_INITIALIZED(bnX, initializer->x); + BIG_INITIALIZED(bnY, initializer->y); + P = EC_POINT_new(E->G); + if(E == NULL) + FAIL(FATAL_ERROR_ALLOCATION); + if(!EC_POINT_set_affine_coordinates_GFp(E->G, P, bnX, bnY, E->CTX)) + P = NULL; + } + return P; +} + +//*** BnCurveInitialize() +// This function initializes the OpenSSL curve information structure. This +// structure points to the TPM-defined values for the curve, to the context for the +// number values in the frame, and to the OpenSSL-defined group values. +// Return Type: bigCurve * +// NULL the TPM_ECC_CURVE is not valid or there was a problem in +// in initializing the curve data +// non-NULL points to 'E' +LIB_EXPORT bigCurve +BnCurveInitialize( + bigCurve E, // IN: curve structure to initialize + TPM_ECC_CURVE curveId // IN: curve identifier +) +{ + const ECC_CURVE_DATA *C = GetCurveData(curveId); + if(C == NULL) + E = NULL; + if(E != NULL) + { + // This creates the OpenSSL memory context that stays in effect as long as the + // curve (E) is defined. + OSSL_ENTER(); // if the allocation fails, the TPM fails + EC_POINT *P = NULL; + BIG_INITIALIZED(bnP, C->prime); + BIG_INITIALIZED(bnA, C->a); + BIG_INITIALIZED(bnB, C->b); + BIG_INITIALIZED(bnX, C->base.x); + BIG_INITIALIZED(bnY, C->base.y); + BIG_INITIALIZED(bnN, C->order); + BIG_INITIALIZED(bnH, C->h); + // + E->C = C; + E->CTX = CTX; + + // initialize EC group, associate a generator point and initialize the point + // from the parameter data + // Create a group structure + E->G = EC_GROUP_new_curve_GFp(bnP, bnA, bnB, CTX); + VERIFY(E->G != NULL); + + // Allocate a point in the group that will be used in setting the + // generator. This is not needed after the generator is set. + P = EC_POINT_new(E->G); + VERIFY(P != NULL); + + // Need to use this in case Montgomery method is being used + VERIFY(EC_POINT_set_affine_coordinates_GFp(E->G, P, bnX, bnY, CTX)); + // Now set the generator + VERIFY(EC_GROUP_set_generator(E->G, P, bnN, bnH)); + + EC_POINT_free(P); + goto Exit; +Error: + EC_POINT_free(P); + BnCurveFree(E); + E = NULL; + } +Exit: + return E; +} + +//*** BnCurveFree() +// This function will free the allocated components of the curve and end the +// frame in which the curve data exists +LIB_EXPORT void +BnCurveFree( + bigCurve E +) +{ + if(E) + { + EC_GROUP_free(E->G); + OsslContextLeave(E->CTX); + } +} + + +//*** BnEccModMult() +// This function does a point multiply of the form R = [d]S +// Return Type: BOOL +// TRUE(1) success +// FALSE(0) failure in operation; treat as result being point at infinity +LIB_EXPORT BOOL +BnEccModMult( + bigPoint R, // OUT: computed point + pointConst S, // IN: point to multiply by 'd' (optional) + bigConst d, // IN: scalar for [d]S + bigCurve E + ) +{ + EC_POINT *pR = EC_POINT_new(E->G); + EC_POINT *pS = EcPointInitialized(S, E); + BIG_INITIALIZED(bnD, d); + + if(S == NULL) + EC_POINT_mul(E->G, pR, bnD, NULL, NULL, E->CTX); + else + EC_POINT_mul(E->G, pR, NULL, pS, bnD, E->CTX); + PointFromOssl(R, pR, E); + EC_POINT_free(pR); + EC_POINT_free(pS); + return !BnEqualZero(R->z); +} + +//*** BnEccModMult2() +// This function does a point multiply of the form R = [d]G + [u]Q +// Return Type: BOOL +// TRUE(1) success +// FALSE(0) failure in operation; treat as result being point at infinity +LIB_EXPORT BOOL +BnEccModMult2( + bigPoint R, // OUT: computed point + pointConst S, // IN: optional point + bigConst d, // IN: scalar for [d]S or [d]G + pointConst Q, // IN: second point + bigConst u, // IN: second scalar + bigCurve E // IN: curve + ) +{ + EC_POINT *pR = EC_POINT_new(E->G); + EC_POINT *pS = EcPointInitialized(S, E); + BIG_INITIALIZED(bnD, d); + EC_POINT *pQ = EcPointInitialized(Q, E); + BIG_INITIALIZED(bnU, u); + + if(S == NULL || S == (pointConst)&(AccessCurveData(E)->base)) + EC_POINT_mul(E->G, pR, bnD, pQ, bnU, E->CTX); + else + { + const EC_POINT *points[2]; + const BIGNUM *scalars[2]; + points[0] = pS; + points[1] = pQ; + scalars[0] = bnD; + scalars[1] = bnU; + EC_POINTs_mul(E->G, pR, NULL, 2, points, scalars, E->CTX); + } + PointFromOssl(R, pR, E); + EC_POINT_free(pR); + EC_POINT_free(pS); + EC_POINT_free(pQ); + return !BnEqualZero(R->z); +} + +//** BnEccAdd() +// This function does addition of two points. +// Return Type: BOOL +// TRUE(1) success +// FALSE(0) failure in operation; treat as result being point at infinity +LIB_EXPORT BOOL +BnEccAdd( + bigPoint R, // OUT: computed point + pointConst S, // IN: point to multiply by 'd' + pointConst Q, // IN: second point + bigCurve E // IN: curve + ) +{ + EC_POINT *pR = EC_POINT_new(E->G); + EC_POINT *pS = EcPointInitialized(S, E); + EC_POINT *pQ = EcPointInitialized(Q, E); +// + EC_POINT_add(E->G, pR, pS, pQ, E->CTX); + + PointFromOssl(R, pR, E); + EC_POINT_free(pR); + EC_POINT_free(pS); + EC_POINT_free(pQ); + return !BnEqualZero(R->z); +} + +#endif // ALG_ECC + + +#endif // MATHLIB OSSL \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/ossl/TpmToOsslSupport.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/ossl/TpmToOsslSupport.c new file mode 100644 index 000000000..de7d939e1 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/ossl/TpmToOsslSupport.c @@ -0,0 +1,112 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +//** Introduction +// +// The functions in this file are used for initialization of the interface to the +// OpenSSL library. + +//** Defines and Includes + +#include "Tpm.h" + +#if defined(HASH_LIB_OSSL) || defined(MATH_LIB_OSSL) || defined(SYM_LIB_OSSL) +// Used to pass the pointers to the correct sub-keys +typedef const BYTE *desKeyPointers[3]; + +//*** SupportLibInit() +// This does any initialization required by the support library. +LIB_EXPORT int +SupportLibInit( + void + ) +{ +#if LIBRARY_COMPATIBILITY_CHECK + MathLibraryCompatibilityCheck(); +#endif + return TRUE; +} + +//*** OsslContextEnter() +// This function is used to initialize an OpenSSL context at the start of a function +// that will call to an OpenSSL math function. +BN_CTX * +OsslContextEnter( + void + ) +{ + BN_CTX *CTX = BN_CTX_new(); +// + return OsslPushContext(CTX); +} + +//*** OsslContextLeave() +// This is the companion function to OsslContextEnter(). +void +OsslContextLeave( + BN_CTX *CTX + ) +{ + OsslPopContext(CTX); + BN_CTX_free(CTX); +} + +//*** OsslPushContext() +// This function is used to create a frame in a context. All values allocated within +// this context after the frame is started will be automatically freed when the +// context (OsslPopContext() +BN_CTX * +OsslPushContext( + BN_CTX *CTX + ) +{ + if(CTX == NULL) + FAIL(FATAL_ERROR_ALLOCATION); + BN_CTX_start(CTX); + return CTX; +} + +//*** OsslPopContext() +// This is the companion function to OsslPushContext(). +void +OsslPopContext( + BN_CTX *CTX + ) +{ + // BN_CTX_end can't be called with NULL. It will blow up. + if(CTX != NULL) + BN_CTX_end(CTX); +} + +#endif // HASH_LIB_OSSL || MATH_LIB_OSSL || SYM_LIB_OSSL diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/wolf/TpmToWolfDesSupport.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/wolf/TpmToWolfDesSupport.c new file mode 100644 index 000000000..b42b32b1c --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/wolf/TpmToWolfDesSupport.c @@ -0,0 +1,117 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +//** Introduction +// +// The functions in this file are used for initialization of the interface to the +// wolfcrypt library. + +//** Defines and Includes + +#include "Tpm.h" + +#if (defined SYM_LIB_WOLF) && ALG_TDES + +//**Functions +//** TDES_setup +// This function calls the wolfcrypt function to generate a TDES key schedule. If the +// If the key is two key (16 bytes), then the first DES key is replicated to the third +// key position. +int TDES_setup( + const BYTE *key, + UINT32 keyBits, + tpmKeyScheduleTDES *skey, + int dir + ) +{ + BYTE k[24]; + BYTE *kp; + + // If this is two-key, make it three key by replicating K1 + if(keyBits == 128) + { + memcpy(k, key, 16); + memcpy(&k[16], key, 8); + kp = k; + } + else + kp = (BYTE *)key; + + return wc_Des3_SetKey( skey, kp, 0, dir ); +} + +//** TDES_setup_encrypt_key +// This function calls into TDES_setup(), specifically for an encryption key. +int TDES_setup_encrypt_key( + const BYTE *key, + UINT32 keyBits, + tpmKeyScheduleTDES *skey +) +{ + return TDES_setup( key, keyBits, skey, DES_ENCRYPTION ); +} + +//** TDES_setup_decrypt_key +// This function calls into TDES_setup(), specifically for an decryption key. +int TDES_setup_decrypt_key( + const BYTE *key, + UINT32 keyBits, + tpmKeyScheduleTDES *skey +) +{ + return TDES_setup( key, keyBits, skey, DES_DECRYPTION ); +} + +//*** TDES_encyrpt() +void TDES_encrypt( + const BYTE *in, + BYTE *out, + tpmKeyScheduleTDES *ks + ) +{ + wc_Des3_EcbEncrypt( ks, out, in, DES_BLOCK_SIZE ); +} + +//*** TDES_decrypt() +void TDES_decrypt( + const BYTE *in, + BYTE *out, + tpmKeyScheduleTDES *ks + ) +{ + wc_Des3_EcbDecrypt( ks, out, in, DES_BLOCK_SIZE ); +} + +#endif // MATH_LIB_WOLF && ALG_TDES diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/wolf/TpmToWolfMath.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/wolf/TpmToWolfMath.c new file mode 100644 index 000000000..7169ee299 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/wolf/TpmToWolfMath.c @@ -0,0 +1,521 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +//** Introduction +// +// This file contains the math functions that are not implemented in the BnMath +// library (yet). These math functions will call the wolfcrypt library to execute +// the operations. There is a difference between the internal format and the +// wolfcrypt format. To call the wolfcrypt function, a mp_int structure is created +// for each passed variable. We define USE_FAST_MATH wolfcrypt option, which allocates +// mp_int on the stack. We must copy each word to the new structure, and set the used +// size. +// +// Not using USE_FAST_MATH would allow for a simple pointer swap for the big integer +// buffer 'd', however wolfcrypt expects to manage this memory, and will swap out +// the pointer to and from temporary variables and free the reference underneath us. +// Using USE_FAST_MATH also instructs wolfcrypt to use the stack for all these +// intermediate variables + + +//** Includes and Defines +#include "Tpm.h" + +#ifdef MATH_LIB_WOLF +#include "BnConvert_fp.h" +#include "TpmToWolfMath_fp.h" + +#define WOLF_HALF_RADIX (RADIX_BITS == 64 && !defined(FP_64BIT)) + +//** Functions + +//*** BnFromWolf() +// This function converts a wolfcrypt mp_int to a TPM bignum. In this implementation +// it is assumed that wolfcrypt used the same format for a big number as does the +// TPM -- an array of native-endian words in little-endian order. +void +BnFromWolf( + bigNum bn, + mp_int *wolfBn + ) +{ + if(bn != NULL) + { + int i; +#if WOLF_HALF_RADIX + pAssert((unsigned)wolfBn->used <= 2 * BnGetAllocated(bn)); +#else + pAssert((unsigned)wolfBn->used <= BnGetAllocated(bn)); +#endif + for (i = 0; i < wolfBn->used; i++) + { +#if WOLF_HALF_RADIX + if (i & 1) + bn->d[i/2] |= (crypt_uword_t)wolfBn->dp[i] << 32; + else + bn->d[i/2] = wolfBn->dp[i]; +#else + bn->d[i] = wolfBn->dp[i]; +#endif + } + +#if WOLF_HALF_RADIX + BnSetTop(bn, (wolfBn->used + 1)/2); +#else + BnSetTop(bn, wolfBn->used); +#endif + } +} + +//*** BnToWolf() +// This function converts a TPM bignum to a wolfcrypt mp_init, and has the same +// assumptions as made by BnFromWolf() +void +BnToWolf( + mp_int *toInit, + bigConst initializer + ) +{ + uint32_t i; + if (toInit != NULL && initializer != NULL) + { + for (i = 0; i < initializer->size; i++) + { +#if WOLF_HALF_RADIX + toInit->dp[2 * i] = (fp_digit)initializer->d[i]; + toInit->dp[2 * i + 1] = (fp_digit)(initializer->d[i] >> 32); +#else + toInit->dp[i] = initializer->d[i]; +#endif + } + +#if WOLF_HALF_RADIX + toInit->used = (int)initializer->size * 2; + if (toInit->dp[toInit->used - 1] == 0 && toInit->dp[toInit->used - 2] != 0) + --toInit->used; +#else + toInit->used = (int)initializer->size; +#endif + toInit->sign = 0; + } +} + +//*** MpInitialize() +// This function initializes an wolfcrypt mp_int. +mp_int * +MpInitialize( + mp_int *toInit +) +{ + mp_init( toInit ); + return toInit; +} + +#if LIBRARY_COMPATIBILITY_CHECK +//** MathLibraryCompatibililtyCheck() +// This function is only used during development to make sure that the library +// that is being referenced is using the same size of data structures as the TPM. +void +MathLibraryCompatibilityCheck( + void + ) +{ + BN_VAR(tpmTemp, 64 * 8); // allocate some space for a test value + crypt_uword_t i; + TPM2B_TYPE(TEST, 16); + TPM2B_TEST test = {{16, {0x0F, 0x0E, 0x0D, 0x0C, + 0x0B, 0x0A, 0x09, 0x08, + 0x07, 0x06, 0x05, 0x04, + 0x03, 0x02, 0x01, 0x00}}}; + // Convert the test TPM2B to a bigNum + BnFrom2B(tpmTemp, &test.b); + MP_INITIALIZED(wolfTemp, tpmTemp); + (wolfTemp); // compiler warning + // Make sure the values are consistent + cAssert(wolfTemp->used == (int)tpmTemp->size); + for(i = 0; i < tpmTemp->size; i++) + cAssert(wolfTemp->dp[i] == tpmTemp->d[i]); +} +#endif + +//*** BnModMult() +// Does multiply and divide returning the remainder of the divide. +LIB_EXPORT BOOL +BnModMult( + bigNum result, + bigConst op1, + bigConst op2, + bigConst modulus + ) +{ + WOLF_ENTER(); + BOOL OK; + MP_INITIALIZED(bnOp1, op1); + MP_INITIALIZED(bnOp2, op2); + MP_INITIALIZED(bnTemp, NULL); + BN_VAR(temp, LARGEST_NUMBER_BITS * 2); + + pAssert(BnGetAllocated(result) >= BnGetSize(modulus)); + + OK = (mp_mul( bnOp1, bnOp2, bnTemp ) == MP_OKAY); + if(OK) + { + BnFromWolf(temp, bnTemp); + OK = BnDiv(NULL, result, temp, modulus); + } + + WOLF_LEAVE(); + return OK; +} + +//*** BnMult() +// Multiplies two numbers +LIB_EXPORT BOOL +BnMult( + bigNum result, + bigConst multiplicand, + bigConst multiplier + ) +{ + WOLF_ENTER(); + BOOL OK; + MP_INITIALIZED(bnTemp, NULL); + MP_INITIALIZED(bnA, multiplicand); + MP_INITIALIZED(bnB, multiplier); + + pAssert(result->allocated >= + (BITS_TO_CRYPT_WORDS(BnSizeInBits(multiplicand) + + BnSizeInBits(multiplier)))); + + OK = (mp_mul( bnA, bnB, bnTemp ) == MP_OKAY); + if(OK) + { + BnFromWolf(result, bnTemp); + } + + WOLF_LEAVE(); + return OK; +} + +//*** BnDiv() +// This function divides two bigNum values. The function returns FALSE if +// there is an error in the operation. +LIB_EXPORT BOOL +BnDiv( + bigNum quotient, + bigNum remainder, + bigConst dividend, + bigConst divisor + ) +{ + WOLF_ENTER(); + BOOL OK; + MP_INITIALIZED(bnQ, quotient); + MP_INITIALIZED(bnR, remainder); + MP_INITIALIZED(bnDend, dividend); + MP_INITIALIZED(bnSor, divisor); + pAssert(!BnEqualZero(divisor)); + if(BnGetSize(dividend) < BnGetSize(divisor)) + { + if(quotient) + BnSetWord(quotient, 0); + if(remainder) + BnCopy(remainder, dividend); + OK = TRUE; + } + else + { + pAssert((quotient == NULL) + || (quotient->allocated >= (unsigned)(dividend->size + - divisor->size))); + pAssert((remainder == NULL) + || (remainder->allocated >= divisor->size)); + OK = (mp_div(bnDend , bnSor, bnQ, bnR) == MP_OKAY); + if(OK) + { + BnFromWolf(quotient, bnQ); + BnFromWolf(remainder, bnR); + } + } + + WOLF_LEAVE(); + return OK; +} + +#if ALG_RSA +//*** BnGcd() +// Get the greatest common divisor of two numbers +LIB_EXPORT BOOL +BnGcd( + bigNum gcd, // OUT: the common divisor + bigConst number1, // IN: + bigConst number2 // IN: + ) +{ + WOLF_ENTER(); + BOOL OK; + MP_INITIALIZED(bnGcd, gcd); + MP_INITIALIZED(bn1, number1); + MP_INITIALIZED(bn2, number2); + pAssert(gcd != NULL); + OK = (mp_gcd( bn1, bn2, bnGcd ) == MP_OKAY); + if(OK) + { + BnFromWolf(gcd, bnGcd); + } + WOLF_LEAVE(); + return OK; +} + +//***BnModExp() +// Do modular exponentiation using bigNum values. The conversion from a mp_int to +// a bigNum is trivial as they are based on the same structure +LIB_EXPORT BOOL +BnModExp( + bigNum result, // OUT: the result + bigConst number, // IN: number to exponentiate + bigConst exponent, // IN: + bigConst modulus // IN: + ) +{ + WOLF_ENTER(); + BOOL OK; + MP_INITIALIZED(bnResult, result); + MP_INITIALIZED(bnN, number); + MP_INITIALIZED(bnE, exponent); + MP_INITIALIZED(bnM, modulus); + OK = (mp_exptmod( bnN, bnE, bnM, bnResult ) == MP_OKAY); + if(OK) + { + BnFromWolf(result, bnResult); + } + + WOLF_LEAVE(); + return OK; +} + +//*** BnModInverse() +// Modular multiplicative inverse +LIB_EXPORT BOOL +BnModInverse( + bigNum result, + bigConst number, + bigConst modulus + ) +{ + WOLF_ENTER(); + BOOL OK; + MP_INITIALIZED(bnResult, result); + MP_INITIALIZED(bnN, number); + MP_INITIALIZED(bnM, modulus); + + OK = (mp_invmod(bnN, bnM, bnResult) == MP_OKAY); + if(OK) + { + BnFromWolf(result, bnResult); + } + + WOLF_LEAVE(); + return OK; +} +#endif // TPM_ALG_RSA + +#if ALG_ECC + +//*** PointFromWolf() +// Function to copy the point result from a wolf ecc_point to a bigNum +void +PointFromWolf( + bigPoint pOut, // OUT: resulting point + ecc_point *pIn // IN: the point to return + ) +{ + BnFromWolf(pOut->x, pIn->x); + BnFromWolf(pOut->y, pIn->y); + BnFromWolf(pOut->z, pIn->z); +} + +//*** PointToWolf() +// Function to copy the point result from a bigNum to a wolf ecc_point +void +PointToWolf( + ecc_point *pOut, // OUT: resulting point + pointConst pIn // IN: the point to return + ) +{ + BnToWolf(pOut->x, pIn->x); + BnToWolf(pOut->y, pIn->y); + BnToWolf(pOut->z, pIn->z); +} + +//*** EcPointInitialized() +// Allocate and initialize a point. +static ecc_point * +EcPointInitialized( + pointConst initializer + ) +{ + ecc_point *P; + + P = wc_ecc_new_point(); + pAssert(P != NULL); + // mp_int x,y,z are stack allocated. + // initializer is not required + if (P != NULL && initializer != NULL) + { + PointToWolf( P, initializer ); + } + + return P; +} + +//*** BnEccModMult() +// This function does a point multiply of the form R = [d]S +// return type: BOOL +// FALSE failure in operation; treat as result being point at infinity +LIB_EXPORT BOOL +BnEccModMult( + bigPoint R, // OUT: computed point + pointConst S, // IN: point to multiply by 'd' (optional) + bigConst d, // IN: scalar for [d]S + bigCurve E + ) +{ + WOLF_ENTER(); + BOOL OK; + MP_INITIALIZED(bnD, d); + MP_INITIALIZED(bnPrime, CurveGetPrime(E)); + POINT_CREATE(pS, NULL); + POINT_CREATE(pR, NULL); + + if(S == NULL) + S = CurveGetG(AccessCurveData(E)); + + PointToWolf(pS, S); + + OK = (wc_ecc_mulmod(bnD, pS, pR, NULL, bnPrime, 1 ) == MP_OKAY); + if(OK) + { + PointFromWolf(R, pR); + } + + POINT_DELETE(pR); + POINT_DELETE(pS); + + WOLF_LEAVE(); + return !BnEqualZero(R->z); +} + +//*** BnEccModMult2() +// This function does a point multiply of the form R = [d]G + [u]Q +// return type: BOOL +// FALSE failure in operation; treat as result being point at infinity +LIB_EXPORT BOOL +BnEccModMult2( + bigPoint R, // OUT: computed point + pointConst S, // IN: optional point + bigConst d, // IN: scalar for [d]S or [d]G + pointConst Q, // IN: second point + bigConst u, // IN: second scalar + bigCurve E // IN: curve + ) +{ + WOLF_ENTER(); + BOOL OK; + POINT_CREATE(pR, NULL); + POINT_CREATE(pS, NULL); + POINT_CREATE(pQ, Q); + MP_INITIALIZED(bnD, d); + MP_INITIALIZED(bnU, u); + MP_INITIALIZED(bnPrime, CurveGetPrime(E)); + MP_INITIALIZED(bnA, CurveGet_a(E)); + + if(S == NULL) + S = CurveGetG(AccessCurveData(E)); + PointToWolf( pS, S ); + + OK = (ecc_mul2add(pS, bnD, pQ, bnU, pR, bnA, bnPrime, NULL) == MP_OKAY); + if(OK) + { + PointFromWolf(R, pR); + } + + POINT_DELETE(pS); + POINT_DELETE(pQ); + POINT_DELETE(pR); + + WOLF_LEAVE(); + return !BnEqualZero(R->z); +} + +//** BnEccAdd() +// This function does addition of two points. +// return type: BOOL +// FALSE failure in operation; treat as result being point at infinity +LIB_EXPORT BOOL +BnEccAdd( + bigPoint R, // OUT: computed point + pointConst S, // IN: point to multiply by 'd' + pointConst Q, // IN: second point + bigCurve E // IN: curve + ) +{ + WOLF_ENTER(); + BOOL OK; + mp_digit mp; + POINT_CREATE(pR, NULL); + POINT_CREATE(pS, S); + POINT_CREATE(pQ, Q); + MP_INITIALIZED(bnA, CurveGet_a(E)); + MP_INITIALIZED(bnMod, CurveGetPrime(E)); +// + OK = (mp_montgomery_setup(bnMod, &mp) == MP_OKAY); + OK = OK && (ecc_projective_add_point(pS, pQ, pR, bnA, bnMod, mp ) == MP_OKAY); + if(OK) + { + PointFromWolf(R, pR); + } + + POINT_DELETE(pS); + POINT_DELETE(pQ); + POINT_DELETE(pR); + + WOLF_LEAVE(); + return !BnEqualZero(R->z); +} + +#endif // TPM_ALG_ECC + +#endif // MATH_LIB_WOLF \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/wolf/TpmToWolfSupport.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/wolf/TpmToWolfSupport.c new file mode 100644 index 000000000..5492e350e --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/wolf/TpmToWolfSupport.c @@ -0,0 +1,60 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +//** Introduction +// +// The functions in this file are used for initialization of the interface to the +// wolfSSL library. + +//** Defines and Includes + +#include "Tpm.h" + +#if defined(HASH_LIB_WOLF) || defined(MATH_LIB_WOLF) || defined(SYM_LIB_WOLF) + +//*** SupportLibInit() +// This does any initialization required by the support library. +LIB_EXPORT int +SupportLibInit( + void + ) +{ +#if LIBRARY_COMPATIBILITY_CHECK + MathLibraryCompatibilityCheck(); +#endif + return TRUE; +} + +#endif // HASH_LIB_WOLF || MATH_LIB_WOLF || SYM_LIB_WOLF diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/wolf/wolfssl.vcxproj b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/wolf/wolfssl.vcxproj new file mode 100644 index 000000000..d36991af2 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/wolf/wolfssl.vcxproj @@ -0,0 +1,194 @@ + + + + + Coverage + Win32 + + + Coverage + x64 + + + WolfDebug + Win32 + + + WolfDebug + x64 + + + WolfRelease + Win32 + + + WolfRelease + x64 + + + + {73973223-5EE8-41CA-8E88-1D60E89A237B} + wolfssl + Win32Proj + 10.0.17763.0 + $(SolutionDir)..\external\wolfssl\ + + + + StaticLibrary + v141 + Unicode + true + + + StaticLibrary + v141 + Unicode + true + + + StaticLibrary + v141 + Unicode + + + StaticLibrary + v141 + Unicode + + + StaticLibrary + v141 + Unicode + + + StaticLibrary + v141 + Unicode + + + + + + + + + + + + + + + + + + + + + + + + + $(SolutionDir)\bin\$(PlatformTarget)\$(Configuration)\ + $(SolutionDir)\bin\$(ProjectName)\$(PlatformTarget)\$(Configuration)\ + $(VC_IncludePath);$(WindowsSDK_IncludePath);$(WolfRootDir) + + + + WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;CYASSL_USER_SETTINGS;%(PreprocessorDefinitions) + + + + + Disabled + true + EnableFastChecks + MultiThreadedDebugDLL + + Level4 + EditAndContinue + 4206;4214;4706;%(DisableSpecificWarnings) + $(SolutionDir)\tpm\include;$(SolutionDir)\tpm\include\wolf;%(AdditionalIncludeDirectories) + + + + + Disabled + true + EnableFastChecks + MultiThreadedDebugDLL + + + Level4 + EditAndContinue + 4206;4214;4706;%(DisableSpecificWarnings) + $(SolutionDir)\tpm\include;$(SolutionDir)\tpm\include\wolf;%(AdditionalIncludeDirectories) + + + + + Disabled + EnableFastChecks + MultiThreadedDebugDLL + + + Level4 + ProgramDatabase + 4206;4214;4706;%(DisableSpecificWarnings) + $(SolutionDir)\tpm\include;$(SolutionDir)\tpm\include\wolf;%(AdditionalIncludeDirectories) + + + + + Disabled + EnableFastChecks + MultiThreadedDebugDLL + + + Level4 + ProgramDatabase + 4206;4214;4706;%(DisableSpecificWarnings) + + + + + MaxSpeed + true + MultiThreadedDLL + true + + Level3 + ProgramDatabase + $(SolutionDir)\tpm\include;$(SolutionDir)\tpm\include\wolf;%(AdditionalIncludeDirectories) + + + + + MaxSpeed + true + MultiThreadedDLL + true + + + Level3 + ProgramDatabase + $(SolutionDir)\tpm\include;$(SolutionDir)\tpm\include\wolf;%(AdditionalIncludeDirectories) + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/events/_TPM_Hash_Data.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/events/_TPM_Hash_Data.c new file mode 100644 index 000000000..52d5ecbb2 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/events/_TPM_Hash_Data.c @@ -0,0 +1,70 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" + +// This function is called to process a _TPM_Hash_Data indication. +LIB_EXPORT void +_TPM_Hash_Data( + uint32_t dataSize, // IN: size of data to be extend + unsigned char *data // IN: data buffer + ) +{ + UINT32 i; + HASH_OBJECT *hashObject; + TPMI_DH_PCR pcrHandle = TPMIsStarted() + ? PCR_FIRST + DRTM_PCR : PCR_FIRST + HCRTM_PCR; + +// If there is no DRTM sequence object, then _TPM_Hash_Start +// was not called so this function returns without doing +// anything. + if(g_DRTMHandle == TPM_RH_UNASSIGNED) + return; + + hashObject = (HASH_OBJECT *)HandleToObject(g_DRTMHandle); + pAssert(hashObject->attributes.eventSeq); + + // For each of the implemented hash algorithms, update the digest with the + // data provided. + for(i = 0; i < HASH_COUNT; i++) + { + // make sure that the PCR is implemented for this algorithm + if(PcrIsAllocated(pcrHandle, + hashObject->state.hashState[i].hashAlg)) + // Update sequence object + CryptDigestUpdate(&hashObject->state.hashState[i], dataSize, data); + } + + return; +} \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/events/_TPM_Hash_End.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/events/_TPM_Hash_End.c new file mode 100644 index 000000000..72d0519b1 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/events/_TPM_Hash_End.c @@ -0,0 +1,102 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" + +// This function is called to process a _TPM_Hash_End indication. +LIB_EXPORT void +_TPM_Hash_End( + void + ) +{ + UINT32 i; + TPM2B_DIGEST digest; + HASH_OBJECT *hashObject; + TPMI_DH_PCR pcrHandle; + + // If the DRTM handle is not being used, then either _TPM_Hash_Start has not + // been called, _TPM_Hash_End was previously called, or some other command + // was executed and the sequence was aborted. + if(g_DRTMHandle == TPM_RH_UNASSIGNED) + return; + + // Get DRTM sequence object + hashObject = (HASH_OBJECT *)HandleToObject(g_DRTMHandle); + + // Is this _TPM_Hash_End after Startup or before + if(TPMIsStarted()) + { + // After + + // Reset the DRTM PCR + PCRResetDynamics(); + + // Extend the DRTM_PCR. + pcrHandle = PCR_FIRST + DRTM_PCR; + + // DRTM sequence increments restartCount + gr.restartCount++; + } + else + { + pcrHandle = PCR_FIRST + HCRTM_PCR; + g_DrtmPreStartup = TRUE; + } + + // Complete hash and extend PCR, or if this is an HCRTM, complete + // the hash, reset the H-CRTM register (PCR[0]) to 0...04, and then + // extend the H-CRTM data + for(i = 0; i < HASH_COUNT; i++) + { + TPMI_ALG_HASH hash = CryptHashGetAlgByIndex(i); + // make sure that the PCR is implemented for this algorithm + if(PcrIsAllocated(pcrHandle, + hashObject->state.hashState[i].hashAlg)) + { + // Complete hash + digest.t.size = CryptHashGetDigestSize(hash); + CryptHashEnd2B(&hashObject->state.hashState[i], &digest.b); + + PcrDrtm(pcrHandle, hash, &digest); + } + } + + // Flush sequence object. + FlushObject(g_DRTMHandle); + + g_DRTMHandle = TPM_RH_UNASSIGNED; + + + return; +} \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/events/_TPM_Hash_Start.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/events/_TPM_Hash_Start.c new file mode 100644 index 000000000..9d108fef1 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/events/_TPM_Hash_Start.c @@ -0,0 +1,92 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" + +// This function is called to process a _TPM_Hash_Start indication. +LIB_EXPORT void +_TPM_Hash_Start( + void + ) +{ + TPM_RC result; + TPMI_DH_OBJECT handle; + + // If a DRTM sequence object exists, free it up + if(g_DRTMHandle != TPM_RH_UNASSIGNED) + { + FlushObject(g_DRTMHandle); + g_DRTMHandle = TPM_RH_UNASSIGNED; + } + + // Create an event sequence object and store the handle in global + // g_DRTMHandle. A TPM_RC_OBJECT_MEMORY error may be returned at this point + // The NULL value for the first parameter will cause the sequence structure to + // be allocated without being set as present. This keeps the sequence from + // being left behind if the sequence is terminated early. + result = ObjectCreateEventSequence(NULL, &g_DRTMHandle); + + // If a free slot was not available, then free up a slot. + if(result != TPM_RC_SUCCESS) + { + // An implementation does not need to have a fixed relationship between + // slot numbers and handle numbers. To handle the general case, scan for + // a handle that is assigned and free it for the DRTM sequence. + // In the reference implementation, the relationship between handles and + // slots is fixed. So, if the call to ObjectCreateEvenSequence() + // failed indicating that all slots are occupied, then the first handle we + // are going to check (TRANSIENT_FIRST) will be occupied. It will be freed + // so that it can be assigned for use as the DRTM sequence object. + for(handle = TRANSIENT_FIRST; handle < TRANSIENT_LAST; handle++) + { + // try to flush the first object + if(IsObjectPresent(handle)) + break; + } + // If the first call to find a slot fails but none of the slots is occupied + // then there's a big problem + pAssert(handle < TRANSIENT_LAST); + + // Free the slot + FlushObject(handle); + + // Try to create an event sequence object again. This time, we must + // succeed. + result = ObjectCreateEventSequence(NULL, &g_DRTMHandle); + if(result != TPM_RC_SUCCESS) + FAIL(FATAL_ERROR_INTERNAL); + } + + return; +} \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/events/_TPM_Init.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/events/_TPM_Init.c new file mode 100644 index 000000000..0adc0a41a --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/events/_TPM_Init.c @@ -0,0 +1,90 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "Tpm.h" +#include "_TPM_Init_fp.h" + + // This function is used to process a _TPM_Init indication. +LIB_EXPORT void +_TPM_Init( + void + ) +{ + g_powerWasLost = g_powerWasLost | _plat__WasPowerLost(); + +#if SIMULATION && DEBUG + // If power was lost and this was a simulation, put canary in RAM used by NV + // so that uninitialized memory can be detected more easily + if(g_powerWasLost) + { + memset(&gc, 0xbb, sizeof(gc)); + memset(&gr, 0xbb, sizeof(gr)); + memset(&gp, 0xbb, sizeof(gp)); + memset(&go, 0xbb, sizeof(go)); + } +#endif + +#if SIMULATION + // Clear the flag that forces failure on self-test + g_forceFailureMode = FALSE; +#endif + + // Set initialization state + TPMInit(); + + // Set g_DRTMHandle as unassigned + g_DRTMHandle = TPM_RH_UNASSIGNED; + + // No H-CRTM, yet. + g_DrtmPreStartup = FALSE; + + // Initialize the NvEnvironment. + g_nvOk = NvPowerOn(); + + // Initialize cryptographic functions + g_inFailureMode = (CryptInit() == FALSE); + if(!g_inFailureMode) + { + // Load the persistent data + NvReadPersistent(); + + // Load the orderly data (clock and DRBG state). + // If this is not done here, things break + NvRead(&go, NV_ORDERLY_DATA, sizeof(go)); + + // Start clock. Need to do this after NV has been restored. + TimePowerOn(); + } + return; +} \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/main/CommandDispatcher.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/main/CommandDispatcher.c new file mode 100644 index 000000000..bc55a3b0e --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/main/CommandDispatcher.c @@ -0,0 +1,430 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +//** Includes and Typedefs +#include "Tpm.h" + +#if TABLE_DRIVEN_DISPATCH + +typedef TPM_RC(NoFlagFunction)(void *target, BYTE **buffer, INT32 *size); +typedef TPM_RC(FlagFunction)(void *target, BYTE **buffer, INT32 *size, BOOL flag); + +typedef FlagFunction *UNMARSHAL_t; + +typedef INT16(MarshalFunction)(void *source, BYTE **buffer, INT32 *size); +typedef MarshalFunction *MARSHAL_t; + +typedef TPM_RC(COMMAND_NO_ARGS)(void); +typedef TPM_RC(COMMAND_IN_ARG)(void *in); +typedef TPM_RC(COMMAND_OUT_ARG)(void *out); +typedef TPM_RC(COMMAND_INOUT_ARG)(void *in, void *out); + +typedef union COMMAND_t +{ + COMMAND_NO_ARGS *noArgs; + COMMAND_IN_ARG *inArg; + COMMAND_OUT_ARG *outArg; + COMMAND_INOUT_ARG *inOutArg; +} COMMAND_t; + +// This structure is used by ParseHandleBuffer() and CommandDispatcher(). The +// parameters in this structure are unique for each command. The parameters are: +// command holds the address of the command processing function that is called +// by Command Dispatcher. +// inSize this is the size of the command-dependent input structure. The +// input structure holds the unmarshaled handles and command +// parameters. If the command takes no arguments (handles or +// parameters) then inSize will have a value of 0. +// outSize this is the size of the command-dependent output structure. The +// output structure holds the results of the command in an unmarshaled +// form. When command processing is completed, these values are +// marshaled into the output buffer. It is always the case that the +// unmarshaled version of an output structure is larger then the +// marshaled version. This is because the marshaled version contains +// the exact same number of significant bytes but with padding removed. +// typesOffsets this parameter points to the list of data types that are to be +// marshaled or unmarshaled. The list of types follows the 'offsets' +// array. The offsets array is variable sized so the typesOffset filed +// is necessary for the handle and command processing to be able to +// find the types that are being handled. The 'offsets' array may be +// empty. The types structure is described below. +// offsets this is an array of offsets of each of the parameters in the +// command or response. When processing the command parameters (not +// handles) the list contains the offset of the next parameter. For +// example, if the first command parameter has a size of 4 and there is +// a second command parameter, then the offset would be 4, indicating +// that the second parameter starts at 4. If the second parameter has +// a size of 8, and there is a third parameter, then the second entry +// in offsets is 12 (4 for the first parameter and 8 for the second). +// An offset value of 0 in the list indicates the start of the response +// parameter list. When CommandDispatcher hits this value, it will stop +// unmarshaling the parameters and call 'command'. If a command has no +// response parameters and only one command parameter, then offsets can +// be an empty list. + +typedef struct COMMAND_DESCRIPTOR_t +{ + COMMAND_t command; // Address of the command + UINT16 inSize; // Maximum size of the input structure + UINT16 outSize; // Maximum size of the output structure + UINT16 typesOffset; // address of the types field + UINT16 offsets[1]; +} COMMAND_DESCRIPTOR_t; + +// The 'types' list is an encoded byte array. The byte value has two parts. The most +// significant bit is used when a parameter takes a flag and indicates if the flag +// should be SET or not. The remaining 7 bits are an index into an array of +// addresses of marshaling and unmarshaling functions. +// The array of functions is divided into 6 sections with a value assigned +// to denote the start of that section (and the end of the previous section). The +// defined offset values for each section are: +// 0 unmarshaling for handles that do not take flags +// HANDLE_FIRST_FLAG_TYPE unmarshaling for handles that take flags +// PARAMETER_FIRST_TYPE unmarshaling for parameters that do not take flags +// PARAMETER_FIRST_FLAG_TYPE unmarshaling for parameters that take flags +// PARAMETER_LAST_TYPE + 1 marshaling for handles +// RESPONSE_PARAMETER_FIRST_TYPE marshaling for parameters +// RESPONSE_PARAMETER_LAST_TYPE is the last value in the list of marshaling and +// unmarshaling functions. +// +// The types list is constructed with a byte of 0xff at the end of the command +// parameters and with an 0xff at the end of the response parameters. + +#if COMPRESSED_LISTS +# define PAD_LIST 0 +#else +# define PAD_LIST 1 +#endif +#define _COMMAND_TABLE_DISPATCH_ +#include "CommandDispatchData.h" + +#define TEST_COMMAND TPM_CC_Startup + +#define NEW_CC + +#else + +#include "Commands.h" + +#endif + +//** Marshal/Unmarshal Functions + +//*** ParseHandleBuffer() +// This is the table-driven version of the handle buffer unmarshaling code +TPM_RC +ParseHandleBuffer( + COMMAND *command + ) +{ + TPM_RC result; +#if TABLE_DRIVEN_DISPATCH + COMMAND_DESCRIPTOR_t *desc; + BYTE *types; + BYTE type; + BYTE dType; + + // Make sure that nothing strange has happened + pAssert(command->index + < sizeof(s_CommandDataArray) / sizeof(COMMAND_DESCRIPTOR_t *)); + // Get the address of the descriptor for this command + desc = s_CommandDataArray[command->index]; + + pAssert(desc != NULL); + // Get the associated list of unmarshaling data types. + types = &((BYTE *)desc)[desc->typesOffset]; + +// if(s_ccAttr[commandIndex].commandIndex == TEST_COMMAND) +// commandIndex = commandIndex; + // No handles yet + command->handleNum = 0; + + // Get the first type value + for(type = *types++; + // check each byte to make sure that we have not hit the start + // of the parameters + (dType = (type & 0x7F)) < PARAMETER_FIRST_TYPE; + // get the next type + type = *types++) + { + // See if unmarshaling of this handle type requires a flag + if(dType < HANDLE_FIRST_FLAG_TYPE) + { + // Look up the function to do the unmarshaling + NoFlagFunction *f = (NoFlagFunction *)UnmarshalArray[dType]; + // call it + result = f(&(command->handles[command->handleNum]), + &command->parameterBuffer, + &command->parameterSize); + } + else + { + // Look up the function + FlagFunction *f = UnmarshalArray[dType]; + + // Call it setting the flag to the appropriate value + result = f(&(command->handles[command->handleNum]), + &command->parameterBuffer, + &command->parameterSize, (type & 0x80) != 0); + } + // Got a handle + // We do this first so that the match for the handle offset of the + // response code works correctly. + command->handleNum += 1; + if(result != TPM_RC_SUCCESS) + // if the unmarshaling failed, return the response code with the + // handle indication set + return result + TPM_RC_H + (command->handleNum * TPM_RC_1); + } +#else + BYTE **handleBufferStart = &command->parameterBuffer; + INT32 *bufferRemainingSize = &command->parameterSize; + TPM_HANDLE *handles = &command->handles[0]; + UINT32 *handleCount = &command->handleNum; + *handleCount = 0; + switch(command->code) + { +#include "HandleProcess.h" +#undef handles + default: + FAIL(FATAL_ERROR_INTERNAL); + break; + } +#endif + return TPM_RC_SUCCESS; +} + +//*** CommandDispatcher() +// Function to unmarshal the command parameters, call the selected action code, and +// marshal the response parameters. +TPM_RC +CommandDispatcher( + COMMAND *command + ) +{ +#if !TABLE_DRIVEN_DISPATCH + TPM_RC result; + BYTE **paramBuffer = &command->parameterBuffer; + INT32 *paramBufferSize = &command->parameterSize; + BYTE **responseBuffer = &command->responseBuffer; + INT32 *respParmSize = &command->parameterSize; + INT32 rSize; + TPM_HANDLE *handles = &command->handles[0]; +// + command->handleNum = 0; // The command-specific code knows how + // many handles there are. This is for + // cataloging the number of response + // handles + MemoryIoBufferAllocationReset(); // Initialize so that allocation will + // work properly + switch(GetCommandCode(command->index)) + { +#include "CommandDispatcher.h" + + default: + FAIL(FATAL_ERROR_INTERNAL); + break; + } +Exit: + MemoryIoBufferZero(); + return result; +#else + COMMAND_DESCRIPTOR_t *desc; + BYTE *types; + BYTE type; + UINT16 *offsets; + UINT16 offset = 0; + UINT32 maxInSize; + BYTE *commandIn; + INT32 maxOutSize; + BYTE *commandOut; + COMMAND_t cmd; + TPM_HANDLE *handles; + UINT32 hasInParameters = 0; + BOOL hasOutParameters = FALSE; + UINT32 pNum = 0; + BYTE dType; // dispatch type + TPM_RC result; +// + // Get the address of the descriptor for this command + pAssert(command->index + < sizeof(s_CommandDataArray) / sizeof(COMMAND_DESCRIPTOR_t *)); + desc = s_CommandDataArray[command->index]; + + // Get the list of parameter types for this command + pAssert(desc != NULL); + types = &((BYTE *)desc)[desc->typesOffset]; + + // Get a pointer to the list of parameter offsets + offsets = &desc->offsets[0]; + // pointer to handles + handles = command->handles; + + // Get the size required to hold all the unmarshaled parameters for this command + maxInSize = desc->inSize; + // and the size of the output parameter structure returned by this command + maxOutSize = desc->outSize; + + MemoryIoBufferAllocationReset(); + // Get a buffer for the input parameters + commandIn = MemoryGetInBuffer(maxInSize); + // And the output parameters + commandOut = (BYTE *)MemoryGetOutBuffer((UINT32)maxOutSize); + + // Get the address of the action code dispatch + cmd = desc->command; + + // Copy any handles into the input buffer + for(type = *types++; (type & 0x7F) < PARAMETER_FIRST_TYPE; type = *types++) + { + // 'offset' was initialized to zero so the first unmarshaling will always + // be to the start of the data structure + *(TPM_HANDLE *)&(commandIn[offset]) = *handles++; + // This check is used so that we don't have to add an additional offset + // value to the offsets list to correspond to the stop value in the + // command parameter list. + if(*types != 0xFF) + offset = *offsets++; +// maxInSize -= sizeof(TPM_HANDLE); + hasInParameters++; + } + // Exit loop with type containing the last value read from types + // maxInSize has the amount of space remaining in the command action input + // buffer. Make sure that we don't have more data to unmarshal than is going to + // fit. + + // type contains the last value read from types so it is not necessary to + // reload it, which is good because *types now points to the next value + for(; (dType = (type & 0x7F)) <= PARAMETER_LAST_TYPE; type = *types++) + { + pNum++; + if(dType < PARAMETER_FIRST_FLAG_TYPE) + { + NoFlagFunction *f = (NoFlagFunction *)UnmarshalArray[dType]; + result = f(&commandIn[offset], &command->parameterBuffer, + &command->parameterSize); + } + else + { + FlagFunction *f = UnmarshalArray[dType]; + result = f(&commandIn[offset], &command->parameterBuffer, + &command->parameterSize, + (type & 0x80) != 0); + } + if(result != TPM_RC_SUCCESS) + { + result += TPM_RC_P + (TPM_RC_1 * pNum); + goto Exit; + } + + // This check is used so that we don't have to add an additional offset + // value to the offsets list to correspond to the stop value in the + // command parameter list. + if(*types != 0xFF) + offset = *offsets++; + hasInParameters++; + } + // Should have used all the bytes in the input + if(command->parameterSize != 0) + { + result = TPM_RC_SIZE; + goto Exit; + } + + // The command parameter unmarshaling stopped when it hit a value that was out + // of range for unmarshaling values and left *types pointing to the first + // marshaling type. If that type happens to be the STOP value, then there + // are no response parameters. So, set the flag to indicate if there are + // output parameters. + hasOutParameters = *types != 0xFF; + + // There are four cases for calling, with and without input parameters and with + // and without output parameters. + if(hasInParameters > 0) + { + if(hasOutParameters) + result = cmd.inOutArg(commandIn, commandOut); + else + result = cmd.inArg(commandIn); + } + else + { + if(hasOutParameters) + result = cmd.outArg(commandOut); + else + result = cmd.noArgs(); + } + if(result != TPM_RC_SUCCESS) + goto Exit; + + // Offset in the marshaled output structure + offset = 0; + + // Process the return handles, if any + command->handleNum = 0; + + // Could make this a loop to process output handles but there is only ever + // one handle in the outputs (for now). + type = *types++; + if((dType = (type & 0x7F)) < RESPONSE_PARAMETER_FIRST_TYPE) + { + // The out->handle value was referenced as TPM_HANDLE in the + // action code so it has to be properly aligned. + command->handles[command->handleNum++] = + *((TPM_HANDLE *)&(commandOut[offset])); + maxOutSize -= sizeof(UINT32); + type = *types++; + offset = *offsets++; + } + // Use the size of the command action output buffer as the maximum for the + // number of bytes that can get marshaled. Since the marshaling code has + // no pointers to data, all of the data being returned has to be in the + // command action output buffer. If we try to marshal more bytes than + // could fit into the output buffer, we need to fail. + for(;(dType = (type & 0x7F)) <= RESPONSE_PARAMETER_LAST_TYPE + && !g_inFailureMode; type = *types++) + { + const MARSHAL_t f = MarshalArray[dType]; + + command->parameterSize += f(&commandOut[offset], + &command->responseBuffer, + &maxOutSize); + offset = *offsets++; + } + result = (maxOutSize < 0) ? TPM_RC_FAILURE : TPM_RC_SUCCESS; +Exit: + MemoryIoBufferZero(); + return result; +#endif +} \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/main/ExecCommand.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/main/ExecCommand.c new file mode 100644 index 000000000..d7673c5d0 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/main/ExecCommand.c @@ -0,0 +1,317 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +//** Introduction +// +// This file contains the entry function ExecuteCommand() which provides the main +// control flow for TPM command execution. + +//** Includes + +#include "Tpm.h" +#include "ExecCommand_fp.h" + +// Uncomment this next #include if doing static command/response buffer sizing +// #include "CommandResponseSizes_fp.h" + +//** ExecuteCommand() +// +// The function performs the following steps. +// +// a) Parses the command header from input buffer. +// b) Calls ParseHandleBuffer() to parse the handle area of the command. +// c) Validates that each of the handles references a loaded entity. +// d) Calls ParseSessionBuffer () to: +// 1) unmarshal and parse the session area; +// 2) check the authorizations; and +// 3) when necessary, decrypt a parameter. +// e) Calls CommandDispatcher() to: +// 1) unmarshal the command parameters from the command buffer; +// 2) call the routine that performs the command actions; and +// 3) marshal the responses into the response buffer. +// f) If any error occurs in any of the steps above create the error response +// and return. +// g) Calls BuildResponseSessions() to: +// 1) when necessary, encrypt a parameter +// 2) build the response authorization sessions +// 3) update the audit sessions and nonces +// h) Calls BuildResponseHeader() to complete the construction of the response. +// +// 'responseSize' is set by the caller to the maximum number of bytes available in +// the output buffer. ExecuteCommand will adjust the value and return the number +// of bytes placed in the buffer. +// +// 'response' is also set by the caller to indicate the buffer into which +// ExecuteCommand is to place the response. +// +// 'request' and 'response' may point to the same buffer +// +// Note: As of February, 2016, the failure processing has been moved to the +// platform-specific code. When the TPM code encounters an unrecoverable failure, it +// will SET g_inFailureMode and call _plat__Fail(). That function should not return +// but may call ExecuteCommand(). +// +LIB_EXPORT void +ExecuteCommand( + uint32_t requestSize, // IN: command buffer size + unsigned char *request, // IN: command buffer + uint32_t *responseSize, // IN/OUT: response buffer size + unsigned char **response // IN/OUT: response buffer + ) +{ + // Command local variables + UINT32 commandSize; + COMMAND command; + + // Response local variables + UINT32 maxResponse = *responseSize; + TPM_RC result; // return code for the command + +// This next function call is used in development to size the command and response +// buffers. The values printed are the sizes of the internal structures and +// not the sizes of the canonical forms of the command response structures. Also, +// the sizes do not include the tag, command.code, requestSize, or the authorization +// fields. +//CommandResponseSizes(); + // Set flags for NV access state. This should happen before any other + // operation that may require a NV write. Note, that this needs to be done + // even when in failure mode. Otherwise, g_updateNV would stay SET while in + // Failure mode and the NV would be written on each call. + g_updateNV = UT_NONE; + g_clearOrderly = FALSE; + if(g_inFailureMode) + { + // Do failure mode processing + TpmFailureMode(requestSize, request, responseSize, response); + return; + } + // Query platform to get the NV state. The result state is saved internally + // and will be reported by NvIsAvailable(). The reference code requires that + // accessibility of NV does not change during the execution of a command. + // Specifically, if NV is available when the command execution starts and then + // is not available later when it is necessary to write to NV, then the TPM + // will go into failure mode. + NvCheckState(); + + // Due to the limitations of the simulation, TPM clock must be explicitly + // synchronized with the system clock whenever a command is received. + // This function call is not necessary in a hardware TPM. However, taking + // a snapshot of the hardware timer at the beginning of the command allows + // the time value to be consistent for the duration of the command execution. + TimeUpdateToCurrent(); + + // Any command through this function will unceremoniously end the + // _TPM_Hash_Data/_TPM_Hash_End sequence. + if(g_DRTMHandle != TPM_RH_UNASSIGNED) + ObjectTerminateEvent(); + + // Get command buffer size and command buffer. + command.parameterBuffer = request; + command.parameterSize = requestSize; + + // Parse command header: tag, commandSize and command.code. + // First parse the tag. The unmarshaling routine will validate + // that it is either TPM_ST_SESSIONS or TPM_ST_NO_SESSIONS. + result = TPMI_ST_COMMAND_TAG_Unmarshal(&command.tag, + &command.parameterBuffer, + &command.parameterSize); + if(result != TPM_RC_SUCCESS) + goto Cleanup; + // Unmarshal the commandSize indicator. + result = UINT32_Unmarshal(&commandSize, + &command.parameterBuffer, + &command.parameterSize); + if(result != TPM_RC_SUCCESS) + goto Cleanup; + // On a TPM that receives bytes on a port, the number of bytes that were + // received on that port is requestSize it must be identical to commandSize. + // In addition, commandSize must not be larger than MAX_COMMAND_SIZE allowed + // by the implementation. The check against MAX_COMMAND_SIZE may be redundant + // as the input processing (the function that receives the command bytes and + // places them in the input buffer) would likely have the input truncated when + // it reaches MAX_COMMAND_SIZE, and requestSize would not equal commandSize. + if(commandSize != requestSize || commandSize > MAX_COMMAND_SIZE) + { + result = TPM_RC_COMMAND_SIZE; + goto Cleanup; + } + // Unmarshal the command code. + result = TPM_CC_Unmarshal(&command.code, &command.parameterBuffer, + &command.parameterSize); + if(result != TPM_RC_SUCCESS) + goto Cleanup; + // Check to see if the command is implemented. + command.index = CommandCodeToCommandIndex(command.code); + if(UNIMPLEMENTED_COMMAND_INDEX == command.index) + { + result = TPM_RC_COMMAND_CODE; + goto Cleanup; + } +#if FIELD_UPGRADE_IMPLEMENTED == YES + // If the TPM is in FUM, then the only allowed command is + // TPM_CC_FieldUpgradeData. + if(IsFieldUgradeMode() && (command.code != TPM_CC_FieldUpgradeData)) + { + result = TPM_RC_UPGRADE; + goto Cleanup; + } + else +#endif + // Excepting FUM, the TPM only accepts TPM2_Startup() after + // _TPM_Init. After getting a TPM2_Startup(), TPM2_Startup() + // is no longer allowed. + if((!TPMIsStarted() && command.code != TPM_CC_Startup) + || (TPMIsStarted() && command.code == TPM_CC_Startup)) + { + result = TPM_RC_INITIALIZE; + goto Cleanup; + } +// Start regular command process. + NvIndexCacheInit(); + // Parse Handle buffer. + result = ParseHandleBuffer(&command); + if(result != TPM_RC_SUCCESS) + goto Cleanup; + // All handles in the handle area are required to reference TPM-resident + // entities. + result = EntityGetLoadStatus(&command); + if(result != TPM_RC_SUCCESS) + goto Cleanup; + // Authorization session handling for the command. + ClearCpRpHashes(&command); + if(command.tag == TPM_ST_SESSIONS) + { + // Find out session buffer size. + result = UINT32_Unmarshal((UINT32 *)&command.authSize, + &command.parameterBuffer, + &command.parameterSize); + if(result != TPM_RC_SUCCESS) + goto Cleanup; + // Perform sanity check on the unmarshaled value. If it is smaller than + // the smallest possible session or larger than the remaining size of + // the command, then it is an error. NOTE: This check could pass but the + // session size could still be wrong. That will be determined after the + // sessions are unmarshaled. + if(command.authSize < 9 + || command.authSize > command.parameterSize) + { + result = TPM_RC_SIZE; + goto Cleanup; + } + command.parameterSize -= command.authSize; + + // The actions of ParseSessionBuffer() are described in the introduction. + // As the sessions are parsed command.parameterBuffer is advanced so, on a + // successful return, command.parameterBuffer should be pointing at the + // first byte of the parameters. + result = ParseSessionBuffer(&command); + if(result != TPM_RC_SUCCESS) + goto Cleanup; + } + else + { + command.authSize = 0; + // The command has no authorization sessions. + // If the command requires authorizations, then CheckAuthNoSession() will + // return an error. + result = CheckAuthNoSession(&command); + if(result != TPM_RC_SUCCESS) + goto Cleanup; + } + // Set up the response buffer pointers. CommandDispatch will marshal the + // response parameters starting at the address in command.responseBuffer. +//*response = MemoryGetResponseBuffer(command.index); + // leave space for the command header + command.responseBuffer = *response + STD_RESPONSE_HEADER; + + // leave space for the parameter size field if needed + if(command.tag == TPM_ST_SESSIONS) + command.responseBuffer += sizeof(UINT32); + if(IsHandleInResponse(command.index)) + command.responseBuffer += sizeof(TPM_HANDLE); + + // CommandDispatcher returns a response handle buffer and a response parameter + // buffer if it succeeds. It will also set the parameterSize field in the + // buffer if the tag is TPM_RC_SESSIONS. + result = CommandDispatcher(&command); + if(result != TPM_RC_SUCCESS) + goto Cleanup; + + // Build the session area at the end of the parameter area. + BuildResponseSession(&command); + +Cleanup: + if(g_clearOrderly == TRUE + && NV_IS_ORDERLY) + { +#if USE_DA_USED + gp.orderlyState = g_daUsed ? SU_DA_USED_VALUE : SU_NONE_VALUE; +#else + gp.orderlyState = SU_NONE_VALUE; +#endif + NV_SYNC_PERSISTENT(orderlyState); + } + // This implementation loads an "evict" object to a transient object slot in + // RAM whenever an "evict" object handle is used in a command so that the + // access to any object is the same. These temporary objects need to be + // cleared from RAM whether the command succeeds or fails. + ObjectCleanupEvict(); + + // The parameters and sessions have been marshaled. Now tack on the header and + // set the sizes + BuildResponseHeader(&command, *response, result); + + // Try to commit all the writes to NV if any NV write happened during this + // command execution. This check should be made for both succeeded and failed + // commands, because a failed one may trigger a NV write in DA logic as well. + // This is the only place in the command execution path that may call the NV + // commit. If the NV commit fails, the TPM should be put in failure mode. + if((g_updateNV != UT_NONE) && !g_inFailureMode) + { + if(g_updateNV == UT_ORDERLY) + NvUpdateIndexOrderlyData(); + if(!NvCommit()) + FAIL(FATAL_ERROR_INTERNAL); + g_updateNV = UT_NONE; + } + pAssert((UINT32)command.parameterSize <= maxResponse); + + // Clear unused bits in response buffer. + MemorySet(*response + *responseSize, 0, maxResponse - *responseSize); + + // as a final act, and not before, update the response size. + *responseSize = (UINT32)command.parameterSize; + + return; +} \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/main/SessionProcess.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/main/SessionProcess.c new file mode 100644 index 000000000..bd7f89f1e --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/main/SessionProcess.c @@ -0,0 +1,2242 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +//** Introduction +// This file contains the subsystem that process the authorization sessions +// including implementation of the Dictionary Attack logic. ExecCommand() uses +// ParseSessionBuffer() to process the authorization session area of a command and +// BuildResponseSession() to create the authorization session area of a response. + +//** Includes and Data Definitions + +#define SESSION_PROCESS_C + +#include "Tpm.h" + +// +//** Authorization Support Functions +// + +//*** IsDAExempted() +// This function indicates if a handle is exempted from DA logic. +// A handle is exempted if it is +// 1. a primary seed handle, +// 2. an object with noDA bit SET, +// 3. an NV Index with TPMA_NV_NO_DA bit SET, or +// 4. a PCR handle. +// +// Return Type: BOOL +// TRUE(1) handle is exempted from DA logic +// FALSE(0) handle is not exempted from DA logic +BOOL +IsDAExempted( + TPM_HANDLE handle // IN: entity handle + ) +{ + BOOL result = FALSE; +// + switch(HandleGetType(handle)) + { + case TPM_HT_PERMANENT: + // All permanent handles, other than TPM_RH_LOCKOUT, are exempt from + // DA protection. + result = (handle != TPM_RH_LOCKOUT); + break; + // When this function is called, a persistent object will have been loaded + // into an object slot and assigned a transient handle. + case TPM_HT_TRANSIENT: + { + TPMA_OBJECT attributes = ObjectGetPublicAttributes(handle); + result = IS_ATTRIBUTE(attributes, TPMA_OBJECT, noDA); + break; + } + case TPM_HT_NV_INDEX: + { + NV_INDEX *nvIndex = NvGetIndexInfo(handle, NULL); + result = IS_ATTRIBUTE(nvIndex->publicArea.attributes, TPMA_NV, NO_DA); + break; + } + case TPM_HT_PCR: + // PCRs are always exempted from DA. + result = TRUE; + break; + default: + break; + } + return result; +} + +//*** IncrementLockout() +// This function is called after an authorization failure that involves use of +// an authValue. If the entity referenced by the handle is not exempt from DA +// protection, then the failedTries counter will be incremented. +// +// Return Type: TPM_RC +// TPM_RC_AUTH_FAIL authorization failure that caused DA lockout to increment +// TPM_RC_BAD_AUTH authorization failure did not cause DA lockout to +// increment +static TPM_RC +IncrementLockout( + UINT32 sessionIndex + ) +{ + TPM_HANDLE handle = s_associatedHandles[sessionIndex]; + TPM_HANDLE sessionHandle = s_sessionHandles[sessionIndex]; + SESSION *session = NULL; +// + // Don't increment lockout unless the handle associated with the session + // is DA protected or the session is bound to a DA protected entity. + if(sessionHandle == TPM_RS_PW) + { + if(IsDAExempted(handle)) + return TPM_RC_BAD_AUTH; + } + else + { + session = SessionGet(sessionHandle); + // If the session is bound to lockout, then use that as the relevant + // handle. This means that an authorization failure with a bound session + // bound to lockoutAuth will take precedence over any other + // lockout check + if(session->attributes.isLockoutBound == SET) + handle = TPM_RH_LOCKOUT; + if(session->attributes.isDaBound == CLEAR + && (IsDAExempted(handle) || session->attributes.includeAuth == CLEAR)) + // If the handle was changed to TPM_RH_LOCKOUT, this will not return + // TPM_RC_BAD_AUTH + return TPM_RC_BAD_AUTH; + } + if(handle == TPM_RH_LOCKOUT) + { + pAssert(gp.lockOutAuthEnabled == TRUE); + + // lockout is no longer enabled + gp.lockOutAuthEnabled = FALSE; + + // For TPM_RH_LOCKOUT, if lockoutRecovery is 0, no need to update NV since + // the lockout authorization will be reset at startup. + if(gp.lockoutRecovery != 0) + { + if(NV_IS_AVAILABLE) + // Update NV. + NV_SYNC_PERSISTENT(lockOutAuthEnabled); + else + // No NV access for now. Put the TPM in pending mode. + s_DAPendingOnNV = TRUE; + } + } + else + { + if(gp.recoveryTime != 0) + { + gp.failedTries++; + if(NV_IS_AVAILABLE) + // Record changes to NV. NvWrite will SET g_updateNV + NV_SYNC_PERSISTENT(failedTries); + else + // No NV access for now. Put the TPM in pending mode. + s_DAPendingOnNV = TRUE; + } + } + // Register a DA failure and reset the timers. + DARegisterFailure(handle); + + return TPM_RC_AUTH_FAIL; +} + +//*** IsSessionBindEntity() +// This function indicates if the entity associated with the handle is the entity, +// to which this session is bound. The binding would occur by making the "bind" +// parameter in TPM2_StartAuthSession() not equal to TPM_RH_NULL. The binding only +// occurs if the session is an HMAC session. The bind value is a combination of +// the Name and the authValue of the entity. +// +// Return Type: BOOL +// TRUE(1) handle points to the session start entity +// FALSE(0) handle does not point to the session start entity +static BOOL +IsSessionBindEntity( + TPM_HANDLE associatedHandle, // IN: handle to be authorized + SESSION *session // IN: associated session + ) +{ + TPM2B_NAME entity; // The bind value for the entity +// + // If the session is not bound, return FALSE. + if(session->attributes.isBound) + { + // Compute the bind value for the entity. + SessionComputeBoundEntity(associatedHandle, &entity); + + // Compare to the bind value in the session. + return MemoryEqual2B(&entity.b, &session->u1.boundEntity.b); + } + return FALSE; +} + +//*** IsPolicySessionRequired() +// Checks if a policy session is required for a command. If a command requires +// DUP or ADMIN role authorization, then the handle that requires that role is the +// first handle in the command. This simplifies this checking. If a new command +// is created that requires multiple ADMIN role authorizations, then it will +// have to be special-cased in this function. +// A policy session is required if: +// 1. the command requires the DUP role, +// 2. the command requires the ADMIN role and the authorized entity +// is an object and its adminWithPolicy bit is SET, or +// 3. the command requires the ADMIN role and the authorized entity +// is a permanent handle or an NV Index. +// 4. The authorized entity is a PCR belonging to a policy group, and +// has its policy initialized +// Return Type: BOOL +// TRUE(1) policy session is required +// FALSE(0) policy session is not required +static BOOL +IsPolicySessionRequired( + COMMAND_INDEX commandIndex, // IN: command index + UINT32 sessionIndex // IN: session index + ) +{ + AUTH_ROLE role = CommandAuthRole(commandIndex, sessionIndex); + TPM_HT type = HandleGetType(s_associatedHandles[sessionIndex]); +// + if(role == AUTH_DUP) + return TRUE; + if(role == AUTH_ADMIN) + { + // We allow an exception for ADMIN role in a transient object. If the object + // allows ADMIN role actions with authorization, then policy is not + // required. For all other cases, there is no way to override the command + // requirement that a policy be used + if(type == TPM_HT_TRANSIENT) + { + OBJECT *object = HandleToObject(s_associatedHandles[sessionIndex]); + + if(!IS_ATTRIBUTE(object->publicArea.objectAttributes, TPMA_OBJECT, + adminWithPolicy)) + return FALSE; + } + return TRUE; + } + + if(type == TPM_HT_PCR) + { + if(PCRPolicyIsAvailable(s_associatedHandles[sessionIndex])) + { + TPM2B_DIGEST policy; + TPMI_ALG_HASH policyAlg; + policyAlg = PCRGetAuthPolicy(s_associatedHandles[sessionIndex], + &policy); + if(policyAlg != TPM_ALG_NULL) + return TRUE; + } + } + return FALSE; +} + +//*** IsAuthValueAvailable() +// This function indicates if authValue is available and allowed for USER role +// authorization of an entity. +// +// This function is similar to IsAuthPolicyAvailable() except that it does not +// check the size of the authValue as IsAuthPolicyAvailable() does (a null +// authValue is a valid authorization, but a null policy is not a valid policy). +// +// This function does not check that the handle reference is valid or if the entity +// is in an enabled hierarchy. Those checks are assumed to have been performed +// during the handle unmarshaling. +// +// Return Type: BOOL +// TRUE(1) authValue is available +// FALSE(0) authValue is not available +static BOOL +IsAuthValueAvailable( + TPM_HANDLE handle, // IN: handle of entity + COMMAND_INDEX commandIndex, // IN: command index + UINT32 sessionIndex // IN: session index + ) +{ + BOOL result = FALSE; +// + switch(HandleGetType(handle)) + { + case TPM_HT_PERMANENT: + switch(handle) + { + // At this point hierarchy availability has already been + // checked so primary seed handles are always available here + case TPM_RH_OWNER: + case TPM_RH_ENDORSEMENT: + case TPM_RH_PLATFORM: +#ifdef VENDOR_PERMANENT + // This vendor defined handle associated with the + // manufacturer's shared secret + case VENDOR_PERMANENT: +#endif + // The DA checking has been performed on LockoutAuth but we + // bypass the DA logic if we are using lockout policy. The + // policy would allow execution to continue an lockoutAuth + // could be used, even if direct use of lockoutAuth is disabled + case TPM_RH_LOCKOUT: + // NullAuth is always available. + case TPM_RH_NULL: + result = TRUE; + break; + default: + // Otherwise authValue is not available. + break; + } + break; + case TPM_HT_TRANSIENT: + // A persistent object has already been loaded and the internal + // handle changed. + { + OBJECT *object; + TPMA_OBJECT attributes; +// + object = HandleToObject(handle); + attributes = object->publicArea.objectAttributes; + + // authValue is always available for a sequence object. + // An alternative for this is to + // SET_ATTRIBUTE(object->publicArea, TPMA_OBJECT, userWithAuth) when the + // sequence is started. + if(ObjectIsSequence(object)) + { + result = TRUE; + break; + } + // authValue is available for an object if it has its sensitive + // portion loaded and + // 1. userWithAuth bit is SET, or + // 2. ADMIN role is required + if(object->attributes.publicOnly == CLEAR + && (IS_ATTRIBUTE(attributes, TPMA_OBJECT, userWithAuth) + || (CommandAuthRole(commandIndex, sessionIndex) == AUTH_ADMIN + && !IS_ATTRIBUTE(attributes, TPMA_OBJECT, adminWithPolicy)))) + result = TRUE; + } + break; + case TPM_HT_NV_INDEX: + // NV Index. + { + NV_REF locator; + NV_INDEX *nvIndex = NvGetIndexInfo(handle, &locator); + TPMA_NV nvAttributes; +// + pAssert(nvIndex != 0); + + nvAttributes = nvIndex->publicArea.attributes; + + if(IsWriteOperation(commandIndex)) + { + // AuthWrite can't be set for a PIN index + if(IS_ATTRIBUTE(nvAttributes, TPMA_NV, AUTHWRITE)) + result = TRUE; + } + else + { + // A "read" operation + // For a PIN Index, the authValue is available as long as the + // Index has been written and the pinCount is less than pinLimit + if(IsNvPinFailIndex(nvAttributes) + || IsNvPinPassIndex(nvAttributes)) + { + NV_PIN pin; + if(!IS_ATTRIBUTE(nvAttributes, TPMA_NV, WRITTEN)) + break; // return false + // get the index values + pin.intVal = NvGetUINT64Data(nvIndex, locator); + if(pin.pin.pinCount < pin.pin.pinLimit) + result = TRUE; + } + // For non-PIN Indexes, need to allow use of the authValue + else if(IS_ATTRIBUTE(nvAttributes, TPMA_NV, AUTHREAD)) + result = TRUE; + } + } + break; + case TPM_HT_PCR: + // PCR handle. + // authValue is always allowed for PCR + result = TRUE; + break; + default: + // Otherwise, authValue is not available + break; + } + return result; +} + +//*** IsAuthPolicyAvailable() +// This function indicates if an authPolicy is available and allowed. +// +// This function does not check that the handle reference is valid or if the entity +// is in an enabled hierarchy. Those checks are assumed to have been performed +// during the handle unmarshaling. +// +// Return Type: BOOL +// TRUE(1) authPolicy is available +// FALSE(0) authPolicy is not available +static BOOL +IsAuthPolicyAvailable( + TPM_HANDLE handle, // IN: handle of entity + COMMAND_INDEX commandIndex, // IN: command index + UINT32 sessionIndex // IN: session index + ) +{ + BOOL result = FALSE; +// + switch(HandleGetType(handle)) + { + case TPM_HT_PERMANENT: + switch(handle) + { + // At this point hierarchy availability has already been checked. + case TPM_RH_OWNER: + if(gp.ownerPolicy.t.size != 0) + result = TRUE; + break; + case TPM_RH_ENDORSEMENT: + if(gp.endorsementPolicy.t.size != 0) + result = TRUE; + break; + case TPM_RH_PLATFORM: + if(gc.platformPolicy.t.size != 0) + result = TRUE; + break; + case TPM_RH_LOCKOUT: + if(gp.lockoutPolicy.t.size != 0) + result = TRUE; + break; + default: + break; + } + break; + case TPM_HT_TRANSIENT: + { + // Object handle. + // An evict object would already have been loaded and given a + // transient object handle by this point. + OBJECT *object = HandleToObject(handle); + // Policy authorization is not available for an object with only + // public portion loaded. + if(object->attributes.publicOnly == CLEAR) + { + // Policy authorization is always available for an object but + // is never available for a sequence. + if(!ObjectIsSequence(object)) + result = TRUE; + } + break; + } + case TPM_HT_NV_INDEX: + // An NV Index. + { + NV_INDEX *nvIndex = NvGetIndexInfo(handle, NULL); + TPMA_NV nvAttributes = nvIndex->publicArea.attributes; +// + // If the policy size is not zero, check if policy can be used. + if(nvIndex->publicArea.authPolicy.t.size != 0) + { + // If policy session is required for this handle, always + // uses policy regardless of the attributes bit setting + if(IsPolicySessionRequired(commandIndex, sessionIndex)) + result = TRUE; + // Otherwise, the presence of the policy depends on the NV + // attributes. + else if(IsWriteOperation(commandIndex)) + { + if(IS_ATTRIBUTE(nvAttributes, TPMA_NV, POLICYWRITE)) + result = TRUE; + } + else + { + if(IS_ATTRIBUTE(nvAttributes, TPMA_NV, POLICYREAD)) + result = TRUE; + } + } + } + break; + case TPM_HT_PCR: + // PCR handle. + if(PCRPolicyIsAvailable(handle)) + result = TRUE; + break; + default: + break; + } + return result; +} + +//** Session Parsing Functions + +//*** ClearCpRpHashes() +void +ClearCpRpHashes( + COMMAND *command + ) +{ +#if ALG_SHA1 + command->sha1CpHash.t.size = 0; + command->sha1RpHash.t.size = 0; +#endif +#if ALG_SHA256 + command->sha256CpHash.t.size = 0; + command->sha256RpHash.t.size = 0; +#endif +#if ALG_SHA384 + command->sha384CpHash.t.size = 0; + command->sha384RpHash.t.size = 0; +#endif +#if ALG_SHA512 + command->sha512CpHash.t.size = 0; + command->sha512RpHash.t.size = 0; +#endif +#if ALG_SM3_256 + command->sm3_256CpHash.t.size = 0; + command->sm3_256RpHash.t.size = 0; +#endif +} + + +//*** GetCpHashPointer() +// Function to get a pointer to the cpHash of the command +static TPM2B_DIGEST * +GetCpHashPointer( + COMMAND *command, + TPMI_ALG_HASH hashAlg + ) +{ + TPM2B_DIGEST *retVal; +// + switch(hashAlg) + { +#if ALG_SHA1 + case ALG_SHA1_VALUE: + retVal = (TPM2B_DIGEST *)&command->sha1CpHash; + break; +#endif +#if ALG_SHA256 + case ALG_SHA256_VALUE: + retVal = (TPM2B_DIGEST *)&command->sha256CpHash; + break; +#endif +#if ALG_SHA384 + case ALG_SHA384_VALUE: + retVal = (TPM2B_DIGEST *)&command->sha384CpHash; + break; +#endif +#if ALG_SHA512 + case ALG_SHA512_VALUE: + retVal = (TPM2B_DIGEST *)&command->sha512CpHash; + break; +#endif +#if ALG_SM3_256 + case ALG_SM3_256_VALUE: + retVal = (TPM2B_DIGEST *)&command->sm3_256CpHash; + break; +#endif + default: + retVal = NULL; + break; + } + return retVal; +} + +//*** GetRpHashPointer() +// Function to get a pointer to the RpHash of the command +static TPM2B_DIGEST * +GetRpHashPointer( + COMMAND *command, + TPMI_ALG_HASH hashAlg + ) +{ + TPM2B_DIGEST *retVal; +// + switch(hashAlg) + { +#if ALG_SHA1 + case ALG_SHA1_VALUE: + retVal = (TPM2B_DIGEST *)&command->sha1RpHash; + break; +#endif +#if ALG_SHA256 + case ALG_SHA256_VALUE: + retVal = (TPM2B_DIGEST *)&command->sha256RpHash; + break; +#endif +#if ALG_SHA384 + case ALG_SHA384_VALUE: + retVal = (TPM2B_DIGEST *)&command->sha384RpHash; + break; +#endif +#if ALG_SHA512 + case ALG_SHA512_VALUE: + retVal = (TPM2B_DIGEST *)&command->sha512RpHash; + break; +#endif +#if ALG_SM3_256 + case ALG_SM3_256_VALUE: + retVal = (TPM2B_DIGEST *)&command->sm3_256RpHash; + break; +#endif + default: + retVal = NULL; + break; + } + return retVal; +} + + +//*** ComputeCpHash() +// This function computes the cpHash as defined in Part 2 and described in Part 1. +static TPM2B_DIGEST * +ComputeCpHash( + COMMAND *command, // IN: command parsing structure + TPMI_ALG_HASH hashAlg // IN: hash algorithm + ) +{ + UINT32 i; + HASH_STATE hashState; + TPM2B_NAME name; + TPM2B_DIGEST *cpHash; +// + // cpHash = hash(commandCode [ || authName1 + // [ || authName2 + // [ || authName 3 ]]] + // [ || parameters]) + // A cpHash can contain just a commandCode only if the lone session is + // an audit session. + // Get pointer to the hash value + cpHash = GetCpHashPointer(command, hashAlg); + if(cpHash->t.size == 0) + { + cpHash->t.size = CryptHashStart(&hashState, hashAlg); + // Add commandCode. + CryptDigestUpdateInt(&hashState, sizeof(TPM_CC), command->code); + // Add authNames for each of the handles. + for(i = 0; i < command->handleNum; i++) + CryptDigestUpdate2B(&hashState, &EntityGetName(command->handles[i], + &name)->b); + // Add the parameters. + CryptDigestUpdate(&hashState, command->parameterSize, + command->parameterBuffer); + // Complete the hash. + CryptHashEnd2B(&hashState, &cpHash->b); + } + return cpHash; +} + +//*** GetCpHash() +// This function is used to access a precomputed cpHash. +static TPM2B_DIGEST * +GetCpHash( + COMMAND *command, + TPMI_ALG_HASH hashAlg + ) +{ + TPM2B_DIGEST *cpHash = GetCpHashPointer(command, hashAlg); + // + pAssert(cpHash->t.size != 0); + return cpHash; +} + +//*** CompareTemplateHash() +// This function computes the template hash and compares it to the session +// templateHash. It is the hash of the second parameter +// assuming that the command is TPM2_Create(), TPM2_CreatePrimary(), or +// TPM2_CreateLoaded() +// Return Type: BOOL +// TRUE(1) template hash equal to session->templateHash +// FALSE(0) template hash not equal to session->templateHash +static BOOL +CompareTemplateHash( + COMMAND *command, // IN: parsing structure + SESSION *session // IN: session data + ) +{ + BYTE *pBuffer = command->parameterBuffer; + INT32 pSize = command->parameterSize; + TPM2B_DIGEST tHash; + UINT16 size; +// + // Only try this for the three commands for which it is intended + if(command->code != TPM_CC_Create + && command->code != TPM_CC_CreatePrimary +#if CC_CreateLoaded + && command->code != TPM_CC_CreateLoaded +#endif + ) + return FALSE; + // Assume that the first parameter is a TPM2B and unmarshal the size field + // Note: this will not affect the parameter buffer and size in the calling + // function. + if(UINT16_Unmarshal(&size, &pBuffer, &pSize) != TPM_RC_SUCCESS) + return FALSE; + // reduce the space in the buffer. + // NOTE: this could make pSize go negative if the parameters are not correct but + // the unmarshaling code does not try to unmarshal if the remaining size is + // negative. + pSize -= size; + + // Advance the pointer + pBuffer += size; + + // Get the size of what should be the template + if(UINT16_Unmarshal(&size, &pBuffer, &pSize) != TPM_RC_SUCCESS) + return FALSE; + // See if this is reasonable + if(size > pSize) + return FALSE; + // Hash the template data + tHash.t.size = CryptHashBlock(session->authHashAlg, size, pBuffer, + sizeof(tHash.t.buffer), tHash.t.buffer); + return(MemoryEqual2B(&session->u1.templateHash.b, &tHash.b)); +} + +//*** CompareNameHash() +// This function computes the name hash and compares it to the nameHash in the +// session data. +BOOL +CompareNameHash( + COMMAND *command, // IN: main parsing structure + SESSION *session // IN: session structure with nameHash + ) +{ + HASH_STATE hashState; + TPM2B_DIGEST nameHash; + UINT32 i; + TPM2B_NAME name; +// + nameHash.t.size = CryptHashStart(&hashState, session->authHashAlg); + // Add names. + for(i = 0; i < command->handleNum; i++) + CryptDigestUpdate2B(&hashState, &EntityGetName(command->handles[i], + &name)->b); + // Complete hash. + CryptHashEnd2B(&hashState, &nameHash.b); + // and compare + return MemoryEqual(session->u1.nameHash.t.buffer, nameHash.t.buffer, + nameHash.t.size); +} + +//*** CheckPWAuthSession() +// This function validates the authorization provided in a PWAP session. It +// compares the input value to authValue of the authorized entity. Argument +// sessionIndex is used to get handles handle of the referenced entities from +// s_inputAuthValues[] and s_associatedHandles[]. +// +// Return Type: TPM_RC +// TPM_RC_AUTH_FAIL authorization fails and increments DA failure +// count +// TPM_RC_BAD_AUTH authorization fails but DA does not apply +// +static TPM_RC +CheckPWAuthSession( + UINT32 sessionIndex // IN: index of session to be processed + ) +{ + TPM2B_AUTH authValue; + TPM_HANDLE associatedHandle = s_associatedHandles[sessionIndex]; +// + // Strip trailing zeros from the password. + MemoryRemoveTrailingZeros(&s_inputAuthValues[sessionIndex]); + + // Get the authValue with trailing zeros removed + EntityGetAuthValue(associatedHandle, &authValue); + + // Success if the values are identical. + if(MemoryEqual2B(&s_inputAuthValues[sessionIndex].b, &authValue.b)) + { + return TPM_RC_SUCCESS; + } + else // if the digests are not identical + { + // Invoke DA protection if applicable. + return IncrementLockout(sessionIndex); + } +} + +//*** ComputeCommandHMAC() +// This function computes the HMAC for an authorization session in a command. +/*(See part 1 specification -- this tag keeps this comment from showing up in +// merged document which is probably good because this comment doesn't look right. +// The sessionAuth value +// authHMAC := HMACsHash((sessionKey | authValue), +// (pHash | nonceNewer | nonceOlder | nonceTPMencrypt-only +// | nonceTPMaudit | sessionAttributes)) +// Where: +// HMACsHash() The HMAC algorithm using the hash algorithm specified +// when the session was started. +// +// sessionKey A value that is computed in a protocol-dependent way, +// using KDFa. When used in an HMAC or KDF, the size field +// for this value is not included. +// +// authValue A value that is found in the sensitive area of an entity. +// When used in an HMAC or KDF, the size field for this +// value is not included. +// +// pHash Hash of the command (cpHash) using the session hash. +// When using a pHash in an HMAC computation, only the +// digest is used. +// +// nonceNewer A value that is generated by the entity using the +// session. A new nonce is generated on each use of the +// session. For a command, this will be nonceCaller. +// When used in an HMAC or KDF, the size field is not used. +// +// nonceOlder A TPM2B_NONCE that was received the previous time the +// session was used. For a command, this is nonceTPM. +// When used in an HMAC or KDF, the size field is not used. +// +// nonceTPMdecrypt The nonceTPM of the decrypt session is included in +// the HMAC, but only in the command. +// +// nonceTPMencrypt The nonceTPM of the encrypt session is included in +// the HMAC but only in the command. +// +// sessionAttributes A byte indicating the attributes associated with the +// particular use of the session. +*/ +static TPM2B_DIGEST * +ComputeCommandHMAC( + COMMAND *command, // IN: primary control structure + UINT32 sessionIndex, // IN: index of session to be processed + TPM2B_DIGEST *hmac // OUT: authorization HMAC + ) +{ + TPM2B_TYPE(KEY, (sizeof(AUTH_VALUE) * 2)); + TPM2B_KEY key; + BYTE marshalBuffer[sizeof(TPMA_SESSION)]; + BYTE *buffer; + UINT32 marshalSize; + HMAC_STATE hmacState; + TPM2B_NONCE *nonceDecrypt; + TPM2B_NONCE *nonceEncrypt; + SESSION *session; +// + nonceDecrypt = NULL; + nonceEncrypt = NULL; + + // Determine if extra nonceTPM values are going to be required. + // If this is the first session (sessionIndex = 0) and it is an authorization + // session that uses an HMAC, then check if additional session nonces are to be + // included. + if(sessionIndex == 0 + && s_associatedHandles[sessionIndex] != TPM_RH_UNASSIGNED) + { + // If there is a decrypt session and if this is not the decrypt session, + // then an extra nonce may be needed. + if(s_decryptSessionIndex != UNDEFINED_INDEX + && s_decryptSessionIndex != sessionIndex) + { + // Will add the nonce for the decrypt session. + SESSION *decryptSession + = SessionGet(s_sessionHandles[s_decryptSessionIndex]); + nonceDecrypt = &decryptSession->nonceTPM; + } + // Now repeat for the encrypt session. + if(s_encryptSessionIndex != UNDEFINED_INDEX + && s_encryptSessionIndex != sessionIndex + && s_encryptSessionIndex != s_decryptSessionIndex) + { + // Have to have the nonce for the encrypt session. + SESSION *encryptSession + = SessionGet(s_sessionHandles[s_encryptSessionIndex]); + nonceEncrypt = &encryptSession->nonceTPM; + } + } + + // Continue with the HMAC processing. + session = SessionGet(s_sessionHandles[sessionIndex]); + + // Generate HMAC key. + MemoryCopy2B(&key.b, &session->sessionKey.b, sizeof(key.t.buffer)); + + // Check if the session has an associated handle and if the associated entity + // is the one to which the session is bound. If not, add the authValue of + // this entity to the HMAC key. + // If the session is bound to the object or the session is a policy session + // with no authValue required, do not include the authValue in the HMAC key. + // Note: For a policy session, its isBound attribute is CLEARED. + // + // Include the entity authValue if it is needed + if(session->attributes.includeAuth == SET) + { + TPM2B_AUTH authValue; + // Get the entity authValue with trailing zeros removed + EntityGetAuthValue(s_associatedHandles[sessionIndex], &authValue); + // add the authValue to the HMAC key + MemoryConcat2B(&key.b, &authValue.b, sizeof(key.t.buffer)); + } + // if the HMAC key size is 0, a NULL string HMAC is allowed + if(key.t.size == 0 + && s_inputAuthValues[sessionIndex].t.size == 0) + { + hmac->t.size = 0; + return hmac; + } + // Start HMAC + hmac->t.size = CryptHmacStart2B(&hmacState, session->authHashAlg, &key.b); + + // Add cpHash + CryptDigestUpdate2B(&hmacState.hashState, + &ComputeCpHash(command, session->authHashAlg)->b); + // Add nonces as required + CryptDigestUpdate2B(&hmacState.hashState, &s_nonceCaller[sessionIndex].b); + CryptDigestUpdate2B(&hmacState.hashState, &session->nonceTPM.b); + if(nonceDecrypt != NULL) + CryptDigestUpdate2B(&hmacState.hashState, &nonceDecrypt->b); + if(nonceEncrypt != NULL) + CryptDigestUpdate2B(&hmacState.hashState, &nonceEncrypt->b); + // Add sessionAttributes + buffer = marshalBuffer; + marshalSize = TPMA_SESSION_Marshal(&(s_attributes[sessionIndex]), + &buffer, NULL); + CryptDigestUpdate(&hmacState.hashState, marshalSize, marshalBuffer); + // Complete the HMAC computation + CryptHmacEnd2B(&hmacState, &hmac->b); + + return hmac; +} + +//*** CheckSessionHMAC() +// This function checks the HMAC of in a session. It uses ComputeCommandHMAC() +// to compute the expected HMAC value and then compares the result with the +// HMAC in the authorization session. The authorization is successful if they +// are the same. +// +// If the authorizations are not the same, IncrementLockout() is called. It will +// return TPM_RC_AUTH_FAIL if the failure caused the failureCount to increment. +// Otherwise, it will return TPM_RC_BAD_AUTH. +// +// Return Type: TPM_RC +// TPM_RC_AUTH_FAIL authorization failure caused failureCount increment +// TPM_RC_BAD_AUTH authorization failure did not cause failureCount +// increment +// +static TPM_RC +CheckSessionHMAC( + COMMAND *command, // IN: primary control structure + UINT32 sessionIndex // IN: index of session to be processed + ) +{ + TPM2B_DIGEST hmac; // authHMAC for comparing +// + // Compute authHMAC + ComputeCommandHMAC(command, sessionIndex, &hmac); + + // Compare the input HMAC with the authHMAC computed above. + if(!MemoryEqual2B(&s_inputAuthValues[sessionIndex].b, &hmac.b)) + { + // If an HMAC session has a failure, invoke the anti-hammering + // if it applies to the authorized entity or the session. + // Otherwise, just indicate that the authorization is bad. + return IncrementLockout(sessionIndex); + } + return TPM_RC_SUCCESS; +} + +//*** CheckPolicyAuthSession() +// This function is used to validate the authorization in a policy session. +// This function performs the following comparisons to see if a policy +// authorization is properly provided. The check are: +// 1. compare policyDigest in session with authPolicy associated with +// the entity to be authorized; +// 2. compare timeout if applicable; +// 3. compare commandCode if applicable; +// 4. compare cpHash if applicable; and +// 5. see if PCR values have changed since computed. +// +// If all the above checks succeed, the handle is authorized. +// The order of these comparisons is not important because any failure will +// result in the same error code. +// +// Return Type: TPM_RC +// TPM_RC_PCR_CHANGED PCR value is not current +// TPM_RC_POLICY_FAIL policy session fails +// TPM_RC_LOCALITY command locality is not allowed +// TPM_RC_POLICY_CC CC doesn't match +// TPM_RC_EXPIRED policy session has expired +// TPM_RC_PP PP is required but not asserted +// TPM_RC_NV_UNAVAILABLE NV is not available for write +// TPM_RC_NV_RATE NV is rate limiting +static TPM_RC +CheckPolicyAuthSession( + COMMAND *command, // IN: primary parsing structure + UINT32 sessionIndex // IN: index of session to be processed + ) +{ + SESSION *session; + TPM2B_DIGEST authPolicy; + TPMI_ALG_HASH policyAlg; + UINT8 locality; +// + // Initialize pointer to the authorization session. + session = SessionGet(s_sessionHandles[sessionIndex]); + + // If the command is TPM2_PolicySecret(), make sure that + // either password or authValue is required + if(command->code == TPM_CC_PolicySecret + && session->attributes.isPasswordNeeded == CLEAR + && session->attributes.isAuthValueNeeded == CLEAR) + return TPM_RC_MODE; + // See if the PCR counter for the session is still valid. + if(!SessionPCRValueIsCurrent(session)) + return TPM_RC_PCR_CHANGED; + // Get authPolicy. + policyAlg = EntityGetAuthPolicy(s_associatedHandles[sessionIndex], + &authPolicy); + // Compare authPolicy. + if(!MemoryEqual2B(&session->u2.policyDigest.b, &authPolicy.b)) + return TPM_RC_POLICY_FAIL; + // Policy is OK so check if the other factors are correct + + // Compare policy hash algorithm. + if(policyAlg != session->authHashAlg) + return TPM_RC_POLICY_FAIL; + + // Compare timeout. + if(session->timeout != 0) + { + // Cannot compare time if clock stop advancing. An TPM_RC_NV_UNAVAILABLE + // or TPM_RC_NV_RATE error may be returned here. This doesn't mean that + // a new nonce will be created just that, because TPM time can't advance + // we can't do time-based operations. + RETURN_IF_NV_IS_NOT_AVAILABLE; + + if((session->timeout < g_time) + || (session->epoch != g_timeEpoch)) + return TPM_RC_EXPIRED; + } + // If command code is provided it must match + if(session->commandCode != 0) + { + if(session->commandCode != command->code) + return TPM_RC_POLICY_CC; + } + else + { + // If command requires a DUP or ADMIN authorization, the session must have + // command code set. + AUTH_ROLE role = CommandAuthRole(command->index, sessionIndex); + if(role == AUTH_ADMIN || role == AUTH_DUP) + return TPM_RC_POLICY_FAIL; + } + // Check command locality. + { + BYTE sessionLocality[sizeof(TPMA_LOCALITY)]; + BYTE *buffer = sessionLocality; + + // Get existing locality setting in canonical form + sessionLocality[0] = 0; + TPMA_LOCALITY_Marshal(&session->commandLocality, &buffer, NULL); + + // See if the locality has been set + if(sessionLocality[0] != 0) + { + // If so, get the current locality + locality = _plat__LocalityGet(); + if(locality < 5) + { + if(((sessionLocality[0] & (1 << locality)) == 0) + || sessionLocality[0] > 31) + return TPM_RC_LOCALITY; + } + else if(locality > 31) + { + if(sessionLocality[0] != locality) + return TPM_RC_LOCALITY; + } + else + { + // Could throw an assert here but a locality error is just + // as good. It just means that, whatever the locality is, it isn't + // the locality requested so... + return TPM_RC_LOCALITY; + } + } + } // end of locality check + // Check physical presence. + if(session->attributes.isPPRequired == SET + && !_plat__PhysicalPresenceAsserted()) + return TPM_RC_PP; + // Compare cpHash/nameHash if defined, or if the command requires an ADMIN or + // DUP role for this handle. + if(session->u1.cpHash.b.size != 0) + { + BOOL OK; + if(session->attributes.isCpHashDefined) + // Compare cpHash. + OK = MemoryEqual2B(&session->u1.cpHash.b, + &ComputeCpHash(command, session->authHashAlg)->b); + else if(session->attributes.isTemplateSet) + OK = CompareTemplateHash(command, session); + else + OK = CompareNameHash(command, session); + if(!OK) + return TPM_RCS_POLICY_FAIL; + } + if(session->attributes.checkNvWritten) + { + NV_REF locator; + NV_INDEX *nvIndex; +// + // If this is not an NV index, the policy makes no sense so fail it. + if(HandleGetType(s_associatedHandles[sessionIndex]) != TPM_HT_NV_INDEX) + return TPM_RC_POLICY_FAIL; + // Get the index data + nvIndex = NvGetIndexInfo(s_associatedHandles[sessionIndex], &locator); + + // Make sure that the TPMA_WRITTEN_ATTRIBUTE has the desired state + if((IS_ATTRIBUTE(nvIndex->publicArea.attributes, TPMA_NV, WRITTEN)) + != (session->attributes.nvWrittenState == SET)) + return TPM_RC_POLICY_FAIL; + } + return TPM_RC_SUCCESS; +} + +//*** RetrieveSessionData() +// This function will unmarshal the sessions in the session area of a command. The +// values are placed in the arrays that are defined at the beginning of this file. +// The normal unmarshaling errors are possible. +// +// Return Type: TPM_RC +// TPM_RC_SUCCSS unmarshaled without error +// TPM_RC_SIZE the number of bytes unmarshaled is not the same +// as the value for authorizationSize in the command +// +static TPM_RC +RetrieveSessionData( + COMMAND *command // IN: main parsing structure for command + ) +{ + int i; + TPM_RC result; + SESSION *session; + TPMA_SESSION sessionAttributes; + TPM_HT sessionType; + INT32 sessionIndex; + TPM_RC errorIndex; +// + s_decryptSessionIndex = UNDEFINED_INDEX; + s_encryptSessionIndex = UNDEFINED_INDEX; + s_auditSessionIndex = UNDEFINED_INDEX; + + for(sessionIndex = 0; command->authSize > 0; sessionIndex++) + { + errorIndex = TPM_RC_S + g_rcIndex[sessionIndex]; + + // If maximum allowed number of sessions has been parsed, return a size + // error with a session number that is larger than the number of allowed + // sessions + if(sessionIndex == MAX_SESSION_NUM) + return TPM_RCS_SIZE + errorIndex; + // make sure that the associated handle for each session starts out + // unassigned + s_associatedHandles[sessionIndex] = TPM_RH_UNASSIGNED; + + // First parameter: Session handle. + result = TPMI_SH_AUTH_SESSION_Unmarshal( + &s_sessionHandles[sessionIndex], + &command->parameterBuffer, + &command->authSize, TRUE); + if(result != TPM_RC_SUCCESS) + return result + TPM_RC_S + g_rcIndex[sessionIndex]; + // Second parameter: Nonce. + result = TPM2B_NONCE_Unmarshal(&s_nonceCaller[sessionIndex], + &command->parameterBuffer, + &command->authSize); + if(result != TPM_RC_SUCCESS) + return result + TPM_RC_S + g_rcIndex[sessionIndex]; + // Third parameter: sessionAttributes. + result = TPMA_SESSION_Unmarshal(&s_attributes[sessionIndex], + &command->parameterBuffer, + &command->authSize); + if(result != TPM_RC_SUCCESS) + return result + TPM_RC_S + g_rcIndex[sessionIndex]; + // Fourth parameter: authValue (PW or HMAC). + result = TPM2B_AUTH_Unmarshal(&s_inputAuthValues[sessionIndex], + &command->parameterBuffer, + &command->authSize); + if(result != TPM_RC_SUCCESS) + return result + errorIndex; + + sessionAttributes = s_attributes[sessionIndex]; + if(s_sessionHandles[sessionIndex] == TPM_RS_PW) + { + // A PWAP session needs additional processing. + // Can't have any attributes set other than continueSession bit + if(IS_ATTRIBUTE(sessionAttributes, TPMA_SESSION, encrypt) + || IS_ATTRIBUTE(sessionAttributes, TPMA_SESSION, decrypt) + || IS_ATTRIBUTE(sessionAttributes, TPMA_SESSION, audit) + || IS_ATTRIBUTE(sessionAttributes, TPMA_SESSION, auditExclusive) + || IS_ATTRIBUTE(sessionAttributes, TPMA_SESSION, auditReset)) + return TPM_RCS_ATTRIBUTES + errorIndex; + // The nonce size must be zero. + if(s_nonceCaller[sessionIndex].t.size != 0) + return TPM_RCS_NONCE + errorIndex; + continue; + } + // For not password sessions... + // Find out if the session is loaded. + if(!SessionIsLoaded(s_sessionHandles[sessionIndex])) + return TPM_RC_REFERENCE_S0 + sessionIndex; + sessionType = HandleGetType(s_sessionHandles[sessionIndex]); + session = SessionGet(s_sessionHandles[sessionIndex]); + + // Check if the session is an HMAC/policy session. + if((session->attributes.isPolicy == SET + && sessionType == TPM_HT_HMAC_SESSION) + || (session->attributes.isPolicy == CLEAR + && sessionType == TPM_HT_POLICY_SESSION)) + return TPM_RCS_HANDLE + errorIndex; + // Check that this handle has not previously been used. + for(i = 0; i < sessionIndex; i++) + { + if(s_sessionHandles[i] == s_sessionHandles[sessionIndex]) + return TPM_RCS_HANDLE + errorIndex; + } + // If the session is used for parameter encryption or audit as well, set + // the corresponding Indexes. + + // First process decrypt. + if(IS_ATTRIBUTE(sessionAttributes, TPMA_SESSION, decrypt)) + { + // Check if the commandCode allows command parameter encryption. + if(DecryptSize(command->index) == 0) + return TPM_RCS_ATTRIBUTES + errorIndex; + // Encrypt attribute can only appear in one session + if(s_decryptSessionIndex != UNDEFINED_INDEX) + return TPM_RCS_ATTRIBUTES + errorIndex; + // Can't decrypt if the session's symmetric algorithm is TPM_ALG_NULL + if(session->symmetric.algorithm == TPM_ALG_NULL) + return TPM_RCS_SYMMETRIC + errorIndex; + // All checks passed, so set the index for the session used to decrypt + // a command parameter. + s_decryptSessionIndex = sessionIndex; + } + // Now process encrypt. + if(IS_ATTRIBUTE(sessionAttributes, TPMA_SESSION, encrypt)) + { + // Check if the commandCode allows response parameter encryption. + if(EncryptSize(command->index) == 0) + return TPM_RCS_ATTRIBUTES + errorIndex; + // Encrypt attribute can only appear in one session. + if(s_encryptSessionIndex != UNDEFINED_INDEX) + return TPM_RCS_ATTRIBUTES + errorIndex; + // Can't encrypt if the session's symmetric algorithm is TPM_ALG_NULL + if(session->symmetric.algorithm == TPM_ALG_NULL) + return TPM_RCS_SYMMETRIC + errorIndex; + // All checks passed, so set the index for the session used to encrypt + // a response parameter. + s_encryptSessionIndex = sessionIndex; + } + // At last process audit. + if(IS_ATTRIBUTE(sessionAttributes, TPMA_SESSION, audit)) + { + // Audit attribute can only appear in one session. + if(s_auditSessionIndex != UNDEFINED_INDEX) + return TPM_RCS_ATTRIBUTES + errorIndex; + // An audit session can not be policy session. + if(HandleGetType(s_sessionHandles[sessionIndex]) + == TPM_HT_POLICY_SESSION) + return TPM_RCS_ATTRIBUTES + errorIndex; + // If this is a reset of the audit session, or the first use + // of the session as an audit session, it doesn't matter what + // the exclusive state is. The session will become exclusive. + if(!IS_ATTRIBUTE(sessionAttributes, TPMA_SESSION, auditReset) + && session->attributes.isAudit == SET) + { + // Not first use or reset. If auditExlusive is SET, then this + // session must be the current exclusive session. + if(IS_ATTRIBUTE(sessionAttributes, TPMA_SESSION, auditExclusive) + && g_exclusiveAuditSession != s_sessionHandles[sessionIndex]) + return TPM_RC_EXCLUSIVE; + } + s_auditSessionIndex = sessionIndex; + } + // Initialize associated handle as undefined. This will be changed when + // the handles are processed. + s_associatedHandles[sessionIndex] = TPM_RH_UNASSIGNED; + } + command->sessionNum = sessionIndex; + return TPM_RC_SUCCESS; +} + +//*** CheckLockedOut() +// This function checks to see if the TPM is in lockout. This function should only +// be called if the entity being checked is subject to DA protection. The TPM +// is in lockout if the NV is not available and a DA write is pending. Otherwise +// the TPM is locked out if checking for lockoutAuth ('lockoutAuthCheck' == TRUE) +// and use of lockoutAuth is disabled, or 'failedTries' >= 'maxTries' +// Return Type: TPM_RC +// TPM_RC_NV_RATE NV is rate limiting +// TPM_RC_NV_UNAVAILABLE NV is not available at this time +// TPM_RC_LOCKOUT TPM is in lockout +static TPM_RC +CheckLockedOut( + BOOL lockoutAuthCheck // IN: TRUE if checking is for lockoutAuth + ) +{ + // If NV is unavailable, and current cycle state recorded in NV is not + // SU_NONE_VALUE, refuse to check any authorization because we would + // not be able to handle a DA failure. + if(!NV_IS_AVAILABLE && NV_IS_ORDERLY) + return g_NvStatus; + // Check if DA info needs to be updated in NV. + if(s_DAPendingOnNV) + { + // If NV is accessible, + RETURN_IF_NV_IS_NOT_AVAILABLE; + + // ... write the pending DA data and proceed. + NV_SYNC_PERSISTENT(lockOutAuthEnabled); + NV_SYNC_PERSISTENT(failedTries); + s_DAPendingOnNV = FALSE; + } + // Lockout is in effect if checking for lockoutAuth and use of lockoutAuth + // is disabled... + if(lockoutAuthCheck) + { + if(gp.lockOutAuthEnabled == FALSE) + return TPM_RC_LOCKOUT; + } + else + { + // ... or if the number of failed tries has been maxed out. + if(gp.failedTries >= gp.maxTries) + return TPM_RC_LOCKOUT; +#if USE_DA_USED + // If the daUsed flag is not SET, then no DA validation until the + // daUsed state is written to NV + if(!g_daUsed) + { + RETURN_IF_NV_IS_NOT_AVAILABLE; + g_daUsed = TRUE; + gp.orderlyState = SU_DA_USED_VALUE; + NV_SYNC_PERSISTENT(orderlyState); + return TPM_RC_RETRY; + } +#endif + } + return TPM_RC_SUCCESS; +} + +//*** CheckAuthSession() +// This function checks that the authorization session properly authorizes the +// use of the associated handle. +// +// Return Type: TPM_RC +// TPM_RC_LOCKOUT entity is protected by DA and TPM is in +// lockout, or TPM is locked out on NV update +// pending on DA parameters +// +// TPM_RC_PP Physical Presence is required but not provided +// TPM_RC_AUTH_FAIL HMAC or PW authorization failed +// with DA side-effects (can be a policy session) +// +// TPM_RC_BAD_AUTH HMAC or PW authorization failed without DA +// side-effects (can be a policy session) +// +// TPM_RC_POLICY_FAIL if policy session fails +// TPM_RC_POLICY_CC command code of policy was wrong +// TPM_RC_EXPIRED the policy session has expired +// TPM_RC_PCR +// TPM_RC_AUTH_UNAVAILABLE authValue or authPolicy unavailable +static TPM_RC +CheckAuthSession( + COMMAND *command, // IN: primary parsing structure + UINT32 sessionIndex // IN: index of session to be processed + ) +{ + TPM_RC result = TPM_RC_SUCCESS; + SESSION *session = NULL; + TPM_HANDLE sessionHandle = s_sessionHandles[sessionIndex]; + TPM_HANDLE associatedHandle = s_associatedHandles[sessionIndex]; + TPM_HT sessionHandleType = HandleGetType(sessionHandle); +// + pAssert(sessionHandle != TPM_RH_UNASSIGNED); + + // Take care of physical presence + if(associatedHandle == TPM_RH_PLATFORM) + { + // If the physical presence is required for this command, check for PP + // assertion. If it isn't asserted, no point going any further. + if(PhysicalPresenceIsRequired(command->index) + && !_plat__PhysicalPresenceAsserted()) + return TPM_RC_PP; + } + if(sessionHandle != TPM_RS_PW) + { + session = SessionGet(sessionHandle); + + // Set includeAuth to indicate if DA checking will be required and if the + // authValue will be included in any HMAC. + if(sessionHandleType == TPM_HT_POLICY_SESSION) + { + // For a policy session, will check the DA status of the entity if either + // isAuthValueNeeded or isPasswordNeeded is SET. + session->attributes.includeAuth = + session->attributes.isAuthValueNeeded + || session->attributes.isPasswordNeeded; + } + else + { + // For an HMAC session, need to check unless the session + // is bound. + session->attributes.includeAuth = + !IsSessionBindEntity(s_associatedHandles[sessionIndex], session); + } + } + // If the authorization session is going to use an authValue, then make sure + // that access to that authValue isn't locked out. + // Note: session == NULL for a PW session. + if(session == NULL || session->attributes.includeAuth) + { + // See if entity is subject to lockout. + if(!IsDAExempted(associatedHandle)) + { + // See if in lockout + result = CheckLockedOut(associatedHandle == TPM_RH_LOCKOUT); + if(result != TPM_RC_SUCCESS) + return result; + } + } + // Policy or HMAC+PW? + if(sessionHandleType != TPM_HT_POLICY_SESSION) + { + // for non-policy session make sure that a policy session is not required + if(IsPolicySessionRequired(command->index, sessionIndex)) + return TPM_RC_AUTH_TYPE; + // The authValue must be available. + // Note: The authValue is going to be "used" even if it is an EmptyAuth. + // and the session is bound. + if(!IsAuthValueAvailable(associatedHandle, command->index, sessionIndex)) + return TPM_RC_AUTH_UNAVAILABLE; + } + else + { + // ... see if the entity has a policy, ... + // Note: IsAuthPolicyAvalable will return FALSE if the sensitive area of the + // object is not loaded + if(!IsAuthPolicyAvailable(associatedHandle, command->index, sessionIndex)) + return TPM_RC_AUTH_UNAVAILABLE; + // ... and check the policy session. + result = CheckPolicyAuthSession(command, sessionIndex); + if(result != TPM_RC_SUCCESS) + return result; + } + // Check authorization according to the type + if(session == NULL || session->attributes.isPasswordNeeded == SET) + result = CheckPWAuthSession(sessionIndex); + else + result = CheckSessionHMAC(command, sessionIndex); + // Do processing for PIN Indexes are only three possibilities for 'result' at + // this point: TPM_RC_SUCCESS, TPM_RC_AUTH_FAIL, and TPM_RC_BAD_AUTH. + // For all these cases, we would have to process a PIN index if the + // authValue of the index was used for authorization. + // See if we need to do anything to a PIN index + if(TPM_HT_NV_INDEX == HandleGetType(associatedHandle)) + { + NV_REF locator; + NV_INDEX *nvIndex = NvGetIndexInfo(associatedHandle, &locator); + NV_PIN pinData; + TPMA_NV nvAttributes; +// + pAssert(nvIndex != NULL); + nvAttributes = nvIndex->publicArea.attributes; + // If this is a PIN FAIL index and the value has been written + // then we can update the counter (increment or clear) + if(IsNvPinFailIndex(nvAttributes) + && IS_ATTRIBUTE(nvAttributes, TPMA_NV, WRITTEN)) + { + pinData.intVal = NvGetUINT64Data(nvIndex, locator); + if(result != TPM_RC_SUCCESS) + pinData.pin.pinCount++; + else + pinData.pin.pinCount = 0; + NvWriteUINT64Data(nvIndex, pinData.intVal); + } + // If this is a PIN PASS Index, increment if we have used the + // authorization value for anything other than NV_Read. + // NOTE: If the counter has already hit the limit, then we + // would not get here because the authorization value would not + // be available and the TPM would have returned before it gets here + else if(IsNvPinPassIndex(nvAttributes) + && IS_ATTRIBUTE(nvAttributes, TPMA_NV, WRITTEN) + && result == TPM_RC_SUCCESS) + { + // If the access is valid, then increment the use counter + pinData.intVal = NvGetUINT64Data(nvIndex, locator); + pinData.pin.pinCount++; + NvWriteUINT64Data(nvIndex, pinData.intVal); + } + } + return result; +} + +#ifdef TPM_CC_GetCommandAuditDigest +//*** CheckCommandAudit() +// This function is called before the command is processed if audit is enabled +// for the command. It will check to see if the audit can be performed and +// will ensure that the cpHash is available for the audit. +// Return Type: TPM_RC +// TPM_RC_NV_UNAVAILABLE NV is not available for write +// TPM_RC_NV_RATE NV is rate limiting +static TPM_RC +CheckCommandAudit( + COMMAND *command + ) +{ + // If the audit digest is clear and command audit is required, NV must be + // available so that TPM2_GetCommandAuditDigest() is able to increment + // audit counter. If NV is not available, the function bails out to prevent + // the TPM from attempting an operation that would fail anyway. + if(gr.commandAuditDigest.t.size == 0 + || GetCommandCode(command->index) == TPM_CC_GetCommandAuditDigest) + { + RETURN_IF_NV_IS_NOT_AVAILABLE; + } + // Make sure that the cpHash is computed for the algorithm + ComputeCpHash(command, gp.auditHashAlg); + return TPM_RC_SUCCESS; +} +#endif + +//*** ParseSessionBuffer() +// This function is the entry function for command session processing. +// It iterates sessions in session area and reports if the required authorization +// has been properly provided. It also processes audit session and passes the +// information of encryption sessions to parameter encryption module. +// +// Return Type: TPM_RC +// various parsing failure or authorization failure +// +TPM_RC +ParseSessionBuffer( + COMMAND *command // IN: the structure that contains + ) +{ + TPM_RC result; + UINT32 i; + INT32 size = 0; + TPM2B_AUTH extraKey; + UINT32 sessionIndex; + TPM_RC errorIndex; + SESSION *session = NULL; +// + // Check if a command allows any session in its session area. + if(!IsSessionAllowed(command->index)) + return TPM_RC_AUTH_CONTEXT; + // Default-initialization. + command->sessionNum = 0; + + result = RetrieveSessionData(command); + if(result != TPM_RC_SUCCESS) + return result; + // There is no command in the TPM spec that has more handles than + // MAX_SESSION_NUM. + pAssert(command->handleNum <= MAX_SESSION_NUM); + + // Associate the session with an authorization handle. + for(i = 0; i < command->handleNum; i++) + { + if(CommandAuthRole(command->index, i) != AUTH_NONE) + { + // If the received session number is less than the number of handles + // that requires authorization, an error should be returned. + // Note: for all the TPM 2.0 commands, handles requiring + // authorization come first in a command input and there are only ever + // two values requiring authorization + if(i > (command->sessionNum - 1)) + return TPM_RC_AUTH_MISSING; + // Record the handle associated with the authorization session + s_associatedHandles[i] = command->handles[i]; + } + } + // Consistency checks are done first to avoid authorization failure when the + // command will not be executed anyway. + for(sessionIndex = 0; sessionIndex < command->sessionNum; sessionIndex++) + { + errorIndex = TPM_RC_S + g_rcIndex[sessionIndex]; + // PW session must be an authorization session + if(s_sessionHandles[sessionIndex] == TPM_RS_PW) + { + if(s_associatedHandles[sessionIndex] == TPM_RH_UNASSIGNED) + return TPM_RCS_HANDLE + errorIndex; + // a password session can't be audit, encrypt or decrypt + if(IS_ATTRIBUTE(s_attributes[sessionIndex], TPMA_SESSION, audit) + || IS_ATTRIBUTE(s_attributes[sessionIndex], TPMA_SESSION, encrypt) + || IS_ATTRIBUTE(s_attributes[sessionIndex], TPMA_SESSION, decrypt)) + return TPM_RCS_ATTRIBUTES + errorIndex; + session = NULL; + } + else + { + session = SessionGet(s_sessionHandles[sessionIndex]); + + // A trial session can not appear in session area, because it cannot + // be used for authorization, audit or encrypt/decrypt. + if(session->attributes.isTrialPolicy == SET) + return TPM_RCS_ATTRIBUTES + errorIndex; + + // See if the session is bound to a DA protected entity + // NOTE: Since a policy session is never bound, a policy is still + // usable even if the object is DA protected and the TPM is in + // lockout. + if(session->attributes.isDaBound == SET) + { + result = CheckLockedOut(session->attributes.isLockoutBound == SET); + if(result != TPM_RC_SUCCESS) + return result; + } + // If this session is for auditing, make sure the cpHash is computed. + if(IS_ATTRIBUTE(s_attributes[sessionIndex], TPMA_SESSION, audit)) + ComputeCpHash(command, session->authHashAlg); + } + + // if the session has an associated handle, check the authorization + if(s_associatedHandles[sessionIndex] != TPM_RH_UNASSIGNED) + { + result = CheckAuthSession(command, sessionIndex); + if(result != TPM_RC_SUCCESS) + return RcSafeAddToResult(result, errorIndex); + } + else + { + // a session that is not for authorization must either be encrypt, + // decrypt, or audit + if(!IS_ATTRIBUTE(s_attributes[sessionIndex], TPMA_SESSION, audit) + && !IS_ATTRIBUTE(s_attributes[sessionIndex], TPMA_SESSION, encrypt) + && !IS_ATTRIBUTE(s_attributes[sessionIndex], TPMA_SESSION, decrypt)) + return TPM_RCS_ATTRIBUTES + errorIndex; + + // no authValue included in any of the HMAC computations + pAssert(session != NULL); + session->attributes.includeAuth = CLEAR; + + // check HMAC for encrypt/decrypt/audit only sessions + result = CheckSessionHMAC(command, sessionIndex); + if(result != TPM_RC_SUCCESS) + return RcSafeAddToResult(result, errorIndex); + } + } +#ifdef TPM_CC_GetCommandAuditDigest + // Check if the command should be audited. Need to do this before any parameter + // encryption so that the cpHash for the audit is correct + if(CommandAuditIsRequired(command->index)) + { + result = CheckCommandAudit(command); + if(result != TPM_RC_SUCCESS) + return result; // No session number to reference + } +#endif + // Decrypt the first parameter if applicable. This should be the last operation + // in session processing. + // If the encrypt session is associated with a handle and the handle's + // authValue is available, then authValue is concatenated with sessionKey to + // generate encryption key, no matter if the handle is the session bound entity + // or not. + if(s_decryptSessionIndex != UNDEFINED_INDEX) + { + // If this is an authorization session, include the authValue in the + // generation of the decryption key + if(s_associatedHandles[s_decryptSessionIndex] != TPM_RH_UNASSIGNED) + { + EntityGetAuthValue(s_associatedHandles[s_decryptSessionIndex], + &extraKey); + } + else + { + extraKey.b.size = 0; + } + size = DecryptSize(command->index); + result = CryptParameterDecryption(s_sessionHandles[s_decryptSessionIndex], + &s_nonceCaller[s_decryptSessionIndex].b, + command->parameterSize, (UINT16)size, + &extraKey, + command->parameterBuffer); + if(result != TPM_RC_SUCCESS) + return RcSafeAddToResult(result, + TPM_RC_S + g_rcIndex[s_decryptSessionIndex]); + } + + return TPM_RC_SUCCESS; +} + +//*** CheckAuthNoSession() +// Function to process a command with no session associated. +// The function makes sure all the handles in the command require no authorization. +// +// Return Type: TPM_RC +// TPM_RC_AUTH_MISSING failure - one or more handles require +// authorization +TPM_RC +CheckAuthNoSession( + COMMAND *command // IN: command parsing structure + ) +{ + UINT32 i; + TPM_RC result = TPM_RC_SUCCESS; +// + // Check if the command requires authorization + for(i = 0; i < command->handleNum; i++) + { + if(CommandAuthRole(command->index, i) != AUTH_NONE) + return TPM_RC_AUTH_MISSING; + } +#ifdef TPM_CC_GetCommandAuditDigest + // Check if the command should be audited. + if(CommandAuditIsRequired(command->index)) + { + result = CheckCommandAudit(command); + if(result != TPM_RC_SUCCESS) + return result; + } +#endif + // Initialize number of sessions to be 0 + command->sessionNum = 0; + + return TPM_RC_SUCCESS; +} + +//** Response Session Processing +//*** Introduction +// +// The following functions build the session area in a response and handle +// the audit sessions (if present). +// + +//*** ComputeRpHash() +// Function to compute rpHash (Response Parameter Hash). The rpHash is only +// computed if there is an HMAC authorization session and the return code is +// TPM_RC_SUCCESS. +static TPM2B_DIGEST * +ComputeRpHash( + COMMAND *command, // IN: command structure + TPM_ALG_ID hashAlg // IN: hash algorithm to compute rpHash + ) +{ + TPM2B_DIGEST *rpHash = GetRpHashPointer(command, hashAlg); + HASH_STATE hashState; +// + if(rpHash->t.size == 0) + { + // rpHash := hash(responseCode || commandCode || parameters) + + // Initiate hash creation. + rpHash->t.size = CryptHashStart(&hashState, hashAlg); + + // Add hash constituents. + CryptDigestUpdateInt(&hashState, sizeof(TPM_RC), TPM_RC_SUCCESS); + CryptDigestUpdateInt(&hashState, sizeof(TPM_CC), command->code); + CryptDigestUpdate(&hashState, command->parameterSize, + command->parameterBuffer); + // Complete hash computation. + CryptHashEnd2B(&hashState, &rpHash->b); + } + return rpHash; +} + +//*** InitAuditSession() +// This function initializes the audit data in an audit session. +static void +InitAuditSession( + SESSION *session // session to be initialized + ) +{ + // Mark session as an audit session. + session->attributes.isAudit = SET; + + // Audit session can not be bound. + session->attributes.isBound = CLEAR; + + // Size of the audit log is the size of session hash algorithm digest. + session->u2.auditDigest.t.size = CryptHashGetDigestSize(session->authHashAlg); + + // Set the original digest value to be 0. + MemorySet(&session->u2.auditDigest.t.buffer, + 0, + session->u2.auditDigest.t.size); + return; +} + +//*** UpdateAuditDigest +// Function to update an audit digest +static void +UpdateAuditDigest( + COMMAND *command, + TPMI_ALG_HASH hashAlg, + TPM2B_DIGEST *digest + ) +{ + HASH_STATE hashState; + TPM2B_DIGEST *cpHash = GetCpHash(command, hashAlg); + TPM2B_DIGEST *rpHash = ComputeRpHash(command, hashAlg); +// + pAssert(cpHash != NULL); + + // digestNew := hash (digestOld || cpHash || rpHash) + // Start hash computation. + digest->t.size = CryptHashStart(&hashState, hashAlg); + // Add old digest. + CryptDigestUpdate2B(&hashState, &digest->b); + // Add cpHash + CryptDigestUpdate2B(&hashState, &cpHash->b); + // Add rpHash + CryptDigestUpdate2B(&hashState, &rpHash->b); + // Finalize the hash. + CryptHashEnd2B(&hashState, &digest->b); +} + + +//*** Audit() +//This function updates the audit digest in an audit session. +static void +Audit( + COMMAND *command, // IN: primary control structure + SESSION *auditSession // IN: loaded audit session + ) +{ + UpdateAuditDigest(command, auditSession->authHashAlg, + &auditSession->u2.auditDigest); + return; +} + +#ifdef TPM_CC_GetCommandAuditDigest +//*** CommandAudit() +// This function updates the command audit digest. +static void +CommandAudit( + COMMAND *command // IN: + ) +{ + // If the digest.size is one, it indicates the special case of changing + // the audit hash algorithm. For this case, no audit is done on exit. + // NOTE: When the hash algorithm is changed, g_updateNV is set in order to + // force an update to the NV on exit so that the change in digest will + // be recorded. So, it is safe to exit here without setting any flags + // because the digest change will be written to NV when this code exits. + if(gr.commandAuditDigest.t.size == 1) + { + gr.commandAuditDigest.t.size = 0; + return; + } + // If the digest size is zero, need to start a new digest and increment + // the audit counter. + if(gr.commandAuditDigest.t.size == 0) + { + gr.commandAuditDigest.t.size = CryptHashGetDigestSize(gp.auditHashAlg); + MemorySet(gr.commandAuditDigest.t.buffer, + 0, + gr.commandAuditDigest.t.size); + + // Bump the counter and save its value to NV. + gp.auditCounter++; + NV_SYNC_PERSISTENT(auditCounter); + } + UpdateAuditDigest(command, gp.auditHashAlg, &gr.commandAuditDigest); + return; +} +#endif + +//*** UpdateAuditSessionStatus() +// Function to update the internal audit related states of a session. It +// 1. initializes the session as audit session and sets it to be exclusive if this +// is the first time it is used for audit or audit reset was requested; +// 2. reports exclusive audit session; +// 3. extends audit log; and +// 4. clears exclusive audit session if no audit session found in the command. +static void +UpdateAuditSessionStatus( + COMMAND *command // IN: primary control structure + ) +{ + UINT32 i; + TPM_HANDLE auditSession = TPM_RH_UNASSIGNED; +// + // Iterate through sessions + for(i = 0; i < command->sessionNum; i++) + { + SESSION *session; +// + // PW session do not have a loaded session and can not be an audit + // session either. Skip it. + if(s_sessionHandles[i] == TPM_RS_PW) + continue; + session = SessionGet(s_sessionHandles[i]); + + // If a session is used for audit + if(IS_ATTRIBUTE(s_attributes[i], TPMA_SESSION, audit)) + { + // An audit session has been found + auditSession = s_sessionHandles[i]; + + // If the session has not been an audit session yet, or + // the auditSetting bits indicate a reset, initialize it and set + // it to be the exclusive session + if(session->attributes.isAudit == CLEAR + || IS_ATTRIBUTE(s_attributes[i], TPMA_SESSION, auditReset)) + { + InitAuditSession(session); + g_exclusiveAuditSession = auditSession; + } + else + { + // Check if the audit session is the current exclusive audit + // session and, if not, clear previous exclusive audit session. + if(g_exclusiveAuditSession != auditSession) + g_exclusiveAuditSession = TPM_RH_UNASSIGNED; + } + // Report audit session exclusivity. + if(g_exclusiveAuditSession == auditSession) + { + SET_ATTRIBUTE(s_attributes[i], TPMA_SESSION, auditExclusive); + } + else + { + CLEAR_ATTRIBUTE(s_attributes[i], TPMA_SESSION, auditExclusive); + } + // Extend audit log. + Audit(command, session); + } + } + // If no audit session is found in the command, and the command allows + // a session then, clear the current exclusive + // audit session. + if(auditSession == TPM_RH_UNASSIGNED && IsSessionAllowed(command->index)) + { + g_exclusiveAuditSession = TPM_RH_UNASSIGNED; + } + return; +} + +//*** ComputeResponseHMAC() +// Function to compute HMAC for authorization session in a response. +/*(See part 1 specification) +// Function: Compute HMAC for response sessions +// The sessionAuth value +// authHMAC := HMACsHASH((sessionAuth | authValue), +// (pHash | nonceTPM | nonceCaller | sessionAttributes)) +// Where: +// HMACsHASH() The HMAC algorithm using the hash algorithm specified when +// the session was started. +// +// sessionAuth A TPMB_MEDIUM computed in a protocol-dependent way, using +// KDFa. In an HMAC or KDF, only sessionAuth.buffer is used. +// +// authValue A TPM2B_AUTH that is found in the sensitive area of an +// object. In an HMAC or KDF, only authValue.buffer is used +// and all trailing zeros are removed. +// +// pHash Response parameters (rpHash) using the session hash. When +// using a pHash in an HMAC computation, both the algorithm ID +// and the digest are included. +// +// nonceTPM A TPM2B_NONCE that is generated by the entity using the +// session. In an HMAC or KDF, only nonceTPM.buffer is used. +// +// nonceCaller a TPM2B_NONCE that was received the previous time the +// session was used. In an HMAC or KDF, only +// nonceCaller.buffer is used. +// +// sessionAttributes A TPMA_SESSION that indicates the attributes associated +// with a particular use of the session. +*/ +static void +ComputeResponseHMAC( + COMMAND *command, // IN: command structure + UINT32 sessionIndex, // IN: session index to be processed + SESSION *session, // IN: loaded session + TPM2B_DIGEST *hmac // OUT: authHMAC + ) +{ + TPM2B_TYPE(KEY, (sizeof(AUTH_VALUE) * 2)); + TPM2B_KEY key; // HMAC key + BYTE marshalBuffer[sizeof(TPMA_SESSION)]; + BYTE *buffer; + UINT32 marshalSize; + HMAC_STATE hmacState; + TPM2B_DIGEST *rpHash = ComputeRpHash(command, session->authHashAlg); +// + // Generate HMAC key + MemoryCopy2B(&key.b, &session->sessionKey.b, sizeof(key.t.buffer)); + + // Add the object authValue if required + if(session->attributes.includeAuth == SET) + { + // Note: includeAuth may be SET for a policy that is used in + // UndefineSpaceSpecial(). At this point, the Index has been deleted + // so the includeAuth will have no meaning. However, the + // s_associatedHandles[] value for the session is now set to TPM_RH_NULL so + // this will return the authValue associated with TPM_RH_NULL and that is + // and empty buffer. + TPM2B_AUTH authValue; +// + // Get the authValue with trailing zeros removed + EntityGetAuthValue(s_associatedHandles[sessionIndex], &authValue); + + // Add it to the key + MemoryConcat2B(&key.b, &authValue.b, sizeof(key.t.buffer)); + } + + // if the HMAC key size is 0, the response HMAC is computed according to the + // input HMAC + if(key.t.size == 0 + && s_inputAuthValues[sessionIndex].t.size == 0) + { + hmac->t.size = 0; + return; + } + // Start HMAC computation. + hmac->t.size = CryptHmacStart2B(&hmacState, session->authHashAlg, &key.b); + + // Add hash components. + CryptDigestUpdate2B(&hmacState.hashState, &rpHash->b); + CryptDigestUpdate2B(&hmacState.hashState, &session->nonceTPM.b); + CryptDigestUpdate2B(&hmacState.hashState, &s_nonceCaller[sessionIndex].b); + + // Add session attributes. + buffer = marshalBuffer; + marshalSize = TPMA_SESSION_Marshal(&s_attributes[sessionIndex], &buffer, NULL); + CryptDigestUpdate(&hmacState.hashState, marshalSize, marshalBuffer); + + // Finalize HMAC. + CryptHmacEnd2B(&hmacState, &hmac->b); + + return; +} + +//*** UpdateInternalSession() +// Updates internal sessions: +// 1. Restarts session time. +// 2. Clears a policy session since nonce is rolling. +static void +UpdateInternalSession( + SESSION *session, // IN: the session structure + UINT32 i // IN: session number + ) +{ + // If nonce is rolling in a policy session, the policy related data + // will be re-initialized. + if(HandleGetType(s_sessionHandles[i]) == TPM_HT_POLICY_SESSION + && IS_ATTRIBUTE(s_attributes[i], TPMA_SESSION, continueSession)) + { + // When the nonce rolls it starts a new timing interval for the + // policy session. + SessionResetPolicyData(session); + SessionSetStartTime(session); + } + return; +} + +//*** BuildSingleResponseAuth() +// Function to compute response HMAC value for a policy or HMAC session. +static TPM2B_NONCE * +BuildSingleResponseAuth( + COMMAND *command, // IN: command structure + UINT32 sessionIndex, // IN: session index to be processed + TPM2B_AUTH *auth // OUT: authHMAC + ) +{ + // Fill in policy/HMAC based session response. + SESSION *session = SessionGet(s_sessionHandles[sessionIndex]); +// + // If the session is a policy session with isPasswordNeeded SET, the + // authorization field is empty. + if(HandleGetType(s_sessionHandles[sessionIndex]) == TPM_HT_POLICY_SESSION + && session->attributes.isPasswordNeeded == SET) + auth->t.size = 0; + else + // Compute response HMAC. + ComputeResponseHMAC(command, sessionIndex, session, auth); + + UpdateInternalSession(session, sessionIndex); + return &session->nonceTPM; +} + +//*** UpdateAllNonceTPM() +// Updates TPM nonce for all sessions in command. +static void +UpdateAllNonceTPM( + COMMAND *command // IN: controlling structure + ) +{ + UINT32 i; + SESSION *session; +// + for(i = 0; i < command->sessionNum; i++) + { + // If not a PW session, compute the new nonceTPM. + if(s_sessionHandles[i] != TPM_RS_PW) + { + session = SessionGet(s_sessionHandles[i]); + // Update nonceTPM in both internal session and response. + CryptRandomGenerate(session->nonceTPM.t.size, + session->nonceTPM.t.buffer); + } + } + return; +} + + + +//*** BuildResponseSession() +// Function to build Session buffer in a response. The authorization data is added +// to the end of command->responseBuffer. The size of the authorization area is +// accumulated in command->authSize. +// When this is called, command->responseBuffer is pointing at the next location +// in the response buffer to be filled. This is where the authorization sessions +// will go, if any. command->parameterSize is the number of bytes that have been +// marshaled as parameters in the output buffer. +void +BuildResponseSession( + COMMAND *command // IN: structure that has relevant command + // information + ) +{ + pAssert(command->authSize == 0); + + // Reset the parameter buffer to point to the start of the parameters so that + // there is a starting point for any rpHash that might be generated and so there + // is a place where parameter encryption would start + command->parameterBuffer = command->responseBuffer - command->parameterSize; + + // Session nonces should be updated before parameter encryption + if(command->tag == TPM_ST_SESSIONS) + { + UpdateAllNonceTPM(command); + + // Encrypt first parameter if applicable. Parameter encryption should + // happen after nonce update and before any rpHash is computed. + // If the encrypt session is associated with a handle, the authValue of + // this handle will be concatenated with sessionKey to generate + // encryption key, no matter if the handle is the session bound entity + // or not. The authValue is added to sessionKey only when the authValue + // is available. + if(s_encryptSessionIndex != UNDEFINED_INDEX) + { + UINT32 size; + TPM2B_AUTH extraKey; +// + extraKey.b.size = 0; + // If this is an authorization session, include the authValue in the + // generation of the encryption key + if(s_associatedHandles[s_encryptSessionIndex] != TPM_RH_UNASSIGNED) + { + EntityGetAuthValue(s_associatedHandles[s_encryptSessionIndex], + &extraKey); + } + size = EncryptSize(command->index); + CryptParameterEncryption(s_sessionHandles[s_encryptSessionIndex], + &s_nonceCaller[s_encryptSessionIndex].b, + (UINT16)size, + &extraKey, + command->parameterBuffer); + } + } + // Audit sessions should be processed regardless of the tag because + // a command with no session may cause a change of the exclusivity state. + UpdateAuditSessionStatus(command); +#if CC_GetCommandAuditDigest + // Command Audit + if(CommandAuditIsRequired(command->index)) + CommandAudit(command); +#endif + // Process command with sessions. + if(command->tag == TPM_ST_SESSIONS) + { + UINT32 i; +// + pAssert(command->sessionNum > 0); + + // Iterate over each session in the command session area, and create + // corresponding sessions for response. + for(i = 0; i < command->sessionNum; i++) + { + TPM2B_NONCE *nonceTPM; + TPM2B_DIGEST responseAuth; + // Make sure that continueSession is SET on any Password session. + // This makes it marginally easier for the management software + // to keep track of the closed sessions. + if(s_sessionHandles[i] == TPM_RS_PW) + { + SET_ATTRIBUTE(s_attributes[i], TPMA_SESSION, continueSession); + responseAuth.t.size = 0; + nonceTPM = (TPM2B_NONCE *)&responseAuth; + } + else + { + // Compute the response HMAC and get a pointer to the nonce used. + // This function will also update the values if needed. Note, the + nonceTPM = BuildSingleResponseAuth(command, i, &responseAuth); + } + command->authSize += TPM2B_NONCE_Marshal(nonceTPM, + &command->responseBuffer, + NULL); + command->authSize += TPMA_SESSION_Marshal(&s_attributes[i], + &command->responseBuffer, + NULL); + command->authSize += TPM2B_DIGEST_Marshal(&responseAuth, + &command->responseBuffer, + NULL); + if(!IS_ATTRIBUTE(s_attributes[i], TPMA_SESSION, continueSession)) + SessionFlush(s_sessionHandles[i]); + } + } + return; +} + +//*** SessionRemoveAssociationToHandle() +// This function deals with the case where an entity associated with an authorization +// is deleted during command processing. The primary use of this is to support +// UndefineSpaceSpecial(). +void +SessionRemoveAssociationToHandle( + TPM_HANDLE handle + ) +{ + UINT32 i; +// + for(i = 0; i < MAX_SESSION_NUM; i++) + { + if(s_associatedHandles[i] == handle) + { + s_associatedHandles[i] = TPM_RH_NULL; + } + } +} \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/CommandAudit.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/CommandAudit.c new file mode 100644 index 000000000..306b39b92 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/CommandAudit.c @@ -0,0 +1,268 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +//** Introduction +// This file contains the functions that support command audit. + +//** Includes +#include "Tpm.h" + +//** Functions + +//*** CommandAuditPreInstall_Init() +// This function initializes the command audit list. This function simulates +// the behavior of manufacturing. A function is used instead of a structure +// definition because this is easier than figuring out the initialization value +// for a bit array. +// +// This function would not be implemented outside of a manufacturing or +// simulation environment. +void +CommandAuditPreInstall_Init( + void + ) +{ + // Clear all the audit commands + MemorySet(gp.auditCommands, 0x00, sizeof(gp.auditCommands)); + + // TPM_CC_SetCommandCodeAuditStatus always being audited + CommandAuditSet(TPM_CC_SetCommandCodeAuditStatus); + + // Set initial command audit hash algorithm to be context integrity hash + // algorithm + gp.auditHashAlg = CONTEXT_INTEGRITY_HASH_ALG; + + // Set up audit counter to be 0 + gp.auditCounter = 0; + + // Write command audit persistent data to NV + NV_SYNC_PERSISTENT(auditCommands); + NV_SYNC_PERSISTENT(auditHashAlg); + NV_SYNC_PERSISTENT(auditCounter); + + return; +} + +//*** CommandAuditStartup() +// This function clears the command audit digest on a TPM Reset. +BOOL +CommandAuditStartup( + STARTUP_TYPE type // IN: start up type + ) +{ + if((type != SU_RESTART) && (type != SU_RESUME)) + { + // Reset the digest size to initialize the digest + gr.commandAuditDigest.t.size = 0; + } + return TRUE; +} + +//*** CommandAuditSet() +// This function will SET the audit flag for a command. This function +// will not SET the audit flag for a command that is not implemented. This +// ensures that the audit status is not SET when TPM2_GetCapability() is +// used to read the list of audited commands. +// +// This function is only used by TPM2_SetCommandCodeAuditStatus(). +// +// The actions in TPM2_SetCommandCodeAuditStatus() are expected to cause the +// changes to be saved to NV after it is setting and clearing bits. +// Return Type: BOOL +// TRUE(1) command code audit status was changed +// FALSE(0) command code audit status was not changed +BOOL +CommandAuditSet( + TPM_CC commandCode // IN: command code + ) +{ + COMMAND_INDEX commandIndex = CommandCodeToCommandIndex(commandCode); + + // Only SET a bit if the corresponding command is implemented + if(commandIndex != UNIMPLEMENTED_COMMAND_INDEX) + { + // Can't audit shutdown + if(commandCode != TPM_CC_Shutdown) + { + if(!TEST_BIT(commandIndex, gp.auditCommands)) + { + // Set bit + SET_BIT(commandIndex, gp.auditCommands); + return TRUE; + } + } + } + // No change + return FALSE; +} + +//*** CommandAuditClear() +// This function will CLEAR the audit flag for a command. It will not CLEAR the +// audit flag for TPM_CC_SetCommandCodeAuditStatus(). +// +// This function is only used by TPM2_SetCommandCodeAuditStatus(). +// +// The actions in TPM2_SetCommandCodeAuditStatus() are expected to cause the +// changes to be saved to NV after it is setting and clearing bits. +// Return Type: BOOL +// TRUE(1) command code audit status was changed +// FALSE(0) command code audit status was not changed +BOOL +CommandAuditClear( + TPM_CC commandCode // IN: command code + ) +{ + COMMAND_INDEX commandIndex = CommandCodeToCommandIndex(commandCode); + + // Do nothing if the command is not implemented + if(commandIndex != UNIMPLEMENTED_COMMAND_INDEX) + { + // The bit associated with TPM_CC_SetCommandCodeAuditStatus() cannot be + // cleared + if(commandCode != TPM_CC_SetCommandCodeAuditStatus) + { + if(TEST_BIT(commandIndex, gp.auditCommands)) + { + // Clear bit + CLEAR_BIT(commandIndex, gp.auditCommands); + return TRUE; + } + } + } + // No change + return FALSE; +} + +//*** CommandAuditIsRequired() +// This function indicates if the audit flag is SET for a command. +// Return Type: BOOL +// TRUE(1) command is audited +// FALSE(0) command is not audited +BOOL +CommandAuditIsRequired( + COMMAND_INDEX commandIndex // IN: command index + ) +{ + // Check the bit map. If the bit is SET, command audit is required + return(TEST_BIT(commandIndex, gp.auditCommands)); +} + +//*** CommandAuditCapGetCCList() +// This function returns a list of commands that have their audit bit SET. +// +// The list starts at the input commandCode. +// Return Type: TPMI_YES_NO +// YES if there are more command code available +// NO all the available command code has been returned +TPMI_YES_NO +CommandAuditCapGetCCList( + TPM_CC commandCode, // IN: start command code + UINT32 count, // IN: count of returned TPM_CC + TPML_CC *commandList // OUT: list of TPM_CC + ) +{ + TPMI_YES_NO more = NO; + COMMAND_INDEX commandIndex; + + // Initialize output handle list + commandList->count = 0; + + // The maximum count of command we may return is MAX_CAP_CC + if(count > MAX_CAP_CC) count = MAX_CAP_CC; + + // Find the implemented command that has a command code that is the same or + // higher than the input + // Collect audit commands + for(commandIndex = GetClosestCommandIndex(commandCode); + commandIndex != UNIMPLEMENTED_COMMAND_INDEX; + commandIndex = GetNextCommandIndex(commandIndex)) + { + if(CommandAuditIsRequired(commandIndex)) + { + if(commandList->count < count) + { + // If we have not filled up the return list, add this command + // code to its + TPM_CC cc = GET_ATTRIBUTE(s_ccAttr[commandIndex], + TPMA_CC, commandIndex); + if(IS_ATTRIBUTE(s_ccAttr[commandIndex], TPMA_CC, V)) + cc += (1 << 29); + commandList->commandCodes[commandList->count] = cc; + commandList->count++; + } + else + { + // If the return list is full but we still have command + // available, report this and stop iterating + more = YES; + break; + } + } + } + + return more; +} + +//*** CommandAuditGetDigest +// This command is used to create a digest of the commands being audited. The +// commands are processed in ascending numeric order with a list of TPM_CC being +// added to a hash. This operates as if all the audited command codes were +// concatenated and then hashed. +void +CommandAuditGetDigest( + TPM2B_DIGEST *digest // OUT: command digest + ) +{ + TPM_CC commandCode; + COMMAND_INDEX commandIndex; + HASH_STATE hashState; + + // Start hash + digest->t.size = CryptHashStart(&hashState, gp.auditHashAlg); + + // Add command code + for(commandIndex = 0; commandIndex < COMMAND_COUNT; commandIndex++) + { + if(CommandAuditIsRequired(commandIndex)) + { + commandCode = GetCommandCode(commandIndex); + CryptDigestUpdateInt(&hashState, sizeof(commandCode), commandCode); + } + } + + // Complete hash + CryptHashEnd2B(&hashState, &digest->b); + + return; +} \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/DA.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/DA.c new file mode 100644 index 000000000..a537c719e --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/DA.c @@ -0,0 +1,235 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +//** Introduction +// This file contains the functions and data definitions relating to the +// dictionary attack logic. + +//** Includes and Data Definitions +#define DA_C +#include "Tpm.h" + +//** Functions + +//*** DAPreInstall_Init() +// This function initializes the DA parameters to their manufacturer-default +// values. The default values are determined by a platform-specific specification. +// +// This function should not be called outside of a manufacturing or simulation +// environment. +// +// The DA parameters will be restored to these initial values by TPM2_Clear(). +void +DAPreInstall_Init( + void + ) +{ + gp.failedTries = 0; + gp.maxTries = 3; + gp.recoveryTime = 1000; // in seconds (~16.67 minutes) + gp.lockoutRecovery = 1000; // in seconds + gp.lockOutAuthEnabled = TRUE; // Use of lockoutAuth is enabled + + // Record persistent DA parameter changes to NV + NV_SYNC_PERSISTENT(failedTries); + NV_SYNC_PERSISTENT(maxTries); + NV_SYNC_PERSISTENT(recoveryTime); + NV_SYNC_PERSISTENT(lockoutRecovery); + NV_SYNC_PERSISTENT(lockOutAuthEnabled); + + return; +} + + +//*** DAStartup() +// This function is called by TPM2_Startup() to initialize the DA parameters. +// In the case of Startup(CLEAR), use of lockoutAuth will be enabled if the +// lockout recovery time is 0. Otherwise, lockoutAuth will not be enabled until +// the TPM has been continuously powered for the lockoutRecovery time. +// +// This function requires that NV be available and not rate limiting. +BOOL +DAStartup( + STARTUP_TYPE type // IN: startup type + ) +{ + NOT_REFERENCED(type); +#if !ACCUMULATE_SELF_HEAL_TIMER + _plat__TimerWasReset(); + s_selfHealTimer = 0; + s_lockoutTimer = 0; +#else + if(_plat__TimerWasReset()) + { + if(!NV_IS_ORDERLY) + { + // If shutdown was not orderly, then don't really know if go.time has + // any useful value so reset the timer to 0. This is what the tick + // was reset to + s_selfHealTimer = 0; + s_lockoutTimer = 0; + } + else + { + // If we know how much time was accumulated at the last orderly shutdown + // subtract that from the saved timer values so that they effectively + // have the accumulated values + s_selfHealTimer -= go.time; + s_lockoutTimer -= go.time; + } + } +#endif + + // For any Startup(), if lockoutRecovery is 0, enable use of lockoutAuth. + if(gp.lockoutRecovery == 0) + { + gp.lockOutAuthEnabled = TRUE; + // Record the changes to NV + NV_SYNC_PERSISTENT(lockOutAuthEnabled); + } + + // If DA has not been disabled and the previous shutdown is not orderly + // failedTries is not already at its maximum then increment 'failedTries' + if(gp.recoveryTime != 0 + && gp.failedTries < gp.maxTries + && !IS_ORDERLY(g_prevOrderlyState)) + { +#if USE_DA_USED + gp.failedTries += g_daUsed; + g_daUsed = FALSE; +#else + gp.failedTries++; +#endif + // Record the change to NV + NV_SYNC_PERSISTENT(failedTries); + } + // Before Startup, the TPM will not do clock updates. At startup, need to + // do a time update which will do the DA update. + TimeUpdate(); + + return TRUE; +} + +//*** DARegisterFailure() +// This function is called when a authorization failure occurs on an entity +// that is subject to dictionary-attack protection. When a DA failure is +// triggered, register the failure by resetting the relevant self-healing +// timer to the current time. +void +DARegisterFailure( + TPM_HANDLE handle // IN: handle for failure + ) +{ + // Reset the timer associated with lockout if the handle is the lockoutAuth. + if(handle == TPM_RH_LOCKOUT) + s_lockoutTimer = g_time; + else + s_selfHealTimer = g_time; + return; +} + +//*** DASelfHeal() +// This function is called to check if sufficient time has passed to allow +// decrement of failedTries or to re-enable use of lockoutAuth. +// +// This function should be called when the time interval is updated. +void +DASelfHeal( + void + ) +{ + // Regular authorization self healing logic + // If no failed authorization tries, do nothing. Otherwise, try to + // decrease failedTries + if(gp.failedTries != 0) + { + // if recovery time is 0, DA logic has been disabled. Clear failed tries + // immediately + if(gp.recoveryTime == 0) + { + gp.failedTries = 0; + // Update NV record + NV_SYNC_PERSISTENT(failedTries); + } + else + { + UINT64 decreaseCount; +#if 0 // Errata eliminates this code + // In the unlikely event that failedTries should become larger than + // maxTries + if(gp.failedTries > gp.maxTries) + gp.failedTries = gp.maxTries; +#endif + // How much can failedTries be decreased + + // Cast s_selfHealTimer to an int in case it became negative at + // startup + decreaseCount = ((g_time - (INT64)s_selfHealTimer) / 1000) + / gp.recoveryTime; + + if(gp.failedTries <= (UINT32)decreaseCount) + // should not set failedTries below zero + gp.failedTries = 0; + else + gp.failedTries -= (UINT32)decreaseCount; + + // the cast prevents overflow of the product + s_selfHealTimer += (decreaseCount * (UINT64)gp.recoveryTime) * 1000; + if(decreaseCount != 0) + // If there was a change to the failedTries, record the changes + // to NV + NV_SYNC_PERSISTENT(failedTries); + } + } + + // LockoutAuth self healing logic + // If lockoutAuth is enabled, do nothing. Otherwise, try to see if we + // may enable it + if(!gp.lockOutAuthEnabled) + { + // if lockout authorization recovery time is 0, a reboot is required to + // re-enable use of lockout authorization. Self-healing would not + // apply in this case. + if(gp.lockoutRecovery != 0) + { + if(((g_time - (INT64)s_lockoutTimer) / 1000) >= gp.lockoutRecovery) + { + gp.lockOutAuthEnabled = TRUE; + // Record the changes to NV + NV_SYNC_PERSISTENT(lockOutAuthEnabled); + } + } + } + return; +} \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/Hierarchy.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/Hierarchy.c new file mode 100644 index 000000000..bec54378d --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/Hierarchy.c @@ -0,0 +1,237 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +//** Introduction +// This file contains the functions used for managing and accessing the +// hierarchy-related values. + +//** Includes + +#include "Tpm.h" + +//** Functions + +//*** HierarchyPreInstall() +// This function performs the initialization functions for the hierarchy +// when the TPM is simulated. This function should not be called if the +// TPM is not in a manufacturing mode at the manufacturer, or in a simulated +// environment. +void +HierarchyPreInstall_Init( + void + ) +{ + // Allow lockout clear command + gp.disableClear = FALSE; + + // Initialize Primary Seeds + gp.EPSeed.t.size = sizeof(gp.EPSeed.t.buffer); + gp.SPSeed.t.size = sizeof(gp.SPSeed.t.buffer); + gp.PPSeed.t.size = sizeof(gp.PPSeed.t.buffer); +#if (defined USE_PLATFORM_EPS) && (USE_PLATFORM_EPS != NO) + _plat__GetEPS(gp.EPSeed.t.size, gp.EPSeed.t.buffer); +#else + CryptRandomGenerate(gp.EPSeed.t.size, gp.EPSeed.t.buffer); +#endif + CryptRandomGenerate(gp.SPSeed.t.size, gp.SPSeed.t.buffer); + CryptRandomGenerate(gp.PPSeed.t.size, gp.PPSeed.t.buffer); + + // Initialize owner, endorsement and lockout authorization + gp.ownerAuth.t.size = 0; + gp.endorsementAuth.t.size = 0; + gp.lockoutAuth.t.size = 0; + + // Initialize owner, endorsement, and lockout policy + gp.ownerAlg = TPM_ALG_NULL; + gp.ownerPolicy.t.size = 0; + gp.endorsementAlg = TPM_ALG_NULL; + gp.endorsementPolicy.t.size = 0; + gp.lockoutAlg = TPM_ALG_NULL; + gp.lockoutPolicy.t.size = 0; + + // Initialize ehProof, shProof and phProof + gp.phProof.t.size = sizeof(gp.phProof.t.buffer); + gp.shProof.t.size = sizeof(gp.shProof.t.buffer); + gp.ehProof.t.size = sizeof(gp.ehProof.t.buffer); + CryptRandomGenerate(gp.phProof.t.size, gp.phProof.t.buffer); + CryptRandomGenerate(gp.shProof.t.size, gp.shProof.t.buffer); + CryptRandomGenerate(gp.ehProof.t.size, gp.ehProof.t.buffer); + + // Write hierarchy data to NV + NV_SYNC_PERSISTENT(disableClear); + NV_SYNC_PERSISTENT(EPSeed); + NV_SYNC_PERSISTENT(SPSeed); + NV_SYNC_PERSISTENT(PPSeed); + NV_SYNC_PERSISTENT(ownerAuth); + NV_SYNC_PERSISTENT(endorsementAuth); + NV_SYNC_PERSISTENT(lockoutAuth); + NV_SYNC_PERSISTENT(ownerAlg); + NV_SYNC_PERSISTENT(ownerPolicy); + NV_SYNC_PERSISTENT(endorsementAlg); + NV_SYNC_PERSISTENT(endorsementPolicy); + NV_SYNC_PERSISTENT(lockoutAlg); + NV_SYNC_PERSISTENT(lockoutPolicy); + NV_SYNC_PERSISTENT(phProof); + NV_SYNC_PERSISTENT(shProof); + NV_SYNC_PERSISTENT(ehProof); + + return; +} + +//*** HierarchyStartup() +// This function is called at TPM2_Startup() to initialize the hierarchy +// related values. +BOOL +HierarchyStartup( + STARTUP_TYPE type // IN: start up type + ) +{ + // phEnable is SET on any startup + g_phEnable = TRUE; + + // Reset platformAuth, platformPolicy; enable SH and EH at TPM_RESET and + // TPM_RESTART + if(type != SU_RESUME) + { + gc.platformAuth.t.size = 0; + gc.platformPolicy.t.size = 0; + gc.platformAlg = TPM_ALG_NULL; + + // enable the storage and endorsement hierarchies and the platformNV + gc.shEnable = gc.ehEnable = gc.phEnableNV = TRUE; + } + + // nullProof and nullSeed are updated at every TPM_RESET + if((type != SU_RESTART) && (type != SU_RESUME)) + { + gr.nullProof.t.size = sizeof(gr.nullProof.t.buffer); + CryptRandomGenerate(gr.nullProof.t.size, gr.nullProof.t.buffer); + gr.nullSeed.t.size = sizeof(gr.nullSeed.t.buffer); + CryptRandomGenerate(gr.nullSeed.t.size, gr.nullSeed.t.buffer); + } + + return TRUE; +} + +//*** HierarchyGetProof() +// This function finds the proof value associated with a hierarchy.It returns a +// pointer to the proof value. +TPM2B_PROOF * +HierarchyGetProof( + TPMI_RH_HIERARCHY hierarchy // IN: hierarchy constant + ) +{ + TPM2B_PROOF *proof = NULL; + + switch(hierarchy) + { + case TPM_RH_PLATFORM: + // phProof for TPM_RH_PLATFORM + proof = &gp.phProof; + break; + case TPM_RH_ENDORSEMENT: + // ehProof for TPM_RH_ENDORSEMENT + proof = &gp.ehProof; + break; + case TPM_RH_OWNER: + // shProof for TPM_RH_OWNER + proof = &gp.shProof; + break; + default: + // nullProof for TPM_RH_NULL or anything else + proof = &gr.nullProof; + break; + } + return proof; +} + +//*** HierarchyGetPrimarySeed() +// This function returns the primary seed of a hierarchy. +TPM2B_SEED * +HierarchyGetPrimarySeed( + TPMI_RH_HIERARCHY hierarchy // IN: hierarchy + ) +{ + TPM2B_SEED *seed = NULL; + switch(hierarchy) + { + case TPM_RH_PLATFORM: + seed = &gp.PPSeed; + break; + case TPM_RH_OWNER: + seed = &gp.SPSeed; + break; + case TPM_RH_ENDORSEMENT: + seed = &gp.EPSeed; + break; + default: + seed = &gr.nullSeed; + break; + } + return seed; +} + +//*** HierarchyIsEnabled() +// This function checks to see if a hierarchy is enabled. +// NOTE: The TPM_RH_NULL hierarchy is always enabled. +// Return Type: BOOL +// TRUE(1) hierarchy is enabled +// FALSE(0) hierarchy is disabled +BOOL +HierarchyIsEnabled( + TPMI_RH_HIERARCHY hierarchy // IN: hierarchy + ) +{ + BOOL enabled = FALSE; + + switch(hierarchy) + { + case TPM_RH_PLATFORM: + enabled = g_phEnable; + break; + case TPM_RH_OWNER: + enabled = gc.shEnable; + break; + case TPM_RH_ENDORSEMENT: + enabled = gc.ehEnable; + break; + case TPM_RH_NULL: + enabled = TRUE; + break; + default: + enabled = FALSE; + break; + } + return enabled; +} \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/NvDynamic.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/NvDynamic.c new file mode 100644 index 000000000..d73d4bf8d --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/NvDynamic.c @@ -0,0 +1,1932 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +//** Introduction + +// The NV memory is divided into two area: dynamic space for user defined NV +// indexes and evict objects, and reserved space for TPM persistent and state save +// data. +// +// The entries in dynamic space are a linked list of entries. Each entry has, as its +// first field, a size. If the size field is zero, it marks the end of the +// list. +// +// An Index allocation will contain an NV_INDEX structure. If the Index does not +// have the orderly attribute, the NV_INDEX is followed immediately by the NV data. +// +// An evict object entry contains a handle followed by an OBJECT structure. This +// results in both the Index and Evict Object having an identifying handle as the +// first field following the size field. +// +// When an Index has the orderly attribute, the data is kept in RAM. This RAM is +// saved to backing store in NV memory on any orderly shutdown. The entries in +// orderly memory are also a linked list using a size field as the first entry. +// +// The attributes of an orderly index are maintained in RAM memory in order to +// reduce the number of NV writes needed for orderly data. When an orderly index +// is created, an entry is made in the dynamic NV memory space that holds the Index +// authorizations (authPolicy and authValue) and the size of the data. This entry is +// only modified if the authValue of the index is changed. The more volatile data +// of the index is kept in RAM. When an orderly Index is created or deleted, the +// RAM data is copied to NV backing store so that the image in the backing store +// matches the layout of RAM. In normal operation. The RAM data is also copied on +// any orderly shutdown. In normal operation, the only other reason for writing +// to the backing store for RAM is when a counter is first written (TPMA_NV_WRITTEN +// changes from CLEAR to SET) or when a counter "rolls over." +// +// Static space contains items that are individually modifiable. The values are in +// the 'gp' PERSISTEND_DATA structure in RAM and mapped to locations in NV. +// + +//** Includes, Defines and Data Definitions +#define NV_C +#include "Tpm.h" +#include "PlatformData.h" + +//** Local Functions + + +//*** NvNext() +// This function provides a method to traverse every data entry in NV dynamic +// area. +// +// To begin with, parameter 'iter' should be initialized to NV_REF_INIT +// indicating the first element. Every time this function is called, the +// value in 'iter' would be adjusted pointing to the next element in +// traversal. If there is no next element, 'iter' value would be 0. +// This function returns the address of the 'data entry' pointed by the +// 'iter'. If there is no more element in the set, a 0 value is returned +// indicating the end of traversal. +// +static NV_REF +NvNext( + NV_REF *iter, // IN/OUT: the list iterator + TPM_HANDLE *handle // OUT: the handle of the next item. + ) +{ + NV_REF currentAddr; + NV_ENTRY_HEADER header; +// + // If iterator is at the beginning of list + if(*iter == NV_REF_INIT) + { + // Initialize iterator + *iter = NV_USER_DYNAMIC; + } + // Step over the size field and point to the handle + currentAddr = *iter + sizeof(UINT32); + + // read the header of the next entry + NvRead(&header, *iter, sizeof(NV_ENTRY_HEADER)); + + // if the size field is zero, then we have hit the end of the list + if(header.size == 0) + // leave the *iter pointing at the end of the list + return 0; + // advance the header by the size of the entry + *iter += header.size; + + if(handle != NULL) + *handle = header.handle; + return currentAddr; +} + + +//*** NvNextByType() +// This function returns a reference to the next NV entry of the desired type +// Return Type: NV_REF +// 0 end of list +// != 0 the next entry of the indicated type +static NV_REF +NvNextByType( + TPM_HANDLE *handle, // OUT: the handle of the found type + NV_REF *iter, // IN: the iterator + TPM_HT type // IN: the handle type to look for + ) +{ + NV_REF addr; + TPM_HANDLE nvHandle; +// + while((addr = NvNext(iter, &nvHandle)) != 0) + { + // addr: the address of the location containing the handle of the value + // iter: the next location. + if(HandleGetType(nvHandle) == type) + break; + } + if(handle != NULL) + *handle = nvHandle; + return addr; +} + +//*** NvNextIndex() +// This function returns the reference to the next NV Index entry. A value +// of 0 indicates the end of the list. +// Return Type: NV_REF +// 0 end of list +// != 0 the next reference +#define NvNextIndex(handle, iter) \ + NvNextByType(handle, iter, TPM_HT_NV_INDEX) + +//*** NvNextEvict() +// This function returns the offset in NV of the next evict object entry. A value +// of 0 indicates the end of the list. +#define NvNextEvict(handle, iter) \ + NvNextByType(handle, iter, TPM_HT_PERSISTENT) + +//*** NvGetEnd() +// Function to find the end of the NV dynamic data list +static NV_REF +NvGetEnd( + void + ) +{ + NV_REF iter = NV_REF_INIT; + NV_REF currentAddr; +// + // Scan until the next address is 0 + while((currentAddr = NvNext(&iter, NULL)) != 0); + return iter; +} + +//*** NvGetFreeBytes +// This function returns the number of free octets in NV space. +static UINT32 +NvGetFreeBytes( + void + ) +{ + // This does not have an overflow issue because NvGetEnd() cannot return a value + // that is larger than s_evictNvEnd. This is because there is always a 'stop' + // word in the NV memory that terminates the search for the end before the + // value can go past s_evictNvEnd. + return s_evictNvEnd - NvGetEnd(); +} + +//*** NvTestSpace() +// This function will test if there is enough space to add a new entity. +// Return Type: BOOL +// TRUE(1) space available +// FALSE(0) no enough space +static BOOL +NvTestSpace( + UINT32 size, // IN: size of the entity to be added + BOOL isIndex, // IN: TRUE if the entity is an index + BOOL isCounter // IN: TRUE if the index is a counter + ) +{ + UINT32 remainBytes = NvGetFreeBytes(); + UINT32 reserved = sizeof(UINT32) // size of the forward pointer + + sizeof(NV_LIST_TERMINATOR); +// + // Do a compile time sanity check on the setting for NV_MEMORY_SIZE +#if NV_MEMORY_SIZE < 1024 +#error "NV_MEMORY_SIZE probably isn't large enough" +#endif + + // For NV Index, need to make sure that we do not allocate an Index if this + // would mean that the TPM cannot allocate the minimum number of evict + // objects. + if(isIndex) + { + // Get the number of persistent objects allocated + UINT32 persistentNum = NvCapGetPersistentNumber(); + + // If we have not allocated the requisite number of evict objects, then we + // need to reserve space for them. + // NOTE: some of this is not written as simply as it might seem because + // the values are all unsigned and subtracting needs to be done carefully + // so that an underflow doesn't cause problems. + if(persistentNum < MIN_EVICT_OBJECTS) + reserved += (MIN_EVICT_OBJECTS - persistentNum) * NV_EVICT_OBJECT_SIZE; + } + // If this is not an index or is not a counter, reserve space for the + // required number of counter indexes + if(!isIndex || !isCounter) + { + // Get the number of counters + UINT32 counterNum = NvCapGetCounterNumber(); + + // If the required number of counters have not been allocated, reserved + // space for the extra needed counters + if(counterNum < MIN_COUNTER_INDICES) + reserved += (MIN_COUNTER_INDICES - counterNum) * NV_INDEX_COUNTER_SIZE; + } + // Check that the requested allocation will fit after making sure that there + // will be no chance of overflow + return ((reserved < remainBytes) + && (size <= remainBytes) + && (size + reserved <= remainBytes)); +} + +//*** NvWriteNvListEnd() +// Function to write the list terminator. +NV_REF +NvWriteNvListEnd( + NV_REF end + ) +{ + // Marker is initialized with zeros + BYTE listEndMarker[sizeof(NV_LIST_TERMINATOR)] = {0}; + UINT64 maxCount = NvReadMaxCount(); +// + // This is a constant check that can be resolved at compile time. + cAssert(sizeof(UINT64) <= sizeof(NV_LIST_TERMINATOR) - sizeof(UINT32)); + + // Copy the maxCount value to the marker buffer + MemoryCopy(&listEndMarker[sizeof(UINT32)], &maxCount, sizeof(UINT64)); + pAssert(end + sizeof(NV_LIST_TERMINATOR) <= s_evictNvEnd); + + // Write it to memory + NvWrite(end, sizeof(NV_LIST_TERMINATOR), &listEndMarker); + return end + sizeof(NV_LIST_TERMINATOR); +} + + +//*** NvAdd() +// This function adds a new entity to NV. +// +// This function requires that there is enough space to add a new entity (i.e., +// that NvTestSpace() has been called and the available space is at least as +// large as the required space). +// +// The 'totalSize' will be the size of 'entity'. If a handle is added, this +// function will increase the size accordingly. +static TPM_RC +NvAdd( + UINT32 totalSize, // IN: total size needed for this entity For + // evict object, totalSize is the same as + // bufferSize. For NV Index, totalSize is + // bufferSize plus index data size + UINT32 bufferSize, // IN: size of initial buffer + TPM_HANDLE handle, // IN: optional handle + BYTE *entity // IN: initial buffer + ) +{ + NV_REF newAddr; // IN: where the new entity will start + NV_REF nextAddr; +// + RETURN_IF_NV_IS_NOT_AVAILABLE; + + // Get the end of data list + newAddr = NvGetEnd(); + + // Step over the forward pointer + nextAddr = newAddr + sizeof(UINT32); + + // Optionally write the handle. For indexes, the handle is TPM_RH_UNASSIGNED + // so that the handle in the nvIndex is used instead of writing this value + if(handle != TPM_RH_UNASSIGNED) + { + NvWrite((UINT32)nextAddr, sizeof(TPM_HANDLE), &handle); + nextAddr += sizeof(TPM_HANDLE); + } + // Write entity data + NvWrite((UINT32)nextAddr, bufferSize, entity); + + // Advance the pointer by the amount of the total + nextAddr += totalSize; + + // Finish by writing the link value + + // Write the next offset (relative addressing) + totalSize = nextAddr - newAddr; + + // Write link value + NvWrite((UINT32)newAddr, sizeof(UINT32), &totalSize); + + // Write the list terminator + NvWriteNvListEnd(nextAddr); + + return TPM_RC_SUCCESS; +} + +//*** NvDelete() +// This function is used to delete an NV Index or persistent object from NV memory. +static TPM_RC +NvDelete( + NV_REF entityRef // IN: reference to entity to be deleted + ) +{ + UINT32 entrySize; + // adjust entityAddr to back up and point to the forward pointer + NV_REF entryRef = entityRef - sizeof(UINT32); + NV_REF endRef = NvGetEnd(); + NV_REF nextAddr; // address of the next entry +// + RETURN_IF_NV_IS_NOT_AVAILABLE; + + // Get the offset of the next entry. That is, back up and point to the size + // field of the entry + NvRead(&entrySize, entryRef, sizeof(UINT32)); + + // The next entry after the one being deleted is at a relative offset + // from the current entry + nextAddr = entryRef + entrySize; + + // If this is not the last entry, move everything up + if(nextAddr < endRef) + { + pAssert(nextAddr > entryRef); + _plat__NvMemoryMove(nextAddr, + entryRef, + (endRef - nextAddr)); + } + // The end of the used space is now moved up by the amount of space we just + // reclaimed + endRef -= entrySize; + + // Write the end marker, and make the new end equal to the first byte after + // the just added end value. This will automatically update the NV value for + // maxCounter. + // NOTE: This is the call that sets flag to cause NV to be updated + endRef = NvWriteNvListEnd(endRef); + + // Clear the reclaimed memory + _plat__NvMemoryClear(endRef, entrySize); + + return TPM_RC_SUCCESS; +} + +//************************************************ +//** RAM-based NV Index Data Access Functions +//************************************************ +//*** Introduction +// The data layout in ram buffer is {size of(NV_handle + attributes + data +// NV_handle, attributes, data} +// for each NV Index data stored in RAM. +// +// NV storage associated with orderly data is updated when a NV Index is added +// but NOT when the data or attributes are changed. Orderly data is only updated +// to NV on an orderly shutdown (TPM2_Shutdown()) + +//*** NvRamNext() +// This function is used to iterate trough the list of Ram Index values. *iter needs +// to be initialized by calling +static NV_RAM_REF +NvRamNext( + NV_RAM_REF *iter, // IN/OUT: the list iterator + TPM_HANDLE *handle // OUT: the handle of the next item. + ) +{ + NV_RAM_REF currentAddr; + NV_RAM_HEADER header; +// + // If iterator is at the beginning of list + if(*iter == NV_RAM_REF_INIT) + { + // Initialize iterator + *iter = &s_indexOrderlyRam[0]; + } + // if we are going to return what the iter is currently pointing to... + currentAddr = *iter; + + // If iterator reaches the end of NV space, then don't advance and return + // that we are at the end of the list. The end of the list occurs when + // we don't have space for a size and a handle + if(currentAddr + sizeof(NV_RAM_HEADER) > RAM_ORDERLY_END) + return NULL; + // read the header of the next entry + MemoryCopy(&header, currentAddr, sizeof(NV_RAM_HEADER)); + + // if the size field is zero, then we have hit the end of the list + if(header.size == 0) + // leave the *iter pointing at the end of the list + return NULL; + // advance the header by the size of the entry + *iter = currentAddr + header.size; + +// pAssert(*iter <= RAM_ORDERLY_END); + if(handle != NULL) + *handle = header.handle; + return currentAddr; +} + +//*** NvRamGetEnd() +// This routine performs the same function as NvGetEnd() but for the RAM data. +static NV_RAM_REF +NvRamGetEnd( + void + ) +{ + NV_RAM_REF iter = NV_RAM_REF_INIT; + NV_RAM_REF currentAddr; +// + // Scan until the next address is 0 + while((currentAddr = NvRamNext(&iter, NULL)) != 0); + return iter; +} + +//*** NvRamTestSpaceIndex() +// This function indicates if there is enough RAM space to add a data for a +// new NV Index. +// Return Type: BOOL +// TRUE(1) space available +// FALSE(0) no enough space +static BOOL +NvRamTestSpaceIndex( + UINT32 size // IN: size of the data to be added to RAM + ) +{ + UINT32 remaining = (UINT32)(RAM_ORDERLY_END - NvRamGetEnd()); + UINT32 needed = sizeof(NV_RAM_HEADER) + size; +// + // NvRamGetEnd points to the next available byte. + return remaining >= needed; +} + +//*** NvRamGetIndex() +// This function returns the offset of NV data in the RAM buffer +// +// This function requires that NV Index is in RAM. That is, the +// index must be known to exist. +static NV_RAM_REF +NvRamGetIndex( + TPMI_RH_NV_INDEX handle // IN: NV handle + ) +{ + NV_RAM_REF iter = NV_RAM_REF_INIT; + NV_RAM_REF currentAddr; + TPM_HANDLE foundHandle; +// + while((currentAddr = NvRamNext(&iter, &foundHandle)) != 0) + { + if(handle == foundHandle) + break; + } + return currentAddr; +} + +//*** NvUpdateIndexOrderlyData() +// This function is used to cause an update of the orderly data to the NV backing +// store. +void +NvUpdateIndexOrderlyData( + void + ) +{ + // Write reserved RAM space to NV + NvWrite(NV_INDEX_RAM_DATA, sizeof(s_indexOrderlyRam), s_indexOrderlyRam); +} + +//*** NvAddRAM() +// This function adds a new data area to RAM. +// +// This function requires that enough free RAM space is available to add +// the new data. +// +// This function should be called after the NV Index space has been updated +// and the index removed. This insures that NV is available so that checking +// for NV availability is not required during this function. +static void +NvAddRAM( + TPMS_NV_PUBLIC *index // IN: the index descriptor + ) +{ + NV_RAM_HEADER header; + NV_RAM_REF end = NvRamGetEnd(); +// + header.size = sizeof(NV_RAM_HEADER) + index->dataSize; + header.handle = index->nvIndex; + MemoryCopy(&header.attributes, &index->attributes, sizeof(TPMA_NV)); + + pAssert(ORDERLY_RAM_ADDRESS_OK(end, header.size)); + + // Copy the header to the memory + MemoryCopy(end, &header, sizeof(NV_RAM_HEADER)); + + // Clear the data area (just in case) + MemorySet(end + sizeof(NV_RAM_HEADER), 0, index->dataSize); + + // Step over this new entry + end += header.size; + + // If the end marker will fit, add it + if(end + sizeof(UINT32) < RAM_ORDERLY_END) + MemorySet(end, 0, sizeof(UINT32)); + // Write reserved RAM space to NV to reflect the newly added NV Index + SET_NV_UPDATE(UT_ORDERLY); + + return; +} + +//*** NvDeleteRAM() +// This function is used to delete a RAM-backed NV Index data area. +// The space used by the entry are overwritten by the contents of the +// Index data that comes after (the data is moved up to fill the hole left +// by removing this index. The reclaimed space is cleared to zeros. +// This function assumes the data of NV Index exists in RAM. +// +// This function should be called after the NV Index space has been updated +// and the index removed. This insures that NV is available so that checking +// for NV availability is not required during this function. +static void +NvDeleteRAM( + TPMI_RH_NV_INDEX handle // IN: NV handle + ) +{ + NV_RAM_REF nodeAddress; + NV_RAM_REF nextNode; + UINT32 size; + NV_RAM_REF lastUsed = NvRamGetEnd(); +// + nodeAddress = NvRamGetIndex(handle); + + pAssert(nodeAddress != 0); + + // Get node size + MemoryCopy(&size, nodeAddress, sizeof(size)); + + // Get the offset of next node + nextNode = nodeAddress + size; + + // Copy the data + MemoryCopy(nodeAddress, nextNode, (int)(lastUsed - nextNode)); + + // Clear out the reclaimed space + MemorySet(lastUsed - size, 0, size); + + // Write reserved RAM space to NV to reflect the newly delete NV Index + SET_NV_UPDATE(UT_ORDERLY); + + return; +} + +//*** NvReadIndex() +// This function is used to read the NV Index NV_INDEX. This is used so that the +// index information can be compressed and only this function would be needed +// to decompress it. Mostly, compression would only be able to save the space +// needed by the policy. +void +NvReadNvIndexInfo( + NV_REF ref, // IN: points to NV where index is located + NV_INDEX *nvIndex // OUT: place to receive index data + ) +{ + pAssert(nvIndex != NULL); + NvRead(nvIndex, ref, sizeof(NV_INDEX)); + return; +} + +//*** NvReadObject() +// This function is used to read a persistent object. This is used so that the +// object information can be compressed and only this function would be needed +// to uncompress it. +void +NvReadObject( + NV_REF ref, // IN: points to NV where index is located + OBJECT *object // OUT: place to receive the object data + ) +{ + NvRead(object, (ref + sizeof(TPM_HANDLE)), sizeof(OBJECT)); + return; +} + +//*** NvFindEvict() +// This function will return the NV offset of an evict object +// Return Type: UINT32 +// 0 evict object not found +// != 0 offset of evict object +static NV_REF +NvFindEvict( + TPM_HANDLE nvHandle, + OBJECT *object + ) +{ + NV_REF found = NvFindHandle(nvHandle); +// + // If we found the handle and the request included an object pointer, fill it in + if(found != 0 && object != NULL) + NvReadObject(found, object); + return found; +} + +//*** NvIndexIsDefined() +// See if an index is already defined +BOOL +NvIndexIsDefined( + TPM_HANDLE nvHandle // IN: Index to look for + ) +{ + return (NvFindHandle(nvHandle) != 0); +} + +//*** NvConditionallyWrite() +// Function to check if the data to be written has changed +// and write it if it has +// Return Type: TPM_RC +// TPM_RC_NV_RATE NV is unavailable because of rate limit +// TPM_RC_NV_UNAVAILABLE NV is inaccessible +static TPM_RC +NvConditionallyWrite( + NV_REF entryAddr, // IN: stating address + UINT32 size, // IN: size of the data to write + void *data // IN: the data to write + ) +{ + // If the index data is actually changed, then a write to NV is required + if(_plat__NvIsDifferent(entryAddr, size, data)) + { + // Write the data if NV is available + if(g_NvStatus == TPM_RC_SUCCESS) + { + NvWrite(entryAddr, size, data); + } + return g_NvStatus; + } + return TPM_RC_SUCCESS; +} + +//*** NvReadNvIndexAttributes() +// This function returns the attributes of an NV Index. +static TPMA_NV +NvReadNvIndexAttributes( + NV_REF locator // IN: reference to an NV index + ) +{ + TPMA_NV attributes; +// + NvRead(&attributes, + locator + offsetof(NV_INDEX, publicArea.attributes), + sizeof(TPMA_NV)); + return attributes; +} + +//*** NvReadRamIndexAttributes() +// This function returns the attributes from the RAM header structure. This function +// is used to deal with the fact that the header structure is only byte aligned. +static TPMA_NV +NvReadRamIndexAttributes( + NV_RAM_REF ref // IN: pointer to a NV_RAM_HEADER + ) +{ + TPMA_NV attributes; +// + MemoryCopy(&attributes, ref + offsetof(NV_RAM_HEADER, attributes), + sizeof(TPMA_NV)); + return attributes; +} + +//*** NvWriteNvIndexAttributes() +// This function is used to write just the attributes of an index to NV. +// Return type: TPM_RC +// TPM_RC_NV_RATE NV is rate limiting so retry +// TPM_RC_NV_UNAVAILABLE NV is not available +static TPM_RC +NvWriteNvIndexAttributes( + NV_REF locator, // IN: location of the index + TPMA_NV attributes // IN: attributes to write + ) +{ + return NvConditionallyWrite( + locator + offsetof(NV_INDEX, publicArea.attributes), + sizeof(TPMA_NV), + &attributes); +} + +//*** NvWriteRamIndexAttributes() +// This function is used to write the index attributes into an unaligned structure +static void +NvWriteRamIndexAttributes( + NV_RAM_REF ref, // IN: address of the header + TPMA_NV attributes // IN: the attributes to write + ) +{ + MemoryCopy(ref + offsetof(NV_RAM_HEADER, attributes), &attributes, + sizeof(TPMA_NV)); + return; +} + +//************************************************ +//** Externally Accessible Functions +//************************************************ + +//*** NvIsPlatformPersistentHandle() +// This function indicates if a handle references a persistent object in the +// range belonging to the platform. +// Return Type: BOOL +// TRUE(1) handle references a platform persistent object +// and may reference an owner persistent object either +// FALSE(0) handle does not reference platform persistent object +BOOL +NvIsPlatformPersistentHandle( + TPM_HANDLE handle // IN: handle + ) +{ + return (handle >= PLATFORM_PERSISTENT && handle <= PERSISTENT_LAST); +} + +//*** NvIsOwnerPersistentHandle() +// This function indicates if a handle references a persistent object in the +// range belonging to the owner. +// Return Type: BOOL +// TRUE(1) handle is owner persistent handle +// FALSE(0) handle is not owner persistent handle and may not be +// a persistent handle at all +BOOL +NvIsOwnerPersistentHandle( + TPM_HANDLE handle // IN: handle + ) +{ + return (handle >= PERSISTENT_FIRST && handle < PLATFORM_PERSISTENT); +} + +//*** NvIndexIsAccessible() +// +// This function validates that a handle references a defined NV Index and +// that the Index is currently accessible. +// Return Type: TPM_RC +// TPM_RC_HANDLE the handle points to an undefined NV Index +// If shEnable is CLEAR, this would include an index +// created using ownerAuth. If phEnableNV is CLEAR, +// this would include and index created using +// platformAuth +// TPM_RC_NV_READLOCKED Index is present but locked for reading and command +// does not write to the index +// TPM_RC_NV_WRITELOCKED Index is present but locked for writing and command +// writes to the index +TPM_RC +NvIndexIsAccessible( + TPMI_RH_NV_INDEX handle // IN: handle + ) +{ + NV_INDEX *nvIndex = NvGetIndexInfo(handle, NULL); +// + if(nvIndex == NULL) + // If index is not found, return TPM_RC_HANDLE + return TPM_RC_HANDLE; + if(gc.shEnable == FALSE || gc.phEnableNV == FALSE) + { + // if shEnable is CLEAR, an ownerCreate NV Index should not be + // indicated as present + if(!IS_ATTRIBUTE(nvIndex->publicArea.attributes, TPMA_NV, PLATFORMCREATE)) + { + if(gc.shEnable == FALSE) + return TPM_RC_HANDLE; + } + // if phEnableNV is CLEAR, a platform created Index should not + // be visible + else if(gc.phEnableNV == FALSE) + return TPM_RC_HANDLE; + } +#if 0 // Writelock test for debug + // If the Index is write locked and this is an NV Write operation... + if(IS_ATTRIBUTE(nvIndex->publicArea.attributes, TPMA_NV, WRITELOCKED) + && IsWriteOperation(commandIndex)) + { + // then return a locked indication unless the command is TPM2_NV_WriteLock + if(GetCommandCode(commandIndex) != TPM_CC_NV_WriteLock) + return TPM_RC_NV_LOCKED; + return TPM_RC_SUCCESS; + } +#endif +#if 0 // Readlock Test for debug + // If the Index is read locked and this is an NV Read operation... + if(IS_ATTRIBUTE(nvIndex->publicArea.attributes, TPMA_NV, READLOCKED) + && IsReadOperation(commandIndex)) + { + // then return a locked indication unless the command is TPM2_NV_ReadLock + if(GetCommandCode(commandIndex) != TPM_CC_NV_ReadLock) + return TPM_RC_NV_LOCKED; + } +#endif + // NV Index is accessible + return TPM_RC_SUCCESS; +} + +//*** NvGetEvictObject() +// This function is used to dereference an evict object handle and get a pointer +// to the object. +// Return Type: TPM_RC +// TPM_RC_HANDLE the handle does not point to an existing +// persistent object +TPM_RC +NvGetEvictObject( + TPM_HANDLE handle, // IN: handle + OBJECT *object // OUT: object data + ) +{ + NV_REF entityAddr; // offset points to the entity +// + // Find the address of evict object and copy to object + entityAddr = NvFindEvict(handle, object); + + // whether there is an error or not, make sure that the evict + // status of the object is set so that the slot will get freed on exit + // Must do this after NvFindEvict loads the object + object->attributes.evict = SET; + + // If handle is not found, return an error + if(entityAddr == 0) + return TPM_RC_HANDLE; + return TPM_RC_SUCCESS; +} + +//*** NvIndexCacheInit() +// Function to initialize the Index cache +void +NvIndexCacheInit( + void + ) +{ + s_cachedNvRef = NV_REF_INIT; + s_cachedNvRamRef = NV_RAM_REF_INIT; + s_cachedNvIndex.publicArea.nvIndex = TPM_RH_UNASSIGNED; + return; +} + + +//*** NvGetIndexData() +// This function is used to access the data in an NV Index. The data is returned +// as a byte sequence. +// +// This function requires that the NV Index be defined, and that the +// required data is within the data range. It also requires that TPMA_NV_WRITTEN +// of the Index is SET. +void +NvGetIndexData( + NV_INDEX *nvIndex, // IN: the in RAM index descriptor + NV_REF locator, // IN: where the data is located + UINT32 offset, // IN: offset of NV data + UINT16 size, // IN: number of octets of NV data to read + void *data // OUT: data buffer + ) +{ + TPMA_NV nvAttributes; +// + pAssert(nvIndex != NULL); + + nvAttributes = nvIndex->publicArea.attributes; + + pAssert(IS_ATTRIBUTE(nvAttributes, TPMA_NV, WRITTEN)); + + if(IS_ATTRIBUTE(nvAttributes, TPMA_NV, ORDERLY)) + { + // Get data from RAM buffer + NV_RAM_REF ramAddr = NvRamGetIndex(nvIndex->publicArea.nvIndex); + pAssert(ramAddr != 0 && (size <= + ((NV_RAM_HEADER *)ramAddr)->size - sizeof(NV_RAM_HEADER) - offset)); + MemoryCopy(data, ramAddr + sizeof(NV_RAM_HEADER) + offset, size); + } + else + { + // Validate that read falls within range of the index + pAssert(offset <= nvIndex->publicArea.dataSize + && size <= (nvIndex->publicArea.dataSize - offset)); + NvRead(data, locator + sizeof(NV_INDEX) + offset, size); + } + return; +} + +//*** NvHashIndexData() +// This function adds Index data to a hash. It does this in parts to avoid large stack +// buffers. +void +NvHashIndexData( + HASH_STATE *hashState, // IN: Initialized hash state + NV_INDEX *nvIndex, // IN: Index + NV_REF locator, // IN: where the data is located + UINT32 offset, // IN: starting offset + UINT16 size // IN: amount to hash +) +{ +#define BUFFER_SIZE 64 + BYTE buffer[BUFFER_SIZE]; + if (offset > nvIndex->publicArea.dataSize) + return; + // Make sure that we don't try to read off the end. + if ((offset + size) > nvIndex->publicArea.dataSize) + size = nvIndex->publicArea.dataSize - (UINT16)offset; +#if BUFFER_SIZE >= MAX_NV_INDEX_SIZE + NvGetIndexData(nvIndex, locator, offset, size, buffer); + CryptDigestUpdate(hashState, size, buffer); +#else + { + INT16 i; + UINT16 readSize; + // + for (i = size; i > 0; offset += readSize, i -= readSize) + { + readSize = (i < BUFFER_SIZE) ? i : BUFFER_SIZE; + NvGetIndexData(nvIndex, locator, offset, readSize, buffer); + CryptDigestUpdate(hashState, readSize, buffer); + } + } +#endif // BUFFER_SIZE >= MAX_NV_INDEX_SIZE +#undef BUFFER_SIZE +} + + +//*** NvGetUINT64Data() +// Get data in integer format of a bit or counter NV Index. +// +// This function requires that the NV Index is defined and that the NV Index +// previously has been written. +UINT64 +NvGetUINT64Data( + NV_INDEX *nvIndex, // IN: the in RAM index descriptor + NV_REF locator // IN: where index exists in NV + ) +{ + UINT64 intVal; +// + // Read the value and convert it to internal format + NvGetIndexData(nvIndex, locator, 0, 8, &intVal); + return BYTE_ARRAY_TO_UINT64(((BYTE *)&intVal)); +} + +//*** NvWriteIndexAttributes() +// This function is used to write just the attributes of an index. +// Return type: TPM_RC +// TPM_RC_NV_RATE NV is rate limiting so retry +// TPM_RC_NV_UNAVAILABLE NV is not available +TPM_RC +NvWriteIndexAttributes( + TPM_HANDLE handle, + NV_REF locator, // IN: location of the index + TPMA_NV attributes // IN: attributes to write + ) +{ + TPM_RC result; +// + if(IS_ATTRIBUTE(attributes, TPMA_NV, ORDERLY)) + { + NV_RAM_REF ram = NvRamGetIndex(handle); + NvWriteRamIndexAttributes(ram, attributes); + result = TPM_RC_SUCCESS; + } + else + { + result = NvWriteNvIndexAttributes(locator, attributes); + } + return result; +} + +//*** NvWriteIndexAuth() +// This function is used to write the authValue of an index. It is used by +// TPM2_NV_ChangeAuth() +// Return type: TPM_RC +// TPM_RC_NV_RATE NV is rate limiting so retry +// TPM_RC_NV_UNAVAILABLE NV is not available +TPM_RC +NvWriteIndexAuth( + NV_REF locator, // IN: location of the index + TPM2B_AUTH *authValue // IN: the authValue to write + ) +{ + TPM_RC result; +// + // If the locator is pointing to the cached index value... + if(locator == s_cachedNvRef) + { + // copy the authValue to the cached index so it will be there if we + // look for it. This is a safety thing. + MemoryCopy2B(&s_cachedNvIndex.authValue.b, &authValue->b, + sizeof(s_cachedNvIndex.authValue.t.buffer)); + } + result = NvConditionallyWrite( + locator + offsetof(NV_INDEX, authValue), + sizeof(UINT16) + authValue->t.size, + authValue); + return result; +} + +//*** NvGetIndexInfo() +// This function loads the nvIndex Info into the NV cache and returns a pointer +// to the NV_INDEX. If the returned value is zero, the index was not found. +// The 'locator' parameter, if not NULL, will be set to the offset in NV of the +// Index (the location of the handle of the Index). +// +// This function will set the index cache. If the index is orderly, the attributes +// from RAM are substituted for the attributes in the cached index +NV_INDEX * +NvGetIndexInfo( + TPM_HANDLE nvHandle, // IN: the index handle + NV_REF *locator // OUT: location of the index + ) +{ + if(s_cachedNvIndex.publicArea.nvIndex != nvHandle) + { + s_cachedNvIndex.publicArea.nvIndex = TPM_RH_UNASSIGNED; + s_cachedNvRamRef = 0; + s_cachedNvRef = NvFindHandle(nvHandle); + if(s_cachedNvRef == 0) + return NULL; + NvReadNvIndexInfo(s_cachedNvRef, &s_cachedNvIndex); + if(IS_ATTRIBUTE(s_cachedNvIndex.publicArea.attributes, TPMA_NV, ORDERLY)) + { + s_cachedNvRamRef = NvRamGetIndex(nvHandle); + s_cachedNvIndex.publicArea.attributes = + NvReadRamIndexAttributes(s_cachedNvRamRef); + } + } + if(locator != NULL) + *locator = s_cachedNvRef; + return &s_cachedNvIndex; +} + +//*** NvWriteIndexData() +// This function is used to write NV index data. It is intended to be used to +// update the data associated with the default index. +// +// This function requires that the NV Index is defined, and the data is +// within the defined data range for the index. +// +// Index data is only written due to a command that modifies the data in a single +// index. There is no case where changes are made to multiple indexes data at the +// same time. Multiple attributes may be change but not multiple index data. This +// is important because we will normally be handling the index for which we have +// the cached pointer values. +// Return type: TPM_RC +// TPM_RC_NV_RATE NV is rate limiting so retry +// TPM_RC_NV_UNAVAILABLE NV is not available +TPM_RC +NvWriteIndexData( + NV_INDEX *nvIndex, // IN: the description of the index + UINT32 offset, // IN: offset of NV data + UINT32 size, // IN: size of NV data + void *data // IN: data buffer + ) +{ + TPM_RC result = TPM_RC_SUCCESS; +// + pAssert(nvIndex != NULL); + // Make sure that this is dealing with the 'default' index. + // Note: it is tempting to change the calling sequence so that the 'default' is + // presumed. + pAssert(nvIndex->publicArea.nvIndex == s_cachedNvIndex.publicArea.nvIndex); + + // Validate that write falls within range of the index + pAssert(offset <= nvIndex->publicArea.dataSize + && size <= (nvIndex->publicArea.dataSize - offset)); + + // Update TPMA_NV_WRITTEN bit if necessary + if(!IS_ATTRIBUTE(nvIndex->publicArea.attributes, TPMA_NV, WRITTEN)) + { + // Update the in memory version of the attributes + SET_ATTRIBUTE(nvIndex->publicArea.attributes, TPMA_NV, WRITTEN); + + // If this is not orderly, then update the NV version of + // the attributes + if(!IS_ATTRIBUTE(nvIndex->publicArea.attributes, TPMA_NV, ORDERLY)) + { + result = NvWriteNvIndexAttributes(s_cachedNvRef, + nvIndex->publicArea.attributes); + if(result != TPM_RC_SUCCESS) + return result; + // If this is a partial write of an ordinary index, clear the whole + // index. + if(IsNvOrdinaryIndex(nvIndex->publicArea.attributes) + && (nvIndex->publicArea.dataSize > size)) + _plat__NvMemoryClear(s_cachedNvRef + sizeof(NV_INDEX), + nvIndex->publicArea.dataSize); + } + else + { + // This is orderly so update the RAM version + MemoryCopy(s_cachedNvRamRef + offsetof(NV_RAM_HEADER, attributes), + &nvIndex->publicArea.attributes, sizeof(TPMA_NV)); + // If setting WRITTEN for an orderly counter, make sure that the + // state saved version of the counter is saved + if(IsNvCounterIndex(nvIndex->publicArea.attributes)) + SET_NV_UPDATE(UT_ORDERLY); + // If setting the written attribute on an ordinary index, make sure that + // the data is all cleared out in case there is a partial write. This + // is only necessary for ordinary indexes because all of the other types + // are always written in total. + else if(IsNvOrdinaryIndex(nvIndex->publicArea.attributes)) + MemorySet(s_cachedNvRamRef + sizeof(NV_RAM_HEADER), + 0, nvIndex->publicArea.dataSize); + } + } + // If this is orderly data, write it to RAM + if(IS_ATTRIBUTE(nvIndex->publicArea.attributes, TPMA_NV, ORDERLY)) + { + // Note: if this is the first write to a counter, the code above will queue + // the write to NV of the RAM data in order to update TPMA_NV_WRITTEN. In + // process of doing that write, it will also write the initial counter value + + // Update RAM + MemoryCopy(s_cachedNvRamRef + sizeof(NV_RAM_HEADER) + offset, data, size); + + // And indicate that the TPM is no longer orderly + g_clearOrderly = TRUE; + } + else + { + // Offset into the index to the first byte of the data to be written to NV + result = NvConditionallyWrite(s_cachedNvRef + sizeof(NV_INDEX) + offset, + size, data); + } + return result; +} + +//*** NvWriteUINT64Data() +// This function to write back a UINT64 value. The various UINT64 values (bits, +// counters, and PINs) are kept in canonical format but manipulate in native +// format. This takes a native format value converts it and saves it back as +// in canonical format. +// +// This function will return the value from NV or RAM depending on the type of the +// index (orderly or not) +// +TPM_RC +NvWriteUINT64Data( + NV_INDEX *nvIndex, // IN: the description of the index + UINT64 intValue // IN: the value to write + ) +{ + BYTE bytes[8]; + UINT64_TO_BYTE_ARRAY(intValue, bytes); +// + return NvWriteIndexData(nvIndex, 0, 8, &bytes); +} + +//*** NvGetIndexName() +// This function computes the Name of an index +// The 'name' buffer receives the bytes of the Name and the return value +// is the number of octets in the Name. +// +// This function requires that the NV Index is defined. +TPM2B_NAME * +NvGetIndexName( + NV_INDEX *nvIndex, // IN: the index over which the name is to be + // computed + TPM2B_NAME *name // OUT: name of the index + ) +{ + UINT16 dataSize, digestSize; + BYTE marshalBuffer[sizeof(TPMS_NV_PUBLIC)]; + BYTE *buffer; + HASH_STATE hashState; +// + // Marshal public area + buffer = marshalBuffer; + dataSize = TPMS_NV_PUBLIC_Marshal(&nvIndex->publicArea, &buffer, NULL); + + // hash public area + digestSize = CryptHashStart(&hashState, nvIndex->publicArea.nameAlg); + CryptDigestUpdate(&hashState, dataSize, marshalBuffer); + + // Complete digest leaving room for the nameAlg + CryptHashEnd(&hashState, digestSize, &name->b.buffer[2]); + + // Include the nameAlg + UINT16_TO_BYTE_ARRAY(nvIndex->publicArea.nameAlg, name->b.buffer); + name->t.size = digestSize + 2; + return name; +} + +//*** NvGetNameByIndexHandle() +// This function is used to compute the Name of an NV Index referenced by handle. +// +// The 'name' buffer receives the bytes of the Name and the return value +// is the number of octets in the Name. +// +// This function requires that the NV Index is defined. +TPM2B_NAME * +NvGetNameByIndexHandle( + TPMI_RH_NV_INDEX handle, // IN: handle of the index + TPM2B_NAME *name // OUT: name of the index + ) +{ + NV_INDEX *nvIndex = NvGetIndexInfo(handle, NULL); +// + return NvGetIndexName(nvIndex, name); +} + +//*** NvDefineIndex() +// This function is used to assign NV memory to an NV Index. +// +// Return Type: TPM_RC +// TPM_RC_NV_SPACE insufficient NV space +TPM_RC +NvDefineIndex( + TPMS_NV_PUBLIC *publicArea, // IN: A template for an area to create. + TPM2B_AUTH *authValue // IN: The initial authorization value + ) +{ + // The buffer to be written to NV memory + NV_INDEX nvIndex; // the index data + UINT16 entrySize; // size of entry + TPM_RC result; +// + entrySize = sizeof(NV_INDEX); + + // only allocate data space for indexes that are going to be written to NV. + // Orderly indexes don't need space. + if(!IS_ATTRIBUTE(publicArea->attributes, TPMA_NV, ORDERLY)) + entrySize += publicArea->dataSize; + // Check if we have enough space to create the NV Index + // In this implementation, the only resource limitation is the available NV + // space (and possibly RAM space.) Other implementation may have other + // limitation on counter or on NV slots + if(!NvTestSpace(entrySize, TRUE, IsNvCounterIndex(publicArea->attributes))) + return TPM_RC_NV_SPACE; + + // if the index to be defined is RAM backed, check RAM space availability + // as well + if(IS_ATTRIBUTE(publicArea->attributes, TPMA_NV, ORDERLY) + && !NvRamTestSpaceIndex(publicArea->dataSize)) + return TPM_RC_NV_SPACE; + // Copy input value to nvBuffer + nvIndex.publicArea = *publicArea; + + // Copy the authValue + nvIndex.authValue = *authValue; + + // Add index to NV memory + result = NvAdd(entrySize, sizeof(NV_INDEX), TPM_RH_UNASSIGNED, + (BYTE *)&nvIndex); + if(result == TPM_RC_SUCCESS) + { + // If the data of NV Index is RAM backed, add the data area in RAM as well + if(IS_ATTRIBUTE(publicArea->attributes, TPMA_NV, ORDERLY)) + NvAddRAM(publicArea); + } + return result; +} + +//*** NvAddEvictObject() +// This function is used to assign NV memory to a persistent object. +// Return Type: TPM_RC +// TPM_RC_NV_HANDLE the requested handle is already in use +// TPM_RC_NV_SPACE insufficient NV space +TPM_RC +NvAddEvictObject( + TPMI_DH_OBJECT evictHandle, // IN: new evict handle + OBJECT *object // IN: object to be added + ) +{ + TPM_HANDLE temp = object->evictHandle; + TPM_RC result; +// + // Check if we have enough space to add the evict object + // An evict object needs 8 bytes in index table + sizeof OBJECT + // In this implementation, the only resource limitation is the available NV + // space. Other implementation may have other limitation on evict object + // handle space + if(!NvTestSpace(sizeof(OBJECT) + sizeof(TPM_HANDLE), FALSE, FALSE)) + return TPM_RC_NV_SPACE; + + // Set evict attribute and handle + object->attributes.evict = SET; + object->evictHandle = evictHandle; + + // Now put this in NV + result = NvAdd(sizeof(OBJECT), sizeof(OBJECT), evictHandle, (BYTE *)object); + + // Put things back the way they were + object->attributes.evict = CLEAR; + object->evictHandle = temp; + + return result; +} + +//*** NvDeleteIndex() +// This function is used to delete an NV Index. +// Return Type: TPM_RC +// TPM_RC_NV_UNAVAILABLE NV is not accessible +// TPM_RC_NV_RATE NV is rate limiting +TPM_RC +NvDeleteIndex( + NV_INDEX *nvIndex, // IN: an in RAM index descriptor + NV_REF entityAddr // IN: location in NV + ) +{ + TPM_RC result; +// + if(nvIndex != NULL) + { + // Whenever a counter is deleted, make sure that the MaxCounter value is + // updated to reflect the value + if(IsNvCounterIndex(nvIndex->publicArea.attributes) + && IS_ATTRIBUTE(nvIndex->publicArea.attributes, TPMA_NV, WRITTEN)) + NvUpdateMaxCount(NvGetUINT64Data(nvIndex, entityAddr)); + result = NvDelete(entityAddr); + if(result != TPM_RC_SUCCESS) + return result; + // If the NV Index is RAM backed, delete the RAM data as well + if(IS_ATTRIBUTE(nvIndex->publicArea.attributes, TPMA_NV, ORDERLY)) + NvDeleteRAM(nvIndex->publicArea.nvIndex); + NvIndexCacheInit(); + } + return TPM_RC_SUCCESS; +} + +//*** NvDeleteEvict() +// This function will delete a NV evict object. +// Will return success if object deleted or if it does not exist + +TPM_RC +NvDeleteEvict( + TPM_HANDLE handle // IN: handle of entity to be deleted + ) +{ + NV_REF entityAddr = NvFindEvict(handle, NULL); // pointer to entity + TPM_RC result = TPM_RC_SUCCESS; +// + if(entityAddr != 0) + result = NvDelete(entityAddr); + return result; +} + +//*** NvFlushHierarchy() +// This function will delete persistent objects belonging to the indicated hierarchy. +// If the storage hierarchy is selected, the function will also delete any +// NV Index defined using ownerAuth. +// Return Type: TPM_RC +// TPM_RC_NV_RATE NV is unavailable because of rate limit +// TPM_RC_NV_UNAVAILABLE NV is inaccessible +TPM_RC +NvFlushHierarchy( + TPMI_RH_HIERARCHY hierarchy // IN: hierarchy to be flushed. + ) +{ + NV_REF iter = NV_REF_INIT; + NV_REF currentAddr; + TPM_HANDLE entityHandle; + TPM_RC result = TPM_RC_SUCCESS; +// + while((currentAddr = NvNext(&iter, &entityHandle)) != 0) + { + if(HandleGetType(entityHandle) == TPM_HT_NV_INDEX) + { + NV_INDEX nvIndex; +// + // If flush endorsement or platform hierarchy, no NV Index would be + // flushed + if(hierarchy == TPM_RH_ENDORSEMENT || hierarchy == TPM_RH_PLATFORM) + continue; + // Get the index information + NvReadNvIndexInfo(currentAddr, &nvIndex); + + // For storage hierarchy, flush OwnerCreated index + if(!IS_ATTRIBUTE(nvIndex.publicArea.attributes, TPMA_NV, + PLATFORMCREATE)) + { + // Delete the index (including RAM for orderly) + result = NvDeleteIndex(&nvIndex, currentAddr); + if(result != TPM_RC_SUCCESS) + break; + // Re-iterate from beginning after a delete + iter = NV_REF_INIT; + } + } + else if(HandleGetType(entityHandle) == TPM_HT_PERSISTENT) + { + OBJECT_ATTRIBUTES attributes; +// + NvRead(&attributes, + (UINT32)(currentAddr + + sizeof(TPM_HANDLE) + + offsetof(OBJECT, attributes)), + sizeof(OBJECT_ATTRIBUTES)); + // If the evict object belongs to the hierarchy to be flushed... + if((hierarchy == TPM_RH_PLATFORM && attributes.ppsHierarchy == SET) + || (hierarchy == TPM_RH_OWNER && attributes.spsHierarchy == SET) + || (hierarchy == TPM_RH_ENDORSEMENT + && attributes.epsHierarchy == SET)) + { + // ...then delete the evict object + result = NvDelete(currentAddr); + if(result != TPM_RC_SUCCESS) + break; + // Re-iterate from beginning after a delete + iter = NV_REF_INIT; + } + } + else + { + FAIL(FATAL_ERROR_INTERNAL); + } + } + return result; +} + +//*** NvSetGlobalLock() +// This function is used to SET the TPMA_NV_WRITELOCKED attribute for all +// NV indexes that have TPMA_NV_GLOBALLOCK SET. This function is use by +// TPM2_NV_GlobalWriteLock(). +// Return Type: TPM_RC +// TPM_RC_NV_RATE NV is unavailable because of rate limit +// TPM_RC_NV_UNAVAILABLE NV is inaccessible +TPM_RC +NvSetGlobalLock( + void + ) +{ + NV_REF iter = NV_REF_INIT; + NV_RAM_REF ramIter = NV_RAM_REF_INIT; + NV_REF currentAddr; + NV_RAM_REF currentRamAddr; + TPM_RC result = TPM_RC_SUCCESS; +// + // Check all normal indexes + while((currentAddr = NvNextIndex(NULL, &iter)) != 0) + { + TPMA_NV attributes = NvReadNvIndexAttributes(currentAddr); +// + // See if it should be locked + if(!IS_ATTRIBUTE(attributes, TPMA_NV, ORDERLY) + && IS_ATTRIBUTE(attributes, TPMA_NV, GLOBALLOCK)) + { + SET_ATTRIBUTE(attributes, TPMA_NV, WRITELOCKED); + result = NvWriteNvIndexAttributes(currentAddr, attributes); + if(result != TPM_RC_SUCCESS) + return result; + } + } + // Now search all the orderly attributes + while((currentRamAddr = NvRamNext(&ramIter, NULL)) != 0) + { + // See if it should be locked + TPMA_NV attributes = NvReadRamIndexAttributes(currentRamAddr); + if(IS_ATTRIBUTE(attributes, TPMA_NV, GLOBALLOCK)) + { + SET_ATTRIBUTE(attributes, TPMA_NV, WRITELOCKED); + NvWriteRamIndexAttributes(currentRamAddr, attributes); + } + } + return result; +} + +//***InsertSort() +// Sort a handle into handle list in ascending order. The total handle number in +// the list should not exceed MAX_CAP_HANDLES +static void +InsertSort( + TPML_HANDLE *handleList, // IN/OUT: sorted handle list + UINT32 count, // IN: maximum count in the handle list + TPM_HANDLE entityHandle // IN: handle to be inserted + ) +{ + UINT32 i, j; + UINT32 originalCount; +// + // For a corner case that the maximum count is 0, do nothing + if(count == 0) + return; + // For empty list, add the handle at the beginning and return + if(handleList->count == 0) + { + handleList->handle[0] = entityHandle; + handleList->count++; + return; + } + // Check if the maximum of the list has been reached + originalCount = handleList->count; + if(originalCount < count) + handleList->count++; + // Insert the handle to the list + for(i = 0; i < originalCount; i++) + { + if(handleList->handle[i] > entityHandle) + { + for(j = handleList->count - 1; j > i; j--) + { + handleList->handle[j] = handleList->handle[j - 1]; + } + break; + } + } + // If a slot was found, insert the handle in this position + if(i < originalCount || handleList->count > originalCount) + handleList->handle[i] = entityHandle; + return; +} + +//*** NvCapGetPersistent() +// This function is used to get a list of handles of the persistent objects, +// starting at 'handle'. +// +// 'Handle' must be in valid persistent object handle range, but does not +// have to reference an existing persistent object. +// Return Type: TPMI_YES_NO +// YES if there are more handles available +// NO all the available handles has been returned +TPMI_YES_NO +NvCapGetPersistent( + TPMI_DH_OBJECT handle, // IN: start handle + UINT32 count, // IN: maximum number of returned handles + TPML_HANDLE *handleList // OUT: list of handle + ) +{ + TPMI_YES_NO more = NO; + NV_REF iter = NV_REF_INIT; + NV_REF currentAddr; + TPM_HANDLE entityHandle; +// + pAssert(HandleGetType(handle) == TPM_HT_PERSISTENT); + + // Initialize output handle list + handleList->count = 0; + + // The maximum count of handles we may return is MAX_CAP_HANDLES + if(count > MAX_CAP_HANDLES) count = MAX_CAP_HANDLES; + + while((currentAddr = NvNextEvict(&entityHandle, &iter)) != 0) + { + // Ignore persistent handles that have values less than the input handle + if(entityHandle < handle) + continue; + // if the handles in the list have reached the requested count, and there + // are still handles need to be inserted, indicate that there are more. + if(handleList->count == count) + more = YES; + // A handle with a value larger than start handle is a candidate + // for return. Insert sort it to the return list. Insert sort algorithm + // is chosen here for simplicity based on the assumption that the total + // number of NV indexes is small. For an implementation that may allow + // large number of NV indexes, a more efficient sorting algorithm may be + // used here. + InsertSort(handleList, count, entityHandle); + } + return more; +} + +//*** NvCapGetIndex() +// This function returns a list of handles of NV indexes, starting from 'handle'. +// 'Handle' must be in the range of NV indexes, but does not have to reference +// an existing NV Index. +// Return Type: TPMI_YES_NO +// YES if there are more handles to report +// NO all the available handles has been reported +TPMI_YES_NO +NvCapGetIndex( + TPMI_DH_OBJECT handle, // IN: start handle + UINT32 count, // IN: max number of returned handles + TPML_HANDLE *handleList // OUT: list of handle + ) +{ + TPMI_YES_NO more = NO; + NV_REF iter = NV_REF_INIT; + NV_REF currentAddr; + TPM_HANDLE nvHandle; +// + pAssert(HandleGetType(handle) == TPM_HT_NV_INDEX); + + // Initialize output handle list + handleList->count = 0; + + // The maximum count of handles we may return is MAX_CAP_HANDLES + if(count > MAX_CAP_HANDLES) count = MAX_CAP_HANDLES; + + while((currentAddr = NvNextIndex(&nvHandle, &iter)) != 0) + { + // Ignore index handles that have values less than the 'handle' + if(nvHandle < handle) + continue; + // if the count of handles in the list has reached the requested count, + // and there are still handles to report, set more. + if(handleList->count == count) + more = YES; + // A handle with a value larger than start handle is a candidate + // for return. Insert sort it to the return list. Insert sort algorithm + // is chosen here for simplicity based on the assumption that the total + // number of NV indexes is small. For an implementation that may allow + // large number of NV indexes, a more efficient sorting algorithm may be + // used here. + InsertSort(handleList, count, nvHandle); + } + return more; +} + +//*** NvCapGetIndexNumber() +// This function returns the count of NV Indexes currently defined. +UINT32 +NvCapGetIndexNumber( + void + ) +{ + UINT32 num = 0; + NV_REF iter = NV_REF_INIT; +// + while(NvNextIndex(NULL, &iter) != 0) + num++; + return num; +} + +//*** NvCapGetPersistentNumber() +// Function returns the count of persistent objects currently in NV memory. +UINT32 +NvCapGetPersistentNumber( + void + ) +{ + UINT32 num = 0; + NV_REF iter = NV_REF_INIT; + TPM_HANDLE handle; +// + while(NvNextEvict(&handle, &iter) != 0) + num++; + return num; +} + +//*** NvCapGetPersistentAvail() +// This function returns an estimate of the number of additional persistent +// objects that could be loaded into NV memory. +UINT32 +NvCapGetPersistentAvail( + void + ) +{ + UINT32 availNVSpace; + UINT32 counterNum = NvCapGetCounterNumber(); + UINT32 reserved = sizeof(NV_LIST_TERMINATOR); +// + // Get the available space in NV storage + availNVSpace = NvGetFreeBytes(); + + if(counterNum < MIN_COUNTER_INDICES) + { + // Some space has to be reserved for counter objects. + reserved += (MIN_COUNTER_INDICES - counterNum) * NV_INDEX_COUNTER_SIZE; + if(reserved > availNVSpace) + availNVSpace = 0; + else + availNVSpace -= reserved; + } + return availNVSpace / NV_EVICT_OBJECT_SIZE; +} + +//*** NvCapGetCounterNumber() +// Get the number of defined NV Indexes that are counter indexes. +UINT32 +NvCapGetCounterNumber( + void + ) +{ + NV_REF iter = NV_REF_INIT; + NV_REF currentAddr; + UINT32 num = 0; +// + while((currentAddr = NvNextIndex(NULL, &iter)) != 0) + { + TPMA_NV attributes = NvReadNvIndexAttributes(currentAddr); + if(IsNvCounterIndex(attributes)) + num++; + } + return num; +} + +//*** NvSetStartupAttributes() +// Local function to set the attributes of an Index at TPM Reset and TPM Restart. +static TPMA_NV +NvSetStartupAttributes( + TPMA_NV attributes, // IN: attributes to change + STARTUP_TYPE type // IN: start up type + ) +{ + // Clear read lock + CLEAR_ATTRIBUTE(attributes, TPMA_NV, READLOCKED); + + // Will change a non counter index to the unwritten state if: + // a) TPMA_NV_CLEAR_STCLEAR is SET + // b) orderly and TPM Reset + if(!IsNvCounterIndex(attributes)) + { + if(IS_ATTRIBUTE(attributes, TPMA_NV, CLEAR_STCLEAR) + || (IS_ATTRIBUTE(attributes, TPMA_NV, ORDERLY) + && (type == SU_RESET))) + CLEAR_ATTRIBUTE(attributes, TPMA_NV, WRITTEN); + } + // Unlock any index that is not written or that does not have + // TPMA_NV_WRITEDEFINE SET. + if(!IS_ATTRIBUTE(attributes, TPMA_NV, WRITTEN) + || !IS_ATTRIBUTE(attributes, TPMA_NV, WRITEDEFINE)) + CLEAR_ATTRIBUTE(attributes, TPMA_NV, WRITELOCKED); + return attributes; +} + +//*** NvEntityStartup() +// This function is called at TPM_Startup(). If the startup completes +// a TPM Resume cycle, no action is taken. If the startup is a TPM Reset +// or a TPM Restart, then this function will: +// 1. clear read/write lock; +// 2. reset NV Index data that has TPMA_NV_CLEAR_STCLEAR SET; and +// 3. set the lower bits in orderly counters to 1 for a non-orderly startup +// +// It is a prerequisite that NV be available for writing before this +// function is called. +BOOL +NvEntityStartup( + STARTUP_TYPE type // IN: start up type + ) +{ + NV_REF iter = NV_REF_INIT; + NV_RAM_REF ramIter = NV_RAM_REF_INIT; + NV_REF currentAddr; // offset points to the current entity + NV_RAM_REF currentRamAddr; + TPM_HANDLE nvHandle; + TPMA_NV attributes; +// + // Restore RAM index data + NvRead(s_indexOrderlyRam, NV_INDEX_RAM_DATA, sizeof(s_indexOrderlyRam)); + + // Initialize the max NV counter value + NvSetMaxCount(NvGetMaxCount()); + + // If recovering from state save, do nothing else + if(type == SU_RESUME) + return TRUE; + // Iterate all the NV Index to clear the locks + while((currentAddr = NvNextIndex(&nvHandle, &iter)) != 0) + { + attributes = NvReadNvIndexAttributes(currentAddr); + + // If this is an orderly index, defer processing until loop below + if(IS_ATTRIBUTE(attributes, TPMA_NV, ORDERLY)) + continue; + // Set the attributes appropriate for this startup type + attributes = NvSetStartupAttributes(attributes, type); + NvWriteNvIndexAttributes(currentAddr, attributes); + } + // Iterate all the orderly indexes to clear the locks and initialize counters + while((currentRamAddr = NvRamNext(&ramIter, NULL)) != 0) + { + attributes = NvReadRamIndexAttributes(currentRamAddr); + + attributes = NvSetStartupAttributes(attributes, type); + + // update attributes in RAM + NvWriteRamIndexAttributes(currentRamAddr, attributes); + + // Set the lower bits in an orderly counter to 1 for a non-orderly startup + if(IsNvCounterIndex(attributes) + && (g_prevOrderlyState == SU_NONE_VALUE)) + { + UINT64 counter; +// + // Read the counter value last saved to NV. + counter = BYTE_ARRAY_TO_UINT64(currentRamAddr + sizeof(NV_RAM_HEADER)); + + // Set the lower bits of counter to 1's + counter |= MAX_ORDERLY_COUNT; + + // Write back to RAM + // NOTE: Do not want to force a write to NV here. The counter value will + // stay in RAM until the next shutdown or rollover. + UINT64_TO_BYTE_ARRAY(counter, currentRamAddr + sizeof(NV_RAM_HEADER)); + } + } + return TRUE; +} + +//*** NvCapGetCounterAvail() +// This function returns an estimate of the number of additional counter type +// NV indexes that can be defined. +UINT32 +NvCapGetCounterAvail( + void + ) +{ + UINT32 availNVSpace; + UINT32 availRAMSpace; + UINT32 persistentNum = NvCapGetPersistentNumber(); + UINT32 reserved = sizeof(NV_LIST_TERMINATOR); +// + // Get the available space in NV storage + availNVSpace = NvGetFreeBytes(); + + if(persistentNum < MIN_EVICT_OBJECTS) + { + // Some space has to be reserved for evict object. Adjust availNVSpace. + reserved += (MIN_EVICT_OBJECTS - persistentNum) * NV_EVICT_OBJECT_SIZE; + if(reserved > availNVSpace) + availNVSpace = 0; + else + availNVSpace -= reserved; + } + // Compute the available space in RAM + availRAMSpace = (int)(RAM_ORDERLY_END - NvRamGetEnd()); + + // Return the min of counter number in NV and in RAM + if(availNVSpace / NV_INDEX_COUNTER_SIZE + > availRAMSpace / NV_RAM_INDEX_COUNTER_SIZE) + return availRAMSpace / NV_RAM_INDEX_COUNTER_SIZE; + else + return availNVSpace / NV_INDEX_COUNTER_SIZE; +} + +//*** NvFindHandle() +// this function returns the offset in NV memory of the entity associated +// with the input handle. A value of zero indicates that handle does not +// exist reference an existing persistent object or defined NV Index. +NV_REF +NvFindHandle( + TPM_HANDLE handle + ) +{ + NV_REF addr; + NV_REF iter = NV_REF_INIT; + TPM_HANDLE nextHandle; +// + while((addr = NvNext(&iter, &nextHandle)) != 0) + { + if(nextHandle == handle) + break; + } + return addr; +} + +//** NV Max Counter +//*** Introduction +// The TPM keeps track of the highest value of a deleted counter index. When an +// index is deleted, this value is updated if the deleted counter index is greater +// than the previous value. When a new index is created and first incremented, it +// will get a value that is at least one greater than any other index than any +// previously deleted index. This insures that it is not possible to roll back an +// index. +// +// The highest counter value is keep in NV in a special end-of-list marker. This +// marker is only updated when an index is deleted. Otherwise it just moves. +// +// When the TPM starts up, it searches NV for the end of list marker and initializes +// an in memory value (s_maxCounter). + +//*** NvReadMaxCount() +// This function returns the max NV counter value. +// +UINT64 +NvReadMaxCount( + void + ) +{ + return s_maxCounter; +} + +//*** NvUpdateMaxCount() +// This function updates the max counter value to NV memory. This is just staging +// for the actual write that will occur when the NV index memory is modified. +// +void +NvUpdateMaxCount( + UINT64 count + ) +{ + if(count > s_maxCounter) + s_maxCounter = count; +} + +//*** NvSetMaxCount() +// This function is used at NV initialization time to set the initial value of +// the maximum counter. +void +NvSetMaxCount( + UINT64 value + ) +{ + s_maxCounter = value; +} + +//*** NvGetMaxCount() +// Function to get the NV max counter value from the end-of-list marker +UINT64 +NvGetMaxCount( + void + ) +{ + NV_REF iter = NV_REF_INIT; + NV_REF currentAddr; + UINT64 maxCount; +// + // Find the end of list marker and initialize the NV Max Counter value. + while((currentAddr = NvNext(&iter, NULL )) != 0); + // 'iter' should be pointing at the end of list marker so read in the current + // value of the s_maxCounter. + NvRead(&maxCount, iter + sizeof(UINT32), sizeof(maxCount)); + + return maxCount; +} diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/NvReserved.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/NvReserved.c new file mode 100644 index 000000000..41a789512 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/NvReserved.c @@ -0,0 +1,263 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +//** Introduction + +// The NV memory is divided into two areas: dynamic space for user defined NV +// Indices and evict objects, and reserved space for TPM persistent and state save +// data. +// +// The entries in dynamic space are a linked list of entries. Each entry has, as its +// first field, a size. If the size field is zero, it marks the end of the +// list. +// +// An allocation of an Index or evict object may use almost all of the remaining +// NV space such that the size field will not fit. The functions that search the +// list are aware of this and will terminate the search if they either find a zero +// size or recognize that there is insufficient space for the size field. +// +// An Index allocation will contain an NV_INDEX structure. If the Index does not +// have the orderly attribute, the NV_INDEX is followed immediately by the NV data. +// +// An evict object entry contains a handle followed by an OBJECT structure. This +// results in both the Index and Evict Object having an identifying handle as the +// first field following the size field. +// +// When an Index has the orderly attribute, the data is kept in RAM. This RAM is +// saved to backing store in NV memory on any orderly shutdown. The entries in +// orderly memory are also a linked list using a size field as the first entry. As +// with the NV memory, the list is terminated by a zero size field or when the last +// entry leaves insufficient space for the terminating size field. +// +// The attributes of an orderly index are maintained in RAM memory in order to +// reduce the number of NV writes needed for orderly data. When an orderly index +// is created, an entry is made in the dynamic NV memory space that holds the Index +// authorizations (authPolicy and authValue) and the size of the data. This entry is +// only modified if the authValue of the index is changed. The more volatile data +// of the index is kept in RAM. When an orderly Index is created or deleted, the +// RAM data is copied to NV backing store so that the image in the backing store +// matches the layout of RAM. In normal operation. The RAM data is also copied on +// any orderly shutdown. In normal operation, the only other reason for writing +// to the backing store for RAM is when a counter is first written (TPMA_NV_WRITTEN +// changes from CLEAR to SET) or when a counter "rolls over." +// +// Static space contains items that are individually modifiable. The values are in +// the 'gp' PERSISTEND_DATA structure in RAM and mapped to locations in NV. +// + +//** Includes, Defines +#define NV_C +#include "Tpm.h" + +//************************************************ +//** Functions +//************************************************ + + +//*** NvInitStatic() +// This function initializes the static variables used in the NV subsystem. +static void +NvInitStatic( + void + ) +{ + // In some implementations, the end of NV is variable and is set at boot time. + // This value will be the same for each boot, but is not necessarily known + // at compile time. + s_evictNvEnd = (NV_REF)NV_MEMORY_SIZE; + return; +} + +//*** NvCheckState() +// Function to check the NV state by accessing the platform-specific function +// to get the NV state. The result state is registered in s_NvIsAvailable +// that will be reported by NvIsAvailable. +// +// This function is called at the beginning of ExecuteCommand before any potential +// check of g_NvStatus. +void +NvCheckState( + void + ) +{ + int func_return; +// + func_return = _plat__IsNvAvailable(); + if(func_return == 0) + g_NvStatus = TPM_RC_SUCCESS; + else if(func_return == 1) + g_NvStatus = TPM_RC_NV_UNAVAILABLE; + else + g_NvStatus = TPM_RC_NV_RATE; + return; +} + +//*** NvCommit +// This is a wrapper for the platform function to commit pending NV writes. +BOOL +NvCommit( + void + ) +{ + return (_plat__NvCommit() == 0); +} + +//*** NvPowerOn() +// This function is called at _TPM_Init to initialize the NV environment. +// Return Type: BOOL +// TRUE(1) all NV was initialized +// FALSE(0) the NV containing saved state had an error and +// TPM2_Startup(CLEAR) is required +BOOL +NvPowerOn( + void + ) +{ + int nvError = 0; + // If power was lost, need to re-establish the RAM data that is loaded from + // NV and initialize the static variables + if(g_powerWasLost) + { + if((nvError = _plat__NVEnable(0)) < 0) + FAIL(FATAL_ERROR_NV_UNRECOVERABLE); + NvInitStatic(); + } + return nvError == 0; +} + +//*** NvManufacture() +// This function initializes the NV system at pre-install time. +// +// This function should only be called in a manufacturing environment or in a +// simulation. +// +// The layout of NV memory space is an implementation choice. +void +NvManufacture( + void + ) +{ +#if SIMULATION + // Simulate the NV memory being in the erased state. + _plat__NvMemoryClear(0, NV_MEMORY_SIZE); +#endif + // Initialize static variables + NvInitStatic(); + // Clear the RAM used for Orderly Index data + MemorySet(s_indexOrderlyRam, 0, RAM_INDEX_SPACE); + // Write that Orderly Index data to NV + NvUpdateIndexOrderlyData(); + // Initialize the next offset of the first entry in evict/index list to 0 (the + // end of list marker) and the initial s_maxCounterValue; + NvSetMaxCount(0); + // Put the end of list marker at the end of memory. This contains the MaxCount + // value as well as the end marker. + NvWriteNvListEnd(NV_USER_DYNAMIC); + return; +} + +//*** NvRead() +// This function is used to move reserved data from NV memory to RAM. +void +NvRead( + void *outBuffer, // OUT: buffer to receive data + UINT32 nvOffset, // IN: offset in NV of value + UINT32 size // IN: size of the value to read + ) +{ + // Input type should be valid + pAssert(nvOffset + size < NV_MEMORY_SIZE); + _plat__NvMemoryRead(nvOffset, size, outBuffer); + return; +} + +//*** NvWrite() +// This function is used to post reserved data for writing to NV memory. Before +// the TPM completes the operation, the value will be written. +BOOL +NvWrite( + UINT32 nvOffset, // IN: location in NV to receive data + UINT32 size, // IN: size of the data to move + void *inBuffer // IN: location containing data to write + ) +{ + // Input type should be valid + if(nvOffset + size <= NV_MEMORY_SIZE) + { + // Set the flag that a NV write happened + SET_NV_UPDATE(UT_NV); + return _plat__NvMemoryWrite(nvOffset, size, inBuffer); + } + return FALSE; +} + +//*** NvUpdatePersistent() +// This function is used to update a value in the PERSISTENT_DATA structure and +// commits the value to NV. +void +NvUpdatePersistent( + UINT32 offset, // IN: location in PERMANENT_DATA to be updated + UINT32 size, // IN: size of the value + void *buffer // IN: the new data + ) +{ + pAssert(offset + size <= sizeof(gp)); + MemoryCopy(&gp + offset, buffer, size); + NvWrite(offset, size, buffer); +} + +//*** NvClearPersistent() +// This function is used to clear a persistent data entry and commit it to NV +void +NvClearPersistent( + UINT32 offset, // IN: the offset in the PERMANENT_DATA + // structure to be cleared (zeroed) + UINT32 size // IN: number of bytes to clear + ) +{ + pAssert(offset + size <= sizeof(gp)); + MemorySet((&gp) + offset, 0, size); + NvWrite(offset, size, (&gp) + offset); +} + +//*** NvReadPersistent() +// This function reads persistent data to the RAM copy of the 'gp' structure. +void +NvReadPersistent( + void + ) +{ + NvRead(&gp, NV_PERSISTENT_DATA, sizeof(gp)); + return; +} \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/Object.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/Object.c new file mode 100644 index 000000000..6fd037087 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/Object.c @@ -0,0 +1,989 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +//** Introduction +// This file contains the functions that manage the object store of the TPM. + +//** Includes and Data Definitions +#define OBJECT_C + +#include "Tpm.h" + +//** Functions + +//*** ObjectFlush() +// This function marks an object slot as available. +// Since there is no checking of the input parameters, it should be used +// judiciously. +// Note: This could be converted to a macro. +void +ObjectFlush( + OBJECT *object + ) +{ + object->attributes.occupied = CLEAR; +} + +//*** ObjectSetInUse() +// This access function sets the occupied attribute of an object slot. +void +ObjectSetInUse( + OBJECT *object + ) +{ + object->attributes.occupied = SET; +} + +//*** ObjectStartup() +// This function is called at TPM2_Startup() to initialize the object subsystem. +BOOL +ObjectStartup( + void + ) +{ + UINT32 i; +// + // object slots initialization + for(i = 0; i < MAX_LOADED_OBJECTS; i++) + { + //Set the slot to not occupied + ObjectFlush(&s_objects[i]); + } + return TRUE; +} + +//*** ObjectCleanupEvict() +// +// In this implementation, a persistent object is moved from NV into an object slot +// for processing. It is flushed after command execution. This function is called +// from ExecuteCommand(). +void +ObjectCleanupEvict( + void + ) +{ + UINT32 i; +// + // This has to be iterated because a command may have two handles + // and they may both be persistent. + // This could be made to be more efficient so that a search is not needed. + for(i = 0; i < MAX_LOADED_OBJECTS; i++) + { + // If an object is a temporary evict object, flush it from slot + OBJECT *object = &s_objects[i]; + if(object->attributes.evict == SET) + ObjectFlush(object); + } + return; +} + +//*** IsObjectPresent() +// This function checks to see if a transient handle references a loaded +// object. This routine should not be called if the handle is not a +// transient handle. The function validates that the handle is in the +// implementation-dependent allowed in range for loaded transient objects. +// Return Type: BOOL +// TRUE(1) handle references a loaded object +// FALSE(0) handle is not an object handle, or it does not +// reference to a loaded object +BOOL +IsObjectPresent( + TPMI_DH_OBJECT handle // IN: handle to be checked + ) +{ + UINT32 slotIndex = handle - TRANSIENT_FIRST; + // Since the handle is just an index into the array that is zero based, any + // handle value outsize of the range of: + // TRANSIENT_FIRST -- (TRANSIENT_FIRST + MAX_LOADED_OBJECT - 1) + // will now be greater than or equal to MAX_LOADED_OBJECTS + if(slotIndex >= MAX_LOADED_OBJECTS) + return FALSE; + // Indicate if the slot is occupied + return (s_objects[slotIndex].attributes.occupied == TRUE); +} + +//*** ObjectIsSequence() +// This function is used to check if the object is a sequence object. This function +// should not be called if the handle does not reference a loaded object. +// Return Type: BOOL +// TRUE(1) object is an HMAC, hash, or event sequence object +// FALSE(0) object is not an HMAC, hash, or event sequence object +BOOL +ObjectIsSequence( + OBJECT *object // IN: handle to be checked + ) +{ + pAssert(object != NULL); + return (object->attributes.hmacSeq == SET + || object->attributes.hashSeq == SET + || object->attributes.eventSeq == SET); +} + +//*** HandleToObject() +// This function is used to find the object structure associated with a handle. +// +// This function requires that 'handle' references a loaded object or a permanent +// handle. +OBJECT* +HandleToObject( + TPMI_DH_OBJECT handle // IN: handle of the object + ) +{ + UINT32 index; +// + // Return NULL if the handle references a permanent handle because there is no + // associated OBJECT. + if(HandleGetType(handle) == TPM_HT_PERMANENT) + return NULL; + // In this implementation, the handle is determined by the slot occupied by the + // object. + index = handle - TRANSIENT_FIRST; + pAssert(index < MAX_LOADED_OBJECTS); + pAssert(s_objects[index].attributes.occupied); + return &s_objects[index]; +} + + +//*** GetQualifiedName() +// This function returns the Qualified Name of the object. In this implementation, +// the Qualified Name is computed when the object is loaded and is saved in the +// internal representation of the object. The alternative would be to retain the +// Name of the parent and compute the QN when needed. This would take the same +// amount of space so it is not recommended that the alternate be used. +// +// This function requires that 'handle' references a loaded object. +void +GetQualifiedName( + TPMI_DH_OBJECT handle, // IN: handle of the object + TPM2B_NAME *qualifiedName // OUT: qualified name of the object + ) +{ + OBJECT *object; +// + switch(HandleGetType(handle)) + { + case TPM_HT_PERMANENT: + qualifiedName->t.size = sizeof(TPM_HANDLE); + UINT32_TO_BYTE_ARRAY(handle, qualifiedName->t.name); + break; + case TPM_HT_TRANSIENT: + object = HandleToObject(handle); + if(object == NULL || object->publicArea.nameAlg == TPM_ALG_NULL) + qualifiedName->t.size = 0; + else + // Copy the name + *qualifiedName = object->qualifiedName; + break; + default: + FAIL(FATAL_ERROR_INTERNAL); + } + return; +} + +//*** ObjectGetHierarchy() +// This function returns the handle for the hierarchy of an object. +TPMI_RH_HIERARCHY +ObjectGetHierarchy( + OBJECT *object // IN :object + ) +{ + if(object->attributes.spsHierarchy) + { + return TPM_RH_OWNER; + } + else if(object->attributes.epsHierarchy) + { + return TPM_RH_ENDORSEMENT; + } + else if(object->attributes.ppsHierarchy) + { + return TPM_RH_PLATFORM; + } + else + { + return TPM_RH_NULL; + } +} + +//*** GetHeriarchy() +// This function returns the handle of the hierarchy to which a handle belongs. +// This function is similar to ObjectGetHierarchy() but this routine takes +// a handle but ObjectGetHierarchy() takes an pointer to an object. +// +// This function requires that 'handle' references a loaded object. +TPMI_RH_HIERARCHY +GetHeriarchy( + TPMI_DH_OBJECT handle // IN :object handle + ) +{ + OBJECT *object = HandleToObject(handle); +// + return ObjectGetHierarchy(object); +} + +//*** FindEmptyObjectSlot() +// This function finds an open object slot, if any. It will clear the attributes +// but will not set the occupied attribute. This is so that a slot may be used +// and discarded if everything does not go as planned. +// Return Type: OBJECT * +// NULL no open slot found +// != NULL pointer to available slot +OBJECT * +FindEmptyObjectSlot( + TPMI_DH_OBJECT *handle // OUT: (optional) + ) +{ + UINT32 i; + OBJECT *object; +// + for(i = 0; i < MAX_LOADED_OBJECTS; i++) + { + object = &s_objects[i]; + if(object->attributes.occupied == CLEAR) + { + if(handle) + *handle = i + TRANSIENT_FIRST; + // Initialize the object attributes + MemorySet(&object->attributes, 0, sizeof(OBJECT_ATTRIBUTES)); + return object; + } + } + return NULL; +} + +//*** ObjectAllocateSlot() +// This function is used to allocate a slot in internal object array. +OBJECT * +ObjectAllocateSlot( + TPMI_DH_OBJECT *handle // OUT: handle of allocated object + ) +{ + OBJECT *object = FindEmptyObjectSlot(handle); +// + if(object != NULL) + { + // if found, mark as occupied + ObjectSetInUse(object); + } + return object; +} + +//*** ObjectSetLoadedAttributes() +// This function sets the internal attributes for a loaded object. It is called to +// finalize the OBJECT attributes (not the TPMA_OBJECT attributes) for a loaded +// object. +void +ObjectSetLoadedAttributes( + OBJECT *object, // IN: object attributes to finalize + TPM_HANDLE parentHandle // IN: the parent handle + ) +{ + OBJECT *parent = HandleToObject(parentHandle); + TPMA_OBJECT objectAttributes = object->publicArea.objectAttributes; +// + // Copy the stClear attribute from the public area. This could be overwritten + // if the parent has stClear SET + object->attributes.stClear = + IS_ATTRIBUTE(objectAttributes, TPMA_OBJECT, stClear); + // If parent handle is a permanent handle, it is a primary (unless it is NULL + if(parent == NULL) + { + object->attributes.primary = SET; + switch(parentHandle) + { + case TPM_RH_ENDORSEMENT: + object->attributes.epsHierarchy = SET; + break; + case TPM_RH_OWNER: + object->attributes.spsHierarchy = SET; + break; + case TPM_RH_PLATFORM: + object->attributes.ppsHierarchy = SET; + break; + default: + // Treat the temporary attribute as a hierarchy + object->attributes.temporary = SET; + object->attributes.primary = CLEAR; + break; + } + } + else + { + // is this a stClear object + object->attributes.stClear = + (IS_ATTRIBUTE(objectAttributes, TPMA_OBJECT, stClear) + || (parent->attributes.stClear == SET)); + object->attributes.epsHierarchy = parent->attributes.epsHierarchy; + object->attributes.spsHierarchy = parent->attributes.spsHierarchy; + object->attributes.ppsHierarchy = parent->attributes.ppsHierarchy; + // An object is temporary if its parent is temporary or if the object + // is external + object->attributes.temporary = parent->attributes.temporary + || object->attributes.external; + } + // If this is an external object, set the QN == name but don't SET other + // key properties ('parent' or 'derived') + if(object->attributes.external) + object->qualifiedName = object->name; + else + { + // check attributes for different types of parents + if(IS_ATTRIBUTE(objectAttributes, TPMA_OBJECT, restricted) + && !object->attributes.publicOnly + && IS_ATTRIBUTE(objectAttributes, TPMA_OBJECT, decrypt) + && object->publicArea.nameAlg != TPM_ALG_NULL) + { + // This is a parent. If it is not a KEYEDHASH, it is an ordinary parent. + // Otherwise, it is a derivation parent. + if(object->publicArea.type == TPM_ALG_KEYEDHASH) + object->attributes.derivation = SET; + else + object->attributes.isParent = SET; + } + ComputeQualifiedName(parentHandle, object->publicArea.nameAlg, + &object->name, &object->qualifiedName); + } + // Set slot occupied + ObjectSetInUse(object); + return; +} + +//*** ObjectLoad() +// Common function to load an object. A loaded object has its public area validated +// (unless its 'nameAlg' is TPM_ALG_NULL). If a sensitive part is loaded, it is +// verified to be correct and if both public and sensitive parts are loaded, then +// the cryptographic binding between the objects is validated. This function does +// not cause the allocated slot to be marked as in use. +TPM_RC +ObjectLoad( + OBJECT *object, // IN: pointer to object slot + // object + OBJECT *parent, // IN: (optional) the parent object + TPMT_PUBLIC *publicArea, // IN: public area to be installed in the object + TPMT_SENSITIVE *sensitive, // IN: (optional) sensitive area to be + // installed in the object + TPM_RC blamePublic, // IN: parameter number to associate with the + // publicArea errors + TPM_RC blameSensitive,// IN: parameter number to associate with the + // sensitive area errors + TPM2B_NAME *name // IN: (optional) +) +{ + TPM_RC result = TPM_RC_SUCCESS; +// +// Do validations of public area object descriptions + pAssert(publicArea != NULL); + + // Is this public only or a no-name object? + if(sensitive == NULL || publicArea->nameAlg == TPM_ALG_NULL) + { + // Need to have schemes checked so that we do the right thing with the + // public key. + result = SchemeChecks(NULL, publicArea); + } + else + { + // For any sensitive area, make sure that the seedSize is no larger than the + // digest size of nameAlg + if(sensitive->seedValue.t.size > CryptHashGetDigestSize(publicArea->nameAlg)) + return TPM_RCS_KEY_SIZE + blameSensitive; + // Check attributes and schemes for consistency + result = PublicAttributesValidation(parent, publicArea); + } + if(result != TPM_RC_SUCCESS) + return RcSafeAddToResult(result, blamePublic); + +// Sensitive area and binding checks + + // On load, check nothing if the parent is fixedTPM. For all other cases, validate + // the keys. + if((parent == NULL) + || ((parent != NULL) && !IS_ATTRIBUTE(parent->publicArea.objectAttributes, + TPMA_OBJECT, fixedTPM))) + { + // Do the cryptographic key validation + result = CryptValidateKeys(publicArea, sensitive, blamePublic, + blameSensitive); + if(result != TPM_RC_SUCCESS) + return result; + } +#if ALG_RSA + // If this is an RSA key, then expand the private exponent. + // Note: ObjectLoad() is only called by TPM2_Import() if the parent is fixedTPM. + // For any key that does not have a fixedTPM parent, the exponent is computed + // whenever it is loaded + if((publicArea->type == TPM_ALG_RSA) && (sensitive != NULL)) + { + result = CryptRsaLoadPrivateExponent(publicArea, sensitive); + if(result != TPM_RC_SUCCESS) + return result; + } +#endif // ALG_RSA + // See if there is an object to populate + if((result == TPM_RC_SUCCESS) && (object != NULL)) + { + // Initialize public + object->publicArea = *publicArea; + // Copy sensitive if there is one + if(sensitive == NULL) + object->attributes.publicOnly = SET; + else + object->sensitive = *sensitive; + // Set the name, if one was provided + if(name != NULL) + object->name = *name; + else + object->name.t.size = 0; + } + return result; +} + +//*** AllocateSequenceSlot() +// This function allocates a sequence slot and initializes the parts that +// are used by the normal objects so that a sequence object is not inadvertently +// used for an operation that is not appropriate for a sequence. +// +static HASH_OBJECT * +AllocateSequenceSlot( + TPM_HANDLE *newHandle, // OUT: receives the allocated handle + TPM2B_AUTH *auth // IN: the authValue for the slot + ) +{ + HASH_OBJECT *object = (HASH_OBJECT *)ObjectAllocateSlot(newHandle); +// + // Validate that the proper location of the hash state data relative to the + // object state data. It would be good if this could have been done at compile + // time but it can't so do it in something that can be removed after debug. + cAssert(offsetof(HASH_OBJECT, auth) == offsetof(OBJECT, publicArea.authPolicy)); + + if(object != NULL) + { + + // Set the common values that a sequence object shares with an ordinary object + // First, clear all attributes + MemorySet(&object->objectAttributes, 0, sizeof(TPMA_OBJECT)); + + // The type is TPM_ALG_NULL + object->type = TPM_ALG_NULL; + + // This has no name algorithm and the name is the Empty Buffer + object->nameAlg = TPM_ALG_NULL; + + // A sequence object is considered to be in the NULL hierarchy so it should + // be marked as temporary so that it can't be persisted + object->attributes.temporary = SET; + + // A sequence object is DA exempt. + SET_ATTRIBUTE(object->objectAttributes, TPMA_OBJECT, noDA); + + // Copy the authorization value + if(auth != NULL) + object->auth = *auth; + else + object->auth.t.size = 0; + } + return object; +} + + +#if CC_HMAC_Start || CC_MAC_Start +//*** ObjectCreateHMACSequence() +// This function creates an internal HMAC sequence object. +// Return Type: TPM_RC +// TPM_RC_OBJECT_MEMORY if there is no free slot for an object +TPM_RC +ObjectCreateHMACSequence( + TPMI_ALG_HASH hashAlg, // IN: hash algorithm + OBJECT *keyObject, // IN: the object containing the HMAC key + TPM2B_AUTH *auth, // IN: authValue + TPMI_DH_OBJECT *newHandle // OUT: HMAC sequence object handle + ) +{ + HASH_OBJECT *hmacObject; +// + // Try to allocate a slot for new object + hmacObject = AllocateSequenceSlot(newHandle, auth); + + if(hmacObject == NULL) + return TPM_RC_OBJECT_MEMORY; + // Set HMAC sequence bit + hmacObject->attributes.hmacSeq = SET; + +#if !SMAC_IMPLEMENTED + if(CryptHmacStart(&hmacObject->state.hmacState, hashAlg, + keyObject->sensitive.sensitive.bits.b.size, + keyObject->sensitive.sensitive.bits.b.buffer) == 0) +#else + if(CryptMacStart(&hmacObject->state.hmacState, + &keyObject->publicArea.parameters, + hashAlg, &keyObject->sensitive.sensitive.any.b) == 0) +#endif // SMAC_IMPLEMENTED + return TPM_RC_FAILURE; + return TPM_RC_SUCCESS; +} +#endif + +//*** ObjectCreateHashSequence() +// This function creates a hash sequence object. +// Return Type: TPM_RC +// TPM_RC_OBJECT_MEMORY if there is no free slot for an object +TPM_RC +ObjectCreateHashSequence( + TPMI_ALG_HASH hashAlg, // IN: hash algorithm + TPM2B_AUTH *auth, // IN: authValue + TPMI_DH_OBJECT *newHandle // OUT: sequence object handle + ) +{ + HASH_OBJECT *hashObject = AllocateSequenceSlot(newHandle, auth); +// + // See if slot allocated + if(hashObject == NULL) + return TPM_RC_OBJECT_MEMORY; + // Set hash sequence bit + hashObject->attributes.hashSeq = SET; + + // Start hash for hash sequence + CryptHashStart(&hashObject->state.hashState[0], hashAlg); + + return TPM_RC_SUCCESS; +} + +//*** ObjectCreateEventSequence() +// This function creates an event sequence object. +// Return Type: TPM_RC +// TPM_RC_OBJECT_MEMORY if there is no free slot for an object +TPM_RC +ObjectCreateEventSequence( + TPM2B_AUTH *auth, // IN: authValue + TPMI_DH_OBJECT *newHandle // OUT: sequence object handle + ) +{ + HASH_OBJECT *hashObject = AllocateSequenceSlot(newHandle, auth); + UINT32 count; + TPM_ALG_ID hash; +// + // See if slot allocated + if(hashObject == NULL) + return TPM_RC_OBJECT_MEMORY; + // Set the event sequence attribute + hashObject->attributes.eventSeq = SET; + + // Initialize hash states for each implemented PCR algorithms + for(count = 0; (hash = CryptHashGetAlgByIndex(count)) != TPM_ALG_NULL; count++) + CryptHashStart(&hashObject->state.hashState[count], hash); + return TPM_RC_SUCCESS; +} + +//*** ObjectTerminateEvent() +// This function is called to close out the event sequence and clean up the hash +// context states. +void +ObjectTerminateEvent( + void + ) +{ + HASH_OBJECT *hashObject; + int count; + BYTE buffer[MAX_DIGEST_SIZE]; +// + hashObject = (HASH_OBJECT *)HandleToObject(g_DRTMHandle); + + // Don't assume that this is a proper sequence object + if(hashObject->attributes.eventSeq) + { + // If it is, close any open hash contexts. This is done in case + // the cryptographic implementation has some context values that need to be + // cleaned up (hygiene). + // + for(count = 0; CryptHashGetAlgByIndex(count) != TPM_ALG_NULL; count++) + { + CryptHashEnd(&hashObject->state.hashState[count], 0, buffer); + } + // Flush sequence object + FlushObject(g_DRTMHandle); + } + g_DRTMHandle = TPM_RH_UNASSIGNED; +} + +//*** ObjectContextLoad() +// This function loads an object from a saved object context. +// Return Type: OBJECT * +// NULL if there is no free slot for an object +// != NULL points to the loaded object +OBJECT * +ObjectContextLoad( + ANY_OBJECT_BUFFER *object, // IN: pointer to object structure in saved + // context + TPMI_DH_OBJECT *handle // OUT: object handle + ) +{ + OBJECT *newObject = ObjectAllocateSlot(handle); +// + // Try to allocate a slot for new object + if(newObject != NULL) + { + // Copy the first part of the object + MemoryCopy(newObject, object, offsetof(HASH_OBJECT, state)); + // See if this is a sequence object + if(ObjectIsSequence(newObject)) + { + // If this is a sequence object, import the data + SequenceDataImport((HASH_OBJECT *)newObject, + (HASH_OBJECT_BUFFER *)object); + } + else + { + // Copy input object data to internal structure + MemoryCopy(newObject, object, sizeof(OBJECT)); + } + } + return newObject; +} + +//*** FlushObject() +// This function frees an object slot. +// +// This function requires that the object is loaded. +void +FlushObject( + TPMI_DH_OBJECT handle // IN: handle to be freed + ) +{ + UINT32 index = handle - TRANSIENT_FIRST; +// + pAssert(index < MAX_LOADED_OBJECTS); + // Clear all the object attributes + MemorySet((BYTE*)&(s_objects[index].attributes), + 0, sizeof(OBJECT_ATTRIBUTES)); + return; +} + +//*** ObjectFlushHierarchy() +// This function is called to flush all the loaded transient objects associated +// with a hierarchy when the hierarchy is disabled. +void +ObjectFlushHierarchy( + TPMI_RH_HIERARCHY hierarchy // IN: hierarchy to be flush + ) +{ + UINT16 i; +// + // iterate object slots + for(i = 0; i < MAX_LOADED_OBJECTS; i++) + { + if(s_objects[i].attributes.occupied) // If found an occupied slot + { + switch(hierarchy) + { + case TPM_RH_PLATFORM: + if(s_objects[i].attributes.ppsHierarchy == SET) + s_objects[i].attributes.occupied = FALSE; + break; + case TPM_RH_OWNER: + if(s_objects[i].attributes.spsHierarchy == SET) + s_objects[i].attributes.occupied = FALSE; + break; + case TPM_RH_ENDORSEMENT: + if(s_objects[i].attributes.epsHierarchy == SET) + s_objects[i].attributes.occupied = FALSE; + break; + default: + FAIL(FATAL_ERROR_INTERNAL); + break; + } + } + } + + return; +} + +//*** ObjectLoadEvict() +// This function loads a persistent object into a transient object slot. +// +// This function requires that 'handle' is associated with a persistent object. +// Return Type: TPM_RC +// TPM_RC_HANDLE the persistent object does not exist +// or the associated hierarchy is disabled. +// TPM_RC_OBJECT_MEMORY no object slot +TPM_RC +ObjectLoadEvict( + TPM_HANDLE *handle, // IN:OUT: evict object handle. If success, it + // will be replace by the loaded object handle + COMMAND_INDEX commandIndex // IN: the command being processed + ) +{ + TPM_RC result; + TPM_HANDLE evictHandle = *handle; // Save the evict handle + OBJECT *object; +// + // If this is an index that references a persistent object created by + // the platform, then return TPM_RH_HANDLE if the phEnable is FALSE + if(*handle >= PLATFORM_PERSISTENT) + { + // belongs to platform + if(g_phEnable == CLEAR) + return TPM_RC_HANDLE; + } + // belongs to owner + else if(gc.shEnable == CLEAR) + return TPM_RC_HANDLE; + // Try to allocate a slot for an object + object = ObjectAllocateSlot(handle); + if(object == NULL) + return TPM_RC_OBJECT_MEMORY; + // Copy persistent object to transient object slot. A TPM_RC_HANDLE + // may be returned at this point. This will mark the slot as containing + // a transient object so that it will be flushed at the end of the + // command + result = NvGetEvictObject(evictHandle, object); + + // Bail out if this failed + if(result != TPM_RC_SUCCESS) + return result; + // check the object to see if it is in the endorsement hierarchy + // if it is and this is not a TPM2_EvictControl() command, indicate + // that the hierarchy is disabled. + // If the associated hierarchy is disabled, make it look like the + // handle is not defined + if(ObjectGetHierarchy(object) == TPM_RH_ENDORSEMENT + && gc.ehEnable == CLEAR + && GetCommandCode(commandIndex) != TPM_CC_EvictControl) + return TPM_RC_HANDLE; + + return result; +} + +//*** ObjectComputeName() +// This does the name computation from a public area (can be marshaled or not). +TPM2B_NAME * +ObjectComputeName( + UINT32 size, // IN: the size of the area to digest + BYTE *publicArea, // IN: the public area to digest + TPM_ALG_ID nameAlg, // IN: the hash algorithm to use + TPM2B_NAME *name // OUT: Computed name + ) +{ + // Hash the publicArea into the name buffer leaving room for the nameAlg + name->t.size = CryptHashBlock(nameAlg, size, publicArea, + sizeof(name->t.name) - 2, + &name->t.name[2]); + // set the nameAlg + UINT16_TO_BYTE_ARRAY(nameAlg, name->t.name); + name->t.size += 2; + return name; +} + +//*** PublicMarshalAndComputeName() +// This function computes the Name of an object from its public area. +TPM2B_NAME * +PublicMarshalAndComputeName( + TPMT_PUBLIC *publicArea, // IN: public area of an object + TPM2B_NAME *name // OUT: name of the object + ) +{ + // Will marshal a public area into a template. This is because the internal + // format for a TPM2B_PUBLIC is a structure and not a simple BYTE buffer. + TPM2B_TEMPLATE marshaled; // this is big enough to hold a + // marshaled TPMT_PUBLIC + BYTE *buffer = (BYTE *)&marshaled.t.buffer; +// + // if the nameAlg is NULL then there is no name. + if(publicArea->nameAlg == TPM_ALG_NULL) + name->t.size = 0; + else + { + // Marshal the public area into its canonical form + marshaled.t.size = TPMT_PUBLIC_Marshal(publicArea, &buffer, NULL); + // and compute the name + ObjectComputeName(marshaled.t.size, marshaled.t.buffer, + publicArea->nameAlg, name); + } + return name; +} + +//*** ComputeQualifiedName() +// This function computes the qualified name of an object. +void +ComputeQualifiedName( + TPM_HANDLE parentHandle, // IN: parent's handle + TPM_ALG_ID nameAlg, // IN: name hash + TPM2B_NAME *name, // IN: name of the object + TPM2B_NAME *qualifiedName // OUT: qualified name of the object + ) +{ + HASH_STATE hashState; // hash state + TPM2B_NAME parentName; +// + if(parentHandle == TPM_RH_UNASSIGNED) + { + MemoryCopy2B(&qualifiedName->b, &name->b, sizeof(qualifiedName->t.name)); + *qualifiedName = *name; + } + else + { + GetQualifiedName(parentHandle, &parentName); + + // QN_A = hash_A (QN of parent || NAME_A) + + // Start hash + qualifiedName->t.size = CryptHashStart(&hashState, nameAlg); + + // Add parent's qualified name + CryptDigestUpdate2B(&hashState, &parentName.b); + + // Add self name + CryptDigestUpdate2B(&hashState, &name->b); + + // Complete hash leaving room for the name algorithm + CryptHashEnd(&hashState, qualifiedName->t.size, + &qualifiedName->t.name[2]); + UINT16_TO_BYTE_ARRAY(nameAlg, qualifiedName->t.name); + qualifiedName->t.size += 2; + } + return; +} + +//*** ObjectIsStorage() +// This function determines if an object has the attributes associated +// with a parent. A parent is an asymmetric or symmetric block cipher key +// that has its 'restricted' and 'decrypt' attributes SET, and 'sign' CLEAR. +// Return Type: BOOL +// TRUE(1) object is a storage key +// FALSE(0) object is not a storage key +BOOL +ObjectIsStorage( + TPMI_DH_OBJECT handle // IN: object handle + ) +{ + OBJECT *object = HandleToObject(handle); + TPMT_PUBLIC *publicArea = ((object != NULL) ? &object->publicArea : NULL); +// + return (publicArea != NULL + && IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, restricted) + && IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, decrypt) + && !IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, sign) + && (object->publicArea.type == ALG_RSA_VALUE + || object->publicArea.type == ALG_ECC_VALUE)); +} + +//*** ObjectCapGetLoaded() +// This function returns a a list of handles of loaded object, starting from +// 'handle'. 'Handle' must be in the range of valid transient object handles, +// but does not have to be the handle of a loaded transient object. +// Return Type: TPMI_YES_NO +// YES if there are more handles available +// NO all the available handles has been returned +TPMI_YES_NO +ObjectCapGetLoaded( + TPMI_DH_OBJECT handle, // IN: start handle + UINT32 count, // IN: count of returned handles + TPML_HANDLE *handleList // OUT: list of handle + ) +{ + TPMI_YES_NO more = NO; + UINT32 i; +// + pAssert(HandleGetType(handle) == TPM_HT_TRANSIENT); + + // Initialize output handle list + handleList->count = 0; + + // The maximum count of handles we may return is MAX_CAP_HANDLES + if(count > MAX_CAP_HANDLES) count = MAX_CAP_HANDLES; + + // Iterate object slots to get loaded object handles + for(i = handle - TRANSIENT_FIRST; i < MAX_LOADED_OBJECTS; i++) + { + if(s_objects[i].attributes.occupied == TRUE) + { + // A valid transient object can not be the copy of a persistent object + pAssert(s_objects[i].attributes.evict == CLEAR); + + if(handleList->count < count) + { + // If we have not filled up the return list, add this object + // handle to it + handleList->handle[handleList->count] = i + TRANSIENT_FIRST; + handleList->count++; + } + else + { + // If the return list is full but we still have loaded object + // available, report this and stop iterating + more = YES; + break; + } + } + } + + return more; +} + +//*** ObjectCapGetTransientAvail() +// This function returns an estimate of the number of additional transient +// objects that could be loaded into the TPM. +UINT32 +ObjectCapGetTransientAvail( + void + ) +{ + UINT32 i; + UINT32 num = 0; +// + // Iterate object slot to get the number of unoccupied slots + for(i = 0; i < MAX_LOADED_OBJECTS; i++) + { + if(s_objects[i].attributes.occupied == FALSE) num++; + } + + return num; +} + +//*** ObjectGetPublicAttributes() +// Returns the attributes associated with an object handles. +TPMA_OBJECT +ObjectGetPublicAttributes( + TPM_HANDLE handle + ) +{ + return HandleToObject(handle)->publicArea.objectAttributes; +} + +OBJECT_ATTRIBUTES +ObjectGetProperties( + TPM_HANDLE handle + ) +{ + return HandleToObject(handle)->attributes; +} \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/PCR.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/PCR.c new file mode 100644 index 000000000..10a096878 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/PCR.c @@ -0,0 +1,1314 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +//** Introduction +// +// This function contains the functions needed for PCR access and manipulation. +// +// This implementation uses a static allocation for the PCR. The amount of +// memory is allocated based on the number of PCR in the implementation and +// the number of implemented hash algorithms. This is not the expected +// implementation. PCR SPACE DEFINITIONS. +// +// In the definitions below, the g_hashPcrMap is a bit array that indicates +// which of the PCR are implemented. The g_hashPcr array is an array of digests. +// In this implementation, the space is allocated whether the PCR is implemented +// or not. + +//** Includes, Defines, and Data Definitions +#define PCR_C +#include "Tpm.h" + +// The initial value of PCR attributes. The value of these fields should be +// consistent with PC Client specification +// In this implementation, we assume the total number of implemented PCR is 24. +static const PCR_Attributes s_initAttributes[] = +{ + // PCR 0 - 15, static RTM + {1, 0, 0x1F}, {1, 0, 0x1F}, {1, 0, 0x1F}, {1, 0, 0x1F}, + {1, 0, 0x1F}, {1, 0, 0x1F}, {1, 0, 0x1F}, {1, 0, 0x1F}, + {1, 0, 0x1F}, {1, 0, 0x1F}, {1, 0, 0x1F}, {1, 0, 0x1F}, + {1, 0, 0x1F}, {1, 0, 0x1F}, {1, 0, 0x1F}, {1, 0, 0x1F}, + + {0, 0x0F, 0x1F}, // PCR 16, Debug + {0, 0x10, 0x1C}, // PCR 17, Locality 4 + {0, 0x10, 0x1C}, // PCR 18, Locality 3 + {0, 0x10, 0x0C}, // PCR 19, Locality 2 + {0, 0x14, 0x0E}, // PCR 20, Locality 1 + {0, 0x14, 0x04}, // PCR 21, Dynamic OS + {0, 0x14, 0x04}, // PCR 22, Dynamic OS + {0, 0x0F, 0x1F}, // PCR 23, Application specific + {0, 0x0F, 0x1F} // PCR 24, testing policy +}; + +//** Functions + +//*** PCRBelongsAuthGroup() +// This function indicates if a PCR belongs to a group that requires an authValue +// in order to modify the PCR. If it does, 'groupIndex' is set to value of +// the group index. This feature of PCR is decided by the platform specification. +// Return Type: BOOL +// TRUE(1) PCR belongs an authorization group +// FALSE(0) PCR does not belong an authorization group +BOOL +PCRBelongsAuthGroup( + TPMI_DH_PCR handle, // IN: handle of PCR + UINT32 *groupIndex // OUT: group index if PCR belongs a + // group that allows authValue. If PCR + // does not belong to an authorization + // group, the value in this parameter is + // invalid + ) +{ +#if defined NUM_AUTHVALUE_PCR_GROUP && NUM_AUTHVALUE_PCR_GROUP > 0 + // Platform specification determines to which authorization group a PCR belongs + // (if any). In this implementation, we assume there is only + // one authorization group which contains PCR[20-22]. If the platform + // specification requires differently, the implementation should be changed + // accordingly + if(handle >= 20 && handle <= 22) + { + *groupIndex = 0; + return TRUE; + } + +#endif + return FALSE; +} + +//*** PCRBelongsPolicyGroup() +// This function indicates if a PCR belongs to a group that requires a policy +// authorization in order to modify the PCR. If it does, 'groupIndex' is set +// to value of the group index. This feature of PCR is decided by the platform +// specification. +// Return Type: BOOL +// TRUE(1) PCR belongs a policy group +// FALSE(0) PCR does not belong a policy group +BOOL +PCRBelongsPolicyGroup( + TPMI_DH_PCR handle, // IN: handle of PCR + UINT32 *groupIndex // OUT: group index if PCR belongs a group that + // allows policy. If PCR does not belong to + // a policy group, the value in this + // parameter is invalid + ) +{ +#if defined NUM_POLICY_PCR_GROUP && NUM_POLICY_PCR_GROUP > 0 + // Platform specification decides if a PCR belongs to a policy group and + // belongs to which group. In this implementation, we assume there is only + // one policy group which contains PCR20-22. If the platform specification + // requires differently, the implementation should be changed accordingly + if(handle >= 20 && handle <= 22) + { + *groupIndex = 0; + return TRUE; + } +#endif + return FALSE; +} + +//*** PCRBelongsTCBGroup() +// This function indicates if a PCR belongs to the TCB group. +// Return Type: BOOL +// TRUE(1) PCR belongs to TCB group +// FALSE(0) PCR does not belong to TCB group +static BOOL +PCRBelongsTCBGroup( + TPMI_DH_PCR handle // IN: handle of PCR + ) +{ +#if ENABLE_PCR_NO_INCREMENT == YES + // Platform specification decides if a PCR belongs to a TCB group. In this + // implementation, we assume PCR[20-22] belong to TCB group. If the platform + // specification requires differently, the implementation should be + // changed accordingly + if(handle >= 20 && handle <= 22) + return TRUE; + +#endif + return FALSE; +} + +//*** PCRPolicyIsAvailable() +// This function indicates if a policy is available for a PCR. +// Return Type: BOOL +// TRUE(1) the PCR should be authorized by policy +// FALSE(0) the PCR does not allow policy +BOOL +PCRPolicyIsAvailable( + TPMI_DH_PCR handle // IN: PCR handle + ) +{ + UINT32 groupIndex; + + return PCRBelongsPolicyGroup(handle, &groupIndex); +} + +//*** PCRGetAuthValue() +// This function is used to access the authValue of a PCR. If PCR does not +// belong to an authValue group, an EmptyAuth will be returned. +TPM2B_AUTH * +PCRGetAuthValue( + TPMI_DH_PCR handle // IN: PCR handle + ) +{ + UINT32 groupIndex; + + if(PCRBelongsAuthGroup(handle, &groupIndex)) + { + return &gc.pcrAuthValues.auth[groupIndex]; + } + else + { + return NULL; + } +} + +//*** PCRGetAuthPolicy() +// This function is used to access the authorization policy of a PCR. It sets +// 'policy' to the authorization policy and returns the hash algorithm for policy +// If the PCR does not allow a policy, TPM_ALG_NULL is returned. +TPMI_ALG_HASH +PCRGetAuthPolicy( + TPMI_DH_PCR handle, // IN: PCR handle + TPM2B_DIGEST *policy // OUT: policy of PCR + ) +{ + UINT32 groupIndex; + + if(PCRBelongsPolicyGroup(handle, &groupIndex)) + { + *policy = gp.pcrPolicies.policy[groupIndex]; + return gp.pcrPolicies.hashAlg[groupIndex]; + } + else + { + policy->t.size = 0; + return TPM_ALG_NULL; + } +} + +//*** PCRSimStart() +// This function is used to initialize the policies when a TPM is manufactured. +// This function would only be called in a manufacturing environment or in +// a TPM simulator. +void +PCRSimStart( + void + ) +{ + UINT32 i; +#if defined NUM_POLICY_PCR_GROUP && NUM_POLICY_PCR_GROUP > 0 + for(i = 0; i < NUM_POLICY_PCR_GROUP; i++) + { + gp.pcrPolicies.hashAlg[i] = TPM_ALG_NULL; + gp.pcrPolicies.policy[i].t.size = 0; + } +#endif +#if defined NUM_AUTHVALUE_PCR_GROUP && NUM_AUTHVALUE_PCR_GROUP > 0 + for(i = 0; i < NUM_AUTHVALUE_PCR_GROUP; i++) + { + gc.pcrAuthValues.auth[i].t.size = 0; + } +#endif + // We need to give an initial configuration on allocated PCR before + // receiving any TPM2_PCR_Allocate command to change this configuration + // When the simulation environment starts, we allocate all the PCRs + for(gp.pcrAllocated.count = 0; gp.pcrAllocated.count < HASH_COUNT; + gp.pcrAllocated.count++) + { + gp.pcrAllocated.pcrSelections[gp.pcrAllocated.count].hash + = CryptHashGetAlgByIndex(gp.pcrAllocated.count); + + gp.pcrAllocated.pcrSelections[gp.pcrAllocated.count].sizeofSelect + = PCR_SELECT_MAX; + for(i = 0; i < PCR_SELECT_MAX; i++) + gp.pcrAllocated.pcrSelections[gp.pcrAllocated.count].pcrSelect[i] + = 0xFF; + } + + // Store the initial configuration to NV + NV_SYNC_PERSISTENT(pcrPolicies); + NV_SYNC_PERSISTENT(pcrAllocated); + + return; +} + +//*** GetSavedPcrPointer() +// This function returns the address of an array of state saved PCR based +// on the hash algorithm. +// Return Type: BYTE * +// NULL no such algorithm +// != NULL pointer to the 0th byte of the 0th PCR +static BYTE * +GetSavedPcrPointer( + TPM_ALG_ID alg, // IN: algorithm for bank + UINT32 pcrIndex // IN: PCR index in PCR_SAVE + ) +{ + BYTE *retVal; + switch(alg) + { +#if ALG_SHA1 + case ALG_SHA1_VALUE: + retVal = gc.pcrSave.sha1[pcrIndex]; + break; +#endif +#if ALG_SHA256 + case ALG_SHA256_VALUE: + retVal = gc.pcrSave.sha256[pcrIndex]; + break; +#endif +#if ALG_SHA384 + case ALG_SHA384_VALUE: + retVal = gc.pcrSave.sha384[pcrIndex]; + break; +#endif + +#if ALG_SHA512 + case ALG_SHA512_VALUE: + retVal = gc.pcrSave.sha512[pcrIndex]; + break; +#endif +#if ALG_SM3_256 + case ALG_SM3_256_VALUE: + retVal = gc.pcrSave.sm3_256[pcrIndex]; + break; +#endif + default: + FAIL(FATAL_ERROR_INTERNAL); + } + return retVal; +} + +//*** PcrIsAllocated() +// This function indicates if a PCR number for the particular hash algorithm +// is allocated. +// Return Type: BOOL +// TRUE(1) PCR is allocated +// FALSE(0) PCR is not allocated +BOOL +PcrIsAllocated( + UINT32 pcr, // IN: The number of the PCR + TPMI_ALG_HASH hashAlg // IN: The PCR algorithm + ) +{ + UINT32 i; + BOOL allocated = FALSE; + + if(pcr < IMPLEMENTATION_PCR) + { + for(i = 0; i < gp.pcrAllocated.count; i++) + { + if(gp.pcrAllocated.pcrSelections[i].hash == hashAlg) + { + if(((gp.pcrAllocated.pcrSelections[i].pcrSelect[pcr / 8]) + & (1 << (pcr % 8))) != 0) + allocated = TRUE; + else + allocated = FALSE; + break; + } + } + } + return allocated; +} + +//*** GetPcrPointer() +// This function returns the address of an array of PCR based on the +// hash algorithm. +// Return Type: BYTE * +// NULL no such algorithm +// != NULL pointer to the 0th byte of the 0th PCR +static BYTE * +GetPcrPointer( + TPM_ALG_ID alg, // IN: algorithm for bank + UINT32 pcrNumber // IN: PCR number + ) +{ + static BYTE *pcr = NULL; + + if(!PcrIsAllocated(pcrNumber, alg)) + return NULL; + + switch(alg) + { +#if ALG_SHA1 + case ALG_SHA1_VALUE: + pcr = s_pcrs[pcrNumber].sha1Pcr; + break; +#endif +#if ALG_SHA256 + case ALG_SHA256_VALUE: + pcr = s_pcrs[pcrNumber].sha256Pcr; + break; +#endif +#if ALG_SHA384 + case ALG_SHA384_VALUE: + pcr = s_pcrs[pcrNumber].sha384Pcr; + break; +#endif +#if ALG_SHA512 + case ALG_SHA512_VALUE: + pcr = s_pcrs[pcrNumber].sha512Pcr; + break; +#endif +#if ALG_SM3_256 + case ALG_SM3_256_VALUE: + pcr = s_pcrs[pcrNumber].sm3_256Pcr; + break; +#endif + default: + FAIL(FATAL_ERROR_INTERNAL); + break; + } + return pcr; +} + +//*** IsPcrSelected() +// This function indicates if an indicated PCR number is selected by the bit map in +// 'selection'. +// Return Type: BOOL +// TRUE(1) PCR is selected +// FALSE(0) PCR is not selected +static BOOL +IsPcrSelected( + UINT32 pcr, // IN: The number of the PCR + TPMS_PCR_SELECTION *selection // IN: The selection structure + ) +{ + BOOL selected; + selected = (pcr < IMPLEMENTATION_PCR + && ((selection->pcrSelect[pcr / 8]) & (1 << (pcr % 8))) != 0); + return selected; +} + +//*** FilterPcr() +// This function modifies a PCR selection array based on the implemented +// PCR. +static void +FilterPcr( + TPMS_PCR_SELECTION *selection // IN: input PCR selection + ) +{ + UINT32 i; + TPMS_PCR_SELECTION *allocated = NULL; + + // If size of select is less than PCR_SELECT_MAX, zero the unspecified PCR + for(i = selection->sizeofSelect; i < PCR_SELECT_MAX; i++) + selection->pcrSelect[i] = 0; + + // Find the internal configuration for the bank + for(i = 0; i < gp.pcrAllocated.count; i++) + { + if(gp.pcrAllocated.pcrSelections[i].hash == selection->hash) + { + allocated = &gp.pcrAllocated.pcrSelections[i]; + break; + } + } + + for(i = 0; i < selection->sizeofSelect; i++) + { + if(allocated == NULL) + { + // If the required bank does not exist, clear input selection + selection->pcrSelect[i] = 0; + } + else + selection->pcrSelect[i] &= allocated->pcrSelect[i]; + } + + return; +} + +//*** PcrDrtm() +// This function does the DRTM and H-CRTM processing it is called from +// _TPM_Hash_End. +void +PcrDrtm( + const TPMI_DH_PCR pcrHandle, // IN: the index of the PCR to be + // modified + const TPMI_ALG_HASH hash, // IN: the bank identifier + const TPM2B_DIGEST *digest // IN: the digest to modify the PCR + ) +{ + BYTE *pcrData = GetPcrPointer(hash, pcrHandle); + + if(pcrData != NULL) + { + // Rest the PCR to zeros + MemorySet(pcrData, 0, digest->t.size); + + // if the TPM has not started, then set the PCR to 0...04 and then extend + if(!TPMIsStarted()) + { + pcrData[digest->t.size - 1] = 4; + } + // Now, extend the value + PCRExtend(pcrHandle, hash, digest->t.size, (BYTE *)digest->t.buffer); + } +} + +//*** PCR_ClearAuth() +// This function is used to reset the PCR authorization values. It is called +// on TPM2_Startup(CLEAR) and TPM2_Clear(). +void +PCR_ClearAuth( + void + ) +{ +#if defined NUM_AUTHVALUE_PCR_GROUP && NUM_AUTHVALUE_PCR_GROUP > 0 + int j; + for(j = 0; j < NUM_AUTHVALUE_PCR_GROUP; j++) + { + gc.pcrAuthValues.auth[j].t.size = 0; + } +#endif +} + +//*** PCRStartup() +// This function initializes the PCR subsystem at TPM2_Startup(). +BOOL +PCRStartup( + STARTUP_TYPE type, // IN: startup type + BYTE locality // IN: startup locality + ) +{ + UINT32 pcr, j; + UINT32 saveIndex = 0; + + g_pcrReConfig = FALSE; + + // Don't test for SU_RESET because that should be the default when nothing + // else is selected + if(type != SU_RESUME && type != SU_RESTART) + { + // PCR generation counter is cleared at TPM_RESET + gr.pcrCounter = 0; + } + + // Initialize/Restore PCR values + for(pcr = 0; pcr < IMPLEMENTATION_PCR; pcr++) + { + // On resume, need to know if this PCR had its state saved or not + UINT32 stateSaved; + + if(type == SU_RESUME + && s_initAttributes[pcr].stateSave == SET) + { + stateSaved = 1; + } + else + { + stateSaved = 0; + PCRChanged(pcr); + } + + // If this is the H-CRTM PCR and we are not doing a resume and we + // had an H-CRTM event, then we don't change this PCR + if(pcr == HCRTM_PCR && type != SU_RESUME && g_DrtmPreStartup == TRUE) + continue; + + // Iterate each hash algorithm bank + for(j = 0; j < gp.pcrAllocated.count; j++) + { + TPMI_ALG_HASH hash = gp.pcrAllocated.pcrSelections[j].hash; + BYTE *pcrData = GetPcrPointer(hash, pcr); + UINT16 pcrSize = CryptHashGetDigestSize(hash); + + if(pcrData != NULL) + { + // if state was saved + if(stateSaved == 1) + { + // Restore saved PCR value + BYTE *pcrSavedData; + pcrSavedData = GetSavedPcrPointer( + gp.pcrAllocated.pcrSelections[j].hash, + saveIndex); + if(pcrSavedData == NULL) + return FALSE; + MemoryCopy(pcrData, pcrSavedData, pcrSize); + } + else + // PCR was not restored by state save + { + // If the reset locality of the PCR is 4, then + // the reset value is all one's, otherwise it is + // all zero. + if((s_initAttributes[pcr].resetLocality & 0x10) != 0) + MemorySet(pcrData, 0xFF, pcrSize); + else + { + MemorySet(pcrData, 0, pcrSize); + if(pcr == HCRTM_PCR) + pcrData[pcrSize - 1] = locality; + } + } + } + } + saveIndex += stateSaved; + } + // Reset authValues on TPM2_Startup(CLEAR) + if(type != SU_RESUME) + PCR_ClearAuth(); + return TRUE; +} + +//*** PCRStateSave() +// This function is used to save the PCR values that will be restored on TPM Resume. +void +PCRStateSave( + TPM_SU type // IN: startup type + ) +{ + UINT32 pcr, j; + UINT32 saveIndex = 0; + + // if state save CLEAR, nothing to be done. Return here + if(type == TPM_SU_CLEAR) + return; + + // Copy PCR values to the structure that should be saved to NV + for(pcr = 0; pcr < IMPLEMENTATION_PCR; pcr++) + { + UINT32 stateSaved = (s_initAttributes[pcr].stateSave == SET) ? 1 : 0; + + // Iterate each hash algorithm bank + for(j = 0; j < gp.pcrAllocated.count; j++) + { + BYTE *pcrData; + UINT32 pcrSize; + + pcrData = GetPcrPointer(gp.pcrAllocated.pcrSelections[j].hash, pcr); + + if(pcrData != NULL) + { + pcrSize + = CryptHashGetDigestSize(gp.pcrAllocated.pcrSelections[j].hash); + + if(stateSaved == 1) + { + // Restore saved PCR value + BYTE *pcrSavedData; + pcrSavedData + = GetSavedPcrPointer(gp.pcrAllocated.pcrSelections[j].hash, + saveIndex); + MemoryCopy(pcrSavedData, pcrData, pcrSize); + } + } + } + saveIndex += stateSaved; + } + + return; +} + +//*** PCRIsStateSaved() +// This function indicates if the selected PCR is a PCR that is state saved +// on TPM2_Shutdown(STATE). The return value is based on PCR attributes. +// Return Type: BOOL +// TRUE(1) PCR is state saved +// FALSE(0) PCR is not state saved +BOOL +PCRIsStateSaved( + TPMI_DH_PCR handle // IN: PCR handle to be extended + ) +{ + UINT32 pcr = handle - PCR_FIRST; + + if(s_initAttributes[pcr].stateSave == SET) + return TRUE; + else + return FALSE; +} + +//*** PCRIsResetAllowed() +// This function indicates if a PCR may be reset by the current command locality. +// The return value is based on PCR attributes, and not the PCR allocation. +// Return Type: BOOL +// TRUE(1) TPM2_PCR_Reset is allowed +// FALSE(0) TPM2_PCR_Reset is not allowed +BOOL +PCRIsResetAllowed( + TPMI_DH_PCR handle // IN: PCR handle to be extended + ) +{ + UINT8 commandLocality; + UINT8 localityBits = 1; + UINT32 pcr = handle - PCR_FIRST; + + // Check for the locality + commandLocality = _plat__LocalityGet(); + +#ifdef DRTM_PCR + // For a TPM that does DRTM, Reset is not allowed at locality 4 + if(commandLocality == 4) + return FALSE; +#endif + + localityBits = localityBits << commandLocality; + if((localityBits & s_initAttributes[pcr].resetLocality) == 0) + return FALSE; + else + return TRUE; +} + +//*** PCRChanged() +// This function checks a PCR handle to see if the attributes for the PCR are set +// so that any change to the PCR causes an increment of the pcrCounter. If it does, +// then the function increments the counter. Will also bump the counter if the +// handle is zero which means that PCR 0 can not be in the TCB group. Bump on zero +// is used by TPM2_Clear(). +void +PCRChanged( + TPM_HANDLE pcrHandle // IN: the handle of the PCR that changed. + ) +{ + // For the reference implementation, the only change that does not cause + // increment is a change to a PCR in the TCB group. + if((pcrHandle == 0) || !PCRBelongsTCBGroup(pcrHandle)) + { + gr.pcrCounter++; + if(gr.pcrCounter == 0) + FAIL(FATAL_ERROR_COUNTER_OVERFLOW); + } +} + +//*** PCRIsExtendAllowed() +// This function indicates a PCR may be extended at the current command locality. +// The return value is based on PCR attributes, and not the PCR allocation. +// Return Type: BOOL +// TRUE(1) extend is allowed +// FALSE(0) extend is not allowed +BOOL +PCRIsExtendAllowed( + TPMI_DH_PCR handle // IN: PCR handle to be extended + ) +{ + UINT8 commandLocality; + UINT8 localityBits = 1; + UINT32 pcr = handle - PCR_FIRST; + + // Check for the locality + commandLocality = _plat__LocalityGet(); + localityBits = localityBits << commandLocality; + if((localityBits & s_initAttributes[pcr].extendLocality) == 0) + return FALSE; + else + return TRUE; +} + +//*** PCRExtend() +// This function is used to extend a PCR in a specific bank. +void +PCRExtend( + TPMI_DH_PCR handle, // IN: PCR handle to be extended + TPMI_ALG_HASH hash, // IN: hash algorithm of PCR + UINT32 size, // IN: size of data to be extended + BYTE *data // IN: data to be extended + ) +{ + BYTE *pcrData; + HASH_STATE hashState; + UINT16 pcrSize; + + pcrData = GetPcrPointer(hash, handle - PCR_FIRST); + + // Extend PCR if it is allocated + if(pcrData != NULL) + { + pcrSize = CryptHashGetDigestSize(hash); + CryptHashStart(&hashState, hash); + CryptDigestUpdate(&hashState, pcrSize, pcrData); + CryptDigestUpdate(&hashState, size, data); + CryptHashEnd(&hashState, pcrSize, pcrData); + + // PCR has changed so update the pcrCounter if necessary + PCRChanged(handle); + } + + return; +} + +//*** PCRComputeCurrentDigest() +// This function computes the digest of the selected PCR. +// +// As a side-effect, 'selection' is modified so that only the implemented PCR +// will have their bits still set. +void +PCRComputeCurrentDigest( + TPMI_ALG_HASH hashAlg, // IN: hash algorithm to compute digest + TPML_PCR_SELECTION *selection, // IN/OUT: PCR selection (filtered on + // output) + TPM2B_DIGEST *digest // OUT: digest + ) +{ + HASH_STATE hashState; + TPMS_PCR_SELECTION *select; + BYTE *pcrData; // will point to a digest + UINT32 pcrSize; + UINT32 pcr; + UINT32 i; + + // Initialize the hash + digest->t.size = CryptHashStart(&hashState, hashAlg); + pAssert(digest->t.size > 0 && digest->t.size < UINT16_MAX); + + // Iterate through the list of PCR selection structures + for(i = 0; i < selection->count; i++) + { + // Point to the current selection + select = &selection->pcrSelections[i]; // Point to the current selection + FilterPcr(select); // Clear out the bits for unimplemented PCR + + // Need the size of each digest + pcrSize = CryptHashGetDigestSize(selection->pcrSelections[i].hash); + + // Iterate through the selection + for(pcr = 0; pcr < IMPLEMENTATION_PCR; pcr++) + { + if(IsPcrSelected(pcr, select)) // Is this PCR selected + { + // Get pointer to the digest data for the bank + pcrData = GetPcrPointer(selection->pcrSelections[i].hash, pcr); + pAssert(pcrData != NULL); + CryptDigestUpdate(&hashState, pcrSize, pcrData); // add to digest + } + } + } + // Complete hash stack + CryptHashEnd2B(&hashState, &digest->b); + + return; +} + +//*** PCRRead() +// This function is used to read a list of selected PCR. If the requested PCR +// number exceeds the maximum number that can be output, the 'selection' is +// adjusted to reflect the actual output PCR. +void +PCRRead( + TPML_PCR_SELECTION *selection, // IN/OUT: PCR selection (filtered on + // output) + TPML_DIGEST *digest, // OUT: digest + UINT32 *pcrCounter // OUT: the current value of PCR generation + // number + ) +{ + TPMS_PCR_SELECTION *select; + BYTE *pcrData; // will point to a digest + UINT32 pcr; + UINT32 i; + + digest->count = 0; + + // Iterate through the list of PCR selection structures + for(i = 0; i < selection->count; i++) + { + // Point to the current selection + select = &selection->pcrSelections[i]; // Point to the current selection + FilterPcr(select); // Clear out the bits for unimplemented PCR + + // Iterate through the selection + for(pcr = 0; pcr < IMPLEMENTATION_PCR; pcr++) + { + if(IsPcrSelected(pcr, select)) // Is this PCR selected + { + // Check if number of digest exceed upper bound + if(digest->count > 7) + { + // Clear rest of the current select bitmap + while(pcr < IMPLEMENTATION_PCR + // do not round up! + && (pcr / 8) < select->sizeofSelect) + { + // do not round up! + select->pcrSelect[pcr / 8] &= (BYTE)~(1 << (pcr % 8)); + pcr++; + } + // Exit inner loop + break; + } + // Need the size of each digest + digest->digests[digest->count].t.size = + CryptHashGetDigestSize(selection->pcrSelections[i].hash); + + // Get pointer to the digest data for the bank + pcrData = GetPcrPointer(selection->pcrSelections[i].hash, pcr); + pAssert(pcrData != NULL); + // Add to the data to digest + MemoryCopy(digest->digests[digest->count].t.buffer, + pcrData, + digest->digests[digest->count].t.size); + digest->count++; + } + } + // If we exit inner loop because we have exceed the output upper bound + if(digest->count > 7 && pcr < IMPLEMENTATION_PCR) + { + // Clear rest of the selection + while(i < selection->count) + { + MemorySet(selection->pcrSelections[i].pcrSelect, 0, + selection->pcrSelections[i].sizeofSelect); + i++; + } + // exit outer loop + break; + } + } + + *pcrCounter = gr.pcrCounter; + + return; +} + +//*** PCRAllocate() +// This function is used to change the PCR allocation. +// Return Type: TPM_RC +// TPM_RC_NO_RESULT allocate failed +// TPM_RC_PCR improper allocation +TPM_RC +PCRAllocate( + TPML_PCR_SELECTION *allocate, // IN: required allocation + UINT32 *maxPCR, // OUT: Maximum number of PCR + UINT32 *sizeNeeded, // OUT: required space + UINT32 *sizeAvailable // OUT: available space + ) +{ + UINT32 i, j, k; + TPML_PCR_SELECTION newAllocate; + // Initialize the flags to indicate if HCRTM PCR and DRTM PCR are allocated. + BOOL pcrHcrtm = FALSE; + BOOL pcrDrtm = FALSE; + + // Create the expected new PCR allocation based on the existing allocation + // and the new input: + // 1. if a PCR bank does not appear in the new allocation, the existing + // allocation of this PCR bank will be preserved. + // 2. if a PCR bank appears multiple times in the new allocation, only the + // last one will be in effect. + newAllocate = gp.pcrAllocated; + for(i = 0; i < allocate->count; i++) + { + for(j = 0; j < newAllocate.count; j++) + { + // If hash matches, the new allocation covers the old allocation + // for this particular bank. + // The assumption is the initial PCR allocation (from manufacture) + // has all the supported hash algorithms with an assigned bank + // (possibly empty). So there must be a match for any new bank + // allocation from the input. + if(newAllocate.pcrSelections[j].hash == + allocate->pcrSelections[i].hash) + { + newAllocate.pcrSelections[j] = allocate->pcrSelections[i]; + break; + } + } + // The j loop must exit with a match. + pAssert(j < newAllocate.count); + } + + // Max PCR in a bank is MIN(implemented PCR, PCR with attributes defined) + *maxPCR = sizeof(s_initAttributes) / sizeof(PCR_Attributes); + if(*maxPCR > IMPLEMENTATION_PCR) + *maxPCR = IMPLEMENTATION_PCR; + + // Compute required size for allocation + *sizeNeeded = 0; + for(i = 0; i < newAllocate.count; i++) + { + UINT32 digestSize + = CryptHashGetDigestSize(newAllocate.pcrSelections[i].hash); +#if defined(DRTM_PCR) + // Make sure that we end up with at least one DRTM PCR + pcrDrtm = pcrDrtm || TestBit(DRTM_PCR, + newAllocate.pcrSelections[i].pcrSelect, + newAllocate.pcrSelections[i].sizeofSelect); + +#else // if DRTM PCR is not required, indicate that the allocation is OK + pcrDrtm = TRUE; +#endif + +#if defined(HCRTM_PCR) + // and one HCRTM PCR (since this is usually PCR 0...) + pcrHcrtm = pcrHcrtm || TestBit(HCRTM_PCR, + newAllocate.pcrSelections[i].pcrSelect, + newAllocate.pcrSelections[i].sizeofSelect); +#else + pcrHcrtm = TRUE; +#endif + for(j = 0; j < newAllocate.pcrSelections[i].sizeofSelect; j++) + { + BYTE mask = 1; + for(k = 0; k < 8; k++) + { + if((newAllocate.pcrSelections[i].pcrSelect[j] & mask) != 0) + *sizeNeeded += digestSize; + mask = mask << 1; + } + } + } + + if(!pcrDrtm || !pcrHcrtm) + return TPM_RC_PCR; + + // In this particular implementation, we always have enough space to + // allocate PCR. Different implementation may return a sizeAvailable less + // than the sizeNeed. + *sizeAvailable = sizeof(s_pcrs); + + // Save the required allocation to NV. Note that after NV is written, the + // PCR allocation in NV is no longer consistent with the RAM data + // gp.pcrAllocated. The NV version reflect the allocate after next + // TPM_RESET, while the RAM version reflects the current allocation + NV_WRITE_PERSISTENT(pcrAllocated, newAllocate); + + return TPM_RC_SUCCESS; +} + +//*** PCRSetValue() +// This function is used to set the designated PCR in all banks to an initial value. +// The initial value is signed and will be sign extended into the entire PCR. +// +void +PCRSetValue( + TPM_HANDLE handle, // IN: the handle of the PCR to set + INT8 initialValue // IN: the value to set + ) +{ + int i; + UINT32 pcr = handle - PCR_FIRST; + TPMI_ALG_HASH hash; + UINT16 digestSize; + BYTE *pcrData; + + // Iterate supported PCR bank algorithms to reset + for(i = 0; i < HASH_COUNT; i++) + { + hash = CryptHashGetAlgByIndex(i); + // Prevent runaway + if(hash == TPM_ALG_NULL) + break; + + // Get a pointer to the data + pcrData = GetPcrPointer(gp.pcrAllocated.pcrSelections[i].hash, pcr); + + // If the PCR is allocated + if(pcrData != NULL) + { + // And the size of the digest + digestSize = CryptHashGetDigestSize(hash); + + // Set the LSO to the input value + pcrData[digestSize - 1] = initialValue; + + // Sign extend + if(initialValue >= 0) + MemorySet(pcrData, 0, digestSize - 1); + else + MemorySet(pcrData, -1, digestSize - 1); + } + } +} + +//*** PCRResetDynamics +// This function is used to reset a dynamic PCR to 0. This function is used in +// DRTM sequence. +void +PCRResetDynamics( + void + ) +{ + UINT32 pcr, i; + + // Initialize PCR values + for(pcr = 0; pcr < IMPLEMENTATION_PCR; pcr++) + { + // Iterate each hash algorithm bank + for(i = 0; i < gp.pcrAllocated.count; i++) + { + BYTE *pcrData; + UINT32 pcrSize; + + pcrData = GetPcrPointer(gp.pcrAllocated.pcrSelections[i].hash, pcr); + + if(pcrData != NULL) + { + pcrSize = + CryptHashGetDigestSize(gp.pcrAllocated.pcrSelections[i].hash); + + // Reset PCR + // Any PCR can be reset by locality 4 should be reset to 0 + if((s_initAttributes[pcr].resetLocality & 0x10) != 0) + MemorySet(pcrData, 0, pcrSize); + } + } + } + return; +} + +//*** PCRCapGetAllocation() +// This function is used to get the current allocation of PCR banks. +// Return Type: TPMI_YES_NO +// YES if the return count is 0 +// NO if the return count is not 0 +TPMI_YES_NO +PCRCapGetAllocation( + UINT32 count, // IN: count of return + TPML_PCR_SELECTION *pcrSelection // OUT: PCR allocation list + ) +{ + if(count == 0) + { + pcrSelection->count = 0; + return YES; + } + else + { + *pcrSelection = gp.pcrAllocated; + return NO; + } +} + +//*** PCRSetSelectBit() +// This function sets a bit in a bitmap array. +static void +PCRSetSelectBit( + UINT32 pcr, // IN: PCR number + BYTE *bitmap // OUT: bit map to be set + ) +{ + bitmap[pcr / 8] |= (1 << (pcr % 8)); + return; +} + +//*** PCRGetProperty() +// This function returns the selected PCR property. +// Return Type: BOOL +// TRUE(1) the property type is implemented +// FALSE(0) the property type is not implemented +static BOOL +PCRGetProperty( + TPM_PT_PCR property, + TPMS_TAGGED_PCR_SELECT *select + ) +{ + UINT32 pcr; + UINT32 groupIndex; + + select->tag = property; + // Always set the bitmap to be the size of all PCR + select->sizeofSelect = (IMPLEMENTATION_PCR + 7) / 8; + + // Initialize bitmap + MemorySet(select->pcrSelect, 0, select->sizeofSelect); + + // Collecting properties + for(pcr = 0; pcr < IMPLEMENTATION_PCR; pcr++) + { + switch(property) + { + case TPM_PT_PCR_SAVE: + if(s_initAttributes[pcr].stateSave == SET) + PCRSetSelectBit(pcr, select->pcrSelect); + break; + case TPM_PT_PCR_EXTEND_L0: + if((s_initAttributes[pcr].extendLocality & 0x01) != 0) + PCRSetSelectBit(pcr, select->pcrSelect); + break; + case TPM_PT_PCR_RESET_L0: + if((s_initAttributes[pcr].resetLocality & 0x01) != 0) + PCRSetSelectBit(pcr, select->pcrSelect); + break; + case TPM_PT_PCR_EXTEND_L1: + if((s_initAttributes[pcr].extendLocality & 0x02) != 0) + PCRSetSelectBit(pcr, select->pcrSelect); + break; + case TPM_PT_PCR_RESET_L1: + if((s_initAttributes[pcr].resetLocality & 0x02) != 0) + PCRSetSelectBit(pcr, select->pcrSelect); + break; + case TPM_PT_PCR_EXTEND_L2: + if((s_initAttributes[pcr].extendLocality & 0x04) != 0) + PCRSetSelectBit(pcr, select->pcrSelect); + break; + case TPM_PT_PCR_RESET_L2: + if((s_initAttributes[pcr].resetLocality & 0x04) != 0) + PCRSetSelectBit(pcr, select->pcrSelect); + break; + case TPM_PT_PCR_EXTEND_L3: + if((s_initAttributes[pcr].extendLocality & 0x08) != 0) + PCRSetSelectBit(pcr, select->pcrSelect); + break; + case TPM_PT_PCR_RESET_L3: + if((s_initAttributes[pcr].resetLocality & 0x08) != 0) + PCRSetSelectBit(pcr, select->pcrSelect); + break; + case TPM_PT_PCR_EXTEND_L4: + if((s_initAttributes[pcr].extendLocality & 0x10) != 0) + PCRSetSelectBit(pcr, select->pcrSelect); + break; + case TPM_PT_PCR_RESET_L4: + if((s_initAttributes[pcr].resetLocality & 0x10) != 0) + PCRSetSelectBit(pcr, select->pcrSelect); + break; + case TPM_PT_PCR_DRTM_RESET: + // DRTM reset PCRs are the PCR reset by locality 4 + if((s_initAttributes[pcr].resetLocality & 0x10) != 0) + PCRSetSelectBit(pcr, select->pcrSelect); + break; +#if defined NUM_POLICY_PCR_GROUP && NUM_POLICY_PCR_GROUP > 0 + case TPM_PT_PCR_POLICY: + if(PCRBelongsPolicyGroup(pcr + PCR_FIRST, &groupIndex)) + PCRSetSelectBit(pcr, select->pcrSelect); + break; +#endif +#if defined NUM_AUTHVALUE_PCR_GROUP && NUM_AUTHVALUE_PCR_GROUP > 0 + case TPM_PT_PCR_AUTH: + if(PCRBelongsAuthGroup(pcr + PCR_FIRST, &groupIndex)) + PCRSetSelectBit(pcr, select->pcrSelect); + break; +#endif +#if ENABLE_PCR_NO_INCREMENT == YES + case TPM_PT_PCR_NO_INCREMENT: + if(PCRBelongsTCBGroup(pcr + PCR_FIRST)) + PCRSetSelectBit(pcr, select->pcrSelect); + break; +#endif + default: + // If property is not supported, stop scanning PCR attributes + // and return. + return FALSE; + break; + } + } + return TRUE; +} + +//*** PCRCapGetProperties() +// This function returns a list of PCR properties starting at 'property'. +// Return Type: TPMI_YES_NO +// YES if no more property is available +// NO if there are more properties not reported +TPMI_YES_NO +PCRCapGetProperties( + TPM_PT_PCR property, // IN: the starting PCR property + UINT32 count, // IN: count of returned properties + TPML_TAGGED_PCR_PROPERTY *select // OUT: PCR select + ) +{ + TPMI_YES_NO more = NO; + UINT32 i; + + // Initialize output property list + select->count = 0; + + // The maximum count of properties we may return is MAX_PCR_PROPERTIES + if(count > MAX_PCR_PROPERTIES) count = MAX_PCR_PROPERTIES; + + // TPM_PT_PCR_FIRST is defined as 0 in spec. It ensures that property + // value would never be less than TPM_PT_PCR_FIRST + cAssert(TPM_PT_PCR_FIRST == 0); + + // Iterate PCR properties. TPM_PT_PCR_LAST is the index of the last property + // implemented on the TPM. + for(i = property; i <= TPM_PT_PCR_LAST; i++) + { + if(select->count < count) + { + // If we have not filled up the return list, add more properties to it + if(PCRGetProperty(i, &select->pcrProperty[select->count])) + // only increment if the property is implemented + select->count++; + } + else + { + // If the return list is full but we still have properties + // available, report this and stop iterating. + more = YES; + break; + } + } + return more; +} + +//*** PCRCapGetHandles() +// This function is used to get a list of handles of PCR, started from 'handle'. +// If 'handle' exceeds the maximum PCR handle range, an empty list will be +// returned and the return value will be NO. +// Return Type: TPMI_YES_NO +// YES if there are more handles available +// NO all the available handles has been returned +TPMI_YES_NO +PCRCapGetHandles( + TPMI_DH_PCR handle, // IN: start handle + UINT32 count, // IN: count of returned handles + TPML_HANDLE *handleList // OUT: list of handle + ) +{ + TPMI_YES_NO more = NO; + UINT32 i; + + pAssert(HandleGetType(handle) == TPM_HT_PCR); + + // Initialize output handle list + handleList->count = 0; + + // The maximum count of handles we may return is MAX_CAP_HANDLES + if(count > MAX_CAP_HANDLES) count = MAX_CAP_HANDLES; + + // Iterate PCR handle range + for(i = handle & HR_HANDLE_MASK; i <= PCR_LAST; i++) + { + if(handleList->count < count) + { + // If we have not filled up the return list, add this PCR + // handle to it + handleList->handle[handleList->count] = i + PCR_FIRST; + handleList->count++; + } + else + { + // If the return list is full but we still have PCR handle + // available, report this and stop iterating + more = YES; + break; + } + } + return more; +} \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/PP.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/PP.c new file mode 100644 index 000000000..5d17d2014 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/PP.c @@ -0,0 +1,179 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +//** Introduction +// This file contains the functions that support the physical presence operations +// of the TPM. + +//** Includes + +#include "Tpm.h" + +//** Functions + +//*** PhysicalPresencePreInstall_Init() +// This function is used to initialize the array of commands that always require +// confirmation with physical presence. The array is an array of bits that +// has a correspondence with the command code. +// +// This command should only ever be executable in a manufacturing setting or in +// a simulation. +// +// When set, these cannot be cleared. +// +void +PhysicalPresencePreInstall_Init( + void + ) +{ + COMMAND_INDEX commandIndex; + // Clear all the PP commands + MemorySet(&gp.ppList, 0, sizeof(gp.ppList)); + + // Any command that is PP_REQUIRED should be SET + for(commandIndex = 0; commandIndex < COMMAND_COUNT; commandIndex++) + { + if(s_commandAttributes[commandIndex] & IS_IMPLEMENTED + && s_commandAttributes[commandIndex] & PP_REQUIRED) + SET_BIT(commandIndex, gp.ppList); + } + // Write PP list to NV + NV_SYNC_PERSISTENT(ppList); + return; +} + +//*** PhysicalPresenceCommandSet() +// This function is used to set the indicator that a command requires +// PP confirmation. +void +PhysicalPresenceCommandSet( + TPM_CC commandCode // IN: command code + ) +{ + COMMAND_INDEX commandIndex = CommandCodeToCommandIndex(commandCode); + + // if the command isn't implemented, the do nothing + if(commandIndex == UNIMPLEMENTED_COMMAND_INDEX) + return; + + // only set the bit if this is a command for which PP is allowed + if(s_commandAttributes[commandIndex] & PP_COMMAND) + SET_BIT(commandIndex, gp.ppList); + return; +} + +//*** PhysicalPresenceCommandClear() +// This function is used to clear the indicator that a command requires PP +// confirmation. +void +PhysicalPresenceCommandClear( + TPM_CC commandCode // IN: command code + ) +{ + COMMAND_INDEX commandIndex = CommandCodeToCommandIndex(commandCode); + + // If the command isn't implemented, then don't do anything + if(commandIndex == UNIMPLEMENTED_COMMAND_INDEX) + return; + + // Only clear the bit if the command does not require PP + if((s_commandAttributes[commandIndex] & PP_REQUIRED) == 0) + CLEAR_BIT(commandIndex, gp.ppList); + + return; +} + +//*** PhysicalPresenceIsRequired() +// This function indicates if PP confirmation is required for a command. +// Return Type: BOOL +// TRUE(1) physical presence is required +// FALSE(0) physical presence is not required +BOOL +PhysicalPresenceIsRequired( + COMMAND_INDEX commandIndex // IN: command index + ) +{ + // Check the bit map. If the bit is SET, PP authorization is required + return (TEST_BIT(commandIndex, gp.ppList)); +} + +//*** PhysicalPresenceCapGetCCList() +// This function returns a list of commands that require PP confirmation. The +// list starts from the first implemented command that has a command code that +// the same or greater than 'commandCode'. +// Return Type: TPMI_YES_NO +// YES if there are more command codes available +// NO all the available command codes have been returned +TPMI_YES_NO +PhysicalPresenceCapGetCCList( + TPM_CC commandCode, // IN: start command code + UINT32 count, // IN: count of returned TPM_CC + TPML_CC *commandList // OUT: list of TPM_CC + ) +{ + TPMI_YES_NO more = NO; + COMMAND_INDEX commandIndex; + + // Initialize output handle list + commandList->count = 0; + + // The maximum count of command we may return is MAX_CAP_CC + if(count > MAX_CAP_CC) count = MAX_CAP_CC; + + // Collect PP commands + for(commandIndex = GetClosestCommandIndex(commandCode); + commandIndex != UNIMPLEMENTED_COMMAND_INDEX; + commandIndex = GetNextCommandIndex(commandIndex)) + { + if(PhysicalPresenceIsRequired(commandIndex)) + { + if(commandList->count < count) + { + // If we have not filled up the return list, add this command + // code to it + commandList->commandCodes[commandList->count] + = GetCommandCode(commandIndex); + commandList->count++; + } + else + { + // If the return list is full but we still have PP command + // available, report this and stop iterating + more = YES; + break; + } + } + } + return more; +} \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/Session.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/Session.c new file mode 100644 index 000000000..f0a1b13ce --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/Session.c @@ -0,0 +1,1068 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +//**Introduction +/* + The code in this file is used to manage the session context counter. + The scheme implemented here is a "truncated counter". + This scheme allows the TPM to not need TPM_SU_CLEAR for a + very long period of time and still not have the context + count for a session repeated. + + The counter (contextCounter)in this implementation is a UINT64 but + can be smaller. The "tracking array" (contextArray) only + has 16-bits per context. The tracking array is the data + that needs to be saved and restored across TPM_SU_STATE so that + sessions are not lost when the system enters the sleep state. + Also, when the TPM is active, the tracking array is kept in + RAM making it important that the number of bytes for each + entry be kept as small as possible. + + The TPM prevents "collisions" of these truncated values by + not allowing a contextID to be assigned if it would be the + same as an existing value. Since the array holds 16 bits, + after a context has been saved, an additional 2^16-1 contexts + may be saved before the count would again match. The normal + expectation is that the context will be flushed before its count + value is needed again but it is always possible to have long-lived + sessions. + + The contextID is assigned when the context is saved (TPM2_ContextSave()). + At that time, the TPM will compare the low-order 16 bits of + contextCounter to the existing values in contextArray and if one + matches, the TPM will return TPM_RC_CONTEXT_GAP (by construction, + the entry that contains the matching value is the oldest + context). + + The expected remediation by the TRM is to load the oldest saved + session context (the one found by the TPM), and save it. Since loading + the oldest session also eliminates its contextID value from + contextArray, there TPM will always be able to load and save the oldest + existing context. + + In the worst case, software may have to load and save several contexts + in order to save an additional one. This should happen very infrequently. + + When the TPM searches contextArray and finds that none of the contextIDs + match the low-order 16-bits of contextCount, the TPM can copy the low bits + to the contextArray associated with the session, and increment contextCount. + + There is one entry in contextArray for each of the active sessions + allowed by the TPM implementation. This array contains either a + context count, an index, or a value indicating the slot is available (0). + + The index into the contextArray is the handle for the session with the region + selector byte of the session set to zero. If an entry in contextArray contains + 0, then the corresponding handle may be assigned to a session. If the entry + contains a value that is less than or equal to the number of loaded sessions + for the TPM, then the array entry is the slot in which the context is loaded. + + EXAMPLE: If the TPM allows 8 loaded sessions, then the slot numbers would + be 1-8 and a contextArrary value in that range would represent the loaded + session. + + NOTE: When the TPM firmware determines that the array entry is for a loaded + session, it will subtract 1 to create the zero-based slot number. + + There is one significant corner case in this scheme. When the contextCount + is equal to a value in the contextArray, the oldest session needs to be + recycled or flushed. In order to recycle the session, it must be loaded. + To be loaded, there must be an available slot. Rather than require that a + spare slot be available all the time, the TPM will check to see if the + contextCount is equal to some value in the contextArray when a session is + created. This prevents the last session slot from being used when it + is likely that a session will need to be recycled. + + If a TPM with both 1.2 and 2.0 functionality uses this scheme for both + 1.2 and 2.0 sessions, and the list of active contexts is read with + TPM_GetCapabiltiy(), the TPM will create 32-bit representations of the + list that contains 16-bit values (the TPM2_GetCapability() returns a list + of handles for active sessions rather than a list of contextID). The full + contextID has high-order bits that are either the same as the current + contextCount or one less. It is one less if the 16-bits + of the contextArray has a value that is larger than the low-order 16 bits + of contextCount. +*/ + +//** Includes, Defines, and Local Variables +#define SESSION_C +#include "Tpm.h" + +//** File Scope Function -- ContextIdSetOldest() +/* + This function is called when the oldest contextID is being loaded or deleted. + Once a saved context becomes the oldest, it stays the oldest until it is + deleted. + + Finding the oldest is a bit tricky. It is not just the numeric comparison of + values but is dependent on the value of contextCounter. + + Assume we have a small contextArray with 8, 4-bit values with values 1 and 2 + used to indicate the loaded context slot number. Also assume that the array + contains hex values of (0 0 1 0 3 0 9 F) and that the contextCounter is an + 8-bit counter with a value of 0x37. Since the low nibble is 7, that means + that values above 7 are older than values below it and, in this example, + 9 is the oldest value. + + Note if we subtract the counter value, from each slot that contains a saved + contextID we get (- - - - B - 2 - 8) and the oldest entry is now easy to find. +*/ +static void +ContextIdSetOldest( + void + ) +{ + CONTEXT_SLOT lowBits; + CONTEXT_SLOT entry; + CONTEXT_SLOT smallest = ((CONTEXT_SLOT)~0); + UINT32 i; + + // Set oldestSaveContext to a value indicating none assigned + s_oldestSavedSession = MAX_ACTIVE_SESSIONS + 1; + + lowBits = (CONTEXT_SLOT)gr.contextCounter; + for(i = 0; i < MAX_ACTIVE_SESSIONS; i++) + { + entry = gr.contextArray[i]; + + // only look at entries that are saved contexts + if(entry > MAX_LOADED_SESSIONS) + { + // Use a less than or equal in case the oldest + // is brand new (= lowBits-1) and equal to our initial + // value for smallest. + if(((CONTEXT_SLOT)(entry - lowBits)) <= smallest) + { + smallest = (entry - lowBits); + s_oldestSavedSession = i; + } + } + } + // When we finish, either the s_oldestSavedSession still has its initial + // value, or it has the index of the oldest saved context. +} + +//** Startup Function -- SessionStartup() +// This function initializes the session subsystem on TPM2_Startup(). +BOOL +SessionStartup( + STARTUP_TYPE type + ) +{ + UINT32 i; + + // Initialize session slots. At startup, all the in-memory session slots + // are cleared and marked as not occupied + for(i = 0; i < MAX_LOADED_SESSIONS; i++) + s_sessions[i].occupied = FALSE; // session slot is not occupied + + // The free session slots the number of maximum allowed loaded sessions + s_freeSessionSlots = MAX_LOADED_SESSIONS; + + // Initialize context ID data. On a ST_SAVE or hibernate sequence, it will + // scan the saved array of session context counts, and clear any entry that + // references a session that was in memory during the state save since that + // memory was not preserved over the ST_SAVE. + if(type == SU_RESUME || type == SU_RESTART) + { + // On ST_SAVE we preserve the contexts that were saved but not the ones + // in memory + for(i = 0; i < MAX_ACTIVE_SESSIONS; i++) + { + // If the array value is unused or references a loaded session then + // that loaded session context is lost and the array entry is + // reclaimed. + if(gr.contextArray[i] <= MAX_LOADED_SESSIONS) + gr.contextArray[i] = 0; + } + // Find the oldest session in context ID data and set it in + // s_oldestSavedSession + ContextIdSetOldest(); + } + else + { + // For STARTUP_CLEAR, clear out the contextArray + for(i = 0; i < MAX_ACTIVE_SESSIONS; i++) + gr.contextArray[i] = 0; + + // reset the context counter + gr.contextCounter = MAX_LOADED_SESSIONS + 1; + + // Initialize oldest saved session + s_oldestSavedSession = MAX_ACTIVE_SESSIONS + 1; + } + return TRUE; +} + +//************************************************ +//** Access Functions +//************************************************ + +//*** SessionIsLoaded() +// This function test a session handle references a loaded session. The handle +// must have previously been checked to make sure that it is a valid handle for +// an authorization session. +// NOTE: A PWAP authorization does not have a session. +// +// Return Type: BOOL +// TRUE(1) session is loaded +// FALSE(0) session is not loaded +// +BOOL +SessionIsLoaded( + TPM_HANDLE handle // IN: session handle + ) +{ + pAssert(HandleGetType(handle) == TPM_HT_POLICY_SESSION + || HandleGetType(handle) == TPM_HT_HMAC_SESSION); + + handle = handle & HR_HANDLE_MASK; + + // if out of range of possible active session, or not assigned to a loaded + // session return false + if(handle >= MAX_ACTIVE_SESSIONS + || gr.contextArray[handle] == 0 + || gr.contextArray[handle] > MAX_LOADED_SESSIONS) + return FALSE; + + return TRUE; +} + +//*** SessionIsSaved() +// This function test a session handle references a saved session. The handle +// must have previously been checked to make sure that it is a valid handle for +// an authorization session. +// NOTE: An password authorization does not have a session. +// +// This function requires that the handle be a valid session handle. +// +// Return Type: BOOL +// TRUE(1) session is saved +// FALSE(0) session is not saved +// +BOOL +SessionIsSaved( + TPM_HANDLE handle // IN: session handle + ) +{ + pAssert(HandleGetType(handle) == TPM_HT_POLICY_SESSION + || HandleGetType(handle) == TPM_HT_HMAC_SESSION); + + handle = handle & HR_HANDLE_MASK; + // if out of range of possible active session, or not assigned, or + // assigned to a loaded session, return false + if(handle >= MAX_ACTIVE_SESSIONS + || gr.contextArray[handle] == 0 + || gr.contextArray[handle] <= MAX_LOADED_SESSIONS + ) + return FALSE; + + return TRUE; +} + +//*** SequenceNumberForSavedContextIsValid() +// This function validates that the sequence number and handle value within a +// saved context are valid. +BOOL +SequenceNumberForSavedContextIsValid( + TPMS_CONTEXT *context // IN: pointer to a context structure to be + // validated + ) +{ +#define MAX_CONTEXT_GAP ((UINT64)((CONTEXT_SLOT) ~0) + 1) + + TPM_HANDLE handle = context->savedHandle & HR_HANDLE_MASK; + + if(// Handle must be with the range of active sessions + handle >= MAX_ACTIVE_SESSIONS + // the array entry must be for a saved context + || gr.contextArray[handle] <= MAX_LOADED_SESSIONS + // the array entry must agree with the sequence number + || gr.contextArray[handle] != (CONTEXT_SLOT)context->sequence + // the provided sequence number has to be less than the current counter + || context->sequence > gr.contextCounter + // but not so much that it could not be a valid sequence number + || gr.contextCounter - context->sequence > MAX_CONTEXT_GAP) + return FALSE; + + return TRUE; +} + +//*** SessionPCRValueIsCurrent() +// +// This function is used to check if PCR values have been updated since the +// last time they were checked in a policy session. +// +// This function requires the session is loaded. +// Return Type: BOOL +// TRUE(1) PCR value is current +// FALSE(0) PCR value is not current +BOOL +SessionPCRValueIsCurrent( + SESSION *session // IN: session structure + ) +{ + if(session->pcrCounter != 0 + && session->pcrCounter != gr.pcrCounter + ) + return FALSE; + else + return TRUE; +} + +//*** SessionGet() +// This function returns a pointer to the session object associated with a +// session handle. +// +// The function requires that the session is loaded. +SESSION * +SessionGet( + TPM_HANDLE handle // IN: session handle + ) +{ + size_t slotIndex; + CONTEXT_SLOT sessionIndex; + + pAssert(HandleGetType(handle) == TPM_HT_POLICY_SESSION + || HandleGetType(handle) == TPM_HT_HMAC_SESSION + ); + + slotIndex = handle & HR_HANDLE_MASK; + + pAssert(slotIndex < MAX_ACTIVE_SESSIONS); + + // get the contents of the session array. Because session is loaded, we + // should always get a valid sessionIndex + sessionIndex = gr.contextArray[slotIndex] - 1; + + pAssert(sessionIndex < MAX_LOADED_SESSIONS); + + return &s_sessions[sessionIndex].session; +} + +//************************************************ +//** Utility Functions +//************************************************ + +//*** ContextIdSessionCreate() +// +// This function is called when a session is created. It will check +// to see if the current gap would prevent a context from being saved. If +// so it will return TPM_RC_CONTEXT_GAP. Otherwise, it will try to find +// an open slot in contextArray, set contextArray to the slot. +// +// This routine requires that the caller has determined the session array +// index for the session. +// +// Return Type: TPM_RC +// TPM_RC_CONTEXT_GAP can't assign a new contextID until the oldest +// saved session context is recycled +// TPM_RC_SESSION_HANDLE there is no slot available in the context array +// for tracking of this session context +static TPM_RC +ContextIdSessionCreate( + TPM_HANDLE *handle, // OUT: receives the assigned handle. This will + // be an index that must be adjusted by the + // caller according to the type of the + // session created + UINT32 sessionIndex // IN: The session context array entry that will + // be occupied by the created session + ) +{ + pAssert(sessionIndex < MAX_LOADED_SESSIONS); + + // check to see if creating the context is safe + // Is this going to be an assignment for the last session context + // array entry? If so, then there will be no room to recycle the + // oldest context if needed. If the gap is not at maximum, then + // it will be possible to save a context if it becomes necessary. + if(s_oldestSavedSession < MAX_ACTIVE_SESSIONS + && s_freeSessionSlots == 1) + { + // See if the gap is at maximum + // The current value of the contextCounter will be assigned to the next + // saved context. If the value to be assigned would make the same as an + // existing context, then we can't use it because of the ambiguity it would + // create. + if((CONTEXT_SLOT)gr.contextCounter + == gr.contextArray[s_oldestSavedSession]) + return TPM_RC_CONTEXT_GAP; + } + + // Find an unoccupied entry in the contextArray + for(*handle = 0; *handle < MAX_ACTIVE_SESSIONS; (*handle)++) + { + if(gr.contextArray[*handle] == 0) + { + // indicate that the session associated with this handle + // references a loaded session + gr.contextArray[*handle] = (CONTEXT_SLOT)(sessionIndex + 1); + return TPM_RC_SUCCESS; + } + } + return TPM_RC_SESSION_HANDLES; +} + +//*** SessionCreate() +// +// This function does the detailed work for starting an authorization session. +// This is done in a support routine rather than in the action code because +// the session management may differ in implementations. This implementation +// uses a fixed memory allocation to hold sessions and a fixed allocation +// to hold the contextID for the saved contexts. +// +// Return Type: TPM_RC +// TPM_RC_CONTEXT_GAP need to recycle sessions +// TPM_RC_SESSION_HANDLE active session space is full +// TPM_RC_SESSION_MEMORY loaded session space is full +TPM_RC +SessionCreate( + TPM_SE sessionType, // IN: the session type + TPMI_ALG_HASH authHash, // IN: the hash algorithm + TPM2B_NONCE *nonceCaller, // IN: initial nonceCaller + TPMT_SYM_DEF *symmetric, // IN: the symmetric algorithm + TPMI_DH_ENTITY bind, // IN: the bind object + TPM2B_DATA *seed, // IN: seed data + TPM_HANDLE *sessionHandle, // OUT: the session handle + TPM2B_NONCE *nonceTpm // OUT: the session nonce + ) +{ + TPM_RC result = TPM_RC_SUCCESS; + CONTEXT_SLOT slotIndex; + SESSION *session = NULL; + + pAssert(sessionType == TPM_SE_HMAC + || sessionType == TPM_SE_POLICY + || sessionType == TPM_SE_TRIAL); + + // If there are no open spots in the session array, then no point in searching + if(s_freeSessionSlots == 0) + return TPM_RC_SESSION_MEMORY; + + // Find a space for loading a session + for(slotIndex = 0; slotIndex < MAX_LOADED_SESSIONS; slotIndex++) + { + // Is this available? + if(s_sessions[slotIndex].occupied == FALSE) + { + session = &s_sessions[slotIndex].session; + break; + } + } + // if no spot found, then this is an internal error + if(slotIndex >= MAX_LOADED_SESSIONS) + FAIL(FATAL_ERROR_INTERNAL); + + // Call context ID function to get a handle. TPM_RC_SESSION_HANDLE may be + // returned from ContextIdHandelAssign() + result = ContextIdSessionCreate(sessionHandle, slotIndex); + if(result != TPM_RC_SUCCESS) + return result; + + //*** Only return from this point on is TPM_RC_SUCCESS + + // Can now indicate that the session array entry is occupied. + s_freeSessionSlots--; + s_sessions[slotIndex].occupied = TRUE; + + // Initialize the session data + MemorySet(session, 0, sizeof(SESSION)); + + // Initialize internal session data + session->authHashAlg = authHash; + // Initialize session type + if(sessionType == TPM_SE_HMAC) + { + *sessionHandle += HMAC_SESSION_FIRST; + } + else + { + *sessionHandle += POLICY_SESSION_FIRST; + + // For TPM_SE_POLICY or TPM_SE_TRIAL + session->attributes.isPolicy = SET; + if(sessionType == TPM_SE_TRIAL) + session->attributes.isTrialPolicy = SET; + + SessionSetStartTime(session); + + // Initialize policyDigest. policyDigest is initialized with a string of 0 + // of session algorithm digest size. Since the session is already clear. + // Just need to set the size + session->u2.policyDigest.t.size = + CryptHashGetDigestSize(session->authHashAlg); + } + // Create initial session nonce + session->nonceTPM.t.size = nonceCaller->t.size; + CryptRandomGenerate(session->nonceTPM.t.size, session->nonceTPM.t.buffer); + MemoryCopy2B(&nonceTpm->b, &session->nonceTPM.b, + sizeof(nonceTpm->t.buffer)); + + // Set up session parameter encryption algorithm + session->symmetric = *symmetric; + + // If there is a bind object or a session secret, then need to compute + // a sessionKey. + if(bind != TPM_RH_NULL || seed->t.size != 0) + { + // sessionKey = KDFa(hash, (authValue || seed), "ATH", nonceTPM, + // nonceCaller, bits) + // The HMAC key for generating the sessionSecret can be the concatenation + // of an authorization value and a seed value + TPM2B_TYPE(KEY, (sizeof(TPMT_HA) + sizeof(seed->t.buffer))); + TPM2B_KEY key; + + // Get hash size, which is also the length of sessionKey + session->sessionKey.t.size = CryptHashGetDigestSize(session->authHashAlg); + + // Get authValue of associated entity + EntityGetAuthValue(bind, (TPM2B_AUTH *)&key); + pAssert(key.t.size + seed->t.size <= sizeof(key.t.buffer)); + + // Concatenate authValue and seed + MemoryConcat2B(&key.b, &seed->b, sizeof(key.t.buffer)); + + // Compute the session key + CryptKDFa(session->authHashAlg, &key.b, SESSION_KEY, &session->nonceTPM.b, + &nonceCaller->b, + session->sessionKey.t.size * 8, session->sessionKey.t.buffer, + NULL, FALSE); + } + + // Copy the name of the entity that the HMAC session is bound to + // Policy session is not bound to an entity + if(bind != TPM_RH_NULL && sessionType == TPM_SE_HMAC) + { + session->attributes.isBound = SET; + SessionComputeBoundEntity(bind, &session->u1.boundEntity); + } + // If there is a bind object and it is subject to DA, then use of this session + // is subject to DA regardless of how it is used. + session->attributes.isDaBound = (bind != TPM_RH_NULL) + && (IsDAExempted(bind) == FALSE); + +// If the session is bound, then check to see if it is bound to lockoutAuth + session->attributes.isLockoutBound = (session->attributes.isDaBound == SET) + && (bind == TPM_RH_LOCKOUT); + return TPM_RC_SUCCESS; +} + +//*** SessionContextSave() +// This function is called when a session context is to be saved. The +// contextID of the saved session is returned. If no contextID can be +// assigned, then the routine returns TPM_RC_CONTEXT_GAP. +// If the function completes normally, the session slot will be freed. +// +// This function requires that 'handle' references a loaded session. +// Otherwise, it should not be called at the first place. +// +// Return Type: TPM_RC +// TPM_RC_CONTEXT_GAP a contextID could not be assigned +// TPM_RC_TOO_MANY_CONTEXTS the counter maxed out +// +TPM_RC +SessionContextSave( + TPM_HANDLE handle, // IN: session handle + CONTEXT_COUNTER *contextID // OUT: assigned contextID + ) +{ + UINT32 contextIndex; + CONTEXT_SLOT slotIndex; + + pAssert(SessionIsLoaded(handle)); + + // check to see if the gap is already maxed out + // Need to have a saved session + if(s_oldestSavedSession < MAX_ACTIVE_SESSIONS + // if the oldest saved session has the same value as the low bits + // of the contextCounter, then the GAP is maxed out. + && gr.contextArray[s_oldestSavedSession] == (CONTEXT_SLOT)gr.contextCounter) + return TPM_RC_CONTEXT_GAP; + + // if the caller wants the context counter, set it + if(contextID != NULL) + *contextID = gr.contextCounter; + + contextIndex = handle & HR_HANDLE_MASK; + pAssert(contextIndex < MAX_ACTIVE_SESSIONS); + + // Extract the session slot number referenced by the contextArray + // because we are going to overwrite this with the low order + // contextID value. + slotIndex = gr.contextArray[contextIndex] - 1; + + // Set the contextID for the contextArray + gr.contextArray[contextIndex] = (CONTEXT_SLOT)gr.contextCounter; + + // Increment the counter + gr.contextCounter++; + + // In the unlikely event that the 64-bit context counter rolls over... + if(gr.contextCounter == 0) + { + // back it up + gr.contextCounter--; + // return an error + return TPM_RC_TOO_MANY_CONTEXTS; + } + // if the low-order bits wrapped, need to advance the value to skip over + // the values used to indicate that a session is loaded + if(((CONTEXT_SLOT)gr.contextCounter) == 0) + gr.contextCounter += MAX_LOADED_SESSIONS + 1; + + // If no other sessions are saved, this is now the oldest. + if(s_oldestSavedSession >= MAX_ACTIVE_SESSIONS) + s_oldestSavedSession = contextIndex; + + // Mark the session slot as unoccupied + s_sessions[slotIndex].occupied = FALSE; + + // and indicate that there is an additional open slot + s_freeSessionSlots++; + + return TPM_RC_SUCCESS; +} + +//*** SessionContextLoad() +// This function is used to load a session from saved context. The session +// handle must be for a saved context. +// +// If the gap is at a maximum, then the only session that can be loaded is +// the oldest session, otherwise TPM_RC_CONTEXT_GAP is returned. +/// +// This function requires that 'handle' references a valid saved session. +// +// Return Type: TPM_RC +// TPM_RC_SESSION_MEMORY no free session slots +// TPM_RC_CONTEXT_GAP the gap count is maximum and this +// is not the oldest saved context +// +TPM_RC +SessionContextLoad( + SESSION_BUF *session, // IN: session structure from saved context + TPM_HANDLE *handle // IN/OUT: session handle + ) +{ + UINT32 contextIndex; + CONTEXT_SLOT slotIndex; + + pAssert(HandleGetType(*handle) == TPM_HT_POLICY_SESSION + || HandleGetType(*handle) == TPM_HT_HMAC_SESSION); + + // Don't bother looking if no openings + if(s_freeSessionSlots == 0) + return TPM_RC_SESSION_MEMORY; + + // Find a free session slot to load the session + for(slotIndex = 0; slotIndex < MAX_LOADED_SESSIONS; slotIndex++) + if(s_sessions[slotIndex].occupied == FALSE) break; + + // if no spot found, then this is an internal error + pAssert(slotIndex < MAX_LOADED_SESSIONS); + + contextIndex = *handle & HR_HANDLE_MASK; // extract the index + + // If there is only one slot left, and the gap is at maximum, the only session + // context that we can safely load is the oldest one. + if(s_oldestSavedSession < MAX_ACTIVE_SESSIONS + && s_freeSessionSlots == 1 + && (CONTEXT_SLOT)gr.contextCounter == gr.contextArray[s_oldestSavedSession] + && contextIndex != s_oldestSavedSession) + return TPM_RC_CONTEXT_GAP; + + pAssert(contextIndex < MAX_ACTIVE_SESSIONS); + + // set the contextArray value to point to the session slot where + // the context is loaded + gr.contextArray[contextIndex] = slotIndex + 1; + + // if this was the oldest context, find the new oldest + if(contextIndex == s_oldestSavedSession) + ContextIdSetOldest(); + + // Copy session data to session slot + MemoryCopy(&s_sessions[slotIndex].session, session, sizeof(SESSION)); + + // Set session slot as occupied + s_sessions[slotIndex].occupied = TRUE; + + // Reduce the number of open spots + s_freeSessionSlots--; + + return TPM_RC_SUCCESS; +} + +//*** SessionFlush() +// This function is used to flush a session referenced by its handle. If the +// session associated with 'handle' is loaded, the session array entry is +// marked as available. +// +// This function requires that 'handle' be a valid active session. +// +void +SessionFlush( + TPM_HANDLE handle // IN: loaded or saved session handle + ) +{ + CONTEXT_SLOT slotIndex; + UINT32 contextIndex; // Index into contextArray + + pAssert((HandleGetType(handle) == TPM_HT_POLICY_SESSION + || HandleGetType(handle) == TPM_HT_HMAC_SESSION + ) + && (SessionIsLoaded(handle) || SessionIsSaved(handle)) + ); + + // Flush context ID of this session + // Convert handle to an index into the contextArray + contextIndex = handle & HR_HANDLE_MASK; + + pAssert(contextIndex < sizeof(gr.contextArray) / sizeof(gr.contextArray[0])); + + // Get the current contents of the array + slotIndex = gr.contextArray[contextIndex]; + + // Mark context array entry as available + gr.contextArray[contextIndex] = 0; + + // Is this a saved session being flushed + if(slotIndex > MAX_LOADED_SESSIONS) + { + // Flushing the oldest session? + if(contextIndex == s_oldestSavedSession) + // If so, find a new value for oldest. + ContextIdSetOldest(); + } + else + { + // Adjust slot index to point to session array index + slotIndex -= 1; + + // Free session array index + s_sessions[slotIndex].occupied = FALSE; + s_freeSessionSlots++; + } + + return; +} + +//*** SessionComputeBoundEntity() +// This function computes the binding value for a session. The binding value +// for a reserved handle is the handle itself. For all the other entities, +// the authValue at the time of binding is included to prevent squatting. +// For those values, the Name and the authValue are concatenated +// into the bind buffer. If they will not both fit, the will be overlapped +// by XORing bytes. If XOR is required, the bind value will be full. +void +SessionComputeBoundEntity( + TPMI_DH_ENTITY entityHandle, // IN: handle of entity + TPM2B_NAME *bind // OUT: binding value + ) +{ + TPM2B_AUTH auth; + BYTE *pAuth = auth.t.buffer; + UINT16 i; + + // Get name + EntityGetName(entityHandle, bind); + +// // The bound value of a reserved handle is the handle itself +// if(bind->t.size == sizeof(TPM_HANDLE)) return; + + // For all the other entities, concatenate the authorization value to the name. + // Get a local copy of the authorization value because some overlapping + // may be necessary. + EntityGetAuthValue(entityHandle, &auth); + + // Make sure that the extra space is zeroed + MemorySet(&bind->t.name[bind->t.size], 0, sizeof(bind->t.name) - bind->t.size); + // XOR the authValue at the end of the name + for(i = sizeof(bind->t.name) - auth.t.size; i < sizeof(bind->t.name); i++) + bind->t.name[i] ^= *pAuth++; + + // Set the bind value to the maximum size + bind->t.size = sizeof(bind->t.name); + + return; +} + + +//*** SessionSetStartTime() +// This function is used to initialize the session timing +void +SessionSetStartTime( + SESSION *session // IN: the session to update + ) +{ + session->startTime = g_time; + session->epoch = g_timeEpoch; + session->timeout = 0; +} + +//*** SessionResetPolicyData() +// This function is used to reset the policy data without changing the nonce +// or the start time of the session. +void +SessionResetPolicyData( + SESSION *session // IN: the session to reset + ) +{ + SESSION_ATTRIBUTES oldAttributes; + pAssert(session != NULL); + + // Will need later + oldAttributes = session->attributes; + + // No command + session->commandCode = 0; + + // No locality selected + MemorySet(&session->commandLocality, 0, sizeof(session->commandLocality)); + + // The cpHash size to zero + session->u1.cpHash.b.size = 0; + + // No timeout + session->timeout = 0; + + // Reset the pcrCounter + session->pcrCounter = 0; + + // Reset the policy hash + MemorySet(&session->u2.policyDigest.t.buffer, 0, + session->u2.policyDigest.t.size); + + // Reset the session attributes + MemorySet(&session->attributes, 0, sizeof(SESSION_ATTRIBUTES)); + + // Restore the policy attributes + session->attributes.isPolicy = SET; + session->attributes.isTrialPolicy = oldAttributes.isTrialPolicy; + + // Restore the bind attributes + session->attributes.isDaBound = oldAttributes.isDaBound; + session->attributes.isLockoutBound = oldAttributes.isLockoutBound; +} + +//*** SessionCapGetLoaded() +// This function returns a list of handles of loaded session, started +// from input 'handle' +// +// 'Handle' must be in valid loaded session handle range, but does not +// have to point to a loaded session. +// Return Type: TPMI_YES_NO +// YES if there are more handles available +// NO all the available handles has been returned +TPMI_YES_NO +SessionCapGetLoaded( + TPMI_SH_POLICY handle, // IN: start handle + UINT32 count, // IN: count of returned handles + TPML_HANDLE *handleList // OUT: list of handle + ) +{ + TPMI_YES_NO more = NO; + UINT32 i; + + pAssert(HandleGetType(handle) == TPM_HT_LOADED_SESSION); + + // Initialize output handle list + handleList->count = 0; + + // The maximum count of handles we may return is MAX_CAP_HANDLES + if(count > MAX_CAP_HANDLES) count = MAX_CAP_HANDLES; + + // Iterate session context ID slots to get loaded session handles + for(i = handle & HR_HANDLE_MASK; i < MAX_ACTIVE_SESSIONS; i++) + { + // If session is active + if(gr.contextArray[i] != 0) + { + // If session is loaded + if(gr.contextArray[i] <= MAX_LOADED_SESSIONS) + { + if(handleList->count < count) + { + SESSION *session; + + // If we have not filled up the return list, add this + // session handle to it + // assume that this is going to be an HMAC session + handle = i + HMAC_SESSION_FIRST; + session = SessionGet(handle); + if(session->attributes.isPolicy) + handle = i + POLICY_SESSION_FIRST; + handleList->handle[handleList->count] = handle; + handleList->count++; + } + else + { + // If the return list is full but we still have loaded object + // available, report this and stop iterating + more = YES; + break; + } + } + } + } + + return more; +} + +//*** SessionCapGetSaved() +// This function returns a list of handles for saved session, starting at +// 'handle'. +// +// 'Handle' must be in a valid handle range, but does not have to point to a +// saved session +// +// Return Type: TPMI_YES_NO +// YES if there are more handles available +// NO all the available handles has been returned +TPMI_YES_NO +SessionCapGetSaved( + TPMI_SH_HMAC handle, // IN: start handle + UINT32 count, // IN: count of returned handles + TPML_HANDLE *handleList // OUT: list of handle + ) +{ + TPMI_YES_NO more = NO; + UINT32 i; + +#ifdef TPM_HT_SAVED_SESSION + pAssert(HandleGetType(handle) == TPM_HT_SAVED_SESSION); +#else + pAssert(HandleGetType(handle) == TPM_HT_ACTIVE_SESSION); +#endif + + // Initialize output handle list + handleList->count = 0; + + // The maximum count of handles we may return is MAX_CAP_HANDLES + if(count > MAX_CAP_HANDLES) count = MAX_CAP_HANDLES; + + // Iterate session context ID slots to get loaded session handles + for(i = handle & HR_HANDLE_MASK; i < MAX_ACTIVE_SESSIONS; i++) + { + // If session is active + if(gr.contextArray[i] != 0) + { + // If session is saved + if(gr.contextArray[i] > MAX_LOADED_SESSIONS) + { + if(handleList->count < count) + { + // If we have not filled up the return list, add this + // session handle to it + handleList->handle[handleList->count] = i + HMAC_SESSION_FIRST; + handleList->count++; + } + else + { + // If the return list is full but we still have loaded object + // available, report this and stop iterating + more = YES; + break; + } + } + } + } + + return more; +} + +//*** SessionCapGetLoadedNumber() +// This function return the number of authorization sessions currently +// loaded into TPM RAM. +UINT32 +SessionCapGetLoadedNumber( + void + ) +{ + return MAX_LOADED_SESSIONS - s_freeSessionSlots; +} + +//*** SessionCapGetLoadedAvail() +// This function returns the number of additional authorization sessions, of +// any type, that could be loaded into TPM RAM. +// NOTE: In other implementations, this number may just be an estimate. The only +// requirement for the estimate is, if it is one or more, then at least one +// session must be loadable. +UINT32 +SessionCapGetLoadedAvail( + void + ) +{ + return s_freeSessionSlots; +} + +//*** SessionCapGetActiveNumber() +// This function returns the number of active authorization sessions currently +// being tracked by the TPM. +UINT32 +SessionCapGetActiveNumber( + void + ) +{ + UINT32 i; + UINT32 num = 0; + + // Iterate the context array to find the number of non-zero slots + for(i = 0; i < MAX_ACTIVE_SESSIONS; i++) + { + if(gr.contextArray[i] != 0) num++; + } + + return num; +} + +//*** SessionCapGetActiveAvail() +// This function returns the number of additional authorization sessions, of any +// type, that could be created. This not the number of slots for sessions, but +// the number of additional sessions that the TPM is capable of tracking. +UINT32 +SessionCapGetActiveAvail( + void + ) +{ + UINT32 i; + UINT32 num = 0; + + // Iterate the context array to find the number of zero slots + for(i = 0; i < MAX_ACTIVE_SESSIONS; i++) + { + if(gr.contextArray[i] == 0) num++; + } + + return num; +} \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/Time.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/Time.c new file mode 100644 index 000000000..41d50076e --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/Time.c @@ -0,0 +1,276 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +//** Introduction +// This file contains the functions relating to the TPM's time functions including +// the interface to the implementation-specific time functions. +// +//** Includes +#include "Tpm.h" +#include "PlatformData.h" + +//** Functions + +//*** TimePowerOn() +// This function initialize time info at _TPM_Init(). +// +// This function is called at _TPM_Init() so that the TPM time can start counting +// as soon as the TPM comes out of reset and doesn't have to wait until +// TPM2_Startup() in order to begin the new time epoch. This could be significant +// for systems that could get powered up but not run any TPM commands for some +// period of time. +// +void +TimePowerOn( + void + ) +{ + g_time = _plat__TimerRead(); +} + +//*** TimeNewEpoch() +// This function does the processing to generate a new time epoch nonce and +// set NV for update. This function is only called when NV is known to be available +// and the clock is running. The epoch is updated to persistent data. +static void +TimeNewEpoch( + void + ) +{ +#if CLOCK_STOPS + CryptRandomGenerate(sizeof(CLOCK_NONCE), (BYTE *)&g_timeEpoch); +#else + // if the epoch is kept in NV, update it. + gp.timeEpoch++; + NV_SYNC_PERSISTENT(timeEpoch); +#endif + // Clean out any lingering state + _plat__TimerWasStopped(); +} + +//*** TimeStartup() +// This function updates the resetCount and restartCount components of +// TPMS_CLOCK_INFO structure at TPM2_Startup(). +// +// This function will deal with the deferred creation of a new epoch. +// TimeUpdateToCurrent() will not start a new epoch even if one is due when +// TPM_Startup() has not been run. This is because the state of NV is not known +// until startup completes. When Startup is done, then it will create the epoch +// nonce to complete the initializations by calling this function. +BOOL +TimeStartup( + STARTUP_TYPE type // IN: start up type + ) +{ + NOT_REFERENCED(type); + // If the previous cycle is orderly shut down, the value of the safe bit + // the same as previously saved. Otherwise, it is not safe. + if(!NV_IS_ORDERLY) + go.clockSafe = NO; + return TRUE; +} + +//*** TimeClockUpdate() +// This function updates go.clock. If 'newTime' requires an update of NV, then +// NV is checked for availability. If it is not available or is rate limiting, then +// go.clock is not updated and the function returns an error. If 'newTime' would +// not cause an NV write, then go.clock is updated. If an NV write occurs, then +// go.safe is SET. +void +TimeClockUpdate( + UINT64 newTime // IN: New time value in mS. + ) +{ +#define CLOCK_UPDATE_MASK ((1ULL << NV_CLOCK_UPDATE_INTERVAL)- 1) + + // Check to see if the update will cause a need for an nvClock update + if((newTime | CLOCK_UPDATE_MASK) > (go.clock | CLOCK_UPDATE_MASK)) + { + pAssert(g_NvStatus == TPM_RC_SUCCESS); + + // Going to update the NV time state so SET the safe flag + go.clockSafe = YES; + + // update the time + go.clock = newTime; + + NvWrite(NV_ORDERLY_DATA, sizeof(go), &go); + } + else + // No NV update needed so just update + go.clock = newTime; + +} + +//*** TimeUpdate() +// This function is used to update the time and clock values. If the TPM +// has run TPM2_Startup(), this function is called at the start of each command. +// If the TPM has not run TPM2_Startup(), this is called from TPM2_Startup() to +// get the clock values initialized. It is not called on command entry because, in +// this implementation, the go structure is not read from NV until TPM2_Startup(). +// The reason for this is that the initialization code (_TPM_Init()) may run before +// NV is accessible. +void +TimeUpdate( + void + ) +{ + UINT64 elapsed; +// + // Make sure that we consume the current _plat__TimerWasStopped() state. + if(_plat__TimerWasStopped()) + { + TimeNewEpoch(); + } + // Get the difference between this call and the last time we updated the tick + // timer. + elapsed = _plat__TimerRead() - g_time; + // Don't read + + g_time += elapsed; + + // Don't need to check the result because it has to be success because have + // already checked that NV is available. + TimeClockUpdate(go.clock + elapsed); + + // Call self healing logic for dictionary attack parameters + DASelfHeal(); +} + +//*** TimeUpdateToCurrent() +// This function updates the 'Time' and 'Clock' in the global +// TPMS_TIME_INFO structure. +// +// In this implementation, 'Time' and 'Clock' are updated at the beginning +// of each command and the values are unchanged for the duration of the +// command. +// +// Because 'Clock' updates may require a write to NV memory, 'Time' and 'Clock' +// are not allowed to advance if NV is not available. When clock is not advancing, +// any function that uses 'Clock' will fail and return TPM_RC_NV_UNAVAILABLE or +// TPM_RC_NV_RATE. +// +// This implementation does not do rate limiting. If the implementation does do +// rate limiting, then the 'Clock' update should not be inhibited even when doing +// rate limiting. +void +TimeUpdateToCurrent( + void +) +{ + // Can't update time during the dark interval or when rate limiting so don't + // make any modifications to the internal clock value. Also, defer any clock + // processing until TPM has run TPM2_Startup() + if(!NV_IS_AVAILABLE || !TPMIsStarted()) + return; + + TimeUpdate(); +} + + +//*** TimeSetAdjustRate() +// This function is used to perform rate adjustment on 'Time' and 'Clock'. +void +TimeSetAdjustRate( + TPM_CLOCK_ADJUST adjust // IN: adjust constant + ) +{ + switch(adjust) + { + case TPM_CLOCK_COARSE_SLOWER: + _plat__ClockAdjustRate(CLOCK_ADJUST_COARSE); + break; + case TPM_CLOCK_COARSE_FASTER: + _plat__ClockAdjustRate(-CLOCK_ADJUST_COARSE); + break; + case TPM_CLOCK_MEDIUM_SLOWER: + _plat__ClockAdjustRate(CLOCK_ADJUST_MEDIUM); + break; + case TPM_CLOCK_MEDIUM_FASTER: + _plat__ClockAdjustRate(-CLOCK_ADJUST_MEDIUM); + break; + case TPM_CLOCK_FINE_SLOWER: + _plat__ClockAdjustRate(CLOCK_ADJUST_FINE); + break; + case TPM_CLOCK_FINE_FASTER: + _plat__ClockAdjustRate(-CLOCK_ADJUST_FINE); + break; + case TPM_CLOCK_NO_CHANGE: + break; + default: + FAIL(FATAL_ERROR_INTERNAL); + break; + } + + return; +} + +//*** TimeGetMarshaled() +// This function is used to access TPMS_TIME_INFO in canonical form. +// The function collects the time information and marshals it into 'dataBuffer' +// and returns the marshaled size +UINT16 +TimeGetMarshaled( + TIME_INFO *dataBuffer // OUT: result buffer + ) +{ + TPMS_TIME_INFO timeInfo; + + // Fill TPMS_TIME_INFO structure + timeInfo.time = g_time; + TimeFillInfo(&timeInfo.clockInfo); + + // Marshal TPMS_TIME_INFO to canonical form + return TPMS_TIME_INFO_Marshal(&timeInfo, (BYTE **)&dataBuffer, NULL); +} + +//*** TimeFillInfo +// This function gathers information to fill in a TPMS_CLOCK_INFO structure. +void +TimeFillInfo( + TPMS_CLOCK_INFO *clockInfo + ) +{ + clockInfo->clock = go.clock; + clockInfo->resetCount = gp.resetCount; + clockInfo->restartCount = gr.restartCount; + + // If NV is not available, clock stopped advancing and the value reported is + // not "safe". + if(NV_IS_AVAILABLE) + clockInfo->safe = go.clockSafe; + else + clockInfo->safe = NO; + + return; +} \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/AlgorithmCap.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/AlgorithmCap.c new file mode 100644 index 000000000..f46648abe --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/AlgorithmCap.c @@ -0,0 +1,234 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +//** Description +// This file contains the algorithm property definitions for the algorithms and the +// code for the TPM2_GetCapability() to return the algorithm properties. + +//** Includes and Defines + +#include "Tpm.h" + +typedef struct +{ + TPM_ALG_ID algID; + TPMA_ALGORITHM attributes; +} ALGORITHM; + +static const ALGORITHM s_algorithms[] = +{ +// The entries in this table need to be in ascending order but the table doesn't +// need to be full (gaps are allowed). One day, a tool might exist to fill in the +// table from the TPM_ALG description +#if ALG_RSA + {TPM_ALG_RSA, TPMA_ALGORITHM_INITIALIZER(1, 0, 0, 1, 0, 0, 0, 0, 0)}, +#endif +#if ALG_TDES + {TPM_ALG_TDES, TPMA_ALGORITHM_INITIALIZER(0, 1, 0, 0, 0, 0, 0, 0, 0)}, +#endif +#if ALG_SHA1 + {TPM_ALG_SHA1, TPMA_ALGORITHM_INITIALIZER(0, 0, 1, 0, 0, 0, 0, 0, 0)}, +#endif + + {TPM_ALG_HMAC, TPMA_ALGORITHM_INITIALIZER(0, 0, 1, 0, 0, 1, 0, 0, 0)}, + +#if ALG_AES + {TPM_ALG_AES, TPMA_ALGORITHM_INITIALIZER(0, 1, 0, 0, 0, 0, 0, 0, 0)}, +#endif +#if ALG_MGF1 + {TPM_ALG_MGF1, TPMA_ALGORITHM_INITIALIZER(0, 0, 1, 0, 0, 0, 0, 1, 0)}, +#endif + + {TPM_ALG_KEYEDHASH, TPMA_ALGORITHM_INITIALIZER(0, 0, 1, 1, 0, 1, 1, 0, 0)}, + +#if ALG_XOR + {TPM_ALG_XOR, TPMA_ALGORITHM_INITIALIZER(0, 1, 1, 0, 0, 0, 0, 0, 0)}, +#endif + +#if ALG_SHA256 + {TPM_ALG_SHA256, TPMA_ALGORITHM_INITIALIZER(0, 0, 1, 0, 0, 0, 0, 0, 0)}, +#endif +#if ALG_SHA384 + {TPM_ALG_SHA384, TPMA_ALGORITHM_INITIALIZER(0, 0, 1, 0, 0, 0, 0, 0, 0)}, +#endif +#if ALG_SHA512 + {TPM_ALG_SHA512, TPMA_ALGORITHM_INITIALIZER(0, 0, 1, 0, 0, 0, 0, 0, 0)}, +#endif +#if ALG_SM3_256 + {TPM_ALG_SM3_256, TPMA_ALGORITHM_INITIALIZER(0, 0, 1, 0, 0, 0, 0, 0, 0)}, +#endif +#if ALG_SM4 + {TPM_ALG_SM4, TPMA_ALGORITHM_INITIALIZER(0, 1, 0, 0, 0, 0, 0, 0, 0)}, +#endif +#if ALG_RSASSA + {TPM_ALG_RSASSA, TPMA_ALGORITHM_INITIALIZER(1, 0, 0, 0, 0, 1, 0, 0, 0)}, +#endif +#if ALG_RSAES + {TPM_ALG_RSAES, TPMA_ALGORITHM_INITIALIZER(1, 0, 0, 0, 0, 0, 1, 0, 0)}, +#endif +#if ALG_RSAPSS + {TPM_ALG_RSAPSS, TPMA_ALGORITHM_INITIALIZER(1, 0, 0, 0, 0, 1, 0, 0, 0)}, +#endif +#if ALG_OAEP + {TPM_ALG_OAEP, TPMA_ALGORITHM_INITIALIZER(1, 0, 0, 0, 0, 0, 1, 0, 0)}, +#endif +#if ALG_ECDSA + {TPM_ALG_ECDSA, TPMA_ALGORITHM_INITIALIZER(1, 0, 0, 0, 0, 1, 0, 1, 0)}, +#endif +#if ALG_ECDH + {TPM_ALG_ECDH, TPMA_ALGORITHM_INITIALIZER(1, 0, 0, 0, 0, 0, 0, 1, 0)}, +#endif +#if ALG_ECDAA + {TPM_ALG_ECDAA, TPMA_ALGORITHM_INITIALIZER(1, 0, 0, 0, 0, 1, 0, 0, 0)}, +#endif +#if ALG_SM2 + {TPM_ALG_SM2, TPMA_ALGORITHM_INITIALIZER(1, 0, 0, 0, 0, 1, 0, 1, 0)}, +#endif +#if ALG_ECSCHNORR + {TPM_ALG_ECSCHNORR, TPMA_ALGORITHM_INITIALIZER(1, 0, 0, 0, 0, 1, 0, 0, 0)}, +#endif +#if ALG_ECMQV + {TPM_ALG_ECMQV, TPMA_ALGORITHM_INITIALIZER(1, 0, 0, 0, 0, 0, 0, 1, 0)}, +#endif +#if ALG_KDF1_SP800_56A + {TPM_ALG_KDF1_SP800_56A, TPMA_ALGORITHM_INITIALIZER(0, 0, 1, 0, 0, 0, 0, 1, 0)}, +#endif +#if ALG_KDF2 + {TPM_ALG_KDF2, TPMA_ALGORITHM_INITIALIZER(0, 0, 1, 0, 0, 0, 0, 1, 0)}, +#endif +#if ALG_KDF1_SP800_108 + {TPM_ALG_KDF1_SP800_108, TPMA_ALGORITHM_INITIALIZER(0, 0, 1, 0, 0, 0, 0, 1, 0)}, +#endif +#if ALG_ECC + {TPM_ALG_ECC, TPMA_ALGORITHM_INITIALIZER(1, 0, 0, 1, 0, 0, 0, 0, 0)}, +#endif + + {TPM_ALG_SYMCIPHER, TPMA_ALGORITHM_INITIALIZER(0, 0, 0, 1, 0, 0, 0, 0, 0)}, + +#if ALG_CAMELLIA + {TPM_ALG_CAMELLIA, TPMA_ALGORITHM_INITIALIZER(0, 1, 0, 0, 0, 0, 0, 0, 0)}, +#endif +#if ALG_CMAC + {TPM_ALG_CMAC, TPMA_ALGORITHM_INITIALIZER(0, 1, 0, 0, 0, 1, 0, 0, 0)}, +#endif +#if ALG_CTR + {TPM_ALG_CTR, TPMA_ALGORITHM_INITIALIZER(0, 1, 0, 0, 0, 0, 1, 0, 0)}, +#endif +#if ALG_OFB + {TPM_ALG_OFB, TPMA_ALGORITHM_INITIALIZER(0, 1, 0, 0, 0, 0, 1, 0, 0)}, +#endif +#if ALG_CBC + {TPM_ALG_CBC, TPMA_ALGORITHM_INITIALIZER(0, 1, 0, 0, 0, 0, 1, 0, 0)}, +#endif +#if ALG_CFB + {TPM_ALG_CFB, TPMA_ALGORITHM_INITIALIZER(0, 1, 0, 0, 0, 0, 1, 0, 0)}, +#endif +#if ALG_ECB + {TPM_ALG_ECB, TPMA_ALGORITHM_INITIALIZER(0, 1, 0, 0, 0, 0, 1, 0, 0)}, +#endif +}; + +//** AlgorithmCapGetImplemented() +// This function is used by TPM2_GetCapability() to return a list of the +// implemented algorithms. +// Return Type: TPMI_YES_NO +// YES more algorithms to report +// NO no more algorithms to report +TPMI_YES_NO +AlgorithmCapGetImplemented( + TPM_ALG_ID algID, // IN: the starting algorithm ID + UINT32 count, // IN: count of returned algorithms + TPML_ALG_PROPERTY *algList // OUT: algorithm list + ) +{ + TPMI_YES_NO more = NO; + UINT32 i; + UINT32 algNum; + + // initialize output algorithm list + algList->count = 0; + + // The maximum count of algorithms we may return is MAX_CAP_ALGS. + if(count > MAX_CAP_ALGS) + count = MAX_CAP_ALGS; + + // Compute how many algorithms are defined in s_algorithms array. + algNum = sizeof(s_algorithms) / sizeof(s_algorithms[0]); + + // Scan the implemented algorithm list to see if there is a match to 'algID'. + for(i = 0; i < algNum; i++) + { + // If algID is less than the starting algorithm ID, skip it + if(s_algorithms[i].algID < algID) + continue; + if(algList->count < count) + { + // If we have not filled up the return list, add more algorithms + // to it + algList->algProperties[algList->count].alg = s_algorithms[i].algID; + algList->algProperties[algList->count].algProperties = + s_algorithms[i].attributes; + algList->count++; + } + else + { + // If the return list is full but we still have algorithms + // available, report this and stop scanning. + more = YES; + break; + } + } + + return more; +} + +//** AlgorithmGetImplementedVector() +// This function returns the bit vector of the implemented algorithms. +LIB_EXPORT +void +AlgorithmGetImplementedVector( + ALGORITHM_VECTOR *implemented // OUT: the implemented bits are SET + ) +{ + int index; + + // Nothing implemented until we say it is + MemorySet(implemented, 0, sizeof(ALGORITHM_VECTOR)); + + for(index = (sizeof(s_algorithms) / sizeof(s_algorithms[0])) - 1; + index >= 0; + index--) + SET_BIT(s_algorithms[index].algID, *implemented); + return; +} \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Bits.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Bits.c new file mode 100644 index 000000000..4670cc524 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Bits.c @@ -0,0 +1,92 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +//** Introduction +// This file contains bit manipulation routines. They operate on bit arrays. +// +// The 0th bit in the array is the right-most bit in the 0th octet in +// the array. +// +// NOTE: If pAssert() is defined, the functions will assert if the indicated bit +// number is outside of the range of 'bArray'. How the assert is handled is +// implementation dependent. + +//** Includes + +#include "Tpm.h" + +//** Functions + +//*** TestBit() +// This function is used to check the setting of a bit in an array of bits. +// Return Type: BOOL +// TRUE(1) bit is set +// FALSE(0) bit is not set +BOOL +TestBit( + unsigned int bitNum, // IN: number of the bit in 'bArray' + BYTE *bArray, // IN: array containing the bits + unsigned int bytesInArray // IN: size in bytes of 'bArray' + ) +{ + pAssert(bytesInArray > (bitNum >> 3)); + return((bArray[bitNum >> 3] & (1 << (bitNum & 7))) != 0); +} + +//*** SetBit() +// This function will set the indicated bit in 'bArray'. +void +SetBit( + unsigned int bitNum, // IN: number of the bit in 'bArray' + BYTE *bArray, // IN: array containing the bits + unsigned int bytesInArray // IN: size in bytes of 'bArray' + ) +{ + pAssert(bytesInArray > (bitNum >> 3)); + bArray[bitNum >> 3] |= (1 << (bitNum & 7)); +} + +//*** ClearBit() +// This function will clear the indicated bit in 'bArray'. +void +ClearBit( + unsigned int bitNum, // IN: number of the bit in 'bArray'. + BYTE *bArray, // IN: array containing the bits + unsigned int bytesInArray // IN: size in bytes of 'bArray' + ) +{ + pAssert(bytesInArray > (bitNum >> 3)); + bArray[bitNum >> 3] &= ~(1 << (bitNum & 7)); +} + diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/CommandCodeAttributes.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/CommandCodeAttributes.c new file mode 100644 index 000000000..81284428a --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/CommandCodeAttributes.c @@ -0,0 +1,553 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +//** Introduction +// This file contains the functions for testing various command properties. + +//** Includes and Defines + +#include "Tpm.h" +#include "CommandCodeAttributes_fp.h" + +// Set the default value for CC_VEND if not already set +#ifndef CC_VEND +#define CC_VEND (TPM_CC)(0x20000000) +#endif + +typedef UINT16 ATTRIBUTE_TYPE; + +// The following file is produced from the command tables in part 3 of the +// specification. It defines the attributes for each of the commands. +// NOTE: This file is currently produced by an automated process. Files +// produced from Part 2 or Part 3 tables through automated processes are not +// included in the specification so that their is no ambiguity about the +// table containing the information being the normative definition. +#define _COMMAND_CODE_ATTRIBUTES_ +#include "CommandAttributeData.h" + +//** Command Attribute Functions + +//*** NextImplementedIndex() +// This function is used when the lists are not compressed. In a compressed list, +// only the implemented commands are present. So, a search might find a value +// but that value may not be implemented. This function checks to see if the input +// commandIndex points to an implemented command and, if not, it searches upwards +// until it finds one. When the list is compressed, this function gets defined +// as a no-op. +// Return Type: COMMAND_INDEX +// UNIMPLEMENTED_COMMAND_INDEX command is not implemented +// other index of the command +#if !COMPRESSED_LISTS +static COMMAND_INDEX +NextImplementedIndex( + COMMAND_INDEX commandIndex + ) +{ + for(;commandIndex < COMMAND_COUNT; commandIndex++) + { + if(s_commandAttributes[commandIndex] & IS_IMPLEMENTED) + return commandIndex; + } + return UNIMPLEMENTED_COMMAND_INDEX; +} +#else +#define NextImplementedIndex(x) (x) +#endif + +//*** GetClosestCommandIndex() +// This function returns the command index for the command with a value that is +// equal to or greater than the input value +// Return Type: COMMAND_INDEX +// UNIMPLEMENTED_COMMAND_INDEX command is not implemented +// other index of a command +COMMAND_INDEX +GetClosestCommandIndex( + TPM_CC commandCode // IN: the command code to start at + ) +{ + BOOL vendor = (commandCode & CC_VEND) != 0; + COMMAND_INDEX searchIndex = (COMMAND_INDEX)commandCode; + + // The commandCode is a UINT32 and the search index is UINT16. We are going to + // search for a match but need to make sure that the commandCode value is not + // out of range. To do this, need to clear the vendor bit of the commandCode + // (if set) and compare the result to the 16-bit searchIndex value. If it is + // out of range, indicate that the command is not implemented + if((commandCode & ~CC_VEND) != searchIndex) + return UNIMPLEMENTED_COMMAND_INDEX; + + // if there is at least one vendor command, the last entry in the array will + // have the v bit set. If the input commandCode is larger than the last + // vendor-command, then it is out of range. + if(vendor) + { +#if VENDOR_COMMAND_ARRAY_SIZE > 0 + COMMAND_INDEX commandIndex; + COMMAND_INDEX min; + COMMAND_INDEX max; + int diff; +#if LIBRARY_COMMAND_ARRAY_SIZE == COMMAND_COUNT +#error "Constants are not consistent." +#endif + // Check to see if the value is equal to or below the minimum + // entry. + // Note: Put this check first so that the typical case of only one vendor- + // specific command doesn't waste any more time. + if(GET_ATTRIBUTE(s_ccAttr[LIBRARY_COMMAND_ARRAY_SIZE], TPMA_CC, + commandIndex) >= searchIndex) + { + // the vendor array is always assumed to be packed so there is + // no need to check to see if the command is implemented + return LIBRARY_COMMAND_ARRAY_SIZE; + } + // See if this is out of range on the top + if(GET_ATTRIBUTE(s_ccAttr[COMMAND_COUNT - 1], TPMA_CC, commandIndex) + < searchIndex) + { + return UNIMPLEMENTED_COMMAND_INDEX; + } + commandIndex = UNIMPLEMENTED_COMMAND_INDEX; // Needs initialization to keep + // compiler happy + min = LIBRARY_COMMAND_ARRAY_SIZE; // first vendor command + max = COMMAND_COUNT - 1; // last vendor command + diff = 1; // needs initialization to keep + // compiler happy + while(min <= max) + { + commandIndex = (min + max + 1) / 2; + diff = GET_ATTRIBUTE(s_ccAttr[commandIndex], TPMA_CC, commandIndex) + - searchIndex; + if(diff == 0) + return commandIndex; + if(diff > 0) + max = commandIndex - 1; + else + min = commandIndex + 1; + } + // didn't find and exact match. commandIndex will be pointing at the last + // item tested. If 'diff' is positive, then the last item tested was + // larger index of the command code so it is the smallest value + // larger than the requested value. + if(diff > 0) + return commandIndex; + // if 'diff' is negative, then the value tested was smaller than + // the commandCode index and the next higher value is the correct one. + // Note: this will necessarily be in range because of the earlier check + // that the index was within range. + return commandIndex + 1; +#else + // If there are no vendor commands so anything with the vendor bit set is out + // of range + return UNIMPLEMENTED_COMMAND_INDEX; +#endif + } + // Get here if the V-Bit was not set in 'commandCode' + + if(GET_ATTRIBUTE(s_ccAttr[LIBRARY_COMMAND_ARRAY_SIZE - 1], TPMA_CC, + commandIndex) < searchIndex) + { + // requested index is out of the range to the top +#if VENDOR_COMMAND_ARRAY_SIZE > 0 + // If there are vendor commands, then the first vendor command + // is the next value greater than the commandCode. + // NOTE: we got here if the starting index did not have the V bit but we + // reached the end of the array of library commands (non-vendor). Since + // there is at least one vendor command, and vendor commands are always + // in a compressed list that starts after the library list, the next + // index value contains a valid vendor command. + return LIBRARY_COMMAND_ARRAY_SIZE; +#else + // if there are no vendor commands, then this is out of range + return UNIMPLEMENTED_COMMAND_INDEX; +#endif + } + // If the request is lower than any value in the array, then return + // the lowest value (needs to be an index for an implemented command + if(GET_ATTRIBUTE(s_ccAttr[0], TPMA_CC, commandIndex) >= searchIndex) + { + return NextImplementedIndex(0); + } + else + { +#if COMPRESSED_LISTS + COMMAND_INDEX commandIndex = UNIMPLEMENTED_COMMAND_INDEX; + COMMAND_INDEX min = 0; + COMMAND_INDEX max = LIBRARY_COMMAND_ARRAY_SIZE - 1; + int diff = 1; +#if LIBRARY_COMMAND_ARRAY_SIZE == 0 +#error "Something is terribly wrong" +#endif + // The s_ccAttr array contains an extra entry at the end (a zero value). + // Don't count this as an array entry. This means that max should start + // out pointing to the last valid entry in the array which is - 2 + pAssert(max == (sizeof(s_ccAttr) / sizeof(TPMA_CC) + - VENDOR_COMMAND_ARRAY_SIZE - 2)); + while(min <= max) + { + commandIndex = (min + max + 1) / 2; + diff = GET_ATTRIBUTE(s_ccAttr[commandIndex], TPMA_CC, + commandIndex) - searchIndex; + if(diff == 0) + return commandIndex; + if(diff > 0) + max = commandIndex - 1; + else + min = commandIndex + 1; + } + // didn't find and exact match. commandIndex will be pointing at the + // last item tested. If diff is positive, then the last item tested was + // larger index of the command code so it is the smallest value + // larger than the requested value. + if(diff > 0) + return commandIndex; + // if diff is negative, then the value tested was smaller than + // the commandCode index and the next higher value is the correct one. + // Note: this will necessarily be in range because of the earlier check + // that the index was within range. + return commandIndex + 1; +#else + // The list is not compressed so offset into the array by the command + // code value of the first entry in the list. Then go find the first + // implemented command. + return NextImplementedIndex(searchIndex + - (COMMAND_INDEX)s_ccAttr[0].commandIndex); +#endif + } +} + +//*** CommandCodeToComandIndex() +// This function returns the index in the various attributes arrays of the +// command. +// Return Type: COMMAND_INDEX +// UNIMPLEMENTED_COMMAND_INDEX command is not implemented +// other index of the command +COMMAND_INDEX +CommandCodeToCommandIndex( + TPM_CC commandCode // IN: the command code to look up + ) +{ + // Extract the low 16-bits of the command code to get the starting search index + COMMAND_INDEX searchIndex = (COMMAND_INDEX)commandCode; + BOOL vendor = (commandCode & CC_VEND) != 0; + COMMAND_INDEX commandIndex; +#if !COMPRESSED_LISTS + if(!vendor) + { + commandIndex = searchIndex - (COMMAND_INDEX)s_ccAttr[0].commandIndex; + // Check for out of range or unimplemented. + // Note, since a COMMAND_INDEX is unsigned, if searchIndex is smaller than + // the lowest value of command, it will become a 'negative' number making + // it look like a large unsigned number, this will cause it to fail + // the unsigned check below. + if(commandIndex >= LIBRARY_COMMAND_ARRAY_SIZE + || (s_commandAttributes[commandIndex] & IS_IMPLEMENTED) == 0) + return UNIMPLEMENTED_COMMAND_INDEX; + return commandIndex; + } +#endif + // Need this code for any vendor code lookup or for compressed lists + commandIndex = GetClosestCommandIndex(commandCode); + + // Look at the returned value from get closest. If it isn't the one that was + // requested, then the command is not implemented. + if(commandIndex != UNIMPLEMENTED_COMMAND_INDEX) + { + if((GET_ATTRIBUTE(s_ccAttr[commandIndex], TPMA_CC, commandIndex) + != searchIndex) + || (IS_ATTRIBUTE(s_ccAttr[commandIndex], TPMA_CC, V)) != vendor) + commandIndex = UNIMPLEMENTED_COMMAND_INDEX; + } + return commandIndex; +} + +//*** GetNextCommandIndex() +// This function returns the index of the next implemented command. +// Return Type: COMMAND_INDEX +// UNIMPLEMENTED_COMMAND_INDEX no more implemented commands +// other the index of the next implemented command +COMMAND_INDEX +GetNextCommandIndex( + COMMAND_INDEX commandIndex // IN: the starting index + ) +{ + while(++commandIndex < COMMAND_COUNT) + { +#if !COMPRESSED_LISTS + if(s_commandAttributes[commandIndex] & IS_IMPLEMENTED) +#endif + return commandIndex; + } + return UNIMPLEMENTED_COMMAND_INDEX; +} + +//*** GetCommandCode() +// This function returns the commandCode associated with the command index +TPM_CC +GetCommandCode( + COMMAND_INDEX commandIndex // IN: the command index + ) +{ + TPM_CC commandCode = GET_ATTRIBUTE(s_ccAttr[commandIndex], + TPMA_CC, commandIndex); + if(IS_ATTRIBUTE(s_ccAttr[commandIndex], TPMA_CC, V)) + commandCode += CC_VEND; + return commandCode; +} + +//*** CommandAuthRole() +// +// This function returns the authorization role required of a handle. +// +// Return Type: AUTH_ROLE +// AUTH_NONE no authorization is required +// AUTH_USER user role authorization is required +// AUTH_ADMIN admin role authorization is required +// AUTH_DUP duplication role authorization is required +AUTH_ROLE +CommandAuthRole( + COMMAND_INDEX commandIndex, // IN: command index + UINT32 handleIndex // IN: handle index (zero based) + ) +{ + if(0 == handleIndex) + { + // Any authorization role set? + COMMAND_ATTRIBUTES properties = s_commandAttributes[commandIndex]; + + if(properties & HANDLE_1_USER) + return AUTH_USER; + if(properties & HANDLE_1_ADMIN) + return AUTH_ADMIN; + if(properties & HANDLE_1_DUP) + return AUTH_DUP; + } + else if(1 == handleIndex) + { + if(s_commandAttributes[commandIndex] & HANDLE_2_USER) + return AUTH_USER; + } + return AUTH_NONE; +} + +//*** EncryptSize() +// This function returns the size of the decrypt size field. This function returns +// 0 if encryption is not allowed +// Return Type: int +// 0 encryption not allowed +// 2 size field is two bytes +// 4 size field is four bytes +int +EncryptSize( + COMMAND_INDEX commandIndex // IN: command index + ) +{ + return ((s_commandAttributes[commandIndex] & ENCRYPT_2) ? 2 : + (s_commandAttributes[commandIndex] & ENCRYPT_4) ? 4 : 0); +} + +//*** DecryptSize() +// This function returns the size of the decrypt size field. This function returns +// 0 if decryption is not allowed +// Return Type: int +// 0 encryption not allowed +// 2 size field is two bytes +// 4 size field is four bytes +int +DecryptSize( + COMMAND_INDEX commandIndex // IN: command index + ) +{ + return ((s_commandAttributes[commandIndex] & DECRYPT_2) ? 2 : + (s_commandAttributes[commandIndex] & DECRYPT_4) ? 4 : 0); +} + +//*** IsSessionAllowed() +// +// This function indicates if the command is allowed to have sessions. +// +// This function must not be called if the command is not known to be implemented. +// +// Return Type: BOOL +// TRUE(1) session is allowed with this command +// FALSE(0) session is not allowed with this command +BOOL +IsSessionAllowed( + COMMAND_INDEX commandIndex // IN: the command to be checked + ) +{ + return ((s_commandAttributes[commandIndex] & NO_SESSIONS) == 0); +} + +//*** IsHandleInResponse() +// This function determines if a command has a handle in the response +BOOL +IsHandleInResponse( + COMMAND_INDEX commandIndex + ) +{ + return ((s_commandAttributes[commandIndex] & R_HANDLE) != 0); +} + +//*** IsWriteOperation() +// Checks to see if an operation will write to an NV Index and is subject to being +// blocked by read-lock +BOOL +IsWriteOperation( + COMMAND_INDEX commandIndex // IN: Command to check + ) +{ +#ifdef WRITE_LOCK + return ((s_commandAttributes[commandIndex] & WRITE_LOCK) != 0); +#else + if(!IS_ATTRIBUTE(s_ccAttr[commandIndex], TPMA_CC, V)) + { + switch(GET_ATTRIBUTE(s_ccAttr[commandIndex], TPMA_CC, commandIndex)) + { + case TPM_CC_NV_Write: +#if CC_NV_Increment + case TPM_CC_NV_Increment: +#endif +#if CC_NV_SetBits + case TPM_CC_NV_SetBits: +#endif +#if CC_NV_Extend + case TPM_CC_NV_Extend: +#endif +#if CC_AC_Send + case TPM_CC_AC_Send: +#endif + // NV write lock counts as a write operation for authorization purposes. + // We check to see if the NV is write locked before we do the + // authorization. If it is locked, we fail the command early. + case TPM_CC_NV_WriteLock: + return TRUE; + default: + break; + } + } + return FALSE; +#endif +} + +//*** IsReadOperation() +// Checks to see if an operation will write to an NV Index and is +// subject to being blocked by write-lock. +BOOL +IsReadOperation( + COMMAND_INDEX commandIndex // IN: Command to check + ) +{ +#ifdef READ_LOCK + return ((s_commandAttributes[commandIndex] & READ_LOCK) != 0); +#else + + if(!IS_ATTRIBUTE(s_ccAttr[commandIndex], TPMA_CC, V)) + { + switch(GET_ATTRIBUTE(s_ccAttr[commandIndex], TPMA_CC, commandIndex)) + { + case TPM_CC_NV_Read: + case TPM_CC_PolicyNV: + case TPM_CC_NV_Certify: + // NV read lock counts as a read operation for authorization purposes. + // We check to see if the NV is read locked before we do the + // authorization. If it is locked, we fail the command early. + case TPM_CC_NV_ReadLock: + return TRUE; + default: + break; + } + } + return FALSE; +#endif +} + +//*** CommandCapGetCCList() +// This function returns a list of implemented commands and command attributes +// starting from the command in 'commandCode'. +// Return Type: TPMI_YES_NO +// YES more command attributes are available +// NO no more command attributes are available +TPMI_YES_NO +CommandCapGetCCList( + TPM_CC commandCode, // IN: start command code + UINT32 count, // IN: maximum count for number of entries in + // 'commandList' + TPML_CCA *commandList // OUT: list of TPMA_CC + ) +{ + TPMI_YES_NO more = NO; + COMMAND_INDEX commandIndex; + + // initialize output handle list count + commandList->count = 0; + + for(commandIndex = GetClosestCommandIndex(commandCode); + commandIndex != UNIMPLEMENTED_COMMAND_INDEX; + commandIndex = GetNextCommandIndex(commandIndex)) + { +#if !COMPRESSED_LISTS + // this check isn't needed for compressed lists. + if(!(s_commandAttributes[commandIndex] & IS_IMPLEMENTED)) + continue; +#endif + if(commandList->count < count) + { + // If the list is not full, add the attributes for this command. + commandList->commandAttributes[commandList->count] + = s_ccAttr[commandIndex]; + commandList->count++; + } + else + { + // If the list is full but there are more commands to report, + // indicate this and return. + more = YES; + break; + } + } + return more; +} + +//*** IsVendorCommand() +// Function indicates if a command index references a vendor command. +// Return Type: BOOL +// TRUE(1) command is a vendor command +// FALSE(0) command is not a vendor command +BOOL +IsVendorCommand( + COMMAND_INDEX commandIndex // IN: command index to check + ) +{ + return (IS_ATTRIBUTE(s_ccAttr[commandIndex], TPMA_CC, V)); +} diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Entity.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Entity.c new file mode 100644 index 000000000..246a3a784 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Entity.c @@ -0,0 +1,478 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +//** Description +// The functions in this file are used for accessing properties for handles of +// various types. Functions in other files require handles of a specific +// type but the functions in this file allow use of any handle type. + +//** Includes + +#include "Tpm.h" + +//** Functions +//*** EntityGetLoadStatus() +// This function will check that all the handles access loaded entities. +// Return Type: TPM_RC +// TPM_RC_HANDLE handle type does not match +// TPM_RC_REFERENCE_Hx entity is not present +// TPM_RC_HIERARCHY entity belongs to a disabled hierarchy +// TPM_RC_OBJECT_MEMORY handle is an evict object but there is no +// space to load it to RAM +TPM_RC +EntityGetLoadStatus( + COMMAND *command // IN/OUT: command parsing structure + ) +{ + UINT32 i; + TPM_RC result = TPM_RC_SUCCESS; +// + for(i = 0; i < command->handleNum; i++) + { + TPM_HANDLE handle = command->handles[i]; + switch(HandleGetType(handle)) + { + // For handles associated with hierarchies, the entity is present + // only if the associated enable is SET. + case TPM_HT_PERMANENT: + switch(handle) + { + case TPM_RH_OWNER: + if(!gc.shEnable) + result = TPM_RC_HIERARCHY; + break; + +#ifdef VENDOR_PERMANENT + case VENDOR_PERMANENT: +#endif + case TPM_RH_ENDORSEMENT: + if(!gc.ehEnable) + result = TPM_RC_HIERARCHY; + break; + case TPM_RH_PLATFORM: + if(!g_phEnable) + result = TPM_RC_HIERARCHY; + break; + // null handle, PW session handle and lockout + // handle are always available + case TPM_RH_NULL: + case TPM_RS_PW: + // Need to be careful for lockout. Lockout is always available + // for policy checks but not always available when authValue + // is being checked. + case TPM_RH_LOCKOUT: + break; + default: + // handling of the manufacture_specific handles + if(((TPM_RH)handle >= TPM_RH_AUTH_00) + && ((TPM_RH)handle <= TPM_RH_AUTH_FF)) + // use the value that would have been returned from + // unmarshaling if it did the handle filtering + result = TPM_RC_VALUE; + else + FAIL(FATAL_ERROR_INTERNAL); + break; + } + break; + case TPM_HT_TRANSIENT: + // For a transient object, check if the handle is associated + // with a loaded object. + if(!IsObjectPresent(handle)) + result = TPM_RC_REFERENCE_H0; + break; + case TPM_HT_PERSISTENT: + // Persistent object + // Copy the persistent object to RAM and replace the handle with the + // handle of the assigned slot. A TPM_RC_OBJECT_MEMORY, + // TPM_RC_HIERARCHY or TPM_RC_REFERENCE_H0 error may be returned by + // ObjectLoadEvict() + result = ObjectLoadEvict(&command->handles[i], command->index); + break; + case TPM_HT_HMAC_SESSION: + // For an HMAC session, see if the session is loaded + // and if the session in the session slot is actually + // an HMAC session. + if(SessionIsLoaded(handle)) + { + SESSION *session; + session = SessionGet(handle); + // Check if the session is a HMAC session + if(session->attributes.isPolicy == SET) + result = TPM_RC_HANDLE; + } + else + result = TPM_RC_REFERENCE_H0; + break; + case TPM_HT_POLICY_SESSION: + // For a policy session, see if the session is loaded + // and if the session in the session slot is actually + // a policy session. + if(SessionIsLoaded(handle)) + { + SESSION *session; + session = SessionGet(handle); + // Check if the session is a policy session + if(session->attributes.isPolicy == CLEAR) + result = TPM_RC_HANDLE; + } + else + result = TPM_RC_REFERENCE_H0; + break; + case TPM_HT_NV_INDEX: + // For an NV Index, use the TPM-specific routine + // to search the IN Index space. + result = NvIndexIsAccessible(handle); + break; + case TPM_HT_PCR: + // Any PCR handle that is unmarshaled successfully referenced + // a PCR that is defined. + break; +#if CC_AC_Send + case TPM_HT_AC: + // Use the TPM-specific routine to search for the AC + result = AcIsAccessible(handle); + break; +#endif + default: + // Any other handle type is a defect in the unmarshaling code. + FAIL(FATAL_ERROR_INTERNAL); + break; + } + if(result != TPM_RC_SUCCESS) + { + if(result == TPM_RC_REFERENCE_H0) + result = result + i; + else + result = RcSafeAddToResult(result, TPM_RC_H + g_rcIndex[i]); + break; + } + } + return result; +} + +//*** EntityGetAuthValue() +// This function is used to access the 'authValue' associated with a handle. +// This function assumes that the handle references an entity that is accessible +// and the handle is not for a persistent objects. That is EntityGetLoadStatus() +// should have been called. Also, the accessibility of the authValue should have +// been verified by IsAuthValueAvailable(). +// +// This function copies the authorization value of the entity to 'auth'. +// Return Type: UINT16 +// count number of bytes in the authValue with 0's stripped +UINT16 +EntityGetAuthValue( + TPMI_DH_ENTITY handle, // IN: handle of entity + TPM2B_AUTH *auth // OUT: authValue of the entity + ) +{ + TPM2B_AUTH *pAuth = NULL; + + auth->t.size = 0; + + switch(HandleGetType(handle)) + { + case TPM_HT_PERMANENT: + { + switch(handle) + { + case TPM_RH_OWNER: + // ownerAuth for TPM_RH_OWNER + pAuth = &gp.ownerAuth; + break; + case TPM_RH_ENDORSEMENT: + // endorsementAuth for TPM_RH_ENDORSEMENT + pAuth = &gp.endorsementAuth; + break; + case TPM_RH_PLATFORM: + // platformAuth for TPM_RH_PLATFORM + pAuth = &gc.platformAuth; + break; + case TPM_RH_LOCKOUT: + // lockoutAuth for TPM_RH_LOCKOUT + pAuth = &gp.lockoutAuth; + break; + case TPM_RH_NULL: + // nullAuth for TPM_RH_NULL. Return 0 directly here + return 0; + break; +#ifdef VENDOR_PERMANENT + case VENDOR_PERMANENT: + // vendor authorization value + pAauth = &g_platformUniqueDetails; +#endif + default: + // If any other permanent handle is present it is + // a code defect. + FAIL(FATAL_ERROR_INTERNAL); + break; + } + break; + } + case TPM_HT_TRANSIENT: + // authValue for an object + // A persistent object would have been copied into RAM + // and would have an transient object handle here. + { + OBJECT *object; + + object = HandleToObject(handle); + // special handling if this is a sequence object + if(ObjectIsSequence(object)) + { + pAuth = &((HASH_OBJECT *)object)->auth; + } + else + { + // Authorization is available only when the private portion of + // the object is loaded. The check should be made before + // this function is called + pAssert(object->attributes.publicOnly == CLEAR); + pAuth = &object->sensitive.authValue; + } + } + break; + case TPM_HT_NV_INDEX: + // authValue for an NV index + { + NV_INDEX *nvIndex = NvGetIndexInfo(handle, NULL); + pAssert(nvIndex != NULL); + pAuth = &nvIndex->authValue; + } + break; + case TPM_HT_PCR: + // authValue for PCR + pAuth = PCRGetAuthValue(handle); + break; + default: + // If any other handle type is present here, then there is a defect + // in the unmarshaling code. + FAIL(FATAL_ERROR_INTERNAL); + break; + } + // Copy the authValue + MemoryCopy2B(&auth->b, &pAuth->b, sizeof(auth->t.buffer)); + MemoryRemoveTrailingZeros(auth); + return auth->t.size; +} + +//*** EntityGetAuthPolicy() +// This function is used to access the 'authPolicy' associated with a handle. +// This function assumes that the handle references an entity that is accessible +// and the handle is not for a persistent objects. That is EntityGetLoadStatus() +// should have been called. Also, the accessibility of the authPolicy should have +// been verified by IsAuthPolicyAvailable(). +// +// This function copies the authorization policy of the entity to 'authPolicy'. +// +// The return value is the hash algorithm for the policy. +TPMI_ALG_HASH +EntityGetAuthPolicy( + TPMI_DH_ENTITY handle, // IN: handle of entity + TPM2B_DIGEST *authPolicy // OUT: authPolicy of the entity + ) +{ + TPMI_ALG_HASH hashAlg = TPM_ALG_NULL; + authPolicy->t.size = 0; + + switch(HandleGetType(handle)) + { + case TPM_HT_PERMANENT: + switch(handle) + { + case TPM_RH_OWNER: + // ownerPolicy for TPM_RH_OWNER + *authPolicy = gp.ownerPolicy; + hashAlg = gp.ownerAlg; + break; + case TPM_RH_ENDORSEMENT: + // endorsementPolicy for TPM_RH_ENDORSEMENT + *authPolicy = gp.endorsementPolicy; + hashAlg = gp.endorsementAlg; + break; + case TPM_RH_PLATFORM: + // platformPolicy for TPM_RH_PLATFORM + *authPolicy = gc.platformPolicy; + hashAlg = gc.platformAlg; + break; + case TPM_RH_LOCKOUT: + // lockoutPolicy for TPM_RH_LOCKOUT + *authPolicy = gp.lockoutPolicy; + hashAlg = gp.lockoutAlg; + break; + default: + return TPM_ALG_ERROR; + break; + } + break; + case TPM_HT_TRANSIENT: + // authPolicy for an object + { + OBJECT *object = HandleToObject(handle); + *authPolicy = object->publicArea.authPolicy; + hashAlg = object->publicArea.nameAlg; + } + break; + case TPM_HT_NV_INDEX: + // authPolicy for a NV index + { + NV_INDEX *nvIndex = NvGetIndexInfo(handle, NULL); + pAssert(nvIndex != 0); + *authPolicy = nvIndex->publicArea.authPolicy; + hashAlg = nvIndex->publicArea.nameAlg; + } + break; + case TPM_HT_PCR: + // authPolicy for a PCR + hashAlg = PCRGetAuthPolicy(handle, authPolicy); + break; + default: + // If any other handle type is present it is a code defect. + FAIL(FATAL_ERROR_INTERNAL); + break; + } + return hashAlg; +} + +//*** EntityGetName() +// This function returns the Name associated with a handle. +TPM2B_NAME * +EntityGetName( + TPMI_DH_ENTITY handle, // IN: handle of entity + TPM2B_NAME *name // OUT: name of entity + ) +{ + switch(HandleGetType(handle)) + { + case TPM_HT_TRANSIENT: + { + // Name for an object + OBJECT *object = HandleToObject(handle); + // an object with no nameAlg has no name + if(object->publicArea.nameAlg == TPM_ALG_NULL) + name->b.size = 0; + else + *name = object->name; + break; + } + case TPM_HT_NV_INDEX: + // Name for a NV index + NvGetNameByIndexHandle(handle, name); + break; + default: + // For all other types, the handle is the Name + name->t.size = sizeof(TPM_HANDLE); + UINT32_TO_BYTE_ARRAY(handle, name->t.name); + break; + } + return name; +} + +//*** EntityGetHierarchy() +// This function returns the hierarchy handle associated with an entity. +// 1. A handle that is a hierarchy handle is associated with itself. +// 2. An NV index belongs to TPM_RH_PLATFORM if TPMA_NV_PLATFORMCREATE, +// is SET, otherwise it belongs to TPM_RH_OWNER +// 3. An object handle belongs to its hierarchy. +TPMI_RH_HIERARCHY +EntityGetHierarchy( + TPMI_DH_ENTITY handle // IN :handle of entity + ) +{ + TPMI_RH_HIERARCHY hierarchy = TPM_RH_NULL; + + switch(HandleGetType(handle)) + { + case TPM_HT_PERMANENT: + // hierarchy for a permanent handle + switch(handle) + { + case TPM_RH_PLATFORM: + case TPM_RH_ENDORSEMENT: + case TPM_RH_NULL: + hierarchy = handle; + break; + // all other permanent handles are associated with the owner + // hierarchy. (should only be TPM_RH_OWNER and TPM_RH_LOCKOUT) + default: + hierarchy = TPM_RH_OWNER; + break; + } + break; + case TPM_HT_NV_INDEX: + // hierarchy for NV index + { + NV_INDEX *nvIndex = NvGetIndexInfo(handle, NULL); + pAssert(nvIndex != NULL); + + // If only the platform can delete the index, then it is + // considered to be in the platform hierarchy, otherwise it + // is in the owner hierarchy. + if(IS_ATTRIBUTE(nvIndex->publicArea.attributes, TPMA_NV, + PLATFORMCREATE)) + hierarchy = TPM_RH_PLATFORM; + else + hierarchy = TPM_RH_OWNER; + } + break; + case TPM_HT_TRANSIENT: + // hierarchy for an object + { + OBJECT *object; + object = HandleToObject(handle); + if(object->attributes.ppsHierarchy) + { + hierarchy = TPM_RH_PLATFORM; + } + else if(object->attributes.epsHierarchy) + { + hierarchy = TPM_RH_ENDORSEMENT; + } + else if(object->attributes.spsHierarchy) + { + hierarchy = TPM_RH_OWNER; + } + } + break; + case TPM_HT_PCR: + hierarchy = TPM_RH_OWNER; + break; + default: + FAIL(FATAL_ERROR_INTERNAL); + break; + } + // this is unreachable but it provides a return value for the default + // case which makes the complier happy + return hierarchy; +} \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Global.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Global.c new file mode 100644 index 000000000..4caa4a598 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Global.c @@ -0,0 +1,59 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +//** Description +// This file will instance the TPM variables that are not stack allocated. + +// Descriptions of global variables are in Global.h. There macro macro definitions +// that allows a variable to be instanced or simply defined as an external variable. +// When global.h is included from this .c file, GLOBAL_C is defined and values are +// instanced (and possibly initialized), but when global.h is included by any other +// file, they are simply defined as external values. DO NOT DEFINE GLOBAL_C IN ANY +// OTHER FILE. +// +// NOTE: This is a change from previous implementations where Global.h just contained +// the extern declaration and values were instanced in this file. This change keeps +// the definition and instance in one file making maintenance easier. The instanced +// data will still be in the global.obj file. +// +// The OIDs.h file works in a way that is similar to the Global.h with the definition +// of the values in OIDs.h such that they are instanced in global.obj. The macros +// that are defined in Global.h are used in OIDs.h in the same way as they are in +// Global.h. + +//** Defines and Includes +#define GLOBAL_C +#include "Tpm.h" +#include "OIDs.h" + diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Handle.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Handle.c new file mode 100644 index 000000000..3ef3b532b --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Handle.c @@ -0,0 +1,195 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +//** Description +// This file contains the functions that return the type of a handle. + +//** Includes +#include "Tpm.h" + +//** Functions + +//*** HandleGetType() +// This function returns the type of a handle which is the MSO of the handle. +TPM_HT +HandleGetType( + TPM_HANDLE handle // IN: a handle to be checked + ) +{ + // return the upper bytes of input data + return (TPM_HT)((handle & HR_RANGE_MASK) >> HR_SHIFT); +} + +//*** NextPermanentHandle() +// This function returns the permanent handle that is equal to the input value or +// is the next higher value. If there is no handle with the input value and there +// is no next higher value, it returns 0: +TPM_HANDLE +NextPermanentHandle( + TPM_HANDLE inHandle // IN: the handle to check + ) +{ + // If inHandle is below the start of the range of permanent handles + // set it to the start and scan from there + if(inHandle < TPM_RH_FIRST) + inHandle = TPM_RH_FIRST; + // scan from input value until we find an implemented permanent handle + // or go out of range + for(; inHandle <= TPM_RH_LAST; inHandle++) + { + switch(inHandle) + { + case TPM_RH_OWNER: + case TPM_RH_NULL: + case TPM_RS_PW: + case TPM_RH_LOCKOUT: + case TPM_RH_ENDORSEMENT: + case TPM_RH_PLATFORM: + case TPM_RH_PLATFORM_NV: +#ifdef VENDOR_PERMANENT + case VENDOR_PERMANENT: +#endif + return inHandle; + break; + default: + break; + } + } + // Out of range on the top + return 0; +} + +//*** PermanentCapGetHandles() +// This function returns a list of the permanent handles of PCR, started from +// 'handle'. If 'handle' is larger than the largest permanent handle, an empty list +// will be returned with 'more' set to NO. +// Return Type: TPMI_YES_NO +// YES if there are more handles available +// NO all the available handles has been returned +TPMI_YES_NO +PermanentCapGetHandles( + TPM_HANDLE handle, // IN: start handle + UINT32 count, // IN: count of returned handles + TPML_HANDLE *handleList // OUT: list of handle + ) +{ + TPMI_YES_NO more = NO; + UINT32 i; + + pAssert(HandleGetType(handle) == TPM_HT_PERMANENT); + + // Initialize output handle list + handleList->count = 0; + + // The maximum count of handles we may return is MAX_CAP_HANDLES + if(count > MAX_CAP_HANDLES) count = MAX_CAP_HANDLES; + + // Iterate permanent handle range + for(i = NextPermanentHandle(handle); + i != 0; i = NextPermanentHandle(i + 1)) + { + if(handleList->count < count) + { + // If we have not filled up the return list, add this permanent + // handle to it + handleList->handle[handleList->count] = i; + handleList->count++; + } + else + { + // If the return list is full but we still have permanent handle + // available, report this and stop iterating + more = YES; + break; + } + } + return more; +} + +//*** PermanentHandleGetPolicy() +// This function returns a list of the permanent handles of PCR, started from +// 'handle'. If 'handle' is larger than the largest permanent handle, an empty list +// will be returned with 'more' set to NO. +// Return Type: TPMI_YES_NO +// YES if there are more handles available +// NO all the available handles has been returned +TPMI_YES_NO +PermanentHandleGetPolicy( + TPM_HANDLE handle, // IN: start handle + UINT32 count, // IN: max count of returned handles + TPML_TAGGED_POLICY *policyList // OUT: list of handle + ) +{ + TPMI_YES_NO more = NO; + + pAssert(HandleGetType(handle) == TPM_HT_PERMANENT); + + // Initialize output handle list + policyList->count = 0; + + // The maximum count of policies we may return is MAX_TAGGED_POLICIES + if(count > MAX_TAGGED_POLICIES) + count = MAX_TAGGED_POLICIES; + + // Iterate permanent handle range + for(handle = NextPermanentHandle(handle); + handle != 0; + handle = NextPermanentHandle(handle + 1)) + { + TPM2B_DIGEST policyDigest; + TPM_ALG_ID policyAlg; + // Check to see if this permanent handle has a policy + policyAlg = EntityGetAuthPolicy(handle, &policyDigest); + if(policyAlg == TPM_ALG_ERROR) + continue; + if(policyList->count < count) + { + // If we have not filled up the return list, add this + // policy to the list; + policyList->policies[policyList->count].handle = handle; + policyList->policies[policyList->count].policyHash.hashAlg = policyAlg; + MemoryCopy(&policyList->policies[policyList->count].policyHash.digest, + policyDigest.t.buffer, policyDigest.t.size); + policyList->count++; + } + else + { + // If the return list is full but we still have permanent handle + // available, report this and stop iterating + more = YES; + break; + } + } + return more; +} diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/IoBuffers.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/IoBuffers.c new file mode 100644 index 000000000..49d0561c3 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/IoBuffers.c @@ -0,0 +1,125 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +//** Includes and Data Definitions + +// This definition allows this module to "see" the values that are private +// to this module but kept in Global.c for ease of state migration. +#define IO_BUFFER_C +#include "Tpm.h" +#include "IoBuffers_fp.h" + +//** Buffers and Functions + +// These buffers are set aside to hold command and response values. In this +// implementation, it is not guaranteed that the code will stop accessing +// the s_actionInputBuffer before starting to put values in the +// s_actionOutputBuffer so different buffers are required. +// + +//*** MemoryIoBufferAllocationReset() +// This function is used to reset the allocation of buffers. +void +MemoryIoBufferAllocationReset( + void +) +{ + s_actionIoAllocation = 0; +} + +//*** MemoryIoBufferZero() +// Function zeros the action I/O buffer at the end of a command. Calling this is +// not mandatory for proper functionality. +void +MemoryIoBufferZero( + void +) +{ + memset(s_actionIoBuffer, 0, s_actionIoAllocation); +} + +//*** MemoryGetInBuffer() +// This function returns the address of the buffer into which the +// command parameters will be unmarshaled in preparation for calling +// the command actions. +BYTE * +MemoryGetInBuffer( + UINT32 size // Size, in bytes, required for the input + // unmarshaling + ) +{ + pAssert(size <= sizeof(s_actionIoBuffer)); + // In this implementation, a static buffer is set aside for the command action + // buffers. The buffer is shared between input and output. This is because + // there is no need to allocate for the worst case input and worst case output + // at the same time. + // Round size up + #define UoM (sizeof(s_actionIoBuffer[0])) + size = (size + (UoM - 1)) & (UINT32_MAX - (UoM - 1)); + memset(s_actionIoBuffer, 0, size); + s_actionIoAllocation = size; + return (BYTE *)&s_actionIoBuffer[0]; +} + +//*** MemoryGetOutBuffer() +// This function returns the address of the buffer into which the command +// action code places its output values. +BYTE * +MemoryGetOutBuffer( + UINT32 size // required size of the buffer + ) +{ + BYTE *retVal = (BYTE *)(&s_actionIoBuffer[s_actionIoAllocation / UoM]); + pAssert((size + s_actionIoAllocation) < (sizeof(s_actionIoBuffer))); + // In this implementation, a static buffer is set aside for the command action + // output buffer. + memset(retVal, 0, size); + s_actionIoAllocation += size; + return retVal; +} + +//*** IsLabelProperlyFormatted() +// This function checks that a label is a null-terminated string. +// NOTE: this function is here because there was no better place for it. +// Return Type: BOOL +// TRUE(1) string is null terminated +// FALSE(0) string is not null terminated +BOOL +IsLabelProperlyFormatted( + TPM2B *x + ) +{ + return (((x)->size == 0) || ((x)->buffer[(x)->size - 1] == 0)); +} diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Locality.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Locality.c new file mode 100644 index 000000000..e2d1bfd94 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Locality.c @@ -0,0 +1,75 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +//** Includes +#include "Tpm.h" + +//** LocalityGetAttributes() +// This function will convert a locality expressed as an integer into +// TPMA_LOCALITY form. +// +// The function returns the locality attribute. +TPMA_LOCALITY +LocalityGetAttributes( + UINT8 locality // IN: locality value + ) +{ + TPMA_LOCALITY locality_attributes; + BYTE *localityAsByte = (BYTE *)&locality_attributes; + + MemorySet(&locality_attributes, 0, sizeof(TPMA_LOCALITY)); + switch(locality) + { + case 0: + SET_ATTRIBUTE(locality_attributes, TPMA_LOCALITY, TPM_LOC_ZERO); + break; + case 1: + SET_ATTRIBUTE(locality_attributes, TPMA_LOCALITY, TPM_LOC_ONE); + break; + case 2: + SET_ATTRIBUTE(locality_attributes, TPMA_LOCALITY, TPM_LOC_TWO); + break; + case 3: + SET_ATTRIBUTE(locality_attributes, TPMA_LOCALITY, TPM_LOC_THREE); + break; + case 4: + SET_ATTRIBUTE(locality_attributes, TPMA_LOCALITY, TPM_LOC_FOUR); + break; + default: + pAssert(locality > 31); + *localityAsByte = locality; + break; + } + return locality_attributes; +} \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Manufacture.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Manufacture.c new file mode 100644 index 000000000..19361a96b --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Manufacture.c @@ -0,0 +1,177 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +//** Description +// This file contains the function that performs the "manufacturing" of the TPM +// in a simulated environment. These functions should not be used outside of +// a manufacturing or simulation environment. + +//** Includes and Data Definitions +#define MANUFACTURE_C +#include "Tpm.h" +#include "TpmSizeChecks_fp.h" + +//** Functions + +//*** TPM_Manufacture() +// This function initializes the TPM values in preparation for the TPM's first +// use. This function will fail if previously called. The TPM can be re-manufactured +// by calling TPM_Teardown() first and then calling this function again. +// Return Type: int +// 0 success +// 1 manufacturing process previously performed +LIB_EXPORT int +TPM_Manufacture( + int firstTime // IN: indicates if this is the first call from + // main() + ) +{ + TPM_SU orderlyShutdown; + +#if RUNTIME_SIZE_CHECKS + // Call the function to verify the sizes of values that result from different + // compile options. + TpmSizeChecks(); +#endif + + // If TPM has been manufactured, return indication. + if(!firstTime && g_manufactured) + return 1; + + // Do power on initializations of the cryptographic libraries. + CryptInit(); + + s_DAPendingOnNV = FALSE; + + // initialize NV + NvManufacture(); + + // Clear the magic value in the DRBG state + go.drbgState.magic = 0; + + CryptStartup(SU_RESET); + + // default configuration for PCR + PCRSimStart(); + + // initialize pre-installed hierarchy data + // This should happen after NV is initialized because hierarchy data is + // stored in NV. + HierarchyPreInstall_Init(); + + // initialize dictionary attack parameters + DAPreInstall_Init(); + + // initialize PP list + PhysicalPresencePreInstall_Init(); + + // initialize command audit list + CommandAuditPreInstall_Init(); + + // first start up is required to be Startup(CLEAR) + orderlyShutdown = TPM_SU_CLEAR; + NV_WRITE_PERSISTENT(orderlyState, orderlyShutdown); + + // initialize the firmware version + gp.firmwareV1 = FIRMWARE_V1; +#ifdef FIRMWARE_V2 + gp.firmwareV2 = FIRMWARE_V2; +#else + gp.firmwareV2 = 0; +#endif + NV_SYNC_PERSISTENT(firmwareV1); + NV_SYNC_PERSISTENT(firmwareV2); + + // initialize the total reset counter to 0 + gp.totalResetCount = 0; + NV_SYNC_PERSISTENT(totalResetCount); + + // initialize the clock stuff + go.clock = 0; + go.clockSafe = YES; + + NvWrite(NV_ORDERLY_DATA, sizeof(ORDERLY_DATA), &go); + + // Commit NV writes. Manufacture process is an artificial process existing + // only in simulator environment and it is not defined in the specification + // that what should be the expected behavior if the NV write fails at this + // point. Therefore, it is assumed the NV write here is always success and + // no return code of this function is checked. + NvCommit(); + + g_manufactured = TRUE; + + return 0; +} + +//*** TPM_TearDown() +// This function prepares the TPM for re-manufacture. It should not be implemented +// in anything other than a simulated TPM. +// +// In this implementation, all that is needs is to stop the cryptographic units +// and set a flag to indicate that the TPM can be re-manufactured. This should +// be all that is necessary to start the manufacturing process again. +// Return Type: int +// 0 success +// 1 TPM not previously manufactured +LIB_EXPORT int +TPM_TearDown( + void + ) +{ + g_manufactured = FALSE; + return 0; +} + + +//*** TpmEndSimulation() +// This function is called at the end of the simulation run. It is used to provoke +// printing of any statistics that might be needed. +LIB_EXPORT void +TpmEndSimulation( + void + ) +{ +#if SIMULATION + HashLibSimulationEnd(); + SymLibSimulationEnd(); + MathLibSimulationEnd(); +#if ALG_RSA + RsaSimulationEnd(); +#endif +#if ALG_ECC + EccSimulationEnd(); +#endif +#endif // SIMULATION +} \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Marshal.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Marshal.c new file mode 100644 index 000000000..ba96696db --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Marshal.c @@ -0,0 +1,5811 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/*(Auto-generated) + * Created by TpmMarshal; Version 4.1 Dec 10, 2018 + * Date: Apr 2, 2019 Time: 11:00:48AM + */ + +#include "Tpm.h" +#include "Marshal_fp.h" + +// Table 2:3 - Definition of Base Types +// UINT8 definition from table 2:3 +TPM_RC +UINT8_Unmarshal(UINT8 *target, BYTE **buffer, INT32 *size) +{ + if((*size -= 1) < 0) + return TPM_RC_INSUFFICIENT; + *target = BYTE_ARRAY_TO_UINT8(*buffer); + *buffer += 1; + return TPM_RC_SUCCESS; +} +UINT16 +UINT8_Marshal(UINT8 *source, BYTE **buffer, INT32 *size) +{ + if (buffer != 0) + { + if ((size == 0) || ((*size -= 1) >= 0)) + { + UINT8_TO_BYTE_ARRAY(*source, *buffer); + *buffer += 1; + } + pAssert(size == 0 || (*size >= 0)); + } + return (1); +} + +// BYTE definition from table 2:3 +#if !USE_MARSHALING_DEFINES +TPM_RC +BYTE_Unmarshal(BYTE *target, BYTE **buffer, INT32 *size) +{ + return UINT8_Unmarshal((UINT8 *)target, buffer, size); +} +UINT16 +BYTE_Marshal(BYTE *source, BYTE **buffer, INT32 *size) +{ + return UINT8_Marshal((UINT8 *)source, buffer, size); +} +#endif // !USE_MARSHALING_DEFINES + +// INT8 definition from table 2:3 +#if !USE_MARSHALING_DEFINES +TPM_RC +INT8_Unmarshal(INT8 *target, BYTE **buffer, INT32 *size) +{ + return UINT8_Unmarshal((UINT8 *)target, buffer, size); +} +UINT16 +INT8_Marshal(INT8 *source, BYTE **buffer, INT32 *size) +{ + return UINT8_Marshal((UINT8 *)source, buffer, size); +} +#endif // !USE_MARSHALING_DEFINES + +// UINT16 definition from table 2:3 +TPM_RC +UINT16_Unmarshal(UINT16 *target, BYTE **buffer, INT32 *size) +{ + if((*size -= 2) < 0) + return TPM_RC_INSUFFICIENT; + *target = BYTE_ARRAY_TO_UINT16(*buffer); + *buffer += 2; + return TPM_RC_SUCCESS; +} +UINT16 +UINT16_Marshal(UINT16 *source, BYTE **buffer, INT32 *size) +{ + if (buffer != 0) + { + if ((size == 0) || ((*size -= 2) >= 0)) + { + UINT16_TO_BYTE_ARRAY(*source, *buffer); + *buffer += 2; + } + pAssert(size == 0 || (*size >= 0)); + } + return (2); +} + +// INT16 definition from table 2:3 +#if !USE_MARSHALING_DEFINES +TPM_RC +INT16_Unmarshal(INT16 *target, BYTE **buffer, INT32 *size) +{ + return UINT16_Unmarshal((UINT16 *)target, buffer, size); +} +UINT16 +INT16_Marshal(INT16 *source, BYTE **buffer, INT32 *size) +{ + return UINT16_Marshal((UINT16 *)source, buffer, size); +} +#endif // !USE_MARSHALING_DEFINES + +// UINT32 definition from table 2:3 +TPM_RC +UINT32_Unmarshal(UINT32 *target, BYTE **buffer, INT32 *size) +{ + if((*size -= 4) < 0) + return TPM_RC_INSUFFICIENT; + *target = BYTE_ARRAY_TO_UINT32(*buffer); + *buffer += 4; + return TPM_RC_SUCCESS; +} +UINT16 +UINT32_Marshal(UINT32 *source, BYTE **buffer, INT32 *size) +{ + if (buffer != 0) + { + if ((size == 0) || ((*size -= 4) >= 0)) + { + UINT32_TO_BYTE_ARRAY(*source, *buffer); + *buffer += 4; + } + pAssert(size == 0 || (*size >= 0)); + } + return (4); +} + +// INT32 definition from table 2:3 +#if !USE_MARSHALING_DEFINES +TPM_RC +INT32_Unmarshal(INT32 *target, BYTE **buffer, INT32 *size) +{ + return UINT32_Unmarshal((UINT32 *)target, buffer, size); +} +UINT16 +INT32_Marshal(INT32 *source, BYTE **buffer, INT32 *size) +{ + return UINT32_Marshal((UINT32 *)source, buffer, size); +} +#endif // !USE_MARSHALING_DEFINES + +// UINT64 definition from table 2:3 +TPM_RC +UINT64_Unmarshal(UINT64 *target, BYTE **buffer, INT32 *size) +{ + if((*size -= 8) < 0) + return TPM_RC_INSUFFICIENT; + *target = BYTE_ARRAY_TO_UINT64(*buffer); + *buffer += 8; + return TPM_RC_SUCCESS; +} +UINT16 +UINT64_Marshal(UINT64 *source, BYTE **buffer, INT32 *size) +{ + if (buffer != 0) + { + if ((size == 0) || ((*size -= 8) >= 0)) + { + UINT64_TO_BYTE_ARRAY(*source, *buffer); + *buffer += 8; + } + pAssert(size == 0 || (*size >= 0)); + } + return (8); +} + +// INT64 definition from table 2:3 +#if !USE_MARSHALING_DEFINES +TPM_RC +INT64_Unmarshal(INT64 *target, BYTE **buffer, INT32 *size) +{ + return UINT64_Unmarshal((UINT64 *)target, buffer, size); +} +UINT16 +INT64_Marshal(INT64 *source, BYTE **buffer, INT32 *size) +{ + return UINT64_Marshal((UINT64 *)source, buffer, size); +} +#endif // !USE_MARSHALING_DEFINES + +// Table 2:4 - Defines for Logic Values +// Table 2:5 - Definition of Types for Documentation Clarity +#if !USE_MARSHALING_DEFINES +TPM_RC +TPM_ALGORITHM_ID_Unmarshal(TPM_ALGORITHM_ID *target, BYTE **buffer, INT32 *size) +{ + return UINT32_Unmarshal((UINT32 *)target, buffer, size); +} +UINT16 +TPM_ALGORITHM_ID_Marshal(TPM_ALGORITHM_ID *source, BYTE **buffer, INT32 *size) +{ + return UINT32_Marshal((UINT32 *)source, buffer, size); +} +TPM_RC +TPM_MODIFIER_INDICATOR_Unmarshal(TPM_MODIFIER_INDICATOR *target, BYTE **buffer, INT32 *size) +{ + return UINT32_Unmarshal((UINT32 *)target, buffer, size); +} +UINT16 +TPM_MODIFIER_INDICATOR_Marshal(TPM_MODIFIER_INDICATOR *source, BYTE **buffer, INT32 *size) +{ + return UINT32_Marshal((UINT32 *)source, buffer, size); +} +TPM_RC +TPM_AUTHORIZATION_SIZE_Unmarshal(TPM_AUTHORIZATION_SIZE *target, BYTE **buffer, INT32 *size) +{ + return UINT32_Unmarshal((UINT32 *)target, buffer, size); +} +UINT16 +TPM_AUTHORIZATION_SIZE_Marshal(TPM_AUTHORIZATION_SIZE *source, BYTE **buffer, INT32 *size) +{ + return UINT32_Marshal((UINT32 *)source, buffer, size); +} +TPM_RC +TPM_PARAMETER_SIZE_Unmarshal(TPM_PARAMETER_SIZE *target, BYTE **buffer, INT32 *size) +{ + return UINT32_Unmarshal((UINT32 *)target, buffer, size); +} +UINT16 +TPM_PARAMETER_SIZE_Marshal(TPM_PARAMETER_SIZE *source, BYTE **buffer, INT32 *size) +{ + return UINT32_Marshal((UINT32 *)source, buffer, size); +} +TPM_RC +TPM_KEY_SIZE_Unmarshal(TPM_KEY_SIZE *target, BYTE **buffer, INT32 *size) +{ + return UINT16_Unmarshal((UINT16 *)target, buffer, size); +} +UINT16 +TPM_KEY_SIZE_Marshal(TPM_KEY_SIZE *source, BYTE **buffer, INT32 *size) +{ + return UINT16_Marshal((UINT16 *)source, buffer, size); +} +TPM_RC +TPM_KEY_BITS_Unmarshal(TPM_KEY_BITS *target, BYTE **buffer, INT32 *size) +{ + return UINT16_Unmarshal((UINT16 *)target, buffer, size); +} +UINT16 +TPM_KEY_BITS_Marshal(TPM_KEY_BITS *source, BYTE **buffer, INT32 *size) +{ + return UINT16_Marshal((UINT16 *)source, buffer, size); +} +#endif // !USE_MARSHALING_DEFINES + +// Table 2:6 - Definition of TPM_SPEC Constants +// Table 2:7 - Definition of TPM_GENERATED Constants +#if !USE_MARSHALING_DEFINES +UINT16 +TPM_GENERATED_Marshal(TPM_GENERATED *source, BYTE **buffer, INT32 *size) +{ + return UINT32_Marshal((UINT32 *)source, buffer, size); +} +#endif // !USE_MARSHALING_DEFINES + +// Table 2:9 - Definition of TPM_ALG_ID Constants +#if !USE_MARSHALING_DEFINES +TPM_RC +TPM_ALG_ID_Unmarshal(TPM_ALG_ID *target, BYTE **buffer, INT32 *size) +{ + return UINT16_Unmarshal((UINT16 *)target, buffer, size); +} +UINT16 +TPM_ALG_ID_Marshal(TPM_ALG_ID *source, BYTE **buffer, INT32 *size) +{ + return UINT16_Marshal((UINT16 *)source, buffer, size); +} +#endif // !USE_MARSHALING_DEFINES + +// Table 2:10 - Definition of TPM_ECC_CURVE Constants +#if ALG_ECC +TPM_RC +TPM_ECC_CURVE_Unmarshal(TPM_ECC_CURVE *target, BYTE **buffer, INT32 *size) +{ + TPM_RC result; + result = UINT16_Unmarshal((UINT16 *)target, buffer, size); + if(result == TPM_RC_SUCCESS) + { + switch(*target) + { + case TPM_ECC_NIST_P192 : + case TPM_ECC_NIST_P224 : + case TPM_ECC_NIST_P256 : + case TPM_ECC_NIST_P384 : + case TPM_ECC_NIST_P521 : + case TPM_ECC_BN_P256 : + case TPM_ECC_BN_P638 : + case TPM_ECC_SM2_P256 : + break; + default : + result = TPM_RC_CURVE; + break; + } + } + return result; +} +#if !USE_MARSHALING_DEFINES +UINT16 +TPM_ECC_CURVE_Marshal(TPM_ECC_CURVE *source, BYTE **buffer, INT32 *size) +{ + return UINT16_Marshal((UINT16 *)source, buffer, size); +} +#endif // !USE_MARSHALING_DEFINES +#endif // ALG_ECC + +// Table 2:12 - Definition of TPM_CC Constants +#if !USE_MARSHALING_DEFINES +TPM_RC +TPM_CC_Unmarshal(TPM_CC *target, BYTE **buffer, INT32 *size) +{ + return UINT32_Unmarshal((UINT32 *)target, buffer, size); +} +UINT16 +TPM_CC_Marshal(TPM_CC *source, BYTE **buffer, INT32 *size) +{ + return UINT32_Marshal((UINT32 *)source, buffer, size); +} +#endif // !USE_MARSHALING_DEFINES + +// Table 2:16 - Definition of TPM_RC Constants +#if !USE_MARSHALING_DEFINES +UINT16 +TPM_RC_Marshal(TPM_RC *source, BYTE **buffer, INT32 *size) +{ + return UINT32_Marshal((UINT32 *)source, buffer, size); +} +#endif // !USE_MARSHALING_DEFINES + +// Table 2:17 - Definition of TPM_CLOCK_ADJUST Constants +TPM_RC +TPM_CLOCK_ADJUST_Unmarshal(TPM_CLOCK_ADJUST *target, BYTE **buffer, INT32 *size) +{ + TPM_RC result; + result = INT8_Unmarshal((INT8 *)target, buffer, size); + if(result == TPM_RC_SUCCESS) + { + switch(*target) + { + case TPM_CLOCK_COARSE_SLOWER : + case TPM_CLOCK_MEDIUM_SLOWER : + case TPM_CLOCK_FINE_SLOWER : + case TPM_CLOCK_NO_CHANGE : + case TPM_CLOCK_FINE_FASTER : + case TPM_CLOCK_MEDIUM_FASTER : + case TPM_CLOCK_COARSE_FASTER : + break; + default : + result = TPM_RC_VALUE; + break; + } + } + return result; +} + +// Table 2:18 - Definition of TPM_EO Constants +TPM_RC +TPM_EO_Unmarshal(TPM_EO *target, BYTE **buffer, INT32 *size) +{ + TPM_RC result; + result = UINT16_Unmarshal((UINT16 *)target, buffer, size); + if(result == TPM_RC_SUCCESS) + { + switch(*target) + { + case TPM_EO_EQ : + case TPM_EO_NEQ : + case TPM_EO_SIGNED_GT : + case TPM_EO_UNSIGNED_GT : + case TPM_EO_SIGNED_LT : + case TPM_EO_UNSIGNED_LT : + case TPM_EO_SIGNED_GE : + case TPM_EO_UNSIGNED_GE : + case TPM_EO_SIGNED_LE : + case TPM_EO_UNSIGNED_LE : + case TPM_EO_BITSET : + case TPM_EO_BITCLEAR : + break; + default : + result = TPM_RC_VALUE; + break; + } + } + return result; +} +#if !USE_MARSHALING_DEFINES +UINT16 +TPM_EO_Marshal(TPM_EO *source, BYTE **buffer, INT32 *size) +{ + return UINT16_Marshal((UINT16 *)source, buffer, size); +} +#endif // !USE_MARSHALING_DEFINES + +// Table 2:19 - Definition of TPM_ST Constants +#if !USE_MARSHALING_DEFINES +TPM_RC +TPM_ST_Unmarshal(TPM_ST *target, BYTE **buffer, INT32 *size) +{ + return UINT16_Unmarshal((UINT16 *)target, buffer, size); +} +UINT16 +TPM_ST_Marshal(TPM_ST *source, BYTE **buffer, INT32 *size) +{ + return UINT16_Marshal((UINT16 *)source, buffer, size); +} +#endif // !USE_MARSHALING_DEFINES + +// Table 2:20 - Definition of TPM_SU Constants +TPM_RC +TPM_SU_Unmarshal(TPM_SU *target, BYTE **buffer, INT32 *size) +{ + TPM_RC result; + result = UINT16_Unmarshal((UINT16 *)target, buffer, size); + if(result == TPM_RC_SUCCESS) + { + switch(*target) + { + case TPM_SU_CLEAR : + case TPM_SU_STATE : + break; + default : + result = TPM_RC_VALUE; + break; + } + } + return result; +} + +// Table 2:21 - Definition of TPM_SE Constants +TPM_RC +TPM_SE_Unmarshal(TPM_SE *target, BYTE **buffer, INT32 *size) +{ + TPM_RC result; + result = UINT8_Unmarshal((UINT8 *)target, buffer, size); + if(result == TPM_RC_SUCCESS) + { + switch(*target) + { + case TPM_SE_HMAC : + case TPM_SE_POLICY : + case TPM_SE_TRIAL : + break; + default : + result = TPM_RC_VALUE; + break; + } + } + return result; +} + +// Table 2:22 - Definition of TPM_CAP Constants +TPM_RC +TPM_CAP_Unmarshal(TPM_CAP *target, BYTE **buffer, INT32 *size) +{ + TPM_RC result; + result = UINT32_Unmarshal((UINT32 *)target, buffer, size); + if(result == TPM_RC_SUCCESS) + { + switch(*target) + { + case TPM_CAP_ALGS : + case TPM_CAP_HANDLES : + case TPM_CAP_COMMANDS : + case TPM_CAP_PP_COMMANDS : + case TPM_CAP_AUDIT_COMMANDS : + case TPM_CAP_PCRS : + case TPM_CAP_TPM_PROPERTIES : + case TPM_CAP_PCR_PROPERTIES : + case TPM_CAP_ECC_CURVES : + case TPM_CAP_AUTH_POLICIES : + case TPM_CAP_VENDOR_PROPERTY : + break; + default : + result = TPM_RC_VALUE; + break; + } + } + return result; +} +#if !USE_MARSHALING_DEFINES +UINT16 +TPM_CAP_Marshal(TPM_CAP *source, BYTE **buffer, INT32 *size) +{ + return UINT32_Marshal((UINT32 *)source, buffer, size); +} +#endif // !USE_MARSHALING_DEFINES + +// Table 2:23 - Definition of TPM_PT Constants +#if !USE_MARSHALING_DEFINES +TPM_RC +TPM_PT_Unmarshal(TPM_PT *target, BYTE **buffer, INT32 *size) +{ + return UINT32_Unmarshal((UINT32 *)target, buffer, size); +} +UINT16 +TPM_PT_Marshal(TPM_PT *source, BYTE **buffer, INT32 *size) +{ + return UINT32_Marshal((UINT32 *)source, buffer, size); +} +#endif // !USE_MARSHALING_DEFINES + +// Table 2:24 - Definition of TPM_PT_PCR Constants +#if !USE_MARSHALING_DEFINES +TPM_RC +TPM_PT_PCR_Unmarshal(TPM_PT_PCR *target, BYTE **buffer, INT32 *size) +{ + return UINT32_Unmarshal((UINT32 *)target, buffer, size); +} +UINT16 +TPM_PT_PCR_Marshal(TPM_PT_PCR *source, BYTE **buffer, INT32 *size) +{ + return UINT32_Marshal((UINT32 *)source, buffer, size); +} +#endif // !USE_MARSHALING_DEFINES + +// Table 2:25 - Definition of TPM_PS Constants +#if !USE_MARSHALING_DEFINES +UINT16 +TPM_PS_Marshal(TPM_PS *source, BYTE **buffer, INT32 *size) +{ + return UINT32_Marshal((UINT32 *)source, buffer, size); +} +#endif // !USE_MARSHALING_DEFINES + +// Table 2:26 - Definition of Types for Handles +#if !USE_MARSHALING_DEFINES +TPM_RC +TPM_HANDLE_Unmarshal(TPM_HANDLE *target, BYTE **buffer, INT32 *size) +{ + return UINT32_Unmarshal((UINT32 *)target, buffer, size); +} +UINT16 +TPM_HANDLE_Marshal(TPM_HANDLE *source, BYTE **buffer, INT32 *size) +{ + return UINT32_Marshal((UINT32 *)source, buffer, size); +} +#endif // !USE_MARSHALING_DEFINES + +// Table 2:27 - Definition of TPM_HT Constants +#if !USE_MARSHALING_DEFINES +TPM_RC +TPM_HT_Unmarshal(TPM_HT *target, BYTE **buffer, INT32 *size) +{ + return UINT8_Unmarshal((UINT8 *)target, buffer, size); +} +UINT16 +TPM_HT_Marshal(TPM_HT *source, BYTE **buffer, INT32 *size) +{ + return UINT8_Marshal((UINT8 *)source, buffer, size); +} +#endif // !USE_MARSHALING_DEFINES + +// Table 2:28 - Definition of TPM_RH Constants +#if !USE_MARSHALING_DEFINES +TPM_RC +TPM_RH_Unmarshal(TPM_RH *target, BYTE **buffer, INT32 *size) +{ + return TPM_HANDLE_Unmarshal((TPM_HANDLE *)target, buffer, size); +} +UINT16 +TPM_RH_Marshal(TPM_RH *source, BYTE **buffer, INT32 *size) +{ + return TPM_HANDLE_Marshal((TPM_HANDLE *)source, buffer, size); +} +#endif // !USE_MARSHALING_DEFINES + +// Table 2:29 - Definition of TPM_HC Constants +#if !USE_MARSHALING_DEFINES +TPM_RC +TPM_HC_Unmarshal(TPM_HC *target, BYTE **buffer, INT32 *size) +{ + return TPM_HANDLE_Unmarshal((TPM_HANDLE *)target, buffer, size); +} +UINT16 +TPM_HC_Marshal(TPM_HC *source, BYTE **buffer, INT32 *size) +{ + return TPM_HANDLE_Marshal((TPM_HANDLE *)source, buffer, size); +} +#endif // !USE_MARSHALING_DEFINES + +// Table 2:30 - Definition of TPMA_ALGORITHM Bits +TPM_RC +TPMA_ALGORITHM_Unmarshal(TPMA_ALGORITHM *target, BYTE **buffer, INT32 *size) +{ + TPM_RC result; + result = UINT32_Unmarshal((UINT32 *)target, buffer, size); + if(result == TPM_RC_SUCCESS) + { + if(*((UINT32 *)target) & (UINT32)0xfffff8f0) + result = TPM_RC_RESERVED_BITS; + } + return result; +} + +#if !USE_MARSHALING_DEFINES +UINT16 +TPMA_ALGORITHM_Marshal(TPMA_ALGORITHM *source, BYTE **buffer, INT32 *size) +{ + return UINT32_Marshal((UINT32 *)source, buffer, size); +} +#endif // !USE_MARSHALING_DEFINES + +// Table 2:31 - Definition of TPMA_OBJECT Bits +TPM_RC +TPMA_OBJECT_Unmarshal(TPMA_OBJECT *target, BYTE **buffer, INT32 *size) +{ + TPM_RC result; + result = UINT32_Unmarshal((UINT32 *)target, buffer, size); + if(result == TPM_RC_SUCCESS) + { + if(*((UINT32 *)target) & (UINT32)0xfff0f309) + result = TPM_RC_RESERVED_BITS; + } + return result; +} + +#if !USE_MARSHALING_DEFINES +UINT16 +TPMA_OBJECT_Marshal(TPMA_OBJECT *source, BYTE **buffer, INT32 *size) +{ + return UINT32_Marshal((UINT32 *)source, buffer, size); +} +#endif // !USE_MARSHALING_DEFINES + +// Table 2:32 - Definition of TPMA_SESSION Bits +TPM_RC +TPMA_SESSION_Unmarshal(TPMA_SESSION *target, BYTE **buffer, INT32 *size) +{ + TPM_RC result; + result = UINT8_Unmarshal((UINT8 *)target, buffer, size); + if(result == TPM_RC_SUCCESS) + { + if(*((UINT8 *)target) & (UINT8)0x18) + result = TPM_RC_RESERVED_BITS; + } + return result; +} + +#if !USE_MARSHALING_DEFINES +UINT16 +TPMA_SESSION_Marshal(TPMA_SESSION *source, BYTE **buffer, INT32 *size) +{ + return UINT8_Marshal((UINT8 *)source, buffer, size); +} +#endif // !USE_MARSHALING_DEFINES + +// Table 2:33 - Definition of TPMA_LOCALITY Bits +#if !USE_MARSHALING_DEFINES +TPM_RC +TPMA_LOCALITY_Unmarshal(TPMA_LOCALITY *target, BYTE **buffer, INT32 *size) +{ + return UINT8_Unmarshal((UINT8 *)target, buffer, size); +} +UINT16 +TPMA_LOCALITY_Marshal(TPMA_LOCALITY *source, BYTE **buffer, INT32 *size) +{ + return UINT8_Marshal((UINT8 *)source, buffer, size); +} +#endif // !USE_MARSHALING_DEFINES + +// Table 2:34 - Definition of TPMA_PERMANENT Bits +#if !USE_MARSHALING_DEFINES +UINT16 +TPMA_PERMANENT_Marshal(TPMA_PERMANENT *source, BYTE **buffer, INT32 *size) +{ + return UINT32_Marshal((UINT32 *)source, buffer, size); +} +#endif // !USE_MARSHALING_DEFINES + +// Table 2:35 - Definition of TPMA_STARTUP_CLEAR Bits +#if !USE_MARSHALING_DEFINES +UINT16 +TPMA_STARTUP_CLEAR_Marshal(TPMA_STARTUP_CLEAR *source, BYTE **buffer, INT32 *size) +{ + return UINT32_Marshal((UINT32 *)source, buffer, size); +} +#endif // !USE_MARSHALING_DEFINES + +// Table 2:36 - Definition of TPMA_MEMORY Bits +#if !USE_MARSHALING_DEFINES +UINT16 +TPMA_MEMORY_Marshal(TPMA_MEMORY *source, BYTE **buffer, INT32 *size) +{ + return UINT32_Marshal((UINT32 *)source, buffer, size); +} +#endif // !USE_MARSHALING_DEFINES + +// Table 2:37 - Definition of TPMA_CC Bits +#if !USE_MARSHALING_DEFINES +UINT16 +TPMA_CC_Marshal(TPMA_CC *source, BYTE **buffer, INT32 *size) +{ + return TPM_CC_Marshal((TPM_CC *)source, buffer, size); +} +#endif // !USE_MARSHALING_DEFINES + +// Table 2:38 - Definition of TPMA_MODES Bits +#if !USE_MARSHALING_DEFINES +UINT16 +TPMA_MODES_Marshal(TPMA_MODES *source, BYTE **buffer, INT32 *size) +{ + return UINT32_Marshal((UINT32 *)source, buffer, size); +} +#endif // !USE_MARSHALING_DEFINES + +// Table 2:39 - Definition of TPMA_X509_KEY_USAGE Bits +#if !USE_MARSHALING_DEFINES +UINT16 +TPMA_X509_KEY_USAGE_Marshal(TPMA_X509_KEY_USAGE *source, BYTE **buffer, INT32 *size) +{ + return UINT32_Marshal((UINT32 *)source, buffer, size); +} +#endif // !USE_MARSHALING_DEFINES + +// Table 2:40 - Definition of TPMI_YES_NO Type +TPM_RC +TPMI_YES_NO_Unmarshal(TPMI_YES_NO *target, BYTE **buffer, INT32 *size) +{ + TPM_RC result; + result = BYTE_Unmarshal((BYTE *)target, buffer, size); + if(result == TPM_RC_SUCCESS) + { + switch (*target) + { + case NO: + case YES: + break; + default: + result = TPM_RC_VALUE; + break; + } + } + return result; +} +#if !USE_MARSHALING_DEFINES +UINT16 +TPMI_YES_NO_Marshal(TPMI_YES_NO *source, BYTE **buffer, INT32 *size) +{ + return BYTE_Marshal((BYTE *)source, buffer, size); +} +#endif // !USE_MARSHALING_DEFINES + +// Table 2:41 - Definition of TPMI_DH_OBJECT Type +TPM_RC +TPMI_DH_OBJECT_Unmarshal(TPMI_DH_OBJECT *target, BYTE **buffer, INT32 *size, BOOL flag) +{ + TPM_RC result; + result = TPM_HANDLE_Unmarshal((TPM_HANDLE *)target, buffer, size); + if(result == TPM_RC_SUCCESS) + { + if(*target == TPM_RH_NULL) + { + if(!flag) + result = TPM_RC_VALUE; + } + else if( ((*target < TRANSIENT_FIRST) || (*target > TRANSIENT_LAST)) + && ((*target < PERSISTENT_FIRST) || (*target > PERSISTENT_LAST))) + result = TPM_RC_VALUE; + } + return result; +} +#if !USE_MARSHALING_DEFINES +UINT16 +TPMI_DH_OBJECT_Marshal(TPMI_DH_OBJECT *source, BYTE **buffer, INT32 *size) +{ + return TPM_HANDLE_Marshal((TPM_HANDLE *)source, buffer, size); +} +#endif // !USE_MARSHALING_DEFINES + +// Table 2:42 - Definition of TPMI_DH_PARENT Type +TPM_RC +TPMI_DH_PARENT_Unmarshal(TPMI_DH_PARENT *target, BYTE **buffer, INT32 *size, BOOL flag) +{ + TPM_RC result; + result = TPM_HANDLE_Unmarshal((TPM_HANDLE *)target, buffer, size); + if(result == TPM_RC_SUCCESS) + { + switch (*target) + { + case TPM_RH_OWNER: + case TPM_RH_PLATFORM: + case TPM_RH_ENDORSEMENT: + break; + case TPM_RH_NULL: + if(!flag) + result = TPM_RC_VALUE; + break; + default: + if( ((*target < TRANSIENT_FIRST) || (*target > TRANSIENT_LAST)) + && ((*target < PERSISTENT_FIRST) || (*target > PERSISTENT_LAST))) + result = TPM_RC_VALUE; + break; + } + } + return result; +} +#if !USE_MARSHALING_DEFINES +UINT16 +TPMI_DH_PARENT_Marshal(TPMI_DH_PARENT *source, BYTE **buffer, INT32 *size) +{ + return TPM_HANDLE_Marshal((TPM_HANDLE *)source, buffer, size); +} +#endif // !USE_MARSHALING_DEFINES + +// Table 2:43 - Definition of TPMI_DH_PERSISTENT Type +TPM_RC +TPMI_DH_PERSISTENT_Unmarshal(TPMI_DH_PERSISTENT *target, BYTE **buffer, INT32 *size) +{ + TPM_RC result; + result = TPM_HANDLE_Unmarshal((TPM_HANDLE *)target, buffer, size); + if(result == TPM_RC_SUCCESS) + { + if((*target < PERSISTENT_FIRST) || (*target > PERSISTENT_LAST)) + result = TPM_RC_VALUE; + } + return result; +} +#if !USE_MARSHALING_DEFINES +UINT16 +TPMI_DH_PERSISTENT_Marshal(TPMI_DH_PERSISTENT *source, BYTE **buffer, INT32 *size) +{ + return TPM_HANDLE_Marshal((TPM_HANDLE *)source, buffer, size); +} +#endif // !USE_MARSHALING_DEFINES + +// Table 2:44 - Definition of TPMI_DH_ENTITY Type +TPM_RC +TPMI_DH_ENTITY_Unmarshal(TPMI_DH_ENTITY *target, BYTE **buffer, INT32 *size, BOOL flag) +{ + TPM_RC result; + result = TPM_HANDLE_Unmarshal((TPM_HANDLE *)target, buffer, size); + if(result == TPM_RC_SUCCESS) + { + switch (*target) + { + case TPM_RH_OWNER: + case TPM_RH_ENDORSEMENT: + case TPM_RH_PLATFORM: + case TPM_RH_LOCKOUT: + break; + case TPM_RH_NULL: + if(!flag) + result = TPM_RC_VALUE; + break; + default: + if( ((*target < TRANSIENT_FIRST) || (*target > TRANSIENT_LAST)) + && ((*target < PERSISTENT_FIRST) || (*target > PERSISTENT_LAST)) + && ((*target < NV_INDEX_FIRST) || (*target > NV_INDEX_LAST)) + && (*target > PCR_LAST) + && ((*target < TPM_RH_AUTH_00) || (*target > TPM_RH_AUTH_FF))) + result = TPM_RC_VALUE; + break; + } + } + return result; +} + +// Table 2:45 - Definition of TPMI_DH_PCR Type +TPM_RC +TPMI_DH_PCR_Unmarshal(TPMI_DH_PCR *target, BYTE **buffer, INT32 *size, BOOL flag) +{ + TPM_RC result; + result = TPM_HANDLE_Unmarshal((TPM_HANDLE *)target, buffer, size); + if(result == TPM_RC_SUCCESS) + { + if(*target == TPM_RH_NULL) + { + if(!flag) + result = TPM_RC_VALUE; + } + else if(*target > PCR_LAST) + result = TPM_RC_VALUE; + } + return result; +} + +// Table 2:46 - Definition of TPMI_SH_AUTH_SESSION Type +TPM_RC +TPMI_SH_AUTH_SESSION_Unmarshal(TPMI_SH_AUTH_SESSION *target, BYTE **buffer, INT32 *size, BOOL flag) +{ + TPM_RC result; + result = TPM_HANDLE_Unmarshal((TPM_HANDLE *)target, buffer, size); + if(result == TPM_RC_SUCCESS) + { + if(*target == TPM_RS_PW) + { + if(!flag) + result = TPM_RC_VALUE; + } + else if( ((*target < HMAC_SESSION_FIRST) || (*target > HMAC_SESSION_LAST)) + && ((*target < POLICY_SESSION_FIRST) || (*target > POLICY_SESSION_LAST))) + result = TPM_RC_VALUE; + } + return result; +} +#if !USE_MARSHALING_DEFINES +UINT16 +TPMI_SH_AUTH_SESSION_Marshal(TPMI_SH_AUTH_SESSION *source, BYTE **buffer, INT32 *size) +{ + return TPM_HANDLE_Marshal((TPM_HANDLE *)source, buffer, size); +} +#endif // !USE_MARSHALING_DEFINES + +// Table 2:47 - Definition of TPMI_SH_HMAC Type +TPM_RC +TPMI_SH_HMAC_Unmarshal(TPMI_SH_HMAC *target, BYTE **buffer, INT32 *size) +{ + TPM_RC result; + result = TPM_HANDLE_Unmarshal((TPM_HANDLE *)target, buffer, size); + if(result == TPM_RC_SUCCESS) + { + if((*target < HMAC_SESSION_FIRST) || (*target > HMAC_SESSION_LAST)) + result = TPM_RC_VALUE; + } + return result; +} +#if !USE_MARSHALING_DEFINES +UINT16 +TPMI_SH_HMAC_Marshal(TPMI_SH_HMAC *source, BYTE **buffer, INT32 *size) +{ + return TPM_HANDLE_Marshal((TPM_HANDLE *)source, buffer, size); +} +#endif // !USE_MARSHALING_DEFINES + +// Table 2:48 - Definition of TPMI_SH_POLICY Type +TPM_RC +TPMI_SH_POLICY_Unmarshal(TPMI_SH_POLICY *target, BYTE **buffer, INT32 *size) +{ + TPM_RC result; + result = TPM_HANDLE_Unmarshal((TPM_HANDLE *)target, buffer, size); + if(result == TPM_RC_SUCCESS) + { + if((*target < POLICY_SESSION_FIRST) || (*target > POLICY_SESSION_LAST)) + result = TPM_RC_VALUE; + } + return result; +} +#if !USE_MARSHALING_DEFINES +UINT16 +TPMI_SH_POLICY_Marshal(TPMI_SH_POLICY *source, BYTE **buffer, INT32 *size) +{ + return TPM_HANDLE_Marshal((TPM_HANDLE *)source, buffer, size); +} +#endif // !USE_MARSHALING_DEFINES + +// Table 2:49 - Definition of TPMI_DH_CONTEXT Type +TPM_RC +TPMI_DH_CONTEXT_Unmarshal(TPMI_DH_CONTEXT *target, BYTE **buffer, INT32 *size) +{ + TPM_RC result; + result = TPM_HANDLE_Unmarshal((TPM_HANDLE *)target, buffer, size); + if(result == TPM_RC_SUCCESS) + { + if( ((*target < HMAC_SESSION_FIRST) || (*target > HMAC_SESSION_LAST)) + && ((*target < POLICY_SESSION_FIRST) || (*target > POLICY_SESSION_LAST)) + && ((*target < TRANSIENT_FIRST) || (*target > TRANSIENT_LAST))) + result = TPM_RC_VALUE; + } + return result; +} +#if !USE_MARSHALING_DEFINES +UINT16 +TPMI_DH_CONTEXT_Marshal(TPMI_DH_CONTEXT *source, BYTE **buffer, INT32 *size) +{ + return TPM_HANDLE_Marshal((TPM_HANDLE *)source, buffer, size); +} +#endif // !USE_MARSHALING_DEFINES + +// Table 2:50 - Definition of TPMI_DH_SAVED Type +TPM_RC +TPMI_DH_SAVED_Unmarshal(TPMI_DH_SAVED *target, BYTE **buffer, INT32 *size) +{ + TPM_RC result; + result = TPM_HANDLE_Unmarshal((TPM_HANDLE *)target, buffer, size); + if(result == TPM_RC_SUCCESS) + { + switch (*target) + { + case 0x80000000: + case 0x80000001: + case 0x80000002: + break; + default: + if( ((*target < HMAC_SESSION_FIRST) || (*target > HMAC_SESSION_LAST)) + && ((*target < POLICY_SESSION_FIRST) || (*target > POLICY_SESSION_LAST))) + result = TPM_RC_VALUE; + break; + } + } + return result; +} +#if !USE_MARSHALING_DEFINES +UINT16 +TPMI_DH_SAVED_Marshal(TPMI_DH_SAVED *source, BYTE **buffer, INT32 *size) +{ + return TPM_HANDLE_Marshal((TPM_HANDLE *)source, buffer, size); +} +#endif // !USE_MARSHALING_DEFINES + +// Table 2:51 - Definition of TPMI_RH_HIERARCHY Type +TPM_RC +TPMI_RH_HIERARCHY_Unmarshal(TPMI_RH_HIERARCHY *target, BYTE **buffer, INT32 *size, BOOL flag) +{ + TPM_RC result; + result = TPM_HANDLE_Unmarshal((TPM_HANDLE *)target, buffer, size); + if(result == TPM_RC_SUCCESS) + { + switch (*target) + { + case TPM_RH_OWNER: + case TPM_RH_PLATFORM: + case TPM_RH_ENDORSEMENT: + break; + case TPM_RH_NULL: + if(!flag) + result = TPM_RC_VALUE; + break; + default: + result = TPM_RC_VALUE; + break; + } + } + return result; +} +#if !USE_MARSHALING_DEFINES +UINT16 +TPMI_RH_HIERARCHY_Marshal(TPMI_RH_HIERARCHY *source, BYTE **buffer, INT32 *size) +{ + return TPM_HANDLE_Marshal((TPM_HANDLE *)source, buffer, size); +} +#endif // !USE_MARSHALING_DEFINES + +// Table 2:52 - Definition of TPMI_RH_ENABLES Type +TPM_RC +TPMI_RH_ENABLES_Unmarshal(TPMI_RH_ENABLES *target, BYTE **buffer, INT32 *size, BOOL flag) +{ + TPM_RC result; + result = TPM_HANDLE_Unmarshal((TPM_HANDLE *)target, buffer, size); + if(result == TPM_RC_SUCCESS) + { + switch (*target) + { + case TPM_RH_OWNER: + case TPM_RH_PLATFORM: + case TPM_RH_ENDORSEMENT: + case TPM_RH_PLATFORM_NV: + break; + case TPM_RH_NULL: + if(!flag) + result = TPM_RC_VALUE; + break; + default: + result = TPM_RC_VALUE; + break; + } + } + return result; +} +#if !USE_MARSHALING_DEFINES +UINT16 +TPMI_RH_ENABLES_Marshal(TPMI_RH_ENABLES *source, BYTE **buffer, INT32 *size) +{ + return TPM_HANDLE_Marshal((TPM_HANDLE *)source, buffer, size); +} +#endif // !USE_MARSHALING_DEFINES + +// Table 2:53 - Definition of TPMI_RH_HIERARCHY_AUTH Type +TPM_RC +TPMI_RH_HIERARCHY_AUTH_Unmarshal(TPMI_RH_HIERARCHY_AUTH *target, BYTE **buffer, INT32 *size) +{ + TPM_RC result; + result = TPM_HANDLE_Unmarshal((TPM_HANDLE *)target, buffer, size); + if(result == TPM_RC_SUCCESS) + { + switch (*target) + { + case TPM_RH_OWNER: + case TPM_RH_PLATFORM: + case TPM_RH_ENDORSEMENT: + case TPM_RH_LOCKOUT: + break; + default: + result = TPM_RC_VALUE; + break; + } + } + return result; +} + +// Table 2:54 - Definition of TPMI_RH_PLATFORM Type +TPM_RC +TPMI_RH_PLATFORM_Unmarshal(TPMI_RH_PLATFORM *target, BYTE **buffer, INT32 *size) +{ + TPM_RC result; + result = TPM_HANDLE_Unmarshal((TPM_HANDLE *)target, buffer, size); + if(result == TPM_RC_SUCCESS) + { + switch (*target) + { + case TPM_RH_PLATFORM: + break; + default: + result = TPM_RC_VALUE; + break; + } + } + return result; +} + +// Table 2:55 - Definition of TPMI_RH_OWNER Type +TPM_RC +TPMI_RH_OWNER_Unmarshal(TPMI_RH_OWNER *target, BYTE **buffer, INT32 *size, BOOL flag) +{ + TPM_RC result; + result = TPM_HANDLE_Unmarshal((TPM_HANDLE *)target, buffer, size); + if(result == TPM_RC_SUCCESS) + { + switch (*target) + { + case TPM_RH_OWNER: + break; + case TPM_RH_NULL: + if(!flag) + result = TPM_RC_VALUE; + break; + default: + result = TPM_RC_VALUE; + break; + } + } + return result; +} + +// Table 2:56 - Definition of TPMI_RH_ENDORSEMENT Type +TPM_RC +TPMI_RH_ENDORSEMENT_Unmarshal(TPMI_RH_ENDORSEMENT *target, BYTE **buffer, INT32 *size, BOOL flag) +{ + TPM_RC result; + result = TPM_HANDLE_Unmarshal((TPM_HANDLE *)target, buffer, size); + if(result == TPM_RC_SUCCESS) + { + switch (*target) + { + case TPM_RH_ENDORSEMENT: + break; + case TPM_RH_NULL: + if(!flag) + result = TPM_RC_VALUE; + break; + default: + result = TPM_RC_VALUE; + break; + } + } + return result; +} + +// Table 2:57 - Definition of TPMI_RH_PROVISION Type +TPM_RC +TPMI_RH_PROVISION_Unmarshal(TPMI_RH_PROVISION *target, BYTE **buffer, INT32 *size) +{ + TPM_RC result; + result = TPM_HANDLE_Unmarshal((TPM_HANDLE *)target, buffer, size); + if(result == TPM_RC_SUCCESS) + { + switch (*target) + { + case TPM_RH_OWNER: + case TPM_RH_PLATFORM: + break; + default: + result = TPM_RC_VALUE; + break; + } + } + return result; +} + +// Table 2:58 - Definition of TPMI_RH_CLEAR Type +TPM_RC +TPMI_RH_CLEAR_Unmarshal(TPMI_RH_CLEAR *target, BYTE **buffer, INT32 *size) +{ + TPM_RC result; + result = TPM_HANDLE_Unmarshal((TPM_HANDLE *)target, buffer, size); + if(result == TPM_RC_SUCCESS) + { + switch (*target) + { + case TPM_RH_LOCKOUT: + case TPM_RH_PLATFORM: + break; + default: + result = TPM_RC_VALUE; + break; + } + } + return result; +} + +// Table 2:59 - Definition of TPMI_RH_NV_AUTH Type +TPM_RC +TPMI_RH_NV_AUTH_Unmarshal(TPMI_RH_NV_AUTH *target, BYTE **buffer, INT32 *size) +{ + TPM_RC result; + result = TPM_HANDLE_Unmarshal((TPM_HANDLE *)target, buffer, size); + if(result == TPM_RC_SUCCESS) + { + switch (*target) + { + case TPM_RH_PLATFORM: + case TPM_RH_OWNER: + break; + default: + if((*target < NV_INDEX_FIRST) || (*target > NV_INDEX_LAST)) + result = TPM_RC_VALUE; + break; + } + } + return result; +} + +// Table 2:60 - Definition of TPMI_RH_LOCKOUT Type +TPM_RC +TPMI_RH_LOCKOUT_Unmarshal(TPMI_RH_LOCKOUT *target, BYTE **buffer, INT32 *size) +{ + TPM_RC result; + result = TPM_HANDLE_Unmarshal((TPM_HANDLE *)target, buffer, size); + if(result == TPM_RC_SUCCESS) + { + switch (*target) + { + case TPM_RH_LOCKOUT: + break; + default: + result = TPM_RC_VALUE; + break; + } + } + return result; +} + +// Table 2:61 - Definition of TPMI_RH_NV_INDEX Type +TPM_RC +TPMI_RH_NV_INDEX_Unmarshal(TPMI_RH_NV_INDEX *target, BYTE **buffer, INT32 *size) +{ + TPM_RC result; + result = TPM_HANDLE_Unmarshal((TPM_HANDLE *)target, buffer, size); + if(result == TPM_RC_SUCCESS) + { + if((*target < NV_INDEX_FIRST) || (*target > NV_INDEX_LAST)) + result = TPM_RC_VALUE; + } + return result; +} +#if !USE_MARSHALING_DEFINES +UINT16 +TPMI_RH_NV_INDEX_Marshal(TPMI_RH_NV_INDEX *source, BYTE **buffer, INT32 *size) +{ + return TPM_HANDLE_Marshal((TPM_HANDLE *)source, buffer, size); +} +#endif // !USE_MARSHALING_DEFINES + +// Table 2:62 - Definition of TPMI_RH_AC Type +TPM_RC +TPMI_RH_AC_Unmarshal(TPMI_RH_AC *target, BYTE **buffer, INT32 *size) +{ + TPM_RC result; + result = TPM_HANDLE_Unmarshal((TPM_HANDLE *)target, buffer, size); + if(result == TPM_RC_SUCCESS) + { + if((*target < AC_FIRST) || (*target > AC_LAST)) + result = TPM_RC_VALUE; + } + return result; +} + +// Table 2:63 - Definition of TPMI_ALG_HASH Type +TPM_RC +TPMI_ALG_HASH_Unmarshal(TPMI_ALG_HASH *target, BYTE **buffer, INT32 *size, BOOL flag) +{ + TPM_RC result; + result = TPM_ALG_ID_Unmarshal((TPM_ALG_ID *)target, buffer, size); + if(result == TPM_RC_SUCCESS) + { + switch (*target) + { +#if ALG_SHA1 + case ALG_SHA1_VALUE: +#endif // ALG_SHA1 +#if ALG_SHA256 + case ALG_SHA256_VALUE: +#endif // ALG_SHA256 +#if ALG_SHA384 + case ALG_SHA384_VALUE: +#endif // ALG_SHA384 +#if ALG_SHA512 + case ALG_SHA512_VALUE: +#endif // ALG_SHA512 +#if ALG_SM3_256 + case ALG_SM3_256_VALUE: +#endif // ALG_SM3_256 +#if ALG_SHA3_256 + case ALG_SHA3_256_VALUE: +#endif // ALG_SHA3_256 +#if ALG_SHA3_384 + case ALG_SHA3_384_VALUE: +#endif // ALG_SHA3_384 +#if ALG_SHA3_512 + case ALG_SHA3_512_VALUE: +#endif // ALG_SHA3_512 + break; + case ALG_NULL_VALUE: + if(!flag) + result = TPM_RC_HASH; + break; + default: + result = TPM_RC_HASH; + break; + } + } + return result; +} +#if !USE_MARSHALING_DEFINES +UINT16 +TPMI_ALG_HASH_Marshal(TPMI_ALG_HASH *source, BYTE **buffer, INT32 *size) +{ + return TPM_ALG_ID_Marshal((TPM_ALG_ID *)source, buffer, size); +} +#endif // !USE_MARSHALING_DEFINES + +// Table 2:64 - Definition of TPMI_ALG_ASYM Type +TPM_RC +TPMI_ALG_ASYM_Unmarshal(TPMI_ALG_ASYM *target, BYTE **buffer, INT32 *size, BOOL flag) +{ + TPM_RC result; + result = TPM_ALG_ID_Unmarshal((TPM_ALG_ID *)target, buffer, size); + if(result == TPM_RC_SUCCESS) + { + switch (*target) + { +#if ALG_RSA + case ALG_RSA_VALUE: +#endif // ALG_RSA +#if ALG_ECC + case ALG_ECC_VALUE: +#endif // ALG_ECC + break; + case ALG_NULL_VALUE: + if(!flag) + result = TPM_RC_ASYMMETRIC; + break; + default: + result = TPM_RC_ASYMMETRIC; + break; + } + } + return result; +} +#if !USE_MARSHALING_DEFINES +UINT16 +TPMI_ALG_ASYM_Marshal(TPMI_ALG_ASYM *source, BYTE **buffer, INT32 *size) +{ + return TPM_ALG_ID_Marshal((TPM_ALG_ID *)source, buffer, size); +} +#endif // !USE_MARSHALING_DEFINES + +// Table 2:65 - Definition of TPMI_ALG_SYM Type +TPM_RC +TPMI_ALG_SYM_Unmarshal(TPMI_ALG_SYM *target, BYTE **buffer, INT32 *size, BOOL flag) +{ + TPM_RC result; + result = TPM_ALG_ID_Unmarshal((TPM_ALG_ID *)target, buffer, size); + if(result == TPM_RC_SUCCESS) + { + switch (*target) + { +#if ALG_TDES + case ALG_TDES_VALUE: +#endif // ALG_TDES +#if ALG_AES + case ALG_AES_VALUE: +#endif // ALG_AES +#if ALG_SM4 + case ALG_SM4_VALUE: +#endif // ALG_SM4 +#if ALG_CAMELLIA + case ALG_CAMELLIA_VALUE: +#endif // ALG_CAMELLIA +#if ALG_XOR + case ALG_XOR_VALUE: +#endif // ALG_XOR + break; + case ALG_NULL_VALUE: + if(!flag) + result = TPM_RC_SYMMETRIC; + break; + default: + result = TPM_RC_SYMMETRIC; + break; + } + } + return result; +} +#if !USE_MARSHALING_DEFINES +UINT16 +TPMI_ALG_SYM_Marshal(TPMI_ALG_SYM *source, BYTE **buffer, INT32 *size) +{ + return TPM_ALG_ID_Marshal((TPM_ALG_ID *)source, buffer, size); +} +#endif // !USE_MARSHALING_DEFINES + +// Table 2:66 - Definition of TPMI_ALG_SYM_OBJECT Type +TPM_RC +TPMI_ALG_SYM_OBJECT_Unmarshal(TPMI_ALG_SYM_OBJECT *target, BYTE **buffer, INT32 *size, BOOL flag) +{ + TPM_RC result; + result = TPM_ALG_ID_Unmarshal((TPM_ALG_ID *)target, buffer, size); + if(result == TPM_RC_SUCCESS) + { + switch (*target) + { +#if ALG_TDES + case ALG_TDES_VALUE: +#endif // ALG_TDES +#if ALG_AES + case ALG_AES_VALUE: +#endif // ALG_AES +#if ALG_SM4 + case ALG_SM4_VALUE: +#endif // ALG_SM4 +#if ALG_CAMELLIA + case ALG_CAMELLIA_VALUE: +#endif // ALG_CAMELLIA + break; + case ALG_NULL_VALUE: + if(!flag) + result = TPM_RC_SYMMETRIC; + break; + default: + result = TPM_RC_SYMMETRIC; + break; + } + } + return result; +} +#if !USE_MARSHALING_DEFINES +UINT16 +TPMI_ALG_SYM_OBJECT_Marshal(TPMI_ALG_SYM_OBJECT *source, BYTE **buffer, INT32 *size) +{ + return TPM_ALG_ID_Marshal((TPM_ALG_ID *)source, buffer, size); +} +#endif // !USE_MARSHALING_DEFINES + +// Table 2:67 - Definition of TPMI_ALG_SYM_MODE Type +TPM_RC +TPMI_ALG_SYM_MODE_Unmarshal(TPMI_ALG_SYM_MODE *target, BYTE **buffer, INT32 *size, BOOL flag) +{ + TPM_RC result; + result = TPM_ALG_ID_Unmarshal((TPM_ALG_ID *)target, buffer, size); + if(result == TPM_RC_SUCCESS) + { + switch (*target) + { +#if ALG_CTR + case ALG_CTR_VALUE: +#endif // ALG_CTR +#if ALG_OFB + case ALG_OFB_VALUE: +#endif // ALG_OFB +#if ALG_CBC + case ALG_CBC_VALUE: +#endif // ALG_CBC +#if ALG_CFB + case ALG_CFB_VALUE: +#endif // ALG_CFB +#if ALG_ECB + case ALG_ECB_VALUE: +#endif // ALG_ECB +#if ALG_CMAC + case ALG_CMAC_VALUE: +#endif // ALG_CMAC + break; + case ALG_NULL_VALUE: + if(!flag) + result = TPM_RC_MODE; + break; + default: + result = TPM_RC_MODE; + break; + } + } + return result; +} +#if !USE_MARSHALING_DEFINES +UINT16 +TPMI_ALG_SYM_MODE_Marshal(TPMI_ALG_SYM_MODE *source, BYTE **buffer, INT32 *size) +{ + return TPM_ALG_ID_Marshal((TPM_ALG_ID *)source, buffer, size); +} +#endif // !USE_MARSHALING_DEFINES + +// Table 2:68 - Definition of TPMI_ALG_KDF Type +TPM_RC +TPMI_ALG_KDF_Unmarshal(TPMI_ALG_KDF *target, BYTE **buffer, INT32 *size, BOOL flag) +{ + TPM_RC result; + result = TPM_ALG_ID_Unmarshal((TPM_ALG_ID *)target, buffer, size); + if(result == TPM_RC_SUCCESS) + { + switch (*target) + { +#if ALG_MGF1 + case ALG_MGF1_VALUE: +#endif // ALG_MGF1 +#if ALG_KDF1_SP800_56A + case ALG_KDF1_SP800_56A_VALUE: +#endif // ALG_KDF1_SP800_56A +#if ALG_KDF2 + case ALG_KDF2_VALUE: +#endif // ALG_KDF2 +#if ALG_KDF1_SP800_108 + case ALG_KDF1_SP800_108_VALUE: +#endif // ALG_KDF1_SP800_108 + break; + case ALG_NULL_VALUE: + if(!flag) + result = TPM_RC_KDF; + break; + default: + result = TPM_RC_KDF; + break; + } + } + return result; +} +#if !USE_MARSHALING_DEFINES +UINT16 +TPMI_ALG_KDF_Marshal(TPMI_ALG_KDF *source, BYTE **buffer, INT32 *size) +{ + return TPM_ALG_ID_Marshal((TPM_ALG_ID *)source, buffer, size); +} +#endif // !USE_MARSHALING_DEFINES + +// Table 2:69 - Definition of TPMI_ALG_SIG_SCHEME Type +TPM_RC +TPMI_ALG_SIG_SCHEME_Unmarshal(TPMI_ALG_SIG_SCHEME *target, BYTE **buffer, INT32 *size, BOOL flag) +{ + TPM_RC result; + result = TPM_ALG_ID_Unmarshal((TPM_ALG_ID *)target, buffer, size); + if(result == TPM_RC_SUCCESS) + { + switch (*target) + { +#if ALG_ECDAA + case ALG_ECDAA_VALUE: +#endif // ALG_ECDAA +#if ALG_RSASSA + case ALG_RSASSA_VALUE: +#endif // ALG_RSASSA +#if ALG_RSAPSS + case ALG_RSAPSS_VALUE: +#endif // ALG_RSAPSS +#if ALG_ECDSA + case ALG_ECDSA_VALUE: +#endif // ALG_ECDSA +#if ALG_SM2 + case ALG_SM2_VALUE: +#endif // ALG_SM2 +#if ALG_ECSCHNORR + case ALG_ECSCHNORR_VALUE: +#endif // ALG_ECSCHNORR +#if ALG_HMAC + case ALG_HMAC_VALUE: +#endif // ALG_HMAC + break; + case ALG_NULL_VALUE: + if(!flag) + result = TPM_RC_SCHEME; + break; + default: + result = TPM_RC_SCHEME; + break; + } + } + return result; +} +#if !USE_MARSHALING_DEFINES +UINT16 +TPMI_ALG_SIG_SCHEME_Marshal(TPMI_ALG_SIG_SCHEME *source, BYTE **buffer, INT32 *size) +{ + return TPM_ALG_ID_Marshal((TPM_ALG_ID *)source, buffer, size); +} +#endif // !USE_MARSHALING_DEFINES + +// Table 2:70 - Definition of TPMI_ECC_KEY_EXCHANGE Type +#if ALG_ECC +TPM_RC +TPMI_ECC_KEY_EXCHANGE_Unmarshal(TPMI_ECC_KEY_EXCHANGE *target, BYTE **buffer, INT32 *size, BOOL flag) +{ + TPM_RC result; + result = TPM_ALG_ID_Unmarshal((TPM_ALG_ID *)target, buffer, size); + if(result == TPM_RC_SUCCESS) + { + switch (*target) + { +#if ALG_ECDH + case ALG_ECDH_VALUE: +#endif // ALG_ECDH +#if ALG_ECMQV + case ALG_ECMQV_VALUE: +#endif // ALG_ECMQV +#if ALG_SM2 + case ALG_SM2_VALUE: +#endif // ALG_SM2 + break; + case ALG_NULL_VALUE: + if(!flag) + result = TPM_RC_SCHEME; + break; + default: + result = TPM_RC_SCHEME; + break; + } + } + return result; +} +#if !USE_MARSHALING_DEFINES +UINT16 +TPMI_ECC_KEY_EXCHANGE_Marshal(TPMI_ECC_KEY_EXCHANGE *source, BYTE **buffer, INT32 *size) +{ + return TPM_ALG_ID_Marshal((TPM_ALG_ID *)source, buffer, size); +} +#endif // !USE_MARSHALING_DEFINES +#endif // ALG_ECC + +// Table 2:71 - Definition of TPMI_ST_COMMAND_TAG Type +TPM_RC +TPMI_ST_COMMAND_TAG_Unmarshal(TPMI_ST_COMMAND_TAG *target, BYTE **buffer, INT32 *size) +{ + TPM_RC result; + result = TPM_ST_Unmarshal((TPM_ST *)target, buffer, size); + if(result == TPM_RC_SUCCESS) + { + switch (*target) + { + case TPM_ST_NO_SESSIONS: + case TPM_ST_SESSIONS: + break; + default: + result = TPM_RC_BAD_TAG; + break; + } + } + return result; +} +#if !USE_MARSHALING_DEFINES +UINT16 +TPMI_ST_COMMAND_TAG_Marshal(TPMI_ST_COMMAND_TAG *source, BYTE **buffer, INT32 *size) +{ + return TPM_ST_Marshal((TPM_ST *)source, buffer, size); +} +#endif // !USE_MARSHALING_DEFINES + +// Table 2:72 - Definition of TPMI_ALG_MAC_SCHEME Type +TPM_RC +TPMI_ALG_MAC_SCHEME_Unmarshal(TPMI_ALG_MAC_SCHEME *target, BYTE **buffer, INT32 *size, BOOL flag) +{ + TPM_RC result; + result = TPM_ALG_ID_Unmarshal((TPM_ALG_ID *)target, buffer, size); + if(result == TPM_RC_SUCCESS) + { + switch (*target) + { +#if ALG_CMAC + case ALG_CMAC_VALUE: +#endif // ALG_CMAC +#if ALG_SHA1 + case ALG_SHA1_VALUE: +#endif // ALG_SHA1 +#if ALG_SHA256 + case ALG_SHA256_VALUE: +#endif // ALG_SHA256 +#if ALG_SHA384 + case ALG_SHA384_VALUE: +#endif // ALG_SHA384 +#if ALG_SHA512 + case ALG_SHA512_VALUE: +#endif // ALG_SHA512 +#if ALG_SM3_256 + case ALG_SM3_256_VALUE: +#endif // ALG_SM3_256 +#if ALG_SHA3_256 + case ALG_SHA3_256_VALUE: +#endif // ALG_SHA3_256 +#if ALG_SHA3_384 + case ALG_SHA3_384_VALUE: +#endif // ALG_SHA3_384 +#if ALG_SHA3_512 + case ALG_SHA3_512_VALUE: +#endif // ALG_SHA3_512 + break; + case ALG_NULL_VALUE: + if(!flag) + result = TPM_RC_SYMMETRIC; + break; + default: + result = TPM_RC_SYMMETRIC; + break; + } + } + return result; +} +#if !USE_MARSHALING_DEFINES +UINT16 +TPMI_ALG_MAC_SCHEME_Marshal(TPMI_ALG_MAC_SCHEME *source, BYTE **buffer, INT32 *size) +{ + return TPM_ALG_ID_Marshal((TPM_ALG_ID *)source, buffer, size); +} +#endif // !USE_MARSHALING_DEFINES + +// Table 2:73 - Definition of TPMI_ALG_CIPHER_MODE Type +TPM_RC +TPMI_ALG_CIPHER_MODE_Unmarshal(TPMI_ALG_CIPHER_MODE *target, BYTE **buffer, INT32 *size, BOOL flag) +{ + TPM_RC result; + result = TPM_ALG_ID_Unmarshal((TPM_ALG_ID *)target, buffer, size); + if(result == TPM_RC_SUCCESS) + { + switch (*target) + { +#if ALG_CTR + case ALG_CTR_VALUE: +#endif // ALG_CTR +#if ALG_OFB + case ALG_OFB_VALUE: +#endif // ALG_OFB +#if ALG_CBC + case ALG_CBC_VALUE: +#endif // ALG_CBC +#if ALG_CFB + case ALG_CFB_VALUE: +#endif // ALG_CFB +#if ALG_ECB + case ALG_ECB_VALUE: +#endif // ALG_ECB + break; + case ALG_NULL_VALUE: + if(!flag) + result = TPM_RC_MODE; + break; + default: + result = TPM_RC_MODE; + break; + } + } + return result; +} +#if !USE_MARSHALING_DEFINES +UINT16 +TPMI_ALG_CIPHER_MODE_Marshal(TPMI_ALG_CIPHER_MODE *source, BYTE **buffer, INT32 *size) +{ + return TPM_ALG_ID_Marshal((TPM_ALG_ID *)source, buffer, size); +} +#endif // !USE_MARSHALING_DEFINES + +// Table 2:74 - Definition of TPMS_EMPTY Structure +TPM_RC +TPMS_EMPTY_Unmarshal(TPMS_EMPTY *target, BYTE **buffer, INT32 *size) +{ + // to prevent the compiler from complaining + NOT_REFERENCED(target); + NOT_REFERENCED(buffer); + NOT_REFERENCED(size); + return TPM_RC_SUCCESS; +} +UINT16 +TPMS_EMPTY_Marshal(TPMS_EMPTY *source, BYTE **buffer, INT32 *size) +{ + // to prevent the compiler from complaining + NOT_REFERENCED(source); + NOT_REFERENCED(buffer); + NOT_REFERENCED(size); + return 0; +} + +// Table 2:75 - Definition of TPMS_ALGORITHM_DESCRIPTION Structure +UINT16 +TPMS_ALGORITHM_DESCRIPTION_Marshal(TPMS_ALGORITHM_DESCRIPTION *source, BYTE **buffer, INT32 *size) +{ + UINT16 result = 0; + result = (UINT16)(result + TPM_ALG_ID_Marshal((TPM_ALG_ID *)&(source->alg), buffer, size)); + result = (UINT16)(result + TPMA_ALGORITHM_Marshal((TPMA_ALGORITHM *)&(source->attributes), buffer, size)); + return result; +} + +// Table 2:76 - Definition of TPMU_HA Union +TPM_RC +TPMU_HA_Unmarshal(TPMU_HA *target, BYTE **buffer, INT32 *size, UINT32 selector) +{ + switch(selector) { +#if ALG_SHA1 + case ALG_SHA1_VALUE: + return BYTE_Array_Unmarshal((BYTE *)(target->sha1), buffer, size, (INT32)SHA1_DIGEST_SIZE); +#endif // ALG_SHA1 +#if ALG_SHA256 + case ALG_SHA256_VALUE: + return BYTE_Array_Unmarshal((BYTE *)(target->sha256), buffer, size, (INT32)SHA256_DIGEST_SIZE); +#endif // ALG_SHA256 +#if ALG_SHA384 + case ALG_SHA384_VALUE: + return BYTE_Array_Unmarshal((BYTE *)(target->sha384), buffer, size, (INT32)SHA384_DIGEST_SIZE); +#endif // ALG_SHA384 +#if ALG_SHA512 + case ALG_SHA512_VALUE: + return BYTE_Array_Unmarshal((BYTE *)(target->sha512), buffer, size, (INT32)SHA512_DIGEST_SIZE); +#endif // ALG_SHA512 +#if ALG_SM3_256 + case ALG_SM3_256_VALUE: + return BYTE_Array_Unmarshal((BYTE *)(target->sm3_256), buffer, size, (INT32)SM3_256_DIGEST_SIZE); +#endif // ALG_SM3_256 +#if ALG_SHA3_256 + case ALG_SHA3_256_VALUE: + return BYTE_Array_Unmarshal((BYTE *)(target->sha3_256), buffer, size, (INT32)SHA3_256_DIGEST_SIZE); +#endif // ALG_SHA3_256 +#if ALG_SHA3_384 + case ALG_SHA3_384_VALUE: + return BYTE_Array_Unmarshal((BYTE *)(target->sha3_384), buffer, size, (INT32)SHA3_384_DIGEST_SIZE); +#endif // ALG_SHA3_384 +#if ALG_SHA3_512 + case ALG_SHA3_512_VALUE: + return BYTE_Array_Unmarshal((BYTE *)(target->sha3_512), buffer, size, (INT32)SHA3_512_DIGEST_SIZE); +#endif // ALG_SHA3_512 + case ALG_NULL_VALUE: + return TPM_RC_SUCCESS; + } + return TPM_RC_SELECTOR; +} +UINT16 +TPMU_HA_Marshal(TPMU_HA *source, BYTE **buffer, INT32 *size, UINT32 selector) +{ + switch(selector) { +#if ALG_SHA1 + case ALG_SHA1_VALUE: + return BYTE_Array_Marshal((BYTE *)(source->sha1), buffer, size, (INT32)SHA1_DIGEST_SIZE); +#endif // ALG_SHA1 +#if ALG_SHA256 + case ALG_SHA256_VALUE: + return BYTE_Array_Marshal((BYTE *)(source->sha256), buffer, size, (INT32)SHA256_DIGEST_SIZE); +#endif // ALG_SHA256 +#if ALG_SHA384 + case ALG_SHA384_VALUE: + return BYTE_Array_Marshal((BYTE *)(source->sha384), buffer, size, (INT32)SHA384_DIGEST_SIZE); +#endif // ALG_SHA384 +#if ALG_SHA512 + case ALG_SHA512_VALUE: + return BYTE_Array_Marshal((BYTE *)(source->sha512), buffer, size, (INT32)SHA512_DIGEST_SIZE); +#endif // ALG_SHA512 +#if ALG_SM3_256 + case ALG_SM3_256_VALUE: + return BYTE_Array_Marshal((BYTE *)(source->sm3_256), buffer, size, (INT32)SM3_256_DIGEST_SIZE); +#endif // ALG_SM3_256 +#if ALG_SHA3_256 + case ALG_SHA3_256_VALUE: + return BYTE_Array_Marshal((BYTE *)(source->sha3_256), buffer, size, (INT32)SHA3_256_DIGEST_SIZE); +#endif // ALG_SHA3_256 +#if ALG_SHA3_384 + case ALG_SHA3_384_VALUE: + return BYTE_Array_Marshal((BYTE *)(source->sha3_384), buffer, size, (INT32)SHA3_384_DIGEST_SIZE); +#endif // ALG_SHA3_384 +#if ALG_SHA3_512 + case ALG_SHA3_512_VALUE: + return BYTE_Array_Marshal((BYTE *)(source->sha3_512), buffer, size, (INT32)SHA3_512_DIGEST_SIZE); +#endif // ALG_SHA3_512 + case ALG_NULL_VALUE: + return 0; + } + return 0; +} + +// Table 2:77 - Definition of TPMT_HA Structure +TPM_RC +TPMT_HA_Unmarshal(TPMT_HA *target, BYTE **buffer, INT32 *size, BOOL flag) +{ + TPM_RC result; + result = TPMI_ALG_HASH_Unmarshal((TPMI_ALG_HASH *)&(target->hashAlg), buffer, size, flag); + if(result == TPM_RC_SUCCESS) + result = TPMU_HA_Unmarshal((TPMU_HA *)&(target->digest), buffer, size, (UINT32)target->hashAlg); + return result; +} +UINT16 +TPMT_HA_Marshal(TPMT_HA *source, BYTE **buffer, INT32 *size) +{ + UINT16 result = 0; + result = (UINT16)(result + TPMI_ALG_HASH_Marshal((TPMI_ALG_HASH *)&(source->hashAlg), buffer, size)); + result = (UINT16)(result + TPMU_HA_Marshal((TPMU_HA *)&(source->digest), buffer, size, (UINT32)source->hashAlg)); + return result; +} + +// Table 2:78 - Definition of TPM2B_DIGEST Structure +TPM_RC +TPM2B_DIGEST_Unmarshal(TPM2B_DIGEST *target, BYTE **buffer, INT32 *size) +{ + TPM_RC result; + result = UINT16_Unmarshal((UINT16 *)&(target->t.size), buffer, size); + if(result == TPM_RC_SUCCESS) + { + if((target->t.size) > sizeof(TPMU_HA)) + result = TPM_RC_SIZE; + else + result = BYTE_Array_Unmarshal((BYTE *)(target->t.buffer), buffer, size, (INT32)(target->t.size)); + } + return result; +} +UINT16 +TPM2B_DIGEST_Marshal(TPM2B_DIGEST *source, BYTE **buffer, INT32 *size) +{ + UINT16 result = 0; + result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->t.size), buffer, size)); + // if size equal to 0, the rest of the structure is a zero buffer. Stop processing + if(source->t.size == 0) + return result; + result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->t.buffer), buffer, size, (INT32)(source->t.size))); + return result; +} + +// Table 2:79 - Definition of TPM2B_DATA Structure +TPM_RC +TPM2B_DATA_Unmarshal(TPM2B_DATA *target, BYTE **buffer, INT32 *size) +{ + TPM_RC result; + result = UINT16_Unmarshal((UINT16 *)&(target->t.size), buffer, size); + if(result == TPM_RC_SUCCESS) + { + if((target->t.size) > sizeof(TPMT_HA)) + result = TPM_RC_SIZE; + else + result = BYTE_Array_Unmarshal((BYTE *)(target->t.buffer), buffer, size, (INT32)(target->t.size)); + } + return result; +} +UINT16 +TPM2B_DATA_Marshal(TPM2B_DATA *source, BYTE **buffer, INT32 *size) +{ + UINT16 result = 0; + result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->t.size), buffer, size)); + // if size equal to 0, the rest of the structure is a zero buffer. Stop processing + if(source->t.size == 0) + return result; + result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->t.buffer), buffer, size, (INT32)(source->t.size))); + return result; +} + +// Table 2:80 - Definition of Types for TPM2B_NONCE +#if !USE_MARSHALING_DEFINES +TPM_RC +TPM2B_NONCE_Unmarshal(TPM2B_NONCE *target, BYTE **buffer, INT32 *size) +{ + return TPM2B_DIGEST_Unmarshal((TPM2B_DIGEST *)target, buffer, size); +} +UINT16 +TPM2B_NONCE_Marshal(TPM2B_NONCE *source, BYTE **buffer, INT32 *size) +{ + return TPM2B_DIGEST_Marshal((TPM2B_DIGEST *)source, buffer, size); +} +#endif // !USE_MARSHALING_DEFINES + +// Table 2:81 - Definition of Types for TPM2B_AUTH +#if !USE_MARSHALING_DEFINES +TPM_RC +TPM2B_AUTH_Unmarshal(TPM2B_AUTH *target, BYTE **buffer, INT32 *size) +{ + return TPM2B_DIGEST_Unmarshal((TPM2B_DIGEST *)target, buffer, size); +} +UINT16 +TPM2B_AUTH_Marshal(TPM2B_AUTH *source, BYTE **buffer, INT32 *size) +{ + return TPM2B_DIGEST_Marshal((TPM2B_DIGEST *)source, buffer, size); +} +#endif // !USE_MARSHALING_DEFINES + +// Table 2:82 - Definition of Types for TPM2B_OPERAND +#if !USE_MARSHALING_DEFINES +TPM_RC +TPM2B_OPERAND_Unmarshal(TPM2B_OPERAND *target, BYTE **buffer, INT32 *size) +{ + return TPM2B_DIGEST_Unmarshal((TPM2B_DIGEST *)target, buffer, size); +} +UINT16 +TPM2B_OPERAND_Marshal(TPM2B_OPERAND *source, BYTE **buffer, INT32 *size) +{ + return TPM2B_DIGEST_Marshal((TPM2B_DIGEST *)source, buffer, size); +} +#endif // !USE_MARSHALING_DEFINES + +// Table 2:83 - Definition of TPM2B_EVENT Structure +TPM_RC +TPM2B_EVENT_Unmarshal(TPM2B_EVENT *target, BYTE **buffer, INT32 *size) +{ + TPM_RC result; + result = UINT16_Unmarshal((UINT16 *)&(target->t.size), buffer, size); + if(result == TPM_RC_SUCCESS) + { + if((target->t.size) > 1024) + result = TPM_RC_SIZE; + else + result = BYTE_Array_Unmarshal((BYTE *)(target->t.buffer), buffer, size, (INT32)(target->t.size)); + } + return result; +} +UINT16 +TPM2B_EVENT_Marshal(TPM2B_EVENT *source, BYTE **buffer, INT32 *size) +{ + UINT16 result = 0; + result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->t.size), buffer, size)); + // if size equal to 0, the rest of the structure is a zero buffer. Stop processing + if(source->t.size == 0) + return result; + result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->t.buffer), buffer, size, (INT32)(source->t.size))); + return result; +} + +// Table 2:84 - Definition of TPM2B_MAX_BUFFER Structure +TPM_RC +TPM2B_MAX_BUFFER_Unmarshal(TPM2B_MAX_BUFFER *target, BYTE **buffer, INT32 *size) +{ + TPM_RC result; + result = UINT16_Unmarshal((UINT16 *)&(target->t.size), buffer, size); + if(result == TPM_RC_SUCCESS) + { + if((target->t.size) > MAX_DIGEST_BUFFER) + result = TPM_RC_SIZE; + else + result = BYTE_Array_Unmarshal((BYTE *)(target->t.buffer), buffer, size, (INT32)(target->t.size)); + } + return result; +} +UINT16 +TPM2B_MAX_BUFFER_Marshal(TPM2B_MAX_BUFFER *source, BYTE **buffer, INT32 *size) +{ + UINT16 result = 0; + result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->t.size), buffer, size)); + // if size equal to 0, the rest of the structure is a zero buffer. Stop processing + if(source->t.size == 0) + return result; + result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->t.buffer), buffer, size, (INT32)(source->t.size))); + return result; +} + +// Table 2:85 - Definition of TPM2B_MAX_NV_BUFFER Structure +TPM_RC +TPM2B_MAX_NV_BUFFER_Unmarshal(TPM2B_MAX_NV_BUFFER *target, BYTE **buffer, INT32 *size) +{ + TPM_RC result; + result = UINT16_Unmarshal((UINT16 *)&(target->t.size), buffer, size); + if(result == TPM_RC_SUCCESS) + { + if((target->t.size) > MAX_NV_BUFFER_SIZE) + result = TPM_RC_SIZE; + else + result = BYTE_Array_Unmarshal((BYTE *)(target->t.buffer), buffer, size, (INT32)(target->t.size)); + } + return result; +} +UINT16 +TPM2B_MAX_NV_BUFFER_Marshal(TPM2B_MAX_NV_BUFFER *source, BYTE **buffer, INT32 *size) +{ + UINT16 result = 0; + result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->t.size), buffer, size)); + // if size equal to 0, the rest of the structure is a zero buffer. Stop processing + if(source->t.size == 0) + return result; + result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->t.buffer), buffer, size, (INT32)(source->t.size))); + return result; +} + +// Table 2:86 - Definition of TPM2B_TIMEOUT Structure +TPM_RC +TPM2B_TIMEOUT_Unmarshal(TPM2B_TIMEOUT *target, BYTE **buffer, INT32 *size) +{ + TPM_RC result; + result = UINT16_Unmarshal((UINT16 *)&(target->t.size), buffer, size); + if(result == TPM_RC_SUCCESS) + { + if((target->t.size) > sizeof(UINT64)) + result = TPM_RC_SIZE; + else + result = BYTE_Array_Unmarshal((BYTE *)(target->t.buffer), buffer, size, (INT32)(target->t.size)); + } + return result; +} +UINT16 +TPM2B_TIMEOUT_Marshal(TPM2B_TIMEOUT *source, BYTE **buffer, INT32 *size) +{ + UINT16 result = 0; + result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->t.size), buffer, size)); + // if size equal to 0, the rest of the structure is a zero buffer. Stop processing + if(source->t.size == 0) + return result; + result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->t.buffer), buffer, size, (INT32)(source->t.size))); + return result; +} + +// Table 2:87 - Definition of TPM2B_IV Structure +TPM_RC +TPM2B_IV_Unmarshal(TPM2B_IV *target, BYTE **buffer, INT32 *size) +{ + TPM_RC result; + result = UINT16_Unmarshal((UINT16 *)&(target->t.size), buffer, size); + if(result == TPM_RC_SUCCESS) + { + if((target->t.size) > MAX_SYM_BLOCK_SIZE) + result = TPM_RC_SIZE; + else + result = BYTE_Array_Unmarshal((BYTE *)(target->t.buffer), buffer, size, (INT32)(target->t.size)); + } + return result; +} +UINT16 +TPM2B_IV_Marshal(TPM2B_IV *source, BYTE **buffer, INT32 *size) +{ + UINT16 result = 0; + result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->t.size), buffer, size)); + // if size equal to 0, the rest of the structure is a zero buffer. Stop processing + if(source->t.size == 0) + return result; + result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->t.buffer), buffer, size, (INT32)(source->t.size))); + return result; +} + +// Table 2:88 - Definition of TPMU_NAME Union +// Table 2:89 - Definition of TPM2B_NAME Structure +TPM_RC +TPM2B_NAME_Unmarshal(TPM2B_NAME *target, BYTE **buffer, INT32 *size) +{ + TPM_RC result; + result = UINT16_Unmarshal((UINT16 *)&(target->t.size), buffer, size); + if(result == TPM_RC_SUCCESS) + { + if((target->t.size) > sizeof(TPMU_NAME)) + result = TPM_RC_SIZE; + else + result = BYTE_Array_Unmarshal((BYTE *)(target->t.name), buffer, size, (INT32)(target->t.size)); + } + return result; +} +UINT16 +TPM2B_NAME_Marshal(TPM2B_NAME *source, BYTE **buffer, INT32 *size) +{ + UINT16 result = 0; + result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->t.size), buffer, size)); + // if size equal to 0, the rest of the structure is a zero buffer. Stop processing + if(source->t.size == 0) + return result; + result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->t.name), buffer, size, (INT32)(source->t.size))); + return result; +} + +// Table 2:90 - Definition of TPMS_PCR_SELECT Structure +TPM_RC +TPMS_PCR_SELECT_Unmarshal(TPMS_PCR_SELECT *target, BYTE **buffer, INT32 *size) +{ + TPM_RC result; + result = UINT8_Unmarshal((UINT8 *)&(target->sizeofSelect), buffer, size); + if( (result == TPM_RC_SUCCESS) + && (target->sizeofSelect < PCR_SELECT_MIN)) + result = TPM_RC_VALUE; + if(result == TPM_RC_SUCCESS) + { + if((target->sizeofSelect) > PCR_SELECT_MAX) + result = TPM_RC_VALUE; + else + result = BYTE_Array_Unmarshal((BYTE *)(target->pcrSelect), buffer, size, (INT32)(target->sizeofSelect)); + } + return result; +} +UINT16 +TPMS_PCR_SELECT_Marshal(TPMS_PCR_SELECT *source, BYTE **buffer, INT32 *size) +{ + UINT16 result = 0; + result = (UINT16)(result + UINT8_Marshal((UINT8 *)&(source->sizeofSelect), buffer, size)); + result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->pcrSelect), buffer, size, (INT32)(source->sizeofSelect))); + return result; +} + +// Table 2:91 - Definition of TPMS_PCR_SELECTION Structure +TPM_RC +TPMS_PCR_SELECTION_Unmarshal(TPMS_PCR_SELECTION *target, BYTE **buffer, INT32 *size) +{ + TPM_RC result; + result = TPMI_ALG_HASH_Unmarshal((TPMI_ALG_HASH *)&(target->hash), buffer, size, 0); + if(result == TPM_RC_SUCCESS) + result = UINT8_Unmarshal((UINT8 *)&(target->sizeofSelect), buffer, size); + if( (result == TPM_RC_SUCCESS) + && (target->sizeofSelect < PCR_SELECT_MIN)) + result = TPM_RC_VALUE; + if(result == TPM_RC_SUCCESS) + { + if((target->sizeofSelect) > PCR_SELECT_MAX) + result = TPM_RC_VALUE; + else + result = BYTE_Array_Unmarshal((BYTE *)(target->pcrSelect), buffer, size, (INT32)(target->sizeofSelect)); + } + return result; +} +UINT16 +TPMS_PCR_SELECTION_Marshal(TPMS_PCR_SELECTION *source, BYTE **buffer, INT32 *size) +{ + UINT16 result = 0; + result = (UINT16)(result + TPMI_ALG_HASH_Marshal((TPMI_ALG_HASH *)&(source->hash), buffer, size)); + result = (UINT16)(result + UINT8_Marshal((UINT8 *)&(source->sizeofSelect), buffer, size)); + result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->pcrSelect), buffer, size, (INT32)(source->sizeofSelect))); + return result; +} + +// Table 2:94 - Definition of TPMT_TK_CREATION Structure +TPM_RC +TPMT_TK_CREATION_Unmarshal(TPMT_TK_CREATION *target, BYTE **buffer, INT32 *size) +{ + TPM_RC result; + result = TPM_ST_Unmarshal((TPM_ST *)&(target->tag), buffer, size); + if( (result == TPM_RC_SUCCESS) + && (target->tag != TPM_ST_CREATION)) + result = TPM_RC_TAG; + if(result == TPM_RC_SUCCESS) + result = TPMI_RH_HIERARCHY_Unmarshal((TPMI_RH_HIERARCHY *)&(target->hierarchy), buffer, size, 1); + if(result == TPM_RC_SUCCESS) + result = TPM2B_DIGEST_Unmarshal((TPM2B_DIGEST *)&(target->digest), buffer, size); + return result; +} +UINT16 +TPMT_TK_CREATION_Marshal(TPMT_TK_CREATION *source, BYTE **buffer, INT32 *size) +{ + UINT16 result = 0; + result = (UINT16)(result + TPM_ST_Marshal((TPM_ST *)&(source->tag), buffer, size)); + result = (UINT16)(result + TPMI_RH_HIERARCHY_Marshal((TPMI_RH_HIERARCHY *)&(source->hierarchy), buffer, size)); + result = (UINT16)(result + TPM2B_DIGEST_Marshal((TPM2B_DIGEST *)&(source->digest), buffer, size)); + return result; +} + +// Table 2:95 - Definition of TPMT_TK_VERIFIED Structure +TPM_RC +TPMT_TK_VERIFIED_Unmarshal(TPMT_TK_VERIFIED *target, BYTE **buffer, INT32 *size) +{ + TPM_RC result; + result = TPM_ST_Unmarshal((TPM_ST *)&(target->tag), buffer, size); + if( (result == TPM_RC_SUCCESS) + && (target->tag != TPM_ST_VERIFIED)) + result = TPM_RC_TAG; + if(result == TPM_RC_SUCCESS) + result = TPMI_RH_HIERARCHY_Unmarshal((TPMI_RH_HIERARCHY *)&(target->hierarchy), buffer, size, 1); + if(result == TPM_RC_SUCCESS) + result = TPM2B_DIGEST_Unmarshal((TPM2B_DIGEST *)&(target->digest), buffer, size); + return result; +} +UINT16 +TPMT_TK_VERIFIED_Marshal(TPMT_TK_VERIFIED *source, BYTE **buffer, INT32 *size) +{ + UINT16 result = 0; + result = (UINT16)(result + TPM_ST_Marshal((TPM_ST *)&(source->tag), buffer, size)); + result = (UINT16)(result + TPMI_RH_HIERARCHY_Marshal((TPMI_RH_HIERARCHY *)&(source->hierarchy), buffer, size)); + result = (UINT16)(result + TPM2B_DIGEST_Marshal((TPM2B_DIGEST *)&(source->digest), buffer, size)); + return result; +} + +// Table 2:96 - Definition of TPMT_TK_AUTH Structure +TPM_RC +TPMT_TK_AUTH_Unmarshal(TPMT_TK_AUTH *target, BYTE **buffer, INT32 *size) +{ + TPM_RC result; + result = TPM_ST_Unmarshal((TPM_ST *)&(target->tag), buffer, size); + if( (result == TPM_RC_SUCCESS) + && (target->tag != TPM_ST_AUTH_SIGNED) + && (target->tag != TPM_ST_AUTH_SECRET)) + result = TPM_RC_TAG; + if(result == TPM_RC_SUCCESS) + result = TPMI_RH_HIERARCHY_Unmarshal((TPMI_RH_HIERARCHY *)&(target->hierarchy), buffer, size, 1); + if(result == TPM_RC_SUCCESS) + result = TPM2B_DIGEST_Unmarshal((TPM2B_DIGEST *)&(target->digest), buffer, size); + return result; +} +UINT16 +TPMT_TK_AUTH_Marshal(TPMT_TK_AUTH *source, BYTE **buffer, INT32 *size) +{ + UINT16 result = 0; + result = (UINT16)(result + TPM_ST_Marshal((TPM_ST *)&(source->tag), buffer, size)); + result = (UINT16)(result + TPMI_RH_HIERARCHY_Marshal((TPMI_RH_HIERARCHY *)&(source->hierarchy), buffer, size)); + result = (UINT16)(result + TPM2B_DIGEST_Marshal((TPM2B_DIGEST *)&(source->digest), buffer, size)); + return result; +} + +// Table 2:97 - Definition of TPMT_TK_HASHCHECK Structure +TPM_RC +TPMT_TK_HASHCHECK_Unmarshal(TPMT_TK_HASHCHECK *target, BYTE **buffer, INT32 *size) +{ + TPM_RC result; + result = TPM_ST_Unmarshal((TPM_ST *)&(target->tag), buffer, size); + if( (result == TPM_RC_SUCCESS) + && (target->tag != TPM_ST_HASHCHECK)) + result = TPM_RC_TAG; + if(result == TPM_RC_SUCCESS) + result = TPMI_RH_HIERARCHY_Unmarshal((TPMI_RH_HIERARCHY *)&(target->hierarchy), buffer, size, 1); + if(result == TPM_RC_SUCCESS) + result = TPM2B_DIGEST_Unmarshal((TPM2B_DIGEST *)&(target->digest), buffer, size); + return result; +} +UINT16 +TPMT_TK_HASHCHECK_Marshal(TPMT_TK_HASHCHECK *source, BYTE **buffer, INT32 *size) +{ + UINT16 result = 0; + result = (UINT16)(result + TPM_ST_Marshal((TPM_ST *)&(source->tag), buffer, size)); + result = (UINT16)(result + TPMI_RH_HIERARCHY_Marshal((TPMI_RH_HIERARCHY *)&(source->hierarchy), buffer, size)); + result = (UINT16)(result + TPM2B_DIGEST_Marshal((TPM2B_DIGEST *)&(source->digest), buffer, size)); + return result; +} + +// Table 2:98 - Definition of TPMS_ALG_PROPERTY Structure +UINT16 +TPMS_ALG_PROPERTY_Marshal(TPMS_ALG_PROPERTY *source, BYTE **buffer, INT32 *size) +{ + UINT16 result = 0; + result = (UINT16)(result + TPM_ALG_ID_Marshal((TPM_ALG_ID *)&(source->alg), buffer, size)); + result = (UINT16)(result + TPMA_ALGORITHM_Marshal((TPMA_ALGORITHM *)&(source->algProperties), buffer, size)); + return result; +} + +// Table 2:99 - Definition of TPMS_TAGGED_PROPERTY Structure +UINT16 +TPMS_TAGGED_PROPERTY_Marshal(TPMS_TAGGED_PROPERTY *source, BYTE **buffer, INT32 *size) +{ + UINT16 result = 0; + result = (UINT16)(result + TPM_PT_Marshal((TPM_PT *)&(source->property), buffer, size)); + result = (UINT16)(result + UINT32_Marshal((UINT32 *)&(source->value), buffer, size)); + return result; +} + +// Table 2:100 - Definition of TPMS_TAGGED_PCR_SELECT Structure +UINT16 +TPMS_TAGGED_PCR_SELECT_Marshal(TPMS_TAGGED_PCR_SELECT *source, BYTE **buffer, INT32 *size) +{ + UINT16 result = 0; + result = (UINT16)(result + TPM_PT_PCR_Marshal((TPM_PT_PCR *)&(source->tag), buffer, size)); + result = (UINT16)(result + UINT8_Marshal((UINT8 *)&(source->sizeofSelect), buffer, size)); + result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->pcrSelect), buffer, size, (INT32)(source->sizeofSelect))); + return result; +} + +// Table 2:101 - Definition of TPMS_TAGGED_POLICY Structure +UINT16 +TPMS_TAGGED_POLICY_Marshal(TPMS_TAGGED_POLICY *source, BYTE **buffer, INT32 *size) +{ + UINT16 result = 0; + result = (UINT16)(result + TPM_HANDLE_Marshal((TPM_HANDLE *)&(source->handle), buffer, size)); + result = (UINT16)(result + TPMT_HA_Marshal((TPMT_HA *)&(source->policyHash), buffer, size)); + return result; +} + +// Table 2:102 - Definition of TPML_CC Structure +TPM_RC +TPML_CC_Unmarshal(TPML_CC *target, BYTE **buffer, INT32 *size) +{ + TPM_RC result; + result = UINT32_Unmarshal((UINT32 *)&(target->count), buffer, size); + if(result == TPM_RC_SUCCESS) + { + if((target->count) > MAX_CAP_CC) + result = TPM_RC_SIZE; + else + result = TPM_CC_Array_Unmarshal((TPM_CC *)(target->commandCodes), buffer, size, (INT32)(target->count)); + } + return result; +} +UINT16 +TPML_CC_Marshal(TPML_CC *source, BYTE **buffer, INT32 *size) +{ + UINT16 result = 0; + result = (UINT16)(result + UINT32_Marshal((UINT32 *)&(source->count), buffer, size)); + result = (UINT16)(result + TPM_CC_Array_Marshal((TPM_CC *)(source->commandCodes), buffer, size, (INT32)(source->count))); + return result; +} + +// Table 2:103 - Definition of TPML_CCA Structure +UINT16 +TPML_CCA_Marshal(TPML_CCA *source, BYTE **buffer, INT32 *size) +{ + UINT16 result = 0; + result = (UINT16)(result + UINT32_Marshal((UINT32 *)&(source->count), buffer, size)); + result = (UINT16)(result + TPMA_CC_Array_Marshal((TPMA_CC *)(source->commandAttributes), buffer, size, (INT32)(source->count))); + return result; +} + +// Table 2:104 - Definition of TPML_ALG Structure +TPM_RC +TPML_ALG_Unmarshal(TPML_ALG *target, BYTE **buffer, INT32 *size) +{ + TPM_RC result; + result = UINT32_Unmarshal((UINT32 *)&(target->count), buffer, size); + if(result == TPM_RC_SUCCESS) + { + if((target->count) > MAX_ALG_LIST_SIZE) + result = TPM_RC_SIZE; + else + result = TPM_ALG_ID_Array_Unmarshal((TPM_ALG_ID *)(target->algorithms), buffer, size, (INT32)(target->count)); + } + return result; +} +UINT16 +TPML_ALG_Marshal(TPML_ALG *source, BYTE **buffer, INT32 *size) +{ + UINT16 result = 0; + result = (UINT16)(result + UINT32_Marshal((UINT32 *)&(source->count), buffer, size)); + result = (UINT16)(result + TPM_ALG_ID_Array_Marshal((TPM_ALG_ID *)(source->algorithms), buffer, size, (INT32)(source->count))); + return result; +} + +// Table 2:105 - Definition of TPML_HANDLE Structure +UINT16 +TPML_HANDLE_Marshal(TPML_HANDLE *source, BYTE **buffer, INT32 *size) +{ + UINT16 result = 0; + result = (UINT16)(result + UINT32_Marshal((UINT32 *)&(source->count), buffer, size)); + result = (UINT16)(result + TPM_HANDLE_Array_Marshal((TPM_HANDLE *)(source->handle), buffer, size, (INT32)(source->count))); + return result; +} + +// Table 2:106 - Definition of TPML_DIGEST Structure +TPM_RC +TPML_DIGEST_Unmarshal(TPML_DIGEST *target, BYTE **buffer, INT32 *size) +{ + TPM_RC result; + result = UINT32_Unmarshal((UINT32 *)&(target->count), buffer, size); + if( (result == TPM_RC_SUCCESS) + && (target->count < 2)) + result = TPM_RC_SIZE; + if(result == TPM_RC_SUCCESS) + { + if((target->count) > 8) + result = TPM_RC_SIZE; + else + result = TPM2B_DIGEST_Array_Unmarshal((TPM2B_DIGEST *)(target->digests), buffer, size, (INT32)(target->count)); + } + return result; +} +UINT16 +TPML_DIGEST_Marshal(TPML_DIGEST *source, BYTE **buffer, INT32 *size) +{ + UINT16 result = 0; + result = (UINT16)(result + UINT32_Marshal((UINT32 *)&(source->count), buffer, size)); + result = (UINT16)(result + TPM2B_DIGEST_Array_Marshal((TPM2B_DIGEST *)(source->digests), buffer, size, (INT32)(source->count))); + return result; +} + +// Table 2:107 - Definition of TPML_DIGEST_VALUES Structure +TPM_RC +TPML_DIGEST_VALUES_Unmarshal(TPML_DIGEST_VALUES *target, BYTE **buffer, INT32 *size) +{ + TPM_RC result; + result = UINT32_Unmarshal((UINT32 *)&(target->count), buffer, size); + if(result == TPM_RC_SUCCESS) + { + if((target->count) > HASH_COUNT) + result = TPM_RC_SIZE; + else + result = TPMT_HA_Array_Unmarshal((TPMT_HA *)(target->digests), buffer, size, 0, (INT32)(target->count)); + } + return result; +} +UINT16 +TPML_DIGEST_VALUES_Marshal(TPML_DIGEST_VALUES *source, BYTE **buffer, INT32 *size) +{ + UINT16 result = 0; + result = (UINT16)(result + UINT32_Marshal((UINT32 *)&(source->count), buffer, size)); + result = (UINT16)(result + TPMT_HA_Array_Marshal((TPMT_HA *)(source->digests), buffer, size, (INT32)(source->count))); + return result; +} + +// Table 2:108 - Definition of TPML_PCR_SELECTION Structure +TPM_RC +TPML_PCR_SELECTION_Unmarshal(TPML_PCR_SELECTION *target, BYTE **buffer, INT32 *size) +{ + TPM_RC result; + result = UINT32_Unmarshal((UINT32 *)&(target->count), buffer, size); + if(result == TPM_RC_SUCCESS) + { + if((target->count) > HASH_COUNT) + result = TPM_RC_SIZE; + else + result = TPMS_PCR_SELECTION_Array_Unmarshal((TPMS_PCR_SELECTION *)(target->pcrSelections), buffer, size, (INT32)(target->count)); + } + return result; +} +UINT16 +TPML_PCR_SELECTION_Marshal(TPML_PCR_SELECTION *source, BYTE **buffer, INT32 *size) +{ + UINT16 result = 0; + result = (UINT16)(result + UINT32_Marshal((UINT32 *)&(source->count), buffer, size)); + result = (UINT16)(result + TPMS_PCR_SELECTION_Array_Marshal((TPMS_PCR_SELECTION *)(source->pcrSelections), buffer, size, (INT32)(source->count))); + return result; +} + +// Table 2:109 - Definition of TPML_ALG_PROPERTY Structure +UINT16 +TPML_ALG_PROPERTY_Marshal(TPML_ALG_PROPERTY *source, BYTE **buffer, INT32 *size) +{ + UINT16 result = 0; + result = (UINT16)(result + UINT32_Marshal((UINT32 *)&(source->count), buffer, size)); + result = (UINT16)(result + TPMS_ALG_PROPERTY_Array_Marshal((TPMS_ALG_PROPERTY *)(source->algProperties), buffer, size, (INT32)(source->count))); + return result; +} + +// Table 2:110 - Definition of TPML_TAGGED_TPM_PROPERTY Structure +UINT16 +TPML_TAGGED_TPM_PROPERTY_Marshal(TPML_TAGGED_TPM_PROPERTY *source, BYTE **buffer, INT32 *size) +{ + UINT16 result = 0; + result = (UINT16)(result + UINT32_Marshal((UINT32 *)&(source->count), buffer, size)); + result = (UINT16)(result + TPMS_TAGGED_PROPERTY_Array_Marshal((TPMS_TAGGED_PROPERTY *)(source->tpmProperty), buffer, size, (INT32)(source->count))); + return result; +} + +// Table 2:111 - Definition of TPML_TAGGED_PCR_PROPERTY Structure +UINT16 +TPML_TAGGED_PCR_PROPERTY_Marshal(TPML_TAGGED_PCR_PROPERTY *source, BYTE **buffer, INT32 *size) +{ + UINT16 result = 0; + result = (UINT16)(result + UINT32_Marshal((UINT32 *)&(source->count), buffer, size)); + result = (UINT16)(result + TPMS_TAGGED_PCR_SELECT_Array_Marshal((TPMS_TAGGED_PCR_SELECT *)(source->pcrProperty), buffer, size, (INT32)(source->count))); + return result; +} + +// Table 2:112 - Definition of TPML_ECC_CURVE Structure +#if ALG_ECC +UINT16 +TPML_ECC_CURVE_Marshal(TPML_ECC_CURVE *source, BYTE **buffer, INT32 *size) +{ + UINT16 result = 0; + result = (UINT16)(result + UINT32_Marshal((UINT32 *)&(source->count), buffer, size)); + result = (UINT16)(result + TPM_ECC_CURVE_Array_Marshal((TPM_ECC_CURVE *)(source->eccCurves), buffer, size, (INT32)(source->count))); + return result; +} +#endif // ALG_ECC + +// Table 2:113 - Definition of TPML_TAGGED_POLICY Structure +UINT16 +TPML_TAGGED_POLICY_Marshal(TPML_TAGGED_POLICY *source, BYTE **buffer, INT32 *size) +{ + UINT16 result = 0; + result = (UINT16)(result + UINT32_Marshal((UINT32 *)&(source->count), buffer, size)); + result = (UINT16)(result + TPMS_TAGGED_POLICY_Array_Marshal((TPMS_TAGGED_POLICY *)(source->policies), buffer, size, (INT32)(source->count))); + return result; +} + +// Table 2:114 - Definition of TPMU_CAPABILITIES Union +UINT16 +TPMU_CAPABILITIES_Marshal(TPMU_CAPABILITIES *source, BYTE **buffer, INT32 *size, UINT32 selector) +{ + switch(selector) { + case TPM_CAP_ALGS: + return TPML_ALG_PROPERTY_Marshal((TPML_ALG_PROPERTY *)&(source->algorithms), buffer, size); + case TPM_CAP_HANDLES: + return TPML_HANDLE_Marshal((TPML_HANDLE *)&(source->handles), buffer, size); + case TPM_CAP_COMMANDS: + return TPML_CCA_Marshal((TPML_CCA *)&(source->command), buffer, size); + case TPM_CAP_PP_COMMANDS: + return TPML_CC_Marshal((TPML_CC *)&(source->ppCommands), buffer, size); + case TPM_CAP_AUDIT_COMMANDS: + return TPML_CC_Marshal((TPML_CC *)&(source->auditCommands), buffer, size); + case TPM_CAP_PCRS: + return TPML_PCR_SELECTION_Marshal((TPML_PCR_SELECTION *)&(source->assignedPCR), buffer, size); + case TPM_CAP_TPM_PROPERTIES: + return TPML_TAGGED_TPM_PROPERTY_Marshal((TPML_TAGGED_TPM_PROPERTY *)&(source->tpmProperties), buffer, size); + case TPM_CAP_PCR_PROPERTIES: + return TPML_TAGGED_PCR_PROPERTY_Marshal((TPML_TAGGED_PCR_PROPERTY *)&(source->pcrProperties), buffer, size); +#if ALG_ECC + case TPM_CAP_ECC_CURVES: + return TPML_ECC_CURVE_Marshal((TPML_ECC_CURVE *)&(source->eccCurves), buffer, size); +#endif // ALG_ECC + case TPM_CAP_AUTH_POLICIES: + return TPML_TAGGED_POLICY_Marshal((TPML_TAGGED_POLICY *)&(source->authPolicies), buffer, size); + } + return 0; +} + +// Table 2:115 - Definition of TPMS_CAPABILITY_DATA Structure +UINT16 +TPMS_CAPABILITY_DATA_Marshal(TPMS_CAPABILITY_DATA *source, BYTE **buffer, INT32 *size) +{ + UINT16 result = 0; + result = (UINT16)(result + TPM_CAP_Marshal((TPM_CAP *)&(source->capability), buffer, size)); + result = (UINT16)(result + TPMU_CAPABILITIES_Marshal((TPMU_CAPABILITIES *)&(source->data), buffer, size, (UINT32)source->capability)); + return result; +} + +// Table 2:116 - Definition of TPMS_CLOCK_INFO Structure +TPM_RC +TPMS_CLOCK_INFO_Unmarshal(TPMS_CLOCK_INFO *target, BYTE **buffer, INT32 *size) +{ + TPM_RC result; + result = UINT64_Unmarshal((UINT64 *)&(target->clock), buffer, size); + if(result == TPM_RC_SUCCESS) + result = UINT32_Unmarshal((UINT32 *)&(target->resetCount), buffer, size); + if(result == TPM_RC_SUCCESS) + result = UINT32_Unmarshal((UINT32 *)&(target->restartCount), buffer, size); + if(result == TPM_RC_SUCCESS) + result = TPMI_YES_NO_Unmarshal((TPMI_YES_NO *)&(target->safe), buffer, size); + return result; +} +UINT16 +TPMS_CLOCK_INFO_Marshal(TPMS_CLOCK_INFO *source, BYTE **buffer, INT32 *size) +{ + UINT16 result = 0; + result = (UINT16)(result + UINT64_Marshal((UINT64 *)&(source->clock), buffer, size)); + result = (UINT16)(result + UINT32_Marshal((UINT32 *)&(source->resetCount), buffer, size)); + result = (UINT16)(result + UINT32_Marshal((UINT32 *)&(source->restartCount), buffer, size)); + result = (UINT16)(result + TPMI_YES_NO_Marshal((TPMI_YES_NO *)&(source->safe), buffer, size)); + return result; +} + +// Table 2:117 - Definition of TPMS_TIME_INFO Structure +TPM_RC +TPMS_TIME_INFO_Unmarshal(TPMS_TIME_INFO *target, BYTE **buffer, INT32 *size) +{ + TPM_RC result; + result = UINT64_Unmarshal((UINT64 *)&(target->time), buffer, size); + if(result == TPM_RC_SUCCESS) + result = TPMS_CLOCK_INFO_Unmarshal((TPMS_CLOCK_INFO *)&(target->clockInfo), buffer, size); + return result; +} +UINT16 +TPMS_TIME_INFO_Marshal(TPMS_TIME_INFO *source, BYTE **buffer, INT32 *size) +{ + UINT16 result = 0; + result = (UINT16)(result + UINT64_Marshal((UINT64 *)&(source->time), buffer, size)); + result = (UINT16)(result + TPMS_CLOCK_INFO_Marshal((TPMS_CLOCK_INFO *)&(source->clockInfo), buffer, size)); + return result; +} + +// Table 2:118 - Definition of TPMS_TIME_ATTEST_INFO Structure +UINT16 +TPMS_TIME_ATTEST_INFO_Marshal(TPMS_TIME_ATTEST_INFO *source, BYTE **buffer, INT32 *size) +{ + UINT16 result = 0; + result = (UINT16)(result + TPMS_TIME_INFO_Marshal((TPMS_TIME_INFO *)&(source->time), buffer, size)); + result = (UINT16)(result + UINT64_Marshal((UINT64 *)&(source->firmwareVersion), buffer, size)); + return result; +} + +// Table 2:119 - Definition of TPMS_CERTIFY_INFO Structure +UINT16 +TPMS_CERTIFY_INFO_Marshal(TPMS_CERTIFY_INFO *source, BYTE **buffer, INT32 *size) +{ + UINT16 result = 0; + result = (UINT16)(result + TPM2B_NAME_Marshal((TPM2B_NAME *)&(source->name), buffer, size)); + result = (UINT16)(result + TPM2B_NAME_Marshal((TPM2B_NAME *)&(source->qualifiedName), buffer, size)); + return result; +} + +// Table 2:120 - Definition of TPMS_QUOTE_INFO Structure +UINT16 +TPMS_QUOTE_INFO_Marshal(TPMS_QUOTE_INFO *source, BYTE **buffer, INT32 *size) +{ + UINT16 result = 0; + result = (UINT16)(result + TPML_PCR_SELECTION_Marshal((TPML_PCR_SELECTION *)&(source->pcrSelect), buffer, size)); + result = (UINT16)(result + TPM2B_DIGEST_Marshal((TPM2B_DIGEST *)&(source->pcrDigest), buffer, size)); + return result; +} + +// Table 2:121 - Definition of TPMS_COMMAND_AUDIT_INFO Structure +UINT16 +TPMS_COMMAND_AUDIT_INFO_Marshal(TPMS_COMMAND_AUDIT_INFO *source, BYTE **buffer, INT32 *size) +{ + UINT16 result = 0; + result = (UINT16)(result + UINT64_Marshal((UINT64 *)&(source->auditCounter), buffer, size)); + result = (UINT16)(result + TPM_ALG_ID_Marshal((TPM_ALG_ID *)&(source->digestAlg), buffer, size)); + result = (UINT16)(result + TPM2B_DIGEST_Marshal((TPM2B_DIGEST *)&(source->auditDigest), buffer, size)); + result = (UINT16)(result + TPM2B_DIGEST_Marshal((TPM2B_DIGEST *)&(source->commandDigest), buffer, size)); + return result; +} + +// Table 2:122 - Definition of TPMS_SESSION_AUDIT_INFO Structure +UINT16 +TPMS_SESSION_AUDIT_INFO_Marshal(TPMS_SESSION_AUDIT_INFO *source, BYTE **buffer, INT32 *size) +{ + UINT16 result = 0; + result = (UINT16)(result + TPMI_YES_NO_Marshal((TPMI_YES_NO *)&(source->exclusiveSession), buffer, size)); + result = (UINT16)(result + TPM2B_DIGEST_Marshal((TPM2B_DIGEST *)&(source->sessionDigest), buffer, size)); + return result; +} + +// Table 2:123 - Definition of TPMS_CREATION_INFO Structure +UINT16 +TPMS_CREATION_INFO_Marshal(TPMS_CREATION_INFO *source, BYTE **buffer, INT32 *size) +{ + UINT16 result = 0; + result = (UINT16)(result + TPM2B_NAME_Marshal((TPM2B_NAME *)&(source->objectName), buffer, size)); + result = (UINT16)(result + TPM2B_DIGEST_Marshal((TPM2B_DIGEST *)&(source->creationHash), buffer, size)); + return result; +} + +// Table 2:124 - Definition of TPMS_NV_CERTIFY_INFO Structure +UINT16 +TPMS_NV_CERTIFY_INFO_Marshal(TPMS_NV_CERTIFY_INFO *source, BYTE **buffer, INT32 *size) +{ + UINT16 result = 0; + result = (UINT16)(result + TPM2B_NAME_Marshal((TPM2B_NAME *)&(source->indexName), buffer, size)); + result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->offset), buffer, size)); + result = (UINT16)(result + TPM2B_MAX_NV_BUFFER_Marshal((TPM2B_MAX_NV_BUFFER *)&(source->nvContents), buffer, size)); + return result; +} + +// Table 2:125 - Definition of TPMS_NV_DIGEST_CERTIFY_INFO Structure +UINT16 +TPMS_NV_DIGEST_CERTIFY_INFO_Marshal(TPMS_NV_DIGEST_CERTIFY_INFO *source, BYTE **buffer, INT32 *size) +{ + UINT16 result = 0; + result = (UINT16)(result + TPM2B_NAME_Marshal((TPM2B_NAME *)&(source->indexName), buffer, size)); + result = (UINT16)(result + TPM2B_DIGEST_Marshal((TPM2B_DIGEST *)&(source->nvDigest), buffer, size)); + return result; +} + +// Table 2:126 - Definition of TPMI_ST_ATTEST Type +#if !USE_MARSHALING_DEFINES +UINT16 +TPMI_ST_ATTEST_Marshal(TPMI_ST_ATTEST *source, BYTE **buffer, INT32 *size) +{ + return TPM_ST_Marshal((TPM_ST *)source, buffer, size); +} +#endif // !USE_MARSHALING_DEFINES + +// Table 2:127 - Definition of TPMU_ATTEST Union +UINT16 +TPMU_ATTEST_Marshal(TPMU_ATTEST *source, BYTE **buffer, INT32 *size, UINT32 selector) +{ + switch(selector) { + case TPM_ST_ATTEST_CERTIFY: + return TPMS_CERTIFY_INFO_Marshal((TPMS_CERTIFY_INFO *)&(source->certify), buffer, size); + case TPM_ST_ATTEST_CREATION: + return TPMS_CREATION_INFO_Marshal((TPMS_CREATION_INFO *)&(source->creation), buffer, size); + case TPM_ST_ATTEST_QUOTE: + return TPMS_QUOTE_INFO_Marshal((TPMS_QUOTE_INFO *)&(source->quote), buffer, size); + case TPM_ST_ATTEST_COMMAND_AUDIT: + return TPMS_COMMAND_AUDIT_INFO_Marshal((TPMS_COMMAND_AUDIT_INFO *)&(source->commandAudit), buffer, size); + case TPM_ST_ATTEST_SESSION_AUDIT: + return TPMS_SESSION_AUDIT_INFO_Marshal((TPMS_SESSION_AUDIT_INFO *)&(source->sessionAudit), buffer, size); + case TPM_ST_ATTEST_TIME: + return TPMS_TIME_ATTEST_INFO_Marshal((TPMS_TIME_ATTEST_INFO *)&(source->time), buffer, size); + case TPM_ST_ATTEST_NV: + return TPMS_NV_CERTIFY_INFO_Marshal((TPMS_NV_CERTIFY_INFO *)&(source->nv), buffer, size); + case TPM_ST_ATTEST_NV_DIGEST: + return TPMS_NV_DIGEST_CERTIFY_INFO_Marshal((TPMS_NV_DIGEST_CERTIFY_INFO *)&(source->nvDigest), buffer, size); + } + return 0; +} + +// Table 2:128 - Definition of TPMS_ATTEST Structure +UINT16 +TPMS_ATTEST_Marshal(TPMS_ATTEST *source, BYTE **buffer, INT32 *size) +{ + UINT16 result = 0; + result = (UINT16)(result + TPM_GENERATED_Marshal((TPM_GENERATED *)&(source->magic), buffer, size)); + result = (UINT16)(result + TPMI_ST_ATTEST_Marshal((TPMI_ST_ATTEST *)&(source->type), buffer, size)); + result = (UINT16)(result + TPM2B_NAME_Marshal((TPM2B_NAME *)&(source->qualifiedSigner), buffer, size)); + result = (UINT16)(result + TPM2B_DATA_Marshal((TPM2B_DATA *)&(source->extraData), buffer, size)); + result = (UINT16)(result + TPMS_CLOCK_INFO_Marshal((TPMS_CLOCK_INFO *)&(source->clockInfo), buffer, size)); + result = (UINT16)(result + UINT64_Marshal((UINT64 *)&(source->firmwareVersion), buffer, size)); + result = (UINT16)(result + TPMU_ATTEST_Marshal((TPMU_ATTEST *)&(source->attested), buffer, size, (UINT32)source->type)); + return result; +} + +// Table 2:129 - Definition of TPM2B_ATTEST Structure +UINT16 +TPM2B_ATTEST_Marshal(TPM2B_ATTEST *source, BYTE **buffer, INT32 *size) +{ + UINT16 result = 0; + result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->t.size), buffer, size)); + // if size equal to 0, the rest of the structure is a zero buffer. Stop processing + if(source->t.size == 0) + return result; + result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->t.attestationData), buffer, size, (INT32)(source->t.size))); + return result; +} + +// Table 2:130 - Definition of TPMS_AUTH_COMMAND Structure +TPM_RC +TPMS_AUTH_COMMAND_Unmarshal(TPMS_AUTH_COMMAND *target, BYTE **buffer, INT32 *size) +{ + TPM_RC result; + result = TPMI_SH_AUTH_SESSION_Unmarshal((TPMI_SH_AUTH_SESSION *)&(target->sessionHandle), buffer, size, 1); + if(result == TPM_RC_SUCCESS) + result = TPM2B_NONCE_Unmarshal((TPM2B_NONCE *)&(target->nonce), buffer, size); + if(result == TPM_RC_SUCCESS) + result = TPMA_SESSION_Unmarshal((TPMA_SESSION *)&(target->sessionAttributes), buffer, size); + if(result == TPM_RC_SUCCESS) + result = TPM2B_AUTH_Unmarshal((TPM2B_AUTH *)&(target->hmac), buffer, size); + return result; +} + +// Table 2:131 - Definition of TPMS_AUTH_RESPONSE Structure +UINT16 +TPMS_AUTH_RESPONSE_Marshal(TPMS_AUTH_RESPONSE *source, BYTE **buffer, INT32 *size) +{ + UINT16 result = 0; + result = (UINT16)(result + TPM2B_NONCE_Marshal((TPM2B_NONCE *)&(source->nonce), buffer, size)); + result = (UINT16)(result + TPMA_SESSION_Marshal((TPMA_SESSION *)&(source->sessionAttributes), buffer, size)); + result = (UINT16)(result + TPM2B_AUTH_Marshal((TPM2B_AUTH *)&(source->hmac), buffer, size)); + return result; +} + +// Table 2:132 - Definition of TPMI_TDES_KEY_BITS Type +#if ALG_TDES +TPM_RC +TPMI_TDES_KEY_BITS_Unmarshal(TPMI_TDES_KEY_BITS *target, BYTE **buffer, INT32 *size) +{ + TPM_RC result; + result = TPM_KEY_BITS_Unmarshal((TPM_KEY_BITS *)target, buffer, size); + if(result == TPM_RC_SUCCESS) + { + switch (*target) + { +#if TDES_128 + case 128: +#endif // TDES_128 +#if TDES_192 + case 192: +#endif // TDES_192 + break; + default: + result = TPM_RC_VALUE; + break; + } + } + return result; +} +#if !USE_MARSHALING_DEFINES +UINT16 +TPMI_TDES_KEY_BITS_Marshal(TPMI_TDES_KEY_BITS *source, BYTE **buffer, INT32 *size) +{ + return TPM_KEY_BITS_Marshal((TPM_KEY_BITS *)source, buffer, size); +} +#endif // !USE_MARSHALING_DEFINES +#endif // ALG_TDES + +// Table 2:132 - Definition of TPMI_AES_KEY_BITS Type +#if ALG_AES +TPM_RC +TPMI_AES_KEY_BITS_Unmarshal(TPMI_AES_KEY_BITS *target, BYTE **buffer, INT32 *size) +{ + TPM_RC result; + result = TPM_KEY_BITS_Unmarshal((TPM_KEY_BITS *)target, buffer, size); + if(result == TPM_RC_SUCCESS) + { + switch (*target) + { +#if AES_128 + case 128: +#endif // AES_128 +#if AES_192 + case 192: +#endif // AES_192 +#if AES_256 + case 256: +#endif // AES_256 + break; + default: + result = TPM_RC_VALUE; + break; + } + } + return result; +} +#if !USE_MARSHALING_DEFINES +UINT16 +TPMI_AES_KEY_BITS_Marshal(TPMI_AES_KEY_BITS *source, BYTE **buffer, INT32 *size) +{ + return TPM_KEY_BITS_Marshal((TPM_KEY_BITS *)source, buffer, size); +} +#endif // !USE_MARSHALING_DEFINES +#endif // ALG_AES + +// Table 2:132 - Definition of TPMI_SM4_KEY_BITS Type +#if ALG_SM4 +TPM_RC +TPMI_SM4_KEY_BITS_Unmarshal(TPMI_SM4_KEY_BITS *target, BYTE **buffer, INT32 *size) +{ + TPM_RC result; + result = TPM_KEY_BITS_Unmarshal((TPM_KEY_BITS *)target, buffer, size); + if(result == TPM_RC_SUCCESS) + { + switch (*target) + { +#if SM4_128 + case 128: +#endif // SM4_128 + break; + default: + result = TPM_RC_VALUE; + break; + } + } + return result; +} +#if !USE_MARSHALING_DEFINES +UINT16 +TPMI_SM4_KEY_BITS_Marshal(TPMI_SM4_KEY_BITS *source, BYTE **buffer, INT32 *size) +{ + return TPM_KEY_BITS_Marshal((TPM_KEY_BITS *)source, buffer, size); +} +#endif // !USE_MARSHALING_DEFINES +#endif // ALG_SM4 + +// Table 2:132 - Definition of TPMI_CAMELLIA_KEY_BITS Type +#if ALG_CAMELLIA +TPM_RC +TPMI_CAMELLIA_KEY_BITS_Unmarshal(TPMI_CAMELLIA_KEY_BITS *target, BYTE **buffer, INT32 *size) +{ + TPM_RC result; + result = TPM_KEY_BITS_Unmarshal((TPM_KEY_BITS *)target, buffer, size); + if(result == TPM_RC_SUCCESS) + { + switch (*target) + { +#if CAMELLIA_128 + case 128: +#endif // CAMELLIA_128 +#if CAMELLIA_192 + case 192: +#endif // CAMELLIA_192 +#if CAMELLIA_256 + case 256: +#endif // CAMELLIA_256 + break; + default: + result = TPM_RC_VALUE; + break; + } + } + return result; +} +#if !USE_MARSHALING_DEFINES +UINT16 +TPMI_CAMELLIA_KEY_BITS_Marshal(TPMI_CAMELLIA_KEY_BITS *source, BYTE **buffer, INT32 *size) +{ + return TPM_KEY_BITS_Marshal((TPM_KEY_BITS *)source, buffer, size); +} +#endif // !USE_MARSHALING_DEFINES +#endif // ALG_CAMELLIA + +// Table 2:133 - Definition of TPMU_SYM_KEY_BITS Union +TPM_RC +TPMU_SYM_KEY_BITS_Unmarshal(TPMU_SYM_KEY_BITS *target, BYTE **buffer, INT32 *size, UINT32 selector) +{ + switch(selector) { +#if ALG_TDES + case ALG_TDES_VALUE: + return TPMI_TDES_KEY_BITS_Unmarshal((TPMI_TDES_KEY_BITS *)&(target->tdes), buffer, size); +#endif // ALG_TDES +#if ALG_AES + case ALG_AES_VALUE: + return TPMI_AES_KEY_BITS_Unmarshal((TPMI_AES_KEY_BITS *)&(target->aes), buffer, size); +#endif // ALG_AES +#if ALG_SM4 + case ALG_SM4_VALUE: + return TPMI_SM4_KEY_BITS_Unmarshal((TPMI_SM4_KEY_BITS *)&(target->sm4), buffer, size); +#endif // ALG_SM4 +#if ALG_CAMELLIA + case ALG_CAMELLIA_VALUE: + return TPMI_CAMELLIA_KEY_BITS_Unmarshal((TPMI_CAMELLIA_KEY_BITS *)&(target->camellia), buffer, size); +#endif // ALG_CAMELLIA +#if ALG_XOR + case ALG_XOR_VALUE: + return TPMI_ALG_HASH_Unmarshal((TPMI_ALG_HASH *)&(target->xor), buffer, size, 0); +#endif // ALG_XOR + case ALG_NULL_VALUE: + return TPM_RC_SUCCESS; + } + return TPM_RC_SELECTOR; +} +UINT16 +TPMU_SYM_KEY_BITS_Marshal(TPMU_SYM_KEY_BITS *source, BYTE **buffer, INT32 *size, UINT32 selector) +{ + switch(selector) { +#if ALG_TDES + case ALG_TDES_VALUE: + return TPMI_TDES_KEY_BITS_Marshal((TPMI_TDES_KEY_BITS *)&(source->tdes), buffer, size); +#endif // ALG_TDES +#if ALG_AES + case ALG_AES_VALUE: + return TPMI_AES_KEY_BITS_Marshal((TPMI_AES_KEY_BITS *)&(source->aes), buffer, size); +#endif // ALG_AES +#if ALG_SM4 + case ALG_SM4_VALUE: + return TPMI_SM4_KEY_BITS_Marshal((TPMI_SM4_KEY_BITS *)&(source->sm4), buffer, size); +#endif // ALG_SM4 +#if ALG_CAMELLIA + case ALG_CAMELLIA_VALUE: + return TPMI_CAMELLIA_KEY_BITS_Marshal((TPMI_CAMELLIA_KEY_BITS *)&(source->camellia), buffer, size); +#endif // ALG_CAMELLIA +#if ALG_XOR + case ALG_XOR_VALUE: + return TPMI_ALG_HASH_Marshal((TPMI_ALG_HASH *)&(source->xor), buffer, size); +#endif // ALG_XOR + case ALG_NULL_VALUE: + return 0; + } + return 0; +} + +// Table 2:134 - Definition of TPMU_SYM_MODE Union +TPM_RC +TPMU_SYM_MODE_Unmarshal(TPMU_SYM_MODE *target, BYTE **buffer, INT32 *size, UINT32 selector) +{ + switch(selector) { +#if ALG_TDES + case ALG_TDES_VALUE: + return TPMI_ALG_SYM_MODE_Unmarshal((TPMI_ALG_SYM_MODE *)&(target->tdes), buffer, size, 1); +#endif // ALG_TDES +#if ALG_AES + case ALG_AES_VALUE: + return TPMI_ALG_SYM_MODE_Unmarshal((TPMI_ALG_SYM_MODE *)&(target->aes), buffer, size, 1); +#endif // ALG_AES +#if ALG_SM4 + case ALG_SM4_VALUE: + return TPMI_ALG_SYM_MODE_Unmarshal((TPMI_ALG_SYM_MODE *)&(target->sm4), buffer, size, 1); +#endif // ALG_SM4 +#if ALG_CAMELLIA + case ALG_CAMELLIA_VALUE: + return TPMI_ALG_SYM_MODE_Unmarshal((TPMI_ALG_SYM_MODE *)&(target->camellia), buffer, size, 1); +#endif // ALG_CAMELLIA +#if ALG_XOR + case ALG_XOR_VALUE: + return TPM_RC_SUCCESS; +#endif // ALG_XOR + case ALG_NULL_VALUE: + return TPM_RC_SUCCESS; + } + return TPM_RC_SELECTOR; +} +UINT16 +TPMU_SYM_MODE_Marshal(TPMU_SYM_MODE *source, BYTE **buffer, INT32 *size, UINT32 selector) +{ + switch(selector) { +#if ALG_TDES + case ALG_TDES_VALUE: + return TPMI_ALG_SYM_MODE_Marshal((TPMI_ALG_SYM_MODE *)&(source->tdes), buffer, size); +#endif // ALG_TDES +#if ALG_AES + case ALG_AES_VALUE: + return TPMI_ALG_SYM_MODE_Marshal((TPMI_ALG_SYM_MODE *)&(source->aes), buffer, size); +#endif // ALG_AES +#if ALG_SM4 + case ALG_SM4_VALUE: + return TPMI_ALG_SYM_MODE_Marshal((TPMI_ALG_SYM_MODE *)&(source->sm4), buffer, size); +#endif // ALG_SM4 +#if ALG_CAMELLIA + case ALG_CAMELLIA_VALUE: + return TPMI_ALG_SYM_MODE_Marshal((TPMI_ALG_SYM_MODE *)&(source->camellia), buffer, size); +#endif // ALG_CAMELLIA +#if ALG_XOR + case ALG_XOR_VALUE: + return 0; +#endif // ALG_XOR + case ALG_NULL_VALUE: + return 0; + } + return 0; +} + +// Table 2:136 - Definition of TPMT_SYM_DEF Structure +TPM_RC +TPMT_SYM_DEF_Unmarshal(TPMT_SYM_DEF *target, BYTE **buffer, INT32 *size, BOOL flag) +{ + TPM_RC result; + result = TPMI_ALG_SYM_Unmarshal((TPMI_ALG_SYM *)&(target->algorithm), buffer, size, flag); + if(result == TPM_RC_SUCCESS) + result = TPMU_SYM_KEY_BITS_Unmarshal((TPMU_SYM_KEY_BITS *)&(target->keyBits), buffer, size, (UINT32)target->algorithm); + if(result == TPM_RC_SUCCESS) + result = TPMU_SYM_MODE_Unmarshal((TPMU_SYM_MODE *)&(target->mode), buffer, size, (UINT32)target->algorithm); + return result; +} +UINT16 +TPMT_SYM_DEF_Marshal(TPMT_SYM_DEF *source, BYTE **buffer, INT32 *size) +{ + UINT16 result = 0; + result = (UINT16)(result + TPMI_ALG_SYM_Marshal((TPMI_ALG_SYM *)&(source->algorithm), buffer, size)); + result = (UINT16)(result + TPMU_SYM_KEY_BITS_Marshal((TPMU_SYM_KEY_BITS *)&(source->keyBits), buffer, size, (UINT32)source->algorithm)); + result = (UINT16)(result + TPMU_SYM_MODE_Marshal((TPMU_SYM_MODE *)&(source->mode), buffer, size, (UINT32)source->algorithm)); + return result; +} + +// Table 2:137 - Definition of TPMT_SYM_DEF_OBJECT Structure +TPM_RC +TPMT_SYM_DEF_OBJECT_Unmarshal(TPMT_SYM_DEF_OBJECT *target, BYTE **buffer, INT32 *size, BOOL flag) +{ + TPM_RC result; + result = TPMI_ALG_SYM_OBJECT_Unmarshal((TPMI_ALG_SYM_OBJECT *)&(target->algorithm), buffer, size, flag); + if(result == TPM_RC_SUCCESS) + result = TPMU_SYM_KEY_BITS_Unmarshal((TPMU_SYM_KEY_BITS *)&(target->keyBits), buffer, size, (UINT32)target->algorithm); + if(result == TPM_RC_SUCCESS) + result = TPMU_SYM_MODE_Unmarshal((TPMU_SYM_MODE *)&(target->mode), buffer, size, (UINT32)target->algorithm); + return result; +} +UINT16 +TPMT_SYM_DEF_OBJECT_Marshal(TPMT_SYM_DEF_OBJECT *source, BYTE **buffer, INT32 *size) +{ + UINT16 result = 0; + result = (UINT16)(result + TPMI_ALG_SYM_OBJECT_Marshal((TPMI_ALG_SYM_OBJECT *)&(source->algorithm), buffer, size)); + result = (UINT16)(result + TPMU_SYM_KEY_BITS_Marshal((TPMU_SYM_KEY_BITS *)&(source->keyBits), buffer, size, (UINT32)source->algorithm)); + result = (UINT16)(result + TPMU_SYM_MODE_Marshal((TPMU_SYM_MODE *)&(source->mode), buffer, size, (UINT32)source->algorithm)); + return result; +} + +// Table 2:138 - Definition of TPM2B_SYM_KEY Structure +TPM_RC +TPM2B_SYM_KEY_Unmarshal(TPM2B_SYM_KEY *target, BYTE **buffer, INT32 *size) +{ + TPM_RC result; + result = UINT16_Unmarshal((UINT16 *)&(target->t.size), buffer, size); + if(result == TPM_RC_SUCCESS) + { + if((target->t.size) > MAX_SYM_KEY_BYTES) + result = TPM_RC_SIZE; + else + result = BYTE_Array_Unmarshal((BYTE *)(target->t.buffer), buffer, size, (INT32)(target->t.size)); + } + return result; +} +UINT16 +TPM2B_SYM_KEY_Marshal(TPM2B_SYM_KEY *source, BYTE **buffer, INT32 *size) +{ + UINT16 result = 0; + result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->t.size), buffer, size)); + // if size equal to 0, the rest of the structure is a zero buffer. Stop processing + if(source->t.size == 0) + return result; + result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->t.buffer), buffer, size, (INT32)(source->t.size))); + return result; +} + +// Table 2:139 - Definition of TPMS_SYMCIPHER_PARMS Structure +TPM_RC +TPMS_SYMCIPHER_PARMS_Unmarshal(TPMS_SYMCIPHER_PARMS *target, BYTE **buffer, INT32 *size) +{ + return TPMT_SYM_DEF_OBJECT_Unmarshal((TPMT_SYM_DEF_OBJECT *)&(target->sym), buffer, size, 0); +} +UINT16 +TPMS_SYMCIPHER_PARMS_Marshal(TPMS_SYMCIPHER_PARMS *source, BYTE **buffer, INT32 *size) +{ + return TPMT_SYM_DEF_OBJECT_Marshal((TPMT_SYM_DEF_OBJECT *)&(source->sym), buffer, size); +} + +// Table 2:140 - Definition of TPM2B_LABEL Structure +TPM_RC +TPM2B_LABEL_Unmarshal(TPM2B_LABEL *target, BYTE **buffer, INT32 *size) +{ + TPM_RC result; + result = UINT16_Unmarshal((UINT16 *)&(target->t.size), buffer, size); + if(result == TPM_RC_SUCCESS) + { + if((target->t.size) > LABEL_MAX_BUFFER) + result = TPM_RC_SIZE; + else + result = BYTE_Array_Unmarshal((BYTE *)(target->t.buffer), buffer, size, (INT32)(target->t.size)); + } + return result; +} +UINT16 +TPM2B_LABEL_Marshal(TPM2B_LABEL *source, BYTE **buffer, INT32 *size) +{ + UINT16 result = 0; + result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->t.size), buffer, size)); + // if size equal to 0, the rest of the structure is a zero buffer. Stop processing + if(source->t.size == 0) + return result; + result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->t.buffer), buffer, size, (INT32)(source->t.size))); + return result; +} + +// Table 2:141 - Definition of TPMS_DERIVE Structure +TPM_RC +TPMS_DERIVE_Unmarshal(TPMS_DERIVE *target, BYTE **buffer, INT32 *size) +{ + TPM_RC result; + result = TPM2B_LABEL_Unmarshal((TPM2B_LABEL *)&(target->label), buffer, size); + if(result == TPM_RC_SUCCESS) + result = TPM2B_LABEL_Unmarshal((TPM2B_LABEL *)&(target->context), buffer, size); + return result; +} +UINT16 +TPMS_DERIVE_Marshal(TPMS_DERIVE *source, BYTE **buffer, INT32 *size) +{ + UINT16 result = 0; + result = (UINT16)(result + TPM2B_LABEL_Marshal((TPM2B_LABEL *)&(source->label), buffer, size)); + result = (UINT16)(result + TPM2B_LABEL_Marshal((TPM2B_LABEL *)&(source->context), buffer, size)); + return result; +} + +// Table 2:142 - Definition of TPM2B_DERIVE Structure +TPM_RC +TPM2B_DERIVE_Unmarshal(TPM2B_DERIVE *target, BYTE **buffer, INT32 *size) +{ + TPM_RC result; + result = UINT16_Unmarshal((UINT16 *)&(target->t.size), buffer, size); + if(result == TPM_RC_SUCCESS) + { + if((target->t.size) > sizeof(TPMS_DERIVE)) + result = TPM_RC_SIZE; + else + result = BYTE_Array_Unmarshal((BYTE *)(target->t.buffer), buffer, size, (INT32)(target->t.size)); + } + return result; +} +UINT16 +TPM2B_DERIVE_Marshal(TPM2B_DERIVE *source, BYTE **buffer, INT32 *size) +{ + UINT16 result = 0; + result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->t.size), buffer, size)); + // if size equal to 0, the rest of the structure is a zero buffer. Stop processing + if(source->t.size == 0) + return result; + result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->t.buffer), buffer, size, (INT32)(source->t.size))); + return result; +} + +// Table 2:143 - Definition of TPMU_SENSITIVE_CREATE Union +// Table 2:144 - Definition of TPM2B_SENSITIVE_DATA Structure +TPM_RC +TPM2B_SENSITIVE_DATA_Unmarshal(TPM2B_SENSITIVE_DATA *target, BYTE **buffer, INT32 *size) +{ + TPM_RC result; + result = UINT16_Unmarshal((UINT16 *)&(target->t.size), buffer, size); + if(result == TPM_RC_SUCCESS) + { + if((target->t.size) > sizeof(TPMU_SENSITIVE_CREATE)) + result = TPM_RC_SIZE; + else + result = BYTE_Array_Unmarshal((BYTE *)(target->t.buffer), buffer, size, (INT32)(target->t.size)); + } + return result; +} +UINT16 +TPM2B_SENSITIVE_DATA_Marshal(TPM2B_SENSITIVE_DATA *source, BYTE **buffer, INT32 *size) +{ + UINT16 result = 0; + result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->t.size), buffer, size)); + // if size equal to 0, the rest of the structure is a zero buffer. Stop processing + if(source->t.size == 0) + return result; + result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->t.buffer), buffer, size, (INT32)(source->t.size))); + return result; +} + +// Table 2:145 - Definition of TPMS_SENSITIVE_CREATE Structure +TPM_RC +TPMS_SENSITIVE_CREATE_Unmarshal(TPMS_SENSITIVE_CREATE *target, BYTE **buffer, INT32 *size) +{ + TPM_RC result; + result = TPM2B_AUTH_Unmarshal((TPM2B_AUTH *)&(target->userAuth), buffer, size); + if(result == TPM_RC_SUCCESS) + result = TPM2B_SENSITIVE_DATA_Unmarshal((TPM2B_SENSITIVE_DATA *)&(target->data), buffer, size); + return result; +} + +// Table 2:146 - Definition of TPM2B_SENSITIVE_CREATE Structure +TPM_RC +TPM2B_SENSITIVE_CREATE_Unmarshal(TPM2B_SENSITIVE_CREATE *target, BYTE **buffer, INT32 *size) +{ + TPM_RC result; + result = UINT16_Unmarshal((UINT16 *)&(target->size), buffer, size); // =a + if(result == TPM_RC_SUCCESS) + { + // if size is zero, then the required structure is missing + if(target->size == 0) + result = TPM_RC_SIZE; + else + { + INT32 startSize = *size; + result = TPMS_SENSITIVE_CREATE_Unmarshal((TPMS_SENSITIVE_CREATE *)&(target->sensitive), buffer, size); // =b + if(result == TPM_RC_SUCCESS) + { + if(target->size != (startSize - *size)) + result = TPM_RC_SIZE; + } + } + } + return result; +} + +// Table 2:147 - Definition of TPMS_SCHEME_HASH Structure +TPM_RC +TPMS_SCHEME_HASH_Unmarshal(TPMS_SCHEME_HASH *target, BYTE **buffer, INT32 *size) +{ + return TPMI_ALG_HASH_Unmarshal((TPMI_ALG_HASH *)&(target->hashAlg), buffer, size, 0); +} +UINT16 +TPMS_SCHEME_HASH_Marshal(TPMS_SCHEME_HASH *source, BYTE **buffer, INT32 *size) +{ + return TPMI_ALG_HASH_Marshal((TPMI_ALG_HASH *)&(source->hashAlg), buffer, size); +} + +// Table 2:148 - Definition of TPMS_SCHEME_ECDAA Structure +#if ALG_ECC +TPM_RC +TPMS_SCHEME_ECDAA_Unmarshal(TPMS_SCHEME_ECDAA *target, BYTE **buffer, INT32 *size) +{ + TPM_RC result; + result = TPMI_ALG_HASH_Unmarshal((TPMI_ALG_HASH *)&(target->hashAlg), buffer, size, 0); + if(result == TPM_RC_SUCCESS) + result = UINT16_Unmarshal((UINT16 *)&(target->count), buffer, size); + return result; +} +UINT16 +TPMS_SCHEME_ECDAA_Marshal(TPMS_SCHEME_ECDAA *source, BYTE **buffer, INT32 *size) +{ + UINT16 result = 0; + result = (UINT16)(result + TPMI_ALG_HASH_Marshal((TPMI_ALG_HASH *)&(source->hashAlg), buffer, size)); + result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->count), buffer, size)); + return result; +} +#endif // ALG_ECC + +// Table 2:149 - Definition of TPMI_ALG_KEYEDHASH_SCHEME Type +TPM_RC +TPMI_ALG_KEYEDHASH_SCHEME_Unmarshal(TPMI_ALG_KEYEDHASH_SCHEME *target, BYTE **buffer, INT32 *size, BOOL flag) +{ + TPM_RC result; + result = TPM_ALG_ID_Unmarshal((TPM_ALG_ID *)target, buffer, size); + if(result == TPM_RC_SUCCESS) + { + switch (*target) + { +#if ALG_HMAC + case ALG_HMAC_VALUE: +#endif // ALG_HMAC +#if ALG_XOR + case ALG_XOR_VALUE: +#endif // ALG_XOR + break; + case ALG_NULL_VALUE: + if(!flag) + result = TPM_RC_VALUE; + break; + default: + result = TPM_RC_VALUE; + break; + } + } + return result; +} +#if !USE_MARSHALING_DEFINES +UINT16 +TPMI_ALG_KEYEDHASH_SCHEME_Marshal(TPMI_ALG_KEYEDHASH_SCHEME *source, BYTE **buffer, INT32 *size) +{ + return TPM_ALG_ID_Marshal((TPM_ALG_ID *)source, buffer, size); +} +#endif // !USE_MARSHALING_DEFINES + +// Table 2:150 - Definition of Types for HMAC_SIG_SCHEME +#if !USE_MARSHALING_DEFINES +TPM_RC +TPMS_SCHEME_HMAC_Unmarshal(TPMS_SCHEME_HMAC *target, BYTE **buffer, INT32 *size) +{ + return TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)target, buffer, size); +} +UINT16 +TPMS_SCHEME_HMAC_Marshal(TPMS_SCHEME_HMAC *source, BYTE **buffer, INT32 *size) +{ + return TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)source, buffer, size); +} +#endif // !USE_MARSHALING_DEFINES + +// Table 2:151 - Definition of TPMS_SCHEME_XOR Structure +TPM_RC +TPMS_SCHEME_XOR_Unmarshal(TPMS_SCHEME_XOR *target, BYTE **buffer, INT32 *size) +{ + TPM_RC result; + result = TPMI_ALG_HASH_Unmarshal((TPMI_ALG_HASH *)&(target->hashAlg), buffer, size, 0); + if(result == TPM_RC_SUCCESS) + result = TPMI_ALG_KDF_Unmarshal((TPMI_ALG_KDF *)&(target->kdf), buffer, size, 1); + return result; +} +UINT16 +TPMS_SCHEME_XOR_Marshal(TPMS_SCHEME_XOR *source, BYTE **buffer, INT32 *size) +{ + UINT16 result = 0; + result = (UINT16)(result + TPMI_ALG_HASH_Marshal((TPMI_ALG_HASH *)&(source->hashAlg), buffer, size)); + result = (UINT16)(result + TPMI_ALG_KDF_Marshal((TPMI_ALG_KDF *)&(source->kdf), buffer, size)); + return result; +} + +// Table 2:152 - Definition of TPMU_SCHEME_KEYEDHASH Union +TPM_RC +TPMU_SCHEME_KEYEDHASH_Unmarshal(TPMU_SCHEME_KEYEDHASH *target, BYTE **buffer, INT32 *size, UINT32 selector) +{ + switch(selector) { +#if ALG_HMAC + case ALG_HMAC_VALUE: + return TPMS_SCHEME_HMAC_Unmarshal((TPMS_SCHEME_HMAC *)&(target->hmac), buffer, size); +#endif // ALG_HMAC +#if ALG_XOR + case ALG_XOR_VALUE: + return TPMS_SCHEME_XOR_Unmarshal((TPMS_SCHEME_XOR *)&(target->xor), buffer, size); +#endif // ALG_XOR + case ALG_NULL_VALUE: + return TPM_RC_SUCCESS; + } + return TPM_RC_SELECTOR; +} +UINT16 +TPMU_SCHEME_KEYEDHASH_Marshal(TPMU_SCHEME_KEYEDHASH *source, BYTE **buffer, INT32 *size, UINT32 selector) +{ + switch(selector) { +#if ALG_HMAC + case ALG_HMAC_VALUE: + return TPMS_SCHEME_HMAC_Marshal((TPMS_SCHEME_HMAC *)&(source->hmac), buffer, size); +#endif // ALG_HMAC +#if ALG_XOR + case ALG_XOR_VALUE: + return TPMS_SCHEME_XOR_Marshal((TPMS_SCHEME_XOR *)&(source->xor), buffer, size); +#endif // ALG_XOR + case ALG_NULL_VALUE: + return 0; + } + return 0; +} + +// Table 2:153 - Definition of TPMT_KEYEDHASH_SCHEME Structure +TPM_RC +TPMT_KEYEDHASH_SCHEME_Unmarshal(TPMT_KEYEDHASH_SCHEME *target, BYTE **buffer, INT32 *size, BOOL flag) +{ + TPM_RC result; + result = TPMI_ALG_KEYEDHASH_SCHEME_Unmarshal((TPMI_ALG_KEYEDHASH_SCHEME *)&(target->scheme), buffer, size, flag); + if(result == TPM_RC_SUCCESS) + result = TPMU_SCHEME_KEYEDHASH_Unmarshal((TPMU_SCHEME_KEYEDHASH *)&(target->details), buffer, size, (UINT32)target->scheme); + return result; +} +UINT16 +TPMT_KEYEDHASH_SCHEME_Marshal(TPMT_KEYEDHASH_SCHEME *source, BYTE **buffer, INT32 *size) +{ + UINT16 result = 0; + result = (UINT16)(result + TPMI_ALG_KEYEDHASH_SCHEME_Marshal((TPMI_ALG_KEYEDHASH_SCHEME *)&(source->scheme), buffer, size)); + result = (UINT16)(result + TPMU_SCHEME_KEYEDHASH_Marshal((TPMU_SCHEME_KEYEDHASH *)&(source->details), buffer, size, (UINT32)source->scheme)); + return result; +} + +// Table 2:154 - Definition of Types for RSA Signature Schemes +#if ALG_RSA +#if !USE_MARSHALING_DEFINES +TPM_RC +TPMS_SIG_SCHEME_RSASSA_Unmarshal(TPMS_SIG_SCHEME_RSASSA *target, BYTE **buffer, INT32 *size) +{ + return TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)target, buffer, size); +} +UINT16 +TPMS_SIG_SCHEME_RSASSA_Marshal(TPMS_SIG_SCHEME_RSASSA *source, BYTE **buffer, INT32 *size) +{ + return TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)source, buffer, size); +} +TPM_RC +TPMS_SIG_SCHEME_RSAPSS_Unmarshal(TPMS_SIG_SCHEME_RSAPSS *target, BYTE **buffer, INT32 *size) +{ + return TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)target, buffer, size); +} +UINT16 +TPMS_SIG_SCHEME_RSAPSS_Marshal(TPMS_SIG_SCHEME_RSAPSS *source, BYTE **buffer, INT32 *size) +{ + return TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)source, buffer, size); +} +#endif // !USE_MARSHALING_DEFINES +#endif // ALG_RSA + +// Table 2:155 - Definition of Types for ECC Signature Schemes +#if ALG_ECC +#if !USE_MARSHALING_DEFINES +TPM_RC +TPMS_SIG_SCHEME_ECDSA_Unmarshal(TPMS_SIG_SCHEME_ECDSA *target, BYTE **buffer, INT32 *size) +{ + return TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)target, buffer, size); +} +UINT16 +TPMS_SIG_SCHEME_ECDSA_Marshal(TPMS_SIG_SCHEME_ECDSA *source, BYTE **buffer, INT32 *size) +{ + return TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)source, buffer, size); +} +TPM_RC +TPMS_SIG_SCHEME_SM2_Unmarshal(TPMS_SIG_SCHEME_SM2 *target, BYTE **buffer, INT32 *size) +{ + return TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)target, buffer, size); +} +UINT16 +TPMS_SIG_SCHEME_SM2_Marshal(TPMS_SIG_SCHEME_SM2 *source, BYTE **buffer, INT32 *size) +{ + return TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)source, buffer, size); +} +TPM_RC +TPMS_SIG_SCHEME_ECSCHNORR_Unmarshal(TPMS_SIG_SCHEME_ECSCHNORR *target, BYTE **buffer, INT32 *size) +{ + return TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)target, buffer, size); +} +UINT16 +TPMS_SIG_SCHEME_ECSCHNORR_Marshal(TPMS_SIG_SCHEME_ECSCHNORR *source, BYTE **buffer, INT32 *size) +{ + return TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)source, buffer, size); +} +TPM_RC +TPMS_SIG_SCHEME_ECDAA_Unmarshal(TPMS_SIG_SCHEME_ECDAA *target, BYTE **buffer, INT32 *size) +{ + return TPMS_SCHEME_ECDAA_Unmarshal((TPMS_SCHEME_ECDAA *)target, buffer, size); +} +UINT16 +TPMS_SIG_SCHEME_ECDAA_Marshal(TPMS_SIG_SCHEME_ECDAA *source, BYTE **buffer, INT32 *size) +{ + return TPMS_SCHEME_ECDAA_Marshal((TPMS_SCHEME_ECDAA *)source, buffer, size); +} +#endif // !USE_MARSHALING_DEFINES +#endif // ALG_ECC + +// Table 2:156 - Definition of TPMU_SIG_SCHEME Union +TPM_RC +TPMU_SIG_SCHEME_Unmarshal(TPMU_SIG_SCHEME *target, BYTE **buffer, INT32 *size, UINT32 selector) +{ + switch(selector) { +#if ALG_ECDAA + case ALG_ECDAA_VALUE: + return TPMS_SIG_SCHEME_ECDAA_Unmarshal((TPMS_SIG_SCHEME_ECDAA *)&(target->ecdaa), buffer, size); +#endif // ALG_ECDAA +#if ALG_RSASSA + case ALG_RSASSA_VALUE: + return TPMS_SIG_SCHEME_RSASSA_Unmarshal((TPMS_SIG_SCHEME_RSASSA *)&(target->rsassa), buffer, size); +#endif // ALG_RSASSA +#if ALG_RSAPSS + case ALG_RSAPSS_VALUE: + return TPMS_SIG_SCHEME_RSAPSS_Unmarshal((TPMS_SIG_SCHEME_RSAPSS *)&(target->rsapss), buffer, size); +#endif // ALG_RSAPSS +#if ALG_ECDSA + case ALG_ECDSA_VALUE: + return TPMS_SIG_SCHEME_ECDSA_Unmarshal((TPMS_SIG_SCHEME_ECDSA *)&(target->ecdsa), buffer, size); +#endif // ALG_ECDSA +#if ALG_SM2 + case ALG_SM2_VALUE: + return TPMS_SIG_SCHEME_SM2_Unmarshal((TPMS_SIG_SCHEME_SM2 *)&(target->sm2), buffer, size); +#endif // ALG_SM2 +#if ALG_ECSCHNORR + case ALG_ECSCHNORR_VALUE: + return TPMS_SIG_SCHEME_ECSCHNORR_Unmarshal((TPMS_SIG_SCHEME_ECSCHNORR *)&(target->ecschnorr), buffer, size); +#endif // ALG_ECSCHNORR +#if ALG_HMAC + case ALG_HMAC_VALUE: + return TPMS_SCHEME_HMAC_Unmarshal((TPMS_SCHEME_HMAC *)&(target->hmac), buffer, size); +#endif // ALG_HMAC + case ALG_NULL_VALUE: + return TPM_RC_SUCCESS; + } + return TPM_RC_SELECTOR; +} +UINT16 +TPMU_SIG_SCHEME_Marshal(TPMU_SIG_SCHEME *source, BYTE **buffer, INT32 *size, UINT32 selector) +{ + switch(selector) { +#if ALG_ECDAA + case ALG_ECDAA_VALUE: + return TPMS_SIG_SCHEME_ECDAA_Marshal((TPMS_SIG_SCHEME_ECDAA *)&(source->ecdaa), buffer, size); +#endif // ALG_ECDAA +#if ALG_RSASSA + case ALG_RSASSA_VALUE: + return TPMS_SIG_SCHEME_RSASSA_Marshal((TPMS_SIG_SCHEME_RSASSA *)&(source->rsassa), buffer, size); +#endif // ALG_RSASSA +#if ALG_RSAPSS + case ALG_RSAPSS_VALUE: + return TPMS_SIG_SCHEME_RSAPSS_Marshal((TPMS_SIG_SCHEME_RSAPSS *)&(source->rsapss), buffer, size); +#endif // ALG_RSAPSS +#if ALG_ECDSA + case ALG_ECDSA_VALUE: + return TPMS_SIG_SCHEME_ECDSA_Marshal((TPMS_SIG_SCHEME_ECDSA *)&(source->ecdsa), buffer, size); +#endif // ALG_ECDSA +#if ALG_SM2 + case ALG_SM2_VALUE: + return TPMS_SIG_SCHEME_SM2_Marshal((TPMS_SIG_SCHEME_SM2 *)&(source->sm2), buffer, size); +#endif // ALG_SM2 +#if ALG_ECSCHNORR + case ALG_ECSCHNORR_VALUE: + return TPMS_SIG_SCHEME_ECSCHNORR_Marshal((TPMS_SIG_SCHEME_ECSCHNORR *)&(source->ecschnorr), buffer, size); +#endif // ALG_ECSCHNORR +#if ALG_HMAC + case ALG_HMAC_VALUE: + return TPMS_SCHEME_HMAC_Marshal((TPMS_SCHEME_HMAC *)&(source->hmac), buffer, size); +#endif // ALG_HMAC + case ALG_NULL_VALUE: + return 0; + } + return 0; +} + +// Table 2:157 - Definition of TPMT_SIG_SCHEME Structure +TPM_RC +TPMT_SIG_SCHEME_Unmarshal(TPMT_SIG_SCHEME *target, BYTE **buffer, INT32 *size, BOOL flag) +{ + TPM_RC result; + result = TPMI_ALG_SIG_SCHEME_Unmarshal((TPMI_ALG_SIG_SCHEME *)&(target->scheme), buffer, size, flag); + if(result == TPM_RC_SUCCESS) + result = TPMU_SIG_SCHEME_Unmarshal((TPMU_SIG_SCHEME *)&(target->details), buffer, size, (UINT32)target->scheme); + return result; +} +UINT16 +TPMT_SIG_SCHEME_Marshal(TPMT_SIG_SCHEME *source, BYTE **buffer, INT32 *size) +{ + UINT16 result = 0; + result = (UINT16)(result + TPMI_ALG_SIG_SCHEME_Marshal((TPMI_ALG_SIG_SCHEME *)&(source->scheme), buffer, size)); + result = (UINT16)(result + TPMU_SIG_SCHEME_Marshal((TPMU_SIG_SCHEME *)&(source->details), buffer, size, (UINT32)source->scheme)); + return result; +} + +// Table 2:158 - Definition of Types for Encryption Schemes +#if ALG_RSA +#if !USE_MARSHALING_DEFINES +TPM_RC +TPMS_ENC_SCHEME_OAEP_Unmarshal(TPMS_ENC_SCHEME_OAEP *target, BYTE **buffer, INT32 *size) +{ + return TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)target, buffer, size); +} +UINT16 +TPMS_ENC_SCHEME_OAEP_Marshal(TPMS_ENC_SCHEME_OAEP *source, BYTE **buffer, INT32 *size) +{ + return TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)source, buffer, size); +} +TPM_RC +TPMS_ENC_SCHEME_RSAES_Unmarshal(TPMS_ENC_SCHEME_RSAES *target, BYTE **buffer, INT32 *size) +{ + return TPMS_EMPTY_Unmarshal((TPMS_EMPTY *)target, buffer, size); +} +UINT16 +TPMS_ENC_SCHEME_RSAES_Marshal(TPMS_ENC_SCHEME_RSAES *source, BYTE **buffer, INT32 *size) +{ + return TPMS_EMPTY_Marshal((TPMS_EMPTY *)source, buffer, size); +} +#endif // !USE_MARSHALING_DEFINES +#endif // ALG_RSA + +// Table 2:159 - Definition of Types for ECC Key Exchange +#if ALG_ECC +#if !USE_MARSHALING_DEFINES +TPM_RC +TPMS_KEY_SCHEME_ECDH_Unmarshal(TPMS_KEY_SCHEME_ECDH *target, BYTE **buffer, INT32 *size) +{ + return TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)target, buffer, size); +} +UINT16 +TPMS_KEY_SCHEME_ECDH_Marshal(TPMS_KEY_SCHEME_ECDH *source, BYTE **buffer, INT32 *size) +{ + return TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)source, buffer, size); +} +TPM_RC +TPMS_KEY_SCHEME_ECMQV_Unmarshal(TPMS_KEY_SCHEME_ECMQV *target, BYTE **buffer, INT32 *size) +{ + return TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)target, buffer, size); +} +UINT16 +TPMS_KEY_SCHEME_ECMQV_Marshal(TPMS_KEY_SCHEME_ECMQV *source, BYTE **buffer, INT32 *size) +{ + return TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)source, buffer, size); +} +#endif // !USE_MARSHALING_DEFINES +#endif // ALG_ECC + +// Table 2:160 - Definition of Types for KDF Schemes +#if !USE_MARSHALING_DEFINES +TPM_RC +TPMS_SCHEME_MGF1_Unmarshal(TPMS_SCHEME_MGF1 *target, BYTE **buffer, INT32 *size) +{ + return TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)target, buffer, size); +} +UINT16 +TPMS_SCHEME_MGF1_Marshal(TPMS_SCHEME_MGF1 *source, BYTE **buffer, INT32 *size) +{ + return TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)source, buffer, size); +} +TPM_RC +TPMS_SCHEME_KDF1_SP800_56A_Unmarshal(TPMS_SCHEME_KDF1_SP800_56A *target, BYTE **buffer, INT32 *size) +{ + return TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)target, buffer, size); +} +UINT16 +TPMS_SCHEME_KDF1_SP800_56A_Marshal(TPMS_SCHEME_KDF1_SP800_56A *source, BYTE **buffer, INT32 *size) +{ + return TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)source, buffer, size); +} +TPM_RC +TPMS_SCHEME_KDF2_Unmarshal(TPMS_SCHEME_KDF2 *target, BYTE **buffer, INT32 *size) +{ + return TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)target, buffer, size); +} +UINT16 +TPMS_SCHEME_KDF2_Marshal(TPMS_SCHEME_KDF2 *source, BYTE **buffer, INT32 *size) +{ + return TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)source, buffer, size); +} +TPM_RC +TPMS_SCHEME_KDF1_SP800_108_Unmarshal(TPMS_SCHEME_KDF1_SP800_108 *target, BYTE **buffer, INT32 *size) +{ + return TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)target, buffer, size); +} +UINT16 +TPMS_SCHEME_KDF1_SP800_108_Marshal(TPMS_SCHEME_KDF1_SP800_108 *source, BYTE **buffer, INT32 *size) +{ + return TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)source, buffer, size); +} +#endif // !USE_MARSHALING_DEFINES + +// Table 2:161 - Definition of TPMU_KDF_SCHEME Union +TPM_RC +TPMU_KDF_SCHEME_Unmarshal(TPMU_KDF_SCHEME *target, BYTE **buffer, INT32 *size, UINT32 selector) +{ + switch(selector) { +#if ALG_MGF1 + case ALG_MGF1_VALUE: + return TPMS_SCHEME_MGF1_Unmarshal((TPMS_SCHEME_MGF1 *)&(target->mgf1), buffer, size); +#endif // ALG_MGF1 +#if ALG_KDF1_SP800_56A + case ALG_KDF1_SP800_56A_VALUE: + return TPMS_SCHEME_KDF1_SP800_56A_Unmarshal((TPMS_SCHEME_KDF1_SP800_56A *)&(target->kdf1_sp800_56a), buffer, size); +#endif // ALG_KDF1_SP800_56A +#if ALG_KDF2 + case ALG_KDF2_VALUE: + return TPMS_SCHEME_KDF2_Unmarshal((TPMS_SCHEME_KDF2 *)&(target->kdf2), buffer, size); +#endif // ALG_KDF2 +#if ALG_KDF1_SP800_108 + case ALG_KDF1_SP800_108_VALUE: + return TPMS_SCHEME_KDF1_SP800_108_Unmarshal((TPMS_SCHEME_KDF1_SP800_108 *)&(target->kdf1_sp800_108), buffer, size); +#endif // ALG_KDF1_SP800_108 + case ALG_NULL_VALUE: + return TPM_RC_SUCCESS; + } + return TPM_RC_SELECTOR; +} +UINT16 +TPMU_KDF_SCHEME_Marshal(TPMU_KDF_SCHEME *source, BYTE **buffer, INT32 *size, UINT32 selector) +{ + switch(selector) { +#if ALG_MGF1 + case ALG_MGF1_VALUE: + return TPMS_SCHEME_MGF1_Marshal((TPMS_SCHEME_MGF1 *)&(source->mgf1), buffer, size); +#endif // ALG_MGF1 +#if ALG_KDF1_SP800_56A + case ALG_KDF1_SP800_56A_VALUE: + return TPMS_SCHEME_KDF1_SP800_56A_Marshal((TPMS_SCHEME_KDF1_SP800_56A *)&(source->kdf1_sp800_56a), buffer, size); +#endif // ALG_KDF1_SP800_56A +#if ALG_KDF2 + case ALG_KDF2_VALUE: + return TPMS_SCHEME_KDF2_Marshal((TPMS_SCHEME_KDF2 *)&(source->kdf2), buffer, size); +#endif // ALG_KDF2 +#if ALG_KDF1_SP800_108 + case ALG_KDF1_SP800_108_VALUE: + return TPMS_SCHEME_KDF1_SP800_108_Marshal((TPMS_SCHEME_KDF1_SP800_108 *)&(source->kdf1_sp800_108), buffer, size); +#endif // ALG_KDF1_SP800_108 + case ALG_NULL_VALUE: + return 0; + } + return 0; +} + +// Table 2:162 - Definition of TPMT_KDF_SCHEME Structure +TPM_RC +TPMT_KDF_SCHEME_Unmarshal(TPMT_KDF_SCHEME *target, BYTE **buffer, INT32 *size, BOOL flag) +{ + TPM_RC result; + result = TPMI_ALG_KDF_Unmarshal((TPMI_ALG_KDF *)&(target->scheme), buffer, size, flag); + if(result == TPM_RC_SUCCESS) + result = TPMU_KDF_SCHEME_Unmarshal((TPMU_KDF_SCHEME *)&(target->details), buffer, size, (UINT32)target->scheme); + return result; +} +UINT16 +TPMT_KDF_SCHEME_Marshal(TPMT_KDF_SCHEME *source, BYTE **buffer, INT32 *size) +{ + UINT16 result = 0; + result = (UINT16)(result + TPMI_ALG_KDF_Marshal((TPMI_ALG_KDF *)&(source->scheme), buffer, size)); + result = (UINT16)(result + TPMU_KDF_SCHEME_Marshal((TPMU_KDF_SCHEME *)&(source->details), buffer, size, (UINT32)source->scheme)); + return result; +} + +// Table 2:163 - Definition of TPMI_ALG_ASYM_SCHEME Type +TPM_RC +TPMI_ALG_ASYM_SCHEME_Unmarshal(TPMI_ALG_ASYM_SCHEME *target, BYTE **buffer, INT32 *size, BOOL flag) +{ + TPM_RC result; + result = TPM_ALG_ID_Unmarshal((TPM_ALG_ID *)target, buffer, size); + if(result == TPM_RC_SUCCESS) + { + switch (*target) + { +#if ALG_ECDH + case ALG_ECDH_VALUE: +#endif // ALG_ECDH +#if ALG_ECMQV + case ALG_ECMQV_VALUE: +#endif // ALG_ECMQV +#if ALG_ECDAA + case ALG_ECDAA_VALUE: +#endif // ALG_ECDAA +#if ALG_RSASSA + case ALG_RSASSA_VALUE: +#endif // ALG_RSASSA +#if ALG_RSAPSS + case ALG_RSAPSS_VALUE: +#endif // ALG_RSAPSS +#if ALG_ECDSA + case ALG_ECDSA_VALUE: +#endif // ALG_ECDSA +#if ALG_SM2 + case ALG_SM2_VALUE: +#endif // ALG_SM2 +#if ALG_ECSCHNORR + case ALG_ECSCHNORR_VALUE: +#endif // ALG_ECSCHNORR +#if ALG_RSAES + case ALG_RSAES_VALUE: +#endif // ALG_RSAES +#if ALG_OAEP + case ALG_OAEP_VALUE: +#endif // ALG_OAEP + break; + case ALG_NULL_VALUE: + if(!flag) + result = TPM_RC_VALUE; + break; + default: + result = TPM_RC_VALUE; + break; + } + } + return result; +} +#if !USE_MARSHALING_DEFINES +UINT16 +TPMI_ALG_ASYM_SCHEME_Marshal(TPMI_ALG_ASYM_SCHEME *source, BYTE **buffer, INT32 *size) +{ + return TPM_ALG_ID_Marshal((TPM_ALG_ID *)source, buffer, size); +} +#endif // !USE_MARSHALING_DEFINES + +// Table 2:164 - Definition of TPMU_ASYM_SCHEME Union +TPM_RC +TPMU_ASYM_SCHEME_Unmarshal(TPMU_ASYM_SCHEME *target, BYTE **buffer, INT32 *size, UINT32 selector) +{ + switch(selector) { +#if ALG_ECDH + case ALG_ECDH_VALUE: + return TPMS_KEY_SCHEME_ECDH_Unmarshal((TPMS_KEY_SCHEME_ECDH *)&(target->ecdh), buffer, size); +#endif // ALG_ECDH +#if ALG_ECMQV + case ALG_ECMQV_VALUE: + return TPMS_KEY_SCHEME_ECMQV_Unmarshal((TPMS_KEY_SCHEME_ECMQV *)&(target->ecmqv), buffer, size); +#endif // ALG_ECMQV +#if ALG_ECDAA + case ALG_ECDAA_VALUE: + return TPMS_SIG_SCHEME_ECDAA_Unmarshal((TPMS_SIG_SCHEME_ECDAA *)&(target->ecdaa), buffer, size); +#endif // ALG_ECDAA +#if ALG_RSASSA + case ALG_RSASSA_VALUE: + return TPMS_SIG_SCHEME_RSASSA_Unmarshal((TPMS_SIG_SCHEME_RSASSA *)&(target->rsassa), buffer, size); +#endif // ALG_RSASSA +#if ALG_RSAPSS + case ALG_RSAPSS_VALUE: + return TPMS_SIG_SCHEME_RSAPSS_Unmarshal((TPMS_SIG_SCHEME_RSAPSS *)&(target->rsapss), buffer, size); +#endif // ALG_RSAPSS +#if ALG_ECDSA + case ALG_ECDSA_VALUE: + return TPMS_SIG_SCHEME_ECDSA_Unmarshal((TPMS_SIG_SCHEME_ECDSA *)&(target->ecdsa), buffer, size); +#endif // ALG_ECDSA +#if ALG_SM2 + case ALG_SM2_VALUE: + return TPMS_SIG_SCHEME_SM2_Unmarshal((TPMS_SIG_SCHEME_SM2 *)&(target->sm2), buffer, size); +#endif // ALG_SM2 +#if ALG_ECSCHNORR + case ALG_ECSCHNORR_VALUE: + return TPMS_SIG_SCHEME_ECSCHNORR_Unmarshal((TPMS_SIG_SCHEME_ECSCHNORR *)&(target->ecschnorr), buffer, size); +#endif // ALG_ECSCHNORR +#if ALG_RSAES + case ALG_RSAES_VALUE: + return TPMS_ENC_SCHEME_RSAES_Unmarshal((TPMS_ENC_SCHEME_RSAES *)&(target->rsaes), buffer, size); +#endif // ALG_RSAES +#if ALG_OAEP + case ALG_OAEP_VALUE: + return TPMS_ENC_SCHEME_OAEP_Unmarshal((TPMS_ENC_SCHEME_OAEP *)&(target->oaep), buffer, size); +#endif // ALG_OAEP + case ALG_NULL_VALUE: + return TPM_RC_SUCCESS; + } + return TPM_RC_SELECTOR; +} +UINT16 +TPMU_ASYM_SCHEME_Marshal(TPMU_ASYM_SCHEME *source, BYTE **buffer, INT32 *size, UINT32 selector) +{ + switch(selector) { +#if ALG_ECDH + case ALG_ECDH_VALUE: + return TPMS_KEY_SCHEME_ECDH_Marshal((TPMS_KEY_SCHEME_ECDH *)&(source->ecdh), buffer, size); +#endif // ALG_ECDH +#if ALG_ECMQV + case ALG_ECMQV_VALUE: + return TPMS_KEY_SCHEME_ECMQV_Marshal((TPMS_KEY_SCHEME_ECMQV *)&(source->ecmqv), buffer, size); +#endif // ALG_ECMQV +#if ALG_ECDAA + case ALG_ECDAA_VALUE: + return TPMS_SIG_SCHEME_ECDAA_Marshal((TPMS_SIG_SCHEME_ECDAA *)&(source->ecdaa), buffer, size); +#endif // ALG_ECDAA +#if ALG_RSASSA + case ALG_RSASSA_VALUE: + return TPMS_SIG_SCHEME_RSASSA_Marshal((TPMS_SIG_SCHEME_RSASSA *)&(source->rsassa), buffer, size); +#endif // ALG_RSASSA +#if ALG_RSAPSS + case ALG_RSAPSS_VALUE: + return TPMS_SIG_SCHEME_RSAPSS_Marshal((TPMS_SIG_SCHEME_RSAPSS *)&(source->rsapss), buffer, size); +#endif // ALG_RSAPSS +#if ALG_ECDSA + case ALG_ECDSA_VALUE: + return TPMS_SIG_SCHEME_ECDSA_Marshal((TPMS_SIG_SCHEME_ECDSA *)&(source->ecdsa), buffer, size); +#endif // ALG_ECDSA +#if ALG_SM2 + case ALG_SM2_VALUE: + return TPMS_SIG_SCHEME_SM2_Marshal((TPMS_SIG_SCHEME_SM2 *)&(source->sm2), buffer, size); +#endif // ALG_SM2 +#if ALG_ECSCHNORR + case ALG_ECSCHNORR_VALUE: + return TPMS_SIG_SCHEME_ECSCHNORR_Marshal((TPMS_SIG_SCHEME_ECSCHNORR *)&(source->ecschnorr), buffer, size); +#endif // ALG_ECSCHNORR +#if ALG_RSAES + case ALG_RSAES_VALUE: + return TPMS_ENC_SCHEME_RSAES_Marshal((TPMS_ENC_SCHEME_RSAES *)&(source->rsaes), buffer, size); +#endif // ALG_RSAES +#if ALG_OAEP + case ALG_OAEP_VALUE: + return TPMS_ENC_SCHEME_OAEP_Marshal((TPMS_ENC_SCHEME_OAEP *)&(source->oaep), buffer, size); +#endif // ALG_OAEP + case ALG_NULL_VALUE: + return 0; + } + return 0; +} + +// Table 2:165 - Definition of TPMT_ASYM_SCHEME Structure +// Table 2:166 - Definition of TPMI_ALG_RSA_SCHEME Type +#if ALG_RSA +TPM_RC +TPMI_ALG_RSA_SCHEME_Unmarshal(TPMI_ALG_RSA_SCHEME *target, BYTE **buffer, INT32 *size, BOOL flag) +{ + TPM_RC result; + result = TPM_ALG_ID_Unmarshal((TPM_ALG_ID *)target, buffer, size); + if(result == TPM_RC_SUCCESS) + { + switch (*target) + { +#if ALG_RSAES + case ALG_RSAES_VALUE: +#endif // ALG_RSAES +#if ALG_OAEP + case ALG_OAEP_VALUE: +#endif // ALG_OAEP +#if ALG_RSASSA + case ALG_RSASSA_VALUE: +#endif // ALG_RSASSA +#if ALG_RSAPSS + case ALG_RSAPSS_VALUE: +#endif // ALG_RSAPSS + break; + case ALG_NULL_VALUE: + if(!flag) + result = TPM_RC_VALUE; + break; + default: + result = TPM_RC_VALUE; + break; + } + } + return result; +} +#if !USE_MARSHALING_DEFINES +UINT16 +TPMI_ALG_RSA_SCHEME_Marshal(TPMI_ALG_RSA_SCHEME *source, BYTE **buffer, INT32 *size) +{ + return TPM_ALG_ID_Marshal((TPM_ALG_ID *)source, buffer, size); +} +#endif // !USE_MARSHALING_DEFINES +#endif // ALG_RSA + +// Table 2:167 - Definition of TPMT_RSA_SCHEME Structure +#if ALG_RSA +TPM_RC +TPMT_RSA_SCHEME_Unmarshal(TPMT_RSA_SCHEME *target, BYTE **buffer, INT32 *size, BOOL flag) +{ + TPM_RC result; + result = TPMI_ALG_RSA_SCHEME_Unmarshal((TPMI_ALG_RSA_SCHEME *)&(target->scheme), buffer, size, flag); + if(result == TPM_RC_SUCCESS) + result = TPMU_ASYM_SCHEME_Unmarshal((TPMU_ASYM_SCHEME *)&(target->details), buffer, size, (UINT32)target->scheme); + return result; +} +UINT16 +TPMT_RSA_SCHEME_Marshal(TPMT_RSA_SCHEME *source, BYTE **buffer, INT32 *size) +{ + UINT16 result = 0; + result = (UINT16)(result + TPMI_ALG_RSA_SCHEME_Marshal((TPMI_ALG_RSA_SCHEME *)&(source->scheme), buffer, size)); + result = (UINT16)(result + TPMU_ASYM_SCHEME_Marshal((TPMU_ASYM_SCHEME *)&(source->details), buffer, size, (UINT32)source->scheme)); + return result; +} +#endif // ALG_RSA + +// Table 2:168 - Definition of TPMI_ALG_RSA_DECRYPT Type +#if ALG_RSA +TPM_RC +TPMI_ALG_RSA_DECRYPT_Unmarshal(TPMI_ALG_RSA_DECRYPT *target, BYTE **buffer, INT32 *size, BOOL flag) +{ + TPM_RC result; + result = TPM_ALG_ID_Unmarshal((TPM_ALG_ID *)target, buffer, size); + if(result == TPM_RC_SUCCESS) + { + switch (*target) + { +#if ALG_RSAES + case ALG_RSAES_VALUE: +#endif // ALG_RSAES +#if ALG_OAEP + case ALG_OAEP_VALUE: +#endif // ALG_OAEP + break; + case ALG_NULL_VALUE: + if(!flag) + result = TPM_RC_VALUE; + break; + default: + result = TPM_RC_VALUE; + break; + } + } + return result; +} +#if !USE_MARSHALING_DEFINES +UINT16 +TPMI_ALG_RSA_DECRYPT_Marshal(TPMI_ALG_RSA_DECRYPT *source, BYTE **buffer, INT32 *size) +{ + return TPM_ALG_ID_Marshal((TPM_ALG_ID *)source, buffer, size); +} +#endif // !USE_MARSHALING_DEFINES +#endif // ALG_RSA + +// Table 2:169 - Definition of TPMT_RSA_DECRYPT Structure +#if ALG_RSA +TPM_RC +TPMT_RSA_DECRYPT_Unmarshal(TPMT_RSA_DECRYPT *target, BYTE **buffer, INT32 *size, BOOL flag) +{ + TPM_RC result; + result = TPMI_ALG_RSA_DECRYPT_Unmarshal((TPMI_ALG_RSA_DECRYPT *)&(target->scheme), buffer, size, flag); + if(result == TPM_RC_SUCCESS) + result = TPMU_ASYM_SCHEME_Unmarshal((TPMU_ASYM_SCHEME *)&(target->details), buffer, size, (UINT32)target->scheme); + return result; +} +UINT16 +TPMT_RSA_DECRYPT_Marshal(TPMT_RSA_DECRYPT *source, BYTE **buffer, INT32 *size) +{ + UINT16 result = 0; + result = (UINT16)(result + TPMI_ALG_RSA_DECRYPT_Marshal((TPMI_ALG_RSA_DECRYPT *)&(source->scheme), buffer, size)); + result = (UINT16)(result + TPMU_ASYM_SCHEME_Marshal((TPMU_ASYM_SCHEME *)&(source->details), buffer, size, (UINT32)source->scheme)); + return result; +} +#endif // ALG_RSA + +// Table 2:170 - Definition of TPM2B_PUBLIC_KEY_RSA Structure +#if ALG_RSA +TPM_RC +TPM2B_PUBLIC_KEY_RSA_Unmarshal(TPM2B_PUBLIC_KEY_RSA *target, BYTE **buffer, INT32 *size) +{ + TPM_RC result; + result = UINT16_Unmarshal((UINT16 *)&(target->t.size), buffer, size); + if(result == TPM_RC_SUCCESS) + { + if((target->t.size) > MAX_RSA_KEY_BYTES) + result = TPM_RC_SIZE; + else + result = BYTE_Array_Unmarshal((BYTE *)(target->t.buffer), buffer, size, (INT32)(target->t.size)); + } + return result; +} +UINT16 +TPM2B_PUBLIC_KEY_RSA_Marshal(TPM2B_PUBLIC_KEY_RSA *source, BYTE **buffer, INT32 *size) +{ + UINT16 result = 0; + result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->t.size), buffer, size)); + // if size equal to 0, the rest of the structure is a zero buffer. Stop processing + if(source->t.size == 0) + return result; + result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->t.buffer), buffer, size, (INT32)(source->t.size))); + return result; +} +#endif // ALG_RSA + +// Table 2:171 - Definition of TPMI_RSA_KEY_BITS Type +#if ALG_RSA +TPM_RC +TPMI_RSA_KEY_BITS_Unmarshal(TPMI_RSA_KEY_BITS *target, BYTE **buffer, INT32 *size) +{ + TPM_RC result; + result = TPM_KEY_BITS_Unmarshal((TPM_KEY_BITS *)target, buffer, size); + if(result == TPM_RC_SUCCESS) + { + switch (*target) + { +#if RSA_1024 + case 1024: +#endif // RSA_1024 +#if RSA_2048 + case 2048: +#endif // RSA_2048 +#if RSA_3072 + case 3072: +#endif // RSA_3072 +#if RSA_4096 + case 4096: +#endif // RSA_4096 + break; + default: + result = TPM_RC_VALUE; + break; + } + } + return result; +} +#if !USE_MARSHALING_DEFINES +UINT16 +TPMI_RSA_KEY_BITS_Marshal(TPMI_RSA_KEY_BITS *source, BYTE **buffer, INT32 *size) +{ + return TPM_KEY_BITS_Marshal((TPM_KEY_BITS *)source, buffer, size); +} +#endif // !USE_MARSHALING_DEFINES +#endif // ALG_RSA + +// Table 2:172 - Definition of TPM2B_PRIVATE_KEY_RSA Structure +#if ALG_RSA +TPM_RC +TPM2B_PRIVATE_KEY_RSA_Unmarshal(TPM2B_PRIVATE_KEY_RSA *target, BYTE **buffer, INT32 *size) +{ + TPM_RC result; + result = UINT16_Unmarshal((UINT16 *)&(target->t.size), buffer, size); + if(result == TPM_RC_SUCCESS) + { + if((target->t.size) > RSA_PRIVATE_SIZE) + result = TPM_RC_SIZE; + else + result = BYTE_Array_Unmarshal((BYTE *)(target->t.buffer), buffer, size, (INT32)(target->t.size)); + } + return result; +} +UINT16 +TPM2B_PRIVATE_KEY_RSA_Marshal(TPM2B_PRIVATE_KEY_RSA *source, BYTE **buffer, INT32 *size) +{ + UINT16 result = 0; + result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->t.size), buffer, size)); + // if size equal to 0, the rest of the structure is a zero buffer. Stop processing + if(source->t.size == 0) + return result; + result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->t.buffer), buffer, size, (INT32)(source->t.size))); + return result; +} +#endif // ALG_RSA + +// Table 2:173 - Definition of TPM2B_ECC_PARAMETER Structure +TPM_RC +TPM2B_ECC_PARAMETER_Unmarshal(TPM2B_ECC_PARAMETER *target, BYTE **buffer, INT32 *size) +{ + TPM_RC result; + result = UINT16_Unmarshal((UINT16 *)&(target->t.size), buffer, size); + if(result == TPM_RC_SUCCESS) + { + if((target->t.size) > MAX_ECC_KEY_BYTES) + result = TPM_RC_SIZE; + else + result = BYTE_Array_Unmarshal((BYTE *)(target->t.buffer), buffer, size, (INT32)(target->t.size)); + } + return result; +} +UINT16 +TPM2B_ECC_PARAMETER_Marshal(TPM2B_ECC_PARAMETER *source, BYTE **buffer, INT32 *size) +{ + UINT16 result = 0; + result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->t.size), buffer, size)); + // if size equal to 0, the rest of the structure is a zero buffer. Stop processing + if(source->t.size == 0) + return result; + result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->t.buffer), buffer, size, (INT32)(source->t.size))); + return result; +} + +// Table 2:174 - Definition of TPMS_ECC_POINT Structure +#if ALG_ECC +TPM_RC +TPMS_ECC_POINT_Unmarshal(TPMS_ECC_POINT *target, BYTE **buffer, INT32 *size) +{ + TPM_RC result; + result = TPM2B_ECC_PARAMETER_Unmarshal((TPM2B_ECC_PARAMETER *)&(target->x), buffer, size); + if(result == TPM_RC_SUCCESS) + result = TPM2B_ECC_PARAMETER_Unmarshal((TPM2B_ECC_PARAMETER *)&(target->y), buffer, size); + return result; +} +UINT16 +TPMS_ECC_POINT_Marshal(TPMS_ECC_POINT *source, BYTE **buffer, INT32 *size) +{ + UINT16 result = 0; + result = (UINT16)(result + TPM2B_ECC_PARAMETER_Marshal((TPM2B_ECC_PARAMETER *)&(source->x), buffer, size)); + result = (UINT16)(result + TPM2B_ECC_PARAMETER_Marshal((TPM2B_ECC_PARAMETER *)&(source->y), buffer, size)); + return result; +} +#endif // ALG_ECC + +// Table 2:175 - Definition of TPM2B_ECC_POINT Structure +#if ALG_ECC +TPM_RC +TPM2B_ECC_POINT_Unmarshal(TPM2B_ECC_POINT *target, BYTE **buffer, INT32 *size) +{ + TPM_RC result; + result = UINT16_Unmarshal((UINT16 *)&(target->size), buffer, size); // =a + if(result == TPM_RC_SUCCESS) + { + // if size is zero, then the required structure is missing + if(target->size == 0) + result = TPM_RC_SIZE; + else + { + INT32 startSize = *size; + result = TPMS_ECC_POINT_Unmarshal((TPMS_ECC_POINT *)&(target->point), buffer, size); // =b + if(result == TPM_RC_SUCCESS) + { + if(target->size != (startSize - *size)) + result = TPM_RC_SIZE; + } + } + } + return result; +} +UINT16 +TPM2B_ECC_POINT_Marshal(TPM2B_ECC_POINT *source, BYTE **buffer, INT32 *size) +{ + UINT16 result = 0; + // Marshal a dummy value of the 2B size. This makes sure that 'buffer' + // and 'size' are advanced as necessary (i.e., if they are present) + result = UINT16_Marshal(&result, buffer, size); + // Marshal the structure + result = (UINT16)(result + TPMS_ECC_POINT_Marshal((TPMS_ECC_POINT *)&(source->point), buffer, size)); + // if a buffer was provided, go back and fill in the actual size + if(buffer != NULL) + UINT16_TO_BYTE_ARRAY((result - 2), (*buffer - result)); + return result; +} +#endif // ALG_ECC + +// Table 2:176 - Definition of TPMI_ALG_ECC_SCHEME Type +#if ALG_ECC +TPM_RC +TPMI_ALG_ECC_SCHEME_Unmarshal(TPMI_ALG_ECC_SCHEME *target, BYTE **buffer, INT32 *size, BOOL flag) +{ + TPM_RC result; + result = TPM_ALG_ID_Unmarshal((TPM_ALG_ID *)target, buffer, size); + if(result == TPM_RC_SUCCESS) + { + switch (*target) + { +#if ALG_ECDAA + case ALG_ECDAA_VALUE: +#endif // ALG_ECDAA +#if ALG_ECDSA + case ALG_ECDSA_VALUE: +#endif // ALG_ECDSA +#if ALG_SM2 + case ALG_SM2_VALUE: +#endif // ALG_SM2 +#if ALG_ECSCHNORR + case ALG_ECSCHNORR_VALUE: +#endif // ALG_ECSCHNORR +#if ALG_ECDH + case ALG_ECDH_VALUE: +#endif // ALG_ECDH +#if ALG_ECMQV + case ALG_ECMQV_VALUE: +#endif // ALG_ECMQV + break; + case ALG_NULL_VALUE: + if(!flag) + result = TPM_RC_SCHEME; + break; + default: + result = TPM_RC_SCHEME; + break; + } + } + return result; +} +#if !USE_MARSHALING_DEFINES +UINT16 +TPMI_ALG_ECC_SCHEME_Marshal(TPMI_ALG_ECC_SCHEME *source, BYTE **buffer, INT32 *size) +{ + return TPM_ALG_ID_Marshal((TPM_ALG_ID *)source, buffer, size); +} +#endif // !USE_MARSHALING_DEFINES +#endif // ALG_ECC + +// Table 2:177 - Definition of TPMI_ECC_CURVE Type +#if ALG_ECC +TPM_RC +TPMI_ECC_CURVE_Unmarshal(TPMI_ECC_CURVE *target, BYTE **buffer, INT32 *size) +{ + TPM_RC result; + result = TPM_ECC_CURVE_Unmarshal((TPM_ECC_CURVE *)target, buffer, size); + if(result == TPM_RC_SUCCESS) + { + switch (*target) + { +#if ECC_BN_P256 + case TPM_ECC_BN_P256: +#endif // ECC_BN_P256 +#if ECC_BN_P638 + case TPM_ECC_BN_P638: +#endif // ECC_BN_P638 +#if ECC_NIST_P192 + case TPM_ECC_NIST_P192: +#endif // ECC_NIST_P192 +#if ECC_NIST_P224 + case TPM_ECC_NIST_P224: +#endif // ECC_NIST_P224 +#if ECC_NIST_P256 + case TPM_ECC_NIST_P256: +#endif // ECC_NIST_P256 +#if ECC_NIST_P384 + case TPM_ECC_NIST_P384: +#endif // ECC_NIST_P384 +#if ECC_NIST_P521 + case TPM_ECC_NIST_P521: +#endif // ECC_NIST_P521 +#if ECC_SM2_P256 + case TPM_ECC_SM2_P256: +#endif // ECC_SM2_P256 + break; + default: + result = TPM_RC_CURVE; + break; + } + } + return result; +} +#if !USE_MARSHALING_DEFINES +UINT16 +TPMI_ECC_CURVE_Marshal(TPMI_ECC_CURVE *source, BYTE **buffer, INT32 *size) +{ + return TPM_ECC_CURVE_Marshal((TPM_ECC_CURVE *)source, buffer, size); +} +#endif // !USE_MARSHALING_DEFINES +#endif // ALG_ECC + +// Table 2:178 - Definition of TPMT_ECC_SCHEME Structure +#if ALG_ECC +TPM_RC +TPMT_ECC_SCHEME_Unmarshal(TPMT_ECC_SCHEME *target, BYTE **buffer, INT32 *size, BOOL flag) +{ + TPM_RC result; + result = TPMI_ALG_ECC_SCHEME_Unmarshal((TPMI_ALG_ECC_SCHEME *)&(target->scheme), buffer, size, flag); + if(result == TPM_RC_SUCCESS) + result = TPMU_ASYM_SCHEME_Unmarshal((TPMU_ASYM_SCHEME *)&(target->details), buffer, size, (UINT32)target->scheme); + return result; +} +UINT16 +TPMT_ECC_SCHEME_Marshal(TPMT_ECC_SCHEME *source, BYTE **buffer, INT32 *size) +{ + UINT16 result = 0; + result = (UINT16)(result + TPMI_ALG_ECC_SCHEME_Marshal((TPMI_ALG_ECC_SCHEME *)&(source->scheme), buffer, size)); + result = (UINT16)(result + TPMU_ASYM_SCHEME_Marshal((TPMU_ASYM_SCHEME *)&(source->details), buffer, size, (UINT32)source->scheme)); + return result; +} +#endif // ALG_ECC + +// Table 2:179 - Definition of TPMS_ALGORITHM_DETAIL_ECC Structure +#if ALG_ECC +UINT16 +TPMS_ALGORITHM_DETAIL_ECC_Marshal(TPMS_ALGORITHM_DETAIL_ECC *source, BYTE **buffer, INT32 *size) +{ + UINT16 result = 0; + result = (UINT16)(result + TPM_ECC_CURVE_Marshal((TPM_ECC_CURVE *)&(source->curveID), buffer, size)); + result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->keySize), buffer, size)); + result = (UINT16)(result + TPMT_KDF_SCHEME_Marshal((TPMT_KDF_SCHEME *)&(source->kdf), buffer, size)); + result = (UINT16)(result + TPMT_ECC_SCHEME_Marshal((TPMT_ECC_SCHEME *)&(source->sign), buffer, size)); + result = (UINT16)(result + TPM2B_ECC_PARAMETER_Marshal((TPM2B_ECC_PARAMETER *)&(source->p), buffer, size)); + result = (UINT16)(result + TPM2B_ECC_PARAMETER_Marshal((TPM2B_ECC_PARAMETER *)&(source->a), buffer, size)); + result = (UINT16)(result + TPM2B_ECC_PARAMETER_Marshal((TPM2B_ECC_PARAMETER *)&(source->b), buffer, size)); + result = (UINT16)(result + TPM2B_ECC_PARAMETER_Marshal((TPM2B_ECC_PARAMETER *)&(source->gX), buffer, size)); + result = (UINT16)(result + TPM2B_ECC_PARAMETER_Marshal((TPM2B_ECC_PARAMETER *)&(source->gY), buffer, size)); + result = (UINT16)(result + TPM2B_ECC_PARAMETER_Marshal((TPM2B_ECC_PARAMETER *)&(source->n), buffer, size)); + result = (UINT16)(result + TPM2B_ECC_PARAMETER_Marshal((TPM2B_ECC_PARAMETER *)&(source->h), buffer, size)); + return result; +} +#endif // ALG_ECC + +// Table 2:180 - Definition of TPMS_SIGNATURE_RSA Structure +#if ALG_RSA +TPM_RC +TPMS_SIGNATURE_RSA_Unmarshal(TPMS_SIGNATURE_RSA *target, BYTE **buffer, INT32 *size) +{ + TPM_RC result; + result = TPMI_ALG_HASH_Unmarshal((TPMI_ALG_HASH *)&(target->hash), buffer, size, 0); + if(result == TPM_RC_SUCCESS) + result = TPM2B_PUBLIC_KEY_RSA_Unmarshal((TPM2B_PUBLIC_KEY_RSA *)&(target->sig), buffer, size); + return result; +} +UINT16 +TPMS_SIGNATURE_RSA_Marshal(TPMS_SIGNATURE_RSA *source, BYTE **buffer, INT32 *size) +{ + UINT16 result = 0; + result = (UINT16)(result + TPMI_ALG_HASH_Marshal((TPMI_ALG_HASH *)&(source->hash), buffer, size)); + result = (UINT16)(result + TPM2B_PUBLIC_KEY_RSA_Marshal((TPM2B_PUBLIC_KEY_RSA *)&(source->sig), buffer, size)); + return result; +} +#endif // ALG_RSA + +// Table 2:181 - Definition of Types for Signature +#if ALG_RSA +#if !USE_MARSHALING_DEFINES +TPM_RC +TPMS_SIGNATURE_RSASSA_Unmarshal(TPMS_SIGNATURE_RSASSA *target, BYTE **buffer, INT32 *size) +{ + return TPMS_SIGNATURE_RSA_Unmarshal((TPMS_SIGNATURE_RSA *)target, buffer, size); +} +UINT16 +TPMS_SIGNATURE_RSASSA_Marshal(TPMS_SIGNATURE_RSASSA *source, BYTE **buffer, INT32 *size) +{ + return TPMS_SIGNATURE_RSA_Marshal((TPMS_SIGNATURE_RSA *)source, buffer, size); +} +TPM_RC +TPMS_SIGNATURE_RSAPSS_Unmarshal(TPMS_SIGNATURE_RSAPSS *target, BYTE **buffer, INT32 *size) +{ + return TPMS_SIGNATURE_RSA_Unmarshal((TPMS_SIGNATURE_RSA *)target, buffer, size); +} +UINT16 +TPMS_SIGNATURE_RSAPSS_Marshal(TPMS_SIGNATURE_RSAPSS *source, BYTE **buffer, INT32 *size) +{ + return TPMS_SIGNATURE_RSA_Marshal((TPMS_SIGNATURE_RSA *)source, buffer, size); +} +#endif // !USE_MARSHALING_DEFINES +#endif // ALG_RSA + +// Table 2:182 - Definition of TPMS_SIGNATURE_ECC Structure +#if ALG_ECC +TPM_RC +TPMS_SIGNATURE_ECC_Unmarshal(TPMS_SIGNATURE_ECC *target, BYTE **buffer, INT32 *size) +{ + TPM_RC result; + result = TPMI_ALG_HASH_Unmarshal((TPMI_ALG_HASH *)&(target->hash), buffer, size, 0); + if(result == TPM_RC_SUCCESS) + result = TPM2B_ECC_PARAMETER_Unmarshal((TPM2B_ECC_PARAMETER *)&(target->signatureR), buffer, size); + if(result == TPM_RC_SUCCESS) + result = TPM2B_ECC_PARAMETER_Unmarshal((TPM2B_ECC_PARAMETER *)&(target->signatureS), buffer, size); + return result; +} +UINT16 +TPMS_SIGNATURE_ECC_Marshal(TPMS_SIGNATURE_ECC *source, BYTE **buffer, INT32 *size) +{ + UINT16 result = 0; + result = (UINT16)(result + TPMI_ALG_HASH_Marshal((TPMI_ALG_HASH *)&(source->hash), buffer, size)); + result = (UINT16)(result + TPM2B_ECC_PARAMETER_Marshal((TPM2B_ECC_PARAMETER *)&(source->signatureR), buffer, size)); + result = (UINT16)(result + TPM2B_ECC_PARAMETER_Marshal((TPM2B_ECC_PARAMETER *)&(source->signatureS), buffer, size)); + return result; +} +#endif // ALG_ECC + +// Table 2:183 - Definition of Types for TPMS_SIGNATURE_ECC +#if ALG_ECC +#if !USE_MARSHALING_DEFINES +TPM_RC +TPMS_SIGNATURE_ECDAA_Unmarshal(TPMS_SIGNATURE_ECDAA *target, BYTE **buffer, INT32 *size) +{ + return TPMS_SIGNATURE_ECC_Unmarshal((TPMS_SIGNATURE_ECC *)target, buffer, size); +} +UINT16 +TPMS_SIGNATURE_ECDAA_Marshal(TPMS_SIGNATURE_ECDAA *source, BYTE **buffer, INT32 *size) +{ + return TPMS_SIGNATURE_ECC_Marshal((TPMS_SIGNATURE_ECC *)source, buffer, size); +} +TPM_RC +TPMS_SIGNATURE_ECDSA_Unmarshal(TPMS_SIGNATURE_ECDSA *target, BYTE **buffer, INT32 *size) +{ + return TPMS_SIGNATURE_ECC_Unmarshal((TPMS_SIGNATURE_ECC *)target, buffer, size); +} +UINT16 +TPMS_SIGNATURE_ECDSA_Marshal(TPMS_SIGNATURE_ECDSA *source, BYTE **buffer, INT32 *size) +{ + return TPMS_SIGNATURE_ECC_Marshal((TPMS_SIGNATURE_ECC *)source, buffer, size); +} +TPM_RC +TPMS_SIGNATURE_SM2_Unmarshal(TPMS_SIGNATURE_SM2 *target, BYTE **buffer, INT32 *size) +{ + return TPMS_SIGNATURE_ECC_Unmarshal((TPMS_SIGNATURE_ECC *)target, buffer, size); +} +UINT16 +TPMS_SIGNATURE_SM2_Marshal(TPMS_SIGNATURE_SM2 *source, BYTE **buffer, INT32 *size) +{ + return TPMS_SIGNATURE_ECC_Marshal((TPMS_SIGNATURE_ECC *)source, buffer, size); +} +TPM_RC +TPMS_SIGNATURE_ECSCHNORR_Unmarshal(TPMS_SIGNATURE_ECSCHNORR *target, BYTE **buffer, INT32 *size) +{ + return TPMS_SIGNATURE_ECC_Unmarshal((TPMS_SIGNATURE_ECC *)target, buffer, size); +} +UINT16 +TPMS_SIGNATURE_ECSCHNORR_Marshal(TPMS_SIGNATURE_ECSCHNORR *source, BYTE **buffer, INT32 *size) +{ + return TPMS_SIGNATURE_ECC_Marshal((TPMS_SIGNATURE_ECC *)source, buffer, size); +} +#endif // !USE_MARSHALING_DEFINES +#endif // ALG_ECC + +// Table 2:184 - Definition of TPMU_SIGNATURE Union +TPM_RC +TPMU_SIGNATURE_Unmarshal(TPMU_SIGNATURE *target, BYTE **buffer, INT32 *size, UINT32 selector) +{ + switch(selector) { +#if ALG_ECDAA + case ALG_ECDAA_VALUE: + return TPMS_SIGNATURE_ECDAA_Unmarshal((TPMS_SIGNATURE_ECDAA *)&(target->ecdaa), buffer, size); +#endif // ALG_ECDAA +#if ALG_RSASSA + case ALG_RSASSA_VALUE: + return TPMS_SIGNATURE_RSASSA_Unmarshal((TPMS_SIGNATURE_RSASSA *)&(target->rsassa), buffer, size); +#endif // ALG_RSASSA +#if ALG_RSAPSS + case ALG_RSAPSS_VALUE: + return TPMS_SIGNATURE_RSAPSS_Unmarshal((TPMS_SIGNATURE_RSAPSS *)&(target->rsapss), buffer, size); +#endif // ALG_RSAPSS +#if ALG_ECDSA + case ALG_ECDSA_VALUE: + return TPMS_SIGNATURE_ECDSA_Unmarshal((TPMS_SIGNATURE_ECDSA *)&(target->ecdsa), buffer, size); +#endif // ALG_ECDSA +#if ALG_SM2 + case ALG_SM2_VALUE: + return TPMS_SIGNATURE_SM2_Unmarshal((TPMS_SIGNATURE_SM2 *)&(target->sm2), buffer, size); +#endif // ALG_SM2 +#if ALG_ECSCHNORR + case ALG_ECSCHNORR_VALUE: + return TPMS_SIGNATURE_ECSCHNORR_Unmarshal((TPMS_SIGNATURE_ECSCHNORR *)&(target->ecschnorr), buffer, size); +#endif // ALG_ECSCHNORR +#if ALG_HMAC + case ALG_HMAC_VALUE: + return TPMT_HA_Unmarshal((TPMT_HA *)&(target->hmac), buffer, size, 0); +#endif // ALG_HMAC + case ALG_NULL_VALUE: + return TPM_RC_SUCCESS; + } + return TPM_RC_SELECTOR; +} +UINT16 +TPMU_SIGNATURE_Marshal(TPMU_SIGNATURE *source, BYTE **buffer, INT32 *size, UINT32 selector) +{ + switch(selector) { +#if ALG_ECDAA + case ALG_ECDAA_VALUE: + return TPMS_SIGNATURE_ECDAA_Marshal((TPMS_SIGNATURE_ECDAA *)&(source->ecdaa), buffer, size); +#endif // ALG_ECDAA +#if ALG_RSASSA + case ALG_RSASSA_VALUE: + return TPMS_SIGNATURE_RSASSA_Marshal((TPMS_SIGNATURE_RSASSA *)&(source->rsassa), buffer, size); +#endif // ALG_RSASSA +#if ALG_RSAPSS + case ALG_RSAPSS_VALUE: + return TPMS_SIGNATURE_RSAPSS_Marshal((TPMS_SIGNATURE_RSAPSS *)&(source->rsapss), buffer, size); +#endif // ALG_RSAPSS +#if ALG_ECDSA + case ALG_ECDSA_VALUE: + return TPMS_SIGNATURE_ECDSA_Marshal((TPMS_SIGNATURE_ECDSA *)&(source->ecdsa), buffer, size); +#endif // ALG_ECDSA +#if ALG_SM2 + case ALG_SM2_VALUE: + return TPMS_SIGNATURE_SM2_Marshal((TPMS_SIGNATURE_SM2 *)&(source->sm2), buffer, size); +#endif // ALG_SM2 +#if ALG_ECSCHNORR + case ALG_ECSCHNORR_VALUE: + return TPMS_SIGNATURE_ECSCHNORR_Marshal((TPMS_SIGNATURE_ECSCHNORR *)&(source->ecschnorr), buffer, size); +#endif // ALG_ECSCHNORR +#if ALG_HMAC + case ALG_HMAC_VALUE: + return TPMT_HA_Marshal((TPMT_HA *)&(source->hmac), buffer, size); +#endif // ALG_HMAC + case ALG_NULL_VALUE: + return 0; + } + return 0; +} + +// Table 2:185 - Definition of TPMT_SIGNATURE Structure +TPM_RC +TPMT_SIGNATURE_Unmarshal(TPMT_SIGNATURE *target, BYTE **buffer, INT32 *size, BOOL flag) +{ + TPM_RC result; + result = TPMI_ALG_SIG_SCHEME_Unmarshal((TPMI_ALG_SIG_SCHEME *)&(target->sigAlg), buffer, size, flag); + if(result == TPM_RC_SUCCESS) + result = TPMU_SIGNATURE_Unmarshal((TPMU_SIGNATURE *)&(target->signature), buffer, size, (UINT32)target->sigAlg); + return result; +} +UINT16 +TPMT_SIGNATURE_Marshal(TPMT_SIGNATURE *source, BYTE **buffer, INT32 *size) +{ + UINT16 result = 0; + result = (UINT16)(result + TPMI_ALG_SIG_SCHEME_Marshal((TPMI_ALG_SIG_SCHEME *)&(source->sigAlg), buffer, size)); + result = (UINT16)(result + TPMU_SIGNATURE_Marshal((TPMU_SIGNATURE *)&(source->signature), buffer, size, (UINT32)source->sigAlg)); + return result; +} + +// Table 2:186 - Definition of TPMU_ENCRYPTED_SECRET Union +TPM_RC +TPMU_ENCRYPTED_SECRET_Unmarshal(TPMU_ENCRYPTED_SECRET *target, BYTE **buffer, INT32 *size, UINT32 selector) +{ + switch(selector) { +#if ALG_ECC + case ALG_ECC_VALUE: + return BYTE_Array_Unmarshal((BYTE *)(target->ecc), buffer, size, (INT32)sizeof(TPMS_ECC_POINT)); +#endif // ALG_ECC +#if ALG_RSA + case ALG_RSA_VALUE: + return BYTE_Array_Unmarshal((BYTE *)(target->rsa), buffer, size, (INT32)MAX_RSA_KEY_BYTES); +#endif // ALG_RSA +#if ALG_SYMCIPHER + case ALG_SYMCIPHER_VALUE: + return BYTE_Array_Unmarshal((BYTE *)(target->symmetric), buffer, size, (INT32)sizeof(TPM2B_DIGEST)); +#endif // ALG_SYMCIPHER +#if ALG_KEYEDHASH + case ALG_KEYEDHASH_VALUE: + return BYTE_Array_Unmarshal((BYTE *)(target->keyedHash), buffer, size, (INT32)sizeof(TPM2B_DIGEST)); +#endif // ALG_KEYEDHASH + } + return TPM_RC_SELECTOR; +} +UINT16 +TPMU_ENCRYPTED_SECRET_Marshal(TPMU_ENCRYPTED_SECRET *source, BYTE **buffer, INT32 *size, UINT32 selector) +{ + switch(selector) { +#if ALG_ECC + case ALG_ECC_VALUE: + return BYTE_Array_Marshal((BYTE *)(source->ecc), buffer, size, (INT32)sizeof(TPMS_ECC_POINT)); +#endif // ALG_ECC +#if ALG_RSA + case ALG_RSA_VALUE: + return BYTE_Array_Marshal((BYTE *)(source->rsa), buffer, size, (INT32)MAX_RSA_KEY_BYTES); +#endif // ALG_RSA +#if ALG_SYMCIPHER + case ALG_SYMCIPHER_VALUE: + return BYTE_Array_Marshal((BYTE *)(source->symmetric), buffer, size, (INT32)sizeof(TPM2B_DIGEST)); +#endif // ALG_SYMCIPHER +#if ALG_KEYEDHASH + case ALG_KEYEDHASH_VALUE: + return BYTE_Array_Marshal((BYTE *)(source->keyedHash), buffer, size, (INT32)sizeof(TPM2B_DIGEST)); +#endif // ALG_KEYEDHASH + } + return 0; +} + +// Table 2:187 - Definition of TPM2B_ENCRYPTED_SECRET Structure +TPM_RC +TPM2B_ENCRYPTED_SECRET_Unmarshal(TPM2B_ENCRYPTED_SECRET *target, BYTE **buffer, INT32 *size) +{ + TPM_RC result; + result = UINT16_Unmarshal((UINT16 *)&(target->t.size), buffer, size); + if(result == TPM_RC_SUCCESS) + { + if((target->t.size) > sizeof(TPMU_ENCRYPTED_SECRET)) + result = TPM_RC_SIZE; + else + result = BYTE_Array_Unmarshal((BYTE *)(target->t.secret), buffer, size, (INT32)(target->t.size)); + } + return result; +} +UINT16 +TPM2B_ENCRYPTED_SECRET_Marshal(TPM2B_ENCRYPTED_SECRET *source, BYTE **buffer, INT32 *size) +{ + UINT16 result = 0; + result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->t.size), buffer, size)); + // if size equal to 0, the rest of the structure is a zero buffer. Stop processing + if(source->t.size == 0) + return result; + result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->t.secret), buffer, size, (INT32)(source->t.size))); + return result; +} + +// Table 2:188 - Definition of TPMI_ALG_PUBLIC Type +TPM_RC +TPMI_ALG_PUBLIC_Unmarshal(TPMI_ALG_PUBLIC *target, BYTE **buffer, INT32 *size) +{ + TPM_RC result; + result = TPM_ALG_ID_Unmarshal((TPM_ALG_ID *)target, buffer, size); + if(result == TPM_RC_SUCCESS) + { + switch (*target) + { +#if ALG_RSA + case ALG_RSA_VALUE: +#endif // ALG_RSA +#if ALG_ECC + case ALG_ECC_VALUE: +#endif // ALG_ECC +#if ALG_KEYEDHASH + case ALG_KEYEDHASH_VALUE: +#endif // ALG_KEYEDHASH +#if ALG_SYMCIPHER + case ALG_SYMCIPHER_VALUE: +#endif // ALG_SYMCIPHER + break; + default: + result = TPM_RC_TYPE; + break; + } + } + return result; +} +#if !USE_MARSHALING_DEFINES +UINT16 +TPMI_ALG_PUBLIC_Marshal(TPMI_ALG_PUBLIC *source, BYTE **buffer, INT32 *size) +{ + return TPM_ALG_ID_Marshal((TPM_ALG_ID *)source, buffer, size); +} +#endif // !USE_MARSHALING_DEFINES + +// Table 2:189 - Definition of TPMU_PUBLIC_ID Union +TPM_RC +TPMU_PUBLIC_ID_Unmarshal(TPMU_PUBLIC_ID *target, BYTE **buffer, INT32 *size, UINT32 selector) +{ + switch(selector) { +#if ALG_KEYEDHASH + case ALG_KEYEDHASH_VALUE: + return TPM2B_DIGEST_Unmarshal((TPM2B_DIGEST *)&(target->keyedHash), buffer, size); +#endif // ALG_KEYEDHASH +#if ALG_SYMCIPHER + case ALG_SYMCIPHER_VALUE: + return TPM2B_DIGEST_Unmarshal((TPM2B_DIGEST *)&(target->sym), buffer, size); +#endif // ALG_SYMCIPHER +#if ALG_RSA + case ALG_RSA_VALUE: + return TPM2B_PUBLIC_KEY_RSA_Unmarshal((TPM2B_PUBLIC_KEY_RSA *)&(target->rsa), buffer, size); +#endif // ALG_RSA +#if ALG_ECC + case ALG_ECC_VALUE: + return TPMS_ECC_POINT_Unmarshal((TPMS_ECC_POINT *)&(target->ecc), buffer, size); +#endif // ALG_ECC + } + return TPM_RC_SELECTOR; +} +UINT16 +TPMU_PUBLIC_ID_Marshal(TPMU_PUBLIC_ID *source, BYTE **buffer, INT32 *size, UINT32 selector) +{ + switch(selector) { +#if ALG_KEYEDHASH + case ALG_KEYEDHASH_VALUE: + return TPM2B_DIGEST_Marshal((TPM2B_DIGEST *)&(source->keyedHash), buffer, size); +#endif // ALG_KEYEDHASH +#if ALG_SYMCIPHER + case ALG_SYMCIPHER_VALUE: + return TPM2B_DIGEST_Marshal((TPM2B_DIGEST *)&(source->sym), buffer, size); +#endif // ALG_SYMCIPHER +#if ALG_RSA + case ALG_RSA_VALUE: + return TPM2B_PUBLIC_KEY_RSA_Marshal((TPM2B_PUBLIC_KEY_RSA *)&(source->rsa), buffer, size); +#endif // ALG_RSA +#if ALG_ECC + case ALG_ECC_VALUE: + return TPMS_ECC_POINT_Marshal((TPMS_ECC_POINT *)&(source->ecc), buffer, size); +#endif // ALG_ECC + } + return 0; +} + +// Table 2:190 - Definition of TPMS_KEYEDHASH_PARMS Structure +TPM_RC +TPMS_KEYEDHASH_PARMS_Unmarshal(TPMS_KEYEDHASH_PARMS *target, BYTE **buffer, INT32 *size) +{ + return TPMT_KEYEDHASH_SCHEME_Unmarshal((TPMT_KEYEDHASH_SCHEME *)&(target->scheme), buffer, size, 1); +} +UINT16 +TPMS_KEYEDHASH_PARMS_Marshal(TPMS_KEYEDHASH_PARMS *source, BYTE **buffer, INT32 *size) +{ + return TPMT_KEYEDHASH_SCHEME_Marshal((TPMT_KEYEDHASH_SCHEME *)&(source->scheme), buffer, size); +} + +// Table 2:191 - Definition of TPMS_ASYM_PARMS Structure +// Table 2:192 - Definition of TPMS_RSA_PARMS Structure +#if ALG_RSA +TPM_RC +TPMS_RSA_PARMS_Unmarshal(TPMS_RSA_PARMS *target, BYTE **buffer, INT32 *size) +{ + TPM_RC result; + result = TPMT_SYM_DEF_OBJECT_Unmarshal((TPMT_SYM_DEF_OBJECT *)&(target->symmetric), buffer, size, 1); + if(result == TPM_RC_SUCCESS) + result = TPMT_RSA_SCHEME_Unmarshal((TPMT_RSA_SCHEME *)&(target->scheme), buffer, size, 1); + if(result == TPM_RC_SUCCESS) + result = TPMI_RSA_KEY_BITS_Unmarshal((TPMI_RSA_KEY_BITS *)&(target->keyBits), buffer, size); + if(result == TPM_RC_SUCCESS) + result = UINT32_Unmarshal((UINT32 *)&(target->exponent), buffer, size); + return result; +} +UINT16 +TPMS_RSA_PARMS_Marshal(TPMS_RSA_PARMS *source, BYTE **buffer, INT32 *size) +{ + UINT16 result = 0; + result = (UINT16)(result + TPMT_SYM_DEF_OBJECT_Marshal((TPMT_SYM_DEF_OBJECT *)&(source->symmetric), buffer, size)); + result = (UINT16)(result + TPMT_RSA_SCHEME_Marshal((TPMT_RSA_SCHEME *)&(source->scheme), buffer, size)); + result = (UINT16)(result + TPMI_RSA_KEY_BITS_Marshal((TPMI_RSA_KEY_BITS *)&(source->keyBits), buffer, size)); + result = (UINT16)(result + UINT32_Marshal((UINT32 *)&(source->exponent), buffer, size)); + return result; +} +#endif // ALG_RSA + +// Table 2:193 - Definition of TPMS_ECC_PARMS Structure +#if ALG_ECC +TPM_RC +TPMS_ECC_PARMS_Unmarshal(TPMS_ECC_PARMS *target, BYTE **buffer, INT32 *size) +{ + TPM_RC result; + result = TPMT_SYM_DEF_OBJECT_Unmarshal((TPMT_SYM_DEF_OBJECT *)&(target->symmetric), buffer, size, 1); + if(result == TPM_RC_SUCCESS) + result = TPMT_ECC_SCHEME_Unmarshal((TPMT_ECC_SCHEME *)&(target->scheme), buffer, size, 1); + if(result == TPM_RC_SUCCESS) + result = TPMI_ECC_CURVE_Unmarshal((TPMI_ECC_CURVE *)&(target->curveID), buffer, size); + if(result == TPM_RC_SUCCESS) + result = TPMT_KDF_SCHEME_Unmarshal((TPMT_KDF_SCHEME *)&(target->kdf), buffer, size, 1); + return result; +} +UINT16 +TPMS_ECC_PARMS_Marshal(TPMS_ECC_PARMS *source, BYTE **buffer, INT32 *size) +{ + UINT16 result = 0; + result = (UINT16)(result + TPMT_SYM_DEF_OBJECT_Marshal((TPMT_SYM_DEF_OBJECT *)&(source->symmetric), buffer, size)); + result = (UINT16)(result + TPMT_ECC_SCHEME_Marshal((TPMT_ECC_SCHEME *)&(source->scheme), buffer, size)); + result = (UINT16)(result + TPMI_ECC_CURVE_Marshal((TPMI_ECC_CURVE *)&(source->curveID), buffer, size)); + result = (UINT16)(result + TPMT_KDF_SCHEME_Marshal((TPMT_KDF_SCHEME *)&(source->kdf), buffer, size)); + return result; +} +#endif // ALG_ECC + +// Table 2:194 - Definition of TPMU_PUBLIC_PARMS Union +TPM_RC +TPMU_PUBLIC_PARMS_Unmarshal(TPMU_PUBLIC_PARMS *target, BYTE **buffer, INT32 *size, UINT32 selector) +{ + switch(selector) { +#if ALG_KEYEDHASH + case ALG_KEYEDHASH_VALUE: + return TPMS_KEYEDHASH_PARMS_Unmarshal((TPMS_KEYEDHASH_PARMS *)&(target->keyedHashDetail), buffer, size); +#endif // ALG_KEYEDHASH +#if ALG_SYMCIPHER + case ALG_SYMCIPHER_VALUE: + return TPMS_SYMCIPHER_PARMS_Unmarshal((TPMS_SYMCIPHER_PARMS *)&(target->symDetail), buffer, size); +#endif // ALG_SYMCIPHER +#if ALG_RSA + case ALG_RSA_VALUE: + return TPMS_RSA_PARMS_Unmarshal((TPMS_RSA_PARMS *)&(target->rsaDetail), buffer, size); +#endif // ALG_RSA +#if ALG_ECC + case ALG_ECC_VALUE: + return TPMS_ECC_PARMS_Unmarshal((TPMS_ECC_PARMS *)&(target->eccDetail), buffer, size); +#endif // ALG_ECC + } + return TPM_RC_SELECTOR; +} +UINT16 +TPMU_PUBLIC_PARMS_Marshal(TPMU_PUBLIC_PARMS *source, BYTE **buffer, INT32 *size, UINT32 selector) +{ + switch(selector) { +#if ALG_KEYEDHASH + case ALG_KEYEDHASH_VALUE: + return TPMS_KEYEDHASH_PARMS_Marshal((TPMS_KEYEDHASH_PARMS *)&(source->keyedHashDetail), buffer, size); +#endif // ALG_KEYEDHASH +#if ALG_SYMCIPHER + case ALG_SYMCIPHER_VALUE: + return TPMS_SYMCIPHER_PARMS_Marshal((TPMS_SYMCIPHER_PARMS *)&(source->symDetail), buffer, size); +#endif // ALG_SYMCIPHER +#if ALG_RSA + case ALG_RSA_VALUE: + return TPMS_RSA_PARMS_Marshal((TPMS_RSA_PARMS *)&(source->rsaDetail), buffer, size); +#endif // ALG_RSA +#if ALG_ECC + case ALG_ECC_VALUE: + return TPMS_ECC_PARMS_Marshal((TPMS_ECC_PARMS *)&(source->eccDetail), buffer, size); +#endif // ALG_ECC + } + return 0; +} + +// Table 2:195 - Definition of TPMT_PUBLIC_PARMS Structure +TPM_RC +TPMT_PUBLIC_PARMS_Unmarshal(TPMT_PUBLIC_PARMS *target, BYTE **buffer, INT32 *size) +{ + TPM_RC result; + result = TPMI_ALG_PUBLIC_Unmarshal((TPMI_ALG_PUBLIC *)&(target->type), buffer, size); + if(result == TPM_RC_SUCCESS) + result = TPMU_PUBLIC_PARMS_Unmarshal((TPMU_PUBLIC_PARMS *)&(target->parameters), buffer, size, (UINT32)target->type); + return result; +} +UINT16 +TPMT_PUBLIC_PARMS_Marshal(TPMT_PUBLIC_PARMS *source, BYTE **buffer, INT32 *size) +{ + UINT16 result = 0; + result = (UINT16)(result + TPMI_ALG_PUBLIC_Marshal((TPMI_ALG_PUBLIC *)&(source->type), buffer, size)); + result = (UINT16)(result + TPMU_PUBLIC_PARMS_Marshal((TPMU_PUBLIC_PARMS *)&(source->parameters), buffer, size, (UINT32)source->type)); + return result; +} + +// Table 2:196 - Definition of TPMT_PUBLIC Structure +TPM_RC +TPMT_PUBLIC_Unmarshal(TPMT_PUBLIC *target, BYTE **buffer, INT32 *size, BOOL flag) +{ + TPM_RC result; + result = TPMI_ALG_PUBLIC_Unmarshal((TPMI_ALG_PUBLIC *)&(target->type), buffer, size); + if(result == TPM_RC_SUCCESS) + result = TPMI_ALG_HASH_Unmarshal((TPMI_ALG_HASH *)&(target->nameAlg), buffer, size, flag); + if(result == TPM_RC_SUCCESS) + result = TPMA_OBJECT_Unmarshal((TPMA_OBJECT *)&(target->objectAttributes), buffer, size); + if(result == TPM_RC_SUCCESS) + result = TPM2B_DIGEST_Unmarshal((TPM2B_DIGEST *)&(target->authPolicy), buffer, size); + if(result == TPM_RC_SUCCESS) + result = TPMU_PUBLIC_PARMS_Unmarshal((TPMU_PUBLIC_PARMS *)&(target->parameters), buffer, size, (UINT32)target->type); + if(result == TPM_RC_SUCCESS) + result = TPMU_PUBLIC_ID_Unmarshal((TPMU_PUBLIC_ID *)&(target->unique), buffer, size, (UINT32)target->type); + return result; +} +UINT16 +TPMT_PUBLIC_Marshal(TPMT_PUBLIC *source, BYTE **buffer, INT32 *size) +{ + UINT16 result = 0; + result = (UINT16)(result + TPMI_ALG_PUBLIC_Marshal((TPMI_ALG_PUBLIC *)&(source->type), buffer, size)); + result = (UINT16)(result + TPMI_ALG_HASH_Marshal((TPMI_ALG_HASH *)&(source->nameAlg), buffer, size)); + result = (UINT16)(result + TPMA_OBJECT_Marshal((TPMA_OBJECT *)&(source->objectAttributes), buffer, size)); + result = (UINT16)(result + TPM2B_DIGEST_Marshal((TPM2B_DIGEST *)&(source->authPolicy), buffer, size)); + result = (UINT16)(result + TPMU_PUBLIC_PARMS_Marshal((TPMU_PUBLIC_PARMS *)&(source->parameters), buffer, size, (UINT32)source->type)); + result = (UINT16)(result + TPMU_PUBLIC_ID_Marshal((TPMU_PUBLIC_ID *)&(source->unique), buffer, size, (UINT32)source->type)); + return result; +} + +// Table 2:197 - Definition of TPM2B_PUBLIC Structure +TPM_RC +TPM2B_PUBLIC_Unmarshal(TPM2B_PUBLIC *target, BYTE **buffer, INT32 *size, BOOL flag) +{ + TPM_RC result; + result = UINT16_Unmarshal((UINT16 *)&(target->size), buffer, size); // =a + if(result == TPM_RC_SUCCESS) + { + // if size is zero, then the required structure is missing + if(target->size == 0) + result = TPM_RC_SIZE; + else + { + INT32 startSize = *size; + result = TPMT_PUBLIC_Unmarshal((TPMT_PUBLIC *)&(target->publicArea), buffer, size, flag); // =b + if(result == TPM_RC_SUCCESS) + { + if(target->size != (startSize - *size)) + result = TPM_RC_SIZE; + } + } + } + return result; +} +UINT16 +TPM2B_PUBLIC_Marshal(TPM2B_PUBLIC *source, BYTE **buffer, INT32 *size) +{ + UINT16 result = 0; + // Marshal a dummy value of the 2B size. This makes sure that 'buffer' + // and 'size' are advanced as necessary (i.e., if they are present) + result = UINT16_Marshal(&result, buffer, size); + // Marshal the structure + result = (UINT16)(result + TPMT_PUBLIC_Marshal((TPMT_PUBLIC *)&(source->publicArea), buffer, size)); + // if a buffer was provided, go back and fill in the actual size + if(buffer != NULL) + UINT16_TO_BYTE_ARRAY((result - 2), (*buffer - result)); + return result; +} + +// Table 2:198 - Definition of TPM2B_TEMPLATE Structure +TPM_RC +TPM2B_TEMPLATE_Unmarshal(TPM2B_TEMPLATE *target, BYTE **buffer, INT32 *size) +{ + TPM_RC result; + result = UINT16_Unmarshal((UINT16 *)&(target->t.size), buffer, size); + if(result == TPM_RC_SUCCESS) + { + if((target->t.size) > sizeof(TPMT_PUBLIC)) + result = TPM_RC_SIZE; + else + result = BYTE_Array_Unmarshal((BYTE *)(target->t.buffer), buffer, size, (INT32)(target->t.size)); + } + return result; +} +UINT16 +TPM2B_TEMPLATE_Marshal(TPM2B_TEMPLATE *source, BYTE **buffer, INT32 *size) +{ + UINT16 result = 0; + result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->t.size), buffer, size)); + // if size equal to 0, the rest of the structure is a zero buffer. Stop processing + if(source->t.size == 0) + return result; + result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->t.buffer), buffer, size, (INT32)(source->t.size))); + return result; +} + +// Table 2:199 - Definition of TPM2B_PRIVATE_VENDOR_SPECIFIC Structure +TPM_RC +TPM2B_PRIVATE_VENDOR_SPECIFIC_Unmarshal(TPM2B_PRIVATE_VENDOR_SPECIFIC *target, BYTE **buffer, INT32 *size) +{ + TPM_RC result; + result = UINT16_Unmarshal((UINT16 *)&(target->t.size), buffer, size); + if(result == TPM_RC_SUCCESS) + { + if((target->t.size) > PRIVATE_VENDOR_SPECIFIC_BYTES) + result = TPM_RC_SIZE; + else + result = BYTE_Array_Unmarshal((BYTE *)(target->t.buffer), buffer, size, (INT32)(target->t.size)); + } + return result; +} +UINT16 +TPM2B_PRIVATE_VENDOR_SPECIFIC_Marshal(TPM2B_PRIVATE_VENDOR_SPECIFIC *source, BYTE **buffer, INT32 *size) +{ + UINT16 result = 0; + result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->t.size), buffer, size)); + // if size equal to 0, the rest of the structure is a zero buffer. Stop processing + if(source->t.size == 0) + return result; + result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->t.buffer), buffer, size, (INT32)(source->t.size))); + return result; +} + +// Table 2:200 - Definition of TPMU_SENSITIVE_COMPOSITE Union +TPM_RC +TPMU_SENSITIVE_COMPOSITE_Unmarshal(TPMU_SENSITIVE_COMPOSITE *target, BYTE **buffer, INT32 *size, UINT32 selector) +{ + switch(selector) { +#if ALG_RSA + case ALG_RSA_VALUE: + return TPM2B_PRIVATE_KEY_RSA_Unmarshal((TPM2B_PRIVATE_KEY_RSA *)&(target->rsa), buffer, size); +#endif // ALG_RSA +#if ALG_ECC + case ALG_ECC_VALUE: + return TPM2B_ECC_PARAMETER_Unmarshal((TPM2B_ECC_PARAMETER *)&(target->ecc), buffer, size); +#endif // ALG_ECC +#if ALG_KEYEDHASH + case ALG_KEYEDHASH_VALUE: + return TPM2B_SENSITIVE_DATA_Unmarshal((TPM2B_SENSITIVE_DATA *)&(target->bits), buffer, size); +#endif // ALG_KEYEDHASH +#if ALG_SYMCIPHER + case ALG_SYMCIPHER_VALUE: + return TPM2B_SYM_KEY_Unmarshal((TPM2B_SYM_KEY *)&(target->sym), buffer, size); +#endif // ALG_SYMCIPHER + } + return TPM_RC_SELECTOR; +} +UINT16 +TPMU_SENSITIVE_COMPOSITE_Marshal(TPMU_SENSITIVE_COMPOSITE *source, BYTE **buffer, INT32 *size, UINT32 selector) +{ + switch(selector) { +#if ALG_RSA + case ALG_RSA_VALUE: + return TPM2B_PRIVATE_KEY_RSA_Marshal((TPM2B_PRIVATE_KEY_RSA *)&(source->rsa), buffer, size); +#endif // ALG_RSA +#if ALG_ECC + case ALG_ECC_VALUE: + return TPM2B_ECC_PARAMETER_Marshal((TPM2B_ECC_PARAMETER *)&(source->ecc), buffer, size); +#endif // ALG_ECC +#if ALG_KEYEDHASH + case ALG_KEYEDHASH_VALUE: + return TPM2B_SENSITIVE_DATA_Marshal((TPM2B_SENSITIVE_DATA *)&(source->bits), buffer, size); +#endif // ALG_KEYEDHASH +#if ALG_SYMCIPHER + case ALG_SYMCIPHER_VALUE: + return TPM2B_SYM_KEY_Marshal((TPM2B_SYM_KEY *)&(source->sym), buffer, size); +#endif // ALG_SYMCIPHER + } + return 0; +} + +// Table 2:201 - Definition of TPMT_SENSITIVE Structure +TPM_RC +TPMT_SENSITIVE_Unmarshal(TPMT_SENSITIVE *target, BYTE **buffer, INT32 *size) +{ + TPM_RC result; + result = TPMI_ALG_PUBLIC_Unmarshal((TPMI_ALG_PUBLIC *)&(target->sensitiveType), buffer, size); + if(result == TPM_RC_SUCCESS) + result = TPM2B_AUTH_Unmarshal((TPM2B_AUTH *)&(target->authValue), buffer, size); + if(result == TPM_RC_SUCCESS) + result = TPM2B_DIGEST_Unmarshal((TPM2B_DIGEST *)&(target->seedValue), buffer, size); + if(result == TPM_RC_SUCCESS) + result = TPMU_SENSITIVE_COMPOSITE_Unmarshal((TPMU_SENSITIVE_COMPOSITE *)&(target->sensitive), buffer, size, (UINT32)target->sensitiveType); + return result; +} +UINT16 +TPMT_SENSITIVE_Marshal(TPMT_SENSITIVE *source, BYTE **buffer, INT32 *size) +{ + UINT16 result = 0; + result = (UINT16)(result + TPMI_ALG_PUBLIC_Marshal((TPMI_ALG_PUBLIC *)&(source->sensitiveType), buffer, size)); + result = (UINT16)(result + TPM2B_AUTH_Marshal((TPM2B_AUTH *)&(source->authValue), buffer, size)); + result = (UINT16)(result + TPM2B_DIGEST_Marshal((TPM2B_DIGEST *)&(source->seedValue), buffer, size)); + result = (UINT16)(result + TPMU_SENSITIVE_COMPOSITE_Marshal((TPMU_SENSITIVE_COMPOSITE *)&(source->sensitive), buffer, size, (UINT32)source->sensitiveType)); + return result; +} + +// Table 2:202 - Definition of TPM2B_SENSITIVE Structure +TPM_RC +TPM2B_SENSITIVE_Unmarshal(TPM2B_SENSITIVE *target, BYTE **buffer, INT32 *size) +{ + TPM_RC result; + result = UINT16_Unmarshal((UINT16 *)&(target->size), buffer, size); // =a + // if there was an error or if target->size equal to 0, + // skip unmarshaling of the structure + if((result == TPM_RC_SUCCESS) && (target->size != 0)) + { + INT32 startSize = *size; + result = TPMT_SENSITIVE_Unmarshal((TPMT_SENSITIVE *)&(target->sensitiveArea), buffer, size); // =b + if(result == TPM_RC_SUCCESS) + { + if(target->size != (startSize - *size)) + result = TPM_RC_SIZE; + } + } + return result; +} +UINT16 +TPM2B_SENSITIVE_Marshal(TPM2B_SENSITIVE *source, BYTE **buffer, INT32 *size) +{ + UINT16 result = 0; + // Marshal a dummy value of the 2B size. This makes sure that 'buffer' + // and 'size' are advanced as necessary (i.e., if they are present) + result = UINT16_Marshal(&result, buffer, size); + // Marshal the structure + result = (UINT16)(result + TPMT_SENSITIVE_Marshal((TPMT_SENSITIVE *)&(source->sensitiveArea), buffer, size)); + // if a buffer was provided, go back and fill in the actual size + if(buffer != NULL) + UINT16_TO_BYTE_ARRAY((result - 2), (*buffer - result)); + return result; +} + +// Table 2:203 - Definition of _PRIVATE Structure +// Table 2:204 - Definition of TPM2B_PRIVATE Structure +TPM_RC +TPM2B_PRIVATE_Unmarshal(TPM2B_PRIVATE *target, BYTE **buffer, INT32 *size) +{ + TPM_RC result; + result = UINT16_Unmarshal((UINT16 *)&(target->t.size), buffer, size); + if(result == TPM_RC_SUCCESS) + { + if((target->t.size) > sizeof(_PRIVATE)) + result = TPM_RC_SIZE; + else + result = BYTE_Array_Unmarshal((BYTE *)(target->t.buffer), buffer, size, (INT32)(target->t.size)); + } + return result; +} +UINT16 +TPM2B_PRIVATE_Marshal(TPM2B_PRIVATE *source, BYTE **buffer, INT32 *size) +{ + UINT16 result = 0; + result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->t.size), buffer, size)); + // if size equal to 0, the rest of the structure is a zero buffer. Stop processing + if(source->t.size == 0) + return result; + result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->t.buffer), buffer, size, (INT32)(source->t.size))); + return result; +} + +// Table 2:205 - Definition of TPMS_ID_OBJECT Structure +// Table 2:206 - Definition of TPM2B_ID_OBJECT Structure +TPM_RC +TPM2B_ID_OBJECT_Unmarshal(TPM2B_ID_OBJECT *target, BYTE **buffer, INT32 *size) +{ + TPM_RC result; + result = UINT16_Unmarshal((UINT16 *)&(target->t.size), buffer, size); + if(result == TPM_RC_SUCCESS) + { + if((target->t.size) > sizeof(TPMS_ID_OBJECT)) + result = TPM_RC_SIZE; + else + result = BYTE_Array_Unmarshal((BYTE *)(target->t.credential), buffer, size, (INT32)(target->t.size)); + } + return result; +} +UINT16 +TPM2B_ID_OBJECT_Marshal(TPM2B_ID_OBJECT *source, BYTE **buffer, INT32 *size) +{ + UINT16 result = 0; + result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->t.size), buffer, size)); + // if size equal to 0, the rest of the structure is a zero buffer. Stop processing + if(source->t.size == 0) + return result; + result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->t.credential), buffer, size, (INT32)(source->t.size))); + return result; +} + +// Table 2:207 - Definition of TPM_NV_INDEX Bits +#if !USE_MARSHALING_DEFINES +UINT16 +TPM_NV_INDEX_Marshal(TPM_NV_INDEX *source, BYTE **buffer, INT32 *size) +{ + return UINT32_Marshal((UINT32 *)source, buffer, size); +} +#endif // !USE_MARSHALING_DEFINES + +// Table 2:208 - Definition of TPM_NT Constants +// Table 2:209 - Definition of TPMS_NV_PIN_COUNTER_PARAMETERS Structure +TPM_RC +TPMS_NV_PIN_COUNTER_PARAMETERS_Unmarshal(TPMS_NV_PIN_COUNTER_PARAMETERS *target, BYTE **buffer, INT32 *size) +{ + TPM_RC result; + result = UINT32_Unmarshal((UINT32 *)&(target->pinCount), buffer, size); + if(result == TPM_RC_SUCCESS) + result = UINT32_Unmarshal((UINT32 *)&(target->pinLimit), buffer, size); + return result; +} +UINT16 +TPMS_NV_PIN_COUNTER_PARAMETERS_Marshal(TPMS_NV_PIN_COUNTER_PARAMETERS *source, BYTE **buffer, INT32 *size) +{ + UINT16 result = 0; + result = (UINT16)(result + UINT32_Marshal((UINT32 *)&(source->pinCount), buffer, size)); + result = (UINT16)(result + UINT32_Marshal((UINT32 *)&(source->pinLimit), buffer, size)); + return result; +} + +// Table 2:210 - Definition of TPMA_NV Bits +TPM_RC +TPMA_NV_Unmarshal(TPMA_NV *target, BYTE **buffer, INT32 *size) +{ + TPM_RC result; + result = UINT32_Unmarshal((UINT32 *)target, buffer, size); + if(result == TPM_RC_SUCCESS) + { + if(*((UINT32 *)target) & (UINT32)0x01f00300) + result = TPM_RC_RESERVED_BITS; + } + return result; +} + +#if !USE_MARSHALING_DEFINES +UINT16 +TPMA_NV_Marshal(TPMA_NV *source, BYTE **buffer, INT32 *size) +{ + return UINT32_Marshal((UINT32 *)source, buffer, size); +} +#endif // !USE_MARSHALING_DEFINES + +// Table 2:211 - Definition of TPMS_NV_PUBLIC Structure +TPM_RC +TPMS_NV_PUBLIC_Unmarshal(TPMS_NV_PUBLIC *target, BYTE **buffer, INT32 *size) +{ + TPM_RC result; + result = TPMI_RH_NV_INDEX_Unmarshal((TPMI_RH_NV_INDEX *)&(target->nvIndex), buffer, size); + if(result == TPM_RC_SUCCESS) + result = TPMI_ALG_HASH_Unmarshal((TPMI_ALG_HASH *)&(target->nameAlg), buffer, size, 0); + if(result == TPM_RC_SUCCESS) + result = TPMA_NV_Unmarshal((TPMA_NV *)&(target->attributes), buffer, size); + if(result == TPM_RC_SUCCESS) + result = TPM2B_DIGEST_Unmarshal((TPM2B_DIGEST *)&(target->authPolicy), buffer, size); + if(result == TPM_RC_SUCCESS) + result = UINT16_Unmarshal((UINT16 *)&(target->dataSize), buffer, size); + if( (result == TPM_RC_SUCCESS) + && (target->dataSize > MAX_NV_INDEX_SIZE)) + result = TPM_RC_SIZE; + return result; +} +UINT16 +TPMS_NV_PUBLIC_Marshal(TPMS_NV_PUBLIC *source, BYTE **buffer, INT32 *size) +{ + UINT16 result = 0; + result = (UINT16)(result + TPMI_RH_NV_INDEX_Marshal((TPMI_RH_NV_INDEX *)&(source->nvIndex), buffer, size)); + result = (UINT16)(result + TPMI_ALG_HASH_Marshal((TPMI_ALG_HASH *)&(source->nameAlg), buffer, size)); + result = (UINT16)(result + TPMA_NV_Marshal((TPMA_NV *)&(source->attributes), buffer, size)); + result = (UINT16)(result + TPM2B_DIGEST_Marshal((TPM2B_DIGEST *)&(source->authPolicy), buffer, size)); + result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->dataSize), buffer, size)); + return result; +} + +// Table 2:212 - Definition of TPM2B_NV_PUBLIC Structure +TPM_RC +TPM2B_NV_PUBLIC_Unmarshal(TPM2B_NV_PUBLIC *target, BYTE **buffer, INT32 *size) +{ + TPM_RC result; + result = UINT16_Unmarshal((UINT16 *)&(target->size), buffer, size); // =a + if(result == TPM_RC_SUCCESS) + { + // if size is zero, then the required structure is missing + if(target->size == 0) + result = TPM_RC_SIZE; + else + { + INT32 startSize = *size; + result = TPMS_NV_PUBLIC_Unmarshal((TPMS_NV_PUBLIC *)&(target->nvPublic), buffer, size); // =b + if(result == TPM_RC_SUCCESS) + { + if(target->size != (startSize - *size)) + result = TPM_RC_SIZE; + } + } + } + return result; +} +UINT16 +TPM2B_NV_PUBLIC_Marshal(TPM2B_NV_PUBLIC *source, BYTE **buffer, INT32 *size) +{ + UINT16 result = 0; + // Marshal a dummy value of the 2B size. This makes sure that 'buffer' + // and 'size' are advanced as necessary (i.e., if they are present) + result = UINT16_Marshal(&result, buffer, size); + // Marshal the structure + result = (UINT16)(result + TPMS_NV_PUBLIC_Marshal((TPMS_NV_PUBLIC *)&(source->nvPublic), buffer, size)); + // if a buffer was provided, go back and fill in the actual size + if(buffer != NULL) + UINT16_TO_BYTE_ARRAY((result - 2), (*buffer - result)); + return result; +} + +// Table 2:213 - Definition of TPM2B_CONTEXT_SENSITIVE Structure +TPM_RC +TPM2B_CONTEXT_SENSITIVE_Unmarshal(TPM2B_CONTEXT_SENSITIVE *target, BYTE **buffer, INT32 *size) +{ + TPM_RC result; + result = UINT16_Unmarshal((UINT16 *)&(target->t.size), buffer, size); + if(result == TPM_RC_SUCCESS) + { + if((target->t.size) > MAX_CONTEXT_SIZE) + result = TPM_RC_SIZE; + else + result = BYTE_Array_Unmarshal((BYTE *)(target->t.buffer), buffer, size, (INT32)(target->t.size)); + } + return result; +} +UINT16 +TPM2B_CONTEXT_SENSITIVE_Marshal(TPM2B_CONTEXT_SENSITIVE *source, BYTE **buffer, INT32 *size) +{ + UINT16 result = 0; + result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->t.size), buffer, size)); + // if size equal to 0, the rest of the structure is a zero buffer. Stop processing + if(source->t.size == 0) + return result; + result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->t.buffer), buffer, size, (INT32)(source->t.size))); + return result; +} + +// Table 2:214 - Definition of TPMS_CONTEXT_DATA Structure +TPM_RC +TPMS_CONTEXT_DATA_Unmarshal(TPMS_CONTEXT_DATA *target, BYTE **buffer, INT32 *size) +{ + TPM_RC result; + result = TPM2B_DIGEST_Unmarshal((TPM2B_DIGEST *)&(target->integrity), buffer, size); + if(result == TPM_RC_SUCCESS) + result = TPM2B_CONTEXT_SENSITIVE_Unmarshal((TPM2B_CONTEXT_SENSITIVE *)&(target->encrypted), buffer, size); + return result; +} +UINT16 +TPMS_CONTEXT_DATA_Marshal(TPMS_CONTEXT_DATA *source, BYTE **buffer, INT32 *size) +{ + UINT16 result = 0; + result = (UINT16)(result + TPM2B_DIGEST_Marshal((TPM2B_DIGEST *)&(source->integrity), buffer, size)); + result = (UINT16)(result + TPM2B_CONTEXT_SENSITIVE_Marshal((TPM2B_CONTEXT_SENSITIVE *)&(source->encrypted), buffer, size)); + return result; +} + +// Table 2:215 - Definition of TPM2B_CONTEXT_DATA Structure +TPM_RC +TPM2B_CONTEXT_DATA_Unmarshal(TPM2B_CONTEXT_DATA *target, BYTE **buffer, INT32 *size) +{ + TPM_RC result; + result = UINT16_Unmarshal((UINT16 *)&(target->t.size), buffer, size); + if(result == TPM_RC_SUCCESS) + { + if((target->t.size) > sizeof(TPMS_CONTEXT_DATA)) + result = TPM_RC_SIZE; + else + result = BYTE_Array_Unmarshal((BYTE *)(target->t.buffer), buffer, size, (INT32)(target->t.size)); + } + return result; +} +UINT16 +TPM2B_CONTEXT_DATA_Marshal(TPM2B_CONTEXT_DATA *source, BYTE **buffer, INT32 *size) +{ + UINT16 result = 0; + result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->t.size), buffer, size)); + // if size equal to 0, the rest of the structure is a zero buffer. Stop processing + if(source->t.size == 0) + return result; + result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->t.buffer), buffer, size, (INT32)(source->t.size))); + return result; +} + +// Table 2:216 - Definition of TPMS_CONTEXT Structure +TPM_RC +TPMS_CONTEXT_Unmarshal(TPMS_CONTEXT *target, BYTE **buffer, INT32 *size) +{ + TPM_RC result; + result = UINT64_Unmarshal((UINT64 *)&(target->sequence), buffer, size); + if(result == TPM_RC_SUCCESS) + result = TPMI_DH_SAVED_Unmarshal((TPMI_DH_SAVED *)&(target->savedHandle), buffer, size); + if(result == TPM_RC_SUCCESS) + result = TPMI_RH_HIERARCHY_Unmarshal((TPMI_RH_HIERARCHY *)&(target->hierarchy), buffer, size, 1); + if(result == TPM_RC_SUCCESS) + result = TPM2B_CONTEXT_DATA_Unmarshal((TPM2B_CONTEXT_DATA *)&(target->contextBlob), buffer, size); + return result; +} +UINT16 +TPMS_CONTEXT_Marshal(TPMS_CONTEXT *source, BYTE **buffer, INT32 *size) +{ + UINT16 result = 0; + result = (UINT16)(result + UINT64_Marshal((UINT64 *)&(source->sequence), buffer, size)); + result = (UINT16)(result + TPMI_DH_SAVED_Marshal((TPMI_DH_SAVED *)&(source->savedHandle), buffer, size)); + result = (UINT16)(result + TPMI_RH_HIERARCHY_Marshal((TPMI_RH_HIERARCHY *)&(source->hierarchy), buffer, size)); + result = (UINT16)(result + TPM2B_CONTEXT_DATA_Marshal((TPM2B_CONTEXT_DATA *)&(source->contextBlob), buffer, size)); + return result; +} + +// Table 2:218 - Definition of TPMS_CREATION_DATA Structure +UINT16 +TPMS_CREATION_DATA_Marshal(TPMS_CREATION_DATA *source, BYTE **buffer, INT32 *size) +{ + UINT16 result = 0; + result = (UINT16)(result + TPML_PCR_SELECTION_Marshal((TPML_PCR_SELECTION *)&(source->pcrSelect), buffer, size)); + result = (UINT16)(result + TPM2B_DIGEST_Marshal((TPM2B_DIGEST *)&(source->pcrDigest), buffer, size)); + result = (UINT16)(result + TPMA_LOCALITY_Marshal((TPMA_LOCALITY *)&(source->locality), buffer, size)); + result = (UINT16)(result + TPM_ALG_ID_Marshal((TPM_ALG_ID *)&(source->parentNameAlg), buffer, size)); + result = (UINT16)(result + TPM2B_NAME_Marshal((TPM2B_NAME *)&(source->parentName), buffer, size)); + result = (UINT16)(result + TPM2B_NAME_Marshal((TPM2B_NAME *)&(source->parentQualifiedName), buffer, size)); + result = (UINT16)(result + TPM2B_DATA_Marshal((TPM2B_DATA *)&(source->outsideInfo), buffer, size)); + return result; +} + +// Table 2:219 - Definition of TPM2B_CREATION_DATA Structure +UINT16 +TPM2B_CREATION_DATA_Marshal(TPM2B_CREATION_DATA *source, BYTE **buffer, INT32 *size) +{ + UINT16 result = 0; + // Marshal a dummy value of the 2B size. This makes sure that 'buffer' + // and 'size' are advanced as necessary (i.e., if they are present) + result = UINT16_Marshal(&result, buffer, size); + // Marshal the structure + result = (UINT16)(result + TPMS_CREATION_DATA_Marshal((TPMS_CREATION_DATA *)&(source->creationData), buffer, size)); + // if a buffer was provided, go back and fill in the actual size + if(buffer != NULL) + UINT16_TO_BYTE_ARRAY((result - 2), (*buffer - result)); + return result; +} + +// Table 2:220 - Definition of TPM_AT Constants +TPM_RC +TPM_AT_Unmarshal(TPM_AT *target, BYTE **buffer, INT32 *size) +{ + TPM_RC result; + result = UINT32_Unmarshal((UINT32 *)target, buffer, size); + if(result == TPM_RC_SUCCESS) + { + switch(*target) + { + case TPM_AT_ANY : + case TPM_AT_ERROR : + case TPM_AT_PV1 : + case TPM_AT_VEND : + break; + default : + result = TPM_RC_VALUE; + break; + } + } + return result; +} +#if !USE_MARSHALING_DEFINES +UINT16 +TPM_AT_Marshal(TPM_AT *source, BYTE **buffer, INT32 *size) +{ + return UINT32_Marshal((UINT32 *)source, buffer, size); +} +#endif // !USE_MARSHALING_DEFINES + +// Table 2:221 - Definition of TPM_AE Constants +#if !USE_MARSHALING_DEFINES +UINT16 +TPM_AE_Marshal(TPM_AE *source, BYTE **buffer, INT32 *size) +{ + return UINT32_Marshal((UINT32 *)source, buffer, size); +} +#endif // !USE_MARSHALING_DEFINES + +// Table 2:222 - Definition of TPMS_AC_OUTPUT Structure +UINT16 +TPMS_AC_OUTPUT_Marshal(TPMS_AC_OUTPUT *source, BYTE **buffer, INT32 *size) +{ + UINT16 result = 0; + result = (UINT16)(result + TPM_AT_Marshal((TPM_AT *)&(source->tag), buffer, size)); + result = (UINT16)(result + UINT32_Marshal((UINT32 *)&(source->data), buffer, size)); + return result; +} + +// Table 2:223 - Definition of TPML_AC_CAPABILITIES Structure +UINT16 +TPML_AC_CAPABILITIES_Marshal(TPML_AC_CAPABILITIES *source, BYTE **buffer, INT32 *size) +{ + UINT16 result = 0; + result = (UINT16)(result + UINT32_Marshal((UINT32 *)&(source->count), buffer, size)); + result = (UINT16)(result + TPMS_AC_OUTPUT_Array_Marshal((TPMS_AC_OUTPUT *)(source->acCapabilities), buffer, size, (INT32)(source->count))); + return result; +} + +// Array Marshal/Unmarshal for BYTE +TPM_RC +BYTE_Array_Unmarshal(BYTE *target, BYTE **buffer, INT32 *size, INT32 count) +{ + if(*size < count) + return TPM_RC_INSUFFICIENT; + memcpy(target, *buffer, count); + *size -= count; + *buffer += count; + return TPM_RC_SUCCESS; +} +UINT16 +BYTE_Array_Marshal(BYTE *source, BYTE **buffer, INT32 *size, INT32 count) +{ + if (buffer != 0) + { + if ((size == 0) || ((*size -= count) >= 0)) + { + memcpy(*buffer, source, count); + *buffer += count; + } + pAssert(size == 0 || (*size >= 0)); + } + pAssert(count < INT16_MAX); + return ((UINT16)count); +} + +// Array Marshal/Unmarshal for TPM2B_DIGEST +TPM_RC +TPM2B_DIGEST_Array_Unmarshal(TPM2B_DIGEST *target, BYTE **buffer, INT32 *size, INT32 count) +{ + TPM_RC result; + INT32 i; + for(result = TPM_RC_SUCCESS, i = 0; + ((result == TPM_RC_SUCCESS) && (i < count)); i++) + { + result = TPM2B_DIGEST_Unmarshal(&target[i], buffer, size); + } + return result; +} +UINT16 +TPM2B_DIGEST_Array_Marshal(TPM2B_DIGEST *source, BYTE **buffer, INT32 *size, INT32 count) +{ + UINT16 result = 0; + INT32 i; + for(i = 0; i < count; i++) + { + result = (UINT16)(result + TPM2B_DIGEST_Marshal(&source[i], buffer, size)); + } + return result; +} + +// Array Marshal for TPMA_CC +UINT16 +TPMA_CC_Array_Marshal(TPMA_CC *source, BYTE **buffer, INT32 *size, INT32 count) +{ + UINT16 result = 0; + INT32 i; + for(i = 0; i < count; i++) + { + result = (UINT16)(result + TPMA_CC_Marshal(&source[i], buffer, size)); + } + return result; +} + +// Array Marshal for TPMS_AC_OUTPUT +UINT16 +TPMS_AC_OUTPUT_Array_Marshal(TPMS_AC_OUTPUT *source, BYTE **buffer, INT32 *size, INT32 count) +{ + UINT16 result = 0; + INT32 i; + for(i = 0; i < count; i++) + { + result = (UINT16)(result + TPMS_AC_OUTPUT_Marshal(&source[i], buffer, size)); + } + return result; +} + +// Array Marshal for TPMS_ALG_PROPERTY +UINT16 +TPMS_ALG_PROPERTY_Array_Marshal(TPMS_ALG_PROPERTY *source, BYTE **buffer, INT32 *size, INT32 count) +{ + UINT16 result = 0; + INT32 i; + for(i = 0; i < count; i++) + { + result = (UINT16)(result + TPMS_ALG_PROPERTY_Marshal(&source[i], buffer, size)); + } + return result; +} + +// Array Marshal/Unmarshal for TPMS_PCR_SELECTION +TPM_RC +TPMS_PCR_SELECTION_Array_Unmarshal(TPMS_PCR_SELECTION *target, BYTE **buffer, INT32 *size, INT32 count) +{ + TPM_RC result; + INT32 i; + for(result = TPM_RC_SUCCESS, i = 0; + ((result == TPM_RC_SUCCESS) && (i < count)); i++) + { + result = TPMS_PCR_SELECTION_Unmarshal(&target[i], buffer, size); + } + return result; +} +UINT16 +TPMS_PCR_SELECTION_Array_Marshal(TPMS_PCR_SELECTION *source, BYTE **buffer, INT32 *size, INT32 count) +{ + UINT16 result = 0; + INT32 i; + for(i = 0; i < count; i++) + { + result = (UINT16)(result + TPMS_PCR_SELECTION_Marshal(&source[i], buffer, size)); + } + return result; +} + +// Array Marshal for TPMS_TAGGED_PCR_SELECT +UINT16 +TPMS_TAGGED_PCR_SELECT_Array_Marshal(TPMS_TAGGED_PCR_SELECT *source, BYTE **buffer, INT32 *size, INT32 count) +{ + UINT16 result = 0; + INT32 i; + for(i = 0; i < count; i++) + { + result = (UINT16)(result + TPMS_TAGGED_PCR_SELECT_Marshal(&source[i], buffer, size)); + } + return result; +} + +// Array Marshal for TPMS_TAGGED_POLICY +UINT16 +TPMS_TAGGED_POLICY_Array_Marshal(TPMS_TAGGED_POLICY *source, BYTE **buffer, INT32 *size, INT32 count) +{ + UINT16 result = 0; + INT32 i; + for(i = 0; i < count; i++) + { + result = (UINT16)(result + TPMS_TAGGED_POLICY_Marshal(&source[i], buffer, size)); + } + return result; +} + +// Array Marshal for TPMS_TAGGED_PROPERTY +UINT16 +TPMS_TAGGED_PROPERTY_Array_Marshal(TPMS_TAGGED_PROPERTY *source, BYTE **buffer, INT32 *size, INT32 count) +{ + UINT16 result = 0; + INT32 i; + for(i = 0; i < count; i++) + { + result = (UINT16)(result + TPMS_TAGGED_PROPERTY_Marshal(&source[i], buffer, size)); + } + return result; +} + +// Array Marshal/Unmarshal for TPMT_HA +TPM_RC +TPMT_HA_Array_Unmarshal(TPMT_HA *target, BYTE **buffer, INT32 *size, BOOL flag, INT32 count) +{ + TPM_RC result; + INT32 i; + for(result = TPM_RC_SUCCESS, i = 0; + ((result == TPM_RC_SUCCESS) && (i < count)); i++) + { + result = TPMT_HA_Unmarshal(&target[i], buffer, size, flag); + } + return result; +} +UINT16 +TPMT_HA_Array_Marshal(TPMT_HA *source, BYTE **buffer, INT32 *size, INT32 count) +{ + UINT16 result = 0; + INT32 i; + for(i = 0; i < count; i++) + { + result = (UINT16)(result + TPMT_HA_Marshal(&source[i], buffer, size)); + } + return result; +} + +// Array Marshal/Unmarshal for TPM_ALG_ID +TPM_RC +TPM_ALG_ID_Array_Unmarshal(TPM_ALG_ID *target, BYTE **buffer, INT32 *size, INT32 count) +{ + TPM_RC result; + INT32 i; + for(result = TPM_RC_SUCCESS, i = 0; + ((result == TPM_RC_SUCCESS) && (i < count)); i++) + { + result = TPM_ALG_ID_Unmarshal(&target[i], buffer, size); + } + return result; +} +UINT16 +TPM_ALG_ID_Array_Marshal(TPM_ALG_ID *source, BYTE **buffer, INT32 *size, INT32 count) +{ + UINT16 result = 0; + INT32 i; + for(i = 0; i < count; i++) + { + result = (UINT16)(result + TPM_ALG_ID_Marshal(&source[i], buffer, size)); + } + return result; +} + +// Array Marshal/Unmarshal for TPM_CC +TPM_RC +TPM_CC_Array_Unmarshal(TPM_CC *target, BYTE **buffer, INT32 *size, INT32 count) +{ + TPM_RC result; + INT32 i; + for(result = TPM_RC_SUCCESS, i = 0; + ((result == TPM_RC_SUCCESS) && (i < count)); i++) + { + result = TPM_CC_Unmarshal(&target[i], buffer, size); + } + return result; +} +UINT16 +TPM_CC_Array_Marshal(TPM_CC *source, BYTE **buffer, INT32 *size, INT32 count) +{ + UINT16 result = 0; + INT32 i; + for(i = 0; i < count; i++) + { + result = (UINT16)(result + TPM_CC_Marshal(&source[i], buffer, size)); + } + return result; +} + +// Array Marshal/Unmarshal for TPM_ECC_CURVE +#if ALG_ECC +TPM_RC +TPM_ECC_CURVE_Array_Unmarshal(TPM_ECC_CURVE *target, BYTE **buffer, INT32 *size, INT32 count) +{ + TPM_RC result; + INT32 i; + for(result = TPM_RC_SUCCESS, i = 0; + ((result == TPM_RC_SUCCESS) && (i < count)); i++) + { + result = TPM_ECC_CURVE_Unmarshal(&target[i], buffer, size); + } + return result; +} +UINT16 +TPM_ECC_CURVE_Array_Marshal(TPM_ECC_CURVE *source, BYTE **buffer, INT32 *size, INT32 count) +{ + UINT16 result = 0; + INT32 i; + for(i = 0; i < count; i++) + { + result = (UINT16)(result + TPM_ECC_CURVE_Marshal(&source[i], buffer, size)); + } + return result; +} +#endif // ALG_ECC + +// Array Marshal/Unmarshal for TPM_HANDLE +TPM_RC +TPM_HANDLE_Array_Unmarshal(TPM_HANDLE *target, BYTE **buffer, INT32 *size, INT32 count) +{ + TPM_RC result; + INT32 i; + for(result = TPM_RC_SUCCESS, i = 0; + ((result == TPM_RC_SUCCESS) && (i < count)); i++) + { + result = TPM_HANDLE_Unmarshal(&target[i], buffer, size); + } + return result; +} +UINT16 +TPM_HANDLE_Array_Marshal(TPM_HANDLE *source, BYTE **buffer, INT32 *size, INT32 count) +{ + UINT16 result = 0; + INT32 i; + for(i = 0; i < count; i++) + { + result = (UINT16)(result + TPM_HANDLE_Marshal(&source[i], buffer, size)); + } + return result; +} + diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/MathOnByteBuffers.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/MathOnByteBuffers.c new file mode 100644 index 000000000..5e68e2376 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/MathOnByteBuffers.c @@ -0,0 +1,265 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +//** Introduction +// +// This file contains implementation of the math functions that are performed +// with canonical integers in byte buffers. The canonical integer is +// big-endian bytes. +// +#include "Tpm.h" + +//** Functions + +//*** UnsignedCmpB +// This function compare two unsigned values. The values are byte-aligned, +// big-endian numbers (e.g, a hash). +// Return Type: int +// 1 if (a > b) +// 0 if (a = b) +// -1 if (a < b) +LIB_EXPORT int +UnsignedCompareB( + UINT32 aSize, // IN: size of a + const BYTE *a, // IN: a + UINT32 bSize, // IN: size of b + const BYTE *b // IN: b + ) +{ + UINT32 i; + if(aSize > bSize) + return 1; + else if(aSize < bSize) + return -1; + else + { + for(i = 0; i < aSize; i++) + { + if(a[i] != b[i]) + return (a[i] > b[i]) ? 1 : -1; + } + } + return 0; +} + +//***SignedCompareB() +// Compare two signed integers: +// Return Type: int +// 1 if a > b +// 0 if a = b +// -1 if a < b +int +SignedCompareB( + const UINT32 aSize, // IN: size of a + const BYTE *a, // IN: a buffer + const UINT32 bSize, // IN: size of b + const BYTE *b // IN: b buffer + ) +{ + int signA, signB; // sign of a and b + + // For positive or 0, sign_a is 1 + // for negative, sign_a is 0 + signA = ((a[0] & 0x80) == 0) ? 1 : 0; + + // For positive or 0, sign_b is 1 + // for negative, sign_b is 0 + signB = ((b[0] & 0x80) == 0) ? 1 : 0; + + if(signA != signB) + { + return signA - signB; + } + if(signA == 1) + // do unsigned compare function + return UnsignedCompareB(aSize, a, bSize, b); + else + // do unsigned compare the other way + return 0 - UnsignedCompareB(aSize, a, bSize, b); +} + +//*** ModExpB +// This function is used to do modular exponentiation in support of RSA. +// The most typical uses are: 'c' = 'm'^'e' mod 'n' (RSA encrypt) and +// 'm' = 'c'^'d' mod 'n' (RSA decrypt). When doing decryption, the 'e' parameter +// of the function will contain the private exponent 'd' instead of the public +// exponent 'e'. +// +// If the results will not fit in the provided buffer, +// an error is returned (CRYPT_ERROR_UNDERFLOW). If the results is smaller +// than the buffer, the results is de-normalized. +// +// This version is intended for use with RSA and requires that 'm' be +// less than 'n'. +// +// Return Type: TPM_RC +// TPM_RC_SIZE number to exponentiate is larger than the modulus +// TPM_RC_NO_RESULT result will not fit into the provided buffer +// +TPM_RC +ModExpB( + UINT32 cSize, // IN: the size of the output buffer. It will + // need to be the same size as the modulus + BYTE *c, // OUT: the buffer to receive the results + // (c->size must be set to the maximum size + // for the returned value) + const UINT32 mSize, + const BYTE *m, // IN: number to exponentiate + const UINT32 eSize, + const BYTE *e, // IN: power + const UINT32 nSize, + const BYTE *n // IN: modulus + ) +{ + BN_MAX(bnC); + BN_MAX(bnM); + BN_MAX(bnE); + BN_MAX(bnN); + NUMBYTES tSize = (NUMBYTES)nSize; + TPM_RC retVal = TPM_RC_SUCCESS; + + // Convert input parameters + BnFromBytes(bnM, m, (NUMBYTES)mSize); + BnFromBytes(bnE, e, (NUMBYTES)eSize); + BnFromBytes(bnN, n, (NUMBYTES)nSize); + + + // Make sure that the output is big enough to hold the result + // and that 'm' is less than 'n' (the modulus) + if(cSize < nSize) + ERROR_RETURN(TPM_RC_NO_RESULT); + if(BnUnsignedCmp(bnM, bnN) >= 0) + ERROR_RETURN(TPM_RC_SIZE); + BnModExp(bnC, bnM, bnE, bnN); + BnToBytes(bnC, c, &tSize); +Exit: + return retVal; +} + +//*** DivideB() +// Divide an integer ('n') by an integer ('d') producing a quotient ('q') and +// a remainder ('r'). If 'q' or 'r' is not needed, then the pointer to them +// may be set to NULL. +// +// Return Type: TPM_RC +// TPM_RC_NO_RESULT 'q' or 'r' is too small to receive the result +// +LIB_EXPORT TPM_RC +DivideB( + const TPM2B *n, // IN: numerator + const TPM2B *d, // IN: denominator + TPM2B *q, // OUT: quotient + TPM2B *r // OUT: remainder + ) +{ + BN_MAX_INITIALIZED(bnN, n); + BN_MAX_INITIALIZED(bnD, d); + BN_MAX(bnQ); + BN_MAX(bnR); +// + // Do divide with converted values + BnDiv(bnQ, bnR, bnN, bnD); + + // Convert the BIGNUM result back to 2B format using the size of the original + // number + if(q != NULL) + if(!BnTo2B(bnQ, q, q->size)) + return TPM_RC_NO_RESULT; + if(r != NULL) + if(!BnTo2B(bnR, r, r->size)) + return TPM_RC_NO_RESULT; + return TPM_RC_SUCCESS; +} + +//*** AdjustNumberB() +// Remove/add leading zeros from a number in a TPM2B. Will try to make the number +// by adding or removing leading zeros. If the number is larger than the requested +// size, it will make the number as small as possible. Setting 'requestedSize' to +// zero is equivalent to requesting that the number be normalized. +UINT16 +AdjustNumberB( + TPM2B *num, + UINT16 requestedSize + ) +{ + BYTE *from; + UINT16 i; + // See if number is already the requested size + if(num->size == requestedSize) + return requestedSize; + from = num->buffer; + if (num->size > requestedSize) + { + // This is a request to shift the number to the left (remove leading zeros) + // Find the first non-zero byte. Don't look past the point where removing + // more zeros would make the number smaller than requested, and don't throw + // away any significant digits. + for(i = num->size; *from == 0 && i > requestedSize; from++, i--); + if(i < num->size) + { + num->size = i; + MemoryCopy(num->buffer, from, i); + } + } + // This is a request to shift the number to the right (add leading zeros) + else + { + MemoryCopy(&num->buffer[requestedSize - num->size], num->buffer, num->size); + MemorySet(num->buffer, 0, requestedSize- num->size); + num->size = requestedSize; + } + return num->size; +} + +//*** ShiftLeft() +// This function shifts a byte buffer (a TPM2B) one byte to the left. That is, +// the most significant bit of the most significant byte is lost. +TPM2B * +ShiftLeft( + TPM2B *value // IN/OUT: value to shift and shifted value out +) +{ + UINT16 count = value->size; + BYTE *buffer = value->buffer; + if(count > 0) + { + for(count -= 1; count > 0; buffer++, count--) + { + buffer[0] = (buffer[0] << 1) + ((buffer[1] & 0x80) ? 1 : 0); + } + *buffer <<= 1; + } + return value; +} + diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Memory.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Memory.c new file mode 100644 index 000000000..cbfa41d32 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Memory.c @@ -0,0 +1,269 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +//** Description +// This file contains a set of miscellaneous memory manipulation routines. Many +// of the functions have the same semantics as functions defined in string.h. +// Those functions are not used directly in the TPM because they are not 'safe' +// +// This version uses string.h after adding guards. This is because the math +// libraries invariably use those functions so it is not practical to prevent +// those library functions from being pulled into the build. + +//** Includes and Data Definitions +#include "Tpm.h" +#include "Memory_fp.h" + +//** Functions + +//*** MemoryCopy() +// This is an alias for memmove. This is used in place of memcpy because +// some of the moves may overlap and rather than try to make sure that +// memmove is used when necessary, it is always used. +void +MemoryCopy( + void *dest, + const void *src, + int sSize + ) +{ + if(dest != src) + memmove(dest, src, sSize); +} + + +//*** MemoryEqual() +// This function indicates if two buffers have the same values in the indicated +// number of bytes. +// Return Type: BOOL +// TRUE(1) all octets are the same +// FALSE(0) all octets are not the same +BOOL +MemoryEqual( + const void *buffer1, // IN: compare buffer1 + const void *buffer2, // IN: compare buffer2 + unsigned int size // IN: size of bytes being compared + ) +{ + BYTE equal = 0; + const BYTE *b1 = (BYTE *)buffer1; + const BYTE *b2 = (BYTE *)buffer2; +// + // Compare all bytes so that there is no leakage of information + // due to timing differences. + for(; size > 0; size--) + equal |= (*b1++ ^ *b2++); + return (equal == 0); +} + +//*** MemoryCopy2B() +// This function copies a TPM2B. This can be used when the TPM2B types are +// the same or different. +// +// This function returns the number of octets in the data buffer of the TPM2B. +LIB_EXPORT INT16 +MemoryCopy2B( + TPM2B *dest, // OUT: receiving TPM2B + const TPM2B *source, // IN: source TPM2B + unsigned int dSize // IN: size of the receiving buffer + ) +{ + pAssert(dest != NULL); + if(source == NULL) + dest->size = 0; + else + { + pAssert(source->size <= dSize); + MemoryCopy(dest->buffer, source->buffer, source->size); + dest->size = source->size; + } + return dest->size; +} + +//*** MemoryConcat2B() +// This function will concatenate the buffer contents of a TPM2B to an +// the buffer contents of another TPM2B and adjust the size accordingly +// ('a' := ('a' | 'b')). +void +MemoryConcat2B( + TPM2B *aInOut, // IN/OUT: destination 2B + TPM2B *bIn, // IN: second 2B + unsigned int aMaxSize // IN: The size of aInOut.buffer (max values for + // aInOut.size) + ) +{ + pAssert(bIn->size <= aMaxSize - aInOut->size); + MemoryCopy(&aInOut->buffer[aInOut->size], &bIn->buffer, bIn->size); + aInOut->size = aInOut->size + bIn->size; + return; +} + +//*** MemoryEqual2B() +// This function will compare two TPM2B structures. To be equal, they +// need to be the same size and the buffer contexts need to be the same +// in all octets. +// Return Type: BOOL +// TRUE(1) size and buffer contents are the same +// FALSE(0) size or buffer contents are not the same +BOOL +MemoryEqual2B( + const TPM2B *aIn, // IN: compare value + const TPM2B *bIn // IN: compare value + ) +{ + if(aIn->size != bIn->size) + return FALSE; + return MemoryEqual(aIn->buffer, bIn->buffer, aIn->size); +} + +//*** MemorySet() +// This function will set all the octets in the specified memory range to +// the specified octet value. +// Note: A previous version had an additional parameter (dSize) that was +// intended to make sure that the destination would not be overrun. The +// problem is that, in use, all that was happening was that the value of +// size was used for dSize so there was no benefit in the extra parameter. +void +MemorySet( + void *dest, + int value, + size_t size + ) +{ + memset(dest, value, size); +} + +//*** MemoryPad2B() +// Function to pad a TPM2B with zeros and adjust the size. +void +MemoryPad2B( + TPM2B *b, + UINT16 newSize + ) +{ + MemorySet(&b->buffer[b->size], 0, newSize - b->size); + b->size = newSize; +} + + +//*** Uint16ToByteArray() +// Function to write an integer to a byte array +void +Uint16ToByteArray( + UINT16 i, + BYTE *a + ) +{ + a[1] = (BYTE)(i); i >>= 8; + a[0] = (BYTE)(i); +} + +//*** Uint32ToByteArray() +// Function to write an integer to a byte array +void +Uint32ToByteArray( + UINT32 i, + BYTE *a + ) +{ + a[3] = (BYTE)(i); i >>= 8; + a[2] = (BYTE)(i); i >>= 8; + a[1] = (BYTE)(i); i >>= 8; + a[0] = (BYTE)(i); +} + +//*** Uint64ToByteArray() +// Function to write an integer to a byte array +void +Uint64ToByteArray( + UINT64 i, + BYTE *a + ) +{ + a[7] = (BYTE)(i); i >>= 8; + a[6] = (BYTE)(i); i >>= 8; + a[5] = (BYTE)(i); i >>= 8; + a[4] = (BYTE)(i); i >>= 8; + a[3] = (BYTE)(i); i >>= 8; + a[2] = (BYTE)(i); i >>= 8; + a[1] = (BYTE)(i); i >>= 8; + a[0] = (BYTE)(i); +} + +//*** ByteArrayToUint8() +// Function to write a UINT8 to a byte array. This is included for completeness +// and to allow certain macro expansions +UINT8 +ByteArrayToUint8( + BYTE *a +) +{ + return *a; +} + + +//*** ByteArrayToUint16() +// Function to write an integer to a byte array +UINT16 +ByteArrayToUint16( + BYTE *a +) +{ + return ((UINT16)a[0] << 8) + a[1]; +} + +//*** ByteArrayToUint32() +// Function to write an integer to a byte array +UINT32 +ByteArrayToUint32( + BYTE *a +) +{ + return (UINT32)((((((UINT32)a[0] << 8) + a[1]) << 8) + (UINT32)a[2]) << 8) + a[3]; +} + +//*** ByteArrayToUint64() +// Function to write an integer to a byte array +UINT64 +ByteArrayToUint64( + BYTE *a + ) +{ + return (((UINT64)BYTE_ARRAY_TO_UINT32(a)) << 32) + BYTE_ARRAY_TO_UINT32(&a[4]); +} + + + + + diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Power.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Power.c new file mode 100644 index 000000000..163cd4e7d --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Power.c @@ -0,0 +1,82 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +//** Description + +// This file contains functions that receive the simulated power state +// transitions of the TPM. + +//** Includes and Data Definitions +#define POWER_C +#include "Tpm.h" + +//** Functions + +//*** TPMInit() +// This function is used to process a power on event. +void +TPMInit( + void + ) +{ + // Set state as not initialized. This means that Startup is required + g_initialized = FALSE; + return; +} + +//*** TPMRegisterStartup() +// This function registers the fact that the TPM has been initialized +// (a TPM2_Startup() has completed successfully). +BOOL +TPMRegisterStartup( + void + ) +{ + g_initialized = TRUE; + return TRUE; +} + +//*** TPMIsStarted() +// Indicates if the TPM has been initialized (a TPM2_Startup() has completed +// successfully after a _TPM_Init). +// Return Type: BOOL +// TRUE(1) TPM has been initialized +// FALSE(0) TPM has not been initialized +BOOL +TPMIsStarted( + void + ) +{ + return g_initialized; +} diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/PropertyCap.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/PropertyCap.c new file mode 100644 index 000000000..11ea8592c --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/PropertyCap.c @@ -0,0 +1,597 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +//** Description +// This file contains the functions that are used for accessing the +// TPM_CAP_TPM_PROPERTY values. + +//** Includes + +#include "Tpm.h" + +//** Functions + +//*** TPMPropertyIsDefined() +// This function accepts a property selection and, if so, sets 'value' +// to the value of the property. +// +// All the fixed values are vendor dependent or determined by a +// platform-specific specification. The values in the table below +// are examples and should be changed by the vendor. +// Return Type: BOOL +// TRUE(1) referenced property exists and 'value' set +// FALSE(0) referenced property does not exist +static BOOL +TPMPropertyIsDefined( + TPM_PT property, // IN: property + UINT32 *value // OUT: property value + ) +{ + switch(property) + { + case TPM_PT_FAMILY_INDICATOR: + // from the title page of the specification + // For this specification, the value is "2.0". + *value = TPM_SPEC_FAMILY; + break; + case TPM_PT_LEVEL: + // from the title page of the specification + *value = TPM_SPEC_LEVEL; + break; + case TPM_PT_REVISION: + // from the title page of the specification + *value = TPM_SPEC_VERSION; + break; + case TPM_PT_DAY_OF_YEAR: + // computed from the date value on the title page of the specification + *value = TPM_SPEC_DAY_OF_YEAR; + break; + case TPM_PT_YEAR: + // from the title page of the specification + *value = TPM_SPEC_YEAR; + break; + case TPM_PT_MANUFACTURER: + // vendor ID unique to each TPM manufacturer + *value = BYTE_ARRAY_TO_UINT32(MANUFACTURER); + break; + case TPM_PT_VENDOR_STRING_1: + // first four characters of the vendor ID string + *value = BYTE_ARRAY_TO_UINT32(VENDOR_STRING_1); + break; + case TPM_PT_VENDOR_STRING_2: + // second four characters of the vendor ID string +#ifdef VENDOR_STRING_2 + *value = BYTE_ARRAY_TO_UINT32(VENDOR_STRING_2); +#else + *value = 0; +#endif + break; + case TPM_PT_VENDOR_STRING_3: + // third four characters of the vendor ID string +#ifdef VENDOR_STRING_3 + *value = BYTE_ARRAY_TO_UINT32(VENDOR_STRING_3); +#else + *value = 0; +#endif + break; + case TPM_PT_VENDOR_STRING_4: + // fourth four characters of the vendor ID string +#ifdef VENDOR_STRING_4 + *value = BYTE_ARRAY_TO_UINT32(VENDOR_STRING_4); +#else + *value = 0; +#endif + break; + case TPM_PT_VENDOR_TPM_TYPE: + // vendor-defined value indicating the TPM model + *value = 1; + break; + case TPM_PT_FIRMWARE_VERSION_1: + // more significant 32-bits of a vendor-specific value + *value = gp.firmwareV1; + break; + case TPM_PT_FIRMWARE_VERSION_2: + // less significant 32-bits of a vendor-specific value + *value = gp.firmwareV2; + break; + case TPM_PT_INPUT_BUFFER: + // maximum size of TPM2B_MAX_BUFFER + *value = MAX_DIGEST_BUFFER; + break; + case TPM_PT_HR_TRANSIENT_MIN: + // minimum number of transient objects that can be held in TPM + // RAM + *value = MAX_LOADED_OBJECTS; + break; + case TPM_PT_HR_PERSISTENT_MIN: + // minimum number of persistent objects that can be held in + // TPM NV memory + // In this implementation, there is no minimum number of + // persistent objects. + *value = MIN_EVICT_OBJECTS; + break; + case TPM_PT_HR_LOADED_MIN: + // minimum number of authorization sessions that can be held in + // TPM RAM + *value = MAX_LOADED_SESSIONS; + break; + case TPM_PT_ACTIVE_SESSIONS_MAX: + // number of authorization sessions that may be active at a time + *value = MAX_ACTIVE_SESSIONS; + break; + case TPM_PT_PCR_COUNT: + // number of PCR implemented + *value = IMPLEMENTATION_PCR; + break; + case TPM_PT_PCR_SELECT_MIN: + // minimum number of bytes in a TPMS_PCR_SELECT.sizeOfSelect + *value = PCR_SELECT_MIN; + break; + case TPM_PT_CONTEXT_GAP_MAX: + // maximum allowed difference (unsigned) between the contextID + // values of two saved session contexts + *value = ((UINT32)1 << (sizeof(CONTEXT_SLOT) * 8)) - 1; + break; + case TPM_PT_NV_COUNTERS_MAX: + // maximum number of NV indexes that are allowed to have the + // TPMA_NV_COUNTER attribute SET + // In this implementation, there is no limitation on the number + // of counters, except for the size of the NV Index memory. + *value = 0; + break; + case TPM_PT_NV_INDEX_MAX: + // maximum size of an NV index data area + *value = MAX_NV_INDEX_SIZE; + break; + case TPM_PT_MEMORY: + // a TPMA_MEMORY indicating the memory management method for the TPM + { + union + { + TPMA_MEMORY att; + UINT32 u32; + } attributes = { TPMA_ZERO_INITIALIZER() }; + SET_ATTRIBUTE(attributes.att, TPMA_MEMORY, sharedNV); + SET_ATTRIBUTE(attributes.att, TPMA_MEMORY, objectCopiedToRam); + + // Note: For a LSb0 machine, the bits in a bit field are in the correct + // order even if the machine is MSB0. For a MSb0 machine, a TPMA will + // be an integer manipulated by masking (USE_BIT_FIELD_STRUCTURES will + // be NO) so the bits are manipulate correctly. + *value = attributes.u32; + break; + } + case TPM_PT_CLOCK_UPDATE: + // interval, in seconds, between updates to the copy of + // TPMS_TIME_INFO .clock in NV + *value = (1 << NV_CLOCK_UPDATE_INTERVAL); + break; + case TPM_PT_CONTEXT_HASH: + // algorithm used for the integrity hash on saved contexts and + // for digesting the fuData of TPM2_FirmwareRead() + *value = CONTEXT_INTEGRITY_HASH_ALG; + break; + case TPM_PT_CONTEXT_SYM: + // algorithm used for encryption of saved contexts + *value = CONTEXT_ENCRYPT_ALG; + break; + case TPM_PT_CONTEXT_SYM_SIZE: + // size of the key used for encryption of saved contexts + *value = CONTEXT_ENCRYPT_KEY_BITS; + break; + case TPM_PT_ORDERLY_COUNT: + // maximum difference between the volatile and non-volatile + // versions of TPMA_NV_COUNTER that have TPMA_NV_ORDERLY SET + *value = MAX_ORDERLY_COUNT; + break; + case TPM_PT_MAX_COMMAND_SIZE: + // maximum value for 'commandSize' + *value = MAX_COMMAND_SIZE; + break; + case TPM_PT_MAX_RESPONSE_SIZE: + // maximum value for 'responseSize' + *value = MAX_RESPONSE_SIZE; + break; + case TPM_PT_MAX_DIGEST: + // maximum size of a digest that can be produced by the TPM + *value = sizeof(TPMU_HA); + break; + case TPM_PT_MAX_OBJECT_CONTEXT: +// Header has 'sequence', 'handle' and 'hierarchy' +#define SIZE_OF_CONTEXT_HEADER \ + sizeof(UINT64) + sizeof(TPMI_DH_CONTEXT) + sizeof(TPMI_RH_HIERARCHY) +#define SIZE_OF_CONTEXT_INTEGRITY (sizeof(UINT16) + CONTEXT_INTEGRITY_HASH_SIZE) +#define SIZE_OF_FINGERPRINT sizeof(UINT64) +#define SIZE_OF_CONTEXT_BLOB_OVERHEAD \ + (sizeof(UINT16) + SIZE_OF_CONTEXT_INTEGRITY + SIZE_OF_FINGERPRINT) +#define SIZE_OF_CONTEXT_OVERHEAD \ + (SIZE_OF_CONTEXT_HEADER + SIZE_OF_CONTEXT_BLOB_OVERHEAD) +#if 0 + // maximum size of a TPMS_CONTEXT that will be returned by + // TPM2_ContextSave for object context + *value = 0; + // adding sequence, saved handle and hierarchy + *value += sizeof(UINT64) + sizeof(TPMI_DH_CONTEXT) + + sizeof(TPMI_RH_HIERARCHY); + // add size field in TPM2B_CONTEXT + *value += sizeof(UINT16); + // add integrity hash size + *value += sizeof(UINT16) + + CryptHashGetDigestSize(CONTEXT_INTEGRITY_HASH_ALG); + // Add fingerprint size, which is the same as sequence size + *value += sizeof(UINT64); + // Add OBJECT structure size + *value += sizeof(OBJECT); +#else + // the maximum size of a TPMS_CONTEXT that will be returned by + // TPM2_ContextSave for object context + *value = SIZE_OF_CONTEXT_OVERHEAD + sizeof(OBJECT); +#endif + break; + case TPM_PT_MAX_SESSION_CONTEXT: +#if 0 + + // the maximum size of a TPMS_CONTEXT that will be returned by + // TPM2_ContextSave for object context + *value = 0; + // adding sequence, saved handle and hierarchy + *value += sizeof(UINT64) + sizeof(TPMI_DH_CONTEXT) + + sizeof(TPMI_RH_HIERARCHY); + // Add size field in TPM2B_CONTEXT + *value += sizeof(UINT16); +// Add integrity hash size + *value += sizeof(UINT16) + + CryptHashGetDigestSize(CONTEXT_INTEGRITY_HASH_ALG); + // Add fingerprint size, which is the same as sequence size + *value += sizeof(UINT64); + // Add SESSION structure size + *value += sizeof(SESSION); +#else + // the maximum size of a TPMS_CONTEXT that will be returned by + // TPM2_ContextSave for object context + *value = SIZE_OF_CONTEXT_OVERHEAD + sizeof(SESSION); +#endif + break; + case TPM_PT_PS_FAMILY_INDICATOR: + // platform specific values for the TPM_PT_PS parameters from + // the relevant platform-specific specification + // In this reference implementation, all of these values are 0. + *value = PLATFORM_FAMILY; + break; + case TPM_PT_PS_LEVEL: + // level of the platform-specific specification + *value = PLATFORM_LEVEL; + break; + case TPM_PT_PS_REVISION: + // specification Revision times 100 for the platform-specific + // specification + *value = PLATFORM_VERSION; + break; + case TPM_PT_PS_DAY_OF_YEAR: + // platform-specific specification day of year using TCG calendar + *value = PLATFORM_DAY_OF_YEAR; + break; + case TPM_PT_PS_YEAR: + // platform-specific specification year using the CE + *value = PLATFORM_YEAR; + break; + case TPM_PT_SPLIT_MAX: + // number of split signing operations supported by the TPM + *value = 0; +#if ALG_ECC + *value = sizeof(gr.commitArray) * 8; +#endif + break; + case TPM_PT_TOTAL_COMMANDS: + // total number of commands implemented in the TPM + // Since the reference implementation does not have any + // vendor-defined commands, this will be the same as the + // number of library commands. + { +#if COMPRESSED_LISTS + (*value) = COMMAND_COUNT; +#else + COMMAND_INDEX commandIndex; + *value = 0; + + // scan all implemented commands + for(commandIndex = GetClosestCommandIndex(0); + commandIndex != UNIMPLEMENTED_COMMAND_INDEX; + commandIndex = GetNextCommandIndex(commandIndex)) + { + (*value)++; // count of all implemented + } +#endif + break; + } + case TPM_PT_LIBRARY_COMMANDS: + // number of commands from the TPM library that are implemented + { +#if COMPRESSED_LISTS + *value = LIBRARY_COMMAND_ARRAY_SIZE; +#else + COMMAND_INDEX commandIndex; + *value = 0; + + // scan all implemented commands + for(commandIndex = GetClosestCommandIndex(0); + commandIndex < LIBRARY_COMMAND_ARRAY_SIZE; + commandIndex = GetNextCommandIndex(commandIndex)) + { + (*value)++; + } +#endif + break; + } + case TPM_PT_VENDOR_COMMANDS: + // number of vendor commands that are implemented + *value = VENDOR_COMMAND_ARRAY_SIZE; + break; + case TPM_PT_NV_BUFFER_MAX: + // Maximum data size in an NV write command + *value = MAX_NV_BUFFER_SIZE; + break; + case TPM_PT_MODES: +#if FIPS_COMPLIANT + *value = 1; +#else + *value = 0; +#endif + break; + case TPM_PT_MAX_CAP_BUFFER: + *value = MAX_CAP_BUFFER; + break; + + // Start of variable commands + case TPM_PT_PERMANENT: + // TPMA_PERMANENT + { + union { + TPMA_PERMANENT attr; + UINT32 u32; + } flags = { TPMA_ZERO_INITIALIZER() }; + if(gp.ownerAuth.t.size != 0) + SET_ATTRIBUTE(flags.attr, TPMA_PERMANENT, ownerAuthSet); + if(gp.endorsementAuth.t.size != 0) + SET_ATTRIBUTE(flags.attr, TPMA_PERMANENT, endorsementAuthSet); + if(gp.lockoutAuth.t.size != 0) + SET_ATTRIBUTE(flags.attr, TPMA_PERMANENT, lockoutAuthSet); + if(gp.disableClear) + SET_ATTRIBUTE(flags.attr, TPMA_PERMANENT, disableClear); + if(gp.failedTries >= gp.maxTries) + SET_ATTRIBUTE(flags.attr, TPMA_PERMANENT, inLockout); + // In this implementation, EPS is always generated by TPM + SET_ATTRIBUTE(flags.attr, TPMA_PERMANENT, tpmGeneratedEPS); + + // Note: For a LSb0 machine, the bits in a bit field are in the correct + // order even if the machine is MSB0. For a MSb0 machine, a TPMA will + // be an integer manipulated by masking (USE_BIT_FIELD_STRUCTURES will + // be NO) so the bits are manipulate correctly. + *value = flags.u32; + break; + } + case TPM_PT_STARTUP_CLEAR: + // TPMA_STARTUP_CLEAR + { + union { + TPMA_STARTUP_CLEAR attr; + UINT32 u32; + } flags = { TPMA_ZERO_INITIALIZER() }; +// + if(g_phEnable) + SET_ATTRIBUTE(flags.attr, TPMA_STARTUP_CLEAR, phEnable); + if(gc.shEnable) + SET_ATTRIBUTE(flags.attr, TPMA_STARTUP_CLEAR, shEnable); + if(gc.ehEnable) + SET_ATTRIBUTE(flags.attr, TPMA_STARTUP_CLEAR, ehEnable); + if(gc.phEnableNV) + SET_ATTRIBUTE(flags.attr, TPMA_STARTUP_CLEAR, phEnableNV); + if(g_prevOrderlyState != SU_NONE_VALUE) + SET_ATTRIBUTE(flags.attr, TPMA_STARTUP_CLEAR, orderly); + + // Note: For a LSb0 machine, the bits in a bit field are in the correct + // order even if the machine is MSB0. For a MSb0 machine, a TPMA will + // be an integer manipulated by masking (USE_BIT_FIELD_STRUCTURES will + // be NO) so the bits are manipulate correctly. + *value = flags.u32; + break; + } + case TPM_PT_HR_NV_INDEX: + // number of NV indexes currently defined + *value = NvCapGetIndexNumber(); + break; + case TPM_PT_HR_LOADED: + // number of authorization sessions currently loaded into TPM + // RAM + *value = SessionCapGetLoadedNumber(); + break; + case TPM_PT_HR_LOADED_AVAIL: + // number of additional authorization sessions, of any type, + // that could be loaded into TPM RAM + *value = SessionCapGetLoadedAvail(); + break; + case TPM_PT_HR_ACTIVE: + // number of active authorization sessions currently being + // tracked by the TPM + *value = SessionCapGetActiveNumber(); + break; + case TPM_PT_HR_ACTIVE_AVAIL: + // number of additional authorization sessions, of any type, + // that could be created + *value = SessionCapGetActiveAvail(); + break; + case TPM_PT_HR_TRANSIENT_AVAIL: + // estimate of the number of additional transient objects that + // could be loaded into TPM RAM + *value = ObjectCapGetTransientAvail(); + break; + case TPM_PT_HR_PERSISTENT: + // number of persistent objects currently loaded into TPM + // NV memory + *value = NvCapGetPersistentNumber(); + break; + case TPM_PT_HR_PERSISTENT_AVAIL: + // number of additional persistent objects that could be loaded + // into NV memory + *value = NvCapGetPersistentAvail(); + break; + case TPM_PT_NV_COUNTERS: + // number of defined NV indexes that have NV TPMA_NV_COUNTER + // attribute SET + *value = NvCapGetCounterNumber(); + break; + case TPM_PT_NV_COUNTERS_AVAIL: + // number of additional NV indexes that can be defined with their + // TPMA_NV_COUNTER attribute SET + *value = NvCapGetCounterAvail(); + break; + case TPM_PT_ALGORITHM_SET: + // region code for the TPM + *value = gp.algorithmSet; + break; + case TPM_PT_LOADED_CURVES: +#if ALG_ECC + // number of loaded ECC curves + *value = ECC_CURVE_COUNT; +#else // ALG_ECC + *value = 0; +#endif // ALG_ECC + break; + case TPM_PT_LOCKOUT_COUNTER: + // current value of the lockout counter + *value = gp.failedTries; + break; + case TPM_PT_MAX_AUTH_FAIL: + // number of authorization failures before DA lockout is invoked + *value = gp.maxTries; + break; + case TPM_PT_LOCKOUT_INTERVAL: + // number of seconds before the value reported by + // TPM_PT_LOCKOUT_COUNTER is decremented + *value = gp.recoveryTime; + break; + case TPM_PT_LOCKOUT_RECOVERY: + // number of seconds after a lockoutAuth failure before use of + // lockoutAuth may be attempted again + *value = gp.lockoutRecovery; + break; + case TPM_PT_NV_WRITE_RECOVERY: + // number of milliseconds before the TPM will accept another command + // that will modify NV. + // This should make a call to the platform code that is doing rate + // limiting of NV. Rate limiting is not implemented in the reference + // code so no call is made. + *value = 0; + break; + case TPM_PT_AUDIT_COUNTER_0: + // high-order 32 bits of the command audit counter + *value = (UINT32)(gp.auditCounter >> 32); + break; + case TPM_PT_AUDIT_COUNTER_1: + // low-order 32 bits of the command audit counter + *value = (UINT32)(gp.auditCounter); + break; + default: + // property is not defined + return FALSE; + break; + } + return TRUE; +} + +//*** TPMCapGetProperties() +// This function is used to get the TPM_PT values. The search of properties will +// start at 'property' and continue until 'propertyList' has as many values as +// will fit, or the last property has been reported, or the list has as many +// values as requested in 'count'. +// Return Type: TPMI_YES_NO +// YES more properties are available +// NO no more properties to be reported +TPMI_YES_NO +TPMCapGetProperties( + TPM_PT property, // IN: the starting TPM property + UINT32 count, // IN: maximum number of returned + // properties + TPML_TAGGED_TPM_PROPERTY *propertyList // OUT: property list + ) +{ + TPMI_YES_NO more = NO; + UINT32 i; + UINT32 nextGroup; + + // initialize output property list + propertyList->count = 0; + + // maximum count of properties we may return is MAX_PCR_PROPERTIES + if(count > MAX_TPM_PROPERTIES) count = MAX_TPM_PROPERTIES; + + // if property is less than PT_FIXED, start from PT_FIXED + if(property < PT_FIXED) + property = PT_FIXED; + // There is only the fixed and variable groups with the variable group coming + // last + if(property >= (PT_VAR + PT_GROUP)) + return more; + + // Don't read past the end of the selected group + nextGroup = ((property / PT_GROUP) * PT_GROUP) + PT_GROUP; + + // Scan through the TPM properties of the requested group. + for(i = property; i < nextGroup; i++) + { + UINT32 value; + // if we have hit the end of the group, quit + if(i != property && ((i % PT_GROUP) == 0)) + break; + if(TPMPropertyIsDefined((TPM_PT)i, &value)) + { + if(propertyList->count < count) + { + // If the list is not full, add this property + propertyList->tpmProperty[propertyList->count].property = + (TPM_PT)i; + propertyList->tpmProperty[propertyList->count].value = value; + propertyList->count++; + } + else + { + // If the return list is full but there are more properties + // available, set the indication and exit the loop. + more = YES; + break; + } + } + } + return more; +} \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Response.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Response.c new file mode 100644 index 000000000..273182eb1 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Response.c @@ -0,0 +1,81 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +//** Description +// This file contains the common code for building a response header, including +// setting the size of the structure. 'command' may be NULL if result is +// not TPM_RC_SUCCESS. + +//** Includes and Defines +#include "Tpm.h" + +//** BuildResponseHeader() +// Adds the response header to the response. It will update command->parameterSize +// to indicate the total size of the response. +void +BuildResponseHeader( + COMMAND *command, // IN: main control structure + BYTE *buffer, // OUT: the output buffer + TPM_RC result // IN: the response code + ) +{ + TPM_ST tag; + UINT32 size; + + if(result != TPM_RC_SUCCESS) + { + tag = TPM_ST_NO_SESSIONS; + size = 10; + } + else + { + tag = command->tag; + // Compute the overall size of the response + size = STD_RESPONSE_HEADER + command->handleNum * sizeof(TPM_HANDLE); + size += command->parameterSize; + size += (command->tag == TPM_ST_SESSIONS) ? + command->authSize + sizeof(UINT32) : 0; + } + TPM_ST_Marshal(&tag, &buffer, NULL); + UINT32_Marshal(&size, &buffer, NULL); + TPM_RC_Marshal(&result, &buffer, NULL); + if(result == TPM_RC_SUCCESS) + { + if(command->handleNum > 0) + TPM_HANDLE_Marshal(&command->handles[0], &buffer, NULL); + if(tag == TPM_ST_SESSIONS) + UINT32_Marshal((UINT32 *)&command->parameterSize, &buffer, NULL); + } + command->parameterSize = size; +} \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/ResponseCodeProcessing.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/ResponseCodeProcessing.c new file mode 100644 index 000000000..24ff447a7 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/ResponseCodeProcessing.c @@ -0,0 +1,57 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +//** Description +// This file contains the miscellaneous functions for processing response codes. +// NOTE: Currently, there is only one. + +//** Includes and Defines +#include "Tpm.h" + +//** RcSafeAddToResult() +// Adds a modifier to a response code as long as the response code allows a modifier +// and no modifier has already been added. +TPM_RC +RcSafeAddToResult( + TPM_RC responseCode, + TPM_RC modifier + ) +{ + if((responseCode & RC_FMT1) && !(responseCode & 0xf40)) + return responseCode + modifier; + else + return responseCode; +} + + diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/TpmFail.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/TpmFail.c new file mode 100644 index 000000000..b4463d3d0 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/TpmFail.c @@ -0,0 +1,454 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +//** Includes, Defines, and Types +#define TPM_FAIL_C +#include "Tpm.h" +#include + +// On MS C compiler, can save the alignment state and set the alignment to 1 for +// the duration of the TpmTypes.h include. This will avoid a lot of alignment +// warnings from the compiler for the unaligned structures. The alignment of the +// structures is not important as this function does not use any of the structures +// in TpmTypes.h and only include it for the #defines of the capabilities, +// properties, and command code values. +#include "TpmTypes.h" + +//** Typedefs +// These defines are used primarily for sizing of the local response buffer. +typedef struct +{ + TPM_ST tag; + UINT32 size; + TPM_RC code; +} HEADER; + +typedef struct +{ + BYTE tag[sizeof(TPM_ST)]; + BYTE size[sizeof(UINT32)]; + BYTE code[sizeof(TPM_RC)]; +} PACKED_HEADER; + +typedef struct +{ + BYTE size[sizeof(UINT16)]; + struct + { + BYTE function[sizeof(UINT32)]; + BYTE line[sizeof(UINT32)]; + BYTE code[sizeof(UINT32)]; + } values; + BYTE returnCode[sizeof(TPM_RC)]; +} GET_TEST_RESULT_PARAMETERS; + +typedef struct +{ + BYTE moreData[sizeof(TPMI_YES_NO)]; + BYTE capability[sizeof(TPM_CAP)]; // Always TPM_CAP_TPM_PROPERTIES + BYTE tpmProperty[sizeof(TPML_TAGGED_TPM_PROPERTY)]; +} GET_CAPABILITY_PARAMETERS; + +typedef struct +{ + BYTE header[sizeof(PACKED_HEADER)]; + BYTE getTestResult[sizeof(GET_TEST_RESULT_PARAMETERS)]; +} TEST_RESPONSE; + +typedef struct +{ + BYTE header[sizeof(PACKED_HEADER)]; + BYTE getCap[sizeof(GET_CAPABILITY_PARAMETERS)]; +} CAPABILITY_RESPONSE; + +typedef union +{ + BYTE test[sizeof(TEST_RESPONSE)]; + BYTE cap[sizeof(CAPABILITY_RESPONSE)]; +} RESPONSES; + +// Buffer to hold the responses. This may be a little larger than +// required due to padding that a compiler might add. +// Note: This is not in Global.c because of the specialized data definitions above. +// Since the data contained in this structure is not relevant outside of the +// execution of a single command (when the TPM is in failure mode. There is no +// compelling reason to move all the typedefs to Global.h and this structure +// to Global.c. +#ifndef __IGNORE_STATE__ // Don't define this value +static BYTE response[sizeof(RESPONSES)]; +#endif + +//** Local Functions + +//*** MarshalUint16() +// Function to marshal a 16 bit value to the output buffer. +static INT32 +MarshalUint16( + UINT16 integer, + BYTE **buffer + ) +{ + UINT16_TO_BYTE_ARRAY(integer, *buffer); + *buffer += 2; + return 2; +} + +//*** MarshalUint32() +// Function to marshal a 32 bit value to the output buffer. +static INT32 +MarshalUint32( + UINT32 integer, + BYTE **buffer + ) +{ + UINT32_TO_BYTE_ARRAY(integer, *buffer); + *buffer += 4; + return 4; +} + +//***Unmarshal32() +static BOOL Unmarshal32( + UINT32 *target, + BYTE **buffer, + INT32 *size + ) +{ + if((*size -= 4) < 0) + return FALSE; + *target = BYTE_ARRAY_TO_UINT32(*buffer); + *buffer += 4; + return TRUE; +} + +//***Unmarshal16() +static BOOL Unmarshal16( + UINT16 *target, + BYTE **buffer, + INT32 *size +) +{ + if((*size -= 2) < 0) + return FALSE; + *target = BYTE_ARRAY_TO_UINT16(*buffer); + *buffer += 2; + return TRUE; +} + +//** Public Functions + +//*** SetForceFailureMode() +// This function is called by the simulator to enable failure mode testing. +#if SIMULATION +LIB_EXPORT void +SetForceFailureMode( + void + ) +{ + g_forceFailureMode = TRUE; + return; +} +#endif + +//*** TpmLogFailure() +// This function saves the failure values when the code will continue to operate. It +// if similar to TpmFail() but returns to the caller. The assumption is that the +// caller will propagate a failure back up the stack. +void +TpmLogFailure( +#if FAIL_TRACE + const char *function, + int line, +#endif + int code +) +{ + // Save the values that indicate where the error occurred. + // On a 64-bit machine, this may truncate the address of the string + // of the function name where the error occurred. +#if FAIL_TRACE + s_failFunction = (UINT32)(ptrdiff_t)function; + s_failLine = line; +#else + s_failFunction = 0; + s_failLine = 0; +#endif + s_failCode = code; + + // We are in failure mode + g_inFailureMode = TRUE; + + return; +} + +//*** TpmFail() +// This function is called by TPM.lib when a failure occurs. It will set up the +// failure values to be returned on TPM2_GetTestResult(). +NORETURN void +TpmFail( +#if FAIL_TRACE + const char *function, + int line, +#endif + int code + ) +{ + // Save the values that indicate where the error occurred. + // On a 64-bit machine, this may truncate the address of the string + // of the function name where the error occurred. +#if FAIL_TRACE + s_failFunction = (UINT32)(ptrdiff_t)function; + s_failLine = line; +#else + s_failFunction = (UINT32)(ptrdiff_t)NULL; + s_failLine = 0; +#endif + s_failCode = code; + + // We are in failure mode + g_inFailureMode = TRUE; + + // if asserts are enabled, then do an assert unless the failure mode code + // is being tested. +#if SIMULATION +# ifndef NDEBUG + assert(g_forceFailureMode); +# endif + // Clear this flag + g_forceFailureMode = FALSE; +#endif + // Jump to the failure mode code. + // Note: only get here if asserts are off or if we are testing failure mode + _plat__Fail(); +} + +//*** TpmFailureMode( +// This function is called by the interface code when the platform is in failure +// mode. +void +TpmFailureMode( + unsigned int inRequestSize, // IN: command buffer size + unsigned char *inRequest, // IN: command buffer + unsigned int *outResponseSize, // OUT: response buffer size + unsigned char **outResponse // OUT: response buffer + ) +{ + UINT32 marshalSize; + UINT32 capability; + HEADER header; // unmarshaled command header + UINT32 pt; // unmarshaled property type + UINT32 count; // unmarshaled property count + UINT8 *buffer = inRequest; + INT32 size = inRequestSize; + + // If there is no command buffer, then just return TPM_RC_FAILURE + if(inRequestSize == 0 || inRequest == NULL) + goto FailureModeReturn; + // If the header is not correct for TPM2_GetCapability() or + // TPM2_GetTestResult() then just return the in failure mode response; + if(! (Unmarshal16(&header.tag, &buffer, &size) + && Unmarshal32(&header.size, &buffer, &size) + && Unmarshal32(&header.code, &buffer, &size))) + goto FailureModeReturn; + if(header.tag != TPM_ST_NO_SESSIONS + || header.size < 10) + goto FailureModeReturn; + switch(header.code) + { + case TPM_CC_GetTestResult: + // make sure that the command size is correct + if(header.size != 10) + goto FailureModeReturn; + buffer = &response[10]; + marshalSize = MarshalUint16(3 * sizeof(UINT32), &buffer); + marshalSize += MarshalUint32(s_failFunction, &buffer); + marshalSize += MarshalUint32(s_failLine, &buffer); + marshalSize += MarshalUint32(s_failCode, &buffer); + if(s_failCode == FATAL_ERROR_NV_UNRECOVERABLE) + marshalSize += MarshalUint32(TPM_RC_NV_UNINITIALIZED, &buffer); + else + marshalSize += MarshalUint32(TPM_RC_FAILURE, &buffer); + break; + case TPM_CC_GetCapability: + // make sure that the size of the command is exactly the size + // returned for the capability, property, and count + if(header.size != (10 + (3 * sizeof(UINT32))) + // also verify that this is requesting TPM properties + || !Unmarshal32(&capability, &buffer, &size) + || capability != TPM_CAP_TPM_PROPERTIES + || !Unmarshal32(&pt, &buffer, &size) + || !Unmarshal32(&count, &buffer, &size)) + goto FailureModeReturn; + // If in failure mode because of an unrecoverable read error, and the + // property is 0 and the count is 0, then this is an indication to + // re-manufacture the TPM. Do the re-manufacture but stay in failure + // mode until the TPM is reset. + // Note: this behavior is not required by the specification and it is + // OK to leave the TPM permanently bricked due to an unrecoverable NV + // error. + if(count == 0 && pt == 0 && s_failCode == FATAL_ERROR_NV_UNRECOVERABLE) + { + g_manufactured = FALSE; + TPM_Manufacture(0); + } + if(count > 0) + count = 1; + else if(pt > TPM_PT_FIRMWARE_VERSION_2) + count = 0; + if(pt < TPM_PT_MANUFACTURER) + pt = TPM_PT_MANUFACTURER; + // set up for return + buffer = &response[10]; + // if the request was for a PT less than the last one + // then we indicate more, otherwise, not. + if(pt < TPM_PT_FIRMWARE_VERSION_2) + *buffer++ = YES; + else + *buffer++ = NO; + marshalSize = 1; + + // indicate the capability type + marshalSize += MarshalUint32(capability, &buffer); + // indicate the number of values that are being returned (0 or 1) + marshalSize += MarshalUint32(count, &buffer); + // indicate the property + marshalSize += MarshalUint32(pt, &buffer); + + if(count > 0) + switch(pt) + { + case TPM_PT_MANUFACTURER: + // the vendor ID unique to each TPM manufacturer +#ifdef MANUFACTURER + pt = *(UINT32*)MANUFACTURER; +#else + pt = 0; +#endif + break; + case TPM_PT_VENDOR_STRING_1: + // the first four characters of the vendor ID string +#ifdef VENDOR_STRING_1 + pt = *(UINT32*)VENDOR_STRING_1; +#else + pt = 0; +#endif + break; + case TPM_PT_VENDOR_STRING_2: + // the second four characters of the vendor ID string +#ifdef VENDOR_STRING_2 + pt = *(UINT32*)VENDOR_STRING_2; +#else + pt = 0; +#endif + break; + case TPM_PT_VENDOR_STRING_3: + // the third four characters of the vendor ID string +#ifdef VENDOR_STRING_3 + pt = *(UINT32*)VENDOR_STRING_3; +#else + pt = 0; +#endif + break; + case TPM_PT_VENDOR_STRING_4: + // the fourth four characters of the vendor ID string +#ifdef VENDOR_STRING_4 + pt = *(UINT32*)VENDOR_STRING_4; +#else + pt = 0; +#endif + break; + case TPM_PT_VENDOR_TPM_TYPE: + // vendor-defined value indicating the TPM model + // We just make up a number here + pt = 1; + break; + case TPM_PT_FIRMWARE_VERSION_1: + // the more significant 32-bits of a vendor-specific value + // indicating the version of the firmware +#ifdef FIRMWARE_V1 + pt = FIRMWARE_V1; +#else + pt = 0; +#endif + break; + default: // TPM_PT_FIRMWARE_VERSION_2: + // the less significant 32-bits of a vendor-specific value + // indicating the version of the firmware +#ifdef FIRMWARE_V2 + pt = FIRMWARE_V2; +#else + pt = 0; +#endif + break; + } + marshalSize += MarshalUint32(pt, &buffer); + break; + default: // default for switch (cc) + goto FailureModeReturn; + } + // Now do the header + buffer = response; + marshalSize = marshalSize + 10; // Add the header size to the + // stuff already marshaled + MarshalUint16(TPM_ST_NO_SESSIONS, &buffer); // structure tag + MarshalUint32(marshalSize, &buffer); // responseSize + MarshalUint32(TPM_RC_SUCCESS, &buffer); // response code + + *outResponseSize = marshalSize; + *outResponse = (unsigned char *)&response; + return; +FailureModeReturn: + buffer = response; + marshalSize = MarshalUint16(TPM_ST_NO_SESSIONS, &buffer); + marshalSize += MarshalUint32(10, &buffer); + marshalSize += MarshalUint32(TPM_RC_FAILURE, &buffer); + *outResponseSize = marshalSize; + *outResponse = (unsigned char *)response; + return; +} + +//*** UnmarshalFail() +// This is a stub that is used to catch an attempt to unmarshal an entry +// that is not defined. Don't ever expect this to be called but... +void +UnmarshalFail( + void *type, + BYTE **buffer, + INT32 *size + ) +{ + NOT_REFERENCED(type); + NOT_REFERENCED(buffer); + NOT_REFERENCED(size); + FAIL(FATAL_ERROR_INTERNAL); +} \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/TpmSizeChecks.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/TpmSizeChecks.c new file mode 100644 index 000000000..e8a0e76a4 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/TpmSizeChecks.c @@ -0,0 +1,171 @@ +/* Microsoft Reference Implementation for TPM 2.0 + * + * The copyright in this software is being made available under the BSD License, + * included below. This software may be subject to other third party and + * contributor rights, including patent rights, and no such rights are granted + * under this license. + * + * Copyright (c) Microsoft Corporation + * + * All rights reserved. + * + * BSD License + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this list + * of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +//** Includes, Defines, and Types +#include "Tpm.h" +#include + +#if RUNTIME_SIZE_CHECKS + +static int once = 0; + +//** TpmSizeChecks() +// This function is used during the development process to make sure that the +// vendor-specific values result in a consistent implementation. When possible, +// the code contains #if to do compile-time checks. However, in some cases, the +// values require the use of "sizeof()" and that can't be used in an #if. +void +TpmSizeChecks( + void + ) +{ +#if DEBUG + if(once++ != 0) return; + { + BOOL PASS = TRUE; + UINT32 maxAsymSecurityStrength = MAX_ASYM_SECURITY_STRENGTH; + UINT32 maxHashSecurityStrength = MAX_HASH_SECURITY_STRENGTH; + UINT32 maxSymSecurityStrength = MAX_SYM_SECURITY_STRENGTH; + UINT32 maxSecurityStrengthBits = MAX_SECURITY_STRENGTH_BITS; + UINT32 proofSize = PROOF_SIZE; + UINT32 compliantProofSize = COMPLIANT_PROOF_SIZE; + UINT32 compliantPrimarySeedSize = COMPLIANT_PRIMARY_SEED_SIZE; + UINT32 primarySeedSize = PRIMARY_SEED_SIZE; + + UINT32 cmacState = sizeof(tpmCmacState_t); + UINT32 hashState = sizeof(HASH_STATE); + UINT32 keyScheduleSize = sizeof(tpmCryptKeySchedule_t); + // + NOT_REFERENCED(cmacState); + NOT_REFERENCED(hashState); + NOT_REFERENCED(keyScheduleSize); + NOT_REFERENCED(maxAsymSecurityStrength); + NOT_REFERENCED(maxHashSecurityStrength); + NOT_REFERENCED(maxSymSecurityStrength); + NOT_REFERENCED(maxSecurityStrengthBits); + NOT_REFERENCED(proofSize); + NOT_REFERENCED(compliantProofSize); + NOT_REFERENCED(compliantPrimarySeedSize); + NOT_REFERENCED(primarySeedSize); + + + { + TPMT_SENSITIVE *p; + // This assignment keeps compiler from complaining about a conditional + // comparison being between two constants + UINT16 max_rsa_key_bytes = MAX_RSA_KEY_BYTES; + if((max_rsa_key_bytes / 2) != (sizeof(p->sensitive.rsa.t.buffer) / 5)) + { + printf("Sensitive part of TPMT_SENSITIVE is undersized. May be caused by" + "use of wrong version of Part 2.\n"); + PASS = FALSE; + } + } + +#if 0 + printf("Size of OBJECT = %d\n", sizeof(OBJECT)); + printf("Size of components in TPMT_SENSITIVE = %d\n", sizeof(TPMT_SENSITIVE)); + printf(" TPMI_ALG_PUBLIC %d\n", sizeof(TPMI_ALG_PUBLIC)); + printf(" TPM2B_AUTH %d\n", sizeof(TPM2B_AUTH)); + printf(" TPM2B_DIGEST %d\n", sizeof(TPM2B_DIGEST)); + printf(" TPMU_SENSITIVE_COMPOSITE %d\n", + sizeof(TPMU_SENSITIVE_COMPOSITE)); +#endif + // Make sure that the size of the context blob is large enough for the largest + // context + // TPMS_CONTEXT_DATA contains two TPM2B values. That is not how this is + // implemented. Rather, the size field of the TPM2B_CONTEXT_DATA is used to + // determine the amount of data in the encrypted data. That part is not + // independently sized. This makes the actual size 2 bytes smaller than + // calculated using Part 2. Since this is opaque to the caller, it is not + // necessary to fix. The actual size is returned by TPM2_GetCapabilties(). + + // Initialize output handle. At the end of command action, the output + // handle of an object will be replaced, while the output handle + // for a session will be the same as input + + // Get the size of fingerprint in context blob. The sequence value in + // TPMS_CONTEXT structure is used as the fingerprint + { + UINT32 fingerprintSize = sizeof(UINT64); + UINT32 integritySize = sizeof(UINT16) + + CryptHashGetDigestSize(CONTEXT_INTEGRITY_HASH_ALG); + UINT32 biggestObject = MAX(MAX(sizeof(HASH_OBJECT), sizeof(OBJECT)), + sizeof(SESSION)); + UINT32 biggestContext = fingerprintSize + integritySize + biggestObject; + + // round required size up to nearest 8 byte boundary. + biggestContext = 8 * ((biggestContext + 7) / 8); + + if(MAX_CONTEXT_SIZE != biggestContext) + { + printf("MAX_CONTEXT_SIZE should be changed to %d (%d)\n", biggestContext, MAX_CONTEXT_SIZE); + PASS = FALSE; + } + } + { + union u + { + TPMA_OBJECT attributes; + UINT32 uint32Value; + } u; + // these are defined so that compiler doesn't complain about conditional + // expressions comparing two constants. + int aSize = sizeof(u.attributes); + int uSize = sizeof(u.uint32Value); + u.uint32Value = 0; + SET_ATTRIBUTE(u.attributes, TPMA_OBJECT, Reserved_bit_at_0); + if(u.uint32Value != 1) + { + printf("The bit allocation in a TPMA_OBJECT is not as expected"); + PASS = FALSE; + } + if(aSize != uSize) // comparison of two sizeof() values annoys compiler + { + printf("A TPMA_OBJECT is not the expected size."); + PASS = FALSE; + } + } + + // Make sure that the size of the Capability buffer can hold the largest + // TPML_PCR_SELECTION. The list length is nominally set by the number of hash + // algorithms implemented on the TPM. A requirement of this implementation is + // that a list of all allowed TPMS_PCR_SELECTIONS fits in MAX_CAP_DATA. + // TBD + pAssert(PASS); + } +#endif // DEBUG +} + +#endif // RUNTIME_SIZE_CHECKS \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/simulator_test.go b/vendor/github.com/google/go-tpm-tools/simulator/simulator_test.go new file mode 100644 index 000000000..b1a03fee8 --- /dev/null +++ b/vendor/github.com/google/go-tpm-tools/simulator/simulator_test.go @@ -0,0 +1,119 @@ +/* + * Copyright 2018 Google Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may not + * use this file except in compliance with the License. You may obtain a copy of + * the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations under + * the License. + */ + +package simulator + +import ( + "crypto/rsa" + "io" + "math/big" + "testing" + + "github.com/google/go-tpm-tools/client" + "github.com/google/go-tpm/tpm2" +) + +func getSimulator(t *testing.T) *Simulator { + t.Helper() + simulator, err := Get() + if err != nil { + t.Fatal(err) + } + return simulator +} + +func getEKModulus(t *testing.T, rwc io.ReadWriteCloser) *big.Int { + t.Helper() + ek, err := client.EndorsementKeyRSA(rwc) + if err != nil { + t.Fatal(err) + } + defer ek.Close() + + return ek.PublicKey().(*rsa.PublicKey).N +} + +func TestResetDoesntChangeEK(t *testing.T) { + s := getSimulator(t) + defer client.CheckedClose(t, s) + + modulus1 := getEKModulus(t, s) + if err := s.Reset(); err != nil { + t.Fatal(err) + } + modulus2 := getEKModulus(t, s) + + if modulus1.Cmp(modulus2) != 0 { + t.Fatal("Reset() should not change the EK") + } +} +func TestManufactureResetChangesEK(t *testing.T) { + s := getSimulator(t) + defer client.CheckedClose(t, s) + + modulus1 := getEKModulus(t, s) + if err := s.ManufactureReset(); err != nil { + t.Fatal(err) + } + modulus2 := getEKModulus(t, s) + + if modulus1.Cmp(modulus2) == 0 { + t.Fatal("ManufactureReset() should change the EK") + } +} + +func TestGetRandom(t *testing.T) { + s := getSimulator(t) + defer client.CheckedClose(t, s) + result, err := tpm2.GetRandom(s, 10) + if err != nil { + t.Fatalf("GetRandom: %v", err) + } + t.Log(result) +} + +// The default EK modulus returned by the simulator when using a seed of 0. +func zeroSeedModulus() *big.Int { + mod := new(big.Int) + mod.SetString("16916951631746795233120676661491589156159944041454533323301360736206690950055927665898258850365255777475324525235640153431219834851979041935421083247812345676551677241639541392158486693550125570954276972465867114995062336740464652481116557477039581976647612151813804384773839359390083864432536639577227083497558006614244043011423717921293964465162166865351126036685960128739613171620392174911624095420039156957292384191548425395162459332733115699189854006301807847331248289929021522087915411000598437989788501679617747304391662751900488011803826205901900186771991702576478232121332699862815915856148442279432061762451", 10) + return mod +} + +func TestFixedSeedExpectedModulus(t *testing.T) { + s, err := GetWithFixedSeedInsecure(0) + if err != nil { + t.Fatal(err) + } + defer client.CheckedClose(t, s) + + modulus := getEKModulus(t, s) + if modulus.Cmp(zeroSeedModulus()) != 0 { + t.Fatalf("getEKModulus() = %v, want %v", modulus, zeroSeedModulus()) + } +} + +func TestDifferentSeedDifferentModulus(t *testing.T) { + s, err := GetWithFixedSeedInsecure(1) + if err != nil { + t.Fatal(err) + } + defer client.CheckedClose(t, s) + + modulus := getEKModulus(t, s) + if modulus.Cmp(zeroSeedModulus()) == 0 { + t.Fatalf("Moduli should not be equal when using different seeds") + } +} From 06640304fb6977a29521cf6286f67203b64bf986 Mon Sep 17 00:00:00 2001 From: David Cassany Date: Fri, 7 Jul 2023 09:48:01 +0200 Subject: [PATCH 7/9] Make explicit elemental-operator image is under l3 support Signed-off-by: David Cassany --- .obs/dockerfile/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.obs/dockerfile/Dockerfile b/.obs/dockerfile/Dockerfile index 057876f39..79681cdc9 100644 --- a/.obs/dockerfile/Dockerfile +++ b/.obs/dockerfile/Dockerfile @@ -24,7 +24,7 @@ LABEL org.opencontainers.image.created="%BUILDTIME%" LABEL org.opencontainers.image.vendor="SUSE LLC" LABEL org.opensuse.reference="%%IMG_REPO%%/rancher/elemental-operator/5.3" LABEL org.openbuildservice.disturl="%DISTURL%" -LABEL com.suse.supportlevel="techpreview" +LABEL com.suse.supportlevel="l3" # endlabelprefix USER 10010:10010 From bd16383e3a3a93e0b26e3f8b63c2adce84213a4d Mon Sep 17 00:00:00 2001 From: David Cassany Date: Mon, 10 Jul 2023 17:58:31 +0200 Subject: [PATCH 8/9] Fix elemental managed label value to match backup operator expectations Signed-off-by: David Cassany --- controllers/machineinventory_controller.go | 2 +- controllers/machineregistration_controller.go | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/controllers/machineinventory_controller.go b/controllers/machineinventory_controller.go index 8473f8c84..9d16053bd 100644 --- a/controllers/machineinventory_controller.go +++ b/controllers/machineinventory_controller.go @@ -174,7 +174,7 @@ func (r *MachineInventoryReconciler) createPlanSecret(ctx context.Context, mInve }, }, Labels: map[string]string{ - elementalv1.ElementalManagedLabel: "", + elementalv1.ElementalManagedLabel: "true", }, }, Type: elementalv1.PlanSecretType, diff --git a/controllers/machineregistration_controller.go b/controllers/machineregistration_controller.go index c553d32af..70c54f976 100644 --- a/controllers/machineregistration_controller.go +++ b/controllers/machineregistration_controller.go @@ -213,7 +213,7 @@ func (r *MachineRegistrationReconciler) createRBACObjects(ctx context.Context, m Namespace: mRegistration.Namespace, OwnerReferences: ownerReferences, Labels: map[string]string{ - elementalv1.ElementalManagedLabel: "", + elementalv1.ElementalManagedLabel: "true", }, }, Rules: []rbacv1.PolicyRule{{ @@ -237,7 +237,7 @@ func (r *MachineRegistrationReconciler) createRBACObjects(ctx context.Context, m Namespace: mRegistration.Namespace, OwnerReferences: ownerReferences, Labels: map[string]string{ - elementalv1.ElementalManagedLabel: "", + elementalv1.ElementalManagedLabel: "true", }, }, Secrets: []corev1.ObjectReference{ @@ -259,7 +259,7 @@ func (r *MachineRegistrationReconciler) createRBACObjects(ctx context.Context, m "kubernetes.io/service-account.name": mRegistration.Name, }, Labels: map[string]string{ - elementalv1.ElementalManagedLabel: "", + elementalv1.ElementalManagedLabel: "true", }, }, Type: corev1.SecretTypeServiceAccountToken, @@ -274,7 +274,7 @@ func (r *MachineRegistrationReconciler) createRBACObjects(ctx context.Context, m Name: mRegistration.Name, OwnerReferences: ownerReferences, Labels: map[string]string{ - elementalv1.ElementalManagedLabel: "", + elementalv1.ElementalManagedLabel: "true", }, }, Subjects: []rbacv1.Subject{{ From 454b97c2cf8677c3a62a34cb1751045e549c87d0 Mon Sep 17 00:00:00 2001 From: David Cassany Date: Tue, 11 Jul 2023 11:49:14 +0200 Subject: [PATCH 9/9] Do not make use of ServiceAccount.Secrets list This commit stops using the ServiceAccount.Secrets list, as noted my k8s this should not be used to find SA's associated secrets and this is no longer being automatically managed by k8s since v1.24. Signed-off-by: David Cassany --- api/v1beta1/common_consts.go | 3 +++ controllers/machineregistration_controller.go | 7 +------ pkg/server/api_registration.go | 6 +----- pkg/server/api_registration_test.go | 8 +------- 4 files changed, 6 insertions(+), 18 deletions(-) diff --git a/api/v1beta1/common_consts.go b/api/v1beta1/common_consts.go index fd27c75de..86d7e6159 100644 --- a/api/v1beta1/common_consts.go +++ b/api/v1beta1/common_consts.go @@ -19,4 +19,7 @@ package v1beta1 const ( // ElementalManagedLabel label used to put on resources managed by the elemental operator. ElementalManagedLabel = "elemental.cattle.io/managed" + + // SASecretSuffix is the suffix used to name registration service account's token secret + SASecretSuffix = "-token" ) diff --git a/controllers/machineregistration_controller.go b/controllers/machineregistration_controller.go index 70c54f976..ac4383e83 100644 --- a/controllers/machineregistration_controller.go +++ b/controllers/machineregistration_controller.go @@ -240,11 +240,6 @@ func (r *MachineRegistrationReconciler) createRBACObjects(ctx context.Context, m elementalv1.ElementalManagedLabel: "true", }, }, - Secrets: []corev1.ObjectReference{ - { - Name: mRegistration.Name + "-token", - }, - }, }); err != nil && !apierrors.IsAlreadyExists(err) { return fmt.Errorf("failed to create service account: %w", err) } @@ -252,7 +247,7 @@ func (r *MachineRegistrationReconciler) createRBACObjects(ctx context.Context, m logger.Info("Creating token secret for the service account") if err := r.Create(ctx, &corev1.Secret{ ObjectMeta: metav1.ObjectMeta{ - Name: mRegistration.Name + "-token", + Name: mRegistration.Name + elementalv1.SASecretSuffix, Namespace: mRegistration.Namespace, OwnerReferences: ownerReferences, Annotations: map[string]string{ diff --git a/pkg/server/api_registration.go b/pkg/server/api_registration.go index e85abd778..aae80d18f 100644 --- a/pkg/server/api_registration.go +++ b/pkg/server/api_registration.go @@ -137,13 +137,9 @@ func (i *InventoryServer) writeMachineInventoryCloudConfig(conn *websocket.Conn, return fmt.Errorf("failed to get service account: %w", err) } - if len(sa.Secrets) == 0 { - return fmt.Errorf("no secrets associated to the %s/%s service account", sa.Namespace, sa.Name) - } - secret := &corev1.Secret{} err := i.Get(i, types.NamespacedName{ - Name: sa.Secrets[0].Name, + Name: sa.Name + elementalv1.SASecretSuffix, Namespace: sa.Namespace, }, secret) diff --git a/pkg/server/api_registration_test.go b/pkg/server/api_registration_test.go index b209006ef..b7b098239 100644 --- a/pkg/server/api_registration_test.go +++ b/pkg/server/api_registration_test.go @@ -787,7 +787,7 @@ func createDefaultResources(t *testing.T, server *InventoryServer) { t.Helper() server.Client.Create(context.Background(), &v1.Secret{ ObjectMeta: metav1.ObjectMeta{ - Name: "test-secret", + Name: "test-account-token", }, Type: v1.SecretTypeServiceAccountToken, @@ -797,12 +797,6 @@ func createDefaultResources(t *testing.T, server *InventoryServer) { ObjectMeta: metav1.ObjectMeta{ Name: "test-account", }, - - Secrets: []v1.ObjectReference{ - { - Name: "test-secret", - }, - }, }) server.Client.Create(context.Background(), &managementv3.Setting{